Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

253 advisories

Loading
Apache DolphinScheduler sensitive information disclosure High
CVE-2023-48796 was published for apache-dolphinscheduler (Maven) Nov 24, 2023
Clear Text Credentials Exposed via Onboarding Task Moderate
CVE-2023-48700 was published for nautobot-device-onboarding (pip) Nov 21, 2023
whitej6 Credited to whitej6, jeffkala, bryanculver, scetron, and glennmatthews jeffkala jeffkala
bryanculver bryanculver scetron scetron glennmatthews glennmatthews
Label Studio Object Relational Mapper Leak Vulnerability in Filtering Task High
CVE-2023-47117 was published for label-studio (pip) Nov 14, 2023
alex-elttam Credited to alex-elttam
Apache Airflow vulnerable to Exposure of Sensitive Information to an Unauthorized Actor High
CVE-2023-42781 was published for apache-airflow (pip) Nov 12, 2023
Label Studio has Hardcoded Django `SECRET_KEY` that can be Abused to Forge Session Tokens Critical
CVE-2023-43791 was published for label-studio (pip) Nov 9, 2023
alex-elttam Credited to alex-elttam and Robbilie Robbilie Robbilie
Synapse vulnerable to leak of remote user device information Moderate
CVE-2023-43796 was published for matrix-synapse (pip) Oct 31, 2023
Home Assistant vulnerable to account takeover via auth_callback login Moderate
CVE-2023-41893 was published for homeassistant (pip) Oct 26, 2023
Nautobot vulnerable to exposure of hashed user passwords via REST API High
CVE-2023-46128 was published for nautobot (pip) Oct 24, 2023
Fides Information Disclosure Vulnerability in Config API Endpoint Moderate
CVE-2023-46125 was published for ethyca-fides (pip) Oct 24, 2023
h0wl Credited to h0wl
Apache Airflow vulnerable to Exposure of Sensitive Information Moderate
CVE-2023-46288 was published for apache-airflow (pip) Oct 23, 2023
Wagtail vulnerable to disclosure of user names via admin bulk action views Low
CVE-2023-45809 was published for wagtail (pip) Oct 19, 2023
quyenheu Credited to quyenheu
urllib3's request body not stripped after redirect from 303 status changes request method to GET Moderate
CVE-2023-45803 was published for urllib3 (pip) Oct 17, 2023
ranjit-git Credited to ranjit-git, illia-v, sethmlarson, and Hacked36 illia-v illia-v
sethmlarson sethmlarson Hacked36 Hacked36
vantage6 does not properly delete linked resources when deleting a collaboration Low
CVE-2023-41881 was published for vantage6 (pip) Oct 16, 2023
Authorization Header forwarded on redirect Moderate
CVE-2018-25091 was published for urllib3 (pip) Oct 15, 2023
Apache Airflow vulnerable to sensitive information exposure Moderate
CVE-2023-42663 was published for apache-airflow (pip) Oct 14, 2023
Apache Airflow vulnerable to sensitive information exposure when expose-config is set to non-sensitive-only Moderate
CVE-2023-45348 was published for apache-airflow (pip) Oct 14, 2023
sunSUNQ Credited to sunSUNQ
Apache Airflow vulnerable to sensitive information exposure when users list warnings for all DAGs Moderate
CVE-2023-42780 was published for apache-airflow (pip) Oct 14, 2023
sunSUNQ Credited to sunSUNQ
`Cookie` HTTP header isn't stripped on cross-origin redirects High
CVE-2023-43804 was published for urllib3 (pip) Oct 2, 2023
ranjit-git Credited to ranjit-git, pquentin, illia-v, and sethmlarson pquentin pquentin
illia-v illia-v sethmlarson sethmlarson
OpenStack Heat information leak vulnerability High
CVE-2023-1625 was published for openstack-heat (pip) Sep 24, 2023
Apache Airflow information exposure vulnerability High
CVE-2023-40712 was published for apache-airflow (pip) Sep 12, 2023
Information disclosure in AccessControl Moderate
CVE-2023-41050 was published for AccessControl (pip) Sep 7, 2023
d-maurer Credited to d-maurer
Apache Airflow denial of service vulnerability High
CVE-2023-37379 was published for apache-airflow (pip) Aug 23, 2023
Datasette 1.0 alpha series leaks names of databases and tables to unauthenticated users Moderate
CVE-2023-40570 was published for datasette (pip) Aug 22, 2023
Apache Airflow Execution with Unnecessary Privileges High
CVE-2023-39508 was published for apache-airflow (pip) Aug 5, 2023
Apache Airflow information disclosure vulnerability High
CVE-2022-46651 was published for apache-airflow (pip) Jul 12, 2023
ProTip! Advisories are also available from the GraphQL API