Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories

Loading...
Moderate
GSA_kwCzR0hTQS00cXJwLTI3cjMtNjZmas0ylw
Improper sanitize of SVG files during content upload ('Cross-site Scripting') in sylius/sylius
Ecosystems: packagist
Packages: Sylius/Sylius
Source: GitHub Advisory Database
Blast Radius: 17.5
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS02Yzl4LW1qM2ctaDQ3eM0ybQ
Spoofing attack in swagger-ui-dist
Ecosystems: npm
Packages: swagger-ui-dist
Source: GitHub Advisory Database
Blast Radius: 29.2
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1jZ3JqLXhqbTctOXEyN84AAtA6
Open redirect in web2py
Ecosystems: pypi
Packages: web2py
Source: GitHub Advisory Database
Blast Radius: 8.1
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1qcHA3LTdjaGgtY2Y2N84AAtAo
Cross site scripting in parse-url
Ecosystems: npm
Packages: parse-url
Source: GitHub Advisory Database
Blast Radius: 32.4
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1md2ZqLThwMzYtcmM2NM4AA0AN
Moodle vulnerable to Cross-site Scripting
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 8.6
Published: 11 months ago
Moderate
GSA_kwCzR0hTQS12NHYyLThoODgtNjVxas4AA3W6
Attribute Injection leading to XSS(Cross-Site-Scripting)
Ecosystems: npm
Packages: uptime-kuma
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS14aDRtLTk5cXAtdzQ4M84AAWcL
Cloud Foundry UAA open redirect
Ecosystems: maven
Packages: org.cloudfoundry.identity:cloudfoundry-identity-server
Source: GitHub Advisory Database
Blast Radius: 7.2
Published: about 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTk1Mm0tbTgzYy0zeG02
Open redirect in direct_mail
Ecosystems: packagist
Packages: directmailteam/direct-mail
Source: GitHub Advisory Database
Blast Radius: 2.9
Published: almost 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWZxcjUtcXBoZi12ZnI4
Cross Site Scripting (XSS) in Simiki
Ecosystems: pypi
Packages: simiki
Source: GitHub Advisory Database
Blast Radius: 4.3
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS05ZjQ1LTlxcnctcHA0ds4AAyQt
Moodle vulnerable to Cross-site Scripting when algebra filter enabled but not functional
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 8.6
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS03OWd4LTNmbTgtcXhxcc4AAwCx
Microweber vulnerable to cross-site scripting (XSS)
Ecosystems: packagist
Packages: microweber/microweber
Source: GitHub Advisory Database
Blast Radius: 4.3
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS13amc4LXB4cWotYzNjN84AA0TB
Artesãos SEOTools Open Redirect vulnerability
Ecosystems: packagist
Packages: artesaos/seotools
Source: GitHub Advisory Database
Blast Radius: 17.6
Published: 11 months ago
Moderate
GSA_kwCzR0hTQS0yamptLTZ3aHgtcDh3NM4AAYGH
filp whoops Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: filp/whoops
Source: GitHub Advisory Database
Blast Radius: 34.1
Published: about 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTVtNjktM2NoZy02Zjht
Cross Site Scripting (XSS) in Quokka
Ecosystems: pypi
Packages: quokka
Source: GitHub Advisory Database
Blast Radius: 3.7
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS12aHFyLTNncjItN3B4Oc4AAU4H
Subrion CMS Cross-site Scripting
Ecosystems: packagist
Packages: intelliants/subrion
Source: GitHub Advisory Database
Blast Radius: 3.7
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS01cHFmLXJ2bTctM3dnd84AAwgU
collective.contact.widget is vulnerable to cross-site scripting
Ecosystems: pypi
Packages: collective.contact.widget
Source: GitHub Advisory Database
Blast Radius: 3.7
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1tMzZ4LW1nZmgtOGc3OM0l_w
Subdomain Takeover in Interactsh server
Ecosystems: go
Packages: github.com/projectdiscovery/interactsh
Source: GitHub Advisory Database
Blast Radius: 12.4
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS0yNjR3LWd3OWctZmhnas4AAv9b
Cross-site Scripting in librenms/librenms
Ecosystems: packagist
Packages: librenms/librenms
Source: GitHub Advisory Database
Blast Radius: 1.8
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1wY2Z4LWcyajItZjZmNs4AA5qg
Docassemble HTML and javascript injection
Ecosystems: pypi
Packages: docassemble.webapp
Source: GitHub Advisory Database
Blast Radius: 4.3
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS1yNmZ2LTU2Z3AtajNyNM4AAq1k
Typo3 Cross-Site Scripting in Link Handling
Ecosystems: packagist
Packages: typo3/cms, typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 21.9
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1wMmZtLThyaGotNThmcs4AAWz6
Dolibarr Cross-site scripting (XSS) vulnerability
Ecosystems: packagist
Packages: dolibarr/dolibarr
Source: GitHub Advisory Database
Blast Radius: 4.7
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1wMzNxLTRoNG0tajk5NM4AAwy7
Inline SVG vulnerable to Cross-site Scripting
Ecosystems: rubygems
Packages: inline_svg
Source: GitHub Advisory Database
Blast Radius: 18.4
Published: over 1 year ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTQ5cnYtZzd3NS1tOHh4
Cross-Site Scripting in @novnc/novnc
Ecosystems: npm
Packages: @novnc/novnc
Source: GitHub Advisory Database
Blast Radius: 15.6
Published: over 3 years ago
Moderate
GSA_kwCzR0hTQS14d2o3LTI5ajctcnc3Ns4AAs5R
Cross site scripting in Elefant CMS
Ecosystems: packagist
Packages: elefant/cms
Source: GitHub Advisory Database
Blast Radius: 3.7
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1waDg0LXZnN3EtZnFxOM4AAh3F
Bolt Cross-site Scripting (XSS) via a title that is mishandled in the system log
Ecosystems: packagist
Packages: bolt/bolt
Source: GitHub Advisory Database
Blast Radius: 14.4
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS0yMzJwLTU5bWctZjk4cM4AAu9h
Microweber Cross-site Scripting can result in redirection to a malicious site
Ecosystems: packagist
Packages: microweber/microweber
Source: GitHub Advisory Database
Blast Radius: 4.3
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1nNjZxLWdyeGMtNjRqM84AAWk9
Cross-site Scripting in JavaMelody
Ecosystems: maven
Packages: net.bull.javamelody:javamelody-core
Source: GitHub Advisory Database
Blast Radius: 17.4
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS03eGo1LWZ3cXItNTM3OM04Fg
Cross-site Scripting in craftcms/cms
Ecosystems: packagist
Packages: craftcms/cms
Source: GitHub Advisory Database
Blast Radius: 21.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1tOThxLXE1OXAtcjlmds4AAj8T
Moodle open redirect vulnerability
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 8.6
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1tZ2ZwLXFjZjItcHczbc4AAmyM
Moodle stored Cross-site Scripting (XSS)
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 8.6
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS03MmN4LTVmZjktNGhoY8098A
Cross-site scripting in markdown2 for python
Ecosystems: pypi
Packages: markdown2
Source: GitHub Advisory Database
Blast Radius: 22.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS03NTJjLXZmcGYtY3Ayd84AArAR
openark/orchestrator cross-site scripting vulnerability
Ecosystems: go
Packages: github.com/openark/orchestrator
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1xOWc1LTk4cG0tdzZxN84AAVU1
Cobbler XSS Vulnerability
Ecosystems: pypi
Packages: cobbler
Source: GitHub Advisory Database
Blast Radius: 6.4
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS12NDdqLXJ3OWgtNm00N84AAWS6
Pagekit open redirect vulnerability
Ecosystems: packagist
Packages: pagekit/pagekit
Source: GitHub Advisory Database
Blast Radius: 3.7
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1yM2dxLXd4cWYtcTRnaM0qQA
Cross-site Scripting in Gitea
Ecosystems: go
Packages: github.com/go-gitea/gitea
Source: GitHub Advisory Database
Blast Radius: 9.8
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1waGc2LTQ0bTctaHgzaM4AA6AX
Whoogle Search Cross-site Scripting vulnerability
Ecosystems: pypi
Packages: whoogle-search
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS1weHBmLXYzNzYtN3h4Nc1RKw
tagify can pass a malicious placeholder to initiate the cross-site scripting (XSS) payload
Ecosystems: npm
Packages: @yaireo/tagify
Source: GitHub Advisory Database
Blast Radius: 17.6
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1xdmh2LXB3d3ctNTNqas4AAjbG
Typo3 Cross-Site Scripting in Flash component (ELTS)
Ecosystems: packagist
Packages: typo3/cms
Source: GitHub Advisory Database
Blast Radius: 15.9
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS02Z3gyLWc3NzMtaHY5aM4AAwBP
Moodle reflected cross-site scripting vulnerability in policy tool
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 8.6
Published: over 1 year ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTdweDctN3hqeC1oeG04
Marked vulnerable to XSS from data URIs
Ecosystems: npm
Packages: marked
Source: GitHub Advisory Database
Blast Radius: 34.6
Published: over 6 years ago
Moderate
GSA_kwCzR0hTQS1odzJwLXhxaHEtM21qZs4AAuYz
Cross site scripting in mobiledoc-kit
Ecosystems: npm
Packages: mobiledoc-kit
Source: GitHub Advisory Database
Blast Radius: 7.7
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS12aGc4LXg4NTgtN3dxNs4AAdKN
Drupal Cross-site scripting (XSS) vulnerability
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 22.7
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1tNjg4LWN4MnAtcmdxOc4AAwp5
Twitter-Post-Fetcher vulnerable to Use of Web Link to Untrusted Target with window.opener Access
Ecosystems: npm
Packages: twitter-fetcher-js
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS05djN3LW01NTItbTZmZs3tog
Pi Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: pi/pi
Source: GitHub Advisory Database
Blast Radius: 7.3
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS00bW1oLTV2dzctcmd2as4AAuFs
Venice vulnerable to Partial Path Traversal issue within the functions `load-file` and `load-resource`
Ecosystems: maven
Packages: com.github.jlangch:venice
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTlwMjktOTRocC04cnZj
qiita-markdown Cross-site Scripting vulnerability
Ecosystems: rubygems
Packages: qiita-markdown
Source: GitHub Advisory Database
Blast Radius: 9.2
Published: almost 3 years ago
Moderate
GSA_kwCzR0hTQS14NjM3LXg4cDMtNXAyMs4AA6Jm
Improper Authentication in Spring Authorization Server
Ecosystems: maven
Packages: org.springframework.security:spring-security-oauth2-authorization-server
Source: GitHub Advisory Database
Blast Radius: 17.5
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS0yZnhmLXFqOTQtM2Y4M84AAtzp
Apache JSPWiki XSS due to crafted request on XHRHtml2Markup.jsp
Ecosystems: maven
Packages: org.apache.jspwiki:jspwiki-main
Source: GitHub Advisory Database
Blast Radius: 7.9
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1md2h2LTlwaGotd3JqNc4AAyjA
Uvdesk vulnerable to stored cross-site scripting (XSS)
Ecosystems: packagist
Packages: uvdesk/community-skeleton
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWdyZnAtcTJtbS1oZnA2
Redirect URL matching ignores character casing
Ecosystems: go
Packages: github.com/ory/fosite
Source: GitHub Advisory Database
Blast Radius: 14.8
Published: almost 3 years ago
Moderate
GSA_kwCzR0hTQS00d2ZxLWpjOWgtdnBjeM4AAy-i
Lack of domain validation in Druple core
Ecosystems: packagist
Packages: drupal/core
Source: GitHub Advisory Database
Blast Radius: 22.7
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1xNDQ4LTZjM20tY3htas0xNQ
Cross-site Scripting in jeecg-boot
Ecosystems: maven
Packages: org.jeecgframework.boot:jeecg-boot-base-core, org.jeecgframework.boot:jeecg-boot-base
Source: GitHub Advisory Database
Blast Radius: 14.4
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1nY3ZwLWN3Z3ctd3g4as4AAbaY
phpMyAdmin XSS Vulnerability
Ecosystems: packagist
Packages: phpmyadmin/phpmyadmin
Source: GitHub Advisory Database
Blast Radius: 7.2
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1tajlyLWZwdjMtcmdmeM4AAy6p
Shopware vulnerable to cross-site scripting (XSS)
Ecosystems: packagist
Packages: shopware/shopware
Source: GitHub Advisory Database
Blast Radius: 10.1
Published: about 1 year ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXA2aDktZ3c0OS1ycW00
markdown2 is vulnerable to cross-site scripting
Ecosystems: pypi
Packages: markdown2
Source: GitHub Advisory Database
Blast Radius: 22.0
Published: almost 6 years ago
Moderate
GSA_kwCzR0hTQS05N2ZwLTVtODctcjltZs4AAhSf
Dolibarr Cross Site Scripting (XSS)
Ecosystems: packagist
Packages: dolibarr/dolibarr
Source: GitHub Advisory Database
Blast Radius: 4.7
Published: almost 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTVxNzUtY3hjcS13cjI2
Cross-site Scripting in jspwiki-war
Ecosystems: maven
Packages: org.apache.jspwiki:jspwiki-war
Source: GitHub Advisory Database
Blast Radius: 8.2
Published: over 5 years ago
Moderate
GSA_kwCzR0hTQS03N2NxLXdncGYtZzQ0Oc4AAUzp
Coaster CMS Stored Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: web-feet/coastercms
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS04NTk1LTY2NTMtOTZwMs4AAzCW
phpMyFAQ vulnerable to Stored Cross-site Scripting
Ecosystems: packagist
Packages: thorsten/phpmyfaq
Source: GitHub Advisory Database
Blast Radius: 3.7
Published: about 1 year ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTloeDctcmc3dy14bTc5
XSS vulnerability in company name field in Mautic
Ecosystems: packagist
Packages: mautic/core
Source: GitHub Advisory Database
Blast Radius: 2.9
Published: over 3 years ago
Moderate
GSA_kwCzR0hTQS1tdzJjLXZ4NmotbWc3Ns4AA5JL
CKEditor4 Cross-site Scripting vulnerability in samples with enabled the preview feature
Ecosystems: npm
Packages: ckeditor4
Source: GitHub Advisory Database
Blast Radius: 16.7
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS1wY3dxLTd3cnctcjhqds0waQ
Cross-site Scripting in intelliants/subrion
Ecosystems: packagist
Packages: intelliants/subrion
Source: GitHub Advisory Database
Blast Radius: 3.7
Published: about 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXFqaHItYzIzZi13NzZx
Inline JS XSS vulnerability in Mautic
Ecosystems: packagist
Packages: mautic/core
Source: GitHub Advisory Database
Blast Radius: 2.9
Published: over 3 years ago
Moderate
GSA_kwCzR0hTQS1mM3hyLXEyNTgtaDdtOc4AAiXR
Craft CMS XSS Vulnerability
Ecosystems: packagist
Packages: craftcms/cms
Source: GitHub Advisory Database
Blast Radius: 21.0
Published: almost 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWM4d2gtNmp3NC0yaDc5
Potential unauthorized access to stored request & session data when plugin is misconfigured in October CMS Debugbar
Ecosystems: packagist
Packages: rainlab/debugbar-plugin
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 4 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWc4amotODk5cS04eDNq
Cross-site scripting in json-sanitizer
Ecosystems: maven
Packages: com.mikesamuel:json-sanitizer
Source: GitHub Advisory Database
Blast Radius: 12.1
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1oNGZoLWdwdmgtNzUzZ84AARuN
Yab Quarx persistent cross-site scripting vulnerability
Ecosystems: packagist
Packages: yab/quarx
Source: GitHub Advisory Database
Blast Radius: 1.8
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1tcmNqLTVxeHItdmhwMs4AA0Jz
angular-ui-notification Cross-site Scripting vulnerability
Ecosystems: npm
Packages: angular-ui-notification
Source: GitHub Advisory Database
Blast Radius: 16.1
Published: 11 months ago
Moderate
GSA_kwCzR0hTQS03ZjYzLWg2ZzMtN2N3bc0vhw
Cross Site Scripting (XSS) in @finastra/ssr-pages
Ecosystems: npm
Packages: @finastra/ssr-pages
Source: GitHub Advisory Database
Blast Radius: 4.7
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1xYzJwLTZxcmYtMjVqMs4AAq22
laracom Cross-site Scripting
Ecosystems: packagist
Packages: jsdecena/laracom
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS12NnEyLTRxcjMtNWN3Ns4AA6Gm
Unencrypted traffic between nodes when using WireGuard and L7 policies
Ecosystems: go
Packages: github.com/cilium/cilium
Source: GitHub Advisory Database
Blast Radius: 12.3
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS1mMmc1LTQyNmYtMzUzcc4AArc_
Cross-site Scripting in Dolibarr
Ecosystems: packagist
Packages: dolibarr/dolibarr
Source: GitHub Advisory Database
Blast Radius: 4.7
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1mOHc5LTY2ZnAtM2pnd84AAifK
Jenkins build-metrics Plugin reflected cross-site scripting vulnerability
Ecosystems: maven
Packages: org.jenkins-ci.plugins:build-metrics
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXEyNnctd2pqMi0yMnZ2
Cross-site scripting in Joplin
Ecosystems: npm
Packages: joplin
Source: GitHub Advisory Database
Blast Radius: 8.7
Published: about 3 years ago
Moderate
GSA_kwCzR0hTQS1od3Z3LWdoMjMtcXB2cc4AA6ix
CA17 TeamsACS Cross Site Scripting vulnerability
Ecosystems: go
Packages: github.com/ca17/teamsacs
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS1qODloLXFydnIteGMzNs4AA6Gl
Unencrypted traffic between nodes when using IPsec and L7 policies
Ecosystems: go
Packages: github.com/cilium/cilium
Source: GitHub Advisory Database
Blast Radius: 12.3
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS01OTU3LTVjcngtNzlqeM4AAjaE
Zenario CMS vulnerable to CRLF injection
Ecosystems: packagist
Packages: zendframework/zend-http, zendframework/zendframework1, zendframework/zendframework
Source: GitHub Advisory Database
Blast Radius: 23.8
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS02dzYyLTgzZzYtcmZoas3gfw
Node Connect Reflected Cross-Site Scripting in Sencha Labs Connect middleware
Ecosystems: npm
Packages: connect
Source: GitHub Advisory Database
Blast Radius: 34.0
Published: about 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTl3NDktbTd4aC01cjM5
Cross-site scripting in papermerge
Ecosystems: pypi
Packages: papermerge
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWgyMzYtZzVnaC12cTZj
DOM-based cross-site scripting in Froala Editor
Ecosystems: npm
Packages: froala-editor
Source: GitHub Advisory Database
Blast Radius: 19.3
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1tcm1mLTc1NWctdzJ2d84AApZY
Joplin vulnerable to Cross-site Scripting in notes
Ecosystems: npm
Packages: joplin
Source: GitHub Advisory Database
Blast Radius: 8.7
Published: almost 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTRwMjQtdm1jci00Z3Fq
Bootstrap Cross-site Scripting vulnerability
Ecosystems: npm
Packages: bootstrap
Source: GitHub Advisory Database
Blast Radius: 36.2
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTdyODMtdzZyOC1maDZ3
Reflected Cross-site Scripting (XSS) in ACS Commons
Ecosystems: maven
Packages: com.adobe.acs:acs-aem-commons
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 3 years ago
Moderate
GSA_kwCzR0hTQS1jZnFqLTlnMmctdzdxNs0YJg
Apache JSPWiki Cross-site Scripting due to carefully crafted plugin link invocation
Ecosystems: maven
Packages: org.apache.jspwiki:jspwiki-main
Source: GitHub Advisory Database
Blast Radius: 7.9
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1yNjRxLXc4anItZzlxcM3wRw
Improper Neutralization of CRLF Sequences in urllib3 library for Python
Ecosystems: pypi
Packages: urllib3
Source: GitHub Advisory Database
Blast Radius: 34.3
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1wMnBmLWc4Y3EtM2dxNc4AAx5T
teler-waf contains detection rule bypass via Entities payload
Ecosystems: go
Packages: github.com/kitabisa/teler-waf
Source: GitHub Advisory Database
Blast Radius: 1.8
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS00cWY2LXZwajgtcDRyNs4AArXo
Cross site scripting in SSCMS
Ecosystems: nuget
Packages: SSCMS
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS0ycm03LXh4eDgtMzVqaM4AAhQN
MediaWiki Cross-site Scripting (XSS)
Ecosystems: packagist
Packages: mediawiki/core
Source: GitHub Advisory Database
Blast Radius: 6.1
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1nZ2o0LTc4cm0tNnhnds4AA2uV
baserCMS Cross-site Scripting vulnerability in File upload Feature
Ecosystems: packagist
Packages: baserproject/basercms
Source: GitHub Advisory Database
Blast Radius: 3.7
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS0zcDg1LXA0cWctaGNycM0azQ
pimcore is vulnerable to Cross-site Scripting
Ecosystems: packagist
Packages: pimcore/pimcore
Source: GitHub Advisory Database
Blast Radius: 15.2
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1wanY1LXZ2OTMtcDY0OM4AAi6r
Possible to circumvent title-blacklist
Ecosystems: packagist
Packages: mediawiki/core
Source: GitHub Advisory Database
Blast Radius: 6.1
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1oZ3F4LXIyaHAtanIzOM4AA2kG
TinyMCE XSS vulnerability in notificationManager.open API
Ecosystems: packagist, nuget, npm
Packages: tinymce/tinymce, TinyMCE, tinymce
Source: GitHub Advisory Database
Blast Radius: 43.2
Published: 7 months ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTNyeDIteDZteC1ncmoz
Cross-site scripting in Apache JSPWiki
Ecosystems: maven
Packages: org.apache.jspwiki:jspwiki-war
Source: GitHub Advisory Database
Blast Radius: 8.2
Published: over 4 years ago
Moderate
GSA_kwCzR0hTQS1oNzNxLTV3bWotcThwas0WAQ
Cross site scripting in datatables.net
Ecosystems: npm
Packages: datatables.net
Source: GitHub Advisory Database
Blast Radius: 28.3
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS12NW02LTJtNzgtNHZyMs4AAhkr
Magento 2 Community Edition XSS Vulnerability
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 6.6
Published: almost 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWNtaDUtcWM4dy14dmNx
Cross-Site Scripting in i18next
Ecosystems: npm
Packages: i18next
Source: GitHub Advisory Database
Blast Radius: 28.7
Published: almost 6 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXFmaDItNmY3cS1ncjg2
Cross-Site Scripting in sexstatic
Ecosystems: npm
Packages: sexstatic
Source: GitHub Advisory Database
Blast Radius: 9.3
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW0yNDItd2M4Ni04NzY4
python-fedora vulnerable to an open redirect resulting in loss of CSRF protection
Ecosystems: pypi
Packages: python-fedora
Source: GitHub Advisory Database
Blast Radius: 10.5
Published: almost 6 years ago
Moderate
GSA_kwCzR0hTQS1tZzVoLXJoanEtNnY4NM4AAvmM
phpMyFAQ vulnerable to reflected Cross-site Scripting
Ecosystems: packagist
Packages: thorsten/phpmyfaq
Source: GitHub Advisory Database
Blast Radius: 3.7
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS02NDY1LXI3NTItMmg4ds3mSw
Cross-site Scripting in facturascripts
Ecosystems: packagist
Packages: facturascripts/facturascripts
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Statistics
Advisories: 18,774
Packages: 8,381
Repositories: 5,080
Ecosystems: 12
Filter by Severity
Moderate 8,161 High 6,452 Critical 2,849 Low 1,017
Filter by Ecosystem
maven 5,573 packagist 4,003 pypi 3,848 npm 3,557 go 1,935 nuget 1,421 rubygems 815 cargo 780 swift 31 hex 30 actions 16 pub 8
Filter by Package
tensorflow 432 tensorflow-cpu 387 tensorflow-gpu 384 moodle/moodle 323 Microsoft.ChakraCore 247 magento/community-edition 203 org.jenkins-ci.main:jenkins-core 189 org.apache.tomcat:tomcat 134 pimcore/pimcore 116 dolibarr/dolibarr 107 typo3/cms 102 phpmyadmin/phpmyadmin 92 microweber/microweber 91 drupal/core 90 django 80 apache-airflow 78 typo3/cms-core 77 drupal/drupal 75 thorsten/phpmyfaq 70 com.fasterxml.jackson.core:jackson-databind 69 ansible 63 github.com/usememos/memos 59 actionpack 57 org.apache.struts:struts2-core 55 librenms/librenms 54 symfony/symfony 53 salt 53 Plone 52 concrete5/concrete5 52 apache-superset 49 shopware/platform 48 org.keycloak:keycloak-core 47 nova 45 com.liferay.portal:release.portal.bom 45 github.com/grafana/grafana 44 baserproject/basercms 43 nokogiri 43 plone 43 rdiffweb 42 Pillow 41 intelliants/subrion 40 showdoc/showdoc 40 craftcms/cms 40 vyper 38 github.com/mattermost/mattermost/server/v8 38 github.com/mattermost/mattermost-server/v6 37 nilsteampassnet/teampass 37 froxlor/froxlor 37 org.apache.tomcat.embed:tomcat-embed-core 36 shopware/core 36 com.jfinal:jfinal 36 com.thoughtworks.xstream:xstream 36 matrix-synapse 35 net.mingsoft:ms-mcms 35 moin 34 github.com/answerdev/answer 34 org.xwiki.platform:xwiki-platform-oldcore 34 mlflow 33 org.elasticsearch:elasticsearch 32 org.jenkins-ci.plugins:script-security 32 snipe/snipe-it 32 silverstripe/framework 32 k8s.io/kubernetes 32 keystone 30 opencv-contrib-python 30 opencv-python 30 mautic/core 30 Django 30 github.com/argoproj/argo-cd 29 getgrav/grav 29 parse-server 29 github.com/rancher/rancher 28 github.com/hashicorp/vault 28 centreon/centreon 27 io.undertow:undertow-core 27 org.keycloak:keycloak-services 27 shopware/shopware 27 github.com/hashicorp/nomad 26 prestashop/prestashop 26 github.com/hashicorp/consul 26 openssl-src 26 electron 26 rubygems-update 25 org.keycloak:keycloak-parent 25 org.apache.solr:solr-core 25 gogs.io/gogs 24 magento/core 24 pocketmine/pocketmine-mp 23 puppet 23 org.springframework.security:spring-security-core 23 github.com/argoproj/argo-cd/v2 23 remdex/livehelperchat 23 mediawiki/core 23 org.eclipse.jetty:jetty-server 23 ckb 22 grumpydictator/firefly-iii 22 getkirby/cms 22 org.bouncycastle:bcprov-jdk14 22 org.apache.nifi:nifi 22 rack 22 org.apache.openmeetings:openmeetings-parent 21 @openzeppelin/contracts-upgradeable 21 contao/core-bundle 21 activerecord 21 github.com/docker/docker 20 @openzeppelin/contracts 20 org.cloudfoundry.identity:cloudfoundry-identity-server 20 github.com/cilium/cilium 20 github.com/ethereum/go-ethereum 20 tribalsystems/zenario 20 DotNetNuke.Core 19 code.gitea.io/gitea 19 laravel/framework 19 org.springframework:spring-core 19 Microsoft.AspNetCore.App.Runtime.win-x64 18 com.vaadin:vaadin-bom 18 Microsoft.AspNetCore.App.Runtime.win-x86 18 langchain 18 com.liferay.portal:release.dxp.bom 18 forkcms/forkcms 18 glance 18 directus 18 contao/contao 18 helm.sh/helm/v3 18 cockpit-hq/cockpit 18 simplesamlphp/simplesamlphp 18 org.apache.geode:geode-core 17 topthink/framework 17 Microsoft.AspNetCore.App.Runtime.win-arm 17 cobbler 17 genix/cms 17 symfony/security 17 org.xwiki.platform:xwiki-platform-web-templates 17 golang.org/x/net 17 francoisjacquet/rosariosis 17 PaddlePaddle 17 cakephp/cakephp 17 mercurial 17 ezsystems/ezpublish-kernel 17 Microsoft.AspNetCore.App.Runtime.osx-x64 16 org.apache.dubbo:dubbo 16 wasmtime 16 org.apache.activemq:activemq-client 16 rusqlite 16 Microsoft.AspNetCore.App.Runtime.linux-x64 16 Microsoft.AspNetCore.App.Runtime.linux-musl-x64 16 Microsoft.AspNetCore.App.Runtime.linux-arm 16 neutron 16 Microsoft.AspNetCore.App.Runtime.linux-arm64 16 sequelize 16 yetiforce/yetiforce-crm 16 org.bouncycastle:bcprov-jdk15 16 pillow 16 notebook 15 org.apache.jspwiki:jspwiki-main 15 openmage/magento-lts 15 paddlepaddle 15 next 15 github.com/goharbor/harbor 15 Microsoft.AspNetCore.App.Runtime.win-arm64 15 gradio 15 Microsoft.AspNetCore.App.Runtime.linux-musl-arm64 15 cryptography 15 org.apache.struts.xwork:xwork-core 15 org.xwiki.platform:xwiki-platform-web 14 activesupport 14 zendframework/zendframework1 14 ghost 14 ec-cube/ec-cube 14 symfony/security-http 14 smarty/smarty 14 phpmailer/phpmailer 14 tinymce 14 pyload-ng 14 github.com/containerd/containerd 14 publify_core 14 swagger-ui 14 modoboa 14 org.apache.inlong:manager-pojo 14 typo3/cms-backend 14 pyftpdlib 14 codeigniter4/framework 13 github.com/mattermost/mattermost-server 13 lavalite/cms 13 github.com/traefik/traefik/v2 13 joplin 13 elefant/cms 13 october/system 13 strapi 13 bolt/bolt 13 ckeditor4 13 passenger 13 OctoPrint 13 impresscms/impresscms 13 github.com/nats-io/nats-server/v2 13 org.apache.cxf:cxf 13 org.apache.hadoop:hadoop-main 13 actionview 12 deno 12 undici 12
Filter by Repository
https://github.com/tensorflow/tensorflow 432 https://github.com/chakra-core/ChakraCore 214 https://github.com/moodle/moodle 210 https://github.com/xwiki/xwiki-platform 172 https://github.com/jenkinsci/jenkins 148 https://github.com/pimcore/pimcore 111 https://github.com/apache/tomcat 96 https://github.com/django/django 95 https://github.com/apache/airflow 90 https://github.com/microweber/microweber 85 https://github.com/FasterXML/jackson-databind 70 https://github.com/thorsten/phpmyfaq 69 https://github.com/usememos/memos 59 https://github.com/keycloak/keycloak 59 https://github.com/Dolibarr/dolibarr 55 https://github.com/rails/rails 53 https://github.com/ansible/ansible 53 https://github.com/python-pillow/Pillow 52 https://github.com/kubernetes/kubernetes 49 https://github.com/symfony/symfony 47 https://github.com/TYPO3/typo3 46 https://github.com/librenms/librenms 46 https://github.com/apache/struts 46 https://github.com/shopware/platform 43 https://github.com/ikus060/rdiffweb 42 https://github.com/spring-projects/spring-framework 41 https://github.com/grafana/grafana 39 https://github.com/star7th/showdoc 38 https://github.com/vyperlang/vyper 38 https://github.com/phpmyadmin/phpmyadmin 38 https://github.com/plone/Products.CMFPlone 37 https://github.com/argoproj/argo-cd 37 https://github.com/x-stream/xstream 36 https://github.com/openstack/nova 36 https://github.com/concretecms/concretecms 34 https://github.com/answerdev/answer 34 https://github.com/octobercms/october 33 https://github.com/apache/activemq 33 https://github.com/saltstack/salt 32 https://github.com/sparklemotion/nokogiri 32 https://github.com/matrix-org/synapse 32 https://github.com/go-gitea/gitea 31 https://github.com/PaddlePaddle/Paddle 31 https://github.com/magento/magento2 31 https://github.com/parse-community/parse-server 29 https://github.com/craftcms/cms 29 https://github.com/mautic/mautic 28 https://github.com/opencv/opencv 28 https://github.com/CVEProject/cvelist 28 https://github.com/snipe/snipe-it 28 https://github.com/mlflow/mlflow 27 https://github.com/openstack/keystone 27 https://github.com/froxlor/froxlor 26 https://github.com/apache/inlong 26 https://github.com/electron/electron 25 https://github.com/rancher/rancher 25 https://github.com/dotnet/runtime 24 https://github.com/shopware/shopware 24 https://github.com/getgrav/grav 24 https://github.com/TYPO3/TYPO3.CMS 24 https://github.com/pmmp/PocketMine-MP 23 https://github.com/github/advisory-database 23 https://github.com/livehelperchat/livehelperchat 23 https://github.com/eclipse/jetty.project 23 https://github.com/PrestaShop/PrestaShop 22 https://github.com/baserproject/basercms 22 https://github.com/firefly-iii/firefly-iii 22 https://github.com/nervosnetwork/ckb 22 https://github.com/contao/contao 22 https://github.com/apache/nifi 21 https://github.com/jenkinsci/script-security-plugin 21 https://github.com/strapi/strapi 21 https://github.com/netty/netty 20 https://github.com/jeecgboot/jeecg-boot 20 https://github.com/OpenNMS/opennms 20 https://github.com/cilium/cilium 20 https://github.com/OpenZeppelin/openzeppelin-contracts 20 https://github.com/gogs/gogs 20 https://github.com/nilsteampassnet/teampass 19 https://github.com/hashicorp/consul 19 https://github.com/bcgit/bc-java 19 https://github.com/apache/cxf 19 https://github.com/cloudfoundry/uaa 19 https://github.com/helm/helm 19 https://github.com/intelliants/subrion 19 https://github.com/rubygems/rubygems 18 https://github.com/nilsteampassnet/TeamPass 18 https://github.com/getkirby/kirby 18 https://github.com/vaadin/platform 17 https://github.com/rack/rack 17 https://github.com/liufee/cms 17 https://github.com/directus/directus 17 https://github.com/bytecodealliance/wasmtime 17 https://github.com/rusqlite/rusqlite 16 https://github.com/yetiforcecompany/yetiforcecrm 16 https://github.com/etcd-io/etcd 16 https://github.com/opencast/opencast 16 https://github.com/sequelize/sequelize 16 https://github.com/umbraco/Umbraco-CMS 16 https://github.com/forkcms/forkcms 16 https://github.com/ethereum/go-ethereum 16 https://github.com/hashicorp/vault 16 https://github.com/centreon/centreon 15 https://github.com/simplesamlphp/simplesamlphp 15 https://github.com/laravel/framework 15 https://github.com/puppetlabs/puppet 15 https://github.com/goharbor/harbor 15 https://github.com/geoserver/geoserver 15 https://github.com/OpenMage/magento-lts 15 https://github.com/denoland/deno 15 https://github.com/apache/camel 15 https://github.com/containerd/containerd 14 https://github.com/PHPMailer/PHPMailer 14 https://github.com/mattermost/mattermost 14 https://github.com/pyca/cryptography 14 https://github.com/cockpit-hq/cockpit 14 https://github.com/langchain-ai/langchain 14 https://github.com/moby/moby 14 https://github.com/cobbler/cobbler 14 https://github.com/vantage6/vantage6 14 https://github.com/tinymce/tinymce 14 https://github.com/gradio-app/gradio 14 https://github.com/pyload/pyload 14 https://github.com/quarkusio/quarkus 13 https://github.com/traefik/traefik 13 https://github.com/golang/go 13 https://github.com/hashicorp/nomad 13 https://github.com/swagger-api/swagger-ui 13 https://github.com/silverstripe/silverstripe-framework 13 https://github.com/xuxueli/xxl-job 13 https://github.com/dromara/hutool 13 https://github.com/publify/publify 13 https://github.com/modoboa/modoboa 13 https://github.com/undertow-io/undertow 13 https://github.com/ming-soft/MCMS 13 https://github.com/dompdf/dompdf 13 https://github.com/backstage/backstage 12 https://github.com/apache/dolphinscheduler 12 https://github.com/patriksimek/vm2 12 https://github.com/laurent22/joplin 12 https://github.com/ckeditor/ckeditor4 12 https://github.com/twisted/twisted 12 https://github.com/apache/kylin 12 https://github.com/nodejs/undici 12 https://github.com/TryGhost/Ghost 12 https://github.com/centreon/centreon-archived 12 https://github.com/igniterealtime/Openfire 11 https://github.com/top-think/framework 11 https://github.com/Studio-42/elFinder 11 https://github.com/thorsten/phpMyFAQ 11 https://github.com/dotnet/aspnetcore 11 https://github.com/janeczku/calibre-web 11 https://github.com/cakephp/cakephp 11 https://github.com/openfga/openfga 11 https://github.com/drupal/core 11 https://github.com/onionshare/onionshare 11 https://github.com/puma/puma 11 https://github.com/smarty-php/smarty 11 https://github.com/vaadin/flow 11 https://github.com/1Panel-dev/1Panel 11 https://github.com/aio-libs/aiohttp 11 https://github.com/containers/podman 11 https://github.com/ezsystems/ezpublish-kernel 11 https://github.com/cloudflare/cfrpki 11 https://github.com/nats-io/nats-server 11 https://github.com/zitadel/zitadel 11 https://github.com/opencontainers/runc 11 https://github.com/NodeBB/NodeBB 11 https://github.com/urllib3/urllib3 11 https://github.com/vercel/next.js 11 https://github.com/scrapy/scrapy 11 https://github.com/dolibarr/dolibarr 10 https://github.com/jquery/jquery 10 https://github.com/jenkinsci/git-plugin 10 https://github.com/keystonejs/keystone 10 https://github.com/wagtail/wagtail 10 https://github.com/pimcore/admin-ui-classic-bundle 10 https://github.com/openstack/glance 10 https://github.com/nextauthjs/next-auth 10 https://github.com/Sylius/Sylius 10 https://github.com/codeigniter4/CodeIgniter4 10 https://github.com/dpgaspar/Flask-AppBuilder 10 https://github.com/zopefoundation/Zope 10 https://github.com/greenpau/caddy-security 10 https://github.com/phusion/passenger 10 https://github.com/jupyter/notebook 10 https://github.com/nocodb/nocodb 10 https://github.com/OPCFoundation/UA-.NETStandard 10 https://github.com/WWBN/AVideo 10 https://github.com/Pylons/waitress 9 https://github.com/Graylog2/graylog2-server 9 https://github.com/spring-projects/spring-security 9 https://github.com/neorazorx/facturascripts 9 https://github.com/apache/lucene-solr 9 https://github.com/funadmin/funadmin 9 https://github.com/nautobot/nautobot 9 https://github.com/DSpace/DSpace 9 https://github.com/faucetsdn/ryu 9 https://github.com/semplon/GeniXCMS 9