Fiftieth0252

**Name of the Vulnerable Software and Affected Versions** Novu versions prior to 0.16.0 **Description** Novu provides an API for sending notifications through multiple channels. The "Sign In with GitHub" functionality of Novu's open-source repository contains an open redirect issue. This could have allowed an attacker to force a victim into opening a malicious URL, potentially logging into the repository under the victim's account and gaining full control of the account. The vulnerability only affects Novu Cloud and Open-Source deployments where the user has manually enabled GitHub OAuth on their self-hosted instance. **Recommendations** For versions prior to 0.16.0, upgrade to version 0.16.0 to receive a patch. As a temporary workaround, consider disabling the "Sign In with GitHub" functionality until the patch is applied. Restrict access to the GitHub OAuth feature on self-hosted instances to minimize the risk of exploitation.