Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories

Loading...
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWY4ODQtZ204Ni1jZzNx
PrestaShop module ps_facetedsearch might be vulnerable from CVE-2017-9841
Ecosystems: packagist
Packages: prestashop/ps_facetedsearch
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 4 years ago
High
GSA_kwCzR0hTQS13OGZwLTNnd3EtZ3hwd84AAv2t
Concrete CMS vulnerable to Cross-site Request Forgery
Ecosystems: packagist
Packages: concrete5/concrete5
Source: GitHub Advisory Database
Blast Radius: 7.4
Published: over 1 year ago
High
GSA_kwCzR0hTQS0ydzZtLXE5NDYtMzk5cs4AAvKQ
Dapr Dashboard vulnerable to Incorrect Access Control
Ecosystems: go
Packages: github.com/dapr/dashboard
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJqZnYtZzNmaC14cTN2
Excessive memory usage in tokio-rustls
Ecosystems: cargo
Packages: tokio-rustls
Source: GitHub Advisory Database
Blast Radius: 31.3
Published: over 2 years ago
High
GSA_kwCzR0hTQS1md3YyLTY1d2gtMnc4Y84AAzxf
Snowflake Golang Driver vulnerable to Command Injection
Ecosystems: go
Packages: github.com/snowflakedb/gosnowflake
Source: GitHub Advisory Database
Blast Radius: 26.3
Published: 11 months ago
High
GSA_kwCzR0hTQS1nYzYyLWo0NjktOWdqbc4AAg7y
Rancher Privilege Escalation Vulnerability
Ecosystems: go
Packages: github.com/rancher/rancher
Source: GitHub Advisory Database
Blast Radius: 14.1
Published: almost 2 years ago
High
GSA_kwCzR0hTQS00ODgyLWh4cHItaHJ2bc4AAzxb
@udecode/plate-link does not sanitize URLs to prevent use of the `javascript:` scheme
Ecosystems: npm
Packages: @udecode/plate-link
Source: GitHub Advisory Database
Blast Radius: 22.6
Published: 11 months ago
High
GSA_kwCzR0hTQS02OTd2LXB4ZzMtajI2Ms4AAtZ9
Togglz console missing cross-site request forgery (CSRF) protection
Ecosystems: maven
Packages: org.togglz:togglz-console
Source: GitHub Advisory Database
Blast Radius: 18.2
Published: almost 2 years ago
High
GSA_kwCzR0hTQS03OThoLWc0ajUtNTUzN84AAw6E
PapaParse Inefficient Regular Expression Complexity vulnerability
Ecosystems: npm
Packages: papaparse
Source: GitHub Advisory Database
Blast Radius: 32.6
Published: over 1 year ago
High
GSA_kwCzR0hTQS14NHFyLTJmdmYtM21yNc4AAxfn
Vulnerable OpenSSL included in cryptography wheels
Ecosystems: cargo, pypi
Packages: openssl-src, cryptography
Source: GitHub Advisory Database
Blast Radius: 64.2
Published: over 1 year ago
High
GSA_kwCzR0hTQS1mdjNtLXhocXctOW03Oc1BSw
ballcat-codegen template engine remote code execution injection
Ecosystems: maven
Packages: com.hccake:ballcat-codegen
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS1naHczLTVxdm0tM21xY84AAwgx
CodeIgniter4 allows spoofing of IP address when using proxy
Ecosystems: packagist
Packages: codeigniter4/framework
Source: GitHub Advisory Database
Blast Radius: 23.3
Published: over 1 year ago
High
GSA_kwCzR0hTQS03NjhtLTV3MzQtMnhmNc4AAtZ-
LTI 1.3 Tool Library's function used to generate random nonces not sufficiently cryptographically complex before v5.0
Ecosystems: packagist
Packages: packbackbooks/lti-1-3-php-library
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
High
GSA_kwCzR0hTQS12OXZjLTd4NjktYzJ4OM4AA1BV
Answer Missing Authorization vulnerability
Ecosystems: go
Packages: github.com/answerdev/answer
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 10 months ago
High
GSA_kwCzR0hTQS1jajJ4LXI3NHEtdmN4Oc4AA051
Missing authorization in Jenkins Plug-in for ServiceNow
Ecosystems: maven
Packages: io.jenkins.plugins:servicenow-devops
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 10 months ago
High
GSA_kwCzR0hTQS1nNXd3LTVqaDctNjNjeM4AAwQP
Protobuf Java vulnerable to Uncontrolled Resource Consumption
Ecosystems: maven
Packages: com.google.protobuf:protobuf-javalite, com.google.protobuf:protobuf-java
Source: GitHub Advisory Database
Blast Radius: 34.4
Published: over 1 year ago
High
GSA_kwCzR0hTQS04dmhjLWh3aGMtY3BqNM4AAzpO
Rancher users retain access after moving namespaces into projects they don't have access to
Ecosystems: go
Packages: github.com/rancher/rancher
Source: GitHub Advisory Database
Blast Radius: 14.1
Published: 11 months ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWh4ODMtcnBxZi1tMjY3
user/group information can be corrupted across storing in fsimage and reading back from fsimage
Ecosystems: maven
Packages: org.apache.hadoop:hadoop-main
Source: GitHub Advisory Database
Blast Radius: 6.8
Published: over 4 years ago
High
GSA_kwCzR0hTQS05cXdnLWNyZzktbTJ2Y84AAyUK
`openssl` `SubjectAlternativeName` and `ExtendedKeyUsage::other` allow arbitrary file read
Ecosystems: cargo
Packages: openssl
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZ4NzctcnBxZi1qNm13
ejs vulnerable to DoS due to weak input validation
Ecosystems: npm
Packages: ejs
Source: GitHub Advisory Database
Blast Radius: 46.4
Published: about 6 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW0zanctNjJtNy1qamNt
typed-ast Out-of-bounds Read
Ecosystems: pypi
Packages: typed-ast
Source: GitHub Advisory Database
Blast Radius: 36.2
Published: over 4 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTM4MzctODd2aC14cTN3
Data race in v9
Ecosystems: cargo
Packages: v9
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXB3NTQtbWgzOS13M2hj
Regular expression denial of service in npm-user-validate
Ecosystems: npm
Packages: npm-user-validate
Source: GitHub Advisory Database
Blast Radius: 38.0
Published: about 3 years ago
High
GSA_kwCzR0hTQS00bWd2LW01Y20tZjloN84AAobT
Vault GitHub Action did not correctly mask multi-line secrets in output
Ecosystems: actions
Packages: hashicorp/vault-action
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWNtYzctbWZtci14cXJ4
Logic error in authentication in proxy.py
Ecosystems: pypi
Packages: proxy.py
Source: GitHub Advisory Database
Blast Radius: 16.5
Published: about 3 years ago
High
GSA_kwCzR0hTQS1oaDU0LTUzbTctN2Zmas4AAzuZ
alist Incorrect Access Control vulnerability
Ecosystems: go
Packages: github.com/alist-org/alist/v3
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 11 months ago
High
GSA_kwCzR0hTQS1tNGhmLTZ2Z3ItNzVyMs4AA1yx
K3s apiserver port is vulnerable to unauthenticated remote denial-of-service (DoS) attack via TLS SAN stuffing attack
Ecosystems: go
Packages: github.com/k3s-io/k3s
Source: GitHub Advisory Database
Blast Radius: 7.8
Published: 8 months ago
High
GSA_kwCzR0hTQS12NHc1LXIyeGMtN2Y4aM4AAw1F
KubePi session fixation attack allows an attacker to hijack a legitimate user session.
Ecosystems: go
Packages: github.com/KubeOperator/kubepi
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
High
GSA_kwCzR0hTQS0zeHE1LXdqZmgtcHBqY84AAw0p
Luxon Inefficient Regular Expression Complexity vulnerability
Ecosystems: npm
Packages: luxon
Source: GitHub Advisory Database
Blast Radius: 36.7
Published: over 1 year ago
High
GSA_kwCzR0hTQS02bXc0LXBobWMteDQ3N84AAYX2
ChakraCore RCE Vulnerability
Ecosystems: nuget
Packages: Microsoft.ChakraCore
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZ3eGotNm01bS1ycnZo
The REST Plugin in Apache Struts is using an outdated XStream library
Ecosystems: maven
Packages: org.apache.struts:struts2-rest-plugin
Source: GitHub Advisory Database
Blast Radius: 17.4
Published: over 5 years ago
High
GSA_kwCzR0hTQS02aGc2LTVjMnEtN3Jjcs4AAyUA
TensorFlow has Heap-buffer-overflow in AvgPoolGrad
Ecosystems: pypi
Packages: tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 36.5
Published: about 1 year ago
High
GSA_kwCzR0hTQS02NGpnLXdqd3ctN2M1d84AAyUB
TensorFlow has Null Pointer Error in TensorArrayConcatV2
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 36.5
Published: about 1 year ago
High
GSA_kwCzR0hTQS01ajh3LXI3ZzgtNTQ3Ms4AArq3
Arrow2 allows double free in `safe` code
Ecosystems: cargo
Packages: arrow2
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXB3ZnctbWdmai03ZzNn
ecdsa Denial of Service vulnerability in signature verification and signature malleability
Ecosystems: pypi
Packages: ecdsa
Source: GitHub Advisory Database
Blast Radius: 31.4
Published: over 4 years ago
High
GSA_kwCzR0hTQS1weDZwLWp4d3ItMjdtY84AAYX6
ChakraCore RCE Vulnerability
Ecosystems: nuget
Packages: Microsoft.ChakraCore
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1wOXFqLTRyanAtajN3Oc3t6Q
Apache Directory Studio Command Injection
Ecosystems: maven
Packages: org.apache.directory.studio:org.apache.directory.studio.ldapbrowser.core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTY3Y3gtcmhocS1tZmhx
High severity vulnerability that affects indico
Ecosystems: pypi
Packages: indico
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 4 years ago
High
GSA_kwCzR0hTQS00aDk4LTI3NjktZ2g2aM4AAuFk
OpenZeppelin Contracts vulnerable to ECDSA signature malleability
Ecosystems: npm
Packages: @openzeppelin/contracts-upgradeable, @openzeppelin/contracts
Source: GitHub Advisory Database
Blast Radius: 35.9
Published: over 1 year ago
High
GSA_kwCzR0hTQS1xaHhmLW03am0tamM1N84AAjkN
CSRF vulnerability in Pipeline GitHub Notify Step Plugin allows capturing credentials
Ecosystems: maven
Packages: org.jenkins-ci.plugins:pipeline-githubnotify-step
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXd3NHgtcndxNi1xcGdm
OmniAuth Ruby gem Cross-site Request Forgery in request phase
Ecosystems: rubygems
Packages: omniauth
Source: GitHub Advisory Database
Blast Radius: 41.7
Published: almost 5 years ago
High
GSA_kwCzR0hTQS1jcDY4LTQycGYtNjYyN84AAw_a
Froxlor vulnerable to Command Injection
Ecosystems: packagist
Packages: froxlor/froxlor
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXIzMzYtanhmci00YzNj
Path Traversal in LibreNMS
Ecosystems: packagist
Packages: librenms/librenms
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: over 4 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTUzeDYtNHg1cC1ycnZ2
Denial of Service in Apache Commons Compress
Ecosystems: maven
Packages: io.github.1tchy.java9modular.org.apache.commons:commons-compress, org.apache.commons:commons-compress
Source: GitHub Advisory Database
Blast Radius: 32.8
Published: over 4 years ago
High
GSA_kwCzR0hTQS1nOGg3LW1jcDYtcGY0N84AA18_
File Upload vulnerability in Dolibarr ERP CRM
Ecosystems: packagist
Packages: dolibarr/dolibarr
Source: GitHub Advisory Database
Blast Radius: 6.8
Published: 8 months ago
High
GSA_kwCzR0hTQS13OXdjLTR4Y3EtOGdyNs4AAwO3
Akeneo PIM Community Edition vulnerable to remote php code execution
Ecosystems: packagist
Packages: akeneo/pim-community-dev
Source: GitHub Advisory Database
Blast Radius: 18.5
Published: over 1 year ago
High
GSA_kwCzR0hTQS1ybTIzLTZtd3YtOHE5cc4AAtEW
XML External Entity Reference in Jenkins Recipe Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:recipe
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXA1eHAtNnZwZi1qd3Zo
Improper Input Validation and Cross-Site Request Forgery in Keycloak
Ecosystems: maven
Packages: org.keycloak:keycloak-core
Source: GitHub Advisory Database
Blast Radius: 26.9
Published: over 4 years ago
High
GSA_kwCzR0hTQS1tcHdxLWozeGYtN201d84AA39_
The redirect_uri validation logic allows for bypassing explicitly allowed hosts that would otherwise be restricted
Ecosystems: maven
Packages: org.keycloak:keycloak-services
Source: GitHub Advisory Database
Blast Radius: 19.5
Published: 5 months ago
High
GSA_kwCzR0hTQS0ydjZyLWpmMmctajVxNc4AAtDc
Cross-site Scripting in Jenkins Rich Text Publisher Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:rich-text-publisher-plugin
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
High
GSA_kwCzR0hTQS00eDJmLTU0d3ItNGhqZ80YPg
Potential Zip Slip Vulnerability in baserCMS
Ecosystems: packagist
Packages: baserproject/basercms
Source: GitHub Advisory Database
Blast Radius: 4.6
Published: over 2 years ago
High
GSA_kwCzR0hTQS13MjU3LWY3cWotNHZycc4AAtEU
Cross-site Scripting in Jenkins eXtreme Feedback Panel Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:xfpanel
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1odjU0LWNjOGYtNDJqcc4AAtDf
Cross-Site Request Forgery in Jenkins Recipe Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:recipe
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
High
GSA_kwCzR0hTQS04MnE5LTg4bTItNHY2OM4AA3ai
Jenkins MATLAB Plugin XML External Entity vulnerability
Ecosystems: maven
Packages: org.jenkins-ci.plugins:matlab
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 6 months ago
High
GSA_kwCzR0hTQS1wY3I4LTc1djMtdzlwZs4AAYHd
Chakra Core vulnerable to privilege escalation due to type confusion
Ecosystems: nuget
Packages: Microsoft.ChakraCore
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWh4bTItcjM0Zi1xbWM1
Regular Expression Denial of Service in minimatch
Ecosystems: npm
Packages: minimatch
Source: GitHub Advisory Database
Blast Radius: 47.6
Published: over 5 years ago
High
GSA_kwCzR0hTQS1tNnE4LW13ZjYtNm1tY84AAxJU
CSRF vulnerability in Jenkins GitHub Pull Request Builder Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:ghprb
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
High
GSA_kwCzR0hTQS02cHg4LTIydzUtdzMzNM4AAUYz
Denial of service in ASP.NET Core
Ecosystems: nuget
Packages: Microsoft.AspNetCore.All, Microsoft.AspNetCore.App, Microsoft.NETCore.App, System.Net.WebSockets.WebSocketProtocol, Microsoft.AspNetCore.Server.Kestrel.Core, Microsoft.AspNetCore.WebSockets
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS05cTltLWM2NWMtMzdwcc4AAzoq
Reportlab vulnerable to remote code execution
Ecosystems: pypi
Packages: reportlab
Source: GitHub Advisory Database
Blast Radius: 32.3
Published: 11 months ago
High
GSA_kwCzR0hTQS1majdjLXZnMnYtY2Nybc4AAtaA
Undertow vulnerable to memory exhaustion due to buffer leak
Ecosystems: maven
Packages: io.undertow:undertow-core
Source: GitHub Advisory Database
Blast Radius: 27.9
Published: almost 2 years ago
High
GSA_kwCzR0hTQS0zNHdqLXA1am0tMnA5Ns3slA
Improper Restriction of XML External Entity Reference in python-docx
Ecosystems: pypi
Packages: python-docx
Source: GitHub Advisory Database
Blast Radius: 31.2
Published: about 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXhxaDgtNWozNi00NTU2
SQL Injection in connect-pg-simple
Ecosystems: npm
Packages: connect-pg-simple
Source: GitHub Advisory Database
Blast Radius: 23.0
Published: over 4 years ago
High
GSA_kwCzR0hTQS14aGZjLWdyOGYtZmZ3Y84AAguU
Denial of service in ASP.NET Core
Ecosystems: nuget
Packages: System.Private.Uri
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWdxOW0tcXZweC02OGhj
Pallets Werkzeug Insufficient Entropy
Ecosystems: pypi
Packages: werkzeug
Source: GitHub Advisory Database
Blast Radius: 36.0
Published: over 4 years ago
High
GSA_kwCzR0hTQS00N3BqLXEydm0tNDZ4Y84AAyLM
Collection.js vulnerable to Prototype Pollution
Ecosystems: npm
Packages: collection.js
Source: GitHub Advisory Database
Blast Radius: 11.0
Published: about 1 year ago
High
GSA_kwCzR0hTQS02NXI2LXc3dnItYzc1cs4AAs8t
Cross-site Scripting in Jenkins Agent Server Parameter Plugin
Ecosystems: maven
Packages: io.jenkins.plugins:agent-server-parameter
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1yd2h3LTZjNnItMjgyM84AAxZ3
Insecure Permissions issue in jeecg-boot
Ecosystems: maven
Packages: org.jeecgframework.boot:jeecg-boot-base
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
High
GSA_kwCzR0hTQS03cmpwLWZnd2otNDdyd80mjQ
Missing authentication in ShenYu
Ecosystems: maven
Packages: org.apache.shenyu:shenyu-common
Source: GitHub Advisory Database
Blast Radius: 12.3
Published: over 2 years ago
High
GSA_kwCzR0hTQS00Z2ozLTZyNDMtM3dmY84AAxh5
IPFS go-unixfsnode subject to DOS via HAMT Decoding Panics
Ecosystems: go
Packages: github.com/ipfs/go-unixfsnode
Source: GitHub Advisory Database
Blast Radius: 19.9
Published: over 1 year ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXY5cWctM2o4cC1yNjN2
Uncontrolled Recursion in Django
Ecosystems: pypi
Packages: django
Source: GitHub Advisory Database
Blast Radius: 38.0
Published: almost 5 years ago
High
GSA_kwCzR0hTQS1jNHBtLTYzY2ctOWo3aM4AAwNS
Yauaa vulnerable to ArrayIndexOutOfBoundsException triggered by a crafted Sec-Ch-Ua-Full-Version-List
Ecosystems: maven
Packages: nl.basjes.parse.useragent:yauaa-trino, nl.basjes.parse.useragent:yauaa-snowflake, nl.basjes.parse.useragent:yauaa-nifi-processors, nl.basjes.parse.useragent:yauaa-logparser, nl.basjes.parse.useragent:yauaa-hive, nl.basjes.parse.useragent:yauaa-flink-table, nl.basjes.parse.useragent:yauaa-flink, nl.basjes.parse.useragent:yauaa-elasticsearch-8, nl.basjes.parse.useragent:yauaa-elasticsearch, nl.basjes.parse.useragent:yauaa-drill, nl.basjes.parse.useragent:yauaa-beam-sql, nl.basjes.parse.useragent:yauaa-beam, nl.basjes.parse.useragent:yauaa
Source: GitHub Advisory Database
Blast Radius: 19.0
Published: over 1 year ago
High
GSA_kwCzR0hTQS0yMjdnLTdjdnYtNmZmM84AAtYv
Apache Tapestry 5.8.1 vulnerable to ReDoS via Content Types causing catastrophic backtracking
Ecosystems: maven
Packages: org.apache.tapestry:tapestry-core
Source: GitHub Advisory Database
Blast Radius: 21.6
Published: almost 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTlwcDQtOHA4di1nNzh3
Data races in lever
Ecosystems: cargo
Packages: lever
Source: GitHub Advisory Database
Blast Radius: 8.4
Published: over 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXc2OXctanZjNy13amd2
Undertow Missing Authorization when requesting a protected directory without trailing slash
Ecosystems: maven
Packages: io.undertow:undertow-servlet
Source: GitHub Advisory Database
Blast Radius: 26.7
Published: almost 5 years ago
High
GSA_kwCzR0hTQS05NjdnLWNqeDQtaDdqNs4AAwoo
go-codec-dagpb vulnerable to panic when decoding invalid blocks
Ecosystems: go
Packages: github.com/ipld/go-codec-dagpb
Source: GitHub Advisory Database
Blast Radius: 19.8
Published: over 1 year ago
High
GSA_kwCzR0hTQS04dm04LTM4cGMtOHhoaM4AAznu
TeamPass vulnerable to stored Cross-site Scripting
Ecosystems: packagist
Packages: nilsteampassnet/teampass
Source: GitHub Advisory Database
Blast Radius: 4.9
Published: 12 months ago
High
GSA_kwCzR0hTQS13M3FtLTkzdmYtNWhyd84AA1Ej
Cockpit Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: cockpit-hq/cockpit
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 9 months ago
High
GSA_kwCzR0hTQS1ycjU5LXBqd2otNmdyas4AAjce
Magento sql injection vulnerability
Ecosystems: packagist
Packages: magento/core, magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 8.1
Published: almost 2 years ago
High
GSA_kwCzR0hTQS04MjRqLXdxbTgtODltas4AAxo_
.NET Remote Code Execution Vulnerability
Ecosystems: nuget
Packages: Microsoft.NetCore.App.Runtime.win-x86, Microsoft.NetCore.App.Runtime.win-x64, Microsoft.NetCore.App.Runtime.win-arm64, Microsoft.NetCore.App.Runtime.win-arm
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTk1MzQtaDQzMy0ycmpm
Improperly Controlled Modification of Dynamically-Determined Object Attributes in utilitify
Ecosystems: npm
Packages: utilitify
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 3 years ago
High
GSA_kwCzR0hTQS1ncHZjLW14NmctY2Nods4AA0-r
underscore-keypath vulnerable to Prototype Pollution
Ecosystems: npm
Packages: underscore-keypath
Source: GitHub Advisory Database
Blast Radius: 23.3
Published: 10 months ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWgzcngtZzVjOS04cTR4
Prototype Pollution in bmoor
Ecosystems: npm
Packages: bmoor
Source: GitHub Advisory Database
Blast Radius: 7.0
Published: about 3 years ago
High
GSA_kwCzR0hTQS14M2NyLXg5NDktaDVqds4AAUbI
RDF4J vulnerable to zip slip
Ecosystems: maven
Packages: org.eclipse.rdf4j:rdf4j
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: about 2 years ago
High
GSA_kwCzR0hTQS1mY2dnLXJ2d2ctanY1OM4AArNo
HashiCorp go-getter unsafe downloads
Ecosystems: go
Packages: github.com/hashicorp/go-getter/gcs/v2, github.com/hashicorp/go-getter/s3/v2, github.com/hashicorp/go-getter/v2, github.com/hashicorp/go-getter
Source: GitHub Advisory Database
Blast Radius: 33.0
Published: almost 2 years ago
High
GSA_kwCzR0hTQS02ODgyLTM4NXAtaGhod84AAs87
Cross-site Scripting in Jenkins ontrack Jenkins Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:ontrack
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1wZjM4LXY2cWotajIzaM1BkQ
Malfunction of CSRF token validation in Shopware
Ecosystems: packagist
Packages: shopware/shopware
Source: GitHub Advisory Database
Blast Radius: 12.4
Published: about 2 years ago
High
GSA_kwCzR0hTQS13Y3ZjLXJoZmotOTk3Z84AAVZG
ChakraCore RCE Vulnerability
Ecosystems: nuget
Packages: Microsoft.ChakraCore
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS0yNjd2LTN2MzItZzZxNc4AA2gX
Cross-site Scripting via missing Binding syntax validation
Ecosystems: go
Packages: github.com/crewjam/saml
Source: GitHub Advisory Database
Blast Radius: 20.3
Published: 7 months ago
High
GSA_kwCzR0hTQS1jcGN3LXA5NjUtd3BxeM4AAlF7
rtslib-fb weak permissions for /etc/target/saveconfig.json file
Ecosystems: pypi
Packages: rtslib-fb
Source: GitHub Advisory Database
Blast Radius: 15.0
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1xOXdqLWY0cXctNnZmas4AApp0
Read buffer overruns processing ASN.1 strings
Ecosystems: cargo
Packages: openssl-src
Source: GitHub Advisory Database
Blast Radius: 26.3
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1wbTh2LXBweDctOGhyNM4AA1xY
Jeecg boot arbitrary file read vulnerability
Ecosystems: maven
Packages: org.jeecgframework.boot:jeecg-boot-parent
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 8 months ago
High
GSA_kwCzR0hTQS14ODY5LTc4NG0tam1qMs4AASbZ
Denial of service in Apache Mesos
Ecosystems: maven
Packages: org.apache.mesos:mesos
Source: GitHub Advisory Database
Blast Radius: 22.4
Published: about 2 years ago
High
GSA_kwCzR0hTQS1wcXAzLThycnctZzh2bc4AAzpJ
PocketMine-MP vulnerable to server crash with certain invalid JSON payloads in `LoginPacket` due to vulnerable dependency
Ecosystems: packagist
Packages: pocketmine/pocketmine-mp
Source: GitHub Advisory Database
Blast Radius: 15.6
Published: 11 months ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTY4Z3ItY21jcC1nM21q
Directory Traversal in lactate
Ecosystems: npm
Packages: lactate
Source: GitHub Advisory Database
Blast Radius: 11.9
Published: almost 5 years ago
High
GSA_kwCzR0hTQS01aDZ4LW01MnAtMjNwaM4AAggM
Improper Certificate Validation in Apache Qpid Proton
Ecosystems: maven
Packages: org.apache.qpid:proton-j
Source: GitHub Advisory Database
Blast Radius: 20.2
Published: almost 2 years ago
High
GSA_kwCzR0hTQS04OHI5LWhmajItNTRods4AAs9C
Cross-site Scripting in Jenkins Stash Branch Parameter Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:StashBranchParameter
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1nN2c4LW14NDUteDRjOM4AATmY
Aubio is vulnerable to denial of service via aubio_pitch_set_unit function
Ecosystems: pypi
Packages: aubio
Source: GitHub Advisory Database
Blast Radius: 16.6
Published: about 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTQ5cjMtM2g5Ni1yd2o2
Cross-Site Scripting in ids-enterprise
Ecosystems: npm
Packages: ids-enterprise
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 5 years ago
High
GSA_kwCzR0hTQS12bXE2LTVtNjgtZjUzbc4AA3ab
logback serialization vulnerability
Ecosystems: maven
Packages: ch.qos.logback:logback-classic, ch.qos.logback:logback-core
Source: GitHub Advisory Database
Blast Radius: 36.6
Published: 6 months ago
High
GSA_kwCzR0hTQS1xOXFjLXBwNXgtbWM4Y80xKg
Improper Neutralization of Special Elements Used in a Template Engine in microweber
Ecosystems: packagist
Packages: microweber/microweber
Source: GitHub Advisory Database
Blast Radius: 6.2
Published: about 2 years ago
Statistics
Advisories: 18,459
Packages: 8,320
Repositories: 5,041
Ecosystems: 12
Filter by Severity
Moderate 7,975 High 6,383 Critical 2,818 Low 992
Filter by Ecosystem
maven 5,538 packagist 3,825 pypi 3,754 npm 3,557 go 1,905 nuget 1,391 rubygems 815 cargo 780 swift 31 hex 30 actions 16 pub 8
Filter by Package
tensorflow 432 tensorflow-cpu 387 tensorflow-gpu 384 moodle/moodle 323 Microsoft.ChakraCore 247 org.jenkins-ci.main:jenkins-core 189 magento/community-edition 182 org.apache.tomcat:tomcat 134 pimcore/pimcore 116 dolibarr/dolibarr 107 typo3/cms 102 phpmyadmin/phpmyadmin 92 microweber/microweber 91 django 80 apache-airflow 78 drupal/core 76 typo3/cms-core 73 thorsten/phpmyfaq 70 com.fasterxml.jackson.core:jackson-databind 69 ansible 63 drupal/drupal 61 github.com/usememos/memos 59 actionpack 57 org.apache.struts:struts2-core 55 librenms/librenms 54 symfony/symfony 53 salt 53 concrete5/concrete5 52 apache-superset 49 shopware/platform 48 org.keycloak:keycloak-core 47 Plone 47 com.liferay.portal:release.portal.bom 45 baserproject/basercms 43 plone 43 nokogiri 43 rdiffweb 42 Pillow 41 intelliants/subrion 40 showdoc/showdoc 40 craftcms/cms 40 github.com/mattermost/mattermost/server/v8 38 vyper 38 froxlor/froxlor 37 github.com/mattermost/mattermost-server/v6 37 nilsteampassnet/teampass 37 shopware/core 36 com.jfinal:jfinal 36 org.apache.tomcat.embed:tomcat-embed-core 36 com.thoughtworks.xstream:xstream 36 matrix-synapse 35 net.mingsoft:ms-mcms 35 github.com/answerdev/answer 34 org.xwiki.platform:xwiki-platform-oldcore 34 k8s.io/kubernetes 32 snipe/snipe-it 32 silverstripe/framework 32 org.jenkins-ci.plugins:script-security 32 org.elasticsearch:elasticsearch 32 mlflow 31 opencv-python 30 opencv-contrib-python 30 parse-server 29 github.com/argoproj/argo-cd 29 mautic/core 29 Django 28 github.com/grafana/grafana 28 getgrav/grav 28 github.com/hashicorp/vault 28 github.com/rancher/rancher 28 io.undertow:undertow-core 27 centreon/centreon 27 shopware/shopware 27 org.keycloak:keycloak-services 27 github.com/hashicorp/nomad 26 openssl-src 26 github.com/hashicorp/consul 26 electron 26 org.apache.solr:solr-core 25 org.keycloak:keycloak-parent 25 rubygems-update 25 magento/core 24 gogs.io/gogs 24 moin 24 prestashop/prestashop 24 org.springframework.security:spring-security-core 23 pocketmine/pocketmine-mp 23 puppet 23 remdex/livehelperchat 23 github.com/argoproj/argo-cd/v2 23 org.eclipse.jetty:jetty-server 23 getkirby/cms 22 org.apache.nifi:nifi 22 ckb 22 rack 22 grumpydictator/firefly-iii 22 contao/core-bundle 21 org.apache.openmeetings:openmeetings-parent 21 activerecord 21 @openzeppelin/contracts-upgradeable 21 org.cloudfoundry.identity:cloudfoundry-identity-server 20 tribalsystems/zenario 20 github.com/cilium/cilium 20 @openzeppelin/contracts 20 github.com/ethereum/go-ethereum 20 DotNetNuke.Core 19 org.bouncycastle:bcprov-jdk14 19 org.springframework:spring-core 19 github.com/docker/docker 19 code.gitea.io/gitea 19 simplesamlphp/simplesamlphp 18 contao/contao 18 directus 18 helm.sh/helm/v3 18 forkcms/forkcms 18 com.liferay.portal:release.dxp.bom 18 langchain 18 com.vaadin:vaadin-bom 18 symfony/security 17 keystone 17 nova 17 org.xwiki.platform:xwiki-platform-web-templates 17 cakephp/cakephp 17 golang.org/x/net 17 topthink/framework 17 francoisjacquet/rosariosis 17 PaddlePaddle 17 Microsoft.AspNetCore.App.Runtime.win-x64 17 mercurial 17 cobbler 17 org.apache.geode:geode-core 17 cockpit-hq/cockpit 17 genix/cms 17 Microsoft.AspNetCore.App.Runtime.win-x86 17 Microsoft.AspNetCore.App.Runtime.win-arm 16 org.apache.dubbo:dubbo 16 sequelize 16 yetiforce/yetiforce-crm 16 pillow 16 rusqlite 16 org.apache.activemq:activemq-client 16 org.bouncycastle:bcprov-jdk15 16 wasmtime 16 Microsoft.AspNetCore.App.Runtime.osx-x64 15 cryptography 15 notebook 15 Microsoft.AspNetCore.App.Runtime.linux-x64 15 org.apache.struts.xwork:xwork-core 15 openmage/magento-lts 15 github.com/goharbor/harbor 15 paddlepaddle 15 next 15 org.apache.jspwiki:jspwiki-main 15 Microsoft.AspNetCore.App.Runtime.linux-musl-x64 15 gradio 15 Microsoft.AspNetCore.App.Runtime.linux-arm64 15 Microsoft.AspNetCore.App.Runtime.linux-arm 15 typo3/cms-backend 14 zendframework/zendframework1 14 ezsystems/ezpublish-kernel 14 ec-cube/ec-cube 14 pyftpdlib 14 symfony/security-http 14 phpmailer/phpmailer 14 Microsoft.AspNetCore.App.Runtime.linux-musl-arm64 14 Microsoft.AspNetCore.App.Runtime.win-arm64 14 ghost 14 publify_core 14 org.xwiki.platform:xwiki-platform-web 14 smarty/smarty 14 swagger-ui 14 pyload-ng 14 modoboa 14 activesupport 14 org.apache.inlong:manager-pojo 14 tinymce 14 joplin 13 strapi 13 bolt/bolt 13 elefant/cms 13 github.com/containerd/containerd 13 org.apache.hadoop:hadoop-main 13 lavalite/cms 13 neutron 13 codeigniter4/framework 13 github.com/traefik/traefik/v2 13 impresscms/impresscms 13 github.com/nats-io/nats-server/v2 13 org.apache.cxf:cxf 13 october/system 13 passenger 13 ckeditor4 13 github.com/mattermost/mattermost-server 13 org.jenkins-ci.plugins.workflow:workflow-cps 12 actionview 12 studio-42/elfinder 12 dompdf/dompdf 12 vantage6 12 deno 12 com.vaadin:flow-server 12
Filter by Repository
https://github.com/tensorflow/tensorflow 432 https://github.com/chakra-core/ChakraCore 214 https://github.com/moodle/moodle 210 https://github.com/xwiki/xwiki-platform 172 https://github.com/jenkinsci/jenkins 148 https://github.com/pimcore/pimcore 111 https://github.com/apache/tomcat 96 https://github.com/apache/airflow 90 https://github.com/django/django 85 https://github.com/microweber/microweber 85 https://github.com/FasterXML/jackson-databind 70 https://github.com/thorsten/phpmyfaq 69 https://github.com/keycloak/keycloak 59 https://github.com/usememos/memos 59 https://github.com/Dolibarr/dolibarr 55 https://github.com/ansible/ansible 53 https://github.com/rails/rails 53 https://github.com/python-pillow/Pillow 52 https://github.com/kubernetes/kubernetes 48 https://github.com/symfony/symfony 47 https://github.com/librenms/librenms 46 https://github.com/apache/struts 46 https://github.com/shopware/platform 43 https://github.com/TYPO3/typo3 42 https://github.com/ikus060/rdiffweb 42 https://github.com/spring-projects/spring-framework 41 https://github.com/phpmyadmin/phpmyadmin 38 https://github.com/star7th/showdoc 38 https://github.com/vyperlang/vyper 38 https://github.com/argoproj/argo-cd 37 https://github.com/plone/Products.CMFPlone 37 https://github.com/x-stream/xstream 36 https://github.com/answerdev/answer 34 https://github.com/concretecms/concretecms 34 https://github.com/apache/activemq 33 https://github.com/octobercms/october 33 https://github.com/saltstack/salt 32 https://github.com/matrix-org/synapse 32 https://github.com/sparklemotion/nokogiri 32 https://github.com/magento/magento2 31 https://github.com/PaddlePaddle/Paddle 31 https://github.com/go-gitea/gitea 31 https://github.com/craftcms/cms 29 https://github.com/parse-community/parse-server 29 https://github.com/opencv/opencv 28 https://github.com/CVEProject/cvelist 28 https://github.com/snipe/snipe-it 28 https://github.com/mautic/mautic 27 https://github.com/apache/inlong 26 https://github.com/froxlor/froxlor 26 https://github.com/electron/electron 25 https://github.com/rancher/rancher 25 https://github.com/mlflow/mlflow 25 https://github.com/shopware/shopware 24 https://github.com/TYPO3/TYPO3.CMS 24 https://github.com/dotnet/runtime 23 https://github.com/getgrav/grav 23 https://github.com/pmmp/PocketMine-MP 23 https://github.com/eclipse/jetty.project 23 https://github.com/livehelperchat/livehelperchat 23 https://github.com/github/advisory-database 23 https://github.com/grafana/grafana 22 https://github.com/baserproject/basercms 22 https://github.com/firefly-iii/firefly-iii 22 https://github.com/nervosnetwork/ckb 22 https://github.com/contao/contao 22 https://github.com/strapi/strapi 21 https://github.com/apache/nifi 21 https://github.com/jenkinsci/script-security-plugin 21 https://github.com/cilium/cilium 20 https://github.com/OpenNMS/opennms 20 https://github.com/netty/netty 20 https://github.com/OpenZeppelin/openzeppelin-contracts 20 https://github.com/PrestaShop/PrestaShop 20 https://github.com/jeecgboot/jeecg-boot 20 https://github.com/gogs/gogs 20 https://github.com/hashicorp/consul 19 https://github.com/nilsteampassnet/teampass 19 https://github.com/bcgit/bc-java 19 https://github.com/apache/cxf 19 https://github.com/intelliants/subrion 19 https://github.com/helm/helm 19 https://github.com/cloudfoundry/uaa 19 https://github.com/rubygems/rubygems 18 https://github.com/getkirby/kirby 18 https://github.com/nilsteampassnet/TeamPass 18 https://github.com/rack/rack 17 https://github.com/bytecodealliance/wasmtime 17 https://github.com/directus/directus 17 https://github.com/vaadin/platform 17 https://github.com/liufee/cms 17 https://github.com/rusqlite/rusqlite 16 https://github.com/opencast/opencast 16 https://github.com/ethereum/go-ethereum 16 https://github.com/hashicorp/vault 16 https://github.com/etcd-io/etcd 16 https://github.com/forkcms/forkcms 16 https://github.com/yetiforcecompany/yetiforcecrm 16 https://github.com/umbraco/Umbraco-CMS 16 https://github.com/sequelize/sequelize 16 https://github.com/geoserver/geoserver 15 https://github.com/denoland/deno 15 https://github.com/puppetlabs/puppet 15 https://github.com/OpenMage/magento-lts 15 https://github.com/apache/camel 15 https://github.com/openstack/keystone 15 https://github.com/simplesamlphp/simplesamlphp 15 https://github.com/centreon/centreon 15 https://github.com/goharbor/harbor 15 https://github.com/gradio-app/gradio 14 https://github.com/cockpit-hq/cockpit 14 https://github.com/pyload/pyload 14 https://github.com/mattermost/mattermost 14 https://github.com/pyca/cryptography 14 https://github.com/cobbler/cobbler 14 https://github.com/PHPMailer/PHPMailer 14 https://github.com/tinymce/tinymce 14 https://github.com/langchain-ai/langchain 14 https://github.com/moby/moby 14 https://github.com/vantage6/vantage6 14 https://github.com/hashicorp/nomad 13 https://github.com/publify/publify 13 https://github.com/containerd/containerd 13 https://github.com/golang/go 13 https://github.com/traefik/traefik 13 https://github.com/ming-soft/MCMS 13 https://github.com/quarkusio/quarkus 13 https://github.com/swagger-api/swagger-ui 13 https://github.com/modoboa/modoboa 13 https://github.com/undertow-io/undertow 13 https://github.com/xuxueli/xxl-job 13 https://github.com/dompdf/dompdf 13 https://github.com/silverstripe/silverstripe-framework 13 https://github.com/TryGhost/Ghost 12 https://github.com/twisted/twisted 12 https://github.com/nodejs/undici 12 https://github.com/patriksimek/vm2 12 https://github.com/apache/dolphinscheduler 12 https://github.com/apache/kylin 12 https://github.com/centreon/centreon-archived 12 https://github.com/laurent22/joplin 12 https://github.com/ckeditor/ckeditor4 12 https://github.com/dromara/hutool 12 https://github.com/backstage/backstage 12 https://github.com/smarty-php/smarty 11 https://github.com/top-think/framework 11 https://github.com/puma/puma 11 https://github.com/igniterealtime/Openfire 11 https://github.com/cloudflare/cfrpki 11 https://github.com/containers/podman 11 https://github.com/NodeBB/NodeBB 11 https://github.com/aio-libs/aiohttp 11 https://github.com/drupal/core 11 https://github.com/opencontainers/runc 11 https://github.com/jquery/jquery 11 https://github.com/vercel/next.js 11 https://github.com/openfga/openfga 11 https://github.com/urllib3/urllib3 11 https://github.com/onionshare/onionshare 11 https://github.com/zitadel/zitadel 11 https://github.com/Studio-42/elFinder 11 https://github.com/vaadin/flow 11 https://github.com/cakephp/cakephp 11 https://github.com/janeczku/calibre-web 11 https://github.com/thorsten/phpMyFAQ 11 https://github.com/1Panel-dev/1Panel 11 https://github.com/jupyter/notebook 10 https://github.com/greenpau/caddy-security 10 https://github.com/zopefoundation/Zope 10 https://github.com/wagtail/wagtail 10 https://github.com/keystonejs/keystone 10 https://github.com/OPCFoundation/UA-.NETStandard 10 https://github.com/Sylius/Sylius 10 https://github.com/codeigniter4/CodeIgniter4 10 https://github.com/jenkinsci/git-plugin 10 https://github.com/nextauthjs/next-auth 10 https://github.com/pimcore/admin-ui-classic-bundle 10 https://github.com/dolibarr/dolibarr 10 https://github.com/phusion/passenger 10 https://github.com/ezsystems/ezpublish-kernel 10 https://github.com/nocodb/nocodb 10 https://github.com/dpgaspar/Flask-AppBuilder 10 https://github.com/dotnet/aspnetcore 10 https://github.com/nats-io/nats-server 10 https://github.com/WWBN/AVideo 10 https://github.com/apache/lucene-solr 9 https://github.com/Pylons/waitress 9 https://github.com/nautobot/nautobot 9 https://github.com/cosmos/cosmos-sdk 9 https://github.com/apache/superset 9 https://github.com/faucetsdn/ryu 9 https://github.com/spring-projects/spring-security 9 https://github.com/kevinpapst/kimai2 9 https://github.com/DSpace/DSpace 9 https://github.com/cri-o/cri-o 9 https://github.com/neorazorx/facturascripts 9 https://github.com/fatfreecrm/fat_free_crm 9 https://github.com/giampaolo/pyftpdlib 9 https://github.com/pgadmin-org/pgadmin4 9