GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,062
Erlang
29
GitHub Actions
19
Go
1,889
Maven
5,000+
npm
3,622
NuGet
638
pip
3,233
Pub
10
RubyGems
857
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
1,481 advisories
Filter by severity
Apache Airflow Cross-site Scripting
Moderate
CVE-2020-13944
was published
for
apache-airflow
(pip)
Jun 18, 2021
SSRF vulnerability in Apache Airflow
Moderate
CVE-2020-17513
was published
for
apache-airflow
(pip)
Dec 17, 2020
Stored XSS in Apache Airflow
Moderate
CVE-2020-9485
was published
for
apache-airflow
(pip)
Jul 27, 2020
Apache Airflow Open Redirect vulnerability
Moderate
CVE-2022-43985
was published
for
apache-airflow
(pip)
Nov 2, 2022
Apache Airflow vulnerable to Stored XSS
Moderate
CVE-2019-0216
was published
for
apache-airflow
(pip)
Apr 12, 2019
Twisted vulnerable to HTML injection in HTTP redirect body
Moderate
CVE-2024-41810
was published
for
twisted
(pip)
Jul 29, 2024
Cross-site Scripting in Apache Airflow
Moderate
CVE-2021-28359
was published
for
apache-airflow
(pip)
Jun 18, 2021
Apache Airflow vulnerable to stored Cross-site Scripting
Moderate
CVE-2023-29247
was published
for
apache-airflow
(pip)
May 8, 2023
Apache Airflow Incorrect Authorization vulnerability
Moderate
CVE-2023-40611
was published
for
apache-airflow
(pip)
Sep 12, 2023
Apache Airflow: Bypass permission verification to read code of other dags
Moderate
CVE-2023-50944
was published
for
apache-airflow
(pip)
Jan 24, 2024
Apache Airflow Cross-site Scripting Vulnerability
Moderate
CVE-2021-45229
was published
for
apache-airflow
(pip)
Feb 26, 2022
MindsDB Cross-site Scripting vulnerability
Moderate
CVE-2024-45856
was published
for
mindsdb
(pip)
Sep 12, 2024
Apache Airflow vulnerable to Exposure of Sensitive Information to an Unauthorized Actor
Moderate
CVE-2023-42781
was published
for
apache-airflow
(pip)
Nov 12, 2023
Improper Authentication in Apache Airflow
Moderate
CVE-2021-26697
was published
for
apache-airflow
(pip)
Jun 18, 2021
Improper Access Control in Apache Airflow
Moderate
CVE-2021-26559
was published
for
apache-airflow
(pip)
Apr 7, 2021
Apache Airflow allows authenticated and DAG-view authorized users to modify some DAG run detail values when submitting notes
Moderate
CVE-2023-47037
was published
for
apache-airflow
(pip)
Nov 12, 2023
Apache Airflow Improper Input Validation vulnerability
Moderate
CVE-2023-36543
was published
for
apache-airflow
(pip)
Jul 12, 2023
Apache Airflow Improper Input Validation vulnerability
Moderate
CVE-2023-22888
was published
for
apache-airflow
(pip)
Jul 12, 2023
Apache Airflow Path Traversal vulnerability
Moderate
CVE-2023-22887
was published
for
apache-airflow
(pip)
Jul 12, 2023
Aubio Divide-By-Zero DoS vulnerability in new_aubio_source_wavread function
Moderate
CVE-2017-17054
was published
for
aubio
(pip)
May 17, 2022
Apache Superset allowed for database connections password leak for authenticated users
Moderate
CVE-2021-41972
was published
for
apache-superset
(pip)
May 24, 2022
Improper Encoding or Escaping of Output in Apache Superset
Moderate
CVE-2021-42250
was published
for
apache-superset
(pip)
May 24, 2022
Improper certificate management in AWS IoT Device SDK v2
Moderate
CVE-2021-40829
was published
for
aws-iot-device-sdk-v2
(Maven)
Nov 24, 2021
Bleach vulnerable to mutation XSS via whitelisted math or svg and raw tag
Moderate
CVE-2020-6816
was published
for
bleach
(pip)
Mar 24, 2020
ProTip!
Advisories are also available from the
GraphQL API