Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Filter advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
73
GitHub Actions
53
Go
4,004
Maven
5,000+
npm
5,000+
NuGet
974
pip
5,000+
Pub
13
RubyGems
1,069
Rust
1,395
Swift
61
Unreviewed advisories
All unreviewed
5,000+

57 advisories

Loading
Apache Pulsar: Improper Authentication for Pulsar Proxy Statistics Endpoint High
CVE-2022-34321 was published for org.apache.pulsar:pulsar-proxy (Maven) Mar 12, 2024
oscerd Credited to oscerd
Apache Linkis DataSource: DataSource module Oracle SQL Database Password Logged Moderate
CVE-2023-50740 was published for org.apache.linkis:linkis (Maven) Mar 6, 2024
oscerd Credited to oscerd
Apache InLong: Logged-in user could exploit an arbitrary file read vulnerability Critical
CVE-2024-26580 was published for org.apache.inlong:manager-common (Maven) Mar 6, 2024
oscerd Credited to oscerd
Golang protojson.Unmarshal function infinite loop when unmarshaling certain forms of invalid JSON Moderate
CVE-2024-24786 was published for google.golang.org/protobuf (Go) Mar 6, 2024
oscerd Credited to oscerd and chancez chancez chancez
Incorrect TLS certificate auth method in Vault High
CVE-2024-2048 was published for github.com/hashicorp/vault (Go) Mar 4, 2024
oscerd Credited to oscerd
Withdrawn Advisory: Helm shows secrets in clear text Moderate
CVE-2019-25210 was published for helm.sh/helm/v3 (Go) Mar 3, 2024 withdrawn
oscerd Credited to oscerd
Apache Archiva Reflected Cross-site Scripting vulnerability Moderate
CVE-2024-27140 was published for org.apache.archiva:archiva-common (Maven) Mar 1, 2024
oscerd Credited to oscerd
Apache Ambari: Various Cross site scripting problems Moderate
CVE-2023-50378 was published for org.apache.ambari:ambari (Maven) Mar 1, 2024
oscerd Credited to oscerd
Apache Airflow: Incorrect Default Permissions in audit logs for Ops and Viewers users Moderate
CVE-2024-26280 was published for apache-airflow (pip) Mar 1, 2024
oscerd Credited to oscerd and sunSUNQ sunSUNQ sunSUNQ
Apache Airflow: DAG Code and Import Error Permissions Ignored Moderate
CVE-2024-27906 was published for apache-airflow (pip) Feb 29, 2024
oscerd Credited to oscerd and sunSUNQ sunSUNQ sunSUNQ
Apache Superset: Improper data authorization when creating a new dataset Moderate
CVE-2024-24779 was published for apache-superset (pip) Feb 28, 2024
oscerd Credited to oscerd
Apache Superset: Improper authorization validation on dashboards and charts import Moderate
CVE-2024-26016 was published for apache-superset (pip) Feb 28, 2024
oscerd Credited to oscerd
Apache Superset: Improper validation of SQL statements allows for unauthorized access to data Moderate
CVE-2024-24773 was published for apache-superset (pip) Feb 28, 2024
oscerd Credited to oscerd
Apache Superset: Improper Neutralization of custom SQL on embedded context Moderate
CVE-2024-24772 was published for apache-superset (pip) Feb 28, 2024
oscerd Credited to oscerd
Apache Superset: Improper error handling on alerts Moderate
CVE-2024-27315 was published for apache-superset (pip) Feb 28, 2024
oscerd Credited to oscerd
Apache Ambari XML External Entity injection Moderate
CVE-2023-50380 was published for org.apache.ambari.contrib.views:wfmanager (Maven) Feb 27, 2024
oscerd Credited to oscerd
SMTP smuggling in Apache James High
CVE-2023-51747 was published for org.apache.james:james-server (Maven) Feb 27, 2024
oscerd Credited to oscerd
Apache James server: Privilege escalation via JMX pre-authentication deserialization Critical
CVE-2023-51518 was published for org.apache.james:james-server (Maven) Feb 27, 2024
oscerd Credited to oscerd
Apache Ambari: authenticated users could perform command injection to perform RCE High
CVE-2023-50379 was published for org.apache.ambari.contrib.views:ambari-contrib-views (Maven) Feb 27, 2024
oscerd Credited to oscerd
sanitize-html Information Exposure vulnerability Moderate
CVE-2024-21501 was published for sanitize-html (npm) Feb 24, 2024
oscerd Credited to oscerd and krassowski krassowski krassowski
MLFlow Cross-site Scripting vulnerability leads to client-side Remote Code Execution Critical
CVE-2024-27133 was published for mlflow (pip) Feb 24, 2024
oscerd Credited to oscerd and gabby202308 gabby202308 gabby202308
Deserialization of Untrusted Data in Apache Camel SQL High
CVE-2024-22369 was published for org.apache.camel:camel-sql (Maven) Feb 20, 2024
oscerd Credited to oscerd
Deserialization of Untrusted Data in Apache Camel CassandraQL High
CVE-2024-23114 was published for org.apache.camel:camel-cassandraql (Maven) Feb 20, 2024
oscerd Credited to oscerd
Session Fixation Apache DolphinScheduler Moderate
CVE-2023-50270 was published for org.apache.dolphinscheduler:dolphinscheduler (Maven) Feb 20, 2024
oscerd Credited to oscerd
Broken Access Control in Spring Security With Direct Use of isFullyAuthenticated High
CVE-2024-22234 was published for org.springframework.security:spring-security-core (Maven) Feb 20, 2024
oscerd Credited to oscerd
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database