Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,189
Erlang
31
GitHub Actions
19
Go
1,985
Maven
5,000+
npm
3,701
NuGet
657
pip
3,326
Pub
11
RubyGems
882
Rust
836
Swift
35
Unreviewed advisories
All unreviewed
5,000+

21 advisories

Loading
Exposure of Resource to Wrong Sphere in salt High
CVE-2021-21996 was published for salt (pip) Nov 21, 2021
Insecure Temporary File in mlflow High
CVE-2022-0736 was published for mlflow (pip) Feb 24, 2022
user-readable api tokens in systemd units for JupyterHub High
CVE-2020-26261 was published for jupyterhub-systemdspawner (pip) Dec 9, 2020
quentinmit
Temporary File Information Disclosure vulnerability in MPXJ Low
CVE-2022-41954 was published for mpxj (Maven) Nov 28, 2022
JLLeitschuh jkmartindale
Use of insecure temporary file in Horovod High
CVE-2022-0315 was published for horovod (pip) Mar 29, 2022
JamieSlome ashahab
python-docutils allows insecure usage of temporary files Critical
CVE-2009-5042 was published for docutils (pip) Mar 13, 2020
Workers for local Dask clusters mistakenly listened on public interfaces Critical
GHSA-hwqr-f3v9-hwxr was published for distributed (pip) Jul 15, 2022
Remote code execution in dask Critical
CVE-2021-42343 was published for dask (pip) Oct 27, 2021
Exposure of Resource to Wrong Sphere and Insecure Temporary File in Ansible Moderate
CVE-2020-10744 was published for ansible (pip) Feb 9, 2022
Exposure of Resource to Wrong Sphere and Insecure Temporary File in Ansible Moderate
CVE-2020-10685 was published for ansible (pip) Apr 7, 2021
Ansible vulnerable to Exposure of Resource to Wrong Sphere and Insecure Temporary File Moderate
CVE-2020-1733 was published for ansible (pip) Apr 20, 2021
Externally Controlled Reference to a Resource in Another Sphere, Improper Input Validation, and External Control of File Name or Path in Ansible Moderate
CVE-2019-14905 was published for ansible (pip) Apr 20, 2021
Apache Airflow vulnerable to privilege escalation Moderate
CVE-2023-42792 was published for apache-airflow (pip) Oct 14, 2023
TorchServe gRPC Port Exposure High
CVE-2024-35199 was published for torchserve (pip) Jul 18, 2024
Microsoft: CBC Padding Oracle in Azure Blob Storage Encryption Library Moderate
CVE-2022-30187 was published for Azure.Storage.Blobs (Maven) Jul 13, 2022
andrewpollock
Apache Airflow: DAG Code and Import Error Permissions Ignored Moderate
CVE-2024-27906 was published for apache-airflow (pip) Feb 29, 2024
oscerd sunSUNQ
DIRAC: Unauthorized users can read proxy contents during generation High
CVE-2024-29905 was published for DIRAC (pip) Apr 9, 2024
Apache Airflow vulnerable to Exposure of Resource to Wrong Sphere Moderate
CVE-2023-48291 was published for apache-airflow (pip) Dec 21, 2023
Insecure temporary file in Tensorflow High
CVE-2022-23563 was published for tensorflow (pip) Feb 9, 2022
Exposure of Sensitive Information to an Unauthorized Actor in OpenStack tripleo-heat-templates Moderate
CVE-2021-4180 was published for tripleo-heat-templates (pip) Mar 24, 2022
Apache Superset has Improper Access Control Moderate
CVE-2022-45438 was published for apache-superset (pip) Jan 16, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database