Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

37 advisories

Loading
Moderate severity vulnerability that affects org.apache.juddi:juddi-client Moderate
CVE-2015-5241 was published for org.apache.juddi:juddi-client (Maven) Oct 16, 2018
Apache Tomcat Open Redirect vulnerability Moderate
CVE-2018-11784 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Oct 17, 2018
sunSUNQ
spring-security-oauth and spring-security-oauth2 Open Redirect vulnerability Moderate
CVE-2019-3778 was published for org.springframework.security.oauth:spring-security-oauth (Maven) Mar 14, 2019
davidsnt
Open Redirect in Spring Security OAuth Moderate
CVE-2019-11269 was published for org.springframework.security.oauth:spring-security-oauth (Maven) Jun 13, 2019
SunBK201
URL Redirection to Untrusted Site (Open Redirect) in Ktor Moderate
CVE-2019-19703 was published for io.ktor:ktor-client-core (Maven) Feb 12, 2020
URL Redirection to Untrusted Site ('Open Redirect') Moderate
CVE-2022-23618 was published for org.xwiki.platform:xwiki-platform-oldcore (Maven) Feb 9, 2022
Open redirect vulnerability in Jenkins GitLab Authentication Plugin Moderate
CVE-2022-25196 was published for org.jenkins-ci.plugins:gitlab-oauth (Maven) Feb 16, 2022
NotMyFault
Server-Side Request Forgery in Apache Dubbo Moderate
CVE-2021-25640 was published for com.alibaba:dubbo (Maven) Mar 18, 2022
Keycloak Open Redirect Moderate
CVE-2018-14658 was published for org.keycloak:keycloak-core (Maven) May 13, 2022
Cloud Foundry UAA open redirect Moderate
CVE-2018-11041 was published for org.cloudfoundry.identity:cloudfoundry-identity-server (Maven) May 14, 2022
sunSUNQ
Jenkins Google Login Plugin Open Redirect vulnerability Moderate
CVE-2018-1000174 was published for org.jenkins-ci.plugins:google-login (Maven) May 14, 2022
Apache Ambari Open Redirect Moderate
CVE-2015-5210 was published for org.apache.ambari:ambari (Maven) May 17, 2022
Apache Sling Auth Core bundle vulnerable to Open Redirection Moderate
CVE-2013-4390 was published for org.apache.sling:org.apache.sling.auth.core (Maven) May 17, 2022
Dojo Open Redirect vulnerability Moderate
CVE-2010-2274 was published for org.dojotoolkit:dojo (Maven) May 17, 2022
JBoss KeyCloak Open Redirect Moderate
CVE-2014-3652 was published for org.keycloak:keycloak-services (Maven) May 17, 2022
Jenkins Gitlab Authentication Plugin Open Redirect vulnerability Moderate
CVE-2019-10372 was published for org.jenkins-ci.plugins:gitlab-oauth (Maven) May 24, 2022
Athenz vulnerable to Open Redirect Moderate
CVE-2019-6035 was published for com.yahoo.athenz:athenz (Maven) May 24, 2022
Keycloak vulnerable to Server-Side Request Forgery Moderate
CVE-2020-10770 was published for org.keycloak:keycloak-core (Maven) May 24, 2022
Open redirect vulnerability in Jenkins CAS Plugin Moderate
CVE-2021-21673 was published for org.jenkins-ci.plugins:cas-plugin (Maven) May 24, 2022
NotMyFault
Server-side request forgery in Apache Dubbo Moderate
CVE-2022-24969 was published for com.alibaba:dubbo (Maven) Jun 10, 2022
Authenticated OpenRedirect Vulnerability Moderate
CVE-2022-41965 was published for org.opencastproject:opencast-common (Maven) Nov 30, 2022
geichelberger
Jenkins Google Login Plugin Open Redirect vulnerability Moderate
CVE-2022-46683 was published for org.jenkins-ci.plugins:google-login (Maven) Dec 12, 2022
Apache Helix UI vulnerable to Open Redirect Moderate
CVE-2022-47500 was published for org.apache.helix:helix (Maven) Dec 19, 2022
Open redirect vulnerability in Jenkins OpenID Plugin Moderate
CVE-2023-24445 was published for org.jenkins-ci.plugins:openid (Maven) Jan 26, 2023
lambdaisland/uri `authority-regex` returns the wrong authority Moderate
CVE-2023-28628 was published for lambdaisland:uri (Maven) Mar 27, 2023
luigigubello plexus
ProTip! Advisories are also available from the GraphQL API