Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,479
Maven
5,000+
npm
5,000+
NuGet
886
pip
4,740
Pub
13
RubyGems
1,031
Rust
1,225
Swift
53
Unreviewed advisories
All unreviewed
5,000+

298 advisories

Loading
next-intl has an open redirect vulnerability Moderate
GHSA-8f24-v5vv-gm5j was published for next-intl (npm) Apr 10, 2026
joniumGit Credited to joniumGit
Apache Tomcat has an Open Redirect vulnerability Moderate
CVE-2026-25854 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Apr 9, 2026
Directus: Open Redirect via Parser Bypass in OAuth2/SAML Authentication Flow Moderate
CVE-2026-35410 was published for directus (npm) Apr 4, 2026
POV9en Credited to POV9en
Directus: Open Redirect in Admin 2FA Setup Page Moderate
CVE-2026-35411 was published for directus (npm) Apr 4, 2026
ComfortablyCoding Credited to ComfortablyCoding, Akokonunes, and neo-ai-engineer Akokonunes Akokonunes
neo-ai-engineer neo-ai-engineer
Signal K Server: OAuth Authorization Code Theft via Unvalidated Host Header in OIDC Flow Moderate
CVE-2026-34083 was published for signalk-server (npm) Apr 3, 2026
VashuVats Credited to VashuVats
JupyterHub has an Open Redirect Vulnerability Moderate
CVE-2026-33709 was published for jupyterhub (pip) Apr 3, 2026
RacerZ-fighting Credited to RacerZ-fighting and Fushuling Fushuling Fushuling
n8n: Authenticated XSS and Open Redirect via Form Node Moderate
GHSA-w673-8fjw-457c was published for n8n (npm) Mar 27, 2026
tCu0n9 Credited to tCu0n9
Statamic has an Open Redirect on unauthenticated endpoints via URL parsing differential Moderate
CVE-2026-33885 was published for statamic/cms (Composer) Mar 26, 2026
offset Credited to offset
H3 has an Open Redirect via Protocol-Relative Path in redirectBack() Referer Validation Moderate
GHSA-fp4x-ggrf-wmc6 was published for h3 (npm) Mar 23, 2026
offset Credited to offset
Protocol-Relative URL Injection via Single Backslash Bypass in Angular SSR Moderate
CVE-2026-33397 was published for @angular/ssr (npm) Mar 19, 2026
VenkatKwest Credited to VenkatKwest, alan-agius4, securityMB, josephperrott, and AndrewKushnir alan-agius4 alan-agius4
securityMB securityMB josephperrott josephperrott AndrewKushnir AndrewKushnir
@backstage/plugin-auth-backend: OAuth redirect URI allowlist bypass Moderate
CVE-2026-32235 was published for @backstage/plugin-auth-backend (npm) Mar 12, 2026
actix-web-lab has host header poisoning in redirect middleware can generate attacker-controlled absolute redirects Moderate
GHSA-vhj5-x93p-67jw was published for actix-web-lab (Rust) Mar 11, 2026
Sylius has an Open Redirect via Referer Header Moderate
CVE-2026-31819 was published for sylius/sylius (Composer) Mar 11, 2026
bnBart Credited to bnBart
django-allauth has an open redirect vulnerability Moderate
CVE-2026-27982 was published for django-allauth (pip) Mar 5, 2026
Products.isurlinportal has possible open redirect when using more than 2 forward slashes Moderate
CVE-2026-28413 was published for Products.isurlinportal (pip) Mar 2, 2026
ale-rt Credited to ale-rt
Gradio has an Open Redirect in its OAuth Flow Moderate
CVE-2026-28415 was published for gradio (pip) Mar 1, 2026
logicx24 Credited to logicx24
Angular SSR has an Open Redirect via X-Forwarded-Prefix Moderate
CVE-2026-27738 was published for @angular/ssr (npm) Feb 25, 2026
alan-agius4 Credited to alan-agius4, josephperrott, securityMB, AndrewKushnir, dgp1130, and VenkatKwest josephperrott josephperrott
securityMB securityMB AndrewKushnir AndrewKushnir dgp1130 dgp1130 VenkatKwest VenkatKwest
client-certificate-auth Vulnerable to Open Redirect via Host Header Injection in HTTP-to-HTTPS redirect Moderate
CVE-2026-25651 was published for client-certificate-auth (npm) Feb 6, 2026
web2py has an Open Redirect Vulnerability Moderate
CVE-2026-25198 was published for web2py (pip) Feb 5, 2026
WireGuard Portal v2 has Open Redirect Vulnerability in OAuth Authentication Flow Moderate
GHSA-grh9-37g7-53mj was published for github.com/h44z/wg-portal (Go) Feb 2, 2026
coolsarne Credited to coolsarne and floerer floerer floerer
NocoDB has Unvalidated Redirect in Login Flow via continueAfterSignIn Parameter Moderate
CVE-2026-24768 was published for nocodb (npm) Jan 28, 2026
p- Credited to p-
chi has an open redirect vulnerability in the RedirectSlashes middleware Moderate
GHSA-mqqf-5wvp-8fh8 was published for github.com/go-chi/chi (Go) Jan 14, 2026
thanosgn Credited to thanosgn
React Router has unexpected external redirect via untrusted paths Moderate
CVE-2025-68470 was published for react-router (npm) Jan 8, 2026
APshenkin Credited to APshenkin
Directus has open redirect in SAML Moderate
CVE-2026-22032 was published for @directus/api (npm) Jan 6, 2026
im-soohyun Credited to im-soohyun and Seeunsama Seeunsama Seeunsama
ABP Account Module has an Open Redirect through Improper validation in its register function Moderate
CVE-2025-65581 was published for Volo.Abp.Account.Web (NuGet) Dec 16, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database