Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories

Loading...
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW05NTYtZnJmNC1tMndy
Ansible is vulnerable to an improper input validation in Ansible's handling of data sent from client systems
Ecosystems: pypi
Packages: ansible
Source: GitHub Advisory Database
Blast Radius: 33.8
Published: over 5 years ago
High
GSA_kwCzR0hTQS1ncHZjLW14NmctY2Nods4AA0-r
underscore-keypath vulnerable to Prototype Pollution
Ecosystems: npm
Packages: underscore-keypath
Source: GitHub Advisory Database
Blast Radius: 23.3
Published: 10 months ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWo1bWctZnBxOC12dnh2
Directory Traversal in commentapp.stetsonwood
Ecosystems: npm
Packages: commentapp.stetsonwood
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 6 years ago
High
GSA_kwCzR0hTQS14MzhxLXhnMmgtcnhneM0V9Q
Regular Expression Denial of Service in Leo Editor
Ecosystems: pypi
Packages: leo
Source: GitHub Advisory Database
Blast Radius: 3.6
Published: over 2 years ago
High
GSA_kwCzR0hTQS1qajhyLWp3NDItbXc0d84AAwoh
Widoco Path Traversal vulnerability
Ecosystems: maven
Packages: com.github.dgarijo:Widoco
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
High
GSA_kwCzR0hTQS1yNjgzLWoyeDQtdjg3Z80j_w
node-fetch forwards secure headers to untrusted sites
Ecosystems: npm
Packages: node-fetch
Source: GitHub Advisory Database
Blast Radius: 55.1
Published: over 2 years ago
High
GSA_kwCzR0hTQS02ZzMzLTh3MnEtNGh4ds4AAwwq
robots-txt-guard Inefficient Regular Expression Complexity vulnerability
Ecosystems: npm
Packages: robots-txt-guard
Source: GitHub Advisory Database
Blast Radius: 27.0
Published: over 1 year ago
High
GSA_kwCzR0hTQS12Y2NnLWY0Z3AtNDV4Oc4AA3S2
Eval Injection in fastbots
Ecosystems: pypi
Packages: fastbots
Source: GitHub Advisory Database
Blast Radius: 2.5
Published: 6 months ago
High
GSA_kwCzR0hTQS1wMjdoLTRjcGYtZnc0OM4AAwnR
email-existence Inefficient Regular Expression Complexity vulnerability
Ecosystems: npm
Packages: email-existence
Source: GitHub Advisory Database
Blast Radius: 17.7
Published: over 1 year ago
High
GSA_kwCzR0hTQS00aGg1LTI2NzgtODNmeM4AA3N-
Cross-Site Request Forgery vulnerability in Prefect
Ecosystems: pypi
Packages: prefect
Source: GitHub Advisory Database
Blast Radius: 25.4
Published: 6 months ago
High
GSA_kwCzR0hTQS1wOGo4LXd4dnAtaDY5Nc4AAwln
SimbCo httpster vulnerable to Path Traversal
Ecosystems: npm
Packages: httpster
Source: GitHub Advisory Database
Blast Radius: 16.2
Published: over 1 year ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXdxdjMtOGNtNi1oNndn
Improper Authentication in Kubernetes
Ecosystems: go
Packages: k8s.io/kubernetes
Source: GitHub Advisory Database
Blast Radius: 37.9
Published: about 2 years ago
High
GSA_kwCzR0hTQS05MjN3LTlwM3gtaG1nd84AAgeD
Jenkins GitLab Plugin missing permission checks
Ecosystems: maven
Packages: org.jenkins-ci.plugins:gitlab-plugin
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1xMmZqLTZoNjItNTltMs4AAwrK
Apiman Vert.x Gateway has Transitive Hazelcast connection caching issue
Ecosystems: maven
Packages: io.apiman:apiman-distro-vertx, io.apiman:apiman-gateway-platforms-vertx
Source: GitHub Advisory Database
Blast Radius: 3.9
Published: over 1 year ago
High
GSA_kwCzR0hTQS0yY3FmLTZ4djktZjIyd84AA2uM
Elasticsearch vulnerable to Uncontrolled Resource Consumption
Ecosystems: maven
Packages: org.elasticsearch:elasticsearch
Source: GitHub Advisory Database
Blast Radius: 32.0
Published: 7 months ago
High
GSA_kwCzR0hTQS1jMzgzLXE1dmYtaHg1Nc0yaw
Integer Overflow or Wraparound in Microweber
Ecosystems: packagist
Packages: microweber/microweber
Source: GitHub Advisory Database
Blast Radius: 5.2
Published: about 2 years ago
High
GSA_kwCzR0hTQS05cDYyLXgzYzUtaHI1cM4AAwql
Path Traversal In MeterSpere leads to upload file to any path
Ecosystems: maven
Packages: io.metersphere:metersphere
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
High
GSA_kwCzR0hTQS1meDkyLXdoNzItOGc5cc4AAZbm
Apache Atlas produces Stack trace in error response
Ecosystems: maven
Packages: org.apache.atlas:atlas-common
Source: GitHub Advisory Database
Blast Radius: 13.9
Published: almost 2 years ago
High
GSA_kwCzR0hTQS02ZndnLWpyZnctZmY3cM4AA3kw
Traefik docker container using 100% CPU
Ecosystems: go
Packages: github.com/traefik/traefik/v3, github.com/traefik/traefik/v2
Source: GitHub Advisory Database
Blast Radius: 12.9
Published: 5 months ago
High
GSA_kwCzR0hTQS1wYzI0LTc1M2otZ21xZs4AAgmR
Jenkins Ansible Tower Plugin missing permission check
Ecosystems: maven
Packages: org.jenkins-ci.plugins:ansible-tower
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1xMjR2LWhwZzMtdjNqcM4AA3ZQ
Reactor Netty HTTP Server denial of service vulnerability
Ecosystems: maven
Packages: io.projectreactor.netty:reactor-netty-http
Source: GitHub Advisory Database
Blast Radius: 22.2
Published: 6 months ago
High
GSA_kwCzR0hTQS1odmM2LTQydmYtamhmOM4AA35I
mlflow Command Injection vulnerability
Ecosystems: pypi
Packages: mlflow
Source: GitHub Advisory Database
Blast Radius: 32.6
Published: 5 months ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJncTgtMjVxYy1oNTRx
Directory Traversal in myserver.alexcthomas18
Ecosystems: npm
Packages: myserver.alexcthomas18
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 6 years ago
High
GSA_kwCzR0hTQS1xZzhwLTMyZ3ItZ2g2eM4AA37h
MLflow Local File Disclosure Vulnerability
Ecosystems: pypi
Packages: mlflow
Source: GitHub Advisory Database
Blast Radius: 27.8
Published: 5 months ago
High
GSA_kwCzR0hTQS0yZzk5LWM2N3AtNTZobc3wVA
XML Signature/Encryption Not Validated in Apache CXF
Ecosystems: maven
Packages: org.apache.cxf:cxf
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS1janI4LTVydzQtd2g2Nc4AAh6S
Jenkins Splunk Plugin Sandbox Bypass
Ecosystems: maven
Packages: com.splunk.splunkins:splunk-devops
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1wMjI4LTRtcmgtd3c3cs4AAwqg
Elrond-GO processing: fallback search of SCRs when not found in the main cache
Ecosystems: go
Packages: github.com/ElrondNetwork/elrond-go
Source: GitHub Advisory Database
Blast Radius: 8.0
Published: over 1 year ago
High
GSA_kwCzR0hTQS1oOHc2LWM1M2ctNTN2ds4AAjSU
Missing permission checks in Jenkins Sounds Plugin allow OS command execution
Ecosystems: maven
Packages: org.jenkins-ci.plugins:sounds
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
High
GSA_kwCzR0hTQS0yY3hnLTQ0OGgtNHd4as4AAiu_
Jenkins Support Core Plugin allowed users with Overall/Read permission to delete arbitrary files
Ecosystems: maven
Packages: org.jenkins-ci.plugins:support-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1nbTYyLXJ3NGctdnJjNM4AA3hi
Logback is vulnerable to an attacker mounting a Denial-Of-Service attack by sending poisoned data
Ecosystems: maven
Packages: ch.qos.logback:logback-core
Source: GitHub Advisory Database
Blast Radius: 32.9
Published: 5 months ago
High
GSA_kwCzR0hTQS02eDJ3LWd3Z2YtNXJnM84AAie5
Jenkins Deploy WebLogic Plugin cross-site request forgery vulnerability
Ecosystems: maven
Packages: org.jenkins-ci.plugins:weblogic-deployer-plugin
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
High
GSA_kwCzR0hTQS04bXBwLWYzZjcteGMyOM4AAtJN
Jetty SslConnection does not release pooled ByteBuffers in case of errors
Ecosystems: maven
Packages: org.eclipse.jetty:jetty-server
Source: GitHub Advisory Database
Blast Radius: 34.0
Published: almost 2 years ago
High
GSA_kwCzR0hTQS02cW0yLXdweHEtN3FoMs4AA39-
Gradio makes the `/file` secure against file traversal and server-side request forgery attacks
Ecosystems: pypi
Packages: gradio
Source: GitHub Advisory Database
Blast Radius: 35.0
Published: 5 months ago
High
GSA_kwCzR0hTQS1jbTU5LXByNXEtY3c4Nc4AAtM-
Temporary Directory Hijacking to Local Privilege Escalation Vulnerability in org.springframework.boot:spring-boot
Ecosystems: maven
Packages: org.springframework.boot:spring-boot
Source: GitHub Advisory Database
Blast Radius: 31.5
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1jOTk4LWM0ZjYtdmp3Ms4AAi-z
Jenkins Team Concert Plugin missing permission check
Ecosystems: maven
Packages: org.jenkins-ci.plugins:teamconcert
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTh3NzQtZzg0di1jNXc4
Directory Traversal in chatbyvista
Ecosystems: npm
Packages: chatbyvista
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
High
GSA_kwCzR0hTQS05aDl2LXJmaDYtamYzd84AAi-8
Jenkins Team Concert Plugin cross-site request forgery vulnerability
Ecosystems: maven
Packages: org.jenkins-ci.plugins:teamconcert
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
High
GSA_kwCzR0hTQS03bWY1LTc5Z3YtNjZnaM4AAi-o
Jenkins Maven Release Plug-in Plugin XXE vulnerability
Ecosystems: maven
Packages: org.jenkins-ci.plugins.m2release:m2release
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
High
GSA_kwCzR0hTQS01NGYzLWM2aGctODY1aM4AA3xn
Allocation of Resources Without Limits in Keycloak
Ecosystems: maven
Packages: org.keycloak:keycloak-model-jpa
Source: GitHub Advisory Database
Blast Radius: 16.8
Published: 5 months ago
High
GSA_kwCzR0hTQS13cXhmLTQ0N20tNmY1Zs4AA3kN
Information exposure in MLflow
Ecosystems: pypi
Packages: mlflow
Source: GitHub Advisory Database
Blast Radius: 27.8
Published: 5 months ago
High
GSA_kwCzR0hTQS1xdzRoLTN4amotODRjY84AA3d-
Apache Tiles: Unvalidated input may lead to path traversal and XXE
Ecosystems: maven
Packages: org.apache.tiles:tiles-core
Source: GitHub Advisory Database
Blast Radius: 29.2
Published: 6 months ago
High
GSA_kwCzR0hTQS0zMmoyLWM3bXgtdjRqas4AA3kp
Cross-Site Request Forgery in JFinalCMS via /admin/nav/update
Ecosystems: maven
Packages: com.jfinal:jfinal
Source: GitHub Advisory Database
Blast Radius: 25.8
Published: 5 months ago
High
GSA_kwCzR0hTQS1td3ZxLWdjNXctbTc4Zs4AA3kh
Cross-Site Request Forgery in JFinalCMS via /admin/category/delete
Ecosystems: maven
Packages: com.jfinal:jfinal
Source: GitHub Advisory Database
Blast Radius: 25.8
Published: 5 months ago
High
GSA_kwCzR0hTQS1wdjNnLXZjM3EtOGM5Z84AA3kt
Cross-Site Request Forgery in JFinalCMS via admin/nav/delete
Ecosystems: maven
Packages: com.jfinal:jfinal
Source: GitHub Advisory Database
Blast Radius: 25.8
Published: 5 months ago
High
GSA_kwCzR0hTQS1odjRjLXY4ajgtNTRjd84AA3ki
Cross-Site Request Forgery in JFinalCMS via /admin/nav/save
Ecosystems: maven
Packages: com.jfinal:jfinal
Source: GitHub Advisory Database
Blast Radius: 25.8
Published: 5 months ago
High
GSA_kwCzR0hTQS13djg4LXBmNzMteDIycM4AAa4I
Improper Neutralization of Directives in Dynamically Evaluated Code in Spring Framework
Ecosystems: maven
Packages: org.springframework:spring-core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1qeDd4LXJmM2YtajY0NM4AA2ry
Jenkins CloudBees CD Plugin vulnerable to arbitrary file deletion
Ecosystems: maven
Packages: org.jenkins-ci.plugins:electricflow
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 months ago
High
GSA_kwCzR0hTQS00d2hmLXJteDUtOGZyds4AAwZi
active_attr Improper Resource Shutdown or Release vulnerability
Ecosystems: rubygems
Packages: active_attr
Source: GitHub Advisory Database
Blast Radius: 23.5
Published: over 1 year ago
High
GSA_kwCzR0hTQS13aG1xLXY5NHEtMzRwOc4AATQ8
Improper Control of Generation of Code in Apache Struts
Ecosystems: maven
Packages: org.apache.struts:struts2-core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS1qd3gzLTJocTMtNjgyY84AA2rF
Jenkins Edgewall Trac Plugin vulnerable to Stored XSS
Ecosystems: maven
Packages: org.jenkins-ci.plugins:trac
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 months ago
High
GSA_kwCzR0hTQS1tdzk5LTljaGMteHc3cs4AA4Cr
Maliciously crafted Git server replies can cause DoS on go-git clients
Ecosystems: go
Packages: gopkg.in/src-d/go-git.v4, github.com/go-git/go-git/v5
Source: GitHub Advisory Database
Blast Radius: 31.0
Published: 5 months ago
High
GSA_kwCzR0hTQS1ocmY0LWhjcGMtMzM0Nc0zLg
Denial of service in microweber
Ecosystems: packagist
Packages: microweber/microweber
Source: GitHub Advisory Database
Blast Radius: 5.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS1jeGZyLTVxM3ItMnJjMs4AA3r7
Jinja2 template injection in mlflow
Ecosystems: pypi
Packages: mlflow
Source: GitHub Advisory Database
Blast Radius: 32.6
Published: 5 months ago
High
GSA_kwCzR0hTQS02Y3E1LThjajctZzU1OM4AAwgy
CodeIgniter4 Potential Session Handlers Vulnerability
Ecosystems: packagist
Packages: codeigniter4/framework
Source: GitHub Advisory Database
Blast Radius: 28.7
Published: over 1 year ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZxbXItOTU3Zy1yN3cz
Rendertron discloses absolute paths of files
Ecosystems: npm
Packages: rendertron
Source: GitHub Advisory Database
Blast Radius: 6.8
Published: about 5 years ago
High
GSA_kwCzR0hTQS1qaHd3LWZ4MmotM3JmN84AA24t
FoodCoopShop Server-Side Request Forgery vulnerability
Ecosystems: packagist
Packages: foodcoopshop/foodcoopshop
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 6 months ago
High
GSA_kwCzR0hTQS02bTk3LTc1MjctbWg3NM4AA3uZ
incorrect storage layout for contracts containing large arrays
Ecosystems: pypi
Packages: vyper
Source: GitHub Advisory Database
Blast Radius: 17.8
Published: 5 months ago
High
GSA_kwCzR0hTQS1naHczLTVxdm0tM21xY84AAwgx
CodeIgniter4 allows spoofing of IP address when using proxy
Ecosystems: packagist
Packages: codeigniter4/framework
Source: GitHub Advisory Database
Blast Radius: 23.3
Published: over 1 year ago
High
GSA_kwCzR0hTQS1wNnh4LWZoZnctN21qN84AA3v7
Configuration Injection in extension "Direct Mail" (direct_mail)
Ecosystems: packagist
Packages: directmailteam/direct-mail
Source: GitHub Advisory Database
Blast Radius: 4.2
Published: 5 months ago
High
GSA_kwCzR0hTQS02cTc4LTZ4dnItMjZmZ833sw
Jenkins Groovy Plugin sandbox bypass vulnerability
Ecosystems: maven
Packages: org.jenkins-ci.plugins:script-security, org.jenkins-ci.plugins:pipeline-model-definition, org.jenkins-ci.plugins.workflow:workflow-cps-parent
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS1yNmhoLTVnM3Etd3dnY80zGg
Stored Cross-site Scripting in grav
Ecosystems: packagist
Packages: getgrav/grav
Source: GitHub Advisory Database
Blast Radius: 6.8
Published: about 2 years ago
High
GSA_kwCzR0hTQS1nZmhqLTUyNHEtZ2Nybc4AAlYZ
Stored XSS vulnerability in Jenkins console links
Ecosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1oNnFjLTQ1NW0tN3Y2ds4AAlYa
Stored XSS vulnerability in single axis builds tooltips in Jenkins Matrix Project Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:matrix-project
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1yNmNjLTd3ajctZ2Z4Ms4AA26g
Kubernetes csi-proxy vulnerable to privilege escalation due to improper input validation
Ecosystems: go
Packages: github.com/kubernetes-csi/csi-proxy
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 6 months ago
High
GSA_kwCzR0hTQS1jNnJwLXdycDktcXI0cc4AAwf6
dustjs-linkedin vulnerable to Prototype Pollution
Ecosystems: npm
Packages: dustjs-linkedin
Source: GitHub Advisory Database
Blast Radius: 39.4
Published: over 1 year ago
High
GSA_kwCzR0hTQS03cnJ4LTM3NW0tajZjcs4AAtDi
Cross-site Scripting in Jenkins Deployment Dashboard Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:ec2-deployment-dashboard
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1jZm00LXFqaDItNDc2Nc00KA
Improper Verification of Cryptographic Signature in node-forge
Ecosystems: npm
Packages: node-forge
Source: GitHub Advisory Database
Blast Radius: 48.6
Published: about 2 years ago
High
GSA_kwCzR0hTQS14NWZyLTdoaGotMzRqM84AA3yk
Full Table Permissions by Default
Ecosystems: cargo
Packages: surrealdb
Source: GitHub Advisory Database
Blast Radius: 19.3
Published: 5 months ago
High
GSA_kwCzR0hTQS1mNjU1LXhodm0tY3dwNM4AAtEB
Cross-site Scripting in Jenkins GitLab Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:gitlab-plugin
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
High
GSA_kwCzR0hTQS01NHI1LXdyOHgteDV2M84AAwbX
Apiman has insufficient checks for read permissions
Ecosystems: maven
Packages: io.apiman:apiman-manager-api-rest-impl
Source: GitHub Advisory Database
Blast Radius: 8.5
Published: over 1 year ago
High
GSA_kwCzR0hTQS1ocW1wLXZ4ajctNXdwcc4AAtEY
Cross-site Scripting in Jenkins Validating Email Parameter Plugin
Ecosystems: maven
Packages: io.jenkins.plugins:validating-email-parameter
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1ncmY4LTk0cTUtNHBoeM4AASky
CSRF vulnerability and missing permission checks in Openstack Cloud Plugin allowed capturing credentials
Ecosystems: maven
Packages: org.jenkins-ci.plugins:openstack-cloud
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS1xN3hnLWhoM3EtaGM2OM4AAoNx
XML External Entity Reference vulnerability in Jenkins Config File Provider Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:config-file-provider
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
High
GSA_kwCzR0hTQS02eDQ5LXczNWgtd3Fyas4AA3yv
Bypass serialize checks in Apache Dubbo
Ecosystems: maven
Packages: org.apache.dubbo:dubbo
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 5 months ago
High
GSA_kwCzR0hTQS1tM3E0LTdxbWotNjU3bc4AAwcc
OpenFGA Authorization Bypass
Ecosystems: go
Packages: github.com/openfga/openfga
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
High
GSA_kwCzR0hTQS03aDhtLXZyeHgtdnI0bc4AA2_V
ZITADEL race condition in lockout policy execution
Ecosystems: go
Packages: github.com/zitadel/zitadel
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 6 months ago
High
GSA_kwCzR0hTQS1tNWhmLW0zcjIteHE1M84AA4C9
hutool-core was discovered to contain a stack overflow via NumberUtil.toBigDecimal method
Ecosystems: maven
Packages: cn.hutool:hutool-core
Source: GitHub Advisory Database
Blast Radius: 23.6
Published: 5 months ago
High
GSA_kwCzR0hTQS1meDk1LTg4M3YtNHE0aM0z9A
Path traversal in github.com/valyala/fasthttp
Ecosystems: go
Packages: github.com/valyala/fasthttp
Source: GitHub Advisory Database
Blast Radius: 33.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS1mcWcyLWM5N3ItcnFjas4AASyM
Exposure of Sensitive Information in Jenkins Kubernetes Plugin
Ecosystems: maven
Packages: org.csanchez.jenkins.plugins:kubernetes
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS1qM2ZmLXhwNmMtNmdjY800JQ
Failure to validate signature during handshake
Ecosystems: npm
Packages: @chainsafe/libp2p-noise
Source: GitHub Advisory Database
Blast Radius: 23.5
Published: about 2 years ago
High
GSA_kwCzR0hTQS14Nmp4LWN4ZzMtbWdnaM33pw
Jenkins Pipeline Declarative Plugin sandbox bypass vulnerability
Ecosystems: maven
Packages: org.jenkinsci.plugins:pipeline-model-definition
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS14OThmLTJyZ2YtcXdxaM4AA3Md
xxl-job-admin vulnerable to Remote Code Execution
Ecosystems: maven
Packages: com.xuxueli:xxl-job-admin
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 6 months ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW02d2ctMm13Zy00cmZx
GPGME Go wrapper contains Use After Free
Ecosystems: go
Packages: github.com/proglottis/gpgme
Source: GitHub Advisory Database
Blast Radius: 20.4
Published: almost 3 years ago
High
GSA_kwCzR0hTQS01M2pwLWdtd2MtandmNs4AATfu
Exposure of Sensitive Information to an Unauthorized Actor in Jenkins
Ecosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS1xMjdoLWh3MnYteDVqbc4AA3Ov
Free5gc allows a local attacker to cause a denial of service via the free5gc-compose component
Ecosystems: go
Packages: github.com/free5gc/free5gc
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 6 months ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXFyZ2YtanFxbS14N3h2
Code injection in dragonfly gem
Ecosystems: rubygems
Packages: fog-dragonfly, dragonfly
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 6 years ago
High
GSA_kwCzR0hTQS13Y3dtLWMzbXItcHhjcs4AAwbk
easy-static-server vulnerable to Directory Traversal
Ecosystems: npm
Packages: easy-static-server
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
High
GSA_kwCzR0hTQS12OHEyLTk0ZjYtNnhxMs3wSQ
Improper Input Validation in Apache CXF
Ecosystems: maven
Packages: org.apache.cxf:cxf-rt-frontend-jaxrs
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS00ZjRjLXJoanYtNHdnds4AA3RP
Cross-Site Request Forgery with QueryOnXWiki allows arbitrary database queries
Ecosystems: maven
Packages: org.xwiki.contrib:xwiki-application-admintools
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 6 months ago
High
GSA_kwCzR0hTQS0zdjZ2LTJ4NnAtMzJtY84AAwUE
pgadmin4 vulnerable to Code Injection
Ecosystems: pypi
Packages: pgadmin4
Source: GitHub Advisory Database
Blast Radius: 15.0
Published: over 1 year ago
High
GSA_kwCzR0hTQS1xNWo5LWY5NXctZjRwcs4AAwIx
TERASOLUNA Server Framework vulnerable to ClassLoader manipulation
Ecosystems: maven
Packages: org.terasoluna.gfw:terasoluna-gfw-common
Source: GitHub Advisory Database
Blast Radius: 8.9
Published: over 1 year ago
High
GSA_kwCzR0hTQS0yYzd2LXFjanAtNG1nMs4AAwWz
.NET Remote Code Execution Vulnerability
Ecosystems: nuget
Packages: Microsoft.WindowsDesktop.App.Runtime.win-x64, Microsoft.WindowsDesktop.App.Runtime.win-x86, Microsoft.WindowsDesktop.App.Runtime.win-arm64
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
High
GSA_kwCzR0hTQS0yNDkyLXh4cWYtNmg3OM4AA3T0
Cross Site Request Forgery in SwiftyEdit
Ecosystems: packagist
Packages: swiftyedit/swiftyedit
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 6 months ago
High
GSA_kwCzR0hTQS1yNWMyLXJ4aDItZjVoMs4AAXav
Exposure of Sensitive Information to an Unauthorized Actor in Apache Jasypt
Ecosystems: maven
Packages: org.jasypt:jasypt
Source: GitHub Advisory Database
Blast Radius: 27.9
Published: about 2 years ago
High
GSA_kwCzR0hTQS1naG04LW1teDcteHZnMs00GQ
Information Exposure in Apache Tapestry
Ecosystems: maven
Packages: org.apache.tapestry:tapestry-core
Source: GitHub Advisory Database
Blast Radius: 21.6
Published: about 2 years ago
High
GSA_kwCzR0hTQS1wNHY4LWpnY3YtOWc3Nc4AA4Lu
safe_pqc_kyber leaks parts of secret keys
Ecosystems: cargo
Packages: safe_pqc_kyber
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 months ago
High
GSA_kwCzR0hTQS1wNzgyLTRqMjMteHFjZ84AAwVy
Apache Atlas: zip path traversal in import functionality
Ecosystems: maven
Packages: org.apache.atlas:apache-atlas
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
High
GSA_kwCzR0hTQS0zcmozLXFwMmotNGZqMs00Fw
Cross-Site Request Forgery in Jenkins P4 Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:p4
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS1nNDlqLWo0ODktM3hwZs4AA35g
Apache Superset incorrect write permissions vulnerability
Ecosystems: pypi
Packages: apache-superset
Source: GitHub Advisory Database
Blast Radius: 10.3
Published: 5 months ago
High
GSA_kwCzR0hTQS1jcndqLTJyM2MtZ3gyZ84AA4LK
Apache InLong Manager Arbitrary File Read Vulnerability
Ecosystems: maven
Packages: org.apache.inlong:manager-pojo
Source: GitHub Advisory Database
Blast Radius: 11.1
Published: 4 months ago
Statistics
Advisories: 18,459
Packages: 8,320
Repositories: 5,041
Ecosystems: 12
Filter by Severity
Moderate 7,975 High 6,383 Critical 2,818 Low 992
Filter by Ecosystem
maven 5,538 packagist 3,825 pypi 3,754 npm 3,557 go 1,905 nuget 1,391 rubygems 815 cargo 780 swift 31 hex 30 actions 16 pub 8
Filter by Package
tensorflow 432 tensorflow-cpu 387 tensorflow-gpu 384 moodle/moodle 323 Microsoft.ChakraCore 247 org.jenkins-ci.main:jenkins-core 189 magento/community-edition 182 org.apache.tomcat:tomcat 134 pimcore/pimcore 116 dolibarr/dolibarr 107 typo3/cms 102 phpmyadmin/phpmyadmin 92 microweber/microweber 91 django 80 apache-airflow 78 drupal/core 76 typo3/cms-core 73 thorsten/phpmyfaq 70 com.fasterxml.jackson.core:jackson-databind 69 ansible 63 drupal/drupal 61 github.com/usememos/memos 59 actionpack 57 org.apache.struts:struts2-core 55 librenms/librenms 54 symfony/symfony 53 salt 53 concrete5/concrete5 52 apache-superset 49 shopware/platform 48 org.keycloak:keycloak-core 47 Plone 47 com.liferay.portal:release.portal.bom 45 baserproject/basercms 43 plone 43 nokogiri 43 rdiffweb 42 Pillow 41 intelliants/subrion 40 showdoc/showdoc 40 craftcms/cms 40 github.com/mattermost/mattermost/server/v8 38 vyper 38 froxlor/froxlor 37 github.com/mattermost/mattermost-server/v6 37 nilsteampassnet/teampass 37 shopware/core 36 com.jfinal:jfinal 36 org.apache.tomcat.embed:tomcat-embed-core 36 com.thoughtworks.xstream:xstream 36 matrix-synapse 35 net.mingsoft:ms-mcms 35 github.com/answerdev/answer 34 org.xwiki.platform:xwiki-platform-oldcore 34 k8s.io/kubernetes 32 snipe/snipe-it 32 silverstripe/framework 32 org.jenkins-ci.plugins:script-security 32 org.elasticsearch:elasticsearch 32 mlflow 31 opencv-python 30 opencv-contrib-python 30 parse-server 29 github.com/argoproj/argo-cd 29 mautic/core 29 Django 28 github.com/grafana/grafana 28 getgrav/grav 28 github.com/hashicorp/vault 28 github.com/rancher/rancher 28 io.undertow:undertow-core 27 centreon/centreon 27 shopware/shopware 27 org.keycloak:keycloak-services 27 github.com/hashicorp/nomad 26 openssl-src 26 github.com/hashicorp/consul 26 electron 26 org.apache.solr:solr-core 25 org.keycloak:keycloak-parent 25 rubygems-update 25 magento/core 24 gogs.io/gogs 24 moin 24 prestashop/prestashop 24 org.springframework.security:spring-security-core 23 pocketmine/pocketmine-mp 23 puppet 23 remdex/livehelperchat 23 github.com/argoproj/argo-cd/v2 23 org.eclipse.jetty:jetty-server 23 getkirby/cms 22 org.apache.nifi:nifi 22 ckb 22 rack 22 grumpydictator/firefly-iii 22 contao/core-bundle 21 org.apache.openmeetings:openmeetings-parent 21 activerecord 21 @openzeppelin/contracts-upgradeable 21 org.cloudfoundry.identity:cloudfoundry-identity-server 20 tribalsystems/zenario 20 github.com/cilium/cilium 20 @openzeppelin/contracts 20 github.com/ethereum/go-ethereum 20 DotNetNuke.Core 19 org.bouncycastle:bcprov-jdk14 19 org.springframework:spring-core 19 github.com/docker/docker 19 code.gitea.io/gitea 19 simplesamlphp/simplesamlphp 18 contao/contao 18 directus 18 helm.sh/helm/v3 18 forkcms/forkcms 18 com.liferay.portal:release.dxp.bom 18 langchain 18 com.vaadin:vaadin-bom 18 symfony/security 17 keystone 17 nova 17 org.xwiki.platform:xwiki-platform-web-templates 17 cakephp/cakephp 17 golang.org/x/net 17 topthink/framework 17 francoisjacquet/rosariosis 17 PaddlePaddle 17 Microsoft.AspNetCore.App.Runtime.win-x64 17 mercurial 17 cobbler 17 org.apache.geode:geode-core 17 cockpit-hq/cockpit 17 genix/cms 17 Microsoft.AspNetCore.App.Runtime.win-x86 17 Microsoft.AspNetCore.App.Runtime.win-arm 16 org.apache.dubbo:dubbo 16 sequelize 16 yetiforce/yetiforce-crm 16 pillow 16 rusqlite 16 org.apache.activemq:activemq-client 16 org.bouncycastle:bcprov-jdk15 16 wasmtime 16 Microsoft.AspNetCore.App.Runtime.osx-x64 15 cryptography 15 notebook 15 Microsoft.AspNetCore.App.Runtime.linux-x64 15 org.apache.struts.xwork:xwork-core 15 openmage/magento-lts 15 github.com/goharbor/harbor 15 paddlepaddle 15 next 15 org.apache.jspwiki:jspwiki-main 15 Microsoft.AspNetCore.App.Runtime.linux-musl-x64 15 gradio 15 Microsoft.AspNetCore.App.Runtime.linux-arm64 15 Microsoft.AspNetCore.App.Runtime.linux-arm 15 typo3/cms-backend 14 zendframework/zendframework1 14 ezsystems/ezpublish-kernel 14 ec-cube/ec-cube 14 pyftpdlib 14 symfony/security-http 14 phpmailer/phpmailer 14 Microsoft.AspNetCore.App.Runtime.linux-musl-arm64 14 Microsoft.AspNetCore.App.Runtime.win-arm64 14 ghost 14 publify_core 14 org.xwiki.platform:xwiki-platform-web 14 smarty/smarty 14 swagger-ui 14 pyload-ng 14 modoboa 14 activesupport 14 org.apache.inlong:manager-pojo 14 tinymce 14 joplin 13 strapi 13 bolt/bolt 13 elefant/cms 13 github.com/containerd/containerd 13 org.apache.hadoop:hadoop-main 13 lavalite/cms 13 neutron 13 codeigniter4/framework 13 github.com/traefik/traefik/v2 13 impresscms/impresscms 13 github.com/nats-io/nats-server/v2 13 org.apache.cxf:cxf 13 october/system 13 passenger 13 ckeditor4 13 github.com/mattermost/mattermost-server 13 org.jenkins-ci.plugins.workflow:workflow-cps 12 actionview 12 studio-42/elfinder 12 dompdf/dompdf 12 vantage6 12 deno 12 com.vaadin:flow-server 12
Filter by Repository
https://github.com/tensorflow/tensorflow 432 https://github.com/chakra-core/ChakraCore 214 https://github.com/moodle/moodle 210 https://github.com/xwiki/xwiki-platform 172 https://github.com/jenkinsci/jenkins 148 https://github.com/pimcore/pimcore 111 https://github.com/apache/tomcat 96 https://github.com/apache/airflow 90 https://github.com/django/django 85 https://github.com/microweber/microweber 85 https://github.com/FasterXML/jackson-databind 70 https://github.com/thorsten/phpmyfaq 69 https://github.com/keycloak/keycloak 59 https://github.com/usememos/memos 59 https://github.com/Dolibarr/dolibarr 55 https://github.com/ansible/ansible 53 https://github.com/rails/rails 53 https://github.com/python-pillow/Pillow 52 https://github.com/kubernetes/kubernetes 48 https://github.com/symfony/symfony 47 https://github.com/librenms/librenms 46 https://github.com/apache/struts 46 https://github.com/shopware/platform 43 https://github.com/TYPO3/typo3 42 https://github.com/ikus060/rdiffweb 42 https://github.com/spring-projects/spring-framework 41 https://github.com/phpmyadmin/phpmyadmin 38 https://github.com/star7th/showdoc 38 https://github.com/vyperlang/vyper 38 https://github.com/argoproj/argo-cd 37 https://github.com/plone/Products.CMFPlone 37 https://github.com/x-stream/xstream 36 https://github.com/answerdev/answer 34 https://github.com/concretecms/concretecms 34 https://github.com/apache/activemq 33 https://github.com/octobercms/october 33 https://github.com/saltstack/salt 32 https://github.com/matrix-org/synapse 32 https://github.com/sparklemotion/nokogiri 32 https://github.com/magento/magento2 31 https://github.com/PaddlePaddle/Paddle 31 https://github.com/go-gitea/gitea 31 https://github.com/craftcms/cms 29 https://github.com/parse-community/parse-server 29 https://github.com/opencv/opencv 28 https://github.com/CVEProject/cvelist 28 https://github.com/snipe/snipe-it 28 https://github.com/mautic/mautic 27 https://github.com/apache/inlong 26 https://github.com/froxlor/froxlor 26 https://github.com/electron/electron 25 https://github.com/rancher/rancher 25 https://github.com/mlflow/mlflow 25 https://github.com/shopware/shopware 24 https://github.com/TYPO3/TYPO3.CMS 24 https://github.com/dotnet/runtime 23 https://github.com/getgrav/grav 23 https://github.com/pmmp/PocketMine-MP 23 https://github.com/eclipse/jetty.project 23 https://github.com/livehelperchat/livehelperchat 23 https://github.com/github/advisory-database 23 https://github.com/grafana/grafana 22 https://github.com/baserproject/basercms 22 https://github.com/firefly-iii/firefly-iii 22 https://github.com/nervosnetwork/ckb 22 https://github.com/contao/contao 22 https://github.com/strapi/strapi 21 https://github.com/apache/nifi 21 https://github.com/jenkinsci/script-security-plugin 21 https://github.com/cilium/cilium 20 https://github.com/OpenNMS/opennms 20 https://github.com/netty/netty 20 https://github.com/OpenZeppelin/openzeppelin-contracts 20 https://github.com/PrestaShop/PrestaShop 20 https://github.com/jeecgboot/jeecg-boot 20 https://github.com/gogs/gogs 20 https://github.com/hashicorp/consul 19 https://github.com/nilsteampassnet/teampass 19 https://github.com/bcgit/bc-java 19 https://github.com/apache/cxf 19 https://github.com/intelliants/subrion 19 https://github.com/helm/helm 19 https://github.com/cloudfoundry/uaa 19 https://github.com/rubygems/rubygems 18 https://github.com/getkirby/kirby 18 https://github.com/nilsteampassnet/TeamPass 18 https://github.com/rack/rack 17 https://github.com/bytecodealliance/wasmtime 17 https://github.com/directus/directus 17 https://github.com/vaadin/platform 17 https://github.com/liufee/cms 17 https://github.com/rusqlite/rusqlite 16 https://github.com/opencast/opencast 16 https://github.com/ethereum/go-ethereum 16 https://github.com/hashicorp/vault 16 https://github.com/etcd-io/etcd 16 https://github.com/forkcms/forkcms 16 https://github.com/yetiforcecompany/yetiforcecrm 16 https://github.com/umbraco/Umbraco-CMS 16 https://github.com/sequelize/sequelize 16 https://github.com/geoserver/geoserver 15 https://github.com/denoland/deno 15 https://github.com/puppetlabs/puppet 15 https://github.com/OpenMage/magento-lts 15 https://github.com/apache/camel 15 https://github.com/openstack/keystone 15 https://github.com/simplesamlphp/simplesamlphp 15 https://github.com/centreon/centreon 15 https://github.com/goharbor/harbor 15 https://github.com/gradio-app/gradio 14 https://github.com/cockpit-hq/cockpit 14 https://github.com/pyload/pyload 14 https://github.com/mattermost/mattermost 14 https://github.com/pyca/cryptography 14 https://github.com/cobbler/cobbler 14 https://github.com/PHPMailer/PHPMailer 14 https://github.com/tinymce/tinymce 14 https://github.com/langchain-ai/langchain 14 https://github.com/moby/moby 14 https://github.com/vantage6/vantage6 14 https://github.com/hashicorp/nomad 13 https://github.com/publify/publify 13 https://github.com/containerd/containerd 13 https://github.com/golang/go 13 https://github.com/traefik/traefik 13 https://github.com/ming-soft/MCMS 13 https://github.com/quarkusio/quarkus 13 https://github.com/swagger-api/swagger-ui 13 https://github.com/modoboa/modoboa 13 https://github.com/undertow-io/undertow 13 https://github.com/xuxueli/xxl-job 13 https://github.com/dompdf/dompdf 13 https://github.com/silverstripe/silverstripe-framework 13 https://github.com/TryGhost/Ghost 12 https://github.com/twisted/twisted 12 https://github.com/nodejs/undici 12 https://github.com/patriksimek/vm2 12 https://github.com/apache/dolphinscheduler 12 https://github.com/apache/kylin 12 https://github.com/centreon/centreon-archived 12 https://github.com/laurent22/joplin 12 https://github.com/ckeditor/ckeditor4 12 https://github.com/dromara/hutool 12 https://github.com/backstage/backstage 12 https://github.com/smarty-php/smarty 11 https://github.com/top-think/framework 11 https://github.com/puma/puma 11 https://github.com/igniterealtime/Openfire 11 https://github.com/cloudflare/cfrpki 11 https://github.com/containers/podman 11 https://github.com/NodeBB/NodeBB 11 https://github.com/aio-libs/aiohttp 11 https://github.com/drupal/core 11 https://github.com/opencontainers/runc 11 https://github.com/jquery/jquery 11 https://github.com/vercel/next.js 11 https://github.com/openfga/openfga 11 https://github.com/urllib3/urllib3 11 https://github.com/onionshare/onionshare 11 https://github.com/zitadel/zitadel 11 https://github.com/Studio-42/elFinder 11 https://github.com/vaadin/flow 11 https://github.com/cakephp/cakephp 11 https://github.com/janeczku/calibre-web 11 https://github.com/thorsten/phpMyFAQ 11 https://github.com/1Panel-dev/1Panel 11 https://github.com/jupyter/notebook 10 https://github.com/greenpau/caddy-security 10 https://github.com/zopefoundation/Zope 10 https://github.com/wagtail/wagtail 10 https://github.com/keystonejs/keystone 10 https://github.com/OPCFoundation/UA-.NETStandard 10 https://github.com/Sylius/Sylius 10 https://github.com/codeigniter4/CodeIgniter4 10 https://github.com/jenkinsci/git-plugin 10 https://github.com/nextauthjs/next-auth 10 https://github.com/pimcore/admin-ui-classic-bundle 10 https://github.com/dolibarr/dolibarr 10 https://github.com/phusion/passenger 10 https://github.com/ezsystems/ezpublish-kernel 10 https://github.com/nocodb/nocodb 10 https://github.com/dpgaspar/Flask-AppBuilder 10 https://github.com/dotnet/aspnetcore 10 https://github.com/nats-io/nats-server 10 https://github.com/WWBN/AVideo 10 https://github.com/apache/lucene-solr 9 https://github.com/Pylons/waitress 9 https://github.com/nautobot/nautobot 9 https://github.com/cosmos/cosmos-sdk 9 https://github.com/apache/superset 9 https://github.com/faucetsdn/ryu 9 https://github.com/spring-projects/spring-security 9 https://github.com/kevinpapst/kimai2 9 https://github.com/DSpace/DSpace 9 https://github.com/cri-o/cri-o 9 https://github.com/neorazorx/facturascripts 9 https://github.com/fatfreecrm/fat_free_crm 9 https://github.com/giampaolo/pyftpdlib 9 https://github.com/pgadmin-org/pgadmin4 9