Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories

Loading...
High
GSA_kwCzR0hTQS01eDc5LXc4MmYtZ3c4d84AAwSf
Inefficient Regular Expression Complexity in rails-html-sanitizer
Ecosystems: rubygems
Packages: rails-html-sanitizer
Source: GitHub Advisory Database
Blast Radius: 42.9
Published: over 1 year ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTUzM3AtZzJocS1xcjI2
Command Injection in treekill
Ecosystems: npm
Packages: treekill
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
High
GSA_kwCzR0hTQS00d2dmLTl4NXItcDkzOM4AASx6
Weak Cryptography in PHP-Proxy
Ecosystems: packagist
Packages: athlon1600/php-proxy
Source: GitHub Advisory Database
Blast Radius: 11.3
Published: about 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTczdjgtdjZnNC12cnBt
Arbitrary File Overwrite in decompress-zip
Ecosystems: npm
Packages: decompress-zip
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
High
GSA_kwCzR0hTQS00anE5LTJ4aHctanB4N84AA3K3
Java: DoS Vulnerability in JSON-JAVA
Ecosystems: maven
Packages: org.json:json
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
High
GSA_kwCzR0hTQS00ODZmLWhqajktOXZoaM4AAwSc
Inefficient Regular Expression Complexity in Loofah
Ecosystems: rubygems
Packages: loofah
Source: GitHub Advisory Database
Blast Radius: 42.9
Published: over 1 year ago
High
GSA_kwCzR0hTQS0zaGZxLWN4OWotOTIzd84AA3K0
Attacker can cause Kyverno user to unintentionally consume insecure image
Ecosystems: go
Packages: github.com/kyverno/kyverno
Source: GitHub Advisory Database
Blast Radius: 8.5
Published: 6 months ago
High
GSA_kwCzR0hTQS12NTg1LTIzaGMtYzY0N80WqA
Unsafe Deserialization in jackson-databind
Ecosystems: maven
Packages: com.fasterxml.jackson.core:jackson-databind
Source: GitHub Advisory Database
Blast Radius: 43.6
Published: over 2 years ago
High
GSA_kwCzR0hTQS02NDMzLXg1cDQtOGpjN84AA7ih
libxmljs vulnerable to type confusion when parsing specially crafted XML
Ecosystems: npm
Packages: libxmljs
Source: GitHub Advisory Database
Blast Radius: 26.7
Published: 15 days ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWgzY3ctZzRtcS1jNXgy
Code Injection in jackson-databind
Ecosystems: maven
Packages: com.fasterxml.jackson.core:jackson-databind
Source: GitHub Advisory Database
Blast Radius: 43.6
Published: over 2 years ago
High
GSA_kwCzR0hTQS0ybXZjLTU1N2ctNTYzOM4AA7ig
pgAdmin is affected by a multi-factor authentication bypass vulnerability
Ecosystems: pypi
Packages: pgadmin4
Source: GitHub Advisory Database
Blast Radius: 12.6
Published: 15 days ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTI5NTgtNXI0ci13dnY2
Directory Traversal in caolilinode
Ecosystems: npm
Packages: caolilinode
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWZnNm0tcTkyeC12djM4
Directory Traversal in dcserver
Ecosystems: npm
Packages: dcserver
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
High
GSA_kwCzR0hTQS0zNWpqLXd4NDctNHc4cs4AA52-
WeasyPrint allows the attachment of arbitrary files and URLs to a PDF
Ecosystems: pypi
Packages: weasyprint
Source: GitHub Advisory Database
Blast Radius: 23.2
Published: 2 months ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWc3aDgtcDIybS0ycnZ4
Prototype Pollution in flat-wrap
Ecosystems: npm
Packages: flat-wrap
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWc5cjQteHBtai1tajY1
Prototype Pollution in handlebars
Ecosystems: npm
Packages: handlebars
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
High
GSA_kwCzR0hTQS03Z2gyLThxOTMtODdocM3pWQ
Wizkunde SAMLBase SAML Bypass
Ecosystems: packagist
Packages: gogentooss/samlbase
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTdyMngtM3FjbS04dmZ3
herbivore downloads Resources over HTTP
Ecosystems: npm
Packages: herbivore
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 5 years ago
High
GSA_kwCzR0hTQS05cDU3LWg5ODctNHZneM4AA7eG
Phlex vulnerable to Cross-site Scripting (XSS) via maliciously formed HTML attribute names and values
Ecosystems: rubygems
Packages: phlex
Source: GitHub Advisory Database
Blast Radius: 8.7
Published: 16 days ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWpwNHgtdzYzbS03d2dt
Prototype Pollution in hoek
Ecosystems: npm
Packages: hoek
Source: GitHub Advisory Database
Blast Radius: 50.1
Published: about 6 years ago
High
GSA_kwCzR0hTQS1mZzUyLXJjMzYtanA0M84AAbmr
baserCMS Cross Site Request Forgery vulnerability
Ecosystems: packagist
Packages: baserproject/basercms
Source: GitHub Advisory Database
Blast Radius: 5.3
Published: about 2 years ago
High
GSA_kwCzR0hTQS05Mmh4LTNtaDYtaGM0Oc4AA2A6
kube-apiserver authentication bypass vulnerability
Ecosystems: go
Packages: github.com/openshift/apiserver-library-go
Source: GitHub Advisory Database
Blast Radius: 15.6
Published: 8 months ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXhxcXItcDM2Mi02cm1j
Directory Traversal in hostr
Ecosystems: npm
Packages: hostr
Source: GitHub Advisory Database
Blast Radius: 6.8
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWh2NHctamhjai02d2Z3
Cross-Site Scripting in snekserve
Ecosystems: npm
Packages: snekserve
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWh2eHEtajJyNC00am04
Regular Expression Denial of Service in sql-injection
Ecosystems: npm
Packages: sql-injection
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTRyZ2otOG1xMy1oZ2dq
Denial of Service in @hapi/subtext
Ecosystems: npm
Packages: @hapi/subtext
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJ3Nmotcmh3Ny1xOTRj
Directory Traversal in sly07
Ecosystems: npm
Packages: sly07
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 6 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZtaDQtMzIydi1jZnBj
Cross-Site Scripting in cmmn-js-properties-panel
Ecosystems: npm
Packages: cmmn-js-properties-panel
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZwajQtODlxOC1yaDM4
Cross-Site Scripting in bpmn-js-properties-panel
Ecosystems: npm
Packages: bpmn-js-properties-panel
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWg5d3IteHI0ci02NmZo
Cross-Site Scripting in dmn-js-properties-panel
Ecosystems: npm
Packages: dmn-js-properties-panel
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWg3MjYteDM2di1yeDQ1
Prototype Pollution in lodash.merge
Ecosystems: npm
Packages: lodash.merge
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
High
GSA_kwCzR0hTQS1xOXhnLWg3NTYtODY4Oc4AAoSj
jquery-plugin-query-object contains prototype pollution vulnerability
Ecosystems: npm
Packages: jquery-query-object
Source: GitHub Advisory Database
Blast Radius: 6.8
Published: almost 2 years ago
High
GSA_kwCzR0hTQS00cXE5LXFnN2otZmNtOc4AAhvS
Dolibarr Cross-Site Request Forgery (CSRF)
Ecosystems: packagist
Packages: dolibarr/dolibarr
Source: GitHub Advisory Database
Blast Radius: 6.2
Published: almost 2 years ago
High
GSA_kwCzR0hTQS01NjUyLTkycjktM2Z4Oc4AA0m4
Decidim Cross-site Scripting vulnerability in the processes filter
Ecosystems: rubygems
Packages: decidim-core, decidim
Source: GitHub Advisory Database
Blast Radius: 20.2
Published: 10 months ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWg0cGMtZ3gydy1mMnh2
Heap OOB read in TFLite
Ecosystems: pypi
Packages: tensorflow
Source: GitHub Advisory Database
Blast Radius: 34.6
Published: almost 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW04Y3ItcTkzNS04ajY3
Path Traversal in buttle
Ecosystems: npm
Packages: buttle
Source: GitHub Advisory Database
Blast Radius: 14.0
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWhxOGctcXE1Ny01Mjc1
SQL Injection in untitled-model
Ecosystems: npm
Packages: untitled-model
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZoaHcteGp2Zi13cHJy
Command Injection in @graphql-tools/git-loader
Ecosystems: npm
Packages: @graphql-tools/git-loader
Source: GitHub Advisory Database
Blast Radius: 38.9
Published: over 3 years ago
High
GSA_kwCzR0hTQS00dzYyLWNxNXItNW1tcc4AARAO
express-cart unrestricted file upload vulnerability
Ecosystems: npm
Packages: express-cart
Source: GitHub Advisory Database
Blast Radius: 2.6
Published: about 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWNycG0tZm00OC1jaGo3
SQL Injection in resquel
Ecosystems: npm
Packages: resquel
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
High
GSA_kwCzR0hTQS1ocjg5LXc3cDYtcGptcc4AASqx
express-cart allows any user to create an admin user
Ecosystems: npm
Packages: express-cart
Source: GitHub Advisory Database
Blast Radius: 2.6
Published: about 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTc4OG0tcGo5Ni03dzJj
Cross-Site Scripting in fomantic-ui
Ecosystems: npm
Packages: fomantic-ui
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWNyM3gtN20zOS1jNmpx
Remote code execution via user-provided local names in ActionView
Ecosystems: rubygems
Packages: actionview
Source: GitHub Advisory Database
Blast Radius: 50.9
Published: almost 4 years ago
High
GSA_kwCzR0hTQS03MjlxLWZjZ3AtcjV4aM4AA3kR
Apache Struts Improper Control of Dynamically-Managed Code Resources vulnerability
Ecosystems: maven
Packages: org.apache.struts:struts2-core
Source: GitHub Advisory Database
Blast Radius: 28.4
Published: 5 months ago
High
GSA_kwCzR0hTQS1qOGhnLXY1cXYtOW0yOM4AA6gv
Centreon updateContactServiceCommands SQL Injection Remote Code Execution Vulnerability
Ecosystems: packagist
Packages: centreon/centreon
Source: GitHub Advisory Database
Blast Radius: 3.4
Published: about 2 months ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTlxNjQtbXB4eC04N2Zn
Open Redirect in ecstatic
Ecosystems: npm
Packages: ecstatic
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 4 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWc3bXctNWNxNi1mdjgy
Cross-Site Scripting in wangeditor
Ecosystems: npm
Packages: wangeditor
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
High
GSA_kwCzR0hTQS1xanZtLXA1dmctNDM3Y84AA6gr
Centreon updateGroups SQL Injection Remote Code Execution Vulnerability
Ecosystems: packagist
Packages: centreon/centreon
Source: GitHub Advisory Database
Blast Radius: 3.4
Published: about 2 months ago
High
GSA_kwCzR0hTQS1odjVqLTNoOWYtOTljMs4AAyes
Ruby URI component ReDoS issue
Ecosystems: rubygems
Packages: uri
Source: GitHub Advisory Database
Blast Radius: 23.0
Published: about 1 year ago
High
GSA_kwCzR0hTQS1qNHBjLXZxdmMtNHA5eM4AA6gs
Centreon updateLCARelation SQL Injection Remote Code Execution Vulnerability
Ecosystems: packagist
Packages: centreon/centreon
Source: GitHub Advisory Database
Blast Radius: 3.4
Published: about 2 months ago
High
GSA_kwCzR0hTQS0yMnY3LXYzbWotcG04cs4AA6gq
Centreon updateDirectory SQL Injection Remote Code Execution Vulnerability
Ecosystems: packagist
Packages: centreon/centreon
Source: GitHub Advisory Database
Blast Radius: 4.2
Published: about 2 months ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZjYzYtNjZmNS1teGpq
Out-of-bounds write in ChakraCore
Ecosystems: nuget
Packages: Microsoft.ChakraCore
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTIzNjMtY3FnMi04NjNj
XML External Entity (XXE) Injection in JDOM
Ecosystems: maven
Packages: org.jdom:jdom
Source: GitHub Advisory Database
Blast Radius: 29.2
Published: almost 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWh4d2MtNXZ3OS0ydzR3
NoSQL Injection in loopback-connector-mongodb
Ecosystems: npm
Packages: loopback-connector-mongodb
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
High
GSA_kwCzR0hTQS1yeGZxLTN2cGMtdnY3Ms046w
Files or Directories Accessible to External Parties in Adminer
Ecosystems: packagist
Packages: vrana/adminer
Source: GitHub Advisory Database
Blast Radius: 14.8
Published: about 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTNodm0taGdwdy1yeDRq
Path Traversal in knightjs
Ecosystems: npm
Packages: knightjs
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXh3cXctcmYycS14bWhm
Cross-Site Scripting in buefy
Ecosystems: npm
Packages: buefy
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
High
GSA_kwCzR0hTQS1qMnI3LTNydnctZzdneM4AA0pR
Apache Pulsar Broker's Rest Producer vulnerable to Incorrect Authorization
Ecosystems: maven
Packages: org.apache.pulsar:pulsar-broker
Source: GitHub Advisory Database
Blast Radius: 19.6
Published: 10 months ago
High
GSA_kwCzR0hTQS1yamMyLXg1M3ItNmM5cs3-JQ
RCE in baserCMS before 4.1.4
Ecosystems: packagist
Packages: baserproject/basercms
Source: GitHub Advisory Database
Blast Radius: 4.3
Published: about 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW13ajctcjV2Yy1obWM5
Directory Traversal in hcbserver
Ecosystems: npm
Packages: hcbserver
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXF3OWMtOHA3Ni0zcTJ4
Directory Traversal in serve46
Ecosystems: npm
Packages: serve46
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLThoOHYtNnFxbS1md3Bx
Path Traversal in express-cart
Ecosystems: npm
Packages: express-cart
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTc4aDctZmdxOS02MjV4
Directory Traversal in quickserver
Ecosystems: npm
Packages: quickserver
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 6 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXdxcjMtMjR4bS1meGhx
Directory Traversal in wffserve
Ecosystems: npm
Packages: wffserve
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
High
GSA_kwCzR0hTQS12NjNxLWhncWMtcXZwZ84AAwuZ
MooTools Regular Expression Denial of Service
Ecosystems: npm
Packages: mootools
Source: GitHub Advisory Database
Blast Radius: 18.9
Published: over 1 year ago
High
GSA_kwCzR0hTQS05NXJ4LW05bTUtbTk0ds4AA56u
ASA-2024-006: ValidateVoteExtensions helper function in Cosmos SDK may allow incorrect voting power assumptions
Ecosystems: go
Packages: github.com/cosmos/cosmos-sdk
Source: GitHub Advisory Database
Blast Radius: 23.9
Published: 2 months ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZmeGotcWc5My03d3dj
Mautic Sessions could be hijacked due to tracking contacts by an auto-incremented ID
Ecosystems: packagist
Packages: mautic/core
Source: GitHub Advisory Database
Blast Radius: 3.6
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTRnNTQtOTV4di1mMzUz
http-proxy.js is malware
Ecosystems: npm
Packages: http-proxy.js
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 5 years ago
High
GSA_kwCzR0hTQS13ZzJ4LXJ2ODYtbW1weM4AA4lv
SPV Merkle proof malleability allows the maintainer to prove invalid transactions
Ecosystems: npm
Packages: @keep-network/tbtc-v2
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 months ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXA2NzMtaGpmMi1wd2Zy
Shell command injection in command_wrap
Ecosystems: rubygems
Packages: command_wrap
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 6 years ago
High
GSA_kwCzR0hTQS0yZzY4LWMzcWMtODk4Nc4AA7xx
Werkzeug debugger vulnerable to remote execution when interacting with attacker controlled domain
Ecosystems: pypi
Packages: Werkzeug
Source: GitHub Advisory Database
Blast Radius: 36.0
Published: 11 days ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZnNWYtZjVwbS1tanJn
Istio may not check inbound TCP connections against istio-policy
Ecosystems: go
Packages: istio.io/istio
Source: GitHub Advisory Database
Blast Radius: 19.3
Published: over 2 years ago
High
GSA_kwCzR0hTQS05MmoyLTVyN3AtNmhqd84AAcqh
Restlet is vulnerable to Arbitrary Java Code Execution via crafted XML
Ecosystems: maven
Packages: org.restlet.jse:org.restlet
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJqcG0tODI3cC1qNDRn
Stored XSS in TimelineJS3
Ecosystems: npm
Packages: @knight-lab/timelinejs
Source: GitHub Advisory Database
Blast Radius: 7.8
Published: almost 4 years ago
High
GSA_kwCzR0hTQS1tbWhyLTNqcjctcWoycM4AAU4m
Auth0-ASPNET and Auth0-ASPNET-Owin vulnerable to Cross-Site Request Forgery
Ecosystems: nuget
Packages: auth0-aspnet, Auth0-ASPNET-Owin
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJ4ODMtcjU2Zy1jdjQ3
Improper certificate validation in org.apache.httpcomponents:httpclient
Ecosystems: maven
Packages: org.apache.httpcomponents:httpclient
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXEyNTctdnY0cC1mZzky
Header Forgery in http-signature
Ecosystems: npm
Packages: http-signature
Source: GitHub Advisory Database
Blast Radius: 44.7
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXEyN2YtdjNyNi05djc3
Improper Certificate Validation in EM-HTTP-Request
Ecosystems: rubygems
Packages: em-http-request
Source: GitHub Advisory Database
Blast Radius: 29.2
Published: almost 3 years ago
High
GSA_kwCzR0hTQS13NnFmLTM1ZjItajZoN84AAjiY
ChakraCore RCE Vulnerability
Ecosystems: nuget
Packages: Microsoft.ChakraCore
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
High
GSA_kwCzR0hTQS05YzV3LTlxM2YtM2h2N84AA70G
Minder's GitHub Webhook Handler vulnerable to DoS from un-validated requests
Ecosystems: go
Packages: github.com/stacklok/minder
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 10 days ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXh4NjgtamZjZy14bW1m
Commons FileUpload Denial of service vulnerability
Ecosystems: maven
Packages: org.apache.tomcat:tomcat, commons-fileupload:commons-fileupload
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 5 years ago
High
GSA_kwCzR0hTQS04OWZwLWo4djctcDgyaM4AAkuw
Microweber allows Unrestricted File Upload
Ecosystems: packagist
Packages: microweber/microweber
Source: GitHub Advisory Database
Blast Radius: 5.5
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1wajJoLTg1anEtZzV2Z84AA1v1
Answer Missing Authentication for Critical Function
Ecosystems: go
Packages: github.com/answerdev/answer
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 8 months ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWNjaDYtNXg0aC02cWM1
Directory Traversal in tiny-http
Ecosystems: npm
Packages: tiny-http
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXFwd2YtNGZ4NS1jcnFx
Directory Traversal in earlybird
Ecosystems: npm
Packages: earlybird
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWgzNzItdzN4cC0yamcz
Directory Traversal in section2.madisonjbrooks12
Ecosystems: npm
Packages: section2.madisonjbrooks12
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTM5cTQtcDUzNS1jODUy
Uncontrolled Resource Consumption in locutus
Ecosystems: npm
Packages: locutus
Source: GitHub Advisory Database
Blast Radius: 27.7
Published: almost 3 years ago
High
GSA_kwCzR0hTQS02N3hwLTQ3MjYtNDk3OM4AAjif
ChakraCore RCE Vulnerability
Ecosystems: nuget
Packages: Microsoft.ChakraCore
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWg0M3YtMjZyNy03ajRj
Allocation of Resources Without Limits or Throttling in HashiCorp Nomad
Ecosystems: go
Packages: github.com/hashicorp/nomad
Source: GitHub Advisory Database
Blast Radius: 17.4
Published: almost 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWozd2gtNW0yNi0ycGY3
Downloads Resources over HTTP in mystem-fix
Ecosystems: npm
Packages: mystem-fix
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 6 years ago
High
GSA_kwCzR0hTQS0yaHJ3LWh4NjctMzR4Ns4AAxpM
Resource exhaustion in Django
Ecosystems: pypi
Packages: Django
Source: GitHub Advisory Database
Blast Radius: 38.0
Published: over 1 year ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJmMjktcG1weC12ajYy
Directory Traversal in serverwg
Ecosystems: npm
Packages: serverwg
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZ4OGMtbXZwdi01MzY2
Directory Traversal in shit-server
Ecosystems: npm
Packages: shit-server
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
High
GSA_kwCzR0hTQS04cnY3LWc3NzItcHAzas4AA1oD
DataEase vulnerable to SQL injection
Ecosystems: maven
Packages: io.dataease:dataease-plugin-common
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: 9 months ago
High
GSA_kwCzR0hTQS00ZjRyLXdndjItamp2Z84AA19i
Quarkus HTTP vulnerable to incorrect evaluation of permissions
Ecosystems: maven
Packages: io.quarkus:quarkus-keycloak-authorization, io.quarkus:quarkus-csrf-reactive, io.quarkus:quarkus-undertow, io.quarkus:quarkus-vertx-http
Source: GitHub Advisory Database
Blast Radius: 21.5
Published: 8 months ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWp4Y2MtZzc1eC1xZ3c5
Calipso Arbitrary File Write via Archive Extraction (Zip Slip)
Ecosystems: npm
Packages: calipso
Source: GitHub Advisory Database
Blast Radius: 2.2
Published: almost 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW1xNXAtMm1jci1tNTJq
Code injection in nbgitpuller
Ecosystems: pypi
Packages: nbgitpuller
Source: GitHub Advisory Database
Blast Radius: 20.7
Published: over 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTVwcTgtMnEyNC1tajNw
Downloads Resources over HTTP in fis-parser-sass-bin
Ecosystems: npm
Packages: fis-parser-sass-bin
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTVybTMtcWh4Zi1yaDNy
Downloads Resources over HTTP in co-cli-installer
Ecosystems: npm
Packages: co-cli-installer
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXA5cG0tNTV2cC0yanF3
Downloads Resources over HTTP in soci
Ecosystems: npm
Packages: soci
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 5 years ago
Statistics
Advisories: 18,752
Packages: 8,375
Repositories: 5,076
Ecosystems: 12
Filter by Severity
Moderate 8,149 High 6,447 Critical 2,848 Low 1,014
Filter by Ecosystem
maven 5,573 packagist 3,982 pypi 3,848 npm 3,558 go 1,934 nuget 1,421 rubygems 815 cargo 780 swift 31 hex 30 actions 16 pub 8
Filter by Package
tensorflow 432 tensorflow-cpu 387 tensorflow-gpu 384 moodle/moodle 323 Microsoft.ChakraCore 247 magento/community-edition 203 org.jenkins-ci.main:jenkins-core 189 org.apache.tomcat:tomcat 134 pimcore/pimcore 116 dolibarr/dolibarr 107 typo3/cms 102 phpmyadmin/phpmyadmin 92 microweber/microweber 91 drupal/core 90 django 80 apache-airflow 78 typo3/cms-core 77 drupal/drupal 75 thorsten/phpmyfaq 70 com.fasterxml.jackson.core:jackson-databind 69 ansible 63 github.com/usememos/memos 59 actionpack 57 org.apache.struts:struts2-core 55 librenms/librenms 54 symfony/symfony 53 salt 53 concrete5/concrete5 52 Plone 52 apache-superset 49 shopware/platform 48 org.keycloak:keycloak-core 47 com.liferay.portal:release.portal.bom 45 nova 45 github.com/grafana/grafana 44 baserproject/basercms 43 plone 43 nokogiri 43 rdiffweb 42 Pillow 41 showdoc/showdoc 40 intelliants/subrion 40 craftcms/cms 40 github.com/mattermost/mattermost/server/v8 38 vyper 38 github.com/mattermost/mattermost-server/v6 37 froxlor/froxlor 37 nilsteampassnet/teampass 37 shopware/core 36 com.thoughtworks.xstream:xstream 36 com.jfinal:jfinal 36 org.apache.tomcat.embed:tomcat-embed-core 36 net.mingsoft:ms-mcms 35 matrix-synapse 35 org.xwiki.platform:xwiki-platform-oldcore 34 github.com/answerdev/answer 34 moin 34 mlflow 33 snipe/snipe-it 32 org.jenkins-ci.plugins:script-security 32 silverstripe/framework 32 org.elasticsearch:elasticsearch 32 k8s.io/kubernetes 32 mautic/core 30 Django 30 opencv-contrib-python 30 opencv-python 30 keystone 30 parse-server 29 github.com/argoproj/argo-cd 29 getgrav/grav 29 github.com/rancher/rancher 28 github.com/hashicorp/vault 28 centreon/centreon 27 shopware/shopware 27 io.undertow:undertow-core 27 org.keycloak:keycloak-services 27 github.com/hashicorp/nomad 26 github.com/hashicorp/consul 26 openssl-src 26 electron 26 prestashop/prestashop 26 org.keycloak:keycloak-parent 25 rubygems-update 25 org.apache.solr:solr-core 25 magento/core 24 gogs.io/gogs 24 github.com/argoproj/argo-cd/v2 23 remdex/livehelperchat 23 org.springframework.security:spring-security-core 23 pocketmine/pocketmine-mp 23 puppet 23 org.eclipse.jetty:jetty-server 23 org.apache.nifi:nifi 22 getkirby/cms 22 grumpydictator/firefly-iii 22 ckb 22 rack 22 org.bouncycastle:bcprov-jdk14 22 activerecord 21 @openzeppelin/contracts-upgradeable 21 org.apache.openmeetings:openmeetings-parent 21 contao/core-bundle 21 github.com/ethereum/go-ethereum 20 org.cloudfoundry.identity:cloudfoundry-identity-server 20 github.com/docker/docker 20 tribalsystems/zenario 20 @openzeppelin/contracts 20 github.com/cilium/cilium 20 code.gitea.io/gitea 19 DotNetNuke.Core 19 org.springframework:spring-core 19 laravel/framework 19 com.liferay.portal:release.dxp.bom 18 glance 18 Microsoft.AspNetCore.App.Runtime.win-x64 18 Microsoft.AspNetCore.App.Runtime.win-x86 18 forkcms/forkcms 18 helm.sh/helm/v3 18 cockpit-hq/cockpit 18 contao/contao 18 directus 18 com.vaadin:vaadin-bom 18 simplesamlphp/simplesamlphp 18 langchain 18 genix/cms 17 ezsystems/ezpublish-kernel 17 PaddlePaddle 17 Microsoft.AspNetCore.App.Runtime.win-arm 17 org.apache.geode:geode-core 17 cakephp/cakephp 17 golang.org/x/net 17 org.xwiki.platform:xwiki-platform-web-templates 17 symfony/security 17 mercurial 17 cobbler 17 francoisjacquet/rosariosis 17 topthink/framework 17 mediawiki/core 17 Microsoft.AspNetCore.App.Runtime.linux-musl-x64 16 org.apache.activemq:activemq-client 16 Microsoft.AspNetCore.App.Runtime.linux-arm64 16 Microsoft.AspNetCore.App.Runtime.linux-x64 16 Microsoft.AspNetCore.App.Runtime.linux-arm 16 rusqlite 16 Microsoft.AspNetCore.App.Runtime.osx-x64 16 sequelize 16 yetiforce/yetiforce-crm 16 wasmtime 16 pillow 16 org.apache.dubbo:dubbo 16 org.bouncycastle:bcprov-jdk15 16 neutron 16 Microsoft.AspNetCore.App.Runtime.win-arm64 15 github.com/goharbor/harbor 15 openmage/magento-lts 15 paddlepaddle 15 cryptography 15 notebook 15 org.apache.struts.xwork:xwork-core 15 Microsoft.AspNetCore.App.Runtime.linux-musl-arm64 15 next 15 gradio 15 org.apache.jspwiki:jspwiki-main 15 swagger-ui 14 ghost 14 phpmailer/phpmailer 14 org.xwiki.platform:xwiki-platform-web 14 ec-cube/ec-cube 14 zendframework/zendframework1 14 activesupport 14 github.com/containerd/containerd 14 pyload-ng 14 tinymce 14 pyftpdlib 14 smarty/smarty 14 modoboa 14 org.apache.inlong:manager-pojo 14 typo3/cms-backend 14 symfony/security-http 14 publify_core 14 github.com/mattermost/mattermost-server 13 org.apache.cxf:cxf 13 github.com/nats-io/nats-server/v2 13 github.com/traefik/traefik/v2 13 elefant/cms 13 passenger 13 october/system 13 org.apache.hadoop:hadoop-main 13 joplin 13 impresscms/impresscms 13 OctoPrint 13 strapi 13 bolt/bolt 13 ckeditor4 13 lavalite/cms 13 codeigniter4/framework 13 github.com/opencontainers/runc 12 swift 12 Microsoft.NETCore.App.Runtime.win-arm64 12
Filter by Repository
https://github.com/tensorflow/tensorflow 432 https://github.com/chakra-core/ChakraCore 214 https://github.com/moodle/moodle 210 https://github.com/xwiki/xwiki-platform 172 https://github.com/jenkinsci/jenkins 148 https://github.com/pimcore/pimcore 111 https://github.com/apache/tomcat 96 https://github.com/django/django 94 https://github.com/apache/airflow 90 https://github.com/microweber/microweber 85 https://github.com/FasterXML/jackson-databind 70 https://github.com/thorsten/phpmyfaq 69 https://github.com/keycloak/keycloak 59 https://github.com/usememos/memos 59 https://github.com/Dolibarr/dolibarr 55 https://github.com/rails/rails 53 https://github.com/ansible/ansible 53 https://github.com/python-pillow/Pillow 52 https://github.com/kubernetes/kubernetes 49 https://github.com/symfony/symfony 47 https://github.com/apache/struts 46 https://github.com/TYPO3/typo3 46 https://github.com/librenms/librenms 46 https://github.com/shopware/platform 43 https://github.com/ikus060/rdiffweb 42 https://github.com/spring-projects/spring-framework 41 https://github.com/grafana/grafana 39 https://github.com/vyperlang/vyper 38 https://github.com/phpmyadmin/phpmyadmin 38 https://github.com/star7th/showdoc 38 https://github.com/plone/Products.CMFPlone 37 https://github.com/argoproj/argo-cd 37 https://github.com/openstack/nova 36 https://github.com/x-stream/xstream 36 https://github.com/concretecms/concretecms 34 https://github.com/answerdev/answer 34 https://github.com/apache/activemq 33 https://github.com/octobercms/october 33 https://github.com/saltstack/salt 32 https://github.com/matrix-org/synapse 32 https://github.com/sparklemotion/nokogiri 32 https://github.com/PaddlePaddle/Paddle 31 https://github.com/magento/magento2 31 https://github.com/go-gitea/gitea 31 https://github.com/parse-community/parse-server 29 https://github.com/craftcms/cms 29 https://github.com/mautic/mautic 28 https://github.com/opencv/opencv 28 https://github.com/snipe/snipe-it 28 https://github.com/CVEProject/cvelist 28 https://github.com/mlflow/mlflow 27 https://github.com/openstack/keystone 27 https://github.com/froxlor/froxlor 26 https://github.com/apache/inlong 26 https://github.com/rancher/rancher 25 https://github.com/electron/electron 25 https://github.com/dotnet/runtime 24 https://github.com/TYPO3/TYPO3.CMS 24 https://github.com/shopware/shopware 24 https://github.com/getgrav/grav 24 https://github.com/github/advisory-database 23 https://github.com/pmmp/PocketMine-MP 23 https://github.com/livehelperchat/livehelperchat 23 https://github.com/eclipse/jetty.project 23 https://github.com/PrestaShop/PrestaShop 22 https://github.com/nervosnetwork/ckb 22 https://github.com/baserproject/basercms 22 https://github.com/contao/contao 22 https://github.com/firefly-iii/firefly-iii 22 https://github.com/jenkinsci/script-security-plugin 21 https://github.com/apache/nifi 21 https://github.com/strapi/strapi 21 https://github.com/cilium/cilium 20 https://github.com/jeecgboot/jeecg-boot 20 https://github.com/gogs/gogs 20 https://github.com/netty/netty 20 https://github.com/OpenNMS/opennms 20 https://github.com/OpenZeppelin/openzeppelin-contracts 20 https://github.com/helm/helm 19 https://github.com/bcgit/bc-java 19 https://github.com/apache/cxf 19 https://github.com/nilsteampassnet/teampass 19 https://github.com/hashicorp/consul 19 https://github.com/cloudfoundry/uaa 19 https://github.com/intelliants/subrion 19 https://github.com/nilsteampassnet/TeamPass 18 https://github.com/getkirby/kirby 18 https://github.com/rubygems/rubygems 18 https://github.com/bytecodealliance/wasmtime 17 https://github.com/directus/directus 17 https://github.com/liufee/cms 17 https://github.com/vaadin/platform 17 https://github.com/rack/rack 17 https://github.com/etcd-io/etcd 16 https://github.com/opencast/opencast 16 https://github.com/rusqlite/rusqlite 16 https://github.com/yetiforcecompany/yetiforcecrm 16 https://github.com/sequelize/sequelize 16 https://github.com/forkcms/forkcms 16 https://github.com/hashicorp/vault 16 https://github.com/ethereum/go-ethereum 16 https://github.com/umbraco/Umbraco-CMS 16 https://github.com/laravel/framework 15 https://github.com/puppetlabs/puppet 15 https://github.com/geoserver/geoserver 15 https://github.com/OpenMage/magento-lts 15 https://github.com/centreon/centreon 15 https://github.com/goharbor/harbor 15 https://github.com/apache/camel 15 https://github.com/simplesamlphp/simplesamlphp 15 https://github.com/denoland/deno 15 https://github.com/moby/moby 14 https://github.com/vantage6/vantage6 14 https://github.com/containerd/containerd 14 https://github.com/langchain-ai/langchain 14 https://github.com/mattermost/mattermost 14 https://github.com/pyca/cryptography 14 https://github.com/tinymce/tinymce 14 https://github.com/PHPMailer/PHPMailer 14 https://github.com/gradio-app/gradio 14 https://github.com/cockpit-hq/cockpit 14 https://github.com/cobbler/cobbler 14 https://github.com/pyload/pyload 14 https://github.com/xuxueli/xxl-job 13 https://github.com/modoboa/modoboa 13 https://github.com/swagger-api/swagger-ui 13 https://github.com/ming-soft/MCMS 13 https://github.com/traefik/traefik 13 https://github.com/dromara/hutool 13 https://github.com/golang/go 13 https://github.com/dompdf/dompdf 13 https://github.com/hashicorp/nomad 13 https://github.com/undertow-io/undertow 13 https://github.com/quarkusio/quarkus 13 https://github.com/publify/publify 13 https://github.com/silverstripe/silverstripe-framework 13 https://github.com/TryGhost/Ghost 12 https://github.com/ckeditor/ckeditor4 12 https://github.com/laurent22/joplin 12 https://github.com/apache/kylin 12 https://github.com/apache/dolphinscheduler 12 https://github.com/nodejs/undici 12 https://github.com/patriksimek/vm2 12 https://github.com/backstage/backstage 12 https://github.com/centreon/centreon-archived 12 https://github.com/twisted/twisted 12 https://github.com/1Panel-dev/1Panel 11 https://github.com/nats-io/nats-server 11 https://github.com/janeczku/calibre-web 11 https://github.com/scrapy/scrapy 11 https://github.com/urllib3/urllib3 11 https://github.com/smarty-php/smarty 11 https://github.com/Studio-42/elFinder 11 https://github.com/aio-libs/aiohttp 11 https://github.com/NodeBB/NodeBB 11 https://github.com/cakephp/cakephp 11 https://github.com/puma/puma 11 https://github.com/vaadin/flow 11 https://github.com/top-think/framework 11 https://github.com/drupal/core 11 https://github.com/opencontainers/runc 11 https://github.com/dotnet/aspnetcore 11 https://github.com/cloudflare/cfrpki 11 https://github.com/zitadel/zitadel 11 https://github.com/vercel/next.js 11 https://github.com/igniterealtime/Openfire 11 https://github.com/ezsystems/ezpublish-kernel 11 https://github.com/containers/podman 11 https://github.com/openfga/openfga 11 https://github.com/thorsten/phpMyFAQ 11 https://github.com/onionshare/onionshare 11 https://github.com/nocodb/nocodb 10 https://github.com/phusion/passenger 10 https://github.com/dolibarr/dolibarr 10 https://github.com/Sylius/Sylius 10 https://github.com/jquery/jquery 10 https://github.com/jupyter/notebook 10 https://github.com/dpgaspar/Flask-AppBuilder 10 https://github.com/nextauthjs/next-auth 10 https://github.com/greenpau/caddy-security 10 https://github.com/pimcore/admin-ui-classic-bundle 10 https://github.com/WWBN/AVideo 10 https://github.com/jenkinsci/git-plugin 10 https://github.com/wagtail/wagtail 10 https://github.com/zopefoundation/Zope 10 https://github.com/OPCFoundation/UA-.NETStandard 10 https://github.com/keystonejs/keystone 10 https://github.com/codeigniter4/CodeIgniter4 10 https://github.com/openstack/glance 10 https://github.com/cui2shark/cms 9 https://github.com/giampaolo/pyftpdlib 9 https://github.com/cosmos/cosmos-sdk 9 https://github.com/ethyca/fides 9 https://github.com/Pylons/waitress 9 https://github.com/funadmin/funadmin 9 https://github.com/pgadmin-org/pgadmin4 9 https://github.com/openstack/horizon 9 https://github.com/LavaLite/cms 9 https://github.com/fatfreecrm/fat_free_crm 9