Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,785
Erlang
36
GitHub Actions
29
Go
2,358
Maven
5,000+
npm
3,979
NuGet
720
pip
3,777
Pub
12
RubyGems
924
Rust
981
Swift
38
Unreviewed advisories
All unreviewed
5,000+

246 advisories

Loading
n8n allows open redirects via the /signin endpoint Moderate
CVE-2025-49592 was published for n8n (npm) Jun 27, 2025
tatianahub
Arbitrary redirects under /new endpoint Moderate
CVE-2021-29622 was published for github.com/prometheus/prometheus (Go) Feb 15, 2022
dodek
chi Allows Host Header Injection which Leads to Open Redirect in RedirectSlashes Moderate
GHSA-vrw8-fxc6-2r93 was published for github.com/go-chi/chi/v5 (Go) Jun 20, 2025
anuraagbaishya
urllib3 does not control redirects in browsers and Node.js Moderate
CVE-2025-50182 was published for urllib3 (pip) Jun 18, 2025
illia-v pquentin
urllib3 redirects are not disabled when retries are disabled on PoolManager instantiation Moderate
CVE-2025-50181 was published for urllib3 (pip) Jun 18, 2025
sandumjacob illia-v
pquentin sethmlarson
Mautic has an Open Redirect vulnerability on user unlock path. Moderate
CVE-2025-5256 was published for mautic/core (Composer) May 28, 2025
tomekkowalczyk patrykgruszka
nick-vanpraet
Liferay Portal and Liferay DXP Allows Arbitrary Redirect of Users to External URLs Moderate
CVE-2021-33331 was published for com.liferay.portal:release.dxp.bom (Maven) May 24, 2022
Open redirect in Apache Shiro Moderate
CVE-2023-46750 was published for org.apache.shiro:shiro-web (Maven) Dec 14, 2023
TYPO3 Potential Open Redirect via Parsing Differences Moderate
CVE-2024-55892 was published for typo3/cms-core (Composer) Jan 14, 2025
zer0yu
Flask-AppBuilder open redirect vulnerability using HTTP host injection Moderate
CVE-2025-32962 was published for flask-appbuilder (pip) May 16, 2025
mar0n0
@cloudflare/workers-oauth-provider missing validation of redirect_uri on authorize endpoint Moderate
CVE-2025-4143 was published for @cloudflare/workers-oauth-provider (npm) May 1, 2025
Duplicate Advisory: @cloudflare/workers-oauth-provider missing validation of redirect_uri on authorize endpoint Moderate
GHSA-7cp4-jw97-3rc2 was published for @cloudflare/workers-oauth-provider (npm) May 1, 2025 withdrawn
org.xwiki.platform:xwiki-platform-wysiwyg-api Open Redirect vulnerability Moderate
CVE-2025-32970 was published for org.xwiki.platform:xwiki-platform-wysiwyg-api (Maven) Apr 29, 2025
BentoML Open Redirect vulnerability Moderate
GHSA-564p-rx2q-4c8v was published for bentoml (pip) Mar 20, 2025
TYPO3 allows remote attackers to embed Flash videos from external domain Moderate
CVE-2015-8760 was published for typo3/cms (Composer) May 17, 2022
Trac Open Redirect vulnerability Moderate
CVE-2008-2951 was published for trac (pip) May 1, 2022
Apache Druid vulnerable to Server-Side Request Forgery, Cross-site Scripting, Open Redirect Moderate
CVE-2025-27888 was published for org.apache.druid:druid (Maven) Mar 20, 2025
Gradio Vulnerable to Open Redirect Moderate
CVE-2024-8021 was published for gradio (pip) Mar 20, 2025
FastChat open redirect vulnerability Moderate
CVE-2024-10908 was published for fschat (pip) Mar 20, 2025
pgAdmin 4 Open Redirect vulnerability Moderate
CVE-2023-22298 was published for pgadmin4 (pip) Jan 17, 2023
Open redirect in web2py Moderate
CVE-2023-22432 was published for web2py (pip) Mar 6, 2023
Flask-AppBuilder Open Redirect vulnerability Moderate
CVE-2021-32805 was published for Flask-AppBuilder (pip) Sep 8, 2021
Jenkins Open Redirect vulnerability Moderate
CVE-2025-27625 was published for org.jenkins-ci.main:jenkins-core (Maven) Mar 6, 2025
CodeChecker open redirect when URL contains multiple slashes after the product name Moderate
CVE-2025-1300 was published for codechecker (pip) Mar 3, 2025
Discookie
Beter Auth has an Open Redirect via Scheme-Less Callback Parameter Moderate
CVE-2025-27143 was published for better-auth (npm) Feb 24, 2025
sumeet-darekar Shivaraj-Kolekar
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database