GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
46 advisories
@misskey-dev/summaly Redirect Filter Bypass
Low
CVE-2025-46553
was published
for
@misskey-dev/summaly
(npm)
May 5, 2025
Better Auth allows bypassing the trustedOrigins Protection which leads to ATO
Critical
GHSA-vp58-j275-797x
was published
for
better-auth
(npm)
Feb 24, 2025
Beter Auth has an Open Redirect via Scheme-Less Callback Parameter
Moderate
CVE-2025-27143
was published
for
better-auth
(npm)
Feb 24, 2025
Authentication bypass in @sap/approuter
High
CVE-2025-24876
was published
for
@sap/approuter
(npm)
Feb 11, 2025
Better Auth has an Open Redirect Vulnerability in Verify Email Endpoint
High
CVE-2024-56734
was published
for
better-auth
(npm)
Dec 30, 2024
@strapi/plugin-users-permissions leaks 3rd party authentication tokens and authentication bypass
High
CVE-2024-34065
was published
for
@strapi/plugin-users-permissions
(npm)
Jun 12, 2024
Express.js Open Redirect in malformed URLs
Moderate
CVE-2024-29041
was published
for
express
(npm)
Mar 25, 2024
URL Redirection to Untrusted Site in OAuth2/OpenID in directus
Moderate
CVE-2024-28239
was published
for
directus
(npm)
Mar 12, 2024
Follow Redirects improperly handles URLs in the url.parse() function
Moderate
CVE-2023-26159
was published
for
follow-redirects
(npm)
Jan 2, 2024
@keystone-6/auth Open Redirect vulnerability
Moderate
CVE-2023-34247
was published
for
@keystone-6/auth
(npm)
Jun 14, 2023
keycloak-connect contains Open redirect vulnerability in the Node.js adapter
Moderate
CVE-2022-2237
was published
for
keycloak-connect
(npm)
Mar 2, 2023
@okta/oidc-middlewareOpen Redirect vulnerability
Moderate
CVE-2022-3145
was published
for
@okta/oidc-middleware
(npm)
Jan 9, 2023
undici before v5.8.0 vulnerable to uncleared cookies on cross-host / cross-origin redirect
Low
CVE-2022-31151
was published
for
undici
(npm)
Jul 21, 2022
URL Redirection to Untrusted Site ('Open Redirect') in next-auth
Moderate
CVE-2022-29214
was published
for
next-auth
(npm)
May 24, 2022
NextAuth.js default redirect callback vulnerable to open redirects
Moderate
CVE-2022-24858
was published
for
next-auth
(npm)
Apr 22, 2022
URL Redirection to Untrusted Site ('Open Redirect') in express-openid-connect
High
CVE-2022-24794
was published
for
express-openid-connect
(npm)
Mar 31, 2022
ProTip!
Advisories are also available from the
GraphQL API