Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,218
Erlang
31
GitHub Actions
19
Go
1,988
Maven
5,000+
npm
3,704
NuGet
661
pip
3,332
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+

159 advisories

Loading
Apache Airflow: Incorrect Default Permissions in audit logs for Ops and Viewers users Moderate
CVE-2024-26280 was published for apache-airflow (pip) Mar 1, 2024
oscerd sunSUNQ
Improper Initialization in Pillow Moderate
CVE-2022-22815 was published for Pillow (pip) Jan 12, 2022
sunSUNQ
Regular Expression Denial of Service (ReDoS) in Pillow Moderate
CVE-2021-25292 was published for Pillow (pip) Mar 29, 2021
sunSUNQ
Pillow Out-of-bounds Read Moderate
CVE-2020-35655 was published for pillow (pip) Mar 18, 2021
sunSUNQ
Django Cross-site Scripting in AdminURLFieldWidget Moderate
CVE-2019-12308 was published for Django (pip) Jun 10, 2019
sunSUNQ
Django allows unintended model editing Moderate
CVE-2019-19118 was published for Django (pip) Dec 4, 2019
sunSUNQ
Django allows unprivileged users to read the password hashes of arbitrary accounts Moderate
CVE-2018-16984 was published for django (pip) Oct 3, 2018
sunSUNQ
Django open redirect and possible XSS attack via user-supplied numeric redirect URLs Moderate
CVE-2017-7233 was published for Django (pip) Jan 4, 2019
sunSUNQ
Django settings leak in date template filter Moderate
CVE-2015-8213 was published for Django (pip) May 17, 2022
sunSUNQ
Django Denial-of-service possibility in truncatechars_html and truncatewords_html template filters Moderate
CVE-2018-7537 was published for django (pip) Jan 4, 2019
sunSUNQ
Cross-site scripting in django Moderate
CVE-2011-0697 was published for Django (pip) Jul 23, 2018
sunSUNQ
Apache Airflow Path Traversal vulnerability Moderate
CVE-2023-22887 was published for apache-airflow (pip) Jul 12, 2023
sunSUNQ
Apache Airflow allows authenticated and DAG-view authorized users to modify some DAG run detail values when submitting notes Moderate
CVE-2023-47037 was published for apache-airflow (pip) Nov 12, 2023
r3kumar sunSUNQ
Improper Access Control in Apache Airflow Moderate
CVE-2021-26559 was published for apache-airflow (pip) Apr 7, 2021
sunSUNQ
Improper Authentication in Apache Airflow Moderate
CVE-2021-26697 was published for apache-airflow (pip) Jun 18, 2021
sunSUNQ
Apache Airflow Cross-site Scripting Vulnerability Moderate
CVE-2021-45229 was published for apache-airflow (pip) Feb 26, 2022
sunSUNQ
Apache Airflow Incorrect Authorization vulnerability Moderate
CVE-2023-40611 was published for apache-airflow (pip) Sep 12, 2023
sunSUNQ
Cross-site Scripting in Apache Airflow Moderate
CVE-2021-28359 was published for apache-airflow (pip) Jun 18, 2021
sunSUNQ
Apache Airflow vulnerable to Stored XSS Moderate
CVE-2019-0216 was published for apache-airflow (pip) Apr 12, 2019
sunSUNQ
SSRF vulnerability in Apache Airflow Moderate
CVE-2020-17513 was published for apache-airflow (pip) Dec 17, 2020
sunSUNQ
Apache Airflow exposes arbitrary file content Moderate
CVE-2022-38170 was published for apache-airflow (pip) Sep 3, 2022
sunSUNQ
Missing Authorization in Apache Airflow Moderate
CVE-2021-35936 was published for apache-airflow (pip) Aug 30, 2021
sunSUNQ
Apache Airflow Incorrect Authorization vulnerability Moderate
CVE-2023-35908 was published for apache-airflow (pip) Jul 12, 2023
sunSUNQ
Apache Airflow vulnerable to XSS and local file disclosure Moderate
CVE-2019-12417 was published for airflow (pip) Nov 22, 2019
sunSUNQ
Apache Airflow cross-site scripting due to incomplete fix for CVE-2020-13944 Moderate
CVE-2020-17515 was published for apache-airflow (pip) Apr 20, 2021
sunSUNQ
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database