GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
21
Go
2,003
Maven
5,000+
npm
3,713
NuGet
661
pip
3,386
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
53 advisories
Filter by severity
Incorrect TLS certificate auth method in Vault
High
CVE-2024-2048
was published
for
github.com/hashicorp/vault
(Go)
Mar 4, 2024
Helm shows secrets in clear text
Moderate
CVE-2019-25210
was published
for
helm.sh/helm/v3
(Go)
Mar 3, 2024
Apache Archiva Reflected Cross-site Scripting vulnerability
Moderate
CVE-2024-27140
was published
for
org.apache.archiva:archiva-common
(Maven)
Mar 1, 2024
Apache Ambari: Various Cross site scripting problems
Moderate
CVE-2023-50378
was published
for
org.apache.ambari:ambari
(Maven)
Mar 1, 2024
Apache Airflow: Incorrect Default Permissions in audit logs for Ops and Viewers users
Moderate
CVE-2024-26280
was published
for
apache-airflow
(pip)
Mar 1, 2024
Apache Airflow: DAG Code and Import Error Permissions Ignored
Moderate
CVE-2024-27906
was published
for
apache-airflow
(pip)
Feb 29, 2024
Apache Superset: Improper data authorization when creating a new dataset
Moderate
CVE-2024-24779
was published
for
apache-superset
(pip)
Feb 28, 2024
Apache Superset: Improper authorization validation on dashboards and charts import
Moderate
CVE-2024-26016
was published
for
apache-superset
(pip)
Feb 28, 2024
Apache Superset: Improper validation of SQL statements allows for unauthorized access to data
Moderate
CVE-2024-24773
was published
for
apache-superset
(pip)
Feb 28, 2024
Apache Superset: Improper Neutralization of custom SQL on embedded context
Moderate
CVE-2024-24772
was published
for
apache-superset
(pip)
Feb 28, 2024
Apache Superset: Improper error handling on alerts
Moderate
CVE-2024-27315
was published
for
apache-superset
(pip)
Feb 28, 2024
Apache Ambari XML External Entity injection
Moderate
CVE-2023-50380
was published
for
org.apache.ambari.contrib.views:wfmanager
(Maven)
Feb 27, 2024
SMTP smuggling in Apache James
High
CVE-2023-51747
was published
for
org.apache.james:james-server
(Maven)
Feb 27, 2024
Apache James server: Privilege escalation via JMX pre-authentication deserialization
Critical
CVE-2023-51518
was published
for
org.apache.james:james-server
(Maven)
Feb 27, 2024
Apache Ambari: authenticated users could perform command injection to perform RCE
High
CVE-2023-50379
was published
for
org.apache.ambari.contrib.views:ambari-contrib-views
(Maven)
Feb 27, 2024
sanitize-html Information Exposure vulnerability
Moderate
CVE-2024-21501
was published
for
sanitize-html
(npm)
Feb 24, 2024
MLFlow Cross-site Scripting vulnerability leads to client-side Remote Code Execution
High
CVE-2024-27133
was published
for
mlflow
(pip)
Feb 24, 2024
Deserialization of Untrusted Data in Apache Camel SQL
High
CVE-2024-22369
was published
for
org.apache.camel:camel-sql
(Maven)
Feb 20, 2024
Deserialization of Untrusted Data in Apache Camel CassandraQL
High
CVE-2024-23114
was published
for
org.apache.camel:camel-cassandraql
(Maven)
Feb 20, 2024
Session Fixation Apache DolphinScheduler
Moderate
CVE-2023-50270
was published
for
org.apache.dolphinscheduler:dolphinscheduler
(Maven)
Feb 20, 2024
Broken Access Control in Spring Security With Direct Use of isFullyAuthenticated
High
CVE-2024-22234
was published
for
org.springframework.security:spring-security-core
(Maven)
Feb 20, 2024
Apache Commons Compress: OutOfMemoryError unpacking broken Pack200 file
Moderate
CVE-2024-26308
was published
for
org.apache.commons:commons-compress
(Maven)
Feb 19, 2024
Apache Commons Compress: Denial of service caused by an infinite loop for a corrupted DUMP file
High
CVE-2024-25710
was published
for
org.apache.commons:commons-compress
(Maven)
Feb 19, 2024
Improper Verification of Cryptographic Signature in aws-encryption-sdk-java
Moderate
CVE-2024-23680
was published
for
com.amazonaws:aws-encryption-sdk-java
(Maven)
Jan 19, 2024
Apache HDFS Provider error message suggested
High
CVE-2023-41267
was published
for
apache-airflow-providers-apache-hdfs
(pip)
Sep 14, 2023
ProTip!
Advisories are also available from the
GraphQL API