Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,758
Maven
5,000+
npm
4,364
NuGet
766
pip
4,132
Pub
12
RubyGems
961
Rust
1,070
Swift
45
Unreviewed advisories
All unreviewed
5,000+

102 advisories

Loading
WBCE CMS 1.6.1 contains a cross-site scripting vulnerability that allows attackers to inject... High Unreviewed
CVE-2023-53901 was published Dec 16, 2025
ZITADEL Vulnerable to Account Takeover Due to Improper Instance Validation in V2 Login High
GHSA-pfrf-9r5f-73f5 was published for github.com/zitadel/zitadel (Go) Dec 8, 2025
amit-laish peintnermax
livio-a
Credited to amit-laish, peintnermax, and livio-a
Better Auth allows bypassing the trustedOrigins Protection which leads to ATO High
GHSA-vp58-j275-797x was published for better-auth (npm) Feb 24, 2025
castilho101
Credited to castilho101
Open Redirect in URL parameter in Automated Logic WebCTRL and Carrier i-Vu versions 6.0, 6.5, 7.0... High Unreviewed
CVE-2024-8527 was published Nov 19, 2025
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in CRM Perks WP Gravity Forms... High Unreviewed
CVE-2025-60151 was published Oct 22, 2025
ZITADEL Vulnerable to Account Takeover via Malicious Forwarded Header Injection High
CVE-2025-64101 was published for github.com/zitadel/zitadel/v2 (Go) Oct 29, 2025
amit-laish livio-a
IAM-marco
Credited to amit-laish, livio-a, and IAM-marco
Python 3.x through 3.10 has an open redirection vulnerability in lib/http/server.py due to no... High Unreviewed
CVE-2021-28861 was published Aug 24, 2022
The issue was addressed with improved input validation. This issue is fixed in Safari 18.4,... High Unreviewed
CVE-2025-24180 was published Apr 1, 2025
vLLM is vulnerable to Server-Side Request Forgery (SSRF) through `MediaConnector` class High
CVE-2025-6242 was published for vllm (pip) Oct 7, 2025
kexinoh d3do-23
lonelyuan huachenheli DarkLight1337 russellb sidhpurwala-huzaifa
Credited to kexinoh, d3do-23, lonelyuan, huachenheli, DarkLight1337, russellb, and sidhpurwala-huzaifa
Account Takeover in Corezoid 6.6.0 in the OAuth2 implementation via an open redirect in the... High Unreviewed
CVE-2024-55017 was published Sep 30, 2025
Mattermost Open Redirect vulnerability High
CVE-2025-9072 was published for github.com/mattermost/mattermost-server (Go) Sep 15, 2025
A vulnerability in the Virtual Keyboard Video Monitor (vKVM) connection handling of Cisco... High Unreviewed
CVE-2025-20317 was published Aug 27, 2025
IBM Cognos Command Center 10.2.4.1 and 10.2.5 could allow a remote attacker to conduct phishing... High Unreviewed
CVE-2025-2697 was published Aug 26, 2025
IBM Operational Decision Manager 8.11.0.1, 8.11.1.0, 8.12.0.1, 9.0.0.1, and 9.5.0 could allow a... High Unreviewed
CVE-2025-2824 was published Aug 1, 2025
The AI Engine plugin for WordPress is vulnerable to open redirect in version 2.8.4. This is due... High Unreviewed
CVE-2025-6238 was published Jul 4, 2025
ZITADEL Allows Account Takeover via Malicious X-Forwarded-Proto Header Injection High
CVE-2025-48936 was published for github.com/zitadel/zitadel (Go) May 28, 2025
amit-laish livio-a
eliobischof
Credited to amit-laish, livio-a, and eliobischof
A malicious third-party can give a crafted "ssh://..." URL to an unsuspecting victim, and an... High Unreviewed
CVE-2017-1000117 was published May 13, 2022
Adobe Flash Player versions 26.0.0.137 and earlier have a security bypass vulnerability that... High Unreviewed
CVE-2017-3085 was published May 13, 2022
The XMLHttpRequest object in Opera 8.0 Final Build 1095 allows remote attackers to bypass access... High Unreviewed
CVE-2005-1475 was published May 1, 2022
Dell Unity, version(s) 5.4 and prior, contain(s) an URL Redirection to Untrusted Site ('Open... High Unreviewed
CVE-2025-24381 was published Mar 28, 2025
In Zucchetti Ad Hoc Infinity 2.4, an improper check on the m_cURL parameter allows an attacker to... High Unreviewed
CVE-2024-51321 was published Mar 11, 2025
Jenkins affected by Open Redirect Vulnerability High
CVE-2016-3726 was published for org.jenkins-ci.main:jenkins-core (Maven) May 14, 2022
Microsoft Edge (Chromium-based) Webview2 Spoofing Vulnerability High Unreviewed
CVE-2023-24892 was published Mar 14, 2023
The WPMobile.App plugin for WordPress is vulnerable to Open Redirect in all versions up to, and... High Unreviewed
CVE-2024-13888 was published Feb 20, 2025
Spring Web vulnerable to Open Redirect or Server Side Request Forgery High
CVE-2024-22243 was published for org.springframework:spring-web (Maven) Feb 23, 2024
yoshizawa-masatoshi
Credited to yoshizawa-masatoshi
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database