Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Low Security Advisories
Loading...
Low
Ecosystems: maven
Packages: org.apache.tomcat:tomcat
Source: GitHub Advisory Database
Blast Radius: 9.8
Published: over 1 year ago
GSA_kwCzR0hTQS1qeDdjLTdtajUtOTQzOM4AAvGq
Apache Tomcat Race Condition vulnerabilityEcosystems: maven
Packages: org.apache.tomcat:tomcat
Source: GitHub Advisory Database
Blast Radius: 9.8
Published: over 1 year ago
Low
Ecosystems: packagist
Packages: phpmyadmin/phpmyadmin
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
GSA_kwCzR0hTQS1qcW1yLXdxZ3AtOG1oMs4AAcfP
phpMyAdmin cross-site scripting Vulnerability in Table or Column NamesEcosystems: packagist
Packages: phpmyadmin/phpmyadmin
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Low
Ecosystems: pypi
Packages: rdiffweb
Source: GitHub Advisory Database
Blast Radius: 1.1
Published: over 1 year ago
GSA_kwCzR0hTQS1xcTI5LTV2amgtdnh3cs4AAvFY
rdiffweb vulnerable to Improper Cleanup on Thrown ExceptionEcosystems: pypi
Packages: rdiffweb
Source: GitHub Advisory Database
Blast Radius: 1.1
Published: over 1 year ago
Low
Ecosystems: maven
Packages: org.jenkins-ci.plugins:repository-connector
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
GSA_kwCzR0hTQS05OWpjLXY4cHEtNnFtNM33Vg
Jenkins Repository Connector Plugin has insufficiently protected credentialsEcosystems: maven
Packages: org.jenkins-ci.plugins:repository-connector
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Low
Ecosystems: npm
Packages: semver-regex
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
GSA_kwCzR0hTQS00eDV2LWdtcTgtMjVjaM4AArVj
Regular expression denial of service in semver-regexEcosystems: npm
Packages: semver-regex
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Low
Ecosystems: maven
Packages: com.urbancode.ds.jenkins.plugins:sra-deploy
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
GSA_kwCzR0hTQS1yd3J4LWhyZjItdjU3N833XQ
Jenkins Serena SRA Deploy Plugin stores credentials in plain textEcosystems: maven
Packages: com.urbancode.ds.jenkins.plugins:sra-deploy
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Low
Ecosystems: maven
Packages: org.jenkins-ci.plugins:wso2id-oauth
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
GSA_kwCzR0hTQS1nNDcyLWY4Y20tOHg1Zs4AAyuN
Jenkins WSO2 Oauth Plugin stores WSO2 Oauth client secret unencrypted in global config.xml file on Jenkins controllerEcosystems: maven
Packages: org.jenkins-ci.plugins:wso2id-oauth
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Low
Ecosystems: maven
Packages: org.jenkins-ci.plugins:git-client
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
GSA_kwCzR0hTQS1mY3h3LWhoeHEtNDh3eM4AAYKI
Insecure temporary file usage in Jenkins Git Client PluginEcosystems: maven
Packages: org.jenkins-ci.plugins:git-client
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Low
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 10 months ago
GSA_kwCzR0hTQS0zNnh4LTd2ZjYtN212M84AA0-N
Silverstripe Framework: Members with no password can be created and bypass custom login formsEcosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 10 months ago
Low
Ecosystems: actions
Packages: Azure/setup-kubectl
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
GSA_kwCzR0hTQS1wNzU2LXJmeGgteDYzaM4AAx-a
Azure/setup-kubectl: Escalation of privilege vulnerability for v3 and lowerEcosystems: actions
Packages: Azure/setup-kubectl
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Low
Ecosystems: maven
Packages: org.springframework.data:spring-data-rest-core
Source: GitHub Advisory Database
Blast Radius: 12.4
Published: over 1 year ago
GSA_kwCzR0hTQS1mdjd4LXY2N3ctY3Zxds4AAu-J
Spring Data REST can expose hidden entity attributesEcosystems: maven
Packages: org.springframework.data:spring-data-rest-core
Source: GitHub Advisory Database
Blast Radius: 12.4
Published: over 1 year ago
Low
Ecosystems: pypi
Packages: pydantic
Source: GitHub Advisory Database
Blast Radius: 15.5
Published: about 3 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTVqcXAtcWdmNi0zcHZo
Use of "infinity" as an input to datetime and date fields causes infinite loop in pydanticEcosystems: pypi
Packages: pydantic
Source: GitHub Advisory Database
Blast Radius: 15.5
Published: about 3 years ago
Low
Ecosystems: go
Packages: github.com/lima-vm/lima
Source: GitHub Advisory Database
Blast Radius: 3.8
Published: 12 months ago
GSA_kwCzR0hTQS1mN3F3LWpqOWMtcnBxOc4AAzkQ
In Lima, a malicious disk image could read a single file on the host filesystem as a qcow2/vmdk backing fileEcosystems: go
Packages: github.com/lima-vm/lima
Source: GitHub Advisory Database
Blast Radius: 3.8
Published: 12 months ago
Low
Ecosystems: nuget
Packages: moq
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 9 months ago
GSA_kwCzR0hTQS02cjc4LW02NG0tcXdjZs4AA1OC
Moq v4.20.0-rc to 4.20.1 share hashed user dataEcosystems: nuget
Packages: moq
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 9 months ago
Low
Ecosystems: go
Packages: github.com/mutagen-io/mutagen, github.com/mutagen-io/mutagen-compose
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: about 1 year ago
GSA_kwCzR0hTQS1qbXAyLXdjNHAtd2ZoMs4AAzGL
Mutagen list and monitor operations do not neutralize control characters in text controlled by remote endpointsEcosystems: go
Packages: github.com/mutagen-io/mutagen, github.com/mutagen-io/mutagen-compose
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: about 1 year ago
Low
Ecosystems: cargo
Packages: cargo
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 9 months ago
GSA_kwCzR0hTQS13cnJqLWg1N3Itdng5cM4AA1fa
Malicious dependencies can inject arbitrary JavaScript into cargo-generated timing reportsEcosystems: cargo
Packages: cargo
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 9 months ago
Low
Ecosystems: maven
Packages: com.ruoyi:ruoyi
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 11 months ago
GSA_kwCzR0hTQS1nM2hoLXE1NWYtOWczd84AAzvf
RuoYi Uncontrolled Resource Consumption vulnerabilityEcosystems: maven
Packages: com.ruoyi:ruoyi
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 11 months ago
Low
Ecosystems: maven
Packages: com.inedo.proget:inedo-proget
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
GSA_kwCzR0hTQS1weHYyLW1mcTctdmhwNs4AAiIj
Jenkins Inedo BuildMaster Plugin showed plain text password in configuration formEcosystems: maven
Packages: com.inedo.proget:inedo-proget
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Low
Ecosystems: packagist
Packages: typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
GSA_kwCzR0hTQS1xajY5LWNoanAtZzRmNc4AAZvc
TYPO3 Cross-site scripting (XSS) vulnerability in the Extbase FrameworkEcosystems: packagist
Packages: typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Low
Ecosystems: packagist
Packages: typo3/cms
Source: GitHub Advisory Database
Blast Radius: 7.8
Published: almost 2 years ago
GSA_kwCzR0hTQS1yOG03LTc5MmotNWp2cc4AAZvd
TYPO3 Cross-Site Scripting (XSS) vulnerabilities in Content Editing Wizards componentEcosystems: packagist
Packages: typo3/cms
Source: GitHub Advisory Database
Blast Radius: 7.8
Published: almost 2 years ago
Low
Ecosystems: pypi
Packages: Ansible
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
GSA_kwCzR0hTQS1majI0LWdocDktMzl2M84AAU8E
Ansible uses a socket with predictable filename in /tmpEcosystems: pypi
Packages: Ansible
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Low
Ecosystems: pypi
Packages: ansible
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
GSA_kwCzR0hTQS1wY3F2LWM0NnYtMnA0ds4AAU8C
Ansible Arbitrary File Overwrite VulnerabilityEcosystems: pypi
Packages: ansible
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Low
Ecosystems: rubygems
Packages: passenger
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 5 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXF3OHctMnhjcC14ZzU5
Insecure use of temporary files in Phusion passengerEcosystems: rubygems
Packages: passenger
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 5 years ago
Low
Ecosystems: npm
Packages: @zowe/imperative
Source: GitHub Advisory Database
Blast Radius: 5.5
Published: about 1 year ago
GSA_kwCzR0hTQS02cThtLTQycXEtNjRyN84AAx4s
Imperative CLI vulnerable to Command InjectionEcosystems: npm
Packages: @zowe/imperative
Source: GitHub Advisory Database
Blast Radius: 5.5
Published: about 1 year ago
Low
Ecosystems: pypi
Packages: plone
Source: GitHub Advisory Database
Blast Radius: 2.6
Published: almost 2 years ago
GSA_kwCzR0hTQS14ZmpxLTlyeHEtcGg2bc4AAesN
Plone Denial of Service vulnerability via decompressing large zip archivesEcosystems: pypi
Packages: plone
Source: GitHub Advisory Database
Blast Radius: 2.6
Published: almost 2 years ago
Low
Ecosystems: pypi
Packages: plone
Source: GitHub Advisory Database
Blast Radius: 3.1
Published: almost 2 years ago
GSA_kwCzR0hTQS1tbTMyLWp3NzMtOTIyN84AAesM
Plone is vulnerable to File System Path ExposureEcosystems: pypi
Packages: plone
Source: GitHub Advisory Database
Blast Radius: 3.1
Published: almost 2 years ago
Low
Ecosystems: pypi
Packages: oauth2
Source: GitHub Advisory Database
Blast Radius: 14.2
Published: almost 2 years ago
GSA_kwCzR0hTQS1ydjhoLXA0M3ItNHg1cs4AAdHu
SimpleGeo python-oauth2 vulnerable to the use of Insufficiently Random Values to generate noncesEcosystems: pypi
Packages: oauth2
Source: GitHub Advisory Database
Blast Radius: 14.2
Published: almost 2 years ago
Low
Ecosystems: packagist
Packages: phpmyadmin/phpmyadmin
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
GSA_kwCzR0hTQS1wNjMyLTV3NzQteDh4eM4AAcSd
phpMyAdmin Cross-site scripting (XSS) vulnerability via pageNumber valueEcosystems: packagist
Packages: phpmyadmin/phpmyadmin
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Low
Ecosystems: packagist
Packages: wintercms/winter
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 10 months ago
GSA_kwCzR0hTQS13ancyLTRqN2otNmdjM84AA0fu
Winter CMS stored XSS through privileged upload of SVG fileEcosystems: packagist
Packages: wintercms/winter
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 10 months ago
Low
Ecosystems: maven
Packages: org.jenkins-ci.plugins:gogs-webhook
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 months ago
GSA_kwCzR0hTQS04ODVyLWhocHItY2M5cM4AA2rO
Jenkins Gogs Plugin uses non-constant time webhook token comparisonEcosystems: maven
Packages: org.jenkins-ci.plugins:gogs-webhook
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 months ago
Low
Ecosystems: packagist
Packages: phpmyadmin/phpmyadmin
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
GSA_kwCzR0hTQS1yZnBnLTJmcDgtMmZwaM4AAfWz
phpMyAdmin multiple cross-site scripting vulnerabilitiesEcosystems: packagist
Packages: phpmyadmin/phpmyadmin
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Low
Ecosystems: packagist
Packages: phpmyadmin/phpmyadmin
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
GSA_kwCzR0hTQS1yM3BxLW1wOHYtY3AzM84AAfQa
phpMyAdmin Multiple Cross-site Scripting Vulnerabilities in the Database Structure pageEcosystems: packagist
Packages: phpmyadmin/phpmyadmin
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Low
Ecosystems: pypi
Packages: keyring
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
GSA_kwCzR0hTQS1wM2g3LTNjNDUtcWo0ds4AAfZ-
Python Keyring does not securely initialize encryption cipherEcosystems: pypi
Packages: keyring
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Low
Ecosystems: pypi
Packages: plone
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
GSA_kwCzR0hTQS1ocjU5LTM1Y3ItcWY0M84AAeQ8
Plone Cross-site scripting VulnerabilityEcosystems: pypi
Packages: plone
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Low
Ecosystems: packagist
Packages: ssddanbrown/bookstack
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
GSA_kwCzR0hTQS13Yzd2LTc3anItNWMzbc0ZDg
bookstack is vulnerable to Cross-Site Request Forgery (CSRF)Ecosystems: packagist
Packages: ssddanbrown/bookstack
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Low
Ecosystems: pypi
Packages: OctoPrint
Source: GitHub Advisory Database
Blast Radius: 2.9
Published: over 1 year ago
GSA_kwCzR0hTQS01dzV4LXE5cDUtOXFnM84AAuBj
OctoPrint does not have rate limiting on the login pageEcosystems: pypi
Packages: OctoPrint
Source: GitHub Advisory Database
Blast Radius: 2.9
Published: over 1 year ago
Low
Ecosystems: packagist
Packages: phpmyadmin/phpmyadmin
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
GSA_kwCzR0hTQS1xN3YyLXczOHItcHY3ds4AAfkT
phpMyAdmin Multiple XSS VulnerabilitiesEcosystems: packagist
Packages: phpmyadmin/phpmyadmin
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Low
Ecosystems: npm
Packages: apollo-server-core, @apollo/server
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 9 months ago
GSA_kwCzR0hTQS1qNWczLTVjOHItN3FmeM4AA1lN
Prevent logging invalid header valuesEcosystems: npm
Packages: apollo-server-core, @apollo/server
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 9 months ago
Low
Ecosystems: maven
Packages: org.eclipse.jetty.ee8:jetty-ee8-servlets, org.eclipse.jetty.ee9:jetty-ee9-servlets, org.eclipse.jetty.ee10:jetty-ee10-servlets, org.eclipse.jetty:jetty-servlets
Source: GitHub Advisory Database
Blast Radius: 13.7
Published: 8 months ago
GSA_kwCzR0hTQS0zZ2g2LXY1djktNnY5as4AA13n
Jetty vulnerable to errant command quoting in CGI ServletEcosystems: maven
Packages: org.eclipse.jetty.ee8:jetty-ee8-servlets, org.eclipse.jetty.ee9:jetty-ee9-servlets, org.eclipse.jetty.ee10:jetty-ee10-servlets, org.eclipse.jetty:jetty-servlets
Source: GitHub Advisory Database
Blast Radius: 13.7
Published: 8 months ago
Low
Ecosystems: packagist
Packages: ezsystems/ezpublish-kernel
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
GSA_kwCzR0hTQS05NDZjLWY5dzYtMmMyNc4AA26n
Download route allows filename change in eZpublish kernelEcosystems: packagist
Packages: ezsystems/ezpublish-kernel
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
Low
Ecosystems: maven
Packages: org.graylog2:graylog2-server
Source: GitHub Advisory Database
Blast Radius: 5.1
Published: 10 months ago
GSA_kwCzR0hTQS0zZnFtLWZyaGctN2M4Nc4AA0Xl
Graylog user session is still usable after logoutEcosystems: maven
Packages: org.graylog2:graylog2-server
Source: GitHub Advisory Database
Blast Radius: 5.1
Published: 10 months ago
Low
Ecosystems: cargo
Packages: topgrade
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 10 months ago
GSA_kwCzR0hTQS1mMnd4LXhqZncteGp2Ns4AA0vw
topgrade Time-of-check Time-of-use (TOCTOU) Race Condition in remove_dir_allEcosystems: cargo
Packages: topgrade
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 10 months ago
Low
Ecosystems: maven
Packages: org.graylog2:graylog2-server
Source: GitHub Advisory Database
Blast Radius: 7.3
Published: 10 months ago
GSA_kwCzR0hTQS1nOTZjLXg3cmgtOTlyM84AA0Xm
Graylog vulnerable to insecure source port usage for DNS queriesEcosystems: maven
Packages: org.graylog2:graylog2-server
Source: GitHub Advisory Database
Blast Radius: 7.3
Published: 10 months ago
Low
Ecosystems: pypi
Packages: ethyca-fides
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 10 months ago
GSA_kwCzR0hTQS0zcncyLXdmYzgtd21qNc4AA0xu
Fides Webserver Vulnerable to SVG Bomb File UploadsEcosystems: pypi
Packages: ethyca-fides
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 10 months ago
Low
Ecosystems: pypi
Packages: ethyca-fides
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 10 months ago
GSA_kwCzR0hTQS1nOTVjLTJqZ20taHFjNs4AA0xt
Fides Webserver Vulnerable to Zip Bomb File UploadsEcosystems: pypi
Packages: ethyca-fides
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 10 months ago
Low
Ecosystems: pypi
Packages: pyxdg
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
GSA_kwCzR0hTQS03MzcyLXE0NTktanhocs4AAZrH
pyxdg Arbitrary File Overwrite via Race ConditionEcosystems: pypi
Packages: pyxdg
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Low
Ecosystems: pypi
Packages: Pillow
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 4 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXI4NTQtOTZncS1yZmcz
Pillow Temporary file name leakageEcosystems: pypi
Packages: Pillow
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 4 years ago
Low
Ecosystems: maven
Packages: org.graylog2:graylog2-server
Source: GitHub Advisory Database
Blast Radius: 6.5
Published: 10 months ago
GSA_kwCzR0hTQS0ycTRwLWY2Z2YtbXFyNc4AA0Xn
Graylog server has partial path traversal vulnerability in Support Bundle featureEcosystems: maven
Packages: org.graylog2:graylog2-server
Source: GitHub Advisory Database
Blast Radius: 6.5
Published: 10 months ago
Low
Ecosystems: swift
Packages: github.com/vapor/postgres-nio
Source: GitHub Advisory Database
Blast Radius: 7.9
Published: about 1 year ago
GSA_kwCzR0hTQS05Y2ZoLXZ4OTMtODR2ds4AAzRE
PostgresNIO processes unencrypted bytes from man-in-the-middleEcosystems: swift
Packages: github.com/vapor/postgres-nio
Source: GitHub Advisory Database
Blast Radius: 7.9
Published: about 1 year ago
Low
Ecosystems: rubygems
Packages: katello
Source: GitHub Advisory Database
Blast Radius: 2.7
Published: almost 2 years ago
GSA_kwCzR0hTQS1tNHdoLTg0OGotOXcycs4AAixg
Katello cleartext password storage issueEcosystems: rubygems
Packages: katello
Source: GitHub Advisory Database
Blast Radius: 2.7
Published: almost 2 years ago
Low
Ecosystems: maven
Packages: org.apache.storm:storm-core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
GSA_kwCzR0hTQS04NXA0LXEzNTctNzJoOc4AA3WE
Apache Storm Local Information Disclosure Vulnerability in Storm-core on Unix-Like systems due temporary filesEcosystems: maven
Packages: org.apache.storm:storm-core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
Low
Ecosystems: maven
Packages: org.jenkins-ci.plugins:chef-identity
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 10 months ago
GSA_kwCzR0hTQS01amM1LW04N3gtODhmas4AA05e
Secret displayed without masking by Chef Identity PluginEcosystems: maven
Packages: org.jenkins-ci.plugins:chef-identity
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 10 months ago
Low
Ecosystems: npm
Packages: jadedown
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 5 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTYzNTQtNm1odi1tdnY1
Regular Expression Denial of Service in jadedownEcosystems: npm
Packages: jadedown
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 5 years ago
Low
Ecosystems: maven
Packages: org.apache.tika:tika
Source: GitHub Advisory Database
Blast Radius: 5.8
Published: almost 2 years ago
GSA_kwCzR0hTQS02cTh2LTJodm0tZngzN84AAs_h
Apache Tika contains incomplete fix for regex DoSEcosystems: maven
Packages: org.apache.tika:tika
Source: GitHub Advisory Database
Blast Radius: 5.8
Published: almost 2 years ago
Low
Ecosystems: cargo
Packages: wasmtime
Source: GitHub Advisory Database
Blast Radius: 7.5
Published: 8 months ago
GSA_kwCzR0hTQS1ndzVwLXE4bWotcDdnaM4AA14F
Miscompilation of wasm `i64x2.shr_s` instruction with constant input on x86_64Ecosystems: cargo
Packages: wasmtime
Source: GitHub Advisory Database
Blast Radius: 7.5
Published: 8 months ago
Low
Ecosystems: pypi
Packages: openstack-heat
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
GSA_kwCzR0hTQS04NnFqLTRoNTUtZnZwd84AAX1a
OpenStack Heat template URL information leakageEcosystems: pypi
Packages: openstack-heat
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Low
Ecosystems: pypi
Packages: dbt-core
Source: GitHub Advisory Database
Blast Radius: 8.8
Published: 5 months ago
GSA_kwCzR0hTQS1qNGczLTNxOHgtanhxcM4AA3ow
dbt-core's secret env vars written to package-lock.json in plaintextEcosystems: pypi
Packages: dbt-core
Source: GitHub Advisory Database
Blast Radius: 8.8
Published: 5 months ago
Low
Ecosystems: pypi
Packages: Flask-AppBuilder
Source: GitHub Advisory Database
Blast Radius: 7.5
Published: almost 2 years ago
GSA_kwCzR0hTQS0zMmZmLTRnNzktdmdmY84AAtvO
Flask-AppBuilder before v4.1.3 allows inference of sensitive information through query stringsEcosystems: pypi
Packages: Flask-AppBuilder
Source: GitHub Advisory Database
Blast Radius: 7.5
Published: almost 2 years ago
Low
Ecosystems: go
Packages: knative.dev/eventing-gitlab
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 5 months ago
GSA_kwCzR0hTQS05OWp2LTgyOTItMmhwbc4AA3pg
eventing-gitlab vulnerable to denial of service, caused by improper enforcement of the timeout on individual read operationsEcosystems: go
Packages: knative.dev/eventing-gitlab
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 5 months ago
Low
Ecosystems: pypi
Packages: plone.namedfile
Source: GitHub Advisory Database
Blast Radius: 9.0
Published: 8 months ago
GSA_kwCzR0hTQS1qajdjLWpydjQtYzY1eM4AA1_2
plone.namedfile vulnerable to Stored Cross Site Scripting with SVG imagesEcosystems: pypi
Packages: plone.namedfile
Source: GitHub Advisory Database
Blast Radius: 9.0
Published: 8 months ago
Low
Ecosystems: cargo
Packages: tokio
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
GSA_kwCzR0hTQS00cTgzLTdjcTQtcDZ3Z84AAxat
`tokio::io::ReadHalf<T>::unsplit` is UnsoundEcosystems: cargo
Packages: tokio
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Low
Ecosystems: cargo
Packages: ntpd
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 9 months ago
GSA_kwCzR0hTQS0zN3hxLXE0MnAtcnYzcM4AA1fc
ntpd has Dependency on Vulnerable Third-Party ComponentEcosystems: cargo
Packages: ntpd
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 9 months ago
Low
Ecosystems: cargo
Packages: vm-memory
Source: GitHub Advisory Database
Blast Radius: 6.1
Published: 8 months ago
GSA_kwCzR0hTQS00OWhoLWZwcngtbTY4Z84AA1rB
Default functions in VolatileMemory trait lack bounds checks, potentially leading to out-of-bounds memory accessesEcosystems: cargo
Packages: vm-memory
Source: GitHub Advisory Database
Blast Radius: 6.1
Published: 8 months ago
Low
Ecosystems: cargo
Packages: sudo-rs
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 8 months ago
GSA_kwCzR0hTQS0ycjNjLW02djctOTM1NM4AA1_x
sudo-rs Session File Relative Path Traversal vulnerabilityEcosystems: cargo
Packages: sudo-rs
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 8 months ago
Low
Ecosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 8 months ago
GSA_kwCzR0hTQS1xdjY0LXc5OWMtcWNyOc4AA1-K
Jenkins temporary uploaded file created with insecure permissionsEcosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 8 months ago
Low
Ecosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 8 months ago
GSA_kwCzR0hTQS1ocTg3LWg0amctdnhmd84AA1-C
Jenkins temporary uploaded file created with insecure permissionsEcosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 8 months ago
Low
Ecosystems: go
Packages: github.com/artifacthub/hub
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 months ago
GSA_kwCzR0hTQS05cGM4LW00dnAtZ2d2Zs4AA2kI
Artifact Hub allows unsafe rego built-inEcosystems: go
Packages: github.com/artifacthub/hub
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 months ago
Low
Ecosystems: npm
Packages: undici
Source: GitHub Advisory Database
Blast Radius: 18.5
Published: almost 2 years ago
GSA_kwCzR0hTQS1xNzY4LXg5bTYtbTlxcM4AAtkI
undici before v5.8.0 vulnerable to uncleared cookies on cross-host / cross-origin redirectEcosystems: npm
Packages: undici
Source: GitHub Advisory Database
Blast Radius: 18.5
Published: almost 2 years ago
Low
Ecosystems: pypi
Packages: ethyca-fides
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 months ago
GSA_kwCzR0hTQS1mZ2pqLTVqbXItZ2g4M84AA2oR
Fides JavaScript Injection Vulnerability in Privacy Center URLEcosystems: pypi
Packages: ethyca-fides
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 months ago
Low
Ecosystems: packagist
Packages: shopware/core, shopware/platform
Source: GitHub Advisory Database
Blast Radius: 9.2
Published: over 1 year ago
GSA_kwCzR0hTQS01OXFnLTkzamctMjM2Zs4AAxG7
Shopware has Insufficient Session Expiration in AdministrationEcosystems: packagist
Packages: shopware/core, shopware/platform
Source: GitHub Advisory Database
Blast Radius: 9.2
Published: over 1 year ago
Low
Ecosystems: packagist
Packages: shopware/core, shopware/platform
Source: GitHub Advisory Database
Blast Radius: 6.7
Published: over 1 year ago
GSA_kwCzR0hTQS03Y3A3LWpmcDYtamg0Zs4AAxFz
Shopware's log module vulnerable to Improper Output NeutralizationEcosystems: packagist
Packages: shopware/core, shopware/platform
Source: GitHub Advisory Database
Blast Radius: 6.7
Published: over 1 year ago
Low
Ecosystems: maven
Packages: org.jenkins-ci.plugins:aqua-security-scanner
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
GSA_kwCzR0hTQS0zajN2LTdmOGYtdjJ4cM36_w
Jenkins Aqua Security Scanner Plugin stores credentials in plain textEcosystems: maven
Packages: org.jenkins-ci.plugins:aqua-security-scanner
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Low
Ecosystems: maven
Packages: org.jenkins-ci.plugins:aws-beanstalk-publisher-plugin
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
GSA_kwCzR0hTQS12anI2LWNxMjItbTRxNc37Mw
Jenkins AWS Elastic Beanstalk Publisher Plugin stores credentials in plain textEcosystems: maven
Packages: org.jenkins-ci.plugins:aws-beanstalk-publisher-plugin
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Low
Ecosystems: maven
Packages: org.jenkins-ci.plugins:zap
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
GSA_kwCzR0hTQS03ang4LTI0NGctamZweM367g
Jenkins OWASP ZAP Plugin stores unencrypted credentialsEcosystems: maven
Packages: org.jenkins-ci.plugins:zap
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Low
Ecosystems: packagist
Packages: flarum/core
Source: GitHub Advisory Database
Blast Radius: 10.9
Published: over 1 year ago
GSA_kwCzR0hTQS1ocGgzLWh2M2MtNzcyNc4AAw3b
Any Flarum user including unactivated can reply in public discussions whose first post was permanently deletedEcosystems: packagist
Packages: flarum/core
Source: GitHub Advisory Database
Blast Radius: 10.9
Published: over 1 year ago
Low
Ecosystems: maven
Packages: org.jenkins-ci.plugins:aws-cloudwatch-logs-publisher
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
GSA_kwCzR0hTQS1tMzRyLWY3aDYtYzNqMs37CQ
Jenkins AWS CloudWatch Logs Publisher Plugin stores credentials in plain textEcosystems: maven
Packages: org.jenkins-ci.plugins:aws-cloudwatch-logs-publisher
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Low
Ecosystems: maven
Packages: org.jenkins-ci.plugins:bitbucket-approve
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
GSA_kwCzR0hTQS00Y3hyLTR2d2MtNnBnN837Cw
Jenkins Bitbucket Approve Plugin stores credentials in plain textEcosystems: maven
Packages: org.jenkins-ci.plugins:bitbucket-approve
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Low
Ecosystems: maven
Packages: org.jenkins-ci.plugins:relution-publisher
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
GSA_kwCzR0hTQS05ZnBxLXYycDMtdzYzas33Xg
Jenkins Relution Enterprise Appstore Publisher Plugin stores credentials in plain textEcosystems: maven
Packages: org.jenkins-ci.plugins:relution-publisher
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Low
Ecosystems: maven
Packages: sh.hyper.plugins:hyper-commons
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
GSA_kwCzR0hTQS03bWZwLTkzOHItZmNmas36-Q
Jenkins hyper.sh Commons Plugin stores credentials in plain textEcosystems: maven
Packages: sh.hyper.plugins:hyper-commons
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Low
Ecosystems: maven
Packages: org.jenkins-ci.plugins:audit2db
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
GSA_kwCzR0hTQS12djZwLTYzZzgtbThmd837BQ
Jenkins Audit to Database Plugin stores credentials in plain textEcosystems: maven
Packages: org.jenkins-ci.plugins:audit2db
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Low
Ecosystems: maven
Packages: org.jenkins-ci.plugins:veracode-scanner
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
GSA_kwCzR0hTQS01NzIyLXY1d2MteDdoOM37DQ
Jenkins veracode-scanner Plugin stores credentials in plain textEcosystems: maven
Packages: org.jenkins-ci.plugins:veracode-scanner
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Low
Ecosystems: maven
Packages: org.jenkins-ci.plugins:aws-device-farm
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
GSA_kwCzR0hTQS1waHdyLXBtaDMtbThnMs37Dg
Jenkins aws-device-farm Plugin stores credentials in plain textEcosystems: maven
Packages: org.jenkins-ci.plugins:aws-device-farm
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Low
Ecosystems: maven
Packages: org.jenkins-ci.plugins:sametime
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
GSA_kwCzR0hTQS1qdnI1LXI2NjMtcXhnd833YQ
Jenkins Sametime Plugin stores credentials in plain textEcosystems: maven
Packages: org.jenkins-ci.plugins:sametime
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Low
Ecosystems: maven
Packages: org.jenkins-ci.plugins:koji
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
GSA_kwCzR0hTQS14NDY0LXI3ZjQtZ2ozbc33Yw
Jenkins Koji Plugin stores credentials in plain textEcosystems: maven
Packages: org.jenkins-ci.plugins:koji
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Low
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 12.2
Published: almost 3 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZqOWMtZ3JjNi01bTZn
CHECK-fail in SparseConcatEcosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 12.2
Published: almost 3 years ago
Low
Ecosystems: maven
Packages: com.cloudcoreo.plugins:cloudcoreo-deploytime
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
GSA_kwCzR0hTQS03aGY2LWhnZ3AtdnZwOc33Zw
Jenkins CloudCoreo DeployTime Plugin stores credentials in plain textEcosystems: maven
Packages: com.cloudcoreo.plugins:cloudcoreo-deploytime
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Low
Ecosystems: maven
Packages: de.e-nexus:jabber-server-plugin
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
GSA_kwCzR0hTQS1jYzdqLXh4N3EtZnIzNM33Tw
Jenkins Jabber Server Plugin stores credentials in plain textEcosystems: maven
Packages: de.e-nexus:jabber-server-plugin
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Low
Ecosystems: maven
Packages: org.jenkins-ci.plugins:youtrack-plugin
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
GSA_kwCzR0hTQS1jN3A2LXgycDMtM3dwaM33UQ
Jenkins youtrack-plugin Plugin stored credentials in plain textEcosystems: maven
Packages: org.jenkins-ci.plugins:youtrack-plugin
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Low
Ecosystems: maven
Packages: org.jenkins-ci.plugins:netsparker-cloud-scan
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
GSA_kwCzR0hTQS1tN3E4LThnNTYtbTc4d833aA
Jenkins Netsparker Enterprise Scan Plugin stored credentials in plain textEcosystems: maven
Packages: org.jenkins-ci.plugins:netsparker-cloud-scan
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Low
Ecosystems: maven
Packages: org.jenkins-ci.plugins:azure-ad
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
GSA_kwCzR0hTQS1qY3dqLWo1NzQtOGoyY84AAgmI
Jenkins Azure AD Plugin stored the client secret unencryptedEcosystems: maven
Packages: org.jenkins-ci.plugins:azure-ad
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Low
Ecosystems: maven
Packages: org.jenkins-ci.plugins:aqua-microscanner
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
GSA_kwCzR0hTQS1nZzhyLTI0cW0tcWZjaM4AAgmS
Jenkins Aqua MicroScanner Plugin stored credentials in plain textEcosystems: maven
Packages: org.jenkins-ci.plugins:aqua-microscanner
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Low
Ecosystems: maven
Packages: org.jenkins-ci.plugins:twitter
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
GSA_kwCzR0hTQS14MmN4LWg3dzQtcTZ4N84AAgmC
Jenkins Twitter Plugin stores credentials in plain textEcosystems: maven
Packages: org.jenkins-ci.plugins:twitter
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Low
Ecosystems: maven
Packages: org.jenkins-ci.plugins:azure-publishersettings-credentials
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
GSA_kwCzR0hTQS1yZmM4LXdycmYtd3Azd84AAgeE
Jenkins Azure PublisherSettings Credentials Plugin stored credentials in plain textEcosystems: maven
Packages: org.jenkins-ci.plugins:azure-publishersettings-credentials
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Low
Ecosystems: maven
Packages: org.jenkins-ci.plugins:testlink
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
GSA_kwCzR0hTQS1xY2ZyLTY1aGYtZjk4eM4AAhn4
Jenkins TestLink Plugin stores credentials in plain textEcosystems: maven
Packages: org.jenkins-ci.plugins:testlink
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Low
Ecosystems: pypi
Packages: nautobot
Source: GitHub Advisory Database
Blast Radius: 5.9
Published: 5 months ago
GSA_kwCzR0hTQS12ZjVtLXhyaG0tdjk5Oc4AA4AF
Nautobot missing object-level permissions enforcement when running Job ButtonsEcosystems: pypi
Packages: nautobot
Source: GitHub Advisory Database
Blast Radius: 5.9
Published: 5 months ago
Low
Ecosystems: maven
Packages: igalg.jenkins.plugins:multibranch-scan-webhook-trigger
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 months ago
GSA_kwCzR0hTQS04ODU5LXY5anAtY3BoZs4AA2rz
Jenkins Multibranch Scan Webhook Trigger Plugin uses non-constant time webhook token comparisonEcosystems: maven
Packages: igalg.jenkins.plugins:multibranch-scan-webhook-trigger
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 months ago
Low
Ecosystems: packagist
Packages: microweber/microweber
Source: GitHub Advisory Database
Blast Radius: 2.2
Published: 5 months ago
GSA_kwCzR0hTQS05cjZwLWhnNGctNWd4cM4AA3oU
Microweber missing standardized error handling mechanismEcosystems: packagist
Packages: microweber/microweber
Source: GitHub Advisory Database
Blast Radius: 2.2
Published: 5 months ago
Low
Ecosystems: maven
Packages: io.jenkins.plugins:teams-webhook-trigger
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 months ago
GSA_kwCzR0hTQS0yeHBxLTU5NTItMzh3M84AA2rM
Jenkins MSTeams Webhook Trigger Plugin uses non-constant time webhook token comparisonEcosystems: maven
Packages: io.jenkins.plugins:teams-webhook-trigger
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 months ago
Low
Ecosystems: maven
Packages: org.jenkins-ci.plugins:zanata
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 months ago
GSA_kwCzR0hTQS04Nmo5LTI1bTItOXc5N84AA2rS
Non-constant time webhook token hash comparison in Jenkins Zanata PluginEcosystems: maven
Packages: org.jenkins-ci.plugins:zanata
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 months ago
Low
Ecosystems: maven
Packages: org.jenkins-ci.plugins:skype-notifier
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
GSA_kwCzR0hTQS1ndm1yLW1wNXEtOXd2d84AAtDz
Plaintext Storage of a Password in Jenkins Skype notifier PluginEcosystems: maven
Packages: org.jenkins-ci.plugins:skype-notifier
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Statistics
Advisories: 18,745
Packages: 8,373
Repositories: 449
Ecosystems: 12
Packages: 8,373
Repositories: 449
Ecosystems: 12
Filter by Severity
Filter by Ecosystem
Filter by Package
tensorflow
109
tensorflow-gpu
93
tensorflow-cpu
93
moodle/moodle
17
concrete5/concrete5
13
shopware/platform
12
typo3/cms
11
github.com/mattermost/mattermost/server/v8
10
phpmyadmin/phpmyadmin
10
shopware/core
10
nova
9
org.apache.tomcat:tomcat
9
org.jenkins-ci.main:jenkins-core
9
matrix-synapse
7
vyper
7
puppet
6
Umbraco.CMS
6
k8s.io/kubernetes
5
typo3/cms-core
5
wasmtime
5
helm.sh/helm/v3
5
sweetalert2
5
ansible
5
undici
5
baserproject/basercms
5
rack
5
october/backend
5
org.keycloak:keycloak-services
4
com.vaadin:flow-server
4
shopware/shopware
4
simplesamlphp/simplesamlphp
4
electron
4
actionpack
4
magento/community-edition
4
github.com/mattermost/mattermost-server/v6
4
github.com/cilium/cilium
4
helm.sh/helm
4
com.vaadin:vaadin-bom
3
wagtail
3
bin-links
3
ckb
3
plone
3
github.com/cosmos/cosmos-sdk
3
sylius/sylius
3
@openzeppelin/contracts-upgradeable
3
passenger
3
httplib2
3
org.apache.hive:hive
3
ethyca-fides
3
org.apache.hive:hive-service
3
org.apache.hive:hive-exec
3
node-forge
3
glance
3
org.graylog2:graylog2-server
3
cryptography
3
go.etcd.io/etcd
3
nautobot
3
github.com/mattermost/mattermost-server
3
symfony/symfony
3
tuf
2
moin
2
@apollo/server
2
ceph-deploy
2
org.jenkins-ci.plugins:azure-ad
2
github.com/opencontainers/runc
2
tools.devnull:build-notifications
2
silverstripe/framework
2
@openzeppelin/contracts
2
craftcms/cms
2
pip
2
org.apache.activemq:activemq-parent
2
typo3/cms-frontend
2
salt
2
Flask-Security-Too
2
com.inedo.proget:inedo-proget
2
winter/wn-backend-module
2
braces
2
django
2
org.jenkins-ci.plugins:bigpanda-jenkins
2
node-ipc
2
github.com/sigstore/cosign
2
org.jenkins-ci.plugins:ec2
2
Django
2
github.com/answerdev/answer
2
github.com/containerd/containerd
2
next-auth
2
github.com/authzed/spicedb
2
Pillow
2
ezsystems/ezpublish-kernel
2
org.eclipse.jetty:jetty-server
2
cargo
2
s2n-quic
2
vantage6
2
horizon
2
symfony/security-http
2
org.xwiki.platform:xwiki-platform-oldcore
2
github.com/mattermost/mattermost-plugin-jira
2
october/cms
2
com.ruoyi:ruoyi
2
Nova
2
activesupport
2
parse-server
2
flarum/core
2
org.jenkins-ci.plugins:artifactory
2
github.com/ntbosscher/gobase
2
langchain
2
nokogiri
2
org.jenkins-ci.plugins:wso2id-oauth
2
keystone
2
microweber/microweber
2
github.com/cometbft/cometbft
2
gilacms/gila
2
github.com/hashicorp/nomad
2
OctoPrint
2
Zope
2
grumpydictator/firefly-iii
2
aiohttp
2
typo3/cms-install
2
github.com/mutagen-io/mutagen
2
ezsystems/ezplatform-kernel
2
Flask-AppBuilder
2
org.jenkins-ci.plugins:mercurial
2
org.jenkins-ci.plugins:repository-connector
2
org.bouncycastle:bcprov-jdk14
2
go.etcd.io/etcd/client/v3
2
fast-xml-parser
1
org.scala-sbt:io_3
1
org.wiremock:wiremock-standalone
1
github.com/oauth2-proxy/oauth2-proxy
1
ajenti
1
org.jenkins-ci.plugins:snsnotify
1
org.wiremock:wiremock
1
org.scala-sbt:io_2.13
1
org.scala-sbt:io_2.12
1
com.github.tomakehurst:wiremock-jre8
1
com.github.tomakehurst:wiremock-jre8-standalone
1
es5-ext
1
org.scala-sbt:sbt
1
wiremock
1
org.xwiki.platform:xwiki-platform-security-authentication-script
1
github.com/nats-io/nats-server/v2
1
rabbit_common
1
org.keycloak:keycloak-core
1
github.com/oauth2-proxy/oauth2-proxy/v7
1
hyper
1
org.jenkins-ci.plugins:openshift-deployer
1
@diez/generation
1
@liquity/contracts
1
github.com/Masterminds/goutils
1
qutebrowser
1
automad/automad
1
mindspore
1
go.elastic.co/apm
1
kafo
1
net.sf.mpxj:mpxj
1
net.sf.mpxj
1
net.sf.mpxj-for-csharp
1
net.sf.mpxj-for-vb
1
mpxj
1
keylime
1
kimai/kimai
1
zerocopy
1
francoisjacquet/rosariosis
1
RPLY
1
seneca
1
hooka-tools
1
org.bouncycastle:bcprov-jdk15to18
1
org.bouncycastle:bcprov-jdk13
1
org.bouncycastle:bcprov-jdk12
1
io.jenkins.plugins:gitlab-branch-source
1
org.springframework.batch:spring-batch-core
1
org.jenkins-ci.plugins:ghprb
1
com.xuxueli:xxl-job-core
1
virtualenv
1
com.typesafe.play:play
1
ember-source
1
@aedart/support
1
streamlit
1
org.jenkins-ci.plugins:reverse-proxy-auth-plugin
1
thelounge
1
flarum/framework
1
Werkzeug
1
django-basic-auth-ip-whitelist
1
github.com/canonical/lxd
1
markdown-link-extractor
1
github.com/flyteorg/flyteadmin
1
plone.restapi
1
datasette-graphql
1
org.keycloak:keycloak-server-spi-private
1
spina
1
admidio/admidio
1
phpmyfaq/phpmyfaq
1
solidus_backend
1
debug
1
org.keycloak:keycloak-parent
1
org.xmlunit:xmlunit-core
1
github.com/consensys/gnark-crypto
1
github.com/tendermint/tendermint
1
github.com/aws/aws-sdk-go
1
github.com/goharbor/harbor
1
Filter by Repository
https://github.com/tensorflow/tensorflow
109
https://github.com/moodle/moodle
17
https://github.com/concretecms/concretecms
13
https://github.com/shopware/platform
12
https://github.com/openstack/nova
11
https://github.com/etcd-io/etcd
8
https://github.com/umbraco/Umbraco-CMS
7
https://github.com/matrix-org/synapse
7
https://github.com/phpmyadmin/phpmyadmin
7
https://github.com/eclipse/jetty.project
7
https://github.com/vyperlang/vyper
7
https://github.com/octobercms/october
7
https://github.com/rails/rails
6
https://github.com/sweetalert2/sweetalert2
5
https://github.com/nodejs/undici
5
https://github.com/rack/rack
5
https://github.com/ansible/ansible
5
https://github.com/helm/helm
5
https://github.com/kubernetes/kubernetes
5
https://github.com/keycloak/keycloak
5
https://github.com/bytecodealliance/wasmtime
5
https://github.com/baserproject/basercms
5
https://github.com/TYPO3/typo3
5
https://github.com/xwiki/xwiki-platform
5
https://github.com/puppetlabs/puppet
5
https://github.com/jenkinsci/jenkins
5
https://github.com/simplesamlphp/simplesamlphp
4
https://github.com/apache/tomcat
4
https://github.com/cilium/cilium
4
https://github.com/wintercms/winter
4
https://github.com/shopware/shopware
4
https://github.com/electron/electron
4
https://github.com/mattermost/mattermost
4
https://github.com/vaadin/platform
4
https://github.com/django/django
3
https://github.com/cosmos/cosmos-sdk
3
https://github.com/ethyca/fides
3
https://github.com/nautobot/nautobot
3
https://github.com/symfony/symfony
3
https://github.com/pyca/cryptography
3
https://github.com/vaadin/flow
3
https://github.com/Sylius/Sylius
3
https://github.com/httplib2/httplib2
3
https://github.com/openstack/keystone
3
https://github.com/vantage6/vantage6
3
https://github.com/wagtail/wagtail
3
https://github.com/CVEProject/cvelist
3
https://github.com/phusion/passenger
3
https://github.com/nervosnetwork/ckb
3
https://github.com/Graylog2/graylog2-server
3
https://github.com/digitalbazaar/forge
3
https://github.com/apollographql/apollo-server
2
https://github.com/flarum/framework
2
https://github.com/rust-lang/cargo
2
https://github.com/aws/s2n-quic
2
https://github.com/nextauthjs/next-auth
2
https://github.com/apache/activemq
2
https://github.com/quarkusio/quarkus
2
https://github.com/saltstack/salt
2
https://github.com/jenkinsci/ec2-plugin
2
https://github.com/ezsystems/ezplatform-kernel
2
https://github.com/openstack/glance
2
https://github.com/ntbosscher/gobase
2
https://github.com/sparklemotion/nokogiri
2
https://github.com/craftcms/cms
2
https://github.com/nats-io/nats-server
2
https://github.com/ceph/ceph-deploy
2
https://github.com/microweber/microweber
2
https://github.com/aio-libs/aiohttp
2
https://github.com/zopefoundation/Zope
2
https://github.com/octoprint/octoprint
2
https://github.com/cometbft/cometbft
2
https://github.com/GilaCMS/gila
2
https://github.com/containerd/containerd
2
https://github.com/RIAEvangelist/node-ipc
2
https://github.com/openstack/horizon
2
https://github.com/sigstore/cosign
2
https://github.com/parse-community/parse-server
2
https://github.com/theupdateframework/python-tuf
2
https://gitlab.com/sequoia-pgp/sequoia
2
https://github.com/firefly-iii/firefly-iii
2
https://github.com/Flask-Middleware/flask-security
2
https://github.com/TYPO3/TYPO3.CMS
2
https://github.com/mutagen-io/mutagen
2
https://github.com/mattermost/mattermost-plugin-jira
2
https://github.com/dpgaspar/Flask-AppBuilder
2
https://github.com/hashicorp/nomad
2
https://github.com/bcgit/bc-java
2
https://github.com/micromatch/braces
2
https://github.com/pypa/pip
2
https://github.com/opencontainers/runc
2
https://github.com/answerdev/answer
2
https://github.com/authzed/spicedb
2
https://github.com/OpenZeppelin/openzeppelin-contracts
2
https://github.com/opencontainers/distribution-spec
2
https://github.com/brefphp/bref
1
https://github.com/swagger-api/swagger-codegen
1
https://github.com/fastify/fastify-http-proxy
1
https://github.com/joeferner/redis-commander
1
https://github.com/thelounge/thelounge
1
https://github.com/knative-extensions/eventing-github
1
https://github.com/dojo/dijit
1
https://github.com/PHPMailer/PHPMailer
1
https://github.com/personnummer/csharp
1
https://github.com/Consensys/gnark-crypto
1
https://github.com/httpie/httpie
1
https://github.com/waysact/webpack-subresource-integrity
1
https://github.com/keystonejs/keystone
1
https://github.com/plone/Products.CMFPlone
1
https://github.com/jenkinsci/mercurial-plugin
1
https://github.com/canonical/lxd
1
https://github.com/yiisoft/yii2-authclient
1
https://github.com/google/zerocopy
1
https://github.com/ezsystems/ezpublish-kernel
1
https://github.com/tinymce/tinymce
1
https://github.com/NVIDIA/NeMo
1
https://github.com/vapor/postgres-nio
1
https://github.com/jquery-validation/jquery-validation
1
https://github.com/Azure/setup-kubectl
1
https://github.com/theupdateframework/go-tuf
1
https://github.com/croogo/croogo
1
https://github.com/derbyjs/derby
1
https://github.com/puma/puma
1
https://github.com/endojs/endo
1
https://github.com/moq/moq
1
https://github.com/rails/globalid
1
https://github.com/medikoo/es5-ext
1
https://github.com/jenkinsci/email-ext-plugin
1
https://github.com/python-imaging/Pillow
1
https://github.com/jenkinsci/qmetry-for-jira-test-management-plugin
1
https://github.com/Cyber-Domain-Ontology/CDO-Utility-Local-UUID
1
https://github.com/simplegeo/python-oauth2
1
https://github.com/decidim/decidim
1
https://github.com/spinacms/spina
1
https://github.com/keylime/keylime
1
https://github.com/vega/vega
1
https://github.com/Masterminds/goutils
1
https://github.com/skylot/jadx
1
https://github.com/cloudfoundry/uaa
1
https://github.com/directus/directus
1
https://github.com/Twipped/ircdkit
1
https://github.com/electron-userland/electron-packager
1
https://github.com/ktorio/ktor
1
https://github.com/PrestaShop/productcomments
1
https://github.com/mlflow/mlflow
1
https://github.com/kopia/kopia
1
https://github.com/fluent/fluentd
1
https://github.com/jcubic/jquery.terminal
1
https://github.com/lexik/LexikJWTAuthenticationBundle
1
https://github.com/kitabisa/teler
1
https://github.com/firebase/firebase-tools
1
https://github.com/jeremylong/DependencyCheck
1
https://github.com/tauri-apps/tauri
1
https://github.com/node-red/node-red
1
https://github.com/ubernostrum/django-registration
1
https://github.com/personnummer/php
1
https://github.com/openjdk/jfx
1
https://github.com/livehelperchat/livehelperchat
1
https://github.com/CosmWasm/cosmwasm
1
https://github.com/cjvnjde/google-translate-api-browser
1
https://github.com/floriangaerber/Magnesium-PHP
1
https://github.com/zowe/imperative
1
https://github.com/jenkinsci/digitalocean-plugin
1
https://github.com/jenkinsci/inedo-buildmaster-plugin
1
https://github.com/onionshare/onionshare
1
https://github.com/sparklemotion/sqlite3-ruby
1
https://github.com/memorysafety/sudo-rs
1
https://github.com/ericcornelissen/shescape
1
https://github.com/alphagov/tech-docs-gem
1
https://github.com/tailscale/tailscale
1
https://github.com/Nebulosus/shamir
1
https://github.com/ajenti/ajenti
1
https://github.com/xuxueli/xxl-job
1
https://github.com/yourls/yourls
1
https://github.com/bbatsov/rubocop
1
https://github.com/dan1hc/fgr
1
https://github.com/jenkinsci/github-plugin
1
https://github.com/kiwitcms/Kiwi
1
https://github.com/gradle/gradle
1
https://gitlab.com/edneville/please
1
https://github.com/xmlunit/xmlunit
1
https://github.com/octokit/octopoller.rb
1
https://github.com/disintegration/imaging
1
https://github.com/node-js-libs/cli
1
https://github.com/Brondahl/EnumStringValues
1
https://github.com/foxcpp/maddy
1
https://github.com/jenkinsci/git-client-plugin
1
https://github.com/personnummer/go
1
https://github.com/amundsen-io/amundsenfrontendlibrary
1
https://github.com/elastic/apm-agent-go
1
https://github.com/rust-vmm/linux-loader
1
https://github.com/jenkinsci/resource-disposer-plugin
1
https://github.com/zopefoundation/Products.GenericSetup
1
https://github.com/npm/npm
1
https://github.com/triaxtec/openapi-python-client
1
https://github.com/arguiot/EyeJS
1
https://github.com/dub-flow/vulnerability-research
1
https://github.com/jenkinsci/gitlab-plugin
1
https://github.com/impredicative/bitlyshortener
1