Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories

Loading...
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXB3NTktNHFnZi1qeHI4
Cache Manipulation Attack in Apache Traffic Control
Ecosystems: go
Packages: github.com/apache/trafficcontrol
Source: GitHub Advisory Database
Blast Radius: 1.7
Published: almost 3 years ago
Moderate
GSA_kwCzR0hTQS0zMzY2LTkyODctN3Fwcs4AA5Zv
Path disclosure in JavaScript variable
Ecosystems: packagist
Packages: prestashop/prestashop
Source: GitHub Advisory Database
Blast Radius: 1.7
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS1nY2o3LWo0MzgtaGpqMs05RQ
Smokescreen SSRF via deny list bypass
Ecosystems: go
Packages: github.com/stripe/smokescreen
Source: GitHub Advisory Database
Blast Radius: 1.7
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1mbXhxLXY4bWctcWgyNc4AAxxs
apollo-portal has potential CSRF issue
Ecosystems: maven
Packages: com.ctrip.framework.apollo:apollo
Source: GitHub Advisory Database
Blast Radius: 1.7
Published: about 1 year ago
Low
GSA_kwCzR0hTQS1xMjVoLWpjaDgtZ2ZycM4AA5MS
Concrete CMS vulnerable to stored XSS via the Role Name field
Ecosystems: packagist
Packages: concrete5/concrete5
Source: GitHub Advisory Database
Blast Radius: 1.7
Published: 3 months ago
Low
GSA_kwCzR0hTQS1wajQyLXI2NGYtNHhmcc4AA6ng
Concrete CMS Stored XSS on the calendar color settings screen
Ecosystems: packagist
Packages: concrete5/concrete5
Source: GitHub Advisory Database
Blast Radius: 1.7
Published: about 1 month ago
Low
GSA_kwCzR0hTQS05djN3LWNqN20tcWg1Z84AA5MU
Concrete CMS vulnerable to reflected XSS via the Image URL Import Feature
Ecosystems: packagist
Packages: concrete5/concrete5
Source: GitHub Advisory Database
Blast Radius: 1.7
Published: 3 months ago
Low
GSA_kwCzR0hTQS1mZ3hqLWc3eDMtODVjcc4AAzA6
Stored cross site scripting in RSS displayer
Ecosystems: packagist
Packages: concrete5/concrete5
Source: GitHub Advisory Database
Blast Radius: 1.7
Published: about 1 year ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXhmeGYtcXcyNi1ocjMz
Arbitrary command execution in roar-pidusage
Ecosystems: npm
Packages: roar-pidusage
Source: GitHub Advisory Database
Blast Radius: 1.7
Published: almost 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXg3ZzItd3JycC1yNmgz
Use of a Broken or Risky Cryptographic Algorithm
Ecosystems: packagist
Packages: mautic/core
Source: GitHub Advisory Database
Blast Radius: 1.7
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1wMjIzLWM0dzYtcTQ1NM4AAzk6
hawtio vulnerable to Path Traversal
Ecosystems: maven
Packages: io.hawt:project
Source: GitHub Advisory Database
Blast Radius: 1.7
Published: 11 months ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTY0ajgtN2dwMi14ang1
Data races in try-mutex
Ecosystems: cargo
Packages: try-mutex
Source: GitHub Advisory Database
Blast Radius: 1.7
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1xeHJxLTM3NnEtcDM5aM4AA14y
LibreNMS Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: librenms/librenms
Source: GitHub Advisory Database
Blast Radius: 1.6
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS1xY2g0LWptZjgteHZwN84AAv9Z
Cross-site Scripting in librenms/librenms
Ecosystems: packagist
Packages: librenms/librenms
Source: GitHub Advisory Database
Blast Radius: 1.6
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS0zNGo2LW04M2MtNTJ4Ms4AAucJ
Jfinal Cross-site Scripting vulnerability
Ecosystems: maven
Packages: com.jflyfox:jflyfox_jfinal
Source: GitHub Advisory Database
Blast Radius: 1.6
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS04cnAyLWozdmotaGdqNM4AArWb
Cross site scripting in Jfinal
Ecosystems: maven
Packages: com.jflyfox:jflyfox_jfinal
Source: GitHub Advisory Database
Blast Radius: 1.6
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS02anA2LTlyZjktZ2M2Ns0u1Q
Cross-site Scripting in Weblate
Ecosystems: pypi
Packages: Weblate
Source: GitHub Advisory Database
Blast Radius: 1.6
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS02cnZ2LWg4ZzctNzI4d84AAwgN
Mingsoft MCMS Cross-site Scripting vulnerability
Ecosystems: maven
Packages: net.mingsoft:ms-mcms
Source: GitHub Advisory Database
Blast Radius: 1.6
Published: over 1 year ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTdqOTMtMmg2ci1obTQ5
Cross-Site Scripting in http-file-server
Ecosystems: npm
Packages: http-file-server
Source: GitHub Advisory Database
Blast Radius: 1.6
Published: almost 5 years ago
Moderate
GSA_kwCzR0hTQS05Y2dmLXB4d3EtMmNwd84AA5ET
Stimulsoft Dashboard.JS Cross Site Scripting vulnerability
Ecosystems: npm
Packages: stimulsoft-dashboards-js
Source: GitHub Advisory Database
Blast Radius: 1.6
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS01N20yLW1wYzctZ3dneM4AA14x
LibreNMS Code Injection vulnerability
Ecosystems: packagist
Packages: librenms/librenms
Source: GitHub Advisory Database
Blast Radius: 1.6
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS1qcDNjLWc0NnYtamcyY84AA14w
LibreNMS Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: librenms/librenms
Source: GitHub Advisory Database
Blast Radius: 1.6
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS1jcnBnLTJtbTItampxZs3hdA
PrestaShop Stored Cross-Site Scripting Vulnerability
Ecosystems: packagist
Packages: prestashop/prestashop
Source: GitHub Advisory Database
Blast Radius: 1.6
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS12cjdtLXI5dm0tbTR3Zs4AA4Lz
PrestaShop XSS can be stored in DB from "add a message form" in order detail page (FO)
Ecosystems: packagist
Packages: prestashop/prestashop
Source: GitHub Advisory Database
Blast Radius: 1.6
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS01amptLXFwNDgtcXA4Ns4AA144
LibreNMS Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: librenms/librenms
Source: GitHub Advisory Database
Blast Radius: 1.6
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS1qZjl2LXE4dmgtM2ZtY80VrQ
Cross-site scripting in ICEcoder
Ecosystems: packagist
Packages: icecoder/icecoder
Source: GitHub Advisory Database
Blast Radius: 1.6
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1najI2LWc1cWYtanJoN80sYA
Cross-site Scripting in librenms
Ecosystems: packagist
Packages: librenms/librenms
Source: GitHub Advisory Database
Blast Radius: 1.6
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1oeG1yLTVndjktNnA4ds0ryw
Cross-site Scripting in librenms
Ecosystems: packagist
Packages: librenms/librenms
Source: GitHub Advisory Database
Blast Radius: 1.6
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS03M3E5LTdwd2otZ200Ns0kGg
icecoder is vulnerable to Cross-site Scripting
Ecosystems: packagist
Packages: icecoder/icecoder
Source: GitHub Advisory Database
Blast Radius: 1.6
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS12YzRmLTJnN2YtcG1xcs4AAlc2
MunkiReport Cross-Site Scripting (XSS) Filter Bypass On Comment
Ecosystems: packagist
Packages: munkireport/munkireport, munkireport/managedinstalls, munkireport/comment
Source: GitHub Advisory Database
Blast Radius: 1.6
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS04NjI5LTgzbTUtcmo3Nc4AAubr
exceedone/exment and exceedone/laravel-admin Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: exceedone/laravel-admin, exceedone/exment
Source: GitHub Advisory Database
Blast Radius: 1.6
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS0ycjJ3LWpyaDItcDRncs0Vqw
Cross-site Scripting in LibreNMS
Ecosystems: packagist
Packages: librenms/librenms
Source: GitHub Advisory Database
Blast Radius: 1.6
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS01aDc3LTQyNDUtcGc1cM4AAv9d
Cross-site Scripting in librenms/librenms
Ecosystems: packagist
Packages: librenms/librenms
Source: GitHub Advisory Database
Blast Radius: 1.6
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1tNmpqLWZnbWgtM3A4cs4AA145
LibreNMS Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: librenms/librenms
Source: GitHub Advisory Database
Blast Radius: 1.6
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS0zamgyLXdtdjctbTkzMs4AAu6F
LibreNMS stored Cross-site Scripting via Schedule Maintenance `Title` parameter
Ecosystems: packagist
Packages: librenms/librenms
Source: GitHub Advisory Database
Blast Radius: 1.6
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS00NjJyLXd4dm0tanZ4aM4AAus8
Markdown-Nice v1.8.22 vulnerable to Cross-site Scripting
Ecosystems: npm
Packages: markdown-nice
Source: GitHub Advisory Database
Blast Radius: 1.6
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1yODk0LTVyN3YtN3J4M84AAwy5
easy-scrypt Observable Timing Discrepancy vulnerability
Ecosystems: go
Packages: github.com/agnivade/easy-scrypt
Source: GitHub Advisory Database
Blast Radius: 1.6
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1ycTQyLTU4cWYtdjNxeM4AA3Pz
LibreNMS vulnerable to rate limiting bypass on login page
Ecosystems: packagist
Packages: librenms/librenms
Source: GitHub Advisory Database
Blast Radius: 1.6
Published: 6 months ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJtcDUtbTk2OC1nd3Iy
Path Traversal in http-file-server
Ecosystems: npm
Packages: http-file-server
Source: GitHub Advisory Database
Blast Radius: 1.6
Published: almost 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWY0aGgteHhxaC13Z3Bx
Exposure of Sensitive Information to an Unauthorized Actor in LibreNMS
Ecosystems: packagist
Packages: librenms/librenms
Source: GitHub Advisory Database
Blast Radius: 1.6
Published: over 4 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWhncGYtOTdjNS03NGZj
Regular expression denial of service in @absolunet/kafe
Ecosystems: npm
Packages: @absolunet/kafe
Source: GitHub Advisory Database
Blast Radius: 1.6
Published: almost 3 years ago
Moderate
GSA_kwCzR0hTQS1xd3JmLWdmcGotcXZqNs4AArBB
Smokescreen SSRF via deny list bypass (square brackets)
Ecosystems: go
Packages: github.com/stripe/smokescreen
Source: GitHub Advisory Database
Blast Radius: 1.6
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS05cWdwLTl3d2MtdjI5cs4AAwNW
PrestaShop has potential Information exposure in the upload directory
Ecosystems: packagist
Packages: prestashop/prestashop
Source: GitHub Advisory Database
Blast Radius: 1.6
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1weDNyLTI3cWMtaHg1Z84AAs70
NT auth module vulnerability in OpenAM
Ecosystems: maven
Packages: org.openidentityplatform.openam:openam-core
Source: GitHub Advisory Database
Blast Radius: 1.6
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1tajM1LTJyZ2YtY3Y4cM4AA6l2
OpenID Connect client Atom Exhaustion in provider configuration worker ets table location
Ecosystems: hex
Packages: oidcc
Source: GitHub Advisory Database
Blast Radius: 1.6
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS01OWg4LWgzNHItcTljds4AAigs
Ignite Realtime Openfire directory traversal vulnerability
Ecosystems: maven
Packages: org.igniterealtime.openfire:parent
Source: GitHub Advisory Database
Blast Radius: 1.6
Published: almost 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWN4bTMtMjg0cC1xYzR2
Prototype Pollution in sds
Ecosystems: npm
Packages: sds
Source: GitHub Advisory Database
Blast Radius: 1.6
Published: over 3 years ago
Moderate
GSA_kwCzR0hTQS1td3ZwLXFyNjItY3ZqeM4AAwok
nsupdate.info has Sensitive Cookie Without 'HttpOnly' Flag
Ecosystems: pypi
Packages: nsupdate
Source: GitHub Advisory Database
Blast Radius: 1.6
Published: over 1 year ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJnY20tcnBxOS05Y2dy
Missing Authentication for Critical Function in Saleor
Ecosystems: pypi
Packages: saleor
Source: GitHub Advisory Database
Blast Radius: 1.6
Published: almost 3 years ago
Moderate
GSA_kwCzR0hTQS1qMjRnLWdtNzYtajgyOc4AAb1V
Weblate user account enumeration via reset password form
Ecosystems: pypi
Packages: weblate
Source: GitHub Advisory Database
Blast Radius: 1.6
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS0zZzQzLXg3cXItOTZwaM4AAyE0
Possible CSRF token fixation
Ecosystems: packagist
Packages: prestashop/prestashop
Source: GitHub Advisory Database
Blast Radius: 1.5
Published: about 1 year ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXhoMnAtN3A4Ny1maGdo
Incorrect TCR calculation in batchLiquidateTroves() during Recovery Mode
Ecosystems: npm
Packages: @liquity/contracts
Source: GitHub Advisory Database
Blast Radius: 1.5
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1ncTc1LTVnYzMtcmZ3Z84AAto_
snyk-broker Path Traversal before v4.73.0
Ecosystems: npm
Packages: snyk-broker
Source: GitHub Advisory Database
Blast Radius: 1.5
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1ycDR2LWhobTYtcmN2Oc4AAulK
Pinniped Supervisor Insufficient Session Expiration vulnerability
Ecosystems: go
Packages: go.pinniped.dev
Source: GitHub Advisory Database
Blast Radius: 1.5
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1wNTVtLWc0bTMtcW1ycM4AAv9X
Cross-site Scripting in librenms/librenms
Ecosystems: packagist
Packages: librenms/librenms
Source: GitHub Advisory Database
Blast Radius: 1.4
Published: over 1 year ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXY3bWYtcWd4Zi1xbXZm
Apache Ranger admin users can store some arbitrary javascript code to be executed when normal users login and access policies
Ecosystems: maven
Packages: org.apache.ranger:ranger
Source: GitHub Advisory Database
Blast Radius: 1.4
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJmN3EteHFtMy02OTIz
Apache Ranger allows remote authenticated administrators to inject arbitrary web script or HTML
Ecosystems: maven
Packages: org.apache.ranger:ranger
Source: GitHub Advisory Database
Blast Radius: 1.4
Published: over 5 years ago
Moderate
GSA_kwCzR0hTQS12aG02LWd3ODItNmY4as0vOA
Cross site scripting in LibreNMS
Ecosystems: packagist
Packages: librenms/librenms
Source: GitHub Advisory Database
Blast Radius: 1.4
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS12M2gyLTRqMnItd3FqOM4AAYL9
Ignite Realtime Openfire Server has Cross-site Scripting vulnerability in admin console
Ecosystems: maven
Packages: org.igniterealtime.openfire:parent
Source: GitHub Advisory Database
Blast Radius: 1.4
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1xOTVoLXZjODYtaHY3N84AAiQS
wolfCrypt leaks cryptographic information via timing side channel
Ecosystems: pypi
Packages: wolfcrypt
Source: GitHub Advisory Database
Blast Radius: 1.4
Published: almost 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTdoNmotMjI2OC1maGNt
Improper Certificate Handling
Ecosystems: go
Packages: github.com/traefik/traefik
Source: GitHub Advisory Database
Blast Radius: 1.4
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1nMzV4LWo2amotOGc3as4AAzD2
@mittwald/kubernetes's secret contents leaked via debug logging
Ecosystems: npm
Packages: @mittwald/kubernetes
Source: GitHub Advisory Database
Blast Radius: 1.3
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1ndnJnLTYyanAtcmY3as4AA2H_
PrestaShop allows employee without any access rights to list all installed modules
Ecosystems: packagist
Packages: prestashop/prestashop
Source: GitHub Advisory Database
Blast Radius: 1.3
Published: 7 months ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTQ1aHctMjl4Ny05eDk1
Arbitrary File Read in Snyk Broker
Ecosystems: npm
Packages: snyk-broker
Source: GitHub Advisory Database
Blast Radius: 1.3
Published: almost 4 years ago
Moderate
GSA_kwCzR0hTQS1obTN4LWp3d2YtanByOc01YA
Exposure of Sensitive Information to an Unauthorized Actor in OpenStack tripleo-heat-templates
Ecosystems: pypi
Packages: tripleo-heat-templates
Source: GitHub Advisory Database
Blast Radius: 1.3
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS04ZjI1LXc3cWotcjdoY84AA6i3
Temporal UI Server cross-site scripting vulnerability
Ecosystems: go
Packages: github.com/temporalio/ui-server/v2
Source: GitHub Advisory Database
Blast Radius: 1.3
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS1majl2LWc4ZnctdnhtZs4AAX53
Improper Privilege Management in craftercms
Ecosystems: maven
Packages: org.craftercms:craftercms
Source: GitHub Advisory Database
Blast Radius: 1.3
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1ndzk3LWY2aDgtZ205NM0WjQ
Email relay in Apache Traffic Control
Ecosystems: go
Packages: github.com/apache/trafficcontrol
Source: GitHub Advisory Database
Blast Radius: 1.3
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1mcHE1LTR2d20tNzh4NM4AA3P3
LibreNMS has Broken Access control on Graphs Feature
Ecosystems: packagist
Packages: librenms/librenms
Source: GitHub Advisory Database
Blast Radius: 1.3
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS02am1mLTJwZmMtcTltN84AA2IA
PrestaShop allows users to uninstall modules from backoffice, even with low rights
Ecosystems: packagist
Packages: prestashop/prestashop
Source: GitHub Advisory Database
Blast Radius: 1.3
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS01NDVmLXBncDctZndqZs4AAX52
Log value insertion in craftercms
Ecosystems: maven
Packages: org.craftercms:craftercms
Source: GitHub Advisory Database
Blast Radius: 1.3
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1tcmozLWYyaDQtN3c0Nc4AA6av
Saleor: Customers' addresses leak when using Warehouse as a `Pickup: Local stock only` delivery method
Ecosystems: pypi
Packages: saleor
Source: GitHub Advisory Database
Blast Radius: 1.3
Published: about 1 month ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXA3ODgtcmozNy0zNTd3
Insecure Defaults Leads to Potential MITM in ezseed-transmission
Ecosystems: npm
Packages: ezseed-transmission
Source: GitHub Advisory Database
Blast Radius: 1.3
Published: over 3 years ago
Low
GSA_kwCzR0hTQS1xcTI5LTV2amgtdnh3cs4AAvFY
rdiffweb vulnerable to Improper Cleanup on Thrown Exception
Ecosystems: pypi
Packages: rdiffweb
Source: GitHub Advisory Database
Blast Radius: 1.1
Published: over 1 year ago
Low
GSA_kwCzR0hTQS0zaHZqLTNjZzktdjI0Ms4AAx6e
Saleor Unauthenticated Information Disclosure Vulnerability via Python Exceptions
Ecosystems: pypi
Packages: saleor
Source: GitHub Advisory Database
Blast Radius: 1.1
Published: about 1 year ago
Low
GSA_kwCzR0hTQS1yeHZqLTVtdjYtajVtY84AA070
Cross-site Scripting in Mingsoft MCMS
Ecosystems: maven
Packages: net.mingsoft:ms-mcms
Source: GitHub Advisory Database
Blast Radius: 1.1
Published: 9 months ago
Moderate
GSA_kwCzR0hTQS01OWZtLTZ4M3EtcTNxNc4AAXuz
Missing permissions check in Jenkins Core
Ecosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1xeHJ4LW02djYtbTc2N84AAl8r
Stored XSS vulnerability in Description Column Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:description-column-plugin
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1yZnJxLTN2ODktZnFnNs4AAlOk
Reflected XSS in Jenkins Compatibility Action Storage Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:compatibility-action-storage
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS0ycTdqLTUyeGcteDhmbc4AAlOc
Missing permission checks in Zephyr for JIRA Test Management Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:zephyr-for-jira-test-management
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS01cTYzLWp2YzktcXBods4AAQaj
Cross-site request forgery vulnerability in Jenkins Nomad Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:nomad
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS01NndmLW14NWMtZmZqeM4AAlOn
CSRF vulnerability in Jenkins Zephyr for JIRA Test Management Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:zephyr-for-jira-test-management
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS1obTU3LTRxcHgtZjczNM4AAjx2
Credentials transmitted in plain text by Jenkins DeployHub Plugin
Ecosystems: maven
Packages: com.openmake:deployhub
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1nZmo0LXdnODktbTIycs4AAwo7
usememos/memos Improper Access Control vulnerability
Ecosystems: go
Packages: github.com/usememos/memos
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS00YzNxLXI4NHItcTZwcM4AA0qc
Jenkins mabl Plugin vulnerable to exposure of system-scooped credentials
Ecosystems: maven
Packages: com.mabl.integration.jenkins:mabl-integration
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 10 months ago
High
GSA_kwCzR0hTQS04NWh3LXc0MzYtYzcyNc4AAU6Q
XML External Entity Reference in Apache Cayenne
Ecosystems: maven
Packages: org.apache.cayenne:cayenne-parent
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS02d2hqLThnOWctNWp2eM4AAwqm
usememos/memos vulnerable to Improper Handling of Insufficient Permissions or Privileges
Ecosystems: go
Packages: github.com/usememos/memos
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS02Z3d4LWd3NTYtcWhmN84AAwrZ
Froxlor vulnerable to Cross-Site Request Forgery
Ecosystems: packagist
Packages: froxlor/froxlor
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
High
GSA_kwCzR0hTQS01Z2dtLXE5OHYtNzZoeM4AAQAb
ChakraCore RCE Vulnerability
Ecosystems: nuget
Packages: Microsoft.ChakraCore
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1xajhwLWM3MzMtdjQ5NM4AAQas
CSRF vulnerability in Zephyr Enterprise Test Management Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:zephyr-enterprise-test-management
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS00cGp4LTg2cGcteDRqNc4AAWed
Jenkins SAML Plugin Session Fixation vulnerability
Ecosystems: maven
Packages: org.jenkins-ci.plugins:saml
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS04Njk2LTgzNnAtYzhxcM4AAjR2
Reflected XSS vulnerability in Jenkins gitlab-hook Plugin
Ecosystems: maven
Packages: org.jenkins-ci.ruby-plugins:gitlab-hook
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTI1djQtbWN4NC1oaDM1
Cross-Site Scripting in atlasboard-atlassian-package
Ecosystems: npm
Packages: atlasboard-atlassian-package
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 3 years ago
Moderate
GSA_kwCzR0hTQS1mcDM1LXhycnItM2dwaM4AAvoE
Apache DolphinScheduler vulnerable to Path Traversal
Ecosystems: maven
Packages: org.apache.dolphinscheduler:dolphinscheduler
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1tN3ByLW00Y3gtNm0yMs4AAkDT
Reflected XSS vulnerability in Jenkins Queue cleanup Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:queue-cleanup
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWZmNmctZ205Mi1yZjMy
Malicious Package in coinstirng
Ecosystems: npm
Packages: coinstirng
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 3 years ago
High
GSA_kwCzR0hTQS0yMzNoLTU5bTItcXFmMs4AAkRi
ChakraCore Remote Code Execution Vulnerability
Ecosystems: nuget
Packages: Microsoft.ChakraCore
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
High
GSA_kwCzR0hTQS0yNWc0LXAzNDcteDc0OM4AAmLC
Improper authorization due to caching in Jenkins Role-based Authorization Strategy Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:role-strategy
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS05cnZ3LTdteDctaDUzeM4AAlx0
CSRF vulnerability in Jenkins Database Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:database
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1jY3dwLTYzM2otZzI5ds4AAlyH
Passwords stored in plain text by Jenkins ReadyAPI Functional Testing Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:soapui-pro-functional-testing
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Statistics
Advisories: 18,361
Packages: 8,293
Repositories: 5,016
Ecosystems: 12
Filter by Severity
Moderate 7,925 High 6,355 Critical 2,807 Low 985
Filter by Ecosystem
maven 5,531 packagist 3,802 pypi 3,711 npm 3,543 go 1,895 nuget 1,390 rubygems 814 cargo 777 swift 31 hex 30 actions 16 pub 8
Filter by Package
tensorflow 432 tensorflow-cpu 387 tensorflow-gpu 384 moodle/moodle 322 Microsoft.ChakraCore 247 org.jenkins-ci.main:jenkins-core 189 magento/community-edition 182 org.apache.tomcat:tomcat 134 pimcore/pimcore 116 dolibarr/dolibarr 105 typo3/cms 102 phpmyadmin/phpmyadmin 91 microweber/microweber 91 django 80 apache-airflow 78 drupal/core 76 typo3/cms-core 73 thorsten/phpmyfaq 70 com.fasterxml.jackson.core:jackson-databind 69 ansible 63 drupal/drupal 61 github.com/usememos/memos 59 actionpack 57 org.apache.struts:struts2-core 55 librenms/librenms 54 symfony/symfony 53 concrete5/concrete5 52 salt 50 shopware/platform 48 apache-superset 48 org.keycloak:keycloak-core 47 com.liferay.portal:release.portal.bom 45 Plone 45 baserproject/basercms 43 plone 43 rdiffweb 42 nokogiri 42 Pillow 41 craftcms/cms 40 showdoc/showdoc 40 intelliants/subrion 40 github.com/mattermost/mattermost/server/v8 38 vyper 38 nilsteampassnet/teampass 37 org.apache.tomcat.embed:tomcat-embed-core 37 github.com/mattermost/mattermost-server/v6 37 com.jfinal:jfinal 36 froxlor/froxlor 36 com.thoughtworks.xstream:xstream 36 shopware/core 36 matrix-synapse 35 net.mingsoft:ms-mcms 35 org.xwiki.platform:xwiki-platform-oldcore 34 github.com/answerdev/answer 34 snipe/snipe-it 32 silverstripe/framework 32 k8s.io/kubernetes 32 org.jenkins-ci.plugins:script-security 32 org.elasticsearch:elasticsearch 32 mlflow 31 opencv-python 30 opencv-contrib-python 30 mautic/core 29 parse-server 29 github.com/argoproj/argo-cd 29 github.com/grafana/grafana 28 github.com/hashicorp/vault 28 github.com/rancher/rancher 28 shopware/shopware 27 org.keycloak:keycloak-services 27 io.undertow:undertow-core 27 Django 27 centreon/centreon 27 getgrav/grav 27 github.com/hashicorp/consul 26 openssl-src 26 electron 26 github.com/hashicorp/nomad 26 rubygems-update 25 org.keycloak:keycloak-parent 25 org.apache.solr:solr-core 25 prestashop/prestashop 24 gogs.io/gogs 24 magento/core 24 org.eclipse.jetty:jetty-server 23 moin 23 github.com/argoproj/argo-cd/v2 23 puppet 23 pocketmine/pocketmine-mp 23 org.springframework.security:spring-security-core 23 remdex/livehelperchat 23 ckb 22 org.apache.nifi:nifi 22 getkirby/cms 22 grumpydictator/firefly-iii 22 rack 22 contao/core-bundle 21 org.apache.openmeetings:openmeetings-parent 21 activerecord 21 @openzeppelin/contracts-upgradeable 21 org.cloudfoundry.identity:cloudfoundry-identity-server 20 @openzeppelin/contracts 20 github.com/cilium/cilium 20 org.springframework:spring-core 19 code.gitea.io/gitea 19 github.com/docker/docker 19 github.com/ethereum/go-ethereum 19 org.bouncycastle:bcprov-jdk14 19 DotNetNuke.Core 19 com.vaadin:vaadin-bom 18 contao/contao 18 helm.sh/helm/v3 18 langchain 18 forkcms/forkcms 18 com.liferay.portal:release.dxp.bom 18 tribalsystems/zenario 18 cockpit-hq/cockpit 17 golang.org/x/net 17 org.apache.geode:geode-core 17 org.xwiki.platform:xwiki-platform-web-templates 17 simplesamlphp/simplesamlphp 17 francoisjacquet/rosariosis 17 mercurial 17 genix/cms 17 symfony/security 17 Microsoft.AspNetCore.App.Runtime.win-x86 17 Microsoft.AspNetCore.App.Runtime.win-x64 17 cakephp/cakephp 17 PaddlePaddle 17 cobbler 17 sequelize 16 pillow 16 org.apache.activemq:activemq-client 16 org.bouncycastle:bcprov-jdk15 16 Microsoft.AspNetCore.App.Runtime.win-arm 16 org.apache.dubbo:dubbo 16 yetiforce/yetiforce-crm 16 directus 16 wasmtime 16 rusqlite 16 Microsoft.AspNetCore.App.Runtime.linux-arm64 15 Microsoft.AspNetCore.App.Runtime.linux-arm 15 nova 15 topthink/framework 15 org.apache.struts.xwork:xwork-core 15 Microsoft.AspNetCore.App.Runtime.linux-musl-x64 15 cryptography 15 org.apache.jspwiki:jspwiki-main 15 openmage/magento-lts 15 Microsoft.AspNetCore.App.Runtime.osx-x64 15 Microsoft.AspNetCore.App.Runtime.linux-x64 15 paddlepaddle 15 github.com/goharbor/harbor 15 notebook 15 ezsystems/ezpublish-kernel 14 smarty/smarty 14 symfony/security-http 14 pyftpdlib 14 gradio 14 zendframework/zendframework1 14 swagger-ui 14 phpmailer/phpmailer 14 modoboa 14 keystone 14 Microsoft.AspNetCore.App.Runtime.win-arm64 14 Microsoft.AspNetCore.App.Runtime.linux-musl-arm64 14 org.xwiki.platform:xwiki-platform-web 14 publify_core 14 typo3/cms-backend 14 ec-cube/ec-cube 14 pyload-ng 14 activesupport 14 ghost 14 tinymce 14 github.com/containerd/containerd 13 github.com/traefik/traefik/v2 13 github.com/mattermost/mattermost-server 13 strapi 13 elefant/cms 13 github.com/nats-io/nats-server/v2 13 org.apache.cxf:cxf 13 passenger 13 october/system 13 joplin 13 org.apache.hadoop:hadoop-main 13 neutron 13 lavalite/cms 13 codeigniter4/framework 13 ckeditor4 13 next 13 bolt/bolt 13 org.apache.inlong:manager-pojo 13 impresscms/impresscms 13 vantage6 12 undici 12 studio-42/elfinder 12 vm2 12 org.jenkins-ci.plugins:git 12 org.apache.dolphinscheduler:dolphinscheduler 12 dompdf/dompdf 12
Filter by Repository
https://github.com/tensorflow/tensorflow 432 https://github.com/chakra-core/ChakraCore 214 https://github.com/moodle/moodle 210 https://github.com/xwiki/xwiki-platform 172 https://github.com/jenkinsci/jenkins 148 https://github.com/pimcore/pimcore 111 https://github.com/apache/tomcat 96 https://github.com/apache/airflow 90 https://github.com/microweber/microweber 85 https://github.com/django/django 74 https://github.com/FasterXML/jackson-databind 70 https://github.com/thorsten/phpmyfaq 69 https://github.com/keycloak/keycloak 59 https://github.com/usememos/memos 59 https://github.com/Dolibarr/dolibarr 54 https://github.com/rails/rails 53 https://github.com/ansible/ansible 53 https://github.com/python-pillow/Pillow 52 https://github.com/kubernetes/kubernetes 48 https://github.com/symfony/symfony 47 https://github.com/librenms/librenms 46 https://github.com/apache/struts 46 https://github.com/shopware/platform 43 https://github.com/TYPO3/typo3 42 https://github.com/ikus060/rdiffweb 42 https://github.com/spring-projects/spring-framework 41 https://github.com/vyperlang/vyper 38 https://github.com/star7th/showdoc 38 https://github.com/phpmyadmin/phpmyadmin 38 https://github.com/plone/Products.CMFPlone 37 https://github.com/argoproj/argo-cd 37 https://github.com/x-stream/xstream 36 https://github.com/concretecms/concretecms 34 https://github.com/answerdev/answer 34 https://github.com/octobercms/october 33 https://github.com/apache/activemq 33 https://github.com/matrix-org/synapse 32 https://github.com/saltstack/salt 32 https://github.com/sparklemotion/nokogiri 31 https://github.com/magento/magento2 31 https://github.com/PaddlePaddle/Paddle 31 https://github.com/go-gitea/gitea 31 https://github.com/parse-community/parse-server 29 https://github.com/craftcms/cms 29 https://github.com/CVEProject/cvelist 28 https://github.com/opencv/opencv 28 https://github.com/snipe/snipe-it 28 https://github.com/mautic/mautic 27 https://github.com/froxlor/froxlor 26 https://github.com/mlflow/mlflow 25 https://github.com/apache/inlong 25 https://github.com/rancher/rancher 25 https://github.com/electron/electron 25 https://github.com/TYPO3/TYPO3.CMS 24 https://github.com/shopware/shopware 24 https://github.com/pmmp/PocketMine-MP 23 https://github.com/github/advisory-database 23 https://github.com/eclipse/jetty.project 23 https://github.com/livehelperchat/livehelperchat 23 https://github.com/dotnet/runtime 23 https://github.com/getgrav/grav 23 https://github.com/contao/contao 22 https://github.com/grafana/grafana 22 https://github.com/nervosnetwork/ckb 22 https://github.com/firefly-iii/firefly-iii 22 https://github.com/baserproject/basercms 22 https://github.com/jenkinsci/script-security-plugin 21 https://github.com/apache/nifi 21 https://github.com/strapi/strapi 21 https://github.com/PrestaShop/PrestaShop 20 https://github.com/cilium/cilium 20 https://github.com/gogs/gogs 20 https://github.com/netty/netty 20 https://github.com/OpenZeppelin/openzeppelin-contracts 20 https://github.com/OpenNMS/opennms 20 https://github.com/jeecgboot/jeecg-boot 20 https://github.com/nilsteampassnet/teampass 19 https://github.com/helm/helm 19 https://github.com/hashicorp/consul 19 https://github.com/intelliants/subrion 19 https://github.com/apache/cxf 19 https://github.com/cloudfoundry/uaa 19 https://github.com/nilsteampassnet/TeamPass 18 https://github.com/getkirby/kirby 18 https://github.com/bcgit/bc-java 18 https://github.com/rubygems/rubygems 18 https://github.com/bytecodealliance/wasmtime 17 https://github.com/rack/rack 17 https://github.com/vaadin/platform 17 https://github.com/liufee/cms 17 https://github.com/yetiforcecompany/yetiforcecrm 16 https://github.com/etcd-io/etcd 16 https://github.com/umbraco/Umbraco-CMS 16 https://github.com/rusqlite/rusqlite 16 https://github.com/forkcms/forkcms 16 https://github.com/hashicorp/vault 16 https://github.com/opencast/opencast 16 https://github.com/sequelize/sequelize 16 https://github.com/apache/camel 15 https://github.com/goharbor/harbor 15 https://github.com/puppetlabs/puppet 15 https://github.com/directus/directus 15 https://github.com/geoserver/geoserver 15 https://github.com/centreon/centreon 15 https://github.com/ethereum/go-ethereum 15 https://github.com/OpenMage/magento-lts 15 https://github.com/cockpit-hq/cockpit 14 https://github.com/vantage6/vantage6 14 https://github.com/mattermost/mattermost 14 https://github.com/PHPMailer/PHPMailer 14 https://github.com/tinymce/tinymce 14 https://github.com/denoland/deno 14 https://github.com/simplesamlphp/simplesamlphp 14 https://github.com/moby/moby 14 https://github.com/pyca/cryptography 14 https://github.com/langchain-ai/langchain 14 https://github.com/cobbler/cobbler 14 https://github.com/pyload/pyload 14 https://github.com/gradio-app/gradio 13 https://github.com/swagger-api/swagger-ui 13 https://github.com/xuxueli/xxl-job 13 https://github.com/dompdf/dompdf 13 https://github.com/containerd/containerd 13 https://github.com/modoboa/modoboa 13 https://github.com/traefik/traefik 13 https://github.com/ming-soft/MCMS 13 https://github.com/hashicorp/nomad 13 https://github.com/publify/publify 13 https://github.com/quarkusio/quarkus 13 https://github.com/golang/go 13 https://github.com/silverstripe/silverstripe-framework 13 https://github.com/undertow-io/undertow 13 https://github.com/nodejs/undici 12 https://github.com/ckeditor/ckeditor4 12 https://github.com/centreon/centreon-archived 12 https://github.com/patriksimek/vm2 12 https://github.com/apache/kylin 12 https://github.com/laurent22/joplin 12 https://github.com/apache/dolphinscheduler 12 https://github.com/dromara/hutool 12 https://github.com/twisted/twisted 12 https://github.com/backstage/backstage 12 https://github.com/TryGhost/Ghost 12 https://github.com/cloudflare/cfrpki 11 https://github.com/drupal/core 11 https://github.com/igniterealtime/Openfire 11 https://github.com/onionshare/onionshare 11 https://github.com/vaadin/flow 11 https://github.com/opencontainers/runc 11 https://github.com/openstack/keystone 11 https://github.com/containers/podman 11 https://github.com/thorsten/phpMyFAQ 11 https://github.com/Studio-42/elFinder 11 https://github.com/janeczku/calibre-web 11 https://github.com/jquery/jquery 11 https://github.com/cakephp/cakephp 11 https://github.com/puma/puma 11 https://github.com/aio-libs/aiohttp 11 https://github.com/NodeBB/NodeBB 11 https://github.com/zitadel/zitadel 11 https://github.com/smarty-php/smarty 11 https://github.com/openfga/openfga 11 https://github.com/urllib3/urllib3 11 https://github.com/pimcore/admin-ui-classic-bundle 10 https://github.com/keystonejs/keystone 10 https://github.com/ezsystems/ezpublish-kernel 10 https://github.com/nextauthjs/next-auth 10 https://github.com/jupyter/notebook 10 https://github.com/dpgaspar/Flask-AppBuilder 10 https://github.com/greenpau/caddy-security 10 https://github.com/phusion/passenger 10 https://github.com/nats-io/nats-server 10 https://github.com/zopefoundation/Zope 10 https://github.com/jenkinsci/git-plugin 10 https://github.com/WWBN/AVideo 10 https://github.com/dolibarr/dolibarr 10 https://github.com/dotnet/aspnetcore 10 https://github.com/OPCFoundation/UA-.NETStandard 10 https://github.com/codeigniter4/CodeIgniter4 10 https://github.com/cosmos/cosmos-sdk 10 https://github.com/wagtail/wagtail 10 https://github.com/1Panel-dev/1Panel 10 https://github.com/semplon/GeniXCMS 9 https://github.com/top-think/framework 9 https://github.com/fatfreecrm/fat_free_crm 9 https://github.com/ethyca/fides 9 https://github.com/kevinpapst/kimai2 9 https://github.com/cri-o/cri-o 9 https://github.com/bolt/bolt 9 https://github.com/apache/lucene-solr 9 https://github.com/rails/rails-html-sanitizer 9 https://github.com/Graylog2/graylog2-server 9 https://github.com/evershopcommerce/evershop 9 https://github.com/yiisoft/yii2 9 https://github.com/DSpace/DSpace 9 https://github.com/spring-projects/spring-security 9 https://github.com/funadmin/funadmin 9 https://github.com/giampaolo/pyftpdlib 9 https://github.com/LavaLite/cms 9