Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
42
GitHub Actions
43
Go
3,143
Maven
5,000+
npm
5,000+
NuGet
840
pip
4,439
Pub
12
RubyGems
990
Rust
1,174
Swift
50
Unreviewed advisories
All unreviewed
5,000+

1,317 advisories

Loading
IFTOP developed by WellChoose has an Open redirect vulnerability, allowing authenticated remote... Moderate Unreviewed
CVE-2026-3824 was published Mar 11, 2026
A vulnerability in the web-based management interface of AOS-CX Switches could allow an... Moderate Unreviewed
CVE-2026-23817 was published Mar 11, 2026
Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and... Low Unreviewed
CVE-2026-21295 was published Mar 11, 2026
actix-web-lab has host header poisoning in redirect middleware can generate attacker-controlled absolute redirects Moderate
GHSA-vhj5-x93p-67jw was published for actix-web-lab (Rust) Mar 11, 2026
Sylius has an Open Redirect via Referer Header Moderate
CVE-2026-31819 was published for sylius/sylius (Composer) Mar 11, 2026
bnBart Credited to bnBart
An issue pertaining to CWE-601: URL Redirection to Untrusted Site was discovered in Sunbird-Ed... Moderate Unreviewed
CVE-2025-70032 was published Mar 9, 2026
An issue pertaining to CWE-601: URL Redirection to Untrusted Site was discovered in linagora... Moderate Unreviewed
CVE-2025-70037 was published Mar 9, 2026
Pocket ID: OAuth redirect_uri validation bypass via userinfo/host confusion High
CVE-2026-28512 was published for github.com/pocket-id/pocket-id/backend (Go) Mar 9, 2026
ByamB4 Credited to ByamB4
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Kings Plugins B2BKing... Moderate Unreviewed
CVE-2026-28106 was published Mar 6, 2026
django-allauth has an open redirect vulnerability Moderate
CVE-2026-27982 was published for django-allauth (pip) Mar 5, 2026
IRRd: web UI host header injection allows password reset poisoning via attacker-controlled email links High
CVE-2026-28681 was published for irrd (pip) Mar 4, 2026
BrookeYangRui Credited to BrookeYangRui
Products.isurlinportal has possible open redirect when using more than 2 forward slashes Moderate
CVE-2026-28413 was published for Products.isurlinportal (pip) Mar 2, 2026
ale-rt Credited to ale-rt
Gradio has an Open Redirect in its OAuth Flow Moderate
CVE-2026-28415 was published for gradio (pip) Mar 1, 2026
logicx24 Credited to logicx24
Angular SSR has an Open Redirect via X-Forwarded-Prefix Moderate
CVE-2026-27738 was published for @angular/ssr (npm) Feb 25, 2026
alan-agius4 Credited to alan-agius4, josephperrott, securityMB, AndrewKushnir, dgp1130, and VenkatKwest josephperrott josephperrott
securityMB securityMB AndrewKushnir AndrewKushnir dgp1130 dgp1130 VenkatKwest VenkatKwest
In JetBrains TeamCity before 2025.11.3 open redirect was possible in the React project creation flow Moderate Unreviewed
CVE-2026-28194 was published Feb 25, 2026
A vulnerability was detected in horilla-opensource horilla up to 1.0.2. This issue affects the... Moderate Unreviewed
CVE-2026-3049 was published Feb 24, 2026
The Conditional CAPTCHA WordPress plugin through 4.0.0 does not validate a parameter before... Moderate Unreviewed
CVE-2026-1369 was published Feb 22, 2026
Feathers has an open redirect in OAuth callback enables account takeover High
CVE-2026-27191 was published for @feathersjs/authentication-oauth (npm) Feb 19, 2026
vvxhid Credited to vvxhid and b0-n0-b0 b0-n0-b0 b0-n0-b0
SPIP before 4.4.5 and 4.3.9 allows an Open Redirect via the login form when used in AJAX mode. An... Moderate Unreviewed
CVE-2025-71244 was published Feb 19, 2026
An Open Redirect vulnerability in the go-chi/chi >=5.2.2 RedirectSlashes function allows remote... Moderate Unreviewed
CVE-2025-69725 was published Feb 19, 2026
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in KaizenCoders Update URLs &... Moderate Unreviewed
CVE-2026-25392 was published Feb 19, 2026
A flaw has been found in busy up to 2.5.5. The affected element is an unknown function of the... Moderate Unreviewed
CVE-2026-2709 was published Feb 19, 2026
An URL redirection vulnerability was identified in GitHub Enterprise Server that allowed attacker... High Unreviewed
CVE-2026-0573 was published Feb 18, 2026
The Frontend Post Submission Manager Lite plugin for WordPress is vulnerable to Open Redirection... Moderate Unreviewed
CVE-2026-1296 was published Feb 18, 2026
The URL Shortify plugin for WordPress is vulnerable to Open Redirect in all versions up to, and... Moderate Unreviewed
CVE-2026-1277 was published Feb 18, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database