GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,189
Erlang
31
GitHub Actions
19
Go
1,985
Maven
5,000+
npm
3,701
NuGet
657
pip
3,326
Pub
11
RubyGems
882
Rust
836
Swift
35
Unreviewed advisories
All unreviewed
5,000+
34 advisories
Filter by severity
Coder vulnerable to post-auth URL redirection to untrusted site ('Open Redirect')
Moderate
GHSA-wcx9-ccpj-hx3c
was published
for
github.com/coder/coder/v2
(Go)
Oct 28, 2024
lorawan-stack Open Redirect vulnerability
Moderate
CVE-2023-26494
was published
for
go.thethings.network/lorawan-stack/v3
(Go)
Aug 5, 2024
Open Redirect URL in Harbor
Moderate
CVE-2024-22244
was published
for
github.com/goharbor/harbor
(Go)
Jun 2, 2024
Privilege Escalation in Kubernetes
Moderate
CVE-2020-8559
was published
for
k8s.io/apimachinery
(Go)
Apr 24, 2024
Open Redirect in github.com/greenpau/caddy-security
Moderate
CVE-2024-21497
was published
for
github.com/greenpau/caddy-security
(Go)
Feb 17, 2024
Mattermost Open Redirect vulnerability
Moderate
CVE-2023-47168
was published
for
github.com/mattermost/mattermost-server/v6
(Go)
Nov 27, 2023
code.gitea.io/gitea Open Redirect vulnerability
Low
CVE-2023-3515
was published
for
code.gitea.io/gitea
(Go)
Jul 5, 2023
Authelia allows open redirects on the logout endpoint
Moderate
CVE-2021-29456
was published
for
github.com/authelia/authelia/v4
(Go)
Mar 16, 2023
coreDNS vulnerable to Improper Restriction of Communication Channel to Intended Endpoints
Moderate
CVE-2022-2837
was published
for
github.com/coredns/coredns
(Go)
Mar 3, 2023
Open Redirect in Caddy
Moderate
CVE-2022-28923
was published
for
github.com/caddyserver/caddy/v2
(Go)
Feb 7, 2023
scs-library-client may leak user credentials to third-party service via HTTP redirect
Moderate
CVE-2022-23538
was published
for
github.com/sylabs/scs-library-client
(Go)
Jan 20, 2023
Macaron i18n Open Redirect vulnerability
Moderate
CVE-2020-36627
was published
for
github.com/go-macaron/i18n
(Go)
Dec 25, 2022
Labstack Echo Open Redirect vulnerability
Critical
CVE-2022-40083
was published
for
github.com/labstack/echo/v4
(Go)
Sep 29, 2022
Gophish before 0.12.0 vulnerable to Open Redirect
Moderate
CVE-2022-25295
was published
for
github.com/gophish/gophish
(Go)
Sep 12, 2022
Open redirect in caddy
Moderate
CVE-2022-29718
was published
for
github.com/caddyserver/caddy
(Go)
Jun 3, 2022
Arbitrary redirects under /new endpoint
Moderate
CVE-2021-29622
was published
for
github.com/prometheus/prometheus
(Go)
Feb 15, 2022
Pivotal Concourse Open Redirect in Login Flow
Moderate
CVE-2018-15798
was published
for
github.com/concourse/concourse
(Go)
Feb 15, 2022
Traefik vulnerable to Open Redirect via handling of X-Forwarded-Prefix header
Moderate
CVE-2020-15129
was published
for
github.com/containous/traefik
(Go)
Feb 11, 2022
Open redirect in Gitea
Moderate
CVE-2021-45328
was published
for
github.com/go-gitea/gitea
(Go)
Feb 9, 2022
Open redirect vulnerability in Sourcegraph
Moderate
CVE-2020-12283
was published
for
github.com/sourcegraph/sourcegraph
(Go)
Dec 20, 2021
Open Redirect in oauth2_proxy
Moderate
CVE-2017-1000070
was published
for
github.com/bitly/oauth2_proxy
(Go)
Dec 20, 2021
The pattern '/\domain.com' is not disallowed when redirecting, allowing for open redirect
Moderate
CVE-2020-5233
was published
for
github.com/oauth2-proxy/oauth2-proxy
(Go)
Dec 20, 2021
Open Redirect in OAuth2 Proxy
High
CVE-2020-11053
was published
for
github.com/oauth2-proxy/oauth2-proxy
(Go)
Dec 20, 2021
Open Redirect in OAuth2 Proxy
Moderate
CVE-2020-4037
was published
for
github.com/oauth2-proxy/oauth2-proxy
(Go)
Dec 20, 2021
ProTip!
Advisories are also available from the
GraphQL API