Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories

Loading...
Moderate
GSA_kwCzR0hTQS0ybXg3LXh2ZmctZmc1M84AA5J2
Liferay Portal's account lockout does not invalidate existing user sessions
Ecosystems: maven
Packages: com.liferay.portal:release.dxp.bom, com.liferay.portal:release.portal.bom
Source: GitHub Advisory Database
Blast Radius: 8.2
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS1oOGhmLWh4eDYtNWc2ds4AAv6Q
Cross-site Scripting in Jenkins Naginator Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:naginator
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS02ODl4LXg2OHAtZnBoM803ew
Cross-site Scripting in vditor
Ecosystems: npm
Packages: vditor
Source: GitHub Advisory Database
Blast Radius: 15.4
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS04MjVnLWYzZzItNnZ4Zs4AAXi7
QuickApps CMS Cross-site Scripting
Ecosystems: packagist
Packages: quickapps/cms
Source: GitHub Advisory Database
Blast Radius: 4.9
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS04aHAzLXJtcjcteGg4OM4AA5Wv
Open Redirect in github.com/greenpau/caddy-security
Ecosystems: go
Packages: github.com/greenpau/caddy-security
Source: GitHub Advisory Database
Blast Radius: 2.6
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS1qanhxLW04aDMtNHZ3Nc4AA5dh
baserCMS Cross-site Scripting vulnerability in Content Management
Ecosystems: packagist
Packages: baserproject/basercms
Source: GitHub Advisory Database
Blast Radius: 3.3
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS01MjRyLXc4ZngtaHFnM84AA0iI
TeamPass Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: nilsteampassnet/teampass
Source: GitHub Advisory Database
Blast Radius: 3.3
Published: 11 months ago
Moderate
GSA_kwCzR0hTQS1jbW1oLThtd3AtZ3E1cM4AAiGR
Drupal Cross Site Scripting (XSS) vulnerability
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 20.1
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS01cTV3LW1xcDYtZzJnaM0pXg
Unrestricted Upload of File with Dangerous Type in jsdecena/laracom
Ecosystems: packagist
Packages: jsdecena/laracom
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS14Zzc3LXhxaHEtY3Jwcs4AAjcK
Stored XSS vulnerability in Code Coverage API Plugin
Ecosystems: maven
Packages: io.jenkins.plugins:code-coverage-api
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS00anF3LXZmbWotOXJtaM4AAxMd
Cross-site Scripting in yapi-vendor
Ecosystems: npm
Packages: yapi-vendor
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS00ampqLWNtN3EtdjZocs4AAjcO
Jenkins Diagnostic page exposed session cookies
Ecosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS04YzZ4LWc0ZnctOHJmNM4AA0ig
Whatsapp-Chat-Exporter has Cross-Site Scripting vulnerability in HTML output of chats.
Ecosystems: pypi
Packages: Whatsapp-Chat-Exporter
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 11 months ago
Moderate
GSA_kwCzR0hTQS1ybWh4LTloNWgtM3hoM84AAwqC
usememos/memos vulnerable to stored Cross-site Scripting
Ecosystems: go
Packages: github.com/usememos/memos
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1oN2g2LWZ3cHYtZ2d2eM4AAn2C
Moodle contains Stored XSS via ID number user profile field
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 7.6
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1mamgyLXFoZmgtcnZmY84AASx7
Jenkins Maven Artifact ChoiceListProvider (Nexus) Plugin CSRF vulnerability and missing permission checks
Ecosystems: maven
Packages: org.jenkins-ci.plugins:maven-artifact-choicelistprovider
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1tdzM3LXd4OHAtZ3A0Nc4AAu4D
Craft CMS vulnerable to Cross-site Scripting via entry revisions and drafts
Ecosystems: packagist
Packages: craftcms/cms
Source: GitHub Advisory Database
Blast Radius: 18.6
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1oN21xLTI3cjctdzk3Ms0WDA
Cross-site Scripting in GilaCMS
Ecosystems: packagist
Packages: gilacms/gila
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1xNGNxLXI3aGctcHhxcc4AATf1
Improper Authentication in Jenkins
Ecosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS00NTk4LXdjZzgteDU2Z84AAv5D
XML External Entity Reference in Jenkins Violations Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:violations
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS04djIzLXc0dzUtdzgzY84AAwBQ
Cross-Site Request Forgery in Moodle
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 7.6
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS03M3d2LXJnajctdmpqOc4AAn11
Aimeos Typo3 extension contains Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: aimeos/aimeos-typo3
Source: GitHub Advisory Database
Blast Radius: 3.3
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1mOHZjLWYyOHcteDljOc4AAqUo
Apache Superset Cross-site Scripting (XSS) vulnerability on the Explore page
Ecosystems: pypi
Packages: apache-superset
Source: GitHub Advisory Database
Blast Radius: 7.2
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS01ODM0LXh2NXEtY2dmd84AAtr2
Shopware vulnerable to persistent cross site scripting (XSS) in customer module
Ecosystems: packagist
Packages: shopware/shopware
Source: GitHub Advisory Database
Blast Radius: 8.9
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1oNG14LXh2OTYtMmpnbc4AArtQ
Cross-Site Scripting in TYPO3's Frontend Login Mailer
Ecosystems: packagist
Packages: typo3/cms, typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 19.4
Published: almost 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLThtOWctNjQ3Zy01cHh3
Infinite loop in Yubico yubihsm-connector
Ecosystems: go
Packages: github.com/Yubico/yubihsm-connector
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS0zajU4LXA3ODUtZjI3eM0mwA
Cross-site Scripting in microweber
Ecosystems: packagist
Packages: microweber/microweber
Source: GitHub Advisory Database
Blast Radius: 3.8
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1ncDdjLXhtbW0tN3Bxcs06vQ
Stored Cross-site Scripting vulnerabilities in Jenkins Extended Choice Parameter Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:extended-choice-parameter
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWN4dnItcjkybS1xOWh3
XSS in Dolibarr
Ecosystems: packagist
Packages: dolibarr/dolibarr
Source: GitHub Advisory Database
Blast Radius: 4.2
Published: almost 4 years ago
Moderate
GSA_kwCzR0hTQS03ZmpyLTVocGgtYzJtaM4AAQ7u
Cross-site Scripting in Jenkins Blue Ocean Plugin
Ecosystems: maven
Packages: io.jenkins.blueocean:blueocean
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1ncnZ3LXFxMmotcjg5OM30VQ
Moodle multiple cross-site scripting (XSS) vulnerabilities
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 7.6
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1mNGdxLTdodmYtZmptM84AAkDU
Stored XSS vulnerability in Jenkins RapidDeploy Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:rapiddeploy-jenkins
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1mZzI1LWdxOWctMzJteM4AAu9Y
Cross site scripting in Cloudreve
Ecosystems: go
Packages: github.com/cloudreve/Cloudreve/v3, github.com/HFO4/cloudreve
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1wcnJ2LXI4NDMtNHA3Nc4AA2zo
Cross-site Scripting (XSS) in thorsten/phpmyfaq
Ecosystems: packagist
Packages: thorsten/phpmyfaq
Source: GitHub Advisory Database
Blast Radius: 3.3
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS1nMmZtLXgzY3AtbXF3Oc4AAThd
Cross-site Scripting in Apache NiFi
Ecosystems: maven
Packages: org.apache.nifi:nifi
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS00OHEzLTUyOTctd21teM4AAu-O
CSRF vulnerability in Jenkins CONS3RT Plugin allow capturing credentials
Ecosystems: maven
Packages: org.jenkins-ci.plugins:cons3rt
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS00NXY3LTY1cTgteDI5NM02pA
Stored XSS vulnerability in Jenkins Bitbucket Server Integration Plugin
Ecosystems: maven
Packages: io.jenkins.plugins:atlassian-bitbucket-server-integration
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1maG1mLXhmMnEtNG04cM4AAlOQ
Missing permission checks in Jenkins Fortify on Demand Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:fortify-on-demand-uploader
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW1yd3ItMjk0NS1mcjIy
Cross-site scripting in PageKit
Ecosystems: packagist
Packages: pagekit/pagekit
Source: GitHub Advisory Database
Blast Radius: 3.3
Published: almost 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTQzZ2otbWoydy13aDQ2
Cross-Site Scripting in TYPO3 CMS Form Engine
Ecosystems: packagist
Packages: typo3/cms, typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 19.4
Published: about 4 years ago
Moderate
GSA_kwCzR0hTQS1oYzVxLTI2aDgtcjl3Zs4AAwo6
usememos/memos Improper Authorization vulnerability
Ecosystems: go
Packages: github.com/usememos/memos
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS00M3hnLTh3bWotY3c4aM4AAvn5
Apache Spark vulnerable to Log Injection
Ecosystems: pypi, maven
Packages: pyspark, org.apache.spark:spark-core
Source: GitHub Advisory Database
Blast Radius: 21.5
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS01OTU5LTR4NTgtcjhjMs4AAu1T
TYPO3 CMS missing check for expiration time of password reset token for backend users
Ecosystems: packagist
Packages: typo3/cms, typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 19.4
Published: over 1 year ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTV4Z2gtNjQzcC1jcDJn
Cross-site Scripting in yapi-vendor
Ecosystems: npm
Packages: yapi-vendor
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 5 years ago
Moderate
GSA_kwCzR0hTQS1mdjJtLTkyNDktcXg4Nc4AAu1R
TYPO3 CMS vulnerable to Cross-Site Scripting in <f:asset.css> view helper
Ecosystems: packagist
Packages: typo3/cms, typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 19.4
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1od3E3LTV2djktYzZjZs4AAu1C
Smarty Cross-site Scripting vulnerability in pages that use smarty_function_mailto
Ecosystems: packagist
Packages: smarty/smarty
Source: GitHub Advisory Database
Blast Radius: 18.2
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS05cTdxLXI1NHEtM2YzZ84AAy_3
Cross-site Scripting (XSS) in DataObject Classification Store
Ecosystems: packagist
Packages: pimcore/pimcore
Source: GitHub Advisory Database
Blast Radius: 13.4
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1ycHBjLTY1NXYtN2ozY84AAtBy
Stored XSS in link tags added via XHR in SilverStripe Framework
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 19.6
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS03Mzg4LTd2cTItbTRmNM4AAn3p
Concrete CMS Cross-site Scripting via Survey Blocks
Ecosystems: packagist
Packages: concrete5/concrete5
Source: GitHub Advisory Database
Blast Radius: 4.6
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1oaHg4LWNyNTUtcWN4eM4AATot
Improper Neutralization of Input During Web Page Generation in Jupyter Notebook
Ecosystems: pypi
Packages: jupyter-notebook
Source: GitHub Advisory Database
Blast Radius: 2.6
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1nOTVwLTg4cDQtNzZjbc0V_w
Cross-site Scripting in Gitea
Ecosystems: go
Packages: code.gitea.io/gitea
Source: GitHub Advisory Database
Blast Radius: 8.5
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS02dzJmLTZ3cTMtcmp2Zs4AAtYp
RuoYi 4.7.3 vulnerable to arbitrary file upload in background management module
Ecosystems: maven
Packages: com.ruoyi:ruoyi
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1weHhwLTI4M3YteHBxNc4AAQ45
Stored XSS in LavaLite 5.5
Ecosystems: packagist
Packages: lavalite/cms
Source: GitHub Advisory Database
Blast Radius: 3.3
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1qajQ1LTI0cnctdjZqd84AAzFc
Cross-site scripting in TotalJS
Ecosystems: npm
Packages: total4
Source: GitHub Advisory Database
Blast Radius: 15.2
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1mZjI4LWY0NmctcjlnOM4AAqwa
Cross-site Scripting in Gogs
Ecosystems: go
Packages: gogs.io/gogs
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS14M3AzLTkyOWotcHE2Ns4AAdTU
Improper Neutralization of Input During Web Page Generation in Jenkins
Ecosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS01anhwLWY1cnItZzZqY84AA1ux
XSS vulnerability in Jenkins Job Configuration History Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:jobConfigHistory
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 9 months ago
Moderate
GSA_kwCzR0hTQS0ybWg3LXF4Y3ctcTM5Z84AAul4
francoisjacquet/rosariosis vulnerable to Cross-Site Scripting (XSS)
Ecosystems: packagist
Packages: francoisjacquet/rosariosis
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS01cXg1LXZnNXctNW14M80iiQ
Stored XSS vulnerability in Jenkins Badge Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:badge
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1mY2c0LXBtNmgtOXh4Ms4AAw_q
Apache Superset Open Redirect vulnerability
Ecosystems: pypi
Packages: apache-superset
Source: GitHub Advisory Database
Blast Radius: 7.2
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS14NWZoLWZ2dnItODkyZs4AAUas
Grafana XSS Vulnerability
Ecosystems: go
Packages: github.com/grafana/grafana
Source: GitHub Advisory Database
Blast Radius: 9.2
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1jNGNxLXY0d3AtMjhoZ83z_w
Moodle sensitive information disclosure
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 7.6
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS00ZjI1LTJ4MmMtdmc2ds4AAyhj
pimcore is vulnerable to cross-site scripting in Composite indices key field
Ecosystems: packagist
Packages: pimcore/pimcore
Source: GitHub Advisory Database
Blast Radius: 13.4
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS04Zzg3LTczdnEtNDQzcM4AA2p7
Zenario CMS Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: tribalsystems/zenario
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS12djNyLWZ4cXAtdnIzZs4AAv_d
XSS via uploaded gpx file
Ecosystems: packagist
Packages: silverstripe/assets
Source: GitHub Advisory Database
Blast Radius: 13.6
Published: over 1 year ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWMzZ3YtOWN4Zi02ZjU3
Loofah Allows Cross-site Scripting
Ecosystems: rubygems
Packages: loofah
Source: GitHub Advisory Database
Blast Radius: 30.9
Published: over 4 years ago
Moderate
GSA_kwCzR0hTQS1qcjM3LTY2cGotMzZ2N80g8A
Cross-site Scripting in DayByDay CRM
Ecosystems: packagist
Packages: bottelet/flarepoint
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS02dmZ3LTc0d3ItM2NoaM0nNg
Cross-site Scripting in Crater Invoice
Ecosystems: packagist
Packages: bytefury/crater
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS03NzU2LTU2aHItMnZjcM0zHA
Stored Cross-site Scripting vulnerability in Jenkins List Git Branches Parameter Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:list-git-branches-parameter
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS14Y21qLXhqaGctd3Zocc4AAUVs
Fork CMS XSS Vulnerability
Ecosystems: packagist
Packages: forkcms/forkcms
Source: GitHub Advisory Database
Blast Radius: 3.3
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS13amg5LTM0NGctdmM0Oc4AArdi
Cross-site Scripting in RosarioSIS
Ecosystems: packagist
Packages: francoisjacquet/rosariosis
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1ocWZoLXA5aDctbTZ2Nc4AAXVz
Dolibarr ERP and CRM contain XSS Vulnerability
Ecosystems: packagist
Packages: dolibarr/dolibarr
Source: GitHub Advisory Database
Blast Radius: 4.2
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS12MzhwLW1xcTMtbTZ2Nc4AARlF
Keycloak Reflected XSS
Ecosystems: maven
Packages: org.keycloak:keycloak-parent
Source: GitHub Advisory Database
Blast Radius: 8.7
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS01NmY5LTU1NjMtbTJoN84AAddP
Typo3 XSS Vulnerability
Ecosystems: packagist
Packages: typo3/cms
Source: GitHub Advisory Database
Blast Radius: 14.1
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1jOGpoLXZjamgtZngyd84AAwkR
usememos/memos vulnerable to stored cross-site scripting (XSS)
Ecosystems: go
Packages: github.com/usememos/memos
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS05YzJwLTk5cGctYzRqOc4AAYTw
Persistent XSS vulnerability in Static Analysis Utilities
Ecosystems: maven
Packages: org.jvnet.hudson.plugins:analysis-core
Source: GitHub Advisory Database
Blast Radius: 13.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS04ZnZyLTc5NDUtbWc3d84AArio
Cross site scripting in dolibarr
Ecosystems: packagist
Packages: dolibarr/dolibarr
Source: GitHub Advisory Database
Blast Radius: 4.2
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1yeDJtLXhyNHgtNTRoaM4AAwpA
usememos/memos vulnerable to Improper Authorization
Ecosystems: go
Packages: github.com/usememos/memos
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXA5Y2YtcWp4cS12eHc2
Privilege Context Switching Error in wildlfy
Ecosystems: maven
Packages: org.wildfly.bom:wildfly
Source: GitHub Advisory Database
Blast Radius: 3.3
Published: almost 3 years ago
Moderate
GSA_kwCzR0hTQS1yNjljLTVqN2Mtdm02cc3o9A
Cross-site Scripting in Jenkins
Ecosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1ydmc1LWY1ZmotbXh2Z806rA
Cross-site Scripting in Jenkins Credentials Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:credentials
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS03OXg1LWN2NzktNDlyas4AAw_k
Apache Superset is vulnerable to Cross-Site Scripting (XSS)
Ecosystems: pypi
Packages: apache-superset
Source: GitHub Advisory Database
Blast Radius: 7.2
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS0zNzR3LWd3cXItZm14Z84AArtY
brotkrueml/schema fails to properly encode user input for output in HTML context, leading to XSS
Ecosystems: packagist
Packages: brotkrueml/schema
Source: GitHub Advisory Database
Blast Radius: 5.4
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS13cnAyLTZ2NmotaGZtZ84AA2Uj
ConcreteCMS vulnerable to Stored Cross-site Scripting
Ecosystems: packagist
Packages: concrete5/concrete5
Source: GitHub Advisory Database
Blast Radius: 4.6
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS01cmNjLTZjbWotNzcyOM0wxA
Cross-site Scripting in BookStack
Ecosystems: packagist
Packages: ssddanbrown/bookstack
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1jMnY0LThyOWctZzV4as4AAwnt
usememos/memos vulnerable to stored Cross-site Scripting
Ecosystems: go
Packages: github.com/usememos/memos
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXhycjktcmg4cC00MzN2
Request smuggling is possible when both chunked TE and content length specified
Ecosystems: maven
Packages: io.ktor:ktor-server-cio, io.ktor:ktor-client-cio
Source: GitHub Advisory Database
Blast Radius: 16.6
Published: over 4 years ago
Moderate
GSA_kwCzR0hTQS05aGo3LXY1NmctcmhmNs4AAyey
Mattermost fails to properly authentication inviter's permissions to private channel
Ecosystems: go
Packages: github.com/mattermost/mattermost-server/v6, github.com/mattermost/mattermost-server/v5, github.com/mattermost/mattermost-server
Source: GitHub Advisory Database
Blast Radius: 13.2
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS14cDRnLTV4ajYtNnZwcs4AAXoZ
Apache Drill vulnerable to Cross-site Scripting
Ecosystems: maven
Packages: org.apache.drill:drill-common
Source: GitHub Advisory Database
Blast Radius: 7.4
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1ydnd3LXc2Mm0taGNoOM4AAmC5
CSRF vulnerability in Jenkins Lockable Resources Plugin
Ecosystems: maven
Packages: org.6wind.jenkins:lockable-resources
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS14cTR2LXZycDktdmNmMs4AArco
Cross-site Scripting vulnerability in repository issue list in Gogs
Ecosystems: go
Packages: gogs.io/gogs
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS0ycHcyLXFwY3AtbTQ3eM4AAlYo
Silverstripe CMS XSS Vulnerability
Ecosystems: packagist
Packages: silverstripe/framework, silverstripe/cms
Source: GitHub Advisory Database
Blast Radius: 19.6
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS13cnI1LXAyNjUtNzI1Ms4AAqz1
Jenkins Warnings NG Plugin Cross-site scripting vulnerability
Ecosystems: maven
Packages: io.jenkins.plugins:warnings-ng
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS13OW1mLTgzdzMtZnY0Oc4AAvAY
Keycloak vulnerable to Stored Cross site Scripting (XSS) when loading default roles
Ecosystems: maven
Packages: org.keycloak:keycloak-parent
Source: GitHub Advisory Database
Blast Radius: 8.7
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS0yOXdyLTI0aDUtOTVyNc0-7g
Typo3 XSS Vulnerability
Ecosystems: packagist
Packages: typo3/cms
Source: GitHub Advisory Database
Blast Radius: 14.1
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1oODZnLTc5NmYtaGhmcc0_DQ
Typo3 XSS Vulnerabilities
Ecosystems: packagist
Packages: typo3/cms
Source: GitHub Advisory Database
Blast Radius: 14.1
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS14MjJ2LXFnbTItN3FjN84AAwyx
usememos/memos vulnerable to stored Cross-site Scripting
Ecosystems: go
Packages: github.com/usememos/memos
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1nd3h2LWp2ODMtNnFqcs4AAzpF
JStachio XSS vulnerability: Unescaped single quotes
Ecosystems: maven
Packages: io.jstach:jstachio
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 12 months ago
Moderate
GSA_kwCzR0hTQS04Njg2LTRjcjMtNzZ3as4AAwyw
usememos/memos vulnerable to stored Cross-site Scripting
Ecosystems: go
Packages: github.com/usememos/memos
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS0zOXI4LTQ5NjItajd2Z84AAz2o
Stored XSS vulnerability in Jenkins Maven Repository Server Plugin
Ecosystems: maven
Packages: jenkins:repository
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 11 months ago
Statistics
Advisories: 18,804
Packages: 8,399
Repositories: 5,089
Ecosystems: 12
Filter by Severity
Moderate 8,174 High 6,458 Critical 2,852 Low 1,019
Filter by Ecosystem
maven 5,579 packagist 4,016 pypi 3,849 npm 3,560 go 1,948 nuget 1,421 rubygems 815 cargo 784 swift 31 hex 30 actions 16 pub 8
Filter by Package
tensorflow 432 tensorflow-cpu 387 tensorflow-gpu 384 moodle/moodle 323 Microsoft.ChakraCore 247 magento/community-edition 203 org.jenkins-ci.main:jenkins-core 189 org.apache.tomcat:tomcat 134 pimcore/pimcore 116 dolibarr/dolibarr 107 typo3/cms 102 phpmyadmin/phpmyadmin 92 microweber/microweber 91 drupal/core 90 django 80 apache-airflow 78 typo3/cms-core 77 drupal/drupal 75 thorsten/phpmyfaq 70 com.fasterxml.jackson.core:jackson-databind 69 ansible 63 github.com/usememos/memos 59 actionpack 57 org.apache.struts:struts2-core 55 librenms/librenms 54 salt 53 symfony/symfony 53 Plone 52 concrete5/concrete5 52 apache-superset 49 shopware/platform 48 org.keycloak:keycloak-core 47 com.liferay.portal:release.portal.bom 45 nova 45 github.com/grafana/grafana 45 baserproject/basercms 43 plone 43 nokogiri 43 rdiffweb 42 Pillow 41 craftcms/cms 40 intelliants/subrion 40 showdoc/showdoc 40 vyper 38 github.com/mattermost/mattermost/server/v8 38 froxlor/froxlor 37 nilsteampassnet/teampass 37 github.com/mattermost/mattermost-server/v6 37 com.jfinal:jfinal 36 com.thoughtworks.xstream:xstream 36 org.apache.tomcat.embed:tomcat-embed-core 36 shopware/core 36 net.mingsoft:ms-mcms 35 matrix-synapse 35 github.com/answerdev/answer 34 org.xwiki.platform:xwiki-platform-oldcore 34 moin 34 k8s.io/kubernetes 33 mlflow 33 snipe/snipe-it 32 org.elasticsearch:elasticsearch 32 org.jenkins-ci.plugins:script-security 32 silverstripe/framework 32 Django 30 opencv-contrib-python 30 mautic/core 30 opencv-python 30 keystone 30 parse-server 29 github.com/argoproj/argo-cd 29 getgrav/grav 29 github.com/hashicorp/vault 28 github.com/rancher/rancher 28 io.undertow:undertow-core 27 centreon/centreon 27 org.keycloak:keycloak-services 27 shopware/shopware 27 github.com/hashicorp/nomad 26 electron 26 prestashop/prestashop 26 github.com/hashicorp/consul 26 openssl-src 26 org.apache.solr:solr-core 25 rubygems-update 25 org.keycloak:keycloak-parent 25 gogs.io/gogs 24 magento/core 24 org.eclipse.jetty:jetty-server 23 github.com/argoproj/argo-cd/v2 23 mediawiki/core 23 remdex/livehelperchat 23 pocketmine/pocketmine-mp 23 puppet 23 org.springframework.security:spring-security-core 23 org.bouncycastle:bcprov-jdk14 22 grumpydictator/firefly-iii 22 getkirby/cms 22 org.apache.nifi:nifi 22 ckb 22 rack 22 org.apache.openmeetings:openmeetings-parent 21 activerecord 21 contao/core-bundle 21 @openzeppelin/contracts-upgradeable 21 github.com/ethereum/go-ethereum 20 tribalsystems/zenario 20 github.com/docker/docker 20 github.com/cilium/cilium 20 @openzeppelin/contracts 20 org.cloudfoundry.identity:cloudfoundry-identity-server 20 code.gitea.io/gitea 19 org.springframework:spring-core 19 laravel/framework 19 DotNetNuke.Core 19 glance 18 Microsoft.AspNetCore.App.Runtime.win-x64 18 cockpit-hq/cockpit 18 Microsoft.AspNetCore.App.Runtime.win-x86 18 contao/contao 18 com.liferay.portal:release.dxp.bom 18 forkcms/forkcms 18 golang.org/x/net 18 simplesamlphp/simplesamlphp 18 langchain 18 com.vaadin:vaadin-bom 18 directus 18 ezsystems/ezpublish-kernel 17 org.apache.geode:geode-core 17 Microsoft.AspNetCore.App.Runtime.win-arm 17 genix/cms 17 org.xwiki.platform:xwiki-platform-web-templates 17 helm.sh/helm/v3 17 cobbler 17 mercurial 17 symfony/security 17 francoisjacquet/rosariosis 17 PaddlePaddle 17 cakephp/cakephp 17 topthink/framework 17 wasmtime 16 org.apache.activemq:activemq-client 16 org.bouncycastle:bcprov-jdk15 16 yetiforce/yetiforce-crm 16 pillow 16 org.apache.dubbo:dubbo 16 rusqlite 16 Microsoft.AspNetCore.App.Runtime.linux-arm 16 Microsoft.AspNetCore.App.Runtime.linux-arm64 16 sequelize 16 Microsoft.AspNetCore.App.Runtime.linux-musl-x64 16 Microsoft.AspNetCore.App.Runtime.linux-x64 16 Microsoft.AspNetCore.App.Runtime.osx-x64 16 neutron 16 cryptography 15 paddlepaddle 15 org.apache.struts.xwork:xwork-core 15 gradio 15 Microsoft.AspNetCore.App.Runtime.win-arm64 15 notebook 15 Microsoft.AspNetCore.App.Runtime.linux-musl-arm64 15 openmage/magento-lts 15 next 15 org.apache.jspwiki:jspwiki-main 15 github.com/goharbor/harbor 15 phpmailer/phpmailer 14 github.com/containerd/containerd 14 activesupport 14 pyload-ng 14 publify_core 14 smarty/smarty 14 org.xwiki.platform:xwiki-platform-web 14 ec-cube/ec-cube 14 org.apache.inlong:manager-pojo 14 swagger-ui 14 pyftpdlib 14 ghost 14 typo3/cms-backend 14 tinymce 14 symfony/security-http 14 modoboa 14 zendframework/zendframework1 14 impresscms/impresscms 13 org.apache.cxf:cxf 13 github.com/mattermost/mattermost-server 13 codeigniter4/framework 13 github.com/nats-io/nats-server/v2 13 joplin 13 bolt/bolt 13 lavalite/cms 13 passenger 13 elefant/cms 13 github.com/traefik/traefik/v2 13 ckeditor4 13 org.apache.hadoop:hadoop-main 13 october/system 13 strapi 13 OctoPrint 13 deno 12 phpmyfaq/phpmyfaq 12 Microsoft.NETCore.App.Runtime.win-x86 12
Filter by Repository
https://github.com/tensorflow/tensorflow 432 https://github.com/chakra-core/ChakraCore 214 https://github.com/moodle/moodle 210 https://github.com/xwiki/xwiki-platform 172 https://github.com/jenkinsci/jenkins 148 https://github.com/pimcore/pimcore 111 https://github.com/apache/tomcat 96 https://github.com/django/django 95 https://github.com/apache/airflow 90 https://github.com/microweber/microweber 85 https://github.com/FasterXML/jackson-databind 70 https://github.com/thorsten/phpmyfaq 69 https://github.com/usememos/memos 59 https://github.com/keycloak/keycloak 59 https://github.com/Dolibarr/dolibarr 55 https://github.com/ansible/ansible 53 https://github.com/rails/rails 53 https://github.com/python-pillow/Pillow 52 https://github.com/kubernetes/kubernetes 49 https://github.com/symfony/symfony 47 https://github.com/TYPO3/typo3 46 https://github.com/apache/struts 46 https://github.com/librenms/librenms 46 https://github.com/shopware/platform 43 https://github.com/ikus060/rdiffweb 42 https://github.com/spring-projects/spring-framework 41 https://github.com/grafana/grafana 39 https://github.com/phpmyadmin/phpmyadmin 38 https://github.com/star7th/showdoc 38 https://github.com/vyperlang/vyper 38 https://github.com/argoproj/argo-cd 37 https://github.com/plone/Products.CMFPlone 37 https://github.com/x-stream/xstream 36 https://github.com/openstack/nova 36 https://github.com/concretecms/concretecms 34 https://github.com/answerdev/answer 34 https://github.com/apache/activemq 33 https://github.com/octobercms/october 33 https://github.com/matrix-org/synapse 32 https://github.com/sparklemotion/nokogiri 32 https://github.com/saltstack/salt 32 https://github.com/go-gitea/gitea 31 https://github.com/PaddlePaddle/Paddle 31 https://github.com/magento/magento2 31 https://github.com/parse-community/parse-server 29 https://github.com/craftcms/cms 29 https://github.com/snipe/snipe-it 28 https://github.com/opencv/opencv 28 https://github.com/CVEProject/cvelist 28 https://github.com/mautic/mautic 28 https://github.com/openstack/keystone 27 https://github.com/mlflow/mlflow 27 https://github.com/apache/inlong 26 https://github.com/froxlor/froxlor 26 https://github.com/electron/electron 25 https://github.com/rancher/rancher 25 https://github.com/getgrav/grav 24 https://github.com/shopware/shopware 24 https://github.com/TYPO3/TYPO3.CMS 24 https://github.com/dotnet/runtime 24 https://github.com/github/advisory-database 23 https://github.com/eclipse/jetty.project 23 https://github.com/livehelperchat/livehelperchat 23 https://github.com/pmmp/PocketMine-MP 23 https://github.com/nervosnetwork/ckb 22 https://github.com/contao/contao 22 https://github.com/baserproject/basercms 22 https://github.com/PrestaShop/PrestaShop 22 https://github.com/firefly-iii/firefly-iii 22 https://github.com/jenkinsci/script-security-plugin 21 https://github.com/strapi/strapi 21 https://github.com/apache/nifi 21 https://github.com/cilium/cilium 20 https://github.com/OpenNMS/opennms 20 https://github.com/gogs/gogs 20 https://github.com/jeecgboot/jeecg-boot 20 https://github.com/OpenZeppelin/openzeppelin-contracts 20 https://github.com/netty/netty 20 https://github.com/intelliants/subrion 19 https://github.com/nilsteampassnet/teampass 19 https://github.com/cloudfoundry/uaa 19 https://github.com/apache/cxf 19 https://github.com/bcgit/bc-java 19 https://github.com/hashicorp/consul 19 https://github.com/nilsteampassnet/TeamPass 18 https://github.com/helm/helm 18 https://github.com/getkirby/kirby 18 https://github.com/rubygems/rubygems 18 https://github.com/rack/rack 17 https://github.com/liufee/cms 17 https://github.com/directus/directus 17 https://github.com/vaadin/platform 17 https://github.com/bytecodealliance/wasmtime 17 https://github.com/ethereum/go-ethereum 16 https://github.com/sequelize/sequelize 16 https://github.com/yetiforcecompany/yetiforcecrm 16 https://github.com/etcd-io/etcd 16 https://github.com/forkcms/forkcms 16 https://github.com/umbraco/Umbraco-CMS 16 https://github.com/hashicorp/vault 16 https://github.com/rusqlite/rusqlite 16 https://github.com/opencast/opencast 16 https://github.com/apache/camel 15 https://github.com/goharbor/harbor 15 https://github.com/centreon/centreon 15 https://github.com/laravel/framework 15 https://github.com/geoserver/geoserver 15 https://github.com/OpenMage/magento-lts 15 https://github.com/denoland/deno 15 https://github.com/puppetlabs/puppet 15 https://github.com/simplesamlphp/simplesamlphp 15 https://github.com/tinymce/tinymce 14 https://github.com/pyca/cryptography 14 https://github.com/gradio-app/gradio 14 https://github.com/cobbler/cobbler 14 https://github.com/PHPMailer/PHPMailer 14 https://github.com/cockpit-hq/cockpit 14 https://github.com/langchain-ai/langchain 14 https://github.com/containerd/containerd 14 https://github.com/pyload/pyload 14 https://github.com/vantage6/vantage6 14 https://github.com/mattermost/mattermost 14 https://github.com/moby/moby 14 https://github.com/hashicorp/nomad 13 https://github.com/golang/go 13 https://github.com/publify/publify 13 https://github.com/modoboa/modoboa 13 https://github.com/dromara/hutool 13 https://github.com/traefik/traefik 13 https://github.com/ming-soft/MCMS 13 https://github.com/dompdf/dompdf 13 https://github.com/quarkusio/quarkus 13 https://github.com/xuxueli/xxl-job 13 https://github.com/swagger-api/swagger-ui 13 https://github.com/silverstripe/silverstripe-framework 13 https://github.com/undertow-io/undertow 13 https://github.com/TryGhost/Ghost 12 https://github.com/twisted/twisted 12 https://github.com/centreon/centreon-archived 12 https://github.com/backstage/backstage 12 https://github.com/apache/dolphinscheduler 12 https://github.com/laurent22/joplin 12 https://github.com/nodejs/undici 12 https://github.com/apache/kylin 12 https://github.com/ckeditor/ckeditor4 12 https://github.com/patriksimek/vm2 12 https://github.com/opencontainers/runc 11 https://github.com/vaadin/flow 11 https://github.com/zitadel/zitadel 11 https://github.com/smarty-php/smarty 11 https://github.com/scrapy/scrapy 11 https://github.com/containers/podman 11 https://github.com/puma/puma 11 https://github.com/ezsystems/ezpublish-kernel 11 https://github.com/top-think/framework 11 https://github.com/Studio-42/elFinder 11 https://github.com/WWBN/AVideo 11 https://github.com/onionshare/onionshare 11 https://github.com/igniterealtime/Openfire 11 https://github.com/vercel/next.js 11 https://github.com/dotnet/aspnetcore 11 https://github.com/nats-io/nats-server 11 https://github.com/1Panel-dev/1Panel 11 https://github.com/drupal/core 11 https://github.com/cakephp/cakephp 11 https://github.com/thorsten/phpMyFAQ 11 https://github.com/janeczku/calibre-web 11 https://github.com/openfga/openfga 11 https://github.com/urllib3/urllib3 11 https://github.com/aio-libs/aiohttp 11 https://github.com/NodeBB/NodeBB 11 https://github.com/cloudflare/cfrpki 11 https://github.com/pimcore/admin-ui-classic-bundle 10 https://github.com/dpgaspar/Flask-AppBuilder 10 https://github.com/phusion/passenger 10 https://github.com/jenkinsci/git-plugin 10 https://github.com/Sylius/Sylius 10 https://github.com/dolibarr/dolibarr 10 https://github.com/codeigniter4/CodeIgniter4 10 https://github.com/zopefoundation/Zope 10 https://github.com/greenpau/caddy-security 10 https://github.com/openstack/glance 10 https://github.com/OPCFoundation/UA-.NETStandard 10 https://github.com/keystonejs/keystone 10 https://github.com/nocodb/nocodb 10 https://github.com/wagtail/wagtail 10 https://github.com/jquery/jquery 10 https://github.com/jupyter/notebook 10 https://github.com/nextauthjs/next-auth 10 https://github.com/apache/lucene-solr 9 https://github.com/funadmin/funadmin 9 https://github.com/nautobot/nautobot 9 https://github.com/pgadmin-org/pgadmin4 9 https://github.com/semplon/GeniXCMS 9 https://github.com/yiisoft/yii2 9 https://github.com/evershopcommerce/evershop 9 https://github.com/Pylons/waitress 9 https://github.com/Graylog2/graylog2-server 9 https://github.com/bolt/bolt 9