Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories

Loading...
High
GSA_kwCzR0hTQS02cjg2LTJqbTktOW1oNM0uxg
File upload restriction bypass in Zenario CMS
Ecosystems: packagist
Packages: tribalsystems/zenario
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS00NGNnLXFjcHItZndqaM0upA
Cross site scripting in francoisjacquet/rosariosis
Ecosystems: packagist
Packages: francoisjacquet/rosariosis
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS00djZwLWN4ZjktOThyZs0ufw
Allocation of Resources Without Limits or Throttling in metadata-extractor
Ecosystems: maven
Packages: com.drewnoakes:metadata-extractor
Source: GitHub Advisory Database
Blast Radius: 17.5
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1wNXBnLXdtOXEtOHY2cs0ugQ
Improper Handling of Exceptional Conditions inn metadata-extractor
Ecosystems: maven
Packages: com.drewnoakes:metadata-extractor
Source: GitHub Advisory Database
Blast Radius: 17.5
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS1waDYyLTg3Njgtcjg3ds0uqg
Arbitrary file delete in ectouch/ectouch
Ecosystems: packagist
Packages: ectouch/ectouch
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1xNjJoLWp3MzgtMjR2aM0ufQ
Uncaught Exception in zip4j
Ecosystems: maven
Packages: net.lingala.zip4j:zip4j
Source: GitHub Advisory Database
Blast Radius: 19.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1wdzk3LTZ2NzQtOXczcM0ulw
EC-CUBE improperly handles HTTP Host header values
Ecosystems: packagist
Packages: ec-cube/ec-cube
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1oajkzLTVmZzMtM2Nocs0uhw
HashiCorp Consul Ingress Gateway Panic Can Shutdown Servers
Ecosystems: go
Packages: github.com/hashicorp/consul
Source: GitHub Advisory Database
Blast Radius: 22.6
Published: about 2 years ago
High
GSA_kwCzR0hTQS02dzR2LXFyNG0tOTdnZ80ucg
Multi-Factor Authentication issue in Laravel Fortify
Ecosystems: packagist
Packages: laravel/fortify
Source: GitHub Advisory Database
Blast Radius: 31.8
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS04d3I0LTJ3bTYtdzNwcs0uRg
B2 Command Line Tool TOCTOU application key disclosure
Ecosystems: pypi
Packages: b2
Source: GitHub Advisory Database
Blast Radius: 6.9
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS01M202LTQ0cmMtaDJxNc0uRQ
Missing server signature validation in OctoberCMS
Ecosystems: packagist
Packages: october/system
Source: GitHub Advisory Database
Blast Radius: 12.2
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1wODY3LWZ4ZnItcGgyd80uRA
b2-sdk-python TOCTOU application key disclosure
Ecosystems: pypi
Packages: b2sdk
Source: GitHub Advisory Database
Blast Radius: 9.3
Published: about 2 years ago
High
GSA_kwCzR0hTQS1tanZjLWo2cnYtOXhqOM0uPA
Insertion of Sensitive Information Into Debugging Code in Microweber
Ecosystems: packagist
Packages: microweber/microweber
Source: GitHub Advisory Database
Blast Radius: 6.2
Published: about 2 years ago
High
GSA_kwCzR0hTQS12cWoyLTR2OG0tOHZycc0uPQ
Insecure Temporary File in mlflow
Ecosystems: pypi
Packages: mlflow
Source: GitHub Advisory Database
Blast Radius: 30.4
Published: about 2 years ago
High
GSA_kwCzR0hTQS1oanA4LTJjbTMtY2M0Nc0uQw
Cookie exposure in requestretry
Ecosystems: npm
Packages: requestretry
Source: GitHub Advisory Database
Blast Radius: 35.9
Published: about 2 years ago
High
GSA_kwCzR0hTQS1qOGN4LWo5ajItZjI5d80uQg
Insecure Storage of Sensitive Information in Microweber
Ecosystems: packagist
Packages: microweber/microweber
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS1oajhnLWN3OHgtMmM2bc0uOw
Cross-site Scripting in Microweber
Ecosystems: packagist
Packages: microweber/microweber
Source: GitHub Advisory Database
Blast Radius: 5.3
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS00Y3h3LWhxNDQtcjM0NM0uNQ
Off-by-one Error in v2fly/v2ray-core
Ecosystems: go
Packages: github.com/v2fly/v2ray-core, github.com/v2fly/v2ray-core/v4
Source: GitHub Advisory Database
Blast Radius: 17.7
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS00eGM3LXgyanItY3I3NM0uNA
Improper Authorization in dolibarr/dolibarr
Ecosystems: packagist
Packages: dolibarr/dolibarr
Source: GitHub Advisory Database
Blast Radius: 5.1
Published: about 2 years ago
High
GSA_kwCzR0hTQS05Y3d2LWNwcHgtbXFqbc0uMA
Improper Authentication in Capsule Proxy
Ecosystems: go
Packages: github.com/clastix/capsule-proxy
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1qbWhmLTlmajgtODhnaM0uLw
Open Redirect in AllTube
Ecosystems: packagist
Packages: rudloff/alltube
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS03OWp3LTJmNDYtd3YyMs0uLg
Authenticated remote code execution in October CMS
Ecosystems: packagist
Packages: october/system
Source: GitHub Advisory Database
Blast Radius: 18.2
Published: about 2 years ago
High
GSA_kwCzR0hTQS04NTZxLXh2M2MtN2YyZs0uLQ
Unauthenticated control plane denial of service attack in Istio
Ecosystems: go
Packages: istio.io/istio
Source: GitHub Advisory Database
Blast Radius: 16.3
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1nanE0LTY5d2otcDZwcs0uLA
Path traversal in pimcore
Ecosystems: packagist
Packages: pimcore/pimcore
Source: GitHub Advisory Database
Blast Radius: 16.2
Published: about 2 years ago
High
GSA_kwCzR0hTQS12djZqLXd3NngtNTRneM0uJA
Use after free in Animation
Ecosystems: nuget
Packages: CefSharp.Wpf.NETCore, CefSharp.WinForms.NETCore, CefSharp.OffScreen.NETCore, CefSharp.Common.NETCore, CefSharp.Wpf.HwndHost, CefSharp.Wpf, CefSharp.WinForms, CefSharp.OffScreen, CefSharp.Common
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS04NmYzLWhmMjQtNzZxNM0uIw
Use of Hard-coded Cryptographic Key in Netmaker
Ecosystems: go
Packages: github.com/gravitl/netmaker
Source: GitHub Advisory Database
Blast Radius: 5.6
Published: about 2 years ago
Low
GSA_kwCzR0hTQS1jY3hjLXZyNnAtNDg1OM0uIg
Improper Certificate Validation in Cosign
Ecosystems: go
Packages: github.com/sigstore/cosign
Source: GitHub Advisory Database
Blast Radius: 9.3
Published: about 2 years ago
High
GSA_kwCzR0hTQS0zOTQ5LWY0OTQtY205Oc0uIQ
Cross-site Scripting in Prism
Ecosystems: npm
Packages: prismjs
Source: GitHub Advisory Database
Blast Radius: 40.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS1mZ3Y4LXZqNWMtMnBwcc0uIA
Incorrect Authorization in runc
Ecosystems: go
Packages: github.com/opencontainers/selinux, github.com/opencontainers/runc
Source: GitHub Advisory Database
Blast Radius: 33.2
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1qZjVyLThobTItZjg3Ms0uHQ
url-parse incorrectly parses hostname / protocol due to unstripped leading control characters.
Ecosystems: npm
Packages: url-parse
Source: GitHub Advisory Database
Blast Radius: 41.7
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS1oZ2poLTcyM2gtbXgyas0t5g
Authorization Bypass Through User-Controlled Key in url-parse
Ecosystems: npm
Packages: url-parse
Source: GitHub Advisory Database
Blast Radius: 58.4
Published: about 2 years ago
Low
GSA_kwCzR0hTQS1jNWdqLXc0aHgtZ3ZteM0t6A
Business Logic Errors in microweber
Ecosystems: packagist
Packages: microweber/microweber
Source: GitHub Advisory Database
Blast Radius: 1.9
Published: about 2 years ago
High
GSA_kwCzR0hTQS01OTQ2LW1wdzUtcHF4eM0t4A
Incorrect Default Permissions in Cobbler
Ecosystems: pypi
Packages: cobbler
Source: GitHub Advisory Database
Blast Radius: 7.4
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS1qM2NoLXZqcGgtOHE2ds0t4w
Command injection in Alluxio
Ecosystems: maven
Packages: org.alluxio:alluxio-core-common
Source: GitHub Advisory Database
Blast Radius: 17.4
Published: about 2 years ago
High
GSA_kwCzR0hTQS02Y200LWdtODUtOTcyY80t2w
Command Injection in Cobbler
Ecosystems: pypi
Packages: cobbler
Source: GitHub Advisory Database
Blast Radius: 8.1
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS0zOG05LTN2ZzQtcnd2cM0txQ
Cross-site Scripting in microweber
Ecosystems: packagist
Packages: microweber/microweber
Source: GitHub Advisory Database
Blast Radius: 4.5
Published: about 2 years ago
High
GSA_kwCzR0hTQS02eDNqLXg5cnAtd2h4cM0txg
Unrestricted Upload of File with Dangerous Type in showdoc
Ecosystems: packagist
Packages: showdoc/showdoc
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS14ODMyLXIycmotNGc1cM0t1w
SSRF in Kitodo.Presentation
Ecosystems: packagist
Packages: kitodo/presentation
Source: GitHub Advisory Database
Blast Radius: 9.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS0zcDlqLTQ0MngtaGpwN80t0g
Business Logic Errors in microweber
Ecosystems: packagist
Packages: microweber/microweber
Source: GitHub Advisory Database
Blast Radius: 3.7
Published: about 2 years ago
High
GSA_kwCzR0hTQS1yZ3A1LW0ycHEtM2ZtZ80t0Q
Cross-site Scripting in microweber
Ecosystems: packagist
Packages: microweber/microweber
Source: GitHub Advisory Database
Blast Radius: 6.2
Published: about 2 years ago
High
GSA_kwCzR0hTQS02cnJ3LTRmbTktcmdods0tqA
Use of Hard-coded Cryptographic Key in Netmaker
Ecosystems: go
Packages: github.com/gravitl/netmaker
Source: GitHub Advisory Database
Blast Radius: 6.8
Published: about 2 years ago
High
GSA_kwCzR0hTQS1oaHJqLXdwNDItMzJ2M80tpw
Generation of Error Message Containing Sensitive Information in microweber
Ecosystems: packagist
Packages: microweber/microweber
Source: GitHub Advisory Database
Blast Radius: 5.2
Published: about 2 years ago
High
GSA_kwCzR0hTQS0zd3dqLXdoMnctZzR4cM0tpA
CRLF Injection in microweber
Ecosystems: packagist
Packages: microweber/microweber
Source: GitHub Advisory Database
Blast Radius: 5.3
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS01MnZ2LTN2ZjctZjd3aM0thg
Server-Side Request Forgery and Uncontrolled Resource Consumption in LemMinX
Ecosystems: maven
Packages: org.eclipse.lemminx:lemminx-parent
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1ocnh2LTY5NGYtMjJnM80tkw
Exposure of Sensitive Information to an Unauthorized Actor in LemMinX
Ecosystems: maven
Packages: org.eclipse.lemminx:lemminx-parent
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1nZ2dwLWdoMnAtOTk2eM0tfQ
Path Traversal in LemMinX
Ecosystems: maven
Packages: org.eclipse.lemminx:lemminx-parent
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS1nOGo4LW1naDktcTc3cM0teg
File upload leading to RCE in MCMS
Ecosystems: maven
Packages: net.mingsoft:ms-mcms
Source: GitHub Advisory Database
Blast Radius: 3.0
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS1tNjM5LTl3aGctZnc5N80teA
Prototype Pollution in object-extend
Ecosystems: npm
Packages: object-extend
Source: GitHub Advisory Database
Blast Radius: 17.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS14OHh4LXg4MnEtNDJxM80tiA
Exposure of Resource to Wrong Sphere in ezsystems/ezplatform-kernel
Ecosystems: packagist
Packages: ezsystems/ezplatform-kernel
Source: GitHub Advisory Database
Blast Radius: 10.6
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS14d3Y2LXY3cXgtZjVqY80tiQ
Code injection in ezsystems/ezpublish-kernel
Ecosystems: packagist
Packages: ezsystems/ezpublish-kernel
Source: GitHub Advisory Database
Blast Radius: 25.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS03M3d4LXJwajMtbXg0Ns0teQ
Path traversal in MCMS
Ecosystems: maven
Packages: net.mingsoft:ms-mcms
Source: GitHub Advisory Database
Blast Radius: 2.4
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS1nYzc5LWdoNGYtOWc2d80tdQ
Server Side Template Injection in MCMS
Ecosystems: maven
Packages: net.mingsoft:ms-mcms
Source: GitHub Advisory Database
Blast Radius: 2.7
Published: about 2 years ago
High
GSA_kwCzR0hTQS1ycHZyLW13N3ItMjV4eM0tdw
MCMS Arbitrary File Deletion vulnerability
Ecosystems: maven
Packages: net.mingsoft:ms-mcms, net.mingsoft:ms-basic
Source: GitHub Advisory Database
Blast Radius: 7.1
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1wd3dtLXB3eDItMmh3N80s5A
Generation of Error Message Containing Sensitive Information in Snipe-IT
Ecosystems: packagist
Packages: snipe/snipe-it
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS1mbWZ2LXg4bXAtNTc2N80s5g
Improper input validation in Drupal core
Ecosystems: packagist
Packages: drupal/core
Source: GitHub Advisory Database
Blast Radius: 27.9
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS01OXg0LTY3bWgtcHg1NM0s4Q
Crypt_GPG does not prevent additional options in GPG calls
Ecosystems: packagist
Packages: pear/crypt_gpg
Source: GitHub Advisory Database
Blast Radius: 10.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS03M3E0LWozMjQtMnFjY80s4w
Incorrect authorization in Drupal core
Ecosystems: packagist
Packages: drupal/core
Source: GitHub Advisory Database
Blast Radius: 24.2
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1naHd3LWN2NHYtaG14eM0s1w
Cross-Site Request Forgery microweber
Ecosystems: packagist
Packages: microweber/microweber
Source: GitHub Advisory Database
Blast Radius: 3.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS13bXJ4LTU3aG0tbXc3cs0s7Q
Arbitrary file reads in HashiCorp Nomad
Ecosystems: go
Packages: github.com/hashicorp/nomad
Source: GitHub Advisory Database
Blast Radius: 17.4
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS0ycG13LWN2YzctZnJ2aM0s2A
SQL injection in MCMS
Ecosystems: maven
Packages: net.mingsoft:ms-mcms
Source: GitHub Advisory Database
Blast Radius: 3.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS04djM4LXB3NjItOWN3Ms0s1g
url-parse Incorrectly parses URLs that include an '@'
Ecosystems: npm
Packages: url-parse
Source: GitHub Advisory Database
Blast Radius: 41.7
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS00Y3BnLTN2Z3ctNDg3N80s1Q
Prototype pollution in Plist before 3.0.5 can cause denial of service
Ecosystems: npm
Packages: plist
Source: GitHub Advisory Database
Blast Radius: 55.3
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1mbXZtLXg4bXYtNDdtas0s0Q
Improper CSP in Image Optimization API for Next.js versions between 10.0.0 and 12.1.0
Ecosystems: npm
Packages: next
Source: GitHub Advisory Database
Blast Radius: 32.7
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1oMmZqLTc3d2gtZmg1d80s0A
Cross-site Scripting in livehelperchat
Ecosystems: packagist
Packages: remdex/livehelperchat
Source: GitHub Advisory Database
Blast Radius: 4.7
Published: about 2 years ago
High
GSA_kwCzR0hTQS1qNTd3LTNjMzktZ3BwNc0svQ
Improper Privilege Management in Snipe-IT
Ecosystems: packagist
Packages: snipe/snipe-it
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1nY3Y4LWdoNHItMjV4Ns0szg
Authorization Bypass Through User-Controlled Key in urijs
Ecosystems: npm
Packages: urijs
Source: GitHub Advisory Database
Blast Radius: 34.3
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS12OXA5LTUzNXctNDI4Nc0shg
Prototype Pollution in litespeed.js and appwrite/server-ce
Ecosystems: packagist, npm
Packages: appwrite/server-ce, litespeed.js
Source: GitHub Advisory Database
Blast Radius: 13.3
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS1mOGZ2LWY3ODYtOTkzM80skg
Magento improper input validation vulnerability
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 10.6
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS12aDJyLXg5N2MtMnZwcs0slg
SQL Injection in Jeecg-boot
Ecosystems: maven
Packages: org.jeecgframework.boot:jeecg-boot-base-core, org.jeecgframework.boot:jeecg-boot-base
Source: GitHub Advisory Database
Blast Radius: 23.2
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS1wN3c5LThteHctcDNnN80shw
Improper Certificate Validation in Hutool
Ecosystems: maven
Packages: cn.hutool:hutool-http
Source: GitHub Advisory Database
Blast Radius: 26.6
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS1mOXBnLWc5eHctcjVnMs0siw
SQL Injection in Jeecg-boot
Ecosystems: maven
Packages: org.jeecgframework.boot:jeecg-boot-base-core, org.jeecgframework.boot:jeecg-boot-base
Source: GitHub Advisory Database
Blast Radius: 23.2
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS12ZzI3LWhyM3YtM2Nxds0scg
open redirect in pollbot
Ecosystems: pypi
Packages: pollbot
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS03cDc5LTZ4MnYtNWg4OM0scQ
Server crash if running Python 3.10 w/ Sanic 20.12
Ecosystems: pypi
Packages: sanic
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1oMjg5LXg1d2MteGN2OM0scA
Improper Validation of Certificate with Host Mismatch in mellium.im/xmpp/websocket
Ecosystems: go
Packages: mellium.im/xmpp
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS1xYzg0LWdxZjQtOTkyNs0sbw
crossbeam-utils Race Condition vulnerability
Ecosystems: cargo
Packages: crossbeam-utils
Source: GitHub Advisory Database
Blast Radius: 38.1
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS04OHhxLXc4Y3EteGZnN80sbg
Invalid drop of partially-initialized instances in the pooling instance allocator for modules with defined `externref` globals
Ecosystems: cargo
Packages: wasmtime
Source: GitHub Advisory Database
Blast Radius: 17.3
Published: about 2 years ago
High
GSA_kwCzR0hTQS1ocmh4LTZoMzQtajVoY80sbQ
Skip the router TLS configuration when the host header is an FQDN
Ecosystems: go
Packages: github.com/traefik/traefik/v2
Source: GitHub Advisory Database
Blast Radius: 12.7
Published: about 2 years ago
High
GSA_kwCzR0hTQS1jZzNxLWo1NGYtNXA3cM0sbA
Uncontrolled Resource Consumption in promhttp
Ecosystems: go
Packages: github.com/prometheus/client_golang
Source: GitHub Advisory Database
Blast Radius: 37.7
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS02NzNqLXFtNWYteHB2OM0saw
pgjdbc Arbitrary File Write Vulnerability
Ecosystems: maven
Packages: org.postgresql:postgresql
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS0zM3dmLTRjcm0tMjMyMs0sag
Improper Access Control in librenms
Ecosystems: packagist
Packages: librenms/librenms
Source: GitHub Advisory Database
Blast Radius: 2.1
Published: about 2 years ago
High
GSA_kwCzR0hTQS1wcGZtLXJqNnAtMzhxNs0sYw
Improper Authorization in librenms
Ecosystems: packagist
Packages: librenms/librenms
Source: GitHub Advisory Database
Blast Radius: 2.1
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS0yNTRxLXJxbXctdng0Nc0sYQ
Exposure of Sensitive Information to an Unauthorized Actor in librenms
Ecosystems: packagist
Packages: librenms/librenms
Source: GitHub Advisory Database
Blast Radius: 2.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1najI2LWc1cWYtanJoN80sYA
Cross-site Scripting in librenms
Ecosystems: packagist
Packages: librenms/librenms
Source: GitHub Advisory Database
Blast Radius: 1.6
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS12cHE3LW00cW0tcDJncM0sVw
Microweber vulnerable to Improper Validation of Specified Quantity in Input
Ecosystems: packagist
Packages: microweber/microweber
Source: GitHub Advisory Database
Blast Radius: 3.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1ydzk4LTU4NDYtcHFoeM0sWA
Open redirect in microweber
Ecosystems: packagist
Packages: microweber/microweber
Source: GitHub Advisory Database
Blast Radius: 4.3
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS02am02LWNtY3AtZnFqcc0sVA
Nomad Spread Job Stanza May Trigger Panic in Servers
Ecosystems: go
Packages: github.com/hashicorp/nomad
Source: GitHub Advisory Database
Blast Radius: 15.1
Published: about 2 years ago
High
GSA_kwCzR0hTQS00bTdwLTU1am0tM3Z3ds0sTg
Improper Neutralization of Special Elements used in an OS Command in Jenkins Pipeline: Groovy Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins.workflow:workflow-cps
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS1wajg0LXFqbTMtNzdtZ80sTA
Jenkins Pipeline: Multibranch Plugin vulnerable to OS Command Injection
Ecosystems: maven
Packages: org.jenkins-ci.plugins.workflow:workflow-multibranch
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS1nOWZ4LTZqNWMtZ3Jtd80sSw
Improper Neutralization of Special Elements used in an OS Command in Jenkins Pipeline: Shared Groovy Libraries Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins.workflow:workflow-cps-global-lib
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1xMjM0LXg4ODctOXJ4aM0sSg
Improper Link Resolution Before File Access in Jenkins Pipeline: Shared Groovy Libraries Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins.workflow:workflow-cps-global-lib
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS02NDczLWdxcmotNHA2Nc0sSQ
Improper Link Resolution Before File Access in Jenkins Pipeline: Groovy Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins.workflow:workflow-cps
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS01aGZ2LW1nNXgtbXYzMs0sRw
Improper Limitation of a Pathname to a Restricted Directory in Jenkins Pipeline: Shared Groovy Libraries Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins.workflow:workflow-cps-global-lib
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS0ybTl3LTl4aDItd3hjM80sSA
Link Following in Jenkins Pipeline Multibranch Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins.workflow:workflow-multibranch
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS03dzJ3LWZ3cGYtOW00aM0sRg
Jenkins Pipeline: Deprecated Groovy Libraries Plugin Protection Mechanism Failure
Ecosystems: maven
Packages: org.jenkins-ci.plugins.workflow:workflow-cps-global-lib
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1xdjZxLXg5dnItdzdqM80sRQ
Jenkins Pipeline: Groovy Plugin has Insufficiently Protected Credentials
Ecosystems: maven
Packages: org.jenkins-ci.plugins.workflow:workflow-cps
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS03cmN3LWZ3ZmgtMmgyZ80sQw
Jenkins Pipeline: Deprecated Groovy Libraries Plugin Protection Mechanism Failure
Ecosystems: maven
Packages: org.jenkins-ci.plugins.workflow:workflow-cps-global-lib
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS1wZndwLXE5ODQtdzd3aM0sRA
Jenkins Pipeline: Deprecated Groovy Libraries Plugin Protection Mechanism Failure
Ecosystems: maven
Packages: org.jenkins-ci.plugins.workflow:workflow-cps-global-lib
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1xcXd4LWhjcDYtMjV2cs0sQA
Stored XSS vulnerability in Jenkins Generic Webhook Trigger Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:generic-webhook-trigger
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1nODRmLWNtYzgtNjgyY80sQQ
Password parameter default values exposed by Jenkins Pipeline: Build Step Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:pipeline-build-step
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Low
GSA_kwCzR0hTQS1mbTZxLTk3Z3ctYzR3aM0sPg
Agent-to-controller security bypass in Jenkins HashiCorp Vault Plugin
Ecosystems: maven
Packages: com.datapipe.jenkins.plugins:hashicorp-vault-plugin
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Statistics
Advisories: 18,152
Packages: 8,242
Repositories: 4,970
Ecosystems: 12
Filter by Severity
Moderate 7,822 High 6,289 Critical 2,788 Low 969
Filter by Ecosystem
maven 5,518 packagist 3,782 pypi 3,552 npm 3,530 go 1,887 nuget 1,390 rubygems 813 cargo 773 swift 31 hex 29 actions 16 pub 8
Filter by Package
tensorflow 432 tensorflow-cpu 387 tensorflow-gpu 384 moodle/moodle 318 Microsoft.ChakraCore 247 org.jenkins-ci.main:jenkins-core 189 magento/community-edition 182 org.apache.tomcat:tomcat 134 pimcore/pimcore 116 dolibarr/dolibarr 105 typo3/cms 102 phpmyadmin/phpmyadmin 91 microweber/microweber 91 django 80 apache-airflow 78 typo3/cms-core 73 thorsten/phpmyfaq 70 drupal/core 70 com.fasterxml.jackson.core:jackson-databind 69 ansible 63 github.com/usememos/memos 59 actionpack 57 drupal/drupal 56 org.apache.struts:struts2-core 55 librenms/librenms 54 symfony/symfony 53 concrete5/concrete5 52 apache-superset 48 shopware/platform 48 org.keycloak:keycloak-core 47 com.liferay.portal:release.portal.bom 45 baserproject/basercms 43 plone 42 rdiffweb 42 nokogiri 42 Pillow 41 showdoc/showdoc 40 intelliants/subrion 40 craftcms/cms 40 github.com/mattermost/mattermost/server/v8 38 vyper 38 salt 38 github.com/mattermost/mattermost-server/v6 37 org.apache.tomcat.embed:tomcat-embed-core 37 nilsteampassnet/teampass 37 Plone 36 shopware/core 36 froxlor/froxlor 36 com.jfinal:jfinal 36 com.thoughtworks.xstream:xstream 36 matrix-synapse 35 net.mingsoft:ms-mcms 35 github.com/answerdev/answer 34 org.xwiki.platform:xwiki-platform-oldcore 34 silverstripe/framework 32 snipe/snipe-it 32 org.elasticsearch:elasticsearch 32 k8s.io/kubernetes 32 mlflow 31 opencv-python 30 opencv-contrib-python 30 org.jenkins-ci.plugins:script-security 30 parse-server 29 github.com/argoproj/argo-cd 29 mautic/core 28 github.com/hashicorp/vault 28 github.com/rancher/rancher 28 github.com/grafana/grafana 28 org.keycloak:keycloak-services 27 io.undertow:undertow-core 27 centreon/centreon 27 getgrav/grav 27 shopware/shopware 27 openssl-src 26 electron 26 github.com/hashicorp/nomad 26 github.com/hashicorp/consul 26 rubygems-update 25 org.apache.solr:solr-core 25 org.keycloak:keycloak-parent 25 gogs.io/gogs 24 magento/core 24 prestashop/prestashop 24 org.springframework.security:spring-security-core 23 remdex/livehelperchat 23 org.eclipse.jetty:jetty-server 23 pocketmine/pocketmine-mp 23 puppet 23 github.com/argoproj/argo-cd/v2 23 ckb 22 getkirby/cms 22 org.apache.nifi:nifi 22 grumpydictator/firefly-iii 22 rack 22 Django 21 @openzeppelin/contracts-upgradeable 21 contao/core-bundle 21 activerecord 21 org.apache.openmeetings:openmeetings-parent 21 github.com/cilium/cilium 20 org.cloudfoundry.identity:cloudfoundry-identity-server 20 @openzeppelin/contracts 20 github.com/ethereum/go-ethereum 19 org.springframework:spring-core 19 github.com/docker/docker 19 DotNetNuke.Core 19 code.gitea.io/gitea 19 org.bouncycastle:bcprov-jdk14 18 tribalsystems/zenario 18 com.liferay.portal:release.dxp.bom 18 forkcms/forkcms 18 langchain 18 com.vaadin:vaadin-bom 18 contao/contao 18 helm.sh/helm/v3 18 cakephp/cakephp 17 cobbler 17 org.apache.geode:geode-core 17 Microsoft.AspNetCore.App.Runtime.win-x64 17 Microsoft.AspNetCore.App.Runtime.win-x86 17 francoisjacquet/rosariosis 17 cockpit-hq/cockpit 17 golang.org/x/net 17 symfony/security 17 simplesamlphp/simplesamlphp 17 org.xwiki.platform:xwiki-platform-web-templates 17 genix/cms 17 PaddlePaddle 17 Microsoft.AspNetCore.App.Runtime.win-arm 16 yetiforce/yetiforce-crm 16 sequelize 16 wasmtime 16 org.bouncycastle:bcprov-jdk15 16 org.apache.dubbo:dubbo 16 directus 16 org.apache.activemq:activemq-client 16 rusqlite 16 notebook 15 cryptography 15 org.apache.jspwiki:jspwiki-main 15 org.apache.struts.xwork:xwork-core 15 pillow 15 Microsoft.AspNetCore.App.Runtime.linux-musl-x64 15 Microsoft.AspNetCore.App.Runtime.osx-x64 15 Microsoft.AspNetCore.App.Runtime.linux-x64 15 github.com/goharbor/harbor 15 paddlepaddle 15 topthink/framework 15 openmage/magento-lts 15 Microsoft.AspNetCore.App.Runtime.linux-arm 15 Microsoft.AspNetCore.App.Runtime.linux-arm64 15 activesupport 14 Microsoft.AspNetCore.App.Runtime.win-arm64 14 smarty/smarty 14 symfony/security-http 14 publify_core 14 Microsoft.AspNetCore.App.Runtime.linux-musl-arm64 14 zendframework/zendframework1 14 phpmailer/phpmailer 14 modoboa 14 ghost 14 tinymce 14 gradio 14 pyload-ng 14 ec-cube/ec-cube 14 swagger-ui 14 ezsystems/ezpublish-kernel 14 typo3/cms-backend 14 org.xwiki.platform:xwiki-platform-web 14 passenger 13 ckeditor4 13 org.apache.cxf:cxf 13 elefant/cms 13 joplin 13 github.com/containerd/containerd 13 org.apache.hadoop:hadoop-main 13 github.com/traefik/traefik/v2 13 github.com/nats-io/nats-server/v2 13 impresscms/impresscms 13 october/system 13 pyftpdlib 13 github.com/opencontainers/runc 13 next 13 org.apache.inlong:manager-pojo 13 github.com/mattermost/mattermost-server 13 nova 13 codeigniter4/framework 13 strapi 13 Microsoft.NETCore.App.Runtime.win-x86 12 org.apache.dolphinscheduler:dolphinscheduler 12 Microsoft.NETCore.App.Runtime.win-x64 12 Microsoft.NETCore.App.Runtime.win-arm64 12 github.com/go-gitea/gitea 12 com.vaadin:flow-server 12 org.jenkins-ci.plugins.workflow:workflow-cps 12 actionview 12 github.com/moby/moby 12 org.jenkins-ci.plugins:git 12 dompdf/dompdf 12 vantage6 12
Filter by Repository
https://github.com/tensorflow/tensorflow 432 https://github.com/chakra-core/ChakraCore 214 https://github.com/moodle/moodle 210 https://github.com/xwiki/xwiki-platform 172 https://github.com/jenkinsci/jenkins 148 https://github.com/pimcore/pimcore 111 https://github.com/apache/tomcat 96 https://github.com/apache/airflow 90 https://github.com/microweber/microweber 85 https://github.com/django/django 72 https://github.com/FasterXML/jackson-databind 70 https://github.com/thorsten/phpmyfaq 69 https://github.com/keycloak/keycloak 59 https://github.com/usememos/memos 59 https://github.com/Dolibarr/dolibarr 54 https://github.com/rails/rails 53 https://github.com/ansible/ansible 53 https://github.com/python-pillow/Pillow 51 https://github.com/kubernetes/kubernetes 48 https://github.com/symfony/symfony 47 https://github.com/apache/struts 46 https://github.com/librenms/librenms 46 https://github.com/shopware/platform 43 https://github.com/ikus060/rdiffweb 42 https://github.com/TYPO3/typo3 42 https://github.com/spring-projects/spring-framework 41 https://github.com/star7th/showdoc 38 https://github.com/phpmyadmin/phpmyadmin 38 https://github.com/vyperlang/vyper 38 https://github.com/argoproj/argo-cd 37 https://github.com/x-stream/xstream 36 https://github.com/plone/Products.CMFPlone 36 https://github.com/answerdev/answer 34 https://github.com/concretecms/concretecms 34 https://github.com/octobercms/october 33 https://github.com/apache/activemq 32 https://github.com/matrix-org/synapse 32 https://github.com/go-gitea/gitea 31 https://github.com/PaddlePaddle/Paddle 31 https://github.com/sparklemotion/nokogiri 31 https://github.com/magento/magento2 31 https://github.com/parse-community/parse-server 29 https://github.com/craftcms/cms 29 https://github.com/CVEProject/cvelist 28 https://github.com/opencv/opencv 28 https://github.com/snipe/snipe-it 28 https://github.com/mautic/mautic 27 https://github.com/froxlor/froxlor 26 https://github.com/saltstack/salt 25 https://github.com/rancher/rancher 25 https://github.com/apache/inlong 25 https://github.com/mlflow/mlflow 25 https://github.com/electron/electron 25 https://github.com/shopware/shopware 24 https://github.com/TYPO3/TYPO3.CMS 24 https://github.com/livehelperchat/livehelperchat 23 https://github.com/github/advisory-database 23 https://github.com/pmmp/PocketMine-MP 23 https://github.com/eclipse/jetty.project 23 https://github.com/dotnet/runtime 23 https://github.com/getgrav/grav 23 https://github.com/grafana/grafana 22 https://github.com/nervosnetwork/ckb 22 https://github.com/baserproject/basercms 22 https://github.com/firefly-iii/firefly-iii 22 https://github.com/contao/contao 22 https://github.com/apache/nifi 21 https://github.com/strapi/strapi 21 https://github.com/jeecgboot/jeecg-boot 20 https://github.com/OpenNMS/opennms 20 https://github.com/PrestaShop/PrestaShop 20 https://github.com/OpenZeppelin/openzeppelin-contracts 20 https://github.com/netty/netty 20 https://github.com/jenkinsci/script-security-plugin 20 https://github.com/gogs/gogs 20 https://github.com/cilium/cilium 20 https://github.com/intelliants/subrion 19 https://github.com/cloudfoundry/uaa 19 https://github.com/hashicorp/consul 19 https://github.com/helm/helm 19 https://github.com/nilsteampassnet/teampass 19 https://github.com/apache/cxf 19 https://github.com/nilsteampassnet/TeamPass 18 https://github.com/rubygems/rubygems 18 https://github.com/getkirby/kirby 18 https://github.com/bcgit/bc-java 18 https://github.com/rack/rack 17 https://github.com/liufee/cms 17 https://github.com/bytecodealliance/wasmtime 17 https://github.com/vaadin/platform 17 https://github.com/rusqlite/rusqlite 16 https://github.com/opencast/opencast 16 https://github.com/yetiforcecompany/yetiforcecrm 16 https://github.com/forkcms/forkcms 16 https://github.com/etcd-io/etcd 16 https://github.com/sequelize/sequelize 16 https://github.com/hashicorp/vault 16 https://github.com/umbraco/Umbraco-CMS 16 https://github.com/goharbor/harbor 15 https://github.com/puppetlabs/puppet 15 https://github.com/ethereum/go-ethereum 15 https://github.com/apache/camel 15 https://github.com/centreon/centreon 15 https://github.com/directus/directus 15 https://github.com/OpenMage/magento-lts 15 https://github.com/geoserver/geoserver 15 https://github.com/simplesamlphp/simplesamlphp 14 https://github.com/denoland/deno 14 https://github.com/moby/moby 14 https://github.com/tinymce/tinymce 14 https://github.com/pyload/pyload 14 https://github.com/langchain-ai/langchain 14 https://github.com/PHPMailer/PHPMailer 14 https://github.com/vantage6/vantage6 14 https://github.com/mattermost/mattermost 14 https://github.com/cockpit-hq/cockpit 14 https://github.com/pyca/cryptography 14 https://github.com/cobbler/cobbler 14 https://github.com/traefik/traefik 13 https://github.com/silverstripe/silverstripe-framework 13 https://github.com/swagger-api/swagger-ui 13 https://github.com/quarkusio/quarkus 13 https://github.com/modoboa/modoboa 13 https://github.com/undertow-io/undertow 13 https://github.com/golang/go 13 https://github.com/containerd/containerd 13 https://github.com/publify/publify 13 https://github.com/xuxueli/xxl-job 13 https://github.com/gradio-app/gradio 13 https://github.com/hashicorp/nomad 13 https://github.com/ming-soft/MCMS 13 https://github.com/dompdf/dompdf 13 https://github.com/dromara/hutool 12 https://github.com/laurent22/joplin 12 https://github.com/TryGhost/Ghost 12 https://github.com/apache/kylin 12 https://github.com/nodejs/undici 12 https://github.com/centreon/centreon-archived 12 https://github.com/patriksimek/vm2 12 https://github.com/ckeditor/ckeditor4 12 https://github.com/twisted/twisted 12 https://github.com/apache/dolphinscheduler 12 https://github.com/backstage/backstage 12 https://github.com/janeczku/calibre-web 11 https://github.com/opencontainers/runc 11 https://github.com/smarty-php/smarty 11 https://github.com/thorsten/phpMyFAQ 11 https://github.com/jquery/jquery 11 https://github.com/igniterealtime/Openfire 11 https://github.com/onionshare/onionshare 11 https://github.com/cloudflare/cfrpki 11 https://github.com/drupal/core 11 https://github.com/puma/puma 11 https://github.com/cakephp/cakephp 11 https://github.com/urllib3/urllib3 11 https://github.com/vaadin/flow 11 https://github.com/NodeBB/NodeBB 11 https://github.com/containers/podman 11 https://github.com/Studio-42/elFinder 11 https://github.com/openfga/openfga 11 https://github.com/1Panel-dev/1Panel 10 https://github.com/cosmos/cosmos-sdk 10 https://github.com/nats-io/nats-server 10 https://github.com/zitadel/zitadel 10 https://github.com/dpgaspar/Flask-AppBuilder 10 https://github.com/dolibarr/dolibarr 10 https://github.com/phusion/passenger 10 https://github.com/ezsystems/ezpublish-kernel 10 https://github.com/zopefoundation/Zope 10 https://github.com/aio-libs/aiohttp 10 https://github.com/keystonejs/keystone 10 https://github.com/jenkinsci/git-plugin 10 https://github.com/nextauthjs/next-auth 10 https://github.com/WWBN/AVideo 10 https://github.com/codeigniter4/CodeIgniter4 10 https://github.com/openstack/keystone 10 https://github.com/jupyter/notebook 10 https://github.com/pimcore/admin-ui-classic-bundle 10 https://github.com/dotnet/aspnetcore 10 https://github.com/greenpau/caddy-security 10 https://github.com/OPCFoundation/UA-.NETStandard 10 https://github.com/Pylons/waitress 9 https://github.com/ethyca/fides 9 https://github.com/LavaLite/cms 9 https://github.com/apache/superset 9 https://github.com/alextselegidis/easyappointments 9 https://github.com/bolt/bolt 9 https://github.com/rails/rails-html-sanitizer 9 https://github.com/vercel/next.js 9 https://github.com/cui2shark/cms 9 https://github.com/top-think/framework 9 https://github.com/Graylog2/graylog2-server 9 https://github.com/neorazorx/facturascripts 9 https://github.com/cri-o/cri-o 9 https://github.com/DSpace/DSpace 9 https://github.com/kevinpapst/kimai2 9 https://github.com/fatfreecrm/fat_free_crm 9 https://github.com/apache/lucene-solr 9 https://github.com/funadmin/funadmin 9