Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories

Loading...
Moderate
GSA_kwCzR0hTQS04cXI0LXhndzYtd21yM84AAuFj
`undici.request` vulnerable to SSRF using absolute URL on `pathname`
Ecosystems: npm
Packages: undici
Source: GitHub Advisory Database
Blast Radius: 26.5
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS14ajk0LXJnZjktY3EzN84AAYVo
Umbraco CMS vulnerable to stored XSS
Ecosystems: nuget
Packages: UmbracoCMS.Web
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1oMnZxLTdnZjItcXc5ds4AAYVg
Umbraco CMS XXE Vulnerability
Ecosystems: nuget
Packages: UmbracoCms.Web
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1yNjRxLXc4anItZzlxcM3wRw
Improper Neutralization of CRLF Sequences in urllib3 library for Python
Ecosystems: pypi
Packages: urllib3
Source: GitHub Advisory Database
Blast Radius: 34.3
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS0zNnhtLTM1cXEtNzk1d84AA1zR
Inventory exposes reference to non-Sync data to an arbitrary thread
Ecosystems: cargo
Packages: inventory
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS1jZnFqLTlnMmctdzdxNs0YJg
Apache JSPWiki Cross-site Scripting due to carefully crafted plugin link invocation
Ecosystems: maven
Packages: org.apache.jspwiki:jspwiki-main
Source: GitHub Advisory Database
Blast Radius: 7.9
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1qY3I2LTRmcnEtOWdqas4AA1zQ
Users vulnerable to unaligned read of `*const *const c_char` pointer
Ecosystems: cargo
Packages: users
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS1qcXg1LWgyaHctNXE0Zs3eaA
Denial of Service in Apache POI
Ecosystems: maven
Packages: org.apache.poi:poi-scratchpad, org.apache.poi:poi
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS13cThxLTk5cDUteGZyd84AA3Xf
Apache Superset Cross-site Scripting vulnerability
Ecosystems: pypi
Packages: apache-superset
Source: GitHub Advisory Database
Blast Radius: 5.8
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS1xcGc5LTgzZnYteDljaM3mcg
Improper Neutralization of Input During Web Page Generation in Jenkins
Ecosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS04NWpqLWM5anItOWpoeM4AA3Xb
Mattermost Improper Access Control vulnerability
Ecosystems: go
Packages: github.com/mattermost/mattermost-server/v6, github.com/mattermost/mattermost/server/v8
Source: GitHub Advisory Database
Blast Radius: 9.6
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS1nOXc0LXByZjMtbTI1Z84AA068
Obfuscated email addresses should not be sorted
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-livetable-ui
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 10 months ago
Moderate
GSA_kwCzR0hTQS1oN2NtLW1ydnEtd2Nmcs4AA10c
Piccolo's current `BaseUser.login` implementation is vulnerable to time based user enumeration
Ecosystems: pypi
Packages: piccolo
Source: GitHub Advisory Database
Blast Radius: 9.6
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS0yaGgzLWptdjgtNWZteM3z_g
Moodle Does Not Escape Characters In Email Headers
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 7.6
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS05ajNtLWczODMtMjlxcs4AAuAp
OpenZeppelin Contracts's Cross chain utilities for Arbitrum L2 see EOA calls as cross chain calls
Ecosystems: npm
Packages: @openzeppelin/contracts-upgradeable, @openzeppelin/contracts
Source: GitHub Advisory Database
Blast Radius: 24.1
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS03Z3JmLTgzdnctNmY1eM4AAuAo
OpenZeppelin Contracts ERC165Checker unbounded gas consumption
Ecosystems: npm
Packages: openzeppelin-eth, @openzeppelin/contracts-upgradeable, openzeppelin-solidity, @openzeppelin/contracts
Source: GitHub Advisory Database
Blast Radius: 24.1
Published: almost 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTN2NmgtaHFtNC0ycmc2
Arbitrary File Write in adm-zip
Ecosystems: npm
Packages: adm-zip
Source: GitHub Advisory Database
Blast Radius: 31.9
Published: almost 6 years ago
Moderate
GSA_kwCzR0hTQS14Y3IzLTRxdnItNTRyaM07zw
Cross-site Scripting in Pimcore
Ecosystems: packagist
Packages: pimcore/pimcore
Source: GitHub Advisory Database
Blast Radius: 16.9
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1ncnZ2LWgyZjktN3Y5Y84AAuiv
gomatrixserverlib and Dendrite vulnerable to incorrect parsing of the event default power level in event auth
Ecosystems: go
Packages: github.com/matrix-org/gomatrixserverlib, github.com/matrix-org/dendrite
Source: GitHub Advisory Database
Blast Radius: 6.8
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1jZzNoLXJjOXEtZzh2Oc0pwQ
Cross-site Scripting in pimcore
Ecosystems: packagist
Packages: pimcore/pimcore
Source: GitHub Advisory Database
Blast Radius: 13.4
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1ycW1nLWhyZzQtZm02Oc4AAt0I
Go Ethereum allows attackers to use manipulation of time-difference values to achieve replacement of main-chain blocks
Ecosystems: go
Packages: github.com/ethereum/go-ethereum
Source: GitHub Advisory Database
Blast Radius: 22.6
Published: almost 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXc1cmgtajRnMy1qcjI5
Missing Authorization in Jenkins S3 publisher Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:s3
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 3 years ago
Moderate
GSA_kwCzR0hTQS1yNDRxLTk4Z3gtcG1oMs4AA3bb
Apache DolphinScheduler Missing Authorization vulnerability
Ecosystems: maven
Packages: org.apache.dolphinscheduler:dolphinscheduler-service, org.apache.dolphinscheduler:dolphinscheduler-dao, org.apache.dolphinscheduler:dolphinscheduler-common, org.apache.dolphinscheduler:dolphinscheduler-api
Source: GitHub Advisory Database
Blast Radius: 12.4
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS12cGY3LXEycngtMjZtaM4AAttA
Jenkins HashiCorp Vault Plugin does not perform permission checks in several HTTP endpoints that perform Vault connection tests
Ecosystems: maven
Packages: com.datapipe.jenkins.plugins:hashicorp-vault-plugin
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1yOHZoLWNtOWYtcmMyOc4AAbxF
Magmi XSS Vulnerability
Ecosystems: packagist
Packages: dweeves/magmi
Source: GitHub Advisory Database
Blast Radius: 3.7
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1qNTl2LWhoNHAtcTkybc4AA20D
Pimcore Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: pimcore/pimcore
Source: GitHub Advisory Database
Blast Radius: 13.4
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS1wNXBnLXdtOXEtOHY2cs0ugQ
Improper Handling of Exceptional Conditions inn metadata-extractor
Ecosystems: maven
Packages: com.drewnoakes:metadata-extractor
Source: GitHub Advisory Database
Blast Radius: 17.5
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS14cWNxLWo4dzktM3B4ds4AA0_O
Jettison parser crash by stackoverflow
Ecosystems: maven
Packages: com.tencyle.fixes:org.codehaus.jettison--jettison
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 10 months ago
Moderate
GSA_kwCzR0hTQS1wanJqLWg0ZmctNmdtNM4AA3lF
tokio-boring vulnerable to resource exhaustion via memory leak
Ecosystems: cargo
Packages: tokio-boring
Source: GitHub Advisory Database
Blast Radius: 7.6
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS1mdmhqLTRxZmgtcTJobc4AA3ku
Traefik incorrectly processes fragment in the URL, leads to Authorization Bypass
Ecosystems: go
Packages: github.com/traefik/traefik/v3, github.com/traefik/traefik/v2
Source: GitHub Advisory Database
Blast Radius: 11.2
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS1wcjR3LW00cnAtZ3A4N84AA3ck
PHPMemcachedAdmin vulnerable to cross-site scripting (XSS) via improper encoding
Ecosystems: packagist
Packages: elijaa/phpmemcacheadmin
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS04dmg1LWo2eGotNTk1M84AATSn
Centreon XSS Vulnerability
Ecosystems: packagist
Packages: centreon/centreon
Source: GitHub Advisory Database
Blast Radius: 2.6
Published: about 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLThmNjQtcTdqYy1jY2dw
metascraper before v5.2.0 vulnerable to stored cross-site scripting
Ecosystems: npm
Packages: metascraper
Source: GitHub Advisory Database
Blast Radius: 20.4
Published: almost 6 years ago
Moderate
GSA_kwCzR0hTQS14ZnY1LWpxZ3AtdnFoas4AA3l0
Quarkus Cache Runtime exposes sensitive information to an unauthorized actor
Ecosystems: maven
Packages: io.quarkus:quarkus-cache
Source: GitHub Advisory Database
Blast Radius: 13.2
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS1xZjRwLTdncWMteDZqeM4AAttF
Jenkins Compuware Topaz Utilities Plugin is missing authorization
Ecosystems: maven
Packages: com.compuware.jenkins:compuware-topaz-utilities
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1qbTM1LWg4cTItNzNtcM05RA
Improper one time password handling in devise-two-factor
Ecosystems: rubygems
Packages: devise-two-factor
Source: GitHub Advisory Database
Blast Radius: 17.3
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1nY2o3LWo0MzgtaGpqMs05RQ
Smokescreen SSRF via deny list bypass
Ecosystems: go
Packages: github.com/stripe/smokescreen
Source: GitHub Advisory Database
Blast Radius: 1.7
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS0yZ2dwLWNtdm0tZjYyZs4AA1Lb
ScanCode.io command injection in docker image fetch process
Ecosystems: pypi
Packages: scancodeio
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 9 months ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWNmcGotM3E0Yy1qaHZy
Division by zero in TFLite
Ecosystems: pypi
Packages: tensorflow
Source: GitHub Advisory Database
Blast Radius: 26.8
Published: over 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTRjNGctY3JxbS14cnh3
Use of unitialized value in TFLite
Ecosystems: pypi
Packages: tensorflow
Source: GitHub Advisory Database
Blast Radius: 21.4
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1qbXJ4LTVnNzQtNnYyZs4AAh7K
Kubernetes client-go library logs may disclose credentials to unauthorized users
Ecosystems: go
Packages: k8s.io/kubernetes, k8s.io/client-go
Source: GitHub Advisory Database
Blast Radius: 30.2
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS04NWNmLWdqMjktZjU1Nc4AA1OE
1Panel Arbitrary File Download vulnerability
Ecosystems: go
Packages: github.com/1Panel-dev/1Panel
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 9 months ago
Moderate
GSA_kwCzR0hTQS13OTd4LXhmeGYtZjl4as1B1g
Jakarta Tomcat Denial of Service vulnerability
Ecosystems: maven
Packages: org.apache.tomcat:tomcat
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1xZnc3LXBmeHgtaDlxMs4AA1SP
OpenNMS vulnerable to Cross-site Scripting
Ecosystems: maven
Packages: org.opennms:opennms-webapp
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 9 months ago
Moderate
GSA_kwCzR0hTQS1xZncyLXd2cnctbXZ3NM1B1Q
Jakarta Tomcat Directory Listing vulnerability
Ecosystems: maven
Packages: org.apache.tomcat:tomcat
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS14NDQ1LW1tcHctN3I0Zs1d5A
Apache Tomcat Allows Source Disclosure
Ecosystems: maven
Packages: org.apache.tomcat:tomcat-servlet-api
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS01bXYyLXZxcTctbXE1aM4AAts7
CSRF vulnerability in Jenkins OpenShift Deployer Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:openshift-deployer
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1mMmdxLXA2cXYtY2N3NM1xPA
Tomcat Vulnerable to Web Cache Poisoning
Ecosystems: maven
Packages: org.apache.tomcat:tomcat
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1jMmpjLTRmcHItNHZoZ84AAxfy
@sideway/formula contains Regular Expression Denial of Service (ReDoS) Vulnerability
Ecosystems: npm
Packages: @sideway/formula
Source: GitHub Advisory Database
Blast Radius: 29.9
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS05Mmo3LTM0eDktZjNqd81QjA
Apache James Denial of Service
Ecosystems: maven
Packages: org.apache.james:james-server
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1wd2N3LTZmNWctZ3hmOM4AAxfw
Helm vulnerable to information disclosure via getHostByName Function
Ecosystems: go
Packages: helm.sh/helm/v3
Source: GitHub Advisory Database
Blast Radius: 15.9
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1xeHdjLXdjaHItNWgyOc4AA1WD
Jenkins Gogs Plugin vulnerable to unsafe default behavior and information disclosure
Ecosystems: maven
Packages: org.jenkins-ci.plugins:gogs-webhook
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 9 months ago
Moderate
GSA_kwCzR0hTQS02anF3LWp3ZjUtcnA4aM4AA2HB
Path traversal allows leaking out-of-bound Helm charts from Argo CD repo-server
Ecosystems: go
Packages: github.com/argoproj/argo-cd/v2, github.com/argoproj/argo-cd
Source: GitHub Advisory Database
Blast Radius: 10.9
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS12bWhqLXA5aHctdmdyZs4AAjjP
Podman has Files or Directories Accessible to External Parties
Ecosystems: go
Packages: github.com/containers/podman/v2, github.com/containers/podman
Source: GitHub Advisory Database
Blast Radius: 6.4
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS13Y2o0LWZmOW0tNXI3Z84AAdwp
ImpressCMS Path Traversal to Arbitrary File Delete
Ecosystems: packagist
Packages: impresscms/impresscms
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS05cnd3LTY2dzctN3ZqeM4AA1P4
Mattermost fails to sanitize post metadata
Ecosystems: go
Packages: github.com/mattermost/mattermost-server/v6
Source: GitHub Advisory Database
Blast Radius: 10.0
Published: 9 months ago
Moderate
GSA_kwCzR0hTQS05cXhoLTI1OHYtNjY2Y84AAt5y
owning_ref vulnerable to multiple soundness issues
Ecosystems: cargo
Packages: owning_ref
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1oZjVwLWY4M3gtNXEyZ84AA1Xs
OpenNMS privilege escalation vulnerability
Ecosystems: maven
Packages: org.opennms:opennms-webapp-rest
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 9 months ago
Moderate
GSA_kwCzR0hTQS04bTY1LXFxNmctNDNycs4AA1Yv
Cockpit Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: cockpit-hq/cockpit
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 9 months ago
Moderate
GSA_kwCzR0hTQS0yMjNtLXBnY3EtZjN4Z84AA1am
Jenkins Fortify Plugin HTML injection vulnerability
Ecosystems: maven
Packages: org.jenkins-ci.plugins:fortify
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 9 months ago
Moderate
GSA_kwCzR0hTQS00eG1mLTM0NHEtbTRjY84AA1aj
Jenkins Fortify Plugin missing permission check
Ecosystems: maven
Packages: org.jenkins-ci.plugins:fortify
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 9 months ago
Moderate
GSA_kwCzR0hTQS0zcGdqLXBnNmMtcjVwN84AAu17
OAuthLib vulnerable to DoS when attacker provides malicious IPV6 URI
Ecosystems: pypi
Packages: oauthlib
Source: GitHub Advisory Database
Blast Radius: 28.5
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1xZ2ZnLWd2ZmYtNTIzds4AAVGx
python-glanceclient vulnerable to SSL server spoofing due to unverified X.509 certificate
Ecosystems: pypi
Packages: python-glanceclient
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTR2d3ctbWM2Ni02Mm02
HTTP Request Smuggling in Apache Tomcat
Ecosystems: maven
Packages: org.apache.tomcat:tomcat
Source: GitHub Advisory Database
Blast Radius: 14.0
Published: almost 3 years ago
Moderate
GSA_kwCzR0hTQS1qY2YyLW14cjItZ21xcM4AA1gZ
OpenFGA Authorization Bypass
Ecosystems: go
Packages: github.com/openfga/openfga
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 9 months ago
Moderate
GSA_kwCzR0hTQS1ydnJqLWo3Y2MtMjM2cM4AAZ0Y
DotNetNuke (DNN) Cross-site scripting (XSS) vulnerability via the __dnnVariable parameter
Ecosystems: nuget
Packages: DotNetNuke.Core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS02anZ3LXJwdzQtZ2o0eM4AAe8S
Apache Shindig PHP Sensitive Information Disclosure
Ecosystems: maven
Packages: org.apache.shindig:shindig-php
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1jbXBtLWpnOHItZnYzN84AAaNs
Apache Struts Multiple Cross-site Scripting Vulnerabilities
Ecosystems: maven
Packages: org.apache.struts:struts2-parent
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS02NzMzLTdycDctdmYzbc4AA3Mb
xxl-job-admin vulnerable to Cross Site Scripting
Ecosystems: maven
Packages: com.xuxueli:xxl-job-admin
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS1mY3J4LTg4MjktanBxeM03mg
Improper Restriction of XML External Entity Reference in wutka jox
Ecosystems: maven
Packages: com.wutka:jox
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1waHc4LWZ3OWctdjN4Y84AAaFw
Apache QPID Allows Remote Authentication Bypass
Ecosystems: maven
Packages: org.apache.qpid:qpid-parent
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS00ODIyLWp2d3gtdzQ3aM03pA
Uncontrolled Resource Consumption in Matrix Synapse
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 7.5
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1tcnF4LW1qYzQtdmZoM84AAxYc
wallabag subject to Improper Authorization via annotations
Ecosystems: packagist
Packages: wallabag/wallabag
Source: GitHub Advisory Database
Blast Radius: 3.8
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1yNGhnLTRjcHEtcTU3Y84AAxS9
jSuites subect to Cross-site Scripting
Ecosystems: npm
Packages: jsuites
Source: GitHub Advisory Database
Blast Radius: 13.2
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1tNW0yLWg2aDktcDJjOM4AA1rD
Velocity execution without script right through VelocityCode and VelocityWiki property
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-oldcore
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 9 months ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTVwMjYtaHc3Zi0zY3By
Cross-Site Scripting in html-pages
Ecosystems: npm
Packages: html-pages
Source: GitHub Advisory Database
Blast Radius: 4.3
Published: over 5 years ago
Moderate
GSA_kwCzR0hTQS01amptLXFwNDgtcXA4Ns4AA144
LibreNMS Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: librenms/librenms
Source: GitHub Advisory Database
Blast Radius: 1.6
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS1qcDNjLWc0NnYtamcyY84AA14w
LibreNMS Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: librenms/librenms
Source: GitHub Advisory Database
Blast Radius: 1.6
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS1oM2h2LTYzcTUtamdwcs4AA11k
Microsoft Security Advisory CVE-2023-36799: .NET Denial of Service Vulnerability
Ecosystems: nuget
Packages: Microsoft.NETCore.App.Runtime.linux-musl-arm64, Microsoft.NETCore.App.Runtime.linux-arm64, Microsoft.NETCore.App.Runtime.linux-arm, Microsoft.NETCore.App.Runtime.linux-musl-arm, Microsoft.NETCore.App.Runtime.linux-musl-x64, Microsoft.NETCore.App.Runtime.linux-x64
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS01N20yLW1wYzctZ3dneM4AA14x
LibreNMS Code Injection vulnerability
Ecosystems: packagist
Packages: librenms/librenms
Source: GitHub Advisory Database
Blast Radius: 1.6
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS01bW13LXA1cXYtdzN4Nc4AA3q1
Always incorrect control flow in github.com/mojocn/base64Captcha
Ecosystems: go
Packages: github.com/mojocn/base64Captcha
Source: GitHub Advisory Database
Blast Radius: 14.8
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS13Y202LXd2OTUtN2p3Ns4AAxNP
Cross-site Scripting in pyload-ng
Ecosystems: pypi
Packages: pyload-ng
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1mbXJmLXA3N2ctdnY1Y84AA0J4
MediaWiki Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: wikibase/wikibase
Source: GitHub Advisory Database
Blast Radius: 5.8
Published: 11 months ago
Moderate
GSA_kwCzR0hTQS1ydjc0LW0yODMtNWo5Nc4AA3k5
Elasticsearch-hadoop Unsafe Deserialization
Ecosystems: maven
Packages: org.elasticsearch:elasticsearch-hadoop
Source: GitHub Advisory Database
Blast Radius: 14.8
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS13ZzhwLXc5NDYtYzQ4Ms0zIQ
Cross-site Scripting in ShowDoc
Ecosystems: packagist
Packages: showdoc/showdoc
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS01Z3hwLWMzNzktcGo0Ms4AAYUG
ccsv Double Free vulnerability
Ecosystems: rubygems
Packages: ccsv
Source: GitHub Advisory Database
Blast Radius: 5.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1qMjlmLW0yM2gtM3A4cM0zyw
Cross-site Scripting in Pimcore
Ecosystems: packagist
Packages: pimcore/pimcore
Source: GitHub Advisory Database
Blast Radius: 13.4
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1yeDdqLW13NGMtNzZnOc4AATRU
Authlogic Information Exposure vulnerability
Ecosystems: rubygems
Packages: authlogic
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS12ODZ4LTVmbTMtNXA3as4AA1eS
Alertmanager UI is vulnerable to stored XSS via the /api/v1/alerts endpoint
Ecosystems: go
Packages: github.com/prometheus/alertmanager
Source: GitHub Advisory Database
Blast Radius: 19.3
Published: 9 months ago
Moderate
GSA_kwCzR0hTQS12eDZwLXE0Z2oteDZ4eM4AAqWr
Camaleon CMS vulnerable to Server-Side Request Forgery
Ecosystems: rubygems
Packages: camaleon_cms
Source: GitHub Advisory Database
Blast Radius: 6.3
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS0ycjJ3LWpyaDItcDRncs0Vqw
Cross-site Scripting in LibreNMS
Ecosystems: packagist
Packages: librenms/librenms
Source: GitHub Advisory Database
Blast Radius: 1.6
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS01OHJxLTY5anAteGMyM84AA1-M
Jenkins Build Failure Analyzer Plugin Cross-Site Request Forgery vulnerability
Ecosystems: maven
Packages: com.sonyericsson.jenkins.plugins.bfa:build-failure-analyzer
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS05eDhtLTJ4cGYtY3JwM84AAtvM
Scrapy before 2.6.2 and 1.8.3 vulnerable to one proxy sending credentials to another
Ecosystems: pypi
Packages: scrapy
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS14cjk2LTdjY3AtcGc1Y82YIg
DotNetNuke Vulnerable to XSS in Pass-Through Values
Ecosystems: nuget
Packages: DotNetNuke.Core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1nOHBqLXI1NXEtNWMyds4AA2Wt
Apache Tomcat Incomplete Cleanup vulnerability
Ecosystems: maven
Packages: org.apache.tomcat.embed:tomcat-embed-core, org.apache.tomcat:tomcat
Source: GitHub Advisory Database
Blast Radius: 22.0
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS03Y3dxLXA4Y3ItaDlxZ84AA1wt
Buttercup allows attackers to obtain the hash of the master password
Ecosystems: npm
Packages: buttercup
Source: GitHub Advisory Database
Blast Radius: 8.7
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS1wNzZqLWg0bTgtaHg1Y84AA2Gl
Pimcore Demo Allows GraphQL Introspection
Ecosystems: packagist
Packages: pimcore/demo
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS1jMnBqLXJyNjgtcHc5NM4AAtlW
Dataease before 1.11.2 access control issue allows attackers to arbitrarily uninstall plugin
Ecosystems: maven
Packages: io.dataease:dataease-plugin-common
Source: GitHub Advisory Database
Blast Radius: 2.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS03ZjZ4LWp3aDUtbTlyNM4AAtkN
Cranelift vulnerable to miscompilation of constant values in division on AArch64
Ecosystems: cargo
Packages: cranelift-codegen, wasmtime
Source: GitHub Advisory Database
Blast Radius: 20.8
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS05djQ4LTJoNXgtZnZwbc4AAwkS
usememos/memos vulnerable to improper access control
Ecosystems: go
Packages: github.com/usememos/memos
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Statistics
Advisories: 18,774
Packages: 8,381
Repositories: 5,080
Ecosystems: 12
Filter by Severity
Moderate 8,161 High 6,452 Critical 2,849 Low 1,017
Filter by Ecosystem
maven 5,573 packagist 4,003 pypi 3,848 npm 3,557 go 1,935 nuget 1,421 rubygems 815 cargo 780 swift 31 hex 30 actions 16 pub 8
Filter by Package
tensorflow 432 tensorflow-cpu 387 tensorflow-gpu 384 moodle/moodle 323 Microsoft.ChakraCore 247 magento/community-edition 203 org.jenkins-ci.main:jenkins-core 189 org.apache.tomcat:tomcat 134 pimcore/pimcore 116 dolibarr/dolibarr 107 typo3/cms 102 phpmyadmin/phpmyadmin 92 microweber/microweber 91 drupal/core 90 django 80 apache-airflow 78 typo3/cms-core 77 drupal/drupal 75 thorsten/phpmyfaq 70 com.fasterxml.jackson.core:jackson-databind 69 ansible 63 github.com/usememos/memos 59 actionpack 57 org.apache.struts:struts2-core 55 librenms/librenms 54 symfony/symfony 53 salt 53 Plone 52 concrete5/concrete5 52 apache-superset 49 shopware/platform 48 org.keycloak:keycloak-core 47 nova 45 com.liferay.portal:release.portal.bom 45 github.com/grafana/grafana 44 baserproject/basercms 43 nokogiri 43 plone 43 rdiffweb 42 Pillow 41 intelliants/subrion 40 showdoc/showdoc 40 craftcms/cms 40 vyper 38 github.com/mattermost/mattermost/server/v8 38 github.com/mattermost/mattermost-server/v6 37 nilsteampassnet/teampass 37 froxlor/froxlor 37 org.apache.tomcat.embed:tomcat-embed-core 36 shopware/core 36 com.jfinal:jfinal 36 com.thoughtworks.xstream:xstream 36 matrix-synapse 35 net.mingsoft:ms-mcms 35 moin 34 github.com/answerdev/answer 34 org.xwiki.platform:xwiki-platform-oldcore 34 mlflow 33 org.elasticsearch:elasticsearch 32 org.jenkins-ci.plugins:script-security 32 snipe/snipe-it 32 silverstripe/framework 32 k8s.io/kubernetes 32 keystone 30 opencv-contrib-python 30 opencv-python 30 mautic/core 30 Django 30 github.com/argoproj/argo-cd 29 getgrav/grav 29 parse-server 29 github.com/rancher/rancher 28 github.com/hashicorp/vault 28 centreon/centreon 27 io.undertow:undertow-core 27 org.keycloak:keycloak-services 27 shopware/shopware 27 github.com/hashicorp/nomad 26 prestashop/prestashop 26 github.com/hashicorp/consul 26 openssl-src 26 electron 26 rubygems-update 25 org.keycloak:keycloak-parent 25 org.apache.solr:solr-core 25 gogs.io/gogs 24 magento/core 24 pocketmine/pocketmine-mp 23 puppet 23 org.springframework.security:spring-security-core 23 github.com/argoproj/argo-cd/v2 23 remdex/livehelperchat 23 mediawiki/core 23 org.eclipse.jetty:jetty-server 23 ckb 22 grumpydictator/firefly-iii 22 getkirby/cms 22 org.bouncycastle:bcprov-jdk14 22 org.apache.nifi:nifi 22 rack 22 org.apache.openmeetings:openmeetings-parent 21 @openzeppelin/contracts-upgradeable 21 contao/core-bundle 21 activerecord 21 github.com/docker/docker 20 @openzeppelin/contracts 20 org.cloudfoundry.identity:cloudfoundry-identity-server 20 github.com/cilium/cilium 20 github.com/ethereum/go-ethereum 20 tribalsystems/zenario 20 DotNetNuke.Core 19 code.gitea.io/gitea 19 laravel/framework 19 org.springframework:spring-core 19 Microsoft.AspNetCore.App.Runtime.win-x64 18 com.vaadin:vaadin-bom 18 Microsoft.AspNetCore.App.Runtime.win-x86 18 langchain 18 com.liferay.portal:release.dxp.bom 18 forkcms/forkcms 18 glance 18 directus 18 contao/contao 18 helm.sh/helm/v3 18 cockpit-hq/cockpit 18 simplesamlphp/simplesamlphp 18 org.apache.geode:geode-core 17 topthink/framework 17 Microsoft.AspNetCore.App.Runtime.win-arm 17 cobbler 17 genix/cms 17 symfony/security 17 org.xwiki.platform:xwiki-platform-web-templates 17 golang.org/x/net 17 francoisjacquet/rosariosis 17 PaddlePaddle 17 cakephp/cakephp 17 mercurial 17 ezsystems/ezpublish-kernel 17 Microsoft.AspNetCore.App.Runtime.osx-x64 16 org.apache.dubbo:dubbo 16 wasmtime 16 org.apache.activemq:activemq-client 16 rusqlite 16 Microsoft.AspNetCore.App.Runtime.linux-x64 16 Microsoft.AspNetCore.App.Runtime.linux-musl-x64 16 Microsoft.AspNetCore.App.Runtime.linux-arm 16 neutron 16 Microsoft.AspNetCore.App.Runtime.linux-arm64 16 sequelize 16 yetiforce/yetiforce-crm 16 org.bouncycastle:bcprov-jdk15 16 pillow 16 notebook 15 org.apache.jspwiki:jspwiki-main 15 openmage/magento-lts 15 paddlepaddle 15 next 15 github.com/goharbor/harbor 15 Microsoft.AspNetCore.App.Runtime.win-arm64 15 gradio 15 Microsoft.AspNetCore.App.Runtime.linux-musl-arm64 15 cryptography 15 org.apache.struts.xwork:xwork-core 15 org.xwiki.platform:xwiki-platform-web 14 activesupport 14 zendframework/zendframework1 14 ghost 14 ec-cube/ec-cube 14 symfony/security-http 14 smarty/smarty 14 phpmailer/phpmailer 14 tinymce 14 pyload-ng 14 github.com/containerd/containerd 14 publify_core 14 swagger-ui 14 modoboa 14 org.apache.inlong:manager-pojo 14 typo3/cms-backend 14 pyftpdlib 14 codeigniter4/framework 13 github.com/mattermost/mattermost-server 13 lavalite/cms 13 github.com/traefik/traefik/v2 13 joplin 13 elefant/cms 13 october/system 13 strapi 13 bolt/bolt 13 ckeditor4 13 passenger 13 OctoPrint 13 impresscms/impresscms 13 github.com/nats-io/nats-server/v2 13 org.apache.cxf:cxf 13 org.apache.hadoop:hadoop-main 13 actionview 12 deno 12 undici 12
Filter by Repository
https://github.com/tensorflow/tensorflow 432 https://github.com/chakra-core/ChakraCore 214 https://github.com/moodle/moodle 210 https://github.com/xwiki/xwiki-platform 172 https://github.com/jenkinsci/jenkins 148 https://github.com/pimcore/pimcore 111 https://github.com/apache/tomcat 96 https://github.com/django/django 94 https://github.com/apache/airflow 90 https://github.com/microweber/microweber 85 https://github.com/FasterXML/jackson-databind 70 https://github.com/thorsten/phpmyfaq 69 https://github.com/usememos/memos 59 https://github.com/keycloak/keycloak 59 https://github.com/Dolibarr/dolibarr 55 https://github.com/rails/rails 53 https://github.com/ansible/ansible 53 https://github.com/python-pillow/Pillow 52 https://github.com/kubernetes/kubernetes 49 https://github.com/symfony/symfony 47 https://github.com/TYPO3/typo3 46 https://github.com/librenms/librenms 46 https://github.com/apache/struts 46 https://github.com/shopware/platform 43 https://github.com/ikus060/rdiffweb 42 https://github.com/spring-projects/spring-framework 41 https://github.com/grafana/grafana 39 https://github.com/star7th/showdoc 38 https://github.com/vyperlang/vyper 38 https://github.com/phpmyadmin/phpmyadmin 38 https://github.com/plone/Products.CMFPlone 37 https://github.com/argoproj/argo-cd 37 https://github.com/x-stream/xstream 36 https://github.com/openstack/nova 36 https://github.com/concretecms/concretecms 34 https://github.com/answerdev/answer 34 https://github.com/octobercms/october 33 https://github.com/apache/activemq 33 https://github.com/saltstack/salt 32 https://github.com/sparklemotion/nokogiri 32 https://github.com/matrix-org/synapse 32 https://github.com/go-gitea/gitea 31 https://github.com/PaddlePaddle/Paddle 31 https://github.com/magento/magento2 31 https://github.com/parse-community/parse-server 29 https://github.com/craftcms/cms 29 https://github.com/mautic/mautic 28 https://github.com/opencv/opencv 28 https://github.com/CVEProject/cvelist 28 https://github.com/snipe/snipe-it 28 https://github.com/mlflow/mlflow 27 https://github.com/openstack/keystone 27 https://github.com/froxlor/froxlor 26 https://github.com/apache/inlong 26 https://github.com/electron/electron 25 https://github.com/rancher/rancher 25 https://github.com/dotnet/runtime 24 https://github.com/shopware/shopware 24 https://github.com/getgrav/grav 24 https://github.com/TYPO3/TYPO3.CMS 24 https://github.com/pmmp/PocketMine-MP 23 https://github.com/github/advisory-database 23 https://github.com/livehelperchat/livehelperchat 23 https://github.com/eclipse/jetty.project 23 https://github.com/PrestaShop/PrestaShop 22 https://github.com/baserproject/basercms 22 https://github.com/firefly-iii/firefly-iii 22 https://github.com/nervosnetwork/ckb 22 https://github.com/contao/contao 22 https://github.com/apache/nifi 21 https://github.com/jenkinsci/script-security-plugin 21 https://github.com/strapi/strapi 21 https://github.com/netty/netty 20 https://github.com/jeecgboot/jeecg-boot 20 https://github.com/OpenNMS/opennms 20 https://github.com/cilium/cilium 20 https://github.com/OpenZeppelin/openzeppelin-contracts 20 https://github.com/gogs/gogs 20 https://github.com/nilsteampassnet/teampass 19 https://github.com/hashicorp/consul 19 https://github.com/bcgit/bc-java 19 https://github.com/apache/cxf 19 https://github.com/cloudfoundry/uaa 19 https://github.com/helm/helm 19 https://github.com/intelliants/subrion 19 https://github.com/rubygems/rubygems 18 https://github.com/nilsteampassnet/TeamPass 18 https://github.com/getkirby/kirby 18 https://github.com/vaadin/platform 17 https://github.com/rack/rack 17 https://github.com/liufee/cms 17 https://github.com/directus/directus 17 https://github.com/bytecodealliance/wasmtime 17 https://github.com/rusqlite/rusqlite 16 https://github.com/yetiforcecompany/yetiforcecrm 16 https://github.com/etcd-io/etcd 16 https://github.com/opencast/opencast 16 https://github.com/sequelize/sequelize 16 https://github.com/umbraco/Umbraco-CMS 16 https://github.com/forkcms/forkcms 16 https://github.com/ethereum/go-ethereum 16 https://github.com/hashicorp/vault 16 https://github.com/centreon/centreon 15 https://github.com/simplesamlphp/simplesamlphp 15 https://github.com/laravel/framework 15 https://github.com/puppetlabs/puppet 15 https://github.com/goharbor/harbor 15 https://github.com/geoserver/geoserver 15 https://github.com/OpenMage/magento-lts 15 https://github.com/denoland/deno 15 https://github.com/apache/camel 15 https://github.com/containerd/containerd 14 https://github.com/PHPMailer/PHPMailer 14 https://github.com/mattermost/mattermost 14 https://github.com/pyca/cryptography 14 https://github.com/cockpit-hq/cockpit 14 https://github.com/langchain-ai/langchain 14 https://github.com/moby/moby 14 https://github.com/cobbler/cobbler 14 https://github.com/vantage6/vantage6 14 https://github.com/tinymce/tinymce 14 https://github.com/gradio-app/gradio 14 https://github.com/pyload/pyload 14 https://github.com/quarkusio/quarkus 13 https://github.com/traefik/traefik 13 https://github.com/golang/go 13 https://github.com/hashicorp/nomad 13 https://github.com/swagger-api/swagger-ui 13 https://github.com/silverstripe/silverstripe-framework 13 https://github.com/xuxueli/xxl-job 13 https://github.com/dromara/hutool 13 https://github.com/publify/publify 13 https://github.com/modoboa/modoboa 13 https://github.com/undertow-io/undertow 13 https://github.com/ming-soft/MCMS 13 https://github.com/dompdf/dompdf 13 https://github.com/backstage/backstage 12 https://github.com/apache/dolphinscheduler 12 https://github.com/patriksimek/vm2 12 https://github.com/laurent22/joplin 12 https://github.com/ckeditor/ckeditor4 12 https://github.com/twisted/twisted 12 https://github.com/apache/kylin 12 https://github.com/nodejs/undici 12 https://github.com/TryGhost/Ghost 12 https://github.com/centreon/centreon-archived 12 https://github.com/igniterealtime/Openfire 11 https://github.com/top-think/framework 11 https://github.com/Studio-42/elFinder 11 https://github.com/thorsten/phpMyFAQ 11 https://github.com/dotnet/aspnetcore 11 https://github.com/janeczku/calibre-web 11 https://github.com/cakephp/cakephp 11 https://github.com/openfga/openfga 11 https://github.com/drupal/core 11 https://github.com/onionshare/onionshare 11 https://github.com/puma/puma 11 https://github.com/smarty-php/smarty 11 https://github.com/vaadin/flow 11 https://github.com/1Panel-dev/1Panel 11 https://github.com/aio-libs/aiohttp 11 https://github.com/containers/podman 11 https://github.com/ezsystems/ezpublish-kernel 11 https://github.com/cloudflare/cfrpki 11 https://github.com/nats-io/nats-server 11 https://github.com/zitadel/zitadel 11 https://github.com/opencontainers/runc 11 https://github.com/NodeBB/NodeBB 11 https://github.com/urllib3/urllib3 11 https://github.com/vercel/next.js 11 https://github.com/scrapy/scrapy 11 https://github.com/dolibarr/dolibarr 10 https://github.com/jquery/jquery 10 https://github.com/jenkinsci/git-plugin 10 https://github.com/keystonejs/keystone 10 https://github.com/wagtail/wagtail 10 https://github.com/pimcore/admin-ui-classic-bundle 10 https://github.com/openstack/glance 10 https://github.com/nextauthjs/next-auth 10 https://github.com/Sylius/Sylius 10 https://github.com/codeigniter4/CodeIgniter4 10 https://github.com/dpgaspar/Flask-AppBuilder 10 https://github.com/zopefoundation/Zope 10 https://github.com/greenpau/caddy-security 10 https://github.com/phusion/passenger 10 https://github.com/jupyter/notebook 10 https://github.com/nocodb/nocodb 10 https://github.com/OPCFoundation/UA-.NETStandard 10 https://github.com/WWBN/AVideo 10 https://github.com/Pylons/waitress 9 https://github.com/Graylog2/graylog2-server 9 https://github.com/spring-projects/spring-security 9 https://github.com/neorazorx/facturascripts 9 https://github.com/apache/lucene-solr 9 https://github.com/funadmin/funadmin 9 https://github.com/nautobot/nautobot 9 https://github.com/DSpace/DSpace 9 https://github.com/faucetsdn/ryu 9 https://github.com/semplon/GeniXCMS 9