Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,952
Erlang
39
GitHub Actions
38
Go
2,609
Maven
5,000+
npm
4,252
NuGet
757
pip
4,023
Pub
12
RubyGems
953
Rust
1,049
Swift
45
Unreviewed advisories
All unreviewed
5,000+

36 advisories

Loading
Koa Vulnerable to Open Redirect via Trailing Double-Slash (//) in back Redirect Logic Moderate
CVE-2025-62595 was published for koa (npm) Oct 21, 2025
haymizrachi
Credited to haymizrachi
lobe-chat has an Open Redirect Moderate
CVE-2025-59426 was published for @lobehub/chat (npm) Sep 24, 2025
im-soohyun
Credited to im-soohyun
@astrojs/node's trailing slash handling causes open redirect issue Moderate
CVE-2025-55207 was published for @astrojs/node (npm) Aug 15, 2025
florian-lefebvre ematipico
Fryuni delucis
Credited to florian-lefebvre, ematipico, Fryuni, and delucis
Astros's duplicate trailing slash feature leads to an open redirection security issue Moderate
CVE-2025-54793 was published for astro (npm) Aug 7, 2025
ghiyastfarisi ascorbic
ematipico
Credited to ghiyastfarisi, ascorbic, and ematipico
@cloudflare/workers-oauth-provider missing validation of redirect_uri on authorize endpoint Moderate
CVE-2025-4143 was published for @cloudflare/workers-oauth-provider (npm) May 1, 2025
DiracX-Web is vulnerable to attack through an Open Redirect on its login page Moderate
CVE-2025-54066 was published for @dirac-grid/diracx-web-components (npm) Jul 17, 2025
Robin-Van-de-Merghel
Credited to Robin-Van-de-Merghel
n8n allows open redirects via the /signin endpoint Moderate
CVE-2025-49592 was published for n8n (npm) Jun 27, 2025
tatianahub
Credited to tatianahub
Duplicate Advisory: @cloudflare/workers-oauth-provider missing validation of redirect_uri on authorize endpoint Moderate
GHSA-7cp4-jw97-3rc2 was published for @cloudflare/workers-oauth-provider (npm) May 1, 2025 withdrawn
Beter Auth has an Open Redirect via Scheme-Less Callback Parameter Moderate
CVE-2025-27143 was published for better-auth (npm) Feb 24, 2025
sumeet-darekar Shivaraj-Kolekar
Credited to sumeet-darekar and Shivaraj-Kolekar
Express.js Open Redirect in malformed URLs Moderate
CVE-2024-29041 was published for express (npm) Mar 25, 2024
FDrag0n jonchurch
blakeembrey wesleytodd ruddermann ctcpip UlisesGascon
Credited to FDrag0n, jonchurch, blakeembrey, wesleytodd, ruddermann, ctcpip, and UlisesGascon
URL Redirection to Untrusted Site in OAuth2/OpenID in directus Moderate
CVE-2024-28239 was published for directus (npm) Mar 12, 2024
soulseekah
Credited to soulseekah
Follow Redirects improperly handles URLs in the url.parse() function Moderate
CVE-2023-26159 was published for follow-redirects (npm) Jan 2, 2024
iainsproat
Credited to iainsproat
DOMPurify Open Redirect vulnerability Moderate
CVE-2019-25155 was published for dompurify (npm) Nov 14, 2023
@keystone-6/auth Open Redirect vulnerability Moderate
CVE-2023-34247 was published for @keystone-6/auth (npm) Jun 14, 2023
scgajge12
Credited to scgajge12
Open Redirect in node-forge Moderate
CVE-2022-0122 was published for node-forge (npm) Jan 21, 2022
Open Redirect in st Moderate
CVE-2017-16224 was published for st (npm) Aug 6, 2018
URIjs Vulnerable to Hostname spoofing via backslashes in URL Moderate
CVE-2021-3647 was published for urijs (npm) Jul 19, 2021
ready-research
Credited to ready-research
Open Redirect in koa-remove-trailing-slashes Moderate
CVE-2021-23384 was published for koa-remove-trailing-slashes (npm) Feb 10, 2022
tdunlap607
Credited to tdunlap607
keycloak-connect contains Open redirect vulnerability in the Node.js adapter Moderate
CVE-2022-2237 was published for keycloak-connect (npm) Mar 2, 2023
jviding
Credited to jviding
Open redirect in url-parse Moderate
CVE-2021-3664 was published for url-parse (npm) Aug 10, 2021
@okta/oidc-middlewareOpen Redirect vulnerability Moderate
CVE-2022-3145 was published for @okta/oidc-middleware (npm) Jan 9, 2023
jviding
Credited to jviding
Open Redirect in urijs Moderate
CVE-2022-0868 was published for urijs (npm) Mar 7, 2022
Open redirect in karma Moderate
CVE-2021-23495 was published for karma (npm) Feb 26, 2022
Open redirect in @auth0/nextjs-auth0 Moderate
CVE-2021-43812 was published for @auth0/nextjs-auth0 (npm) Dec 16, 2021
Open Redirect in Next.js Moderate
CVE-2021-37699 was published for next (npm) Aug 12, 2021
medikoo
Credited to medikoo
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database