Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories

Loading...
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJoNjMtcXA2OS1md3Z3
Server-side request forgery (SSRF) in Apache Batik
Ecosystems: maven
Packages: org.apache.xmlgraphics:batik-svgbrowser
Source: GitHub Advisory Database
Blast Radius: 4.9
Published: over 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXBxaHEteHg2Mi0ydjJw
Cross-site scripting in Apache NiFi
Ecosystems: maven
Packages: org.apache.nifi:nifi
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXE3cTktdzI0cS1jcGdo
Cross-site Scripting (XSS) in Apache Ambari Views
Ecosystems: maven
Packages: org.apache.ambari:ambari
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTg5N20tcmpmNS1qcDM5
Prototype Pollution in copy-props
Ecosystems: npm
Packages: copy-props
Source: GitHub Advisory Database
Blast Radius: 38.3
Published: over 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTU5ajQtd2p3cC1tdzlt
Sandbox Bypass in Apache Velocity Engine
Ecosystems: maven
Packages: org.apache.velocity:velocity, org.apache.velocity:velocity-engine-parent
Source: GitHub Advisory Database
Blast Radius: 38.8
Published: over 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTI5bXctd3BnbS1obXI5
Regular Expression Denial of Service (ReDoS) in lodash
Ecosystems: npm
Packages: lodash.trim, lodash.trimend, lodash-es, lodash
Source: GitHub Advisory Database
Blast Radius: 33.3
Published: over 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTQ2YzQtOHdycC1qOTl2
Improper Validation and Sanitization in url-parse
Ecosystems: npm
Packages: url-parse
Source: GitHub Advisory Database
Blast Radius: 34.0
Published: over 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTg2d2YtNDM2bS1oNDI0
Resource Exhaustion Denial of Service in http-proxy-agent
Ecosystems: npm
Packages: http-proxy-agent
Source: GitHub Advisory Database
Blast Radius: 60.4
Published: over 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTRqZjUtamdncC1nNTZq
Cross-Site Request Forgery in com.softwaremill.akka-http-session:core_2.12
Ecosystems: maven
Packages: com.softwaremill.akka-http-session:core_2.12
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
High
GSA_kwCzR0hTQS1wM3JwLXZtajktZ3Y2ds0g-Q
Incorrect sanitisation function leads to `XSS` in mermaid
Ecosystems: npm
Packages: mermaid
Source: GitHub Advisory Database
Blast Radius: 29.7
Published: over 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXdjNmYtY2pjcC1jYzMz
Improper Certificate Validation in Apache IoTDB
Ecosystems: maven
Packages: org.apache.iotdb:iotdb-parent
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW1wcDUtMng1NS00OXh3
XSS in svg2png (NPM package)
Ecosystems: npm
Packages: svg2png
Source: GitHub Advisory Database
Blast Radius: 21.6
Published: over 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWhqZ20tZjd2eC1tNWc3
Deserialization of Untrusted Data in Apache Heron
Ecosystems: maven
Packages: org.apache.heron:heron-simulator
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTl4OWotODM2dy04ZjU1
Incorrect Calculation in the MSR JavaScript Cryptography Library
Ecosystems: npm
Packages: msrcrypto
Source: GitHub Advisory Database
Blast Radius: 28.1
Published: over 2 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZxajgtYzI3dy1ycDMz
Cross-site scripting in Apache Syncome EndUser
Ecosystems: maven
Packages: org.apache.syncope.client:syncope-client-enduser
Source: GitHub Advisory Database
Blast Radius: 2.6
Published: over 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXA0NzktcndocC1yd2p4
Stored XSS vulnerability in Jenkins Scriptler Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:scriptler
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTVjNmMtdzRjNC12Z3Z4
Stored XSS vulnerability in Jenkins Scriptler Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:scriptler
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWM3ZmgtY2hmNy1qcjV4
ReDOS in Vfsjfilechooser2
Ecosystems: maven
Packages: com.github.fracpete:vfsjfilechooser2
Source: GitHub Advisory Database
Blast Radius: 7.5
Published: over 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWcyM3YtcDVqcS1qdmg0
Infinite loop in Apache CFX
Ecosystems: maven
Packages: org.apache.cxf:cxf, org.apache.cxf:apache-cxf
Source: GitHub Advisory Database
Blast Radius: 15.5
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS05MzI4LTdwY3ctdnc2Oc0gsA
Cross-Site Request Forgery in Moodle
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 9.2
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1xdjdnLWo5OHYtOHBwN80gsQ
XSS vulnerability on email template preview page
Ecosystems: packagist
Packages: oro/platform
Source: GitHub Advisory Database
Blast Radius: 15.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1ocDY4LXhodmoteDZqNs0gsg
jsx-slack insufficient patch for CVE-2021-43838 ReDoS
Ecosystems: npm
Packages: jsx-slack
Source: GitHub Advisory Database
Blast Radius: 4.8
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1oM2ZnLWg1djMtdmY4bc0gsw
CSRF forgery protection bypass in solidus_frontend
Ecosystems: rubygems
Packages: solidus_frontend
Source: GitHub Advisory Database
Blast Radius: 14.1
Published: over 2 years ago
High
GSA_kwCzR0hTQS04M3g0LTljd3ItNTQ4N80gtA
Improper Authorization in Keycloak
Ecosystems: maven
Packages: org.keycloak:keycloak-services
Source: GitHub Advisory Database
Blast Radius: 24.2
Published: over 2 years ago
High
GSA_kwCzR0hTQS01cTdxLXFxdzItaGpxN80gtQ
AjaxNetProfessional deserializes arbitrary JavaScript objects
Ecosystems: nuget
Packages: AjaxNetProfessional
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS0zcXBtLWg5Y2gtcHgzY80gtg
Remote code injection, Improper Input Validation and Uncontrolled Recursion in Log4j library
Ecosystems: maven
Packages: org.powernukkit:powernukkit
Source: GitHub Advisory Database
Blast Radius: 12.6
Published: over 2 years ago
High
GSA_kwCzR0hTQS1mODU0LWhweHYtY3c5cs0gtw
Drainage of FeeCollector's Block Transaction Fees in cronos
Ecosystems: go
Packages: github.com/tharsis/ethermint, github.com/tharsis/evmos, github.com/crypto-org-chain/cronos
Source: GitHub Advisory Database
Blast Radius: 12.5
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS1ncDZqLXZ4NTQtNXBtZs0guA
Incorrect validation of parties IDs leaks secret keys in Secret-sharing scheme
Ecosystems: go
Packages: github.com/keep-network/keep-ecdsa
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1qeDVxLWczN20taDVoas0guQ
Client-Side JavaScript Prototype Pollution in oro/platform
Ecosystems: packagist
Packages: oro/platform
Source: GitHub Advisory Database
Blast Radius: 11.5
Published: over 2 years ago
High
GSA_kwCzR0hTQS1mOG02LWgyYzctOGg5eM0g4Q
Inefficient Regular Expression Complexity in nltk (word_tokenize, sent_tokenize)
Ecosystems: pypi
Packages: nltk
Source: GitHub Advisory Database
Blast Radius: 35.7
Published: over 2 years ago
High
GSA_kwCzR0hTQS1tdmZmLWgzY2otd2o5Y80g4w
Unprivileged pod using `hostPath` can side-step active LSM when it is SELinux
Ecosystems: go
Packages: github.com/containerd/containerd
Source: GitHub Advisory Database
Blast Radius: 35.8
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS05dzdmLW00ajQtajN4d80g4g
Gerapy < 0.9.8 may cause remote code execution
Ecosystems: pypi
Packages: gerapy
Source: GitHub Advisory Database
Blast Radius: 15.0
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS01M3h2LWMyaHgtNXc2cc0d_Q
Command Injection in node-windows
Ecosystems: npm
Packages: node-windows
Source: GitHub Advisory Database
Blast Radius: 29.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS04eHg5LXJ4cmotMm0yd80dig
Cross-site Scripting in pimcore
Ecosystems: packagist
Packages: pimcore/pimcore
Source: GitHub Advisory Database
Blast Radius: 16.4
Published: over 2 years ago
High
GSA_kwCzR0hTQS1oeDc3LTVwODgtZjkycs0dFA
livehelperchat is vulnerable to Cross-Site Request Forgery (CSRF)
Ecosystems: packagist
Packages: remdex/livehelperchat
Source: GitHub Advisory Database
Blast Radius: 6.2
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1mN3h3LTQ2dmgtNWp3Ms0dDQ
livehelperchat is vulnerable to Cross-site Scripting
Ecosystems: packagist
Packages: remdex/livehelperchat
Source: GitHub Advisory Database
Blast Radius: 3.8
Published: over 2 years ago
High
GSA_kwCzR0hTQS00dzIzLWM5N2ctZnE1ds0dFQ
snipe-it is vulnerable to Cross-Site Request Forgery (CSRF)
Ecosystems: packagist
Packages: snipe/snipe-it
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1ycTk2LXFoYzUtdm00cs0dDw
Exposure of Sensitive Information to an Unauthorized Actor in Apache NiFi
Ecosystems: maven
Packages: org.apache.nifi:nifi
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
High
GSA_kwCzR0hTQS1oajNtLXY3NTgtand4Nc0c2w
Path Traversal in http-server-node
Ecosystems: npm
Packages: http-server-node
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
High
GSA_kwCzR0hTQS1tOGd3LWhqcHItcmp2N80c4A
Prototype Pollution in dojo
Ecosystems: npm
Packages: dojo
Source: GitHub Advisory Database
Blast Radius: 24.7
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS03bXE2LWNwNW0tZjRqNc0bxA
Cross-site Scripting in Anchor CMS
Ecosystems: packagist
Packages: anchorcms/anchor-cms
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS04NDg5LTQ0bXYtZ2dqOM0fsA
Improper Input Validation and Injection in Apache Log4j2
Ecosystems: maven
Packages: org.apache.logging.log4j:log4j-core
Source: GitHub Advisory Database
Blast Radius: 32.5
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1nNWptLXhod20tOXhwOc0gRw
Cross site scripting in dolibarr
Ecosystems: packagist
Packages: dolibarr/dolibarr
Source: GitHub Advisory Database
Blast Radius: 4.2
Published: over 2 years ago
High
GSA_kwCzR0hTQS12YzNwLTI5aDItZ3BjcM0gJw
golang.org/x/net/http2 allows uncontrolled memory consumption
Ecosystems: go
Packages: golang.org/x/net/http2
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXc2djItcWNobS1ncmo3
Insecure permissions on user namespace / fakeroot temporary rootfs in Singularity
Ecosystems: go
Packages: github.com/sylabs/singularity
Source: GitHub Advisory Database
Blast Radius: 7.3
Published: over 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTU1N2ctcjIydy05d3Z4
Incorrect Permission Assignment for Critical Resource in Singularity
Ecosystems: go
Packages: github.com/sylabs/singularity
Source: GitHub Advisory Database
Blast Radius: 7.9
Published: over 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZ3N2ctcDRqaC1yZjky
"Verify All" Returns Success Despite Validation Failures in Singularity
Ecosystems: go
Packages: github.com/sylabs/singularity
Source: GitHub Advisory Database
Blast Radius: 6.8
Published: over 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXBtZnItNjNjMi1qcjVj
Execution Control List (ECL) Is Insecure in Singularity
Ecosystems: go
Packages: github.com/sylabs/singularity
Source: GitHub Advisory Database
Blast Radius: 6.8
Published: over 2 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWc1NGgtbTM5My1jcHdx
devices resource list treated as a blacklist by default
Ecosystems: go
Packages: github.com/opencontainers/runc
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWdwNGotdzN2ai03Mjk5
Information Exposure in RunC
Ecosystems: go
Packages: github.com/opencontainers/runc
Source: GitHub Advisory Database
Blast Radius: 28.4
Published: over 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXEzajUtMzJtNS01OGMy
Privilege Elevation in runc
Ecosystems: go
Packages: github.com/opencontainers/runc
Source: GitHub Advisory Database
Blast Radius: 34.6
Published: over 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWYzdzUtdjl4eC1ycDhw
Signature verification failure in Tendermint
Ecosystems: go
Packages: github.com/tendermint/tendermint
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZqcWotZjU4cC1tcncz
Denial of Service in TenderMint
Ecosystems: go
Packages: github.com/tendermint/tendermint
Source: GitHub Advisory Database
Blast Radius: 22.6
Published: over 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW14NDMtcjk4NS01aDRt
Open redirect vulnerability in Sourcegraph
Ecosystems: go
Packages: github.com/sourcegraph/sourcegraph
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJybTgtMzJnNC13OG0z
Cross-site Request Forgery (CSRF)
Ecosystems: go
Packages: github.com/bitly/oauth2_proxy
Source: GitHub Advisory Database
Blast Radius: 2.6
Published: over 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWptMzQteG04bS13OTU4
Open Redirect in oauth2_proxy
Ecosystems: go
Packages: github.com/bitly/oauth2_proxy
Source: GitHub Advisory Database
Blast Radius: 1.8
Published: over 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXFxeHctbTVmai1mN2d2
The pattern '/\domain.com' is not disallowed when redirecting, allowing for open redirect
Ecosystems: go
Packages: github.com/oauth2-proxy/oauth2-proxy
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWo3cHgtNmh3ai1ocGpn
Open Redirect in OAuth2 Proxy
Ecosystems: go
Packages: github.com/oauth2-proxy/oauth2-proxy
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTVtNmMtanA2Zi0ydmN2
Open Redirect in OAuth2 Proxy
Ecosystems: go
Packages: github.com/oauth2-proxy/oauth2-proxy
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTYyN3AtcnI3OC05OXJq
GitLab auth uses full name instead of username as user ID, allowing impersonation
Ecosystems: go
Packages: github.com/concourse/dex, github.com/concourse/concourse
Source: GitHub Advisory Database
Blast Radius: 11.9
Published: over 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW05aHAtN3I5OS05NGg1
Critical security issues in XML encoding in github.com/dexidp/dex
Ecosystems: go
Packages: github.com/russellhaering/goxmldsig, github.com/dexidp/dex
Source: GitHub Advisory Database
Blast Radius: 29.6
Published: over 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJ4MzItam05NS0yY3B4
Authentication Bypass in dex
Ecosystems: go
Packages: github.com/dexidp/dex
Source: GitHub Advisory Database
Blast Radius: 17.9
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS1xYzIyLXF3bTktajhyeM0dGQ
Remote Code Execution in npm-groovy-lint
Ecosystems: npm
Packages: npm-groovy-lint
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJmM20tbWh2Ny14Mzlm
Denial of Service in OpenShift Origin
Ecosystems: go
Packages: github.com/openshift/origin
Source: GitHub Advisory Database
Blast Radius: 12.9
Published: over 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW0zZm0taDVqcC1xNzlw
Authorization bypass in Openshift
Ecosystems: go
Packages: github.com/openshift/origin
Source: GitHub Advisory Database
Blast Radius: 29.3
Published: over 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTY4d20tcGZqZi13cXA2
Authelia vulnerable to an authentication bypassed with malformed request URI on nginx
Ecosystems: go
Packages: github.com/authelia/authelia/v4
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXd4YzQtZjRtNi13d3F2
Excessive Platform Resource Consumption within a Loop in Kubernetes
Ecosystems: go
Packages: github.com/go-yaml/yaml, gopkg.in/yaml.v2
Source: GitHub Advisory Database
Blast Radius: 35.1
Published: over 2 years ago
High
GSA_kwCzR0hTQS1wNnhjLXhyNjItNnIyZ80dEw
Apache Log4j2 vulnerable to Improper Input Validation and Uncontrolled Recursion
Ecosystems: maven
Packages: org.apache.logging.log4j:log4j-core
Source: GitHub Advisory Database
Blast Radius: 42.3
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1mcGZ2LWpxbTktZjVqbc0c3Q
Incorrect Comparison in NumPy
Ecosystems: pypi
Packages: numpy
Source: GitHub Advisory Database
Blast Radius: 30.1
Published: over 2 years ago
High
GSA_kwCzR0hTQS1xajI3LTMyd3AtZ2hyZ80c2Q
Pyo Buffer Overflow Vulnerability
Ecosystems: pypi
Packages: pyo
Source: GitHub Advisory Database
Blast Radius: 13.7
Published: over 2 years ago
High
GSA_kwCzR0hTQS0zdzZwLThmODItZ3c4cs0c1Q
Using JMSAppender in log4j configuration may lead to deserialization of untrusted data
Ecosystems: maven
Packages: ru.yandex.clickhouse:clickhouse-jdbc-bridge
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1nN3A4LXIyY2gtNHJtZs0crA
Malicious Atomix node queries expose sensitive information
Ecosystems: maven
Packages: io.atomix:atomix
Source: GitHub Advisory Database
Blast Radius: 12.4
Published: over 2 years ago
High
GSA_kwCzR0hTQS03ZnIyLTk0aDctY2NnMs0crQ
An issue in Atomix v3.1.5 allows unauthorized Atomix nodes to join a target cluster via providing configuration information.
Ecosystems: maven
Packages: io.atomix:atomix
Source: GitHub Advisory Database
Blast Radius: 14.4
Published: over 2 years ago
High
GSA_kwCzR0hTQS1tNGgzLTdtYzItdjI5Nc0crw
An issue in Atomix v3.1.5 allows a malicious Atomix node to remove states of ONOS storage via abuse of primitive operations.
Ecosystems: maven
Packages: io.atomix:atomix
Source: GitHub Advisory Database
Blast Radius: 15.5
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1tZjI3LXdnNjYtbThmNc0csA
A vulnerability in Atomix v3.1.5 allows attackers to cause a denial of service (DoS) via a Raft session flooding attack using Raft OpenSessionRequest messages.
Ecosystems: maven
Packages: io.atomix:atomix
Source: GitHub Advisory Database
Blast Radius: 12.4
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS02dnZoLTU3OTQtdnBtas0csQ
An issue in Atomix v3.1.5 allows attackers to cause a denial of service (DoS) via false member down event messages.
Ecosystems: maven
Packages: io.atomix:atomix
Source: GitHub Advisory Database
Blast Radius: 11.3
Published: over 2 years ago
High
GSA_kwCzR0hTQS0yZnF3LTY4NGMtcHZwN80csg
An issue in Atomix v3.1.5 allows attackers to cause a denial of service (DoS) via false link event messages sent to a master ONOS node.
Ecosystems: maven
Packages: io.atomix:atomix
Source: GitHub Advisory Database
Blast Radius: 15.5
Published: over 2 years ago
High
GSA_kwCzR0hTQS00amhjLXdqcjMtcHdoMs0cqw
An issue in Atomix v3.1.5 allows unauthorized Atomix nodes to become the lead node.
Ecosystems: maven
Packages: io.atomix:atomix
Source: GitHub Advisory Database
Blast Radius: 14.4
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS02NjhxLXFydjctOTlmbc0ctg
Deserialization of Untrusted Data in logback
Ecosystems: maven
Packages: ch.qos.logback:logback-core
Source: GitHub Advisory Database
Blast Radius: 30.6
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1ycGc3LXE0Y3YtcDQ2Ns0cuw
livehelperchat is vulnerable to Cross-Site Request Forgery (CSRF)
Ecosystems: packagist
Packages: remdex/livehelperchat
Source: GitHub Advisory Database
Blast Radius: 4.5
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1qODVmLXh3OXgtZmZ3cM0cvw
yetiforcecrm is vulnerable to Cross-site Scripting
Ecosystems: packagist
Packages: yetiforce/yetiforce-crm
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS14bWdqLTVmaDMteGptbc0c1A
Path traversal when MessageBus::Diagnostics is enabled
Ecosystems: rubygems
Packages: message_bus
Source: GitHub Advisory Database
Blast Radius: 12.4
Published: over 2 years ago
Low
GSA_kwCzR0hTQS01NXh2LWY4NWMtMjQ4cc0c0w
Regular Expression Denial of Service (ReDoS) in jsx-slack
Ecosystems: npm
Packages: jsx-slack
Source: GitHub Advisory Database
Blast Radius: 3.3
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS1xODY4LWM0dnctcWp4M80czw
ThinkPHP5 SQL Injection vulnerability
Ecosystems: packagist
Packages: topthink/framework
Source: GitHub Advisory Database
Blast Radius: 34.4
Published: over 2 years ago
High
GSA_kwCzR0hTQS1xMzRoLTk3d2YtOHI4as0cqA
vault-cli contains possible RCE when reading user-defined data
Ecosystems: pypi
Packages: vault-cli
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS1qN2MzLTk2cmYtanJycM0cpw
Critical vulnerability in log4j may affect generated PEAR projects
Ecosystems: maven
Packages: de.averbis.textanalysis:pear-archetype
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
High
GSA_kwCzR0hTQS03djd3LWY3YzYtZjgyOc0cow
YetiForceCRM is vulnerable to Business Logic Errors because product amount can be a negative number
Ecosystems: packagist
Packages: yetiforce/yetiforce-crm
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1jeGc3LTg0d3AtOHBjcc0cog
YetiForceCRM is vulnerable to Business Logic Errors in the weight of a product
Ecosystems: packagist
Packages: yetiforce/yetiforce-crm
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1md2g3LXY0Z2YteHY3d80ciw
yetiforcecrm is vulnerable to Cross-site Scripting
Ecosystems: packagist
Packages: yetiforce/yetiforce-crm
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS05YzVjLTVqNGgtOHEyY80btQ
BookStack is vulnerable to Improper Access Control.
Ecosystems: packagist
Packages: ssddanbrown/bookstack
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXE2Z3EtOTk3dy1mNTVn
Infinite loop in xz
Ecosystems: go
Packages: github.com/ulikunitz/xz
Source: GitHub Advisory Database
Blast Radius: 31.7
Published: over 2 years ago
Low
GSA_kwCzR0hTQS1qNXFnLXc5amctM3dnM80cpA
Inability to de-op players if listed in ops.txt with non-lowercase letters
Ecosystems: packagist
Packages: pocketmine/pocketmine-mp
Source: GitHub Advisory Database
Blast Radius: 6.9
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1od3ZtLXZmdzgtOTNtd80cpQ
Vulnerable dependency in XTDB connector
Ecosystems: maven
Packages: org.odpi.egeria:egeria-connector-xtdb
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS0ybXF2LTRqM3Itdmp2cM0cpg
Open redirect in @auth0/nextjs-auth0
Ecosystems: npm
Packages: @auth0/nextjs-auth0
Source: GitHub Advisory Database
Blast Radius: 20.4
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1ycDJjLWpyZ3AtY3ZyOM0ZGQ
Code injection in plupload
Ecosystems: npm
Packages: plupload
Source: GitHub Advisory Database
Blast Radius: 9.2
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS04Yzl4LXdmZ2otdjc4d80ZIQ
Open Redirect in showdoc
Ecosystems: packagist
Packages: showdoc/showdoc
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
High
GSA_kwCzR0hTQS1oeDZnLXE5djIteGg3ds0ZFw
Information exposure in elgg
Ecosystems: packagist
Packages: elgg/elgg
Source: GitHub Advisory Database
Blast Radius: 10.1
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS03NHI2LWdyajktOHJxNs0ZEw
Remote Code Execution in AjaxNetProfessional
Ecosystems: nuget
Packages: AjaxNetProfessional
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS0yd3IyLThxanEtZ2g1Nc0ZDA
Exposure of Resource to Wrong Sphere in org.craftercms:crafter-search
Ecosystems: maven
Packages: org.craftercms:crafter-search
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
High
GSA_kwCzR0hTQS14cTU4LTY5aDItNzY1bc0ZAQ
Cross Site Request Forgery in mailman
Ecosystems: pypi
Packages: mailman
Source: GitHub Advisory Database
Blast Radius: 10.6
Published: over 2 years ago
Statistics
Advisories: 18,369
Packages: 8,294
Repositories: 5,017
Ecosystems: 12
Filter by Severity
Moderate 7,928 High 6,358 Critical 2,809 Low 985
Filter by Ecosystem
maven 5,531 packagist 3,809 pypi 3,712 npm 3,543 go 1,895 nuget 1,390 rubygems 814 cargo 777 swift 31 hex 30 actions 16 pub 8
Filter by Package
tensorflow 432 tensorflow-cpu 387 tensorflow-gpu 384 moodle/moodle 323 Microsoft.ChakraCore 247 org.jenkins-ci.main:jenkins-core 189 magento/community-edition 182 org.apache.tomcat:tomcat 134 pimcore/pimcore 116 dolibarr/dolibarr 107 typo3/cms 102 phpmyadmin/phpmyadmin 92 microweber/microweber 91 django 80 apache-airflow 78 drupal/core 76 typo3/cms-core 73 thorsten/phpmyfaq 70 com.fasterxml.jackson.core:jackson-databind 69 ansible 63 drupal/drupal 61 github.com/usememos/memos 59 actionpack 57 org.apache.struts:struts2-core 55 librenms/librenms 54 symfony/symfony 53 concrete5/concrete5 52 salt 50 shopware/platform 48 apache-superset 48 org.keycloak:keycloak-core 47 Plone 45 com.liferay.portal:release.portal.bom 45 plone 43 baserproject/basercms 43 nokogiri 42 rdiffweb 42 Pillow 41 craftcms/cms 40 intelliants/subrion 40 showdoc/showdoc 40 github.com/mattermost/mattermost/server/v8 38 vyper 38 github.com/mattermost/mattermost-server/v6 37 org.apache.tomcat.embed:tomcat-embed-core 37 nilsteampassnet/teampass 37 com.thoughtworks.xstream:xstream 36 shopware/core 36 froxlor/froxlor 36 com.jfinal:jfinal 36 matrix-synapse 35 net.mingsoft:ms-mcms 35 org.xwiki.platform:xwiki-platform-oldcore 34 github.com/answerdev/answer 34 silverstripe/framework 32 snipe/snipe-it 32 org.jenkins-ci.plugins:script-security 32 org.elasticsearch:elasticsearch 32 k8s.io/kubernetes 32 mlflow 31 opencv-python 30 opencv-contrib-python 30 parse-server 29 github.com/argoproj/argo-cd 29 mautic/core 29 github.com/grafana/grafana 28 github.com/hashicorp/vault 28 github.com/rancher/rancher 28 getgrav/grav 28 centreon/centreon 27 Django 27 io.undertow:undertow-core 27 org.keycloak:keycloak-services 27 shopware/shopware 27 electron 26 github.com/hashicorp/nomad 26 openssl-src 26 github.com/hashicorp/consul 26 org.apache.solr:solr-core 25 org.keycloak:keycloak-parent 25 rubygems-update 25 magento/core 24 prestashop/prestashop 24 gogs.io/gogs 24 github.com/argoproj/argo-cd/v2 23 puppet 23 org.springframework.security:spring-security-core 23 remdex/livehelperchat 23 moin 23 pocketmine/pocketmine-mp 23 org.eclipse.jetty:jetty-server 23 grumpydictator/firefly-iii 22 org.apache.nifi:nifi 22 rack 22 ckb 22 getkirby/cms 22 contao/core-bundle 21 activerecord 21 org.apache.openmeetings:openmeetings-parent 21 @openzeppelin/contracts-upgradeable 21 @openzeppelin/contracts 20 org.cloudfoundry.identity:cloudfoundry-identity-server 20 github.com/cilium/cilium 20 github.com/docker/docker 19 org.bouncycastle:bcprov-jdk14 19 github.com/ethereum/go-ethereum 19 code.gitea.io/gitea 19 org.springframework:spring-core 19 DotNetNuke.Core 19 langchain 18 contao/contao 18 com.liferay.portal:release.dxp.bom 18 forkcms/forkcms 18 tribalsystems/zenario 18 com.vaadin:vaadin-bom 18 helm.sh/helm/v3 18 mercurial 17 org.apache.geode:geode-core 17 PaddlePaddle 17 symfony/security 17 cakephp/cakephp 17 golang.org/x/net 17 org.xwiki.platform:xwiki-platform-web-templates 17 francoisjacquet/rosariosis 17 Microsoft.AspNetCore.App.Runtime.win-x86 17 cobbler 17 Microsoft.AspNetCore.App.Runtime.win-x64 17 cockpit-hq/cockpit 17 simplesamlphp/simplesamlphp 17 genix/cms 17 Microsoft.AspNetCore.App.Runtime.win-arm 16 org.apache.activemq:activemq-client 16 directus 16 pillow 16 wasmtime 16 sequelize 16 topthink/framework 16 org.apache.dubbo:dubbo 16 yetiforce/yetiforce-crm 16 rusqlite 16 org.bouncycastle:bcprov-jdk15 16 Microsoft.AspNetCore.App.Runtime.linux-musl-x64 15 nova 15 Microsoft.AspNetCore.App.Runtime.linux-arm64 15 github.com/goharbor/harbor 15 Microsoft.AspNetCore.App.Runtime.linux-arm 15 Microsoft.AspNetCore.App.Runtime.linux-x64 15 org.apache.struts.xwork:xwork-core 15 Microsoft.AspNetCore.App.Runtime.osx-x64 15 openmage/magento-lts 15 cryptography 15 notebook 15 paddlepaddle 15 org.apache.jspwiki:jspwiki-main 15 ghost 14 pyftpdlib 14 ezsystems/ezpublish-kernel 14 gradio 14 zendframework/zendframework1 14 publify_core 14 activesupport 14 modoboa 14 org.xwiki.platform:xwiki-platform-web 14 phpmailer/phpmailer 14 keystone 14 smarty/smarty 14 ec-cube/ec-cube 14 tinymce 14 symfony/security-http 14 typo3/cms-backend 14 Microsoft.AspNetCore.App.Runtime.linux-musl-arm64 14 pyload-ng 14 Microsoft.AspNetCore.App.Runtime.win-arm64 14 swagger-ui 14 neutron 13 codeigniter4/framework 13 lavalite/cms 13 org.apache.hadoop:hadoop-main 13 github.com/containerd/containerd 13 github.com/mattermost/mattermost-server 13 ckeditor4 13 bolt/bolt 13 strapi 13 passenger 13 org.apache.inlong:manager-pojo 13 impresscms/impresscms 13 github.com/traefik/traefik/v2 13 github.com/nats-io/nats-server/v2 13 october/system 13 joplin 13 next 13 elefant/cms 13 org.apache.cxf:cxf 13 com.vaadin:flow-server 12 github.com/go-gitea/gitea 12 org.jenkins-ci.plugins.workflow:workflow-cps 12 dompdf/dompdf 12 vm2 12 Microsoft.NETCore.App.Runtime.win-x86 12 org.jenkins-ci.plugins:git 12
Filter by Repository
https://github.com/tensorflow/tensorflow 432 https://github.com/chakra-core/ChakraCore 214 https://github.com/moodle/moodle 210 https://github.com/xwiki/xwiki-platform 172 https://github.com/jenkinsci/jenkins 148 https://github.com/pimcore/pimcore 111 https://github.com/apache/tomcat 96 https://github.com/apache/airflow 90 https://github.com/microweber/microweber 85 https://github.com/django/django 74 https://github.com/FasterXML/jackson-databind 70 https://github.com/thorsten/phpmyfaq 69 https://github.com/keycloak/keycloak 59 https://github.com/usememos/memos 59 https://github.com/Dolibarr/dolibarr 55 https://github.com/ansible/ansible 53 https://github.com/rails/rails 53 https://github.com/python-pillow/Pillow 52 https://github.com/kubernetes/kubernetes 48 https://github.com/symfony/symfony 47 https://github.com/librenms/librenms 46 https://github.com/apache/struts 46 https://github.com/shopware/platform 43 https://github.com/ikus060/rdiffweb 42 https://github.com/TYPO3/typo3 42 https://github.com/spring-projects/spring-framework 41 https://github.com/vyperlang/vyper 38 https://github.com/star7th/showdoc 38 https://github.com/phpmyadmin/phpmyadmin 38 https://github.com/plone/Products.CMFPlone 37 https://github.com/argoproj/argo-cd 37 https://github.com/x-stream/xstream 36 https://github.com/answerdev/answer 34 https://github.com/concretecms/concretecms 34 https://github.com/octobercms/october 33 https://github.com/apache/activemq 33 https://github.com/matrix-org/synapse 32 https://github.com/saltstack/salt 32 https://github.com/go-gitea/gitea 31 https://github.com/PaddlePaddle/Paddle 31 https://github.com/magento/magento2 31 https://github.com/sparklemotion/nokogiri 31 https://github.com/craftcms/cms 29 https://github.com/parse-community/parse-server 29 https://github.com/opencv/opencv 28 https://github.com/CVEProject/cvelist 28 https://github.com/snipe/snipe-it 28 https://github.com/mautic/mautic 27 https://github.com/froxlor/froxlor 26 https://github.com/apache/inlong 25 https://github.com/electron/electron 25 https://github.com/rancher/rancher 25 https://github.com/mlflow/mlflow 25 https://github.com/TYPO3/TYPO3.CMS 24 https://github.com/shopware/shopware 24 https://github.com/github/advisory-database 23 https://github.com/eclipse/jetty.project 23 https://github.com/livehelperchat/livehelperchat 23 https://github.com/getgrav/grav 23 https://github.com/dotnet/runtime 23 https://github.com/pmmp/PocketMine-MP 23 https://github.com/nervosnetwork/ckb 22 https://github.com/firefly-iii/firefly-iii 22 https://github.com/baserproject/basercms 22 https://github.com/grafana/grafana 22 https://github.com/contao/contao 22 https://github.com/apache/nifi 21 https://github.com/jenkinsci/script-security-plugin 21 https://github.com/strapi/strapi 21 https://github.com/jeecgboot/jeecg-boot 20 https://github.com/cilium/cilium 20 https://github.com/netty/netty 20 https://github.com/PrestaShop/PrestaShop 20 https://github.com/OpenNMS/opennms 20 https://github.com/gogs/gogs 20 https://github.com/OpenZeppelin/openzeppelin-contracts 20 https://github.com/nilsteampassnet/teampass 19 https://github.com/helm/helm 19 https://github.com/apache/cxf 19 https://github.com/hashicorp/consul 19 https://github.com/intelliants/subrion 19 https://github.com/cloudfoundry/uaa 19 https://github.com/nilsteampassnet/TeamPass 18 https://github.com/rubygems/rubygems 18 https://github.com/bcgit/bc-java 18 https://github.com/getkirby/kirby 18 https://github.com/bytecodealliance/wasmtime 17 https://github.com/vaadin/platform 17 https://github.com/liufee/cms 17 https://github.com/rack/rack 17 https://github.com/opencast/opencast 16 https://github.com/rusqlite/rusqlite 16 https://github.com/forkcms/forkcms 16 https://github.com/hashicorp/vault 16 https://github.com/umbraco/Umbraco-CMS 16 https://github.com/etcd-io/etcd 16 https://github.com/sequelize/sequelize 16 https://github.com/yetiforcecompany/yetiforcecrm 16 https://github.com/geoserver/geoserver 15 https://github.com/goharbor/harbor 15 https://github.com/puppetlabs/puppet 15 https://github.com/directus/directus 15 https://github.com/centreon/centreon 15 https://github.com/ethereum/go-ethereum 15 https://github.com/OpenMage/magento-lts 15 https://github.com/apache/camel 15 https://github.com/vantage6/vantage6 14 https://github.com/pyload/pyload 14 https://github.com/cobbler/cobbler 14 https://github.com/PHPMailer/PHPMailer 14 https://github.com/cockpit-hq/cockpit 14 https://github.com/tinymce/tinymce 14 https://github.com/langchain-ai/langchain 14 https://github.com/mattermost/mattermost 14 https://github.com/moby/moby 14 https://github.com/simplesamlphp/simplesamlphp 14 https://github.com/denoland/deno 14 https://github.com/pyca/cryptography 14 https://github.com/xuxueli/xxl-job 13 https://github.com/swagger-api/swagger-ui 13 https://github.com/modoboa/modoboa 13 https://github.com/publify/publify 13 https://github.com/quarkusio/quarkus 13 https://github.com/containerd/containerd 13 https://github.com/undertow-io/undertow 13 https://github.com/gradio-app/gradio 13 https://github.com/hashicorp/nomad 13 https://github.com/golang/go 13 https://github.com/silverstripe/silverstripe-framework 13 https://github.com/dompdf/dompdf 13 https://github.com/ming-soft/MCMS 13 https://github.com/traefik/traefik 13 https://github.com/dromara/hutool 12 https://github.com/patriksimek/vm2 12 https://github.com/backstage/backstage 12 https://github.com/TryGhost/Ghost 12 https://github.com/twisted/twisted 12 https://github.com/apache/kylin 12 https://github.com/nodejs/undici 12 https://github.com/laurent22/joplin 12 https://github.com/ckeditor/ckeditor4 12 https://github.com/apache/dolphinscheduler 12 https://github.com/centreon/centreon-archived 12 https://github.com/janeczku/calibre-web 11 https://github.com/urllib3/urllib3 11 https://github.com/cakephp/cakephp 11 https://github.com/vaadin/flow 11 https://github.com/opencontainers/runc 11 https://github.com/onionshare/onionshare 11 https://github.com/Studio-42/elFinder 11 https://github.com/jquery/jquery 11 https://github.com/zitadel/zitadel 11 https://github.com/openstack/keystone 11 https://github.com/drupal/core 11 https://github.com/thorsten/phpMyFAQ 11 https://github.com/cloudflare/cfrpki 11 https://github.com/igniterealtime/Openfire 11 https://github.com/openfga/openfga 11 https://github.com/containers/podman 11 https://github.com/puma/puma 11 https://github.com/NodeBB/NodeBB 11 https://github.com/aio-libs/aiohttp 11 https://github.com/smarty-php/smarty 11 https://github.com/greenpau/caddy-security 10 https://github.com/jupyter/notebook 10 https://github.com/dotnet/aspnetcore 10 https://github.com/1Panel-dev/1Panel 10 https://github.com/nextauthjs/next-auth 10 https://github.com/phusion/passenger 10 https://github.com/cosmos/cosmos-sdk 10 https://github.com/dpgaspar/Flask-AppBuilder 10 https://github.com/nats-io/nats-server 10 https://github.com/codeigniter4/CodeIgniter4 10 https://github.com/wagtail/wagtail 10 https://github.com/dolibarr/dolibarr 10 https://github.com/ezsystems/ezpublish-kernel 10 https://github.com/pimcore/admin-ui-classic-bundle 10 https://github.com/keystonejs/keystone 10 https://github.com/WWBN/AVideo 10 https://github.com/OPCFoundation/UA-.NETStandard 10 https://github.com/zopefoundation/Zope 10 https://github.com/top-think/framework 10 https://github.com/jenkinsci/git-plugin 10 https://github.com/rails/rails-html-sanitizer 9 https://github.com/ethyca/fides 9 https://github.com/LavaLite/cms 9 https://github.com/apache/lucene-solr 9 https://github.com/DSpace/DSpace 9 https://github.com/cri-o/cri-o 9 https://github.com/cui2shark/cms 9 https://github.com/Graylog2/graylog2-server 9 https://github.com/bolt/bolt 9 https://github.com/alextselegidis/easyappointments 9 https://github.com/giampaolo/pyftpdlib 9 https://github.com/semplon/GeniXCMS 9 https://github.com/funadmin/funadmin 9 https://github.com/evershopcommerce/evershop 9 https://github.com/fatfreecrm/fat_free_crm 9 https://github.com/vercel/next.js 9