GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
350 advisories
Spring Framework vulnerable to denial of service via specially crafted SpEL expression
Moderate
CVE-2023-20861
was published
for
org.springframework:spring-expression
(Maven)
Mar 23, 2023
Apache Airflow allows authenticated and DAG-view authorized users to modify some DAG run detail values when submitting notes
Moderate
CVE-2023-47037
was published
for
apache-airflow
(pip)
Nov 12, 2023
Apache ActiveMQ is vulnerable to Remote Code Execution
Critical
CVE-2023-46604
was published
for
org.apache.activemq:activemq-client
(Maven)
Oct 27, 2023
Apache Airflow Incorrect Authorization vulnerability
Moderate
CVE-2023-40611
was published
for
apache-airflow
(pip)
Sep 12, 2023
Apache Airflow: DAG Code and Import Error Permissions Ignored
Moderate
CVE-2024-27906
was published
for
apache-airflow
(pip)
Feb 29, 2024
Apache Commons FileUpload denial of service vulnerability
High
CVE-2023-24998
was published
for
commons-fileupload:commons-fileupload
(Maven)
Feb 20, 2023
REST Plugin in Apache Struts uses an XStreamHandler with an instance of XStream for deserialization without any type filtering
High
CVE-2017-9805
was published
for
org.apache.struts:struts2-rest-plugin
(Maven)
Oct 16, 2018
Spring Framework has Improperly Implemented Security Check for Standard
Critical
CVE-2018-1275
was published
for
org.springframework:spring-messaging
(Maven)
Oct 17, 2018
Arbitrary file read vulnerability through the Jenkins CLI can lead to RCE
Critical
CVE-2024-23897
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
Jan 24, 2024
Django vulnerable to Reflected File Download attack
High
CVE-2022-36359
was published
for
Django
(pip)
Aug 11, 2022
Uncontrolled Resource Consumption in FasterXML jackson-databind
High
CVE-2022-42004
was published
for
com.fasterxml.jackson.core:jackson-databind
(Maven)
Oct 3, 2022
Apache Airflow Path Traversal vulnerability
High
CVE-2023-22887
was published
for
apache-airflow
(pip)
Jul 12, 2023
Apache Airflow Incorrect Authorization vulnerability
High
CVE-2023-35908
was published
for
apache-airflow
(pip)
Jul 12, 2023
Django Vulnerable to Cache Poisoning
Critical
CVE-2014-1418
was published
for
Django
(pip)
May 17, 2022
Django Incorrect Default Permissions
Moderate
CVE-2020-24584
was published
for
django
(pip)
Mar 18, 2021
Improper Access Control in Apache Airflow
High
CVE-2021-26559
was published
for
apache-airflow
(pip)
Apr 7, 2021
Django Denial-of-service possibility in truncatechars_html and truncatewords_html template filters
Low
CVE-2018-7537
was published
for
django
(pip)
Jan 4, 2019
Django allows unintended model editing
High
CVE-2019-19118
was published
for
Django
(pip)
Dec 4, 2019
Apache Airflow: Incorrect Default Permissions in audit logs for Ops and Viewers users
Moderate
CVE-2024-26280
was published
for
apache-airflow
(pip)
Mar 1, 2024
The host name verification missing in Apache Tomcat
High
CVE-2018-8034
was published
for
org.apache.tomcat.embed:tomcat-embed-core
(Maven)
Oct 17, 2018
Apache Tomcat allows remote attackers to read data that was intended to be associated with a different request
High
CVE-2016-8747
was published
for
org.apache.tomcat:tomcat
(Maven)
May 14, 2022
Improper Restriction of Operations within the Bounds of a Memory Buffer in Apache Tomcat
High
CVE-2016-6817
was published
for
org.apache.tomcat:tomcat
(Maven)
May 14, 2022
Uncontrolled Resource Consumption in Pillow
High
CVE-2021-28677
was published
for
Pillow
(pip)
Jun 8, 2021
ProTip!
Advisories are also available from the
GraphQL API