Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories

Browse all Security Advisories for

Loading...
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTk2NTItNzhocC13NThj
Stored cross-site scripting in PressBooks
Ecosystems: packagist
Packages: pressbooks/pressbooks
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTkyOTUtbWhmMy12MzNt
Insecure temporary file in Netflix OSS Hollow
Ecosystems: maven
Packages: com.netflix.hollow:hollow
Source: GitHub Advisory Database
Blast Radius: 4.7
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW12ZzkteGZmci1wNzc0
Out of bounds read in Pillow
Ecosystems: pypi
Packages: Pillow
Source: GitHub Advisory Database
Blast Radius: 37.1
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTloeDItaGdxMi0yZzRm
Regular Expression Denial of Service (ReDoS) in Pillow
Ecosystems: pypi
Packages: Pillow
Source: GitHub Advisory Database
Blast Radius: 32.2
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTh4anEtOGZjZy1nNWh3
Out-of-bounds Write in Pillow
Ecosystems: pypi
Packages: Pillow
Source: GitHub Advisory Database
Blast Radius: 37.1
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXA0M3ctZzNjNS1nNW1x
Out of bounds read in Pillow
Ecosystems: pypi
Packages: Pillow
Source: GitHub Advisory Database
Blast Radius: 37.1
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTU3aDMtOXJnci1jMjRt
Out of bounds write in Pillow
Ecosystems: pypi
Packages: Pillow
Source: GitHub Advisory Database
Blast Radius: 43.6
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXBxNjQtdjdmNS1ncWg4
Pygments vulnerable to Regular Expression Denial of Service (ReDoS)
Ecosystems: pypi
Packages: Pygments
Source: GitHub Advisory Database
Blast Radius: 36.4
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW1wdnctMjVtZy01OXZ4
Server-side Request Forgery (SSRF) via img tags in reportlab
Ecosystems: pypi
Packages: reportlab
Source: GitHub Advisory Database
Blast Radius: 26.9
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTUycDktdjc0NC1td2pq
Remote code execution in Kramdown
Ecosystems: rubygems
Packages: kramdown
Source: GitHub Advisory Database
Blast Radius: 55.7
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXA2cDgtcTRwai1mNzRt
Improper Certificate Validation in twitter-stream
Ecosystems: rubygems
Packages: twitter-stream
Source: GitHub Advisory Database
Blast Radius: 19.4
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWM0dzcteG03OC00N3Zo
Prototype Pollution in y18n
Ecosystems: npm
Packages: y18n
Source: GitHub Advisory Database
Blast Radius: 45.4
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWM1ZjgtMzVxci1xNGZt
HTML injection in email and account expiry notifications
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 8.6
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTI0NnctNTZtMi01ODk5
Cross-site scripting (XSS) vulnerability in the password reset endpoint
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 9.8
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJoM2gtdnc4ci04MnJw
Weak JSON Web Token in yapi-vendor
Ecosystems: npm
Packages: yapi-vendor
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLThxNTktcTY4aC02aHY0
Improper Input Validation in PyYAML
Ecosystems: pypi
Packages: PyYAML
Source: GitHub Advisory Database
Blast Radius: 49.9
Published: over 3 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLThtcmYtNjRmdy0yeDc1
Command injection in fs-path
Ecosystems: npm
Packages: fs-path
Source: GitHub Advisory Database
Blast Radius: 27.6
Published: over 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTVtZzgtdzIzdy03NGgz
Information Disclosure in Guava
Ecosystems: maven
Packages: com.google.guava:guava
Source: GitHub Advisory Database
Blast Radius: 17.6
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTUzN2gtcnY5cS12dnBo
Python-RSA decryption of ciphertext leads to DoS
Ecosystems: pypi
Packages: rsa
Source: GitHub Advisory Database
Blast Radius: 36.3
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZnd3ItNzczcS03ajNj
Path Traversal within joomla/archive zip class
Ecosystems: packagist
Packages: joomla/archive
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXhncGYtcDUyai1wZjdt
XSS in CreateQueuedJobTask
Ecosystems: packagist
Packages: symbiote/silverstripe-queuedjobs
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTc5cmctN212My1qcnI1
Rating Script Service expose XWiki to SQL injection
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-ratings-api
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXY2NjIteHBjYy05eGY2
It's possible to execute anything with the rights of the author of a macro which uses the {{wikimacrocontent}} macro
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-rendering-wikimacro-store
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWc0cmYtcGMyNi02aG1y
OMERO webclient does not validate URL redirects on login or switching group.
Ecosystems: pypi
Packages: omero-web
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWdmcDItdzVqbS05NTVx
OMERO.web exposes some unnecessary session information in the page
Ecosystems: pypi
Packages: omero-web
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXg3aGMteDdmbS1mN3Fo
Cross-Site Scripting in Content Preview (CType menu)
Ecosystems: packagist
Packages: typo3/cms, typo3/cms-core, typo3/cms-backend
Source: GitHub Advisory Database
Blast Radius: 19.4
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTRwOWctcWd4OS0zOTdw
Denial of Service in Page Error Handling
Ecosystems: packagist
Packages: typo3/cms, typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 19.7
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXg3OWotd2dxdi1nOGgy
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in typo3/cms-form
Ecosystems: packagist
Packages: typo3/cms, typo3/cms-core, typo3/cms-form
Source: GitHub Advisory Database
Blast Radius: 17.9
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTN2Zzctanc5bS1wYzNm
Broken Access Control in Form Framework
Ecosystems: packagist
Packages: typo3/cms, typo3/cms-core, typo3/cms-form
Source: GitHub Advisory Database
Blast Radius: 28.3
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJyNmotODYyYy1tMnYy
Unrestricted File Upload in Form Framework
Ecosystems: packagist
Packages: typo3/cms, typo3/cms-core, typo3/cms-form
Source: GitHub Advisory Database
Blast Radius: 28.7
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWZqaDMtZzhncS05cTky
Cross-Site Scripting in Content Preview
Ecosystems: packagist
Packages: typo3/cms, typo3/cms-core, typo3/cms-backend
Source: GitHub Advisory Database
Blast Radius: 19.4
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXF4M3ctNDg2NC05NGNo
Cleartext storage of session identifier
Ecosystems: packagist
Packages: typo3/cms, typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 21.2
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTRqaHctMnA2ai01d21w
Open Redirection in Login Handling
Ecosystems: packagist
Packages: typo3/cms, typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 21.9
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWhyY3AtOGYzcS00dzJj
XStream is vulnerable to an Arbitrary Code Execution attack
Ecosystems: maven
Packages: com.thoughtworks.xstream:xstream
Source: GitHub Advisory Database
Blast Radius: 23.8
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTQzZ2MtbWp4Zy1ndnJx
XStream is vulnerable to an Arbitrary Code Execution attack
Ecosystems: maven
Packages: com.thoughtworks.xstream:xstream
Source: GitHub Advisory Database
Blast Radius: 23.4
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWY2aG0tODh4My1tZmp2
A Server-Side Forgery Request can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host
Ecosystems: maven
Packages: com.thoughtworks.xstream:xstream
Source: GitHub Advisory Database
Blast Radius: 26.9
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTU2cDgtM2ZoOS00Y3Zx
XStream is vulnerable to an attack using Regular Expression for a Denial of Service (ReDos)
Ecosystems: maven
Packages: com.thoughtworks.xstream:xstream
Source: GitHub Advisory Database
Blast Radius: 23.4
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXFwZnEtcGg3ci1xdjZm
XStream is vulnerable to an Arbitrary Code Execution attack
Ecosystems: maven
Packages: com.thoughtworks.xstream:xstream
Source: GitHub Advisory Database
Blast Radius: 26.9
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTRocm0tbTY3di01Y3hy
XStream is vulnerable to an Arbitrary Code Execution attack
Ecosystems: maven
Packages: com.thoughtworks.xstream:xstream
Source: GitHub Advisory Database
Blast Radius: 26.9
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWh3cGMtOHhxdi1qdmo0
XStream is vulnerable to a Remote Command Execution attack
Ecosystems: maven
Packages: com.thoughtworks.xstream:xstream
Source: GitHub Advisory Database
Blast Radius: 25.6
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTU5anctanFmNC0zd3Ez
XStream is vulnerable to an Arbitrary Code Execution attack
Ecosystems: maven
Packages: com.thoughtworks.xstream:xstream
Source: GitHub Advisory Database
Blast Radius: 23.4
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTc0Y3YtZjU4eC1mOXdm
XStream is vulnerable to an Arbitrary File Deletion on the local host when unmarshalling as long as the executing process has sufficient rights
Ecosystems: maven
Packages: com.thoughtworks.xstream:xstream
Source: GitHub Advisory Database
Blast Radius: 23.4
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWh2djgtMzM2Zy1yeDNt
A Server-Side Forgery Request can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host
Ecosystems: maven
Packages: com.thoughtworks.xstream:xstream
Source: GitHub Advisory Database
Blast Radius: 23.4
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJwM3gtcXc5Yy0yNWho
XStream can cause a Denial of Service.
Ecosystems: maven
Packages: com.thoughtworks.xstream:xstream
Source: GitHub Advisory Database
Blast Radius: 33.0
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXF3d3ItcWMycC02Mjgz
Out-of-bounds write in libpng
Ecosystems: nuget
Packages: libpng
Source: GitHub Advisory Database
Blast Radius: 12.6
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWpxNHYtZjVxNi1tanFx
lxml vulnerable to Cross-Site Scripting
Ecosystems: pypi
Packages: lxml
Source: GitHub Advisory Database
Blast Radius: 30.9
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWZ4ODMtM3BoMy05ajJx
Cross-site Scripting (XSS) in Django REST Framework
Ecosystems: pypi
Packages: djangorestframework
Source: GitHub Advisory Database
Blast Radius: 31.4
Published: over 3 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTN3ajgtdnA5aC1ybTZt
total.js Remote Code Execution Vulnerability
Ecosystems: npm
Packages: total.js
Source: GitHub Advisory Database
Blast Radius: 20.3
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXY1NDItOHE5eC1jZmZj
Django Channels leakage of session identifiers using legacy AsgiHandler
Ecosystems: pypi
Packages: channels
Source: GitHub Advisory Database
Blast Radius: 28.6
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWczcnEtZzI5NS00ajNt
Regular Expression Denial of Service (ReDoS) in Jinja2
Ecosystems: pypi
Packages: jinja2
Source: GitHub Advisory Database
Blast Radius: 27.2
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTdyMjgtM20zZi1yMnBy
Regular Expression Denial of Service (ReDoS)
Ecosystems: npm
Packages: is-svg
Source: GitHub Advisory Database
Blast Radius: 47.0
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZ4M3AtOTQ4Zy02dmhx
Regular Expression Denial of Service (ReDoS)
Ecosystems: npm
Packages: ssri
Source: GitHub Advisory Database
Blast Radius: 44.8
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXhmaHAtZ21oOC1yOHYy
printf vulnerable to Regular Expression Denial of Service (ReDoS)
Ecosystems: npm
Packages: printf
Source: GitHub Advisory Database
Blast Radius: 32.0
Published: over 3 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTRydjktNXZjNC04OGNn
Command injection in node-ps
Ecosystems: npm
Packages: node-ps
Source: GitHub Advisory Database
Blast Radius: 9.8
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTV3cWotZjM3OS02amg0
Command injection in kill-process-on-port
Ecosystems: npm
Packages: kill-process-on-port
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTdxbW0tcTM5NC1mbWNo
Command Injection in ps-kill
Ecosystems: npm
Packages: ps-kill
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXFjNjUtY2d2ci05M3A2
Code injection in kill-process-by-name
Ecosystems: npm
Packages: kill-process-by-name
Source: GitHub Advisory Database
Blast Radius: 3.0
Published: over 3 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTg1ZzItMjltOC1xZjJw
Prototype Pollution Vulnerability in object-collider
Ecosystems: npm
Packages: object-collider
Source: GitHub Advisory Database
Blast Radius: 9.8
Published: over 3 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXFyNHAtYzl3ci1waHI2
Prototype pollution in set-in
Ecosystems: npm
Packages: set-in
Source: GitHub Advisory Database
Blast Radius: 7.6
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWYzOHAtYzJncS00cG1y
Regular Expression Denial-of-Service in npm schema-inspector
Ecosystems: npm
Packages: schema-inspector
Source: GitHub Advisory Database
Blast Radius: 23.2
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWpnd3ItM3FtMy0yNmYz
Potential remote code execution in Apache Tomcat
Ecosystems: maven
Packages: org.apache.tomcat.embed:tomcat-embed-core
Source: GitHub Advisory Database
Blast Radius: 29.1
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW1ydmotN3E0Zi01cDQy
Cross-site scripting in eZ Platform Kernel
Ecosystems: packagist
Packages: ezsystems/ezplatform-kernel, ezsystems/ezpublish-kernel
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTVwaGYtcHA3cC12YzJy
Using default SSLContext for HTTPS requests in an HTTPS proxy doesn't verify certificate hostname for proxy connection
Ecosystems: pypi
Packages: urllib3
Source: GitHub Advisory Database
Blast Radius: 36.6
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWYycnAtMzh2Zy1qM2do
Null characters not escaped
Ecosystems: npm
Packages: shescape
Source: GitHub Advisory Database
Blast Radius: 9.1
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW02Z2otaDlnbS1ndzQ0
Django Incorrect Default Permissions
Ecosystems: pypi
Packages: django
Source: GitHub Advisory Database
Blast Radius: 38.0
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWZyMjgtNTY5ai01M2M0
Django Incorrect Default Permissions
Ecosystems: pypi
Packages: django
Source: GitHub Advisory Database
Blast Radius: 38.0
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWZ2Z2YtNmg2aC0zMzIy
Django Directory Traversal via archive.extract
Ecosystems: pypi
Packages: django
Source: GitHub Advisory Database
Blast Radius: 26.8
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWY1ZzgtNXFxNy05Mzh3
Pillow Out-of-bounds Read
Ecosystems: pypi
Packages: Pillow
Source: GitHub Advisory Database
Blast Radius: 35.1
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWhmNjQteDRncS1wOTlo
Pillow Out-of-bounds Read
Ecosystems: pypi
Packages: Pillow
Source: GitHub Advisory Database
Blast Radius: 26.7
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZxY2otd3JmMi03djcz
Pillow Out-of-bounds Write
Ecosystems: pypi
Packages: Pillow
Source: GitHub Advisory Database
Blast Radius: 43.6
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTN3dmctbWo2Zy1tOWN2
Pillow Uncontrolled Resource Consumption
Ecosystems: pypi
Packages: Pillow
Source: GitHub Advisory Database
Blast Radius: 37.1
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWY0dzgtY3Y2cC14NnI1
Pillow Denial of Service by Uncontrolled Resource Consumption
Ecosystems: pypi
Packages: Pillow
Source: GitHub Advisory Database
Blast Radius: 37.1
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTk1cTMtOGdyOS1nbTh3
Pillow Denial of Service by Uncontrolled Resource Consumption
Ecosystems: pypi
Packages: Pillow
Source: GitHub Advisory Database
Blast Radius: 37.1
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTU0NXEtM2ZnNi00OG03
html-parse-stringify and html-parse-stringify2 vulnerable to Regular expression denial of service (ReDoS)
Ecosystems: npm
Packages: html-parse-stringify2, html-parse-stringify
Source: GitHub Advisory Database
Blast Radius: 22.9
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXczNmctcTk3NS0zN3Jn
Improper Input Validation (RCE)
Ecosystems: npm
Packages: wazuh
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTVmdngtMmpqMy02bWZm
Insufficiently Protected Credentials in Elasticsearch
Ecosystems: maven
Packages: org.elasticsearch:elasticsearch
Source: GitHub Advisory Database
Blast Radius: 20.5
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWhxcXYtOXgzdi1tcDd3
Privilege Escalation Flaw in Elasticsearch
Ecosystems: maven
Packages: org.elasticsearch:elasticsearch
Source: GitHub Advisory Database
Blast Radius: 37.6
Published: over 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWc5ZnctOXg4Ny1ybXJq
Privilege Context Switching Error in Elasticsearch
Ecosystems: maven
Packages: org.elasticsearch:elasticsearch
Source: GitHub Advisory Database
Blast Radius: 13.2
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWh3dnYtNDM4ci1taHZq
Exposure of Sensitive Information to an Unauthorized Actor
Ecosystems: maven
Packages: org.elasticsearch:elasticsearch
Source: GitHub Advisory Database
Blast Radius: 18.4
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXBqajQtampnYy1oM3I4
Authenticated remote code execution
Ecosystems: packagist
Packages: shopware/platform
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWg5cTgtNWd2Mi12Nm1n
Potential Session Hijacking
Ecosystems: packagist
Packages: shopware/platform
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWhmd3gtYzdxNi1nNTRj
Vulnerability allowing for reading internal HTTP resources
Ecosystems: npm
Packages: highcharts-export-server
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTc1M2MtcGhoZy1jajI5
Madge vulnerable to command injection
Ecosystems: npm
Packages: madge
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTR3djQtbWdmcS01OTh2
Code injection in nobelprizeparser
Ecosystems: npm
Packages: nobelprizeparser
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWdtanctNDlwNC1wY2Zt
Prototype poisoning
Ecosystems: npm
Packages: msgpack5
Source: GitHub Advisory Database
Blast Radius: 25.1
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWg2cTYtOWhxdy1yd2Z2
Misinterpretation of malicious XML input
Ecosystems: npm
Packages: xmldom
Source: GitHub Advisory Database
Blast Radius: 24.2
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXhtaDktcmc2Zi1qM21y
Verification flaw in Solid identity-token-verifier
Ecosystems: npm
Packages: @solid/identity-token-verifier
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWoyOWctZzk4Mi1wd3B2
Cross-site scripting (XSS)
Ecosystems: packagist
Packages: impresscms/impresscms
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTc5aHYtcGZ4Ni1oaHBq
Cross-site scripting (XSS)
Ecosystems: packagist
Packages: impresscms/impresscms
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWcyZmctbXI3Ny02dnJt
Uncontrolled Resource Consumption in Apache Thrift
Ecosystems: maven
Packages: org.apache.thrift:libthrift
Source: GitHub Advisory Database
Blast Radius: 31.1
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXhmNDYtOHZ2cC00aHh4
Keycloak Missing authentication for critical function
Ecosystems: maven
Packages: org.keycloak:keycloak-core
Source: GitHub Advisory Database
Blast Radius: 20.8
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTU3ZjMtZ2dobS05bWhj
jspdf vulnerable to Regular Expression Denial of Service (ReDoS)
Ecosystems: npm
Packages: jspdf
Source: GitHub Advisory Database
Blast Radius: 32.6
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWZoNjMtNHI2Ni1qYzd2
Cross-site scripting (XSS) in Apache Velocity Tools
Ecosystems: maven
Packages: org.apache.velocity:velocity-tools, org.apache.velocity.tools:velocity-tools-parent
Source: GitHub Advisory Database
Blast Radius: 23.0
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJ2NWYtMjN4Yy12OXFy
ansi_up cross-site scripting vulnerability
Ecosystems: npm
Packages: ansi_up
Source: GitHub Advisory Database
Blast Radius: 19.9
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTVxNm0tM2g2NS13NTN4
react-dev-utils OS Command Injection in function `getProcessForPort`
Ecosystems: npm
Packages: react-dev-utils
Source: GitHub Advisory Database
Blast Radius: 34.6
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWdtcmYtOTlndy12dndq
/user/sessions endpoint allows detecting valid accounts
Ecosystems: packagist
Packages: ezsystems/ezpublish-kernel
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTd2d2ctMzloOC04cXA4
/user/sessions endpoint allows detecting valid accounts
Ecosystems: packagist
Packages: ezsystems/ezplatform-rest
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWhwdjgtOXJxNS1ocTd3
Generated Code Contains Local Information Disclosure Vulnerability
Ecosystems: maven
Packages: io.swagger:swagger-codegen
Source: GitHub Advisory Database
Blast Radius: 14.5
Published: over 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXBjMjItM2c3Ni1nbTZq
Generator Web Application: Local Privilege Escalation Vulnerability via System Temp Directory
Ecosystems: maven
Packages: io.swagger:swagger-codegen
Source: GitHub Advisory Database
Blast Radius: 22.0
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTgyNzgtODh2di14OThy
Execution of untrusted code through config file
Ecosystems: pypi
Packages: tenable-jira-cloud
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Statistics
Advisories: 20,018
Packages: 8,808
Repositories: 5,372
Ecosystems: 12
Filter by Severity
Moderate 8,732 High 6,879 Critical 2,977 Low 1,106
Filter by Ecosystem
maven 5,738 packagist 4,441 pypi 4,178 npm 3,720 go 2,188 nuget 1,508 rubygems 851 cargo 849 swift 32 hex 30 actions 19 pub 8
Filter by Package
tensorflow 433 tensorflow-gpu 425 tensorflow-cpu 422 moodle/moodle 343 Microsoft.ChakraCore 247 magento/community-edition 210 org.jenkins-ci.main:jenkins-core 191 typo3/cms 174 org.apache.tomcat:tomcat 132 pimcore/pimcore 118 dolibarr/dolibarr 112 typo3/cms-core 106 microweber/microweber 94 phpmyadmin/phpmyadmin 92 drupal/core 92 silverstripe/framework 85 apache-airflow 84 django 80 drupal/drupal 77 thorsten/phpmyfaq 70 com.fasterxml.jackson.core:jackson-databind 69 symfony/symfony 64 ansible 63 github.com/usememos/memos 63 actionpack 58 concrete5/concrete5 56 org.apache.struts:struts2-core 55 salt 55 github.com/mattermost/mattermost/server/v8 55 librenms/librenms 54 Plone 52 shopware/platform 52 apache-superset 51 org.keycloak:keycloak-core 50 github.com/grafana/grafana 47 nova 47 mlflow 46 com.liferay.portal:release.portal.bom 45 baserproject/basercms 43 plone 43 craftcms/cms 43 nokogiri 43 rdiffweb 42 Pillow 41 showdoc/showdoc 40 Django 40 shopware/core 40 intelliants/subrion 39 froxlor/froxlor 38 vyper 38 github.com/mattermost/mattermost-server/v6 37 org.xwiki.platform:xwiki-platform-oldcore 37 nilsteampassnet/teampass 37 org.apache.tomcat.embed:tomcat-embed-core 37 org.elasticsearch:elasticsearch 36 com.thoughtworks.xstream:xstream 36 com.jfinal:jfinal 36 net.mingsoft:ms-mcms 35 moin 35 matrix-synapse 35 zendframework/zendframework1 34 k8s.io/kubernetes 34 github.com/answerdev/answer 34 github.com/hashicorp/vault 34 org.keycloak:keycloak-services 33 github.com/rancher/rancher 33 snipe/snipe-it 33 org.jenkins-ci.plugins:script-security 32 io.undertow:undertow-core 31 github.com/argoproj/argo-cd 31 opencv-contrib-python 31 keystone 31 opencv-python 31 shopware/shopware 30 mautic/core 30 parse-server 30 github.com/docker/docker 29 getgrav/grav 29 github.com/argoproj/argo-cd/v2 27 github.com/hashicorp/nomad 27 centreon/centreon 27 prestashop/prestashop 26 openssl-src 26 electron 26 github.com/hashicorp/consul 26 directus 25 org.keycloak:keycloak-parent 25 org.apache.solr:solr-core 25 rubygems-update 25 github.com/cilium/cilium 24 magento/core 24 mediawiki/core 24 gogs.io/gogs 24 org.springframework.security:spring-security-core 24 simplesamlphp/simplesamlphp 23 remdex/livehelperchat 23 grumpydictator/firefly-iii 23 puppet 23 pocketmine/pocketmine-mp 23 org.eclipse.jetty:jetty-server 23 rack 23 zendframework/zendframework 23 getkirby/cms 22 org.apache.nifi:nifi 22 ckb 22 org.bouncycastle:bcprov-jdk14 22 activerecord 21 @openzeppelin/contracts-upgradeable 21 contao/core-bundle 21 org.apache.openmeetings:openmeetings-parent 21 @openzeppelin/contracts 20 tribalsystems/zenario 20 org.cloudfoundry.identity:cloudfoundry-identity-server 20 Microsoft.AspNetCore.App.Runtime.win-x64 20 glance 20 Microsoft.AspNetCore.App.Runtime.win-x86 20 code.gitea.io/gitea 20 github.com/ethereum/go-ethereum 20 DotNetNuke.Core 19 Microsoft.AspNetCore.App.Runtime.win-arm 19 org.springframework:spring-core 19 org.xwiki.platform:xwiki-platform-web-templates 19 laravel/framework 19 forkcms/forkcms 18 topthink/framework 18 langchain 18 golang.org/x/net 18 contao/contao 18 com.vaadin:vaadin-bom 18 cockpit-hq/cockpit 18 gradio 18 github.com/goharbor/harbor 18 com.liferay.portal:release.dxp.bom 18 mindsdb 18 PaddlePaddle 17 Microsoft.AspNetCore.App.Runtime.linux-arm 17 github.com/traefik/traefik/v2 17 mercurial 17 opencart/opencart 17 Microsoft.AspNetCore.App.Runtime.win-arm64 17 org.apache.geode:geode-core 17 francoisjacquet/rosariosis 17 Microsoft.AspNetCore.App.Runtime.osx-x64 17 cobbler 17 symfony/security 17 helm.sh/helm/v3 17 Microsoft.AspNetCore.App.Runtime.linux-x64 17 cakephp/cakephp 17 Microsoft.AspNetCore.App.Runtime.linux-arm64 17 genix/cms 17 ezsystems/ezpublish-kernel 17 Microsoft.AspNetCore.App.Runtime.linux-musl-x64 17 org.bouncycastle:bcprov-jdk15 16 cryptography 16 Microsoft.AspNetCore.App.Runtime.linux-musl-arm64 16 rusqlite 16 sequelize 16 org.apache.activemq:activemq-client 16 org.apache.jspwiki:jspwiki-main 16 neutron 16 wasmtime 16 org.apache.dubbo:dubbo 16 notebook 16 tinymce 16 next 16 pillow 16 openmage/magento-lts 16 yetiforce/yetiforce-crm 16 ghost 15 october/system 15 org.apache.struts.xwork:xwork-core 15 ethyca-fides 15 smarty/smarty 15 pyload-ng 15 paddlepaddle 15 ckeditor4 15 ec-cube/ec-cube 15 github.com/nats-io/nats-server/v2 14 modoboa 14 publify_core 14 org.xwiki.platform:xwiki-platform-web 14 swagger-ui 14 silverstripe/cms 14 github.com/zitadel/zitadel 14 feehi/cms 14 pyftpdlib 14 bolt/bolt 14 symfony/security-http 14 activesupport 14 typo3/cms-backend 14 github.com/containerd/containerd 14 org.apache.inlong:manager-pojo 14 phpmailer/phpmailer 14 impresscms/impresscms 13 angular 13 org.apache.tomcat:tomcat-coyote 13 studio-42/elfinder 13 lavalite/cms 13 github.com/opencontainers/runc 13 github.com/mattermost/mattermost-server 13
Filter by Repository
https://github.com/tensorflow/tensorflow 433 https://github.com/moodle/moodle 214 https://github.com/chakra-core/ChakraCore 214 https://github.com/xwiki/xwiki-platform 181 https://github.com/jenkinsci/jenkins 150 https://github.com/pimcore/pimcore 113 https://github.com/django/django 111 https://github.com/apache/airflow 98 https://github.com/apache/tomcat 97 https://github.com/microweber/microweber 88 https://github.com/TYPO3/typo3 72 https://github.com/FasterXML/jackson-databind 70 https://github.com/thorsten/phpmyfaq 69 https://github.com/keycloak/keycloak 65 https://github.com/silverstripe/silverstripe-framework 64 https://github.com/usememos/memos 63 https://github.com/symfony/symfony 57 https://github.com/ansible/ansible 56 https://github.com/Dolibarr/dolibarr 56 https://github.com/rails/rails 55 https://github.com/python-pillow/Pillow 52 https://github.com/kubernetes/kubernetes 50 https://github.com/librenms/librenms 46 https://github.com/apache/struts 46 https://github.com/shopware/platform 43 https://github.com/spring-projects/spring-framework 43 https://github.com/argoproj/argo-cd 42 https://github.com/ikus060/rdiffweb 42 https://github.com/grafana/grafana 40 https://github.com/magento/magento2 38 https://github.com/star7th/showdoc 38 https://github.com/vyperlang/vyper 38 https://github.com/phpmyadmin/phpmyadmin 38 https://github.com/plone/Products.CMFPlone 37 https://github.com/concretecms/concretecms 37 https://github.com/openstack/nova 37 https://github.com/x-stream/xstream 36 https://github.com/octobercms/october 35 https://github.com/saltstack/salt 34 https://github.com/answerdev/answer 34 https://github.com/apache/activemq 33 https://github.com/go-gitea/gitea 32 https://github.com/sparklemotion/nokogiri 32 https://github.com/matrix-org/synapse 32 https://github.com/opencv/opencv 32 https://github.com/PaddlePaddle/Paddle 31 https://github.com/craftcms/cms 31 https://github.com/mlflow/mlflow 30 https://github.com/parse-community/parse-server 30 https://github.com/snipe/snipe-it 29 https://github.com/rancher/rancher 28 https://github.com/dotnet/runtime 28 https://github.com/CVEProject/cvelist 28 https://github.com/shopware/shopware 28 https://github.com/mautic/mautic 28 https://github.com/openstack/keystone 28 https://github.com/apache/inlong 27 https://github.com/froxlor/froxlor 26 https://github.com/electron/electron 25 https://github.com/getgrav/grav 24 https://github.com/gogs/gogs 24 https://github.com/directus/directus 24 https://github.com/TYPO3/TYPO3.CMS 24 https://github.com/cilium/cilium 24 https://github.com/strapi/strapi 24 https://github.com/github/advisory-database 23 https://github.com/livehelperchat/livehelperchat 23 https://github.com/pmmp/PocketMine-MP 23 https://github.com/firefly-iii/firefly-iii 23 https://github.com/eclipse/jetty.project 23 https://github.com/nervosnetwork/ckb 22 https://github.com/apache/nifi 22 https://github.com/contao/contao 22 https://github.com/baserproject/basercms 22 https://github.com/PrestaShop/PrestaShop 22 https://github.com/apache/cxf 21 https://github.com/jenkinsci/script-security-plugin 21 https://github.com/OpenZeppelin/openzeppelin-contracts 20 https://github.com/simplesamlphp/simplesamlphp 20 https://github.com/umbraco/Umbraco-CMS 20 https://github.com/netty/netty 20 https://github.com/jeecgboot/jeecg-boot 20 https://github.com/OpenNMS/opennms 20 https://github.com/getkirby/kirby 19 https://github.com/bcgit/bc-java 19 https://github.com/hashicorp/consul 19 https://github.com/cloudfoundry/uaa 19 https://github.com/nilsteampassnet/teampass 19 https://github.com/nilsteampassnet/TeamPass 18 https://github.com/intelliants/subrion 18 https://github.com/rack/rack 18 https://github.com/langchain-ai/langchain 18 https://github.com/rubygems/rubygems 18 https://github.com/helm/helm 18 https://github.com/goharbor/harbor 18 https://github.com/geoserver/geoserver 18 https://github.com/traefik/traefik 17 https://github.com/mindsdb/mindsdb 17 https://github.com/liufee/cms 17 https://github.com/vaadin/platform 17 https://github.com/bytecodealliance/wasmtime 17 https://github.com/moby/moby 17 https://github.com/tinymce/tinymce 16 https://github.com/hashicorp/vault 16 https://github.com/etcd-io/etcd 16 https://github.com/forkcms/forkcms 16 https://github.com/rusqlite/rusqlite 16 https://github.com/yetiforcecompany/yetiforcecrm 16 https://github.com/gradio-app/gradio 16 https://github.com/ethereum/go-ethereum 16 https://github.com/OpenMage/magento-lts 16 https://github.com/sequelize/sequelize 16 https://github.com/TYPO3-CMS/core 16 https://github.com/opencast/opencast 16 https://github.com/vantage6/vantage6 15 https://github.com/centreon/centreon 15 https://github.com/ethyca/fides 15 https://github.com/pyload/pyload 15 https://github.com/apache/camel 15 https://github.com/puppetlabs/puppet 15 https://github.com/zendframework/zendframework 15 https://github.com/PHPMailer/PHPMailer 15 https://github.com/laravel/framework 15 https://github.com/pyca/cryptography 15 https://github.com/denoland/deno 15 https://github.com/cockpit-hq/cockpit 14 https://github.com/zitadel/zitadel 14 https://github.com/twisted/twisted 14 https://github.com/mattermost/mattermost 14 https://github.com/ckeditor/ckeditor4 14 https://github.com/undertow-io/undertow 14 https://github.com/containerd/containerd 14 https://github.com/xuxueli/xxl-job 14 https://github.com/cobbler/cobbler 14 https://github.com/modoboa/modoboa 13 https://github.com/TryGhost/Ghost 13 https://github.com/nodejs/undici 13 https://github.com/ming-soft/MCMS 13 https://github.com/publify/publify 13 https://github.com/hashicorp/nomad 13 https://github.com/apache/dolphinscheduler 13 https://github.com/decidim/decidim 13 https://github.com/swagger-api/swagger-ui 13 https://github.com/dotnet/aspnetcore 13 https://github.com/quarkusio/quarkus 13 https://github.com/dromara/hutool 13 https://github.com/dompdf/dompdf 13 https://github.com/golang/go 13 https://github.com/urllib3/urllib3 12 https://github.com/centreon/centreon-archived 12 https://github.com/opencontainers/runc 12 https://github.com/wagtail/wagtail 12 https://github.com/smarty-php/smarty 12 https://github.com/pimcore/admin-ui-classic-bundle 12 https://github.com/vercel/next.js 12 https://github.com/1Panel-dev/1Panel 12 https://github.com/aio-libs/aiohttp 12 https://github.com/apache/kylin 12 https://github.com/backstage/backstage 12 https://github.com/laurent22/joplin 12 https://github.com/patriksimek/vm2 12 https://github.com/openfga/openfga 12 https://github.com/dpgaspar/Flask-AppBuilder 11 https://github.com/igniterealtime/Openfire 11 https://github.com/OPCFoundation/UA-.NETStandard 11 https://github.com/drupal/core 11 https://github.com/WWBN/AVideo 11 https://github.com/janeczku/calibre-web 11 https://github.com/cloudflare/cfrpki 11 https://github.com/top-think/framework 11 https://github.com/onionshare/onionshare 11 https://github.com/containers/podman 11 https://github.com/NodeBB/NodeBB 11 https://github.com/cakephp/cakephp 11 https://github.com/ezsystems/ezpublish-kernel 11 https://github.com/Studio-42/elFinder 11 https://github.com/vaadin/flow 11 https://github.com/nats-io/nats-server 11 https://github.com/openstack/glance 11 https://github.com/yiisoft/yii2 11 https://github.com/puma/puma 11 https://github.com/thorsten/phpMyFAQ 11 https://github.com/Sylius/Sylius 11 https://github.com/scrapy/scrapy 11 https://github.com/nautobot/nautobot 10 https://github.com/opencart/opencart 10 https://github.com/dolibarr/dolibarr 10 https://github.com/jquery/jquery 10 https://github.com/phusion/passenger 10 https://github.com/surrealdb/surrealdb 10 https://github.com/DSpace/DSpace 10 https://github.com/pomerium/pomerium 10 https://github.com/greenpau/caddy-security 10 https://github.com/apache/superset 10 https://github.com/nocodb/nocodb 10 https://github.com/spring-projects/spring-security 10 https://github.com/codeigniter4/CodeIgniter4 10 https://github.com/jenkinsci/git-plugin 10 https://github.com/jupyter/notebook 10