Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Low Security Advisories

Loading...
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTY3M3gtZjV3eC1meHB3
Cross Site Scripting and RCE in baserCMS
Ecosystems: packagist
Packages: baserproject/basercms
Source: GitHub Advisory Database
Blast Radius: 4.6
Published: over 3 years ago
Low
GSA_kwCzR0hTQS00Z21qLTNwM2gtZ204aM4AA5gl
es5-ext vulnerable to Regular Expression Denial of Service in `function#copy` and `function#toStringTokens`
Ecosystems: npm
Packages: es5-ext
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
Low
GSA_kwCzR0hTQS1wMmdtLWZmcjMtdzJ4d84AAxfS
Nervos CKB vulnerable to low-resource flood DDoS attacks through network message
Ecosystems: cargo
Packages: ckb
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Low
GSA_kwCzR0hTQS1ncHY1LTd4M2ctZ2hqds4AAz4I
fast-xml-parser regex vulnerability patch could be improved from a safety perspective
Ecosystems: npm
Packages: fast-xml-parser
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 11 months ago
Low
GSA_kwCzR0hTQS1tOWo3LXhjajctNDJqOc4AAagr
MoinMoin Cross-site Scripting (XSS) vulnerability
Ecosystems: pypi
Packages: moin
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Low
GSA_kwCzR0hTQS05Y3J4LXAzNTctNXZ3OM4AAeli
Ajenti Cross-site scripting (XSS) vulnerability
Ecosystems: pypi
Packages: ajenti
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Low
GSA_kwCzR0hTQS02OGpoLXJmNngtODM2Zs4AAz6F
@apollo/server vulnerable to unsafe application of Content Security Policy via reused nonces
Ecosystems: npm
Packages: @apollo/server
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 11 months ago
Low
GSA_kwCzR0hTQS14ajV2LTZ2NGctamZ3Ns4AA5mD
Rack has possible DoS Vulnerability with Range Header
Ecosystems: rubygems
Packages: rack
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWpjZ3ItOTY5OC04Mmp4
Improper Neutralization of Special Elements used in a Command ('Command Injection') in @floffah/build
Ecosystems: npm
Packages: @floffah/build
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 3 years ago
Low
GSA_kwCzR0hTQS05eHh2LXE2cHAtOTZ3cc4AA5mo
Concrete CMS Stored XSS
Ecosystems: packagist
Packages: concrete5/concrete5
Source: GitHub Advisory Database
Blast Radius: 2.0
Published: 3 months ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWpmdmYtcmZtcS1xd2Y4
Croos-site scripting in Croogo
Ecosystems: packagist
Packages: croogo/croogo
Source: GitHub Advisory Database
Blast Radius: 7.9
Published: almost 3 years ago
Low
GSA_kwCzR0hTQS05dng2LTd4eGYteDk2N84AA5qR
OpenZeppelin Contracts base64 encoding may read from potentially dirty memory
Ecosystems: npm
Packages: @openzeppelin/contracts-upgradeable, @openzeppelin/contracts
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
Low
GSA_kwCzR0hTQS1wNGc0LXdncmgtcXJnMs4AAxeb
Panic due to malformed WALs in go.etcd.io/etcd
Ecosystems: go
Packages: go.etcd.io/etcd
Source: GitHub Advisory Database
Blast Radius: 17.0
Published: over 1 year ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWc1NGgtbTM5My1jcHdx
devices resource list treated as a blacklist by default
Ecosystems: go
Packages: github.com/opencontainers/runc
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTMzcDYtZng0Mi03cmY1
Harbor is vulnerable to a limited Server-Side Request Forgery (SSRF) (CVE-2020-13788)
Ecosystems: go
Packages: github.com/goharbor/harbor
Source: GitHub Advisory Database
Blast Radius: 2.4
Published: over 2 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTdmMzMtZjRmNS14d2d3
In-band key negotiation issue in AWS S3 Crypto SDK for golang
Ecosystems: go
Packages: github.com/aws/aws-sdk-go
Source: GitHub Advisory Database
Blast Radius: 12.1
Published: over 2 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXYyNGgtcGpqdi1tY3A2
Denial of service in Tendermint
Ecosystems: go
Packages: github.com/tendermint/tendermint
Source: GitHub Advisory Database
Blast Radius: 10.8
Published: almost 3 years ago
Low
GSA_kwCzR0hTQS1ocTU4LXA5bXYtMzM4Y84AA2Jf
CometBFT's default for `BlockParams.MaxBytes` consensus parameter may increase block times and affect consensus participation
Ecosystems: go
Packages: github.com/cometbft/cometbft
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 8 months ago
Low
GSA_kwCzR0hTQS1wZmZnLTkyY2cteGY1Y84AA2Qs
gnark-crypto's exponentiation in the pairing target group GT using GLV can give incorrect results
Ecosystems: go
Packages: github.com/consensys/gnark-crypto
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 7 months ago
Low
GSA_kwCzR0hTQS1jaGZtLTY4dnYtcHZ3Nc4AA7eI
XMLUnit for Java has Insecure Defaults when Processing XSLT Stylesheets
Ecosystems: maven
Packages: org.xmlunit:xmlunit-core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 16 days ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJ2ZmMtZzhqNS05Y2Nm
Generation of Error Message Containing Sensitive Information in Keycloak
Ecosystems: maven
Packages: org.keycloak:keycloak-parent
Source: GitHub Advisory Database
Blast Radius: 4.4
Published: over 2 years ago
Low
GSA_kwCzR0hTQS0yNG01LXI2aHYtY2NncM4AA2C5
Specific Cilium configurations vulnerable to DoS via Kubernetes annotations
Ecosystems: go
Packages: github.com/cilium/cilium
Source: GitHub Advisory Database
Blast Radius: 7.0
Published: 8 months ago
Low
GSA_kwCzR0hTQS1jdmNjLTV4OTItZ21oY802tg
SaltStack Salt Improper Authentication via Man in the Middle Attack
Ecosystems: pypi
Packages: salt
Source: GitHub Advisory Database
Blast Radius: 9.7
Published: about 2 years ago
Low
GSA_kwCzR0hTQS13cXE0LTV3cHYtbXgyZ84AA2eY
Undici's cookie header not cleared on cross-origin redirect in fetch
Ecosystems: npm
Packages: undici
Source: GitHub Advisory Database
Blast Radius: 19.5
Published: 7 months ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWd4cGotY3g3Zy04NThj
Regular Expression Denial of Service in debug
Ecosystems: npm
Packages: debug
Source: GitHub Advisory Database
Blast Radius: 22.8
Published: almost 6 years ago
Low
GSA_kwCzR0hTQS04NjM5LXF4NTYtcjQyOM4AArTb
CSRF allows attacker to finalize/unfinalize order adjustments in solidus_backend
Ecosystems: rubygems
Packages: solidus_backend
Source: GitHub Advisory Database
Blast Radius: 6.2
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS1tNzMyLXd2aDItN2NxNM4AA6R7
Unauthenticated views may expose information to anonymous users
Ecosystems: pypi
Packages: nautobot
Source: GitHub Advisory Database
Blast Radius: 6.2
Published: about 2 months ago
Low
GSA_kwCzR0hTQS1tbWg2LTVjcGYtMmM3Ms4AA6RR
phpMyFAQ Path Traversal in Attachments
Ecosystems: packagist
Packages: phpmyfaq/phpmyfaq
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: about 2 months ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTQ1MmctZjdmcC05amY3
Type confusion during tensor casts lead to dereferencing null pointers
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 12.2
Published: almost 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWhjNmMtNzVwNC1obXE0
Reference binding to null pointer in `MatrixDiag*` ops
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 12.2
Published: almost 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTM5M2YtMmpyMy1jcDY5
CHECK-fail in DrawBoundingBoxes
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 12.2
Published: almost 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTRmZzQtcDc1ai13NXhq
Heap out of bounds in `QuantizedBatchNormWithGlobalNormalization`
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 12.2
Published: almost 3 years ago
Low
GSA_kwCzR0hTQS1weGh3LTU5NnItcndxNc4AA7Ph
Kubernetes allows bypassing mountable secrets policy imposed by the ServiceAccount admission plugin
Ecosystems: go
Packages: k8s.io/kubernetes
Source: GitHub Advisory Database
Blast Radius: 11.6
Published: 24 days ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWY3OGctcTdyNC05d2N2
Division by 0 in `FractionalAvgPool`
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 12.2
Published: almost 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXhoZngtaGdtZi12NnZw
Potential Host Header Poisoning on misconfigured servers
Ecosystems: packagist
Packages: october/backend
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 3 years ago
Low
GSA_kwCzR0hTQS12bXhnLXd4NmMtNGYzcs4AA0CZ
Admidio Improper Access Control vulnerability
Ecosystems: packagist
Packages: admidio/admidio
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 11 months ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXFnNDgtODVoZy1tcWM1
Division by 0 in `DenseCountSparseOutput`
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 12.2
Published: almost 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXBnNTMtNTZjZy00bThx
Token verification bug in next-auth
Ecosystems: npm
Packages: next-auth
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXh3OTMtdjU3ai1mY2do
Division by 0 in `SparseMatMul`
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 12.2
Published: almost 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLThndjMtNTdwNi1nMzVy
Heap buffer overflow in `RaggedTensorToTensor`
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 12.2
Published: almost 3 years ago
Low
GSA_kwCzR0hTQS1tNTRoLTV4NWYtNW02cs4AA0IM
SpiceDB's LookupResources may return partial results
Ecosystems: go
Packages: github.com/authzed/spicedb
Source: GitHub Advisory Database
Blast Radius: 4.6
Published: 11 months ago
Low
GSA_kwCzR0hTQS12NXAyLXZnM2MtcG1ycs2psg
Apache Tomcat Path Traversal Vulnerability
Ecosystems: maven
Packages: org.apache.tomcat:tomcat
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Low
GSA_kwCzR0hTQS05N3doLTZobWotZzhqOc4AA0GL
Spina Cross-site Scripting vulnerability
Ecosystems: rubygems
Packages: spina
Source: GitHub Advisory Database
Blast Radius: 6.3
Published: 11 months ago
Low
GSA_kwCzR0hTQS1mNWg0LXdtcDUteGhnNs4AA0KF
Client Spoofing within the Keycloak Device Authorisation Grant
Ecosystems: maven
Packages: org.keycloak:keycloak-server-spi-private, org.keycloak:keycloak-services
Source: GitHub Advisory Database
Blast Radius: 9.7
Published: 11 months ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXEyNjMtZnZ4bS1tNW13
Heap out of bounds access in MakeEdge in TensorFlow
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 21.4
Published: over 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWhodmMtZzVodi00OGM2
Write to immutable memory region in TensorFlow
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 21.4
Published: over 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWM5ZjMtOXdmci13Z2g3
Lack of validation in data format attributes in TensorFlow
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 21.4
Published: over 3 years ago
Low
GSA_kwCzR0hTQS13MnY4LXBocDQtcDhoY84AA7eE
Wagtail has permission check bypass when editing a model with per-field restrictions through `wagtail.contrib.settings` or `ModelViewSet`
Ecosystems: pypi
Packages: wagtail
Source: GitHub Advisory Database
Blast Radius: 8.9
Published: 16 days ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTNoOG0tNDgzai03eHht
Heap out of bounds read in `RequantizationRange`
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 12.2
Published: almost 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTc0aHYtcWpqcS1oN2c1
datasette-graphql leaks details of the schema of private database files
Ecosystems: pypi
Packages: datasette-graphql
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Low
GSA_kwCzR0hTQS1oYzVjLXI4bTUtMmdmaM4AA1_4
plone.restapi vulnerable to Stored Cross Site Scripting with SVG image in user portrait
Ecosystems: pypi
Packages: plone.restapi
Source: GitHub Advisory Database
Blast Radius: 8.0
Published: 8 months ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTI4ZnctODhocS02am1t
Persistent XSS in shopping worlds
Ecosystems: packagist
Packages: shopware/shopware
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWhyZmgtZnA0eC1jcnJx
Persistent XSS in newsletter module in Shopware
Ecosystems: packagist
Packages: shopware/shopware
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Low
GSA_kwCzR0hTQS1yODQ3LTZ3NmgtcjhnNM4AA2vp
Flyte Admin SQL Injection in List Filters
Ecosystems: go
Packages: github.com/flyteorg/flyteadmin
Source: GitHub Advisory Database
Blast Radius: 2.4
Published: 7 months ago
Low
GSA_kwCzR0hTQS13bThxLTk5NzUteGg1ds4AA1_u
Zope vulnerable to Stored Cross Site Scripting with SVG images
Ecosystems: pypi
Packages: Zope
Source: GitHub Advisory Database
Blast Radius: 7.6
Published: 8 months ago
Low
GSA_kwCzR0hTQS12eG1tLWN3aDItcTc2Ms4AAzbG
Vyper's nonpayable default functions are sometimes payable
Ecosystems: pypi
Packages: vyper
Source: GitHub Advisory Database
Blast Radius: 8.8
Published: 12 months ago
Low
GSA_kwCzR0hTQS1tbWg2LW03djktNTk1Ns4AArVk
Regular expression denial of service in markdown-link-extractor
Ecosystems: npm
Packages: markdown-link-extractor
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS12bThxLW01N2ctcGZmM84AA6CU
Regular expression denial-of-service in Django
Ecosystems: pypi
Packages: django
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 months ago
Low
GSA_kwCzR0hTQS1ycHJnLTR2N3EtODd2N84AAwOX
Buildah (as part of Podman) vulnerable to Path Traversal
Ecosystems: go
Packages: github.com/containers/podman/v4
Source: GitHub Advisory Database
Blast Radius: 6.3
Published: over 1 year ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWh3djUtdzhnbS1mcTlm
Directory Traversal vulnerability in GET/PUT allows attackers to Disclose Information or Write Files via a crafted GET/PUT request
Ecosystems: pypi
Packages: xmpp-http-upload
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXg4aDYteGdxeC1qcWdw
Undefined behavior and `CHECK`-fail in `FractionalMaxPoolGrad`
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 12.2
Published: almost 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZxMnItNXh2bS0zaGMz
Segfault in `CTCBeamSearchDecoder`
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 12.2
Published: almost 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZwOWMtZnB4eC03NDR2
personnummer/ruby vulnerable to Improper Input Validation
Ecosystems: rubygems
Packages: personnummer
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Low
GSA_kwCzR0hTQS05NHByLXc5NjgtaDkyM84AA7fp
Jenkins Telegram Bot Plugin stores the Telegram Bot token in plaintext
Ecosystems: maven
Packages: org.jenkins-ci.plugins:telegrambot
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 15 days ago
Low
GSA_kwCzR0hTQS1jM2htLWh4d2YtZzVjNs4AA7v1
vodozemac has degraded secret zeroization capabilities
Ecosystems: cargo
Packages: vodozemac
Source: GitHub Advisory Database
Blast Radius: 3.5
Published: 14 days ago
Low
GSA_kwCzR0hTQS1yMnh2LXZwcjItNDJtOc4AA2_p
slsa-verifier vulnerable to mproper validation of npm's publish attestations
Ecosystems: go
Packages: github.com/slsa-framework/slsa-verifier, github.com/slsa-framework/slsa-verifier/v2
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
Low
GSA_kwCzR0hTQS1nN3Z2LTJ2N3gtZ2o5cM4AA7v0
tqdm CLI arguments injection attack
Ecosystems: pypi
Packages: tqdm
Source: GitHub Advisory Database
Blast Radius: 20.0
Published: 14 days ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXhmNjQtMmY5cC02cHFx
Information Exposure in type-graphql
Ecosystems: npm
Packages: type-graphql
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Low
GSA_kwCzR0hTQS1wd2g4LTU4dnYtdnc0OM4AA15T
Jetty's OpenId Revoked authentication allows one request
Ecosystems: maven
Packages: org.eclipse.jetty:jetty-openid
Source: GitHub Advisory Database
Blast Radius: 5.4
Published: 8 months ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXY0NW0tMndjcC1nZzk4
Global node_modules Binary Overwrite in bin-links
Ecosystems: npm
Packages: bin-links
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXY1MnAtaGZqZi13Zzg4
Division by zero in TFLite's implementation of `SpaceToBatchNd`
Ecosystems: pypi
Packages: tensorflow
Source: GitHub Advisory Database
Blast Radius: 12.2
Published: almost 3 years ago
Low
GSA_kwCzR0hTQS0zNmZyLTN3ZzgtcTV2OM4AA3O6
Concrete CMS Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: concrete5/concrete5
Source: GitHub Advisory Database
Blast Radius: 3.0
Published: 6 months ago
Low
GSA_kwCzR0hTQS05amZ4LTg0djktMnJyMs4AA0z2
Nomad Caller ACL Token’s Secret ID is Exposed to Sentinel
Ecosystems: go
Packages: github.com/hashicorp/nomad
Source: GitHub Advisory Database
Blast Radius: 7.9
Published: 10 months ago
Low
GSA_kwCzR0hTQS1tNDM0LW01cHYtcDM1d80mbQ
Insufficient user authorization in Moodle
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 5.4
Published: over 2 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXB2NnItdmNoaC1jeGc5
Denial of Service in apostrophe
Ecosystems: npm
Packages: apostrophe
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Low
GSA_kwCzR0hTQS1yY20yLTIyZjMtcHF2M84AA7fu
Firebase vulnerable to CRSF attack
Ecosystems: npm
Packages: firebase-tools
Source: GitHub Advisory Database
Blast Radius: 11.4
Published: 15 days ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXY2Z3YtZmc0Ni1oODlq
Sensitive Data Exposure in put
Ecosystems: npm
Packages: put
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTlyM20tbWhmbS0zOWNt
Incorrect Calculation in bigint-money
Ecosystems: npm
Packages: bigint-money
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTk5MmYtd2Y0dy14MzZ2
Prototype Pollution in merge-objects
Ecosystems: npm
Packages: merge-objects
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTlocWotMzhqMi01amdt
Command Injection in ascii-art
Ecosystems: npm
Packages: ascii-art
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWczcXctOXBncC14cGo0
Out-of-bounds Read in njwt
Ecosystems: npm
Packages: njwt
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXF3NWgtN2Y1My14cnA2
Stack overflow in `ParseAttrValue` with nested tensors
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 12.2
Published: almost 3 years ago
Low
GSA_kwCzR0hTQS14OXFxLTIzNmotZ2o5N84AA3lE
Canonical LXD documentation improvement to make clear restricted.devices.disk=allow without restricted.devices.disk.paths also allows shift=true
Ecosystems: go
Packages: github.com/canonical/lxd
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 5 months ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW0zNm0teDRjNS1yanhq
Silently Runs Cryptocoin Miner in hooka-tools
Ecosystems: npm
Packages: hooka-tools
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXd2anctcDlmNS12cTI4
Segfault in `tf.raw_ops.SparseCountSparseOutput`
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 12.2
Published: almost 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJ4d3YtM2NjOS1mcDdj
Sensitive Data Exposure in seneca
Ecosystems: npm
Packages: seneca
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 4 years ago
Low
GSA_kwCzR0hTQS05Z2NmLXBxOTktcmp3M84AAZrR
RPLY Predictable Tmpfile Names Allows Cache Spoofing
Ecosystems: pypi
Packages: RPLY
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Low
GSA_kwCzR0hTQS1yMzJnLXc5Y3YtOWZnY84AA6g_
RosarioSIS cross site scripting vulnerability
Ecosystems: packagist
Packages: francoisjacquet/rosariosis
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 months ago
Low
GSA_kwCzR0hTQS03NWhxLWg2ZzktaDRxNc4AA6jC
Wasmtime vulnerable to panic when using a dropped extenref-typed element segment
Ecosystems: cargo
Packages: wasmtime
Source: GitHub Advisory Database
Blast Radius: 11.2
Published: about 1 month ago
Low
GSA_kwCzR0hTQS0zbXY1LTM0M2MtdzJxZ84AA3yl
Ref methods into_ref, into_mut, into_slice, and into_slice_mut are unsound when used with cell::Ref or cell::RefMut
Ecosystems: cargo
Packages: zerocopy
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 5 months ago
Low
GSA_kwCzR0hTQS02ZjN2LTJyMmotMnJwcs4AA70x
Kimai information disclosure vulnerability
Ecosystems: packagist
Packages: kimai/kimai
Source: GitHub Advisory Database
Blast Radius: 4.5
Published: 10 days ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXY2d3AtNG02Zi1nY2pn
`aiohttp` Open Redirect vulnerability (`normalize_path_middleware` middleware)
Ecosystems: pypi
Packages: aiohttp
Source: GitHub Advisory Database
Blast Radius: 14.9
Published: about 3 years ago
Low
GSA_kwCzR0hTQS1nNHdnLWNmcGYtOTY4Oc4AA0zn
keylime fails to flag device as untrusted when signature does not validate
Ecosystems: pypi
Packages: keylime
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 10 months ago
Low
GSA_kwCzR0hTQS1qaHByLWo3Y3EtM2pwM84AAz_s
Flask-AppBuilder vulnerable to possible disclosure of sensitive information on user error
Ecosystems: pypi
Packages: Flask-AppBuilder
Source: GitHub Advisory Database
Blast Radius: 7.5
Published: 11 months ago
Low
GSA_kwCzR0hTQS1mcDZwLTV4dnctbTc0Zs4AAZQc
Django User Enumeration Vulnerability
Ecosystems: pypi
Packages: django
Source: GitHub Advisory Database
Blast Radius: 15.7
Published: about 2 years ago
Low
GSA_kwCzR0hTQS1qZjJwLTRncWotODQ5Z84AAwED
Temporary File Information Disclosure vulnerability in MPXJ
Ecosystems: pypi, nuget, maven
Packages: mpxj, net.sf.mpxj-for-vb, net.sf.mpxj-for-csharp, net.sf.mpxj, net.sf.mpxj:mpxj
Source: GitHub Advisory Database
Blast Radius: 8.1
Published: over 1 year ago
Low
GSA_kwCzR0hTQS1oeHZwLTY1NXgteHhxds4AAekI
Kafo allows local users to obtain passwords and other sensitive information by reading default_values.yaml
Ecosystems: rubygems
Packages: kafo
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXFxYzUtcmdjYy1janFo
Information Disclosure in go.elastic.co/apm
Ecosystems: go
Packages: go.elastic.co/apm
Source: GitHub Advisory Database
Blast Radius: 7.9
Published: almost 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTRyM20tajZ4NS00OG0z
Cross Site Scripting(XSS) Vulnerability in Latest Release 4.3.6 Site basic settings
Ecosystems: packagist
Packages: baserproject/basercms
Source: GitHub Advisory Database
Blast Radius: 4.4
Published: over 3 years ago
Low
GSA_kwCzR0hTQS14NjdnLTQ3cDMtcmM3Zs4AAzg9
MindSpore vulnerable to memory corruption
Ecosystems: pypi
Packages: mindspore
Source: GitHub Advisory Database
Blast Radius: 5.5
Published: 12 months ago
Statistics
Advisories: 18,752
Packages: 8,375
Repositories: 449
Ecosystems: 12
Filter by Severity
Moderate 8,149 High 6,447 Critical 2,848 Low 1,014
Filter by Ecosystem
pypi 458 maven 282 packagist 178 npm 129 go 125 rubygems 48 cargo 40 nuget 19 hex 3 pub 1 swift 1 actions 1
Filter by Package
tensorflow 109 tensorflow-gpu 93 tensorflow-cpu 93 moodle/moodle 17 concrete5/concrete5 13 shopware/platform 12 typo3/cms 11 phpmyadmin/phpmyadmin 10 shopware/core 10 github.com/mattermost/mattermost/server/v8 10 nova 9 org.jenkins-ci.main:jenkins-core 9 org.apache.tomcat:tomcat 9 vyper 7 matrix-synapse 7 Umbraco.CMS 6 puppet 6 ansible 5 sweetalert2 5 baserproject/basercms 5 october/backend 5 undici 5 k8s.io/kubernetes 5 typo3/cms-core 5 wasmtime 5 helm.sh/helm/v3 5 rack 5 org.keycloak:keycloak-services 4 electron 4 helm.sh/helm 4 github.com/cilium/cilium 4 github.com/mattermost/mattermost-server/v6 4 magento/community-edition 4 actionpack 4 simplesamlphp/simplesamlphp 4 shopware/shopware 4 com.vaadin:flow-server 4 plone 3 github.com/cosmos/cosmos-sdk 3 sylius/sylius 3 bin-links 3 @openzeppelin/contracts-upgradeable 3 nautobot 3 passenger 3 com.vaadin:vaadin-bom 3 ckb 3 httplib2 3 ethyca-fides 3 glance 3 node-forge 3 org.apache.hive:hive-exec 3 org.graylog2:graylog2-server 3 go.etcd.io/etcd 3 cryptography 3 org.apache.hive:hive 3 org.apache.hive:hive-service 3 github.com/mattermost/mattermost-server 3 symfony/symfony 3 wagtail 3 moin 2 org.jenkins-ci.plugins:azure-ad 2 tuf 2 ceph-deploy 2 github.com/opencontainers/runc 2 silverstripe/framework 2 pip 2 org.apache.activemq:activemq-parent 2 typo3/cms-frontend 2 craftcms/cms 2 @openzeppelin/contracts 2 @apollo/server 2 Pillow 2 github.com/answerdev/answer 2 github.com/authzed/spicedb 2 github.com/containerd/containerd 2 next-auth 2 node-ipc 2 org.jenkins-ci.plugins:ec2 2 Django 2 org.jenkins-ci.plugins:bigpanda-jenkins 2 django 2 braces 2 winter/wn-backend-module 2 github.com/sigstore/cosign 2 salt 2 Flask-Security-Too 2 com.inedo.proget:inedo-proget 2 tools.devnull:build-notifications 2 org.jenkins-ci.plugins:mercurial 2 org.eclipse.jetty:jetty-server 2 cargo 2 s2n-quic 2 vantage6 2 symfony/security-http 2 org.xwiki.platform:xwiki-platform-oldcore 2 horizon 2 october/cms 2 github.com/mattermost/mattermost-plugin-jira 2 com.ruoyi:ruoyi 2 Nova 2 parse-server 2 flarum/core 2 activesupport 2 org.jenkins-ci.plugins:artifactory 2 github.com/ntbosscher/gobase 2 langchain 2 org.jenkins-ci.plugins:wso2id-oauth 2 keystone 2 microweber/microweber 2 github.com/cometbft/cometbft 2 org.bouncycastle:bcprov-jdk14 2 gilacms/gila 2 github.com/hashicorp/nomad 2 OctoPrint 2 Zope 2 grumpydictator/firefly-iii 2 aiohttp 2 typo3/cms-install 2 github.com/mutagen-io/mutagen 2 go.etcd.io/etcd/client/v3 2 ezsystems/ezpublish-kernel 2 ezsystems/ezplatform-kernel 2 org.jenkins-ci.plugins:repository-connector 2 Flask-AppBuilder 2 es5-ext 1 fast-xml-parser 1 org.scala-sbt:sbt 1 rabbit_common 1 org.scala-sbt:io_2.12 1 org.scala-sbt:io_2.13 1 org.wiremock:wiremock 1 org.wiremock:wiremock-standalone 1 org.scala-sbt:io_3 1 ajenti 1 org.jenkins-ci.plugins:snsnotify 1 com.github.tomakehurst:wiremock-jre8 1 github.com/oauth2-proxy/oauth2-proxy 1 com.github.tomakehurst:wiremock-jre8-standalone 1 wiremock 1 github.com/nats-io/nats-server/v2 1 org.keycloak:keycloak-core 1 org.jenkins-ci.plugins:openshift-deployer 1 @liquity/contracts 1 org.xwiki.platform:xwiki-platform-security-authentication-script 1 @diez/generation 1 hyper 1 github.com/oauth2-proxy/oauth2-proxy/v7 1 github.com/Masterminds/goutils 1 qutebrowser 1 automad/automad 1 mindspore 1 go.elastic.co/apm 1 kafo 1 net.sf.mpxj:mpxj 1 net.sf.mpxj 1 net.sf.mpxj-for-csharp 1 net.sf.mpxj-for-vb 1 mpxj 1 keylime 1 kimai/kimai 1 zerocopy 1 francoisjacquet/rosariosis 1 RPLY 1 seneca 1 hooka-tools 1 github.com/canonical/lxd 1 org.bouncycastle:bcprov-jdk15to18 1 org.bouncycastle:bcprov-jdk13 1 org.bouncycastle:bcprov-jdk12 1 io.jenkins.plugins:gitlab-branch-source 1 org.springframework.batch:spring-batch-core 1 org.jenkins-ci.plugins:ghprb 1 com.xuxueli:xxl-job-core 1 virtualenv 1 com.typesafe.play:play 1 nokogiri 1 ember-source 1 @aedart/support 1 streamlit 1 org.jenkins-ci.plugins:reverse-proxy-auth-plugin 1 thelounge 1 flarum/framework 1 Werkzeug 1 markdown-link-extractor 1 github.com/flyteorg/flyteadmin 1 plone.restapi 1 datasette-graphql 1 org.keycloak:keycloak-server-spi-private 1 spina 1 admidio/admidio 1 phpmyfaq/phpmyfaq 1 solidus_backend 1 debug 1 org.keycloak:keycloak-parent 1 org.xmlunit:xmlunit-core 1 github.com/consensys/gnark-crypto 1 github.com/tendermint/tendermint 1 github.com/aws/aws-sdk-go 1 github.com/goharbor/harbor 1 croogo/croogo 1
Filter by Repository
https://github.com/tensorflow/tensorflow 109 https://github.com/moodle/moodle 17 https://github.com/concretecms/concretecms 13 https://github.com/shopware/platform 12 https://github.com/openstack/nova 11 https://github.com/etcd-io/etcd 8 https://github.com/umbraco/Umbraco-CMS 7 https://github.com/matrix-org/synapse 7 https://github.com/phpmyadmin/phpmyadmin 7 https://github.com/eclipse/jetty.project 7 https://github.com/vyperlang/vyper 7 https://github.com/octobercms/october 7 https://github.com/rails/rails 6 https://github.com/sweetalert2/sweetalert2 5 https://github.com/nodejs/undici 5 https://github.com/rack/rack 5 https://github.com/ansible/ansible 5 https://github.com/helm/helm 5 https://github.com/kubernetes/kubernetes 5 https://github.com/keycloak/keycloak 5 https://github.com/bytecodealliance/wasmtime 5 https://github.com/baserproject/basercms 5 https://github.com/TYPO3/typo3 5 https://github.com/xwiki/xwiki-platform 5 https://github.com/puppetlabs/puppet 5 https://github.com/jenkinsci/jenkins 5 https://github.com/simplesamlphp/simplesamlphp 4 https://github.com/apache/tomcat 4 https://github.com/cilium/cilium 4 https://github.com/wintercms/winter 4 https://github.com/shopware/shopware 4 https://github.com/electron/electron 4 https://github.com/mattermost/mattermost 4 https://github.com/vaadin/platform 4 https://github.com/Graylog2/graylog2-server 3 https://github.com/nautobot/nautobot 3 https://github.com/wagtail/wagtail 3 https://github.com/digitalbazaar/forge 3 https://github.com/CVEProject/cvelist 3 https://github.com/httplib2/httplib2 3 https://github.com/vaadin/flow 3 https://github.com/symfony/symfony 3 https://github.com/ethyca/fides 3 https://github.com/cosmos/cosmos-sdk 3 https://github.com/django/django 3 https://github.com/pyca/cryptography 3 https://github.com/Sylius/Sylius 3 https://github.com/vantage6/vantage6 3 https://github.com/nervosnetwork/ckb 3 https://github.com/phusion/passenger 3 https://github.com/openstack/keystone 3 https://github.com/jenkinsci/ec2-plugin 2 https://github.com/saltstack/salt 2 https://github.com/quarkusio/quarkus 2 https://github.com/ezsystems/ezplatform-kernel 2 https://github.com/openstack/glance 2 https://github.com/nats-io/nats-server 2 https://github.com/craftcms/cms 2 https://github.com/RIAEvangelist/node-ipc 2 https://github.com/containerd/containerd 2 https://github.com/zopefoundation/Zope 2 https://github.com/microweber/microweber 2 https://github.com/ceph/ceph-deploy 2 https://github.com/cometbft/cometbft 2 https://github.com/nextauthjs/next-auth 2 https://github.com/ntbosscher/gobase 2 https://github.com/aws/s2n-quic 2 https://github.com/apollographql/apollo-server 2 https://github.com/apache/activemq 2 https://github.com/aio-libs/aiohttp 2 https://github.com/octoprint/octoprint 2 https://gitlab.com/sequoia-pgp/sequoia 2 https://github.com/answerdev/answer 2 https://github.com/mutagen-io/mutagen 2 https://github.com/opencontainers/runc 2 https://github.com/GilaCMS/gila 2 https://github.com/micromatch/braces 2 https://github.com/pypa/pip 2 https://github.com/TYPO3/TYPO3.CMS 2 https://github.com/Flask-Middleware/flask-security 2 https://github.com/firefly-iii/firefly-iii 2 https://github.com/hashicorp/nomad 2 https://github.com/OpenZeppelin/openzeppelin-contracts 2 https://github.com/theupdateframework/python-tuf 2 https://github.com/mattermost/mattermost-plugin-jira 2 https://github.com/bcgit/bc-java 2 https://github.com/parse-community/parse-server 2 https://github.com/opencontainers/distribution-spec 2 https://github.com/dpgaspar/Flask-AppBuilder 2 https://github.com/flarum/framework 2 https://github.com/rust-lang/cargo 2 https://github.com/authzed/spicedb 2 https://github.com/openstack/horizon 2 https://github.com/sigstore/cosign 2 https://github.com/thelounge/thelounge 1 https://github.com/plone/Products.CMFPlone 1 https://github.com/dojo/dijit 1 https://github.com/jenkinsci/mercurial-plugin 1 https://github.com/Consensys/gnark-crypto 1 https://github.com/personnummer/csharp 1 https://github.com/joeferner/redis-commander 1 https://github.com/fastify/fastify-http-proxy 1 https://github.com/brefphp/bref 1 https://github.com/electron-userland/electron-packager 1 https://github.com/knative-extensions/eventing-github 1 https://github.com/swagger-api/swagger-codegen 1 https://github.com/Azure/setup-kubectl 1 https://github.com/httpie/httpie 1 https://github.com/canonical/lxd 1 https://github.com/jquery-validation/jquery-validation 1 https://github.com/yiisoft/yii2-authclient 1 https://github.com/vapor/postgres-nio 1 https://github.com/waysact/webpack-subresource-integrity 1 https://github.com/google/zerocopy 1 https://github.com/keystonejs/keystone 1 https://github.com/ezsystems/ezpublish-kernel 1 https://github.com/tinymce/tinymce 1 https://github.com/NVIDIA/NeMo 1 https://github.com/croogo/croogo 1 https://github.com/derbyjs/derby 1 https://github.com/puma/puma 1 https://github.com/endojs/endo 1 https://github.com/moq/moq 1 https://github.com/rails/globalid 1 https://github.com/medikoo/es5-ext 1 https://github.com/jenkinsci/email-ext-plugin 1 https://github.com/python-imaging/Pillow 1 https://github.com/jenkinsci/qmetry-for-jira-test-management-plugin 1 https://github.com/Cyber-Domain-Ontology/CDO-Utility-Local-UUID 1 https://github.com/simplegeo/python-oauth2 1 https://github.com/decidim/decidim 1 https://github.com/spinacms/spina 1 https://github.com/keylime/keylime 1 https://github.com/vega/vega 1 https://github.com/Masterminds/goutils 1 https://github.com/skylot/jadx 1 https://github.com/cloudfoundry/uaa 1 https://github.com/directus/directus 1 https://github.com/Twipped/ircdkit 1 https://github.com/spring-projects/spring-data-rest 1 https://github.com/ktorio/ktor 1 https://github.com/PrestaShop/productcomments 1 https://github.com/mlflow/mlflow 1 https://github.com/kopia/kopia 1 https://github.com/fluent/fluentd 1 https://github.com/jcubic/jquery.terminal 1 https://github.com/lexik/LexikJWTAuthenticationBundle 1 https://github.com/kitabisa/teler 1 https://github.com/firebase/firebase-tools 1 https://github.com/jeremylong/DependencyCheck 1 https://github.com/tauri-apps/tauri 1 https://github.com/node-red/node-red 1 https://github.com/ubernostrum/django-registration 1 https://github.com/personnummer/php 1 https://github.com/openjdk/jfx 1 https://github.com/livehelperchat/livehelperchat 1 https://github.com/CosmWasm/cosmwasm 1 https://github.com/cjvnjde/google-translate-api-browser 1 https://github.com/floriangaerber/Magnesium-PHP 1 https://github.com/zowe/imperative 1 https://github.com/jenkinsci/digitalocean-plugin 1 https://github.com/theupdateframework/go-tuf 1 https://github.com/admidio/admidio 1 https://github.com/jenkinsci/inedo-buildmaster-plugin 1 https://github.com/onionshare/onionshare 1 https://github.com/sparklemotion/sqlite3-ruby 1 https://github.com/memorysafety/sudo-rs 1 https://github.com/ericcornelissen/shescape 1 https://github.com/alphagov/tech-docs-gem 1 https://github.com/tailscale/tailscale 1 https://github.com/Nebulosus/shamir 1 https://github.com/ajenti/ajenti 1 https://github.com/xuxueli/xxl-job 1 https://github.com/yourls/yourls 1 https://github.com/bbatsov/rubocop 1 https://github.com/dan1hc/fgr 1 https://github.com/jenkinsci/github-plugin 1 https://github.com/kiwitcms/Kiwi 1 https://github.com/gradle/gradle 1 https://gitlab.com/edneville/please 1 https://github.com/xmlunit/xmlunit 1 https://github.com/octokit/octopoller.rb 1 https://github.com/disintegration/imaging 1 https://github.com/node-js-libs/cli 1 https://github.com/Brondahl/EnumStringValues 1 https://github.com/foxcpp/maddy 1 https://github.com/jenkinsci/git-client-plugin 1 https://github.com/personnummer/go 1 https://github.com/amundsen-io/amundsenfrontendlibrary 1 https://github.com/elastic/apm-agent-go 1 https://github.com/rust-vmm/linux-loader 1 https://github.com/jenkinsci/resource-disposer-plugin 1 https://github.com/zopefoundation/Products.GenericSetup 1 https://github.com/npm/npm 1 https://github.com/triaxtec/openapi-python-client 1 https://github.com/arguiot/EyeJS 1 https://github.com/dub-flow/vulnerability-research 1 https://github.com/jenkinsci/gitlab-plugin 1 https://github.com/impredicative/bitlyshortener 1