Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories

Loading...
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZ2N3ctNTM1ai1ycTVt
Pivotal Spring Framework DoS Attack with XML Input
Ecosystems: maven
Packages: org.springframework:spring-web
Source: GitHub Advisory Database
Blast Radius: 28.5
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTQ1dmctMnY3My12bTYy
Moderate severity vulnerability that affects org.springframework:spring-core
Ecosystems: maven
Packages: org.springframework:spring-core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 5 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTNybXYtMnBnNS14dnFq
Improperly Implemented Security Check for Standard in org.springframework:spring-core
Ecosystems: maven
Packages: org.springframework:spring-core
Source: GitHub Advisory Database
Blast Radius: 50.9
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTQ0ODcteDM4My1xcHBo
Possible privilege escalation in org.springframework:spring-core
Ecosystems: maven
Packages: org.springframework:spring-core
Source: GitHub Advisory Database
Blast Radius: 39.0
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWc4aHctNzk0Yy00ajln
Path Traversal in org.springframework:spring-core
Ecosystems: maven
Packages: org.springframework:spring-core
Source: GitHub Advisory Database
Blast Radius: 30.7
Published: over 5 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXA1aGctM3htMy1nY2pn
Spring Framework allows applications to expose STOMP over WebSocket endpoints
Ecosystems: maven
Packages: org.springframework:spring-core
Source: GitHub Advisory Database
Blast Radius: 50.9
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWN4cmotNjZjNS05Zm1o
Spring Framework when used in combination with any versions of Spring Security contains an authorization bypass
Ecosystems: maven
Packages: org.springframework:spring-core
Source: GitHub Advisory Database
Blast Radius: 45.7
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJjcGYtdmo1My03aDJt
Denial of Service in org.springframework:spring-core
Ecosystems: maven
Packages: org.springframework:spring-core
Source: GitHub Advisory Database
Blast Radius: 33.8
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXY1OTYtZndocS04eDQ4
Improper Input Validation in org.springframework.security:spring-security-core, org.springframework.security:spring-security-core , and org.springframework:spring-core
Ecosystems: maven
Packages: org.springframework.security:spring-security-core, org.springframework:spring-core
Source: GitHub Advisory Database
Blast Radius: 27.6
Published: over 5 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW1oN2ctOTl3OS14cGpt
Remote code execution occurs in Apache Solr
Ecosystems: maven
Packages: org.apache.solr:solr-core
Source: GitHub Advisory Database
Blast Radius: 36.2
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJjOXYtaDI4Zi1qY21m
There is a XML external entity expansion (XXE) vulnerability in Apache Solr config files
Ecosystems: maven
Packages: org.apache.solr:solr-core
Source: GitHub Advisory Database
Blast Radius: 20.3
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTNwcGgtMjU5NS1jZ2Zo
There is a XML external entity expansion (XXE) vulnerability in Apache Solr
Ecosystems: maven
Packages: org.apache.solr:solr-core
Source: GitHub Advisory Database
Blast Radius: 27.7
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTdweDMtNmY2Zy1oeGNq
XML external entity expansion in org.apache.solr:solr-core
Ecosystems: maven
Packages: org.apache.solr:solr-core
Source: GitHub Advisory Database
Blast Radius: 20.3
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJocTItMjU3NC03OG1j
Unzip function in ZipUtil.java in Hutool allows remote attackers to overwrite arbitrary files via directory traversal
Ecosystems: maven
Packages: cn.hutool:hutool-core, cn.hutool:hutool-all, cn.hutool:hutool-parent
Source: GitHub Advisory Database
Blast Radius: 31.4
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWM4Y2MtcDNqNy00Yzdm
Moderate severity vulnerability that affects org.apache.mesos:mesos
Ecosystems: maven
Packages: org.apache.mesos:mesos
Source: GitHub Advisory Database
Blast Radius: 17.6
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTRyNjQtd2Y3Ni1jNTNw
In blynk-server a Directory Traversal exists
Ecosystems: maven
Packages: com.github.blynkkk:blynk-server
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXEzNXAtY2hjNi03eDU3
Moderate severity vulnerability that affects org.apache.storm:storm-core
Ecosystems: maven
Packages: org.apache.storm:storm-core
Source: GitHub Advisory Database
Blast Radius: 21.1
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXA4angteDJ2dy13bTMz
Code execution in org.apache.storm:storm-core
Ecosystems: maven
Packages: org.apache.storm:storm-core
Source: GitHub Advisory Database
Blast Radius: 28.6
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXg4MjUtcmp3dy0yMjQ1
Apache Storm it is possible for the owner of a topology to trick the supervisor to launch a worker as a different, non-root, user
Ecosystems: maven
Packages: org.apache.storm:storm-core
Source: GitHub Advisory Database
Blast Radius: 28.6
Published: over 5 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZmdngtcjdoeC0zdmg2
JavaMelody has XXE via parseSoapMethodName in bull/javamelody/PayloadNameRequestWrapper.java.
Ecosystems: maven
Packages: net.bull.javamelody:javamelody-core
Source: GitHub Advisory Database
Blast Radius: 27.9
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWd4OTYtdmdmNy1od2Zn
In Apache PDFBox a carefully crafted PDF file can trigger an extremely long running computation
Ecosystems: maven
Packages: org.apache.pdfbox:pdfbox
Source: GitHub Advisory Database
Blast Radius: 21.9
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTRjMzIteG1nai0yZzk4
High severity vulnerability that affects org.apache.pdfbox:pdfbox
Ecosystems: maven
Packages: org.apache.pdfbox:pdfbox
Source: GitHub Advisory Database
Blast Radius: 31.1
Published: over 5 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWg1ZjUtcmo0ci00MmY2
Incorrect access control in Neo4j Enterprise Database Server via LDAP authentication
Ecosystems: maven
Packages: org.neo4j:neo4j-enterprise
Source: GitHub Advisory Database
Blast Radius: 18.2
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTVxOG0tbXFteC1weHA5
Spring Data Commons contain a property path parser vulnerability caused by unlimited resource allocation
Ecosystems: maven
Packages: org.springframework.data:spring-data-commons
Source: GitHub Advisory Database
Blast Radius: 30.5
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW05MjktN2ZyNi1jdmpn
Spring Data Commons, used in combination with XMLBeam, contains a property binder vulnerability caused by improper restriction of XML external entity references
Ecosystems: maven
Packages: org.springframework.data:spring-data-commons
Source: GitHub Advisory Database
Blast Radius: 30.5
Published: over 5 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTRmcTMtbXI1Ni1jZzZy
Spring Data Commons remote code injection vulnerability
Ecosystems: maven
Packages: org.springframework.data:spring-data-commons
Source: GitHub Advisory Database
Blast Radius: 39.9
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWZmamgtZmpnZy1tZnBx
Moderate severity vulnerability that affects org.apache.ranger:ranger
Ecosystems: maven
Packages: org.apache.ranger:ranger
Source: GitHub Advisory Database
Blast Radius: 1.8
Published: over 5 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTc1OG0tNmczcS1nM2ho
Policy resource matcher in Apache Ranger before 0.7.1 ignores characters after '' wildcard character
Ecosystems: maven
Packages: org.apache.ranger:ranger
Source: GitHub Advisory Database
Blast Radius: 3.0
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWM5OWgtZmdxbS02Njc5
UnixAuthenticationService in Apache Ranger was updated to correctly handle user input to avoid Stack-based buffer overflow
Ecosystems: maven
Packages: org.apache.ranger:ranger
Source: GitHub Advisory Database
Blast Radius: 2.6
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXh2N3gteDZ3ci14eDdn
Apache Ranger policy engine incorrectly matches paths in certain conditions
Ecosystems: maven
Packages: org.apache.ranger:ranger-plugins-common
Source: GitHub Advisory Database
Blast Radius: 14.6
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXY3bWYtcWd4Zi1xbXZm
Apache Ranger admin users can store some arbitrary javascript code to be executed when normal users login and access policies
Ecosystems: maven
Packages: org.apache.ranger:ranger
Source: GitHub Advisory Database
Blast Radius: 1.4
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZoeGMtOGpqcS04NTlq
Moderate severity vulnerability that affects org.apache.ranger:ranger
Ecosystems: maven
Packages: org.apache.ranger:ranger
Source: GitHub Advisory Database
Blast Radius: 2.0
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJmN3EteHFtMy02OTIz
Apache Ranger allows remote authenticated administrators to inject arbitrary web script or HTML
Ecosystems: maven
Packages: org.apache.ranger:ranger
Source: GitHub Advisory Database
Blast Radius: 1.4
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTRyamYtbXhmbS05OGg1
SQL injection vulnerability in the policy admin tool in Apache Ranger
Ecosystems: maven
Packages: org.apache.ranger:ranger
Source: GitHub Advisory Database
Blast Radius: 2.2
Published: over 5 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWo4NGMtajhxbS1nNDdy
The Admin UI in Apache Ranger before 0.5.1 does not properly handle authentication requests that lack a password
Ecosystems: maven
Packages: org.apache.ranger:ranger
Source: GitHub Advisory Database
Blast Radius: 3.0
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZ2NTItbWo1ci03ajJt
Apache Tomcat Race Condition vulnerability
Ecosystems: maven
Packages: org.apache.tomcat.embed:tomcat-embed-core
Source: GitHub Advisory Database
Blast Radius: 24.5
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTQ2ajMtcjRwai00ODM1
The host name verification missing in Apache Tomcat
Ecosystems: maven
Packages: org.apache.tomcat.embed:tomcat-embed-core
Source: GitHub Advisory Database
Blast Radius: 31.1
Published: over 5 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXI0eDItM2NxNS1ocXZw
The defaults settings for the CORS filter provided in Apache Tomcat are insecure and enable 'supportsCredentials' for all origins
Ecosystems: maven
Packages: org.apache.tomcat.embed:tomcat-embed-core
Source: GitHub Advisory Database
Blast Radius: 40.7
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW01OWMtanBjOC1tMng0
In Apache Tomcat there is an improper handing of overflow in the UTF-8 decoder
Ecosystems: maven
Packages: org.apache.tomcat.embed:tomcat-embed-core
Source: GitHub Advisory Database
Blast Radius: 31.1
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWp4NmgtM2ZqeC1jZ3Y1
Apache Tomcat information exposure vulnerability
Ecosystems: maven
Packages: org.apache.tomcat.embed:tomcat-embed-core
Source: GitHub Advisory Database
Blast Radius: 27.0
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZyeGotNThqaC00MzZy
Apache Tomcat unauthorized access vulnerability
Ecosystems: maven
Packages: org.apache.tomcat.embed:tomcat-embed-core
Source: GitHub Advisory Database
Blast Radius: 24.5
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTVxOTktZjM0bS02N2dj
Apache Tomcat Open Redirect vulnerability
Ecosystems: maven
Packages: org.apache.tomcat.embed:tomcat-embed-core
Source: GitHub Advisory Database
Blast Radius: 17.9
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXBqZnItcWYzcC0zcTI1
When running Apache Tomcat on Windows with HTTP PUTs enabled it was possible to upload a JSP file to the server
Ecosystems: maven
Packages: org.apache.tomcat.embed:tomcat-embed-core
Source: GitHub Advisory Database
Blast Radius: 33.6
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTRtdjctY3E3NS0zcWpt
Moderate severity vulnerability that affects org.bouncycastle:bcprov-jdk14 and org.bouncycastle:bcprov-jdk15
Ecosystems: maven
Packages: org.bouncycastle:bcprov-jdk14, org.bouncycastle:bcprov-jdk15
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXcyODUtd2Y5cS01dzY5
In Bouncy Castle JCE Provider the ECIES implementation allowed the use of ECB mode
Ecosystems: maven
Packages: org.bouncycastle:bcprov-jdk15, org.bouncycastle:bcprov-jdk14
Source: GitHub Advisory Database
Blast Radius: 22.2
Published: over 5 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWZqcW0tMjQ2Yy1td3Fn
In Bouncy Castle JCE Provider the other party DH public key is not fully validated
Ecosystems: maven
Packages: org.bouncycastle:bcprov-jdk15, org.bouncycastle:bcprov-jdk14
Source: GitHub Advisory Database
Blast Radius: 11.1
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJydngtcHdmOC1wNTlw
In Bouncy Castle JCE Provider the DSA key pair generator generates a weak private key if used with default values
Ecosystems: maven
Packages: org.bouncycastle:bcprov-jdk15, org.bouncycastle:bcprov-jdk14
Source: GitHub Advisory Database
Blast Radius: 22.5
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXFjajctZzJqNS1nN3Iz
In Bouncy Castle JCE Provider ECDSA does not fully validate ASN.1 encoding of signature on verification
Ecosystems: maven
Packages: org.bouncycastle:bcprov-jdk15, org.bouncycastle:bcprov-jdk14
Source: GitHub Advisory Database
Blast Radius: 22.5
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXI5Y2gtbTRmaC1mYzdx
Moderate severity vulnerability that affects org.bouncycastle:bcprov-jdk14 and org.bouncycastle:bcprov-jdk15
Ecosystems: maven
Packages: org.bouncycastle:bcprov-jdk15, org.bouncycastle:bcprov-jdk14
Source: GitHub Advisory Database
Blast Radius: 17.7
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXI5N3gtM2c4Zi1neDNt
The Bouncy Castle JCE Provider carry a propagation bug
Ecosystems: maven
Packages: org.bouncycastle:bcprov-jdk15, org.bouncycastle:bcprov-jdk14
Source: GitHub Advisory Database
Blast Radius: 22.5
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWM4eGYtbTRmZi1qY3hq
Moderate severity vulnerability that affects org.bouncycastle:bcprov-jdk14 and org.bouncycastle:bcprov-jdk15
Ecosystems: maven
Packages: org.bouncycastle:bcprov-jdk15, org.bouncycastle:bcprov-jdk14
Source: GitHub Advisory Database
Blast Radius: 15.9
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTR2aGotOThyNi00MjRo
In Bouncy Castle JCE Provider it is possible to inject extra elements in the sequence making up the signature and still have it validate
Ecosystems: maven
Packages: org.bouncycastle:bcprov-jdk15, org.bouncycastle:bcprov-jdk14
Source: GitHub Advisory Database
Blast Radius: 22.5
Published: over 5 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTQ0NDYtNjU2cC1mNTRn
Deserialization of Untrusted Data in Bouncy castle
Ecosystems: maven
Packages: org.bouncycastle:bcprov-jdk15on
Source: GitHub Advisory Database
Blast Radius: 41.9
Published: over 5 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWgzOXgtbTU1Yy12NTVo
Eclipse Vert.x does not properly neutralize '' (forward slashes) sequences that can resolve to an external location
Ecosystems: maven
Packages: io.vertx:vertx-web
Source: GitHub Advisory Database
Blast Radius: 37.5
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXFoM20tcXc2di1xdmhn
Moderate severity vulnerability that affects io.vertx:vertx-core
Ecosystems: maven
Packages: io.vertx:vertx-core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTQ1eG0tdjhncS03anF4
Excessive memory allocation
Ecosystems: maven
Packages: io.vertx:vertx-core
Source: GitHub Advisory Database
Blast Radius: 25.7
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJ2Z2ctZjhxbS02aDdq
High severity vulnerability that affects io.vertx:vertx-web
Ecosystems: maven
Packages: io.vertx:vertx-web
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTVtZjctMjZtdy0zcnFy
Moderate severity vulnerability that affects org.apache.tika:tika-core
Ecosystems: maven
Packages: org.apache.tika:tika-core
Source: GitHub Advisory Database
Blast Radius: 20.8
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWo1M2otZ21yOS1oOGcz
Comparison errorr in org.apache.tika:tika-core
Ecosystems: maven
Packages: org.apache.tika:tika-core
Source: GitHub Advisory Database
Blast Radius: 20.8
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXc2ZzMtdjQ2cS01cDI4
Moderate severity vulnerability that affects org.apache.tika:tika-core
Ecosystems: maven
Packages: org.apache.tika:tika-core
Source: GitHub Advisory Database
Blast Radius: 22.3
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZqcTItNzg5cS1mZmYy
High severity vulnerability that affects org.apache.tika:tika-core
Ecosystems: maven
Packages: org.apache.tika:tika-core
Source: GitHub Advisory Database
Blast Radius: 28.4
Published: over 5 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWo4ZzYtMndoNy02NDM5
Apache Tika allows Java code execution for serialized objects embedded in MATLAB files
Ecosystems: maven
Packages: org.apache.tika:tika-core
Source: GitHub Advisory Database
Blast Radius: 37.1
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTR4cjQtNGM2NS1oajdm
Apache Tika does not properly initialize the XML parser or choose handlers
Ecosystems: maven
Packages: org.apache.tika:tika-core
Source: GitHub Advisory Database
Blast Radius: 29.5
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWNjanAtdzcyMy0yamYy
Apache Tika Server exposes sensitive information
Ecosystems: maven
Packages: org.apache.tika:tika-server
Source: GitHub Advisory Database
Blast Radius: 4.8
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXA2OTktM3dnYy03aDcy
org.apache.tika:tika-parsers has an Infinite Loop vulnerability
Ecosystems: maven
Packages: org.apache.tika:tika-parsers
Source: GitHub Advisory Database
Blast Radius: 20.1
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTlyMjQtZ3A0NC1oM3Bt
Command injection in org.apache.tika:tika-core
Ecosystems: maven
Packages: org.apache.tika:tika-core
Source: GitHub Advisory Database
Blast Radius: 30.6
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWg4cTUtZzJjai1xcjVo
Apache Tika is vulnerable to entity expansions which can lead to a denial of service attack
Ecosystems: maven
Packages: org.apache.tika:tika-core
Source: GitHub Advisory Database
Blast Radius: 28.4
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWZtajUtd3Y5Ni1yMmNo
Denial of service vulnerability in org.apache.httpcomponents:httpclient
Ecosystems: maven
Packages: org.apache.httpcomponents:httpclient
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJ4ODMtcjU2Zy1jdjQ3
Improper certificate validation in org.apache.httpcomponents:httpclient
Ecosystems: maven
Packages: org.apache.httpcomponents:httpclient
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWNmaDUtM2doaC13Zmp4
Improper Verification of Cryptographic Signature in org.apache.httpcomponents:httpclient
Ecosystems: maven
Packages: org.apache.httpcomponents:httpclient
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTczY3EtZmhwMy04cnB3
Moderate severity vulnerability that affects org.restlet.jse:org.restlet
Ecosystems: maven
Packages: org.restlet.jse:org.restlet
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJtcDgtcXZxbS0zeHdx
Restlet Framework Ja-rs extension is vulnerable to XXE when using SimpleXMLProvider
Ecosystems: maven
Packages: org.restlet.jse:org.restlet.ext.jaxrs
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWN2ajQtZzNneC04dnFx
Restlet Framework allows remote attackers to access arbitrary files via a crafted REST API HTTP request
Ecosystems: maven
Packages: org.restlet.jse:org.restlet
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTV4cXItZ3JxNC1xd2d4
Junrar vulnerable to Infinite Loop
Ecosystems: maven
Packages: com.github.junrar:junrar
Source: GitHub Advisory Database
Blast Radius: 14.5
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWg2cnAtOHY0ai1od3Bo
Apache Camel's XSLT component allows remote attackers to execute arbitrary Java methods
Ecosystems: maven
Packages: org.apache.camel:camel-core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJmdzUtcnZmMi1qcTU2
Apache Camel's XSLT component allows remote attackers to read arbitrary files
Ecosystems: maven
Packages: org.apache.camel:camel-core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZxOWotamg2Mi01aG1w
Apache Camel's Validation Component is vulnerable against SSRF via remote DTDs and XXE.
Ecosystems: maven
Packages: org.apache.camel:camel-core
Source: GitHub Advisory Database
Blast Radius: 29.1
Published: over 5 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZ2amMtcTV2ci01MnE2
Apache Camel's Jackson and JacksonXML unmarshalling operation are vulnerable to Remote Code Execution attacks
Ecosystems: maven
Packages: org.apache.camel:camel-jackson
Source: GitHub Advisory Database
Blast Radius: 32.2
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTI2djYtdzZmdy1yaDk0
Apache Camel can allow remote attackers to execute arbitrary commands
Ecosystems: maven
Packages: org.apache.camel:camel-ahc, org.apache.camel:camel-http4, org.apache.camel:camel-http-common, org.apache.camel:camel-http, org.apache.camel:camel-servlet, org.apache.camel:camel-jetty
Source: GitHub Advisory Database
Blast Radius: 25.6
Published: over 5 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWd2NWYtY2p3OS01dnhn
Camel-xstream component in Apache Camel can allow remote attackers to execute arbitrary commands
Ecosystems: maven
Packages: org.apache.camel:camel-xstream
Source: GitHub Advisory Database
Blast Radius: 27.5
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW1oeDItcjNqeC1nOTRj
Apache Camel allows remote actor to read arbitrary files via external entity in invalid XML string or GenericFile object
Ecosystems: maven
Packages: org.apache.camel:camel-core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTNocmMtZjQzOS03Mjdn
Apache Camel XML External Entity vulnerability
Ecosystems: maven
Packages: org.apache.camel:camel-core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWp2NzQtZjlwai14cDNm
Apache Camel's Mail is vulnerable to path traversal
Ecosystems: maven
Packages: org.apache.camel:camel-mail
Source: GitHub Advisory Database
Blast Radius: 15.0
Published: over 5 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTh2Zm0tNDM4OC02cnBj
Apache is vulnerable to XXE in XSD validation processor
Ecosystems: maven
Packages: org.apache.camel:camel-core
Source: GitHub Advisory Database
Blast Radius: 38.5
Published: over 5 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZmNHEtOG1yNy01YzVj
Camel-castor component in Apache Camel is vulnerable to Java object de-serialisation
Ecosystems: maven
Packages: org.apache.camel:camel-castor
Source: GitHub Advisory Database
Blast Radius: 21.6
Published: over 5 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXFjanYtd2ZjZy1tbXBy
Code execution via deserialization in org.apache.ignite:ignite-core
Ecosystems: maven
Packages: org.apache.ignite:ignite-core
Source: GitHub Advisory Database
Blast Radius: 28.2
Published: over 5 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWNocDQtcnY3OS02OGoz
Apache serialization mechanism does not have a list of classes allowed for serialization/deserialization
Ecosystems: maven
Packages: org.apache.ignite:ignite-core
Source: GitHub Advisory Database
Blast Radius: 28.2
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLThxZmMtY3ZqcC1tZ3Bx
Moderate severity vulnerability that affects org.apache.ignite:ignite-core
Ecosystems: maven
Packages: org.apache.ignite:ignite-core
Source: GitHub Advisory Database
Blast Radius: 17.0
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLThwODMtNjhjdy05NDNm
Apache Ignite communicates to an external PHP server where sensitive information is sent
Ecosystems: maven
Packages: org.apache.ignite:ignite-core
Source: GitHub Advisory Database
Blast Radius: 21.6
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTk2anEtNzV3aC0yNjU4
Moderate severity vulnerability that affects apache axis
Ecosystems: maven
Packages: axis:axis, org.apache.axis:axis
Source: GitHub Advisory Database
Blast Radius: 20.7
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXI1M3Ytdm04Ny1mNzJj
Improper Validation of Certificates in apache axis
Ecosystems: maven
Packages: axis:axis, org.apache.axis:axis
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWNncHctMmdwaC0ycjln
Moderate severity vulnerability that affects Microsoft.AspNetCore.All, Microsoft.AspNetCore.App, and Microsoft.AspNetCore.Server.Kestrel.Core
Ecosystems: nuget
Packages: Microsoft.AspNetCore.All, Microsoft.AspNetCore.Server.Kestrel.Core, Microsoft.AspNetCore.App
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTNtMnItcTh4My14bWY3
Moderate severity vulnerability that affects Microsoft.AspNetCore.All, Microsoft.AspNetCore.Server.Kestrel.Core, Microsoft.AspNetCore.Server.Kestrel.Transport.Abstractions, and Microsoft.AspNetCore.Server.Kestrel.Transport.Libuv
Ecosystems: nuget
Packages: Microsoft.AspNetCore.All, Microsoft.AspNetCore.Server.Kestrel.Transport.Libuv, Microsoft.AspNetCore.Server.Kestrel.Transport.Abstractions, Microsoft.AspNetCore.Server.Kestrel.Core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWpjOGcteGh3NS02eDQ2
Improper Certificate Validation in Microsoft .NET Framework components
Ecosystems: nuget
Packages: System.ServiceModel.Duplex, System.ServiceModel.Security, System.Private.ServiceModel, System.ServiceModel.NetTcp, System.ServiceModel.Http, System.ServiceModel.Primitives, Microsoft.NETCore.UniversalWindowsPlatform
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWNoNnAtNGpjbS1oOHZo
Moderate severity vulnerability that affects Microsoft.AspNetCore.Mvc and Microsoft.AspNetCore.Mvc.Core
Ecosystems: nuget
Packages: Microsoft.AspNetCore.Mvc.WebApiCompatShim, Microsoft.AspNetCore.Mvc.ViewFeatures, Microsoft.AspNetCore.Mvc.TagHelpers, Microsoft.AspNetCore.Mvc.Razor, Microsoft.AspNetCore.Mvc.Razor.Host, Microsoft.AspNetCore.Mvc.Localization, Microsoft.AspNetCore.Mvc.Formatters.Xml, Microsoft.AspNetCore.Mvc.Formatters.Json, Microsoft.AspNetCore.Mvc.DataAnnotations, Microsoft.AspNetCore.Mvc.Cors, Microsoft.AspNetCore.Mvc.ApiExplorer, Microsoft.AspNetCore.Mvc.Abstractions, System.Net.WebSockets.Client, System.Net.Security, System.Net.Http.WinHttpHandler, System.Text.Encodings.Web, System.Net.Http, Microsoft.AspNetCore.Mvc.Core, Microsoft.AspNetCore.Mvc
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWdyNGMtNXJxNi1jZ2gz
OPC UA applications can allow a remote attacker to determine a Server's private key
Ecosystems: nuget
Packages: OPCFoundation.NetStandard.Opc.Ua
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW12MnItcTRnNS1qOHE1
Denial of service in ASP.NET Core
Ecosystems: nuget
Packages: Microsoft.AspNetCore.DataProtection.AzureStorage, Microsoft.AspNetCore.All, Microsoft.Data.OData
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZ4aDctNHYydy0zNnE2
ASP.NET Core fails to properly validate web requests
Ecosystems: nuget
Packages: System.Net.Http.WinHttpHandler, Microsoft.AspNetCore.Mvc.WebApiCompatShim, Microsoft.AspNetCore.Mvc.ViewFeatures, Microsoft.AspNetCore.Mvc.TagHelpers, Microsoft.AspNetCore.Mvc.Razor, Microsoft.AspNetCore.Mvc.Razor.Host, Microsoft.AspNetCore.Mvc.Localization, Microsoft.AspNetCore.Mvc.Formatters.Xml, Microsoft.AspNetCore.Mvc.Formatters.Json, Microsoft.AspNetCore.Mvc.DataAnnotations, Microsoft.AspNetCore.Mvc.Cors, Microsoft.AspNetCore.Mvc.ApiExplorer, Microsoft.AspNetCore.Mvc.Abstractions, System.Net.WebSockets.Client, System.Net.Security, System.Text.Encodings.Web, System.Net.Http, Microsoft.AspNetCore.Mvc.Core, Microsoft.AspNetCore.Mvc
Source: GitHub Advisory Database
Blast Radius: 10.7
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWo4ZjQtMnc0cC1taGpj
Moderate severity vulnerability that affects Microsoft.AspNetCore.Mvc
Ecosystems: nuget
Packages: Microsoft.AspNetCore.Mvc.WebApiCompatShim, Microsoft.AspNetCore.Mvc.ViewFeatures, Microsoft.AspNetCore.Mvc.TagHelpers, Microsoft.AspNetCore.Mvc.Razor, Microsoft.AspNetCore.Mvc.Razor.Host, Microsoft.AspNetCore.Mvc.Localization, Microsoft.AspNetCore.Mvc.Formatters.Xml, Microsoft.AspNetCore.Mvc.Formatters.Json, Microsoft.AspNetCore.Mvc.DataAnnotations, Microsoft.AspNetCore.Mvc.Cors, Microsoft.AspNetCore.Mvc.ApiExplorer, Microsoft.AspNetCore.Mvc.Abstractions, System.Net.WebSockets.Client, System.Net.Security, System.Net.Http.WinHttpHandler, System.Text.Encodings.Web, System.Net.Http, Microsoft.AspNetCore.Mvc.Core, Microsoft.AspNetCore.Mvc
Source: GitHub Advisory Database
Blast Radius: 7.6
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXFocWYtZ2hnaC14Mm00
High severity vulnerability that affects Microsoft.AspNetCore.Mvc
Ecosystems: nuget
Packages: DisCatSharp, Microsoft.AspNetCore.Mvc.WebApiCompatShim, Microsoft.AspNetCore.Mvc.ViewFeatures, Microsoft.AspNetCore.Mvc.TagHelpers, Microsoft.AspNetCore.Mvc.Razor, Microsoft.AspNetCore.Mvc.Razor.Host, Microsoft.AspNetCore.Mvc.Localization, Microsoft.AspNetCore.Mvc.Formatters.Xml, Microsoft.AspNetCore.Mvc.Formatters.Json, Microsoft.AspNetCore.Mvc.DataAnnotations, Microsoft.AspNetCore.Mvc.Cors, Microsoft.AspNetCore.Mvc.ApiExplorer, Microsoft.AspNetCore.Mvc.Abstractions, System.Net.WebSockets.Client, System.Net.Security, System.Net.Http.WinHttpHandler, System.Text.Encodings.Web, System.Net.Http, Microsoft.AspNetCore.Mvc.Core, Microsoft.AspNetCore.Mvc
Source: GitHub Advisory Database
Blast Radius: 10.4
Published: over 5 years ago
Statistics
Advisories: 18,341
Packages: 8,286
Repositories: 5,012
Ecosystems: 12
Filter by Severity
Moderate 7,915 High 6,347 Critical 2,807 Low 984
Filter by Ecosystem
maven 5,523 packagist 3,801 pypi 3,707 npm 3,537 go 1,891 nuget 1,390 rubygems 814 cargo 777 swift 31 hex 30 actions 16 pub 8
Filter by Package
tensorflow 432 tensorflow-cpu 387 tensorflow-gpu 384 moodle/moodle 322 Microsoft.ChakraCore 247 org.jenkins-ci.main:jenkins-core 189 magento/community-edition 182 org.apache.tomcat:tomcat 134 pimcore/pimcore 116 dolibarr/dolibarr 105 typo3/cms 102 phpmyadmin/phpmyadmin 91 microweber/microweber 91 django 80 apache-airflow 78 drupal/core 76 typo3/cms-core 73 thorsten/phpmyfaq 70 com.fasterxml.jackson.core:jackson-databind 69 ansible 63 drupal/drupal 61 github.com/usememos/memos 59 actionpack 57 org.apache.struts:struts2-core 55 librenms/librenms 54 symfony/symfony 53 concrete5/concrete5 52 salt 50 shopware/platform 48 apache-superset 48 org.keycloak:keycloak-core 47 Plone 45 com.liferay.portal:release.portal.bom 45 plone 43 baserproject/basercms 43 nokogiri 42 rdiffweb 42 Pillow 41 craftcms/cms 40 showdoc/showdoc 40 intelliants/subrion 40 vyper 38 github.com/mattermost/mattermost/server/v8 38 org.apache.tomcat.embed:tomcat-embed-core 37 github.com/mattermost/mattermost-server/v6 37 nilsteampassnet/teampass 37 shopware/core 36 com.jfinal:jfinal 36 froxlor/froxlor 36 com.thoughtworks.xstream:xstream 36 matrix-synapse 35 net.mingsoft:ms-mcms 35 github.com/answerdev/answer 34 org.xwiki.platform:xwiki-platform-oldcore 34 silverstripe/framework 32 org.elasticsearch:elasticsearch 32 k8s.io/kubernetes 32 snipe/snipe-it 32 mlflow 31 org.jenkins-ci.plugins:script-security 30 opencv-python 30 opencv-contrib-python 30 mautic/core 29 parse-server 29 github.com/argoproj/argo-cd 29 github.com/hashicorp/vault 28 github.com/grafana/grafana 28 github.com/rancher/rancher 28 io.undertow:undertow-core 27 org.keycloak:keycloak-services 27 Django 27 shopware/shopware 27 getgrav/grav 27 centreon/centreon 27 github.com/hashicorp/consul 26 openssl-src 26 github.com/hashicorp/nomad 26 electron 26 rubygems-update 25 org.apache.solr:solr-core 25 org.keycloak:keycloak-parent 25 gogs.io/gogs 24 prestashop/prestashop 24 magento/core 24 puppet 23 org.springframework.security:spring-security-core 23 org.eclipse.jetty:jetty-server 23 pocketmine/pocketmine-mp 23 moin 23 github.com/argoproj/argo-cd/v2 23 remdex/livehelperchat 23 grumpydictator/firefly-iii 22 org.apache.nifi:nifi 22 getkirby/cms 22 rack 22 ckb 22 org.apache.openmeetings:openmeetings-parent 21 @openzeppelin/contracts-upgradeable 21 contao/core-bundle 21 activerecord 21 @openzeppelin/contracts 20 org.cloudfoundry.identity:cloudfoundry-identity-server 20 github.com/cilium/cilium 20 code.gitea.io/gitea 19 github.com/ethereum/go-ethereum 19 DotNetNuke.Core 19 org.springframework:spring-core 19 github.com/docker/docker 19 com.liferay.portal:release.dxp.bom 18 forkcms/forkcms 18 contao/contao 18 com.vaadin:vaadin-bom 18 helm.sh/helm/v3 18 org.bouncycastle:bcprov-jdk14 18 langchain 18 tribalsystems/zenario 18 org.apache.geode:geode-core 17 golang.org/x/net 17 org.xwiki.platform:xwiki-platform-web-templates 17 genix/cms 17 PaddlePaddle 17 mercurial 17 francoisjacquet/rosariosis 17 symfony/security 17 cakephp/cakephp 17 Microsoft.AspNetCore.App.Runtime.win-x64 17 Microsoft.AspNetCore.App.Runtime.win-x86 17 cockpit-hq/cockpit 17 simplesamlphp/simplesamlphp 17 cobbler 17 Microsoft.AspNetCore.App.Runtime.win-arm 16 sequelize 16 org.bouncycastle:bcprov-jdk15 16 directus 16 wasmtime 16 rusqlite 16 yetiforce/yetiforce-crm 16 pillow 16 org.apache.dubbo:dubbo 16 org.apache.activemq:activemq-client 16 Microsoft.AspNetCore.App.Runtime.linux-musl-x64 15 github.com/goharbor/harbor 15 Microsoft.AspNetCore.App.Runtime.linux-arm64 15 Microsoft.AspNetCore.App.Runtime.linux-arm 15 org.apache.jspwiki:jspwiki-main 15 Microsoft.AspNetCore.App.Runtime.linux-x64 15 topthink/framework 15 org.apache.struts.xwork:xwork-core 15 nova 15 openmage/magento-lts 15 Microsoft.AspNetCore.App.Runtime.osx-x64 15 cryptography 15 notebook 15 paddlepaddle 15 Microsoft.AspNetCore.App.Runtime.linux-musl-arm64 14 Microsoft.AspNetCore.App.Runtime.win-arm64 14 pyftpdlib 14 gradio 14 ezsystems/ezpublish-kernel 14 symfony/security-http 14 zendframework/zendframework1 14 ec-cube/ec-cube 14 publify_core 14 keystone 14 tinymce 14 smarty/smarty 14 typo3/cms-backend 14 swagger-ui 14 modoboa 14 org.xwiki.platform:xwiki-platform-web 14 phpmailer/phpmailer 14 activesupport 14 pyload-ng 14 ghost 14 codeigniter4/framework 13 org.apache.hadoop:hadoop-main 13 elefant/cms 13 next 13 joplin 13 strapi 13 github.com/containerd/containerd 13 october/system 13 impresscms/impresscms 13 org.apache.inlong:manager-pojo 13 github.com/traefik/traefik/v2 13 github.com/nats-io/nats-server/v2 13 neutron 13 ckeditor4 13 lavalite/cms 13 passenger 13 bolt/bolt 13 org.apache.cxf:cxf 13 github.com/mattermost/mattermost-server 13 actionview 12 undici 12 Microsoft.NETCore.App.Runtime.win-arm64 12 Microsoft.NETCore.App.Runtime.win-x64 12 phpbb/phpbb 12 github.com/opencontainers/runc 12 github.com/moby/moby 12
Filter by Repository
https://github.com/tensorflow/tensorflow 432 https://github.com/chakra-core/ChakraCore 214 https://github.com/moodle/moodle 210 https://github.com/xwiki/xwiki-platform 172 https://github.com/jenkinsci/jenkins 148 https://github.com/pimcore/pimcore 111 https://github.com/apache/tomcat 96 https://github.com/apache/airflow 90 https://github.com/microweber/microweber 85 https://github.com/django/django 74 https://github.com/FasterXML/jackson-databind 70 https://github.com/thorsten/phpmyfaq 69 https://github.com/usememos/memos 59 https://github.com/keycloak/keycloak 59 https://github.com/Dolibarr/dolibarr 54 https://github.com/rails/rails 53 https://github.com/ansible/ansible 53 https://github.com/python-pillow/Pillow 52 https://github.com/kubernetes/kubernetes 48 https://github.com/symfony/symfony 47 https://github.com/librenms/librenms 46 https://github.com/apache/struts 46 https://github.com/shopware/platform 43 https://github.com/ikus060/rdiffweb 42 https://github.com/TYPO3/typo3 42 https://github.com/spring-projects/spring-framework 41 https://github.com/phpmyadmin/phpmyadmin 38 https://github.com/star7th/showdoc 38 https://github.com/vyperlang/vyper 38 https://github.com/argoproj/argo-cd 37 https://github.com/plone/Products.CMFPlone 37 https://github.com/x-stream/xstream 36 https://github.com/answerdev/answer 34 https://github.com/concretecms/concretecms 34 https://github.com/octobercms/october 33 https://github.com/apache/activemq 33 https://github.com/matrix-org/synapse 32 https://github.com/saltstack/salt 32 https://github.com/PaddlePaddle/Paddle 31 https://github.com/go-gitea/gitea 31 https://github.com/sparklemotion/nokogiri 31 https://github.com/magento/magento2 31 https://github.com/craftcms/cms 29 https://github.com/parse-community/parse-server 29 https://github.com/snipe/snipe-it 28 https://github.com/CVEProject/cvelist 28 https://github.com/opencv/opencv 28 https://github.com/mautic/mautic 27 https://github.com/froxlor/froxlor 26 https://github.com/rancher/rancher 25 https://github.com/electron/electron 25 https://github.com/apache/inlong 25 https://github.com/mlflow/mlflow 25 https://github.com/shopware/shopware 24 https://github.com/TYPO3/TYPO3.CMS 24 https://github.com/getgrav/grav 23 https://github.com/livehelperchat/livehelperchat 23 https://github.com/pmmp/PocketMine-MP 23 https://github.com/eclipse/jetty.project 23 https://github.com/github/advisory-database 23 https://github.com/dotnet/runtime 23 https://github.com/contao/contao 22 https://github.com/grafana/grafana 22 https://github.com/nervosnetwork/ckb 22 https://github.com/firefly-iii/firefly-iii 22 https://github.com/baserproject/basercms 22 https://github.com/apache/nifi 21 https://github.com/strapi/strapi 21 https://github.com/cilium/cilium 20 https://github.com/netty/netty 20 https://github.com/jenkinsci/script-security-plugin 20 https://github.com/OpenNMS/opennms 20 https://github.com/jeecgboot/jeecg-boot 20 https://github.com/gogs/gogs 20 https://github.com/PrestaShop/PrestaShop 20 https://github.com/OpenZeppelin/openzeppelin-contracts 20 https://github.com/cloudfoundry/uaa 19 https://github.com/hashicorp/consul 19 https://github.com/apache/cxf 19 https://github.com/intelliants/subrion 19 https://github.com/helm/helm 19 https://github.com/nilsteampassnet/teampass 19 https://github.com/rubygems/rubygems 18 https://github.com/bcgit/bc-java 18 https://github.com/nilsteampassnet/TeamPass 18 https://github.com/getkirby/kirby 18 https://github.com/vaadin/platform 17 https://github.com/bytecodealliance/wasmtime 17 https://github.com/liufee/cms 17 https://github.com/rack/rack 17 https://github.com/rusqlite/rusqlite 16 https://github.com/sequelize/sequelize 16 https://github.com/hashicorp/vault 16 https://github.com/umbraco/Umbraco-CMS 16 https://github.com/yetiforcecompany/yetiforcecrm 16 https://github.com/forkcms/forkcms 16 https://github.com/etcd-io/etcd 16 https://github.com/opencast/opencast 16 https://github.com/goharbor/harbor 15 https://github.com/puppetlabs/puppet 15 https://github.com/geoserver/geoserver 15 https://github.com/directus/directus 15 https://github.com/centreon/centreon 15 https://github.com/OpenMage/magento-lts 15 https://github.com/ethereum/go-ethereum 15 https://github.com/apache/camel 15 https://github.com/tinymce/tinymce 14 https://github.com/denoland/deno 14 https://github.com/langchain-ai/langchain 14 https://github.com/pyca/cryptography 14 https://github.com/pyload/pyload 14 https://github.com/simplesamlphp/simplesamlphp 14 https://github.com/moby/moby 14 https://github.com/mattermost/mattermost 14 https://github.com/vantage6/vantage6 14 https://github.com/cobbler/cobbler 14 https://github.com/cockpit-hq/cockpit 14 https://github.com/PHPMailer/PHPMailer 14 https://github.com/modoboa/modoboa 13 https://github.com/gradio-app/gradio 13 https://github.com/dompdf/dompdf 13 https://github.com/containerd/containerd 13 https://github.com/undertow-io/undertow 13 https://github.com/silverstripe/silverstripe-framework 13 https://github.com/hashicorp/nomad 13 https://github.com/publify/publify 13 https://github.com/quarkusio/quarkus 13 https://github.com/golang/go 13 https://github.com/xuxueli/xxl-job 13 https://github.com/traefik/traefik 13 https://github.com/ming-soft/MCMS 13 https://github.com/swagger-api/swagger-ui 13 https://github.com/nodejs/undici 12 https://github.com/ckeditor/ckeditor4 12 https://github.com/TryGhost/Ghost 12 https://github.com/centreon/centreon-archived 12 https://github.com/twisted/twisted 12 https://github.com/apache/kylin 12 https://github.com/laurent22/joplin 12 https://github.com/patriksimek/vm2 12 https://github.com/backstage/backstage 12 https://github.com/apache/dolphinscheduler 12 https://github.com/dromara/hutool 12 https://github.com/zitadel/zitadel 11 https://github.com/janeczku/calibre-web 11 https://github.com/Studio-42/elFinder 11 https://github.com/NodeBB/NodeBB 11 https://github.com/puma/puma 11 https://github.com/cakephp/cakephp 11 https://github.com/openfga/openfga 11 https://github.com/cloudflare/cfrpki 11 https://github.com/drupal/core 11 https://github.com/jquery/jquery 11 https://github.com/openstack/keystone 11 https://github.com/aio-libs/aiohttp 11 https://github.com/opencontainers/runc 11 https://github.com/onionshare/onionshare 11 https://github.com/thorsten/phpMyFAQ 11 https://github.com/smarty-php/smarty 11 https://github.com/containers/podman 11 https://github.com/vaadin/flow 11 https://github.com/igniterealtime/Openfire 11 https://github.com/urllib3/urllib3 11 https://github.com/dpgaspar/Flask-AppBuilder 10 https://github.com/keystonejs/keystone 10 https://github.com/dotnet/aspnetcore 10 https://github.com/WWBN/AVideo 10 https://github.com/jenkinsci/git-plugin 10 https://github.com/ezsystems/ezpublish-kernel 10 https://github.com/zopefoundation/Zope 10 https://github.com/greenpau/caddy-security 10 https://github.com/jupyter/notebook 10 https://github.com/OPCFoundation/UA-.NETStandard 10 https://github.com/nextauthjs/next-auth 10 https://github.com/cosmos/cosmos-sdk 10 https://github.com/pimcore/admin-ui-classic-bundle 10 https://github.com/nats-io/nats-server 10 https://github.com/dolibarr/dolibarr 10 https://github.com/wagtail/wagtail 10 https://github.com/codeigniter4/CodeIgniter4 10 https://github.com/phusion/passenger 10 https://github.com/1Panel-dev/1Panel 10 https://github.com/cri-o/cri-o 9 https://github.com/yiisoft/yii2 9 https://github.com/neorazorx/facturascripts 9 https://github.com/top-think/framework 9 https://github.com/DSpace/DSpace 9 https://github.com/ethyca/fides 9 https://github.com/fatfreecrm/fat_free_crm 9 https://github.com/bolt/bolt 9 https://github.com/spring-projects/spring-security 9 https://github.com/kevinpapst/kimai2 9 https://github.com/rails/rails-html-sanitizer 9 https://github.com/vercel/next.js 9 https://github.com/cui2shark/cms 9 https://github.com/Graylog2/graylog2-server 9 https://github.com/funadmin/funadmin 9 https://github.com/giampaolo/pyftpdlib 9 https://github.com/Pylons/waitress 9