Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

53 advisories

Loading
RestrictedPython information leakage via `AttributeError.obj` and the `string` module High
CVE-2024-47532 was published for RestrictedPython (pip) Sep 30, 2024
Quasar0147 dronex7070
d-maurer dataflake icemac
Vanna vulnerable to SQL Injection High
CVE-2024-5753 was published for vanna (pip) Jul 5, 2024
OpenStack Cinder, Glance, and Nova vulnerable to arbitrary file access High
CVE-2024-32498 was published for cinder (pip) Jul 5, 2024
Jupyter server on Windows discloses Windows user password hash High
CVE-2024-35178 was published for jupyter_server (pip) Jun 6, 2024
nvn1729
Duplicate Advisory: Scrapy leaks the authorization header on same-domain but cross-origin redirects High
GHSA-cg34-w3fm-82h3 was published for scrapy (pip) May 20, 2024 withdrawn
Duplicate Advisory: Scrapy authorization header leakage on cross-domain redirect High
GHSA-4q82-j5c2-g2c5 was published for scrapy (pip) Apr 16, 2024 withdrawn
Scrapy authorization header leakage on cross-domain redirect High
CVE-2024-3574 was published for scrapy (pip) Feb 15, 2024
ranjit-git
JupyterLab vulnerable to potential authentication and CSRF tokens leak High
CVE-2024-22421 was published for jupyterlab (pip) Jan 19, 2024
davwwwx
Information exposure in MLflow High
CVE-2023-43472 was published for mlflow (pip) Dec 5, 2023
Apache DolphinScheduler sensitive information disclosure High
CVE-2023-48796 was published for apache-dolphinscheduler (Maven) Nov 24, 2023
Label Studio Object Relational Mapper Leak Vulnerability in Filtering Task High
CVE-2023-47117 was published for label-studio (pip) Nov 14, 2023
alex-elttam
Apache Airflow vulnerable to Exposure of Sensitive Information to an Unauthorized Actor High
CVE-2023-42781 was published for apache-airflow (pip) Nov 12, 2023
Nautobot vulnerable to exposure of hashed user passwords via REST API High
CVE-2023-46128 was published for nautobot (pip) Oct 24, 2023
`Cookie` HTTP header isn't stripped on cross-origin redirects High
CVE-2023-43804 was published for urllib3 (pip) Oct 2, 2023
ranjit-git pquentin
illia-v sethmlarson
OpenStack Heat information leak vulnerability High
CVE-2023-1625 was published for openstack-heat (pip) Sep 24, 2023
Apache Airflow information exposure vulnerability High
CVE-2023-40712 was published for apache-airflow (pip) Sep 12, 2023
Apache Airflow denial of service vulnerability High
CVE-2023-37379 was published for apache-airflow (pip) Aug 23, 2023
Apache Airflow Execution with Unnecessary Privileges High
CVE-2023-39508 was published for apache-airflow (pip) Aug 5, 2023
Apache Airflow information disclosure vulnerability High
CVE-2022-46651 was published for apache-airflow (pip) Jul 12, 2023
Apache Airflow vulnerable to exposure of sensitive information High
CVE-2023-35005 was published for apache-airflow (pip) Jun 19, 2023
Synapse does not apply enough checks to servers requesting auth events of events in a room High
CVE-2022-39335 was published for matrix-synapse (pip) May 24, 2023
Apache Airflow subject to Exposure of Sensitive Information High
CVE-2022-27949 was published for apache-airflow (pip) Nov 14, 2022
sunSUNQ
Phoenix-ws source code and data in extensions folder is publicly available High
GHSA-c8f7-x2g7-7fxj was published for phoenix-ws (pip) Jun 2, 2022
Ansible Exposes Sensitive Information High
CVE-2021-20228 was published for ansible (pip) May 25, 2022
Home Assistant information disclosure vulnerability High
CVE-2018-21019 was published for homeassistant (pip) May 24, 2022
ProTip! Advisories are also available from the GraphQL API