Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories

Loading...
Moderate
GSA_kwCzR0hTQS1qdzg4LXd4djUtN2M0Zs4AAgH7
Directory traversal in pyftpdlib
Ecosystems: pypi
Packages: pyftpdlib
Source: GitHub Advisory Database
Blast Radius: 15.8
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1ocG12LXd2cTMtZ2oyN830Ug
Moodle cross-site request forgery (CSRF) vulnerability
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 6.1
Published: about 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXE0MnEtNTIzZy0zZnd2
Cross-Site Request Forgery
Ecosystems: maven
Packages: com.softwaremill.akka-http-session:core_2.11, com.softwaremill.akka-http-session:core_2.12, com.softwaremill.akka-http-session:core_2.13
Source: GitHub Advisory Database
Blast Radius: 4.2
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1mZzl3LWNmZm0tcG1oMs4AASVC
Insecure Default Initialization of Resource in Pivotal Spring Web Flow
Ecosystems: maven
Packages: org.springframework.webflow:spring-webflow
Source: GitHub Advisory Database
Blast Radius: 19.4
Published: about 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWhoOHYtam1oMy05NDM3
Cross-site scripting in SocksJS-node
Ecosystems: npm
Packages: sockjs
Source: GitHub Advisory Database
Blast Radius: 39.4
Published: about 3 years ago
Moderate
GSA_kwCzR0hTQS13NzY2LTM1NzItZjJods4AAzSl
Pimcore Cross-site Scripting (XSS) vulnerability in Admin Translations
Ecosystems: packagist
Packages: pimcore/pimcore
Source: GitHub Advisory Database
Blast Radius: 11.9
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS0yNTRxLXJxbXctdng0Nc0sYQ
Exposure of Sensitive Information to an Unauthorized Actor in librenms
Ecosystems: packagist
Packages: librenms/librenms
Source: GitHub Advisory Database
Blast Radius: 2.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS03NDUyLXhxcGotNnJwY84AA4-z
moby Access to remapped root allows privilege escalation to real root
Ecosystems: go
Packages: github.com/moby/moby
Source: GitHub Advisory Database
Blast Radius: 21.9
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS0zNXI5LWdmcWYtcjZjd84AAs7x
Missing permission check in Jenkins vRealize Orchestrator Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:vmware-vrealize-orchestrator
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS14NGhoLWZyeDgtOThyNc4AA4_0
Bref's Uploaded Files Not Deleted in Event-Driven Functions
Ecosystems: packagist
Packages: bref/bref
Source: GitHub Advisory Database
Blast Radius: 15.8
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS1oN3ZmLTV3cnYtOWZods4AAxVO
Symfony storing cookie headers in HttpCache
Ecosystems: packagist
Packages: symfony/symfony, symfony/http-kernel
Source: GitHub Advisory Database
Blast Radius: 33.8
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS01OXAyLXY2MngtZ3hqOM4AA7wY
Ryu Infinite Loop vulnerability
Ecosystems: pypi
Packages: ryu
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 16 days ago
Moderate
GSA_kwCzR0hTQS0zanE3LThwaDgtNjN4bc4AAkkw
Grafana information disclosure
Ecosystems: go
Packages: github.com/grafana/grafana
Source: GitHub Advisory Database
Blast Radius: 9.3
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS01Zm05LWg3MjgtZndwas4AAzpS
trust-dns vulnerable to Remote Attackers causing Denial-of-Service (packet loops) with crafted DNS packets
Ecosystems: cargo
Packages: trust-dns-server
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 12 months ago
Moderate
GSA_kwCzR0hTQS00OWo0LXYzN2ctNWdnMs4AAs8-
Jenkins EasyQA Plugin Missing Authorization vulnerability
Ecosystems: maven
Packages: com.geteasyqa:easyqa
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWh4cDUtOHBncS1tZ3Y5
Missing Authentication for Critical Function in Apache Calcite
Ecosystems: maven
Packages: org.apache.calcite:calcite-splunk, org.apache.calcite:calcite-druid, org.apache.calcite:calcite-core
Source: GitHub Advisory Database
Blast Radius: 18.8
Published: about 3 years ago
Moderate
GSA_kwCzR0hTQS14cjR2LTI4cm0tcHZnd84AAbZp
Improper Neutralization of Special Elements used in an SQL Command Pivotal Spring Data JPA
Ecosystems: maven
Packages: org.springframework.data:spring-data-jpa
Source: GitHub Advisory Database
Blast Radius: 25.8
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS12NzM1LTJwcDYtaDg2cs4AATtv
Ansible Logs Passwords If PowerShell ScriptBlock is Enabled
Ecosystems: pypi
Packages: ansible
Source: GitHub Advisory Database
Blast Radius: 18.3
Published: about 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJ2ZzgtcHdxMi14ajdx
Out-of-bounds Read in base64url
Ecosystems: npm
Packages: base64url
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Moderate
GSA_kwCzR0hTQS1mZ3B3LWN4M3Ytd2o5Nc4AA7wX
Ryu Infinite Loop vulnerability
Ecosystems: pypi
Packages: ryu
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 16 days ago
Moderate
GSA_kwCzR0hTQS1xNm1wLTU2MngtZ2d2ds4AAtGX
Cross-site Scripting in microweber
Ecosystems: packagist
Packages: microweber/microweber
Source: GitHub Advisory Database
Blast Radius: 3.8
Published: almost 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJjNXItNjk3Zi0yOHg2
XSS injection in the Grid component of Sylius
Ecosystems: packagist
Packages: sylius/sylius, sylius/grid-bundle, sylius/grid
Source: GitHub Advisory Database
Blast Radius: 13.8
Published: about 4 years ago
Moderate
GSA_kwCzR0hTQS12eGhqLTN4N3AtanhwNc4AAdMS
Exposure of Sensitive Information to an Unauthorized Actor in RESTEasy
Ecosystems: maven
Packages: org.jboss.resteasy:resteasy-client
Source: GitHub Advisory Database
Blast Radius: 24.7
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS01cGcyLXFnODctdm1qN84AAtFk
Cross-site Scripting in microweber
Ecosystems: packagist
Packages: microweber/microweber
Source: GitHub Advisory Database
Blast Radius: 3.8
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1qZmhtLTVnaGgtMmY5N84AA3Zw
cryptography vulnerable to NULL-dereference when loading PKCS7 certificates
Ecosystems: pypi
Packages: cryptography
Source: GitHub Advisory Database
Blast Radius: 30.2
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS1qZ2g4LXZjaHctcTNnN84AAxOa
safeurl-python contains Server-Side Request Forgery
Ecosystems: pypi
Packages: safeurl-python
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS12OTIzLXczeDgtd2g2Oc4AAtEm
Passport vulnerable to session regeneration when a users logs in or out
Ecosystems: npm
Packages: passport
Source: GitHub Advisory Database
Blast Radius: 26.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1qODZ2LTJ2anItZmc4Zs4AA5Cm
Etcd Gateway TLS endpoint validation only confirms TCP reachability
Ecosystems: go
Packages: go.etcd.io/etcd
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS1nNDhmLWZmNWgtNWY2NM4AAdF7
Exposure of Sensitive Information to an Unauthorized Actor in Apache Hadoop
Ecosystems: maven
Packages: org.apache.hadoop:hadoop-common
Source: GitHub Advisory Database
Blast Radius: 27.0
Published: about 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXFqNzMtdjY4OC13cXhm
Hijacked Environment Variables in proxy.js
Ecosystems: npm
Packages: proxy.js
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 5 years ago
Moderate
GSA_kwCzR0hTQS1qZnJmLXZ2NTQtajJqZ84AA1QU
Margox Braft-Editor Cross-site Scripting Vulnerability
Ecosystems: npm
Packages: braft-editor
Source: GitHub Advisory Database
Blast Radius: 18.1
Published: 9 months ago
Moderate
GSA_kwCzR0hTQS1nNzhoLXBmNjUtNDZyds4AATTf
Enhanced Image plugin for CKEditor is vulnerable to Cross-site scripting (XSS)
Ecosystems: packagist, npm
Packages: drupal/drupal, ckeditor-dev, drupal/core
Source: GitHub Advisory Database
Blast Radius: 27.9
Published: about 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTg3OTYtZ2M5ai02M3J2
File upload local preview can run embedded scripts after user interaction
Ecosystems: npm
Packages: matrix-react-sdk
Source: GitHub Advisory Database
Blast Radius: 7.9
Published: about 3 years ago
Moderate
GSA_kwCzR0hTQS1nMjk4LTU5cGctOTNoN84AAxEv
Cross-Site Request Forgery in modoboa
Ecosystems: pypi
Packages: modoboa
Source: GitHub Advisory Database
Blast Radius: 5.2
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS03cXc0LXc3aGYtMjJxM84AAWZ_
xapian-core Cross-site Scripting vulnerability
Ecosystems: rubygems
Packages: xapian-core
Source: GitHub Advisory Database
Blast Radius: 2.9
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS00Y3B2LTY2OWMtcjc5eM4AA1yz
Prevent injection of invalid entity ids for "autocomplete" fields
Ecosystems: packagist
Packages: symfony/ux-autocomplete
Source: GitHub Advisory Database
Blast Radius: 10.2
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS1xcThtLTlycHgtdzJmbc4AA1EV
Admidio Insufficient Session Expiration vulnerability
Ecosystems: packagist
Packages: admidio/admidio
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 10 months ago
Moderate
GSA_kwCzR0hTQS1wOTN2LW0ycjItNDM4N80vgA
Denial of service via insufficient metadata validation
Ecosystems: go
Packages: github.com/google/fscrypt
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTQ1aHctMjl4Ny05eDk1
Arbitrary File Read in Snyk Broker
Ecosystems: npm
Packages: snyk-broker
Source: GitHub Advisory Database
Blast Radius: 1.3
Published: almost 4 years ago
Moderate
GSA_kwCzR0hTQS1wZjZwLTI1cjItZng0Nc4AAtBR
Server-Side Request Forgery in dompdf/dompdf
Ecosystems: packagist
Packages: dompdf/dompdf
Source: GitHub Advisory Database
Blast Radius: 23.0
Published: almost 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTNmOTUtdzVoNS1mcTg2
Prototype Pollution in mergify
Ecosystems: npm
Packages: mergify
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Moderate
GSA_kwCzR0hTQS1tOWpqLXA5NDctbTh4ds4AA0qF
Jenkins mabl Plugin missing permission check
Ecosystems: maven
Packages: com.mabl.integration.jenkins:mabl-integration
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 10 months ago
Moderate
GSA_kwCzR0hTQS01ODlmLWM2NnAtaHhyNM4AAtpP
grapesjs before 0.19.5 vulnerable to Cross-site Scripting
Ecosystems: npm
Packages: grapesjs
Source: GitHub Advisory Database
Blast Radius: 15.6
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS0zYzU2LXZ4NnYtcTV2aM4AAmhj
SaltStack Salt Allows creating certificates with weak file permissions
Ecosystems: pypi
Packages: salt
Source: GitHub Advisory Database
Blast Radius: 14.5
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS00MmozLTQ5OHEtbTZ2cM4AATn7
Improper Input Validation in Apache Tomcat
Ecosystems: maven
Packages: org.apache.tomcat:tomcat
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXFycmMtd3c5eC1yNDNn
Improper Input Validation in Docker Engine
Ecosystems: go
Packages: github.com/docker/docker-ce
Source: GitHub Advisory Database
Blast Radius: 10.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS03ZnE4LTRwdjUtNXc1Y84AAVA8
Django cross-site scripting (XSS) attack via user-supplied redirect URLs
Ecosystems: pypi
Packages: Django
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS05ODRtLXJqMjgtOGM2eM4AAYda
Plone unauthorized member addition vulnerability
Ecosystems: pypi
Packages: Products.CMFPlone
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS05d2hoLTU4MnItNTg5aM4AAW52
ldap_fluff authentication bypass
Ecosystems: rubygems
Packages: ldap_fluff
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS03ZjYzLWg2ZzMtN2N3bc0vhw
Cross Site Scripting (XSS) in @finastra/ssr-pages
Ecosystems: npm
Packages: @finastra/ssr-pages
Source: GitHub Advisory Database
Blast Radius: 4.7
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS0yeDUyLThmMjktN2Nqcs4AA70W
Eclipse Dataspace Components vulnerable to OAuth2 client secret disclosure
Ecosystems: maven
Packages: org.eclipse.edc:connector-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 14 days ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXY1MjgtN2hybS1mcnFw
Improper Check for Unusual or Exceptional Conditions in json-smart
Ecosystems: maven
Packages: net.minidev:json-smart, net.minidev:json-smart-mini
Source: GitHub Advisory Database
Blast Radius: 22.0
Published: almost 3 years ago
Moderate
GSA_kwCzR0hTQS00M3g5LTdoZnYtbXhyZs0u_g
jQuery-Upload-File XSS in fileNameStr
Ecosystems: npm
Packages: jquery-file-upload
Source: GitHub Advisory Database
Blast Radius: 16.0
Published: about 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWNxeHIteGYydy05NDN3
Creation of Temporary File in Directory with Insecure Permissions in auto-generated Java, Scala code
Ecosystems: maven
Packages: org.openapitools:openapi-generator
Source: GitHub Advisory Database
Blast Radius: 15.8
Published: about 3 years ago
Moderate
GSA_kwCzR0hTQS03Nnc2LW03dnYtN2hod84AAhQ7
Missing permission check in Jenkins Docker Plugin
Ecosystems: maven
Packages: io.jenkins.docker:docker-plugin
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1qNTJyLXBtcXYtd20zOM4AAivL
Missing permission check in Jenkins Support Core Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:support-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS14OXZjLTVxNzctbTd4NM4AAxHP
Improper Input Validation in pyload-ng
Ecosystems: pypi
Packages: pyload-ng
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS02OXE3LWh3dzQtOHBqcc4AAjU8
phpBB allows CSRF
Ecosystems: packagist
Packages: phpbb/phpbb
Source: GitHub Advisory Database
Blast Radius: 14.5
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1xanFwLXhyOTYtY2o5Oc4AA70j
Trix Editor Arbitrary Code Execution Vulnerability
Ecosystems: npm
Packages: trix
Source: GitHub Advisory Database
Blast Radius: 16.7
Published: 14 days ago
Moderate
GSA_kwCzR0hTQS1tcXZwLTdycmctOWp4Y80wYw
Improper Input Validation and Allocation of Resources Without Limits or Throttling in poi-scratchpad
Ecosystems: maven
Packages: org.apache.poi:poi-scratchpad
Source: GitHub Advisory Database
Blast Radius: 22.4
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS04ang5LTdqNW0tNzl4NM4AAR1e
Jenkins Build Step Plugin fails to check Item/Build permission
Ecosystems: maven
Packages: org.jenkins-ci.plugins:pipeline-build-step
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS14M3B4LTJwOTUtZjZqcs4AAtNM
KubeEdge DoS when signing the CSR from EdgeCore
Ecosystems: go
Packages: github.com/kubeedge/kubeedge
Source: GitHub Advisory Database
Blast Radius: 5.8
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1xcHgzLTk1NjUtNXh3bc4AAtNU
KubeEdge CloudCore Router memory exhaustion vulnerability
Ecosystems: go
Packages: github.com/kubeedge/kubeedge
Source: GitHub Advisory Database
Blast Radius: 5.2
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS14cDhwLTlycTUtNHdnds4AAcYZ
ZendXml and Zend Framework contain XXE and XEE Vulnerabilities
Ecosystems: packagist
Packages: zendframework/zendframework, zendframework/zendxml, zendframework/zendframework1
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1nZ2o5LTZ4OGotNDl3Oc4AAwss
SimpleSAMLphp simplesamlphp-module-openid
Ecosystems: packagist
Packages: simplesamlphp/simplesamlphp-module-openid
Source: GitHub Advisory Database
Blast Radius: 7.2
Published: over 1 year ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWg0aHYtbTRoNC1taHdn
Django open redirect
Ecosystems: pypi
Packages: django
Source: GitHub Advisory Database
Blast Radius: 30.9
Published: over 5 years ago
Moderate
GSA_kwCzR0hTQS12cXhxLTN3cXYtcjl4cM4AAhk8
Magento 2 Community Edition Information Disclosure
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 5.7
Published: almost 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWh3cnItcmhtbS12Y3Zm
NULL Pointer Dereference in Kubernetes CSI snapshot-controller
Ecosystems: go
Packages: github.com/kubernetes-csi/external-snapshotter/v3, github.com/kubernetes-csi/external-snapshotter/v2
Source: GitHub Advisory Database
Blast Radius: 16.7
Published: over 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWgyanYtNXYzZi03bTdq
Downloads Resources over HTTP in adamvr-geoip-lite
Ecosystems: npm
Packages: adamvr-geoip-lite
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Moderate
GSA_kwCzR0hTQS1oamZwLTJqN3EteG14NM4AA3ot
Cross-site Scripting in JFinalCMS
Ecosystems: maven
Packages: com.jfinal:jfinal
Source: GitHub Advisory Database
Blast Radius: 15.8
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS0zZzJnLXJjbTYtcnJxMs4AAxJv
Cleartext Transmission of Sensitive Information in Jenkins JIRA Pipeline Steps Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:jira-steps
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS01OTdjLW1oN20tNDh2N84AASBA
SimpleSAMLphp Invalid token creation and validation
Ecosystems: packagist
Packages: simplesamlphp/simplesamlphp
Source: GitHub Advisory Database
Blast Radius: 14.8
Published: about 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWNtNXgtODM3eC1qZjNj
Division by 0 in inplace operations
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 26.8
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1wOXhwLXhnaHAtZ3F2cM4AAkyl
bbPress stored Cross-Site Scripting (XSS) vulnerability in the Forum creation section
Ecosystems: packagist
Packages: bbpress/bbpress
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWdmODgtajJtZy1jYzgy
Crash caused by integer conversion to unsigned
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 26.8
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1yMnJxLTNoNTYtZnFtNM4AATu7
Symfony DoS
Ecosystems: packagist
Packages: symfony/http-foundation, symfony/symfony
Source: GitHub Advisory Database
Blast Radius: 33.8
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS03N3A0LXdmcjgtOTc3d84AAi_T
TYPO3 Directory Traversal on ZIP extraction
Ecosystems: packagist
Packages: typo3/cms, typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 24.4
Published: almost 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWg2amgtN2d2NS0yOHZn
Bad alloc in `StringNGrams` caused by integer conversion
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 26.8
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1teGZ2LWM4cDgtcXc1aM4AAbmf
baserCMS Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: baserproject/basercms
Source: GitHub Advisory Database
Blast Radius: 3.3
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS04aDI0LTNjanIteHhtaM4AAUIc
Evolution CMS Stored Cross-site Scripting (XSS)
Ecosystems: packagist
Packages: evolutioncms/evolution
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1jbTRyLTU4cGotaDJwaM30TQ
Moodle allows attackers to extract archives to arbitrary directories
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS02MjZ3LWhtcHcteDc0as4AAWQy
paypal/invoice-sdk-php reflected XSS
Ecosystems: packagist
Packages: paypal/invoice-sdk-php
Source: GitHub Advisory Database
Blast Radius: 4.9
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS14aGMzLTVwZ2YtcDU3Ns4AAoHG
subrion CMS Cross Site Scripting (XSS) vulnerability
Ecosystems: packagist
Packages: intelliants/subrion
Source: GitHub Advisory Database
Blast Radius: 3.7
Published: almost 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTd4cmotZjVycC1qNTVo
Uncontrolled Resource Consumption in transpile
Ecosystems: npm
Packages: transpile
Source: GitHub Advisory Database
Blast Radius: 11.7
Published: over 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWdqd3AtN3YzZy05OXBq
Cross-site Request Forgery (CSRF) in joplin
Ecosystems: npm
Packages: joplin
Source: GitHub Advisory Database
Blast Radius: 7.7
Published: over 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWYycnAtajhodi1nNWd4
Cross-site scripting in imgURL
Ecosystems: packagist
Packages: helloxz/imgurl
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTdmNWMtcnBmNC04NnA4
Insertion of Sensitive Information into Externally-Accessible File or Directory and Exposure of Sensitive Information to an Unauthorized Actor in hbs
Ecosystems: npm
Packages: hbs
Source: GitHub Advisory Database
Blast Radius: 20.9
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS04N3Y2LWNyZ20tMmdmas0odQ
Division by zero in Tensorflow
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 31.6
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS05OXJoLXZ4bWMtN3dnZs4AAgus
ezplatform-admin-ui Cross-site Scripting (XSS) vulnerability
Ecosystems: packagist
Packages: ezsystems/ezplatform-admin-ui
Source: GitHub Advisory Database
Blast Radius: 12.8
Published: almost 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWY4cHYteDdoOC02ODd2
Cross-site scripting in feehicms
Ecosystems: packagist
Packages: feehi/feehicms
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS05aDMzLTVmeHctcjJ4ds4AAzAx
Stored cross site scripting via container name
Ecosystems: packagist
Packages: concrete5/concrete5
Source: GitHub Advisory Database
Blast Radius: 4.6
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1taDgzLWpjdzUtcmpoOM0jUA
XML External Entity Reference in edu.stanford.nlp:stanford-corenlp
Ecosystems: maven
Packages: edu.stanford.nlp:stanford-corenlp
Source: GitHub Advisory Database
Blast Radius: 20.5
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS0yZ2g4LWdyNngtN3EyNs4AAej4
SOAPpy vulnerable to XXE attacks
Ecosystems: pypi
Packages: SOAPpy
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXI2Zzgtam1qOS1nOTQ1
Improper Restriction of Rendered UI Layers or Frames in yourls
Ecosystems: packagist
Packages: yourls/yourls
Source: GitHub Advisory Database
Blast Radius: 4.5
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS05d2Y2LTg4eDQtNnh2as4AASZm
BuddyPress Docs plugin Improper Privilege Management
Ecosystems: packagist
Packages: buddypress/buddypress
Source: GitHub Advisory Database
Blast Radius: 3.6
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1yd2g4LWg1MjUtNGp2as4AAmwt
EC-CUBE Improper Restriction of Rendered UI Layers or Frames
Ecosystems: packagist
Packages: ec-cube/ec-cube
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS01OXBqLTdtamgtNDQ2Nc4AAi_a
TYPO3 SQL Injection in low-level Query Generator
Ecosystems: packagist
Packages: typo3/cms-core, typo3/cms
Source: GitHub Advisory Database
Blast Radius: 19.7
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS04M2MzLXF4MjctMnJ3cs4AAfXs
Symfony Allows URI Restrictions Bypass Via Double-Encoded String
Ecosystems: packagist
Packages: symfony/symfony, symfony/security, symfony/routing, symfony/http-foundation
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXd3dnYteDVtcS1oM2pq
Use of Cryptographically Weak Pseudo-Random Number Generator in yiisoft/yii2-dev
Ecosystems: packagist
Packages: yiisoft/yii2-dev
Source: GitHub Advisory Database
Blast Radius: 8.2
Published: over 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTl4anItbTZmMy12NXdt
HTTPS MitM vulnerability due to lack of hostname verification
Ecosystems: cargo
Packages: hyper
Source: GitHub Advisory Database
Blast Radius: 22.0
Published: over 2 years ago
Statistics
Advisories: 18,804
Packages: 8,399
Repositories: 5,089
Ecosystems: 12
Filter by Severity
Moderate 8,174 High 6,458 Critical 2,852 Low 1,019
Filter by Ecosystem
maven 5,579 packagist 4,016 pypi 3,849 npm 3,560 go 1,948 nuget 1,421 rubygems 815 cargo 784 swift 31 hex 30 actions 16 pub 8
Filter by Package
tensorflow 432 tensorflow-cpu 387 tensorflow-gpu 384 moodle/moodle 323 Microsoft.ChakraCore 247 magento/community-edition 203 org.jenkins-ci.main:jenkins-core 189 org.apache.tomcat:tomcat 134 pimcore/pimcore 116 dolibarr/dolibarr 107 typo3/cms 102 phpmyadmin/phpmyadmin 92 microweber/microweber 91 drupal/core 90 django 80 apache-airflow 78 typo3/cms-core 77 drupal/drupal 75 thorsten/phpmyfaq 70 com.fasterxml.jackson.core:jackson-databind 69 ansible 63 github.com/usememos/memos 59 actionpack 57 org.apache.struts:struts2-core 55 librenms/librenms 54 salt 53 symfony/symfony 53 Plone 52 concrete5/concrete5 52 apache-superset 49 shopware/platform 48 org.keycloak:keycloak-core 47 com.liferay.portal:release.portal.bom 45 nova 45 github.com/grafana/grafana 45 baserproject/basercms 43 plone 43 nokogiri 43 rdiffweb 42 Pillow 41 craftcms/cms 40 intelliants/subrion 40 showdoc/showdoc 40 vyper 38 github.com/mattermost/mattermost/server/v8 38 froxlor/froxlor 37 nilsteampassnet/teampass 37 github.com/mattermost/mattermost-server/v6 37 com.jfinal:jfinal 36 com.thoughtworks.xstream:xstream 36 org.apache.tomcat.embed:tomcat-embed-core 36 shopware/core 36 net.mingsoft:ms-mcms 35 matrix-synapse 35 github.com/answerdev/answer 34 org.xwiki.platform:xwiki-platform-oldcore 34 moin 34 k8s.io/kubernetes 33 mlflow 33 snipe/snipe-it 32 org.elasticsearch:elasticsearch 32 org.jenkins-ci.plugins:script-security 32 silverstripe/framework 32 Django 30 opencv-contrib-python 30 mautic/core 30 opencv-python 30 keystone 30 parse-server 29 github.com/argoproj/argo-cd 29 getgrav/grav 29 github.com/hashicorp/vault 28 github.com/rancher/rancher 28 io.undertow:undertow-core 27 centreon/centreon 27 org.keycloak:keycloak-services 27 shopware/shopware 27 github.com/hashicorp/nomad 26 electron 26 prestashop/prestashop 26 github.com/hashicorp/consul 26 openssl-src 26 org.apache.solr:solr-core 25 rubygems-update 25 org.keycloak:keycloak-parent 25 gogs.io/gogs 24 magento/core 24 org.eclipse.jetty:jetty-server 23 github.com/argoproj/argo-cd/v2 23 mediawiki/core 23 remdex/livehelperchat 23 pocketmine/pocketmine-mp 23 puppet 23 org.springframework.security:spring-security-core 23 org.bouncycastle:bcprov-jdk14 22 grumpydictator/firefly-iii 22 getkirby/cms 22 org.apache.nifi:nifi 22 ckb 22 rack 22 org.apache.openmeetings:openmeetings-parent 21 activerecord 21 contao/core-bundle 21 @openzeppelin/contracts-upgradeable 21 github.com/ethereum/go-ethereum 20 tribalsystems/zenario 20 github.com/docker/docker 20 github.com/cilium/cilium 20 @openzeppelin/contracts 20 org.cloudfoundry.identity:cloudfoundry-identity-server 20 code.gitea.io/gitea 19 org.springframework:spring-core 19 laravel/framework 19 DotNetNuke.Core 19 glance 18 Microsoft.AspNetCore.App.Runtime.win-x64 18 cockpit-hq/cockpit 18 Microsoft.AspNetCore.App.Runtime.win-x86 18 contao/contao 18 com.liferay.portal:release.dxp.bom 18 forkcms/forkcms 18 golang.org/x/net 18 simplesamlphp/simplesamlphp 18 langchain 18 com.vaadin:vaadin-bom 18 directus 18 ezsystems/ezpublish-kernel 17 org.apache.geode:geode-core 17 Microsoft.AspNetCore.App.Runtime.win-arm 17 genix/cms 17 org.xwiki.platform:xwiki-platform-web-templates 17 helm.sh/helm/v3 17 cobbler 17 mercurial 17 symfony/security 17 francoisjacquet/rosariosis 17 PaddlePaddle 17 cakephp/cakephp 17 topthink/framework 17 wasmtime 16 org.apache.activemq:activemq-client 16 org.bouncycastle:bcprov-jdk15 16 yetiforce/yetiforce-crm 16 pillow 16 org.apache.dubbo:dubbo 16 rusqlite 16 Microsoft.AspNetCore.App.Runtime.linux-arm 16 Microsoft.AspNetCore.App.Runtime.linux-arm64 16 sequelize 16 Microsoft.AspNetCore.App.Runtime.linux-musl-x64 16 Microsoft.AspNetCore.App.Runtime.linux-x64 16 Microsoft.AspNetCore.App.Runtime.osx-x64 16 neutron 16 cryptography 15 paddlepaddle 15 org.apache.struts.xwork:xwork-core 15 gradio 15 Microsoft.AspNetCore.App.Runtime.win-arm64 15 notebook 15 Microsoft.AspNetCore.App.Runtime.linux-musl-arm64 15 openmage/magento-lts 15 next 15 org.apache.jspwiki:jspwiki-main 15 github.com/goharbor/harbor 15 phpmailer/phpmailer 14 github.com/containerd/containerd 14 activesupport 14 pyload-ng 14 publify_core 14 smarty/smarty 14 org.xwiki.platform:xwiki-platform-web 14 ec-cube/ec-cube 14 org.apache.inlong:manager-pojo 14 swagger-ui 14 pyftpdlib 14 ghost 14 typo3/cms-backend 14 tinymce 14 symfony/security-http 14 modoboa 14 zendframework/zendframework1 14 impresscms/impresscms 13 org.apache.cxf:cxf 13 github.com/mattermost/mattermost-server 13 codeigniter4/framework 13 github.com/nats-io/nats-server/v2 13 joplin 13 bolt/bolt 13 lavalite/cms 13 passenger 13 elefant/cms 13 github.com/traefik/traefik/v2 13 ckeditor4 13 org.apache.hadoop:hadoop-main 13 october/system 13 strapi 13 OctoPrint 13 deno 12 phpmyfaq/phpmyfaq 12 Microsoft.NETCore.App.Runtime.win-x86 12
Filter by Repository
https://github.com/tensorflow/tensorflow 432 https://github.com/chakra-core/ChakraCore 214 https://github.com/moodle/moodle 210 https://github.com/xwiki/xwiki-platform 172 https://github.com/jenkinsci/jenkins 148 https://github.com/pimcore/pimcore 111 https://github.com/apache/tomcat 96 https://github.com/django/django 95 https://github.com/apache/airflow 90 https://github.com/microweber/microweber 85 https://github.com/FasterXML/jackson-databind 70 https://github.com/thorsten/phpmyfaq 69 https://github.com/usememos/memos 59 https://github.com/keycloak/keycloak 59 https://github.com/Dolibarr/dolibarr 55 https://github.com/ansible/ansible 53 https://github.com/rails/rails 53 https://github.com/python-pillow/Pillow 52 https://github.com/kubernetes/kubernetes 49 https://github.com/symfony/symfony 47 https://github.com/TYPO3/typo3 46 https://github.com/apache/struts 46 https://github.com/librenms/librenms 46 https://github.com/shopware/platform 43 https://github.com/ikus060/rdiffweb 42 https://github.com/spring-projects/spring-framework 41 https://github.com/grafana/grafana 39 https://github.com/phpmyadmin/phpmyadmin 38 https://github.com/star7th/showdoc 38 https://github.com/vyperlang/vyper 38 https://github.com/argoproj/argo-cd 37 https://github.com/plone/Products.CMFPlone 37 https://github.com/x-stream/xstream 36 https://github.com/openstack/nova 36 https://github.com/concretecms/concretecms 34 https://github.com/answerdev/answer 34 https://github.com/apache/activemq 33 https://github.com/octobercms/october 33 https://github.com/matrix-org/synapse 32 https://github.com/sparklemotion/nokogiri 32 https://github.com/saltstack/salt 32 https://github.com/go-gitea/gitea 31 https://github.com/PaddlePaddle/Paddle 31 https://github.com/magento/magento2 31 https://github.com/parse-community/parse-server 29 https://github.com/craftcms/cms 29 https://github.com/snipe/snipe-it 28 https://github.com/opencv/opencv 28 https://github.com/CVEProject/cvelist 28 https://github.com/mautic/mautic 28 https://github.com/openstack/keystone 27 https://github.com/mlflow/mlflow 27 https://github.com/apache/inlong 26 https://github.com/froxlor/froxlor 26 https://github.com/electron/electron 25 https://github.com/rancher/rancher 25 https://github.com/getgrav/grav 24 https://github.com/shopware/shopware 24 https://github.com/TYPO3/TYPO3.CMS 24 https://github.com/dotnet/runtime 24 https://github.com/github/advisory-database 23 https://github.com/eclipse/jetty.project 23 https://github.com/livehelperchat/livehelperchat 23 https://github.com/pmmp/PocketMine-MP 23 https://github.com/nervosnetwork/ckb 22 https://github.com/contao/contao 22 https://github.com/baserproject/basercms 22 https://github.com/PrestaShop/PrestaShop 22 https://github.com/firefly-iii/firefly-iii 22 https://github.com/jenkinsci/script-security-plugin 21 https://github.com/strapi/strapi 21 https://github.com/apache/nifi 21 https://github.com/cilium/cilium 20 https://github.com/OpenNMS/opennms 20 https://github.com/gogs/gogs 20 https://github.com/jeecgboot/jeecg-boot 20 https://github.com/OpenZeppelin/openzeppelin-contracts 20 https://github.com/netty/netty 20 https://github.com/intelliants/subrion 19 https://github.com/nilsteampassnet/teampass 19 https://github.com/cloudfoundry/uaa 19 https://github.com/apache/cxf 19 https://github.com/bcgit/bc-java 19 https://github.com/hashicorp/consul 19 https://github.com/nilsteampassnet/TeamPass 18 https://github.com/helm/helm 18 https://github.com/getkirby/kirby 18 https://github.com/rubygems/rubygems 18 https://github.com/rack/rack 17 https://github.com/liufee/cms 17 https://github.com/directus/directus 17 https://github.com/vaadin/platform 17 https://github.com/bytecodealliance/wasmtime 17 https://github.com/ethereum/go-ethereum 16 https://github.com/sequelize/sequelize 16 https://github.com/yetiforcecompany/yetiforcecrm 16 https://github.com/etcd-io/etcd 16 https://github.com/forkcms/forkcms 16 https://github.com/umbraco/Umbraco-CMS 16 https://github.com/hashicorp/vault 16 https://github.com/rusqlite/rusqlite 16 https://github.com/opencast/opencast 16 https://github.com/apache/camel 15 https://github.com/goharbor/harbor 15 https://github.com/centreon/centreon 15 https://github.com/laravel/framework 15 https://github.com/geoserver/geoserver 15 https://github.com/OpenMage/magento-lts 15 https://github.com/denoland/deno 15 https://github.com/puppetlabs/puppet 15 https://github.com/simplesamlphp/simplesamlphp 15 https://github.com/tinymce/tinymce 14 https://github.com/pyca/cryptography 14 https://github.com/gradio-app/gradio 14 https://github.com/cobbler/cobbler 14 https://github.com/PHPMailer/PHPMailer 14 https://github.com/cockpit-hq/cockpit 14 https://github.com/langchain-ai/langchain 14 https://github.com/containerd/containerd 14 https://github.com/pyload/pyload 14 https://github.com/vantage6/vantage6 14 https://github.com/mattermost/mattermost 14 https://github.com/moby/moby 14 https://github.com/hashicorp/nomad 13 https://github.com/golang/go 13 https://github.com/publify/publify 13 https://github.com/modoboa/modoboa 13 https://github.com/dromara/hutool 13 https://github.com/traefik/traefik 13 https://github.com/ming-soft/MCMS 13 https://github.com/dompdf/dompdf 13 https://github.com/quarkusio/quarkus 13 https://github.com/xuxueli/xxl-job 13 https://github.com/swagger-api/swagger-ui 13 https://github.com/silverstripe/silverstripe-framework 13 https://github.com/undertow-io/undertow 13 https://github.com/TryGhost/Ghost 12 https://github.com/twisted/twisted 12 https://github.com/centreon/centreon-archived 12 https://github.com/backstage/backstage 12 https://github.com/apache/dolphinscheduler 12 https://github.com/laurent22/joplin 12 https://github.com/nodejs/undici 12 https://github.com/apache/kylin 12 https://github.com/ckeditor/ckeditor4 12 https://github.com/patriksimek/vm2 12 https://github.com/opencontainers/runc 11 https://github.com/vaadin/flow 11 https://github.com/zitadel/zitadel 11 https://github.com/smarty-php/smarty 11 https://github.com/scrapy/scrapy 11 https://github.com/containers/podman 11 https://github.com/puma/puma 11 https://github.com/ezsystems/ezpublish-kernel 11 https://github.com/top-think/framework 11 https://github.com/Studio-42/elFinder 11 https://github.com/WWBN/AVideo 11 https://github.com/onionshare/onionshare 11 https://github.com/igniterealtime/Openfire 11 https://github.com/vercel/next.js 11 https://github.com/dotnet/aspnetcore 11 https://github.com/nats-io/nats-server 11 https://github.com/1Panel-dev/1Panel 11 https://github.com/drupal/core 11 https://github.com/cakephp/cakephp 11 https://github.com/thorsten/phpMyFAQ 11 https://github.com/janeczku/calibre-web 11 https://github.com/openfga/openfga 11 https://github.com/urllib3/urllib3 11 https://github.com/aio-libs/aiohttp 11 https://github.com/NodeBB/NodeBB 11 https://github.com/cloudflare/cfrpki 11 https://github.com/pimcore/admin-ui-classic-bundle 10 https://github.com/dpgaspar/Flask-AppBuilder 10 https://github.com/phusion/passenger 10 https://github.com/jenkinsci/git-plugin 10 https://github.com/Sylius/Sylius 10 https://github.com/dolibarr/dolibarr 10 https://github.com/codeigniter4/CodeIgniter4 10 https://github.com/zopefoundation/Zope 10 https://github.com/greenpau/caddy-security 10 https://github.com/openstack/glance 10 https://github.com/OPCFoundation/UA-.NETStandard 10 https://github.com/keystonejs/keystone 10 https://github.com/nocodb/nocodb 10 https://github.com/wagtail/wagtail 10 https://github.com/jquery/jquery 10 https://github.com/jupyter/notebook 10 https://github.com/nextauthjs/next-auth 10 https://github.com/apache/lucene-solr 9 https://github.com/funadmin/funadmin 9 https://github.com/nautobot/nautobot 9 https://github.com/pgadmin-org/pgadmin4 9 https://github.com/semplon/GeniXCMS 9 https://github.com/yiisoft/yii2 9 https://github.com/evershopcommerce/evershop 9 https://github.com/Pylons/waitress 9 https://github.com/Graylog2/graylog2-server 9 https://github.com/bolt/bolt 9