GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
1,354 advisories
Unauthenticated Open Redirect, Arbitrary HTTP Response Header Injection, Missing CSRF, and Invisible-Mode Bypass in goshs `/?redirect` endpoint
Low
GHSA-7qx6-f23w-3w7f
was published
for
github.com/patrickhener/goshs
(Go)
Apr 14, 2026
@adonisjs/http-server has an Open Redirect vulnerability
Moderate
CVE-2026-40255
was published
for
@adonisjs/core
(npm)
Apr 14, 2026
Kimai has an Open Redirect via Unvalidated RelayState in SAML ACS Handler
Low
GHSA-3jp4-mhh4-gcgr
was published
for
kimai/kimai
(Composer)
Apr 14, 2026
next-intl has an open redirect vulnerability
Moderate
CVE-2026-40299
was published
for
next-intl
(npm)
Apr 10, 2026
Authorizer: Password reset token theft and full auth token redirect via unvalidated redirect_uri
High
GHSA-x3f4-v83f-7wp2
was published
for
github.com/authorizerdev/authorizer
(Go)
Apr 6, 2026
Directus: Open Redirect via Parser Bypass in OAuth2/SAML Authentication Flow
Moderate
CVE-2026-35410
was published
for
directus
(npm)
Apr 4, 2026
Directus: Open Redirect in Admin 2FA Setup Page
Moderate
CVE-2026-35411
was published
for
directus
(npm)
Apr 4, 2026
Signal K Server: OAuth Authorization Code Theft via Unvalidated Host Header in OIDC Flow
Moderate
CVE-2026-34083
was published
for
signalk-server
(npm)
Apr 3, 2026
JupyterHub has an Open Redirect Vulnerability
Moderate
CVE-2026-33709
was published
for
jupyterhub
(pip)
Apr 3, 2026
ProTip!
Advisories are also available from the
GraphQL API