Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

33 advisories

Loading
Apache Airflow: Incorrect Default Permissions in audit logs for Ops and Viewers users Moderate
CVE-2024-26280 was published for apache-airflow (pip) Mar 1, 2024
oscerd sunSUNQ
Apache Airflow: DAG Code and Import Error Permissions Ignored Moderate
CVE-2024-27906 was published for apache-airflow (pip) Feb 29, 2024
oscerd sunSUNQ
Apache Airflow allows authenticated and DAG-view authorized users to modify some DAG run detail values when submitting notes Moderate
CVE-2023-47037 was published for apache-airflow (pip) Nov 12, 2023
r3kumar sunSUNQ
Apache Airflow vulnerable to sensitive information exposure when expose-config is set to non-sensitive-only Moderate
CVE-2023-45348 was published for apache-airflow (pip) Oct 14, 2023
sunSUNQ
Apache Airflow vulnerable to sensitive information exposure when users list warnings for all DAGs Moderate
CVE-2023-42780 was published for apache-airflow (pip) Oct 14, 2023
sunSUNQ
Apache Airflow Incorrect Authorization vulnerability Moderate
CVE-2023-40611 was published for apache-airflow (pip) Sep 12, 2023
sunSUNQ
Apache Airflow missing Certificate Validation Moderate
CVE-2023-39441 was published for apache-airflow (pip) Aug 23, 2023
sunSUNQ
Apache Airflow Incorrect Authorization vulnerability Moderate
CVE-2023-35908 was published for apache-airflow (pip) Jul 12, 2023
sunSUNQ
Apache Airflow Path Traversal vulnerability Moderate
CVE-2023-22887 was published for apache-airflow (pip) Jul 12, 2023
sunSUNQ
Apache Airflow Contains Open Redirect Moderate
CVE-2022-45402 was published for apache-airflow (pip) Nov 15, 2022
sunSUNQ
Apache Airflow exposes arbitrary file content Moderate
CVE-2022-38170 was published for apache-airflow (pip) Sep 3, 2022
sunSUNQ
Django settings leak in date template filter Moderate
CVE-2015-8213 was published for Django (pip) May 17, 2022
sunSUNQ
Apache Airflow Cross-site Scripting Vulnerability Moderate
CVE-2021-45229 was published for apache-airflow (pip) Feb 26, 2022
sunSUNQ
Improper Initialization in Pillow Moderate
CVE-2022-22815 was published for Pillow (pip) Jan 12, 2022
sunSUNQ
Out-of-bounds read in Pillow Moderate
CVE-2020-10378 was published for Pillow (pip) Nov 3, 2021
sunSUNQ
Missing Authorization in Apache Airflow Moderate
CVE-2021-35936 was published for apache-airflow (pip) Aug 30, 2021
sunSUNQ
Cross-site Scripting in Apache Airflow Moderate
CVE-2021-28359 was published for apache-airflow (pip) Jun 18, 2021
sunSUNQ
Improper Authentication in Apache Airflow Moderate
CVE-2021-26697 was published for apache-airflow (pip) Jun 18, 2021
sunSUNQ
Apache Airflow cross-site scripting due to incomplete fix for CVE-2020-13944 Moderate
CVE-2020-17515 was published for apache-airflow (pip) Apr 20, 2021
sunSUNQ
Improper Access Control in Apache Airflow Moderate
CVE-2021-26559 was published for apache-airflow (pip) Apr 7, 2021
sunSUNQ
Regular Expression Denial of Service (ReDoS) in Pillow Moderate
CVE-2021-25292 was published for Pillow (pip) Mar 29, 2021
sunSUNQ
Pillow Out-of-bounds Read Moderate
CVE-2020-35655 was published for Pillow (pip) Mar 18, 2021
sunSUNQ
SSRF vulnerability in Apache Airflow Moderate
CVE-2020-17513 was published for apache-airflow (pip) Dec 17, 2020
sunSUNQ
Out-of-bounds reads in Pillow Moderate
CVE-2020-10177 was published for Pillow (pip) Jul 27, 2020
sunSUNQ
Django allows unintended model editing Moderate
CVE-2019-19118 was published for Django (pip) Dec 4, 2019
sunSUNQ
ProTip! Advisories are also available from the GraphQL API