Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Critical Security Advisories

Loading...
Critical
GSA_kwCzR0hTQS13aDczLWhwY2ctdjMyas07XA
SQL injection in apache-superset
Ecosystems: pypi
Packages: apache-superset
Source: GitHub Advisory Database
Blast Radius: 13.2
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS1majJtLXczd3YteDlwcs4AAuuK
Apache Calcite before 1.32.0 vulnerable to potential XML External Entity (XXE) attack
Ecosystems: maven
Packages: org.apache.calcite:calcite-core
Source: GitHub Advisory Database
Blast Radius: 31.2
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS1qcGY4LWg3aDctM3Bwbc4AAwoR
tar-utils Path Traversal vulnerability
Ecosystems: go
Packages: github.com/whyrusleeping/tar-utils
Source: GitHub Advisory Database
Blast Radius: 25.4
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS13cmg5LWNqdjMtMmhwd84AAxxu
Sequelize vulnerable to SQL Injection via replacements
Ecosystems: npm
Packages: sequelize
Source: GitHub Advisory Database
Blast Radius: 52.9
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS12anEzLXgzZjItZnZ4cc4AATHt
Account takeover in facturascripts
Ecosystems: packagist
Packages: facturascripts/facturascripts
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS1wcDR3LWc1cDQtODVwMs4AA2Jz
phpMyFAQ Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: thorsten/phpmyfaq
Source: GitHub Advisory Database
Blast Radius: 5.4
Published: 8 months ago
Critical
GSA_kwCzR0hTQS05OWMzLXFjMnEtcDk0bc4AAxxW
GeoTools OGC Filter SQL Injection Vulnerabilities
Ecosystems: maven
Packages: org.geotools:gt-jdbc
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS13OWNwLTN4NzktMnA4cM4AA23u
transmute-core unsafe YAML deserialization vulnerability
Ecosystems: pypi
Packages: transmute-core
Source: GitHub Advisory Database
Blast Radius: 8.9
Published: 7 months ago
Critical
GSA_kwCzR0hTQS1xaHh2LTI5NngtaGp2N84AAuh8
@pendo324/get-process-by-name are vulnerable to Arbitrary Code Execution
Ecosystems: npm
Packages: @pendo324/get-process-by-name
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS1qZnBoLTNocGctMmY2Nc3Xww
Incorrect Permission Assignment for Critical Resource in ShopXO
Ecosystems: packagist
Packages: shopxo/shopxo
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS03Y3JjLXIzd2ctY2ZnZs4AA26r
Json response for search reveals Solr credentials
Ecosystems: packagist
Packages: ezsystems/ezplatform-solr-search-engine
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
Critical
GSA_kwCzR0hTQS12NnhwLWNjdngtdzUybc4AA26q
Json response for search reveals Solr credentials
Ecosystems: packagist
Packages: ibexa/solr
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
Critical
GSA_kwCzR0hTQS1oMjRjLTZwNnAtbTN2eM4AA1oF
tss-lib leaks secret keys in response to incorrectly constructed Paillier moduli
Ecosystems: go
Packages: github.com/bnb-chain/tss-lib
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 9 months ago
Critical
GSA_kwCzR0hTQS0yZ2M2LTJoMmctcGg0OM4AAiZ5
Rambox RCE Vulnerability
Ecosystems: npm
Packages: Rambox
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS04eGY0LXc3cXctcGpqd802tA
Firebase PHP-JWT key/algorithm type confusion
Ecosystems: packagist
Packages: firebase/php-jwt
Source: GitHub Advisory Database
Blast Radius: 42.3
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS1yY3hjLTN3Mm0tbXA4aM4AAs61
Unsafe deserialisation in the PKI implementation scheme of NVFlare
Ecosystems: pypi
Packages: nvflare
Source: GitHub Advisory Database
Blast Radius: 16.0
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS1qOTVyLTg2aHgteHd4Z84AAusg
Rank Math SEO plugin vulnerable to Server-Side Request Forgery
Ecosystems: packagist
Packages: rankmath/seo-by-rank-math
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS1qajYyLW1jM20tajc2Oc4AAupU
FeehiCMS has an arbitrary file upload vulnerability
Ecosystems: packagist
Packages: feehi/cms
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS05dm0zLXI4Z3EtY3I2eM4AAusJ
Casdoor arbitrary file write vulnerability
Ecosystems: go
Packages: github.com/casdoor/casdoor
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS1mNTVnLXg4cXEtMjU2Oc3X6Q
CSV-Safe improperly filters special characters potentially leading to CSV injection
Ecosystems: rubygems
Packages: csv-safe
Source: GitHub Advisory Database
Blast Radius: 18.5
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS13eHg1LXc5amMtNDh3eM4AAuu2
Pebble Templates protection mechanism bypass can lead to arbitrary code execution
Ecosystems: maven
Packages: io.pebbletemplates:pebble
Source: GitHub Advisory Database
Blast Radius: 23.8
Published: over 1 year ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWM5amotM3d2Zy1xNjVo
Vulnerability that affects org.apache.pdfbox:pdfbox
Ecosystems: maven
Packages: org.apache.pdfbox:pdfbox
Source: GitHub Advisory Database
Blast Radius: 39.0
Published: almost 5 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTg2cjktMzlqOS05OXdw
Elliptic Curve Key Disclosure in go-jose
Ecosystems: go
Packages: github.com/square/go-jose, gopkg.in/square/go-jose.v1
Source: GitHub Advisory Database
Blast Radius: 25.4
Published: almost 3 years ago
Critical
GSA_kwCzR0hTQS1qNzdyLTJmeGYtNWpyd83fmw
Improper path handling in kustomization files allows path traversal
Ecosystems: go
Packages: github.com/fluxcd/flux2, github.com/fluxcd/kustomize-controller
Source: GitHub Advisory Database
Blast Radius: 13.8
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS1tYzd3LTRjamYtYzk3M80WSQ
OS Command Injection in node-opencv
Ecosystems: npm
Packages: opencv
Source: GitHub Advisory Database
Blast Radius: 23.0
Published: over 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTVmMzctZ3h2aC0yM3Y2
Remote code execution in PHPMailer
Ecosystems: packagist
Packages: phpmailer/phpmailer
Source: GitHub Advisory Database
Blast Radius: 42.0
Published: about 4 years ago
Critical
GSA_kwCzR0hTQS1jY3hoLWo3aGctbTVtcs4AAiIU
Incorrect Authorization in Jenkins Kubernetes :: Pipeline :: Kubernetes Steps Plugin
Ecosystems: maven
Packages: io.fabric8.pipeline:kubernetes-pipeline-steps
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS1mdzQyLTRtcTQtNHFwcc4AAQAj
ChakraCore RCE Vulnerability
Ecosystems: nuget
Packages: Microsoft.ChakraCore
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS1jY2hxLWZyZ3YtcmpoNc4AA0sM
vm2 Sandbox Escape vulnerability
Ecosystems: npm
Packages: vm2
Source: GitHub Advisory Database
Blast Radius: 46.2
Published: 10 months ago
Critical
GSA_kwCzR0hTQS1wNjc0LWhoOHgtcnY1aM4AAolV
XML external entity vulnerability in Jenkins Nuget Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:nuget
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS13anEzLTdqeHgtd2hqOc4AAzYV
mlflow Path Traversal vulnerability
Ecosystems: pypi
Packages: mlflow
Source: GitHub Advisory Database
Blast Radius: 36.3
Published: 12 months ago
Critical
GSA_kwCzR0hTQS03NTdwLXZ4NDMtZnA5cs4AA01i
KubePi Privilege Escalation vulnerability
Ecosystems: go
Packages: github.com/KubeOperator/kubepi
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 10 months ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW1oNmYtOGoyeC00NDgz
Critical severity vulnerability that affects event-stream and flatmap-stream
Ecosystems: npm
Packages: flatmap-stream, event-stream
Source: GitHub Advisory Database
Blast Radius: 53.7
Published: over 5 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWh4eGYtcTN3OS00eGd3
Malicious Package in eslint-scope
Ecosystems: npm
Packages: eslint-scope, eslint-config-eslint
Source: GitHub Advisory Database
Blast Radius: 56.4
Published: almost 6 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTQyOGYtbWg3dy02dzJ4
pandora-doomsday is malware
Ecosystems: npm
Packages: pandora-doomsday
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Critical
GSA_kwCzR0hTQS02cXY2LXE3N2ctN3FtNs4AAujz
NVFLARE unsafe deserialization due to Pickle
Ecosystems: pypi
Packages: nvflare
Source: GitHub Advisory Database
Blast Radius: 16.0
Published: over 1 year ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWgzM3AtNWo5Ni13OHFo
OS Command Injection in gulkp-styledocco
Ecosystems: npm
Packages: gulp-styledocco
Source: GitHub Advisory Database
Blast Radius: 14.5
Published: about 3 years ago
Critical
GSA_kwCzR0hTQS1wanczLWM3NGotbTlmas4AAgtD
Password in config file in KIE server
Ecosystems: maven
Packages: org.kie.server:kie-server-common
Source: GitHub Advisory Database
Blast Radius: 14.3
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS00cXE1LW14eHgtbTZnZ84AA3Oh
MLflow authentication requirement bypass can allow a user to arbitrarily create an account
Ecosystems: pypi
Packages: mlflow
Source: GitHub Advisory Database
Blast Radius: 33.7
Published: 6 months ago
Critical
GSA_kwCzR0hTQS12Zjc4LTNxOWYtOTJnM84AA04H
Hard-coded System User Credentials in Folio Data Export Spring module
Ecosystems: maven
Packages: org.folio:mod-data-export-spring
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 10 months ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTRmcjItajRnOS1tcHBm
Prototype Pollution in deephas
Ecosystems: npm
Packages: deephas
Source: GitHub Advisory Database
Blast Radius: 20.5
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS1wbTU1LXFmeHItaDI0N84AAuFx
OmniAuth's `lib/omniauth/failure_endpoint.rb` does not escape `message_key` value
Ecosystems: rubygems
Packages: omniauth
Source: GitHub Advisory Database
Blast Radius: 46.4
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS1jNzl2LTJyanEtOTY1bc4AAR_K
ChakraCore vulnerable to privilege escalation
Ecosystems: nuget
Packages: Microsoft.ChakraCore
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXY4djgtNjg1OS1xeG00
Arbitrary shell command execution in logkitty
Ecosystems: npm
Packages: logkitty
Source: GitHub Advisory Database
Blast Radius: 52.9
Published: almost 4 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXd3NGotYzJycS00N3E4
Command injection in ts-process-promises
Ecosystems: npm
Packages: ts-process-promises
Source: GitHub Advisory Database
Blast Radius: 6.8
Published: over 3 years ago
Critical
GSA_kwCzR0hTQS1obWozLW1xZ3ctMmZxNs4AAuEC
Mingsoft MCMS SQL injection vulnerability in /mdiy/page/verify URI via fieldName parameter
Ecosystems: maven
Packages: net.mingsoft:ms-mcms
Source: GitHub Advisory Database
Blast Radius: 3.0
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS13eDY5LXJ2ZzMteDdmY80YdQ
XSS via prototype pollution in NodeBB
Ecosystems: npm
Packages: nodebb
Source: GitHub Advisory Database
Blast Radius: 4.3
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS13anFjLWo1Mzctajlnas0Z-A
Command injection in git-it-electron
Ecosystems: npm
Packages: git-it-electron
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS0zcHd3LXF2cjgtNm1ocM4AA3N9
Ray Path Traversal vulnerability
Ecosystems: pypi
Packages: ray
Source: GitHub Advisory Database
Blast Radius: 33.1
Published: 6 months ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXdjOXYtbWo2My1tOWc1
Remote Code Execution in pg
Ecosystems: npm
Packages: pg
Source: GitHub Advisory Database
Blast Radius: 53.3
Published: almost 6 years ago
Critical
GSA_kwCzR0hTQS1jcmc5LTQ0aDIteHczNc4AA2vl
Apache ActiveMQ is vulnerable to Remote Code Execution
Ecosystems: maven
Packages: org.apache.activemq:activemq-openwire-legacy, org.apache.activemq:activemq-client
Source: GitHub Advisory Database
Blast Radius: 38.1
Published: 7 months ago
Critical
GSA_kwCzR0hTQS1jZjhmLXcyYzUtcDVqcs4AAjM6
keycloak vulnerable to unauthorized login via mail server setup
Ecosystems: maven
Packages: org.keycloak:keycloak-core
Source: GitHub Advisory Database
Blast Radius: 27.9
Published: almost 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTkyd2oteDc4Yy1tNGZ4
XML External Entity Reference in Apache Karaf
Ecosystems: maven
Packages: org.apache.karaf.specs:org.apache.karaf.specs.java.xml
Source: GitHub Advisory Database
Blast Radius: 10.9
Published: over 5 years ago
Critical
GSA_kwCzR0hTQS04djJoLTRqcG0tM3dmbc4AAabE
ChakraCore RCE Vulnerability
Ecosystems: nuget
Packages: Microsoft.ChakraCore
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS01cDNoLTdmd2gtOTJyY84AA3OR
Remote Code Execution due to Full Controled File Write in mlflow
Ecosystems: pypi
Packages: mlflow
Source: GitHub Advisory Database
Blast Radius: 37.1
Published: 6 months ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWN4OG0tOHhteC1xOHYz
Denial of Service in memjs
Ecosystems: npm
Packages: memjs
Source: GitHub Advisory Database
Blast Radius: 25.9
Published: over 5 years ago
Critical
GSA_kwCzR0hTQS1naHdxLTd2M3ItNTQzM84AAbkw
ChakraCore RCE Vulnerability
Ecosystems: nuget
Packages: Microsoft.ChakraCore
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXY4dzktMjc4OS02aGhy
Deserialization of Untrusted Data in bson
Ecosystems: npm
Packages: bson
Source: GitHub Advisory Database
Blast Radius: 57.7
Published: about 3 years ago
Critical
GSA_kwCzR0hTQS12OGo2LTZjMnItcjI3Y807Ew
Expression Language Injection in Apache Struts
Ecosystems: maven
Packages: org.apache.struts:struts2-core
Source: GitHub Advisory Database
Blast Radius: 37.2
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS14N3JjLTRncXctM3E2cc4AAQY5
Apache MyFaces Trinidad Deserialization Vulnerability
Ecosystems: maven
Packages: org.apache.myfaces.trinidad:trinidad
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS1qNzZxLTk5eDItdjd2cc4AAbxy
Apache Ambari Improper Access Control
Ecosystems: maven
Packages: org.apache.ambari:ambari
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS01NHc0LTJmMnAtZjQ4aM4AAtpL
deferred-exec Command Injection vulnerability
Ecosystems: npm
Packages: deferred-exec
Source: GitHub Advisory Database
Blast Radius: 8.3
Published: almost 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTR3ODgtcmpqMy14N3dw
Chromium Remote Code Execution in electron
Ecosystems: npm
Packages: electron
Source: GitHub Advisory Database
Blast Radius: 48.7
Published: almost 6 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTdmcnYtOXBody12cnZy
Authorization bypass in Strapi
Ecosystems: npm
Packages: strapi
Source: GitHub Advisory Database
Blast Radius: 35.5
Published: about 3 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTN3ajgtdnA5aC1ybTZt
total.js Remote Code Execution Vulnerability
Ecosystems: npm
Packages: total.js
Source: GitHub Advisory Database
Blast Radius: 20.3
Published: about 3 years ago
Critical
GSA_kwCzR0hTQS12NTd4LWd4ZmotNDg0cc0kcQ
Security Advisory for "Log4Shell"
Ecosystems: maven
Packages: com.hazelcast:hazelcast, com.hazelcast.jet:hazelcast-jet
Source: GitHub Advisory Database
Blast Radius: 40.2
Published: over 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZtNHItbTNnYy1oNHI1
OS Command Injection in install-package
Ecosystems: npm
Packages: install-package
Source: GitHub Advisory Database
Blast Radius: 8.3
Published: over 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWdqbXctdmY5aC1nMjV2
jackson-databind polymorphic typing issue
Ecosystems: maven
Packages: com.fasterxml.jackson.core:jackson-databind
Source: GitHub Advisory Database
Blast Radius: 52.8
Published: over 4 years ago
Critical
GSA_kwCzR0hTQS14MjRnLTl3N3YtdnByaM4AArN3
HashiCorp go-getter command injection
Ecosystems: go
Packages: github.com/hashicorp/go-getter/gcs/v2, github.com/hashicorp/go-getter/s3/v2, github.com/hashicorp/go-getter/v2, github.com/hashicorp/go-getter
Source: GitHub Advisory Database
Blast Radius: 37.6
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS1neDJjLWZ2aGMtcGg0as05Xg
Path traversal in Hadoop
Ecosystems: maven
Packages: org.apache.hadoop:hadoop-common
Source: GitHub Advisory Database
Blast Radius: 42.6
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS02aDV4LTdjNW0tN2NyN83l_g
Exposure of Sensitive Information in eventsource
Ecosystems: npm
Packages: eventsource
Source: GitHub Advisory Database
Blast Radius: 59.3
Published: about 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWM5ajMtd3FwaC01eHg5
Command Injection in egg-scripts
Ecosystems: npm
Packages: egg-scripts
Source: GitHub Advisory Database
Blast Radius: 32.3
Published: over 5 years ago
Critical
GSA_kwCzR0hTQS1yNDhxLTlnNXItOHEyaM4AArc1
Authorization Bypass Through User-Controlled Key in go-restful
Ecosystems: go
Packages: github.com/emicklei/go-restful/v2, github.com/emicklei/go-restful, github.com/emicklei/go-restful/v3
Source: GitHub Advisory Database
Blast Radius: 42.1
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS02cHF4LXY5ZzQtNWhjOM4AA3fC
Jupiter allows attackers to execute arbitrary commands via sending a crafted RPC request
Ecosystems: maven
Packages: org.jupiter-rpc:jupiter-rpc
Source: GitHub Advisory Database
Blast Radius: 4.7
Published: 6 months ago
Critical
GSA_kwCzR0hTQS14djk3LWM2MnYtNDU4N84AAtxf
NextAuth.js before 4.10.3 and 3.29.10 sending verification requests (magic link) to unwanted emails
Ecosystems: npm
Packages: next-auth
Source: GitHub Advisory Database
Blast Radius: 39.0
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS1nMjdqLTc0ZnAteGZwcs04jw
Insecure default value for CORS configuration
Ecosystems: npm
Packages: directus
Source: GitHub Advisory Database
Blast Radius: 20.2
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS03OTU0LTZtOXEtZ3B2Zs4AA1Yx
XWiki Platform privilege escalation (PR)/RCE from account through Invitation subject/message
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-invitation-ui
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 9 months ago
Critical
GSA_kwCzR0hTQS02bTRoLWhmcHAteDhjeM4AAwgV
docconv OS Command Injection vulnerability
Ecosystems: go
Packages: code.sajari.com/docconv, github.com/sajari/docconv
Source: GitHub Advisory Database
Blast Radius: 24.6
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS00cTJ3LXJ3N20teHF3Ns3uzg
Sony Neural Network Libraries reliance on untrusted inputs prior to v1.0.10
Ecosystems: pypi
Packages: nnabla
Source: GitHub Advisory Database
Blast Radius: 17.4
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS1majM1LW05NHItOWg0Y84AAktJ
Maltego incorrectly shares a MISP connection across users in a remote-transform use case
Ecosystems: pypi
Packages: MISP-maltego
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS12am1yLTZwbW0tcnByZs4AAtlq
Dataease v1.11.1 SQL Injection via parameter dataSourceId
Ecosystems: maven
Packages: io.dataease:dataease-plugin-common
Source: GitHub Advisory Database
Blast Radius: 3.0
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS1yd3ZmLWMzd20tcW02d84AAtpC
ffmpeg-sdk vulnerable to OS Command Injection
Ecosystems: npm
Packages: ffmpeg-sdk
Source: GitHub Advisory Database
Blast Radius: 3.0
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS04eGhyLXgzdjgtcmdoas4AA1eR
XWiki Platform's Groovy jobs check the wrong author, allowing remote code execution
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-scheduler-api, com.xpn.xwiki.platform.plugins:xwiki-plugin-scheduler
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 9 months ago
Critical
GSA_kwCzR0hTQS0zajJmLTU4cnEtZzZwN84AA2o5
Sureness uses hardcoded key
Ecosystems: maven
Packages: com.usthe.sureness:sureness-core
Source: GitHub Advisory Database
Blast Radius: 10.9
Published: 7 months ago
Critical
GSA_kwCzR0hTQS12NDJxLTc4dzgtOGZjY84AAto7
set-deep-prop Prototype Pollution
Ecosystems: npm
Packages: set-deep-prop
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS02eDkzLWg5ZzMtOXBocs4AAtpB
otp-generator before v3.0.0 insecurely generates random one-time passwords
Ecosystems: npm
Packages: otp-generator
Source: GitHub Advisory Database
Blast Radius: 30.5
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS04ZnhyLXFmcjktcDM0d84AA2Lz
TorchServe Server-Side Request Forgery vulnerability
Ecosystems: pypi
Packages: torchserve
Source: GitHub Advisory Database
Blast Radius: 20.3
Published: 8 months ago
Critical
GSA_kwCzR0hTQS1xNXA1LXhnOTMtMmpxY84AA0cp
Apache InLong Improper Privilege Management vulnerability
Ecosystems: maven
Packages: org.apache.inlong:manager-web, org.apache.inlong:manager-service, org.apache.inlong:manager-dao, org.apache.inlong:manager-pojo
Source: GitHub Advisory Database
Blast Radius: 15.1
Published: 10 months ago
Critical
GSA_kwCzR0hTQS01bTNtLXE4Y3EtNzdnNM4AAz_c
fuadmin vulnerable to insecure file upload
Ecosystems: packagist
Packages: funadmin/funadmin
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 11 months ago
Critical
GSA_kwCzR0hTQS1tOHhoLWNxYzItNXE2Zs02eQ
Type Confusion in ImpressCMS
Ecosystems: packagist
Packages: impresscms/impresscms
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS1mNzc2LXc5djItN3Zmas4AA2fh
XWiki Change Request Application UI XSS and remote code execution through change request title
Ecosystems: maven
Packages: org.xwiki.contrib.changerequest:application-changerequest-ui
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 months ago
Critical
GSA_kwCzR0hTQS1xd3F2LWo3anItNGhwNs3jww
Argument injection in python-libnmap
Ecosystems: pypi
Packages: python-libnmap
Source: GitHub Advisory Database
Blast Radius: 21.5
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS02NjM1LWM2MjYtdmo0cs03og
Command Injection Vulnerability with Mercurial in VCS
Ecosystems: go
Packages: github.com/Masterminds/vcs
Source: GitHub Advisory Database
Blast Radius: 36.9
Published: about 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTd4YzUtZ2dwcC1nMjQ5
pwntools Server-Side Template Injection (SSTI) vulnerability
Ecosystems: pypi
Packages: pwntools
Source: GitHub Advisory Database
Blast Radius: 23.0
Published: about 3 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWhwcjYtZjR2cS1teGNo
Command injection in LocalStack
Ecosystems: pypi
Packages: localstack
Source: GitHub Advisory Database
Blast Radius: 18.9
Published: almost 3 years ago
Critical
GSA_kwCzR0hTQS05dzVqLTRtd3YtMndqOM4AAxNC
Remote code execution in simple-git
Ecosystems: npm
Packages: simple-git
Source: GitHub Advisory Database
Blast Radius: 48.7
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS12OTJmLWp4NnAtNzNyeM4AA18p
Improper Control of Generation of Code ('Code Injection') in jai-ext
Ecosystems: maven
Packages: it.geosolutions.jaiext.jiffle:jt-jiffle-language, it.geosolutions.jaiext.jiffle:jt-jiffle
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 8 months ago
Critical
GSA_kwCzR0hTQS04MzhoLWpxcDYtY2YyZs02gA
Sandbox bypass leading to arbitrary code execution in Deno
Ecosystems: cargo
Packages: deno
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS12cjIyLTQzZ2otcngzZs4AAjgN
omniauth-weibo-oauth2 included a code-execution backdoor inserted by a third party
Ecosystems: rubygems
Packages: omniauth-weibo-oauth2
Source: GitHub Advisory Database
Blast Radius: 24.6
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS1qNjQ2LWdqNXAtcDQ1Z84AA1_1
CefSharp affected by heap buffer overflow in WebP
Ecosystems: nuget
Packages: CefSharp.Common.NETCore, CefSharp.Common
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 8 months ago
Statistics
Advisories: 18,618
Packages: 8,351
Repositories: 1,300
Ecosystems: 12
Filter by Severity
Moderate 8,075 High 6,409 Critical 2,829 Low 1,013
Filter by Ecosystem
npm 954 maven 826 packagist 473 pypi 369 go 215 cargo 154 rubygems 110 nuget 49 actions 4 hex 4 swift 2
Filter by Package
magento/community-edition 27 com.fasterxml.jackson.core:jackson-databind 24 dolibarr/dolibarr 23 net.mingsoft:ms-mcms 18 org.jenkins-ci.main:jenkins-core 18 salt 17 moodle/moodle 15 topthink/framework 13 com.liferay.portal:release.portal.bom 13 mlflow 12 langchain 12 org.apache.dubbo:dubbo 12 com.liferay.portal:release.dxp.bom 12 drupal/core 12 magento/core 11 org.apache.struts:struts2-core 11 apache-airflow 10 vm2 10 phpmyadmin/phpmyadmin 9 funadmin/funadmin 9 org.xwiki.platform:xwiki-platform-oldcore 9 tensorflow 9 froxlor/froxlor 8 paddlepaddle 8 org.xwiki.platform:xwiki-platform-web-templates 8 tensorflow-gpu 8 tensorflow-cpu 8 shopware/platform 8 org.jeecgframework.boot:jeecg-boot-common 8 drupal/drupal 8 rdiffweb 8 gogs.io/gogs 7 rusqlite 7 ansible 7 org.xwiki.platform:xwiki-platform-administration-ui 7 sequelize 7 symfony/symfony 7 studio-42/elfinder 7 parse-server 6 github.com/answerdev/answer 6 thorsten/phpmyfaq 6 aaptjs 6 github.com/argoproj/argo-cd 6 ezsystems/ezpublish-kernel 6 centreon/centreon 5 nodebb 5 org.apache.shiro:shiro-core 5 ckb 5 org.apache.activemq:activemq-client 5 zendframework/zendframework 5 Pillow 5 mercurial 5 Microsoft.ChakraCore 5 org.jeecgframework.boot:jeecg-boot-parent 5 steal 5 org.apache.inlong:manager-pojo 5 prestashop/prestashop 5 shopware/core 5 org.xwiki.commons:xwiki-commons-xml 5 org.jenkins-ci.plugins:script-security 5 mautic/core 5 safe-eval 5 django 5 org.xwiki.platform:xwiki-platform-web 5 contao/contao 4 openssl-src 4 net.opentsdb:opentsdb 4 contao/core-bundle 4 org.apache.tapestry:tapestry-core 4 org.xwiki.platform:xwiki-platform-flamingo-skin-resources 4 spree_auth_devise 4 org.cloudfoundry.identity:cloudfoundry-identity-server 4 Django 4 safer-eval 4 org.eclipse.jetty:jetty-server 4 org.apache.tomcat.embed:tomcat-embed-core 4 apache-airflow-providers-apache-hive 4 org.apache.inlong:manager-service 4 org.apache.openmeetings:openmeetings-parent 4 librenms/librenms 4 hermes-engine 4 github.com/argoproj/argo-cd/v2 4 github.com/hashicorp/vault 4 github.com/grafana/grafana 4 org.jeecgframework.boot:jeecg-boot-base-core 4 calibreweb 4 feehi/cms 4 smallvec 4 code.gitea.io/gitea 4 org.xwiki.platform:xwiki-platform-appwithinminutes-ui 4 realms-shim 4 nukeviet/nukeviet 4 PaddlePaddle 4 baserproject/basercms 4 nilsteampassnet/teampass 4 swagger-ui 4 org.apache.kylin:kylin-server-base 4 pyload-ng 4 messagepack-rs 4 github.com/usememos/memos 4 org.apache.dolphinscheduler:dolphinscheduler 3 nvflare 3 @openzeppelin/contracts-upgradeable 3 craftcms/cms 3 org.apache.ignite:ignite-core 3 org.jenkins-ci.plugins.workflow:workflow-cps 3 mongoose 3 org.apache.inlong:manager-web 3 org.zenframework.z8.dependencies.commons:log4j-1.2.17 3 org.apache.solr:solr-parent 3 org.springframework.security:spring-security-core 3 log4j:log4j 3 cobbler 3 strapi 3 showdoc/showdoc 3 ibexa/core 3 com.jflyfox:jflyfox_jfinal 3 rubygems-update 3 slpjs 3 phpmailer/phpmailer 3 org.apache.linkis:linkis 3 elefant/cms 3 dompdf/dompdf 3 id-map 3 edu.stanford.nlp:stanford-corenlp 3 browserify-shim 3 org.apache.hadoop:hadoop-common 3 github.com/hashicorp/nomad 3 typo3/cms 3 org.keycloak:keycloak-core 3 org.apache.storm:storm 3 ezsystems/ezplatform-kernel 3 org.jenkins-ci.plugins:active-directory 3 zendframework/zendframework1 3 github.com/rancher/rancher 3 org.xwiki.platform:xwiki-platform-icon-ui 3 github.com/dexidp/dex 3 francoisjacquet/rosariosis 3 handlebars 3 impresscms/impresscms 3 github.com/pterodactyl/wings 3 adodb/adodb-php 3 com.alibaba:dubbo 3 org.apache.ozone:ozone-main 3 symfony/security-core 3 codiad/codiad 3 symfony/security 3 io.undertow:undertow-core 3 simplesamlphp/simplesamlphp 3 org.apache.jmeter:ApacheJMeter 3 github.com/go-gitea/gitea 3 tribalsystems/zenario 3 pimcore/pimcore 3 smarty/smarty 3 io.dataease:dataease-plugin-common 3 org.apache.any23:apache-any23 3 modoboa 3 feathers-sequelize 3 nokogiri 3 org.xwiki.platform:xwiki-platform-search-ui 3 org.richfaces:richfaces-core 3 org.apache.solr:solr-core 3 xcb 3 jsrsasign 3 ray 3 codeigniter4/framework 3 publify_core 3 facade/ignition 3 codeigniter/framework 3 lmdb 3 slp-validate 3 org.jeecgframework.boot:jeecg-boot-base 3 com.hazelcast:hazelcast 3 org.xwiki.platform:xwiki-platform-panels-ui 3 org.xwiki.platform:xwiki-platform-flamingo-theme-ui 3 actix-web 3 org.apache.logging.log4j:log4j-core 3 ro.pippo:pippo-core 3 cockpit-hq/cockpit 2 reportlab 2 pidusage 2 org.springframework.amqp:spring-amqp 2 io.vertx:vertx-web 2 com.jfinal:jfinal 2 dns-sync 2 silverstripe/framework 2 typo3/phar-stream-wrapper 2 Radicale 2 github.com/sap/cloud-security-client-go 2 puma 2 ses 2 org.apache.pulsar:pulsar 2 vyper 2 org.apache.commons:commons-configuration2 2 pandasai 2 zendframework/zend-db 2 stack_dst 2 org.apache.cassandra:cassandra-all 2 net.bull.javamelody:javamelody-core 2 pyyaml 2
Filter by Repository
https://github.com/xwiki/xwiki-platform 81 https://github.com/FasterXML/jackson-databind 24 https://github.com/jenkinsci/jenkins 17 https://github.com/Dolibarr/dolibarr 15 https://github.com/saltstack/salt 14 https://github.com/apache/airflow 14 https://github.com/mlflow/mlflow 11 https://github.com/PaddlePaddle/Paddle 11 https://github.com/ming-soft/MCMS 10 https://github.com/patriksimek/vm2 10 https://github.com/funadmin/funadmin 9 https://github.com/jeecgboot/jeecg-boot 9 https://github.com/tensorflow/tensorflow 9 https://github.com/top-think/framework 9 https://github.com/django/django 9 https://github.com/langchain-ai/langchain 8 https://github.com/magento/magento2 8 https://github.com/ikus060/rdiffweb 8 https://github.com/apache/inlong 8 https://github.com/gogs/gogs 7 https://github.com/python-pillow/Pillow 7 https://github.com/Studio-42/elFinder 7 https://github.com/go-gitea/gitea 7 https://github.com/sequelize/sequelize 7 https://github.com/argoproj/argo-cd 7 https://github.com/rusqlite/rusqlite 7 https://github.com/ansible/ansible 7 https://github.com/apache/struts 7 https://github.com/answerdev/answer 6 https://github.com/parse-community/parse-server 6 https://github.com/symfony/symfony 6 https://github.com/shopware/platform 6 https://github.com/thorsten/phpmyfaq 6 https://github.com/xwiki/xwiki-commons 6 https://github.com/shenzhim/aaptjs 6 https://github.com/froxlor/froxlor 5 https://github.com/apache/tomcat 5 https://github.com/nervosnetwork/ckb 5 https://github.com/keycloak/keycloak 5 https://github.com/stealjs/steal 5 https://github.com/PrestaShop/PrestaShop 5 https://github.com/apache/activemq 5 https://github.com/solidusio/solidus_auth_devise 5 https://github.com/hacksparrow/safe-eval 5 https://github.com/moodle/moodle 5 https://github.com/NodeBB/NodeBB 5 https://github.com/spring-projects/spring-framework 4 https://github.com/janeczku/calibre-web 4 https://github.com/liufee/cms 4 https://github.com/OpenTSDB/opentsdb 4 https://github.com/swagger-api/swagger-ui 4 https://github.com/cloudfoundry/uaa 4 https://github.com/otake84/messagepack-rs 4 https://github.com/hwchase17/langchain 4 https://github.com/grafana/grafana 4 https://github.com/contao/contao 4 https://github.com/dompdf/dompdf 4 https://github.com/pippo-java/pippo 4 https://github.com/dromara/hutool 4 https://github.com/pyload/pyload 4 https://github.com/CVEProject/cvelist 4 https://github.com/usememos/memos 4 https://github.com/servo/rust-smallvec 4 https://github.com/ezsystems/ezpublish-kernel 4 https://github.com/star7th/showdoc 3 https://github.com/cobbler/cobbler 3 https://github.com/facebook/hermes 3 https://github.com/feathersjs-ecosystem/feathers-sequelize 3 https://github.com/opencast/opencast 3 https://github.com/centreon/centreon-archived 3 https://github.com/shopware/shopware 3 https://github.com/thlorenz/browserify-shim 3 https://github.com/pimcore/pimcore 3 https://github.com/ImpressCMS/impresscms 3 https://github.com/rancher/rancher 3 https://github.com/facade/ignition 3 https://github.com/pterodactyl/wings 3 https://github.com/PHPMailer/PHPMailer 3 https://github.com/publify/publify 3 https://github.com/modoboa/modoboa 3 https://github.com/nukeviet/nukeviet 3 https://github.com/github/securitylab 3 https://github.com/ezsystems/ezplatform-kernel 3 https://github.com/neorazorx/facturascripts 3 https://github.com/jflyfox/jfinal_cms 3 https://github.com/simpleledger/slpjs 3 https://github.com/phpmyadmin/phpmyadmin 3 https://github.com/chakra-core/ChakraCore 3 https://github.com/dataease/dataease 3 https://github.com/crewjam/saml 3 https://github.com/NVIDIA/NVFlare 3 https://github.com/rubygems/rubygems.org 3 https://github.com/ADOdb/ADOdb 3 https://github.com/ibexa/core 3 https://github.com/andrewhickman/id-map 3 https://github.com/apache/camel 3 https://github.com/rubygems/rubygems 3 https://github.com/twisted/twisted 3 https://github.com/actix/actix-web 3 https://github.com/smarty-php/smarty 3 https://github.com/dwisiswant0/advisory 3 https://github.com/run-llama/llama_index 3 https://github.com/jbroadway/elefant 3 https://github.com/strapi/strapi 3 https://github.com/octobercms/october 3 https://github.com/denoland/deno 3 https://github.com/mautic/mautic 3 https://github.com/TeamSeri0us/pocs 3 https://github.com/hazelcast/hazelcast 3 https://github.com/LetianYuan/My-CVE-Public-References 3 https://github.com/dexidp/dex 3 https://github.com/kjur/jsrsasign 3 https://github.com/baserproject/basercms 3 https://github.com/apache/shiro 3 https://github.com/craftcms/cms 3 https://github.com/mbechler/marshalsec 3 https://github.com/sjep/array 2 https://github.com/jmrozanec/cron-utils 2 https://github.com/jfinal/jfinal 2 https://github.com/pytorch/serve 2 https://github.com/OpenAPITools/openapi-generator 2 https://github.com/simpleledger/slp-validate.js 2 https://github.com/top-think/thinkphp 2 https://github.com/SAP/cloud-pysec 2 https://github.com/apache/kylin 2 https://github.com/TribalSystems/Zenario 2 https://github.com/totaljs/framework 2 https://github.com/stanfordnlp/corenlp 2 https://github.com/HtmlUnit/htmlunit 2 https://github.com/ahdinosaur/set-in 2 https://github.com/kubernetes/kubernetes 2 https://github.com/Microsoft/ChakraCore 2 https://github.com/MrSwitch/hello.js 2 https://github.com/ibexa/admin-ui 2 https://github.com/evmos/evmos 2 https://github.com/beego/beego 2 https://github.com/dominictarr/libnested 2 https://github.com/fluxcd/flux2 2 https://github.com/moby/buildkit 2 https://github.com/unshiftio/url-parse 2 https://github.com/sidorares/node-mysql2 2 https://github.com/noear/solon 2 https://github.com/h2database/h2database 2 https://github.com/netvl/acc_reader 2 https://github.com/rubyzip/rubyzip 2 https://github.com/russellhaering/gosaml2 2 https://github.com/jenkinsci/semantic-versioning-plugin 2 https://github.com/rest-client/rest-client 2 https://github.com/hashicorp/go-getter 2 https://github.com/qcubed/qcubed 2 https://github.com/nats-io/jwt 2 https://github.com/getgrav/grav 2 https://github.com/rochacbruno/quokka 2 https://github.com/graphite-project/graphite-web 2 https://github.com/rails/rails 2 https://github.com/uasoft-indonesia/badaso 2 https://github.com/apache/flume 2 https://github.com/Froxlor/Froxlor 2 https://github.com/TogaTech/tEnvoy 2 https://github.com/PowerJob/PowerJob 2 https://github.com/Gerapy/Gerapy 2 https://github.com/rust-random/rand 2 https://github.com/hashicorp/nomad 2 https://github.com/vert-x3/vertx-web 2 https://github.com/apache/karaf 2 https://github.com/simplesamlphp/simplesamlphp 2 https://github.com/nilsteampassnet/teampass 2 https://github.com/sparklemotion/nokogiri 2 https://github.com/laurent22/joplin 2 https://gitlab.com/francoisjacquet/rosariosis 2 https://github.com/dominictarr/event-stream 2 https://github.com/KnpLabs/snappy 2 https://github.com/apache/incubator-streampark 2 https://github.com/SAP/cloud-security-services-integration-library 2 https://github.com/skoranga/node-dns-sync 2 https://github.com/SAP/cloud-security-client-go 2 https://github.com/dfinity/agent-js 2 https://github.com/jaw187/node-traceroute 2 https://github.com/WWBN/AVideo 2 https://github.com/markevans/dragonfly 2 https://github.com/soketi/soketi 2 https://github.com/nilsteampassnet/TeamPass 2 https://github.com/line/armeria 2 https://github.com/gofiber/fiber 2 https://github.com/OpenZeppelin/openzeppelin-contracts-upgradeable 2 https://github.com/benbusby/whoogle-search 2 https://github.com/google/flatbuffers 2 https://github.com/gventuri/pandas-ai 2 https://github.com/nodejs/llhttp 2 https://github.com/zoujingli/ThinkAdmin 2 https://github.com/Automattic/mongoose 2 https://github.com/handlebars-lang/handlebars.js 2 https://github.com/hashicorp/vault 2 https://github.com/ionicabizau/parse-url 2 https://github.com/keystonejs/keystone 2 https://github.com/cockpit-hq/cockpit 2 https://github.com/neo4j-contrib/neo4j-apoc-procedures 2 https://github.com/http4s/http4s 2 https://github.com/OpenZeppelin/openzeppelin-contracts 2