GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
92
GitHub Actions
54
Go
4,269
Maven
5,000+
npm
5,000+
NuGet
1,029
pip
5,000+
Pub
13
RubyGems
1,103
Rust
1,487
Swift
61
Unreviewed advisories
All unreviewed
5,000+
253 advisories
Filter by severity
Apache DolphinScheduler sensitive information disclosure
High
CVE-2023-48796
was published
for
apache-dolphinscheduler
(Maven)
Nov 24, 2023
Clear Text Credentials Exposed via Onboarding Task
Moderate
CVE-2023-48700
was published
for
nautobot-device-onboarding
(pip)
Nov 21, 2023
Label Studio Object Relational Mapper Leak Vulnerability in Filtering Task
High
CVE-2023-47117
was published
for
label-studio
(pip)
Nov 14, 2023
Apache Airflow vulnerable to Exposure of Sensitive Information to an Unauthorized Actor
High
CVE-2023-42781
was published
for
apache-airflow
(pip)
Nov 12, 2023
Label Studio has Hardcoded Django `SECRET_KEY` that can be Abused to Forge Session Tokens
Critical
CVE-2023-43791
was published
for
label-studio
(pip)
Nov 9, 2023
Synapse vulnerable to leak of remote user device information
Moderate
CVE-2023-43796
was published
for
matrix-synapse
(pip)
Oct 31, 2023
Home Assistant vulnerable to account takeover via auth_callback login
Moderate
CVE-2023-41893
was published
for
homeassistant
(pip)
Oct 26, 2023
Nautobot vulnerable to exposure of hashed user passwords via REST API
High
CVE-2023-46128
was published
for
nautobot
(pip)
Oct 24, 2023
Fides Information Disclosure Vulnerability in Config API Endpoint
Moderate
CVE-2023-46125
was published
for
ethyca-fides
(pip)
Oct 24, 2023
Apache Airflow vulnerable to Exposure of Sensitive Information
Moderate
CVE-2023-46288
was published
for
apache-airflow
(pip)
Oct 23, 2023
Wagtail vulnerable to disclosure of user names via admin bulk action views
Low
CVE-2023-45809
was published
for
wagtail
(pip)
Oct 19, 2023
urllib3's request body not stripped after redirect from 303 status changes request method to GET
Moderate
CVE-2023-45803
was published
for
urllib3
(pip)
Oct 17, 2023
vantage6 does not properly delete linked resources when deleting a collaboration
Low
CVE-2023-41881
was published
for
vantage6
(pip)
Oct 16, 2023
Authorization Header forwarded on redirect
Moderate
CVE-2018-25091
was published
for
urllib3
(pip)
Oct 15, 2023
Apache Airflow vulnerable to sensitive information exposure
Moderate
CVE-2023-42663
was published
for
apache-airflow
(pip)
Oct 14, 2023
Apache Airflow vulnerable to sensitive information exposure when expose-config is set to non-sensitive-only
Moderate
CVE-2023-45348
was published
for
apache-airflow
(pip)
Oct 14, 2023
Apache Airflow vulnerable to sensitive information exposure when users list warnings for all DAGs
Moderate
CVE-2023-42780
was published
for
apache-airflow
(pip)
Oct 14, 2023
`Cookie` HTTP header isn't stripped on cross-origin redirects
High
CVE-2023-43804
was published
for
urllib3
(pip)
Oct 2, 2023
OpenStack Heat information leak vulnerability
High
CVE-2023-1625
was published
for
openstack-heat
(pip)
Sep 24, 2023
Apache Airflow information exposure vulnerability
High
CVE-2023-40712
was published
for
apache-airflow
(pip)
Sep 12, 2023
Information disclosure in AccessControl
Moderate
CVE-2023-41050
was published
for
AccessControl
(pip)
Sep 7, 2023
Apache Airflow denial of service vulnerability
High
CVE-2023-37379
was published
for
apache-airflow
(pip)
Aug 23, 2023
Datasette 1.0 alpha series leaks names of databases and tables to unauthenticated users
Moderate
CVE-2023-40570
was published
for
datasette
(pip)
Aug 22, 2023
Apache Airflow Execution with Unnecessary Privileges
High
CVE-2023-39508
was published
for
apache-airflow
(pip)
Aug 5, 2023
Apache Airflow information disclosure vulnerability
High
CVE-2022-46651
was published
for
apache-airflow
(pip)
Jul 12, 2023
ProTip!
Advisories are also available from the
GraphQL API