Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

273 advisories

Loading
Symfony vulnerable to open redirect via browser-sanitized URLs Low
CVE-2024-50345 was published for symfony/http-foundation (Composer) Nov 6, 2024
nicolas-grekas zer0yu
HAPI FHIR XML External Entity (XXE) vulnerability High
CVE-2024-51132 was published for ca.uhn.hapi.fhir:org.hl7.fhir.convertors (Maven) Nov 5, 2024
Coder vulnerable to post-auth URL redirection to untrusted site ('Open Redirect') Moderate
GHSA-wcx9-ccpj-hx3c was published for github.com/coder/coder/v2 (Go) Oct 28, 2024
jchristov
Vulnerable Redirect URI Validation Results in Open Redirect Moderate
GHSA-w8gr-xwp4-r9f7 was published for org.keycloak:keycloak-services (Maven) Oct 14, 2024
Express Open Redirect vulnerability Low
CVE-2024-9266 was published for express (npm) Oct 3, 2024
m3t3kh4n G-Rath
Eclipse Glassfish improperly handles http parameters Moderate
CVE-2024-9329 was published for org.glassfish.main.admin:rest-service (Maven) Sep 30, 2024
Keycloak Open Redirect vulnerability High
CVE-2024-8883 was published for org.keycloak:keycloak-services (Maven) Sep 19, 2024
Eclipse Glassfish URL redirection vulnerability Moderate
CVE-2024-8646 was published for org.glassfish.main.web:web-core (Maven) Sep 11, 2024
Keycloak Open Redirect vulnerability Moderate
CVE-2024-7260 was published for org.keycloak:keycloak-core (Maven) Sep 9, 2024
WebOb's location header normalization during redirect leads to open redirect Moderate
CVE-2024-42353 was published for webob (pip) Aug 14, 2024
lorawan-stack Open Redirect vulnerability Moderate
CVE-2023-26494 was published for go.thethings.network/lorawan-stack/v3 (Go) Aug 5, 2024
MobSF vulnerable to Open Redirect in Login Redirect Moderate
CVE-2024-41955 was published for mobsf (pip) Jul 31, 2024
IdentityServer Open Redirect vulnerability Moderate
GHSA-55p7-v223-x366 was published for IdentityServer4 (NuGet) Jul 31, 2024
IdentityServer Open Redirect vulnerability Moderate
CVE-2024-39694 was published for Duende.IdentityServer (NuGet) Jul 31, 2024
Khoj Open Redirect Vulnerability in Login Page Moderate
GHSA-564j-v29w-rqr6 was published for khoj-assistant (pip) Jul 8, 2024
davidxbors
October System module has an Open Redirect for Administrator Accounts Low
CVE-2024-24764 was published for october/system (Composer) Jun 26, 2024
Open redirect in gradio Moderate
CVE-2024-4940 was published for gradio (pip) Jun 22, 2024
@strapi/plugin-users-permissions leaks 3rd party authentication tokens and authentication bypass High
CVE-2024-34065 was published for @strapi/plugin-users-permissions (npm) Jun 12, 2024
Eventyret iarce-qb
derrickmehaffy Convly innerdvations alexandrebodin
Zendframework Remote Address Spoofing Vector in `Zend\Http\PhpEnvironment\RemoteAddress` High
GHSA-xffp-6w68-4775 was published for zendframework/zendframework (Composer) Jun 7, 2024
Open Redirect URL in Harbor Moderate
CVE-2024-22244 was published for github.com/goharbor/harbor (Go) Jun 2, 2024
silverstripe/framework BackURL validation bypass with malformed URLs High
GHSA-m5q3-mvcr-gc5m was published for silverstripe/framework (Composer) May 27, 2024
Silverstripe External redirection risk in Security?ReturnURL Moderate
GHSA-vp8p-c6xj-xpj7 was published for silverstripe/framework (Composer) May 23, 2024
Silverstripe X-Forwarded-Host request hostname injection High
GHSA-25gq-jvx2-vg9x was published for silverstripe/framework (Composer) May 23, 2024
Umbraco CMS Open Redirect Bypass Protection Moderate
CVE-2024-34071 was published for Umbraco.Cms.Web.BackOffice (NuGet) May 21, 2024
0xRyuzak1
OroPlatform Forced Redirect to External Website Moderate
GHSA-3vhm-q4w3-rw8q was published for oro/platform (Composer) May 20, 2024
ProTip! Advisories are also available from the GraphQL API