Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories

Loading...
High
GSA_kwCzR0hTQS1mcHY2LWY4anctcmMzcs0V-Q
Elvish vulnerable to remote code execution via the web UI backend
Ecosystems: go
Packages: github.com/elves/elvish
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWgycjQtNHhnZi0zODY1
Downloads Resources over HTTP in product-monitor
Ecosystems: npm
Packages: product-monitor
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 5 years ago
High
GSA_kwCzR0hTQS1qamNqLWZnZm0tOWc5cs4AAUCZ
Phusion Passenger Race Condition Allows Privilege Escalation
Ecosystems: rubygems
Packages: passenger
Source: GitHub Advisory Database
Blast Radius: 24.7
Published: almost 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTNjY3EtNXZ3My0ycDZ4
XStream is vulnerable to an Arbitrary Code Execution attack
Ecosystems: maven
Packages: com.thoughtworks.xstream:xstream
Source: GitHub Advisory Database
Blast Radius: 37.9
Published: over 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXFyeDgtODU0NS00d2cy
XStream is vulnerable to an Arbitrary Code Execution attack
Ecosystems: maven
Packages: com.thoughtworks.xstream:xstream
Source: GitHub Advisory Database
Blast Radius: 37.9
Published: over 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWgyZjQtdjRjNC02d3g0
Uncontrolled Resource Consumption in org.eclipse.jetty:jetty-server
Ecosystems: maven
Packages: org.eclipse.jetty:jetty-server
Source: GitHub Advisory Database
Blast Radius: 34.0
Published: about 5 years ago
High
GSA_kwCzR0hTQS02YzJ2LXhjOGYtZnZmN838Rg
ChakraCore RCE Vulnerability
Ecosystems: nuget
Packages: Microsoft.ChakraCore
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
High
GSA_kwCzR0hTQS0yY2dxLWg4eHctMnY1as4AA7Z-
CRI-O vulnerable to an arbitrary systemd property injection
Ecosystems: go
Packages: github.com/cri-o/cri-o
Source: GitHub Advisory Database
Blast Radius: 12.9
Published: 4 days ago
High
GSA_kwCzR0hTQS1mdnE2LTM5MmgtNm1qas0WWg
Out-of-bounds Read in OpenCV
Ecosystems: pypi
Packages: opencv-contrib-python, opencv-python
Source: GitHub Advisory Database
Blast Radius: 42.5
Published: over 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXBnNTktMmY5Mi01Y3Bo
Heap buffer overflow in Tensorflow
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 41.9
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXAycnAtY21qcS1yN3dt
Shell command injection in Apache Syncope
Ecosystems: maven
Packages: org.apache.syncope:syncope
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXA4eHItNHYyYy1ydmdw
High severity vulnerability that affects org.apache.hbase:hbase
Ecosystems: maven
Packages: org.apache.hbase:hbase
Source: GitHub Advisory Database
Blast Radius: 26.7
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXE0M2MtZzJnNy02Z3hq
Cross-Site Request Forgery (CSRF) in keystone
Ecosystems: npm
Packages: keystone
Source: GitHub Advisory Database
Blast Radius: 25.9
Published: over 6 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTczeHYtdzVncC1mcnho
Logic error in Legion of the Bouncy Castle BC Java
Ecosystems: maven
Packages: org.bouncycastle:bcprov-ext-jdk16, org.bouncycastle:bcprov-jdk16, org.bouncycastle:bcprov-jdk14, org.bouncycastle:bcprov-ext-jdk15on, org.bouncycastle:bcprov-jdk15on, org.bouncycastle:bcprov-jdk15, org.bouncycastle:bcprov-jdk15to18
Source: GitHub Advisory Database
Blast Radius: 34.6
Published: about 3 years ago
High
GSA_kwCzR0hTQS03d3E0LTg5eHgtZzYyas0mjw
Password exposure in ShenYu
Ecosystems: maven
Packages: org.apache.shenyu:shenyu-common
Source: GitHub Advisory Database
Blast Radius: 12.3
Published: over 2 years ago
High
GSA_kwCzR0hTQS1tdnJwLTNjdngtYzMyNc4AA2PO
Zod denial of service vulnerability during email validation
Ecosystems: npm
Packages: express-zod-api
Source: GitHub Advisory Database
Blast Radius: 5.2
Published: 7 months ago
High
GSA_kwCzR0hTQS04cXhwLWc4anYtcDM3eM3rvA
Improper Authorization in Jenkins Core
Ecosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
High
GSA_kwCzR0hTQS00anY5LTM1NjMtMjNqM84AAwZv
Knex.js has a limited SQL injection vulnerability
Ecosystems: npm
Packages: knex
Source: GitHub Advisory Database
Blast Radius: 37.3
Published: over 1 year ago
High
GSA_kwCzR0hTQS1qeGdyLWdjajUtY3FxZ84AA7cp
nautobot has reflected Cross-site Scripting potential in all object list views
Ecosystems: pypi
Packages: nautobot
Source: GitHub Advisory Database
Blast Radius: 12.5
Published: 3 days ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTMzYzctMm1wdy1oZzM0
Log injection in uvicorn
Ecosystems: pypi
Packages: uvicorn
Source: GitHub Advisory Database
Blast Radius: 35.3
Published: almost 4 years ago
High
GSA_kwCzR0hTQS0zdjc5LXE3cGgtajc1aM4AA5e3
MLFlow Cross-site Scripting vulnerability leads to client-side Remote Code Execution
Ecosystems: pypi
Packages: mlflow
Source: GitHub Advisory Database
Blast Radius: 27.8
Published: 2 months ago
High
GSA_kwCzR0hTQS1jOWdwLTY0YzQtMnJyaM4AA6Ov
Server-Side Template Injection (SSTI) with Grav CMS security sandbox bypass
Ecosystems: packagist
Packages: getgrav/grav
Source: GitHub Advisory Database
Blast Radius: 8.4
Published: about 1 month ago
High
GSA_kwCzR0hTQS1tN2h4LWh3NmgtbXFtY84AA6Ou
Grav File Upload Path Traversal
Ecosystems: packagist
Packages: getgrav/grav
Source: GitHub Advisory Database
Blast Radius: 6.9
Published: about 1 month ago
High
GSA_kwCzR0hTQS1tdjkzLXd2Y3AtN203cs4AAQd1
golang.org/x/net/html Improper Validation of Array Index vulnerability
Ecosystems: go
Packages: golang.org/x/net
Source: GitHub Advisory Database
Blast Radius: 40.8
Published: almost 2 years ago
High
GSA_kwCzR0hTQS14aDZtLTdjcjcteHg2Ns4AA5jR
Missing permission checks on Hazelcast client protocol
Ecosystems: maven
Packages: com.hazelcast:hazelcast
Source: GitHub Advisory Database
Blast Radius: 30.5
Published: 2 months ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXFxNDgtbTRqeC14cWg4
"Deserialization errors in MyBatis"
Ecosystems: maven
Packages: org.mybatis:mybatis
Source: GitHub Advisory Database
Blast Radius: 40.0
Published: about 3 years ago
High
GSA_kwCzR0hTQS00cjc4LWh4NzUtampqMs39zQ
golang.org/x/net/html has Improper Restriction of Operations within the Bounds of a Memory Buffer
Ecosystems: go
Packages: golang.org/x/net
Source: GitHub Advisory Database
Blast Radius: 40.8
Published: almost 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJ2N3AtbW13cS14Njc0
Improper Input Validation and Code Injection in pdf-image
Ecosystems: npm
Packages: pdf-image
Source: GitHub Advisory Database
Blast Radius: 22.6
Published: almost 3 years ago
High
GSA_kwCzR0hTQS0zdjI4LTlqanAtNGc1d84AAahz
Plone Privilege Escalation Vulnerability
Ecosystems: pypi
Packages: Plone
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1mY2Y5LTZmdjItZmM1ds39nQ
golang.org/x/net/html has Improper Restriction of Operations within the Bounds of a Memory Buffer
Ecosystems: go
Packages: golang.org/x/net
Source: GitHub Advisory Database
Blast Radius: 40.8
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1jcnY4LXI1d3EtZ3Yyd84AA1bg
webui-aria2 Path Traversal vulnerability
Ecosystems: npm
Packages: webui-aria2
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 9 months ago
High
GSA_kwCzR0hTQS04M2cyLThtOTMtdjN3N84AAom0
golang.org/x/net/html Infinite Loop vulnerability
Ecosystems: go
Packages: golang.org/x/net
Source: GitHub Advisory Database
Blast Radius: 40.8
Published: almost 2 years ago
High
GSA_kwCzR0hTQS03Z3J4LWY5NDUtbWo5Ns4AA7cr
Uptime Kuma vulnerable to authenticated remote code execution via malicious plugin installation
Ecosystems: npm
Packages: uptime-kuma
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 days ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTRnNTMtdnA3cS1nZmp2
constructEvent does not verify header
Ecosystems: npm
Packages: @worker-tools/stripe-webhook
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 3 years ago
High
GSA_kwCzR0hTQS1mbTVjLTJyd2MtODg3d83t7A
Cloud Foundry UAA reset password vulnerable to brute force attack
Ecosystems: maven
Packages: org.cloudfoundry.identity:cloudfoundry-identity-server
Source: GitHub Advisory Database
Blast Radius: 9.5
Published: almost 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXAzM20tN3c3Zi1nbWo4
Uncontrolled Resource Consumption in fun-map
Ecosystems: npm
Packages: fun-map
Source: GitHub Advisory Database
Blast Radius: 13.1
Published: over 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXc1Y3ItZnJwaC1odzdm
Use of uninitialized buffer in rkyv
Ecosystems: cargo
Packages: rkyv
Source: GitHub Advisory Database
Blast Radius: 26.2
Published: over 2 years ago
High
GSA_kwCzR0hTQS1yeG1qLWhnOXYtdnAzcM4AAzw-
Uncontrolled Resource Consumption in LengthPrefixedMessageReader
Ecosystems: swift
Packages: github.com/grpc/grpc-swift
Source: GitHub Advisory Database
Blast Radius: 13.3
Published: 11 months ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZyYzctNmc4dy1qaDU2
Improper Input Validation in xdLocalStorage
Ecosystems: npm
Packages: xdLocalStorage
Source: GitHub Advisory Database
Blast Radius: 5.0
Published: over 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXFtZngtNzVmZi04bXc2
Listing of upload directory contents possible
Ecosystems: go
Packages: github.com/ThomasLeister/prosody-filer
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXBtZnItNjNjMi1qcjVj
Execution Control List (ECL) Is Insecure in Singularity
Ecosystems: go
Packages: github.com/sylabs/singularity
Source: GitHub Advisory Database
Blast Radius: 6.8
Published: over 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW00angtNjUyNi12dmht
Denial of service in github.com/nats-io/nats-server/server
Ecosystems: go
Packages: github.com/nats-io/nats-server/v2, github.com/nats-io/nats-server
Source: GitHub Advisory Database
Blast Radius: 33.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS01djRtLWM3M3YtYzdncc06ng
Arbitrary Code Execution in Cookie Serialization
Ecosystems: hex
Packages: plug
Source: GitHub Advisory Database
Blast Radius: 33.9
Published: about 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTkzcDUtOGZxdy13angz
Authentication bypass by capture-replay in github.com/cosmos/ethermint
Ecosystems: go
Packages: github.com/cosmos/ethermint
Source: GitHub Advisory Database
Blast Radius: 6.3
Published: about 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXh4OGMtbTc0OC14cjRq
Access Restriction Bypass in kubernetes
Ecosystems: go
Packages: github.com/kubernetes/kubernetes
Source: GitHub Advisory Database
Blast Radius: 9.1
Published: about 2 years ago
High
GSA_kwCzR0hTQS1wNWdjLTk1N3gtZ2Z3Oc4AAWV1
Go Ethereum LES protocol implementation vulnerable to Denial of Service
Ecosystems: go
Packages: github.com/ethereum/go-ethereum
Source: GitHub Advisory Database
Blast Radius: 28.8
Published: almost 2 years ago
High
GSA_kwCzR0hTQS01ZzM5LXBwd2ctNnh4OM4AAyJ9
Go-huge-util vulnerable to path traversal when unzipping files
Ecosystems: go
Packages: github.com/dablelv/go-huge-util
Source: GitHub Advisory Database
Blast Radius: 6.8
Published: about 1 year ago
High
GSA_kwCzR0hTQS05anZ4LXA2bXEtZnc0ds4AA2Ij
pretix allows Pillow to parse EPS files
Ecosystems: pypi
Packages: pretix
Source: GitHub Advisory Database
Blast Radius: 7.0
Published: 7 months ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWMzeG0tcHZnNy1naDdy
mount destinations can be swapped via symlink-exchange to cause mounts outside the rootfs
Ecosystems: go
Packages: github.com/opencontainers/runc
Source: GitHub Advisory Database
Blast Radius: 33.7
Published: almost 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTdxNWctZ3BoMi00cmM2
Upload of file to arbitrary path in Apache Flink
Ecosystems: maven
Packages: org.apache.flink:flink-runtime
Source: GitHub Advisory Database
Blast Radius: 19.6
Published: about 2 years ago
High
GSA_kwCzR0hTQS04Zm04LTczNjUtNXJoMs4AAVEJ
Mercurial vulnerable to arbitrary code execution via a crafted name when converting a Git repository
Ecosystems: pypi
Packages: mercurial
Source: GitHub Advisory Database
Blast Radius: 28.6
Published: almost 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXdxZzctdnJqNy12ODJo
Mosca REDoS Vulnerability
Ecosystems: npm
Packages: mosca
Source: GitHub Advisory Database
Blast Radius: 21.8
Published: over 5 years ago
High
GSA_kwCzR0hTQS05dmpmLWpqY3EtM2doN84AAVEY
Mercurial arbitrary code execution vulnerability
Ecosystems: pypi
Packages: mercurial
Source: GitHub Advisory Database
Blast Radius: 28.6
Published: almost 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLThyZjUtOTJqaC0zdmM5
Uncaught Exception leading to Denial of Service in json-sanitizer
Ecosystems: maven
Packages: com.mikesamuel:json-sanitizer
Source: GitHub Advisory Database
Blast Radius: 14.9
Published: almost 3 years ago
High
GSA_kwCzR0hTQS1wd2gyLWZwZnIteDVnZs4AA6Rp
phpMyFAQ's File Upload Bypass at Category Image Leads to RCE
Ecosystems: packagist
Packages: phpmyfaq/phpmyfaq
Source: GitHub Advisory Database
Blast Radius: 4.3
Published: about 1 month ago
High
GSA_kwCzR0hTQS0zdzR2LXFmcWMtMzQzM84AAQCE
ChakraCore RCE Vulnerability
Ecosystems: nuget
Packages: Microsoft.ChakraCore
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
High
GSA_kwCzR0hTQS0zOTk5LTVmZnYtd3Aycs4AA7eJ
Yamux Memory Exhaustion Vulnerability via Active::pending_frames property
Ecosystems: cargo
Packages: yamux
Source: GitHub Advisory Database
Blast Radius: 24.4
Published: 2 days ago
High
GSA_kwCzR0hTQS1nd2M5LTM0OHgtcXd2Ms03ng
Use after free in Wasmtime
Ecosystems: cargo
Packages: wasmtime
Source: GitHub Advisory Database
Blast Radius: 27.5
Published: about 2 years ago
High
GSA_kwCzR0hTQS1xZ3h4LTR4djUtNmhjd84AA6Rk
phpMyFAQ SQL Injection at "Save News"
Ecosystems: packagist
Packages: phpmyfaq/phpmyfaq
Source: GitHub Advisory Database
Blast Radius: 5.3
Published: about 1 month ago
High
GSA_kwCzR0hTQS1qcnFtLXY4Y3YtNTN3d83vAg
Matrix Synapse Predictable Secret Key
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 10.6
Published: almost 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWNwNjctOHczdy02aDlj
Path Traversal
Ecosystems: maven
Packages: org.keycloak:keycloak-parent
Source: GitHub Advisory Database
Blast Radius: 12.1
Published: about 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTd3OGotODV3bS02eGZx
Prototype Pollution in jquery-bbq
Ecosystems: npm
Packages: jquery-bbq
Source: GitHub Advisory Database
Blast Radius: 10.3
Published: almost 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXE3NWctMjQ5Ni1teHBw
Regular Expression Denial of Service in parsejson
Ecosystems: npm
Packages: parsejson
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 6 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWcycXgtNmdody02N2ht
Denial of Service in Gitea
Ecosystems: go
Packages: github.com/go-gitea/gitea
Source: GitHub Advisory Database
Blast Radius: 12.1
Published: about 2 years ago
High
GSA_kwCzR0hTQS00OWN3LTQzNGgtcWM1N84AAbaL
Mercurial vulnerable to arbitrary code execution when converting Git repos
Ecosystems: pypi
Packages: mercurial
Source: GitHub Advisory Database
Blast Radius: 28.6
Published: almost 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXI5dm0tcmhtZi03aHh4
OS Command Injection in im-resize
Ecosystems: npm
Packages: im-resize
Source: GitHub Advisory Database
Blast Radius: 14.6
Published: about 3 years ago
High
GSA_kwCzR0hTQS05eHY0LXIyaGYtMjZnaM4AAQWN
Mercurial Improper Input Validation vulnerability
Ecosystems: pypi
Packages: mercurial
Source: GitHub Advisory Database
Blast Radius: 24.4
Published: almost 2 years ago
High
GSA_kwCzR0hTQS12OHdtLWc5ZjIteGp2NM4AASqT
Matrix Synapse Security Filtering Flaw
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 10.6
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1odnI5LXdyOXAtZ3Jncs4AATfn
Mercurial missing symlink check
Ecosystems: pypi
Packages: mercurial
Source: GitHub Advisory Database
Blast Radius: 24.4
Published: almost 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWdoODctNmpyMy04cTQ3
Null pointer deference in cache
Ecosystems: cargo
Packages: cache
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWN4NGotZnhyNy1qeGc4
Double free in glsl-layout
Ecosystems: cargo
Packages: glsl-layout
Source: GitHub Advisory Database
Blast Radius: 16.2
Published: over 2 years ago
High
GSA_kwCzR0hTQS1qd3JjLTN2M2YtNWNxNc4AA6Ph
PaddlePaddle allows arbitrary file read via paddle.vision.ops.read_file
Ecosystems: pypi
Packages: paddlepaddle
Source: GitHub Advisory Database
Blast Radius: 27.4
Published: about 1 month ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW1ocHAtODc1dy05Y3B2
Denial of Service in jquery
Ecosystems: rubygems, maven, nuget, npm
Packages: jquery-rails, org.webjars.npm:jquery, jQuery, jquery
Source: GitHub Advisory Database
Blast Radius: 129.0
Published: over 6 years ago
High
GSA_kwCzR0hTQS1xNHhyLXJjOTctbTR4eM0f2w
OS Command Injection in celery
Ecosystems: pypi
Packages: celery
Source: GitHub Advisory Database
Blast Radius: 34.5
Published: over 2 years ago
High
GSA_kwCzR0hTQS14bWMzLTltOWotdzl4NM4AAwnY
cocagne pysrp vulnerable to side channel leaks
Ecosystems: pypi
Packages: srp
Source: GitHub Advisory Database
Blast Radius: 11.1
Published: over 1 year ago
High
GSA_kwCzR0hTQS00cTZwLXI2djItanZjNc4AA2HC
Chaijs/get-func-name vulnerable to ReDoS
Ecosystems: npm
Packages: get-func-name
Source: GitHub Advisory Database
Blast Radius: 41.3
Published: 7 months ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTg5N20tcmpmNS1qcDM5
Prototype Pollution in copy-props
Ecosystems: npm
Packages: copy-props
Source: GitHub Advisory Database
Blast Radius: 38.3
Published: over 2 years ago
High
GSA_kwCzR0hTQS04NzR2LXBqNzItOTJmM84AA6ay
Podman affected by CVE-2024-1753 container escape at build time
Ecosystems: go
Packages: github.com/containers/podman/v5, github.com/containers/podman/v4
Source: GitHub Advisory Database
Blast Radius: 16.4
Published: about 1 month ago
High
GSA_kwCzR0hTQS02OTQ0LTZwbXYtNm1wMs4AA3M9
free5gc Buffer Overflow vulnerability
Ecosystems: go
Packages: github.com/free5gc/free5gc
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 6 months ago
High
GSA_kwCzR0hTQS1jaG04LXdwM2gtZjRtM84AAgeC
Jenkins jira-ext Plugin stores credentials unencrypted
Ecosystems: maven
Packages: org.jenkins-ci.plugins:jira-ext
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
High
GSA_kwCzR0hTQS04Njh4LXJnNGMtY2pxZ80hDQ
Allocation of Resources Without Limits or Throttling in Apache Avro
Ecosystems: nuget
Packages: Apache.Avro
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
High
GSA_kwCzR0hTQS1xeDcyLXE2dzMtcWdjN84AAnsJ
SaltStack Salt Improper SSL Certificate Validation
Ecosystems: pypi
Packages: salt
Source: GitHub Advisory Database
Blast Radius: 19.5
Published: almost 2 years ago
High
GSA_kwCzR0hTQS0yZnI3LWNjN3AtcDQ1cc4AA3k6
Data leak of password hash through change requests
Ecosystems: maven
Packages: org.xwiki.contrib.changerequest:application-changerequest-default
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 5 months ago
High
GSA_kwCzR0hTQS1nNHY2LTY5cDYtcTNwNM4AA6RT
WiX Burn-based bundles are vulnerable to binary hijack when run as SYSTEM
Ecosystems: nuget
Packages: PanelSwWix4.Sdk
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 month ago
High
GSA_kwCzR0hTQS04ODg5LTlnM2YtNzNyas4AAitK
Pimcore Discloses Usernames In Use
Ecosystems: packagist
Packages: pimcore/pimcore
Source: GitHub Advisory Database
Blast Radius: 18.7
Published: almost 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTUzcjQtaDI3Zy1yZzN4
Out-of-bounds write
Ecosystems: nuget
Packages: Microsoft.ChakraCore
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 3 years ago
High
GSA_kwCzR0hTQS13cTg4LWZxNHgtaDJwbc4AA6RS
WiX Burn-based bundles are vulnerable to binary hijack when run as SYSTEM
Ecosystems: nuget
Packages: PanelSW.Custom.WiX
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 month ago
High
GSA_kwCzR0hTQS05d3I5LWZ3OXYtOGZncs4AAilo
Magento 2 Community Edition RCE Vulnerability
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 7.8
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1yZm0yLWY5NGotcWhqcM4AA7Om
OpenStack Storlets arbitrary code execution vulnerability
Ecosystems: pypi
Packages: storlets
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: 11 days ago
High
GSA_kwCzR0hTQS0yZ3J3LW1jOXItODIycs4AA6Rn
phpMyFAQ SQL injections at insertentry & saveentry
Ecosystems: packagist
Packages: phpmyfaq/phpmyfaq
Source: GitHub Advisory Database
Blast Radius: 5.3
Published: about 1 month ago
High
GSA_kwCzR0hTQS04Mzh4LXBjdngtNnA1d84AAyW0
Snappier vulnerable to buffer overrun due to improper restriction of operations within the bounds of a memory buffer
Ecosystems: nuget
Packages: Snappier
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
High
GSA_kwCzR0hTQS1obWp2LXB4M2otOTMzY84AAieL
Unrestricted Upload of File with Dangerous Type in Sonatype Nexus Repository Manager
Ecosystems: maven
Packages: org.sonatype.nexus:nexus-repository
Source: GitHub Advisory Database
Blast Radius: 12.6
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1xM2NjLXJyMmMtODdyNs3uxA
Hex authenticity of signed packages not validated
Ecosystems: hex
Packages: hex_core
Source: GitHub Advisory Database
Blast Radius: 11.3
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1nbXBtLXhwNDMtZjdnNs4AAl2T
Signed to Unsigned Conversion Error in Facebook Hermes
Ecosystems: npm
Packages: hermes-engine
Source: GitHub Advisory Database
Blast Radius: 43.2
Published: almost 2 years ago
High
GSA_kwCzR0hTQS0ydzczLWZxcWotYzkycM4AAkcx
Improper Input Validation in Undertow
Ecosystems: maven
Packages: io.undertow:undertow-core
Source: GitHub Advisory Database
Blast Radius: 30.1
Published: almost 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWpnd3ItM3FtMy0yNmYz
Potential remote code execution in Apache Tomcat
Ecosystems: maven
Packages: org.apache.tomcat.embed:tomcat-embed-core
Source: GitHub Advisory Database
Blast Radius: 29.1
Published: about 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXI2N20tbThjNy1qcDgz
Cachet vulnerable to forced reinstall
Ecosystems: packagist
Packages: cachethq/cachet
Source: GitHub Advisory Database
Blast Radius: 7.4
Published: over 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWYzOHAtYzJncS00cG1y
Regular Expression Denial-of-Service in npm schema-inspector
Ecosystems: npm
Packages: schema-inspector
Source: GitHub Advisory Database
Blast Radius: 23.2
Published: about 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZtZjUtOTI0Zi0yNWYy
Out-of-bounds write
Ecosystems: nuget
Packages: Microsoft.ChakraCore
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXc4OXItcWNoNC04anY1
Out-of-bounds write
Ecosystems: nuget
Packages: Microsoft.ChakraCore
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 3 years ago
Statistics
Advisories: 18,361
Packages: 8,293
Repositories: 5,016
Ecosystems: 12
Filter by Severity
Moderate 7,925 High 6,355 Critical 2,807 Low 985
Filter by Ecosystem
maven 5,531 packagist 3,802 pypi 3,711 npm 3,543 go 1,895 nuget 1,390 rubygems 814 cargo 777 swift 31 hex 30 actions 16 pub 8
Filter by Package
tensorflow 432 tensorflow-cpu 387 tensorflow-gpu 384 moodle/moodle 322 Microsoft.ChakraCore 247 org.jenkins-ci.main:jenkins-core 189 magento/community-edition 182 org.apache.tomcat:tomcat 134 pimcore/pimcore 116 dolibarr/dolibarr 105 typo3/cms 102 phpmyadmin/phpmyadmin 91 microweber/microweber 91 django 80 apache-airflow 78 drupal/core 76 typo3/cms-core 73 thorsten/phpmyfaq 70 com.fasterxml.jackson.core:jackson-databind 69 ansible 63 drupal/drupal 61 github.com/usememos/memos 59 actionpack 57 org.apache.struts:struts2-core 55 librenms/librenms 54 symfony/symfony 53 concrete5/concrete5 52 salt 50 shopware/platform 48 apache-superset 48 org.keycloak:keycloak-core 47 com.liferay.portal:release.portal.bom 45 Plone 45 baserproject/basercms 43 plone 43 rdiffweb 42 nokogiri 42 Pillow 41 craftcms/cms 40 showdoc/showdoc 40 intelliants/subrion 40 github.com/mattermost/mattermost/server/v8 38 vyper 38 nilsteampassnet/teampass 37 org.apache.tomcat.embed:tomcat-embed-core 37 github.com/mattermost/mattermost-server/v6 37 com.jfinal:jfinal 36 froxlor/froxlor 36 com.thoughtworks.xstream:xstream 36 shopware/core 36 matrix-synapse 35 net.mingsoft:ms-mcms 35 org.xwiki.platform:xwiki-platform-oldcore 34 github.com/answerdev/answer 34 snipe/snipe-it 32 silverstripe/framework 32 k8s.io/kubernetes 32 org.jenkins-ci.plugins:script-security 32 org.elasticsearch:elasticsearch 32 mlflow 31 opencv-python 30 opencv-contrib-python 30 mautic/core 29 parse-server 29 github.com/argoproj/argo-cd 29 github.com/grafana/grafana 28 github.com/hashicorp/vault 28 github.com/rancher/rancher 28 shopware/shopware 27 org.keycloak:keycloak-services 27 io.undertow:undertow-core 27 Django 27 centreon/centreon 27 getgrav/grav 27 github.com/hashicorp/consul 26 openssl-src 26 electron 26 github.com/hashicorp/nomad 26 rubygems-update 25 org.keycloak:keycloak-parent 25 org.apache.solr:solr-core 25 prestashop/prestashop 24 gogs.io/gogs 24 magento/core 24 org.eclipse.jetty:jetty-server 23 moin 23 github.com/argoproj/argo-cd/v2 23 puppet 23 pocketmine/pocketmine-mp 23 org.springframework.security:spring-security-core 23 remdex/livehelperchat 23 ckb 22 org.apache.nifi:nifi 22 getkirby/cms 22 grumpydictator/firefly-iii 22 rack 22 contao/core-bundle 21 org.apache.openmeetings:openmeetings-parent 21 activerecord 21 @openzeppelin/contracts-upgradeable 21 org.cloudfoundry.identity:cloudfoundry-identity-server 20 @openzeppelin/contracts 20 github.com/cilium/cilium 20 org.springframework:spring-core 19 code.gitea.io/gitea 19 github.com/docker/docker 19 github.com/ethereum/go-ethereum 19 org.bouncycastle:bcprov-jdk14 19 DotNetNuke.Core 19 com.vaadin:vaadin-bom 18 contao/contao 18 helm.sh/helm/v3 18 langchain 18 forkcms/forkcms 18 com.liferay.portal:release.dxp.bom 18 tribalsystems/zenario 18 cockpit-hq/cockpit 17 golang.org/x/net 17 org.apache.geode:geode-core 17 org.xwiki.platform:xwiki-platform-web-templates 17 simplesamlphp/simplesamlphp 17 francoisjacquet/rosariosis 17 mercurial 17 genix/cms 17 symfony/security 17 Microsoft.AspNetCore.App.Runtime.win-x86 17 Microsoft.AspNetCore.App.Runtime.win-x64 17 cakephp/cakephp 17 PaddlePaddle 17 cobbler 17 sequelize 16 pillow 16 org.apache.activemq:activemq-client 16 org.bouncycastle:bcprov-jdk15 16 Microsoft.AspNetCore.App.Runtime.win-arm 16 org.apache.dubbo:dubbo 16 yetiforce/yetiforce-crm 16 directus 16 wasmtime 16 rusqlite 16 Microsoft.AspNetCore.App.Runtime.linux-arm64 15 Microsoft.AspNetCore.App.Runtime.linux-arm 15 nova 15 topthink/framework 15 org.apache.struts.xwork:xwork-core 15 Microsoft.AspNetCore.App.Runtime.linux-musl-x64 15 cryptography 15 org.apache.jspwiki:jspwiki-main 15 openmage/magento-lts 15 Microsoft.AspNetCore.App.Runtime.osx-x64 15 Microsoft.AspNetCore.App.Runtime.linux-x64 15 paddlepaddle 15 github.com/goharbor/harbor 15 notebook 15 ezsystems/ezpublish-kernel 14 smarty/smarty 14 symfony/security-http 14 pyftpdlib 14 gradio 14 zendframework/zendframework1 14 swagger-ui 14 phpmailer/phpmailer 14 modoboa 14 keystone 14 Microsoft.AspNetCore.App.Runtime.win-arm64 14 Microsoft.AspNetCore.App.Runtime.linux-musl-arm64 14 org.xwiki.platform:xwiki-platform-web 14 publify_core 14 typo3/cms-backend 14 ec-cube/ec-cube 14 pyload-ng 14 activesupport 14 ghost 14 tinymce 14 github.com/containerd/containerd 13 github.com/traefik/traefik/v2 13 github.com/mattermost/mattermost-server 13 strapi 13 elefant/cms 13 github.com/nats-io/nats-server/v2 13 org.apache.cxf:cxf 13 passenger 13 october/system 13 joplin 13 org.apache.hadoop:hadoop-main 13 neutron 13 lavalite/cms 13 codeigniter4/framework 13 ckeditor4 13 next 13 bolt/bolt 13 org.apache.inlong:manager-pojo 13 impresscms/impresscms 13 vantage6 12 undici 12 studio-42/elfinder 12 vm2 12 org.jenkins-ci.plugins:git 12 org.apache.dolphinscheduler:dolphinscheduler 12 dompdf/dompdf 12
Filter by Repository
https://github.com/tensorflow/tensorflow 432 https://github.com/chakra-core/ChakraCore 214 https://github.com/moodle/moodle 210 https://github.com/xwiki/xwiki-platform 172 https://github.com/jenkinsci/jenkins 148 https://github.com/pimcore/pimcore 111 https://github.com/apache/tomcat 96 https://github.com/apache/airflow 90 https://github.com/microweber/microweber 85 https://github.com/django/django 74 https://github.com/FasterXML/jackson-databind 70 https://github.com/thorsten/phpmyfaq 69 https://github.com/keycloak/keycloak 59 https://github.com/usememos/memos 59 https://github.com/Dolibarr/dolibarr 54 https://github.com/rails/rails 53 https://github.com/ansible/ansible 53 https://github.com/python-pillow/Pillow 52 https://github.com/kubernetes/kubernetes 48 https://github.com/symfony/symfony 47 https://github.com/librenms/librenms 46 https://github.com/apache/struts 46 https://github.com/shopware/platform 43 https://github.com/TYPO3/typo3 42 https://github.com/ikus060/rdiffweb 42 https://github.com/spring-projects/spring-framework 41 https://github.com/vyperlang/vyper 38 https://github.com/star7th/showdoc 38 https://github.com/phpmyadmin/phpmyadmin 38 https://github.com/plone/Products.CMFPlone 37 https://github.com/argoproj/argo-cd 37 https://github.com/x-stream/xstream 36 https://github.com/concretecms/concretecms 34 https://github.com/answerdev/answer 34 https://github.com/octobercms/october 33 https://github.com/apache/activemq 33 https://github.com/matrix-org/synapse 32 https://github.com/saltstack/salt 32 https://github.com/sparklemotion/nokogiri 31 https://github.com/magento/magento2 31 https://github.com/PaddlePaddle/Paddle 31 https://github.com/go-gitea/gitea 31 https://github.com/parse-community/parse-server 29 https://github.com/craftcms/cms 29 https://github.com/CVEProject/cvelist 28 https://github.com/opencv/opencv 28 https://github.com/snipe/snipe-it 28 https://github.com/mautic/mautic 27 https://github.com/froxlor/froxlor 26 https://github.com/mlflow/mlflow 25 https://github.com/apache/inlong 25 https://github.com/rancher/rancher 25 https://github.com/electron/electron 25 https://github.com/TYPO3/TYPO3.CMS 24 https://github.com/shopware/shopware 24 https://github.com/pmmp/PocketMine-MP 23 https://github.com/github/advisory-database 23 https://github.com/eclipse/jetty.project 23 https://github.com/livehelperchat/livehelperchat 23 https://github.com/dotnet/runtime 23 https://github.com/getgrav/grav 23 https://github.com/contao/contao 22 https://github.com/grafana/grafana 22 https://github.com/nervosnetwork/ckb 22 https://github.com/firefly-iii/firefly-iii 22 https://github.com/baserproject/basercms 22 https://github.com/jenkinsci/script-security-plugin 21 https://github.com/apache/nifi 21 https://github.com/strapi/strapi 21 https://github.com/PrestaShop/PrestaShop 20 https://github.com/cilium/cilium 20 https://github.com/gogs/gogs 20 https://github.com/netty/netty 20 https://github.com/OpenZeppelin/openzeppelin-contracts 20 https://github.com/OpenNMS/opennms 20 https://github.com/jeecgboot/jeecg-boot 20 https://github.com/nilsteampassnet/teampass 19 https://github.com/helm/helm 19 https://github.com/hashicorp/consul 19 https://github.com/intelliants/subrion 19 https://github.com/apache/cxf 19 https://github.com/cloudfoundry/uaa 19 https://github.com/nilsteampassnet/TeamPass 18 https://github.com/getkirby/kirby 18 https://github.com/bcgit/bc-java 18 https://github.com/rubygems/rubygems 18 https://github.com/bytecodealliance/wasmtime 17 https://github.com/rack/rack 17 https://github.com/vaadin/platform 17 https://github.com/liufee/cms 17 https://github.com/yetiforcecompany/yetiforcecrm 16 https://github.com/etcd-io/etcd 16 https://github.com/umbraco/Umbraco-CMS 16 https://github.com/rusqlite/rusqlite 16 https://github.com/forkcms/forkcms 16 https://github.com/hashicorp/vault 16 https://github.com/opencast/opencast 16 https://github.com/sequelize/sequelize 16 https://github.com/apache/camel 15 https://github.com/goharbor/harbor 15 https://github.com/puppetlabs/puppet 15 https://github.com/directus/directus 15 https://github.com/geoserver/geoserver 15 https://github.com/centreon/centreon 15 https://github.com/ethereum/go-ethereum 15 https://github.com/OpenMage/magento-lts 15 https://github.com/cockpit-hq/cockpit 14 https://github.com/vantage6/vantage6 14 https://github.com/mattermost/mattermost 14 https://github.com/PHPMailer/PHPMailer 14 https://github.com/tinymce/tinymce 14 https://github.com/denoland/deno 14 https://github.com/simplesamlphp/simplesamlphp 14 https://github.com/moby/moby 14 https://github.com/pyca/cryptography 14 https://github.com/langchain-ai/langchain 14 https://github.com/cobbler/cobbler 14 https://github.com/pyload/pyload 14 https://github.com/gradio-app/gradio 13 https://github.com/swagger-api/swagger-ui 13 https://github.com/xuxueli/xxl-job 13 https://github.com/dompdf/dompdf 13 https://github.com/containerd/containerd 13 https://github.com/modoboa/modoboa 13 https://github.com/traefik/traefik 13 https://github.com/ming-soft/MCMS 13 https://github.com/hashicorp/nomad 13 https://github.com/publify/publify 13 https://github.com/quarkusio/quarkus 13 https://github.com/golang/go 13 https://github.com/silverstripe/silverstripe-framework 13 https://github.com/undertow-io/undertow 13 https://github.com/nodejs/undici 12 https://github.com/ckeditor/ckeditor4 12 https://github.com/centreon/centreon-archived 12 https://github.com/patriksimek/vm2 12 https://github.com/apache/kylin 12 https://github.com/laurent22/joplin 12 https://github.com/apache/dolphinscheduler 12 https://github.com/dromara/hutool 12 https://github.com/twisted/twisted 12 https://github.com/backstage/backstage 12 https://github.com/TryGhost/Ghost 12 https://github.com/cloudflare/cfrpki 11 https://github.com/drupal/core 11 https://github.com/igniterealtime/Openfire 11 https://github.com/onionshare/onionshare 11 https://github.com/vaadin/flow 11 https://github.com/opencontainers/runc 11 https://github.com/openstack/keystone 11 https://github.com/containers/podman 11 https://github.com/thorsten/phpMyFAQ 11 https://github.com/Studio-42/elFinder 11 https://github.com/janeczku/calibre-web 11 https://github.com/jquery/jquery 11 https://github.com/cakephp/cakephp 11 https://github.com/puma/puma 11 https://github.com/aio-libs/aiohttp 11 https://github.com/NodeBB/NodeBB 11 https://github.com/zitadel/zitadel 11 https://github.com/smarty-php/smarty 11 https://github.com/openfga/openfga 11 https://github.com/urllib3/urllib3 11 https://github.com/pimcore/admin-ui-classic-bundle 10 https://github.com/keystonejs/keystone 10 https://github.com/ezsystems/ezpublish-kernel 10 https://github.com/nextauthjs/next-auth 10 https://github.com/jupyter/notebook 10 https://github.com/dpgaspar/Flask-AppBuilder 10 https://github.com/greenpau/caddy-security 10 https://github.com/phusion/passenger 10 https://github.com/nats-io/nats-server 10 https://github.com/zopefoundation/Zope 10 https://github.com/jenkinsci/git-plugin 10 https://github.com/WWBN/AVideo 10 https://github.com/dolibarr/dolibarr 10 https://github.com/dotnet/aspnetcore 10 https://github.com/OPCFoundation/UA-.NETStandard 10 https://github.com/codeigniter4/CodeIgniter4 10 https://github.com/cosmos/cosmos-sdk 10 https://github.com/wagtail/wagtail 10 https://github.com/1Panel-dev/1Panel 10 https://github.com/semplon/GeniXCMS 9 https://github.com/top-think/framework 9 https://github.com/fatfreecrm/fat_free_crm 9 https://github.com/ethyca/fides 9 https://github.com/kevinpapst/kimai2 9 https://github.com/cri-o/cri-o 9 https://github.com/bolt/bolt 9 https://github.com/apache/lucene-solr 9 https://github.com/rails/rails-html-sanitizer 9 https://github.com/Graylog2/graylog2-server 9 https://github.com/evershopcommerce/evershop 9 https://github.com/yiisoft/yii2 9 https://github.com/DSpace/DSpace 9 https://github.com/spring-projects/spring-security 9 https://github.com/funadmin/funadmin 9 https://github.com/giampaolo/pyftpdlib 9 https://github.com/LavaLite/cms 9