Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,968
Erlang
39
GitHub Actions
38
Go
2,616
Maven
5,000+
npm
4,255
NuGet
760
pip
4,040
Pub
12
RubyGems
953
Rust
1,050
Swift
45
Unreviewed advisories
All unreviewed
5,000+

33 advisories

Loading
chi Allows Host Header Injection which Leads to Open Redirect in RedirectSlashes Moderate
GHSA-vrw8-fxc6-2r93 was published for github.com/go-chi/chi/v5 (Go) Jun 20, 2025
anuraagbaishya
Credited to anuraagbaishya
BunkerWeb has Open Redirect Vulnerability in Loading Page Moderate
CVE-2024-53264 was published for github.com/bunkerity/bunkerweb (Go) Dec 2, 2024
adventure8812
Credited to adventure8812
Traefik's X-Forwarded-Prefix Header still allows for Open Redirect Moderate
CVE-2024-52003 was published for github.com/traefik/traefik/v2 (Go) Dec 2, 2024
kunte0
Credited to kunte0
Coder vulnerable to post-auth URL redirection to untrusted site ('Open Redirect') Moderate
GHSA-wcx9-ccpj-hx3c was published for github.com/coder/coder/v2 (Go) Oct 28, 2024
jchristov
Credited to jchristov
lorawan-stack Open Redirect vulnerability Moderate
CVE-2023-26494 was published for go.thethings.network/lorawan-stack/v3 (Go) Aug 5, 2024
Open Redirect URL in Harbor Moderate
CVE-2024-22244 was published for github.com/goharbor/harbor (Go) Jun 2, 2024
Privilege Escalation in Kubernetes Moderate
CVE-2020-8559 was published for k8s.io/apimachinery (Go) Apr 24, 2024
thejan2009 shanduur
wikkyk psilva-veeam hectorj2f PelagicGames
Credited to thejan2009, shanduur, wikkyk, psilva-veeam, hectorj2f, and PelagicGames
Open Redirect in github.com/greenpau/caddy-security Moderate
CVE-2024-21497 was published for github.com/greenpau/caddy-security (Go) Feb 17, 2024
Mattermost Open Redirect vulnerability Moderate
CVE-2023-47168 was published for github.com/mattermost/mattermost-server/v6 (Go) Nov 27, 2023
Authelia allows open redirects on the logout endpoint Moderate
CVE-2021-29456 was published for github.com/authelia/authelia/v4 (Go) Mar 16, 2023
jonbayl
Credited to jonbayl
coreDNS vulnerable to Improper Restriction of Communication Channel to Intended Endpoints Moderate
CVE-2022-2837 was published for github.com/coredns/coredns (Go) Mar 3, 2023
chrisbloom7
Credited to chrisbloom7
Open Redirect in Caddy Moderate
CVE-2022-28923 was published for github.com/caddyserver/caddy/v2 (Go) Feb 7, 2023
J3rry-1729
Credited to J3rry-1729
scs-library-client may leak user credentials to third-party service via HTTP redirect Moderate
CVE-2022-23538 was published for github.com/sylabs/scs-library-client (Go) Jan 20, 2023
Macaron i18n Open Redirect vulnerability Moderate
CVE-2020-36627 was published for github.com/go-macaron/i18n (Go) Dec 25, 2022
Gophish before 0.12.0 vulnerable to Open Redirect Moderate
CVE-2022-25295 was published for github.com/gophish/gophish (Go) Sep 12, 2022
Open redirect in caddy Moderate
CVE-2022-29718 was published for github.com/caddyserver/caddy (Go) Jun 3, 2022
Gitea Open Redirect Moderate
CVE-2022-1058 was published for code.gitea.io/gitea (Go) Mar 25, 2022
Pivotal Concourse Open Redirect in Login Flow Moderate
CVE-2018-15798 was published for github.com/concourse/concourse (Go) Feb 15, 2022
Arbitrary redirects under /new endpoint Moderate
CVE-2021-29622 was published for github.com/prometheus/prometheus (Go) Feb 15, 2022
dodek
Credited to dodek
Traefik vulnerable to Open Redirect via handling of X-Forwarded-Prefix header Moderate
CVE-2020-15129 was published for github.com/containous/traefik (Go) Feb 11, 2022
avivdolev
Credited to avivdolev
Open redirect in Gitea Moderate
CVE-2021-45328 was published for github.com/go-gitea/gitea (Go) Feb 9, 2022
Open redirect vulnerability in Sourcegraph Moderate
CVE-2020-12283 was published for github.com/sourcegraph/sourcegraph (Go) Dec 20, 2021
Open Redirect in oauth2_proxy Moderate
CVE-2017-1000070 was published for github.com/bitly/oauth2_proxy (Go) Dec 20, 2021
The pattern '/\domain.com' is not disallowed when redirecting, allowing for open redirect Moderate
CVE-2020-5233 was published for github.com/oauth2-proxy/oauth2-proxy (Go) Dec 20, 2021
Open Redirect in OAuth2 Proxy Moderate
CVE-2020-4037 was published for github.com/oauth2-proxy/oauth2-proxy (Go) Dec 20, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database