Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Low Security Advisories

Loading...
Low
GSA_kwCzR0hTQS00N3h3LXZ3Nm0tdzlmcc4AA2wh
HashiCorp Vagrant Insecure Operation on Windows Junction / Mount Point vulnerability
Ecosystems: go
Packages: github.com/hashicorp/vagrant
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 months ago
Low
GSA_kwCzR0hTQS00d3Z3LTc1cWgtZnFqcM4AA4EM
Winter CMS Stored XSS through privileged upload of Media Manager file followed by renaming
Ecosystems: packagist
Packages: winter/wn-system-module
Source: GitHub Advisory Database
Blast Radius: 2.7
Published: 5 months ago
Low
GSA_kwCzR0hTQS1ocHYzLWY1cDctcHhqOc4AA2rA
Jenkins lambdatest-automation Plugin may expose Credentials access token
Ecosystems: maven
Packages: org.jenkins-ci.plugins:lambdatest-automation
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 months ago
Low
GSA_kwCzR0hTQS01YzR2LXZoOTUtYzY3Y84AAllH
Jenkins Email Extension Plugin SMTP password transmitted and displayed in plain text
Ecosystems: maven
Packages: org.jenkins-ci.plugins:email-ext
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS1qNTdyLTRxdzYtNThyM84AA2-Z
rusty_paseto vulnerable to private key extraction due to ed25519-dalek dependency
Ecosystems: cargo
Packages: rusty-paseto
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 6 months ago
Low
GSA_kwCzR0hTQS0yeDdyLTkzd3ctY3hycc4AA4Je
Winter CMS Local File Inclusion through Server Side Template Injection
Ecosystems: packagist
Packages: winter/wn-backend-module
Source: GitHub Advisory Database
Blast Radius: 4.5
Published: 4 months ago
Low
GSA_kwCzR0hTQS12NWY2LWhqbWYtOW1jNc4AA3lG
PyDrive2's unsafe YAML deserialization in LoadSettingsFile allows arbitrary code execution
Ecosystems: pypi
Packages: PyDrive2
Source: GitHub Advisory Database
Blast Radius: 6.8
Published: 5 months ago
Low
GSA_kwCzR0hTQS01NmhjLXdmNDktMmg5Ns4AAtDx
Plaintext Storage of a Password in Jenkins Deployment Dashboard Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:ec2-deployment-dashboard
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS1xcWhxLThyMmMtYzNmNc4AA322
nvdApiKey is logged in debug mode
Ecosystems: maven
Packages: org.owasp:dependency-check-maven, org.owasp:dependency-check-cli, org.owasp:dependency-check-ant
Source: GitHub Advisory Database
Blast Radius: 6.9
Published: 5 months ago
Low
GSA_kwCzR0hTQS03MmZwLXc0NGctNjI1cc4AA3BG
Signing DynamoDB Sets when using the AWS Database Encryption SDK.
Ecosystems: maven
Packages: software.amazon.cryptography:aws-database-encryption-sdk-dynamodb
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 6 months ago
Low
GSA_kwCzR0hTQS03eGcyLTgzZjgtMzltcs4AA4Lf
The DES/3DES cipher was used as part of the TLS protocol by installation tools
Ecosystems: go
Packages: github.com/karmada-io/karmada
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 months ago
Low
GSA_kwCzR0hTQS1majZjLXByZ2otZ3Izcs4AATys
Improper Limitation of a Pathname to a Restricted Directory in Apache Tomcat
Ecosystems: maven
Packages: org.apache.tomcat:tomcat
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Low
GSA_kwCzR0hTQS1oeDkzLWdjNzMtNXJwcs4AA3TE
Exposure of Sensitive Information in Elastic APM .NET Agent
Ecosystems: nuget
Packages: Elastic.Apm
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 6 months ago
Low
GSA_kwCzR0hTQS01MmgyLW0yY2YtOWpoNs4AAwRz
linux-loader reading beyond EOF could lead to infinite loop
Ecosystems: cargo
Packages: linux-loader
Source: GitHub Advisory Database
Blast Radius: 4.2
Published: over 1 year ago
Low
GSA_kwCzR0hTQS1nNXEyLWN4Z3EtaDJyd84AAm1i
Information leak in Gerrit
Ecosystems: maven
Packages: com.google.gerrit:gerrit-plugin-api
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS13NHg2LWhoM3gtd2pyeM4AA3q0
Stale copy of the public suffix list
Ecosystems: nuget
Packages: Gsemac.Net
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 5 months ago
Low
GSA_kwCzR0hTQS13MjY3LW05YzQtODU1Nc0xLw
Shopware user session is not logged out if the password is reset via password recovery
Ecosystems: packagist
Packages: shopware/core, shopware/platform
Source: GitHub Advisory Database
Blast Radius: 6.4
Published: about 2 years ago
Low
GSA_kwCzR0hTQS02eG14LTg1eDMtNGN2Ms4AA3ug
Stored XSS via SVG File Upload
Ecosystems: nuget
Packages: Umbraco.CMS
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 5 months ago
Low
GSA_kwCzR0hTQS02MzI0LTUycHItaDRwNc4AA3uc
Using the directory back payload (“/../”) in a package name allows placement of package in other folders.
Ecosystems: nuget
Packages: Umbraco.CMS
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 5 months ago
Low
GSA_kwCzR0hTQS13aGd2LTZqNzgtNXJoMs4AA3vI
Broken access control in Silverpeas
Ecosystems: maven
Packages: org.silverpeas.core:silverpeas-core-web, org.silverpeas.core:silverpeas-core-war
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 5 months ago
Low
GSA_kwCzR0hTQS1jZjZ2LTlqNTctdjZyNs4AA0Nx
code.gitea.io/gitea Open Redirect vulnerability
Ecosystems: go
Packages: code.gitea.io/gitea
Source: GitHub Advisory Database
Blast Radius: 4.7
Published: 11 months ago
Low
GSA_kwCzR0hTQS0zOXJ3LTRtNjYtODJnZs4AAmmH
Magento incorrect user permissions vulnerability within the Inventory component
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 2.9
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS00M3c0LTRqM2MtangyOc4AA4EN
Winter CMS Stored XSS through Backend ColorPicker FormWidget
Ecosystems: packagist
Packages: winter/wn-backend-module
Source: GitHub Advisory Database
Blast Radius: 2.7
Published: 5 months ago
Low
GSA_kwCzR0hTQS14ZzhwLWNwN2YtY3BoeM4AAiOC
DingTalk Plugin stores credentials in plain text
Ecosystems: maven
Packages: io.jenkins.plugins:dingding-notifications
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS1oMnBoLXZobTctZzRocM4AAwNV
Traefik may display authorization header in the debug logs
Ecosystems: go
Packages: github.com/traefik/traefik/v2
Source: GitHub Advisory Database
Blast Radius: 6.0
Published: over 1 year ago
Low
GSA_kwCzR0hTQS1tcjhxLTdmNWotd2M3Oc4AAmnC
Magento information disclosure vulnerability
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 4.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS1oM2dxLWo3cDkteDNwNM4AA4Gf
Mattermost Cross-site Scripting vulnerability
Ecosystems: go
Packages: github.com/mattermost/mattermost/server/v8
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 5 months ago
Low
GSA_kwCzR0hTQS14NTVwLTY1MjYteG1tcM4AARct
Exposure of Sensitive Information to an Unauthorized Actor in Jenkins
Ecosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Low
GSA_kwCzR0hTQS1xdnByLXFtNnctNnJjY84AAZ-c
OpenStack Keystone intended authorization restrictions bypass
Ecosystems: pypi
Packages: Keystone
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS13OTQyLWZ3OTItbXFtMs4AApza
Magento Information Disclosure vulnerability
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 4.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS0zMng2LXF2dzYtbXhqNM0vig
Forwarding of confidentials headers to third parties in fluture-node
Ecosystems: pypi, npm
Packages: request-util, fluture-node
Source: GitHub Advisory Database
Blast Radius: 2.2
Published: about 2 years ago
Low
GSA_kwCzR0hTQS1nZ3JoLWdyajMtdmZ2d84AAwEF
Package discontinued because Bitly lowered the free quota
Ecosystems: pypi
Packages: bitlyshortener
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Low
GSA_kwCzR0hTQS00dmY2LTJybXgtZmdxeM4AA4KC
Gila CMS SQL Injection vulnerability
Ecosystems: packagist
Packages: gilacms/gila
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 4 months ago
Low
GSA_kwCzR0hTQS1wZzk4LTZ2N2YtMnhmds4AAwBU
sweetalert2 v9.17.4 and above contains hidden functionality
Ecosystems: npm
Packages: sweetalert2
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Low
GSA_kwCzR0hTQS0zcGZqLWc0d3ItcWozas4AA4J-
Gila CMS SQL Injection vulnerability
Ecosystems: packagist
Packages: gilacms/gila
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 4 months ago
Low
GSA_kwCzR0hTQS1yZ3JmLTZtZjUtbTg4Ms4AA4Yr
cdo-local-uuid vulnerable to insertion of artifact derived from developer's Present Working Directory into demonstration code
Ecosystems: pypi
Packages: case-utils, cdo-local-uuid
Source: GitHub Advisory Database
Blast Radius: 0.7
Published: 4 months ago
Low
GSA_kwCzR0hTQS04cXA4LTlycHctajQ2Y84AA3ue
SMTP misconfiguration leading to "Forgot Password" exploit that leaks registered user email.
Ecosystems: nuget
Packages: Umbraco.CMS
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 5 months ago
Low
GSA_kwCzR0hTQS13NTYzLXJxMzctY3ZxNc4AAZ8H
Typo3 Backend History Module Vulnerable to XSS
Ecosystems: packagist
Packages: typo3/cms
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS1xbW13LWNoMnEtajZ4eM4AAZ8F
Typo3 Backend API XSS Vulnerability
Ecosystems: packagist
Packages: typo3/cms
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS1yZ2Y2LTlxN2ctNTVxZ84AAZ8K
Typo3 Function Menu API XSS Vulnerability
Ecosystems: packagist
Packages: typo3/cms
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS1jcXZxLWZ2aHItdjZoY84AAv_Z
`CHECK` failure in `SobolSample` via missing validation
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Low
GSA_kwCzR0hTQS03Z2c4LTNyNmotNWc1Nc4AAaFh
Typo3 Backend Configuration XSS Vulnerability
Ecosystems: packagist
Packages: typo3/cms
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS14eGdtLXFwajUtNDg4Ns4AAfko
OpenStack Nova Scheduler denial of service through scheduler_hints
Ecosystems: pypi
Packages: Nova
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS03dzZjLTVwcjQtN3F2cM4AAaFi
Typo3 Backend XSS Vulnerability
Ecosystems: packagist
Packages: typo3/cms
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS14ZjgzLXE3NjUteG02bc4AAv_Y
`CHECK` fail in `TensorListScatter` and `TensorListScatterV2` in eager mode
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Low
GSA_kwCzR0hTQS1jYzk0LWh3ajMtcmY2Nc30lw
Moodle's login_as feature leaks information from external repositories
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Low
GSA_kwCzR0hTQS01cDY5LXJteDgtN2d3N84AAd7q
phpMyAdmin Multiple XSS Vulnerabilities
Ecosystems: packagist
Packages: phpmyadmin/phpmyadmin
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS1xam1nLTc3eGgtN21qd84AAah4
Loggerhead XSS via filename
Ecosystems: pypi
Packages: loggerhead
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS1oY3ZwLTJjYzctanJ3cs4AA4oO
changedetection.io API endpoint is not secured with API token
Ecosystems: pypi
Packages: changedetection-io, changedetection.io
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 4 months ago
Low
GSA_kwCzR0hTQS1wY205LWZwNTUtNTYzds4AAf23
OWASP HTML Sanitizer allows redirecting to an arbitrary URL when JavaScript is disabled
Ecosystems: maven
Packages: com.googlecode.owasp-java-html-sanitizer:owasp-java-html-sanitizer
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS0ycTZqLWdxYzQtNGd3M84AA4gE
Breaking unlinkability in Identity Mixer using malicious keys
Ecosystems: cargo
Packages: ursa, anoncreds-clsignatures
Source: GitHub Advisory Database
Blast Radius: 5.4
Published: 4 months ago
Low
GSA_kwCzR0hTQS1mODk5LTRtcjQtZnFwds4AA4Uf
Apache Answer Race Condition vulnerability
Ecosystems: go
Packages: github.com/apache/incubator-answer
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 4 months ago
Low
GSA_kwCzR0hTQS12d3g0LWZycHItdzI3as0sKA
Improper Synchronization in Jenkins Convertigo Mobile Platform Plugin
Ecosystems: maven
Packages: com.convertigo.jenkins.plugins:convertigo-mobile-platform
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Low
GSA_kwCzR0hTQS1qNG1yLXZjNTQtaDVwY830Gw
Moodle cross-site scripting (XSS) vulnerability
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Low
GSA_kwCzR0hTQS05Zm1jLTVmcTQtNWp3aM4AAvx0
HashiCorp Nomad vulnerable to Insufficient Session Expiration
Ecosystems: go
Packages: github.com/hashicorp/nomad
Source: GitHub Advisory Database
Blast Radius: 6.3
Published: over 1 year ago
Low
GSA_kwCzR0hTQS13Nzd2LXhweHItYzZwds30LQ
Moodle cross-site scripting (XSS) vulnerability
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Low
GSA_kwCzR0hTQS12cmY2LXE3cWotNjl2Nc30JA
Moodle allows attackers to upload files containing JavaScript
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Low
GSA_kwCzR0hTQS1oaHIyLWY2NjgtZmYyd84AAiEl
Use of a weak cryptographic algorithm in Gradle
Ecosystems: maven
Packages: org.gradle:gradle-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS1tOGY1LTl3ZzgtMmMzaM30HA
Moodle multiple cross-site scripting (XSS) vulnerabilities
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Low
GSA_kwCzR0hTQS0yamN3LXI3OXgtNHI1ds30ZA
Moodle does not set the RISK_XSS bit for graders
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Low
GSA_kwCzR0hTQS05Zm13LW00cXgtNmNxOM30TA
Moodle cross-site scripting (XSS) vulnerability
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Low
GSA_kwCzR0hTQS02cjd4LTZxOTgtcWNxcM30Lg
Moodle does not set the RISK_XSS bit for graders
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Low
GSA_kwCzR0hTQS04NDU5LTZyYzktOHZmOM0rtA
Path traversal in github.com/cloudflare/cfrpki/cmd/octorpki
Ecosystems: go
Packages: github.com/cloudflare/cfrpki
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Low
GSA_kwCzR0hTQS1yam12LTUybXAtZ2pycs4AA480
vantage6 may create unencrypted tasks in encrypted collaboration
Ecosystems: pypi
Packages: vantage6
Source: GitHub Advisory Database
Blast Radius: 3.3
Published: 4 months ago
Low
GSA_kwCzR0hTQS00NWdxLXE0eGgtY3A1M84AA48y
vantage6 vulnerable to username timing attack
Ecosystems: pypi
Packages: vantage6-server
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 months ago
Low
GSA_kwCzR0hTQS1oOGc5LTZndmgtNW1yY84AAvLt
etcd vulnerable to TOCTOU of gateway endpoint authentication
Ecosystems: go
Packages: go.etcd.io/etcd/v3
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Low
GSA_kwCzR0hTQS1oODRxLW04cnItM3Y5cc4AA4-6
wasmtime_trap_code C API function has out of bounds write vulnerability
Ecosystems: cargo
Packages: wasmtime
Source: GitHub Advisory Database
Blast Radius: 12.9
Published: 4 months ago
Low
GSA_kwCzR0hTQS04MnZ4LW1tNnItZ2c4d84AA4_5
Bref vulnerable to Body Parsing Inconsistency in Event-Driven Functions
Ecosystems: packagist
Packages: bref/bref
Source: GitHub Advisory Database
Blast Radius: 9.0
Published: 3 months ago
Low
GSA_kwCzR0hTQS12amc2LTkzZnYtcXY2NM4AA5Co
Etcd auth Inaccurate logging of authentication attempts for users with CN-based auth only
Ecosystems: go
Packages: go.etcd.io/etcd
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
Low
GSA_kwCzR0hTQS1ncDN3LTJ2Mm0tcDY4Ns4AA5Bo
Vyper's external calls can overflow return data to return input buffer
Ecosystems: pypi
Packages: vyper
Source: GitHub Advisory Database
Blast Radius: 8.8
Published: 3 months ago
Low
GSA_kwCzR0hTQS1wbTNtLTMycjMtN21maM4AA5Cn
Etcd embed auto compaction retention negative value causing a compaction loop or a crash
Ecosystems: go
Packages: go.etcd.io/etcd
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
Low
GSA_kwCzR0hTQS01eDRnLXE1cmMtMzZqcM4AA5Cl
Etcd pkg Insecure ciphers are allowed by default
Ecosystems: go
Packages: go.etcd.io/etcd/client/pkg/v3
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXg3ZzItd3JycC1yNmgz
Use of a Broken or Risky Cryptographic Algorithm
Ecosystems: packagist
Packages: mautic/core
Source: GitHub Advisory Database
Blast Radius: 1.7
Published: over 2 years ago
Low
GSA_kwCzR0hTQS1nODU3LXA5OTctd3g3d83Mrw
TYPO3 Backend vulnerable to Cross-site Scripting
Ecosystems: packagist
Packages: typo3/cms-backend
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Low
GSA_kwCzR0hTQS1yNjU3LTMzdnAtZ3AyMs4AAu9-
parse-server auth adapter app ID validation can be circumvented
Ecosystems: npm
Packages: parse-server
Source: GitHub Advisory Database
Blast Radius: 11.4
Published: over 1 year ago
Low
GSA_kwCzR0hTQS04aGM2LXc0NG0td2Z4Zs4AA0zl
Potential leak of credentials in Micro Focus Dimensions CM Jenkins Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:dimensionsscm
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 10 months ago
Low
GSA_kwCzR0hTQS14cmo3LXg3Z3Atd3dxcs4AA5MN
Apache Solr's Streaming Expressions allow users to extract data from other Solr Clouds
Ecosystems: maven
Packages: org.apache.solr:solr-solrj, org.apache.solr:solr-solrj-streaming
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTI0bTMtdzhnOS1qd3Bx
Information disclosure of source code in SimpleSAMLphp
Ecosystems: packagist
Packages: simplesamlphp/simplesamlphp
Source: GitHub Advisory Database
Blast Radius: 7.5
Published: about 4 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXEzdnctNGp4My1ycnIy
personnummer/java vulnerable to Improper Input Validation
Ecosystems: maven
Packages: dev.personnummer:personnummer
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Low
GSA_kwCzR0hTQS00eGg0LXYycHEtanZobc4AAu6V
personnummer/dart vulnerable to Improper Input Validation
Ecosystems: pub
Packages: personnummer
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Low
GSA_kwCzR0hTQS04ZzRmLWZoN2YtNGZ3aM1oEQ
Apache Tomcat Default Installation Reveals Sensitive Information
Ecosystems: maven
Packages: org.apache.tomcat:tomcat
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Low
GSA_kwCzR0hTQS1wcjM5LTgyNTctZnhjMs4AA5Ci
Nervos CKB DoS: Process exists when p2p discovery protocol receives unsupported peer IP
Ecosystems: cargo
Packages: ckb
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 months ago
Low
GSA_kwCzR0hTQS05aHczLTRndnAtOG12Nc4AAaYZ
TYPO3 Cross-site scripting (XSS) vulnerability in the click enlarge functionality
Ecosystems: packagist
Packages: typo3/cms-frontend
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS05aGgyLThjdzYtaGZ2N84AAaYV
TYPO3 Cross-Site Scripting vulnerability in the Install Tool
Ecosystems: packagist
Packages: typo3/cms-install
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS1tM2Y0LTk1N3gtbTc4Nc4AA5OZ
lambda-middleware Inefficient Regular Expression Complexity vulnerability
Ecosystems: npm
Packages: @lambda-middleware/json-deserializer
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 months ago
Low
GSA_kwCzR0hTQS03ZzU5LWhtOHYtY3dtY82-SA
Apache Tomcat information disclosure vulnerability
Ecosystems: maven
Packages: org.apache.tomcat:tomcat
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Low
GSA_kwCzR0hTQS1nNDY4LXFqOGctdmNqY84AAu2P
TensorFlow vulnerable to `CHECK`-fail in `tensorflow::full_type::SubstituteFromAttrs`
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Low
GSA_kwCzR0hTQS1yaDg3LXE0dmctbTQ1as4AAu2M
TensorFlow vulnerable to integer overflow in math ops
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Low
GSA_kwCzR0hTQS00ZnA2LTU3NHAtZmMzNc4AA5L6
Mattermost Jira Plugin vulnerable to Cross-Site Request Forgery
Ecosystems: go
Packages: github.com/mattermost/mattermost-plugin-jira
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
Low
GSA_kwCzR0hTQS05djN3LWNqN20tcWg1Z84AA5MU
Concrete CMS vulnerable to reflected XSS via the Image URL Import Feature
Ecosystems: packagist
Packages: concrete5/concrete5
Source: GitHub Advisory Database
Blast Radius: 1.7
Published: 3 months ago
Low
GSA_kwCzR0hTQS14NDQ2LTN4aHEtNXhmcM07mA
Exposure of Resource to Wrong Sphere in Simple-Wayland-HotKey-Daemon
Ecosystems: cargo
Packages: Simple-Wayland-HotKey-Daemon
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Low
GSA_kwCzR0hTQS1qd2ZyLWg2anAtOXAyZ83iFw
Jenkins allows attackers to obtain the master cryptographic key
Ecosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Low
GSA_kwCzR0hTQS05cjI2LTV3ODgtcWhwOc4AA5X0
Authorization Bypass in moodle
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 5.0
Published: 3 months ago
Low
GSA_kwCzR0hTQS01NTJmLTk3d2YtcG1wcc4AA6LG
Umbraco possible user enumeration
Ecosystems: nuget
Packages: UmbracoCMS
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 months ago
Low
GSA_kwCzR0hTQS01YzVwLWp4dngteDdqMs2eqw
Apache Tomcat vulnerable to Cross-site Scripting
Ecosystems: maven
Packages: org.apache.tomcat:tomcat
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Low
GSA_kwCzR0hTQS1xcHhtLTY4OXItMzg0Oc4AA5gL
Apache Camel data exposure vulnerability
Ecosystems: maven
Packages: org.apache.camel:camel-core
Source: GitHub Advisory Database
Blast Radius: 11.4
Published: 3 months ago
Low
GSA_kwCzR0hTQS01NHJyLTdmdnctNng4Zs4AA5mC
Rack Header Parsing leads to Possible Denial of Service Vulnerability
Ecosystems: rubygems
Packages: rack
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
Low
GSA_kwCzR0hTQS14cXhtLTJycG0tMzg4Oc0kJQ
Comment reply notifications sent to incorrect users
Ecosystems: pypi
Packages: wagtail
Source: GitHub Advisory Database
Blast Radius: 11.5
Published: over 2 years ago
Low
GSA_kwCzR0hTQS01cnJxLXB4ZjYtNmp4Nc0hQg
Prototype Pollution in node-forge debug API.
Ecosystems: npm
Packages: node-forge
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
Low
GSA_kwCzR0hTQS14OXI1LWp4dnEtNDM4N80g-g
jquery.terminal self XSS on user input
Ecosystems: npm
Packages: jquery.terminal
Source: GitHub Advisory Database
Blast Radius: 8.8
Published: over 2 years ago
Statistics
Advisories: 18,745
Packages: 8,373
Repositories: 449
Ecosystems: 12
Filter by Severity
Moderate 8,146 High 6,444 Critical 2,847 Low 1,015
Filter by Ecosystem
pypi 458 maven 282 packagist 178 npm 129 go 125 rubygems 49 cargo 40 nuget 19 hex 3 pub 1 swift 1 actions 1
Filter by Package
tensorflow 109 tensorflow-gpu 93 tensorflow-cpu 93 moodle/moodle 17 concrete5/concrete5 13 shopware/platform 12 typo3/cms 11 github.com/mattermost/mattermost/server/v8 10 phpmyadmin/phpmyadmin 10 shopware/core 10 nova 9 org.apache.tomcat:tomcat 9 org.jenkins-ci.main:jenkins-core 9 matrix-synapse 7 vyper 7 puppet 6 Umbraco.CMS 6 k8s.io/kubernetes 5 typo3/cms-core 5 wasmtime 5 helm.sh/helm/v3 5 sweetalert2 5 ansible 5 undici 5 baserproject/basercms 5 rack 5 october/backend 5 org.keycloak:keycloak-services 4 com.vaadin:flow-server 4 shopware/shopware 4 simplesamlphp/simplesamlphp 4 electron 4 actionpack 4 magento/community-edition 4 github.com/mattermost/mattermost-server/v6 4 github.com/cilium/cilium 4 helm.sh/helm 4 com.vaadin:vaadin-bom 3 wagtail 3 bin-links 3 ckb 3 plone 3 github.com/cosmos/cosmos-sdk 3 sylius/sylius 3 @openzeppelin/contracts-upgradeable 3 passenger 3 httplib2 3 org.apache.hive:hive 3 ethyca-fides 3 org.apache.hive:hive-service 3 org.apache.hive:hive-exec 3 node-forge 3 glance 3 org.graylog2:graylog2-server 3 cryptography 3 go.etcd.io/etcd 3 nautobot 3 github.com/mattermost/mattermost-server 3 symfony/symfony 3 tuf 2 moin 2 @apollo/server 2 ceph-deploy 2 org.jenkins-ci.plugins:azure-ad 2 github.com/opencontainers/runc 2 tools.devnull:build-notifications 2 silverstripe/framework 2 @openzeppelin/contracts 2 craftcms/cms 2 pip 2 org.apache.activemq:activemq-parent 2 typo3/cms-frontend 2 salt 2 Flask-Security-Too 2 com.inedo.proget:inedo-proget 2 winter/wn-backend-module 2 braces 2 django 2 org.jenkins-ci.plugins:bigpanda-jenkins 2 node-ipc 2 github.com/sigstore/cosign 2 org.jenkins-ci.plugins:ec2 2 Django 2 github.com/answerdev/answer 2 github.com/containerd/containerd 2 next-auth 2 github.com/authzed/spicedb 2 Pillow 2 ezsystems/ezpublish-kernel 2 org.eclipse.jetty:jetty-server 2 cargo 2 s2n-quic 2 vantage6 2 horizon 2 symfony/security-http 2 org.xwiki.platform:xwiki-platform-oldcore 2 github.com/mattermost/mattermost-plugin-jira 2 october/cms 2 com.ruoyi:ruoyi 2 Nova 2 activesupport 2 parse-server 2 flarum/core 2 org.jenkins-ci.plugins:artifactory 2 github.com/ntbosscher/gobase 2 langchain 2 nokogiri 2 org.jenkins-ci.plugins:wso2id-oauth 2 keystone 2 microweber/microweber 2 github.com/cometbft/cometbft 2 gilacms/gila 2 github.com/hashicorp/nomad 2 OctoPrint 2 Zope 2 grumpydictator/firefly-iii 2 aiohttp 2 typo3/cms-install 2 github.com/mutagen-io/mutagen 2 ezsystems/ezplatform-kernel 2 Flask-AppBuilder 2 org.jenkins-ci.plugins:mercurial 2 org.jenkins-ci.plugins:repository-connector 2 org.bouncycastle:bcprov-jdk14 2 go.etcd.io/etcd/client/v3 2 fast-xml-parser 1 org.scala-sbt:io_3 1 org.wiremock:wiremock-standalone 1 github.com/oauth2-proxy/oauth2-proxy 1 ajenti 1 org.jenkins-ci.plugins:snsnotify 1 org.wiremock:wiremock 1 org.scala-sbt:io_2.13 1 org.scala-sbt:io_2.12 1 com.github.tomakehurst:wiremock-jre8 1 com.github.tomakehurst:wiremock-jre8-standalone 1 es5-ext 1 org.scala-sbt:sbt 1 wiremock 1 org.xwiki.platform:xwiki-platform-security-authentication-script 1 github.com/nats-io/nats-server/v2 1 rabbit_common 1 org.keycloak:keycloak-core 1 github.com/oauth2-proxy/oauth2-proxy/v7 1 hyper 1 org.jenkins-ci.plugins:openshift-deployer 1 @diez/generation 1 @liquity/contracts 1 github.com/Masterminds/goutils 1 qutebrowser 1 automad/automad 1 mindspore 1 go.elastic.co/apm 1 kafo 1 net.sf.mpxj:mpxj 1 net.sf.mpxj 1 net.sf.mpxj-for-csharp 1 net.sf.mpxj-for-vb 1 mpxj 1 keylime 1 kimai/kimai 1 zerocopy 1 francoisjacquet/rosariosis 1 RPLY 1 seneca 1 hooka-tools 1 org.bouncycastle:bcprov-jdk15to18 1 org.bouncycastle:bcprov-jdk13 1 org.bouncycastle:bcprov-jdk12 1 io.jenkins.plugins:gitlab-branch-source 1 org.springframework.batch:spring-batch-core 1 org.jenkins-ci.plugins:ghprb 1 com.xuxueli:xxl-job-core 1 virtualenv 1 com.typesafe.play:play 1 ember-source 1 @aedart/support 1 streamlit 1 org.jenkins-ci.plugins:reverse-proxy-auth-plugin 1 thelounge 1 flarum/framework 1 Werkzeug 1 django-basic-auth-ip-whitelist 1 github.com/canonical/lxd 1 markdown-link-extractor 1 github.com/flyteorg/flyteadmin 1 plone.restapi 1 datasette-graphql 1 org.keycloak:keycloak-server-spi-private 1 spina 1 admidio/admidio 1 phpmyfaq/phpmyfaq 1 solidus_backend 1 debug 1 org.keycloak:keycloak-parent 1 org.xmlunit:xmlunit-core 1 github.com/consensys/gnark-crypto 1 github.com/tendermint/tendermint 1 github.com/aws/aws-sdk-go 1 github.com/goharbor/harbor 1
Filter by Repository
https://github.com/tensorflow/tensorflow 109 https://github.com/moodle/moodle 17 https://github.com/concretecms/concretecms 13 https://github.com/shopware/platform 12 https://github.com/openstack/nova 11 https://github.com/etcd-io/etcd 8 https://github.com/umbraco/Umbraco-CMS 7 https://github.com/matrix-org/synapse 7 https://github.com/phpmyadmin/phpmyadmin 7 https://github.com/eclipse/jetty.project 7 https://github.com/vyperlang/vyper 7 https://github.com/octobercms/october 7 https://github.com/rails/rails 6 https://github.com/sweetalert2/sweetalert2 5 https://github.com/nodejs/undici 5 https://github.com/rack/rack 5 https://github.com/ansible/ansible 5 https://github.com/helm/helm 5 https://github.com/kubernetes/kubernetes 5 https://github.com/keycloak/keycloak 5 https://github.com/bytecodealliance/wasmtime 5 https://github.com/baserproject/basercms 5 https://github.com/TYPO3/typo3 5 https://github.com/xwiki/xwiki-platform 5 https://github.com/puppetlabs/puppet 5 https://github.com/jenkinsci/jenkins 5 https://github.com/simplesamlphp/simplesamlphp 4 https://github.com/apache/tomcat 4 https://github.com/cilium/cilium 4 https://github.com/wintercms/winter 4 https://github.com/shopware/shopware 4 https://github.com/electron/electron 4 https://github.com/mattermost/mattermost 4 https://github.com/vaadin/platform 4 https://github.com/django/django 3 https://github.com/cosmos/cosmos-sdk 3 https://github.com/ethyca/fides 3 https://github.com/nautobot/nautobot 3 https://github.com/symfony/symfony 3 https://github.com/pyca/cryptography 3 https://github.com/vaadin/flow 3 https://github.com/Sylius/Sylius 3 https://github.com/httplib2/httplib2 3 https://github.com/openstack/keystone 3 https://github.com/vantage6/vantage6 3 https://github.com/wagtail/wagtail 3 https://github.com/CVEProject/cvelist 3 https://github.com/phusion/passenger 3 https://github.com/nervosnetwork/ckb 3 https://github.com/Graylog2/graylog2-server 3 https://github.com/digitalbazaar/forge 3 https://github.com/apollographql/apollo-server 2 https://github.com/flarum/framework 2 https://github.com/rust-lang/cargo 2 https://github.com/aws/s2n-quic 2 https://github.com/nextauthjs/next-auth 2 https://github.com/apache/activemq 2 https://github.com/quarkusio/quarkus 2 https://github.com/saltstack/salt 2 https://github.com/jenkinsci/ec2-plugin 2 https://github.com/ezsystems/ezplatform-kernel 2 https://github.com/openstack/glance 2 https://github.com/ntbosscher/gobase 2 https://github.com/sparklemotion/nokogiri 2 https://github.com/craftcms/cms 2 https://github.com/nats-io/nats-server 2 https://github.com/ceph/ceph-deploy 2 https://github.com/microweber/microweber 2 https://github.com/aio-libs/aiohttp 2 https://github.com/zopefoundation/Zope 2 https://github.com/octoprint/octoprint 2 https://github.com/cometbft/cometbft 2 https://github.com/GilaCMS/gila 2 https://github.com/containerd/containerd 2 https://github.com/RIAEvangelist/node-ipc 2 https://github.com/openstack/horizon 2 https://github.com/sigstore/cosign 2 https://github.com/parse-community/parse-server 2 https://github.com/theupdateframework/python-tuf 2 https://gitlab.com/sequoia-pgp/sequoia 2 https://github.com/firefly-iii/firefly-iii 2 https://github.com/Flask-Middleware/flask-security 2 https://github.com/TYPO3/TYPO3.CMS 2 https://github.com/mutagen-io/mutagen 2 https://github.com/mattermost/mattermost-plugin-jira 2 https://github.com/dpgaspar/Flask-AppBuilder 2 https://github.com/hashicorp/nomad 2 https://github.com/bcgit/bc-java 2 https://github.com/micromatch/braces 2 https://github.com/pypa/pip 2 https://github.com/opencontainers/runc 2 https://github.com/answerdev/answer 2 https://github.com/authzed/spicedb 2 https://github.com/OpenZeppelin/openzeppelin-contracts 2 https://github.com/opencontainers/distribution-spec 2 https://github.com/brefphp/bref 1 https://github.com/swagger-api/swagger-codegen 1 https://github.com/fastify/fastify-http-proxy 1 https://github.com/joeferner/redis-commander 1 https://github.com/thelounge/thelounge 1 https://github.com/knative-extensions/eventing-github 1 https://github.com/dojo/dijit 1 https://github.com/PHPMailer/PHPMailer 1 https://github.com/personnummer/csharp 1 https://github.com/Consensys/gnark-crypto 1 https://github.com/httpie/httpie 1 https://github.com/waysact/webpack-subresource-integrity 1 https://github.com/keystonejs/keystone 1 https://github.com/plone/Products.CMFPlone 1 https://github.com/jenkinsci/mercurial-plugin 1 https://github.com/canonical/lxd 1 https://github.com/yiisoft/yii2-authclient 1 https://github.com/google/zerocopy 1 https://github.com/ezsystems/ezpublish-kernel 1 https://github.com/tinymce/tinymce 1 https://github.com/NVIDIA/NeMo 1 https://github.com/vapor/postgres-nio 1 https://github.com/jquery-validation/jquery-validation 1 https://github.com/Azure/setup-kubectl 1 https://github.com/theupdateframework/go-tuf 1 https://github.com/croogo/croogo 1 https://github.com/derbyjs/derby 1 https://github.com/puma/puma 1 https://github.com/endojs/endo 1 https://github.com/moq/moq 1 https://github.com/rails/globalid 1 https://github.com/medikoo/es5-ext 1 https://github.com/jenkinsci/email-ext-plugin 1 https://github.com/python-imaging/Pillow 1 https://github.com/jenkinsci/qmetry-for-jira-test-management-plugin 1 https://github.com/Cyber-Domain-Ontology/CDO-Utility-Local-UUID 1 https://github.com/simplegeo/python-oauth2 1 https://github.com/decidim/decidim 1 https://github.com/spinacms/spina 1 https://github.com/keylime/keylime 1 https://github.com/vega/vega 1 https://github.com/Masterminds/goutils 1 https://github.com/skylot/jadx 1 https://github.com/cloudfoundry/uaa 1 https://github.com/directus/directus 1 https://github.com/Twipped/ircdkit 1 https://github.com/electron-userland/electron-packager 1 https://github.com/ktorio/ktor 1 https://github.com/PrestaShop/productcomments 1 https://github.com/mlflow/mlflow 1 https://github.com/kopia/kopia 1 https://github.com/fluent/fluentd 1 https://github.com/jcubic/jquery.terminal 1 https://github.com/lexik/LexikJWTAuthenticationBundle 1 https://github.com/kitabisa/teler 1 https://github.com/firebase/firebase-tools 1 https://github.com/jeremylong/DependencyCheck 1 https://github.com/tauri-apps/tauri 1 https://github.com/node-red/node-red 1 https://github.com/ubernostrum/django-registration 1 https://github.com/personnummer/php 1 https://github.com/openjdk/jfx 1 https://github.com/livehelperchat/livehelperchat 1 https://github.com/CosmWasm/cosmwasm 1 https://github.com/cjvnjde/google-translate-api-browser 1 https://github.com/floriangaerber/Magnesium-PHP 1 https://github.com/zowe/imperative 1 https://github.com/jenkinsci/digitalocean-plugin 1 https://github.com/jenkinsci/inedo-buildmaster-plugin 1 https://github.com/onionshare/onionshare 1 https://github.com/sparklemotion/sqlite3-ruby 1 https://github.com/memorysafety/sudo-rs 1 https://github.com/ericcornelissen/shescape 1 https://github.com/alphagov/tech-docs-gem 1 https://github.com/tailscale/tailscale 1 https://github.com/Nebulosus/shamir 1 https://github.com/ajenti/ajenti 1 https://github.com/xuxueli/xxl-job 1 https://github.com/yourls/yourls 1 https://github.com/bbatsov/rubocop 1 https://github.com/dan1hc/fgr 1 https://github.com/jenkinsci/github-plugin 1 https://github.com/kiwitcms/Kiwi 1 https://github.com/gradle/gradle 1 https://gitlab.com/edneville/please 1 https://github.com/xmlunit/xmlunit 1 https://github.com/octokit/octopoller.rb 1 https://github.com/disintegration/imaging 1 https://github.com/node-js-libs/cli 1 https://github.com/Brondahl/EnumStringValues 1 https://github.com/foxcpp/maddy 1 https://github.com/jenkinsci/git-client-plugin 1 https://github.com/personnummer/go 1 https://github.com/amundsen-io/amundsenfrontendlibrary 1 https://github.com/elastic/apm-agent-go 1 https://github.com/rust-vmm/linux-loader 1 https://github.com/jenkinsci/resource-disposer-plugin 1 https://github.com/zopefoundation/Products.GenericSetup 1 https://github.com/npm/npm 1 https://github.com/triaxtec/openapi-python-client 1 https://github.com/arguiot/EyeJS 1 https://github.com/dub-flow/vulnerability-research 1 https://github.com/jenkinsci/gitlab-plugin 1 https://github.com/impredicative/bitlyshortener 1