GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,248
Erlang
31
GitHub Actions
21
Go
2,014
Maven
5,000+
npm
3,721
NuGet
662
pip
3,393
Pub
11
RubyGems
890
Rust
852
Swift
36
Unreviewed advisories
All unreviewed
5,000+
77 advisories
Filter by severity
HAPI FHIR XML External Entity (XXE) vulnerability
High
CVE-2024-51132
was published
for
ca.uhn.hapi.fhir:org.hl7.fhir.convertors
(Maven)
Nov 5, 2024
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Microchip TimeProvider 4100...
High
Unreviewed
CVE-2024-43683
was published
Oct 4, 2024
ModStartCMS v8.8.0 was discovered to contain an open redirect vulnerability in the redirect...
High
Unreviewed
CVE-2024-46331
was published
Sep 27, 2024
A host header injection vulnerability in Lines Police CAD 1.0 allows attackers to obtain the...
High
Unreviewed
CVE-2024-45979
was published
Sep 26, 2024
A host header injection vulnerability in BookReviewLibrary 1.0 allows attackers to obtain the...
High
Unreviewed
CVE-2024-45981
was published
Sep 26, 2024
Keycloak Open Redirect vulnerability
High
CVE-2024-8883
was published
for
org.keycloak:keycloak-services
(Maven)
Sep 19, 2024
The Share This Image plugin for WordPress is vulnerable to Open Redirect in all versions up to,...
High
Unreviewed
CVE-2024-8761
was published
Sep 17, 2024
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Payara Platform Payara...
High
Unreviewed
CVE-2024-7312
was published
Sep 11, 2024
An URL redirection to untrusted site (open redirect) vulnerability affecting 3DPassport in...
High
Unreviewed
CVE-2024-6379
was published
Aug 20, 2024
A reflected Cross-site Scripting (XSS) vulnerability affecting 3DSwymer from Release 3DEXPERIENCE...
High
Unreviewed
CVE-2024-6377
was published
Aug 20, 2024
Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability
High
Unreviewed
CVE-2024-38211
was published
Aug 13, 2024
The Export WP Page to Static HTML/CSS plugin for WordPress is vulnerable to Open Redirect in all...
High
Unreviewed
CVE-2024-3597
was published
Jun 20, 2024
@strapi/plugin-users-permissions leaks 3rd party authentication tokens and authentication bypass
High
CVE-2024-34065
was published
for
@strapi/plugin-users-permissions
(npm)
Jun 12, 2024
Zendframework Remote Address Spoofing Vector in `Zend\Http\PhpEnvironment\RemoteAddress`
High
GHSA-xffp-6w68-4775
was published
for
zendframework/zendframework
(Composer)
Jun 7, 2024
silverstripe/framework BackURL validation bypass with malformed URLs
High
GHSA-m5q3-mvcr-gc5m
was published
for
silverstripe/framework
(Composer)
May 27, 2024
Silverstripe X-Forwarded-Host request hostname injection
High
GHSA-25gq-jvx2-vg9x
was published
for
silverstripe/framework
(Composer)
May 23, 2024
When a network error occurred during page load, the prior content could have remained in view...
High
Unreviewed
CVE-2024-4773
was published
May 14, 2024
An issue in Wifire Hotspot v.4.5.3 allows a local attacker to execute arbitrary code via a...
High
Unreviewed
CVE-2024-26504
was published
May 1, 2024
The SolarWinds Platform was susceptible to a Arbitrary Open Redirection Vulnerability. A...
High
Unreviewed
CVE-2024-28076
was published
Apr 18, 2024
Keycloak path traversal vulnerability in the redirect validation
High
CVE-2024-2419
was published
for
org.keycloak:keycloak-services
(Maven)
Apr 17, 2024
Spring Framework URL Parsing with Host Validation
High
CVE-2024-22262
was published
for
org.springframework:spring-web
(Maven)
Apr 16, 2024
A DOM-based open redirection in the returnUrl parameter of INSTINCT UI Web Client 6.5.0 allows...
High
Unreviewed
CVE-2024-28287
was published
Apr 2, 2024
VMware SD-WAN Orchestrator contains an open redirect vulnerability.
A malicious actor may be...
High
Unreviewed
CVE-2024-22248
was published
Apr 2, 2024
Open redirection vulnerability in CDeX application allows to redirect users to arbitrary websites...
High
Unreviewed
CVE-2024-2465
was published
Mar 21, 2024
Spring Framework URL Parsing with Host Validation Vulnerability
High
CVE-2024-22259
was published
for
org.springframework:spring-web
(Maven)
Mar 16, 2024
ProTip!
Advisories are also available from the
GraphQL API