GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
9 advisories
Improper escaping in Apache Zeppelin
Moderate
CVE-2024-31866
was published
for
org.apache.zeppelin:zeppelin-interpreter
(Maven)
Apr 9, 2024
rabbitmq-connector plugin module in Apache EventMesh platforms allows attackers to send controlled message
Critical
CVE-2023-26512
was published
for
org.apache.eventmesh:eventmesh-connector-rabbitmq
(Maven)
Jul 17, 2023
OS Command Injection in Apache Airflow
High
CVE-2022-41131
was published
for
apache-airflow-providers-apache-hive
(pip)
Nov 22, 2022
Apache Geode vulnerable to Deserialization of Untrusted Data
Critical
CVE-2022-37021
was published
for
org.apache.geode:geode-core
(Maven)
Sep 1, 2022
Remote code execution in Apache Airflow Docker's Provider
High
CVE-2022-38362
was published
for
apache-airflow-providers-docker
(pip)
Aug 17, 2022
Apache MXNet vulnerable to potential denial-of-service by excessive resource consumption
High
CVE-2022-24294
was published
for
mxnet
(pip)
Jul 25, 2022
DNS based denial of service in Apache Wicket
High
CVE-2021-23937
was published
for
org.apache.wicket:wicket-core
(Maven)
May 24, 2022
Improper Input Validation in Parquet-MR
High
CVE-2021-41561
was published
for
org.apache.parquet:parquet
(Maven)
Jan 6, 2022
Improper Input Validation in Apache Camel
High
CVE-2020-11971
was published
for
org.apache.camel:camel
(Maven)
May 21, 2021
ProTip!
Advisories are also available from the
GraphQL API