GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
21
Go
2,003
Maven
5,000+
npm
3,713
NuGet
661
pip
3,386
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
53 advisories
Filter by severity
Apache Ambari XML External Entity injection
Moderate
CVE-2023-50380
was published
for
org.apache.ambari.contrib.views:wfmanager
(Maven)
Feb 27, 2024
Apache Superset: Improper Neutralization of custom SQL on embedded context
Moderate
CVE-2024-24772
was published
for
apache-superset
(pip)
Feb 28, 2024
Apache Superset: Improper validation of SQL statements allows for unauthorized access to data
Moderate
CVE-2024-24773
was published
for
apache-superset
(pip)
Feb 28, 2024
Apache Superset: Improper data authorization when creating a new dataset
Moderate
CVE-2024-24779
was published
for
apache-superset
(pip)
Feb 28, 2024
fabric8-maven-plugin: insecure way to construct Yaml Object leading to remote code execution
High
CVE-2020-10721
was published
for
io.fabric8:fabric8-maven-plugin
(Maven)
May 24, 2022
Apache AGE: Python and Golang drivers allow data manipulation and exposure due to SQL injection
High
CVE-2022-45786
was published
for
apache-age-python
(Go)
Feb 4, 2023
Apache HDFS Provider error message suggested
High
CVE-2023-41267
was published
for
apache-airflow-providers-apache-hdfs
(pip)
Sep 14, 2023
Deserialization of Untrusted Data in Apache Camel CassandraQL
High
CVE-2024-23114
was published
for
org.apache.camel:camel-cassandraql
(Maven)
Feb 20, 2024
Session Fixation Apache DolphinScheduler
Moderate
CVE-2023-50270
was published
for
org.apache.dolphinscheduler:dolphinscheduler
(Maven)
Feb 20, 2024
Apache Commons Compress: Denial of service caused by an infinite loop for a corrupted DUMP file
High
CVE-2024-25710
was published
for
org.apache.commons:commons-compress
(Maven)
Feb 19, 2024
Apache Superset: Improper authorization validation on dashboards and charts import
Moderate
CVE-2024-26016
was published
for
apache-superset
(pip)
Feb 28, 2024
Broken Access Control in Spring Security With Direct Use of isFullyAuthenticated
High
CVE-2024-22234
was published
for
org.springframework.security:spring-security-core
(Maven)
Feb 20, 2024
Helm shows secrets in clear text
Moderate
CVE-2019-25210
was published
for
helm.sh/helm/v3
(Go)
Mar 3, 2024
Apache Archiva Reflected Cross-site Scripting vulnerability
Moderate
CVE-2024-27140
was published
for
org.apache.archiva:archiva-common
(Maven)
Mar 1, 2024
Apache Zeppelin: Cron arbitrary user impersonation with improper privileges
Moderate
CVE-2024-31865
was published
for
org.apache.zeppelin:zeppelin-server
(Maven)
Apr 9, 2024
Apache Zeppelin: LDAP search filter query Injection Vulnerability
Moderate
CVE-2024-31867
was published
for
org.apache.zeppelin:zeppelin-server
(Maven)
Apr 9, 2024
Apache Pulsar: Improper Input Validation in Pulsar Function Worker allows Remote Code Execution
High
CVE-2024-27135
was published
for
org.apache.pulsar:pulsar-functions-worker
(Maven)
Mar 12, 2024
Apache Pulsar: Pulsar Functions Worker's Archive Extraction Vulnerability Allows Unauthorized File Modification
High
CVE-2024-27317
was published
for
org.apache.pulsar:pulsar-functions-worker
(Maven)
Mar 12, 2024
Apache Pulsar: Pulsar Functions Worker Allows Unauthorized File Access and Unauthorized HTTP/HTTPS Proxying
High
CVE-2024-27894
was published
for
org.apache.pulsar:pulsar-functions-worker
(Maven)
Mar 12, 2024
Apache Pulsar: Improper Authentication for Pulsar Proxy Statistics Endpoint
High
CVE-2022-34321
was published
for
org.apache.pulsar:pulsar-proxy
(Maven)
Mar 12, 2024
Apache Pulsar: Improper Authorization For Topic-Level Policy Management
Moderate
CVE-2024-28098
was published
for
org.apache.pulsar:pulsar-broker
(Maven)
Mar 12, 2024
Apache Commons Configuration: StackOverflowError adding property in AbstractListDelimiterHandler.flattenIterator()
Moderate
CVE-2024-29131
was published
for
org.apache.commons:commons-configuration2
(Maven)
Mar 21, 2024
Apache Pulsar: Improper Authorization For Namespace and Topic Management Endpoints
Moderate
CVE-2024-29834
was published
for
org.apache.pulsar:pulsar-broker
(Maven)
Apr 2, 2024
Apache Zeppelin remote code execution by adding malicious JDBC connection string
Critical
CVE-2024-31864
was published
for
org.apache.zeppelin:zeppelin-jdbc
(Maven)
Apr 9, 2024
Apache Airflow: Ignored Airflow Permission
Moderate
CVE-2024-28746
was published
for
apache-airflow
(pip)
Mar 14, 2024
ProTip!
Advisories are also available from the
GraphQL API