GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
102
GitHub Actions
54
Go
4,340
Maven
5,000+
npm
5,000+
NuGet
1,033
pip
5,000+
Pub
13
RubyGems
1,122
Rust
1,498
Swift
61
Unreviewed advisories
All unreviewed
5,000+
1,473 advisories
Filter by severity
IBM Verify Identity Access 11.0 through 11.0.2 and IBM Security Verify Access 10.0 through 10.0.9...
Low
Unreviewed
CVE-2026-7364
was published
Jul 17, 2026
IBM Engineering AI Hub 1.0.0, 1.1.0, and 1.2.0 could allow a remote attacker to redirect users to...
Moderate
Unreviewed
CVE-2026-15093
was published
Jul 17, 2026
An Open Redirect vulnerability (CWE-601) exists in the OAuth/OIDC authentication implementation...
Moderate
Unreviewed
CVE-2026-12379
was published
Jul 16, 2026
The Grav API plugin (grav-plugin-api) before 1.0.4 does not validate the origin of the client...
Critical
Unreviewed
CVE-2026-61451
was published
Jul 15, 2026
Adobe Commerce is affected by an Improper Redirect (Open Redirect) vulnerability that could...
Moderate
Unreviewed
CVE-2026-48000
was published
Jul 14, 2026
An open redirect in Ivanti Xtraction before version 2026.2.1 allows a remote unauthenticated...
Moderate
Unreviewed
CVE-2026-14902
was published
Jul 14, 2026
SAP Approuter does not properly validate incoming request headers during the OAuth2 login flow...
High
Unreviewed
CVE-2026-44745
was published
Jul 14, 2026
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Drupal Drupal core allows...
Moderate
Unreviewed
CVE-2026-55806
was published
Jul 11, 2026
Authorizer: Unvalidated redirect_uri in /authorize leaks OAuth2 tokens to attacker-controlled URL
Critical
CVE-2026-54072
was published
for
github.com/authorizerdev/authorizer
(Go)
Jul 10, 2026
OpenRun: Redirect URL validation bypass using //host paths leads to Open Redirect
Moderate
CVE-2026-55252
was published
for
github.com/openrundev/openrun
(Go)
Jul 9, 2026
An Open Redirect vulnerability was discovered in the SAML Single Sign-On functionality due to...
Moderate
Unreviewed
CVE-2026-31982
was published
Jul 9, 2026
Gradio before 6.20.0 contains an open redirect and server-side request forgery vulnerability that...
Moderate
Unreviewed
CVE-2026-59806
was published
Jul 8, 2026
Waku has an Open Redirect via `unstable_redirect` Helper
Low
CVE-2026-49456
was published
for
waku
(npm)
Jul 8, 2026
Better Auth has stored XSS in the auth-server origin via javascript: redirect_uri in oidc-provider and mcp
High
GHSA-86j7-9j95-vpqj
was published
for
better-auth
(npm)
Jul 7, 2026
Kiwi TCMS has an Open Redirect via unvalidated next parameter in account confirmation endpoint
Moderate
CVE-2026-54724
was published
for
kiwitcms
(pip)
Jul 6, 2026
Coder's session token leaked to arbitrary hosts via `coder open app` for external workspace apps
High
CVE-2026-55431
was published
for
github.com/coder/coder/v2
(Go)
Jul 6, 2026
CiliumLocalRedirectPolicy addressMatcher allows cross-namespace service traffic hijacking and can break service translation
Moderate
CVE-2026-53935
was published
for
github.com/cilium/cilium
(Go)
Jul 6, 2026
A vulnerability was found in kirilkirkov Ecommerce-CodeIgniter-Bootstrap up to...
Low
Unreviewed
CVE-2026-14632
was published
Jul 4, 2026
Url redirection to untrusted site ('open redirect') in M365 Copilot allows an unauthorized...
Critical
Unreviewed
CVE-2026-41106
was published
Jul 3, 2026
OpenClaw MCP SSE redirects could forward Authorization headers
Moderate
GHSA-9c3v-684m-579c
was published
for
openclaw
(npm)
Jul 1, 2026
Concourse login flow has an open redirect issue
Low
CVE-2026-49826
was published
for
github.com/concourse/concourse
(Go)
Jul 1, 2026
URL redirection to untrusted site ('open redirect') vulnerability in The Wikimedia Foundation...
Moderate
Unreviewed
CVE-2026-58520
was published
Jul 1, 2026
Invoice Ninja through 5.13.26 contains an open redirect vulnerability in the client portal login...
Moderate
Unreviewed
CVE-2026-58450
was published
Jul 1, 2026
An
unauthenticated URL redirection vulnerability has been identified in Archer
AX20 V2 due to...
Moderate
Unreviewed
CVE-2026-10562
was published
Jun 30, 2026
Probo has an open redirect bypass via path normalization
Moderate
CVE-2026-49820
was published
for
go.probo.inc/probo
(Go)
Jun 30, 2026
ProTip!
Advisories are also available from the
GraphQL API