Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,426
Maven
5,000+
npm
5,000+
NuGet
882
pip
4,670
Pub
13
RubyGems
1,029
Rust
1,212
Swift
53
Unreviewed advisories
All unreviewed
5,000+

1,339 advisories

Loading
Due to an Open Redirect vulnerability in SAP Business Connector, an unauthenticated attacker... Moderate Unreviewed
CVE-2025-42893 was published Nov 11, 2025
A flaw was found in Red Hat Single Sign-On. This issue is an Open Redirect vulnerability that... Moderate Unreviewed
CVE-2025-12789 was published Nov 7, 2025
ZITADEL Vulnerable to Account Takeover via Malicious Forwarded Header Injection High
CVE-2025-64101 was published for github.com/zitadel/zitadel/v2 (Go) Oct 29, 2025
amit-laish Credited to amit-laish, livio-a, and IAM-marco livio-a livio-a
IAM-marco IAM-marco
Follow Redirects improperly handles URLs in the url.parse() function Moderate
CVE-2023-26159 was published for follow-redirects (npm) Jan 2, 2024
iainsproat Credited to iainsproat
Open redirect in Apache Shiro Moderate
CVE-2023-46750 was published for org.apache.shiro:shiro-web (Maven) Dec 14, 2023
Open redirect in Tornado Moderate
CVE-2023-28370 was published for tornado (pip) May 25, 2023
christian-ruiz Credited to christian-ruiz and bdarnell bdarnell bdarnell
Python 3.x through 3.10 has an open redirection vulnerability in lib/http/server.py due to no... High Unreviewed
CVE-2021-28861 was published Aug 24, 2022
Symfony vulnerable to open redirect via browser-sanitized URLs Low
CVE-2024-50345 was published for symfony/http-foundation (Composer) Nov 6, 2024
nicolas-grekas Credited to nicolas-grekas and zer0yu zer0yu zer0yu
Liferay Portal is vulnerable to DNS rebinding attacks Moderate
CVE-2025-62266 was published for com.liferay.portal:release.portal.bom (Maven) Oct 30, 2025
Byaidu PDFMathTranslate vulnerable to open redirect Low
CVE-2025-50736 was published for pdf2zh (pip) Oct 30, 2025
PrivateBin is missing HTML sanitization of attached filename in file size hint Moderate
CVE-2025-62796 was published for privatebin/privatebin (Composer) Oct 28, 2025
elrido Credited to elrido and rugk rugk rugk
Liferay Portal Vulnerable to Open Redirect via the _com_liferay_layout_admin_web_portlet_GroupPagesPortlet_redirect parameter Moderate
CVE-2025-62253 was published for com.liferay:com.liferay.layout.admin.web (Maven) Oct 27, 2025
Internet Starter, one of SoftCOM iKSORIS system modules, is vulnerable to Open Redirect attacks... Moderate Unreviewed
CVE-2024-49706 was published Apr 14, 2025
vLLM is vulnerable to Server-Side Request Forgery (SSRF) through `MediaConnector` class High
CVE-2025-6242 was published for vllm (pip) Oct 7, 2025
kexinoh Credited to kexinoh, d3do-23, lonelyuan, huachenheli, DarkLight1337, russellb, and sidhpurwala-huzaifa d3do-23 d3do-23
lonelyuan lonelyuan huachenheli huachenheli DarkLight1337 DarkLight1337 russellb russellb sidhpurwala-huzaifa sidhpurwala-huzaifa
Open redirection vulnerability in MOLGENIS EMX2 v11.14.0. This vulnerability allows an attacker... Moderate Unreviewed
CVE-2025-10355 was published Oct 23, 2025
Vulnerability in the Oracle Scripting product of Oracle E-Business Suite (component:... Moderate Unreviewed
CVE-2025-61753 was published Oct 21, 2025
Unspecified vulnerability in the Oracle Application Server Single Sign-On component in Oracle... Moderate Unreviewed
CVE-2012-0518 was published May 4, 2022
Insufficient validation of untrusted input in Intents in Google Chrome on Android prior to 95.0... Moderate Unreviewed
CVE-2021-38000 was published Nov 24, 2021
CVE-2025-54088 is an open-redirect vulnerability in Secure Access prior to version 14.10.... Moderate Unreviewed
CVE-2025-54088 was published Oct 2, 2025
reflex-dev/reflex has an Open Redirect vulnerability Low
CVE-2025-62379 was published for reflex (pip) Oct 15, 2025
im-soohyun Credited to im-soohyun
Adobe Connect versions 12.9 and earlier are affected by a URL Redirection to Untrusted Site (... Low Unreviewed
CVE-2025-54196 was published Oct 15, 2025
An URL Redirection to Untrusted Site vulnerabilities [CWE-601] in FortiOS 7.6.0 through 7.6.2, 7... Low Unreviewed
CVE-2025-47890 was published Oct 14, 2025
chi Allows Host Header Injection which Leads to Open Redirect in RedirectSlashes Moderate
GHSA-vrw8-fxc6-2r93 was published for github.com/go-chi/chi/v5 (Go) Jun 20, 2025
anuraagbaishya Credited to anuraagbaishya
The CM Registration – Tailored tool for seamless login and invitation-based registrations plugin... Moderate Unreviewed
CVE-2025-11167 was published Oct 11, 2025
Newforma Info Exchange (NIX) '/DownloadWeb/hyperlinkredirect.aspx' provides an unauthenticated... Moderate Unreviewed
CVE-2025-35059 was published Oct 9, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database