Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories

Loading...
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTRmZnEtNmc2Mi1qNHY0
Cross-Site Request Forgery in the Jenkins Claim plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:claim
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWg2cXYtZjVnZi04Z2Nm
Missing Authorization in Jenkins P4 plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:p4
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTU1NTctajg3aC1jdmY0
Missing Authorization in jenkins xray-connector
Ecosystems: maven
Packages: org.jenkins-ci.plugins:xray-connector
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXc1cmgtajRnMy1qcjI5
Missing Authorization in Jenkins S3 publisher Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:s3
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWZ2ZmMtOHBxci13anB2
Missing Authorization in Jenkins S3 publisher Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:s3
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJydmctMmM2OS1wOXJm
CSRF vulnerability in Jenkins Xray - Test Management for Jira Plugin allows capturing credentials
Ecosystems: maven
Packages: org.jenkins-ci.plugins:xray-connector
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWp3aG0tOWNqbS00NDkz
Cross-site Scripting in Jenkins Dashboard View Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:dashboard-view
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWdjaHEtOXI2OC02and2
Cross-Site Request Forgery in Jenkins Credentials Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:credentials
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJ4N3YtdzJtdi1mM3J4
Improper Authentication in Atlassian Connect Spring Boot
Ecosystems: maven
Packages: com.atlassian.connect:atlassian-connect-spring-boot
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTY3ZjYtYzhteC00cTJt
Uncontrolled Resource Consumption in JPA Server in HAPI FHIR
Ecosystems: maven
Packages: ca.uhn.hapi.fhir:hapi-fhir-jpaserver-base
Source: GitHub Advisory Database
Blast Radius: 12.6
Published: about 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXAycnAtY21qcS1yN3dt
Shell command injection in Apache Syncope
Ecosystems: maven
Packages: org.apache.syncope:syncope
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 3 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZqcXctcjN3dy13ajJ3
Expression Language Injection in Apache Syncope
Ecosystems: maven
Packages: org.apache.syncope:syncope-core
Source: GitHub Advisory Database
Blast Radius: 9.4
Published: about 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTR3NHAteHdyci05Y3Jo
Injection in Apache Syncope
Ecosystems: maven
Packages: org.apache.syncope:syncope-core
Source: GitHub Advisory Database
Blast Radius: 9.4
Published: about 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJtN2YtbXBjai13NGY2
Command injection in Apache Unomi
Ecosystems: maven
Packages: org.apache.unomi:unomi
Source: GitHub Advisory Database
Blast Radius: 5.2
Published: about 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXhyZzktd3dycS14bXg5
Missing Authorization in Jenkins Kubernetes CLI Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:kubernetes-cli
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLThoNzctM3h3ci1ocWho
Cross-site scripting in Jenkins Kiuwan Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:kiuwanJenkinsPlugin
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 3 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXdwaDMtNDRyai05MnBy
elFinder before 2.1.59 contains multiple vulnerabilities leading to RCE
Ecosystems: packagist
Packages: studio-42/elfinder
Source: GitHub Advisory Database
Blast Radius: 30.7
Published: about 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWdjOWctNjdjcS1wN3Y0
Server-Side Request Forgery in Plone
Ecosystems: pypi
Packages: Plone
Source: GitHub Advisory Database
Blast Radius: 6.3
Published: about 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTRtZzQtd3ZteC01MzMy
Server-Side Request Forgery in Plone
Ecosystems: pypi
Packages: Plone
Source: GitHub Advisory Database
Blast Radius: 3.6
Published: about 3 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWhtMnAtZmh3eC05Mjg1
Incorrect Permission Assignment for Critical Resource in Plone
Ecosystems: pypi
Packages: Plone
Source: GitHub Advisory Database
Blast Radius: 8.5
Published: about 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTk2Mm0tbThqdy04d3Jy
Path Traversal in Zope
Ecosystems: pypi
Packages: Zope
Source: GitHub Advisory Database
Blast Radius: 18.1
Published: about 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXI2aDctNXBxMi1qNzdo
Insufficiently random values in Ansible
Ecosystems: pypi
Packages: ansible
Source: GitHub Advisory Database
Blast Radius: 20.8
Published: about 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWY2bXEtNW0yNS00cjcy
go.mongodb.org/mongo-driver improperly validates cstrings when marshalling Go objects into BSON
Ecosystems: go
Packages: go.mongodb.org/mongo-driver
Source: GitHub Advisory Database
Blast Radius: 31.0
Published: about 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTI5cWotcnZ2Ni1xcm12
Cross-site scripting in RESTEasy
Ecosystems: maven
Packages: org.jboss.resteasy:resteasy-core, org.jboss.resteasy:resteasy-bom
Source: GitHub Advisory Database
Blast Radius: 13.8
Published: about 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTVoMjYtYzc2Ni1nOTN2
Cross-Site Scripting
Ecosystems: maven
Packages: org.jboss.resteasy:resteasy-core, org.jboss.resteasy:resteasy-bom
Source: GitHub Advisory Database
Blast Radius: 15.6
Published: about 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXBqYzQtM3c5OS1qN3Y0
Open redirect in Flask-Unchained
Ecosystems: pypi
Packages: Flask-Unchained
Source: GitHub Advisory Database
Blast Radius: 7.9
Published: about 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWZnM2otcTU3OS12OHg0
Uncontrolled memory consumption
Ecosystems: maven
Packages: org.apache.pdfbox:pdfbox-parent, org.apache.pdfbox:pdfbox
Source: GitHub Advisory Database
Blast Radius: 21.9
Published: about 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTdncnctNnBqaC1qcGM5
Infinite Loop in Apache PDFBox
Ecosystems: maven
Packages: org.apache.pdfbox:pdfbox-parent, org.apache.pdfbox:pdfbox
Source: GitHub Advisory Database
Blast Radius: 21.9
Published: about 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXFtNTgtY3Z2bS1jNXFy
elFinder unsafe upload filtering leading to remote code execution
Ecosystems: packagist
Packages: studio-42/elfinder
Source: GitHub Advisory Database
Blast Radius: 25.4
Published: about 3 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTh3d2YtMjY0NC1mOHg0
The Fuck Arbitrary File Deletion via Path Traversal
Ecosystems: pypi
Packages: thefuck
Source: GitHub Advisory Database
Blast Radius: 18.7
Published: about 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLThjaDQtNThxcC1nM21w
Observable Timing Discrepancy in aaugustin websockets library
Ecosystems: pypi
Packages: websockets
Source: GitHub Advisory Database
Blast Radius: 26.4
Published: about 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTM5cTQtcDUzNS1jODUy
Uncontrolled Resource Consumption in locutus
Ecosystems: npm
Packages: locutus
Source: GitHub Advisory Database
Blast Radius: 27.7
Published: about 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJtdzUteHBnOS1qcjI5
Use of Cryptographically Weak Pseudo-Random Number Generator in Rclone
Ecosystems: go
Packages: github.com/rclone/rclone
Source: GitHub Advisory Database
Blast Radius: 12.3
Published: about 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWdmZjMtNzM5Yy1neGZx
Reflected cross-site scripting issue in Datasette
Ecosystems: pypi
Packages: datasette
Source: GitHub Advisory Database
Blast Radius: 17.7
Published: about 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTV2cTUtcGczci05cGgz
Path Traversal in Zope
Ecosystems: pypi
Packages: Zope
Source: GitHub Advisory Database
Blast Radius: 18.1
Published: about 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW1nMmctOHB3ai1yMmoy
Authentication bypass in SilverStripe GraphQL
Ecosystems: packagist
Packages: silverstripe/graphql
Source: GitHub Advisory Database
Blast Radius: 15.5
Published: about 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXA5OXYtNXczYy1qcXE5
Django Access Control Bypass possibly leading to SSRF, RFI, and LFI attacks
Ecosystems: pypi
Packages: django
Source: GitHub Advisory Database
Blast Radius: 38.0
Published: about 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTY4dzgtcWpxMy0yZ2Zt
Path Traversal in Django
Ecosystems: pypi
Packages: django
Source: GitHub Advisory Database
Blast Radius: 24.8
Published: about 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWYycnAtNHJ2Ny1mYzk1
Exposure of Sensitive Information to an Unauthorized Actor in foreman_fog_proxmox
Ecosystems: rubygems
Packages: foreman_fog_proxmox
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLThoMmotY2d4OC02eHY3
Cross-Site Request Forgery (CSRF) in FastAPI
Ecosystems: pypi
Packages: fastapi
Source: GitHub Advisory Database
Blast Radius: 38.0
Published: about 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWd3Y3ItajR3aC1qM2Nx
Jetty Utility Servlets ConcatServlet Double Decoding Information Disclosure Vulnerability
Ecosystems: maven
Packages: org.eclipse.jetty:jetty-servlets
Source: GitHub Advisory Database
Blast Radius: 20.8
Published: about 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWdwdnYtNjlqNy1nd2o4
Path Traversal in pip
Ecosystems: pypi
Packages: pip
Source: GitHub Advisory Database
Blast Radius: 34.1
Published: about 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZtOHAteDRxdy1naDVq
Insufficient Session Expiration in OpenStack Keystone
Ecosystems: pypi
Packages: keystone
Source: GitHub Advisory Database
Blast Radius: 13.8
Published: about 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXFtNTctdmhxMy0zZndm
Header injection possible in Django
Ecosystems: pypi
Packages: Django
Source: GitHub Advisory Database
Blast Radius: 30.9
Published: about 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJtcHYtcmNwNi12OHdj
Cross-site scripting in Plone
Ecosystems: pypi
Packages: Plone
Source: GitHub Advisory Database
Blast Radius: 4.6
Published: about 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWhtMmgtZjQ1Ni02ajg4
Cross-site scripting in Plone
Ecosystems: pypi
Packages: Plone
Source: GitHub Advisory Database
Blast Radius: 4.6
Published: about 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWZqNjctdzNtNC1yZm1w
Cross-site scripting in Plone
Ecosystems: pypi
Packages: Plone
Source: GitHub Advisory Database
Blast Radius: 4.6
Published: about 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJmaHItNjJ4cC0yZnAy
Open Redirect in trailing-slash
Ecosystems: npm
Packages: trailing-slash
Source: GitHub Advisory Database
Blast Radius: 3.3
Published: about 3 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW1oODItNTVjbS02Z2Zo
Prototype pollution vulnerability in js-extend
Ecosystems: npm
Packages: js-extend
Source: GitHub Advisory Database
Blast Radius: 32.6
Published: about 3 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWZnNXctdzk5Zi1yajZ3
Command Injection in @ronomon/opened
Ecosystems: npm
Packages: @ronomon/opened
Source: GitHub Advisory Database
Blast Radius: 4.7
Published: about 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXB4NGgteGczMi1xOTU1
ReDoS in normalize-url
Ecosystems: npm
Packages: normalize-url
Source: GitHub Advisory Database
Blast Radius: 48.9
Published: about 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJjcDQtam0ydi1tcjNm
Cross-site scripting in Shopizer
Ecosystems: maven
Packages: com.shopizer:shopizer
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTM3OHAtaHJxMy14NHAz
Cross-site scripting in Shopizer
Ecosystems: maven
Packages: com.shopizer:shopizer
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTU3djQtbTlqeC1taDhy
Improper Input Validation
Ecosystems: go
Packages: github.com/ovn-org/ovn-kubernetes
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 3 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXE2dzItODlocS1ocTI3
keycloak Self Stored Cross-site Scripting vulnerability
Ecosystems: maven
Packages: org.keycloak:keycloak-core
Source: GitHub Advisory Database
Blast Radius: 29.7
Published: about 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTk2OTktZ203Zi1jbWp2
Unsynchronized Access to Shared Data in a Multithreaded Context in RESTEasy
Ecosystems: maven
Packages: org.jboss.resteasy:resteasy-bom
Source: GitHub Advisory Database
Blast Radius: 10.8
Published: about 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWM3MzgtNzd4OC13bXE1
Uncontrolled Resource Consumption in XNIO
Ecosystems: maven
Packages: org.jboss.xnio:xnio-nio
Source: GitHub Advisory Database
Blast Radius: 18.7
Published: about 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXI1bWYtcTc2cS1mMnhx
Cross-site scripting in Centreon
Ecosystems: packagist
Packages: centreon/centreon
Source: GitHub Advisory Database
Blast Radius: 2.6
Published: about 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTdyZzQtMjY2Yy1qcXc2
Predictable CSRF tokens in centreon/centreon
Ecosystems: packagist
Packages: centreon/centreon
Source: GitHub Advisory Database
Blast Radius: 3.1
Published: about 3 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWdjNDUtajNtNS04cWZx
Server-Side Request Forgery in Feehi CMS
Ecosystems: packagist
Packages: feehi/cms
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTV2NWgtNHcyZy1neHhj
SQL Injection in t3/dce
Ecosystems: packagist
Packages: t3/dce
Source: GitHub Advisory Database
Blast Radius: 3.6
Published: about 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWd4Y20tMzZxdy1qMjl2
SQL Injection in tribalsystems/zenario
Ecosystems: packagist
Packages: tribalsystems/zenario
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXhweG0tcGY3Zy0yNTM0
Cross-site scripting in media2click
Ecosystems: packagist
Packages: amazing/media2click
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLThoY20tamo0eC00Z21y
reflected XSS in tribalsystems/zenario
Ecosystems: packagist
Packages: tribalsystems/zenario
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 3 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXh4OGYtcWY5Zi01Zmd3
Remote code execution in zendframework and laminas-http
Ecosystems: packagist
Packages: laminas/laminas-http, zendframework/zendframework
Source: GitHub Advisory Database
Blast Radius: 38.2
Published: about 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXY5dzgtaHE5Mi12Mzlt
Cross-site Scripting (XSS) in baserCMS
Ecosystems: packagist
Packages: baserproject/basercms
Source: GitHub Advisory Database
Blast Radius: 3.3
Published: about 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWczOXEtZjRybS04NXg0
OS Command Injection in baserCMS
Ecosystems: packagist
Packages: baserproject/basercms
Source: GitHub Advisory Database
Blast Radius: 4.3
Published: about 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTI0cDUteDlmOS12dnB4
Cross-site Scripting (XSS) in baserCMS
Ecosystems: packagist
Packages: baserproject/basercms
Source: GitHub Advisory Database
Blast Radius: 3.3
Published: about 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW12NTUtMjN4cC0zd3A4
Access control flaw in Kiali
Ecosystems: go
Packages: github.com/kiali/kiali
Source: GitHub Advisory Database
Blast Radius: 8.4
Published: about 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLThmeGMtcW02NS12cHhn
Temporary urls leaked via logging
Ecosystems: pypi
Packages: swift
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXA5Y2YtcWp4cS12eHc2
Privilege Context Switching Error in wildlfy
Ecosystems: maven
Packages: org.wildfly.bom:wildfly
Source: GitHub Advisory Database
Blast Radius: 3.3
Published: about 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTM4ajktN3BwOS0yaGp3
Invalid session token expiration
Ecosystems: go
Packages: github.com/hashicorp/vault
Source: GitHub Advisory Database
Blast Radius: 24.9
Published: about 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXE1aHEtZnA3Ni1xbXJj
Uncontrolled Resource Consumption in Pillow
Ecosystems: pypi
Packages: Pillow
Source: GitHub Advisory Database
Blast Radius: 37.1
Published: about 3 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJ3djctM3Y0NS1oZzI5
Out-of-bounds Read
Ecosystems: pypi
Packages: Pillow
Source: GitHub Advisory Database
Blast Radius: 45.0
Published: about 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWhqZngtOHA2Yy1nN2d4
Insufficient Verification of Data Authenticity in Pillow
Ecosystems: pypi
Packages: Pillow
Source: GitHub Advisory Database
Blast Radius: 27.2
Published: about 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWc2cmotcnY3ai14d3A0
Pillow Denial of service
Ecosystems: pypi
Packages: Pillow
Source: GitHub Advisory Database
Blast Radius: 27.2
Published: about 3 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTc3Z2MtdjJ4di1ydnZo
Out-of-bounds Read in Pillow
Ecosystems: pypi
Packages: Pillow
Source: GitHub Advisory Database
Blast Radius: 45.0
Published: about 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTdyN20tNWgyNy0yOWhw
Potential infinite loop in Pillow
Ecosystems: pypi
Packages: Pillow
Source: GitHub Advisory Database
Blast Radius: 37.1
Published: about 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWp4Y2MtZzc1eC1xZ3c5
Calipso Arbitrary File Write via Archive Extraction (Zip Slip)
Ecosystems: npm
Packages: calipso
Source: GitHub Advisory Database
Blast Radius: 2.2
Published: about 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTQ5cTMtODg2Ny01d21w
Remote Command Execution in reg-keygen-git-hash-plugin
Ecosystems: npm
Packages: reg-keygen-git-hash-plugin
Source: GitHub Advisory Database
Blast Radius: 17.4
Published: about 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJwY2ctZjlxNi0ybXE2
Remote Code Execution via traversal in TAL expressions
Ecosystems: pypi
Packages: Zope
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 3 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWh4N2otNDN3Mi03cmo3
Prototype pollution in nconf-toml
Ecosystems: npm
Packages: nconf-toml
Source: GitHub Advisory Database
Blast Radius: 6.8
Published: about 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXE4cGotMnZxeC04Z2dj
Denial of service in css-what
Ecosystems: npm
Packages: css-what
Source: GitHub Advisory Database
Blast Radius: 48.6
Published: about 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTdwN2gtNG1tNS04NTJ2
Uncontrolled Resource Consumption in trim-newlines
Ecosystems: npm
Packages: trim-newlines
Source: GitHub Advisory Database
Blast Radius: 46.0
Published: about 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWM1NmYtZ3J2My1ncGZy
Regular expression denial of service in forms
Ecosystems: npm
Packages: forms
Source: GitHub Advisory Database
Blast Radius: 13.6
Published: about 3 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXI2cmotOWNoNi1nMjY0
Prototype pollution in Merge-deep
Ecosystems: npm
Packages: merge-deep
Source: GitHub Advisory Database
Blast Radius: 58.5
Published: about 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXd3MzktOTUzdi13Y3E2
glob-parent vulnerable to Regular Expression Denial of Service in enclosure regex
Ecosystems: npm
Packages: glob-parent
Source: GitHub Advisory Database
Blast Radius: 28.7
Published: about 3 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW03cmctOHd2cS04NDZ2
Prototype pollution in nestie
Ecosystems: npm
Packages: nestie
Source: GitHub Advisory Database
Blast Radius: 3.0
Published: about 3 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTVxanEtNjl3Ni1mZzU3
XSS vulnerability with translator
Ecosystems: packagist
Packages: flarum/core
Source: GitHub Advisory Database
Blast Radius: 31.1
Published: about 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXh3N2Mtang5bS14aDVn
Reflected cross-site scripting issue in Datasette
Ecosystems: pypi
Packages: datasette
Source: GitHub Advisory Database
Blast Radius: 17.7
Published: about 3 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZtZmctcmpqbS1yanJq
QOS.ch Logback vulnerable to Deserialization of Untrusted Data
Ecosystems: maven
Packages: ch.qos.logback:logback-core, ch.qos.logback:logback-classic
Source: GitHub Advisory Database
Blast Radius: 50.6
Published: about 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWZ2eDgtdjUyNC04NTc5
django-celery-results Stores Sensitive Information In Cleartext
Ecosystems: pypi
Packages: django-celery-results
Source: GitHub Advisory Database
Blast Radius: 26.3
Published: about 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJ2d2YtNTRxcC00cjZ2
SnakeYAML Entity Expansion during load operation
Ecosystems: maven
Packages: org.yaml:snakeyaml
Source: GitHub Advisory Database
Blast Radius: 33.1
Published: about 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJtcm0tNzVocC1waHIy
Improper Input Validation in Hibernate Validator
Ecosystems: maven
Packages: org.hibernate.validator:hibernate-validator
Source: GitHub Advisory Database
Blast Radius: 23.9
Published: about 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJ4anAtbWZtOS13NHdy
Path Traversal in Django
Ecosystems: pypi
Packages: Django
Source: GitHub Advisory Database
Blast Radius: 38.0
Published: about 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWpyM2otd2htNC05d3dt
Reflected XSS when using flashMessages or languageDictionary
Ecosystems: npm
Packages: auth0-lock
Source: GitHub Advisory Database
Blast Radius: 24.7
Published: about 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXB3aGYtMzl4Zy00cnh3
Script injection
Ecosystems: npm
Packages: @backstage/techdocs-common
Source: GitHub Advisory Database
Blast Radius: 12.9
Published: about 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWdnOTYtZjh3ci1wODlm
Script injection
Ecosystems: npm
Packages: @backstage/plugin-techdocs
Source: GitHub Advisory Database
Blast Radius: 17.8
Published: about 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXBnZjgtMjhnZy12cHI2
Path traversal
Ecosystems: npm
Packages: @backstage/techdocs-common
Source: GitHub Advisory Database
Blast Radius: 12.3
Published: about 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWhyMzItbWdwbS1xZjJm
Generation of Error Message Containing Sensitive Information in RESTEasy client
Ecosystems: maven
Packages: org.jboss.resteasy:resteasy-client-microprofile, org.jboss.resteasy:resteasy-client
Source: GitHub Advisory Database
Blast Radius: 20.1
Published: about 3 years ago
Statistics
Advisories: 19,557
Packages: 8,629
Repositories: 5,243
Ecosystems: 12
Filter by Package
tensorflow 432 tensorflow-cpu 387 tensorflow-gpu 384 moodle/moodle 342 Microsoft.ChakraCore 247 magento/community-edition 204 org.jenkins-ci.main:jenkins-core 189 typo3/cms 174 org.apache.tomcat:tomcat 133 pimcore/pimcore 117 dolibarr/dolibarr 111 typo3/cms-core 106 phpmyadmin/phpmyadmin 92 drupal/core 91 microweber/microweber 91 silverstripe/framework 85 apache-airflow 82 django 80 drupal/drupal 76 thorsten/phpmyfaq 70 com.fasterxml.jackson.core:jackson-databind 69 symfony/symfony 64 ansible 63 github.com/usememos/memos 59 actionpack 58 org.apache.struts:struts2-core 55 salt 55 librenms/librenms 54 concrete5/concrete5 52 Plone 52 apache-superset 51 shopware/platform 48 nova 47 org.keycloak:keycloak-core 47 mlflow 46 com.liferay.portal:release.portal.bom 45 github.com/grafana/grafana 45 plone 43 nokogiri 43 baserproject/basercms 43 rdiffweb 42 craftcms/cms 41 Pillow 41 showdoc/showdoc 40 intelliants/subrion 39 vyper 38 github.com/mattermost/mattermost/server/v8 38 github.com/mattermost/mattermost-server/v6 37 froxlor/froxlor 37 org.apache.tomcat.embed:tomcat-embed-core 37 nilsteampassnet/teampass 37 shopware/core 36 com.jfinal:jfinal 36 Django 36 com.thoughtworks.xstream:xstream 36 moin 35 org.xwiki.platform:xwiki-platform-oldcore 35 matrix-synapse 35 net.mingsoft:ms-mcms 35 github.com/answerdev/answer 34 zendframework/zendframework1 34 k8s.io/kubernetes 34 org.elasticsearch:elasticsearch 34 snipe/snipe-it 33 org.jenkins-ci.plugins:script-security 32 github.com/argoproj/argo-cd 32 keystone 31 github.com/rancher/rancher 31 org.keycloak:keycloak-services 31 opencv-python 30 io.undertow:undertow-core 30 parse-server 30 github.com/hashicorp/vault 30 opencv-contrib-python 30 mautic/core 30 shopware/shopware 30 getgrav/grav 29 github.com/docker/docker 28 centreon/centreon 27 github.com/argoproj/argo-cd/v2 26 github.com/hashicorp/consul 26 openssl-src 26 github.com/hashicorp/nomad 26 prestashop/prestashop 26 electron 26 org.apache.solr:solr-core 25 rubygems-update 25 org.keycloak:keycloak-parent 25 magento/core 24 gogs.io/gogs 24 mediawiki/core 24 puppet 23 pocketmine/pocketmine-mp 23 simplesamlphp/simplesamlphp 23 zendframework/zendframework 23 rack 23 remdex/livehelperchat 23 org.eclipse.jetty:jetty-server 23 grumpydictator/firefly-iii 23 org.springframework.security:spring-security-core 23 org.bouncycastle:bcprov-jdk14 22 ckb 22 getkirby/cms 22 org.apache.nifi:nifi 22 org.apache.openmeetings:openmeetings-parent 21 directus 21 github.com/cilium/cilium 21 activerecord 21 contao/core-bundle 21 @openzeppelin/contracts-upgradeable 21 @openzeppelin/contracts 20 org.cloudfoundry.identity:cloudfoundry-identity-server 20 github.com/ethereum/go-ethereum 20 glance 20 tribalsystems/zenario 20 Microsoft.AspNetCore.App.Runtime.win-x64 19 Microsoft.AspNetCore.App.Runtime.win-x86 19 DotNetNuke.Core 19 laravel/framework 19 org.springframework:spring-core 19 code.gitea.io/gitea 19 langchain 19 Microsoft.AspNetCore.App.Runtime.win-arm 18 gradio 18 forkcms/forkcms 18 com.vaadin:vaadin-bom 18 cockpit-hq/cockpit 18 golang.org/x/net 18 com.liferay.portal:release.dxp.bom 18 contao/contao 18 Microsoft.AspNetCore.App.Runtime.linux-arm 17 mercurial 17 symfony/security 17 topthink/framework 17 github.com/goharbor/harbor 17 genix/cms 17 PaddlePaddle 17 org.apache.geode:geode-core 17 ezsystems/ezpublish-kernel 17 github.com/traefik/traefik/v2 17 helm.sh/helm/v3 17 org.xwiki.platform:xwiki-platform-web-templates 17 opencart/opencart 17 Microsoft.AspNetCore.App.Runtime.linux-arm64 17 cakephp/cakephp 17 Microsoft.AspNetCore.App.Runtime.linux-musl-x64 17 Microsoft.AspNetCore.App.Runtime.linux-x64 17 Microsoft.AspNetCore.App.Runtime.osx-x64 17 cobbler 17 francoisjacquet/rosariosis 17 yetiforce/yetiforce-crm 16 org.apache.activemq:activemq-client 16 org.bouncycastle:bcprov-jdk15 16 wasmtime 16 pillow 16 sequelize 16 org.apache.dubbo:dubbo 16 tinymce 16 org.apache.jspwiki:jspwiki-main 16 neutron 16 rusqlite 16 next 16 Microsoft.AspNetCore.App.Runtime.linux-musl-arm64 16 Microsoft.AspNetCore.App.Runtime.win-arm64 16 paddlepaddle 15 cryptography 15 openmage/magento-lts 15 notebook 15 smarty/smarty 15 org.apache.struts.xwork:xwork-core 15 ec-cube/ec-cube 15 october/system 15 pyftpdlib 14 github.com/containerd/containerd 14 symfony/security-http 14 org.xwiki.platform:xwiki-platform-web 14 pyload-ng 14 silverstripe/cms 14 ghost 14 swagger-ui 14 typo3/cms-backend 14 publify_core 14 org.apache.inlong:manager-pojo 14 modoboa 14 github.com/nats-io/nats-server/v2 14 activesupport 14 phpmailer/phpmailer 14 org.apache.cxf:cxf 13 undici 13 joplin 13 ethyca-fides 13 passenger 13 org.apache.hadoop:hadoop-main 13 vantage6 13 elefant/cms 13 deno 13 impresscms/impresscms 13 codeigniter4/framework 13 lavalite/cms 13 OctoPrint 13
Filter by Repository
https://github.com/tensorflow/tensorflow 432 https://github.com/moodle/moodle 214 https://github.com/chakra-core/ChakraCore 214 https://github.com/xwiki/xwiki-platform 174 https://github.com/jenkinsci/jenkins 148 https://github.com/pimcore/pimcore 112 https://github.com/django/django 107 https://github.com/apache/tomcat 97 https://github.com/apache/airflow 94 https://github.com/microweber/microweber 85 https://github.com/TYPO3/typo3 72 https://github.com/FasterXML/jackson-databind 70 https://github.com/thorsten/phpmyfaq 69 https://github.com/keycloak/keycloak 65 https://github.com/silverstripe/silverstripe-framework 64 https://github.com/usememos/memos 59 https://github.com/symfony/symfony 57 https://github.com/Dolibarr/dolibarr 56 https://github.com/rails/rails 55 https://github.com/ansible/ansible 53 https://github.com/python-pillow/Pillow 52 https://github.com/kubernetes/kubernetes 50 https://github.com/apache/struts 46 https://github.com/librenms/librenms 46 https://github.com/shopware/platform 43 https://github.com/ikus060/rdiffweb 42 https://github.com/spring-projects/spring-framework 41 https://github.com/argoproj/argo-cd 41 https://github.com/grafana/grafana 39 https://github.com/phpmyadmin/phpmyadmin 38 https://github.com/vyperlang/vyper 38 https://github.com/star7th/showdoc 38 https://github.com/plone/Products.CMFPlone 37 https://github.com/openstack/nova 37 https://github.com/x-stream/xstream 36 https://github.com/octobercms/october 35 https://github.com/concretecms/concretecms 34 https://github.com/answerdev/answer 34 https://github.com/saltstack/salt 34 https://github.com/apache/activemq 33 https://github.com/matrix-org/synapse 32 https://github.com/magento/magento2 32 https://github.com/sparklemotion/nokogiri 32 https://github.com/PaddlePaddle/Paddle 31 https://github.com/go-gitea/gitea 31 https://github.com/parse-community/parse-server 30 https://github.com/craftcms/cms 29 https://github.com/mlflow/mlflow 29 https://github.com/snipe/snipe-it 29 https://github.com/openstack/keystone 28 https://github.com/rancher/rancher 28 https://github.com/CVEProject/cvelist 28 https://github.com/mautic/mautic 28 https://github.com/opencv/opencv 28 https://github.com/dotnet/runtime 27 https://github.com/apache/inlong 26 https://github.com/froxlor/froxlor 26 https://github.com/electron/electron 25 https://github.com/strapi/strapi 24 https://github.com/getgrav/grav 24 https://github.com/gogs/gogs 24 https://github.com/TYPO3/TYPO3.CMS 24 https://github.com/shopware/shopware 24 https://github.com/github/advisory-database 23 https://github.com/pmmp/PocketMine-MP 23 https://github.com/eclipse/jetty.project 23 https://github.com/livehelperchat/livehelperchat 23 https://github.com/firefly-iii/firefly-iii 23 https://github.com/directus/directus 22 https://github.com/contao/contao 22 https://github.com/apache/nifi 22 https://github.com/PrestaShop/PrestaShop 22 https://github.com/baserproject/basercms 22 https://github.com/nervosnetwork/ckb 22 https://github.com/jenkinsci/script-security-plugin 21 https://github.com/apache/cxf 21 https://github.com/cilium/cilium 21 https://github.com/netty/netty 20 https://github.com/OpenZeppelin/openzeppelin-contracts 20 https://github.com/simplesamlphp/simplesamlphp 20 https://github.com/jeecgboot/jeecg-boot 20 https://github.com/OpenNMS/opennms 20 https://github.com/nilsteampassnet/teampass 19 https://github.com/bcgit/bc-java 19 https://github.com/hashicorp/consul 19 https://github.com/cloudfoundry/uaa 19 https://github.com/geoserver/geoserver 18 https://github.com/rack/rack 18 https://github.com/umbraco/Umbraco-CMS 18 https://github.com/helm/helm 18 https://github.com/rubygems/rubygems 18 https://github.com/intelliants/subrion 18 https://github.com/nilsteampassnet/TeamPass 18 https://github.com/getkirby/kirby 18 https://github.com/bytecodealliance/wasmtime 17 https://github.com/traefik/traefik 17 https://github.com/goharbor/harbor 17 https://github.com/langchain-ai/langchain 17 https://github.com/vaadin/platform 17 https://github.com/liufee/cms 17 https://github.com/ethereum/go-ethereum 16 https://github.com/rusqlite/rusqlite 16 https://github.com/sequelize/sequelize 16 https://github.com/tinymce/tinymce 16 https://github.com/opencast/opencast 16 https://github.com/TYPO3-CMS/core 16 https://github.com/yetiforcecompany/yetiforcecrm 16 https://github.com/moby/moby 16 https://github.com/etcd-io/etcd 16 https://github.com/gradio-app/gradio 16 https://github.com/hashicorp/vault 16 https://github.com/forkcms/forkcms 16 https://github.com/vantage6/vantage6 15 https://github.com/PHPMailer/PHPMailer 15 https://github.com/laravel/framework 15 https://github.com/denoland/deno 15 https://github.com/centreon/centreon 15 https://github.com/OpenMage/magento-lts 15 https://github.com/zendframework/zendframework 15 https://github.com/puppetlabs/puppet 15 https://github.com/apache/camel 15 https://github.com/pyca/cryptography 14 https://github.com/cockpit-hq/cockpit 14 https://github.com/cobbler/cobbler 14 https://github.com/mattermost/mattermost 14 https://github.com/containerd/containerd 14 https://github.com/pyload/pyload 14 https://github.com/publify/publify 13 https://github.com/xuxueli/xxl-job 13 https://github.com/ming-soft/MCMS 13 https://github.com/dromara/hutool 13 https://github.com/dompdf/dompdf 13 https://github.com/swagger-api/swagger-ui 13 https://github.com/golang/go 13 https://github.com/hashicorp/nomad 13 https://github.com/nodejs/undici 13 https://github.com/quarkusio/quarkus 13 https://github.com/modoboa/modoboa 13 https://github.com/ethyca/fides 13 https://github.com/undertow-io/undertow 13 https://github.com/centreon/centreon-archived 12 https://github.com/TryGhost/Ghost 12 https://github.com/patriksimek/vm2 12 https://github.com/apache/kylin 12 https://github.com/laurent22/joplin 12 https://github.com/apache/dolphinscheduler 12 https://github.com/backstage/backstage 12 https://github.com/dotnet/aspnetcore 12 https://github.com/urllib3/urllib3 12 https://github.com/smarty-php/smarty 12 https://github.com/wagtail/wagtail 12 https://github.com/zitadel/zitadel 12 https://github.com/1Panel-dev/1Panel 12 https://github.com/twisted/twisted 12 https://github.com/ckeditor/ckeditor4 12 https://github.com/vercel/next.js 12 https://github.com/opencontainers/runc 11 https://github.com/OPCFoundation/UA-.NETStandard 11 https://github.com/scrapy/scrapy 11 https://github.com/openstack/glance 11 https://github.com/WWBN/AVideo 11 https://github.com/pimcore/admin-ui-classic-bundle 11 https://github.com/ezsystems/ezpublish-kernel 11 https://github.com/onionshare/onionshare 11 https://github.com/puma/puma 11 https://github.com/janeczku/calibre-web 11 https://github.com/top-think/framework 11 https://github.com/containers/podman 11 https://github.com/decidim/decidim 11 https://github.com/igniterealtime/Openfire 11 https://github.com/openfga/openfga 11 https://github.com/nats-io/nats-server 11 https://github.com/aio-libs/aiohttp 11 https://github.com/thorsten/phpMyFAQ 11 https://github.com/Sylius/Sylius 11 https://github.com/Studio-42/elFinder 11 https://github.com/cloudflare/cfrpki 11 https://github.com/NodeBB/NodeBB 11 https://github.com/yiisoft/yii2 11 https://github.com/cakephp/cakephp 11 https://github.com/drupal/core 11 https://github.com/vaadin/flow 11 https://github.com/apache/superset 10 https://github.com/nautobot/nautobot 10 https://github.com/DSpace/DSpace 10 https://github.com/greenpau/caddy-security 10 https://github.com/spring-projects/spring-security 10 https://github.com/codeigniter4/CodeIgniter4 10 https://github.com/nocodb/nocodb 10 https://github.com/nextauthjs/next-auth 10 https://github.com/dpgaspar/Flask-AppBuilder 10 https://github.com/cri-o/cri-o 10 https://github.com/dolibarr/dolibarr 10 https://github.com/jenkinsci/git-plugin 10 https://github.com/jquery/jquery 10 https://github.com/apache/zeppelin 10 https://github.com/jupyter/notebook 10 https://github.com/zenml-io/zenml 10 https://github.com/keystonejs/keystone 10