Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

High Security Advisories

Loading...
High
GSA_kwCzR0hTQS1tODdmLTlmdnYtMm1nZ80VuA
Deserialization of Untrusted Data in parlai
Ecosystems: pypi
Packages: parlai
Source: GitHub Advisory Database
Blast Radius: 11.6
Published: over 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTdyNWYtN3FyNC1wZjZx
Sandbox Breakout / Arbitrary Code Execution in notevil
Ecosystems: npm
Packages: notevil
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
High
GSA_kwCzR0hTQS1wNXc4LXdxaGotOWhoZs0VtQ
StripComments filter contains a regular expression that is vulnerable to ReDOS (Regular Expression Denial of Service)
Ecosystems: pypi
Packages: sqlparse
Source: GitHub Advisory Database
Blast Radius: 39.8
Published: over 2 years ago
High
GSA_kwCzR0hTQS1oaG1mLTdyZ2ctZ2N3Nc4AAjY6
Plone SQL Injection Vulnerability
Ecosystems: pypi
Packages: Plone
Source: GitHub Advisory Database
Blast Radius: 7.4
Published: almost 2 years ago
High
GSA_kwCzR0hTQS01d2pmLTYyaHctcTc4cs0VsQ
Excessive CPU usage
Ecosystems: go
Packages: github.com/pomerium/pomerium
Source: GitHub Advisory Database
Blast Radius: 5.2
Published: over 2 years ago
High
GSA_kwCzR0hTQS03ZnZqLWczd3AtMjlnOM4AAvcv
Jenkins Compuware Topaz for Total Test Plugin vulnerable to Protection Mechanism Failure
Ecosystems: maven
Packages: com.compuware.jenkins:compuware-topaz-for-total-test
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
High
GSA_kwCzR0hTQS0yajU4LXB3d3YteDY2Ns0VrA
Cross-Site Request Forgery in sqlite-web
Ecosystems: pypi
Packages: sqlite-web
Source: GitHub Advisory Database
Blast Radius: 11.9
Published: over 2 years ago
High
GSA_kwCzR0hTQS14cHd3LWc5angtaHA4cs4AArs4
Miscomputed sha2 results when using AVX2 backend
Ecosystems: cargo
Packages: sha2
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
High
GSA_kwCzR0hTQS02MjRmLWNxdnItM3F3NM0VqQ
URL Redirection to Untrusted Site ('Open Redirect') in Flask-AppBuilder
Ecosystems: pypi
Packages: Flask-AppBuilder
Source: GitHub Advisory Database
Blast Radius: 19.9
Published: over 2 years ago
High
GSA_kwCzR0hTQS1wOGY3LTIyZ3EtbTdqOc4AAvXo
Phoenix before 1.6.14 mishandles check_origin wildcarding
Ecosystems: hex
Packages: phoenix
Source: GitHub Advisory Database
Blast Radius: 32.5
Published: over 1 year ago
High
GSA_kwCzR0hTQS1jY3c4LTc2ODgtdnF4NM0Vpw
HashiCorp Consul Privilege Escalation Vulnerability
Ecosystems: go
Packages: github.com/hashicorp/consul
Source: GitHub Advisory Database
Blast Radius: 30.6
Published: over 2 years ago
High
GSA_kwCzR0hTQS1mM2poLXF2bTQtbWczOc4AA6FU
Erroneous authentication pass in Spring Security
Ecosystems: maven
Packages: org.springframework.security:spring-security-core
Source: GitHub Advisory Database
Blast Radius: 38.1
Published: 2 months ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZ4NDgtajR4NC1jcXcz
Path Traversal in Hadoop
Ecosystems: maven
Packages: org.apache.hadoop:hadoop-main
Source: GitHub Advisory Database
Blast Radius: 7.9
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJtOTYtOXc0ai13Z3Y3
Prototype Pollution in lodash.merge
Ecosystems: npm
Packages: lodash.merge
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
High
GSA_kwCzR0hTQS04eGpwLXJwMjktdjVqOM0igw
Agent-to-controller security bypass in Jenkins Debian Package Builder Plugin
Ecosystems: maven
Packages: ru.yandex.jenkins.plugins.debuilder:debian-package-builder
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTNqcTgtamc3NS1ycXY2
Cleartext Transmission of Sensitive Information in Apache nifi
Ecosystems: maven
Packages: org.apache.nifi:nifi
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 5 years ago
High
GSA_kwCzR0hTQS14Zzc1LXEzcTUtY3Ftds0_qA
Denial of Service in http-swagger
Ecosystems: go
Packages: github.com/swaggo/http-swagger
Source: GitHub Advisory Database
Blast Radius: 22.3
Published: about 2 years ago
High
GSA_kwCzR0hTQS14cXA4LXc4MjYtaGg2eM0Vig
Parse Server crashes with query parameter
Ecosystems: npm
Packages: parse-server
Source: GitHub Advisory Database
Blast Radius: 23.1
Published: over 2 years ago
High
GSA_kwCzR0hTQS12cDk4LXcycDMtbXYzNc4AAyBx
Apache Log4j 1.x (EOL) allows Denial of Service (DoS)
Ecosystems: maven
Packages: org.apache.logging.log4j:log4j-core
Source: GitHub Advisory Database
Blast Radius: 36.9
Published: about 1 year ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTY1Mjgtd3ZmNi1mNnFn
Pycrypto generates weak key parameters
Ecosystems: pypi
Packages: pycrypto
Source: GitHub Advisory Database
Blast Radius: 33.6
Published: almost 6 years ago
High
GSA_kwCzR0hTQS1jMmpnLWh3MzgtanJxcc04JQ
Inconsistent Interpretation of HTTP Requests in twisted.web
Ecosystems: pypi
Packages: twisted
Source: GitHub Advisory Database
Blast Radius: 31.8
Published: about 2 years ago
High
GSA_kwCzR0hTQS03dnJtLTNqYzgtNXd3bc04Jg
Incorrect Comparison in Vyper
Ecosystems: pypi
Packages: vyper
Source: GitHub Advisory Database
Blast Radius: 17.8
Published: about 2 years ago
High
GSA_kwCzR0hTQS1yZjZxLXZ4NzktbWp4cs4AArMD
Undertow Uncontrolled Resource Consumption
Ecosystems: maven
Packages: io.undertow:undertow-core
Source: GitHub Advisory Database
Blast Radius: 27.9
Published: almost 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWdtdzYtOTRnZy0ycmMy
UNIX Symbolic Link (Symlink) Following in @npmcli/arborist
Ecosystems: npm
Packages: @npmcli/arborist
Source: GitHub Advisory Database
Blast Radius: 38.4
Published: over 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTNqbXctYzY5aC00MjZj
Cross-Site Request Forgery (CSRF) can run untrusted code on Rundeck server
Ecosystems: maven
Packages: org.rundeck:rundeck-core
Source: GitHub Advisory Database
Blast Radius: 11.5
Published: over 2 years ago
High
GSA_kwCzR0hTQS14ZzV2LTY5NmgtYzN2cs4AAXVN
Cloud Foundry UAA SessionID present in Audit Event Logs
Ecosystems: maven
Packages: org.cloudfoundry.identity:cloudfoundry-identity-server
Source: GitHub Advisory Database
Blast Radius: 10.3
Published: about 2 years ago
High
GSA_kwCzR0hTQS1xd21wLTJjZjItZzlnNs4AAwjr
pypa/wheel vulnerable to Regular Expression denial of service (ReDoS)
Ecosystems: pypi
Packages: wheel
Source: GitHub Advisory Database
Blast Radius: 36.6
Published: over 1 year ago
High
GSA_kwCzR0hTQS04dzd3LTY3bXctcjVwN84AAvLq
generator-jhipster vulnerable to login check Regular Expression Denial of Service
Ecosystems: npm
Packages: generator-jhipster
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWc4dnAtNmh2NC1tNjdj
Command Injection in entitlements
Ecosystems: npm
Packages: entitlements
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
High
GSA_kwCzR0hTQS02cTRtLTc0NzYtOTMyd84AAyEx
github-slug-action vulnerable to arbitrary code execution
Ecosystems: actions
Packages: rlespinasse/github-slug-action
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTVwaDYtcXE1eC03andj
ExternalName Services can be used to gain access to Envoy's admin interface
Ecosystems: go
Packages: github.com/projectcontour/contour
Source: GitHub Advisory Database
Blast Radius: 15.5
Published: over 2 years ago
High
GSA_kwCzR0hTQS1jcDk2LWpwbXEteHJyMs4AAyJ3
On a compromised node, the virt-handler service account can be used to modify all node specs
Ecosystems: go
Packages: kubevirt.io/kubevirt
Source: GitHub Advisory Database
Blast Radius: 13.4
Published: about 1 year ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXY4OXAtNWhyMi00cmg0
Out-of-bounds write
Ecosystems: nuget
Packages: Microsoft.ChakraCore
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 3 years ago
High
GSA_kwCzR0hTQS1nODZqLWh3ZzktNzdxNc4AAwnd
SentinelOne impersonated via PyPI packages
Ecosystems: pypi
Packages: Sentinelone, SentineloneSDK, sentinelone-sdk, SentinelOne
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
High
GSA_kwCzR0hTQS1wZ2pjLWdjN2ctcDJjNs3uCg
Cloud Foundry UAA Privilege Escalation
Ecosystems: maven
Packages: org.cloudfoundry.identity:cloudfoundry-identity-server
Source: GitHub Advisory Database
Blast Radius: 10.3
Published: about 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWhxeHctbW00NC1nYzRy
Istio Fragments in Path May Lead to Authorization Policy Bypass
Ecosystems: go
Packages: istio.io/istio
Source: GitHub Advisory Database
Blast Radius: 17.6
Published: over 2 years ago
High
GSA_kwCzR0hTQS13cjNjLWczMjYtNDg2Y84AAw0t
GitOps Run allows for Kubernetes workload injection
Ecosystems: go
Packages: github.com/weaveworks/weave-gitops
Source: GitHub Advisory Database
Blast Radius: 2.7
Published: over 1 year ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXhqNnItMmpwbS1xdnhw
Code injection issue for java-spring-cloud-stream-template
Ecosystems: npm
Packages: @asyncapi/java-spring-cloud-stream-template
Source: GitHub Advisory Database
Blast Radius: 2.6
Published: over 2 years ago
High
GSA_kwCzR0hTQS0yYzY1LXJxNjItZnFocc4AAgdB
Path traversal in Gitblit
Ecosystems: maven
Packages: com.gitblit:gitblit
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
High
GSA_kwCzR0hTQS01OTY0LXBxOHItNHE2Ms4AAfIB
CakePHPallows remote attackers to read arbitrary files via XML data containing external entity references
Ecosystems: packagist
Packages: cakephp/cakephp
Source: GitHub Advisory Database
Blast Radius: 28.1
Published: about 2 years ago
High
GSA_kwCzR0hTQS05cjNoLXdtM3gtdjI0Nc4AAlOm
RCE vulnerability in ElasticBox Jenkins Kubernetes CI/CD Plugin
Ecosystems: maven
Packages: com.elasticbox.jenkins-ci.plugins:kubernetes-ci
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1qcTU3LTN3N3Atdnd2ds4AA5qh
Docassemble unauthorized access through URL manipulation
Ecosystems: pypi
Packages: docassemble.base, docassemble.webapp
Source: GitHub Advisory Database
Blast Radius: 7.5
Published: 3 months ago
High
GSA_kwCzR0hTQS02MzR4LXBjM3EtY2Y0Y84AArNC
PHP Code Injection by malicious block or filename in Smarty
Ecosystems: packagist
Packages: smarty/smarty
Source: GitHub Advisory Database
Blast Radius: 29.7
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1yd3J4LXgyaHctOWg1d84AAyMH
Apache Sling Resource Merger has Excessive Iteration vulnerability
Ecosystems: maven
Packages: org.apache.sling:org.apache.sling.resourcemerger
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: about 1 year ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXY3NjgtdzdtOS0ydm1t
Reference binding to nullptr in shape inference
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 38.0
Published: over 2 years ago
High
GSA_kwCzR0hTQS0zdzRoLXIyN2gtNHIyd84AAqx4
TYPO3 Image Processing susceptible to Code Execution
Ecosystems: packagist
Packages: typo3/cms, typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 26.9
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1ybTM2LTk0ZzgtODM1cs3k_w
Race Condition in Grunt
Ecosystems: npm
Packages: grunt
Source: GitHub Advisory Database
Blast Radius: 41.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS1nNm1jLTg2NzktZ2h4Oc4AAjiP
ChakraCore RCE Vulnerability
Ecosystems: nuget
Packages: Microsoft.ChakraCore
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1mcGdmLXBqanYtMnFnbc4AAvIi
matrix-android-sdk2 vulnerable to Olm/Megolm protocol confusion
Ecosystems: maven
Packages: org.matrix.android:matrix-android-sdk2
Source: GitHub Advisory Database
Blast Radius: 6.0
Published: over 1 year ago
High
GSA_kwCzR0hTQS1wdm1nLXhnbXgtOW14aM3kBw
Improper Input Validation in k8s.io/ingress-nginx
Ecosystems: go
Packages: k8s.io/ingress-nginx
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS05cmhjLXZqanAtZ2Njd84AAl8n
Stored XSS vulnerability in Locked Files Report Plugin
Ecosystems: maven
Packages: org.jvnet.hudson.plugins:locked-files-report
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
High
GSA_kwCzR0hTQS02Y3I2LWZtdmMtdncycM4AAwoT
Noise vulnerable to denial of service
Ecosystems: go
Packages: github.com/flynn/noise
Source: GitHub Advisory Database
Blast Radius: 25.8
Published: over 1 year ago
High
GSA_kwCzR0hTQS12amo2LTVtOWYtd3Fqd84AArM8
NULL Pointer Dereference in HyperLedger Fabric
Ecosystems: go
Packages: github.com/hyperledger/fabric
Source: GitHub Advisory Database
Blast Radius: 19.5
Published: almost 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWY4aDQtN3JnaC1xMmdt
Segfault and heap buffer overflow in `{Experimental,}DatasetToTFRecord`
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 38.0
Published: over 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZndjgtcDN2ai1weHZy
Null pointer dereference in `UncompressElement`
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 37.5
Published: over 2 years ago
High
GSA_kwCzR0hTQS14aHc5LTR3cXEteDY3ds4AAvD_
rdiffweb vulnerable to potential DoS via memory consumption
Ecosystems: pypi
Packages: rdiffweb
Source: GitHub Advisory Database
Blast Radius: 3.6
Published: over 1 year ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWZjd2MtcDRmYy1jNWNj
Null pointer dereference in `MatrixDiagPartOp`
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 37.5
Published: over 2 years ago
High
GSA_kwCzR0hTQS02ajltLXJwN20tM2dmZ839Kg
SEOmatic plugin for Craft CMS SSTI Vulnerability
Ecosystems: packagist
Packages: nystudio107/craft-seomatic
Source: GitHub Advisory Database
Blast Radius: 15.3
Published: about 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWZjMzgtbXh3ci1wZmh4
Cross-Site Scripting via SVG media files
Ecosystems: packagist
Packages: shopware/platform, shopware/core
Source: GitHub Advisory Database
Blast Radius: 19.8
Published: over 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWdjdnYtZ3E5Mi14OTRy
Authenticated server-side request forgery in file upload via URL.
Ecosystems: packagist
Packages: shopware/core, shopware/platform
Source: GitHub Advisory Database
Blast Radius: 21.8
Published: over 2 years ago
High
GSA_kwCzR0hTQS1wNmZoLXhjNnItZzVod84AAvFp
Brokercap Bifrost subject to authentication bypass when using HTTP basic authentication
Ecosystems: go
Packages: github.com/brokercap/Bifrost
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
High
GSA_kwCzR0hTQS1tOTVoLXA0Z2ctd2Z3M84AA5Hc
Allegro AI ClearML path traversal vulnerability
Ecosystems: pypi
Packages: clearml
Source: GitHub Advisory Database
Blast Radius: 19.7
Published: 3 months ago
High
GSA_kwCzR0hTQS1oNHFnLXA3cjItY3BnM84AAvAC
Apache Batik vulnerable to Server-Side Request Forgery
Ecosystems: maven
Packages: org.apache.xmlgraphics:batik
Source: GitHub Advisory Database
Blast Radius: 5.8
Published: over 1 year ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTM0cDktZjRxMy1jNHI3
Improper Certificate Validation in openssl
Ecosystems: cargo
Packages: openssl
Source: GitHub Advisory Database
Blast Radius: 36.1
Published: over 2 years ago
High
GSA_kwCzR0hTQS1oZ3h3LTV4ZzMtNjlqeM4AA7Nw
@hono/node-server has Denial of Service risk when receiving Host header that cannot be parsed
Ecosystems: npm
Packages: @hono/node-server
Source: GitHub Advisory Database
Blast Radius: 11.5
Published: 29 days ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWh2ODctNDdoOS1qY3Zx
Uncontrolled recursion in rust-yaml
Ecosystems: cargo
Packages: yaml-rust
Source: GitHub Advisory Database
Blast Radius: 30.7
Published: over 2 years ago
High
GSA_kwCzR0hTQS13ZjdnLTdoNmgtNjc4ds4AAvAX
Keycloak SAML javascript protocol mapper: Uploading of scripts through admin console
Ecosystems: maven
Packages: org.keycloak:keycloak-parent
Source: GitHub Advisory Database
Blast Radius: 11.6
Published: over 1 year ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTlwOW0tOXh3dy1xamN4
Array size is not checked in sized-chunks
Ecosystems: cargo
Packages: sized-chunks
Source: GitHub Advisory Database
Blast Radius: 26.3
Published: over 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXhyN3ItODhxdi1xN2ht
Out of bounds write in serde_cbor
Ecosystems: cargo
Packages: serde_cbor
Source: GitHub Advisory Database
Blast Radius: 28.0
Published: over 2 years ago
High
GSA_kwCzR0hTQS1yOTN2LTlwNXEtdmhwZs4AAnEK
futures_task::waker may cause a use-after-free if used on a type that isn't 'static
Ecosystems: cargo
Packages: futures-task
Source: GitHub Advisory Database
Blast Radius: 36.4
Published: almost 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXE5NDgteDhyZi04ODht
os_str_bytes relies on undefined behavior of `char::from_u32_unchecked`
Ecosystems: cargo
Packages: os_str_bytes
Source: GitHub Advisory Database
Blast Radius: 32.4
Published: over 2 years ago
High
GSA_kwCzR0hTQS02Y2ptLTRweHctN3hwOc4AA7Lx
Sentry vulnerable to leaking superuser cleartext password in logs
Ecosystems: pypi
Packages: sentry
Source: GitHub Advisory Database
Blast Radius: 16.9
Published: 30 days ago
High
GSA_kwCzR0hTQS14eHA3LTQyM2YtaGNwNM4AAQAL
ChakraCore RCE Vulnerability
Ecosystems: nuget
Packages: Microsoft.ChakraCore
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS0zNzVnLTM5anEtdnE3bc4AA5Zw
Potential buffer overflow in CBOR2 decoder
Ecosystems: pypi
Packages: cbor2
Source: GitHub Advisory Database
Blast Radius: 21.9
Published: 3 months ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTY4Y20tbWd2Ny12ZzVj
Directory Traversal in utahcityfinder
Ecosystems: npm
Packages: utahcityfinder
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 6 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXdyNTUtbWY1Yy1oaHdt
Data races in late-static
Ecosystems: cargo
Packages: late-static
Source: GitHub Advisory Database
Blast Radius: 7.0
Published: over 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTM1MnAtcmh2cS03Zzc4
Null pointer deference in av-data
Ecosystems: cargo
Packages: av-data
Source: GitHub Advisory Database
Blast Radius: 10.1
Published: over 2 years ago
High
GSA_kwCzR0hTQS1qNjVmLW12Z3ctcHJwMs4AAXDX
Deserialization of Untrusted Data in Apache OpenJPA
Ecosystems: maven
Packages: org.apache.openjpa:openjpa
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS1xNmNxLW05Z20tNnEyZs4AAwlX
Slixmpp lacks SSL Certificate hostname validation in XMLStream
Ecosystems: pypi
Packages: slixmpp
Source: GitHub Advisory Database
Blast Radius: 21.6
Published: over 1 year ago
High
GSA_kwCzR0hTQS1wbWYzLWMzNm0tZzVjZs4AA6JC
Container escape at build time
Ecosystems: go
Packages: github.com/containers/buildah
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
High
GSA_kwCzR0hTQS1yODdyLTk4MnEtMmMzcc4AA01l
Pimcore vulnerable to Exposure of Sensitive Information to an Unauthorized Actor
Ecosystems: packagist
Packages: pimcore/pimcore
Source: GitHub Advisory Database
Blast Radius: 18.9
Published: 10 months ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTVxMnItOTJmOS00bTQ5
Improper verification of signature threshold in tough
Ecosystems: cargo
Packages: tough
Source: GitHub Advisory Database
Blast Radius: 14.7
Published: over 2 years ago
High
GSA_kwCzR0hTQS02NzczLXJmanYtYzU0d84AA18-
Dolibarr allows a remote privileged attacker to execute arbitrary code via a crafted command/script
Ecosystems: packagist
Packages: dolibarr/dolibarr
Source: GitHub Advisory Database
Blast Radius: 5.6
Published: 8 months ago
High
GSA_kwCzR0hTQS1wbWN2LW1nY2YtcnZ4Z84AArrB
Non-aligned u32 read in Chacha20 encryption and decryption
Ecosystems: cargo
Packages: crypto2
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
High
GSA_kwCzR0hTQS12cTRoLXhyd2MtbTYzOc4AAu0X
rdiffweb CSRF vulnerability in profile's SSH keys can lead to unauthorized access
Ecosystems: pypi
Packages: rdiffweb
Source: GitHub Advisory Database
Blast Radius: 4.2
Published: over 1 year ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWY5OTctOGd4Zy1yMzU0
Data races in lexer
Ecosystems: cargo
Packages: lexer
Source: GitHub Advisory Database
Blast Radius: 7.3
Published: over 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTg5MjgtMmZnbS02eDl4
HTTP Request Smuggling in actix-http
Ecosystems: cargo
Packages: actix-http
Source: GitHub Advisory Database
Blast Radius: 28.4
Published: over 2 years ago
High
GSA_kwCzR0hTQS03YzRoLXc3NjUtNnB3Z84AAW2I
OISF suricata-update unsafely deserializes YAML data
Ecosystems: pypi
Packages: suricata-update
Source: GitHub Advisory Database
Blast Radius: 4.7
Published: about 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXI2MjYtZmM2NC0zcTI4
Data race in abox
Ecosystems: cargo
Packages: abox
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXI4OGgtNjk4Ny1nNzlm
Data races on syncpool
Ecosystems: cargo
Packages: syncpool
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
High
GSA_kwCzR0hTQS1jeGNjLXE4MzktMmN3Oc4AArq9
columnar: `Read` on uninitialized buffer may cause UB (ColumnarReadExt::read_typed_vec())
Ecosystems: cargo
Packages: columnar
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWZjZjktM3F3My1neG1q
PyCA Cryptography vulnerable to GCM tag forgery
Ecosystems: pypi
Packages: cryptography
Source: GitHub Advisory Database
Blast Radius: 38.4
Published: almost 6 years ago
High
GSA_kwCzR0hTQS03cHdmLWpnMzQtaHh3cM4AAgbk
Improper path handling in Kustomization files allows for denial of service
Ecosystems: go
Packages: github.com/fluxcd/flux2, github.com/fluxcd/kustomize-controller
Source: GitHub Advisory Database
Blast Radius: 10.6
Published: almost 2 years ago
High
GSA_kwCzR0hTQS0yZmM5LXhwcDgtMmc5aM4AA5ef
`@backstage/backend-common` vulnerable to path traversal through symlinks
Ecosystems: npm
Packages: @backstage/backend-common
Source: GitHub Advisory Database
Blast Radius: 23.3
Published: 3 months ago
High
GSA_kwCzR0hTQS1xajY5LWM4OXYtandxMs4AArq0
Reading on uninitialized memory may cause UB ( `util::read_spv()` )
Ecosystems: cargo
Packages: ash
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1oZnhwLXA2OTUtNjI5eM4AArqu
abomonation transmutes &T to and from &[u8] without sufficient constraints
Ecosystems: cargo
Packages: abomonation
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
High
GSA_kwCzR0hTQS01NzhwLWZ4bW0tNjIyOc4AA5dr
Potentially untrusted input is rendered as HTML in final output
Ecosystems: pypi
Packages: mjml
Source: GitHub Advisory Database
Blast Radius: 3.9
Published: 3 months ago
High
GSA_kwCzR0hTQS1xajZyLWZocmMtamo1cs4AAvUB
Remote denial of service in Hyperledger Fabric Gateway
Ecosystems: go
Packages: github.com/hyperledger/fabric
Source: GitHub Advisory Database
Blast Radius: 18.2
Published: over 1 year ago
High
GSA_kwCzR0hTQS12NjQ2LXJ4NnctcjNxcc4AAQQX
Improper Access Control in Apache Tomcat
Ecosystems: maven
Packages: org.apache.tomcat:tomcat-catalina
Source: GitHub Advisory Database
Blast Radius: 30.3
Published: about 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTdmOTItcnI2dy1jcTY0
Storage corruption due to variables overwritten by re-entrancy locks
Ecosystems: pypi
Packages: vyper
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 3 years ago
Statistics
Advisories: 18,774
Packages: 8,381
Repositories: 2,465
Ecosystems: 12
Filter by Severity
Moderate 8,161 High 6,452 Critical 2,849 Low 1,017
Filter by Ecosystem
maven 1,876 npm 1,408 pypi 1,200 packagist 1,073 nuget 786 go 696 cargo 324 rubygems 284 swift 16 hex 9 actions 8 pub 4
Filter by Package
Microsoft.ChakraCore 234 tensorflow 107 tensorflow-cpu 95 tensorflow-gpu 93 magento/community-edition 59 org.jenkins-ci.main:jenkins-core 48 moodle/moodle 44 com.fasterxml.jackson.core:jackson-databind 43 org.apache.tomcat:tomcat 33 dolibarr/dolibarr 31 drupal/core 30 microweber/microweber 27 pimcore/pimcore 27 drupal/drupal 26 nokogiri 25 org.apache.struts:struts2-core 23 phpmyadmin/phpmyadmin 23 com.thoughtworks.xstream:xstream 22 opencv-contrib-python 22 opencv-python 22 typo3/cms 22 Pillow 21 com.jfinal:jfinal 21 ansible 20 salt 20 django 19 github.com/rancher/rancher 19 thorsten/phpmyfaq 19 typo3/cms-core 18 org.jenkins-ci.plugins:script-security 18 librenms/librenms 18 mlflow 18 Plone 17 openssl-src 17 pocketmine/pocketmine-mp 17 getgrav/grav 16 symfony/symfony 16 org.apache.tomcat.embed:tomcat-embed-core 16 apache-airflow 16 parse-server 15 rdiffweb 15 nilsteampassnet/teampass 15 Microsoft.AspNetCore.App.Runtime.win-x86 14 Microsoft.AspNetCore.App.Runtime.win-x64 14 github.com/hashicorp/consul 14 net.mingsoft:ms-mcms 14 vyper 14 centreon/centreon 14 Microsoft.AspNetCore.App.Runtime.win-arm 13 github.com/usememos/memos 13 rubygems-update 13 golang.org/x/net 13 Microsoft.AspNetCore.App.Runtime.osx-x64 12 Microsoft.AspNetCore.App.Runtime.linux-x64 12 Microsoft.AspNetCore.App.Runtime.linux-musl-x64 12 Microsoft.AspNetCore.App.Runtime.linux-arm 12 org.keycloak:keycloak-core 12 baserproject/basercms 12 Microsoft.AspNetCore.App.Runtime.linux-musl-arm64 12 org.apache.openmeetings:openmeetings-parent 12 electron 12 Microsoft.AspNetCore.App.Runtime.linux-arm64 12 activerecord 12 Microsoft.AspNetCore.App.Runtime.win-arm64 12 intelliants/subrion 11 github.com/argoproj/argo-cd 11 mautic/core 11 github.com/hashicorp/vault 11 github.com/nats-io/nats-server/v2 11 actionpack 11 org.keycloak:keycloak-parent 11 io.undertow:undertow-core 11 keystone 10 shopware/platform 10 org.springframework.security:spring-security-core 10 cobbler 10 Django 10 org.apache.nifi:nifi 10 org.xwiki.platform:xwiki-platform-oldcore 10 cockpit-hq/cockpit 10 froxlor/froxlor 10 openmage/magento-lts 10 github.com/hashicorp/nomad 10 matrix-synapse 10 org.bouncycastle:bcprov-jdk14 9 craftcms/cms 9 ckb 9 github.com/ethereum/go-ethereum 9 Microsoft.NetCore.App.Runtime.win-arm 9 org.apache.hadoop:hadoop-main 9 mercurial 9 Microsoft.NetCore.App.Runtime.win-arm64 9 org.apache.struts.xwork:xwork-core 9 org.cloudfoundry.identity:cloudfoundry-identity-server 9 Microsoft.NetCore.App.Runtime.win-x64 9 rusqlite 9 Microsoft.NetCore.App.Runtime.win-x86 9 org.apache.geode:geode-core 9 org.apache.solr:solr-core 9 laravel/framework 9 Microsoft.NETCore.App.Runtime.win-arm64 8 Microsoft.NETCore.App.Runtime.win-x64 8 gradio 8 Microsoft.NETCore.App.Runtime.win-x86 8 shopware/core 8 Microsoft.AspNetCore.App.Runtime.linux-musl-arm 8 org.bouncycastle:bcprov-jdk15 8 org.keycloak:keycloak-services 8 github.com/sylabs/singularity 8 october/system 8 cn.hutool:hutool-core 7 DotNetNuke.Core 7 tar 7 com.liferay.portal:release.portal.bom 7 snipe/snipe-it 7 apache-superset 7 com.xuxueli:xxl-job 7 strapi 7 org.elasticsearch:elasticsearch 7 deno 7 cakephp/cakephp 7 org.eclipse.jetty:jetty-server 7 symfony/security 7 phpmailer/phpmailer 7 pillow 7 org.apache.commons:commons-compress 7 magento/core 7 next 7 gogs.io/gogs 7 codeigniter4/framework 7 org.craftercms:crafter-studio 7 org.jenkins-ci.plugins.workflow:workflow-cps-global-lib 7 smarty/smarty 7 org.springframework:spring-core 7 org.jenkins-ci.plugins.workflow:workflow-cps 7 org.apache.inlong:manager-pojo 7 github.com/docker/docker 7 cryptography 6 Microsoft.NETCore.App 6 waitress 6 contao/core-bundle 6 contao/contao 6 Microsoft.AspNetCore.All 6 rack 6 sequelize 6 guzzlehttp/guzzle 6 ezsystems/ezpublish-kernel 6 github.com/hyperledger/fabric 6 @strapi/strapi 6 @openzeppelin/contracts 6 org.apache.camel:camel-core 6 opencv-python-headless 6 Microsoft.AspNetCore.App.Runtime.osx-arm64 6 opencv-contrib-python-headless 6 github.com/gravitl/netmaker 6 github.com/grafana/grafana 6 org.apache.tomcat:tomcat-coyote 6 nautobot 6 sized-chunks 6 kiwitcms 6 golang.org/x/crypto 6 org.apache.tika:tika-core 6 symfony/security-http 6 wwbn/avideo 6 prestashop/prestashop 6 npm 6 composer/composer 6 k8s.io/kubernetes 6 de.tum.in.ase:artemis-java-test-sandbox 6 express-cart 6 github.com/traefik/traefik/v2 6 github.com/zitadel/zitadel 6 istio.io/istio 6 org.apache.cxf:cxf 6 handlebars 6 org.xwiki.platform:xwiki-platform-web 5 pear/archive_tar 5 directus 5 org.apache.xmlgraphics:batik 5 phpbb/phpbb 5 zope 5 Microsoft.WindowsDesktop.App.Runtime.win-x86 5 Microsoft.WindowsDesktop.App.Runtime.win-x64 5 OPCFoundation.NetStandard.Opc.Ua.Core 5 getkirby/cms 5 org.apache.mesos:mesos 5 com.vaadin:vaadin-bom 5 ezsystems/ezpublish-legacy 5 @openzeppelin/contracts-upgradeable 5 plone 5 genix/cms 5 github.com/nats-io/jwt 5 CefSharp.Common 5 org.apache.tomcat:tomcat-catalina 5 github.com/cilium/cilium 5 forkcms/forkcms 5 serve 5 github.com/go-gitea/gitea 5 github.com/answerdev/answer 5 aubio 5
Filter by Repository
https://github.com/chakra-core/ChakraCore 204 https://github.com/tensorflow/tensorflow 107 https://github.com/xwiki/xwiki-platform 48 https://github.com/FasterXML/jackson-databind 44 https://github.com/jenkinsci/jenkins 36 https://github.com/apache/tomcat 34 https://github.com/django/django 26 https://github.com/python-pillow/Pillow 26 https://github.com/apache/airflow 25 https://github.com/pimcore/pimcore 25 https://github.com/microweber/microweber 25 https://github.com/moodle/moodle 24 https://github.com/keycloak/keycloak 22 https://github.com/apache/struts 22 https://github.com/x-stream/xstream 22 https://github.com/opencv/opencv 21 https://github.com/sparklemotion/nokogiri 20 https://github.com/Dolibarr/dolibarr 19 https://github.com/thorsten/phpmyfaq 18 https://github.com/pmmp/PocketMine-MP 17 https://github.com/dotnet/runtime 17 https://github.com/rancher/rancher 16 https://github.com/spring-projects/spring-framework 16 https://github.com/symfony/symfony 16 https://github.com/ansible/ansible 15 https://github.com/ikus060/rdiffweb 15 https://github.com/parse-community/parse-server 15 https://github.com/github/advisory-database 14 https://github.com/apache/inlong 14 https://github.com/librenms/librenms 14 https://github.com/vyperlang/vyper 14 https://github.com/getgrav/grav 14 https://github.com/mlflow/mlflow 13 https://github.com/usememos/memos 13 https://github.com/jenkinsci/script-security-plugin 13 https://github.com/rails/rails 12 https://github.com/hashicorp/consul 11 https://github.com/mautic/mautic 11 https://github.com/electron/electron 11 https://github.com/apache/nifi 11 https://github.com/centreon/centreon 10 https://github.com/OpenMage/magento-lts 10 https://github.com/go-gitea/gitea 10 https://github.com/argoproj/argo-cd 10 https://github.com/octobercms/october 10 https://github.com/strapi/strapi 9 https://github.com/golang/go 9 https://github.com/cui2shark/cms 9 https://github.com/openstack/keystone 9 https://github.com/rusqlite/rusqlite 9 https://github.com/apache/camel 9 https://github.com/cloudfoundry/uaa 9 https://github.com/nilsteampassnet/teampass 9 https://github.com/kubernetes/kubernetes 9 https://github.com/nervosnetwork/ckb 9 https://github.com/TYPO3/TYPO3.CMS 8 https://github.com/cobbler/cobbler 8 https://github.com/gradio-app/gradio 8 https://github.com/cockpit-hq/cockpit 8 https://github.com/nats-io/nats-server 8 https://github.com/denoland/deno 8 https://github.com/bcgit/bc-java 8 https://github.com/matrix-org/synapse 8 https://github.com/shopware/platform 8 https://github.com/netty/netty 7 https://github.com/dotnet/aspnetcore 7 https://github.com/PHPMailer/PHPMailer 7 https://github.com/eclipse/jetty.project 7 https://github.com/spring-projects/spring-security 7 https://github.com/undertow-io/undertow 7 https://github.com/snipe/snipe-it 7 https://github.com/hashicorp/vault 7 https://github.com/laravel/framework 7 https://github.com/rubygems/rubygems 7 https://github.com/DSpace/DSpace 7 https://github.com/apache/activemq 7 https://github.com/plone/Products.CMFPlone 7 https://github.com/apache/cxf 7 https://github.com/nautobot/nautobot 6 https://github.com/DrunkenShells/Disclosures 6 https://github.com/istio/istio 6 https://github.com/PaddlePaddle/Paddle 6 https://github.com/hyperledger/fabric 6 https://github.com/OpenNMS/opennms 6 https://github.com/intelliants/subrion 6 https://github.com/smarty-php/smarty 6 https://github.com/pyca/cryptography 6 https://github.com/CVEProject/cvelist 6 https://github.com/xuxueli/xxl-job 6 https://github.com/saltstack/salt 6 https://github.com/TYPO3/typo3 6 https://github.com/guzzle/guzzle 6 https://github.com/sequelize/sequelize 6 https://github.com/kiwitcms/Kiwi 6 https://github.com/contao/contao 6 https://github.com/bodil/sized-chunks 6 https://github.com/dnnsoftware/Dnn.Platform 6 https://github.com/phpmyadmin/phpmyadmin 6 https://github.com/dromara/hutool 6 https://github.com/gravitl/netmaker 6 https://github.com/zitadel/zitadel 6 https://github.com/OpenZeppelin/openzeppelin-contracts 6 https://github.com/Pylons/waitress 6 https://github.com/ls1intum/Ares 6 https://github.com/magento/magento2 6 https://github.com/npm/node-tar 6 https://github.com/OPCFoundation/UA-.NETStandard 6 https://github.com/nilsteampassnet/TeamPass 6 https://github.com/WWBN/AVideo 6 https://github.com/backstage/backstage 6 https://github.com/opencast/opencast 6 https://github.com/froxlor/froxlor 6 https://github.com/ethereum/go-ethereum 5 https://github.com/hpcng/singularity 5 https://github.com/cilium/cilium 5 https://github.com/apache/hadoop 5 https://github.com/drupal/core 5 https://github.com/getkirby/kirby 5 https://github.com/PrestaShop/PrestaShop 5 https://github.com/directus/directus 5 https://github.com/forkcms/forkcms 5 https://github.com/composer/composer 5 https://github.com/pear/Archive_Tar 5 https://github.com/zopefoundation/Zope 5 https://github.com/geoserver/geoserver 5 https://github.com/vercel/next.js 5 https://github.com/aubio/aubio 5 https://github.com/BlackFan/client-side-prototype-pollution 5 https://github.com/gogs/gogs 5 https://github.com/answerdev/answer 5 https://github.com/docker/docker 5 https://github.com/apache/xmlgraphics-batik 5 https://github.com/traefik/traefik 5 https://github.com/codeigniter4/CodeIgniter4 5 https://github.com/cakephp/cakephp 5 https://github.com/matrix-org/matrix-js-sdk 5 https://github.com/twisted/twisted 5 https://github.com/apache/kylin 5 https://github.com/apache/dolphinscheduler 5 https://github.com/protocolbuffers/protobuf 5 https://github.com/cefsharp/CefSharp 5 https://github.com/grafana/grafana 5 https://github.com/IBAX-io/go-ibax 5 https://github.com/faisalman/ua-parser-js 5 https://github.com/ericcornelissen/shescape 4 https://github.com/jenkinsci/workflow-cps-global-lib-plugin 4 https://github.com/playframework/playframework 4 https://github.com/containers/podman 4 https://github.com/tidwall/gjson 4 https://github.com/jettison-json/jettison 4 https://github.com/vantage6/vantage6 4 https://github.com/fiveai/Cachet 4 https://github.com/kubernetes/ingress-nginx 4 https://github.com/apache/geode 4 https://github.com/yiisoft/yii2 4 https://github.com/totaljs/framework 4 https://github.com/bolt/bolt 4 https://github.com/phpseclib/phpseclib 4 https://github.com/opencontainers/runc 4 https://github.com/apple/swift-nio-http2 4 https://github.com/scrapy/scrapy 4 https://github.com/PrismJS/prism 4 https://github.com/free5gc/free5gc 4 https://github.com/Codiad/Codiad 4 https://github.com/0xJacky/nginx-ui 4 https://github.com/hashicorp/nomad 4 https://github.com/nocodb/nocodb 4 https://github.com/containers/buildah 4 https://github.com/quarkusio/quarkus 4 https://github.com/livehelperchat/livehelperchat 4 https://github.com/baserproject/basercms 4 https://github.com/ethyca/fides 4 https://github.com/pgadmin-org/pgadmin4 4 https://github.com/wixtoolset/issues 4 https://github.com/pimcore/admin-ui-classic-bundle 4 https://github.com/cri-o/cri-o 4 https://github.com/igniterealtime/Openfire 4 https://github.com/RaspAP/raspap-webgui 4 https://github.com/ckeditor/ckeditor4 4 https://github.com/npm/cli 4 https://github.com/cloudflare/cfrpki 4 https://github.com/libp2p/go-libp2p 4 https://github.com/statamic/cms 4 https://github.com/centreon/centreon-archived 4 https://github.com/surrealdb/surrealdb 4 https://github.com/restlet/restlet-framework-java 4 https://github.com/jnqnfe/pulse-binding-rust 4 https://github.com/Froxlor/Froxlor 4 https://github.com/nightcloudos/new_cms 4 https://github.com/jhipster/generator-jhipster 4 https://github.com/ezsystems/ezpublish-legacy 4 https://github.com/jeecgboot/jeecg-boot 4 https://github.com/jfhbrook/node-ecstatic 3 https://github.com/dpgaspar/Flask-AppBuilder 3 https://github.com/phusion/passenger 3 https://github.com/grpc/grpc 3 https://github.com/jupyterhub/oauthenticator 3 https://gitlab.com/edneville/please 3 https://github.com/edgelesssys/constellation 3