Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories

Loading...
Moderate
GSA_kwCzR0hTQS14NDU0LTcyZngtNjlxM84AAgZE
Missing permission check in Jenkins SSH Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:ssh
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXg2bWotdzRqZi1qbWd3
Server Side Request Forgery (SSRF) in Kubernetes
Ecosystems: go
Packages: k8s.io/kubernetes
Source: GitHub Advisory Database
Blast Radius: 27.1
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS14NmdtLXFxd3AtNzZncs4AAgZ2
External Control of Assumed-Immutable Web Parameter in moodle
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 7.5
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS01M2ptLTNoYzktZnFxY84AAvAA
Apache Batik vulnerable to Server-Side Request Forgery
Ecosystems: maven
Packages: org.apache.xmlgraphics:batik
Source: GitHub Advisory Database
Blast Radius: 4.1
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1qeDd4LTlyOTgtaDV4cs4AA68u
OpenStack magnum vulnerable to time-of-check to time-of-use (TOCTOU) attack
Ecosystems: pypi
Packages: magnum
Source: GitHub Advisory Database
Blast Radius: 8.2
Published: 22 days ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXdndzMtZ2Y0cC02Mnhj
Command Injection in wizard-syncronizer
Ecosystems: npm
Packages: wizard-syncronizer
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Moderate
GSA_kwCzR0hTQS02MndoLW00anItMjMzcs4AAtoK
Moodle LTI module reflected XSS risk
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 8.6
Published: almost 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXY2d3ItZmNoMi12bTV3
OrientDB Server Community Edition uses insufficiently random values to generate session IDs
Ecosystems: maven
Packages: com.orientechnologies:orientdb-server
Source: GitHub Advisory Database
Blast Radius: 13.0
Published: over 5 years ago
Moderate
GSA_kwCzR0hTQS00Z3doLTJwcXgtZjVjY80Ywg
Cross-site Scripting in LibreNMS
Ecosystems: packagist
Packages: librenms/librenms
Source: GitHub Advisory Database
Blast Radius: 1.8
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1ycTk2LXFoYzUtdm00cs0dDw
Exposure of Sensitive Information to an Unauthorized Actor in Apache NiFi
Ecosystems: maven
Packages: org.apache.nifi:nifi
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJmN3EteHFtMy02OTIz
Apache Ranger allows remote authenticated administrators to inject arbitrary web script or HTML
Ecosystems: maven
Packages: org.apache.ranger:ranger
Source: GitHub Advisory Database
Blast Radius: 1.4
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZoeGMtOGpqcS04NTlq
Moderate severity vulnerability that affects org.apache.ranger:ranger
Ecosystems: maven
Packages: org.apache.ranger:ranger
Source: GitHub Advisory Database
Blast Radius: 2.0
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZjdzgtN2o2Yy1oY2Nw
Moderate severity vulnerability that affects io.vertx:vertx-core
Ecosystems: maven
Packages: io.vertx:vertx-core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 5 years ago
Moderate
GSA_kwCzR0hTQS0yMjU5LWg3NDItNXZyNM4AAofi
JBoss EJB Client information disclosure vulnerability
Ecosystems: maven
Packages: org.jboss:jboss-ejb-client
Source: GitHub Advisory Database
Blast Radius: 10.4
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS12MjRwLTdwNGotcXZ2Zs4AA6y5
Contao: Cross site scripting in the file manager
Ecosystems: packagist
Packages: contao/core-bundle
Source: GitHub Advisory Database
Blast Radius: 17.7
Published: 25 days ago
Moderate
GSA_kwCzR0hTQS03aDQ4LW0zcnctdnIyN84AAft6
Spree does not properly restrict the use of a hash to provide values for a model's attributes
Ecosystems: rubygems
Packages: spree
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTRqaHctMnA2ai01d21w
Open Redirection in Login Handling
Ecosystems: packagist
Packages: typo3/cms, typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 21.9
Published: about 3 years ago
Moderate
GSA_kwCzR0hTQS1mcmhjLTlod2MteDdqM830Iw
Moodle allows attackers to obtain sensitive information
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1tbTlxLTM4NDctbTQ4eM30Rg
Moodle allows attackers to enter additional answer attempts
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 7.6
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1nNDY2LTU3Z2gtY3Fmd84AAfty
Spree uses a hardcoded hash value
Ecosystems: rubygems
Packages: spree
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS0yM2N2LWpoNHYtdmZmbc4AAjRA
Denial of service in ASP.NET Core
Ecosystems: nuget
Packages: Microsoft.AspNetCore.App.Runtime.win-x86, Microsoft.AspNetCore.App.Runtime.win-x64, Microsoft.AspNetCore.App.Runtime.win-arm, Microsoft.AspNetCore.App.Runtime.osx-x64, Microsoft.AspNetCore.App.Runtime.linux-x64, Microsoft.AspNetCore.App.Runtime.linux-musl-x64, Microsoft.AspNetCore.App.Runtime.linux-arm64, Microsoft.AspNetCore.App.Runtime.linux-arm, Microsoft.AspNetCore.Http.Connections, Microsoft.AspNetCore.App, Microsoft.AspNetCore.All
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS14Zzh2LW0ybWgtNDVtNs4AA6qV
PsiTransfer: Violation of the integrity of file distribution
Ecosystems: npm
Packages: psitransfer
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 29 days ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWM1M3gtd3d4Mi1wZzk2
Cross-Site Scripting in @berslucas/liljs
Ecosystems: npm
Packages: @berslucas/liljs
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 3 years ago
Moderate
GSA_kwCzR0hTQS04aDhwLXgyODktdnZxcs0pyQ
Gitea displaying raw OpenID error in UI
Ecosystems: go
Packages: github.com/go-gitea/gitea
Source: GitHub Advisory Database
Blast Radius: 8.5
Published: about 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTQzZ2MtbWp4Zy1ndnJx
XStream is vulnerable to an Arbitrary Code Execution attack
Ecosystems: maven
Packages: com.thoughtworks.xstream:xstream
Source: GitHub Advisory Database
Blast Radius: 23.4
Published: about 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWY2aG0tODh4My1tZmp2
A Server-Side Forgery Request can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host
Ecosystems: maven
Packages: com.thoughtworks.xstream:xstream
Source: GitHub Advisory Database
Blast Radius: 26.9
Published: about 3 years ago
Moderate
GSA_kwCzR0hTQS04NzZjLXFtY2YtY3h2Ns3UmQ
MoinMoin Exposure of Sensitive Disclosure when GATEWAY_INTERFACE variable is set
Ecosystems: pypi
Packages: moin
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXc2ZzMtdjQ2cS01cDI4
Moderate severity vulnerability that affects org.apache.tika:tika-core
Ecosystems: maven
Packages: org.apache.tika:tika-core
Source: GitHub Advisory Database
Blast Radius: 22.3
Published: over 5 years ago
Moderate
GSA_kwCzR0hTQS1wd2djLXc0eDktZ3c2N84AA7vS
changedetection.io Cross-site Scripting vulnerability
Ecosystems: pypi
Packages: changedetection.io
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 16 hours ago
Moderate
GSA_kwCzR0hTQS04am1qLTRwMzItbWM5cM4AAhK7
infusionsoft-php-sdk reflected Cross-site Scripting
Ecosystems: packagist
Packages: novaksolutions/infusionsoft-php-sdk
Source: GitHub Advisory Database
Blast Radius: 5.8
Published: almost 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXA2OTktM3dnYy03aDcy
org.apache.tika:tika-parsers has an Infinite Loop vulnerability
Ecosystems: maven
Packages: org.apache.tika:tika-parsers
Source: GitHub Advisory Database
Blast Radius: 20.1
Published: over 5 years ago
Moderate
GSA_kwCzR0hTQS12ODdxLXJwd3AtcXI3cc4AAwCz
Jeecg-boot vulnerable to SQL Injection
Ecosystems: maven
Packages: org.jeecgframework.boot:jeecg-boot-common
Source: GitHub Advisory Database
Blast Radius: 8.8
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS0yNWd2LW12bTctNWgzaM4AAwC0
Jeecg-boot vulnerable to SQL injection via /sys/user/putRecycleBin
Ecosystems: maven
Packages: org.jeecgframework.boot:jeecg-boot-common
Source: GitHub Advisory Database
Blast Radius: 8.8
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1xeDNwLTltbXAtNHY4aM4AAmy-
Wildfly has a memory leak vulnerability
Ecosystems: maven
Packages: org.wildfly:wildfly-parent
Source: GitHub Advisory Database
Blast Radius: 10.7
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1jNXh2LXFjOHAtbWgyds4AAu_9
Apache Batik Server-Side Request Forgery
Ecosystems: maven
Packages: org.apache.xmlgraphics:batik
Source: GitHub Advisory Database
Blast Radius: 4.1
Published: over 1 year ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTltcnYtNDU2di1wZjIy
Cross-site Scripting in vis-timeline
Ecosystems: npm
Packages: vis-timeline
Source: GitHub Advisory Database
Blast Radius: 17.2
Published: about 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTg2d2YtNDM2bS1oNDI0
Resource Exhaustion Denial of Service in http-proxy-agent
Ecosystems: npm
Packages: http-proxy-agent
Source: GitHub Advisory Database
Blast Radius: 60.4
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1mNXgzLTMyZzYteHEzNs4AA6O0
Denial of service while parsing a tar file due to lack of folders count validation
Ecosystems: npm
Packages: tar, node-tar
Source: GitHub Advisory Database
Blast Radius: 42.3
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS1yOTY5LTc4M2YtNmpxcs4AA5Wp
Improper Neutralization of HTTP Headers in github.com/greenpau/caddy-security
Ecosystems: go
Packages: github.com/greenpau/caddy-security
Source: GitHub Advisory Database
Blast Radius: 2.1
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS1mcXJnLXZtdmotanYzeM30Sw
Moodle allows attackers obtain full-name information
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS01aDd4LTY4d2otamh3Y84AAoCk
Docsify vulnerable to cross-site scripting due to mishandled encoding
Ecosystems: npm
Packages: docsify
Source: GitHub Advisory Database
Blast Radius: 20.7
Published: almost 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTd4ZnAtOWM1NS01dnFq
Remote Memory Exposure in request
Ecosystems: npm
Packages: request
Source: GitHub Advisory Database
Blast Radius: 35.0
Published: over 5 years ago
Moderate
GSA_kwCzR0hTQS1tajN4LXdwcnAtbXZqOc3KPQ
Buildbot Multiple cross-site scripting (XSS) vulnerabilities
Ecosystems: pypi
Packages: buildbot
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS04aHAzLXJtcjcteGg4OM4AA5Wv
Open Redirect in github.com/greenpau/caddy-security
Ecosystems: go
Packages: github.com/greenpau/caddy-security
Source: GitHub Advisory Database
Blast Radius: 2.6
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS1tdjI2LWN4MjMtdnJmZ80p0A
Server-Side Request Forgery in @peertube/embed-api
Ecosystems: npm
Packages: @peertube/embed-api
Source: GitHub Advisory Database
Blast Radius: 4.5
Published: about 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLThxZmMtY3ZqcC1tZ3Bx
Moderate severity vulnerability that affects org.apache.ignite:ignite-core
Ecosystems: maven
Packages: org.apache.ignite:ignite-core
Source: GitHub Advisory Database
Blast Radius: 17.0
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTltNmotZmNnNS0yNDQy
Path traversal in url-parse
Ecosystems: npm
Packages: url-parse
Source: GitHub Advisory Database
Blast Radius: 34.0
Published: almost 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWNmamgtcDNnNC0zcTJm
VBScript Content Injection in marked
Ecosystems: npm
Packages: marked
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 6 years ago
Moderate
GSA_kwCzR0hTQS1xM3A0LXYyY20tcTk0Nc4AAzWk
Pimcore Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: pimcore/pimcore
Source: GitHub Advisory Database
Blast Radius: 13.4
Published: 12 months ago
Moderate
GSA_kwCzR0hTQS13cGc4LW1mNmgtZ205Ms4AA11i
Apache Airflow Incorrect Authorization vulnerability
Ecosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Blast Radius: 13.7
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS03NDk2LWZndjkteHc4Ms4AA5Zq
Unencrypted ingress/health traffic when using Wireguard transparent encryption
Ecosystems: go
Packages: github.com/cilium/cilium
Source: GitHub Advisory Database
Blast Radius: 12.3
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS1xY2NoLTkyNjgtNTlqd84AAldN
Wildfly EJB Client causes DoS
Ecosystems: maven
Packages: org.jboss:jboss-ejb-client
Source: GitHub Advisory Database
Blast Radius: 15.7
Published: almost 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXF3OTYtbW0yZy1jOG03
Next.js has cross site scripting (XSS) vulnerability via the 404 or 500 /_error page
Ecosystems: npm
Packages: next
Source: GitHub Advisory Database
Blast Radius: 33.8
Published: over 5 years ago
Moderate
GSA_kwCzR0hTQS1nZ3A1LTI4eDQteGNqOc4AA6wX
Minder GetRepositoryByName data leak
Ecosystems: go
Packages: github.com/stacklok/minder
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 25 days ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTY4M3ctNmg5ai01N3dx
Moderate severity vulnerability that affects org.owasp.antisamy:antisamy
Ecosystems: maven
Packages: org.owasp.antisamy:antisamy
Source: GitHub Advisory Database
Blast Radius: 16.2
Published: over 5 years ago
Moderate
GSA_kwCzR0hTQS1yNHI2LWoyajMtN3BwNc4AA6wW
Contao: Remember-me tokens will not be cleared after a password change
Ecosystems: packagist
Packages: contao/core-bundle
Source: GitHub Advisory Database
Blast Radius: 19.4
Published: 25 days ago
Moderate
GSA_kwCzR0hTQS03NTV2LXI0eDQtcWY3bc4AAwFM
Stored Cross-Site Scripting (XSS) in Keycloak via groups dropdown
Ecosystems: maven
Packages: org.keycloak:keycloak-core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1qNTlqLWgzZzctY3BtZs2z1Q
Roundup xml-rpc server improper check of property permissions
Ecosystems: pypi
Packages: roundup
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTlneHItcmh4Ni00amd2
Sandbox Breakout / Prototype Pollution in notevil
Ecosystems: npm
Packages: notevil
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Moderate
GSA_kwCzR0hTQS1qcm02LWg5Y3EtOGdxd84AA0KZ
PyPDF2 quadratic runtime with malformed PDF missing xref marker
Ecosystems: pypi
Packages: PyPDF2
Source: GitHub Advisory Database
Blast Radius: 19.9
Published: 10 months ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXhjcm0tcXBwOC1oY3c0
Moderate severity vulnerability that affects org.apache.struts:struts2-rest-plugin
Ecosystems: maven
Packages: org.apache.struts:struts2-rest-plugin
Source: GitHub Advisory Database
Blast Radius: 14.4
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXY3Nm0tZjVjeC04cmc0
Moderate severity vulnerability that affects DotNetNuke.Core
Ecosystems: nuget
Packages: DotNetNuke.Core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTk2NTItNzhocC13NThj
Stored cross-site scripting in PressBooks
Ecosystems: packagist
Packages: pressbooks/pressbooks
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: about 3 years ago
Moderate
GSA_kwCzR0hTQS00OXc3LTVyMzMtam05bc4AA5ok
http-swagger XSS via PUT requests
Ecosystems: go
Packages: github.com/swaggo/http-swagger
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS02cHFtLXBwNjUtbWMyNs4AAq6W
Jenkins Gem Publisher Plugin stores credentials as plaintext
Ecosystems: maven
Packages: net.arangamani.jenkins:gem-publisher
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1nZjd4LTJqMngtN2Y3M80p1A
Missing authorization in xwiki-platform
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-oldcore
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZ3N2ctanE5bS0zcTl2
Unauthorized File Access in glance
Ecosystems: npm
Packages: glance
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWY4aDMtcnFybS00N3Y5
Prototype Pollution in smart-extend
Ecosystems: npm
Packages: smart-extend
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Moderate
GSA_kwCzR0hTQS1jM3F2LW1mOGgtNDM0cs2z1g
Roundup vulnerability related to Cross-site scripting (XSS)
Ecosystems: pypi
Packages: roundup
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS12ODRqLXZoN3gtZzdqNs4AAiII
Joomla! XSS in Default Templates
Ecosystems: packagist
Packages: joomla/joomla-cms
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWp3M3YtNWNoMi13Zm1t
Wildfly logs plaintext passwords
Ecosystems: maven
Packages: org.wildfly:wildfly-parent
Source: GitHub Advisory Database
Blast Radius: 9.6
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS0zZmp2LThyODItNnhtOc4AA1ak
Jenkins Fortify Plugin cross-site request forgery vulnerability
Ecosystems: maven
Packages: org.jenkins-ci.plugins:fortify
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 9 months ago
Moderate
GSA_kwCzR0hTQS05cHY3LXZmdm0tNnZyN84AA19X
graphql Uncontrolled Resource Consumption vulnerability
Ecosystems: npm
Packages: graphql
Source: GitHub Advisory Database
Blast Radius: 29.8
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS00NGNtLXA5cTctcnIzcM4AAmCw
Missing permission check in Jenkins Liquibase Runner Plugin allows enumerating credentials IDs
Ecosystems: maven
Packages: org.jenkins-ci.plugins:liquibase-runner
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1mNmc2LXBqZ2MtNWNqNc4AA6Hl
Improper Input Validation vulnerability in Apache Hop Engine
Ecosystems: maven
Packages: org.apache.hop:hop
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS1oZnJ2LWgzcTgtOWpwcs4AA7v7
kurwov vulnerable to Denial of Service due to improper data sanitization
Ecosystems: npm
Packages: kurwov
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 13 hours ago
Moderate
GSA_kwCzR0hTQS0yNWgzLW13M3AtdzhyN84AAlrw
Dolibarr CRM allows Privilege Escalation
Ecosystems: packagist
Packages: dolibarr/dolibarr
Source: GitHub Advisory Database
Blast Radius: 5.1
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1nang2LTU4eGgtcDdwd84AAUbH
Bolt Cross-site Scripting (XSS) via text input click preview button
Ecosystems: packagist
Packages: bolt/bolt
Source: GitHub Advisory Database
Blast Radius: 14.4
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS12cGptLTU4Y3ctcjhxNc4AAnOi
Arbitrary file read vulnerability in workspace browsers in Jenkins
Ecosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1meDZ4LWg5ZzQtNTZmOM4AAk1F
containernetworking/plugins vulnerable to MitM attacks
Ecosystems: go
Packages: github.com/containernetworking/plugins
Source: GitHub Advisory Database
Blast Radius: 24.7
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1mOTloLXczMzctbXY1Ns4AA0pu
iprange may panic when parsing ranges with invalid masks
Ecosystems: go
Packages: github.com/malfunkt/iprange
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 10 months ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXhxdmcteG05bS1wMmM0
Moderate severity vulnerability that affects mailman
Ecosystems: pypi
Packages: mailman
Source: GitHub Advisory Database
Blast Radius: 7.8
Published: over 5 years ago
Moderate
GSA_kwCzR0hTQS13N3BwLW04d2Ytdmo2cs4AAxeE
Cipher.update_into can corrupt memory if passed an immutable python object as the outbuf
Ecosystems: pypi
Packages: cryptography
Source: GitHub Advisory Database
Blast Radius: 33.3
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS14Njh4LXd2bTItaHFjOM4AAk06
Stored XSS vulnerability in Jenkins Compact Columns Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:compact-columns
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1xeDM0LTQ3ZmMtdnY3Oc4AAxfC
Answer vulnerable to Race Condition
Ecosystems: go
Packages: github.com/answerdev/answer
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1oNjNqLXhxeDYtdzU4cs4AA4C8
mvel2 TimeOut error exists in the ParseTools.subCompileExpression method
Ecosystems: maven
Packages: org.mvel:mvel2
Source: GitHub Advisory Database
Blast Radius: 18.3
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS00dnJjLXE3bTYtdnE3d84AAvzN
Lin CMS vulnerable to Improper Authentication
Ecosystems: maven, pypi
Packages: io.github.talelin:lin-cms-core, Lin-CMS
Source: GitHub Advisory Database
Blast Radius: 5.1
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS0ycHBwLXhqMzQtdnZmN83e3A
Apache Struts's CookieInterceptor component does not use the parameter-name whitelist
Ecosystems: maven
Packages: org.apache.struts.xwork:xwork-core, org.apache.struts:struts2-core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS03bTJ4LXFocnEtcnA4aM4AAkx7
Grafana XSS via the OpenTSDB datasource
Ecosystems: go
Packages: github.com/grafana/grafana
Source: GitHub Advisory Database
Blast Radius: 10.4
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1jZmgyLTdmNmgtM204Nc4AAy8f
Access bypass in Drupal Core
Ecosystems: packagist
Packages: drupal/core
Source: GitHub Advisory Database
Blast Radius: 24.2
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS0zdjdtLTJqcmgtdmM5M84AAwrL
Froxlor vulnerable to Argument Injection
Ecosystems: packagist
Packages: froxlor/froxlor
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1xdmg2LTNqN3gtM2hxN84AA1sa
Salt can cause Git Providers to get wrong data
Ecosystems: pypi
Packages: salt
Source: GitHub Advisory Database
Blast Radius: 11.1
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS0yd3F3LWhyNGYteHJoaM4AA5zN
RSSHub Cross-site Scripting vulnerability caused by internal media proxy
Ecosystems: npm
Packages: rsshub
Source: GitHub Advisory Database
Blast Radius: 7.3
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS05aHY4LTRmcmYtY3ByZs4AAk0G
Grafana XSS via a column style
Ecosystems: go
Packages: github.com/grafana/grafana
Source: GitHub Advisory Database
Blast Radius: 10.4
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1tdjRoLXFtMjQteDRnaM4AAWnW
Converse.js Exposure of Sensitive Information
Ecosystems: npm, packagist
Packages: converse.js, jcbrand/converse.js
Source: GitHub Advisory Database
Blast Radius: 8.6
Published: almost 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXg5ajcteDk4ci1yNHcy
Segmentation fault in tensorflow-lite
Ecosystems: pypi
Packages: tensorflow
Source: GitHub Advisory Database
Blast Radius: 31.6
Published: over 3 years ago
Moderate
GSA_kwCzR0hTQS1nYzg5LTdnY3ItanhxY84AAx-b
Buildkit credentials inlined to Git URLs could end up in provenance attestation
Ecosystems: go
Packages: github.com/moby/buildkit
Source: GitHub Advisory Database
Blast Radius: 19.9
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1nanZjLTU1ZnctdjZ2cc4AA1aX
Wallabag user can delete own API client unintentionally
Ecosystems: packagist
Packages: wallabag/wallabag
Source: GitHub Advisory Database
Blast Radius: 4.5
Published: 9 months ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTQ5NDMtOXZnZy1ncjVy
Cross-site Scripting in quill
Ecosystems: npm
Packages: quill
Source: GitHub Advisory Database
Blast Radius: 27.8
Published: almost 3 years ago
Moderate
GSA_kwCzR0hTQS1mcmdmLThqcjUtajJqds4AA2zW
memory leak flaw was found in ruby-magick
Ecosystems: rubygems
Packages: rmagick
Source: GitHub Advisory Database
Blast Radius: 22.5
Published: 6 months ago
Statistics
Advisories: 18,369
Packages: 8,294
Repositories: 5,017
Ecosystems: 12
Filter by Severity
Moderate 7,928 High 6,358 Critical 2,809 Low 985
Filter by Ecosystem
maven 5,531 packagist 3,809 pypi 3,712 npm 3,543 go 1,895 nuget 1,390 rubygems 814 cargo 777 swift 31 hex 30 actions 16 pub 8
Filter by Package
tensorflow 432 tensorflow-cpu 387 tensorflow-gpu 384 moodle/moodle 323 Microsoft.ChakraCore 247 org.jenkins-ci.main:jenkins-core 189 magento/community-edition 182 org.apache.tomcat:tomcat 134 pimcore/pimcore 116 dolibarr/dolibarr 107 typo3/cms 102 phpmyadmin/phpmyadmin 92 microweber/microweber 91 django 80 apache-airflow 78 drupal/core 76 typo3/cms-core 73 thorsten/phpmyfaq 70 com.fasterxml.jackson.core:jackson-databind 69 ansible 63 drupal/drupal 61 github.com/usememos/memos 59 actionpack 57 org.apache.struts:struts2-core 55 librenms/librenms 54 symfony/symfony 53 concrete5/concrete5 52 salt 50 shopware/platform 48 apache-superset 48 org.keycloak:keycloak-core 47 Plone 45 com.liferay.portal:release.portal.bom 45 plone 43 baserproject/basercms 43 nokogiri 42 rdiffweb 42 Pillow 41 craftcms/cms 40 intelliants/subrion 40 showdoc/showdoc 40 github.com/mattermost/mattermost/server/v8 38 vyper 38 github.com/mattermost/mattermost-server/v6 37 org.apache.tomcat.embed:tomcat-embed-core 37 nilsteampassnet/teampass 37 com.thoughtworks.xstream:xstream 36 shopware/core 36 froxlor/froxlor 36 com.jfinal:jfinal 36 matrix-synapse 35 net.mingsoft:ms-mcms 35 org.xwiki.platform:xwiki-platform-oldcore 34 github.com/answerdev/answer 34 silverstripe/framework 32 snipe/snipe-it 32 org.jenkins-ci.plugins:script-security 32 org.elasticsearch:elasticsearch 32 k8s.io/kubernetes 32 mlflow 31 opencv-python 30 opencv-contrib-python 30 parse-server 29 github.com/argoproj/argo-cd 29 mautic/core 29 github.com/grafana/grafana 28 github.com/hashicorp/vault 28 github.com/rancher/rancher 28 getgrav/grav 28 centreon/centreon 27 Django 27 io.undertow:undertow-core 27 org.keycloak:keycloak-services 27 shopware/shopware 27 electron 26 github.com/hashicorp/nomad 26 openssl-src 26 github.com/hashicorp/consul 26 org.apache.solr:solr-core 25 org.keycloak:keycloak-parent 25 rubygems-update 25 magento/core 24 prestashop/prestashop 24 gogs.io/gogs 24 github.com/argoproj/argo-cd/v2 23 puppet 23 org.springframework.security:spring-security-core 23 remdex/livehelperchat 23 moin 23 pocketmine/pocketmine-mp 23 org.eclipse.jetty:jetty-server 23 grumpydictator/firefly-iii 22 org.apache.nifi:nifi 22 rack 22 ckb 22 getkirby/cms 22 contao/core-bundle 21 activerecord 21 org.apache.openmeetings:openmeetings-parent 21 @openzeppelin/contracts-upgradeable 21 @openzeppelin/contracts 20 org.cloudfoundry.identity:cloudfoundry-identity-server 20 github.com/cilium/cilium 20 github.com/docker/docker 19 org.bouncycastle:bcprov-jdk14 19 github.com/ethereum/go-ethereum 19 code.gitea.io/gitea 19 org.springframework:spring-core 19 DotNetNuke.Core 19 langchain 18 contao/contao 18 com.liferay.portal:release.dxp.bom 18 forkcms/forkcms 18 tribalsystems/zenario 18 com.vaadin:vaadin-bom 18 helm.sh/helm/v3 18 mercurial 17 org.apache.geode:geode-core 17 PaddlePaddle 17 symfony/security 17 cakephp/cakephp 17 golang.org/x/net 17 org.xwiki.platform:xwiki-platform-web-templates 17 francoisjacquet/rosariosis 17 Microsoft.AspNetCore.App.Runtime.win-x86 17 cobbler 17 Microsoft.AspNetCore.App.Runtime.win-x64 17 cockpit-hq/cockpit 17 simplesamlphp/simplesamlphp 17 genix/cms 17 Microsoft.AspNetCore.App.Runtime.win-arm 16 org.apache.activemq:activemq-client 16 directus 16 pillow 16 wasmtime 16 sequelize 16 topthink/framework 16 org.apache.dubbo:dubbo 16 yetiforce/yetiforce-crm 16 rusqlite 16 org.bouncycastle:bcprov-jdk15 16 Microsoft.AspNetCore.App.Runtime.linux-musl-x64 15 nova 15 Microsoft.AspNetCore.App.Runtime.linux-arm64 15 github.com/goharbor/harbor 15 Microsoft.AspNetCore.App.Runtime.linux-arm 15 Microsoft.AspNetCore.App.Runtime.linux-x64 15 org.apache.struts.xwork:xwork-core 15 Microsoft.AspNetCore.App.Runtime.osx-x64 15 openmage/magento-lts 15 cryptography 15 notebook 15 paddlepaddle 15 org.apache.jspwiki:jspwiki-main 15 ghost 14 pyftpdlib 14 ezsystems/ezpublish-kernel 14 gradio 14 zendframework/zendframework1 14 publify_core 14 activesupport 14 modoboa 14 org.xwiki.platform:xwiki-platform-web 14 phpmailer/phpmailer 14 keystone 14 smarty/smarty 14 ec-cube/ec-cube 14 tinymce 14 symfony/security-http 14 typo3/cms-backend 14 Microsoft.AspNetCore.App.Runtime.linux-musl-arm64 14 pyload-ng 14 Microsoft.AspNetCore.App.Runtime.win-arm64 14 swagger-ui 14 neutron 13 codeigniter4/framework 13 lavalite/cms 13 org.apache.hadoop:hadoop-main 13 github.com/containerd/containerd 13 github.com/mattermost/mattermost-server 13 ckeditor4 13 bolt/bolt 13 strapi 13 passenger 13 org.apache.inlong:manager-pojo 13 impresscms/impresscms 13 github.com/traefik/traefik/v2 13 github.com/nats-io/nats-server/v2 13 october/system 13 joplin 13 next 13 elefant/cms 13 org.apache.cxf:cxf 13 com.vaadin:flow-server 12 github.com/go-gitea/gitea 12 org.jenkins-ci.plugins.workflow:workflow-cps 12 dompdf/dompdf 12 vm2 12 Microsoft.NETCore.App.Runtime.win-x86 12 org.jenkins-ci.plugins:git 12
Filter by Repository
https://github.com/tensorflow/tensorflow 432 https://github.com/chakra-core/ChakraCore 214 https://github.com/moodle/moodle 210 https://github.com/xwiki/xwiki-platform 172 https://github.com/jenkinsci/jenkins 148 https://github.com/pimcore/pimcore 111 https://github.com/apache/tomcat 96 https://github.com/apache/airflow 90 https://github.com/microweber/microweber 85 https://github.com/django/django 74 https://github.com/FasterXML/jackson-databind 70 https://github.com/thorsten/phpmyfaq 69 https://github.com/keycloak/keycloak 59 https://github.com/usememos/memos 59 https://github.com/Dolibarr/dolibarr 55 https://github.com/ansible/ansible 53 https://github.com/rails/rails 53 https://github.com/python-pillow/Pillow 52 https://github.com/kubernetes/kubernetes 48 https://github.com/symfony/symfony 47 https://github.com/librenms/librenms 46 https://github.com/apache/struts 46 https://github.com/shopware/platform 43 https://github.com/ikus060/rdiffweb 42 https://github.com/TYPO3/typo3 42 https://github.com/spring-projects/spring-framework 41 https://github.com/vyperlang/vyper 38 https://github.com/star7th/showdoc 38 https://github.com/phpmyadmin/phpmyadmin 38 https://github.com/plone/Products.CMFPlone 37 https://github.com/argoproj/argo-cd 37 https://github.com/x-stream/xstream 36 https://github.com/answerdev/answer 34 https://github.com/concretecms/concretecms 34 https://github.com/octobercms/october 33 https://github.com/apache/activemq 33 https://github.com/matrix-org/synapse 32 https://github.com/saltstack/salt 32 https://github.com/go-gitea/gitea 31 https://github.com/PaddlePaddle/Paddle 31 https://github.com/magento/magento2 31 https://github.com/sparklemotion/nokogiri 31 https://github.com/craftcms/cms 29 https://github.com/parse-community/parse-server 29 https://github.com/opencv/opencv 28 https://github.com/CVEProject/cvelist 28 https://github.com/snipe/snipe-it 28 https://github.com/mautic/mautic 27 https://github.com/froxlor/froxlor 26 https://github.com/apache/inlong 25 https://github.com/electron/electron 25 https://github.com/rancher/rancher 25 https://github.com/mlflow/mlflow 25 https://github.com/TYPO3/TYPO3.CMS 24 https://github.com/shopware/shopware 24 https://github.com/github/advisory-database 23 https://github.com/eclipse/jetty.project 23 https://github.com/livehelperchat/livehelperchat 23 https://github.com/getgrav/grav 23 https://github.com/dotnet/runtime 23 https://github.com/pmmp/PocketMine-MP 23 https://github.com/nervosnetwork/ckb 22 https://github.com/firefly-iii/firefly-iii 22 https://github.com/baserproject/basercms 22 https://github.com/grafana/grafana 22 https://github.com/contao/contao 22 https://github.com/apache/nifi 21 https://github.com/jenkinsci/script-security-plugin 21 https://github.com/strapi/strapi 21 https://github.com/jeecgboot/jeecg-boot 20 https://github.com/cilium/cilium 20 https://github.com/netty/netty 20 https://github.com/PrestaShop/PrestaShop 20 https://github.com/OpenNMS/opennms 20 https://github.com/gogs/gogs 20 https://github.com/OpenZeppelin/openzeppelin-contracts 20 https://github.com/nilsteampassnet/teampass 19 https://github.com/helm/helm 19 https://github.com/apache/cxf 19 https://github.com/hashicorp/consul 19 https://github.com/intelliants/subrion 19 https://github.com/cloudfoundry/uaa 19 https://github.com/nilsteampassnet/TeamPass 18 https://github.com/rubygems/rubygems 18 https://github.com/bcgit/bc-java 18 https://github.com/getkirby/kirby 18 https://github.com/bytecodealliance/wasmtime 17 https://github.com/vaadin/platform 17 https://github.com/liufee/cms 17 https://github.com/rack/rack 17 https://github.com/opencast/opencast 16 https://github.com/rusqlite/rusqlite 16 https://github.com/forkcms/forkcms 16 https://github.com/hashicorp/vault 16 https://github.com/umbraco/Umbraco-CMS 16 https://github.com/etcd-io/etcd 16 https://github.com/sequelize/sequelize 16 https://github.com/yetiforcecompany/yetiforcecrm 16 https://github.com/geoserver/geoserver 15 https://github.com/goharbor/harbor 15 https://github.com/puppetlabs/puppet 15 https://github.com/directus/directus 15 https://github.com/centreon/centreon 15 https://github.com/ethereum/go-ethereum 15 https://github.com/OpenMage/magento-lts 15 https://github.com/apache/camel 15 https://github.com/vantage6/vantage6 14 https://github.com/pyload/pyload 14 https://github.com/cobbler/cobbler 14 https://github.com/PHPMailer/PHPMailer 14 https://github.com/cockpit-hq/cockpit 14 https://github.com/tinymce/tinymce 14 https://github.com/langchain-ai/langchain 14 https://github.com/mattermost/mattermost 14 https://github.com/moby/moby 14 https://github.com/simplesamlphp/simplesamlphp 14 https://github.com/denoland/deno 14 https://github.com/pyca/cryptography 14 https://github.com/xuxueli/xxl-job 13 https://github.com/swagger-api/swagger-ui 13 https://github.com/modoboa/modoboa 13 https://github.com/publify/publify 13 https://github.com/quarkusio/quarkus 13 https://github.com/containerd/containerd 13 https://github.com/undertow-io/undertow 13 https://github.com/gradio-app/gradio 13 https://github.com/hashicorp/nomad 13 https://github.com/golang/go 13 https://github.com/silverstripe/silverstripe-framework 13 https://github.com/dompdf/dompdf 13 https://github.com/ming-soft/MCMS 13 https://github.com/traefik/traefik 13 https://github.com/dromara/hutool 12 https://github.com/patriksimek/vm2 12 https://github.com/backstage/backstage 12 https://github.com/TryGhost/Ghost 12 https://github.com/twisted/twisted 12 https://github.com/apache/kylin 12 https://github.com/nodejs/undici 12 https://github.com/laurent22/joplin 12 https://github.com/ckeditor/ckeditor4 12 https://github.com/apache/dolphinscheduler 12 https://github.com/centreon/centreon-archived 12 https://github.com/janeczku/calibre-web 11 https://github.com/urllib3/urllib3 11 https://github.com/cakephp/cakephp 11 https://github.com/vaadin/flow 11 https://github.com/opencontainers/runc 11 https://github.com/onionshare/onionshare 11 https://github.com/Studio-42/elFinder 11 https://github.com/jquery/jquery 11 https://github.com/zitadel/zitadel 11 https://github.com/openstack/keystone 11 https://github.com/drupal/core 11 https://github.com/thorsten/phpMyFAQ 11 https://github.com/cloudflare/cfrpki 11 https://github.com/igniterealtime/Openfire 11 https://github.com/openfga/openfga 11 https://github.com/containers/podman 11 https://github.com/puma/puma 11 https://github.com/NodeBB/NodeBB 11 https://github.com/aio-libs/aiohttp 11 https://github.com/smarty-php/smarty 11 https://github.com/greenpau/caddy-security 10 https://github.com/jupyter/notebook 10 https://github.com/dotnet/aspnetcore 10 https://github.com/1Panel-dev/1Panel 10 https://github.com/nextauthjs/next-auth 10 https://github.com/phusion/passenger 10 https://github.com/cosmos/cosmos-sdk 10 https://github.com/dpgaspar/Flask-AppBuilder 10 https://github.com/nats-io/nats-server 10 https://github.com/codeigniter4/CodeIgniter4 10 https://github.com/wagtail/wagtail 10 https://github.com/dolibarr/dolibarr 10 https://github.com/ezsystems/ezpublish-kernel 10 https://github.com/pimcore/admin-ui-classic-bundle 10 https://github.com/keystonejs/keystone 10 https://github.com/WWBN/AVideo 10 https://github.com/OPCFoundation/UA-.NETStandard 10 https://github.com/zopefoundation/Zope 10 https://github.com/top-think/framework 10 https://github.com/jenkinsci/git-plugin 10 https://github.com/rails/rails-html-sanitizer 9 https://github.com/ethyca/fides 9 https://github.com/LavaLite/cms 9 https://github.com/apache/lucene-solr 9 https://github.com/DSpace/DSpace 9 https://github.com/cri-o/cri-o 9 https://github.com/cui2shark/cms 9 https://github.com/Graylog2/graylog2-server 9 https://github.com/bolt/bolt 9 https://github.com/alextselegidis/easyappointments 9 https://github.com/giampaolo/pyftpdlib 9 https://github.com/semplon/GeniXCMS 9 https://github.com/funadmin/funadmin 9 https://github.com/evershopcommerce/evershop 9 https://github.com/fatfreecrm/fat_free_crm 9 https://github.com/vercel/next.js 9