Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Moderate Security Advisories
Loading...
Moderate
Ecosystems: npm
Packages: preact
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWNnNDgtOWhoMi14Nm14
HTML Injection in preactEcosystems: npm
Packages: preact
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Moderate
Ecosystems: npm
Packages: ws
Source: GitHub Advisory Database
Blast Radius: 31.6
Published: almost 3 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZmYzgtNGd4NC12Njkz
ReDoS in Sec-Websocket-Protocol headerEcosystems: npm
Packages: ws
Source: GitHub Advisory Database
Blast Radius: 31.6
Published: almost 3 years ago
Moderate
Ecosystems: npm
Packages: concat-with-sourcemaps
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 5 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJ4djMtaDc2Mi1jY3h2
Out-of-bounds Read in concat-with-sourcemapsEcosystems: npm
Packages: concat-with-sourcemaps
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 5 years ago
Moderate
Ecosystems: go
Packages: k8s.io/kubernetes
Source: GitHub Advisory Database
Blast Radius: 17.7
Published: over 2 years ago
GSA_kwCzR0hTQS03NGo4LTg4bW0tNzQ5Ns0V6Q
Confused Deputy in KubernetesEcosystems: go
Packages: k8s.io/kubernetes
Source: GitHub Advisory Database
Blast Radius: 17.7
Published: over 2 years ago
Moderate
Ecosystems: maven
Packages: org.apache.spark:spark-core_2.10, org.apache.spark:spark-core_2.11
Source: GitHub Advisory Database
Blast Radius: 16.6
Published: over 5 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXc0cjQtNjVtZy00NXgy
org.apache.spark:spark-core_2.10 and org.apache.spark:spark-core_2.11 Improper Authentication vulnerabilityEcosystems: maven
Packages: org.apache.spark:spark-core_2.10, org.apache.spark:spark-core_2.11
Source: GitHub Advisory Database
Blast Radius: 16.6
Published: over 5 years ago
Moderate
Ecosystems: packagist
Packages: pimcore/pimcore
Source: GitHub Advisory Database
Blast Radius: 13.2
Published: over 2 years ago
GSA_kwCzR0hTQS01Nzl4LWNqdnItY3FqOc0V2g
Observable Response Discrepancy in Lost Password ServiceEcosystems: packagist
Packages: pimcore/pimcore
Source: GitHub Advisory Database
Blast Radius: 13.2
Published: over 2 years ago
Moderate
Ecosystems: rubygems
Packages: ciborg
Source: GitHub Advisory Database
Blast Radius: 2.6
Published: almost 6 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWc5ODItOXI4Zy02cXh3
Ciborg gem for Ruby allows local users to write files and gain privileges via SymlinkEcosystems: rubygems
Packages: ciborg
Source: GitHub Advisory Database
Blast Radius: 2.6
Published: almost 6 years ago
Moderate
Ecosystems: packagist
Packages: icecoder/icecoder
Source: GitHub Advisory Database
Blast Radius: 1.6
Published: over 2 years ago
GSA_kwCzR0hTQS1qZjl2LXE4dmgtM2ZtY80VrQ
Cross-site scripting in ICEcoderEcosystems: packagist
Packages: icecoder/icecoder
Source: GitHub Advisory Database
Blast Radius: 1.6
Published: over 2 years ago
Moderate
Ecosystems: go
Packages: github.com/argoproj/argo-workflows/v3
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 3 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWg1NjMteGgyNS14NTRx
Workflow re-write vulnerability using input parameterEcosystems: go
Packages: github.com/argoproj/argo-workflows/v3
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 3 years ago
Moderate
Ecosystems: packagist
Packages: mautic/core
Source: GitHub Advisory Database
Blast Radius: 3.0
Published: over 2 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTMyaHctM3B2aC12Y3Zj
XSS vulnerability on password reset pageEcosystems: packagist
Packages: mautic/core
Source: GitHub Advisory Database
Blast Radius: 3.0
Published: over 2 years ago
Moderate
Ecosystems: go
Packages: github.com/hashicorp/vault
Source: GitHub Advisory Database
Blast Radius: 17.8
Published: over 2 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTYyMzktMjhjMi05bXJt
Improper Removal of Sensitive Information Before Storage or Transfer in HashiCorp VaultEcosystems: go
Packages: github.com/hashicorp/vault
Source: GitHub Advisory Database
Blast Radius: 17.8
Published: over 2 years ago
Moderate
Ecosystems: cargo
Packages: libpulse-binding
Source: GitHub Advisory Database
Blast Radius: 18.2
Published: over 2 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZndmMtNGp2ai1wd3E0
Use after free in libpulse-bindingEcosystems: cargo
Packages: libpulse-binding
Source: GitHub Advisory Database
Blast Radius: 18.2
Published: over 2 years ago
Moderate
Ecosystems: packagist
Packages: pimcore/pimcore
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXBwMmgtOTVobS1odjly
Improper Neutralization of Formula Elements in a CSV File in pimcore/pimcoreEcosystems: packagist
Packages: pimcore/pimcore
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
Moderate
Ecosystems: packagist
Packages: contao/core-bundle, contao/contao
Source: GitHub Advisory Database
Blast Radius: 19.4
Published: over 2 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWhyM2gteDZncS1ycWNw
Cross site scripting via HTML attributes in the back endEcosystems: packagist
Packages: contao/core-bundle, contao/contao
Source: GitHub Advisory Database
Blast Radius: 19.4
Published: over 2 years ago
Moderate
Ecosystems: npm
Packages: mootools
Source: GitHub Advisory Database
Blast Radius: 13.6
Published: over 2 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXg2aHgtN2doMy0zcTk4
Prototype Pollution in mootoolsEcosystems: npm
Packages: mootools
Source: GitHub Advisory Database
Blast Radius: 13.6
Published: over 2 years ago
Moderate
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 26.8
Published: over 2 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXFmcGMtNXBqci1taDI2
Missing validation in shape inference for `Dequantize`Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 26.8
Published: over 2 years ago
Moderate
Ecosystems: pypi
Packages: tensorflow
Source: GitHub Advisory Database
Blast Radius: 26.8
Published: over 2 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWp3ZjktdzV4bS1mNDM3
Heap OOB in TFLite's `Gather*` implementationsEcosystems: pypi
Packages: tensorflow
Source: GitHub Advisory Database
Blast Radius: 26.8
Published: over 2 years ago
Moderate
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 26.8
Published: over 2 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTI3OGctcnE4NC05aG1n
`CHECK`-fail in `MapStage`Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 26.8
Published: over 2 years ago
Moderate
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 26.8
Published: over 2 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTI3ajUtNHA5di1wcDY3
`std::abort` raised from `TensorListReserve`Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 26.8
Published: over 2 years ago
Moderate
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 26.8
Published: over 2 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTl3MnAtNW1ndy1wOTRj
Integer overflow due to conversion to unsignedEcosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 26.8
Published: over 2 years ago
Moderate
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 26.8
Published: over 2 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWNoNGYtODI5Yy12NXB3
Division by 0 in `ResourceScatterDiv`Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 26.8
Published: over 2 years ago
Moderate
Ecosystems: pypi
Packages: AccessControl
Source: GitHub Advisory Database
Blast Radius: 4.7
Published: almost 3 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXFjeDktajUzZy1jY2dm
Remote Code Execution via unsafe classes in otherwise permitted modulesEcosystems: pypi
Packages: AccessControl
Source: GitHub Advisory Database
Blast Radius: 4.7
Published: almost 3 years ago
Moderate
Ecosystems: npm
Packages: curly-bracket-parser
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 3 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJxZjgtOGM4OS1tdzI5
Cross-site Scripting in curly-bracket-parserEcosystems: npm
Packages: curly-bracket-parser
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 3 years ago
Moderate
Ecosystems: packagist
Packages: typo3/cms, typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 23.0
Published: almost 3 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLThtcTktZnF2OC01OXdm
Cross-Site Scripting in Page PreviewEcosystems: packagist
Packages: typo3/cms, typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 23.0
Published: almost 3 years ago
Moderate
Ecosystems: npm
Packages: urijs
Source: GitHub Advisory Database
Blast Radius: 27.9
Published: almost 3 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTg5Z3YtaDh3Zi1jZzhy
URIjs Vulnerable to Hostname spoofing via backslashes in URLEcosystems: npm
Packages: urijs
Source: GitHub Advisory Database
Blast Radius: 27.9
Published: almost 3 years ago
Moderate
Ecosystems: pypi
Packages: Flask-User
Source: GitHub Advisory Database
Blast Radius: 10.8
Published: almost 3 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTQyOTgtODloYy02cmZ2
Open Redirect in Flask-UserEcosystems: pypi
Packages: Flask-User
Source: GitHub Advisory Database
Blast Radius: 10.8
Published: almost 3 years ago
Moderate
Ecosystems: maven
Packages: io.ratpack:ratpack-session
Source: GitHub Advisory Database
Blast Radius: 7.6
Published: almost 3 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXBoajgtNGNxMy03OTRn
Unencrypted storage of client side sessionsEcosystems: maven
Packages: io.ratpack:ratpack-session
Source: GitHub Advisory Database
Blast Radius: 7.6
Published: almost 3 years ago
Moderate
Ecosystems: go
Packages: github.com/AndrewBurian/powermux
Source: GitHub Advisory Database
Blast Radius: 2.2
Published: almost 3 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW1qOXItd3dtOC03cTUy
Open Redirect in github.com/AndrewBurian/powermuxEcosystems: go
Packages: github.com/AndrewBurian/powermux
Source: GitHub Advisory Database
Blast Radius: 2.2
Published: almost 3 years ago
Moderate
Ecosystems: npm
Packages: react-bootstrap-table
Source: GitHub Advisory Database
Blast Radius: 20.2
Published: over 2 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTI1ODktdzZ4Zi05ODNy
Cross-site scripting in react-bootstrap-tableEcosystems: npm
Packages: react-bootstrap-table
Source: GitHub Advisory Database
Blast Radius: 20.2
Published: over 2 years ago
Moderate
Ecosystems: go
Packages: github.com/pterodactyl/wings
Source: GitHub Advisory Database
Blast Radius: 1.9
Published: almost 3 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZyZzMtOGg4eC01eGZ2
Unchecked hostname resolution could allow access to local network resources by users outside the local networkEcosystems: go
Packages: github.com/pterodactyl/wings
Source: GitHub Advisory Database
Blast Radius: 1.9
Published: almost 3 years ago
Moderate
Ecosystems: go
Packages: github.com/rancher/rancher
Source: GitHub Advisory Database
Blast Radius: 6.7
Published: almost 3 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTlxcTIteGhtYy1oOXFy
Access Control BypassEcosystems: go
Packages: github.com/rancher/rancher
Source: GitHub Advisory Database
Blast Radius: 6.7
Published: almost 3 years ago
Moderate
Ecosystems: nuget, maven
Packages: BouncyCastle, org.bouncycastle:bcprov-jdk16, org.bouncycastle:bcprov-jdk15to18, org.bouncycastle:bcprov-jdk15on, org.bouncycastle:bcprov-jdk15, org.bouncycastle:bcprov-jdk14, org.bouncycastle:bcprov-ext-jdk16, org.bouncycastle:bcprov-ext-jdk15on, org.bouncycastle:bc-fips
Source: GitHub Advisory Database
Blast Radius: 22.8
Published: almost 3 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZ4eDMtcmc5OS1nYzNw
Timing based private key exposure in Bouncy CastleEcosystems: nuget, maven
Packages: BouncyCastle, org.bouncycastle:bcprov-jdk16, org.bouncycastle:bcprov-jdk15to18, org.bouncycastle:bcprov-jdk15on, org.bouncycastle:bcprov-jdk15, org.bouncycastle:bcprov-jdk14, org.bouncycastle:bcprov-ext-jdk16, org.bouncycastle:bcprov-ext-jdk15on, org.bouncycastle:bc-fips
Source: GitHub Advisory Database
Blast Radius: 22.8
Published: almost 3 years ago
Moderate
Ecosystems: packagist
Packages: neos/form
Source: GitHub Advisory Database
Blast Radius: 12.7
Published: almost 3 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW01dngtOGNoeC1xdm1t
Form validation can be skippedEcosystems: packagist
Packages: neos/form
Source: GitHub Advisory Database
Blast Radius: 12.7
Published: almost 3 years ago
Moderate
Ecosystems: pypi
Packages: urllib3
Source: GitHub Advisory Database
Blast Radius: 36.6
Published: almost 3 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXdxdnEtNW04Yy02ZzI0
CRLF injection in urllib3Ecosystems: pypi
Packages: urllib3
Source: GitHub Advisory Database
Blast Radius: 36.6
Published: almost 3 years ago
Moderate
Ecosystems: npm
Packages: matrix-appservice-bridge
Source: GitHub Advisory Database
Blast Radius: 17.5
Published: almost 3 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTM1ZzQtcXgzYy12amh4
Automatic room upgrade handling can be used maliciously to bridge a room non-consentuallyEcosystems: npm
Packages: matrix-appservice-bridge
Source: GitHub Advisory Database
Blast Radius: 17.5
Published: almost 3 years ago
Moderate
Ecosystems: maven
Packages: org.jenkins-ci.plugins:scriptler
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTVjNmMtdzRjNC12Z3Z4
Stored XSS vulnerability in Jenkins Scriptler PluginEcosystems: maven
Packages: org.jenkins-ci.plugins:scriptler
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Moderate
Ecosystems: maven
Packages: org.jenkins-ci.plugins:kiuwanJenkinsPlugin
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 3 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLThoNzctM3h3ci1ocWho
Cross-site scripting in Jenkins Kiuwan PluginEcosystems: maven
Packages: org.jenkins-ci.plugins:kiuwanJenkinsPlugin
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 3 years ago
Moderate
Ecosystems: pypi
Packages: Flask-Unchained
Source: GitHub Advisory Database
Blast Radius: 7.9
Published: almost 3 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXBqYzQtM3c5OS1qN3Y0
Open redirect in Flask-UnchainedEcosystems: pypi
Packages: Flask-Unchained
Source: GitHub Advisory Database
Blast Radius: 7.9
Published: almost 3 years ago
Moderate
Ecosystems: npm
Packages: keystone
Source: GitHub Advisory Database
Blast Radius: 14.1
Published: over 6 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTdjdjYtZ3Z4My1tNTRt
Cross-Site Scripting in keystoneEcosystems: npm
Packages: keystone
Source: GitHub Advisory Database
Blast Radius: 14.1
Published: over 6 years ago
Moderate
Ecosystems: rubygems
Packages: activestorage
Source: GitHub Advisory Database
Blast Radius: 35.5
Published: over 5 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTdycjctcmNqdy01NnZq
Exposure of Sensitive Information to an Unauthorized Actor in activestorageEcosystems: rubygems
Packages: activestorage
Source: GitHub Advisory Database
Blast Radius: 35.5
Published: over 5 years ago
Moderate
Ecosystems: maven
Packages: org.apache.jspwiki:jspwiki-main
Source: GitHub Advisory Database
Blast Radius: 7.9
Published: about 5 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWZtcHEtdzVxNi05dmY5
Moderate severity vulnerability that affects org.apache.jspwiki:jspwiki-mainEcosystems: maven
Packages: org.apache.jspwiki:jspwiki-main
Source: GitHub Advisory Database
Blast Radius: 7.9
Published: about 5 years ago
Moderate
Ecosystems: rubygems
Packages: nokogiri
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 6 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXE3d3gtNjJyNy1qMng3
Nokogiri vulnerable to libxml XML Entity ExpansionEcosystems: rubygems
Packages: nokogiri
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 6 years ago
Moderate
Ecosystems: pypi
Packages: Products.CMFPlone, Products.PasswordResetTool
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 6 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXA3aDktdmY5Mi01Zmo1
Cross-site scripting in Products.CMFPlone and Products.PasswordResetToolEcosystems: pypi
Packages: Products.CMFPlone, Products.PasswordResetTool
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 6 years ago
Moderate
Ecosystems: rubygems
Packages: activerecord
Source: GitHub Advisory Database
Blast Radius: 31.6
Published: over 6 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXhycjYtM3BjNC1tNDQ3
Active Record Improper Access ControlEcosystems: rubygems
Packages: activerecord
Source: GitHub Advisory Database
Blast Radius: 31.6
Published: over 6 years ago
Moderate
Ecosystems: pypi
Packages: websockets
Source: GitHub Advisory Database
Blast Radius: 26.4
Published: almost 3 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLThjaDQtNThxcC1nM21w
Observable Timing Discrepancy in aaugustin websockets libraryEcosystems: pypi
Packages: websockets
Source: GitHub Advisory Database
Blast Radius: 26.4
Published: almost 3 years ago
Moderate
Ecosystems: npm
Packages: @backstage/plugin-techdocs
Source: GitHub Advisory Database
Blast Radius: 17.8
Published: almost 3 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWdnOTYtZjh3ci1wODlm
Script injectionEcosystems: npm
Packages: @backstage/plugin-techdocs
Source: GitHub Advisory Database
Blast Radius: 17.8
Published: almost 3 years ago
Moderate
Ecosystems: maven
Packages: org.jboss.xnio:xnio-nio
Source: GitHub Advisory Database
Blast Radius: 18.7
Published: almost 3 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWM3MzgtNzd4OC13bXE1
Uncontrolled Resource Consumption in XNIOEcosystems: maven
Packages: org.jboss.xnio:xnio-nio
Source: GitHub Advisory Database
Blast Radius: 18.7
Published: almost 3 years ago
Moderate
Ecosystems: pypi
Packages: ansible
Source: GitHub Advisory Database
Blast Radius: 20.8
Published: almost 3 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXI2aDctNXBxMi1qNzdo
Insufficiently random values in AnsibleEcosystems: pypi
Packages: ansible
Source: GitHub Advisory Database
Blast Radius: 20.8
Published: almost 3 years ago
Moderate
Ecosystems: go
Packages: github.com/ovn-org/ovn-kubernetes
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 3 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTU3djQtbTlqeC1taDhy
Improper Input ValidationEcosystems: go
Packages: github.com/ovn-org/ovn-kubernetes
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 3 years ago
Moderate
Ecosystems: pypi
Packages: Flask-AppBuilder
Source: GitHub Advisory Database
Blast Radius: 14.7
Published: almost 3 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTQzNGgtcDRneC1qbTg5
Observable Response Discrepancy in Flask-AppBuilderEcosystems: pypi
Packages: Flask-AppBuilder
Source: GitHub Advisory Database
Blast Radius: 14.7
Published: almost 3 years ago
Moderate
Ecosystems: go
Packages: github.com/russellhaering/goxmldsig
Source: GitHub Advisory Database
Blast Radius: 16.9
Published: almost 3 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXE1NDctZ21mOC04anI3
github.com/russellhaering/goxmldsig vulnerable to Signature Validation BypassEcosystems: go
Packages: github.com/russellhaering/goxmldsig
Source: GitHub Advisory Database
Blast Radius: 16.9
Published: almost 3 years ago
Moderate
Ecosystems: go
Packages: ktbs.dev/teler
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 3 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWpoajYtNW1oNi00cHZm
Denial-of-Service within Docker containerEcosystems: go
Packages: ktbs.dev/teler
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 3 years ago
Moderate
Ecosystems: maven
Packages: org.opennms:opennms
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 3 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWpqaHctNW14cC0yZzJx
Cross-site Scripting in OpenNMS HorizonEcosystems: maven
Packages: org.opennms:opennms
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 3 years ago
Moderate
Ecosystems: go
Packages: github.com/argoproj/argo-cd
Source: GitHub Advisory Database
Blast Radius: 9.8
Published: almost 3 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZ3ODctZzgzOS05d3Y3
Helm OCI credentials leaked into Argo CD logsEcosystems: go
Packages: github.com/argoproj/argo-cd
Source: GitHub Advisory Database
Blast Radius: 9.8
Published: almost 3 years ago
Moderate
Ecosystems: go
Packages: github.com/argoproj/argo-cd/v2
Source: GitHub Advisory Database
Blast Radius: 10.2
Published: almost 3 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXFxNXYtZjRjMy0zOTVj
Possible XSS when using SSO with the CLI in github.com/argoproj/argo-cd/v2Ecosystems: go
Packages: github.com/argoproj/argo-cd/v2
Source: GitHub Advisory Database
Blast Radius: 10.2
Published: almost 3 years ago
Moderate
Ecosystems: go
Packages: github.com/pomerium/pomerium
Source: GitHub Advisory Database
Blast Radius: 4.4
Published: almost 3 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTM1dmMtdzkzdy03NWMy
JWT leak via Open Redirect in Programmatic accessEcosystems: go
Packages: github.com/pomerium/pomerium
Source: GitHub Advisory Database
Blast Radius: 4.4
Published: almost 3 years ago
Moderate
Ecosystems: go
Packages: github.com/filecoin-project/lotus
Source: GitHub Advisory Database
Blast Radius: 13.1
Published: almost 3 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTRnNTItcHFjai1waHZo
BLS Signature "Malleability"Ecosystems: go
Packages: github.com/filecoin-project/lotus
Source: GitHub Advisory Database
Blast Radius: 13.1
Published: almost 3 years ago
Moderate
Ecosystems: go
Packages: github.com/bitly/oauth2_proxy
Source: GitHub Advisory Database
Blast Radius: 1.8
Published: over 2 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWptMzQteG04bS13OTU4
Open Redirect in oauth2_proxyEcosystems: go
Packages: github.com/bitly/oauth2_proxy
Source: GitHub Advisory Database
Blast Radius: 1.8
Published: over 2 years ago
Moderate
Ecosystems: go
Packages: github.com/docker/docker
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWc3djItMnF4eC13anJ3
Symlink Attack in Libcontainer and Docker EngineEcosystems: go
Packages: github.com/docker/docker
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
Moderate
Ecosystems: npm
Packages: koa-remove-trailing-slashes
Source: GitHub Advisory Database
Blast Radius: 4.9
Published: over 2 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXI3NzMtcG13My1mNG1y
Open Redirect in koa-remove-trailing-slashesEcosystems: npm
Packages: koa-remove-trailing-slashes
Source: GitHub Advisory Database
Blast Radius: 4.9
Published: over 2 years ago
Moderate
Ecosystems: pypi
Packages: tensorflow
Source: GitHub Advisory Database
Blast Radius: 30.7
Published: almost 3 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTljODQtNGh4Ni14bW00
Integer overflow in TFLite concatentationEcosystems: pypi
Packages: tensorflow
Source: GitHub Advisory Database
Blast Radius: 30.7
Published: almost 3 years ago
Moderate
Ecosystems: packagist
Packages: symfony/symfony, symfony/security, symfony/security-http, symfony/maker-bundle, lexik/jwt-authentication-bundle, symfony/security-core, symfony/security-guard
Source: GitHub Advisory Database
Blast Radius: 24.7
Published: about 3 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTVwdjgtcHB2ai00aDY4
Prevent user enumeration using Guard or the new Authenticator-based SecurityEcosystems: packagist
Packages: symfony/symfony, symfony/security, symfony/security-http, symfony/maker-bundle, lexik/jwt-authentication-bundle, symfony/security-core, symfony/security-guard
Source: GitHub Advisory Database
Blast Radius: 24.7
Published: about 3 years ago
Moderate
Ecosystems: go
Packages: github.com/kata-containers/runtime, github.com/kata-containers/agent
Source: GitHub Advisory Database
Blast Radius: 8.9
Published: over 2 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTY5Nzgtdmcyai1jYzlx
Improper Privilege Management and Execution with Unnecessary Privileges in Kata ContainersEcosystems: go
Packages: github.com/kata-containers/runtime, github.com/kata-containers/agent
Source: GitHub Advisory Database
Blast Radius: 8.9
Published: over 2 years ago
Moderate
Ecosystems: go
Packages: sigs.k8s.io/secrets-store-csi-driver
Source: GitHub Advisory Database
Blast Radius: 9.6
Published: over 2 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTVjZ3gtdmhmcC02Y2Y5
Directory traversal in Kubernetes Secrets Store CSI DriverEcosystems: go
Packages: sigs.k8s.io/secrets-store-csi-driver
Source: GitHub Advisory Database
Blast Radius: 9.6
Published: over 2 years ago
Moderate
Ecosystems: npm
Packages: react-native-fast-image
Source: GitHub Advisory Database
Blast Radius: 18.3
Published: about 3 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZ4aGctcTljOC1yajMy
Credential leak in react-native-fast-imageEcosystems: npm
Packages: react-native-fast-image
Source: GitHub Advisory Database
Blast Radius: 18.3
Published: about 3 years ago
Moderate
Ecosystems: npm
Packages: hosted-git-info
Source: GitHub Advisory Database
Blast Radius: 32.4
Published: about 3 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTQzZjgtMmgzMi1mNGNq
Regular Expression Denial of Service in hosted-git-infoEcosystems: npm
Packages: hosted-git-info
Source: GitHub Advisory Database
Blast Radius: 32.4
Published: about 3 years ago
Moderate
Ecosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Blast Radius: 19.5
Published: about 3 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTg2dnAteDNwci03OXJ4
Apache Airflow Cross-site scripting due to incomplete fix for CVE-2020-13944Ecosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Blast Radius: 19.5
Published: about 3 years ago
Moderate
Ecosystems: packagist
Packages: contao/core-bundle, contao/core, contao/contao
Source: GitHub Advisory Database
Blast Radius: 20.0
Published: over 2 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXBqNGotMjg3ai1mNzQy
Cross-site Scripting in ContaoEcosystems: packagist
Packages: contao/core-bundle, contao/core, contao/contao
Source: GitHub Advisory Database
Blast Radius: 20.0
Published: over 2 years ago
Moderate
Ecosystems: maven
Packages: org.springframework.cloud:spring-cloud-netflix
Source: GitHub Advisory Database
Blast Radius: 15.6
Published: about 3 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXFnY2ctcDN2Mi05aDRw
Externally Controlled Reference to a Resource in Another Sphere and Confused Deputy in Spring Cloud NetflixEcosystems: maven
Packages: org.springframework.cloud:spring-cloud-netflix
Source: GitHub Advisory Database
Blast Radius: 15.6
Published: about 3 years ago
Moderate
Ecosystems: maven
Packages: io.projectreactor.netty:reactor-netty-http
Source: GitHub Advisory Database
Blast Radius: 17.5
Published: over 2 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWdwY2gtaDMyai1neDZ4
Insufficiently Protected Credentials in Reactor NettyEcosystems: maven
Packages: io.projectreactor.netty:reactor-netty-http
Source: GitHub Advisory Database
Blast Radius: 17.5
Published: over 2 years ago
Moderate
Ecosystems: maven
Packages: com.vaadin:flow-client
Source: GitHub Advisory Database
Blast Radius: 10.9
Published: about 3 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZoZ3ItMmc2cS0zcm1j
Server session is not invalidated when logout() helper method of Authentication module is used in Vaadin 18-19Ecosystems: maven
Packages: com.vaadin:flow-client
Source: GitHub Advisory Database
Blast Radius: 10.9
Published: about 3 years ago
Moderate
Ecosystems: npm
Packages: @absolunet/kafe
Source: GitHub Advisory Database
Blast Radius: 1.6
Published: about 3 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWhncGYtOTdjNS03NGZj
Regular expression denial of service in @absolunet/kafeEcosystems: npm
Packages: @absolunet/kafe
Source: GitHub Advisory Database
Blast Radius: 1.6
Published: about 3 years ago
Moderate
Ecosystems: packagist
Packages: tribalsystems/zenario
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 3 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLThoY20tamo0eC00Z21y
reflected XSS in tribalsystems/zenarioEcosystems: packagist
Packages: tribalsystems/zenario
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 3 years ago
Moderate
Ecosystems: maven
Packages: com.vaadin:flow-server
Source: GitHub Advisory Database
Blast Radius: 12.4
Published: about 3 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTQ5cjItNzNtNi1wcDhm
Directory traversal in development mode handler in Vaadin 14 and 15-17Ecosystems: maven
Packages: com.vaadin:flow-server
Source: GitHub Advisory Database
Blast Radius: 12.4
Published: about 3 years ago
Moderate
Ecosystems: maven
Packages: com.vaadin:vaadin-server, com.vaadin:vaadin-bom
Source: GitHub Advisory Database
Blast Radius: 19.7
Published: about 3 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXE3NHItNHh3My1wcHg5
Stored cross-site scripting in Grid component in Vaadin 7 and 8Ecosystems: maven
Packages: com.vaadin:vaadin-server, com.vaadin:vaadin-bom
Source: GitHub Advisory Database
Blast Radius: 19.7
Published: about 3 years ago
Moderate
Ecosystems: maven
Packages: com.vaadin:vaadin-server, com.vaadin:vaadin-bom
Source: GitHub Advisory Database
Blast Radius: 14.6
Published: about 3 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTc1eGMtcXZ4aC0yN2Y4
Timing side channel vulnerability in UIDL request handler in Vaadin 7 and 8Ecosystems: maven
Packages: com.vaadin:vaadin-server, com.vaadin:vaadin-bom
Source: GitHub Advisory Database
Blast Radius: 14.6
Published: about 3 years ago
Moderate
Ecosystems: npm
Packages: jose-node-cjs-runtime
Source: GitHub Advisory Database
Blast Radius: 4.1
Published: about 3 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJ2Y3ctZjY4dy04aDho
Padding Oracle Attack due to Observable Timing Discrepancy in jose-node-cjs-runtimeEcosystems: npm
Packages: jose-node-cjs-runtime
Source: GitHub Advisory Database
Blast Radius: 4.1
Published: about 3 years ago
Moderate
Ecosystems: maven
Packages: org.apache.solr:solr-parent
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTI0NjctaDM2NS1qN2ht
Improper Input Validation in Apache SolrEcosystems: maven
Packages: org.apache.solr:solr-parent
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
Moderate
Ecosystems: packagist
Packages: shopware/production
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 3 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTNwY3ItNDk4Mi01NDht
Exposure of .env if project root is configured as web root in shopware/productionEcosystems: packagist
Packages: shopware/production
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 3 years ago
Moderate
Ecosystems: pypi
Packages: invenio-records
Source: GitHub Advisory Database
Blast Radius: 11.0
Published: almost 5 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZ4aDMtbXZ2Ny0yNjVq
Cross-site scripting invenio-recordsEcosystems: pypi
Packages: invenio-records
Source: GitHub Advisory Database
Blast Radius: 11.0
Published: almost 5 years ago
Moderate
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 8.9
Published: about 3 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTV3cmgtNGp3di01dzc4
Open redirect via transitional IPv6 addresses on dual-stack networksEcosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 8.9
Published: about 3 years ago
Moderate
Ecosystems: npm
Packages: jspdf
Source: GitHub Advisory Database
Blast Radius: 26.5
Published: about 3 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTNxNmYtOGdyeC1wcjR2
Cross-site scripting in jspdfEcosystems: npm
Packages: jspdf
Source: GitHub Advisory Database
Blast Radius: 26.5
Published: about 3 years ago
Moderate
Ecosystems: maven
Packages: org.wso2.transport.http:org.wso2.transport.http.netty
Source: GitHub Advisory Database
Blast Radius: 11.2
Published: over 2 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJ2cGMtdzU3cC1xOTVm
HTTP Response Splitting in WSO2 transport-httpEcosystems: maven
Packages: org.wso2.transport.http:org.wso2.transport.http.netty
Source: GitHub Advisory Database
Blast Radius: 11.2
Published: over 2 years ago
Moderate
Ecosystems: maven
Packages: org.apache.druid:druid
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXFoMmctN2g1cC1teGY0
Credentials bypass in Apache DruidEcosystems: maven
Packages: org.apache.druid:druid
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
Moderate
Ecosystems: nuget
Packages: Microsoft.AspNetCore.Mvc.WebApiCompatShim, Microsoft.AspNetCore.Mvc.ViewFeatures, Microsoft.AspNetCore.Mvc.TagHelpers, Microsoft.AspNetCore.Mvc.Razor, Microsoft.AspNetCore.Mvc.Razor.Host, Microsoft.AspNetCore.Mvc.Localization, Microsoft.AspNetCore.Mvc.Formatters.Xml, Microsoft.AspNetCore.Mvc.Formatters.Json, Microsoft.AspNetCore.Mvc.DataAnnotations, Microsoft.AspNetCore.Mvc.Cors, Microsoft.AspNetCore.Mvc.ApiExplorer, Microsoft.AspNetCore.Mvc.Abstractions, System.Net.WebSockets.Client, System.Net.Security, System.Net.Http.WinHttpHandler, System.Text.Encodings.Web, System.Net.Http, Microsoft.AspNetCore.Mvc.Core, Microsoft.AspNetCore.Mvc
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 5 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWNoNnAtNGpjbS1oOHZo
Moderate severity vulnerability that affects Microsoft.AspNetCore.Mvc and Microsoft.AspNetCore.Mvc.CoreEcosystems: nuget
Packages: Microsoft.AspNetCore.Mvc.WebApiCompatShim, Microsoft.AspNetCore.Mvc.ViewFeatures, Microsoft.AspNetCore.Mvc.TagHelpers, Microsoft.AspNetCore.Mvc.Razor, Microsoft.AspNetCore.Mvc.Razor.Host, Microsoft.AspNetCore.Mvc.Localization, Microsoft.AspNetCore.Mvc.Formatters.Xml, Microsoft.AspNetCore.Mvc.Formatters.Json, Microsoft.AspNetCore.Mvc.DataAnnotations, Microsoft.AspNetCore.Mvc.Cors, Microsoft.AspNetCore.Mvc.ApiExplorer, Microsoft.AspNetCore.Mvc.Abstractions, System.Net.WebSockets.Client, System.Net.Security, System.Net.Http.WinHttpHandler, System.Text.Encodings.Web, System.Net.Http, Microsoft.AspNetCore.Mvc.Core, Microsoft.AspNetCore.Mvc
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 5 years ago
Moderate
Ecosystems: pypi
Packages: ansible
Source: GitHub Advisory Database
Blast Radius: 20.8
Published: about 3 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWc0bXEtNmZwNS1xd2Nm
Exposure of Resource to Wrong Sphere and Insecure Temporary File in AnsibleEcosystems: pypi
Packages: ansible
Source: GitHub Advisory Database
Blast Radius: 20.8
Published: about 3 years ago
Moderate
Ecosystems: pypi
Packages: ansible
Source: GitHub Advisory Database
Blast Radius: 23.3
Published: about 3 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWZyeGotNWoyNy1mOHJm
Externally Controlled Reference to a Resource in Another Sphere, Improper Input Validation, and External Control of File Name or Path in AnsibleEcosystems: pypi
Packages: ansible
Source: GitHub Advisory Database
Blast Radius: 23.3
Published: about 3 years ago
Moderate
Ecosystems: pypi
Packages: ansible
Source: GitHub Advisory Database
Blast Radius: 20.8
Published: over 2 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZwOWotcmdocS04amho
Exposure of Resource to Wrong Sphere and Insecure Temporary File in AnsibleEcosystems: pypi
Packages: ansible
Source: GitHub Advisory Database
Blast Radius: 20.8
Published: over 2 years ago
Moderate
Ecosystems: npm
Packages: is-my-json-valid
Source: GitHub Advisory Database
Blast Radius: 29.5
Published: over 2 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTRocGYtM3dxNy01cnBy
Regular expression deinal of service (ReDoS) in is-my-json-validEcosystems: npm
Packages: is-my-json-valid
Source: GitHub Advisory Database
Blast Radius: 29.5
Published: over 2 years ago
Moderate
Ecosystems: npm
Packages: portprocesses
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 3 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZtNjctN3ZtZy02NnZt
Arbitrary Command Injection in portprocessesEcosystems: npm
Packages: portprocesses
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 3 years ago
Moderate
Ecosystems: packagist
Packages: prestashop/ps_emailsubscription
Source: GitHub Advisory Database
Blast Radius: 11.2
Published: about 3 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZ3ZngtaGgzdy1majk5
Potential XSS injection in the newsletter conditions fieldEcosystems: packagist
Packages: prestashop/ps_emailsubscription
Source: GitHub Advisory Database
Blast Radius: 11.2
Published: about 3 years ago
Moderate
Ecosystems: maven
Packages: org.apache.nifi:nifi-parameter
Source: GitHub Advisory Database
Blast Radius: 9.7
Published: over 2 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXc0ZmotY2NyNi03cGNw
Apache NiFi Insertion of Sensitive Information into Log FileEcosystems: maven
Packages: org.apache.nifi:nifi-parameter
Source: GitHub Advisory Database
Blast Radius: 9.7
Published: over 2 years ago
Moderate
Ecosystems: npm
Packages: @theia/console
Source: GitHub Advisory Database
Blast Radius: 13.9
Published: about 3 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWN3ZzktYzljci1wNWZx
Improper Neutralization of Input in Theia consoleEcosystems: npm
Packages: @theia/console
Source: GitHub Advisory Database
Blast Radius: 13.9
Published: about 3 years ago
Moderate
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 7.6
Published: about 3 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXgyanAtaGg2NS00eHZm
Cross-site scripting (XSS) and Server side request forgery (SSRF) in moodleEcosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 7.6
Published: about 3 years ago
Moderate
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 9.2
Published: about 3 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTdoOHYtMnY4eC1oMjY0
SQL Injection in moodleEcosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 9.2
Published: about 3 years ago
Moderate
Ecosystems: maven
Packages: com.netflix.hollow:hollow
Source: GitHub Advisory Database
Blast Radius: 4.7
Published: about 3 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTkyOTUtbWhmMy12MzNt
Insecure temporary file in Netflix OSS HollowEcosystems: maven
Packages: com.netflix.hollow:hollow
Source: GitHub Advisory Database
Blast Radius: 4.7
Published: about 3 years ago
Moderate
Ecosystems: packagist
Packages: typo3/cms, typo3/cms-core, typo3/cms-form
Source: GitHub Advisory Database
Blast Radius: 17.9
Published: about 3 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXg3OWotd2dxdi1nOGgy
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in typo3/cms-formEcosystems: packagist
Packages: typo3/cms, typo3/cms-core, typo3/cms-form
Source: GitHub Advisory Database
Blast Radius: 17.9
Published: about 3 years ago
Moderate
Ecosystems: packagist
Packages: typo3/cms, typo3/cms-core, typo3/cms-backend
Source: GitHub Advisory Database
Blast Radius: 19.4
Published: about 3 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWZqaDMtZzhncS05cTky
Cross-Site Scripting in Content PreviewEcosystems: packagist
Packages: typo3/cms, typo3/cms-core, typo3/cms-backend
Source: GitHub Advisory Database
Blast Radius: 19.4
Published: about 3 years ago
Moderate
Ecosystems: maven
Packages: com.thoughtworks.xstream:xstream
Source: GitHub Advisory Database
Blast Radius: 26.9
Published: about 3 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTRocm0tbTY3di01Y3hy
XStream is vulnerable to an Arbitrary Code Execution attackEcosystems: maven
Packages: com.thoughtworks.xstream:xstream
Source: GitHub Advisory Database
Blast Radius: 26.9
Published: about 3 years ago
Moderate
Ecosystems: maven
Packages: com.thoughtworks.xstream:xstream
Source: GitHub Advisory Database
Blast Radius: 23.4
Published: about 3 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTc0Y3YtZjU4eC1mOXdm
XStream is vulnerable to an Arbitrary File Deletion on the local host when unmarshalling as long as the executing process has sufficient rightsEcosystems: maven
Packages: com.thoughtworks.xstream:xstream
Source: GitHub Advisory Database
Blast Radius: 23.4
Published: about 3 years ago
Statistics
Advisories: 18,774
Packages: 8,381
Repositories: 2,494
Ecosystems: 12
Packages: 8,381
Repositories: 2,494
Ecosystems: 12
Filter by Severity
Filter by Ecosystem
Filter by Package
moodle/moodle
247
tensorflow
207
tensorflow-cpu
191
tensorflow-gpu
190
org.jenkins-ci.main:jenkins-core
114
magento/community-edition
106
org.apache.tomcat:tomcat
92
pimcore/pimcore
86
typo3/cms
66
microweber/microweber
62
django
54
typo3/cms-core
54
dolibarr/dolibarr
53
apache-airflow
52
phpmyadmin/phpmyadmin
50
drupal/core
46
thorsten/phpmyfaq
45
github.com/usememos/memos
42
actionpack
42
apache-superset
40
drupal/drupal
38
plone
35
concrete5/concrete5
34
showdoc/showdoc
34
github.com/grafana/grafana
33
Plone
32
librenms/librenms
32
ansible
31
nova
31
org.keycloak:keycloak-core
31
github.com/mattermost/mattermost-server/v6
30
moin
27
github.com/mattermost/mattermost/server/v8
27
intelliants/subrion
27
symfony/symfony
27
craftcms/cms
26
silverstripe/framework
25
com.liferay.portal:release.portal.bom
25
snipe/snipe-it
24
org.elasticsearch:elasticsearch
24
baserproject/basercms
22
github.com/answerdev/answer
21
org.apache.struts:struts2-core
20
k8s.io/kubernetes
20
grumpydictator/firefly-iii
19
shopware/platform
18
shopware/shopware
18
rdiffweb
18
froxlor/froxlor
18
matrix-synapse
18
remdex/livehelperchat
18
mediawiki/core
18
nilsteampassnet/teampass
18
getkirby/cms
17
keystone
17
org.apache.tomcat.embed:tomcat-embed-core
16
prestashop/prestashop
15
github.com/argoproj/argo-cd/v2
15
vyper
15
tribalsystems/zenario
14
puppet
14
Django
14
salt
14
glance
14
nokogiri
14
yetiforce/yetiforce-crm
14
mautic/core
13
org.keycloak:keycloak-services
13
forkcms/forkcms
13
org.xwiki.platform:xwiki-platform-oldcore
13
github.com/docker/docker
13
io.undertow:undertow-core
13
Pillow
13
com.jfinal:jfinal
13
shopware/core
13
tinymce
12
github.com/goharbor/harbor
12
org.apache.solr:solr-core
12
github.com/hashicorp/consul
12
org.apache.jspwiki:jspwiki-main
12
com.thoughtworks.xstream:xstream
12
neutron
12
github.com/hashicorp/vault
12
github.com/hashicorp/nomad
11
lavalite/cms
11
DotNetNuke.Core
11
pyftpdlib
11
feehi/feehicms
11
github.com/cilium/cilium
11
genix/cms
11
org.bouncycastle:bcprov-jdk14
11
getgrav/grav
11
github.com/argoproj/argo-cd
11
directus
11
org.keycloak:keycloak-parent
11
@openzeppelin/contracts
10
org.eclipse.jetty:jetty-server
10
notebook
10
github.com/ethereum/go-ethereum
10
ec-cube/ec-cube
10
rack
10
org.springframework.security:spring-security-core
10
github.com/greenpau/caddy-security
10
org.bouncycastle:bcprov-jdk15on
10
fat_free_crm
10
github.com/mattermost/mattermost-server
10
@openzeppelin/contracts-upgradeable
10
contao/core-bundle
10
org.apache.jspwiki:jspwiki-war
10
org.apache.nifi:nifi
10
wallabag/wallabag
10
francoisjacquet/rosariosis
10
com.vaadin:vaadin-bom
10
typo3/cms-backend
10
activesupport
10
joplin
10
github.com/containerd/containerd
10
org.springframework:spring-core
10
PaddlePaddle
10
helm.sh/helm/v3
10
swagger-ui
9
roundup
9
TinyMCE
9
org.igniterealtime.openfire:parent
9
org.mortbay.jetty:jetty
9
cakephp/cakephp
9
org.jenkins-ci.plugins:git
9
org.opencrx:opencrx-core-models
9
ghost
9
zendframework/zendframework1
9
gogs.io/gogs
9
angular
9
bolt/bolt
9
publify_core
9
rubygems-update
9
org.jenkins-ci.plugins:script-security
9
horizon
9
ckeditor4
9
tinymce/tinymce
9
code.gitea.io/gitea
9
github.com/openfga/openfga
8
org.apache.activemq:activemq-client
8
wasmtime
8
org.apache.archiva:archiva
8
electron
8
simplesamlphp/simplesamlphp
8
rails-html-sanitizer
8
jquery-rails
8
github.com/kubeedge/kubeedge
8
opencv-python
8
bootstrap
8
org.opencms:opencms-core
8
laravel/framework
8
org.jenkins-ci.plugins:electricflow
8
editor.md
8
rails
8
sylius/sylius
8
contao/contao
8
silverstripe/cms
8
centreon/centreon
8
opencv-contrib-python
8
Microsoft.ChakraCore
8
impresscms/impresscms
8
actionview
8
io.jenkins:configuration-as-code
7
github.com/moby/moby
7
modoboa
7
com.vaadin:flow-server
7
pyload-ng
7
silverstripe/admin
7
trytond
7
phpbb/phpbb
7
admidio/admidio
7
aiohttp
7
validator
7
org.apache.cxf:cxf-core
7
org.opennms:opennms
7
kevinpapst/kimai2
7
io.jenkins.blueocean:blueocean
7
pillow
7
wagtail
7
org.apache.santuario:xmlsec
7
org.bouncycastle:bcprov-jdk15
7
jquery-ui
7
jquery-ui-rails
7
org.bouncycastle:bcprov-jdk15to18
7
org.webjars.npm:jquery-ui
7
jQuery.UI.Combined
7
github.com/google/fscrypt
7
org.owasp.antisamy:antisamy
7
org.jenkins-ci.plugins:subversion
7
phpmyfaq/phpmyfaq
7
activerecord
7
next
7
org.jenkins-ci.plugins:email-ext
7
OctoPrint
7
org.apache.james:james-server
7
github.com/1Panel-dev/1Panel
7
swift
7
vantage6
7
Filter by Repository
https://github.com/tensorflow/tensorflow
207
https://github.com/moodle/moodle
164
https://github.com/jenkinsci/jenkins
90
https://github.com/pimcore/pimcore
83
https://github.com/microweber/microweber
58
https://github.com/django/django
57
https://github.com/apache/tomcat
53
https://github.com/apache/airflow
51
https://github.com/thorsten/phpmyfaq
45
https://github.com/usememos/memos
42
https://github.com/xwiki/xwiki-platform
38
https://github.com/TYPO3/typo3
35
https://github.com/kubernetes/kubernetes
33
https://github.com/rails/rails
33
https://github.com/star7th/showdoc
32
https://github.com/librenms/librenms
30
https://github.com/plone/Products.CMFPlone
29
https://github.com/grafana/grafana
29
https://github.com/keycloak/keycloak
27
https://github.com/ansible/ansible
26
https://github.com/phpmyadmin/phpmyadmin
22
https://github.com/symfony/symfony
22
https://github.com/spring-projects/spring-framework
21
https://github.com/craftcms/cms
21
https://github.com/answerdev/answer
21
https://github.com/openstack/nova
21
https://github.com/Dolibarr/dolibarr
21
https://github.com/snipe/snipe-it
20
https://github.com/apache/activemq
19
https://github.com/argoproj/argo-cd
19
https://github.com/concretecms/concretecms
19
https://github.com/firefly-iii/firefly-iii
19
https://github.com/ikus060/rdiffweb
18
https://github.com/python-pillow/Pillow
18
https://github.com/livehelperchat/livehelperchat
18
https://github.com/matrix-org/synapse
17
https://github.com/shopware/platform
17
https://github.com/apache/struts
17
https://github.com/magento/magento2
16
https://github.com/shopware/shopware
16
https://github.com/vyperlang/vyper
15
https://github.com/openstack/keystone
15
https://github.com/CVEProject/cvelist
15
https://github.com/PaddlePaddle/Paddle
14
https://github.com/froxlor/froxlor
14
https://github.com/yetiforcecompany/yetiforcecrm
14
https://github.com/OpenNMS/opennms
14
https://github.com/TYPO3/TYPO3.CMS
14
https://github.com/go-gitea/gitea
13
https://github.com/octobercms/october
13
https://github.com/getkirby/kirby
13
https://github.com/x-stream/xstream
13
https://github.com/mautic/mautic
13
https://github.com/goharbor/harbor
12
https://github.com/netty/netty
12
https://github.com/PrestaShop/PrestaShop
12
https://github.com/tinymce/tinymce
12
https://github.com/apache/cxf
12
https://github.com/contao/contao
11
https://github.com/intelliants/subrion
11
https://github.com/forkcms/forkcms
11
https://github.com/silverstripe/silverstripe-framework
11
https://github.com/cilium/cilium
11
https://github.com/saltstack/salt
10
https://github.com/laurent22/joplin
10
https://github.com/ethereum/go-ethereum
10
https://github.com/moby/moby
10
https://github.com/liufee/cms
10
https://github.com/baserproject/basercms
10
https://github.com/nilsteampassnet/TeamPass
10
https://github.com/OpenZeppelin/openzeppelin-contracts
10
https://github.com/vaadin/platform
10
https://github.com/helm/helm
10
https://github.com/greenpau/caddy-security
10
https://github.com/containerd/containerd
10
https://github.com/mattermost/mattermost
10
https://github.com/directus/directus
10
https://github.com/github/advisory-database
9
https://github.com/strapi/strapi
9
https://github.com/electron/electron
9
https://github.com/geoserver/geoserver
9
https://github.com/fatfreecrm/fat_free_crm
9
https://github.com/apache/nifi
9
https://github.com/publify/publify
9
https://github.com/jquery/jquery
9
https://github.com/puppetlabs/puppet
9
https://github.com/sparklemotion/nokogiri
9
https://github.com/jenkinsci/git-plugin
9
https://github.com/getgrav/grav
8
https://github.com/pandao/editor.md
8
https://github.com/LavaLite/cms
8
https://github.com/openfga/openfga
8
https://github.com/swagger-api/swagger-ui
8
https://github.com/eclipse/jetty.project
8
https://github.com/ckeditor/ckeditor4
8
https://github.com/bcgit/bc-java
8
https://github.com/rails/rails-html-sanitizer
8
https://github.com/TryGhost/Ghost
8
https://github.com/openstack/glance
8
https://github.com/hashicorp/consul
8
https://github.com/rack/rack
8
https://github.com/rubygems/rubygems
8
https://github.com/bytecodealliance/wasmtime
8
https://github.com/wallabag/wallabag
8
https://github.com/nilsteampassnet/teampass
8
https://github.com/kubeedge/kubeedge
8
https://github.com/jupyter/notebook
8
https://github.com/twbs/bootstrap
7
https://github.com/aio-libs/aiohttp
7
https://github.com/vaadin/flow
7
https://github.com/pyload/pyload
7
https://github.com/nahsra/antisamy
7
https://github.com/opencv/opencv
7
https://github.com/dolibarr/dolibarr
7
https://github.com/hashicorp/vault
7
https://github.com/laravel/framework
7
https://github.com/traefik/traefik
7
https://github.com/wagtail/wagtail
7
https://github.com/scrapy/scrapy
7
https://github.com/apache/zeppelin
7
https://github.com/dotnet/runtime
7
https://github.com/openstack/horizon
7
https://github.com/chakra-core/ChakraCore
7
https://github.com/jeecgboot/jeecg-boot
7
https://github.com/vantage6/vantage6
7
https://github.com/thorsten/phpMyFAQ
7
https://github.com/jenkinsci/blueocean-plugin
7
https://github.com/modoboa/modoboa
7
https://github.com/google/fscrypt
7
https://github.com/1Panel-dev/1Panel
7
https://github.com/gogs/gogs
7
https://github.com/kevinpapst/kimai2
7
https://github.com/giampaolo/pyftpdlib
7
https://github.com/cui2shark/security
6
https://github.com/parse-community/parse-server
6
https://github.com/opensearch-project/security
6
https://github.com/neorazorx/facturascripts
6
https://github.com/ipython/ipython
6
https://github.com/cloudflare/cfrpki
6
https://github.com/jenkinsci/configuration-as-code-plugin
6
https://github.com/pimcore/customer-data-framework
6
https://github.com/jenkinsci/config-file-provider-plugin
6
https://github.com/opencast/opencast
6
https://github.com/panva/jose
6
https://github.com/igniterealtime/Openfire
6
https://github.com/croogo/croogo
6
https://github.com/backstage/backstage
6
https://github.com/jenkinsci/fortify-on-demand-uploader-plugin
6
https://github.com/jquery/jquery-ui
6
https://github.com/urllib3/urllib3
6
https://github.com/dompdf/dompdf
6
https://github.com/containers/podman
6
https://github.com/d4wner/Vulnerabilities-Report
6
https://github.com/umbraco/Umbraco-CMS
6
https://github.com/pimcore/admin-ui-classic-bundle
6
https://github.com/onionshare/onionshare
6
https://github.com/cubefs/cubefs
6
https://github.com/faucetsdn/ryu
6
https://github.com/simplesamlphp/simplesamlphp
6
https://github.com/oroinc/orocommerce
6
https://github.com/jenkinsci/script-security-plugin
6
https://github.com/Sylius/Sylius
6
https://github.com/nocodb/nocodb
6
https://github.com/OctoPrint/OctoPrint
5
https://github.com/cosmos/cosmos-sdk
5
https://github.com/cri-o/cri-o
5
https://github.com/rancher/rancher
5
https://github.com/sulu/sulu
5
https://github.com/opencontainers/runc
5
https://github.com/pmmp/PocketMine-MP
5
https://github.com/cloudfoundry/uaa
5
https://github.com/hashicorp/nomad
5
https://github.com/lief-project/LIEF
5
https://github.com/admidio/admidio
5
https://github.com/unshiftio/url-parse
5
https://github.com/hyperium/hyper
5
https://github.com/puma/puma
5
https://github.com/apache/superset
5
https://github.com/mantisbt/mantisbt
5
https://github.com/etcd-io/etcd
5
https://github.com/paritytech/frontier
5
https://github.com/gradio-app/gradio
5
https://github.com/nervosnetwork/ckb
5
https://github.com/cakephp/cakephp
5
https://github.com/evershopcommerce/evershop
5
https://github.com/NodeBB/NodeBB
5
https://github.com/TribalSystems/Zenario
5
https://github.com/kivikakk/comrak
5
https://github.com/jenkinsci/codedx-plugin
5
https://github.com/alextselegidis/easyappointments
5
https://github.com/apache/tika
5
https://bitbucket.org/snakeyaml/snakeyaml
5
https://github.com/bolt/bolt
5
https://github.com/zitadel/zitadel
5
https://github.com/jenkinsci/subversion-plugin
5
https://github.com/lxml/lxml
5
https://github.com/xuxueli/xxl-job
5
https://github.com/yiisoft/yii2
5
https://github.com/apache/dolphinscheduler
5