Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories

Loading...
Moderate
GSA_kwCzR0hTQS1wY2NtLWo2dmotand3Zs0ytQ
Cross-site Scripting in ShowDoc
Ecosystems: packagist
Packages: showdoc/showdoc
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS02dmZjLXF2M2YtdnI2Y80hTA
Uncontrolled Resource Consumption in markdown-it
Ecosystems: npm
Packages: markdown-it
Source: GitHub Advisory Database
Blast Radius: 28.2
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS02cnZ2LWg4ZzctNzI4d84AAwgN
Mingsoft MCMS Cross-site Scripting vulnerability
Ecosystems: maven
Packages: net.mingsoft:ms-mcms
Source: GitHub Advisory Database
Blast Radius: 1.6
Published: over 1 year ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTIzcjQtNW14cC1jN2c1
parse-server new anonymous user session acts as if it's created with password
Ecosystems: npm
Packages: parse-server
Source: GitHub Advisory Database
Blast Radius: 14.8
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1ncDk1LXBwdjUtM2pjNc4AArTZ
sharp vulnerable to Command Injection in post-installation over build environment
Ecosystems: npm
Packages: sharp
Source: GitHub Advisory Database
Blast Radius: 34.1
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS14OHdqLWNxbXAtM3dtbc0ypQ
Cross-site Scripting in Zenario CMS
Ecosystems: packagist
Packages: tribalsystems/zenario
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1mZzl2LTU2aHctZzUyNc4AA6JK
GeoServer's Simple SVG Renderer vulnerable to Stored Cross-Site Scripting (XSS)
Ecosystems: maven
Packages: org.geoserver:gs-wms
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS1tNnByLXhjcm0tNHFxcM4AAq_6
XSS in Ignite Realtime Openfire via isTrustStore
Ecosystems: maven
Packages: org.igniterealtime.openfire:parent
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1nODVyLTZ4MnEtNDV3N84AA7Bf
SixLabors.ImageSharp vulnerable to Memory Allocation with Excessive Size Value
Ecosystems: nuget
Packages: SixLabors.ImageSharp
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 month ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTI0cDUteDlmOS12dnB4
Cross-site Scripting (XSS) in baserCMS
Ecosystems: packagist
Packages: baserproject/basercms
Source: GitHub Advisory Database
Blast Radius: 3.3
Published: almost 3 years ago
Moderate
GSA_kwCzR0hTQS1wNXE5LTg2dzQtMnhyNc4AA5iD
SMTP smuggling in Apache James
Ecosystems: maven
Packages: org.apache.james:james-server
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS1mNnJjLXJoNDMtaDhncs4AAYTG
Zend Access Restriction Bypass
Ecosystems: packagist
Packages: zendframework/zendframework1, zendframework/zendframework
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS00OW12LXZmY3AtOGdnOc4AA0AP
Moodle vulnerable to SQL Injection
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 8.9
Published: 11 months ago
Moderate
GSA_kwCzR0hTQS1wajM0LWZwdzMtODNxas4AAxgg
bottlerocket dependency openssl is vulnerable to read buffer overflow via X.509 verification
Ecosystems: cargo
Packages: bottlerocket/update-operator
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS13d2Z3LW01NGctZ3Y3Ms4AAQDD
ChakraCore information disclosure vulnerability
Ecosystems: nuget
Packages: Microsoft.ChakraCore
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS0yMmdqLThxajItZmo0Ns4AAzEK
Moodle External Control of File Name or Path vulnerability
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 7.5
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1qNmY3LWhnaHctZzQzN84AAcGn
bottle.py vulnerable to CRLF Injection
Ecosystems: pypi
Packages: bottle
Source: GitHub Advisory Database
Blast Radius: 26.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1tNWN3LWM2NHAtNzdoNs06pQ
CSRF vulnerability in Jenkins Subversion Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:subversion
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS02Zng5LTI5eDItZm1mas4AAwpG
usememos/memos Improper Access Control vulnerability
Ecosystems: go
Packages: github.com/usememos/memos
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWdqeHctNXcycS03Z3Jm
Rails activerecord gem has Improper Input Validation vulnerability
Ecosystems: rubygems
Packages: activerecord
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 6 years ago
Moderate
GSA_kwCzR0hTQS1mcjZmLXhtZngtcnJwcc4AAlf1
Magento path traversal vulnerability
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 7.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS05Z3h4LTMycDctZmY3bc4AAy1g
Modoboa has Weak Password Requirements
Ecosystems: pypi
Packages: modoboa
Source: GitHub Advisory Database
Blast Radius: 7.6
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1xOHFxLTJwNXAtcmc0NM4AAknX
Missing SSH host key validation in Jenkins Amazon EC2 Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:ec2
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXByNW0tNHcyMi04NDgz
NanoHTTPD Cross-site Scripting vulnerability
Ecosystems: maven
Packages: org.nanohttpd:nanohttpd-nanolets
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 3 years ago
Moderate
GSA_kwCzR0hTQS14aDRtLTk5cXAtdzQ4M84AAWcL
Cloud Foundry UAA open redirect
Ecosystems: maven
Packages: org.cloudfoundry.identity:cloudfoundry-identity-server
Source: GitHub Advisory Database
Blast Radius: 7.2
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1wNzVjLTV4M2gtY3hjZ84AAvNV
Fat Free CRM vulnerable to Remote Denial of Service via Tasks endpoint
Ecosystems: rubygems
Packages: fat_free_crm
Source: GitHub Advisory Database
Blast Radius: 10.4
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS12ajVwLWZwNDItNzc0cM4AAyQ1
Moodle may display roles to users who don't have access to them
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 6.1
Published: about 1 year ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTQ5cnYtZzd3NS1tOHh4
Cross-Site Scripting in @novnc/novnc
Ecosystems: npm
Packages: @novnc/novnc
Source: GitHub Advisory Database
Blast Radius: 15.6
Published: over 3 years ago
Moderate
GSA_kwCzR0hTQS1wMzNxLTRoNG0tajk5NM4AAwy7
Inline SVG vulnerable to Cross-site Scripting
Ecosystems: rubygems
Packages: inline_svg
Source: GitHub Advisory Database
Blast Radius: 18.4
Published: over 1 year ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXE0cmYtM2ZoeC04OHBm
YAML deserialization can run untrusted code
Ecosystems: maven
Packages: org.rundeck:rundeck-core
Source: GitHub Advisory Database
Blast Radius: 14.1
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS02M2g0LXcyNWMtM3F2NM4AA5gk
Kirby vulnerable to Cross-site scripting (XSS) in the link field "Custom" type
Ecosystems: packagist
Packages: getkirby/cms
Source: GitHub Advisory Database
Blast Radius: 11.9
Published: 3 months ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWYzcmYtdjlxbS05Yzg5
Cross-site Scripting in the femanager TYPO3 extension
Ecosystems: packagist
Packages: in2code/femanager
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS01eDg5LTc1cjctOHJqaM4AAkK2
XSS vulnerability in Jenkins useMango Runner Plugin
Ecosystems: maven
Packages: it.infuse.jenkins:usemango-runner
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWZxcjUtcXBoZi12ZnI4
Cross Site Scripting (XSS) in Simiki
Ecosystems: pypi
Packages: simiki
Source: GitHub Advisory Database
Blast Radius: 4.3
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS05ZjQ1LTlxcnctcHA0ds4AAyQt
Moodle vulnerable to Cross-site Scripting when algebra filter enabled but not functional
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 8.6
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS01NnI5LTcydngtcTk4Oc4AAyQ2
Moodle arbitrary file read vulnerability
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 9.2
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1maGZoLTZjamctNTdyZ80sQg
Jenkins Snow Commander Plugin 2.0 vulnerable to Cross-Site Request Forgery
Ecosystems: maven
Packages: io.jenkins.plugins:embotics-vcommander
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1qODU5LXBtcnEtOXE2Y84AAxgi
bottlerocket dependency openssl has a double free vulnerability
Ecosystems: cargo
Packages: bottlerocket/update-operator
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTk1Mm0tbTgzYy0zeG02
Open redirect in direct_mail
Ecosystems: packagist
Packages: directmailteam/direct-mail
Source: GitHub Advisory Database
Blast Radius: 2.9
Published: almost 3 years ago
Moderate
GSA_kwCzR0hTQS1jdzljLXYzdjItOTlobc3uCw
Blind SQL Injection with privileged Cloud Foundry UAA endpoints
Ecosystems: maven
Packages: org.cloudfoundry.identity:cloudfoundry-identity-server
Source: GitHub Advisory Database
Blast Radius: 7.6
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS02dnZoLTU3OTQtdnBtas0csQ
An issue in Atomix v3.1.5 allows attackers to cause a denial of service (DoS) via false member down event messages.
Ecosystems: maven
Packages: io.atomix:atomix
Source: GitHub Advisory Database
Blast Radius: 11.3
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS0zd3h4LWp4d2MtbWczOc4AAxgh
bottlerocket dependency openssl has a double free vulnerability
Ecosystems: cargo
Packages: bottlerocket/update-operator
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWN2aDUtcDZyNi1nMnFj
Exposed phpinfo() leadked via documentation files
Ecosystems: packagist
Packages: phpfastcache/phpfastcache
Source: GitHub Advisory Database
Blast Radius: 13.5
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS00Zmd2LTg0NDgtZ2Y4Ms4AA0Rf
Zinc Cross-site Scripting vulnerability
Ecosystems: go
Packages: github.com/zinclabs/zinc, github.com/zincsearch/zincsearch
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 11 months ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZwOTMtZ2N4NS00dzUy
Cross-Site Scripting in swagger-ui
Ecosystems: npm
Packages: swagger-ui
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Moderate
GSA_kwCzR0hTQS1tN3I2LTQzdjItNDl2Zs2t2Q
Mongrel vulnerable to directory traversal via double-encoded sequences
Ecosystems: rubygems
Packages: mongrel
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS01aHcyLTMyN3YtdnZyNs4AAmCe
Missing permission check in Jenkins Implied Labels Plugin allows reconfiguring the plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:implied-labels
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS13Z3Z2LTUzOTYtZ2d2as4AAaiZ
EC-CUBE XSS Vulnerabilities
Ecosystems: packagist
Packages: ec-cube/ec-cube
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1wcmptLTJmajItNzg3Zs4AAyQo
Moodle may allow teachers to access the names of users they could not otherwise access
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 6.1
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1yNmZ2LTU2Z3AtajNyNM4AAq1k
Typo3 Cross-Site Scripting in Link Handling
Ecosystems: packagist
Packages: typo3/cms, typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 21.9
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1oNmg1LTZmbXEtcmgyOM01gw
Path traversal allows leaking out-of-bound files from Argo CD repo-server
Ecosystems: go
Packages: github.com/argoproj/argo-cd
Source: GitHub Advisory Database
Blast Radius: 10.1
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1yZ2h3LTZweDItZmd3Y84AArKB
Improper Certificate Validation in MongoDB
Ecosystems: maven
Packages: org.mongodb:mongodb-driver-legacy, org.mongodb:mongodb-driver-sync, org.mongodb:mongo-java-driver, org.mongodb:mongodb-driver
Source: GitHub Advisory Database
Blast Radius: 30.1
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1mY3BtLWhjaGotbWg3Ms4AA6JM
GeoServer's WMS OpenLayers Format vulnerable to Stored Cross-Site Scripting (XSS)
Ecosystems: maven
Packages: org.geoserver:gs-wms
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 months ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTMzOTMtaHZyai13N3Yz
Denial of Service in Elasticsearch
Ecosystems: maven
Packages: org.elasticsearch:elasticsearch
Source: GitHub Advisory Database
Blast Radius: 24.3
Published: almost 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTlmOGYtNTc0cS04am1m
Manipulation of product reviews via API
Ecosystems: packagist
Packages: shopware/core, shopware/platform
Source: GitHub Advisory Database
Blast Radius: 16.1
Published: over 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTVtNjktM2NoZy02Zjht
Cross Site Scripting (XSS) in Quokka
Ecosystems: pypi
Packages: quokka
Source: GitHub Advisory Database
Blast Radius: 3.7
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS03cGhyLTZjYzktNG01cc4AAhJF
Grafana Cross-site Scripting vulnerability
Ecosystems: go
Packages: github.com/grafana/grafana
Source: GitHub Advisory Database
Blast Radius: 9.2
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1qNHAzLTJtMmgtY3Y1Zs3wzA
Cloud Foundry UAA Denial of Service through client token revocation endpoint
Ecosystems: maven
Packages: org.cloudfoundry.identity:cloudfoundry-identity-server
Source: GitHub Advisory Database
Blast Radius: 6.2
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS02NGc3LW12dzYtdjlxas0jWA
Improper Privilege Management in shelljs
Ecosystems: npm
Packages: shelljs
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS0yamptLTZ3aHgtcDh3NM4AAYGH
filp whoops Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: filp/whoops
Source: GitHub Advisory Database
Blast Radius: 34.1
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1ybTk3LXg1NTYtcTM2aM4AA5fD
sanitize-html Information Exposure vulnerability
Ecosystems: npm
Packages: sanitize-html
Source: GitHub Advisory Database
Blast Radius: 26.3
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS01NDd4LTc0OHYtdnA2cM4AA5A9
Dash apps vulnerable to Cross-site Scripting
Ecosystems: pypi, npm
Packages: dash-core-components, dash-html-components, dash
Source: GitHub Advisory Database
Blast Radius: 32.3
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS02cjZoLXZoZzctNTN4N84AAoKy
Cross Site Scripting (XSS) in LavaLite 5.8.0
Ecosystems: packagist
Packages: lavalite/cms
Source: GitHub Advisory Database
Blast Radius: 3.3
Published: almost 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTQ2YzQtOHdycC1qOTl2
Improper Validation and Sanitization in url-parse
Ecosystems: npm
Packages: url-parse
Source: GitHub Advisory Database
Blast Radius: 34.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS01cHFmLXJ2bTctM3dnd84AAwgU
collective.contact.widget is vulnerable to cross-site scripting
Ecosystems: pypi
Packages: collective.contact.widget
Source: GitHub Advisory Database
Blast Radius: 3.7
Published: over 1 year ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWNtZ3ctOHZwYy1yYzU5
Segfault on strings tensors with mistmatched dimensions, due to Go code
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 26.8
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1mN2ZxLXdwMngtamMyNc4AAu-h
Jenkins WildFly Deployer Plugin vulnerable to path traversal
Ecosystems: maven
Packages: org.jenkins-ci.plugins:wildfly-deployer
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWdyNDQtN2dyYy0zN3Zx
ActiveRecord vulnerable to modification of protected model attributes
Ecosystems: rubygems
Packages: activerecord
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 6 years ago
Moderate
GSA_kwCzR0hTQS13eDU0LTMyNzgtbTVnNM4AAgbg
Integer overflow in BCrypt class in Spring Security
Ecosystems: maven
Packages: org.springframework.security:spring-security-core
Source: GitHub Advisory Database
Blast Radius: 24.6
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS14cnhtLW12cW0tcjU1M84AAUMu
Helm Path Traversal
Ecosystems: go
Packages: helm.sh/helm
Source: GitHub Advisory Database
Blast Radius: 10.9
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS01bXFxLTdnMjUtcjR3eM4AAvIZ
FeehiCMS vulnerable to Cross-Site scripting via crafted payload
Ecosystems: packagist
Packages: feehi/feehicms
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS00cDkyLWZ2NnYtZmhmas0vMA
Cross-site Scripting in microweber
Ecosystems: packagist
Packages: microweber/microweber
Source: GitHub Advisory Database
Blast Radius: 3.8
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS13M3hnLTdxNm0tM3h3cM3kQg
Improper Access Control in wp-graphql
Ecosystems: packagist
Packages: wp-graphql/wp-graphql
Source: GitHub Advisory Database
Blast Radius: 8.9
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1mcmdyLWM1ZjItOHFoaM4AAyCc
Denial of service in Jenkins Core
Ecosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS02anA2LTlyZjktZ2M2Ns0u1Q
Cross-site Scripting in Weblate
Ecosystems: pypi
Packages: Weblate
Source: GitHub Advisory Database
Blast Radius: 1.6
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS0yOXF2LWhoZzQtNng5Ns4AAuqU
Unauthenticated Sensitive Information Disclosure vulnerability
Ecosystems: packagist
Packages: libreform/libreform
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1qcHA3LTdjaGgtY2Y2N84AAtAo
Cross site scripting in parse-url
Ecosystems: npm
Packages: parse-url
Source: GitHub Advisory Database
Blast Radius: 32.4
Published: almost 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWo2djkteGd2aC1mNzk2
Command Injection in wxchangba
Ecosystems: npm
Packages: wxchangba
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Moderate
GSA_kwCzR0hTQS03OWd4LTNmbTgtcXhxcc4AAwCx
Microweber vulnerable to cross-site scripting (XSS)
Ecosystems: packagist
Packages: microweber/microweber
Source: GitHub Advisory Database
Blast Radius: 4.3
Published: over 1 year ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTljOGgtMm12My00OXd3
Division by 0 in most convolution operators
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 26.8
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1nYzNqLXZ2d2YtNHJwOM4AA34M
Resque vulnerable to reflected XSS in resque-web failed and queues lists
Ecosystems: rubygems
Packages: resque
Source: GitHub Advisory Database
Blast Radius: 24.6
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS12NjR3LTQ5eHctcXE4Oc4AA3R1
Possible user mocking that bypasses basic authentication
Ecosystems: npm
Packages: next-auth
Source: GitHub Advisory Database
Blast Radius: 22.7
Published: 6 months ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZtanctYzJ2cC1wMzNj
Crash in NMS ops caused by integer conversion to unsigned
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 26.8
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1jZ3JqLXhqbTctOXEyN84AAtA6
Open redirect in web2py
Ecosystems: pypi
Packages: web2py
Source: GitHub Advisory Database
Blast Radius: 8.1
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS14Y2dwLWM2aHAtY2o0cs4AAhkW
Magento 2 Community Edition Path Disclosure
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 5.7
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1nNmhmLWY5Y3EtcTd3N83o4w
Cross-Site Request Forgery in Spring Framework
Ecosystems: maven
Packages: org.springframework:spring-web
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS05aG1xLWZtMzMteDR4eM4AA34I
Resque Scheduler Reflected XSS In Delayed Jobs View
Ecosystems: rubygems
Packages: resque-scheduler
Source: GitHub Advisory Database
Blast Radius: 21.7
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS05dng4LWY1YzQtODYyeM4AAxzX
XML External Entity (XXE) vulnerability in apoc.import.graphml
Ecosystems: maven
Packages: org.neo4j.procedure:apoc
Source: GitHub Advisory Database
Blast Radius: 9.7
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1ndmdjLXJ4bWgtNWh2d84AAVO9
Apache Tomcat affected by infinite loop in Double.parseDouble method in Java Runtime Environment
Ecosystems: maven
Packages: org.apache.tomcat:tomcat
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS05NGpxLXE1djItNzZ3as0YGQ
Improper certificate management in AWS IoT Device SDK v2
Ecosystems: pypi, npm, maven
Packages: awsiotsdk, aws-iot-device-sdk-v2, software.amazon.awssdk.iotdevicesdk:aws-iot-device-sdk
Source: GitHub Advisory Database
Blast Radius: 31.6
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1oZ2dyLXA3djYtNzNwNc4AAwoQ
revel is vulnerable to resource exhaustion
Ecosystems: go
Packages: github.com/revel/revel
Source: GitHub Advisory Database
Blast Radius: 14.1
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS12cHFtLTg4YzQteDRjds4AARKl
Exposure of Sensitive Information to an Unauthorized Actor in Elasticsearch
Ecosystems: maven
Packages: org.elasticsearch:elasticsearch
Source: GitHub Advisory Database
Blast Radius: 27.7
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS13amc4LXB4cWotYzNjN84AA0TB
Artesãos SEOTools Open Redirect vulnerability
Ecosystems: packagist
Packages: artesaos/seotools
Source: GitHub Advisory Database
Blast Radius: 17.6
Published: 11 months ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXBxNnYteDdncC03Nzc2
Source code is downloaded over cleartext HTTP in portaudio
Ecosystems: cargo
Packages: portaudio
Source: GitHub Advisory Database
Blast Radius: 9.9
Published: over 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXIyM2YtYzJqNS1yeDJm
Local File read vulnerability in OctoberCMS
Ecosystems: packagist
Packages: october/cms
Source: GitHub Advisory Database
Blast Radius: 12.0
Published: almost 4 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTkzZjMtMjNycS1wamZw
npm CLI exposing sensitive information through logs
Ecosystems: npm
Packages: npm
Source: GitHub Advisory Database
Blast Radius: 22.6
Published: almost 4 years ago
Moderate
GSA_kwCzR0hTQS1qMzR2LTM1NTItNXI3as0vhA
Multiple security issues in Pomerium's embedded envoy
Ecosystems: go
Packages: github.com/pomerium/pomerium
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1mNHJyLTVtN3Ytd3hjd84AArBV
Type confusion leading to `CHECK`-failure based denial of service in TensorFlow
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 26.8
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1xcnBtLXAyaDctaHJ2Ms0jtQ
Exposure of Sensitive Information to an Unauthorized Actor in nanoid
Ecosystems: npm
Packages: nanoid
Source: GitHub Advisory Database
Blast Radius: 34.2
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS04NDc3LTN2MzktZ2dwbc3mcQ
Improper Validation of Integrity Check Value in Bouncy Castle
Ecosystems: maven
Packages: org.bouncycastle:bcprov-jdk15on
Source: GitHub Advisory Database
Blast Radius: 18.8
Published: about 2 years ago
Statistics
Advisories: 18,752
Packages: 8,375
Repositories: 5,076
Ecosystems: 12
Filter by Severity
Moderate 8,149 High 6,447 Critical 2,848 Low 1,014
Filter by Ecosystem
maven 5,573 packagist 3,982 pypi 3,848 npm 3,558 go 1,934 nuget 1,421 rubygems 815 cargo 780 swift 31 hex 30 actions 16 pub 8
Filter by Package
tensorflow 432 tensorflow-cpu 387 tensorflow-gpu 384 moodle/moodle 323 Microsoft.ChakraCore 247 magento/community-edition 203 org.jenkins-ci.main:jenkins-core 189 org.apache.tomcat:tomcat 134 pimcore/pimcore 116 dolibarr/dolibarr 107 typo3/cms 102 phpmyadmin/phpmyadmin 92 microweber/microweber 91 drupal/core 90 django 80 apache-airflow 78 typo3/cms-core 77 drupal/drupal 75 thorsten/phpmyfaq 70 com.fasterxml.jackson.core:jackson-databind 69 ansible 63 github.com/usememos/memos 59 actionpack 57 org.apache.struts:struts2-core 55 librenms/librenms 54 symfony/symfony 53 salt 53 concrete5/concrete5 52 Plone 52 apache-superset 49 shopware/platform 48 org.keycloak:keycloak-core 47 com.liferay.portal:release.portal.bom 45 nova 45 github.com/grafana/grafana 44 baserproject/basercms 43 plone 43 nokogiri 43 rdiffweb 42 Pillow 41 showdoc/showdoc 40 intelliants/subrion 40 craftcms/cms 40 github.com/mattermost/mattermost/server/v8 38 vyper 38 github.com/mattermost/mattermost-server/v6 37 froxlor/froxlor 37 nilsteampassnet/teampass 37 shopware/core 36 com.thoughtworks.xstream:xstream 36 com.jfinal:jfinal 36 org.apache.tomcat.embed:tomcat-embed-core 36 net.mingsoft:ms-mcms 35 matrix-synapse 35 org.xwiki.platform:xwiki-platform-oldcore 34 github.com/answerdev/answer 34 moin 34 mlflow 33 snipe/snipe-it 32 org.jenkins-ci.plugins:script-security 32 silverstripe/framework 32 org.elasticsearch:elasticsearch 32 k8s.io/kubernetes 32 mautic/core 30 Django 30 opencv-contrib-python 30 opencv-python 30 keystone 30 parse-server 29 github.com/argoproj/argo-cd 29 getgrav/grav 29 github.com/rancher/rancher 28 github.com/hashicorp/vault 28 centreon/centreon 27 shopware/shopware 27 io.undertow:undertow-core 27 org.keycloak:keycloak-services 27 github.com/hashicorp/nomad 26 github.com/hashicorp/consul 26 openssl-src 26 electron 26 prestashop/prestashop 26 org.keycloak:keycloak-parent 25 rubygems-update 25 org.apache.solr:solr-core 25 magento/core 24 gogs.io/gogs 24 github.com/argoproj/argo-cd/v2 23 remdex/livehelperchat 23 org.springframework.security:spring-security-core 23 pocketmine/pocketmine-mp 23 puppet 23 org.eclipse.jetty:jetty-server 23 org.apache.nifi:nifi 22 getkirby/cms 22 grumpydictator/firefly-iii 22 ckb 22 rack 22 org.bouncycastle:bcprov-jdk14 22 activerecord 21 @openzeppelin/contracts-upgradeable 21 org.apache.openmeetings:openmeetings-parent 21 contao/core-bundle 21 github.com/ethereum/go-ethereum 20 org.cloudfoundry.identity:cloudfoundry-identity-server 20 github.com/docker/docker 20 tribalsystems/zenario 20 @openzeppelin/contracts 20 github.com/cilium/cilium 20 code.gitea.io/gitea 19 DotNetNuke.Core 19 org.springframework:spring-core 19 laravel/framework 19 com.liferay.portal:release.dxp.bom 18 glance 18 Microsoft.AspNetCore.App.Runtime.win-x64 18 Microsoft.AspNetCore.App.Runtime.win-x86 18 forkcms/forkcms 18 helm.sh/helm/v3 18 cockpit-hq/cockpit 18 contao/contao 18 directus 18 com.vaadin:vaadin-bom 18 simplesamlphp/simplesamlphp 18 langchain 18 genix/cms 17 ezsystems/ezpublish-kernel 17 PaddlePaddle 17 Microsoft.AspNetCore.App.Runtime.win-arm 17 org.apache.geode:geode-core 17 cakephp/cakephp 17 golang.org/x/net 17 org.xwiki.platform:xwiki-platform-web-templates 17 symfony/security 17 mercurial 17 cobbler 17 francoisjacquet/rosariosis 17 topthink/framework 17 mediawiki/core 17 Microsoft.AspNetCore.App.Runtime.linux-musl-x64 16 org.apache.activemq:activemq-client 16 Microsoft.AspNetCore.App.Runtime.linux-arm64 16 Microsoft.AspNetCore.App.Runtime.linux-x64 16 Microsoft.AspNetCore.App.Runtime.linux-arm 16 rusqlite 16 Microsoft.AspNetCore.App.Runtime.osx-x64 16 sequelize 16 yetiforce/yetiforce-crm 16 wasmtime 16 pillow 16 org.apache.dubbo:dubbo 16 org.bouncycastle:bcprov-jdk15 16 neutron 16 Microsoft.AspNetCore.App.Runtime.win-arm64 15 github.com/goharbor/harbor 15 openmage/magento-lts 15 paddlepaddle 15 cryptography 15 notebook 15 org.apache.struts.xwork:xwork-core 15 Microsoft.AspNetCore.App.Runtime.linux-musl-arm64 15 next 15 gradio 15 org.apache.jspwiki:jspwiki-main 15 swagger-ui 14 ghost 14 phpmailer/phpmailer 14 org.xwiki.platform:xwiki-platform-web 14 ec-cube/ec-cube 14 zendframework/zendframework1 14 activesupport 14 github.com/containerd/containerd 14 pyload-ng 14 tinymce 14 pyftpdlib 14 smarty/smarty 14 modoboa 14 org.apache.inlong:manager-pojo 14 typo3/cms-backend 14 symfony/security-http 14 publify_core 14 github.com/mattermost/mattermost-server 13 org.apache.cxf:cxf 13 github.com/nats-io/nats-server/v2 13 github.com/traefik/traefik/v2 13 elefant/cms 13 passenger 13 october/system 13 org.apache.hadoop:hadoop-main 13 joplin 13 impresscms/impresscms 13 OctoPrint 13 strapi 13 bolt/bolt 13 ckeditor4 13 lavalite/cms 13 codeigniter4/framework 13 github.com/opencontainers/runc 12 swift 12 Microsoft.NETCore.App.Runtime.win-arm64 12
Filter by Repository
https://github.com/tensorflow/tensorflow 432 https://github.com/chakra-core/ChakraCore 214 https://github.com/moodle/moodle 210 https://github.com/xwiki/xwiki-platform 172 https://github.com/jenkinsci/jenkins 148 https://github.com/pimcore/pimcore 111 https://github.com/apache/tomcat 96 https://github.com/django/django 94 https://github.com/apache/airflow 90 https://github.com/microweber/microweber 85 https://github.com/FasterXML/jackson-databind 70 https://github.com/thorsten/phpmyfaq 69 https://github.com/keycloak/keycloak 59 https://github.com/usememos/memos 59 https://github.com/Dolibarr/dolibarr 55 https://github.com/rails/rails 53 https://github.com/ansible/ansible 53 https://github.com/python-pillow/Pillow 52 https://github.com/kubernetes/kubernetes 49 https://github.com/symfony/symfony 47 https://github.com/apache/struts 46 https://github.com/TYPO3/typo3 46 https://github.com/librenms/librenms 46 https://github.com/shopware/platform 43 https://github.com/ikus060/rdiffweb 42 https://github.com/spring-projects/spring-framework 41 https://github.com/grafana/grafana 39 https://github.com/vyperlang/vyper 38 https://github.com/phpmyadmin/phpmyadmin 38 https://github.com/star7th/showdoc 38 https://github.com/plone/Products.CMFPlone 37 https://github.com/argoproj/argo-cd 37 https://github.com/openstack/nova 36 https://github.com/x-stream/xstream 36 https://github.com/concretecms/concretecms 34 https://github.com/answerdev/answer 34 https://github.com/apache/activemq 33 https://github.com/octobercms/october 33 https://github.com/saltstack/salt 32 https://github.com/matrix-org/synapse 32 https://github.com/sparklemotion/nokogiri 32 https://github.com/PaddlePaddle/Paddle 31 https://github.com/magento/magento2 31 https://github.com/go-gitea/gitea 31 https://github.com/parse-community/parse-server 29 https://github.com/craftcms/cms 29 https://github.com/mautic/mautic 28 https://github.com/opencv/opencv 28 https://github.com/snipe/snipe-it 28 https://github.com/CVEProject/cvelist 28 https://github.com/mlflow/mlflow 27 https://github.com/openstack/keystone 27 https://github.com/froxlor/froxlor 26 https://github.com/apache/inlong 26 https://github.com/rancher/rancher 25 https://github.com/electron/electron 25 https://github.com/dotnet/runtime 24 https://github.com/TYPO3/TYPO3.CMS 24 https://github.com/shopware/shopware 24 https://github.com/getgrav/grav 24 https://github.com/github/advisory-database 23 https://github.com/pmmp/PocketMine-MP 23 https://github.com/livehelperchat/livehelperchat 23 https://github.com/eclipse/jetty.project 23 https://github.com/PrestaShop/PrestaShop 22 https://github.com/nervosnetwork/ckb 22 https://github.com/baserproject/basercms 22 https://github.com/contao/contao 22 https://github.com/firefly-iii/firefly-iii 22 https://github.com/jenkinsci/script-security-plugin 21 https://github.com/apache/nifi 21 https://github.com/strapi/strapi 21 https://github.com/cilium/cilium 20 https://github.com/jeecgboot/jeecg-boot 20 https://github.com/gogs/gogs 20 https://github.com/netty/netty 20 https://github.com/OpenNMS/opennms 20 https://github.com/OpenZeppelin/openzeppelin-contracts 20 https://github.com/helm/helm 19 https://github.com/bcgit/bc-java 19 https://github.com/apache/cxf 19 https://github.com/nilsteampassnet/teampass 19 https://github.com/hashicorp/consul 19 https://github.com/cloudfoundry/uaa 19 https://github.com/intelliants/subrion 19 https://github.com/nilsteampassnet/TeamPass 18 https://github.com/getkirby/kirby 18 https://github.com/rubygems/rubygems 18 https://github.com/bytecodealliance/wasmtime 17 https://github.com/directus/directus 17 https://github.com/liufee/cms 17 https://github.com/vaadin/platform 17 https://github.com/rack/rack 17 https://github.com/etcd-io/etcd 16 https://github.com/opencast/opencast 16 https://github.com/rusqlite/rusqlite 16 https://github.com/yetiforcecompany/yetiforcecrm 16 https://github.com/sequelize/sequelize 16 https://github.com/forkcms/forkcms 16 https://github.com/hashicorp/vault 16 https://github.com/ethereum/go-ethereum 16 https://github.com/umbraco/Umbraco-CMS 16 https://github.com/laravel/framework 15 https://github.com/puppetlabs/puppet 15 https://github.com/geoserver/geoserver 15 https://github.com/OpenMage/magento-lts 15 https://github.com/centreon/centreon 15 https://github.com/goharbor/harbor 15 https://github.com/apache/camel 15 https://github.com/simplesamlphp/simplesamlphp 15 https://github.com/denoland/deno 15 https://github.com/moby/moby 14 https://github.com/vantage6/vantage6 14 https://github.com/containerd/containerd 14 https://github.com/langchain-ai/langchain 14 https://github.com/mattermost/mattermost 14 https://github.com/pyca/cryptography 14 https://github.com/tinymce/tinymce 14 https://github.com/PHPMailer/PHPMailer 14 https://github.com/gradio-app/gradio 14 https://github.com/cockpit-hq/cockpit 14 https://github.com/cobbler/cobbler 14 https://github.com/pyload/pyload 14 https://github.com/xuxueli/xxl-job 13 https://github.com/modoboa/modoboa 13 https://github.com/swagger-api/swagger-ui 13 https://github.com/ming-soft/MCMS 13 https://github.com/traefik/traefik 13 https://github.com/dromara/hutool 13 https://github.com/golang/go 13 https://github.com/dompdf/dompdf 13 https://github.com/hashicorp/nomad 13 https://github.com/undertow-io/undertow 13 https://github.com/quarkusio/quarkus 13 https://github.com/publify/publify 13 https://github.com/silverstripe/silverstripe-framework 13 https://github.com/TryGhost/Ghost 12 https://github.com/ckeditor/ckeditor4 12 https://github.com/laurent22/joplin 12 https://github.com/apache/kylin 12 https://github.com/apache/dolphinscheduler 12 https://github.com/nodejs/undici 12 https://github.com/patriksimek/vm2 12 https://github.com/backstage/backstage 12 https://github.com/centreon/centreon-archived 12 https://github.com/twisted/twisted 12 https://github.com/1Panel-dev/1Panel 11 https://github.com/nats-io/nats-server 11 https://github.com/janeczku/calibre-web 11 https://github.com/scrapy/scrapy 11 https://github.com/urllib3/urllib3 11 https://github.com/smarty-php/smarty 11 https://github.com/Studio-42/elFinder 11 https://github.com/aio-libs/aiohttp 11 https://github.com/NodeBB/NodeBB 11 https://github.com/cakephp/cakephp 11 https://github.com/puma/puma 11 https://github.com/vaadin/flow 11 https://github.com/top-think/framework 11 https://github.com/drupal/core 11 https://github.com/opencontainers/runc 11 https://github.com/dotnet/aspnetcore 11 https://github.com/cloudflare/cfrpki 11 https://github.com/zitadel/zitadel 11 https://github.com/vercel/next.js 11 https://github.com/igniterealtime/Openfire 11 https://github.com/ezsystems/ezpublish-kernel 11 https://github.com/containers/podman 11 https://github.com/openfga/openfga 11 https://github.com/thorsten/phpMyFAQ 11 https://github.com/onionshare/onionshare 11 https://github.com/nocodb/nocodb 10 https://github.com/phusion/passenger 10 https://github.com/dolibarr/dolibarr 10 https://github.com/Sylius/Sylius 10 https://github.com/jquery/jquery 10 https://github.com/jupyter/notebook 10 https://github.com/dpgaspar/Flask-AppBuilder 10 https://github.com/nextauthjs/next-auth 10 https://github.com/greenpau/caddy-security 10 https://github.com/pimcore/admin-ui-classic-bundle 10 https://github.com/WWBN/AVideo 10 https://github.com/jenkinsci/git-plugin 10 https://github.com/wagtail/wagtail 10 https://github.com/zopefoundation/Zope 10 https://github.com/OPCFoundation/UA-.NETStandard 10 https://github.com/keystonejs/keystone 10 https://github.com/codeigniter4/CodeIgniter4 10 https://github.com/openstack/glance 10 https://github.com/cui2shark/cms 9 https://github.com/giampaolo/pyftpdlib 9 https://github.com/cosmos/cosmos-sdk 9 https://github.com/ethyca/fides 9 https://github.com/Pylons/waitress 9 https://github.com/funadmin/funadmin 9 https://github.com/pgadmin-org/pgadmin4 9 https://github.com/openstack/horizon 9 https://github.com/LavaLite/cms 9 https://github.com/fatfreecrm/fat_free_crm 9