Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories

Browse all Security Advisories for

Loading...
High
GSA_kwCzR0hTQS0yOTY5LThoaDktNTdqY80fkA
Allocation of Resources Without Limits or Throttling in ckb
Ecosystems: cargo
Packages: ckb
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 3 years ago
Critical
GSA_kwCzR0hTQS1xd3Z4LWM4ajctNWc3Nc0fjA
Use of Uninitialized Resource in tectonic_xdv
Ecosystems: cargo
Packages: tectonic_xdv
Source: GitHub Advisory Database
Blast Radius: 11.8
Published: almost 3 years ago
High
GSA_kwCzR0hTQS05cXZ3LTQ2Z2YtNGZ2OM0fjQ
Use After Free in tremor-script
Ecosystems: cargo
Packages: tremor-script
Source: GitHub Advisory Database
Blast Radius: 5.8
Published: almost 3 years ago
Critical
GSA_kwCzR0hTQS1yNTdyLWo5OGctNTg3Zs0fig
Pointer dereference in nanorand
Ecosystems: cargo
Packages: nanorand
Source: GitHub Advisory Database
Blast Radius: 34.3
Published: almost 3 years ago
High
GSA_kwCzR0hTQS1jd3ZjLTg3eHEtcGM1bc0fiw
Out-of-bounds Write and Race Condition in metrics-util
Ecosystems: cargo
Packages: metrics-util
Source: GitHub Advisory Database
Blast Radius: 24.2
Published: almost 3 years ago
Critical
GSA_kwCzR0hTQS1jNWh4LXc5NDUtajRwcc0fiQ
Memory flaw in zeroize_derive
Ecosystems: cargo
Packages: zeroize_derive
Source: GitHub Advisory Database
Blast Radius: 38.5
Published: almost 3 years ago
High
GSA_kwCzR0hTQS01dndjLXI0OGctd2o2Y80fhw
Abomonation transmutes &T to and from &[u8] without sufficient constraints
Ecosystems: cargo
Packages: abomonation
Source: GitHub Advisory Database
Blast Radius: 19.0
Published: almost 3 years ago
Moderate
GSA_kwCzR0hTQS03Nnc5LXA4bWctajkyN80fiA
Out-of-bounds Write in nix
Ecosystems: cargo
Packages: nix
Source: GitHub Advisory Database
Blast Radius: 29.2
Published: almost 3 years ago
High
GSA_kwCzR0hTQS1nNGgyLTR3dmgtZ3JjNc0fhA
Uncontrolled Resource Consumption in simple_asn1
Ecosystems: cargo
Packages: simple_asn1
Source: GitHub Advisory Database
Blast Radius: 26.3
Published: almost 3 years ago
Critical
GSA_kwCzR0hTQS05aGZnLXB4cjYtcTR2cM0fhQ
Use of a Broken or Risky Cryptographic Algorithm in crypto2
Ecosystems: cargo
Packages: crypto2
Source: GitHub Advisory Database
Blast Radius: 12.8
Published: almost 3 years ago
High
GSA_kwCzR0hTQS1mZzdyLTJnNGotNWNncs0fhg
Race Condition in tokio
Ecosystems: cargo
Packages: tokio
Source: GitHub Advisory Database
Blast Radius: 38.3
Published: almost 3 years ago
Moderate
GSA_kwCzR0hTQS14dnZ2LXdqN2otcjlqbc0fYg
Cross-site Scripting in Netgen Tags Bundle
Ecosystems: packagist
Packages: netgen/tagsbundle
Source: GitHub Advisory Database
Blast Radius: 9.6
Published: almost 3 years ago
High
GSA_kwCzR0hTQS14cmczLWhtZjMtcnZnd80ehg
Path Traversal in rust-embed
Ecosystems: cargo
Packages: rust-embed
Source: GitHub Advisory Database
Blast Radius: 24.0
Published: almost 3 years ago
High
GSA_kwCzR0hTQS1jbThnLTU0NGYtcDl4Oc0ehw
Use After Free in rusqlite
Ecosystems: cargo
Packages: rusqlite
Source: GitHub Advisory Database
Blast Radius: 25.9
Published: almost 3 years ago
High
GSA_kwCzR0hTQS05MmN4LTR4bTctanI5bc0eiQ
Use After Free in rusqlite
Ecosystems: cargo
Packages: rusqlite
Source: GitHub Advisory Database
Blast Radius: 25.9
Published: almost 3 years ago
High
GSA_kwCzR0hTQS1mNmYyLTN3MzMtNTRyOc0eig
Use After Free in rusqlite
Ecosystems: cargo
Packages: rusqlite
Source: GitHub Advisory Database
Blast Radius: 25.9
Published: almost 3 years ago
Moderate
GSA_kwCzR0hTQS03dnhjLWNocWotaDgzZ80eiw
showdoc is vulnerable to Cross-Site Request Forgery (CSRF)
Ecosystems: packagist
Packages: showdoc/showdoc
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 3 years ago
High
GSA_kwCzR0hTQS1nNGc0LTNwcXctOG03Zs0egw
Use After Free in rusqlite
Ecosystems: cargo
Packages: rusqlite
Source: GitHub Advisory Database
Blast Radius: 25.9
Published: almost 3 years ago
High
GSA_kwCzR0hTQS00cXIzLW03d3ctaGg5Z80ehA
Use After Free in rusqlite
Ecosystems: cargo
Packages: rusqlite
Source: GitHub Advisory Database
Blast Radius: 25.9
Published: almost 3 years ago
High
GSA_kwCzR0hTQS04N3hoLTlxNmgtcjVjY80ehQ
Use After Free in rusqlite
Ecosystems: cargo
Packages: rusqlite
Source: GitHub Advisory Database
Blast Radius: 25.9
Published: almost 3 years ago
High
GSA_kwCzR0hTQS1nODdyLTIzdnctN2Y4N80egg
Use After Free in rusqlite
Ecosystems: cargo
Packages: rusqlite
Source: GitHub Advisory Database
Blast Radius: 25.9
Published: almost 3 years ago
Moderate
GSA_kwCzR0hTQS05MjM2LTh3N3Etcm1yds0edQ
archivy is vulnerable to Cross-Site Request Forgery (CSRF)
Ecosystems: pypi
Packages: archivy
Source: GitHub Advisory Database
Blast Radius: 2.6
Published: almost 3 years ago
Critical
GSA_kwCzR0hTQS1jNmg0LWdjM2YtaGdqcc0eZw
Prototype Pollution in js-data
Ecosystems: npm
Packages: js-data
Source: GitHub Advisory Database
Blast Radius: 25.4
Published: almost 3 years ago
Moderate
GSA_kwCzR0hTQS14ZzZyLTVneDQtcXhqbc0eaQ
invoiceninja is vulnerable to Cross-site Scripting
Ecosystems: packagist
Packages: hillelcoren/invoice-ninja
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 3 years ago
High
GSA_kwCzR0hTQS1xNjc0LXhtM3gtMjkyNs0eag
Uncontrolled Resource Consumption in parse-link-header
Ecosystems: npm
Packages: parse-link-header
Source: GitHub Advisory Database
Blast Radius: 31.4
Published: almost 3 years ago
High
GSA_kwCzR0hTQS1qY3hjLXJoNnctd2Y0Oc0eaw
Link Following in Iris
Ecosystems: go
Packages: github.com/kataras/iris, github.com/kataras/iris/v12
Source: GitHub Advisory Database
Blast Radius: 27.1
Published: almost 3 years ago
Moderate
GSA_kwCzR0hTQS0yeHc4LWo0M2otNXZ4cM0ebQ
elgg is vulnerable to Cross-site Scripting
Ecosystems: packagist
Packages: elgg/elgg
Source: GitHub Advisory Database
Blast Radius: 7.2
Published: almost 3 years ago
Critical
GSA_kwCzR0hTQS1wY2NyLXE3djktNWYyN80eMw
Apache Solr Improper Input Validation and Path Traversal
Ecosystems: maven
Packages: org.apache.solr:solr-parent
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 3 years ago
Moderate
GSA_kwCzR0hTQS0zY2YyLXg0MjMteDU4Ms0eBQ
Exposure of Sensitive Information to an Unauthorized Actor and Origin Validation Error in podman
Ecosystems: go
Packages: github.com/containers/podman/v3
Source: GitHub Advisory Database
Blast Radius: 11.2
Published: almost 3 years ago
Moderate
GSA_kwCzR0hTQS1mOHg2LW05ZjUtZmZwOM0c3g
Unrestricted Upload of File with Dangerous Type in unisharp/laravel-filemanager
Ecosystems: packagist
Packages: unisharp/laravel-filemanager
Source: GitHub Advisory Database
Blast Radius: 22.8
Published: almost 3 years ago
Critical
GSA_kwCzR0hTQS02cGoyLTVmcXEteHZqY80c2g
Incorrect Authorization in latte/latte
Ecosystems: packagist
Packages: latte/latte
Source: GitHub Advisory Database
Blast Radius: 32.9
Published: almost 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTRocGYtM3dxNy01cnBy
Regular expression deinal of service (ReDoS) in is-my-json-valid
Ecosystems: npm
Packages: is-my-json-valid
Source: GitHub Advisory Database
Blast Radius: 29.5
Published: almost 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWN3ZnctNGdxNS1tcnF4
Regular Expression Denial of Service (ReDoS) in braces
Ecosystems: npm
Packages: braces
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJmbXAtanZyNy1oeDc4
Inadequate Encryption Strength in Apache NiFi
Ecosystems: maven
Packages: org.apache.nifi:nifi
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTNwcDMtNzdqNi04cGg2
Missing Authentication for Critical Function in Apache NiFi
Ecosystems: maven
Packages: org.apache.nifi:nifi
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWc2NDQtcHI1di12cHBm
Insertion of Sensitive Information into Log File in Apache NiFi Stateless
Ecosystems: maven
Packages: org.apache.nifi:nifi-stateless
Source: GitHub Advisory Database
Blast Radius: 7.8
Published: almost 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXE0eGYtM3BtcS0zaHc4
Improper Restriction of XML External Entity Reference in Apache NiFi
Ecosystems: maven
Packages: org.apache.nifi:nifi
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTdxOGctZ3BmcC12OGd4
Insertion of Sensitive Information into Log File in Apache NiFi
Ecosystems: maven
Packages: org.apache.nifi:nifi-security-utils, org.apache.nifi:nifi-framework-core
Source: GitHub Advisory Database
Blast Radius: 14.8
Published: almost 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXc0ZmotY2NyNi03cGNw
Apache NiFi Insertion of Sensitive Information into Log File
Ecosystems: maven
Packages: org.apache.nifi:nifi-parameter
Source: GitHub Advisory Database
Blast Radius: 9.7
Published: almost 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJoNjMtcXA2OS1md3Z3
Server-side request forgery (SSRF) in Apache Batik
Ecosystems: maven
Packages: org.apache.xmlgraphics:batik-svgbrowser
Source: GitHub Advisory Database
Blast Radius: 4.9
Published: almost 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXBxaHEteHg2Mi0ydjJw
Cross-site scripting in Apache NiFi
Ecosystems: maven
Packages: org.apache.nifi:nifi
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXE3cTktdzI0cS1jcGdo
Cross-site Scripting (XSS) in Apache Ambari Views
Ecosystems: maven
Packages: org.apache.ambari:ambari
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTg5N20tcmpmNS1qcDM5
Prototype Pollution in copy-props
Ecosystems: npm
Packages: copy-props
Source: GitHub Advisory Database
Blast Radius: 38.3
Published: almost 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTU5ajQtd2p3cC1tdzlt
Sandbox Bypass in Apache Velocity Engine
Ecosystems: maven
Packages: org.apache.velocity:velocity, org.apache.velocity:velocity-engine-parent
Source: GitHub Advisory Database
Blast Radius: 38.8
Published: almost 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTI5bXctd3BnbS1obXI5
Regular Expression Denial of Service (ReDoS) in lodash
Ecosystems: npm
Packages: lodash.trim, lodash.trimend, lodash-es, lodash
Source: GitHub Advisory Database
Blast Radius: 33.3
Published: almost 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTQ2YzQtOHdycC1qOTl2
Improper Validation and Sanitization in url-parse
Ecosystems: npm
Packages: url-parse
Source: GitHub Advisory Database
Blast Radius: 34.0
Published: almost 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTg2d2YtNDM2bS1oNDI0
Resource Exhaustion Denial of Service in http-proxy-agent
Ecosystems: npm
Packages: http-proxy-agent
Source: GitHub Advisory Database
Blast Radius: 60.4
Published: almost 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTRqZjUtamdncC1nNTZq
Cross-Site Request Forgery in com.softwaremill.akka-http-session:core_2.12
Ecosystems: maven
Packages: com.softwaremill.akka-http-session:core_2.12
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 3 years ago
High
GSA_kwCzR0hTQS1wM3JwLXZtajktZ3Y2ds0g-Q
Incorrect sanitisation function leads to `XSS` in mermaid
Ecosystems: npm
Packages: mermaid
Source: GitHub Advisory Database
Blast Radius: 29.7
Published: almost 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXdjNmYtY2pjcC1jYzMz
Improper Certificate Validation in Apache IoTDB
Ecosystems: maven
Packages: org.apache.iotdb:iotdb-parent
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW1wcDUtMng1NS00OXh3
XSS in svg2png (NPM package)
Ecosystems: npm
Packages: svg2png
Source: GitHub Advisory Database
Blast Radius: 21.6
Published: almost 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWhqZ20tZjd2eC1tNWc3
Deserialization of Untrusted Data in Apache Heron
Ecosystems: maven
Packages: org.apache.heron:heron-simulator
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTl4OWotODM2dy04ZjU1
Incorrect Calculation in the MSR JavaScript Cryptography Library
Ecosystems: npm
Packages: msrcrypto
Source: GitHub Advisory Database
Blast Radius: 28.1
Published: almost 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZxajgtYzI3dy1ycDMz
Cross-site scripting in Apache Syncome EndUser
Ecosystems: maven
Packages: org.apache.syncope.client:syncope-client-enduser
Source: GitHub Advisory Database
Blast Radius: 2.6
Published: almost 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXA0NzktcndocC1yd2p4
Stored XSS vulnerability in Jenkins Scriptler Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:scriptler
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTVjNmMtdzRjNC12Z3Z4
Stored XSS vulnerability in Jenkins Scriptler Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:scriptler
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWM3ZmgtY2hmNy1qcjV4
ReDOS in Vfsjfilechooser2
Ecosystems: maven
Packages: com.github.fracpete:vfsjfilechooser2
Source: GitHub Advisory Database
Blast Radius: 7.5
Published: almost 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWcyM3YtcDVqcS1qdmg0
Infinite loop in Apache CFX
Ecosystems: maven
Packages: org.apache.cxf:cxf, org.apache.cxf:apache-cxf
Source: GitHub Advisory Database
Blast Radius: 15.5
Published: almost 3 years ago
Moderate
GSA_kwCzR0hTQS05MzI4LTdwY3ctdnc2Oc0gsA
Cross-Site Request Forgery in Moodle
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 9.2
Published: almost 3 years ago
Moderate
GSA_kwCzR0hTQS1xdjdnLWo5OHYtOHBwN80gsQ
XSS vulnerability on email template preview page
Ecosystems: packagist
Packages: oro/platform
Source: GitHub Advisory Database
Blast Radius: 15.0
Published: almost 3 years ago
Moderate
GSA_kwCzR0hTQS1ocDY4LXhodmoteDZqNs0gsg
jsx-slack insufficient patch for CVE-2021-43838 ReDoS
Ecosystems: npm
Packages: jsx-slack
Source: GitHub Advisory Database
Blast Radius: 4.8
Published: almost 3 years ago
Moderate
GSA_kwCzR0hTQS1oM2ZnLWg1djMtdmY4bc0gsw
CSRF forgery protection bypass in solidus_frontend
Ecosystems: rubygems
Packages: solidus_frontend
Source: GitHub Advisory Database
Blast Radius: 14.1
Published: almost 3 years ago
High
GSA_kwCzR0hTQS04M3g0LTljd3ItNTQ4N80gtA
Improper Authorization in Keycloak
Ecosystems: maven
Packages: org.keycloak:keycloak-services
Source: GitHub Advisory Database
Blast Radius: 24.2
Published: almost 3 years ago
High
GSA_kwCzR0hTQS01cTdxLXFxdzItaGpxN80gtQ
AjaxNetProfessional deserializes arbitrary JavaScript objects
Ecosystems: nuget
Packages: AjaxNetProfessional
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 3 years ago
Critical
GSA_kwCzR0hTQS0zcXBtLWg5Y2gtcHgzY80gtg
Remote code injection, Improper Input Validation and Uncontrolled Recursion in Log4j library
Ecosystems: maven
Packages: org.powernukkit:powernukkit
Source: GitHub Advisory Database
Blast Radius: 12.6
Published: almost 3 years ago
High
GSA_kwCzR0hTQS1mODU0LWhweHYtY3c5cs0gtw
Drainage of FeeCollector's Block Transaction Fees in cronos
Ecosystems: go
Packages: github.com/tharsis/ethermint, github.com/tharsis/evmos, github.com/crypto-org-chain/cronos
Source: GitHub Advisory Database
Blast Radius: 12.5
Published: almost 3 years ago
Critical
GSA_kwCzR0hTQS1ncDZqLXZ4NTQtNXBtZs0guA
Incorrect validation of parties IDs leaks secret keys in Secret-sharing scheme
Ecosystems: go
Packages: github.com/keep-network/keep-ecdsa
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 3 years ago
Moderate
GSA_kwCzR0hTQS1qeDVxLWczN20taDVoas0guQ
Client-Side JavaScript Prototype Pollution in oro/platform
Ecosystems: packagist
Packages: oro/platform
Source: GitHub Advisory Database
Blast Radius: 11.5
Published: almost 3 years ago
High
GSA_kwCzR0hTQS1mOG02LWgyYzctOGg5eM0g4Q
Inefficient Regular Expression Complexity in nltk (word_tokenize, sent_tokenize)
Ecosystems: pypi
Packages: nltk
Source: GitHub Advisory Database
Blast Radius: 35.7
Published: almost 3 years ago
High
GSA_kwCzR0hTQS1tdmZmLWgzY2otd2o5Y80g4w
Unprivileged pod using `hostPath` can side-step active LSM when it is SELinux
Ecosystems: go
Packages: github.com/containerd/containerd
Source: GitHub Advisory Database
Blast Radius: 35.8
Published: almost 3 years ago
Critical
GSA_kwCzR0hTQS05dzdmLW00ajQtajN4d80g4g
Gerapy may cause remote code execution
Ecosystems: pypi
Packages: gerapy
Source: GitHub Advisory Database
Blast Radius: 15.0
Published: almost 3 years ago
Critical
GSA_kwCzR0hTQS01M3h2LWMyaHgtNXc2cc0d_Q
Command Injection in node-windows
Ecosystems: npm
Packages: node-windows
Source: GitHub Advisory Database
Blast Radius: 29.0
Published: almost 3 years ago
Moderate
GSA_kwCzR0hTQS04eHg5LXJ4cmotMm0yd80dig
Cross-site Scripting in pimcore
Ecosystems: packagist
Packages: pimcore/pimcore
Source: GitHub Advisory Database
Blast Radius: 16.4
Published: almost 3 years ago
High
GSA_kwCzR0hTQS1oeDc3LTVwODgtZjkycs0dFA
livehelperchat is vulnerable to Cross-Site Request Forgery (CSRF)
Ecosystems: packagist
Packages: remdex/livehelperchat
Source: GitHub Advisory Database
Blast Radius: 6.2
Published: almost 3 years ago
Moderate
GSA_kwCzR0hTQS1mN3h3LTQ2dmgtNWp3Ms0dDQ
livehelperchat is vulnerable to Cross-site Scripting
Ecosystems: packagist
Packages: remdex/livehelperchat
Source: GitHub Advisory Database
Blast Radius: 3.8
Published: almost 3 years ago
High
GSA_kwCzR0hTQS00dzIzLWM5N2ctZnE1ds0dFQ
snipe-it is vulnerable to Cross-Site Request Forgery (CSRF)
Ecosystems: packagist
Packages: snipe/snipe-it
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 3 years ago
Moderate
GSA_kwCzR0hTQS1ycTk2LXFoYzUtdm00cs0dDw
Exposure of Sensitive Information to an Unauthorized Actor in Apache NiFi
Ecosystems: maven
Packages: org.apache.nifi:nifi
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 3 years ago
High
GSA_kwCzR0hTQS1oajNtLXY3NTgtand4Nc0c2w
Path Traversal in http-server-node
Ecosystems: npm
Packages: http-server-node
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 3 years ago
High
GSA_kwCzR0hTQS1tOGd3LWhqcHItcmp2N80c4A
Prototype Pollution in dojo
Ecosystems: npm
Packages: dojo
Source: GitHub Advisory Database
Blast Radius: 24.7
Published: almost 3 years ago
Moderate
GSA_kwCzR0hTQS03bXE2LWNwNW0tZjRqNc0bxA
Cross-site Scripting in Anchor CMS
Ecosystems: packagist
Packages: anchorcms/anchor-cms
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 3 years ago
Moderate
GSA_kwCzR0hTQS04NDg5LTQ0bXYtZ2dqOM0fsA
Improper Input Validation and Injection in Apache Log4j2
Ecosystems: maven
Packages: org.apache.logging.log4j:log4j-core
Source: GitHub Advisory Database
Blast Radius: 32.5
Published: almost 3 years ago
Moderate
GSA_kwCzR0hTQS1nNWptLXhod20tOXhwOc0gRw
Cross site scripting in dolibarr
Ecosystems: packagist
Packages: dolibarr/dolibarr
Source: GitHub Advisory Database
Blast Radius: 4.2
Published: almost 3 years ago
High
GSA_kwCzR0hTQS12YzNwLTI5aDItZ3BjcM0gJw
golang.org/x/net/http2 allows uncontrolled memory consumption
Ecosystems: go
Packages: golang.org/x/net/http2
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXc2djItcWNobS1ncmo3
Insecure permissions on user namespace / fakeroot temporary rootfs in Singularity
Ecosystems: go
Packages: github.com/sylabs/singularity
Source: GitHub Advisory Database
Blast Radius: 7.3
Published: almost 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTU1N2ctcjIydy05d3Z4
Incorrect Permission Assignment for Critical Resource in Singularity
Ecosystems: go
Packages: github.com/sylabs/singularity
Source: GitHub Advisory Database
Blast Radius: 7.9
Published: almost 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZ3N2ctcDRqaC1yZjky
"Verify All" Returns Success Despite Validation Failures in Singularity
Ecosystems: go
Packages: github.com/sylabs/singularity
Source: GitHub Advisory Database
Blast Radius: 6.8
Published: almost 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXBtZnItNjNjMi1qcjVj
Execution Control List (ECL) Is Insecure in Singularity
Ecosystems: go
Packages: github.com/sylabs/singularity
Source: GitHub Advisory Database
Blast Radius: 6.8
Published: almost 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWc1NGgtbTM5My1jcHdx
devices resource list treated as a blacklist by default
Ecosystems: go
Packages: github.com/opencontainers/runc
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWdwNGotdzN2ai03Mjk5
Information Exposure in RunC
Ecosystems: go
Packages: github.com/opencontainers/runc
Source: GitHub Advisory Database
Blast Radius: 28.4
Published: almost 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXEzajUtMzJtNS01OGMy
Privilege Elevation in runc
Ecosystems: go
Packages: github.com/opencontainers/runc
Source: GitHub Advisory Database
Blast Radius: 34.6
Published: almost 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWYzdzUtdjl4eC1ycDhw
Signature verification failure in Tendermint
Ecosystems: go
Packages: github.com/tendermint/tendermint
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZqcWotZjU4cC1tcncz
Denial of Service in TenderMint
Ecosystems: go
Packages: github.com/tendermint/tendermint
Source: GitHub Advisory Database
Blast Radius: 22.6
Published: almost 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW14NDMtcjk4NS01aDRt
Open redirect vulnerability in Sourcegraph
Ecosystems: go
Packages: github.com/sourcegraph/sourcegraph
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJybTgtMzJnNC13OG0z
Cross-site Request Forgery (CSRF)
Ecosystems: go
Packages: github.com/bitly/oauth2_proxy
Source: GitHub Advisory Database
Blast Radius: 2.6
Published: almost 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWptMzQteG04bS13OTU4
Open Redirect in oauth2_proxy
Ecosystems: go
Packages: github.com/bitly/oauth2_proxy
Source: GitHub Advisory Database
Blast Radius: 1.8
Published: almost 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXFxeHctbTVmai1mN2d2
The pattern '/\domain.com' is not disallowed when redirecting, allowing for open redirect
Ecosystems: go
Packages: github.com/oauth2-proxy/oauth2-proxy
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWo3cHgtNmh3ai1ocGpn
Open Redirect in OAuth2 Proxy
Ecosystems: go
Packages: github.com/oauth2-proxy/oauth2-proxy
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTVtNmMtanA2Zi0ydmN2
Open Redirect in OAuth2 Proxy
Ecosystems: go
Packages: github.com/oauth2-proxy/oauth2-proxy
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 3 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTYyN3AtcnI3OC05OXJq
GitLab auth uses full name instead of username as user ID, allowing impersonation
Ecosystems: go
Packages: github.com/concourse/dex, github.com/concourse/concourse
Source: GitHub Advisory Database
Blast Radius: 11.9
Published: almost 3 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW05aHAtN3I5OS05NGg1
Critical security issues in XML encoding in github.com/dexidp/dex
Ecosystems: go
Packages: github.com/russellhaering/goxmldsig, github.com/dexidp/dex
Source: GitHub Advisory Database
Blast Radius: 29.6
Published: almost 3 years ago
Statistics
Advisories: 20,351
Packages: 8,930
Repositories: 5,446
Ecosystems: 12
Filter by Severity
Moderate 8,817 High 7,060 Critical 3,018 Low 1,120
Filter by Ecosystem
maven 5,802 packagist 4,526 pypi 4,296 npm 3,783 go 2,244 nuget 1,532 rubygems 872 cargo 862 swift 32 hex 30 actions 19 pub 9
Filter by Package
tensorflow 433 tensorflow-gpu 425 tensorflow-cpu 422 moodle/moodle 343 Microsoft.ChakraCore 247 magento/community-edition 235 org.jenkins-ci.main:jenkins-core 193 typo3/cms 174 org.apache.tomcat:tomcat 132 pimcore/pimcore 118 dolibarr/dolibarr 112 typo3/cms-core 106 Django 100 microweber/microweber 94 drupal/core 92 phpmyadmin/phpmyadmin 92 silverstripe/framework 85 apache-airflow 84 drupal/drupal 77 Plone 72 thorsten/phpmyfaq 70 com.fasterxml.jackson.core:jackson-databind 69 symfony/symfony 64 ansible 63 github.com/usememos/memos 63 librenms/librenms 60 actionpack 60 concrete5/concrete5 60 github.com/mattermost/mattermost/server/v8 56 salt 55 org.apache.struts:struts2-core 55 shopware/platform 52 apache-superset 51 org.keycloak:keycloak-core 51 nova 47 github.com/grafana/grafana 47 com.liferay.portal:release.portal.bom 46 mlflow 46 django 44 baserproject/basercms 43 nokogiri 43 craftcms/cms 43 rdiffweb 42 plone 41 shopware/core 40 showdoc/showdoc 40 intelliants/subrion 39 froxlor/froxlor 38 vyper 38 github.com/mattermost/mattermost-server/v6 37 mautic/core 37 nilsteampassnet/teampass 37 org.xwiki.platform:xwiki-platform-oldcore 37 org.apache.tomcat.embed:tomcat-embed-core 37 github.com/hashicorp/vault 36 org.keycloak:keycloak-services 36 com.jfinal:jfinal 36 org.elasticsearch:elasticsearch 36 com.thoughtworks.xstream:xstream 36 net.mingsoft:ms-mcms 35 matrix-synapse 35 moin 35 zendframework/zendframework1 34 github.com/answerdev/answer 34 snipe/snipe-it 34 k8s.io/kubernetes 34 github.com/rancher/rancher 34 io.undertow:undertow-core 32 org.jenkins-ci.plugins:script-security 32 gradio 32 Pillow 31 keystone 31 github.com/argoproj/argo-cd 31 opencv-python 31 opencv-contrib-python 31 parse-server 31 shopware/shopware 30 getgrav/grav 29 github.com/docker/docker 29 github.com/hashicorp/nomad 27 centreon/centreon 27 github.com/argoproj/argo-cd/v2 27 pillow 26 github.com/hashicorp/consul 26 prestashop/prestashop 26 directus 26 electron 26 openssl-src 26 org.apache.solr:solr-core 25 rubygems-update 25 org.keycloak:keycloak-parent 25 github.com/cilium/cilium 25 gogs.io/gogs 24 magento/core 24 org.springframework.security:spring-security-core 24 org.eclipse.jetty:jetty-server 24 mediawiki/core 24 contao/core-bundle 24 rack 23 puppet 23 grumpydictator/firefly-iii 23 simplesamlphp/simplesamlphp 23 zendframework/zendframework 23 remdex/livehelperchat 23 pocketmine/pocketmine-mp 23 getkirby/cms 22 ckb 22 org.bouncycastle:bcprov-jdk14 22 tribalsystems/zenario 22 Microsoft.AspNetCore.App.Runtime.win-x86 21 Microsoft.AspNetCore.App.Runtime.win-x64 21 activerecord 21 org.apache.nifi:nifi 21 @openzeppelin/contracts-upgradeable 21 org.apache.openmeetings:openmeetings-parent 21 org.cloudfoundry.identity:cloudfoundry-identity-server 20 @openzeppelin/contracts 20 Microsoft.AspNetCore.App.Runtime.win-arm 20 code.gitea.io/gitea 20 github.com/ethereum/go-ethereum 20 glance 20 laravel/framework 19 org.springframework:spring-core 19 org.xwiki.platform:xwiki-platform-web-templates 19 contao/contao 19 DotNetNuke.Core 19 langchain 18 Microsoft.AspNetCore.App.Runtime.osx-x64 18 Microsoft.AspNetCore.App.Runtime.linux-x64 18 mercurial 18 Microsoft.AspNetCore.App.Runtime.linux-musl-x64 18 next 18 Microsoft.AspNetCore.App.Runtime.linux-arm64 18 Microsoft.AspNetCore.App.Runtime.linux-arm 18 github.com/traefik/traefik/v2 18 com.liferay.portal:release.dxp.bom 18 mindsdb 18 github.com/goharbor/harbor 18 wasmtime 18 topthink/framework 18 golang.org/x/net 18 com.vaadin:vaadin-bom 18 cockpit-hq/cockpit 18 Microsoft.AspNetCore.App.Runtime.win-arm64 18 forkcms/forkcms 18 cakephp/cakephp 17 cobbler 17 PaddlePaddle 17 helm.sh/helm/v3 17 genix/cms 17 org.apache.geode:geode-core 17 symfony/security 17 notebook 17 francoisjacquet/rosariosis 17 ezsystems/ezpublish-kernel 17 opencart/opencart 17 Microsoft.AspNetCore.App.Runtime.linux-musl-arm64 17 typo3/cms-backend 16 openmage/magento-lts 16 org.bouncycastle:bcprov-jdk15 16 org.apache.jspwiki:jspwiki-main 16 org.apache.activemq:activemq-client 16 neutron 16 tinymce 16 sequelize 16 cryptography 16 org.apache.dubbo:dubbo 16 rusqlite 16 yetiforce/yetiforce-crm 16 ethyca-fides 15 october/system 15 smarty/smarty 15 ec-cube/ec-cube 15 ghost 15 paddlepaddle 15 pyload-ng 15 ckeditor4 15 org.apache.struts.xwork:xwork-core 15 silverstripe/cms 14 github.com/nats-io/nats-server/v2 14 publify_core 14 bolt/bolt 14 feehi/cms 14 modoboa 14 swagger-ui 14 symfony/security-http 14 org.xwiki.platform:xwiki-platform-web 14 phpmailer/phpmailer 14 org.apache.inlong:manager-pojo 14 pyftpdlib 14 github.com/containerd/containerd 14 activesupport 14 github.com/zitadel/zitadel 14 impresscms/impresscms 13 undici 13 deno 13 twisted 13 lavalite/cms 13 codeigniter4/framework 13 strapi 13
Filter by Repository
https://github.com/tensorflow/tensorflow 433 https://github.com/chakra-core/ChakraCore 214 https://github.com/moodle/moodle 214 https://github.com/xwiki/xwiki-platform 183 https://github.com/jenkinsci/jenkins 150 https://github.com/pimcore/pimcore 113 https://github.com/django/django 113 https://github.com/apache/airflow 98 https://github.com/apache/tomcat 97 https://github.com/microweber/microweber 88 https://github.com/TYPO3/typo3 74 https://github.com/keycloak/keycloak 74 https://github.com/FasterXML/jackson-databind 70 https://github.com/thorsten/phpmyfaq 69 https://github.com/silverstripe/silverstripe-framework 64 https://github.com/usememos/memos 63 https://github.com/rails/rails 59 https://github.com/symfony/symfony 57 https://github.com/Dolibarr/dolibarr 56 https://github.com/ansible/ansible 56 https://github.com/kubernetes/kubernetes 52 https://github.com/librenms/librenms 52 https://github.com/python-pillow/Pillow 52 https://github.com/apache/struts 46 https://github.com/spring-projects/spring-framework 45 https://github.com/shopware/platform 43 https://github.com/argoproj/argo-cd 42 https://github.com/ikus060/rdiffweb 42 https://github.com/concretecms/concretecms 41 https://github.com/grafana/grafana 40 https://github.com/star7th/showdoc 38 https://github.com/phpmyadmin/phpmyadmin 38 https://github.com/vyperlang/vyper 38 https://github.com/magento/magento2 38 https://github.com/plone/Products.CMFPlone 37 https://github.com/openstack/nova 37 https://github.com/x-stream/xstream 36 https://github.com/mautic/mautic 35 https://github.com/octobercms/october 35 https://github.com/answerdev/answer 34 https://github.com/apache/activemq 33 https://github.com/saltstack/salt 33 https://github.com/opencv/opencv 32 https://github.com/go-gitea/gitea 32 https://github.com/sparklemotion/nokogiri 32 https://github.com/matrix-org/synapse 32 https://github.com/dotnet/runtime 31 https://github.com/parse-community/parse-server 31 https://github.com/craftcms/cms 31 https://github.com/PaddlePaddle/Paddle 31 https://github.com/snipe/snipe-it 30 https://github.com/mlflow/mlflow 30 https://github.com/gradio-app/gradio 30 https://github.com/rancher/rancher 29 https://github.com/openstack/keystone 28 https://github.com/shopware/shopware 28 https://github.com/CVEProject/cvelist 28 https://github.com/apache/inlong 27 https://github.com/froxlor/froxlor 26 https://github.com/cilium/cilium 25 https://github.com/electron/electron 25 https://github.com/directus/directus 25 https://github.com/contao/contao 25 https://github.com/github/advisory-database 24 https://github.com/TYPO3/TYPO3.CMS 24 https://github.com/strapi/strapi 24 https://github.com/gogs/gogs 24 https://github.com/getgrav/grav 24 https://github.com/livehelperchat/livehelperchat 23 https://github.com/eclipse/jetty.project 23 https://github.com/pmmp/PocketMine-MP 23 https://github.com/firefly-iii/firefly-iii 23 https://github.com/nervosnetwork/ckb 22 https://github.com/baserproject/basercms 22 https://github.com/PrestaShop/PrestaShop 22 https://github.com/apache/nifi 22 https://github.com/jenkinsci/script-security-plugin 21 https://github.com/apache/cxf 21 https://github.com/netty/netty 20 https://github.com/umbraco/Umbraco-CMS 20 https://github.com/langchain-ai/langchain 20 https://github.com/OpenZeppelin/openzeppelin-contracts 20 https://github.com/OpenNMS/opennms 20 https://github.com/simplesamlphp/simplesamlphp 20 https://github.com/jeecgboot/jeecg-boot 20 https://github.com/getkirby/kirby 19 https://github.com/bytecodealliance/wasmtime 19 https://github.com/bcgit/bc-java 19 https://github.com/nilsteampassnet/teampass 19 https://github.com/cloudfoundry/uaa 19 https://github.com/hashicorp/consul 19 https://github.com/intelliants/subrion 18 https://github.com/rack/rack 18 https://github.com/nilsteampassnet/TeamPass 18 https://github.com/helm/helm 18 https://github.com/rubygems/rubygems 18 https://github.com/goharbor/harbor 18 https://github.com/geoserver/geoserver 18 https://github.com/traefik/traefik 18 https://github.com/mindsdb/mindsdb 17 https://github.com/moby/moby 17 https://github.com/zitadel/zitadel 17 https://github.com/undertow-io/undertow 17 https://github.com/liufee/cms 17 https://github.com/vaadin/platform 17 https://github.com/rusqlite/rusqlite 16 https://github.com/tinymce/tinymce 16 https://github.com/OpenMage/magento-lts 16 https://github.com/yetiforcecompany/yetiforcecrm 16 https://github.com/hashicorp/vault 16 https://github.com/ethereum/go-ethereum 16 https://github.com/etcd-io/etcd 16 https://github.com/sequelize/sequelize 16 https://github.com/backstage/backstage 16 https://github.com/opencast/opencast 16 https://github.com/forkcms/forkcms 16 https://github.com/TYPO3-CMS/core 16 https://github.com/pyload/pyload 15 https://github.com/puppetlabs/puppet 15 https://github.com/ethyca/fides 15 https://github.com/centreon/centreon 15 https://github.com/PHPMailer/PHPMailer 15 https://github.com/vantage6/vantage6 15 https://github.com/laravel/framework 15 https://github.com/zendframework/zendframework 15 https://github.com/apache/camel 15 https://github.com/pyca/cryptography 15 https://github.com/mattermost/mattermost 15 https://github.com/denoland/deno 15 https://github.com/cockpit-hq/cockpit 14 https://github.com/cobbler/cobbler 14 https://github.com/dotnet/aspnetcore 14 https://github.com/ckeditor/ckeditor4 14 https://github.com/vercel/next.js 14 https://github.com/decidim/decidim 14 https://github.com/twisted/twisted 14 https://github.com/xuxueli/xxl-job 14 https://github.com/containerd/containerd 14 https://github.com/dompdf/dompdf 13 https://github.com/modoboa/modoboa 13 https://github.com/publify/publify 13 https://github.com/dromara/hutool 13 https://github.com/OPCFoundation/UA-.NETStandard 13 https://github.com/apache/dolphinscheduler 13 https://github.com/swagger-api/swagger-ui 13 https://github.com/golang/go 13 https://github.com/ming-soft/MCMS 13 https://github.com/TryGhost/Ghost 13 https://github.com/nodejs/undici 13 https://github.com/hashicorp/nomad 13 https://github.com/quarkusio/quarkus 13 https://github.com/wagtail/wagtail 12 https://github.com/laurent22/joplin 12 https://github.com/aio-libs/aiohttp 12 https://github.com/apache/kylin 12 https://github.com/centreon/centreon-archived 12 https://github.com/pimcore/admin-ui-classic-bundle 12 https://github.com/surrealdb/surrealdb 12 https://github.com/puma/puma 12 https://github.com/1Panel-dev/1Panel 12 https://github.com/patriksimek/vm2 12 https://github.com/openfga/openfga 12 https://github.com/containers/podman 12 https://github.com/smarty-php/smarty 12 https://github.com/urllib3/urllib3 12 https://github.com/opencontainers/runc 12 https://github.com/cakephp/cakephp 11 https://github.com/onionshare/onionshare 11 https://github.com/janeczku/calibre-web 11 https://github.com/dpgaspar/Flask-AppBuilder 11 https://github.com/WWBN/AVideo 11 https://github.com/Studio-42/elFinder 11 https://github.com/scrapy/scrapy 11 https://github.com/owen2345/camaleon-cms 11 https://github.com/igniterealtime/Openfire 11 https://github.com/top-think/framework 11 https://github.com/cloudflare/cfrpki 11 https://github.com/pomerium/pomerium 11 https://github.com/NodeBB/NodeBB 11 https://github.com/drupal/core 11 https://github.com/vaadin/flow 11 https://github.com/nats-io/nats-server 11 https://github.com/ezsystems/ezpublish-kernel 11 https://github.com/openstack/glance 11 https://github.com/Sylius/Sylius 11 https://github.com/yiisoft/yii2 11 https://github.com/thorsten/phpMyFAQ 11 https://github.com/phusion/passenger 10 https://github.com/jupyter/notebook 10 https://github.com/zopefoundation/Zope 10 https://github.com/matrix-org/matrix-js-sdk 10 https://github.com/dolibarr/dolibarr 10 https://github.com/spring-projects/spring-security 10 https://github.com/nextauthjs/next-auth 10 https://github.com/jenkinsci/git-plugin 10 https://github.com/funadmin/funadmin 10 https://github.com/greenpau/caddy-security 10 https://github.com/getsentry/sentry 10 https://github.com/keystonejs/keystone 10