GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
349 advisories
Apache Airflow: Incorrect Default Permissions in audit logs for Ops and Viewers users
Moderate
CVE-2024-26280
was published
for
apache-airflow
(pip)
Mar 1, 2024
Apache Airflow: DAG Code and Import Error Permissions Ignored
Moderate
CVE-2024-27906
was published
for
apache-airflow
(pip)
Feb 29, 2024
Arbitrary file read vulnerability through the Jenkins CLI can lead to RCE
Critical
CVE-2024-23897
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
Jan 24, 2024
Apache ActiveMQ Deserialization of Untrusted Data vulnerability
High
CVE-2022-41678
was published
for
org.apache.activemq:apache-activemq
(Maven)
Nov 28, 2023
Spring Framework vulnerable to denial of service
High
CVE-2023-34053
was published
for
org.springframework:spring-webmvc
(Maven)
Nov 28, 2023
Apache Airflow allows authenticated and DAG-view authorized users to modify some DAG run detail values when submitting notes
Moderate
CVE-2023-47037
was published
for
apache-airflow
(pip)
Nov 12, 2023
Apache Airflow vulnerable to sensitive information exposure when expose-config is set to non-sensitive-only
Moderate
CVE-2023-45348
was published
for
apache-airflow
(pip)
Oct 14, 2023
Apache Airflow vulnerable to sensitive information exposure when users list warnings for all DAGs
Moderate
CVE-2023-42780
was published
for
apache-airflow
(pip)
Oct 14, 2023
Jenkins does not exclude sensitive build variables from search
Moderate
CVE-2023-43494
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
Sep 20, 2023
Apache Airflow Incorrect Authorization vulnerability
Moderate
CVE-2023-40611
was published
for
apache-airflow
(pip)
Sep 12, 2023
Apache Airflow missing Certificate Validation
Moderate
CVE-2023-39441
was published
for
apache-airflow
(pip)
Aug 23, 2023
Apache Airflow Path Traversal vulnerability
Moderate
CVE-2023-22887
was published
for
apache-airflow
(pip)
Jul 12, 2023
Apache Airflow Incorrect Authorization vulnerability
Moderate
CVE-2023-35908
was published
for
apache-airflow
(pip)
Jul 12, 2023
Apache Tomcat vulnerable to information leak
High
CVE-2023-34981
was published
for
org.apache.tomcat.embed:tomcat-embed-core
(Maven)
Jun 21, 2023
Spring Framework vulnerable to denial of service
High
CVE-2023-20863
was published
for
org.springframework:spring-expression
(Maven)
Apr 13, 2023
Spring Framework is vulnerable to security bypass via mvcRequestMatcher pattern mismatch
Critical
CVE-2023-20860
was published
for
org.springframework:spring
(Maven)
Mar 28, 2023
Spring Framework vulnerable to denial of service via specially crafted SpEL expression
Moderate
CVE-2023-20861
was published
for
org.springframework:spring-expression
(Maven)
Mar 23, 2023
Apache Commons FileUpload denial of service vulnerability
High
CVE-2023-24998
was published
for
commons-fileupload:commons-fileupload
(Maven)
Feb 20, 2023
OS Command Injection in Apache Airflow
Critical
CVE-2022-38649
was published
for
apache-airflow
(pip)
Nov 22, 2022
Apache Airflow Contains Open Redirect
Moderate
CVE-2022-45402
was published
for
apache-airflow
(pip)
Nov 15, 2022
Apache Airflow subject to Exposure of Sensitive Information
High
CVE-2022-27949
was published
for
apache-airflow
(pip)
Nov 14, 2022
Apache Tomcat may reject request containing invalid Content-Length header
High
CVE-2022-42252
was published
for
org.apache.tomcat.embed:tomcat-embed-core
(Maven)
Nov 1, 2022
Django denial-of-service vulnerability in internationalized URLs
High
CVE-2022-41323
was published
for
django
(pip)
Oct 16, 2022
Apache Airflow may allow authenticated users who have been deactivated to continue using the UI or API
High
CVE-2022-41672
was published
for
apache-airflow
(pip)
Oct 7, 2022
ProTip!
Advisories are also available from the
GraphQL API