Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories

Loading...
High
GSA_kwCzR0hTQS00Y3ZtLTU3NzYtang5Zs4AAU8V
Ansible Arbitrary Code Execution
Ecosystems: pypi
Packages: ansible
Source: GitHub Advisory Database
Blast Radius: 36.7
Published: almost 2 years ago
High
GSA_kwCzR0hTQS00aGpqLTlncDctNGZyZ84AAvdt
Sandbox bypass vulnerability in Jenkins Pipeline: Groovy Libraries Plugin and Pipeline: Deprecated Groovy Libraries Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins.workflow:workflow-cps-global-lib, io.jenkins.plugins:pipeline-groovy-lib
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
High
GSA_kwCzR0hTQS1nOTc1LWYyNmgtOTNnOM4AAvdR
Jenkins Pipeline: Stage View Plugin allows CSRF protection bypass of any target URL in Jenkins
Ecosystems: maven
Packages: org.jenkins-ci.plugins.pipeline-stage-view:pipeline-stage-view
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXFwZzQtNHc3dy0ybXE1
Authentication and extension bypass in Faye
Ecosystems: rubygems
Packages: faye
Source: GitHub Advisory Database
Blast Radius: 29.6
Published: about 4 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTI3eGotcnF4NS0yMjU1
jackson-databind mishandles the interaction between serialization gadgets and typing
Ecosystems: maven
Packages: com.fasterxml.jackson.core:jackson-databind
Source: GitHub Advisory Database
Blast Radius: 43.6
Published: almost 4 years ago
High
GSA_kwCzR0hTQS1tcTdoLTU1NzQtaHc5Zs4AAv_N
Cross-Site Request Forgery (CSRF) allowing to delete or rename tags
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-tag-ui
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
High
GSA_kwCzR0hTQS12NDU2LWNocHctNm1td84AAt5b
Apache Avro Rust SDK vulnerable to reader looping in cycle endlessly, consuming CPU
Ecosystems: cargo
Packages: apache-avro
Source: GitHub Advisory Database
Blast Radius: 14.1
Published: over 1 year ago
High
GSA_kwCzR0hTQS02NHI5LXg3NHEtd3htaM4AAvdW
Stored XSS vulnerability in Jenkins Pipeline: Supporting APIs Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins.workflow:workflow-support
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
High
GSA_kwCzR0hTQS1weDR4LWhqbTUtdzh4M84AAvdf
Content-Security-Policy protection for user content disabled by Jenkins XFramium Builder Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:xframium
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTI2djYtdzZmdy1yaDk0
Apache Camel can allow remote attackers to execute arbitrary commands
Ecosystems: maven
Packages: org.apache.camel:camel-ahc, org.apache.camel:camel-http4, org.apache.camel:camel-http-common, org.apache.camel:camel-http, org.apache.camel:camel-servlet, org.apache.camel:camel-jetty
Source: GitHub Advisory Database
Blast Radius: 25.6
Published: over 5 years ago
High
GSA_kwCzR0hTQS0ycHFjLWd2OHEtcHZxds4AAabd
django-cms CSRF Vulnerability
Ecosystems: pypi
Packages: django-cms
Source: GitHub Advisory Database
Blast Radius: 27.6
Published: almost 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTI2NXEtMjhycC1jaHE1
Insecure Entropy Source - Math.random() in node-uuid
Ecosystems: npm
Packages: node-uuid
Source: GitHub Advisory Database
Blast Radius: 40.4
Published: about 4 years ago
High
GSA_kwCzR0hTQS1jaGNnLWdoOXAtOTZjNc4AAv5J
Jenkins Associated Files Plugin vulnerable to cross-site scripting (XSS)
Ecosystems: maven
Packages: org.jenkins-ci.main:associated-files-plugin
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTQ5cTMtODg2Ny01d21w
Remote Command Execution in reg-keygen-git-hash-plugin
Ecosystems: npm
Packages: reg-keygen-git-hash-plugin
Source: GitHub Advisory Database
Blast Radius: 17.4
Published: almost 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTdmdngtM2pmYy0yY3Bj
Heap OOB in `ResourceScatterUpdate`
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 35.5
Published: over 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWcyZjYtdjVxaC1oMm1x
Nexus Repository Manager 3 - Remote Code Execution
Ecosystems: maven
Packages: org.sonatype.nexus:nexus-extdirect
Source: GitHub Advisory Database
Blast Radius: 9.5
Published: about 4 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWhwdjQtN3A5Yy1tdmZy
Heap buffer overflow in `FractionalAvgPoolGrad`
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 34.6
Published: over 2 years ago
High
GSA_kwCzR0hTQS12MmNoLWZjOGYtcW0zM80fpg
Use of Uninitialized Resource in bite.
Ecosystems: cargo
Packages: bite
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWg2cnAtOHY0ai1od3Bo
Apache Camel's XSLT component allows remote attackers to execute arbitrary Java methods
Ecosystems: maven
Packages: org.apache.camel:camel-core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 5 years ago
High
GSA_kwCzR0hTQS1mdjQyLW14MzktNmZwd84AAv59
Whole-script approval in Jenkins Script Security Plugin vulnerable to SHA-1 collisions
Ecosystems: maven
Packages: org.jenkins-ci.plugins:script-security
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZjNjUteGNmNS0yOTl4
Uninitialized memory use in generator
Ecosystems: cargo
Packages: generator
Source: GitHub Advisory Database
Blast Radius: 28.5
Published: over 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTc2bXAtNjU5cC1ydzY1
XWiki users registered with email verification can self re-activate their disabled accounts
Ecosystems: maven
Packages: org.xwiki.commons:xwiki-commons-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXE0N3gtNm1xcS00dzky
Gitea Improper Input Validation
Ecosystems: go
Packages: github.com/go-gitea/gitea
Source: GitHub Advisory Database
Blast Radius: 12.1
Published: about 2 years ago
High
GSA_kwCzR0hTQS1ncHFxLTU5cnAtM2Mzd84AAyVK
Apache InLong vulnerable to JDBC Deserialization of Untrusted Data
Ecosystems: maven
Packages: org.apache.inlong:inlong-manager
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
High
GSA_kwCzR0hTQS1mMmo1LXc3Nm0tM3JxaM4AAu-X
Jenkins Anchore Container Image Scanner Plugin vulnerable to cross site scripting
Ecosystems: maven
Packages: org.jenkins-ci.plugins:anchore-container-scanner
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
High
GSA_kwCzR0hTQS0yOTY5LThoaDktNTdqY80fkA
Allocation of Resources Without Limits or Throttling in ckb
Ecosystems: cargo
Packages: ckb
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
High
GSA_kwCzR0hTQS01NjR3LTk3cjctYzZwOc4AAz-c
Livebook Desktop's protocol handler can be exploited to execute arbitrary command on Windows
Ecosystems: hex
Packages: livebook
Source: GitHub Advisory Database
Blast Radius: 9.6
Published: 11 months ago
High
GSA_kwCzR0hTQS01OHByLWhwcngtN2hnNs4AApuG
RCE vulnerability in Jenkins Code Coverage API Plugin
Ecosystems: maven
Packages: io.jenkins.plugins:code-coverage-api
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
High
GSA_kwCzR0hTQS14cHZwLWg3M2MtbTlycc4AAu-W
Jenkins vulnerable to stored cross site scripting in the I:helpIcon component
Ecosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
High
GSA_kwCzR0hTQS02NG1qLTNwOTItNTg5ds4AAs7p
Cross-site Scripting in Jenkins JUnit Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:junit
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZyZjIteGdoci1qNTJ2
Private files publicly accessible with Cloud Storage providers
Ecosystems: packagist
Packages: shopware/core, shopware/platform
Source: GitHub Advisory Database
Blast Radius: 18.6
Published: almost 3 years ago
High
GSA_kwCzR0hTQS1nNDN4LXBjYzktZjQ3Ms4AAu_R
Jenkins Compuware Common Configuration Plugin vulnerable to Improper Restriction of XML External Entity Reference
Ecosystems: maven
Packages: com.compuware.jenkins:compuware-common-configuration
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
High
GSA_kwCzR0hTQS13dzZmLTc2ZmYtcGhoas4AAVcn
ChakraCore RCE Vulnerability
Ecosystems: nuget
Packages: Microsoft.ChakraCore
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
High
GSA_kwCzR0hTQS03djd3LWY3YzYtZjgyOc0cow
YetiForceCRM is vulnerable to Business Logic Errors because product amount can be a negative number
Ecosystems: packagist
Packages: yetiforce/yetiforce-crm
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXBqcGotZjZyOC01NnJt
High severity vulnerability that affects Microsoft.ChakraCore
Ecosystems: nuget
Packages: Microsoft.ChakraCore
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 5 years ago
High
GSA_kwCzR0hTQS1tcTN4LXFnd3gtM3Jmd84AAzSk
Embedding untrusted input inside CSV files leads to Formula Injection/CSV Injection
Ecosystems: packagist
Packages: pimcore/customer-management-framework-bundle
Source: GitHub Advisory Database
Blast Radius: 8.9
Published: 12 months ago
High
GSA_kwCzR0hTQS0zdzZwLThmODItZ3c4cs0c1Q
Using JMSAppender in log4j configuration may lead to deserialization of untrusted data
Ecosystems: maven
Packages: ru.yandex.clickhouse:clickhouse-jdbc-bridge
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
High
GSA_kwCzR0hTQS12anh2LTQ1ZzktOTI5Ns4AAt51
cosign's `cosign verify-attestaton --type` can report a false positive if any attestation exists
Ecosystems: go
Packages: github.com/sigstore/cosign
Source: GitHub Advisory Database
Blast Radius: 20.0
Published: over 1 year ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXA5NHctNDJnMy1mN2g0
Holder can (re)create authentic credentials after receiving a credential in vp-toolkit
Ecosystems: npm
Packages: vp-toolkit
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 4 years ago
High
GSA_kwCzR0hTQS14d2YyLTUzbWMtcjhoeM4AATl-
phpMyAdmin CSRF Vulnerability
Ecosystems: packagist
Packages: phpmyadmin/phpmyadmin
Source: GitHub Advisory Database
Blast Radius: 10.3
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1tNHZ4LWNjcmYtdzM5Oc4AAuxl
NLnet Labs Routinator has Reachable Assertion vulnerability
Ecosystems: cargo
Packages: routinator
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
High
GSA_kwCzR0hTQS0yanYzLXYzN3AtNjV3M84AAuwx
CrafterCMS Crafter Studio Improperly Controls Dynamically-Managed Code Resources
Ecosystems: maven
Packages: org.craftercms:crafter-studio
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTVxODgtY2pmcS1nMm1o
codecov NPM module allows remote attackers to execute arbitrary commands
Ecosystems: npm
Packages: codecov
Source: GitHub Advisory Database
Blast Radius: 45.2
Published: about 4 years ago
High
GSA_kwCzR0hTQS1tYzk3LTk5ajQtdm0yds4AA2MF
Soft Serve Public Key Authentication Bypass Vulnerability when Keyboard-Interactive SSH Authentication is Enabled
Ecosystems: go
Packages: github.com/charmbracelet/soft-serve
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 7 months ago
High
GSA_kwCzR0hTQS1nNnBoLXg1d2YtZzMzN84AA2Cg
plexus-codehaus vulnerable to directory traversal
Ecosystems: maven
Packages: org.codehaus.plexus:plexus-utils
Source: GitHub Advisory Database
Blast Radius: 31.0
Published: 7 months ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW14aHAtNzlxaC1tY3g2
TaffyDB can allow access to any data items in the DB
Ecosystems: npm
Packages: taffydb, taffy
Source: GitHub Advisory Database
Blast Radius: 35.1
Published: about 4 years ago
High
GSA_kwCzR0hTQS02eGM0LTdmbW0tNjVxMs4AAs-a
Code injection in concrete CMS
Ecosystems: packagist
Packages: concrete5/core
Source: GitHub Advisory Database
Blast Radius: 14.2
Published: almost 2 years ago
High
GSA_kwCzR0hTQS12N2NtLXc5NTUtcGo2Z84AAUEN
Improper Input Validation Apache Commons Email
Ecosystems: maven
Packages: org.apache.commons:commons-email
Source: GitHub Advisory Database
Blast Radius: 30.0
Published: almost 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJyZmotMm13cC03ODd2
Out-of-bounds write
Ecosystems: nuget
Packages: Microsoft.ChakraCore
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 3 years ago
High
GSA_kwCzR0hTQS1jM21wLTl2eDMtMnJ2ds4AAnm4
OpenNMS Horizon RCE via JEXL2 expression
Ecosystems: maven
Packages: org.opennms:opennms-util, org.opennms:opennms-provision, org.opennms.features:org.opennms.features.measurements, org.opennms:opennms
Source: GitHub Advisory Database
Blast Radius: 11.8
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1tdzRyLTVtZmMtbTV2Y84AAgZQ
Cross site scripting in Jenkins Selection tasks Plugin
Ecosystems: maven
Packages: org.jvnet.hudson.plugins:selection-tasks-plugin
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
High
GSA_kwCzR0hTQS00aHBqLThyaHYtOXg4N84AA0OV
Products.CMFCore unauthenticated denial of service and crash via unchecked use of input with Python's marshal module
Ecosystems: pypi
Packages: Products.CMFCore
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 10 months ago
High
GSA_kwCzR0hTQS14djZ4LTQzZ3EtNGhmas3KKQ
PyGreSQL Might Be Vulnerable to Encoding-Based SQL Injection
Ecosystems: pypi
Packages: PyGreSQL
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS1qNjN4LWY2NTctMm05Z84AA1Ba
Answer has Weak Password Requirements
Ecosystems: go
Packages: github.com/answerdev/answer
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 9 months ago
High
GSA_kwCzR0hTQS14NWptLXJqMzctNXFoN83maA
Sandbox Bypass in Script Security Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:script-security
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1jZnZ3LTg0dnEtNDNteM4AAlX_
Stored XSS vulnerability in Jenkins Deployer Framework Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:deployer-framework
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1tNXY4LXdwdzQtcmozeM4AAwd9
abacus-ext-cmdline vulnerable to Command Injection
Ecosystems: npm
Packages: abacus-ext-cmdline
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTI0d2YtN3ZmMi1wdjU5
XXE vulnerability on Launch import with externally-defined DTD file
Ecosystems: maven
Packages: com.epam.reportportal:service-api
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: almost 3 years ago
High
GSA_kwCzR0hTQS05Zzh3LXBqcHItcHJyNM4AARcn
Path Traversal in io.hawt:project
Ecosystems: maven
Packages: io.hawt:project
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: almost 2 years ago
High
GSA_kwCzR0hTQS04NWh3LXc0MzYtYzcyNc4AAU6Q
XML External Entity Reference in Apache Cayenne
Ecosystems: maven
Packages: org.apache.cayenne:cayenne-parent
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1jODY2LThncHctcDNtds4AA5K1
HashiCorp Nomad vulnerable to symlink attacks
Ecosystems: go
Packages: github.com/hashicorp/nomad
Source: GitHub Advisory Database
Blast Radius: 17.8
Published: 3 months ago
High
GSA_kwCzR0hTQS1qNDR2LW1tZjIteHZtOc4AA2mh
PDM Trojan Lockfile
Ecosystems: pypi
Packages: pdm
Source: GitHub Advisory Database
Blast Radius: 11.4
Published: 7 months ago
High
GSA_kwCzR0hTQS13cjhoLXc5NjktMzZtOM4AAxwt
GoPistolet vulnerable to Improper Resource Shutdown or Release
Ecosystems: go
Packages: github.com/gopistolet/gopistolet
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: about 1 year ago
High
GSA_kwCzR0hTQS0yOHg5LWhjNHAtOXZoMs4AAl8c
Stored XSS vulnerability in android-lint Plugin
Ecosystems: maven
Packages: org.jvnet.hudson.plugins:android-lint
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTNwd2gtNW1tYy1td3J4
Denial of Service in nes
Ecosystems: npm
Packages: nes
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 6 years ago
High
GSA_kwCzR0hTQS0zYzVjLXhycTQtcWhyOM4AATQ2
ClassLoader manipulation in Apache Struts
Ecosystems: maven
Packages: org.apache.struts:struts2-core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZ4aGYteDQ5Yy1tNW02
Github Token Leak in aegir
Ecosystems: npm
Packages: aegir
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 6 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTVyY3ItcTNyeC1qN3Zy
Out-of-bounds write
Ecosystems: nuget
Packages: Microsoft.ChakraCore
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 3 years ago
High
GSA_kwCzR0hTQS04NzZwLTgyNTkteGpnZ84AA1LS
libp2p nodes vulnerable to attack using large RSA keys
Ecosystems: go
Packages: github.com/libp2p/go-libp2p
Source: GitHub Advisory Database
Blast Radius: 25.5
Published: 9 months ago
High
GSA_kwCzR0hTQS1odmNyLTkyN3ctcWN2cc4AAvdF
Stored XSS vulnerability in Jenkins Contrast Continuous Application Security Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:contrast-continuous-application-security
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
High
GSA_kwCzR0hTQS1ycjY5LXJ4cjYtOHF3Zs4AA5MJ
serde-json-wasm stack overflow during recursive JSON parsing
Ecosystems: cargo
Packages: serde-json-wasm
Source: GitHub Advisory Database
Blast Radius: 22.5
Published: 3 months ago
High
GSA_kwCzR0hTQS1nN3dtLTIybTYtNTc3NM4AAUex
Asset Pipeline plugin for Grails vulnerable to Path Traversal
Ecosystems: maven
Packages: org.grails.plugins:asset-pipeline
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
High
GSA_kwCzR0hTQS02cGN2LXFxeDQtbXhtM84AARRw
Minikube RCE via DNS Rebinding
Ecosystems: go
Packages: k8s.io/minikube
Source: GitHub Advisory Database
Blast Radius: 5.3
Published: almost 2 years ago
High
GSA_kwCzR0hTQS03MmdtLXBwNnEtZ3B4Nc4AAX4k
ChakraCore RCE Vulnerability
Ecosystems: nuget
Packages: Microsoft.ChakraCore
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1jY3c5LXE1aDItOGMyd84AAzZQ
swift-nio-http2 vulnerable to denial of service via invalid HTTP/2 HEADERS frame length
Ecosystems: swift
Packages: github.com/apple/swift-nio-http2
Source: GitHub Advisory Database
Blast Radius: 20.8
Published: 12 months ago
High
GSA_kwCzR0hTQS0zNjltLTJndjYtbXcyOM4AAU7q
WEBrick RCE Vulnerability
Ecosystems: rubygems
Packages: webrick
Source: GitHub Advisory Database
Blast Radius: 41.1
Published: almost 2 years ago
High
GSA_kwCzR0hTQS14ajdxLXE5NGMtNndyM84AAYO2
Apache James Privilege Escalation
Ecosystems: maven
Packages: org.apache.james:james-project
Source: GitHub Advisory Database
Blast Radius: 5.5
Published: almost 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW0ydzktcm01OC1taG05
Downloads Resources over HTTP in node-thulac
Ecosystems: npm
Packages: node-thulac
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 5 years ago
High
GSA_kwCzR0hTQS1xY3Z3LTgyaGgtZ3EzOM4AAhr9
Istio ReDoS Vulnerability
Ecosystems: go
Packages: istio.io/istio
Source: GitHub Advisory Database
Blast Radius: 16.3
Published: almost 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJoNHAtZzd4Ni04cHFn
Out-of-bounds write
Ecosystems: nuget
Packages: Microsoft.ChakraCore
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 3 years ago
High
GSA_kwCzR0hTQS12cmg3LXg2NHYtN3Z4cc4AAxfo
openssl-src contains `NULL` dereference during PKCS7 data verification
Ecosystems: cargo
Packages: openssl-src
Source: GitHub Advisory Database
Blast Radius: 26.7
Published: about 1 year ago
High
GSA_kwCzR0hTQS1qcHFyLXZoNTUteHF4Zs2Vcw
Apache Tomcat Buffer Over-Read
Ecosystems: maven
Packages: org.apache.tomcat:tomcat
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTY0OTUtOGp2aC1mMjh4
File restriction bypass in socket.io-file
Ecosystems: npm
Packages: socket.io-file
Source: GitHub Advisory Database
Blast Radius: 14.6
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXhtcTctN2Z4bS1ycjc5
Denial of Service in Tensorflow
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 36.5
Published: over 3 years ago
High
GSA_kwCzR0hTQS13dnAyLTlwcHctMzM3as4AA04j
Paths contain matrix variables bypass decorators
Ecosystems: maven
Packages: com.linecorp.armeria:armeria
Source: GitHub Advisory Database
Blast Radius: 18.0
Published: 9 months ago
High
GSA_kwCzR0hTQS00dzR2LTVoYzkteHJyMs4AA5Mb
angular vulnerable to super-linear runtime due to backtracking
Ecosystems: maven, npm
Packages: org.webjars.bower:angular, org.webjars.npm:angular, angular
Source: GitHub Advisory Database
Blast Radius: 51.8
Published: 3 months ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTk4MjQtcnA2bS14eDl3
Out-of-bounds write
Ecosystems: nuget
Packages: Microsoft.ChakraCore
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 3 years ago
High
GSA_kwCzR0hTQS1tNGhjLW0ydjYtaGZ3OM4AA04e
Improper authorization on debug and artifact file downloads
Ecosystems: pypi
Packages: sentry
Source: GitHub Advisory Database
Blast Radius: 17.9
Published: 9 months ago
High
GSA_kwCzR0hTQS14NzJtLXA0cWMtcDdyds4AAilY
Magento 2 Community Edition RCE Vulnerability via CSRF
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 8.6
Published: almost 2 years ago
High
GSA_kwCzR0hTQS02OTg4LWc4OW0tMjd2Zs4AAniS
Magento stored cross-site scripting (XSS) in the customer address upload feature
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 8.7
Published: almost 2 years ago
High
GSA_kwCzR0hTQS01ODM2LWdyY2MtOGo4Oc4AA2A4
OpenStack Heat information leak vulnerability
Ecosystems: pypi
Packages: openstack-heat
Source: GitHub Advisory Database
Blast Radius: 7.7
Published: 7 months ago
High
GSA_kwCzR0hTQS1tNXdwLXAzZ2otN3E1Z80sLA
Missing Authorization in Jenkins dbCharts Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:dbCharts
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS01Z2dtLXE5OHYtNzZoeM4AAQAb
ChakraCore RCE Vulnerability
Ecosystems: nuget
Packages: Microsoft.ChakraCore
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1xdnFtLWgyMnItNGNwOc4AATUn
Laravel Framework RCE Vulnerability
Ecosystems: packagist
Packages: laravel/framework
Source: GitHub Advisory Database
Blast Radius: 46.0
Published: almost 2 years ago
High
GSA_kwCzR0hTQS03OWhnLTM1N2ctcnJnds4AATS1
Centreon SQL Injection
Ecosystems: packagist
Packages: centreon/centreon
Source: GitHub Advisory Database
Blast Radius: 4.2
Published: almost 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZ4NHctOHc1My14cnZ2
XXE in Apache Standard Taglibs
Ecosystems: maven
Packages: org.apache.taglibs:taglibs-standard-impl, org.apache.taglibs:taglibs-standard
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
High
GSA_kwCzR0hTQS01cDRoLTMzNzctN3c2N839kg
golang.org/x/net/html NULL Pointer Dereference vulnerability
Ecosystems: go
Packages: golang.org/x/net
Source: GitHub Advisory Database
Blast Radius: 40.8
Published: almost 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTYyZzktNmh3NS1yd2Zw
Path Traversal in resolve-path
Ecosystems: npm
Packages: resolve-path
Source: GitHub Advisory Database
Blast Radius: 34.9
Published: almost 6 years ago
High
GSA_kwCzR0hTQS02NTVxLTlndmctcTRjbc4AAjQ_
Remote code execution in ASP.NET Core
Ecosystems: nuget
Packages: Microsoft.AspNetCore.App.Runtime.win-x86, Microsoft.AspNetCore.App.Runtime.win-x64, Microsoft.AspNetCore.App.Runtime.win-arm, Microsoft.AspNetCore.App.Runtime.osx-x64, Microsoft.AspNetCore.App.Runtime.linux-x64, Microsoft.AspNetCore.App.Runtime.linux-musl-x64, Microsoft.AspNetCore.App.Runtime.linux-musl-arm64, Microsoft.AspNetCore.App.Runtime.linux-arm64, Microsoft.AspNetCore.App.Runtime.linux-arm, Microsoft.AspNetCore.Http.Connections, Microsoft.AspNetCore.App, Microsoft.AspNetCore.All
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
High
GSA_kwCzR0hTQS05Nnh2LXJtd2otNnA5d84AAz6C
Grav Server-side Template Injection (SSTI) via Twig Default Filters
Ecosystems: packagist
Packages: getgrav/grav
Source: GitHub Advisory Database
Blast Radius: 6.9
Published: 11 months ago
Statistics
Advisories: 18,317
Packages: 8,278
Repositories: 5,005
Ecosystems: 12
Filter by Severity
Moderate 7,906 High 6,339 Critical 2,804 Low 981
Filter by Ecosystem
maven 5,520 packagist 3,783 pypi 3,705 npm 3,535 go 1,889 nuget 1,390 rubygems 814 cargo 776 swift 31 hex 30 actions 16 pub 8
Filter by Package
tensorflow 432 tensorflow-cpu 387 tensorflow-gpu 384 moodle/moodle 318 Microsoft.ChakraCore 247 org.jenkins-ci.main:jenkins-core 189 magento/community-edition 182 org.apache.tomcat:tomcat 134 pimcore/pimcore 116 dolibarr/dolibarr 105 typo3/cms 102 phpmyadmin/phpmyadmin 91 microweber/microweber 91 django 80 apache-airflow 78 typo3/cms-core 73 thorsten/phpmyfaq 70 drupal/core 70 com.fasterxml.jackson.core:jackson-databind 69 ansible 63 github.com/usememos/memos 59 actionpack 57 drupal/drupal 56 org.apache.struts:struts2-core 55 librenms/librenms 54 symfony/symfony 53 concrete5/concrete5 52 salt 50 apache-superset 48 shopware/platform 48 org.keycloak:keycloak-core 47 Plone 45 com.liferay.portal:release.portal.bom 45 plone 43 baserproject/basercms 43 nokogiri 42 rdiffweb 42 Pillow 41 craftcms/cms 40 intelliants/subrion 40 showdoc/showdoc 40 vyper 38 github.com/mattermost/mattermost/server/v8 38 nilsteampassnet/teampass 37 org.apache.tomcat.embed:tomcat-embed-core 37 github.com/mattermost/mattermost-server/v6 37 com.jfinal:jfinal 36 com.thoughtworks.xstream:xstream 36 shopware/core 36 froxlor/froxlor 36 net.mingsoft:ms-mcms 35 matrix-synapse 35 org.xwiki.platform:xwiki-platform-oldcore 34 github.com/answerdev/answer 34 org.elasticsearch:elasticsearch 32 k8s.io/kubernetes 32 silverstripe/framework 32 snipe/snipe-it 32 mlflow 31 opencv-python 30 opencv-contrib-python 30 org.jenkins-ci.plugins:script-security 30 parse-server 29 github.com/argoproj/argo-cd 29 mautic/core 28 github.com/grafana/grafana 28 github.com/rancher/rancher 28 github.com/hashicorp/vault 28 org.keycloak:keycloak-services 27 getgrav/grav 27 io.undertow:undertow-core 27 shopware/shopware 27 Django 27 centreon/centreon 27 github.com/hashicorp/nomad 26 openssl-src 26 electron 26 github.com/hashicorp/consul 26 org.keycloak:keycloak-parent 25 org.apache.solr:solr-core 25 rubygems-update 25 magento/core 24 prestashop/prestashop 24 gogs.io/gogs 24 remdex/livehelperchat 23 pocketmine/pocketmine-mp 23 puppet 23 moin 23 org.eclipse.jetty:jetty-server 23 org.springframework.security:spring-security-core 23 github.com/argoproj/argo-cd/v2 23 rack 22 getkirby/cms 22 ckb 22 org.apache.nifi:nifi 22 grumpydictator/firefly-iii 22 org.apache.openmeetings:openmeetings-parent 21 @openzeppelin/contracts-upgradeable 21 contao/core-bundle 21 activerecord 21 org.cloudfoundry.identity:cloudfoundry-identity-server 20 @openzeppelin/contracts 20 github.com/cilium/cilium 20 github.com/ethereum/go-ethereum 19 code.gitea.io/gitea 19 github.com/docker/docker 19 DotNetNuke.Core 19 org.springframework:spring-core 19 tribalsystems/zenario 18 org.bouncycastle:bcprov-jdk14 18 com.vaadin:vaadin-bom 18 helm.sh/helm/v3 18 com.liferay.portal:release.dxp.bom 18 langchain 18 contao/contao 18 forkcms/forkcms 18 golang.org/x/net 17 Microsoft.AspNetCore.App.Runtime.win-x64 17 org.apache.geode:geode-core 17 cakephp/cakephp 17 PaddlePaddle 17 mercurial 17 cobbler 17 simplesamlphp/simplesamlphp 17 Microsoft.AspNetCore.App.Runtime.win-x86 17 francoisjacquet/rosariosis 17 symfony/security 17 org.xwiki.platform:xwiki-platform-web-templates 17 genix/cms 17 cockpit-hq/cockpit 17 rusqlite 16 pillow 16 sequelize 16 org.apache.activemq:activemq-client 16 wasmtime 16 yetiforce/yetiforce-crm 16 org.bouncycastle:bcprov-jdk15 16 org.apache.dubbo:dubbo 16 Microsoft.AspNetCore.App.Runtime.win-arm 16 directus 16 nova 15 org.apache.struts.xwork:xwork-core 15 cryptography 15 github.com/goharbor/harbor 15 topthink/framework 15 Microsoft.AspNetCore.App.Runtime.linux-x64 15 Microsoft.AspNetCore.App.Runtime.linux-musl-x64 15 Microsoft.AspNetCore.App.Runtime.osx-x64 15 org.apache.jspwiki:jspwiki-main 15 paddlepaddle 15 Microsoft.AspNetCore.App.Runtime.linux-arm64 15 notebook 15 Microsoft.AspNetCore.App.Runtime.linux-arm 15 openmage/magento-lts 15 ezsystems/ezpublish-kernel 14 modoboa 14 smarty/smarty 14 zendframework/zendframework1 14 activesupport 14 ec-cube/ec-cube 14 publify_core 14 ghost 14 keystone 14 pyload-ng 14 Microsoft.AspNetCore.App.Runtime.win-arm64 14 pyftpdlib 14 typo3/cms-backend 14 Microsoft.AspNetCore.App.Runtime.linux-musl-arm64 14 swagger-ui 14 symfony/security-http 14 phpmailer/phpmailer 14 gradio 14 tinymce 14 org.xwiki.platform:xwiki-platform-web 14 github.com/mattermost/mattermost-server 13 codeigniter4/framework 13 github.com/containerd/containerd 13 org.apache.cxf:cxf 13 github.com/nats-io/nats-server/v2 13 org.apache.hadoop:hadoop-main 13 neutron 13 lavalite/cms 13 strapi 13 next 13 passenger 13 ckeditor4 13 org.apache.inlong:manager-pojo 13 impresscms/impresscms 13 elefant/cms 13 joplin 13 github.com/traefik/traefik/v2 13 october/system 13 org.apache.dolphinscheduler:dolphinscheduler 12 github.com/opencontainers/runc 12 dompdf/dompdf 12 phpbb/phpbb 12 undici 12 github.com/go-gitea/gitea 12 phpmyfaq/phpmyfaq 12 actionview 12
Filter by Repository
https://github.com/tensorflow/tensorflow 432 https://github.com/chakra-core/ChakraCore 214 https://github.com/moodle/moodle 210 https://github.com/xwiki/xwiki-platform 172 https://github.com/jenkinsci/jenkins 148 https://github.com/pimcore/pimcore 111 https://github.com/apache/tomcat 96 https://github.com/apache/airflow 90 https://github.com/microweber/microweber 85 https://github.com/django/django 73 https://github.com/FasterXML/jackson-databind 70 https://github.com/thorsten/phpmyfaq 69 https://github.com/usememos/memos 59 https://github.com/keycloak/keycloak 59 https://github.com/Dolibarr/dolibarr 54 https://github.com/ansible/ansible 53 https://github.com/rails/rails 53 https://github.com/python-pillow/Pillow 52 https://github.com/kubernetes/kubernetes 48 https://github.com/symfony/symfony 47 https://github.com/apache/struts 46 https://github.com/librenms/librenms 46 https://github.com/shopware/platform 43 https://github.com/TYPO3/typo3 42 https://github.com/ikus060/rdiffweb 42 https://github.com/spring-projects/spring-framework 41 https://github.com/star7th/showdoc 38 https://github.com/phpmyadmin/phpmyadmin 38 https://github.com/vyperlang/vyper 38 https://github.com/plone/Products.CMFPlone 37 https://github.com/argoproj/argo-cd 37 https://github.com/x-stream/xstream 36 https://github.com/answerdev/answer 34 https://github.com/concretecms/concretecms 34 https://github.com/octobercms/october 33 https://github.com/saltstack/salt 32 https://github.com/matrix-org/synapse 32 https://github.com/apache/activemq 32 https://github.com/PaddlePaddle/Paddle 31 https://github.com/go-gitea/gitea 31 https://github.com/sparklemotion/nokogiri 31 https://github.com/magento/magento2 31 https://github.com/parse-community/parse-server 29 https://github.com/craftcms/cms 29 https://github.com/snipe/snipe-it 28 https://github.com/CVEProject/cvelist 28 https://github.com/opencv/opencv 28 https://github.com/mautic/mautic 27 https://github.com/froxlor/froxlor 26 https://github.com/apache/inlong 25 https://github.com/electron/electron 25 https://github.com/mlflow/mlflow 25 https://github.com/rancher/rancher 25 https://github.com/shopware/shopware 24 https://github.com/TYPO3/TYPO3.CMS 24 https://github.com/livehelperchat/livehelperchat 23 https://github.com/eclipse/jetty.project 23 https://github.com/getgrav/grav 23 https://github.com/github/advisory-database 23 https://github.com/pmmp/PocketMine-MP 23 https://github.com/dotnet/runtime 23 https://github.com/grafana/grafana 22 https://github.com/nervosnetwork/ckb 22 https://github.com/baserproject/basercms 22 https://github.com/firefly-iii/firefly-iii 22 https://github.com/contao/contao 22 https://github.com/strapi/strapi 21 https://github.com/apache/nifi 21 https://github.com/OpenNMS/opennms 20 https://github.com/cilium/cilium 20 https://github.com/gogs/gogs 20 https://github.com/netty/netty 20 https://github.com/jenkinsci/script-security-plugin 20 https://github.com/OpenZeppelin/openzeppelin-contracts 20 https://github.com/jeecgboot/jeecg-boot 20 https://github.com/PrestaShop/PrestaShop 20 https://github.com/nilsteampassnet/teampass 19 https://github.com/cloudfoundry/uaa 19 https://github.com/helm/helm 19 https://github.com/hashicorp/consul 19 https://github.com/apache/cxf 19 https://github.com/intelliants/subrion 19 https://github.com/nilsteampassnet/TeamPass 18 https://github.com/rubygems/rubygems 18 https://github.com/getkirby/kirby 18 https://github.com/bcgit/bc-java 18 https://github.com/rack/rack 17 https://github.com/vaadin/platform 17 https://github.com/bytecodealliance/wasmtime 17 https://github.com/liufee/cms 17 https://github.com/yetiforcecompany/yetiforcecrm 16 https://github.com/rusqlite/rusqlite 16 https://github.com/umbraco/Umbraco-CMS 16 https://github.com/forkcms/forkcms 16 https://github.com/etcd-io/etcd 16 https://github.com/hashicorp/vault 16 https://github.com/sequelize/sequelize 16 https://github.com/opencast/opencast 16 https://github.com/apache/camel 15 https://github.com/directus/directus 15 https://github.com/geoserver/geoserver 15 https://github.com/centreon/centreon 15 https://github.com/ethereum/go-ethereum 15 https://github.com/OpenMage/magento-lts 15 https://github.com/puppetlabs/puppet 15 https://github.com/goharbor/harbor 15 https://github.com/denoland/deno 14 https://github.com/langchain-ai/langchain 14 https://github.com/pyca/cryptography 14 https://github.com/mattermost/mattermost 14 https://github.com/pyload/pyload 14 https://github.com/simplesamlphp/simplesamlphp 14 https://github.com/cobbler/cobbler 14 https://github.com/PHPMailer/PHPMailer 14 https://github.com/cockpit-hq/cockpit 14 https://github.com/tinymce/tinymce 14 https://github.com/moby/moby 14 https://github.com/vantage6/vantage6 14 https://github.com/gradio-app/gradio 13 https://github.com/publify/publify 13 https://github.com/modoboa/modoboa 13 https://github.com/dompdf/dompdf 13 https://github.com/undertow-io/undertow 13 https://github.com/silverstripe/silverstripe-framework 13 https://github.com/quarkusio/quarkus 13 https://github.com/containerd/containerd 13 https://github.com/golang/go 13 https://github.com/ming-soft/MCMS 13 https://github.com/xuxueli/xxl-job 13 https://github.com/swagger-api/swagger-ui 13 https://github.com/hashicorp/nomad 13 https://github.com/traefik/traefik 13 https://github.com/dromara/hutool 12 https://github.com/centreon/centreon-archived 12 https://github.com/laurent22/joplin 12 https://github.com/patriksimek/vm2 12 https://github.com/ckeditor/ckeditor4 12 https://github.com/nodejs/undici 12 https://github.com/TryGhost/Ghost 12 https://github.com/apache/kylin 12 https://github.com/backstage/backstage 12 https://github.com/twisted/twisted 12 https://github.com/apache/dolphinscheduler 12 https://github.com/urllib3/urllib3 11 https://github.com/smarty-php/smarty 11 https://github.com/igniterealtime/Openfire 11 https://github.com/containers/podman 11 https://github.com/cloudflare/cfrpki 11 https://github.com/drupal/core 11 https://github.com/cakephp/cakephp 11 https://github.com/vaadin/flow 11 https://github.com/onionshare/onionshare 11 https://github.com/opencontainers/runc 11 https://github.com/thorsten/phpMyFAQ 11 https://github.com/jquery/jquery 11 https://github.com/zitadel/zitadel 11 https://github.com/janeczku/calibre-web 11 https://github.com/openstack/keystone 11 https://github.com/puma/puma 11 https://github.com/openfga/openfga 11 https://github.com/NodeBB/NodeBB 11 https://github.com/Studio-42/elFinder 11 https://github.com/phusion/passenger 10 https://github.com/zopefoundation/Zope 10 https://github.com/dolibarr/dolibarr 10 https://github.com/jupyter/notebook 10 https://github.com/codeigniter4/CodeIgniter4 10 https://github.com/aio-libs/aiohttp 10 https://github.com/keystonejs/keystone 10 https://github.com/1Panel-dev/1Panel 10 https://github.com/dpgaspar/Flask-AppBuilder 10 https://github.com/ezsystems/ezpublish-kernel 10 https://github.com/jenkinsci/git-plugin 10 https://github.com/nextauthjs/next-auth 10 https://github.com/pimcore/admin-ui-classic-bundle 10 https://github.com/cosmos/cosmos-sdk 10 https://github.com/wagtail/wagtail 10 https://github.com/OPCFoundation/UA-.NETStandard 10 https://github.com/dotnet/aspnetcore 10 https://github.com/greenpau/caddy-security 10 https://github.com/nats-io/nats-server 10 https://github.com/WWBN/AVideo 10 https://github.com/apache/lucene-solr 9 https://github.com/rails/rails-html-sanitizer 9 https://github.com/bolt/bolt 9 https://github.com/Graylog2/graylog2-server 9 https://github.com/DSpace/DSpace 9 https://github.com/ethyca/fides 9 https://github.com/vercel/next.js 9 https://github.com/fatfreecrm/fat_free_crm 9 https://github.com/evershopcommerce/evershop 9 https://github.com/cri-o/cri-o 9 https://github.com/giampaolo/pyftpdlib 9 https://github.com/semplon/GeniXCMS 9 https://github.com/laravel/framework 9 https://github.com/cui2shark/cms 9 https://github.com/alextselegidis/easyappointments 9 https://github.com/LavaLite/cms 9 https://github.com/kevinpapst/kimai2 9