GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
11 advisories
Improper Input Validation in Apache Camel
High
CVE-2020-11971
was published
for
org.apache.camel:camel
(Maven)
May 21, 2021
Improper Input Validation in Parquet-MR
High
CVE-2021-41561
was published
for
org.apache.parquet:parquet
(Maven)
Jan 6, 2022
DNS based denial of service in Apache Wicket
High
CVE-2021-23937
was published
for
org.apache.wicket:wicket-core
(Maven)
May 24, 2022
Apache MXNet vulnerable to potential denial-of-service by excessive resource consumption
High
CVE-2022-24294
was published
for
mxnet
(pip)
Jul 25, 2022
Remote code execution in Apache Airflow Docker's Provider
High
CVE-2022-38362
was published
for
apache-airflow-providers-docker
(pip)
Aug 17, 2022
Apache Geode vulnerable to Deserialization of Untrusted Data
Critical
CVE-2022-37021
was published
for
org.apache.geode:geode-core
(Maven)
Sep 1, 2022
OS Command Injection in Apache Airflow
High
CVE-2022-41131
was published
for
apache-airflow-providers-apache-hive
(pip)
Nov 22, 2022
rabbitmq-connector plugin module in Apache EventMesh platforms allows attackers to send controlled message
Critical
CVE-2023-26512
was published
for
org.apache.eventmesh:eventmesh-connector-rabbitmq
(Maven)
Jul 17, 2023
Improper escaping in Apache Zeppelin
Critical
CVE-2024-31866
was published
for
org.apache.zeppelin:zeppelin-interpreter
(Maven)
Apr 9, 2024
Code injection in Apache Zeppelin Shell
Moderate
CVE-2024-31861
was published
for
org.apache.zeppelin:zeppelin-shell
(Maven)
Apr 11, 2024
Apache Wicket: An attacker can intentionally trigger a memory leak
Moderate
CVE-2024-53299
was published
for
org.apache.wicket:wicket-core
(Maven)
Jan 23, 2025
ProTip!
Advisories are also available from the
GraphQL API