Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories

Loading...
High
GSA_kwCzR0hTQS1ydm1jLThnbWctZ2dxcs0yYw
Moodle Blind SQL injection possible via MNet authentication
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 10.2
Published: about 2 years ago
High
GSA_kwCzR0hTQS1wcHB2LWNoOHAtcnAyd84AAwd6
lite-dev-server vulnerable to Directory Traversal
Ecosystems: npm
Packages: lite-dev-server
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
High
GSA_kwCzR0hTQS01ZjVjLTY4N3gtZzVxbc0c1g
Classic Buffer Overflow in pyo
Ecosystems: pypi
Packages: pyo
Source: GitHub Advisory Database
Blast Radius: 13.7
Published: over 2 years ago
High
GSA_kwCzR0hTQS1ncHJoLTc3NjctY3czOc06dw
Code Injection in Bolt CMS
Ecosystems: packagist
Packages: bolt/core
Source: GitHub Advisory Database
Blast Radius: 16.2
Published: about 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXh3amgtY3A5OS1jajhx
Path Traversal in cordova-plugin-ionic-webview
Ecosystems: npm
Packages: cordova-plugin-ionic-webview
Source: GitHub Advisory Database
Blast Radius: 36.9
Published: over 5 years ago
High
GSA_kwCzR0hTQS1ncWd2LTJncDMtcXFwM84AAWUi
WeChat Pay Java SDK allows XXE
Ecosystems: maven
Packages: com.github.wxpay:wxpay-sdk
Source: GitHub Advisory Database
Blast Radius: 23.9
Published: about 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWY4bXItanYyYy12OG1n
Invalid root may become trusted root in The Update Framework (TUF)
Ecosystems: pypi
Packages: tuf
Source: GitHub Advisory Database
Blast Radius: 13.8
Published: over 3 years ago
High
GSA_kwCzR0hTQS1mcTlyLThqcG0tMjIyMs4AAYdL
Plone Header Injection
Ecosystems: pypi
Packages: plone
Source: GitHub Advisory Database
Blast Radius: 6.3
Published: about 2 years ago
High
GSA_kwCzR0hTQS12cmdwLTNwaDYtMnd3cc03dQ
SQL Injection in Dolibarr
Ecosystems: packagist
Packages: dolibarr/dolibarr
Source: GitHub Advisory Database
Blast Radius: 6.8
Published: about 2 years ago
High
GSA_kwCzR0hTQS1qcHd4LWZmanEtd3I0d80Vkg
Content object state fetch functions open to SQL injection
Ecosystems: packagist
Packages: ezsystems/ezpublish-legacy
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
High
GSA_kwCzR0hTQS12bXZwLTJoaHgtcmdtOM4AAi-c
Cross-Site Request Forgery in Jenkins Gerrit Trigger Plugin
Ecosystems: maven
Packages: com.sonyericsson.hudson.plugins.gerrit:gerrit-trigger
Source: GitHub Advisory Database
Blast Radius: 11.0
Published: almost 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTdwN2gtNG1tNS04NTJ2
Uncontrolled Resource Consumption in trim-newlines
Ecosystems: npm
Packages: trim-newlines
Source: GitHub Advisory Database
Blast Radius: 46.0
Published: almost 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTdjOXctcW1ycS1mZjhy
Path Traversal in http-live-simulator
Ecosystems: npm
Packages: http-live-simulator
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTNqZnEtZzQ1OC03cW05
Arbitrary File Creation/Overwrite due to insufficient absolute path sanitization
Ecosystems: npm
Packages: tar
Source: GitHub Advisory Database
Blast Radius: 53.3
Published: almost 3 years ago
High
GSA_kwCzR0hTQS0yNGc2LTVyeDctNTh3as0fqA
Missing Initialization of Resource in pnet
Ecosystems: cargo
Packages: pnet
Source: GitHub Advisory Database
Blast Radius: 20.2
Published: over 2 years ago
High
GSA_kwCzR0hTQS12cjZ2LXdqZnctcnhjcs4AAlYW
Stored XSS vulnerability in Jenkins Matrix Authorization Strategy Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:matrix-auth
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
High
GSA_kwCzR0hTQS0ycTZ2LTMybXItOHA4eM06nQ
Null Byte Injection in Plug.Static
Ecosystems: hex
Packages: plug
Source: GitHub Advisory Database
Blast Radius: 32.7
Published: about 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWh4Y20tdjM1aC1tZzJ4
Prototype Pollution in querystringify
Ecosystems: npm
Packages: querystringify
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 5 years ago
High
GSA_kwCzR0hTQS1mNDljLTg3amgtZzQ3cc4AAyTz
TensorFlow has double free in Fractional(Max/Avg)Pool
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 38.9
Published: about 1 year ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXA2OWctZjk3OC14eHY5
Cross-Site Request Forgery (CSRF) in Luigi
Ecosystems: pypi
Packages: luigi
Source: GitHub Advisory Database
Blast Radius: 24.4
Published: over 5 years ago
High
GSA_kwCzR0hTQS1jd3ZjLTg3eHEtcGM1bc0fiw
Out-of-bounds Write and Race Condition in metrics-util
Ecosystems: cargo
Packages: metrics-util
Source: GitHub Advisory Database
Blast Radius: 24.2
Published: over 2 years ago
High
GSA_kwCzR0hTQS0yanJtLWd3dzctd2NoMs4AAnXz
Moodle Arbitrary PHP code execution by site admins via Shibboleth configuration
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 10.2
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1qNG1tLTdwajMtamY3ds0bQQ
HTTP Method Spoofing
Ecosystems: maven
Packages: org.opencastproject:opencast-common
Source: GitHub Advisory Database
Blast Radius: 11.8
Published: over 2 years ago
High
GSA_kwCzR0hTQS1jMmZwLW1wbW0tY3F4ds4AAeyX
Code injection via property expansion in SoapUI
Ecosystems: maven
Packages: com.smartbear.soapui:soapui
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS1nOTU0LTVod3AtcHAyNM4AArQX
Prototype Pollution in protobufjs
Ecosystems: npm
Packages: protobufjs
Source: GitHub Advisory Database
Blast Radius: 41.8
Published: almost 2 years ago
High
GSA_kwCzR0hTQS02ajYyLW0ydnYtd2Mzbc38iQ
Dolibarr arbitrary commands execution
Ecosystems: packagist
Packages: dolibarr/dolibarr
Source: GitHub Advisory Database
Blast Radius: 6.2
Published: about 2 years ago
High
GSA_kwCzR0hTQS1nODdyLTIzdnctN2Y4N80egg
Use After Free in rusqlite
Ecosystems: cargo
Packages: rusqlite
Source: GitHub Advisory Database
Blast Radius: 25.9
Published: over 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWY2ZzYtNTRobS1maHh2
Data races in libsbc
Ecosystems: cargo
Packages: libsbc
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWZ2d3ItaDl4aC1tNndj
Denial of Service in @commercial/subtext
Ecosystems: npm
Packages: @commercial/subtext
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
High
GSA_kwCzR0hTQS1ycXJjLThxOGYtY3A5Y805cw
Infinite loop in .Net Bond
Ecosystems: nuget
Packages: Bond.Core.CSharp
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJ3djgtanZmZi1qcTI4
Path Traversal in public
Ecosystems: npm
Packages: public
Source: GitHub Advisory Database
Blast Radius: 14.0
Published: almost 6 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXA4angteDJ2dy13bTMz
Code execution in org.apache.storm:storm-core
Ecosystems: maven
Packages: org.apache.storm:storm-core
Source: GitHub Advisory Database
Blast Radius: 28.6
Published: over 5 years ago
High
GSA_kwCzR0hTQS14cmczLWhtZjMtcnZnd80ehg
Path Traversal in rust-embed
Ecosystems: cargo
Packages: rust-embed
Source: GitHub Advisory Database
Blast Radius: 24.0
Published: over 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTNtcHItaHEzcC00OWg5
Prototype Pollution in mixin-deep
Ecosystems: npm
Packages: mixin-deep
Source: GitHub Advisory Database
Blast Radius: 52.7
Published: almost 6 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWN3eDItNzM2eC1tZjZ3
Prototype pollution in object-path
Ecosystems: npm
Packages: object-path
Source: GitHub Advisory Database
Blast Radius: 46.0
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXE4cGotMnZxeC04Z2dj
Denial of service in css-what
Ecosystems: npm
Packages: css-what
Source: GitHub Advisory Database
Blast Radius: 48.6
Published: almost 3 years ago
High
GSA_kwCzR0hTQS1mODU0LWhweHYtY3c5cs0gtw
Drainage of FeeCollector's Block Transaction Fees in cronos
Ecosystems: go
Packages: github.com/tharsis/ethermint, github.com/tharsis/evmos, github.com/crypto-org-chain/cronos
Source: GitHub Advisory Database
Blast Radius: 12.5
Published: over 2 years ago
High
GSA_kwCzR0hTQS03ZnhtLWY0NzQtaGY4d84AA209
Kubernetes privilege escalation vulnerability
Ecosystems: go
Packages: k8s.io/kubernetes
Source: GitHub Advisory Database
Blast Radius: 37.9
Published: 7 months ago
High
GSA_kwCzR0hTQS13eGZqLTg0eGYtN2d4ds4AAx2l
mde utilities contains Prototype Pollution
Ecosystems: npm
Packages: utilities
Source: GitHub Advisory Database
Blast Radius: 24.4
Published: about 1 year ago
High
GSA_kwCzR0hTQS1tM3JmLTdtNHctcjY2cc0ahQ
Improper Authentication in Flask-AppBuilder
Ecosystems: pypi
Packages: Flask-AppBuilder
Source: GitHub Advisory Database
Blast Radius: 22.4
Published: over 2 years ago
High
GSA_kwCzR0hTQS13MnBtLXI3OGgtNG03ds0dSA
OS Command Injection in Laravel Framework
Ecosystems: packagist
Packages: laravel/framework
Source: GitHub Advisory Database
Blast Radius: 50.0
Published: over 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXIzMngtamh3NS1nNDhw
Cross-Site Scripting in eco
Ecosystems: npm
Packages: eco
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXIzeGMtNDdxZy1oOTI5
Cross-Site Scripting in @ionic/core
Ecosystems: npm
Packages: @ionic/core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
High
GSA_kwCzR0hTQS1wZ201LWNyNjItcHJ4cc4AAtoJ
Moodle Arbitrary file read when importing lesson questions
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 10.6
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1teDN4LXJtcmgtOXdmNs04yg
SQL injection in net.mingsoft:ms-mcms
Ecosystems: maven
Packages: net.mingsoft:ms-mcms
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS12NjhnLXdtOGMtNng3as4AA38Z
transformers has a Deserialization of Untrusted Data vulnerability
Ecosystems: pypi
Packages: transformers
Source: GitHub Advisory Database
Blast Radius: 35.1
Published: 5 months ago
High
GSA_kwCzR0hTQS0yNXByLTZwcjYtNjh2N80Viw
Path traversal in atlasboard
Ecosystems: npm
Packages: atlasboard
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
High
GSA_kwCzR0hTQS13aGd2LThjZzMtN2hjbc4AAdU9
Symphony Denial of Service Via Overlong Usernames
Ecosystems: packagist
Packages: symfony/symfony, symfony/security, symfony/security-http
Source: GitHub Advisory Database
Blast Radius: 32.9
Published: about 2 years ago
High
GSA_kwCzR0hTQS00angyLWh2cXctOTNqOc4AAxvF
dd-plist XML External Entitly vulnerability
Ecosystems: maven
Packages: com.googlecode.plist:dd-plist
Source: GitHub Advisory Database
Blast Radius: 18.5
Published: about 1 year ago
High
GSA_kwCzR0hTQS01OGZtLXY0cHItamg4cM4AAc65
Moodle Unrestricted file upload vulnerability
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 12.5
Published: about 2 years ago
High
GSA_kwCzR0hTQS04bWZxLWY1d2otdnc1bc4AAxw5
Nautobot vulnerable to remote code execution via Jinja2 template rendering
Ecosystems: pypi
Packages: nautobot
Source: GitHub Advisory Database
Blast Radius: 12.5
Published: about 1 year ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXhtOWYtdnhteC00bTU4
Data Flow Sanitation Issue Fix
Ecosystems: packagist
Packages: openmage/magento-lts
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWh4NXgtNDltbS12bWh3
SQL Injection in sails-mysql
Ecosystems: npm
Packages: sails-mysql
Source: GitHub Advisory Database
Blast Radius: 22.9
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWM5aDUtaGY4ci1tOTd4
Dangling reference in flatbuffers
Ecosystems: cargo
Packages: flatbuffers
Source: GitHub Advisory Database
Blast Radius: 22.1
Published: over 2 years ago
High
GSA_kwCzR0hTQS03Mm02LTIzZmYtN3EyNs4AATvM
Improper Authentication in Apache WSS4J
Ecosystems: maven
Packages: org.apache.activemq:activemq-jaas, org.apache.activemq:activemq-broker
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS03aHBqLWhmY3ItNXF3bc0ZPA
Code injection in FreeIPA
Ecosystems: pypi
Packages: ipa
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWZqOTMtN3dtNC04eDJn
Cross-Site Scripting in jquery-mobile
Ecosystems: npm
Packages: jquery-mobile
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
High
GSA_kwCzR0hTQS1xaDd4LWo0djgtcXc1d80V7Q
Clipboard-based XSS
Ecosystems: npm
Packages: jsuites
Source: GitHub Advisory Database
Blast Radius: 18.8
Published: over 2 years ago
High
GSA_kwCzR0hTQS04ZnA0LXJwNmMtNWdjds0Y7g
Path Traversal in com.linecorp.armeria:armeria
Ecosystems: maven
Packages: com.linecorp.armeria:armeria
Source: GitHub Advisory Database
Blast Radius: 18.0
Published: over 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTl3ODctNGo3Mi1nY3Y3
Insecure Default Configuration in graphql-code-generator
Ecosystems: npm
Packages: graphql-code-generator
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
High
GSA_kwCzR0hTQS00dzIzLWM5N2ctZnE1ds0dFQ
snipe-it is vulnerable to Cross-Site Request Forgery (CSRF)
Ecosystems: packagist
Packages: snipe/snipe-it
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
High
GSA_kwCzR0hTQS1yamMyLXg1M3ItNmM5cs3-JQ
RCE in baserCMS before 4.1.4
Ecosystems: packagist
Packages: baserproject/basercms
Source: GitHub Advisory Database
Blast Radius: 4.3
Published: about 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTh3Z2Mtamp2di1jdjZ2
Improper Authorization in loopback
Ecosystems: npm
Packages: loopback
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXA5dnYtMzk0NS14OTNo
Cross-Site Scripting in semantic-ui-search
Ecosystems: npm
Packages: semantic-ui-search
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
High
GSA_kwCzR0hTQS1nNjd4LW1ncnYtbTNnds4AAj1j
ChakraCore RCE Vulnerability
Ecosystems: nuget
Packages: Microsoft.ChakraCore
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
High
GSA_kwCzR0hTQS02NngzLTZjdzMtdjVnas4AAqwc
Improper Validation of Integrity Check Value in go-tuf
Ecosystems: go
Packages: github.com/theupdateframework/go-tuf
Source: GitHub Advisory Database
Blast Radius: 24.5
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1mZjQ1LTJqcDktNjlqY84AA1Y1
Cockpit Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: cockpit-hq/cockpit
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 9 months ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWgzd3YtNDd4bS00bWc2
Server Side Request Forgery in svgSalamander
Ecosystems: maven
Packages: com.kitfox.svg:svg-salamander
Source: GitHub Advisory Database
Blast Radius: 11.1
Published: over 5 years ago
High
GSA_kwCzR0hTQS13YzY5LXJoanItaGM5Z84AAtHU
Moment.js vulnerable to Inefficient Regular Expression Complexity
Ecosystems: nuget, npm
Packages: Moment.js, moment
Source: GitHub Advisory Database
Blast Radius: 46.0
Published: almost 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXczMmctNWhxcC1nZzZx
Cross-Site Scripting in mermaid
Ecosystems: npm
Packages: mermaid
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXBqeHYtdzNxai1qOG0z
Directory Traversal in elFinder.AspNet
Ecosystems: nuget
Packages: elFinder.AspNet
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 3 years ago
High
GSA_kwCzR0hTQS1qcWdyLWdoNjItamY1M84AAvJO
Moodle Stored Cross-site Scripting and page denial of service
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 10.0
Published: over 1 year ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWY1Y3YteHJ2OS1yOHc3
NoSQL injection in express-cart
Ecosystems: npm
Packages: express-cart
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
High
GSA_kwCzR0hTQS13eGc2LWY3NzMtZzJmN84AAgWQ
jQuery File Upload Plugin Unrestricted file upload vulnerability
Ecosystems: packagist
Packages: blueimp/jquery-file-upload
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1yOXczLWc4M3EtbTZocc03ow
Prototype Pollution in deepmerge-ts
Ecosystems: npm
Packages: deepmerge-ts
Source: GitHub Advisory Database
Blast Radius: 32.1
Published: about 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTlqeHctY2ZyaC1qeHE2
Cachet vulnerable to new line injection during configuration edition
Ecosystems: packagist
Packages: cachethq/cachet
Source: GitHub Advisory Database
Blast Radius: 7.4
Published: over 2 years ago
High
GSA_kwCzR0hTQS02OXdwLXh3bTctNjl3bc01DA
Exposure of Resource to Wrong Sphere in ThinkPHP Framework
Ecosystems: packagist
Packages: topthink/framework
Source: GitHub Advisory Database
Blast Radius: 26.3
Published: about 2 years ago
High
GSA_kwCzR0hTQS03YzQ0LTdqN3YtdzU1NM4AA3_x
Buildkite Elastic CI for AWS symbolic link following vulnerability
Ecosystems: go
Packages: github.com/buildkite/elastic-ci-stack-for-aws/v6
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 5 months ago
High
GSA_kwCzR0hTQS1jcXh4LTY2d2gtOHBqd803oQ
Improper Removal of Sensitive Information Before Storage or Transfer in irrd
Ecosystems: pypi
Packages: irrd
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: about 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTl2aDUtcjRxdy12M3Z2
Improper Resource Shutdown or Release in HashiCorp Vault
Ecosystems: go
Packages: github.com/hashicorp/vault
Source: GitHub Advisory Database
Blast Radius: 25.2
Published: almost 3 years ago
High
GSA_kwCzR0hTQS14aHI4LW1wd3EtMnJyMs03nw
Automatic named constructor discovery in Valinor
Ecosystems: packagist
Packages: cuyz/valinor
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS13NTk4LTI1aG0tanF4M84AAkDH
RCE vulnerability in Jenkins Pipeline: AWS Steps Plugin
Ecosystems: maven
Packages: de.taimos:pipeline-aws
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTIyNGgtcDdwNS1yaDg1
Directory Traversal in wenluhong1
Ecosystems: npm
Packages: wenluhong1
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
High
GSA_kwCzR0hTQS0zM2M5LXJwcGYtbTdmcc4AAvMI
Backdrop CMS Unrestricted File Upload vulnerability
Ecosystems: packagist
Packages: backdrop/backdrop
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
High
GSA_kwCzR0hTQS0zZzZjLTg4cGYtbTQ2Zs3zlg
Bolt Cross Site Request Forgery (CSRF)
Ecosystems: packagist
Packages: bolt/bolt
Source: GitHub Advisory Database
Blast Radius: 20.8
Published: about 2 years ago
High
GSA_kwCzR0hTQS0zcXI2LXFycW0tOHY4Ns01Kw
Integer Overflow or Wraparound in Microweber
Ecosystems: packagist
Packages: microweber/microweber
Source: GitHub Advisory Database
Blast Radius: 5.2
Published: about 2 years ago
High
GSA_kwCzR0hTQS1nbWc1LWYyZ20tcDNoN83zug
Bolt Unrestricted Upload of File with Dangerous Type
Ecosystems: packagist
Packages: bolt/bolt
Source: GitHub Advisory Database
Blast Radius: 20.8
Published: about 2 years ago
High
GSA_kwCzR0hTQS0zcmZtLWpod2otNzQ4OM4AAvVB
loader-utils is vulnerable to Regular Expression Denial of Service (ReDoS) via url variable
Ecosystems: npm
Packages: loader-utils
Source: GitHub Advisory Database
Blast Radius: 46.7
Published: over 1 year ago
High
GSA_kwCzR0hTQS00cTk2LTlmNjMtcDdqas02ew
Path Traversal in ImpressCMS
Ecosystems: packagist
Packages: impresscms/impresscms
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS1ycjhtLTI5ZzgtOGNnY8017g
SQL Injection in Fork CMS
Ecosystems: packagist
Packages: forkcms/forkcms
Source: GitHub Advisory Database
Blast Radius: 5.3
Published: about 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXczZ2gtZzMybS1jdmhy
High severity vulnerability that affects org.apache.cxf.fediz:fediz-jetty8, org.apache.cxf.fediz:fediz-jetty9, org.apache.cxf.fediz:fediz-spring, org.apache.cxf.fediz:fediz-spring2, and org.apache.cxf.fediz:fediz-spring3
Ecosystems: maven
Packages: org.apache.cxf.fediz:fediz-jetty9, org.apache.cxf.fediz:fediz-jetty8, org.apache.cxf.fediz:fediz-spring3, org.apache.cxf.fediz:fediz-spring2, org.apache.cxf.fediz:fediz-spring
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 5 years ago
High
GSA_kwCzR0hTQS0zaHg0LTI4NXctdjZtbc4AAtDU
Jenkins Project Inheritance Plugin vulnerable to cross site scripting
Ecosystems: maven
Packages: hudson.plugins:project-inheritance
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXYyanEtOTQ3NS1yNWc4
Cross-Site Scripting in bootstrap-tagsinput
Ecosystems: npm
Packages: bootstrap-tagsinput
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
High
GSA_kwCzR0hTQS04MnZyLTU3NjktNjM1OM4AA3Nk
Ethyca Fides Cryptographically Weak Generation of One-Time Codes for Identity Verification
Ecosystems: pypi
Packages: ethyca-fides
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 6 months ago
High
GSA_kwCzR0hTQS05OTg2LTZtNGctMjVmNs4AAW42
Dolibarr SQL injection vulnerability
Ecosystems: packagist
Packages: dolibarr/dolibarr
Source: GitHub Advisory Database
Blast Radius: 6.8
Published: about 2 years ago
High
GSA_kwCzR0hTQS00Y3htLThoaDUtamozM84AApAs
EC-CUBE Improper access control vulnerability
Ecosystems: packagist
Packages: ec-cube/ec-cube
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLThqOGMtN2pmaC1oNmh4
Code Injection in js-yaml
Ecosystems: npm
Packages: js-yaml
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXhoNTUtMmZxcC1wNzc1
Command injection in mail agent settings
Ecosystems: packagist
Packages: shopware/core, shopware/platform
Source: GitHub Advisory Database
Blast Radius: 21.8
Published: over 2 years ago
High
GSA_kwCzR0hTQS1md2NmLTc1M3YtZmdjas4AAy8_
Unrestricted file upload in kiwi TCMS
Ecosystems: pypi
Packages: kiwitcms
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJocTItMjU3NC03OG1j
Unzip function in ZipUtil.java in Hutool allows remote attackers to overwrite arbitrary files via directory traversal
Ecosystems: maven
Packages: cn.hutool:hutool-core, cn.hutool:hutool-all, cn.hutool:hutool-parent
Source: GitHub Advisory Database
Blast Radius: 31.4
Published: over 5 years ago
Statistics
Advisories: 18,752
Packages: 8,375
Repositories: 5,076
Ecosystems: 12
Filter by Severity
Moderate 8,149 High 6,447 Critical 2,848 Low 1,014
Filter by Ecosystem
maven 5,573 packagist 3,982 pypi 3,848 npm 3,558 go 1,934 nuget 1,421 rubygems 815 cargo 780 swift 31 hex 30 actions 16 pub 8
Filter by Package
tensorflow 432 tensorflow-cpu 387 tensorflow-gpu 384 moodle/moodle 323 Microsoft.ChakraCore 247 magento/community-edition 203 org.jenkins-ci.main:jenkins-core 189 org.apache.tomcat:tomcat 134 pimcore/pimcore 116 dolibarr/dolibarr 107 typo3/cms 102 phpmyadmin/phpmyadmin 92 microweber/microweber 91 drupal/core 90 django 80 apache-airflow 78 typo3/cms-core 77 drupal/drupal 75 thorsten/phpmyfaq 70 com.fasterxml.jackson.core:jackson-databind 69 ansible 63 github.com/usememos/memos 59 actionpack 57 org.apache.struts:struts2-core 55 librenms/librenms 54 symfony/symfony 53 salt 53 concrete5/concrete5 52 Plone 52 apache-superset 49 shopware/platform 48 org.keycloak:keycloak-core 47 com.liferay.portal:release.portal.bom 45 nova 45 github.com/grafana/grafana 44 baserproject/basercms 43 plone 43 nokogiri 43 rdiffweb 42 Pillow 41 showdoc/showdoc 40 intelliants/subrion 40 craftcms/cms 40 github.com/mattermost/mattermost/server/v8 38 vyper 38 github.com/mattermost/mattermost-server/v6 37 froxlor/froxlor 37 nilsteampassnet/teampass 37 shopware/core 36 com.thoughtworks.xstream:xstream 36 com.jfinal:jfinal 36 org.apache.tomcat.embed:tomcat-embed-core 36 net.mingsoft:ms-mcms 35 matrix-synapse 35 org.xwiki.platform:xwiki-platform-oldcore 34 github.com/answerdev/answer 34 moin 34 mlflow 33 snipe/snipe-it 32 org.jenkins-ci.plugins:script-security 32 silverstripe/framework 32 org.elasticsearch:elasticsearch 32 k8s.io/kubernetes 32 mautic/core 30 Django 30 opencv-contrib-python 30 opencv-python 30 keystone 30 parse-server 29 github.com/argoproj/argo-cd 29 getgrav/grav 29 github.com/rancher/rancher 28 github.com/hashicorp/vault 28 centreon/centreon 27 shopware/shopware 27 io.undertow:undertow-core 27 org.keycloak:keycloak-services 27 github.com/hashicorp/nomad 26 github.com/hashicorp/consul 26 openssl-src 26 electron 26 prestashop/prestashop 26 org.keycloak:keycloak-parent 25 rubygems-update 25 org.apache.solr:solr-core 25 magento/core 24 gogs.io/gogs 24 github.com/argoproj/argo-cd/v2 23 remdex/livehelperchat 23 org.springframework.security:spring-security-core 23 pocketmine/pocketmine-mp 23 puppet 23 org.eclipse.jetty:jetty-server 23 org.apache.nifi:nifi 22 getkirby/cms 22 grumpydictator/firefly-iii 22 ckb 22 rack 22 org.bouncycastle:bcprov-jdk14 22 activerecord 21 @openzeppelin/contracts-upgradeable 21 org.apache.openmeetings:openmeetings-parent 21 contao/core-bundle 21 github.com/ethereum/go-ethereum 20 org.cloudfoundry.identity:cloudfoundry-identity-server 20 github.com/docker/docker 20 tribalsystems/zenario 20 @openzeppelin/contracts 20 github.com/cilium/cilium 20 code.gitea.io/gitea 19 DotNetNuke.Core 19 org.springframework:spring-core 19 laravel/framework 19 com.liferay.portal:release.dxp.bom 18 glance 18 Microsoft.AspNetCore.App.Runtime.win-x64 18 Microsoft.AspNetCore.App.Runtime.win-x86 18 forkcms/forkcms 18 helm.sh/helm/v3 18 cockpit-hq/cockpit 18 contao/contao 18 directus 18 com.vaadin:vaadin-bom 18 simplesamlphp/simplesamlphp 18 langchain 18 genix/cms 17 ezsystems/ezpublish-kernel 17 PaddlePaddle 17 Microsoft.AspNetCore.App.Runtime.win-arm 17 org.apache.geode:geode-core 17 cakephp/cakephp 17 golang.org/x/net 17 org.xwiki.platform:xwiki-platform-web-templates 17 symfony/security 17 mercurial 17 cobbler 17 francoisjacquet/rosariosis 17 topthink/framework 17 mediawiki/core 17 Microsoft.AspNetCore.App.Runtime.linux-musl-x64 16 org.apache.activemq:activemq-client 16 Microsoft.AspNetCore.App.Runtime.linux-arm64 16 Microsoft.AspNetCore.App.Runtime.linux-x64 16 Microsoft.AspNetCore.App.Runtime.linux-arm 16 rusqlite 16 Microsoft.AspNetCore.App.Runtime.osx-x64 16 sequelize 16 yetiforce/yetiforce-crm 16 wasmtime 16 pillow 16 org.apache.dubbo:dubbo 16 org.bouncycastle:bcprov-jdk15 16 neutron 16 Microsoft.AspNetCore.App.Runtime.win-arm64 15 github.com/goharbor/harbor 15 openmage/magento-lts 15 paddlepaddle 15 cryptography 15 notebook 15 org.apache.struts.xwork:xwork-core 15 Microsoft.AspNetCore.App.Runtime.linux-musl-arm64 15 next 15 gradio 15 org.apache.jspwiki:jspwiki-main 15 swagger-ui 14 ghost 14 phpmailer/phpmailer 14 org.xwiki.platform:xwiki-platform-web 14 ec-cube/ec-cube 14 zendframework/zendframework1 14 activesupport 14 github.com/containerd/containerd 14 pyload-ng 14 tinymce 14 pyftpdlib 14 smarty/smarty 14 modoboa 14 org.apache.inlong:manager-pojo 14 typo3/cms-backend 14 symfony/security-http 14 publify_core 14 github.com/mattermost/mattermost-server 13 org.apache.cxf:cxf 13 github.com/nats-io/nats-server/v2 13 github.com/traefik/traefik/v2 13 elefant/cms 13 passenger 13 october/system 13 org.apache.hadoop:hadoop-main 13 joplin 13 impresscms/impresscms 13 OctoPrint 13 strapi 13 bolt/bolt 13 ckeditor4 13 lavalite/cms 13 codeigniter4/framework 13 github.com/opencontainers/runc 12 swift 12 Microsoft.NETCore.App.Runtime.win-arm64 12
Filter by Repository
https://github.com/tensorflow/tensorflow 432 https://github.com/chakra-core/ChakraCore 214 https://github.com/moodle/moodle 210 https://github.com/xwiki/xwiki-platform 172 https://github.com/jenkinsci/jenkins 148 https://github.com/pimcore/pimcore 111 https://github.com/apache/tomcat 96 https://github.com/django/django 94 https://github.com/apache/airflow 90 https://github.com/microweber/microweber 85 https://github.com/FasterXML/jackson-databind 70 https://github.com/thorsten/phpmyfaq 69 https://github.com/keycloak/keycloak 59 https://github.com/usememos/memos 59 https://github.com/Dolibarr/dolibarr 55 https://github.com/rails/rails 53 https://github.com/ansible/ansible 53 https://github.com/python-pillow/Pillow 52 https://github.com/kubernetes/kubernetes 49 https://github.com/symfony/symfony 47 https://github.com/apache/struts 46 https://github.com/TYPO3/typo3 46 https://github.com/librenms/librenms 46 https://github.com/shopware/platform 43 https://github.com/ikus060/rdiffweb 42 https://github.com/spring-projects/spring-framework 41 https://github.com/grafana/grafana 39 https://github.com/vyperlang/vyper 38 https://github.com/phpmyadmin/phpmyadmin 38 https://github.com/star7th/showdoc 38 https://github.com/plone/Products.CMFPlone 37 https://github.com/argoproj/argo-cd 37 https://github.com/openstack/nova 36 https://github.com/x-stream/xstream 36 https://github.com/concretecms/concretecms 34 https://github.com/answerdev/answer 34 https://github.com/apache/activemq 33 https://github.com/octobercms/october 33 https://github.com/saltstack/salt 32 https://github.com/matrix-org/synapse 32 https://github.com/sparklemotion/nokogiri 32 https://github.com/PaddlePaddle/Paddle 31 https://github.com/magento/magento2 31 https://github.com/go-gitea/gitea 31 https://github.com/parse-community/parse-server 29 https://github.com/craftcms/cms 29 https://github.com/mautic/mautic 28 https://github.com/opencv/opencv 28 https://github.com/snipe/snipe-it 28 https://github.com/CVEProject/cvelist 28 https://github.com/mlflow/mlflow 27 https://github.com/openstack/keystone 27 https://github.com/froxlor/froxlor 26 https://github.com/apache/inlong 26 https://github.com/rancher/rancher 25 https://github.com/electron/electron 25 https://github.com/dotnet/runtime 24 https://github.com/TYPO3/TYPO3.CMS 24 https://github.com/shopware/shopware 24 https://github.com/getgrav/grav 24 https://github.com/github/advisory-database 23 https://github.com/pmmp/PocketMine-MP 23 https://github.com/livehelperchat/livehelperchat 23 https://github.com/eclipse/jetty.project 23 https://github.com/PrestaShop/PrestaShop 22 https://github.com/nervosnetwork/ckb 22 https://github.com/baserproject/basercms 22 https://github.com/contao/contao 22 https://github.com/firefly-iii/firefly-iii 22 https://github.com/jenkinsci/script-security-plugin 21 https://github.com/apache/nifi 21 https://github.com/strapi/strapi 21 https://github.com/cilium/cilium 20 https://github.com/jeecgboot/jeecg-boot 20 https://github.com/gogs/gogs 20 https://github.com/netty/netty 20 https://github.com/OpenNMS/opennms 20 https://github.com/OpenZeppelin/openzeppelin-contracts 20 https://github.com/helm/helm 19 https://github.com/bcgit/bc-java 19 https://github.com/apache/cxf 19 https://github.com/nilsteampassnet/teampass 19 https://github.com/hashicorp/consul 19 https://github.com/cloudfoundry/uaa 19 https://github.com/intelliants/subrion 19 https://github.com/nilsteampassnet/TeamPass 18 https://github.com/getkirby/kirby 18 https://github.com/rubygems/rubygems 18 https://github.com/bytecodealliance/wasmtime 17 https://github.com/directus/directus 17 https://github.com/liufee/cms 17 https://github.com/vaadin/platform 17 https://github.com/rack/rack 17 https://github.com/etcd-io/etcd 16 https://github.com/opencast/opencast 16 https://github.com/rusqlite/rusqlite 16 https://github.com/yetiforcecompany/yetiforcecrm 16 https://github.com/sequelize/sequelize 16 https://github.com/forkcms/forkcms 16 https://github.com/hashicorp/vault 16 https://github.com/ethereum/go-ethereum 16 https://github.com/umbraco/Umbraco-CMS 16 https://github.com/laravel/framework 15 https://github.com/puppetlabs/puppet 15 https://github.com/geoserver/geoserver 15 https://github.com/OpenMage/magento-lts 15 https://github.com/centreon/centreon 15 https://github.com/goharbor/harbor 15 https://github.com/apache/camel 15 https://github.com/simplesamlphp/simplesamlphp 15 https://github.com/denoland/deno 15 https://github.com/moby/moby 14 https://github.com/vantage6/vantage6 14 https://github.com/containerd/containerd 14 https://github.com/langchain-ai/langchain 14 https://github.com/mattermost/mattermost 14 https://github.com/pyca/cryptography 14 https://github.com/tinymce/tinymce 14 https://github.com/PHPMailer/PHPMailer 14 https://github.com/gradio-app/gradio 14 https://github.com/cockpit-hq/cockpit 14 https://github.com/cobbler/cobbler 14 https://github.com/pyload/pyload 14 https://github.com/xuxueli/xxl-job 13 https://github.com/modoboa/modoboa 13 https://github.com/swagger-api/swagger-ui 13 https://github.com/ming-soft/MCMS 13 https://github.com/traefik/traefik 13 https://github.com/dromara/hutool 13 https://github.com/golang/go 13 https://github.com/dompdf/dompdf 13 https://github.com/hashicorp/nomad 13 https://github.com/undertow-io/undertow 13 https://github.com/quarkusio/quarkus 13 https://github.com/publify/publify 13 https://github.com/silverstripe/silverstripe-framework 13 https://github.com/TryGhost/Ghost 12 https://github.com/ckeditor/ckeditor4 12 https://github.com/laurent22/joplin 12 https://github.com/apache/kylin 12 https://github.com/apache/dolphinscheduler 12 https://github.com/nodejs/undici 12 https://github.com/patriksimek/vm2 12 https://github.com/backstage/backstage 12 https://github.com/centreon/centreon-archived 12 https://github.com/twisted/twisted 12 https://github.com/1Panel-dev/1Panel 11 https://github.com/nats-io/nats-server 11 https://github.com/janeczku/calibre-web 11 https://github.com/scrapy/scrapy 11 https://github.com/urllib3/urllib3 11 https://github.com/smarty-php/smarty 11 https://github.com/Studio-42/elFinder 11 https://github.com/aio-libs/aiohttp 11 https://github.com/NodeBB/NodeBB 11 https://github.com/cakephp/cakephp 11 https://github.com/puma/puma 11 https://github.com/vaadin/flow 11 https://github.com/top-think/framework 11 https://github.com/drupal/core 11 https://github.com/opencontainers/runc 11 https://github.com/dotnet/aspnetcore 11 https://github.com/cloudflare/cfrpki 11 https://github.com/zitadel/zitadel 11 https://github.com/vercel/next.js 11 https://github.com/igniterealtime/Openfire 11 https://github.com/ezsystems/ezpublish-kernel 11 https://github.com/containers/podman 11 https://github.com/openfga/openfga 11 https://github.com/thorsten/phpMyFAQ 11 https://github.com/onionshare/onionshare 11 https://github.com/nocodb/nocodb 10 https://github.com/phusion/passenger 10 https://github.com/dolibarr/dolibarr 10 https://github.com/Sylius/Sylius 10 https://github.com/jquery/jquery 10 https://github.com/jupyter/notebook 10 https://github.com/dpgaspar/Flask-AppBuilder 10 https://github.com/nextauthjs/next-auth 10 https://github.com/greenpau/caddy-security 10 https://github.com/pimcore/admin-ui-classic-bundle 10 https://github.com/WWBN/AVideo 10 https://github.com/jenkinsci/git-plugin 10 https://github.com/wagtail/wagtail 10 https://github.com/zopefoundation/Zope 10 https://github.com/OPCFoundation/UA-.NETStandard 10 https://github.com/keystonejs/keystone 10 https://github.com/codeigniter4/CodeIgniter4 10 https://github.com/openstack/glance 10 https://github.com/cui2shark/cms 9 https://github.com/giampaolo/pyftpdlib 9 https://github.com/cosmos/cosmos-sdk 9 https://github.com/ethyca/fides 9 https://github.com/Pylons/waitress 9 https://github.com/funadmin/funadmin 9 https://github.com/pgadmin-org/pgadmin4 9 https://github.com/openstack/horizon 9 https://github.com/LavaLite/cms 9 https://github.com/fatfreecrm/fat_free_crm 9