GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
159 advisories
Apache Airflow: Incorrect Default Permissions in audit logs for Ops and Viewers users
Moderate
CVE-2024-26280
was published
for
apache-airflow
(pip)
Mar 1, 2024
Apache Airflow: DAG Code and Import Error Permissions Ignored
Moderate
CVE-2024-27906
was published
for
apache-airflow
(pip)
Feb 29, 2024
Apache Airflow allows authenticated and DAG-view authorized users to modify some DAG run detail values when submitting notes
Moderate
CVE-2023-47037
was published
for
apache-airflow
(pip)
Nov 12, 2023
Apache Airflow vulnerable to sensitive information exposure when expose-config is set to non-sensitive-only
Moderate
CVE-2023-45348
was published
for
apache-airflow
(pip)
Oct 14, 2023
Apache Airflow vulnerable to sensitive information exposure when users list warnings for all DAGs
Moderate
CVE-2023-42780
was published
for
apache-airflow
(pip)
Oct 14, 2023
Jenkins does not exclude sensitive build variables from search
Moderate
CVE-2023-43494
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
Sep 20, 2023
Apache Airflow Incorrect Authorization vulnerability
Moderate
CVE-2023-40611
was published
for
apache-airflow
(pip)
Sep 12, 2023
Apache Airflow missing Certificate Validation
Moderate
CVE-2023-39441
was published
for
apache-airflow
(pip)
Aug 23, 2023
Apache Airflow Incorrect Authorization vulnerability
Moderate
CVE-2023-35908
was published
for
apache-airflow
(pip)
Jul 12, 2023
Apache Airflow Path Traversal vulnerability
Moderate
CVE-2023-22887
was published
for
apache-airflow
(pip)
Jul 12, 2023
Spring Framework vulnerable to denial of service via specially crafted SpEL expression
Moderate
CVE-2023-20861
was published
for
org.springframework:spring-expression
(Maven)
Mar 23, 2023
Apache Airflow Contains Open Redirect
Moderate
CVE-2022-45402
was published
for
apache-airflow
(pip)
Nov 15, 2022
Apache Airflow exposes arbitrary file content
Moderate
CVE-2022-38170
was published
for
apache-airflow
(pip)
Sep 3, 2022
Improper Limitation of a Pathname to a Restricted Directory in Jenkins
Moderate
CVE-2019-10352
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 24, 2022
Denial of Service in Apache ActiveMQ
Moderate
CVE-2011-4905
was published
for
org.apache.activemq:activemq-core
(Maven)
May 17, 2022
Apache Struts2 Broken Access Control Vulnerability
Moderate
CVE-2013-4310
was published
for
org.apache.struts:struts2-core
(Maven)
May 17, 2022
Jenkins allows attackers to execute arbitrary jobs
Moderate
CVE-2014-2058
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 17, 2022
Jenkins allows attackers to configure restricted projects
Moderate
CVE-2013-7330
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 17, 2022
Jenkins does not invalidate the API token when a user is deleted
Moderate
CVE-2014-2062
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 17, 2022
Jenkin allows attackers to obtain passwords by reading the HTML source code
Moderate
CVE-2014-2061
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 17, 2022
Jenkins allows attackers to determine whether a user exists
Moderate
CVE-2014-2064
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 17, 2022
Jenkins cross-site scripting (XSS) vulnerability
Moderate
CVE-2014-2065
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 17, 2022
Jenkins session fixation vulnerability
Moderate
CVE-2014-2066
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 17, 2022
Improper Neutralization of Input During Web Page Generation in Jenkins
Moderate
CVE-2015-7536
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 17, 2022
Jenkins Cross-site Scripting vulnerability
Moderate
CVE-2015-1812
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 17, 2022
ProTip!
Advisories are also available from the
GraphQL API