Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,950
Erlang
39
GitHub Actions
38
Go
2,605
Maven
5,000+
npm
4,250
NuGet
756
pip
4,016
Pub
12
RubyGems
953
Rust
1,049
Swift
45
Unreviewed advisories
All unreviewed
5,000+

51 advisories

Loading
WSO2 is vulnerable to Open Redirect through multi-option URL in its authentication endpoint Moderate
CVE-2024-1440 was published for org.wso2.carbon.identity.framework:org.wso2.carbon.identity.application.authentication.endpoint.util (Maven) Jun 2, 2025
Liferay Portal's System, Instance and Site Settings are vulnerable to Open Redirect Moderate
CVE-2025-43795 was published for com.liferay:com.liferay.configuration.admin.web (Maven) Sep 12, 2025
Liferay Portal allows open redirect in /c/portal/edit_info_item parameter redirect Moderate
CVE-2025-43767 was published for com.liferay:com.liferay.info.impl (Maven) Aug 23, 2025
Liferay Portal and Liferay DXP Vulnerable to Open Redirect via the Layout Module Moderate
CVE-2023-35029 was published for com.liferay.portal:release.dxp.bom (Maven) Jun 15, 2023
Apache Tomcat Open Redirect vulnerability Moderate
CVE-2023-41080 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Aug 25, 2023
cdupuis
Credited to cdupuis
Liferay Portal and Liferay DXP's HtmlUtil.escapeRedirect Can Be Circumvented via Two Forward Slashes Moderate
CVE-2024-25609 was published for com.liferay.portal:release.dxp.bom (Maven) Feb 20, 2024
Liferay Portal and Liferay DXP's HtmlUtil.escapeRedirect Can Be Circumvented via Replacement Character Moderate
CVE-2024-25608 was published for com.liferay.portal:release.dxp.bom (Maven) Feb 20, 2024
Liferay Vulnerable to Open Redirect via Adaptive Media Administration Page Moderate
CVE-2023-44308 was published for com.liferay:com.liferay.adaptive.media.web (Maven) Feb 20, 2024
Liferay Portal and Liferay DXP Vulnerable to Open Redirect in Countries Management's Edit Region Page Moderate
CVE-2023-5190 was published for com.liferay.portal:release.dxp.bom (Maven) Feb 20, 2024
Liferay Portal and Liferay DXP HtmlUtil.escapeRedirect Can Be Circumvented Moderate
CVE-2022-28977 was published for com.liferay.portal:com.liferay.util.java (Maven) Sep 23, 2022
Apache Druid vulnerable to Server-Side Request Forgery, Cross-site Scripting, Open Redirect Moderate
CVE-2025-27888 was published for org.apache.druid:druid (Maven) Mar 20, 2025
Liferay Portal and Liferay DXP Allows Arbitrary Redirect of Users to External URLs Moderate
CVE-2021-33331 was published for com.liferay.portal:release.dxp.bom (Maven) May 24, 2022
Open redirect in Apache Shiro Moderate
CVE-2023-46750 was published for org.apache.shiro:shiro-web (Maven) Dec 14, 2023
org.xwiki.platform:xwiki-platform-wysiwyg-api Open Redirect vulnerability Moderate
CVE-2025-32970 was published for org.xwiki.platform:xwiki-platform-wysiwyg-api (Maven) Apr 29, 2025
Jenkins Open Redirect vulnerability Moderate
CVE-2025-27625 was published for org.jenkins-ci.main:jenkins-core (Maven) Mar 6, 2025
keycloak-core: open redirect via "form_post.jwt" JARM response mode Moderate
CVE-2023-6927 was published for org.keycloak:keycloak-core (Maven) Jan 23, 2024
PontusHanssen kasperkarlsson
Chetven
Credited to PontusHanssen, kasperkarlsson, and Chetven
Duplicate Advisory: Keycloak Open Redirect vulnerability Moderate
GHSA-3p75-q5cc-qmj7 was published for org.keycloak:keycloak-parent (Maven) Dec 19, 2023 withdrawn
Keycloak has Vulnerable Redirect URI Validation Results in Open Redirect Moderate
CVE-2024-8883 was published for org.keycloak:keycloak-services (Maven) Oct 14, 2024
Chetven
Credited to Chetven
Open redirect vulnerability in Jenkins OpenId Connect Authentication Plugin Moderate
CVE-2023-50771 was published for org.jenkins-ci.plugins:oic-auth (Maven) Dec 13, 2023
westonsteimel
Credited to westonsteimel
Eclipse Glassfish improperly handles http parameters Moderate
CVE-2024-9329 was published for org.glassfish.main.admin:rest-service (Maven) Sep 30, 2024
Eclipse Glassfish URL redirection vulnerability Moderate
CVE-2024-8646 was published for org.glassfish.main.web:web-core (Maven) Sep 11, 2024
Keycloak Open Redirect vulnerability Moderate
CVE-2024-7260 was published for org.keycloak:keycloak-core (Maven) Sep 9, 2024
Keycloak Cross-site Scripting (XSS) via assertion consumer service URL in SAML POST-binding flow Moderate
CVE-2023-6717 was published for org.keycloak:keycloak-services (Maven) Apr 17, 2024
Open Redirect in Spring Security OAuth Moderate
CVE-2019-11269 was published for org.springframework.security.oauth:spring-security-oauth (Maven) Jun 13, 2019
SunBK201
Credited to SunBK201
Cloud Foundry UAA open redirect Moderate
CVE-2018-11041 was published for org.cloudfoundry.identity:cloudfoundry-identity-server (Maven) May 14, 2022
sunSUNQ
Credited to sunSUNQ
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database