Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories

Loading...
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTNncWotY214ci1wNHgy
Forced Browsing in Twisted
Ecosystems: pypi
Packages: twisted
Source: GitHub Advisory Database
Blast Radius: 20.8
Published: about 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWZ4am0td3ZqOS05YzM5
Information disclosure in Apache Superset
Ecosystems: pypi
Packages: apache-superset
Source: GitHub Advisory Database
Blast Radius: 8.7
Published: about 4 years ago
Moderate
GSA_kwCzR0hTQS1wN2hyLWY0NDYteDZxZs4AAu1u
TensorFlow vulnerable to `CHECK` fail in `tf.sparse.cross`
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 28.7
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1wMnZ3LWY4N2MtcTU5N81BtQ
Improper Access Control in snipe/snipe-it
Ecosystems: packagist
Packages: snipe/snipe-it
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1nNzh4LXhtdjgtMjN4cM4AATft
Exposure of Sensitive Information to an Unauthorized Actor in Jenkins
Ecosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJ3N3ctMmo5Mi00NGh4
HTTP Request Smuggling in akka-http-core
Ecosystems: maven
Packages: com.typesafe.akka:akka-http-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZjcjUteHI5aC1tdmM1
python-gnupg vulnerable to shell injection
Ecosystems: pypi
Packages: python-gnupg
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWMzOGctNDY5Zy1jbWd4
Improper Neutralization of Special Elements in Output in helm.sh/helm/v3
Ecosystems: go
Packages: helm.sh/helm/v3
Source: GitHub Advisory Database
Blast Radius: 21.8
Published: almost 3 years ago
Moderate
GSA_kwCzR0hTQS0zMjV2LWc1dngtd2h4Y84AAujP
LibreNMS vulnerable to Cross-Site Scripting (XSS)
Ecosystems: packagist
Packages: librenms/librenms
Source: GitHub Advisory Database
Blast Radius: 1.8
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1jOTJ3LTcyYzUtOXg1Oc4AAik3
kube-state-metrics may expose secret content in metrics
Ecosystems: go
Packages: k8s.io/kube-state-metrics
Source: GitHub Advisory Database
Blast Radius: 19.5
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1mNHc2LTNyaDYtNnE0cc4AAi3b
Kubernetes CSI Sidecar Containers Can Allow Unauthorized Data Access
Ecosystems: go
Packages: github.com/kubernetes-csi/external-resizer, github.com/kubernetes-csi/external-snapshotter/v6, github.com/kubernetes-csi/external-provisioner
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1tMmY4LXY4cTQtM201Oc4AA1PS
Authenticated Local Privilege Escalation vulnerability in Intel Optimization for Tensorflow
Ecosystems: pypi
Packages: intel-tensorflow-avx512, tensorflow-intel, intel-tensorflow
Source: GitHub Advisory Database
Blast Radius: 15.2
Published: 9 months ago
Moderate
GSA_kwCzR0hTQS03djRqLTh3dnItdjU1cs4AArqy
`array!` macro is unsound when its length is impure constant
Ecosystems: cargo
Packages: array-macro
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1oOHY1LXAyNTgtcHFmNM4AAgd-
Use of a Broken or Risky Cryptographic Algorithm in XWiki Crypto API
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-crypto
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1qcHhqLTJqdmctNmp2Oc4AAxsJ
Data Amplification in HashiCorp go-getter
Ecosystems: go
Packages: github.com/hashicorp/go-getter/v2, github.com/hashicorp/go-getter
Source: GitHub Advisory Database
Blast Radius: 16.1
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS12cDJ4LTNtYzMtM2NqNM4AAxTK
Path traversal in ubi-reader
Ecosystems: pypi
Packages: ubi-reader
Source: GitHub Advisory Database
Blast Radius: 7.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1yN3c2LXA0N2ctdmo1M83igQ
Django Data leakage via admin history log
Ecosystems: pypi
Packages: django
Source: GitHub Advisory Database
Blast Radius: 21.8
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS05YzZ3LTU1Y3AtNXcyNc4AAu1S
TYPO3 CMS Stored Cross-Site Scripting via FileDumpController
Ecosystems: packagist
Packages: typo3/cms, typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 19.4
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS01cjlnLXFoNm0tanhmZs4AAxq9
CRLF Injection in Nodejs ‘undici’ via host
Ecosystems: npm
Packages: undici
Source: GitHub Advisory Database
Blast Radius: 23.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1oajNmLTZnY3Atamc4as4AAzeO
Open redirect in Tornado
Ecosystems: pypi
Packages: tornado
Source: GitHub Advisory Database
Blast Radius: 30.8
Published: 12 months ago
Moderate
GSA_kwCzR0hTQS0ycDloLWNjdzctMzNnZs4AAvz0
cleo is vulnerable to Regular Expression Denial of Service (ReDoS)
Ecosystems: pypi
Packages: cleo
Source: GitHub Advisory Database
Blast Radius: 19.3
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1jdzdqLXY1MnctZnA1cs4AA01m
copyparty vulnerable to reflected cross-site scripting via hc parameter
Ecosystems: pypi
Packages: copyparty
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 10 months ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWhqZngtOHA2Yy1nN2d4
Insufficient Verification of Data Authenticity in Pillow
Ecosystems: pypi
Packages: Pillow
Source: GitHub Advisory Database
Blast Radius: 27.2
Published: almost 3 years ago
Moderate
GSA_kwCzR0hTQS1jMmhtLW1qeHYtODlyNM4AA1rG
Multiple soundness issues in lexical
Ecosystems: cargo
Packages: lexical
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 9 months ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWhnZ3gtM2g3Mi00OXd3
Pillow Buffer overflow in ImagingLibTiffDecode
Ecosystems: pypi
Packages: Pillow
Source: GitHub Advisory Database
Blast Radius: 32.2
Published: almost 6 years ago
Moderate
GSA_kwCzR0hTQS14dnE2LWg4OTgtd2NqOM4AA29G
Mattermost denial of service vulnerability
Ecosystems: go
Packages: github.com/mattermost/mattermost/server/v8, github.com/mattermost/mattermost-server/v6
Source: GitHub Advisory Database
Blast Radius: 9.6
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS1qMndoLXdydjMtNHg0Z84AAxq7
Unwanted access to the entire file system vulnerability due to a missing check in `staticFiles` HTTP handler
Ecosystems: npm
Packages: @graphql-mesh/http, @graphql-mesh/cli
Source: GitHub Advisory Database
Blast Radius: 15.7
Published: about 1 year ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWY2ZjItcHdyai02NGgz
Tryton Improper Access Control
Ecosystems: pypi
Packages: trytond
Source: GitHub Advisory Database
Blast Radius: 14.7
Published: about 5 years ago
Moderate
GSA_kwCzR0hTQS0zZmh4LTN2dmctMmo4NM4AA0NF
quarkus-core vulnerable to client driven TLS cipher downgrading
Ecosystems: maven
Packages: io.quarkus:quarkus-core
Source: GitHub Advisory Database
Blast Radius: 17.6
Published: 11 months ago
Moderate
GSA_kwCzR0hTQS1qbXdtLXcycm0tcHJ2Oc4AA2_o
Microweber Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: microweber/microweber
Source: GitHub Advisory Database
Blast Radius: 3.8
Published: 6 months ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWozM2otZmcyZy1tY3Yy
Cross-Site Request Forgery in CakePHP
Ecosystems: packagist
Packages: cakephp/cakephp
Source: GitHub Advisory Database
Blast Radius: 16.1
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS14Zm0zLWhqY2MtZ3Y3OM4AA3BF
Any value can be changed in the configuration table by an employee having access to block reassurance module
Ecosystems: packagist
Packages: prestashop/blockreassurance
Source: GitHub Advisory Database
Blast Radius: 12.8
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS1ncXFmLWc1cjctODR2Zs4AAuzy
TYPO3 HTML Sanitizer Bypasses Cross-Site Scripting Protection
Ecosystems: packagist
Packages: typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 21.9
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1jcTdxLTVjNjctdzM5d84AAuzx
matrix-appservice-irc vulnerable to IRC mode parameter confusion
Ecosystems: npm
Packages: matrix-appservice-irc
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1obTkyLXZnbXctcWZteM4AA3Ah
chromedriver Command Injection vulnerability
Ecosystems: npm
Packages: chromedriver
Source: GitHub Advisory Database
Blast Radius: 26.4
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS1taGdtLTUydmctcHZ2Y84AAxqk
Privilege escalation in Strongbox
Ecosystems: maven
Packages: com.schibsted.security:strongbox-sdk
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1jaDRjLTI3OHEtNTY1NM4AAuyc
rdiffweb 2.4.1 Missing Custom Error Page
Ecosystems: pypi
Packages: rdiffweb
Source: GitHub Advisory Database
Blast Radius: 2.5
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS13ZjVwLWc2dnctcmh4eM4AA2_y
Axios Cross-Site Request Forgery Vulnerability
Ecosystems: npm
Packages: axios
Source: GitHub Advisory Database
Blast Radius: 36.8
Published: 6 months ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZteDMtM3ZxZy1ocHAy
Django allows unprivileged users to read the password hashes of arbitrary accounts
Ecosystems: pypi
Packages: django
Source: GitHub Advisory Database
Blast Radius: 24.8
Published: over 5 years ago
Moderate
GSA_kwCzR0hTQS03NnI3LWg0NnctNDYzcs4AAxps
Cross Site Scripting (XSS) in Model\DataObject\Data\UrlSlug
Ecosystems: packagist
Packages: pimcore/pimcore
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWN3aDUtM2N3Ny00Mjg2
tlslite-ng off-by-one error on mac checking
Ecosystems: pypi
Packages: tlslite-ng
Source: GitHub Advisory Database
Blast Radius: 12.2
Published: almost 6 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTM2dmMtY3c2Mi1mcXZy
Shadowsock is malware
Ecosystems: npm
Packages: shadowsock
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 5 years ago
Moderate
GSA_kwCzR0hTQS1xODQ3LTJxNTctd21yM84AA3Cy
Symfony potential Cross-site Scripting vulnerabilities in CodeExtension filters
Ecosystems: packagist
Packages: symfony/symfony, symfony/twig-bridge
Source: GitHub Advisory Database
Blast Radius: 28.6
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS03djQ0LTc1amYtMjJnas4AAh3D
Kimai v2 is vulnerable to Cross-Site Scripting (XSS)
Ecosystems: packagist
Packages: kevinpapst/kimai2
Source: GitHub Advisory Database
Blast Radius: 7.8
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS03anZ4LWY5OTQtcmZ3Ms3X3g
materialize-css vulnerable to cross-site Scripting (XSS) due to improper escape of user input
Ecosystems: npm
Packages: materialize-css
Source: GitHub Advisory Database
Blast Radius: 24.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS0zajZnLWh4eDUtM3EyNs0V9g
Observable Discrepancy in Apache Kafka
Ecosystems: maven
Packages: org.apache.kafka:kafka-clients, org.apache.kafka:kafka_2.13, org.apache.kafka:kafka_2.12, org.apache.kafka:kafka_2.11
Source: GitHub Advisory Database
Blast Radius: 25.4
Published: over 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXE4NmYtZm1xZi1xcmY2
Mail Gem CRLF Injection vulnerability
Ecosystems: rubygems
Packages: mail
Source: GitHub Advisory Database
Blast Radius: 36.2
Published: over 6 years ago
Moderate
GSA_kwCzR0hTQS0yN3JxLTQ5NDMtcWN3cM1Bgg
Insertion of Sensitive Information into Log File in Hashicorp go-getter
Ecosystems: go
Packages: github.com/hashicorp/go-getter
Source: GitHub Advisory Database
Blast Radius: 21.1
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS03Z2M2LXFoOXgtdzZoOM08yQ
Incorrect Authorization in cross-fetch
Ecosystems: npm
Packages: cross-fetch
Source: GitHub Advisory Database
Blast Radius: 34.5
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS05aGdjLXdwYzUtdjhwOc1RPw
An attacker can execute malicious javascript in Live Helper Chat
Ecosystems: packagist
Packages: remdex/livehelperchat
Source: GitHub Advisory Database
Blast Radius: 4.3
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1xNzZxLXE4aHctaG1wd84AAusG
Harbor fails to validate the user permissions when reading job execution logs through the P2P preheat execution logs
Ecosystems: go
Packages: github.com/goharbor/harbor
Source: GitHub Advisory Database
Blast Radius: 3.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS0yN21oLTMzNDMtNmhnNc4AAnBE
dhowden tag panic due to out-of-bounds read
Ecosystems: go
Packages: github.com/dhowden/tag
Source: GitHub Advisory Database
Blast Radius: 13.6
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS12cWc3LTh2NngtNTRycc4AAlf3
Magento security mitigation bypass vulnerability
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 7.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1ocHY1LXY4ZzUtYzg2NM4AAYPc
Cross-site Scripting in Mistune
Ecosystems: pypi
Packages: mistune
Source: GitHub Advisory Database
Blast Radius: 29.3
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS14Z3A5LWo0OGgtampmOc4AAlfm
Magento observable timing discrepancy vulnerability
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 4.5
Published: almost 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZmanItbTd2Ni1mcGc5
jquey is malware
Ecosystems: npm
Packages: jquey
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 6 years ago
Moderate
GSA_kwCzR0hTQS1tNjlyLTlnNTYtN212OM4AAvDf
HashiCorp Consul vulnerable to authorization bypass
Ecosystems: go
Packages: github.com/hashicorp/consul
Source: GitHub Advisory Database
Blast Radius: 22.6
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS14dzVqLWd2MmctbWptMs4AAxo-
Miscompilation in cortex-m-rt 0.7.1 and 0.7.2
Ecosystems: cargo
Packages: cortex-m-rt
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS02Y3FqLTY5NjktcDU3eM4AAv-p
Lack of proper validation of server UUID can be used by the server to trick the client to accept invalid proofs
Ecosystems: go
Packages: github.com/codenotary/immudb
Source: GitHub Advisory Database
Blast Radius: 9.2
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1yN3g2LXhmY20tM214ds4AA3Cw
Apache Airflow vulnerable to Exposure of Sensitive Information to an Unauthorized Actor
Ecosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Blast Radius: 20.7
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS1wN3YyLXA5bTgtcXFnN84AA1vf
Electron context isolation bypass via nested unserializable return value
Ecosystems: npm
Packages: electron
Source: GitHub Advisory Database
Blast Radius: 29.8
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS12cXdnLTR2NmYtaDZ4Nc0ilw
Stored XSS vulnerability in Matrix Project Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:matrix-project
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS03NG01LTJjN3ctOXczeM4AAxo7
MultipartParser denial of service with too many fields or files
Ecosystems: pypi
Packages: starlette
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1tbTc5LWpocW0tOWo1NM4AA3Hu
Bypassing Cross-Site Scripting Protection in TYPO3 HTML Sanitizer
Ecosystems: packagist
Packages: typo3/html-sanitizer
Source: GitHub Advisory Database
Blast Radius: 9.6
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS1ncTk4LTUzcnEtcXI1aM4AAzw5
Hashicorp Vault vulnerable to Cross-site Scripting
Ecosystems: go
Packages: github.com/hashicorp/vault
Source: GitHub Advisory Database
Blast Radius: 14.5
Published: 11 months ago
Moderate
GSA_kwCzR0hTQS1wOXhnLTkzNzgtY3FwN84AAzdB
Cross-site scripting in Liferay Portal
Ecosystems: maven
Packages: com.liferay.portal:release.portal.bom
Source: GitHub Advisory Database
Blast Radius: 8.2
Published: 12 months ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXh3MzctNTdxcC05bW00
Consensus flaw during block processing in github.com/ethereum/go-ethereum
Ecosystems: go
Packages: github.com/ethereum/go-ethereum
Source: GitHub Advisory Database
Blast Radius: 20.3
Published: almost 3 years ago
Moderate
GSA_kwCzR0hTQS1tNDRmLTlqaGctNTljcs4AAzXe
alkacon-OpenCMS vulnerable to stored Cross-site Scripting
Ecosystems: maven
Packages: org.opencms:opencms-core
Source: GitHub Advisory Database
Blast Radius: 7.2
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1jNzdmLTRyZ2otamZyNM0VxQ
Cross-site Scripting in Beego
Ecosystems: go
Packages: github.com/beego/beego/v2
Source: GitHub Advisory Database
Blast Radius: 15.8
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS02eHY1LTg2cTktN3hyOM4AA1v8
SecureJoin: on windows, paths outside of the rootfs could be inadvertently produced
Ecosystems: go
Packages: github.com/cyphar/filepath-securejoin
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS0zaGpoLTVoZ3gtZjV3aM4AAxkv
Path traversal vulnerability in glance
Ecosystems: npm
Packages: glance
Source: GitHub Advisory Database
Blast Radius: 5.5
Published: over 1 year ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTdxdzgtODQ3Zi1wZ2dt
Improper Locking in github.com/containers/storage
Ecosystems: go
Packages: github.com/containers/storage
Source: GitHub Advisory Database
Blast Radius: 20.2
Published: about 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWY1cGctN3dmdy04NHE5
CBC padding oracle issue in AWS S3 Crypto SDK for golang
Ecosystems: go
Packages: github.com/aws/aws-sdk-go
Source: GitHub Advisory Database
Blast Radius: 27.1
Published: over 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXFxeHAteHA5di12dng2
jquery-ui Tooltip widget vulnerable to XSS
Ecosystems: nuget, maven, rubygems, npm
Packages: jQuery.UI.Combined, org.webjars.npm:jquery-ui, jquery-ui-rails, jquery-ui
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 6 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXhmNDYtOHZ2cC00aHh4
Keycloak Missing authentication for critical function
Ecosystems: maven
Packages: org.keycloak:keycloak-core
Source: GitHub Advisory Database
Blast Radius: 20.8
Published: about 3 years ago
Moderate
GSA_kwCzR0hTQS1jOGhqLXcyMzktNWd2Zs4AA3MK
pimcore/admin-ui-classic-bundle Full Path Disclosure via re-export document
Ecosystems: packagist
Packages: pimcore/admin-ui-classic-bundle
Source: GitHub Advisory Database
Blast Radius: 4.5
Published: 6 months ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZ3amotMjg1Mi0zNzY1
Cross-Site Scripting in forms
Ecosystems: npm
Packages: forms
Source: GitHub Advisory Database
Blast Radius: 15.6
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTdnMnctNnIyNS0yajdw
Command Injection in libnmap
Ecosystems: npm
Packages: libnmap
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 5 years ago
Moderate
GSA_kwCzR0hTQS1neHhqLXg0MjYteGoyd84AAxkS
Cross-site Scripting in thorsten/phpmyfaq
Ecosystems: packagist
Packages: thorsten/phpmyfaq
Source: GitHub Advisory Database
Blast Radius: 3.3
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS13anJqLWpjM3ctcHBmd84AAxkP
Code Injection in thorsten/phpmyfaq
Ecosystems: packagist
Packages: thorsten/phpmyfaq
Source: GitHub Advisory Database
Blast Radius: 3.3
Published: over 1 year ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXc2Z3YtM3Izdi1nd2dq
keycloak-core vulnerable to timing attacks against JWS token verification
Ecosystems: maven
Packages: org.keycloak:keycloak-core
Source: GitHub Advisory Database
Blast Radius: 18.1
Published: over 5 years ago
Moderate
GSA_kwCzR0hTQS1ycDR2LWhobTYtcmN2Oc4AAulK
Pinniped Supervisor Insufficient Session Expiration vulnerability
Ecosystems: go
Packages: go.pinniped.dev
Source: GitHub Advisory Database
Blast Radius: 1.5
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1tand3LTkzNG0taDRqd80XiQ
Improper Certificate Validation in OPCFoundation.NetStandard.Opc.Ua.Core
Ecosystems: nuget
Packages: OPCFoundation.NetStandard.Opc.Ua.Core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWM3N3ItNmY2NC00Nzhx
keycloak-core discloses system properties
Ecosystems: maven
Packages: org.keycloak:keycloak-core
Source: GitHub Advisory Database
Blast Radius: 19.9
Published: over 5 years ago
Moderate
GSA_kwCzR0hTQS0zcXJxLXI2ODgtdnZoNM1Bkg
Multiple valid tokens for password reset in Shopware
Ecosystems: packagist
Packages: shopware/shopware
Source: GitHub Advisory Database
Blast Radius: 10.6
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1wZnJjLTVoaHEtNmh2cs4AASxS
Showdoc Unauthenticated Access
Ecosystems: packagist
Packages: showdoc/showdoc
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1qMzI3LWM2OWgtNGdoOM4AAzhT
Abstrium Pydio Cells Resource Injection vulnerability
Ecosystems: go
Packages: github.com/pydio/cells/v4
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 12 months ago
Moderate
GSA_kwCzR0hTQS1mcHE1LTR2d20tNzh4NM4AA3P3
LibreNMS has Broken Access control on Graphs Feature
Ecosystems: packagist
Packages: librenms/librenms
Source: GitHub Advisory Database
Blast Radius: 1.3
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS13M3FyLTh2NHItNTkybc4AATDt
ChakraCore information disclosure vulnerability
Ecosystems: nuget
Packages: Microsoft.ChakraCore
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW1oMjQtN3d2Zy12ODhn
CRLF Injection in pypiserver
Ecosystems: pypi
Packages: pypiserver
Source: GitHub Advisory Database
Blast Radius: 10.0
Published: over 5 years ago
Moderate
GSA_kwCzR0hTQS1mcWg5LTJxZ2ctaDg0aM4AAde9
Insecure Temporary File in Jinja2
Ecosystems: pypi
Packages: Jinja2
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS03eDk3LWozNzMtODV4Nc4AA1vg
Electron vulnerable to out-of-package code execution when launched with arbitrary cwd
Ecosystems: npm
Packages: electron
Source: GitHub Advisory Database
Blast Radius: 30.3
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS01amNyLTgyZmgtMzM5ds4AAxmS
Cross-Site-Scripting attack on `<RichTextField>`
Ecosystems: npm
Packages: ra-ui-materialui, react-admin
Source: GitHub Advisory Database
Blast Radius: 19.4
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1oM2hnLXI5N3YtNXI5d84AAzW2
Jenkins TestNG Results Plugin Stored Cross-site Scripting vulnerability
Ecosystems: maven
Packages: org.jenkins-ci.plugins:testng-plugin
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1jMzhwLXZ3NmotcWpwcs4AAxkT
Cross-site Scripting in thorsten/phpmyfaq
Ecosystems: packagist
Packages: thorsten/phpmyfaq
Source: GitHub Advisory Database
Blast Radius: 3.3
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS13ZzQ3LTZjcWMtcTUyas4AATCv
ChakraCore Security Bypass
Ecosystems: nuget
Packages: Microsoft.ChakraCore
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1tOHY3LTQ2OXAtNXg4Oc4AA04K
Hard-coded System User Credentials in Folio Data Export Spring module
Ecosystems: maven
Packages: org.folio:mod-remote-storage
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 10 months ago
Moderate
GSA_kwCzR0hTQS1nM201LXZ2ajcteHJ3ds4AAWuY
Joomla! XSS Vulnerability
Ecosystems: packagist
Packages: joomla/joomla-cms
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS05M2M3LTI5NDItM2g0N84AAU7a
ChakraCore information disclosure vulnerability
Ecosystems: nuget
Packages: Microsoft.ChakraCore
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZmdmYtbXFxOC1yd3Fj
Sanitization bypass using HTML Entities in marked
Ecosystems: npm
Packages: marked
Source: GitHub Advisory Database
Blast Radius: 34.6
Published: about 5 years ago
Statistics
Advisories: 18,774
Packages: 8,381
Repositories: 5,080
Ecosystems: 12
Filter by Severity
Moderate 8,161 High 6,452 Critical 2,849 Low 1,017
Filter by Ecosystem
maven 5,573 packagist 4,003 pypi 3,848 npm 3,557 go 1,935 nuget 1,421 rubygems 815 cargo 780 swift 31 hex 30 actions 16 pub 8
Filter by Package
tensorflow 432 tensorflow-cpu 387 tensorflow-gpu 384 moodle/moodle 323 Microsoft.ChakraCore 247 magento/community-edition 203 org.jenkins-ci.main:jenkins-core 189 org.apache.tomcat:tomcat 134 pimcore/pimcore 116 dolibarr/dolibarr 107 typo3/cms 102 phpmyadmin/phpmyadmin 92 microweber/microweber 91 drupal/core 90 django 80 apache-airflow 78 typo3/cms-core 77 drupal/drupal 75 thorsten/phpmyfaq 70 com.fasterxml.jackson.core:jackson-databind 69 ansible 63 github.com/usememos/memos 59 actionpack 57 org.apache.struts:struts2-core 55 librenms/librenms 54 symfony/symfony 53 salt 53 Plone 52 concrete5/concrete5 52 apache-superset 49 shopware/platform 48 org.keycloak:keycloak-core 47 nova 45 com.liferay.portal:release.portal.bom 45 github.com/grafana/grafana 44 baserproject/basercms 43 nokogiri 43 plone 43 rdiffweb 42 Pillow 41 intelliants/subrion 40 showdoc/showdoc 40 craftcms/cms 40 vyper 38 github.com/mattermost/mattermost/server/v8 38 github.com/mattermost/mattermost-server/v6 37 nilsteampassnet/teampass 37 froxlor/froxlor 37 org.apache.tomcat.embed:tomcat-embed-core 36 shopware/core 36 com.jfinal:jfinal 36 com.thoughtworks.xstream:xstream 36 matrix-synapse 35 net.mingsoft:ms-mcms 35 moin 34 github.com/answerdev/answer 34 org.xwiki.platform:xwiki-platform-oldcore 34 mlflow 33 org.elasticsearch:elasticsearch 32 org.jenkins-ci.plugins:script-security 32 snipe/snipe-it 32 silverstripe/framework 32 k8s.io/kubernetes 32 keystone 30 opencv-contrib-python 30 opencv-python 30 mautic/core 30 Django 30 github.com/argoproj/argo-cd 29 getgrav/grav 29 parse-server 29 github.com/rancher/rancher 28 github.com/hashicorp/vault 28 centreon/centreon 27 io.undertow:undertow-core 27 org.keycloak:keycloak-services 27 shopware/shopware 27 github.com/hashicorp/nomad 26 prestashop/prestashop 26 github.com/hashicorp/consul 26 openssl-src 26 electron 26 rubygems-update 25 org.keycloak:keycloak-parent 25 org.apache.solr:solr-core 25 gogs.io/gogs 24 magento/core 24 pocketmine/pocketmine-mp 23 puppet 23 org.springframework.security:spring-security-core 23 github.com/argoproj/argo-cd/v2 23 remdex/livehelperchat 23 mediawiki/core 23 org.eclipse.jetty:jetty-server 23 ckb 22 grumpydictator/firefly-iii 22 getkirby/cms 22 org.bouncycastle:bcprov-jdk14 22 org.apache.nifi:nifi 22 rack 22 org.apache.openmeetings:openmeetings-parent 21 @openzeppelin/contracts-upgradeable 21 contao/core-bundle 21 activerecord 21 github.com/docker/docker 20 @openzeppelin/contracts 20 org.cloudfoundry.identity:cloudfoundry-identity-server 20 github.com/cilium/cilium 20 github.com/ethereum/go-ethereum 20 tribalsystems/zenario 20 DotNetNuke.Core 19 code.gitea.io/gitea 19 laravel/framework 19 org.springframework:spring-core 19 Microsoft.AspNetCore.App.Runtime.win-x64 18 com.vaadin:vaadin-bom 18 Microsoft.AspNetCore.App.Runtime.win-x86 18 langchain 18 com.liferay.portal:release.dxp.bom 18 forkcms/forkcms 18 glance 18 directus 18 contao/contao 18 helm.sh/helm/v3 18 cockpit-hq/cockpit 18 simplesamlphp/simplesamlphp 18 org.apache.geode:geode-core 17 topthink/framework 17 Microsoft.AspNetCore.App.Runtime.win-arm 17 cobbler 17 genix/cms 17 symfony/security 17 org.xwiki.platform:xwiki-platform-web-templates 17 golang.org/x/net 17 francoisjacquet/rosariosis 17 PaddlePaddle 17 cakephp/cakephp 17 mercurial 17 ezsystems/ezpublish-kernel 17 Microsoft.AspNetCore.App.Runtime.osx-x64 16 org.apache.dubbo:dubbo 16 wasmtime 16 org.apache.activemq:activemq-client 16 rusqlite 16 Microsoft.AspNetCore.App.Runtime.linux-x64 16 Microsoft.AspNetCore.App.Runtime.linux-musl-x64 16 Microsoft.AspNetCore.App.Runtime.linux-arm 16 neutron 16 Microsoft.AspNetCore.App.Runtime.linux-arm64 16 sequelize 16 yetiforce/yetiforce-crm 16 org.bouncycastle:bcprov-jdk15 16 pillow 16 notebook 15 org.apache.jspwiki:jspwiki-main 15 openmage/magento-lts 15 paddlepaddle 15 next 15 github.com/goharbor/harbor 15 Microsoft.AspNetCore.App.Runtime.win-arm64 15 gradio 15 Microsoft.AspNetCore.App.Runtime.linux-musl-arm64 15 cryptography 15 org.apache.struts.xwork:xwork-core 15 org.xwiki.platform:xwiki-platform-web 14 activesupport 14 zendframework/zendframework1 14 ghost 14 ec-cube/ec-cube 14 symfony/security-http 14 smarty/smarty 14 phpmailer/phpmailer 14 tinymce 14 pyload-ng 14 github.com/containerd/containerd 14 publify_core 14 swagger-ui 14 modoboa 14 org.apache.inlong:manager-pojo 14 typo3/cms-backend 14 pyftpdlib 14 codeigniter4/framework 13 github.com/mattermost/mattermost-server 13 lavalite/cms 13 github.com/traefik/traefik/v2 13 joplin 13 elefant/cms 13 october/system 13 strapi 13 bolt/bolt 13 ckeditor4 13 passenger 13 OctoPrint 13 impresscms/impresscms 13 github.com/nats-io/nats-server/v2 13 org.apache.cxf:cxf 13 org.apache.hadoop:hadoop-main 13 actionview 12 deno 12 undici 12
Filter by Repository
https://github.com/tensorflow/tensorflow 432 https://github.com/chakra-core/ChakraCore 214 https://github.com/moodle/moodle 210 https://github.com/xwiki/xwiki-platform 172 https://github.com/jenkinsci/jenkins 148 https://github.com/pimcore/pimcore 111 https://github.com/apache/tomcat 96 https://github.com/django/django 94 https://github.com/apache/airflow 90 https://github.com/microweber/microweber 85 https://github.com/FasterXML/jackson-databind 70 https://github.com/thorsten/phpmyfaq 69 https://github.com/usememos/memos 59 https://github.com/keycloak/keycloak 59 https://github.com/Dolibarr/dolibarr 55 https://github.com/rails/rails 53 https://github.com/ansible/ansible 53 https://github.com/python-pillow/Pillow 52 https://github.com/kubernetes/kubernetes 49 https://github.com/symfony/symfony 47 https://github.com/TYPO3/typo3 46 https://github.com/librenms/librenms 46 https://github.com/apache/struts 46 https://github.com/shopware/platform 43 https://github.com/ikus060/rdiffweb 42 https://github.com/spring-projects/spring-framework 41 https://github.com/grafana/grafana 39 https://github.com/star7th/showdoc 38 https://github.com/vyperlang/vyper 38 https://github.com/phpmyadmin/phpmyadmin 38 https://github.com/plone/Products.CMFPlone 37 https://github.com/argoproj/argo-cd 37 https://github.com/x-stream/xstream 36 https://github.com/openstack/nova 36 https://github.com/concretecms/concretecms 34 https://github.com/answerdev/answer 34 https://github.com/octobercms/october 33 https://github.com/apache/activemq 33 https://github.com/saltstack/salt 32 https://github.com/sparklemotion/nokogiri 32 https://github.com/matrix-org/synapse 32 https://github.com/go-gitea/gitea 31 https://github.com/PaddlePaddle/Paddle 31 https://github.com/magento/magento2 31 https://github.com/parse-community/parse-server 29 https://github.com/craftcms/cms 29 https://github.com/mautic/mautic 28 https://github.com/opencv/opencv 28 https://github.com/CVEProject/cvelist 28 https://github.com/snipe/snipe-it 28 https://github.com/mlflow/mlflow 27 https://github.com/openstack/keystone 27 https://github.com/froxlor/froxlor 26 https://github.com/apache/inlong 26 https://github.com/electron/electron 25 https://github.com/rancher/rancher 25 https://github.com/dotnet/runtime 24 https://github.com/shopware/shopware 24 https://github.com/getgrav/grav 24 https://github.com/TYPO3/TYPO3.CMS 24 https://github.com/pmmp/PocketMine-MP 23 https://github.com/github/advisory-database 23 https://github.com/livehelperchat/livehelperchat 23 https://github.com/eclipse/jetty.project 23 https://github.com/PrestaShop/PrestaShop 22 https://github.com/baserproject/basercms 22 https://github.com/firefly-iii/firefly-iii 22 https://github.com/nervosnetwork/ckb 22 https://github.com/contao/contao 22 https://github.com/apache/nifi 21 https://github.com/jenkinsci/script-security-plugin 21 https://github.com/strapi/strapi 21 https://github.com/netty/netty 20 https://github.com/jeecgboot/jeecg-boot 20 https://github.com/OpenNMS/opennms 20 https://github.com/cilium/cilium 20 https://github.com/OpenZeppelin/openzeppelin-contracts 20 https://github.com/gogs/gogs 20 https://github.com/nilsteampassnet/teampass 19 https://github.com/hashicorp/consul 19 https://github.com/bcgit/bc-java 19 https://github.com/apache/cxf 19 https://github.com/cloudfoundry/uaa 19 https://github.com/helm/helm 19 https://github.com/intelliants/subrion 19 https://github.com/rubygems/rubygems 18 https://github.com/nilsteampassnet/TeamPass 18 https://github.com/getkirby/kirby 18 https://github.com/vaadin/platform 17 https://github.com/rack/rack 17 https://github.com/liufee/cms 17 https://github.com/directus/directus 17 https://github.com/bytecodealliance/wasmtime 17 https://github.com/rusqlite/rusqlite 16 https://github.com/yetiforcecompany/yetiforcecrm 16 https://github.com/etcd-io/etcd 16 https://github.com/opencast/opencast 16 https://github.com/sequelize/sequelize 16 https://github.com/umbraco/Umbraco-CMS 16 https://github.com/forkcms/forkcms 16 https://github.com/ethereum/go-ethereum 16 https://github.com/hashicorp/vault 16 https://github.com/centreon/centreon 15 https://github.com/simplesamlphp/simplesamlphp 15 https://github.com/laravel/framework 15 https://github.com/puppetlabs/puppet 15 https://github.com/goharbor/harbor 15 https://github.com/geoserver/geoserver 15 https://github.com/OpenMage/magento-lts 15 https://github.com/denoland/deno 15 https://github.com/apache/camel 15 https://github.com/containerd/containerd 14 https://github.com/PHPMailer/PHPMailer 14 https://github.com/mattermost/mattermost 14 https://github.com/pyca/cryptography 14 https://github.com/cockpit-hq/cockpit 14 https://github.com/langchain-ai/langchain 14 https://github.com/moby/moby 14 https://github.com/cobbler/cobbler 14 https://github.com/vantage6/vantage6 14 https://github.com/tinymce/tinymce 14 https://github.com/gradio-app/gradio 14 https://github.com/pyload/pyload 14 https://github.com/quarkusio/quarkus 13 https://github.com/traefik/traefik 13 https://github.com/golang/go 13 https://github.com/hashicorp/nomad 13 https://github.com/swagger-api/swagger-ui 13 https://github.com/silverstripe/silverstripe-framework 13 https://github.com/xuxueli/xxl-job 13 https://github.com/dromara/hutool 13 https://github.com/publify/publify 13 https://github.com/modoboa/modoboa 13 https://github.com/undertow-io/undertow 13 https://github.com/ming-soft/MCMS 13 https://github.com/dompdf/dompdf 13 https://github.com/backstage/backstage 12 https://github.com/apache/dolphinscheduler 12 https://github.com/patriksimek/vm2 12 https://github.com/laurent22/joplin 12 https://github.com/ckeditor/ckeditor4 12 https://github.com/twisted/twisted 12 https://github.com/apache/kylin 12 https://github.com/nodejs/undici 12 https://github.com/TryGhost/Ghost 12 https://github.com/centreon/centreon-archived 12 https://github.com/igniterealtime/Openfire 11 https://github.com/top-think/framework 11 https://github.com/Studio-42/elFinder 11 https://github.com/thorsten/phpMyFAQ 11 https://github.com/dotnet/aspnetcore 11 https://github.com/janeczku/calibre-web 11 https://github.com/cakephp/cakephp 11 https://github.com/openfga/openfga 11 https://github.com/drupal/core 11 https://github.com/onionshare/onionshare 11 https://github.com/puma/puma 11 https://github.com/smarty-php/smarty 11 https://github.com/vaadin/flow 11 https://github.com/1Panel-dev/1Panel 11 https://github.com/aio-libs/aiohttp 11 https://github.com/containers/podman 11 https://github.com/ezsystems/ezpublish-kernel 11 https://github.com/cloudflare/cfrpki 11 https://github.com/nats-io/nats-server 11 https://github.com/zitadel/zitadel 11 https://github.com/opencontainers/runc 11 https://github.com/NodeBB/NodeBB 11 https://github.com/urllib3/urllib3 11 https://github.com/vercel/next.js 11 https://github.com/scrapy/scrapy 11 https://github.com/dolibarr/dolibarr 10 https://github.com/jquery/jquery 10 https://github.com/jenkinsci/git-plugin 10 https://github.com/keystonejs/keystone 10 https://github.com/wagtail/wagtail 10 https://github.com/pimcore/admin-ui-classic-bundle 10 https://github.com/openstack/glance 10 https://github.com/nextauthjs/next-auth 10 https://github.com/Sylius/Sylius 10 https://github.com/codeigniter4/CodeIgniter4 10 https://github.com/dpgaspar/Flask-AppBuilder 10 https://github.com/zopefoundation/Zope 10 https://github.com/greenpau/caddy-security 10 https://github.com/phusion/passenger 10 https://github.com/jupyter/notebook 10 https://github.com/nocodb/nocodb 10 https://github.com/OPCFoundation/UA-.NETStandard 10 https://github.com/WWBN/AVideo 10 https://github.com/Pylons/waitress 9 https://github.com/Graylog2/graylog2-server 9 https://github.com/spring-projects/spring-security 9 https://github.com/neorazorx/facturascripts 9 https://github.com/apache/lucene-solr 9 https://github.com/funadmin/funadmin 9 https://github.com/nautobot/nautobot 9 https://github.com/DSpace/DSpace 9 https://github.com/faucetsdn/ryu 9 https://github.com/semplon/GeniXCMS 9