GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,205
Erlang
31
GitHub Actions
19
Go
1,988
Maven
5,000+
npm
3,704
NuGet
661
pip
3,332
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
31 advisories
Filter by severity
Apache Airflow: Incorrect Default Permissions in audit logs for Ops and Viewers users
Moderate
CVE-2024-26280
was published
for
apache-airflow
(pip)
Mar 1, 2024
Improper Initialization in Pillow
Moderate
CVE-2022-22815
was published
for
Pillow
(pip)
Jan 12, 2022
Regular Expression Denial of Service (ReDoS) in Pillow
Moderate
CVE-2021-25292
was published
for
Pillow
(pip)
Mar 29, 2021
Django Cross-site Scripting in AdminURLFieldWidget
Moderate
CVE-2019-12308
was published
for
Django
(pip)
Jun 10, 2019
Django allows unintended model editing
Moderate
CVE-2019-19118
was published
for
Django
(pip)
Dec 4, 2019
Django allows unprivileged users to read the password hashes of arbitrary accounts
Moderate
CVE-2018-16984
was published
for
django
(pip)
Oct 3, 2018
Django open redirect and possible XSS attack via user-supplied numeric redirect URLs
Moderate
CVE-2017-7233
was published
for
Django
(pip)
Jan 4, 2019
Django settings leak in date template filter
Moderate
CVE-2015-8213
was published
for
Django
(pip)
May 17, 2022
Django Denial-of-service possibility in truncatechars_html and truncatewords_html template filters
Moderate
CVE-2018-7537
was published
for
django
(pip)
Jan 4, 2019
Apache Airflow Path Traversal vulnerability
Moderate
CVE-2023-22887
was published
for
apache-airflow
(pip)
Jul 12, 2023
Apache Airflow allows authenticated and DAG-view authorized users to modify some DAG run detail values when submitting notes
Moderate
CVE-2023-47037
was published
for
apache-airflow
(pip)
Nov 12, 2023
Improper Access Control in Apache Airflow
Moderate
CVE-2021-26559
was published
for
apache-airflow
(pip)
Apr 7, 2021
Improper Authentication in Apache Airflow
Moderate
CVE-2021-26697
was published
for
apache-airflow
(pip)
Jun 18, 2021
Apache Airflow Cross-site Scripting Vulnerability
Moderate
CVE-2021-45229
was published
for
apache-airflow
(pip)
Feb 26, 2022
Apache Airflow Incorrect Authorization vulnerability
Moderate
CVE-2023-40611
was published
for
apache-airflow
(pip)
Sep 12, 2023
Cross-site Scripting in Apache Airflow
Moderate
CVE-2021-28359
was published
for
apache-airflow
(pip)
Jun 18, 2021
Apache Airflow vulnerable to Stored XSS
Moderate
CVE-2019-0216
was published
for
apache-airflow
(pip)
Apr 12, 2019
SSRF vulnerability in Apache Airflow
Moderate
CVE-2020-17513
was published
for
apache-airflow
(pip)
Dec 17, 2020
Apache Airflow exposes arbitrary file content
Moderate
CVE-2022-38170
was published
for
apache-airflow
(pip)
Sep 3, 2022
Missing Authorization in Apache Airflow
Moderate
CVE-2021-35936
was published
for
apache-airflow
(pip)
Aug 30, 2021
Apache Airflow Incorrect Authorization vulnerability
Moderate
CVE-2023-35908
was published
for
apache-airflow
(pip)
Jul 12, 2023
Apache Airflow vulnerable to XSS and local file disclosure
Moderate
CVE-2019-12417
was published
for
airflow
(pip)
Nov 22, 2019
Apache Airflow cross-site scripting due to incomplete fix for CVE-2020-13944
Moderate
CVE-2020-17515
was published
for
apache-airflow
(pip)
Apr 20, 2021
ProTip!
Advisories are also available from the
GraphQL API