Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories

Loading...
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWc3OG0tMmNobS1yN3F2
Regular Expression Denial of Service in websocket-extensions (NPM package)
Ecosystems: npm
Packages: websocket-extensions
Source: GitHub Advisory Database
Blast Radius: 53.2
Published: almost 4 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWoyNTctamZ2di1oM3g1
Privilege Escalation in Channelmgnt plug-in for Sopel
Ecosystems: pypi
Packages: sopel_plugins.channelmgnt
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
High
GSA_kwCzR0hTQS1tdzR4LWcyeDgtcWN2Zs4AAwlu
tree-kit vulnerable to Prototype Pollution
Ecosystems: npm
Packages: tree-kit
Source: GitHub Advisory Database
Blast Radius: 23.8
Published: over 1 year ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXc0eGYtMnBxdy01bXE3
Reference binding to nullptr in `RaggedTensorToVariant`
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 38.0
Published: over 2 years ago
High
GSA_kwCzR0hTQS1oM21yLXE5NnItMzd2NM4AASxx
phpBB Remote Code Execution
Ecosystems: packagist
Packages: phpbb/phpbb
Source: GitHub Advisory Database
Blast Radius: 16.0
Published: almost 2 years ago
High
GSA_kwCzR0hTQS03OTJxLXE2N2gtdzU3Oc4AA2oK
Parse Server may crash when uploading file without extension
Ecosystems: npm
Packages: parse-server
Source: GitHub Advisory Database
Blast Radius: 23.1
Published: 6 months ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTU4cHAtOWM3Ni01NjI1
jackson-databind mishandles the interaction between serialization gadgets and typing
Ecosystems: maven
Packages: com.fasterxml.jackson.core:jackson-databind
Source: GitHub Advisory Database
Blast Radius: 47.4
Published: almost 4 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTlmcnEtZjg2Ny1oZ3Fj
Directory Traversal in fast-http-cli
Ecosystems: npm
Packages: fast-http-cli
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 6 years ago
High
GSA_kwCzR0hTQS02MjRnLThxamctOHF4Zs4AA7QR
Conform contains a Prototype Pollution Vulnerability in `parseWith...` function
Ecosystems: npm
Packages: @conform-to/yup, @conform-to/zod, @conform-to/dom
Source: GitHub Advisory Database
Blast Radius: 13.4
Published: 11 days ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTNndzQtbTV3Ny12ODlj
Uncontrolled Resource Consumption in Indy Node
Ecosystems: pypi
Packages: indy-node
Source: GitHub Advisory Database
Blast Radius: 7.2
Published: almost 4 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXE1aHEtZnA3Ni1xbXJj
Uncontrolled Resource Consumption in Pillow
Ecosystems: pypi
Packages: Pillow
Source: GitHub Advisory Database
Blast Radius: 37.1
Published: almost 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTljOGgtdnZyai13MnA4
Heap OOB in `RaggedGather`
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 34.6
Published: over 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXI1NzgtcGo2Zi1yNGZm
Auto-merging Person Records Compromised
Ecosystems: npm
Packages: @apollosproject/data-connector-rock
Source: GitHub Advisory Database
Blast Radius: 11.0
Published: almost 3 years ago
High
GSA_kwCzR0hTQS1qcjljLWg3NGYtMnYyOM0yEw
Gitea Missing Authorization vulnerability
Ecosystems: go
Packages: code.gitea.io/gitea
Source: GitHub Advisory Database
Blast Radius: 11.2
Published: about 2 years ago
High
GSA_kwCzR0hTQS1xdnhnLXdqeGMtcjRnZ84AAzug
Vapor vulnerable to denial of service in URLEncodedFormDecoder
Ecosystems: swift
Packages: github.com/vapor/vapor
Source: GitHub Advisory Database
Blast Radius: 21.8
Published: 11 months ago
High
GSA_kwCzR0hTQS05NHZjLXA4dzctNXA0Oc4AA2QD
Bundled libwebp in imagecodecs vulnerable
Ecosystems: pypi
Packages: imagecodecs
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 7 months ago
High
GSA_kwCzR0hTQS01YzljLTZ4ODctZjl2bc4AAyfJ
zstd vulnerable to buffer overrun
Ecosystems: pypi, swift
Packages: zstd, github.com/facebook/zstd
Source: GitHub Advisory Database
Blast Radius: 24.9
Published: about 1 year ago
High
GSA_kwCzR0hTQS1qcTQzLXE4bXgtcjdtcc4AA0t8
SwiftTerm Code Injection vulnerability
Ecosystems: swift
Packages: github.com/migueldeicaza/SwiftTerm
Source: GitHub Advisory Database
Blast Radius: 10.6
Published: 10 months ago
High
GSA_kwCzR0hTQS05OTg4LWY4OG0tbXI0Ms0ycg
Exposure of Sensitive Information to an Unauthorized Actor in FreeTAKServer-UI
Ecosystems: pypi
Packages: FreeTAKServer-UI
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWc4N2ctNHgzdy1mOGpw
Directory Traversal in serverwzl
Ecosystems: npm
Packages: serverwzl
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
High
GSA_kwCzR0hTQS1ncHZqLWdwOGMtYzdwMs4AAxkL
Regular Expression Denial of Service in simple-markdown
Ecosystems: npm
Packages: simple-markdown
Source: GitHub Advisory Database
Blast Radius: 21.9
Published: about 1 year ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXA4YzMtN3JqOC1xOTYz
ECDSA signature validation vulnerability by accepting wrong ASN.1 encoding in jsrsasign
Ecosystems: npm
Packages: jsrsasign
Source: GitHub Advisory Database
Blast Radius: 29.3
Published: almost 4 years ago
High
GSA_kwCzR0hTQS1qNTMzLTJnOHYtcG1wZ84AAxkV
Regular Expression Denial of Service in simple-markdown
Ecosystems: npm
Packages: simple-markdown
Source: GitHub Advisory Database
Blast Radius: 21.9
Published: about 1 year ago
High
GSA_kwCzR0hTQS1mNmhjLTlnNDkteG14N84AAx54
nistec has Incorrect Calculation in Multiplication of unreduced P-256 scalars
Ecosystems: go
Packages: filippo.io/nistec
Source: GitHub Advisory Database
Blast Radius: 4.5
Published: about 1 year ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWNxdjYtN2Z3Yy04bTNj
Directory Traversal in xtalk
Ecosystems: npm
Packages: xtalk
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
High
GSA_kwCzR0hTQS1wNmo4LWhndjUtbTM1Z800Iw
Uncontrolled Resource Consumption in jboss-remoting
Ecosystems: maven
Packages: org.jboss.remoting:jboss-remoting
Source: GitHub Advisory Database
Blast Radius: 20.7
Published: about 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWg5amMtMjg0aC01MzNn
Context isolation bypass via contextBridge in Electron
Ecosystems: npm
Packages: electron
Source: GitHub Advisory Database
Blast Radius: 38.3
Published: almost 4 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJoODkteDc1Zi1yaDNj
Exposure of uninitialized memory in memoffset
Ecosystems: cargo
Packages: memoffset
Source: GitHub Advisory Database
Blast Radius: 34.8
Published: over 2 years ago
High
GSA_kwCzR0hTQS12aDczLXEzcnctcXg3d84AA5En
Boundary vulnerable to session hijacking through TLS certificate tampering
Ecosystems: go
Packages: github.com/hashicorp/boundary
Source: GitHub Advisory Database
Blast Radius: 3.9
Published: 3 months ago
High
GSA_kwCzR0hTQS1tcHdqLWZjcjYteDM0Y84AA5DS
Yarn untrusted search path vulnerability
Ecosystems: npm
Packages: yarn
Source: GitHub Advisory Database
Blast Radius: 37.9
Published: 3 months ago
High
GSA_kwCzR0hTQS1wN3FxLXJydncteDU1eM4AAxzp
Froxlor Cross-Site Request Forgery vulnerability
Ecosystems: packagist
Packages: froxlor/froxlor
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
High
GSA_kwCzR0hTQS0ybW1jLTVwaGotNHdqas4AAQFB
ChakraCore RCE Vulnerability
Ecosystems: nuget
Packages: Microsoft.ChakraCore
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1yYzJxLXg5bWYtdzN2Zs4AAv9U
TestNG is vulnerable to Path Traversal
Ecosystems: maven
Packages: org.testng:testng
Source: GitHub Advisory Database
Blast Radius: 39.4
Published: over 1 year ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWh2N3gtZjNwdi1ncHdy
Wrong memory orderings violates mutual exclusion in spin
Ecosystems: cargo
Packages: spin
Source: GitHub Advisory Database
Blast Radius: 33.1
Published: over 2 years ago
High
GSA_kwCzR0hTQS05cjJqLXJnMjQtZnZwas4AAkES
FrozenNode Laravel-Administrator unrestricted file upload
Ecosystems: packagist
Packages: frozennode/administrator
Source: GitHub Advisory Database
Blast Radius: 17.6
Published: almost 2 years ago
High
GSA_kwCzR0hTQS13eG1xLXY5Z3gtNzVwZ84AAyQn
Moodle vulnerable to Cross-site Request Forgery
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 12.5
Published: about 1 year ago
High
GSA_kwCzR0hTQS05eDQ0LTlwZ3EtY2Y0Nc4AA0u8
avro vulnerable to denial of service via attacker-controlled parameter
Ecosystems: go
Packages: github.com/hamba/avro/v2, github.com/hamba/avro
Source: GitHub Advisory Database
Blast Radius: 18.8
Published: 10 months ago
High
GSA_kwCzR0hTQS1yYzQ0LTVjbWgtODc5bc4AAzeU
Unrestricted recursion in htmlunit
Ecosystems: maven
Packages: org.htmlunit:htmlunit
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 12 months ago
High
GSA_kwCzR0hTQS13cHh3LTV4Zm0teDIyds4AA47V
MeshCentral algorithm-downgrade issue
Ecosystems: npm
Packages: meshcentral
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
High
GSA_kwCzR0hTQS1qMzJqLTJoeHYtcnFmN84AArte
pg-native and libpq vulnerable to uncontrolled resource consumption
Ecosystems: npm
Packages: pg-native, libpq
Source: GitHub Advisory Database
Blast Radius: 27.9
Published: almost 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWZxcHgtY3E4eC05d3A0
Unaligned references in sized-chunks
Ecosystems: cargo
Packages: sized-chunks
Source: GitHub Advisory Database
Blast Radius: 26.3
Published: over 2 years ago
High
GSA_kwCzR0hTQS1qZmdjLTV2aDQtOHJoNc1AEQ
trytond Incorrect Authorization vulnerability
Ecosystems: pypi
Packages: trytond
Source: GitHub Advisory Database
Blast Radius: 17.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS1wbTcyLTI3bWctZmMyOM4AAxPg
Froxlor contains Weak Password Requirements
Ecosystems: packagist
Packages: froxlor/froxlor
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
High
GSA_kwCzR0hTQS0zNTZqLWhnNDUteDUyNc4AA323
Potential CSV export data leak
Ecosystems: rubygems
Packages: activeadmin
Source: GitHub Advisory Database
Blast Radius: 35.8
Published: 5 months ago
High
GSA_kwCzR0hTQS13Njk1LXAzajUtaHJqOc4AAxzH
Apache Airflow AWS Provider Generates Error Message Containing Sensitive Information
Ecosystems: pypi
Packages: apache-airflow-providers-amazon
Source: GitHub Advisory Database
Blast Radius: 17.0
Published: about 1 year ago
High
GSA_kwCzR0hTQS1jODVyLWZ3YzctNDV2Y84AA5Ko
Rancher permissions on 'namespaces' in any API group grants 'edit' permissions on namespaces in 'core'
Ecosystems: go
Packages: github.com/rancher/rancher
Source: GitHub Advisory Database
Blast Radius: 11.5
Published: 3 months ago
High
GSA_kwCzR0hTQS04eDk0LWhtamgtOTdocc4AAt78
Django vulnerable to Reflected File Download attack
Ecosystems: pypi
Packages: Django
Source: GitHub Advisory Database
Blast Radius: 44.5
Published: over 1 year ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXFnbTYtOTQ3Mi1wd3E3
Integer Overflow in openssl-src
Ecosystems: cargo
Packages: openssl-src
Source: GitHub Advisory Database
Blast Radius: 26.7
Published: over 2 years ago
High
GSA_kwCzR0hTQS04cjk2LTg4ODktcWcyeM4AA3OE
HTTPie allows attackers to eavesdrop on communications between the host and server via a man-in-the-middle attack
Ecosystems: pypi
Packages: httpie
Source: GitHub Advisory Database
Blast Radius: 26.6
Published: 6 months ago
High
GSA_kwCzR0hTQS14NWoyLWc2M20tZjhnNM4AA5MK
pqc_kyber KyberSlash: division timings depending on secrets
Ecosystems: cargo
Packages: pqc_kyber
Source: GitHub Advisory Database
Blast Radius: 16.6
Published: 3 months ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWo3cHgtNmh3ai1ocGpn
Open Redirect in OAuth2 Proxy
Ecosystems: go
Packages: github.com/oauth2-proxy/oauth2-proxy
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWpwd2ctNmdmNS01dmg5
Out of bounds write in reorder
Ecosystems: cargo
Packages: reorder
Source: GitHub Advisory Database
Blast Radius: 4.4
Published: over 2 years ago
High
GSA_kwCzR0hTQS05djNqLTRqNjQtcDkzN84AA3Yg
OroPlatform vulnerable to path traversal during temporary file manipulations
Ecosystems: packagist
Packages: oro/platform
Source: GitHub Advisory Database
Blast Radius: 18.7
Published: 5 months ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWNyZjIteG02eC00NnA2
Observable Timing Discrepancy in OpenMage LTS
Ecosystems: packagist
Packages: openmage/magento-lts
Source: GitHub Advisory Database
Blast Radius: 11.9
Published: over 3 years ago
High
GSA_kwCzR0hTQS0zcDlwLTU5cWYtbXF3aM4AA0c4
Apache InLong has Files or Directories Accessible to External Parties
Ecosystems: maven
Packages: org.apache.inlong:manager-workflow
Source: GitHub Advisory Database
Blast Radius: 11.6
Published: 10 months ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWcyeGMtMzVqdy1jNjNw
HTTP Request Smuggling: Invalid Transfer-Encoding in Waitress
Ecosystems: pypi
Packages: waitress
Source: GitHub Advisory Database
Blast Radius: 31.2
Published: over 4 years ago
High
GSA_kwCzR0hTQS03MmhnLTV3cjUtcm1mY84AA3C3
Statamic CMS remote code execution via front-end form uploads
Ecosystems: packagist
Packages: statamic/cms
Source: GitHub Advisory Database
Blast Radius: 21.7
Published: 6 months ago
High
GSA_kwCzR0hTQS05dnAzLTdxd3EtODNyOc0zpw
Server-Side Request Forgery in FUXA
Ecosystems: npm
Packages: @frangoteam/fuxa
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWdjOWctNjdjcS1wN3Y0
Server-Side Request Forgery in Plone
Ecosystems: pypi
Packages: Plone
Source: GitHub Advisory Database
Blast Radius: 6.3
Published: almost 3 years ago
High
GSA_kwCzR0hTQS03MmhoLXhmNzktNDI5cM4AA3ML
Pimcore SQL Injection in Admin Grid Filter API through Multiselect::getFilterConditionExt()
Ecosystems: packagist
Packages: pimcore/pimcore
Source: GitHub Advisory Database
Blast Radius: 21.9
Published: 6 months ago
High
GSA_kwCzR0hTQS1ycWc4LXhqcDItcGc5d84AAhGF
LinOTP replay vulnerability with auto resynchronization enabled for TOTP token
Ecosystems: pypi
Packages: LinOTP
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1ycjhtLTI5ZzgtOGNnY8017g
SQL Injection in Fork CMS
Ecosystems: packagist
Packages: forkcms/forkcms
Source: GitHub Advisory Database
Blast Radius: 5.3
Published: about 2 years ago
High
GSA_kwCzR0hTQS14Zjk2LXcyMjctcjdjNM4AAzfE
Spring Boot Welcome Page Denial of Service
Ecosystems: maven
Packages: org.springframework.boot:spring-boot-autoconfigure
Source: GitHub Advisory Database
Blast Radius: 33.1
Published: 11 months ago
High
GSA_kwCzR0hTQS1nZzM2LTkzNDYtOXF4Oc4AAe5s
phpMyAdmin Remote Code Execution
Ecosystems: packagist
Packages: phpmyadmin/phpmyadmin
Source: GitHub Advisory Database
Blast Radius: 10.1
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1oNmpoLWNmODMtcWNxNc4AAzc1
Code injection in nilsteampassnet/teampass
Ecosystems: packagist
Packages: nilsteampassnet/teampass
Source: GitHub Advisory Database
Blast Radius: 4.3
Published: 12 months ago
High
GSA_kwCzR0hTQS00cTk2LTlmNjMtcDdqas02ew
Path Traversal in ImpressCMS
Ecosystems: packagist
Packages: impresscms/impresscms
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTc5d2YtcWNxdi1yMjJy
Remote code execution in better-macro
Ecosystems: cargo
Packages: better-macro
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
High
GSA_kwCzR0hTQS1yY2p2LW1ncDgtcXZtcs4AA2eX
OpenTelemetry-Go Contrib vulnerable to denial of service in otelhttp due to unbound cardinality metrics
Ecosystems: go
Packages: go.opentelemetry.io/contrib/instrumentation/net/http/httptrace/otelhttptrace, go.opentelemetry.io/contrib/instrumentation/gopkg.in/macaron.v1/otelmacaron, go.opentelemetry.io/contrib/instrumentation/github.com/labstack/echo/otelecho, go.opentelemetry.io/contrib/instrumentation/github.com/gorilla/mux/otelmux, go.opentelemetry.io/contrib/instrumentation/github.com/gin-gonic/gin/otelgin, go.opentelemetry.io/contrib/instrumentation/github.com/emicklei/go-restful/otelrestful, go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp
Source: GitHub Advisory Database
Blast Radius: 31.4
Published: 7 months ago
High
GSA_kwCzR0hTQS04YzY5LXIzOGotcnBmas4AAxI6
Rancher cattle-token is predictable
Ecosystems: go
Packages: github.com/rancher/rancher
Source: GitHub Advisory Database
Blast Radius: 11.4
Published: over 1 year ago
High
GSA_kwCzR0hTQS01bTIyLWNmcTktODZ4Ns4AA2cN
Pickle serialization vulnerable to Deserialization of Untrusted Data
Ecosystems: pypi
Packages: vantage6
Source: GitHub Advisory Database
Blast Radius: 6.9
Published: 7 months ago
High
GSA_kwCzR0hTQS1jN3c3LTljODUtNHF4ds4AAluh
OpenStack Nova Live migration fails to update persistent domain XML
Ecosystems: pypi
Packages: nova
Source: GitHub Advisory Database
Blast Radius: 13.3
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1nbWc1LWYyZ20tcDNoN83zug
Bolt Unrestricted Upload of File with Dangerous Type
Ecosystems: packagist
Packages: bolt/bolt
Source: GitHub Advisory Database
Blast Radius: 20.8
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1qZnhtLXc4ZzItNHJjds36jg
Cisco node-jose improper validation of JWT signature
Ecosystems: npm
Packages: node-jose
Source: GitHub Advisory Database
Blast Radius: 25.7
Published: almost 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW01N2MtNHZ2eC1namdx
Format string vulnerabilities in pancurses
Ecosystems: cargo
Packages: pancurses
Source: GitHub Advisory Database
Blast Radius: 15.5
Published: over 2 years ago
High
GSA_kwCzR0hTQS13NTk4LTI1aG0tanF4M84AAkDH
RCE vulnerability in Jenkins Pipeline: AWS Steps Plugin
Ecosystems: maven
Packages: de.taimos:pipeline-aws
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
High
GSA_kwCzR0hTQS14aHI4LW1wd3EtMnJyMs03nw
Automatic named constructor discovery in Valinor
Ecosystems: packagist
Packages: cuyz/valinor
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS04aDNnLWhjd3AtNmh4cc4AAxbb
semver-tags is vulnerable to Command Injection via the getGitTagsRemote function
Ecosystems: npm
Packages: semver-tags
Source: GitHub Advisory Database
Blast Radius: 3.7
Published: about 1 year ago
High
GSA_kwCzR0hTQS1jcXh4LTY2d2gtOHBqd803oQ
Improper Removal of Sensitive Information Before Storage or Transfer in irrd
Ecosystems: pypi
Packages: irrd
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: about 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXdtNzctcTc0cC01NzYz
Path Traversal in superstatic
Ecosystems: npm
Packages: superstatic
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 6 years ago
High
GSA_kwCzR0hTQS02OXdwLXh3bTctNjl3bc01DA
Exposure of Resource to Wrong Sphere in ThinkPHP Framework
Ecosystems: packagist
Packages: topthink/framework
Source: GitHub Advisory Database
Blast Radius: 26.3
Published: about 2 years ago
High
GSA_kwCzR0hTQS1yODM4LXE2anAtNTh4eM0WdA
Improper Restriction of Excessive Authentication Attempts in py-bcrypt
Ecosystems: pypi
Packages: py-bcrypt
Source: GitHub Advisory Database
Blast Radius: 23.1
Published: over 2 years ago
High
GSA_kwCzR0hTQS02NngzLTZjdzMtdjVnas4AAqwc
Improper Validation of Integrity Check Value in go-tuf
Ecosystems: go
Packages: github.com/theupdateframework/go-tuf
Source: GitHub Advisory Database
Blast Radius: 24.5
Published: almost 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTlqOHEtbTl4NS05ZzZq
Data races in async-coap
Ecosystems: cargo
Packages: async-coap
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
High
GSA_kwCzR0hTQS1nNjd4LW1ncnYtbTNnds4AAj1j
ChakraCore RCE Vulnerability
Ecosystems: nuget
Packages: Microsoft.ChakraCore
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
High
GSA_kwCzR0hTQS14cHc4LXJjd3YtOGY4cM4AA2X-
io.netty:netty-codec-http2 vulnerable to HTTP/2 Rapid Reset Attack
Ecosystems: maven
Packages: io.netty:netty-codec-http2
Source: GitHub Advisory Database
Blast Radius: 23.7
Published: 7 months ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXA5dnYtMzk0NS14OTNo
Cross-Site Scripting in semantic-ui-search
Ecosystems: npm
Packages: semantic-ui-search
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWd2MmgtZ2Y4bS1yNjhq
Exposure of server configuration in github.com/go-vela/server
Ecosystems: go
Packages: github.com/go-vela/compiler
Source: GitHub Advisory Database
Blast Radius: 3.5
Published: about 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTh3Z2Mtamp2di1jdjZ2
Improper Authorization in loopback
Ecosystems: npm
Packages: loopback
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWdxNGgtZjI1NC03Y3c5
Data races in ticketed_lock
Ecosystems: cargo
Packages: ticketed_lock
Source: GitHub Advisory Database
Blast Radius: 3.9
Published: over 2 years ago
High
GSA_kwCzR0hTQS04bWZxLWY1d2otdnc1bc4AAxw5
Nautobot vulnerable to remote code execution via Jinja2 template rendering
Ecosystems: pypi
Packages: nautobot
Source: GitHub Advisory Database
Blast Radius: 12.5
Published: about 1 year ago
High
GSA_kwCzR0hTQS0zcXgzLTZoeHItajJjaM4AA5Ks
eza Potential Heap Overflow Vulnerability for AArch64
Ecosystems: cargo
Packages: eza
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 months ago
High
GSA_kwCzR0hTQS13ZzZwLWptcGMteGptcs4AAz-Z
Backstage Scaffolder plugin has insecure sandbox
Ecosystems: npm
Packages: @backstage/plugin-scaffolder-backend
Source: GitHub Advisory Database
Blast Radius: 21.3
Published: 11 months ago
High
GSA_kwCzR0hTQS01OGZtLXY0cHItamg4cM4AAc65
Moodle Unrestricted file upload vulnerability
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 12.5
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1xY3IzLWhyMmYtNjU1N802vw
SaltStack Salt Permissions Bypass
Ecosystems: pypi
Packages: salt
Source: GitHub Advisory Database
Blast Radius: 23.2
Published: about 2 years ago
High
GSA_kwCzR0hTQS05Nzd2LTI5ajktOXJ4Y83UkA
MoinMoin improper sanitizes user profiles
Ecosystems: pypi
Packages: moin
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS00YzkzLXE3OXYtbXc0Nc3__A
ChakraCore RCE Vulnerability
Ecosystems: nuget
Packages: Microsoft.ChakraCore
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
High
GSA_kwCzR0hTQS00angyLWh2cXctOTNqOc4AAxvF
dd-plist XML External Entitly vulnerability
Ecosystems: maven
Packages: com.googlecode.plist:dd-plist
Source: GitHub Advisory Database
Blast Radius: 18.5
Published: about 1 year ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXIzeGMtNDdxZy1oOTI5
Cross-Site Scripting in @ionic/core
Ecosystems: npm
Packages: @ionic/core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXIzMngtamh3NS1nNDhw
Cross-Site Scripting in eco
Ecosystems: npm
Packages: eco
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
High
GSA_kwCzR0hTQS1nd2Y3LXZmamYtd2Y2eM4AAgqX
matrix-sydent and matrix-synapse Use Cryptographically Weak PRNG
Ecosystems: pypi
Packages: matrix-synapse, matrix-sydent
Source: GitHub Advisory Database
Blast Radius: 10.6
Published: almost 2 years ago
Statistics
Advisories: 18,369
Packages: 8,294
Repositories: 5,017
Ecosystems: 12
Filter by Severity
Moderate 7,928 High 6,358 Critical 2,809 Low 985
Filter by Ecosystem
maven 5,531 packagist 3,809 pypi 3,712 npm 3,543 go 1,895 nuget 1,390 rubygems 814 cargo 777 swift 31 hex 30 actions 16 pub 8
Filter by Package
tensorflow 432 tensorflow-cpu 387 tensorflow-gpu 384 moodle/moodle 323 Microsoft.ChakraCore 247 org.jenkins-ci.main:jenkins-core 189 magento/community-edition 182 org.apache.tomcat:tomcat 134 pimcore/pimcore 116 dolibarr/dolibarr 107 typo3/cms 102 phpmyadmin/phpmyadmin 92 microweber/microweber 91 django 80 apache-airflow 78 drupal/core 76 typo3/cms-core 73 thorsten/phpmyfaq 70 com.fasterxml.jackson.core:jackson-databind 69 ansible 63 drupal/drupal 61 github.com/usememos/memos 59 actionpack 57 org.apache.struts:struts2-core 55 librenms/librenms 54 symfony/symfony 53 concrete5/concrete5 52 salt 50 shopware/platform 48 apache-superset 48 org.keycloak:keycloak-core 47 Plone 45 com.liferay.portal:release.portal.bom 45 plone 43 baserproject/basercms 43 nokogiri 42 rdiffweb 42 Pillow 41 craftcms/cms 40 intelliants/subrion 40 showdoc/showdoc 40 github.com/mattermost/mattermost/server/v8 38 vyper 38 github.com/mattermost/mattermost-server/v6 37 org.apache.tomcat.embed:tomcat-embed-core 37 nilsteampassnet/teampass 37 com.thoughtworks.xstream:xstream 36 shopware/core 36 froxlor/froxlor 36 com.jfinal:jfinal 36 matrix-synapse 35 net.mingsoft:ms-mcms 35 org.xwiki.platform:xwiki-platform-oldcore 34 github.com/answerdev/answer 34 silverstripe/framework 32 snipe/snipe-it 32 org.jenkins-ci.plugins:script-security 32 org.elasticsearch:elasticsearch 32 k8s.io/kubernetes 32 mlflow 31 opencv-python 30 opencv-contrib-python 30 parse-server 29 github.com/argoproj/argo-cd 29 mautic/core 29 github.com/grafana/grafana 28 github.com/hashicorp/vault 28 github.com/rancher/rancher 28 getgrav/grav 28 centreon/centreon 27 Django 27 io.undertow:undertow-core 27 org.keycloak:keycloak-services 27 shopware/shopware 27 electron 26 github.com/hashicorp/nomad 26 openssl-src 26 github.com/hashicorp/consul 26 org.apache.solr:solr-core 25 org.keycloak:keycloak-parent 25 rubygems-update 25 magento/core 24 prestashop/prestashop 24 gogs.io/gogs 24 github.com/argoproj/argo-cd/v2 23 puppet 23 org.springframework.security:spring-security-core 23 remdex/livehelperchat 23 moin 23 pocketmine/pocketmine-mp 23 org.eclipse.jetty:jetty-server 23 grumpydictator/firefly-iii 22 org.apache.nifi:nifi 22 rack 22 ckb 22 getkirby/cms 22 contao/core-bundle 21 activerecord 21 org.apache.openmeetings:openmeetings-parent 21 @openzeppelin/contracts-upgradeable 21 @openzeppelin/contracts 20 org.cloudfoundry.identity:cloudfoundry-identity-server 20 github.com/cilium/cilium 20 github.com/docker/docker 19 org.bouncycastle:bcprov-jdk14 19 github.com/ethereum/go-ethereum 19 code.gitea.io/gitea 19 org.springframework:spring-core 19 DotNetNuke.Core 19 langchain 18 contao/contao 18 com.liferay.portal:release.dxp.bom 18 forkcms/forkcms 18 tribalsystems/zenario 18 com.vaadin:vaadin-bom 18 helm.sh/helm/v3 18 mercurial 17 org.apache.geode:geode-core 17 PaddlePaddle 17 symfony/security 17 cakephp/cakephp 17 golang.org/x/net 17 org.xwiki.platform:xwiki-platform-web-templates 17 francoisjacquet/rosariosis 17 Microsoft.AspNetCore.App.Runtime.win-x86 17 cobbler 17 Microsoft.AspNetCore.App.Runtime.win-x64 17 cockpit-hq/cockpit 17 simplesamlphp/simplesamlphp 17 genix/cms 17 Microsoft.AspNetCore.App.Runtime.win-arm 16 org.apache.activemq:activemq-client 16 directus 16 pillow 16 wasmtime 16 sequelize 16 topthink/framework 16 org.apache.dubbo:dubbo 16 yetiforce/yetiforce-crm 16 rusqlite 16 org.bouncycastle:bcprov-jdk15 16 Microsoft.AspNetCore.App.Runtime.linux-musl-x64 15 nova 15 Microsoft.AspNetCore.App.Runtime.linux-arm64 15 github.com/goharbor/harbor 15 Microsoft.AspNetCore.App.Runtime.linux-arm 15 Microsoft.AspNetCore.App.Runtime.linux-x64 15 org.apache.struts.xwork:xwork-core 15 Microsoft.AspNetCore.App.Runtime.osx-x64 15 openmage/magento-lts 15 cryptography 15 notebook 15 paddlepaddle 15 org.apache.jspwiki:jspwiki-main 15 ghost 14 pyftpdlib 14 ezsystems/ezpublish-kernel 14 gradio 14 zendframework/zendframework1 14 publify_core 14 activesupport 14 modoboa 14 org.xwiki.platform:xwiki-platform-web 14 phpmailer/phpmailer 14 keystone 14 smarty/smarty 14 ec-cube/ec-cube 14 tinymce 14 symfony/security-http 14 typo3/cms-backend 14 Microsoft.AspNetCore.App.Runtime.linux-musl-arm64 14 pyload-ng 14 Microsoft.AspNetCore.App.Runtime.win-arm64 14 swagger-ui 14 neutron 13 codeigniter4/framework 13 lavalite/cms 13 org.apache.hadoop:hadoop-main 13 github.com/containerd/containerd 13 github.com/mattermost/mattermost-server 13 ckeditor4 13 bolt/bolt 13 strapi 13 passenger 13 org.apache.inlong:manager-pojo 13 impresscms/impresscms 13 github.com/traefik/traefik/v2 13 github.com/nats-io/nats-server/v2 13 october/system 13 joplin 13 next 13 elefant/cms 13 org.apache.cxf:cxf 13 com.vaadin:flow-server 12 github.com/go-gitea/gitea 12 org.jenkins-ci.plugins.workflow:workflow-cps 12 dompdf/dompdf 12 vm2 12 Microsoft.NETCore.App.Runtime.win-x86 12 org.jenkins-ci.plugins:git 12
Filter by Repository
https://github.com/tensorflow/tensorflow 432 https://github.com/chakra-core/ChakraCore 214 https://github.com/moodle/moodle 210 https://github.com/xwiki/xwiki-platform 172 https://github.com/jenkinsci/jenkins 148 https://github.com/pimcore/pimcore 111 https://github.com/apache/tomcat 96 https://github.com/apache/airflow 90 https://github.com/microweber/microweber 85 https://github.com/django/django 74 https://github.com/FasterXML/jackson-databind 70 https://github.com/thorsten/phpmyfaq 69 https://github.com/keycloak/keycloak 59 https://github.com/usememos/memos 59 https://github.com/Dolibarr/dolibarr 55 https://github.com/ansible/ansible 53 https://github.com/rails/rails 53 https://github.com/python-pillow/Pillow 52 https://github.com/kubernetes/kubernetes 48 https://github.com/symfony/symfony 47 https://github.com/librenms/librenms 46 https://github.com/apache/struts 46 https://github.com/shopware/platform 43 https://github.com/ikus060/rdiffweb 42 https://github.com/TYPO3/typo3 42 https://github.com/spring-projects/spring-framework 41 https://github.com/vyperlang/vyper 38 https://github.com/star7th/showdoc 38 https://github.com/phpmyadmin/phpmyadmin 38 https://github.com/plone/Products.CMFPlone 37 https://github.com/argoproj/argo-cd 37 https://github.com/x-stream/xstream 36 https://github.com/answerdev/answer 34 https://github.com/concretecms/concretecms 34 https://github.com/octobercms/october 33 https://github.com/apache/activemq 33 https://github.com/matrix-org/synapse 32 https://github.com/saltstack/salt 32 https://github.com/go-gitea/gitea 31 https://github.com/PaddlePaddle/Paddle 31 https://github.com/magento/magento2 31 https://github.com/sparklemotion/nokogiri 31 https://github.com/craftcms/cms 29 https://github.com/parse-community/parse-server 29 https://github.com/opencv/opencv 28 https://github.com/CVEProject/cvelist 28 https://github.com/snipe/snipe-it 28 https://github.com/mautic/mautic 27 https://github.com/froxlor/froxlor 26 https://github.com/apache/inlong 25 https://github.com/electron/electron 25 https://github.com/rancher/rancher 25 https://github.com/mlflow/mlflow 25 https://github.com/TYPO3/TYPO3.CMS 24 https://github.com/shopware/shopware 24 https://github.com/github/advisory-database 23 https://github.com/eclipse/jetty.project 23 https://github.com/livehelperchat/livehelperchat 23 https://github.com/getgrav/grav 23 https://github.com/dotnet/runtime 23 https://github.com/pmmp/PocketMine-MP 23 https://github.com/nervosnetwork/ckb 22 https://github.com/firefly-iii/firefly-iii 22 https://github.com/baserproject/basercms 22 https://github.com/grafana/grafana 22 https://github.com/contao/contao 22 https://github.com/apache/nifi 21 https://github.com/jenkinsci/script-security-plugin 21 https://github.com/strapi/strapi 21 https://github.com/jeecgboot/jeecg-boot 20 https://github.com/cilium/cilium 20 https://github.com/netty/netty 20 https://github.com/PrestaShop/PrestaShop 20 https://github.com/OpenNMS/opennms 20 https://github.com/gogs/gogs 20 https://github.com/OpenZeppelin/openzeppelin-contracts 20 https://github.com/nilsteampassnet/teampass 19 https://github.com/helm/helm 19 https://github.com/apache/cxf 19 https://github.com/hashicorp/consul 19 https://github.com/intelliants/subrion 19 https://github.com/cloudfoundry/uaa 19 https://github.com/nilsteampassnet/TeamPass 18 https://github.com/rubygems/rubygems 18 https://github.com/bcgit/bc-java 18 https://github.com/getkirby/kirby 18 https://github.com/bytecodealliance/wasmtime 17 https://github.com/vaadin/platform 17 https://github.com/liufee/cms 17 https://github.com/rack/rack 17 https://github.com/opencast/opencast 16 https://github.com/rusqlite/rusqlite 16 https://github.com/forkcms/forkcms 16 https://github.com/hashicorp/vault 16 https://github.com/umbraco/Umbraco-CMS 16 https://github.com/etcd-io/etcd 16 https://github.com/sequelize/sequelize 16 https://github.com/yetiforcecompany/yetiforcecrm 16 https://github.com/geoserver/geoserver 15 https://github.com/goharbor/harbor 15 https://github.com/puppetlabs/puppet 15 https://github.com/directus/directus 15 https://github.com/centreon/centreon 15 https://github.com/ethereum/go-ethereum 15 https://github.com/OpenMage/magento-lts 15 https://github.com/apache/camel 15 https://github.com/vantage6/vantage6 14 https://github.com/pyload/pyload 14 https://github.com/cobbler/cobbler 14 https://github.com/PHPMailer/PHPMailer 14 https://github.com/cockpit-hq/cockpit 14 https://github.com/tinymce/tinymce 14 https://github.com/langchain-ai/langchain 14 https://github.com/mattermost/mattermost 14 https://github.com/moby/moby 14 https://github.com/simplesamlphp/simplesamlphp 14 https://github.com/denoland/deno 14 https://github.com/pyca/cryptography 14 https://github.com/xuxueli/xxl-job 13 https://github.com/swagger-api/swagger-ui 13 https://github.com/modoboa/modoboa 13 https://github.com/publify/publify 13 https://github.com/quarkusio/quarkus 13 https://github.com/containerd/containerd 13 https://github.com/undertow-io/undertow 13 https://github.com/gradio-app/gradio 13 https://github.com/hashicorp/nomad 13 https://github.com/golang/go 13 https://github.com/silverstripe/silverstripe-framework 13 https://github.com/dompdf/dompdf 13 https://github.com/ming-soft/MCMS 13 https://github.com/traefik/traefik 13 https://github.com/dromara/hutool 12 https://github.com/patriksimek/vm2 12 https://github.com/backstage/backstage 12 https://github.com/TryGhost/Ghost 12 https://github.com/twisted/twisted 12 https://github.com/apache/kylin 12 https://github.com/nodejs/undici 12 https://github.com/laurent22/joplin 12 https://github.com/ckeditor/ckeditor4 12 https://github.com/apache/dolphinscheduler 12 https://github.com/centreon/centreon-archived 12 https://github.com/janeczku/calibre-web 11 https://github.com/urllib3/urllib3 11 https://github.com/cakephp/cakephp 11 https://github.com/vaadin/flow 11 https://github.com/opencontainers/runc 11 https://github.com/onionshare/onionshare 11 https://github.com/Studio-42/elFinder 11 https://github.com/jquery/jquery 11 https://github.com/zitadel/zitadel 11 https://github.com/openstack/keystone 11 https://github.com/drupal/core 11 https://github.com/thorsten/phpMyFAQ 11 https://github.com/cloudflare/cfrpki 11 https://github.com/igniterealtime/Openfire 11 https://github.com/openfga/openfga 11 https://github.com/containers/podman 11 https://github.com/puma/puma 11 https://github.com/NodeBB/NodeBB 11 https://github.com/aio-libs/aiohttp 11 https://github.com/smarty-php/smarty 11 https://github.com/greenpau/caddy-security 10 https://github.com/jupyter/notebook 10 https://github.com/dotnet/aspnetcore 10 https://github.com/1Panel-dev/1Panel 10 https://github.com/nextauthjs/next-auth 10 https://github.com/phusion/passenger 10 https://github.com/cosmos/cosmos-sdk 10 https://github.com/dpgaspar/Flask-AppBuilder 10 https://github.com/nats-io/nats-server 10 https://github.com/codeigniter4/CodeIgniter4 10 https://github.com/wagtail/wagtail 10 https://github.com/dolibarr/dolibarr 10 https://github.com/ezsystems/ezpublish-kernel 10 https://github.com/pimcore/admin-ui-classic-bundle 10 https://github.com/keystonejs/keystone 10 https://github.com/WWBN/AVideo 10 https://github.com/OPCFoundation/UA-.NETStandard 10 https://github.com/zopefoundation/Zope 10 https://github.com/top-think/framework 10 https://github.com/jenkinsci/git-plugin 10 https://github.com/rails/rails-html-sanitizer 9 https://github.com/ethyca/fides 9 https://github.com/LavaLite/cms 9 https://github.com/apache/lucene-solr 9 https://github.com/DSpace/DSpace 9 https://github.com/cri-o/cri-o 9 https://github.com/cui2shark/cms 9 https://github.com/Graylog2/graylog2-server 9 https://github.com/bolt/bolt 9 https://github.com/alextselegidis/easyappointments 9 https://github.com/giampaolo/pyftpdlib 9 https://github.com/semplon/GeniXCMS 9 https://github.com/funadmin/funadmin 9 https://github.com/evershopcommerce/evershop 9 https://github.com/fatfreecrm/fat_free_crm 9 https://github.com/vercel/next.js 9