Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

952 advisories

Loading
An open redirect vulnerability is present in Piwigo 2.9 and probably prior versions, allowing... Moderate Unreviewed
CVE-2017-9464 was published May 17, 2022
IBM Rhapsody DM 5.0 and 6.0 could allow a remote attacker to conduct phishing attacks, using an... Moderate Unreviewed
CVE-2017-1287 was published May 17, 2022
dayrui FineCms 5.0.9 has URL Redirector Abuse via the url parameter in a sync action, related to... Moderate Unreviewed
CVE-2017-11586 was published May 17, 2022
If the user enables the https function on the device, an attacker can modify the user’s request... Moderate Unreviewed
CVE-2022-30562 was published Jun 29, 2022
IBM Emptoris Sourcing 9.5.x through 10.1.x could allow a remote attacker to conduct phishing... Moderate Unreviewed
CVE-2016-8953 was published May 17, 2022
A vulnerability in a URL parameter of Cisco WebEx Meeting Center could allow an unauthenticated,... Moderate Unreviewed
CVE-2017-3799 was published May 17, 2022
A vulnerability in the web interface of the Cisco Secure Access Control System (ACS) could allow... Moderate Unreviewed
CVE-2017-3840 was published May 17, 2022
A vulnerability in the web framework of Cisco Prime Service Catalog could allow an authenticated,... Moderate Unreviewed
CVE-2017-3810 was published May 17, 2022
In Nagios XI through 5.8.5, an open redirect vulnerability exists in the login function that... Moderate Unreviewed
CVE-2022-29272 was published Jun 30, 2022
A vulnerability in the web interface of Cisco Integrated Management Controller (IMC) Software... Moderate Unreviewed
CVE-2017-6604 was published May 17, 2022
EMC RSA Archer 5.4.1.3, 5.5.3.1, 5.5.2.3, 5.5.2, 5.5.1.3.1, 5.5.1.1 is affected by an open... Moderate Unreviewed
CVE-2017-5002 was published May 17, 2022
Koozali Foundation SME Server versions 8.x, 9.x, 10.x are vulnerable to an open URL redirect... Moderate Unreviewed
CVE-2017-1000027 was published May 17, 2022
The share function in Thycotic Secret Server before 10.2.000019 mishandles the Back Button,... Moderate Unreviewed
CVE-2017-11725 was published May 17, 2022
IBM Emptoris Sourcing 9.5.x through 10.1.x could allow a remote attacker to conduct phishing... Moderate Unreviewed
CVE-2016-8947 was published May 17, 2022
An issue was discovered in u5cms verion 8.3.5 There is a URL redirection vulnerability that can... Moderate Unreviewed
CVE-2022-32444 was published Jun 18, 2022
XOOPS Core 2.5.8 has a stored URL redirect bypass vulnerability in /modules/profile/index.php... Moderate Unreviewed
CVE-2017-12138 was published May 17, 2022
There is URL Redirector Abuse in MetInfo through 5.3.17 via the gourl parameter to member/#.php. Moderate Unreviewed
CVE-2017-11718 was published May 17, 2022
Apache Helix UI vulnerable to Open Redirect Moderate
CVE-2022-47500 was published for org.apache.helix:helix (Maven) Dec 19, 2022
Server-side request forgery in Apache Dubbo Moderate
CVE-2022-24969 was published for com.alibaba:dubbo (Maven) Jun 10, 2022
Due to insufficient input validation, SAP Financial Consolidation - version 1010, allows an... Moderate Unreviewed
CVE-2022-41258 was published Nov 9, 2022
In Apache HTTP Server 2.4.0 to 2.4.41, redirects configured with mod_rewrite that were intended... Moderate Unreviewed
CVE-2020-1927 was published May 24, 2022
Due to insufficient input validation, SAP Financial Consolidation - version 1010, allows an... Moderate Unreviewed
CVE-2022-41208 was published Nov 9, 2022
SAP Financial Consolidation - version 1010, does not sufficiently encode user-controlled input... Moderate Unreviewed
CVE-2022-41260 was published Nov 9, 2022
E-Series SANtricity OS Controller Software 11.x versions through 11.70.2 are vulnerable to host... Moderate Unreviewed
CVE-2022-23237 was published Jun 3, 2022
Traefik vulnerable to Open Redirect via handling of X-Forwarded-Prefix header Moderate
CVE-2020-15129 was published for github.com/containous/traefik (Go) Feb 11, 2022
avivdolev
ProTip! Advisories are also available from the GraphQL API