GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+
155 advisories
Filter by severity
Apache Airflow: Incorrect Default Permissions in audit logs for Ops and Viewers users
Moderate
CVE-2024-26280
was published
for
apache-airflow
(pip)
Mar 1, 2024
Apache Airflow: DAG Code and Import Error Permissions Ignored
Moderate
CVE-2024-27906
was published
for
apache-airflow
(pip)
Feb 29, 2024
Apache Airflow allows authenticated and DAG-view authorized users to modify some DAG run detail values when submitting notes
Moderate
CVE-2023-47037
was published
for
apache-airflow
(pip)
Nov 12, 2023
Apache Airflow vulnerable to sensitive information exposure when users list warnings for all DAGs
Moderate
CVE-2023-42780
was published
for
apache-airflow
(pip)
Oct 14, 2023
Apache Airflow vulnerable to sensitive information exposure when expose-config is set to non-sensitive-only
Moderate
CVE-2023-45348
was published
for
apache-airflow
(pip)
Oct 14, 2023
Jenkins does not exclude sensitive build variables from search
Moderate
CVE-2023-43494
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
Sep 20, 2023
Apache Airflow Incorrect Authorization vulnerability
Moderate
CVE-2023-40611
was published
for
apache-airflow
(pip)
Sep 12, 2023
Apache Airflow missing Certificate Validation
Moderate
CVE-2023-39441
was published
for
apache-airflow
(pip)
Aug 23, 2023
Spring Framework vulnerable to denial of service via specially crafted SpEL expression
Moderate
CVE-2023-20861
was published
for
org.springframework:spring-expression
(Maven)
Mar 23, 2023
Apache Airflow Contains Open Redirect
Moderate
CVE-2022-45402
was published
for
apache-airflow
(pip)
Nov 15, 2022
Apache Airflow exposes arbitrary file content
Moderate
CVE-2022-38170
was published
for
apache-airflow
(pip)
Sep 3, 2022
Improper Limitation of a Pathname to a Restricted Directory in Jenkins
Moderate
CVE-2019-10352
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 24, 2022
Denial of Service in Apache ActiveMQ
Moderate
CVE-2011-4905
was published
for
org.apache.activemq:activemq-core
(Maven)
May 17, 2022
Apache Struts2 Broken Access Control Vulnerability
Moderate
CVE-2013-4310
was published
for
org.apache.struts:struts2-core
(Maven)
May 17, 2022
Jenkins allows attackers to execute arbitrary jobs
Moderate
CVE-2014-2058
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 17, 2022
Jenkins allows attackers to configure restricted projects
Moderate
CVE-2013-7330
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 17, 2022
Jenkin allows attackers to obtain passwords by reading the HTML source code
Moderate
CVE-2014-2061
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 17, 2022
Jenkins does not invalidate the API token when a user is deleted
Moderate
CVE-2014-2062
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 17, 2022
Jenkins allows attackers to determine whether a user exists
Moderate
CVE-2014-2064
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 17, 2022
Jenkins session fixation vulnerability
Moderate
CVE-2014-2066
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 17, 2022
Jenkins cross-site scripting (XSS) vulnerability
Moderate
CVE-2014-2065
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 17, 2022
Improper Neutralization of Input During Web Page Generation in Jenkins
Moderate
CVE-2015-7536
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 17, 2022
Jenkins Cross-site Scripting vulnerability
Moderate
CVE-2015-1812
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 17, 2022
Apache ActiveMQ default configuration subject to denial of service
Moderate
CVE-2012-6551
was published
for
org.apache.activemq:activemq-web-demo
(Maven)
May 17, 2022
Apache ActiveMQ Cross-site scripting (XSS) vulnerability in the Portfolio publisher servlet
Moderate
CVE-2013-1880
was published
for
org.apache.activemq:activemq-core
(Maven)
May 17, 2022
ProTip!
Advisories are also available from the
GraphQL API