Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,476
Erlang
33
GitHub Actions
24
Go
2,203
Maven
5,000+
npm
3,852
NuGet
696
pip
3,637
Pub
12
RubyGems
911
Rust
913
Swift
38
Unreviewed advisories
All unreviewed
5,000+

237 advisories

Loading
aiohttp's ClientSession is vulnerable to CRLF injection via method Moderate
CVE-2023-49082 was published for aiohttp (pip) Nov 27, 2023
jnovikov
PDM Trojan Lockfile High
CVE-2023-45805 was published for pdm (pip) Oct 20, 2023
wayphinder
Microsoft Common Data Model SDK Denial of Service Vulnerability Moderate
CVE-2023-36566 was published for Microsoft.CommonDataModel.ObjectModel (Maven) Oct 10, 2023
degant
Apache Avro Java SDK vulnerable to Improper Input Validation High
CVE-2023-39410 was published for avro (Maven) Sep 29, 2023
Apache Superset Improper Input Validation vulnerability Moderate
CVE-2023-39265 was published for apache-superset (pip) Sep 6, 2023
Airflow Sqoop Provider RCE Vulnerability High
CVE-2023-27604 was published for apache-airflow-providers-apache-sqoop (pip) Aug 28, 2023
Apache Airflow Spark Provider Improper Input Validation vulnerability High
CVE-2023-40272 was published for apache-airflow-providers-apache-spark (pip) Aug 17, 2023
apache-airflow-providers-apache-drill Improper Input Validation vulnerability High
CVE-2023-39553 was published for apache-airflow-providers-apache-drill (pip) Aug 11, 2023
Apache Airflow Apache Hive Provider Improper Input Validation vulnerability High
CVE-2023-37415 was published for apache-airflow-providers-apache-hive (pip) Jul 13, 2023
Apache Airflow Improper Input Validation vulnerability High
CVE-2023-36543 was published for apache-airflow (pip) Jul 12, 2023
Apache Airflow Improper Input Validation vulnerability High
CVE-2023-22888 was published for apache-airflow (pip) Jul 12, 2023
MechanicalSoup vulnerable to malicious web server reading arbitrary files on client using file input inside HTML form High
CVE-2023-34457 was published for MechanicalSoup (pip) Jul 5, 2023
e-c-d
Apache Airflow Hive Provider Beeline remote code execution with Principal Critical
CVE-2023-35797 was published for apache-airflow-providers-apache-hive (pip) Jul 3, 2023
Apache Airflow JDBC Provider Improper Input Validation vulnerability High
CVE-2023-22886 was published for apache-airflow-providers-jdbc (pip) Jun 29, 2023
Apache Airflow ODBC Provider, Apache Airflow MSSQL Provider Improper Input Validation vulnerability Moderate
CVE-2023-35798 was published for apache-airflow-providers-microsoft-mssql (pip) Jun 27, 2023
Gradio vulnerable to arbitrary file read and proxying of arbitrary URLs Moderate
CVE-2023-34239 was published for gradio (pip) Jun 9, 2023
mastomii
Synapse Outgoing federation to specific hosts can be disabled by sending malicious invites Moderate
CVE-2023-32323 was published for matrix-synapse (pip) May 24, 2023
Ckan remote code execution and private information access via crafted resource ids Critical
CVE-2023-32321 was published for ckan (pip) May 24, 2023
YoloClin
Django bypasses validation when using one form field to upload multiple files Critical
CVE-2023-31047 was published for Django (pip) May 7, 2023
Apache Airflow Drill Provider vulnerable to improper input validation High
CVE-2023-28707 was published for apache-airflow-providers-apache-drill (pip) Apr 7, 2023
Apache Airflow Spark Provider vulnerable to improper input validation High
CVE-2023-28710 was published for apache-airflow-providers-apache-spark (pip) Apr 7, 2023
TensorFlow Denial of Service vulnerability Moderate
CVE-2023-25661 was published for tensorflow (pip) Mar 27, 2023
dengyinlin
CairoSVG improperly processes SVG files loaded from external resources High
CVE-2023-27586 was published for CairoSVG (pip) Mar 20, 2023
Cyxow
Apache Airflow Google Provider Improper Input Validation vulnerability Critical
CVE-2023-25691 was published for apache-airflow-providers-google (pip) Feb 24, 2023
Apache Airflow Hive Provider Improper Input Validation vulnerability Critical
CVE-2023-25696 was published for apache-airflow-providers-apache-hive (pip) Feb 24, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database