Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories

Loading...
Moderate
GSA_kwCzR0hTQS1nYzU3LXhoaDUtbTk0cs4AA2cO
Improper Access Control in vantage6
Ecosystems: pypi
Packages: vantage6
Source: GitHub Advisory Database
Blast Radius: 5.2
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS1jcDQ3LXIyNTgtcTYyNs4AAx6k
Vega vulnerable to arbitrary code execution when clicking href links
Ecosystems: npm
Packages: vega
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZ3ajItZzg3ci1wbTYy
Cross-site Scripting in comrak
Ecosystems: cargo
Packages: comrak
Source: GitHub Advisory Database
Blast Radius: 16.7
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1mNHI1LXE2M2YtZ2N3d84AA1uk
Keylime registrar and (untrusted) Agent can be bypassed by an attacker
Ecosystems: pypi
Packages: keylime
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 9 months ago
Moderate
GSA_kwCzR0hTQS1xNHdwLThjOTktNjlwd84AAo_d
Improper permission checks allow canceling queue items and aborting builds in Jenkins
Ecosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1nNGMyLWdoZmctZzVyaM0nPA
Cross-site Scripting and Open Redirect in Products.ATContentTypes
Ecosystems: pypi
Packages: Products.ATContentTypes
Source: GitHub Advisory Database
Blast Radius: 5.2
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1mcHh4LXh2NGMtZ3hxcM4AA2cj
Apache Airflow vulnerable to sensitive information exposure when expose-config is set to non-sensitive-only
Ecosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Blast Radius: 13.7
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS1xMmN2LTk0eG0tcXZnNM0XNA
firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)
Ecosystems: packagist
Packages: grumpydictator/firefly-iii
Source: GitHub Advisory Database
Blast Radius: 3.8
Published: over 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXd4amYtOWY0Zy0zdjQ0
Data races in noise_search
Ecosystems: cargo
Packages: noise_search
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1xODJoLXE0N2otZjQ5Ms4AAxuf
Cross-site Scripting in jspreadsheet
Ecosystems: npm
Packages: jspreadsheet-ce
Source: GitHub Advisory Database
Blast Radius: 8.6
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS0yeHBtLWNtdnctM2pjY84AAyKA
Reflected XSS in Application Logger module
Ecosystems: packagist
Packages: pimcore/pimcore
Source: GitHub Advisory Database
Blast Radius: 11.9
Published: about 1 year ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTljeDkteDJncC05cXZo
CRLF vulnerability in Fiber
Ecosystems: go
Packages: github.com/gofiber/fiber
Source: GitHub Advisory Database
Blast Radius: 12.4
Published: almost 3 years ago
Moderate
GSA_kwCzR0hTQS12d3hwLTlxbWYtdzI5Oc0n3Q
Cross-site Scripting in LiveHelperChat
Ecosystems: packagist
Packages: remdex/livehelperchat
Source: GitHub Advisory Database
Blast Radius: 3.8
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1jOTU4LTRqOXgtcTd3NM4AAVTj
phpMyAdmin Cross-site Scripting (XSS) in the import dialog
Ecosystems: packagist
Packages: phpmyadmin/phpmyadmin
Source: GitHub Advisory Database
Blast Radius: 7.2
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS13bWZjLWc4NnAtZmp2cs4AAzhX
go package pydio cells vulnerable to cross-site scripting
Ecosystems: go
Packages: github.com/pydio/cells
Source: GitHub Advisory Database
Blast Radius: 3.3
Published: 12 months ago
Moderate
GSA_kwCzR0hTQS1ocXE3LTJxMnYtODJ4cc0zPQ
Cross-site Scripting in sanitize-url
Ecosystems: npm
Packages: @braintree/sanitize-url
Source: GitHub Advisory Database
Blast Radius: 22.4
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS05OGo4LWM5cTQtcjM4Z80ocw
Memory exhaustion in Tensorflow
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 20.9
Published: over 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTR2cGMtNWp4NC1jZnFn
User enumeration leak using switch user functionality in Symfony
Ecosystems: packagist
Packages: symfony/symfony, symfony/security-http
Source: GitHub Advisory Database
Blast Radius: 23.3
Published: over 4 years ago
Moderate
GSA_kwCzR0hTQS03Z2djLTVyODQteGY1NM4AAtZZ
Mattermost users could access some sensitive information via API call
Ecosystems: go
Packages: github.com/mattermost/mattermost-server/v6
Source: GitHub Advisory Database
Blast Radius: 14.5
Published: almost 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTYyNjgtdjQzNC00NW01
Cross-site Scripting in Grav
Ecosystems: packagist
Packages: getgrav/grav
Source: GitHub Advisory Database
Blast Radius: 5.8
Published: over 4 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTdxbWctcWc1My1tcnA4
Cross-site scripting in Apache JSPWiki
Ecosystems: maven
Packages: org.apache.jspwiki:jspwiki-war
Source: GitHub Advisory Database
Blast Radius: 8.2
Published: over 4 years ago
Moderate
GSA_kwCzR0hTQS1qZnBnLWpnZ2YtcnBwaM4AAxkN
Cross-site Scripting in thorsten/phpmyfaq
Ecosystems: packagist
Packages: thorsten/phpmyfaq
Source: GitHub Advisory Database
Blast Radius: 2.9
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1qamdwLXdocnAtZ3E4bc4AAzSn
in-toto: PGP trust model not (fully) considered
Ecosystems: pypi
Packages: in-toto
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS01bTJoLTdyZjItcnB4Ns4AAuzF
UniSharp Laravel Filemanager directory traversal vulnerability
Ecosystems: packagist
Packages: unisharp/laravel-filemanager
Source: GitHub Advisory Database
Blast Radius: 22.2
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS04eDQ0LXB3cjItcmdjNs0nMA
Cross-site Scripting in pimcore
Ecosystems: packagist
Packages: pimcore/pimcore
Source: GitHub Advisory Database
Blast Radius: 13.4
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1qaDVwLXdwZzItOHJnds4AAdcS
Dolibarr ERP and CRM contain XSS Vulnerabilities
Ecosystems: packagist
Packages: dolibarr/dolibarr
Source: GitHub Advisory Database
Blast Radius: 4.2
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1jOHE1LTJqNzMtcXZjY84AAUSo
trytond arbitrary fields write via a sequence of records
Ecosystems: pypi
Packages: trytond
Source: GitHub Advisory Database
Blast Radius: 9.7
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS14d2Y0LTg4eHItaHgyas4AAQZ1
Cross site scripting in Apache Sling
Ecosystems: maven
Packages: org.apache.sling:org.apache.sling.xss.compat, org.apache.sling:org.apache.sling.xss
Source: GitHub Advisory Database
Blast Radius: 8.8
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS13NHI3LXZtODMtcTJjN84AAx76
Open redirect in web2py
Ecosystems: pypi
Packages: web2py
Source: GitHub Advisory Database
Blast Radius: 8.1
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1tam1xLWd3Z20tNXFobc4AA0hU
Apache MINA SSHD information disclosure vulnerability
Ecosystems: maven
Packages: org.apache.sshd:sshd-sftp, org.apache.sshd:sshd-common, org.apache.sshd:sshd-core
Source: GitHub Advisory Database
Blast Radius: 17.0
Published: 10 months ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWp4NmgtM2ZqeC1jZ3Y1
Apache Tomcat information exposure vulnerability
Ecosystems: maven
Packages: org.apache.tomcat.embed:tomcat-embed-core
Source: GitHub Advisory Database
Blast Radius: 27.0
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTd4eDMtbTU4NC14OTk0
A poorly-behaved client could use keepalive requests to monopolize Puma's reactor and create a denial of service attack
Ecosystems: rubygems
Packages: puma
Source: GitHub Advisory Database
Blast Radius: 29.7
Published: over 4 years ago
Moderate
GSA_kwCzR0hTQS14NXE0LW00NW0tZm05NM4AAwo3
Harvest Chosen vulnerable to Cross-site Scripting
Ecosystems: packagist
Packages: harvesthq/chosen
Source: GitHub Advisory Database
Blast Radius: 14.5
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS00cGZnLTJmcmYtZjY3ds3Eww
MoinMoin Cross-site Scripting (XSS) vulnerability
Ecosystems: pypi
Packages: moin
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS03NnE3LXIzZzQtd3ZtNM4AAiCA
Sandbox bypass vulnerability in Jenkins Script Security Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:script-security
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS12NjgzLXJjeHgtdnBmZs4AA2X6
ZITADEL's password reset does not respect the "Ignoring unknown usernames" setting
Ecosystems: go
Packages: github.com/zitadel/zitadel
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS1mcThxLTU1djMtMjk4Ns4AAyg5
Pimcore Perspective Editor vulnerable to stored cross-site scripting (XSS) in perspective name
Ecosystems: packagist
Packages: pimcore/perspective-editor
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW02OTctNHY4Zi01NXFn
Header dropping in traefik
Ecosystems: go
Packages: github.com/traefik/traefik, github.com/traefik/traefik/v2
Source: GitHub Advisory Database
Blast Radius: 8.2
Published: almost 3 years ago
Moderate
GSA_kwCzR0hTQS1weHZnLTJxajUtMzdqcc4AAytn
Nokogiri updates packaged libxml2 to v2.10.4 to resolve multiple CVEs
Ecosystems: rubygems
Packages: nokogiri
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1yd3c3LTJncHctZnY2as0osg
Crash when type cannot be specialized in Tensorflow
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 31.6
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1nanFjLXE5ZzYtcTJqM80oug
`CHECK`-failures in binary ops in Tensorflow
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 31.6
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS04cjdjLTNjbTItM2g4Zs0ovw
Memory leak in Tensorflow
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 20.9
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS12cHAzLWhwY20tdjk0NM4AA3u3
Broken access control in Silverpeas
Ecosystems: maven
Packages: org.silverpeas.core:silverpeas-core-web
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS00YzY0LXc4ZmcteGNxMs4AAbIO
Yii Cross-site Scripting Framework vulnerability
Ecosystems: packagist
Packages: yiisoft/yii2, yiisoft/yii2-dev
Source: GitHub Advisory Database
Blast Radius: 27.6
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS03NWN3LTVjZ3YtZzg1M84AAU-w
IPython Notebook vulnerable to improper validation of the origin of websocket requests
Ecosystems: pypi
Packages: ipython
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1qNmY3LWc0MjUtNGdteM4AAU-u
Pillow is vulnerable to Denial of Service (DOS) in the Jpeg2KImagePlugin
Ecosystems: pypi
Packages: pillow
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1mcGNwLTloN20tZmZweM0oqg
Null pointer dereference in TensorFlow
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 25.8
Published: over 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXYyZjMtZjh4NC1tM3c4
Cross Site Scripting in LavaLite CMS
Ecosystems: packagist
Packages: lavalite/cms
Source: GitHub Advisory Database
Blast Radius: 2.9
Published: almost 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWNwZ3ctMnd4ci1wd3cz
Open Redirect
Ecosystems: go
Packages: gogs.io/gogs
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 3 years ago
Moderate
GSA_kwCzR0hTQS1wcDRjLTI2OTItN2YzN84AAV9s
Plone Cross-site Scripting (XSS) vulnerability
Ecosystems: pypi
Packages: Plone
Source: GitHub Advisory Database
Blast Radius: 5.2
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS0ycnZmLTMyOWYtcDk5Z83otg
System Property Disclosure in Apache Tomcat
Ecosystems: maven
Packages: org.apache.tomcat:tomcat
Source: GitHub Advisory Database
Blast Radius: 14.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1tN3JnLTg1ZzgtMjhtOc3Mxw
TYPO3 API function vulnerable to Cross-site Scripting
Ecosystems: packagist
Packages: typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXcyOW0tZmpwNC1xaG1x
Unsafe Identifiers in Opencast
Ecosystems: maven
Packages: org.opencastproject:base
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 4 years ago
Moderate
GSA_kwCzR0hTQS1oNTZnLXY0dnAtcTlxNs0nVw
Cross-site Scripting in calibreweb
Ecosystems: pypi
Packages: calibreweb
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1qcWZwLW01ZjgtdmcyOM0clA
Dolibarr Cross Site Scripting (XSS) vulnerability
Ecosystems: packagist
Packages: dolibarr/dolibarr
Source: GitHub Advisory Database
Blast Radius: 4.2
Published: over 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTltOTUtOGh4Ni03cDl2
Improper input validation in umoci
Ecosystems: go
Packages: github.com/opencontainers/umoci
Source: GitHub Advisory Database
Blast Radius: 10.2
Published: over 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWYzdzUtdjl4eC1ycDhw
Signature verification failure in Tendermint
Ecosystems: go
Packages: github.com/tendermint/tendermint
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS05eG04LThxdmMtdnczcM4AAxeZ
Denial of Service in dhowden/tag
Ecosystems: go
Packages: github.com/dhowden/tag
Source: GitHub Advisory Database
Blast Radius: 10.0
Published: over 1 year ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXdoYzctNXAzNS00d3cy
Use after free in actix-service
Ecosystems: cargo
Packages: actix-service
Source: GitHub Advisory Database
Blast Radius: 20.8
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS01N3FmLTgyaGgtMmhtY80pfQ
Cross-site Scripting in LiveHelperChat
Ecosystems: packagist
Packages: remdex/livehelperchat
Source: GitHub Advisory Database
Blast Radius: 3.8
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1oanI0LWZoZ3AtMjNnOc4AAnka
qlib Deserialization of Untrusted Data vulnerability
Ecosystems: pypi
Packages: pyqlib
Source: GitHub Advisory Database
Blast Radius: 9.6
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1najg1LXB2cDUtbXZmOc0pLQ
Cross-site Scripting in Beanstalk console
Ecosystems: packagist
Packages: ptrofimov/beanstalk_console
Source: GitHub Advisory Database
Blast Radius: 5.5
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1ocjhwLTc2cTgtZnh3cc4AAqqY
XXE vulnerability in Jenkins Performance Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:performance
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXE3cTktdzI0cS1jcGdo
Cross-site Scripting (XSS) in Apache Ambari Views
Ecosystems: maven
Packages: org.apache.ambari:ambari
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS05aGhjLWNjNmMtOTloaM4AAolf
OpenNMS Horizon vulnerable to XSS
Ecosystems: maven
Packages: org.opennms:opennms
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS0zaHY0LXIyZm0taDI3Zs4AA5Rd
Email Validation Bypass And Preventing Sign Up From Email's Owner
Ecosystems: go
Packages: github.com/grafana/grafana
Source: GitHub Advisory Database
Blast Radius: 9.2
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS04d2dqLTZ3eDgtaDVocc3r4Q
Symfony HTTP Foundation web cache poisoning
Ecosystems: packagist
Packages: symfony/symfony, symfony/http-foundation
Source: GitHub Advisory Database
Blast Radius: 37.2
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS02OTR2LTYzZnEtZm1yNM3dYw
Path Traversal in scout-browser
Ecosystems: pypi
Packages: scout-browser
Source: GitHub Advisory Database
Blast Radius: 2.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS13bWg5LXgyOGotYzZncs4AArK6
Cross site scripting in publify
Ecosystems: rubygems
Packages: publify_core
Source: GitHub Advisory Database
Blast Radius: 4.9
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS0zNG1yLTZxOHgtZzlyNs4AA3q5
Server-Side Request Forgery in mindsdb
Ecosystems: pypi
Packages: mindsdb
Source: GitHub Advisory Database
Blast Radius: 12.2
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS00YzlxLTY0Z3EteGh4NM4AAq4u
phpMyAdmin Cross-Site Request Forgery (CSRF)
Ecosystems: packagist
Packages: phpmyadmin/phpmyadmin
Source: GitHub Advisory Database
Blast Radius: 7.6
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS02MzQ5LTUzdnItN2hjcs4AAmMK
phpMyAdmin Cross-site Scripting (XSS)
Ecosystems: packagist
Packages: phpmyadmin/phpmyadmin
Source: GitHub Advisory Database
Blast Radius: 7.2
Published: almost 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTM5NXctcWhxci05ZnI2
Path Traversal in Apache Flink
Ecosystems: maven
Packages: org.apache.flink:flink-runtime_2.12, org.apache.flink:flink-runtime_2.11
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Moderate
GSA_kwCzR0hTQS0yNmhyLXEyd3AtcnZjNc4AA3q9
User with permission to write actions can impersonate another user when auth token is configured in environment variable
Ecosystems: go
Packages: github.com/treeverse/lakefs
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS1td204LTM2YzUtajVjZs4AAVEP
phpMyAdmin Cross-site scripting (XSS) vulnerability
Ecosystems: packagist
Packages: phpmyadmin/phpmyadmin
Source: GitHub Advisory Database
Blast Radius: 7.2
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1qbXY5LTVneDgtN3hwZs4AAe6X
Minion identity not validated in saltstack
Ecosystems: pypi
Packages: salt
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS03cTlyLXZoZzItNzg5d84AAjkS
Stored XSS vulnerability in Jenkins brakeman Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:brakeman
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1nNHJ3LTgyaHEtOGpwcs4AATHB
MapProxy vulnerable to cross-site scripting in demo service
Ecosystems: pypi
Packages: MapProxy
Source: GitHub Advisory Database
Blast Radius: 7.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1oMjg5LXg1d2MteGN2OM0scA
Improper Validation of Certificate with Host Mismatch in mellium.im/xmpp/websocket
Ecosystems: go
Packages: mellium.im/xmpp
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1jMnY0LThyOWctZzV4as4AAwnt
usememos/memos vulnerable to stored Cross-site Scripting
Ecosystems: go
Packages: github.com/usememos/memos
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS01cHZ2LWY4aDMtZ3c5Ns3M6w
phpMyAdmin Cross-site Scripting In MySQL Table Name
Ecosystems: packagist
Packages: phpmyadmin/phpmyadmin
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWdwNGotdzN2ai03Mjk5
Information Exposure in RunC
Ecosystems: go
Packages: github.com/opencontainers/runc
Source: GitHub Advisory Database
Blast Radius: 28.4
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS02cWptLTM5dmgtNzI5d84AAye8
Pimcore Cross-site Scripting in Predefined Asset Metadata module in Settings
Ecosystems: packagist
Packages: pimcore/pimcore
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS05djR2LTlmajUtcDk4Ms4AAx90
Answer vulnerable to Cross-site Scripting
Ecosystems: go
Packages: github.com/answerdev/answer
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1nZ214LXBxODktN21jcs4AAhfY
Plaintext Storage of a Password in Jenkins Configuration as Code Plugin
Ecosystems: maven
Packages: io.jenkins:configuration-as-code
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTQ0Z2ctcG1xci00NjY5
Access Restriction Bypass in Docker
Ecosystems: go
Packages: github.com/docker/docker
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1najI2LWc1cWYtanJoN80sYA
Cross-site Scripting in librenms
Ecosystems: packagist
Packages: librenms/librenms
Source: GitHub Advisory Database
Blast Radius: 1.6
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS02d3hnLXdoN2YtcnFwcs4AAxq_
XML External Entity (XXE) vulnerability in apoc.import.graphml
Ecosystems: maven
Packages: org.neo4j.procedure:apoc-core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS02Nng3LTJyNTYtZmo3N84AAUQl
Buildbot CRLF Injection
Ecosystems: pypi
Packages: buildbot
Source: GitHub Advisory Database
Blast Radius: 13.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1mODNwLXBnODYtcDkyMs4AAwpB
usememos/memos has Insufficient Granularity of Access Control
Ecosystems: go
Packages: github.com/usememos/memos
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS05amZmLTh4bW0tbXcyMs4AAw_Y
phpMyFAQ Stored Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: thorsten/phpmyfaq
Source: GitHub Advisory Database
Blast Radius: 3.3
Published: over 1 year ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXBod2otODZ2eC1jZmpj
Cross-site scripting in Apache Jena Fuseki
Ecosystems: maven
Packages: org.apache.jena:jena-fuseki
Source: GitHub Advisory Database
Blast Radius: 10.8
Published: almost 3 years ago
Moderate
GSA_kwCzR0hTQS0zZzJwLTdjNnAtdmo4Y83vSg
Apache Qpid Python client Improper certificate validation
Ecosystems: pypi
Packages: qpid-python
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS01OXg0LTY3bWgtcHg1NM0s4Q
Crypt_GPG does not prevent additional options in GPG calls
Ecosystems: packagist
Packages: pear/crypt_gpg
Source: GitHub Advisory Database
Blast Radius: 10.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1qOWdxLXc3M3ctOWg2Y84AA2L3
pretix potential IP address spoofing vulnerability
Ecosystems: pypi
Packages: pretix
Source: GitHub Advisory Database
Blast Radius: 4.8
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS1jaHZ3LWdqeGYtZjhtY84AAV9q
Plone vulnerable to Cross-site Scripting
Ecosystems: pypi
Packages: Plone
Source: GitHub Advisory Database
Blast Radius: 5.2
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS13MzkzLWg5NW0tZjg3Oc4AATL5
CoreFTP Directory Traversal
Ecosystems: nuget
Packages: CoreFtp
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1naHd3LWN2NHYtaG14eM0s1w
Cross-Site Request Forgery microweber
Ecosystems: packagist
Packages: microweber/microweber
Source: GitHub Advisory Database
Blast Radius: 3.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1qOWN3LTVjcGotOXFqNc4AAx9i
Moodle has a Hidden Functionality vulnerability
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 7.5
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1jNTc5LWhodzUtY3IzcM4AA5c9
Enhavo Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: enhavo/enhavo-app
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 months ago
Statistics
Advisories: 18,774
Packages: 8,381
Repositories: 5,080
Ecosystems: 12
Filter by Severity
Moderate 8,161 High 6,452 Critical 2,849 Low 1,017
Filter by Ecosystem
maven 5,573 packagist 4,003 pypi 3,848 npm 3,557 go 1,935 nuget 1,421 rubygems 815 cargo 780 swift 31 hex 30 actions 16 pub 8
Filter by Package
tensorflow 432 tensorflow-cpu 387 tensorflow-gpu 384 moodle/moodle 323 Microsoft.ChakraCore 247 magento/community-edition 203 org.jenkins-ci.main:jenkins-core 189 org.apache.tomcat:tomcat 134 pimcore/pimcore 116 dolibarr/dolibarr 107 typo3/cms 102 phpmyadmin/phpmyadmin 92 microweber/microweber 91 drupal/core 90 django 80 apache-airflow 78 typo3/cms-core 77 drupal/drupal 75 thorsten/phpmyfaq 70 com.fasterxml.jackson.core:jackson-databind 69 ansible 63 github.com/usememos/memos 59 actionpack 57 org.apache.struts:struts2-core 55 librenms/librenms 54 symfony/symfony 53 salt 53 Plone 52 concrete5/concrete5 52 apache-superset 49 shopware/platform 48 org.keycloak:keycloak-core 47 nova 45 com.liferay.portal:release.portal.bom 45 github.com/grafana/grafana 44 baserproject/basercms 43 nokogiri 43 plone 43 rdiffweb 42 Pillow 41 intelliants/subrion 40 showdoc/showdoc 40 craftcms/cms 40 vyper 38 github.com/mattermost/mattermost/server/v8 38 github.com/mattermost/mattermost-server/v6 37 nilsteampassnet/teampass 37 froxlor/froxlor 37 org.apache.tomcat.embed:tomcat-embed-core 36 shopware/core 36 com.jfinal:jfinal 36 com.thoughtworks.xstream:xstream 36 matrix-synapse 35 net.mingsoft:ms-mcms 35 moin 34 github.com/answerdev/answer 34 org.xwiki.platform:xwiki-platform-oldcore 34 mlflow 33 org.elasticsearch:elasticsearch 32 org.jenkins-ci.plugins:script-security 32 snipe/snipe-it 32 silverstripe/framework 32 k8s.io/kubernetes 32 keystone 30 opencv-contrib-python 30 opencv-python 30 mautic/core 30 Django 30 github.com/argoproj/argo-cd 29 getgrav/grav 29 parse-server 29 github.com/rancher/rancher 28 github.com/hashicorp/vault 28 centreon/centreon 27 io.undertow:undertow-core 27 org.keycloak:keycloak-services 27 shopware/shopware 27 github.com/hashicorp/nomad 26 prestashop/prestashop 26 github.com/hashicorp/consul 26 openssl-src 26 electron 26 rubygems-update 25 org.keycloak:keycloak-parent 25 org.apache.solr:solr-core 25 gogs.io/gogs 24 magento/core 24 pocketmine/pocketmine-mp 23 puppet 23 org.springframework.security:spring-security-core 23 github.com/argoproj/argo-cd/v2 23 remdex/livehelperchat 23 mediawiki/core 23 org.eclipse.jetty:jetty-server 23 ckb 22 grumpydictator/firefly-iii 22 getkirby/cms 22 org.bouncycastle:bcprov-jdk14 22 org.apache.nifi:nifi 22 rack 22 org.apache.openmeetings:openmeetings-parent 21 @openzeppelin/contracts-upgradeable 21 contao/core-bundle 21 activerecord 21 github.com/docker/docker 20 @openzeppelin/contracts 20 org.cloudfoundry.identity:cloudfoundry-identity-server 20 github.com/cilium/cilium 20 github.com/ethereum/go-ethereum 20 tribalsystems/zenario 20 DotNetNuke.Core 19 code.gitea.io/gitea 19 laravel/framework 19 org.springframework:spring-core 19 Microsoft.AspNetCore.App.Runtime.win-x64 18 com.vaadin:vaadin-bom 18 Microsoft.AspNetCore.App.Runtime.win-x86 18 langchain 18 com.liferay.portal:release.dxp.bom 18 forkcms/forkcms 18 glance 18 directus 18 contao/contao 18 helm.sh/helm/v3 18 cockpit-hq/cockpit 18 simplesamlphp/simplesamlphp 18 org.apache.geode:geode-core 17 topthink/framework 17 Microsoft.AspNetCore.App.Runtime.win-arm 17 cobbler 17 genix/cms 17 symfony/security 17 org.xwiki.platform:xwiki-platform-web-templates 17 golang.org/x/net 17 francoisjacquet/rosariosis 17 PaddlePaddle 17 cakephp/cakephp 17 mercurial 17 ezsystems/ezpublish-kernel 17 Microsoft.AspNetCore.App.Runtime.osx-x64 16 org.apache.dubbo:dubbo 16 wasmtime 16 org.apache.activemq:activemq-client 16 rusqlite 16 Microsoft.AspNetCore.App.Runtime.linux-x64 16 Microsoft.AspNetCore.App.Runtime.linux-musl-x64 16 Microsoft.AspNetCore.App.Runtime.linux-arm 16 neutron 16 Microsoft.AspNetCore.App.Runtime.linux-arm64 16 sequelize 16 yetiforce/yetiforce-crm 16 org.bouncycastle:bcprov-jdk15 16 pillow 16 notebook 15 org.apache.jspwiki:jspwiki-main 15 openmage/magento-lts 15 paddlepaddle 15 next 15 github.com/goharbor/harbor 15 Microsoft.AspNetCore.App.Runtime.win-arm64 15 gradio 15 Microsoft.AspNetCore.App.Runtime.linux-musl-arm64 15 cryptography 15 org.apache.struts.xwork:xwork-core 15 org.xwiki.platform:xwiki-platform-web 14 activesupport 14 zendframework/zendframework1 14 ghost 14 ec-cube/ec-cube 14 symfony/security-http 14 smarty/smarty 14 phpmailer/phpmailer 14 tinymce 14 pyload-ng 14 github.com/containerd/containerd 14 publify_core 14 swagger-ui 14 modoboa 14 org.apache.inlong:manager-pojo 14 typo3/cms-backend 14 pyftpdlib 14 codeigniter4/framework 13 github.com/mattermost/mattermost-server 13 lavalite/cms 13 github.com/traefik/traefik/v2 13 joplin 13 elefant/cms 13 october/system 13 strapi 13 bolt/bolt 13 ckeditor4 13 passenger 13 OctoPrint 13 impresscms/impresscms 13 github.com/nats-io/nats-server/v2 13 org.apache.cxf:cxf 13 org.apache.hadoop:hadoop-main 13 actionview 12 deno 12 undici 12
Filter by Repository
https://github.com/tensorflow/tensorflow 432 https://github.com/chakra-core/ChakraCore 214 https://github.com/moodle/moodle 210 https://github.com/xwiki/xwiki-platform 172 https://github.com/jenkinsci/jenkins 148 https://github.com/pimcore/pimcore 111 https://github.com/apache/tomcat 96 https://github.com/django/django 95 https://github.com/apache/airflow 90 https://github.com/microweber/microweber 85 https://github.com/FasterXML/jackson-databind 70 https://github.com/thorsten/phpmyfaq 69 https://github.com/usememos/memos 59 https://github.com/keycloak/keycloak 59 https://github.com/Dolibarr/dolibarr 55 https://github.com/rails/rails 53 https://github.com/ansible/ansible 53 https://github.com/python-pillow/Pillow 52 https://github.com/kubernetes/kubernetes 49 https://github.com/symfony/symfony 47 https://github.com/TYPO3/typo3 46 https://github.com/librenms/librenms 46 https://github.com/apache/struts 46 https://github.com/shopware/platform 43 https://github.com/ikus060/rdiffweb 42 https://github.com/spring-projects/spring-framework 41 https://github.com/grafana/grafana 39 https://github.com/star7th/showdoc 38 https://github.com/vyperlang/vyper 38 https://github.com/phpmyadmin/phpmyadmin 38 https://github.com/plone/Products.CMFPlone 37 https://github.com/argoproj/argo-cd 37 https://github.com/x-stream/xstream 36 https://github.com/openstack/nova 36 https://github.com/concretecms/concretecms 34 https://github.com/answerdev/answer 34 https://github.com/octobercms/october 33 https://github.com/apache/activemq 33 https://github.com/saltstack/salt 32 https://github.com/sparklemotion/nokogiri 32 https://github.com/matrix-org/synapse 32 https://github.com/go-gitea/gitea 31 https://github.com/PaddlePaddle/Paddle 31 https://github.com/magento/magento2 31 https://github.com/parse-community/parse-server 29 https://github.com/craftcms/cms 29 https://github.com/mautic/mautic 28 https://github.com/opencv/opencv 28 https://github.com/CVEProject/cvelist 28 https://github.com/snipe/snipe-it 28 https://github.com/mlflow/mlflow 27 https://github.com/openstack/keystone 27 https://github.com/froxlor/froxlor 26 https://github.com/apache/inlong 26 https://github.com/electron/electron 25 https://github.com/rancher/rancher 25 https://github.com/dotnet/runtime 24 https://github.com/shopware/shopware 24 https://github.com/getgrav/grav 24 https://github.com/TYPO3/TYPO3.CMS 24 https://github.com/pmmp/PocketMine-MP 23 https://github.com/github/advisory-database 23 https://github.com/livehelperchat/livehelperchat 23 https://github.com/eclipse/jetty.project 23 https://github.com/PrestaShop/PrestaShop 22 https://github.com/baserproject/basercms 22 https://github.com/firefly-iii/firefly-iii 22 https://github.com/nervosnetwork/ckb 22 https://github.com/contao/contao 22 https://github.com/apache/nifi 21 https://github.com/jenkinsci/script-security-plugin 21 https://github.com/strapi/strapi 21 https://github.com/netty/netty 20 https://github.com/jeecgboot/jeecg-boot 20 https://github.com/OpenNMS/opennms 20 https://github.com/cilium/cilium 20 https://github.com/OpenZeppelin/openzeppelin-contracts 20 https://github.com/gogs/gogs 20 https://github.com/nilsteampassnet/teampass 19 https://github.com/hashicorp/consul 19 https://github.com/bcgit/bc-java 19 https://github.com/apache/cxf 19 https://github.com/cloudfoundry/uaa 19 https://github.com/helm/helm 19 https://github.com/intelliants/subrion 19 https://github.com/rubygems/rubygems 18 https://github.com/nilsteampassnet/TeamPass 18 https://github.com/getkirby/kirby 18 https://github.com/vaadin/platform 17 https://github.com/rack/rack 17 https://github.com/liufee/cms 17 https://github.com/directus/directus 17 https://github.com/bytecodealliance/wasmtime 17 https://github.com/rusqlite/rusqlite 16 https://github.com/yetiforcecompany/yetiforcecrm 16 https://github.com/etcd-io/etcd 16 https://github.com/opencast/opencast 16 https://github.com/sequelize/sequelize 16 https://github.com/umbraco/Umbraco-CMS 16 https://github.com/forkcms/forkcms 16 https://github.com/ethereum/go-ethereum 16 https://github.com/hashicorp/vault 16 https://github.com/centreon/centreon 15 https://github.com/simplesamlphp/simplesamlphp 15 https://github.com/laravel/framework 15 https://github.com/puppetlabs/puppet 15 https://github.com/goharbor/harbor 15 https://github.com/geoserver/geoserver 15 https://github.com/OpenMage/magento-lts 15 https://github.com/denoland/deno 15 https://github.com/apache/camel 15 https://github.com/containerd/containerd 14 https://github.com/PHPMailer/PHPMailer 14 https://github.com/mattermost/mattermost 14 https://github.com/pyca/cryptography 14 https://github.com/cockpit-hq/cockpit 14 https://github.com/langchain-ai/langchain 14 https://github.com/moby/moby 14 https://github.com/cobbler/cobbler 14 https://github.com/vantage6/vantage6 14 https://github.com/tinymce/tinymce 14 https://github.com/gradio-app/gradio 14 https://github.com/pyload/pyload 14 https://github.com/quarkusio/quarkus 13 https://github.com/traefik/traefik 13 https://github.com/golang/go 13 https://github.com/hashicorp/nomad 13 https://github.com/swagger-api/swagger-ui 13 https://github.com/silverstripe/silverstripe-framework 13 https://github.com/xuxueli/xxl-job 13 https://github.com/dromara/hutool 13 https://github.com/publify/publify 13 https://github.com/modoboa/modoboa 13 https://github.com/undertow-io/undertow 13 https://github.com/ming-soft/MCMS 13 https://github.com/dompdf/dompdf 13 https://github.com/backstage/backstage 12 https://github.com/apache/dolphinscheduler 12 https://github.com/patriksimek/vm2 12 https://github.com/laurent22/joplin 12 https://github.com/ckeditor/ckeditor4 12 https://github.com/twisted/twisted 12 https://github.com/apache/kylin 12 https://github.com/nodejs/undici 12 https://github.com/TryGhost/Ghost 12 https://github.com/centreon/centreon-archived 12 https://github.com/igniterealtime/Openfire 11 https://github.com/top-think/framework 11 https://github.com/Studio-42/elFinder 11 https://github.com/thorsten/phpMyFAQ 11 https://github.com/dotnet/aspnetcore 11 https://github.com/janeczku/calibre-web 11 https://github.com/cakephp/cakephp 11 https://github.com/openfga/openfga 11 https://github.com/drupal/core 11 https://github.com/onionshare/onionshare 11 https://github.com/puma/puma 11 https://github.com/smarty-php/smarty 11 https://github.com/vaadin/flow 11 https://github.com/1Panel-dev/1Panel 11 https://github.com/aio-libs/aiohttp 11 https://github.com/containers/podman 11 https://github.com/ezsystems/ezpublish-kernel 11 https://github.com/cloudflare/cfrpki 11 https://github.com/nats-io/nats-server 11 https://github.com/zitadel/zitadel 11 https://github.com/opencontainers/runc 11 https://github.com/NodeBB/NodeBB 11 https://github.com/urllib3/urllib3 11 https://github.com/vercel/next.js 11 https://github.com/scrapy/scrapy 11 https://github.com/dolibarr/dolibarr 10 https://github.com/jquery/jquery 10 https://github.com/jenkinsci/git-plugin 10 https://github.com/keystonejs/keystone 10 https://github.com/wagtail/wagtail 10 https://github.com/pimcore/admin-ui-classic-bundle 10 https://github.com/openstack/glance 10 https://github.com/nextauthjs/next-auth 10 https://github.com/Sylius/Sylius 10 https://github.com/codeigniter4/CodeIgniter4 10 https://github.com/dpgaspar/Flask-AppBuilder 10 https://github.com/zopefoundation/Zope 10 https://github.com/greenpau/caddy-security 10 https://github.com/phusion/passenger 10 https://github.com/jupyter/notebook 10 https://github.com/nocodb/nocodb 10 https://github.com/OPCFoundation/UA-.NETStandard 10 https://github.com/WWBN/AVideo 10 https://github.com/Pylons/waitress 9 https://github.com/Graylog2/graylog2-server 9 https://github.com/spring-projects/spring-security 9 https://github.com/neorazorx/facturascripts 9 https://github.com/apache/lucene-solr 9 https://github.com/funadmin/funadmin 9 https://github.com/nautobot/nautobot 9 https://github.com/DSpace/DSpace 9 https://github.com/faucetsdn/ryu 9 https://github.com/semplon/GeniXCMS 9