Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories

Loading...
Moderate
GSA_kwCzR0hTQS1yd3c3LTJncHctZnY2as0osg
Crash when type cannot be specialized in Tensorflow
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 31.6
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1yY3g2LTdqcDYtcHFmMs4AAVW9
ember-source Cross-site Scripting vulnerability
Ecosystems: rubygems
Packages: ember-source
Source: GitHub Advisory Database
Blast Radius: 19.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS02amZjLW1jOTctYzd3Z84AAhUt
Missing Authorization in Jenkins
Ecosystems: maven
Packages: org.kohsuke.stapler:stapler-parent, org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1yeGc5LWhncTctOHB3eM4AA3qR
Header spoofing in caddy-geo-ip
Ecosystems: go
Packages: github.com/shift72/caddy-geo-ip
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS02d3JoLTI3OWotNmh2d80xMQ
HTTP caching is marking private HTTP headers as public in Shopware
Ecosystems: packagist
Packages: shopware/storefront, shopware/core, shopware/platform
Source: GitHub Advisory Database
Blast Radius: 15.6
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS0zNjU3LXE0MzMtbW1weM4AAbp_
Canvs Canvas Cross-site Scripting (XSS) via title and content fields
Ecosystems: packagist
Packages: austintoddj/canvas
Source: GitHub Advisory Database
Blast Radius: 5.4
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1wcHh4LTVtOWgtNnZ4Zs4AA4Ux
quic-go's path validation mechanism can be exploited to cause denial of service
Ecosystems: go
Packages: github.com/quic-go/quic-go
Source: GitHub Advisory Database
Blast Radius: 19.6
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS01eGY5LTN2NjMtd3c2Zs3wTQ
Uncontrolled Resource Consumption in Apache CXF
Ecosystems: maven
Packages: org.apache.cxf:cxf-core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1xcDQyLTVwajctNGNjbc4AA4Bf
Concrete CMS Cross Site Request Forgery (CSRF)
Ecosystems: packagist
Packages: concrete5/concrete5
Source: GitHub Advisory Database
Blast Radius: 3.6
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS13Mm1oLTZ4ajUtZjc3Zs0ilA
Incorrect Permission Assignment for Critical Resource in Jenkins Bitbucket Branch Source Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:cloudbees-bitbucket-branch-source
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS00MzdqLTVxYzMtYzU4Oc4AAtCQ
Open Redirect in microweber
Ecosystems: packagist
Packages: microweber/microweber
Source: GitHub Advisory Database
Blast Radius: 4.3
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1qd3dyLWZqZ2gtY3YyeM3r0Q
Improper Restriction of XML External Entity Reference in Castor
Ecosystems: maven
Packages: org.codehaus.castor:castor
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1qcXIyLTdmMjQteHJnY84AA3ve
Missing permission check in Jenkins PaaSLane Estimate Plugin
Ecosystems: maven
Packages: com.cloudtp.jenkins:paaslane-estimate
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS12NjcyLTV4M2gtNTdxcM4AA3vb
Cross-site request forgery vulnerability in Jenkins Deployment Dashboard Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:ec2-deployment-dashboard
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS00amZxLWY4aGMtNzc1cc4AAnia
Magento Insufficient Session Expiration
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 6.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1oNXJtLW03NzItNnFjeM4AAnie
Magento stored cross-site scripting vulnerability in the admin console
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 5.2
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1tZ2Z2LTR3aGYtYzU3NM4AAhk9
Magento Cross-site Scripting in the admin panel
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 5.2
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS02cjV3LWpqcjUtcXZncs4AA3vZ
Password stored in a recoverable format by Jenkins OpenId Connect Authentication Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:oic-auth
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS1tM3g2LTl2NmgtNGcyOM4AAUxh
Cross-site Scripting in Apache Struts
Ecosystems: maven
Packages: org.apache.struts:struts2-core
Source: GitHub Advisory Database
Blast Radius: 23.1
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS00MmczLTNqd20tNjNyeM4AA3u5
Broken access control in Silverpeas
Ecosystems: maven
Packages: org.silverpeas.core:silverpeas-core-web
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS1qODJ4LWZoOGgtMzI2Z84AAwrd
Yii2 FileAPI Widget vulnerable to Cross-site Scripting
Ecosystems: packagist
Packages: vova07/yii2-fileapi-widget
Source: GitHub Advisory Database
Blast Radius: 10.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS01cDlqLXcyd3gtcXg0Y80whQ
Open Redirect in django-spirit
Ecosystems: pypi
Packages: django-spirit
Source: GitHub Advisory Database
Blast Radius: 9.4
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS12OXczLTM0eHEtaHJqZ84AA3vf
Tokens stored in plain text by PaaSLane Estimate Plugin
Ecosystems: maven
Packages: com.cloudtp.jenkins:paaslane-estimate
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS1odmY1LTRqcjktZmdoaM4AAmmI
Magento incorrect permissions vulnerability in the Integrations component
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 5.3
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1oM3JnLTRoNWctOGZxZ833WQ
SSRF vulnerability due to missing permission check in Fortify on Demand Uploader Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:fortify-on-demand-uploader
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1yMnZ3LXgzaHItOTY5ds33VQ
Unprivileged users with Overall/Read access are able to enumerate credential IDs in Azure VM Agents Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:azure-vm-agents
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1nZzhyLXhqd3EtNHc5Ms4AAwOk
Cross-site scripting vulnerability in TinyMCE alerts
Ecosystems: nuget, packagist, npm
Packages: TinyMCE, tinymce/tinymce, tinymce
Source: GitHub Advisory Database
Blast Radius: 38.4
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS13M21xLTY3bXctM3A5Zs4AAXdm
Magento Cross-Site Request Forgery (CSRF)
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 7.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1oNnA2LWZjNHctY3FoeM4AAd18
Improper Limitation of a Pathname to a Restricted Directory in JBoss Undertow
Ecosystems: maven
Packages: io.undertow:undertow-core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS13N2NxLWo5cDktaG0zbc3sHw
Improper Input Validation in Apache Santuario XML Security
Ecosystems: maven
Packages: org.apache.santuario:xmlsec
Source: GitHub Advisory Database
Blast Radius: 18.1
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS13Znc2LW1tbXAtODd4bc4AAYTN
Improper Input Validation in Apache Batik
Ecosystems: maven
Packages: org.apache.xmlgraphics:batik
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1jMzhtLTk2NjgtNmoyd84AAo-D
Magento Improper input validation vulnerability
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 5.7
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1jcmpjLTJ2OW0tOHc3cs4AAniu
Magento improper authorization vulnerability in the integrations module
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 5.7
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS00Njh3LTh4MzktZ2o1ds4AAwNU
Traefik routes exposed with an empty TLSOption
Ecosystems: go
Packages: github.com/traefik/traefik/v2
Source: GitHub Advisory Database
Blast Radius: 11.2
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS12cjdtLXI5dm0tbTR3Zs4AA4Lz
PrestaShop XSS can be stored in DB from "add a message form" in order detail page (FO)
Ecosystems: packagist
Packages: prestashop/prestashop
Source: GitHub Advisory Database
Blast Radius: 1.6
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS0yN3dnLTk5ZzgtMnY0ds4AA4Ly
Rust EVM erroneousle handles `record_external_operation` error return
Ecosystems: cargo
Packages: evm
Source: GitHub Advisory Database
Blast Radius: 14.1
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS0yZ3JoLWdyMzctMjI4M84AA327
Solr search discloses email addresses of users
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-search-solr-api
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS00djZwLWN4ZjktOThyZs0ufw
Allocation of Resources Without Limits or Throttling in metadata-extractor
Ecosystems: maven
Packages: com.drewnoakes:metadata-extractor
Source: GitHub Advisory Database
Blast Radius: 17.5
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1oNWN4LXcyMzUtNThobc4AAiYd
Jenkins iceScrum Plugin vulnerable to Missing Authorization
Ecosystems: maven
Packages: org.jenkins-ci.plugins:icescrum
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXc3angtajc3bS13cDY1
Cross-site scripting vulnerability in TinyMCE
Ecosystems: packagist, nuget, npm
Packages: tinymce/tinymce, TinyMCE, tinymce
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 3 years ago
Moderate
GSA_kwCzR0hTQS02ZnYzLXc3ajYtNXhmY84AAie8
Jenkins Sonar Gerrit Plugin stores credentials unencrypted
Ecosystems: maven
Packages: org.jenkins-ci.plugins:sonar-gerrit
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS02ODJqLTJwNTMteHA1Zs4AAvdV
Agent-to-controller security bypass vulnerability in Jenkins BMC Compuware Source Code Download for Endevor, PDS, and ISPW Plugin
Ecosystems: maven
Packages: com.compuware.jenkins:compuware-scm-downloader
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS01Z2pxLTUzMzkteDVjds4AAzXI
Jenkins Code Dx Plugin missing permission checks
Ecosystems: maven
Packages: org.jenkins-ci.plugins:codedx
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 12 months ago
Moderate
GSA_kwCzR0hTQS01NXE2LXIzaG0tN2ZmNM4AA1-G
Jenkins Build Failure Analyzer Plugin missing permission check
Ecosystems: maven
Packages: com.sonyericsson.jenkins.plugins.bfa:build-failure-analyzer
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS1wZ3E2LWNjcWotaHBxcs0v_A
Elasticsearch privilege escalation
Ecosystems: maven
Packages: org.elasticsearch:elasticsearch
Source: GitHub Advisory Database
Blast Radius: 18.4
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS03OG01LWpwbWYtY2g3ds4AAwJ6
GuardDog vulnerable to arbitrary file write when scanning a specially-crafted remote PyPI package
Ecosystems: pypi
Packages: guarddog
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1qODk2LWo3MnctY3IzMs4AAttD
Jenkins Job Configuration History Plugin does not require POST requests for several HTTP endpoints
Ecosystems: maven
Packages: org.jenkins-ci.plugins:jobConfigHistory
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1oY3B3LXY3MjctNjRxaM4AAz8p
Jenkins Team Concert Plugin does not perform permission checks in methods implementing form validation
Ecosystems: maven
Packages: org.jenkins-ci.plugins:teamconcert
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 11 months ago
Moderate
GSA_kwCzR0hTQS12NTM1LXBjNnItNzdxaM4AAv5C
Lack of authentication mechanism for webhook in CloudBees Docker Hub/Registry Notification Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:dockerhub-notification
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS12MjIyLXcybXcteGpjNs4AARcp
Exposure of Sensitive Information to an Unauthorized Actor in Jenkins
Ecosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1wdjJnLXZtOTgtdmp4Zs4AA1V9
Jenkins Config File Provider Plugin improper credential masking vulnerability
Ecosystems: maven
Packages: org.jenkins-ci.plugins:config-file-provider
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 9 months ago
Moderate
GSA_kwCzR0hTQS1ycGoyLXc2ZnItNzloY84AAuZ2
Keycloak vulnerable to Improper Certificate Validation
Ecosystems: maven
Packages: org.keycloak:keycloak-core
Source: GitHub Advisory Database
Blast Radius: 16.5
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS02dzNoLXZxN20tdjNxZs4AATng
Jenkins Black Duck Detect Plugin information exposure vulnerability
Ecosystems: maven
Packages: com.synopsys.integration:synopsys-detect
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1jbTdqLXA4aGMtOTd2as4AAttG
Jenkins Git client plugin 3.11.0 does not perform SSH host key verification
Ecosystems: maven
Packages: org.jenkins-ci.plugins:git-client
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS13N3J4LTgyNHYtcmd4Nc4AA3y_
WSO2 API Manager allows attackers to change the API rating
Ecosystems: maven
Packages: org.wso2.carbon.apimgt:forum
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS1nbXY0LXI0MzgtcDY3Zs0v7g
Leading white space bypasses protocol validation
Ecosystems: npm
Packages: urijs
Source: GitHub Advisory Database
Blast Radius: 27.9
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1mcHBoLW1xYzgtaDZxNc4AA3-O
Unrestricted File Upload affecting automad
Ecosystems: packagist
Packages: automad/automad
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS05cDU0LXBjODgtMzZjNM303A
Moodle does not properly restrict access to category and course data
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1xcWZmLTR2dzQtZjZoeM4AAwJU
Cap'n Proto and its Rust implementation vulnerable to out-of-bounds read due to logic error handling list-of-list
Ecosystems: cargo
Packages: capnp
Source: GitHub Advisory Database
Blast Radius: 13.3
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1naG13LXJ3aDgtNnFtcs4AA4PI
pyload Log Injection vulnerability
Ecosystems: pypi
Packages: pyload-ng
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS1oZ3A4LXc4ZmotcjRjbc4AAv_v
ToolJet is vulnerable to Denial of Service (DoS)
Ecosystems: npm
Packages: tooljet
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS0yMjY4LTk4d2gtcWZoZs4AA4GU
JLine vulnerable to out of memory error
Ecosystems: maven
Packages: org.jline:jline-parent
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS1tZmptLXZoNTQtM2Y5Ns0viQ
Scrapy cookie-setting is not restricted based on the public suffix list
Ecosystems: pypi
Packages: scrapy
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS03M3J4LTNmOXIteDk0Oc4AATnv
Insufficient Verification of Data Authenticity in Apache Tomcat
Ecosystems: maven
Packages: org.apache.tomcat:tomcat
Source: GitHub Advisory Database
Blast Radius: 11.4
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1yM3FyLXZ3dmctNDNmN84AAwGL
Authenticated OpenRedirect Vulnerability
Ecosystems: maven
Packages: org.opencastproject:opencast-common
Source: GitHub Advisory Database
Blast Radius: 9.6
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1jdzY4LXhtbTQtYzgzcs0ihw
Agent-to-controller security bypass in Jenkins Conjur Secrets Plugin allows retrieving all credentials
Ecosystems: maven
Packages: org.conjur.jenkins:conjur-credentials
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS05M3A2LTljeHYtNXJwcc4AA4Rr
juzawebCMS Incorrect Access Control vulnerability
Ecosystems: packagist
Packages: juzaweb/cms
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS0ydzR4LXJ4cDctZ3JnN83mjg
Exposure of Sensitive Information to an Unauthorized Actor in Jenkins
Ecosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS01Z3doLXI3NnctOTM0aM4AA4SI
Qualys Jenkins Plugin for WAS XML External Entity vulnerability
Ecosystems: maven
Packages: com.qualys.plugins:qualys-was
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS1yNjhtLXdxM3gtMmhxd84AAWdc
OpenTSDB Cross-site Scripting vulnerability
Ecosystems: maven
Packages: net.opentsdb:opentsdb
Source: GitHub Advisory Database
Blast Radius: 13.7
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1tcDQ2LTd4NnEtZjI4bc4AAohX
Woocommerce Cross-site Scripting via Additional tax classes field when taxes are enabled
Ecosystems: packagist
Packages: woocommerce/woocommerce
Source: GitHub Advisory Database
Blast Radius: 10.4
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS0zcHI4LXJmNjItZzg5M84AATfw
Path Traversal in Jenkins
Ecosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS00amgzLTZqaHYtMm1ncM4AA4Tj
react-native-mmkv Insertion of Sensitive Information into Log File vulnerability
Ecosystems: npm
Packages: react-native-mmkv
Source: GitHub Advisory Database
Blast Radius: 11.9
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS0zcDc1LXE1Y2MtcW1qN84AA34_
Keycloak Open Redirect vulnerability
Ecosystems: maven
Packages: org.keycloak:keycloak-parent
Source: GitHub Advisory Database
Blast Radius: 7.4
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS1wdmNyLXY4ajgtajVxM84AA4So
Parsing JSON serialized payload without protected field can lead to segfault
Ecosystems: go
Packages: github.com/lestrrat-go/jwx, github.com/lestrrat-go/jwx/v2
Source: GitHub Advisory Database
Blast Radius: 14.9
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS12bXE5LWNtN20tNHA4cM4AAU4e
Improper Neutralization of Input During Web Page Generation in Dojo Dojo Objective Harness
Ecosystems: maven
Packages: org.dojotoolkit:dojo
Source: GitHub Advisory Database
Blast Radius: 8.3
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1tZ2czLXY5NDgtMnZncs4AAjcg
Magento stored cross-site scripting vulnerability
Ecosystems: packagist
Packages: magento/core, magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 6.6
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS12MjVjLTgzNDktdjJxM84AArk5
Incorrect Authorization in thinkcmf
Ecosystems: packagist
Packages: thinkcmf/thinkcmf
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS00djM3LTI0Z20taDU1NM0vgg
Cross-Site Request Forgery (CSRF) Protection Bypass Vulnerability in CodeIgniter4
Ecosystems: packagist
Packages: codeigniter4/framework
Source: GitHub Advisory Database
Blast Radius: 21.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS01OWo3LWdocmctZmo1Ms4AA4Tk
Microsoft ASP.NET Core project templates vulnerable to denial of service
Ecosystems: nuget
Packages: Microsoft.IdentityModel.JsonWebTokens, System.IdentityModel.Tokens.Jwt
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS1qamc5LW1mNjMtdnFycM4AAZ9F
Cross-site scripting in yui 2.4.0
Ecosystems: npm
Packages: yui2
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS05amM1LTl3aDUtbWMzNs4AAv4G
Concrete CMS vulnerable to Cross-site Scripting
Ecosystems: packagist
Packages: concrete5/concrete5
Source: GitHub Advisory Database
Blast Radius: 4.1
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS0ydzJ4LTdxZ2otNHg3OM4AAlJ8
Magento stored cross-site scripting vulnerability
Ecosystems: packagist
Packages: magento/core, magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 6.6
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1ncm1nLTVxNDktbXFtZs4AAUUF
Jenkins Crowd 2 Integration Plugin server-side request forgery vulnerability
Ecosystems: maven
Packages: org.jenkins-ci.plugins:crowd2
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1yZzZ3LWMzNTItcDhwZ84AAv4o
Concrete CMS vulnerable to Reflected Cross-site Scripting
Ecosystems: packagist
Packages: concrete5/concrete5
Source: GitHub Advisory Database
Blast Radius: 5.2
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS02NjdxLXZqNTgtcmo4OM4AATf_
Exposure of Sensitive Information to an Unauthorized Actor in Jenkins
Ecosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1ocDd4LTI4MnAtaGhyOc4AAWPF
Jenkins TraceTronic ECU-TEST Plugin server-side request forgery vulnerability
Ecosystems: maven
Packages: de.tracetronic.jenkins.plugins:ecutest
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS04N3BqLTlxODItbTlxaM4AAQ7n
GitHub Authentication Plugin showed plain text client secret in configuration form
Ecosystems: maven
Packages: org.jenkins-ci.plugins:github-oauth
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1maDV2LTVmMzUtMnJ2Ms0zsQ
Insertion of Sensitive Information into Log File in ansible
Ecosystems: pypi
Packages: ansible
Source: GitHub Advisory Database
Blast Radius: 22.9
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS03Mmd2LXFxcnAtaDlxZ830rg
Moodle Users Can Bypass Deleted Status
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1wNTVtLWc0bTMtcW1ycM4AAv9X
Cross-site Scripting in librenms/librenms
Ecosystems: packagist
Packages: librenms/librenms
Source: GitHub Advisory Database
Blast Radius: 1.4
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1yN3FwLWNmaHYtcDg0d84AAv_b
Uncaught exception in engine.io
Ecosystems: npm
Packages: engine.io
Source: GitHub Advisory Database
Blast Radius: 39.5
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1qaDR4LTR3bWYtNjdwcs4AAfNX
Zend Framework XEE Vulnerability
Ecosystems: packagist
Packages: zendframework/zendframework1
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS13M3I0LXZ4OXctZjdwN84AATQb
Jenkins Job Config History Plugin reflected XSS vulnerability
Ecosystems: maven
Packages: org.jenkins-ci.plugins:jobConfigHistory
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS0yaHA0LThoNmgtOTNycs4AAein
Typo3 Backend History Module Vulnerable to XSS
Ecosystems: packagist
Packages: typo3/cms
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1wOXdnLWp2ajQtY3gyNs4AAaFd
Typo3 Install Tool XSS Vulnerability
Ecosystems: packagist
Packages: typo3/cms
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS05bTV2LXZxNGYtbXJ2Zs4AAfNp
Zend Framework XXE Vulnerability
Ecosystems: packagist
Packages: zendframework/zendframework1
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1tY3F4LXdjMmotcXg5ds4AAQ7o
GitHub Authentication Plugin session fixation vulnerability
Ecosystems: maven
Packages: org.jenkins-ci.plugins:github-oauth
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1xZnIzLTI5dzYtaHdwZ84AAaKM
Typo3 Exception Handler XSS
Ecosystems: packagist
Packages: typo3/cms
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS14OGg0LXhmNDctcHFjM84AAU0a
OpenStack Keystone Token authorization for a user in a disabled tenant is allowed
Ecosystems: pypi
Packages: Keystone
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Statistics
Advisories: 18,471
Packages: 8,321
Repositories: 5,042
Ecosystems: 12
Filter by Severity
Moderate 7,980 High 6,390 Critical 2,818 Low 992
Filter by Ecosystem
maven 5,538 packagist 3,825 pypi 3,766 npm 3,557 go 1,905 nuget 1,391 rubygems 815 cargo 780 swift 31 hex 30 actions 16 pub 8
Filter by Package
tensorflow 432 tensorflow-cpu 387 tensorflow-gpu 384 moodle/moodle 323 Microsoft.ChakraCore 247 org.jenkins-ci.main:jenkins-core 189 magento/community-edition 182 org.apache.tomcat:tomcat 134 pimcore/pimcore 116 dolibarr/dolibarr 107 typo3/cms 102 phpmyadmin/phpmyadmin 92 microweber/microweber 91 django 80 apache-airflow 78 drupal/core 76 typo3/cms-core 73 thorsten/phpmyfaq 70 com.fasterxml.jackson.core:jackson-databind 69 ansible 63 drupal/drupal 61 github.com/usememos/memos 59 actionpack 57 org.apache.struts:struts2-core 55 librenms/librenms 54 symfony/symfony 53 salt 53 Plone 52 concrete5/concrete5 52 apache-superset 49 shopware/platform 48 org.keycloak:keycloak-core 47 com.liferay.portal:release.portal.bom 45 plone 43 nokogiri 43 baserproject/basercms 43 rdiffweb 42 Pillow 41 intelliants/subrion 40 craftcms/cms 40 showdoc/showdoc 40 vyper 38 github.com/mattermost/mattermost/server/v8 38 nilsteampassnet/teampass 37 github.com/mattermost/mattermost-server/v6 37 froxlor/froxlor 37 com.thoughtworks.xstream:xstream 36 shopware/core 36 org.apache.tomcat.embed:tomcat-embed-core 36 com.jfinal:jfinal 36 matrix-synapse 35 net.mingsoft:ms-mcms 35 org.xwiki.platform:xwiki-platform-oldcore 34 github.com/answerdev/answer 34 org.jenkins-ci.plugins:script-security 32 k8s.io/kubernetes 32 org.elasticsearch:elasticsearch 32 snipe/snipe-it 32 silverstripe/framework 32 mlflow 31 opencv-python 30 opencv-contrib-python 30 Django 30 github.com/argoproj/argo-cd 29 parse-server 29 mautic/core 29 github.com/hashicorp/vault 28 github.com/rancher/rancher 28 github.com/grafana/grafana 28 getgrav/grav 28 io.undertow:undertow-core 27 org.keycloak:keycloak-services 27 centreon/centreon 27 shopware/shopware 27 electron 26 github.com/hashicorp/nomad 26 openssl-src 26 github.com/hashicorp/consul 26 org.keycloak:keycloak-parent 25 moin 25 rubygems-update 25 org.apache.solr:solr-core 25 prestashop/prestashop 24 gogs.io/gogs 24 magento/core 24 github.com/argoproj/argo-cd/v2 23 org.eclipse.jetty:jetty-server 23 pocketmine/pocketmine-mp 23 remdex/livehelperchat 23 puppet 23 org.springframework.security:spring-security-core 23 ckb 22 rack 22 getkirby/cms 22 org.apache.nifi:nifi 22 grumpydictator/firefly-iii 22 @openzeppelin/contracts-upgradeable 21 contao/core-bundle 21 org.apache.openmeetings:openmeetings-parent 21 activerecord 21 github.com/cilium/cilium 20 org.cloudfoundry.identity:cloudfoundry-identity-server 20 @openzeppelin/contracts 20 github.com/ethereum/go-ethereum 20 tribalsystems/zenario 20 org.bouncycastle:bcprov-jdk14 19 keystone 19 DotNetNuke.Core 19 code.gitea.io/gitea 19 github.com/docker/docker 19 org.springframework:spring-core 19 forkcms/forkcms 18 helm.sh/helm/v3 18 com.liferay.portal:release.dxp.bom 18 com.vaadin:vaadin-bom 18 langchain 18 directus 18 simplesamlphp/simplesamlphp 18 contao/contao 18 cockpit-hq/cockpit 17 nova 17 cakephp/cakephp 17 PaddlePaddle 17 topthink/framework 17 francoisjacquet/rosariosis 17 cobbler 17 mercurial 17 org.apache.geode:geode-core 17 symfony/security 17 genix/cms 17 org.xwiki.platform:xwiki-platform-web-templates 17 golang.org/x/net 17 Microsoft.AspNetCore.App.Runtime.win-x64 17 Microsoft.AspNetCore.App.Runtime.win-x86 17 Microsoft.AspNetCore.App.Runtime.win-arm 16 org.apache.activemq:activemq-client 16 rusqlite 16 org.bouncycastle:bcprov-jdk15 16 wasmtime 16 pillow 16 yetiforce/yetiforce-crm 16 org.apache.dubbo:dubbo 16 sequelize 16 org.apache.struts.xwork:xwork-core 15 notebook 15 gradio 15 Microsoft.AspNetCore.App.Runtime.linux-arm 15 Microsoft.AspNetCore.App.Runtime.linux-arm64 15 Microsoft.AspNetCore.App.Runtime.linux-musl-x64 15 Microsoft.AspNetCore.App.Runtime.linux-x64 15 Microsoft.AspNetCore.App.Runtime.osx-x64 15 org.apache.jspwiki:jspwiki-main 15 paddlepaddle 15 github.com/goharbor/harbor 15 openmage/magento-lts 15 cryptography 15 next 15 smarty/smarty 14 ezsystems/ezpublish-kernel 14 Microsoft.AspNetCore.App.Runtime.linux-musl-arm64 14 org.apache.inlong:manager-pojo 14 ghost 14 ec-cube/ec-cube 14 phpmailer/phpmailer 14 symfony/security-http 14 swagger-ui 14 modoboa 14 org.xwiki.platform:xwiki-platform-web 14 typo3/cms-backend 14 publify_core 14 zendframework/zendframework1 14 activesupport 14 pyftpdlib 14 pyload-ng 14 tinymce 14 Microsoft.AspNetCore.App.Runtime.win-arm64 14 lavalite/cms 13 org.apache.hadoop:hadoop-main 13 strapi 13 ckeditor4 13 october/system 13 joplin 13 elefant/cms 13 github.com/nats-io/nats-server/v2 13 impresscms/impresscms 13 github.com/mattermost/mattermost-server 13 bolt/bolt 13 neutron 13 github.com/traefik/traefik/v2 13 passenger 13 github.com/containerd/containerd 13 codeigniter4/framework 13 org.apache.cxf:cxf 13 sylius/sylius 12 undici 12 vantage6 12 Microsoft.NETCore.App.Runtime.win-arm64 12 deno 12 org.jenkins-ci.plugins:git 12 github.com/opencontainers/runc 12
Filter by Repository
https://github.com/tensorflow/tensorflow 432 https://github.com/chakra-core/ChakraCore 214 https://github.com/moodle/moodle 210 https://github.com/xwiki/xwiki-platform 172 https://github.com/jenkinsci/jenkins 148 https://github.com/pimcore/pimcore 111 https://github.com/apache/tomcat 96 https://github.com/apache/airflow 90 https://github.com/django/django 87 https://github.com/microweber/microweber 85 https://github.com/FasterXML/jackson-databind 70 https://github.com/thorsten/phpmyfaq 69 https://github.com/keycloak/keycloak 59 https://github.com/usememos/memos 59 https://github.com/Dolibarr/dolibarr 55 https://github.com/rails/rails 53 https://github.com/ansible/ansible 53 https://github.com/python-pillow/Pillow 52 https://github.com/kubernetes/kubernetes 48 https://github.com/symfony/symfony 47 https://github.com/apache/struts 46 https://github.com/librenms/librenms 46 https://github.com/shopware/platform 43 https://github.com/TYPO3/typo3 42 https://github.com/ikus060/rdiffweb 42 https://github.com/spring-projects/spring-framework 41 https://github.com/star7th/showdoc 38 https://github.com/vyperlang/vyper 38 https://github.com/phpmyadmin/phpmyadmin 38 https://github.com/plone/Products.CMFPlone 37 https://github.com/argoproj/argo-cd 37 https://github.com/x-stream/xstream 36 https://github.com/concretecms/concretecms 34 https://github.com/answerdev/answer 34 https://github.com/apache/activemq 33 https://github.com/octobercms/october 33 https://github.com/saltstack/salt 32 https://github.com/matrix-org/synapse 32 https://github.com/sparklemotion/nokogiri 32 https://github.com/go-gitea/gitea 31 https://github.com/PaddlePaddle/Paddle 31 https://github.com/magento/magento2 31 https://github.com/parse-community/parse-server 29 https://github.com/craftcms/cms 29 https://github.com/opencv/opencv 28 https://github.com/CVEProject/cvelist 28 https://github.com/snipe/snipe-it 28 https://github.com/mautic/mautic 27 https://github.com/apache/inlong 26 https://github.com/froxlor/froxlor 26 https://github.com/electron/electron 25 https://github.com/mlflow/mlflow 25 https://github.com/rancher/rancher 25 https://github.com/TYPO3/TYPO3.CMS 24 https://github.com/shopware/shopware 24 https://github.com/livehelperchat/livehelperchat 23 https://github.com/eclipse/jetty.project 23 https://github.com/dotnet/runtime 23 https://github.com/pmmp/PocketMine-MP 23 https://github.com/github/advisory-database 23 https://github.com/getgrav/grav 23 https://github.com/firefly-iii/firefly-iii 22 https://github.com/baserproject/basercms 22 https://github.com/nervosnetwork/ckb 22 https://github.com/contao/contao 22 https://github.com/grafana/grafana 22 https://github.com/jenkinsci/script-security-plugin 21 https://github.com/strapi/strapi 21 https://github.com/apache/nifi 21 https://github.com/gogs/gogs 20 https://github.com/netty/netty 20 https://github.com/OpenNMS/opennms 20 https://github.com/OpenZeppelin/openzeppelin-contracts 20 https://github.com/cilium/cilium 20 https://github.com/PrestaShop/PrestaShop 20 https://github.com/jeecgboot/jeecg-boot 20 https://github.com/bcgit/bc-java 19 https://github.com/helm/helm 19 https://github.com/cloudfoundry/uaa 19 https://github.com/hashicorp/consul 19 https://github.com/apache/cxf 19 https://github.com/nilsteampassnet/teampass 19 https://github.com/intelliants/subrion 19 https://github.com/nilsteampassnet/TeamPass 18 https://github.com/getkirby/kirby 18 https://github.com/rubygems/rubygems 18 https://github.com/openstack/keystone 17 https://github.com/vaadin/platform 17 https://github.com/bytecodealliance/wasmtime 17 https://github.com/directus/directus 17 https://github.com/rack/rack 17 https://github.com/liufee/cms 17 https://github.com/rusqlite/rusqlite 16 https://github.com/umbraco/Umbraco-CMS 16 https://github.com/opencast/opencast 16 https://github.com/ethereum/go-ethereum 16 https://github.com/sequelize/sequelize 16 https://github.com/yetiforcecompany/yetiforcecrm 16 https://github.com/forkcms/forkcms 16 https://github.com/etcd-io/etcd 16 https://github.com/hashicorp/vault 16 https://github.com/denoland/deno 15 https://github.com/centreon/centreon 15 https://github.com/geoserver/geoserver 15 https://github.com/simplesamlphp/simplesamlphp 15 https://github.com/puppetlabs/puppet 15 https://github.com/OpenMage/magento-lts 15 https://github.com/apache/camel 15 https://github.com/goharbor/harbor 15 https://github.com/langchain-ai/langchain 14 https://github.com/cobbler/cobbler 14 https://github.com/mattermost/mattermost 14 https://github.com/pyload/pyload 14 https://github.com/moby/moby 14 https://github.com/pyca/cryptography 14 https://github.com/vantage6/vantage6 14 https://github.com/tinymce/tinymce 14 https://github.com/cockpit-hq/cockpit 14 https://github.com/gradio-app/gradio 14 https://github.com/PHPMailer/PHPMailer 14 https://github.com/dompdf/dompdf 13 https://github.com/ming-soft/MCMS 13 https://github.com/traefik/traefik 13 https://github.com/xuxueli/xxl-job 13 https://github.com/modoboa/modoboa 13 https://github.com/quarkusio/quarkus 13 https://github.com/undertow-io/undertow 13 https://github.com/hashicorp/nomad 13 https://github.com/swagger-api/swagger-ui 13 https://github.com/golang/go 13 https://github.com/publify/publify 13 https://github.com/silverstripe/silverstripe-framework 13 https://github.com/containerd/containerd 13 https://github.com/laurent22/joplin 12 https://github.com/apache/dolphinscheduler 12 https://github.com/apache/kylin 12 https://github.com/nodejs/undici 12 https://github.com/ckeditor/ckeditor4 12 https://github.com/centreon/centreon-archived 12 https://github.com/twisted/twisted 12 https://github.com/dromara/hutool 12 https://github.com/patriksimek/vm2 12 https://github.com/TryGhost/Ghost 12 https://github.com/backstage/backstage 12 https://github.com/openfga/openfga 11 https://github.com/aio-libs/aiohttp 11 https://github.com/janeczku/calibre-web 11 https://github.com/containers/podman 11 https://github.com/top-think/framework 11 https://github.com/puma/puma 11 https://github.com/1Panel-dev/1Panel 11 https://github.com/NodeBB/NodeBB 11 https://github.com/vercel/next.js 11 https://github.com/cloudflare/cfrpki 11 https://github.com/drupal/core 11 https://github.com/opencontainers/runc 11 https://github.com/igniterealtime/Openfire 11 https://github.com/cakephp/cakephp 11 https://github.com/thorsten/phpMyFAQ 11 https://github.com/jquery/jquery 11 https://github.com/smarty-php/smarty 11 https://github.com/onionshare/onionshare 11 https://github.com/Studio-42/elFinder 11 https://github.com/urllib3/urllib3 11 https://github.com/zitadel/zitadel 11 https://github.com/vaadin/flow 11 https://github.com/ezsystems/ezpublish-kernel 10 https://github.com/jenkinsci/git-plugin 10 https://github.com/nextauthjs/next-auth 10 https://github.com/dpgaspar/Flask-AppBuilder 10 https://github.com/OPCFoundation/UA-.NETStandard 10 https://github.com/nocodb/nocodb 10 https://github.com/WWBN/AVideo 10 https://github.com/wagtail/wagtail 10 https://github.com/jupyter/notebook 10 https://github.com/phusion/passenger 10 https://github.com/dotnet/aspnetcore 10 https://github.com/nats-io/nats-server 10 https://github.com/Sylius/Sylius 10 https://github.com/greenpau/caddy-security 10 https://github.com/pimcore/admin-ui-classic-bundle 10 https://github.com/dolibarr/dolibarr 10 https://github.com/zopefoundation/Zope 10 https://github.com/keystonejs/keystone 10 https://github.com/codeigniter4/CodeIgniter4 10 https://github.com/rails/rails-html-sanitizer 9 https://github.com/faucetsdn/ryu 9 https://github.com/Graylog2/graylog2-server 9 https://github.com/ethyca/fides 9 https://github.com/openstack/nova 9 https://github.com/apache/lucene-solr 9 https://github.com/kevinpapst/kimai2 9 https://github.com/giampaolo/pyftpdlib 9 https://github.com/evershopcommerce/evershop 9 https://github.com/alextselegidis/easyappointments 9 https://github.com/cosmos/cosmos-sdk 9 https://github.com/spring-projects/spring-security 9 https://github.com/fatfreecrm/fat_free_crm 9 https://github.com/nautobot/nautobot 9