Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories

Loading...
Moderate
GSA_kwCzR0hTQS14YzdxLXE2MmYtd2N2cs4AAe6Q
Apache Solr for TYPO3 (solr) extension is vulnerable to Cross-site scripting (XSS)
Ecosystems: packagist
Packages: apache-solr-for-typo3/solr
Source: GitHub Advisory Database
Blast Radius: 6.5
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1jamcyLTJmamctZnBoNM0jVQ
Integer underflow in Frontier
Ecosystems: cargo
Packages: frontier
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXI5Y2gtbTRmaC1mYzdx
Moderate severity vulnerability that affects org.bouncycastle:bcprov-jdk14 and org.bouncycastle:bcprov-jdk15
Ecosystems: maven
Packages: org.bouncycastle:bcprov-jdk15, org.bouncycastle:bcprov-jdk14
Source: GitHub Advisory Database
Blast Radius: 17.7
Published: over 5 years ago
Moderate
GSA_kwCzR0hTQS1qcjM3LTY2cGotMzZ2N80g8A
Cross-site Scripting in DayByDay CRM
Ecosystems: packagist
Packages: bottelet/flarepoint
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS00NGd2LWZnY2otdzU0Ns0g7w
Missing Authorization in DayByDay CRM
Ecosystems: packagist
Packages: bottelet/flarepoint
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1qZjl2LWZ4ZnEtd203Ns4AAfIM
Lift Sensitive Information Disclosure
Ecosystems: maven
Packages: net.liftweb:lift-webkit
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS0zNmd4LTlxNmgtZzQyOc4AAx3o
vantage6 vulnerable to Observable Response Discrepancy
Ecosystems: pypi
Packages: vantage6
Source: GitHub Advisory Database
Blast Radius: 6.2
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1jcDVyLXhxanItODRnbc4AAttB
Jenkins Compuware ISPW Operations Plugin does not perform permission checks in several HTTP endpoints
Ecosystems: maven
Packages: com.compuware.jenkins:compuware-ispw-operations
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXFoM20tcXc2di1xdmhn
Moderate severity vulnerability that affects io.vertx:vertx-core
Ecosystems: maven
Packages: io.vertx:vertx-core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 5 years ago
Moderate
GSA_kwCzR0hTQS1tajQ4LWY5NTktcHFwaM4AAesR
DotNetNuke (DNN) Open redirect vulnerability
Ecosystems: nuget
Packages: DotNetNuke.Core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS13N3JxLThmMmctanZxcs4AAdNj
Djiblets Cross-site scripting Vulnerability via JSON Objects
Ecosystems: pypi
Packages: Djblets
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1oYzRqLTdtcWctY3hqas4AAv5R
PHPServerMon PRNG has Insufficient Entropy
Ecosystems: packagist
Packages: phpservermon/phpservermon
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS12Yzg5LWhjY2YtcnE1Nc0hAg
Hash collision in typelevel jawn
Ecosystems: maven
Packages: org.typelevel:jawn-parser
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS01MndyLTN2d3ctcm1wcc4AAejn
SOAPpy vulnerable to XML External Entity attacks
Ecosystems: pypi
Packages: SOAPpy
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1mbW1xLWo3cHEtZjg1Y84AAd47
JRuby denial of service via Hash Collision
Ecosystems: maven
Packages: org.jruby:jruby-parent
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS0zZzZ3LTRtN3gtOTd2Ns4AAeQ6
Plone Cross-site scripting Vulnerability
Ecosystems: pypi
Packages: plone
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS04YzgyLTlyZ3AtNHF2cs4AAV9O
Improper Neutralization of Input During Web Page Generation Apache Sling Servlets Post
Ecosystems: maven
Packages: org.apache.sling:org.apache.sling.servlets.post
Source: GitHub Advisory Database
Blast Radius: 17.3
Published: about 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWNjanAtdzcyMy0yamYy
Apache Tika Server exposes sensitive information
Ecosystems: maven
Packages: org.apache.tika:tika-server
Source: GitHub Advisory Database
Blast Radius: 4.8
Published: over 5 years ago
Moderate
GSA_kwCzR0hTQS1neHE1LTc5bTItZ3Z2cc4AAwXR
Apache Bookkeeper vulnerable to Improper Certificate Validation
Ecosystems: maven
Packages: org.apache.bookkeeper:bookkeeper-common
Source: GitHub Advisory Database
Blast Radius: 12.7
Published: over 1 year ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWZ3NHAtMzZqOS1ycmoz
Denial of Service in sequelize
Ecosystems: npm
Packages: sequelize
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Moderate
GSA_kwCzR0hTQS02bXY5LWhjeDUtN21oaM3mmQ
Server-Side Request Forgery in Jenkins
Ecosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1waGpxLTd4cXAtMjUyNs4AA3vN
Jenkins Nexus Platform Plugin Cross-Site Request Forgery vulnerability
Ecosystems: maven
Packages: org.sonatype.nexus.ci:nexus-jenkins-plugin
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS1jNmY5LTRwbXYtbTdtNs4AAb08
Apache Hadoop allows impersonation of arbitrary cluster user accounts
Ecosystems: maven
Packages: org.apache.hadoop:hadoop-main
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS03NnBnLW1yOXYtNXZ3Y84AAts_
Jenkins Repository Connector Plugin allows attackers with Overall/Read permission to enumerate credentials IDs
Ecosystems: maven
Packages: org.jenkins-ci.plugins:repository-connector
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS01OXc4LTR3bTItNHh3OM4AAfPe
Django Image Field Vulnerable to Image Decompression Bombs
Ecosystems: pypi
Packages: django
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS0zeDVqLTl2d3ItOHJyNc4AAxyq
Update share links to use FRP instead of SSH tunneling
Ecosystems: pypi
Packages: gradio
Source: GitHub Advisory Database
Blast Radius: 22.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS05MzN4LTVnN3ItNzczcc4AAu-g
CSRF vulnerability in Jenkins Security Inspector plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:security-inspector
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS0ycnBtLTR4OGMtcHZxZ84AARRr
Improper Limitation of a Pathname to a Restricted Directory in Zip4j
Ecosystems: maven
Packages: net.lingala.zip4j:zip4j
Source: GitHub Advisory Database
Blast Radius: 22.5
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1tcnB2LTVwbXItcDkyaM4AAxx-
Improper Privilege Management in Apache Sling
Ecosystems: maven
Packages: org.apache.sling:org.apache.sling.i18n
Source: GitHub Advisory Database
Blast Radius: 11.7
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS02ODJqLTJwNTMteHA1Zs4AAvdV
Agent-to-controller security bypass vulnerability in Jenkins BMC Compuware Source Code Download for Endevor, PDS, and ISPW Plugin
Ecosystems: maven
Packages: com.compuware.jenkins:compuware-scm-downloader
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1oY3hxLXg3N3EtMzQ2Oc4AARRs
Improper Limitation of a Pathname to a Restricted Directory in plexus-archiver
Ecosystems: maven
Packages: org.codehaus.plexus:plexus-archiver
Source: GitHub Advisory Database
Blast Radius: 19.4
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS13M3Y2LXI2MnItZnZxaM4AAfib
Typo3 API XSS Vulnerabilities
Ecosystems: packagist
Packages: typo3/cms
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS00N21wLXJxMngtd2pmMs32tg
Improper Neutralization of CRLF Sequences in HTTP Headers in Undertow
Ecosystems: maven
Packages: org.jboss.eap:wildfly-undertow
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS03amZtLXB4NTktOTl3OM4AAfiS
Typo3 Extbase Framework Unsafe Deserialization
Ecosystems: packagist
Packages: typo3/cms
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1xd3J4LTQ1eGYtampmN84AA2uL
Elasticsearch vulnerable to stack overflow in the search API
Ecosystems: maven
Packages: org.elasticsearch:elasticsearch
Source: GitHub Advisory Database
Blast Radius: 27.7
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS03dnhjLWNocWotaDgzZ80eiw
showdoc is vulnerable to Cross-Site Request Forgery (CSRF)
Ecosystems: packagist
Packages: showdoc/showdoc
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS13OHIyLTVqOHgteDhqNs4AATig
Improper Limitation of a Pathname to a Restricted Directory in WildFly
Ecosystems: maven
Packages: org.wildfly.core:wildfly-server
Source: GitHub Advisory Database
Blast Radius: 12.9
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS01NTdmLTJodjQtN2pqbc30Fw
Moodle does not verify group permissions
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS04Y3h3LXd2aGMtcDR4NM4AAvdj
Jenkins NUnit Plugin vulnerable to Protection Mechanism Failure
Ecosystems: maven
Packages: org.jenkins-ci.plugins:nunit
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXg2NWMtNGZnai01ZmMz
Cross-site Scripting in pandao
Ecosystems: npm
Packages: editor.md
Source: GitHub Advisory Database
Blast Radius: 12.7
Published: over 4 years ago
Moderate
GSA_kwCzR0hTQS1oZ205LXB3dzItOTNwY84AAs4p
Cross site scripting in Elefant CMS
Ecosystems: packagist
Packages: elefant/cms
Source: GitHub Advisory Database
Blast Radius: 3.3
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS04Z2M3LXdocGgtcng1cc4AA0qH
Jenkins Test Results Aggregator Plugin vulnerable to Cross Site Request Forgery
Ecosystems: maven
Packages: org.jenkins-ci.plugins:test-results-aggregator
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 10 months ago
Moderate
GSA_kwCzR0hTQS14djdwLWp3NDYtOHI4Nc4AA3xe
Cross-site Scripting in JFinalcms
Ecosystems: maven
Packages: com.jfinal:jfinal
Source: GitHub Advisory Database
Blast Radius: 15.8
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS1qN3BnLTg2M2ctMjJwNs4AAvdT
Webhook endpoint discloses job names to unauthorized users in Jenkins Mercurial Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:mercurial
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1qeDM0LWdxcXEtcjZnbc4AAtBz
Stored XSS via HTML fields in SilverStripe Framework
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 19.6
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1jeGc3LTg0d3AtOHBjcc0cog
YetiForceCRM is vulnerable to Business Logic Errors in the weight of a product
Ecosystems: packagist
Packages: yetiforce/yetiforce-crm
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1ycDQyLWM0NWotZzQ2eM0bdg
yetiforcecrm is vulnerable to Cross-site Scripting
Ecosystems: packagist
Packages: yetiforce/yetiforce-crm
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWY1Y2YtZjdweC14cG1o
Moderate severity vulnerability that affects org.apache.qpid:proton-j
Ecosystems: maven
Packages: org.apache.qpid:proton-j
Source: GitHub Advisory Database
Blast Radius: 17.7
Published: over 5 years ago
Moderate
GSA_kwCzR0hTQS13eHh4LTJ4NnYtOTc5Zs4AAn4G
Reflected XSS in Zen Cart before 1.5.7a
Ecosystems: packagist
Packages: zencart/zencart
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS01Z2pxLTUzMzkteDVjds4AAzXI
Jenkins Code Dx Plugin missing permission checks
Ecosystems: maven
Packages: org.jenkins-ci.plugins:codedx
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS12NGNyLW01ZjgtZ3h3OM0a0Q
yetiforcecrm is vulnerable to Cross-Site Request Forgery (CSRF)
Ecosystems: packagist
Packages: yetiforce/yetiforce-crm
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS04Yzl4LXdmZ2otdjc4d80ZIQ
Open Redirect in showdoc
Ecosystems: packagist
Packages: showdoc/showdoc
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1tNHZxLXY3aHctN2Zxcc4AAi-7
Jenkins RapidDeploy Plugin missing permission check
Ecosystems: maven
Packages: org.jenkins-ci.plugins:rapiddeploy-jenkins
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1qNTRyLXc1ODctOTVxN84AA0qD
Jenkins Oracle Cloud Infrastructure Compute Plugin missing SSH host key validation
Ecosystems: maven
Packages: org.jenkins-ci.plugins:oracle-cloud-infrastructure-compute
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 10 months ago
Moderate
GSA_kwCzR0hTQS03ajNtLThnM2MtOXFxcc4AAu2N
TensorFlow vulnerable to null-dereference in `mlir::tfg::TFOp::nameAttr`
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 28.7
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1wNHdyLTl3Zm0tZjlqd84AA0qI
Jenkins SAML Single Sign On(SSO) Plugin missing permission check
Ecosystems: maven
Packages: io.jenkins.plugins:miniorange-saml-sp
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 10 months ago
Moderate
GSA_kwCzR0hTQS13Mmc0LWc4eHItcHg0eM4AAUa9
CSRF in PHP Server Monitor before 3.3.2
Ecosystems: packagist
Packages: phpservermon/phpservermon
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS12ZjZyLW1taGMtM3hjbc3z1g
Exposure of Sensitive Information to an Unauthorized Actor in Undertow
Ecosystems: maven
Packages: io.undertow:undertow-core
Source: GitHub Advisory Database
Blast Radius: 19.7
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS0ycTg5LTQ4NWMtOWoyeM4AAzSj
Improper random reading in CIRCL
Ecosystems: go
Packages: github.com/cloudflare/circl
Source: GitHub Advisory Database
Blast Radius: 18.3
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1tZ21oLWcydjYtbXF3Nc4AAu2J
TensorFlow vulnerable to `CHECK` failure in `AvgPoolOp`
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 28.7
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1mN3F3LTVmZ2otMjQ3eM0n7A
Cross-site Scripting and Open Redirect in plone.app.contenttypes
Ecosystems: pypi
Packages: plone.app.contenttypes
Source: GitHub Advisory Database
Blast Radius: 8.3
Published: over 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTNtMnItcTh4My14bWY3
Moderate severity vulnerability that affects Microsoft.AspNetCore.All, Microsoft.AspNetCore.Server.Kestrel.Core, Microsoft.AspNetCore.Server.Kestrel.Transport.Abstractions, and Microsoft.AspNetCore.Server.Kestrel.Transport.Libuv
Ecosystems: nuget
Packages: Microsoft.AspNetCore.All, Microsoft.AspNetCore.Server.Kestrel.Transport.Libuv, Microsoft.AspNetCore.Server.Kestrel.Transport.Abstractions, Microsoft.AspNetCore.Server.Kestrel.Core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 5 years ago
Moderate
GSA_kwCzR0hTQS02amo4LW1xeDItN2ZnNc4AAwXL
FeehiCMS Cross Site Scripting vulnerability
Ecosystems: packagist
Packages: feehi/feehicms
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1mNDU0LWptNngtNTZxNs4AAv6i
Cross-site Scripting in Zenario
Ecosystems: packagist
Packages: tribalsystems/zenario
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTNqN20taG1oMy05am1w
Cross-Site Scripting in sanitize-html
Ecosystems: npm
Packages: sanitize-html
Source: GitHub Advisory Database
Blast Radius: 30.2
Published: about 4 years ago
Moderate
GSA_kwCzR0hTQS1mNTQ1LXZwd3AtcjlqN80Y0A
showdoc is vulnerable to URL Redirection to Untrusted Site
Ecosystems: packagist
Packages: showdoc/showdoc
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1tY2ZtLWo1ZzYtdzI2Zs0-_A
Elgg Reflected XSS Vulnerability
Ecosystems: packagist
Packages: elgg/elgg
Source: GitHub Advisory Database
Blast Radius: 8.2
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1qbTZwLXdmamcteG03eM0Yfg
bookstack is vulnerable to Improper Access Control
Ecosystems: packagist
Packages: ssddanbrown/bookstack
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1nZzQ0LXhtNXAteDljbc4AA0qd
Jenkins ElasticBox CI Plugin missing permission check
Ecosystems: maven
Packages: org.jenkins-ci.plugins:elasticbox
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 10 months ago
Moderate
GSA_kwCzR0hTQS0zOW0zLWNqOGMtODg2cs4AA2Kn
Dolibarr Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: dolibarr/dolibarr
Source: GitHub Advisory Database
Blast Radius: 4.2
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS01aGZtLWc3OTktd2p3Ns4AAs5N
Cross site scripting in Elefant CMS
Ecosystems: packagist
Packages: elefant/cms
Source: GitHub Advisory Database
Blast Radius: 3.7
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1qeG13LTNneGYtZnByaM4AAuZe
Improper masking of credentials Jenkins in Git Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:git
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS02dzNoLXZxN20tdjNxZs4AATng
Jenkins Black Duck Detect Plugin information exposure vulnerability
Ecosystems: maven
Packages: com.synopsys.integration:synopsys-detect
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1nMmo2LTU3djctZ204Y84AAydu
runc AppArmor bypass with symlinked /proc
Ecosystems: go
Packages: github.com/opencontainers/runc
Source: GitHub Advisory Database
Blast Radius: 27.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS01anFwLTg4NXcteGozMs4AAvzx
pymatgen is vulnerable to Regular Expression Denial of Service (ReDoS)
Ecosystems: pypi
Packages: pymatgen
Source: GitHub Advisory Database
Blast Radius: 15.7
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1jNmo3LTRmcjktYzc2cM0Xqg
Incorrect permissions in Apache Ozone
Ecosystems: maven
Packages: org.apache.ozone:ozone-main
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1wZmo3LXczNzMtZ3FjaM0WwQ
Cross-Site Request Forgery in firefly-iii
Ecosystems: packagist
Packages: grumpydictator/firefly-iii
Source: GitHub Advisory Database
Blast Radius: 4.5
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS05d3hqLTM3cDgtNDlmZs4AAkbA
Diavante vue-storefront-api and storefront-api disclose stack trace
Ecosystems: npm
Packages: vue-storefront-api, storefront-api
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS03dmZ4LWhmdm0tcmhyOM4AA24s
cordova-plugin-fingerprint-aio DoS vulnerability
Ecosystems: npm
Packages: cordova-plugin-fingerprint-aio
Source: GitHub Advisory Database
Blast Radius: 15.1
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS1tM3A2LTQzeGotcGY5ds4AA3xl
Cross-site Scripting in JFinalcms
Ecosystems: maven
Packages: com.jfinal:jfinal
Source: GitHub Advisory Database
Blast Radius: 15.8
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS1tNGhqLXdnMnItcXBjcs0XLw
showdoc is vulnerable to Cross-Site Request Forgery (CSRF)
Ecosystems: packagist
Packages: showdoc/showdoc
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS05Njl3LXE3NHEtOWo4ds4AAwNT
Unsound API in `secp256k1` allows use-after-free and invalid deallocation from safe code
Ecosystems: cargo
Packages: secp256k1
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1oaHc1LWMzMjYtODIyaM4AA3ww
Open redirect in Apache Shiro
Ecosystems: maven
Packages: org.apache.shiro:shiro-web
Source: GitHub Advisory Database
Blast Radius: 24.7
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS14NWpwLTlmbW0tbTlwZs0XMA
showdoc is vulnerable to Cross-Site Request Forgery (CSRF)
Ecosystems: packagist
Packages: showdoc/showdoc
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS05Y3dnLW1oeGYtaGg1Oc4AAYL4
Django Cross-site scripting (XSS) vulnerability via is_safe_url function
Ecosystems: pypi
Packages: django
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS03cDdjLXB2dngtMnZ4M84AAwJ3
hyper-staticfile's improper validation of Windows paths could lead to directory traversal attack
Ecosystems: cargo
Packages: hyper-staticfile
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1jbTdqLXA4aGMtOTd2as4AAttG
Jenkins Git client plugin 3.11.0 does not perform SSH host key verification
Ecosystems: maven
Packages: org.jenkins-ci.plugins:git-client
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1jd2NmLTVtNXctbXEyd84AAWew
Exposure of Sensitive Information to an Unauthorized Actor in Jenkins SSH Credentials Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:credentials, org.jenkins-ci.plugins:ssh-credentials
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS0zNjh2LTd2MzItNTJmeM4AAv_D
Overflow in `ResizeNearestNeighborGrad`
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 23.4
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS13eGczLW1mcGgtcWc5d84AAXiG
Django Might Allow CSRF Requests via URL Verification
Ecosystems: pypi
Packages: Django
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1qdmpwLXZoMjctcjloNc0Wug
Cross-site Scripting in PiranhaCMS
Ecosystems: nuget
Packages: Piranha
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS04bWM0LTJ4cmMtZzU4Ms4AAjY8
Plone cross site scripting (XSS)
Ecosystems: pypi
Packages: Plone
Source: GitHub Advisory Database
Blast Radius: 4.6
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS05Y3ZjLXY3d20tOTkyY84AA1Uh
When `ui.isAccessAllowed` is `undefined`, the `adminMeta` GraphQL query is publicly accessible
Ecosystems: npm
Packages: @keystone-6/core
Source: GitHub Advisory Database
Blast Radius: 11.3
Published: 9 months ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTNwM2gtcWdocC1odmgy
Open Redirect in werkzeug
Ecosystems: pypi
Packages: werkzeug
Source: GitHub Advisory Database
Blast Radius: 29.3
Published: about 3 years ago
Moderate
GSA_kwCzR0hTQS12ajYyLWc2M3YtZjhtZs0Wig
Validity check missing in Frontier
Ecosystems: cargo
Packages: Frontier
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS0yN3JjLTcyOGYteDV3Ms4AAv-_
`CHECK` fail via inputs in `SdcaOptimizer`
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 23.4
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS03aDQ1LWdyYzUtODl3cc4AA1SS
Svelecte item names vulnerable to execution of arbitrary JavaScript
Ecosystems: npm
Packages: svelecte
Source: GitHub Advisory Database
Blast Radius: 7.5
Published: 9 months ago
Moderate
GSA_kwCzR0hTQS1xNXEzLXFtMjYtOWp3bc4AA3-T
Authenticated Blind SSRF in automad/automad
Ecosystems: packagist
Packages: automad/automad
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS1ncTRwLTRoeHYtNXJnOc4AAtte
WASM3 segmentation fault
Ecosystems: cargo, pypi
Packages: wasm3, pywasm3
Source: GitHub Advisory Database
Blast Radius: 5.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1mOGh2LXJ4OXAtZjlyNM4AAxvG
generator-hottowel Cross-site Scripting vulnerability
Ecosystems: npm
Packages: generator-hottowel
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
Statistics
Advisories: 18,752
Packages: 8,375
Repositories: 5,076
Ecosystems: 12
Filter by Severity
Moderate 8,149 High 6,447 Critical 2,848 Low 1,014
Filter by Ecosystem
maven 5,573 packagist 3,982 pypi 3,848 npm 3,558 go 1,934 nuget 1,421 rubygems 815 cargo 780 swift 31 hex 30 actions 16 pub 8
Filter by Package
tensorflow 432 tensorflow-cpu 387 tensorflow-gpu 384 moodle/moodle 323 Microsoft.ChakraCore 247 magento/community-edition 203 org.jenkins-ci.main:jenkins-core 189 org.apache.tomcat:tomcat 134 pimcore/pimcore 116 dolibarr/dolibarr 107 typo3/cms 102 phpmyadmin/phpmyadmin 92 microweber/microweber 91 drupal/core 90 django 80 apache-airflow 78 typo3/cms-core 77 drupal/drupal 75 thorsten/phpmyfaq 70 com.fasterxml.jackson.core:jackson-databind 69 ansible 63 github.com/usememos/memos 59 actionpack 57 org.apache.struts:struts2-core 55 librenms/librenms 54 symfony/symfony 53 salt 53 concrete5/concrete5 52 Plone 52 apache-superset 49 shopware/platform 48 org.keycloak:keycloak-core 47 com.liferay.portal:release.portal.bom 45 nova 45 github.com/grafana/grafana 44 baserproject/basercms 43 plone 43 nokogiri 43 rdiffweb 42 Pillow 41 showdoc/showdoc 40 intelliants/subrion 40 craftcms/cms 40 github.com/mattermost/mattermost/server/v8 38 vyper 38 github.com/mattermost/mattermost-server/v6 37 froxlor/froxlor 37 nilsteampassnet/teampass 37 shopware/core 36 com.thoughtworks.xstream:xstream 36 com.jfinal:jfinal 36 org.apache.tomcat.embed:tomcat-embed-core 36 net.mingsoft:ms-mcms 35 matrix-synapse 35 org.xwiki.platform:xwiki-platform-oldcore 34 github.com/answerdev/answer 34 moin 34 mlflow 33 snipe/snipe-it 32 org.jenkins-ci.plugins:script-security 32 silverstripe/framework 32 org.elasticsearch:elasticsearch 32 k8s.io/kubernetes 32 mautic/core 30 Django 30 opencv-contrib-python 30 opencv-python 30 keystone 30 parse-server 29 github.com/argoproj/argo-cd 29 getgrav/grav 29 github.com/rancher/rancher 28 github.com/hashicorp/vault 28 centreon/centreon 27 shopware/shopware 27 io.undertow:undertow-core 27 org.keycloak:keycloak-services 27 github.com/hashicorp/nomad 26 github.com/hashicorp/consul 26 openssl-src 26 electron 26 prestashop/prestashop 26 org.keycloak:keycloak-parent 25 rubygems-update 25 org.apache.solr:solr-core 25 magento/core 24 gogs.io/gogs 24 github.com/argoproj/argo-cd/v2 23 remdex/livehelperchat 23 org.springframework.security:spring-security-core 23 pocketmine/pocketmine-mp 23 puppet 23 org.eclipse.jetty:jetty-server 23 org.apache.nifi:nifi 22 getkirby/cms 22 grumpydictator/firefly-iii 22 ckb 22 rack 22 org.bouncycastle:bcprov-jdk14 22 activerecord 21 @openzeppelin/contracts-upgradeable 21 org.apache.openmeetings:openmeetings-parent 21 contao/core-bundle 21 github.com/ethereum/go-ethereum 20 org.cloudfoundry.identity:cloudfoundry-identity-server 20 github.com/docker/docker 20 tribalsystems/zenario 20 @openzeppelin/contracts 20 github.com/cilium/cilium 20 code.gitea.io/gitea 19 DotNetNuke.Core 19 org.springframework:spring-core 19 laravel/framework 19 com.liferay.portal:release.dxp.bom 18 glance 18 Microsoft.AspNetCore.App.Runtime.win-x64 18 Microsoft.AspNetCore.App.Runtime.win-x86 18 forkcms/forkcms 18 helm.sh/helm/v3 18 cockpit-hq/cockpit 18 contao/contao 18 directus 18 com.vaadin:vaadin-bom 18 simplesamlphp/simplesamlphp 18 langchain 18 genix/cms 17 ezsystems/ezpublish-kernel 17 PaddlePaddle 17 Microsoft.AspNetCore.App.Runtime.win-arm 17 org.apache.geode:geode-core 17 cakephp/cakephp 17 golang.org/x/net 17 org.xwiki.platform:xwiki-platform-web-templates 17 symfony/security 17 mercurial 17 cobbler 17 francoisjacquet/rosariosis 17 topthink/framework 17 mediawiki/core 17 Microsoft.AspNetCore.App.Runtime.linux-musl-x64 16 org.apache.activemq:activemq-client 16 Microsoft.AspNetCore.App.Runtime.linux-arm64 16 Microsoft.AspNetCore.App.Runtime.linux-x64 16 Microsoft.AspNetCore.App.Runtime.linux-arm 16 rusqlite 16 Microsoft.AspNetCore.App.Runtime.osx-x64 16 sequelize 16 yetiforce/yetiforce-crm 16 wasmtime 16 pillow 16 org.apache.dubbo:dubbo 16 org.bouncycastle:bcprov-jdk15 16 neutron 16 Microsoft.AspNetCore.App.Runtime.win-arm64 15 github.com/goharbor/harbor 15 openmage/magento-lts 15 paddlepaddle 15 cryptography 15 notebook 15 org.apache.struts.xwork:xwork-core 15 Microsoft.AspNetCore.App.Runtime.linux-musl-arm64 15 next 15 gradio 15 org.apache.jspwiki:jspwiki-main 15 swagger-ui 14 ghost 14 phpmailer/phpmailer 14 org.xwiki.platform:xwiki-platform-web 14 ec-cube/ec-cube 14 zendframework/zendframework1 14 activesupport 14 github.com/containerd/containerd 14 pyload-ng 14 tinymce 14 pyftpdlib 14 smarty/smarty 14 modoboa 14 org.apache.inlong:manager-pojo 14 typo3/cms-backend 14 symfony/security-http 14 publify_core 14 github.com/mattermost/mattermost-server 13 org.apache.cxf:cxf 13 github.com/nats-io/nats-server/v2 13 github.com/traefik/traefik/v2 13 elefant/cms 13 passenger 13 october/system 13 org.apache.hadoop:hadoop-main 13 joplin 13 impresscms/impresscms 13 OctoPrint 13 strapi 13 bolt/bolt 13 ckeditor4 13 lavalite/cms 13 codeigniter4/framework 13 github.com/opencontainers/runc 12 swift 12 Microsoft.NETCore.App.Runtime.win-arm64 12
Filter by Repository
https://github.com/tensorflow/tensorflow 432 https://github.com/chakra-core/ChakraCore 214 https://github.com/moodle/moodle 210 https://github.com/xwiki/xwiki-platform 172 https://github.com/jenkinsci/jenkins 148 https://github.com/pimcore/pimcore 111 https://github.com/apache/tomcat 96 https://github.com/django/django 94 https://github.com/apache/airflow 90 https://github.com/microweber/microweber 85 https://github.com/FasterXML/jackson-databind 70 https://github.com/thorsten/phpmyfaq 69 https://github.com/keycloak/keycloak 59 https://github.com/usememos/memos 59 https://github.com/Dolibarr/dolibarr 55 https://github.com/rails/rails 53 https://github.com/ansible/ansible 53 https://github.com/python-pillow/Pillow 52 https://github.com/kubernetes/kubernetes 49 https://github.com/symfony/symfony 47 https://github.com/apache/struts 46 https://github.com/TYPO3/typo3 46 https://github.com/librenms/librenms 46 https://github.com/shopware/platform 43 https://github.com/ikus060/rdiffweb 42 https://github.com/spring-projects/spring-framework 41 https://github.com/grafana/grafana 39 https://github.com/vyperlang/vyper 38 https://github.com/phpmyadmin/phpmyadmin 38 https://github.com/star7th/showdoc 38 https://github.com/plone/Products.CMFPlone 37 https://github.com/argoproj/argo-cd 37 https://github.com/openstack/nova 36 https://github.com/x-stream/xstream 36 https://github.com/concretecms/concretecms 34 https://github.com/answerdev/answer 34 https://github.com/apache/activemq 33 https://github.com/octobercms/october 33 https://github.com/saltstack/salt 32 https://github.com/matrix-org/synapse 32 https://github.com/sparklemotion/nokogiri 32 https://github.com/PaddlePaddle/Paddle 31 https://github.com/magento/magento2 31 https://github.com/go-gitea/gitea 31 https://github.com/parse-community/parse-server 29 https://github.com/craftcms/cms 29 https://github.com/mautic/mautic 28 https://github.com/opencv/opencv 28 https://github.com/snipe/snipe-it 28 https://github.com/CVEProject/cvelist 28 https://github.com/mlflow/mlflow 27 https://github.com/openstack/keystone 27 https://github.com/froxlor/froxlor 26 https://github.com/apache/inlong 26 https://github.com/rancher/rancher 25 https://github.com/electron/electron 25 https://github.com/dotnet/runtime 24 https://github.com/TYPO3/TYPO3.CMS 24 https://github.com/shopware/shopware 24 https://github.com/getgrav/grav 24 https://github.com/github/advisory-database 23 https://github.com/pmmp/PocketMine-MP 23 https://github.com/livehelperchat/livehelperchat 23 https://github.com/eclipse/jetty.project 23 https://github.com/PrestaShop/PrestaShop 22 https://github.com/nervosnetwork/ckb 22 https://github.com/baserproject/basercms 22 https://github.com/contao/contao 22 https://github.com/firefly-iii/firefly-iii 22 https://github.com/jenkinsci/script-security-plugin 21 https://github.com/apache/nifi 21 https://github.com/strapi/strapi 21 https://github.com/cilium/cilium 20 https://github.com/jeecgboot/jeecg-boot 20 https://github.com/gogs/gogs 20 https://github.com/netty/netty 20 https://github.com/OpenNMS/opennms 20 https://github.com/OpenZeppelin/openzeppelin-contracts 20 https://github.com/helm/helm 19 https://github.com/bcgit/bc-java 19 https://github.com/apache/cxf 19 https://github.com/nilsteampassnet/teampass 19 https://github.com/hashicorp/consul 19 https://github.com/cloudfoundry/uaa 19 https://github.com/intelliants/subrion 19 https://github.com/nilsteampassnet/TeamPass 18 https://github.com/getkirby/kirby 18 https://github.com/rubygems/rubygems 18 https://github.com/bytecodealliance/wasmtime 17 https://github.com/directus/directus 17 https://github.com/liufee/cms 17 https://github.com/vaadin/platform 17 https://github.com/rack/rack 17 https://github.com/etcd-io/etcd 16 https://github.com/opencast/opencast 16 https://github.com/rusqlite/rusqlite 16 https://github.com/yetiforcecompany/yetiforcecrm 16 https://github.com/sequelize/sequelize 16 https://github.com/forkcms/forkcms 16 https://github.com/hashicorp/vault 16 https://github.com/ethereum/go-ethereum 16 https://github.com/umbraco/Umbraco-CMS 16 https://github.com/laravel/framework 15 https://github.com/puppetlabs/puppet 15 https://github.com/geoserver/geoserver 15 https://github.com/OpenMage/magento-lts 15 https://github.com/centreon/centreon 15 https://github.com/goharbor/harbor 15 https://github.com/apache/camel 15 https://github.com/simplesamlphp/simplesamlphp 15 https://github.com/denoland/deno 15 https://github.com/moby/moby 14 https://github.com/vantage6/vantage6 14 https://github.com/containerd/containerd 14 https://github.com/langchain-ai/langchain 14 https://github.com/mattermost/mattermost 14 https://github.com/pyca/cryptography 14 https://github.com/tinymce/tinymce 14 https://github.com/PHPMailer/PHPMailer 14 https://github.com/gradio-app/gradio 14 https://github.com/cockpit-hq/cockpit 14 https://github.com/cobbler/cobbler 14 https://github.com/pyload/pyload 14 https://github.com/xuxueli/xxl-job 13 https://github.com/modoboa/modoboa 13 https://github.com/swagger-api/swagger-ui 13 https://github.com/ming-soft/MCMS 13 https://github.com/traefik/traefik 13 https://github.com/dromara/hutool 13 https://github.com/golang/go 13 https://github.com/dompdf/dompdf 13 https://github.com/hashicorp/nomad 13 https://github.com/undertow-io/undertow 13 https://github.com/quarkusio/quarkus 13 https://github.com/publify/publify 13 https://github.com/silverstripe/silverstripe-framework 13 https://github.com/TryGhost/Ghost 12 https://github.com/ckeditor/ckeditor4 12 https://github.com/laurent22/joplin 12 https://github.com/apache/kylin 12 https://github.com/apache/dolphinscheduler 12 https://github.com/nodejs/undici 12 https://github.com/patriksimek/vm2 12 https://github.com/backstage/backstage 12 https://github.com/centreon/centreon-archived 12 https://github.com/twisted/twisted 12 https://github.com/1Panel-dev/1Panel 11 https://github.com/nats-io/nats-server 11 https://github.com/janeczku/calibre-web 11 https://github.com/scrapy/scrapy 11 https://github.com/urllib3/urllib3 11 https://github.com/smarty-php/smarty 11 https://github.com/Studio-42/elFinder 11 https://github.com/aio-libs/aiohttp 11 https://github.com/NodeBB/NodeBB 11 https://github.com/cakephp/cakephp 11 https://github.com/puma/puma 11 https://github.com/vaadin/flow 11 https://github.com/top-think/framework 11 https://github.com/drupal/core 11 https://github.com/opencontainers/runc 11 https://github.com/dotnet/aspnetcore 11 https://github.com/cloudflare/cfrpki 11 https://github.com/zitadel/zitadel 11 https://github.com/vercel/next.js 11 https://github.com/igniterealtime/Openfire 11 https://github.com/ezsystems/ezpublish-kernel 11 https://github.com/containers/podman 11 https://github.com/openfga/openfga 11 https://github.com/thorsten/phpMyFAQ 11 https://github.com/onionshare/onionshare 11 https://github.com/nocodb/nocodb 10 https://github.com/phusion/passenger 10 https://github.com/dolibarr/dolibarr 10 https://github.com/Sylius/Sylius 10 https://github.com/jquery/jquery 10 https://github.com/jupyter/notebook 10 https://github.com/dpgaspar/Flask-AppBuilder 10 https://github.com/nextauthjs/next-auth 10 https://github.com/greenpau/caddy-security 10 https://github.com/pimcore/admin-ui-classic-bundle 10 https://github.com/WWBN/AVideo 10 https://github.com/jenkinsci/git-plugin 10 https://github.com/wagtail/wagtail 10 https://github.com/zopefoundation/Zope 10 https://github.com/OPCFoundation/UA-.NETStandard 10 https://github.com/keystonejs/keystone 10 https://github.com/codeigniter4/CodeIgniter4 10 https://github.com/openstack/glance 10 https://github.com/cui2shark/cms 9 https://github.com/giampaolo/pyftpdlib 9 https://github.com/cosmos/cosmos-sdk 9 https://github.com/ethyca/fides 9 https://github.com/Pylons/waitress 9 https://github.com/funadmin/funadmin 9 https://github.com/pgadmin-org/pgadmin4 9 https://github.com/openstack/horizon 9 https://github.com/LavaLite/cms 9 https://github.com/fatfreecrm/fat_free_crm 9