Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories

Loading...
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZmcDktZ3dyaC13cTln
Path Traversal in crud-file-server
Ecosystems: npm
Packages: crud-file-server
Source: GitHub Advisory Database
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXc0cHYtdzU2Yy1tZzR2
Path Traversal in stattic
Ecosystems: npm
Packages: stattic
Source: GitHub Advisory Database
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXFtbTkteDVnci00Z2Zt
Open Redirect in hekto
Ecosystems: npm
Packages: hekto
Source: GitHub Advisory Database
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWgyNGYtOW1tNC13MzM2
Cross-site Scripting (XSS) - Stored in crud-file-server
Ecosystems: npm
Packages: crud-file-server
Source: GitHub Advisory Database
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTY4NmctM3hyMy14NHg2
Information Exposure on Case Insensitive File Systems in serve
Ecosystems: npm
Packages: serve
Source: GitHub Advisory Database
Published: over 5 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW04NWMtOW1mOC1tMm02
Unsafe deserialization in confire
Ecosystems: pypi
Packages: confire
Source: GitHub Advisory Database
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTg1ZnEtNTZ3cS1nbWNm
mariadb is malware
Ecosystems: npm
Packages: mariadb
Source: GitHub Advisory Database
Published: over 5 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXd3NnYtNjc3Zy1wNjU2
Sandbox Breakout in safe-eval
Ecosystems: npm
Packages: safe-eval
Source: GitHub Advisory Database
Published: over 5 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWpjdzgtcjl4bS0zMmM2
Command Injection in dns-sync
Ecosystems: npm
Packages: dns-sync
Source: GitHub Advisory Database
Published: over 5 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXE0djctNHJody05aHFt
Code Execution through IIFE in node-serialize
Ecosystems: npm
Packages: node-serialize
Source: GitHub Advisory Database
Published: over 5 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW1tNjItd3hjOC1jZjdt
Code Execution Through IIFE in serialize-to-js
Ecosystems: npm
Packages: serialize-to-js
Source: GitHub Advisory Database
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWNxOTQtcWY2cS1tZjJo
Pysaml2 improperly initializes encryption vector
Ecosystems: pypi
Packages: pysaml2
Source: GitHub Advisory Database
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWMydngtNDlqbS1oM2Y2
Pysaml2 does not sanitize XML responses
Ecosystems: pypi
Packages: pysaml2
Source: GitHub Advisory Database
Published: over 5 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWdjcjYtcmY0Ny1qcmdm
Loaded Databook of Tablib prone to python insertion resulting in command execution
Ecosystems: pypi
Packages: tablib
Source: GitHub Advisory Database
Published: over 5 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLThwNWMtZjMyOC05ZnZ2
Diffoscope may write to arbitrary locations due to an untrusted archive
Ecosystems: pypi
Packages: diffoscope
Source: GitHub Advisory Database
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTkyNG0tNHBteC1jNjdo
pysaml2 Improper Authentication vulnerability
Ecosystems: pypi
Packages: pysaml2
Source: GitHub Advisory Database
Published: over 5 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWNjbXEtcXZjcC01bXJt
Unsafe deserialization in owlmixin
Ecosystems: pypi
Packages: owlmixin
Source: GitHub Advisory Database
Published: over 5 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXhwbTgtOThteC1oNGM1
Unsafe deserialization in MLAlchemy
Ecosystems: pypi
Packages: MLAlchemy
Source: GitHub Advisory Database
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTVtYzUtNWo2Yy1xbWY5
High severity vulnerability that affects cfscrape
Ecosystems: pypi
Packages: cfscrape
Source: GitHub Advisory Database
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXhwNW0tNGM5Zi00OThx
django-epiceditor vulnerable to XSS in form field
Ecosystems: pypi
Packages: django-epiceditor
Source: GitHub Advisory Database
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXA3eGMtMzVtOC01N3By
FedMsg not properly completing message validation
Ecosystems: pypi
Packages: FedMsg
Source: GitHub Advisory Database
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWdoangtM2pnNS1oNnIy
High severity vulnerability that affects mercurial
Ecosystems: pypi
Packages: mercurial
Source: GitHub Advisory Database
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW0yNDItd2M4Ni04NzY4
python-fedora vulnerable to an open redirect resulting in loss of CSRF protection
Ecosystems: pypi
Packages: python-fedora
Source: GitHub Advisory Database
Published: over 5 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTlwdjgtcTVyeC1jOGdx
django_make_app is vulnerable to Code Injection
Ecosystems: pypi
Packages: django_make_app
Source: GitHub Advisory Database
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWMydzktNDhxYy1xcGo0
Code injection in ansible
Ecosystems: pypi
Packages: ansible
Source: GitHub Advisory Database
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXhjcDgtaGg3NC1mNm1j
oslo.middleware Information Disclosure vulnerability
Ecosystems: pypi
Packages: oslo.middleware
Source: GitHub Advisory Database
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTMycGMteHBoeC1xNGY2
Gunicorn contains Improper Neutralization of CRLF sequences in HTTP headers
Ecosystems: pypi
Packages: gunicorn
Source: GitHub Advisory Database
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWN3aDUtM2N3Ny00Mjg2
tlslite-ng off-by-one error on mac checking
Ecosystems: pypi
Packages: tlslite-ng
Source: GitHub Advisory Database
Published: over 5 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWh4ZjktN2g0Yy1mNWp2
Django-Anymail prone to a timing attack
Ecosystems: pypi
Packages: django-anymail
Source: GitHub Advisory Database
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXFjNTUtdm0zai03NGdw
JSNAPy allows unprivileged local users to alter files under the directory
Ecosystems: pypi
Packages: jsnapy
Source: GitHub Advisory Database
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTNocTQtZjJ2Ni1xMzM4
Kotti CSRF in the local roles implementation
Ecosystems: pypi
Packages: Kotti
Source: GitHub Advisory Database
Published: over 5 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZtd3cteHZoNy1mcTRm
Koji hub call does not perform correct access checks
Ecosystems: pypi
Packages: koji
Source: GitHub Advisory Database
Published: over 5 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLThqeHEtNzVydy1maGo5
Eve allows execution of arbitrary code
Ecosystems: pypi
Packages: eve
Source: GitHub Advisory Database
Published: over 5 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTIzMnItNjZjZy03OXB4
Paramiko not properly checking authentication before processing other requests
Ecosystems: pypi
Packages: paramiko
Source: GitHub Advisory Database
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTY1Mjgtd3ZmNi1mNnFn
Pycrypto generates weak key parameters
Ecosystems: pypi
Packages: pycrypto
Source: GitHub Advisory Database
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXA2aDktZ3c0OS1ycW00
markdown2 is vulnerable to cross-site scripting
Ecosystems: pypi
Packages: markdown2
Source: GitHub Advisory Database
Published: over 5 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWh4eGYtcTN3OS00eGd3
Malicious Package in eslint-scope
Ecosystems: npm
Packages: eslint-scope, eslint-config-eslint
Source: GitHub Advisory Database
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXc0dmctcmY2My1mM2oz
Arbitrary code using "crafted image file" approach affecting Pillow
Ecosystems: pypi
Packages: Pillow
Source: GitHub Advisory Database
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXA1d3ItdnA4Zy1xNXA0
Plone Sandbox Escape
Ecosystems: pypi
Packages: Plone
Source: GitHub Advisory Database
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZjd3YteDI2Yy13MnE0
Jupyter Notebook file bypasses sanitization, executes JavaScript
Ecosystems: pypi
Packages: notebook
Source: GitHub Advisory Database
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXByM2gtampoai01NzN4
Sprockets path traversal leads to information leak
Ecosystems: rubygems
Packages: sprockets
Source: GitHub Advisory Database
Published: over 5 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXFoMmgtY2hqOS1qZmZx
Growl before 1.10.0 vulnerable to Command Injection
Ecosystems: npm
Packages: growl
Source: GitHub Advisory Database
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZ3cmYtcjVyNC03Nzc1
Incorrect handling of CORS preflight request headers in hapi
Ecosystems: npm
Packages: hapi
Source: GitHub Advisory Database
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTM5cGotZ3E4cS05cGZq
Authentication Weakness in keystone
Ecosystems: npm
Packages: keystone
Source: GitHub Advisory Database
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJjOGgtM2Z2Ni1weHY4
Denial of Service in hapi
Ecosystems: npm
Packages: hapi
Source: GitHub Advisory Database
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZ3amMtcTlweC1yOXZx
Denial of Service in ecstatic
Ecosystems: npm
Packages: ecstatic
Source: GitHub Advisory Database
Published: over 5 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTQ2NjItajk2Zy1tdjQ2
Arbitrary Code Injection in reduce-css-calc
Ecosystems: npm
Packages: reduce-css-calc
Source: GitHub Advisory Database
Published: over 5 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTNweHAtNjk2My00NnI5
Command Injection in pdfinfojs
Ecosystems: npm
Packages: pdfinfojs
Source: GitHub Advisory Database
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW1xMzUtd3F2Zi1yMjNj
Sinatra Cross-site Scripting vulnerability
Ecosystems: rubygems
Packages: sinatra
Source: GitHub Advisory Database
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWd2cHgtOTQ1OS13M21q
Cross-Site Scripting in @ckeditor/ckeditor5-link
Ecosystems: npm
Packages: @ckeditor/ckeditor5-link
Source: GitHub Advisory Database
Published: almost 6 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXB4M3Itam05Zy1jOHc4
rails-html-sanitizer Cross-site Scripting vulnerability
Ecosystems: rubygems
Packages: rails-html-sanitizer
Source: GitHub Advisory Database
Published: almost 6 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWpwNHgtdzYzbS03d2dt
Prototype Pollution in hoek
Ecosystems: npm
Packages: hoek
Source: GitHub Advisory Database
Published: almost 6 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZwY2gtcnh3My1mZ3g4
Cross-Site Scripting in @risingstack/protect
Ecosystems: npm
Packages: @risingstack/protect
Source: GitHub Advisory Database
Published: almost 6 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTg4MnAtanFnbS1mNDVn
Uncontrolled resource consumption in nokogiri
Ecosystems: rubygems
Packages: nokogiri
Source: GitHub Advisory Database
Published: almost 6 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWZqcXItZngzZi1nNHJ2
Electron protocol handler browser vulnerable to Command Injection
Ecosystems: npm
Packages: electron
Source: GitHub Advisory Database
Published: almost 6 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTh4d2ctd3Y3di00dnFw
Electron Vulnerable to Code Execution by Re-Enabling Node.js Integration
Ecosystems: npm
Packages: electron
Source: GitHub Advisory Database
Published: almost 6 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXg3cnYtY3I2di00dm00
Cross-site Scripting in loofah
Ecosystems: rubygems
Packages: nokogiri, loofah
Source: GitHub Advisory Database
Published: almost 6 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTdmNDItcDg0ai1mNThw
Sanitize vulnerable to Improper Input Validation and Cross-site Scripting
Ecosystems: rubygems
Packages: sanitize
Source: GitHub Advisory Database
Published: almost 6 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXBjbTYtZzJxcC05Z3c4
Cap-Strap gem for Ruby places credentials on the useradd command line
Ecosystems: rubygems
Packages: cap-strap
Source: GitHub Advisory Database
Published: almost 6 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWh3aGgtMmZ3bS1jZmd3
Doorkeeper is vulnerable to stored XSS and code execution
Ecosystems: rubygems
Packages: doorkeeper
Source: GitHub Advisory Database
Published: almost 6 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTdoNDItNXZqMi1jcTM5
tiny-json-http missing SSL certificate validation
Ecosystems: npm
Packages: tiny-json-http
Source: GitHub Advisory Database
Published: almost 6 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTgyZ3ctcHFmNy1xM2oy
pym.js CSRF Vulnerability
Ecosystems: npm
Packages: pym.js
Source: GitHub Advisory Database
Published: almost 6 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZ3cHYtY2o2eC12M2p3
http vulnerable to Exposure of Sensitive Information to an Unauthorized Actor
Ecosystems: rubygems
Packages: http
Source: GitHub Advisory Database
Published: almost 6 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXdwcTctcThqNC03Mmpn
Auth0-js bypasses CSRF checks
Ecosystems: npm
Packages: auth0-js
Source: GitHub Advisory Database
Published: almost 6 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTY4OGMtM3g0OS02cnFq
rack-protection gem timing attack vulnerability when validating CSRF token
Ecosystems: rubygems
Packages: rack-protection
Source: GitHub Advisory Database
Published: almost 6 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTMyNWotMjRmNC1xdjV4
Regular Expression Denial of Service in ssri
Ecosystems: npm
Packages: ssri
Source: GitHub Advisory Database
Published: almost 6 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWg2cmotOHIzYy05Z3Bq
bson is vulnerable to denial of service due to incorrect regex validation
Ecosystems: rubygems
Packages: bson
Source: GitHub Advisory Database
Published: almost 6 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXB4cjgtdzNqcS1yY3dq
rails_admin ruby gem XSS
Ecosystems: rubygems
Packages: rails_admin
Source: GitHub Advisory Database
Published: almost 6 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLThwMnAtcDhtZy14M2N3
Insight API transaction broadcast endpoint can result in Full Path Disclosure
Ecosystems: npm
Packages: insight-api
Source: GitHub Advisory Database
Published: almost 6 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZxY20tN2Y3Zi1yNTM5
brbackup exposes database password to unauthorized users
Ecosystems: rubygems
Packages: brbackup
Source: GitHub Advisory Database
Published: almost 6 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZqcXAtajY5cS1wbTYy
AWS Lambda parser is vulnerable to Regular Expression Denial of Service
Ecosystems: npm
Packages: aws-lambda-multipart-parser
Source: GitHub Advisory Database
Published: almost 6 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXc3cTkteHIyeC13aDd4
delayed_job_web Cross-site Scripting vulnerability
Ecosystems: rubygems
Packages: delayed_job_web
Source: GitHub Advisory Database
Published: almost 6 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZ4NzctcnBxZi1qNm13
ejs vulnerable to DoS due to weak input validation
Ecosystems: npm
Packages: ejs
Source: GitHub Advisory Database
Published: almost 6 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTQ0Nm0tbXY4Zi1xMzQ4
Regular Expression Denial of Service in moment
Ecosystems: npm
Packages: moment
Source: GitHub Advisory Database
Published: almost 6 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXdmd20tY2hqNy13NTly
Ox gem stack overflow in sax_parse
Ecosystems: rubygems
Packages: ox
Source: GitHub Advisory Database
Published: almost 6 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWgyOWYtN2Y1Ni1qOHdo
Sinatra Path Traversal vulnerability
Ecosystems: rubygems
Packages: sinatra
Source: GitHub Advisory Database
Published: about 6 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTgzMmgteGc3Ni00Z3Y2
ReDoS in brace-expansion
Ecosystems: npm
Packages: brace-expansion
Source: GitHub Advisory Database
Published: about 6 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTlwcjYtZ3JmNC14MmZy
Omniauth allows POST parameters to be stored in session
Ecosystems: rubygems
Packages: omniauth
Source: GitHub Advisory Database
Published: about 6 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW0zNHgtd2dyaC1nODk3
Directory traversal vulnerability in Next.js
Ecosystems: npm
Packages: next
Source: GitHub Advisory Database
Published: about 6 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTk0Y3EtN2NjcS1jbWNt
lynx doesn't properly sanitize user input and exposes database password to unauthorized users
Ecosystems: rubygems
Packages: lynx
Source: GitHub Advisory Database
Published: about 6 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXcyMjItNTNjNi1jODZw
Remote Code Execution in electron
Ecosystems: npm
Packages: electron
Source: GitHub Advisory Database
Published: about 6 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJoZ3EtdnY5eC1qNHA1
lawn-login exposes database password to unauthorized users
Ecosystems: rubygems
Packages: lawn-login
Source: GitHub Advisory Database
Published: about 6 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZ4NDUtODZxNi1yY21y
Gyazo allows local users to write arbitrary files
Ecosystems: rubygems
Packages: gyazo
Source: GitHub Advisory Database
Published: about 6 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW1ocHAtODc1dy05Y3B2
Denial of Service in jquery
Ecosystems: rubygems, maven, nuget, npm
Packages: jquery-rails, org.webjars.npm:jquery, jQuery, jquery
Source: GitHub Advisory Database
Published: about 6 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJteGctNzNnZy00cDk4
Cross-Site Scripting (XSS) in jquery
Ecosystems: maven, rubygems, npm, nuget
Packages: org.webjars.npm:jquery, jquery-rails, jquery, jQuery
Source: GitHub Advisory Database
Published: about 6 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTVqY2YtYzVyZy1ybW04
paperclip Server-Side Request Forgery vulnerability
Ecosystems: rubygems
Packages: paperclip
Source: GitHub Advisory Database
Published: about 6 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW12dzgtdjc2Ny1xaGpt
Radiant CMS vulnerable to Cross-site Scripting
Ecosystems: rubygems
Packages: radiant
Source: GitHub Advisory Database
Published: about 6 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW03cDgtOXc2Ni05ZnJt
net-ldap Improper Certificate Validation vulnerability
Ecosystems: rubygems
Packages: net-ldap
Source: GitHub Advisory Database
Published: about 6 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTdweDctN3hqeC1oeG04
Marked vulnerable to XSS from data URIs
Ecosystems: npm
Packages: marked
Source: GitHub Advisory Database
Published: about 6 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWNybXgtdjgzNS1oY3A0
Moderate severity vulnerability that affects marked
Ecosystems: npm
Packages: marked
Source: GitHub Advisory Database
Published: about 6 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLThqamYtdzdqNi0zMjNj
Samlify vulnerable to Authentication Bypass by allowing tokens to be reused with different usernames
Ecosystems: npm
Packages: samlify
Source: GitHub Advisory Database
Published: about 6 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXBtOXAtOTkyNi13Njht
Denial of Service in ecstatic
Ecosystems: npm
Packages: ecstatic
Source: GitHub Advisory Database
Published: about 6 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWg5bWotZmdoYy02NjR3
Denial of Service in mqtt
Ecosystems: npm
Packages: mqtt
Source: GitHub Advisory Database
Published: about 6 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTdmcHctY2ZjNC0zcDJj
Duplicate advisory: High severity vulnerability that affects passport-wsfed-saml2
Ecosystems: npm
Packages: passport-wsfed-saml2
Source: GitHub Advisory Database
Published: about 6 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWdqNHAtM3doMy0ycm1m
Arbitrary file read vulnerability in yard server
Ecosystems: rubygems
Packages: yard
Source: GitHub Advisory Database
Published: about 6 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTNycHItbWc0My14aHE0
auth0-js Privilege Escalation Vulnerability
Ecosystems: npm
Packages: auth0-js
Source: GitHub Advisory Database
Published: about 6 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXB2OHgtcDlocS1qMzI4
Arbitrary Code Execution in mathjs
Ecosystems: npm
Packages: mathjs
Source: GitHub Advisory Database
Published: about 6 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZ4NWMtODdxeC1jdjZj
Arbitrary Code Execution in mathjs
Ecosystems: npm
Packages: mathjs
Source: GitHub Advisory Database
Published: about 6 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLThjNTYtY3Btdy04OXg3
Out-of-bounds read in nokogiri
Ecosystems: rubygems
Packages: nokogiri
Source: GitHub Advisory Database
Published: about 6 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXgyN3YteDIyNS1ncThn
Recurly gem Server-Side Request Forgery in Resource#find method
Ecosystems: rubygems
Packages: recurly
Source: GitHub Advisory Database
Published: about 6 years ago
Filter by Package
tensorflow 433 tensorflow-cpu 387 tensorflow-gpu 384 moodle/moodle 248 Microsoft.ChakraCore 247 magento/community-edition 183 org.jenkins-ci.main:jenkins-core 177 org.apache.tomcat:tomcat 142 pimcore/pimcore 118 typo3/cms 94 microweber/microweber 91 django 79 apache-airflow 74 typo3/cms-core 71 thorsten/phpmyfaq 70 com.fasterxml.jackson.core:jackson-databind 70 actionpack 63 github.com/usememos/memos 59 ansible 57 org.apache.struts:struts2-core 55 dolibarr/dolibarr 53 phpmyadmin/phpmyadmin 53 librenms/librenms 49 apache-superset 48 symfony/symfony 47 org.keycloak:keycloak-core 47 concrete5/concrete5 46 com.liferay.portal:release.portal.bom 45 shopware/platform 45 baserproject/basercms 43 rdiffweb 42 Pillow 41 nokogiri 41 showdoc/showdoc 40 craftcms/cms 38 plone 38 github.com/mattermost/mattermost-server/v6 37 com.thoughtworks.xstream:xstream 37 com.jfinal:jfinal 36 Plone 35 net.mingsoft:ms-mcms 35 matrix-synapse 34 shopware/core 34 github.com/answerdev/answer 34 github.com/mattermost/mattermost/server/v8 33 snipe/snipe-it 32 vyper 32 intelliants/subrion 31 org.xwiki.platform:xwiki-platform-oldcore 31 org.elasticsearch:elasticsearch 30 org.jenkins-ci.plugins:script-security 30 opencv-contrib-python 30 opencv-python 30 k8s.io/kubernetes 30 drupal/core 30 froxlor/froxlor 28 org.apache.tomcat.embed:tomcat-embed-core 28 github.com/grafana/grafana 28 silverstripe/framework 27 parse-server 27 org.keycloak:keycloak-parent 26 shopware/shopware 26 github.com/argoproj/argo-cd 26 github.com/hashicorp/vault 26 electron 26 openssl-src 26 io.undertow:undertow-core 26 prestashop/prestashop 25 mlflow 25 gogs.io/gogs 25 rubygems-update 25 org.apache.solr:solr-core 25 getkirby/cms 24 magento/core 24 github.com/hashicorp/consul 24 activerecord 24 org.eclipse.jetty:jetty-server 23 puppet 23 github.com/hashicorp/nomad 23 rack 23 ckb 22 grumpydictator/firefly-iii 22 org.springframework.security:spring-security-core 22 nilsteampassnet/teampass 22 remdex/livehelperchat 22 org.apache.nifi:nifi 22 pocketmine/pocketmine-mp 21 org.apache.openmeetings:openmeetings-parent 21 @openzeppelin/contracts-upgradeable 21 centreon/centreon 21 github.com/rancher/rancher 20 @openzeppelin/contracts 20 DotNetNuke.Core 19 drupal/drupal 19 Django 19 github.com/ethereum/go-ethereum 19 org.springframework:spring-core 19 com.liferay.portal:release.dxp.bom 18 forkcms/forkcms 18 Microsoft.AspNetCore.App.Runtime.win-x64 18 Microsoft.AspNetCore.App.Runtime.win-x86 18 getgrav/grav 18 mautic/core 18 org.keycloak:keycloak-services 18 tribalsystems/zenario 18 com.vaadin:vaadin-bom 18 org.bouncycastle:bcprov-jdk14 17 org.xwiki.platform:xwiki-platform-web-templates 17 cockpit-hq/cockpit 17 sequelize 17 Microsoft.AspNetCore.App.Runtime.linux-arm 17 helm.sh/helm/v3 17 PaddlePaddle 17 cakephp/cakephp 17 Microsoft.AspNetCore.App.Runtime.win-arm 17 org.apache.geode:geode-core 17 rusqlite 16 langchain 16 github.com/argoproj/argo-cd/v2 16 cobbler 16 golang.org/x/net 16 org.apache.dubbo:dubbo 16 marked 16 github.com/cilium/cilium 16 org.apache.activemq:activemq-client 16 yetiforce/yetiforce-crm 16 francoisjacquet/rosariosis 16 Microsoft.AspNetCore.App.Runtime.osx-x64 16 tinymce 16 Microsoft.AspNetCore.App.Runtime.linux-x64 16 Microsoft.AspNetCore.App.Runtime.linux-musl-x64 16 Microsoft.AspNetCore.App.Runtime.linux-arm64 16 Microsoft.AspNetCore.App.Runtime.win-arm64 15 github.com/goharbor/harbor 15 org.bouncycastle:bcprov-jdk15 15 openmage/magento-lts 15 Microsoft.AspNetCore.App.Runtime.linux-musl-arm64 15 org.apache.jspwiki:jspwiki-main 15 org.apache.struts.xwork:xwork-core 15 cryptography 15 notebook 15 activesupport 15 wasmtime 15 github.com/docker/docker 14 modoboa 14 ckeditor4 14 phpmailer/phpmailer 14 wallabag/wallabag 14 typo3/cms-backend 14 swagger-ui 14 org.xwiki.platform:xwiki-platform-web 14 github.com/nats-io/nats-server/v2 14 publify_core 14 actionview 14 pyload-ng 13 strapi 13 ghost 13 github.com/containerd/containerd 13 org.apache.hadoop:hadoop-main 13 handlebars 13 passenger 13 studio-42/elfinder 13 symfony/security 13 october/system 13 pillow 13 nova 13 org.apache.inlong:manager-pojo 13 ezsystems/ezpublish-kernel 13 code.gitea.io/gitea 13 pyftpdlib 13 impresscms/impresscms 13 org.apache.cxf:cxf 13 rails 13 next 13 rails-html-sanitizer 12 symfony/security-http 12 org.jenkins-ci.plugins.workflow:workflow-cps 12 github.com/opencontainers/runc 12 org.jenkins-ci.plugins:git 12 com.vaadin:flow-server 12 github.com/moby/moby 12 smarty/smarty 12 org.apache.dolphinscheduler:dolphinscheduler 12 lavalite/cms 12 vm2 12 onionshare-cli 12 directus 12 elefant/cms 12 org.igniterealtime.openfire:parent 11 com.xuxueli:xxl-job 11 feehi/feehicms 11 contao/contao 11 contao/core-bundle 11 topthink/framework 11 org.jeecgframework.boot:jeecg-boot-parent 11 silverstripe/cms 11 urllib3 11 twisted 11 fat_free_crm 11 nodebb 11 github.com/cloudflare/cfrpki 11 zendframework/zendframework1 11 org.apache.camel:camel-core 11 org.apache.commons:commons-compress 11 puma 11 OctoPrint 11 jquery-rails 11 org.mortbay.jetty:jetty 11 calibreweb 11 keystone 11 Microsoft.AspNetCore.App.Runtime.linux-musl-arm 11 org.apache.hadoop:hadoop-common 11 org.apache.ranger:ranger 11 Microsoft.NETCore.App.Runtime.win-arm64 11 org.jeecgframework.boot:jeecg-boot-common 11 Microsoft.NETCore.App.Runtime.win-x64 11 org.apache.jspwiki:jspwiki-war 11 wwbn/avideo 11 feehi/cms 11 Microsoft.NETCore.App.Runtime.win-x86 11 angular 11 glance 11 org.apache.tika:tika-core 11 org.jenkins-ci.plugins:email-ext 11 github.com/traefik/traefik/v2 11 Umbraco.CMS 10 paddlepaddle 10 org.jenkins-ci.plugins.workflow:workflow-cps-global-lib 10 org.jboss.netty:netty 10 io.netty:netty 10 github.com/greenpau/caddy-security 10 github.com/go-gitea/gitea 10 vantage6 10 org.apache.james:james-server 10 aiohttp 10 laravel/framework 10 org.xwiki.platform:xwiki-platform-administration-ui 10 org.apache.cxf:cxf-core 10 undici 10 pimcore/admin-ui-classic-bundle 10 github.com/openfga/openfga 10 dompdf/dompdf 10 org.apache.inlong:manager-service 10 salt 10 jquery 10 Flask-AppBuilder 10 Microsoft.NETCore.App 10 admidio/admidio 10 org.webjars.npm:jquery 10 Microsoft.AspNetCore.All 10 opencv-python-headless 9 org.postgresql:postgresql 9 opencv-contrib-python-headless 9 wagtail 9 kiwitcms 9 org.apache.hive:hive 9 cn.hutool:hutool-core 9 github.com/sylabs/singularity 9 com.sonyericsson.jenkins.plugins.bfa:build-failure-analyzer 9 kevinpapst/kimai2 9 org.jenkins-ci.plugins:active-directory 9 alextselegidis/easyappointments 9 zope 9 neutron 9 concrete5/core 9 org.opencrx:opencrx-core-models 9 october/october 9 waitress 9 org.apache.tapestry:tapestry-core 9 org.jenkins-ci.plugins:config-file-provider 9 next-auth 9 simplesamlphp/simplesamlphp 9 october/cms 9 serve 9 org.jenkins-ci.plugins:electricflow 9 gradio 9 org.craftercms:crafter-studio 9 ethyca-fides 9 Zope 9 funadmin/funadmin 9 org.opennms:opennms 9 ssddanbrown/bookstack 9 org.apache.shiro:shiro-core 9 sylius/sylius 9 ezsystems/ezplatform-kernel 9 validator 9 github.com/cosmos/cosmos-sdk 9 io.jenkins:configuration-as-code 9 istio.io/istio 9 Microsoft.NetCore.App.Runtime.win-x86 9 golang.org/x/crypto 9 org.springframework:spring-webmvc 9 @evershop/evershop 9 Microsoft.NetCore.App.Runtime.win-arm 9 org.apache.xmlgraphics:batik 9 Microsoft.NetCore.App.Runtime.win-arm64 9 Microsoft.NetCore.App.Runtime.win-x64 9 codeigniter4/framework 9 github.com/kubeedge/kubeedge 8 pimcore/customer-management-framework-bundle 8