Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,885
Erlang
37
GitHub Actions
38
Go
2,546
Maven
5,000+
npm
4,212
NuGet
744
pip
3,988
Pub
12
RubyGems
950
Rust
1,038
Swift
45
Unreviewed advisories
All unreviewed
5,000+

68 advisories

Loading
Apache Airflow: Incorrect Default Permissions in audit logs for Ops and Viewers users Moderate
CVE-2024-26280 was published for apache-airflow (pip) Mar 1, 2024
oscerd sunSUNQ
Credited to oscerd and sunSUNQ
Apache Airflow: DAG Code and Import Error Permissions Ignored Moderate
CVE-2024-27906 was published for apache-airflow (pip) Feb 29, 2024
oscerd sunSUNQ
Credited to oscerd and sunSUNQ
Apache Airflow allows authenticated and DAG-view authorized users to modify some DAG run detail values when submitting notes Moderate
CVE-2023-47037 was published for apache-airflow (pip) Nov 12, 2023
r3kumar sunSUNQ
Credited to r3kumar and sunSUNQ
Apache Airflow vulnerable to sensitive information exposure when expose-config is set to non-sensitive-only Moderate
CVE-2023-45348 was published for apache-airflow (pip) Oct 14, 2023
sunSUNQ
Credited to sunSUNQ
Apache Airflow vulnerable to sensitive information exposure when users list warnings for all DAGs Moderate
CVE-2023-42780 was published for apache-airflow (pip) Oct 14, 2023
sunSUNQ
Credited to sunSUNQ
Apache Airflow Incorrect Authorization vulnerability Moderate
CVE-2023-40611 was published for apache-airflow (pip) Sep 12, 2023
sunSUNQ
Credited to sunSUNQ
Apache Airflow missing Certificate Validation Moderate
CVE-2023-39441 was published for apache-airflow (pip) Aug 23, 2023
sunSUNQ
Credited to sunSUNQ
Apache Airflow Incorrect Authorization vulnerability High
CVE-2023-35908 was published for apache-airflow (pip) Jul 12, 2023
sunSUNQ
Credited to sunSUNQ
Apache Airflow Path Traversal vulnerability High
CVE-2023-22887 was published for apache-airflow (pip) Jul 12, 2023
sunSUNQ
Credited to sunSUNQ
Resource exhaustion in Django High
CVE-2023-24580 was published for Django (pip) Feb 15, 2023
RamonvdW sunSUNQ
Credited to RamonvdW and sunSUNQ
OS Command Injection in Apache Airflow Critical
CVE-2022-38649 was published for apache-airflow (pip) Nov 22, 2022
sunSUNQ
Credited to sunSUNQ
Apache Airflow Contains Open Redirect Moderate
CVE-2022-45402 was published for apache-airflow (pip) Nov 15, 2022
sunSUNQ
Credited to sunSUNQ
Apache Airflow subject to Exposure of Sensitive Information High
CVE-2022-27949 was published for apache-airflow (pip) Nov 14, 2022
sunSUNQ
Credited to sunSUNQ
Django denial-of-service vulnerability in internationalized URLs High
CVE-2022-41323 was published for django (pip) Oct 16, 2022
sunSUNQ
Credited to sunSUNQ
Apache Airflow may allow authenticated users who have been deactivated to continue using the UI or API High
CVE-2022-41672 was published for apache-airflow (pip) Oct 7, 2022
sunSUNQ
Credited to sunSUNQ
Apache Airflow vulnerable to Use of Externally-Controlled Format String High
CVE-2022-40604 was published for apache-airflow (pip) Sep 22, 2022
sunSUNQ
Credited to sunSUNQ
Apache Airflow exposes arbitrary file content Moderate
CVE-2022-38170 was published for apache-airflow (pip) Sep 3, 2022
sunSUNQ
Credited to sunSUNQ
Django vulnerable to Reflected File Download attack High
CVE-2022-36359 was published for Django (pip) Aug 11, 2022
sunSUNQ levpachmanov
G-Rath
Credited to sunSUNQ, levpachmanov, and G-Rath
Buffer over-flow in Pillow High
CVE-2022-30595 was published for Pillow (pip) May 26, 2022
sunSUNQ
Credited to sunSUNQ
Django vulnerable to Improper Restriction of Operations within the Bounds of a Memory Buffer High
CVE-2012-3444 was published for Django (pip) May 17, 2022
sunSUNQ
Credited to sunSUNQ
Django settings leak in date template filter Moderate
CVE-2015-8213 was published for Django (pip) May 17, 2022
sunSUNQ
Credited to sunSUNQ
Django DoS in django.views.static.serve High
CVE-2015-0221 was published for Django (pip) May 17, 2022
sunSUNQ
Credited to sunSUNQ
Django Vulnerable to Cache Poisoning Critical
CVE-2014-1418 was published for Django (pip) May 17, 2022
sunSUNQ
Credited to sunSUNQ
Django Vulnerable to HTTP Response Splitting Attack High
CVE-2015-5144 was published for Django (pip) May 17, 2022
sunSUNQ
Credited to sunSUNQ
Path traversal in Pillow High
CVE-2022-24303 was published for Pillow (pip) Mar 11, 2022
sunSUNQ
Credited to sunSUNQ
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database