Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,062
Erlang
29
GitHub Actions
19
Go
1,889
Maven
5,000+
npm
3,622
NuGet
638
pip
3,233
Pub
10
RubyGems
857
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

1,481 advisories

Loading
Apache Airflow Cross-site Scripting Moderate
CVE-2020-13944 was published for apache-airflow (pip) Jun 18, 2021
SSRF vulnerability in Apache Airflow Moderate
CVE-2020-17513 was published for apache-airflow (pip) Dec 17, 2020
sunSUNQ
Stored XSS in Apache Airflow Moderate
CVE-2020-9485 was published for apache-airflow (pip) Jul 27, 2020
Apache Airflow Open Redirect vulnerability Moderate
CVE-2022-43985 was published for apache-airflow (pip) Nov 2, 2022
Apache Airflow vulnerable to Stored XSS Moderate
CVE-2019-0216 was published for apache-airflow (pip) Apr 12, 2019
sunSUNQ
Twisted vulnerable to HTML injection in HTTP redirect body Moderate
CVE-2024-41810 was published for twisted (pip) Jul 29, 2024
v1ktor0t twm
Cross-site Scripting in Apache Airflow Moderate
CVE-2021-28359 was published for apache-airflow (pip) Jun 18, 2021
sunSUNQ
Apache Airflow vulnerable to stored Cross-site Scripting Moderate
CVE-2023-29247 was published for apache-airflow (pip) May 8, 2023
Apache Airflow Incorrect Authorization vulnerability Moderate
CVE-2023-40611 was published for apache-airflow (pip) Sep 12, 2023
sunSUNQ
Apache Airflow: Bypass permission verification to read code of other dags Moderate
CVE-2023-50944 was published for apache-airflow (pip) Jan 24, 2024
Apache Airflow Cross-site Scripting Vulnerability Moderate
CVE-2021-45229 was published for apache-airflow (pip) Feb 26, 2022
sunSUNQ
MindsDB Cross-site Scripting vulnerability Moderate
CVE-2024-45856 was published for mindsdb (pip) Sep 12, 2024
Apache Airflow vulnerable to Exposure of Sensitive Information to an Unauthorized Actor Moderate
CVE-2023-42781 was published for apache-airflow (pip) Nov 12, 2023
Improper Authentication in Apache Airflow Moderate
CVE-2021-26697 was published for apache-airflow (pip) Jun 18, 2021
sunSUNQ
Improper Access Control in Apache Airflow Moderate
CVE-2021-26559 was published for apache-airflow (pip) Apr 7, 2021
sunSUNQ
Apache Airflow allows authenticated and DAG-view authorized users to modify some DAG run detail values when submitting notes Moderate
CVE-2023-47037 was published for apache-airflow (pip) Nov 12, 2023
r3kumar sunSUNQ
Apache Airflow Improper Input Validation vulnerability Moderate
CVE-2023-36543 was published for apache-airflow (pip) Jul 12, 2023
Apache Airflow Improper Input Validation vulnerability Moderate
CVE-2023-22888 was published for apache-airflow (pip) Jul 12, 2023
Apache Airflow Path Traversal vulnerability Moderate
CVE-2023-22887 was published for apache-airflow (pip) Jul 12, 2023
sunSUNQ
Aubio Divide-By-Zero DoS vulnerability in new_aubio_source_wavread function Moderate
CVE-2017-17054 was published for aubio (pip) May 17, 2022
Open Redirect in archivy Moderate
CVE-2022-0697 was published for archivy (pip) Mar 8, 2022
Apache Superset allowed for database connections password leak for authenticated users Moderate
CVE-2021-41972 was published for apache-superset (pip) May 24, 2022
Improper Encoding or Escaping of Output in Apache Superset Moderate
CVE-2021-42250 was published for apache-superset (pip) May 24, 2022
Improper certificate management in AWS IoT Device SDK v2 Moderate
CVE-2021-40829 was published for aws-iot-device-sdk-v2 (Maven) Nov 24, 2021
Bleach vulnerable to mutation XSS via whitelisted math or svg and raw tag Moderate
CVE-2020-6816 was published for bleach (pip) Mar 24, 2020
ProTip! Advisories are also available from the GraphQL API