Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,865
Erlang
29
GitHub Actions
16
Go
1,717
Maven
4,951
npm
3,480
NuGet
605
pip
3,026
Pub
10
RubyGems
832
Rust
776
Swift
34
Unreviewed advisories
All unreviewed
5,000+

165 advisories

Apache Airflow: Incorrect Default Permissions in audit logs for Ops and Viewers users Moderate
CVE-2024-26280 was published for apache-airflow (pip) Mar 1, 2024
oscerd sunSUNQ
Apache Airflow: DAG Code and Import Error Permissions Ignored Moderate
CVE-2024-27906 was published for apache-airflow (pip) Feb 29, 2024
oscerd sunSUNQ
Apache Airflow allows authenticated and DAG-view authorized users to modify some DAG run detail values when submitting notes Moderate
CVE-2023-47037 was published for apache-airflow (pip) Nov 12, 2023
r3kumar sunSUNQ
Apache Airflow vulnerable to sensitive information exposure when users list warnings for all DAGs Moderate
CVE-2023-42780 was published for apache-airflow (pip) Oct 14, 2023
sunSUNQ
Apache Airflow vulnerable to sensitive information exposure when expose-config is set to non-sensitive-only Moderate
CVE-2023-45348 was published for apache-airflow (pip) Oct 14, 2023
sunSUNQ
Jenkins does not exclude sensitive build variables from search Moderate
CVE-2023-43494 was published for org.jenkins-ci.main:jenkins-core (Maven) Sep 20, 2023
sunSUNQ
Apache Airflow Incorrect Authorization vulnerability Moderate
CVE-2023-40611 was published for apache-airflow (pip) Sep 12, 2023
sunSUNQ
Apache Airflow missing Certificate Validation Moderate
CVE-2023-39441 was published for apache-airflow (pip) Aug 23, 2023
sunSUNQ
Apache Airflow Path Traversal vulnerability Moderate
CVE-2023-22887 was published for apache-airflow (pip) Jul 12, 2023
sunSUNQ
Apache Airflow Incorrect Authorization vulnerability Moderate
CVE-2023-35908 was published for apache-airflow (pip) Jul 12, 2023
sunSUNQ
Spring Framework vulnerable to denial of service via specially crafted SpEL expression Moderate
CVE-2023-20861 was published for org.springframework:spring-expression (Maven) Mar 23, 2023
amita-seal sunSUNQ
Apache Airflow Contains Open Redirect Moderate
CVE-2022-45402 was published for apache-airflow (pip) Nov 15, 2022
sunSUNQ
Apache Airflow exposes arbitrary file content Moderate
CVE-2022-38170 was published for apache-airflow (pip) Sep 3, 2022
sunSUNQ
Improper Limitation of a Pathname to a Restricted Directory in Jenkins Moderate
CVE-2019-10352 was published for org.jenkins-ci.main:jenkins-core (Maven) May 24, 2022
sunSUNQ
Denial of Service in Apache ActiveMQ Moderate
CVE-2011-4905 was published for org.apache.activemq:activemq-core (Maven) May 17, 2022
sunSUNQ
Django vulnerable to Improper Restriction of Operations within the Bounds of a Memory Buffer Moderate
CVE-2012-3444 was published for Django (pip) May 17, 2022
sunSUNQ
Apache Struts2 Broken Access Control Vulnerability Moderate
CVE-2013-4310 was published for org.apache.struts:struts2-core (Maven) May 17, 2022
sunSUNQ
Jenkins allows attackers to execute arbitrary jobs Moderate
CVE-2014-2058 was published for org.jenkins-ci.main:jenkins-core (Maven) May 17, 2022
sunSUNQ
Jenkins allows attackers to configure restricted projects Moderate
CVE-2013-7330 was published for org.jenkins-ci.main:jenkins-core (Maven) May 17, 2022
sunSUNQ
Jenkins does not invalidate the API token when a user is deleted Moderate
CVE-2014-2062 was published for org.jenkins-ci.main:jenkins-core (Maven) May 17, 2022
sunSUNQ
Jenkin allows attackers to obtain passwords by reading the HTML source code Moderate
CVE-2014-2061 was published for org.jenkins-ci.main:jenkins-core (Maven) May 17, 2022
sunSUNQ
Jenkins allows attackers to determine whether a user exists Moderate
CVE-2014-2064 was published for org.jenkins-ci.main:jenkins-core (Maven) May 17, 2022
sunSUNQ
Jenkins cross-site scripting (XSS) vulnerability Moderate
CVE-2014-2065 was published for org.jenkins-ci.main:jenkins-core (Maven) May 17, 2022
sunSUNQ
Jenkins session fixation vulnerability Moderate
CVE-2014-2066 was published for org.jenkins-ci.main:jenkins-core (Maven) May 17, 2022
sunSUNQ
Improper Neutralization of Input During Web Page Generation in Jenkins Moderate
CVE-2015-7536 was published for org.jenkins-ci.main:jenkins-core (Maven) May 17, 2022
sunSUNQ
ProTip! Advisories are also available from the GraphQL API