GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
72 advisories
next-intl has an open redirect vulnerability
Moderate
GHSA-8f24-v5vv-gm5j
was published
for
next-intl
(npm)
Apr 10, 2026
Directus: Open Redirect via Parser Bypass in OAuth2/SAML Authentication Flow
Moderate
CVE-2026-35410
was published
for
directus
(npm)
Apr 4, 2026
Directus: Open Redirect in Admin 2FA Setup Page
Moderate
CVE-2026-35411
was published
for
directus
(npm)
Apr 4, 2026
Signal K Server: OAuth Authorization Code Theft via Unvalidated Host Header in OIDC Flow
Moderate
CVE-2026-34083
was published
for
signalk-server
(npm)
Apr 3, 2026
n8n: Authenticated XSS and Open Redirect via Form Node
Moderate
GHSA-w673-8fjw-457c
was published
for
n8n
(npm)
Mar 27, 2026
H3 has an Open Redirect via Protocol-Relative Path in redirectBack() Referer Validation
Moderate
GHSA-fp4x-ggrf-wmc6
was published
for
h3
(npm)
Mar 23, 2026
Protocol-Relative URL Injection via Single Backslash Bypass in Angular SSR
Moderate
CVE-2026-33397
was published
for
@angular/ssr
(npm)
Mar 19, 2026
Angular SSR has an Open Redirect via X-Forwarded-Prefix
Moderate
CVE-2026-27738
was published
for
@angular/ssr
(npm)
Feb 25, 2026
Feathers has an open redirect in OAuth callback enables account takeover
High
CVE-2026-27191
was published
for
@feathersjs/authentication-oauth
(npm)
Feb 19, 2026
Qwik City Open Redirect via fixTrailingSlash
Low
CVE-2026-25149
was published
for
@builder.io/qwik-city
(npm)
Feb 3, 2026
NocoDB has Unvalidated Redirect in Login Flow via continueAfterSignIn Parameter
Moderate
CVE-2026-24768
was published
for
nocodb
(npm)
Jan 28, 2026
React Router has unexpected external redirect via untrusted paths
Moderate
CVE-2025-68470
was published
for
react-router
(npm)
Jan 8, 2026
Directus has open redirect in SAML
Moderate
CVE-2026-22032
was published
for
@directus/api
(npm)
Jan 6, 2026
Koa Vulnerable to Open Redirect via Trailing Double-Slash (//) in back Redirect Logic
Moderate
CVE-2025-62595
was published
for
koa
(npm)
Oct 21, 2025
lobe-chat has an Open Redirect
Moderate
CVE-2025-59426
was published
for
@lobehub/chat
(npm)
Sep 24, 2025
@astrojs/node's trailing slash handling causes open redirect issue
Moderate
CVE-2025-55207
was published
for
@astrojs/node
(npm)
Aug 15, 2025
Astros's duplicate trailing slash feature leads to an open redirection security issue
Moderate
CVE-2025-54793
was published
for
astro
(npm)
Aug 7, 2025
Koa Open Redirect via Referrer Header (User-Controlled)
Low
CVE-2025-8129
was published
for
koa
(npm)
Jul 29, 2025
DiracX-Web is vulnerable to attack through an Open Redirect on its login page
Moderate
CVE-2025-54066
was published
for
@dirac-grid/diracx-web-components
(npm)
Jul 17, 2025
Better Auth Open Redirect Vulnerability in originCheck Middleware Affects Multiple Routes
Low
CVE-2025-53535
was published
for
better-auth
(npm)
Jul 7, 2025
ProTip!
Advisories are also available from the
GraphQL API