GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
1,395 advisories
Umbraco.Cms: Open Redirect Vulnerability in Surface Controllers
Moderate
CVE-2026-46616
was published
for
Umbraco.Cms
(NuGet)
May 21, 2026
SimpleSAMLphp casserver: Open Redirect in logout
Moderate
CVE-2025-65954
was published
for
simplesamlphp/simplesamlphp-module-casserver
(Composer)
May 15, 2026
Authlib OIDC Implicit/Hybrid Authorization Vulnerable to Open Redirect
Moderate
CVE-2026-44681
was published
for
authlib
(pip)
May 13, 2026
Snipe-IT has an open redirect vulnerability
Moderate
CVE-2026-44833
was published
for
snipe/snipe-it
(Composer)
May 8, 2026
Electerm has an unvalidated shell.openExternal that allows arbitrary protocol execution via terminal link click
High
CVE-2026-43941
was published
for
electerm
(npm)
May 8, 2026
MCP Registry has open redirect via protocol-relative path in trailing-slash middleware
Moderate
CVE-2026-44427
was published
for
github.com/modelcontextprotocol/registry
(Go)
May 8, 2026
Devise has an Open Redirect via Unvalidated `request.referrer` in Timeoutable Session Timeout Handler
Moderate
CVE-2026-40295
was published
for
devise
(RubyGems)
May 8, 2026
Ech0's OAuth redirect URI validation ignores path component, enables exchange-code theft
High
GHSA-p64j-f4x9-wq66
was published
for
github.com/lin-snow/Ech0
(Go)
May 7, 2026
docling-graph has SSRF via Missing Internal IP Validation in URLInputHandler
Moderate
CVE-2026-44520
was published
for
docling-graph
(pip)
May 7, 2026
Kiota abstractions RedirectHandler leaks Cookie/Proxy-Authorization headers on cross-host redirect
High
CVE-2026-44503
was published
for
Microsoft.Kiota.Abstractions
(Go)
May 7, 2026
Angular SSR has Open Redirect and Request Steering via Encoded X-Forwarded-Prefix
Moderate
CVE-2026-44437
was published
for
@angular/ssr
(npm)
May 6, 2026
Nitro has an Open Redirect via Protocol-Relative URL Bypass in Wildcard Route Rules
Moderate
CVE-2026-44372
was published
for
nitro
(npm)
May 6, 2026
ProTip!
Advisories are also available from the
GraphQL API