Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories

Loading...
Moderate
GSA_kwCzR0hTQS1nZjM0LWhoNXItZjc0aM4AAxkK
Cross-site Scripting in thorsten/phpmyfaq
Ecosystems: packagist
Packages: thorsten/phpmyfaq
Source: GitHub Advisory Database
Published: 4 months ago
High
GSA_kwCzR0hTQS0yN3JmLThtanAtcjM2M84AAvdY
Sandbox bypass vulnerabilities in Jenkins Script Security Plugin and in Pipeline: Groovy Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins.workflow:workflow-cps, org.jenkins-ci.plugins:script-security
Source: GitHub Advisory Database
Published: 8 months ago
Critical
GSA_kwCzR0hTQS02ZmNqLTl2ZnctanEybc4AAxlu
Arbitrary file deletion in ureport
Ecosystems: maven
Packages: com.bstek.ureport:ureport2-core
Source: GitHub Advisory Database
Published: 4 months ago
Critical
GSA_kwCzR0hTQS1qcnBnLTM1aHctbTRwOc0ptg
Capture-replay in Gitea
Ecosystems: go
Packages: github.com/go-gitea/gitea
Source: GitHub Advisory Database
Published: over 1 year ago
High
GSA_kwCzR0hTQS03N3JtLTl4OWgteGozZ80mxQ
NULL Pointer Dereference in Protocol Buffers
Ecosystems: pypi, go, maven, packagist, nuget
Packages: protobuf, github.com/protocolbuffers/protobuf, com.google.protobuf:protobuf-parent, google/protobuf, Google.Protobuf
Source: GitHub Advisory Database
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS13M2dtLXZ2NTgtd3I1Nc4AAo_l
Missing permission check in Jenkins requests-plugin Plugin allows sending emails
Ecosystems: maven
Packages: org.jenkins-ci.plugins:requests
Source: GitHub Advisory Database
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS13ZzJmLTlyZjctNDhnbc4AAv6P
Missing permission check in Jenkins loader.io Plugin allows enumerating credentials IDs
Ecosystems: maven
Packages: io.loader:loaderio-jenkins-plugin
Source: GitHub Advisory Database
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS1qODc0LTQ3eHgtOXhmZ84AAv6K
Missing permission check in Jenkins Delete log Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:delete-log-plugin
Source: GitHub Advisory Database
Published: 7 months ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWY2aG0tODh4My1tZmp2
A Server-Side Forgery Request can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host
Ecosystems: maven
Packages: com.thoughtworks.xstream:xstream
Source: GitHub Advisory Database
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1teDJxLTM1bTIteDJyaM4AAy0V
OpenZeppelin Contracts TransparentUpgradeableProxy clashing selector calls may not be delegated
Ecosystems: npm
Packages: @openzeppelin/contracts-upgradeable, @openzeppelin/contracts
Source: GitHub Advisory Database
Published: about 2 months ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXFwZnEtcGg3ci1xdjZm
XStream is vulnerable to an Arbitrary Code Execution attack
Ecosystems: maven
Packages: com.thoughtworks.xstream:xstream
Source: GitHub Advisory Database
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS02dmg2LTcyZzYteHF4Ms4AAwXg
FeehiCMS Cross Site Scripting vulnerability
Ecosystems: packagist
Packages: feehi/feehicms
Source: GitHub Advisory Database
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS1nd3B4LXEyaDktd3hneM0YzA
elgg is vulnerable to Authorization Bypass Through User-Controlled Key
Ecosystems: packagist
Packages: elgg/elgg
Source: GitHub Advisory Database
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1ncWdxLTc4NHEtdjl4cM4AAwXc
FeehiCMS Cross Site Scripting vulnerability
Ecosystems: packagist
Packages: feehi/feehicms
Source: GitHub Advisory Database
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS04dmpwLWhmZ2gtNjhyas4AAwXa
FeehiCMS Cross Site Scripting vulnerability
Ecosystems: packagist
Packages: feehi/feehicms
Source: GitHub Advisory Database
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS02cHFtLXh2ZmMtdzdwNM0Yzg
showdoc is vulnerable to Cross-Site Request Forgery (CSRF)
Ecosystems: packagist
Packages: showdoc/showdoc
Source: GitHub Advisory Database
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS0yNTJoLTJjbXEtcG1yNs4AAwXI
easywebpack-cli Path Traversal vulnerability
Ecosystems: npm
Packages: @easy-team/easywebpack-cli
Source: GitHub Advisory Database
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS12cmdoLTV3M2MtZ2dmOM0Y3g
showdoc is vulnerable to Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
Ecosystems: packagist
Packages: showdoc/showdoc
Source: GitHub Advisory Database
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS02dzlwLTg4cWctcDNnM80YyA
Cross-site Scripting in CKAN
Ecosystems: pypi
Packages: ckan
Source: GitHub Advisory Database
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS00Z3doLTJwcXgtZjVjY80Ywg
Cross-site Scripting in LibreNMS
Ecosystems: packagist
Packages: librenms/librenms
Source: GitHub Advisory Database
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS1qanZwLXdmcDgtcnY2Oc4AAwyg
globalpom-utils has Insecure Temporary File
Ecosystems: maven
Packages: com.anrisoftware.globalpom:globalpomutils
Source: GitHub Advisory Database
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS1wd2gzLTNwY20tNnZqaM4AAwXN
FeehiCMS vulnerable to Cross Site Scripting
Ecosystems: packagist
Packages: feehi/feehicms
Source: GitHub Advisory Database
Published: 6 months ago
Critical
GSA_kwCzR0hTQS1odzQ2LXZnNnctODhmas4AAwXM
replicator vulnerable to Deserialization of Untrusted Data
Ecosystems: npm
Packages: replicator
Source: GitHub Advisory Database
Published: 6 months ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW01NHItdnJtdi1odzMz
Improper Sanitizing of plugin names in helm
Ecosystems: go
Packages: helm.sh/helm/v3/pkg/plugin, helm.sh/helm, helm.sh/helm/v3
Source: GitHub Advisory Database
Published: about 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTh3eDItOXE0OC12bTly
RFD attack via Content-Disposition header sourced from request input by Spring MVC or Spring WebFlux Application
Ecosystems: maven
Packages: org.springframework:spring-webflux, org.springframework:spring-webmvc
Source: GitHub Advisory Database
Published: over 3 years ago
Critical
GSA_kwCzR0hTQS0zNnAzLXdqbWctaDk0eM03aQ
Remote Code Execution in Spring Framework
Ecosystems: maven
Packages: org.springframework:spring-webflux, org.springframework:spring-webmvc, org.springframework:spring-beans, org.springframework.boot:spring-boot-starter-webflux, org.springframework.boot:spring-boot-starter-web
Source: GitHub Advisory Database
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1qdzZ4LTRoOGgtNTY5eM4AAwXU
Roots Soil plugin vulnerable to Cross-site Scripting
Ecosystems: packagist
Packages: roots/soil
Source: GitHub Advisory Database
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS04cGYzLTZmZ3ItM2czZ84AAy3P
`chainId` may be outdated if user changes chains as part of connection in @web3-react
Ecosystems: npm
Packages: @web3-react/walletconnect, @web3-react/metamask, @web3-react/eip1193, @web3-react/coinbase-wallet
Source: GitHub Advisory Database
Published: about 2 months ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWM1MmYtcHE0Ny0ycjlq
plugin.yaml file allows for duplicate entries in helm
Ecosystems: go
Packages: helm.sh/helm/v3/pkg/plugin, helm.sh/helm, helm.sh/helm/v3
Source: GitHub Advisory Database
Published: about 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJwM3gtcXc5Yy0yNWho
XStream can cause a Denial of Service.
Ecosystems: maven
Packages: com.thoughtworks.xstream:xstream
Source: GitHub Advisory Database
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS0zdndtLWZjODctbXE2aM4AAv6W
SSL/TLS certificate validation globally and unconditionally disabled by Jenkins NS-ND Integration Performance Publisher Plugin
Ecosystems: maven
Packages: io.jenkins.plugins:cavisson-ns-nd-integration
Source: GitHub Advisory Database
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS13MmozLXBxNjMtMzM5d84AAv6T
Incorrect permission checks in Jenkins Support Core Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:support-core
Source: GitHub Advisory Database
Published: 7 months ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWg2cXYtZjVnZi04Z2Nm
Missing Authorization in Jenkins P4 plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:p4
Source: GitHub Advisory Database
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS1nNTk0LTU1bXAtZjZxOM4AAwRe
Improper Privilege Management in rdiffweb
Ecosystems: pypi
Packages: rdiffweb
Source: GitHub Advisory Database
Published: 6 months ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXB3cHItdnAydi05OXh3
Out-of-bounds write
Ecosystems: nuget
Packages: Microsoft.ChakraCore
Source: GitHub Advisory Database
Published: about 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXE1NDctZ21mOC04anI3
Signature Validation Bypass in goxmldsig
Ecosystems: go
Packages: github.com/russellhaering/goxmldsig
Source: GitHub Advisory Database
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1xMnFqLTYyOGctdmhmd84AAy3N
Insecure header validation in slim/psr7
Ecosystems: packagist
Packages: slim/psr7
Source: GitHub Advisory Database
Published: about 2 months ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTVnbTYtcjc5cS1oZmd3
Denial of service in direct_mail
Ecosystems: packagist
Packages: directmailteam/direct-mail
Source: GitHub Advisory Database
Published: about 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTk1Mm0tbTgzYy0zeG02
Open redirect in direct_mail
Ecosystems: packagist
Packages: directmailteam/direct-mail
Source: GitHub Advisory Database
Published: about 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWdyZnAtcTJtbS1oZnA2
Redirect URL matching ignores character casing
Ecosystems: go
Packages: github.com/ory/fosite
Source: GitHub Advisory Database
Published: about 2 years ago
High
GSA_kwCzR0hTQS1nZ2hjLWc4Y2otNHZmds4AAqOV
Stored XSS vulnerability in Jenkins Git Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:git
Source: GitHub Advisory Database
Published: about 1 year ago
High
GSA_kwCzR0hTQS0zNGo1LWM0Y3YtbW1nNc4AAolr
XXE vulnerability in Jenkins URLTrigger Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:urltrigger
Source: GitHub Advisory Database
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS0zM3BnLW02amgtNTIzN84AAyiu
Docker Swarm encrypted overlay network traffic may be unencrypted
Ecosystems: go
Packages: github.com/docker/docker
Source: GitHub Advisory Database
Published: 2 months ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJmcTMtdzU0Yy1mOXE1
OAuth2 Redirect URL validity does not respect query parameters and character casing for loopback addresses
Ecosystems: go
Packages: github.com/ory/fosite
Source: GitHub Advisory Database
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS12N3hoLWg0OGMteHc1Zs4AAn-O
CSRF vulnerability and in Jenkins OWASP Dependency-Track Plugin allow capturing credentials
Ecosystems: maven
Packages: org.jenkins-ci.plugins:dependency-track
Source: GitHub Advisory Database
Published: about 1 year ago
Low
GSA_kwCzR0hTQS03OXI1LXJocnctN3B2aM4AAn-C
Passwords stored in plain text by Jenkins Jabber (XMPP) notifier and control Plugin
Ecosystems: maven
Packages: org.jvnet.hudson.plugins:jabber
Source: GitHub Advisory Database
Published: about 1 year ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTRqZjUtamdncC1nNTZq
Cross-Site Request Forgery in com.softwaremill.akka-http-session:core_2.12
Ecosystems: maven
Packages: com.softwaremill.akka-http-session:core_2.12
Source: GitHub Advisory Database
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS02d3JmLW14ZmotcGY1cM4AAyit
Docker Swarm encrypted overlay network with a single endpoint is unauthenticated
Ecosystems: go
Packages: github.com/docker/docker
Source: GitHub Advisory Database
Published: 2 months ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTM2eHctZng3OC1jNXI0
containerd-shim API Exposed to Host Network Containers
Ecosystems: go
Packages: github.com/containerd/containerd/cmd, github.com/containerd/containerd
Source: GitHub Advisory Database
Published: about 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXBweGMtcG14OS1xanY5
Out-of-bounds write
Ecosystems: nuget
Packages: Microsoft.ChakraCore
Source: GitHub Advisory Database
Published: about 2 years ago
High
GSA_kwCzR0hTQS1ycDR4LWg1NzctY2h2cc4AAqqb
Stored XSS vulnerability in Jenkins Active Choices Plugin
Ecosystems: maven
Packages: org.biouno:uno-choice
Source: GitHub Advisory Database
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS01dnI2LWhtNjgtNWo5cM0YwQ
Cross-site Scripting in LibreNMS
Ecosystems: packagist
Packages: librenms/librenms
Source: GitHub Advisory Database
Published: over 1 year ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJmNmctdzVnai1jOTNo
Prototype Pollution in iniparserjs
Ecosystems: npm
Packages: iniparserjs
Source: GitHub Advisory Database
Published: about 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWpoajYtNW1oNi00cHZm
Denial-of-Service within Docker container
Ecosystems: go
Packages: ktbs.dev/teler/pkg/errors
Source: GitHub Advisory Database
Published: about 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWN3cDktOTU2Zi12Y3do
Out-of-bounds write
Ecosystems: nuget
Packages: Microsoft.ChakraCore
Source: GitHub Advisory Database
Published: about 2 years ago
High
GSA_kwCzR0hTQS1oNjQ4LWdqMzQtNXg0cs4AAqqG
Agent-to-controller security bypass in Jenkins Squash TM Publisher (Squash4Jenkins) Plugin allows writing arbitrary files
Ecosystems: maven
Packages: org.jenkins-ci.plugins:squashtm-publisher-plugin
Source: GitHub Advisory Database
Published: about 1 year ago
High
GSA_kwCzR0hTQS01OHByLWhwcngtN2hnNs4AApuG
RCE vulnerability in Jenkins Code Coverage API Plugin
Ecosystems: maven
Packages: io.jenkins.plugins:code-coverage-api
Source: GitHub Advisory Database
Published: about 1 year ago
High
GSA_kwCzR0hTQS14ajI5LWdmd3ctajY3Z84AAygB
Jenkins JaCoCo Plugin vulnerable to Stored Cross-site Scripting
Ecosystems: maven
Packages: org.jenkins-ci.plugins:jacoco
Source: GitHub Advisory Database
Published: 2 months ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZwNzctZnFxcC03OWo4
Prototype Pollution in decal
Ecosystems: npm
Packages: decal
Source: GitHub Advisory Database
Published: about 2 years ago
Low
GSA_kwCzR0hTQS1mbXE5LXI0cDItODI3Ms4AAu-R
API token stored in plain text by Jenkins CONS3RT Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:cons3rt
Source: GitHub Advisory Database
Published: 9 months ago
Moderate
GSA_kwCzR0hTQS1yeHZ4LTl3ZzUtcXB3d84AAiYz
Jenkins iceScrum Plugin vulnerable to Cross-site Request Forgery
Ecosystems: maven
Packages: org.jenkins-ci.plugins:icescrum
Source: GitHub Advisory Database
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS12ZjdoLTYyNDYtaG00M80XYQ
The disqualify lead action may be executed without CSRF token check
Ecosystems: packagist
Packages: oro/crm
Source: GitHub Advisory Database
Published: over 1 year ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWczd2ctNm1jZi04amo2
Local Temp Directory Hijacking Vulnerability
Ecosystems: maven
Packages: org.mortbay.jetty:jetty-webapp, org.eclipse.jetty:jetty-webapp
Source: GitHub Advisory Database
Published: over 2 years ago
High
GSA_kwCzR0hTQS02NG1qLTNwOTItNTg5ds4AAs7p
Cross-site Scripting in Jenkins JUnit Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:junit
Source: GitHub Advisory Database
Published: 12 months ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW04OTgtaDRwbS1wcWZy
Arbitrary code execution due to an uncontrolled search path for the git binary
Ecosystems: go
Packages: github.com/MichaelMure/git-bug/repository, github.com/MichaelMure/git-bug
Source: GitHub Advisory Database
Published: about 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJyZmotMm13cC03ODd2
Out-of-bounds write
Ecosystems: nuget
Packages: Microsoft.ChakraCore
Source: GitHub Advisory Database
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS01M2M0LWhobWgtdnc1cc4AAwWx
Helm vulnerable to denial of service through through repository index file
Ecosystems: go
Packages: helm.sh/helm/v3
Source: GitHub Advisory Database
Published: 6 months ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTc1OGMtZzJmZi05NDQ0
Out-of-bounds write
Ecosystems: nuget
Packages: Microsoft.ChakraCore
Source: GitHub Advisory Database
Published: about 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWozMngtajhwai1wZzJo
Prototype Pollution in decal
Ecosystems: npm
Packages: decal
Source: GitHub Advisory Database
Published: about 2 years ago
High
GSA_kwCzR0hTQS05cWNtLWZxajktOTNtNM4AAwU2
.NET Framework Remote Code Execution Vulnerability.
Ecosystems: nuget
Packages: Microsoft.WindowsDesktop.App.Runtime.win-x64
Source: GitHub Advisory Database
Published: 6 months ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTg2d2YtNDM2bS1oNDI0
Resource Exhaustion Denial of Service in http-proxy-agent
Ecosystems: npm
Packages: http-proxy-agent
Source: GitHub Advisory Database
Published: over 1 year ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXA0M3ctZzNjNS1nNW1x
Out of bounds read in Pillow
Ecosystems: pypi
Packages: Pillow
Source: GitHub Advisory Database
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1qOWg0LXA2cDctODY1Ms4AAygL
Jenkins OctoPerf Load Testing Plugin vulnerable to credential capture
Ecosystems: maven
Packages: org.jenkinsci.plugins:octoperf
Source: GitHub Advisory Database
Published: 2 months ago
High
GSA_kwCzR0hTQS14djNxLWpybW0tNGZ4ds4AAy3O
Authentication Bypass in @strapi/plugin-users-permissions
Ecosystems: npm
Packages: @strapi/plugin-users-permissions
Source: GitHub Advisory Database
Published: about 2 months ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTh4anEtOGZjZy1nNWh3
Out-of-bounds Write in Pillow
Ecosystems: pypi
Packages: Pillow
Source: GitHub Advisory Database
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1oMjQ2LWczOXgtN3ZteM4AArAu
Missing permission check in Jenkins XebiaLabs XL Deploy Plugin allows enumerating credentials IDs
Ecosystems: maven
Packages: com.xebialabs.deployit.ci:deployit-plugin
Source: GitHub Advisory Database
Published: about 1 year ago
High
GSA_kwCzR0hTQS02bXBwLWNtM3YtMjN2ds4AAoy5
Missing permission check in Jenkins XebiaLabs XL Deploy Plugin allows capturing credentials
Ecosystems: maven
Packages: com.xebialabs.deployit.ci:deployit-plugin
Source: GitHub Advisory Database
Published: about 1 year ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTloeDItaGdxMi0yZzRm
Regular Expression Denial of Service (ReDoS) in Pillow
Ecosystems: pypi
Packages: Pillow
Source: GitHub Advisory Database
Published: about 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZnODgtOTl3ai04bWdn
Command injection in Apache Flink
Ecosystems: maven
Packages: org.apache.flink:flink-core
Source: GitHub Advisory Database
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS04OTRxLXdwZzUtbWYyaM4AAwO_
pyRdfa3 Cross-site Scripting vulnerability
Ecosystems: pypi
Packages: pyRdfa3
Source: GitHub Advisory Database
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS05N2c4LXhmdnctcTRoZ84AAwUZ
Keycloak vulnerable to session takeover with OIDC offline refreshtokens
Ecosystems: maven
Packages: org.keycloak:keycloak-parent
Source: GitHub Advisory Database
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS03cng2LTR2d3YtNDMyZ84AAoNz
Missing permission check in CloudBees CD Plugin allows scheduling builds
Ecosystems: maven
Packages: org.jenkins-ci.plugins:electricflow
Source: GitHub Advisory Database
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS14eGZ4LXcycnctZ2g2M84AAwVh
csaf-poc/csaf_distribution Cross-site Scripting vulnerability
Ecosystems: go
Packages: github.com/csaf-poc/csaf_distribution
Source: GitHub Advisory Database
Published: 6 months ago
High
GSA_kwCzR0hTQS1xcTNqLTQ0Z3ctY2Y2cs4AAtvo
Eclipse Californium denial of service (DoS) via Datagram Transport Layer Security (DTLS) handshake on parameter mismatch
Ecosystems: maven
Packages: org.eclipse.californium:californium-core
Source: GitHub Advisory Database
Published: 10 months ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXYyd3gtamo2Ni0yaHA3
Cross-site Scripting in Wildfly
Ecosystems: maven
Packages: org.wildfly:wildfly-parent
Source: GitHub Advisory Database
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS0zdzM3LTVwM3AtanY5Ms4AAwSK
Apache CXF vulnerable to Exposure of Sensitive Information
Ecosystems: maven
Packages: org.apache.cxf:cxf-core
Source: GitHub Advisory Database
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS13aGdoLWcyNGMtM2o1cc4AAwSQ
hutool-json stack overflow vulnerability
Ecosystems: maven
Packages: cn.hutool:hutool-json
Source: GitHub Advisory Database
Published: 6 months ago
High
GSA_kwCzR0hTQS1xN3hnLWhoM3EtaGM2OM4AAoNx
XML External Entity Reference vulnerability in Jenkins Config File Provider Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:config-file-provider
Source: GitHub Advisory Database
Published: about 1 year ago
Low
GSA_kwCzR0hTQS1meHJjLWhnNmotNnYzeM4AAwSH
hutool-json vulnerable to memory exhaustion
Ecosystems: maven
Packages: cn.hutool:hutool-json
Source: GitHub Advisory Database
Published: 6 months ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWptdjQtNzN2Mi1wdmdj
Cross-site Scripting in OpenNMS Horizon
Ecosystems: maven
Packages: org.opennms:opennms
Source: GitHub Advisory Database
Published: about 2 years ago
High
GSA_kwCzR0hTQS13N3I2LXY0ajctaDk0d84AAygm
Apache James server's JMX management service vulnerable to privilege escalation by local user
Ecosystems: maven
Packages: org.apache.james:javax-mail-extension
Source: GitHub Advisory Database
Published: 2 months ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTI1NDgtcTc0Ni14NXg2
Code injection in port-killer
Ecosystems: npm
Packages: port-killer
Source: GitHub Advisory Database
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS01Y3h3LTh2NjUtNzZ2Zs4AAoE1
CSRF vulnerability in Jenkins promoted builds Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:promoted-builds
Source: GitHub Advisory Database
Published: about 1 year ago
High
GSA_kwCzR0hTQS1nYzg3LXF3bXYtN3g5eM4AAnqT
Stored XSS vulnerability in Jenkins Artifact Repository Parameter Plugin
Ecosystems: maven
Packages: io.jenkins.plugins:artifact-repository-parameter
Source: GitHub Advisory Database
Published: about 1 year ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJycTUtNjhobS1oNGo4
Cross-Site Request Forgery in OpenNMS Horizon
Ecosystems: maven
Packages: org.opennms:opennms
Source: GitHub Advisory Database
Published: about 2 years ago
High
GSA_kwCzR0hTQS00ZjZ4LWc1dmgtOGptNc4AAnpw
Stored XSS vulnerability in Jenkins Active Choices Plugin
Ecosystems: maven
Packages: org.biouno:uno-choice
Source: GitHub Advisory Database
Published: about 1 year ago
High
GSA_kwCzR0hTQS14bXc1LTQ1djktcHhxeM4AAnOd
XSS vulnerability in Jenkins TICS Plugin
Ecosystems: maven
Packages: io.jenkins.plugins:tics
Source: GitHub Advisory Database
Published: about 1 year ago
Low
GSA_kwCzR0hTQS1xdmpyLXg4ZnctaGdods4AAnOn
Credentials stored in plain text by Jenkins TraceTronic ECU-TEST Plugin
Ecosystems: maven
Packages: de.tracetronic.jenkins.plugins:ecutest
Source: GitHub Advisory Database
Published: about 1 year ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTNjcnItOXZtZy04NjR2
Improper Input Validation in Active Record
Ecosystems: rubygems
Packages: activerecord
Source: GitHub Advisory Database
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTdmcWotY2c3OS1mMnB2
Thumbshooter vulnerable to Code Injection
Ecosystems: rubygems
Packages: thumbshooter
Source: GitHub Advisory Database
Published: over 5 years ago
Filter by Package
tensorflow 433 tensorflow-cpu 387 tensorflow-gpu 384 org.jenkins-ci.main:jenkins-core 163 pimcore/pimcore 100 org.apache.tomcat:tomcat 78 microweber/microweber 75 com.fasterxml.jackson.core:jackson-databind 69 Microsoft.ChakraCore 67 actionpack 57 github.com/usememos/memos 55 thorsten/phpmyfaq 54 moodle/moodle 53 apache-airflow 45 ansible 44 org.apache.struts:struts2-core 43 django 42 shopware/platform 41 rdiffweb 40 typo3/cms-core 39 Pillow 39 org.keycloak:keycloak-core 39 com.thoughtworks.xstream:xstream 37 showdoc/showdoc 36 shopware/core 32 librenms/librenms 31 opencv-contrib-python 30 opencv-python 30 snipe/snipe-it 29 github.com/answerdev/answer 29 nokogiri 28 org.apache.nifi:nifi 28 concrete5/concrete5 27 org.springframework:spring-core 27 io.undertow:undertow-core 26 Plone 26 openssl-src 26 matrix-synapse 25 com.liferay.portal:release.portal.bom 25 rubygems-update 25 net.mingsoft:ms-mcms 25 activerecord 24 craftcms/cms 24 parse-server 24 org.elasticsearch:elasticsearch 23 dolibarr/dolibarr 22 org.xwiki.platform:xwiki-platform-oldcore 22 apache-superset 22 org.apache.tomcat.embed:tomcat-embed-core 22 remdex/livehelperchat 22 gogs.io/gogs 22 org.jenkins-ci.plugins:script-security 21 org.apache.solr:solr-core 21 org.springframework.security:spring-security-core 21 org.eclipse.jetty:jetty-server 21 rack 20 org.apache.openmeetings:openmeetings-parent 20 typo3/cms 19 electron 19 froxlor/froxlor 19 github.com/argoproj/argo-cd 19 com.vaadin:vaadin-bom 19 github.com/hashicorp/nomad 18 org.keycloak:keycloak-parent 18 mautic/core 18 shopware/shopware 18 pocketmine/pocketmine-mp 18 silverstripe/framework 18 baserproject/basercms 17 org.bouncycastle:bcprov-jdk14 17 sequelize 17 cakephp/cakephp 17 org.apache.activemq:activemq-client 17 @openzeppelin/contracts-upgradeable 16 marked 16 org.bouncycastle:bcprov-jdk15 16 org.apache.geode:geode-core 16 yetiforce/yetiforce-crm 16 vyper 16 drupal/core 16 rusqlite 16 @openzeppelin/contracts 15 grumpydictator/firefly-iii 15 Django 15 github.com/ethereum/go-ethereum 15 org.apache.jspwiki:jspwiki-main 15 francoisjacquet/rosariosis 15 nilsteampassnet/teampass 15 org.apache.cxf:cxf 14 swagger-ui 14 github.com/rancher/rancher 14 symfony/symfony 14 strapi 14 org.apache.dubbo:dubbo 14 wasmtime 13 helm.sh/helm/v3 13 tribalsystems/zenario 13 notebook 13 Microsoft.AspNetCore.App.Runtime.linux-x64 13 Microsoft.AspNetCore.App.Runtime.osx-x64 13 puppet 13 Microsoft.AspNetCore.App.Runtime.win-arm 13 Microsoft.AspNetCore.App.Runtime.win-x64 13 Microsoft.AspNetCore.App.Runtime.win-x86 13 Microsoft.AspNetCore.App.Runtime.linux-arm64 13 Microsoft.AspNetCore.App.Runtime.linux-musl-x64 13 Microsoft.AspNetCore.App.Runtime.linux-arm 13 handlebars 13 github.com/hashicorp/vault 13 k8s.io/kubernetes 13 publify_core 13 pyftpdlib 13 nova 13 github.com/goharbor/harbor 13 github.com/argoproj/argo-cd/v2 12 github.com/docker/docker 12 rails-html-sanitizer 12 ezsystems/ezpublish-kernel 12 golang.org/x/net 12 phpmailer/phpmailer 12 github.com/hashicorp/consul 12 Microsoft.AspNetCore.App.Runtime.linux-musl-arm64 12 ckb 12 getkirby/cms 12 forkcms/forkcms 12 openmage/magento-lts 12 next 12 actionview 12 activesupport 12 rails 12 getgrav/grav 12 org.apache.tika:tika-core 12 onionshare-cli 11 org.jenkins-ci.plugins.workflow:workflow-cps 11 feehi/feehicms 11 org.jenkins-ci.plugins:git 11 github.com/containerd/containerd 11 org.apache.cxf:cxf-core 11 org.apache.hadoop:hadoop-common 11 org.apache.hadoop:hadoop-main 11 github.com/opencontainers/runc 11 intelliants/subrion 11 modoboa 11 fat_free_crm 11 calibreweb 11 org.apache.jspwiki:jspwiki-war 11 github.com/mattermost/mattermost-server/v6 11 DotNetNuke.Core 11 prestashop/prestashop 10 github.com/cilium/cilium 10 org.apache.camel:camel-core 10 vm2 10 ghost 10 com.vaadin:flow-server 10 Microsoft.AspNetCore.App.Runtime.win-arm64 10 Microsoft.NETCore.App 10 Microsoft.AspNetCore.All 10 twisted 10 org.xwiki.platform:xwiki-platform-web 10 contao/core-bundle 10 angular 10 ckeditor4 10 october/system 10 tinymce 10 org.apache.ranger:ranger 10 org.xwiki.platform:xwiki-platform-web-templates 9 opencv-contrib-python-headless 9 opencv-python-headless 9 centreon/centreon 9 org.apache.xmlgraphics:batik 9 io.jenkins:configuration-as-code 9 code.gitea.io/gitea 9 org.apache.hive:hive 9 directus 9 concrete5/core 9 org.jenkins-ci.plugins.workflow:workflow-cps-global-lib 9 passenger 9 jquery 9 waitress 9 kevinpapst/kimai2 9 cobbler 9 puma 9 validator 9 github.com/grafana/grafana 9 serve 9 org.jenkins-ci.plugins:email-ext 8 ssddanbrown/bookstack 8 ezsystems/ezplatform-kernel 8 funadmin/funadmin 8 github.com/traefik/traefik/v2 8 kiwitcms 8 org.apache.tapestry:tapestry-core 8 Microsoft.AspNetCore.App.Runtime.linux-musl-arm 8 Microsoft.AspNetCore.App 8 OctoPrint 8 alextselegidis/easyappointments 8 codeigniter4/framework 8 nodebb 8 url-parse 8 matrix-js-sdk 8 urijs 8 steal 8 topthink/framework 8 jquery-ui 8 deno 8 pyload-ng 8 sylius/sylius 8 org.apache.shiro:shiro-core 8 org.apache.poi:poi 8 org.apache.tika:tika 8 next-auth 8 org.yaml:snakeyaml 8 org.apache.commons:commons-compress 8 github.com/kubeedge/kubeedge 8 npm 8 org.apache.karaf:apache-karaf 8 mysql:mysql-connector-java 8 wwbn/avideo 8 org.jboss.resteasy:resteasy-client 8 org.apache.pdfbox:pdfbox 8 elefant/cms 8 facturascripts/facturascripts 8 impresscms/impresscms 8 org.keycloak:keycloak-services 8 org.apache.hive:hive-exec 8 node-forge 8 glance 8 github.com/nats-io/nats-server/v2 8 org.apache.kylin:kylin 8 org.apache.ozone:ozone-main 8 editor.md 8 github.com/pomerium/pomerium 8 wagtail 8 keystone 8 cryptography 8 org.apache.zeppelin:zeppelin 7 Flask-AppBuilder 7 org.springframework:spring-webmvc 7 com.xuxueli:xxl-job 7 org.apache.archiva:archiva 7 github.com/go-gitea/gitea 7 io.jenkins.plugins:cavisson-ns-nd-integration 7 org.opennms:opennms 7 Microsoft.NETCore.App.Runtime.linux-arm64 7 org.jenkins-ci.plugins:subversion 7 tar 7 github.com/cri-o/cri-o 7 github.com/mattermost/mattermost-server 7 total.js 7 org.igniterealtime.openfire:parent 7 pillow 7 systeminformation 7 october/cms 7 feehi/cms 7 org.apache.atlas:atlas-common 7 org.apache.santuario:xmlsec 7 org.craftercms:crafter-studio 7 jsrsasign 7 Microsoft.NETCore.App.Runtime.linux-musl-arm64 7 org.jruby:jruby-stdlib 7 io.jenkins.blueocean:blueocean 7 Microsoft.NETCore.App.Runtime.linux-musl-x64 7 Microsoft.NETCore.App.Runtime.linux-x64 7 Microsoft.NETCore.App.Runtime.win-x64 7 Microsoft.NETCore.App.Runtime.win-x86 7 Microsoft.NETCore.App.Runtime.osx-x64 7 Microsoft.NETCore.App.Runtime.win-arm64 7 Microsoft.NETCore.App.Runtime.win-arm 7 Microsoft.NETCore.App.Runtime.linux-arm 7 org.postgresql:postgresql 7 org.apache.logging.log4j:log4j-core 7 pysaml2 7 com.jflyfox:jflyfox_jfinal 7 golang.org/x/crypto 7 laravel/framework 7 OPCFoundation.NetStandard.Opc.Ua.Core 7 october/backend 7 numpy 7 keystone 7 snyk-broker 7 hapi 7 org.apache.httpcomponents:httpclient 7 org.apache.druid:druid 7 bootstrap 7 urllib3 7 hermes-engine 7 hyper 7 org.apache.spark:spark-core_2.11 7 smarty/smarty 7 org.apache.cxf:apache-cxf 7 jQuery 7 mlflow 7 wallabag/wallabag 7 undici 7 lodash 7 org.apache.james:james-server 7 org.jeecgframework.boot:jeecg-boot-base 7 github.com/google/fscrypt 7 io.atomix:atomix 7 org.apache.hive:hive-service 7