Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Moderate Security Advisories

Loading...
Moderate
GSA_kwCzR0hTQS03OHZ2LXFqNzMtaDltNc32LQ
Improper Restriction of Recursive Entity References in DTDs in Apache POI
Ecosystems: maven
Packages: org.apache.poi:poi
Source: GitHub Advisory Database
Blast Radius: 26.8
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS14Mmg4LXFtajQtZzYyZs4AA6Fh
ROTP 6.2.2 and 6.2.1 has 0666 permissions for the .rb files.
Ecosystems: rubygems
Packages: rotp
Source: GitHub Advisory Database
Blast Radius: 18.5
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS1qM21qLWZocHEtcXFqas0osQ
Reachable Assertion in Tensorflow
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 31.6
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS0zamNxLWN3cjctNjMzMs4AAecE
jplayer Cross Site Scripting vulnerability
Ecosystems: npm
Packages: jplayer
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS14MzJtLW12ZmotNTJ4ds4AA6Fg
Bypassing Brute Force Protection via Application Crash and In-Memory Data Loss
Ecosystems: go
Packages: github.com/argoproj/argo-cd/v2
Source: GitHub Advisory Database
Blast Radius: 11.7
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS1wNWhyLXJmNnctM3Z2aM4AAu_S
CSRF vulnerability and mM
Ecosystems: maven
Packages: org.jenkins-ci.plugins:ws-execution-manager
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS02ODN3LTg0bTctcDhwd84AAePK
Plone User account enumeration via crafted URL
Ecosystems: pypi
Packages: plone
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1yaGNnLXJ3aHgtcWozas4AATUm
Improper Limitation of a Pathname to a Restricted Directory in Spring Framework
Ecosystems: maven
Packages: org.springframework:spring-core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS04cDhxLXd2eHgtanE5NM0sJw
Missing permission check in Jenkins SWAMP Plugin allows capturing credentials
Ecosystems: maven
Packages: org.continuousassurance.swamp.jenkins:swamp
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWZmdzMtNm1wNi1qbXZq
Improper Access Control in Apache Airflow
Ecosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Blast Radius: 20.7
Published: about 3 years ago
Moderate
GSA_kwCzR0hTQS1tcmNqLTVxeHItdmhwMs4AA0Jz
angular-ui-notification Cross-site Scripting vulnerability
Ecosystems: npm
Packages: angular-ui-notification
Source: GitHub Advisory Database
Blast Radius: 16.1
Published: 11 months ago
Moderate
GSA_kwCzR0hTQS04Z2NnLXZ3bXctcnhqNM4AAw3a
Flarum notifications can leak restricted content
Ecosystems: packagist
Packages: flarum/core
Source: GitHub Advisory Database
Blast Radius: 21.2
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1wbWM3LWhtbXctZzk2cc4AA5_Z
Bagisto vulnerable to Insecure Direct Object Reference (IDOR)
Ecosystems: packagist
Packages: bagisto/bagisto
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS1mOTh3LTdjeHItZmYyaM4AA6Ra
KaTeX's `\includegraphics` does not escape filename
Ecosystems: npm
Packages: katex
Source: GitHub Advisory Database
Blast Radius: 27.5
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS0ycXhwLXhteDYtY3E0Zs4AAxel
Cross-Site Request Forgery (CSRF) in wallabag/wallabag
Ecosystems: packagist
Packages: wallabag/wallabag
Source: GitHub Advisory Database
Blast Radius: 4.5
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS12M2Y3LWo5NjgtNGg1Zs0oaw
Division by zero in Tensorflow
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 31.6
Published: over 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWNqOTItYzRmai13OWM1
Mail Gem Path Traversal vulnerability
Ecosystems: rubygems
Packages: mail
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 6 years ago
Moderate
GSA_kwCzR0hTQS03NTkyLTkzcm0tNmdweM3mbg
Injection in Jenkins
Ecosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWZoMzktdjczMy1teGZy
Active Record vulnerable to SQL Injection via nested query parameters
Ecosystems: rubygems
Packages: activerecord
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 6 years ago
Moderate
GSA_kwCzR0hTQS1nbWY1LXEzNHYtdnd2cM4AAv6h
Cross-site Scripting in Zenario
Ecosystems: packagist
Packages: tribalsystems/zenario
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1mNzY4LThwdnEtbW02cs0oDA
Dolibarr vulnerable to Improper Validation of Specified Quantity in Input
Ecosystems: packagist
Packages: dolibarr/dolibarr
Source: GitHub Advisory Database
Blast Radius: 3.3
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS04ODJqLTR2ajUtN3Ztas4AA6O1
Cache Poisoning Vulnerability
Ecosystems: npm
Packages: translate
Source: GitHub Advisory Database
Blast Radius: 13.9
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS1ycnA0LTJ4eDMtbXYyOc0n7w
Command injection in gh-ost
Ecosystems: go
Packages: github.com/github/gh-ost
Source: GitHub Advisory Database
Blast Radius: 8.2
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1ycjZyLXA3cnctMzY5Y84AATfz
Session Fixation in Jenkins
Ecosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS14Z2o0LTJocmYtajR4Z84AA6Mj
Cross-site scripting in Survey Creator
Ecosystems: npm
Packages: survey-creator
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS14NjM3LXg4cDMtNXAyMs4AA6Jm
Improper Authentication in Spring Authorization Server
Ecosystems: maven
Packages: org.springframework.security:spring-security-oauth2-authorization-server
Source: GitHub Advisory Database
Blast Radius: 17.5
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS14d2M4LXJmNm0teHI4Ns4AA0KS
hnswlib Double Free vulnerability
Ecosystems: pypi
Packages: hnswlib
Source: GitHub Advisory Database
Blast Radius: 21.8
Published: 11 months ago
Moderate
GSA_kwCzR0hTQS05bWM2LXZnbXEteDZ4Zs4AAu-i
Lack of authentication mechanism in Jenkins DotCi Plugin webhook
Ecosystems: maven
Packages: com.groupon.jenkins-ci.plugins:DotCi
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS03eDIyLXBtdzUtNjZtcc0l8w
Cross-site Scripting in showdoc
Ecosystems: packagist
Packages: showdoc/showdoc
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1tdmY2LWh3eGgtN3Y3Ns4AA6Eg
Information leakage in YAQL
Ecosystems: pypi
Packages: yaql
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS14M2czLWpoMjYtNzZjZs0m0g
Cross-site Scripting in livehelperchat
Ecosystems: packagist
Packages: remdex/livehelperchat
Source: GitHub Advisory Database
Blast Radius: 4.5
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS01dmNjLTg2d20tNTQ3cc4AA6DQ
Improper Privilege Management in djangorestframework-simplejwt
Ecosystems: pypi
Packages: djangorestframework-simplejwt
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS1jbWc4LTVjNjMtcGc5Nc4AAVE7
OpenStack Dashboard (aka Horizon) vulnerable to Cross-site Scripting
Ecosystems: pypi
Packages: horizon
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS12OThoLXJ2N2otaGY2as4AAivC
Jenkins Google Compute Engine Plugin Missing Authorization vulnerability
Ecosystems: maven
Packages: org.jenkins-ci.plugins:google-compute-engine
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS03eDJjLWZneDYteGY5aM4AA0OS
1Panel vulnerable to command injection when entering the container terminal
Ecosystems: go
Packages: github.com/1Panel-dev/1Panel
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 11 months ago
Moderate
GSA_kwCzR0hTQS1wcjJtLXB4N2oteGc2Nc4AA584
aiosmtpd vulnerable to SMTP smuggling
Ecosystems: pypi
Packages: aiosmtpd
Source: GitHub Advisory Database
Blast Radius: 13.2
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS1nY3Y5LTY3MzctcGpxd80mTg
SSRF vulnerability in jupyter-server-proxy
Ecosystems: pypi
Packages: jupyter-server-proxy
Source: GitHub Advisory Database
Blast Radius: 16.8
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS02NG1jLTJtOXAtMjNjOM4AAdTR
Jenkins allows remote authenticated users to bypass intended restrictions and create or destroy arbitrary jobs
Ecosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS03ZjRqLTY0cDYtNWg1ds4AA7BQ
Traefik affected by HTTP/2 CONTINUATION flood in net/http
Ecosystems: go
Packages: github.com/traefik/traefik/v3, github.com/traefik/traefik/v2
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS1xNzNmLXZqYzItM2dxZs4AAdFH
OpenStack Image Service (Glance) allows remote authenticated users to read arbitrary file
Ecosystems: pypi
Packages: glance
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWhxcXYtOXgzdi1tcDd3
Privilege Escalation Flaw in Elasticsearch
Ecosystems: maven
Packages: org.elasticsearch:elasticsearch
Source: GitHub Advisory Database
Blast Radius: 37.6
Published: about 3 years ago
Moderate
GSA_kwCzR0hTQS1yN3BqLXJ2d2ctdnhocs4AAehJ
OpenStack Image Registry and Delivery Service (Glance) Improper Input Validation vulnerability
Ecosystems: pypi
Packages: glance
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1nOXdnLTk4YzItcXYzds4AA6-z
TCPDF Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: tecnickcom/tcpdf
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS01aDN4LTZnd2YtNzNqbc4AA6B2
vantage6 vulnerable to a username timing attack on recover password/MFA token
Ecosystems: pypi
Packages: vantage6
Source: GitHub Advisory Database
Blast Radius: 5.1
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS02NnZqLTM5M2YtaHhmds4AAdk9
OpenStack Swift Cross-site Scriping vulnerability
Ecosystems: pypi
Packages: swift
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS00OTQ2LTg1cHItZnZ4aM4AA6B1
vantage6's CORS settings overly permissive
Ecosystems: pypi
Packages: vantage6
Source: GitHub Advisory Database
Blast Radius: 4.0
Published: 2 months ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTYzOTQtNmg5aC1jZmpn
Regular Expression Denial of Service
Ecosystems: npm
Packages: nwmatcher
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 5 years ago
Moderate
GSA_kwCzR0hTQS05OHA0LXhqbW0tOG1maM4AA7Bc
gix-transport indirect code execution via malicious username
Ecosystems: cargo
Packages: gitoxide, gix, gix-transport
Source: GitHub Advisory Database
Blast Radius: 14.0
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS13eDhxLTRnbTktcmoyZ84AA6B0
Fluid vulnerable to OS Command Injection for Fluid Users with JuicefsRuntime
Ecosystems: go
Packages: github.com/fluid-cloudnative/fluid
Source: GitHub Advisory Database
Blast Radius: 1.9
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS1nNjIzLWpjZ2ctbWhtbc4AA6Bz
Users with `create` but not `override` privileges can perform local sync
Ecosystems: go
Packages: github.com/argoproj/argo-cd/v2, github.com/argoproj/argo-cd
Source: GitHub Advisory Database
Blast Radius: 13.9
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS1yNW0yLWc1Z2MtcTQzcs4AAdTe
Jenkins Denial of Service vulnerability
Ecosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1nNjZxLWdyeGMtNjRqM84AAWk9
Cross-site Scripting in JavaMelody
Ecosystems: maven
Packages: net.bull.javamelody:javamelody-core
Source: GitHub Advisory Database
Blast Radius: 17.4
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1qcDd2LTM1ODctMjk1Ns4AAxfm
Credential disclosure in syft when SYFT_ATTEST_PASSWORD environment variable set
Ecosystems: go
Packages: github.com/anchore/syft
Source: GitHub Advisory Database
Blast Radius: 14.6
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1naDI3LTM4cDUtbXJ4Y83oyA
Improper Control of Generation of Code in Apache Kafka
Ecosystems: maven
Packages: org.apache.kafka:kafka
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLThoODQtOGo0Zi1wOTdx
Injection in bodymen
Ecosystems: npm
Packages: bodymen
Source: GitHub Advisory Database
Blast Radius: 14.6
Published: about 3 years ago
Moderate
GSA_kwCzR0hTQS00NDUzLWcyOTUtMjRtaM4AAs5Q
Cross site scripting in Elefant CMS
Ecosystems: packagist
Packages: elefant/cms
Source: GitHub Advisory Database
Blast Radius: 3.3
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS0zanA2LXE5Y2ctcnZnas4AAu-c
Missing permission check in Jenkins build-publisher Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:build-publisher
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1ndnBnLXZnbXgteGc2d84AA5M9
Denial of Service in Connect2id Nimbus JOSE+JWT
Ecosystems: maven
Packages: com.nimbusds:nimbus-jose-jwt
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS14d2o3LTI5ajctcnc3Ns4AAs5R
Cross site scripting in Elefant CMS
Ecosystems: packagist
Packages: elefant/cms
Source: GitHub Advisory Database
Blast Radius: 3.7
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS05Zm1nLTg5ZngtcjMzd84AAtB0
Quadratic blowup in Convert::xml2array()
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 23.6
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS03ZjdnLThxM3gtanB4Oc4AAs5A
Cross site scripting in Elefant CMS
Ecosystems: packagist
Packages: elefant/cms
Source: GitHub Advisory Database
Blast Radius: 3.3
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1wMzdwLXdnOTItMmZjNM4AAu-P
Missing permission checks in Jenkins CONS3RT Plugin allow enumerating credentials IDs
Ecosystems: maven
Packages: org.jenkins-ci.plugins:cons3rt
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1oNTc0LTY2NDYtdmZ4eM4AA6AB
Apache Airflow: Ignored Airflow Permission
Ecosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS00Mnh3LXA2MngtaHdjZs3oxA
Improper Access Control in Apache Derby
Ecosystems: maven
Packages: org.apache.derby:derby
Source: GitHub Advisory Database
Blast Radius: 23.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1qMnhxLXBmZmYtbXZnZ84AATB3
Loop with Unreachable Exit Condition in Apache PDFBox
Ecosystems: maven
Packages: org.apache.pdfbox:pdfbox
Source: GitHub Advisory Database
Blast Radius: 25.9
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1tMzZ4LW1nZmgtOGc3OM0l_w
Subdomain Takeover in Interactsh server
Ecosystems: go
Packages: github.com/projectdiscovery/interactsh
Source: GitHub Advisory Database
Blast Radius: 12.4
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS12aHFyLTNncjItN3B4Oc4AAU4H
Subrion CMS Cross-site Scripting
Ecosystems: packagist
Packages: intelliants/subrion
Source: GitHub Advisory Database
Blast Radius: 3.7
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS04NDc3LTN2MzktZ2dwbc3mcQ
Improper Validation of Integrity Check Value in Bouncy Castle
Ecosystems: maven
Packages: org.bouncycastle:bcprov-jdk15on
Source: GitHub Advisory Database
Blast Radius: 18.8
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS13amc4LXB4cWotYzNjN84AA0TB
Artesãos SEOTools Open Redirect vulnerability
Ecosystems: packagist
Packages: artesaos/seotools
Source: GitHub Advisory Database
Blast Radius: 17.6
Published: 11 months ago
Moderate
GSA_kwCzR0hTQS12cHFtLTg4YzQteDRjds4AARKl
Exposure of Sensitive Information to an Unauthorized Actor in Elasticsearch
Ecosystems: maven
Packages: org.elasticsearch:elasticsearch
Source: GitHub Advisory Database
Blast Radius: 27.7
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS03OWd4LTNmbTgtcXhxcc4AAwCx
Microweber vulnerable to cross-site scripting (XSS)
Ecosystems: packagist
Packages: microweber/microweber
Source: GitHub Advisory Database
Blast Radius: 4.3
Published: over 1 year ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWdyNDQtN2dyYy0zN3Zx
ActiveRecord vulnerable to modification of protected model attributes
Ecosystems: rubygems
Packages: activerecord
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 6 years ago
Moderate
GSA_kwCzR0hTQS02cjZoLXZoZzctNTN4N84AAoKy
Cross Site Scripting (XSS) in LavaLite 5.8.0
Ecosystems: packagist
Packages: lavalite/cms
Source: GitHub Advisory Database
Blast Radius: 3.3
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS02NGc3LW12dzYtdjlxas0jWA
Improper Privilege Management in shelljs
Ecosystems: npm
Packages: shelljs
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS00Zmd2LTg0NDgtZ2Y4Ms4AA0Rf
Zinc Cross-site Scripting vulnerability
Ecosystems: go
Packages: github.com/zinclabs/zinc, github.com/zincsearch/zincsearch
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 11 months ago
Moderate
GSA_kwCzR0hTQS0zd3h4LWp4d2MtbWczOc4AAxgh
bottlerocket dependency openssl has a double free vulnerability
Ecosystems: cargo
Packages: bottlerocket/update-operator
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1qODU5LXBtcnEtOXE2Y84AAxgi
bottlerocket dependency openssl has a double free vulnerability
Ecosystems: cargo
Packages: bottlerocket/update-operator
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1maGZoLTZjamctNTdyZ80sQg
Jenkins Snow Commander Plugin 2.0 vulnerable to Cross-Site Request Forgery
Ecosystems: maven
Packages: io.jenkins.plugins:embotics-vcommander
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1tNWN3LWM2NHAtNzdoNs06pQ
CSRF vulnerability in Jenkins Subversion Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:subversion
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1wajM0LWZwdzMtODNxas4AAxgg
bottlerocket dependency openssl is vulnerable to read buffer overflow via X.509 verification
Ecosystems: cargo
Packages: bottlerocket/update-operator
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1nODVyLTZ4MnEtNDV3N84AA7Bf
SixLabors.ImageSharp vulnerable to Memory Allocation with Excessive Size Value
Ecosystems: nuget
Packages: SixLabors.ImageSharp
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS02dmZjLXF2M2YtdnI2Y80hTA
Uncontrolled Resource Consumption in markdown-it
Ecosystems: npm
Packages: markdown-it
Source: GitHub Advisory Database
Blast Radius: 28.2
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1jZjRnLWZjZjgtM2NyOc4AAxgf
`pnet_packet` buffer overrun in `set_payload` setters
Ecosystems: cargo
Packages: pnet_packet
Source: GitHub Advisory Database
Blast Radius: 16.4
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS0zNGZwLXh2eHAtcmcyMs4AAdIM
Apache ActiveMQ default configuration subject to denial of service
Ecosystems: maven
Packages: org.apache.activemq:activemq-web-demo, org.apache.activemq:apache-activemq
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS13NTI1LXc5M2otcnhnbc4AATvK
Improper Neutralization of Input During Web Page Generation in Apache ActiveMQ
Ecosystems: maven
Packages: org.apache.activemq:activemq-client
Source: GitHub Advisory Database
Blast Radius: 23.2
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1jMzN2LTIzcngtN3FxY84AAhkm
Magento 2 Community Edition IDOR Vulnerability
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 5.7
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1tdjVjLTcyNGYtM2ZxN80sLw
Stored Cross-site Scripting vulnerability in Jenkins Team Views Plugin
Ecosystems: maven
Packages: com.sonymobile.jenkins.plugins.teamviews:team-views
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS04cmNxLXA0Z2gtdm1qOM4AATvJ
Improper Neutralization of Input During Web Page Generation in Apache ActiveMQ
Ecosystems: maven
Packages: org.apache.activemq:activemq-client
Source: GitHub Advisory Database
Blast Radius: 20.6
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS01M2p4LXZ2ZjktNHgzOM4AAxhX
StaticHandler disclosure of classpath resources on Windows when mounted on a wildcard route
Ecosystems: maven
Packages: io.vertx:vertx-web
Source: GitHub Advisory Database
Blast Radius: 18.4
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS01amc0LXA3OHItcDVqM84AATij
Improper Neutralization of Input During Web Page Generation Apache ActiveMQ
Ecosystems: maven
Packages: org.apache.activemq:activemq-client
Source: GitHub Advisory Database
Blast Radius: 23.2
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1xNjU2LWcyeDMtOGNnaM0hHQ
Kylin can receive user input and load any class through Class.forName(...).
Ecosystems: maven
Packages: org.apache.kylin:kylin
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS13anhqLTVtN2ctbWc3cc4AA3WZ
Bouncy Castle Denial of Service (DoS)
Ecosystems: maven
Packages: org.bouncycastle:bcprov-jdk15on, org.bouncycastle:bcprov-jdk16, org.bouncycastle:bcprov-jdk15to18, org.bouncycastle:bcprov-jdk15, org.bouncycastle:bcprov-jdk14, org.bouncycastle:bcprov-ext-jdk16, org.bouncycastle:bcprov-ext-jdk15on, org.bouncycastle:bcpkix-jdk18on, org.bouncycastle:bcprov-jdk18on
Source: GitHub Advisory Database
Blast Radius: 23.5
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS1tYzkyLWM4NTktanI2Ns02nQ
Path traversal vulnerability on Windows in Jenkins Continuous Integration with Toad Edge Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:ci-with-toad-edge
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1xNzg3LXFndzItajJxZs02nA
Stored Cross-site Scripting vulnerability in Jenkins Tests Selector Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:selected-tests-executor
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS0zcjV4LXg2eGYtbThmds02lw
Arbitrary file read vulnerability in Jenkins Tests Selector Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:selected-tests-executor
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTgzcngtYzhjci02ajhx
Insecure Default Configuration in tesseract.js
Ecosystems: npm
Packages: tesseract.js
Source: GitHub Advisory Database
Blast Radius: 19.7
Published: almost 5 years ago
Moderate
GSA_kwCzR0hTQS05aGNqLTQ0OXYtOTIzNM02sQ
CSRF vulnerability in Jenkins Job and Node ownership Plugin
Ecosystems: maven
Packages: com.synopsys.jenkinsci:ownership
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXhncngteHB2Mi02dnA0
Improper Authentication in Apache ActiveMQ
Ecosystems: maven
Packages: org.apache.activemq:activemq-parent
Source: GitHub Advisory Database
Blast Radius: 5.6
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS01NDI5LXBqd3ctNzY3Nc0hHA
SQL Injection in Apache Kylin
Ecosystems: maven
Packages: org.apache.kylin:kylin
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS03andoLTN2cnEtcTNtOM4AA5wG
pgproto3 SQL Injection via Protocol Message Size Overflow
Ecosystems: go
Packages: github.com/jackc/pgx/v5, github.com/jackc/pgx/v4, github.com/jackc/pgproto3/v2, github.com/jackc/pgproto3
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 months ago
Statistics
Advisories: 18,774
Packages: 8,381
Repositories: 2,494
Ecosystems: 12
Filter by Severity
Moderate 8,161 High 6,452 Critical 2,849 Low 1,017
Filter by Ecosystem
maven 2,589 packagist 2,256 pypi 1,820 npm 1,067 go 899 nuget 567 rubygems 373 cargo 262 hex 14 swift 12 pub 3 actions 3
Filter by Package
moodle/moodle 247 tensorflow 207 tensorflow-cpu 191 tensorflow-gpu 190 org.jenkins-ci.main:jenkins-core 114 magento/community-edition 106 org.apache.tomcat:tomcat 92 pimcore/pimcore 86 typo3/cms 66 microweber/microweber 62 django 54 typo3/cms-core 54 dolibarr/dolibarr 53 apache-airflow 52 phpmyadmin/phpmyadmin 50 drupal/core 46 thorsten/phpmyfaq 45 github.com/usememos/memos 42 actionpack 42 apache-superset 40 drupal/drupal 38 plone 35 concrete5/concrete5 34 showdoc/showdoc 34 github.com/grafana/grafana 33 Plone 32 librenms/librenms 32 ansible 31 nova 31 org.keycloak:keycloak-core 31 github.com/mattermost/mattermost-server/v6 30 moin 27 github.com/mattermost/mattermost/server/v8 27 intelliants/subrion 27 symfony/symfony 27 craftcms/cms 26 silverstripe/framework 25 com.liferay.portal:release.portal.bom 25 snipe/snipe-it 24 org.elasticsearch:elasticsearch 24 baserproject/basercms 22 github.com/answerdev/answer 21 org.apache.struts:struts2-core 20 k8s.io/kubernetes 20 grumpydictator/firefly-iii 19 shopware/platform 18 shopware/shopware 18 rdiffweb 18 froxlor/froxlor 18 matrix-synapse 18 remdex/livehelperchat 18 mediawiki/core 18 nilsteampassnet/teampass 18 getkirby/cms 17 keystone 17 org.apache.tomcat.embed:tomcat-embed-core 16 prestashop/prestashop 15 github.com/argoproj/argo-cd/v2 15 vyper 15 tribalsystems/zenario 14 puppet 14 Django 14 salt 14 glance 14 nokogiri 14 yetiforce/yetiforce-crm 14 mautic/core 13 org.keycloak:keycloak-services 13 forkcms/forkcms 13 org.xwiki.platform:xwiki-platform-oldcore 13 github.com/docker/docker 13 io.undertow:undertow-core 13 Pillow 13 com.jfinal:jfinal 13 shopware/core 13 tinymce 12 github.com/goharbor/harbor 12 org.apache.solr:solr-core 12 github.com/hashicorp/consul 12 org.apache.jspwiki:jspwiki-main 12 com.thoughtworks.xstream:xstream 12 neutron 12 github.com/hashicorp/vault 12 github.com/hashicorp/nomad 11 lavalite/cms 11 DotNetNuke.Core 11 pyftpdlib 11 feehi/feehicms 11 github.com/cilium/cilium 11 genix/cms 11 org.bouncycastle:bcprov-jdk14 11 getgrav/grav 11 github.com/argoproj/argo-cd 11 directus 11 org.keycloak:keycloak-parent 11 @openzeppelin/contracts 10 org.eclipse.jetty:jetty-server 10 notebook 10 github.com/ethereum/go-ethereum 10 ec-cube/ec-cube 10 rack 10 org.springframework.security:spring-security-core 10 github.com/greenpau/caddy-security 10 org.bouncycastle:bcprov-jdk15on 10 fat_free_crm 10 github.com/mattermost/mattermost-server 10 @openzeppelin/contracts-upgradeable 10 contao/core-bundle 10 org.apache.jspwiki:jspwiki-war 10 org.apache.nifi:nifi 10 wallabag/wallabag 10 francoisjacquet/rosariosis 10 com.vaadin:vaadin-bom 10 typo3/cms-backend 10 activesupport 10 joplin 10 github.com/containerd/containerd 10 org.springframework:spring-core 10 PaddlePaddle 10 helm.sh/helm/v3 10 swagger-ui 9 roundup 9 TinyMCE 9 org.igniterealtime.openfire:parent 9 org.mortbay.jetty:jetty 9 cakephp/cakephp 9 org.jenkins-ci.plugins:git 9 org.opencrx:opencrx-core-models 9 ghost 9 zendframework/zendframework1 9 gogs.io/gogs 9 angular 9 bolt/bolt 9 publify_core 9 rubygems-update 9 org.jenkins-ci.plugins:script-security 9 horizon 9 ckeditor4 9 tinymce/tinymce 9 code.gitea.io/gitea 9 github.com/openfga/openfga 8 org.apache.activemq:activemq-client 8 wasmtime 8 org.apache.archiva:archiva 8 electron 8 simplesamlphp/simplesamlphp 8 rails-html-sanitizer 8 jquery-rails 8 github.com/kubeedge/kubeedge 8 opencv-python 8 bootstrap 8 org.opencms:opencms-core 8 laravel/framework 8 org.jenkins-ci.plugins:electricflow 8 editor.md 8 rails 8 sylius/sylius 8 contao/contao 8 silverstripe/cms 8 centreon/centreon 8 opencv-contrib-python 8 Microsoft.ChakraCore 8 impresscms/impresscms 8 actionview 8 io.jenkins:configuration-as-code 7 github.com/moby/moby 7 modoboa 7 com.vaadin:flow-server 7 pyload-ng 7 silverstripe/admin 7 trytond 7 phpbb/phpbb 7 admidio/admidio 7 aiohttp 7 validator 7 org.apache.cxf:cxf-core 7 org.opennms:opennms 7 kevinpapst/kimai2 7 io.jenkins.blueocean:blueocean 7 pillow 7 wagtail 7 org.apache.santuario:xmlsec 7 org.bouncycastle:bcprov-jdk15 7 jquery-ui 7 jquery-ui-rails 7 org.bouncycastle:bcprov-jdk15to18 7 org.webjars.npm:jquery-ui 7 jQuery.UI.Combined 7 github.com/google/fscrypt 7 org.owasp.antisamy:antisamy 7 org.jenkins-ci.plugins:subversion 7 phpmyfaq/phpmyfaq 7 activerecord 7 next 7 org.jenkins-ci.plugins:email-ext 7 OctoPrint 7 org.apache.james:james-server 7 github.com/1Panel-dev/1Panel 7 swift 7 vantage6 7
Filter by Repository
https://github.com/tensorflow/tensorflow 207 https://github.com/moodle/moodle 164 https://github.com/jenkinsci/jenkins 90 https://github.com/pimcore/pimcore 83 https://github.com/microweber/microweber 58 https://github.com/django/django 56 https://github.com/apache/tomcat 53 https://github.com/apache/airflow 51 https://github.com/thorsten/phpmyfaq 45 https://github.com/usememos/memos 42 https://github.com/xwiki/xwiki-platform 38 https://github.com/TYPO3/typo3 35 https://github.com/kubernetes/kubernetes 33 https://github.com/rails/rails 33 https://github.com/star7th/showdoc 32 https://github.com/librenms/librenms 30 https://github.com/plone/Products.CMFPlone 29 https://github.com/grafana/grafana 29 https://github.com/keycloak/keycloak 27 https://github.com/ansible/ansible 26 https://github.com/phpmyadmin/phpmyadmin 22 https://github.com/symfony/symfony 22 https://github.com/spring-projects/spring-framework 21 https://github.com/craftcms/cms 21 https://github.com/answerdev/answer 21 https://github.com/openstack/nova 21 https://github.com/Dolibarr/dolibarr 21 https://github.com/snipe/snipe-it 20 https://github.com/apache/activemq 19 https://github.com/argoproj/argo-cd 19 https://github.com/concretecms/concretecms 19 https://github.com/firefly-iii/firefly-iii 19 https://github.com/ikus060/rdiffweb 18 https://github.com/python-pillow/Pillow 18 https://github.com/livehelperchat/livehelperchat 18 https://github.com/matrix-org/synapse 17 https://github.com/shopware/platform 17 https://github.com/apache/struts 17 https://github.com/magento/magento2 16 https://github.com/shopware/shopware 16 https://github.com/vyperlang/vyper 15 https://github.com/openstack/keystone 15 https://github.com/CVEProject/cvelist 15 https://github.com/PaddlePaddle/Paddle 14 https://github.com/froxlor/froxlor 14 https://github.com/yetiforcecompany/yetiforcecrm 14 https://github.com/OpenNMS/opennms 14 https://github.com/TYPO3/TYPO3.CMS 14 https://github.com/go-gitea/gitea 13 https://github.com/octobercms/october 13 https://github.com/getkirby/kirby 13 https://github.com/x-stream/xstream 13 https://github.com/mautic/mautic 13 https://github.com/goharbor/harbor 12 https://github.com/netty/netty 12 https://github.com/PrestaShop/PrestaShop 12 https://github.com/tinymce/tinymce 12 https://github.com/apache/cxf 12 https://github.com/contao/contao 11 https://github.com/intelliants/subrion 11 https://github.com/forkcms/forkcms 11 https://github.com/silverstripe/silverstripe-framework 11 https://github.com/cilium/cilium 11 https://github.com/saltstack/salt 10 https://github.com/laurent22/joplin 10 https://github.com/ethereum/go-ethereum 10 https://github.com/moby/moby 10 https://github.com/liufee/cms 10 https://github.com/baserproject/basercms 10 https://github.com/nilsteampassnet/TeamPass 10 https://github.com/OpenZeppelin/openzeppelin-contracts 10 https://github.com/vaadin/platform 10 https://github.com/helm/helm 10 https://github.com/greenpau/caddy-security 10 https://github.com/containerd/containerd 10 https://github.com/mattermost/mattermost 10 https://github.com/directus/directus 10 https://github.com/github/advisory-database 9 https://github.com/strapi/strapi 9 https://github.com/electron/electron 9 https://github.com/geoserver/geoserver 9 https://github.com/fatfreecrm/fat_free_crm 9 https://github.com/apache/nifi 9 https://github.com/publify/publify 9 https://github.com/jquery/jquery 9 https://github.com/puppetlabs/puppet 9 https://github.com/sparklemotion/nokogiri 9 https://github.com/jenkinsci/git-plugin 9 https://github.com/getgrav/grav 8 https://github.com/pandao/editor.md 8 https://github.com/LavaLite/cms 8 https://github.com/openfga/openfga 8 https://github.com/swagger-api/swagger-ui 8 https://github.com/eclipse/jetty.project 8 https://github.com/ckeditor/ckeditor4 8 https://github.com/bcgit/bc-java 8 https://github.com/rails/rails-html-sanitizer 8 https://github.com/TryGhost/Ghost 8 https://github.com/openstack/glance 8 https://github.com/hashicorp/consul 8 https://github.com/rack/rack 8 https://github.com/rubygems/rubygems 8 https://github.com/bytecodealliance/wasmtime 8 https://github.com/wallabag/wallabag 8 https://github.com/nilsteampassnet/teampass 8 https://github.com/kubeedge/kubeedge 8 https://github.com/jupyter/notebook 8 https://github.com/twbs/bootstrap 7 https://github.com/aio-libs/aiohttp 7 https://github.com/vaadin/flow 7 https://github.com/pyload/pyload 7 https://github.com/nahsra/antisamy 7 https://github.com/opencv/opencv 7 https://github.com/dolibarr/dolibarr 7 https://github.com/hashicorp/vault 7 https://github.com/laravel/framework 7 https://github.com/traefik/traefik 7 https://github.com/wagtail/wagtail 7 https://github.com/scrapy/scrapy 7 https://github.com/apache/zeppelin 7 https://github.com/dotnet/runtime 7 https://github.com/openstack/horizon 7 https://github.com/chakra-core/ChakraCore 7 https://github.com/jeecgboot/jeecg-boot 7 https://github.com/vantage6/vantage6 7 https://github.com/thorsten/phpMyFAQ 7 https://github.com/jenkinsci/blueocean-plugin 7 https://github.com/modoboa/modoboa 7 https://github.com/google/fscrypt 7 https://github.com/1Panel-dev/1Panel 7 https://github.com/gogs/gogs 7 https://github.com/kevinpapst/kimai2 7 https://github.com/giampaolo/pyftpdlib 7 https://github.com/cui2shark/security 6 https://github.com/parse-community/parse-server 6 https://github.com/opensearch-project/security 6 https://github.com/neorazorx/facturascripts 6 https://github.com/ipython/ipython 6 https://github.com/cloudflare/cfrpki 6 https://github.com/jenkinsci/configuration-as-code-plugin 6 https://github.com/pimcore/customer-data-framework 6 https://github.com/jenkinsci/config-file-provider-plugin 6 https://github.com/opencast/opencast 6 https://github.com/panva/jose 6 https://github.com/igniterealtime/Openfire 6 https://github.com/croogo/croogo 6 https://github.com/backstage/backstage 6 https://github.com/jenkinsci/fortify-on-demand-uploader-plugin 6 https://github.com/jquery/jquery-ui 6 https://github.com/urllib3/urllib3 6 https://github.com/dompdf/dompdf 6 https://github.com/containers/podman 6 https://github.com/d4wner/Vulnerabilities-Report 6 https://github.com/umbraco/Umbraco-CMS 6 https://github.com/pimcore/admin-ui-classic-bundle 6 https://github.com/onionshare/onionshare 6 https://github.com/cubefs/cubefs 6 https://github.com/faucetsdn/ryu 6 https://github.com/simplesamlphp/simplesamlphp 6 https://github.com/oroinc/orocommerce 6 https://github.com/jenkinsci/script-security-plugin 6 https://github.com/Sylius/Sylius 6 https://github.com/nocodb/nocodb 6 https://github.com/OctoPrint/OctoPrint 5 https://github.com/cosmos/cosmos-sdk 5 https://github.com/cri-o/cri-o 5 https://github.com/rancher/rancher 5 https://github.com/sulu/sulu 5 https://github.com/opencontainers/runc 5 https://github.com/pmmp/PocketMine-MP 5 https://github.com/cloudfoundry/uaa 5 https://github.com/hashicorp/nomad 5 https://github.com/lief-project/LIEF 5 https://github.com/admidio/admidio 5 https://github.com/unshiftio/url-parse 5 https://github.com/hyperium/hyper 5 https://github.com/puma/puma 5 https://github.com/apache/superset 5 https://github.com/mantisbt/mantisbt 5 https://github.com/etcd-io/etcd 5 https://github.com/paritytech/frontier 5 https://github.com/gradio-app/gradio 5 https://github.com/nervosnetwork/ckb 5 https://github.com/cakephp/cakephp 5 https://github.com/evershopcommerce/evershop 5 https://github.com/NodeBB/NodeBB 5 https://github.com/TribalSystems/Zenario 5 https://github.com/kivikakk/comrak 5 https://github.com/jenkinsci/codedx-plugin 5 https://github.com/alextselegidis/easyappointments 5 https://github.com/apache/tika 5 https://bitbucket.org/snakeyaml/snakeyaml 5 https://github.com/bolt/bolt 5 https://github.com/zitadel/zitadel 5 https://github.com/jenkinsci/subversion-plugin 5 https://github.com/lxml/lxml 5 https://github.com/xuxueli/xxl-job 5 https://github.com/yiisoft/yii2 5 https://github.com/apache/dolphinscheduler 5