Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Low Security Advisories

Loading...
Low
GSA_kwCzR0hTQS12cHFwLWh4NjgtcDJ3eM4AATkx
Improper Link Resolution Before File Access in Suds
Ecosystems: pypi
Packages: suds
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXE0M20tZmZ3ci1ycGNj
SSL Validation Defaults to False in electron-packager
Ecosystems: npm
Packages: electron-packager
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 5 years ago
Low
GSA_kwCzR0hTQS1weHY1LTV2bXAtM2pqNM4AAb0u
Improper Authentication in Apache Hadoop
Ecosystems: maven
Packages: org.apache.hadoop:hadoop-common
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS12bTY5LTQ3NHYtN3Eyd83iMA
Incorrect Default Permissions in Apache Commons FileUpload
Ecosystems: maven
Packages: commons-fileupload:commons-fileupload
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Low
GSA_kwCzR0hTQS1oODZqLTZoNm0tcWpxd80Z7g
Cross-Site Request Forgery in remdex/livehelperchat
Ecosystems: packagist
Packages: remdex/livehelperchat
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
Low
GSA_kwCzR0hTQS00NTdyLWNxYzgtOXZqOc4AAwBT
sweetalert2 v10.16.10 and above contains hidden functionality
Ecosystems: npm
Packages: sweetalert2
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Low
GSA_kwCzR0hTQS1xbXF3LXI0eDYtM3cycc4AAzLF
Answer Missing Authorization vulnerability
Ecosystems: go
Packages: github.com/answerdev/answer
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXhnMmgtd3g5Ni14Z3hy
RandomAlphaNumeric and CryptoRandomAlphaNumeric are not as random as they should be
Ecosystems: go
Packages: github.com/Masterminds/goutils
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 3 years ago
Low
GSA_kwCzR0hTQS04aGM1LXJtZ2YtcXg2cM4AA3a0
Keycloak vulnerable to LDAP Injection on UsernameForm Login
Ecosystems: maven
Packages: org.keycloak:keycloak-services, org.keycloak:keycloak-ldap-federation
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
Low
GSA_kwCzR0hTQS1mYzcyLXY1NGMteDlqZ83VLw
MoinMoin Cross-site Scripting (XSS) vulnerability
Ecosystems: pypi
Packages: moin
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWM2NnctaHE1Ni00cTk3
Network policy may be bypassed by some ICMP Echo Requests
Ecosystems: go
Packages: github.com/cilium/cilium
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 3 years ago
Low
GSA_kwCzR0hTQS1xNDhxLTc3cXYtY2Y5cM4AAUp3
httplib2 incorrectly checks SSL certificate
Ecosystems: pypi
Packages: httplib2
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Low
GSA_kwCzR0hTQS1xcWgyLWg2Z3ctNng4eM4AAX1Z
Typo3 XSS Vulnerabilities
Ecosystems: packagist
Packages: typo3/cms
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Low
GSA_kwCzR0hTQS04OWYzLTc0bTYtZzI3Z830lg
Moodle Multiple cross-site scripting (XSS) vulnerabilities in the File Picker module
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Low
GSA_kwCzR0hTQS1jcjVxLTZxOWYtcnE2cc4AA1eP
Active Support Possibly Discloses Locally Encrypted Files
Ecosystems: rubygems
Packages: activesupport
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 9 months ago
Low
GSA_kwCzR0hTQS1qNTdwLWczM3ctOTVjNc3ydg
OpenStack Horizon Cross-site scripting (XSS) vulnerability
Ecosystems: pypi
Packages: horizon
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Low
GSA_kwCzR0hTQS1qam1nLXg0NTYtdzk3Ns4AAvOC
Incorrect default cookie name and recommendation
Ecosystems: npm
Packages: csrf-csrf
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Low
GSA_kwCzR0hTQS1xcjhmLWNqdzctODM4bc4AA5L-
Mattermost Jira Plugin does not properly check security levels
Ecosystems: go
Packages: github.com/mattermost/mattermost-plugin-jira
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
Low
GSA_kwCzR0hTQS12cDM1LTg1cTUtOWYyNc4AAv0i
Container build can leak any path on the host into the container
Ecosystems: go
Packages: github.com/moby/moby
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWg2aHEtYzg5Ni13ODgy
Low severity vulnerability that affects Plone
Ecosystems: pypi
Packages: Plone
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 6 years ago
Low
GSA_kwCzR0hTQS14Z3hqLWo5OGMtNTlyds4AA5p6
Mattermost fails to properly restrict the access of files attached to posts
Ecosystems: go
Packages: github.com/mattermost/mattermost/server/v8
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
Low
GSA_kwCzR0hTQS13OW1yLTI4bXctajhoZ84AAy-4
Hop-by-hop abuse to malform header mutator
Ecosystems: go
Packages: github.com/ory/oathkeeper
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
Low
GSA_kwCzR0hTQS1tZ3Z2LTVteHAteHE2N84AAvJx
SQLite3 addresses vulnerability in packaged version of libsqlite
Ecosystems: rubygems
Packages: sqlite3
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Low
GSA_kwCzR0hTQS03d3dyLXA4NHEtcXIzcc4AAfiu
Typo3 Backend XSS Vulnerabilities
Ecosystems: packagist
Packages: typo3/cms
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS0zZzM1LXY1M3ItZ3B4Y84AA5qJ
Mattermost race condition
Ecosystems: go
Packages: github.com/mattermost/mattermost/server/v8
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
Low
GSA_kwCzR0hTQS1ycXYyLTI3NXgtMmpxNc4AAxDs
Denial of service via multipart parsing in Rack
Ecosystems: rubygems
Packages: rack
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Low
GSA_kwCzR0hTQS13NXc1LTI4ODItNDdwY84AA0KY
github.com/cosmos/cosmos-sdk's x/crisis does not charge ConstantFee
Ecosystems: go
Packages: github.com/cosmos/cosmos-sdk
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 11 months ago
Low
GSA_kwCzR0hTQS1xaHF2LXE0eGctZjZnN811Cg
Apache Tomcat AJP Connector Information Leak
Ecosystems: maven
Packages: org.apache.tomcat:tomcat
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Low
GSA_kwCzR0hTQS1yZmhnLXJqZnAtOXE4cc4AA03d
Potential denial of service after connection migration
Ecosystems: cargo
Packages: s2n-quic
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 10 months ago
Low
GSA_kwCzR0hTQS14bWM5LTZwNTYtM2M0ds2ajQ
Apache Tomcat XSS In Accept-Language Headers
Ecosystems: maven
Packages: org.apache.tomcat:tomcat
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Low
GSA_kwCzR0hTQS1nY2g1LWh3cWYtbXhocM4AA069
Unsoundness in `intern` methods on `intaglio` symbol interners
Ecosystems: cargo
Packages: intaglio
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 10 months ago
Low
GSA_kwCzR0hTQS01NTVwLW00djYtY3F4ds4AA5lr
ASA-2024-004: Default configuration param for Evidence may limit window of validity
Ecosystems: go
Packages: github.com/cometbft/cometbft
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
Low
GSA_kwCzR0hTQS1tOTVxLTdxcDMteHY0Ms4AA2IO
Zod denial of service vulnerability
Ecosystems: npm
Packages: zod
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 8 months ago
Low
GSA_kwCzR0hTQS00cHBnLTJteDYtZnF4Oc30Sg
Moodle allows attackers to bypass intended login restrictions
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Low
GSA_kwCzR0hTQS05ODloLXd2OHgtOTMzcM4AAWA8
TYPO3 cross-site scripting (XSS)
Ecosystems: packagist
Packages: typo3/cms
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Low
GSA_kwCzR0hTQS05Z3A3LTY4MzMtd3Y4Oc4AAvLw
etcd having a negative value for cluster node size results in an index out-of-bound panic during service discovery
Ecosystems: go
Packages: go.etcd.io/etcd/client/v3
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Low
GSA_kwCzR0hTQS01MjhqLTlyNzgtd2ZmeM4AAvLv
etcd user credentials are stored in WAL logs in plaintext
Ecosystems: go
Packages: go.etcd.io/etcd/client/v3
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Low
GSA_kwCzR0hTQS03NWM2LXhxd3ItdjJyOc30bQ
Moodle cross-site scripting (XSS) vulnerability
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXc0eDktNGY1eC04amo4
Low severity vulnerability that affects org.apache.hive:hive-exec, org.apache.hive:hive, and org.apache.hive:hive-service
Ecosystems: maven
Packages: org.apache.hive:hive-exec, org.apache.hive:hive-service, org.apache.hive:hive
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 5 years ago
Low
GSA_kwCzR0hTQS0yYzI4LW0ybTctbWY1Nc4AA2c9
Pleroma Path Traversal vulnerability
Ecosystems: hex
Packages: pleroma
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 7 months ago
Low
GSA_kwCzR0hTQS1xNTg2LXhwd3ItamMzas4AAU_C
phpMyAdmin cross-site scripting vulnerability in crafted view name
Ecosystems: packagist
Packages: phpmyadmin/phpmyadmin
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Low
GSA_kwCzR0hTQS1jNTloLXI2cDgtcTl3Y84AA2m9
Next.js missing cache-control header may lead to CDN caching empty reply
Ecosystems: npm
Packages: next
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 7 months ago
Low
GSA_kwCzR0hTQS1qcW1yLXdxZ3AtOG1oMs4AAcfP
phpMyAdmin cross-site scripting Vulnerability in Table or Column Names
Ecosystems: packagist
Packages: phpmyadmin/phpmyadmin
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS00eDV2LWdtcTgtMjVjaM4AArVj
Regular expression denial of service in semver-regex
Ecosystems: npm
Packages: semver-regex
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS0zNnh4LTd2ZjYtN212M84AA0-N
Silverstripe Framework: Members with no password can be created and bypass custom login forms
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 10 months ago
Low
GSA_kwCzR0hTQS13anB2LWZyZjItM3I1OM4AAvFz
EC-CUBE Directory traversal vulnerability
Ecosystems: packagist
Packages: ec-cube/ec-cube
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTV3NjUtNjg3NS1yaHE4
Undefined Behavior in sailsjs-cacheman
Ecosystems: npm
Packages: sailsjs-cacheman
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 4 years ago
Low
GSA_kwCzR0hTQS02cjc4LW02NG0tcXdjZs4AA1OC
Moq v4.20.0-rc to 4.20.1 share hashed user data
Ecosystems: nuget
Packages: moq
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 9 months ago
Low
GSA_kwCzR0hTQS13cnJqLWg1N3Itdng5cM4AA1fa
Malicious dependencies can inject arbitrary JavaScript into cargo-generated timing reports
Ecosystems: cargo
Packages: cargo
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 9 months ago
Low
GSA_kwCzR0hTQS1xajY5LWNoanAtZzRmNc4AAZvc
TYPO3 Cross-site scripting (XSS) vulnerability in the Extbase Framework
Ecosystems: packagist
Packages: typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS1nOTVjLXhjODMtODM1M84AA26s
Ibexa DXP Download route allows filename change
Ecosystems: packagist
Packages: ibexa/core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 7 months ago
Low
GSA_kwCzR0hTQS1majI0LWdocDktMzl2M84AAU8E
Ansible uses a socket with predictable filename in /tmp
Ecosystems: pypi
Packages: Ansible
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Low
GSA_kwCzR0hTQS1wY3F2LWM0NnYtMnA0ds4AAU8C
Ansible Arbitrary File Overwrite Vulnerability
Ecosystems: pypi
Packages: ansible
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXF3OHctMnhjcC14ZzU5
Insecure use of temporary files in Phusion passenger
Ecosystems: rubygems
Packages: passenger
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 5 years ago
Low
GSA_kwCzR0hTQS1ndjJjLTVnNzktaDczY84AA26t
Ibexa ezplatform-kernel download route allows filename change
Ecosystems: packagist
Packages: ezsystems/ezplatform-kernel
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 7 months ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXh3ZzQtOTNjNi0zaDQy
Directory Traversal in send
Ecosystems: npm
Packages: send
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 6 years ago
Low
GSA_kwCzR0hTQS12MzYzLXJyZjItNWZtas4AA4ig
ferris-says has undefined behavior when not using UTF-8
Ecosystems: cargo
Packages: ferris-says
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 months ago
Low
GSA_kwCzR0hTQS1wNjMyLTV3NzQteDh4eM4AAcSd
phpMyAdmin Cross-site scripting (XSS) vulnerability via pageNumber value
Ecosystems: packagist
Packages: phpmyadmin/phpmyadmin
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS1yZnBnLTJmcDgtMmZwaM4AAfWz
phpMyAdmin multiple cross-site scripting vulnerabilities
Ecosystems: packagist
Packages: phpmyadmin/phpmyadmin
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS1yM3BxLW1wOHYtY3AzM84AAfQa
phpMyAdmin Multiple Cross-site Scripting Vulnerabilities in the Database Structure page
Ecosystems: packagist
Packages: phpmyadmin/phpmyadmin
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS1wM2g3LTNjNDUtcWo0ds4AAfZ-
Python Keyring does not securely initialize encryption cipher
Ecosystems: pypi
Packages: keyring
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS1ocjU5LTM1Y3ItcWY0M84AAeQ8
Plone Cross-site scripting Vulnerability
Ecosystems: pypi
Packages: plone
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS00NzV2LXBxMmctZnA5Z84AA2_T
s2n-quic potential denial of service via crafted stream frames
Ecosystems: cargo
Packages: s2n-quic
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
Low
GSA_kwCzR0hTQS1xN3YyLXczOHItcHY3ds4AAfkT
phpMyAdmin Multiple XSS Vulnerabilities
Ecosystems: packagist
Packages: phpmyadmin/phpmyadmin
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS1qNWczLTVjOHItN3FmeM4AA1lN
Prevent logging invalid header values
Ecosystems: npm
Packages: apollo-server-core, @apollo/server
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 9 months ago
Low
GSA_kwCzR0hTQS1xMzI0LXE3OTUtMnE1cM0WfA
Path traversal when using `preview-docs` when working dir contains files with question mark `?` in name
Ecosystems: npm
Packages: @redocly/openapi-cli
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
Low
GSA_kwCzR0hTQS05NDZjLWY5dzYtMmMyNc4AA26n
Download route allows filename change in eZpublish kernel
Ecosystems: packagist
Packages: ezsystems/ezpublish-kernel
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 7 months ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWc4OW0tM3dqdy1oODU3
Puppet vulnerable to Path Traversal
Ecosystems: rubygems
Packages: puppet
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 6 years ago
Low
GSA_kwCzR0hTQS03MzcyLXE0NTktanhocs4AAZrH
pyxdg Arbitrary File Overwrite via Race Condition
Ecosystems: pypi
Packages: pyxdg
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXI4NTQtOTZncS1yZmcz
Pillow Temporary file name leakage
Ecosystems: pypi
Packages: Pillow
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 4 years ago
Low
GSA_kwCzR0hTQS1md2o0LTcyZm0tYzkzZ84AAzGI
Under-validated ComSpec and cmd.exe resolution in Mutagen projects
Ecosystems: go
Packages: github.com/mutagen-io/mutagen
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWM1cXEtZzY3My01cDQ5
Puppet allows local users to overwrite arbitrary files via a symlink attack
Ecosystems: rubygems
Packages: puppet
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 6 years ago
Low
GSA_kwCzR0hTQS04NXA0LXEzNTctNzJoOc4AA3WE
Apache Storm Local Information Disclosure Vulnerability in Storm-core on Unix-Like systems due temporary files
Ecosystems: maven
Packages: org.apache.storm:storm-core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTYzNTQtNm1odi1tdnY1
Regular Expression Denial of Service in jadedown
Ecosystems: npm
Packages: jadedown
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 5 years ago
Low
GSA_kwCzR0hTQS1yN3ZxLTY0MjUtajk0d84AAuz1
Python-TUF vulnerable to incorrect threshold signature computation for new root metadata
Ecosystems: pypi
Packages: tuf
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZ4NDYtN3Jydi1tNGg4
sqlite3-ruby uses weak permissions for unspecified files, which allows local users to gain privileges
Ecosystems: rubygems
Packages: sqlite3-ruby
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 6 years ago
Low
GSA_kwCzR0hTQS04NnFqLTRoNTUtZnZwd84AAX1a
OpenStack Heat template URL information leakage
Ecosystems: pypi
Packages: openstack-heat
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Low
GSA_kwCzR0hTQS1teGY3LXB2OHEtMjk0aM3UqA
Cross-site scripting in Apache ActiveMQ
Ecosystems: maven
Packages: org.apache.activemq:activemq-parent
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWY2OTgtbTJ2OS01Zmgz
Command Injection in opencv
Ecosystems: npm
Packages: opencv
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 5 years ago
Low
GSA_kwCzR0hTQS05OWp2LTgyOTItMmhwbc4AA3pg
eventing-gitlab vulnerable to denial of service, caused by improper enforcement of the timeout on individual read operations
Ecosystems: go
Packages: knative.dev/eventing-gitlab
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 5 months ago
Low
GSA_kwCzR0hTQS12N2hjLTg3amMtcXJycs4AA3l6
eventing-github vulnerable to denial of service caused by improper enforcement of the timeout on individual read operations
Ecosystems: go
Packages: knative.dev/eventing-github
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 5 months ago
Low
GSA_kwCzR0hTQS00cTgzLTdjcTQtcDZ3Z84AAxat
`tokio::io::ReadHalf<T>::unsplit` is Unsound
Ecosystems: cargo
Packages: tokio
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTczOG0tZjMzdi1xYzJy
SMTP Injection in PHPMailer
Ecosystems: packagist
Packages: phpmailer/phpmailer
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 4 years ago
Low
GSA_kwCzR0hTQS00Zng5LXZjODgtcTJ4Y80yIw
Infinite loop in Pillow
Ecosystems: pypi
Packages: Pillow
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Low
GSA_kwCzR0hTQS04Z3IzLTJnanctamo3Z80zOA
Hidden functionality in node-ipc
Ecosystems: npm
Packages: node-ipc
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Low
GSA_kwCzR0hTQS0zbXBwLXhmdmgtcWgzN80zOQ
node-ipc behavior change
Ecosystems: npm
Packages: node-ipc
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Low
GSA_kwCzR0hTQS03eGcyLTgzZjgtMzltcs4AA4Lf
The DES/3DES cipher was used as part of the TLS protocol by installation tools
Ecosystems: go
Packages: github.com/karmada-io/karmada
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 months ago
Low
GSA_kwCzR0hTQS1majZjLXByZ2otZ3Izcs4AATys
Improper Limitation of a Pathname to a Restricted Directory in Apache Tomcat
Ecosystems: maven
Packages: org.apache.tomcat:tomcat
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Low
GSA_kwCzR0hTQS13OHZoLXA3NGoteDl4cM4AA34Q
yii2-authclient vulnerable to possible timing attack on string comparison in OAuth1, OAuth2 and OpenID Connect implementation
Ecosystems: packagist
Packages: yiisoft/yii2-authclient
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 5 months ago
Low
GSA_kwCzR0hTQS1nNXEyLWN4Z3EtaDJyd84AAm1i
Information leak in Gerrit
Ecosystems: maven
Packages: com.google.gerrit:gerrit-plugin-api
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXd4NzctcnAzOS1jNnZn
Regular Expression Denial of Service in markdown
Ecosystems: npm
Packages: markdown
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Low
GSA_kwCzR0hTQS13Zjk4LXZ4djktanFmds04kA
XSS Injection Vulnerability
Ecosystems: packagist
Packages: craftcms/cms
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Low
GSA_kwCzR0hTQS1oM2dxLWo3cDkteDNwNM4AA4Gf
Mattermost Cross-site Scripting vulnerability
Ecosystems: go
Packages: github.com/mattermost/mattermost/server/v8
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 5 months ago
Low
GSA_kwCzR0hTQS1xdnByLXFtNnctNnJjY84AAZ-c
OpenStack Keystone intended authorization restrictions bypass
Ecosystems: pypi
Packages: Keystone
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJwNmctZ2pwOC1nZ2c5
personnummer/php vulnerable to Improper Input Validation
Ecosystems: packagist
Packages: personnummer/personnummer
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Low
GSA_kwCzR0hTQS1nZ3JoLWdyajMtdmZ2d84AAwEF
Package discontinued because Bitly lowered the free quota
Ecosystems: pypi
Packages: bitlyshortener
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Low
GSA_kwCzR0hTQS1wZzk4LTZ2N2YtMnhmds4AAwBU
sweetalert2 v9.17.4 and above contains hidden functionality
Ecosystems: npm
Packages: sweetalert2
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Low
GSA_kwCzR0hTQS13NTYzLXJxMzctY3ZxNc4AAZ8H
Typo3 Backend History Module Vulnerable to XSS
Ecosystems: packagist
Packages: typo3/cms
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS1xbW13LWNoMnEtajZ4eM4AAZ8F
Typo3 Backend API XSS Vulnerability
Ecosystems: packagist
Packages: typo3/cms
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS1yZ2Y2LTlxN2ctNTVxZ84AAZ8K
Typo3 Function Menu API XSS Vulnerability
Ecosystems: packagist
Packages: typo3/cms
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Statistics
Advisories: 18,751
Packages: 8,375
Repositories: 449
Ecosystems: 12
Filter by Severity
Moderate 8,149 High 6,447 Critical 2,847 Low 1,014
Filter by Ecosystem
pypi 458 maven 282 packagist 178 npm 129 go 125 rubygems 48 cargo 40 nuget 19 hex 3 pub 1 swift 1 actions 1
Filter by Package
tensorflow 109 tensorflow-gpu 93 tensorflow-cpu 93 moodle/moodle 17 concrete5/concrete5 13 shopware/platform 12 typo3/cms 11 phpmyadmin/phpmyadmin 10 shopware/core 10 github.com/mattermost/mattermost/server/v8 10 nova 9 org.jenkins-ci.main:jenkins-core 9 org.apache.tomcat:tomcat 9 vyper 7 matrix-synapse 7 Umbraco.CMS 6 puppet 6 ansible 5 sweetalert2 5 baserproject/basercms 5 october/backend 5 undici 5 k8s.io/kubernetes 5 typo3/cms-core 5 wasmtime 5 helm.sh/helm/v3 5 rack 5 org.keycloak:keycloak-services 4 electron 4 helm.sh/helm 4 github.com/cilium/cilium 4 github.com/mattermost/mattermost-server/v6 4 magento/community-edition 4 actionpack 4 simplesamlphp/simplesamlphp 4 shopware/shopware 4 com.vaadin:flow-server 4 plone 3 github.com/cosmos/cosmos-sdk 3 sylius/sylius 3 bin-links 3 @openzeppelin/contracts-upgradeable 3 nautobot 3 passenger 3 com.vaadin:vaadin-bom 3 ckb 3 httplib2 3 ethyca-fides 3 glance 3 node-forge 3 org.apache.hive:hive-exec 3 org.graylog2:graylog2-server 3 go.etcd.io/etcd 3 cryptography 3 org.apache.hive:hive 3 org.apache.hive:hive-service 3 github.com/mattermost/mattermost-server 3 symfony/symfony 3 wagtail 3 moin 2 org.jenkins-ci.plugins:azure-ad 2 tuf 2 ceph-deploy 2 github.com/opencontainers/runc 2 silverstripe/framework 2 pip 2 org.apache.activemq:activemq-parent 2 typo3/cms-frontend 2 craftcms/cms 2 @openzeppelin/contracts 2 @apollo/server 2 Pillow 2 github.com/answerdev/answer 2 github.com/authzed/spicedb 2 github.com/containerd/containerd 2 next-auth 2 node-ipc 2 org.jenkins-ci.plugins:ec2 2 Django 2 org.jenkins-ci.plugins:bigpanda-jenkins 2 django 2 braces 2 winter/wn-backend-module 2 github.com/sigstore/cosign 2 salt 2 Flask-Security-Too 2 com.inedo.proget:inedo-proget 2 tools.devnull:build-notifications 2 org.jenkins-ci.plugins:mercurial 2 org.eclipse.jetty:jetty-server 2 cargo 2 s2n-quic 2 vantage6 2 symfony/security-http 2 org.xwiki.platform:xwiki-platform-oldcore 2 horizon 2 october/cms 2 github.com/mattermost/mattermost-plugin-jira 2 com.ruoyi:ruoyi 2 Nova 2 parse-server 2 flarum/core 2 activesupport 2 org.jenkins-ci.plugins:artifactory 2 github.com/ntbosscher/gobase 2 langchain 2 org.jenkins-ci.plugins:wso2id-oauth 2 keystone 2 microweber/microweber 2 github.com/cometbft/cometbft 2 org.bouncycastle:bcprov-jdk14 2 gilacms/gila 2 github.com/hashicorp/nomad 2 OctoPrint 2 Zope 2 grumpydictator/firefly-iii 2 aiohttp 2 typo3/cms-install 2 github.com/mutagen-io/mutagen 2 go.etcd.io/etcd/client/v3 2 ezsystems/ezpublish-kernel 2 ezsystems/ezplatform-kernel 2 org.jenkins-ci.plugins:repository-connector 2 Flask-AppBuilder 2 es5-ext 1 fast-xml-parser 1 org.scala-sbt:sbt 1 rabbit_common 1 org.scala-sbt:io_2.12 1 org.scala-sbt:io_2.13 1 org.wiremock:wiremock 1 org.wiremock:wiremock-standalone 1 org.scala-sbt:io_3 1 ajenti 1 org.jenkins-ci.plugins:snsnotify 1 com.github.tomakehurst:wiremock-jre8 1 github.com/oauth2-proxy/oauth2-proxy 1 com.github.tomakehurst:wiremock-jre8-standalone 1 wiremock 1 github.com/nats-io/nats-server/v2 1 org.keycloak:keycloak-core 1 org.jenkins-ci.plugins:openshift-deployer 1 @liquity/contracts 1 org.xwiki.platform:xwiki-platform-security-authentication-script 1 @diez/generation 1 hyper 1 github.com/oauth2-proxy/oauth2-proxy/v7 1 github.com/Masterminds/goutils 1 qutebrowser 1 automad/automad 1 mindspore 1 go.elastic.co/apm 1 kafo 1 net.sf.mpxj:mpxj 1 net.sf.mpxj 1 net.sf.mpxj-for-csharp 1 net.sf.mpxj-for-vb 1 mpxj 1 keylime 1 kimai/kimai 1 zerocopy 1 francoisjacquet/rosariosis 1 RPLY 1 seneca 1 hooka-tools 1 github.com/canonical/lxd 1 org.bouncycastle:bcprov-jdk15to18 1 org.bouncycastle:bcprov-jdk13 1 org.bouncycastle:bcprov-jdk12 1 io.jenkins.plugins:gitlab-branch-source 1 org.springframework.batch:spring-batch-core 1 org.jenkins-ci.plugins:ghprb 1 com.xuxueli:xxl-job-core 1 virtualenv 1 com.typesafe.play:play 1 nokogiri 1 ember-source 1 @aedart/support 1 streamlit 1 org.jenkins-ci.plugins:reverse-proxy-auth-plugin 1 thelounge 1 flarum/framework 1 Werkzeug 1 markdown-link-extractor 1 github.com/flyteorg/flyteadmin 1 plone.restapi 1 datasette-graphql 1 org.keycloak:keycloak-server-spi-private 1 spina 1 admidio/admidio 1 phpmyfaq/phpmyfaq 1 solidus_backend 1 debug 1 org.keycloak:keycloak-parent 1 org.xmlunit:xmlunit-core 1 github.com/consensys/gnark-crypto 1 github.com/tendermint/tendermint 1 github.com/aws/aws-sdk-go 1 github.com/goharbor/harbor 1 croogo/croogo 1
Filter by Repository
https://github.com/tensorflow/tensorflow 109 https://github.com/moodle/moodle 17 https://github.com/concretecms/concretecms 13 https://github.com/shopware/platform 12 https://github.com/openstack/nova 11 https://github.com/etcd-io/etcd 8 https://github.com/umbraco/Umbraco-CMS 7 https://github.com/matrix-org/synapse 7 https://github.com/phpmyadmin/phpmyadmin 7 https://github.com/eclipse/jetty.project 7 https://github.com/vyperlang/vyper 7 https://github.com/octobercms/october 7 https://github.com/rails/rails 6 https://github.com/sweetalert2/sweetalert2 5 https://github.com/nodejs/undici 5 https://github.com/rack/rack 5 https://github.com/ansible/ansible 5 https://github.com/helm/helm 5 https://github.com/kubernetes/kubernetes 5 https://github.com/keycloak/keycloak 5 https://github.com/bytecodealliance/wasmtime 5 https://github.com/baserproject/basercms 5 https://github.com/TYPO3/typo3 5 https://github.com/xwiki/xwiki-platform 5 https://github.com/puppetlabs/puppet 5 https://github.com/jenkinsci/jenkins 5 https://github.com/simplesamlphp/simplesamlphp 4 https://github.com/apache/tomcat 4 https://github.com/cilium/cilium 4 https://github.com/wintercms/winter 4 https://github.com/shopware/shopware 4 https://github.com/electron/electron 4 https://github.com/mattermost/mattermost 4 https://github.com/vaadin/platform 4 https://github.com/Graylog2/graylog2-server 3 https://github.com/nautobot/nautobot 3 https://github.com/wagtail/wagtail 3 https://github.com/digitalbazaar/forge 3 https://github.com/CVEProject/cvelist 3 https://github.com/httplib2/httplib2 3 https://github.com/vaadin/flow 3 https://github.com/symfony/symfony 3 https://github.com/ethyca/fides 3 https://github.com/cosmos/cosmos-sdk 3 https://github.com/django/django 3 https://github.com/pyca/cryptography 3 https://github.com/Sylius/Sylius 3 https://github.com/vantage6/vantage6 3 https://github.com/nervosnetwork/ckb 3 https://github.com/phusion/passenger 3 https://github.com/openstack/keystone 3 https://github.com/jenkinsci/ec2-plugin 2 https://github.com/saltstack/salt 2 https://github.com/quarkusio/quarkus 2 https://github.com/ezsystems/ezplatform-kernel 2 https://github.com/openstack/glance 2 https://github.com/nats-io/nats-server 2 https://github.com/craftcms/cms 2 https://github.com/RIAEvangelist/node-ipc 2 https://github.com/containerd/containerd 2 https://github.com/zopefoundation/Zope 2 https://github.com/microweber/microweber 2 https://github.com/ceph/ceph-deploy 2 https://github.com/cometbft/cometbft 2 https://github.com/nextauthjs/next-auth 2 https://github.com/ntbosscher/gobase 2 https://github.com/aws/s2n-quic 2 https://github.com/apollographql/apollo-server 2 https://github.com/apache/activemq 2 https://github.com/aio-libs/aiohttp 2 https://github.com/octoprint/octoprint 2 https://gitlab.com/sequoia-pgp/sequoia 2 https://github.com/answerdev/answer 2 https://github.com/mutagen-io/mutagen 2 https://github.com/opencontainers/runc 2 https://github.com/GilaCMS/gila 2 https://github.com/micromatch/braces 2 https://github.com/pypa/pip 2 https://github.com/TYPO3/TYPO3.CMS 2 https://github.com/Flask-Middleware/flask-security 2 https://github.com/firefly-iii/firefly-iii 2 https://github.com/hashicorp/nomad 2 https://github.com/OpenZeppelin/openzeppelin-contracts 2 https://github.com/theupdateframework/python-tuf 2 https://github.com/mattermost/mattermost-plugin-jira 2 https://github.com/bcgit/bc-java 2 https://github.com/parse-community/parse-server 2 https://github.com/opencontainers/distribution-spec 2 https://github.com/dpgaspar/Flask-AppBuilder 2 https://github.com/flarum/framework 2 https://github.com/rust-lang/cargo 2 https://github.com/authzed/spicedb 2 https://github.com/openstack/horizon 2 https://github.com/sigstore/cosign 2 https://github.com/thelounge/thelounge 1 https://github.com/plone/Products.CMFPlone 1 https://github.com/dojo/dijit 1 https://github.com/jenkinsci/mercurial-plugin 1 https://github.com/Consensys/gnark-crypto 1 https://github.com/personnummer/csharp 1 https://github.com/joeferner/redis-commander 1 https://github.com/fastify/fastify-http-proxy 1 https://github.com/brefphp/bref 1 https://github.com/electron-userland/electron-packager 1 https://github.com/knative-extensions/eventing-github 1 https://github.com/swagger-api/swagger-codegen 1 https://github.com/Azure/setup-kubectl 1 https://github.com/httpie/httpie 1 https://github.com/canonical/lxd 1 https://github.com/jquery-validation/jquery-validation 1 https://github.com/yiisoft/yii2-authclient 1 https://github.com/vapor/postgres-nio 1 https://github.com/waysact/webpack-subresource-integrity 1 https://github.com/google/zerocopy 1 https://github.com/keystonejs/keystone 1 https://github.com/ezsystems/ezpublish-kernel 1 https://github.com/tinymce/tinymce 1 https://github.com/NVIDIA/NeMo 1 https://github.com/croogo/croogo 1 https://github.com/derbyjs/derby 1 https://github.com/puma/puma 1 https://github.com/endojs/endo 1 https://github.com/moq/moq 1 https://github.com/rails/globalid 1 https://github.com/medikoo/es5-ext 1 https://github.com/jenkinsci/email-ext-plugin 1 https://github.com/python-imaging/Pillow 1 https://github.com/jenkinsci/qmetry-for-jira-test-management-plugin 1 https://github.com/Cyber-Domain-Ontology/CDO-Utility-Local-UUID 1 https://github.com/simplegeo/python-oauth2 1 https://github.com/decidim/decidim 1 https://github.com/spinacms/spina 1 https://github.com/keylime/keylime 1 https://github.com/vega/vega 1 https://github.com/Masterminds/goutils 1 https://github.com/skylot/jadx 1 https://github.com/cloudfoundry/uaa 1 https://github.com/directus/directus 1 https://github.com/Twipped/ircdkit 1 https://github.com/spring-projects/spring-data-rest 1 https://github.com/ktorio/ktor 1 https://github.com/PrestaShop/productcomments 1 https://github.com/mlflow/mlflow 1 https://github.com/kopia/kopia 1 https://github.com/fluent/fluentd 1 https://github.com/jcubic/jquery.terminal 1 https://github.com/lexik/LexikJWTAuthenticationBundle 1 https://github.com/kitabisa/teler 1 https://github.com/firebase/firebase-tools 1 https://github.com/jeremylong/DependencyCheck 1 https://github.com/tauri-apps/tauri 1 https://github.com/node-red/node-red 1 https://github.com/ubernostrum/django-registration 1 https://github.com/personnummer/php 1 https://github.com/openjdk/jfx 1 https://github.com/livehelperchat/livehelperchat 1 https://github.com/CosmWasm/cosmwasm 1 https://github.com/cjvnjde/google-translate-api-browser 1 https://github.com/floriangaerber/Magnesium-PHP 1 https://github.com/zowe/imperative 1 https://github.com/jenkinsci/digitalocean-plugin 1 https://github.com/theupdateframework/go-tuf 1 https://github.com/admidio/admidio 1 https://github.com/jenkinsci/inedo-buildmaster-plugin 1 https://github.com/onionshare/onionshare 1 https://github.com/sparklemotion/sqlite3-ruby 1 https://github.com/memorysafety/sudo-rs 1 https://github.com/ericcornelissen/shescape 1 https://github.com/alphagov/tech-docs-gem 1 https://github.com/tailscale/tailscale 1 https://github.com/Nebulosus/shamir 1 https://github.com/ajenti/ajenti 1 https://github.com/xuxueli/xxl-job 1 https://github.com/yourls/yourls 1 https://github.com/bbatsov/rubocop 1 https://github.com/dan1hc/fgr 1 https://github.com/jenkinsci/github-plugin 1 https://github.com/kiwitcms/Kiwi 1 https://github.com/gradle/gradle 1 https://gitlab.com/edneville/please 1 https://github.com/xmlunit/xmlunit 1 https://github.com/octokit/octopoller.rb 1 https://github.com/disintegration/imaging 1 https://github.com/node-js-libs/cli 1 https://github.com/Brondahl/EnumStringValues 1 https://github.com/foxcpp/maddy 1 https://github.com/jenkinsci/git-client-plugin 1 https://github.com/personnummer/go 1 https://github.com/amundsen-io/amundsenfrontendlibrary 1 https://github.com/elastic/apm-agent-go 1 https://github.com/rust-vmm/linux-loader 1 https://github.com/jenkinsci/resource-disposer-plugin 1 https://github.com/zopefoundation/Products.GenericSetup 1 https://github.com/npm/npm 1 https://github.com/triaxtec/openapi-python-client 1 https://github.com/arguiot/EyeJS 1 https://github.com/dub-flow/vulnerability-research 1 https://github.com/jenkinsci/gitlab-plugin 1 https://github.com/impredicative/bitlyshortener 1