Open redirect alone doesn't look dangerous. But combining it with another vulnerabilities like OAuth misconfiguration -> account takeover. I wrote a blog about this common mistake some time ago:
https://pwn.netlify.com/open-redirect-to-oauth-token-theft.h...