GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,274
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,419
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
53 advisories
Filter by severity
Apache Sling Authentication Service vulnerability
High
CVE-2017-15700
was published
for
org.apache.sling:org.apache.sling.auth.core
(Maven)
May 14, 2022
fabric8-maven-plugin: insecure way to construct Yaml Object leading to remote code execution
High
CVE-2020-10721
was published
for
io.fabric8:fabric8-maven-plugin
(Maven)
May 24, 2022
Apache AGE: Python and Golang drivers allow data manipulation and exposure due to SQL injection
High
CVE-2022-45786
was published
for
apache-age-python
(Go)
Feb 4, 2023
Apache HDFS Provider error message suggested
High
CVE-2023-41267
was published
for
apache-airflow-providers-apache-hdfs
(pip)
Sep 14, 2023
Improper Verification of Cryptographic Signature in aws-encryption-sdk-java
Moderate
CVE-2024-23680
was published
for
com.amazonaws:aws-encryption-sdk-java
(Maven)
Jan 19, 2024
Apache Commons Compress: Denial of service caused by an infinite loop for a corrupted DUMP file
High
CVE-2024-25710
was published
for
org.apache.commons:commons-compress
(Maven)
Feb 19, 2024
Apache Commons Compress: OutOfMemoryError unpacking broken Pack200 file
Moderate
CVE-2024-26308
was published
for
org.apache.commons:commons-compress
(Maven)
Feb 19, 2024
Broken Access Control in Spring Security With Direct Use of isFullyAuthenticated
High
CVE-2024-22234
was published
for
org.springframework.security:spring-security-core
(Maven)
Feb 20, 2024
Session Fixation Apache DolphinScheduler
Moderate
CVE-2023-50270
was published
for
org.apache.dolphinscheduler:dolphinscheduler
(Maven)
Feb 20, 2024
Deserialization of Untrusted Data in Apache Camel CassandraQL
High
CVE-2024-23114
was published
for
org.apache.camel:camel-cassandraql
(Maven)
Feb 20, 2024
Deserialization of Untrusted Data in Apache Camel SQL
High
CVE-2024-22369
was published
for
org.apache.camel:camel-sql
(Maven)
Feb 20, 2024
MLFlow Cross-site Scripting vulnerability leads to client-side Remote Code Execution
High
CVE-2024-27133
was published
for
mlflow
(pip)
Feb 24, 2024
sanitize-html Information Exposure vulnerability
Moderate
CVE-2024-21501
was published
for
sanitize-html
(npm)
Feb 24, 2024
Apache Ambari: authenticated users could perform command injection to perform RCE
High
CVE-2023-50379
was published
for
org.apache.ambari.contrib.views:ambari-contrib-views
(Maven)
Feb 27, 2024
Apache James server: Privilege escalation via JMX pre-authentication deserialization
Critical
CVE-2023-51518
was published
for
org.apache.james:james-server
(Maven)
Feb 27, 2024
SMTP smuggling in Apache James
High
CVE-2023-51747
was published
for
org.apache.james:james-server
(Maven)
Feb 27, 2024
Apache Ambari XML External Entity injection
Moderate
CVE-2023-50380
was published
for
org.apache.ambari.contrib.views:wfmanager
(Maven)
Feb 27, 2024
Apache Superset: Improper error handling on alerts
Moderate
CVE-2024-27315
was published
for
apache-superset
(pip)
Feb 28, 2024
Apache Superset: Improper Neutralization of custom SQL on embedded context
Moderate
CVE-2024-24772
was published
for
apache-superset
(pip)
Feb 28, 2024
Apache Superset: Improper validation of SQL statements allows for unauthorized access to data
Moderate
CVE-2024-24773
was published
for
apache-superset
(pip)
Feb 28, 2024
Apache Superset: Improper authorization validation on dashboards and charts import
Moderate
CVE-2024-26016
was published
for
apache-superset
(pip)
Feb 28, 2024
Apache Superset: Improper data authorization when creating a new dataset
Moderate
CVE-2024-24779
was published
for
apache-superset
(pip)
Feb 28, 2024
Apache Airflow: DAG Code and Import Error Permissions Ignored
Moderate
CVE-2024-27906
was published
for
apache-airflow
(pip)
Feb 29, 2024
Apache Airflow: Incorrect Default Permissions in audit logs for Ops and Viewers users
Moderate
CVE-2024-26280
was published
for
apache-airflow
(pip)
Mar 1, 2024
Apache Ambari: Various Cross site scripting problems
Moderate
CVE-2023-50378
was published
for
org.apache.ambari:ambari
(Maven)
Mar 1, 2024
ProTip!
Advisories are also available from the
GraphQL API