Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories

Loading...
Moderate
GSA_kwCzR0hTQS1jcTZ3LXc1cmotcDl4OM0WNg
Cross-site Scripting in Froala Editor
Ecosystems: npm
Packages: froala-editor
Source: GitHub Advisory Database
Blast Radius: 19.3
Published: over 2 years ago
High
GSA_kwCzR0hTQS1tNmo0LThyN3Atd3BwM80WNw
BuddyPress privilege escalation via REST API
Ecosystems: packagist
Packages: buddypress/buddypress
Source: GitHub Advisory Database
Blast Radius: 6.8
Published: over 2 years ago
High
GSA_kwCzR0hTQS02Z2pmLTd3OTktajd4N80WOA
Deleted Admin Can Sign In to Admin Interface
Ecosystems: packagist
Packages: october/system, october/october
Source: GitHub Advisory Database
Blast Radius: 18.2
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1qd3FwLTI4Z2YtcDQ5OM0WOQ
Scrapy HTTP authentication credentials potentially leaked to target websites
Ecosystems: pypi
Packages: Scrapy
Source: GitHub Advisory Database
Blast Radius: 19.6
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1wNnZnLXA4MjYtcXAzds0WKg
URL Redirection to Untrusted Site ('Open Redirect') in fastify-static
Ecosystems: npm
Packages: fastify-static
Source: GitHub Advisory Database
Blast Radius: 21.9
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS03NTM0LW1tNDUtYzc0ds0WKQ
Buffer Overflow in Pillow
Ecosystems: pypi
Packages: pillow
Source: GitHub Advisory Database
Blast Radius: 48.5
Published: over 2 years ago
High
GSA_kwCzR0hTQS02OWo2LTI5dnItcDNqOc0WKA
Authentication bypass for viewing and deletions of snapshots
Ecosystems: go
Packages: github.com/grafana/grafana
Source: GitHub Advisory Database
Blast Radius: 12.4
Published: over 2 years ago
High
GSA_kwCzR0hTQS02NTdtLXY1dm0tZjZyd80WJw
Cross-Site-Request-Forgery in Backend
Ecosystems: packagist
Packages: typo3/cms, typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 31.6
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1tMmpoLWZ4dzQtZ3Bobc0WJg
HTTP Host Header Injection
Ecosystems: packagist
Packages: typo3/cms, typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 17.2
Published: over 2 years ago
High
GSA_kwCzR0hTQS1mcnFnLTdnMzgtNmdjZs0WJQ
Improper escaping of command arguments on Windows leading to command injection
Ecosystems: packagist
Packages: composer/composer
Source: GitHub Advisory Database
Blast Radius: 37.3
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1qMjhyLWo1NG0tZ3BjNM0WJA
Code Injection in SLO Generator
Ecosystems: pypi
Packages: slo-generator
Source: GitHub Advisory Database
Blast Radius: 2.5
Published: over 2 years ago
High
GSA_kwCzR0hTQS1jcjNmLXIyNGotM2Nod80WIw
Cobbler before 3.3.0 allows authorization bypass for modification of settings.
Ecosystems: pypi
Packages: cobbler
Source: GitHub Advisory Database
Blast Radius: 7.8
Published: over 2 years ago
High
GSA_kwCzR0hTQS1jcHFmLTNjM3ItYzlnMs0WIg
Cobbler before 3.3.0 allows log poisoning
Ecosystems: pypi
Packages: cobbler
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
High
GSA_kwCzR0hTQS00Y2ZyLWdqZngtZmozeM0WIQ
Cobbler before 3.3.0 allows arbitrary file write operations via upload_log_data.
Ecosystems: pypi
Packages: cobbler
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1jMmgzLTZteHctN212cc0WHg
Insufficiently restricted permissions on plugin directories
Ecosystems: go
Packages: github.com/containerd/containerd
Source: GitHub Advisory Database
Blast Radius: 26.1
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS14cHYyLThwcGotNzloaM0WHQ
Expression injection in AviatorScript
Ecosystems: maven
Packages: com.googlecode.aviator:aviator
Source: GitHub Advisory Database
Blast Radius: 25.9
Published: over 2 years ago
High
GSA_kwCzR0hTQS01dmZ4LTh3Nm0taDN2NM0WHA
Pterodactyl Panel vulnerable to authentication bypass due to improper user-provided security token verification
Ecosystems: packagist
Packages: pterodactyl/panel
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS14Mmd3LTg1dzYtZmpqd80WGw
Cross-site scripting in demos/demo.mysqli.php in getID3
Ecosystems: packagist
Packages: james-heinrich/getid3
Source: GitHub Advisory Database
Blast Radius: 17.2
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1neG1jLTV3ajMtang2NM0WGg
Cross-site scripting in application/controllers/dropbox.php in JustWriting
Ecosystems: packagist
Packages: hjue/justwriting
Source: GitHub Advisory Database
Blast Radius: 3.7
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1tNzJnLTQycTYtZ3ZjMs0WGQ
Cross-site Scripting in LaraCMS
Ecosystems: packagist
Packages: wanglelecc/laracms
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS05Mzc4LWY0djctamdtNM0WFw
Deserialization of Untrusted Data in org.apache.ddlutils:ddlutils
Ecosystems: maven
Packages: org.apache.ddlutils:ddlutils
Source: GitHub Advisory Database
Blast Radius: 22.1
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS01cGN4LXZxanAtcDM0d80WFg
Cross-site Scripting in shuup
Ecosystems: pypi
Packages: shuup
Source: GitHub Advisory Database
Blast Radius: 9.3
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1yd2g5LTh4eDgtNHdmbc0WEw
Cross-site Scripting in OpenCRX
Ecosystems: maven
Packages: org.opencrx:opencrx-gradle, org.opencrx:opencrx-client, org.opencrx:opencrx-core-config, org.opencrx:opencrx-core-models, org.opencrx:opencrx-core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
High
GSA_kwCzR0hTQS02NjNqLXJqY3ItNzg5Zs0WFA
CSV injection in shuup
Ecosystems: pypi
Packages: shuup
Source: GitHub Advisory Database
Blast Radius: 12.3
Published: over 2 years ago
High
GSA_kwCzR0hTQS1od3FjLXBnanctdmpxcM0WDg
Cross-Site Request Forgery in GilaCMS
Ecosystems: packagist
Packages: gilacms/gila
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1oN21xLTI3cjctdzk3Ms0WDA
Cross-site Scripting in GilaCMS
Ecosystems: packagist
Packages: gilacms/gila
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS02Njc1LXd3cXItamhtZs0WDQ
Cross-site Scripting in GilaCMS
Ecosystems: packagist
Packages: gilacms/gila
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS1tN2g1LWZqanEtNTU5Zs0WEg
SQL Injection in topthink/thinkphp
Ecosystems: packagist
Packages: topthink/thinkphp
Source: GitHub Advisory Database
Blast Radius: 10.2
Published: over 2 years ago
High
GSA_kwCzR0hTQS1oZjY2LXI0NGctcDdqOc0WEQ
Inefficient Regular Expression Complexity in handsontable
Ecosystems: npm
Packages: handsontable
Source: GitHub Advisory Database
Blast Radius: 22.3
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS14djd2LXJmNmcteHdyY80WEA
Directory Traversal in typo3/phar-stream-wrapper
Ecosystems: packagist
Packages: drupal/drupal, drupal/core, typo3/phar-stream-wrapper
Source: GitHub Advisory Database
Blast Radius: 36.5
Published: over 2 years ago
High
GSA_kwCzR0hTQS03cHIzLXA1Zm0tOHI5eM0WDw
LiveQuery publishes user session tokens in parse-server
Ecosystems: npm
Packages: parse-server
Source: GitHub Advisory Database
Blast Radius: 23.1
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1mNzk0LXI2eGMtaGYzds0WCQ
Improper Access Control in passport-oauth2
Ecosystems: npm
Packages: passport-oauth2
Source: GitHub Advisory Database
Blast Radius: 24.9
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS02d2hmLXE2cDUtODR3Z80WBw
Improper Access Control in Webauthn Framework
Ecosystems: packagist
Packages: web-auth/webauthn-framework
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1oaGZnLTZoZmMtcnZ4bc0WBg
Regular Expression Denial of Service in jsoneditor
Ecosystems: npm
Packages: jsoneditor
Source: GitHub Advisory Database
Blast Radius: 17.7
Published: over 2 years ago
High
GSA_kwCzR0hTQS0yd3czLWZ4dnEtMjkzas0WBQ
NLTK Vulnerable to REDoS
Ecosystems: pypi
Packages: nltk
Source: GitHub Advisory Database
Blast Radius: 35.7
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1jZzNxLTU5dzctcnZjMs0WBA
Reliance on Cookies without Validation and Integrity Checking in getgrav/grav
Ecosystems: packagist
Packages: getgrav/grav
Source: GitHub Advisory Database
Blast Radius: 6.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS0zNTZyLTc3cTgtZjY0Zs0WAw
Cross-Site Request Forgery in firefly-iii
Ecosystems: packagist
Packages: grumpydictator/firefly-iii
Source: GitHub Advisory Database
Blast Radius: 3.0
Published: over 2 years ago
High
GSA_kwCzR0hTQS14NTV3LXZqanAtMjIycs0WAg
inflect vulnerable to Inefficient Regular Expression Complexity
Ecosystems: npm
Packages: i
Source: GitHub Advisory Database
Blast Radius: 37.3
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1oNzNxLTV3bWotcThwas0WAQ
Cross site scripting in datatables.net
Ecosystems: npm
Packages: datatables.net
Source: GitHub Advisory Database
Blast Radius: 28.3
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS03MzIyLWpycTQteDVoZs0WCw
File reference keys leads to incorrect hashes on HMAC algorithms
Ecosystems: packagist
Packages: lcobucci/jwt
Source: GitHub Advisory Database
Blast Radius: 21.1
Published: over 2 years ago
High
GSA_kwCzR0hTQS0zNm1qLTZyN3ItbXFoZs0WCg
User can obtain JWT token even if account is disabled
Ecosystems: packagist
Packages: ezsystems/ezplatform-rest
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
High
GSA_kwCzR0hTQS00OG1qLXA3eDItNWpmbc0WCA
Basic auth bypass in esphome
Ecosystems: pypi
Packages: esphome
Source: GitHub Advisory Database
Blast Radius: 13.1
Published: over 2 years ago
High
GSA_kwCzR0hTQS1mMjYzLWM5NDktdzg1Z80WAA
Improper Authorization in Google OAuth Client
Ecosystems: maven
Packages: com.google.oauth-client:google-oauth-client
Source: GitHub Advisory Database
Blast Radius: 25.9
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1nOTVwLTg4cDQtNzZjbc0V_w
Cross-site Scripting in Gitea
Ecosystems: go
Packages: code.gitea.io/gitea
Source: GitHub Advisory Database
Blast Radius: 8.5
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS05cDVnLXZnNDMtbWo1cs0V_g
Druid ingestion system Authenticated users can read data from other sources than intended
Ecosystems: maven
Packages: org.apache.druid:druid-core
Source: GitHub Advisory Database
Blast Radius: 15.1
Published: over 2 years ago
High
GSA_kwCzR0hTQS0ycnI1LThxMzctMnc3aM0V_Q
Improper Restriction of XML External Entity Reference (XXE) in Nokogiri on JRuby
Ecosystems: rubygems
Packages: nokogiri
Source: GitHub Advisory Database
Blast Radius: 45.3
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS0zYzljLTJwNjUtcXZ3ds0V_A
Prototype pollution in aurelia-path
Ecosystems: npm
Packages: aurelia-path
Source: GitHub Advisory Database
Blast Radius: 28.6
Published: over 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTRmcjItajRnOS1tcHBm
Prototype Pollution in deephas
Ecosystems: npm
Packages: deephas
Source: GitHub Advisory Database
Blast Radius: 20.5
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS0zajZnLWh4eDUtM3EyNs0V9g
Observable Discrepancy in Apache Kafka
Ecosystems: maven
Packages: org.apache.kafka:kafka-clients, org.apache.kafka:kafka_2.13, org.apache.kafka:kafka_2.12, org.apache.kafka:kafka_2.11
Source: GitHub Advisory Database
Blast Radius: 25.4
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS02NXA3LXBqajgtZ2dtcs0V-w
Member account takeover
Ecosystems: npm
Packages: ghost
Source: GitHub Advisory Database
Blast Radius: 17.4
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS14cHdqLTd2OHEtbWNnas0V-g
Deno's static imports inside dynamically imported modules do not adhere to permission checks
Ecosystems: cargo
Packages: deno
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
High
GSA_kwCzR0hTQS1mcHY2LWY4anctcmMzcs0V-Q
Elvish vulnerable to remote code execution via the web UI backend
Ecosystems: go
Packages: github.com/elves/elvish
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS1ocGY3LTRjMmctOWNoZs0V-A
Remote Code Execution in Halibut
Ecosystems: nuget
Packages: Halibut
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
High
GSA_kwCzR0hTQS0ycGZoLXE3NngtZ3d2bc0V9w
Improper Input Validation and Command Injection in Ansible
Ecosystems: pypi
Packages: ansible
Source: GitHub Advisory Database
Blast Radius: 29.6
Published: over 2 years ago
High
GSA_kwCzR0hTQS14MzhxLXhnMmgtcnhneM0V9Q
Regular Expression Denial of Service in Leo Editor
Ecosystems: pypi
Packages: leo
Source: GitHub Advisory Database
Blast Radius: 3.6
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1odjVmLTczbXItN3Z2as0V9A
Cross-site Scripting in Mattermost
Ecosystems: go
Packages: github.com/mattermost/mattermost-server/v5
Source: GitHub Advisory Database
Blast Radius: 14.9
Published: over 2 years ago
High
GSA_kwCzR0hTQS1xaDd4LWo0djgtcXc1d80V7Q
Clipboard-based XSS
Ecosystems: npm
Packages: jsuites
Source: GitHub Advisory Database
Blast Radius: 18.8
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS12cnhwLW1nOWYtaHdmM80V7g
Improperly Implemented path matching for in-toto-golang
Ecosystems: go
Packages: github.com/in-toto/in-toto-golang
Source: GitHub Advisory Database
Blast Radius: 16.6
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS01NXI5LTdtZjgtbTM4Ms0V7w
Cross-site Scripting in edge.js
Ecosystems: npm
Packages: edge.js
Source: GitHub Advisory Database
Blast Radius: 19.5
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1mM3BwLTMycWMtMzZ3NM0V8A
Prototype Pollution in jointjs
Ecosystems: npm
Packages: jointjs
Source: GitHub Advisory Database
Blast Radius: 15.2
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1tNDg5LXhyMzUtZmp4cs0V8w
Regular Expression Denial of Service in millisecond
Ecosystems: npm
Packages: millisecond
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
High
GSA_kwCzR0hTQS01dmNtLTN4YzMtdzd4M80V6w
Response Splitting from unsanitized headers
Ecosystems: maven
Packages: org.http4s:http4s-client, org.http4s:http4s-server
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS00NDQ4LXJjODItZmNyN80V8g
Path Traversal in serve-here.js
Ecosystems: npm
Packages: serve-here.js
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS04cjRnLWNnNG0teDIzY80V8Q
Denial of Service in node-static
Ecosystems: npm
Packages: node-static
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXhwZnAtZjU2OS1xM3Ay
SQL Injection in Django
Ecosystems: pypi
Packages: Django
Source: GitHub Advisory Database
Blast Radius: 49.6
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS00amcyLTg0YzItcGo5Nc0V7A
Improper Control of Generation of Code ('Code Injection') in @asyncapi/modelina
Ecosystems: npm
Packages: @asyncapi/modelina
Source: GitHub Advisory Database
Blast Radius: 16.0
Published: over 2 years ago
Low
GSA_kwCzR0hTQS12dzQ3LW1yNDQtM2pmOc0V6g
Confused Deputy in Kubernetes
Ecosystems: go
Packages: k8s.io/kubernetes
Source: GitHub Advisory Database
Blast Radius: 13.4
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS03NGo4LTg4bW0tNzQ5Ns0V6Q
Confused Deputy in Kubernetes
Ecosystems: go
Packages: k8s.io/kubernetes
Source: GitHub Advisory Database
Blast Radius: 17.7
Published: over 2 years ago
High
GSA_kwCzR0hTQS02NTJoLXh3aGYtcTRoNs0V6A
OS Command Injection in ssh2
Ecosystems: npm
Packages: ssh2
Source: GitHub Advisory Database
Blast Radius: 32.6
Published: over 2 years ago
High
GSA_kwCzR0hTQS1qOHdjLWd4eDktODJoeM0V5Q
Exposure of Sensitive Information to an Unauthorized Actor in Apache Santuario
Ecosystems: maven
Packages: org.apache.santuario:xmlsec
Source: GitHub Advisory Database
Blast Radius: 25.6
Published: over 2 years ago
High
GSA_kwCzR0hTQS1xaG1wLWg1NHgtMzhxcs0V5w
CWE-730 Regex injection with IFTTT Plugin
Ecosystems: pypi
Packages: apprise
Source: GitHub Advisory Database
Blast Radius: 22.2
Published: over 2 years ago
High
GSA_kwCzR0hTQS1ycDY1LTljZjMtY2p4cs0V5A
Inefficient Regular Expression Complexity in nth-check
Ecosystems: npm
Packages: nth-check
Source: GitHub Advisory Database
Blast Radius: 48.6
Published: over 2 years ago
High
GSA_kwCzR0hTQS04djYzLWNxcWMtNnIyY80V4w
Prototype Pollution in object-path
Ecosystems: npm
Packages: object-path
Source: GitHub Advisory Database
Blast Radius: 44.8
Published: over 2 years ago
High
GSA_kwCzR0hTQS01OWc5LTdnZngtYzcycM0V1g
Infinite loop in Tomcat due to parsing error
Ecosystems: maven
Packages: org.apache.tomcat:tomcat
Source: GitHub Advisory Database
Blast Radius: 19.8
Published: over 2 years ago
High
GSA_kwCzR0hTQS1yZjN3LTI5aDMtcjYzNs0V1Q
Arbitrary Code Execution in feehi/cms
Ecosystems: packagist
Packages: feehi/cms
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
High
GSA_kwCzR0hTQS02cTNwLTM2ZjQtY3d4ds0V0A
Server-Side Request Forgery in UReport
Ecosystems: maven
Packages: com.bstek.ureport:ureport2-console
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS03MjlmLXd2ajMtYzRwas0Vzw
Remote code execution in UReport
Ecosystems: maven
Packages: com.bstek.ureport:ureport2-core
Source: GitHub Advisory Database
Blast Radius: 10.9
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1ocWhwLTVwODMtaHg5Ns0Vzg
prismjs Regular Expression Denial of Service vulnerability
Ecosystems: npm
Packages: prismjs
Source: GitHub Advisory Database
Blast Radius: 34.7
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS00Z2YyLXh2OTctNjNtMs0VzQ
Exposure of Sensitive Information in keycloak
Ecosystems: maven
Packages: org.keycloak:keycloak-core
Source: GitHub Advisory Database
Blast Radius: 17.1
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1jcHE4LXgzNWctbTQzOc0VzA
Cross-site Scripting in yourls
Ecosystems: packagist
Packages: yourls/yourls
Source: GitHub Advisory Database
Blast Radius: 4.6
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1tOWZxLWM5aHAtNTlnN80Vyw
Cross-site Scripting in yourls
Ecosystems: packagist
Packages: yourls/yourls
Source: GitHub Advisory Database
Blast Radius: 3.8
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1mMmM1LTk5N3ctN2Y1Y80Vyg
Cross-site Scripting in peertube
Ecosystems: npm
Packages: peertube
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
High
GSA_kwCzR0hTQS00NGM2LTR2MjItNG1oeM0VyQ
semver-regex Regular Expression Denial of Service (ReDOS)
Ecosystems: npm
Packages: semver-regex
Source: GitHub Advisory Database
Blast Radius: 41.8
Published: over 2 years ago
High
GSA_kwCzR0hTQS12dmYyLXBwajktcHA0Oc0VyA
Inefficient Regular Expression Complexity in vuelidate
Ecosystems: npm
Packages: @vuelidate/validators
Source: GitHub Advisory Database
Blast Radius: 23.7
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS00NWg1LXI5NjgtNXhyN80Vxw
Exposure of sensitive information in Elasticsearch
Ecosystems: maven
Packages: org.elasticsearch:elasticsearch
Source: GitHub Advisory Database
Blast Radius: 27.7
Published: over 2 years ago
High
GSA_kwCzR0hTQS1qZ3J4LW1neHgtamY5ds0Vxg
tmpl vulnerable to Inefficient Regular Expression Complexity which may lead to resource exhaustion
Ecosystems: npm
Packages: tmpl
Source: GitHub Advisory Database
Blast Radius: 46.1
Published: over 2 years ago
High
GSA_kwCzR0hTQS03cnA2LXc3bWctaDhyd80V1w
XML External Entity Reference in Apache Jena
Ecosystems: maven
Packages: org.apache.jena:jena-core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
High
GSA_kwCzR0hTQS05M3E4LWdxNjktd3Ftd80V3g
Inefficient Regular Expression Complexity in chalk/ansi-regex
Ecosystems: npm
Packages: ansi-regex
Source: GitHub Advisory Database
Blast Radius: 45.7
Published: over 2 years ago
High
GSA_kwCzR0hTQS00OXgzLTgyMjgtM3czbc0V3w
Inefficient Regular Expression Complexity in code-server
Ecosystems: npm
Packages: code-server
Source: GitHub Advisory Database
Blast Radius: 3.6
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS1mNmpwLWo2dzMtdzlobc0V4A
Apache Shiro vulnerable to a specially crafted HTTP request causing an authentication bypass
Ecosystems: maven
Packages: org.apache.shiro:shiro-core
Source: GitHub Advisory Database
Blast Radius: 41.9
Published: over 2 years ago
High
GSA_kwCzR0hTQS05MnY5LXhoMnEtZnE5Zs0V4Q
Prototype Pollution in cookiex/deep
Ecosystems: npm
Packages: @cookiex/deep
Source: GitHub Advisory Database
Blast Radius: 2.6
Published: over 2 years ago
High
GSA_kwCzR0hTQS00NjhxLXY0amotNDg1aM0V4g
Inefficient Regular Expression Complexity in taro
Ecosystems: npm
Packages: @tarojs/helper
Source: GitHub Advisory Database
Blast Radius: 21.8
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1xODc5LTlnOTUtNTZteM0V3Q
Wrong type for `Linker`-define functions when used across two `Engine`s
Ecosystems: cargo
Packages: wasmtime
Source: GitHub Advisory Database
Blast Radius: 21.4
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS00ODczLTM2aDktd3Y0Oc0V3A
Out-of-bounds read/write and invalid free with `externref`s and GC safepoints in Wasmtime
Ecosystems: cargo
Packages: wasmtime
Source: GitHub Advisory Database
Blast Radius: 21.4
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS12NGNwLWg5NHItbTd4Zs0V2w
Use after free passing `externref`s to Wasm in Wasmtime
Ecosystems: cargo
Packages: wasmtime
Source: GitHub Advisory Database
Blast Radius: 21.4
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS01Nzl4LWNqdnItY3FqOc0V2g
Observable Response Discrepancy in Lost Password Service
Ecosystems: packagist
Packages: pimcore/pimcore
Source: GitHub Advisory Database
Blast Radius: 13.2
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1qcDdmLWdyY3YtNm1qZs0V2Q
Partial path traversal in sharpcompress
Ecosystems: nuget
Packages: sharpcompress
Source: GitHub Advisory Database
Blast Radius: 10.1
Published: over 2 years ago
High
GSA_kwCzR0hTQS0yMmdoLTNyOXEteGYzOM0V2A
Lacking Protection against HTTP Request Smuggling in mitmproxy
Ecosystems: pypi
Packages: mitmproxy
Source: GitHub Advisory Database
Blast Radius: 22.7
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1maHY4LWZ4NWYtN2Z4Zs0V1A
Prototype Pollution in the merge and clone helper methods
Ecosystems: npm
Packages: zrender
Source: GitHub Advisory Database
Blast Radius: 28.3
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1tYzIyLTVxOTItOHY4Nc0V0w
Memory Safety Issue when using patch or merge on state and assign the result back to state
Ecosystems: cargo
Packages: tremor-script
Source: GitHub Advisory Database
Blast Radius: 5.1
Published: over 2 years ago
Statistics
Advisories: 17,470
Packages: 8,115
Repositories: 4,867
Ecosystems: 12
Filter by Severity
Moderate 7,470 High 6,100 Critical 2,660 Low 958
Filter by Ecosystem
maven 5,492 npm 3,496 pypi 3,463 packagist 3,213 go 1,828 nuget 1,388 rubygems 812 cargo 772 swift 31 hex 29 actions 16 pub 8
Filter by Package
tensorflow 432 tensorflow-cpu 387 tensorflow-gpu 384 moodle/moodle 249 Microsoft.ChakraCore 247 org.jenkins-ci.main:jenkins-core 189 magento/community-edition 181 org.apache.tomcat:tomcat 139 pimcore/pimcore 111 typo3/cms 94 microweber/microweber 91 django 79 apache-airflow 78 typo3/cms-core 70 thorsten/phpmyfaq 70 com.fasterxml.jackson.core:jackson-databind 69 github.com/usememos/memos 59 actionpack 57 ansible 57 dolibarr/dolibarr 56 org.apache.struts:struts2-core 55 phpmyadmin/phpmyadmin 53 concrete5/concrete5 52 librenms/librenms 49 apache-superset 48 shopware/platform 47 symfony/symfony 47 com.liferay.portal:release.portal.bom 45 baserproject/basercms 43 org.keycloak:keycloak-core 43 rdiffweb 42 nokogiri 42 Pillow 41 showdoc/showdoc 40 github.com/mattermost/mattermost/server/v8 38 plone 38 github.com/mattermost/mattermost-server/v6 37 craftcms/cms 36 com.thoughtworks.xstream:xstream 36 Plone 36 com.jfinal:jfinal 36 shopware/core 35 net.mingsoft:ms-mcms 35 matrix-synapse 34 org.xwiki.platform:xwiki-platform-oldcore 34 github.com/answerdev/answer 34 org.apache.tomcat.embed:tomcat-embed-core 32 snipe/snipe-it 32 vyper 32 org.elasticsearch:elasticsearch 32 intelliants/subrion 31 drupal/core 30 org.jenkins-ci.plugins:script-security 30 mlflow 30 k8s.io/kubernetes 30 opencv-contrib-python 30 opencv-python 30 parse-server 29 github.com/argoproj/argo-cd 29 froxlor/froxlor 28 github.com/grafana/grafana 28 github.com/hashicorp/vault 28 io.undertow:undertow-core 27 silverstripe/framework 27 centreon/centreon 27 org.keycloak:keycloak-parent 26 github.com/hashicorp/consul 26 github.com/hashicorp/nomad 26 org.keycloak:keycloak-services 26 shopware/shopware 26 electron 26 openssl-src 26 org.apache.solr:solr-core 25 rubygems-update 25 gogs.io/gogs 24 mautic/core 24 getgrav/grav 24 magento/core 24 pocketmine/pocketmine-mp 23 org.springframework.security:spring-security-core 23 org.eclipse.jetty:jetty-server 23 remdex/livehelperchat 23 prestashop/prestashop 23 puppet 23 github.com/argoproj/argo-cd/v2 22 ckb 22 org.apache.nifi:nifi 22 grumpydictator/firefly-iii 22 nilsteampassnet/teampass 22 rack 22 getkirby/cms 22 org.apache.openmeetings:openmeetings-parent 21 @openzeppelin/contracts-upgradeable 21 activerecord 21 Django 21 github.com/cilium/cilium 20 github.com/rancher/rancher 20 @openzeppelin/contracts 20 org.cloudfoundry.identity:cloudfoundry-identity-server 20 github.com/ethereum/go-ethereum 19 org.springframework:spring-core 19 drupal/drupal 19 DotNetNuke.Core 19 helm.sh/helm/v3 18 tribalsystems/zenario 18 com.vaadin:vaadin-bom 18 com.liferay.portal:release.dxp.bom 18 forkcms/forkcms 18 org.bouncycastle:bcprov-jdk14 18 langchain 18 cobbler 17 org.xwiki.platform:xwiki-platform-web-templates 17 cakephp/cakephp 17 Microsoft.AspNetCore.App.Runtime.win-x64 17 Microsoft.AspNetCore.App.Runtime.win-x86 17 github.com/docker/docker 17 PaddlePaddle 17 org.apache.geode:geode-core 17 francoisjacquet/rosariosis 17 golang.org/x/net 17 cockpit-hq/cockpit 17 wasmtime 16 sequelize 16 org.apache.activemq:activemq-client 16 Microsoft.AspNetCore.App.Runtime.win-arm 16 org.bouncycastle:bcprov-jdk15 16 yetiforce/yetiforce-crm 16 org.apache.dubbo:dubbo 16 rusqlite 16 directus 16 openmage/magento-lts 15 contao/core-bundle 15 Microsoft.AspNetCore.App.Runtime.linux-arm 15 github.com/goharbor/harbor 15 notebook 15 Microsoft.AspNetCore.App.Runtime.osx-x64 15 Microsoft.AspNetCore.App.Runtime.linux-x64 15 Microsoft.AspNetCore.App.Runtime.linux-musl-x64 15 cryptography 15 Microsoft.AspNetCore.App.Runtime.linux-arm64 15 org.apache.struts.xwork:xwork-core 15 org.apache.jspwiki:jspwiki-main 15 paddlepaddle 15 gradio 14 tinymce 14 activesupport 14 pillow 14 Microsoft.AspNetCore.App.Runtime.win-arm64 14 org.xwiki.platform:xwiki-platform-web 14 Microsoft.AspNetCore.App.Runtime.linux-musl-arm64 14 typo3/cms-backend 14 phpmailer/phpmailer 14 swagger-ui 14 publify_core 14 modoboa 14 code.gitea.io/gitea 13 passenger 13 nova 13 org.apache.inlong:manager-pojo 13 impresscms/impresscms 13 symfony/security 13 ghost 13 org.apache.hadoop:hadoop-main 13 ckeditor4 13 pyftpdlib 13 pyload-ng 13 org.apache.cxf:cxf 13 github.com/nats-io/nats-server/v2 13 github.com/containerd/containerd 13 strapi 13 october/system 13 github.com/traefik/traefik/v2 13 ezsystems/ezpublish-kernel 13 next 13 vm2 12 lavalite/cms 12 smarty/smarty 12 github.com/opencontainers/runc 12 keystone 12 actionview 12 com.vaadin:flow-server 12 org.jenkins-ci.plugins.workflow:workflow-cps 12 symfony/security-http 12 org.apache.dolphinscheduler:dolphinscheduler 12 phpmyfaq/phpmyfaq 12 org.jenkins-ci.plugins:git 12 undici 12 neutron 12 studio-42/elfinder 12 OctoPrint 12 Microsoft.NETCore.App.Runtime.win-arm64 12 Microsoft.NETCore.App.Runtime.win-x64 12 Microsoft.NETCore.App.Runtime.win-x86 12 vantage6 12 elefant/cms 12 github.com/moby/moby 11 contao/contao 11 nodebb 11 zendframework/zendframework1 11 org.apache.commons:commons-compress 11
Filter by Repository
https://github.com/tensorflow/tensorflow 432 https://github.com/chakra-core/ChakraCore 214 https://github.com/moodle/moodle 210 https://github.com/xwiki/xwiki-platform 172 https://github.com/jenkinsci/jenkins 148 https://github.com/pimcore/pimcore 106 https://github.com/apache/tomcat 93 https://github.com/apache/airflow 89 https://github.com/microweber/microweber 85 https://github.com/django/django 72 https://github.com/FasterXML/jackson-databind 70 https://github.com/thorsten/phpmyfaq 69 https://github.com/usememos/memos 59 https://github.com/keycloak/keycloak 55 https://github.com/rails/rails 53 https://github.com/python-pillow/Pillow 50 https://github.com/ansible/ansible 47 https://github.com/apache/struts 46 https://github.com/shopware/platform 43 https://github.com/TYPO3/typo3 42 https://github.com/kubernetes/kubernetes 42 https://github.com/librenms/librenms 42 https://github.com/ikus060/rdiffweb 42 https://github.com/symfony/symfony 40 https://github.com/spring-projects/spring-framework 40 https://github.com/star7th/showdoc 38 https://github.com/x-stream/xstream 36 https://github.com/argoproj/argo-cd 36 https://github.com/answerdev/answer 34 https://github.com/plone/Products.CMFPlone 34 https://github.com/concretecms/concretecms 34 https://github.com/octobercms/october 33 https://github.com/apache/activemq 32 https://github.com/vyperlang/vyper 32 https://github.com/matrix-org/synapse 32 https://github.com/sparklemotion/nokogiri 31 https://github.com/PaddlePaddle/Paddle 31 https://github.com/magento/magento2 31 https://github.com/parse-community/parse-server 29 https://github.com/craftcms/cms 28 https://github.com/opencv/opencv 28 https://github.com/CVEProject/cvelist 28 https://github.com/snipe/snipe-it 28 https://github.com/froxlor/froxlor 26 https://github.com/Dolibarr/dolibarr 26 https://github.com/apache/inlong 25 https://github.com/mlflow/mlflow 25 https://github.com/electron/electron 25 https://github.com/phpmyadmin/phpmyadmin 24 https://github.com/TYPO3/TYPO3.CMS 24 https://github.com/shopware/shopware 24 https://github.com/mautic/mautic 24 https://github.com/getgrav/grav 23 https://github.com/dotnet/runtime 23 https://github.com/eclipse/jetty.project 23 https://github.com/go-gitea/gitea 23 https://github.com/github/advisory-database 23 https://github.com/pmmp/PocketMine-MP 23 https://github.com/livehelperchat/livehelperchat 23 https://github.com/baserproject/basercms 22 https://github.com/firefly-iii/firefly-iii 22 https://github.com/grafana/grafana 22 https://github.com/nervosnetwork/ckb 22 https://github.com/rancher/rancher 21 https://github.com/strapi/strapi 21 https://github.com/apache/nifi 21 https://github.com/netty/netty 20 https://github.com/cilium/cilium 20 https://github.com/PrestaShop/PrestaShop 20 https://github.com/jenkinsci/script-security-plugin 20 https://github.com/OpenZeppelin/openzeppelin-contracts 20 https://github.com/gogs/gogs 20 https://github.com/jeecgboot/jeecg-boot 20 https://github.com/OpenNMS/opennms 20 https://github.com/nilsteampassnet/teampass 19 https://github.com/apache/cxf 19 https://github.com/helm/helm 19 https://github.com/cloudfoundry/uaa 19 https://github.com/rubygems/rubygems 18 https://github.com/bcgit/bc-java 18 https://github.com/hashicorp/consul 18 https://github.com/getkirby/kirby 18 https://github.com/bytecodealliance/wasmtime 17 https://github.com/vaadin/platform 17 https://github.com/rack/rack 17 https://github.com/liufee/cms 17 https://github.com/sequelize/sequelize 16 https://github.com/opencast/opencast 16 https://github.com/rusqlite/rusqlite 16 https://github.com/forkcms/forkcms 16 https://github.com/etcd-io/etcd 16 https://github.com/contao/contao 16 https://github.com/yetiforcecompany/yetiforcecrm 16 https://github.com/umbraco/Umbraco-CMS 16 https://github.com/hashicorp/vault 16 https://github.com/ethereum/go-ethereum 15 https://github.com/puppetlabs/puppet 15 https://github.com/directus/directus 15 https://github.com/centreon/centreon 15 https://github.com/apache/camel 15 https://github.com/intelliants/subrion 15 https://github.com/OpenMage/magento-lts 15 https://github.com/goharbor/harbor 15 https://github.com/geoserver/geoserver 15 https://github.com/vantage6/vantage6 14 https://github.com/cobbler/cobbler 14 https://github.com/PHPMailer/PHPMailer 14 https://github.com/denoland/deno 14 https://github.com/langchain-ai/langchain 14 https://github.com/cockpit-hq/cockpit 14 https://github.com/pyca/cryptography 14 https://github.com/tinymce/tinymce 14 https://github.com/gradio-app/gradio 13 https://github.com/publify/publify 13 https://github.com/modoboa/modoboa 13 https://github.com/swagger-api/swagger-ui 13 https://github.com/hashicorp/nomad 13 https://github.com/containerd/containerd 13 https://github.com/moby/moby 13 https://github.com/ming-soft/MCMS 13 https://github.com/undertow-io/undertow 13 https://github.com/traefik/traefik 13 https://github.com/golang/go 13 https://github.com/pyload/pyload 13 https://github.com/xuxueli/xxl-job 13 https://github.com/apache/kylin 12 https://github.com/patriksimek/vm2 12 https://github.com/nodejs/undici 12 https://github.com/dromara/hutool 12 https://github.com/backstage/backstage 12 https://github.com/apache/dolphinscheduler 12 https://github.com/silverstripe/silverstripe-framework 12 https://github.com/centreon/centreon-archived 12 https://github.com/twisted/twisted 12 https://github.com/onionshare/onionshare 11 https://github.com/dompdf/dompdf 11 https://github.com/Studio-42/elFinder 11 https://github.com/quarkusio/quarkus 11 https://github.com/NodeBB/NodeBB 11 https://github.com/openfga/openfga 11 https://github.com/igniterealtime/Openfire 11 https://github.com/jquery/jquery 11 https://github.com/janeczku/calibre-web 11 https://github.com/opencontainers/runc 11 https://github.com/cakephp/cakephp 11 https://github.com/puma/puma 11 https://github.com/drupal/core 11 https://github.com/vaadin/flow 11 https://github.com/ckeditor/ckeditor4 11 https://github.com/thorsten/phpMyFAQ 11 https://github.com/TryGhost/Ghost 11 https://github.com/urllib3/urllib3 11 https://github.com/cloudflare/cfrpki 11 https://github.com/phusion/passenger 10 https://github.com/jenkinsci/git-plugin 10 https://github.com/keystonejs/keystone 10 https://github.com/dotnet/aspnetcore 10 https://github.com/jupyter/notebook 10 https://github.com/codeigniter4/CodeIgniter4 10 https://github.com/WWBN/AVideo 10 https://github.com/containers/podman 10 https://github.com/pimcore/admin-ui-classic-bundle 10 https://github.com/cosmos/cosmos-sdk 10 https://github.com/1Panel-dev/1Panel 10 https://github.com/ezsystems/ezpublish-kernel 10 https://github.com/zopefoundation/Zope 10 https://github.com/greenpau/caddy-security 10 https://github.com/openstack/keystone 10 https://github.com/aio-libs/aiohttp 10 https://github.com/smarty-php/smarty 10 https://github.com/dolibarr/dolibarr 10 https://github.com/nextauthjs/next-auth 10 https://github.com/nats-io/nats-server 10 https://github.com/OPCFoundation/UA-.NETStandard 10 https://github.com/dpgaspar/Flask-AppBuilder 10 https://github.com/Pylons/waitress 9 https://github.com/funadmin/funadmin 9 https://github.com/cui2shark/cms 9 https://github.com/rails/rails-html-sanitizer 9 https://github.com/apache/lucene-solr 9 https://github.com/apache/superset 9 https://github.com/DSpace/DSpace 9 https://github.com/evershopcommerce/evershop 9 https://github.com/spring-projects/spring-security 9 https://github.com/neorazorx/facturascripts 9 https://github.com/alextselegidis/easyappointments 9 https://github.com/kevinpapst/kimai2 9 https://github.com/fatfreecrm/fat_free_crm 9 https://github.com/vercel/next.js 9 https://github.com/ethyca/fides 9 https://github.com/Graylog2/graylog2-server 9 https://github.com/zitadel/zitadel 9 https://github.com/wagtail/wagtail 9 https://github.com/LavaLite/cms 9 https://github.com/wallabag/wallabag 8 https://github.com/simplesamlphp/simplesamlphp 8 https://github.com/hazelcast/hazelcast 8 https://github.com/scrapy/scrapy 8 https://github.com/xwiki/xwiki-commons 8