Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,683
Erlang
29
GitHub Actions
16
Go
1,708
Maven
4,944
npm
3,473
NuGet
603
pip
2,995
Pub
10
RubyGems
826
Rust
773
Swift
34
Unreviewed advisories
All unreviewed
5,000+

45 advisories

fabric8-maven-plugin: insecure way to construct Yaml Object leading to remote code execution High
CVE-2020-10721 was published for io.fabric8:fabric8-maven-plugin (Maven) May 24, 2022
oscerd
Apache AGE: Python and Golang drivers allow data manipulation and exposure due to SQL injection High
CVE-2022-45786 was published for apache-age-python (Go) Feb 4, 2023
oscerd
Apache HDFS Provider error message suggested High
CVE-2023-41267 was published for apache-airflow-providers-apache-hdfs (pip) Sep 14, 2023
oscerd
Improper Verification of Cryptographic Signature in aws-encryption-sdk-java Moderate
CVE-2024-23680 was published for com.amazonaws:aws-encryption-sdk-java (Maven) Jan 19, 2024
oscerd
Apache Commons Compress: Denial of service caused by an infinite loop for a corrupted DUMP file High
CVE-2024-25710 was published for org.apache.commons:commons-compress (Maven) Feb 19, 2024
oscerd
Apache Commons Compress: OutOfMemoryError unpacking broken Pack200 file High
CVE-2024-26308 was published for org.apache.commons:commons-compress (Maven) Feb 19, 2024
oscerd
Broken Access Control in Spring Security With Direct Use of isFullyAuthenticated High
CVE-2024-22234 was published for org.springframework.security:spring-security-core (Maven) Feb 20, 2024
oscerd
Session Fixation Apache DolphinScheduler Moderate
CVE-2023-50270 was published for org.apache.dolphinscheduler:dolphinscheduler (Maven) Feb 20, 2024
oscerd
Deserialization of Untrusted Data in Apache Camel SQL High
CVE-2024-22369 was published for org.apache.camel:camel-sql (Maven) Feb 20, 2024
oscerd
Deserialization of Untrusted Data in Apache Camel CassandraQL High
CVE-2024-23114 was published for org.apache.camel:camel-cassandraql (Maven) Feb 20, 2024
oscerd
MLFlow Cross-site Scripting vulnerability leads to client-side Remote Code Execution High
CVE-2024-27133 was published for mlflow (pip) Feb 24, 2024
oscerd
sanitize-html Information Exposure vulnerability Moderate
CVE-2024-21501 was published for sanitize-html (npm) Feb 24, 2024
oscerd krassowski
Apache James server: Privilege escalation via JMX pre-authentication deserialization Moderate
CVE-2023-51518 was published for org.apache.james:james-server (Maven) Feb 27, 2024
oscerd
Apache Ambari: authenticated users could perform command injection to perform RCE High
CVE-2023-50379 was published for org.apache.ambari.contrib.views:ambari-contrib-views (Maven) Feb 27, 2024
oscerd
SMTP smuggling in Apache James Moderate
CVE-2023-51747 was published for org.apache.james:james-server (Maven) Feb 27, 2024
oscerd
Apache Ambari XML External Entity injection Moderate
CVE-2023-50380 was published for org.apache.ambari.contrib.views:wfmanager (Maven) Feb 27, 2024
oscerd
Apache Superset: Improper error handling on alerts Moderate
CVE-2024-27315 was published for apache-superset (pip) Feb 28, 2024
oscerd
Apache Superset: Improper Neutralization of custom SQL on embedded context Moderate
CVE-2024-24772 was published for apache-superset (pip) Feb 28, 2024
oscerd
Apache Superset: Improper validation of SQL statements allows for unauthorized access to data Moderate
CVE-2024-24773 was published for apache-superset (pip) Feb 28, 2024
oscerd
Apache Superset: Improper authorization validation on dashboards and charts import Moderate
CVE-2024-26016 was published for apache-superset (pip) Feb 28, 2024
oscerd
Apache Superset: Improper data authorization when creating a new dataset Moderate
CVE-2024-24779 was published for apache-superset (pip) Feb 28, 2024
oscerd
Apache Airflow: DAG Code and Import Error Permissions Ignored Moderate
CVE-2024-27906 was published for apache-airflow (pip) Feb 29, 2024
oscerd sunSUNQ
Apache Airflow: Incorrect Default Permissions in audit logs for Ops and Viewers users Moderate
CVE-2024-26280 was published for apache-airflow (pip) Mar 1, 2024
oscerd sunSUNQ
Apache Ambari: Various Cross site scripting problems Moderate
CVE-2023-50378 was published for org.apache.ambari:ambari (Maven) Mar 1, 2024
oscerd
Apache Archiva Reflected Cross-site Scripting vulnerability Moderate
CVE-2024-27140 was published for org.apache.archiva:archiva-common (Maven) Mar 1, 2024
oscerd
ProTip! Advisories are also available from the GraphQL API