Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories

Loading...
Moderate
GSA_kwCzR0hTQS02Y3FqLTY5NjktcDU3eM4AAv-p
Lack of proper validation of server UUID can be used by the server to trick the client to accept invalid proofs
Ecosystems: go
Packages: github.com/codenotary/immudb
Source: GitHub Advisory Database
Blast Radius: 9.2
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS13ZnJqLXFxYzItODNjbc0V0g
Remote command injection when using sendmail email transport
Ecosystems: npm
Packages: ghost
Source: GitHub Advisory Database
Blast Radius: 15.5
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1jNnh3LWhnOXEtM2M5Zs4AA3Ow
OpenNMS Cross-site Scripting vulnerability
Ecosystems: maven
Packages: org.opennms:opennms-webapp
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS1nY2o3LWo0MzgtaGpqMs05RQ
Smokescreen SSRF via deny list bypass
Ecosystems: go
Packages: github.com/stripe/smokescreen
Source: GitHub Advisory Database
Blast Radius: 1.7
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1ycDJ2LXY0NjctcTl2cc4AAwIO
GuardDog vulnerable to arbitrary file write when scanning a specially-crafted PyPI package
Ecosystems: pypi
Packages: guarddog
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS02andjLXFyMnEtN3h3as4AA1CM
protocol-http1 HTTP Request/Response Smuggling vulnerability
Ecosystems: rubygems
Packages: protocol-http1
Source: GitHub Advisory Database
Blast Radius: 16.6
Published: 9 months ago
Moderate
GSA_kwCzR0hTQS03OG01LWpwbWYtY2g3ds4AAwJ6
GuardDog vulnerable to arbitrary file write when scanning a specially-crafted remote PyPI package
Ecosystems: pypi
Packages: guarddog
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1qMndoLXdydjMtNHg0Z84AAxq7
Unwanted access to the entire file system vulnerability due to a missing check in `staticFiles` HTTP handler
Ecosystems: npm
Packages: @graphql-mesh/http, @graphql-mesh/cli
Source: GitHub Advisory Database
Blast Radius: 15.7
Published: about 1 year ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXB3NTktNHFnZi1qeHI4
Cache Manipulation Attack in Apache Traffic Control
Ecosystems: go
Packages: github.com/apache/trafficcontrol
Source: GitHub Advisory Database
Blast Radius: 1.7
Published: almost 3 years ago
Moderate
GSA_kwCzR0hTQS05cGhoLXIzN3YtMzR3aM4AA1SQ
lakeFS vulnerable to Arbitrary JavaScript Injection via Direct Link to HTML Files
Ecosystems: go
Packages: github.com/treeverse/lakefs
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 9 months ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXYyd2MtcGZxMi01Y202
Possible XSS attack in Wagtail
Ecosystems: pypi
Packages: wagtail
Source: GitHub Advisory Database
Blast Radius: 19.1
Published: about 4 years ago
Moderate
GSA_kwCzR0hTQS00aDJxLTg0dzctNG1oeM4AAywf
nilsteampassnet/teampass vulnerable to stored cross-site scripting (XSS)
Ecosystems: packagist
Packages: nilsteampassnet/teampass
Source: GitHub Advisory Database
Blast Radius: 3.5
Published: about 1 year ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTU5cWctZ3JwNy01cjcz
Weave Net clusters susceptible to MitM attacks via IPv6 rogue router advertisements
Ecosystems: go
Packages: github.com/weaveworks/weave
Source: GitHub Advisory Database
Blast Radius: 6.6
Published: almost 3 years ago
Moderate
GSA_kwCzR0hTQS12OGdnLTRtcTItODhxNM4AA12r
Strapi may leak sensitive user information, user reset password, tokens via content-manager views
Ecosystems: npm
Packages: @strapi/utils, @strapi/admin, @strapi/plugin-content-manager
Source: GitHub Advisory Database
Blast Radius: 20.1
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS1yNjU3LTN3cWgtZzJ4Oc4AA2Jx
Microweber uses hard coded credentials
Ecosystems: packagist
Packages: microweber/microweber
Source: GitHub Advisory Database
Blast Radius: 4.1
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS00aHg5LXA5MjUtcWN2N84AAgop
phpBB Server side request forgery (SSRF)
Ecosystems: packagist
Packages: phpbb/phpbb
Source: GitHub Advisory Database
Blast Radius: 12.9
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1ocnFyLWp2OHctdjlqaM4AA5xa
Insufficient permission checking in `Deno.makeTemp*` APIs
Ecosystems: cargo
Packages: deno
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS00MndxLXJjaDgtNmY2as4AAt2p
CKEditor5 cross-site scripting vulnerability caused by the editor instance destroying process
Ecosystems: npm
Packages: @ckeditor/ckeditor5-html-embed, @ckeditor/ckeditor5-html-support, @ckeditor/ckeditor5-markdown-gfm
Source: GitHub Advisory Database
Blast Radius: 15.2
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS04ZzJwLTVwcWgtNWptY84AAvv2
.NET Information Disclosure Vulnerability
Ecosystems: nuget
Packages: Microsoft.Data.SqlClient, System.Data.SqlClient
Source: GitHub Advisory Database
Blast Radius: 10.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS0zNWM3LXczNWYteHdnaM4AA2xD
Kube-proxy may unintentionally forward traffic
Ecosystems: go
Packages: k8s.io/kubernetes
Source: GitHub Advisory Database
Blast Radius: 25.0
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS00OTkzLW03ZzUtcjloaM4AAvLu
etcd has no minimum password length
Ecosystems: go
Packages: go.etcd.io/etcd/client/v3
Source: GitHub Advisory Database
Blast Radius: 25.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS04OGcyLXhnaDktNHBoMs4AA3Yk
OroCommerce get-totals-for-checkout API endpoint returns unwanted data
Ecosystems: packagist
Packages: oro/commerce
Source: GitHub Advisory Database
Blast Radius: 10.5
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS0zcG1qLWpxcXAtMm1qM84AA1Dg
matrix-appservice-irc IRC command injection via admin commands containing newlines
Ecosystems: npm
Packages: matrix-appservice-irc
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 9 months ago
Moderate
GSA_kwCzR0hTQS1mbXhxLXY4bWctcWgyNc4AAxxs
apollo-portal has potential CSRF issue
Ecosystems: maven
Packages: com.ctrip.framework.apollo:apollo
Source: GitHub Advisory Database
Blast Radius: 1.7
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS01Zjl2LW12NWctamg1cc4AAz_1
Vaadin vulnerable to possible information disclosure in non visible components.
Ecosystems: maven
Packages: com.vaadin:flow-server, com.vaadin:vaadin
Source: GitHub Advisory Database
Blast Radius: 18.6
Published: 11 months ago
Moderate
GSA_kwCzR0hTQS1xZjNjLXJ3OWYtamg3ds4AA3S4
Clear Text Credentials Exposed via Onboarding Task
Ecosystems: pypi
Packages: nautobot-device-onboarding
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS04ZnY3LXdxMzgtZjVjOc4AA08L
Cross-site scripting (XSS) from MIME type auto-detection of uploaded files
Ecosystems: packagist
Packages: getkirby/cms
Source: GitHub Advisory Database
Blast Radius: 14.7
Published: 10 months ago
Moderate
GSA_kwCzR0hTQS05bTN2LXY0cjUtcHB4N84AAzr2
Notation vulnerable to denial of service from high number of artifact signatures
Ecosystems: go
Packages: github.com/notaryproject/notation
Source: GitHub Advisory Database
Blast Radius: 4.0
Published: 11 months ago
Moderate
GSA_kwCzR0hTQS13NHE3LWYzNHgtdnBnY84AAi0p
FreeIPA logs passwords embedded in commands in calls using batch
Ecosystems: pypi
Packages: freeipa
Source: GitHub Advisory Database
Blast Radius: 5.1
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS12M2NnLTdyOWgtcjJnNs4AAxIz
Field-level security issue with .keyword fields in OpenSearch
Ecosystems: maven
Packages: org.opensearch:opensearch-security
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS04cjMzLXE1ajUtcmg3Z84AA5Jo
APM Server vulnerable to Insertion of Sensitive Information into Log File
Ecosystems: go
Packages: github.com/elastic/apm-server
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS1qd3FwLTI4Z2YtcDQ5OM0WOQ
Scrapy HTTP authentication credentials potentially leaked to target websites
Ecosystems: pypi
Packages: Scrapy
Source: GitHub Advisory Database
Blast Radius: 19.6
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS12d3h2LWZyajYtZmhjOc4AAlCU
OMERO-web Sensitive Data Exposure
Ecosystems: pypi
Packages: omero-web
Source: GitHub Advisory Database
Blast Radius: 7.9
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS0zcWMyLXYzaHAtNmN2OM4AA13Y
sidekiq Denial of Service vulnerability
Ecosystems: rubygems
Packages: sidekiq
Source: GitHub Advisory Database
Blast Radius: 25.1
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS13M3E4LW00OTItNHB3cM4AA5Zd
Possibility to circumvent the invitation token expiry period
Ecosystems: rubygems
Packages: decidim-system, decidim-admin, decidim, devise_invitable
Source: GitHub Advisory Database
Blast Radius: 19.6
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS03aDc1LWh3eHgtcXBnY84AAxNS
OpenStack Cinder, glance, and Nova vulnerable to Path Traversal
Ecosystems: pypi
Packages: nova, glance, cinder
Source: GitHub Advisory Database
Blast Radius: 9.1
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS02ODVqLTM2cXgtM3ZwMs4AAxJ2
Cross-site request forgery vulnerability in Jenkins Bitbucket OAuth Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:bitbucket-oauth
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1wOGdwLTg5OWMtanZxOc4AA1aY
Wallabag user can reset data unintentionally
Ecosystems: packagist
Packages: wallabag/wallabag
Source: GitHub Advisory Database
Blast Radius: 4.0
Published: 9 months ago
Moderate
GSA_kwCzR0hTQS1tODM2LWd4d3EtajJwbc0WvQ
Improper Access Control in github.com/treeverse/lakefs
Ecosystems: go
Packages: github.com/treeverse/lakefs
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS0zeGY4LWc4Z3ItZzdyaM4AA5JO
Graylog session fixation vulnerability through cookie injection
Ecosystems: maven
Packages: org.graylog2:graylog2-server
Source: GitHub Advisory Database
Blast Radius: 11.2
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS00cDN4LThxdzktMjR3Oc0Wuw
Authenticated Stored XSS in shopware/shopware
Ecosystems: packagist
Packages: shopware/shopware
Source: GitHub Advisory Database
Blast Radius: 9.4
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1jaGg2LXBwd3Etamg5Ms4AA49A
Improper Preservation of Permissions in etcd
Ecosystems: go
Packages: github.com/etcd-io/etcd
Source: GitHub Advisory Database
Blast Radius: 10.9
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS01eHAzLWpmcTMtNXE4eM0XKg
Improper Input Validation in pip
Ecosystems: pypi
Packages: pip
Source: GitHub Advisory Database
Blast Radius: 25.9
Published: over 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZxZmctODc5OS1yNTc1
Kubernetes kubectl cp Vulnerable to Symlink Attack
Ecosystems: go
Packages: k8s.io/kubernetes
Source: GitHub Advisory Database
Blast Radius: 24.6
Published: almost 3 years ago
Moderate
GSA_kwCzR0hTQS1oNGg1LTNocjQtajNnMs4AAvKm
protobuf-java has a potential Denial of Service issue
Ecosystems: maven, rubygems
Packages: com.google.protobuf:protobuf-kotlin-lite, com.google.protobuf:protobuf-javalite, google-protobuf, com.google.protobuf:protobuf-kotlin, com.google.protobuf:protobuf-java
Source: GitHub Advisory Database
Blast Radius: 47.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS04dnhjLXI1d3Atdmd2Y84AAyUG
Versionize::deserialize implementation for FamStructWrapper<T> is lacking bound checks, potentially leading to out of bounds memory accesses
Ecosystems: cargo
Packages: versionize
Source: GitHub Advisory Database
Blast Radius: 9.3
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS00NzVnLXZqNmMteGY5Ns4AA481
CrateDB database has an arbitrary file read vulnerability
Ecosystems: maven
Packages: io.crate:crate
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS02NjQ4LTZnOTYtbWczNc4AA5Eh
phpMyFAQ User Removal Page Allows Spoofing Of User Details
Ecosystems: packagist
Packages: phpmyfaq/phpmyfaq
Source: GitHub Advisory Database
Blast Radius: 3.4
Published: 3 months ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWNtY3gteGhyOC0zdzlw
Denial of Service in uap-core when processing crafted User-Agent strings
Ecosystems: rubygems, npm
Packages: user_agent_parser, uap-core
Source: GitHub Advisory Database
Blast Radius: 23.0
Published: about 4 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXY5ajItcTRxNS1jeGg0
No CSRF protection on the password change form
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-administration-ui
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 3 years ago
Moderate
GSA_kwCzR0hTQS0yd3B3LWNtOXctdjR4bc4AAwnq
rdiffweb vulnerable to Business Logic Errors
Ecosystems: pypi
Packages: rdiffweb
Source: GitHub Advisory Database
Blast Radius: 2.7
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1odzRmLWc3d2gteHA1Ms4AAv5I
Cross-Site Request Forgery in Jenkins Delete log Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:delete-log-plugin
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS04dzNwLXFoM3gtNmdqcs4AAwSa
TYPO3 CMS vulnerable to Sensitive Information Disclosure via YAML Placeholder Expressions in Site Configuration
Ecosystems: packagist
Packages: typo3/cms, typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 20.4
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1xZnIzLTMyM3ctcXYyN84AArNH
Possible information disclosure inside TreeGrid component with default data provider
Ecosystems: maven
Packages: com.vaadin:vaadin-grid-flow, com.vaadin:vaadin
Source: GitHub Advisory Database
Blast Radius: 18.6
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1qcnFoLWM5djgtY2N4Oc4AAu-e
Path traversal in Jenkins build-publisher Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:build-publisher
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS14OTJnLTQ5Z2gtNjNxbc4AAu45
Budibase Improper Access Control vulnerability
Ecosystems: npm
Packages: @budibase/bbui, @budibase/builder, @budibase/worker
Source: GitHub Advisory Database
Blast Radius: 8.1
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS05Y3hoLWdxcHgtcWM1bc0WiA
Credential Disclosure in System.DirectoryServices.Protocols
Ecosystems: nuget
Packages: System.DirectoryServices.Protocols
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS04YzkzLTRoY2gteGd4cM4AA1CK
Cloudflare Wrangler directory traversal vulnerability
Ecosystems: npm
Packages: wrangler
Source: GitHub Advisory Database
Blast Radius: 20.2
Published: 9 months ago
Moderate
GSA_kwCzR0hTQS12aDQzLWNjNngtcHJwcs4AAwqF
usememos/memos vulnerable to Improper Verification of Source of a Communication Channel
Ecosystems: go
Packages: github.com/usememos/memos
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXdteDYtdnhjZi1jM2dy
Validation Bypass in slp-validate
Ecosystems: npm
Packages: slp-validate
Source: GitHub Advisory Database
Blast Radius: 5.4
Published: over 4 years ago
Moderate
GSA_kwCzR0hTQS1ocmZ2LW1xcDgtcTVyd84AA2oc
Werkzeug DoS: High resource usage when parsing multipart/form-data containing a large part with CR/LF character at the beginning
Ecosystems: pypi
Packages: werkzeug
Source: GitHub Advisory Database
Blast Radius: 27.4
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS01OWhoLTY1NmotM3A3ds0WsQ
Geth Node Vulnerable to DoS via maliciously crafted p2p message
Ecosystems: go
Packages: github.com/ethereum/go-ethereum
Source: GitHub Advisory Database
Blast Radius: 21.9
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS03MzV2LXd4NzUteG1tbc0mmg
Cross-site Scripting in grav
Ecosystems: packagist
Packages: getgrav/grav
Source: GitHub Advisory Database
Blast Radius: 5.4
Published: over 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTQyNWMtY2NmMy0zanJy
Critical severity vulnerability that affects slpjs
Ecosystems: npm
Packages: slpjs
Source: GitHub Advisory Database
Blast Radius: 10.3
Published: over 4 years ago
Moderate
GSA_kwCzR0hTQS0ycWpwLTQyNWotNTJqOc4AAwM4
containerd CRI stream server vulnerable to host memory exhaustion via terminal
Ecosystems: go
Packages: github.com/containerd/containerd
Source: GitHub Advisory Database
Blast Radius: 25.2
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1yd2Y5LThmcXItcDQ0bc4AA4SG
Qualys Jenkins Plugin for Policy Compliance Cross-site Scripting vulnerability
Ecosystems: maven
Packages: com.qualys.plugins:qualys-pc
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS05MndwLXI3aG0tNDJnN84AAx7S
XWiki Platform subject to Uncontrolled Resource Consumption
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-oldcore
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS04NTI1LTUydmctanY2ds4AA4SF
Qualys Jenkins Plugin for Policy Compliance XML External Entity vulnerability
Ecosystems: maven
Packages: com.qualys.plugins:qualys-pc
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS01Z3doLXI3NnctOTM0aM4AA4SI
Qualys Jenkins Plugin for WAS XML External Entity vulnerability
Ecosystems: maven
Packages: com.qualys.plugins:qualys-was
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS0zcGdqLXBnNmMtcjVwN84AAu17
OAuthLib vulnerable to DoS when attacker provides malicious IPV6 URI
Ecosystems: pypi
Packages: oauthlib
Source: GitHub Advisory Database
Blast Radius: 28.5
Published: over 1 year ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTczbTItM3B3Zy01Zmdj
Catastrophic backtracking in regex allows Denial of Service in Waitress
Ecosystems: pypi
Packages: waitress
Source: GitHub Advisory Database
Blast Radius: 25.1
Published: over 4 years ago
Moderate
GSA_kwCzR0hTQS1nZ2dtLTY2cmgtcHA5OM4AA046
Incorrect Permission Checking for GraphQL Subscriptions
Ecosystems: npm
Packages: directus
Source: GitHub Advisory Database
Blast Radius: 11.7
Published: 10 months ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTMzOTMtaHZyai13N3Yz
Denial of Service in Elasticsearch
Ecosystems: maven
Packages: org.elasticsearch:elasticsearch
Source: GitHub Advisory Database
Blast Radius: 24.3
Published: almost 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLThjdjUtcDkzNC0zaHdw
Denial of service in fast-csv
Ecosystems: npm
Packages: @fast-csv/parse, fast-csv
Source: GitHub Advisory Database
Blast Radius: 23.1
Published: over 3 years ago
Moderate
GSA_kwCzR0hTQS01OWo4LTc3NnYteHh4Z84AA5Lo
NoneBot Potential Information Leak in User-Constructed Message Templates
Ecosystems: pypi
Packages: nonebot2
Source: GitHub Advisory Database
Blast Radius: 15.1
Published: 3 months ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTI0NzMtOWhncS1qN3h3
Cross-Site Scripting in Wagtail
Ecosystems: pypi
Packages: wagtail
Source: GitHub Advisory Database
Blast Radius: 18.8
Published: almost 4 years ago
Moderate
GSA_kwCzR0hTQS04NzVnLW1mcDYtZzdmOc4AA4Jj
`serde` deserialization for `FamStructWrapper` lacks bound checks that could potentially lead to out-of-bounds memory access
Ecosystems: cargo
Packages: vmm-sys-util
Source: GitHub Advisory Database
Blast Radius: 13.3
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS12ZmdxLWc1eDgtZzU5Nc4AAyQg
Non-interactive Tailscale SSH sessions on FreeBSD may use the effective group ID of the tailscaled process
Ecosystems: go
Packages: tailscale.com
Source: GitHub Advisory Database
Blast Radius: 11.4
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1xZzczLWczY2YtdmhoaM4AA74q
NocoDB Allows Preview of Files with Dangerous Content
Ecosystems: npm
Packages: nocodb
Source: GitHub Advisory Database
Blast Radius: 9.6
Published: about 18 hours ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTU2cGMtNmpxcC14cWo4
Context isolation bypass in Electron
Ecosystems: npm
Packages: electron
Source: GitHub Advisory Database
Blast Radius: 27.8
Published: over 3 years ago
Moderate
GSA_kwCzR0hTQS1tbTdnLWYyZ2ctY3c4Z84AARlh
Kubernetes arbitrary file overwrite
Ecosystems: go
Packages: k8s.io/kubernetes
Source: GitHub Advisory Database
Blast Radius: 24.1
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS12cTdwLWY0ZnYtcnI1eM4AAW5O
Jenkins vSphere Plugin disables SSL/TLS certificate validation by default
Ecosystems: maven
Packages: org.jenkins-ci.plugins:vsphere-cloud
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTc3eHEtY3B2Zy03eG0y
Prototype pollution in @tsed/core
Ecosystems: npm
Packages: @tsed/core
Source: GitHub Advisory Database
Blast Radius: 14.3
Published: about 3 years ago
Moderate
GSA_kwCzR0hTQS1jNThqLTg4ZjUtaDUzZs4AAtG3
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in pycares
Ecosystems: pypi
Packages: pycares
Source: GitHub Advisory Database
Blast Radius: 19.1
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS05ZnA3LTRmam0tcTNtZs0nnQ
Prototype Pollution in keyget
Ecosystems: npm
Packages: keyget
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS14cjR2LTI4cm0tcHZnd84AAbZp
Improper Neutralization of Special Elements used in an SQL Command Pivotal Spring Data JPA
Ecosystems: maven
Packages: org.springframework.data:spring-data-jpa
Source: GitHub Advisory Database
Blast Radius: 25.8
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1xOHFxLTJwNXAtcmc0NM4AAknX
Missing SSH host key validation in Jenkins Amazon EC2 Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:ec2
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJmNmctdzVnai1jOTNo
Prototype Pollution in iniparserjs
Ecosystems: npm
Packages: iniparserjs
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 3 years ago
Moderate
GSA_kwCzR0hTQS00Mm02LWc5MzUtNXZtcc4AAtoc
@ianwalter/merge Prototype Pollution via `merge` function
Ecosystems: npm
Packages: @ianwalter/merge
Source: GitHub Advisory Database
Blast Radius: 10.3
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS00amZxLWY4aGMtNzc1cc4AAnia
Magento Insufficient Session Expiration
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 6.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1wOTJ4LXIzNnctOTM5Nc0Vjg
Type confusion in mpath
Ecosystems: npm
Packages: mpath
Source: GitHub Advisory Database
Blast Radius: 32.6
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1obTkyLXZnbXctcWZteM4AA3Ah
chromedriver Command Injection vulnerability
Ecosystems: npm
Packages: chromedriver
Source: GitHub Advisory Database
Blast Radius: 26.4
Published: 6 months ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWY1cGctN3dmdy04NHE5
CBC padding oracle issue in AWS S3 Crypto SDK for golang
Ecosystems: go
Packages: github.com/aws/aws-sdk-go
Source: GitHub Advisory Database
Blast Radius: 27.1
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS05YzIyLXB3eHctcDZoeM0bQg
OpenZeppelin Contracts initializer reentrancy may lead to double initialization
Ecosystems: npm
Packages: @openzeppelin/contracts-upgradeable, @openzeppelin/contracts
Source: GitHub Advisory Database
Blast Radius: 25.4
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1mZndmLTQ3eDItanByOM4AAv2P
Matrix-appservice-irc vulnerable to sql injection via roomIds argument
Ecosystems: npm
Packages: matrix-appservice-irc
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTU3djQtbTlqeC1taDhy
Improper Input Validation
Ecosystems: go
Packages: github.com/ovn-org/ovn-kubernetes
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 3 years ago
Moderate
GSA_kwCzR0hTQS1mNGM5LWNxdjgtOXY5OM4AAnlN
Insufficient Granularity of Access Control in JSDom
Ecosystems: npm
Packages: jsdom
Source: GitHub Advisory Database
Blast Radius: 34.5
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1md2Y2LXJ3NjktaGhqNM0YQw
Improper Neutralization of Formula Elements in a CSV File in html-2-csv
Ecosystems: pypi
Packages: html-to-csv
Source: GitHub Advisory Database
Blast Radius: 3.9
Published: over 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXY4OGctY2dtdy12NXh3
Prototype Pollution in Ajv
Ecosystems: npm
Packages: ajv
Source: GitHub Advisory Database
Blast Radius: 33.8
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1ycjUyLXdnN2YtODg3Nc4AAVFC
Improper Link Resolution Before File Access in logilab-commons
Ecosystems: pypi
Packages: logilab-common
Source: GitHub Advisory Database
Blast Radius: 17.4
Published: about 2 years ago
Statistics
Advisories: 18,459
Packages: 8,320
Repositories: 5,041
Ecosystems: 12
Filter by Severity
Moderate 7,975 High 6,383 Critical 2,818 Low 992
Filter by Ecosystem
maven 5,538 packagist 3,825 pypi 3,754 npm 3,557 go 1,905 nuget 1,391 rubygems 815 cargo 780 swift 31 hex 30 actions 16 pub 8
Filter by Package
tensorflow 432 tensorflow-cpu 387 tensorflow-gpu 384 moodle/moodle 323 Microsoft.ChakraCore 247 org.jenkins-ci.main:jenkins-core 189 magento/community-edition 182 org.apache.tomcat:tomcat 134 pimcore/pimcore 116 dolibarr/dolibarr 107 typo3/cms 102 phpmyadmin/phpmyadmin 92 microweber/microweber 91 django 80 apache-airflow 78 drupal/core 76 typo3/cms-core 73 thorsten/phpmyfaq 70 com.fasterxml.jackson.core:jackson-databind 69 ansible 63 drupal/drupal 61 github.com/usememos/memos 59 actionpack 57 org.apache.struts:struts2-core 55 librenms/librenms 54 symfony/symfony 53 salt 53 concrete5/concrete5 52 apache-superset 49 shopware/platform 48 org.keycloak:keycloak-core 47 Plone 47 com.liferay.portal:release.portal.bom 45 baserproject/basercms 43 plone 43 nokogiri 43 rdiffweb 42 Pillow 41 intelliants/subrion 40 showdoc/showdoc 40 craftcms/cms 40 github.com/mattermost/mattermost/server/v8 38 vyper 38 froxlor/froxlor 37 github.com/mattermost/mattermost-server/v6 37 nilsteampassnet/teampass 37 shopware/core 36 com.jfinal:jfinal 36 org.apache.tomcat.embed:tomcat-embed-core 36 com.thoughtworks.xstream:xstream 36 matrix-synapse 35 net.mingsoft:ms-mcms 35 github.com/answerdev/answer 34 org.xwiki.platform:xwiki-platform-oldcore 34 k8s.io/kubernetes 32 snipe/snipe-it 32 silverstripe/framework 32 org.jenkins-ci.plugins:script-security 32 org.elasticsearch:elasticsearch 32 mlflow 31 opencv-python 30 opencv-contrib-python 30 parse-server 29 github.com/argoproj/argo-cd 29 mautic/core 29 Django 28 github.com/grafana/grafana 28 getgrav/grav 28 github.com/hashicorp/vault 28 github.com/rancher/rancher 28 io.undertow:undertow-core 27 centreon/centreon 27 shopware/shopware 27 org.keycloak:keycloak-services 27 github.com/hashicorp/nomad 26 openssl-src 26 github.com/hashicorp/consul 26 electron 26 org.apache.solr:solr-core 25 org.keycloak:keycloak-parent 25 rubygems-update 25 magento/core 24 gogs.io/gogs 24 moin 24 prestashop/prestashop 24 org.springframework.security:spring-security-core 23 pocketmine/pocketmine-mp 23 puppet 23 remdex/livehelperchat 23 github.com/argoproj/argo-cd/v2 23 org.eclipse.jetty:jetty-server 23 getkirby/cms 22 org.apache.nifi:nifi 22 ckb 22 rack 22 grumpydictator/firefly-iii 22 contao/core-bundle 21 org.apache.openmeetings:openmeetings-parent 21 activerecord 21 @openzeppelin/contracts-upgradeable 21 org.cloudfoundry.identity:cloudfoundry-identity-server 20 tribalsystems/zenario 20 github.com/cilium/cilium 20 @openzeppelin/contracts 20 github.com/ethereum/go-ethereum 20 DotNetNuke.Core 19 org.bouncycastle:bcprov-jdk14 19 org.springframework:spring-core 19 github.com/docker/docker 19 code.gitea.io/gitea 19 simplesamlphp/simplesamlphp 18 contao/contao 18 directus 18 helm.sh/helm/v3 18 forkcms/forkcms 18 com.liferay.portal:release.dxp.bom 18 langchain 18 com.vaadin:vaadin-bom 18 symfony/security 17 keystone 17 nova 17 org.xwiki.platform:xwiki-platform-web-templates 17 cakephp/cakephp 17 golang.org/x/net 17 topthink/framework 17 francoisjacquet/rosariosis 17 PaddlePaddle 17 Microsoft.AspNetCore.App.Runtime.win-x64 17 mercurial 17 cobbler 17 org.apache.geode:geode-core 17 cockpit-hq/cockpit 17 genix/cms 17 Microsoft.AspNetCore.App.Runtime.win-x86 17 Microsoft.AspNetCore.App.Runtime.win-arm 16 org.apache.dubbo:dubbo 16 sequelize 16 yetiforce/yetiforce-crm 16 pillow 16 rusqlite 16 org.apache.activemq:activemq-client 16 org.bouncycastle:bcprov-jdk15 16 wasmtime 16 Microsoft.AspNetCore.App.Runtime.osx-x64 15 cryptography 15 notebook 15 Microsoft.AspNetCore.App.Runtime.linux-x64 15 org.apache.struts.xwork:xwork-core 15 openmage/magento-lts 15 github.com/goharbor/harbor 15 paddlepaddle 15 next 15 org.apache.jspwiki:jspwiki-main 15 Microsoft.AspNetCore.App.Runtime.linux-musl-x64 15 gradio 15 Microsoft.AspNetCore.App.Runtime.linux-arm64 15 Microsoft.AspNetCore.App.Runtime.linux-arm 15 typo3/cms-backend 14 zendframework/zendframework1 14 ezsystems/ezpublish-kernel 14 ec-cube/ec-cube 14 pyftpdlib 14 symfony/security-http 14 phpmailer/phpmailer 14 Microsoft.AspNetCore.App.Runtime.linux-musl-arm64 14 Microsoft.AspNetCore.App.Runtime.win-arm64 14 ghost 14 publify_core 14 org.xwiki.platform:xwiki-platform-web 14 smarty/smarty 14 swagger-ui 14 pyload-ng 14 modoboa 14 activesupport 14 org.apache.inlong:manager-pojo 14 tinymce 14 joplin 13 strapi 13 bolt/bolt 13 elefant/cms 13 github.com/containerd/containerd 13 org.apache.hadoop:hadoop-main 13 lavalite/cms 13 neutron 13 codeigniter4/framework 13 github.com/traefik/traefik/v2 13 impresscms/impresscms 13 github.com/nats-io/nats-server/v2 13 org.apache.cxf:cxf 13 october/system 13 passenger 13 ckeditor4 13 github.com/mattermost/mattermost-server 13 org.jenkins-ci.plugins.workflow:workflow-cps 12 actionview 12 studio-42/elfinder 12 dompdf/dompdf 12 vantage6 12 deno 12 com.vaadin:flow-server 12
Filter by Repository
https://github.com/tensorflow/tensorflow 432 https://github.com/chakra-core/ChakraCore 214 https://github.com/moodle/moodle 210 https://github.com/xwiki/xwiki-platform 172 https://github.com/jenkinsci/jenkins 148 https://github.com/pimcore/pimcore 111 https://github.com/apache/tomcat 96 https://github.com/apache/airflow 90 https://github.com/django/django 85 https://github.com/microweber/microweber 85 https://github.com/FasterXML/jackson-databind 70 https://github.com/thorsten/phpmyfaq 69 https://github.com/keycloak/keycloak 59 https://github.com/usememos/memos 59 https://github.com/Dolibarr/dolibarr 55 https://github.com/ansible/ansible 53 https://github.com/rails/rails 53 https://github.com/python-pillow/Pillow 52 https://github.com/kubernetes/kubernetes 48 https://github.com/symfony/symfony 47 https://github.com/librenms/librenms 46 https://github.com/apache/struts 46 https://github.com/shopware/platform 43 https://github.com/TYPO3/typo3 42 https://github.com/ikus060/rdiffweb 42 https://github.com/spring-projects/spring-framework 41 https://github.com/phpmyadmin/phpmyadmin 38 https://github.com/star7th/showdoc 38 https://github.com/vyperlang/vyper 38 https://github.com/argoproj/argo-cd 37 https://github.com/plone/Products.CMFPlone 37 https://github.com/x-stream/xstream 36 https://github.com/answerdev/answer 34 https://github.com/concretecms/concretecms 34 https://github.com/apache/activemq 33 https://github.com/octobercms/october 33 https://github.com/saltstack/salt 32 https://github.com/matrix-org/synapse 32 https://github.com/sparklemotion/nokogiri 32 https://github.com/magento/magento2 31 https://github.com/PaddlePaddle/Paddle 31 https://github.com/go-gitea/gitea 31 https://github.com/craftcms/cms 29 https://github.com/parse-community/parse-server 29 https://github.com/opencv/opencv 28 https://github.com/CVEProject/cvelist 28 https://github.com/snipe/snipe-it 28 https://github.com/mautic/mautic 27 https://github.com/apache/inlong 26 https://github.com/froxlor/froxlor 26 https://github.com/electron/electron 25 https://github.com/rancher/rancher 25 https://github.com/mlflow/mlflow 25 https://github.com/shopware/shopware 24 https://github.com/TYPO3/TYPO3.CMS 24 https://github.com/dotnet/runtime 23 https://github.com/getgrav/grav 23 https://github.com/pmmp/PocketMine-MP 23 https://github.com/eclipse/jetty.project 23 https://github.com/livehelperchat/livehelperchat 23 https://github.com/github/advisory-database 23 https://github.com/grafana/grafana 22 https://github.com/baserproject/basercms 22 https://github.com/firefly-iii/firefly-iii 22 https://github.com/nervosnetwork/ckb 22 https://github.com/contao/contao 22 https://github.com/strapi/strapi 21 https://github.com/apache/nifi 21 https://github.com/jenkinsci/script-security-plugin 21 https://github.com/cilium/cilium 20 https://github.com/OpenNMS/opennms 20 https://github.com/netty/netty 20 https://github.com/OpenZeppelin/openzeppelin-contracts 20 https://github.com/PrestaShop/PrestaShop 20 https://github.com/jeecgboot/jeecg-boot 20 https://github.com/gogs/gogs 20 https://github.com/hashicorp/consul 19 https://github.com/nilsteampassnet/teampass 19 https://github.com/bcgit/bc-java 19 https://github.com/apache/cxf 19 https://github.com/intelliants/subrion 19 https://github.com/helm/helm 19 https://github.com/cloudfoundry/uaa 19 https://github.com/rubygems/rubygems 18 https://github.com/getkirby/kirby 18 https://github.com/nilsteampassnet/TeamPass 18 https://github.com/rack/rack 17 https://github.com/bytecodealliance/wasmtime 17 https://github.com/directus/directus 17 https://github.com/vaadin/platform 17 https://github.com/liufee/cms 17 https://github.com/rusqlite/rusqlite 16 https://github.com/opencast/opencast 16 https://github.com/ethereum/go-ethereum 16 https://github.com/hashicorp/vault 16 https://github.com/etcd-io/etcd 16 https://github.com/forkcms/forkcms 16 https://github.com/yetiforcecompany/yetiforcecrm 16 https://github.com/umbraco/Umbraco-CMS 16 https://github.com/sequelize/sequelize 16 https://github.com/geoserver/geoserver 15 https://github.com/denoland/deno 15 https://github.com/puppetlabs/puppet 15 https://github.com/OpenMage/magento-lts 15 https://github.com/apache/camel 15 https://github.com/openstack/keystone 15 https://github.com/simplesamlphp/simplesamlphp 15 https://github.com/centreon/centreon 15 https://github.com/goharbor/harbor 15 https://github.com/gradio-app/gradio 14 https://github.com/cockpit-hq/cockpit 14 https://github.com/pyload/pyload 14 https://github.com/mattermost/mattermost 14 https://github.com/pyca/cryptography 14 https://github.com/cobbler/cobbler 14 https://github.com/PHPMailer/PHPMailer 14 https://github.com/tinymce/tinymce 14 https://github.com/langchain-ai/langchain 14 https://github.com/moby/moby 14 https://github.com/vantage6/vantage6 14 https://github.com/hashicorp/nomad 13 https://github.com/publify/publify 13 https://github.com/containerd/containerd 13 https://github.com/golang/go 13 https://github.com/traefik/traefik 13 https://github.com/ming-soft/MCMS 13 https://github.com/quarkusio/quarkus 13 https://github.com/swagger-api/swagger-ui 13 https://github.com/modoboa/modoboa 13 https://github.com/undertow-io/undertow 13 https://github.com/xuxueli/xxl-job 13 https://github.com/dompdf/dompdf 13 https://github.com/silverstripe/silverstripe-framework 13 https://github.com/TryGhost/Ghost 12 https://github.com/twisted/twisted 12 https://github.com/nodejs/undici 12 https://github.com/patriksimek/vm2 12 https://github.com/apache/dolphinscheduler 12 https://github.com/apache/kylin 12 https://github.com/centreon/centreon-archived 12 https://github.com/laurent22/joplin 12 https://github.com/ckeditor/ckeditor4 12 https://github.com/dromara/hutool 12 https://github.com/backstage/backstage 12 https://github.com/smarty-php/smarty 11 https://github.com/top-think/framework 11 https://github.com/puma/puma 11 https://github.com/igniterealtime/Openfire 11 https://github.com/cloudflare/cfrpki 11 https://github.com/containers/podman 11 https://github.com/NodeBB/NodeBB 11 https://github.com/aio-libs/aiohttp 11 https://github.com/drupal/core 11 https://github.com/opencontainers/runc 11 https://github.com/jquery/jquery 11 https://github.com/vercel/next.js 11 https://github.com/openfga/openfga 11 https://github.com/urllib3/urllib3 11 https://github.com/onionshare/onionshare 11 https://github.com/zitadel/zitadel 11 https://github.com/Studio-42/elFinder 11 https://github.com/vaadin/flow 11 https://github.com/cakephp/cakephp 11 https://github.com/janeczku/calibre-web 11 https://github.com/thorsten/phpMyFAQ 11 https://github.com/1Panel-dev/1Panel 11 https://github.com/jupyter/notebook 10 https://github.com/greenpau/caddy-security 10 https://github.com/zopefoundation/Zope 10 https://github.com/wagtail/wagtail 10 https://github.com/keystonejs/keystone 10 https://github.com/OPCFoundation/UA-.NETStandard 10 https://github.com/Sylius/Sylius 10 https://github.com/codeigniter4/CodeIgniter4 10 https://github.com/jenkinsci/git-plugin 10 https://github.com/nextauthjs/next-auth 10 https://github.com/pimcore/admin-ui-classic-bundle 10 https://github.com/dolibarr/dolibarr 10 https://github.com/phusion/passenger 10 https://github.com/ezsystems/ezpublish-kernel 10 https://github.com/nocodb/nocodb 10 https://github.com/dpgaspar/Flask-AppBuilder 10 https://github.com/dotnet/aspnetcore 10 https://github.com/nats-io/nats-server 10 https://github.com/WWBN/AVideo 10 https://github.com/apache/lucene-solr 9 https://github.com/Pylons/waitress 9 https://github.com/nautobot/nautobot 9 https://github.com/cosmos/cosmos-sdk 9 https://github.com/apache/superset 9 https://github.com/faucetsdn/ryu 9 https://github.com/spring-projects/spring-security 9 https://github.com/kevinpapst/kimai2 9 https://github.com/DSpace/DSpace 9 https://github.com/cri-o/cri-o 9 https://github.com/neorazorx/facturascripts 9 https://github.com/fatfreecrm/fat_free_crm 9 https://github.com/giampaolo/pyftpdlib 9 https://github.com/pgadmin-org/pgadmin4 9