Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Low Security Advisories

Loading...
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTVtZzgtdzIzdy03NGgz
Information Disclosure in Guava
Ecosystems: maven
Packages: com.google.guava:guava
Source: GitHub Advisory Database
Blast Radius: 17.6
Published: about 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW02Y3AtdnhqeC02NWo2
SessionListener can prevent a session from being invalidated breaking logout
Ecosystems: maven
Packages: org.eclipse.jetty:jetty-server
Source: GitHub Advisory Database
Blast Radius: 15.9
Published: almost 3 years ago
Low
GSA_kwCzR0hTQS1tYzh2LW1ncmYtOGY0bc0XWA
Clarify Content-Type handling
Ecosystems: go
Packages: github.com/opencontainers/distribution-spec
Source: GitHub Advisory Database
Blast Radius: 4.9
Published: over 2 years ago
Low
GSA_kwCzR0hTQS13bXB2LWMyanAtajJ4Z80XOg
ERC1155Supply vulnerability in OpenZeppelin Contracts
Ecosystems: npm
Packages: @openzeppelin/contracts-upgradeable, @openzeppelin/contracts
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
Low
GSA_kwCzR0hTQS1jdzdwLXE3OWYtbTJ2N80W6Q
incomplete JupyterHub logout with simultaneous JupyterLab sessions
Ecosystems: pypi
Packages: jupyterhub
Source: GitHub Advisory Database
Blast Radius: 10.2
Published: over 2 years ago
Low
GSA_kwCzR0hTQS00NXczLXYzZzQtNTRwbc0rDQ
Chrono has potential segfault issue in SPIFFE authenticator
Ecosystems: cargo
Packages: parsec-service
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Low
GSA_kwCzR0hTQS03MjdoLWhydzgtamc4cc0xPQ
Path traversal in org.postgresql:postgresql
Ecosystems: maven
Packages: org.postgresql:postgresql
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Low
GSA_kwCzR0hTQS13ODhtLTI5MzYtcm14cs4AAuf5
wildfly-core allows user with access to management interface to access vault expression, retrieve item from vault
Ecosystems: maven
Packages: org.wildfly.core:wildfly-server
Source: GitHub Advisory Database
Blast Radius: 7.7
Published: over 1 year ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXBycWYteHIyai14ZjY1
Potential privilege escalation on Kubernetes >= v1.19 when the Argo Sever is run with `--auth-mode=client`
Ecosystems: go
Packages: github.com/argoproj/argo-workflows/v3
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
Low
GSA_kwCzR0hTQS1ydmdtLTM1anctcTYyOM4AAujy
Improper Control of Generation of Code ('Code Injection') in mdx-mermaid
Ecosystems: npm
Packages: mdx-mermaid
Source: GitHub Advisory Database
Blast Radius: 9.7
Published: over 1 year ago
Low
GSA_kwCzR0hTQS02Z2ptLTZ3ajYtNHB4Nc4AAt2Y
Byobu user preference to prevent private discussions being started are not respected
Ecosystems: packagist
Packages: fof/byobu
Source: GitHub Advisory Database
Blast Radius: 3.6
Published: almost 2 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXFxM2oteHA0OS1qNzNm
Plugin archive directory traversal in Helm
Ecosystems: go
Packages: helm.sh/helm/v3
Source: GitHub Advisory Database
Blast Radius: 13.7
Published: almost 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTl2cDUtbTM4dy1qNzc2
Aliases are never checked in helm
Ecosystems: go
Packages: helm.sh/helm, helm.sh/helm/v3
Source: GitHub Advisory Database
Blast Radius: 13.7
Published: almost 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW01NHItdnJtdi1odzMz
Improper Sanitizing of plugin names in helm
Ecosystems: go
Packages: helm.sh/helm, helm.sh/helm/v3
Source: GitHub Advisory Database
Blast Radius: 12.6
Published: almost 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTQyNzgtMnY1di02NXI0
Heap buffer overflow in `RaggedBinCount`
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 12.2
Published: almost 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXg4M20tcDdwdi1jaDh2
Division by 0 in `QuantizedAdd`
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 12.2
Published: almost 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWg5cHgtOXZxZy0yMjJo
Heap OOB in `QuantizeAndDequantizeV3`
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 12.2
Published: almost 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXIzNWctNDUyNS0yOWZx
Division by 0 in `FusedBatchNorm`
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 12.2
Published: almost 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTgyOHgtcWMycC13cHJx
Undefined behavior in `MaxPool3DGradGrad`
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 12.2
Published: almost 3 years ago
Low
GSA_kwCzR0hTQS13YzV2LXI0OHYtZzR2aM4AAtaF
Cilium host policy bypass in endpoint-routes mode with dual-stack
Ecosystems: go
Packages: github.com/cilium/cilium
Source: GitHub Advisory Database
Blast Radius: 6.6
Published: almost 2 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZxZ20tZnY2di1yZnB2
Overflow/denial of service in `tf.raw_ops.ReverseSequence`
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 12.2
Published: almost 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTc5ZnYtOTg2NS00cWN2
Heap buffer overflow in `MaxPoolGrad`
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 12.2
Published: almost 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWNyY2gtajM4OS01Zjg0
Heap OOB write in TFLite
Ecosystems: pypi
Packages: tensorflow
Source: GitHub Advisory Database
Blast Radius: 12.2
Published: almost 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWpteDgtMzU1bS04dndo
Unauthorized client-side property update in UIDL request handler in Vaadin 10 and 11
Ecosystems: maven
Packages: com.vaadin:flow-server
Source: GitHub Advisory Database
Blast Radius: 5.5
Published: about 3 years ago
Low
GSA_kwCzR0hTQS0zcDVyLTdjdzMtMm02N84AAbli
Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat
Ecosystems: maven
Packages: org.apache.tomcat:tomcat
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTc2ZjQtZnczMy02ajJ2
Potential sensitive data exposure in applications using Vaadin 15
Ecosystems: maven
Packages: com.vaadin:vaadin-bom
Source: GitHub Advisory Database
Blast Radius: 11.3
Published: about 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXA2OHYtZnJneC00cmpw
Denial of Service via Cache Flooding
Ecosystems: packagist
Packages: shopware/core, shopware/platform
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLThqOXYtaDJ2cC0yaGh2
XSS in HtmlSanitizer
Ecosystems: nuget
Packages: HtmlSanitizer
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWZ4M3YtNTUzeC0zYzRx
Stored XSS by authenticated backend user with access to upload files
Ecosystems: packagist
Packages: october/backend
Source: GitHub Advisory Database
Blast Radius: 7.0
Published: over 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJyZnAtajJtcC1ocTlj
Segfault in `tf.quantization.quantize_and_dequantize`
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 28.7
Published: over 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZndjktN3E0Zy1wbXZt
Persistent XSS in customer module in Shopware
Ecosystems: packagist
Packages: shopware/shopware
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWZ3NXEtajlwNC0zdnhn
Blog comment posting, Cross Site Scripting(XSS) Vulnerability in Latest Release 4.4.0
Ecosystems: packagist
Packages: baserproject/basercms
Source: GitHub Advisory Database
Blast Radius: 4.6
Published: over 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWc1dmYtdjZ3Zi03dzJy
Ciphertext Malleability Issue in Tink Java
Ecosystems: maven
Packages: com.google.crypto.tink:tink
Source: GitHub Advisory Database
Blast Radius: 14.3
Published: over 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTdxdzUtcHFoYy14bTRn
Users with SCRIPT right can execute arbitrary code in XWiki
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-oldcore
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 3 years ago
Low
GSA_kwCzR0hTQS00OGYyLW03amctODY2eM4AArZd
Failed payment recorded has completed in Silverstripe Omnipay
Ecosystems: packagist
Packages: silverstripe/silverstripe-omnipay
Source: GitHub Advisory Database
Blast Radius: 5.2
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS1wajk2LTRqaHYtdjc5Ms4AArT9
Cross site scripting via cookies in gogs
Ecosystems: go
Packages: gogs.io/gogs
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS01Nzg2LTNxamctbXI4OM4AAgY-
Path traversal in Jenkins Mercurial Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:mercurial
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTk3MjItcnI2OC1yZnBn
Upload whitelisted files to any directory in OctoberCMS
Ecosystems: packagist
Packages: october/cms
Source: GitHub Advisory Database
Blast Radius: 8.5
Published: almost 4 years ago
Low
GSA_kwCzR0hTQS05cXJwLWg3ZnctNDJoZ84AArTY
Path Traversal in XWiki Platform
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-oldcore
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTc3cXYtZ2g2Zi1wZ2g0
Command Injection in Limdu
Ecosystems: npm
Packages: limdu
Source: GitHub Advisory Database
Blast Radius: 5.8
Published: almost 4 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXhycjktcmg4cC00MzN2
Request smuggling is possible when both chunked TE and content length specified
Ecosystems: maven
Packages: io.ktor:ktor-server-cio, io.ktor:ktor-client-cio
Source: GitHub Advisory Database
Blast Radius: 16.6
Published: over 4 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTVmcTgtM3EyZi00bTVn
Session key exposure through session list in Django User Sessions
Ecosystems: pypi
Packages: django-user-sessions
Source: GitHub Advisory Database
Blast Radius: 13.6
Published: over 4 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTNmanEtOTN4ai0zZjNm
Cross-Site Scripting in serialize-to-js
Ecosystems: npm
Packages: serialize-to-js
Source: GitHub Advisory Database
Blast Radius: 14.8
Published: over 4 years ago
Low
GSA_kwCzR0hTQS1ydmpnLWd4d3gtajVnZs1Big
OIDC Logout redirect in keycloak
Ecosystems: maven
Packages: org.keycloak:keycloak-oidc-client-adapter-pom
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Low
GSA_kwCzR0hTQS1td200LTVxd3ItZzlwZs1Bjw
Keycloak is vulnerable to IDN homograph attack
Ecosystems: maven
Packages: org.keycloak:keycloak-services
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJtaGgtdzZxOC01aHh3
Remote Memory Disclosure in ws
Ecosystems: npm
Packages: ws
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 5 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZjcGMtbWo1Yy1tOXJx
Arbitrary File Write in cli
Ecosystems: npm
Packages: cli
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 5 years ago
Low
GSA_kwCzR0hTQS1xY2d4LTdwNWYtaHh2cs02gQ
Discoverability of user password hash in Statamic CMS
Ecosystems: packagist
Packages: statamic/cms
Source: GitHub Advisory Database
Blast Radius: 9.6
Published: about 2 years ago
Low
GSA_kwCzR0hTQS02cGM5LXhxcmctd2Zxd80zHw
Exposure of Sensitive information in httpie
Ecosystems: pypi
Packages: httpie
Source: GitHub Advisory Database
Blast Radius: 8.6
Published: about 2 years ago
Low
GSA_kwCzR0hTQS0zcDIyLWdocTgtdjc0Oc01Ew
Renderers can obtain access to random bluetooth device without permission in Electron
Ecosystems: npm
Packages: electron
Source: GitHub Advisory Database
Blast Radius: 16.9
Published: about 2 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZ4ZjYtdzltcC05NWht
Puppet supports use of IP addresses in certnames without warning of potential risks
Ecosystems: rubygems
Packages: puppet
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 6 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLThqeGotOXI1Zi13M20y
Puppet allows local users to obtain sensitive configuration information
Ecosystems: rubygems
Packages: puppet
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 6 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWZxcnItcnJ3Zy02OXB2
Local API Login Credentials Disclosure in paratrooper-pingdom
Ecosystems: rubygems
Packages: paratrooper-pingdom
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 6 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW14OWYtdzhxcS1xNWpm
rest-client allows local users to obtain sensitive information by reading the log
Ecosystems: rubygems
Packages: rest-client
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 6 years ago
Low
GSA_kwCzR0hTQS1wNjhjLXhnODktMmc1cs4AAjx4
Credentials transmitted in plain text by Backlog Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:backlog
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS1qNmdjLTc5Mm0tcWdtMs4AAxDy
ReDoS based DoS vulnerability in Active Support's underscore
Ecosystems: rubygems
Packages: activesupport
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Low
GSA_kwCzR0hTQS0yM2MyLWd3cDUtcHh3Oc4AAxDr
ReDoS based DoS vulnerability in GlobalID
Ecosystems: rubygems
Packages: globalid
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Low
GSA_kwCzR0hTQS0zaHZqLTNjZzktdjI0Ms4AAx6e
Saleor Unauthenticated Information Disclosure Vulnerability via Python Exceptions
Ecosystems: pypi
Packages: saleor
Source: GitHub Advisory Database
Blast Radius: 1.1
Published: about 1 year ago
Low
GSA_kwCzR0hTQS01ODRtLTdyNG0tOGo2ds4AAyCI
Incorrect Authorization in Jenkins Core
Ecosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Low
GSA_kwCzR0hTQS12dnA3LXI0MjItcng4M84AAyu5
Unauthenticated user can have information about hidden users on subwikis through uorgsuggest.vm
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-web-templates
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Low
GSA_kwCzR0hTQS1wMjZnLTk3bTQtNnE3Y84AAy3M
Eclipse Jetty's cookie parsing of quoted values can exfiltrate values from other cookies
Ecosystems: maven
Packages: org.eclipse.jetty:jetty-server
Source: GitHub Advisory Database
Blast Radius: 10.9
Published: about 1 year ago
Low
GSA_kwCzR0hTQS03eDZxLTN2M20tY3dqZ84AAy8N
kiwi TCMS has possibility for user to update email address to unverified one
Ecosystems: pypi
Packages: kiwitcms
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
Low
GSA_kwCzR0hTQS02NWcyLXg1M3EtY21mNs4AAy9A
Sensitive Terraform Output Values Printed At Info Logging Level In Kitchen-Terraform
Ecosystems: rubygems
Packages: kitchen-terraform
Source: GitHub Advisory Database
Blast Radius: 7.7
Published: about 1 year ago
Low
GSA_kwCzR0hTQS0yNW14LThmM3YtOHdoN84AAzpM
sequoia-openpgp vulnerable to out-of-bounds array access leading to panic
Ecosystems: cargo
Packages: sequoia-openpgp
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 12 months ago
Low
GSA_kwCzR0hTQS0yY3FnLXE3am0tajM1Y80XNw
snipe-it is vulnerable to Cross-site Scripting
Ecosystems: packagist
Packages: snipe/snipe-it
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW1tcTYtcThyMy00OGZt
Crash in `tf.strings.substr` due to `CHECK`-fail
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 12.2
Published: almost 3 years ago
Low
GSA_kwCzR0hTQS12dzQ3LW1yNDQtM2pmOc0V6g
Confused Deputy in Kubernetes
Ecosystems: go
Packages: k8s.io/kubernetes
Source: GitHub Advisory Database
Blast Radius: 13.4
Published: over 2 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJjeGYtNjU2Ny03cHA2
Local Information Disclosure Vulnerability
Ecosystems: maven
Packages: com.datadoghq:datadog-api-client
Source: GitHub Advisory Database
Blast Radius: 2.9
Published: about 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTh2ZnctdjJqdi05aHdj
Reflected cross-site scripting in development mode handler in Vaadin
Ecosystems: maven
Packages: com.vaadin:flow-server
Source: GitHub Advisory Database
Blast Radius: 5.3
Published: almost 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLThmeGMtcW02NS12cHhn
Temporary urls leaked via logging
Ecosystems: pypi
Packages: swift
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWh2NTMtdmY1bS04cTk0
personnummer/go vulnerable to Improper Input Validation
Ecosystems: go
Packages: github.com/personnummer/go
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWM1MmYtcHE0Ny0ycjlq
plugin.yaml file allows for duplicate entries in helm
Ecosystems: go
Packages: helm.sh/helm, helm.sh/helm/v3
Source: GitHub Advisory Database
Blast Radius: 11.1
Published: almost 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWptNTYtNWg2Ni13NDUz
Repository index file allows for duplicates of the same chart entry in helm
Ecosystems: go
Packages: helm.sh/helm, helm.sh/helm/v3
Source: GitHub Advisory Database
Blast Radius: 8.1
Published: almost 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWc2MzYtcTVmYy00cHI3
accounts: Hash account number using Salt
Ecosystems: go
Packages: github.com/moov-io/customers
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWdtcTItMzlmZi1mNXFn
A failed upgrade may lead to hung goroutines
Ecosystems: go
Packages: github.com/cloudflare/tableflip
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTR2ZjItNHhjZy02NWN4
Division by 0 in `Conv2D`
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 12.2
Published: almost 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXg0ZzctZnZqai1wcmc4
Division by 0 in `QuantizedConv2D`
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 12.2
Published: almost 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXhnYzMtbTg5cC12cjN4
Heap buffer overflow in `Conv2DBackpropFilter`
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 12.2
Published: almost 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTRocmgtOXZtcC0yamdn
Heap buffer overflow in `StringNGrams`
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 12.2
Published: almost 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW0zNGotcDhyai13anhx
Division by 0 in `QuantizedBiasAdd`
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 12.2
Published: almost 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTl2cG0tcmNmNC05d3F3
Division by 0 in `MaxPoolGradWithArgmax`
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 12.2
Published: almost 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZmODktOGo1NC0yOXhm
Heap buffer overflow in `FractionalAvgPoolGrad`
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 12.2
Published: almost 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW12NzgtZzd3cS1taHA0
Division by zero in padding computation in TFLite
Ecosystems: pypi
Packages: tensorflow
Source: GitHub Advisory Database
Blast Radius: 12.2
Published: almost 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTI2ajctNnc4dy03OTIy
Division by zero in optimized pooling implementations in TFLite
Ecosystems: pypi
Packages: tensorflow
Source: GitHub Advisory Database
Blast Radius: 12.2
Published: almost 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTR2cmYtZmY3di1ocGdy
Division by zero in TFLite's implementation of `EmbeddingLookup`
Ecosystems: pypi
Packages: tensorflow
Source: GitHub Advisory Database
Blast Radius: 12.2
Published: almost 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTk3d2YtcDc3Ny04Nmpx
Division by zero in TFLite's implementation of Split
Ecosystems: pypi
Packages: tensorflow
Source: GitHub Advisory Database
Blast Radius: 12.2
Published: almost 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTlycGMtNXY5cS01cjdm
Incomplete validation in `SparseReshape`
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 17.5
Published: almost 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTRodnYtN3g5NC03dnE4
Null dereference in Grappler's `TrySimplify`
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 12.2
Published: almost 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTNoNXItOTI4di1teGho
Unauthorized client-side property update in UIDL request handler in Vaadin 10 and 11
Ecosystems: maven
Packages: com.vaadin:vaadin-bom
Source: GitHub Advisory Database
Blast Radius: 9.5
Published: about 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTdmanAtZzRtNy1meDIz
User (Encrypted) Password Field Being Serialised
Ecosystems: packagist
Packages: pwweb/laravel-core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZjZzgtOThxOC1nN21q
Exposure of Sensitive Information to an Unauthorized Actor and Insecure Temporary File in Ansible
Ecosystems: pypi
Packages: ansible
Source: GitHub Advisory Database
Blast Radius: 19.6
Published: about 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTkyM3AtZnIyYy1nNW0y
Exposure of Sensitive Information to an Unauthorized Actor in Ansible
Ecosystems: pypi
Packages: ansible
Source: GitHub Advisory Database
Blast Radius: 16.3
Published: about 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXY2NjIteHBjYy05eGY2
It's possible to execute anything with the rights of the author of a macro which uses the {{wikimacrocontent}} macro
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-rendering-wikimacro-store
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXc3MzYtaGY5cC1xcWgz
Key Caching behavior in the DynamoDB Encryption Client.
Ecosystems: maven
Packages: com.amazonaws:aws-dynamodb-encryption-java
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXFoeHgtajczci1xcG0y
Uninitialized memory access in TensorFlow
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 21.4
Published: over 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWY1Z2MtcDVtMy12MzQ3
XXE in petl
Ecosystems: pypi
Packages: petl
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXI4OXYtY2d2Ny0zamh4
Bypass of fix for CVE-2020-15247, Twig sandbox escape
Ecosystems: packagist
Packages: october/cms
Source: GitHub Advisory Database
Blast Radius: 13.0
Published: over 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJmamMteHJtZi01dnZ3
Privilege escalation by backend users assigned to the default "Publisher" system role
Ecosystems: packagist
Packages: october/backend
Source: GitHub Advisory Database
Blast Radius: 10.0
Published: over 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJ4cTMtNTI0OS04aGdn
personnummer/python vulnerable to Improper Input Validation
Ecosystems: pypi
Packages: personnummer
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZwZ2MtN2g3OC1neDhm
personnummer/js vulnerable to Improper Input Validation
Ecosystems: npm
Packages: personnummer
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Statistics
Advisories: 18,745
Packages: 8,373
Repositories: 449
Ecosystems: 12
Filter by Package
tensorflow 109 tensorflow-gpu 93 tensorflow-cpu 93 moodle/moodle 17 concrete5/concrete5 13 shopware/platform 12 typo3/cms 11 github.com/mattermost/mattermost/server/v8 10 phpmyadmin/phpmyadmin 10 shopware/core 10 nova 9 org.apache.tomcat:tomcat 9 org.jenkins-ci.main:jenkins-core 9 matrix-synapse 7 vyper 7 puppet 6 Umbraco.CMS 6 k8s.io/kubernetes 5 typo3/cms-core 5 wasmtime 5 helm.sh/helm/v3 5 sweetalert2 5 ansible 5 undici 5 baserproject/basercms 5 rack 5 october/backend 5 org.keycloak:keycloak-services 4 com.vaadin:flow-server 4 shopware/shopware 4 simplesamlphp/simplesamlphp 4 electron 4 actionpack 4 magento/community-edition 4 github.com/mattermost/mattermost-server/v6 4 github.com/cilium/cilium 4 helm.sh/helm 4 com.vaadin:vaadin-bom 3 wagtail 3 bin-links 3 ckb 3 plone 3 github.com/cosmos/cosmos-sdk 3 sylius/sylius 3 @openzeppelin/contracts-upgradeable 3 passenger 3 httplib2 3 org.apache.hive:hive 3 ethyca-fides 3 org.apache.hive:hive-service 3 org.apache.hive:hive-exec 3 node-forge 3 glance 3 org.graylog2:graylog2-server 3 cryptography 3 go.etcd.io/etcd 3 nautobot 3 github.com/mattermost/mattermost-server 3 symfony/symfony 3 tuf 2 moin 2 @apollo/server 2 ceph-deploy 2 org.jenkins-ci.plugins:azure-ad 2 github.com/opencontainers/runc 2 tools.devnull:build-notifications 2 silverstripe/framework 2 @openzeppelin/contracts 2 craftcms/cms 2 pip 2 org.apache.activemq:activemq-parent 2 typo3/cms-frontend 2 salt 2 Flask-Security-Too 2 com.inedo.proget:inedo-proget 2 winter/wn-backend-module 2 braces 2 django 2 org.jenkins-ci.plugins:bigpanda-jenkins 2 node-ipc 2 github.com/sigstore/cosign 2 org.jenkins-ci.plugins:ec2 2 Django 2 github.com/answerdev/answer 2 github.com/containerd/containerd 2 next-auth 2 github.com/authzed/spicedb 2 Pillow 2 ezsystems/ezpublish-kernel 2 org.eclipse.jetty:jetty-server 2 cargo 2 s2n-quic 2 vantage6 2 horizon 2 symfony/security-http 2 org.xwiki.platform:xwiki-platform-oldcore 2 github.com/mattermost/mattermost-plugin-jira 2 october/cms 2 com.ruoyi:ruoyi 2 Nova 2 activesupport 2 parse-server 2 flarum/core 2 org.jenkins-ci.plugins:artifactory 2 github.com/ntbosscher/gobase 2 langchain 2 nokogiri 2 org.jenkins-ci.plugins:wso2id-oauth 2 keystone 2 microweber/microweber 2 github.com/cometbft/cometbft 2 gilacms/gila 2 github.com/hashicorp/nomad 2 OctoPrint 2 Zope 2 grumpydictator/firefly-iii 2 aiohttp 2 typo3/cms-install 2 github.com/mutagen-io/mutagen 2 ezsystems/ezplatform-kernel 2 Flask-AppBuilder 2 org.jenkins-ci.plugins:mercurial 2 org.jenkins-ci.plugins:repository-connector 2 org.bouncycastle:bcprov-jdk14 2 go.etcd.io/etcd/client/v3 2 fast-xml-parser 1 org.scala-sbt:io_3 1 org.wiremock:wiremock-standalone 1 github.com/oauth2-proxy/oauth2-proxy 1 ajenti 1 org.jenkins-ci.plugins:snsnotify 1 org.wiremock:wiremock 1 org.scala-sbt:io_2.13 1 org.scala-sbt:io_2.12 1 com.github.tomakehurst:wiremock-jre8 1 com.github.tomakehurst:wiremock-jre8-standalone 1 es5-ext 1 org.scala-sbt:sbt 1 wiremock 1 org.xwiki.platform:xwiki-platform-security-authentication-script 1 github.com/nats-io/nats-server/v2 1 rabbit_common 1 org.keycloak:keycloak-core 1 github.com/oauth2-proxy/oauth2-proxy/v7 1 hyper 1 org.jenkins-ci.plugins:openshift-deployer 1 @diez/generation 1 @liquity/contracts 1 github.com/Masterminds/goutils 1 qutebrowser 1 automad/automad 1 mindspore 1 go.elastic.co/apm 1 kafo 1 net.sf.mpxj:mpxj 1 net.sf.mpxj 1 net.sf.mpxj-for-csharp 1 net.sf.mpxj-for-vb 1 mpxj 1 keylime 1 kimai/kimai 1 zerocopy 1 francoisjacquet/rosariosis 1 RPLY 1 seneca 1 hooka-tools 1 org.bouncycastle:bcprov-jdk15to18 1 org.bouncycastle:bcprov-jdk13 1 org.bouncycastle:bcprov-jdk12 1 io.jenkins.plugins:gitlab-branch-source 1 org.springframework.batch:spring-batch-core 1 org.jenkins-ci.plugins:ghprb 1 com.xuxueli:xxl-job-core 1 virtualenv 1 com.typesafe.play:play 1 ember-source 1 @aedart/support 1 streamlit 1 org.jenkins-ci.plugins:reverse-proxy-auth-plugin 1 thelounge 1 flarum/framework 1 Werkzeug 1 django-basic-auth-ip-whitelist 1 github.com/canonical/lxd 1 markdown-link-extractor 1 github.com/flyteorg/flyteadmin 1 plone.restapi 1 datasette-graphql 1 org.keycloak:keycloak-server-spi-private 1 spina 1 admidio/admidio 1 phpmyfaq/phpmyfaq 1 solidus_backend 1 debug 1 org.keycloak:keycloak-parent 1 org.xmlunit:xmlunit-core 1 github.com/consensys/gnark-crypto 1 github.com/tendermint/tendermint 1 github.com/aws/aws-sdk-go 1 github.com/goharbor/harbor 1
Filter by Repository
https://github.com/tensorflow/tensorflow 109 https://github.com/moodle/moodle 17 https://github.com/concretecms/concretecms 13 https://github.com/shopware/platform 12 https://github.com/openstack/nova 11 https://github.com/etcd-io/etcd 8 https://github.com/umbraco/Umbraco-CMS 7 https://github.com/matrix-org/synapse 7 https://github.com/phpmyadmin/phpmyadmin 7 https://github.com/eclipse/jetty.project 7 https://github.com/vyperlang/vyper 7 https://github.com/octobercms/october 7 https://github.com/rails/rails 6 https://github.com/sweetalert2/sweetalert2 5 https://github.com/nodejs/undici 5 https://github.com/rack/rack 5 https://github.com/ansible/ansible 5 https://github.com/helm/helm 5 https://github.com/kubernetes/kubernetes 5 https://github.com/keycloak/keycloak 5 https://github.com/bytecodealliance/wasmtime 5 https://github.com/baserproject/basercms 5 https://github.com/TYPO3/typo3 5 https://github.com/xwiki/xwiki-platform 5 https://github.com/puppetlabs/puppet 5 https://github.com/jenkinsci/jenkins 5 https://github.com/simplesamlphp/simplesamlphp 4 https://github.com/apache/tomcat 4 https://github.com/cilium/cilium 4 https://github.com/wintercms/winter 4 https://github.com/shopware/shopware 4 https://github.com/electron/electron 4 https://github.com/mattermost/mattermost 4 https://github.com/vaadin/platform 4 https://github.com/django/django 3 https://github.com/cosmos/cosmos-sdk 3 https://github.com/ethyca/fides 3 https://github.com/nautobot/nautobot 3 https://github.com/symfony/symfony 3 https://github.com/pyca/cryptography 3 https://github.com/vaadin/flow 3 https://github.com/Sylius/Sylius 3 https://github.com/httplib2/httplib2 3 https://github.com/openstack/keystone 3 https://github.com/vantage6/vantage6 3 https://github.com/wagtail/wagtail 3 https://github.com/CVEProject/cvelist 3 https://github.com/phusion/passenger 3 https://github.com/nervosnetwork/ckb 3 https://github.com/Graylog2/graylog2-server 3 https://github.com/digitalbazaar/forge 3 https://github.com/apollographql/apollo-server 2 https://github.com/flarum/framework 2 https://github.com/rust-lang/cargo 2 https://github.com/aws/s2n-quic 2 https://github.com/nextauthjs/next-auth 2 https://github.com/apache/activemq 2 https://github.com/quarkusio/quarkus 2 https://github.com/saltstack/salt 2 https://github.com/jenkinsci/ec2-plugin 2 https://github.com/ezsystems/ezplatform-kernel 2 https://github.com/openstack/glance 2 https://github.com/ntbosscher/gobase 2 https://github.com/sparklemotion/nokogiri 2 https://github.com/craftcms/cms 2 https://github.com/nats-io/nats-server 2 https://github.com/ceph/ceph-deploy 2 https://github.com/microweber/microweber 2 https://github.com/aio-libs/aiohttp 2 https://github.com/zopefoundation/Zope 2 https://github.com/octoprint/octoprint 2 https://github.com/cometbft/cometbft 2 https://github.com/GilaCMS/gila 2 https://github.com/containerd/containerd 2 https://github.com/RIAEvangelist/node-ipc 2 https://github.com/openstack/horizon 2 https://github.com/sigstore/cosign 2 https://github.com/parse-community/parse-server 2 https://github.com/theupdateframework/python-tuf 2 https://gitlab.com/sequoia-pgp/sequoia 2 https://github.com/firefly-iii/firefly-iii 2 https://github.com/Flask-Middleware/flask-security 2 https://github.com/TYPO3/TYPO3.CMS 2 https://github.com/mutagen-io/mutagen 2 https://github.com/mattermost/mattermost-plugin-jira 2 https://github.com/dpgaspar/Flask-AppBuilder 2 https://github.com/hashicorp/nomad 2 https://github.com/bcgit/bc-java 2 https://github.com/micromatch/braces 2 https://github.com/pypa/pip 2 https://github.com/opencontainers/runc 2 https://github.com/answerdev/answer 2 https://github.com/authzed/spicedb 2 https://github.com/OpenZeppelin/openzeppelin-contracts 2 https://github.com/opencontainers/distribution-spec 2 https://github.com/brefphp/bref 1 https://github.com/swagger-api/swagger-codegen 1 https://github.com/fastify/fastify-http-proxy 1 https://github.com/joeferner/redis-commander 1 https://github.com/thelounge/thelounge 1 https://github.com/knative-extensions/eventing-github 1 https://github.com/dojo/dijit 1 https://github.com/PHPMailer/PHPMailer 1 https://github.com/personnummer/csharp 1 https://github.com/Consensys/gnark-crypto 1 https://github.com/httpie/httpie 1 https://github.com/waysact/webpack-subresource-integrity 1 https://github.com/keystonejs/keystone 1 https://github.com/plone/Products.CMFPlone 1 https://github.com/jenkinsci/mercurial-plugin 1 https://github.com/canonical/lxd 1 https://github.com/yiisoft/yii2-authclient 1 https://github.com/google/zerocopy 1 https://github.com/ezsystems/ezpublish-kernel 1 https://github.com/tinymce/tinymce 1 https://github.com/NVIDIA/NeMo 1 https://github.com/vapor/postgres-nio 1 https://github.com/jquery-validation/jquery-validation 1 https://github.com/Azure/setup-kubectl 1 https://github.com/theupdateframework/go-tuf 1 https://github.com/croogo/croogo 1 https://github.com/derbyjs/derby 1 https://github.com/puma/puma 1 https://github.com/endojs/endo 1 https://github.com/moq/moq 1 https://github.com/rails/globalid 1 https://github.com/medikoo/es5-ext 1 https://github.com/jenkinsci/email-ext-plugin 1 https://github.com/python-imaging/Pillow 1 https://github.com/jenkinsci/qmetry-for-jira-test-management-plugin 1 https://github.com/Cyber-Domain-Ontology/CDO-Utility-Local-UUID 1 https://github.com/simplegeo/python-oauth2 1 https://github.com/decidim/decidim 1 https://github.com/spinacms/spina 1 https://github.com/keylime/keylime 1 https://github.com/vega/vega 1 https://github.com/Masterminds/goutils 1 https://github.com/skylot/jadx 1 https://github.com/cloudfoundry/uaa 1 https://github.com/directus/directus 1 https://github.com/Twipped/ircdkit 1 https://github.com/electron-userland/electron-packager 1 https://github.com/ktorio/ktor 1 https://github.com/PrestaShop/productcomments 1 https://github.com/mlflow/mlflow 1 https://github.com/kopia/kopia 1 https://github.com/fluent/fluentd 1 https://github.com/jcubic/jquery.terminal 1 https://github.com/lexik/LexikJWTAuthenticationBundle 1 https://github.com/kitabisa/teler 1 https://github.com/firebase/firebase-tools 1 https://github.com/jeremylong/DependencyCheck 1 https://github.com/tauri-apps/tauri 1 https://github.com/node-red/node-red 1 https://github.com/ubernostrum/django-registration 1 https://github.com/personnummer/php 1 https://github.com/openjdk/jfx 1 https://github.com/livehelperchat/livehelperchat 1 https://github.com/CosmWasm/cosmwasm 1 https://github.com/cjvnjde/google-translate-api-browser 1 https://github.com/floriangaerber/Magnesium-PHP 1 https://github.com/zowe/imperative 1 https://github.com/jenkinsci/digitalocean-plugin 1 https://github.com/jenkinsci/inedo-buildmaster-plugin 1 https://github.com/onionshare/onionshare 1 https://github.com/sparklemotion/sqlite3-ruby 1 https://github.com/memorysafety/sudo-rs 1 https://github.com/ericcornelissen/shescape 1 https://github.com/alphagov/tech-docs-gem 1 https://github.com/tailscale/tailscale 1 https://github.com/Nebulosus/shamir 1 https://github.com/ajenti/ajenti 1 https://github.com/xuxueli/xxl-job 1 https://github.com/yourls/yourls 1 https://github.com/bbatsov/rubocop 1 https://github.com/dan1hc/fgr 1 https://github.com/jenkinsci/github-plugin 1 https://github.com/kiwitcms/Kiwi 1 https://github.com/gradle/gradle 1 https://gitlab.com/edneville/please 1 https://github.com/xmlunit/xmlunit 1 https://github.com/octokit/octopoller.rb 1 https://github.com/disintegration/imaging 1 https://github.com/node-js-libs/cli 1 https://github.com/Brondahl/EnumStringValues 1 https://github.com/foxcpp/maddy 1 https://github.com/jenkinsci/git-client-plugin 1 https://github.com/personnummer/go 1 https://github.com/amundsen-io/amundsenfrontendlibrary 1 https://github.com/elastic/apm-agent-go 1 https://github.com/rust-vmm/linux-loader 1 https://github.com/jenkinsci/resource-disposer-plugin 1 https://github.com/zopefoundation/Products.GenericSetup 1 https://github.com/npm/npm 1 https://github.com/triaxtec/openapi-python-client 1 https://github.com/arguiot/EyeJS 1 https://github.com/dub-flow/vulnerability-research 1 https://github.com/jenkinsci/gitlab-plugin 1 https://github.com/impredicative/bitlyshortener 1