Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,489
Maven
5,000+
npm
5,000+
NuGet
892
pip
4,745
Pub
13
RubyGems
1,033
Rust
1,228
Swift
53
Unreviewed advisories
All unreviewed
5,000+

117 advisories

Loading
IBM Operational Decision Manager 8.11.0.1, 8.11.1.0, 8.12.0.1, 9.0.0.1, and 9.5.0 could allow a... High Unreviewed
CVE-2025-2824 was published Aug 1, 2025
The AI Engine plugin for WordPress is vulnerable to open redirect in version 2.8.4. This is due... High Unreviewed
CVE-2025-6238 was published Jul 4, 2025
ZITADEL Allows Account Takeover via Malicious X-Forwarded-Proto Header Injection High
CVE-2025-48936 was published for github.com/zitadel/zitadel (Go) May 28, 2025
amit-laish Credited to amit-laish, livio-a, and eliobischof livio-a livio-a
eliobischof eliobischof
The issue was addressed with improved input validation. This issue is fixed in Safari 18.4,... High Unreviewed
CVE-2025-24180 was published Apr 1, 2025
Dell Unity, version(s) 5.4 and prior, contain(s) an URL Redirection to Untrusted Site ('Open... High Unreviewed
CVE-2025-24381 was published Mar 28, 2025
In Zucchetti Ad Hoc Infinity 2.4, an improper check on the m_cURL parameter allows an attacker to... High Unreviewed
CVE-2024-51321 was published Mar 11, 2025
Better Auth allows bypassing the trustedOrigins Protection which leads to ATO High
GHSA-vp58-j275-797x was published for better-auth (npm) Feb 24, 2025
castilho101 Credited to castilho101
The WPMobile.App plugin for WordPress is vulnerable to Open Redirect in all versions up to, and... High Unreviewed
CVE-2024-13888 was published Feb 20, 2025
Authentication bypass in @sap/approuter High
CVE-2025-24876 was published for @sap/approuter (npm) Feb 11, 2025
rosenblueh Credited to rosenblueh
The User Account and Authentication service (UAA) for SAP HANA extended application services,... High Unreviewed
CVE-2025-24868 was published Feb 11, 2025
The login page of Venki Supravizio BPM up to 18.1.1 is vulnerable to open redirect leading to... High Unreviewed
CVE-2024-46481 was published Jan 13, 2025
Better Auth has an Open Redirect Vulnerability in Verify Email Endpoint High
CVE-2024-56734 was published for better-auth (npm) Dec 30, 2024
jamesjulich Credited to jamesjulich
An issue was discovered in GitLab CE/EE affecting all versions starting from 16.1 prior to 17.4.6... High Unreviewed
CVE-2024-11274 was published Dec 12, 2024
HAPI FHIR XML External Entity (XXE) vulnerability High
CVE-2024-51132 was published for ca.uhn.hapi.fhir:org.hl7.fhir.convertors (Maven) Nov 5, 2024
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Microchip TimeProvider 4100... High Unreviewed
CVE-2024-43683 was published Oct 4, 2024
ModStartCMS v8.8.0 was discovered to contain an open redirect vulnerability in the redirect... High Unreviewed
CVE-2024-46331 was published Sep 27, 2024
A host header injection vulnerability in BookReviewLibrary 1.0 allows attackers to obtain the... High Unreviewed
CVE-2024-45981 was published Sep 26, 2024
A host header injection vulnerability in Lines Police CAD 1.0 allows attackers to obtain the... High Unreviewed
CVE-2024-45979 was published Sep 26, 2024
Duplicate Advisory: Keycloak Open Redirect vulnerability High
GHSA-vvf8-2h68-9475 was published for org.keycloak:keycloak-services (Maven) Sep 19, 2024 withdrawn
The Share This Image plugin for WordPress is vulnerable to Open Redirect in all versions up to,... High Unreviewed
CVE-2024-8761 was published Sep 17, 2024
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Payara Platform Payara... High Unreviewed
CVE-2024-7312 was published Sep 11, 2024
An URL redirection to untrusted site (open redirect) vulnerability affecting 3DPassport in... High Unreviewed
CVE-2024-6379 was published Aug 20, 2024
A reflected Cross-site Scripting (XSS) vulnerability affecting 3DSwymer from Release 3DEXPERIENCE... High Unreviewed
CVE-2024-6377 was published Aug 20, 2024
Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability High Unreviewed
CVE-2024-38211 was published Aug 13, 2024
The Export WP Page to Static HTML/CSS plugin for WordPress is vulnerable to Open Redirect in all... High Unreviewed
CVE-2024-3597 was published Jun 20, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database