Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

High Security Advisories

Loading...
High
GSA_kwCzR0hTQS1qcm1mLXhocjYtMzQyOM4AAiOG
Jenkins SourceGear Vault plugin transmits credentials in plain text
Ecosystems: maven
Packages: org.jenkins-ci.plugins:vault-scm-plugin
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWptZ3ctNnZqZy1qandn
actionpack Improper Input Validation vulnerability
Ecosystems: rubygems
Packages: actionpack
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 6 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXBnZjktaDY5cC1wY2dm
Files or Directories Accessible to External Parties in org.springframework:spring-core
Ecosystems: maven
Packages: org.springframework:spring-core
Source: GitHub Advisory Database
Blast Radius: 44.7
Published: over 5 years ago
High
GSA_kwCzR0hTQS02ZzU3LWgzOGMtcTUyZ84AAUF0
Cross-Site Request Forgery in Jenkins Mailer Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:mailer
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTV3dzktajgzbS1xN3F4
Information exposure in FasterXML jackson-databind
Ecosystems: maven
Packages: com.fasterxml.jackson.core:jackson-databind
Source: GitHub Advisory Database
Blast Radius: 40.4
Published: almost 5 years ago
High
GSA_kwCzR0hTQS13amZxLTg4cTItcjM0as0log
Unhandled exception when decoding form response JSON
Ecosystems: packagist
Packages: pocketmine/pocketmine-mp
Source: GitHub Advisory Database
Blast Radius: 15.6
Published: over 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTk1Y20tODhmNS1mMmM3
jackson-databind mishandles the interaction between serialization gadgets and typing
Ecosystems: maven
Packages: com.fasterxml.jackson.core:jackson-databind
Source: GitHub Advisory Database
Blast Radius: 47.4
Published: about 4 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWo4MjMtNHFjaC0zcmdt
Deserialization of untrusted data in Jackson Databind
Ecosystems: maven
Packages: com.fasterxml.jackson.core:jackson-databind
Source: GitHub Advisory Database
Blast Radius: 43.6
Published: almost 4 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW1jNmgtNHFncC0zN3Fo
Deserialization of untrusted data in Jackson Databind
Ecosystems: maven
Packages: com.fasterxml.jackson.core:jackson-databind
Source: GitHub Advisory Database
Blast Radius: 43.6
Published: almost 4 years ago
High
GSA_kwCzR0hTQS1naDg4LTNweHAtNmZtOM0jtg
Infinite Loop in colors.js
Ecosystems: npm
Packages: colors
Source: GitHub Advisory Database
Blast Radius: 43.0
Published: over 2 years ago
High
GSA_kwCzR0hTQS01N2oyLXc0Y3gtNjJoMs0ybA
Deeply nested json in jackson-databind
Ecosystems: maven
Packages: com.fasterxml.jackson.core:jackson-databind
Source: GitHub Advisory Database
Blast Radius: 40.4
Published: about 2 years ago
High
GSA_kwCzR0hTQS1jaDIyLXgydjMtdjZ2cc0kdg
OTF-001: Improper Input Sanitation: The path parameter of the requested URL is not sanitized before being passed to the QT frontend
Ecosystems: pypi
Packages: onionshare-cli
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
High
GSA_kwCzR0hTQS1qampoLWpqeHAtd3BmZs4AAvJv
Uncontrolled Resource Consumption in Jackson-databind
Ecosystems: maven
Packages: com.fasterxml.jackson.core:jackson-databind
Source: GitHub Advisory Database
Blast Radius: 40.4
Published: over 1 year ago
High
GSA_kwCzR0hTQS03aDJqLWg1eHAtaDNnaM4AAgZC
Missing Authorization in Jenkins SSH plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:ssh
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS00dnJ2LTkzYzctbTkyas4AA0TJ
snyk Code Injection vulnerability
Ecosystems: npm
Packages: snyk
Source: GitHub Advisory Database
Blast Radius: 35.4
Published: 11 months ago
High
GSA_kwCzR0hTQS12eHJoLWNwZzctOHZqcs4AAxfp
openssl-src subject to NULL dereference validating DSA public key
Ecosystems: cargo
Packages: openssl-src
Source: GitHub Advisory Database
Blast Radius: 26.7
Published: over 1 year ago
High
GSA_kwCzR0hTQS1nNmgyLTR4NjQtYzU5eM4AAg9r
Improper Restriction of XML External Entity Reference Jenkins Token Macro Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:oken-macro
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
High
GSA_kwCzR0hTQS0ybTU3LWhmMjUtcGhnZ84AA7Be
sqlparse parsing heavily nested list leads to Denial of Service
Ecosystems: pypi
Packages: sqlparse
Source: GitHub Advisory Database
Blast Radius: 39.8
Published: about 1 month ago
High
GSA_kwCzR0hTQS05NnZoLTRyZnAtYzQyY84AAwEs
HTSJDK is vulnerable to exposure of resource(s) to the wrong sphere
Ecosystems: maven
Packages: com.github.samtools:htsjdk
Source: GitHub Advisory Database
Blast Radius: 18.1
Published: over 1 year ago
High
GSA_kwCzR0hTQS13cnA2LTl3N2YtM3d4Z80kAA
calibre-web is vulnerable to Cross-site Scripting
Ecosystems: pypi
Packages: calibreweb
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
High
GSA_kwCzR0hTQS1xZjg3LXE0Z2ctY2c0M84AAxgj
bottlerocket dependency openssl is vulnerable to dereferenced null pointers
Ecosystems: cargo
Packages: bottlerocket/update-operator
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTNjNDUtd2dqcC03djly
Python Twisted trustRoot is not respected in HTTP client
Ecosystems: pypi
Packages: twisted
Source: GitHub Advisory Database
Blast Radius: 29.5
Published: over 4 years ago
High
GSA_kwCzR0hTQS04NDZnLXA3aG0tZjU0cs4AA7Ba
AWS Amplify CLI has incorrect trust policy management
Ecosystems: npm
Packages: @aws-amplify/cli
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 month ago
High
GSA_kwCzR0hTQS03cDhmLThoam0td205Ms0h7w
Lookup operations do not take into account wildcards in SpiceDB
Ecosystems: go
Packages: github.com/authzed/spicedb
Source: GitHub Advisory Database
Blast Radius: 10.0
Published: over 2 years ago
High
GSA_kwCzR0hTQS00aDljLXY1dmctNW02bc0hUA
Access to restricted PHP code by dynamic static class access in smarty
Ecosystems: packagist
Packages: smarty/smarty
Source: GitHub Advisory Database
Blast Radius: 29.7
Published: over 2 years ago
High
GSA_kwCzR0hTQS12ajNqLThtNngtbWpxNs0sMg
Missing permission check in Jenkins SCP publisher Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:scp
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
High
GSA_kwCzR0hTQS1mcXA2LWZ3OWcteHB4cM4AAxZ4
Insecure Permissions issue in jeecg-boot
Ecosystems: maven
Packages: org.jeecgframework.boot:jeecg-boot-base
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
High
GSA_kwCzR0hTQS0zOHc4LWgyMjItd3JwcM0sKQ
Improper Restriction of XML External Entity Reference in Jenkins Chef Sinatra
Ecosystems: maven
Packages: org.jenkins-ci.plugins:sinatra-chef-builder
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
High
GSA_kwCzR0hTQS14NjN2LXByaGMteHg2Zs02ug
Stored Cross-site Scripting vulnerability in Jenkins Job and Node ownership Plugin
Ecosystems: maven
Packages: com.synopsys.jenkinsci:ownership
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS1yd2cyLXc4MngtdjU3as023g
XML External Entity Reference vulnerability in Jenkins Pipeline: Phoenix AutoTest Plugin
Ecosystems: maven
Packages: com.surenpi.jenkins:phoenix-autotest
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS0zNWg5LWg0MzktdnZtcs0zBg
Stored Cross-site Scripting vulnerability in Jenkins Environment Dashboard Plugin
Ecosystems: maven
Packages: io.jenkins.plugins:environment-dashboard
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS00cGg0LXE5cjUtNndtNs4AAk_N
Deserialization of Untrusted Data in Spring Batch
Ecosystems: maven
Packages: org.springframework.batch:spring-batch-core
Source: GitHub Advisory Database
Blast Radius: 30.6
Published: almost 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWZ2bTMtY2Z2ai1neHFx
High severity vulnerability that affects commons-fileupload:commons-fileupload
Ecosystems: maven
Packages: commons-fileupload:commons-fileupload
Source: GitHub Advisory Database
Blast Radius: 37.6
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWdxMjgtaDV2Zy04cHJ4
Privilege escalation in spring security
Ecosystems: maven
Packages: org.springframework.security:spring-security-web, org.springframework.security:spring-security-bom
Source: GitHub Advisory Database
Blast Radius: 42.3
Published: about 3 years ago
High
GSA_kwCzR0hTQS1jNmZnLTk5cHItMjVtOc0g_g
Uncapped length of skin data fields submitted by players
Ecosystems: packagist
Packages: pocketmine/pocketmine-mp
Source: GitHub Advisory Database
Blast Radius: 15.6
Published: over 2 years ago
High
GSA_kwCzR0hTQS1qZzJnLTRyamctY21xaM4AA57-
Apache Pulsar: Pulsar Functions Worker's Archive Extraction Vulnerability Allows Unauthorized File Modification
Ecosystems: maven
Packages: org.apache.pulsar:pulsar-functions-worker
Source: GitHub Advisory Database
Blast Radius: 7.6
Published: 2 months ago
High
GSA_kwCzR0hTQS01cjV3LWg3NnAtbTcyNs0ftQ
Use of a Broken or Risky Cryptographic Algorithm in Max Mazurov Maddy
Ecosystems: go
Packages: github.com/foxcpp/maddy
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTltZ20tZ2NxOC04Nndx
Improper Authentication in Apache ActiveMQ and Apache Artemis
Ecosystems: maven
Packages: org.apache.activemq:apache-artemis, org.apache.activemq:activemq-parent
Source: GitHub Advisory Database
Blast Radius: 14.8
Published: almost 3 years ago
High
GSA_kwCzR0hTQS1wODN2LTh2bXItcWZ2Oc4AAUVh
Sylabs Singularity Improper Input Validation
Ecosystems: go
Packages: github.com/sylabs/singularity
Source: GitHub Advisory Database
Blast Radius: 7.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS1yeGh4LTlmajYtNmgybc4AArrF
enum_map macro can cause UB when `Enum` trait is incorrectly implemented
Ecosystems: cargo
Packages: enum-map
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1jNG1wLWgzbTItaDVtY84AAXQb
Jenkins CCM Plugin vulnerable to Improper Restriction of XML External Entity Reference
Ecosystems: maven
Packages: org.jvnet.hudson.plugins:ccm
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS1wd3g1LTZ3eGctcHg1aM4AA6Ac
Insecure Variable Substitution in Vela
Ecosystems: go
Packages: github.com/go-vela/worker
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 months ago
High
GSA_kwCzR0hTQS1mZzJxLXY0MjgtMmdwaM4AAggA
Eclipse Vorto resolved Maven build artifacts for the Xtext project over HTTP instead of HTTPS
Ecosystems: maven
Packages: org.eclipse.vorto:org.eclipse.vorto.core
Source: GitHub Advisory Database
Blast Radius: 4.9
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1oNGc3LThtN3ItODdyOc3RvQ
Improper Access Control in pyftpdlib
Ecosystems: pypi
Packages: pyftpdlib
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXhyOGgtNTN4ci1qaGNt
Path Traversal in marked-tree
Ecosystems: npm
Packages: marked-tree
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 3 years ago
High
GSA_kwCzR0hTQS01eHI1LXYyaDctMnc3d84AArMn
SQL injection in SiteServer CMS
Ecosystems: nuget
Packages: SSCMS
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1nM3ZxLWYzNXYtdmhnbc4AASbY
Apache OpenMeetings vulnerable to Uncontrolled Resource Consumption
Ecosystems: maven
Packages: org.apache.openmeetings:openmeetings-parent
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS1xNjc0LXhtM3gtMjkyNs0eag
Uncontrolled Resource Consumption in parse-link-header
Ecosystems: npm
Packages: parse-link-header
Source: GitHub Advisory Database
Blast Radius: 31.4
Published: over 2 years ago
High
GSA_kwCzR0hTQS1wdjRjLXJqNGgtZ3I5bc4AAi-1
Jenkins Alauda DevOps Pipeline Plugin vulnerable to cross-site request forgery
Ecosystems: maven
Packages: com.alauda.jenkins.plugins:alauda-devops-pipeline
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXE5d3ItZ2NqYy1ocTUy
Prototype Pollution in reggae
Ecosystems: npm
Packages: reggae
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
High
GSA_kwCzR0hTQS04NXE5LTc0NjctcjUzcc4AArtb
XSS Vulnerability in Markdown Editor
Ecosystems: pypi
Packages: inventree
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1mNnZmLTQ2NXItaDQycM4AAV-o
Apache OpenMeetings allows remote attackers to read arbitrary files by attempting to upload a file
Ecosystems: maven
Packages: org.apache.openmeetings:openmeetings-parent
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS0zMzVnLXhjamgtZ2hjMs4AAbLh
Apache OpenMeetings vulnerable to SQL injection
Ecosystems: maven
Packages: org.apache.openmeetings:openmeetings-parent
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS1tNDljLTVjNTItNjY5Ns4AA7B8
mlflow vulnerable to Path Traversal
Ecosystems: pypi
Packages: mlflow
Source: GitHub Advisory Database
Blast Radius: 27.8
Published: about 1 month ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXEyYzYtYzZwbS1nM2do
Arbitrary Code Execution in handlebars
Ecosystems: npm
Packages: handlebars
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
High
GSA_kwCzR0hTQS14eHY4LXB2NDMtNTd4Nc4AAQtZ
PEAR core file overwrite vulnerability
Ecosystems: packagist
Packages: pear/pear
Source: GitHub Advisory Database
Blast Radius: 15.9
Published: about 2 years ago
High
GSA_kwCzR0hTQS1oMjRwLXF3ZjQtODRxOM4AAbhV
Apache Hadoop's LinuxContainerExecutor runs docker commands as root with insufficient input validation
Ecosystems: maven
Packages: org.apache.hadoop:hadoop-common
Source: GitHub Advisory Database
Blast Radius: 32.6
Published: about 2 years ago
High
GSA_kwCzR0hTQS1mNDJtLW12ZnYtY2d3Nc4AA7B7
mlflow vulnerable to Path Traversal
Ecosystems: pypi
Packages: mlflow
Source: GitHub Advisory Database
Blast Radius: 27.8
Published: about 1 month ago
High
GSA_kwCzR0hTQS13NXI2LWd4M3EtaG14as3weQ
springframework-social Cross-Site Request Forgery vulnerability
Ecosystems: maven
Packages: org.springframework.social:spring-social-core
Source: GitHub Advisory Database
Blast Radius: 32.1
Published: about 2 years ago
High
GSA_kwCzR0hTQS01bXZqLXdtZ2otN3E4Y84AA7CR
mlflow vulnerable to Path Traversal
Ecosystems: pypi
Packages: mlflow
Source: GitHub Advisory Database
Blast Radius: 30.0
Published: about 1 month ago
High
GSA_kwCzR0hTQS1mODJyLWpqNXItNmc5N84AA7CM
mlflow Path Traversal vulnerability
Ecosystems: pypi
Packages: mlflow
Source: GitHub Advisory Database
Blast Radius: 27.8
Published: about 1 month ago
High
GSA_kwCzR0hTQS1tMzQyLWZmNTctNGpjY80XCQ
Heap OOB read in `tf.raw_ops.SparseCountSparseOutput`
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 34.6
Published: over 2 years ago
High
GSA_kwCzR0hTQS03N2hmLTIzcHEtMmc3Y84AArpn
Code injection in Apache NiFi and NiFi Registry
Ecosystems: maven
Packages: org.apache.nifi:nifi, org.apache.nifi.registry:nifi-registry-core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1qOTI3LTI2OXItOTZ4d84AAyf8
Jenkins Cppcheck Plugin vulnerable to stored cross-site scripting (XSS)
Ecosystems: maven
Packages: org.jenkins-ci.plugins:cppcheck
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
High
GSA_kwCzR0hTQS00d2ZoLTQ4djQtM3I4NM4AAv-f
Cross-site Scripting in Apache Hama
Ecosystems: maven
Packages: org.apache.hama:hama-core
Source: GitHub Advisory Database
Blast Radius: 10.7
Published: over 1 year ago
High
GSA_kwCzR0hTQS0zNGhmLWc3NDQtanc2NM4AAUk-
i18n Vulnerable to Denial of Service Attack
Ecosystems: rubygems
Packages: i18n
Source: GitHub Advisory Database
Blast Radius: 46.1
Published: about 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTV2cTUtcGczci05cGgz
Path Traversal in Zope
Ecosystems: pypi
Packages: Zope
Source: GitHub Advisory Database
Blast Radius: 18.1
Published: almost 3 years ago
High
GSA_kwCzR0hTQS1ndzJnLWhoYzktd2dqaM4AAv5M
Missing Authorization in HashiCorp Consul
Ecosystems: go
Packages: github.com/hashicorp/consul
Source: GitHub Advisory Database
Blast Radius: 26.1
Published: over 1 year ago
High
GSA_kwCzR0hTQS1nanJqLTlyajQtcGd3eM0bsQ
DoS Vulnerability from Upstream Actix Web Issues
Ecosystems: cargo
Packages: perseus-actix-web
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
High
GSA_kwCzR0hTQS0yY3Y1LXF2cTMtNjI3Ns4AA0f-
TeamPass vulnerable to Improper Encoding or Escaping of Output
Ecosystems: packagist
Packages: nilsteampassnet/teampass
Source: GitHub Advisory Database
Blast Radius: 4.6
Published: 11 months ago
High
GSA_kwCzR0hTQS1oZmZ4LXIyODItdzJnOc4AAv3t
Path Traversal in Liferay Portal
Ecosystems: maven
Packages: com.liferay.portal:release.portal.bom
Source: GitHub Advisory Database
Blast Radius: 11.4
Published: over 1 year ago
High
GSA_kwCzR0hTQS12NnJoLWhwNXgtODZyds0afw
Potential bypass of an upstream access control based on URL paths in Django
Ecosystems: pypi
Packages: Django
Source: GitHub Advisory Database
Blast Radius: 36.9
Published: over 2 years ago
High
GSA_kwCzR0hTQS1nOGhwLXJjNjctamY5Ns4AAv3u
Path Traversal in Liferay Portal
Ecosystems: maven
Packages: com.liferay.portal:release.portal.bom
Source: GitHub Advisory Database
Blast Radius: 11.4
Published: over 1 year ago
High
GSA_kwCzR0hTQS1jMzVoLXc4aGotbW01Nc4AA574
Apache Pulsar: Improper Authentication for Pulsar Proxy Statistics Endpoint
Ecosystems: maven
Packages: org.apache.pulsar:pulsar-proxy
Source: GitHub Advisory Database
Blast Radius: 8.2
Published: 2 months ago
High
GSA_kwCzR0hTQS1xbXZxLWYzZmotbTN3Z84AAa3s
OpenPGP 1.2.0 and earlier decrypts arbitrary messages
Ecosystems: npm
Packages: openpgp
Source: GitHub Advisory Database
Blast Radius: 23.3
Published: about 2 years ago
High
GSA_kwCzR0hTQS0ydjVqLXE3NHEtcjUzZs0YzQ
django-helpdesk is vulnerable to Cross-site Scripting
Ecosystems: pypi
Packages: django-helpdesk
Source: GitHub Advisory Database
Blast Radius: 12.3
Published: over 2 years ago
High
GSA_kwCzR0hTQS04NTM4LTI1djQtMjVwZ84AAv5K
XXE vulnerability in Jenkins JAPEX Plugin
Ecosystems: maven
Packages: org.jvnet.hudson.plugins:japex
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
High
GSA_kwCzR0hTQS13M2gzLTRyajctNHBoNM4AA7B3
Request smuggling leading to endpoint restriction bypass in Gunicorn
Ecosystems: pypi
Packages: gunicorn
Source: GitHub Advisory Database
Blast Radius: 44.6
Published: about 1 month ago
High
GSA_kwCzR0hTQS1ocHAyLTJjcjUtcGY2Z84AAxo9
Denial of service due to unlimited number of parts
Ecosystems: npm
Packages: @fastify/multipart
Source: GitHub Advisory Database
Blast Radius: 21.2
Published: over 1 year ago
High
GSA_kwCzR0hTQS1tbWpmLWY1anctdzcycc0bZA
Invalid handling of `X509_verify_cert()` internal errors in libssl
Ecosystems: cargo
Packages: openssl-src
Source: GitHub Advisory Database
Blast Radius: 26.7
Published: over 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJmbWYtcng4dy05MzV3
Sounder Contains Arbitrary Command Execution Vulnerability
Ecosystems: rubygems
Packages: sounder
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 6 years ago
High
GSA_kwCzR0hTQS12bXF2LTQ3ajgtZ3d2OM4AA57r
Remote Code Execution Vulnerability in Microsoft Django Backend for SQL Server
Ecosystems: pypi
Packages: mssql-django
Source: GitHub Advisory Database
Blast Radius: 18.2
Published: 2 months ago
High
GSA_kwCzR0hTQS1nMzIzLWZyOTMtNGozY83dRw
Resource leakage when decoding certificates and keys
Ecosystems: cargo
Packages: openssl-src
Source: GitHub Advisory Database
Blast Radius: 26.7
Published: about 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXY1NGYteGNtcC00M2Ny
Deserialization of Untrusted Data in Apache ShardingSphere
Ecosystems: maven
Packages: org.apache.shardingsphere:shardingsphere
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
High
GSA_kwCzR0hTQS1jNjV2LXA3MzMtOTc5Ns0Xpw
Cross-site Scripting in snipe/snipe-it
Ecosystems: packagist
Packages: snipe/snipe-it
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
High
GSA_kwCzR0hTQS1nOGZjLXZyY2ctOHZqZ84AA7BP
Constallation has pods exposed to peers in VPC
Ecosystems: go
Packages: github.com/edgelesssys/constellation/v2
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 month ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTU1ajktODQ5eC0yNmg0
Remote Code Execution in Red Discord Bot
Ecosystems: pypi
Packages: Red-DiscordBot
Source: GitHub Advisory Database
Blast Radius: 11.0
Published: over 3 years ago
High
GSA_kwCzR0hTQS14NW03LXJ3Zngtdzdxbc4AArmG
Remote Code Execution in Apache Flume
Ecosystems: maven
Packages: org.apache.flume.flume-ng-sources:flume-jms-source
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
High
GSA_kwCzR0hTQS01cTg2LTYyeHItM3I1N84AArtD
Uses of deprecated API can be used to cause DoS in user-facing endpoints
Ecosystems: go
Packages: github.com/argoproj/argo-events
Source: GitHub Advisory Database
Blast Radius: 16.7
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1wZ3c3LXd4N3ctMnczM84AArtC
ProxyAgent vulnerable to MITM
Ecosystems: npm
Packages: undici
Source: GitHub Advisory Database
Blast Radius: 38.4
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1xZzU0LTY5NHAtd2dwcM0XPQ
Regular expression denial of service vulnerability (ReDoS) in date
Ecosystems: rubygems
Packages: date
Source: GitHub Advisory Database
Blast Radius: 31.4
Published: over 2 years ago
High
GSA_kwCzR0hTQS1xODlnLTR2aGgtbXZ2bc4AArsz
Incorrect Lifetime Bounds on Closures in `rusqlite`
Ecosystems: cargo
Packages: rusqlite
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
High
GSA_kwCzR0hTQS04bWo3LXd4bWMtZjQyNM4AArsu
Use after free in Neon external buffers
Ecosystems: cargo
Packages: neon
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1qcjc3LThneDQtaDVxaM4AAv0s
MessagePack for Golang subject to DoS via Unmarshal panic
Ecosystems: go
Packages: github.com/shamaton/msgpack/v2
Source: GitHub Advisory Database
Blast Radius: 8.1
Published: over 1 year ago
High
GSA_kwCzR0hTQS00OTk5LTY1OXctbXEzNs0XMg
Authentication bypass issue in the Operator Console
Ecosystems: go
Packages: github.com/minio/console
Source: GitHub Advisory Database
Blast Radius: 15.2
Published: over 2 years ago
High
GSA_kwCzR0hTQS05cHF4LWczamgtcXBxcc4AAnAR
Dangling reference in `access::Map` with Constant
Ecosystems: cargo
Packages: arc-swap
Source: GitHub Advisory Database
Blast Radius: 29.4
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1oeGo0LTg4NWYtZ3JncM4AAmJ-
Wildfly-OpenSSL memory leak flaw
Ecosystems: maven
Packages: org.wildfly.openssl:wildfly-openssl-natives-parent
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
High
GSA_kwCzR0hTQS02Z2pmLTd3OTktajd4N80WOA
Deleted Admin Can Sign In to Admin Interface
Ecosystems: packagist
Packages: october/system, october/october
Source: GitHub Advisory Database
Blast Radius: 18.2
Published: over 2 years ago
High
GSA_kwCzR0hTQS02cmg1LTIzaHgtajQ1Ms3rtw
Improper Authorization in Jenkins Core
Ecosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS04djVwLTJjcHYtYzJ4Ns1l6A
Apache Tomcat Source Code Disclosure
Ecosystems: maven
Packages: org.apache.tomcat:tomcat
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Statistics
Advisories: 18,774
Packages: 8,381
Repositories: 2,465
Ecosystems: 12
Filter by Severity
Moderate 8,161 High 6,452 Critical 2,849 Low 1,017
Filter by Ecosystem
maven 1,876 npm 1,408 pypi 1,200 packagist 1,073 nuget 786 go 696 cargo 324 rubygems 284 swift 16 hex 9 actions 8 pub 4
Filter by Package
Microsoft.ChakraCore 234 tensorflow 107 tensorflow-cpu 95 tensorflow-gpu 93 magento/community-edition 59 org.jenkins-ci.main:jenkins-core 48 moodle/moodle 44 com.fasterxml.jackson.core:jackson-databind 43 org.apache.tomcat:tomcat 33 dolibarr/dolibarr 31 drupal/core 30 microweber/microweber 27 pimcore/pimcore 27 drupal/drupal 26 nokogiri 25 org.apache.struts:struts2-core 23 phpmyadmin/phpmyadmin 23 com.thoughtworks.xstream:xstream 22 opencv-contrib-python 22 opencv-python 22 typo3/cms 22 Pillow 21 com.jfinal:jfinal 21 ansible 20 salt 20 django 19 github.com/rancher/rancher 19 thorsten/phpmyfaq 19 typo3/cms-core 18 org.jenkins-ci.plugins:script-security 18 librenms/librenms 18 mlflow 18 Plone 17 openssl-src 17 pocketmine/pocketmine-mp 17 getgrav/grav 16 symfony/symfony 16 org.apache.tomcat.embed:tomcat-embed-core 16 apache-airflow 16 parse-server 15 rdiffweb 15 nilsteampassnet/teampass 15 Microsoft.AspNetCore.App.Runtime.win-x86 14 Microsoft.AspNetCore.App.Runtime.win-x64 14 github.com/hashicorp/consul 14 net.mingsoft:ms-mcms 14 vyper 14 centreon/centreon 14 Microsoft.AspNetCore.App.Runtime.win-arm 13 github.com/usememos/memos 13 rubygems-update 13 golang.org/x/net 13 Microsoft.AspNetCore.App.Runtime.osx-x64 12 Microsoft.AspNetCore.App.Runtime.linux-x64 12 Microsoft.AspNetCore.App.Runtime.linux-musl-x64 12 Microsoft.AspNetCore.App.Runtime.linux-arm 12 org.keycloak:keycloak-core 12 baserproject/basercms 12 Microsoft.AspNetCore.App.Runtime.linux-musl-arm64 12 org.apache.openmeetings:openmeetings-parent 12 electron 12 Microsoft.AspNetCore.App.Runtime.linux-arm64 12 activerecord 12 Microsoft.AspNetCore.App.Runtime.win-arm64 12 intelliants/subrion 11 github.com/argoproj/argo-cd 11 mautic/core 11 github.com/hashicorp/vault 11 github.com/nats-io/nats-server/v2 11 actionpack 11 org.keycloak:keycloak-parent 11 io.undertow:undertow-core 11 keystone 10 shopware/platform 10 org.springframework.security:spring-security-core 10 cobbler 10 Django 10 org.apache.nifi:nifi 10 org.xwiki.platform:xwiki-platform-oldcore 10 cockpit-hq/cockpit 10 froxlor/froxlor 10 openmage/magento-lts 10 github.com/hashicorp/nomad 10 matrix-synapse 10 org.bouncycastle:bcprov-jdk14 9 craftcms/cms 9 ckb 9 github.com/ethereum/go-ethereum 9 Microsoft.NetCore.App.Runtime.win-arm 9 org.apache.hadoop:hadoop-main 9 mercurial 9 Microsoft.NetCore.App.Runtime.win-arm64 9 org.apache.struts.xwork:xwork-core 9 org.cloudfoundry.identity:cloudfoundry-identity-server 9 Microsoft.NetCore.App.Runtime.win-x64 9 rusqlite 9 Microsoft.NetCore.App.Runtime.win-x86 9 org.apache.geode:geode-core 9 org.apache.solr:solr-core 9 laravel/framework 9 Microsoft.NETCore.App.Runtime.win-arm64 8 Microsoft.NETCore.App.Runtime.win-x64 8 gradio 8 Microsoft.NETCore.App.Runtime.win-x86 8 shopware/core 8 Microsoft.AspNetCore.App.Runtime.linux-musl-arm 8 org.bouncycastle:bcprov-jdk15 8 org.keycloak:keycloak-services 8 github.com/sylabs/singularity 8 october/system 8 cn.hutool:hutool-core 7 DotNetNuke.Core 7 tar 7 com.liferay.portal:release.portal.bom 7 snipe/snipe-it 7 apache-superset 7 com.xuxueli:xxl-job 7 strapi 7 org.elasticsearch:elasticsearch 7 deno 7 cakephp/cakephp 7 org.eclipse.jetty:jetty-server 7 symfony/security 7 phpmailer/phpmailer 7 pillow 7 org.apache.commons:commons-compress 7 magento/core 7 next 7 gogs.io/gogs 7 codeigniter4/framework 7 org.craftercms:crafter-studio 7 org.jenkins-ci.plugins.workflow:workflow-cps-global-lib 7 smarty/smarty 7 org.springframework:spring-core 7 org.jenkins-ci.plugins.workflow:workflow-cps 7 org.apache.inlong:manager-pojo 7 github.com/docker/docker 7 cryptography 6 Microsoft.NETCore.App 6 waitress 6 contao/core-bundle 6 contao/contao 6 Microsoft.AspNetCore.All 6 rack 6 sequelize 6 guzzlehttp/guzzle 6 ezsystems/ezpublish-kernel 6 github.com/hyperledger/fabric 6 @strapi/strapi 6 @openzeppelin/contracts 6 org.apache.camel:camel-core 6 opencv-python-headless 6 Microsoft.AspNetCore.App.Runtime.osx-arm64 6 opencv-contrib-python-headless 6 github.com/gravitl/netmaker 6 github.com/grafana/grafana 6 org.apache.tomcat:tomcat-coyote 6 nautobot 6 sized-chunks 6 kiwitcms 6 golang.org/x/crypto 6 org.apache.tika:tika-core 6 symfony/security-http 6 wwbn/avideo 6 prestashop/prestashop 6 npm 6 composer/composer 6 k8s.io/kubernetes 6 de.tum.in.ase:artemis-java-test-sandbox 6 express-cart 6 github.com/traefik/traefik/v2 6 github.com/zitadel/zitadel 6 istio.io/istio 6 org.apache.cxf:cxf 6 handlebars 6 org.xwiki.platform:xwiki-platform-web 5 pear/archive_tar 5 directus 5 org.apache.xmlgraphics:batik 5 phpbb/phpbb 5 zope 5 Microsoft.WindowsDesktop.App.Runtime.win-x86 5 Microsoft.WindowsDesktop.App.Runtime.win-x64 5 OPCFoundation.NetStandard.Opc.Ua.Core 5 getkirby/cms 5 org.apache.mesos:mesos 5 com.vaadin:vaadin-bom 5 ezsystems/ezpublish-legacy 5 @openzeppelin/contracts-upgradeable 5 plone 5 genix/cms 5 github.com/nats-io/jwt 5 CefSharp.Common 5 org.apache.tomcat:tomcat-catalina 5 github.com/cilium/cilium 5 forkcms/forkcms 5 serve 5 github.com/go-gitea/gitea 5 github.com/answerdev/answer 5 aubio 5
Filter by Repository
https://github.com/chakra-core/ChakraCore 204 https://github.com/tensorflow/tensorflow 107 https://github.com/xwiki/xwiki-platform 48 https://github.com/FasterXML/jackson-databind 44 https://github.com/jenkinsci/jenkins 36 https://github.com/apache/tomcat 34 https://github.com/django/django 26 https://github.com/python-pillow/Pillow 26 https://github.com/apache/airflow 25 https://github.com/pimcore/pimcore 25 https://github.com/microweber/microweber 25 https://github.com/moodle/moodle 24 https://github.com/keycloak/keycloak 22 https://github.com/apache/struts 22 https://github.com/x-stream/xstream 22 https://github.com/opencv/opencv 21 https://github.com/sparklemotion/nokogiri 20 https://github.com/Dolibarr/dolibarr 19 https://github.com/thorsten/phpmyfaq 18 https://github.com/pmmp/PocketMine-MP 17 https://github.com/dotnet/runtime 17 https://github.com/rancher/rancher 16 https://github.com/spring-projects/spring-framework 16 https://github.com/symfony/symfony 16 https://github.com/ansible/ansible 15 https://github.com/ikus060/rdiffweb 15 https://github.com/parse-community/parse-server 15 https://github.com/github/advisory-database 14 https://github.com/apache/inlong 14 https://github.com/librenms/librenms 14 https://github.com/vyperlang/vyper 14 https://github.com/getgrav/grav 14 https://github.com/mlflow/mlflow 13 https://github.com/usememos/memos 13 https://github.com/jenkinsci/script-security-plugin 13 https://github.com/rails/rails 12 https://github.com/hashicorp/consul 11 https://github.com/mautic/mautic 11 https://github.com/electron/electron 11 https://github.com/apache/nifi 11 https://github.com/centreon/centreon 10 https://github.com/OpenMage/magento-lts 10 https://github.com/go-gitea/gitea 10 https://github.com/argoproj/argo-cd 10 https://github.com/octobercms/october 10 https://github.com/strapi/strapi 9 https://github.com/golang/go 9 https://github.com/cui2shark/cms 9 https://github.com/openstack/keystone 9 https://github.com/rusqlite/rusqlite 9 https://github.com/apache/camel 9 https://github.com/cloudfoundry/uaa 9 https://github.com/nilsteampassnet/teampass 9 https://github.com/kubernetes/kubernetes 9 https://github.com/nervosnetwork/ckb 9 https://github.com/TYPO3/TYPO3.CMS 8 https://github.com/cobbler/cobbler 8 https://github.com/gradio-app/gradio 8 https://github.com/cockpit-hq/cockpit 8 https://github.com/nats-io/nats-server 8 https://github.com/denoland/deno 8 https://github.com/bcgit/bc-java 8 https://github.com/matrix-org/synapse 8 https://github.com/shopware/platform 8 https://github.com/netty/netty 7 https://github.com/dotnet/aspnetcore 7 https://github.com/PHPMailer/PHPMailer 7 https://github.com/eclipse/jetty.project 7 https://github.com/spring-projects/spring-security 7 https://github.com/undertow-io/undertow 7 https://github.com/snipe/snipe-it 7 https://github.com/hashicorp/vault 7 https://github.com/laravel/framework 7 https://github.com/rubygems/rubygems 7 https://github.com/DSpace/DSpace 7 https://github.com/apache/activemq 7 https://github.com/plone/Products.CMFPlone 7 https://github.com/apache/cxf 7 https://github.com/nautobot/nautobot 6 https://github.com/DrunkenShells/Disclosures 6 https://github.com/istio/istio 6 https://github.com/PaddlePaddle/Paddle 6 https://github.com/hyperledger/fabric 6 https://github.com/OpenNMS/opennms 6 https://github.com/intelliants/subrion 6 https://github.com/smarty-php/smarty 6 https://github.com/pyca/cryptography 6 https://github.com/CVEProject/cvelist 6 https://github.com/xuxueli/xxl-job 6 https://github.com/saltstack/salt 6 https://github.com/TYPO3/typo3 6 https://github.com/guzzle/guzzle 6 https://github.com/sequelize/sequelize 6 https://github.com/kiwitcms/Kiwi 6 https://github.com/contao/contao 6 https://github.com/bodil/sized-chunks 6 https://github.com/dnnsoftware/Dnn.Platform 6 https://github.com/phpmyadmin/phpmyadmin 6 https://github.com/dromara/hutool 6 https://github.com/gravitl/netmaker 6 https://github.com/zitadel/zitadel 6 https://github.com/OpenZeppelin/openzeppelin-contracts 6 https://github.com/Pylons/waitress 6 https://github.com/ls1intum/Ares 6 https://github.com/magento/magento2 6 https://github.com/npm/node-tar 6 https://github.com/OPCFoundation/UA-.NETStandard 6 https://github.com/nilsteampassnet/TeamPass 6 https://github.com/WWBN/AVideo 6 https://github.com/backstage/backstage 6 https://github.com/opencast/opencast 6 https://github.com/froxlor/froxlor 6 https://github.com/ethereum/go-ethereum 5 https://github.com/hpcng/singularity 5 https://github.com/cilium/cilium 5 https://github.com/apache/hadoop 5 https://github.com/drupal/core 5 https://github.com/getkirby/kirby 5 https://github.com/PrestaShop/PrestaShop 5 https://github.com/directus/directus 5 https://github.com/forkcms/forkcms 5 https://github.com/composer/composer 5 https://github.com/pear/Archive_Tar 5 https://github.com/zopefoundation/Zope 5 https://github.com/geoserver/geoserver 5 https://github.com/vercel/next.js 5 https://github.com/aubio/aubio 5 https://github.com/BlackFan/client-side-prototype-pollution 5 https://github.com/gogs/gogs 5 https://github.com/answerdev/answer 5 https://github.com/docker/docker 5 https://github.com/apache/xmlgraphics-batik 5 https://github.com/traefik/traefik 5 https://github.com/codeigniter4/CodeIgniter4 5 https://github.com/cakephp/cakephp 5 https://github.com/matrix-org/matrix-js-sdk 5 https://github.com/twisted/twisted 5 https://github.com/apache/kylin 5 https://github.com/apache/dolphinscheduler 5 https://github.com/protocolbuffers/protobuf 5 https://github.com/cefsharp/CefSharp 5 https://github.com/grafana/grafana 5 https://github.com/IBAX-io/go-ibax 5 https://github.com/faisalman/ua-parser-js 5 https://github.com/ericcornelissen/shescape 4 https://github.com/jenkinsci/workflow-cps-global-lib-plugin 4 https://github.com/playframework/playframework 4 https://github.com/containers/podman 4 https://github.com/tidwall/gjson 4 https://github.com/jettison-json/jettison 4 https://github.com/vantage6/vantage6 4 https://github.com/fiveai/Cachet 4 https://github.com/kubernetes/ingress-nginx 4 https://github.com/apache/geode 4 https://github.com/yiisoft/yii2 4 https://github.com/totaljs/framework 4 https://github.com/bolt/bolt 4 https://github.com/phpseclib/phpseclib 4 https://github.com/opencontainers/runc 4 https://github.com/apple/swift-nio-http2 4 https://github.com/scrapy/scrapy 4 https://github.com/PrismJS/prism 4 https://github.com/free5gc/free5gc 4 https://github.com/Codiad/Codiad 4 https://github.com/0xJacky/nginx-ui 4 https://github.com/hashicorp/nomad 4 https://github.com/nocodb/nocodb 4 https://github.com/containers/buildah 4 https://github.com/quarkusio/quarkus 4 https://github.com/livehelperchat/livehelperchat 4 https://github.com/baserproject/basercms 4 https://github.com/ethyca/fides 4 https://github.com/pgadmin-org/pgadmin4 4 https://github.com/wixtoolset/issues 4 https://github.com/pimcore/admin-ui-classic-bundle 4 https://github.com/cri-o/cri-o 4 https://github.com/igniterealtime/Openfire 4 https://github.com/RaspAP/raspap-webgui 4 https://github.com/ckeditor/ckeditor4 4 https://github.com/npm/cli 4 https://github.com/cloudflare/cfrpki 4 https://github.com/libp2p/go-libp2p 4 https://github.com/statamic/cms 4 https://github.com/centreon/centreon-archived 4 https://github.com/surrealdb/surrealdb 4 https://github.com/restlet/restlet-framework-java 4 https://github.com/jnqnfe/pulse-binding-rust 4 https://github.com/Froxlor/Froxlor 4 https://github.com/nightcloudos/new_cms 4 https://github.com/jhipster/generator-jhipster 4 https://github.com/ezsystems/ezpublish-legacy 4 https://github.com/jeecgboot/jeecg-boot 4 https://github.com/jfhbrook/node-ecstatic 3 https://github.com/dpgaspar/Flask-AppBuilder 3 https://github.com/phusion/passenger 3 https://github.com/grpc/grpc 3 https://github.com/jupyterhub/oauthenticator 3 https://gitlab.com/edneville/please 3 https://github.com/edgelesssys/constellation 3