Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,479
Maven
5,000+
npm
5,000+
NuGet
886
pip
4,740
Pub
13
RubyGems
1,031
Rust
1,225
Swift
53
Unreviewed advisories
All unreviewed
5,000+

1,147 advisories

Loading
next-intl has an open redirect vulnerability Moderate
GHSA-8f24-v5vv-gm5j was published for next-intl (npm) Apr 10, 2026
joniumGit Credited to joniumGit
Apache Tomcat has an Open Redirect vulnerability Moderate
CVE-2026-25854 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Apr 9, 2026
An open redirect in Ascertia SigningHub User v10.0 allows attackers to redirect users to a... Moderate Unreviewed
CVE-2025-61166 was published Apr 6, 2026
Directus: Open Redirect via Parser Bypass in OAuth2/SAML Authentication Flow Moderate
CVE-2026-35410 was published for directus (npm) Apr 4, 2026
POV9en Credited to POV9en
Directus: Open Redirect in Admin 2FA Setup Page Moderate
CVE-2026-35411 was published for directus (npm) Apr 4, 2026
ComfortablyCoding Credited to ComfortablyCoding, Akokonunes, and neo-ai-engineer Akokonunes Akokonunes
neo-ai-engineer neo-ai-engineer
Signal K Server: OAuth Authorization Code Theft via Unvalidated Host Header in OIDC Flow Moderate
CVE-2026-34083 was published for signalk-server (npm) Apr 3, 2026
VashuVats Credited to VashuVats
JupyterHub has an Open Redirect Vulnerability Moderate
CVE-2026-33709 was published for jupyterhub (pip) Apr 3, 2026
RacerZ-fighting Credited to RacerZ-fighting and Fushuling Fushuling Fushuling
XenForo before 2.2.17 and 2.3.1 allows open redirect via a specially crafted URL. The... Moderate Unreviewed
CVE-2024-58342 was published Apr 1, 2026
In Search Guard FLX up to version 4.0.1, it is possible to use specially crafted requests to... Moderate Unreviewed
CVE-2026-4799 was published Mar 31, 2026
n8n: Authenticated XSS and Open Redirect via Form Node Moderate
GHSA-w673-8fjw-457c was published for n8n (npm) Mar 27, 2026
tCu0n9 Credited to tCu0n9
Statamic has an Open Redirect on unauthenticated endpoints via URL parsing differential Moderate
CVE-2026-33885 was published for statamic/cms (Composer) Mar 26, 2026
offset Credited to offset
Open Redirect vulnerability in Hitachi Ops Center Administrator.This issue affects Hitachi Ops... Moderate Unreviewed
CVE-2026-1166 was published Mar 25, 2026
H3 has an Open Redirect via Protocol-Relative Path in redirectBack() Referer Validation Moderate
GHSA-fp4x-ggrf-wmc6 was published for h3 (npm) Mar 23, 2026
offset Credited to offset
Protocol-Relative URL Injection via Single Backslash Bypass in Angular SSR Moderate
CVE-2026-33397 was published for @angular/ssr (npm) Mar 19, 2026
VenkatKwest Credited to VenkatKwest, alan-agius4, securityMB, josephperrott, and AndrewKushnir alan-agius4 alan-agius4
securityMB securityMB josephperrott josephperrott AndrewKushnir AndrewKushnir
A flaw was found in mirror-registry where an authenticated user can trick the system into... Moderate Unreviewed
CVE-2026-2376 was published Mar 12, 2026
@backstage/plugin-auth-backend: OAuth redirect URI allowlist bypass Moderate
CVE-2026-32235 was published for @backstage/plugin-auth-backend (npm) Mar 12, 2026
IFTOP developed by WellChoose has an Open redirect vulnerability, allowing authenticated remote... Moderate Unreviewed
CVE-2026-3824 was published Mar 11, 2026
A vulnerability in the web-based management interface of AOS-CX Switches could allow an... Moderate Unreviewed
CVE-2026-23817 was published Mar 11, 2026
actix-web-lab has host header poisoning in redirect middleware can generate attacker-controlled absolute redirects Moderate
GHSA-vhj5-x93p-67jw was published for actix-web-lab (Rust) Mar 11, 2026
Sylius has an Open Redirect via Referer Header Moderate
CVE-2026-31819 was published for sylius/sylius (Composer) Mar 11, 2026
bnBart Credited to bnBart
An issue pertaining to CWE-601: URL Redirection to Untrusted Site was discovered in Sunbird-Ed... Moderate Unreviewed
CVE-2025-70032 was published Mar 9, 2026
An issue pertaining to CWE-601: URL Redirection to Untrusted Site was discovered in linagora... Moderate Unreviewed
CVE-2025-70037 was published Mar 9, 2026
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Kings Plugins B2BKing... Moderate Unreviewed
CVE-2026-28106 was published Mar 6, 2026
django-allauth has an open redirect vulnerability Moderate
CVE-2026-27982 was published for django-allauth (pip) Mar 5, 2026
Products.isurlinportal has possible open redirect when using more than 2 forward slashes Moderate
CVE-2026-28413 was published for Products.isurlinportal (pip) Mar 2, 2026
ale-rt Credited to ale-rt
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database