Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Low Security Advisories

Loading...
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZxajgtYzI3dy1ycDMz
Cross-site scripting in Apache Syncome EndUser
Ecosystems: maven
Packages: org.apache.syncope.client:syncope-client-enduser
Source: GitHub Advisory Database
Blast Radius: 2.6
Published: over 2 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXdtamYtanBqai05ZjNq
RuboCop gem Insecure use of /tmp
Ecosystems: rubygems
Packages: rubocop
Source: GitHub Advisory Database
Blast Radius: 16.7
Published: over 6 years ago
Low
GSA_kwCzR0hTQS1qY3A5LTc5NmctcHY5cM4AAdXJ
Missing Cryptographic Step in OWASP Enterprise Security API for Java
Ecosystems: maven
Packages: org.owasp.esapi:esapi
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS14Y3A1LWo1ZmotM3hwNs4AAs8v
User passwords stored in plain text by Jenkins EasyQA Plugin
Ecosystems: maven
Packages: com.geteasyqa:easyqa
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS1xN3BwLXdjZ3ItcGZmeM4AA1rS
Crash when processing crafted TIFF files
Ecosystems: go
Packages: github.com/disintegration/imaging
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 8 months ago
Low
GSA_kwCzR0hTQS1ycDY1LWpwYzctOGg4cM4AA2I7
Mattermost Incorrect Authorization vulnerability
Ecosystems: go
Packages: github.com/mattermost/mattermost-server/v6, github.com/mattermost/mattermost/server/v8
Source: GitHub Advisory Database
Blast Radius: 6.0
Published: 7 months ago
Low
GSA_kwCzR0hTQS1jNWdqLXc0aHgtZ3ZteM0t6A
Business Logic Errors in microweber
Ecosystems: packagist
Packages: microweber/microweber
Source: GitHub Advisory Database
Blast Radius: 1.9
Published: about 2 years ago
Low
GSA_kwCzR0hTQS04OTZ2LXBoNXctMzc5aM4AA2Hj
Economizzer Insecure Direct Object Reference vulnerability
Ecosystems: packagist
Packages: gugoan/economizzer
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 months ago
Low
GSA_kwCzR0hTQS1yajI5LWoyZzQtNzdxOM4AA6Gr
[TagAwareCipher] - Decryption Failure (Regex Match)
Ecosystems: packagist
Packages: ilicmiljan/secure-props
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 months ago
Low
GSA_kwCzR0hTQS1xaDM2LTQ0anYtYzh4as0oSA
Potential proxy IP restriction bypass in Kubernetes
Ecosystems: go
Packages: k8s.io/kubernetes
Source: GitHub Advisory Database
Blast Radius: 13.4
Published: over 2 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXYyd3gtamo2Ni0yaHA3
Cross-site Scripting in Wildfly
Ecosystems: maven
Packages: org.wildfly:wildfly-parent
Source: GitHub Advisory Database
Blast Radius: 6.9
Published: almost 3 years ago
Low
GSA_kwCzR0hTQS1meHJjLWhnNmotNnYzeM4AAwSH
hutool-json vulnerable to memory exhaustion
Ecosystems: maven
Packages: cn.hutool:hutool-json
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Low
GSA_kwCzR0hTQS1qNXZtLTdxY2MtMnd3Z84AA63w
Kopia: Storage connection credentials written to console on "repository status" CLI command with JSON output
Ecosystems: go
Packages: github.com/kopia/kopia
Source: GitHub Advisory Database
Blast Radius: 3.2
Published: 27 days ago
Low
GSA_kwCzR0hTQS1tNTlxLXZncTktNzVjcs4AAtD2
Password stored in plain text by Jenkins RQM Plugin
Ecosystems: maven
Packages: net.praqma:rqm-plugin
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS00N2czLW1mMjQtNjU1Oc4AA5WN
Vulnerability affecting the org.openjfx:javafx-media maven component of the OpenJFX project
Ecosystems: maven
Packages: org.openjfx:javafx-media
Source: GitHub Advisory Database
Blast Radius: 9.7
Published: 3 months ago
Low
GSA_kwCzR0hTQS0zNmo4LWYzM2otdmp3cc4AAtDk
Passwords stored in plain text by Jenkins hpe-network-virtualization plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:hpe-network-virtualization
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS1jcTk2LTk5NzQtdjhobc4AA6LE
Dynamic Variable Evaluation in qiskit-ibm-runtime
Ecosystems: pypi
Packages: qiskit-ibm-runtime
Source: GitHub Advisory Database
Blast Radius: 3.1
Published: about 2 months ago
Low
GSA_kwCzR0hTQS04NzlwLThndzQtbWNwd84AA6CK
fgr Vulnerable to Insecure Default Variable Initialization
Ecosystems: pypi
Packages: fgr
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 months ago
Low
GSA_kwCzR0hTQS1oNTl4LXA3MzktOTgyY84AA5ue
LangChain directory traversal vulnerability
Ecosystems: pypi
Packages: langchain-core, langchain
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 months ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWYzZmctNWo5cC12Y2hj
File exposure in pleaser
Ecosystems: cargo
Packages: pleaser
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Low
GSA_kwCzR0hTQS00MzQ4LXgyOTItaDQzN84AAwoe
GoBase Race Condition vulnerability
Ecosystems: go
Packages: github.com/ntbosscher/gobase
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Low
GSA_kwCzR0hTQS1mcnFjLWYyaDgtZmp2Zs4AA19h
Spring for GraphQL may be exposed to GraphQL context with values from a different session
Ecosystems: maven
Packages: org.springframework.graphql:spring-graphql
Source: GitHub Advisory Database
Blast Radius: 6.9
Published: 8 months ago
Low
GSA_kwCzR0hTQS1oeDNyLXF3eHYtNWp3Oc0zGw
Client Secret stored in plain text by Jenkins GitLab Authentication Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:gitlab-oauth
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Low
GSA_kwCzR0hTQS1ycHg3LTMzajIteHg5eM0hRA
Arbitrary file deletion in NeMo ASR webapp
Ecosystems: pypi
Packages: nemo_toolkit
Source: GitHub Advisory Database
Blast Radius: 2.9
Published: about 2 years ago
Low
GSA_kwCzR0hTQS13eGd3LXFqOTktNDRjMs0hQQ
Prototype Pollution in node-forge util.setPath API
Ecosystems: npm
Packages: node-forge
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
Low
GSA_kwCzR0hTQS1nZjhxLWpycG0tanZ4cc0hQA
URL parsing in node-forge could lead to undesired behavior.
Ecosystems: npm
Packages: node-forge
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
Low
GSA_kwCzR0hTQS1qNXFnLXc5amctM3dnM80cpA
Inability to de-op players if listed in ops.txt with non-lowercase letters
Ecosystems: packagist
Packages: pocketmine/pocketmine-mp
Source: GitHub Advisory Database
Blast Radius: 6.9
Published: over 2 years ago
Low
GSA_kwCzR0hTQS1xY2NtLXdtY3EtcHdyNs4AAv_M
Tailscale daemon is vulnerable to information disclosure via CSRF
Ecosystems: go
Packages: tailscale.com/cmd
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Low
GSA_kwCzR0hTQS14Njc0LXY0NWotZnd4d84AA7DY
MSAL.NET applications targeting Xamarin Android and .NET Android (MAUI) susceptible to local denial of service
Ecosystems: nuget
Packages: Microsoft.Identity.Client
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 20 days ago
Low
GSA_kwCzR0hTQS03Zzk3LTdyM2MtNWNjNs4AA58e
In Quarkus, git credentials could be inadvertently published
Ecosystems: maven
Packages: io.quarkus:quarkus-kubernetes-deployment
Source: GitHub Advisory Database
Blast Radius: 7.3
Published: about 2 months ago
Low
GSA_kwCzR0hTQS14aGc5LXh3Y2gtdnI3eM4AA585
quiche vulnerable to unbounded storage of information related to connection ID retirement
Ecosystems: cargo
Packages: quiche
Source: GitHub Advisory Database
Blast Radius: 2.9
Published: about 2 months ago
Low
GSA_kwCzR0hTQS03N3ZoLXhwbWctNzJxaM0XWQ
Clarify `mediaType` handling
Ecosystems: go
Packages: github.com/opencontainers/image-spec
Source: GitHub Advisory Database
Blast Radius: 13.6
Published: over 2 years ago
Low
GSA_kwCzR0hTQS0yY2NyLWcycnYtaDY3N84AA571
Session Token in URL in directus
Ecosystems: npm
Packages: directus
Source: GitHub Advisory Database
Blast Radius: 4.7
Published: about 2 months ago
Low
GSA_kwCzR0hTQS0yNnFqLWNyMjctcjVjNM4AArmq
Octopoller gem published with world-writable files
Ecosystems: rubygems
Packages: octopoller
Source: GitHub Advisory Database
Blast Radius: 3.7
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS12OGdyLW01MzMtZ2hqOc4AA1_w
Vulnerable OpenSSL included in cryptography wheels
Ecosystems: pypi
Packages: cryptography
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 8 months ago
Low
GSA_kwCzR0hTQS1tdzZxLTk4bXAtZzhnOM0W5Q
Cross-site Scripting in bootstrap-table
Ecosystems: npm
Packages: bootstrap-table
Source: GitHub Advisory Database
Blast Radius: 9.5
Published: over 2 years ago
Low
GSA_kwCzR0hTQS03ZnBqLTlocjgtMjh2aM4AA7JC
Keycloak vulnerable to impersonation via logout token exchange
Ecosystems: maven
Packages: org.keycloak:keycloak-services
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 20 days ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTk1OWotNWc5di0zZnBx
Paratrooper-newrelic Exposes of Sensitive Information to an Unauthorized Actor
Ecosystems: rubygems
Packages: paratrooper-newrelic
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 6 years ago
Low
GSA_kwCzR0hTQS1yajRwLTdtbTYtZ205as4AARto
JBossWS vulnerable to uncontrolled recursion
Ecosystems: maven
Packages: org.jboss.ws:jbossws-common
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXEzdzktZzc0cS12cDVm
Denial of Service in express-fileupload
Ecosystems: npm
Packages: express-fileupload
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Low
GSA_kwCzR0hTQS01ZnF2LW1wajgtaDdnbc4AAx5N
Lemur subject to insecure random generation
Ecosystems: pypi
Packages: lemur
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWcycWotcG14bS05Zjhm
User enumeration in authentication mechanisms
Ecosystems: packagist
Packages: symfony/symfony, symfony/security-http
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 3 years ago
Low
GSA_kwCzR0hTQS04Mmp2LTl3anctcHFoNs4AA7KU
Prototype pollution in emit function
Ecosystems: npm
Packages: derby
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 19 days ago
Low
GSA_kwCzR0hTQS00bTdoLTM0eG0tNHdqds4AA5xy
Concrete CMS Stored Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: concrete5/concrete5
Source: GitHub Advisory Database
Blast Radius: 1.9
Published: 2 months ago
Low
GSA_kwCzR0hTQS05Njc4LTVmNmYtd3AzZs4AAiCL
Jenkins Beaker Builder Plugin has Insufficiently Protected Credentials
Ecosystems: maven
Packages: org.jenkins-ci.plugins:beaker-builder
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS1yOXhjLTU0Y3EtOTlyN84AAiY4
Cleartext Storage of Sensitive Information in Jenkins ElasticBox CI Plugin
Ecosystems: maven
Packages: com.elasticbox.jenkins-ci.plugins:elasticbox
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS02bTloLTJwcjItOWo4Zs4AA7Lw
1Panel's password verification is suspected to have a timing attack vulnerability
Ecosystems: go
Packages: github.com/1Panel-dev/1Panel
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 19 days ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWdxZjYtNzV2OC12cjI2
Arbitrary File Write in bin-links
Ecosystems: npm
Packages: bin-links
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWYzNjYtNHJ2di05NXgy
Buffer overflow in deprecated USB HALs and stack overflow in USB enumeration
Ecosystems: pypi
Packages: cryptoauthlib
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Low
GSA_kwCzR0hTQS1wdjg4LWo2cmctcjU2cM4AAdTd
Jenkins allows attackers to obtain sensitive information
Ecosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS13aHB4LXEzcnEtdzhqY84AAve6
Hardening of TypedArrays with non-canonical numeric property names in SES
Ecosystems: npm
Packages: ses
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Low
GSA_kwCzR0hTQS04bXZ3LTIycjctdzZmcc3iEg
ruby_parser allows local users to overwrite arbitrary files via symlink attack on temporary file with predictable name
Ecosystems: rubygems
Packages: ruby_parser
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWNoNTItdmdxMi05NDNm
Regular Expression Denial of Service in marked
Ecosystems: npm
Packages: marked
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWpqNTMtOGZtdy1mMncy
Adding a private/unlisted room to a community exposes room metadata in an unauthorised manner.
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 4.4
Published: over 2 years ago
Low
GSA_kwCzR0hTQS02Nm00LWdjOGgtaHBqeM4AAyDt
Timing attack in eZ Platform Ibexa
Ecosystems: packagist
Packages: ezsystems/ezpublish-kernel, ezsystems/ezplatform-kernel
Source: GitHub Advisory Database
Blast Radius: 9.4
Published: about 1 year ago
Low
GSA_kwCzR0hTQS1qamh4LWpodnAtNzR3cc4AA5jN
Rails has possible ReDoS vulnerability in Accept header parsing in Action Dispatch
Ecosystems: rubygems
Packages: actionpack
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 months ago
Low
GSA_kwCzR0hTQS0yM3EyLTVnZjgtZ2pwcM4AA7NN
Enabling Authentication does not close all logged in socket connections immediately
Ecosystems: npm
Packages: uptime-kuma
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 18 days ago
Low
GSA_kwCzR0hTQS1majY5LXA4ZjYtcTk3aM3txQ
Cloud Foundry Runtime has Weak Password Recovery Mechanism for Forgotten Password
Ecosystems: maven
Packages: org.cloudfoundry.identity:cloudfoundry-identity-server
Source: GitHub Advisory Database
Blast Radius: 4.4
Published: almost 2 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTcyNGMtNnZyZi05OXJx
Sensitive Data Exposure in loopback
Ecosystems: npm
Packages: loopback
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Low
GSA_kwCzR0hTQS1mYzNqLWNmcXYtcGZybc4AAlOp
Password stored in plain text by Jenkins HP ALM Quality Center Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:hp-quality-center
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWpmZjMtbXdwMy1mOGN3
Exposure of Sensitive Information to an Unauthorized Actor in Products.GenericSetup
Ecosystems: pypi
Packages: Products.GenericSetup
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 3 years ago
Low
GSA_kwCzR0hTQS04Nmg1LXhjcHgtY2ZxY84AA5jS
ASA-2024-005: Potential slashing evasion during re-delegation
Ecosystems: go
Packages: github.com/cosmos/cosmos-sdk
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 months ago
Low
GSA_kwCzR0hTQS1tYzhoLThxOTgtZzVocs4AAxzW
Race Condition Enabling Link Following and Time-of-check Time-of-use (TOCTOU) Race Condition in remove_dir_all
Ecosystems: cargo
Packages: remove_dir_all
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
Low
GSA_kwCzR0hTQS1oOWo3LTV4dmMtcWhnNc4AA5fj
langchain Server-Side Request Forgery vulnerability
Ecosystems: pypi
Packages: langchain
Source: GitHub Advisory Database
Blast Radius: 15.8
Published: 2 months ago
Low
GSA_kwCzR0hTQS00aHdxLTRjcG0tOHZteM4AA5gr
Vyper's `extract32` can ready dirty memory
Ecosystems: pypi
Packages: vyper
Source: GitHub Advisory Database
Blast Radius: 8.8
Published: 2 months ago
Low
GSA_kwCzR0hTQS1odnA1LTV4NGYtMzNmcc4AA7PK
JADX file override vulnerability
Ecosystems: maven
Packages: io.github.skylot:jadx-core
Source: GitHub Advisory Database
Blast Radius: 4.1
Published: 15 days ago
Low
GSA_kwCzR0hTQS14ODgzLTJ2bWcteHdmN84AA7PJ
Authelia's Group Changes may not have the expected results (YAML file backend)
Ecosystems: go
Packages: github.com/authelia/authelia/v4
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 15 days ago
Low
GSA_kwCzR0hTQS1ndmNqLTcyaDQtOHhtOc4AAjx0
Jenkins Quality Gates Plugin transmits credentials in plain text during configuration
Ecosystems: maven
Packages: org.jenkins-ci.plugins:quality-gates
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWc3dzgtcHA5dy03cDMy
Creation of order credits was not validated by acl in admin orders
Ecosystems: packagist
Packages: shopware/core, shopware/platform
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWhqNTYtODRqdy02N2g2
Potential Denial-of-Service in bindata
Ecosystems: rubygems
Packages: bindata
Source: GitHub Advisory Database
Blast Radius: 12.9
Published: almost 3 years ago
Low
GSA_kwCzR0hTQS01Nng0LWo3cDktZmNmOc4AAui0
Command Injection in moment-timezone
Ecosystems: npm
Packages: moment-timezone
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Low
GSA_kwCzR0hTQS1yMjc1LWo1N2MtN21mMs4AA5ZI
Race condition in Endorsements
Ecosystems: rubygems
Packages: decidim
Source: GitHub Advisory Database
Blast Radius: 7.7
Published: 3 months ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXA2OTItN21tMy0zZnhn
actionpack is vulnerable to remote bypass authentication
Ecosystems: rubygems
Packages: actionpack
Source: GitHub Advisory Database
Blast Radius: 22.0
Published: over 6 years ago
Low
GSA_kwCzR0hTQS00eHI0LTg5bTUtNDZjN84AAy4z
eslint-detailed-reporter vulnerable to cross-site scripting
Ecosystems: npm
Packages: eslint-detailed-reporter
Source: GitHub Advisory Database
Blast Radius: 7.0
Published: about 1 year ago
Low
GSA_kwCzR0hTQS12eHJjLTY4eHgteDQ4Z802BQ
Twig Sandbox Information Disclosure
Ecosystems: packagist
Packages: twig/twig
Source: GitHub Advisory Database
Blast Radius: 18.9
Published: about 2 years ago
Low
GSA_kwCzR0hTQS00NzRmLW1janYtcGdybc4AAzA4
Concrete CMS (previously concrete5) is vulnerable to stored XSS in uploaded file and folder names
Ecosystems: packagist
Packages: concrete5/concrete5
Source: GitHub Advisory Database
Blast Radius: 3.0
Published: about 1 year ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXg0NjItODlwZi02cjVo
Crash due to malformed relay protocol message
Ecosystems: go
Packages: github.com/syncthing/syncthing
Source: GitHub Advisory Database
Blast Radius: 16.8
Published: almost 3 years ago
Low
GSA_kwCzR0hTQS1tZ3A2LWo2NTgtdmN3Oc4AA5MT
Concrete CMS vulnerable to stored XSS in file tags and description attributes
Ecosystems: packagist
Packages: concrete5/concrete5
Source: GitHub Advisory Database
Blast Radius: 2.0
Published: 3 months ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXg1YzcteDdtMi1yaG1m
Local directory executable lookup in sops (Windows-only)
Ecosystems: go
Packages: go.mozilla.org/sops/v3
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 3 years ago
Low
GSA_kwCzR0hTQS1jNGNtLXI5ZmgtamdqOc4AA5ML
commonground-api-common unexploitable privilege escalation in JWT authentication middleware
Ecosystems: pypi
Packages: vng-api-common-utrecht, vng-api-common, commonground-api-common
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
Low
GSA_kwCzR0hTQS0yY2YzLWcyNDMtaGhmeM4AASTB
MySQL Connectors Privilege Escalation
Ecosystems: pypi
Packages: mysql-connector-python
Source: GitHub Advisory Database
Blast Radius: 13.8
Published: almost 2 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWo0N2YtNDIzMi1odnY4
Heap out of bounds read in `RaggedCross`
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 12.2
Published: almost 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWc0aDItZ3FtMy1jOXdx
Segfault in tf.raw_ops.ImmutableConst
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 12.2
Published: almost 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWZwaHEtZ3c5bS1naHJ2
CHECK-fail in `CTCGreedyDecoder`
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 12.2
Published: almost 3 years ago
Low
GSA_kwCzR0hTQS14djU4LWdwNDMtNm03Ns4AAjxo
Credentials stored in plain text by Zephyr Enterprise Test Management Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:zephyr-enterprise-test-management
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWZ4cWgtY2ZqbS1mcDkz
Division by 0 in `Reverse`
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 12.2
Published: almost 3 years ago
Low
GSA_kwCzR0hTQS0zbXFmLWZ3YzYtdndxd84AAaYX
TYPO3 Cross-site scripting (XSS) vulnerability in the FORM content object
Ecosystems: packagist
Packages: typo3/cms-frontend
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS1jaDg5LTVnNDUtcXdjN84AAy_z
Undefined Behavior in Rust runtime functions
Ecosystems: cargo
Packages: wasmtime
Source: GitHub Advisory Database
Blast Radius: 13.2
Published: about 1 year ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTU5cTIteDJxYy00Yzk3
Heap OOB access in unicode ops
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 12.2
Published: almost 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTM2dm0teHczNC14NHBq
CHECK-fail in `tf.raw_ops.IRFFT`
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 12.2
Published: almost 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXBoODctZnZqci12MzN3
CHECK-fail in `tf.raw_ops.RFFT`
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 12.2
Published: almost 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTRwNHAtd3d3OC04ZnY5
Reference binding to null in `ParameterizedTruncatedNormal`
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 12.2
Published: almost 3 years ago
Low
GSA_kwCzR0hTQS00Z3Y1LXFodnItMzZ2ds3yag
Improper Link Resolution Before File Access in pip
Ecosystems: pypi
Packages: pip
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXY2cjYtODRnci05MnJt
Heap buffer overflow in `AvgPool3DGrad`
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 12.2
Published: almost 3 years ago
Low
GSA_kwCzR0hTQS04eHd3LXgzZzMtNmpjds4AAxDv
ReDoS based DoS vulnerability in Action Dispatch
Ecosystems: rubygems
Packages: actionpack
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWo3cm0tOHd3NC14eDJn
Division by zero in TFLite's implementation of `SpaceToDepth`
Ecosystems: pypi
Packages: tensorflow
Source: GitHub Advisory Database
Blast Radius: 12.2
Published: almost 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTI0eDYtOGM3bS1odjNm
Heap OOB read in TFLite's implementation of `Minimum` or `Maximum`
Ecosystems: pypi
Packages: tensorflow
Source: GitHub Advisory Database
Blast Radius: 12.2
Published: almost 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWo4cWgtM3hycS1jODI1
Division by zero in TFLite's implementation of `OneHot`
Ecosystems: pypi
Packages: tensorflow
Source: GitHub Advisory Database
Blast Radius: 12.2
Published: almost 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTNxZ3ctcDRmbS14N2dm
Division by zero in TFLite's convolution code
Ecosystems: pypi
Packages: tensorflow
Source: GitHub Advisory Database
Blast Radius: 12.2
Published: almost 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWNmeDctMnhwYy04dzRo
Division by zero in TFLite's implementation of `BatchToSpaceNd`
Ecosystems: pypi
Packages: tensorflow
Source: GitHub Advisory Database
Blast Radius: 12.2
Published: almost 3 years ago
Statistics
Advisories: 18,389
Packages: 8,298
Repositories: 438
Ecosystems: 12
Filter by Severity
Moderate 7,943 High 6,361 Critical 2,810 Low 985
Filter by Ecosystem
pypi 441 maven 283 packagist 172 npm 128 go 120 rubygems 47 cargo 40 nuget 19 hex 3 pub 1 swift 1 actions 1
Filter by Package
tensorflow 109 tensorflow-cpu 93 tensorflow-gpu 93 moodle/moodle 17 concrete5/concrete5 13 shopware/platform 12 typo3/cms 11 shopware/core 10 github.com/mattermost/mattermost/server/v8 10 phpmyadmin/phpmyadmin 10 org.jenkins-ci.main:jenkins-core 9 org.apache.tomcat:tomcat 9 matrix-synapse 7 vyper 7 Umbraco.CMS 6 puppet 6 helm.sh/helm/v3 5 october/backend 5 k8s.io/kubernetes 5 baserproject/basercms 5 ansible 5 wasmtime 5 sweetalert2 5 undici 5 rack 5 helm.sh/helm 4 com.vaadin:flow-server 4 github.com/cilium/cilium 4 org.keycloak:keycloak-services 4 actionpack 4 electron 4 magento/community-edition 4 typo3/cms-core 4 simplesamlphp/simplesamlphp 4 github.com/mattermost/mattermost-server/v6 4 shopware/shopware 4 @openzeppelin/contracts-upgradeable 3 org.apache.hive:hive-exec 3 org.apache.hive:hive-service 3 org.graylog2:graylog2-server 3 passenger 3 httplib2 3 bin-links 3 org.apache.hive:hive 3 wagtail 3 nautobot 3 plone 3 ckb 3 symfony/symfony 3 github.com/cosmos/cosmos-sdk 3 go.etcd.io/etcd 3 github.com/mattermost/mattermost-server 3 ethyca-fides 3 cryptography 3 node-forge 3 com.vaadin:vaadin-bom 3 org.jenkins-ci.plugins:ec2 2 pip 2 gilacms/gila 2 github.com/sigstore/cosign 2 typo3/cms-frontend 2 com.inedo.proget:inedo-proget 2 craftcms/cms 2 org.apache.activemq:activemq-parent 2 ceph-deploy 2 @apollo/server 2 salt 2 tools.devnull:build-notifications 2 @openzeppelin/contracts 2 github.com/opencontainers/runc 2 Django 2 silverstripe/framework 2 github.com/answerdev/answer 2 org.jenkins-ci.plugins:azure-ad 2 moin 2 org.jenkins-ci.plugins:bigpanda-jenkins 2 node-ipc 2 next-auth 2 github.com/authzed/spicedb 2 winter/wn-backend-module 2 braces 2 Flask-Security-Too 2 Pillow 2 tuf 2 django 2 org.eclipse.jetty:jetty-server 2 grumpydictator/firefly-iii 2 aiohttp 2 github.com/ntbosscher/gobase 2 typo3/cms-install 2 github.com/mutagen-io/mutagen 2 parse-server 2 org.jenkins-ci.plugins:wso2id-oauth 2 symfony/security-http 2 org.xwiki.platform:xwiki-platform-oldcore 2 go.etcd.io/etcd/client/v3 2 october/cms 2 activesupport 2 Flask-AppBuilder 2 org.jenkins-ci.plugins:repository-connector 2 s2n-quic 2 langchain 2 cargo 2 com.ruoyi:ruoyi 2 github.com/cometbft/cometbft 2 sylius/sylius 2 org.bouncycastle:bcprov-jdk14 2 org.jenkins-ci.plugins:mercurial 2 Zope 2 microweber/microweber 2 github.com/hashicorp/nomad 2 org.jenkins-ci.plugins:artifactory 2 OctoPrint 2 vantage6 2 ezsystems/ezplatform-kernel 2 ezsystems/ezpublish-kernel 2 flarum/core 2 github.com/mattermost/mattermost-plugin-jira 2 org.scala-sbt:io_2.12 1 org.scala-sbt:io_2.13 1 hyper 1 org.scala-sbt:io_3 1 org.jenkins-ci.plugins:snsnotify 1 io.swagger:swagger-codegen 1 org.xwiki.platform:xwiki-platform-security-authentication-script 1 io.quarkus.resteasy.reactive:resteasy-reactive-common 1 es5-ext 1 com.github.tomakehurst:wiremock-jre8 1 com.github.tomakehurst:wiremock-jre8-standalone 1 wiremock 1 github.com/nats-io/nats-server/v2 1 github.com/oauth2-proxy/oauth2-proxy/v7 1 github.com/oauth2-proxy/oauth2-proxy 1 org.wiremock:wiremock 1 horizon 1 org.wiremock:wiremock-standalone 1 @diez/generation 1 org.jenkins-ci.plugins:openshift-deployer 1 org.keycloak:keycloak-core 1 rabbit_common 1 @liquity/contracts 1 github.com/Masterminds/goutils 1 org.scala-sbt:sbt 1 io.jenkins.plugins:tuleap-oauth 1 net.sf.mpxj:mpxj 1 net.sf.mpxj 1 net.sf.mpxj-for-csharp 1 net.sf.mpxj-for-vb 1 mpxj 1 keylime 1 zerocopy 1 francoisjacquet/rosariosis 1 RPLY 1 seneca 1 hooka-tools 1 github.com/canonical/lxd 1 njwt 1 ascii-art 1 merge-objects 1 bigint-money 1 put 1 org.springframework.batch:spring-batch-core 1 org.jenkins-ci.plugins:ghprb 1 com.xuxueli:xxl-job-core 1 virtualenv 1 com.typesafe.play:play 1 ember-source 1 @aedart/support 1 streamlit 1 org.jenkins-ci.plugins:reverse-proxy-auth-plugin 1 flarum/framework 1 Werkzeug 1 django-basic-auth-ip-whitelist 1 qutebrowser 1 automad/automad 1 mindspore 1 go.elastic.co/apm 1 kafo 1 firebase-tools 1 plone.restapi 1 datasette-graphql 1 org.keycloak:keycloak-server-spi-private 1 spina 1 admidio/admidio 1 phpmyfaq/phpmyfaq 1 solidus_backend 1 debug 1 org.keycloak:keycloak-parent 1 org.xmlunit:xmlunit-core 1 github.com/consensys/gnark-crypto 1 github.com/tendermint/tendermint 1 github.com/aws/aws-sdk-go 1 github.com/goharbor/harbor 1 croogo/croogo 1 @floffah/build 1 ajenti 1 apostrophe 1 org.eclipse.jetty:jetty-openid 1 type-graphql 1 org.bouncycastle:bcprov-jdk18on 1
Filter by Repository
https://github.com/tensorflow/tensorflow 109 https://github.com/moodle/moodle 17 https://github.com/concretecms/concretecms 13 https://github.com/shopware/platform 12 https://github.com/etcd-io/etcd 8 https://github.com/umbraco/Umbraco-CMS 7 https://github.com/matrix-org/synapse 7 https://github.com/phpmyadmin/phpmyadmin 7 https://github.com/eclipse/jetty.project 7 https://github.com/vyperlang/vyper 7 https://github.com/octobercms/october 7 https://github.com/rails/rails 6 https://github.com/helm/helm 5 https://github.com/nodejs/undici 5 https://github.com/kubernetes/kubernetes 5 https://github.com/keycloak/keycloak 5 https://github.com/bytecodealliance/wasmtime 5 https://github.com/baserproject/basercms 5 https://github.com/ansible/ansible 5 https://github.com/sweetalert2/sweetalert2 5 https://github.com/xwiki/xwiki-platform 5 https://github.com/puppetlabs/puppet 5 https://github.com/rack/rack 5 https://github.com/jenkinsci/jenkins 5 https://github.com/cilium/cilium 4 https://github.com/electron/electron 4 https://github.com/simplesamlphp/simplesamlphp 4 https://github.com/TYPO3/typo3 4 https://github.com/apache/tomcat 4 https://github.com/wintercms/winter 4 https://github.com/mattermost/mattermost 4 https://github.com/vaadin/platform 4 https://github.com/shopware/shopware 4 https://github.com/nautobot/nautobot 3 https://github.com/Graylog2/graylog2-server 3 https://github.com/vaadin/flow 3 https://github.com/CVEProject/cvelist 3 https://github.com/pyca/cryptography 3 https://github.com/httplib2/httplib2 3 https://github.com/ethyca/fides 3 https://github.com/django/django 3 https://github.com/phusion/passenger 3 https://github.com/cosmos/cosmos-sdk 3 https://github.com/vantage6/vantage6 3 https://github.com/wagtail/wagtail 3 https://github.com/digitalbazaar/forge 3 https://github.com/symfony/symfony 3 https://github.com/nervosnetwork/ckb 3 https://github.com/mattermost/mattermost-plugin-jira 2 https://github.com/zopefoundation/Zope 2 https://github.com/craftcms/cms 2 https://github.com/ezsystems/ezplatform-kernel 2 https://github.com/jenkinsci/ec2-plugin 2 https://github.com/hashicorp/nomad 2 https://github.com/Flask-Middleware/flask-security 2 https://github.com/saltstack/salt 2 https://github.com/nextauthjs/next-auth 2 https://github.com/apollographql/apollo-server 2 https://github.com/apache/activemq 2 https://gitlab.com/sequoia-pgp/sequoia 2 https://github.com/rust-lang/cargo 2 https://github.com/flarum/framework 2 https://github.com/opencontainers/runc 2 https://github.com/opencontainers/distribution-spec 2 https://github.com/ntbosscher/gobase 2 https://github.com/ceph/ceph-deploy 2 https://github.com/RIAEvangelist/node-ipc 2 https://github.com/cometbft/cometbft 2 https://github.com/openstack/keystone 2 https://github.com/Sylius/Sylius 2 https://github.com/TYPO3/TYPO3.CMS 2 https://github.com/OpenZeppelin/openzeppelin-contracts 2 https://github.com/GilaCMS/gila 2 https://github.com/quarkusio/quarkus 2 https://github.com/mutagen-io/mutagen 2 https://github.com/answerdev/answer 2 https://github.com/aio-libs/aiohttp 2 https://github.com/authzed/spicedb 2 https://github.com/dpgaspar/Flask-AppBuilder 2 https://github.com/parse-community/parse-server 2 https://github.com/aws/s2n-quic 2 https://github.com/octoprint/octoprint 2 https://github.com/sigstore/cosign 2 https://github.com/microweber/microweber 2 https://github.com/theupdateframework/python-tuf 2 https://github.com/pypa/pip 2 https://github.com/micromatch/braces 2 https://github.com/firefly-iii/firefly-iii 2 https://github.com/Consensys/gnark-crypto 1 https://github.com/rrrodzilla/rusty_paseto 1 https://github.com/httpie/httpie 1 https://github.com/waysact/webpack-subresource-integrity 1 https://github.com/keystonejs/keystone 1 https://github.com/contao/contao 1 https://github.com/statamic/cms 1 https://github.com/aws/aws-encryption-sdk-cli 1 https://github.com/plone/Products.CMFPlone 1 https://github.com/jenkinsci/mercurial-plugin 1 https://github.com/canonical/lxd 1 https://github.com/fluent/fluentd 1 https://github.com/aws/aws-sdk-go 1 https://github.com/google/zerocopy 1 https://github.com/ezsystems/ezpublish-kernel 1 https://github.com/tinymce/tinymce 1 https://github.com/NVIDIA/NeMo 1 https://github.com/vapor/postgres-nio 1 https://github.com/jquery-validation/jquery-validation 1 https://github.com/personnummer/java 1 https://github.com/gsemac/Gsemac.Common 1 https://github.com/parallaxsecond/parsec 1 https://github.com/karmada-io/karmada 1 https://github.com/python-pillow/Pillow 1 https://github.com/bcgit/bc-java 1 https://github.com/tokio-rs/tokio 1 https://github.com/senchalabs/connect 1 https://github.com/personnummer/js 1 https://github.com/erelsgl/limdu 1 https://github.com/sbt/sbt 1 https://github.com/personnummer/rust 1 https://github.com/jenkinsci/snsnotify-plugin 1 https://github.com/jenkinsci/credentials-binding-plugin 1 https://github.com/apache/storm 1 https://github.com/personnummer/python 1 https://github.com/authelia/authelia 1 https://github.com/rest-client/rest-client 1 https://github.com/IlicMiljan/Secure-Props 1 https://github.com/jenkinsci/backlog-plugin 1 https://github.com/PHPMailer/PHPMailer 1 https://github.com/personnummer/csharp 1 https://github.com/silverstripe/silverstripe-framework 1 https://github.com/openjdk/jfx 1 https://github.com/livehelperchat/livehelperchat 1 https://github.com/CosmWasm/cosmwasm 1 https://github.com/cjvnjde/google-translate-api-browser 1 https://github.com/actions/toolkit 1 https://github.com/zowe/imperative 1 https://github.com/ESAPI/esapi-java-legacy 1 https://github.com/jenkinsci/digitalocean-plugin 1 https://github.com/theupdateframework/go-tuf 1 https://github.com/croogo/croogo 1 https://github.com/moov-io/customers 1 https://github.com/ain/smartbanner.js 1 https://github.com/derbyjs/derby 1 https://github.com/puma/puma 1 https://github.com/endojs/endo 1 https://github.com/moq/moq 1 https://github.com/rails/globalid 1 https://github.com/medikoo/es5-ext 1 https://github.com/wiremock/wiremock 1 https://github.com/jenkinsci/email-ext-plugin 1 https://github.com/python-imaging/Pillow 1 https://github.com/jenkinsci/qmetry-for-jira-test-management-plugin 1 https://github.com/Azure/setup-kubectl 1 https://github.com/swagger-api/swagger-codegen 1 https://github.com/knative-extensions/eventing-github 1 https://github.com/dojo/dijit 1 https://github.com/jcubic/jquery.terminal 1 https://github.com/joeferner/redis-commander 1 https://github.com/fastify/fastify-http-proxy 1 https://github.com/brefphp/bref 1 https://github.com/electron-userland/electron-packager 1 https://github.com/ktorio/ktor 1 https://github.com/PrestaShop/productcomments 1 https://github.com/mlflow/mlflow 1 https://github.com/kopia/kopia 1 https://github.com/floriangaerber/Magnesium-PHP 1 https://github.com/lexik/LexikJWTAuthenticationBundle 1 https://github.com/kitabisa/teler 1 https://github.com/firebase/firebase-tools 1 https://github.com/jeremylong/DependencyCheck 1 https://github.com/tauri-apps/tauri 1 https://github.com/node-red/node-red 1 https://github.com/ubernostrum/django-registration 1 https://github.com/oauth2-proxy/oauth2-proxy 1 https://github.com/octokit/octokit.rb 1 https://github.com/jenkinsci/inedo-buildmaster-plugin 1 https://github.com/onionshare/onionshare 1 https://github.com/sparklemotion/sqlite3-ruby 1 https://github.com/memorysafety/sudo-rs 1 https://github.com/ericcornelissen/shescape 1 https://github.com/alphagov/tech-docs-gem 1 https://github.com/aws/aws-dynamodb-encryption-java 1 https://github.com/tailscale/tailscale 1 https://github.com/Nebulosus/shamir 1 https://github.com/RhinoSecurityLabs/CVEs 1 https://github.com/jenkinsci/support-core-plugin 1 https://github.com/ajenti/ajenti 1 https://github.com/xuxueli/xxl-job 1 https://github.com/yourls/yourls 1 https://github.com/bbatsov/rubocop 1 https://github.com/dan1hc/fgr 1 https://github.com/slsa-framework/slsa-verifier 1 https://github.com/jenkinsci/github-plugin 1 https://github.com/newcontext-oss/kitchen-terraform 1 https://github.com/kiwitcms/Kiwi 1 https://github.com/horazont/xmpp-http-upload 1 https://github.com/jenkinsci/git-client-plugin 1 https://github.com/personnummer/go 1 https://github.com/amundsen-io/amundsenfrontendlibrary 1