Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,479
Maven
5,000+
npm
5,000+
NuGet
886
pip
4,740
Pub
13
RubyGems
1,031
Rust
1,225
Swift
53
Unreviewed advisories
All unreviewed
5,000+

95 advisories

Loading
JupyterHub has an Open Redirect Vulnerability Moderate
CVE-2026-33709 was published for jupyterhub (pip) Apr 3, 2026
RacerZ-fighting Credited to RacerZ-fighting and Fushuling Fushuling Fushuling
django-allauth has an open redirect vulnerability Moderate
CVE-2026-27982 was published for django-allauth (pip) Mar 5, 2026
IRRd: web UI host header injection allows password reset poisoning via attacker-controlled email links High
CVE-2026-28681 was published for irrd (pip) Mar 4, 2026
BrookeYangRui Credited to BrookeYangRui
Products.isurlinportal has possible open redirect when using more than 2 forward slashes Moderate
CVE-2026-28413 was published for Products.isurlinportal (pip) Mar 2, 2026
ale-rt Credited to ale-rt
Gradio has an Open Redirect in its OAuth Flow Moderate
CVE-2026-28415 was published for gradio (pip) Mar 1, 2026
logicx24 Credited to logicx24
NiceGUI's Path Traversal via Unsanitized FileUpload.name Enables Arbitrary File Write High
CVE-2026-25732 was published for nicegui (pip) Feb 5, 2026
k14uz Credited to k14uz, falkoschindler, and evnchn falkoschindler falkoschindler
evnchn evnchn
web2py has an Open Redirect Vulnerability Moderate
CVE-2026-25198 was published for web2py (pip) Feb 5, 2026
WeasyPrint has a Server-Side Request Forgery (SSRF) Protection Bypass via HTTP Redirect High
CVE-2025-68616 was published for weasyprint (pip) Jan 20, 2026
g4nkd Credited to g4nkd
Mayan EDMS has an Open Redirect through the /authentication/ file Low
CVE-2025-14692 was published for mayan-edms (pip) Dec 15, 2025
Open Redirect Vulnerability in Taguette Moderate
CVE-2025-67502 was published for taguette (pip) Dec 9, 2025
yueyueL Credited to yueyueL
Open redirect endpoint in Datasette Low
CVE-2025-64481 was published for datasette (pip) Nov 6, 2025
jamesjefferies Credited to jamesjefferies
Byaidu PDFMathTranslate vulnerable to open redirect Low
CVE-2025-50736 was published for pdf2zh (pip) Oct 30, 2025
reflex-dev/reflex has an Open Redirect vulnerability Low
CVE-2025-62379 was published for reflex (pip) Oct 15, 2025
im-soohyun Credited to im-soohyun
vLLM is vulnerable to Server-Side Request Forgery (SSRF) through `MediaConnector` class High
CVE-2025-6242 was published for vllm (pip) Oct 7, 2025
kexinoh Credited to kexinoh, d3do-23, lonelyuan, huachenheli, DarkLight1337, russellb, and sidhpurwala-huzaifa d3do-23 d3do-23
lonelyuan lonelyuan huachenheli huachenheli DarkLight1337 DarkLight1337 russellb russellb sidhpurwala-huzaifa sidhpurwala-huzaifa
urllib3 does not control redirects in browsers and Node.js Moderate
CVE-2025-50182 was published for urllib3 (pip) Jun 18, 2025
illia-v Credited to illia-v, pquentin, and sethmlarson pquentin pquentin
sethmlarson sethmlarson
urllib3 redirects are not disabled when retries are disabled on PoolManager instantiation Moderate
CVE-2025-50181 was published for urllib3 (pip) Jun 18, 2025
sandumjacob Credited to sandumjacob, illia-v, pquentin, and sethmlarson illia-v illia-v
pquentin pquentin sethmlarson sethmlarson
Flask-AppBuilder open redirect vulnerability using HTTP host injection Moderate
CVE-2025-32962 was published for flask-appbuilder (pip) May 16, 2025
0xr0n0 Credited to 0xr0n0
Gradio Vulnerable to Open Redirect Moderate
CVE-2024-8021 was published for gradio (pip) Mar 20, 2025
BentoML Open Redirect vulnerability Moderate
GHSA-564p-rx2q-4c8v was published for bentoml (pip) Mar 20, 2025
FastChat open redirect vulnerability Moderate
CVE-2024-10908 was published for fschat (pip) Mar 20, 2025
CodeChecker open redirect when URL contains multiple slashes after the product name Moderate
CVE-2025-1300 was published for codechecker (pip) Mar 3, 2025
Discookie Credited to Discookie
GHSL-2024-288: SickChill open redirect in login Low
CVE-2024-53995 was published for sickchill (pip) Jan 8, 2025
WebOb's location header normalization during redirect leads to open redirect Moderate
CVE-2024-42353 was published for webob (pip) Aug 14, 2024
MobSF vulnerable to Open Redirect in Login Redirect Moderate
CVE-2024-41955 was published for mobsf (pip) Jul 31, 2024
Khoj Open Redirect Vulnerability in Login Page Moderate
GHSA-564j-v29w-rqr6 was published for khoj-assistant (pip) Jul 8, 2024
davidxbors Credited to davidxbors
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database