Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,272
Erlang
31
GitHub Actions
21
Go
2,047
Maven
5,000+
npm
3,739
NuGet
668
pip
3,415
Pub
12
RubyGems
891
Rust
868
Swift
36
Unreviewed advisories
All unreviewed
5,000+

155 advisories

Loading
Apache Airflow vulnerable to XSS and local file disclosure Moderate
CVE-2019-12417 was published for airflow (pip) Nov 22, 2019
sunSUNQ
CSRF attack via CORS preflight requests with Spring MVC or Spring WebFlux Moderate
CVE-2020-5397 was published for org.springframework:spring-webflux (Maven) Jan 21, 2020
sunSUNQ
Apache ActiveMQ webconsole admin GUI is open to XSS Moderate
CVE-2020-1941 was published for org.apache.activemq:activemq-web-console (Maven) May 21, 2020
sunSUNQ
SSRF vulnerability in Apache Airflow Moderate
CVE-2020-17513 was published for apache-airflow (pip) Dec 17, 2020
sunSUNQ
Pillow Out-of-bounds Read Moderate
CVE-2020-35655 was published for pillow (pip) Mar 18, 2021
sunSUNQ
Django Incorrect Default Permissions Moderate
CVE-2020-24584 was published for django (pip) Mar 18, 2021
sunSUNQ
Regular Expression Denial of Service (ReDoS) in Pillow Moderate
CVE-2021-25292 was published for Pillow (pip) Mar 29, 2021
sunSUNQ
Apache Airflow cross-site scripting due to incomplete fix for CVE-2020-13944 Moderate
CVE-2020-17515 was published for apache-airflow (pip) Apr 20, 2021
sunSUNQ
Information Disclosure in Apache Tomcat Moderate
CVE-2021-24122 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) May 13, 2021
sunSUNQ
Improper Authentication in Apache Airflow Moderate
CVE-2021-26697 was published for apache-airflow (pip) Jun 18, 2021
sunSUNQ
Cross-site Scripting in Apache Airflow Moderate
CVE-2021-28359 was published for apache-airflow (pip) Jun 18, 2021
sunSUNQ
HTTP Request Smuggling in Apache Tomcat Moderate
CVE-2021-33037 was published for org.apache.tomcat:tomcat (Maven) Aug 13, 2021
mrjonstrong sunSUNQ
Missing Authorization in Apache Airflow Moderate
CVE-2021-35936 was published for apache-airflow (pip) Aug 30, 2021
sunSUNQ
Improper Initialization in Pillow Moderate
CVE-2022-22815 was published for Pillow (pip) Jan 12, 2022
sunSUNQ
Cross-site scripting (XSS) in Apache ActiveMQ Moderate
CVE-2020-13947 was published for org.apache.activemq:activemq-parent (Maven) Feb 9, 2022
sunSUNQ
Improper Authentication in Apache ActiveMQ Moderate
CVE-2020-13920 was published for org.apache.activemq:activemq-parent (Maven) Feb 9, 2022
sunSUNQ
Apache Airflow Cross-site Scripting Vulnerability Moderate
CVE-2021-45229 was published for apache-airflow (pip) Feb 26, 2022
sunSUNQ
Apache Tomcat Directory Traversal Moderate
CVE-2007-0450 was published for org.apache.tomcat:tomcat (Maven) May 1, 2022
sunSUNQ
Apache Tomcat Cross-site scripting (XSS) vulnerability Moderate
CVE-2008-1947 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) May 1, 2022
sunSUNQ
Apache Tomcat Directory Traversal vulnerability Moderate
CVE-2009-2693 was published for org.apache.tomcat:tomcat (Maven) May 2, 2022
MarkLee131 sunSUNQ
Improper Authentication in Apache Tomcat Moderate
CVE-2009-2901 was published for org.apache.tomcat:tomcat (Maven) May 2, 2022
MarkLee131 sunSUNQ
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in Apache Tomcat Moderate
CVE-2009-2902 was published for org.apache.tomcat:tomcat (Maven) May 2, 2022
MarkLee131 sunSUNQ
Apache Tomcat affected by vulnerability in TLS and SSL protocol Moderate
CVE-2009-3555 was published for org.apache.tomcat:tomcat (Maven) May 2, 2022
MarkLee131 sunSUNQ
Cross-site request forgery in Apache ActiveMQ Moderate
CVE-2010-1244 was published for org.apache.activemq:activemq-parent (Maven) May 2, 2022
sunSUNQ
Improper Neutralization of Input During Web Page Generation in Apache Tomcat Moderate
CVE-2011-0013 was published for org.apache.tomcat:tomcat (Maven) May 3, 2022
sunSUNQ
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database