Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,549
Maven
5,000+
npm
5,000+
NuGet
917
pip
4,798
Pub
13
RubyGems
1,038
Rust
1,237
Swift
53
Unreviewed advisories
All unreviewed
5,000+

1,155 advisories

Loading
Saltcorn: Open Redirect in `POST /auth/login` due to incomplete `is_relative_url` validation (backslash bypass) Moderate
GHSA-f3g8-9xv5-77gv was published for @saltcorn/server (npm) Apr 16, 2026
Grafana Loki Path Traversal - CVE-2021-36156 Bypass Moderate
CVE-2026-21726 was published for github.com/grafana/loki/v3 (Go) Apr 15, 2026
A vulnerability in the web-based management interface of Cisco Unity Connection could allow an... Moderate Unreviewed
CVE-2026-20060 was published Apr 15, 2026
@adonisjs/http-server has an Open Redirect vulnerability Moderate
CVE-2026-40255 was published for @adonisjs/core (npm) Apr 14, 2026
thetutlage Credited to thetutlage
Due to an Open Redirect vulnerability in SAP NetWeaver Application Server ABAP, an... Moderate Unreviewed
CVE-2026-34257 was published Apr 14, 2026
The User Registration & Membership plugin for WordPress is vulnerable to Open Redirect in... Moderate Unreviewed
CVE-2026-6203 was published Apr 14, 2026
next-intl has an open redirect vulnerability Moderate
CVE-2026-40299 was published for next-intl (npm) Apr 10, 2026
joniumGit Credited to joniumGit
An open redirect vulnerability in Rocket.Chat versions prior to 8.4.0 allows users to be... Moderate Unreviewed
CVE-2026-22560 was published Apr 10, 2026
Apache Tomcat has an Open Redirect vulnerability Moderate
CVE-2026-25854 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Apr 9, 2026
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in John Darrel Hide My WP Ghost... Moderate Unreviewed
CVE-2026-39484 was published Apr 8, 2026
An open redirect in Ascertia SigningHub User v10.0 allows attackers to redirect users to a... Moderate Unreviewed
CVE-2025-61166 was published Apr 6, 2026
Directus: Open Redirect via Parser Bypass in OAuth2/SAML Authentication Flow Moderate
CVE-2026-35410 was published for directus (npm) Apr 4, 2026
POV9en Credited to POV9en
Directus: Open Redirect in Admin 2FA Setup Page Moderate
CVE-2026-35411 was published for directus (npm) Apr 4, 2026
ComfortablyCoding Credited to ComfortablyCoding, Akokonunes, and neo-ai-engineer Akokonunes Akokonunes
neo-ai-engineer neo-ai-engineer
Signal K Server: OAuth Authorization Code Theft via Unvalidated Host Header in OIDC Flow Moderate
CVE-2026-34083 was published for signalk-server (npm) Apr 3, 2026
VashuVats Credited to VashuVats
JupyterHub has an Open Redirect Vulnerability Moderate
CVE-2026-33709 was published for jupyterhub (pip) Apr 3, 2026
RacerZ-fighting Credited to RacerZ-fighting and Fushuling Fushuling Fushuling
XenForo before 2.2.17 and 2.3.1 allows open redirect via a specially crafted URL. The... Moderate Unreviewed
CVE-2024-58342 was published Apr 1, 2026
In Search Guard FLX up to version 4.0.1, it is possible to use specially crafted requests to... Moderate Unreviewed
CVE-2026-4799 was published Mar 31, 2026
n8n: Authenticated XSS and Open Redirect via Form Node Moderate
GHSA-w673-8fjw-457c was published for n8n (npm) Mar 27, 2026
tCu0n9 Credited to tCu0n9
Statamic has an Open Redirect on unauthenticated endpoints via URL parsing differential Moderate
CVE-2026-33885 was published for statamic/cms (Composer) Mar 26, 2026
offset Credited to offset
Open Redirect vulnerability in Hitachi Ops Center Administrator.This issue affects Hitachi Ops... Moderate Unreviewed
CVE-2026-1166 was published Mar 25, 2026
H3 has an Open Redirect via Protocol-Relative Path in redirectBack() Referer Validation Moderate
GHSA-fp4x-ggrf-wmc6 was published for h3 (npm) Mar 23, 2026
offset Credited to offset
Protocol-Relative URL Injection via Single Backslash Bypass in Angular SSR Moderate
CVE-2026-33397 was published for @angular/ssr (npm) Mar 19, 2026
VenkatKwest Credited to VenkatKwest, alan-agius4, securityMB, josephperrott, and AndrewKushnir alan-agius4 alan-agius4
securityMB securityMB josephperrott josephperrott AndrewKushnir AndrewKushnir
A flaw was found in mirror-registry where an authenticated user can trick the system into... Moderate Unreviewed
CVE-2026-2376 was published Mar 12, 2026
@backstage/plugin-auth-backend: OAuth redirect URI allowlist bypass Moderate
CVE-2026-32235 was published for @backstage/plugin-auth-backend (npm) Mar 12, 2026
IFTOP developed by WellChoose has an Open redirect vulnerability, allowing authenticated remote... Moderate Unreviewed
CVE-2026-3824 was published Mar 11, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database