Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Advisories

Loading...
Critical
GSA_kwCzR0hTQS00cjJmLTZmbTktMnFnaM4AAw1-
Ecto lacks a protection mechanism
Ecosystems: hex
Packages: ecto
Source: GitHub Advisory Database
Published: 19 days ago
Moderate
GSA_kwCzR0hTQS01ZzJoLTl4NXYtNWgzeM4AAw18
phoenix_html allows Cross-site Scripting in HEEx class attributes
Ecosystems: hex, npm
Packages: phoenix_html
Source: GitHub Advisory Database
Published: 19 days ago
High
GSA_kwCzR0hTQS1wOGY3LTIyZ3EtbTdqOc4AAvXo
Phoenix before 1.6.14 mishandles check_origin wildcarding
Ecosystems: hex
Packages: phoenix
Source: GitHub Advisory Database
Published: 3 months ago
Critical
GSA_kwCzR0hTQS14eDM2LTZydjQtZ2o4cs4AAqnc
ecdsa-elixir fails to check signatures, vulnerable to message forging
Ecosystems: hex
Packages: ecdsa-elixir
Source: GitHub Advisory Database
Published: 8 months ago
High
GSA_kwCzR0hTQS1ocmZoLTdqNWYtOGNjcs4AAiwj
Pivotal RabbitMQ is vulnerable to a denial of service attack
Ecosystems: hex
Packages: RabbitMQ
Source: GitHub Advisory Database
Published: 8 months ago
Low
GSA_kwCzR0hTQS05cGY3LWY0N3EtbXdwcc4AAiwc
Cross-site Scripting in RabbitMQ
Ecosystems: hex
Packages: rabbit_common
Source: GitHub Advisory Database
Published: 8 months ago
High
GSA_kwCzR0hTQS01djV3LTQ0dzYtcTVods4AAepF
Erlang Solutions MongooseIM vulnerable to denial of service (DoS) via crafted XMPP stream
Ecosystems: hex
Packages: MongooseIM
Source: GitHub Advisory Database
Published: 9 months ago
Low
GSA_kwCzR0hTQS1oM2doLTk3OHItNzQ3d84AATUz
puppetlabs-rabbitmq allows local users to obtain sensitive information
Ecosystems: hex
Packages: puppetlabs-rabbitmq
Source: GitHub Advisory Database
Published: 9 months ago
Critical
GSA_kwCzR0hTQS02eDY1LXZxcDctNXI2M84AAR2T
alchemist.vim vulnerable to remote code execution
Ecosystems: hex
Packages: alchemist.vim
Source: GitHub Advisory Database
Published: 9 months ago
High
GSA_kwCzR0hTQS1xcG1jLXdwcnYteDc0Ns06og
Inline DTD allows XML bomb attack
Ecosystems: hex
Packages: sweet_xml
Source: GitHub Advisory Database
Published: 10 months ago
Moderate
GSA_kwCzR0hTQS01NjUzLTQzN2YtNWhtY806oQ
Denial of service
Ecosystems: hex
Packages: pow_assent
Source: GitHub Advisory Database
Published: 10 months ago
Moderate
GSA_kwCzR0hTQS12MndmLWMzajYtd3B2d806oA
Session fixation
Ecosystems: hex
Packages: pow
Source: GitHub Advisory Database
Published: 10 months ago
Moderate
GSA_kwCzR0hTQS05aDczLXc3Y2gtcmg3M806nw
Header Injection
Ecosystems: hex
Packages: plug
Source: GitHub Advisory Database
Published: 10 months ago
High
GSA_kwCzR0hTQS01djRtLWM3M3YtYzdncc06ng
Arbitrary Code Execution in Cookie Serialization
Ecosystems: hex
Packages: plug
Source: GitHub Advisory Database
Published: 10 months ago
High
GSA_kwCzR0hTQS0ycTZ2LTMybXItOHA4eM06nQ
Null Byte Injection in Plug.Static
Ecosystems: hex
Packages: plug
Source: GitHub Advisory Database
Published: 10 months ago
Moderate
GSA_kwCzR0hTQS01Y2h4LWdnMjUtdjM3bc06nA
Cross-site Scripting in xain
Ecosystems: hex
Packages: xain
Source: GitHub Advisory Database
Published: 10 months ago
Moderate
GSA_kwCzR0hTQS1jbWZoLThmOHItZmo5Ns06mw
Arbitrary URL Redirect
Ecosystems: hex
Packages: phoenix
Source: GitHub Advisory Database
Published: 10 months ago
Moderate
GSA_kwCzR0hTQS1qM2dnLXI2Z3AtOTVxMs06mQ
XSS in HEEx class attributes
Ecosystems: hex
Packages: phoenix_html
Source: GitHub Advisory Database
Published: 10 months ago
Moderate
GSA_kwCzR0hTQS0yeHh4LWZoYzgtOXF2cc06mA
Missing `is_nil` requirement
Ecosystems: hex
Packages: ecto
Source: GitHub Advisory Database
Published: 10 months ago
Critical
GSA_kwCzR0hTQS13OThtLTJ4cWctOWN2as06lw
Remote Code Execution in paginator
Ecosystems: hex
Packages: paginator
Source: GitHub Advisory Database
Published: 10 months ago
Moderate
GSA_kwCzR0hTQS1tcnE4LTUzcjQtM2o1bc0m4g
Permissive parameters and privilege escalation
Ecosystems: hex
Packages: coherence
Source: GitHub Advisory Database
Published: 12 months ago