Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories

Loading...
Moderate
GSA_kwCzR0hTQS01ZjJyLXFwNzMtMzdtcs0ovg
`CHECK`-failures during Grappler's `SafeToRemoveIdentity` in Tensorflow
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 31.6
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS04ZjI1LXc3cWotcjdoY84AA6i3
Temporal UI Server cross-site scripting vulnerability
Ecosystems: go
Packages: github.com/temporalio/ui-server/v2
Source: GitHub Advisory Database
Blast Radius: 1.3
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS14N21mLXdyaDktcjc2Y84AA6Gj
XSS via the "Snapshot Test" feature in Classic Webcam plugin settings
Ecosystems: pypi
Packages: OctoPrint
Source: GitHub Advisory Database
Blast Radius: 3.1
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS00ODdwLXF4NjgtNXZqd84AA4Jl
Hail relies on OIDC email claims to verify the validity of a user's domain.
Ecosystems: pypi
Packages: hail
Source: GitHub Advisory Database
Blast Radius: 8.7
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS02OTY3LTl2dnYtNGNtbc4AARcj
Exposure of Sensitive Information to an Unauthorized Actor in Jenkins
Ecosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1wd2g3LTkyaDMtbXFyNs4AASTH
Exposure of Sensitive Information to an Unauthorized Actor in Oracle MySQL Connectors Java
Ecosystems: maven
Packages: mysql:mysql-connector-java
Source: GitHub Advisory Database
Blast Radius: 36.8
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS0yOHdnLThndjQtbXBqZs4AA3uz
Broken access control in Silverpeas
Ecosystems: maven
Packages: org.silverpeas.core:silverpeas-core-web
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS04OGo0LXBjeDgtcTRxM84AA3q_
Password Change Vulnerability
Ecosystems: npm
Packages: uptime-kuma
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS0ycXY1LTdtdzUtajNjZ84AAyhH
spin-rs initialisation failure in `Once::try_call_once` can lead to undefined behaviour for other initialisers
Ecosystems: cargo
Packages: spin
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS12ODRnLWNmNWoteGpxeM0poQ
Path Traversal in Apache James Server
Ecosystems: maven
Packages: org.apache.james:james-server
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS13cXY0LTlncjMtM3FnaM4AATfl
Exposure of Sensitive Information to an Unauthorized Actor in Jenkins
Ecosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1jcDd2LXZtdjctNngycc4AARke
Incorrect Authorization in Undertow
Ecosystems: maven
Packages: io.undertow:undertow-core
Source: GitHub Advisory Database
Blast Radius: 22.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS04ZjI0LTZtMjktd20ycs4AA4ih
use-after-free in tracing
Ecosystems: cargo
Packages: tracing
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS1wd3Y2LTg3MmMtZ2NnNs4AARck
Cross-Site Request Forgery in Jenkins
Ecosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1yM2dxLXd4cWYtcTRnaM0qQA
Cross-site Scripting in Gitea
Ecosystems: go
Packages: github.com/go-gitea/gitea
Source: GitHub Advisory Database
Blast Radius: 9.8
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1jOTY1LXAzdzQtODM1Y84AAs71
Cross-Site Request Forgery in Jenkins vRealize Orchestrator Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:vmware-vrealize-orchestrator
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS00NDY2LThqbTQtNDQ4cM4AAXaQ
Deserialization of Untrusted Data in Jenkins
Ecosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS0zcnE1LTJnOGgtNTloY84AA67c
Potential DoS via the Tudoor mechanism in eventlet and dnspython
Ecosystems: pypi
Packages: dnspython, eventlet
Source: GitHub Advisory Database
Blast Radius: 27.5
Published: 22 days ago
Moderate
GSA_kwCzR0hTQS02bXBwLWNtM3YtMjN2ds4AAoy5
Missing permission check in Jenkins XebiaLabs XL Deploy Plugin allows capturing credentials
Ecosystems: maven
Packages: com.xebialabs.deployit.ci:deployit-plugin
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS0yamhtLXFwNDgtaHY1as0p2A
Missing authorization in xwiki-platform
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-oldcore
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1qNTV3LWhqcGotODI1Z84AA6y6
Contao: Insufficient BBCode sanitizer
Ecosystems: packagist
Packages: contao/comments-bundle
Source: GitHub Advisory Database
Blast Radius: 5.9
Published: 24 days ago
Moderate
GSA_kwCzR0hTQS03cjRoLTJoMjMtNmpxOc3z7g
Incorrect Authorization in Jenkins
Ecosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1tcXIyLXc3d2otampncs4AA62q
mysql2 cache poisoning vulnerability
Ecosystems: npm
Packages: mysql2
Source: GitHub Advisory Database
Blast Radius: 33.2
Published: 23 days ago
Moderate
GSA_kwCzR0hTQS02MjdxLWcyOTMtNDlxN80ovQ
Abort caused by allocating a vector that is too large in Tensorflow
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 31.6
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS05bWc0LXYzOTItOGo2OM4AA6IR
erlang-jose vulnerable to denial of service via large p2c value
Ecosystems: hex
Packages: jose
Source: GitHub Advisory Database
Blast Radius: 16.5
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS1mcTg2LTNmMjktcHgyY80ovA
`CHECK`-failures during Grappler's `IsSimplifiableReshape` in Tensorflow
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 31.6
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS12NnEyLTRxcjMtNWN3Ns4AA6Gm
Unencrypted traffic between nodes when using WireGuard and L7 policies
Ecosystems: go
Packages: github.com/cilium/cilium
Source: GitHub Advisory Database
Blast Radius: 12.3
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS1yMzQ2LXJtcmctcXBnaM4AAbrp
Improper Neutralization of Input During Web Page Generation in RESTEasy
Ecosystems: maven
Packages: org.jboss.resteasy:resteasy-client
Source: GitHub Advisory Database
Blast Radius: 23.2
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS02NXY4LTZwdnctand2cc4AAyq3
Answer vulnerable to Insertion of Sensitive Information Into Sent Data
Ecosystems: go
Packages: github.com/answerdev/answer
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1qODloLXFydnIteGMzNs4AA6Gl
Unencrypted traffic between nodes when using IPsec and L7 policies
Ecosystems: go
Packages: github.com/cilium/cilium
Source: GitHub Advisory Database
Blast Radius: 12.3
Published: about 2 months ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJteGctNzNnZy00cDk4
Cross-Site Scripting (XSS) in jquery
Ecosystems: maven, rubygems, npm, nuget
Packages: org.webjars.npm:jquery, jquery-rails, jquery, jQuery
Source: GitHub Advisory Database
Blast Radius: 104.9
Published: over 6 years ago
Moderate
GSA_kwCzR0hTQS1mY3BtLWhjaGotbWg3Ms4AA6JM
GeoServer's WMS OpenLayers Format vulnerable to Stored Cross-Site Scripting (XSS)
Ecosystems: maven
Packages: org.geoserver:gs-wms
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS00aDVoLXAyM2YtaGpxZs4AA6Lz
SQL injection in Folio Spring Module Core
Ecosystems: maven
Packages: org.folio:spring-module-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 month ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJmNmctdzVnai1jOTNo
Prototype Pollution in iniparserjs
Ecosystems: npm
Packages: iniparserjs
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 3 years ago
Moderate
GSA_kwCzR0hTQS1wd3dtLXB3eDItMmh3N80s5A
Generation of Error Message Containing Sensitive Information in Snipe-IT
Ecosystems: packagist
Packages: snipe/snipe-it
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1mbXZtLXg4bXYtNDdtas0s0Q
Improper CSP in Image Optimization API for Next.js versions between 10.0.0 and 12.1.0
Ecosystems: npm
Packages: next
Source: GitHub Advisory Database
Blast Radius: 32.7
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS02Y3A3LWc5NzItdzltOc0wjA
Use of a Key Past its Expiration Date and Insufficient Session Expiration in Maddy Mail Server
Ecosystems: go
Packages: github.com/foxcpp/maddy
Source: GitHub Advisory Database
Blast Radius: 1.9
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS00d2o3LXJoNWgtNXFtcs4AAhRC
Jenkins Dependency Graph Viewer Plugin contains Cross-site Scripting
Ecosystems: maven
Packages: org.jenkins-ci.plugins:depgraph-view
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS02anA2LTlyZjktZ2M2Ns0u1Q
Cross-site Scripting in Weblate
Ecosystems: pypi
Packages: Weblate
Source: GitHub Advisory Database
Blast Radius: 1.6
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS14OXJxLTloNDQtZjg0ds4AAk1J
Stored XSS vulnerability in Jenkins ECharts API Plugin
Ecosystems: maven
Packages: io.jenkins.plugins:echarts-api
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS12Y2MzLXJ3NmYtanY5N84AA6Gq
Use-after-free in libxml2 via Nokogiri::XML::Reader
Ecosystems: rubygems
Packages: nokogiri
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS1td3ZoLXAzaHgteDRnZ84AA6LK
Ibexa Kernel's files with blacklisted extensions can be still saved to drafts
Ecosystems: packagist
Packages: ezsystems/ezplatform-kernel
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS1jZ3JqLXhqbTctOXEyN84AAtA6
Open redirect in web2py
Ecosystems: pypi
Packages: web2py
Source: GitHub Advisory Database
Blast Radius: 8.1
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1mcXg4LXYzM3AtNHFjY80rtQ
Cross-site Scripting in enshrined/svg-sanitize
Ecosystems: packagist
Packages: enshrined/svg-sanitize
Source: GitHub Advisory Database
Blast Radius: 19.9
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS00OWo0LTg2bTgtcTJqd84AA62p
mysql2 vulnerable to Prototype Poisoning
Ecosystems: npm
Packages: mysql2
Source: GitHub Advisory Database
Blast Radius: 33.2
Published: 23 days ago
Moderate
GSA_kwCzR0hTQS1tcTM5LTRndjQtbXZweM4AA6LH
Moby's external DNS requests from 'internal' networks could lead to data exfiltration
Ecosystems: go
Packages: github.com/docker/docker
Source: GitHub Advisory Database
Blast Radius: 27.2
Published: about 1 month ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTdweDctN3hqeC1oeG04
Marked vulnerable to XSS from data URIs
Ecosystems: npm
Packages: marked
Source: GitHub Advisory Database
Blast Radius: 34.6
Published: over 6 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWdqeHctNXcycS03Z3Jm
Rails activerecord gem has Improper Input Validation vulnerability
Ecosystems: rubygems
Packages: activerecord
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 6 years ago
Moderate
GSA_kwCzR0hTQS05cmo5LTV3Y3YteGdmMs3JYg
Roundup Improper Access Control
Ecosystems: pypi
Packages: Roundup
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS05bWg4LTlqNjQtNDQzZs4AA0RO
HashiCorp Vault's revocation list not respected
Ecosystems: go
Packages: github.com/hashicorp/vault
Source: GitHub Advisory Database
Blast Radius: 17.8
Published: 10 months ago
Moderate
GSA_kwCzR0hTQS01eDg5LTc1cjctOHJqaM4AAkK2
XSS vulnerability in Jenkins useMango Runner Plugin
Ecosystems: maven
Packages: it.infuse.jenkins:usemango-runner
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTNwOTQtdmo5Ny1mbTRx
OS Command Injection in fsa
Ecosystems: npm
Packages: fsa
Source: GitHub Advisory Database
Blast Radius: 15.3
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS14Z21tLTN2dnItNmM4as4AA1rU
Index out of bounds leading to crash
Ecosystems: go
Packages: simonwaldherr.de/go/zplgfa
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 8 months ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWM4d2gtNmp3NC0yaDc5
Potential unauthorized access to stored request & session data when plugin is misconfigured in October CMS Debugbar
Ecosystems: packagist
Packages: rainlab/debugbar-plugin
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 4 years ago
Moderate
GSA_kwCzR0hTQS1nanE0LTY5d2otcDZwcs0uLA
Path traversal in pimcore
Ecosystems: packagist
Packages: pimcore/pimcore
Source: GitHub Advisory Database
Blast Radius: 16.2
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1tajZtLTI0NmgtOXc1Ns0vhQ
Improper regex in htaccess file
Ecosystems: packagist
Packages: mautic/core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS03ODR4LTd3ODgtdzU2NM4AAz7L
JeecgBoot vulnerable to SQL injection in queryTableDictItemsByCode
Ecosystems: maven
Packages: org.jeecgframework.boot:jeecg-boot-parent
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 11 months ago
Moderate
GSA_kwCzR0hTQS1qdjY0LTJtM3gtNnY0cc1RHw
Subrion CMS Cross-site Scripting (XSS) vulnerability in the `contact us` plugin
Ecosystems: packagist
Packages: intelliants/subrion
Source: GitHub Advisory Database
Blast Radius: 2.9
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS05cDhqLWhyZ2YtamMyZ84AAwdQ
Apache Zeppelin Cross-site Scripting vulnerability
Ecosystems: maven
Packages: org.apache.zeppelin:zeppelin
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW00NWctZjQ1eC12djIy
Improper input validation in CNCF Cortex
Ecosystems: go
Packages: github.com/cortexproject/cortex
Source: GitHub Advisory Database
Blast Radius: 15.3
Published: almost 3 years ago
Moderate
GSA_kwCzR0hTQS1qMzR2LTM1NTItNXI3as0vhA
Multiple security issues in Pomerium's embedded envoy
Ecosystems: go
Packages: github.com/pomerium/pomerium
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS00cDkyLWZ2NnYtZmhmas0vMA
Cross-site Scripting in microweber
Ecosystems: packagist
Packages: microweber/microweber
Source: GitHub Advisory Database
Blast Radius: 3.8
Published: about 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTg5OGotNWNjOC1jbWY1
ZipSlip in org.apache.storm:storm-core
Ecosystems: maven
Packages: org.apache.storm:storm-core
Source: GitHub Advisory Database
Blast Radius: 17.8
Published: over 5 years ago
Moderate
GSA_kwCzR0hTQS02NjIzLWM2bXItNjczN84AA6vz
Apache Zeppelin: Denial of service with invalid notebook name
Ecosystems: maven
Packages: org.apache.zeppelin:zeppelin-server
Source: GitHub Advisory Database
Blast Radius: 9.2
Published: 24 days ago
Moderate
GSA_kwCzR0hTQS00ajJwLXg3OW0tamNqOM4AAyo8
XXL-JOB vulnerable to Cross-site Scripting
Ecosystems: maven
Packages: com.xuxueli:xxl-job
Source: GitHub Advisory Database
Blast Radius: 4.3
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS03eDc2LTU3ZnItbTVyNc4AA6JN
GeoServer's MapML HTML Page vulnerable to Stored Cross-Site Scripting (XSS)
Ecosystems: maven
Packages: org.geoserver.extension:gs-mapml
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS1qOGM3LWZtODUtNmpqNs4AAiIo
Jenkins Call Remote Job Plugin has Insufficiently Protected Credentials
Ecosystems: maven
Packages: org.ukiuni.callOtherJenkins:call-remote-job-plugin
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS00Njg1LTJ4NXItNjVwas4AA6qH
Pebble service manager's file pull API allows access by any user
Ecosystems: go
Packages: github.com/canonical/pebble
Source: GitHub Advisory Database
Blast Radius: 8.2
Published: 28 days ago
Moderate
GSA_kwCzR0hTQS14NHg1LWp2M3gtOWM3bc4AA6LF
`qiskit_ibm_runtime.RuntimeDecoder` can execute arbitrary code
Ecosystems: pypi
Packages: qiskit-ibm-runtime
Source: GitHub Advisory Database
Blast Radius: 5.9
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS1mZzl2LTU2aHctZzUyNc4AA6JK
GeoServer's Simple SVG Renderer vulnerable to Stored Cross-Site Scripting (XSS)
Ecosystems: maven
Packages: org.geoserver:gs-wms
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS02OHZyLThmNDYtdmM5Zs0kfA
Username spoofing in OnionShare
Ecosystems: pypi
Packages: onionshare-cli
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1tajM1LTJyZ2YtY3Y4cM4AA6l2
OpenID Connect client Atom Exhaustion in provider configuration worker ets table location
Ecosystems: hex
Packages: oidcc
Source: GitHub Advisory Database
Blast Radius: 1.6
Published: 30 days ago
Moderate
GSA_kwCzR0hTQS03NW01LWhoNHItcTlneM4AA6JI
GeoServer Arbitrary file renaming vulnerability in REST Coverage/Data Store API
Ecosystems: maven
Packages: org.geoserver:gs-restconfig
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS1yeHZ4LTl3ZzUtcXB3d84AAiYz
Jenkins iceScrum Plugin vulnerable to Cross-site Request Forgery
Ecosystems: maven
Packages: org.jenkins-ci.plugins:icescrum
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS14cjM3LXBqZmgtcXd3Y84AAjcY
Fortify Plugin stored credentials in plain text
Ecosystems: maven
Packages: org.jenkins-ci.plugins:fortify
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS13NGY4LWZ4cTItajM1ds0vfw
Possible privilege escalation via bash completion script
Ecosystems: go
Packages: github.com/google/fscrypt
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS0zODljLWNmODctcW13as4AA6HZ
Cross-site Scripting in livewire/livewire
Ecosystems: packagist
Packages: livewire/livewire
Source: GitHub Advisory Database
Blast Radius: 26.0
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS1qODc0LTQ3eHgtOXhmZ84AAv6K
Missing permission check in Jenkins Delete log Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:delete-log-plugin
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1nbTY3LWg1d3ItdzNjds4AA0Ts
Apache Zeppelin Improper Input Validation vulnerability
Ecosystems: maven
Packages: org.apache.zeppelin:zeppelin
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 10 months ago
Moderate
GSA_kwCzR0hTQS0yNGg4LWNwcW0tcW1mM84AAs7v
Cross-Site Request Forgery in Jenkins Convertigo Mobile Platform Plugin
Ecosystems: maven
Packages: com.convertigo.jenkins.plugins:convertigo-mobile-platform
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS04dmpwLWhmZ2gtNjhyas4AAwXa
FeehiCMS Cross Site Scripting vulnerability
Ecosystems: packagist
Packages: feehi/feehicms
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS13eGpnLXA1OWotNmM5Ms0vCQ
Command injection in github.com/google/fscrypt
Ecosystems: go
Packages: github.com/google/fscrypt
Source: GitHub Advisory Database
Blast Radius: 7.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS05ajM5LTQ2ODYtbTNjNM4AA6LL
Ibexa Kernel's files with blacklisted extensions can be still saved to drafts
Ecosystems: packagist
Packages: ibexa/core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 month ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWh3Y2YtcHA4Ny03eDZw
mde ejs vulnerable to XSS
Ecosystems: npm
Packages: ejs
Source: GitHub Advisory Database
Blast Radius: 37.7
Published: over 6 years ago
Moderate
GSA_kwCzR0hTQS1wd2gzLTNwY20tNnZqaM4AAwXN
FeehiCMS vulnerable to Cross Site Scripting
Ecosystems: packagist
Packages: feehi/feehicms
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS0yNTJoLTJjbXEtcG1yNs4AAwXI
easywebpack-cli Path Traversal vulnerability
Ecosystems: npm
Packages: @easy-team/easywebpack-cli
Source: GitHub Advisory Database
Blast Radius: 6.2
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS03N3ZxLTRqNjYtNDZtNc4AAs7z
Missing permission check in Jenkins ThreadFix Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:threadfix
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS0zMnhwLW02dmctZ3dwas4AAlk-
Missing permission check in Jenkins Pipeline Maven Integration Plugin allows enumerating credentials IDs
Ecosystems: maven
Packages: org.jenkins-ci.plugins:pipeline-maven
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS04cjI4LXI4Y3AtZzZjcM3vjg
Exposure of Sensitive Information to an Unauthorized Actor in Apache Hadoop
Ecosystems: maven
Packages: org.apache.hadoop:hadoop-common
Source: GitHub Advisory Database
Blast Radius: 23.9
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1qcHA3LTdjaGgtY2Y2N84AAtAo
Cross site scripting in parse-url
Ecosystems: npm
Packages: parse-url
Source: GitHub Advisory Database
Blast Radius: 32.4
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS03M3ByLWc2amotNWhjOc4AAtBO
Externally Controlled Reference to a Resource in Another Sphere in ruby-mysql
Ecosystems: rubygems
Packages: ruby-mysql
Source: GitHub Advisory Database
Blast Radius: 15.8
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1jNThqLTg4ZjUtaDUzZs4AAtG3
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in pycares
Ecosystems: pypi
Packages: pycares
Source: GitHub Advisory Database
Blast Radius: 19.1
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1xNndxLTVwNTktOTgzd84AAtA4
Cross site scripting in parse-url
Ecosystems: npm
Packages: parse-url
Source: GitHub Advisory Database
Blast Radius: 32.4
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1qNTg2LWNqNjctdmc0cM0rQg
Cross-Site Request Forgery in Drupal core
Ecosystems: packagist
Packages: drupal/core
Source: GitHub Advisory Database
Blast Radius: 24.2
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS04OHdjLWZjajktcTNyOc4AA6JO
GeoServer's GWC Demos Page vulnerable to Stored Cross-Site Scripting (XSS)
Ecosystems: maven
Packages: org.geoserver:gs-gwc
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS1tMmhtLWhycjItNnAycc4AAq8b
Cross-site Scripting in Bootstrap-3-Typeahead
Ecosystems: packagist, npm
Packages: bassjobsen/bootstrap-3-typeahead, bootstrap-3-typeahead
Source: GitHub Advisory Database
Blast Radius: 25.0
Published: almost 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTk1Mm0tbTgzYy0zeG02
Open redirect in direct_mail
Ecosystems: packagist
Packages: directmailteam/direct-mail
Source: GitHub Advisory Database
Blast Radius: 2.9
Published: almost 3 years ago
Moderate
GSA_kwCzR0hTQS1majd4LXE5ajctZzZxNs4AA6He
Black vulnerable to Regular Expression Denial of Service (ReDoS)
Ecosystems: pypi
Packages: black
Source: GitHub Advisory Database
Blast Radius: 26.6
Published: about 2 months ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXhnajYtcGdybS14NHIy
gtk2 vulnerable to Use of Externally-Controlled Format String
Ecosystems: rubygems
Packages: gtk2
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 6 years ago
Moderate
GSA_kwCzR0hTQS1od3Z3LWdoMjMtcXB2cc4AA6ix
CA17 TeamsACS Cross Site Scripting vulnerability
Ecosystems: go
Packages: github.com/ca17/teamsacs
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 month ago
Statistics
Advisories: 18,330
Packages: 8,279
Repositories: 5,007
Ecosystems: 12
Filter by Severity
Moderate 7,912 High 6,344 Critical 2,806 Low 981
Filter by Ecosystem
maven 5,520 packagist 3,801 pypi 3,705 npm 3,535 go 1,889 nuget 1,390 rubygems 814 cargo 776 swift 31 hex 30 actions 16 pub 8
Filter by Package
tensorflow 432 tensorflow-cpu 387 tensorflow-gpu 384 moodle/moodle 322 Microsoft.ChakraCore 247 org.jenkins-ci.main:jenkins-core 189 magento/community-edition 182 org.apache.tomcat:tomcat 134 pimcore/pimcore 116 dolibarr/dolibarr 105 typo3/cms 102 phpmyadmin/phpmyadmin 91 microweber/microweber 91 django 80 apache-airflow 78 drupal/core 76 typo3/cms-core 73 thorsten/phpmyfaq 70 com.fasterxml.jackson.core:jackson-databind 69 ansible 63 drupal/drupal 61 github.com/usememos/memos 59 actionpack 57 org.apache.struts:struts2-core 55 librenms/librenms 54 symfony/symfony 53 concrete5/concrete5 52 salt 50 apache-superset 48 shopware/platform 48 org.keycloak:keycloak-core 47 Plone 45 com.liferay.portal:release.portal.bom 45 plone 43 baserproject/basercms 43 nokogiri 42 rdiffweb 42 Pillow 41 craftcms/cms 40 intelliants/subrion 40 showdoc/showdoc 40 vyper 38 github.com/mattermost/mattermost/server/v8 38 nilsteampassnet/teampass 37 org.apache.tomcat.embed:tomcat-embed-core 37 github.com/mattermost/mattermost-server/v6 37 com.jfinal:jfinal 36 com.thoughtworks.xstream:xstream 36 shopware/core 36 froxlor/froxlor 36 net.mingsoft:ms-mcms 35 matrix-synapse 35 org.xwiki.platform:xwiki-platform-oldcore 34 github.com/answerdev/answer 34 org.elasticsearch:elasticsearch 32 k8s.io/kubernetes 32 silverstripe/framework 32 snipe/snipe-it 32 mlflow 31 opencv-python 30 opencv-contrib-python 30 org.jenkins-ci.plugins:script-security 30 mautic/core 29 parse-server 29 github.com/argoproj/argo-cd 29 github.com/grafana/grafana 28 github.com/rancher/rancher 28 github.com/hashicorp/vault 28 org.keycloak:keycloak-services 27 getgrav/grav 27 io.undertow:undertow-core 27 shopware/shopware 27 Django 27 centreon/centreon 27 github.com/hashicorp/nomad 26 openssl-src 26 electron 26 github.com/hashicorp/consul 26 org.keycloak:keycloak-parent 25 org.apache.solr:solr-core 25 rubygems-update 25 magento/core 24 prestashop/prestashop 24 gogs.io/gogs 24 remdex/livehelperchat 23 pocketmine/pocketmine-mp 23 puppet 23 moin 23 org.eclipse.jetty:jetty-server 23 org.springframework.security:spring-security-core 23 github.com/argoproj/argo-cd/v2 23 rack 22 getkirby/cms 22 ckb 22 org.apache.nifi:nifi 22 grumpydictator/firefly-iii 22 org.apache.openmeetings:openmeetings-parent 21 @openzeppelin/contracts-upgradeable 21 contao/core-bundle 21 activerecord 21 org.cloudfoundry.identity:cloudfoundry-identity-server 20 @openzeppelin/contracts 20 github.com/cilium/cilium 20 github.com/ethereum/go-ethereum 19 code.gitea.io/gitea 19 github.com/docker/docker 19 DotNetNuke.Core 19 org.springframework:spring-core 19 tribalsystems/zenario 18 org.bouncycastle:bcprov-jdk14 18 com.vaadin:vaadin-bom 18 helm.sh/helm/v3 18 com.liferay.portal:release.dxp.bom 18 langchain 18 contao/contao 18 forkcms/forkcms 18 golang.org/x/net 17 Microsoft.AspNetCore.App.Runtime.win-x64 17 org.apache.geode:geode-core 17 cakephp/cakephp 17 PaddlePaddle 17 mercurial 17 cobbler 17 simplesamlphp/simplesamlphp 17 Microsoft.AspNetCore.App.Runtime.win-x86 17 francoisjacquet/rosariosis 17 symfony/security 17 org.xwiki.platform:xwiki-platform-web-templates 17 genix/cms 17 cockpit-hq/cockpit 17 rusqlite 16 pillow 16 sequelize 16 org.apache.activemq:activemq-client 16 wasmtime 16 yetiforce/yetiforce-crm 16 org.bouncycastle:bcprov-jdk15 16 org.apache.dubbo:dubbo 16 Microsoft.AspNetCore.App.Runtime.win-arm 16 directus 16 nova 15 org.apache.struts.xwork:xwork-core 15 cryptography 15 github.com/goharbor/harbor 15 org.apache.jspwiki:jspwiki-main 15 Microsoft.AspNetCore.App.Runtime.linux-musl-x64 15 Microsoft.AspNetCore.App.Runtime.linux-arm64 15 topthink/framework 15 openmage/magento-lts 15 paddlepaddle 15 notebook 15 Microsoft.AspNetCore.App.Runtime.linux-arm 15 Microsoft.AspNetCore.App.Runtime.osx-x64 15 Microsoft.AspNetCore.App.Runtime.linux-x64 15 ghost 14 activesupport 14 symfony/security-http 14 keystone 14 zendframework/zendframework1 14 pyftpdlib 14 publify_core 14 phpmailer/phpmailer 14 gradio 14 Microsoft.AspNetCore.App.Runtime.linux-musl-arm64 14 typo3/cms-backend 14 ezsystems/ezpublish-kernel 14 org.xwiki.platform:xwiki-platform-web 14 ec-cube/ec-cube 14 tinymce 14 pyload-ng 14 modoboa 14 smarty/smarty 14 Microsoft.AspNetCore.App.Runtime.win-arm64 14 swagger-ui 14 next 13 codeigniter4/framework 13 github.com/containerd/containerd 13 bolt/bolt 13 strapi 13 org.apache.cxf:cxf 13 lavalite/cms 13 neutron 13 github.com/nats-io/nats-server/v2 13 org.apache.hadoop:hadoop-main 13 passenger 13 github.com/mattermost/mattermost-server 13 ckeditor4 13 org.apache.inlong:manager-pojo 13 impresscms/impresscms 13 october/system 13 github.com/traefik/traefik/v2 13 joplin 13 elefant/cms 13 github.com/go-gitea/gitea 12 phpbb/phpbb 12 undici 12 dompdf/dompdf 12 org.apache.dolphinscheduler:dolphinscheduler 12 github.com/opencontainers/runc 12 phpmyfaq/phpmyfaq 12
Filter by Repository
https://github.com/tensorflow/tensorflow 432 https://github.com/chakra-core/ChakraCore 214 https://github.com/moodle/moodle 210 https://github.com/xwiki/xwiki-platform 172 https://github.com/jenkinsci/jenkins 148 https://github.com/pimcore/pimcore 111 https://github.com/apache/tomcat 96 https://github.com/apache/airflow 90 https://github.com/microweber/microweber 85 https://github.com/django/django 73 https://github.com/FasterXML/jackson-databind 70 https://github.com/thorsten/phpmyfaq 69 https://github.com/keycloak/keycloak 59 https://github.com/usememos/memos 59 https://github.com/Dolibarr/dolibarr 54 https://github.com/rails/rails 53 https://github.com/ansible/ansible 53 https://github.com/python-pillow/Pillow 52 https://github.com/kubernetes/kubernetes 48 https://github.com/symfony/symfony 47 https://github.com/apache/struts 46 https://github.com/librenms/librenms 46 https://github.com/shopware/platform 43 https://github.com/ikus060/rdiffweb 42 https://github.com/TYPO3/typo3 42 https://github.com/spring-projects/spring-framework 41 https://github.com/phpmyadmin/phpmyadmin 38 https://github.com/star7th/showdoc 38 https://github.com/vyperlang/vyper 38 https://github.com/argoproj/argo-cd 37 https://github.com/plone/Products.CMFPlone 37 https://github.com/x-stream/xstream 36 https://github.com/concretecms/concretecms 34 https://github.com/answerdev/answer 34 https://github.com/octobercms/october 33 https://github.com/saltstack/salt 32 https://github.com/apache/activemq 32 https://github.com/matrix-org/synapse 32 https://github.com/magento/magento2 31 https://github.com/go-gitea/gitea 31 https://github.com/sparklemotion/nokogiri 31 https://github.com/PaddlePaddle/Paddle 31 https://github.com/craftcms/cms 29 https://github.com/parse-community/parse-server 29 https://github.com/opencv/opencv 28 https://github.com/CVEProject/cvelist 28 https://github.com/snipe/snipe-it 28 https://github.com/mautic/mautic 27 https://github.com/froxlor/froxlor 26 https://github.com/rancher/rancher 25 https://github.com/apache/inlong 25 https://github.com/mlflow/mlflow 25 https://github.com/electron/electron 25 https://github.com/TYPO3/TYPO3.CMS 24 https://github.com/shopware/shopware 24 https://github.com/pmmp/PocketMine-MP 23 https://github.com/dotnet/runtime 23 https://github.com/github/advisory-database 23 https://github.com/livehelperchat/livehelperchat 23 https://github.com/getgrav/grav 23 https://github.com/eclipse/jetty.project 23 https://github.com/grafana/grafana 22 https://github.com/contao/contao 22 https://github.com/firefly-iii/firefly-iii 22 https://github.com/baserproject/basercms 22 https://github.com/nervosnetwork/ckb 22 https://github.com/apache/nifi 21 https://github.com/strapi/strapi 21 https://github.com/gogs/gogs 20 https://github.com/jeecgboot/jeecg-boot 20 https://github.com/netty/netty 20 https://github.com/cilium/cilium 20 https://github.com/PrestaShop/PrestaShop 20 https://github.com/jenkinsci/script-security-plugin 20 https://github.com/OpenZeppelin/openzeppelin-contracts 20 https://github.com/OpenNMS/opennms 20 https://github.com/intelliants/subrion 19 https://github.com/hashicorp/consul 19 https://github.com/cloudfoundry/uaa 19 https://github.com/nilsteampassnet/teampass 19 https://github.com/apache/cxf 19 https://github.com/helm/helm 19 https://github.com/rubygems/rubygems 18 https://github.com/nilsteampassnet/TeamPass 18 https://github.com/getkirby/kirby 18 https://github.com/bcgit/bc-java 18 https://github.com/vaadin/platform 17 https://github.com/rack/rack 17 https://github.com/liufee/cms 17 https://github.com/bytecodealliance/wasmtime 17 https://github.com/etcd-io/etcd 16 https://github.com/hashicorp/vault 16 https://github.com/opencast/opencast 16 https://github.com/sequelize/sequelize 16 https://github.com/rusqlite/rusqlite 16 https://github.com/yetiforcecompany/yetiforcecrm 16 https://github.com/forkcms/forkcms 16 https://github.com/umbraco/Umbraco-CMS 16 https://github.com/ethereum/go-ethereum 15 https://github.com/puppetlabs/puppet 15 https://github.com/goharbor/harbor 15 https://github.com/geoserver/geoserver 15 https://github.com/centreon/centreon 15 https://github.com/OpenMage/magento-lts 15 https://github.com/apache/camel 15 https://github.com/directus/directus 15 https://github.com/langchain-ai/langchain 14 https://github.com/pyca/cryptography 14 https://github.com/simplesamlphp/simplesamlphp 14 https://github.com/cobbler/cobbler 14 https://github.com/vantage6/vantage6 14 https://github.com/pyload/pyload 14 https://github.com/mattermost/mattermost 14 https://github.com/denoland/deno 14 https://github.com/PHPMailer/PHPMailer 14 https://github.com/cockpit-hq/cockpit 14 https://github.com/moby/moby 14 https://github.com/tinymce/tinymce 14 https://github.com/modoboa/modoboa 13 https://github.com/ming-soft/MCMS 13 https://github.com/hashicorp/nomad 13 https://github.com/publify/publify 13 https://github.com/xuxueli/xxl-job 13 https://github.com/gradio-app/gradio 13 https://github.com/golang/go 13 https://github.com/traefik/traefik 13 https://github.com/undertow-io/undertow 13 https://github.com/containerd/containerd 13 https://github.com/silverstripe/silverstripe-framework 13 https://github.com/quarkusio/quarkus 13 https://github.com/swagger-api/swagger-ui 13 https://github.com/dompdf/dompdf 13 https://github.com/laurent22/joplin 12 https://github.com/ckeditor/ckeditor4 12 https://github.com/apache/kylin 12 https://github.com/nodejs/undici 12 https://github.com/patriksimek/vm2 12 https://github.com/twisted/twisted 12 https://github.com/centreon/centreon-archived 12 https://github.com/TryGhost/Ghost 12 https://github.com/backstage/backstage 12 https://github.com/apache/dolphinscheduler 12 https://github.com/dromara/hutool 12 https://github.com/janeczku/calibre-web 11 https://github.com/jquery/jquery 11 https://github.com/cakephp/cakephp 11 https://github.com/urllib3/urllib3 11 https://github.com/thorsten/phpMyFAQ 11 https://github.com/vaadin/flow 11 https://github.com/cloudflare/cfrpki 11 https://github.com/containers/podman 11 https://github.com/igniterealtime/Openfire 11 https://github.com/opencontainers/runc 11 https://github.com/openstack/keystone 11 https://github.com/openfga/openfga 11 https://github.com/zitadel/zitadel 11 https://github.com/drupal/core 11 https://github.com/Studio-42/elFinder 11 https://github.com/smarty-php/smarty 11 https://github.com/NodeBB/NodeBB 11 https://github.com/puma/puma 11 https://github.com/onionshare/onionshare 11 https://github.com/greenpau/caddy-security 10 https://github.com/jenkinsci/git-plugin 10 https://github.com/1Panel-dev/1Panel 10 https://github.com/OPCFoundation/UA-.NETStandard 10 https://github.com/phusion/passenger 10 https://github.com/dpgaspar/Flask-AppBuilder 10 https://github.com/aio-libs/aiohttp 10 https://github.com/jupyter/notebook 10 https://github.com/dotnet/aspnetcore 10 https://github.com/keystonejs/keystone 10 https://github.com/pimcore/admin-ui-classic-bundle 10 https://github.com/cosmos/cosmos-sdk 10 https://github.com/zopefoundation/Zope 10 https://github.com/wagtail/wagtail 10 https://github.com/dolibarr/dolibarr 10 https://github.com/WWBN/AVideo 10 https://github.com/codeigniter4/CodeIgniter4 10 https://github.com/nats-io/nats-server 10 https://github.com/ezsystems/ezpublish-kernel 10 https://github.com/nextauthjs/next-auth 10 https://github.com/vercel/next.js 9 https://github.com/top-think/framework 9 https://github.com/apache/superset 9 https://github.com/Graylog2/graylog2-server 9 https://github.com/cri-o/cri-o 9 https://github.com/neorazorx/facturascripts 9 https://github.com/fatfreecrm/fat_free_crm 9 https://github.com/semplon/GeniXCMS 9 https://github.com/laravel/framework 9 https://github.com/cui2shark/cms 9 https://github.com/yiisoft/yii2 9 https://github.com/kevinpapst/kimai2 9 https://github.com/apache/lucene-solr 9 https://github.com/funadmin/funadmin 9 https://github.com/ethyca/fides 9 https://github.com/Pylons/waitress 9 https://github.com/spring-projects/spring-security 9