Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories

Loading...
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLThmeHctNzZweC0zcnh2
Memory leak in Tensorflow
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 20.9
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWpjODctNnZwcC03ZmYz
Heap buffer overflow in Tensorflow
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 26.3
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWZ3eDUtNWZxai1qdjk4
Cross-Site Scripting in morris.js
Ecosystems: npm
Packages: morris.js
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTVmcmgtOGNtai1nYzU5
System.Management.Automation subject to bypass via script debugging
Ecosystems: nuget
Packages: System.Management.Automation
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWNmOGotNjRoOS02cTU4
CSRF in Play Framework
Ecosystems: maven
Packages: com.typesafe.play:play_2.12
Source: GitHub Advisory Database
Blast Radius: 15.2
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTRyaG0tbTJmcC1oeDdx
Potential CSV Injection vector in OctoberCMS
Ecosystems: packagist
Packages: october/backend
Source: GitHub Advisory Database
Blast Radius: 10.0
Published: almost 4 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXhxNWotZ3c3Zi1qZ2o4
CSRF Vulnerability in rails-ujs
Ecosystems: rubygems
Packages: actionview
Source: GitHub Advisory Database
Blast Radius: 37.6
Published: almost 4 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWY5bXEtanBoNi05bWht
Arbitrary file read via window-open IPC in Electron
Ecosystems: npm
Packages: electron
Source: GitHub Advisory Database
Blast Radius: 33.8
Published: almost 4 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJwcHAtOTQ5Ni1wMjNx
Insufficient Entropy in Spring Security
Ecosystems: maven
Packages: org.springframework.security:spring-security-core
Source: GitHub Advisory Database
Blast Radius: 30.2
Published: almost 4 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXE0bTMtMmo3aC1mN3h3
Cross-Site Scripting in jquery
Ecosystems: maven, rubygems, nuget, npm
Packages: org.webjars.npm:jquery, jquery-rails, jQuery, jquery
Source: GitHub Advisory Database
Blast Radius: 104.9
Published: almost 4 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWpqanItM2pjdy1mOHY2
Potential Observable Timing Discrepancy in Wagtail
Ecosystems: pypi
Packages: wagtail
Source: GitHub Advisory Database
Blast Radius: 20.1
Published: about 4 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTlqMmMteDhxbS1xbWpx
SQL injection in Tortoise ORM
Ecosystems: pypi
Packages: tortoise-orm
Source: GitHub Advisory Database
Blast Radius: 18.6
Published: about 4 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZoOTUtcm1nci02dzRt
Prototype Pollution in minimist
Ecosystems: npm
Packages: minimist
Source: GitHub Advisory Database
Blast Radius: 35.3
Published: about 4 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZjamoteGYyci1td3Zj
XSS in knockout
Ecosystems: npm
Packages: knockout
Source: GitHub Advisory Database
Blast Radius: 20.3
Published: about 4 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXF2cnYtMng3eC03OHgy
Reflected XSS in SilverStripe
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 22.2
Published: about 4 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWh2bWYtcjkyci0yN2hy
Django allows unintended model editing
Ecosystems: pypi
Packages: django
Source: GitHub Advisory Database
Blast Radius: 32.9
Published: over 4 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTQ4NGYtNzQzZi02angy
Object injection in cookie driver in phpfastcache
Ecosystems: packagist
Packages: phpfastcache/phpfastcache
Source: GitHub Advisory Database
Blast Radius: 11.0
Published: over 4 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXc3cjctcjhyOS12cmcy
Session fixation in change password form
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 22.9
Published: over 4 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWp2eDUtcm02cS1neDdw
Lack of access control on upoaded files
Ecosystems: packagist
Packages: silverstripe/assets, silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 19.3
Published: over 4 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWZ4cDgtN2g1dy1oMjM1
XSS in search engine
Ecosystems: maven
Packages: org.opencms:opencms-core
Source: GitHub Advisory Database
Blast Radius: 8.2
Published: over 4 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTRxOTgtd3I3Mi1oMzV3
Improper input validation in Apache Santuario XML Security for Java
Ecosystems: maven
Packages: org.apache.santuario:xmlsec
Source: GitHub Advisory Database
Blast Radius: 18.8
Published: over 4 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW1tZjYtNjU5Ny0zdjZt
Open Redirect in Spring Security OAuth
Ecosystems: maven
Packages: org.springframework.security.oauth:spring-security-oauth
Source: GitHub Advisory Database
Blast Radius: 14.5
Published: almost 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWNxY2YtNGc0aC1yZ2hm
Cross-site scripting in Apache Archiva
Ecosystems: maven
Packages: org.apache.archiva:archiva
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTl2M20tOGZwOC1tajk5
Bootstrap Vulnerable to Cross-Site Scripting
Ecosystems: rubygems, npm, nuget
Packages: twitter-bootstrap-rails, bootstrap-sass, bootstrap, bootstrap.sass, Bootstrap.Less
Source: GitHub Advisory Database
Blast Radius: 99.3
Published: about 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWo4OG0tOTUzdy04cjJj
rendertron XSS vulnerability
Ecosystems: npm
Packages: rendertron
Source: GitHub Advisory Database
Blast Radius: 5.5
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTMzN3gtNHE4Zy1wcmM1
Improper Input Validation in Django
Ecosystems: pypi
Packages: django
Source: GitHub Advisory Database
Blast Radius: 32.9
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXdnNXctdnY5My0zZjd3
Moderate severity vulnerability that affects org.apache.oozie:oozie-core
Ecosystems: maven
Packages: org.apache.oozie:oozie-core
Source: GitHub Advisory Database
Blast Radius: 12.9
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJjcGYtdmo1My03aDJt
Denial of Service in org.springframework:spring-core
Ecosystems: maven
Packages: org.springframework:spring-core
Source: GitHub Advisory Database
Blast Radius: 33.8
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWZtajUtd3Y5Ni1yMmNo
Denial of service vulnerability in org.apache.httpcomponents:httpclient
Ecosystems: maven
Packages: org.apache.httpcomponents:httpclient
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTVoNm0tOW12eC1tNmM1
Moderate severity vulnerability that affects mayan-edms
Ecosystems: pypi
Packages: mayan-edms
Source: GitHub Advisory Database
Blast Radius: 2.9
Published: over 5 years ago
Moderate
GSA_kwCzR0hTQS1jNGMzLTNjZ2gtdnZyaM4AAo_i
Missing permission check in Jenkins requests-plugin Plugin allows viewing pending requests
Ecosystems: maven
Packages: org.jenkins-ci.plugins:requests
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS0zYzV4LTRodngtcXJycs4AAwnx
Graphite Web Cross-site Scripting vulnerability
Ecosystems: pypi
Packages: graphite-web
Source: GitHub Advisory Database
Blast Radius: 8.7
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1xOTlwLTc4aHAteGc1Y84AAwni
Graphite Web Cross-site Scripting vulnerability
Ecosystems: pypi
Packages: graphite-web
Source: GitHub Advisory Database
Blast Radius: 8.7
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1tM2c3LXdycnEtdjVjOM4AAwv4
Pyload contains Sensitive Cookie in HTTPS Session Without 'Secure' Attribute
Ecosystems: pypi
Packages: pyload-ng
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS00MnEyLW01NGYtamg5Nc4AAwp8
sememos/memos vulnerable to Improper Handling of Values
Ecosystems: go
Packages: github.com/usememos/memos
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS13bTMyLTNyNG0tanZjY84AAwzP
Symbiote Seed Open Redirect vulnerability
Ecosystems: packagist
Packages: symbiote/silverstripe-seed
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS05Z2dwLTVyZjQteDdxOc4AAe1h
Fat Free CRM vulnerable to SQL Injection
Ecosystems: rubygems
Packages: fat_free_crm
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1qOXEyLWY5cTctamhncc4AAxG9
CakePHP SecurityComponent cross form submission issue
Ecosystems: packagist
Packages: cakephp/cakephp
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS12OWdqLTVyZ3AtdzMzcs4AAxEi
Modoboa is vulnerable to Cross-Site Request Forgery
Ecosystems: pypi
Packages: modoboa
Source: GitHub Advisory Database
Blast Radius: 7.6
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS12d2NoLWc5N3ctaGZnMs4AA4LX
CubeFS leaks users key in logs
Ecosystems: go
Packages: github.com/cubefs/cubefs
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS13Z3cyLWd3NHYtOXc0as4AAd58
Improper Neutralization of Input During Web Page Generation in Apache Solr
Ecosystems: maven
Packages: org.apache.solr:solr
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1xODR4LTM0NzYtOGZmMs4AAwx_
Apache James MIME4J vulnerable to information disclosure to local users
Ecosystems: maven
Packages: org.apache.james:apache-mime4j-storage
Source: GitHub Advisory Database
Blast Radius: 10.5
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1oNjl2LW12aDktaGZycc4AA2I8
Mattermost Incorrect Authorization vulnerability
Ecosystems: go
Packages: github.com/mattermost/mattermost-server/v6, github.com/mattermost/mattermost/server/v8
Source: GitHub Advisory Database
Blast Radius: 9.6
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS1tOTV4LW0yNWMtdzltcM4AAw6k
XML-RPC for PHP allows access to local files via malicious argument to the Client::send method
Ecosystems: packagist
Packages: phpxmlrpc/phpxmlrpc
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1qYzk3LWgzaDktN3hoNs4AAygy
Regular Expression Denial of Service in Deno.upgradeWebSocket API
Ecosystems: cargo
Packages: deno
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS03dmN4LXY2NXEtOXdwZ84AAw6j
XML-RPC for PHP's `Wrapper::buildClientWrapperCode` method allows code injection via malicious `$client` argument
Ecosystems: packagist
Packages: phpxmlrpc/phpxmlrpc
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS01Mjg2LWYycmYtMzVjMs4AAygz
Wagtail vulnerable to stored Cross-site Scripting attack via ModelAdmin views
Ecosystems: pypi
Packages: wagtail
Source: GitHub Advisory Database
Blast Radius: 21.1
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1yeGc5LWhncTctOHB3eM4AA3qR
Header spoofing in caddy-geo-ip
Ecosystems: go
Packages: github.com/shift72/caddy-geo-ip
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS0zMjQ0LThtZmYtdzM5OM4AAw3d
Reflected XSS in Gotify's /docs via import of outdated Swagger UI
Ecosystems: go
Packages: github.com/gotify/server
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1mNnZ4LTNmcTYtaHhtOM4AAkKy
Stored XSS vulnerability in Jenkins FitNesse Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:fitnesse
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS02MzhtLW04bWgtN2d3Ms3dRQ
Incorrect MAC key used in the RC4-MD5 ciphersuite
Ecosystems: cargo
Packages: openssl-src
Source: GitHub Advisory Database
Blast Radius: 21.0
Published: about 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXdoYzctNXAzNS00d3cy
Use after free in actix-service
Ecosystems: cargo
Packages: actix-service
Source: GitHub Advisory Database
Blast Radius: 20.8
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS00cGp4LTg2cGcteDRqNc4AAWed
Jenkins SAML Plugin Session Fixation vulnerability
Ecosystems: maven
Packages: org.jenkins-ci.plugins:saml
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1jMnY0LThyOWctZzV4as4AAwnt
usememos/memos vulnerable to stored Cross-site Scripting
Ecosystems: go
Packages: github.com/usememos/memos
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS13N2pyLXdxdzYtNTR4Y84AAjcJ
Non-constant time comparison of inbound TCP agent connection secret
Ecosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1qOWdxLXc3M3ctOWg2Y84AA2L3
pretix potential IP address spoofing vulnerability
Ecosystems: pypi
Packages: pretix
Source: GitHub Advisory Database
Blast Radius: 4.8
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS1ndzltLTJtNXYtYzZ4Nc4AAwp7
usememos/memos Cross-Site Request Forgery vulnerability
Ecosystems: go
Packages: github.com/usememos/memos
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS12aDQzLWNjNngtcHJwcs4AAwqF
usememos/memos vulnerable to Improper Verification of Source of a Communication Channel
Ecosystems: go
Packages: github.com/usememos/memos
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS01ZzJoLTl4NXYtNWgzeM4AAw18
phoenix_html allows Cross-site Scripting in HEEx class attributes
Ecosystems: hex, npm
Packages: phoenix_html
Source: GitHub Advisory Database
Blast Radius: 50.9
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1yOHh4LTh2bTgteDZ3as4AA34N
Resque vulnerable to Reflected Cross Site Scripting through pathnames
Ecosystems: rubygems
Packages: resque
Source: GitHub Advisory Database
Blast Radius: 24.6
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS1tYzIyLTVxOTItOHY4Nc0V0w
Memory Safety Issue when using patch or merge on state and assign the result back to state
Ecosystems: cargo
Packages: tremor-script
Source: GitHub Advisory Database
Blast Radius: 5.1
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1xNDVoLWNoYzgtaHZwNs4AAXw7
OpenStack Object Storage (Swift) Sensitive Data Exposure
Ecosystems: pypi
Packages: swift
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1wN203LWo4anYtMzkzcc4AAmmO
Magento incorrect permissions vulnerability in the Inventory module
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 4.6
Published: almost 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWg5N2ctNG14Ny01cDJw
Open Redirect in apostrophe
Ecosystems: npm
Packages: apostrophe
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Moderate
GSA_kwCzR0hTQS00ampqLWNtN3EtdjZocs4AAjcO
Jenkins Diagnostic page exposed session cookies
Ecosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS13NnFmLWo0cXItZjk0Ns4AAwrc
Froxlor Improper Authorization vulnerability
Ecosystems: packagist
Packages: froxlor/froxlor
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1jajJnLXd3ZnYtbXZqaM4AAjxl
XSS vulnerability in Jenkins Audit Trail Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:audit-trail
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS13M3c5LXZyZjUtOG14OM4AAu1p
ReactPHP's HTTP server parses encoded cookie names so malicious `__Host-` and `__Secure-` cookies can be sent
Ecosystems: packagist
Packages: react/http
Source: GitHub Advisory Database
Blast Radius: 17.5
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS00N202LTQ2bWotcDIzNc4AAu1r
TYPO3 HTML Sanitizer Bypasses Cross-Site Scripting Protection
Ecosystems: packagist
Packages: typo3/cms, typo3/cms-core, typo3/html-sanitizer
Source: GitHub Advisory Database
Blast Radius: 21.9
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS04ZnZyLTc5NDUtbWc3d84AArio
Cross site scripting in dolibarr
Ecosystems: packagist
Packages: dolibarr/dolibarr
Source: GitHub Advisory Database
Blast Radius: 4.2
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS01Mmg4LWM4NzYtOTg5Y84AA1BX
Answer has Race Condition within a Thread
Ecosystems: go
Packages: github.com/answerdev/answer
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 10 months ago
Moderate
GSA_kwCzR0hTQS01NG05LWg3cXAtZnd2Z84AAjka
Password stored in plain text by Applatix Plugin
Ecosystems: maven
Packages: com.applatix.jenkins:applatix
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1nbWcyLTN3NnYtOTQ1cM4AAjkW
Password stored in plain text by Parasoft Environment Manager Plugin
Ecosystems: maven
Packages: com.parasoft:environment-manager
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS05OXZjLXh3OGotcGhqbc4AA5M7
Ghost has possible Cross-site Scripting issue
Ecosystems: npm
Packages: ghost
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS1xajdwLTloZ2YteDhqN84AAjkn
Passwords stored in plain text by Harvest SCM Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:harvest
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS02NzkzLWdtcDktMjUzNc4AAjkj
Password stored in plain text by ECX Copy Data Management Plugin
Ecosystems: maven
Packages: com.catalogic.ecxjenkins:catalogic-ecx
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS04YzZ4LWc0ZnctOHJmNM4AA0ig
Whatsapp-Chat-Exporter has Cross-Site Scripting vulnerability in HTML output of chats.
Ecosystems: pypi
Packages: Whatsapp-Chat-Exporter
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 10 months ago
Moderate
GSA_kwCzR0hTQS03M3d2LXJnajctdmpqOc4AAn11
Aimeos Typo3 extension contains Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: aimeos/aimeos-typo3
Source: GitHub Advisory Database
Blast Radius: 3.3
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1mNXY1LWNjcWMtNnczNs4AAyUF
async-nats vulnerable to TLS certificate common name validation bypass
Ecosystems: cargo
Packages: async-nats
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS03Mzg4LTd2cTItbTRmNM4AAn3p
Concrete CMS Cross-site Scripting via Survey Blocks
Ecosystems: packagist
Packages: concrete5/concrete5
Source: GitHub Advisory Database
Blast Radius: 4.6
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS04ajYyLTI5amctNmhqNs37BA
Jenkins wildFly Deployer Plugin stores credentials in plain text
Ecosystems: maven
Packages: org.jenkins-ci.plugins:wildfly-deployer
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1mZmZyLTd4NHgtZjk4cc4AAu1V
TYPO3 CMS vulnerable to Denial of Service in Page Error Handling
Ecosystems: packagist
Packages: typo3/cms, typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 21.2
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS04Njg2LTRjcjMtNzZ3as4AAwyw
usememos/memos vulnerable to stored Cross-site Scripting
Ecosystems: go
Packages: github.com/usememos/memos
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1nd3ZxLXJncWYtOTkzZs4AAX-q
python-keystoneclient vulnerable to context confusion in Keystone auth_token middleware
Ecosystems: pypi
Packages: python-keystoneclient
Source: GitHub Advisory Database
Blast Radius: 21.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1xOXc0LXc2NjctcXFqNM4AA0if
ckeditor-wordcount-plugin vulnerable to Cross-site Scripting in Source Mode of Editor
Ecosystems: npm
Packages: ckeditor-wordcount-plugin
Source: GitHub Advisory Database
Blast Radius: 6.6
Published: 10 months ago
Moderate
GSA_kwCzR0hTQS1ydnd3LXc2Mm0taGNoOM4AAmC5
CSRF vulnerability in Jenkins Lockable Resources Plugin
Ecosystems: maven
Packages: org.6wind.jenkins:lockable-resources
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS02aDk4LWNmOWctdm1nMs4AAR20
Electron vulnerable to URL spoofing via PDFium
Ecosystems: npm
Packages: Electron
Source: GitHub Advisory Database
Blast Radius: 21.4
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1jcmhnLXhncmctdnZjY84AAw-o
a12nserver vulnerable to potential SQL Injections via Knex dependency
Ecosystems: npm
Packages: @curveball/a12n-server
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS12YzdqLWg4eGctZnY1eM4AA1Df
matrix-appservice-bridge doesn't verify the sub parameter of an openId token exhange, allowing unauthorized access to provisioning APIs
Ecosystems: npm
Packages: matrix-appservice-bridge
Source: GitHub Advisory Database
Blast Radius: 13.4
Published: 10 months ago
Moderate
GSA_kwCzR0hTQS05ZzRmLTVycGctNDk0OM4AAYu7
NodeBB Cross-site Scripting Vulnerability in Markdown Processing
Ecosystems: npm
Packages: nodebb-plugin-markdown, nodebb
Source: GitHub Advisory Database
Blast Radius: 14.3
Published: about 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXdjeGMtamY2Yy04cng5
Uncaught Exception in libpulse-binding
Ecosystems: cargo
Packages: libpulse-binding
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1oNnBwLXY0ajYtdzc2Y84AAjkg
Password stored in plain text by Dynamic Extended Choice Parameter Plugin
Ecosystems: maven
Packages: com.moded.extendedchoiceparameter:dynamic_extended_choice_parameter
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1ncnY2LW03NTMtM3cyZ84AAvNO
NocoDB vulnerable to Denial of Service
Ecosystems: npm
Packages: nocodb
Source: GitHub Advisory Database
Blast Radius: 11.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS0ydmgzLWNqOWotbWNqNc4AA8Hu
eZ Publish Legacy Cross-site Scripting (XSS) in 'disabled module' error template
Ecosystems: packagist
Packages: ezsystems/ezpublish-legacy
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 days ago
Moderate
GSA_kwCzR0hTQS1xY2ZxLTM1djctNGZ3N84AAjxx
CSRF vulnerability in Mac Plugin
Ecosystems: maven
Packages: fr.edf.jenkins.plugins:mac
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1oM3FyLWZqaG0tanBod84AAtYu
Codecov prior to 2.0.16 does not sanitize gcov arguments
Ecosystems: pypi
Packages: codecov
Source: GitHub Advisory Database
Blast Radius: 26.9
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS00NThoLXd2NDgtZnE3Nc4AARNL
Keycloak vulnerable to cross-site scripting via the state parameter
Ecosystems: maven
Packages: org.keycloak:keycloak-parent
Source: GitHub Advisory Database
Blast Radius: 8.7
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS03ZzN2LTRnZ3IteHZqZs4AA19a
Croc may expose secret to local users
Ecosystems: go
Packages: github.com/schollz/croc/v9
Source: GitHub Advisory Database
Blast Radius: 2.2
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS1xcnJnLWd3N3ctdnA3Ns4AAyQj
Grafana Stored Cross-site Scripting in Graphite FunctionDescription tooltip
Ecosystems: go
Packages: github.com/grafana/grafana
Source: GitHub Advisory Database
Blast Radius: 10.5
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS04NjR2LTZxajctNjJxas4AAxIy
Issue with whitespace in JWT roles in OpenSearch
Ecosystems: maven
Packages: org.opensearch:opensearch-security
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Statistics
Advisories: 18,774
Packages: 8,381
Repositories: 5,080
Ecosystems: 12
Filter by Severity
Moderate 8,161 High 6,452 Critical 2,849 Low 1,017
Filter by Ecosystem
maven 5,573 packagist 4,003 pypi 3,848 npm 3,557 go 1,935 nuget 1,421 rubygems 815 cargo 780 swift 31 hex 30 actions 16 pub 8
Filter by Package
tensorflow 432 tensorflow-cpu 387 tensorflow-gpu 384 moodle/moodle 323 Microsoft.ChakraCore 247 magento/community-edition 203 org.jenkins-ci.main:jenkins-core 189 org.apache.tomcat:tomcat 134 pimcore/pimcore 116 dolibarr/dolibarr 107 typo3/cms 102 phpmyadmin/phpmyadmin 92 microweber/microweber 91 drupal/core 90 django 80 apache-airflow 78 typo3/cms-core 77 drupal/drupal 75 thorsten/phpmyfaq 70 com.fasterxml.jackson.core:jackson-databind 69 ansible 63 github.com/usememos/memos 59 actionpack 57 org.apache.struts:struts2-core 55 librenms/librenms 54 symfony/symfony 53 salt 53 Plone 52 concrete5/concrete5 52 apache-superset 49 shopware/platform 48 org.keycloak:keycloak-core 47 nova 45 com.liferay.portal:release.portal.bom 45 github.com/grafana/grafana 44 baserproject/basercms 43 nokogiri 43 plone 43 rdiffweb 42 Pillow 41 intelliants/subrion 40 showdoc/showdoc 40 craftcms/cms 40 vyper 38 github.com/mattermost/mattermost/server/v8 38 github.com/mattermost/mattermost-server/v6 37 nilsteampassnet/teampass 37 froxlor/froxlor 37 org.apache.tomcat.embed:tomcat-embed-core 36 shopware/core 36 com.jfinal:jfinal 36 com.thoughtworks.xstream:xstream 36 matrix-synapse 35 net.mingsoft:ms-mcms 35 moin 34 github.com/answerdev/answer 34 org.xwiki.platform:xwiki-platform-oldcore 34 mlflow 33 org.elasticsearch:elasticsearch 32 org.jenkins-ci.plugins:script-security 32 snipe/snipe-it 32 silverstripe/framework 32 k8s.io/kubernetes 32 keystone 30 opencv-contrib-python 30 opencv-python 30 mautic/core 30 Django 30 github.com/argoproj/argo-cd 29 getgrav/grav 29 parse-server 29 github.com/rancher/rancher 28 github.com/hashicorp/vault 28 centreon/centreon 27 io.undertow:undertow-core 27 org.keycloak:keycloak-services 27 shopware/shopware 27 github.com/hashicorp/nomad 26 prestashop/prestashop 26 github.com/hashicorp/consul 26 openssl-src 26 electron 26 rubygems-update 25 org.keycloak:keycloak-parent 25 org.apache.solr:solr-core 25 gogs.io/gogs 24 magento/core 24 pocketmine/pocketmine-mp 23 puppet 23 org.springframework.security:spring-security-core 23 github.com/argoproj/argo-cd/v2 23 remdex/livehelperchat 23 mediawiki/core 23 org.eclipse.jetty:jetty-server 23 ckb 22 grumpydictator/firefly-iii 22 getkirby/cms 22 org.bouncycastle:bcprov-jdk14 22 org.apache.nifi:nifi 22 rack 22 org.apache.openmeetings:openmeetings-parent 21 @openzeppelin/contracts-upgradeable 21 contao/core-bundle 21 activerecord 21 github.com/docker/docker 20 @openzeppelin/contracts 20 org.cloudfoundry.identity:cloudfoundry-identity-server 20 github.com/cilium/cilium 20 github.com/ethereum/go-ethereum 20 tribalsystems/zenario 20 DotNetNuke.Core 19 code.gitea.io/gitea 19 laravel/framework 19 org.springframework:spring-core 19 Microsoft.AspNetCore.App.Runtime.win-x64 18 com.vaadin:vaadin-bom 18 Microsoft.AspNetCore.App.Runtime.win-x86 18 langchain 18 com.liferay.portal:release.dxp.bom 18 forkcms/forkcms 18 glance 18 directus 18 contao/contao 18 helm.sh/helm/v3 18 cockpit-hq/cockpit 18 simplesamlphp/simplesamlphp 18 org.apache.geode:geode-core 17 topthink/framework 17 Microsoft.AspNetCore.App.Runtime.win-arm 17 cobbler 17 genix/cms 17 symfony/security 17 org.xwiki.platform:xwiki-platform-web-templates 17 golang.org/x/net 17 francoisjacquet/rosariosis 17 PaddlePaddle 17 cakephp/cakephp 17 mercurial 17 ezsystems/ezpublish-kernel 17 Microsoft.AspNetCore.App.Runtime.osx-x64 16 org.apache.dubbo:dubbo 16 wasmtime 16 org.apache.activemq:activemq-client 16 rusqlite 16 Microsoft.AspNetCore.App.Runtime.linux-x64 16 Microsoft.AspNetCore.App.Runtime.linux-musl-x64 16 Microsoft.AspNetCore.App.Runtime.linux-arm 16 neutron 16 Microsoft.AspNetCore.App.Runtime.linux-arm64 16 sequelize 16 yetiforce/yetiforce-crm 16 org.bouncycastle:bcprov-jdk15 16 pillow 16 notebook 15 org.apache.jspwiki:jspwiki-main 15 openmage/magento-lts 15 paddlepaddle 15 next 15 github.com/goharbor/harbor 15 Microsoft.AspNetCore.App.Runtime.win-arm64 15 gradio 15 Microsoft.AspNetCore.App.Runtime.linux-musl-arm64 15 cryptography 15 org.apache.struts.xwork:xwork-core 15 org.xwiki.platform:xwiki-platform-web 14 activesupport 14 zendframework/zendframework1 14 ghost 14 ec-cube/ec-cube 14 symfony/security-http 14 smarty/smarty 14 phpmailer/phpmailer 14 tinymce 14 pyload-ng 14 github.com/containerd/containerd 14 publify_core 14 swagger-ui 14 modoboa 14 org.apache.inlong:manager-pojo 14 typo3/cms-backend 14 pyftpdlib 14 codeigniter4/framework 13 github.com/mattermost/mattermost-server 13 lavalite/cms 13 github.com/traefik/traefik/v2 13 joplin 13 elefant/cms 13 october/system 13 strapi 13 bolt/bolt 13 ckeditor4 13 passenger 13 OctoPrint 13 impresscms/impresscms 13 github.com/nats-io/nats-server/v2 13 org.apache.cxf:cxf 13 org.apache.hadoop:hadoop-main 13 actionview 12 deno 12 undici 12
Filter by Repository
https://github.com/tensorflow/tensorflow 432 https://github.com/chakra-core/ChakraCore 214 https://github.com/moodle/moodle 210 https://github.com/xwiki/xwiki-platform 172 https://github.com/jenkinsci/jenkins 148 https://github.com/pimcore/pimcore 111 https://github.com/apache/tomcat 96 https://github.com/django/django 95 https://github.com/apache/airflow 90 https://github.com/microweber/microweber 85 https://github.com/FasterXML/jackson-databind 70 https://github.com/thorsten/phpmyfaq 69 https://github.com/usememos/memos 59 https://github.com/keycloak/keycloak 59 https://github.com/Dolibarr/dolibarr 55 https://github.com/rails/rails 53 https://github.com/ansible/ansible 53 https://github.com/python-pillow/Pillow 52 https://github.com/kubernetes/kubernetes 49 https://github.com/symfony/symfony 47 https://github.com/TYPO3/typo3 46 https://github.com/librenms/librenms 46 https://github.com/apache/struts 46 https://github.com/shopware/platform 43 https://github.com/ikus060/rdiffweb 42 https://github.com/spring-projects/spring-framework 41 https://github.com/grafana/grafana 39 https://github.com/star7th/showdoc 38 https://github.com/vyperlang/vyper 38 https://github.com/phpmyadmin/phpmyadmin 38 https://github.com/plone/Products.CMFPlone 37 https://github.com/argoproj/argo-cd 37 https://github.com/x-stream/xstream 36 https://github.com/openstack/nova 36 https://github.com/concretecms/concretecms 34 https://github.com/answerdev/answer 34 https://github.com/octobercms/october 33 https://github.com/apache/activemq 33 https://github.com/saltstack/salt 32 https://github.com/sparklemotion/nokogiri 32 https://github.com/matrix-org/synapse 32 https://github.com/go-gitea/gitea 31 https://github.com/PaddlePaddle/Paddle 31 https://github.com/magento/magento2 31 https://github.com/parse-community/parse-server 29 https://github.com/craftcms/cms 29 https://github.com/mautic/mautic 28 https://github.com/opencv/opencv 28 https://github.com/CVEProject/cvelist 28 https://github.com/snipe/snipe-it 28 https://github.com/mlflow/mlflow 27 https://github.com/openstack/keystone 27 https://github.com/froxlor/froxlor 26 https://github.com/apache/inlong 26 https://github.com/electron/electron 25 https://github.com/rancher/rancher 25 https://github.com/dotnet/runtime 24 https://github.com/shopware/shopware 24 https://github.com/getgrav/grav 24 https://github.com/TYPO3/TYPO3.CMS 24 https://github.com/pmmp/PocketMine-MP 23 https://github.com/github/advisory-database 23 https://github.com/livehelperchat/livehelperchat 23 https://github.com/eclipse/jetty.project 23 https://github.com/PrestaShop/PrestaShop 22 https://github.com/baserproject/basercms 22 https://github.com/firefly-iii/firefly-iii 22 https://github.com/nervosnetwork/ckb 22 https://github.com/contao/contao 22 https://github.com/apache/nifi 21 https://github.com/jenkinsci/script-security-plugin 21 https://github.com/strapi/strapi 21 https://github.com/netty/netty 20 https://github.com/jeecgboot/jeecg-boot 20 https://github.com/OpenNMS/opennms 20 https://github.com/cilium/cilium 20 https://github.com/OpenZeppelin/openzeppelin-contracts 20 https://github.com/gogs/gogs 20 https://github.com/nilsteampassnet/teampass 19 https://github.com/hashicorp/consul 19 https://github.com/bcgit/bc-java 19 https://github.com/apache/cxf 19 https://github.com/cloudfoundry/uaa 19 https://github.com/helm/helm 19 https://github.com/intelliants/subrion 19 https://github.com/rubygems/rubygems 18 https://github.com/nilsteampassnet/TeamPass 18 https://github.com/getkirby/kirby 18 https://github.com/vaadin/platform 17 https://github.com/rack/rack 17 https://github.com/liufee/cms 17 https://github.com/directus/directus 17 https://github.com/bytecodealliance/wasmtime 17 https://github.com/rusqlite/rusqlite 16 https://github.com/yetiforcecompany/yetiforcecrm 16 https://github.com/etcd-io/etcd 16 https://github.com/opencast/opencast 16 https://github.com/sequelize/sequelize 16 https://github.com/umbraco/Umbraco-CMS 16 https://github.com/forkcms/forkcms 16 https://github.com/ethereum/go-ethereum 16 https://github.com/hashicorp/vault 16 https://github.com/centreon/centreon 15 https://github.com/simplesamlphp/simplesamlphp 15 https://github.com/laravel/framework 15 https://github.com/puppetlabs/puppet 15 https://github.com/goharbor/harbor 15 https://github.com/geoserver/geoserver 15 https://github.com/OpenMage/magento-lts 15 https://github.com/denoland/deno 15 https://github.com/apache/camel 15 https://github.com/containerd/containerd 14 https://github.com/PHPMailer/PHPMailer 14 https://github.com/mattermost/mattermost 14 https://github.com/pyca/cryptography 14 https://github.com/cockpit-hq/cockpit 14 https://github.com/langchain-ai/langchain 14 https://github.com/moby/moby 14 https://github.com/cobbler/cobbler 14 https://github.com/vantage6/vantage6 14 https://github.com/tinymce/tinymce 14 https://github.com/gradio-app/gradio 14 https://github.com/pyload/pyload 14 https://github.com/quarkusio/quarkus 13 https://github.com/traefik/traefik 13 https://github.com/golang/go 13 https://github.com/hashicorp/nomad 13 https://github.com/swagger-api/swagger-ui 13 https://github.com/silverstripe/silverstripe-framework 13 https://github.com/xuxueli/xxl-job 13 https://github.com/dromara/hutool 13 https://github.com/publify/publify 13 https://github.com/modoboa/modoboa 13 https://github.com/undertow-io/undertow 13 https://github.com/ming-soft/MCMS 13 https://github.com/dompdf/dompdf 13 https://github.com/backstage/backstage 12 https://github.com/apache/dolphinscheduler 12 https://github.com/patriksimek/vm2 12 https://github.com/laurent22/joplin 12 https://github.com/ckeditor/ckeditor4 12 https://github.com/twisted/twisted 12 https://github.com/apache/kylin 12 https://github.com/nodejs/undici 12 https://github.com/TryGhost/Ghost 12 https://github.com/centreon/centreon-archived 12 https://github.com/igniterealtime/Openfire 11 https://github.com/top-think/framework 11 https://github.com/Studio-42/elFinder 11 https://github.com/thorsten/phpMyFAQ 11 https://github.com/dotnet/aspnetcore 11 https://github.com/janeczku/calibre-web 11 https://github.com/cakephp/cakephp 11 https://github.com/openfga/openfga 11 https://github.com/drupal/core 11 https://github.com/onionshare/onionshare 11 https://github.com/puma/puma 11 https://github.com/smarty-php/smarty 11 https://github.com/vaadin/flow 11 https://github.com/1Panel-dev/1Panel 11 https://github.com/aio-libs/aiohttp 11 https://github.com/containers/podman 11 https://github.com/ezsystems/ezpublish-kernel 11 https://github.com/cloudflare/cfrpki 11 https://github.com/nats-io/nats-server 11 https://github.com/zitadel/zitadel 11 https://github.com/opencontainers/runc 11 https://github.com/NodeBB/NodeBB 11 https://github.com/urllib3/urllib3 11 https://github.com/vercel/next.js 11 https://github.com/scrapy/scrapy 11 https://github.com/dolibarr/dolibarr 10 https://github.com/jquery/jquery 10 https://github.com/jenkinsci/git-plugin 10 https://github.com/keystonejs/keystone 10 https://github.com/wagtail/wagtail 10 https://github.com/pimcore/admin-ui-classic-bundle 10 https://github.com/openstack/glance 10 https://github.com/nextauthjs/next-auth 10 https://github.com/Sylius/Sylius 10 https://github.com/codeigniter4/CodeIgniter4 10 https://github.com/dpgaspar/Flask-AppBuilder 10 https://github.com/zopefoundation/Zope 10 https://github.com/greenpau/caddy-security 10 https://github.com/phusion/passenger 10 https://github.com/jupyter/notebook 10 https://github.com/nocodb/nocodb 10 https://github.com/OPCFoundation/UA-.NETStandard 10 https://github.com/WWBN/AVideo 10 https://github.com/Pylons/waitress 9 https://github.com/Graylog2/graylog2-server 9 https://github.com/spring-projects/spring-security 9 https://github.com/neorazorx/facturascripts 9 https://github.com/apache/lucene-solr 9 https://github.com/funadmin/funadmin 9 https://github.com/nautobot/nautobot 9 https://github.com/DSpace/DSpace 9 https://github.com/faucetsdn/ryu 9 https://github.com/semplon/GeniXCMS 9