Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

21 advisories

Loading
python-docutils allows insecure usage of temporary files Critical
CVE-2009-5042 was published for docutils (pip) Mar 13, 2020
user-readable api tokens in systemd units for JupyterHub High
CVE-2020-26261 was published for jupyterhub-systemdspawner (pip) Dec 9, 2020
quentinmit
Exposure of Resource to Wrong Sphere and Insecure Temporary File in Ansible Moderate
CVE-2020-10685 was published for ansible (pip) Apr 7, 2021
Ansible vulnerable to Exposure of Resource to Wrong Sphere and Insecure Temporary File Low
CVE-2020-1733 was published for ansible (pip) Apr 20, 2021
Remote code execution in dask Critical
CVE-2021-42343 was published for dask (pip) Oct 27, 2021
Exposure of Resource to Wrong Sphere in salt High
CVE-2021-21996 was published for salt (pip) Nov 21, 2021
Exposure of Resource to Wrong Sphere and Insecure Temporary File in Ansible Low
CVE-2020-10744 was published for ansible (pip) Feb 9, 2022
Insecure temporary file in Tensorflow High
CVE-2022-23563 was published for tensorflow (pip) Feb 9, 2022
Insecure Temporary File in mlflow High
CVE-2022-0736 was published for mlflow (pip) Feb 24, 2022
Exposure of Sensitive Information to an Unauthorized Actor in OpenStack tripleo-heat-templates Moderate
CVE-2021-4180 was published for tripleo-heat-templates (pip) Mar 24, 2022
Use of insecure temporary file in Horovod High
CVE-2022-0315 was published for horovod (pip) Mar 29, 2022
JamieSlome ashahab
Microsoft: CBC Padding Oracle in Azure Blob Storage Encryption Library Moderate
CVE-2022-30187 was published for Azure.Storage.Blobs (Maven) Jul 13, 2022
andrewpollock
Workers for local Dask clusters mistakenly listened on public interfaces Critical
GHSA-hwqr-f3v9-hwxr was published for distributed (pip) Jul 15, 2022
Temporary File Information Disclosure vulnerability in MPXJ Low
CVE-2022-41954 was published for mpxj (Maven) Nov 28, 2022
JLLeitschuh jkmartindale
Apache Superset has Improper Access Control Moderate
CVE-2022-45438 was published for apache-superset (pip) Jan 16, 2023
Apache Airflow vulnerable to privilege escalation Moderate
CVE-2023-42792 was published for apache-airflow (pip) Oct 14, 2023
Apache Airflow vulnerable to Exposure of Resource to Wrong Sphere Moderate
CVE-2023-48291 was published for apache-airflow (pip) Dec 21, 2023
Apache Airflow: DAG Code and Import Error Permissions Ignored Moderate
CVE-2024-27906 was published for apache-airflow (pip) Feb 29, 2024
oscerd sunSUNQ
DIRAC: Unauthorized users can read proxy contents during generation High
CVE-2024-29905 was published for DIRAC (pip) Apr 9, 2024
TorchServe gRPC Port Exposure High
CVE-2024-35199 was published for torchserve (pip) Jul 18, 2024
ProTip! Advisories are also available from the GraphQL API