Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,411
Erlang
33
GitHub Actions
22
Go
2,146
Maven
5,000+
npm
3,808
NuGet
687
pip
3,481
Pub
12
RubyGems
897
Rust
899
Swift
38
Unreviewed advisories
All unreviewed
5,000+

3,481 advisories

Loading
Onnx Directory Traversal vulnerability High
CVE-2024-27318 was published for onnx (pip) Feb 23, 2024
iarspider
Salt vulnerable to denial of service Moderate
CVE-2023-20897 was published for salt (pip) Sep 5, 2023
Salt can cause Git Providers to get wrong data Moderate
CVE-2023-20898 was published for salt (pip) Sep 5, 2023
Apache Airflow Incorrect Authorization vulnerability Moderate
CVE-2023-40611 was published for apache-airflow (pip) Sep 12, 2023
sunSUNQ
Apache HDFS Provider error message suggested High
CVE-2023-41267 was published for apache-airflow-providers-apache-hdfs (pip) Sep 14, 2023
oscerd
Apache Avro Java SDK vulnerable to Improper Input Validation High
CVE-2023-39410 was published for avro (Maven) Sep 29, 2023
Apache Airflow vulnerable to sensitive information exposure Moderate
CVE-2023-42663 was published for apache-airflow (pip) Oct 14, 2023
urllib3's request body not stripped after redirect from 303 status changes request method to GET Moderate
CVE-2023-45803 was published for urllib3 (pip) Oct 17, 2023
ranjit-git illia-v
sethmlarson Hacked36
Apache Airflow Celery provider Insertion of Sensitive Information into Log File vulnerability High
CVE-2023-46215 was published for apache-airflow (pip) Oct 28, 2023
Synapse vulnerable to leak of remote user device information Moderate
CVE-2023-43796 was published for matrix-synapse (pip) Oct 31, 2023
Apache Airflow allows authenticated and DAG-view authorized users to modify some DAG run detail values when submitting notes Moderate
CVE-2023-47037 was published for apache-airflow (pip) Nov 12, 2023
r3kumar sunSUNQ
Apache Superset has Incorrect Default Permissions Moderate
CVE-2023-42501 was published for apache-superset (pip) Nov 27, 2023
Duplicate Advisory: Apache Superset - Elevation of Privilege Moderate
GHSA-392c-vjfv-h7wr was published for apache-superset (pip) Nov 27, 2023 withdrawn
Apache Superset Exposure of Sensitive Information to an Unauthorized Actor vulnerability Moderate
CVE-2023-42505 was published for apache-superset (pip) Nov 28, 2023
Apache Superset Allocation of Resources Without Limits or Throttling vulnerability Moderate
CVE-2023-42504 was published for apache-superset (pip) Nov 28, 2023
Apache Superset uncontrolled resource consumption Moderate
CVE-2023-46104 was published for apache-superset (pip) Dec 19, 2023
Apache Superset incorrect write permissions vulnerability High
CVE-2023-49734 was published for apache-superset (pip) Dec 19, 2023
Apache Superset SQL injection vulnerability Moderate
CVE-2023-49736 was published for apache-superset (pip) Dec 19, 2023
Apache Airflow has a stored cross-site scripting vulnerability Moderate
CVE-2023-47265 was published for apache-airflow (pip) Dec 21, 2023
Jinja vulnerable to HTML attribute injection when passing user input as keys to xmlattr filter Moderate
CVE-2024-22195 was published for jinja2 (pip) Jan 11, 2024
CalumHutton
Remote Code Execution vulnerability in Apache IoTDB via UDF High
CVE-2023-46226 was published for apache-iotdb (Maven) Jan 15, 2024
Apache Airflow: Bypass permission verification to read code of other dags High
CVE-2023-50944 was published for apache-airflow (pip) Jan 24, 2024
Apache Airflow: pickle deserialization vulnerability in XComs High
CVE-2023-50943 was published for apache-airflow (pip) Jan 24, 2024
Deserialization of Untrusted Data in Hugging Face Transformers High
CVE-2024-11394 was published for transformers (pip) Nov 23, 2024
Fidget-Grep
Deserialization of Untrusted Data in Hugging Face Transformers High
CVE-2024-11392 was published for transformers (pip) Nov 23, 2024
Fidget-Grep
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database