GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
1,361 advisories
Jupyter Notebook Vulnerable to Authentication Token Theft via CommandLinker XSS
High
CVE-2026-40171
was published
for
@jupyter-notebook/help-extension
(npm)
Apr 30, 2026
Admidio Sends SAML Response to Unvalidated Assertion Consumer Service URL from AuthnRequest
High
CVE-2026-41670
was published
for
admidio/admidio
(Composer)
Apr 29, 2026
n8n has Open Redirect in MCP OAuth Consent Flow
Moderate
CVE-2026-42230
was published
for
n8n
(npm)
Apr 29, 2026
Unauthenticated Open Redirect, Arbitrary HTTP Response Header Injection, Missing CSRF, and Invisible-Mode Bypass in goshs `/?redirect` endpoint
Low
GHSA-7qx6-f23w-3w7f
was published
for
github.com/patrickhener/goshs
(Go)
Apr 14, 2026
@adonisjs/http-server has an Open Redirect vulnerability
Moderate
CVE-2026-40255
was published
for
@adonisjs/core
(npm)
Apr 14, 2026
Kimai has an Open Redirect via Unvalidated RelayState in SAML ACS Handler
Low
GHSA-3jp4-mhh4-gcgr
was published
for
kimai/kimai
(Composer)
Apr 14, 2026
next-intl has an open redirect vulnerability
Moderate
CVE-2026-40299
was published
for
next-intl
(npm)
Apr 10, 2026
Authorizer: Password reset token theft and full auth token redirect via unvalidated redirect_uri
High
GHSA-x3f4-v83f-7wp2
was published
for
github.com/authorizerdev/authorizer
(Go)
Apr 6, 2026
ProTip!
Advisories are also available from the
GraphQL API