GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
1,340 advisories
Authorizer: Password reset token theft and full auth token redirect via unvalidated redirect_uri
High
GHSA-x3f4-v83f-7wp2
was published
for
github.com/authorizerdev/authorizer
(Go)
Apr 6, 2026
Directus: Open Redirect via Parser Bypass in OAuth2/SAML Authentication Flow
Moderate
CVE-2026-35410
was published
for
directus
(npm)
Apr 4, 2026
Directus: Open Redirect in Admin 2FA Setup Page
Moderate
CVE-2026-35411
was published
for
directus
(npm)
Apr 4, 2026
Signal K Server: OAuth Authorization Code Theft via Unvalidated Host Header in OIDC Flow
Moderate
CVE-2026-34083
was published
for
signalk-server
(npm)
Apr 3, 2026
JupyterHub has an Open Redirect Vulnerability
Moderate
CVE-2026-33709
was published
for
jupyterhub
(pip)
Apr 3, 2026
n8n: Authenticated XSS and Open Redirect via Form Node
Moderate
GHSA-w673-8fjw-457c
was published
for
n8n
(npm)
Mar 27, 2026
Statamic has an Open Redirect on unauthenticated endpoints via URL parsing differential
Moderate
CVE-2026-33885
was published
for
statamic/cms
(Composer)
Mar 26, 2026
H3 has an Open Redirect via Protocol-Relative Path in redirectBack() Referer Validation
Moderate
GHSA-fp4x-ggrf-wmc6
was published
for
h3
(npm)
Mar 23, 2026
Protocol-Relative URL Injection via Single Backslash Bypass in Angular SSR
Moderate
CVE-2026-33397
was published
for
@angular/ssr
(npm)
Mar 19, 2026
AVideo has an Open Redirect via Unvalidated redirectUri in userLogin.php
Low
CVE-2026-33296
was published
for
wwbn/avideo
(Composer)
Mar 19, 2026
ProTip!
Advisories are also available from the
GraphQL API