Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,758
Maven
5,000+
npm
4,364
NuGet
766
pip
4,132
Pub
12
RubyGems
961
Rust
1,070
Swift
45
Unreviewed advisories
All unreviewed
5,000+

1,251 advisories

Loading
Anubis vulnerable to possible XSS via redir parameter when using subrequest auth mode Moderate
CVE-2025-64716 was published for github.com/TecharoHQ/anubis (Go) Oct 30, 2025
nijel mbiesiad
Credited to nijel and mbiesiad
Inappropriate implementation in Lens in Google Chrome on iOS prior to 136.0.7103.59 allowed a... Moderate Unreviewed
CVE-2024-13983 was published Nov 14, 2025
A vulnerability in the web-based management interface of Cisco Catalyst Center Virtual Appliance... Moderate Unreviewed
CVE-2025-20355 was published Nov 13, 2025
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in CRM Perks WP Gravity Forms... Moderate Unreviewed
CVE-2025-62981 was published Oct 27, 2025
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in CRM Perks WP Gravity Forms... High Unreviewed
CVE-2025-60151 was published Oct 22, 2025
An Open Redirect vulnerability exists in the OAuth callback handler in file onlook/apps/web... Moderate Unreviewed
CVE-2025-63784 was published Nov 7, 2025
In Splunk Enterprise versions below 10.0.1, 9.4.5, 9.3.7, 9.2.9, and Splunk Cloud Platform... Low Unreviewed
CVE-2025-20378 was published Nov 12, 2025
Due to an Open Redirect vulnerability in SAP Business Connector, an unauthenticated attacker... Moderate Unreviewed
CVE-2025-42893 was published Nov 11, 2025
SAP S/4HANA landscape SAP E-Recruiting BSP allows an unauthenticated attacker to craft malicious... Moderate Unreviewed
CVE-2025-42924 was published Nov 11, 2025
Open redirect endpoint in Datasette Low
CVE-2025-64481 was published for datasette (pip) Nov 6, 2025
jamesjefferies
Credited to jamesjefferies
A flaw was found in Red Hat Single Sign-On. This issue is an Open Redirect vulnerability that... Moderate Unreviewed
CVE-2025-12789 was published Nov 7, 2025
ZITADEL Vulnerable to Account Takeover via Malicious Forwarded Header Injection High
CVE-2025-64101 was published for github.com/zitadel/zitadel/v2 (Go) Oct 29, 2025
amit-laish livio-a
IAM-marco
Credited to amit-laish, livio-a, and IAM-marco
Follow Redirects improperly handles URLs in the url.parse() function Moderate
CVE-2023-26159 was published for follow-redirects (npm) Jan 2, 2024
iainsproat
Credited to iainsproat
Open redirect in Apache Shiro Moderate
CVE-2023-46750 was published for org.apache.shiro:shiro-web (Maven) Dec 14, 2023
Open redirect in Tornado Moderate
CVE-2023-28370 was published for tornado (pip) May 25, 2023
christian-ruiz bdarnell
Credited to christian-ruiz and bdarnell
Python 3.x through 3.10 has an open redirection vulnerability in lib/http/server.py due to no... High Unreviewed
CVE-2021-28861 was published Aug 24, 2022
Symfony vulnerable to open redirect via browser-sanitized URLs Low
CVE-2024-50345 was published for symfony/http-foundation (Composer) Nov 6, 2024
nicolas-grekas zer0yu
Credited to nicolas-grekas and zer0yu
The issue was addressed with improved input validation. This issue is fixed in Safari 18.4,... High Unreviewed
CVE-2025-24180 was published Apr 1, 2025
Liferay Portal is vulnerable to DNS rebinding attacks Moderate
CVE-2025-62266 was published for com.liferay.portal:release.portal.bom (Maven) Oct 30, 2025
There is an Open Redirect vulnerability in Gnuboard v6.0.4 and below via the `url` parameter in... Moderate Unreviewed
CVE-2024-39097 was published Aug 26, 2024
Byaidu PDFMathTranslate vulnerable to open redirect Low
CVE-2025-50736 was published for pdf2zh (pip) Oct 30, 2025
An open redirection vulnerability in M-Files mobile applications for Android and iOS prior to... Moderate Unreviewed
CVE-2025-2091 was published Jun 16, 2025
PrivateBin is missing HTML sanitization of attached filename in file size hint Moderate
CVE-2025-62796 was published for privatebin/privatebin (Composer) Oct 28, 2025
elrido rugk
Credited to elrido and rugk
Liferay Portal Vulnerable to Open Redirect via the _com_liferay_layout_admin_web_portlet_GroupPagesPortlet_redirect parameter Moderate
CVE-2025-62253 was published for com.liferay:com.liferay.layout.admin.web (Maven) Oct 27, 2025
Internet Starter, one of SoftCOM iKSORIS system modules, is vulnerable to Open Redirect attacks... Moderate Unreviewed
CVE-2024-49706 was published Apr 14, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database