GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
952 advisories
Filter by severity
The CGIHandler class in Python before 2.7.12 does not protect against the HTTP_PROXY variable...
Moderate
Unreviewed
CVE-2016-1000110
was published
May 24, 2022
In affected Octopus Server versions when the server HTTP and HTTPS bindings are configured to...
Moderate
Unreviewed
CVE-2022-23184
was published
Feb 8, 2022
Insufficient policy enforcement in service workers in Google Chrome prior to 74.0.3729.108...
Moderate
Unreviewed
CVE-2019-5823
was published
May 24, 2022
oauth2-server through 3.1.1 vulnerable to Open Redirect
High
CVE-2020-26938
was published
for
oauth2-server
(npm)
Aug 30, 2022
Open redirect in ASP.NET Core
Moderate
CVE-2019-1075
was published
for
Microsoft.AspNetCore.All
(NuGet)
May 24, 2022
Gophish before 0.12.0 vulnerable to Open Redirect
Moderate
CVE-2022-25295
was published
for
github.com/gophish/gophish
(Go)
Sep 12, 2022
In NOKIA 1350 OMS R14.2, an Open Redirect vulnerability occurs is the login page via next HTTP...
Moderate
Unreviewed
CVE-2022-39814
was published
Sep 14, 2022
Open redirect in ASP.NET Core
High
CVE-2017-11879
was published
for
Microsoft.AspNetCore.All
(NuGet)
May 14, 2022
The English WordPress Admin WordPress plugin before 1.5.2 does not validate the...
Moderate
Unreviewed
CVE-2021-25111
was published
Apr 26, 2022
URL Redirection to Untrusted Site ('Open Redirect') in next-auth
Moderate
CVE-2022-29214
was published
for
next-auth
(npm)
May 24, 2022
NextAuth.js default redirect callback vulnerable to open redirects
Moderate
CVE-2022-24858
was published
for
next-auth
(npm)
Apr 22, 2022
An intent redirection vulnerability in the Mi App Store product. This vulnerability is caused by...
Moderate
Unreviewed
CVE-2020-14118
was published
Apr 22, 2022
It was found in vanilla forums before 2.0.10 a potential linkbait vulnerability in dispatcher.
Moderate
Unreviewed
CVE-2010-4266
was published
Apr 21, 2022
drupal6 version 6.16 has open redirection
Moderate
Unreviewed
CVE-2010-2471
was published
Apr 21, 2022
Automated Logic's WebCtrl Server Version 6.1 'Help' index pages are vulnerable to open...
Moderate
Unreviewed
CVE-2022-1019
was published
Apr 20, 2022
A URL redirection vulnerability in Skyhigh SWG in main releases 10.x prior to 10.2.9, 9.x prior...
Moderate
Unreviewed
CVE-2022-1254
was published
Apr 21, 2022
Open redirect vulnerability via endpoint authorize_and_redirect/?redirect= in GitHub repository...
Moderate
Unreviewed
CVE-2022-0645
was published
Apr 20, 2022
An open redirect vulnerability in the administrative interface of the B. Braun Melsungen AG...
Moderate
Unreviewed
CVE-2020-25154
was published
Apr 15, 2022
An open redirect vulnerability in Hubzilla before version 7.2 allows remote attackers to redirect...
Moderate
Unreviewed
CVE-2022-27256
was published
Apr 14, 2022
SAP NetWeaver ABAP Server and ABAP Platform - versions 740, 750, 787, allows an unauthenticated...
Moderate
Unreviewed
CVE-2022-28215
was published
Apr 13, 2022
Requests initiated through reader mode did not properly omit cookies with a SameSite attribute....
Moderate
Unreviewed
CVE-2022-29912
was published
Dec 22, 2022
OrangeHRM 4.10 suffers from a Referer header injection redirect vulnerability.
Moderate
Unreviewed
CVE-2022-27109
was published
Apr 7, 2022
OrangeHRM 4.10 is vulnerable to a Host header injection redirect via viewPersonalDetails endpoint.
Moderate
Unreviewed
CVE-2022-27110
was published
Apr 7, 2022
Open redirect in wwbn/avideo
Moderate
CVE-2022-27463
was published
for
wwbn/avideo
(Composer)
Apr 6, 2022
URL Confusion When Scheme Not Supplied in medialize/uri.js
Moderate
CVE-2022-1233
was published
for
urijs
(npm)
Apr 5, 2022
ProTip!
Advisories are also available from the
GraphQL API