Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Filter advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
86
GitHub Actions
54
Go
4,169
Maven
5,000+
npm
5,000+
NuGet
1,019
pip
5,000+
Pub
13
RubyGems
1,102
Rust
1,421
Swift
61
Unreviewed advisories
All unreviewed
5,000+

1,448 advisories

Loading
Nezha Monitoring: OAuth2 Redirect URL — Host Header Injection Moderate
CVE-2026-53523 was published for github.com/nezhahq/nezha (Go) Jun 26, 2026
alcls01111 Credited to alcls01111
Hackney: Cross-origin Redirect Leaks Authorization, Cookie, and Request Body Moderate
CVE-2026-47070 was published for hackney (Erlang) Jun 26, 2026
PJUllrich Credited to PJUllrich and maennchen maennchen maennchen
Open redirect vulnerability (CWE-601) in the _safe_redirect function of the click-tracking... Moderate Unreviewed
CVE-2026-13163 was published Jun 24, 2026
Flask-Security has an Open Redirect issue Moderate
GHSA-w2j7-f3c6-g8cw was published for Flask-Security (pip) Jun 23, 2026
RacerZ-fighting Credited to RacerZ-fighting and Fushuling Fushuling Fushuling
Gogs has an Open Redirect via redirect_to Moderate
CVE-2026-52802 was published for gogs.io/gogs (Go) Jun 23, 2026
quirmz Credited to quirmz
Nuxt versions 4.0.0 before 4.4.7 and 3.x before 3.21.7 accept protocol-relative paths such as /... Moderate Unreviewed
CVE-2026-56697 was published Jun 23, 2026
A vulnerability was detected in lemonldap-ng up to 2.23.0. Impacted is an unknown function in the... Low Unreviewed
CVE-2026-12804 was published Jun 21, 2026
Capgo before 12.128.2 contains an open redirect vulnerability in the confirm-signup endpoint that... Moderate Unreviewed
CVE-2026-56332 was published Jun 20, 2026
Capgo before 12.128.2 contains an open redirect vulnerability in stripe_portal and... Moderate Unreviewed
CVE-2026-56330 was published Jun 20, 2026
Url redirection to untrusted site ('open redirect') in Microsoft 365 Copilot's Business Chat... High Unreviewed
CVE-2026-47645 was published Jun 19, 2026
Open Redirect Bypass in miniflux-v2 Moderate
CVE-2026-55185 was published for miniflux.app/v2 (Go) Jun 19, 2026
Fushuling Credited to Fushuling and RacerZ-fighting RacerZ-fighting RacerZ-fighting
TinaCMS: Cross-origin postMessage handlers and rich-text URL-sanitization bypass enable stored XSS and session takeover High
CVE-2026-55660 was published for @tinacms/app (npm) Jun 19, 2026
kulesy Credited to kulesy
The GridTime 3000 GNSS Time Server has an open redirect vulnerability in the password change form... Moderate Unreviewed
CVE-2026-12622 was published Jun 19, 2026
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Apache APISIX. The attacker... Low Unreviewed
CVE-2026-48895 was published Jun 19, 2026
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Apache APISIX. The default... Low Unreviewed
CVE-2026-44915 was published Jun 19, 2026
Open redirect in pgAdmin 4's multi-factor authentication flow. The MFA validate and register... Moderate Unreviewed
CVE-2026-12049 was published Jun 19, 2026
CakePHP Authentication: Open redirect weakness via backslash bypass Moderate
CVE-2026-55590 was published for cakephp/authentication (Composer) Jun 17, 2026
edorian Credited to edorian
A vulnerability in the browser-based version of Cisco Webex App could have allowed an... Moderate Unreviewed
CVE-2026-20178 was published Jun 17, 2026
Dell PowerFlex rack, version(s) RCM 3.7/3.7, contain(s) a Host Header Injection vulnerability. An... Moderate Unreviewed
CVE-2025-32748 was published Jun 17, 2026
Open redirection vulnerability due to insufficient validation of the X-Forwarded-Host HTTP header... Moderate Unreviewed
CVE-2026-10837 was published Jun 17, 2026
Open redirection vulnerability in the authentication system allows an attacker to use manipulated... Moderate Unreviewed
CVE-2026-10839 was published Jun 17, 2026
Vulnerability in the Oracle WebCenter Sites product of Oracle Fusion Middleware (component:... High Unreviewed
CVE-2026-46796 was published Jun 17, 2026
Vulnerability in the Oracle WebCenter Content product of Oracle Fusion Middleware (component:... High Unreviewed
CVE-2026-46806 was published Jun 17, 2026
Vulnerability in the WebLogic Server product of Oracle Fusion Middleware (component: Console). ... High Unreviewed
CVE-2026-35302 was published Jun 17, 2026
Vulnerability in the WebLogic Server product of Oracle Fusion Middleware (component: Console). ... High Unreviewed
CVE-2026-35258 was published Jun 17, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database