Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories

Loading...
Moderate
GSA_kwCzR0hTQS00NXY3LTY1cTgteDI5NM02pA
Stored XSS vulnerability in Jenkins Bitbucket Server Integration Plugin
Ecosystems: maven
Packages: io.jenkins.plugins:atlassian-bitbucket-server-integration
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1yNXI2LXY4cWgtcG1wcc02pg
Missing permission checks in Jekins Bitbucket Server Integration Plugin
Ecosystems: maven
Packages: io.jenkins.plugins:atlassian-bitbucket-server-integration
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS13OTd4LWo2cmctNTV2Nc022A
Password stored in plain text by Jenkins Proxmox Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:proxmox
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS12cWN4LWp3NHItNmZwM802nw
CSRF vulnerability and missing permission check in Jenkins JiraTestResultReporter Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:JiraTestResultReporter
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS00cDhmLTJmd3YtNnhjd8022g
Missing permission check in Jenkins RocketChat Notifier Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:rocketchatnotifier
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1ocG05LWZ4OHYtdzQ1ds02oQ
Plaintext storage in Jenkins instant-messaging Plugin
Ecosystems: maven
Packages: org.jvnet.hudson.plugins:instant-messaging
Source: GitHub Advisory Database
Blast Radius: 7.4
Published: about 2 years ago
High
GSA_kwCzR0hTQS12NHJyLTY1eDYtZzY5Zs021g
XXE vulnerability in Jenkins Flaky Test Handler Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:flaky-test-handler
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1nYzdtLXgyY2otMzc3Nc02ow
Missing permission check in Jenkins JiraTestResultReporter Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:JiraTestResultReporter
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS14MjVoLWY4NHgtd2g0bc021A
CSRF vulnerability in Jenkins RocketChat Notifier Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:rocketchatnotifier
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS03amg4LWdod2MtODJjd802ng
Cross-site Scripting (XSS) vulnerability in Jenkins Continuous Integration with Toad Edge Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:ci-with-toad-edge
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS02aDJjLWc2ODgtcTlxcs02oA
Path traversal in Jenkins Phoenix AutoTest Plugin
Ecosystems: maven
Packages: com.surenpi.jenkins:phoenix-autotest
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS0ybWdqLW13dmYtbXBnNc02og
Missing permission checks in Jenkins Proxmox Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:proxmox
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS13anZyLTJoamctNnJoas021Q
CSRF vulnerability in Proxmox Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:proxmox
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS04NWY5LXc5Y3gtaDM2M802vg
Cross site request forgery in Jenkins Job and Node ownership Plugin
Ecosystems: maven
Packages: com.synopsys.jenkinsci:ownership
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1taDI3LXJ4bXItOHE0Y802sg
Cross-site Scripting in Jenkins SiteMonitor Plugin
Ecosystems: maven
Packages: org.jvnet.hudson.plugins:sitemonitor
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS0yNWYyLXdneGotcGgyOc02uw
Missing permission check in Jenkins Job and Node ownership Plugin
Ecosystems: maven
Packages: com.synopsys.jenkinsci:ownership
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS14NjN2LXByaGMteHg2Zs02ug
Stored Cross-site Scripting vulnerability in Jenkins Job and Node ownership Plugin
Ecosystems: maven
Packages: com.synopsys.jenkinsci:ownership
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS05aGNqLTQ0OXYtOTIzNM02sQ
CSRF vulnerability in Jenkins Job and Node ownership Plugin
Ecosystems: maven
Packages: com.synopsys.jenkinsci:ownership
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1tYzkyLWM4NTktanI2Ns02nQ
Path traversal vulnerability on Windows in Jenkins Continuous Integration with Toad Edge Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:ci-with-toad-edge
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS04cng2LXY1cTQteHczas02sA
enkins Coverage/Complexity Scatter Plot Plugin XML External Entity Reference vulnerability
Ecosystems: maven
Packages: org.jenkins-ci.plugins:covcomplplot
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS04aGgyLXJ4bTgtN2ZqOM02vQ
Missing permission check in Jenkins Continuous Integration with Toad Edge Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:ci-with-toad-edge
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS02MmhjLWY4cWotNXhjM802tw
Path traversal in Jenkins Pipeline Phoenix AutoTest Plugin
Ecosystems: maven
Packages: com.surenpi.jenkins:phoenix-autotest
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS00YzdoLWYyajktOWM0Ns02mw
Missing permission Jenkins Pipeline Phoenix AutoTest Plugin
Ecosystems: maven
Packages: com.surenpi.jenkins:phoenix-autotest
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1xNzg3LXFndzItajJxZs02nA
Stored Cross-site Scripting vulnerability in Jenkins Tests Selector Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:selected-tests-executor
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS0zcjV4LXg2eGYtbThmds02lw
Arbitrary file read vulnerability in Jenkins Tests Selector Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:selected-tests-executor
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS1xY3IzLWhyMmYtNjU1N802vw
SaltStack Salt Permissions Bypass
Ecosystems: pypi
Packages: salt
Source: GitHub Advisory Database
Blast Radius: 23.2
Published: about 2 years ago
Low
GSA_kwCzR0hTQS1jdmNjLTV4OTItZ21oY802tg
SaltStack Salt Improper Authentication via Man in the Middle Attack
Ecosystems: pypi
Packages: salt
Source: GitHub Advisory Database
Blast Radius: 9.7
Published: about 2 years ago
High
GSA_kwCzR0hTQS0ycTRnLXdmbTYtNWZwbc02rA
SaltStack Improper Verification of Cryptographic Signature
Ecosystems: pypi
Packages: salt
Source: GitHub Advisory Database
Blast Radius: 23.2
Published: about 2 years ago
High
GSA_kwCzR0hTQS01cjNmLTNtM2otd2NqMs02qA
SaltStack Salt Authentication Bypass by Capture-replay
Ecosystems: pypi
Packages: salt
Source: GitHub Advisory Database
Blast Radius: 23.2
Published: about 2 years ago
Low
GSA_kwCzR0hTQS1xY2d4LTdwNWYtaHh2cs02gQ
Discoverability of user password hash in Statamic CMS
Ecosystems: packagist
Packages: statamic/cms
Source: GitHub Advisory Database
Blast Radius: 9.6
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS04MzhoLWpxcDYtY2YyZs02gA
Sandbox bypass leading to arbitrary code execution in Deno
Ecosystems: cargo
Packages: deno
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS00N3d2LXZoajItZzY2bc02fw
Use of insecure temporary file in Horovod
Ecosystems: pypi
Packages: horovod
Source: GitHub Advisory Database
Blast Radius: 20.6
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS1tOHhoLWNxYzItNXE2Zs02eQ
Type Confusion in ImpressCMS
Ecosystems: packagist
Packages: impresscms/impresscms
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS00OHAzLXhmdnctZzU5Y802fg
Incorrect Access Control in ImpressCMS
Ecosystems: packagist
Packages: impresscms/impresscms
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS00cTk2LTlmNjMtcDdqas02ew
Path Traversal in ImpressCMS
Ecosystems: packagist
Packages: impresscms/impresscms
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS1qYzR2LXZ2ZzYteGc3OM02eg
SQL Injection in ImpressCMS
Ecosystems: packagist
Packages: impresscms/impresscms
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS02NzR2LTNnMnctODRneM02ZA
Sandbox bypass in fenom
Ecosystems: packagist
Packages: fenom/fenom
Source: GitHub Advisory Database
Blast Radius: 18.1
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1tMnd2LW01cGYtMjg0cs02KA
Cross-site Scripting in teampass
Ecosystems: packagist
Packages: nilsteampassnet/teampass
Source: GitHub Advisory Database
Blast Radius: 3.7
Published: about 2 years ago
High
GSA_kwCzR0hTQS1jM2g5LTg5NnItODZqbc02IA
Improper Input Validation in GoGo Protobuf
Ecosystems: go
Packages: github.com/gogo/protobuf
Source: GitHub Advisory Database
Blast Radius: 43.9
Published: about 2 years ago
High
GSA_kwCzR0hTQS04djk5LTQ4bTktYzhwbc02Hw
Incorrect Authorization in imgcrypt
Ecosystems: go
Packages: github.com/containerd/imgcrypt
Source: GitHub Advisory Database
Blast Radius: 30.6
Published: about 2 years ago
High
GSA_kwCzR0hTQS01Z2poLTVqNGYtY3B3ds02Hg
Unrestricted Upload of File with Dangerous Type in Gogs
Ecosystems: go
Packages: gogs.io/gogs
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS03Nmo0LWdnZ3EtN3JnOc02HQ
SQLinjection in falcon-plus
Ecosystems: go
Packages: github.com/open-falcon/falcon-plus
Source: GitHub Advisory Database
Blast Radius: 3.0
Published: about 2 years ago
Low
GSA_kwCzR0hTQS12eHJjLTY4eHgteDQ4Z802BQ
Twig Sandbox Information Disclosure
Ecosystems: packagist
Packages: twig/twig
Source: GitHub Advisory Database
Blast Radius: 18.9
Published: about 2 years ago
High
GSA_kwCzR0hTQS1xOGhnLXBmOHYtY3hyds02BA
Symfony Http-Kernel has non-constant time comparison in UriSigner
Ecosystems: packagist
Packages: symfony/symfony, symfony/http-kernel
Source: GitHub Advisory Database
Blast Radius: 46.4
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS1yN2M5LWM2OW0tcnBoOM02Aw
Code Injection in PHPUnit
Ecosystems: packagist
Packages: phpunit/phpunit
Source: GitHub Advisory Database
Blast Radius: 57.7
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS1waHJxLXY0cTItaG1xNs02Ag
Sabberworm PHP CSS Parser Code injection vulnerability in allSelectors()
Ecosystems: packagist
Packages: sabberworm/php-css-parser
Source: GitHub Advisory Database
Blast Radius: 42.3
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS03bXY0LTR4cGcteHE0NM02AQ
FormField with square brackets in field name skips validation
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 19.3
Published: about 2 years ago
High
GSA_kwCzR0hTQS02Mm0zLWZjN2YtanBwOM02AA
Parsedown Class-Name Injection
Ecosystems: packagist
Packages: erusev/parsedown
Source: GitHub Advisory Database
Blast Radius: 42.4
Published: about 2 years ago
High
GSA_kwCzR0hTQS0zOTg4LWg3NXYtaHdmNs01_w
Arbitrary shell execution
Ecosystems: packagist
Packages: squizlabs/php_codesniffer
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS1taGZ2LThyYzktdzM4Y801_g
Arbitrary shell execution
Ecosystems: packagist
Packages: squizlabs/php_codesniffer
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS0zMjJ2LXAzamMtN2hyZ8013A
Cross-Site Request Forgery in Anchor CMS
Ecosystems: packagist
Packages: anchorcms/anchor-cms
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS1qYzM2LTQyY2YtdnF3as018g
Nokogiri affected by zlib's Out-of-bounds Write vulnerability
Ecosystems: rubygems
Packages: nokogiri
Source: GitHub Advisory Database
Blast Radius: 45.3
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS1wdjM5LXFwMjgtNG1naM017Q
Improper Restriction of XML External Entity Reference in soa-model
Ecosystems: maven
Packages: com.predic8:soa-model-core, com.predic8:soa-model-parent
Source: GitHub Advisory Database
Blast Radius: 17.7
Published: about 2 years ago
High
GSA_kwCzR0hTQS1ycjhtLTI5ZzgtOGNnY8017g
SQL Injection in Fork CMS
Ecosystems: packagist
Packages: forkcms/forkcms
Source: GitHub Advisory Database
Blast Radius: 5.3
Published: about 2 years ago
High
GSA_kwCzR0hTQS14Z3gyLTMzMmgtOXg2cc011w
SQL Injection in Yeswiki
Ecosystems: packagist
Packages: yeswiki/yeswiki
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS14cGdjLWo0OGotand2Oc01-Q
Cross-site Scripting in Keycloak
Ecosystems: maven
Packages: org.keycloak:keycloak-core
Source: GitHub Advisory Database
Blast Radius: 18.7
Published: about 2 years ago
High
GSA_kwCzR0hTQS1oMmZ3LTkzcXgtdnJjcc01vg
SQL Injection in Moodle
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 12.5
Published: about 2 years ago
High
GSA_kwCzR0hTQS02OXAzLXhwMzctZjY5Ms015g
Improper Certificate Validation in kubeclient
Ecosystems: rubygems
Packages: kubeclient
Source: GitHub Advisory Database
Blast Radius: 25.2
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS0yY2N3LTdweDgtdm1wZs01tg
Open Redirect in Flask-AppBuilder
Ecosystems: pypi
Packages: Flask-AppBuilder
Source: GitHub Advisory Database
Blast Radius: 16.9
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1xN3J2LTZocDMtdmg5Ns01tQ
Improper Input Validation in guzzlehttp/psr7
Ecosystems: packagist
Packages: guzzlehttp/psr7
Source: GitHub Advisory Database
Blast Radius: 29.4
Published: about 2 years ago
High
GSA_kwCzR0hTQS1wNzM3LXA1N2ctNGNwcs01tA
Insertion of Sensitive Information into Log File in Jupyter notebook
Ecosystems: pypi
Packages: jupyter-server
Source: GitHub Advisory Database
Blast Radius: 29.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1xZjJnLXE0bWMtdzdycs01jg
Cross-site Scripting in Fork CMS
Ecosystems: packagist
Packages: forkcms/forkcms
Source: GitHub Advisory Database
Blast Radius: 3.3
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1qN3hnLTU1NDktanIzas01ng
Improper Certificate Validation in OWASP ZAP
Ecosystems: maven
Packages: org.zaproxy:zap
Source: GitHub Advisory Database
Blast Radius: 5.9
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS00cnFxLXJ4dmMtdjJyY801lg
Gitea Open Redirect
Ecosystems: go
Packages: code.gitea.io/gitea
Source: GitHub Advisory Database
Blast Radius: 9.6
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS12YzVyLXhmYzQtNHgyMs01hw
Cross-site Scripting in Pimcore Datahub
Ecosystems: packagist
Packages: pimcore/data-hub
Source: GitHub Advisory Database
Blast Radius: 6.3
Published: about 2 years ago
High
GSA_kwCzR0hTQS1xODYzLWNjaG0tYzZjNs01ig
SQL Injection in Fork CMS
Ecosystems: packagist
Packages: forkcms/forkcms
Source: GitHub Advisory Database
Blast Radius: 4.5
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS0yZjV2LThyM2YtOHB3d801hA
Improper access control allows admin privilege escalation in Argo CD
Ecosystems: go
Packages: github.com/argoproj/argo-cd
Source: GitHub Advisory Database
Blast Radius: 14.9
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1oNmg1LTZmbXEtcmgyOM01gw
Path traversal allows leaking out-of-bound files from Argo CD repo-server
Ecosystems: go
Packages: github.com/argoproj/argo-cd
Source: GitHub Advisory Database
Blast Radius: 10.1
Published: about 2 years ago
High
GSA_kwCzR0hTQS1yOWNyLWh2amotNDk2ds01gg
Path traversal and improper access control allows leaking out-of-bound files from Argo CD repo-server
Ecosystems: go
Packages: github.com/argoproj/argo-cd
Source: GitHub Advisory Database
Blast Radius: 11.5
Published: about 2 years ago
High
GSA_kwCzR0hTQS12dmZmLTZ3cnItNGc3cc01ZQ
Missing Authentication for Critical Function in Foreman Ansible
Ecosystems: rubygems
Packages: foreman_ansible
Source: GitHub Advisory Database
Blast Radius: 4.9
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1obTN4LWp3d2YtanByOc01YA
Exposure of Sensitive Information to an Unauthorized Actor in OpenStack tripleo-heat-templates
Ecosystems: pypi
Packages: tripleo-heat-templates
Source: GitHub Advisory Database
Blast Radius: 1.3
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS14cjJjLTV3ODktNjNwds01MA
Poetry before v1.1.9 contains Untrusted Search Path
Ecosystems: pypi
Packages: poetry
Source: GitHub Advisory Database
Blast Radius: 32.3
Published: about 2 years ago
High
GSA_kwCzR0hTQS05bTg3LTZmajMtYzV4aM01Lg
Untrusted Search Path in PNPM
Ecosystems: npm
Packages: pnpm
Source: GitHub Advisory Database
Blast Radius: 30.5
Published: about 2 years ago
High
GSA_kwCzR0hTQS14cDgyLWptdzgtbWp4cM01LQ
Unrestricted Upload of File with Dangerous Type in ShowDoc
Ecosystems: packagist
Packages: showdoc/showdoc
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS0zcXI2LXFycW0tOHY4Ns01Kw
Integer Overflow or Wraparound in Microweber
Ecosystems: packagist
Packages: microweber/microweber
Source: GitHub Advisory Database
Blast Radius: 5.2
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS1nZmY3LWc1cjgtbWc4bc01GA
Prototype Pollution in simple-plist
Ecosystems: npm
Packages: simple-plist
Source: GitHub Advisory Database
Blast Radius: 54.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS01dzljLXJ2OTYtZnI3Z801FQ
Removal of functional code in faker.js
Ecosystems: npm
Packages: faker
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS1nY3gyLWd2ajctcHh2M801FA
Insufficient Protection against HTTP Request Smuggling in mitmproxy
Ecosystems: pypi
Packages: mitmproxy
Source: GitHub Advisory Database
Blast Radius: 27.5
Published: about 2 years ago
Low
GSA_kwCzR0hTQS0zcDIyLWdocTgtdjc0Oc01Ew
Renderers can obtain access to random bluetooth device without permission in Electron
Ecosystems: npm
Packages: electron
Source: GitHub Advisory Database
Blast Radius: 16.9
Published: about 2 years ago
High
GSA_kwCzR0hTQS02OXdwLXh3bTctNjl3bc01DA
Exposure of Resource to Wrong Sphere in ThinkPHP Framework
Ecosystems: packagist
Packages: topthink/framework
Source: GitHub Advisory Database
Blast Radius: 26.3
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS03cTg4LWp4dnAtOWdwMs01Bw
Path Traversal in Studio-42 elFinder through 2.1.60
Ecosystems: packagist
Packages: studio-42/elfinder
Source: GitHub Advisory Database
Blast Radius: 28.5
Published: about 2 years ago
High
GSA_kwCzR0hTQS1oZjhjLXhyODktdmZtNc00_w
Command Injection in ungit
Ecosystems: npm
Packages: ungit
Source: GitHub Advisory Database
Blast Radius: 12.0
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS1yZ2djLTRnM3ItajdmZs00zw
Remote Code Execution in Contao Managed Edition
Ecosystems: packagist
Packages: contao/managed-edition
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS1tZjc5LWY2NTctNDd3d800zA
Insufficient Session Expiration in Admidio
Ecosystems: packagist
Packages: admidio/admidio
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1mOHE0LWp3d3cteDN3ds00ww
Race Condition in Paramiko
Ecosystems: pypi
Packages: paramiko
Source: GitHub Advisory Database
Blast Radius: 26.5
Published: about 2 years ago
High
GSA_kwCzR0hTQS04YzI2LXdtaDUtNmc5ds00tw
golang.org/x/crypto/ssh Denial of service via crafted Signer
Ecosystems: go
Packages: golang.org/x/crypto
Source: GitHub Advisory Database
Blast Radius: 40.7
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS1wcjlxLXY1ODUtcXYyd800vg
Improper Privilege Management in Open Web Analytics
Ecosystems: packagist
Packages: open-web-analytics/open-web-analytics
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS01dmpjLXF4NDMtcjc0N800Lg
Stored Cross-site Scripting in folder-auth plugin
Ecosystems: maven
Packages: io.jenkins.plugins:folder-auth
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS1qeDhmLWNweDctZnY0N800LQ
Allocation of Resources Without Limits or Throttling in nvflare
Ecosystems: pypi
Packages: nvflare
Source: GitHub Advisory Database
Blast Radius: 12.3
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS0zZnZmLTJncDQtODl3cc00LA
Possibility for Denial of Service by overwriting PHP files with language exports
Ecosystems: packagist
Packages: barryvdh/laravel-translation-manager
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS1mOHhxLXE3cHgtd2c4Y800Kw
Improper Neutralization of Formula Elements in a CSV File in Gradio Flagging
Ecosystems: pypi
Packages: gradio
Source: GitHub Advisory Database
Blast Radius: 35.8
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS0ycjJjLWc2M3ItdmNjcs00Kg
Improper Verification of Cryptographic Signature in `node-forge`
Ecosystems: npm
Packages: node-forge
Source: GitHub Advisory Database
Blast Radius: 34.4
Published: about 2 years ago
High
GSA_kwCzR0hTQS14NGpnLW1qcngtNDM0Z800KQ
Improper Verification of Cryptographic Signature in node-forge
Ecosystems: npm
Packages: node-forge
Source: GitHub Advisory Database
Blast Radius: 48.6
Published: about 2 years ago
High
GSA_kwCzR0hTQS1jZm00LXFqaDItNDc2Nc00KA
Improper Verification of Cryptographic Signature in node-forge
Ecosystems: npm
Packages: node-forge
Source: GitHub Advisory Database
Blast Radius: 48.6
Published: about 2 years ago
High
GSA_kwCzR0hTQS00NmM1LXBmajgtZnY2Nc00Jw
Improperly checked metadata on tools/armour itemstacks received from the client
Ecosystems: packagist
Packages: pocketmine/pocketmine-mp
Source: GitHub Advisory Database
Blast Radius: 15.6
Published: about 2 years ago
High
GSA_kwCzR0hTQS00ZjdwLTI3amMtM2MzNs00Jg
HTTP Request Smuggling in waitress
Ecosystems: pypi
Packages: waitress
Source: GitHub Advisory Database
Blast Radius: 33.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS1qM2ZmLXhwNmMtNmdjY800JQ
Failure to validate signature during handshake
Ecosystems: npm
Packages: @chainsafe/libp2p-noise
Source: GitHub Advisory Database
Blast Radius: 23.5
Published: about 2 years ago
High
GSA_kwCzR0hTQS0zN2c3LTh2amotcGpwas00JA
RESTEasy 4.5.5.Final in hash flooding
Ecosystems: maven
Packages: org.jboss.resteasy:resteasy-bom
Source: GitHub Advisory Database
Blast Radius: 18.8
Published: about 2 years ago
High
GSA_kwCzR0hTQS1wNmo4LWhndjUtbTM1Z800Iw
Uncontrolled Resource Consumption in jboss-remoting
Ecosystems: maven
Packages: org.jboss.remoting:jboss-remoting
Source: GitHub Advisory Database
Blast Radius: 20.7
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS03d2ZjLXg0ZjctZ2cyeM00Ig
Code injection in Apache Dubbo
Ecosystems: maven
Packages: org.apache.dubbo:dubbo
Source: GitHub Advisory Database
Blast Radius: 34.4
Published: about 2 years ago
Statistics
Advisories: 18,934
Packages: 8,436
Repositories: 5,112
Ecosystems: 12
Filter by Severity
Moderate 8,251 High 6,488 Critical 2,865 Low 1,027
Filter by Ecosystem
maven 5,588 packagist 4,099 pypi 3,871 npm 3,566 go 1,952 nuget 1,426 rubygems 817 cargo 801 swift 31 hex 30 actions 16 pub 8
Filter by Package
tensorflow 432 tensorflow-cpu 387 tensorflow-gpu 384 moodle/moodle 323 Microsoft.ChakraCore 247 magento/community-edition 203 org.jenkins-ci.main:jenkins-core 189 org.apache.tomcat:tomcat 134 pimcore/pimcore 116 dolibarr/dolibarr 109 typo3/cms 102 phpmyadmin/phpmyadmin 92 drupal/core 91 microweber/microweber 91 silverstripe/framework 83 django 80 apache-airflow 79 typo3/cms-core 77 drupal/drupal 76 thorsten/phpmyfaq 70 com.fasterxml.jackson.core:jackson-databind 69 ansible 63 github.com/usememos/memos 59 actionpack 57 org.apache.struts:struts2-core 55 librenms/librenms 54 symfony/symfony 53 salt 53 Plone 52 concrete5/concrete5 52 apache-superset 49 shopware/platform 48 org.keycloak:keycloak-core 47 nova 46 com.liferay.portal:release.portal.bom 45 github.com/grafana/grafana 45 nokogiri 43 baserproject/basercms 43 plone 43 rdiffweb 42 Pillow 41 intelliants/subrion 40 craftcms/cms 40 showdoc/showdoc 40 github.com/mattermost/mattermost/server/v8 38 vyper 38 github.com/mattermost/mattermost-server/v6 37 froxlor/froxlor 37 nilsteampassnet/teampass 37 org.apache.tomcat.embed:tomcat-embed-core 36 shopware/core 36 com.jfinal:jfinal 36 com.thoughtworks.xstream:xstream 36 moin 35 matrix-synapse 35 net.mingsoft:ms-mcms 35 org.xwiki.platform:xwiki-platform-oldcore 34 github.com/answerdev/answer 34 k8s.io/kubernetes 33 mlflow 33 Django 32 org.jenkins-ci.plugins:script-security 32 org.elasticsearch:elasticsearch 32 snipe/snipe-it 32 shopware/shopware 31 keystone 31 opencv-python 30 opencv-contrib-python 30 github.com/argoproj/argo-cd 30 mautic/core 30 getgrav/grav 29 parse-server 29 github.com/hashicorp/vault 28 github.com/rancher/rancher 28 org.keycloak:keycloak-services 27 centreon/centreon 27 io.undertow:undertow-core 27 openssl-src 26 github.com/hashicorp/nomad 26 electron 26 prestashop/prestashop 26 github.com/hashicorp/consul 26 org.keycloak:keycloak-parent 25 org.apache.solr:solr-core 25 github.com/argoproj/argo-cd/v2 25 rubygems-update 25 gogs.io/gogs 24 magento/core 24 mediawiki/core 24 puppet 23 simplesamlphp/simplesamlphp 23 org.eclipse.jetty:jetty-server 23 pocketmine/pocketmine-mp 23 org.springframework.security:spring-security-core 23 remdex/livehelperchat 23 grumpydictator/firefly-iii 22 getkirby/cms 22 ckb 22 org.apache.nifi:nifi 22 rack 22 org.bouncycastle:bcprov-jdk14 22 activerecord 21 contao/core-bundle 21 org.apache.openmeetings:openmeetings-parent 21 @openzeppelin/contracts-upgradeable 21 github.com/ethereum/go-ethereum 20 org.cloudfoundry.identity:cloudfoundry-identity-server 20 github.com/docker/docker 20 @openzeppelin/contracts 20 github.com/cilium/cilium 20 tribalsystems/zenario 20 glance 19 DotNetNuke.Core 19 code.gitea.io/gitea 19 laravel/framework 19 org.springframework:spring-core 19 langchain 18 forkcms/forkcms 18 golang.org/x/net 18 contao/contao 18 com.liferay.portal:release.dxp.bom 18 com.vaadin:vaadin-bom 18 directus 18 Microsoft.AspNetCore.App.Runtime.win-x86 18 Microsoft.AspNetCore.App.Runtime.win-x64 18 cockpit-hq/cockpit 18 org.apache.geode:geode-core 17 francoisjacquet/rosariosis 17 topthink/framework 17 helm.sh/helm/v3 17 cobbler 17 ezsystems/ezpublish-kernel 17 org.xwiki.platform:xwiki-platform-web-templates 17 cakephp/cakephp 17 genix/cms 17 PaddlePaddle 17 symfony/security 17 Microsoft.AspNetCore.App.Runtime.win-arm 17 mercurial 17 rusqlite 16 yetiforce/yetiforce-crm 16 pillow 16 Microsoft.AspNetCore.App.Runtime.linux-x64 16 Microsoft.AspNetCore.App.Runtime.linux-musl-x64 16 Microsoft.AspNetCore.App.Runtime.osx-x64 16 Microsoft.AspNetCore.App.Runtime.linux-arm64 16 neutron 16 wasmtime 16 Microsoft.AspNetCore.App.Runtime.linux-arm 16 org.apache.dubbo:dubbo 16 org.apache.activemq:activemq-client 16 org.bouncycastle:bcprov-jdk15 16 sequelize 16 Microsoft.AspNetCore.App.Runtime.win-arm64 15 gradio 15 paddlepaddle 15 org.apache.struts.xwork:xwork-core 15 github.com/goharbor/harbor 15 Microsoft.AspNetCore.App.Runtime.linux-musl-arm64 15 org.apache.jspwiki:jspwiki-main 15 notebook 15 next 15 openmage/magento-lts 15 cryptography 15 silverstripe/cms 14 symfony/security-http 14 zendframework/zendframework1 14 publify_core 14 ec-cube/ec-cube 14 org.apache.inlong:manager-pojo 14 pyftpdlib 14 smarty/smarty 14 github.com/traefik/traefik/v2 14 typo3/cms-backend 14 phpmailer/phpmailer 14 org.xwiki.platform:xwiki-platform-web 14 github.com/containerd/containerd 14 swagger-ui 14 pyload-ng 14 ghost 14 activesupport 14 tinymce 14 modoboa 14 github.com/nats-io/nats-server/v2 13 strapi 13 october/system 13 org.apache.cxf:cxf 13 bolt/bolt 13 org.apache.hadoop:hadoop-main 13 joplin 13 OctoPrint 13 github.com/mattermost/mattermost-server 13 vantage6 13 lavalite/cms 13 impresscms/impresscms 13 codeigniter4/framework 13 ckeditor4 13 elefant/cms 13 passenger 13 Microsoft.NETCore.App.Runtime.win-arm64 12
Filter by Repository
https://github.com/tensorflow/tensorflow 432 https://github.com/chakra-core/ChakraCore 214 https://github.com/moodle/moodle 210 https://github.com/xwiki/xwiki-platform 172 https://github.com/jenkinsci/jenkins 148 https://github.com/pimcore/pimcore 111 https://github.com/django/django 103 https://github.com/apache/tomcat 96 https://github.com/apache/airflow 91 https://github.com/microweber/microweber 85 https://github.com/FasterXML/jackson-databind 70 https://github.com/thorsten/phpmyfaq 69 https://github.com/silverstripe/silverstripe-framework 62 https://github.com/usememos/memos 59 https://github.com/keycloak/keycloak 59 https://github.com/Dolibarr/dolibarr 55 https://github.com/ansible/ansible 53 https://github.com/rails/rails 53 https://github.com/python-pillow/Pillow 52 https://github.com/kubernetes/kubernetes 49 https://github.com/symfony/symfony 47 https://github.com/apache/struts 46 https://github.com/librenms/librenms 46 https://github.com/TYPO3/typo3 46 https://github.com/shopware/platform 43 https://github.com/ikus060/rdiffweb 42 https://github.com/spring-projects/spring-framework 41 https://github.com/grafana/grafana 39 https://github.com/phpmyadmin/phpmyadmin 38 https://github.com/argoproj/argo-cd 38 https://github.com/star7th/showdoc 38 https://github.com/vyperlang/vyper 38 https://github.com/openstack/nova 37 https://github.com/plone/Products.CMFPlone 37 https://github.com/x-stream/xstream 36 https://github.com/concretecms/concretecms 34 https://github.com/answerdev/answer 34 https://github.com/apache/activemq 33 https://github.com/octobercms/october 33 https://github.com/sparklemotion/nokogiri 32 https://github.com/saltstack/salt 32 https://github.com/matrix-org/synapse 32 https://github.com/PaddlePaddle/Paddle 31 https://github.com/go-gitea/gitea 31 https://github.com/magento/magento2 31 https://github.com/craftcms/cms 29 https://github.com/parse-community/parse-server 29 https://github.com/opencv/opencv 28 https://github.com/CVEProject/cvelist 28 https://github.com/mautic/mautic 28 https://github.com/snipe/snipe-it 28 https://github.com/openstack/keystone 28 https://github.com/mlflow/mlflow 27 https://github.com/apache/inlong 26 https://github.com/froxlor/froxlor 26 https://github.com/rancher/rancher 25 https://github.com/electron/electron 25 https://github.com/TYPO3/TYPO3.CMS 24 https://github.com/getgrav/grav 24 https://github.com/shopware/shopware 24 https://github.com/dotnet/runtime 24 https://github.com/livehelperchat/livehelperchat 23 https://github.com/eclipse/jetty.project 23 https://github.com/pmmp/PocketMine-MP 23 https://github.com/github/advisory-database 23 https://github.com/baserproject/basercms 22 https://github.com/nervosnetwork/ckb 22 https://github.com/PrestaShop/PrestaShop 22 https://github.com/contao/contao 22 https://github.com/firefly-iii/firefly-iii 22 https://github.com/apache/nifi 21 https://github.com/strapi/strapi 21 https://github.com/jenkinsci/script-security-plugin 21 https://github.com/gogs/gogs 20 https://github.com/OpenNMS/opennms 20 https://github.com/cilium/cilium 20 https://github.com/simplesamlphp/simplesamlphp 20 https://github.com/OpenZeppelin/openzeppelin-contracts 20 https://github.com/netty/netty 20 https://github.com/jeecgboot/jeecg-boot 20 https://github.com/nilsteampassnet/teampass 19 https://github.com/hashicorp/consul 19 https://github.com/cloudfoundry/uaa 19 https://github.com/apache/cxf 19 https://github.com/intelliants/subrion 19 https://github.com/bcgit/bc-java 19 https://github.com/getkirby/kirby 18 https://github.com/nilsteampassnet/TeamPass 18 https://github.com/umbraco/Umbraco-CMS 18 https://github.com/rubygems/rubygems 18 https://github.com/helm/helm 18 https://github.com/vaadin/platform 17 https://github.com/bytecodealliance/wasmtime 17 https://github.com/liufee/cms 17 https://github.com/directus/directus 17 https://github.com/rack/rack 17 https://github.com/yetiforcecompany/yetiforcecrm 16 https://github.com/rusqlite/rusqlite 16 https://github.com/forkcms/forkcms 16 https://github.com/opencast/opencast 16 https://github.com/hashicorp/vault 16 https://github.com/sequelize/sequelize 16 https://github.com/ethereum/go-ethereum 16 https://github.com/etcd-io/etcd 16 https://github.com/centreon/centreon 15 https://github.com/goharbor/harbor 15 https://github.com/denoland/deno 15 https://github.com/apache/camel 15 https://github.com/geoserver/geoserver 15 https://github.com/laravel/framework 15 https://github.com/puppetlabs/puppet 15 https://github.com/OpenMage/magento-lts 15 https://github.com/PHPMailer/PHPMailer 15 https://github.com/vantage6/vantage6 15 https://github.com/cockpit-hq/cockpit 14 https://github.com/gradio-app/gradio 14 https://github.com/langchain-ai/langchain 14 https://github.com/tinymce/tinymce 14 https://github.com/moby/moby 14 https://github.com/mattermost/mattermost 14 https://github.com/cobbler/cobbler 14 https://github.com/pyload/pyload 14 https://github.com/containerd/containerd 14 https://github.com/traefik/traefik 14 https://github.com/pyca/cryptography 14 https://github.com/hashicorp/nomad 13 https://github.com/dompdf/dompdf 13 https://github.com/quarkusio/quarkus 13 https://github.com/undertow-io/undertow 13 https://github.com/ming-soft/MCMS 13 https://github.com/swagger-api/swagger-ui 13 https://github.com/dromara/hutool 13 https://github.com/modoboa/modoboa 13 https://github.com/publify/publify 13 https://github.com/golang/go 13 https://github.com/xuxueli/xxl-job 13 https://github.com/apache/kylin 12 https://github.com/laurent22/joplin 12 https://github.com/ckeditor/ckeditor4 12 https://github.com/twisted/twisted 12 https://github.com/patriksimek/vm2 12 https://github.com/nodejs/undici 12 https://github.com/centreon/centreon-archived 12 https://github.com/TryGhost/Ghost 12 https://github.com/backstage/backstage 12 https://github.com/apache/dolphinscheduler 12 https://github.com/scrapy/scrapy 11 https://github.com/smarty-php/smarty 11 https://github.com/janeczku/calibre-web 11 https://github.com/cakephp/cakephp 11 https://github.com/nats-io/nats-server 11 https://github.com/onionshare/onionshare 11 https://github.com/1Panel-dev/1Panel 11 https://github.com/urllib3/urllib3 11 https://github.com/igniterealtime/Openfire 11 https://github.com/ezsystems/ezpublish-kernel 11 https://github.com/vercel/next.js 11 https://github.com/zitadel/zitadel 11 https://github.com/vaadin/flow 11 https://github.com/top-think/framework 11 https://github.com/puma/puma 11 https://github.com/containers/podman 11 https://github.com/Studio-42/elFinder 11 https://github.com/cloudflare/cfrpki 11 https://github.com/drupal/core 11 https://github.com/openstack/glance 11 https://github.com/opencontainers/runc 11 https://github.com/NodeBB/NodeBB 11 https://github.com/thorsten/phpMyFAQ 11 https://github.com/aio-libs/aiohttp 11 https://github.com/dotnet/aspnetcore 11 https://github.com/openfga/openfga 11 https://github.com/WWBN/AVideo 11 https://github.com/greenpau/caddy-security 10 https://github.com/jupyter/notebook 10 https://github.com/Sylius/Sylius 10 https://github.com/dolibarr/dolibarr 10 https://github.com/nextauthjs/next-auth 10 https://github.com/zopefoundation/Zope 10 https://github.com/phusion/passenger 10 https://github.com/pimcore/admin-ui-classic-bundle 10 https://github.com/OPCFoundation/UA-.NETStandard 10 https://github.com/apache/zeppelin 10 https://github.com/codeigniter4/CodeIgniter4 10 https://github.com/nocodb/nocodb 10 https://github.com/dpgaspar/Flask-AppBuilder 10 https://github.com/jenkinsci/git-plugin 10 https://github.com/wagtail/wagtail 10 https://github.com/jquery/jquery 10 https://github.com/keystonejs/keystone 10 https://github.com/faucetsdn/ryu 9 https://github.com/ethyca/fides 9 https://github.com/LavaLite/cms 9 https://github.com/cri-o/cri-o 9 https://github.com/DSpace/DSpace 9 https://github.com/apache/lucene-solr 9 https://github.com/funadmin/funadmin 9 https://github.com/nautobot/nautobot 9 https://github.com/rails/rails-html-sanitizer 9