Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,189
Erlang
31
GitHub Actions
19
Go
1,985
Maven
5,000+
npm
3,701
NuGet
657
pip
3,326
Pub
11
RubyGems
882
Rust
836
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

639 advisories

Loading
An open redirect vulnerability exists in Nagios XI before version 5.8.5 that could lead to... Moderate Unreviewed
CVE-2021-37352 was published May 24, 2022
Cscms Music Portal System v4.2 was discovered to contain a redirection vulnerability via the... Moderate Unreviewed
CVE-2022-27090 was published Mar 23, 2022
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in Netegrity SiteMinder up to 4.5.1 and... Moderate Unreviewed
CVE-2005-10001 was published Mar 29, 2022
An issue has been discovered affecting GitLab versions prior to 13.5. An open redirect... Moderate Unreviewed
CVE-2022-0283 was published Mar 29, 2022
An issue was discovered in Joomla! 2.5.0 through 3.10.6 & 4.0.0 through 4.1.0. Inadequate... Moderate Unreviewed
CVE-2022-23798 was published Mar 31, 2022
Archer 6.x through 6.9 P2 (6.9.0.2) is affected by an open redirect vulnerability. A remote... Moderate Unreviewed
CVE-2022-26950 was published Mar 31, 2022
OrangeHRM 4.10 is vulnerable to a Host header injection redirect via viewPersonalDetails endpoint. Moderate Unreviewed
CVE-2022-27110 was published Apr 7, 2022
OrangeHRM 4.10 suffers from a Referer header injection redirect vulnerability. Moderate Unreviewed
CVE-2022-27109 was published Apr 7, 2022
Requests initiated through reader mode did not properly omit cookies with a SameSite attribute.... Moderate Unreviewed
CVE-2022-29912 was published Dec 22, 2022
SAP NetWeaver ABAP Server and ABAP Platform - versions 740, 750, 787, allows an unauthenticated... Moderate Unreviewed
CVE-2022-28215 was published Apr 13, 2022
An open redirect vulnerability in Hubzilla before version 7.2 allows remote attackers to redirect... Moderate Unreviewed
CVE-2022-27256 was published Apr 14, 2022
An open redirect vulnerability in the administrative interface of the B. Braun Melsungen AG... Moderate Unreviewed
CVE-2020-25154 was published Apr 15, 2022
Open redirect vulnerability via endpoint authorize_and_redirect/?redirect= in GitHub repository... Moderate Unreviewed
CVE-2022-0645 was published Apr 20, 2022
A URL redirection vulnerability in Skyhigh SWG in main releases 10.x prior to 10.2.9, 9.x prior... Moderate Unreviewed
CVE-2022-1254 was published Apr 21, 2022
Automated Logic's WebCtrl Server Version 6.1 'Help' index pages are vulnerable to open... Moderate Unreviewed
CVE-2022-1019 was published Apr 20, 2022
drupal6 version 6.16 has open redirection Moderate Unreviewed
CVE-2010-2471 was published Apr 21, 2022
It was found in vanilla forums before 2.0.10 a potential linkbait vulnerability in dispatcher. Moderate Unreviewed
CVE-2010-4266 was published Apr 21, 2022
An intent redirection vulnerability in the Mi App Store product. This vulnerability is caused by... Moderate Unreviewed
CVE-2020-14118 was published Apr 22, 2022
The English WordPress Admin WordPress plugin before 1.5.2 does not validate the... Moderate Unreviewed
CVE-2021-25111 was published Apr 26, 2022
In NOKIA 1350 OMS R14.2, an Open Redirect vulnerability occurs is the login page via next HTTP... Moderate Unreviewed
CVE-2022-39814 was published Sep 14, 2022
Insufficient policy enforcement in service workers in Google Chrome prior to 74.0.3729.108... Moderate Unreviewed
CVE-2019-5823 was published May 24, 2022
In affected Octopus Server versions when the server HTTP and HTTPS bindings are configured to... Moderate Unreviewed
CVE-2022-23184 was published Feb 8, 2022
The CGIHandler class in Python before 2.7.12 does not protect against the HTTP_PROXY variable... Moderate Unreviewed
CVE-2016-1000110 was published May 24, 2022
E-Series SANtricity OS Controller Software 11.x versions through 11.70.2 are vulnerable to host... Moderate Unreviewed
CVE-2022-23237 was published Jun 3, 2022
Due to insufficient input validation, SAP Financial Consolidation - version 1010, allows an... Moderate Unreviewed
CVE-2022-41208 was published Nov 9, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database