Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

High Security Advisories

Loading...
High
GSA_kwCzR0hTQS00OTNwLXBmcTYtNTI1OM4AAyQk
json-smart Uncontrolled Recursion vulnerabilty
Ecosystems: maven
Packages: net.minidev:json-smart
Source: GitHub Advisory Database
Blast Radius: 28.0
Published: about 1 year ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWM5OWgtZmdxbS02Njc5
UnixAuthenticationService in Apache Ranger was updated to correctly handle user input to avoid Stack-based buffer overflow
Ecosystems: maven
Packages: org.apache.ranger:ranger
Source: GitHub Advisory Database
Blast Radius: 2.6
Published: over 5 years ago
High
GSA_kwCzR0hTQS1nYzM0LTV2NDMtaDd2OM4AAz0l
nuxt Code Injection vulnerability
Ecosystems: npm
Packages: nuxt
Source: GitHub Advisory Database
Blast Radius: 39.3
Published: 11 months ago
High
GSA_kwCzR0hTQS1yOHByLTgzY2MtY2N2N80kOg
Umbraco Persistent Password Reset Poison
Ecosystems: nuget
Packages: Umbraco.Cms.Core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXBqZnItcWYzcC0zcTI1
When running Apache Tomcat on Windows with HTTP PUTs enabled it was possible to upload a JSP file to the server
Ecosystems: maven
Packages: org.apache.tomcat.embed:tomcat-embed-core
Source: GitHub Advisory Database
Blast Radius: 33.6
Published: over 5 years ago
High
GSA_kwCzR0hTQS14N3dyLTI4M2gtNWgyds0kdA
Out-of-bounds Read in Onionshare
Ecosystems: pypi
Packages: onionshare-cli
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
High
GSA_kwCzR0hTQS04M3c0LXg1dzktaGY0aM4AAv7M
XXL-JOB vulnerable to Server-Side Request Forgery (SSRF)
Ecosystems: maven
Packages: com.xuxueli:xxl-job-core
Source: GitHub Advisory Database
Blast Radius: 27.7
Published: over 1 year ago
High
GSA_kwCzR0hTQS12OXJtLTdydjktcjNmd84AAzTL
Apache OpenMeetings Improper Authentication vulnerability
Ecosystems: maven
Packages: org.apache.openmeetings:openmeetings-parent
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXcyODUtd2Y5cS01dzY5
In Bouncy Castle JCE Provider the ECIES implementation allowed the use of ECB mode
Ecosystems: maven
Packages: org.bouncycastle:bcprov-jdk15, org.bouncycastle:bcprov-jdk14
Source: GitHub Advisory Database
Blast Radius: 22.2
Published: over 5 years ago
High
GSA_kwCzR0hTQS03MjhjLTQycGMtZnd4Z80kAw
Unrestricted Upload of File with Dangerous Type in Crater
Ecosystems: packagist
Packages: bytefury/crater
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
High
GSA_kwCzR0hTQS1mNjM3LXZoM3ItdmZoMs4AAyT-
TensorFlow has Floating Point Exception in AudioSpectrogram
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 36.5
Published: about 1 year ago
High
GSA_kwCzR0hTQS00OXJxLWh3YzMteDc3d84AAyT6
TensorFlow has Null Pointer Error in QuantizedMatMulWithBiasAndDequantize
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 36.5
Published: about 1 year ago
High
GSA_kwCzR0hTQS13NnJwLTR2ajctdjJtOM0g9g
Missing Authorization in DayByDay CRM
Ecosystems: packagist
Packages: bottelet/flarepoint
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJ2Z2ctZjhxbS02aDdq
High severity vulnerability that affects io.vertx:vertx-web
Ecosystems: maven
Packages: io.vertx:vertx-web
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 5 years ago
High
GSA_kwCzR0hTQS05NnY2LWhyd2ctcDM3OM0g6g
Weak Password Requirements in Daybyday CRM
Ecosystems: packagist
Packages: bottelet/flarepoint
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW1nNjktNmozbS1qdmd3
HTML Injection in marky-markdown
Ecosystems: npm
Packages: marky-markdown
Source: GitHub Advisory Database
Blast Radius: 16.9
Published: over 3 years ago
High
GSA_kwCzR0hTQS01N3E1LXg4amYtZzdoOM4AASa4
Inconsistent Interpretation of HTTP Requests in Red Hat JBoss EAP
Ecosystems: maven
Packages: org.jboss.resteas:resteasy-jaxrs
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTM2OGYtMjljMy00ZjJy
Data race in conqueue
Ecosystems: cargo
Packages: conqueue
Source: GitHub Advisory Database
Blast Radius: 10.9
Published: over 2 years ago
High
GSA_kwCzR0hTQS1wcDNmLXhydzUtcTVqNM4AAv_J
Lancet vulnerable to path traversal when unzipping files
Ecosystems: go
Packages: github.com/duke-git/lancet, github.com/duke-git/lancet/v2
Source: GitHub Advisory Database
Blast Radius: 15.1
Published: over 1 year ago
High
GSA_kwCzR0hTQS00Y3ZtLTU3NzYtang5Zs4AAU8V
Ansible Arbitrary Code Execution
Ecosystems: pypi
Packages: ansible
Source: GitHub Advisory Database
Blast Radius: 36.7
Published: about 2 years ago
High
GSA_kwCzR0hTQS1jcG1yLW13NGotOTlyN84AAyUM
Nginx alias path traversal allows unauthenticated attackers to read all files on /label_studio/core/
Ecosystems: pypi
Packages: label-studio
Source: GitHub Advisory Database
Blast Radius: 11.9
Published: about 1 year ago
High
GSA_kwCzR0hTQS02aGNmLWc2Z3ItaGhjcs4AAyUJ
`openssl` `X509Extension::new` and `X509Extension::new_nid` null pointer dereference
Ecosystems: cargo
Packages: openssl
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXdjNmYtY2pjcC1jYzMz
Improper Certificate Validation in Apache IoTDB
Ecosystems: maven
Packages: org.apache.iotdb:iotdb-parent
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
High
GSA_kwCzR0hTQS01NDc5LWdxcXItZjlnas4AAd6F
Typo3 Vulnerable to Cache Poisoning
Ecosystems: packagist
Packages: typo3/cms
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTI2djYtdzZmdy1yaDk0
Apache Camel can allow remote attackers to execute arbitrary commands
Ecosystems: maven
Packages: org.apache.camel:camel-ahc, org.apache.camel:camel-http4, org.apache.camel:camel-http-common, org.apache.camel:camel-http, org.apache.camel:camel-servlet, org.apache.camel:camel-jetty
Source: GitHub Advisory Database
Blast Radius: 25.6
Published: over 5 years ago
High
GSA_kwCzR0hTQS12MmNoLWZjOGYtcW0zM80fpg
Use of Uninitialized Resource in bite.
Ecosystems: cargo
Packages: bite
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWg2cnAtOHY0ai1od3Bo
Apache Camel's XSLT component allows remote attackers to execute arbitrary Java methods
Ecosystems: maven
Packages: org.apache.camel:camel-core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXE0N3gtNm1xcS00dzky
Gitea Improper Input Validation
Ecosystems: go
Packages: github.com/go-gitea/gitea
Source: GitHub Advisory Database
Blast Radius: 12.1
Published: about 2 years ago
High
GSA_kwCzR0hTQS12aHd2LTg4OTctam03cc4AAvdC
XXE vulnerability in Jenkins Compuware Topaz for Total Test Plugin
Ecosystems: maven
Packages: com.compuware.jenkins:compuware-topaz-for-total-test
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
High
GSA_kwCzR0hTQS1ncHFxLTU5cnAtM2Mzd84AAyVK
Apache InLong vulnerable to JDBC Deserialization of Untrusted Data
Ecosystems: maven
Packages: org.apache.inlong:inlong-manager
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
High
GSA_kwCzR0hTQS0yOTY5LThoaDktNTdqY80fkA
Allocation of Resources Without Limits or Throttling in ckb
Ecosystems: cargo
Packages: ckb
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
High
GSA_kwCzR0hTQS01NjR3LTk3cjctYzZwOc4AAz-c
Livebook Desktop's protocol handler can be exploited to execute arbitrary command on Windows
Ecosystems: hex
Packages: livebook
Source: GitHub Advisory Database
Blast Radius: 9.6
Published: 11 months ago
High
GSA_kwCzR0hTQS1oajNtLXY3NTgtand4Nc0c2w
Path Traversal in http-server-node
Ecosystems: npm
Packages: http-server-node
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLThwODMtNjhjdy05NDNm
Apache Ignite communicates to an external PHP server where sensitive information is sent
Ecosystems: maven
Packages: org.apache.ignite:ignite-core
Source: GitHub Advisory Database
Blast Radius: 21.6
Published: over 5 years ago
High
GSA_kwCzR0hTQS1tcTN4LXFnd3gtM3Jmd84AAzSk
Embedding untrusted input inside CSV files leads to Formula Injection/CSV Injection
Ecosystems: packagist
Packages: pimcore/customer-management-framework-bundle
Source: GitHub Advisory Database
Blast Radius: 8.9
Published: about 1 year ago
High
GSA_kwCzR0hTQS0zdzZwLThmODItZ3c4cs0c1Q
Using JMSAppender in log4j configuration may lead to deserialization of untrusted data
Ecosystems: maven
Packages: ru.yandex.clickhouse:clickhouse-jdbc-bridge
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
High
GSA_kwCzR0hTQS02eGM0LTdmbW0tNjVxMs4AAs-a
Code injection in concrete CMS
Ecosystems: packagist
Packages: concrete5/core
Source: GitHub Advisory Database
Blast Radius: 14.2
Published: almost 2 years ago
High
GSA_kwCzR0hTQS12N2NtLXc5NTUtcGo2Z84AAUEN
Improper Input Validation Apache Commons Email
Ecosystems: maven
Packages: org.apache.commons:commons-email
Source: GitHub Advisory Database
Blast Radius: 30.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS0zeDNtLXAyd3gtZzdjd84AAUjN
Unauthenticated File Read in PHP Proxy
Ecosystems: packagist
Packages: athlon1600/php-proxy-app
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS12Y3hoLXF2Z3ItOWZ3Oc4AAzNm
m.static Directory Traversal vulnerability
Ecosystems: npm
Packages: m.static
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
High
GSA_kwCzR0hTQS1jY3FmLWM1aHEtNzdtcM3sQA
Missing Authorization in Apache ZooKeeper
Ecosystems: maven
Packages: org.apache.zookeeper:zookeeper
Source: GitHub Advisory Database
Blast Radius: 34.0
Published: about 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXg1eDctM3Y4NS13cGM0
Apache Struts allows entering a custom URL in a form field if built-in URLValidator is used
Ecosystems: maven
Packages: org.apache.struts:struts2-core
Source: GitHub Advisory Database
Blast Radius: 28.4
Published: over 5 years ago
High
GSA_kwCzR0hTQS13NTk2LTR3dngtajlqNs4AAvXY
ReDoS in py library when used with subversion
Ecosystems: pypi
Packages: py
Source: GitHub Advisory Database
Blast Radius: 38.4
Published: over 1 year ago
High
GSA_kwCzR0hTQS01aDI5LXFxOTItd2o3Zs4AAiN_
Cleartext Transmission of Sensitive Information in Apache MINA
Ecosystems: maven
Packages: org.apache.mina:mina-core
Source: GitHub Advisory Database
Blast Radius: 29.1
Published: almost 2 years ago
High
GSA_kwCzR0hTQS03MncyLWo1MmMtNzY4Ms4AAyQw
Moodle SQL Injection vulnerability
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 12.5
Published: about 1 year ago
High
GSA_kwCzR0hTQS1mNDJwLXZjOHAtN3g1NM4AAvaj
MobSF allows attackers to read arbitrary files via a crafted HTTP request
Ecosystems: pypi
Packages: mobsf
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
High
GSA_kwCzR0hTQS1qZjVmLWgzd3ItajY2Ns4AAQtC
SQL Injection in Zenario 7.1-7.6
Ecosystems: packagist
Packages: tribalsystems/zenario
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS13MmY0LWh4cG0tbXE5OM0XMw
bookstack is vulnerable to Unrestricted Upload of File with Dangerous Type
Ecosystems: packagist
Packages: ssddanbrown/bookstack
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
High
GSA_kwCzR0hTQS1yOWZ2LXFwbTktcmo0Z84AAQl7
Exposure of Sensitive Information to an Unauthorized Actor in Elasticsearch
Ecosystems: maven
Packages: org.elasticsearch:elasticsearch
Source: GitHub Advisory Database
Blast Radius: 37.6
Published: about 2 years ago
High
GSA_kwCzR0hTQS1waDM0LXBjODgtNzJnY84AATBa
Incorrect Permission Assignment for Critical Resource in NPM
Ecosystems: npm
Packages: npm
Source: GitHub Advisory Database
Blast Radius: 40.1
Published: about 2 years ago
High
GSA_kwCzR0hTQS05d3g3LWpydmMtMjhtbc0W9Q
Signature verification vulnerability in Stark Bank ecdsa libraries
Ecosystems: npm, nuget, maven, pypi
Packages: starkbank-ecdsa, com.starkbank:ecdsa-java
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
High
GSA_kwCzR0hTQS00dnJ2LWNoOTYtNmg0Ms4AAS7X
Improper Privilege Management in MySQL Connectors Java
Ecosystems: maven
Packages: mysql:mysql-connector-java
Source: GitHub Advisory Database
Blast Radius: 50.6
Published: about 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTlncjMtNzg5Ny1wcDdt
XSS in Image Optimization API for Next.js
Ecosystems: npm
Packages: next
Source: GitHub Advisory Database
Blast Radius: 41.5
Published: over 2 years ago
High
GSA_kwCzR0hTQS1wNTZqLXg0NGgtZzY2as4AAhfi
Incorrect Privilege Assignment in Jenkins Script Security Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:script-security
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
High
GSA_kwCzR0hTQS13ODMyLXYzYzYtbTZyZ84AA1aR
pandasai vulnerable to prompt injection
Ecosystems: pypi
Packages: pandasai
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 9 months ago
High
GSA_kwCzR0hTQS1oNDIzLXc2cXYtMndqM84AAvaP
parse-server crashes when receiving file download request with invalid byte range
Ecosystems: npm
Packages: parse-server
Source: GitHub Advisory Database
Blast Radius: 23.1
Published: over 1 year ago
High
GSA_kwCzR0hTQS1xZjZxLXFmd3AtdnA0NM0Wcg
Origin Validation Error in Magento 2
Ecosystems: packagist
Packages: cardgate/magento2
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
High
GSA_kwCzR0hTQS13NjdnLTZnanYtYzU5Oc4AAvTT
Powerline Gitstatus vulnerable to arbitrary code execution
Ecosystems: pypi
Packages: powerline-gitstatus
Source: GitHub Advisory Database
Blast Radius: 10.5
Published: over 1 year ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTlmY3AtdmNxOS05aDJo
OS Command Injection in craftercms:crafter-studio
Ecosystems: maven
Packages: org.craftercms:crafter-studio
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 5 years ago
High
GSA_kwCzR0hTQS14M21oLWp2anctM3h3eM0zKw
openssl-src's infinite loop in `BN_mod_sqrt()` reachable when parsing certificates
Ecosystems: cargo
Packages: openssl-src
Source: GitHub Advisory Database
Blast Radius: 26.7
Published: about 2 years ago
High
GSA_kwCzR0hTQS1oNzdmLXh4eDctNDg1OM0VmQ
User impersonation due to incorrect handling of the login JWT
Ecosystems: maven
Packages: org.geysermc:connector
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTRybTMtNG1xNC1tZndy
Cross-Site Request Forgery (CSRF) in hswebframework.web:hsweb-commons
Ecosystems: maven
Packages: org.hswebframework.web:hsweb-commons
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWNjcnAtYzY2NC04cDRq
Cross-Site Scripting in markdown-to-jsx
Ecosystems: npm
Packages: markdown-to-jsx
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWc0ODUtMjlncS02aDJo
Sensitive Data Exposure in miniorange_saml
Ecosystems: packagist
Packages: miniorange/miniorange-saml
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
High
GSA_kwCzR0hTQS1wcmo1LTJnMnAteDJtd84AAzLd
teampass vulnerable to code injection
Ecosystems: packagist
Packages: nilsteampassnet/teampass
Source: GitHub Advisory Database
Blast Radius: 4.3
Published: about 1 year ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXA1NXgtN3g5di1xOG00
Denial of Service in miekg-dns
Ecosystems: go
Packages: github.com/miekg/dns
Source: GitHub Advisory Database
Blast Radius: 36.7
Published: almost 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZybXItZjJxaC0zaGhm
Improper use of cryptographic key in wal-g
Ecosystems: go
Packages: github.com/wal-g/wal-g
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWhxYzgtajg2eC0yNzY0
Off-by-one error in simple-slab
Ecosystems: cargo
Packages: simple-slab
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
High
GSA_kwCzR0hTQS1taDJoLTZqOHEteDI0Ns4AAjZJ
Improper Neutralization of Special Elements in Output Used by a Downstream Component in Codecov
Ecosystems: npm
Packages: codecov
Source: GitHub Advisory Database
Blast Radius: 45.2
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1yajdwLXJmZ3AtODUyeM4AAiiY
Loop with Unreachable Exit Condition in Apache Thrift
Ecosystems: maven
Packages: org.apache.thrift:libthrift
Source: GitHub Advisory Database
Blast Radius: 31.1
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1majMyLTZ2N20tNTdwZ832Tw
Improper Access Control in Elasticsearch
Ecosystems: maven
Packages: org.elasticsearch:elasticsearch
Source: GitHub Advisory Database
Blast Radius: 34.6
Published: about 2 years ago
High
GSA_kwCzR0hTQS01cDc1LXZjNWctOHJ2Ms4AAyiw
SvelteKit vulnerable to Cross-Site Request Forgery
Ecosystems: npm
Packages: @sveltejs/kit
Source: GitHub Advisory Database
Blast Radius: 37.4
Published: about 1 year ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW1xNmMtZmg5Ny00Z3d2
Denial of Service vulnerability with large JSON payloads in fastify
Ecosystems: npm
Packages: fastify
Source: GitHub Advisory Database
Blast Radius: 31.7
Published: almost 6 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTk1NXAtcmM1aC1oZzZo
Double free in arenavec
Ecosystems: cargo
Packages: arenavec
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
High
GSA_kwCzR0hTQS1ndjJ3LTg4aHgtOG05cs4AAkj8
Improper Authorization in Undertoe
Ecosystems: maven
Packages: io.undertow:undertow-core
Source: GitHub Advisory Database
Blast Radius: 32.0
Published: almost 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTh4dzgtbW1xdi1mcnFx
fake-static allows converting any reference into a `'static` reference
Ecosystems: cargo
Packages: fake-static
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
High
GSA_kwCzR0hTQS1tdjc3LWZqNjMtcTV3OM4AA2q7
Stored XSS vulnerability in Jenkins GitHub Plugin
Ecosystems: maven
Packages: com.coravy.hudson.plugins.github:github
Source: GitHub Advisory Database
Blast Radius: 19.7
Published: 7 months ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXFncnEtY3g0Yy0ycm1t
Incorrect Authorization in WildFly Elytron
Ecosystems: maven
Packages: org.wildfly.security:wildfly-elytron
Source: GitHub Advisory Database
Blast Radius: 19.1
Published: about 2 years ago
High
GSA_kwCzR0hTQS1tZ3Y4LWdnZ3ctbXJnNs4AAzGx
vyper vulnerable to storage allocator overflow
Ecosystems: pypi
Packages: vyper
Source: GitHub Advisory Database
Blast Radius: 17.8
Published: about 1 year ago
High
GSA_kwCzR0hTQS14Z3d3LWg5OGYtMjRxZs4AAoS0
Metasploit Framework user exposes Metasploit to same deserialization issue that is exploited by that module
Ecosystems: rubygems
Packages: metasploit-framework
Source: GitHub Advisory Database
Blast Radius: 23.6
Published: almost 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXAyOG0tMzRmNi05Njdx
PyOpenSSL Use-After-Free vulnerability
Ecosystems: pypi
Packages: pyopenssl
Source: GitHub Advisory Database
Blast Radius: 33.3
Published: over 5 years ago
High
GSA_kwCzR0hTQS1oNGM5LXJyNW0tMzJmbc4AAyfx
RuoYi vulnerable to arbitrary file download
Ecosystems: maven
Packages: com.ruoyi:ruoyi
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWc4M20tNjd3aC13aHB3
Command injection in kekbit
Ecosystems: cargo
Packages: kekbit
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
High
GSA_kwCzR0hTQS1xZ2o0LXJjOG0tNDRtcc4AAlYS
Stored XSS vulnerability in Jenkins job build time trend
Ecosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1nNGo2LW0zbTMtY3J3OM4AAlYJ
Stored XSS vulnerability in Jenkins upstream cause
Ecosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXgyN3ctcXhoZy0zNDN2
Access Restriction Bypass in go-ldap
Ecosystems: go
Packages: github.com/go-ldap/ldap
Source: GitHub Advisory Database
Blast Radius: 29.6
Published: about 2 years ago
High
GSA_kwCzR0hTQS13bWc1LWc5NTMtcXFmd84AA0UP
Hashicorp Vault Fails to Verify if Approle SecretID Belongs to Role During a Destroy Operation
Ecosystems: go
Packages: github.com/hashicorp/vault
Source: GitHub Advisory Database
Blast Radius: 27.3
Published: 10 months ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWZnNDItdnd4eC14eDVq
Data race in tiny_future
Ecosystems: cargo
Packages: tiny_future
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTR4amgtbTNxeC00OXdj
Jekyll allows attackers to access arbitrary files by specifying a symlink
Ecosystems: rubygems
Packages: jekyll
Source: GitHub Advisory Database
Blast Radius: 42.7
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTM2Y2ctNGpmZi01ODYz
Data races in signal-simple
Ecosystems: cargo
Packages: signal-simple
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJmNGotajI3Mi1majg2
Django Information leakage in AuthenticationForm
Ecosystems: pypi
Packages: django
Source: GitHub Advisory Database
Blast Radius: 38.0
Published: over 5 years ago
High
GSA_kwCzR0hTQS03NzloLTNyNjktNGY1cM4AAz2q
json-io vulnerable to stack exhaustion
Ecosystems: maven
Packages: com.cedarsoftware:json-io
Source: GitHub Advisory Database
Blast Radius: 19.1
Published: 11 months ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWp3cGgtcXA1aC1mOXdq
Data races in bunch
Ecosystems: cargo
Packages: bunch
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTg4OTItODR3Zi1jZzhm
SyncChannel<T> can move 'T: !Send' to other threads
Ecosystems: cargo
Packages: signal-simple
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
High
GSA_kwCzR0hTQS1yOTdxLWdoY2gtODJqOc4AAzEw
Ghost vulnerable to information disclosure of private API fields
Ecosystems: npm
Packages: ghost
Source: GitHub Advisory Database
Blast Radius: 20.0
Published: about 1 year ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWc0NGotN3ZwMy02OGN2
Arbitrary File Write in Libcontainer
Ecosystems: go
Packages: github.com/docker/docker
Source: GitHub Advisory Database
Blast Radius: 38.7
Published: about 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTd2MzUtcXd3ai1wOThn
Improper Restriction of XML External Entity Reference in DiffPlug Spotless
Ecosystems: maven
Packages: com.diffplug.spotless:spotless-maven-plugin, com.diffplug.spotless:spotless-plugin-gradle
Source: GitHub Advisory Database
Blast Radius: 21.0
Published: almost 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW0yOTYtajUzeC14djk1
Data races in tiny_future
Ecosystems: cargo
Packages: tiny_future
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTI1eG0taHI1OS03YzI3
github.com/ulikunitz/xz fixes readUvarint denial of service
Ecosystems: go
Packages: github.com/ulikunitz/xz
Source: GitHub Advisory Database
Blast Radius: 31.7
Published: almost 3 years ago
High
GSA_kwCzR0hTQS00cm1yLWMyangtdngyN80l0A
Mustache remote code injection vulnerability
Ecosystems: packagist
Packages: mustache/mustache
Source: GitHub Advisory Database
Blast Radius: 32.8
Published: over 2 years ago
Statistics
Advisories: 18,592
Packages: 8,342
Repositories: 2,453
Ecosystems: 12
Filter by Severity
Moderate 8,062 High 6,401 Critical 2,824 Low 1,013
Filter by Ecosystem
maven 1,876 npm 1,408 pypi 1,198 packagist 1,025 nuget 786 go 695 cargo 324 rubygems 284 swift 16 hex 9 actions 8 pub 4
Filter by Package
Microsoft.ChakraCore 234 tensorflow 107 tensorflow-cpu 95 tensorflow-gpu 93 magento/community-edition 55 org.jenkins-ci.main:jenkins-core 48 moodle/moodle 44 com.fasterxml.jackson.core:jackson-databind 43 org.apache.tomcat:tomcat 33 dolibarr/dolibarr 31 drupal/core 28 microweber/microweber 27 pimcore/pimcore 27 nokogiri 25 drupal/drupal 24 phpmyadmin/phpmyadmin 23 org.apache.struts:struts2-core 23 com.thoughtworks.xstream:xstream 22 opencv-contrib-python 22 opencv-python 22 typo3/cms 22 com.jfinal:jfinal 21 Pillow 21 salt 20 ansible 20 thorsten/phpmyfaq 19 django 19 github.com/rancher/rancher 19 typo3/cms-core 18 org.jenkins-ci.plugins:script-security 18 librenms/librenms 18 mlflow 17 Plone 17 pocketmine/pocketmine-mp 17 openssl-src 17 apache-airflow 16 org.apache.tomcat.embed:tomcat-embed-core 16 symfony/symfony 16 getgrav/grav 15 parse-server 15 rdiffweb 15 nilsteampassnet/teampass 15 Microsoft.AspNetCore.App.Runtime.win-x64 14 vyper 14 net.mingsoft:ms-mcms 14 centreon/centreon 14 Microsoft.AspNetCore.App.Runtime.win-x86 14 github.com/hashicorp/consul 14 github.com/usememos/memos 13 golang.org/x/net 13 Microsoft.AspNetCore.App.Runtime.win-arm 13 rubygems-update 13 Microsoft.AspNetCore.App.Runtime.osx-x64 12 Microsoft.AspNetCore.App.Runtime.win-arm64 12 activerecord 12 baserproject/basercms 12 Microsoft.AspNetCore.App.Runtime.linux-musl-arm64 12 org.keycloak:keycloak-core 12 org.apache.openmeetings:openmeetings-parent 12 electron 12 Microsoft.AspNetCore.App.Runtime.linux-musl-x64 12 Microsoft.AspNetCore.App.Runtime.linux-arm 12 Microsoft.AspNetCore.App.Runtime.linux-arm64 12 Microsoft.AspNetCore.App.Runtime.linux-x64 12 actionpack 11 mautic/core 11 github.com/nats-io/nats-server/v2 11 github.com/argoproj/argo-cd 11 io.undertow:undertow-core 11 github.com/hashicorp/vault 11 org.keycloak:keycloak-parent 11 intelliants/subrion 11 shopware/platform 10 Django 10 keystone 10 org.springframework.security:spring-security-core 10 github.com/hashicorp/nomad 10 cockpit-hq/cockpit 10 matrix-synapse 10 org.apache.nifi:nifi 10 org.xwiki.platform:xwiki-platform-oldcore 10 openmage/magento-lts 10 froxlor/froxlor 10 cobbler 10 org.apache.geode:geode-core 9 org.apache.solr:solr-core 9 Microsoft.NetCore.App.Runtime.win-arm64 9 craftcms/cms 9 rusqlite 9 mercurial 9 ckb 9 org.cloudfoundry.identity:cloudfoundry-identity-server 9 Microsoft.NetCore.App.Runtime.win-arm 9 Microsoft.NetCore.App.Runtime.win-x64 9 org.apache.struts.xwork:xwork-core 9 Microsoft.NetCore.App.Runtime.win-x86 9 org.apache.hadoop:hadoop-main 9 github.com/ethereum/go-ethereum 9 org.bouncycastle:bcprov-jdk14 9 october/system 8 Microsoft.NETCore.App.Runtime.win-arm64 8 Microsoft.NETCore.App.Runtime.win-x64 8 Microsoft.NETCore.App.Runtime.win-x86 8 shopware/core 8 org.bouncycastle:bcprov-jdk15 8 gradio 8 github.com/sylabs/singularity 8 org.keycloak:keycloak-services 8 Microsoft.AspNetCore.App.Runtime.linux-musl-arm 8 org.apache.commons:commons-compress 7 next 7 phpmailer/phpmailer 7 apache-superset 7 org.craftercms:crafter-studio 7 codeigniter4/framework 7 github.com/docker/docker 7 DotNetNuke.Core 7 symfony/security 7 org.jenkins-ci.plugins.workflow:workflow-cps 7 com.liferay.portal:release.portal.bom 7 tar 7 cn.hutool:hutool-core 7 magento/core 7 snipe/snipe-it 7 org.elasticsearch:elasticsearch 7 org.eclipse.jetty:jetty-server 7 org.jenkins-ci.plugins.workflow:workflow-cps-global-lib 7 cakephp/cakephp 7 org.apache.inlong:manager-pojo 7 org.springframework:spring-core 7 smarty/smarty 7 strapi 7 gogs.io/gogs 7 deno 7 pillow 7 com.xuxueli:xxl-job 7 istio.io/istio 6 opencv-contrib-python-headless 6 rack 6 @strapi/strapi 6 Microsoft.NETCore.App 6 wwbn/avideo 6 golang.org/x/crypto 6 sequelize 6 handlebars 6 symfony/security-http 6 org.apache.cxf:cxf 6 Microsoft.AspNetCore.App.Runtime.osx-arm64 6 npm 6 prestashop/prestashop 6 github.com/hyperledger/fabric 6 composer/composer 6 github.com/gravitl/netmaker 6 org.apache.camel:camel-core 6 github.com/grafana/grafana 6 contao/contao 6 contao/core-bundle 6 Microsoft.AspNetCore.All 6 guzzlehttp/guzzle 6 de.tum.in.ase:artemis-java-test-sandbox 6 @openzeppelin/contracts 6 laravel/framework 6 waitress 6 github.com/traefik/traefik/v2 6 cryptography 6 k8s.io/kubernetes 6 github.com/zitadel/zitadel 6 org.apache.tika:tika-core 6 opencv-python-headless 6 sized-chunks 6 nautobot 6 express-cart 6 kiwitcms 6 org.apache.tomcat:tomcat-coyote 6 directus 5 plone 5 github.com/nats-io/jwt 5 serve 5 org.apache.mesos:mesos 5 matrix-js-sdk 5 forkcms/forkcms 5 zope 5 github.com/IBAX-io/go-ibax 5 Microsoft.WindowsDesktop.App.Runtime.win-x86 5 Microsoft.WindowsDesktop.App.Runtime.win-x64 5 org.xwiki.platform:xwiki-platform-web 5 phpbb/phpbb 5 genix/cms 5 twisted 5 github.com/opencontainers/runc 5 org.apache.tomcat:tomcat-catalina 5 pear/archive_tar 5 github.com/cilium/cilium 5 org.apache.dolphinscheduler:dolphinscheduler 5 code.gitea.io/gitea 5 github.com/answerdev/answer 5 ua-parser-js 5 com.vaadin:vaadin-bom 5 github.com/go-gitea/gitea 5 CefSharp.Common 5
Filter by Repository
https://github.com/chakra-core/ChakraCore 204 https://github.com/tensorflow/tensorflow 107 https://github.com/xwiki/xwiki-platform 48 https://github.com/FasterXML/jackson-databind 44 https://github.com/jenkinsci/jenkins 36 https://github.com/apache/tomcat 34 https://github.com/python-pillow/Pillow 26 https://github.com/pimcore/pimcore 25 https://github.com/microweber/microweber 25 https://github.com/apache/airflow 25 https://github.com/moodle/moodle 24 https://github.com/django/django 24 https://github.com/keycloak/keycloak 22 https://github.com/x-stream/xstream 22 https://github.com/apache/struts 22 https://github.com/opencv/opencv 21 https://github.com/sparklemotion/nokogiri 20 https://github.com/Dolibarr/dolibarr 19 https://github.com/thorsten/phpmyfaq 18 https://github.com/dotnet/runtime 17 https://github.com/pmmp/PocketMine-MP 17 https://github.com/symfony/symfony 16 https://github.com/spring-projects/spring-framework 16 https://github.com/rancher/rancher 16 https://github.com/parse-community/parse-server 15 https://github.com/ikus060/rdiffweb 15 https://github.com/ansible/ansible 15 https://github.com/vyperlang/vyper 14 https://github.com/librenms/librenms 14 https://github.com/apache/inlong 14 https://github.com/github/advisory-database 14 https://github.com/usememos/memos 13 https://github.com/jenkinsci/script-security-plugin 13 https://github.com/getgrav/grav 13 https://github.com/rails/rails 12 https://github.com/mlflow/mlflow 12 https://github.com/hashicorp/consul 11 https://github.com/apache/nifi 11 https://github.com/electron/electron 11 https://github.com/mautic/mautic 11 https://github.com/argoproj/argo-cd 10 https://github.com/centreon/centreon 10 https://github.com/octobercms/october 10 https://github.com/OpenMage/magento-lts 10 https://github.com/go-gitea/gitea 10 https://github.com/openstack/keystone 9 https://github.com/kubernetes/kubernetes 9 https://github.com/strapi/strapi 9 https://github.com/rusqlite/rusqlite 9 https://github.com/golang/go 9 https://github.com/apache/camel 9 https://github.com/cui2shark/cms 9 https://github.com/cloudfoundry/uaa 9 https://github.com/nilsteampassnet/teampass 9 https://github.com/nervosnetwork/ckb 9 https://github.com/cockpit-hq/cockpit 8 https://github.com/shopware/platform 8 https://github.com/matrix-org/synapse 8 https://github.com/gradio-app/gradio 8 https://github.com/TYPO3/TYPO3.CMS 8 https://github.com/bcgit/bc-java 8 https://github.com/cobbler/cobbler 8 https://github.com/denoland/deno 8 https://github.com/nats-io/nats-server 8 https://github.com/DSpace/DSpace 7 https://github.com/netty/netty 7 https://github.com/apache/cxf 7 https://github.com/plone/Products.CMFPlone 7 https://github.com/rubygems/rubygems 7 https://github.com/dotnet/aspnetcore 7 https://github.com/hashicorp/vault 7 https://github.com/snipe/snipe-it 7 https://github.com/eclipse/jetty.project 7 https://github.com/spring-projects/spring-security 7 https://github.com/apache/activemq 7 https://github.com/undertow-io/undertow 7 https://github.com/PHPMailer/PHPMailer 7 https://github.com/DrunkenShells/Disclosures 6 https://github.com/nilsteampassnet/TeamPass 6 https://github.com/istio/istio 6 https://github.com/WWBN/AVideo 6 https://github.com/TYPO3/typo3 6 https://github.com/kiwitcms/Kiwi 6 https://github.com/sequelize/sequelize 6 https://github.com/guzzle/guzzle 6 https://github.com/phpmyadmin/phpmyadmin 6 https://github.com/gravitl/netmaker 6 https://github.com/intelliants/subrion 6 https://github.com/saltstack/salt 6 https://github.com/xuxueli/xxl-job 6 https://github.com/zitadel/zitadel 6 https://github.com/CVEProject/cvelist 6 https://github.com/dnnsoftware/Dnn.Platform 6 https://github.com/OPCFoundation/UA-.NETStandard 6 https://github.com/Pylons/waitress 6 https://github.com/backstage/backstage 6 https://github.com/ls1intum/Ares 6 https://github.com/npm/node-tar 6 https://github.com/PaddlePaddle/Paddle 6 https://github.com/pyca/cryptography 6 https://github.com/opencast/opencast 6 https://github.com/OpenNMS/opennms 6 https://github.com/magento/magento2 6 https://github.com/hyperledger/fabric 6 https://github.com/bodil/sized-chunks 6 https://github.com/dromara/hutool 6 https://github.com/contao/contao 6 https://github.com/nautobot/nautobot 6 https://github.com/OpenZeppelin/openzeppelin-contracts 6 https://github.com/smarty-php/smarty 6 https://github.com/froxlor/froxlor 6 https://github.com/directus/directus 5 https://github.com/cilium/cilium 5 https://github.com/PrestaShop/PrestaShop 5 https://github.com/gogs/gogs 5 https://github.com/codeigniter4/CodeIgniter4 5 https://github.com/aubio/aubio 5 https://github.com/cakephp/cakephp 5 https://github.com/drupal/core 5 https://github.com/apache/kylin 5 https://github.com/getkirby/kirby 5 https://github.com/pear/Archive_Tar 5 https://github.com/protocolbuffers/protobuf 5 https://github.com/apache/hadoop 5 https://github.com/ethereum/go-ethereum 5 https://github.com/zopefoundation/Zope 5 https://github.com/geoserver/geoserver 5 https://github.com/laravel/framework 5 https://github.com/faisalman/ua-parser-js 5 https://github.com/docker/docker 5 https://github.com/IBAX-io/go-ibax 5 https://github.com/answerdev/answer 5 https://github.com/apache/dolphinscheduler 5 https://github.com/composer/composer 5 https://github.com/twisted/twisted 5 https://github.com/matrix-org/matrix-js-sdk 5 https://github.com/vercel/next.js 5 https://github.com/cefsharp/CefSharp 5 https://github.com/grafana/grafana 5 https://github.com/forkcms/forkcms 5 https://github.com/BlackFan/client-side-prototype-pollution 5 https://github.com/traefik/traefik 5 https://github.com/apache/xmlgraphics-batik 5 https://github.com/hpcng/singularity 5 https://github.com/jenkinsci/workflow-cps-global-lib-plugin 4 https://github.com/pimcore/admin-ui-classic-bundle 4 https://github.com/free5gc/free5gc 4 https://github.com/yiisoft/yii2 4 https://github.com/ericcornelissen/shescape 4 https://github.com/0xJacky/nginx-ui 4 https://github.com/livehelperchat/livehelperchat 4 https://github.com/scrapy/scrapy 4 https://github.com/tidwall/gjson 4 https://github.com/playframework/playframework 4 https://github.com/wixtoolset/issues 4 https://github.com/cri-o/cri-o 4 https://github.com/surrealdb/surrealdb 4 https://github.com/igniterealtime/Openfire 4 https://github.com/npm/cli 4 https://github.com/quarkusio/quarkus 4 https://github.com/ckeditor/ckeditor4 4 https://github.com/nightcloudos/new_cms 4 https://github.com/nocodb/nocodb 4 https://github.com/totaljs/framework 4 https://github.com/apple/swift-nio-http2 4 https://github.com/RaspAP/raspap-webgui 4 https://github.com/kubernetes/ingress-nginx 4 https://github.com/jettison-json/jettison 4 https://github.com/Froxlor/Froxlor 4 https://github.com/PrismJS/prism 4 https://github.com/ethyca/fides 4 https://github.com/restlet/restlet-framework-java 4 https://github.com/statamic/cms 4 https://github.com/vantage6/vantage6 4 https://github.com/containers/podman 4 https://github.com/bolt/bolt 4 https://github.com/containers/buildah 4 https://github.com/opencontainers/runc 4 https://github.com/phpseclib/phpseclib 4 https://github.com/centreon/centreon-archived 4 https://github.com/hashicorp/nomad 4 https://github.com/fiveai/Cachet 4 https://github.com/baserproject/basercms 4 https://github.com/jhipster/generator-jhipster 4 https://github.com/cloudflare/cfrpki 4 https://github.com/apache/geode 4 https://github.com/libp2p/go-libp2p 4 https://github.com/jnqnfe/pulse-binding-rust 4 https://github.com/pgadmin-org/pgadmin4 4 https://github.com/jeecgboot/jeecg-boot 4 https://github.com/Codiad/Codiad 4 https://github.com/nextauthjs/next-auth 3 https://github.com/pf4j/pf4j 3 https://github.com/dotnet/sdk 3 https://github.com/infor-design/enterprise-ng 3 https://github.com/ming-soft/MCMS 3 https://github.com/openfga/openfga 3 https://github.com/microsoft/msquic 3 https://github.com/edgelesssys/constellation 3