Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,656
Maven
5,000+
npm
4,284
NuGet
760
pip
4,069
Pub
12
RubyGems
957
Rust
1,057
Swift
45
Unreviewed advisories
All unreviewed
5,000+

36 advisories

Loading
Koa Vulnerable to Open Redirect via Trailing Double-Slash (//) in back Redirect Logic Moderate
CVE-2025-62595 was published for koa (npm) Oct 21, 2025
haymizrachi
Credited to haymizrachi
lobe-chat has an Open Redirect Moderate
CVE-2025-59426 was published for @lobehub/chat (npm) Sep 24, 2025
im-soohyun
Credited to im-soohyun
@astrojs/node's trailing slash handling causes open redirect issue Moderate
CVE-2025-55207 was published for @astrojs/node (npm) Aug 15, 2025
florian-lefebvre ematipico
Fryuni delucis
Credited to florian-lefebvre, ematipico, Fryuni, and delucis
Astros's duplicate trailing slash feature leads to an open redirection security issue Moderate
CVE-2025-54793 was published for astro (npm) Aug 7, 2025
ghiyastfarisi ascorbic
ematipico
Credited to ghiyastfarisi, ascorbic, and ematipico
DiracX-Web is vulnerable to attack through an Open Redirect on its login page Moderate
CVE-2025-54066 was published for @dirac-grid/diracx-web-components (npm) Jul 17, 2025
Robin-Van-de-Merghel
Credited to Robin-Van-de-Merghel
n8n allows open redirects via the /signin endpoint Moderate
CVE-2025-49592 was published for n8n (npm) Jun 27, 2025
tatianahub
Credited to tatianahub
@cloudflare/workers-oauth-provider missing validation of redirect_uri on authorize endpoint Moderate
CVE-2025-4143 was published for @cloudflare/workers-oauth-provider (npm) May 1, 2025
Duplicate Advisory: @cloudflare/workers-oauth-provider missing validation of redirect_uri on authorize endpoint Moderate
GHSA-7cp4-jw97-3rc2 was published for @cloudflare/workers-oauth-provider (npm) May 1, 2025 withdrawn
Beter Auth has an Open Redirect via Scheme-Less Callback Parameter Moderate
CVE-2025-27143 was published for better-auth (npm) Feb 24, 2025
sumeet-darekar Shivaraj-Kolekar
Credited to sumeet-darekar and Shivaraj-Kolekar
Express.js Open Redirect in malformed URLs Moderate
CVE-2024-29041 was published for express (npm) Mar 25, 2024
FDrag0n jonchurch
blakeembrey wesleytodd ruddermann ctcpip UlisesGascon
Credited to FDrag0n, jonchurch, blakeembrey, wesleytodd, ruddermann, ctcpip, and UlisesGascon
URL Redirection to Untrusted Site in OAuth2/OpenID in directus Moderate
CVE-2024-28239 was published for directus (npm) Mar 12, 2024
soulseekah
Credited to soulseekah
Follow Redirects improperly handles URLs in the url.parse() function Moderate
CVE-2023-26159 was published for follow-redirects (npm) Jan 2, 2024
iainsproat
Credited to iainsproat
DOMPurify Open Redirect vulnerability Moderate
CVE-2019-25155 was published for dompurify (npm) Nov 14, 2023
@keystone-6/auth Open Redirect vulnerability Moderate
CVE-2023-34247 was published for @keystone-6/auth (npm) Jun 14, 2023
scgajge12
Credited to scgajge12
keycloak-connect contains Open redirect vulnerability in the Node.js adapter Moderate
CVE-2022-2237 was published for keycloak-connect (npm) Mar 2, 2023
jviding
Credited to jviding
@okta/oidc-middlewareOpen Redirect vulnerability Moderate
CVE-2022-3145 was published for @okta/oidc-middleware (npm) Jan 9, 2023
jviding
Credited to jviding
Oils JS vulnerable to Open Redirect Moderate
CVE-2021-4260 was published for oils (npm) Dec 19, 2022
URL Redirection to Untrusted Site ('Open Redirect') in next-auth Moderate
CVE-2022-29214 was published for next-auth (npm) May 24, 2022
Ry0taK
Credited to Ry0taK
NextAuth.js default redirect callback vulnerable to open redirects Moderate
CVE-2022-24858 was published for next-auth (npm) Apr 22, 2022
rustyguts
Credited to rustyguts
URL Confusion When Scheme Not Supplied in medialize/uri.js Moderate
CVE-2022-1233 was published for urijs (npm) Apr 5, 2022
Open Redirect in urijs Moderate
CVE-2022-0868 was published for urijs (npm) Mar 7, 2022
Open redirect in karma Moderate
CVE-2021-23495 was published for karma (npm) Feb 26, 2022
Open Redirect in koa-remove-trailing-slashes Moderate
CVE-2021-23384 was published for koa-remove-trailing-slashes (npm) Feb 10, 2022
tdunlap607
Credited to tdunlap607
Open Redirect in node-forge Moderate
CVE-2022-0122 was published for node-forge (npm) Jan 21, 2022
Open redirect in @auth0/nextjs-auth0 Moderate
CVE-2021-43812 was published for @auth0/nextjs-auth0 (npm) Dec 16, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database