Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Advisories

Loading...
Low
GSA_kwCzR0hTQS00cTgzLTdjcTQtcDZ3Z84AAxat
`tokio::io::ReadHalf<T>::unsplit` is Unsound
Ecosystems: cargo
Packages: tokio
Source: GitHub Advisory Database
Published: 1 day ago
High
GSA_kwCzR0hTQS12eHBtLThoY3AtcWgyN84AAxad
Payment information sent to PayPal not necessarily identical to created order
Ecosystems: packagist
Packages: swag/paypal
Source: GitHub Advisory Database
Published: 1 day ago
Moderate
GSA_kwCzR0hTQS00ZjQ4LXFwY2gtNHBweM4AAxZ5
Insecure Permissions issue in jeecg-boot
Ecosystems: maven
Packages: org.jeecgframework.boot:jeecg-boot-base
Source: GitHub Advisory Database
Published: 1 day ago
Moderate
GSA_kwCzR0hTQS1yd2h3LTZjNnItMjgyM84AAxZ3
Insecure Permissions issue in jeecg-boot
Ecosystems: maven
Packages: org.jeecgframework.boot:jeecg-boot-base
Source: GitHub Advisory Database
Published: 1 day ago
Moderate
GSA_kwCzR0hTQS1xM2M4LTY1cTctOXY3OM4AAxZt
Cross site scripting in automad/automad
Ecosystems: packagist
Packages: automad/automad
Source: GitHub Advisory Database
Published: 1 day ago
Moderate
GSA_kwCzR0hTQS1tcnF4LW1qYzQtdmZoM84AAxYc
wallabag subject to Improper Authorization via annotations
Ecosystems: packagist
Packages: wallabag/wallabag
Source: GitHub Advisory Database
Published: 2 days ago
Moderate
GSA_kwCzR0hTQS1xd3g4LW14eHgtbWc5Ns4AAxYb
wallabag contains Improper Authorization via export feature
Ecosystems: packagist
Packages: wallabag/wallabag
Source: GitHub Advisory Database
Published: 2 days ago
High
GSA_kwCzR0hTQS04eHY0LWpqNGgtcXd3Ns4AAxYX
Pimcore contains Unrestricted Upload of File with Dangerous Type
Ecosystems: packagist
Packages: pimcore/pimcore
Source: GitHub Advisory Database
Published: 3 days ago
Moderate
GSA_kwCzR0hTQS02MjZxLXY5ajQtbWNwNM4AAxYW
OpenZeppelin Contracts contains Improper Verification of Cryptographic Signature
Ecosystems: pypi
Packages: openzeppelin-cairo-contracts
Source: GitHub Advisory Database
Published: 3 days ago
Moderate
GSA_kwCzR0hTQS1wNHh4LXc2ZnItYzR3Oc4AAxVr
Clockwork Web contains a Cross-Site Request Forgery Vulnerability with Rails < 5.2
Ecosystems: rubygems
Packages: clockwork_web
Source: GitHub Advisory Database
Published: 3 days ago
High
GSA_kwCzR0hTQS13cXh3LThoNWctaHE1Ns4AAxVm
Switcher Client contains Regular Expression Denial of Service (ReDoS)
Ecosystems: npm
Packages: switcher-client
Source: GitHub Advisory Database
Published: 3 days ago
Critical
GSA_kwCzR0hTQS1wZ3ZoLXAzZzQtODZqd84AAxVl
AVideo contains Command injection when embedding a video link
Ecosystems: packagist
Packages: wwbn/avideo
Source: GitHub Advisory Database
Published: 3 days ago
Moderate
GSA_kwCzR0hTQS1xMmpmLWg5am0tbTdwNM4AAxVW
Django contains Uncontrolled Resource Consumption via cached header
Ecosystems: pypi
Packages: django
Source: GitHub Advisory Database
Published: 3 days ago
Moderate
GSA_kwCzR0hTQS1oN3ZmLTV3cnYtOWZods4AAxVO
Symfony storing cookie headers in HttpCache
Ecosystems: packagist
Packages: symfony/symfony, symfony/http-kernel
Source: GitHub Advisory Database
Published: 4 days ago
Low
GSA_kwCzR0hTQS0zZ3YyLTI5cWMtdjY3bc4AAxVN
Symfony vulnerable to Session Fixation of CSRF tokens
Ecosystems: packagist
Packages: symfony/symfony, symfony/security-bundle
Source: GitHub Advisory Database
Published: 4 days ago
Moderate
GSA_kwCzR0hTQS0yMmo0LXFjNDgtajhmOM4AAxUh
Apache InLong vulnerable to Deserialization of Untrusted Data vulnerability
Ecosystems: maven
Packages: org.apache.inlong:inlong
Source: GitHub Advisory Database
Published: 4 days ago
Moderate
GSA_kwCzR0hTQS1oNDVmLXJqdnctMnJ2Ms4AAxUc
Withdrawn: wallabag subject to Improper Authorization
Ecosystems: packagist
Packages: wallabag/wallabag
Source: GitHub Advisory Database
Published: 4 days ago
Moderate
GSA_kwCzR0hTQS1xOXA1LXcydjktNnd4Zs4AAxUe
Apache InLong contains Out-of-bounds Read vulnerability
Ecosystems: maven
Packages: org.apache.inlong:inlong
Source: GitHub Advisory Database
Published: 4 days ago
Moderate
GSA_kwCzR0hTQS14cnczLXdxcGgtM2Z4Z84AAxUd
Withdrawn: wallabag subject to Improper Authorization via annotations
Ecosystems: packagist
Packages: wallabag/wallabag
Source: GitHub Advisory Database
Published: 4 days ago
High
GSA_kwCzR0hTQS0yMjc1LXJwZjUteHY4aM4AAxUK
is-http2 vulnerable to Command Injection
Ecosystems: npm
Packages: is-http2
Source: GitHub Advisory Database
Published: 4 days ago
Moderate
GSA_kwCzR0hTQS1wajk3LXI4M3Ytdmo3Zs4AAxT0
Microweber contains Cross-site Scripting
Ecosystems: packagist
Packages: microweber/microweber
Source: GitHub Advisory Database
Published: 4 days ago
Critical
GSA_kwCzR0hTQS0zY3c1LTdjeHctdjVxZ84AAxTp
Dompdf vulnerable to URI validation failure on SVG parsing
Ecosystems: packagist
Packages: dompdf/dompdf
Source: GitHub Advisory Database
Published: 4 days ago
High
GSA_kwCzR0hTQS04djRqLTdqZ2YtNXJnOc4AAxTg
Warp vulnerable to Path Traversal via Improper validation of Windows paths
Ecosystems: cargo
Packages: warp
Source: GitHub Advisory Database
Published: 4 days ago
High
GSA_kwCzR0hTQS14cmg3LW01cHAtMzlyNs4AAxTf
XSS Attack with Express API
Ecosystems: npm
Packages: eta
Source: GitHub Advisory Database
Published: 4 days ago
High
GSA_kwCzR0hTQS12bTVyLWM4N3ItcGY2eM4AAxTe
Parse Server option `masterKeyIps` vulnerability to IP spoofing
Ecosystems: npm
Packages: parse-server
Source: GitHub Advisory Database
Published: 4 days ago
High
GSA_kwCzR0hTQS1oNnc4LTUybXEtNHF4Y84AAxTG
Apache Linkis contains Deserialization of Untrusted Data
Ecosystems: maven
Packages: org.apache.linkis:linkis
Source: GitHub Advisory Database
Published: 5 days ago
Moderate
GSA_kwCzR0hTQS1yeDc2LXh3MzUtNnJoOM4AAxTJ
Apache Linkis vulnerable to Exposure of Sensitive Information
Ecosystems: maven
Packages: org.apache.linkis:linkis
Source: GitHub Advisory Database
Published: 5 days ago
Moderate
GSA_kwCzR0hTQS12cDJ4LTNtYzMtM2NqNM4AAxTK
Path traversal in ubi-reader
Ecosystems: pypi
Packages: ubi-reader
Source: GitHub Advisory Database
Published: 5 days ago
High
GSA_kwCzR0hTQS1jNnJ4LWd4cXYtdnI1as4AAxTA
nemo-appium vulnerable to OS Command Injection
Ecosystems: npm
Packages: nemo-appium
Source: GitHub Advisory Database
Published: 5 days ago
Moderate
GSA_kwCzR0hTQS1yNGhnLTRjcHEtcTU3Y84AAxS9
jSuites subect to Cross-site Scripting
Ecosystems: npm
Packages: jsuites
Source: GitHub Advisory Database
Published: 5 days ago
Moderate
GSA_kwCzR0hTQS1yYzQ3LTY2NjctMmo1as4AAxS-
http-cache-semantics vulnerable to Regular Expression Denial of Service
Ecosystems: maven, npm
Packages: org.webjars.npm:http-cache-semantics, http-cache-semantics
Source: GitHub Advisory Database
Published: 5 days ago
Moderate
GSA_kwCzR0hTQS1wcDR3LTl4ODItNnI0N84AAxRm
Apache IoTDB contains Improper Authentication
Ecosystems: maven
Packages: org.apache.iotdb:iotdb-parent
Source: GitHub Advisory Database
Published: 6 days ago
High
GSA_kwCzR0hTQS1tZjZ4LWhyZ3ItNjU4Zs4AAxPw
Eta vulnerable to Code Injection via templates rendered with user-defined data
Ecosystems: npm
Packages: eta
Source: GitHub Advisory Database
Published: 6 days ago
High
GSA_kwCzR0hTQS04OHY4LXY0NmctNmM5d84AAxPx
Servst vulnerable to Path Traversal
Ecosystems: npm
Packages: servst
Source: GitHub Advisory Database
Published: 6 days ago
Low
GSA_kwCzR0hTQS1ydzgzLXYzcHctbTM2Ms4AAxPv
Withdrawn: safeurl-python contains Server-Side Request Forgery
Ecosystems: pypi
Packages: safeurl-python
Source: GitHub Advisory Database
Published: 6 days ago
Moderate
GSA_kwCzR0hTQS12cXFtLWM5Z3gtNzczcc4AAxPr
Froxlor contains Business Logic Errors
Ecosystems: packagist
Packages: froxlor/froxlor
Source: GitHub Advisory Database
Published: 6 days ago
Moderate
GSA_kwCzR0hTQS13N3c0LXFqZ2ctMzcyeM4AAxPp
Froxlor contains Static Code Injection
Ecosystems: packagist
Packages: froxlor/froxlor
Source: GitHub Advisory Database
Published: 6 days ago
Moderate
GSA_kwCzR0hTQS0zY2h3LThqcTItdzc2Oc4AAxPn
Froxlor contains Unchecked Error Condition
Ecosystems: packagist
Packages: froxlor/froxlor
Source: GitHub Advisory Database
Published: 6 days ago
High
GSA_kwCzR0hTQS1nN2dmLTJycXctNXJ3eM4AAxPk
Publify contains Weak Password Requirements
Ecosystems: rubygems
Packages: publify_core
Source: GitHub Advisory Database
Published: 7 days ago
Moderate
GSA_kwCzR0hTQS0zNmZoLTg0ajctY3Y1aM4AAxPh
JSZip contains Path Traversal via loadAsync
Ecosystems: npm
Packages: jszip
Source: GitHub Advisory Database
Published: 7 days ago
Moderate
GSA_kwCzR0hTQS1wbTcyLTI3bWctZmMyOM4AAxPg
Froxlor contains Weak Password Requirements
Ecosystems: packagist
Packages: froxlor/froxlor
Source: GitHub Advisory Database
Published: 7 days ago
Moderate
GSA_kwCzR0hTQS05bXE0LTk1NTYtNnF4cc4AAxPf
NYUCCL psiTurk vulnerable to Improper Neutralization of Special Elements
Ecosystems: pypi
Packages: psiTurk
Source: GitHub Advisory Database
Published: 7 days ago
Moderate
GSA_kwCzR0hTQS1mdzNnLTJoM2otcW1tN84AAxPa
Improper neutralization of `noscript` element content may allow XSS in Sanitize
Ecosystems: rubygems
Packages: sanitize
Source: GitHub Advisory Database
Published: 8 days ago
Moderate
GSA_kwCzR0hTQS0zZzV3LTZwdzctNmhycM4AAxOj
Path Traversal In Eclipse GlassFish
Ecosystems: maven
Packages: org.glassfish.main.web:web
Source: GitHub Advisory Database
Published: 9 days ago
Moderate
GSA_kwCzR0hTQS1qZ2g4LXZjaHctcTNnN84AAxOa
safeurl-python contains Server-Side Request Forgery
Ecosystems: pypi
Packages: safeurl-python
Source: GitHub Advisory Database
Published: 9 days ago
High
GSA_kwCzR0hTQS1oNjMyLXA3NjQtcGpxbc4AAxOZ
DataFlow upload remote code execution vulnerability
Ecosystems: packagist
Packages: openmage/magento-lts
Source: GitHub Advisory Database
Published: 9 days ago
High
GSA_kwCzR0hTQS01ajJnLTNwaDQtcmd2bc4AAxOY
Fix for authenticated remote code execution through layout update
Ecosystems: packagist
Packages: openmage/magento-lts
Source: GitHub Advisory Database
Published: 9 days ago
Moderate
GSA_kwCzR0hTQS14NDc3LWZxMzctcTV3cs4AAxOX
Initial debug-host handler implementation could leak information and facilitate denial of service
Ecosystems: go
Packages: fortio.org/proxy
Source: GitHub Advisory Database
Published: 9 days ago
Moderate
GSA_kwCzR0hTQS0zcDczLW1tN3YtNGY2bc4AAxOW
DoS vulnerability in MaliciousCode filter
Ecosystems: packagist
Packages: openmage/magento-lts
Source: GitHub Advisory Database
Published: 9 days ago
High
GSA_kwCzR0hTQS01dnB2LXhtY2otOXE4Nc4AAxOV
Fix for arbitrary file deletion in customer media allows for remote code execution
Ecosystems: packagist
Packages: openmage/magento-lts
Source: GitHub Advisory Database
Published: 9 days ago
High
GSA_kwCzR0hTQS1jOXEzLXI0cnYtbWptN84AAxOU
Fix for arbitrary command execution in custom layout update through blocks
Ecosystems: packagist
Packages: openmage/magento-lts
Source: GitHub Advisory Database
Published: 9 days ago
High
GSA_kwCzR0hTQS04djUzLTIzbXgtaGNmOc4AAxNf
Improper Certificate Validation in pyload-ng
Ecosystems: pypi
Packages: pyload-ng
Source: GitHub Advisory Database
Published: 9 days ago
High
GSA_kwCzR0hTQS0zM2d2LXJ2Z3EtZ3B4cM4AAxNL
HTML injections in BTCPayServer
Ecosystems: nuget
Packages: BTCPayServer.Client
Source: GitHub Advisory Database
Published: 9 days ago
Moderate
GSA_kwCzR0hTQS13Y202LXd2OTUtN2p3Ns4AAxNP
Cross-site Scripting in pyload-ng
Ecosystems: pypi
Packages: pyload-ng
Source: GitHub Advisory Database
Published: 9 days ago
High
GSA_kwCzR0hTQS1jNDY3LTVjMmctanA4Ns4AAxNO
Cross-site Scripting in modoboa
Ecosystems: pypi
Packages: modoboa
Source: GitHub Advisory Database
Published: 9 days ago
High
GSA_kwCzR0hTQS1qbTNtLXdyM3AtaGpycc4AAxNK
Cross-site Scripting in modoboa
Ecosystems: pypi
Packages: modoboa
Source: GitHub Advisory Database
Published: 9 days ago
High
GSA_kwCzR0hTQS02MzI1LTZnMzItN3AzNc4AAxNI
flash_tool Gem for Ruby File Download Handling Arbitrary Command Execution
Ecosystems: rubygems
Packages: flash_tool
Source: GitHub Advisory Database
Published: 9 days ago
Moderate
GSA_kwCzR0hTQS03NDZnLTNnZnAtaGZod84AAxNH
Devise Gem for Ruby Unauthorized Access Using Remember Me Cookie
Ecosystems: rubygems
Packages: devise
Source: GitHub Advisory Database
Published: 9 days ago
Moderate
GSA_kwCzR0hTQS04OHA4LTR2djUtODJqN84AAxNG
xaviershay-dm-rails Gem for Ruby exposes sensitive information via the process table
Ecosystems: rubygems
Packages: xaviershay-dm-rails
Source: GitHub Advisory Database
Published: 9 days ago
Critical
GSA_kwCzR0hTQS1wcmNnLW1jMjMtaGdqaM4AAxNE
phpmyadmin contains SQL Injection vulnerability
Ecosystems: packagist
Packages: phpmyadmin/phpmyadmin
Source: GitHub Advisory Database
Published: 9 days ago
Moderate
GSA_kwCzR0hTQS00anF3LXZmbWotOXJtaM4AAxMd
Cross-site Scripting in yapi-vendor
Ecosystems: npm
Packages: yapi-vendor
Source: GitHub Advisory Database
Published: 9 days ago
High
GSA_kwCzR0hTQS01cXE0LW02YzMteHhtZs4AAxMF
Directory Traversal vulnerability in serve-lite
Ecosystems: npm
Packages: serve-lite
Source: GitHub Advisory Database
Published: 9 days ago
High
GSA_kwCzR0hTQS02OWYyLTQzNzUtcXY5aM4AAxMO
Command injection in smartctl
Ecosystems: npm
Packages: smartctl
Source: GitHub Advisory Database
Published: 9 days ago
Critical
GSA_kwCzR0hTQS05dzVqLTRtd3YtMndqOM4AAxNC
Remote code execution in simple-git
Ecosystems: npm
Packages: simple-git
Source: GitHub Advisory Database
Published: 9 days ago
High
GSA_kwCzR0hTQS1mZnhqLTU0N3gtNWo3Y84AAxM0
Directory Traversal in onnx
Ecosystems: pypi
Packages: onnx
Source: GitHub Advisory Database
Published: 9 days ago
Critical
GSA_kwCzR0hTQS1qOHdyLWZ3ZjItdnZyOc4AAxM9
Command Injection in create-choo-electron
Ecosystems: npm
Packages: create-choo-electron
Source: GitHub Advisory Database
Published: 9 days ago
Critical
GSA_kwCzR0hTQS01NGp3LWpxcjktNmNqOc4AAxM2
Command injection in vagrant.js
Ecosystems: npm
Packages: vagrant.js
Source: GitHub Advisory Database
Published: 9 days ago
Moderate
GSA_kwCzR0hTQS1qOHg3LXFjdzQteHg4Nc4AAxM5
Cross-site Scripting (XSS) in serve-lite
Ecosystems: npm
Packages: serve-lite
Source: GitHub Advisory Database
Published: 9 days ago
High
GSA_kwCzR0hTQS1nNXFyLXhnZzctOHEyd84AAxND
Command Injection in puppet-facter
Ecosystems: npm
Packages: puppet-facter
Source: GitHub Advisory Database
Published: 9 days ago
Critical
GSA_kwCzR0hTQS04bTlmLWM1cDktd3FjaM4AAxM-
Remote Code Execution in com.bstek.uflo:uflo-core
Ecosystems: maven
Packages: com.bstek.uflo:uflo-core
Source: GitHub Advisory Database
Published: 9 days ago
High
GSA_kwCzR0hTQS02NXY2LTNjOW0taG1ycM4AAxK2
Arbitrary file write in net.mingsoft:ms-mcms
Ecosystems: maven
Packages: net.mingsoft:ms-mcms
Source: GitHub Advisory Database
Published: 9 days ago
High
GSA_kwCzR0hTQS0zY204LXY0bWMtZ3BwZ84AAxJf
Path traversal in binwalk
Ecosystems: pypi
Packages: binwalk
Source: GitHub Advisory Database
Published: 9 days ago
High
GSA_kwCzR0hTQS03NnFqLTlnd2gtcHZ2M84AAxJ8
Sandbox bypass in Jenkins Script Security Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:script-security
Source: GitHub Advisory Database
Published: 9 days ago
Moderate
GSA_kwCzR0hTQS13NHY1LTU0cDgtbTRqNc4AAxJ3
Missing permission checks in Jenkins GitHub Pull Request Builder Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:ghprb
Source: GitHub Advisory Database
Published: 9 days ago
Moderate
GSA_kwCzR0hTQS1tNnE4LW13ZjYtNm1tY84AAxJU
CSRF vulnerability in Jenkins GitHub Pull Request Builder Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:ghprb
Source: GitHub Advisory Database
Published: 9 days ago
Moderate
GSA_kwCzR0hTQS1jY2Y0LTloamMteHhjNM4AAxJz
Missing permission check in Jenkins GitHub Pull Request Builder Plugin allows enumerating credentials IDs
Ecosystems: maven
Packages: org.jenkins-ci.plugins:ghprb
Source: GitHub Advisory Database
Published: 9 days ago
Moderate
GSA_kwCzR0hTQS1tajYyLW02M3gtbWg4NM4AAxJy
Open redirect vulnerability in Jenkins OpenID Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:openid
Source: GitHub Advisory Database
Published: 9 days ago
Moderate
GSA_kwCzR0hTQS02ajI3LTN4ZnctY2oyd84AAxJ_
Missing permissions check in Jenkins JIRA Pipeline Steps Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:jira-steps
Source: GitHub Advisory Database
Published: 9 days ago
High
GSA_kwCzR0hTQS1weDJmLWNxcmYtZjJxZ84AAxJO
CSRF vulnerability in Jenkins TestQuality Updater Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:testquality-updater
Source: GitHub Advisory Database
Published: 9 days ago
Moderate
GSA_kwCzR0hTQS04N3JoLXdjODUteHF2Y84AAxJ9
Missing permission checks in Jenkins Orka Plugin allow enumerating credentials IDs
Ecosystems: maven
Packages: io.jenkins.plugins:macstadium-orka
Source: GitHub Advisory Database
Published: 9 days ago
Moderate
GSA_kwCzR0hTQS1nbWhmLTM3ZngtYzRxOM4AAxJT
Missing permission checks in Jenkins Orka Plugin allow capturing credentials
Ecosystems: maven
Packages: io.jenkins.plugins:macstadium-orka
Source: GitHub Advisory Database
Published: 9 days ago
Moderate
GSA_kwCzR0hTQS05andoLXF2ZzctZ3I1Oc4AAxJ0
CSRF vulnerability in Jenkins Orka Plugin allow capturing credentials
Ecosystems: maven
Packages: io.jenkins.plugins:macstadium-orka
Source: GitHub Advisory Database
Published: 9 days ago
Critical
GSA_kwCzR0hTQS1nNW1qLWMyNmctdm1wbc4AAxJx
XML Entity Expansion in Jenkins TestComplete support Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:TestComplete
Source: GitHub Advisory Database
Published: 9 days ago
High
GSA_kwCzR0hTQS13ajc5LTlmeGotajg2cM4AAxJu
Cross-site request forgery vulnerability in Jenkins RabbitMQ Consumer Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:rabbitmq-consumer
Source: GitHub Advisory Database
Published: 9 days ago
High
GSA_kwCzR0hTQS05OTYzLWdtaDgtdnZtNs4AAxJN
Session fixation vulnerability in Jenkins Keycloak Authentication Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:keycloak
Source: GitHub Advisory Database
Published: 9 days ago
Moderate
GSA_kwCzR0hTQS1oY3ZmLXBmcm0tanhnZs4AAxJt
Cisco Spark Notifier Jenkins Plugin contains Missing Authorization
Ecosystems: maven
Packages: org.jenkins-ci.plugins:cisco-spark-notifier-plugin
Source: GitHub Advisory Database
Published: 9 days ago
Low
GSA_kwCzR0hTQS1nMjl2LTVwd2gtd3h4NM4AAxKJ
Plaintext Storage of a Password in Jenkins JIRA Pipeline Steps Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:jira-steps
Source: GitHub Advisory Database
Published: 9 days ago
Moderate
GSA_kwCzR0hTQS00eDY1LTRmangtcjdtNs4AAxJ4
Plaintext storage of Access Token in Jenkins GitHub Pull Request Coverage Status Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:github-pr-coverage-status
Source: GitHub Advisory Database
Published: 9 days ago
Moderate
GSA_kwCzR0hTQS05NWpxLTI0Y3ItcGdycc4AAxJV
Cross-site request forgery in Jenkins Gerrit Trigger Plugin
Ecosystems: maven
Packages: com.sonyericsson.hudson.plugins.gerrit:gerrit-trigger
Source: GitHub Advisory Database
Published: 9 days ago
High
GSA_kwCzR0hTQS05Mzl4LTZtd2otOTZyMs4AAxKB
Insufficient Session Expiration in Jenkins Azure AD Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:azure-ad
Source: GitHub Advisory Database
Published: 9 days ago
High
GSA_kwCzR0hTQS1mOTc2LTI0aGMtbWp2cs4AAxJw
Session fixation vulnerability in Jenkins OpenID Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:openid
Source: GitHub Advisory Database
Published: 9 days ago
Moderate
GSA_kwCzR0hTQS1xZ2pxLWhyaGctZjI0aM4AAxJr
Missing permission check in Jenkins RabbitMQ Consumer Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:rabbitmq-consumer
Source: GitHub Advisory Database
Published: 9 days ago
Moderate
GSA_kwCzR0hTQS02aHc3LXg4NnYtd3JnZs4AAxJp
Passwords stored in plain text by Jenkins view-cloner Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:view-cloner
Source: GitHub Advisory Database
Published: 9 days ago
High
GSA_kwCzR0hTQS1oOHA4LTYzNzgtNjQ5cM4AAxJ1
XML external entity reference vulnerability on agents in Jenkins Semantic Versioning Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:semantic-versioning-plugin
Source: GitHub Advisory Database
Published: 9 days ago
High
GSA_kwCzR0hTQS14OXE0LXF3ZmgtOWdqcc4AAxJ-
Session fixation vulnerability in Jenkins Bitbucket OAuth Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:bitbucket-oauth
Source: GitHub Advisory Database
Published: 9 days ago
High
GSA_kwCzR0hTQS05Nmp2LWM3bTYtcTQzZ84AAxJs
Cross-site request forgery vulnerability in Jenkins OpenID Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:openid
Source: GitHub Advisory Database
Published: 9 days ago
Low
GSA_kwCzR0hTQS05OHFjLXY4dmctbWN4NM4AAxJQ
Plaintext Storage of a Password in Jenkins TestQuality Updater Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:testquality-updater
Source: GitHub Advisory Database
Published: 9 days ago
Moderate
GSA_kwCzR0hTQS0yanB4LWg4ajItZzhtNM4AAxJW
Exposure of system-scoped Kubernetes credentials in Jenkins Kubernetes Credentials Provider Plugin
Ecosystems: maven
Packages: com.cloudbees.jenkins.plugins:kubernetes-credentials-provider
Source: GitHub Advisory Database
Published: 9 days ago
Moderate
GSA_kwCzR0hTQS1wY2MyLXc2bTgteDV3NM4AAxJ6
Agent-to-controller security bypass in Jenkins Semantic Versioning Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:semantic-versioning-plugin
Source: GitHub Advisory Database
Published: 9 days ago
High
GSA_kwCzR0hTQS12eG1oLXA1MmotaDMzbc4AAxJ5
Session fixation vulnerability in Jenkins OpenId Connect Authentication Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:oic-auth
Source: GitHub Advisory Database
Published: 9 days ago
Filter by Package
tensorflow 403 tensorflow-cpu 366 tensorflow-gpu 366 org.jenkins-ci.main:jenkins-core 146 org.apache.tomcat:tomcat 73 microweber/microweber 68 com.fasterxml.jackson.core:jackson-databind 68 Microsoft.ChakraCore 67 github.com/usememos/memos 54 actionpack 51 pimcore/pimcore 44 apache-airflow 43 org.apache.struts:struts2-core 43 ansible 42 django 42 rdiffweb 40 shopware/platform 40 Pillow 39 typo3/cms-core 38 org.keycloak:keycloak-core 38 com.thoughtworks.xstream:xstream 37 showdoc/showdoc 36 shopware/core 31 librenms/librenms 30 opencv-contrib-python 30 opencv-python 30 snipe/snipe-it 28 org.apache.nifi:nifi 27 moodle/moodle 25 io.undertow:undertow-core 25 org.springframework:spring-core 25 nokogiri 24 org.elasticsearch:elasticsearch 23 parse-server 23 net.mingsoft:ms-mcms 23 activerecord 22 org.apache.tomcat.embed:tomcat-embed-core 22 remdex/livehelperchat 22 org.jenkins-ci.plugins:script-security 21 org.apache.solr:solr-core 21 dolibarr/dolibarr 21 gogs.io/gogs 21 matrix-synapse 20 Plone 20 rails 20 apache-superset 20 org.springframework.security:spring-security-core 20 electron 19 org.eclipse.jetty:jetty-server 19 com.vaadin:vaadin-bom 19 typo3/cms 18 mautic/core 18 org.keycloak:keycloak-parent 17 concrete5/concrete5 17 org.apache.openmeetings:openmeetings-parent 17 org.bouncycastle:bcprov-jdk14 17 cakephp/cakephp 17 shopware/shopware 17 org.apache.activemq:activemq-client 17 openssl-src 17 marked 16 thorsten/phpmyfaq 16 org.bouncycastle:bcprov-jdk15 16 yetiforce/yetiforce-crm 16 rack 16 github.com/argoproj/argo-cd 16 silverstripe/framework 16 rusqlite 16 baserproject/basercms 15 org.apache.geode:geode-core 15 pocketmine/pocketmine-mp 15 craftcms/cms 14 org.apache.cxf:cxf 14 github.com/hashicorp/nomad 14 swagger-ui 14 org.xwiki.platform:xwiki-platform-oldcore 14 org.apache.jspwiki:jspwiki-main 14 github.com/ethereum/go-ethereum 14 symfony/symfony 14 strapi 14 puppet 13 grumpydictator/firefly-iii 13 handlebars 13 tribalsystems/zenario 13 notebook 13 froxlor/froxlor 13 Microsoft.AspNetCore.App.Runtime.osx-x64 13 Microsoft.AspNetCore.App.Runtime.win-x86 13 Microsoft.AspNetCore.App.Runtime.win-arm 13 Microsoft.AspNetCore.App.Runtime.win-x64 13 Microsoft.AspNetCore.App.Runtime.linux-arm 13 Microsoft.AspNetCore.App.Runtime.linux-x64 13 Microsoft.AspNetCore.App.Runtime.linux-musl-x64 13 Microsoft.AspNetCore.App.Runtime.linux-arm64 13 @openzeppelin/contracts-upgradeable 13 publify_core 13 github.com/goharbor/harbor 13 pyftpdlib 13 org.apache.tika:tika-core 13 org.apache.dubbo:dubbo 13 helm.sh/helm/v3 12 rails-html-sanitizer 12 phpmailer/phpmailer 12 Microsoft.AspNetCore.App.Runtime.linux-musl-arm64 12 actionview 12 sequelize 12 getkirby/cms 12 @openzeppelin/contracts 12 github.com/rancher/rancher 12 forkcms/forkcms 12 openmage/magento-lts 12 next 12 onionshare-cli 11 org.jenkins-ci.plugins.workflow:workflow-cps 11 feehi/feehicms 11 org.jenkins-ci.plugins:git 11 org.apache.cxf:cxf-core 11 Django 11 org.apache.hadoop:hadoop-common 11 com.liferay.portal:release.portal.bom 11 org.apache.hadoop:hadoop-main 11 intelliants/subrion 11 fat_free_crm 11 getgrav/grav 11 francoisjacquet/rosariosis 11 drupal/core 11 DotNetNuke.Core 11 wasmtime 10 github.com/hashicorp/consul 10 com.vaadin:flow-server 10 Microsoft.AspNetCore.App.Runtime.win-arm64 10 ckb 10 Microsoft.NETCore.App 10 Microsoft.AspNetCore.All 10 twisted 10 github.com/hashicorp/vault 10 activesupport 10 github.com/argoproj/argo-cd/v2 10 contao/core-bundle 10 ckeditor4 10 org.apache.jspwiki:jspwiki-war 10 october/system 10 tinymce 10 vyper 10 org.apache.ranger:ranger 10 github.com/containerd/containerd 9 org.apache.camel:camel-core 9 io.jenkins:configuration-as-code 9 centreon/centreon 9 org.apache.xmlgraphics:batik 9 jquery 9 code.gitea.io/gitea 9 k8s.io/kubernetes 9 calibreweb 9 org.apache.hive:hive 9 puma 9 concrete5/core 9 org.jenkins-ci.plugins.workflow:workflow-cps-global-lib 9 waitress 9 kevinpapst/kimai2 9 opencv-python-headless 9 github.com/docker/docker 9 org.apache.kylin:kylin 9 validator 9 serve 9 ssddanbrown/bookstack 8 ghost 8 org.apache.tapestry:tapestry-core 8 Microsoft.AspNetCore.App.Runtime.linux-musl-arm 8 Microsoft.AspNetCore.App 8 OctoPrint 8 url-parse 8 nodebb 8 urijs 8 steal 8 topthink/framework 8 org.yaml:snakeyaml 8 org.xwiki.platform:xwiki-platform-web 8 jquery-ui 8 sylius/sylius 8 org.apache.tika:tika 8 org.apache.shiro:shiro-core 8 org.apache.poi:poi 8 pyload-ng 8 org.apache.commons:commons-compress 8 github.com/kubeedge/kubeedge 8 npm 8 org.apache.karaf:apache-karaf 8 mysql:mysql-connector-java 8 org.jboss.resteasy:resteasy-client 8 org.apache.pdfbox:pdfbox 8 elefant/cms 8 facturascripts/facturascripts 8 passenger 8 impresscms/impresscms 8 org.apache.hive:hive-exec 8 node-forge 8 opencv-contrib-python-headless 8 github.com/nats-io/nats-server/v2 8 org.apache.ozone:ozone-main 8 org.apache.zeppelin:zeppelin 7 urllib3 7 org.springframework:spring-webmvc 7 github.com/opencontainers/runc 7 ezsystems/ezpublish-kernel 7 org.jenkins-ci.plugins:subversion 7 github.com/traefik/traefik/v2 7 tar 7 github.com/cri-o/cri-o 7 total.js 7 github.com/cloudflare/cfrpki/cmd/octorpki 7 org.igniterealtime.openfire:parent 7 pillow 7 systeminformation 7 october/cms 7 feehi/cms 7 org.apache.santuario:xmlsec 7 org.apache.atlas:atlas-common 7 jsrsasign 7 org.craftercms:crafter-studio 7 io.jenkins.blueocean:blueocean 7 Microsoft.NETCore.App.Runtime.win-x86 7 Microsoft.NETCore.App.Runtime.win-arm 7 Microsoft.NETCore.App.Runtime.win-x64 7 Microsoft.NETCore.App.Runtime.win-arm64 7 Microsoft.NETCore.App.Runtime.linux-musl-x64 7 Microsoft.NETCore.App.Runtime.osx-x64 7 Microsoft.NETCore.App.Runtime.linux-x64 7 Microsoft.NETCore.App.Runtime.linux-musl-arm64 7 Microsoft.NETCore.App.Runtime.linux-arm64 7 Microsoft.NETCore.App.Runtime.linux-arm 7 github.com/go-gitea/gitea 7 codeigniter4/framework 7 pysaml2 7 laravel/framework 7 october/backend 7 numpy 7 keystone 7 snyk-broker 7 next-auth 7 angular 7 hapi 7 org.apache.httpcomponents:httpclient 7 org.apache.druid:druid 7 hermes-engine 7 hyper 7 org.apache.spark:spark-core_2.11 7 github.com/pomerium/pomerium 7 org.apache.cxf:apache-cxf 7 lodash 7 org.apache.james:james-server 7 io.atomix:atomix 7 org.apache.hive:hive-service 7 tensorflow-lite 7 magento/community-edition 7 org.apache.syncope:syncope-core 6 Flask-AppBuilder 6 org.jenkins-ci.plugins:ec2 6 github.com/sylabs/singularity 6 io.jenkins.plugins:cavisson-ns-nd-integration 6 loofah 6 Simple-Wayland-HotKey-Daemon 6 org.apache.archiva:archiva 6 org.jenkins-ci.plugins:active-directory 6 Microsoft.AspNetCore.Mvc.Core 6 org.apache.solr:solr-parent 6 org.apache.dolphinscheduler:dolphinscheduler 6 org.apache.mesos:mesos 6 com.sonyericsson.hudson.plugins.gerrit:gerrit-trigger 6 github.com/fluxcd/flux2 6 commons-jxpath:commons-jxpath 6 org.postgresql:postgresql 6 lief 6 express-cart 6 org.opencastproject:opencast-kernel 6 org.apache.logging.log4j:log4j-core 6 parse-url 6 OPCFoundation.NetStandard.Opc.Ua.Core 6 doorkeeper 6 github.com/beego/beego 6 ipython 6 bootstrap 6 simplesamlphp/simplesamlphp 6 org.springframework.amqp:spring-amqp 6 io.netty:netty-handler 6 guzzlehttp/guzzle 6 ember-source 6 inventree 6 libpulse-binding 6 org.apache.spark:spark-core_2.10 6 smarty/smarty 6 python-gnupg 6 org.owasp.antisamy:antisamy 6 cobbler 6 github.com/google/fscrypt 6 org.jeecgframework.boot:jeecg-boot-base 6 smallvec 6 pterodactyl/panel 6 aaptjs 6 wagtail 6