Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,963
Erlang
39
GitHub Actions
38
Go
2,615
Maven
5,000+
npm
4,255
NuGet
760
pip
4,036
Pub
12
RubyGems
953
Rust
1,049
Swift
45
Unreviewed advisories
All unreviewed
5,000+

336 advisories

Loading
Liferay Portal is vulnerable to DNS rebinding attacks Moderate
CVE-2025-62266 was published for com.liferay.portal:release.portal.bom (Maven) Oct 30, 2025
Anubis vulnerable to possible XSS via redir parameter when using subrequest auth mode Low
GHSA-cf57-c578-7jvv was published for github.com/TecharoHQ/anubis (Go) Oct 30, 2025
nijel mbiesiad
Credited to nijel and mbiesiad
Byaidu PDFMathTranslate vulnerable to open redirect Low
CVE-2025-50736 was published for pdf2zh (pip) Oct 30, 2025
ZITADEL Vulnerable to Account Takeover via Malicious Forwarded Header Injection High
CVE-2025-64101 was published for github.com/zitadel/zitadel/v2 (Go) Oct 29, 2025
amit-laish livio-a
Credited to amit-laish and livio-a
PrivateBin is missing HTML sanitization of attached filename in file size hint Moderate
CVE-2025-62796 was published for privatebin/privatebin (Composer) Oct 28, 2025
Liferay Portal Vulnerable to Open Redirect via the _com_liferay_layout_admin_web_portlet_GroupPagesPortlet_redirect parameter Moderate
CVE-2025-62253 was published for com.liferay:com.liferay.layout.admin.web (Maven) Oct 27, 2025
Koa Vulnerable to Open Redirect via Trailing Double-Slash (//) in back Redirect Logic Moderate
CVE-2025-62595 was published for koa (npm) Oct 21, 2025
haymizrachi
Credited to haymizrachi
reflex-dev/reflex has an Open Redirect vulnerability Low
CVE-2025-62379 was published for reflex (pip) Oct 15, 2025
im-soohyun
Credited to im-soohyun
vLLM is vulnerable to Server-Side Request Forgery (SSRF) through `MediaConnector` class High
CVE-2025-6242 was published for vllm (pip) Oct 7, 2025
kexinoh d3do-23
lonelyuan huachenheli DarkLight1337 russellb sidhpurwala-huzaifa
Credited to kexinoh, d3do-23, lonelyuan, huachenheli, DarkLight1337, russellb, and sidhpurwala-huzaifa
lobe-chat has an Open Redirect Moderate
CVE-2025-59426 was published for @lobehub/chat (npm) Sep 24, 2025
im-soohyun
Credited to im-soohyun
Mattermost Open Redirect vulnerability High
CVE-2025-9072 was published for github.com/mattermost/mattermost-server (Go) Sep 15, 2025
Mattermost Open Redirect vulnerability Low
CVE-2025-9084 was published for github.com/mattermost/mattermost-server (Go) Sep 15, 2025
Liferay Portal's System, Instance and Site Settings are vulnerable to Open Redirect Moderate
CVE-2025-43795 was published for com.liferay:com.liferay.configuration.admin.web (Maven) Sep 12, 2025
TYPO3 CMS has an open‑redirect vulnerability Moderate
CVE-2025-59013 was published for typo3/cms-core (Composer) Sep 9, 2025
Google Sign-In for Rails allowed redirect to protocol-relative URI Moderate
CVE-2025-58067 was published for google_sign_in (RubyGems) Aug 29, 2025
Google Sign-In for Rails allowed redirects to malformed URLs Moderate
CVE-2025-57821 was published for google_sign_in (RubyGems) Aug 27, 2025
Muntrive
Credited to Muntrive
Liferay Portal allows open redirect in /c/portal/edit_info_item parameter redirect Moderate
CVE-2025-43767 was published for com.liferay:com.liferay.info.impl (Maven) Aug 23, 2025
@astrojs/node's trailing slash handling causes open redirect issue Moderate
CVE-2025-55207 was published for @astrojs/node (npm) Aug 15, 2025
florian-lefebvre ematipico
Fryuni delucis
Credited to florian-lefebvre, ematipico, Fryuni, and delucis
svg-sanitizer Bypasses Attribute Sanitization Moderate
CVE-2025-55166 was published for enshrined/svg-sanitize (Composer) Aug 12, 2025
ohader realazizk
Credited to ohader and realazizk
Astros's duplicate trailing slash feature leads to an open redirection security issue Moderate
CVE-2025-54793 was published for astro (npm) Aug 7, 2025
ghiyastfarisi ascorbic
ematipico
Credited to ghiyastfarisi, ascorbic, and ematipico
Koa Open Redirect via Referrer Header (User-Controlled) Low
CVE-2025-8129 was published for koa (npm) Jul 29, 2025
NinjaGPT zast-ai
fengmk2
Credited to NinjaGPT, zast-ai, and fengmk2
Duplicate Advisory: Koa Open Redirect via Referrer Header (User-Controlled) Low
GHSA-mvw6-62qv-vmqf was published for koa (npm) Jul 25, 2025 withdrawn
DiracX-Web is vulnerable to attack through an Open Redirect on its login page Moderate
CVE-2025-54066 was published for @dirac-grid/diracx-web-components (npm) Jul 17, 2025
Robin-Van-de-Merghel
Credited to Robin-Van-de-Merghel
Better Auth Open Redirect Vulnerability in originCheck Middleware Affects Multiple Routes Low
CVE-2025-53535 was published for better-auth (npm) Jul 7, 2025
mwlik imenyoo2
Credited to mwlik and imenyoo2
n8n allows open redirects via the /signin endpoint Moderate
CVE-2025-49592 was published for n8n (npm) Jun 27, 2025
tatianahub
Credited to tatianahub
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database