Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,168
Erlang
30
GitHub Actions
19
Go
1,978
Maven
5,000+
npm
3,698
NuGet
656
pip
3,315
Pub
11
RubyGems
882
Rust
832
Swift
35
Unreviewed advisories
All unreviewed
5,000+

46 advisories

Loading
Vulnerable Redirect URI Validation Results in Open Redirect Moderate
GHSA-w8gr-xwp4-r9f7 was published for org.keycloak:keycloak-services (Maven) Oct 14, 2024
Eclipse Glassfish improperly handles http parameters Moderate
CVE-2024-9329 was published for org.glassfish.main.admin:rest-service (Maven) Sep 30, 2024
Keycloak Open Redirect vulnerability High
CVE-2024-8883 was published for org.keycloak:keycloak-services (Maven) Sep 19, 2024
Eclipse Glassfish URL redirection vulnerability Moderate
CVE-2024-8646 was published for org.glassfish.main.web:web-core (Maven) Sep 11, 2024
Keycloak Open Redirect vulnerability Moderate
CVE-2024-7260 was published for org.keycloak:keycloak-core (Maven) Sep 9, 2024
Keycloak Cross-site Scripting (XSS) via assertion consumer service URL in SAML POST-binding flow Moderate
CVE-2023-6717 was published for org.keycloak:keycloak-services (Maven) Apr 17, 2024
Keycloak path traversal vulnerability in the redirect validation High
CVE-2024-2419 was published for org.keycloak:keycloak-services (Maven) Apr 17, 2024
Spring Framework URL Parsing with Host Validation High
CVE-2024-22262 was published for org.springframework:spring-web (Maven) Apr 16, 2024
Spring Framework URL Parsing with Host Validation Vulnerability High
CVE-2024-22259 was published for org.springframework:spring-web (Maven) Mar 16, 2024
yoshizawa-masatoshi
Spring Web vulnerable to Open Redirect or Server Side Request Forgery High
CVE-2024-22243 was published for org.springframework:spring-web (Maven) Feb 23, 2024
yoshizawa-masatoshi
keycloak-core: open redirect via "form_post.jwt" JARM response mode Moderate
GHSA-9vm7-v8wj-3fqw was published for org.keycloak:keycloak-core (Maven) Jan 23, 2024
PontusHanssen kasperkarlsson
Keycloak Open Redirect vulnerability Moderate
CVE-2023-6927 was published for org.keycloak:keycloak-parent (Maven) Dec 19, 2023
Open redirect in Apache Shiro Moderate
CVE-2023-46750 was published for org.apache.shiro:shiro-web (Maven) Dec 14, 2023
Open redirect vulnerability in Jenkins OpenId Connect Authentication Plugin Moderate
CVE-2023-50771 was published for org.jenkins-ci.plugins:oic-auth (Maven) Dec 13, 2023
Apache Tomcat Open Redirect vulnerability Moderate
CVE-2023-41080 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Aug 25, 2023
cdupuis
Jenkins OpenShift Login Plugin vulnerable to Open Redirect Moderate
CVE-2023-37947 was published for org.openshift.jenkins:openshift-login (Maven) Jul 12, 2023
org.xwiki.platform:xwiki-platform-oldcore Open Redirect vulnerability Moderate
CVE-2023-32068 was published for org.xwiki.platform:xwiki-platform-oldcore (Maven) May 15, 2023
org.xwiki.platform:xwiki-platform-oldcore Open Redirect vulnerability Moderate
CVE-2023-29204 was published for org.xwiki.platform:xwiki-platform-oldcore (Maven) Apr 12, 2023
lambdaisland/uri `authority-regex` returns the wrong authority Moderate
CVE-2023-28628 was published for lambdaisland:uri (Maven) Mar 27, 2023
luigigubello plexus
Open redirect vulnerability in Jenkins OpenID Plugin Moderate
CVE-2023-24445 was published for org.jenkins-ci.plugins:openid (Maven) Jan 26, 2023
Apache Helix UI vulnerable to Open Redirect Moderate
CVE-2022-47500 was published for org.apache.helix:helix (Maven) Dec 19, 2022
Jenkins Google Login Plugin Open Redirect vulnerability Moderate
CVE-2022-46683 was published for org.jenkins-ci.plugins:google-login (Maven) Dec 12, 2022
Authenticated OpenRedirect Vulnerability Moderate
CVE-2022-41965 was published for org.opencastproject:opencast-common (Maven) Nov 30, 2022
geichelberger
JSPUI's controlled vocabulary feature vulnerable to Open Redirect before v6.4 and v5.11 High
CVE-2022-31193 was published for org.dspace:dspace-jspui (Maven) Aug 6, 2022
Server-side request forgery in Apache Dubbo Moderate
CVE-2022-24969 was published for com.alibaba:dubbo (Maven) Jun 10, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database