Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories

Loading...
High
GSA_kwCzR0hTQS02OTg4LWc4OW0tMjd2Zs4AAniS
Magento stored cross-site scripting (XSS) in the customer address upload feature
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 8.7
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1tNXdwLXAzZ2otN3E1Z80sLA
Missing Authorization in Jenkins dbCharts Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:dbCharts
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS01cDRoLTMzNzctN3c2N839kg
golang.org/x/net/html NULL Pointer Dereference vulnerability
Ecosystems: go
Packages: golang.org/x/net
Source: GitHub Advisory Database
Blast Radius: 40.8
Published: almost 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTYyZzktNmh3NS1yd2Zw
Path Traversal in resolve-path
Ecosystems: npm
Packages: resolve-path
Source: GitHub Advisory Database
Blast Radius: 34.9
Published: almost 6 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWg2eHgtcG14aC0zd2dw
go.etcd.io/etcd Authentication Bypass
Ecosystems: go
Packages: go.etcd.io/etcd, go.etcd.io/etcd/v3
Source: GitHub Advisory Database
Blast Radius: 37.2
Published: about 2 years ago
High
GSA_kwCzR0hTQS02NTVxLTlndmctcTRjbc4AAjQ_
Remote code execution in ASP.NET Core
Ecosystems: nuget
Packages: Microsoft.AspNetCore.App.Runtime.win-x86, Microsoft.AspNetCore.App.Runtime.win-x64, Microsoft.AspNetCore.App.Runtime.win-arm, Microsoft.AspNetCore.App.Runtime.osx-x64, Microsoft.AspNetCore.App.Runtime.linux-x64, Microsoft.AspNetCore.App.Runtime.linux-musl-x64, Microsoft.AspNetCore.App.Runtime.linux-musl-arm64, Microsoft.AspNetCore.App.Runtime.linux-arm64, Microsoft.AspNetCore.App.Runtime.linux-arm, Microsoft.AspNetCore.Http.Connections, Microsoft.AspNetCore.App, Microsoft.AspNetCore.All
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
High
GSA_kwCzR0hTQS05Nnh2LXJtd2otNnA5d84AAz6C
Grav Server-side Template Injection (SSTI) via Twig Default Filters
Ecosystems: packagist
Packages: getgrav/grav
Source: GitHub Advisory Database
Blast Radius: 6.9
Published: 11 months ago
High
GSA_kwCzR0hTQS1qd3gzLTJocTMtNjgyY84AA2rF
Jenkins Edgewall Trac Plugin vulnerable to Stored XSS
Ecosystems: maven
Packages: org.jenkins-ci.plugins:trac
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 6 months ago
High
GSA_kwCzR0hTQS0yaHc2LTRydjktODJmcM4AAyjG
Uvdesk remote code execution vulnerability
Ecosystems: packagist
Packages: uvdesk/community-skeleton
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
High
GSA_kwCzR0hTQS1wMjhoLWNjN3EtYzRmZ84AAvJj
css-what vulnerable to ReDoS due to use of insecure regular expression
Ecosystems: npm
Packages: css-what
Source: GitHub Advisory Database
Blast Radius: 48.6
Published: over 1 year ago
High
GSA_kwCzR0hTQS1xNzJwLTR3NTYtaHg3aM4AAtkq
Hardcoded JWT Token in Lin CMS Spring Boot
Ecosystems: maven
Packages: io.github.talelin:lin-cms-core
Source: GitHub Advisory Database
Blast Radius: 3.6
Published: almost 2 years ago
High
GSA_kwCzR0hTQS13NG0zLTQzZ3AteDhoeM4AAyto
.NET Remote Code Execution vulnerability
Ecosystems: nuget
Packages: Microsoft.NetCore.App.Runtime.win-x64, Microsoft.NetCore.App.Runtime.win-x86, Microsoft.NetCore.App.Runtime.win-arm64, Microsoft.NetCore.App.Runtime.win-arm
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
High
GSA_kwCzR0hTQS0ycHZqLXA0ODUtY3Azbc4AAvIh
matrix-android-sdk2 vulnerable to impersonation via forwarded Megolm sessions
Ecosystems: maven
Packages: org.matrix.android:matrix-android-sdk2
Source: GitHub Advisory Database
Blast Radius: 5.2
Published: over 1 year ago
High
GSA_kwCzR0hTQS00Z3hmLWc1Z2YtMjJoNM4AAzxj
dottie vulnerable to Prototype Pollution
Ecosystems: npm
Packages: dottie
Source: GitHub Advisory Database
Blast Radius: 39.1
Published: 11 months ago
High
GSA_kwCzR0hTQS01dzVtLXBmdzktYzhmcM4AAzxe
Snowflake Python Connector vulnerable to Command Injection
Ecosystems: pypi
Packages: snowflake-connector-python
Source: GitHub Advisory Database
Blast Radius: 24.7
Published: 11 months ago
High
GSA_kwCzR0hTQS00djY3LXdnODgtMzdwOc4AAbLR
Apache OpenMeetings displays Tomcat version and detailed error stack trace
Ecosystems: maven
Packages: org.apache.openmeetings:openmeetings-parent
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
High
GSA_kwCzR0hTQS00OGc5LWg3ZzUtOHB3Ms4AAygU
Jenkins Convert To Pipeline Plugin vulnerable to cross-site request forgery
Ecosystems: maven
Packages: org.jenkins-ci.plugins:convert-to-pipeline
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
High
GSA_kwCzR0hTQS13cnhmLXg4cm0tNmdnZ84AAyiM
Fluent Fluentd and Fluent-ui use default password
Ecosystems: rubygems
Packages: fluentd-ui, fluentd
Source: GitHub Advisory Database
Blast Radius: 30.7
Published: about 1 year ago
High
GSA_kwCzR0hTQS0yangyLXFjbTQtcmY5aM4AAzw_
Incomplete Internal State Distinction in GRPCWebToHTTP2ServerCodec
Ecosystems: swift
Packages: github.com/grpc/grpc-swift
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 11 months ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTM5cGotZ3E4cS05cGZq
Authentication Weakness in keystone
Ecosystems: npm
Packages: keystone
Source: GitHub Advisory Database
Blast Radius: 22.0
Published: almost 6 years ago
High
GSA_kwCzR0hTQS03OXJjLWpqaDYtcmM4Oc4AA13p
PocketMine-MP server crash due to incorrect EC curve used for LoginPacket identityPublicKey
Ecosystems: packagist
Packages: pocketmine/pocketmine-mp
Source: GitHub Advisory Database
Blast Radius: 15.6
Published: 8 months ago
High
GSA_kwCzR0hTQS1ndzQyLWY5MzktZmh2bc4AAzcT
Administration Console authentication bypass in openfire xmppserver
Ecosystems: maven
Packages: org.igniterealtime.openfire:xmppserver
Source: GitHub Advisory Database
Blast Radius: 13.1
Published: 12 months ago
High
GSA_kwCzR0hTQS01aGpoLWMyNm0teHc4d83X2w
ProxyScotch is vulnerable to a server-side Request Forgery (SSRF)
Ecosystems: go
Packages: github.com/hoppscotch/proxyscotch
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS1xYzRqLWhyajYtY3BwZs4AA3R3
upydev has weak encryption padding
Ecosystems: pypi
Packages: upydev
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 5 months ago
High
GSA_kwCzR0hTQS14MjdtLTl3OGotNXZjd84AAu50
Jettison memory exhaustion
Ecosystems: maven
Packages: org.codehaus.jettison:jettison
Source: GitHub Advisory Database
Blast Radius: 29.9
Published: over 1 year ago
High
GSA_kwCzR0hTQS1tcTR2LTZ2ZzQtNzk2Y84AA1P3
apache-airflow-providers-apache-drill Improper Input Validation vulnerability
Ecosystems: pypi
Packages: apache-airflow-providers-apache-drill
Source: GitHub Advisory Database
Blast Radius: 3.6
Published: 9 months ago
High
GSA_kwCzR0hTQS1tZjdjLTM1bXEtNzVwas4AAW6w
Insecure Inherited Permissions in Apache Hadoop
Ecosystems: maven
Packages: org.apache.hadoop:hadoop-common
Source: GitHub Advisory Database
Blast Radius: 38.3
Published: almost 2 years ago
High
GSA_kwCzR0hTQS0zcjMyLWNwN3YtNXdxNM4AA1iW
Code injection in ansible semaphore
Ecosystems: go
Packages: github.com/ansible-semaphore/semaphore
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 8 months ago
High
GSA_kwCzR0hTQS03NzNnLXgyNzQtOHFtZs4AAzue
SwiftNIO Extras vulnerable to improper detection of complete HTTP body decompression
Ecosystems: swift
Packages: github.com/apple/swift-nio-extras
Source: GitHub Advisory Database
Blast Radius: 20.6
Published: 11 months ago
High
GSA_kwCzR0hTQS03cnZwLXhxajctcnhmMs4AA1QS
Daylight Studio FUEL-CMS SQLi Vulnerability
Ecosystems: packagist
Packages: codeigniter/framework
Source: GitHub Advisory Database
Blast Radius: 23.8
Published: 9 months ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXh2Y2gtcjR3Zi1oOHc5
Improper Certificate Validation in proton-j
Ecosystems: maven
Packages: org.apache.qpid:proton-j
Source: GitHub Advisory Database
Blast Radius: 20.2
Published: over 5 years ago
High
GSA_kwCzR0hTQS00Njk2LWc3amoteGcyaM4AAuES
Mapbox is vulnerable to Integer Overflow
Ecosystems: maven
Packages: com.mapbox.mapboxsdk:mapbox-android-core
Source: GitHub Advisory Database
Blast Radius: 12.2
Published: over 1 year ago
High
GSA_kwCzR0hTQS12aGdyLWdmeDMtZmczN803hg
Unrestricted Upload of File with Dangerous Type in WPanel 4
Ecosystems: packagist
Packages: wpanel/wpanel4-cms
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS03bWZyLTc3NGYtdzVyOc06lg
Improper Certificate Validation
Ecosystems: nuget
Packages: Microsoft.NETCore.App, System.Security.Cryptography.X509Certificates
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS1maG04LWN4Y3YtcHd2Y84AAQMN
HashiCorp Consul Access Restriction Bypass
Ecosystems: go
Packages: github.com/hashicorp/consul
Source: GitHub Advisory Database
Blast Radius: 28.2
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1obTM3LTl4aDItcTQ5Oc4AAtHw
Possible leak of key's raw field if declared length is incorrect
Ecosystems: pypi
Packages: openssh-key-parser
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJ4NnItNzQyNy05NWNt
Deserialization of Untrusted Data in Apache Camel RabbitMQ
Ecosystems: maven
Packages: org.apache.camel:camel-rabbitmq
Source: GitHub Advisory Database
Blast Radius: 24.8
Published: almost 3 years ago
High
GSA_kwCzR0hTQS00dnFwLXBjbTMtNzN4cM4AA1Vs
Jenkins Folders Plugin cross-site request forgery vulnerability
Ecosystems: maven
Packages: org.jenkins-ci.plugins:cloudbees-folder
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 9 months ago
High
GSA_kwCzR0hTQS1neDY5LTZjcDQtaHhyas38Wg
RubyGems Link Following vulnerability
Ecosystems: maven, rubygems
Packages: org.jruby:jruby-stdlib, rubygems-update
Source: GitHub Advisory Database
Blast Radius: 27.8
Published: almost 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWg1cTgtNTY5Ny05cDlo
Cross-Site Request Forgery in express-cart
Ecosystems: npm
Packages: express-cart
Source: GitHub Advisory Database
Blast Radius: 2.6
Published: over 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXhnYzktOXc0di1oMzNo
High severity vulnerability that affects org.apache.syncope:syncope-core
Ecosystems: maven
Packages: org.apache.syncope:syncope-core
Source: GitHub Advisory Database
Blast Radius: 6.9
Published: over 5 years ago
High
GSA_kwCzR0hTQS04cng2LXY1cTQteHczas02sA
enkins Coverage/Complexity Scatter Plot Plugin XML External Entity Reference vulnerability
Ecosystems: maven
Packages: org.jenkins-ci.plugins:covcomplplot
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS00NDNtLTNmcjYtdzh3as4AA1Xk
PowerJob incorrect access control vulnerability
Ecosystems: maven
Packages: tech.powerjob:powerjob
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 9 months ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXdmNXAtYzc1dy13M3do
Null pointer dereference in TFLite MLIR optimizations
Ecosystems: pypi
Packages: tensorflow
Source: GitHub Advisory Database
Blast Radius: 38.0
Published: over 2 years ago
High
GSA_kwCzR0hTQS14Z3gyLTMzMmgtOXg2cc011w
SQL Injection in Yeswiki
Ecosystems: packagist
Packages: yeswiki/yeswiki
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS05dmZjLXF4Yzgtd3Jwcc4AA3Zm
ureport arbitrary file read vulnerability
Ecosystems: maven
Packages: com.bstek.ureport:ureport2-core
Source: GitHub Advisory Database
Blast Radius: 8.4
Published: 5 months ago
High
GSA_kwCzR0hTQS1wYzljLTU0N3ctaGhtY84AAs7s
Cross-site Scripting in Jenkins REST List Parameter Plugin
Ecosystems: maven
Packages: io.jenkins.plugins:rest-list-parameter
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXFyOTUtNG1xNS1yM2Zo
Phar unserialization vulnerability in phpMussel
Ecosystems: packagist
Packages: Maikuolan/phpMussel, phpmussel/phpmussel
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 4 years ago
High
GSA_kwCzR0hTQS0zbXdqLTd2bXEtdzQzcM4AAllB
Stored XSS vulnerability in Jenkins Yet Another Build Visualizer Plugin
Ecosystems: maven
Packages: com.axis.system.jenkins.plugins.downstream:yet-another-build-visualizer
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
High
GSA_kwCzR0hTQS03NmZnLW1ocmctZm1tZ84AAufn
XNIO `notifyReadClosed` method logging message to unexpected end
Ecosystems: maven
Packages: org.jboss.xnio:xnio-all
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: over 1 year ago
High
GSA_kwCzR0hTQS00N3A1LXAzanctdzc4d84AAxtz
Server-Side Request Forgery in Plone CMS
Ecosystems: pypi
Packages: Plone
Source: GitHub Advisory Database
Blast Radius: 7.4
Published: about 1 year ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTQ4cnctajQ4OS05Mjht
Signature wrapping vulnerability in Spring Security
Ecosystems: maven
Packages: org.springframework.security:spring-security-core
Source: GitHub Advisory Database
Blast Radius: 40.9
Published: almost 4 years ago
High
GSA_kwCzR0hTQS1jaDM3LWNoOHctY2Zycc4AAmfP
Bookstack Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: ssddanbrown/bookstack
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
High
GSA_kwCzR0hTQS14MjV4LWo0dzQtN201Oc4AAhfc
Return of Pointer Value Outside of Expected Rang in Jenkins Script Security Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:script-security
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
High
GSA_kwCzR0hTQS04OXc3LTVxNDUtcjUzd84AAwbi
lite-server vulnerable to Denial of Service
Ecosystems: maven, npm
Packages: org.webjars.npm:lite-server, lite-server
Source: GitHub Advisory Database
Blast Radius: 35.4
Published: over 1 year ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXY2NDgtcDkyZi05OTk2
Out-of-bounds write
Ecosystems: nuget
Packages: Microsoft.ChakraCore
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 3 years ago
High
GSA_kwCzR0hTQS1ydjZyLTNmNXEtOXJneM0v7A
Twisted SSH client and server deny of service during SSH handshake.
Ecosystems: pypi
Packages: twisted
Source: GitHub Advisory Database
Blast Radius: 29.5
Published: about 2 years ago
High
GSA_kwCzR0hTQS00Z2c1LXZ4M2oteHdjN84AAwQz
Protobuf Java vulnerable to Uncontrolled Resource Consumption
Ecosystems: maven
Packages: com.google.protobuf:protobuf-javalite, com.google.protobuf:protobuf-java
Source: GitHub Advisory Database
Blast Radius: 34.4
Published: over 1 year ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXA0cGotOWc1OS00cHB2
Remote Code Execution in SyliusResourceBundle
Ecosystems: packagist
Packages: sylius/resource-bundle
Source: GitHub Advisory Database
Blast Radius: 20.7
Published: over 3 years ago
High
GSA_kwCzR0hTQS03NzI0LTQyN3ItOHJ2bc38TA
ChakraCore RCE Vulnerability
Ecosystems: nuget
Packages: Microsoft.ChakraCore
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXczNmctcTk3NS0zN3Jn
Improper Input Validation (RCE)
Ecosystems: npm
Packages: wazuh
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 3 years ago
High
GSA_kwCzR0hTQS1jdjlnLWg4bW0teHg1aM4AAv9a
Deserialization of Untrusted Data in librenms/librenms
Ecosystems: packagist
Packages: librenms/librenms
Source: GitHub Advisory Database
Blast Radius: 2.6
Published: over 1 year ago
High
GSA_kwCzR0hTQS02bWhtLWdjcGYtNWdyOM4AAy_0
SQL Injection in Admin Search Find API
Ecosystems: packagist
Packages: pimcore/pimcore
Source: GitHub Advisory Database
Blast Radius: 21.9
Published: about 1 year ago
High
GSA_kwCzR0hTQS0yNWpoLTVoNXItaDMzbc4AAeQy
Plone Sandbox Bypass
Ecosystems: pypi
Packages: plone
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
High
GSA_kwCzR0hTQS14bWc4LXc0NjUtbXI1Ns4AAy_1
SQL Injection in Translation Export API
Ecosystems: packagist
Packages: pimcore/pimcore
Source: GitHub Advisory Database
Blast Radius: 21.9
Published: about 1 year ago
High
GSA_kwCzR0hTQS1oYzM3LTg0djMtOGdtcc4AAwYx
UBI Reader vulnerable to Path Traversal
Ecosystems: pypi
Packages: ubi-reader
Source: GitHub Advisory Database
Blast Radius: 9.1
Published: over 1 year ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXF4eDgtMjkyZy0ydzY2
Improper Authentication
Ecosystems: nuget
Packages: Microsoft.Bot.Connector
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 3 years ago
High
GSA_kwCzR0hTQS0zeHBoLWNwOGYtMjIyOc0aLw
Prototype Pollution in @fabiocaccamo/utils.js
Ecosystems: npm
Packages: @fabiocaccamo/utils.js
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
High
GSA_kwCzR0hTQS1xZzV4LTY2aHAtY3c1cM03XQ
Uncontrolled Resource Consumption in Apache DolphinScheduler
Ecosystems: pypi, maven
Packages: apache-dolphinscheduler, org.apache.dolphinscheduler:dolphinscheduler
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWd2cXYtNzc5ci00amdw
Use after free in CefSharp
Ecosystems: nuget
Packages: CefSharp.Wpf.HwndHost, CefSharp.WinForms, CefSharp.Wpf, CefSharp.Common
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 3 years ago
High
GSA_kwCzR0hTQS0yY2pjLXJnbXAteDY0Oc3uew
Traefik Missing Authentication
Ecosystems: go
Packages: github.com/traefik/traefik
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: almost 2 years ago
High
GSA_kwCzR0hTQS01dzhyLThwZ2otNWptZs4AAvIn
matrix-js-sdk subject to user impersonation due to key/device identifier confusion in SAS verification
Ecosystems: npm
Packages: matrix-js-sdk
Source: GitHub Advisory Database
Blast Radius: 25.9
Published: over 1 year ago
High
GSA_kwCzR0hTQS04bXgyLWdxeDktcm03Zs4AAuZq
Uncontrolled Resource Consumption in opcua
Ecosystems: cargo
Packages: opcua
Source: GitHub Advisory Database
Blast Radius: 4.5
Published: over 1 year ago
High
GSA_kwCzR0hTQS1oMjhjLTQ1M20taDl4bc4AAuGu
Path Traversal in Payara
Ecosystems: maven
Packages: fish.payara.api:payara-bom
Source: GitHub Advisory Database
Blast Radius: 13.5
Published: over 1 year ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTVtaDktcjNyci05NTk3
Code execution vulnerability in HtmlUnit
Ecosystems: maven
Packages: net.sourceforge.htmlunit:htmlunit
Source: GitHub Advisory Database
Blast Radius: 32.7
Published: almost 4 years ago
High
GSA_kwCzR0hTQS1waGNjLWZyaDktcTU0Nc38TQ
ChakraCore RCE Vulnerability
Ecosystems: nuget
Packages: Microsoft.ChakraCore
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
High
GSA_kwCzR0hTQS00N3Z4LWZxcjUtajJnd84AAwYo
HuTool vulnerable to Uncontrolled Resource Consumption
Ecosystems: maven
Packages: cn.hutool:hutool-core
Source: GitHub Advisory Database
Blast Radius: 23.6
Published: over 1 year ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJ3ZzYtM2Ztai13NHd4
tkinter is malware
Ecosystems: npm
Packages: tkinter
Source: GitHub Advisory Database
Blast Radius: 5.2
Published: over 5 years ago
High
GSA_kwCzR0hTQS04cTI4LXB3OWctdzgyY84AA1hs
Apache Airflow vulnerable arbitrary code execution via Spark server
Ecosystems: pypi
Packages: apache-airflow-providers-apache-spark
Source: GitHub Advisory Database
Blast Radius: 16.2
Published: 8 months ago
High
GSA_kwCzR0hTQS0ycmg1LWp2Z3gtcGd3M80VwQ
Any storage file can be downloaded from p.sh if full server path is known
Ecosystems: packagist
Packages: ezsystems/ezplatform
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXFwZzQtNHc3dy0ybXE1
Authentication and extension bypass in Faye
Ecosystems: rubygems
Packages: faye
Source: GitHub Advisory Database
Blast Radius: 29.6
Published: about 4 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTI3eGotcnF4NS0yMjU1
jackson-databind mishandles the interaction between serialization gadgets and typing
Ecosystems: maven
Packages: com.fasterxml.jackson.core:jackson-databind
Source: GitHub Advisory Database
Blast Radius: 43.6
Published: almost 4 years ago
High
GSA_kwCzR0hTQS1tcTdoLTU1NzQtaHc5Zs4AAv_N
Cross-Site Request Forgery (CSRF) allowing to delete or rename tags
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-tag-ui
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
High
GSA_kwCzR0hTQS14Z3FyLTV3cXctOWZwds4AAvse
Apache UIMA Path Traversal vulnerability
Ecosystems: maven
Packages: org.apache.uima:uimaj-core
Source: GitHub Advisory Database
Blast Radius: 20.8
Published: over 1 year ago
High
GSA_kwCzR0hTQS03NzRnLXIzZm0tNHY4Nc4AAYTz
CSRF vulnerability in Jenkins Role-based Authorization Strategy Plugin configuration
Ecosystems: maven
Packages: org.jenkins-ci.plugins:role-strategy
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTc1OG0tdjU2di1ncmo0
jackson-databind mishandles the interaction between serialization gadgets and typing
Ecosystems: maven
Packages: com.fasterxml.jackson.core:jackson-databind
Source: GitHub Advisory Database
Blast Radius: 47.4
Published: about 4 years ago
High
GSA_kwCzR0hTQS03anJ3LXA4amMtdjZxd84AAw6V
sviehb/jefferson vulnerable to path traversal
Ecosystems: pypi
Packages: jefferson
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: over 1 year ago
High
GSA_kwCzR0hTQS12OTg4LTgyOHcteHZmMs0WrA
Authentication Bypass Using an Alternate Path or Channel and Authentication Bypass by Primary Weakness in rucio-webui
Ecosystems: pypi
Packages: rucio-webui
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTI2NXEtMjhycC1jaHE1
Insecure Entropy Source - Math.random() in node-uuid
Ecosystems: npm
Packages: node-uuid
Source: GitHub Advisory Database
Blast Radius: 40.4
Published: about 4 years ago
High
GSA_kwCzR0hTQS1jaGNnLWdoOXAtOTZjNc4AAv5J
Jenkins Associated Files Plugin vulnerable to cross-site scripting (XSS)
Ecosystems: maven
Packages: org.jenkins-ci.main:associated-files-plugin
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXFyd2MtanhmNS1nOHg2
Out of bounds read in ordnung
Ecosystems: cargo
Packages: ordnung
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
High
GSA_kwCzR0hTQS1jcWYzLXZweDctcnhod84AAy5d
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in Pay
Ecosystems: rubygems
Packages: pay
Source: GitHub Advisory Database
Blast Radius: 14.5
Published: about 1 year ago
High
GSA_kwCzR0hTQS1tMnZ2LTV2ajUtMmhtN84AAv2p
Pillow vulnerable to Data Amplification attack.
Ecosystems: pypi
Packages: pillow
Source: GitHub Advisory Database
Blast Radius: 37.1
Published: over 1 year ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTQ5cTMtODg2Ny01d21w
Remote Command Execution in reg-keygen-git-hash-plugin
Ecosystems: npm
Packages: reg-keygen-git-hash-plugin
Source: GitHub Advisory Database
Blast Radius: 17.4
Published: almost 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTdmdngtM2pmYy0yY3Bj
Heap OOB in `ResourceScatterUpdate`
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 35.5
Published: over 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWcyZjYtdjVxaC1oMm1x
Nexus Repository Manager 3 - Remote Code Execution
Ecosystems: maven
Packages: org.sonatype.nexus:nexus-extdirect
Source: GitHub Advisory Database
Blast Radius: 9.5
Published: about 4 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWhwdjQtN3A5Yy1tdmZy
Heap buffer overflow in `FractionalAvgPoolGrad`
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 34.6
Published: over 2 years ago
High
GSA_kwCzR0hTQS1mcjU4LTJ4aHYtcXAzd80WWQ
Denial of Service in OpenCV
Ecosystems: pypi
Packages: opencv-contrib-python, opencv-python
Source: GitHub Advisory Database
Blast Radius: 36.2
Published: over 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWo2dzQtcGc2cC01bXJ2
Directory Traversal in tmock
Ecosystems: npm
Packages: tmock
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 6 years ago
High
GSA_kwCzR0hTQS1xNzhjLWd3cXctamNtY84AA20_
Kubernetes privilege escalation vulnerability
Ecosystems: go
Packages: k8s.io/kubernetes
Source: GitHub Advisory Database
Blast Radius: 37.9
Published: 6 months ago
Statistics
Advisories: 18,330
Packages: 8,279
Repositories: 5,007
Ecosystems: 12
Filter by Severity
Moderate 7,912 High 6,344 Critical 2,805 Low 981
Filter by Ecosystem
maven 5,520 packagist 3,801 pypi 3,704 npm 3,535 go 1,889 nuget 1,390 rubygems 814 cargo 776 swift 31 hex 30 actions 16 pub 8
Filter by Package
tensorflow 432 tensorflow-cpu 387 tensorflow-gpu 384 moodle/moodle 322 Microsoft.ChakraCore 247 org.jenkins-ci.main:jenkins-core 189 magento/community-edition 182 org.apache.tomcat:tomcat 134 pimcore/pimcore 116 dolibarr/dolibarr 105 typo3/cms 102 phpmyadmin/phpmyadmin 91 microweber/microweber 91 django 80 apache-airflow 78 drupal/core 76 typo3/cms-core 73 thorsten/phpmyfaq 70 com.fasterxml.jackson.core:jackson-databind 69 ansible 63 drupal/drupal 61 github.com/usememos/memos 59 actionpack 57 org.apache.struts:struts2-core 55 librenms/librenms 54 symfony/symfony 53 concrete5/concrete5 52 salt 50 apache-superset 48 shopware/platform 48 org.keycloak:keycloak-core 47 Plone 45 com.liferay.portal:release.portal.bom 45 plone 43 baserproject/basercms 43 nokogiri 42 rdiffweb 42 Pillow 41 craftcms/cms 40 intelliants/subrion 40 showdoc/showdoc 40 vyper 38 github.com/mattermost/mattermost/server/v8 38 nilsteampassnet/teampass 37 org.apache.tomcat.embed:tomcat-embed-core 37 github.com/mattermost/mattermost-server/v6 37 com.jfinal:jfinal 36 com.thoughtworks.xstream:xstream 36 shopware/core 36 froxlor/froxlor 36 net.mingsoft:ms-mcms 35 matrix-synapse 35 org.xwiki.platform:xwiki-platform-oldcore 34 github.com/answerdev/answer 34 org.elasticsearch:elasticsearch 32 k8s.io/kubernetes 32 silverstripe/framework 32 snipe/snipe-it 32 mlflow 31 opencv-python 30 opencv-contrib-python 30 org.jenkins-ci.plugins:script-security 30 mautic/core 29 parse-server 29 github.com/argoproj/argo-cd 29 github.com/grafana/grafana 28 github.com/rancher/rancher 28 github.com/hashicorp/vault 28 org.keycloak:keycloak-services 27 getgrav/grav 27 io.undertow:undertow-core 27 shopware/shopware 27 Django 27 centreon/centreon 27 github.com/hashicorp/nomad 26 openssl-src 26 electron 26 github.com/hashicorp/consul 26 org.keycloak:keycloak-parent 25 org.apache.solr:solr-core 25 rubygems-update 25 magento/core 24 prestashop/prestashop 24 gogs.io/gogs 24 remdex/livehelperchat 23 pocketmine/pocketmine-mp 23 puppet 23 moin 23 org.eclipse.jetty:jetty-server 23 org.springframework.security:spring-security-core 23 github.com/argoproj/argo-cd/v2 23 rack 22 getkirby/cms 22 ckb 22 org.apache.nifi:nifi 22 grumpydictator/firefly-iii 22 org.apache.openmeetings:openmeetings-parent 21 @openzeppelin/contracts-upgradeable 21 contao/core-bundle 21 activerecord 21 org.cloudfoundry.identity:cloudfoundry-identity-server 20 @openzeppelin/contracts 20 github.com/cilium/cilium 20 github.com/ethereum/go-ethereum 19 code.gitea.io/gitea 19 github.com/docker/docker 19 DotNetNuke.Core 19 org.springframework:spring-core 19 tribalsystems/zenario 18 org.bouncycastle:bcprov-jdk14 18 com.vaadin:vaadin-bom 18 helm.sh/helm/v3 18 com.liferay.portal:release.dxp.bom 18 langchain 18 contao/contao 18 forkcms/forkcms 18 golang.org/x/net 17 Microsoft.AspNetCore.App.Runtime.win-x64 17 org.apache.geode:geode-core 17 cakephp/cakephp 17 PaddlePaddle 17 mercurial 17 cobbler 17 simplesamlphp/simplesamlphp 17 Microsoft.AspNetCore.App.Runtime.win-x86 17 francoisjacquet/rosariosis 17 symfony/security 17 org.xwiki.platform:xwiki-platform-web-templates 17 genix/cms 17 cockpit-hq/cockpit 17 rusqlite 16 pillow 16 sequelize 16 org.apache.activemq:activemq-client 16 wasmtime 16 yetiforce/yetiforce-crm 16 org.bouncycastle:bcprov-jdk15 16 org.apache.dubbo:dubbo 16 Microsoft.AspNetCore.App.Runtime.win-arm 16 directus 16 nova 15 org.apache.struts.xwork:xwork-core 15 cryptography 15 github.com/goharbor/harbor 15 org.apache.jspwiki:jspwiki-main 15 Microsoft.AspNetCore.App.Runtime.linux-musl-x64 15 Microsoft.AspNetCore.App.Runtime.linux-arm64 15 topthink/framework 15 openmage/magento-lts 15 paddlepaddle 15 notebook 15 Microsoft.AspNetCore.App.Runtime.linux-arm 15 Microsoft.AspNetCore.App.Runtime.osx-x64 15 Microsoft.AspNetCore.App.Runtime.linux-x64 15 ghost 14 activesupport 14 symfony/security-http 14 keystone 14 zendframework/zendframework1 14 pyftpdlib 14 publify_core 14 phpmailer/phpmailer 14 gradio 14 Microsoft.AspNetCore.App.Runtime.linux-musl-arm64 14 typo3/cms-backend 14 ezsystems/ezpublish-kernel 14 org.xwiki.platform:xwiki-platform-web 14 ec-cube/ec-cube 14 tinymce 14 pyload-ng 14 modoboa 14 smarty/smarty 14 Microsoft.AspNetCore.App.Runtime.win-arm64 14 swagger-ui 14 next 13 codeigniter4/framework 13 github.com/containerd/containerd 13 bolt/bolt 13 strapi 13 org.apache.cxf:cxf 13 lavalite/cms 13 neutron 13 github.com/nats-io/nats-server/v2 13 org.apache.hadoop:hadoop-main 13 passenger 13 github.com/mattermost/mattermost-server 13 ckeditor4 13 org.apache.inlong:manager-pojo 13 impresscms/impresscms 13 october/system 13 github.com/traefik/traefik/v2 13 joplin 13 elefant/cms 13 github.com/go-gitea/gitea 12 phpbb/phpbb 12 undici 12 dompdf/dompdf 12 org.apache.dolphinscheduler:dolphinscheduler 12 github.com/opencontainers/runc 12 phpmyfaq/phpmyfaq 12
Filter by Repository
https://github.com/tensorflow/tensorflow 432 https://github.com/chakra-core/ChakraCore 214 https://github.com/moodle/moodle 210 https://github.com/xwiki/xwiki-platform 172 https://github.com/jenkinsci/jenkins 148 https://github.com/pimcore/pimcore 111 https://github.com/apache/tomcat 96 https://github.com/apache/airflow 90 https://github.com/microweber/microweber 85 https://github.com/django/django 74 https://github.com/FasterXML/jackson-databind 70 https://github.com/thorsten/phpmyfaq 69 https://github.com/keycloak/keycloak 59 https://github.com/usememos/memos 59 https://github.com/Dolibarr/dolibarr 54 https://github.com/rails/rails 53 https://github.com/ansible/ansible 53 https://github.com/python-pillow/Pillow 52 https://github.com/kubernetes/kubernetes 48 https://github.com/symfony/symfony 47 https://github.com/apache/struts 46 https://github.com/librenms/librenms 46 https://github.com/shopware/platform 43 https://github.com/ikus060/rdiffweb 42 https://github.com/TYPO3/typo3 42 https://github.com/spring-projects/spring-framework 41 https://github.com/phpmyadmin/phpmyadmin 38 https://github.com/star7th/showdoc 38 https://github.com/vyperlang/vyper 38 https://github.com/argoproj/argo-cd 37 https://github.com/plone/Products.CMFPlone 37 https://github.com/x-stream/xstream 36 https://github.com/concretecms/concretecms 34 https://github.com/answerdev/answer 34 https://github.com/octobercms/october 33 https://github.com/saltstack/salt 32 https://github.com/apache/activemq 32 https://github.com/matrix-org/synapse 32 https://github.com/magento/magento2 31 https://github.com/go-gitea/gitea 31 https://github.com/sparklemotion/nokogiri 31 https://github.com/PaddlePaddle/Paddle 31 https://github.com/craftcms/cms 29 https://github.com/parse-community/parse-server 29 https://github.com/opencv/opencv 28 https://github.com/CVEProject/cvelist 28 https://github.com/snipe/snipe-it 28 https://github.com/mautic/mautic 27 https://github.com/froxlor/froxlor 26 https://github.com/rancher/rancher 25 https://github.com/apache/inlong 25 https://github.com/mlflow/mlflow 25 https://github.com/electron/electron 25 https://github.com/TYPO3/TYPO3.CMS 24 https://github.com/shopware/shopware 24 https://github.com/pmmp/PocketMine-MP 23 https://github.com/dotnet/runtime 23 https://github.com/github/advisory-database 23 https://github.com/livehelperchat/livehelperchat 23 https://github.com/getgrav/grav 23 https://github.com/eclipse/jetty.project 23 https://github.com/grafana/grafana 22 https://github.com/contao/contao 22 https://github.com/firefly-iii/firefly-iii 22 https://github.com/baserproject/basercms 22 https://github.com/nervosnetwork/ckb 22 https://github.com/apache/nifi 21 https://github.com/strapi/strapi 21 https://github.com/gogs/gogs 20 https://github.com/jeecgboot/jeecg-boot 20 https://github.com/netty/netty 20 https://github.com/cilium/cilium 20 https://github.com/PrestaShop/PrestaShop 20 https://github.com/jenkinsci/script-security-plugin 20 https://github.com/OpenZeppelin/openzeppelin-contracts 20 https://github.com/OpenNMS/opennms 20 https://github.com/intelliants/subrion 19 https://github.com/hashicorp/consul 19 https://github.com/cloudfoundry/uaa 19 https://github.com/nilsteampassnet/teampass 19 https://github.com/apache/cxf 19 https://github.com/helm/helm 19 https://github.com/rubygems/rubygems 18 https://github.com/nilsteampassnet/TeamPass 18 https://github.com/getkirby/kirby 18 https://github.com/bcgit/bc-java 18 https://github.com/vaadin/platform 17 https://github.com/rack/rack 17 https://github.com/liufee/cms 17 https://github.com/bytecodealliance/wasmtime 17 https://github.com/etcd-io/etcd 16 https://github.com/hashicorp/vault 16 https://github.com/opencast/opencast 16 https://github.com/sequelize/sequelize 16 https://github.com/rusqlite/rusqlite 16 https://github.com/yetiforcecompany/yetiforcecrm 16 https://github.com/forkcms/forkcms 16 https://github.com/umbraco/Umbraco-CMS 16 https://github.com/ethereum/go-ethereum 15 https://github.com/puppetlabs/puppet 15 https://github.com/goharbor/harbor 15 https://github.com/geoserver/geoserver 15 https://github.com/centreon/centreon 15 https://github.com/OpenMage/magento-lts 15 https://github.com/apache/camel 15 https://github.com/directus/directus 15 https://github.com/langchain-ai/langchain 14 https://github.com/pyca/cryptography 14 https://github.com/simplesamlphp/simplesamlphp 14 https://github.com/cobbler/cobbler 14 https://github.com/vantage6/vantage6 14 https://github.com/pyload/pyload 14 https://github.com/mattermost/mattermost 14 https://github.com/denoland/deno 14 https://github.com/PHPMailer/PHPMailer 14 https://github.com/cockpit-hq/cockpit 14 https://github.com/moby/moby 14 https://github.com/tinymce/tinymce 14 https://github.com/modoboa/modoboa 13 https://github.com/ming-soft/MCMS 13 https://github.com/hashicorp/nomad 13 https://github.com/publify/publify 13 https://github.com/xuxueli/xxl-job 13 https://github.com/gradio-app/gradio 13 https://github.com/golang/go 13 https://github.com/traefik/traefik 13 https://github.com/undertow-io/undertow 13 https://github.com/containerd/containerd 13 https://github.com/silverstripe/silverstripe-framework 13 https://github.com/quarkusio/quarkus 13 https://github.com/swagger-api/swagger-ui 13 https://github.com/dompdf/dompdf 13 https://github.com/laurent22/joplin 12 https://github.com/ckeditor/ckeditor4 12 https://github.com/apache/kylin 12 https://github.com/nodejs/undici 12 https://github.com/patriksimek/vm2 12 https://github.com/twisted/twisted 12 https://github.com/centreon/centreon-archived 12 https://github.com/TryGhost/Ghost 12 https://github.com/backstage/backstage 12 https://github.com/apache/dolphinscheduler 12 https://github.com/dromara/hutool 12 https://github.com/janeczku/calibre-web 11 https://github.com/jquery/jquery 11 https://github.com/cakephp/cakephp 11 https://github.com/urllib3/urllib3 11 https://github.com/thorsten/phpMyFAQ 11 https://github.com/vaadin/flow 11 https://github.com/cloudflare/cfrpki 11 https://github.com/containers/podman 11 https://github.com/igniterealtime/Openfire 11 https://github.com/opencontainers/runc 11 https://github.com/openstack/keystone 11 https://github.com/openfga/openfga 11 https://github.com/zitadel/zitadel 11 https://github.com/drupal/core 11 https://github.com/Studio-42/elFinder 11 https://github.com/smarty-php/smarty 11 https://github.com/NodeBB/NodeBB 11 https://github.com/puma/puma 11 https://github.com/onionshare/onionshare 11 https://github.com/greenpau/caddy-security 10 https://github.com/jenkinsci/git-plugin 10 https://github.com/1Panel-dev/1Panel 10 https://github.com/OPCFoundation/UA-.NETStandard 10 https://github.com/phusion/passenger 10 https://github.com/dpgaspar/Flask-AppBuilder 10 https://github.com/aio-libs/aiohttp 10 https://github.com/jupyter/notebook 10 https://github.com/dotnet/aspnetcore 10 https://github.com/keystonejs/keystone 10 https://github.com/pimcore/admin-ui-classic-bundle 10 https://github.com/cosmos/cosmos-sdk 10 https://github.com/zopefoundation/Zope 10 https://github.com/wagtail/wagtail 10 https://github.com/dolibarr/dolibarr 10 https://github.com/WWBN/AVideo 10 https://github.com/codeigniter4/CodeIgniter4 10 https://github.com/nats-io/nats-server 10 https://github.com/ezsystems/ezpublish-kernel 10 https://github.com/nextauthjs/next-auth 10 https://github.com/vercel/next.js 9 https://github.com/top-think/framework 9 https://github.com/apache/superset 9 https://github.com/Graylog2/graylog2-server 9 https://github.com/cri-o/cri-o 9 https://github.com/neorazorx/facturascripts 9 https://github.com/fatfreecrm/fat_free_crm 9 https://github.com/semplon/GeniXCMS 9 https://github.com/laravel/framework 9 https://github.com/cui2shark/cms 9 https://github.com/yiisoft/yii2 9 https://github.com/kevinpapst/kimai2 9 https://github.com/apache/lucene-solr 9 https://github.com/funadmin/funadmin 9 https://github.com/ethyca/fides 9 https://github.com/Pylons/waitress 9 https://github.com/spring-projects/spring-security 9