Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories

Browse all Security Advisories for

Loading...
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXFyOTUtNG1xNS1yM2Zo
Phar unserialization vulnerability in phpMussel
Ecosystems: packagist
Packages: Maikuolan/phpMussel, phpmussel/phpmussel
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 4 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJxNjYtNmNjMy02eG04
CSRF issue on preview pages in Bolt CMS
Ecosystems: packagist
Packages: bolt/bolt
Source: GitHub Advisory Database
Blast Radius: 20.3
Published: over 4 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTY4cTMtN3dqcC03cTNq
The filename of uploaded files vulnerable to stored XSS
Ecosystems: packagist
Packages: bolt/bolt
Source: GitHub Advisory Database
Blast Radius: 17.5
Published: over 4 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTQ4NTItdnJoNy0yOHJm
Reflected XSS in GraphQL Playground
Ecosystems: npm
Packages: graphql-playground-html
Source: GitHub Advisory Database
Blast Radius: 37.4
Published: over 4 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXc0MmctN3ZmYy14ZjM3
Introspection in schema validation in Apollo Server
Ecosystems: npm
Packages: apollo-server-micro, apollo-server-lambda, apollo-server-koa, apollo-server-hapi, apollo-server-fastify, apollo-server-express, apollo-server-cloudflare, apollo-server-cloud-functions, apollo-server-core, apollo-server-cache-memcached, apollo-server-azure-functions, apollo-server
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 4 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXY3M3ctcjl4Zy03Y3I5
Use of insecure jQuery version in OctoberCMS
Ecosystems: packagist
Packages: october/system, october/october
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 4 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJtMzQtamNqdi00NXhm
XSS in Django
Ecosystems: pypi
Packages: Django
Source: GitHub Advisory Database
Blast Radius: 30.9
Published: over 4 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXdwanItajU3eC13eGZ3
Data leakage via cache key collision in Django
Ecosystems: pypi
Packages: Django
Source: GitHub Advisory Database
Blast Radius: 29.9
Published: over 4 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWc3OG0tMmNobS1yN3F2
Regular Expression Denial of Service in websocket-extensions (NPM package)
Ecosystems: npm
Packages: websocket-extensions
Source: GitHub Advisory Database
Blast Radius: 53.2
Published: over 4 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWh3ajMtbTNwNi1oajM4
dom4j allows External Entities by default which might enable XXE attacks
Ecosystems: maven
Packages: dom4j:dom4j, org.dom4j:dom4j
Source: GitHub Advisory Database
Blast Radius: 43.8
Published: over 4 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTQ4cnctajQ4OS05Mjht
Signature wrapping vulnerability in Spring Security
Ecosystems: maven
Packages: org.springframework.security:spring-security-core
Source: GitHub Advisory Database
Blast Radius: 40.9
Published: over 4 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTMyeGYtandtdi05aGYz
Directory traversal attack in Spring Cloud Config
Ecosystems: maven
Packages: org.springframework.cloud:spring-cloud-config-server
Source: GitHub Advisory Database
Blast Radius: 31.4
Published: over 4 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWc4NnctdjV2Zy05Z3hm
Directory traversal attack in Spring Cloud Config
Ecosystems: maven
Packages: org.springframework.cloud:spring-cloud-config-server
Source: GitHub Advisory Database
Blast Radius: 27.2
Published: over 4 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTV3bTUtOHE0Mi1yaHhn
File system access via H2 in Apache Ignite
Ecosystems: maven
Packages: org.apache.ignite:ignite-core
Source: GitHub Advisory Database
Blast Radius: 26.2
Published: over 4 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWZwam0tcnAyZy0zcjRj
Django Rest Framework jwt allows obtaining new token from notionally invalidated token
Ecosystems: pypi
Packages: drf-jwt
Source: GitHub Advisory Database
Blast Radius: 22.4
Published: over 4 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTM3Y2YtcjN3Mi1namZ3
django-nopassword stores secrets in cleartext
Ecosystems: pypi
Packages: django-nopassword
Source: GitHub Advisory Database
Blast Radius: 5.2
Published: over 4 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTNnaDIteHc3NC1qbWN3
SQL injection in Django
Ecosystems: pypi
Packages: Django
Source: GitHub Advisory Database
Blast Radius: 44.5
Published: over 4 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXY4djgtNjg1OS1xeG00
Arbitrary shell command execution in logkitty
Ecosystems: npm
Packages: logkitty
Source: GitHub Advisory Database
Blast Radius: 52.9
Published: over 4 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWc2d3EtcWN3bS1qNWcy
Regular Expression Denial of Service in websocket-extensions (RubyGem)
Ecosystems: rubygems
Packages: websocket-extensions
Source: GitHub Advisory Database
Blast Radius: 45.7
Published: over 4 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZ3cXEtNXZyYy14dzlo
Improper validation of certificate with host mismatch in Apache Log4j SMTP appender
Ecosystems: maven
Packages: org.apache.logging.log4j:log4j-core, org.apache.logging.log4j:log4j
Source: GitHub Advisory Database
Blast Radius: 18.2
Published: over 4 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWM4d2gtNmp3NC0yaDc5
Potential unauthorized access to stored request & session data when plugin is misconfigured in October CMS Debugbar
Ecosystems: packagist
Packages: rainlab/debugbar-plugin
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 4 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXg3bTItNmc5OS04NHc1
Arbitrary File Read in Snyk Broker
Ecosystems: npm
Packages: snyk-broker
Source: GitHub Advisory Database
Blast Radius: 2.0
Published: over 4 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTR2ajMtZjg0OS01cjQ4
Arbitrary File Read in Snyk Broker
Ecosystems: npm
Packages: snyk-broker
Source: GitHub Advisory Database
Blast Radius: 2.0
Published: over 4 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTl4djItNTQ4eC01aDc5
Arbitrary File Read in Snyk Broker
Ecosystems: npm
Packages: snyk-broker
Source: GitHub Advisory Database
Blast Radius: 2.0
Published: over 4 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJmbXAtN3h3Zi13dndy
Arbitrary File Read in Snyk Broker
Ecosystems: npm
Packages: snyk-broker
Source: GitHub Advisory Database
Blast Radius: 2.0
Published: over 4 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW1naDUtNGg5NS1xajRw
Information Exposure in Snyk Broker
Ecosystems: npm
Packages: snyk-broker
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: over 4 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTQ1aHctMjl4Ny05eDk1
Arbitrary File Read in Snyk Broker
Ecosystems: npm
Packages: snyk-broker
Source: GitHub Advisory Database
Blast Radius: 1.3
Published: over 4 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTRyaG0tbTJmcC1oeDdx
Potential CSV Injection vector in OctoberCMS
Ecosystems: packagist
Packages: october/backend
Source: GitHub Advisory Database
Blast Radius: 10.0
Published: over 4 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWdnNngteHg3OC00NDhj
Reflected XSS when importing CSV in OctoberCMS
Ecosystems: packagist
Packages: october/backend
Source: GitHub Advisory Database
Blast Radius: 10.0
Published: over 4 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTk3MjItcnI2OC1yZnBn
Upload whitelisted files to any directory in OctoberCMS
Ecosystems: packagist
Packages: october/cms
Source: GitHub Advisory Database
Blast Radius: 8.5
Published: over 4 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWp2NnYtZnZ2eC00OTMy
Arbitrary File Deletion vulnerability in OctoberCMS
Ecosystems: packagist
Packages: october/cms
Source: GitHub Advisory Database
Blast Radius: 15.5
Published: over 4 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXIyM2YtYzJqNS1yeDJm
Local File read vulnerability in OctoberCMS
Ecosystems: packagist
Packages: october/cms
Source: GitHub Advisory Database
Blast Radius: 12.0
Published: over 4 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTM4ZjktbTI5Ny02cTln
DoS via malicious record IDs in WatermelonDB
Ecosystems: npm
Packages: @nozbe/watermelondb
Source: GitHub Advisory Database
Blast Radius: 14.1
Published: over 4 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXI1anctNjJ4Zy1qNDMz
Cross-Site Scripting in Kaminari
Ecosystems: rubygems
Packages: kaminari
Source: GitHub Advisory Database
Blast Radius: 31.3
Published: over 4 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXdoNjktd2M2cS03ODg4
Command injection in node-dns-sync
Ecosystems: npm
Packages: dns-sync
Source: GitHub Advisory Database
Blast Radius: 17.9
Published: over 4 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXFmY3YtNXdody03cGN3
Exposure of Sensitive Information to an Unauthorized Actor in AEgir
Ecosystems: npm
Packages: aegir
Source: GitHub Advisory Database
Blast Radius: 28.2
Published: over 4 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWY3aHgtZnF4dy1ydnZq
Insufficient output escaping of attachment names in PHPMailer
Ecosystems: packagist
Packages: phpmailer/phpmailer
Source: GitHub Advisory Database
Blast Radius: 32.1
Published: over 4 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWpwNXYtNWd4NC1qbWo5
Ability to forge per-form CSRF tokens in Rails
Ecosystems: rubygems
Packages: actionpack
Source: GitHub Advisory Database
Blast Radius: 25.6
Published: over 4 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW00MngtMzdwMy1mdjV3
Circumvention of file size limits in ActiveStorage
Ecosystems: rubygems
Packages: activestorage
Source: GitHub Advisory Database
Blast Radius: 41.0
Published: over 4 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTg3MjctbTZnai1tYzM3
Possible Strong Parameters Bypass in ActionPack
Ecosystems: rubygems
Packages: actionpack
Source: GitHub Advisory Database
Blast Radius: 44.6
Published: over 4 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJwNjgtZjc0di05d2M2
ActiveSupport potentially unintended unmarshalling of user-provided objects in MemCacheStore and RedisCacheStore
Ecosystems: rubygems
Packages: activesupport
Source: GitHub Advisory Database
Blast Radius: 60.1
Published: over 4 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTQyZjItZjl2Yy02MzY1
Private key leak in Apache CXF
Ecosystems: maven
Packages: org.apache.cxf:cxf, org.apache.cxf:apache-cxf
Source: GitHub Advisory Database
Blast Radius: 15.5
Published: over 4 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXc2NHctcXFwaC01Z3ht
HTTP Smuggling via Transfer-Encoding Header in Puma
Ecosystems: rubygems
Packages: puma
Source: GitHub Advisory Database
Blast Radius: 38.1
Published: over 4 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXg3amctNnB3Zy1meDVo
HTTP Smuggling via Transfer-Encoding Header in Puma
Ecosystems: rubygems
Packages: puma
Source: GitHub Advisory Database
Blast Radius: 42.1
Published: over 4 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTQ2ajIteGpncC1qcmZt
Information disclosure issue in Active Resource
Ecosystems: rubygems
Packages: activeresource
Source: GitHub Advisory Database
Blast Radius: 39.4
Published: over 4 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWg3OXAtMzJteC1mamo5
Apache Camel Netty enables Java deserialization by default
Ecosystems: maven
Packages: org.apache.camel:camel-netty
Source: GitHub Advisory Database
Blast Radius: 24.8
Published: over 4 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWNjOTQtM3Y5Yy03cm04
Apache ActiveMQ webconsole admin GUI is open to XSS
Ecosystems: maven
Packages: org.apache.activemq:activemq-web-console
Source: GitHub Advisory Database
Blast Radius: 10.6
Published: over 4 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWN4dnItcjkybS1xOWh3
XSS in Dolibarr
Ecosystems: packagist
Packages: dolibarr/dolibarr
Source: GitHub Advisory Database
Blast Radius: 4.2
Published: over 4 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTVtaDktcjNyci05NTk3
Code execution vulnerability in HtmlUnit
Ecosystems: maven
Packages: net.sourceforge.htmlunit:htmlunit
Source: GitHub Advisory Database
Blast Radius: 32.7
Published: over 4 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTdxeDQtcHA3Ni12cnFo
Remote code execution in Apache Commons Configuration
Ecosystems: maven
Packages: org.apache.commons:commons-configuration2
Source: GitHub Advisory Database
Blast Radius: 33.6
Published: over 4 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTM0NGYtZjV2Zy0yamZq
Potential remote code execution in Apache Tomcat
Ecosystems: maven
Packages: org.apache.tomcat:tomcat-catalina
Source: GitHub Advisory Database
Blast Radius: 26.2
Published: over 4 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXE0bTMtMmo3aC1mN3h3
Cross-Site Scripting in jquery
Ecosystems: maven, nuget, npm, rubygems
Packages: org.webjars.npm:jquery, jQuery, jquery, jquery-rails
Source: GitHub Advisory Database
Blast Radius: 104.9
Published: over 4 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWdnODQtcWd2OS13NHBx
CRLF injection in httplib2
Ecosystems: pypi
Packages: httplib2
Source: GitHub Advisory Database
Blast Radius: 31.9
Published: over 4 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXI4NTQtOTZncS1yZmcz
Pillow Temporary file name leakage
Ecosystems: pypi
Packages: Pillow
Source: GitHub Advisory Database
Blast Radius: 19.8
Published: over 4 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXE5M2gtamM0OS03OGdn
jackson-databind mishandles the interaction between serialization gadgets and typing
Ecosystems: maven
Packages: com.fasterxml.jackson.core:jackson-databind
Source: GitHub Advisory Database
Blast Radius: 52.8
Published: over 4 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXFtcWMteDNyNC02djM5
Polymorphic deserialization of malicious object in jackson-databind
Ecosystems: maven
Packages: com.fasterxml.jackson.core:jackson-databind
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 4 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWZxd2YtcGp3Zi03dnF2
jackson-databind mishandles the interaction between serialization gadgets and typing
Ecosystems: maven
Packages: com.fasterxml.jackson.core:jackson-databind
Source: GitHub Advisory Database
Blast Radius: 47.4
Published: over 4 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXA0M3gteGZqZi01amhy
jackson-databind mishandles the interaction between serialization gadgets and typing
Ecosystems: maven
Packages: com.fasterxml.jackson.core:jackson-databind
Source: GitHub Advisory Database
Blast Radius: 52.8
Published: over 4 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWNmNnItM3dnYy1oODYz
Polymorphic deserialization of malicious object in jackson-databind
Ecosystems: maven
Packages: com.fasterxml.jackson.core:jackson-databind
Source: GitHub Advisory Database
Blast Radius: 40.4
Published: over 4 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJmNnItMmM0cS0ydndn
jackson-databind mishandles the interaction between serialization gadgets and typing
Ecosystems: maven
Packages: com.fasterxml.jackson.core:jackson-databind
Source: GitHub Advisory Database
Blast Radius: 47.4
Published: over 4 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXYzeHctYzk2My1mNWhj
jackson-databind mishandles the interaction between serialization gadgets and typing
Ecosystems: maven
Packages: com.fasterxml.jackson.core:jackson-databind
Source: GitHub Advisory Database
Blast Radius: 47.4
Published: over 4 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTl2dnAtZnh3Ni1qY3hy
jackson-databind mishandles the interaction between serialization gadgets and typing
Ecosystems: maven
Packages: com.fasterxml.jackson.core:jackson-databind
Source: GitHub Advisory Database
Blast Radius: 47.4
Published: over 4 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTI3eGotcnF4NS0yMjU1
jackson-databind mishandles the interaction between serialization gadgets and typing
Ecosystems: maven
Packages: com.fasterxml.jackson.core:jackson-databind
Source: GitHub Advisory Database
Blast Radius: 43.6
Published: over 4 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXBxZzgtY3J4OS1nOG00
Backend Same-Site Request Forgery in TYPO3 CMS
Ecosystems: packagist
Packages: typo3/cms, typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 28.7
Published: over 4 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJ3ajktNDM0eC05aHZw
Insecure Deserialization in Backend User Settings in TYPO3 CMS
Ecosystems: packagist
Packages: typo3/cms, typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 31.6
Published: over 4 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJyeGgtaDZoOS1xcnFj
Class destructors causing side-effects when being unserialized in TYPO3 CMS
Ecosystems: packagist
Packages: typo3/cms, typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 31.2
Published: over 4 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTRqNzctZ2czNi05ODY0
Cross-Site Scripting in TYPO3 CMS Link Handling
Ecosystems: packagist
Packages: typo3/cms, typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 19.4
Published: over 4 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTQzZ2otbWoydy13aDQ2
Cross-Site Scripting in TYPO3 CMS Form Engine
Ecosystems: packagist
Packages: typo3/cms, typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 19.4
Published: over 4 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTM0N3gtODc3cC1oY3d4
Information Disclosure in Password Reset
Ecosystems: packagist
Packages: typo3/cms, typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 13.3
Published: over 4 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTU5Y2YtbTd2NS13aDV3
Cross-Site Scripting in SVG Sanitizer
Ecosystems: packagist
Packages: t3g/svg-sanitizer
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 4 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW04eGotNXY3My0zaGg4
curlrequest allows execution of arbitrary commands
Ecosystems: npm
Packages: curlrequest
Source: GitHub Advisory Database
Blast Radius: 25.4
Published: over 4 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXB4OWgteDY2ci04bXBj
path traversal in Jooby
Ecosystems: maven
Packages: org.jooby:jooby, io.jooby:jooby
Source: GitHub Advisory Database
Blast Radius: 9.2
Published: over 4 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW1nNXAtOTVtOS1ybWZw
Arbitrary file write in actionpack-page_caching gem
Ecosystems: rubygems
Packages: actionpack-page_caching
Source: GitHub Advisory Database
Blast Radius: 30.6
Published: over 4 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWg5OGgtOG14ci1tOGd4
Out-of-bounds read in TensorFlow possibly causing disclosure of the contents of process memory.
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 31.6
Published: over 4 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTR3OTctNTd2Mi0zdzQ0
False-negative validation results in MINT transactions with invalid baton
Ecosystems: npm
Packages: slp-validate
Source: GitHub Advisory Database
Blast Radius: 8.2
Published: over 4 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZqbWYtbXh3Zi1yM2pj
Exposure of Sensitive Information to an Unauthorized Actor in Apache Kafka
Ecosystems: maven
Packages: org.apache.kafka:kafka
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 4 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWpjODMtY3BmOS1xN2M2
False-negative validation results in MINT transactions with invalid baton
Ecosystems: npm
Packages: slpjs
Source: GitHub Advisory Database
Blast Radius: 15.5
Published: over 4 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWM3OHctMmd3Ny1nanYz
XSS in TinyMCE
Ecosystems: npm
Packages: tinymce
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 4 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXB4OHYtaHh4eC0ycmdo
Potential Code Injection in Sprout Forms
Ecosystems: packagist
Packages: barrelstrength/sprout-forms, barrelstrength/sprout-base-email
Source: GitHub Advisory Database
Blast Radius: 8.0
Published: over 4 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTRyY3EtanYyZi04OThq
Incorrect Provision of Specified Functionality in qutebrowser
Ecosystems: pypi
Packages: qutebrowser
Source: GitHub Advisory Database
Blast Radius: 4.6
Published: over 4 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWd3NTUtam00aC14MzM5
Improper Validation of Certificate with Host Mismatch in Java-WebSocket
Ecosystems: maven
Packages: org.java-websocket:Java-WebSocket
Source: GitHub Advisory Database
Blast Radius: 31.1
Published: over 4 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWpjOG0tY3hoai02Njh4
Improper Restriction of Excessive Authentication Attempts in Sorcery
Ecosystems: rubygems
Packages: sorcery
Source: GitHub Advisory Database
Blast Radius: 29.1
Published: over 4 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWo3dngtOG1xai1jcXA5
Exposure of Sensitive Information to an Unauthorized Actor in Doorkeeper
Ecosystems: rubygems
Packages: doorkeeper
Source: GitHub Advisory Database
Blast Radius: 28.0
Published: over 4 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTV2ZjctcTg3aC1wZzZ3
Cross-Site Scripting in BookStack
Ecosystems: packagist
Packages: ssddanbrown/bookstack
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 4 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWpqanItM2pjdy1mOHY2
Potential Observable Timing Discrepancy in Wagtail
Ecosystems: pypi
Packages: wagtail
Source: GitHub Advisory Database
Blast Radius: 20.1
Published: over 4 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJtN2ctOXE3NC05bTNx
Improper Certificate Validation in Apache Beam
Ecosystems: maven
Packages: org.apache.beam:beam-sdks-java-io-mongodb
Source: GitHub Advisory Database
Blast Radius: 12.1
Published: over 4 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJqdmctcTU3di1tampj
XSS in Apache Airflow
Ecosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Blast Radius: 15.3
Published: over 4 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXFmN3YtOGhqMy00eHc3
Improper Verification of Cryptographic Signature in PySAML2
Ecosystems: pypi
Packages: pysaml2
Source: GitHub Advisory Database
Blast Radius: 19.3
Published: over 4 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJjNzcteHhxNi00bWZm
Command Injection in hot-formula-parser
Ecosystems: npm
Packages: hot-formula-parser
Source: GitHub Advisory Database
Blast Radius: 27.7
Published: over 4 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWdxZ3YtNmpxNS1qamo5
Prototype Pollution Protection Bypass in qs
Ecosystems: npm
Packages: qs
Source: GitHub Advisory Database
Blast Radius: 47.4
Published: over 4 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWpwY3EtY2d3Ni12NGo2
Potential XSS vulnerability in jQuery
Ecosystems: npm, maven, nuget, rubygems
Packages: jquery, org.webjars.npm:jquery, jQuery, jquery-rails
Source: GitHub Advisory Database
Blast Radius: 118.7
Published: over 4 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWd4cjQteGpqNS01cHgy
Potential XSS vulnerability in jQuery
Ecosystems: packagist, rubygems, maven, nuget, npm
Packages: maximebf/debugbar, jquery-rails, org.webjars.npm:jquery, jquery
Source: GitHub Advisory Database
Blast Radius: 149.6
Published: over 4 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTl3NnYtbTd3cC1qd2c0
Http request which redirect to another hostname do not strip authorization header in @actions/http-client
Ecosystems: npm
Packages: @actions/http-client
Source: GitHub Advisory Database
Blast Radius: 31.6
Published: over 4 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXFwZzQtNHc3dy0ybXE1
Authentication and extension bypass in Faye
Ecosystems: rubygems
Packages: faye
Source: GitHub Advisory Database
Blast Radius: 29.6
Published: over 4 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZtOWctanI4Yy1jcXcz
Depth counting error in guard() leading to multiple potential security issues in aioxmpp
Ecosystems: pypi
Packages: aioxmpp
Source: GitHub Advisory Database
Blast Radius: 12.5
Published: over 4 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTU2NzktN3FyYy01bTdq
IDOR can reveal execution data and logs to unauthorized user in Rundeck
Ecosystems: maven
Packages: org.rundeck:rundeck
Source: GitHub Advisory Database
Blast Radius: 5.1
Published: over 4 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXFoNHctN3B3My1wNHJw
BSON rubygem contains potential denial of service
Ecosystems: rubygems
Packages: bson
Source: GitHub Advisory Database
Blast Radius: 32.2
Published: over 4 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTc1OG0tdjU2di1ncmo0
jackson-databind mishandles the interaction between serialization gadgets and typing
Ecosystems: maven
Packages: com.fasterxml.jackson.core:jackson-databind
Source: GitHub Advisory Database
Blast Radius: 47.4
Published: almost 5 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTVwMzQtNW02cC1wNThn
jackson-databind mishandles the interaction between serialization gadgets and typing
Ecosystems: maven
Packages: com.fasterxml.jackson.core:jackson-databind
Source: GitHub Advisory Database
Blast Radius: 52.8
Published: almost 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWg0cmMtMzg2Zy02bTg1
jackson-databind mishandles the interaction between serialization gadgets and typing
Ecosystems: maven
Packages: com.fasterxml.jackson.core:jackson-databind
Source: GitHub Advisory Database
Blast Radius: 43.6
Published: almost 5 years ago
Statistics
Advisories: 21,153
Packages: 9,223
Repositories: 5,657
Ecosystems: 12
Filter by Severity
Moderate 9,047 High 7,433 Critical 3,102 Low 1,193
Filter by Ecosystem
maven 5,957 packagist 4,737 pypi 4,458 npm 3,872 go 2,402 nuget 1,608 cargo 925 rubygems 887 swift 34 hex 32 actions 22 pub 10
Filter by Package
tensorflow 433 tensorflow-gpu 427 tensorflow-cpu 423 moodle/moodle 367 Microsoft.ChakraCore 247 magento/community-edition 235 org.jenkins-ci.main:jenkins-core 193 typo3/cms 174 org.apache.tomcat:tomcat 132 pimcore/pimcore 118 dolibarr/dolibarr 113 typo3/cms-core 107 Django 103 drupal/core 99 microweber/microweber 97 phpmyadmin/phpmyadmin 93 silverstripe/framework 89 apache-airflow 85 drupal/drupal 83 librenms/librenms 80 thorsten/phpmyfaq 73 github.com/mattermost/mattermost/server/v8 72 Plone 72 symfony/symfony 69 com.fasterxml.jackson.core:jackson-databind 69 github.com/usememos/memos 64 ansible 63 actionpack 61 concrete5/concrete5 60 org.apache.struts:struts2-core 56 salt 56 apache-superset 55 shopware/platform 52 com.liferay.portal:release.portal.bom 51 github.com/grafana/grafana 49 org.keycloak:keycloak-core 49 craftcms/cms 48 mlflow 47 baserproject/basercms 47 nova 47 django 46 nokogiri 43 rdiffweb 42 matrix-synapse 41 plone 41 nilsteampassnet/teampass 40 org.apache.tomcat.embed:tomcat-embed-core 40 showdoc/showdoc 40 shopware/core 40 intelliants/subrion 39 github.com/rancher/rancher 39 vyper 39 org.elasticsearch:elasticsearch 39 froxlor/froxlor 38 github.com/mattermost/mattermost-server/v6 38 github.com/hashicorp/vault 37 mautic/core 37 org.xwiki.platform:xwiki-platform-oldcore 37 com.thoughtworks.xstream:xstream 37 k8s.io/kubernetes 36 com.jfinal:jfinal 36 moin 35 snipe/snipe-it 35 gradio 35 org.keycloak:keycloak-services 35 net.mingsoft:ms-mcms 35 zendframework/zendframework1 34 io.undertow:undertow-core 34 github.com/answerdev/answer 34 org.jenkins-ci.plugins:script-security 33 keystone 32 gogs.io/gogs 31 parse-server 31 opencv-python 31 opencv-contrib-python 31 github.com/argoproj/argo-cd 31 Pillow 31 shopware/shopware 30 getgrav/grav 30 directus 30 github.com/docker/docker 29 github.com/hashicorp/nomad 29 github.com/hashicorp/consul 29 mediawiki/core 28 github.com/cilium/cilium 28 centreon/centreon 27 github.com/argoproj/argo-cd/v2 27 pillow 26 electron 26 openssl-src 26 prestashop/prestashop 26 org.apache.solr:solr-core 25 org.springframework.security:spring-security-core 25 rubygems-update 25 org.keycloak:keycloak-parent 24 contao/core-bundle 24 magento/core 24 org.eclipse.jetty:jetty-server 24 pocketmine/pocketmine-mp 23 grumpydictator/firefly-iii 23 remdex/livehelperchat 23 zendframework/zendframework 23 rack 23 com.liferay.portal:release.dxp.bom 23 simplesamlphp/simplesamlphp 23 puppet 23 getkirby/cms 22 tribalsystems/zenario 22 org.bouncycastle:bcprov-jdk14 22 ckb 22 org.apache.openmeetings:openmeetings-parent 22 activerecord 21 org.apache.nifi:nifi 21 @openzeppelin/contracts-upgradeable 21 glance 21 Microsoft.AspNetCore.App.Runtime.win-x64 21 Microsoft.AspNetCore.App.Runtime.win-x86 21 next 20 langchain 20 github.com/traefik/traefik/v2 20 funadmin/funadmin 20 org.cloudfoundry.identity:cloudfoundry-identity-server 20 Microsoft.AspNetCore.App.Runtime.win-arm 20 code.gitea.io/gitea 20 github.com/ethereum/go-ethereum 20 phpoffice/phpspreadsheet 20 laravel/framework 20 @openzeppelin/contracts 20 org.springframework:spring-core 19 golang.org/x/net 19 github.com/goharbor/harbor 19 wasmtime 19 DotNetNuke.Core 19 org.xwiki.platform:xwiki-platform-web-templates 19 contao/contao 19 mercurial 18 topthink/framework 18 forkcms/forkcms 18 mindsdb 18 Microsoft.AspNetCore.App.Runtime.win-arm64 18 Microsoft.AspNetCore.App.Runtime.osx-x64 18 Microsoft.AspNetCore.App.Runtime.linux-x64 18 Microsoft.AspNetCore.App.Runtime.linux-arm64 18 Microsoft.AspNetCore.App.Runtime.linux-arm 18 Microsoft.AspNetCore.App.Runtime.linux-musl-x64 18 cockpit-hq/cockpit 18 com.vaadin:vaadin-bom 18 cobbler 18 genix/cms 17 francoisjacquet/rosariosis 17 opencart/opencart 17 yetiforce/yetiforce-crm 17 symfony/security 17 helm.sh/helm/v3 17 Microsoft.AspNetCore.App.Runtime.linux-musl-arm64 17 org.apache.geode:geode-core 17 neutron 17 cakephp/cakephp 17 notebook 17 ezsystems/ezpublish-kernel 17 ethyca-fides 16 PaddlePaddle 16 rusqlite 16 org.apache.dubbo:dubbo 16 typo3/cms-backend 16 github.com/zitadel/zitadel 16 openmage/magento-lts 16 paddlepaddle 16 org.bouncycastle:bcprov-jdk15 16 org.apache.activemq:activemq-client 16 phpbb/phpbb 16 tinymce 16 cryptography 16 pyload-ng 16 sequelize 16 org.apache.jspwiki:jspwiki-main 16 surrealdb 16 calibreweb 15 symfony/security-http 15 OctoPrint 15 smarty/smarty 15 org.apache.struts.xwork:xwork-core 15 ckeditor4 15 Microsoft.NetCore.App.Runtime.win-x86 15 Microsoft.NetCore.App.Runtime.win-arm 15 Microsoft.NetCore.App.Runtime.win-x64 15 october/system 15 ghost 15 Microsoft.NetCore.App.Runtime.win-arm64 15 ec-cube/ec-cube 15 dompdf/dompdf 14 org.apache.tomcat:tomcat-coyote 14 codeigniter4/framework 14 publify_core 14 camaleon_cms 14 undici 14 feehi/cms 14 lollms 14 silverstripe/cms 14 phpmailer/phpmailer 14
Filter by Repository
https://github.com/tensorflow/tensorflow 433 https://github.com/moodle/moodle 218 https://github.com/chakra-core/ChakraCore 214 https://github.com/xwiki/xwiki-platform 189 https://github.com/jenkinsci/jenkins 150 https://github.com/django/django 114 https://github.com/pimcore/pimcore 113 https://github.com/apache/tomcat 103 https://github.com/apache/airflow 101 https://github.com/microweber/microweber 88 https://github.com/TYPO3/typo3 85 https://github.com/keycloak/keycloak 78 https://github.com/librenms/librenms 71 https://github.com/FasterXML/jackson-databind 70 https://github.com/thorsten/phpmyfaq 69 https://github.com/silverstripe/silverstripe-framework 66 https://github.com/rails/rails 66 https://github.com/symfony/symfony 64 https://github.com/usememos/memos 64 https://github.com/ansible/ansible 58 https://github.com/Dolibarr/dolibarr 57 https://github.com/kubernetes/kubernetes 53 https://github.com/python-pillow/Pillow 52 https://github.com/spring-projects/spring-framework 47 https://github.com/apache/struts 46 https://github.com/shopware/platform 43 https://github.com/argoproj/argo-cd 42 https://github.com/ikus060/rdiffweb 42 https://github.com/grafana/grafana 41 https://github.com/concretecms/concretecms 41 https://github.com/vyperlang/vyper 39 https://github.com/phpmyadmin/phpmyadmin 39 https://github.com/magento/magento2 38 https://github.com/star7th/showdoc 38 https://github.com/x-stream/xstream 37 https://github.com/plone/Products.CMFPlone 37 https://github.com/openstack/nova 37 https://github.com/dotnet/runtime 36 https://github.com/craftcms/cms 36 https://github.com/octobercms/october 35 https://github.com/rancher/rancher 35 https://github.com/mautic/mautic 35 https://github.com/saltstack/salt 34 https://github.com/answerdev/answer 34 https://github.com/apache/activemq 33 https://github.com/go-gitea/gitea 32 https://github.com/matrix-org/synapse 32 https://github.com/opencv/opencv 32 https://github.com/gradio-app/gradio 32 https://github.com/sparklemotion/nokogiri 32 https://github.com/parse-community/parse-server 31 https://github.com/mlflow/mlflow 31 https://github.com/PaddlePaddle/Paddle 31 https://github.com/snipe/snipe-it 30 https://github.com/directus/directus 29 https://github.com/umbraco/Umbraco-CMS 29 https://github.com/shopware/shopware 28 https://github.com/cilium/cilium 28 https://github.com/openstack/keystone 28 https://github.com/CVEProject/cvelist 28 https://github.com/apache/inlong 27 https://github.com/gogs/gogs 26 https://github.com/baserproject/basercms 26 https://github.com/froxlor/froxlor 26 https://github.com/electron/electron 25 https://github.com/github/advisory-database 25 https://github.com/contao/contao 25 https://github.com/getgrav/grav 24 https://github.com/apache/nifi 24 https://github.com/strapi/strapi 24 https://github.com/firefly-iii/firefly-iii 23 https://github.com/eclipse/jetty.project 23 https://github.com/pmmp/PocketMine-MP 23 https://github.com/livehelperchat/livehelperchat 23 https://github.com/TYPO3/TYPO3.CMS 23 https://github.com/apache/cxf 22 https://github.com/langchain-ai/langchain 22 https://github.com/nervosnetwork/ckb 22 https://github.com/hashicorp/consul 22 https://github.com/PrestaShop/PrestaShop 22 https://github.com/netty/netty 21 https://github.com/nilsteampassnet/TeamPass 21 https://github.com/jenkinsci/script-security-plugin 21 https://github.com/simplesamlphp/simplesamlphp 20 https://github.com/bytecodealliance/wasmtime 20 https://github.com/PHPOffice/PhpSpreadsheet 20 https://github.com/jeecgboot/jeecg-boot 20 https://github.com/traefik/traefik 20 https://github.com/funadmin/funadmin 20 https://github.com/moby/moby 20 https://github.com/OpenNMS/opennms 20 https://github.com/OpenZeppelin/openzeppelin-contracts 20 https://github.com/undertow-io/undertow 20 https://github.com/goharbor/harbor 19 https://github.com/getkirby/kirby 19 https://github.com/bcgit/bc-java 19 https://github.com/cloudfoundry/uaa 19 https://github.com/zitadel/zitadel 19 https://github.com/nilsteampassnet/teampass 19 https://github.com/geoserver/geoserver 19 https://github.com/helm/helm 18 https://github.com/rack/rack 18 https://github.com/intelliants/subrion 18 https://github.com/rubygems/rubygems 18 https://github.com/backstage/backstage 17 https://github.com/liufee/cms 17 https://github.com/mindsdb/mindsdb 17 https://github.com/hashicorp/vault 17 https://github.com/opencast/opencast 17 https://github.com/laravel/framework 17 https://github.com/denoland/deno 17 https://github.com/vaadin/platform 17 https://github.com/yetiforcecompany/yetiforcecrm 16 https://github.com/TYPO3-CMS/core 16 https://github.com/vercel/next.js 16 https://github.com/tinymce/tinymce 16 https://github.com/mattermost/mattermost 16 https://github.com/forkcms/forkcms 16 https://github.com/OpenMage/magento-lts 16 https://github.com/surrealdb/surrealdb 16 https://github.com/ethereum/go-ethereum 16 https://github.com/sequelize/sequelize 16 https://github.com/rusqlite/rusqlite 16 https://github.com/ethyca/fides 16 https://github.com/etcd-io/etcd 16 https://github.com/pyload/pyload 16 https://github.com/cobbler/cobbler 15 https://github.com/PHPMailer/PHPMailer 15 https://github.com/decidim/decidim 15 https://github.com/pyca/cryptography 15 https://github.com/zendframework/zendframework 15 https://github.com/hashicorp/nomad 15 https://github.com/vantage6/vantage6 15 https://github.com/apache/camel 15 https://github.com/drupal/core 15 https://github.com/puppetlabs/puppet 15 https://github.com/dompdf/dompdf 15 https://github.com/centreon/centreon 15 https://github.com/ckeditor/ckeditor4 14 https://github.com/aio-libs/aiohttp 14 https://github.com/golang/go 14 https://github.com/dotnet/aspnetcore 14 https://github.com/xuxueli/xxl-job 14 https://github.com/thorsten/phpMyFAQ 14 https://github.com/nodejs/undici 14 https://github.com/janeczku/calibre-web 14 https://github.com/twisted/twisted 14 https://github.com/rails/rails-html-sanitizer 14 https://github.com/cockpit-hq/cockpit 14 https://github.com/containerd/containerd 14 https://github.com/TryGhost/Ghost 13 https://github.com/publify/publify 13 https://github.com/OpenRefine/OpenRefine 13 https://github.com/swagger-api/swagger-ui 13 https://github.com/openfga/openfga 13 https://github.com/ming-soft/MCMS 13 https://github.com/apache/dolphinscheduler 13 https://github.com/laurent22/joplin 13 https://github.com/modoboa/modoboa 13 https://github.com/dromara/hutool 13 https://github.com/OPCFoundation/UA-.NETStandard 13 https://github.com/apache/superset 13 https://github.com/quarkusio/quarkus 13 https://github.com/pimcore/admin-ui-classic-bundle 12 https://github.com/centreon/centreon-archived 12 https://github.com/1Panel-dev/1Panel 12 https://github.com/apache/kylin 12 https://github.com/puma/puma 12 https://github.com/wagtail/wagtail 12 https://github.com/smarty-php/smarty 12 https://github.com/patriksimek/vm2 12 https://github.com/urllib3/urllib3 12 https://github.com/containers/podman 12 https://github.com/opencontainers/runc 12 https://github.com/openstack/glance 12 https://github.com/getsentry/sentry 12 https://github.com/WWBN/AVideo 11 https://github.com/ezsystems/ezpublish-kernel 11 https://github.com/Pylons/waitress 11 https://github.com/onionshare/onionshare 11 https://github.com/dpgaspar/Flask-AppBuilder 11 https://github.com/pomerium/pomerium 11 https://github.com/cakephp/cakephp 11 https://github.com/nats-io/nats-server 11 https://github.com/spring-projects/spring-security 11 https://github.com/top-think/framework 11 https://github.com/dolibarr/dolibarr 11 https://github.com/igniterealtime/Openfire 11 https://github.com/yiisoft/yii2 11 https://github.com/vaadin/flow 11 https://github.com/cosmos/cosmos-sdk 11 https://github.com/NodeBB/NodeBB 11 https://github.com/cloudflare/cfrpki 11 https://github.com/zenml-io/zenml 11 https://github.com/Studio-42/elFinder 11 https://github.com/scrapy/scrapy 11 https://github.com/owen2345/camaleon-cms 11 https://github.com/matrix-org/matrix-js-sdk 11 https://github.com/cri-o/cri-o 11