OpenMetadata 安全漏洞

OpenMetadata is an open-source platform for discovery, observability, and governance, supported by a central metadata storage library, deep lineage, and seamless team collaboration. There were security vulnerabilities in versions of OpenMetadata prior to 1.11.8. These vulnerabilities stemmed from...

EUVD-2024-1052

Malicious code in bioql PyPI...

EUVD-2023-41888

Malicious code in bioql PyPI...

CVE-2025-54831 Apache Airflow: Connection sensitive details exposed to users with READ permissions

Apache Airflow 3 introduced a change to the handling of sensitive information in Connections. The intent was to restrict access to sensitive connection fields to Connection Editing Users, effectively applying a "write-only" model for sensitive values. In Airflow 3.0.3, this model was...

CVE-2023-38062

In JetBrains TeamCity before 2023.05.1 parameters of the "password" type could be shown in the UI in certain composite build configurations...

Design/Logic Flaw

Insufficiently Protected Credentials vulnerability in Apache Solr. This issue affects Apache Solr: from 6.0.0 through 8.11.2, from 9.0.0 before 9.3.0. One of the two endpoints that publishes the Solr process' Java system properties, /admin/info/properties, was only setup to hide system properties...

GHSA-MJQH-V5F2-G2MW Apache Airflow information exposure vulnerability

Apache Airflow, versions before 2.7.1, is affected by a vulnerability that allows authenticated users who have access to see the task/dag in the UI, to craft a URL, which could lead to unmasking the secret configuration of the task that otherwise would be masked in the UI. Users are strongly...

CVE-2023-38062

In JetBrains TeamCity before 2023.05.1 parameters of the "password" type could be shown in the UI in certain composite build configurations...

PYSEC-2023-89

In Apache Airflow, some potentially sensitive values were being shown to the user in certain situations.This vulnerability is mitigated by the fact configuration is not shown in the UI by default only if webserver exposeconfig is set to non-sensitive-only, and not all uncensored values are actual...

CVE-2022-33928

Dell Wyse Management Suite 3.6.1 and below contains an Plain-text Password Storage Vulnerability in UI. An attacker with low privileges could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to...

GLSA-202207-01 : HashiCorp Vault: Multiple Vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202207-01 HashiCorp Vault: Multiple Vulnerabilities - HashiCorp Vault and Vault Enterprise allowed for enumeration of Secrets Engine mount paths via unauthenticated HTTP requests. Fixed in 1.6.2 & 1.5.7. CVE-2020-25594 - HashiCorp...

ZEIT Next.js 安全漏洞

ZEIT Next.js is an open source web application framework from ZEIT based on Vue.js, Node.js, Webpack and Babel.js. A security vulnerability exists in ZEIT Next.js that stems from the product's UI not restricting the display of critical information. An attacker could cause information leakage by...

CVE-2021-0220

The Junos Space Network Management Platform has been found to store shared secrets in a recoverable format that can be exposed through the UI. An attacker who is able to execute arbitrary code in the victim browser for example via XSS or access cached contents may be able to obtain a copy of...