GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
952 advisories
Filter by severity
An open redirect vulnerability is present in Piwigo 2.9 and probably prior versions, allowing...
Moderate
Unreviewed
CVE-2017-9464
was published
May 17, 2022
IBM Rhapsody DM 5.0 and 6.0 could allow a remote attacker to conduct phishing attacks, using an...
Moderate
Unreviewed
CVE-2017-1287
was published
May 17, 2022
dayrui FineCms 5.0.9 has URL Redirector Abuse via the url parameter in a sync action, related to...
Moderate
Unreviewed
CVE-2017-11586
was published
May 17, 2022
If the user enables the https function on the device, an attacker can modify the user’s request...
Moderate
Unreviewed
CVE-2022-30562
was published
Jun 29, 2022
IBM Emptoris Sourcing 9.5.x through 10.1.x could allow a remote attacker to conduct phishing...
Moderate
Unreviewed
CVE-2016-8953
was published
May 17, 2022
A vulnerability in a URL parameter of Cisco WebEx Meeting Center could allow an unauthenticated,...
Moderate
Unreviewed
CVE-2017-3799
was published
May 17, 2022
A vulnerability in the web interface of the Cisco Secure Access Control System (ACS) could allow...
Moderate
Unreviewed
CVE-2017-3840
was published
May 17, 2022
A vulnerability in the web framework of Cisco Prime Service Catalog could allow an authenticated,...
Moderate
Unreviewed
CVE-2017-3810
was published
May 17, 2022
In Nagios XI through 5.8.5, an open redirect vulnerability exists in the login function that...
Moderate
Unreviewed
CVE-2022-29272
was published
Jun 30, 2022
A vulnerability in the web interface of Cisco Integrated Management Controller (IMC) Software...
Moderate
Unreviewed
CVE-2017-6604
was published
May 17, 2022
EMC RSA Archer 5.4.1.3, 5.5.3.1, 5.5.2.3, 5.5.2, 5.5.1.3.1, 5.5.1.1 is affected by an open...
Moderate
Unreviewed
CVE-2017-5002
was published
May 17, 2022
Koozali Foundation SME Server versions 8.x, 9.x, 10.x are vulnerable to an open URL redirect...
Moderate
Unreviewed
CVE-2017-1000027
was published
May 17, 2022
The share function in Thycotic Secret Server before 10.2.000019 mishandles the Back Button,...
Moderate
Unreviewed
CVE-2017-11725
was published
May 17, 2022
IBM Emptoris Sourcing 9.5.x through 10.1.x could allow a remote attacker to conduct phishing...
Moderate
Unreviewed
CVE-2016-8947
was published
May 17, 2022
An issue was discovered in u5cms verion 8.3.5 There is a URL redirection vulnerability that can...
Moderate
Unreviewed
CVE-2022-32444
was published
Jun 18, 2022
XOOPS Core 2.5.8 has a stored URL redirect bypass vulnerability in /modules/profile/index.php...
Moderate
Unreviewed
CVE-2017-12138
was published
May 17, 2022
There is URL Redirector Abuse in MetInfo through 5.3.17 via the gourl parameter to member/#.php.
Moderate
Unreviewed
CVE-2017-11718
was published
May 17, 2022
Apache Helix UI vulnerable to Open Redirect
Moderate
CVE-2022-47500
was published
for
org.apache.helix:helix
(Maven)
Dec 19, 2022
Server-side request forgery in Apache Dubbo
Moderate
CVE-2022-24969
was published
for
com.alibaba:dubbo
(Maven)
Jun 10, 2022
Due to insufficient input validation, SAP Financial Consolidation - version 1010, allows an...
Moderate
Unreviewed
CVE-2022-41258
was published
Nov 9, 2022
In Apache HTTP Server 2.4.0 to 2.4.41, redirects configured with mod_rewrite that were intended...
Moderate
Unreviewed
CVE-2020-1927
was published
May 24, 2022
Due to insufficient input validation, SAP Financial Consolidation - version 1010, allows an...
Moderate
Unreviewed
CVE-2022-41208
was published
Nov 9, 2022
SAP Financial Consolidation - version 1010, does not sufficiently encode user-controlled input...
Moderate
Unreviewed
CVE-2022-41260
was published
Nov 9, 2022
E-Series SANtricity OS Controller Software 11.x versions through 11.70.2 are vulnerable to host...
Moderate
Unreviewed
CVE-2022-23237
was published
Jun 3, 2022
Traefik vulnerable to Open Redirect via handling of X-Forwarded-Prefix header
Moderate
CVE-2020-15129
was published
for
github.com/containous/traefik
(Go)
Feb 11, 2022
ProTip!
Advisories are also available from the
GraphQL API