Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Moderate Security Advisories
Loading...
Moderate
Ecosystems: maven, nuget, npm, pypi, rubygems
Packages: org.webjars.npm:jquery, jQuery, jquery, django, jquery-rails
Source: GitHub Advisory Database
Blast Radius: 135.8
Published: about 5 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZjM2otYzY0bS1xaGdx
XSS in jQuery as used in Drupal, Backdrop CMS, and other productsEcosystems: maven, nuget, npm, pypi, rubygems
Packages: org.webjars.npm:jquery, jQuery, jquery, django, jquery-rails
Source: GitHub Advisory Database
Blast Radius: 135.8
Published: about 5 years ago
Moderate
Ecosystems: maven, nuget, rubygems, npm
Packages: org.webjars.npm:jquery, jQuery, jquery-rails, jquery
Source: GitHub Advisory Database
Blast Radius: 118.7
Published: about 4 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWpwY3EtY2d3Ni12NGo2
Potential XSS vulnerability in jQueryEcosystems: maven, nuget, rubygems, npm
Packages: org.webjars.npm:jquery, jQuery, jquery-rails, jquery
Source: GitHub Advisory Database
Blast Radius: 118.7
Published: about 4 years ago
Moderate
Ecosystems: rubygems, maven, nuget, npm
Packages: jquery-rails, org.webjars.npm:jquery, jquery
Source: GitHub Advisory Database
Blast Radius: 118.7
Published: about 4 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWd4cjQteGpqNS01cHgy
Potential XSS vulnerability in jQueryEcosystems: rubygems, maven, nuget, npm
Packages: jquery-rails, org.webjars.npm:jquery, jquery
Source: GitHub Advisory Database
Blast Radius: 118.7
Published: about 4 years ago
Moderate
Ecosystems: rubygems, nuget, maven, npm
Packages: jquery-rails, jQuery, org.webjars.npm:jquery, jquery
Source: GitHub Advisory Database
Blast Radius: 104.9
Published: over 3 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJwcWotaDN2ai1wcWd3
Cross-Site Scripting in jqueryEcosystems: rubygems, nuget, maven, npm
Packages: jquery-rails, jQuery, org.webjars.npm:jquery, jquery
Source: GitHub Advisory Database
Blast Radius: 104.9
Published: over 3 years ago
Moderate
Ecosystems: maven, rubygems, npm, nuget
Packages: org.webjars.npm:jquery, jquery-rails, jquery, jQuery
Source: GitHub Advisory Database
Blast Radius: 104.9
Published: over 6 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJteGctNzNnZy00cDk4
Cross-Site Scripting (XSS) in jqueryEcosystems: maven, rubygems, npm, nuget
Packages: org.webjars.npm:jquery, jquery-rails, jquery, jQuery
Source: GitHub Advisory Database
Blast Radius: 104.9
Published: over 6 years ago
Moderate
Ecosystems: maven, npm, rubygems, nuget
Packages: org.webjars.npm:jquery, jquery, jquery-rails, jQuery
Source: GitHub Advisory Database
Blast Radius: 104.9
Published: 10 months ago
GSA_kwCzR0hTQS0yNTdxLXB2ODktdjN4ds4AA0D1
jQuery Cross Site Scripting vulnerabilityEcosystems: maven, npm, rubygems, nuget
Packages: org.webjars.npm:jquery, jquery, jquery-rails, jQuery
Source: GitHub Advisory Database
Blast Radius: 104.9
Published: 10 months ago
Moderate
Ecosystems: maven, rubygems, nuget, npm
Packages: org.webjars.npm:jquery, jquery-rails, jQuery, jquery
Source: GitHub Advisory Database
Blast Radius: 104.9
Published: almost 4 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXE0bTMtMmo3aC1mN3h3
Cross-Site Scripting in jqueryEcosystems: maven, rubygems, nuget, npm
Packages: org.webjars.npm:jquery, jquery-rails, jQuery, jquery
Source: GitHub Advisory Database
Blast Radius: 104.9
Published: almost 4 years ago
Moderate
Ecosystems: rubygems, npm, nuget
Packages: twitter-bootstrap-rails, bootstrap-sass, bootstrap, bootstrap.sass, Bootstrap.Less
Source: GitHub Advisory Database
Blast Radius: 99.3
Published: about 5 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTl2M20tOGZwOC1tajk5
Bootstrap Vulnerable to Cross-Site ScriptingEcosystems: rubygems, npm, nuget
Packages: twitter-bootstrap-rails, bootstrap-sass, bootstrap, bootstrap.sass, Bootstrap.Less
Source: GitHub Advisory Database
Blast Radius: 99.3
Published: about 5 years ago
Moderate
Ecosystems: swift, pypi, pub, packagist, cargo, rubygems, nuget, go, maven, npm
Packages: github.com/pubnub/swift, pubnub, pubnub/pubnub, Pubnub, github.com/pubnub/go/v5, github.com/pubnub/go/v6, github.com/pubnub/go, github.com/pubnub/go/v7, com.pubnub:pubnub, com.pubnub:pubnub-kotlin
Source: GitHub Advisory Database
Blast Radius: 82.5
Published: 5 months ago
GSA_kwCzR0hTQS01ODQ0LXEzZmMtNTZyaM4AA3lZ
pubnub Insufficient Entropy vulnerabilityEcosystems: swift, pypi, pub, packagist, cargo, rubygems, nuget, go, maven, npm
Packages: github.com/pubnub/swift, pubnub, pubnub/pubnub, Pubnub, github.com/pubnub/go/v5, github.com/pubnub/go/v6, github.com/pubnub/go, github.com/pubnub/go/v7, com.pubnub:pubnub, com.pubnub:pubnub-kotlin
Source: GitHub Advisory Database
Blast Radius: 82.5
Published: 5 months ago
Moderate
Ecosystems: maven, swift, go
Packages: com.typesafe.akka:akka-http-core_2.11, com.typesafe.akka:akka-http-core_2.12, com.typesafe.akka:akka-http-core_2.13, com.typesafe.akka:akka-http-core, org.eclipse.jetty.http2:jetty-http2-server, org.eclipse.jetty.http2:jetty-http2-common, org.eclipse.jetty.http2:http2-server, org.eclipse.jetty.http2:http2-common, github.com/apple/swift-nio-http2, org.apache.tomcat.embed:tomcat-embed-core, org.apache.tomcat:tomcat, google.golang.org/grpc, golang.org/x/net
Source: GitHub Advisory Database
Blast Radius: 65.5
Published: 7 months ago
GSA_kwCzR0hTQS1xcHBqLWZtNXItaHhyM84AA2X2
HTTP/2 Stream Cancellation AttackEcosystems: maven, swift, go
Packages: com.typesafe.akka:akka-http-core_2.11, com.typesafe.akka:akka-http-core_2.12, com.typesafe.akka:akka-http-core_2.13, com.typesafe.akka:akka-http-core, org.eclipse.jetty.http2:jetty-http2-server, org.eclipse.jetty.http2:jetty-http2-common, org.eclipse.jetty.http2:http2-server, org.eclipse.jetty.http2:http2-common, github.com/apple/swift-nio-http2, org.apache.tomcat.embed:tomcat-embed-core, org.apache.tomcat:tomcat, google.golang.org/grpc, golang.org/x/net
Source: GitHub Advisory Database
Blast Radius: 65.5
Published: 7 months ago
Moderate
Ecosystems: pypi, nuget, packagist, npm
Packages: django-tinymce, TinyMCE, tinymce/tinymce, tinymce
Source: GitHub Advisory Database
Blast Radius: 64.7
Published: over 2 years ago
GSA_kwCzR0hTQS1yOGhtLXc1Zjctd2ozOc0Wzg
Cross-site scripting vulnerability in TinyMCE pluginsEcosystems: pypi, nuget, packagist, npm
Packages: django-tinymce, TinyMCE, tinymce/tinymce, tinymce
Source: GitHub Advisory Database
Blast Radius: 64.7
Published: over 2 years ago
Moderate
Ecosystems: npm, rubygems
Packages: bootstrap
Source: GitHub Advisory Database
Blast Radius: 63.7
Published: over 5 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTdtdnItNXgyZy13ZmM4
Bootstrap Cross-site Scripting vulnerabilityEcosystems: npm, rubygems
Packages: bootstrap
Source: GitHub Advisory Database
Blast Radius: 63.7
Published: over 5 years ago
Moderate
Ecosystems: rubygems, npm
Packages: bootstrap
Source: GitHub Advisory Database
Blast Radius: 63.7
Published: almost 2 years ago
GSA_kwCzR0hTQS0zd3FmLTR4ODktOWc3Oc3uvQ
Bootstrap vulnerable to Cross-Site Scripting (XSS)Ecosystems: rubygems, npm
Packages: bootstrap
Source: GitHub Advisory Database
Blast Radius: 63.7
Published: almost 2 years ago
Moderate
Ecosystems: pypi, go, cargo
Packages: paramiko, golang.org/x/crypto, russh
Source: GitHub Advisory Database
Blast Radius: 63.5
Published: 5 months ago
GSA_kwCzR0hTQS00NXg3LXB4MzYteDh3OM4AA34H
Prefix Truncation Attack against ChaCha20-Poly1305 and Encrypt-then-MAC aka TerrapinEcosystems: pypi, go, cargo
Packages: paramiko, golang.org/x/crypto, russh
Source: GitHub Advisory Database
Blast Radius: 63.5
Published: 5 months ago
Moderate
Ecosystems: rubygems, pypi, maven
Packages: grpc, grpcio, io.grpc:grpc-protobuf
Source: GitHub Advisory Database
Blast Radius: 63.4
Published: 10 months ago
GSA_kwCzR0hTQS05aHhmLXBwanYtdzZycc4AA0dy
gRPC connection termination issueEcosystems: rubygems, pypi, maven
Packages: grpc, grpcio, io.grpc:grpc-protobuf
Source: GitHub Advisory Database
Blast Radius: 63.4
Published: 10 months ago
Moderate
Ecosystems: npm
Packages: http-proxy-agent
Source: GitHub Advisory Database
Blast Radius: 60.4
Published: over 2 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTg2d2YtNDM2bS1oNDI0
Resource Exhaustion Denial of Service in http-proxy-agentEcosystems: npm
Packages: http-proxy-agent
Source: GitHub Advisory Database
Blast Radius: 60.4
Published: over 2 years ago
Moderate
Ecosystems: rubygems, nuget, maven, npm
Packages: jquery-ui-rails, jQuery.UI.Combined, org.webjars.npm:jquery-ui, jquery-ui
Source: GitHub Advisory Database
Blast Radius: 59.3
Published: over 2 years ago
GSA_kwCzR0hTQS1qN3F2LXBnZjYtaHZoNM0Wtw
XSS in `*Text` options of the Datepicker widget in jquery-uiEcosystems: rubygems, nuget, maven, npm
Packages: jquery-ui-rails, jQuery.UI.Combined, org.webjars.npm:jquery-ui, jquery-ui
Source: GitHub Advisory Database
Blast Radius: 59.3
Published: over 2 years ago
Moderate
Ecosystems: rubygems, nuget, maven, npm
Packages: jquery-ui-rails, jQuery.UI.Combined, org.webjars.npm:jquery-ui, jquery-ui
Source: GitHub Advisory Database
Blast Radius: 59.3
Published: over 2 years ago
GSA_kwCzR0hTQS1ncHFxLTk1MnEtNTMyN80Wtg
XSS in the `of` option of the `.position()` util in jquery-uiEcosystems: rubygems, nuget, maven, npm
Packages: jquery-ui-rails, jQuery.UI.Combined, org.webjars.npm:jquery-ui, jquery-ui
Source: GitHub Advisory Database
Blast Radius: 59.3
Published: over 2 years ago
Moderate
Ecosystems: rubygems, maven, nuget, npm
Packages: jquery-ui-rails, org.webjars.npm:jquery-ui, jQuery.UI.Combined, jquery-ui
Source: GitHub Advisory Database
Blast Radius: 59.3
Published: over 2 years ago
GSA_kwCzR0hTQS05Z2ozLWh3cDUtcG13Y80WtQ
XSS in the `altField` option of the Datepicker widget in jquery-uiEcosystems: rubygems, maven, nuget, npm
Packages: jquery-ui-rails, org.webjars.npm:jquery-ui, jQuery.UI.Combined, jquery-ui
Source: GitHub Advisory Database
Blast Radius: 59.3
Published: over 2 years ago
Moderate
Ecosystems: packagist, npm
Packages: typo3/cms, typo3/cms-core, bootstrap
Source: GitHub Advisory Database
Blast Radius: 58.1
Published: over 5 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXBqN20tZzUzbS03NjM4
Bootstrap Cross-site Scripting vulnerabilityEcosystems: packagist, npm
Packages: typo3/cms, typo3/cms-core, bootstrap
Source: GitHub Advisory Database
Blast Radius: 58.1
Published: over 5 years ago
Moderate
Ecosystems: nuget, maven, rubygems, npm
Packages: jQuery.UI.Combined, org.webjars.npm:jquery-ui, jquery-ui-rails, jquery-ui
Source: GitHub Advisory Database
Blast Radius: 55.7
Published: over 6 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWhwY2YtOHZmOS1xNGdq
jQuery-UI vulnerable to Cross-site Scripting in dialog closeTextEcosystems: nuget, maven, rubygems, npm
Packages: jQuery.UI.Combined, org.webjars.npm:jquery-ui, jquery-ui-rails, jquery-ui
Source: GitHub Advisory Database
Blast Radius: 55.7
Published: over 6 years ago
Moderate
Ecosystems: nuget, rubygems, maven, npm
Packages: jQuery.UI.Combined, jquery-ui-rails, org.webjars.npm:jquery-ui, jquery-ui
Source: GitHub Advisory Database
Blast Radius: 55.7
Published: almost 2 years ago
GSA_kwCzR0hTQS1oNmdqLTZqanEtaDhnOc4AAtcw
jQuery UI vulnerable to XSS when refreshing a checkboxradio with an HTML-like initial text labelEcosystems: nuget, rubygems, maven, npm
Packages: jQuery.UI.Combined, jquery-ui-rails, org.webjars.npm:jquery-ui, jquery-ui
Source: GitHub Advisory Database
Blast Radius: 55.7
Published: almost 2 years ago
Moderate
Ecosystems: rubygems, nuget, maven, npm
Packages: jquery-ui-rails, jQuery.UI.Combined, org.webjars.npm:jquery-ui, jquery-ui
Source: GitHub Advisory Database
Blast Radius: 55.7
Published: over 6 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXdjbTItOWM4OS13bWZt
Cross-site Scripting in jquery-uiEcosystems: rubygems, nuget, maven, npm
Packages: jquery-ui-rails, jQuery.UI.Combined, org.webjars.npm:jquery-ui, jquery-ui
Source: GitHub Advisory Database
Blast Radius: 55.7
Published: over 6 years ago
Moderate
Ecosystems: hex, npm
Packages: phoenix_html
Source: GitHub Advisory Database
Blast Radius: 50.9
Published: over 1 year ago
GSA_kwCzR0hTQS01ZzJoLTl4NXYtNWgzeM4AAw18
phoenix_html allows Cross-site Scripting in HEEx class attributesEcosystems: hex, npm
Packages: phoenix_html
Source: GitHub Advisory Database
Blast Radius: 50.9
Published: over 1 year ago
Moderate
Ecosystems: npm
Packages: codecov
Source: GitHub Advisory Database
Blast Radius: 47.8
Published: almost 4 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXhwNjMtNnZmNS14ZjN2
Command injection in codecov (npm package)Ecosystems: npm
Packages: codecov
Source: GitHub Advisory Database
Blast Radius: 47.8
Published: almost 4 years ago
Moderate
Ecosystems: maven, rubygems
Packages: com.google.protobuf:protobuf-kotlin-lite, com.google.protobuf:protobuf-javalite, google-protobuf, com.google.protobuf:protobuf-kotlin, com.google.protobuf:protobuf-java
Source: GitHub Advisory Database
Blast Radius: 47.0
Published: over 1 year ago
GSA_kwCzR0hTQS1oNGg1LTNocjQtajNnMs4AAvKm
protobuf-java has a potential Denial of Service issueEcosystems: maven, rubygems
Packages: com.google.protobuf:protobuf-kotlin-lite, com.google.protobuf:protobuf-javalite, google-protobuf, com.google.protobuf:protobuf-kotlin, com.google.protobuf:protobuf-java
Source: GitHub Advisory Database
Blast Radius: 47.0
Published: over 1 year ago
Moderate
Ecosystems: swift, npm, packagist
Packages: github.com/mongodb/mongo-swift-driver, mongodb, mongodb/mongodb
Source: GitHub Advisory Database
Blast Radius: 47.0
Published: 8 months ago
GSA_kwCzR0hTQS12eHZtLXF3dzMtMmZoN84AA1jJ
MongoDB Driver may publish events containing authentication-related dataEcosystems: swift, npm, packagist
Packages: github.com/mongodb/mongo-swift-driver, mongodb, mongodb/mongodb
Source: GitHub Advisory Database
Blast Radius: 47.0
Published: 8 months ago
Moderate
Ecosystems: packagist, npm
Packages: typo3/cms, typo3/cms-core, ckeditor
Source: GitHub Advisory Database
Blast Radius: 45.9
Published: over 5 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWc2OHgtdnZxcS1wdncz
Ckeditor XSS VulnerabilityEcosystems: packagist, npm
Packages: typo3/cms, typo3/cms-core, ckeditor
Source: GitHub Advisory Database
Blast Radius: 45.9
Published: over 5 years ago
Moderate
Ecosystems: npm
Packages: uri-js
Source: GitHub Advisory Database
Blast Radius: 43.4
Published: almost 6 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTMzM3ctcnhqMy1mNTVy
Regular Expression Denial Of Service in uri-jsEcosystems: npm
Packages: uri-js
Source: GitHub Advisory Database
Blast Radius: 43.4
Published: almost 6 years ago
Moderate
Ecosystems: packagist, nuget, npm
Packages: tinymce/tinymce, TinyMCE, tinymce
Source: GitHub Advisory Database
Blast Radius: 43.2
Published: 7 months ago
GSA_kwCzR0hTQS12NjVyLXAzdnYtampmds4AA2kF
TinyMCE mXSS vulnerability in undo/redo, getContent API, resetContent API, and Autosave pluginEcosystems: packagist, nuget, npm
Packages: tinymce/tinymce, TinyMCE, tinymce
Source: GitHub Advisory Database
Blast Radius: 43.2
Published: 7 months ago
Moderate
Ecosystems: nuget, packagist, npm
Packages: TinyMCE, tinymce/tinymce, tinymce
Source: GitHub Advisory Database
Blast Radius: 43.2
Published: 6 months ago
GSA_kwCzR0hTQS12NjI2LXI3NzQtajdmOM4AA3Mj
TinyMCE vulnerable to mutation Cross-site Scripting via special characters in unescaped text nodesEcosystems: nuget, packagist, npm
Packages: TinyMCE, tinymce/tinymce, tinymce
Source: GitHub Advisory Database
Blast Radius: 43.2
Published: 6 months ago
Moderate
Ecosystems: packagist, nuget, npm
Packages: tinymce/tinymce, TinyMCE, tinymce
Source: GitHub Advisory Database
Blast Radius: 43.2
Published: 7 months ago
GSA_kwCzR0hTQS1oZ3F4LXIyaHAtanIzOM4AA2kG
TinyMCE XSS vulnerability in notificationManager.open APIEcosystems: packagist, nuget, npm
Packages: tinymce/tinymce, TinyMCE, tinymce
Source: GitHub Advisory Database
Blast Radius: 43.2
Published: 7 months ago
Moderate
Ecosystems: packagist, nuget, npm
Packages: tinymce/tinymce, TinyMCE, tinymce
Source: GitHub Advisory Database
Blast Radius: 43.2
Published: over 2 years ago
GSA_kwCzR0hTQS01aDlnLXg1cnYtMjV3Z80WrQ
Cross-site scripting vulnerability in TinyMCEEcosystems: packagist, nuget, npm
Packages: tinymce/tinymce, TinyMCE, tinymce
Source: GitHub Advisory Database
Blast Radius: 43.2
Published: over 2 years ago
Moderate
Ecosystems: npm
Packages: tar, node-tar
Source: GitHub Advisory Database
Blast Radius: 42.3
Published: about 1 month ago
GSA_kwCzR0hTQS1mNXgzLTMyZzYteHEzNs4AA6O0
Denial of service while parsing a tar file due to lack of folders count validationEcosystems: npm
Packages: tar, node-tar
Source: GitHub Advisory Database
Blast Radius: 42.3
Published: about 1 month ago
Moderate
Ecosystems: npm
Packages: react
Source: GitHub Advisory Database
Blast Radius: 41.9
Published: over 3 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWc1M3ctNTJ4Yy0yajg1
Cross-Site Scripting in reactEcosystems: npm
Packages: react
Source: GitHub Advisory Database
Blast Radius: 41.9
Published: over 3 years ago
Moderate
Ecosystems: npm
Packages: url-parse
Source: GitHub Advisory Database
Blast Radius: 41.7
Published: about 2 years ago
GSA_kwCzR0hTQS1qZjVyLThobTItZjg3Ms0uHQ
url-parse incorrectly parses hostname / protocol due to unstripped leading control characters.Ecosystems: npm
Packages: url-parse
Source: GitHub Advisory Database
Blast Radius: 41.7
Published: about 2 years ago
Moderate
Ecosystems: npm
Packages: url-parse
Source: GitHub Advisory Database
Blast Radius: 41.7
Published: about 2 years ago
GSA_kwCzR0hTQS04djM4LXB3NjItOWN3Ms0s1g
url-parse Incorrectly parses URLs that include an '@'Ecosystems: npm
Packages: url-parse
Source: GitHub Advisory Database
Blast Radius: 41.7
Published: about 2 years ago
Moderate
Ecosystems: npm
Packages: follow-redirects
Source: GitHub Advisory Database
Blast Radius: 41.0
Published: about 2 months ago
GSA_kwCzR0hTQS1jeGpoLXBxd3AtOG1mcM4AA6AJ
follow-redirects' Proxy-Authorization header kept across hostsEcosystems: npm
Packages: follow-redirects
Source: GitHub Advisory Database
Blast Radius: 41.0
Published: about 2 months ago
Moderate
Ecosystems: npm
Packages: lodash
Source: GitHub Advisory Database
Blast Radius: 40.9
Published: almost 6 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWZ2cXItMjd3ci04MmZt
Prototype Pollution in lodashEcosystems: npm
Packages: lodash
Source: GitHub Advisory Database
Blast Radius: 40.9
Published: almost 6 years ago
Moderate
Ecosystems: npm
Packages: tough-cookie
Source: GitHub Advisory Database
Blast Radius: 40.6
Published: 10 months ago
GSA_kwCzR0hTQS03MnhmLWcydjQtcXZmM84AA0LC
tough-cookie Prototype Pollution vulnerabilityEcosystems: npm
Packages: tough-cookie
Source: GitHub Advisory Database
Blast Radius: 40.6
Published: 10 months ago
Moderate
Ecosystems: npm
Packages: elliptic
Source: GitHub Advisory Database
Blast Radius: 39.6
Published: about 3 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXI5cDktbXJqbS05MjZ3
Elliptic Uses a Broken or Risky Cryptographic AlgorithmEcosystems: npm
Packages: elliptic
Source: GitHub Advisory Database
Blast Radius: 39.6
Published: about 3 years ago
Moderate
Ecosystems: npm
Packages: serve-index
Source: GitHub Advisory Database
Blast Radius: 39.6
Published: over 6 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXY2MzMteDV2di1ocXdj
Cross-Site Scripting in serve-indexEcosystems: npm
Packages: serve-index
Source: GitHub Advisory Database
Blast Radius: 39.6
Published: over 6 years ago
Moderate
Ecosystems: npm
Packages: engine.io
Source: GitHub Advisory Database
Blast Radius: 39.5
Published: over 1 year ago
GSA_kwCzR0hTQS1yN3FwLWNmaHYtcDg0d84AAv_b
Uncaught exception in engine.ioEcosystems: npm
Packages: engine.io
Source: GitHub Advisory Database
Blast Radius: 39.5
Published: over 1 year ago
Moderate
Ecosystems: npm
Packages: engine.io
Source: GitHub Advisory Database
Blast Radius: 39.5
Published: about 1 year ago
GSA_kwCzR0hTQS1xOW13LTY4YzItajZtNc4AAzEv
engine.io Uncaught Exception vulnerabilityEcosystems: npm
Packages: engine.io
Source: GitHub Advisory Database
Blast Radius: 39.5
Published: about 1 year ago
Moderate
Ecosystems: npm
Packages: node-forge
Source: GitHub Advisory Database
Blast Radius: 39.5
Published: over 2 years ago
GSA_kwCzR0hTQS04ZnIzLWhmZzMtZ3BncM0hMQ
Open Redirect in node-forgeEcosystems: npm
Packages: node-forge
Source: GitHub Advisory Database
Blast Radius: 39.5
Published: over 2 years ago
Moderate
Ecosystems: npm
Packages: sockjs
Source: GitHub Advisory Database
Blast Radius: 39.4
Published: about 3 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWhoOHYtam1oMy05NDM3
Cross-site scripting in SocksJS-nodeEcosystems: npm
Packages: sockjs
Source: GitHub Advisory Database
Blast Radius: 39.4
Published: about 3 years ago
Moderate
Ecosystems: packagist, npm
Packages: drupal/drupal, drupal/core, ckeditor4
Source: GitHub Advisory Database
Blast Radius: 39.4
Published: almost 3 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJneDYtcmpqNC1jMzg4
ckeditor4 vulnerable to cross-site scriptingEcosystems: packagist, npm
Packages: drupal/drupal, drupal/core, ckeditor4
Source: GitHub Advisory Database
Blast Radius: 39.4
Published: almost 3 years ago
Moderate
Ecosystems: rubygems
Packages: nokogiri
Source: GitHub Advisory Database
Blast Radius: 39.3
Published: about 2 years ago
GSA_kwCzR0hTQS14eHg5LTN4Y3ItZ2pqM8055A
XML Injection in Xerces Java affects NokogiriEcosystems: rubygems
Packages: nokogiri
Source: GitHub Advisory Database
Blast Radius: 39.3
Published: about 2 years ago
Moderate
Ecosystems: rubygems
Packages: nokogiri
Source: GitHub Advisory Database
Blast Radius: 39.3
Published: almost 2 years ago
GSA_kwCzR0hTQS1qbWhoLXc3eHAtd2czOc3gKA
Nokogiri vulnerable to DoS while parsing XML entitiesEcosystems: rubygems
Packages: nokogiri
Source: GitHub Advisory Database
Blast Radius: 39.3
Published: almost 2 years ago
Moderate
Ecosystems: rubygems
Packages: nokogiri
Source: GitHub Advisory Database
Blast Radius: 39.3
Published: about 6 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTg4MnAtanFnbS1mNDVn
Uncontrolled resource consumption in nokogiriEcosystems: rubygems
Packages: nokogiri
Source: GitHub Advisory Database
Blast Radius: 39.3
Published: about 6 years ago
Moderate
Ecosystems: rubygems
Packages: nokogiri
Source: GitHub Advisory Database
Blast Radius: 39.3
Published: almost 2 years ago
GSA_kwCzR0hTQS02MnFwLTNmeG0tOXd4Zs3gJg
Nokogiri vulnerable to DoS while parsing XML documentsEcosystems: rubygems
Packages: nokogiri
Source: GitHub Advisory Database
Blast Radius: 39.3
Published: almost 2 years ago
Moderate
Ecosystems: npm
Packages: react-dom
Source: GitHub Advisory Database
Blast Radius: 39.2
Published: over 5 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW12amotZ3FxMi1wNGh3
Cross-Site Scripting in react-domEcosystems: npm
Packages: react-dom
Source: GitHub Advisory Database
Blast Radius: 39.2
Published: over 5 years ago
Moderate
Ecosystems: npm
Packages: url-parse
Source: GitHub Advisory Database
Blast Radius: 39.1
Published: over 2 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWhoMjctZmZyMi1mMmpj
Open redirect in url-parseEcosystems: npm
Packages: url-parse
Source: GitHub Advisory Database
Blast Radius: 39.1
Published: over 2 years ago
Moderate
Ecosystems: npm
Packages: moment
Source: GitHub Advisory Database
Blast Radius: 39.0
Published: over 6 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTg3dnYtcjlqNi1nNXF2
Regular Expression Denial of Service in momentEcosystems: npm
Packages: moment
Source: GitHub Advisory Database
Blast Radius: 39.0
Published: over 6 years ago
Moderate
Ecosystems: rubygems
Packages: rake
Source: GitHub Advisory Database
Blast Radius: 39.0
Published: about 4 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWpwcHYtZ3czci13M3E4
OS Command Injection in RakeEcosystems: rubygems
Packages: rake
Source: GitHub Advisory Database
Blast Radius: 39.0
Published: about 4 years ago
Moderate
Ecosystems: rubygems
Packages: actionpack
Source: GitHub Advisory Database
Blast Radius: 38.6
Published: almost 4 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWM2cXItaDV2cS01OWpj
Untrusted users can run pending migrations in production in RailsEcosystems: rubygems
Packages: actionpack
Source: GitHub Advisory Database
Blast Radius: 38.6
Published: almost 4 years ago
Moderate
Ecosystems: npm
Packages: follow-redirects
Source: GitHub Advisory Database
Blast Radius: 38.5
Published: 4 months ago
GSA_kwCzR0hTQS1qY2h3LTI1eHAtand3Y84AA4JD
Follow Redirects improperly handles URLs in the url.parse() functionEcosystems: npm
Packages: follow-redirects
Source: GitHub Advisory Database
Blast Radius: 38.5
Published: 4 months ago
Moderate
Ecosystems: nuget, packagist, npm
Packages: TinyMCE, tinymce/tinymce, tinymce
Source: GitHub Advisory Database
Blast Radius: 38.4
Published: over 1 year ago
GSA_kwCzR0hTQS1nZzhyLXhqd3EtNHc5Ms4AAwOk
Cross-site scripting vulnerability in TinyMCE alertsEcosystems: nuget, packagist, npm
Packages: TinyMCE, tinymce/tinymce, tinymce
Source: GitHub Advisory Database
Blast Radius: 38.4
Published: over 1 year ago
Moderate
Ecosystems: npm
Packages: express
Source: GitHub Advisory Database
Blast Radius: 38.2
Published: about 1 month ago
GSA_kwCzR0hTQS1ydjk1LTg5NmgtYzJ2Y84AA6Rd
Express.js Open Redirect in malformed URLsEcosystems: npm
Packages: express
Source: GitHub Advisory Database
Blast Radius: 38.2
Published: about 1 month ago
Moderate
Ecosystems: npm
Packages: express
Source: GitHub Advisory Database
Blast Radius: 38.2
Published: over 5 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWdwdnItZzZnaC05bWMy
No Charset in Content-Type Header in expressEcosystems: npm
Packages: express
Source: GitHub Advisory Database
Blast Radius: 38.2
Published: over 5 years ago
Moderate
Ecosystems: npm
Packages: next
Source: GitHub Advisory Database
Blast Radius: 38.2
Published: over 2 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZ4ZjUtd3h3cC1tN2c5
Open Redirect in Next.jsEcosystems: npm
Packages: next
Source: GitHub Advisory Database
Blast Radius: 38.2
Published: over 2 years ago
Moderate
Ecosystems: pypi
Packages: certifi
Source: GitHub Advisory Database
Blast Radius: 38.2
Published: over 1 year ago
GSA_kwCzR0hTQS00M2ZwLXJodjItNWd2OM4AAwM2
Certifi removing TrustCor root certificateEcosystems: pypi
Packages: certifi
Source: GitHub Advisory Database
Blast Radius: 38.2
Published: over 1 year ago
Moderate
Ecosystems: rubygems
Packages: puma
Source: GitHub Advisory Database
Blast Radius: 38.1
Published: almost 4 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXc2NHctcXFwaC01Z3ht
HTTP Smuggling via Transfer-Encoding Header in PumaEcosystems: rubygems
Packages: puma
Source: GitHub Advisory Database
Blast Radius: 38.1
Published: almost 4 years ago
Moderate
Ecosystems: maven
Packages: mysql:mysql-connector-java
Source: GitHub Advisory Database
Blast Radius: 38.0
Published: over 2 years ago
GSA_kwCzR0hTQS1nNzZqLTRjeHgtMjNoOc0kvw
Improper Handling of Insufficient Permissions or Privileges in MySQL Connectors JavaEcosystems: maven
Packages: mysql:mysql-connector-java
Source: GitHub Advisory Database
Blast Radius: 38.0
Published: over 2 years ago
Moderate
Ecosystems: rubygems
Packages: rack
Source: GitHub Advisory Database
Blast Radius: 37.9
Published: over 4 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWhycXItaHhwcC1jaHIz
Possible Information Leak / Session Hijack Vulnerability in RackEcosystems: rubygems
Packages: rack
Source: GitHub Advisory Database
Blast Radius: 37.9
Published: over 4 years ago
Moderate
Ecosystems: npm
Packages: undefsafe
Source: GitHub Advisory Database
Blast Radius: 37.9
Published: about 2 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTMzMnEtN2ZmMi01N2gy
Prototype Pollution in undefsafeEcosystems: npm
Packages: undefsafe
Source: GitHub Advisory Database
Blast Radius: 37.9
Published: about 2 years ago
Moderate
Ecosystems: npm
Packages: https-proxy-agent
Source: GitHub Advisory Database
Blast Radius: 37.8
Published: about 4 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXBjNXAtaDhwZi1tdndw
Machine-In-The-Middle in https-proxy-agentEcosystems: npm
Packages: https-proxy-agent
Source: GitHub Advisory Database
Blast Radius: 37.8
Published: about 4 years ago
Moderate
Ecosystems: npm
Packages: ejs
Source: GitHub Advisory Database
Blast Radius: 37.7
Published: over 6 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWh3Y2YtcHA4Ny03eDZw
mde ejs vulnerable to XSSEcosystems: npm
Packages: ejs
Source: GitHub Advisory Database
Blast Radius: 37.7
Published: over 6 years ago
Moderate
Ecosystems: rubygems
Packages: actionview
Source: GitHub Advisory Database
Blast Radius: 37.6
Published: almost 4 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXhxNWotZ3c3Zi1qZ2o4
CSRF Vulnerability in rails-ujsEcosystems: rubygems
Packages: actionview
Source: GitHub Advisory Database
Blast Radius: 37.6
Published: almost 4 years ago
Moderate
Ecosystems: maven
Packages: org.elasticsearch:elasticsearch
Source: GitHub Advisory Database
Blast Radius: 37.6
Published: about 3 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWhxcXYtOXgzdi1tcDd3
Privilege Escalation Flaw in ElasticsearchEcosystems: maven
Packages: org.elasticsearch:elasticsearch
Source: GitHub Advisory Database
Blast Radius: 37.6
Published: about 3 years ago
Moderate
Ecosystems: npm
Packages: jsonwebtoken
Source: GitHub Advisory Database
Blast Radius: 37.5
Published: over 1 year ago
GSA_kwCzR0hTQS1xd3BoLTQ5NTItN3hyNs4AAwgg
jsonwebtoken vulnerable to signature validation bypass due to insecure default algorithm in jwt.verify()Ecosystems: npm
Packages: jsonwebtoken
Source: GitHub Advisory Database
Blast Radius: 37.5
Published: over 1 year ago
Moderate
Ecosystems: packagist
Packages: symfony/symfony, symfony/http-kernel
Source: GitHub Advisory Database
Blast Radius: 37.2
Published: over 2 years ago
GSA_kwCzR0hTQS1xM2ozLXczN3gtaHEycc0YFQ
Webcache Poisoning in symfony/http-kernelEcosystems: packagist
Packages: symfony/symfony, symfony/http-kernel
Source: GitHub Advisory Database
Blast Radius: 37.2
Published: over 2 years ago
Moderate
Ecosystems: packagist
Packages: symfony/symfony, symfony/http-foundation
Source: GitHub Advisory Database
Blast Radius: 37.2
Published: almost 2 years ago
GSA_kwCzR0hTQS04d2dqLTZ3eDgtaDVocc3r4Q
Symfony HTTP Foundation web cache poisoningEcosystems: packagist
Packages: symfony/symfony, symfony/http-foundation
Source: GitHub Advisory Database
Blast Radius: 37.2
Published: almost 2 years ago
Moderate
Ecosystems: npm
Packages: handlebars
Source: GitHub Advisory Database
Blast Radius: 37.2
Published: over 5 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTlwcmgtMjU3dy05Mjc3
Cross-Site Scripting in handlebarsEcosystems: npm
Packages: handlebars
Source: GitHub Advisory Database
Blast Radius: 37.2
Published: over 5 years ago
Moderate
Ecosystems: npm
Packages: follow-redirects
Source: GitHub Advisory Database
Blast Radius: 37.2
Published: about 2 years ago
GSA_kwCzR0hTQS1wdzJyLXZxNnYtaHI4Y80qJw
Exposure of Sensitive Information to an Unauthorized Actor in follow-redirectsEcosystems: npm
Packages: follow-redirects
Source: GitHub Advisory Database
Blast Radius: 37.2
Published: about 2 years ago
Moderate
Ecosystems: pypi
Packages: pillow
Source: GitHub Advisory Database
Blast Radius: 37.1
Published: about 3 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWpncHYtNGg0Yy14aHcz
Uncontrolled Resource Consumption in pillowEcosystems: pypi
Packages: pillow
Source: GitHub Advisory Database
Blast Radius: 37.1
Published: about 3 years ago
Moderate
Ecosystems: npm
Packages: bl
Source: GitHub Advisory Database
Blast Radius: 37.1
Published: over 3 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXBwN2gtNTNneC1teDdy
Remote Memory Exposure in blEcosystems: npm
Packages: bl
Source: GitHub Advisory Database
Blast Radius: 37.1
Published: over 3 years ago
Moderate
Ecosystems: npm
Packages: node-fetch
Source: GitHub Advisory Database
Blast Radius: 36.9
Published: almost 2 years ago
GSA_kwCzR0hTQS12cDU2LTZnMjYtNjgyN84AAtwJ
node-fetch Inefficient Regular Expression ComplexityEcosystems: npm
Packages: node-fetch
Source: GitHub Advisory Database
Blast Radius: 36.9
Published: almost 2 years ago
Moderate
Ecosystems: rubygems
Packages: nokogiri, loofah
Source: GitHub Advisory Database
Blast Radius: 36.8
Published: about 6 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXg3cnYtY3I2di00dm00
Cross-site Scripting in loofahEcosystems: rubygems
Packages: nokogiri, loofah
Source: GitHub Advisory Database
Blast Radius: 36.8
Published: about 6 years ago
Moderate
Ecosystems: maven
Packages: mysql:mysql-connector-java
Source: GitHub Advisory Database
Blast Radius: 36.8
Published: almost 2 years ago
GSA_kwCzR0hTQS1wd2g3LTkyaDMtbXFyNs4AASTH
Exposure of Sensitive Information to an Unauthorized Actor in Oracle MySQL Connectors JavaEcosystems: maven
Packages: mysql:mysql-connector-java
Source: GitHub Advisory Database
Blast Radius: 36.8
Published: almost 2 years ago
Moderate
Ecosystems: npm
Packages: axios
Source: GitHub Advisory Database
Blast Radius: 36.8
Published: 6 months ago
GSA_kwCzR0hTQS13ZjVwLWc2dnctcmh4eM4AA2_y
Axios Cross-Site Request Forgery VulnerabilityEcosystems: npm
Packages: axios
Source: GitHub Advisory Database
Blast Radius: 36.8
Published: 6 months ago
Moderate
Ecosystems: rubygems
Packages: rack
Source: GitHub Advisory Database
Blast Radius: 36.7
Published: over 5 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTVyMnAtajQ3aC1taHBn
Rack vulnerable to Cross-site ScriptingEcosystems: rubygems
Packages: rack
Source: GitHub Advisory Database
Blast Radius: 36.7
Published: over 5 years ago
Moderate
Ecosystems: npm
Packages: karma
Source: GitHub Advisory Database
Blast Radius: 36.6
Published: about 2 years ago
GSA_kwCzR0hTQS03eDdjLXFtNDgtcHE5Y80pMQ
Cross-site Scripting in karmaEcosystems: npm
Packages: karma
Source: GitHub Advisory Database
Blast Radius: 36.6
Published: about 2 years ago
Moderate
Ecosystems: npm
Packages: @xmldom/xmldom, xmldom
Source: GitHub Advisory Database
Blast Radius: 36.6
Published: almost 3 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTVmZzgtMjU0Ny1tcjhx
Misinterpretation of malicious XML inputEcosystems: npm
Packages: @xmldom/xmldom, xmldom
Source: GitHub Advisory Database
Blast Radius: 36.6
Published: almost 3 years ago
Moderate
Ecosystems: pypi
Packages: urllib3
Source: GitHub Advisory Database
Blast Radius: 36.6
Published: about 3 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTVwaGYtcHA3cC12YzJy
Using default SSLContext for HTTPS requests in an HTTPS proxy doesn't verify certificate hostname for proxy connectionEcosystems: pypi
Packages: urllib3
Source: GitHub Advisory Database
Blast Radius: 36.6
Published: about 3 years ago
Moderate
Ecosystems: pypi
Packages: urllib3
Source: GitHub Advisory Database
Blast Radius: 36.6
Published: almost 3 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXdxdnEtNW04Yy02ZzI0
CRLF injection in urllib3Ecosystems: pypi
Packages: urllib3
Source: GitHub Advisory Database
Blast Radius: 36.6
Published: almost 3 years ago
Moderate
Ecosystems: go
Packages: golang.org/x/text
Source: GitHub Advisory Database
Blast Radius: 36.5
Published: almost 3 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTVyY3YtbTRtMy1oZmg3
golang.org/x/text Infinite loopEcosystems: go
Packages: golang.org/x/text
Source: GitHub Advisory Database
Blast Radius: 36.5
Published: almost 3 years ago
Moderate
Ecosystems: packagist, npm
Packages: ckeditor/ckeditor, ckeditor4
Source: GitHub Advisory Database
Blast Radius: 36.5
Published: 3 months ago
GSA_kwCzR0hTQS1mcTZoLTRnOHYtcXF2bc4AA5JK
CKEditor4 Cross-site Scripting vulnerability caused by incorrect CDATA detectionEcosystems: packagist, npm
Packages: ckeditor/ckeditor, ckeditor4
Source: GitHub Advisory Database
Blast Radius: 36.5
Published: 3 months ago
Moderate
Ecosystems: npm
Packages: webpack-bundle-analyzer
Source: GitHub Advisory Database
Blast Radius: 36.5
Published: almost 5 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXBncjgtamc2aC04Z3c2
Cross-Site Scripting in webpack-bundle-analyzerEcosystems: npm
Packages: webpack-bundle-analyzer
Source: GitHub Advisory Database
Blast Radius: 36.5
Published: almost 5 years ago
Moderate
Ecosystems: rubygems
Packages: puma
Source: GitHub Advisory Database
Blast Radius: 36.4
Published: about 4 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTg0ajctNDc1cC1ocDh2
HTTP Response Splitting in PumaEcosystems: rubygems
Packages: puma
Source: GitHub Advisory Database
Blast Radius: 36.4
Published: about 4 years ago
Moderate
Ecosystems: rubygems
Packages: puma
Source: GitHub Advisory Database
Blast Radius: 36.4
Published: about 4 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTMzdmYtNHhnZy05cjU4
HTTP Response Splitting (Early Hints) in PumaEcosystems: rubygems
Packages: puma
Source: GitHub Advisory Database
Blast Radius: 36.4
Published: about 4 years ago
Moderate
Ecosystems: rubygems
Packages: rails, actionpack
Source: GitHub Advisory Database
Blast Radius: 36.3
Published: 2 months ago
GSA_kwCzR0hTQS05ODIyLTZtOTMteHFmNM4AA5jO
Rails has possible XSS Vulnerability in Action ControllerEcosystems: rubygems
Packages: rails, actionpack
Source: GitHub Advisory Database
Blast Radius: 36.3
Published: 2 months ago
Moderate
Ecosystems: rubygems
Packages: actionpack
Source: GitHub Advisory Database
Blast Radius: 36.2
Published: about 3 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTM1bW0tY2M2ci04Zmpw
Cross-site scripting in actionpackEcosystems: rubygems
Packages: actionpack
Source: GitHub Advisory Database
Blast Radius: 36.2
Published: about 3 years ago
Moderate
Ecosystems: rubygems
Packages: actionpack
Source: GitHub Advisory Database
Blast Radius: 36.2
Published: about 3 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTg4NzctcHJxNC05eGZ3
Actionpack Open Redirect VulnerabilityEcosystems: rubygems
Packages: actionpack
Source: GitHub Advisory Database
Blast Radius: 36.2
Published: about 3 years ago
Moderate
Ecosystems: rubygems
Packages: actionpack
Source: GitHub Advisory Database
Blast Radius: 36.2
Published: over 1 year ago
GSA_kwCzR0hTQS05NDQ1LTRjcjYtMzM2cs4AAxDx
Open Redirect Vulnerability in Action PackEcosystems: rubygems
Packages: actionpack
Source: GitHub Advisory Database
Blast Radius: 36.2
Published: over 1 year ago
Moderate
Ecosystems: rubygems
Packages: actionpack
Source: GitHub Advisory Database
Blast Radius: 36.2
Published: about 2 years ago
GSA_kwCzR0hTQS1xNThqLWZtdmYtOXJxNs0_jg
Cross site scripting in actionpack RubygemEcosystems: rubygems
Packages: actionpack
Source: GitHub Advisory Database
Blast Radius: 36.2
Published: about 2 years ago
Moderate
Ecosystems: rubygems
Packages: actionpack
Source: GitHub Advisory Database
Blast Radius: 36.2
Published: over 2 years ago
GSA_kwCzR0hTQS1xcGhjLWhmNXEtdjhmY80bRw
actionpack Open Redirect in Host Authorization MiddlewareEcosystems: rubygems
Packages: actionpack
Source: GitHub Advisory Database
Blast Radius: 36.2
Published: over 2 years ago
Moderate
Ecosystems: rubygems
Packages: actionpack
Source: GitHub Advisory Database
Blast Radius: 36.2
Published: about 2 years ago
GSA_kwCzR0hTQS1tbTMzLTV2ZnEtM21tM81BUA
Cross-site Scripting Vulnerability in Action PackEcosystems: rubygems
Packages: actionpack
Source: GitHub Advisory Database
Blast Radius: 36.2
Published: about 2 years ago
Moderate
Ecosystems: rubygems
Packages: actionpack
Source: GitHub Advisory Database
Blast Radius: 36.2
Published: over 2 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJycXctdjI2NS1qZjhj
Open Redirect in ActionPackEcosystems: rubygems
Packages: actionpack
Source: GitHub Advisory Database
Blast Radius: 36.2
Published: over 2 years ago
Moderate
Ecosystems: rubygems
Packages: actionpack
Source: GitHub Advisory Database
Blast Radius: 36.2
Published: almost 3 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTVocTIteGY4OS05anhx
Possible Open Redirect Vulnerability in Action PackEcosystems: rubygems
Packages: actionpack
Source: GitHub Advisory Database
Blast Radius: 36.2
Published: almost 3 years ago
Statistics
Advisories: 18,369
Packages: 8,294
Repositories: 2,453
Ecosystems: 12
Packages: 8,294
Repositories: 2,453
Ecosystems: 12
Filter by Severity
Filter by Ecosystem
Filter by Package
moodle/moodle
247
tensorflow
207
tensorflow-cpu
191
tensorflow-gpu
190
org.jenkins-ci.main:jenkins-core
114
magento/community-edition
96
org.apache.tomcat:tomcat
92
pimcore/pimcore
86
typo3/cms
66
microweber/microweber
62
django
54
dolibarr/dolibarr
53
apache-airflow
52
typo3/cms-core
51
phpmyadmin/phpmyadmin
50
thorsten/phpmyfaq
45
actionpack
42
github.com/usememos/memos
42
apache-superset
39
drupal/core
36
plone
35
concrete5/concrete5
34
showdoc/showdoc
34
librenms/librenms
32
org.keycloak:keycloak-core
31
ansible
31
github.com/mattermost/mattermost-server/v6
30
drupal/drupal
28
Plone
28
symfony/symfony
27
github.com/mattermost/mattermost/server/v8
27
intelliants/subrion
27
craftcms/cms
26
com.liferay.portal:release.portal.bom
25
silverstripe/framework
25
snipe/snipe-it
24
org.elasticsearch:elasticsearch
24
github.com/grafana/grafana
23
baserproject/basercms
22
github.com/answerdev/answer
21
org.apache.struts:struts2-core
20
k8s.io/kubernetes
20
grumpydictator/firefly-iii
19
froxlor/froxlor
18
shopware/shopware
18
shopware/platform
18
remdex/livehelperchat
18
matrix-synapse
18
nilsteampassnet/teampass
18
rdiffweb
18
getkirby/cms
17
org.apache.tomcat.embed:tomcat-embed-core
16
moin
16
vyper
15
github.com/argoproj/argo-cd/v2
15
yetiforce/yetiforce-crm
14
salt
14
nokogiri
14
prestashop/prestashop
14
puppet
14
nova
13
org.keycloak:keycloak-services
13
shopware/core
13
org.xwiki.platform:xwiki-platform-oldcore
13
forkcms/forkcms
13
io.undertow:undertow-core
13
Pillow
13
com.jfinal:jfinal
13
mautic/core
13
github.com/goharbor/harbor
12
Django
12
org.apache.solr:solr-core
12
tribalsystems/zenario
12
github.com/hashicorp/vault
12
com.thoughtworks.xstream:xstream
12
github.com/hashicorp/consul
12
github.com/docker/docker
12
tinymce
12
org.apache.jspwiki:jspwiki-main
12
lavalite/cms
11
github.com/argoproj/argo-cd
11
pyftpdlib
11
github.com/cilium/cilium
11
github.com/hashicorp/nomad
11
getgrav/grav
11
DotNetNuke.Core
11
feehi/feehicms
11
genix/cms
11
neutron
11
org.keycloak:keycloak-parent
11
joplin
10
com.vaadin:vaadin-bom
10
github.com/mattermost/mattermost-server
10
francoisjacquet/rosariosis
10
typo3/cms-backend
10
helm.sh/helm/v3
10
notebook
10
org.apache.jspwiki:jspwiki-war
10
PaddlePaddle
10
ec-cube/ec-cube
10
activesupport
10
org.apache.nifi:nifi
10
fat_free_crm
10
org.springframework:spring-core
10
org.springframework.security:spring-security-core
10
contao/core-bundle
10
rack
10
@openzeppelin/contracts-upgradeable
10
wallabag/wallabag
10
org.eclipse.jetty:jetty-server
10
github.com/containerd/containerd
10
github.com/greenpau/caddy-security
10
@openzeppelin/contracts
10
github.com/ethereum/go-ethereum
10
publify_core
9
cakephp/cakephp
9
directus
9
TinyMCE
9
tinymce/tinymce
9
bolt/bolt
9
org.jenkins-ci.plugins:git
9
ghost
9
org.jenkins-ci.plugins:script-security
9
org.igniterealtime.openfire:parent
9
glance
9
jquery-rails
9
zendframework/zendframework1
9
gogs.io/gogs
9
swagger-ui
9
org.mortbay.jetty:jetty
9
org.opencrx:opencrx-core-models
9
code.gitea.io/gitea
9
rubygems-update
9
ckeditor4
9
angular
9
org.apache.archiva:archiva
8
Microsoft.ChakraCore
8
contao/contao
8
roundup
8
bootstrap
8
rails-html-sanitizer
8
github.com/openfga/openfga
8
opencv-python
8
impresscms/impresscms
8
actionview
8
simplesamlphp/simplesamlphp
8
opencv-contrib-python
8
editor.md
8
silverstripe/cms
8
rails
8
electron
8
centreon/centreon
8
org.opencms:opencms-core
8
github.com/kubeedge/kubeedge
8
org.webjars.npm:jquery
8
jquery
8
wasmtime
8
org.bouncycastle:bcprov-jdk14
8
org.jenkins-ci.plugins:electricflow
8
org.apache.activemq:activemq-client
8
vantage6
7
silverstripe/admin
7
pyload-ng
7
trytond
7
validator
7
org.apache.james:james-server
7
phpbb/phpbb
7
OctoPrint
7
wagtail
7
kevinpapst/kimai2
7
next
7
github.com/moby/moby
7
org.bouncycastle:bcprov-jdk15on
7
org.jenkins-ci.plugins:config-file-provider
7
org.jenkins-ci.plugins:subversion
7
modoboa
7
org.jenkins-ci.plugins:email-ext
7
org.bouncycastle:bcprov-jdk15
7
org.apache.santuario:xmlsec
7
admidio/admidio
7
aiohttp
7
io.jenkins.blueocean:blueocean
7
io.jenkins:configuration-as-code
7
phpmyfaq/phpmyfaq
7
org.apache.cxf:cxf-core
7
org.owasp.antisamy:antisamy
7
com.vaadin:flow-server
7
keystone
7
jquery-ui
7
jQuery
7
github.com/google/fscrypt
7
org.opennms:opennms
7
jquery-ui-rails
7
sylius/sylius
7
activerecord
7
jQuery.UI.Combined
7
pillow
7
org.webjars.npm:jquery-ui
7
url-parse
6
sanitize-html
6
Filter by Repository
https://github.com/tensorflow/tensorflow
207
https://github.com/moodle/moodle
164
https://github.com/jenkinsci/jenkins
90
https://github.com/pimcore/pimcore
83
https://github.com/microweber/microweber
58
https://github.com/apache/tomcat
53
https://github.com/apache/airflow
51
https://github.com/thorsten/phpmyfaq
45
https://github.com/django/django
43
https://github.com/usememos/memos
42
https://github.com/xwiki/xwiki-platform
38
https://github.com/rails/rails
33
https://github.com/TYPO3/typo3
32
https://github.com/kubernetes/kubernetes
32
https://github.com/star7th/showdoc
32
https://github.com/librenms/librenms
30
https://github.com/plone/Products.CMFPlone
29
https://github.com/keycloak/keycloak
27
https://github.com/ansible/ansible
26
https://github.com/symfony/symfony
22
https://github.com/phpmyadmin/phpmyadmin
22
https://github.com/spring-projects/spring-framework
21
https://github.com/Dolibarr/dolibarr
21
https://github.com/answerdev/answer
21
https://github.com/craftcms/cms
21
https://github.com/snipe/snipe-it
20
https://github.com/apache/activemq
19
https://github.com/argoproj/argo-cd
19
https://github.com/concretecms/concretecms
19
https://github.com/firefly-iii/firefly-iii
19
https://github.com/livehelperchat/livehelperchat
18
https://github.com/python-pillow/Pillow
18
https://github.com/grafana/grafana
18
https://github.com/ikus060/rdiffweb
18
https://github.com/shopware/platform
17
https://github.com/matrix-org/synapse
17
https://github.com/apache/struts
17
https://github.com/magento/magento2
16
https://github.com/shopware/shopware
16
https://github.com/CVEProject/cvelist
15
https://github.com/vyperlang/vyper
15
https://github.com/OpenNMS/opennms
14
https://github.com/yetiforcecompany/yetiforcecrm
14
https://github.com/TYPO3/TYPO3.CMS
14
https://github.com/froxlor/froxlor
14
https://github.com/PaddlePaddle/Paddle
14
https://github.com/go-gitea/gitea
13
https://github.com/x-stream/xstream
13
https://github.com/mautic/mautic
13
https://github.com/getkirby/kirby
13
https://github.com/octobercms/october
13
https://github.com/netty/netty
12
https://github.com/goharbor/harbor
12
https://github.com/apache/cxf
12
https://github.com/tinymce/tinymce
12
https://github.com/intelliants/subrion
11
https://github.com/contao/contao
11
https://github.com/forkcms/forkcms
11
https://github.com/PrestaShop/PrestaShop
11
https://github.com/cilium/cilium
11
https://github.com/silverstripe/silverstripe-framework
11
https://github.com/nilsteampassnet/TeamPass
10
https://github.com/containerd/containerd
10
https://github.com/moby/moby
10
https://github.com/vaadin/platform
10
https://github.com/ethereum/go-ethereum
10
https://github.com/laurent22/joplin
10
https://github.com/greenpau/caddy-security
10
https://github.com/saltstack/salt
10
https://github.com/helm/helm
10
https://github.com/baserproject/basercms
10
https://github.com/mattermost/mattermost
10
https://github.com/jquery/jquery
10
https://github.com/liufee/cms
10
https://github.com/OpenZeppelin/openzeppelin-contracts
10
https://github.com/strapi/strapi
9
https://github.com/fatfreecrm/fat_free_crm
9
https://github.com/publify/publify
9
https://github.com/apache/nifi
9
https://github.com/sparklemotion/nokogiri
9
https://github.com/github/advisory-database
9
https://github.com/geoserver/geoserver
9
https://github.com/jenkinsci/git-plugin
9
https://github.com/puppetlabs/puppet
9
https://github.com/electron/electron
9
https://github.com/kubeedge/kubeedge
8
https://github.com/directus/directus
8
https://github.com/jupyter/notebook
8
https://github.com/hashicorp/consul
8
https://github.com/openfga/openfga
8
https://github.com/LavaLite/cms
8
https://github.com/wallabag/wallabag
8
https://github.com/nilsteampassnet/teampass
8
https://github.com/getgrav/grav
8
https://github.com/TryGhost/Ghost
8
https://github.com/bcgit/bc-java
8
https://github.com/rails/rails-html-sanitizer
8
https://github.com/bytecodealliance/wasmtime
8
https://github.com/rack/rack
8
https://github.com/eclipse/jetty.project
8
https://github.com/ckeditor/ckeditor4
8
https://github.com/pandao/editor.md
8
https://github.com/swagger-api/swagger-ui
8
https://github.com/rubygems/rubygems
8
https://github.com/apache/zeppelin
7
https://github.com/pyload/pyload
7
https://github.com/thorsten/phpMyFAQ
7
https://github.com/twbs/bootstrap
7
https://github.com/aio-libs/aiohttp
7
https://github.com/dolibarr/dolibarr
7
https://github.com/kevinpapst/kimai2
7
https://github.com/opencv/opencv
7
https://github.com/hashicorp/vault
7
https://github.com/giampaolo/pyftpdlib
7
https://github.com/jeecgboot/jeecg-boot
7
https://github.com/gogs/gogs
7
https://github.com/jenkinsci/blueocean-plugin
7
https://github.com/vaadin/flow
7
https://github.com/modoboa/modoboa
7
https://github.com/traefik/traefik
7
https://github.com/google/fscrypt
7
https://github.com/nahsra/antisamy
7
https://github.com/wagtail/wagtail
7
https://github.com/chakra-core/ChakraCore
7
https://github.com/vantage6/vantage6
7
https://github.com/opensearch-project/security
6
https://github.com/cui2shark/security
6
https://github.com/parse-community/parse-server
6
https://github.com/oroinc/orocommerce
6
https://github.com/containers/podman
6
https://github.com/d4wner/Vulnerabilities-Report
6
https://github.com/dompdf/dompdf
6
https://github.com/jenkinsci/script-security-plugin
6
https://github.com/croogo/croogo
6
https://github.com/opencast/opencast
6
https://github.com/ipython/ipython
6
https://github.com/1Panel-dev/1Panel
6
https://github.com/cosmos/cosmos-sdk
6
https://github.com/jenkinsci/configuration-as-code-plugin
6
https://github.com/jquery/jquery-ui
6
https://github.com/pimcore/admin-ui-classic-bundle
6
https://github.com/jenkinsci/config-file-provider-plugin
6
https://github.com/neorazorx/facturascripts
6
https://github.com/simplesamlphp/simplesamlphp
6
https://github.com/urllib3/urllib3
6
https://github.com/pimcore/customer-data-framework
6
https://github.com/panva/jose
6
https://github.com/dotnet/runtime
6
https://github.com/igniterealtime/Openfire
6
https://github.com/onionshare/onionshare
6
https://github.com/jenkinsci/fortify-on-demand-uploader-plugin
6
https://github.com/umbraco/Umbraco-CMS
6
https://github.com/cubefs/cubefs
6
https://github.com/backstage/backstage
6
https://github.com/cloudflare/cfrpki
6
https://github.com/vercel/next.js
5
https://github.com/lxml/lxml
5
https://github.com/vapor/vapor
5
https://github.com/hyperium/hyper
5
https://github.com/Sylius/Sylius
5
https://github.com/kivikakk/comrak
5
https://github.com/jenkinsci/codedx-plugin
5
https://github.com/apache/kylin
5
https://github.com/zitadel/zitadel
5
https://github.com/nodejs/undici
5
https://github.com/bolt/bolt
5
https://github.com/quarkusio/quarkus
5
https://bitbucket.org/snakeyaml/snakeyaml
5
https://github.com/OctoPrint/OctoPrint
5
https://github.com/yiisoft/yii2
5
https://github.com/cri-o/cri-o
5
https://github.com/rancher/rancher
5
https://github.com/sulu/sulu
5
https://github.com/Amanieu/parking_lot
5
https://github.com/apache/lucene-solr
5
https://github.com/lief-project/LIEF
5
https://github.com/unshiftio/url-parse
5
https://github.com/apache/tika
5
https://github.com/paritytech/frontier
5
https://github.com/etcd-io/etcd
5
https://github.com/puma/puma
5
https://github.com/hashicorp/nomad
5
https://github.com/NodeBB/NodeBB
5
https://github.com/cloudfoundry/uaa
5
https://github.com/admidio/admidio
5
https://github.com/numpy/numpy
5
https://github.com/semplon/GeniXCMS
5
https://github.com/centreon/centreon-archived
5
https://github.com/jenkinsci/subversion-plugin
5
https://github.com/alextselegidis/easyappointments
5
https://github.com/xuxueli/xxl-job
5
https://github.com/pmmp/PocketMine-MP
5
https://github.com/nervosnetwork/ckb
5
https://github.com/cakephp/cakephp
5
https://github.com/opencontainers/runc
5
https://github.com/evershopcommerce/evershop
5
https://github.com/undertow-io/undertow
5
https://github.com/jenkinsci/electricflow-plugin
5
https://github.com/openstack/keystone
5