Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories

Loading...
Moderate
GSA_kwCzR0hTQS1wMzY0LXhmcDItZjlycs4AAlOC
CSRF vulnerability in Jenkins Fortify on Demand Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:fortify-on-demand-uploader
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS0zdzhyLTNqaDktODl2Oc4AA3MV
xxl-job-admin vulnerable to Insecure Permissions
Ecosystems: maven
Packages: com.xuxueli:xxl-job-admin
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS1mcGpjLWN4cjYtdzZoOM4AAwyy
usememos/memos vulnerable to stored Cross-site Scripting
Ecosystems: go
Packages: github.com/usememos/memos
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS14cDRnLTV4ajYtNnZwcs4AAXoZ
Apache Drill vulnerable to Cross-site Scripting
Ecosystems: maven
Packages: org.apache.drill:drill-common
Source: GitHub Advisory Database
Blast Radius: 7.4
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS02NzMzLTdycDctdmYzbc4AA3Mb
xxl-job-admin vulnerable to Cross Site Scripting
Ecosystems: maven
Packages: com.xuxueli:xxl-job-admin
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS14Y21qLXhqaGctd3Zocc4AAUVs
Fork CMS XSS Vulnerability
Ecosystems: packagist
Packages: forkcms/forkcms
Source: GitHub Advisory Database
Blast Radius: 3.3
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS05aDd4LTlwbWgtN2dnOM4AAwyu
usememos/memos vulnerable to stored Cross-site Scripting
Ecosystems: go
Packages: github.com/usememos/memos
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1oYzcyLXZqM2ctNWcyZ84AArN9
Cross-site Scripting in ZKEACMS
Ecosystems: nuget
Packages: ZKEACMS.Publisher
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS00cXY2LTM3eHEtbWdxMs4AA2oD
Concrete CMS Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: concrete5/concrete5
Source: GitHub Advisory Database
Blast Radius: 4.6
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS0ycWY4LWg3cHIteDJyOM4AAu9d
YetiForce CRM vulnerable to stored Cross-site Scripting via WidgetsManagement module
Ecosystems: packagist
Packages: yetiforce/yetiforce-crm
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1nZzhyLXhqd3EtNHc5Ms4AAwOk
Cross-site scripting vulnerability in TinyMCE alerts
Ecosystems: nuget, packagist, npm
Packages: TinyMCE, tinymce/tinymce, tinymce
Source: GitHub Advisory Database
Blast Radius: 38.4
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS05cTdxLXI1NHEtM2YzZ84AAy_3
Cross-site Scripting (XSS) in DataObject Classification Store
Ecosystems: packagist
Packages: pimcore/pimcore
Source: GitHub Advisory Database
Blast Radius: 13.4
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS00NTk4LXdjZzgteDU2Z84AAv5D
XML External Entity Reference in Jenkins Violations Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:violations
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1qdmpwLXZoMjctcjloNc0Wug
Cross-site Scripting in PiranhaCMS
Ecosystems: nuget
Packages: Piranha
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1jaDlnLXg5ajctcmNncM4AAyLq
imgproxy Cross-site Scripting vulnerability
Ecosystems: go
Packages: github.com/imgproxy/imgproxy/v3
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS00MmdxLWg3eGotMzNyNM3ggA
Features file injection vulnerability
Ecosystems: rubygems
Packages: features
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS13Z3J3LWZqM3YtZmhjNc4AA3vJ
Cross-site Scripting in silverpeas
Ecosystems: maven
Packages: org.silverpeas.core:silverpeas-core-configuration, org.silverpeas.core:silverpeas-core-war, org.silverpeas.core:silverpeas-core-api, org.silverpeas.core:silverpeas-core-web
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS04bTlwLTM5MjYtZ2Zmcs4AA1JD
wger Workout Manager Cross-site Scripting vulnerability
Ecosystems: pypi
Packages: wger
Source: GitHub Advisory Database
Blast Radius: 4.2
Published: 9 months ago
Moderate
GSA_kwCzR0hTQS03ZmpyLTVocGgtYzJtaM4AAQ7u
Cross-site Scripting in Jenkins Blue Ocean Plugin
Ecosystems: maven
Packages: io.jenkins.blueocean:blueocean
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS14M3ByLWZjZ20td2pnY84AAjkd
Subversion Plugin stored XSS vulnerability
Ecosystems: maven
Packages: org.jenkins-ci.plugins:subversion
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS0zNmYyLWZjcngtZnA0as4AAyJ4
Authelia allows open redirects on the logout endpoint
Ecosystems: go
Packages: github.com/authelia/authelia/v4
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS00NGg5LXh4dngtcGc2eM4AAy5y
XWiki App Within Minutes app grants space admin rights that allows cross-site scripting
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-appwithinminutes-ui, org.xwiki.platform:xwiki-platform-appwithinminutes
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS02NmNtLWM3Y2gtNWo4cc4AAyML
Pimcore vulnerable to Cross-site Scripting (XSS) in Redirects
Ecosystems: packagist
Packages: pimcore/pimcore
Source: GitHub Advisory Database
Blast Radius: 13.4
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1qbXdtLXcycm0tcHJ2Oc4AA2_o
Microweber Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: microweber/microweber
Source: GitHub Advisory Database
Blast Radius: 3.8
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS1tcnF4LW1qYzQtdmZoM84AAxYc
wallabag subject to Improper Authorization via annotations
Ecosystems: packagist
Packages: wallabag/wallabag
Source: GitHub Advisory Database
Blast Radius: 3.8
Published: about 1 year ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXE3NHItNHh3My1wcHg5
Stored cross-site scripting in Grid component in Vaadin 7 and 8
Ecosystems: maven
Packages: com.vaadin:vaadin-server, com.vaadin:vaadin-bom
Source: GitHub Advisory Database
Blast Radius: 19.7
Published: about 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTQyOTgtODloYy02cmZ2
Open Redirect in Flask-User
Ecosystems: pypi
Packages: Flask-User
Source: GitHub Advisory Database
Blast Radius: 10.8
Published: over 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTVjNmMtdzRjNC12Z3Z4
Stored XSS vulnerability in Jenkins Scriptler Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:scriptler
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXBqYzQtM3c5OS1qN3Y0
Open redirect in Flask-Unchained
Ecosystems: pypi
Packages: Flask-Unchained
Source: GitHub Advisory Database
Blast Radius: 7.9
Published: almost 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXI3NzMtcG13My1mNG1y
Open Redirect in koa-remove-trailing-slashes
Ecosystems: npm
Packages: koa-remove-trailing-slashes
Source: GitHub Advisory Database
Blast Radius: 4.9
Published: about 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZ4aDMtbXZ2Ny0yNjVq
Cross-site scripting invenio-records
Ecosystems: pypi
Packages: invenio-records
Source: GitHub Advisory Database
Blast Radius: 11.0
Published: almost 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXgyanAtaGg2NS00eHZm
Cross-site scripting (XSS) and Server side request forgery (SSRF) in moodle
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 7.6
Published: about 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWZqaDMtZzhncS05cTky
Cross-Site Scripting in Content Preview
Ecosystems: packagist
Packages: typo3/cms, typo3/cms-core, typo3/cms-backend
Source: GitHub Advisory Database
Blast Radius: 19.4
Published: about 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWpjODctNnZwcC03ZmYz
Heap buffer overflow in Tensorflow
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 26.3
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWNmanYtNTQ5OC1tcGg1
XSS in Action View
Ecosystems: rubygems
Packages: actionview
Source: GitHub Advisory Database
Blast Radius: 31.2
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW1ocDYtcHhoOC1yNjc1
Cross site scripting in Angular
Ecosystems: npm
Packages: angular
Source: GitHub Advisory Database
Blast Radius: 25.7
Published: almost 4 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTU5Y2YtbTd2NS13aDV3
Cross-Site Scripting in SVG Sanitizer
Ecosystems: packagist
Packages: t3g/svg-sanitizer
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 4 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTh3NjUteGpjNS05dzc5
Cross-Site Scripting in node-red
Ecosystems: npm
Packages: node-red
Source: GitHub Advisory Database
Blast Radius: 15.9
Published: about 4 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWc5OTYtcTVyOC13N2cy
Symfony Cross-site Scripting (XSS) vulnerability
Ecosystems: packagist
Packages: drupal/drupal, drupal/core, symfony/symfony, symfony/framework-bundle
Source: GitHub Advisory Database
Blast Radius: 25.8
Published: over 4 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW1tZjYtNjU5Ny0zdjZt
Open Redirect in Spring Security OAuth
Ecosystems: maven
Packages: org.springframework.security.oauth:spring-security-oauth
Source: GitHub Advisory Database
Blast Radius: 14.5
Published: almost 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLThjdzYtNXF2cC1xM3dq
Exposure of Sensitive Information to an Unauthorized Actor in Apache Spark via crafted URL
Ecosystems: maven
Packages: org.apache.spark:spark-core_2.11, org.apache.spark:spark-core_2.10
Source: GitHub Advisory Database
Blast Radius: 21.3
Published: about 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTVjNjYteDR3bS1yamZ4
Cross-site scripting (XSS) vulnerability in the user-profile biography section in DotNetNuke (DNN)
Ecosystems: nuget
Packages: DotNetNuke.Core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 5 years ago
Moderate
GSA_kwCzR0hTQS14MzQ3LWZjOXctdzdjM84AAwxu
Nuxeo vulnerable to Reflected Cross-Site Scripting leading to Remote Code Execution
Ecosystems: maven
Packages: org.nuxeo.ecm.platform:nuxeo-platform-oauth
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS14Mmg4LTRtaGgtNWh3aM4AAw_W
phpMyFAQ Stored Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: thorsten/phpmyfaq
Source: GitHub Advisory Database
Blast Radius: 3.3
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1jeHZwLTNmcm0tMzg3Ns4AAw_h
Apache Superset's SQL Alchemy connector vulnerable to SQL Injection
Ecosystems: pypi
Packages: apache-superset
Source: GitHub Advisory Database
Blast Radius: 7.2
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1yY3g2LTdqcDYtcHFmMs4AAVW9
ember-source Cross-site Scripting vulnerability
Ecosystems: rubygems
Packages: ember-source
Source: GitHub Advisory Database
Blast Radius: 19.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1mZjI4LWY0NmctcjlnOM4AAqwa
Cross-site Scripting in Gogs
Ecosystems: go
Packages: gogs.io/gogs
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1ycGoyLXc2ZnItNzloY84AAuZ2
Keycloak vulnerable to Improper Certificate Validation
Ecosystems: maven
Packages: org.keycloak:keycloak-core
Source: GitHub Advisory Database
Blast Radius: 16.5
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS03OXJtLWYyNmctMjk2cM4AAhf5
Jenkins Maven Release Plugin vulnerable to Cross-site Scripting
Ecosystems: maven
Packages: org.jenkins-ci.plugins.m2release:m2release
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS01ZjM4LTlqdzItNnI2aM0WZQ
Cross-site Scripting in teddy
Ecosystems: npm
Packages: teddy
Source: GitHub Advisory Database
Blast Radius: 6.4
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS04OHFqLTNxNmgtOG01cc4AAiCD
Jenkins Build Environment Plugin vulnerable to Cross-site Scripting
Ecosystems: maven
Packages: org.jenkins-ci.plugins:build-environment
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXhycjktcmg4cC00MzN2
Request smuggling is possible when both chunked TE and content length specified
Ecosystems: maven
Packages: io.ktor:ktor-server-cio, io.ktor:ktor-client-cio
Source: GitHub Advisory Database
Blast Radius: 16.6
Published: over 4 years ago
Moderate
GSA_kwCzR0hTQS05cHZxLTRjYzctMjRqZ84AAs7h
Cross-site Scripting in Jfinal CMS
Ecosystems: maven
Packages: com.jfinal:jfinal
Source: GitHub Advisory Database
Blast Radius: 15.8
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1taGhjLXI4OGgtMnFybc4AATeC
katello Cross-site Scripting vulnerability
Ecosystems: rubygems
Packages: katello
Source: GitHub Advisory Database
Blast Radius: 5.4
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS04Nzc1LTVod3Ytd3I2ds4AAzbF
Potential for cross-site scripting in PostHog-js
Ecosystems: npm
Packages: posthog-js
Source: GitHub Advisory Database
Blast Radius: 18.5
Published: 11 months ago
Moderate
GSA_kwCzR0hTQS01NzI5LTgyMnctajM0Ms30WQ
Moodle cross-site scripting (XSS) vulnerability
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 7.6
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS01anAyLXZ3cmotOTlyZs4AAvd3
Team scope authorization bypass when Post/Put request with :team_name in body, allows HTTP parameter pollution
Ecosystems: go
Packages: github.com/concourse/concourse
Source: GitHub Advisory Database
Blast Radius: 7.2
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1ycHBjLTY1NXYtN2ozY84AAtBy
Stored XSS in link tags added via XHR in SilverStripe Framework
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 19.6
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS00MmczLTNqd20tNjNyeM4AA3u5
Broken access control in Silverpeas
Ecosystems: maven
Packages: org.silverpeas.core:silverpeas-core-web
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS1jZzQ1LXFnY2YtaGY5eM0-Jw
TYPO3 is vulnerable to Cross-Site Scripting (XSS) on the backend
Ecosystems: packagist
Packages: typo3/cms-backend
Source: GitHub Advisory Database
Blast Radius: 14.6
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS12cjdtLXI5dm0tbTR3Zs4AA4Lz
PrestaShop XSS can be stored in DB from "add a message form" in order detail page (FO)
Ecosystems: packagist
Packages: prestashop/prestashop
Source: GitHub Advisory Database
Blast Radius: 1.6
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS1naHEyLW0zcHEtcWYzcM06rQ
Stored XSS in Jenkins CVS Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:cvs
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS14cTR2LXZycDktdmNmMs4AArco
Cross-site Scripting vulnerability in repository issue list in Gogs
Ecosystems: go
Packages: gogs.io/gogs
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS0zcnJnLXA4eGMtMzQ1N84AAXIl
Stored cross-site scripting vulnerability in Jenkins TestLink Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:testlink
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1jZnI1LTdwNTQtNHFnOM4AA3ud
Privilege Escalation using Spoofing
Ecosystems: nuget
Packages: Umbraco.CMS
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS04NTloLTR3NTgtNzh4d84AA4a2
Cross-site Scripting in JFinal
Ecosystems: maven
Packages: com.jfinal:jfinal
Source: GitHub Advisory Database
Blast Radius: 15.8
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS1xNHE1LWM1Y3YtMnA2OM4AAu6M
Vuetify Cross-site Scripting vulnerability
Ecosystems: maven, npm
Packages: org.webjars.npm:vuetify, vuetify
Source: GitHub Advisory Database
Blast Radius: 31.3
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS0ycHcyLXFwY3AtbTQ3eM4AAlYo
Silverstripe CMS XSS Vulnerability
Ecosystems: packagist
Packages: silverstripe/framework, silverstripe/cms
Source: GitHub Advisory Database
Blast Radius: 19.6
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS12OWZqLWg4ZzYtNHc5cc4AAvLC
YetiForce CRM vulnerable to stored Cross-site Scripting
Ecosystems: packagist
Packages: yetiforce/yetiforce-crm
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTRqNzctZ2czNi05ODY0
Cross-Site Scripting in TYPO3 CMS Link Handling
Ecosystems: packagist
Packages: typo3/cms, typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 19.4
Published: almost 4 years ago
Moderate
GSA_kwCzR0hTQS1oeDdjLXFwZnEteGNycM0iuA
Cross-site Scripting in django-cms
Ecosystems: pypi
Packages: django-cms
Source: GitHub Advisory Database
Blast Radius: 17.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS13MnBtLWZyNjItamd2NM4AAzXb
Moodle vulnerable to stored Cross-site Scripting
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 7.6
Published: 12 months ago
Moderate
GSA_kwCzR0hTQS1oNWc5LTJwMzUtNTRjN84AAzjW
nilsteampassnet/teampass vulnerable to cross-site scripting
Ecosystems: packagist
Packages: nilsteampassnet/teampass
Source: GitHub Advisory Database
Blast Radius: 3.3
Published: 11 months ago
Moderate
GSA_kwCzR0hTQS01ODM0LXh2NXEtY2dmd84AAtr2
Shopware vulnerable to persistent cross site scripting (XSS) in customer module
Ecosystems: packagist
Packages: shopware/shopware
Source: GitHub Advisory Database
Blast Radius: 8.9
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1mN3JwLXh4NjctNHBqOc4AAyiW
Phachon mm-wiki vulnerable to stored cross-site scripting (XSS)
Ecosystems: go
Packages: github.com/phachon/mm-wiki
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS0yZmZwLXc2NjUtOW1neM4AAzGt
Cross Site Scripting in nilsteampassnet/teampass
Ecosystems: packagist
Packages: nilsteampassnet/teampass
Source: GitHub Advisory Database
Blast Radius: 3.3
Published: 12 months ago
Moderate
GSA_kwCzR0hTQS03eDk0LWp4NzUtM2doNs4AAzfU
Stored cross site scripting in Craft CMS
Ecosystems: packagist
Packages: craftcms/cms
Source: GitHub Advisory Database
Blast Radius: 18.6
Published: 11 months ago
Moderate
GSA_kwCzR0hTQS0zajR4LTlxOXEtMzI3N84AA4bA
Cross-site Scripting in JFinal
Ecosystems: maven
Packages: com.jfinal:jfinal
Source: GitHub Advisory Database
Blast Radius: 15.8
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS13NGhwLXBjcDgtcWhmM80nNQ
Cross-site Scripting in livehelperchat
Ecosystems: packagist
Packages: remdex/livehelperchat
Source: GitHub Advisory Database
Blast Radius: 3.8
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS03NTc3LWY4ZnAtNTk3N84AAWQp
Stored Cross-Site Scripting Vulnerability in Jenkins Shelve Project Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:shelve-project-plugin
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1wYzMyLXg3MzctNzRjds0zpg
Cross-site Scripting in Pimcore
Ecosystems: packagist
Packages: pimcore/pimcore
Source: GitHub Advisory Database
Blast Radius: 13.4
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1ydjVxLTcycDItMnEyNM4AAvEW
Centreon contains cross-site scripting vulnerability via esc_name parameter
Ecosystems: packagist
Packages: centreon/centreon
Source: GitHub Advisory Database
Blast Radius: 2.6
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1tcGhtLWdxaDktcTU5eM4AAzE_
Stored cross site scripting in Microbin
Ecosystems: cargo
Packages: microbin
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 12 months ago
Moderate
GSA_kwCzR0hTQS0zajU4LXA3ODUtZjI3eM0mwA
Cross-site Scripting in microweber
Ecosystems: packagist
Packages: microweber/microweber
Source: GitHub Advisory Database
Blast Radius: 3.8
Published: about 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWN4dnItcjkybS1xOWh3
XSS in Dolibarr
Ecosystems: packagist
Packages: dolibarr/dolibarr
Source: GitHub Advisory Database
Blast Radius: 4.2
Published: almost 4 years ago
Moderate
GSA_kwCzR0hTQS1qZjl2LXE4dmgtM2ZtY80VrQ
Cross-site scripting in ICEcoder
Ecosystems: packagist
Packages: icecoder/icecoder
Source: GitHub Advisory Database
Blast Radius: 1.6
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1nNWptLXhod20tOXhwOc0gRw
Cross site scripting in dolibarr
Ecosystems: packagist
Packages: dolibarr/dolibarr
Source: GitHub Advisory Database
Blast Radius: 4.2
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS0zNjU3LXE0MzMtbW1weM4AAbp_
Canvs Canvas Cross-site Scripting (XSS) via title and content fields
Ecosystems: packagist
Packages: austintoddj/canvas
Source: GitHub Advisory Database
Blast Radius: 5.4
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS0zNzR3LWd3cXItZm14Z84AArtY
brotkrueml/schema fails to properly encode user input for output in HTML context, leading to XSS
Ecosystems: packagist
Packages: brotkrueml/schema
Source: GitHub Advisory Database
Blast Radius: 5.4
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1mNTQ2LXY2NjYtNTU5eM4AAu-Z
Craft CMS Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: craftcms/cms
Source: GitHub Advisory Database
Blast Radius: 18.6
Published: over 1 year ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWh2ZjgtaDJxaC0zN205
IPC messages delivered to the wrong frame in Electron
Ecosystems: npm
Packages: electron
Source: GitHub Advisory Database
Blast Radius: 26.8
Published: over 3 years ago
Moderate
GSA_kwCzR0hTQS1odnczLXA5cHgtZ3BjOc4AAuuJ
Gophish before 0.12.0 vulnerable to Open Redirect
Ecosystems: go
Packages: github.com/gophish/gophish
Source: GitHub Advisory Database
Blast Radius: 6.5
Published: over 1 year ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTQzZ2otbWoydy13aDQ2
Cross-Site Scripting in TYPO3 CMS Form Engine
Ecosystems: packagist
Packages: typo3/cms, typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 19.4
Published: almost 4 years ago
Moderate
GSA_kwCzR0hTQS1ncDZtLWZxNmgtY2pjeM4AA5jQ
Magento LTS vulnerable to stored XSS in admin file form
Ecosystems: packagist
Packages: openmage/magento-lts
Source: GitHub Advisory Database
Blast Radius: 8.1
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS02dzlwLTg4cWctcDNnM80YyA
Cross-site Scripting in CKAN
Ecosystems: pypi
Packages: ckan
Source: GitHub Advisory Database
Blast Radius: 7.5
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1mdjJtLTkyNDktcXg4Nc4AAu1R
TYPO3 CMS vulnerable to Cross-Site Scripting in <f:asset.css> view helper
Ecosystems: packagist
Packages: typo3/cms, typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 19.4
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS0zcjk1LTIzanAtbWh2Z84AArtP
Cross-Site Scripting in TYPO3's Form Framework
Ecosystems: packagist
Packages: typo3/cms, typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 19.4
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS02ZnZmLXg4YzYtMmY2as4AAzAT
Cross-site Scripting (XSS) in DataObject Any Getter grid operator
Ecosystems: packagist
Packages: pimcore/pimcore
Source: GitHub Advisory Database
Blast Radius: 13.4
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS14YzQ3LTNyY2gtY3Y1N80j7A
Improper Access Control in snipe-it
Ecosystems: packagist
Packages: snipe/snipe-it
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS13djYzLWd3cjktNWM1Nc4AAnOM
Stored XSS vulnerability in Jenkins button labels
Ecosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Statistics
Advisories: 18,235
Packages: 8,259
Repositories: 4,986
Ecosystems: 12
Filter by Severity
Moderate 7,871 High 6,313 Critical 2,791 Low 975
Filter by Ecosystem
maven 5,518 packagist 3,782 pypi 3,636 npm 3,530 go 1,887 nuget 1,390 rubygems 813 cargo 773 swift 31 hex 29 actions 16 pub 8
Filter by Package
tensorflow 432 tensorflow-cpu 387 tensorflow-gpu 384 moodle/moodle 318 Microsoft.ChakraCore 247 org.jenkins-ci.main:jenkins-core 189 magento/community-edition 182 org.apache.tomcat:tomcat 134 pimcore/pimcore 116 dolibarr/dolibarr 105 typo3/cms 102 phpmyadmin/phpmyadmin 91 microweber/microweber 91 django 80 apache-airflow 78 typo3/cms-core 73 thorsten/phpmyfaq 70 drupal/core 70 com.fasterxml.jackson.core:jackson-databind 69 ansible 63 github.com/usememos/memos 59 actionpack 57 drupal/drupal 56 org.apache.struts:struts2-core 55 librenms/librenms 54 symfony/symfony 53 concrete5/concrete5 52 apache-superset 48 shopware/platform 48 org.keycloak:keycloak-core 47 com.liferay.portal:release.portal.bom 45 baserproject/basercms 43 Plone 43 rdiffweb 42 plone 42 nokogiri 42 Pillow 41 salt 41 craftcms/cms 40 intelliants/subrion 40 showdoc/showdoc 40 github.com/mattermost/mattermost/server/v8 38 vyper 38 github.com/mattermost/mattermost-server/v6 37 org.apache.tomcat.embed:tomcat-embed-core 37 nilsteampassnet/teampass 37 com.jfinal:jfinal 36 com.thoughtworks.xstream:xstream 36 froxlor/froxlor 36 shopware/core 36 matrix-synapse 35 net.mingsoft:ms-mcms 35 github.com/answerdev/answer 34 org.xwiki.platform:xwiki-platform-oldcore 34 snipe/snipe-it 32 org.elasticsearch:elasticsearch 32 k8s.io/kubernetes 32 silverstripe/framework 32 mlflow 31 opencv-python 30 opencv-contrib-python 30 org.jenkins-ci.plugins:script-security 30 github.com/argoproj/argo-cd 29 parse-server 29 github.com/rancher/rancher 28 github.com/grafana/grafana 28 mautic/core 28 github.com/hashicorp/vault 28 Django 27 centreon/centreon 27 io.undertow:undertow-core 27 getgrav/grav 27 shopware/shopware 27 org.keycloak:keycloak-services 27 electron 26 github.com/hashicorp/nomad 26 openssl-src 26 github.com/hashicorp/consul 26 rubygems-update 25 org.apache.solr:solr-core 25 org.keycloak:keycloak-parent 25 gogs.io/gogs 24 magento/core 24 prestashop/prestashop 24 org.eclipse.jetty:jetty-server 23 org.springframework.security:spring-security-core 23 remdex/livehelperchat 23 pocketmine/pocketmine-mp 23 github.com/argoproj/argo-cd/v2 23 puppet 23 org.apache.nifi:nifi 22 getkirby/cms 22 grumpydictator/firefly-iii 22 rack 22 ckb 22 org.apache.openmeetings:openmeetings-parent 21 contao/core-bundle 21 @openzeppelin/contracts-upgradeable 21 activerecord 21 org.cloudfoundry.identity:cloudfoundry-identity-server 20 @openzeppelin/contracts 20 github.com/cilium/cilium 20 code.gitea.io/gitea 19 DotNetNuke.Core 19 github.com/docker/docker 19 github.com/ethereum/go-ethereum 19 org.springframework:spring-core 19 helm.sh/helm/v3 18 forkcms/forkcms 18 tribalsystems/zenario 18 moin 18 org.bouncycastle:bcprov-jdk14 18 langchain 18 contao/contao 18 com.liferay.portal:release.dxp.bom 18 com.vaadin:vaadin-bom 18 Microsoft.AspNetCore.App.Runtime.win-x64 17 francoisjacquet/rosariosis 17 org.apache.geode:geode-core 17 cobbler 17 simplesamlphp/simplesamlphp 17 genix/cms 17 Microsoft.AspNetCore.App.Runtime.win-x86 17 PaddlePaddle 17 cakephp/cakephp 17 org.xwiki.platform:xwiki-platform-web-templates 17 symfony/security 17 cockpit-hq/cockpit 17 golang.org/x/net 17 org.bouncycastle:bcprov-jdk15 16 org.apache.dubbo:dubbo 16 wasmtime 16 rusqlite 16 org.apache.activemq:activemq-client 16 directus 16 pillow 16 yetiforce/yetiforce-crm 16 sequelize 16 Microsoft.AspNetCore.App.Runtime.win-arm 16 org.apache.jspwiki:jspwiki-main 15 Microsoft.AspNetCore.App.Runtime.osx-x64 15 Microsoft.AspNetCore.App.Runtime.linux-x64 15 Microsoft.AspNetCore.App.Runtime.linux-musl-x64 15 Microsoft.AspNetCore.App.Runtime.linux-arm64 15 Microsoft.AspNetCore.App.Runtime.linux-arm 15 openmage/magento-lts 15 org.apache.struts.xwork:xwork-core 15 notebook 15 nova 15 github.com/goharbor/harbor 15 topthink/framework 15 cryptography 15 paddlepaddle 15 Microsoft.AspNetCore.App.Runtime.win-arm64 14 ezsystems/ezpublish-kernel 14 org.xwiki.platform:xwiki-platform-web 14 smarty/smarty 14 modoboa 14 Microsoft.AspNetCore.App.Runtime.linux-musl-arm64 14 ec-cube/ec-cube 14 publify_core 14 phpmailer/phpmailer 14 tinymce 14 gradio 14 swagger-ui 14 pyload-ng 14 pyftpdlib 14 typo3/cms-backend 14 symfony/security-http 14 zendframework/zendframework1 14 activesupport 14 ghost 14 strapi 13 elefant/cms 13 passenger 13 org.apache.cxf:cxf 13 joplin 13 github.com/opencontainers/runc 13 october/system 13 keystone 13 next 13 github.com/mattermost/mattermost-server 13 codeigniter4/framework 13 github.com/containerd/containerd 13 org.apache.hadoop:hadoop-main 13 github.com/traefik/traefik/v2 13 github.com/nats-io/nats-server/v2 13 impresscms/impresscms 13 org.apache.inlong:manager-pojo 13 ckeditor4 13 studio-42/elfinder 12 com.vaadin:flow-server 12 phpbb/phpbb 12 undici 12 org.jenkins-ci.plugins:git 12 vm2 12 neutron 12 github.com/moby/moby 12 phpmyfaq/phpmyfaq 12 org.apache.dolphinscheduler:dolphinscheduler 12
Filter by Repository
https://github.com/tensorflow/tensorflow 432 https://github.com/chakra-core/ChakraCore 214 https://github.com/moodle/moodle 210 https://github.com/xwiki/xwiki-platform 172 https://github.com/jenkinsci/jenkins 148 https://github.com/pimcore/pimcore 111 https://github.com/apache/tomcat 96 https://github.com/apache/airflow 90 https://github.com/microweber/microweber 85 https://github.com/django/django 73 https://github.com/FasterXML/jackson-databind 70 https://github.com/thorsten/phpmyfaq 69 https://github.com/keycloak/keycloak 59 https://github.com/usememos/memos 59 https://github.com/Dolibarr/dolibarr 54 https://github.com/rails/rails 53 https://github.com/ansible/ansible 53 https://github.com/python-pillow/Pillow 52 https://github.com/kubernetes/kubernetes 48 https://github.com/symfony/symfony 47 https://github.com/apache/struts 46 https://github.com/librenms/librenms 46 https://github.com/shopware/platform 43 https://github.com/TYPO3/typo3 42 https://github.com/ikus060/rdiffweb 42 https://github.com/spring-projects/spring-framework 41 https://github.com/star7th/showdoc 38 https://github.com/phpmyadmin/phpmyadmin 38 https://github.com/vyperlang/vyper 38 https://github.com/argoproj/argo-cd 37 https://github.com/plone/Products.CMFPlone 37 https://github.com/x-stream/xstream 36 https://github.com/answerdev/answer 34 https://github.com/concretecms/concretecms 34 https://github.com/octobercms/october 33 https://github.com/matrix-org/synapse 32 https://github.com/apache/activemq 32 https://github.com/PaddlePaddle/Paddle 31 https://github.com/go-gitea/gitea 31 https://github.com/sparklemotion/nokogiri 31 https://github.com/magento/magento2 31 https://github.com/parse-community/parse-server 29 https://github.com/craftcms/cms 29 https://github.com/CVEProject/cvelist 28 https://github.com/opencv/opencv 28 https://github.com/snipe/snipe-it 28 https://github.com/mautic/mautic 27 https://github.com/froxlor/froxlor 26 https://github.com/saltstack/salt 26 https://github.com/apache/inlong 25 https://github.com/electron/electron 25 https://github.com/mlflow/mlflow 25 https://github.com/rancher/rancher 25 https://github.com/shopware/shopware 24 https://github.com/TYPO3/TYPO3.CMS 24 https://github.com/livehelperchat/livehelperchat 23 https://github.com/eclipse/jetty.project 23 https://github.com/getgrav/grav 23 https://github.com/github/advisory-database 23 https://github.com/pmmp/PocketMine-MP 23 https://github.com/dotnet/runtime 23 https://github.com/grafana/grafana 22 https://github.com/nervosnetwork/ckb 22 https://github.com/contao/contao 22 https://github.com/baserproject/basercms 22 https://github.com/firefly-iii/firefly-iii 22 https://github.com/strapi/strapi 21 https://github.com/apache/nifi 21 https://github.com/gogs/gogs 20 https://github.com/OpenZeppelin/openzeppelin-contracts 20 https://github.com/jenkinsci/script-security-plugin 20 https://github.com/netty/netty 20 https://github.com/cilium/cilium 20 https://github.com/OpenNMS/opennms 20 https://github.com/PrestaShop/PrestaShop 20 https://github.com/jeecgboot/jeecg-boot 20 https://github.com/nilsteampassnet/teampass 19 https://github.com/apache/cxf 19 https://github.com/cloudfoundry/uaa 19 https://github.com/intelliants/subrion 19 https://github.com/helm/helm 19 https://github.com/hashicorp/consul 19 https://github.com/nilsteampassnet/TeamPass 18 https://github.com/bcgit/bc-java 18 https://github.com/getkirby/kirby 18 https://github.com/rubygems/rubygems 18 https://github.com/bytecodealliance/wasmtime 17 https://github.com/vaadin/platform 17 https://github.com/rack/rack 17 https://github.com/liufee/cms 17 https://github.com/umbraco/Umbraco-CMS 16 https://github.com/yetiforcecompany/yetiforcecrm 16 https://github.com/forkcms/forkcms 16 https://github.com/etcd-io/etcd 16 https://github.com/rusqlite/rusqlite 16 https://github.com/hashicorp/vault 16 https://github.com/sequelize/sequelize 16 https://github.com/opencast/opencast 16 https://github.com/centreon/centreon 15 https://github.com/ethereum/go-ethereum 15 https://github.com/OpenMage/magento-lts 15 https://github.com/directus/directus 15 https://github.com/puppetlabs/puppet 15 https://github.com/apache/camel 15 https://github.com/goharbor/harbor 15 https://github.com/geoserver/geoserver 15 https://github.com/denoland/deno 14 https://github.com/langchain-ai/langchain 14 https://github.com/vantage6/vantage6 14 https://github.com/tinymce/tinymce 14 https://github.com/simplesamlphp/simplesamlphp 14 https://github.com/pyload/pyload 14 https://github.com/moby/moby 14 https://github.com/cobbler/cobbler 14 https://github.com/PHPMailer/PHPMailer 14 https://github.com/cockpit-hq/cockpit 14 https://github.com/mattermost/mattermost 14 https://github.com/pyca/cryptography 14 https://github.com/golang/go 13 https://github.com/dompdf/dompdf 13 https://github.com/containerd/containerd 13 https://github.com/gradio-app/gradio 13 https://github.com/modoboa/modoboa 13 https://github.com/undertow-io/undertow 13 https://github.com/silverstripe/silverstripe-framework 13 https://github.com/quarkusio/quarkus 13 https://github.com/publify/publify 13 https://github.com/swagger-api/swagger-ui 13 https://github.com/traefik/traefik 13 https://github.com/xuxueli/xxl-job 13 https://github.com/hashicorp/nomad 13 https://github.com/ming-soft/MCMS 13 https://github.com/ckeditor/ckeditor4 12 https://github.com/nodejs/undici 12 https://github.com/apache/kylin 12 https://github.com/patriksimek/vm2 12 https://github.com/apache/dolphinscheduler 12 https://github.com/backstage/backstage 12 https://github.com/twisted/twisted 12 https://github.com/TryGhost/Ghost 12 https://github.com/centreon/centreon-archived 12 https://github.com/dromara/hutool 12 https://github.com/laurent22/joplin 12 https://github.com/thorsten/phpMyFAQ 11 https://github.com/openstack/keystone 11 https://github.com/containers/podman 11 https://github.com/opencontainers/runc 11 https://github.com/onionshare/onionshare 11 https://github.com/drupal/core 11 https://github.com/cloudflare/cfrpki 11 https://github.com/igniterealtime/Openfire 11 https://github.com/smarty-php/smarty 11 https://github.com/urllib3/urllib3 11 https://github.com/openfga/openfga 11 https://github.com/NodeBB/NodeBB 11 https://github.com/puma/puma 11 https://github.com/cakephp/cakephp 11 https://github.com/Studio-42/elFinder 11 https://github.com/vaadin/flow 11 https://github.com/janeczku/calibre-web 11 https://github.com/jquery/jquery 11 https://github.com/greenpau/caddy-security 10 https://github.com/ezsystems/ezpublish-kernel 10 https://github.com/zitadel/zitadel 10 https://github.com/keystonejs/keystone 10 https://github.com/cosmos/cosmos-sdk 10 https://github.com/OPCFoundation/UA-.NETStandard 10 https://github.com/zopefoundation/Zope 10 https://github.com/pimcore/admin-ui-classic-bundle 10 https://github.com/codeigniter4/CodeIgniter4 10 https://github.com/1Panel-dev/1Panel 10 https://github.com/dolibarr/dolibarr 10 https://github.com/jenkinsci/git-plugin 10 https://github.com/aio-libs/aiohttp 10 https://github.com/WWBN/AVideo 10 https://github.com/jupyter/notebook 10 https://github.com/dotnet/aspnetcore 10 https://github.com/phusion/passenger 10 https://github.com/nextauthjs/next-auth 10 https://github.com/nats-io/nats-server 10 https://github.com/dpgaspar/Flask-AppBuilder 10 https://github.com/semplon/GeniXCMS 9 https://github.com/rails/rails-html-sanitizer 9 https://github.com/DSpace/DSpace 9 https://github.com/bolt/bolt 9 https://github.com/top-think/framework 9 https://github.com/evershopcommerce/evershop 9 https://github.com/apache/lucene-solr 9 https://github.com/kevinpapst/kimai2 9 https://github.com/Graylog2/graylog2-server 9 https://github.com/spring-projects/spring-security 9 https://github.com/laravel/framework 9 https://github.com/ethyca/fides 9 https://github.com/LavaLite/cms 9 https://github.com/giampaolo/pyftpdlib 9 https://github.com/cui2shark/cms 9 https://github.com/apache/superset 9 https://github.com/fatfreecrm/fat_free_crm 9 https://github.com/neorazorx/facturascripts 9