Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Critical Security Advisories
Loading...
Critical
Ecosystems: pypi
Packages: apache-superset
Source: GitHub Advisory Database
Blast Radius: 13.2
Published: about 2 years ago
GSA_kwCzR0hTQS13aDczLWhwY2ctdjMyas07XA
SQL injection in apache-supersetEcosystems: pypi
Packages: apache-superset
Source: GitHub Advisory Database
Blast Radius: 13.2
Published: about 2 years ago
Critical
Ecosystems: maven
Packages: org.apache.calcite:calcite-core
Source: GitHub Advisory Database
Blast Radius: 31.2
Published: over 1 year ago
GSA_kwCzR0hTQS1majJtLXczd3YteDlwcs4AAuuK
Apache Calcite before 1.32.0 vulnerable to potential XML External Entity (XXE) attackEcosystems: maven
Packages: org.apache.calcite:calcite-core
Source: GitHub Advisory Database
Blast Radius: 31.2
Published: over 1 year ago
Critical
Ecosystems: go
Packages: github.com/whyrusleeping/tar-utils
Source: GitHub Advisory Database
Blast Radius: 25.4
Published: over 1 year ago
GSA_kwCzR0hTQS1qcGY4LWg3aDctM3Bwbc4AAwoR
tar-utils Path Traversal vulnerabilityEcosystems: go
Packages: github.com/whyrusleeping/tar-utils
Source: GitHub Advisory Database
Blast Radius: 25.4
Published: over 1 year ago
Critical
Ecosystems: npm
Packages: sequelize
Source: GitHub Advisory Database
Blast Radius: 52.9
Published: about 1 year ago
GSA_kwCzR0hTQS13cmg5LWNqdjMtMmhwd84AAxxu
Sequelize vulnerable to SQL Injection via replacementsEcosystems: npm
Packages: sequelize
Source: GitHub Advisory Database
Blast Radius: 52.9
Published: about 1 year ago
Critical
Ecosystems: packagist
Packages: facturascripts/facturascripts
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
GSA_kwCzR0hTQS12anEzLXgzZjItZnZ4cc4AATHt
Account takeover in facturascriptsEcosystems: packagist
Packages: facturascripts/facturascripts
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Critical
Ecosystems: packagist
Packages: thorsten/phpmyfaq
Source: GitHub Advisory Database
Blast Radius: 5.4
Published: 8 months ago
GSA_kwCzR0hTQS1wcDR3LWc1cDQtODVwMs4AA2Jz
phpMyFAQ Cross-site Scripting vulnerabilityEcosystems: packagist
Packages: thorsten/phpmyfaq
Source: GitHub Advisory Database
Blast Radius: 5.4
Published: 8 months ago
Critical
Ecosystems: maven
Packages: org.geotools:gt-jdbc
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
GSA_kwCzR0hTQS05OWMzLXFjMnEtcDk0bc4AAxxW
GeoTools OGC Filter SQL Injection VulnerabilitiesEcosystems: maven
Packages: org.geotools:gt-jdbc
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Critical
Ecosystems: pypi
Packages: transmute-core
Source: GitHub Advisory Database
Blast Radius: 8.9
Published: 7 months ago
GSA_kwCzR0hTQS13OWNwLTN4NzktMnA4cM4AA23u
transmute-core unsafe YAML deserialization vulnerabilityEcosystems: pypi
Packages: transmute-core
Source: GitHub Advisory Database
Blast Radius: 8.9
Published: 7 months ago
Critical
Ecosystems: npm
Packages: @pendo324/get-process-by-name
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
GSA_kwCzR0hTQS1xaHh2LTI5NngtaGp2N84AAuh8
@pendo324/get-process-by-name are vulnerable to Arbitrary Code ExecutionEcosystems: npm
Packages: @pendo324/get-process-by-name
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Critical
Ecosystems: packagist
Packages: shopxo/shopxo
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
GSA_kwCzR0hTQS1qZnBoLTNocGctMmY2Nc3Xww
Incorrect Permission Assignment for Critical Resource in ShopXOEcosystems: packagist
Packages: shopxo/shopxo
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Critical
Ecosystems: packagist
Packages: ezsystems/ezplatform-solr-search-engine
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
GSA_kwCzR0hTQS03Y3JjLXIzd2ctY2ZnZs4AA26r
Json response for search reveals Solr credentialsEcosystems: packagist
Packages: ezsystems/ezplatform-solr-search-engine
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
Critical
Ecosystems: packagist
Packages: ibexa/solr
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
GSA_kwCzR0hTQS12NnhwLWNjdngtdzUybc4AA26q
Json response for search reveals Solr credentialsEcosystems: packagist
Packages: ibexa/solr
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
Critical
Ecosystems: go
Packages: github.com/bnb-chain/tss-lib
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 9 months ago
GSA_kwCzR0hTQS1oMjRjLTZwNnAtbTN2eM4AA1oF
tss-lib leaks secret keys in response to incorrectly constructed Paillier moduliEcosystems: go
Packages: github.com/bnb-chain/tss-lib
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 9 months ago
Critical
Ecosystems: npm
Packages: Rambox
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
GSA_kwCzR0hTQS0yZ2M2LTJoMmctcGg0OM4AAiZ5
Rambox RCE VulnerabilityEcosystems: npm
Packages: Rambox
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Critical
Ecosystems: packagist
Packages: firebase/php-jwt
Source: GitHub Advisory Database
Blast Radius: 42.3
Published: about 2 years ago
GSA_kwCzR0hTQS04eGY0LXc3cXctcGpqd802tA
Firebase PHP-JWT key/algorithm type confusionEcosystems: packagist
Packages: firebase/php-jwt
Source: GitHub Advisory Database
Blast Radius: 42.3
Published: about 2 years ago
Critical
Ecosystems: pypi
Packages: nvflare
Source: GitHub Advisory Database
Blast Radius: 16.0
Published: almost 2 years ago
GSA_kwCzR0hTQS1yY3hjLTN3Mm0tbXA4aM4AAs61
Unsafe deserialisation in the PKI implementation scheme of NVFlareEcosystems: pypi
Packages: nvflare
Source: GitHub Advisory Database
Blast Radius: 16.0
Published: almost 2 years ago
Critical
Ecosystems: packagist
Packages: rankmath/seo-by-rank-math
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
GSA_kwCzR0hTQS1qOTVyLTg2aHgteHd4Z84AAusg
Rank Math SEO plugin vulnerable to Server-Side Request ForgeryEcosystems: packagist
Packages: rankmath/seo-by-rank-math
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Critical
Ecosystems: packagist
Packages: feehi/cms
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
GSA_kwCzR0hTQS1qajYyLW1jM20tajc2Oc4AAupU
FeehiCMS has an arbitrary file upload vulnerabilityEcosystems: packagist
Packages: feehi/cms
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Critical
Ecosystems: go
Packages: github.com/casdoor/casdoor
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
GSA_kwCzR0hTQS05dm0zLXI4Z3EtY3I2eM4AAusJ
Casdoor arbitrary file write vulnerabilityEcosystems: go
Packages: github.com/casdoor/casdoor
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Critical
Ecosystems: rubygems
Packages: csv-safe
Source: GitHub Advisory Database
Blast Radius: 18.5
Published: about 2 years ago
GSA_kwCzR0hTQS1mNTVnLXg4cXEtMjU2Oc3X6Q
CSV-Safe improperly filters special characters potentially leading to CSV injectionEcosystems: rubygems
Packages: csv-safe
Source: GitHub Advisory Database
Blast Radius: 18.5
Published: about 2 years ago
Critical
Ecosystems: maven
Packages: io.pebbletemplates:pebble
Source: GitHub Advisory Database
Blast Radius: 23.8
Published: over 1 year ago
GSA_kwCzR0hTQS13eHg1LXc5amMtNDh3eM4AAuu2
Pebble Templates protection mechanism bypass can lead to arbitrary code executionEcosystems: maven
Packages: io.pebbletemplates:pebble
Source: GitHub Advisory Database
Blast Radius: 23.8
Published: over 1 year ago
Critical
Ecosystems: maven
Packages: org.apache.pdfbox:pdfbox
Source: GitHub Advisory Database
Blast Radius: 39.0
Published: almost 5 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWM5amotM3d2Zy1xNjVo
Vulnerability that affects org.apache.pdfbox:pdfboxEcosystems: maven
Packages: org.apache.pdfbox:pdfbox
Source: GitHub Advisory Database
Blast Radius: 39.0
Published: almost 5 years ago
Critical
Ecosystems: go
Packages: github.com/square/go-jose, gopkg.in/square/go-jose.v1
Source: GitHub Advisory Database
Blast Radius: 25.4
Published: almost 3 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTg2cjktMzlqOS05OXdw
Elliptic Curve Key Disclosure in go-joseEcosystems: go
Packages: github.com/square/go-jose, gopkg.in/square/go-jose.v1
Source: GitHub Advisory Database
Blast Radius: 25.4
Published: almost 3 years ago
Critical
Ecosystems: go
Packages: github.com/fluxcd/flux2, github.com/fluxcd/kustomize-controller
Source: GitHub Advisory Database
Blast Radius: 13.8
Published: about 2 years ago
GSA_kwCzR0hTQS1qNzdyLTJmeGYtNWpyd83fmw
Improper path handling in kustomization files allows path traversalEcosystems: go
Packages: github.com/fluxcd/flux2, github.com/fluxcd/kustomize-controller
Source: GitHub Advisory Database
Blast Radius: 13.8
Published: about 2 years ago
Critical
Ecosystems: npm
Packages: opencv
Source: GitHub Advisory Database
Blast Radius: 23.0
Published: over 2 years ago
GSA_kwCzR0hTQS1tYzd3LTRjamYtYzk3M80WSQ
OS Command Injection in node-opencvEcosystems: npm
Packages: opencv
Source: GitHub Advisory Database
Blast Radius: 23.0
Published: over 2 years ago
Critical
Ecosystems: packagist
Packages: phpmailer/phpmailer
Source: GitHub Advisory Database
Blast Radius: 42.0
Published: about 4 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTVmMzctZ3h2aC0yM3Y2
Remote code execution in PHPMailerEcosystems: packagist
Packages: phpmailer/phpmailer
Source: GitHub Advisory Database
Blast Radius: 42.0
Published: about 4 years ago
Critical
Ecosystems: maven
Packages: io.fabric8.pipeline:kubernetes-pipeline-steps
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
GSA_kwCzR0hTQS1jY3hoLWo3aGctbTVtcs4AAiIU
Incorrect Authorization in Jenkins Kubernetes :: Pipeline :: Kubernetes Steps PluginEcosystems: maven
Packages: io.fabric8.pipeline:kubernetes-pipeline-steps
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Critical
Ecosystems: nuget
Packages: Microsoft.ChakraCore
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
GSA_kwCzR0hTQS1mdzQyLTRtcTQtNHFwcc4AAQAj
ChakraCore RCE VulnerabilityEcosystems: nuget
Packages: Microsoft.ChakraCore
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Critical
Ecosystems: npm
Packages: vm2
Source: GitHub Advisory Database
Blast Radius: 46.2
Published: 10 months ago
GSA_kwCzR0hTQS1jY2hxLWZyZ3YtcmpoNc4AA0sM
vm2 Sandbox Escape vulnerabilityEcosystems: npm
Packages: vm2
Source: GitHub Advisory Database
Blast Radius: 46.2
Published: 10 months ago
Critical
Ecosystems: maven
Packages: org.jenkins-ci.plugins:nuget
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
GSA_kwCzR0hTQS1wNjc0LWhoOHgtcnY1aM4AAolV
XML external entity vulnerability in Jenkins Nuget PluginEcosystems: maven
Packages: org.jenkins-ci.plugins:nuget
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Critical
Ecosystems: pypi
Packages: mlflow
Source: GitHub Advisory Database
Blast Radius: 36.3
Published: 12 months ago
GSA_kwCzR0hTQS13anEzLTdqeHgtd2hqOc4AAzYV
mlflow Path Traversal vulnerabilityEcosystems: pypi
Packages: mlflow
Source: GitHub Advisory Database
Blast Radius: 36.3
Published: 12 months ago
Critical
Ecosystems: go
Packages: github.com/KubeOperator/kubepi
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 10 months ago
GSA_kwCzR0hTQS03NTdwLXZ4NDMtZnA5cs4AA01i
KubePi Privilege Escalation vulnerabilityEcosystems: go
Packages: github.com/KubeOperator/kubepi
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 10 months ago
Critical
Ecosystems: npm
Packages: flatmap-stream, event-stream
Source: GitHub Advisory Database
Blast Radius: 53.7
Published: over 5 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW1oNmYtOGoyeC00NDgz
Critical severity vulnerability that affects event-stream and flatmap-streamEcosystems: npm
Packages: flatmap-stream, event-stream
Source: GitHub Advisory Database
Blast Radius: 53.7
Published: over 5 years ago
Critical
Ecosystems: npm
Packages: eslint-scope, eslint-config-eslint
Source: GitHub Advisory Database
Blast Radius: 56.4
Published: almost 6 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWh4eGYtcTN3OS00eGd3
Malicious Package in eslint-scopeEcosystems: npm
Packages: eslint-scope, eslint-config-eslint
Source: GitHub Advisory Database
Blast Radius: 56.4
Published: almost 6 years ago
Critical
Ecosystems: npm
Packages: pandora-doomsday
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTQyOGYtbWg3dy02dzJ4
pandora-doomsday is malwareEcosystems: npm
Packages: pandora-doomsday
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Critical
Ecosystems: pypi
Packages: nvflare
Source: GitHub Advisory Database
Blast Radius: 16.0
Published: over 1 year ago
GSA_kwCzR0hTQS02cXY2LXE3N2ctN3FtNs4AAujz
NVFLARE unsafe deserialization due to PickleEcosystems: pypi
Packages: nvflare
Source: GitHub Advisory Database
Blast Radius: 16.0
Published: over 1 year ago
Critical
Ecosystems: npm
Packages: gulp-styledocco
Source: GitHub Advisory Database
Blast Radius: 14.5
Published: about 3 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWgzM3AtNWo5Ni13OHFo
OS Command Injection in gulkp-styledoccoEcosystems: npm
Packages: gulp-styledocco
Source: GitHub Advisory Database
Blast Radius: 14.5
Published: about 3 years ago
Critical
Ecosystems: maven
Packages: org.kie.server:kie-server-common
Source: GitHub Advisory Database
Blast Radius: 14.3
Published: almost 2 years ago
GSA_kwCzR0hTQS1wanczLWM3NGotbTlmas4AAgtD
Password in config file in KIE serverEcosystems: maven
Packages: org.kie.server:kie-server-common
Source: GitHub Advisory Database
Blast Radius: 14.3
Published: almost 2 years ago
Critical
Ecosystems: pypi
Packages: mlflow
Source: GitHub Advisory Database
Blast Radius: 33.7
Published: 6 months ago
GSA_kwCzR0hTQS00cXE1LW14eHgtbTZnZ84AA3Oh
MLflow authentication requirement bypass can allow a user to arbitrarily create an accountEcosystems: pypi
Packages: mlflow
Source: GitHub Advisory Database
Blast Radius: 33.7
Published: 6 months ago
Critical
Ecosystems: maven
Packages: org.folio:mod-data-export-spring
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 10 months ago
GSA_kwCzR0hTQS12Zjc4LTNxOWYtOTJnM84AA04H
Hard-coded System User Credentials in Folio Data Export Spring moduleEcosystems: maven
Packages: org.folio:mod-data-export-spring
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 10 months ago
Critical
Ecosystems: npm
Packages: deephas
Source: GitHub Advisory Database
Blast Radius: 20.5
Published: over 2 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTRmcjItajRnOS1tcHBm
Prototype Pollution in deephasEcosystems: npm
Packages: deephas
Source: GitHub Advisory Database
Blast Radius: 20.5
Published: over 2 years ago
Critical
Ecosystems: rubygems
Packages: omniauth
Source: GitHub Advisory Database
Blast Radius: 46.4
Published: over 1 year ago
GSA_kwCzR0hTQS1wbTU1LXFmeHItaDI0N84AAuFx
OmniAuth's `lib/omniauth/failure_endpoint.rb` does not escape `message_key` valueEcosystems: rubygems
Packages: omniauth
Source: GitHub Advisory Database
Blast Radius: 46.4
Published: over 1 year ago
Critical
Ecosystems: nuget
Packages: Microsoft.ChakraCore
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
GSA_kwCzR0hTQS1jNzl2LTJyanEtOTY1bc4AAR_K
ChakraCore vulnerable to privilege escalationEcosystems: nuget
Packages: Microsoft.ChakraCore
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Critical
Ecosystems: npm
Packages: logkitty
Source: GitHub Advisory Database
Blast Radius: 52.9
Published: almost 4 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXY4djgtNjg1OS1xeG00
Arbitrary shell command execution in logkittyEcosystems: npm
Packages: logkitty
Source: GitHub Advisory Database
Blast Radius: 52.9
Published: almost 4 years ago
Critical
Ecosystems: npm
Packages: ts-process-promises
Source: GitHub Advisory Database
Blast Radius: 6.8
Published: over 3 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXd3NGotYzJycS00N3E4
Command injection in ts-process-promisesEcosystems: npm
Packages: ts-process-promises
Source: GitHub Advisory Database
Blast Radius: 6.8
Published: over 3 years ago
Critical
Ecosystems: maven
Packages: net.mingsoft:ms-mcms
Source: GitHub Advisory Database
Blast Radius: 3.0
Published: over 1 year ago
GSA_kwCzR0hTQS1obWozLW1xZ3ctMmZxNs4AAuEC
Mingsoft MCMS SQL injection vulnerability in /mdiy/page/verify URI via fieldName parameterEcosystems: maven
Packages: net.mingsoft:ms-mcms
Source: GitHub Advisory Database
Blast Radius: 3.0
Published: over 1 year ago
Critical
Ecosystems: npm
Packages: nodebb
Source: GitHub Advisory Database
Blast Radius: 4.3
Published: over 2 years ago
GSA_kwCzR0hTQS13eDY5LXJ2ZzMteDdmY80YdQ
XSS via prototype pollution in NodeBBEcosystems: npm
Packages: nodebb
Source: GitHub Advisory Database
Blast Radius: 4.3
Published: over 2 years ago
Critical
Ecosystems: npm
Packages: git-it-electron
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
GSA_kwCzR0hTQS13anFjLWo1Mzctajlnas0Z-A
Command injection in git-it-electronEcosystems: npm
Packages: git-it-electron
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
Critical
Ecosystems: pypi
Packages: ray
Source: GitHub Advisory Database
Blast Radius: 33.1
Published: 6 months ago
GSA_kwCzR0hTQS0zcHd3LXF2cjgtNm1ocM4AA3N9
Ray Path Traversal vulnerabilityEcosystems: pypi
Packages: ray
Source: GitHub Advisory Database
Blast Radius: 33.1
Published: 6 months ago
Critical
Ecosystems: npm
Packages: pg
Source: GitHub Advisory Database
Blast Radius: 53.3
Published: almost 6 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXdjOXYtbWo2My1tOWc1
Remote Code Execution in pgEcosystems: npm
Packages: pg
Source: GitHub Advisory Database
Blast Radius: 53.3
Published: almost 6 years ago
Critical
Ecosystems: maven
Packages: org.apache.activemq:activemq-openwire-legacy, org.apache.activemq:activemq-client
Source: GitHub Advisory Database
Blast Radius: 38.1
Published: 7 months ago
GSA_kwCzR0hTQS1jcmc5LTQ0aDIteHczNc4AA2vl
Apache ActiveMQ is vulnerable to Remote Code ExecutionEcosystems: maven
Packages: org.apache.activemq:activemq-openwire-legacy, org.apache.activemq:activemq-client
Source: GitHub Advisory Database
Blast Radius: 38.1
Published: 7 months ago
Critical
Ecosystems: maven
Packages: org.keycloak:keycloak-core
Source: GitHub Advisory Database
Blast Radius: 27.9
Published: almost 2 years ago
GSA_kwCzR0hTQS1jZjhmLXcyYzUtcDVqcs4AAjM6
keycloak vulnerable to unauthorized login via mail server setupEcosystems: maven
Packages: org.keycloak:keycloak-core
Source: GitHub Advisory Database
Blast Radius: 27.9
Published: almost 2 years ago
Critical
Ecosystems: maven
Packages: org.apache.karaf.specs:org.apache.karaf.specs.java.xml
Source: GitHub Advisory Database
Blast Radius: 10.9
Published: over 5 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTkyd2oteDc4Yy1tNGZ4
XML External Entity Reference in Apache KarafEcosystems: maven
Packages: org.apache.karaf.specs:org.apache.karaf.specs.java.xml
Source: GitHub Advisory Database
Blast Radius: 10.9
Published: over 5 years ago
Critical
Ecosystems: nuget
Packages: Microsoft.ChakraCore
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
GSA_kwCzR0hTQS04djJoLTRqcG0tM3dmbc4AAabE
ChakraCore RCE VulnerabilityEcosystems: nuget
Packages: Microsoft.ChakraCore
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Critical
Ecosystems: pypi
Packages: mlflow
Source: GitHub Advisory Database
Blast Radius: 37.1
Published: 6 months ago
GSA_kwCzR0hTQS01cDNoLTdmd2gtOTJyY84AA3OR
Remote Code Execution due to Full Controled File Write in mlflowEcosystems: pypi
Packages: mlflow
Source: GitHub Advisory Database
Blast Radius: 37.1
Published: 6 months ago
Critical
Ecosystems: npm
Packages: memjs
Source: GitHub Advisory Database
Blast Radius: 25.9
Published: over 5 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWN4OG0tOHhteC1xOHYz
Denial of Service in memjsEcosystems: npm
Packages: memjs
Source: GitHub Advisory Database
Blast Radius: 25.9
Published: over 5 years ago
Critical
Ecosystems: nuget
Packages: Microsoft.ChakraCore
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
GSA_kwCzR0hTQS1naHdxLTd2M3ItNTQzM84AAbkw
ChakraCore RCE VulnerabilityEcosystems: nuget
Packages: Microsoft.ChakraCore
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Critical
Ecosystems: npm
Packages: bson
Source: GitHub Advisory Database
Blast Radius: 57.7
Published: about 3 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXY4dzktMjc4OS02aGhy
Deserialization of Untrusted Data in bsonEcosystems: npm
Packages: bson
Source: GitHub Advisory Database
Blast Radius: 57.7
Published: about 3 years ago
Critical
Ecosystems: maven
Packages: org.apache.struts:struts2-core
Source: GitHub Advisory Database
Blast Radius: 37.2
Published: about 2 years ago
GSA_kwCzR0hTQS12OGo2LTZjMnItcjI3Y807Ew
Expression Language Injection in Apache StrutsEcosystems: maven
Packages: org.apache.struts:struts2-core
Source: GitHub Advisory Database
Blast Radius: 37.2
Published: about 2 years ago
Critical
Ecosystems: maven
Packages: org.apache.myfaces.trinidad:trinidad
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
GSA_kwCzR0hTQS14N3JjLTRncXctM3E2cc4AAQY5
Apache MyFaces Trinidad Deserialization VulnerabilityEcosystems: maven
Packages: org.apache.myfaces.trinidad:trinidad
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Critical
Ecosystems: maven
Packages: org.apache.ambari:ambari
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
GSA_kwCzR0hTQS1qNzZxLTk5eDItdjd2cc4AAbxy
Apache Ambari Improper Access ControlEcosystems: maven
Packages: org.apache.ambari:ambari
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Critical
Ecosystems: npm
Packages: deferred-exec
Source: GitHub Advisory Database
Blast Radius: 8.3
Published: almost 2 years ago
GSA_kwCzR0hTQS01NHc0LTJmMnAtZjQ4aM4AAtpL
deferred-exec Command Injection vulnerabilityEcosystems: npm
Packages: deferred-exec
Source: GitHub Advisory Database
Blast Radius: 8.3
Published: almost 2 years ago
Critical
Ecosystems: npm
Packages: electron
Source: GitHub Advisory Database
Blast Radius: 48.7
Published: almost 6 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTR3ODgtcmpqMy14N3dw
Chromium Remote Code Execution in electronEcosystems: npm
Packages: electron
Source: GitHub Advisory Database
Blast Radius: 48.7
Published: almost 6 years ago
Critical
Ecosystems: npm
Packages: strapi
Source: GitHub Advisory Database
Blast Radius: 35.5
Published: about 3 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTdmcnYtOXBody12cnZy
Authorization bypass in StrapiEcosystems: npm
Packages: strapi
Source: GitHub Advisory Database
Blast Radius: 35.5
Published: about 3 years ago
Critical
Ecosystems: npm
Packages: total.js
Source: GitHub Advisory Database
Blast Radius: 20.3
Published: about 3 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTN3ajgtdnA5aC1ybTZt
total.js Remote Code Execution VulnerabilityEcosystems: npm
Packages: total.js
Source: GitHub Advisory Database
Blast Radius: 20.3
Published: about 3 years ago
Critical
Ecosystems: maven
Packages: com.hazelcast:hazelcast, com.hazelcast.jet:hazelcast-jet
Source: GitHub Advisory Database
Blast Radius: 40.2
Published: over 2 years ago
GSA_kwCzR0hTQS12NTd4LWd4ZmotNDg0cc0kcQ
Security Advisory for "Log4Shell"Ecosystems: maven
Packages: com.hazelcast:hazelcast, com.hazelcast.jet:hazelcast-jet
Source: GitHub Advisory Database
Blast Radius: 40.2
Published: over 2 years ago
Critical
Ecosystems: npm
Packages: install-package
Source: GitHub Advisory Database
Blast Radius: 8.3
Published: over 2 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZtNHItbTNnYy1oNHI1
OS Command Injection in install-packageEcosystems: npm
Packages: install-package
Source: GitHub Advisory Database
Blast Radius: 8.3
Published: over 2 years ago
Critical
Ecosystems: maven
Packages: com.fasterxml.jackson.core:jackson-databind
Source: GitHub Advisory Database
Blast Radius: 52.8
Published: over 4 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWdqbXctdmY5aC1nMjV2
jackson-databind polymorphic typing issueEcosystems: maven
Packages: com.fasterxml.jackson.core:jackson-databind
Source: GitHub Advisory Database
Blast Radius: 52.8
Published: over 4 years ago
Critical
Ecosystems: go
Packages: github.com/hashicorp/go-getter/gcs/v2, github.com/hashicorp/go-getter/s3/v2, github.com/hashicorp/go-getter/v2, github.com/hashicorp/go-getter
Source: GitHub Advisory Database
Blast Radius: 37.6
Published: almost 2 years ago
GSA_kwCzR0hTQS14MjRnLTl3N3YtdnByaM4AArN3
HashiCorp go-getter command injectionEcosystems: go
Packages: github.com/hashicorp/go-getter/gcs/v2, github.com/hashicorp/go-getter/s3/v2, github.com/hashicorp/go-getter/v2, github.com/hashicorp/go-getter
Source: GitHub Advisory Database
Blast Radius: 37.6
Published: almost 2 years ago
Critical
Ecosystems: maven
Packages: org.apache.hadoop:hadoop-common
Source: GitHub Advisory Database
Blast Radius: 42.6
Published: about 2 years ago
GSA_kwCzR0hTQS1neDJjLWZ2aGMtcGg0as05Xg
Path traversal in HadoopEcosystems: maven
Packages: org.apache.hadoop:hadoop-common
Source: GitHub Advisory Database
Blast Radius: 42.6
Published: about 2 years ago
Critical
Ecosystems: npm
Packages: eventsource
Source: GitHub Advisory Database
Blast Radius: 59.3
Published: about 2 years ago
GSA_kwCzR0hTQS02aDV4LTdjNW0tN2NyN83l_g
Exposure of Sensitive Information in eventsourceEcosystems: npm
Packages: eventsource
Source: GitHub Advisory Database
Blast Radius: 59.3
Published: about 2 years ago
Critical
Ecosystems: npm
Packages: egg-scripts
Source: GitHub Advisory Database
Blast Radius: 32.3
Published: over 5 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWM5ajMtd3FwaC01eHg5
Command Injection in egg-scriptsEcosystems: npm
Packages: egg-scripts
Source: GitHub Advisory Database
Blast Radius: 32.3
Published: over 5 years ago
Critical
Ecosystems: go
Packages: github.com/emicklei/go-restful/v2, github.com/emicklei/go-restful, github.com/emicklei/go-restful/v3
Source: GitHub Advisory Database
Blast Radius: 42.1
Published: almost 2 years ago
GSA_kwCzR0hTQS1yNDhxLTlnNXItOHEyaM4AArc1
Authorization Bypass Through User-Controlled Key in go-restfulEcosystems: go
Packages: github.com/emicklei/go-restful/v2, github.com/emicklei/go-restful, github.com/emicklei/go-restful/v3
Source: GitHub Advisory Database
Blast Radius: 42.1
Published: almost 2 years ago
Critical
Ecosystems: maven
Packages: org.jupiter-rpc:jupiter-rpc
Source: GitHub Advisory Database
Blast Radius: 4.7
Published: 6 months ago
GSA_kwCzR0hTQS02cHF4LXY5ZzQtNWhjOM4AA3fC
Jupiter allows attackers to execute arbitrary commands via sending a crafted RPC requestEcosystems: maven
Packages: org.jupiter-rpc:jupiter-rpc
Source: GitHub Advisory Database
Blast Radius: 4.7
Published: 6 months ago
Critical
Ecosystems: npm
Packages: next-auth
Source: GitHub Advisory Database
Blast Radius: 39.0
Published: almost 2 years ago
GSA_kwCzR0hTQS14djk3LWM2MnYtNDU4N84AAtxf
NextAuth.js before 4.10.3 and 3.29.10 sending verification requests (magic link) to unwanted emailsEcosystems: npm
Packages: next-auth
Source: GitHub Advisory Database
Blast Radius: 39.0
Published: almost 2 years ago
Critical
Ecosystems: npm
Packages: directus
Source: GitHub Advisory Database
Blast Radius: 20.2
Published: about 2 years ago
GSA_kwCzR0hTQS1nMjdqLTc0ZnAteGZwcs04jw
Insecure default value for CORS configurationEcosystems: npm
Packages: directus
Source: GitHub Advisory Database
Blast Radius: 20.2
Published: about 2 years ago
Critical
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-invitation-ui
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 9 months ago
GSA_kwCzR0hTQS03OTU0LTZtOXEtZ3B2Zs4AA1Yx
XWiki Platform privilege escalation (PR)/RCE from account through Invitation subject/messageEcosystems: maven
Packages: org.xwiki.platform:xwiki-platform-invitation-ui
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 9 months ago
Critical
Ecosystems: go
Packages: code.sajari.com/docconv, github.com/sajari/docconv
Source: GitHub Advisory Database
Blast Radius: 24.6
Published: over 1 year ago
GSA_kwCzR0hTQS02bTRoLWhmcHAteDhjeM4AAwgV
docconv OS Command Injection vulnerabilityEcosystems: go
Packages: code.sajari.com/docconv, github.com/sajari/docconv
Source: GitHub Advisory Database
Blast Radius: 24.6
Published: over 1 year ago
Critical
Ecosystems: pypi
Packages: nnabla
Source: GitHub Advisory Database
Blast Radius: 17.4
Published: about 2 years ago
GSA_kwCzR0hTQS00cTJ3LXJ3N20teHF3Ns3uzg
Sony Neural Network Libraries reliance on untrusted inputs prior to v1.0.10Ecosystems: pypi
Packages: nnabla
Source: GitHub Advisory Database
Blast Radius: 17.4
Published: about 2 years ago
Critical
Ecosystems: pypi
Packages: MISP-maltego
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
GSA_kwCzR0hTQS1majM1LW05NHItOWg0Y84AAktJ
Maltego incorrectly shares a MISP connection across users in a remote-transform use caseEcosystems: pypi
Packages: MISP-maltego
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Critical
Ecosystems: maven
Packages: io.dataease:dataease-plugin-common
Source: GitHub Advisory Database
Blast Radius: 3.0
Published: almost 2 years ago
GSA_kwCzR0hTQS12am1yLTZwbW0tcnByZs4AAtlq
Dataease v1.11.1 SQL Injection via parameter dataSourceIdEcosystems: maven
Packages: io.dataease:dataease-plugin-common
Source: GitHub Advisory Database
Blast Radius: 3.0
Published: almost 2 years ago
Critical
Ecosystems: npm
Packages: ffmpeg-sdk
Source: GitHub Advisory Database
Blast Radius: 3.0
Published: almost 2 years ago
GSA_kwCzR0hTQS1yd3ZmLWMzd20tcW02d84AAtpC
ffmpeg-sdk vulnerable to OS Command InjectionEcosystems: npm
Packages: ffmpeg-sdk
Source: GitHub Advisory Database
Blast Radius: 3.0
Published: almost 2 years ago
Critical
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-scheduler-api, com.xpn.xwiki.platform.plugins:xwiki-plugin-scheduler
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 9 months ago
GSA_kwCzR0hTQS04eGhyLXgzdjgtcmdoas4AA1eR
XWiki Platform's Groovy jobs check the wrong author, allowing remote code executionEcosystems: maven
Packages: org.xwiki.platform:xwiki-platform-scheduler-api, com.xpn.xwiki.platform.plugins:xwiki-plugin-scheduler
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 9 months ago
Critical
Ecosystems: maven
Packages: com.usthe.sureness:sureness-core
Source: GitHub Advisory Database
Blast Radius: 10.9
Published: 7 months ago
GSA_kwCzR0hTQS0zajJmLTU4cnEtZzZwN84AA2o5
Sureness uses hardcoded keyEcosystems: maven
Packages: com.usthe.sureness:sureness-core
Source: GitHub Advisory Database
Blast Radius: 10.9
Published: 7 months ago
Critical
Ecosystems: npm
Packages: set-deep-prop
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
GSA_kwCzR0hTQS12NDJxLTc4dzgtOGZjY84AAto7
set-deep-prop Prototype PollutionEcosystems: npm
Packages: set-deep-prop
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Critical
Ecosystems: npm
Packages: otp-generator
Source: GitHub Advisory Database
Blast Radius: 30.5
Published: almost 2 years ago
GSA_kwCzR0hTQS02eDkzLWg5ZzMtOXBocs4AAtpB
otp-generator before v3.0.0 insecurely generates random one-time passwordsEcosystems: npm
Packages: otp-generator
Source: GitHub Advisory Database
Blast Radius: 30.5
Published: almost 2 years ago
Critical
Ecosystems: pypi
Packages: torchserve
Source: GitHub Advisory Database
Blast Radius: 20.3
Published: 8 months ago
GSA_kwCzR0hTQS04ZnhyLXFmcjktcDM0d84AA2Lz
TorchServe Server-Side Request Forgery vulnerabilityEcosystems: pypi
Packages: torchserve
Source: GitHub Advisory Database
Blast Radius: 20.3
Published: 8 months ago
Critical
Ecosystems: maven
Packages: org.apache.inlong:manager-web, org.apache.inlong:manager-service, org.apache.inlong:manager-dao, org.apache.inlong:manager-pojo
Source: GitHub Advisory Database
Blast Radius: 15.1
Published: 10 months ago
GSA_kwCzR0hTQS1xNXA1LXhnOTMtMmpxY84AA0cp
Apache InLong Improper Privilege Management vulnerabilityEcosystems: maven
Packages: org.apache.inlong:manager-web, org.apache.inlong:manager-service, org.apache.inlong:manager-dao, org.apache.inlong:manager-pojo
Source: GitHub Advisory Database
Blast Radius: 15.1
Published: 10 months ago
Critical
Ecosystems: packagist
Packages: funadmin/funadmin
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 11 months ago
GSA_kwCzR0hTQS01bTNtLXE4Y3EtNzdnNM4AAz_c
fuadmin vulnerable to insecure file uploadEcosystems: packagist
Packages: funadmin/funadmin
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 11 months ago
Critical
Ecosystems: packagist
Packages: impresscms/impresscms
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
GSA_kwCzR0hTQS1tOHhoLWNxYzItNXE2Zs02eQ
Type Confusion in ImpressCMSEcosystems: packagist
Packages: impresscms/impresscms
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Critical
Ecosystems: maven
Packages: org.xwiki.contrib.changerequest:application-changerequest-ui
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 months ago
GSA_kwCzR0hTQS1mNzc2LXc5djItN3Zmas4AA2fh
XWiki Change Request Application UI XSS and remote code execution through change request titleEcosystems: maven
Packages: org.xwiki.contrib.changerequest:application-changerequest-ui
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 months ago
Critical
Ecosystems: pypi
Packages: python-libnmap
Source: GitHub Advisory Database
Blast Radius: 21.5
Published: about 2 years ago
GSA_kwCzR0hTQS1xd3F2LWo3anItNGhwNs3jww
Argument injection in python-libnmapEcosystems: pypi
Packages: python-libnmap
Source: GitHub Advisory Database
Blast Radius: 21.5
Published: about 2 years ago
Critical
Ecosystems: go
Packages: github.com/Masterminds/vcs
Source: GitHub Advisory Database
Blast Radius: 36.9
Published: about 2 years ago
GSA_kwCzR0hTQS02NjM1LWM2MjYtdmo0cs03og
Command Injection Vulnerability with Mercurial in VCSEcosystems: go
Packages: github.com/Masterminds/vcs
Source: GitHub Advisory Database
Blast Radius: 36.9
Published: about 2 years ago
Critical
Ecosystems: pypi
Packages: pwntools
Source: GitHub Advisory Database
Blast Radius: 23.0
Published: about 3 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTd4YzUtZ2dwcC1nMjQ5
pwntools Server-Side Template Injection (SSTI) vulnerabilityEcosystems: pypi
Packages: pwntools
Source: GitHub Advisory Database
Blast Radius: 23.0
Published: about 3 years ago
Critical
Ecosystems: pypi
Packages: localstack
Source: GitHub Advisory Database
Blast Radius: 18.9
Published: almost 3 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWhwcjYtZjR2cS1teGNo
Command injection in LocalStackEcosystems: pypi
Packages: localstack
Source: GitHub Advisory Database
Blast Radius: 18.9
Published: almost 3 years ago
Critical
Ecosystems: npm
Packages: simple-git
Source: GitHub Advisory Database
Blast Radius: 48.7
Published: over 1 year ago
GSA_kwCzR0hTQS05dzVqLTRtd3YtMndqOM4AAxNC
Remote code execution in simple-gitEcosystems: npm
Packages: simple-git
Source: GitHub Advisory Database
Blast Radius: 48.7
Published: over 1 year ago
Critical
Ecosystems: maven
Packages: it.geosolutions.jaiext.jiffle:jt-jiffle-language, it.geosolutions.jaiext.jiffle:jt-jiffle
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 8 months ago
GSA_kwCzR0hTQS12OTJmLWp4NnAtNzNyeM4AA18p
Improper Control of Generation of Code ('Code Injection') in jai-extEcosystems: maven
Packages: it.geosolutions.jaiext.jiffle:jt-jiffle-language, it.geosolutions.jaiext.jiffle:jt-jiffle
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 8 months ago
Critical
Ecosystems: cargo
Packages: deno
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
GSA_kwCzR0hTQS04MzhoLWpxcDYtY2YyZs02gA
Sandbox bypass leading to arbitrary code execution in DenoEcosystems: cargo
Packages: deno
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Critical
Ecosystems: rubygems
Packages: omniauth-weibo-oauth2
Source: GitHub Advisory Database
Blast Radius: 24.6
Published: almost 2 years ago
GSA_kwCzR0hTQS12cjIyLTQzZ2otcngzZs4AAjgN
omniauth-weibo-oauth2 included a code-execution backdoor inserted by a third partyEcosystems: rubygems
Packages: omniauth-weibo-oauth2
Source: GitHub Advisory Database
Blast Radius: 24.6
Published: almost 2 years ago
Critical
Ecosystems: nuget
Packages: CefSharp.Common.NETCore, CefSharp.Common
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 8 months ago
GSA_kwCzR0hTQS1qNjQ2LWdqNXAtcDQ1Z84AA1_1
CefSharp affected by heap buffer overflow in WebPEcosystems: nuget
Packages: CefSharp.Common.NETCore, CefSharp.Common
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 8 months ago
Statistics
Advisories: 18,618
Packages: 8,351
Repositories: 1,300
Ecosystems: 12
Packages: 8,351
Repositories: 1,300
Ecosystems: 12
Filter by Severity
Filter by Ecosystem
Filter by Package
magento/community-edition
27
com.fasterxml.jackson.core:jackson-databind
24
dolibarr/dolibarr
23
net.mingsoft:ms-mcms
18
org.jenkins-ci.main:jenkins-core
18
salt
17
moodle/moodle
15
topthink/framework
13
com.liferay.portal:release.portal.bom
13
mlflow
12
langchain
12
org.apache.dubbo:dubbo
12
com.liferay.portal:release.dxp.bom
12
drupal/core
12
magento/core
11
org.apache.struts:struts2-core
11
apache-airflow
10
vm2
10
phpmyadmin/phpmyadmin
9
funadmin/funadmin
9
org.xwiki.platform:xwiki-platform-oldcore
9
tensorflow
9
froxlor/froxlor
8
paddlepaddle
8
org.xwiki.platform:xwiki-platform-web-templates
8
tensorflow-gpu
8
tensorflow-cpu
8
shopware/platform
8
org.jeecgframework.boot:jeecg-boot-common
8
drupal/drupal
8
rdiffweb
8
gogs.io/gogs
7
rusqlite
7
ansible
7
org.xwiki.platform:xwiki-platform-administration-ui
7
sequelize
7
symfony/symfony
7
studio-42/elfinder
7
parse-server
6
github.com/answerdev/answer
6
thorsten/phpmyfaq
6
aaptjs
6
github.com/argoproj/argo-cd
6
ezsystems/ezpublish-kernel
6
centreon/centreon
5
nodebb
5
org.apache.shiro:shiro-core
5
ckb
5
org.apache.activemq:activemq-client
5
zendframework/zendframework
5
Pillow
5
mercurial
5
Microsoft.ChakraCore
5
org.jeecgframework.boot:jeecg-boot-parent
5
steal
5
org.apache.inlong:manager-pojo
5
prestashop/prestashop
5
shopware/core
5
org.xwiki.commons:xwiki-commons-xml
5
org.jenkins-ci.plugins:script-security
5
mautic/core
5
safe-eval
5
django
5
org.xwiki.platform:xwiki-platform-web
5
contao/contao
4
openssl-src
4
net.opentsdb:opentsdb
4
contao/core-bundle
4
org.apache.tapestry:tapestry-core
4
org.xwiki.platform:xwiki-platform-flamingo-skin-resources
4
spree_auth_devise
4
org.cloudfoundry.identity:cloudfoundry-identity-server
4
Django
4
safer-eval
4
org.eclipse.jetty:jetty-server
4
org.apache.tomcat.embed:tomcat-embed-core
4
apache-airflow-providers-apache-hive
4
org.apache.inlong:manager-service
4
org.apache.openmeetings:openmeetings-parent
4
librenms/librenms
4
hermes-engine
4
github.com/argoproj/argo-cd/v2
4
github.com/hashicorp/vault
4
github.com/grafana/grafana
4
org.jeecgframework.boot:jeecg-boot-base-core
4
calibreweb
4
feehi/cms
4
smallvec
4
code.gitea.io/gitea
4
org.xwiki.platform:xwiki-platform-appwithinminutes-ui
4
realms-shim
4
nukeviet/nukeviet
4
PaddlePaddle
4
baserproject/basercms
4
nilsteampassnet/teampass
4
swagger-ui
4
org.apache.kylin:kylin-server-base
4
pyload-ng
4
messagepack-rs
4
github.com/usememos/memos
4
org.apache.dolphinscheduler:dolphinscheduler
3
nvflare
3
@openzeppelin/contracts-upgradeable
3
craftcms/cms
3
org.apache.ignite:ignite-core
3
org.jenkins-ci.plugins.workflow:workflow-cps
3
mongoose
3
org.apache.inlong:manager-web
3
org.zenframework.z8.dependencies.commons:log4j-1.2.17
3
org.apache.solr:solr-parent
3
org.springframework.security:spring-security-core
3
log4j:log4j
3
cobbler
3
strapi
3
showdoc/showdoc
3
ibexa/core
3
com.jflyfox:jflyfox_jfinal
3
rubygems-update
3
slpjs
3
phpmailer/phpmailer
3
org.apache.linkis:linkis
3
elefant/cms
3
dompdf/dompdf
3
id-map
3
edu.stanford.nlp:stanford-corenlp
3
browserify-shim
3
org.apache.hadoop:hadoop-common
3
github.com/hashicorp/nomad
3
typo3/cms
3
org.keycloak:keycloak-core
3
org.apache.storm:storm
3
ezsystems/ezplatform-kernel
3
org.jenkins-ci.plugins:active-directory
3
zendframework/zendframework1
3
github.com/rancher/rancher
3
org.xwiki.platform:xwiki-platform-icon-ui
3
github.com/dexidp/dex
3
francoisjacquet/rosariosis
3
handlebars
3
impresscms/impresscms
3
github.com/pterodactyl/wings
3
adodb/adodb-php
3
com.alibaba:dubbo
3
org.apache.ozone:ozone-main
3
symfony/security-core
3
codiad/codiad
3
symfony/security
3
io.undertow:undertow-core
3
simplesamlphp/simplesamlphp
3
org.apache.jmeter:ApacheJMeter
3
github.com/go-gitea/gitea
3
tribalsystems/zenario
3
pimcore/pimcore
3
smarty/smarty
3
io.dataease:dataease-plugin-common
3
org.apache.any23:apache-any23
3
modoboa
3
feathers-sequelize
3
nokogiri
3
org.xwiki.platform:xwiki-platform-search-ui
3
org.richfaces:richfaces-core
3
org.apache.solr:solr-core
3
xcb
3
jsrsasign
3
ray
3
codeigniter4/framework
3
publify_core
3
facade/ignition
3
codeigniter/framework
3
lmdb
3
slp-validate
3
org.jeecgframework.boot:jeecg-boot-base
3
com.hazelcast:hazelcast
3
org.xwiki.platform:xwiki-platform-panels-ui
3
org.xwiki.platform:xwiki-platform-flamingo-theme-ui
3
actix-web
3
org.apache.logging.log4j:log4j-core
3
ro.pippo:pippo-core
3
cockpit-hq/cockpit
2
reportlab
2
pidusage
2
org.springframework.amqp:spring-amqp
2
io.vertx:vertx-web
2
com.jfinal:jfinal
2
dns-sync
2
silverstripe/framework
2
typo3/phar-stream-wrapper
2
Radicale
2
github.com/sap/cloud-security-client-go
2
puma
2
ses
2
org.apache.pulsar:pulsar
2
vyper
2
org.apache.commons:commons-configuration2
2
pandasai
2
zendframework/zend-db
2
stack_dst
2
org.apache.cassandra:cassandra-all
2
net.bull.javamelody:javamelody-core
2
pyyaml
2
Filter by Repository
https://github.com/xwiki/xwiki-platform
81
https://github.com/FasterXML/jackson-databind
24
https://github.com/jenkinsci/jenkins
17
https://github.com/Dolibarr/dolibarr
15
https://github.com/saltstack/salt
14
https://github.com/apache/airflow
14
https://github.com/mlflow/mlflow
11
https://github.com/PaddlePaddle/Paddle
11
https://github.com/ming-soft/MCMS
10
https://github.com/patriksimek/vm2
10
https://github.com/funadmin/funadmin
9
https://github.com/jeecgboot/jeecg-boot
9
https://github.com/tensorflow/tensorflow
9
https://github.com/top-think/framework
9
https://github.com/django/django
9
https://github.com/langchain-ai/langchain
8
https://github.com/magento/magento2
8
https://github.com/ikus060/rdiffweb
8
https://github.com/apache/inlong
8
https://github.com/gogs/gogs
7
https://github.com/python-pillow/Pillow
7
https://github.com/Studio-42/elFinder
7
https://github.com/go-gitea/gitea
7
https://github.com/sequelize/sequelize
7
https://github.com/argoproj/argo-cd
7
https://github.com/rusqlite/rusqlite
7
https://github.com/ansible/ansible
7
https://github.com/apache/struts
7
https://github.com/answerdev/answer
6
https://github.com/parse-community/parse-server
6
https://github.com/symfony/symfony
6
https://github.com/shopware/platform
6
https://github.com/thorsten/phpmyfaq
6
https://github.com/xwiki/xwiki-commons
6
https://github.com/shenzhim/aaptjs
6
https://github.com/froxlor/froxlor
5
https://github.com/apache/tomcat
5
https://github.com/nervosnetwork/ckb
5
https://github.com/keycloak/keycloak
5
https://github.com/stealjs/steal
5
https://github.com/PrestaShop/PrestaShop
5
https://github.com/apache/activemq
5
https://github.com/solidusio/solidus_auth_devise
5
https://github.com/hacksparrow/safe-eval
5
https://github.com/moodle/moodle
5
https://github.com/NodeBB/NodeBB
5
https://github.com/spring-projects/spring-framework
4
https://github.com/janeczku/calibre-web
4
https://github.com/liufee/cms
4
https://github.com/OpenTSDB/opentsdb
4
https://github.com/swagger-api/swagger-ui
4
https://github.com/cloudfoundry/uaa
4
https://github.com/otake84/messagepack-rs
4
https://github.com/hwchase17/langchain
4
https://github.com/grafana/grafana
4
https://github.com/contao/contao
4
https://github.com/dompdf/dompdf
4
https://github.com/pippo-java/pippo
4
https://github.com/dromara/hutool
4
https://github.com/pyload/pyload
4
https://github.com/CVEProject/cvelist
4
https://github.com/usememos/memos
4
https://github.com/servo/rust-smallvec
4
https://github.com/ezsystems/ezpublish-kernel
4
https://github.com/star7th/showdoc
3
https://github.com/cobbler/cobbler
3
https://github.com/facebook/hermes
3
https://github.com/feathersjs-ecosystem/feathers-sequelize
3
https://github.com/opencast/opencast
3
https://github.com/centreon/centreon-archived
3
https://github.com/shopware/shopware
3
https://github.com/thlorenz/browserify-shim
3
https://github.com/pimcore/pimcore
3
https://github.com/ImpressCMS/impresscms
3
https://github.com/rancher/rancher
3
https://github.com/facade/ignition
3
https://github.com/pterodactyl/wings
3
https://github.com/PHPMailer/PHPMailer
3
https://github.com/publify/publify
3
https://github.com/modoboa/modoboa
3
https://github.com/nukeviet/nukeviet
3
https://github.com/github/securitylab
3
https://github.com/ezsystems/ezplatform-kernel
3
https://github.com/neorazorx/facturascripts
3
https://github.com/jflyfox/jfinal_cms
3
https://github.com/simpleledger/slpjs
3
https://github.com/phpmyadmin/phpmyadmin
3
https://github.com/chakra-core/ChakraCore
3
https://github.com/dataease/dataease
3
https://github.com/crewjam/saml
3
https://github.com/NVIDIA/NVFlare
3
https://github.com/rubygems/rubygems.org
3
https://github.com/ADOdb/ADOdb
3
https://github.com/ibexa/core
3
https://github.com/andrewhickman/id-map
3
https://github.com/apache/camel
3
https://github.com/rubygems/rubygems
3
https://github.com/twisted/twisted
3
https://github.com/actix/actix-web
3
https://github.com/smarty-php/smarty
3
https://github.com/dwisiswant0/advisory
3
https://github.com/run-llama/llama_index
3
https://github.com/jbroadway/elefant
3
https://github.com/strapi/strapi
3
https://github.com/octobercms/october
3
https://github.com/denoland/deno
3
https://github.com/mautic/mautic
3
https://github.com/TeamSeri0us/pocs
3
https://github.com/hazelcast/hazelcast
3
https://github.com/LetianYuan/My-CVE-Public-References
3
https://github.com/dexidp/dex
3
https://github.com/kjur/jsrsasign
3
https://github.com/baserproject/basercms
3
https://github.com/apache/shiro
3
https://github.com/craftcms/cms
3
https://github.com/mbechler/marshalsec
3
https://github.com/sjep/array
2
https://github.com/jmrozanec/cron-utils
2
https://github.com/jfinal/jfinal
2
https://github.com/pytorch/serve
2
https://github.com/OpenAPITools/openapi-generator
2
https://github.com/simpleledger/slp-validate.js
2
https://github.com/top-think/thinkphp
2
https://github.com/SAP/cloud-pysec
2
https://github.com/apache/kylin
2
https://github.com/TribalSystems/Zenario
2
https://github.com/totaljs/framework
2
https://github.com/stanfordnlp/corenlp
2
https://github.com/HtmlUnit/htmlunit
2
https://github.com/ahdinosaur/set-in
2
https://github.com/kubernetes/kubernetes
2
https://github.com/Microsoft/ChakraCore
2
https://github.com/MrSwitch/hello.js
2
https://github.com/ibexa/admin-ui
2
https://github.com/evmos/evmos
2
https://github.com/beego/beego
2
https://github.com/dominictarr/libnested
2
https://github.com/fluxcd/flux2
2
https://github.com/moby/buildkit
2
https://github.com/unshiftio/url-parse
2
https://github.com/sidorares/node-mysql2
2
https://github.com/noear/solon
2
https://github.com/h2database/h2database
2
https://github.com/netvl/acc_reader
2
https://github.com/rubyzip/rubyzip
2
https://github.com/russellhaering/gosaml2
2
https://github.com/jenkinsci/semantic-versioning-plugin
2
https://github.com/rest-client/rest-client
2
https://github.com/hashicorp/go-getter
2
https://github.com/qcubed/qcubed
2
https://github.com/nats-io/jwt
2
https://github.com/getgrav/grav
2
https://github.com/rochacbruno/quokka
2
https://github.com/graphite-project/graphite-web
2
https://github.com/rails/rails
2
https://github.com/uasoft-indonesia/badaso
2
https://github.com/apache/flume
2
https://github.com/Froxlor/Froxlor
2
https://github.com/TogaTech/tEnvoy
2
https://github.com/PowerJob/PowerJob
2
https://github.com/Gerapy/Gerapy
2
https://github.com/rust-random/rand
2
https://github.com/hashicorp/nomad
2
https://github.com/vert-x3/vertx-web
2
https://github.com/apache/karaf
2
https://github.com/simplesamlphp/simplesamlphp
2
https://github.com/nilsteampassnet/teampass
2
https://github.com/sparklemotion/nokogiri
2
https://github.com/laurent22/joplin
2
https://gitlab.com/francoisjacquet/rosariosis
2
https://github.com/dominictarr/event-stream
2
https://github.com/KnpLabs/snappy
2
https://github.com/apache/incubator-streampark
2
https://github.com/SAP/cloud-security-services-integration-library
2
https://github.com/skoranga/node-dns-sync
2
https://github.com/SAP/cloud-security-client-go
2
https://github.com/dfinity/agent-js
2
https://github.com/jaw187/node-traceroute
2
https://github.com/WWBN/AVideo
2
https://github.com/markevans/dragonfly
2
https://github.com/soketi/soketi
2
https://github.com/nilsteampassnet/TeamPass
2
https://github.com/line/armeria
2
https://github.com/gofiber/fiber
2
https://github.com/OpenZeppelin/openzeppelin-contracts-upgradeable
2
https://github.com/benbusby/whoogle-search
2
https://github.com/google/flatbuffers
2
https://github.com/gventuri/pandas-ai
2
https://github.com/nodejs/llhttp
2
https://github.com/zoujingli/ThinkAdmin
2
https://github.com/Automattic/mongoose
2
https://github.com/handlebars-lang/handlebars.js
2
https://github.com/hashicorp/vault
2
https://github.com/ionicabizau/parse-url
2
https://github.com/keystonejs/keystone
2
https://github.com/cockpit-hq/cockpit
2
https://github.com/neo4j-contrib/neo4j-apoc-procedures
2
https://github.com/http4s/http4s
2
https://github.com/OpenZeppelin/openzeppelin-contracts
2