Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories

Browse all Security Advisories for

Loading...
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWY2MnYteHB4Zi0zdjY4
Code injection in Apache Ant
Ecosystems: maven
Packages: org.apache.ant:ant
Source: GitHub Advisory Database
Blast Radius: 31.9
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXhodjUtdzljNS0ycjJ3
Unbounded connection acceptance in http4s-blaze-server
Ecosystems: maven
Packages: org.http4s:http4s-blaze-server_2.13, org.http4s:http4s-blaze-server_2.12
Source: GitHub Advisory Database
Blast Radius: 8.1
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXhtdzktcTd4OS1qNXFj
Unbounded connection acceptance leads to file handle exhaustion
Ecosystems: maven
Packages: org.http4s:blaze-core_2.13, org.http4s:blaze-core_2.12, org.http4s:blaze-core_2.11
Source: GitHub Advisory Database
Blast Radius: 3.6
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXFycW0tZnB2Ni02cjhn
Command Injection Vulnerability in Mechanize
Ecosystems: rubygems
Packages: mechanize
Source: GitHub Advisory Database
Blast Radius: 29.4
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZ2MngtdnJwai1xcXBx
Cross-site scripting in Bleach
Ecosystems: pypi
Packages: bleach
Source: GitHub Advisory Database
Blast Radius: 29.7
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXg3cDUtcDJjOS1waHZn
Unexpected database bindings
Ecosystems: packagist
Packages: illuminate/database, laravel/framework
Source: GitHub Advisory Database
Blast Radius: 40.9
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWY5MmotcWY0Ni1wNnZt
Reflected Cross-site Scripting in ACS Commons
Ecosystems: maven
Packages: com.adobe.acs:acs-aem-commons
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXA0cGotbWc0ci14NnY0
Denial of Service in uap-core
Ecosystems: npm
Packages: uap-core
Source: GitHub Advisory Database
Blast Radius: 10.9
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWo2cHgtand2di12cHdx
Angular Expressions - Remote Code Execution
Ecosystems: npm
Packages: angular-expressions
Source: GitHub Advisory Database
Blast Radius: 25.8
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWM0OTctdjhwdi1jaDZ4
Prototype pollution in nested-object-assign
Ecosystems: npm
Packages: nested-object-assign
Source: GitHub Advisory Database
Blast Radius: 27.3
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWhnbWctaGhjOC1nNXdy
CKEditor 5 Markdown plugin Regular expression Denial of Service
Ecosystems: npm
Packages: @ckeditor/ckeditor5-markdown-gfm
Source: GitHub Advisory Database
Blast Radius: 15.7
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTNjcmotdzRmNS1nd2g0
Processing untrusted theming resources might execute arbitrary code (ACE)
Ecosystems: npm
Packages: less-openui5
Source: GitHub Advisory Database
Blast Radius: 19.9
Published: over 3 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWhodzktMzVwMi1xMmM1
Steam Socialite Provider v1 does not correctly validate openid server
Ecosystems: packagist
Packages: socialiteproviders/steam
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXA3djQtZ202ai1jdzlt
XSS in Mautic
Ecosystems: packagist
Packages: mautic/core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJjd2otOGNodi05cHA5
XML External Entity attack in log4net
Ecosystems: nuget
Packages: log4net
Source: GitHub Advisory Database
Blast Radius: 43.4
Published: over 3 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZjM2YtcDV3cC0zNG1o
OS Command Injection in async-git
Ecosystems: npm
Packages: async-git
Source: GitHub Advisory Database
Blast Radius: 10.2
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJodzctbXh2ai1tNDU1
Path traversal in Node-RED-Dashboard
Ecosystems: npm
Packages: node-red-dashboard
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWgzZ2ctN3d4Mi1jcTNo
XSS in Flarum Sticky extension
Ecosystems: packagist
Packages: flarum/sticky
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTMyd3gtNGd4eC1oNDhm
Users can edit the tags of any discussion
Ecosystems: packagist
Packages: flarum/tags
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZoaHcteGp2Zi13cHJy
Command Injection in @graphql-tools/git-loader
Ecosystems: npm
Packages: @graphql-tools/git-loader
Source: GitHub Advisory Database
Blast Radius: 38.9
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTQzaGctZzQ0cS00NzRx
Cross Site Scripting (XSS) in XWiki
Ecosystems: maven
Packages: org.xwiki.commons:xwiki-commons
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWNnaHgtOWdjci1yNDJ4
Path Traversal in the Java Kubernetes Client
Ecosystems: maven
Packages: io.kubernetes:client-java
Source: GitHub Advisory Database
Blast Radius: 22.8
Published: over 3 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTd4Y3Ytd3ZyNy00aDZw
Malicious npm package: an0n-chat-lib
Ecosystems: npm
Packages: an0n-chat-lib
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 3 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXF2MmctOTl4NC00NXg2
Malicious npm package: discord-fix
Ecosystems: npm
Packages: discord-fix
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 3 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXc4ZmgtcHZxMi14OGM0
Malicious npm package: sonatype
Ecosystems: npm
Packages: sonatype
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWh2ZjgtaDJxaC0zN205
IPC messages delivered to the wrong frame in Electron
Ecosystems: npm
Packages: electron
Source: GitHub Advisory Database
Blast Radius: 26.8
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTVwM3gtcjQ0OC1wYzYy
Improper Verification of Cryptographic Signature in PySAML2
Ecosystems: pypi
Packages: pysaml2
Source: GitHub Advisory Database
Blast Radius: 16.8
Published: over 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWY0ZzktaDg5aC1qZ3Y5
SAML XML Signature wrapping in PySAML2
Ecosystems: pypi
Packages: pysaml2
Source: GitHub Advisory Database
Blast Radius: 16.8
Published: over 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTV2NDQtNzY0Ny14Znc5
Blind SQL injection in PrestaShop productcomments module
Ecosystems: packagist
Packages: prestashop/productcomments
Source: GitHub Advisory Database
Blast Radius: 16.4
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTQ5d3AtcXE2eC1nMnJm
Cross-site Request Forgery in fastify-csrf
Ecosystems: npm
Packages: fastify-csrf
Source: GitHub Advisory Database
Blast Radius: 16.1
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTlxbWgtMjc2Zy14NXBq
Prototype Pollution in immer
Ecosystems: npm
Packages: immer
Source: GitHub Advisory Database
Blast Radius: 46.3
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWZ4d2YtNHJxaC12OGcz
CORS misconfiguration in socket.io
Ecosystems: npm
Packages: socket.io
Source: GitHub Advisory Database
Blast Radius: 26.4
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZnOHYtaHBndy1oMnY3
Prototype pollution in gsap
Ecosystems: npm
Packages: gsap
Source: GitHub Advisory Database
Blast Radius: 32.4
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXF3cDktNTJoOC14Z2c4
Prototype pollution in JointJS
Ecosystems: npm
Packages: jointjs
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTU5NDktcnc3Zy13eDd3
Deserialization of untrusted data in jackson-databind
Ecosystems: maven
Packages: com.fasterxml.jackson.core:jackson-databind
Source: GitHub Advisory Database
Blast Radius: 43.6
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTI5djktMmZweC1qNWc5
CSV Injection vulnerability with exported contact lists in Mautic
Ecosystems: packagist
Packages: mautic/core
Source: GitHub Advisory Database
Blast Radius: 4.7
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTloeDctcmc3dy14bTc5
XSS vulnerability in company name field in Mautic
Ecosystems: packagist
Packages: mautic/core
Source: GitHub Advisory Database
Blast Radius: 2.9
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXFqaHItYzIzZi13NzZx
Inline JS XSS vulnerability in Mautic
Ecosystems: packagist
Packages: mautic/core
Source: GitHub Advisory Database
Blast Radius: 2.9
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZmeGotcWc5My03d3dj
Mautic Sessions could be hijacked due to tracking contacts by an auto-incremented ID
Ecosystems: packagist
Packages: mautic/core
Source: GitHub Advisory Database
Blast Radius: 3.6
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZ4OTgtZng5ai03Yzc4
Disabled users able to log in with third party SSO plugin
Ecosystems: packagist
Packages: mautic/core
Source: GitHub Advisory Database
Blast Radius: 3.9
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTV3NzQtang3bS14Nmh2
XSS vulnerability in theme config file in Mautic
Ecosystems: packagist
Packages: mautic/core
Source: GitHub Advisory Database
Blast Radius: 2.9
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXhjZjctY2o4cS1wY2pt
XSS vulnerability in Author URL of themes in Mautic
Ecosystems: packagist
Packages: mautic/core
Source: GitHub Advisory Database
Blast Radius: 2.9
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXFwZ3ctMmM3Mi00Yzg5
Mautic users able to download any files from server using filemanager
Ecosystems: packagist
Packages: mautic/core
Source: GitHub Advisory Database
Blast Radius: 3.1
Published: over 3 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTM5d2otajNqYy04NTht
XSS vulnerability leveraged through referrers could allow un-authorized admin access in Mautic
Ecosystems: packagist
Packages: mautic/core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTNwMzItajQ1Ny1wZzV4
Query Binding Exploitation
Ecosystems: packagist
Packages: laravel/framework, illuminate/database
Source: GitHub Advisory Database
Blast Radius: 40.9
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTUyM2MteGg0Zy1taDVt
Denial of Service in Apache POI
Ecosystems: maven
Packages: org.apache.poi:poi
Source: GitHub Advisory Database
Blast Radius: 36.6
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXdqeDItN2hxcS04aDdt
rails_admin ruby gem XSS vulnerability
Ecosystems: rubygems
Packages: rails_admin
Source: GitHub Advisory Database
Blast Radius: 24.2
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJjY3gtMmdmMy04eHZ2
Kirby .dev domains and some reverse proxy setups were treated as local
Ecosystems: packagist
Packages: getkirby/cms, getkirby/panel
Source: GitHub Advisory Database
Blast Radius: 17.5
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXY1cnYtaHB4Zy04eDQ5
Signature validation bypass in ServiceStack
Ecosystems: nuget
Packages: ServiceStack
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 3 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTdqaDktNmNwZi1oNG03
XSS in hello.js
Ecosystems: npm
Packages: hellojs
Source: GitHub Advisory Database
Blast Radius: 24.7
Published: over 3 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXd3NGotYzJycS00N3E4
Command injection in ts-process-promises
Ecosystems: npm
Packages: ts-process-promises
Source: GitHub Advisory Database
Blast Radius: 6.8
Published: over 3 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTQ4N3ctcHFjbS02M2hx
Command injection in buns
Ecosystems: npm
Packages: buns
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWp4d3gtODV2cC1ndndt
Regular Expression Denial of Service in jquery-validation
Ecosystems: nuget, npm
Packages: jQuery.Validation, jquery-validation
Source: GitHub Advisory Database
Blast Radius: 32.8
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWhoN20tcng0Zi00dnB2
CSRF can expose users authentication token
Ecosystems: pypi
Packages: Flask-Security-Too
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXEzd3ItcXczZy0zcDRo
Injection/XSS in Redcarpet
Ecosystems: rubygems
Packages: redcarpet
Source: GitHub Advisory Database
Blast Radius: 33.4
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXBnd3cteGY0Ni1oOTJy
lxml vulnerable to Cross-site Scripting
Ecosystems: pypi
Packages: lxml
Source: GitHub Advisory Database
Blast Radius: 30.9
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTM5NXctcWhxci05ZnI2
Path Traversal in Apache Flink
Ecosystems: maven
Packages: org.apache.flink:flink-runtime_2.12, org.apache.flink:flink-runtime_2.11
Source: GitHub Advisory Database
Blast Radius: 17.1
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXc3angtajc3bS13cDY1
Cross-site scripting vulnerability in TinyMCE
Ecosystems: packagist, nuget, npm
Packages: tinymce/tinymce, TinyMCE, tinymce
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWg5NmYtZmM3Yy05cjU1
Regex denial of service vulnerability in codesample plugin
Ecosystems: npm
Packages: tinymce
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWhxMzctODUzcC1nNWNm
Regular Expression Denial of Service in CairoSVG
Ecosystems: pypi
Packages: CairoSVG
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXA0cTYtcXhqeC04amdw
Directory Traversal in spring-boot-actuator-logview
Ecosystems: maven
Packages: eu.hinsch:spring-boot-actuator-logview
Source: GitHub Advisory Database
Blast Radius: 6.0
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTR3MnYtcTIzNS12cDk5
Axios vulnerable to Server-Side Request Forgery
Ecosystems: npm
Packages: axios
Source: GitHub Advisory Database
Blast Radius: 33.4
Published: over 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLThqOXYtaDJ2cC0yaGh2
XSS in HtmlSanitizer
Ecosystems: nuget
Packages: HtmlSanitizer
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTMzMjktcGp3di1manBn
Hostname spoofing via backslashes in URL
Ecosystems: npm
Packages: urijs
Source: GitHub Advisory Database
Blast Radius: 34.3
Published: over 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXIycWMtdzY0eC02ajU0
XSS in Vega
Ecosystems: npm
Packages: vega
Source: GitHub Advisory Database
Blast Radius: 29.7
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZyOHEtZzVjNy1tNTRt
Nokogiri::XML::Schema trusts input by default, exposing risk of XXE vulnerability
Ecosystems: rubygems
Packages: nokogiri
Source: GitHub Advisory Database
Blast Radius: 26.0
Published: over 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTR3NDYtdzQ0bS0zanEz
Parse Server stores password in plain text
Ecosystems: npm
Packages: parse-server
Source: GitHub Advisory Database
Blast Radius: 23.7
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXdtZmctNTVmOS1qOGhx
Server-Side Template Injection
Ecosystems: maven
Packages: com.browserup:browserup-proxy
Source: GitHub Advisory Database
Blast Radius: 6.0
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXI5MngtZjUyci14NTRn
regular expression denial of service (ReDoS)
Ecosystems: npm
Packages: date-and-time
Source: GitHub Advisory Database
Blast Radius: 35.8
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTlmNjYtNTR4Zy1wYzJj
Jupyter Server open redirect vulnerability
Ecosystems: pypi
Packages: jupyter-server
Source: GitHub Advisory Database
Blast Radius: 23.6
Published: over 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLThwZmgtbW0yZy1obWMz
Authenticated Server Side Request Forgery
Ecosystems: packagist
Packages: shopware/core, shopware/platform
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWNxNmgtdzNtYy01N2Y0
Information exposure via query strings in URL
Ecosystems: packagist
Packages: shopware/core, shopware/platform
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTVxNTgteDVoMi12NXJ4
Authenticated Privilege Escalation
Ecosystems: packagist
Packages: shopware/core, shopware/platform
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXd2Y3YtODMycS1mamc3
RSA weakness in tslite-ng
Ecosystems: pypi
Packages: tlslite-ng
Source: GitHub Advisory Database
Blast Radius: 15.5
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTRjY2gtd3hwdy04cDI4
Server-Side Forgery Request can be activated unmarshalling with XStream
Ecosystems: maven
Packages: com.thoughtworks.xstream:xstream
Source: GitHub Advisory Database
Blast Radius: 33.9
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWpmdngtN3dyeC00M2Zo
XStream vulnerable to an Arbitrary File Deletion on the local host when unmarshalling
Ecosystems: maven
Packages: com.thoughtworks.xstream:xstream
Source: GitHub Advisory Database
Blast Radius: 30.0
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZxcXgtanc2cC1xM3Jm
Cross-Site Scripting in Fluid view helpers
Ecosystems: packagist
Packages: typo3/cms, typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 21.9
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTVmdzktZnEzMi13djVw
OS Command Injection in node-notifier
Ecosystems: npm
Packages: node-notifier
Source: GitHub Advisory Database
Blast Radius: 35.0
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTYzcTctaDg5NS1tOTgy
Cross-site Scripting in dompurify
Ecosystems: npm
Packages: dompurify
Source: GitHub Advisory Database
Blast Radius: 29.0
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXA5ajYtNHBqci1ncDQ4
MPXJ path Traversal vulnerability
Ecosystems: maven
Packages: net.sf.mpxj:mpxj
Source: GitHub Advisory Database
Blast Radius: 8.8
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTQ1cTItMzRyZi1tcjk0
Code Injection in mquery
Ecosystems: npm
Packages: mquery
Source: GitHub Advisory Database
Blast Radius: 30.9
Published: over 3 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWZmeGcteG00dy0zd2c5
Command Injection in corenlp-js-interface
Ecosystems: npm
Packages: corenlp-js-interface
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZyM3AtZmN2bS14aDdj
SSRF vulnerability in Arache Airflow
Ecosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Blast Radius: 16.9
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWN2Y3EtZ21jMy1xNm04
Apache Airflow logs passwords in plaintext
Ecosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXc1bXAtOHA4dy1taGg4
Command injection in connection-tester
Ecosystems: npm
Packages: connection-tester
Source: GitHub Advisory Database
Blast Radius: 13.9
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW03ajQtZmhnNi14ZjV2
datatables.net vulnerable to Prototype Pollution due to incomplete fix
Ecosystems: npm
Packages: datatables.net
Source: GitHub Advisory Database
Blast Radius: 33.9
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW01N3AtcDY3aC1tcTc0
Command Injection Vulnerability in systeminformation
Ecosystems: npm
Packages: systeminformation
Source: GitHub Advisory Database
Blast Radius: 26.9
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWpjODQtM2c0NC13ZjJx
Denial of Service in ecstatic
Ecosystems: npm
Packages: ecstatic
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWhmdmMtZzI1Mi1ycDRn
Denial of Service in i18n
Ecosystems: nuget
Packages: i18n
Source: GitHub Advisory Database
Blast Radius: 7.8
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWN2bXItNjQyOC04N3c5
Cross-Site Scripting in Grav
Ecosystems: packagist
Packages: getgrav/grav
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXEyNjMtZnZ4bS1tNW13
Heap out of bounds access in MakeEdge in TensorFlow
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 21.4
Published: over 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW02NDgtMzNxZi12M2dw
CHECK-fail in LSTM with zero-length input in TensorFlow
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 21.4
Published: over 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWhodmMtZzVodi00OGM2
Write to immutable memory region in TensorFlow
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 21.4
Published: over 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWM5ZjMtOXdmci13Z2g3
Lack of validation in data format attributes in TensorFlow
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 21.4
Published: over 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXFoeHgtajczci1xcG0y
Uninitialized memory access in TensorFlow
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 21.4
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXFxZ3gtMnAyaC05YzM3
ini before 1.3.6 vulnerable to Prototype Pollution via ini.parse
Ecosystems: npm
Packages: ini
Source: GitHub Advisory Database
Blast Radius: 46.0
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJjamotaDZnaC1qZjNy
Information Disclosure in Apache Groovy
Ecosystems: maven
Packages: org.codehaus.groovy:groovy
Source: GitHub Advisory Database
Blast Radius: 22.8
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWh4bXAtcHFjaC1jOG1t
Denial of service attack via incorrect parameters in Matrix Synapse
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 9.2
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWNnNTQtZ3Bnci00cm02
user-readable api tokens in systemd units for JupyterHub
Ecosystems: pypi
Packages: jupyterhub-systemdspawner
Source: GitHub Advisory Database
Blast Radius: 7.0
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWhtNDUtbWdxbS1nam00
Remote Code Execution (RCE) Exploit on Cross Site Scripting (XSS) Vulnerability
Ecosystems: pypi
Packages: red-dashboard
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Statistics
Advisories: 19,955
Packages: 8,791
Repositories: 5,358
Ecosystems: 12
Filter by Severity
Moderate 8,716 High 6,842 Critical 2,975 Low 1,099
Filter by Ecosystem
maven 5,733 packagist 4,436 pypi 4,153 npm 3,703 go 2,189 nuget 1,508 rubygems 847 cargo 846 swift 32 hex 30 actions 19 pub 8
Filter by Package
tensorflow 433 tensorflow-gpu 425 tensorflow-cpu 422 moodle/moodle 343 Microsoft.ChakraCore 247 magento/community-edition 210 org.jenkins-ci.main:jenkins-core 191 typo3/cms 174 org.apache.tomcat:tomcat 132 pimcore/pimcore 118 dolibarr/dolibarr 112 typo3/cms-core 106 microweber/microweber 94 phpmyadmin/phpmyadmin 92 drupal/core 92 silverstripe/framework 85 apache-airflow 83 django 80 drupal/drupal 77 thorsten/phpmyfaq 70 com.fasterxml.jackson.core:jackson-databind 69 symfony/symfony 64 github.com/usememos/memos 63 ansible 62 actionpack 58 concrete5/concrete5 56 org.apache.struts:struts2-core 55 salt 55 github.com/mattermost/mattermost/server/v8 55 librenms/librenms 54 shopware/platform 52 Plone 52 apache-superset 51 org.keycloak:keycloak-core 47 nova 47 mlflow 46 github.com/grafana/grafana 46 com.liferay.portal:release.portal.bom 45 plone 43 nokogiri 43 baserproject/basercms 43 craftcms/cms 42 rdiffweb 42 Pillow 41 showdoc/showdoc 40 shopware/core 40 Django 40 intelliants/subrion 39 froxlor/froxlor 38 vyper 38 github.com/mattermost/mattermost-server/v6 37 nilsteampassnet/teampass 37 org.apache.tomcat.embed:tomcat-embed-core 37 org.xwiki.platform:xwiki-platform-oldcore 37 com.thoughtworks.xstream:xstream 36 org.elasticsearch:elasticsearch 36 com.jfinal:jfinal 36 matrix-synapse 35 net.mingsoft:ms-mcms 35 moin 35 zendframework/zendframework1 34 k8s.io/kubernetes 34 github.com/answerdev/answer 34 snipe/snipe-it 33 org.jenkins-ci.plugins:script-security 32 org.keycloak:keycloak-services 32 github.com/argoproj/argo-cd 32 opencv-python 31 github.com/rancher/rancher 31 opencv-contrib-python 31 keystone 31 github.com/hashicorp/vault 31 io.undertow:undertow-core 31 shopware/shopware 30 mautic/core 30 parse-server 30 getgrav/grav 29 github.com/docker/docker 29 github.com/hashicorp/nomad 27 centreon/centreon 27 github.com/argoproj/argo-cd/v2 27 electron 26 github.com/hashicorp/consul 26 openssl-src 26 prestashop/prestashop 26 rubygems-update 25 org.keycloak:keycloak-parent 25 org.apache.solr:solr-core 25 magento/core 24 github.com/cilium/cilium 24 org.springframework.security:spring-security-core 24 directus 24 gogs.io/gogs 24 mediawiki/core 24 grumpydictator/firefly-iii 23 simplesamlphp/simplesamlphp 23 remdex/livehelperchat 23 pocketmine/pocketmine-mp 23 puppet 23 rack 23 zendframework/zendframework 23 org.eclipse.jetty:jetty-server 23 org.bouncycastle:bcprov-jdk14 22 org.apache.nifi:nifi 22 ckb 22 getkirby/cms 22 contao/core-bundle 21 org.apache.openmeetings:openmeetings-parent 21 activerecord 21 @openzeppelin/contracts-upgradeable 21 glance 20 github.com/ethereum/go-ethereum 20 tribalsystems/zenario 20 org.cloudfoundry.identity:cloudfoundry-identity-server 20 @openzeppelin/contracts 20 Microsoft.AspNetCore.App.Runtime.win-x86 20 code.gitea.io/gitea 20 Microsoft.AspNetCore.App.Runtime.win-x64 20 DotNetNuke.Core 19 Microsoft.AspNetCore.App.Runtime.win-arm 19 org.xwiki.platform:xwiki-platform-web-templates 19 org.springframework:spring-core 19 laravel/framework 19 com.liferay.portal:release.dxp.bom 18 cockpit-hq/cockpit 18 com.vaadin:vaadin-bom 18 gradio 18 contao/contao 18 forkcms/forkcms 18 golang.org/x/net 18 github.com/goharbor/harbor 18 langchain 18 symfony/security 17 cobbler 17 Microsoft.AspNetCore.App.Runtime.linux-arm 17 opencart/opencart 17 topthink/framework 17 Microsoft.AspNetCore.App.Runtime.win-arm64 17 Microsoft.AspNetCore.App.Runtime.linux-arm64 17 org.apache.geode:geode-core 17 github.com/traefik/traefik/v2 17 PaddlePaddle 17 francoisjacquet/rosariosis 17 Microsoft.AspNetCore.App.Runtime.linux-musl-x64 17 ezsystems/ezpublish-kernel 17 Microsoft.AspNetCore.App.Runtime.osx-x64 17 Microsoft.AspNetCore.App.Runtime.linux-x64 17 helm.sh/helm/v3 17 genix/cms 17 mercurial 17 cakephp/cakephp 17 notebook 16 neutron 16 yetiforce/yetiforce-crm 16 tinymce 16 openmage/magento-lts 16 rusqlite 16 org.apache.activemq:activemq-client 16 org.apache.dubbo:dubbo 16 next 16 org.bouncycastle:bcprov-jdk15 16 cryptography 16 wasmtime 16 pillow 16 org.apache.jspwiki:jspwiki-main 16 sequelize 16 Microsoft.AspNetCore.App.Runtime.linux-musl-arm64 16 smarty/smarty 15 october/system 15 paddlepaddle 15 org.apache.struts.xwork:xwork-core 15 ethyca-fides 15 ec-cube/ec-cube 15 ghost 15 ckeditor4 15 publify_core 14 swagger-ui 14 modoboa 14 typo3/cms-backend 14 phpmailer/phpmailer 14 silverstripe/cms 14 pyload-ng 14 symfony/security-http 14 github.com/containerd/containerd 14 github.com/nats-io/nats-server/v2 14 github.com/zitadel/zitadel 14 bolt/bolt 14 pyftpdlib 14 feehi/cms 14 org.xwiki.platform:xwiki-platform-web 14 org.apache.inlong:manager-pojo 14 activesupport 14 OctoPrint 13 elefant/cms 13 github.com/opencontainers/runc 13 twisted 13 org.apache.dolphinscheduler:dolphinscheduler 13 impresscms/impresscms 13 org.apache.tomcat:tomcat-coyote 13 pimcore/admin-ui-classic-bundle 13
Filter by Repository
https://github.com/tensorflow/tensorflow 433 https://github.com/moodle/moodle 214 https://github.com/chakra-core/ChakraCore 214 https://github.com/xwiki/xwiki-platform 180 https://github.com/jenkinsci/jenkins 150 https://github.com/pimcore/pimcore 113 https://github.com/django/django 111 https://github.com/apache/tomcat 97 https://github.com/apache/airflow 96 https://github.com/microweber/microweber 88 https://github.com/TYPO3/typo3 72 https://github.com/FasterXML/jackson-databind 70 https://github.com/thorsten/phpmyfaq 69 https://github.com/keycloak/keycloak 65 https://github.com/silverstripe/silverstripe-framework 64 https://github.com/usememos/memos 63 https://github.com/symfony/symfony 57 https://github.com/Dolibarr/dolibarr 56 https://github.com/rails/rails 55 https://github.com/ansible/ansible 54 https://github.com/python-pillow/Pillow 52 https://github.com/kubernetes/kubernetes 50 https://github.com/apache/struts 46 https://github.com/librenms/librenms 46 https://github.com/shopware/platform 43 https://github.com/ikus060/rdiffweb 42 https://github.com/spring-projects/spring-framework 42 https://github.com/argoproj/argo-cd 42 https://github.com/grafana/grafana 40 https://github.com/magento/magento2 38 https://github.com/star7th/showdoc 38 https://github.com/vyperlang/vyper 38 https://github.com/phpmyadmin/phpmyadmin 38 https://github.com/plone/Products.CMFPlone 37 https://github.com/openstack/nova 37 https://github.com/concretecms/concretecms 37 https://github.com/x-stream/xstream 36 https://github.com/octobercms/october 35 https://github.com/saltstack/salt 34 https://github.com/answerdev/answer 34 https://github.com/apache/activemq 33 https://github.com/matrix-org/synapse 32 https://github.com/go-gitea/gitea 32 https://github.com/sparklemotion/nokogiri 32 https://github.com/opencv/opencv 32 https://github.com/PaddlePaddle/Paddle 31 https://github.com/craftcms/cms 30 https://github.com/parse-community/parse-server 30 https://github.com/mlflow/mlflow 30 https://github.com/snipe/snipe-it 29 https://github.com/shopware/shopware 28 https://github.com/CVEProject/cvelist 28 https://github.com/openstack/keystone 28 https://github.com/mautic/mautic 28 https://github.com/dotnet/runtime 28 https://github.com/rancher/rancher 28 https://github.com/apache/inlong 27 https://github.com/froxlor/froxlor 26 https://github.com/electron/electron 25 https://github.com/getgrav/grav 24 https://github.com/TYPO3/TYPO3.CMS 24 https://github.com/gogs/gogs 24 https://github.com/strapi/strapi 24 https://github.com/cilium/cilium 24 https://github.com/directus/directus 23 https://github.com/livehelperchat/livehelperchat 23 https://github.com/firefly-iii/firefly-iii 23 https://github.com/pmmp/PocketMine-MP 23 https://github.com/github/advisory-database 23 https://github.com/eclipse/jetty.project 23 https://github.com/apache/nifi 22 https://github.com/contao/contao 22 https://github.com/PrestaShop/PrestaShop 22 https://github.com/nervosnetwork/ckb 22 https://github.com/baserproject/basercms 22 https://github.com/apache/cxf 21 https://github.com/jenkinsci/script-security-plugin 21 https://github.com/OpenZeppelin/openzeppelin-contracts 20 https://github.com/umbraco/Umbraco-CMS 20 https://github.com/jeecgboot/jeecg-boot 20 https://github.com/OpenNMS/opennms 20 https://github.com/netty/netty 20 https://github.com/simplesamlphp/simplesamlphp 20 https://github.com/getkirby/kirby 19 https://github.com/nilsteampassnet/teampass 19 https://github.com/hashicorp/consul 19 https://github.com/bcgit/bc-java 19 https://github.com/cloudfoundry/uaa 19 https://github.com/rack/rack 18 https://github.com/goharbor/harbor 18 https://github.com/nilsteampassnet/TeamPass 18 https://github.com/rubygems/rubygems 18 https://github.com/langchain-ai/langchain 18 https://github.com/helm/helm 18 https://github.com/intelliants/subrion 18 https://github.com/geoserver/geoserver 18 https://github.com/liufee/cms 17 https://github.com/bytecodealliance/wasmtime 17 https://github.com/moby/moby 17 https://github.com/vaadin/platform 17 https://github.com/traefik/traefik 17 https://github.com/tinymce/tinymce 16 https://github.com/yetiforcecompany/yetiforcecrm 16 https://github.com/etcd-io/etcd 16 https://github.com/rusqlite/rusqlite 16 https://github.com/sequelize/sequelize 16 https://github.com/ethereum/go-ethereum 16 https://github.com/gradio-app/gradio 16 https://github.com/OpenMage/magento-lts 16 https://github.com/hashicorp/vault 16 https://github.com/TYPO3-CMS/core 16 https://github.com/opencast/opencast 16 https://github.com/forkcms/forkcms 16 https://github.com/laravel/framework 15 https://github.com/denoland/deno 15 https://github.com/puppetlabs/puppet 15 https://github.com/pyca/cryptography 15 https://github.com/ethyca/fides 15 https://github.com/zendframework/zendframework 15 https://github.com/vantage6/vantage6 15 https://github.com/PHPMailer/PHPMailer 15 https://github.com/centreon/centreon 15 https://github.com/apache/camel 15 https://github.com/zitadel/zitadel 14 https://github.com/ckeditor/ckeditor4 14 https://github.com/twisted/twisted 14 https://github.com/pyload/pyload 14 https://github.com/containerd/containerd 14 https://github.com/mattermost/mattermost 14 https://github.com/xuxueli/xxl-job 14 https://github.com/undertow-io/undertow 14 https://github.com/cockpit-hq/cockpit 14 https://github.com/cobbler/cobbler 14 https://github.com/TryGhost/Ghost 13 https://github.com/swagger-api/swagger-ui 13 https://github.com/hashicorp/nomad 13 https://github.com/apache/dolphinscheduler 13 https://github.com/golang/go 13 https://github.com/dromara/hutool 13 https://github.com/nodejs/undici 13 https://github.com/dompdf/dompdf 13 https://github.com/publify/publify 13 https://github.com/modoboa/modoboa 13 https://github.com/quarkusio/quarkus 13 https://github.com/dotnet/aspnetcore 13 https://github.com/ming-soft/MCMS 13 https://github.com/wagtail/wagtail 12 https://github.com/opencontainers/runc 12 https://github.com/smarty-php/smarty 12 https://github.com/vercel/next.js 12 https://github.com/urllib3/urllib3 12 https://github.com/aio-libs/aiohttp 12 https://github.com/pimcore/admin-ui-classic-bundle 12 https://github.com/backstage/backstage 12 https://github.com/apache/kylin 12 https://github.com/patriksimek/vm2 12 https://github.com/openfga/openfga 12 https://github.com/centreon/centreon-archived 12 https://github.com/1Panel-dev/1Panel 12 https://github.com/laurent22/joplin 12 https://github.com/OPCFoundation/UA-.NETStandard 11 https://github.com/janeczku/calibre-web 11 https://github.com/Sylius/Sylius 11 https://github.com/igniterealtime/Openfire 11 https://github.com/NodeBB/NodeBB 11 https://github.com/nats-io/nats-server 11 https://github.com/yiisoft/yii2 11 https://github.com/decidim/decidim 11 https://github.com/WWBN/AVideo 11 https://github.com/ezsystems/ezpublish-kernel 11 https://github.com/dpgaspar/Flask-AppBuilder 11 https://github.com/openstack/glance 11 https://github.com/top-think/framework 11 https://github.com/thorsten/phpMyFAQ 11 https://github.com/cakephp/cakephp 11 https://github.com/Studio-42/elFinder 11 https://github.com/cloudflare/cfrpki 11 https://github.com/drupal/core 11 https://github.com/scrapy/scrapy 11 https://github.com/containers/podman 11 https://github.com/onionshare/onionshare 11 https://github.com/vaadin/flow 11 https://github.com/puma/puma 11 https://github.com/DSpace/DSpace 10 https://github.com/cri-o/cri-o 10 https://github.com/zopefoundation/Zope 10 https://github.com/apache/zeppelin 10 https://github.com/codeigniter4/CodeIgniter4 10 https://github.com/nautobot/nautobot 10 https://github.com/phusion/passenger 10 https://github.com/greenpau/caddy-security 10 https://github.com/nextauthjs/next-auth 10 https://github.com/keystonejs/keystone 10 https://github.com/pomerium/pomerium 10 https://github.com/jquery/jquery 10 https://github.com/jupyter/notebook 10 https://github.com/nocodb/nocodb 10 https://github.com/apache/superset 10 https://github.com/spring-projects/spring-security 10