Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

maven Security Advisories

Moderate

GSA_kwCzR0hTQS1oNzJ2LTY1MncteHY2NM4AAjSP

Missing permission checks in Health Advisor by CloudBees Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:cloudbees-jenkins-advisor
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago

Moderate

GSA_kwCzR0hTQS01ZnBxLTNjOXAtM3Izd84AA4E3

ShifuML shifu code injection vulnerability
Ecosystems: maven
Packages: ml.shifu:shifu
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 5 months ago

Moderate

GSA_kwCzR0hTQS1qMjRoLXhjcGMtOWp3OM4AA3d2

Eclipse IDE XXE in eclipse.platform
Ecosystems: maven
Packages: org.eclipse.jdt:org.eclipse.jdt.ui, org.eclipse.platform:org.eclipse.urischeme, org.eclipse.platform:org.eclipse.ui.workbench, org.eclipse.platform:org.eclipse.ui.ide, org.eclipse.platform:org.eclipse.ui.forms, org.eclipse.platform:org.eclipse.jface, org.eclipse.platform:org.eclipse.platform, org.eclipse.platform:org.eclipse.core.runtime
Source: GitHub Advisory Database
Blast Radius: 10.8
Published: 6 months ago

Moderate

GSA_kwCzR0hTQS00ZjUzLXhoM3YtZzh4NM4AA7I2

Keycloak secondary factor bypass in step-up authentication
Ecosystems: maven
Packages: org.keycloak:keycloak-services
Source: GitHub Advisory Database
Blast Radius: 13.7
Published: 29 days ago

Moderate

MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXh3eDYtdm1qNC01cnY4

Denial of service via deserialization attack in nifi
Ecosystems: maven
Packages: org.apache.nifi:nifi-framework-cluster-protocol
Source: GitHub Advisory Database
Blast Radius: 9.3
Published: over 4 years ago

Moderate

GSA_kwCzR0hTQS1tam1xLWd3Z20tNXFobc4AA0hU

Apache MINA SSHD information disclosure vulnerability
Ecosystems: maven
Packages: org.apache.sshd:sshd-sftp, org.apache.sshd:sshd-common, org.apache.sshd:sshd-core
Source: GitHub Advisory Database
Blast Radius: 17.0
Published: 10 months ago

Moderate

GSA_kwCzR0hTQS04MnYyLWY4NzUtNzNnOc4AAiX7

Wildfly Authorization Misconfiguration
Ecosystems: maven
Packages: org.wildfly.core:wildfly-host-controller
Source: GitHub Advisory Database
Blast Radius: 9.5
Published: almost 2 years ago

Moderate

GSA_kwCzR0hTQS1jcWd2LTI1NnItbTlyOM4AAngq

Insertion of Sensitive Information into Log File in Elasticsearch
Ecosystems: maven
Packages: org.elasticsearch:elasticsearch
Source: GitHub Advisory Database
Blast Radius: 20.9
Published: almost 2 years ago

Moderate

MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWg3ajctcHczdi0zdjN4

Moderate severity vulnerability that affects org.keycloak:keycloak-core
Ecosystems: maven
Packages: org.keycloak:keycloak-core
Source: GitHub Advisory Database
Blast Radius: 15.0
Published: over 5 years ago

Moderate

MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXYzdmYtMnI5OC14dzh3

Exposure of Sensitive Information to an Unauthorized Actor in Apache syncope-cope
Ecosystems: maven
Packages: org.apache.syncope:syncope-core
Source: GitHub Advisory Database
Blast Radius: 4.7
Published: over 5 years ago

Moderate

GSA_kwCzR0hTQS1tMnI1LTR3OTYtcXhnNc1Biw

Arbitrary file access through XML parsing in org.xwiki.commons:xwiki-commons-xml
Ecosystems: maven
Packages: org.xwiki.commons:xwiki-commons-xml
Source: GitHub Advisory Database
Blast Radius: 9.2
Published: about 2 years ago

Moderate

GSA_kwCzR0hTQS0yOHdnLThndjQtbXBqZs4AA3uz

Broken access control in Silverpeas
Ecosystems: maven
Packages: org.silverpeas.core:silverpeas-core-web
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 5 months ago

Moderate

MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTcyajQtOTRyeC1jcjZ3

Incorrect Permission Assignment for Critical Resource and Permissive List of Allowed Inputs in Keycloak
Ecosystems: maven
Packages: org.keycloak:keycloak-parent
Source: GitHub Advisory Database
Blast Radius: 7.9
Published: over 2 years ago

Moderate

GSA_kwCzR0hTQS13NWdnLTJxNTYtNmg0Zs4AA6Xy

Elasticsearch Uncontrolled Resource Consumption vulnerability
Ecosystems: maven
Packages: org.elasticsearch:elasticsearch
Source: GitHub Advisory Database
Blast Radius: 20.9
Published: about 2 months ago

Moderate

MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWp2cHAtaHhqai01Y2Nj

Improper Input Validation and Missing Authentication for Critical Function in Apache ActiveMQ
Ecosystems: maven
Packages: org.apache.activemq:activemq-client
Source: GitHub Advisory Database
Blast Radius: 18.7
Published: almost 5 years ago

Moderate

GSA_kwCzR0hTQS1yNjloLTZjNGctNjN4Zs4AAhfo

Cleartext Transmission of Sensitive Information in Jenkins Configuration as Code Plugin
Ecosystems: maven
Packages: io.jenkins:configuration-as-code
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago

Moderate

GSA_kwCzR0hTQS0yZ2oyLXZqOTgtajJxcc4AAv_P

Missing Authorization in User#setDisabledStatus in org.xwiki.platform:xwiki-platform-oldcore
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-oldcore
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago

Moderate

GSA_kwCzR0hTQS1tbThoLTg1ODctcDQ2aM4AA2oL

RabbitMQ Java client's Lack of Message Size Limitation leads to Remote DoS Attack
Ecosystems: maven
Packages: com.rabbitmq:amqp-client
Source: GitHub Advisory Database
Blast Radius: 19.9
Published: 7 months ago

Moderate

MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJjNzUtY2Y1Yy1teHZo

Use of Cryptographically Weak Pseudo-Random Number Generator in org.pac4j:pac4j-saml
Ecosystems: maven
Packages: org.pac4j:pac4j-saml
Source: GitHub Advisory Database
Blast Radius: 9.6
Published: over 4 years ago

Moderate

GSA_kwCzR0hTQS1ycmNnLWp3cjUtMzJnN84AA32G

Apache StreamPark: Authenticated system users could trigger SQL injection vulnerability
Ecosystems: maven
Packages: org.apache.streampark:streampark
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 5 months ago

Moderate

GSA_kwCzR0hTQS1manc0LTM5cGctdmY0Zs4AAgqM

Apache Karaf vulnerable to relative path traversal
Ecosystems: maven
Packages: org.apache.karaf.config:org.apache.karaf.config.core
Source: GitHub Advisory Database
Blast Radius: 8.3
Published: almost 2 years ago

Moderate

MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTM4Y2ctZ2c5ai1xOWo5

Improper Certificate Validation and Insufficient Verification of Data Authenticity in Keycloak
Ecosystems: maven
Packages: org.keycloak:keycloak-core
Source: GitHub Advisory Database
Blast Radius: 14.7
Published: almost 5 years ago

Moderate

GSA_kwCzR0hTQS13ajc4LTh4cngtcGhyN80y-Q

Stored Cross-site Scripting vulnerability in Jenkins global-build-stats Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:global-build-stats
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago

Moderate

GSA_kwCzR0hTQS1maGh4LXI5ODMtNDR4Y8021w

SSL/TLS certificate validation globally disabled by Jenkins Proxmox Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:proxmox
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago

Moderate

GSA_kwCzR0hTQS1qNTRyLXc1ODctOTVxN84AA0qD

Jenkins Oracle Cloud Infrastructure Compute Plugin missing SSH host key validation
Ecosystems: maven
Packages: org.jenkins-ci.plugins:oracle-cloud-infrastructure-compute
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 10 months ago

Moderate

GSA_kwCzR0hTQS12M2gyLTRqMnItd3FqOM4AAYL9

Ignite Realtime Openfire Server has Cross-site Scripting vulnerability in admin console
Ecosystems: maven
Packages: org.igniterealtime.openfire:parent
Source: GitHub Advisory Database
Blast Radius: 1.4
Published: about 2 years ago

Moderate

MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWptdjQtNzN2Mi1wdmdj

Cross-site Scripting in OpenNMS Horizon
Ecosystems: maven
Packages: org.opennms:opennms
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 3 years ago

Moderate

GSA_kwCzR0hTQS00cXJqLTk5cjYtamZyaM4AAl8M

Missing hostname validation in Email Extension Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:email-ext
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago

Moderate

GSA_kwCzR0hTQS1jOGNjLWhqNTctdm02Nc0ijg

User passwords transmitted in plain text by Jenkins Active Directory Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:active-directory
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago

Moderate

GSA_kwCzR0hTQS02djZoLXJ3NDMtOTdmaM4AAzWu

Jenkins SAML Single Sign On(SSO) Plugin missing hostname validation
Ecosystems: maven
Packages: io.jenkins.plugins:miniorange-saml-sp
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago

Moderate

MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXFqd2Mtdjcydi1mcTZy

HTTP request smuggling in Undertow
Ecosystems: maven
Packages: io.undertow:undertow-core
Source: GitHub Advisory Database
Blast Radius: 17.9
Published: almost 3 years ago

Moderate

GSA_kwCzR0hTQS1nOHhjLTZtZjctaDI4aM4AAzM6

OpenSearch issue with fine-grained access control during extremely rare race conditions
Ecosystems: maven
Packages: org.opensearch.plugin:opensearch-security
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago

Moderate

GSA_kwCzR0hTQS1nOHBoLTc0bTYtOG03cs4AAzUA

ClickHouse vulnerable to client certificate password exposure in client exception
Ecosystems: maven
Packages: com.clickhouse:clickhouse-r2dbc, com.clickhouse:clickhouse-jdbc, com.clickhouse:clickhouse-client
Source: GitHub Advisory Database
Blast Radius: 11.8
Published: about 1 year ago

Moderate

GSA_kwCzR0hTQS01cHB4LXJndzIteGcyM84AATfi

Improper Neutralization of Input During Web Page Generation in Jenkins
Ecosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago

Moderate

GSA_kwCzR0hTQS12OWh4LXY2dmYtZzM2as4AA2gT

WebAuthn4J Spring Security Improper signature counter value handling
Ecosystems: maven
Packages: com.webauthn4j:webauthn4j-spring-security-core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 7 months ago

Moderate

GSA_kwCzR0hTQS1jeDg0LTQzeGMtM2dtMs4AAv3k

Improper Certificate Validation in Liferay Portal
Ecosystems: maven
Packages: com.liferay.portal:release.portal.bom
Source: GitHub Advisory Database
Blast Radius: 7.3
Published: over 1 year ago

Moderate

GSA_kwCzR0hTQS1yZnEzLXdwamgtcHB2Z84AA4Ac

WSO2 Registry Stored Cross Site Scripting (XSS) vulnerability
Ecosystems: maven
Packages: org.wso2.carbon.registry:carbon-registry
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 5 months ago

Moderate

GSA_kwCzR0hTQS1wbWM1LTc0dzMtNzhtd84AAQ7q

Jenkins Config File Provider Plugin XSS vulnerability
Ecosystems: maven
Packages: org.jenkins-ci.plugins:config-file-provider
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago

Moderate

GSA_kwCzR0hTQS05bTkyLXF3cGMtcW03OM4AAzW-

Jenkins SAML Single Sign On(SSO) Plugin unconditionally disables SSL/TLS certificate validation
Ecosystems: maven
Packages: io.jenkins.plugins:miniorange-saml-sp
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago

Moderate

MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTc2N2otamZoMi1qdnJj

Potential HTTP request smuggling in Apache Tomcat
Ecosystems: maven
Packages: org.apache.tomcat:tomcat, org.apache.tomcat.embed:tomcat-embed-core
Source: GitHub Advisory Database
Blast Radius: 19.9
Published: about 4 years ago

Moderate

GSA_kwCzR0hTQS1xZ3A4LWg1Y3Atcjc1cs4AAiYm

Jenkins Bumblebee HP ALM Plugin unconditionally disabled SSL/TLS certificate validation
Ecosystems: maven
Packages: org.jenkins-ci.plugins:bumblebee
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago

Moderate

GSA_kwCzR0hTQS05bTQ4LTU0cGotaDI0OM4AAh6P

Moderate

GSA_kwCzR0hTQS1jbTdqLXA4aGMtOTd2as4AAttG

Jenkins Git client plugin 3.11.0 does not perform SSH host key verification
Ecosystems: maven
Packages: org.jenkins-ci.plugins:git-client
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago

Moderate

MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTM3OHAtaHJxMy14NHAz

Cross-site scripting in Shopizer
Ecosystems: maven
Packages: com.shopizer:shopizer
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 3 years ago

Moderate

GSA_kwCzR0hTQS02ZnIzLTI4NnEtcTNjcs4AAl8W

Improper Validation of Certificate with Host Mismatch in Jenkins Mailer Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:mailer
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago

Moderate

GSA_kwCzR0hTQS14ajM2LTZ4YzYtOHA5eM4AA5ze

Jenkins Delphix Plugin has SSL/TLS certificate validation disabled by default
Ecosystems: maven
Packages: org.jenkins-ci.plugins:delphix
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 2 months ago

Moderate

GSA_kwCzR0hTQS02eHhmLXJ3djQtbXJqbc4AAjxs

Stored XSS vulnerability in Jenkins Timestamper Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:timestamper
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago

Moderate

MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTQ4NHEtNzg0cC04bTVo

Cross-site Scripting in keycloak
Ecosystems: maven
Packages: org.keycloak:keycloak-services, org.keycloak:keycloak-server-spi-private
Source: GitHub Advisory Database
Blast Radius: 13.3
Published: over 2 years ago

Moderate

GSA_kwCzR0hTQS12cXA4LWg1M2gtM2pmaM4AAlOW

Stored XSS vulnerability in Jenkins VncRecorder Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:vncrecorder
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago

High

MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTQ0Y3ctcDJobS1ncGY2

Disabled Hostname Verification in Opencast
Ecosystems: maven
Packages: org.opencastproject:opencast-kernel
Source: GitHub Advisory Database
Blast Radius: 7.4
Published: over 3 years ago

Moderate

MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWd3cnAtcHZycS1qbXd2

Path Traversal and Improper Input Validation in Apache Commons IO
Ecosystems: maven
Packages: org.smartboot.servlet:servlet-core, org.checkerframework.annotatedlib:commons-io, org.apache.servicemix.bundles:org.apache.servicemix.bundles.commons-io, org.apache.commons:commons-io, net.hasor:cobble-lang, com.virjar:ratel-api, com.liferay:com.liferay.sass.compiler.jsass, com.diamondq.common:common-thirdparty.jcasbin, com.cosium.vet:vet, commons-io:commons-io
Source: GitHub Advisory Database
Blast Radius: 25.9
Published: about 3 years ago

Moderate

MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTM5NDQtNzg3Yy1mODUy

Persistent Cross-Site scripting in Nexus Repository Manager
Ecosystems: maven
Packages: org.sonatype.nexus:nexus-core
Source: GitHub Advisory Database
Blast Radius: 8.3
Published: about 4 years ago

Moderate

GSA_kwCzR0hTQS1manBtLWhmN2MteGdjMs0iiw

Stored XSS vulnerability in Jenkins Publish Over SSH Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:publish-over-ssh
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago

Moderate

GSA_kwCzR0hTQS04OHdjLWZjajktcTNyOc4AA6JO

GeoServer's GWC Demos Page vulnerable to Stored Cross-Site Scripting (XSS)
Ecosystems: maven
Packages: org.geoserver:gs-gwc
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 months ago

Moderate

GSA_kwCzR0hTQS1mZzl2LTU2aHctZzUyNc4AA6JK

GeoServer's Simple SVG Renderer vulnerable to Stored Cross-Site Scripting (XSS)
Ecosystems: maven
Packages: org.geoserver:gs-wms
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 months ago

Moderate

GSA_kwCzR0hTQS13dmh3LTVtODktNjRnds4AAzdD

Cross-site scripting in Liferay Portal
Ecosystems: maven
Packages: com.liferay.portal:release.portal.bom
Source: GitHub Advisory Database
Blast Radius: 7.3
Published: 12 months ago

Moderate

GSA_kwCzR0hTQS14ODJxLW1yMjMtMjdqY84AAzdH

Cross-site scripting in Liferay Portal
Ecosystems: maven
Packages: com.liferay.portal:release.portal.bom
Source: GitHub Advisory Database
Blast Radius: 7.3
Published: 12 months ago

Moderate

GSA_kwCzR0hTQS1mY3BtLWhjaGotbWg3Ms4AA6JM

GeoServer's WMS OpenLayers Format vulnerable to Stored Cross-Site Scripting (XSS)
Ecosystems: maven
Packages: org.geoserver:gs-wms
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 months ago

Moderate

GSA_kwCzR0hTQS03eDc2LTU3ZnItbTVyNc4AA6JN

GeoServer's MapML HTML Page vulnerable to Stored Cross-Site Scripting (XSS)
Ecosystems: maven
Packages: org.geoserver.extension:gs-mapml
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 months ago

Moderate

GSA_kwCzR0hTQS04amZtLXJnbWctM3dxMs4AATm6

Apache Archiva vulnerable to Cross-site Scripting
Ecosystems: maven
Packages: org.apache.archiva:archiva
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago

Moderate

GSA_kwCzR0hTQS05cjdmLXJxaHctajhoOM38ag

Incorrect permission checks in Pipeline: Nodes and Processes plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins.workflow:workflow-durable-task-step
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago

Moderate

GSA_kwCzR0hTQS1xMjk2LTlqNXgtZnhmNM4AAoGL

SSL/TLS certificate validation unconditionally disabled by Jenkins Micro Focus Application Automation Tools Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:hp-application-automation-tools-plugin
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago

Moderate

GSA_kwCzR0hTQS01M2p4LXZ2ZjktNHgzOM4AAxhX

StaticHandler disclosure of classpath resources on Windows when mounted on a wildcard route
Ecosystems: maven
Packages: io.vertx:vertx-web
Source: GitHub Advisory Database
Blast Radius: 18.4
Published: over 1 year ago

Moderate

MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJmN3EteHFtMy02OTIz

Apache Ranger allows remote authenticated administrators to inject arbitrary web script or HTML
Ecosystems: maven
Packages: org.apache.ranger:ranger
Source: GitHub Advisory Database
Blast Radius: 1.4
Published: over 5 years ago

Moderate

MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXA5dzMtZ3djMi1jcjQ5

HTTP Request Smuggling in Undertow
Ecosystems: maven
Packages: io.undertow:undertow-core
Source: GitHub Advisory Database
Blast Radius: 17.9
Published: about 3 years ago

Moderate

MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJjcDQtam0ydi1tcjNm

Cross-site scripting in Shopizer
Ecosystems: maven
Packages: com.shopizer:shopizer
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 3 years ago

Moderate

MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTVmdngtMmpqMy02bWZm

Insufficiently Protected Credentials in Elasticsearch
Ecosystems: maven
Packages: org.elasticsearch:elasticsearch
Source: GitHub Advisory Database
Blast Radius: 20.5
Published: about 3 years ago

Moderate

MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTI0cjgtZm05ci1jcGoy

Low severity vulnerability that affects com.linecorp.armeria:armeria
Ecosystems: maven
Packages: com.linecorp.armeria:armeria
Source: GitHub Advisory Database
Blast Radius: 11.5
Published: over 4 years ago

Moderate

GSA_kwCzR0hTQS03andnLWhxODUtYzZtNs4AAu-n

Jenkins SmallTest Plugin missing hostname validation
Ecosystems: maven
Packages: com.smalltest:smalltest
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago

Moderate

GSA_kwCzR0hTQS1weHA1LWc2Nmgtd3B2Ms4AAu-r

Missing hostname validation in Jenkins View26 Test-Reporting Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:view26
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago

Moderate

MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXF4ZjQtY2h2Zy00cjhy

Moderate

MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXY3bWYtcWd4Zi1xbXZm

Apache Ranger admin users can store some arbitrary javascript code to be executed when normal users login and access policies
Ecosystems: maven
Packages: org.apache.ranger:ranger
Source: GitHub Advisory Database
Blast Radius: 1.4
Published: over 5 years ago

Moderate

Advisories: 18,752
Packages: 8,375
Repositories: 973
Ecosystems: 12

Filter by Severity

Moderate 8,149 High 6,447 Critical 2,848 Low 1,014

Filter by Ecosystem

maven 5,573 packagist 3,982 pypi 3,848 npm 3,558 go 1,934 nuget 1,421 rubygems 815 cargo 780 swift 31 hex 30 actions 16 pub 8

Filter by Package

Filter by Repository