Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Moderate Security Advisories

Loading...
Moderate
GSA_kwCzR0hTQS05Y3hoLWdxcHgtcWM1bc0WiA
Credential Disclosure in System.DirectoryServices.Protocols
Ecosystems: nuget
Packages: System.DirectoryServices.Protocols
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS03YzN2LXZjM3gteDc4Oc4AAhnW
Insertion of Sensitive Information into Log File in Jenkins Configuration as Code Plugin
Ecosystems: maven
Packages: io.jenkins:configuration-as-code
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1tNzJnLTQycTYtZ3ZjMs0WGQ
Cross-site Scripting in LaraCMS
Ecosystems: packagist
Packages: wanglelecc/laracms
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS05bTQ4LTU0cGotaDI0OM4AAh6P
Improper Neutralization of Input During Web Page Generation in Jenkins
Ecosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1oN21xLTI3cjctdzk3Ms0WDA
Cross-site Scripting in GilaCMS
Ecosystems: packagist
Packages: gilacms/gila
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS14OXdwLWdmcnItcDVycM4AAv6R
Missing Authorization in Jenkins XP-Dev Plugin
Ecosystems: maven
Packages: com.cloudbees.jenkins.plugins:xpdev
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS04cWg0LWZnaHItNmZ4Z84AAiY0
Improper Limitation of a Pathname to a Restricted Directory in Jenkins Google OAuth Credentials Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:google-oauth-plugin
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTg0cm0tcWYzNy1mZ2My
Integer Overflow in openssl-src
Ecosystems: cargo
Packages: openssl-src
Source: GitHub Advisory Database
Blast Radius: 21.0
Published: over 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTgzbXgtNTczeC01cnc5
openssl-src NULL pointer Dereference in signature_algorithms processing
Ecosystems: cargo
Packages: openssl-src
Source: GitHub Advisory Database
Blast Radius: 21.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS00NTk4LXdjZzgteDU2Z84AAv5D
XML External Entity Reference in Jenkins Violations Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:violations
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS05andjLXE2ajMtOGc5Z84AAigD
Improper Restriction of XML External Entity Reference in Apache POI
Ecosystems: maven
Packages: org.apache.poi:poi
Source: GitHub Advisory Database
Blast Radius: 26.8
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS0zM3B2LXZjZ2gtamZnOc4AAyg6
Wagtail vulnerable to denial-of-service via memory exhaustion when uploading large files
Ecosystems: pypi
Packages: wagtail
Source: GitHub Advisory Database
Blast Radius: 14.5
Published: about 1 year ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXFtbWMtanBwZi0zMnd2
Directory Traversal in Docker
Ecosystems: go
Packages: github.com/docker/docker
Source: GitHub Advisory Database
Blast Radius: 29.9
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1taHBqLTdtN2gtOHA2eM4AAzSc
Pimcore Cross-site Scripting (XSS) in Static Routes name field
Ecosystems: packagist
Packages: pimcore/pimcore
Source: GitHub Advisory Database
Blast Radius: 16.9
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1odzR2LTV4NGgtYzN4bc0Vhg
Transaction validity oversight in pallet-ethereum
Ecosystems: cargo
Packages: frontier
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1wcWo3LWp4MjQtd2o3d84AAzSa
VTAdmin users that can create shards can deny access to other functions
Ecosystems: go
Packages: vitess.io/vitess
Source: GitHub Advisory Database
Blast Radius: 9.7
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS14OTlqLXI4dnYtZ3d3as4AAzSL
Pimcore vulnerable to Business Logic Errors via Customer automation rules
Ecosystems: packagist
Packages: pimcore/customer-management-framework-bundle
Source: GitHub Advisory Database
Blast Radius: 4.9
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS14eGNqLXJocWctbTQ2Z84AAv-x
Segfault via invalid attributes in `pywrap_tfe_src.cc`
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 23.4
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS13Y2pqLXFtNXYtajRwY84AAv6V
Jenkins Reverse Proxy Auth Plugin vulnerable due to plaintext storage of passwords
Ecosystems: maven
Packages: org.jenkins-ci.main:reverse-proxy-auth-plugin
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1xN2NjLW02anctbTI2Ms4AAzRG
Pimcore Cross-site Scripting (XSS) in Predefined Properties delete
Ecosystems: packagist
Packages: pimcore/pimcore
Source: GitHub Advisory Database
Blast Radius: 16.9
Published: about 1 year ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWpqOHItcDlmNS1mbXZ2
Cross-site Scripting in TYPO3 extension
Ecosystems: packagist
Packages: miniorange/miniorange-saml
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS02NjdyLXA0Z2ctN20ycc4AA0sU
ImpressCMS Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: impresscms/impresscms
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 10 months ago
Moderate
GSA_kwCzR0hTQS00NThmLTI2cjMteDJjM80YLw
Cross-site Scripting in github.com/schollz/rwtxt
Ecosystems: go
Packages: github.com/schollz/rwtxt
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1nOHhjLTZtZjctaDI4aM4AAzM6
OpenSearch issue with fine-grained access control during extremely rare race conditions
Ecosystems: maven
Packages: org.opensearch.plugin:opensearch-security
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLThwNXAtZmY3eC1odzdx
Cross-Site Scripting in public
Ecosystems: npm
Packages: public
Source: GitHub Advisory Database
Blast Radius: 11.4
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTlxMnAtZmo0OS12cHhq
In marshmallow library the schema "only" option treats an empty list as implying no "only" option
Ecosystems: pypi
Packages: marshmallow
Source: GitHub Advisory Database
Blast Radius: 23.1
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWM3ZnctY3Izdy13dmZj
Multiple security issues including data race, buffer overflow, and uninitialized memory drop in arr
Ecosystems: cargo
Packages: arr
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWp3Y2Mtajc4dy1qNzN3
Ansible exposes sensitive data in log files and on the terminal
Ecosystems: pypi
Packages: ansible
Source: GitHub Advisory Database
Blast Radius: 24.6
Published: over 5 years ago
Moderate
GSA_kwCzR0hTQS1yNjl2LXE0OGctMzk2Ns4AAzCX
phpMyFAQ Improper Access Control vulnerability
Ecosystems: packagist
Packages: thorsten/phpmyfaq
Source: GitHub Advisory Database
Blast Radius: 4.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1tdjd4LTI3cGMtOGM5Ns4AAzhW
Go package pydio/cells vulnerable to authorization bypass
Ecosystems: go
Packages: github.com/pydio/cells
Source: GitHub Advisory Database
Blast Radius: 2.6
Published: 12 months ago
Moderate
GSA_kwCzR0hTQS1jNm1tLTJnODQtdjRtN84AAzGy
Mage-ai missing user authentication
Ecosystems: pypi
Packages: mage-ai
Source: GitHub Advisory Database
Blast Radius: 1.8
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1qcTZ4LTk5aGotcTYzNs4AAv-s
Seg fault in `ndarray_tensor_bridge` due to zero and large inputs
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 23.4
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1oaHg4LWNyNTUtcWN4eM4AATot
Improper Neutralization of Input During Web Page Generation in Jupyter Notebook
Ecosystems: pypi
Packages: jupyter-notebook
Source: GitHub Advisory Database
Blast Radius: 2.6
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS12ajZmLXE0dzYtcXg5cM4AAjkl
Plaintext Storage of a Password in Jenkins Eagle Tester Plugin
Ecosystems: maven
Packages: com.mobileenerlytics.eagle.tester:eagle-tester
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS0zdnA0LW0zcmYtODM1aM4AAzFG
Improper input validation in github.com/gin-gonic/gin
Ecosystems: go
Packages: github.com/gin-gonic/gin
Source: GitHub Advisory Database
Blast Radius: 26.6
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS02M2YyLTY5NTktMnB4as4AAye3
Mattermost vulnerable to cross-site scripting (XSS)
Ecosystems: go
Packages: github.com/mattermost/mattermost-server/v6, github.com/mattermost/mattermost-server/v5, github.com/mattermost/mattermost-server
Source: GitHub Advisory Database
Blast Radius: 13.2
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1qajQ1LTI0cnctdjZqd84AAzFc
Cross-site scripting in TotalJS
Ecosystems: npm
Packages: total4
Source: GitHub Advisory Database
Blast Radius: 15.2
Published: about 1 year ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZnMzMtZjI2Mi14anA0
Cryptographically Weak PRNG in randomatic
Ecosystems: npm
Packages: randomatic
Source: GitHub Advisory Database
Blast Radius: 31.9
Published: over 5 years ago
Moderate
GSA_kwCzR0hTQS1xdjYyLXhmajYtMzJ4bc4AAYCz
RubyGems Improper Input Validation vulnerability
Ecosystems: rubygems
Packages: rubygems-update
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXB3aGYtNzQyNy05dnYy
Non-atomic writes in cgc
Ecosystems: cargo
Packages: cgc
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTQ5cXIteGgzdy1oNDM2
Jupyter Notebook XSS via untrusted notebooks
Ecosystems: pypi
Packages: notebook
Source: GitHub Advisory Database
Blast Radius: 29.2
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWo4NXEtd2hjOS1nNHA5
Use of Cryptographically Weak Pseudo-Random Number Generator in showdoc
Ecosystems: packagist
Packages: showdoc/showdoc
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS0zeDk2LW00MnYtaHZoNc4AAs6_
Cross-site Scripting in Microweber
Ecosystems: packagist
Packages: microweber/microweber
Source: GitHub Advisory Database
Blast Radius: 4.3
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS04M3ZwLTZqcWctNmNtcs0xMg
Incorrect Authentication in shopware
Ecosystems: packagist
Packages: shopware/core
Source: GitHub Advisory Database
Blast Radius: 16.8
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1mcDc2LWYyOTktdjNoas4AAri9
Cross-site Scripting in FacturaScripts
Ecosystems: packagist
Packages: facturascripts/facturascripts
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1nMnIzLTRnOHEtaDVyas4AAmgN
Missing authorization in Jenkins Kubernetes Plugin
Ecosystems: maven
Packages: org.csanchez.jenkins.plugins:kubernetes
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1qcTM1LTg1Y2otZmo0cM4AA2xO
/sys/devices/virtual/powercap accessible by default to containers
Ecosystems: go
Packages: github.com/docker/docker
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS05MzM3LThjNmMtYzJ4Z84AAyt7
CubeFS allows Kubernetes cluster-level privilege escalation
Ecosystems: go
Packages: github.com/cubefs/cubefs
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1manc0LTM5cGctdmY0Zs4AAgqM
Apache Karaf vulnerable to relative path traversal
Ecosystems: maven
Packages: org.apache.karaf.config:org.apache.karaf.config.core
Source: GitHub Advisory Database
Blast Radius: 8.3
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS05N2hwLTZxOWctNWN3Ms4AAmfJ
Uncontrolled Resource Consumption in WildFly
Ecosystems: maven
Packages: org.wildfly:wildfly-dist
Source: GitHub Advisory Database
Blast Radius: 16.8
Published: almost 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW00ZnctNzd2Ny05MjRt
Qutebrowser XSS Vulnerability
Ecosystems: pypi
Packages: qutebrowser
Source: GitHub Advisory Database
Blast Radius: 8.1
Published: over 5 years ago
Moderate
GSA_kwCzR0hTQS13NzQ1LXhqcXgtN3dwOM4AA0TC
Artesãos SEOTools Open Redirect vulnerability
Ecosystems: packagist
Packages: artesaos/seotools
Source: GitHub Advisory Database
Blast Radius: 17.6
Published: 11 months ago
Moderate
GSA_kwCzR0hTQS1xOW13LTY4YzItajZtNc4AAzEv
engine.io Uncaught Exception vulnerability
Ecosystems: npm
Packages: engine.io
Source: GitHub Advisory Database
Blast Radius: 39.5
Published: about 1 year ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWZwd3AtNjl4di1jNjdm
aiohttp-session Session Fixation vulnerability
Ecosystems: pypi
Packages: aiohttp-session
Source: GitHub Advisory Database
Blast Radius: 17.8
Published: over 5 years ago
Moderate
GSA_kwCzR0hTQS01aDc1LXB2cTQtODJjOc4AAs67
Server-Side Request Forgery in Directus
Ecosystems: npm
Packages: directus
Source: GitHub Advisory Database
Blast Radius: 10.3
Published: almost 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTc0MnctODlnYy04bTlj
containerd v1.2.x can be coerced into leaking credentials during image pull
Ecosystems: go
Packages: github.com/containerd/containerd
Source: GitHub Advisory Database
Blast Radius: 27.0
Published: over 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTlxOTQtdjdjaC1teHF3
Insufficient Session Expiration and TOCTOU Race Condition in OPC FOundation UA .Net Standard
Ecosystems: nuget
Packages: OPCFoundation.NetStandard.Opc.Ua
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTdjcWctODQ0OS1ybWZ2
Observable Discrepancy in libsecp256k1-rs
Ecosystems: cargo
Packages: libsecp256k1-rs
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS14ZjM3LXFjdmYtN201N84AAp0a
Improper Authentication in SaltStack Salt
Ecosystems: pypi
Packages: salt
Source: GitHub Advisory Database
Blast Radius: 16.8
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS01Z3d4LXdmOWctcjVteM4AAv2W
NodeBB vulnerable to Cross-Site Request Forgery
Ecosystems: npm
Packages: nodebb
Source: GitHub Advisory Database
Blast Radius: 2.1
Published: over 1 year ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTNwNHEteDhmMy1wN3Zx
Jupyter Notebook XSS via directory name
Ecosystems: pypi
Packages: notebook
Source: GitHub Advisory Database
Blast Radius: 29.2
Published: over 5 years ago
Moderate
GSA_kwCzR0hTQS1nMzV4LWo2amotOGc3as4AAzD2
@mittwald/kubernetes's secret contents leaked via debug logging
Ecosystems: npm
Packages: @mittwald/kubernetes
Source: GitHub Advisory Database
Blast Radius: 1.3
Published: about 1 year ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWg0bTQtcGdwNC13aGdt
The reset password form reveal users email address
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-web
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWh4eHAtNjU0Ni13djZy
XXE vulnerability in Jenkins Selenium HTML report Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:seleniumhtmlreport
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 3 years ago
Moderate
GSA_kwCzR0hTQS05NDVxLWNoNDYtcGNoZ80Yiw
Deserialization of Untrusted Data in Spring AMQP
Ecosystems: maven
Packages: org.springframework.amqp:spring-amqp
Source: GitHub Advisory Database
Blast Radius: 22.8
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS00MjYyLXdyN3AtZ3Bjas3tmg
Rundeck Community Edition vulnerable to Cross-site Scripting
Ecosystems: maven
Packages: org.rundeck:rundeck
Source: GitHub Advisory Database
Blast Radius: 4.7
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1mNGc2LWM0N3gtcWh3d84AAyv6
Microweber vulnerable to cross-site scripting (XSS)
Ecosystems: packagist
Packages: microweber/microweber
Source: GitHub Advisory Database
Blast Radius: 3.4
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS13NmYyLTh3eDQtNDdyNc4AAqY0
Incorrect Authorization in MySQL Connector Java
Ecosystems: maven
Packages: mysql:mysql-connector-java
Source: GitHub Advisory Database
Blast Radius: 33.9
Published: almost 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW0ycTMtNTNmcS03aDY2
Gollum Exposure of Sensitive Information
Ecosystems: rubygems
Packages: gollum
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 5 years ago
Moderate
GSA_kwCzR0hTQS0zZ2ZqLWZ4eDQtZjIyd84AAvv1
OpenFGA Authorization Bypass
Ecosystems: go
Packages: github.com/openfga/openfga
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1nMm1jLWZxcWMtaHhnM84AAzD1
Pimcore Path Traversal Vulnerability in AdminBundle/Controller/Reports/CustomReportController.php
Ecosystems: packagist
Packages: pimcore/pimcore
Source: GitHub Advisory Database
Blast Radius: 16.2
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1nbXhtLXByNTgtdjVqY84AAyub
Jenkins Azure Key Vault Plugin does not properly mask credentials
Ecosystems: maven
Packages: org.jenkins-ci.plugins:azure-keyvault
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1jOWpmLXJodmctcDY1cs4AAyuO
Jenkins Report Portal Plugin missing permissions check
Ecosystems: maven
Packages: org.jenkins-ci.plugins:reportportal
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZoN3ctZmM4NC14N3A2
StaticFile.fromUrl can leak presence of a directory
Ecosystems: maven
Packages: org.http4s:http4s-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 3 years ago
Moderate
GSA_kwCzR0hTQS13cnI1LXAyNjUtNzI1Ms4AAqz1
Jenkins Warnings NG Plugin Cross-site scripting vulnerability
Ecosystems: maven
Packages: io.jenkins.plugins:warnings-ng
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS04NDdnLTM0YzUtdnZtOM4AAzC3
editor.md vulnerable to Cross-site Scripting
Ecosystems: npm
Packages: editor.md
Source: GitHub Advisory Database
Blast Radius: 12.7
Published: about 1 year ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXFxeHctbTVmai1mN2d2
The pattern '/\domain.com' is not disallowed when redirecting, allowing for open redirect
Ecosystems: go
Packages: github.com/oauth2-proxy/oauth2-proxy
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTVtNmMtanA2Zi0ydmN2
Open Redirect in OAuth2 Proxy
Ecosystems: go
Packages: github.com/oauth2-proxy/oauth2-proxy
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS13MzU4LXJqOTMtcjVxds4AArLC
Apache Superset Stored XSS on Dashboard markdown
Ecosystems: pypi
Packages: apache-superset
Source: GitHub Advisory Database
Blast Radius: 7.2
Published: almost 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWdjaHEtOXI2OC02and2
Cross-Site Request Forgery in Jenkins Credentials Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:credentials
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 3 years ago
Moderate
GSA_kwCzR0hTQS05aGo3LXY1NmctcmhmNs4AAyey
Mattermost fails to properly authentication inviter's permissions to private channel
Ecosystems: go
Packages: github.com/mattermost/mattermost-server/v6, github.com/mattermost/mattermost-server/v5, github.com/mattermost/mattermost-server
Source: GitHub Advisory Database
Blast Radius: 13.2
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1waDZnLTZ2OHctOHA2bc4AAzA7
Missing rate limit for password resets
Ecosystems: packagist
Packages: concrete5/concrete5
Source: GitHub Advisory Database
Blast Radius: 4.5
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS04djl3LXA0M2Mtcjg4Nc4AAs5d
Reachable Assertion in rulex
Ecosystems: cargo
Packages: rulex
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWZ2ZmMtOHBxci13anB2
Missing Authorization in Jenkins S3 publisher Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:s3
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTg4NHctNjk4Zi05Mjdm
Arbitrary File Write via Archive Extraction in unzipper
Ecosystems: npm
Packages: unzipper
Source: GitHub Advisory Database
Blast Radius: 26.2
Published: almost 6 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTU1NTctajg3aC1jdmY0
Missing Authorization in jenkins xray-connector
Ecosystems: maven
Packages: org.jenkins-ci.plugins:xray-connector
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 3 years ago
Moderate
GSA_kwCzR0hTQS02NXd2LTUyOHItbTg5Ms4AAlF4
Improper Input Validation in strapi
Ecosystems: npm
Packages: strapi
Source: GitHub Advisory Database
Blast Radius: 23.5
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1weHhwLTI4M3YteHBxNc4AAQ45
Stored XSS in LavaLite 5.5
Ecosystems: packagist
Packages: lavalite/cms
Source: GitHub Advisory Database
Blast Radius: 3.3
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS0yODZ2LXBjZjUtMjVyY84AAof1
Nokogiri Implements libxml2 version vulnerable to null pointer dereferencing
Ecosystems: rubygems
Packages: nokogiri
Source: GitHub Advisory Database
Blast Radius: 35.6
Published: almost 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXYzY2ctaDNmNi0yMjQy
Injection in MockServer
Ecosystems: maven
Packages: org.mock-server:mockserver
Source: GitHub Advisory Database
Blast Radius: 10.2
Published: over 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWhmNnAtNHJ2Mi05cXJw
Path Traversal in bikshed
Ecosystems: pypi
Packages: bikeshed
Source: GitHub Advisory Database
Blast Radius: 8.2
Published: over 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXdtd3AtcGdnYy1oNG1q
Cross-site Scripting in Documize
Ecosystems: go
Packages: github.com/documize/community
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 3 years ago
Moderate
GSA_kwCzR0hTQS1qZ3ZjLWpmZ2gtcmp2ds4AAzAW
Chosen Ciphertext Attack in Jose4j
Ecosystems: maven
Packages: org.bitbucket.b_c:jose4j
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1ocWZoLXA5aDctbTZ2Nc4AAXVz
Dolibarr ERP and CRM contain XSS Vulnerability
Ecosystems: packagist
Packages: dolibarr/dolibarr
Source: GitHub Advisory Database
Blast Radius: 4.2
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS05cGpmLWp3OXEtZng0Oc4AA2xF
Cross-site Scripting (XSS) in dolibarr/dolibarr
Ecosystems: packagist
Packages: dolibarr/dolibarr
Source: GitHub Advisory Database
Blast Radius: 3.7
Published: 7 months ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTRjeDktN3hxYy0yanht
Reflected cross-site scripting in francoisjacquet/rosariosis
Ecosystems: packagist
Packages: francoisjacquet/rosariosis
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 3 years ago
Moderate
GSA_kwCzR0hTQS1nOWZtLXI1bW0tcmY5Zs4AAv_B
`CHECK_EQ` fail via input in `SparseMatrixNNZ`
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 23.4
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS03cTVmLTI5Z3gtNTdmZs4AA2zg
Cross-site Scripting (XSS) in microweber/microweber
Ecosystems: packagist
Packages: microweber/microweber
Source: GitHub Advisory Database
Blast Radius: 3.4
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS00d2M1LWdmZ2gtNHZqeM4AAb33
EpicEditor XSS Vulnerability
Ecosystems: npm
Packages: epiceditor
Source: GitHub Advisory Database
Blast Radius: 6.4
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1wcnJ2LXI4NDMtNHA3Nc4AA2zo
Cross-site Scripting (XSS) in thorsten/phpmyfaq
Ecosystems: packagist
Packages: thorsten/phpmyfaq
Source: GitHub Advisory Database
Blast Radius: 3.3
Published: 7 months ago
Statistics
Advisories: 18,774
Packages: 8,381
Repositories: 2,494
Ecosystems: 12
Filter by Severity
Moderate 8,161 High 6,452 Critical 2,849 Low 1,017
Filter by Ecosystem
maven 2,589 packagist 2,256 pypi 1,820 npm 1,067 go 899 nuget 567 rubygems 373 cargo 262 hex 14 swift 12 pub 3 actions 3
Filter by Package
moodle/moodle 247 tensorflow 207 tensorflow-cpu 191 tensorflow-gpu 190 org.jenkins-ci.main:jenkins-core 114 magento/community-edition 106 org.apache.tomcat:tomcat 92 pimcore/pimcore 86 typo3/cms 66 microweber/microweber 62 django 54 typo3/cms-core 54 dolibarr/dolibarr 53 apache-airflow 52 phpmyadmin/phpmyadmin 50 drupal/core 46 thorsten/phpmyfaq 45 github.com/usememos/memos 42 actionpack 42 apache-superset 40 drupal/drupal 38 plone 35 concrete5/concrete5 34 showdoc/showdoc 34 github.com/grafana/grafana 33 Plone 32 librenms/librenms 32 ansible 31 nova 31 org.keycloak:keycloak-core 31 github.com/mattermost/mattermost-server/v6 30 moin 27 github.com/mattermost/mattermost/server/v8 27 intelliants/subrion 27 symfony/symfony 27 craftcms/cms 26 silverstripe/framework 25 com.liferay.portal:release.portal.bom 25 snipe/snipe-it 24 org.elasticsearch:elasticsearch 24 baserproject/basercms 22 github.com/answerdev/answer 21 org.apache.struts:struts2-core 20 k8s.io/kubernetes 20 grumpydictator/firefly-iii 19 shopware/platform 18 shopware/shopware 18 rdiffweb 18 froxlor/froxlor 18 matrix-synapse 18 remdex/livehelperchat 18 mediawiki/core 18 nilsteampassnet/teampass 18 getkirby/cms 17 keystone 17 org.apache.tomcat.embed:tomcat-embed-core 16 prestashop/prestashop 15 github.com/argoproj/argo-cd/v2 15 vyper 15 tribalsystems/zenario 14 puppet 14 Django 14 salt 14 glance 14 nokogiri 14 yetiforce/yetiforce-crm 14 mautic/core 13 org.keycloak:keycloak-services 13 forkcms/forkcms 13 org.xwiki.platform:xwiki-platform-oldcore 13 github.com/docker/docker 13 io.undertow:undertow-core 13 Pillow 13 com.jfinal:jfinal 13 shopware/core 13 tinymce 12 github.com/goharbor/harbor 12 org.apache.solr:solr-core 12 github.com/hashicorp/consul 12 org.apache.jspwiki:jspwiki-main 12 com.thoughtworks.xstream:xstream 12 neutron 12 github.com/hashicorp/vault 12 github.com/hashicorp/nomad 11 lavalite/cms 11 DotNetNuke.Core 11 pyftpdlib 11 feehi/feehicms 11 github.com/cilium/cilium 11 genix/cms 11 org.bouncycastle:bcprov-jdk14 11 getgrav/grav 11 github.com/argoproj/argo-cd 11 directus 11 org.keycloak:keycloak-parent 11 @openzeppelin/contracts 10 org.eclipse.jetty:jetty-server 10 notebook 10 github.com/ethereum/go-ethereum 10 ec-cube/ec-cube 10 rack 10 org.springframework.security:spring-security-core 10 github.com/greenpau/caddy-security 10 org.bouncycastle:bcprov-jdk15on 10 fat_free_crm 10 github.com/mattermost/mattermost-server 10 @openzeppelin/contracts-upgradeable 10 contao/core-bundle 10 org.apache.jspwiki:jspwiki-war 10 org.apache.nifi:nifi 10 wallabag/wallabag 10 francoisjacquet/rosariosis 10 com.vaadin:vaadin-bom 10 typo3/cms-backend 10 activesupport 10 joplin 10 github.com/containerd/containerd 10 org.springframework:spring-core 10 PaddlePaddle 10 helm.sh/helm/v3 10 swagger-ui 9 roundup 9 TinyMCE 9 org.igniterealtime.openfire:parent 9 org.mortbay.jetty:jetty 9 cakephp/cakephp 9 org.jenkins-ci.plugins:git 9 org.opencrx:opencrx-core-models 9 ghost 9 zendframework/zendframework1 9 gogs.io/gogs 9 angular 9 bolt/bolt 9 publify_core 9 rubygems-update 9 org.jenkins-ci.plugins:script-security 9 horizon 9 ckeditor4 9 tinymce/tinymce 9 code.gitea.io/gitea 9 github.com/openfga/openfga 8 org.apache.activemq:activemq-client 8 wasmtime 8 org.apache.archiva:archiva 8 electron 8 simplesamlphp/simplesamlphp 8 rails-html-sanitizer 8 jquery-rails 8 github.com/kubeedge/kubeedge 8 opencv-python 8 bootstrap 8 org.opencms:opencms-core 8 laravel/framework 8 org.jenkins-ci.plugins:electricflow 8 editor.md 8 rails 8 sylius/sylius 8 contao/contao 8 silverstripe/cms 8 centreon/centreon 8 opencv-contrib-python 8 Microsoft.ChakraCore 8 impresscms/impresscms 8 actionview 8 io.jenkins:configuration-as-code 7 github.com/moby/moby 7 modoboa 7 com.vaadin:flow-server 7 pyload-ng 7 silverstripe/admin 7 trytond 7 phpbb/phpbb 7 admidio/admidio 7 aiohttp 7 validator 7 org.apache.cxf:cxf-core 7 org.opennms:opennms 7 kevinpapst/kimai2 7 io.jenkins.blueocean:blueocean 7 pillow 7 wagtail 7 org.apache.santuario:xmlsec 7 org.bouncycastle:bcprov-jdk15 7 jquery-ui 7 jquery-ui-rails 7 org.bouncycastle:bcprov-jdk15to18 7 org.webjars.npm:jquery-ui 7 jQuery.UI.Combined 7 github.com/google/fscrypt 7 org.owasp.antisamy:antisamy 7 org.jenkins-ci.plugins:subversion 7 phpmyfaq/phpmyfaq 7 activerecord 7 next 7 org.jenkins-ci.plugins:email-ext 7 OctoPrint 7 org.apache.james:james-server 7 github.com/1Panel-dev/1Panel 7 swift 7 vantage6 7
Filter by Repository
https://github.com/tensorflow/tensorflow 207 https://github.com/moodle/moodle 164 https://github.com/jenkinsci/jenkins 90 https://github.com/pimcore/pimcore 83 https://github.com/microweber/microweber 58 https://github.com/django/django 57 https://github.com/apache/tomcat 53 https://github.com/apache/airflow 51 https://github.com/thorsten/phpmyfaq 45 https://github.com/usememos/memos 42 https://github.com/xwiki/xwiki-platform 38 https://github.com/TYPO3/typo3 35 https://github.com/kubernetes/kubernetes 33 https://github.com/rails/rails 33 https://github.com/star7th/showdoc 32 https://github.com/librenms/librenms 30 https://github.com/plone/Products.CMFPlone 29 https://github.com/grafana/grafana 29 https://github.com/keycloak/keycloak 27 https://github.com/ansible/ansible 26 https://github.com/phpmyadmin/phpmyadmin 22 https://github.com/symfony/symfony 22 https://github.com/spring-projects/spring-framework 21 https://github.com/craftcms/cms 21 https://github.com/answerdev/answer 21 https://github.com/openstack/nova 21 https://github.com/Dolibarr/dolibarr 21 https://github.com/snipe/snipe-it 20 https://github.com/apache/activemq 19 https://github.com/argoproj/argo-cd 19 https://github.com/concretecms/concretecms 19 https://github.com/firefly-iii/firefly-iii 19 https://github.com/ikus060/rdiffweb 18 https://github.com/python-pillow/Pillow 18 https://github.com/livehelperchat/livehelperchat 18 https://github.com/matrix-org/synapse 17 https://github.com/shopware/platform 17 https://github.com/apache/struts 17 https://github.com/magento/magento2 16 https://github.com/shopware/shopware 16 https://github.com/vyperlang/vyper 15 https://github.com/openstack/keystone 15 https://github.com/CVEProject/cvelist 15 https://github.com/PaddlePaddle/Paddle 14 https://github.com/froxlor/froxlor 14 https://github.com/yetiforcecompany/yetiforcecrm 14 https://github.com/OpenNMS/opennms 14 https://github.com/TYPO3/TYPO3.CMS 14 https://github.com/go-gitea/gitea 13 https://github.com/octobercms/october 13 https://github.com/getkirby/kirby 13 https://github.com/x-stream/xstream 13 https://github.com/mautic/mautic 13 https://github.com/goharbor/harbor 12 https://github.com/netty/netty 12 https://github.com/PrestaShop/PrestaShop 12 https://github.com/tinymce/tinymce 12 https://github.com/apache/cxf 12 https://github.com/contao/contao 11 https://github.com/intelliants/subrion 11 https://github.com/forkcms/forkcms 11 https://github.com/silverstripe/silverstripe-framework 11 https://github.com/cilium/cilium 11 https://github.com/saltstack/salt 10 https://github.com/laurent22/joplin 10 https://github.com/ethereum/go-ethereum 10 https://github.com/moby/moby 10 https://github.com/liufee/cms 10 https://github.com/baserproject/basercms 10 https://github.com/nilsteampassnet/TeamPass 10 https://github.com/OpenZeppelin/openzeppelin-contracts 10 https://github.com/vaadin/platform 10 https://github.com/helm/helm 10 https://github.com/greenpau/caddy-security 10 https://github.com/containerd/containerd 10 https://github.com/mattermost/mattermost 10 https://github.com/directus/directus 10 https://github.com/github/advisory-database 9 https://github.com/strapi/strapi 9 https://github.com/electron/electron 9 https://github.com/geoserver/geoserver 9 https://github.com/fatfreecrm/fat_free_crm 9 https://github.com/apache/nifi 9 https://github.com/publify/publify 9 https://github.com/jquery/jquery 9 https://github.com/puppetlabs/puppet 9 https://github.com/sparklemotion/nokogiri 9 https://github.com/jenkinsci/git-plugin 9 https://github.com/getgrav/grav 8 https://github.com/pandao/editor.md 8 https://github.com/LavaLite/cms 8 https://github.com/openfga/openfga 8 https://github.com/swagger-api/swagger-ui 8 https://github.com/eclipse/jetty.project 8 https://github.com/ckeditor/ckeditor4 8 https://github.com/bcgit/bc-java 8 https://github.com/rails/rails-html-sanitizer 8 https://github.com/TryGhost/Ghost 8 https://github.com/openstack/glance 8 https://github.com/hashicorp/consul 8 https://github.com/rack/rack 8 https://github.com/rubygems/rubygems 8 https://github.com/bytecodealliance/wasmtime 8 https://github.com/wallabag/wallabag 8 https://github.com/nilsteampassnet/teampass 8 https://github.com/kubeedge/kubeedge 8 https://github.com/jupyter/notebook 8 https://github.com/twbs/bootstrap 7 https://github.com/aio-libs/aiohttp 7 https://github.com/vaadin/flow 7 https://github.com/pyload/pyload 7 https://github.com/nahsra/antisamy 7 https://github.com/opencv/opencv 7 https://github.com/dolibarr/dolibarr 7 https://github.com/hashicorp/vault 7 https://github.com/laravel/framework 7 https://github.com/traefik/traefik 7 https://github.com/wagtail/wagtail 7 https://github.com/scrapy/scrapy 7 https://github.com/apache/zeppelin 7 https://github.com/dotnet/runtime 7 https://github.com/openstack/horizon 7 https://github.com/chakra-core/ChakraCore 7 https://github.com/jeecgboot/jeecg-boot 7 https://github.com/vantage6/vantage6 7 https://github.com/thorsten/phpMyFAQ 7 https://github.com/jenkinsci/blueocean-plugin 7 https://github.com/modoboa/modoboa 7 https://github.com/google/fscrypt 7 https://github.com/1Panel-dev/1Panel 7 https://github.com/gogs/gogs 7 https://github.com/kevinpapst/kimai2 7 https://github.com/giampaolo/pyftpdlib 7 https://github.com/cui2shark/security 6 https://github.com/parse-community/parse-server 6 https://github.com/opensearch-project/security 6 https://github.com/neorazorx/facturascripts 6 https://github.com/ipython/ipython 6 https://github.com/cloudflare/cfrpki 6 https://github.com/jenkinsci/configuration-as-code-plugin 6 https://github.com/pimcore/customer-data-framework 6 https://github.com/jenkinsci/config-file-provider-plugin 6 https://github.com/opencast/opencast 6 https://github.com/panva/jose 6 https://github.com/igniterealtime/Openfire 6 https://github.com/croogo/croogo 6 https://github.com/backstage/backstage 6 https://github.com/jenkinsci/fortify-on-demand-uploader-plugin 6 https://github.com/jquery/jquery-ui 6 https://github.com/urllib3/urllib3 6 https://github.com/dompdf/dompdf 6 https://github.com/containers/podman 6 https://github.com/d4wner/Vulnerabilities-Report 6 https://github.com/umbraco/Umbraco-CMS 6 https://github.com/pimcore/admin-ui-classic-bundle 6 https://github.com/onionshare/onionshare 6 https://github.com/cubefs/cubefs 6 https://github.com/faucetsdn/ryu 6 https://github.com/simplesamlphp/simplesamlphp 6 https://github.com/oroinc/orocommerce 6 https://github.com/jenkinsci/script-security-plugin 6 https://github.com/Sylius/Sylius 6 https://github.com/nocodb/nocodb 6 https://github.com/OctoPrint/OctoPrint 5 https://github.com/cosmos/cosmos-sdk 5 https://github.com/cri-o/cri-o 5 https://github.com/rancher/rancher 5 https://github.com/sulu/sulu 5 https://github.com/opencontainers/runc 5 https://github.com/pmmp/PocketMine-MP 5 https://github.com/cloudfoundry/uaa 5 https://github.com/hashicorp/nomad 5 https://github.com/lief-project/LIEF 5 https://github.com/admidio/admidio 5 https://github.com/unshiftio/url-parse 5 https://github.com/hyperium/hyper 5 https://github.com/puma/puma 5 https://github.com/apache/superset 5 https://github.com/mantisbt/mantisbt 5 https://github.com/etcd-io/etcd 5 https://github.com/paritytech/frontier 5 https://github.com/gradio-app/gradio 5 https://github.com/nervosnetwork/ckb 5 https://github.com/cakephp/cakephp 5 https://github.com/evershopcommerce/evershop 5 https://github.com/NodeBB/NodeBB 5 https://github.com/TribalSystems/Zenario 5 https://github.com/kivikakk/comrak 5 https://github.com/jenkinsci/codedx-plugin 5 https://github.com/alextselegidis/easyappointments 5 https://github.com/apache/tika 5 https://bitbucket.org/snakeyaml/snakeyaml 5 https://github.com/bolt/bolt 5 https://github.com/zitadel/zitadel 5 https://github.com/jenkinsci/subversion-plugin 5 https://github.com/lxml/lxml 5 https://github.com/xuxueli/xxl-job 5 https://github.com/yiisoft/yii2 5 https://github.com/apache/dolphinscheduler 5