Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,974
Erlang
29
GitHub Actions
16
Go
1,762
Maven
4,984
npm
3,523
NuGet
611
pip
3,098
Pub
10
RubyGems
834
Rust
784
Swift
34
Unreviewed advisories
All unreviewed
5,000+

19 advisories

Loading
DIRAC: Unauthorized users can read proxy contents during generation High
CVE-2024-29905 was published for DIRAC (pip) Apr 9, 2024
Apache Airflow: DAG Code and Import Error Permissions Ignored Moderate
CVE-2024-27906 was published for apache-airflow (pip) Feb 29, 2024
oscerd sunSUNQ
Apache Airflow vulnerable to Exposure of Resource to Wrong Sphere Moderate
CVE-2023-48291 was published for apache-airflow (pip) Dec 21, 2023
Apache Airflow vulnerable to privilege escalation Moderate
CVE-2023-42792 was published for apache-airflow (pip) Oct 14, 2023
Apache Superset has Improper Access Control Moderate
CVE-2022-45438 was published for apache-superset (pip) Jan 16, 2023
Temporary File Information Disclosure vulnerability in MPXJ Low
CVE-2022-41954 was published for mpxj (Maven) Nov 28, 2022
JLLeitschuh jkmartindale
Microsoft: CBC Padding Oracle in Azure Blob Storage Encryption Library Moderate
CVE-2022-30187 was published for Azure.Storage.Blobs (Maven) Jul 13, 2022
andrewpollock
Use of insecure temporary file in Horovod High
CVE-2022-0315 was published for horovod (pip) Mar 29, 2022
JamieSlome ashahab
Exposure of Sensitive Information to an Unauthorized Actor in OpenStack tripleo-heat-templates Moderate
CVE-2021-4180 was published for tripleo-heat-templates (pip) Mar 24, 2022
Insecure Temporary File in mlflow High
CVE-2022-0736 was published for mlflow (pip) Feb 24, 2022
Insecure temporary file in Tensorflow High
CVE-2022-23563 was published for tensorflow (pip) Feb 9, 2022
Exposure of Resource to Wrong Sphere and Insecure Temporary File in Ansible Moderate
CVE-2020-10744 was published for ansible (pip) Feb 9, 2022
Exposure of Resource to Wrong Sphere in salt High
CVE-2021-21996 was published for salt (pip) Nov 21, 2021
Remote code execution in dask Critical
CVE-2021-42343 was published for distributed (pip) Oct 27, 2021
Exposure of Resource to Wrong Sphere and Insecure Temporary File in Ansible Moderate
CVE-2020-1733 was published for ansible (pip) Apr 20, 2021
Externally Controlled Reference to a Resource in Another Sphere, Improper Input Validation, and External Control of File Name or Path in Ansible Moderate
CVE-2019-14905 was published for ansible (pip) Apr 20, 2021
Exposure of Resource to Wrong Sphere and Insecure Temporary File in Ansible Low
CVE-2020-10685 was published for ansible (pip) Apr 7, 2021
user-readable api tokens in systemd units for JupyterHub High
CVE-2020-26261 was published for jupyterhub-systemdspawner (pip) Dec 9, 2020
quentinmit
python-docutils allows insecure usage of temporary files Critical
CVE-2009-5042 was published for docutils (pip) Mar 13, 2020
ProTip! Advisories are also available from the GraphQL API