Skip to content

Devise has an Open Redirect via Unvalidated `request.referrer` in Timeoutable Session Timeout Handler

Moderate severity GitHub Reviewed Published May 8, 2026 in heartcombo/devise • Updated May 29, 2026

No open alerts for this advisory

Give feedback on Dependabot alerts