GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
47 advisories
n8n allows open redirects via the /signin endpoint
Moderate
CVE-2025-49592
was published
for
n8n
(npm)
Jun 27, 2025
@misskey-dev/summaly Redirect Filter Bypass
Low
CVE-2025-46553
was published
for
@misskey-dev/summaly
(npm)
May 5, 2025
Better Auth allows bypassing the trustedOrigins Protection which leads to ATO
Critical
GHSA-vp58-j275-797x
was published
for
better-auth
(npm)
Feb 24, 2025
Beter Auth has an Open Redirect via Scheme-Less Callback Parameter
Moderate
CVE-2025-27143
was published
for
better-auth
(npm)
Feb 24, 2025
Authentication bypass in @sap/approuter
High
CVE-2025-24876
was published
for
@sap/approuter
(npm)
Feb 11, 2025
Better Auth has an Open Redirect Vulnerability in Verify Email Endpoint
High
CVE-2024-56734
was published
for
better-auth
(npm)
Dec 30, 2024
@strapi/plugin-users-permissions leaks 3rd party authentication tokens and authentication bypass
High
CVE-2024-34065
was published
for
@strapi/plugin-users-permissions
(npm)
Jun 12, 2024
Express.js Open Redirect in malformed URLs
Moderate
CVE-2024-29041
was published
for
express
(npm)
Mar 25, 2024
URL Redirection to Untrusted Site in OAuth2/OpenID in directus
Moderate
CVE-2024-28239
was published
for
directus
(npm)
Mar 12, 2024
Follow Redirects improperly handles URLs in the url.parse() function
Moderate
CVE-2023-26159
was published
for
follow-redirects
(npm)
Jan 2, 2024
node-fetch forwards secure headers to untrusted sites
High
CVE-2022-0235
was published
for
node-fetch
(npm)
Jan 21, 2022
@keystone-6/auth Open Redirect vulnerability
Moderate
CVE-2023-34247
was published
for
@keystone-6/auth
(npm)
Jun 14, 2023
URIjs Vulnerable to Hostname spoofing via backslashes in URL
Moderate
CVE-2021-3647
was published
for
urijs
(npm)
Jul 19, 2021
Open Redirect in koa-remove-trailing-slashes
Moderate
CVE-2021-23384
was published
for
koa-remove-trailing-slashes
(npm)
Feb 10, 2022
keycloak-connect contains Open redirect vulnerability in the Node.js adapter
Moderate
CVE-2022-2237
was published
for
keycloak-connect
(npm)
Mar 2, 2023
@okta/oidc-middlewareOpen Redirect vulnerability
Moderate
CVE-2022-3145
was published
for
@okta/oidc-middleware
(npm)
Jan 9, 2023
ProTip!
Advisories are also available from the
GraphQL API