Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories

Loading...
Moderate
GSA_kwCzR0hTQS00NTV3LWd2NXAtd2dnM80kXg
Cross-site Scripting in pimcore
Ecosystems: packagist
Packages: pimcore/pimcore
Source: GitHub Advisory Database
Blast Radius: 13.4
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1ncTRwLTRoeHYtNXJnOc4AAtte
WASM3 segmentation fault
Ecosystems: cargo, pypi
Packages: wasm3, pywasm3
Source: GitHub Advisory Database
Blast Radius: 5.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1jMmNwLTN4ajktOTd3Oc0-tA
Denial of service in Spring Security OAuth2
Ecosystems: maven
Packages: org.springframework.security.oauth:spring-security-oauth2
Source: GitHub Advisory Database
Blast Radius: 25.8
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1jOG1mLW1jM2YtMnd2Y84AAs7t
Plaintext Storage of a Password in Jenkins Convertigo Mobile Platform Plugin
Ecosystems: maven
Packages: com.convertigo.jenkins.plugins:convertigo-mobile-platform
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS03NDk1LTI0bXgtaHBoMs4AAs7w
Missing permission check in Jenkins Convertigo Mobile Platform Plugin
Ecosystems: maven
Packages: com.convertigo.jenkins.plugins:convertigo-mobile-platform
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTVxNTQtOHA5ai14NzRq
Cross-site Scripting in pandao editor.md
Ecosystems: npm
Packages: editor.md
Source: GitHub Advisory Database
Blast Radius: 12.7
Published: over 4 years ago
Moderate
GSA_kwCzR0hTQS1xMjJ3LXI1cXEtdjN3Zs0_NA
Typo3 XSS in RemoveXSS function
Ecosystems: packagist
Packages: typo3/cms
Source: GitHub Advisory Database
Blast Radius: 15.9
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1jMzN3LXBtNTItbXF2Zs4AAvij
@dependencytrack/frontend vulnerable to Persistent Cross-Site-Scripting via Vulnerability Details
Ecosystems: npm
Packages: @dependencytrack/frontend
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1xOHYzLTdoNnEtZzM5cc4AAs74
Cross-Site Request Forgery in Jenkins Jianliao Notification Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:jianliao
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS03YzN2LXZjM3gteDc4Oc4AAhnW
Insertion of Sensitive Information into Log File in Jenkins Configuration as Code Plugin
Ecosystems: maven
Packages: io.jenkins:configuration-as-code
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS01cHB4LXJndzIteGcyM84AATfi
Improper Neutralization of Input During Web Page Generation in Jenkins
Ecosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS12cndjLXFqbXctNXJqbc4AATRA
ClassLoader manipulation in Apache Struts
Ecosystems: maven
Packages: org.apache.struts.xwork:xwork-core, org.apache.struts:struts2-core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS00aHh2LTk1cmMtanFnN84AAYEq
nv-websocket-client allows attackers to spoof SSL/TLS servers via an arbitrary valid certificate
Ecosystems: maven
Packages: com.neovisionaries:nv-websocket-client
Source: GitHub Advisory Database
Blast Radius: 15.2
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1tNzJnLTQycTYtZ3ZjMs0WGQ
Cross-site Scripting in LaraCMS
Ecosystems: packagist
Packages: wanglelecc/laracms
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS0zcDg2LXhncnEtbTZwNs3c3Q
Improper Neutralization of Input During Web Page Generation in Apache Tomcat
Ecosystems: maven
Packages: org.apache.tomcat:tomcat
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS02cGptLWhtdmYtaDRycs4AA7wo
image-optimizer allows PHAR deserialization
Ecosystems: packagist
Packages: spatie/image-optimizer
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 12 days ago
Moderate
GSA_kwCzR0hTQS14OXdwLWdmcnItcDVycM4AAv6R
Missing Authorization in Jenkins XP-Dev Plugin
Ecosystems: maven
Packages: com.cloudbees.jenkins.plugins:xpdev
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS04cWg0LWZnaHItNmZ4Z84AAiY0
Improper Limitation of a Pathname to a Restricted Directory in Jenkins Google OAuth Credentials Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:google-oauth-plugin
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1tNG12LXJtcjctaDVmNc4AAzpI
Pimcore Privilege Defined With Unsafe Actions vulnerability
Ecosystems: packagist
Packages: pimcore/pimcore
Source: GitHub Advisory Database
Blast Radius: 16.2
Published: 12 months ago
Moderate
GSA_kwCzR0hTQS01eHY5LWdwMjItZ3FtNc4AAmK2
Missing permission checks in Jenkins Maven Cascade Release Plugin
Ecosystems: maven
Packages: com.barchart.jenkins:maven-release-cascade
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTg0cm0tcWYzNy1mZ2My
Integer Overflow in openssl-src
Ecosystems: cargo
Packages: openssl-src
Source: GitHub Advisory Database
Blast Radius: 21.0
Published: over 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTQ2aHYtNzc2OS1qN3J4
Unauthorized File Access in harp
Ecosystems: npm
Packages: harp
Source: GitHub Advisory Database
Blast Radius: 16.1
Published: almost 5 years ago
Moderate
GSA_kwCzR0hTQS02dmM4LTN4ZjItcXJ4eM4AAil8
Magento 2 Community Edition RCE Vulnerability
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 7.1
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS04NTc4LW1tZjQtZjMyN84AAhkp
Magento 2 Community Edition Cross-site Scripting Vulnerability
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 4.6
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1yOWpmLWhmOXgtN2hyds4AAXbU
Exposure of Sensitive Information to an Unauthorized Actor Jenkins Script Security Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:script-security
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1nd3h2LWp2ODMtNnFqcs4AAzpF
JStachio XSS vulnerability: Unescaped single quotes
Ecosystems: maven
Packages: io.jstach:jstachio
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 12 months ago
Moderate
GSA_kwCzR0hTQS1yaGg0LXJoN2MtN3I1ds4AA6r1
Archiver Path Traversal vulnerability
Ecosystems: go
Packages: github.com/mholt/archiver, github.com/mholt/archiver/v3
Source: GitHub Advisory Database
Blast Radius: 21.1
Published: about 1 month ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWpqcHEtZ3A1cS04cTZ3
Cross-site scripting in Apache Tomcat
Ecosystems: maven
Packages: org.apache.tomcat.embed:tomcat-embed-core
Source: GitHub Advisory Database
Blast Radius: 25.3
Published: almost 5 years ago
Moderate
GSA_kwCzR0hTQS0zOGhmLXhqbXgtanJoOM4AAWS9
Cross-site Scripting in Graylog Server
Ecosystems: maven
Packages: org.graylog2:graylog2-server
Source: GitHub Advisory Database
Blast Radius: 12.0
Published: about 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTgzbXgtNTczeC01cnc5
openssl-src NULL pointer Dereference in signature_algorithms processing
Ecosystems: cargo
Packages: openssl-src
Source: GitHub Advisory Database
Blast Radius: 21.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS03amY1LXA1NTYtNzVwcs4AAifC
Jenkins Kubernetes CI/CD Plugin vulnerable to Credential Enumeration
Ecosystems: maven
Packages: com.elasticbox.jenkins-ci.plugins:kubernetes-ci
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1obWNoLTk5NDctODJyas4AAilT
Magento 2 Community Edition Weak Cryptography
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 5.7
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS0yOGNxLTZybXgtcGpxNM4AAZ9M
Improper Authentication in Apache Tomcat
Ecosystems: maven
Packages: org.apache.tomcat:tomcat
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJodzItNjJjcC1wOXA3
Access control bypass in Apache ZooKeeper
Ecosystems: maven
Packages: org.apache.zookeeper:zookeeper
Source: GitHub Advisory Database
Blast Radius: 26.7
Published: almost 5 years ago
Moderate
GSA_kwCzR0hTQS14Y2o2LTQzNTUtMjgyM84AAie2
Jenkins Mattermost Notification Plugin contains unencrypted storage of secret token
Ecosystems: maven
Packages: org.jenkins-ci.plugins:mattermost
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS0yOTU5LWZqNzMtaG04cM4AAoNq
Missing permission checks in Jenkins Config File Provider Plugin allow enumerating configuration file IDs
Ecosystems: maven
Packages: org.jenkins-ci.plugins:config-file-provider
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1ncnd4LTRwNXYtOWcyZ84AAesQ
Plone is vulnerable to Information Exposure when generating zip archives
Ecosystems: pypi
Packages: plone
Source: GitHub Advisory Database
Blast Radius: 4.1
Published: about 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTc4ajUtZ2NtZi12cWM4
Cross-Site Scripting (XSS) in Verdaccio
Ecosystems: npm
Packages: verdaccio
Source: GitHub Advisory Database
Blast Radius: 22.1
Published: almost 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXFtbWMtanBwZi0zMnd2
Directory Traversal in Docker
Ecosystems: go
Packages: github.com/docker/docker
Source: GitHub Advisory Database
Blast Radius: 29.9
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS00Y21xLTg4ZjgtNTNyNc4AAiYw
Jenkins CRX Content Package Deployer Plugin subject to credentials enumeration via Missing Authorization
Ecosystems: maven
Packages: org.jenkins-ci.plugins:crx-content-package-deployer
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTdqcjYtcHJ2NC01d2Y1
Helm passes repository credentials to alternate domain
Ecosystems: go
Packages: helm.sh/helm/v3
Source: GitHub Advisory Database
Blast Radius: 25.2
Published: almost 3 years ago
Moderate
GSA_kwCzR0hTQS1maHZ2LXA5NjgtNnZ2as4AAu6G
Snipe-IT vulnerable to Improper Authentication
Ecosystems: packagist
Packages: snipe/snipe-it
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1taHBqLTdtN2gtOHA2eM4AAzSc
Pimcore Cross-site Scripting (XSS) in Static Routes name field
Ecosystems: packagist
Packages: pimcore/pimcore
Source: GitHub Advisory Database
Blast Radius: 16.9
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS12eDJ4LTljZmYtZmhqd84AAwLo
DSInternals Credential Roaming Elevation of Privilege Vulnerability
Ecosystems: nuget
Packages: DSInternals.Common
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1wdzJmLW0yMm0tcDc1Y84AAhk_
Magento 2 Community Edition Cross-site Scripting Vulnerability
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 5.2
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1nOW0yLWMyeDUtZnIyds4AAjM2
Moodle does not revoke role capabilities correctly
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 7.6
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS13Y2pqLXFtNXYtajRwY84AAv6V
Jenkins Reverse Proxy Auth Plugin vulnerable due to plaintext storage of passwords
Ecosystems: maven
Packages: org.jenkins-ci.main:reverse-proxy-auth-plugin
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS05MzN4LTVnN3ItNzczcc4AAu-g
CSRF vulnerability in Jenkins Security Inspector plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:security-inspector
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1jd2NmLTVtNXctbXEyd84AAWew
Exposure of Sensitive Information to an Unauthorized Actor in Jenkins SSH Credentials Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:credentials, org.jenkins-ci.plugins:ssh-credentials
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1xN2NjLW02anctbTI2Ms4AAzRG
Pimcore Cross-site Scripting (XSS) in Predefined Properties delete
Ecosystems: packagist
Packages: pimcore/pimcore
Source: GitHub Advisory Database
Blast Radius: 16.9
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1qd3I2LTc1eGgtamg1as4AAxqJ
Synopsys Jenkins Coverity Plugin has Incorrect Default Permissions
Ecosystems: maven
Packages: org.jenkins-ci.plugins:synopsys-coverity
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1yeDRqLXgzZmgtOXF3Z84AAiSZ
Centreon Sensitive Data Exposure
Ecosystems: packagist
Packages: centreon/centreon
Source: GitHub Advisory Database
Blast Radius: 3.1
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS13N2g5LTh3cjQtaHdxaM4AAaKX
OpenStack Horizon Session Fixation
Ecosystems: pypi
Packages: horizon
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTczcmYtNm1yZi03NTlx
devise Time-of-check Time-of-use Race Condition vulnerability
Ecosystems: rubygems
Packages: devise
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 5 years ago
Moderate
GSA_kwCzR0hTQS05anhyLW13cHAtdzY0M84AAy64
Improper header validation in httpsoft/http-message
Ecosystems: packagist
Packages: httpsoft/http-message
Source: GitHub Advisory Database
Blast Radius: 10.8
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1xdjU2LWo4ZmctMzloNs4AAtDh
Jenkins build-metrics Plugin Missing Authorization vulnerability
Ecosystems: maven
Packages: org.jenkins-ci.plugins:build-metrics
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1mamhoLTY3d3YtN2dyNM4AAvsI
Reflected Cross site scripting (XSS) in kairosdb
Ecosystems: maven
Packages: org.kairosdb:kairosdb
Source: GitHub Advisory Database
Blast Radius: 9.2
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS00OHEzLTUyOTctd21teM4AAu-O
CSRF vulnerability in Jenkins CONS3RT Plugin allow capturing credentials
Ecosystems: maven
Packages: org.jenkins-ci.plugins:cons3rt
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW1mZzcteDVtNy02cDh3
NULL Pointer Dereference in Google TensorFlow
Ecosystems: pypi
Packages: tensorflow
Source: GitHub Advisory Database
Blast Radius: 31.6
Published: about 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWdwMzItN2gyOS1ycHht
Moderate severity vulnerability that affects com.puppycrawl.tools:checkstyle
Ecosystems: maven
Packages: com.puppycrawl.tools:checkstyle
Source: GitHub Advisory Database
Blast Radius: 16.7
Published: about 5 years ago
Moderate
GSA_kwCzR0hTQS04cGYzLTZmZ3ItM2czZ84AAy3P
`chainId` may be outdated if user changes chains as part of connection in @web3-react
Ecosystems: npm
Packages: @web3-react/walletconnect, @web3-react/metamask, @web3-react/eip1193, @web3-react/coinbase-wallet
Source: GitHub Advisory Database
Blast Radius: 14.1
Published: about 1 year ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTVyMnAtajQ3aC1taHBn
Rack vulnerable to Cross-site Scripting
Ecosystems: rubygems
Packages: rack
Source: GitHub Advisory Database
Blast Radius: 36.7
Published: over 5 years ago
Moderate
GSA_kwCzR0hTQS1xbTM3LWM0dzYtaDl2Oc4AAtEI
Missing Authorization in Jenkins XPath Configuration Viewer Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:xpath-config-viewer
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWpqOHItcDlmNS1mbXZ2
Cross-site Scripting in TYPO3 extension
Ecosystems: packagist
Packages: miniorange/miniorange-saml
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS14OTJnLTQ5Z2gtNjNxbc4AAu45
Budibase Improper Access Control vulnerability
Ecosystems: npm
Packages: @budibase/bbui, @budibase/builder, @budibase/worker
Source: GitHub Advisory Database
Blast Radius: 8.1
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS13dm1xLXc3bTgtZzl4bc4AAZeq
Insecure cookie storage in Apache Atlas
Ecosystems: maven
Packages: org.apache.atlas:atlas-common
Source: GitHub Advisory Database
Blast Radius: 11.3
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1yZ2o1LWpqNXEtdjN2N84AAwZz
Memos Cross-site Scripting vulnerability
Ecosystems: go
Packages: github.com/usememos/memos
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS04YzkzLTRoY2gteGd4cM4AA1CK
Cloudflare Wrangler directory traversal vulnerability
Ecosystems: npm
Packages: wrangler
Source: GitHub Advisory Database
Blast Radius: 20.2
Published: 10 months ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTg1cDktajdjOS12NGdy
containers/image library Insufficiently Protects Credentials
Ecosystems: go
Packages: github.com/containers/image
Source: GitHub Advisory Database
Blast Radius: 16.1
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS0zNGhqLXY4Zm0teDg4N84AA1CJ
Pimcore Path Traversal Vulnerability in AssetController:importServerFilesAction
Ecosystems: packagist
Packages: pimcore/pimcore
Source: GitHub Advisory Database
Blast Radius: 15.7
Published: 10 months ago
Moderate
GSA_kwCzR0hTQS02NDczLWdxcmotNHA2Nc0sSQ
Improper Link Resolution Before File Access in Jenkins Pipeline: Groovy Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins.workflow:workflow-cps
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1nOHhjLTZtZjctaDI4aM4AAzM6
OpenSearch issue with fine-grained access control during extremely rare race conditions
Ecosystems: maven
Packages: org.opensearch.plugin:opensearch-security
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1yOHJ3LXh4NTctbTY0cc4AATin
Cross-Site Request Forgery in Jenkins Git Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:git
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1jeDg0LTQzeGMtM2dtMs4AAv3k
Improper Certificate Validation in Liferay Portal
Ecosystems: maven
Packages: com.liferay.portal:release.portal.bom
Source: GitHub Advisory Database
Blast Radius: 7.3
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1nNng0LTU3aHAtajR4bc4AAv3i
Authorization Bypass in Liferay Portal
Ecosystems: maven
Packages: com.liferay.portal:release.portal.bom
Source: GitHub Advisory Database
Blast Radius: 6.5
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS02NDJoLW14OHEtNDdwMs4AAv3z
Missing permissions check in Liferay Portal
Ecosystems: maven
Packages: com.liferay.portal:release.portal.bom
Source: GitHub Advisory Database
Blast Radius: 6.5
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1wMmZoLTJoMjMtNmdyZ84AAzhQ
antfu/utils vulnerable to prototype pollution
Ecosystems: npm
Packages: @antfu/utils
Source: GitHub Advisory Database
Blast Radius: 21.4
Published: 12 months ago
Moderate
GSA_kwCzR0hTQS00OGhyLWpnNHAtdzRwNM4AAnp9
XSS vulnerability in Jenkins Claim Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:claim
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTk5Y3YtOGN2di02NjZj
Apache Airflow vulnerable to Stored XSS
Ecosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Blast Radius: 17.6
Published: about 5 years ago
Moderate
GSA_kwCzR0hTQS1wMjY1LXhyOTgtM3Ztcs3mbA
Incorrect Authorization in Jenkins
Ecosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS13ODhmLWo5cmMtaDd2M84AAzXD
Jenkins SAML Single Sign On(SSO) Plugin missing permission checks
Ecosystems: maven
Packages: io.jenkins.plugins:miniorange-saml-sp
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWZ4aDYtdzQ3Ni1oZ3I0
Directory Traversal in SharpCompress
Ecosystems: nuget
Packages: sharpcompress
Source: GitHub Advisory Database
Blast Radius: 12.9
Published: over 4 years ago
Moderate
GSA_kwCzR0hTQS04bXgzLWdwM3AtdmdnN84AAq2B
kevinsawicki/http-request Missing certificate validation
Ecosystems: maven
Packages: com.github.kevinsawicki:http-request
Source: GitHub Advisory Database
Blast Radius: 16.5
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS13dzN2LTZ4amYtanYyOM4AAtA_
Uncontrolled Resource Consumption in Spray JSON
Ecosystems: maven
Packages: io.spray:spray-json
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS12d3E5LWNtcXItM2M4Y84AAhfX
Insertion of Sensitive Information into Log File in Jenkins Configuration as Code Plugin
Ecosystems: maven
Packages: io.jenkins:configuration-as-code
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTM3OHAtaHJxMy14NHAz
Cross-site scripting in Shopizer
Ecosystems: maven
Packages: com.shopizer:shopizer
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 3 years ago
Moderate
GSA_kwCzR0hTQS03MngzLWM3amMtcTM1eM4AASj2
Improper authorization in Jenkins Job and Node Ownership Plugin
Ecosystems: maven
Packages: com.synopsys.jenkinsci:ownership
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLThwNXAtZmY3eC1odzdx
Cross-Site Scripting in public
Ecosystems: npm
Packages: public
Source: GitHub Advisory Database
Blast Radius: 11.4
Published: over 5 years ago
Moderate
GSA_kwCzR0hTQS1tdjd4LTI3cGMtOGM5Ns4AAzhW
Go package pydio/cells vulnerable to authorization bypass
Ecosystems: go
Packages: github.com/pydio/cells
Source: GitHub Advisory Database
Blast Radius: 2.6
Published: 12 months ago
Moderate
GSA_kwCzR0hTQS02NjU3LTk3NDMtNG1jNs4AAwF4
Tribal Systems Zenario CMS vulnerable to Session Fixation
Ecosystems: packagist
Packages: tribalsystems/zenario
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1qOGN3LXBwbXYtd2o4Nc4AA3v9
Insecure Direct Object Reference in extension "Content Consent" (content_consent)
Ecosystems: packagist
Packages: t3s/content-consent
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS1jNm1tLTJnODQtdjRtN84AAzGy
Mage-ai missing user authentication
Ecosystems: pypi
Packages: mage-ai
Source: GitHub Advisory Database
Blast Radius: 1.8
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1xcjZtLWYzZ3YtODY3OM4AAtBd
Cross-site Scripting in admidio
Ecosystems: packagist
Packages: admidio/admidio
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTNweGgtaDhody1tajh3
Rack rubygems receiving excessively long lines triggers out-of-memory error
Ecosystems: rubygems
Packages: rack
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 6 years ago
Moderate
GSA_kwCzR0hTQS1oZzZnLWpqN2cteDZ2Ms4AAq6R
Improper Neutralization of Input During Web Page Generation in Jenkins
Ecosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS0ycjQ2LWN3Z20tdnZqeM33bw
Missing permission check in Jenkins jenkins-reviewbot Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:jenkins-reviewbot
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1jYzYyLTQ5NnAtaHJyN84AAes9
Exposure of Sensitive Information to an Unauthorized Actor in JGroup
Ecosystems: maven
Packages: org.jgroups:jgroups
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWhtMmgtZjQ1Ni02ajg4
Cross-site scripting in Plone
Ecosystems: pypi
Packages: Plone
Source: GitHub Advisory Database
Blast Radius: 4.6
Published: almost 3 years ago
Moderate
GSA_kwCzR0hTQS1qcTZ4LTk5aGotcTYzNs4AAv-s
Seg fault in `ndarray_tensor_bridge` due to zero and large inputs
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 23.4
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1oaHg4LWNyNTUtcWN4eM4AATot
Improper Neutralization of Input During Web Page Generation in Jupyter Notebook
Ecosystems: pypi
Packages: jupyter-notebook
Source: GitHub Advisory Database
Blast Radius: 2.6
Published: about 2 years ago
Statistics
Advisories: 18,774
Packages: 8,381
Repositories: 5,080
Ecosystems: 12
Filter by Severity
Moderate 8,161 High 6,452 Critical 2,849 Low 1,017
Filter by Ecosystem
maven 5,573 packagist 4,003 pypi 3,848 npm 3,557 go 1,935 nuget 1,421 rubygems 815 cargo 780 swift 31 hex 30 actions 16 pub 8
Filter by Package
tensorflow 432 tensorflow-cpu 387 tensorflow-gpu 384 moodle/moodle 323 Microsoft.ChakraCore 247 magento/community-edition 203 org.jenkins-ci.main:jenkins-core 189 org.apache.tomcat:tomcat 134 pimcore/pimcore 116 dolibarr/dolibarr 107 typo3/cms 102 phpmyadmin/phpmyadmin 92 microweber/microweber 91 drupal/core 90 django 80 apache-airflow 78 typo3/cms-core 77 drupal/drupal 75 thorsten/phpmyfaq 70 com.fasterxml.jackson.core:jackson-databind 69 ansible 63 github.com/usememos/memos 59 actionpack 57 org.apache.struts:struts2-core 55 librenms/librenms 54 symfony/symfony 53 salt 53 Plone 52 concrete5/concrete5 52 apache-superset 49 shopware/platform 48 org.keycloak:keycloak-core 47 nova 45 com.liferay.portal:release.portal.bom 45 github.com/grafana/grafana 44 baserproject/basercms 43 nokogiri 43 plone 43 rdiffweb 42 Pillow 41 intelliants/subrion 40 showdoc/showdoc 40 craftcms/cms 40 vyper 38 github.com/mattermost/mattermost/server/v8 38 github.com/mattermost/mattermost-server/v6 37 nilsteampassnet/teampass 37 froxlor/froxlor 37 org.apache.tomcat.embed:tomcat-embed-core 36 shopware/core 36 com.jfinal:jfinal 36 com.thoughtworks.xstream:xstream 36 matrix-synapse 35 net.mingsoft:ms-mcms 35 moin 34 github.com/answerdev/answer 34 org.xwiki.platform:xwiki-platform-oldcore 34 mlflow 33 org.elasticsearch:elasticsearch 32 org.jenkins-ci.plugins:script-security 32 snipe/snipe-it 32 silverstripe/framework 32 k8s.io/kubernetes 32 keystone 30 opencv-contrib-python 30 opencv-python 30 mautic/core 30 Django 30 github.com/argoproj/argo-cd 29 getgrav/grav 29 parse-server 29 github.com/rancher/rancher 28 github.com/hashicorp/vault 28 centreon/centreon 27 io.undertow:undertow-core 27 org.keycloak:keycloak-services 27 shopware/shopware 27 github.com/hashicorp/nomad 26 prestashop/prestashop 26 github.com/hashicorp/consul 26 openssl-src 26 electron 26 rubygems-update 25 org.keycloak:keycloak-parent 25 org.apache.solr:solr-core 25 gogs.io/gogs 24 magento/core 24 pocketmine/pocketmine-mp 23 puppet 23 org.springframework.security:spring-security-core 23 github.com/argoproj/argo-cd/v2 23 remdex/livehelperchat 23 mediawiki/core 23 org.eclipse.jetty:jetty-server 23 ckb 22 grumpydictator/firefly-iii 22 getkirby/cms 22 org.bouncycastle:bcprov-jdk14 22 org.apache.nifi:nifi 22 rack 22 org.apache.openmeetings:openmeetings-parent 21 @openzeppelin/contracts-upgradeable 21 contao/core-bundle 21 activerecord 21 github.com/docker/docker 20 @openzeppelin/contracts 20 org.cloudfoundry.identity:cloudfoundry-identity-server 20 github.com/cilium/cilium 20 github.com/ethereum/go-ethereum 20 tribalsystems/zenario 20 DotNetNuke.Core 19 code.gitea.io/gitea 19 laravel/framework 19 org.springframework:spring-core 19 Microsoft.AspNetCore.App.Runtime.win-x64 18 com.vaadin:vaadin-bom 18 Microsoft.AspNetCore.App.Runtime.win-x86 18 langchain 18 com.liferay.portal:release.dxp.bom 18 forkcms/forkcms 18 glance 18 directus 18 contao/contao 18 helm.sh/helm/v3 18 cockpit-hq/cockpit 18 simplesamlphp/simplesamlphp 18 org.apache.geode:geode-core 17 topthink/framework 17 Microsoft.AspNetCore.App.Runtime.win-arm 17 cobbler 17 genix/cms 17 symfony/security 17 org.xwiki.platform:xwiki-platform-web-templates 17 golang.org/x/net 17 francoisjacquet/rosariosis 17 PaddlePaddle 17 cakephp/cakephp 17 mercurial 17 ezsystems/ezpublish-kernel 17 Microsoft.AspNetCore.App.Runtime.osx-x64 16 org.apache.dubbo:dubbo 16 wasmtime 16 org.apache.activemq:activemq-client 16 rusqlite 16 Microsoft.AspNetCore.App.Runtime.linux-x64 16 Microsoft.AspNetCore.App.Runtime.linux-musl-x64 16 Microsoft.AspNetCore.App.Runtime.linux-arm 16 neutron 16 Microsoft.AspNetCore.App.Runtime.linux-arm64 16 sequelize 16 yetiforce/yetiforce-crm 16 org.bouncycastle:bcprov-jdk15 16 pillow 16 notebook 15 org.apache.jspwiki:jspwiki-main 15 openmage/magento-lts 15 paddlepaddle 15 next 15 github.com/goharbor/harbor 15 Microsoft.AspNetCore.App.Runtime.win-arm64 15 gradio 15 Microsoft.AspNetCore.App.Runtime.linux-musl-arm64 15 cryptography 15 org.apache.struts.xwork:xwork-core 15 org.xwiki.platform:xwiki-platform-web 14 activesupport 14 zendframework/zendframework1 14 ghost 14 ec-cube/ec-cube 14 symfony/security-http 14 smarty/smarty 14 phpmailer/phpmailer 14 tinymce 14 pyload-ng 14 github.com/containerd/containerd 14 publify_core 14 swagger-ui 14 modoboa 14 org.apache.inlong:manager-pojo 14 typo3/cms-backend 14 pyftpdlib 14 codeigniter4/framework 13 github.com/mattermost/mattermost-server 13 lavalite/cms 13 github.com/traefik/traefik/v2 13 joplin 13 elefant/cms 13 october/system 13 strapi 13 bolt/bolt 13 ckeditor4 13 passenger 13 OctoPrint 13 impresscms/impresscms 13 github.com/nats-io/nats-server/v2 13 org.apache.cxf:cxf 13 org.apache.hadoop:hadoop-main 13 actionview 12 deno 12 undici 12
Filter by Repository
https://github.com/tensorflow/tensorflow 432 https://github.com/chakra-core/ChakraCore 214 https://github.com/moodle/moodle 210 https://github.com/xwiki/xwiki-platform 172 https://github.com/jenkinsci/jenkins 148 https://github.com/pimcore/pimcore 111 https://github.com/apache/tomcat 96 https://github.com/django/django 95 https://github.com/apache/airflow 90 https://github.com/microweber/microweber 85 https://github.com/FasterXML/jackson-databind 70 https://github.com/thorsten/phpmyfaq 69 https://github.com/usememos/memos 59 https://github.com/keycloak/keycloak 59 https://github.com/Dolibarr/dolibarr 55 https://github.com/rails/rails 53 https://github.com/ansible/ansible 53 https://github.com/python-pillow/Pillow 52 https://github.com/kubernetes/kubernetes 49 https://github.com/symfony/symfony 47 https://github.com/TYPO3/typo3 46 https://github.com/librenms/librenms 46 https://github.com/apache/struts 46 https://github.com/shopware/platform 43 https://github.com/ikus060/rdiffweb 42 https://github.com/spring-projects/spring-framework 41 https://github.com/grafana/grafana 39 https://github.com/star7th/showdoc 38 https://github.com/vyperlang/vyper 38 https://github.com/phpmyadmin/phpmyadmin 38 https://github.com/plone/Products.CMFPlone 37 https://github.com/argoproj/argo-cd 37 https://github.com/x-stream/xstream 36 https://github.com/openstack/nova 36 https://github.com/concretecms/concretecms 34 https://github.com/answerdev/answer 34 https://github.com/octobercms/october 33 https://github.com/apache/activemq 33 https://github.com/saltstack/salt 32 https://github.com/sparklemotion/nokogiri 32 https://github.com/matrix-org/synapse 32 https://github.com/go-gitea/gitea 31 https://github.com/PaddlePaddle/Paddle 31 https://github.com/magento/magento2 31 https://github.com/parse-community/parse-server 29 https://github.com/craftcms/cms 29 https://github.com/mautic/mautic 28 https://github.com/opencv/opencv 28 https://github.com/CVEProject/cvelist 28 https://github.com/snipe/snipe-it 28 https://github.com/mlflow/mlflow 27 https://github.com/openstack/keystone 27 https://github.com/froxlor/froxlor 26 https://github.com/apache/inlong 26 https://github.com/electron/electron 25 https://github.com/rancher/rancher 25 https://github.com/dotnet/runtime 24 https://github.com/shopware/shopware 24 https://github.com/getgrav/grav 24 https://github.com/TYPO3/TYPO3.CMS 24 https://github.com/pmmp/PocketMine-MP 23 https://github.com/github/advisory-database 23 https://github.com/livehelperchat/livehelperchat 23 https://github.com/eclipse/jetty.project 23 https://github.com/PrestaShop/PrestaShop 22 https://github.com/baserproject/basercms 22 https://github.com/firefly-iii/firefly-iii 22 https://github.com/nervosnetwork/ckb 22 https://github.com/contao/contao 22 https://github.com/apache/nifi 21 https://github.com/jenkinsci/script-security-plugin 21 https://github.com/strapi/strapi 21 https://github.com/netty/netty 20 https://github.com/jeecgboot/jeecg-boot 20 https://github.com/OpenNMS/opennms 20 https://github.com/cilium/cilium 20 https://github.com/OpenZeppelin/openzeppelin-contracts 20 https://github.com/gogs/gogs 20 https://github.com/nilsteampassnet/teampass 19 https://github.com/hashicorp/consul 19 https://github.com/bcgit/bc-java 19 https://github.com/apache/cxf 19 https://github.com/cloudfoundry/uaa 19 https://github.com/helm/helm 19 https://github.com/intelliants/subrion 19 https://github.com/rubygems/rubygems 18 https://github.com/nilsteampassnet/TeamPass 18 https://github.com/getkirby/kirby 18 https://github.com/vaadin/platform 17 https://github.com/rack/rack 17 https://github.com/liufee/cms 17 https://github.com/directus/directus 17 https://github.com/bytecodealliance/wasmtime 17 https://github.com/rusqlite/rusqlite 16 https://github.com/yetiforcecompany/yetiforcecrm 16 https://github.com/etcd-io/etcd 16 https://github.com/opencast/opencast 16 https://github.com/sequelize/sequelize 16 https://github.com/umbraco/Umbraco-CMS 16 https://github.com/forkcms/forkcms 16 https://github.com/ethereum/go-ethereum 16 https://github.com/hashicorp/vault 16 https://github.com/centreon/centreon 15 https://github.com/simplesamlphp/simplesamlphp 15 https://github.com/laravel/framework 15 https://github.com/puppetlabs/puppet 15 https://github.com/goharbor/harbor 15 https://github.com/geoserver/geoserver 15 https://github.com/OpenMage/magento-lts 15 https://github.com/denoland/deno 15 https://github.com/apache/camel 15 https://github.com/containerd/containerd 14 https://github.com/PHPMailer/PHPMailer 14 https://github.com/mattermost/mattermost 14 https://github.com/pyca/cryptography 14 https://github.com/cockpit-hq/cockpit 14 https://github.com/langchain-ai/langchain 14 https://github.com/moby/moby 14 https://github.com/cobbler/cobbler 14 https://github.com/vantage6/vantage6 14 https://github.com/tinymce/tinymce 14 https://github.com/gradio-app/gradio 14 https://github.com/pyload/pyload 14 https://github.com/quarkusio/quarkus 13 https://github.com/traefik/traefik 13 https://github.com/golang/go 13 https://github.com/hashicorp/nomad 13 https://github.com/swagger-api/swagger-ui 13 https://github.com/silverstripe/silverstripe-framework 13 https://github.com/xuxueli/xxl-job 13 https://github.com/dromara/hutool 13 https://github.com/publify/publify 13 https://github.com/modoboa/modoboa 13 https://github.com/undertow-io/undertow 13 https://github.com/ming-soft/MCMS 13 https://github.com/dompdf/dompdf 13 https://github.com/backstage/backstage 12 https://github.com/apache/dolphinscheduler 12 https://github.com/patriksimek/vm2 12 https://github.com/laurent22/joplin 12 https://github.com/ckeditor/ckeditor4 12 https://github.com/twisted/twisted 12 https://github.com/apache/kylin 12 https://github.com/nodejs/undici 12 https://github.com/TryGhost/Ghost 12 https://github.com/centreon/centreon-archived 12 https://github.com/igniterealtime/Openfire 11 https://github.com/top-think/framework 11 https://github.com/Studio-42/elFinder 11 https://github.com/thorsten/phpMyFAQ 11 https://github.com/dotnet/aspnetcore 11 https://github.com/janeczku/calibre-web 11 https://github.com/cakephp/cakephp 11 https://github.com/openfga/openfga 11 https://github.com/drupal/core 11 https://github.com/onionshare/onionshare 11 https://github.com/puma/puma 11 https://github.com/smarty-php/smarty 11 https://github.com/vaadin/flow 11 https://github.com/1Panel-dev/1Panel 11 https://github.com/aio-libs/aiohttp 11 https://github.com/containers/podman 11 https://github.com/ezsystems/ezpublish-kernel 11 https://github.com/cloudflare/cfrpki 11 https://github.com/nats-io/nats-server 11 https://github.com/zitadel/zitadel 11 https://github.com/opencontainers/runc 11 https://github.com/NodeBB/NodeBB 11 https://github.com/urllib3/urllib3 11 https://github.com/vercel/next.js 11 https://github.com/scrapy/scrapy 11 https://github.com/dolibarr/dolibarr 10 https://github.com/jquery/jquery 10 https://github.com/jenkinsci/git-plugin 10 https://github.com/keystonejs/keystone 10 https://github.com/wagtail/wagtail 10 https://github.com/pimcore/admin-ui-classic-bundle 10 https://github.com/openstack/glance 10 https://github.com/nextauthjs/next-auth 10 https://github.com/Sylius/Sylius 10 https://github.com/codeigniter4/CodeIgniter4 10 https://github.com/dpgaspar/Flask-AppBuilder 10 https://github.com/zopefoundation/Zope 10 https://github.com/greenpau/caddy-security 10 https://github.com/phusion/passenger 10 https://github.com/jupyter/notebook 10 https://github.com/nocodb/nocodb 10 https://github.com/OPCFoundation/UA-.NETStandard 10 https://github.com/WWBN/AVideo 10 https://github.com/Pylons/waitress 9 https://github.com/Graylog2/graylog2-server 9 https://github.com/spring-projects/spring-security 9 https://github.com/neorazorx/facturascripts 9 https://github.com/apache/lucene-solr 9 https://github.com/funadmin/funadmin 9 https://github.com/nautobot/nautobot 9 https://github.com/DSpace/DSpace 9 https://github.com/faucetsdn/ryu 9 https://github.com/semplon/GeniXCMS 9