Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories

Loading...
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZodjMtN2MzNC00aHg4
Hashicorp Nomad Information Exposure Through Environmental Variables
Ecosystems: go
Packages: github.com/hashicorp/nomad
Source: GitHub Advisory Database
Published: over 1 year ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTk2Mm0tbThqdy04d3Jy
Path Traversal in Zope
Ecosystems: pypi
Packages: Zope
Source: GitHub Advisory Database
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1wNnFjLTM3aHEtd3FyNs4AAoNm
Remote code execution vulnerability in Jenkins Templating Engine Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:templating-engine
Source: GitHub Advisory Database
Published: about 1 year ago
Low
GSA_kwCzR0hTQS04djcyLXFyM2gtYzZyds4AAnOU
Credentials stored in plain text by Jenkins Bumblebee HP ALM Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:bumblebee
Source: GitHub Advisory Database
Published: about 1 year ago
High
GSA_kwCzR0hTQS00OGhyLWpnNHAtdzRwNM4AAnp9
XSS vulnerability in Jenkins Claim Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:claim
Source: GitHub Advisory Database
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS02Z2NnLWhwMngtcTU0aM4AAgdM
Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server
Ecosystems: go
Packages: github.com/argoproj/argo-cd/v2
Source: GitHub Advisory Database
Published: about 1 year ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZqcXctcjN3dy13ajJ3
Expression Language Injection in Apache Syncope
Ecosystems: maven
Packages: org.apache.syncope:syncope-core
Source: GitHub Advisory Database
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS13cGhxLWo3OHAtZmhncM4AAlxz
Secret stored in plain text by Jenkins Parameterized Remote Trigger Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:Parameterized-Remote-Trigger
Source: GitHub Advisory Database
Published: about 1 year ago
High
GSA_kwCzR0hTQS1qZjlqLWh4MmotbTl4aM4AAlx7
CSRF vulnerability in Jenkins Database Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:database
Source: GitHub Advisory Database
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS05cnZ3LTdteDctaDUzeM4AAlx0
CSRF vulnerability in Jenkins Database Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:database
Source: GitHub Advisory Database
Published: about 1 year ago
High
GSA_kwCzR0hTQS1qN3EyLWM2cjQteDJqd84AAlxw
Stored XSS vulnerability in Jenkins Git Parameter Plugin
Ecosystems: maven
Packages: org.jenkins-ci.tools:git-parameter
Source: GitHub Advisory Database
Published: about 1 year ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTR3NHAteHdyci05Y3Jo
Injection in Apache Syncope
Ecosystems: maven
Packages: org.apache.syncope:syncope-core
Source: GitHub Advisory Database
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1xMzk3LXcyOGYtang5N84AAk1a
Stored XSS vulnerability in Jenkins ECharts API Plugin
Ecosystems: maven
Packages: io.jenkins.plugins:echarts-api
Source: GitHub Advisory Database
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS14OXJxLTloNDQtZjg0ds4AAk1J
Stored XSS vulnerability in Jenkins ECharts API Plugin
Ecosystems: maven
Packages: io.jenkins.plugins:echarts-api
Source: GitHub Advisory Database
Published: about 1 year ago
Low
GSA_kwCzR0hTQS13NmMyLWpyaGgtanJ4Z84AAlx_
Credentials stored in plain text by Jenkins tfs Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:tfs
Source: GitHub Advisory Database
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS02OHZyLThmNDYtdmM5Zs0kfA
Username spoofing in OnionShare
Ecosystems: pypi
Packages: onionshare-cli
Source: GitHub Advisory Database
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS14Njh4LXd2bTItaHFjOM4AAk06
Stored XSS vulnerability in Jenkins Compact Columns Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:compact-columns
Source: GitHub Advisory Database
Published: about 1 year ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZxajgtYzI3dy1ycDMz
Cross-site scripting in Apache Syncome EndUser
Ecosystems: maven
Packages: org.apache.syncope.client:syncope-client-enduser
Source: GitHub Advisory Database
Published: over 1 year ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZtNWotdnFyNi12N3Y4
OS Command Injection in pixl-class
Ecosystems: npm
Packages: pixl-class
Source: GitHub Advisory Database
Published: over 1 year ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWY3OGYtMzUzbS1jZjRq
Code Injection in node-rules
Ecosystems: npm
Packages: node-rules
Source: GitHub Advisory Database
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS05cDhqLWhyZ2YtamMyZ84AAwdQ
Apache Zeppelin Cross-site Scripting vulnerability
Ecosystems: maven
Packages: org.apache.zeppelin:zeppelin
Source: GitHub Advisory Database
Published: 5 months ago
High
GSA_kwCzR0hTQS14cTJxLThoeGMtN2pyMs4AAlyG
XXE vulnerability in Jenkins Valgrind Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:valgrind
Source: GitHub Advisory Database
Published: about 1 year ago
High
GSA_kwCzR0hTQS12NDZxLXhqcDUtN3A2cs4AAlyU
Stored XSS vulnerability in Jenkins Cadence vManager Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:vmanager-plugin
Source: GitHub Advisory Database
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1oajM2LXY3MngtY2M2as4AAlyB
Missing permission checks in Jenkins Database Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:database
Source: GitHub Advisory Database
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS05ajJwLThxcWYtaDU1Y84AAxl7
Cross-site Scripting in UDX Stateless Media Plugin
Ecosystems: packagist
Packages: wpcloud/wp-stateless
Source: GitHub Advisory Database
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS12amY4LXh3NmMtd2pocc4AAllA
CSRF vulnerability in Jenkins Flaky Test Handler Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:flaky-test-handler
Source: GitHub Advisory Database
Published: about 1 year ago
High
GSA_kwCzR0hTQS0zbXdqLTd2bXEtdzQzcM4AAllB
Stored XSS vulnerability in Jenkins Yet Another Build Visualizer Plugin
Ecosystems: maven
Packages: com.axis.system.jenkins.plugins.downstream:yet-another-build-visualizer
Source: GitHub Advisory Database
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1xNHFxLThxMnItZzJmMs4AAlx5
Passwords transmitted in plain text by Jenkins ReadyAPI Functional Testing Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:soapui-pro-functional-testing
Source: GitHub Advisory Database
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1jY3dwLTYzM2otZzI5ds4AAlyH
Passwords stored in plain text by Jenkins ReadyAPI Functional Testing Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:soapui-pro-functional-testing
Source: GitHub Advisory Database
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1qODUyLW1wODItd3YyZ84AAk1A
Improper permission checks in Jenkins Swarm Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:swarm
Source: GitHub Advisory Database
Published: about 1 year ago
High
GSA_kwCzR0hTQS1tcnI4LWZjZzctcDJ3Z84AAllJ
Missing permission check in Jenkins Pipeline Maven Integration Plugin allow capturing credentials
Ecosystems: maven
Packages: org.jenkins-ci.plugins:pipeline-maven
Source: GitHub Advisory Database
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS0zMnhwLW02dmctZ3dwas4AAlk-
Missing permission check in Jenkins Pipeline Maven Integration Plugin allows enumerating credentials IDs
Ecosystems: maven
Packages: org.jenkins-ci.plugins:pipeline-maven
Source: GitHub Advisory Database
Published: about 1 year ago
Low
GSA_kwCzR0hTQS01YzR2LXZoOTUtYzY3Y84AAllH
Jenkins Email Extension Plugin SMTP password transmitted and displayed in plain text
Ecosystems: maven
Packages: org.jenkins-ci.plugins:email-ext
Source: GitHub Advisory Database
Published: about 1 year ago
High
GSA_kwCzR0hTQS1xOXIyLWYzdmMtcmpnOM4AAuAj
Command Injection in macaddress
Ecosystems: npm
Packages: macaddress
Source: GitHub Advisory Database
Published: almost 3 years ago
High
GSA_kwCzR0hTQS1jMmhnLTJqajYtaDh2aM4AAllD
CSRF vulnerability in Jenkins Pipeline Maven Integration Plugin allow capturing credentials
Ecosystems: maven
Packages: org.jenkins-ci.plugins:pipeline-maven
Source: GitHub Advisory Database
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1odjUzLXFqZzYtNXBtOc4AAkKl
XSS vulnerability in Jenkins Gatling Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:gatling
Source: GitHub Advisory Database
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1mODJ2LXBnNzQtNjY4Ns4AAkLi
Reflected XSS vulnerability in Jenkins AWSEB Deployment Plugin
Ecosystems: maven
Packages: br.com.ingenieux.jenkins.plugins:awseb-deployment-plugin
Source: GitHub Advisory Database
Published: about 1 year ago
High
GSA_kwCzR0hTQS12dzI3LWZ3amYtNXF4bc0Wqg
Arbitrary command execution on Windows via qutebrowserurl: URL handler
Ecosystems: pypi
Packages: qutebrowser
Source: GitHub Advisory Database
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS01eDg5LTc1cjctOHJqaM4AAkK2
XSS vulnerability in Jenkins useMango Runner Plugin
Ecosystems: maven
Packages: it.infuse.jenkins:usemango-runner
Source: GitHub Advisory Database
Published: about 1 year ago
High
GSA_kwCzR0hTQS1nYzJyLWNjZmgtNjJ2Oc4AAoGF
Reflected XSS vulnerability in Jenkins Micro Focus Application Automation Tools Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:hp-application-automation-tools-plugin
Source: GitHub Advisory Database
Published: about 1 year ago
High
GSA_kwCzR0hTQS0zaDU3LWhtajMtZ2ozcM4AAyAE
Rack has possible DoS Vulnerability in Multipart MIME parsing
Ecosystems: rubygems
Packages: rack
Source: GitHub Advisory Database
Published: 3 months ago
High
GSA_kwCzR0hTQS1jbWdtLXE4aGYtcDdqY84AAkKs
XXE vulnerability in Jenkins Code Coverage API Plugin
Ecosystems: maven
Packages: io.jenkins.plugins:code-coverage-api
Source: GitHub Advisory Database
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS05OThtLWYyeDMtampxNM4AAoNt
CSRF vulnerability in Jenkins Config File Provider Plugin allows deleting configuration files
Ecosystems: maven
Packages: org.jenkins-ci.plugins:config-file-provider
Source: GitHub Advisory Database
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS0zbTNmLTIzMjMtNjRtN84AAoNh
Incorrect permission checks in Jenkins Config File Provider Plugin allow enumerating credentials IDs
Ecosystems: maven
Packages: org.jenkins-ci.plugins:config-file-provider
Source: GitHub Advisory Database
Published: about 1 year ago
High
GSA_kwCzR0hTQS14eDdnLWYyODctZjlmcc4AAmCb
XXE vulnerability in Jenkins Liquibase Runner Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:liquibase-runner
Source: GitHub Advisory Database
Published: about 1 year ago
High
GSA_kwCzR0hTQS1xNTY0LXZ2eDgtOTM4OM4AAmCg
CSRF vulnerability in Jenkins warnings Plugin allows remote code execution
Ecosystems: maven
Packages: org.jvnet.hudson.plugins:warnings
Source: GitHub Advisory Database
Published: about 1 year ago
High
GSA_kwCzR0hTQS01NTNxLWhwdnAtcThwY80ZWw
Server-Side Request Forgery in snipe/snipe-it
Ecosystems: packagist
Packages: snipe/snipe-it
Source: GitHub Advisory Database
Published: over 1 year ago
High
GSA_kwCzR0hTQS00Z2c1LXZ4M2oteHdjN84AAwQz
Protobuf Java vulnerable to Uncontrolled Resource Consumption
Ecosystems: maven
Packages: com.google.protobuf:protobuf-javalite, com.google.protobuf:protobuf-java
Source: GitHub Advisory Database
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS00NGNtLXA5cTctcnIzcM4AAmCw
Missing permission check in Jenkins Liquibase Runner Plugin allows enumerating credentials IDs
Ecosystems: maven
Packages: org.jenkins-ci.plugins:liquibase-runner
Source: GitHub Advisory Database
Published: about 1 year ago
Low
GSA_kwCzR0hTQS1tOWoyLWdycWYtZmcyNs4AAW5D
Jenkins Reverse Proxy Auth Plugin allows attackers with local file system access to obtain a list of authorities for logged in users
Ecosystems: maven
Packages: org.jenkins-ci.plugins:reverse-proxy-auth-plugin
Source: GitHub Advisory Database
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS02ODN3LTg0bTctcDhwd84AAePK
User account enumeration via crafted URL
Ecosystems: pypi
Packages: plone
Source: GitHub Advisory Database
Published: about 1 year ago
High
GSA_kwCzR0hTQS1mNXd4LXcyZjktODJnaM4AAjcW
XXE vulnerability in Jenkins WebSphere Deployer Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:websphere-deployer
Source: GitHub Advisory Database
Published: about 1 year ago
High
GSA_kwCzR0hTQS02eHhqLWdjanEtd2dmNM0ZdA
SQL injection in prestashop/prestashop
Ecosystems: packagist
Packages: prestashop/prestashop
Source: GitHub Advisory Database
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS03NHI2LWdyajktOHJxNs0ZEw
Remote Code Execution in AjaxNetProfessional
Ecosystems: nuget
Packages: AjaxNetProfessional
Source: GitHub Advisory Database
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS14cjM3LXBqZmgtcXd3Y84AAjcY
Fortify Plugin stored credentials in plain text
Ecosystems: maven
Packages: org.jenkins-ci.plugins:fortify
Source: GitHub Advisory Database
Published: about 1 year ago
High
GSA_kwCzR0hTQS04ZnA0LXJwNmMtNWdjds0Y7g
Path Traversal in com.linecorp.armeria:armeria
Ecosystems: maven
Packages: com.linecorp.armeria:armeria
Source: GitHub Advisory Database
Published: over 1 year ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTQzNGgtcDRneC1qbTg5
Observable Response Discrepancy in Flask-AppBuilder
Ecosystems: pypi
Packages: Flask-AppBuilder
Source: GitHub Advisory Database
Published: about 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTI3Zzgtcjl2dy03NjV4
Private Field data leak
Ecosystems: npm
Packages: @keystonejs/keystone
Source: GitHub Advisory Database
Published: about 2 years ago
High
GSA_kwCzR0hTQS03d3E0LTg5eHgtZzYyas0mjw
Password exposure in ShenYu
Ecosystems: maven
Packages: org.apache.shenyu:shenyu-common
Source: GitHub Advisory Database
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1majZmLTY5MzMtODM5as4AAjcN
Non-constant time HMAC comparison
Ecosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Published: about 1 year ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZ3MmctNTgyNy1tOWZw
Out-of-bounds write
Ecosystems: nuget
Packages: Microsoft.ChakraCore
Source: GitHub Advisory Database
Published: about 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTI0NTItM3J3di14ODlj
Out-of-bounds write
Ecosystems: nuget
Packages: Microsoft.ChakraCore
Source: GitHub Advisory Database
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS1yYzdoLXg2Y3EtOTg4cc3p0Q
Improper Input Validation in JGroups
Ecosystems: maven
Packages: org.jgroups:jgroups
Source: GitHub Advisory Database
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS05N2p2LWMzNDItNXhoY84AAwaR
FurqanSoftware/node-whois vulnerable to Prototype Pollution
Ecosystems: npm
Packages: whois
Source: GitHub Advisory Database
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS1td2cyLTN4cHYtNXYyOM4AAoGG
CSRF vulnerability in Jenkins Micro Focus Application Automation Tools Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:hp-application-automation-tools-plugin
Source: GitHub Advisory Database
Published: about 1 year ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWhnMnAtMmN2cS00cHB2
Cross-site scripting in lazysizes
Ecosystems: npm
Packages: lazysizes
Source: GitHub Advisory Database
Published: over 1 year ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW1wcDUtMng1NS00OXh3
XSS in svg2png (NPM package)
Ecosystems: npm
Packages: svg2png
Source: GitHub Advisory Database
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS00d3g1LWM3MjMteHZ3ds4AAkZv
Credentials stored in plain text by Jenkins Copr Plugin
Ecosystems: maven
Packages: org.fedoraproject.jenkins.plugins:copr
Source: GitHub Advisory Database
Published: about 1 year ago
Low
GSA_kwCzR0hTQS13Nmh3LTU3anEtaDdmNc4AAknq
CSRF vulnerability in Amazon EC2 Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:ec2
Source: GitHub Advisory Database
Published: about 1 year ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTNwOTQtdmo5Ny1mbTRx
OS Command Injection in fsa
Ecosystems: npm
Packages: fsa
Source: GitHub Advisory Database
Published: over 1 year ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXBjZ2YtcWp4Mi1xdjRx
Out-of-bounds write
Ecosystems: nuget
Packages: Microsoft.ChakraCore
Source: GitHub Advisory Database
Published: about 2 years ago
High
GSA_kwCzR0hTQS1tZzQ2LWY5aDUtZzI3eM4AAywe
Apache Sling Engine vulnerable to cross-site scripting (XSS) that can lead to privilege escalation
Ecosystems: maven
Packages: org.apache.sling:org.apache.sling.engine
Source: GitHub Advisory Database
Published: about 2 months ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWM2YzQtam1xeC0zcjMz
Open Redirect in xdLocalStorage
Ecosystems: npm
Packages: xdLocalStorage
Source: GitHub Advisory Database
Published: over 1 year ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZyYzctNmc4dy1qaDU2
Improper Input Validation in xdLocalStorage
Ecosystems: npm
Packages: xdLocalStorage
Source: GitHub Advisory Database
Published: over 1 year ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTRwOWctcWd4OS0zOTdw
Denial of Service in Page Error Handling
Ecosystems: packagist
Packages: typo3/cms-core
Source: GitHub Advisory Database
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1jaGdnLXJybXYtNXE3eM4AAuAh
Withdrawn
Ecosystems: npm
Packages: jwt-simple
Source: GitHub Advisory Database
Published: almost 3 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTRtNnEtcnhobS02NzV3
OS Command Injection in adb-driver
Ecosystems: npm
Packages: adb-driver
Source: GitHub Advisory Database
Published: over 1 year ago
High
GSA_kwCzR0hTQS00aGhxLWozeHctd2o4Oc4AAknR
RCE vulnerability in SCM Filter Jervis Plugin
Ecosystems: maven
Packages: io.jenkins.plugins:scm-filter-jervis
Source: GitHub Advisory Database
Published: about 1 year ago
High
GSA_kwCzR0hTQS05ZjM3LWdneG0taDZ3eM4AAmvW
CSRF vulnerability in Jenkins Shelve Project Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:shelve-project-plugin
Source: GitHub Advisory Database
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS00M2oyLXI0djMtbThqcM4AAknk
Secrets are not masked by Jenkins Credentials Binding Plugin in builds without build steps
Ecosystems: maven
Packages: org.jenkins-ci.plugins:credentials-binding
Source: GitHub Advisory Database
Published: about 1 year ago
High
GSA_kwCzR0hTQS13aDZ3LTM4MjgtZzlxZs4AAv0W
Wasmtime may have data leakage between instances in the pooling allocator
Ecosystems: cargo
Packages: wasmtime
Source: GitHub Advisory Database
Published: 7 months ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXc2djItcWNobS1ncmo3
Insecure permissions on user namespace / fakeroot temporary rootfs in Singularity
Ecosystems: go
Packages: github.com/sylabs/singularity
Source: GitHub Advisory Database
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS00ajJwLXg3OW0tamNqOM4AAyo8
XXL-JOB vulnerable to Cross-site Scripting
Ecosystems: maven
Packages: com.xuxueli:xxl-job
Source: GitHub Advisory Database
Published: about 2 months ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJyNmotODYyYy1tMnYy
Unrestricted File Upload in Form Framework
Ecosystems: packagist
Packages: typo3/cms-form
Source: GitHub Advisory Database
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS1jbXdtLTQ1bWotbXBnM84AAwV0
SCIFIO vulnerable to Path Traversal
Ecosystems: maven
Packages: io.scif:scifio
Source: GitHub Advisory Database
Published: 6 months ago
Low
GSA_kwCzR0hTQS1qdjYyLTZ4dmMtY2N3aM4AAiIf
Jenkins elOyente Plugin has Insufficiently Protected Credentials
Ecosystems: maven
Packages: com.technicolor:elOyente
Source: GitHub Advisory Database
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS1wZ2o2LWptajUtd3FmeM4AAqj8
Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins
Ecosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS0yYzc5LWgyaDUtZzNmd84AAqj1
Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins
Ecosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS1tOWhyLTI1OWYtMnYyM84AAqj9
Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins
Ecosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS0zcTg0LXZydngtcmZ2Zs4AAqkF
Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins
Ecosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1qOGM3LWZtODUtNmpqNs4AAiIo
Jenkins Call Remote Job Plugin has Insufficiently Protected Credentials
Ecosystems: maven
Packages: org.ukiuni.callOtherJenkins:call-remote-job-plugin
Source: GitHub Advisory Database
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS1jdnZtLTRjcjktcjQzNs4AAqkD
Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins
Ecosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS02dnA1LXZ2OXAtN3E2Ms4AAxkU
Command Injection in thorsten/phpmyfaq
Ecosystems: packagist
Packages: thorsten/phpmyfaq
Source: GitHub Advisory Database
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS1xZjM0LWY0M3ItZ3Y5cM4AAyZ8
Apache Archiva vulnerable to privilege escalation via stored cross-site scripting (XSS)
Ecosystems: maven
Packages: org.apache.archiva:archiva
Source: GitHub Advisory Database
Published: 2 months ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWp2OWMtdzc0cS02NzYy
Insecure permissions on build temporary rootfs in Singularity
Ecosystems: go
Packages: github.com/sylabs/singularity
Source: GitHub Advisory Database
Published: about 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTc1YzUtZjRndy0zOHI5
Multiple vulnerabilities through filename manipulation in Archive_Tar
Ecosystems: packagist
Packages: pear/archive_tar
Source: GitHub Advisory Database
Published: about 2 years ago
High
GSA_kwCzR0hTQS1xNWo5LWY5NXctZjRwcs4AAwIx
TERASOLUNA Server Framework vulnerable to ClassLoader manipulation
Ecosystems: maven
Packages: org.terasoluna.gfw:terasoluna-gfw-common
Source: GitHub Advisory Database
Published: 6 months ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWhyY3AtOGYzcS00dzJj
XStream is vulnerable to an Arbitrary Code Execution attack
Ecosystems: maven
Packages: com.thoughtworks.xstream:xstream
Source: GitHub Advisory Database
Published: about 2 years ago
High
GSA_kwCzR0hTQS03dnI1LTcydzctcTZqY84AAvdg
Sandbox bypass vulnerabilities in Jenkins Script Security Plugin and in Pipeline: Groovy Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins.workflow:workflow-cps, org.jenkins-ci.plugins:script-security
Source: GitHub Advisory Database
Published: 8 months ago
Low
GSA_kwCzR0hTQS01YzJjLWN2ZzYtZ2hqbc4AApuC
Password stored in plain text by Jenkins Nomad Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:nomad
Source: GitHub Advisory Database
Published: about 1 year ago
Filter by Package
tensorflow 433 tensorflow-cpu 387 tensorflow-gpu 384 org.jenkins-ci.main:jenkins-core 163 pimcore/pimcore 98 org.apache.tomcat:tomcat 78 microweber/microweber 75 com.fasterxml.jackson.core:jackson-databind 69 Microsoft.ChakraCore 67 actionpack 57 github.com/usememos/memos 55 thorsten/phpmyfaq 53 moodle/moodle 53 apache-airflow 45 ansible 44 org.apache.struts:struts2-core 43 django 42 shopware/platform 41 rdiffweb 40 typo3/cms-core 39 Pillow 39 org.keycloak:keycloak-core 39 com.thoughtworks.xstream:xstream 37 showdoc/showdoc 36 shopware/core 32 librenms/librenms 31 opencv-contrib-python 30 opencv-python 30 snipe/snipe-it 29 github.com/answerdev/answer 29 nokogiri 28 org.apache.nifi:nifi 28 concrete5/concrete5 27 org.springframework:spring-core 27 io.undertow:undertow-core 26 Plone 26 openssl-src 26 com.liferay.portal:release.portal.bom 25 rubygems-update 25 net.mingsoft:ms-mcms 25 activerecord 24 craftcms/cms 24 parse-server 24 org.elasticsearch:elasticsearch 23 matrix-synapse 23 dolibarr/dolibarr 22 org.xwiki.platform:xwiki-platform-oldcore 22 apache-superset 22 org.apache.tomcat.embed:tomcat-embed-core 22 gogs.io/gogs 22 remdex/livehelperchat 22 org.jenkins-ci.plugins:script-security 21 org.apache.solr:solr-core 21 org.springframework.security:spring-security-core 21 org.eclipse.jetty:jetty-server 21 rack 20 org.apache.openmeetings:openmeetings-parent 20 typo3/cms 19 electron 19 froxlor/froxlor 19 github.com/argoproj/argo-cd 19 com.vaadin:vaadin-bom 19 github.com/hashicorp/nomad 18 org.keycloak:keycloak-parent 18 mautic/core 18 shopware/shopware 18 silverstripe/framework 18 baserproject/basercms 17 org.bouncycastle:bcprov-jdk14 17 sequelize 17 cakephp/cakephp 17 org.apache.activemq:activemq-client 17 @openzeppelin/contracts-upgradeable 16 marked 16 org.bouncycastle:bcprov-jdk15 16 org.apache.geode:geode-core 16 pocketmine/pocketmine-mp 16 yetiforce/yetiforce-crm 16 vyper 16 drupal/core 16 rusqlite 16 @openzeppelin/contracts 15 grumpydictator/firefly-iii 15 Django 15 github.com/ethereum/go-ethereum 15 org.apache.jspwiki:jspwiki-main 15 francoisjacquet/rosariosis 15 org.apache.cxf:cxf 14 swagger-ui 14 symfony/symfony 14 strapi 14 org.apache.dubbo:dubbo 14 wasmtime 13 helm.sh/helm/v3 13 tribalsystems/zenario 13 notebook 13 Microsoft.AspNetCore.App.Runtime.linux-x64 13 Microsoft.AspNetCore.App.Runtime.osx-x64 13 puppet 13 Microsoft.AspNetCore.App.Runtime.win-arm 13 Microsoft.AspNetCore.App.Runtime.win-x64 13 Microsoft.AspNetCore.App.Runtime.win-x86 13 Microsoft.AspNetCore.App.Runtime.linux-arm64 13 Microsoft.AspNetCore.App.Runtime.linux-musl-x64 13 Microsoft.AspNetCore.App.Runtime.linux-arm 13 handlebars 13 github.com/hashicorp/vault 13 github.com/rancher/rancher 13 k8s.io/kubernetes 13 publify_core 13 pyftpdlib 13 nova 13 github.com/goharbor/harbor 13 github.com/argoproj/argo-cd/v2 12 github.com/docker/docker 12 rails-html-sanitizer 12 ezsystems/ezpublish-kernel 12 golang.org/x/net 12 phpmailer/phpmailer 12 Microsoft.AspNetCore.App.Runtime.linux-musl-arm64 12 ckb 12 getkirby/cms 12 forkcms/forkcms 12 openmage/magento-lts 12 next 12 actionview 12 activesupport 12 rails 12 getgrav/grav 12 org.apache.tika:tika-core 12 onionshare-cli 11 org.jenkins-ci.plugins.workflow:workflow-cps 11 feehi/feehicms 11 org.jenkins-ci.plugins:git 11 github.com/containerd/containerd 11 org.apache.cxf:cxf-core 11 org.apache.hadoop:hadoop-common 11 org.apache.hadoop:hadoop-main 11 github.com/opencontainers/runc 11 intelliants/subrion 11 modoboa 11 fat_free_crm 11 calibreweb 11 org.apache.jspwiki:jspwiki-war 11 github.com/mattermost/mattermost-server/v6 11 nilsteampassnet/teampass 11 DotNetNuke.Core 11 prestashop/prestashop 10 github.com/cilium/cilium 10 org.apache.camel:camel-core 10 vm2 10 ghost 10 github.com/hashicorp/consul 10 com.vaadin:flow-server 10 Microsoft.AspNetCore.App.Runtime.win-arm64 10 Microsoft.NETCore.App 10 Microsoft.AspNetCore.All 10 twisted 10 org.xwiki.platform:xwiki-platform-web 10 contao/core-bundle 10 angular 10 ckeditor4 10 october/system 10 tinymce 10 org.apache.ranger:ranger 10 org.xwiki.platform:xwiki-platform-web-templates 9 opencv-contrib-python-headless 9 opencv-python-headless 9 centreon/centreon 9 org.apache.xmlgraphics:batik 9 io.jenkins:configuration-as-code 9 code.gitea.io/gitea 9 org.apache.hive:hive 9 directus 9 concrete5/core 9 org.jenkins-ci.plugins.workflow:workflow-cps-global-lib 9 passenger 9 jquery 9 waitress 9 kevinpapst/kimai2 9 cobbler 9 puma 9 validator 9 serve 9 org.jenkins-ci.plugins:email-ext 8 ssddanbrown/bookstack 8 ezsystems/ezplatform-kernel 8 funadmin/funadmin 8 github.com/traefik/traefik/v2 8 org.apache.tapestry:tapestry-core 8 Microsoft.AspNetCore.App.Runtime.linux-musl-arm 8 Microsoft.AspNetCore.App 8 OctoPrint 8 alextselegidis/easyappointments 8 codeigniter4/framework 8 nodebb 8 url-parse 8 matrix-js-sdk 8 urijs 8 steal 8 topthink/framework 8 jquery-ui 8 deno 8 pyload-ng 8 sylius/sylius 8 org.apache.shiro:shiro-core 8 org.apache.poi:poi 8 org.apache.tika:tika 8 next-auth 8 org.yaml:snakeyaml 8 org.apache.commons:commons-compress 8 github.com/kubeedge/kubeedge 8 npm 8 org.apache.karaf:apache-karaf 8 mysql:mysql-connector-java 8 wwbn/avideo 8 org.jboss.resteasy:resteasy-client 8 org.apache.pdfbox:pdfbox 8 elefant/cms 8 facturascripts/facturascripts 8 impresscms/impresscms 8 org.keycloak:keycloak-services 8 org.apache.hive:hive-exec 8 node-forge 8 github.com/nats-io/nats-server/v2 8 glance 8 org.apache.kylin:kylin 8 org.apache.ozone:ozone-main 8 editor.md 8 github.com/pomerium/pomerium 8 wagtail 8 keystone 8 cryptography 8 org.apache.zeppelin:zeppelin 7 Flask-AppBuilder 7 org.springframework:spring-webmvc 7 com.xuxueli:xxl-job 7 org.apache.archiva:archiva 7 github.com/go-gitea/gitea 7 io.jenkins.plugins:cavisson-ns-nd-integration 7 org.opennms:opennms 7 Microsoft.NETCore.App.Runtime.linux-arm64 7 org.jenkins-ci.plugins:subversion 7 tar 7 github.com/cri-o/cri-o 7 github.com/mattermost/mattermost-server 7 total.js 7 org.igniterealtime.openfire:parent 7 pillow 7 kiwitcms 7 systeminformation 7 october/cms 7 feehi/cms 7 org.apache.atlas:atlas-common 7 org.apache.santuario:xmlsec 7 org.craftercms:crafter-studio 7 jsrsasign 7 Microsoft.NETCore.App.Runtime.linux-musl-arm64 7 org.jruby:jruby-stdlib 7 io.jenkins.blueocean:blueocean 7 Microsoft.NETCore.App.Runtime.linux-musl-x64 7 Microsoft.NETCore.App.Runtime.linux-x64 7 Microsoft.NETCore.App.Runtime.win-x64 7 Microsoft.NETCore.App.Runtime.win-x86 7 Microsoft.NETCore.App.Runtime.osx-x64 7 Microsoft.NETCore.App.Runtime.win-arm64 7 Microsoft.NETCore.App.Runtime.win-arm 7 Microsoft.NETCore.App.Runtime.linux-arm 7 org.postgresql:postgresql 7 org.apache.logging.log4j:log4j-core 7 pysaml2 7 com.jflyfox:jflyfox_jfinal 7 golang.org/x/crypto 7 laravel/framework 7 OPCFoundation.NetStandard.Opc.Ua.Core 7 october/backend 7 numpy 7 keystone 7 snyk-broker 7 hapi 7 org.apache.httpcomponents:httpclient 7 org.apache.druid:druid 7 bootstrap 7 urllib3 7 hermes-engine 7 hyper 7 org.apache.spark:spark-core_2.11 7 smarty/smarty 7 org.apache.cxf:apache-cxf 7 jQuery 7 mlflow 7 wallabag/wallabag 7 undici 7 lodash 7 org.apache.james:james-server 7 github.com/google/fscrypt 7 org.jeecgframework.boot:jeecg-boot-base 7 io.atomix:atomix 7 github.com/grafana/grafana 7 org.apache.hive:hive-service 7