Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,757
Erlang
35
GitHub Actions
29
Go
2,327
Maven
5,000+
npm
3,960
NuGet
712
pip
3,741
Pub
12
RubyGems
921
Rust
973
Swift
38
Unreviewed advisories
All unreviewed
5,000+

187 advisories

Loading
Apache Airflow vulnerable to sensitive information exposure when users list warnings for all DAGs Moderate
CVE-2023-42780 was published for apache-airflow (pip) Oct 14, 2023
sunSUNQ
`Cookie` HTTP header isn't stripped on cross-origin redirects High
CVE-2023-43804 was published for urllib3 (pip) Oct 2, 2023
ranjit-git pquentin
illia-v sethmlarson
OpenStack Heat information leak vulnerability High
CVE-2023-1625 was published for openstack-heat (pip) Sep 24, 2023
Apache Airflow information exposure vulnerability High
CVE-2023-40712 was published for apache-airflow (pip) Sep 12, 2023
Information disclosure in AccessControl Moderate
CVE-2023-41050 was published for AccessControl (pip) Sep 7, 2023
d-maurer
Apache Airflow denial of service vulnerability High
CVE-2023-37379 was published for apache-airflow (pip) Aug 23, 2023
Datasette 1.0 alpha series leaks names of databases and tables to unauthenticated users Moderate
CVE-2023-40570 was published for datasette (pip) Aug 22, 2023
Apache Airflow Execution with Unnecessary Privileges High
CVE-2023-39508 was published for apache-airflow (pip) Aug 5, 2023
Apache Airflow information disclosure vulnerability High
CVE-2022-46651 was published for apache-airflow (pip) Jul 12, 2023
yt-dlp File Downloader cookie leak Moderate
CVE-2023-35934 was published for yt-dlp (pip) Jul 6, 2023
Grub4K bashonly
coletdjnz
Apache Superset vulnerable to Exposure of Sensitive Information Moderate
CVE-2023-30776 was published for apache-superset (pip) Jul 6, 2023
Apache Airflow vulnerable to exposure of sensitive information High
CVE-2023-35005 was published for apache-airflow (pip) Jun 19, 2023
Synapse does not apply enough checks to servers requesting auth events of events in a room High
CVE-2022-39335 was published for matrix-synapse (pip) May 24, 2023
Unintended leak of Proxy-Authorization header in requests Moderate
CVE-2023-32681 was published for requests (pip) May 22, 2023
SmashITs tobiasfunke1
sethmlarson nateprewitt
Exposure of Sensitive Information in EVE-SRP Moderate
CVE-2020-36660 was published for EVE-SRP (pip) Feb 6, 2023
Temporary File Information Disclosure vulnerability in MPXJ Low
CVE-2022-41954 was published for mpxj (Maven) Nov 28, 2022
JLLeitschuh jkmartindale
Apache Airflow subject to Exposure of Sensitive Information High
CVE-2022-27949 was published for apache-airflow (pip) Nov 14, 2022
sunSUNQ
sosreport Exposure of Sensitive Information vulnerability Moderate
CVE-2022-2806 was published for sosreport (pip) Sep 2, 2022
Flask-AppBuilder before v4.1.3 allows inference of sensitive information through query strings Low
CVE-2022-31177 was published for Flask-AppBuilder (pip) Jul 29, 2022
Phoenix-ws source code and data in extensions folder is publicly available High
GHSA-c8f7-x2g7-7fxj was published for phoenix-ws (pip) Jun 2, 2022
Ansible Exposes Sensitive Information High
CVE-2021-20228 was published for ansible (pip) May 25, 2022
aptdaemon Information Disclosure via Improper Input Validation in Transaction class Moderate
CVE-2020-15703 was published for aptdaemon (pip) May 24, 2022
OMERO-web Sensitive Data Exposure Moderate
CVE-2020-7932 was published for omero-web (pip) May 24, 2022
OpenStack Nova can leak consoleauth token into log files Low
CVE-2015-9543 was published for Nova (pip) May 24, 2022
FreeIPA logs passwords embedded in commands in calls using batch Moderate
CVE-2019-10195 was published for freeipa (pip) May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database