Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,761
Maven
5,000+
npm
4,368
NuGet
767
pip
4,137
Pub
12
RubyGems
962
Rust
1,070
Swift
45
Unreviewed advisories
All unreviewed
5,000+

345 advisories

Loading
Forwarding of confidentials headers to third parties in fluture-node Low
CVE-2022-24719 was published for fluture-node (npm) Mar 1, 2022
Open redirect in karma Moderate
CVE-2021-23495 was published for karma (npm) Feb 26, 2022
Open Redirect in AllTube Moderate
CVE-2022-0692 was published for rudloff/alltube (Composer) Feb 23, 2022
hitisec
Credited to hitisec
open redirect in pollbot Moderate
CVE-2022-0637 was published for pollbot (pip) Feb 16, 2022
sampritdas8 tdunlap607
Credited to sampritdas8 and tdunlap607
Open redirect in microweber Moderate
CVE-2022-0597 was published for microweber/microweber (Composer) Feb 16, 2022
Open redirect vulnerability in Jenkins GitLab Authentication Plugin Moderate
CVE-2022-25196 was published for org.jenkins-ci.plugins:gitlab-oauth (Maven) Feb 16, 2022
NotMyFault
Credited to NotMyFault
Pivotal Concourse Open Redirect in Login Flow Moderate
CVE-2018-15798 was published for github.com/concourse/concourse (Go) Feb 15, 2022
Arbitrary redirects under /new endpoint Moderate
CVE-2021-29622 was published for github.com/prometheus/prometheus (Go) Feb 15, 2022
dodek
Credited to dodek
Open redirect in microweber Moderate
CVE-2022-0560 was published for microweber/microweber (Composer) Feb 12, 2022
Traefik vulnerable to Open Redirect via handling of X-Forwarded-Prefix header Moderate
CVE-2020-15129 was published for github.com/containous/traefik (Go) Feb 11, 2022
avivdolev
Credited to avivdolev
Open Redirect in koa-remove-trailing-slashes Moderate
CVE-2021-23384 was published for koa-remove-trailing-slashes (npm) Feb 10, 2022
tdunlap607
Credited to tdunlap607
URL Redirection to Untrusted Site ('Open Redirect') Moderate
CVE-2022-23618 was published for org.xwiki.platform:xwiki-platform-oldcore (Maven) Feb 9, 2022
Open redirect in Gitea Moderate
CVE-2021-45328 was published for github.com/go-gitea/gitea (Go) Feb 9, 2022
Cross-site Scripting and Open Redirect in plone.app.contenttypes Moderate
GHSA-f7qw-5fgj-247x was published for plone.app.contenttypes (pip) Feb 1, 2022
Unsafe handling of user-specified cookies in treq High
CVE-2022-23607 was published for treq (pip) Feb 1, 2022
glyph twm
Credited to glyph and twm
Cross-site Scripting and Open Redirect in Products.ATContentTypes Moderate
CVE-2022-23599 was published for Products.ATContentTypes (pip) Jan 28, 2022
node-fetch forwards secure headers to untrusted sites High
CVE-2022-0235 was published for node-fetch (npm) Jan 21, 2022
kurt-r2c
Credited to kurt-r2c
Open Redirect in node-forge Moderate
CVE-2022-0122 was published for node-forge (npm) Jan 21, 2022
URL parsing in node-forge could lead to undesired behavior. Low
GHSA-gf8q-jrpm-jvxq was published for node-forge (npm) Jan 8, 2022
kurt-r2c
Credited to kurt-r2c
Open Redirect in Grav Moderate
CVE-2020-11529 was published for getgrav/grav (Composer) Jan 7, 2022
Open redirect in shopware Moderate
CVE-2022-21651 was published for shopware/shopware (Composer) Jan 6, 2022
Open redirect vulnerability in Sourcegraph Moderate
CVE-2020-12283 was published for github.com/sourcegraph/sourcegraph (Go) Dec 20, 2021
Open Redirect in oauth2_proxy Moderate
CVE-2017-1000070 was published for github.com/bitly/oauth2_proxy (Go) Dec 20, 2021
The pattern '/\domain.com' is not disallowed when redirecting, allowing for open redirect Moderate
CVE-2020-5233 was published for github.com/oauth2-proxy/oauth2-proxy (Go) Dec 20, 2021
Open Redirect in OAuth2 Proxy High
CVE-2020-11053 was published for github.com/oauth2-proxy/oauth2-proxy (Go) Dec 20, 2021
rootxharsh iamnoooob
Mik317
Credited to rootxharsh, iamnoooob, and Mik317
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database