Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Critical Security Advisories
Loading...
Critical
Ecosystems: maven
Packages: org.jenkins-ci.plugins.workflow:workflow-cps
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
GSA_kwCzR0hTQS1tcWMyLXc5cjgtbW14bc4AAvde
Jenkins Pipeline: Groovy Plugin allows sandbox protection bypass and arbitrary code executionEcosystems: maven
Packages: org.jenkins-ci.plugins.workflow:workflow-cps
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Critical
Ecosystems: maven
Packages: org.jenkins-ci.plugins:ontrack
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
GSA_kwCzR0hTQS1xdzI4LWc2M20tanhxds4AAgeF
Sandbox bypass in ontrack Jenkins PluginEcosystems: maven
Packages: org.jenkins-ci.plugins:ontrack
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Critical
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-wiki-ui-mainwiki
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
GSA_kwCzR0hTQS13N3Y5LWZjNDktNHFnNM4AAyuq
org.xwiki.platform:xwiki-platform-wiki-ui-mainwiki Eval Injection vulnerabilityEcosystems: maven
Packages: org.xwiki.platform:xwiki-platform-wiki-ui-mainwiki
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Critical
Ecosystems: npm
Packages: safe-eval
Source: GitHub Advisory Database
Blast Radius: 34.4
Published: about 1 year ago
GSA_kwCzR0hTQS03OXhmLTY3cjQtcTJqas4AAyqY
safe-eval vulnerable to Sandbox Bypass due to improper input sanitizationEcosystems: npm
Packages: safe-eval
Source: GitHub Advisory Database
Blast Radius: 34.4
Published: about 1 year ago
Critical
Ecosystems: pypi
Packages: Radicale
Source: GitHub Advisory Database
Blast Radius: 14.8
Published: almost 2 years ago
GSA_kwCzR0hTQS04NGN3LW14aHYtcXZ2NM4AAdCH
Radicale is vulnerable to directory traversal on Windows Filesystem Storage Backend componentEcosystems: pypi
Packages: Radicale
Source: GitHub Advisory Database
Blast Radius: 14.8
Published: almost 2 years ago
Critical
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-panels-ui
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
GSA_kwCzR0hTQS1xeGpnLWpoZ3ctcWhyds4AAyAC
org.xwiki.platform:xwiki-platform-panels-ui vulnerable to Eval InjectionEcosystems: maven
Packages: org.xwiki.platform:xwiki-platform-panels-ui
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Critical
Ecosystems: npm
Packages: total4
Source: GitHub Advisory Database
Blast Radius: 28.1
Published: almost 2 years ago
GSA_kwCzR0hTQS12Mjg3LTl3M3YteDVjNc4AAh-W
Total.js CMS RCE VulnerabilityEcosystems: npm
Packages: total4
Source: GitHub Advisory Database
Blast Radius: 28.1
Published: almost 2 years ago
Critical
Ecosystems: packagist
Packages: craftcms/cms
Source: GitHub Advisory Database
Blast Radius: 34.4
Published: 8 months ago
GSA_kwCzR0hTQS00dzhyLTN4cnctdjI1Z84AA12q
Craft CMS Remote Code Execution vulnerabilityEcosystems: packagist
Packages: craftcms/cms
Source: GitHub Advisory Database
Blast Radius: 34.4
Published: 8 months ago
Critical
Ecosystems: npm
Packages: safe-eval
Source: GitHub Advisory Database
Blast Radius: 34.4
Published: about 1 year ago
GSA_kwCzR0hTQS1oY2czLTU2amYteDR2aM4AAyqc
safe-eval vulnerable to Prototype Pollution via the safeEval functionEcosystems: npm
Packages: safe-eval
Source: GitHub Advisory Database
Blast Radius: 34.4
Published: about 1 year ago
Critical
Ecosystems: npm
Packages: xml-crypto
Source: GitHub Advisory Database
Blast Radius: 38.7
Published: 4 days ago
GSA_kwCzR0hTQS0yeHAzLTU3cDctcWY0ds4AA7eK
xml-crypto vulnerable to XML signature verification bypass due improper verification of signature/signature spoofingEcosystems: npm
Packages: xml-crypto
Source: GitHub Advisory Database
Blast Radius: 38.7
Published: 4 days ago
Critical
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-skin-ui
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 10 months ago
GSA_kwCzR0hTQS1oNHZwLTY5cjgtZ3ZqZ84AA0t7
org.xwiki.platform:xwiki-platform-skin-ui Eval Injection vulnerabilityEcosystems: maven
Packages: org.xwiki.platform:xwiki-platform-skin-ui
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 10 months ago
Critical
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-icon-ui
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
GSA_kwCzR0hTQS01ajdnLWNmNnItZzJoN84AAv_R
Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') in xwiki-platform-icon-uiEcosystems: maven
Packages: org.xwiki.platform:xwiki-platform-icon-ui
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Critical
Ecosystems: npm
Packages: @vrite/sdk
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 7 months ago
GSA_kwCzR0hTQS13MzVwLXd4d2otcmNtOc4AA2bq
Server-Side Request Forgery (SSRF) in vriteio/vriteEcosystems: npm
Packages: @vrite/sdk
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 7 months ago
Critical
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-legacy-oldcore, org.xwiki.platform:xwiki-platform-oldcore
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
GSA_kwCzR0hTQS0zNzM4LXA5eDMtbXY5cs4AAx7O
XWiki Platform vulnerable to privilege escalation via properties with wiki syntax that are executed with wrong authorEcosystems: maven
Packages: org.xwiki.platform:xwiki-platform-legacy-oldcore, org.xwiki.platform:xwiki-platform-oldcore
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Critical
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 14.1
Published: almost 2 years ago
GSA_kwCzR0hTQS1qcDRnLXI4YzktMzUzNM4AAQ5D
Moodle Blind SSRF Risk in /badges/mybackpack.phpEcosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 14.1
Published: almost 2 years ago
Critical
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-oldcore
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
GSA_kwCzR0hTQS14NzY0LWZmOHItOWhweM4AAy56
XWiki Platform vulnerable to code injection in display method used in user profilesEcosystems: maven
Packages: org.xwiki.platform:xwiki-platform-oldcore
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Critical
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-administration-ui
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 5 months ago
GSA_kwCzR0hTQS1xajg2LXA3NHItN3dwNc4AA32-
Remote code execution/programming rights with configuration section from any user accountEcosystems: maven
Packages: org.xwiki.platform:xwiki-platform-administration-ui
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 5 months ago
Critical
Ecosystems: maven
Packages: org.neo4j.procedure:apoc
Source: GitHub Advisory Database
Blast Radius: 16.4
Published: over 5 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXIycHAteDRtbS00OTk5
XML External Entity (XXE) vulnerability in neo4j.procedure:apocEcosystems: maven
Packages: org.neo4j.procedure:apoc
Source: GitHub Advisory Database
Blast Radius: 16.4
Published: over 5 years ago
Critical
Ecosystems: pypi
Packages: mlflow
Source: GitHub Advisory Database
Blast Radius: 37.1
Published: 6 months ago
GSA_kwCzR0hTQS1mNzk4LXFtNHItMjNyNc4AA3ON
MLflow allowed arbitrary files to be PUT onto the serverEcosystems: pypi
Packages: mlflow
Source: GitHub Advisory Database
Blast Radius: 37.1
Published: 6 months ago
Critical
Ecosystems: packagist
Packages: flarum/core
Source: GitHub Advisory Database
Blast Radius: 31.1
Published: almost 3 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTVxanEtNjl3Ni1mZzU3
XSS vulnerability with translatorEcosystems: packagist
Packages: flarum/core
Source: GitHub Advisory Database
Blast Radius: 31.1
Published: almost 3 years ago
Critical
Ecosystems: packagist
Packages: dompdf/dompdf
Source: GitHub Advisory Database
Blast Radius: 43.4
Published: about 1 year ago
GSA_kwCzR0hTQS01NmdqLW12aDYtcnA3Nc4AAxd4
URI validation failure on SVG parsing. Bypass of CVE-2023-23924Ecosystems: packagist
Packages: dompdf/dompdf
Source: GitHub Advisory Database
Blast Radius: 43.4
Published: about 1 year ago
Critical
Ecosystems: go
Packages: github.com/argoproj/argo-cd
Source: GitHub Advisory Database
Blast Radius: 14.9
Published: about 2 years ago
GSA_kwCzR0hTQS0yZjV2LThyM2YtOHB3d801hA
Improper access control allows admin privilege escalation in Argo CDEcosystems: go
Packages: github.com/argoproj/argo-cd
Source: GitHub Advisory Database
Blast Radius: 14.9
Published: about 2 years ago
Critical
Ecosystems: maven
Packages: org.springframework.cloud:spring-cloud-gateway
Source: GitHub Advisory Database
Blast Radius: 18.4
Published: about 2 years ago
GSA_kwCzR0hTQS0zZ3g5LTM3d3ctOXF3Ns0v8w
Spring Cloud Gateway vulnerable to Code Injection when Gateway Actuator endpoint enabled, exposed, unsecuredEcosystems: maven
Packages: org.springframework.cloud:spring-cloud-gateway
Source: GitHub Advisory Database
Blast Radius: 18.4
Published: about 2 years ago
Critical
Ecosystems: maven
Packages: io.fabric8.pipeline:kubernetes-pipeline-arquillian-steps
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
GSA_kwCzR0hTQS1mNDZwLXE2amgtMjI2bc4AAiIP
Incorrect Authorization in Jenkins Kubernetes :: Pipeline :: Arquillian Steps PluginEcosystems: maven
Packages: io.fabric8.pipeline:kubernetes-pipeline-arquillian-steps
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Critical
Ecosystems: npm
Packages: parse-server
Source: GitHub Advisory Database
Blast Radius: 30.8
Published: 2 months ago
GSA_kwCzR0hTQS02OTI3LTN2cjktZnhmMs4AA5sK
ZDI-CAN-19105: Parse Server literalizeRegexPart SQL InjectionEcosystems: npm
Packages: parse-server
Source: GitHub Advisory Database
Blast Radius: 30.8
Published: 2 months ago
Critical
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-tag-ui, org.xwiki.platform.applications:xwiki-application-tag
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
GSA_kwCzR0hTQS0yZzVjLTIyOGotcDUyeM4AAu1c
XWiki Platform Applications Tag and XWiki Platform Tag UI vulnerable to Eval InjectionEcosystems: maven
Packages: org.xwiki.platform:xwiki-platform-tag-ui, org.xwiki.platform.applications:xwiki-application-tag
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Critical
Ecosystems: npm
Packages: @openzeppelin/contracts
Source: GitHub Advisory Database
Blast Radius: 45.4
Published: over 2 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWZnNDctM2MyeC1tMndy
TimelockController vulnerability in OpenZeppelin ContractsEcosystems: npm
Packages: @openzeppelin/contracts
Source: GitHub Advisory Database
Blast Radius: 45.4
Published: over 2 years ago
Critical
Ecosystems: maven
Packages: org.jenkins-ci.plugins:script-security
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
GSA_kwCzR0hTQS1jY3I4LTR4cjctY2dqM84AAmCk
Sandbox bypass vulnerability in Jenkins Script Security PluginEcosystems: maven
Packages: org.jenkins-ci.plugins:script-security
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Critical
Ecosystems: maven
Packages: org.jenkins-ci.plugins:script-security
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
GSA_kwCzR0hTQS03Mmd4LXFxMm0tNnhyMs4AAiOT
Improper Control of Generation of Code in Jenkins Script Security PluginEcosystems: maven
Packages: org.jenkins-ci.plugins:script-security
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Critical
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-annotation-ui
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
GSA_kwCzR0hTQS1oNmY1LThqajUtY3hocs4AAx6L
xwiki-platform vulnerable to Remote Code Execution in AnnotationsEcosystems: maven
Packages: org.xwiki.platform:xwiki-platform-annotation-ui
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Critical
Ecosystems: go
Packages: github.com/rancher/rancher
Source: GitHub Advisory Database
Blast Radius: 16.0
Published: about 1 year ago
GSA_kwCzR0hTQS02bTlmLXBqNnctdzg3Z84AAy88
Rancher Webhook is misconfigured during upgrade processEcosystems: go
Packages: github.com/rancher/rancher
Source: GitHub Advisory Database
Blast Radius: 16.0
Published: about 1 year ago
Critical
Ecosystems: pypi
Packages: Plone
Source: GitHub Advisory Database
Blast Radius: 8.5
Published: almost 3 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWhtMnAtZmh3eC05Mjg1
Incorrect Permission Assignment for Critical Resource in PloneEcosystems: pypi
Packages: Plone
Source: GitHub Advisory Database
Blast Radius: 8.5
Published: almost 3 years ago
Critical
Ecosystems: maven
Packages: org.apache.struts:struts2-core
Source: GitHub Advisory Database
Blast Radius: 37.9
Published: over 5 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWo3N3EtMnFxZy02OTg5
Apache Struts vulnerable to remote arbitrary command execution due to improper input validationEcosystems: maven
Packages: org.apache.struts:struts2-core
Source: GitHub Advisory Database
Blast Radius: 37.9
Published: over 5 years ago
Critical
Ecosystems: maven
Packages: org.postgresql:postgresql
Source: GitHub Advisory Database
Blast Radius: 52.5
Published: 2 months ago
GSA_kwCzR0hTQS0yNHJwLXEzdzYtdmM1Ns4AA5cA
org.postgresql:postgresql vulnerable to SQL Injection via line comment generationEcosystems: maven
Packages: org.postgresql:postgresql
Source: GitHub Advisory Database
Blast Radius: 52.5
Published: 2 months ago
Critical
Ecosystems: npm
Packages: parse-server
Source: GitHub Advisory Database
Blast Radius: 30.8
Published: about 2 years ago
GSA_kwCzR0hTQS1wNmg0LTkzcXAtamhjbc0yJA
Command injection in Parse Server through prototype pollutionEcosystems: npm
Packages: parse-server
Source: GitHub Advisory Database
Blast Radius: 30.8
Published: about 2 years ago
Critical
Ecosystems: pypi
Packages: mlflow
Source: GitHub Advisory Database
Blast Radius: 37.1
Published: 5 months ago
GSA_kwCzR0hTQS01NTR3LXhoNGotOHc2NM4AA3yh
Path traversal in MLflowEcosystems: pypi
Packages: mlflow
Source: GitHub Advisory Database
Blast Radius: 37.1
Published: 5 months ago
Critical
Ecosystems: npm
Packages: mongoose
Source: GitHub Advisory Database
Blast Radius: 59.2
Published: 10 months ago
GSA_kwCzR0hTQS05bTkzLXc4dzYtNzZoaM4AA0uj
Mongoose Prototype Pollution vulnerabilityEcosystems: npm
Packages: mongoose
Source: GitHub Advisory Database
Blast Radius: 59.2
Published: 10 months ago
Critical
Ecosystems: go
Packages: github.com/fluxcd/helm-controller, github.com/fluxcd/kustomize-controller, github.com/fluxcd/flux2
Source: GitHub Advisory Database
Blast Radius: 13.8
Published: almost 2 years ago
GSA_kwCzR0hTQS12dm1xLWZ3bWctMmdqY84AAX50
Improper kubeconfig validation allows arbitrary code executionEcosystems: go
Packages: github.com/fluxcd/helm-controller, github.com/fluxcd/kustomize-controller, github.com/fluxcd/flux2
Source: GitHub Advisory Database
Blast Radius: 13.8
Published: almost 2 years ago
Critical
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-flamingo-theme-ui
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
GSA_kwCzR0hTQS1mNHY4LTU4ZjYtbXdqNM4AAyuw
org.xwiki.platform:xwiki-platform-flamingo-theme-ui Eval Injection vulnerabilityEcosystems: maven
Packages: org.xwiki.platform:xwiki-platform-flamingo-theme-ui
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Critical
Ecosystems: maven
Packages: org.jenkins-ci.plugins:email-ext
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
GSA_kwCzR0hTQS1jOWMyLXdjeGgtM3c1as4AAxpZ
Sandbox escape in Jenkins Email Extension PluginEcosystems: maven
Packages: org.jenkins-ci.plugins:email-ext
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Critical
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-menu-ui
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
GSA_kwCzR0hTQS02dzhoLTI2eHgtY2Y4cc4AAv_U
Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') in org.xwiki.platform:xwiki-platform-menu-uiEcosystems: maven
Packages: org.xwiki.platform:xwiki-platform-menu-ui
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Critical
Ecosystems: maven
Packages: org.jenkins-ci.plugins:job-dsl
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
GSA_kwCzR0hTQS01cjc0LXBnbXEtOTJtbc33bA
Script security sandbox bypass in Jenkins Job DSL PluginEcosystems: maven
Packages: org.jenkins-ci.plugins:job-dsl
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Critical
Ecosystems: go
Packages: github.com/labring/sealos
Source: GitHub Advisory Database
Blast Radius: 13.4
Published: 10 months ago
GSA_kwCzR0hTQS03NGo4LXc3ZjktcHA2Ms4AA0KE
Improper configuration of RBAC permissions obtaining cluster control permissionsEcosystems: go
Packages: github.com/labring/sealos
Source: GitHub Advisory Database
Blast Radius: 13.4
Published: 10 months ago
Critical
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-administration-ui
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
GSA_kwCzR0hTQS00djM4LTk2NGMteGptd84AAy3x
Code injection via unescaped translations in xwiki-platformEcosystems: maven
Packages: org.xwiki.platform:xwiki-platform-administration-ui
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Critical
Ecosystems: go
Packages: github.com/go-vela/worker, github.com/go-vela/server
Source: GitHub Advisory Database
Blast Radius: 7.8
Published: over 1 year ago
GSA_kwCzR0hTQS01bTdnLXBqOHctNzU5M84AAvxv
Vela Insecure DefaultsEcosystems: go
Packages: github.com/go-vela/worker, github.com/go-vela/server
Source: GitHub Advisory Database
Blast Radius: 7.8
Published: over 1 year ago
Critical
Ecosystems: npm
Packages: safer-eval
Source: GitHub Advisory Database
Blast Radius: 42.5
Published: over 4 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXIzeDQtd3I0aC1wdzMz
Sandbox Breakout / Arbitrary Code Execution in safer-evalEcosystems: npm
Packages: safer-eval
Source: GitHub Advisory Database
Blast Radius: 42.5
Published: over 4 years ago
Critical
Ecosystems: npm
Packages: @strapi/plugin-email, @strapi/plugin-users-permissions
Source: GitHub Advisory Database
Blast Radius: 34.7
Published: about 1 year ago
GSA_kwCzR0hTQS0yaDg3LTRxMnctdjRoZs4AAy4o
Strapi plugins vulnerable to Server-Side Template Injection and Remote Code Execution in the Users-Permissions PluginEcosystems: npm
Packages: @strapi/plugin-email, @strapi/plugin-users-permissions
Source: GitHub Advisory Database
Blast Radius: 34.7
Published: about 1 year ago
Critical
Ecosystems: maven
Packages: org.xwiki.commons:xwiki-commons-velocity
Source: GitHub Advisory Database
Blast Radius: 18.1
Published: 25 days ago
GSA_kwCzR0hTQS1oZjQzLTQ3cTQtZmhxNc4AA63z
XWiki Commons missing escaping of `{` in Velocity escapetool allows remote code executionEcosystems: maven
Packages: org.xwiki.commons:xwiki-commons-velocity
Source: GitHub Advisory Database
Blast Radius: 18.1
Published: 25 days ago
Critical
Ecosystems: npm
Packages: nodebb
Source: GitHub Advisory Database
Blast Radius: 4.8
Published: 10 months ago
GSA_kwCzR0hTQS12aDJnLTZjNHgtNWhtcM4AA04I
Path traversal and code execution via prototype vulnerabilityEcosystems: npm
Packages: nodebb
Source: GitHub Advisory Database
Blast Radius: 4.8
Published: 10 months ago
Critical
Ecosystems: pypi
Packages: onefuzz
Source: GitHub Advisory Database
Blast Radius: 9.5
Published: over 2 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXE1dmgtNndody14NzQ1
Improper Authorization and Origin Validation Error in OneFuzzEcosystems: pypi
Packages: onefuzz
Source: GitHub Advisory Database
Blast Radius: 9.5
Published: over 2 years ago
Critical
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-oldcore
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 10 months ago
GSA_kwCzR0hTQS04cTlxLXI5djItNjQ0bc4AA0KR
Upgrading doesn't prevent exploiting vulnerable XWiki documentsEcosystems: maven
Packages: org.xwiki.platform:xwiki-platform-oldcore
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 10 months ago
Critical
Ecosystems: npm
Packages: safe-eval
Source: GitHub Advisory Database
Blast Radius: 34.4
Published: almost 6 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXd3NnYtNjc3Zy1wNjU2
Sandbox Breakout in safe-evalEcosystems: npm
Packages: safe-eval
Source: GitHub Advisory Database
Blast Radius: 34.4
Published: almost 6 years ago
Critical
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-like-ui
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 11 months ago
GSA_kwCzR0hTQS1yZjhqLXEzOWctN3hmbc4AAz9r
XWiki Platform vulnerable to privilege escalation (PR) from account through like LiveTableResultsEcosystems: maven
Packages: org.xwiki.platform:xwiki-platform-like-ui
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 11 months ago
Critical
Ecosystems: pypi
Packages: pgAdmin4
Source: GitHub Advisory Database
Blast Radius: 17.1
Published: about 2 months ago
GSA_kwCzR0hTQS1yajk4LWNyZjQtZzY5d84AA51E
pgAdmin 4 vulnerable to Unsafe Deserialization and Remote Code Execution by an Authenticated userEcosystems: pypi
Packages: pgAdmin4
Source: GitHub Advisory Database
Blast Radius: 17.1
Published: about 2 months ago
Critical
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-mentions-ui
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
GSA_kwCzR0hTQS1jNXY4LTJxNHItNXc5ds4AAu1e
XWiki Platform Mentions UI vulnerable to Cross-site ScriptingEcosystems: maven
Packages: org.xwiki.platform:xwiki-platform-mentions-ui
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Critical
Ecosystems: maven
Packages: org.jenkins-ci.plugins.workflow:puppet-enterprise-pipeline
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
GSA_kwCzR0hTQS1tajljLXZqcDktcGdnaM4AAiY2
Incorrect Authorization in Puppet Enterprise Pipeline Jenkins PluginEcosystems: maven
Packages: org.jenkins-ci.plugins.workflow:puppet-enterprise-pipeline
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Critical
Ecosystems: npm
Packages: gitlabhook
Source: GitHub Advisory Database
Blast Radius: 6.0
Published: over 4 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTU0OWYtNzNoaC1tajM4
Command Injection in gitlabhookEcosystems: npm
Packages: gitlabhook
Source: GitHub Advisory Database
Blast Radius: 6.0
Published: over 4 years ago
Critical
Ecosystems: npm
Packages: constantinople
Source: GitHub Advisory Database
Blast Radius: 53.3
Published: almost 5 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTR2bW0tbWhjcS00eDlq
Sandbox Bypass Leading to Arbitrary Code Execution in constantinopleEcosystems: npm
Packages: constantinople
Source: GitHub Advisory Database
Blast Radius: 53.3
Published: almost 5 years ago
Critical
Ecosystems: go
Packages: github.com/pomerium/pomerium
Source: GitHub Advisory Database
Blast Radius: 7.0
Published: 11 months ago
GSA_kwCzR0hTQS1wdnJjLXd2ajItZjU5cM4AAzfl
Pomerium vulnerable to Incorrect Authorization with specially crafted requestsEcosystems: go
Packages: github.com/pomerium/pomerium
Source: GitHub Advisory Database
Blast Radius: 7.0
Published: 11 months ago
Critical
Ecosystems: maven
Packages: org.jenkins-ci.plugins:script-security
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
GSA_kwCzR0hTQS14dnhxLWhxNDgteHBobc3maQ
Sandbox bypass in Script Security PluginEcosystems: maven
Packages: org.jenkins-ci.plugins:script-security
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Critical
Ecosystems: npm
Packages: apex-publish-static-files
Source: GitHub Advisory Database
Blast Radius: 7.0
Published: over 5 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTlqbTMtNTgzNS01Mzdt
Command Injection in apex-publish-static-filesEcosystems: npm
Packages: apex-publish-static-files
Source: GitHub Advisory Database
Blast Radius: 7.0
Published: over 5 years ago
Critical
Ecosystems: maven
Packages: org.jenkins-ci.plugins:matrix-project
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
GSA_kwCzR0hTQS1xeGY4LTg4MzctaHE3d833bQ
Script security sandbox bypass in Matrix Project PluginEcosystems: maven
Packages: org.jenkins-ci.plugins:matrix-project
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Critical
Ecosystems: go
Packages: github.com/pterodactyl/wings
Source: GitHub Advisory Database
Blast Radius: 3.0
Published: about 2 months ago
GSA_kwCzR0hTQS00OTRoLTk5MjQteHd3Oc4AA6B3
Pterodactyl Wings vulnerable to improper isolation of server file accessEcosystems: go
Packages: github.com/pterodactyl/wings
Source: GitHub Advisory Database
Blast Radius: 3.0
Published: about 2 months ago
Critical
Ecosystems: npm
Packages: @openzeppelin/contracts-upgradeable
Source: GitHub Advisory Database
Blast Radius: 36.9
Published: over 2 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZydzQtdzczci02bW04
TimelockController vulnerability in OpenZeppelin ContractsEcosystems: npm
Packages: @openzeppelin/contracts-upgradeable
Source: GitHub Advisory Database
Blast Radius: 36.9
Published: over 2 years ago
Critical
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-wiki-ui-mainwiki
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
GSA_kwCzR0hTQS14cjZtLTJwNG0tanZxZs4AAu1d
XWiki Platform Wiki UI Main Wiki Eval Injection vulnerabilityEcosystems: maven
Packages: org.xwiki.platform:xwiki-platform-wiki-ui-mainwiki
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Critical
Ecosystems: npm
Packages: remark-html
Source: GitHub Advisory Database
Blast Radius: 43.1
Published: over 2 years ago
GSA_kwCzR0hTQS05cTV3LTc5Y3YtOTQ3bc0Vog
Unsafe defaults in `remark-html`Ecosystems: npm
Packages: remark-html
Source: GitHub Advisory Database
Blast Radius: 43.1
Published: over 2 years ago
Critical
Ecosystems: maven
Packages: net.bull.javamelody:javamelody-core
Source: GitHub Advisory Database
Blast Radius: 28.5
Published: almost 2 years ago
GSA_kwCzR0hTQS1jcWhyLWpxdmMtcXc5cM4AAtgo
Java Melody vulnerable to cross-site scriptingEcosystems: maven
Packages: net.bull.javamelody:javamelody-core
Source: GitHub Advisory Database
Blast Radius: 28.5
Published: almost 2 years ago
Critical
Ecosystems: packagist
Packages: dompdf/dompdf
Source: GitHub Advisory Database
Blast Radius: 43.4
Published: over 1 year ago
GSA_kwCzR0hTQS0zY3c1LTdjeHctdjVxZ84AAxTp
Dompdf vulnerable to URI validation failure on SVG parsingEcosystems: packagist
Packages: dompdf/dompdf
Source: GitHub Advisory Database
Blast Radius: 43.4
Published: over 1 year ago
Critical
Ecosystems: maven
Packages: org.apache.openmeetings:openmeetings-parent
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
GSA_kwCzR0hTQS02N3EzLWd3d3ctcG00Z84AAbLM
Apache OpenMeetings does not correctly validate uploaded XML documentsEcosystems: maven
Packages: org.apache.openmeetings:openmeetings-parent
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Critical
Ecosystems: maven
Packages: org.keycloak:keycloak-services
Source: GitHub Advisory Database
Blast Radius: 27.5
Published: 10 months ago
GSA_kwCzR0hTQS0zcDYyLTZmamgtM3A1aM4AA0KH
Keycloak vulnerable to cross-site scripting when validating URI-schemes on SAML and OIDCEcosystems: maven
Packages: org.keycloak:keycloak-services
Source: GitHub Advisory Database
Blast Radius: 27.5
Published: 10 months ago
Critical
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-office-importer
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 6 months ago
GSA_kwCzR0hTQS12Y3ZyLXY0MjYtM20zbc4AA2sI
org.xwiki.platform:xwiki-platform-office-importer vulnerable to arbitrary server side file writing from account through office converterEcosystems: maven
Packages: org.xwiki.platform:xwiki-platform-office-importer
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 6 months ago
Critical
Ecosystems: packagist
Packages: fenom/fenom
Source: GitHub Advisory Database
Blast Radius: 18.1
Published: about 2 years ago
GSA_kwCzR0hTQS02NzR2LTNnMnctODRneM02ZA
Sandbox bypass in fenomEcosystems: packagist
Packages: fenom/fenom
Source: GitHub Advisory Database
Blast Radius: 18.1
Published: about 2 years ago
Critical
Ecosystems: maven
Packages: com.cronutils:cron-utils
Source: GitHub Advisory Database
Blast Radius: 29.5
Published: over 2 years ago
GSA_kwCzR0hTQS1wOW04LTI3eDgtcmc4N80XOQ
Critical vulnerability found in cron-utilsEcosystems: maven
Packages: com.cronutils:cron-utils
Source: GitHub Advisory Database
Blast Radius: 29.5
Published: over 2 years ago
Critical
Ecosystems: packagist
Packages: phenx/php-svg-lib
Source: GitHub Advisory Database
Blast Radius: 43.2
Published: 2 months ago
GSA_kwCzR0hTQS05N20zLTUyd3IteHZ2Ms4AA5dJ
Dompdf's usage of vulnerable version of phenx/php-svg-lib leads to restriction bypass and potential RCEEcosystems: packagist
Packages: phenx/php-svg-lib
Source: GitHub Advisory Database
Blast Radius: 43.2
Published: 2 months ago
Critical
Ecosystems: go
Packages: kubevirt.io/kubevirt
Source: GitHub Advisory Database
Blast Radius: 16.3
Published: 11 days ago
GSA_kwCzR0hTQS04MjhyLXIyYzgtcmZ3M84AA7Sl
Privilege Escalation in kubevirtEcosystems: go
Packages: kubevirt.io/kubevirt
Source: GitHub Advisory Database
Blast Radius: 16.3
Published: 11 days ago
Critical
Ecosystems: maven
Packages: org.powernukkit:powernukkit
Source: GitHub Advisory Database
Blast Radius: 12.6
Published: over 2 years ago
GSA_kwCzR0hTQS0zcXBtLWg5Y2gtcHgzY80gtg
Remote code injection, Improper Input Validation and Uncontrolled Recursion in Log4j libraryEcosystems: maven
Packages: org.powernukkit:powernukkit
Source: GitHub Advisory Database
Blast Radius: 12.6
Published: over 2 years ago
Critical
Ecosystems: maven
Packages: org.opencastproject:opencast-ingest-service-impl
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
GSA_kwCzR0hTQS01OWc0LWhwZzMtM2djcM0bQw
Files Accessible to External Parties in OpencastEcosystems: maven
Packages: org.opencastproject:opencast-ingest-service-impl
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Critical
Ecosystems: pypi
Packages: mlflow
Source: GitHub Advisory Database
Blast Radius: 37.1
Published: about 1 year ago
GSA_kwCzR0hTQS14NDIyLTZxaHYtcDI5Z84AAzAd
Relative path traversal in mlflowEcosystems: pypi
Packages: mlflow
Source: GitHub Advisory Database
Blast Radius: 37.1
Published: about 1 year ago
Critical
Ecosystems: npm
Packages: @nuxtlabs/github-module
Source: GitHub Advisory Database
Blast Radius: 16.0
Published: about 1 year ago
GSA_kwCzR0hTQS1mcDJ3LWc5MmctZmdxNM4AAy0_
@nuxtlabs/github-module made Use of Hard-coded CredentialsEcosystems: npm
Packages: @nuxtlabs/github-module
Source: GitHub Advisory Database
Blast Radius: 16.0
Published: about 1 year ago
Critical
Ecosystems: maven
Packages: org.jenkins-ci.plugins:script-security
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
GSA_kwCzR0hTQS1mNm1xLTZmeDUtdzJjaM4AAvdZ
Jenkins Script Security Plugin sandbox bypass vulnerabilityEcosystems: maven
Packages: org.jenkins-ci.plugins:script-security
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Critical
Ecosystems: go
Packages: rancher/rancher
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 11 months ago
GSA_kwCzR0hTQS1wOTc2LWg1MmMtMjZwNs4AAzpQ
Rancher vulnerable to Privilege Escalation via manipulation of SecretsEcosystems: go
Packages: rancher/rancher
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 11 months ago
Critical
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-icon-ui, org.xwiki.platform:xwiki-platform-icon-default, org.xwiki.platform:xwiki-platform-icon-script
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 10 months ago
GSA_kwCzR0hTQS1mbTY4LWo3d3ctaDl4Zs4AA0KP
XWiki Platform vulnerable to Code Injection in icon themesEcosystems: maven
Packages: org.xwiki.platform:xwiki-platform-icon-ui, org.xwiki.platform:xwiki-platform-icon-default, org.xwiki.platform:xwiki-platform-icon-script
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 10 months ago
Critical
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-panels-ui
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
GSA_kwCzR0hTQS1jNWY0LXA1d3YtMjQ3Nc4AAyur
xwiki.platform:xwiki-platform-panels-ui Eval Injection vulnerabilityEcosystems: maven
Packages: org.xwiki.platform:xwiki-platform-panels-ui
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Critical
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-icon-ui
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
GSA_kwCzR0hTQS12d3I2LXFwNHEtMndqN84AAx7P
XWiki Platform vulnerable to privilege escalation via async macro and IconThemeSheet from the user profileEcosystems: maven
Packages: org.xwiki.platform:xwiki-platform-icon-ui
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Critical
Ecosystems: go
Packages: github.com/rancher/rancher
Source: GitHub Advisory Database
Blast Radius: 16.0
Published: over 1 year ago
GSA_kwCzR0hTQS1nN2o3LWg0cTgtOHcyZs4AAvAZ
Rancher API and cluster.management.cattle.io object vulnerable to plaintext storage and exposure of credentialsEcosystems: go
Packages: github.com/rancher/rancher
Source: GitHub Advisory Database
Blast Radius: 16.0
Published: over 1 year ago
Critical
Ecosystems: npm
Packages: safer-eval
Source: GitHub Advisory Database
Blast Radius: 42.5
Published: over 4 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWhnY2gtamptci1ncDd3
Sandbox Breakout / Arbitrary Code Execution in safer-evalEcosystems: npm
Packages: safer-eval
Source: GitHub Advisory Database
Blast Radius: 42.5
Published: over 4 years ago
Critical
Ecosystems: pypi
Packages: torchserve
Source: GitHub Advisory Database
Blast Radius: 20.8
Published: 7 months ago
GSA_kwCzR0hTQS00bXFnLWg1amYtajltN84AA2Ly
TorchServe Pre-Auth Remote Code ExecutionEcosystems: pypi
Packages: torchserve
Source: GitHub Advisory Database
Blast Radius: 20.8
Published: 7 months ago
Critical
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-notifications-ui
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 10 months ago
GSA_kwCzR0hTQS05NHBmLTkyaHctMmhqY84AA0KQ
XWiki Platform vulnerable to Code injection through NotificationRSSServiceEcosystems: maven
Packages: org.xwiki.platform:xwiki-platform-notifications-ui
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 10 months ago
Critical
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-test-ui
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 12 months ago
GSA_kwCzR0hTQS0zNmZtLWozM3ctYzI1Zs4AAzSe
Privilege escalation (PR)/RCE from account through class sheetEcosystems: maven
Packages: org.xwiki.platform:xwiki-platform-test-ui
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 12 months ago
Critical
Ecosystems: cargo
Packages: deno_runtime, serde_v8, Deno
Source: GitHub Advisory Database
Blast Radius: 25.5
Published: about 1 year ago
GSA_kwCzR0hTQS1jMjV4LWNtOXgtcXFneM4AAyRG
Deno improperly handles resizable ArrayBufferEcosystems: cargo
Packages: deno_runtime, serde_v8, Deno
Source: GitHub Advisory Database
Blast Radius: 25.5
Published: about 1 year ago
Critical
Ecosystems: npm
Packages: @sequelize/core, sequelize
Source: GitHub Advisory Database
Blast Radius: 52.9
Published: about 1 year ago
GSA_kwCzR0hTQS12cWZ4LWdqOTYtM3c5Nc4AAxyK
Unsafe fall-through in getWhereConditionsEcosystems: npm
Packages: @sequelize/core, sequelize
Source: GitHub Advisory Database
Blast Radius: 52.9
Published: about 1 year ago
Critical
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-attachment-ui
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
GSA_kwCzR0hTQS05aHFoLWZtaGctdnEyas4AAv_O
Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') in AttachmentSelector.xmlEcosystems: maven
Packages: org.xwiki.platform:xwiki-platform-attachment-ui
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Critical
Ecosystems: pypi
Packages: Radicale
Source: GitHub Advisory Database
Blast Radius: 14.8
Published: almost 2 years ago
GSA_kwCzR0hTQS1mZ3F2LTk2djktdzIzbc4AActG
Radicale vulnerable to arbitrary file read or writeEcosystems: pypi
Packages: Radicale
Source: GitHub Advisory Database
Blast Radius: 14.8
Published: almost 2 years ago
Critical
Ecosystems: npm
Packages: jsreport
Source: GitHub Advisory Database
Blast Radius: 20.8
Published: 12 months ago
GSA_kwCzR0hTQS1nN3JqLXE3MjItMjQ1Z84AAzH0
jsreport vulnerable to code injectionEcosystems: npm
Packages: jsreport
Source: GitHub Advisory Database
Blast Radius: 20.8
Published: 12 months ago
Critical
Ecosystems: pypi
Packages: fief-server
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 11 months ago
GSA_kwCzR0hTQS1oajhtLTlmaGYtdjdqcM4AA0D-
fief-server Server-Side Template Injection vulnerabilityEcosystems: pypi
Packages: fief-server
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 11 months ago
Critical
Ecosystems: rubygems
Packages: colorscore
Source: GitHub Advisory Database
Blast Radius: 12.0
Published: over 6 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTczcXctd3c2Mi1tNTR4
colorscore Command Injection vulnerabilityEcosystems: rubygems
Packages: colorscore
Source: GitHub Advisory Database
Blast Radius: 12.0
Published: over 6 years ago
Critical
Ecosystems: maven
Packages: com.ctrip.framework.apollo:apollo
Source: GitHub Advisory Database
Blast Radius: 3.0
Published: about 5 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWZ2eDMtZzYyNy1waG0y
Server-Side Request Forgery (SSRF) in com.ctrip.framework.apollo:apolloEcosystems: maven
Packages: com.ctrip.framework.apollo:apollo
Source: GitHub Advisory Database
Blast Radius: 3.0
Published: about 5 years ago
Critical
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-search-solr-ui
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 25 days ago
GSA_kwCzR0hTQS14bTRoLTNqeHItbTNjNs4AA63r
XWiki Platform: Remote code execution through space title and Solr space facetEcosystems: maven
Packages: org.xwiki.platform:xwiki-platform-search-solr-ui
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 25 days ago
Critical
Ecosystems: pypi
Packages: mlflow
Source: GitHub Advisory Database
Blast Radius: 37.1
Published: 10 months ago
GSA_kwCzR0hTQS1mbXhqLTZoOWctNnZ3M84AA0y8
MLflow Path Traversal vulnerabilityEcosystems: pypi
Packages: mlflow
Source: GitHub Advisory Database
Blast Radius: 37.1
Published: 10 months ago
Critical
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-rendering-xwiki
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
GSA_kwCzR0hTQS12eGY3LW14MjItanIyNM4AAyu4
org.xwiki.platform:xwiki-platform-rendering-xwiki vulnerable to stored cross-site scripting via HTML and raw macroEcosystems: maven
Packages: org.xwiki.platform:xwiki-platform-rendering-xwiki
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Statistics
Advisories: 18,372
Packages: 8,294
Repositories: 1,289
Ecosystems: 12
Packages: 8,294
Repositories: 1,289
Ecosystems: 12
Filter by Severity
Filter by Ecosystem
Filter by Package
magento/community-edition
27
com.fasterxml.jackson.core:jackson-databind
24
dolibarr/dolibarr
23
org.jenkins-ci.main:jenkins-core
18
net.mingsoft:ms-mcms
18
salt
16
moodle/moodle
15
com.liferay.portal:release.portal.bom
13
topthink/framework
13
langchain
12
org.apache.dubbo:dubbo
12
mlflow
12
com.liferay.portal:release.dxp.bom
12
drupal/core
12
magento/core
11
org.apache.struts:struts2-core
11
vm2
10
apache-airflow
10
phpmyadmin/phpmyadmin
9
funadmin/funadmin
9
org.xwiki.platform:xwiki-platform-oldcore
9
tensorflow
9
rdiffweb
8
org.jeecgframework.boot:jeecg-boot-common
8
tensorflow-gpu
8
tensorflow-cpu
8
shopware/platform
8
drupal/drupal
8
paddlepaddle
8
org.xwiki.platform:xwiki-platform-web-templates
8
rusqlite
7
org.xwiki.platform:xwiki-platform-administration-ui
7
froxlor/froxlor
7
studio-42/elfinder
7
sequelize
7
symfony/symfony
7
ansible
7
gogs.io/gogs
7
ezsystems/ezpublish-kernel
6
github.com/argoproj/argo-cd
6
aaptjs
6
thorsten/phpmyfaq
6
parse-server
6
github.com/answerdev/answer
6
org.apache.activemq:activemq-client
5
safe-eval
5
centreon/centreon
5
org.jenkins-ci.plugins:script-security
5
ckb
5
nodebb
5
django
5
org.xwiki.platform:xwiki-platform-web
5
mercurial
5
org.jeecgframework.boot:jeecg-boot-parent
5
shopware/core
5
zendframework/zendframework
5
steal
5
org.apache.inlong:manager-pojo
5
Pillow
5
org.apache.tomcat.embed:tomcat-embed-core
5
org.apache.shiro:shiro-core
5
org.xwiki.commons:xwiki-commons-xml
5
Microsoft.ChakraCore
5
pyload-ng
4
hermes-engine
4
nilsteampassnet/teampass
4
contao/core-bundle
4
org.apache.tapestry:tapestry-core
4
openssl-src
4
org.xwiki.platform:xwiki-platform-flamingo-skin-resources
4
PaddlePaddle
4
github.com/hashicorp/vault
4
librenms/librenms
4
contao/contao
4
baserproject/basercms
4
realms-shim
4
spree_auth_devise
4
Django
4
nukeviet/nukeviet
4
org.cloudfoundry.identity:cloudfoundry-identity-server
4
code.gitea.io/gitea
4
org.jeecgframework.boot:jeecg-boot-base-core
4
feehi/cms
4
org.xwiki.platform:xwiki-platform-appwithinminutes-ui
4
prestashop/prestashop
4
org.eclipse.jetty:jetty-server
4
org.apache.kylin:kylin-server-base
4
apache-airflow-providers-apache-hive
4
safer-eval
4
github.com/argoproj/argo-cd/v2
4
mautic/core
4
swagger-ui
4
calibreweb
4
smallvec
4
org.apache.inlong:manager-service
4
github.com/usememos/memos
4
messagepack-rs
4
org.apache.openmeetings:openmeetings-parent
4
net.opentsdb:opentsdb
4
lmdb
3
org.zenframework.z8.dependencies.commons:log4j-1.2.17
3
org.apache.inlong:manager-web
3
github.com/hashicorp/nomad
3
org.richfaces:richfaces-core
3
org.apache.storm:storm
3
org.apache.solr:solr-parent
3
org.xwiki.platform:xwiki-platform-search-ui
3
ro.pippo:pippo-core
3
symfony/security
3
org.xwiki.platform:xwiki-platform-icon-ui
3
showdoc/showdoc
3
symfony/security-core
3
pimcore/pimcore
3
com.alibaba:dubbo
3
@openzeppelin/contracts-upgradeable
3
modoboa
3
ezsystems/ezplatform-kernel
3
org.keycloak:keycloak-core
3
org.apache.logging.log4j:log4j-core
3
org.jenkins-ci.plugins:active-directory
3
org.apache.hadoop:hadoop-common
3
edu.stanford.nlp:stanford-corenlp
3
zendframework/zendframework1
3
nvflare
3
org.apache.ignite:ignite-core
3
com.hazelcast:hazelcast
3
codiad/codiad
3
slpjs
3
actix-web
3
ibexa/core
3
dompdf/dompdf
3
browserify-shim
3
mongoose
3
cobbler
3
codeigniter4/framework
3
github.com/dexidp/dex
3
org.springframework.security:spring-security-core
3
com.jflyfox:jflyfox_jfinal
3
rubygems-update
3
org.apache.any23:apache-any23
3
github.com/pterodactyl/wings
3
io.undertow:undertow-core
3
craftcms/cms
3
github.com/rancher/rancher
3
org.apache.jmeter:ApacheJMeter
3
org.apache.linkis:linkis
3
io.dataease:dataease-plugin-common
3
smarty/smarty
3
org.jenkins-ci.plugins.workflow:workflow-cps
3
simplesamlphp/simplesamlphp
3
elefant/cms
3
jsrsasign
3
github.com/go-gitea/gitea
3
nokogiri
3
feathers-sequelize
3
org.apache.dolphinscheduler:dolphinscheduler
3
org.xwiki.platform:xwiki-platform-panels-ui
3
org.jeecgframework.boot:jeecg-boot-base
3
strapi
3
org.xwiki.platform:xwiki-platform-flamingo-theme-ui
3
ray
3
francoisjacquet/rosariosis
3
tribalsystems/zenario
3
slp-validate
3
typo3/cms
3
log4j:log4j
3
id-map
3
xcb
3
impresscms/impresscms
3
phpmailer/phpmailer
3
publify_core
3
handlebars
3
facade/ignition
3
org.apache.solr:solr-core
3
org.apache.ozone:ozone-main
3
org.apache.derby:derby
2
github.com/sap/cloud-security-client-go
2
alextselegidis/easyappointments
2
github.com/russellhaering/gosaml2
2
tenvoy
2
ghost
2
llama-index
2
org.springframework.amqp:spring-amqp
2
org.apache.flume.flume-ng-sources:flume-jms-source
2
apache-superset
2
locutus
2
org.apache.commons:commons-configuration2
2
github.com/crewjam/saml
2
eslint-config-eslint
2
org.apache.shiro:shiro-web
2
mathjs
2
nadesiko3
2
org.apache.inlong:manager-dao
2
org.xwiki.platform:xwiki-platform-notifications-ui
2
traceroute
2
graphite-web
2
torchserve
2
com.hazelcast.jet:hazelcast-jet
2
org.xwiki.platform:xwiki-platform-attachment-ui
2
pidusage
2
Filter by Repository
https://github.com/xwiki/xwiki-platform
81
https://github.com/FasterXML/jackson-databind
24
https://github.com/jenkinsci/jenkins
17
https://github.com/Dolibarr/dolibarr
15
https://github.com/saltstack/salt
14
https://github.com/apache/airflow
14
https://github.com/mlflow/mlflow
11
https://github.com/PaddlePaddle/Paddle
11
https://github.com/ming-soft/MCMS
10
https://github.com/patriksimek/vm2
10
https://github.com/jeecgboot/jeecg-boot
9
https://github.com/top-think/framework
9
https://github.com/funadmin/funadmin
9
https://github.com/tensorflow/tensorflow
9
https://github.com/apache/inlong
8
https://github.com/django/django
8
https://github.com/magento/magento2
8
https://github.com/ikus060/rdiffweb
8
https://github.com/langchain-ai/langchain
8
https://github.com/ansible/ansible
7
https://github.com/gogs/gogs
7
https://github.com/apache/struts
7
https://github.com/Studio-42/elFinder
7
https://github.com/argoproj/argo-cd
7
https://github.com/rusqlite/rusqlite
7
https://github.com/python-pillow/Pillow
7
https://github.com/sequelize/sequelize
7
https://github.com/go-gitea/gitea
7
https://github.com/parse-community/parse-server
6
https://github.com/answerdev/answer
6
https://github.com/thorsten/phpmyfaq
6
https://github.com/xwiki/xwiki-commons
6
https://github.com/shenzhim/aaptjs
6
https://github.com/shopware/platform
6
https://github.com/symfony/symfony
6
https://github.com/apache/tomcat
5
https://github.com/stealjs/steal
5
https://github.com/apache/activemq
5
https://github.com/nervosnetwork/ckb
5
https://github.com/NodeBB/NodeBB
5
https://github.com/moodle/moodle
5
https://github.com/hacksparrow/safe-eval
5
https://github.com/froxlor/froxlor
5
https://github.com/solidusio/solidus_auth_devise
5
https://github.com/keycloak/keycloak
5
https://github.com/dromara/hutool
4
https://github.com/dompdf/dompdf
4
https://github.com/ezsystems/ezpublish-kernel
4
https://github.com/pippo-java/pippo
4
https://github.com/janeczku/calibre-web
4
https://github.com/otake84/messagepack-rs
4
https://github.com/swagger-api/swagger-ui
4
https://github.com/contao/contao
4
https://github.com/OpenTSDB/opentsdb
4
https://github.com/PrestaShop/PrestaShop
4
https://github.com/CVEProject/cvelist
4
https://github.com/usememos/memos
4
https://github.com/liufee/cms
4
https://github.com/pyload/pyload
4
https://github.com/spring-projects/spring-framework
4
https://github.com/hwchase17/langchain
4
https://github.com/servo/rust-smallvec
4
https://github.com/cloudfoundry/uaa
4
https://github.com/neorazorx/facturascripts
3
https://github.com/github/securitylab
3
https://github.com/dexidp/dex
3
https://github.com/apache/shiro
3
https://github.com/feathersjs-ecosystem/feathers-sequelize
3
https://github.com/baserproject/basercms
3
https://github.com/pterodactyl/wings
3
https://github.com/simpleledger/slpjs
3
https://github.com/phpmyadmin/phpmyadmin
3
https://github.com/smarty-php/smarty
3
https://github.com/cobbler/cobbler
3
https://github.com/opencast/opencast
3
https://github.com/thlorenz/browserify-shim
3
https://github.com/facade/ignition
3
https://github.com/TeamSeri0us/pocs
3
https://github.com/rubygems/rubygems.org
3
https://github.com/facebook/hermes
3
https://github.com/mbechler/marshalsec
3
https://github.com/hazelcast/hazelcast
3
https://github.com/jflyfox/jfinal_cms
3
https://github.com/pimcore/pimcore
3
https://github.com/star7th/showdoc
3
https://github.com/rancher/rancher
3
https://github.com/ImpressCMS/impresscms
3
https://github.com/publify/publify
3
https://github.com/dwisiswant0/advisory
3
https://github.com/centreon/centreon-archived
3
https://github.com/shopware/shopware
3
https://github.com/LetianYuan/My-CVE-Public-References
3
https://github.com/kjur/jsrsasign
3
https://github.com/chakra-core/ChakraCore
3
https://github.com/dataease/dataease
3
https://github.com/run-llama/llama_index
3
https://github.com/jbroadway/elefant
3
https://github.com/strapi/strapi
3
https://github.com/apache/camel
3
https://github.com/octobercms/october
3
https://github.com/ibexa/core
3
https://github.com/denoland/deno
3
https://github.com/NVIDIA/NVFlare
3
https://github.com/crewjam/saml
3
https://github.com/nukeviet/nukeviet
3
https://github.com/actix/actix-web
3
https://github.com/ezsystems/ezplatform-kernel
3
https://github.com/andrewhickman/id-map
3
https://github.com/modoboa/modoboa
3
https://github.com/twisted/twisted
3
https://github.com/craftcms/cms
3
https://github.com/PHPMailer/PHPMailer
3
https://github.com/rubygems/rubygems
3
https://github.com/rochacbruno/quokka
2
https://github.com/gventuri/pandas-ai
2
https://github.com/Microsoft/ChakraCore
2
https://github.com/KnpLabs/snappy
2
https://github.com/gnzlbg/slice_deque
2
https://github.com/ADOdb/ADOdb
2
https://github.com/ionicabizau/parse-url
2
https://github.com/pytorch/serve
2
https://github.com/sidorares/node-mysql2
2
https://github.com/javamelody/javamelody
2
https://github.com/Netflix/security-bulletins
2
https://github.com/neo4j-contrib/neo4j-apoc-procedures
2
https://github.com/simpleledger/slp-validate.js
2
https://github.com/yaml/pyyaml
2
https://github.com/rust-lang-nursery/failure
2
https://github.com/josdejong/mathjs
2
https://github.com/apache/jmeter
2
https://github.com/handlebars-lang/handlebars.js
2
https://github.com/google/flatbuffers
2
https://github.com/IceWhaleTech/CasaOS
2
https://github.com/scalyr/scalyr-agent-2
2
https://github.com/intelliants/subrion
2
https://github.com/SAP/cloud-security-client-go
2
https://github.com/laurent22/joplin
2
https://github.com/benbusby/whoogle-search
2
https://github.com/graphite-project/graphite-web
2
https://github.com/js-data/js-data
2
https://github.com/quarkusio/quarkus
2
https://github.com/dominictarr/event-stream
2
https://github.com/kubernetes/kubernetes
2
https://github.com/mautic/mautic
2
https://github.com/russellhaering/gosaml2
2
https://github.com/hashicorp/go-getter
2
https://github.com/jmrozanec/cron-utils
2
https://github.com/keystonejs/keystone
2
https://github.com/apache/kylin
2
https://github.com/rubyzip/rubyzip
2
https://github.com/waycrate/swhkd
2
https://github.com/ahdinosaur/set-in
2
https://github.com/h2database/h2database
2
https://github.com/rest-client/rest-client
2
https://github.com/TribalSystems/Zenario
2
https://github.com/jfinal/jfinal
2
https://github.com/cockpit-hq/cockpit
2
https://github.com/Automattic/mongoose
2
https://github.com/stanfordnlp/corenlp
2
https://github.com/codeigniter4/CodeIgniter4
2
https://github.com/netvl/acc_reader
2
https://github.com/nodejs/llhttp
2
https://github.com/sjep/array
2
https://github.com/apache/submarine
2
https://github.com/drupal/core
2
https://github.com/folio-org/mod-data-export-spring
2
https://github.com/top-think/thinkphp
2
https://github.com/getgrav/grav
2
https://github.com/OpenAPITools/openapi-generator
2
https://github.com/SAP/cloud-pysec
2
https://github.com/nats-io/jwt
2
https://github.com/web2py/web2py
2
https://github.com/michaelschwarz/Ajax.NET-Professional
2
https://github.com/zoujingli/ThinkAdmin
2
https://github.com/jenkinsci/script-security-plugin
2
https://github.com/qcubed/qcubed
2
https://github.com/puma/puma
2
https://github.com/reem/rust-traitobject
2
https://github.com/actix/actix-net
2
https://github.com/Agoric/realms-shim
2
https://github.com/gofiber/fiber
2
https://github.com/apache/incubator-streampark
2
https://github.com/git-lfs/git-lfs
2
https://github.com/noear/solon
2
https://github.com/hashicorp/vault
2
https://github.com/skoranga/node-dns-sync
2
https://github.com/nilsteampassnet/teampass
2
https://github.com/simplesamlphp/simplesamlphp
2
https://github.com/rust-random/rand
2
https://github.com/evmos/evmos
2
https://github.com/grafana/grafana
2
https://github.com/OpenMage/magento-lts
2
https://github.com/MrSwitch/hello.js
2
https://github.com/OpenZeppelin/openzeppelin-contracts
2
https://github.com/Codiad/Codiad
2
https://github.com/moby/buildkit
2
https://github.com/soketi/soketi
2
https://github.com/vert-x3/vertx-web
2
https://github.com/dominictarr/libnested
2