Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
61
GitHub Actions
50
Go
3,821
Maven
5,000+
npm
5,000+
NuGet
939
pip
5,000+
Pub
13
RubyGems
1,059
Rust
1,357
Swift
54
Unreviewed advisories
All unreviewed
5,000+

1,383 advisories

Loading
SimpleSAMLphp casserver: Open Redirect in logout Moderate
CVE-2025-65954 was published for simplesamlphp/simplesamlphp-module-casserver (Composer) May 15, 2026
pradtke Credited to pradtke
CWE-601 URL redirection to untrusted site ('open redirect') Moderate Unreviewed
CVE-2026-45448 was published May 14, 2026
Authlib OIDC Implicit/Hybrid Authorization Vulnerable to Open Redirect Moderate
CVE-2026-44681 was published for authlib (pip) May 13, 2026
y011d4 Credited to y011d4
Snipe-IT has an open redirect vulnerability Moderate
CVE-2026-44833 was published for snipe/snipe-it (Composer) May 8, 2026
CE2Sec Credited to CE2Sec
Electerm has an unvalidated shell.openExternal that allows arbitrary protocol execution via terminal link click High
CVE-2026-43941 was published for electerm (npm) May 8, 2026
osageling Credited to osageling
MCP Registry has open redirect via protocol-relative path in trailing-slash middleware Moderate
CVE-2026-44427 was published for github.com/modelcontextprotocol/registry (Go) May 8, 2026
gujasec Credited to gujasec and rdimitrov rdimitrov rdimitrov
Devise has an Open Redirect via Unvalidated `request.referrer` in Timeoutable Session Timeout Handler Moderate
CVE-2026-40295 was published for devise (RubyGems) May 8, 2026
offset Credited to offset
Open redirection vulnerability in the latest demo version of the Cradle eCommerce platform. The... Moderate Unreviewed
CVE-2026-3318 was published May 8, 2026
Ech0's OAuth redirect URI validation ignores path component, enables exchange-code theft High
GHSA-p64j-f4x9-wq66 was published for github.com/lin-snow/Ech0 (Go) May 7, 2026
adrgs Credited to adrgs and aisafe-bot aisafe-bot aisafe-bot
URL redirection to untrusted site ('open redirect') vulnerability in DivvyDrive Information... Critical Unreviewed
CVE-2026-6795 was published May 7, 2026
docling-graph has SSRF via Missing Internal IP Validation in URLInputHandler Moderate
CVE-2026-44520 was published for docling-graph (pip) May 7, 2026
ayoub-ibm Credited to ayoub-ibm and dolfim-ibm dolfim-ibm dolfim-ibm
Kiota abstractions RedirectHandler leaks Cookie/Proxy-Authorization headers on cross-host redirect High
CVE-2026-44503 was published for Microsoft.Kiota.Abstractions (Go) May 7, 2026
MIchaelMainer Credited to MIchaelMainer
Angular SSR has Open Redirect and Request Steering via Encoded X-Forwarded-Prefix Moderate
CVE-2026-44437 was published for @angular/ssr (npm) May 6, 2026
kimkou2024 Credited to kimkou2024, alan-agius4, dgp1130, and AndrewKushnir alan-agius4 alan-agius4
dgp1130 dgp1130 AndrewKushnir AndrewKushnir
Nitro has an Open Redirect via Protocol-Relative URL Bypass in Wildcard Route Rules Moderate
CVE-2026-44372 was published for nitro (npm) May 6, 2026
0x0OZ Credited to 0x0OZ
Duplicate Advisory: OpenClaw: CDP /json/version WebSocket URL could pivot to untrusted second-hop targets Moderate
GHSA-3r56-7hhr-vfg9 was published for openclaw (npm) May 6, 2026 withdrawn
wger: trainer_login open redirect - ?next= parameter not validated against host Moderate
GHSA-vqv8-j3mj-wjxj was published for wger (pip) May 6, 2026
whatisproblem Credited to whatisproblem
Vulnerability in the Oracle Macoron Tool product of Oracle Open Source Projects. The supported... Moderate Unreviewed
CVE-2026-35253 was published May 6, 2026
Magento LTS Vulnerable to Open Redirect via Unvalidated `uenc` Parameter in `stockAction()` Moderate
CVE-2026-42207 was published for openmage/magento-lts (Composer) May 5, 2026
0x0OZ Credited to 0x0OZ
@workos/authkit-session has an Open Redirect via state-derived redirect target Moderate
CVE-2026-42565 was published for @workos/authkit-session (npm) May 5, 2026
kenkunz Credited to kenkunz
Jupyter Server has an open redirection vulnerability in `next` query parameter Moderate
CVE-2025-61669 was published for jupyter-server (pip) May 5, 2026
dlqqq Credited to dlqqq, niwasak1, Yann-P, and Carreau niwasak1 niwasak1
Yann-P Yann-P Carreau Carreau
Jupyter Notebook Vulnerable to Authentication Token Theft via CommandLinker XSS High
CVE-2026-40171 was published for @jupyter-notebook/help-extension (npm) Apr 30, 2026
dtrops Credited to dtrops, Carreau, Yann-P, krassowski, and jtpio Carreau Carreau
Yann-P Yann-P krassowski krassowski jtpio jtpio
Open redirect vulnerability exists in Multiple laser printers and MFPs which implement Ricoh Web... Moderate Unreviewed
CVE-2026-41226 was published Apr 30, 2026
Admidio Sends SAML Response to Unvalidated Assertion Consumer Service URL from AuthnRequest High
CVE-2026-41670 was published for admidio/admidio (Composer) Apr 29, 2026
offset Credited to offset
n8n has Open Redirect in MCP OAuth Consent Flow Moderate
CVE-2026-42230 was published for n8n (npm) Apr 29, 2026
ori-ron Credited to ori-ron
Jenkins Microsoft Entra ID (previously Azure AD) Plugin has an open redirect vulnerability Moderate
CVE-2026-42525 was published for org.jenkins-ci.plugins:azure-ad (Maven) Apr 29, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database