Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Filter advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
73
GitHub Actions
53
Go
4,004
Maven
5,000+
npm
5,000+
NuGet
974
pip
5,000+
Pub
13
RubyGems
1,069
Rust
1,395
Swift
61
Unreviewed advisories
All unreviewed
5,000+

1,419 advisories

Loading
TYPO3 CMS has an Open Redirect Vulnerability via Core Utilities Moderate
CVE-2026-47347 was published for typo3/cms-core (Composer) Jun 12, 2026
The Aqara IAM/SSO Gateway (gw-builder.aqara.com) provides an open redirect, which is an instance... Moderate Unreviewed
CVE-2026-50089 was published Jun 12, 2026
Jenkins 2.567 and earlier, LTS 2.555.2 and earlier improperly determines that a redirect URL... Moderate Unreviewed
CVE-2026-53436 was published Jun 10, 2026
Jenkins 2.567 and earlier, LTS 2.555.2 and earlier improperly determines that a redirect URL... Moderate Unreviewed
CVE-2026-53437 was published Jun 10, 2026
Jenkins 2.567 and earlier, LTS 2.555.2 and earlier does not ensure that the "from" parameter in... Moderate Unreviewed
CVE-2026-53440 was published Jun 10, 2026
Spring Security Authorization Server's authorization endpoint performs insufficient validation of... Moderate Unreviewed
CVE-2026-41008 was published Jun 10, 2026
Spring Security's CookieRequestCache and CookieServerRequestCache store the pre-authentication... Moderate Unreviewed
CVE-2026-41706 was published Jun 10, 2026
Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by an... Moderate Unreviewed
CVE-2026-47991 was published Jun 9, 2026
A vulnerability in which an attacker can provide a crafted external URL that may redirect a user... Moderate Unreviewed
CVE-2026-28301 was published Jun 9, 2026
A Spring MVC or Spring WebFlux application which configures a mapping for "/**" where the view... Moderate Unreviewed
CVE-2026-41844 was published Jun 9, 2026
Authlib OAuth 2.0 has Open Redirect in Authorization API that allows attacker-controlled redirect_uri through unsupported response_type Moderate
CVE-2026-41479 was published for authlib (pip) Jun 8, 2026
rise0311 Credited to rise0311
A weakness has been identified in JeecgBoot up to 3.9.2. Impacted is the function... Low Unreviewed
CVE-2026-11502 was published Jun 8, 2026
A vulnerability was detected in hs-web hsweb-framework up to 5.0.1. This affects the function... Low Unreviewed
CVE-2026-11477 was published Jun 8, 2026
NocoDB: Open Redirect via Hash Fragment in hashRedirect Plugin Moderate
CVE-2026-47377 was published for nocodb (npm) Jun 5, 2026
fg0x0 Credited to fg0x0
HCL Digital Experience and HCL Digital Experience Compose could be susceptible to Host header... Moderate Unreviewed
CVE-2026-21826 was published Jun 5, 2026
Shopware SSO referer trust leading to an arbitrary redirect target Moderate
CVE-2026-48012 was published for shopware/core (Composer) Jun 4, 2026
lalalala5678 Credited to lalalala5678
A URL validation flaw in the MISP dashboard button widget allowed a crafted relative-looking URL... Moderate Unreviewed
CVE-2026-10856 was published Jun 4, 2026
An open redirect vulnerability existed in MISP UsersController::routeafterlogin() because the... Moderate Unreviewed
CVE-2026-10861 was published Jun 4, 2026
WebOb: Location header normalization during redirect leads to open redirect - again Moderate
CVE-2026-44889 was published for webob (pip) Jun 4, 2026
React Router's same-origin redirect with path starting // causes open redirect via protocol-relative URL reinterpretation Moderate
CVE-2026-40181 was published for react-router (npm) Jun 3, 2026
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Akınsoft QR Menü allows... Moderate Unreviewed
CVE-2024-12924 was published Jun 1, 2026
A bug in the login redirect route in Apache Airflow allowed authenticated users to craft URLs... High Unreviewed
CVE-2026-40961 was published Jun 1, 2026
In JetBrains TeamCity before 2026.1 open redirect in the SAML plugin was possible Low Unreviewed
CVE-2026-49380 was published May 29, 2026
Symfony has a UrlGenerator Route-Requirement Bypass via Unanchored Regex Alternation → Off-Site //host URL Injection Moderate
CVE-2026-45065 was published for symfony/routing (Composer) May 27, 2026
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Facebook Facebook for... Moderate Unreviewed
CVE-2026-49059 was published May 27, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database