Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

68 advisories

Loading
Apache Airflow: Incorrect Default Permissions in audit logs for Ops and Viewers users Moderate
CVE-2024-26280 was published for apache-airflow (pip) Mar 1, 2024
oscerd sunSUNQ
Apache Airflow: DAG Code and Import Error Permissions Ignored Moderate
CVE-2024-27906 was published for apache-airflow (pip) Feb 29, 2024
oscerd sunSUNQ
Apache Airflow vulnerable to sensitive information exposure when expose-config is set to non-sensitive-only Moderate
CVE-2023-45348 was published for apache-airflow (pip) Oct 14, 2023
sunSUNQ
Apache Airflow vulnerable to sensitive information exposure when users list warnings for all DAGs Moderate
CVE-2023-42780 was published for apache-airflow (pip) Oct 14, 2023
sunSUNQ
Apache Airflow Incorrect Authorization vulnerability Moderate
CVE-2023-40611 was published for apache-airflow (pip) Sep 12, 2023
sunSUNQ
Apache Airflow missing Certificate Validation Moderate
CVE-2023-39441 was published for apache-airflow (pip) Aug 23, 2023
sunSUNQ
Apache Airflow Path Traversal vulnerability High
CVE-2023-22887 was published for apache-airflow (pip) Jul 12, 2023
sunSUNQ
Apache Airflow Incorrect Authorization vulnerability High
CVE-2023-35908 was published for apache-airflow (pip) Jul 12, 2023
sunSUNQ
Resource exhaustion in Django High
CVE-2023-24580 was published for Django (pip) Feb 15, 2023
RamonvdW sunSUNQ
OS Command Injection in Apache Airflow Critical
CVE-2022-38649 was published for apache-airflow (pip) Nov 22, 2022
sunSUNQ
Apache Airflow Contains Open Redirect Moderate
CVE-2022-45402 was published for apache-airflow (pip) Nov 15, 2022
sunSUNQ
Apache Airflow subject to Exposure of Sensitive Information High
CVE-2022-27949 was published for apache-airflow (pip) Nov 14, 2022
sunSUNQ
Django denial-of-service vulnerability in internationalized URLs High
CVE-2022-41323 was published for django (pip) Oct 16, 2022
sunSUNQ
Apache Airflow may allow authenticated users who have been deactivated to continue using the UI or API High
CVE-2022-41672 was published for apache-airflow (pip) Oct 7, 2022
sunSUNQ
Apache Airflow vulnerable to Use of Externally-Controlled Format String High
CVE-2022-40604 was published for apache-airflow (pip) Sep 22, 2022
sunSUNQ
Apache Airflow exposes arbitrary file content Moderate
CVE-2022-38170 was published for apache-airflow (pip) Sep 3, 2022
sunSUNQ
Django vulnerable to Reflected File Download attack High
CVE-2022-36359 was published for Django (pip) Aug 11, 2022
sunSUNQ levpachmanov
G-Rath
Buffer over-flow in Pillow High
CVE-2022-30595 was published for Pillow (pip) May 26, 2022
sunSUNQ
Django vulnerable to Improper Restriction of Operations within the Bounds of a Memory Buffer High
CVE-2012-3444 was published for Django (pip) May 17, 2022
sunSUNQ
Django settings leak in date template filter Moderate
CVE-2015-8213 was published for Django (pip) May 17, 2022
sunSUNQ
Django DoS in django.views.static.serve High
CVE-2015-0221 was published for Django (pip) May 17, 2022
sunSUNQ
Django Vulnerable to Cache Poisoning Critical
CVE-2014-1418 was published for Django (pip) May 17, 2022
sunSUNQ
Django Vulnerable to HTTP Response Splitting Attack High
CVE-2015-5144 was published for Django (pip) May 17, 2022
sunSUNQ
Path traversal in Pillow High
CVE-2022-24303 was published for Pillow (pip) Mar 11, 2022
sunSUNQ
ProTip! Advisories are also available from the GraphQL API