Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories

Loading...
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTV2OTUtdjhjOC0zcmg2
Privilege escalation in rbac
Ecosystems: go
Packages: github.com/google/exposure-notifications-verification-server
Source: GitHub Advisory Database
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1tZ2oyLXE4d3AtMjlycs4AAwSY
TYPO3 CMS vulnerable to Insufficient Session Expiration after Password Reset
Ecosystems: packagist
Packages: typo3/cms, typo3/cms-core
Source: GitHub Advisory Database
Published: 6 months ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZxNHctM3dwNC1xNXdm
Denial of Service in get-ip-range
Ecosystems: npm
Packages: get-ip-range
Source: GitHub Advisory Database
Published: about 2 years ago
High
GSA_kwCzR0hTQS1oZzJ3LTNjNGotamp3bc4AAnps
Stored XSS vulnerability in Jenkins Repository Connector Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:repository-connector
Source: GitHub Advisory Database
Published: about 1 year ago
High
GSA_kwCzR0hTQS1tcGN4LThxcXctcm1jcc4AAuAg
SQL Injection in waterline-sequel
Ecosystems: npm
Packages: waterline-sequel
Source: GitHub Advisory Database
Published: almost 3 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXdwZ2gtaG12NC1yM3Y1
Prototype pollution in safe-obj
Ecosystems: npm
Packages: safe-obj
Source: GitHub Advisory Database
Published: almost 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW00NWctZjQ1eC12djIy
Improper input validation in CNCF Cortex
Ecosystems: go
Packages: github.com/cortexproject/cortex
Source: GitHub Advisory Database
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1ycmZjLTdnOHAtOTlxOM4AAwSi
Possible XSS vulnerability with certain configurations of rails-html-sanitizer
Ecosystems: rubygems
Packages: rails-html-sanitizer
Source: GitHub Advisory Database
Published: 6 months ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTN4eHYtcDc4ci00ZmM2
Cross-site Scripting in apache-airflow
Ecosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS05aDlnLTkzZ2MtNjIzaM4AAwSh
Possible XSS vulnerability with certain configurations of rails-html-sanitizer
Ecosystems: rubygems
Packages: rails-html-sanitizer
Source: GitHub Advisory Database
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS02NXY4LTZwdnctand2cc4AAyq3
Answer vulnerable to Insertion of Sensitive Information Into Sent Data
Ecosystems: go
Packages: github.com/answerdev/answer
Source: GitHub Advisory Database
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS0yMjhnLTk0OHItODNneM4AAwSd
Improper neutralization of data URIs may allow XSS in Loofah
Ecosystems: rubygems
Packages: loofah
Source: GitHub Advisory Database
Published: 6 months ago
High
GSA_kwCzR0hTQS1wcHE3LTg4YzctcTg3Oc0XVw
Cross-Site Request Forgery in PiranhaCMS
Ecosystems: nuget
Packages: Piranha
Source: GitHub Advisory Database
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS1wOW04LTI3eDgtcmc4N80XOQ
Critical vulnerability found in cron-utils
Ecosystems: maven
Packages: com.cronutils:cron-utils
Source: GitHub Advisory Database
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1xMmN2LTk0eG0tcXZnNM0XNA
firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)
Ecosystems: packagist
Packages: grumpydictator/firefly-iii
Source: GitHub Advisory Database
Published: over 1 year ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXg0NjItODlwZi02cjVo
Crash due to malformed relay protocol message
Ecosystems: go
Packages: github.com/syncthing/syncthing
Source: GitHub Advisory Database
Published: about 2 years ago
High
GSA_kwCzR0hTQS05aGNyLTloY3YteDZwds4AAypf
Flask-AppBuilder Has No Rate Limiting on Login AUTH DB
Ecosystems: pypi
Packages: Flask-AppBuilder
Source: GitHub Advisory Database
Published: about 2 months ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTMyNjkteDRwdy12ZmZn
OS Command Injection in diskusage-ng
Ecosystems: npm
Packages: diskusage-ng
Source: GitHub Advisory Database
Published: over 1 year ago
High
GSA_kwCzR0hTQS1tajdxLWNtZjMtbWc3aM4AAnOV
Stored XSS vulnerability in Jenkins on new item page
Ecosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Published: about 1 year ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWYyanctcHIyYy05eDk2
Code injection in @rkesters/gnuplot
Ecosystems: npm
Packages: @rkesters/gnuplot
Source: GitHub Advisory Database
Published: over 1 year ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXY2NDgtcDkyZi05OTk2
Out-of-bounds write
Ecosystems: nuget
Packages: Microsoft.ChakraCore
Source: GitHub Advisory Database
Published: about 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW1ydmotN3E0Zi01cDQy
Cross-site scripting in eZ Platform Kernel
Ecosystems: packagist
Packages: ezsystems/ezplatform-kernel, ezsystems/ezpublish-kernel
Source: GitHub Advisory Database
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS00djM4LTk2NGMteGptd84AAy3x
Code injection via unescaped translations in xwiki-platform
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-administration-ui
Source: GitHub Advisory Database
Published: about 1 month ago
High
GSA_kwCzR0hTQS1xdjZmLXJjdjYtNnEzeM4AAnOP
Improper handling of REST API XML deserialization errors in Jenkins
Ecosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Published: about 1 year ago
High
GSA_kwCzR0hTQS13MmY0LWh4cG0tbXE5OM0XMw
bookstack is vulnerable to Unrestricted Upload of File with Dangerous Type
Ecosystems: packagist
Packages: ssddanbrown/bookstack
Source: GitHub Advisory Database
Published: over 1 year ago
High
GSA_kwCzR0hTQS00OTk5LTY1OXctbXEzNs0XMg
Authentication bypass issue in the Operator Console
Ecosystems: go
Packages: github.com/minio/console
Source: GitHub Advisory Database
Published: over 1 year ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXI1Y3EtOTUzNy05cnBm
Prototype Pollution in mixme
Ecosystems: npm
Packages: mixme
Source: GitHub Advisory Database
Published: over 1 year ago
Low
GSA_kwCzR0hTQS01MmgyLW0yY2YtOWpoNs4AAwRz
linux-loader reading beyond EOF could lead to infinite loop
Ecosystems: cargo
Packages: linux-loader
Source: GitHub Advisory Database
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS0ycXY1LTdtdzUtajNjZ84AAyhH
spin-rs initialisation failure in `Once::try_call_once` can lead to undefined behaviour for other initialisers
Ecosystems: cargo
Packages: spin
Source: GitHub Advisory Database
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS12Yzl4LWdtbXItcDdqas4AAwP1
Duplicate advisory: @claviska/jquery-minicolors vulnerable to Cross-site Scripting
Ecosystems: npm
Packages: @claviska/jquery-minicolors
Source: GitHub Advisory Database
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS05NTdtLWc2cmYtNGMybc4AAwQc
Alist Cross-site Scripting vulnerability
Ecosystems: go
Packages: github.com/alist-org/alist/v3
Source: GitHub Advisory Database
Published: 6 months ago
High
GSA_kwCzR0hTQS00Z2pyLXZnZngtOXF2d84AAwP5
AList vulnerable to Improper Preservation of Permissions
Ecosystems: go
Packages: github.com/alist-org/alist/v3
Source: GitHub Advisory Database
Published: 6 months ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTY3ZjYtYzhteC00cTJt
Uncontrolled Resource Consumption in JPA Server in HAPI FHIR
Ecosystems: maven
Packages: ca.uhn.hapi.fhir:hapi-fhir-jpaserver-base
Source: GitHub Advisory Database
Published: almost 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJ4N3YtdzJtdi1mM3J4
Improper Authentication in Atlassian Connect Spring Boot
Ecosystems: maven
Packages: com.atlassian.connect:atlassian-connect-spring-boot
Source: GitHub Advisory Database
Published: almost 2 years ago
High
GSA_kwCzR0hTQS0zcnJ4LTM2NHItNndmNs4AAwPg
Cross-site Scripting in Jenkins Spring Config Plugin
Ecosystems: maven
Packages: io.jenkins.plugins:spring-config
Source: GitHub Advisory Database
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS1tODJnLWZ2N3YtaDY0bc4AAwPp
Jenkins Sonar Gerrit Plugin vulnerable to Cross-Site Request Forgery
Ecosystems: maven
Packages: org.jenkins-ci.plugins:sonar-gerrit
Source: GitHub Advisory Database
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS12OTNjLWN4ajUtYzM5OM4AAwPk
Jenkins Google Login Plugin Open Redirect vulnerability
Ecosystems: maven
Packages: org.jenkins-ci.plugins:google-login
Source: GitHub Advisory Database
Published: 6 months ago
High
GSA_kwCzR0hTQS04cjc2LWZyNzItajMyd84AAwRx
Creator Verification Error when Bubblegum Activate
Ecosystems: cargo
Packages: mpl-token-metadata, mpl-bubblegum
Source: GitHub Advisory Database
Published: 6 months ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWhwdzctM3ZxMy1tbXY2
Insecure deserialization in Wire
Ecosystems: nuget
Packages: Wire
Source: GitHub Advisory Database
Published: about 2 years ago
Low
GSA_kwCzR0hTQS1tNTlxLXZncTktNzVjcs4AAtD2
Password stored in plain text by Jenkins RQM Plugin
Ecosystems: maven
Packages: net.praqma:rqm-plugin
Source: GitHub Advisory Database
Published: 11 months ago
Moderate
GSA_kwCzR0hTQS1tNGhqLXdnMnItcXBjcs0XLw
showdoc is vulnerable to Cross-Site Request Forgery (CSRF)
Ecosystems: packagist
Packages: showdoc/showdoc
Source: GitHub Advisory Database
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS12cDIyLTIzMnctaDl4OM4AAwNK
RuoYi-Cloud Cross-site Scripting vulnerability
Ecosystems: maven
Packages: com.ruoyi:ruoyi-common
Source: GitHub Advisory Database
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS03YzhmLW0zODktNHhqY84AAtDg
Missing permission checks in Jenkins XebiaLabs XL Release Plugin allow enumerating credentials IDs
Ecosystems: maven
Packages: com.xebialabs.ci:xlrelease-plugin
Source: GitHub Advisory Database
Published: 11 months ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXFtNTctdmhxMy0zZndm
Header injection possible in Django
Ecosystems: pypi
Packages: Django
Source: GitHub Advisory Database
Published: almost 2 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWhjNmMtNzVwNC1obXE0
Reference binding to null pointer in `MatrixDiag*` ops
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS13NjZyLWY1Z2ctZ3F3bc4AAYZw
Jenkins GitHub Branch Source Plugin vulnerable to Cross-Site Request Forgery
Ecosystems: maven
Packages: org.jenkins-ci.plugins:github-branch-source
Source: GitHub Advisory Database
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1xN2p4LXI3NXItaGdqMs4AAW5e
Jenkins Cucumber Living Documentation Plugin Cross-site Scripting vulnerability
Ecosystems: maven
Packages: org.jenkins-ci.plugins:cucumber-living-documentation
Source: GitHub Advisory Database
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS12cTdwLWY0ZnYtcnI1eM4AAW5O
Jenkins vSphere Plugin disables SSL/TLS certificate validation by default
Ecosystems: maven
Packages: org.jenkins-ci.plugins:vsphere-cloud
Source: GitHub Advisory Database
Published: about 1 year ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTR2ZjItNHhjZy02NWN4
Division by 0 in `Conv2D`
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1meDJjLTk2dmotOTg1ds4AAwRn
HAProxyMessageDecoder Stack Exhaustion DoS
Ecosystems: maven
Packages: io.netty:netty-codec-haproxy
Source: GitHub Advisory Database
Published: 6 months ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWc0aDItZ3FtMy1jOXdx
Segfault in tf.raw_ops.ImmutableConst
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Published: about 2 years ago
Low
GSA_kwCzR0hTQS04NzZqLTRxNzMtN2Y1Ns4AAW5C
Jenkins GitHub Pull Request Builder Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:ghprb
Source: GitHub Advisory Database
Published: about 1 year ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWZwaHEtZ3c5bS1naHJ2
CHECK-fail in `CTCGreedyDecoder`
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Published: about 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTlyZjUtam02Zi0yZm1t
Active Record subject to strong parameters protection bypass
Ecosystems: rubygems
Packages: activerecord
Source: GitHub Advisory Database
Published: over 5 years ago
High
GSA_kwCzR0hTQS0yZzMyLTJqOHctMnFnZs4AAW48
Jenkins vSphere Plugin Cross-Site Request Forgery vulnerability
Ecosystems: maven
Packages: org.jenkins-ci.plugins:vsphere-cloud
Source: GitHub Advisory Database
Published: about 1 year ago
High
GSA_kwCzR0hTQS02NHdwLWpoOXAtNWNnMs4AAw6f
RSSHub SSRF vulnerability
Ecosystems: npm
Packages: rsshub
Source: GitHub Advisory Database
Published: 5 months ago
High
GSA_kwCzR0hTQS1oeHB3LTd4OTUtcTM4bc4AAYTu
Jenkins Pipeline: Input Step Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:pipeline-input-step
Source: GitHub Advisory Database
Published: about 1 year ago
High
GSA_kwCzR0hTQS00cjc4LWh4NzUtampqMs39zQ
golang.org/x/net/html has Improper Restriction of Operations within the Bounds of a Memory Buffer
Ecosystems: go
Packages: golang.org/x/net, golang.org/x/net/html
Source: GitHub Advisory Database
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1nMzY0LWM3dzUtOTN3aM4AAXbz
Jenkins Delivery Pipeline Plugin Cross-site Scripting vulnerability
Ecosystems: maven
Packages: se.diabol.jenkins.pipeline:delivery-pipeline-plugin
Source: GitHub Advisory Database
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS00cGp4LTg2cGcteDRqNc4AAWed
Jenkins SAML Plugin Session Fixation vulnerability
Ecosystems: maven
Packages: org.jenkins-ci.plugins:saml
Source: GitHub Advisory Database
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1tOHgyLTRnYzgtOXYzcs4AAWOd
Jenkins CollabNet Plugin man in the middle vulnerability
Ecosystems: maven
Packages: org.jenkins-ci.plugins:collabnet
Source: GitHub Advisory Database
Published: about 1 year ago
Low
GSA_kwCzR0hTQS13d2d4LTk0djYtZmMycM4AASyU
Jenkins SSH Agent Plugin exposes SSH private key password to users with permission to read the build log
Ecosystems: maven
Packages: org.jenkins-ci.plugins:ssh-agent
Source: GitHub Advisory Database
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1ocndjLXBxZm0tZzZxZs4AAYUB
Jenkins Subversion Plugin Cross-Site Request Forgery vulnerability
Ecosystems: maven
Packages: org.jenkins-ci.plugins:subversion
Source: GitHub Advisory Database
Published: about 1 year ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXFnNDgtODVoZy1tcWM1
Division by 0 in `DenseCountSparseOutput`
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS1xaHE4LTJmM20tZ3h2cM4AAyAP
SQL Injection in Funadmin
Ecosystems: packagist
Packages: funadmin/funadmin
Source: GitHub Advisory Database
Published: 3 months ago
Low
GSA_kwCzR0hTQS02M2pnLTV3djYtN2dods4AAV9P
Jenkins Resource Disposer Plugin allows attacker to stop tracking specified resource
Ecosystems: maven
Packages: org.jenkins-ci.plugins:resource-disposer
Source: GitHub Advisory Database
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS05MnJ2LW12bWotNDdxaM4AAWoc
Jenkins GitHub Pull Request Builder Plugin credential capture vulnerability
Ecosystems: maven
Packages: org.jenkins-ci.plugin:ghprb
Source: GitHub Advisory Database
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1ycDgyLXh2ZzMtNzI3Y84AAWxR
Jenkins Google Login Plugin Session Fixation vulnerability
Ecosystems: maven
Packages: org.jenkins-ci.plugins:google-login
Source: GitHub Advisory Database
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS05Y2ZxLXYyaG0tYzN4cs4AAWob
Jenkins GitHub Branch Source Plugin vulnerable to Server-Side Request Forgery
Ecosystems: maven
Packages: org.jenkins-ci.plugins:github-branch-source
Source: GitHub Advisory Database
Published: about 1 year ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWZ4cWgtY2ZqbS1mcDkz
Division by 0 in `Reverse`
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS12aHJ2LTlmOWctcmZyeM4AAx99
SQL Injection in Funadmin
Ecosystems: packagist
Packages: funadmin/funadmin
Source: GitHub Advisory Database
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS1yZjdoLTltODUtNTM1ds4AAVXR
Jenkins Publisher Over CIFS Plugin confused deputy vulnerability
Ecosystems: maven
Packages: org.jenkins-ci.plugins:publish-over-cifs
Source: GitHub Advisory Database
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1wNWhyLXJmNnctM3Z2aM4AAu_S
CSRF vulnerability and mM
Ecosystems: maven
Packages: org.jenkins-ci.plugins:ws-execution-manager
Source: GitHub Advisory Database
Published: 8 months ago
Low
GSA_kwCzR0hTQS0zaHc2LWdjOGgtOTI0M84AAWQT
Jenkins meliora-testlab Plugin allows attackers with file system access to Jenkins master to obtain API key
Ecosystems: maven
Packages: org.jenkins-ci.plugins:meliora-testlab
Source: GitHub Advisory Database
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS0zeGpxLThqODkteHJ3Oc4AAWcT
Jenkins Badge Plugin cross-site scripting vulnerability
Ecosystems: maven
Packages: org.jenkins-ci.plugins:badge
Source: GitHub Advisory Database
Published: about 1 year ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTU5cTIteDJxYy00Yzk3
Heap OOB access in unicode ops
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1ydnE2LW1ycHYtbTZybc4AAcJq
Code Injection in Django
Ecosystems: pypi
Packages: Django
Source: GitHub Advisory Database
Published: about 1 year ago
High
GSA_kwCzR0hTQS1mdjNjLTZjdzctMnFjcc4AAYaF
Jenkins Poll SCM Plugin vulnerable to Cross-Site Request Forgery
Ecosystems: maven
Packages: org.jenkins-ci.plugins:pollscm
Source: GitHub Advisory Database
Published: about 1 year ago
High
GSA_kwCzR0hTQS1mY2Y5LTZmdjItZmM1ds39nQ
golang.org/x/net/html has Improper Restriction of Operations within the Bounds of a Memory Buffer
Ecosystems: go
Packages: golang.org/x/net, golang.org/x/net/html
Source: GitHub Advisory Database
Published: about 1 year ago
High
GSA_kwCzR0hTQS04Mjk0LW12OWMtN201aM4AAts5
Stored XSS vulnerability in Jenkins Maven Metadata Plugin for Jenkins CI server plugin
Ecosystems: maven
Packages: eu.markov.jenkins.plugin.mvnmeta:maven-metadata-plugin
Source: GitHub Advisory Database
Published: 10 months ago
High
GSA_kwCzR0hTQS1wZzVwLXd3cDgtOTdnOM4AAy3v
Debug mode leaks confidential data in Cilium
Ecosystems: go
Packages: github.com/cilium/cilium
Source: GitHub Advisory Database
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS1odnd4LXFoMmgteGNmas4AAwSV
TYPO3 HTML Sanitizer vulnerable to Cross-Site Scripting
Ecosystems: packagist
Packages: typo3/cms, typo3/html-sanitizer
Source: GitHub Advisory Database
Published: 6 months ago
High
GSA_kwCzR0hTQS00d3I5LTJ4YzYtam1nNc4AAo_q
Session fixation vulnerability in Jenkins
Ecosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS04Z2NnLXZ3bXctcnhqNM4AAw3a
Flarum notifications can leak restricted content
Ecosystems: packagist
Packages: flarum/core
Source: GitHub Advisory Database
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS04cDhxLXd2eHgtanE5NM0sJw
Missing permission check in Jenkins SWAMP Plugin allows capturing credentials
Ecosystems: maven
Packages: org.continuousassurance.swamp.jenkins:swamp
Source: GitHub Advisory Database
Published: over 1 year ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTRwNHAtd3d3OC04ZnY5
Reference binding to null in `ParameterizedTruncatedNormal`
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Published: about 2 years ago
High
GSA_kwCzR0hTQS1qdnZ4LWhtbXItcmhnZ84AAttC
Stored XSS vulnerability in Jenkins Dynamic Extended Choice Parameter plugin
Ecosystems: maven
Packages: com.moded.extendedchoiceparameter:dynamic_extended_choice_parameter
Source: GitHub Advisory Database
Published: 10 months ago
Low
GSA_kwCzR0hTQS0ycWg2LWhodnYtbTJ3d84AAts9
Jenkins HTTP Request Plugin stores HTTP Request passwords unencrypted
Ecosystems: maven
Packages: org.jenkins-ci.plugins:http_request
Source: GitHub Advisory Database
Published: 10 months ago
Low
GSA_kwCzR0hTQS0zNmo4LWYzM2otdmp3cc4AAtDk
Passwords stored in plain text by Jenkins hpe-network-virtualization plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:hpe-network-virtualization
Source: GitHub Advisory Database
Published: 11 months ago
High
GSA_kwCzR0hTQS13OXdjLTR4Y3EtOGdyNs4AAwO3
Akeneo PIM Community Edition vulnerable to remote php code execution
Ecosystems: packagist
Packages: akeneo/pim-community-dev
Source: GitHub Advisory Database
Published: 6 months ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZxMnItNXh2bS0zaGMz
Segfault in `CTCBeamSearchDecoder`
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS0yNTg4LWN4NnctNnZtNs4AAtDB
Missing permission checks in Jenkins XebiaLabs XL Release Plugin allow capturing credentials
Ecosystems: maven
Packages: com.xebialabs.ci:xlrelease-plugin
Source: GitHub Advisory Database
Published: 11 months ago
High
GSA_kwCzR0hTQS1ocGY3LW1tcXctZzZ2cc4AAtDe
Cross-site Scripting in Jenkins Plot Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:plot
Source: GitHub Advisory Database
Published: 11 months ago
Critical
GSA_kwCzR0hTQS1yaDNtLXByMzYteGgyZs4AAwzQ
kelvinmo simplexrd vulnerable to Improper Restriction of XML External Entity Reference
Ecosystems: packagist
Packages: kelvinmo/simplexrd
Source: GitHub Advisory Database
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS00Y3J3LXc4cHctMmhtZs4AAwOT
Buildah (as part of Podman) vulnerable to Link Following
Ecosystems: go
Packages: github.com/containers/podman/v4
Source: GitHub Advisory Database
Published: 6 months ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW12NzgtZzd3cS1taHA0
Division by zero in padding computation in TFLite
Ecosystems: pypi
Packages: tensorflow
Source: GitHub Advisory Database
Published: about 2 years ago
High
GSA_kwCzR0hTQS14MzlqLWg4NWgtM2Y0Ns4AAwNX
go-merkledag's ProtoNode may be modified such that common method calls may panic
Ecosystems: go
Packages: github.com/ipfs/go-merkledag
Source: GitHub Advisory Database
Published: 6 months ago
High
GSA_kwCzR0hTQS01Y3JwLTlyM2MtcDl2cs4AAs6x
Improper Handling of Exceptional Conditions in Newtonsoft.Json
Ecosystems: nuget
Packages: Newtonsoft.Json
Source: GitHub Advisory Database
Published: 12 months ago
Moderate
GSA_kwCzR0hTQS05cWdwLTl3d2MtdjI5cs4AAwNW
PrestaShop has potential Information exposure in the upload directory
Ecosystems: packagist
Packages: prestashop/prestashop
Source: GitHub Advisory Database
Published: 6 months ago
High
GSA_kwCzR0hTQS13eGdoLThnbXItM3FoM84AAwzL
terminal-kit Inefficient Regular Expression Complexity vulnerability
Ecosystems: npm
Packages: terminal-kit
Source: GitHub Advisory Database
Published: 5 months ago
Filter by Package
tensorflow 433 tensorflow-cpu 387 tensorflow-gpu 384 org.jenkins-ci.main:jenkins-core 163 pimcore/pimcore 98 org.apache.tomcat:tomcat 78 microweber/microweber 75 com.fasterxml.jackson.core:jackson-databind 69 Microsoft.ChakraCore 67 actionpack 57 github.com/usememos/memos 55 thorsten/phpmyfaq 53 moodle/moodle 53 apache-airflow 45 ansible 44 org.apache.struts:struts2-core 43 django 42 shopware/platform 41 rdiffweb 40 typo3/cms-core 39 Pillow 39 org.keycloak:keycloak-core 39 com.thoughtworks.xstream:xstream 37 showdoc/showdoc 36 shopware/core 32 librenms/librenms 31 opencv-contrib-python 30 opencv-python 30 snipe/snipe-it 29 github.com/answerdev/answer 29 nokogiri 28 org.apache.nifi:nifi 28 concrete5/concrete5 27 org.springframework:spring-core 27 io.undertow:undertow-core 26 Plone 26 openssl-src 26 com.liferay.portal:release.portal.bom 25 rubygems-update 25 net.mingsoft:ms-mcms 25 activerecord 24 craftcms/cms 24 parse-server 24 org.elasticsearch:elasticsearch 23 matrix-synapse 23 dolibarr/dolibarr 22 org.xwiki.platform:xwiki-platform-oldcore 22 apache-superset 22 org.apache.tomcat.embed:tomcat-embed-core 22 gogs.io/gogs 22 remdex/livehelperchat 22 org.jenkins-ci.plugins:script-security 21 org.apache.solr:solr-core 21 org.springframework.security:spring-security-core 21 org.eclipse.jetty:jetty-server 21 rack 20 org.apache.openmeetings:openmeetings-parent 20 typo3/cms 19 electron 19 froxlor/froxlor 19 github.com/argoproj/argo-cd 19 com.vaadin:vaadin-bom 19 github.com/hashicorp/nomad 18 org.keycloak:keycloak-parent 18 mautic/core 18 shopware/shopware 18 silverstripe/framework 18 baserproject/basercms 17 org.bouncycastle:bcprov-jdk14 17 sequelize 17 cakephp/cakephp 17 org.apache.activemq:activemq-client 17 @openzeppelin/contracts-upgradeable 16 marked 16 org.bouncycastle:bcprov-jdk15 16 org.apache.geode:geode-core 16 pocketmine/pocketmine-mp 16 yetiforce/yetiforce-crm 16 vyper 16 drupal/core 16 rusqlite 16 @openzeppelin/contracts 15 grumpydictator/firefly-iii 15 Django 15 github.com/ethereum/go-ethereum 15 org.apache.jspwiki:jspwiki-main 15 francoisjacquet/rosariosis 15 org.apache.cxf:cxf 14 swagger-ui 14 symfony/symfony 14 strapi 14 org.apache.dubbo:dubbo 14 wasmtime 13 helm.sh/helm/v3 13 tribalsystems/zenario 13 notebook 13 Microsoft.AspNetCore.App.Runtime.linux-x64 13 Microsoft.AspNetCore.App.Runtime.osx-x64 13 puppet 13 Microsoft.AspNetCore.App.Runtime.win-arm 13 Microsoft.AspNetCore.App.Runtime.win-x64 13 Microsoft.AspNetCore.App.Runtime.win-x86 13 Microsoft.AspNetCore.App.Runtime.linux-arm64 13 Microsoft.AspNetCore.App.Runtime.linux-musl-x64 13 Microsoft.AspNetCore.App.Runtime.linux-arm 13 handlebars 13 github.com/hashicorp/vault 13 github.com/rancher/rancher 13 k8s.io/kubernetes 13 publify_core 13 pyftpdlib 13 nova 13 github.com/goharbor/harbor 13 github.com/argoproj/argo-cd/v2 12 github.com/docker/docker 12 rails-html-sanitizer 12 ezsystems/ezpublish-kernel 12 golang.org/x/net 12 phpmailer/phpmailer 12 Microsoft.AspNetCore.App.Runtime.linux-musl-arm64 12 ckb 12 getkirby/cms 12 forkcms/forkcms 12 openmage/magento-lts 12 next 12 actionview 12 activesupport 12 rails 12 getgrav/grav 12 org.apache.tika:tika-core 12 onionshare-cli 11 org.jenkins-ci.plugins.workflow:workflow-cps 11 feehi/feehicms 11 org.jenkins-ci.plugins:git 11 github.com/containerd/containerd 11 org.apache.cxf:cxf-core 11 org.apache.hadoop:hadoop-common 11 org.apache.hadoop:hadoop-main 11 github.com/opencontainers/runc 11 intelliants/subrion 11 modoboa 11 fat_free_crm 11 calibreweb 11 org.apache.jspwiki:jspwiki-war 11 github.com/mattermost/mattermost-server/v6 11 nilsteampassnet/teampass 11 DotNetNuke.Core 11 prestashop/prestashop 10 github.com/cilium/cilium 10 org.apache.camel:camel-core 10 vm2 10 ghost 10 github.com/hashicorp/consul 10 com.vaadin:flow-server 10 Microsoft.AspNetCore.App.Runtime.win-arm64 10 Microsoft.NETCore.App 10 Microsoft.AspNetCore.All 10 twisted 10 org.xwiki.platform:xwiki-platform-web 10 contao/core-bundle 10 angular 10 ckeditor4 10 october/system 10 tinymce 10 org.apache.ranger:ranger 10 org.xwiki.platform:xwiki-platform-web-templates 9 opencv-contrib-python-headless 9 opencv-python-headless 9 centreon/centreon 9 org.apache.xmlgraphics:batik 9 io.jenkins:configuration-as-code 9 code.gitea.io/gitea 9 org.apache.hive:hive 9 directus 9 concrete5/core 9 org.jenkins-ci.plugins.workflow:workflow-cps-global-lib 9 passenger 9 jquery 9 waitress 9 kevinpapst/kimai2 9 cobbler 9 puma 9 validator 9 serve 9 org.jenkins-ci.plugins:email-ext 8 ssddanbrown/bookstack 8 ezsystems/ezplatform-kernel 8 funadmin/funadmin 8 github.com/traefik/traefik/v2 8 org.apache.tapestry:tapestry-core 8 Microsoft.AspNetCore.App.Runtime.linux-musl-arm 8 Microsoft.AspNetCore.App 8 OctoPrint 8 alextselegidis/easyappointments 8 codeigniter4/framework 8 nodebb 8 url-parse 8 matrix-js-sdk 8 urijs 8 steal 8 topthink/framework 8 jquery-ui 8 deno 8 pyload-ng 8 sylius/sylius 8 org.apache.shiro:shiro-core 8 org.apache.poi:poi 8 org.apache.tika:tika 8 next-auth 8 org.yaml:snakeyaml 8 org.apache.commons:commons-compress 8 github.com/kubeedge/kubeedge 8 npm 8 org.apache.karaf:apache-karaf 8 mysql:mysql-connector-java 8 wwbn/avideo 8 org.jboss.resteasy:resteasy-client 8 org.apache.pdfbox:pdfbox 8 elefant/cms 8 facturascripts/facturascripts 8 impresscms/impresscms 8 org.keycloak:keycloak-services 8 org.apache.hive:hive-exec 8 node-forge 8 github.com/nats-io/nats-server/v2 8 glance 8 org.apache.kylin:kylin 8 org.apache.ozone:ozone-main 8 editor.md 8 github.com/pomerium/pomerium 8 wagtail 8 keystone 8 cryptography 8 org.apache.zeppelin:zeppelin 7 Flask-AppBuilder 7 org.springframework:spring-webmvc 7 com.xuxueli:xxl-job 7 org.apache.archiva:archiva 7 github.com/go-gitea/gitea 7 io.jenkins.plugins:cavisson-ns-nd-integration 7 org.opennms:opennms 7 Microsoft.NETCore.App.Runtime.linux-arm64 7 org.jenkins-ci.plugins:subversion 7 tar 7 github.com/cri-o/cri-o 7 github.com/mattermost/mattermost-server 7 total.js 7 org.igniterealtime.openfire:parent 7 pillow 7 kiwitcms 7 systeminformation 7 october/cms 7 feehi/cms 7 org.apache.atlas:atlas-common 7 org.apache.santuario:xmlsec 7 org.craftercms:crafter-studio 7 jsrsasign 7 Microsoft.NETCore.App.Runtime.linux-musl-arm64 7 org.jruby:jruby-stdlib 7 io.jenkins.blueocean:blueocean 7 Microsoft.NETCore.App.Runtime.linux-musl-x64 7 Microsoft.NETCore.App.Runtime.linux-x64 7 Microsoft.NETCore.App.Runtime.win-x64 7 Microsoft.NETCore.App.Runtime.win-x86 7 Microsoft.NETCore.App.Runtime.osx-x64 7 Microsoft.NETCore.App.Runtime.win-arm64 7 Microsoft.NETCore.App.Runtime.win-arm 7 Microsoft.NETCore.App.Runtime.linux-arm 7 org.postgresql:postgresql 7 org.apache.logging.log4j:log4j-core 7 pysaml2 7 com.jflyfox:jflyfox_jfinal 7 golang.org/x/crypto 7 laravel/framework 7 OPCFoundation.NetStandard.Opc.Ua.Core 7 october/backend 7 numpy 7 keystone 7 snyk-broker 7 hapi 7 org.apache.httpcomponents:httpclient 7 org.apache.druid:druid 7 bootstrap 7 urllib3 7 hermes-engine 7 hyper 7 org.apache.spark:spark-core_2.11 7 smarty/smarty 7 org.apache.cxf:apache-cxf 7 jQuery 7 mlflow 7 wallabag/wallabag 7 undici 7 lodash 7 org.apache.james:james-server 7 github.com/google/fscrypt 7 org.jeecgframework.boot:jeecg-boot-base 7 io.atomix:atomix 7 github.com/grafana/grafana 7 org.apache.hive:hive-service 7