Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories

Loading...
Moderate
GSA_kwCzR0hTQS13Mng1LWhwbWctajk4aM4AA0TD
Artesãos SEOTools Open Redirect vulnerability
Ecosystems: packagist
Packages: artesaos/seotools
Source: GitHub Advisory Database
Blast Radius: 17.6
Published: 10 months ago
Moderate
GSA_kwCzR0hTQS1ycDM0LTg1eDMtMzc2NM0r8A
Cross-site Scripting in librenms
Ecosystems: packagist
Packages: librenms/librenms
Source: GitHub Advisory Database
Blast Radius: 1.8
Published: about 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXY2MmotZmN4cS1qMjM5
Stored XSS in Apache Atlas
Ecosystems: maven
Packages: org.apache.atlas:apache-atlas
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 4 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJoNmMtcTkzOC0zcjlx
Moderate severity vulnerability that affects validator
Ecosystems: npm
Packages: validator
Source: GitHub Advisory Database
Blast Radius: 34.7
Published: over 6 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZyamMtNHB3ci0zdnA3
Cross-Site Scripting in iobroker.web
Ecosystems: npm
Packages: iobroker.web
Source: GitHub Advisory Database
Blast Radius: 4.3
Published: over 4 years ago
Moderate
GSA_kwCzR0hTQS02ODl3LTJmOTMtMng2N84AAlKJ
Magento stored cross-site scripting vulnerability
Ecosystems: packagist
Packages: magento/community-edition, magento/core
Source: GitHub Advisory Database
Blast Radius: 6.6
Published: almost 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJ3cHItODNnMy05Nmc3
Cross-site scripting in padrino-contrib
Ecosystems: rubygems
Packages: padrino-contrib
Source: GitHub Advisory Database
Blast Radius: 9.3
Published: over 4 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXE4d2MtOXh2cC1nM2Mz
Cross-site scripting in Sakai
Ecosystems: maven
Packages: org.sakaiproject:chat-base
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 4 years ago
Moderate
GSA_kwCzR0hTQS1mMmM1LTk5N3ctN2Y1Y80Vyg
Cross-site Scripting in peertube
Ecosystems: npm
Packages: peertube
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTRwOGYtbW1mai1yNDVn
Cross-site scripting in fat_free_crm
Ecosystems: rubygems
Packages: fat_free_crm
Source: GitHub Advisory Database
Blast Radius: 9.8
Published: over 4 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWYyNDYteHJyai1nOGo2
Cross-site Scripting in markdown-it-highlightjs
Ecosystems: npm
Packages: markdown-it-highlightjs
Source: GitHub Advisory Database
Blast Radius: 20.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS01ODJwLTJmcGcteDIyNs4AAyj9
Microweber vulnerable to command injection
Ecosystems: packagist
Packages: microweber/microweber
Source: GitHub Advisory Database
Blast Radius: 4.3
Published: about 1 year ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTk4ZjctcDVyYy1qeDY3
Materialize-css vulnerable to Cross-site Scripting in tooltip component
Ecosystems: npm
Packages: @materializecss/materialize, materialize-css
Source: GitHub Advisory Database
Blast Radius: 27.1
Published: about 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWo5bTItNmhxMi00cjNj
Cross-site Scripting in invenio-previewer
Ecosystems: pypi
Packages: invenio-previewer
Source: GitHub Advisory Database
Blast Radius: 10.9
Published: almost 5 years ago
Moderate
GSA_kwCzR0hTQS1ncXJwLXFodjgtcGhyds4AARMy
Moodle Cross-site Scripting
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 8.6
Published: almost 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXIydjUtNXZjci1oM3Zx
Cross-site Scripting in Apache Zeppelin
Ecosystems: maven
Packages: org.apache.zeppelin:zeppelin
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 5 years ago
Moderate
GSA_kwCzR0hTQS1tdnByLXE2cmgtOHZycM4AAmcL
Grafana XSS via a query alias for the ElasticSearch datasource
Ecosystems: go
Packages: github.com/grafana/grafana
Source: GitHub Advisory Database
Blast Radius: 10.4
Published: almost 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJmcXYtaDNyNS1tNHZm
Cross Site Scripting (XSS) in plotly.js
Ecosystems: npm
Packages: plotly.js
Source: GitHub Advisory Database
Blast Radius: 22.6
Published: over 6 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWo1cmotZzY5NS0zNDJy
Fat Free CRM vulnerable to Cross-site Scripting
Ecosystems: rubygems
Packages: fat_free_crm
Source: GitHub Advisory Database
Blast Radius: 9.8
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWZ4ODMtM3BoMy05ajJx
Cross-site Scripting (XSS) in Django REST Framework
Ecosystems: pypi
Packages: djangorestframework
Source: GitHub Advisory Database
Blast Radius: 31.4
Published: about 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTY2Z3ctY2g1di03NHY4
Cross-site scripting (XSS) in Apache ActiveMQ
Ecosystems: maven
Packages: org.apache.activemq:activemq-parent
Source: GitHub Advisory Database
Blast Radius: 5.8
Published: about 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTcyZmctanFoeC1jNjhw
Open Redirect in st
Ecosystems: npm
Packages: st
Source: GitHub Advisory Database
Blast Radius: 29.3
Published: over 5 years ago
Moderate
GSA_kwCzR0hTQS1nY3g1LTNwNWYtZjh2cM0v5w
Prototype Pollution in jquery.cookie
Ecosystems: nuget
Packages: jquery.cookie
Source: GitHub Advisory Database
Blast Radius: 14.2
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1namo4LW04M2MtcXY5aM4AA3pY
Cross-site Scripting in evershop
Ecosystems: npm
Packages: @evershop/evershop
Source: GitHub Advisory Database
Blast Radius: 6.1
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS1meDk4LTh3OTMtNG14cs4AATvd
Snipe-IT XSS Vulnerability
Ecosystems: packagist
Packages: snipe/snipe-it
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1yNmg3LTg0NmMtOG03OM4AATpm
Elgg open redirect
Ecosystems: packagist
Packages: elgg/elgg
Source: GitHub Advisory Database
Blast Radius: 8.2
Published: almost 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWc0Z2ctOWY2Mi1qZnBo
OrientDB Studio web management interface is vulnerable to clickjacking attacks
Ecosystems: maven
Packages: com.orientechnologies:orientdb-studio
Source: GitHub Advisory Database
Blast Radius: 6.6
Published: over 5 years ago
Moderate
GSA_kwCzR0hTQS02cTQ5LTM1aDYtcnEycM4AAwCs
Browsershot version 3.57.3 vulnerable to improper input validation
Ecosystems: packagist
Packages: spatie/browsershot
Source: GitHub Advisory Database
Blast Radius: 18.5
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1wcGY4LWhocHAtZjVoas4AA7QS
Hugo Markdown titles do not escaped in internal render hooks
Ecosystems: go
Packages: github.com/gohugoio/hugo
Source: GitHub Advisory Database
Blast Radius: 14.2
Published: 10 days ago
Moderate
GSA_kwCzR0hTQS1nZ2hjLWc4Y2otNHZmds4AAqOV
Stored XSS vulnerability in Jenkins Git Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:git
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTRqaHctMnA2ai01d21w
Open Redirection in Login Handling
Ecosystems: packagist
Packages: typo3/cms, typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 21.9
Published: about 3 years ago
Moderate
GSA_kwCzR0hTQS1qZm1jLTM5NzUtZnY1Zs4AAv3T
Concrete CMS vulnerable to Reflected Cross-site Scripting via image manipulation library
Ecosystems: packagist
Packages: concrete5/concrete5
Source: GitHub Advisory Database
Blast Radius: 5.2
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS00anAzLXEycW0tOWZtd80ykw
Improper Restriction of Rendered UI Layers or Frames in Sylius
Ecosystems: packagist
Packages: sylius/sylius
Source: GitHub Advisory Database
Blast Radius: 17.5
Published: about 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXF3OTYtbW0yZy1jOG03
Next.js has cross site scripting (XSS) vulnerability via the 404 or 500 /_error page
Ecosystems: npm
Packages: next
Source: GitHub Advisory Database
Blast Radius: 33.8
Published: over 5 years ago
Moderate
GSA_kwCzR0hTQS1xanE5LXd4NWotanJnNs4AAXja
Dolibarr ERP and CRM contain XSS Vulnerability
Ecosystems: packagist
Packages: dolibarr/dolibarr
Source: GitHub Advisory Database
Blast Radius: 4.7
Published: almost 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWZwY3YtajJxOS12cWh3
Moderate severity vulnerability that affects mayan-edms
Ecosystems: pypi
Packages: mayan-edms
Source: GitHub Advisory Database
Blast Radius: 2.9
Published: over 5 years ago
Moderate
GSA_kwCzR0hTQS0zMjY0LTY1cGctNXhtNM4AAiZt
Dolibarr ERP and CRM HTML Injection
Ecosystems: packagist
Packages: dolibarr/dolibarr
Source: GitHub Advisory Database
Blast Radius: 4.7
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS02NXA4LTU0MjMtZnczeM4AAiji
Pimcore XSS Vulnerability
Ecosystems: packagist
Packages: pimcore/pimcore
Source: GitHub Advisory Database
Blast Radius: 15.2
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS04NnZtLThtNHAtNjI2M84AAWdd
OpenTSDB Cross-site Scripting vulnerability
Ecosystems: maven
Packages: net.opentsdb:opentsdb
Source: GitHub Advisory Database
Blast Radius: 13.7
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1oMm1xLXA5cjUtd2g5NM4AAj9n
Ignite Realtime Openfire allows Cross-site Scripting
Ecosystems: maven
Packages: org.igniterealtime.openfire:parent
Source: GitHub Advisory Database
Blast Radius: 1.8
Published: almost 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTM1bW0tY2M2ci04Zmpw
Cross-site scripting in actionpack
Ecosystems: rubygems
Packages: actionpack
Source: GitHub Advisory Database
Blast Radius: 36.2
Published: about 3 years ago
Moderate
GSA_kwCzR0hTQS1jcXA3LWh3bTMtY2ZnN84AAQ7E
XSS vulnerability in Jenkins Warnings Next Generation Plugin
Ecosystems: maven
Packages: io.jenkins.plugins:warnings-ng
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS05NzRxLTR2dnItdmc5Y84AAzit
thorsten/phpmyfaq vulnerable to cross-site scripting
Ecosystems: packagist
Packages: thorsten/phpmyfaq
Source: GitHub Advisory Database
Blast Radius: 3.6
Published: 11 months ago
Moderate
GSA_kwCzR0hTQS1xamZ4LWZ2eDctM3d2d84AA3yi
Business Logic Errors in microweber/microweber
Ecosystems: packagist
Packages: microweber/microweber
Source: GitHub Advisory Database
Blast Radius: 4.2
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS02cng5LWMycmgtM3F2NM4AA2A7
OpenStack Barbican information disclosure vulnerability
Ecosystems: pypi
Packages: barbican
Source: GitHub Advisory Database
Blast Radius: 2.9
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS1od2NjLTRjdjgtY2YzaM4AA4AE
Snowflake Connector .NET does not properly check the Certificate Revocation List (CRL)
Ecosystems: nuget
Packages: Snowflake.Data
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS12bXB2LXFqaHEtcjQ2M84AA01a
Pimcore Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: pimcore/pimcore
Source: GitHub Advisory Database
Blast Radius: 14.9
Published: 10 months ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTg3OHctN2d4cC1tYzYz
SQL Injection in Spring Cloud Task
Ecosystems: maven
Packages: org.springframework.cloud:spring-cloud-task-dependencies
Source: GitHub Advisory Database
Blast Radius: 13.3
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1wN3YyLXA5bTgtcXFnN84AA1vf
Electron context isolation bypass via nested unserializable return value
Ecosystems: npm
Packages: electron
Source: GitHub Advisory Database
Blast Radius: 29.8
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS01NTd2LXhjZzYtcm01bc4AA3_F
Potential URI resolution path traversal in the AWS SDK for PHP
Ecosystems: packagist
Packages: aws/aws-sdk-php
Source: GitHub Advisory Database
Blast Radius: 26.6
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS1ydjc0LW0yODMtNWo5Nc4AA3k5
Elasticsearch-hadoop Unsafe Deserialization
Ecosystems: maven
Packages: org.elasticsearch:elasticsearch-hadoop
Source: GitHub Advisory Database
Blast Radius: 14.8
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS1nd3ZxLXJncWYtOTkzZs4AAX-q
python-keystoneclient vulnerable to context confusion in Keystone auth_token middleware
Ecosystems: pypi
Packages: python-keystoneclient
Source: GitHub Advisory Database
Blast Radius: 21.0
Published: almost 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXI2ZmYtMnEzYy12M3B2
Compiler optimisation leads to SEGFAULT
Ecosystems: cargo
Packages: pnet
Source: GitHub Advisory Database
Blast Radius: 16.2
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS13d2p3LXIzZ2otMzlmcc4AArtR
Insufficient Session Expiration in TYPO3's Admin Tool
Ecosystems: packagist
Packages: typo3/cms, typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 21.5
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1jbTZyLTg5MmotanYyZ84AAt-V
Google Play Services SDK leads to apps having incorrectly set mutability flag
Ecosystems: maven
Packages: com.google.android.gms:play-services-basement
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS05d2g3LTM5N2otNzIybc4AAy-6
Ironic and ironic-inspector may expose as ConfigMaps
Ecosystems: go
Packages: github.com/metal3-io/baremetal-operator
Source: GitHub Advisory Database
Blast Radius: 12.5
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1yajVmLXZtNzktNWo4NM4AAvdv
OctoPrint vulnerable to Special Element Injection
Ecosystems: pypi
Packages: OctoPrint
Source: GitHub Advisory Database
Blast Radius: 4.7
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1ndnF2LWg3aGgtNmZjY84AA5F-
Allegro AI ClearML Stores Credentials in Plaintext in MongoDB Instance
Ecosystems: pypi
Packages: clearml
Source: GitHub Advisory Database
Blast Radius: 13.4
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS1oaGY4LWY1dzktZzZ2aM4AA6i0
OpenID Connect Authentication (oidc) Typo3 extension Authentication Bypass
Ecosystems: packagist
Packages: causal/oidc
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS03NW01LWhoNHItcTlneM4AA6JI
GeoServer Arbitrary file renaming vulnerability in REST Coverage/Data Store API
Ecosystems: maven
Packages: org.geoserver:gs-restconfig
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS04cm1tLWdtMjgtcGo4cc4AA7I3
Keycloak Cross-site Scripting (XSS) via assertion consumer service URL in SAML POST-binding flow
Ecosystems: maven
Packages: org.keycloak:keycloak-services
Source: GitHub Advisory Database
Blast Radius: 16.5
Published: 16 days ago
Moderate
GSA_kwCzR0hTQS1jZjRnLWZjZjgtM2NyOc4AAxgf
`pnet_packet` buffer overrun in `set_payload` setters
Ecosystems: cargo
Packages: pnet_packet
Source: GitHub Advisory Database
Blast Radius: 16.4
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1meDZ4LWg5ZzQtNTZmOM4AAk1F
containernetworking/plugins vulnerable to MitM attacks
Ecosystems: go
Packages: github.com/containernetworking/plugins
Source: GitHub Advisory Database
Blast Radius: 24.7
Published: almost 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTdtZzQtdzN3NS14NXBj
Prototype pollution in json-pointer
Ecosystems: npm
Packages: json-pointer
Source: GitHub Advisory Database
Blast Radius: 24.1
Published: almost 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXBmNTktajdjMi1yaDZ4
Exposure of Sensitive Information to an Unauthorized Actor and Insertion of Sensitive Information Into Sent Data in Calico
Ecosystems: go
Packages: github.com/projectcalico/calico
Source: GitHub Advisory Database
Blast Radius: 5.1
Published: about 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXFycmMtd3c5eC1yNDNn
Improper Input Validation in Docker Engine
Ecosystems: go
Packages: github.com/docker/docker-ce
Source: GitHub Advisory Database
Blast Radius: 10.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS01bXhmLTQyZjUtajc4Ms4AA503
Grafana's users with permissions to create a data source can CRUD all data sources
Ecosystems: go
Packages: github.com/grafana/grafana
Source: GitHub Advisory Database
Blast Radius: 10.2
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS03djN4LWg3cjItMzRqds0lXg
Insufficient Session Expiration in Pterodactyl API
Ecosystems: packagist
Packages: pterodactyl/panel
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS04cmM5LXZ4amgtcWpmMs4AAz9k
Vega's validators able to submit duplicate transactions
Ecosystems: go
Packages: code.vegaprotocol.io/vega
Source: GitHub Advisory Database
Blast Radius: 4.2
Published: 11 months ago
Moderate
GSA_kwCzR0hTQS1naHA4LTUydngtNzdqNM4AA2Al
pgAdmin failed to properly control the server code
Ecosystems: pypi
Packages: pgadmin4
Source: GitHub Advisory Database
Blast Radius: 10.2
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS12OTVjLXA1aG0teHE4Zs0ZQA
Overflow in netlink bytemsg length field allows attacker to override netlink-based container configuration in RunC
Ecosystems: go
Packages: github.com/opencontainers/runc
Source: GitHub Advisory Database
Blast Radius: 26.6
Published: over 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWMzOGctNDY5Zy1jbWd4
Improper Neutralization of Special Elements in Output in helm.sh/helm/v3
Ecosystems: go
Packages: helm.sh/helm/v3
Source: GitHub Advisory Database
Blast Radius: 21.8
Published: almost 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTV3ZzQtNzRoNi1xNDd2
Integer Overflow or Wraparound and Use of a Broken or Risky Cryptographic Algorithm in bcrypt
Ecosystems: npm
Packages: bcrypt
Source: GitHub Advisory Database
Blast Radius: 32.2
Published: over 3 years ago
Moderate
GSA_kwCzR0hTQS00aGMyLWpoN3Itd3JjM83zKg
Improper Certificate Validation in OkHttp
Ecosystems: maven
Packages: com.squareup.okhttp3:okhttp
Source: GitHub Advisory Database
Blast Radius: 28.8
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS13cjl2LWc5dmYtYzc0ds4AAu24
TensorFlow vulnerable to segfault in `RaggedBincount`
Ecosystems: pypi
Packages: tensorflow
Source: GitHub Advisory Database
Blast Radius: 28.7
Published: over 1 year ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTY5dmoteHgyNy1nNDV3
Data race in eventio
Ecosystems: cargo
Packages: eventio
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1yMjZjLTY3OXctbXJqbc4AAu2T
TensorFlow vulnerable to `CHECK` fail in `FakeQuantWithMinMaxVarsGradient`
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 28.7
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1mOHE0LWp3d3cteDN3ds00ww
Race Condition in Paramiko
Ecosystems: pypi
Packages: paramiko
Source: GitHub Advisory Database
Blast Radius: 26.5
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS01aG04LXZoNnItMmNqcc4AAuFp
CodeIgniter Shield Vulnerable to SameSite Attackers Bypassing the CSRF Protection
Ecosystems: packagist
Packages: codeigniter4/shield
Source: GitHub Advisory Database
Blast Radius: 9.1
Published: over 1 year ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXc0ZzItOWhqNi01NDcy
Moderate severity vulnerability that affects com.rabbitmq:amqp-client and org.springframework.amqp:spring-amqp
Ecosystems: maven
Packages: com.rabbitmq:amqp-client, org.springframework.amqp:spring-amqp
Source: GitHub Advisory Database
Blast Radius: 23.9
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWg2OTgtcjRobS13OTRw
Validation Bypass in paypal-ipn
Ecosystems: npm
Packages: paypal-ipn
Source: GitHub Advisory Database
Blast Radius: 10.8
Published: over 3 years ago
Moderate
GSA_kwCzR0hTQS1wcHJxLTQ0ODgtd2dxeM4AAQF7
Insecure transport protocol in Gradle
Ecosystems: maven
Packages: org.gradle:gradle-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS12cDU2LTZnMjYtNjgyN84AAtwJ
node-fetch Inefficient Regular Expression Complexity
Ecosystems: npm
Packages: node-fetch
Source: GitHub Advisory Database
Blast Radius: 36.9
Published: almost 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXhyeDYtZm14cS1yamoy
Timing attacks in python-rsa
Ecosystems: pypi
Packages: rsa
Source: GitHub Advisory Database
Blast Radius: 28.6
Published: about 3 years ago
Moderate
GSA_kwCzR0hTQS1ycDgyLXh2ZzMtNzI3Y84AAWxR
Jenkins Google Login Plugin Session Fixation vulnerability
Ecosystems: maven
Packages: org.jenkins-ci.plugins:google-login
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS05OTQyLXIyMnYtNzhjcM4AAu25
TensorFlow vulnerable to `CHECK` fail in `LRNGrad`
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 28.7
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1jaHcyLTZjN3ItMzdwN84AAua4
uri-template-lite Regular Expression Denial of Service
Ecosystems: npm
Packages: uri-template-lite
Source: GitHub Advisory Database
Blast Radius: 13.9
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1wN2hyLWY0NDYteDZxZs4AAu1u
TensorFlow vulnerable to `CHECK` fail in `tf.sparse.cross`
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 28.7
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS00NG1yLTh2bW0td2poZ84AAv0V
Wasmtime out of bounds read/write with zero-memory-pages configuration
Ecosystems: cargo
Packages: wasmtime
Source: GitHub Advisory Database
Blast Radius: 20.0
Published: over 1 year ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXFxeHctbTVmai1mN2d2
The pattern '/\domain.com' is not disallowed when redirecting, allowing for open redirect
Ecosystems: go
Packages: github.com/oauth2-proxy/oauth2-proxy
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1jNXZqLWYzNnEtcDl2Z84AAyEz
Password Shucking Vulnerability
Ecosystems: packagist
Packages: codeigniter4/shield
Source: GitHub Advisory Database
Blast Radius: 9.1
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1wajQ1LTh2aGMtbWgyZs4AAXb9
Jenkins Swarm Plugin Client vulnerable to man-in-the-middle attacks
Ecosystems: maven
Packages: org.jvnet.hudson.plugins:swarm-plugin, org.jenkins-ci.plugins:swarm-client
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWN3aDUtM2N3Ny00Mjg2
tlslite-ng off-by-one error on mac checking
Ecosystems: pypi
Packages: tlslite-ng
Source: GitHub Advisory Database
Blast Radius: 12.2
Published: almost 6 years ago
Moderate
GSA_kwCzR0hTQS1xZjNmLTd4NjktcWZ2M84AAWq5
phpMyAdmin DoS Vulnerability
Ecosystems: packagist
Packages: phpmyadmin/phpmyadmin
Source: GitHub Advisory Database
Blast Radius: 6.9
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1mNG1tLTJyNjktbWc1Zs4AAvih
OpenFGA Authorization Bypass
Ecosystems: go
Packages: github.com/openfga/openfga
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1taGhmLXZnd2gtZnc5aM4AAwLn
Passeo uses insecure random number generator
Ecosystems: pypi
Packages: Passeo
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS14OTg5LXEycHEtNHE1eM4AAu2h
TensorFlow vulnerable to Int overflow in `RaggedRangeOp`
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 28.7
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS12N3Z3LTU3N2YtdnA4eM4AAu2z
TensorFlow vulnerable to segfault in `QuantizedRelu` and `QuantizedRelu6`
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 28.7
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS12Z3ZoLTJwZjQtanIyeM4AAu2y
TensorFlow vulnerable to segfault in `QuantizeDownAndShrinkRange`
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 28.7
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS13MzNjLTQ0NW0tZjh3N84AA0qh
Okio Signed to Unsigned Conversion Error vulnerability
Ecosystems: maven
Packages: com.squareup.okio:okio-jvm, com.squareup.okio:okio
Source: GitHub Advisory Database
Blast Radius: 24.1
Published: 10 months ago
Statistics
Advisories: 18,361
Packages: 8,293
Repositories: 5,016
Ecosystems: 12
Filter by Severity
Moderate 7,925 High 6,355 Critical 2,807 Low 985
Filter by Ecosystem
maven 5,531 packagist 3,802 pypi 3,711 npm 3,543 go 1,895 nuget 1,390 rubygems 814 cargo 777 swift 31 hex 30 actions 16 pub 8
Filter by Package
tensorflow 432 tensorflow-cpu 387 tensorflow-gpu 384 moodle/moodle 322 Microsoft.ChakraCore 247 org.jenkins-ci.main:jenkins-core 189 magento/community-edition 182 org.apache.tomcat:tomcat 134 pimcore/pimcore 116 dolibarr/dolibarr 105 typo3/cms 102 phpmyadmin/phpmyadmin 91 microweber/microweber 91 django 80 apache-airflow 78 drupal/core 76 typo3/cms-core 73 thorsten/phpmyfaq 70 com.fasterxml.jackson.core:jackson-databind 69 ansible 63 drupal/drupal 61 github.com/usememos/memos 59 actionpack 57 org.apache.struts:struts2-core 55 librenms/librenms 54 symfony/symfony 53 concrete5/concrete5 52 salt 50 shopware/platform 48 apache-superset 48 org.keycloak:keycloak-core 47 com.liferay.portal:release.portal.bom 45 Plone 45 baserproject/basercms 43 plone 43 rdiffweb 42 nokogiri 42 Pillow 41 craftcms/cms 40 showdoc/showdoc 40 intelliants/subrion 40 github.com/mattermost/mattermost/server/v8 38 vyper 38 nilsteampassnet/teampass 37 org.apache.tomcat.embed:tomcat-embed-core 37 github.com/mattermost/mattermost-server/v6 37 com.jfinal:jfinal 36 froxlor/froxlor 36 com.thoughtworks.xstream:xstream 36 shopware/core 36 matrix-synapse 35 net.mingsoft:ms-mcms 35 github.com/answerdev/answer 34 org.xwiki.platform:xwiki-platform-oldcore 34 snipe/snipe-it 32 silverstripe/framework 32 k8s.io/kubernetes 32 org.jenkins-ci.plugins:script-security 32 org.elasticsearch:elasticsearch 32 mlflow 31 opencv-python 30 opencv-contrib-python 30 mautic/core 29 parse-server 29 github.com/argoproj/argo-cd 29 github.com/grafana/grafana 28 github.com/hashicorp/vault 28 github.com/rancher/rancher 28 shopware/shopware 27 org.keycloak:keycloak-services 27 io.undertow:undertow-core 27 Django 27 centreon/centreon 27 getgrav/grav 27 github.com/hashicorp/consul 26 openssl-src 26 electron 26 github.com/hashicorp/nomad 26 rubygems-update 25 org.keycloak:keycloak-parent 25 org.apache.solr:solr-core 25 prestashop/prestashop 24 gogs.io/gogs 24 magento/core 24 org.eclipse.jetty:jetty-server 23 moin 23 github.com/argoproj/argo-cd/v2 23 puppet 23 pocketmine/pocketmine-mp 23 org.springframework.security:spring-security-core 23 remdex/livehelperchat 23 ckb 22 org.apache.nifi:nifi 22 getkirby/cms 22 grumpydictator/firefly-iii 22 rack 22 contao/core-bundle 21 org.apache.openmeetings:openmeetings-parent 21 activerecord 21 @openzeppelin/contracts-upgradeable 21 org.cloudfoundry.identity:cloudfoundry-identity-server 20 @openzeppelin/contracts 20 github.com/cilium/cilium 20 org.springframework:spring-core 19 code.gitea.io/gitea 19 github.com/docker/docker 19 github.com/ethereum/go-ethereum 19 org.bouncycastle:bcprov-jdk14 19 DotNetNuke.Core 19 com.vaadin:vaadin-bom 18 contao/contao 18 helm.sh/helm/v3 18 langchain 18 forkcms/forkcms 18 com.liferay.portal:release.dxp.bom 18 tribalsystems/zenario 18 cockpit-hq/cockpit 17 golang.org/x/net 17 org.apache.geode:geode-core 17 org.xwiki.platform:xwiki-platform-web-templates 17 simplesamlphp/simplesamlphp 17 francoisjacquet/rosariosis 17 mercurial 17 genix/cms 17 symfony/security 17 Microsoft.AspNetCore.App.Runtime.win-x86 17 Microsoft.AspNetCore.App.Runtime.win-x64 17 cakephp/cakephp 17 PaddlePaddle 17 cobbler 17 sequelize 16 pillow 16 org.apache.activemq:activemq-client 16 org.bouncycastle:bcprov-jdk15 16 Microsoft.AspNetCore.App.Runtime.win-arm 16 org.apache.dubbo:dubbo 16 yetiforce/yetiforce-crm 16 directus 16 wasmtime 16 rusqlite 16 Microsoft.AspNetCore.App.Runtime.linux-arm64 15 Microsoft.AspNetCore.App.Runtime.linux-arm 15 nova 15 topthink/framework 15 org.apache.struts.xwork:xwork-core 15 Microsoft.AspNetCore.App.Runtime.linux-musl-x64 15 cryptography 15 org.apache.jspwiki:jspwiki-main 15 openmage/magento-lts 15 Microsoft.AspNetCore.App.Runtime.osx-x64 15 Microsoft.AspNetCore.App.Runtime.linux-x64 15 paddlepaddle 15 github.com/goharbor/harbor 15 notebook 15 ezsystems/ezpublish-kernel 14 smarty/smarty 14 symfony/security-http 14 pyftpdlib 14 gradio 14 zendframework/zendframework1 14 swagger-ui 14 phpmailer/phpmailer 14 modoboa 14 keystone 14 Microsoft.AspNetCore.App.Runtime.win-arm64 14 Microsoft.AspNetCore.App.Runtime.linux-musl-arm64 14 org.xwiki.platform:xwiki-platform-web 14 publify_core 14 typo3/cms-backend 14 ec-cube/ec-cube 14 pyload-ng 14 activesupport 14 ghost 14 tinymce 14 github.com/containerd/containerd 13 github.com/traefik/traefik/v2 13 github.com/mattermost/mattermost-server 13 strapi 13 elefant/cms 13 org.apache.cxf:cxf 13 github.com/nats-io/nats-server/v2 13 passenger 13 october/system 13 joplin 13 org.apache.hadoop:hadoop-main 13 neutron 13 lavalite/cms 13 codeigniter4/framework 13 ckeditor4 13 next 13 bolt/bolt 13 org.apache.inlong:manager-pojo 13 impresscms/impresscms 13 vantage6 12 undici 12 studio-42/elfinder 12 vm2 12 org.jenkins-ci.plugins:git 12 org.apache.dolphinscheduler:dolphinscheduler 12 dompdf/dompdf 12
Filter by Repository
https://github.com/tensorflow/tensorflow 432 https://github.com/chakra-core/ChakraCore 214 https://github.com/moodle/moodle 210 https://github.com/xwiki/xwiki-platform 172 https://github.com/jenkinsci/jenkins 148 https://github.com/pimcore/pimcore 111 https://github.com/apache/tomcat 96 https://github.com/apache/airflow 90 https://github.com/microweber/microweber 85 https://github.com/django/django 74 https://github.com/FasterXML/jackson-databind 70 https://github.com/thorsten/phpmyfaq 69 https://github.com/keycloak/keycloak 59 https://github.com/usememos/memos 59 https://github.com/Dolibarr/dolibarr 54 https://github.com/rails/rails 53 https://github.com/ansible/ansible 53 https://github.com/python-pillow/Pillow 52 https://github.com/kubernetes/kubernetes 48 https://github.com/symfony/symfony 47 https://github.com/librenms/librenms 46 https://github.com/apache/struts 46 https://github.com/shopware/platform 43 https://github.com/TYPO3/typo3 42 https://github.com/ikus060/rdiffweb 42 https://github.com/spring-projects/spring-framework 41 https://github.com/vyperlang/vyper 38 https://github.com/star7th/showdoc 38 https://github.com/phpmyadmin/phpmyadmin 38 https://github.com/plone/Products.CMFPlone 37 https://github.com/argoproj/argo-cd 37 https://github.com/x-stream/xstream 36 https://github.com/concretecms/concretecms 34 https://github.com/answerdev/answer 34 https://github.com/octobercms/october 33 https://github.com/apache/activemq 33 https://github.com/matrix-org/synapse 32 https://github.com/saltstack/salt 32 https://github.com/sparklemotion/nokogiri 31 https://github.com/magento/magento2 31 https://github.com/PaddlePaddle/Paddle 31 https://github.com/go-gitea/gitea 31 https://github.com/parse-community/parse-server 29 https://github.com/craftcms/cms 29 https://github.com/CVEProject/cvelist 28 https://github.com/opencv/opencv 28 https://github.com/snipe/snipe-it 28 https://github.com/mautic/mautic 27 https://github.com/froxlor/froxlor 26 https://github.com/mlflow/mlflow 25 https://github.com/apache/inlong 25 https://github.com/rancher/rancher 25 https://github.com/electron/electron 25 https://github.com/TYPO3/TYPO3.CMS 24 https://github.com/shopware/shopware 24 https://github.com/pmmp/PocketMine-MP 23 https://github.com/github/advisory-database 23 https://github.com/eclipse/jetty.project 23 https://github.com/livehelperchat/livehelperchat 23 https://github.com/dotnet/runtime 23 https://github.com/getgrav/grav 23 https://github.com/contao/contao 22 https://github.com/grafana/grafana 22 https://github.com/nervosnetwork/ckb 22 https://github.com/firefly-iii/firefly-iii 22 https://github.com/baserproject/basercms 22 https://github.com/jenkinsci/script-security-plugin 21 https://github.com/apache/nifi 21 https://github.com/strapi/strapi 21 https://github.com/PrestaShop/PrestaShop 20 https://github.com/cilium/cilium 20 https://github.com/gogs/gogs 20 https://github.com/netty/netty 20 https://github.com/OpenZeppelin/openzeppelin-contracts 20 https://github.com/OpenNMS/opennms 20 https://github.com/jeecgboot/jeecg-boot 20 https://github.com/nilsteampassnet/teampass 19 https://github.com/helm/helm 19 https://github.com/hashicorp/consul 19 https://github.com/intelliants/subrion 19 https://github.com/apache/cxf 19 https://github.com/cloudfoundry/uaa 19 https://github.com/nilsteampassnet/TeamPass 18 https://github.com/getkirby/kirby 18 https://github.com/bcgit/bc-java 18 https://github.com/rubygems/rubygems 18 https://github.com/bytecodealliance/wasmtime 17 https://github.com/rack/rack 17 https://github.com/vaadin/platform 17 https://github.com/liufee/cms 17 https://github.com/yetiforcecompany/yetiforcecrm 16 https://github.com/etcd-io/etcd 16 https://github.com/umbraco/Umbraco-CMS 16 https://github.com/rusqlite/rusqlite 16 https://github.com/forkcms/forkcms 16 https://github.com/hashicorp/vault 16 https://github.com/opencast/opencast 16 https://github.com/sequelize/sequelize 16 https://github.com/apache/camel 15 https://github.com/goharbor/harbor 15 https://github.com/puppetlabs/puppet 15 https://github.com/directus/directus 15 https://github.com/geoserver/geoserver 15 https://github.com/centreon/centreon 15 https://github.com/ethereum/go-ethereum 15 https://github.com/OpenMage/magento-lts 15 https://github.com/cockpit-hq/cockpit 14 https://github.com/vantage6/vantage6 14 https://github.com/mattermost/mattermost 14 https://github.com/PHPMailer/PHPMailer 14 https://github.com/tinymce/tinymce 14 https://github.com/denoland/deno 14 https://github.com/simplesamlphp/simplesamlphp 14 https://github.com/moby/moby 14 https://github.com/pyca/cryptography 14 https://github.com/langchain-ai/langchain 14 https://github.com/cobbler/cobbler 14 https://github.com/pyload/pyload 14 https://github.com/gradio-app/gradio 13 https://github.com/swagger-api/swagger-ui 13 https://github.com/xuxueli/xxl-job 13 https://github.com/dompdf/dompdf 13 https://github.com/containerd/containerd 13 https://github.com/modoboa/modoboa 13 https://github.com/traefik/traefik 13 https://github.com/ming-soft/MCMS 13 https://github.com/hashicorp/nomad 13 https://github.com/publify/publify 13 https://github.com/quarkusio/quarkus 13 https://github.com/golang/go 13 https://github.com/silverstripe/silverstripe-framework 13 https://github.com/undertow-io/undertow 13 https://github.com/nodejs/undici 12 https://github.com/ckeditor/ckeditor4 12 https://github.com/centreon/centreon-archived 12 https://github.com/patriksimek/vm2 12 https://github.com/apache/kylin 12 https://github.com/laurent22/joplin 12 https://github.com/apache/dolphinscheduler 12 https://github.com/dromara/hutool 12 https://github.com/twisted/twisted 12 https://github.com/backstage/backstage 12 https://github.com/TryGhost/Ghost 12 https://github.com/cloudflare/cfrpki 11 https://github.com/drupal/core 11 https://github.com/igniterealtime/Openfire 11 https://github.com/onionshare/onionshare 11 https://github.com/vaadin/flow 11 https://github.com/opencontainers/runc 11 https://github.com/openstack/keystone 11 https://github.com/containers/podman 11 https://github.com/thorsten/phpMyFAQ 11 https://github.com/Studio-42/elFinder 11 https://github.com/janeczku/calibre-web 11 https://github.com/jquery/jquery 11 https://github.com/cakephp/cakephp 11 https://github.com/puma/puma 11 https://github.com/aio-libs/aiohttp 11 https://github.com/NodeBB/NodeBB 11 https://github.com/zitadel/zitadel 11 https://github.com/smarty-php/smarty 11 https://github.com/openfga/openfga 11 https://github.com/urllib3/urllib3 11 https://github.com/pimcore/admin-ui-classic-bundle 10 https://github.com/keystonejs/keystone 10 https://github.com/ezsystems/ezpublish-kernel 10 https://github.com/nextauthjs/next-auth 10 https://github.com/jupyter/notebook 10 https://github.com/dpgaspar/Flask-AppBuilder 10 https://github.com/greenpau/caddy-security 10 https://github.com/phusion/passenger 10 https://github.com/nats-io/nats-server 10 https://github.com/zopefoundation/Zope 10 https://github.com/jenkinsci/git-plugin 10 https://github.com/WWBN/AVideo 10 https://github.com/dolibarr/dolibarr 10 https://github.com/dotnet/aspnetcore 10 https://github.com/OPCFoundation/UA-.NETStandard 10 https://github.com/codeigniter4/CodeIgniter4 10 https://github.com/cosmos/cosmos-sdk 10 https://github.com/wagtail/wagtail 10 https://github.com/1Panel-dev/1Panel 10 https://github.com/semplon/GeniXCMS 9 https://github.com/top-think/framework 9 https://github.com/fatfreecrm/fat_free_crm 9 https://github.com/ethyca/fides 9 https://github.com/kevinpapst/kimai2 9 https://github.com/cri-o/cri-o 9 https://github.com/bolt/bolt 9 https://github.com/apache/lucene-solr 9 https://github.com/rails/rails-html-sanitizer 9 https://github.com/Graylog2/graylog2-server 9 https://github.com/evershopcommerce/evershop 9 https://github.com/yiisoft/yii2 9 https://github.com/DSpace/DSpace 9 https://github.com/spring-projects/spring-security 9 https://github.com/funadmin/funadmin 9 https://github.com/giampaolo/pyftpdlib 9 https://github.com/LavaLite/cms 9