Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories

Loading...
Moderate
GSA_kwCzR0hTQS04aDc3LTl2aDUtaHc1Z82qQA
Mortbay Jetty vulnerable to Cross-site scripting
Ecosystems: maven
Packages: org.mortbay.jetty:jetty
Source: GitHub Advisory Database
Blast Radius: 22.2
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS02aHYzLTlmcXgtOHBnNc4AAxPm
CImage Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: mos/cimage
Source: GitHub Advisory Database
Blast Radius: 10.3
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS01Z2c5LWd3ajQtbXFtas4AAvKC
OrchardCore vulnerable to HTML injection
Ecosystems: nuget
Packages: OrchardCore
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS12NmozLTdqcnctaHEycM4AAe7J
Rack Gem Subject to Denial of Service via Hash Collisions
Ecosystems: maven, rubygems
Packages: org.jruby:jruby-parent, rack
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS14anI5LTJ3ZjItM3Y0d84AAU4J
Subrion CMS Cross-site scripting in search
Ecosystems: packagist
Packages: intelliants/subrion
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1oNXJmLXZncXgtd2p2Ms4AAU_b
Pillow denial of service via PNG bomb
Ecosystems: pypi
Packages: pillow
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS00MzZnLTJmOTItY3ZoaM4AAygC
Jenkins Role-based Authorization Strategy Plugin grants permissions even after they’ve been disabled
Ecosystems: maven
Packages: org.jenkins-ci.plugins:role-strategy
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1tamczLTJ2NjYtcDM0as4AAygJ
Jenkins OctoPerf Load Testing Plugin missing permission check allows for ID enumeration
Ecosystems: maven
Packages: org.jenkinsci.plugins:octoperf
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS02MjJ3LTk5NWMtM2MzaM4AAyoM
Goobi viewer Core has Cross-Site Scripting Vulnerability in User Comments
Ecosystems: maven
Packages: io.goobi.viewer:viewer-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTNyOHctbXBodi0yZjNm
Prototype Pollution in lutils
Ecosystems: npm
Packages: lutils
Source: GitHub Advisory Database
Blast Radius: 10.5
Published: almost 3 years ago
Moderate
GSA_kwCzR0hTQS13ZnJqLXFxYzItODNjbc0V0g
Remote command injection when using sendmail email transport
Ecosystems: npm
Packages: ghost
Source: GitHub Advisory Database
Blast Radius: 15.5
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS04bTlwLTM5MjYtZ2Zmcs4AA1JD
wger Workout Manager Cross-site Scripting vulnerability
Ecosystems: pypi
Packages: wger
Source: GitHub Advisory Database
Blast Radius: 4.2
Published: 9 months ago
Moderate
GSA_kwCzR0hTQS04Mmo5LXdmY2YtOXYyaM4AAjYw
Plone Open Redirect Vulnerability
Ecosystems: pypi
Packages: Plone
Source: GitHub Advisory Database
Blast Radius: 5.2
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS04anY3LXZ3cmMtbXY0Z84AAyAp
Cross-site Scripting (XSS) in pimcore/pimcore
Ecosystems: packagist
Packages: pimcore/pimcore
Source: GitHub Advisory Database
Blast Radius: 11.9
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1ycWYyLTRnZ2MtYzc0d837EA
Jenkins WebSphere Deployer Plugin stores credentials in plain text
Ecosystems: maven
Packages: org.jenkins-ci.plugins:websphere-deployer
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS01MjI5LTk0cDMtN3d3cc4AAujV
LibreNMS vulnerable to Cross-Site Scripting (XSS)
Ecosystems: packagist
Packages: librenms/librenms
Source: GitHub Advisory Database
Blast Radius: 1.8
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS01NXZtLTN2cTMtNGpwY84AAx9x
Answer vulnerable to Cross-site Scripting
Ecosystems: go
Packages: github.com/answerdev/answer
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1obTdwLXIzMjQtaGhmM84AAx6q
phpseclib Infinite Loop vulnerability
Ecosystems: packagist
Packages: phpseclib/phpseclib
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1mZjI3LWhybXItZ2dwas4AAx9w
Answer vulnerable to Cross-site Scripting
Ecosystems: go
Packages: github.com/answerdev/answer
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS05NmM3LWZxeHYtcm12N84AAyuM
Jenkins Consul KV Builder Plugin stores HashiCorp Consul ACL Token unencrypted
Ecosystems: maven
Packages: org.jenkins-ci.plugins:consul-kv-builder
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1xY3JqLTZmZmMtdjdocc4AAx7K
Craft CMS Stored Cross-site Scripting Injection Vulnerability
Ecosystems: packagist
Packages: craftcms/cms
Source: GitHub Advisory Database
Blast Radius: 21.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1tcndxLXg0djgtZmg3cM4AA0ze
Pygments vulnerable to ReDoS
Ecosystems: pypi
Packages: Pygments
Source: GitHub Advisory Database
Blast Radius: 26.7
Published: 10 months ago
Moderate
GSA_kwCzR0hTQS1mdzl4LWNxanEtN2p4Nc4AA2uX
baserCMS CSRF vulnerability in Content preview Feature
Ecosystems: packagist
Packages: baserproject/basercms
Source: GitHub Advisory Database
Blast Radius: 2.8
Published: 7 months ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXE2Y3ctMjU1My03ODM3
newrelic_rpm Gem Discloses Sensitive Information
Ecosystems: rubygems
Packages: newrelic_rpm
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 6 years ago
Moderate
GSA_kwCzR0hTQS14M2pyLXBmNmctYzQ4Zs4AAgxZ
Golang/x/crypto message forgery vulnerability
Ecosystems: go
Packages: golang.org/x/crypto
Source: GitHub Advisory Database
Blast Radius: 32.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS14YzRwLWo4OWMtcDd4Nc4AAlcF
Magento stored cross-site scripting vulnerability
Ecosystems: packagist
Packages: magento/core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1oOGNtLTN2NWYtcmdwNs4AA1aU
XWiki Platform Stored Cross-site Scripting in the user profile via the timezone displayer
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-web-templates
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 9 months ago
Moderate
GSA_kwCzR0hTQS1xbXc4LXgzNjQteHh4bc4AAzxl
Teampass Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: nilsteampassnet/teampass
Source: GitHub Advisory Database
Blast Radius: 3.3
Published: 11 months ago
Moderate
GSA_kwCzR0hTQS01Yzg2LWdwdmMtZnA1M84AAy3t
PowerJob vulnerable to Insecure Permissions
Ecosystems: maven
Packages: tech.powerjob:powerjob
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS0ycWY4LWg3cHIteDJyOM4AAu9d
YetiForce CRM vulnerable to stored Cross-site Scripting via WidgetsManagement module
Ecosystems: packagist
Packages: yetiforce/yetiforce-crm
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1xaGhqLTdocmMtZ3FqNc4AA2ur
Home Assistant vulnerable to account takeover via auth_callback login
Ecosystems: pypi
Packages: homeassistant
Source: GitHub Advisory Database
Blast Radius: 11.8
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS00Y3ZwLWhyNjMtODIyas4AAzGJ
Exposure of Sensitive Information in OPC UA .NET Standard Reference Server
Ecosystems: nuget
Packages: OPCFoundation.NetStandard.Opc.Ua.Server, OPCFoundation.NetStandard.Opc.Ua.Core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS00OWYyLWozcHAtMjJqbc4AAzXR
Jenkins Tag Profiler Plugin vulnerable to Cross-Site Request Forgery
Ecosystems: maven
Packages: org.jenkins-ci.plugins:tag-profiler
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 12 months ago
Moderate
GSA_kwCzR0hTQS1mbTZtLWZnMjMtNjdqcc4AAuwm
Moodle Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 7.6
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS12eGpnLWhjaHgtY2M0Z84AA0--
@simonsmith/cypress-image-snapshothas fix for insecure snapshot file names
Ecosystems: npm
Packages: @simonsmith/cypress-image-snapshot
Source: GitHub Advisory Database
Blast Radius: 9.5
Published: 10 months ago
Moderate
GSA_kwCzR0hTQS0yZjg5LTY2djItOXA1M84AAzW3
Jenkins Email Extension Plugin Cross-Site Request Forgery vulnerability
Ecosystems: maven
Packages: org.jenkins-ci.plugins:email-ext
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 12 months ago
Moderate
GSA_kwCzR0hTQS1neDJqLTV2YzMtMzc5NM4AAzXV
Jenkins Code Dx Plugin cross-site request forgery vulnerability
Ecosystems: maven
Packages: org.jenkins-ci.plugins:codedx
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 12 months ago
Moderate
GSA_kwCzR0hTQS1qcjY2LTlnaGYtNmdwM84AAzxm
Froxlor Session Fixation vulnerability
Ecosystems: packagist
Packages: froxlor/froxlor
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 11 months ago
Moderate
GSA_kwCzR0hTQS05dnFqLTY0cHYtdzU1Y84AAu23
TensorFlow vulnerable to `CHECK` fail in `tf.linalg.matrix_rank`
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 28.7
Published: over 1 year ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWpyZjgtY21nZy1ndjJt
Error on unsupported architectures in raw-cpuid
Ecosystems: cargo
Packages: raw-cpuid
Source: GitHub Advisory Database
Blast Radius: 18.8
Published: over 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXd3NzktOHh3di05MzJ4
rbovirt uses the rest-client gem with SSL verification disabled
Ecosystems: rubygems
Packages: rbovirt
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 6 years ago
Moderate
GSA_kwCzR0hTQS1jcjZyLTZ4bTktd3cyMs4AAUL8
Yii Incorrectly Implements CORS
Ecosystems: packagist
Packages: yiisoft/yii2
Source: GitHub Advisory Database
Blast Radius: 26.7
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS0zZjg5LTg2OWYtNXc3Ns4AAug3
Cross-site scripting from dynamic options in the multiselect field
Ecosystems: packagist
Packages: getkirby/cms
Source: GitHub Advisory Database
Blast Radius: 15.2
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS05am1xLXJ4NWYtOGp3cc4AAt5z
nbconvert vulnerable to cross-site scripting (XSS) via multiple exploit paths
Ecosystems: pypi
Packages: nbconvert
Source: GitHub Advisory Database
Blast Radius: 25.8
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1xeGgzLWpndmgteDU1as4AA0OT
Connect-CMS Privilege Escalation Vulnerability
Ecosystems: packagist
Packages: opensource-workshop/connect-cms
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 10 months ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWp3aG0tOWNqbS00NDkz
Cross-site Scripting in Jenkins Dashboard View Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:dashboard-view
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 3 years ago
Moderate
GSA_kwCzR0hTQS14YzdxLXE2MmYtd2N2cs4AAe6Q
Apache Solr for TYPO3 (solr) extension is vulnerable to Cross-site scripting (XSS)
Ecosystems: packagist
Packages: apache-solr-for-typo3/solr
Source: GitHub Advisory Database
Blast Radius: 6.5
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1qZjl2LWZ4ZnEtd203Ns4AAfIM
Lift Sensitive Information Disclosure
Ecosystems: maven
Packages: net.liftweb:lift-webkit
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS01eDM2LTc1NjctM2N3Ns4AAx3a
partial_sort contains Out-of-bounds Read in release mode
Ecosystems: cargo
Packages: partial_sort
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS0zZzZ3LTRtN3gtOTd2Ns4AAeQ6
Plone Cross-site scripting Vulnerability
Ecosystems: pypi
Packages: plone
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS01OXc4LTR3bTItNHh3OM4AAfPe
Django Image Field Vulnerable to Image Decompression Bombs
Ecosystems: pypi
Packages: django
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS0zeDVqLTl2d3ItOHJyNc4AAxyq
Update share links to use FRP instead of SSH tunneling
Ecosystems: pypi
Packages: gradio
Source: GitHub Advisory Database
Blast Radius: 22.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1tcnB2LTVwbXItcDkyaM4AAxx-
Improper Privilege Management in Apache Sling
Ecosystems: maven
Packages: org.apache.sling:org.apache.sling.i18n
Source: GitHub Advisory Database
Blast Radius: 11.7
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS04Z2M3LXdocGgtcng1cc4AA0qH
Jenkins Test Results Aggregator Plugin vulnerable to Cross Site Request Forgery
Ecosystems: maven
Packages: org.jenkins-ci.plugins:test-results-aggregator
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 10 months ago
Moderate
GSA_kwCzR0hTQS1qNTRyLXc1ODctOTVxN84AA0qD
Jenkins Oracle Cloud Infrastructure Compute Plugin missing SSH host key validation
Ecosystems: maven
Packages: org.jenkins-ci.plugins:oracle-cloud-infrastructure-compute
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 10 months ago
Moderate
GSA_kwCzR0hTQS03ajNtLThnM2MtOXFxcc4AAu2N
TensorFlow vulnerable to null-dereference in `mlir::tfg::TFOp::nameAttr`
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 28.7
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1wNHdyLTl3Zm0tZjlqd84AA0qI
Jenkins SAML Single Sign On(SSO) Plugin missing permission check
Ecosystems: maven
Packages: io.jenkins.plugins:miniorange-saml-sp
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 10 months ago
Moderate
GSA_kwCzR0hTQS1tZ21oLWcydjYtbXF3Nc4AAu2J
TensorFlow vulnerable to `CHECK` failure in `AvgPoolOp`
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 28.7
Published: over 1 year ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXEzcDQtZ3c3ci13cWpj
Apache Airflow vulnerable to XSS and local file disclosure
Ecosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Blast Radius: 15.3
Published: over 4 years ago
Moderate
GSA_kwCzR0hTQS1yYzRyLXdoMnEtcTZjNM4AAu15
Moby supplementary group permissions not set up properly, allowing attackers to bypass primary group restrictions
Ecosystems: go
Packages: github.com/moby/moby
Source: GitHub Advisory Database
Blast Radius: 20.3
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS01Zzg3LTQ0cDktdjRqN84AA0qG
Jenkins Benchmark Evaluator Plugin missing permission check
Ecosystems: maven
Packages: io.jenkins.plugins:benchmark-evaluator
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 10 months ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJtcDctZjJ2cC0zcnE0
Cross-site scripting in SiCKRAGE
Ecosystems: pypi
Packages: sickrage
Source: GitHub Advisory Database
Blast Radius: 2.6
Published: about 3 years ago
Moderate
GSA_kwCzR0hTQS1jcmg1LXZ2MnYtYzgycc4AAxvj
@claviska/jquery-minicolors vulnerable to Cross-site Scripting
Ecosystems: npm
Packages: @claviska/jquery-minicolors
Source: GitHub Advisory Database
Blast Radius: 16.6
Published: about 1 year ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWZqZmctcTY2Mi1nbTZq
Moderate severity vulnerability that affects rails
Ecosystems: rubygems
Packages: rails
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 6 years ago
Moderate
GSA_kwCzR0hTQS1oNDhmLXE3cnctaHZyN84AArBH
Missing validation causes denial of service via `StagePeek`
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 26.8
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1qNGMzLTNoNzMtNzRtOc4AA3Xj
Mattermost Uncontrolled Resource Consumption vulnerability
Ecosystems: go
Packages: github.com/mattermost/mattermost-server/v6, github.com/mattermost/mattermost/server/v8
Source: GitHub Advisory Database
Blast Radius: 9.6
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS1xOWg4LWdwdzUtYzk1Y84AAgem
Matrix Sydent mishandles emails
Ecosystems: pypi
Packages: matrix-sydent
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS00Z2h4LThqdzgtcDc2cc4AA3XZ
Mattermost Open Redirect vulnerability
Ecosystems: go
Packages: github.com/mattermost/mattermost-server/v6, github.com/mattermost/mattermost/server/v8
Source: GitHub Advisory Database
Blast Radius: 9.6
Published: 6 months ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJ3N3ctMmo5Mi00NGh4
HTTP Request Smuggling in akka-http-core
Ecosystems: maven
Packages: com.typesafe.akka:akka-http-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 3 years ago
Moderate
GSA_kwCzR0hTQS1oOHY1LXAyNTgtcHFmNM4AAgd-
Use of a Broken or Risky Cryptographic Algorithm in XWiki Crypto API
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-crypto
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWhqZngtOHA2Yy1nN2d4
Insufficient Verification of Data Authenticity in Pillow
Ecosystems: pypi
Packages: Pillow
Source: GitHub Advisory Database
Blast Radius: 27.2
Published: almost 3 years ago
Moderate
GSA_kwCzR0hTQS1obTkyLXZnbXctcWZteM4AA3Ah
chromedriver Command Injection vulnerability
Ecosystems: npm
Packages: chromedriver
Source: GitHub Advisory Database
Blast Radius: 26.4
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS1taGdtLTUydmctcHZ2Y84AAxqk
Privilege escalation in Strongbox
Ecosystems: maven
Packages: com.schibsted.security:strongbox-sdk
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTM2dmMtY3c2Mi1mcXZy
Shadowsock is malware
Ecosystems: npm
Packages: shadowsock
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 5 years ago
Moderate
GSA_kwCzR0hTQS1xODQ3LTJxNTctd21yM84AA3Cy
Symfony potential Cross-site Scripting vulnerabilities in CodeExtension filters
Ecosystems: packagist
Packages: symfony/symfony, symfony/twig-bridge
Source: GitHub Advisory Database
Blast Radius: 28.6
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS1xNzZxLXE4aHctaG1wd84AAusG
Harbor fails to validate the user permissions when reading job execution logs through the P2P preheat execution logs
Ecosystems: go
Packages: github.com/goharbor/harbor
Source: GitHub Advisory Database
Blast Radius: 3.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1wOXhnLTkzNzgtY3FwN84AAzdB
Cross-site scripting in Liferay Portal
Ecosystems: maven
Packages: com.liferay.portal:release.portal.bom
Source: GitHub Advisory Database
Blast Radius: 8.2
Published: 12 months ago
Moderate
GSA_kwCzR0hTQS1mcHE1LTR2d20tNzh4NM4AA3P3
LibreNMS has Broken Access control on Graphs Feature
Ecosystems: packagist
Packages: librenms/librenms
Source: GitHub Advisory Database
Blast Radius: 1.3
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS05M2M3LTI5NDItM2g0N84AAU7a
ChakraCore information disclosure vulnerability
Ecosystems: nuget
Packages: Microsoft.ChakraCore
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZmdmYtbXFxOC1yd3Fj
Sanitization bypass using HTML Entities in marked
Ecosystems: npm
Packages: marked
Source: GitHub Advisory Database
Blast Radius: 34.6
Published: about 5 years ago
Moderate
GSA_kwCzR0hTQS1tbTMzLTV2ZnEtM21tM81BUA
Cross-site Scripting Vulnerability in Action Pack
Ecosystems: rubygems
Packages: actionpack
Source: GitHub Advisory Database
Blast Radius: 36.2
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1qMjhyLWo1NG0tZ3BjNM0WJA
Code Injection in SLO Generator
Ecosystems: pypi
Packages: slo-generator
Source: GitHub Advisory Database
Blast Radius: 2.5
Published: over 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWY1ZjQtbTdxcC13Nmdj
Cross-site Scripting in Jooby
Ecosystems: maven
Packages: org.jooby:jooby
Source: GitHub Advisory Database
Blast Radius: 10.6
Published: over 4 years ago
Moderate
GSA_kwCzR0hTQS01Y3J3LTZqN3YteGM3Ms4AA1xH
matrix-media-repo: Unsafe media served inline on download endpoints
Ecosystems: go
Packages: github.com/turt2live/matrix-media-repo
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS04d2dmLTNtcmotNzN4N84AA05i
Incorrect permission checks in Qualys Web App Scanning Connector Plugin allow capturing credentials
Ecosystems: maven
Packages: com.qualys.plugins:qualys-was
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 10 months ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWNtaDUtcWM4dy14dmNx
Cross-Site Scripting in i18next
Ecosystems: npm
Packages: i18next
Source: GitHub Advisory Database
Blast Radius: 28.7
Published: almost 6 years ago
Moderate
GSA_kwCzR0hTQS04OTd3LWp2N2otNnI3Z84AA3Yi
OroCRMCallBundle has incorrect call view page visibility
Ecosystems: packagist
Packages: oro/crm-call-bundle
Source: GitHub Advisory Database
Blast Radius: 5.0
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS1nY2c2LXh2NGYtZjc0Oc4AAzk8
janino vulnerable to denial of service due to stack overflow
Ecosystems: maven
Packages: org.codehaus.janino:janino-parent
Source: GitHub Advisory Database
Blast Radius: 2.6
Published: 12 months ago
Moderate
GSA_kwCzR0hTQS1xdnJ3LXY5cnYtNXJqeM4AA3Yc
aiohttp's ClientSession is vulnerable to CRLF injection via method
Ecosystems: pypi
Packages: aiohttp
Source: GitHub Advisory Database
Blast Radius: 25.6
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS0yaGgzLWptdjgtNWZteM3z_g
Moodle Does Not Escape Characters In Email Headers
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 7.6
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1ncnZ2LWgyZjktN3Y5Y84AAuiv
gomatrixserverlib and Dendrite vulnerable to incorrect parsing of the event default power level in event auth
Ecosystems: go
Packages: github.com/matrix-org/gomatrixserverlib, github.com/matrix-org/dendrite
Source: GitHub Advisory Database
Blast Radius: 6.8
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS0yanE5LTZ4eDctM2gyOc4AAt8C
`temporary` makes use of uninitialized memory
Ecosystems: cargo
Packages: temporary
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS12cGY3LXEycngtMjZtaM4AAttA
Jenkins HashiCorp Vault Plugin does not perform permission checks in several HTTP endpoints that perform Vault connection tests
Ecosystems: maven
Packages: com.datapipe.jenkins.plugins:hashicorp-vault-plugin
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1yOHZoLWNtOWYtcmMyOc4AAbxF
Magmi XSS Vulnerability
Ecosystems: packagist
Packages: dweeves/magmi
Source: GitHub Advisory Database
Blast Radius: 3.7
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1wdzRnLWpjcDUtNjNtOc4AAttN
Jenkins rpmsign-plugin does not perform a permission check in a method implementing form validation
Ecosystems: maven
Packages: org.jenkins-ci.plugins:rpmsign-plugin
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1mZ3B3LTR3NjktajI1Ns4AA3Zs
Apache Superset Exposure of Sensitive Information to an Unauthorized Actor vulnerability
Ecosystems: pypi
Packages: apache-superset
Source: GitHub Advisory Database
Blast Radius: 5.8
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS12ODRmLTZyMzktY3BmY84AA14s
HashiCorp Vault Improper Input Validation vulnerability
Ecosystems: go
Packages: github.com/hashicorp/vault
Source: GitHub Advisory Database
Blast Radius: 22.9
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS1qbXJ4LTVnNzQtNnYyZs4AAh7K
Kubernetes client-go library logs may disclose credentials to unauthorized users
Ecosystems: go
Packages: k8s.io/kubernetes, k8s.io/client-go
Source: GitHub Advisory Database
Blast Radius: 30.2
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS04NWNmLWdqMjktZjU1Nc4AA1OE
1Panel Arbitrary File Download vulnerability
Ecosystems: go
Packages: github.com/1Panel-dev/1Panel
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 9 months ago
Moderate
GSA_kwCzR0hTQS1mMmdxLXA2cXYtY2N3NM1xPA
Tomcat Vulnerable to Web Cache Poisoning
Ecosystems: maven
Packages: org.apache.tomcat:tomcat
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Statistics
Advisories: 18,592
Packages: 8,342
Repositories: 5,050
Ecosystems: 12
Filter by Severity
Moderate 8,063 High 6,401 Critical 2,824 Low 1,012
Filter by Ecosystem
maven 5,572 pypi 3,844 packagist 3,834 npm 3,559 go 1,928 nuget 1,422 rubygems 816 cargo 780 swift 31 hex 30 actions 16 pub 8
Filter by Package
tensorflow 432 tensorflow-cpu 387 tensorflow-gpu 384 moodle/moodle 323 Microsoft.ChakraCore 247 org.jenkins-ci.main:jenkins-core 189 magento/community-edition 182 org.apache.tomcat:tomcat 134 pimcore/pimcore 116 dolibarr/dolibarr 107 typo3/cms 102 phpmyadmin/phpmyadmin 92 microweber/microweber 91 django 80 apache-airflow 78 typo3/cms-core 77 drupal/core 76 thorsten/phpmyfaq 70 com.fasterxml.jackson.core:jackson-databind 69 ansible 63 drupal/drupal 61 github.com/usememos/memos 59 actionpack 57 org.apache.struts:struts2-core 55 librenms/librenms 54 salt 53 symfony/symfony 53 Plone 52 concrete5/concrete5 52 apache-superset 49 shopware/platform 48 org.keycloak:keycloak-core 47 com.liferay.portal:release.portal.bom 45 nova 45 github.com/grafana/grafana 44 nokogiri 44 plone 43 baserproject/basercms 43 rdiffweb 42 Pillow 41 intelliants/subrion 40 craftcms/cms 40 showdoc/showdoc 40 vyper 38 github.com/mattermost/mattermost/server/v8 38 nilsteampassnet/teampass 37 github.com/mattermost/mattermost-server/v6 37 froxlor/froxlor 37 com.thoughtworks.xstream:xstream 36 org.apache.tomcat.embed:tomcat-embed-core 36 shopware/core 36 com.jfinal:jfinal 36 net.mingsoft:ms-mcms 35 matrix-synapse 35 org.xwiki.platform:xwiki-platform-oldcore 34 moin 34 github.com/answerdev/answer 34 silverstripe/framework 32 org.elasticsearch:elasticsearch 32 snipe/snipe-it 32 org.jenkins-ci.plugins:script-security 32 k8s.io/kubernetes 32 mlflow 31 opencv-python 30 opencv-contrib-python 30 Django 30 keystone 30 parse-server 29 mautic/core 29 github.com/argoproj/argo-cd 29 github.com/hashicorp/vault 28 github.com/rancher/rancher 28 getgrav/grav 28 io.undertow:undertow-core 27 shopware/shopware 27 org.keycloak:keycloak-services 27 centreon/centreon 27 github.com/hashicorp/nomad 26 electron 26 github.com/hashicorp/consul 26 prestashop/prestashop 26 openssl-src 26 org.apache.solr:solr-core 25 org.keycloak:keycloak-parent 25 rubygems-update 25 gogs.io/gogs 24 magento/core 24 puppet 23 pocketmine/pocketmine-mp 23 org.springframework.security:spring-security-core 23 remdex/livehelperchat 23 org.eclipse.jetty:jetty-server 23 github.com/argoproj/argo-cd/v2 23 getkirby/cms 22 grumpydictator/firefly-iii 22 org.apache.nifi:nifi 22 rack 22 org.bouncycastle:bcprov-jdk14 22 ckb 22 activerecord 21 org.apache.openmeetings:openmeetings-parent 21 @openzeppelin/contracts-upgradeable 21 contao/core-bundle 21 @openzeppelin/contracts 20 org.cloudfoundry.identity:cloudfoundry-identity-server 20 github.com/cilium/cilium 20 tribalsystems/zenario 20 github.com/ethereum/go-ethereum 20 github.com/docker/docker 20 org.springframework:spring-core 19 DotNetNuke.Core 19 code.gitea.io/gitea 19 com.liferay.portal:release.dxp.bom 18 simplesamlphp/simplesamlphp 18 glance 18 Microsoft.AspNetCore.App.Runtime.win-x86 18 Microsoft.AspNetCore.App.Runtime.win-x64 18 langchain 18 contao/contao 18 com.vaadin:vaadin-bom 18 forkcms/forkcms 18 cockpit-hq/cockpit 18 helm.sh/helm/v3 18 directus 18 Microsoft.AspNetCore.App.Runtime.win-arm 17 org.apache.geode:geode-core 17 topthink/framework 17 golang.org/x/net 17 org.xwiki.platform:xwiki-platform-web-templates 17 cobbler 17 genix/cms 17 PaddlePaddle 17 symfony/security 17 francoisjacquet/rosariosis 17 mercurial 17 cakephp/cakephp 17 sequelize 16 Microsoft.AspNetCore.App.Runtime.linux-arm 16 neutron 16 org.apache.dubbo:dubbo 16 pillow 16 yetiforce/yetiforce-crm 16 Microsoft.AspNetCore.App.Runtime.linux-musl-x64 16 org.apache.activemq:activemq-client 16 Microsoft.AspNetCore.App.Runtime.linux-x64 16 org.bouncycastle:bcprov-jdk15 16 rusqlite 16 wasmtime 16 Microsoft.AspNetCore.App.Runtime.osx-x64 16 Microsoft.AspNetCore.App.Runtime.linux-arm64 16 next 15 openmage/magento-lts 15 Microsoft.AspNetCore.App.Runtime.linux-musl-arm64 15 notebook 15 Microsoft.AspNetCore.App.Runtime.win-arm64 15 github.com/goharbor/harbor 15 paddlepaddle 15 cryptography 15 org.apache.struts.xwork:xwork-core 15 org.apache.jspwiki:jspwiki-main 15 gradio 15 org.apache.inlong:manager-pojo 14 modoboa 14 ghost 14 smarty/smarty 14 github.com/containerd/containerd 14 ec-cube/ec-cube 14 typo3/cms-backend 14 activesupport 14 ezsystems/ezpublish-kernel 14 org.xwiki.platform:xwiki-platform-web 14 publify_core 14 swagger-ui 14 pyload-ng 14 symfony/security-http 14 zendframework/zendframework1 14 phpmailer/phpmailer 14 pyftpdlib 14 tinymce 14 joplin 13 impresscms/impresscms 13 strapi 13 github.com/mattermost/mattermost-server 13 org.apache.hadoop:hadoop-main 13 october/system 13 passenger 13 elefant/cms 13 bolt/bolt 13 org.apache.cxf:cxf 13 codeigniter4/framework 13 lavalite/cms 13 github.com/nats-io/nats-server/v2 13 OctoPrint 13 ckeditor4 13 github.com/traefik/traefik/v2 13 org.apache.dolphinscheduler:dolphinscheduler 12 Microsoft.NETCore.App.Runtime.win-x64 12 deno 12 studio-42/elfinder 12 github.com/moby/moby 12
Filter by Repository
https://github.com/tensorflow/tensorflow 432 https://github.com/chakra-core/ChakraCore 214 https://github.com/moodle/moodle 210 https://github.com/xwiki/xwiki-platform 172 https://github.com/jenkinsci/jenkins 148 https://github.com/pimcore/pimcore 111 https://github.com/apache/tomcat 96 https://github.com/apache/airflow 90 https://github.com/django/django 87 https://github.com/microweber/microweber 85 https://github.com/FasterXML/jackson-databind 70 https://github.com/thorsten/phpmyfaq 69 https://github.com/usememos/memos 59 https://github.com/keycloak/keycloak 59 https://github.com/Dolibarr/dolibarr 55 https://github.com/rails/rails 53 https://github.com/ansible/ansible 53 https://github.com/python-pillow/Pillow 52 https://github.com/kubernetes/kubernetes 48 https://github.com/symfony/symfony 47 https://github.com/librenms/librenms 46 https://github.com/TYPO3/typo3 46 https://github.com/apache/struts 46 https://github.com/shopware/platform 43 https://github.com/ikus060/rdiffweb 42 https://github.com/spring-projects/spring-framework 41 https://github.com/grafana/grafana 39 https://github.com/vyperlang/vyper 38 https://github.com/phpmyadmin/phpmyadmin 38 https://github.com/star7th/showdoc 38 https://github.com/plone/Products.CMFPlone 37 https://github.com/argoproj/argo-cd 37 https://github.com/x-stream/xstream 36 https://github.com/openstack/nova 36 https://github.com/answerdev/answer 34 https://github.com/concretecms/concretecms 34 https://github.com/apache/activemq 33 https://github.com/sparklemotion/nokogiri 33 https://github.com/octobercms/october 33 https://github.com/matrix-org/synapse 32 https://github.com/saltstack/salt 32 https://github.com/magento/magento2 31 https://github.com/go-gitea/gitea 31 https://github.com/PaddlePaddle/Paddle 31 https://github.com/craftcms/cms 29 https://github.com/parse-community/parse-server 29 https://github.com/CVEProject/cvelist 28 https://github.com/snipe/snipe-it 28 https://github.com/opencv/opencv 28 https://github.com/openstack/keystone 27 https://github.com/mautic/mautic 27 https://github.com/apache/inlong 26 https://github.com/froxlor/froxlor 26 https://github.com/mlflow/mlflow 25 https://github.com/rancher/rancher 25 https://github.com/electron/electron 25 https://github.com/shopware/shopware 24 https://github.com/TYPO3/TYPO3.CMS 24 https://github.com/dotnet/runtime 24 https://github.com/pmmp/PocketMine-MP 23 https://github.com/livehelperchat/livehelperchat 23 https://github.com/eclipse/jetty.project 23 https://github.com/github/advisory-database 23 https://github.com/getgrav/grav 23 https://github.com/nervosnetwork/ckb 22 https://github.com/PrestaShop/PrestaShop 22 https://github.com/firefly-iii/firefly-iii 22 https://github.com/contao/contao 22 https://github.com/baserproject/basercms 22 https://github.com/apache/nifi 21 https://github.com/jenkinsci/script-security-plugin 21 https://github.com/strapi/strapi 21 https://github.com/gogs/gogs 20 https://github.com/jeecgboot/jeecg-boot 20 https://github.com/OpenNMS/opennms 20 https://github.com/cilium/cilium 20 https://github.com/netty/netty 20 https://github.com/OpenZeppelin/openzeppelin-contracts 20 https://github.com/cloudfoundry/uaa 19 https://github.com/bcgit/bc-java 19 https://github.com/hashicorp/consul 19 https://github.com/helm/helm 19 https://github.com/intelliants/subrion 19 https://github.com/apache/cxf 19 https://github.com/nilsteampassnet/teampass 19 https://github.com/rubygems/rubygems 18 https://github.com/nilsteampassnet/TeamPass 18 https://github.com/getkirby/kirby 18 https://github.com/vaadin/platform 17 https://github.com/rack/rack 17 https://github.com/bytecodealliance/wasmtime 17 https://github.com/liufee/cms 17 https://github.com/directus/directus 17 https://github.com/sequelize/sequelize 16 https://github.com/opencast/opencast 16 https://github.com/ethereum/go-ethereum 16 https://github.com/rusqlite/rusqlite 16 https://github.com/hashicorp/vault 16 https://github.com/umbraco/Umbraco-CMS 16 https://github.com/etcd-io/etcd 16 https://github.com/yetiforcecompany/yetiforcecrm 16 https://github.com/forkcms/forkcms 16 https://github.com/goharbor/harbor 15 https://github.com/centreon/centreon 15 https://github.com/simplesamlphp/simplesamlphp 15 https://github.com/geoserver/geoserver 15 https://github.com/apache/camel 15 https://github.com/OpenMage/magento-lts 15 https://github.com/puppetlabs/puppet 15 https://github.com/denoland/deno 15 https://github.com/moby/moby 14 https://github.com/gradio-app/gradio 14 https://github.com/langchain-ai/langchain 14 https://github.com/cockpit-hq/cockpit 14 https://github.com/mattermost/mattermost 14 https://github.com/vantage6/vantage6 14 https://github.com/pyload/pyload 14 https://github.com/PHPMailer/PHPMailer 14 https://github.com/containerd/containerd 14 https://github.com/cobbler/cobbler 14 https://github.com/pyca/cryptography 14 https://github.com/tinymce/tinymce 14 https://github.com/swagger-api/swagger-ui 13 https://github.com/traefik/traefik 13 https://github.com/undertow-io/undertow 13 https://github.com/ming-soft/MCMS 13 https://github.com/quarkusio/quarkus 13 https://github.com/golang/go 13 https://github.com/modoboa/modoboa 13 https://github.com/silverstripe/silverstripe-framework 13 https://github.com/xuxueli/xxl-job 13 https://github.com/publify/publify 13 https://github.com/hashicorp/nomad 13 https://github.com/dompdf/dompdf 13 https://github.com/dromara/hutool 12 https://github.com/nodejs/undici 12 https://github.com/twisted/twisted 12 https://github.com/ckeditor/ckeditor4 12 https://github.com/backstage/backstage 12 https://github.com/apache/kylin 12 https://github.com/apache/dolphinscheduler 12 https://github.com/centreon/centreon-archived 12 https://github.com/laurent22/joplin 12 https://github.com/patriksimek/vm2 12 https://github.com/TryGhost/Ghost 12 https://github.com/drupal/core 11 https://github.com/jquery/jquery 11 https://github.com/top-think/framework 11 https://github.com/scrapy/scrapy 11 https://github.com/Studio-42/elFinder 11 https://github.com/dotnet/aspnetcore 11 https://github.com/urllib3/urllib3 11 https://github.com/nats-io/nats-server 11 https://github.com/cloudflare/cfrpki 11 https://github.com/openfga/openfga 11 https://github.com/smarty-php/smarty 11 https://github.com/opencontainers/runc 11 https://github.com/containers/podman 11 https://github.com/igniterealtime/Openfire 11 https://github.com/zitadel/zitadel 11 https://github.com/cakephp/cakephp 11 https://github.com/vaadin/flow 11 https://github.com/vercel/next.js 11 https://github.com/thorsten/phpMyFAQ 11 https://github.com/janeczku/calibre-web 11 https://github.com/1Panel-dev/1Panel 11 https://github.com/onionshare/onionshare 11 https://github.com/puma/puma 11 https://github.com/aio-libs/aiohttp 11 https://github.com/NodeBB/NodeBB 11 https://github.com/wagtail/wagtail 10 https://github.com/phusion/passenger 10 https://github.com/Sylius/Sylius 10 https://github.com/nocodb/nocodb 10 https://github.com/keystonejs/keystone 10 https://github.com/dpgaspar/Flask-AppBuilder 10 https://github.com/nextauthjs/next-auth 10 https://github.com/pimcore/admin-ui-classic-bundle 10 https://github.com/ezsystems/ezpublish-kernel 10 https://github.com/jupyter/notebook 10 https://github.com/openstack/glance 10 https://github.com/zopefoundation/Zope 10 https://github.com/greenpau/caddy-security 10 https://github.com/OPCFoundation/UA-.NETStandard 10 https://github.com/codeigniter4/CodeIgniter4 10 https://github.com/WWBN/AVideo 10 https://github.com/jenkinsci/git-plugin 10 https://github.com/dolibarr/dolibarr 10 https://github.com/spring-projects/spring-security 9 https://github.com/openstack/horizon 9 https://github.com/cui2shark/cms 9 https://github.com/ethyca/fides 9 https://github.com/Pylons/waitress 9 https://github.com/giampaolo/pyftpdlib 9 https://github.com/evershopcommerce/evershop 9 https://github.com/cosmos/cosmos-sdk 9 https://github.com/LavaLite/cms 9 https://github.com/yiisoft/yii2 9 https://github.com/Graylog2/graylog2-server 9