Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories

Loading...
Moderate
GSA_kwCzR0hTQS1qNnA5LWhtM3EtaHdtas4AAl81
CSRF vulnerability in MongoDB Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:mongodb
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1jMjZoLThoNHAtNGpnas4AAl83
Missing permission checks in MongoDB Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:mongodb
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
High
GSA_kwCzR0hTQS03dnA1LXhmNXEtZnhqcc4AAl8i
Stored XSS vulnerability in Radiator View Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:radiatorviewplugin
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1oNnh3LW1naHEtNzUyM805cQ
Unsafe parsing in SWHKD
Ecosystems: cargo
Packages: Simple-Wayland-HotKey-Daemon
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS13OW00LTd3NzItcjc2Ns0kdw
Improper Access Control in Onionshare
Ecosystems: pypi
Packages: onionshare-cli
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
High
GSA_kwCzR0hTQS1qcTg0LTZmbW0tNnF2Ns4AAl85
OS command execution vulnerability in Perfecto Plugin
Ecosystems: maven
Packages: io.jenkins.plugins:perfecto
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS0zaDJxLW02M3EtOWNmNs4AAl8f
Missing permission check in Perfecto Plugin
Ecosystems: maven
Packages: io.jenkins.plugins:perfecto
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1mdndoLXd2NDMtOHFqNc4AAl8d
Stored XSS vulnerability in Validating String Parameter Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:validating-string-parameter
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1ocTJoLTltYzMtaDZ3Ms4AAl8v
Stored XSS vulnerability in Pipeline Maven Integration Plugin via unescaped display name
Ecosystems: maven
Packages: org.jenkins-ci.plugins:pipeline-maven
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
High
GSA_kwCzR0hTQS05aGNyLTY2Y2otcjlocM4AAlx8
Stored XSS vulnerability in Jenkins Valgrind Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:valgrind
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1mNnZ4LTNmcTYtaHhtOM4AAkKy
Stored XSS vulnerability in Jenkins FitNesse Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:fitnesse
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1qNTkzLWg1djMtNDV4Ns4AAwny
usememos/memos may leak user information to an authenticated user
Ecosystems: go
Packages: github.com/usememos/memos
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1xdzM2LXJ3NXEtZ3hjcc4AAwpI
usememos/memos Improper Authorization vulnerability
Ecosystems: go
Packages: github.com/usememos/memos
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1yeDJtLXhyNHgtNTRoaM4AAwpA
usememos/memos vulnerable to Improper Authorization
Ecosystems: go
Packages: github.com/usememos/memos
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1ndzltLTJtNXYtYzZ4Nc4AAwp7
usememos/memos Cross-Site Request Forgery vulnerability
Ecosystems: go
Packages: github.com/usememos/memos
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS12aDQzLWNjNngtcHJwcs4AAwqF
usememos/memos vulnerable to Improper Verification of Source of a Communication Channel
Ecosystems: go
Packages: github.com/usememos/memos
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1xZjlxLTN3d3gtOHFqds4AAwpE
usememos/memos Improper Access Control vulnerability
Ecosystems: go
Packages: github.com/usememos/memos
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1jd2g3LTI4dmctam1wcs4AAwqd
pastebinit Path Traversal vulnerability
Ecosystems: go
Packages: github.com/jessfraz/pastebinit
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS1tcWMyLXc5cjgtbW14bc4AAvde
Jenkins Pipeline: Groovy Plugin allows sandbox protection bypass and arbitrary code execution
Ecosystems: maven
Packages: org.jenkins-ci.plugins.workflow:workflow-cps
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS13NnFmLWo0cXItZjk0Ns4AAwrc
Froxlor Improper Authorization vulnerability
Ecosystems: packagist
Packages: froxlor/froxlor
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS0zNXJ4LTdwYzgtNjk2M84AAvdS
API keys stored in plain text by Jenkins Katalon Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:katalon
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
High
GSA_kwCzR0hTQS1xdmhmLTM1NjctcGM0ds4AAjxn
Sandbox bypass vulnerability in Script Security Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:script-security
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS01NG05LWg3cXAtZnd2Z84AAjka
Password stored in plain text by Applatix Plugin
Ecosystems: maven
Packages: com.applatix.jenkins:applatix
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1nbWcyLTN3NnYtOTQ1cM4AAjkW
Password stored in plain text by Parasoft Environment Manager Plugin
Ecosystems: maven
Packages: com.parasoft:environment-manager
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1xajdwLTloZ2YteDhqN84AAjkn
Passwords stored in plain text by Harvest SCM Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:harvest
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS02NzkzLWdtcDktMjUzNc4AAjkj
Password stored in plain text by ECX Copy Data Management Plugin
Ecosystems: maven
Packages: com.catalogic.ecxjenkins:catalogic-ecx
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS02ZmgzLXhod2ctN2hmaM4AAjx1
Jenkins Sonar Quality Gates Plugin transmits credentials in plain text during configuration
Ecosystems: maven
Packages: org.jenkins-ci.plugins:sonar-quality-gates
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS1tMzY1LTk4ajgtdzk2d84AAjx3
Jenkins Zephyr for JIRA Test Management Plugin stores credentials in plain text
Ecosystems: maven
Packages: org.jenkins-ci.plugins:zephyr-for-jira-test-management
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
High
GSA_kwCzR0hTQS01NHc2LXZ4ZmgtZnc3Zs4AAwyX
Http4s improperly parses User-Agent and Server headers
Ecosystems: maven
Packages: org.http4s:http4s-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTM4MzctODd2aC14cTN3
Data race in v9
Ecosystems: cargo
Packages: v9
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1tcTVxLWdwZ3YtcHd4d84AAwpH
usememos/memos Incorrect Use of Privileged APIs vulnerability
Ecosystems: go
Packages: github.com/usememos/memos
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Low
GSA_kwCzR0hTQS0yajNyLXg2eGMtcXFxas4AAjkO
Credential stored in plain text by BMC Release Package and Deployment Plugin
Ecosystems: maven
Packages: RPD:bmc-rpd
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS04ZzZ2LWc4cWMtNXc3as4AAjkp
Token stored in plain text by DigitalOcean Plugin
Ecosystems: maven
Packages: com.dubture.jenkins:digitalocean-plugin
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS0zOG0yLXZyNmctOGM5NM4AAw0n
Apache Sling App CMS vulnerable to reflected Cross-site Scripting
Ecosystems: maven
Packages: org.apache.sling:org.apache.sling.cms
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1oNnBwLXY0ajYtdzc2Y84AAjkg
Password stored in plain text by Dynamic Extended Choice Parameter Plugin
Ecosystems: maven
Packages: com.moded.extendedchoiceparameter:dynamic_extended_choice_parameter
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
High
GSA_kwCzR0hTQS00cHFwLTY5bTMtZjhwcM4AAyQp
NotrinosERP vulnerable to SQL Injection
Ecosystems: packagist
Packages: notrinos/notrinos-erp
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Low
GSA_kwCzR0hTQS00ZmpjLWZ3ajItN3hmZ84AAjxi
Credentials transmitted in plain text by Repository Connector Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:repository-connector
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1xY2ZxLTM1djctNGZ3N84AAjxx
CSRF vulnerability in Mac Plugin
Ecosystems: maven
Packages: fr.edf.jenkins.plugins:mac
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
High
GSA_kwCzR0hTQS01eGg3LTZ2M3gtdnJoas4AAjxw
XXE vulnerability in Rundeck Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:rundeck
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1yampxLTYzYzctODcyNM4AAjxv
CSRF vulnerability in Jenkins P4 Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:p4
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS04NjR2LTZxajctNjJxas4AAxIy
Issue with whitespace in JWT roles in OpenSearch
Ecosystems: maven
Packages: org.opensearch:opensearch-security
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
High
GSA_kwCzR0hTQS1weDJmLWNxcmYtZjJxZ84AAxJO
CSRF vulnerability in Jenkins TestQuality Updater Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:testquality-updater
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS00eHF4LXBxcGotOWZxd84AAvMB
gajira-create GitHub action vulnerable to arbitrary code execution
Ecosystems: actions
Packages: atlassian/gajira-create
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXhtdmctdzRmOS05OXI3
XML External Entity (XXE) vulnerability in bw-calendar-engine
Ecosystems: maven
Packages: org.bedework.caleng:bw-calendar-engine
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 5 years ago
Moderate
GSA_kwCzR0hTQS14cjhoLXdqNHYtcng3Zs4AAxJR
Missing permission check in Jenkins TestQuality Updater Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:testquality-updater
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS04N3JoLXdjODUteHF2Y84AAxJ9
Missing permission checks in Jenkins Orka Plugin allow enumerating credentials IDs
Ecosystems: maven
Packages: io.jenkins.plugins:macstadium-orka
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
High
GSA_kwCzR0hTQS05andoLXF2ZzctZ3I1Oc4AAxJ0
CSRF vulnerability in Jenkins Orka Plugin allow capturing credentials
Ecosystems: maven
Packages: io.jenkins.plugins:macstadium-orka
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1xZ2pxLWhyaGctZjI0aM4AAxJr
Missing permission check in Jenkins RabbitMQ Consumer Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:rabbitmq-consumer
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
High
GSA_kwCzR0hTQS12eHBtLThoY3AtcWgyN84AAxad
Payment information sent to PayPal not necessarily identical to created order
Ecosystems: packagist
Packages: swag/paypal
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS1mNjgzLTM1dzktMjhnNc4AAwWi
Multiple vulnerabilities in extension "Newsletter subscriber management" (fp_newsletter)
Ecosystems: packagist
Packages: fixpunkt/fp-newsletter
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
High
GSA_kwCzR0hTQS13M3FtLTkzdmYtNWhyd84AA1Ej
Cockpit Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: cockpit-hq/cockpit
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 10 months ago
Moderate
GSA_kwCzR0hTQS03Z3B3LWZycGgtZndyZ84AAwWa
TYPO3-EXT-SA-2022-018: Multiple vulnerabilities in extension "Master-Quiz" (fp_masterquiz)
Ecosystems: packagist
Packages: fixpunkt/fp-masterquiz
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS05dzh4LTVodjUtcjZnd84AAxpQ
Cross Site Scripting in usememos/memos
Ecosystems: go
Packages: github.com/usememos/memos
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS03ZzVmLXdyeDgtNWNjZs4AAxxV
GeoServer OGC Filter SQL Injection Vulnerabilities
Ecosystems: maven
Packages: org.geoserver.community:gs-jdbcconfig
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS14cXF3LWNxanAtNTJ4bc4AAiIG
Jenkins Log Parser Plugin vulnerable to Cross-site Scripting
Ecosystems: maven
Packages: org.jenkins-ci.plugins:log-parser
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS04aHdyLTU4OWcteHBqMs4AAiIN
Jenkins Violation Comments to GitLab Plugin has Insufficiently Protected Credentials
Ecosystems: maven
Packages: org.jenkins-ci.plugins:violation-comments-to-gitlab
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS1oNmY1LThqajUtY3hocs4AAx6L
xwiki-platform vulnerable to Remote Code Execution in Annotations
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-annotation-ui
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1ydmpwLWo1ajQtYzlqNc4AA1P9
Gila CMS Cross-site Scripting Vulnerability
Ecosystems: packagist
Packages: gilacms/gila
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 9 months ago
Moderate
GSA_kwCzR0hTQS1mdjRxLTRoMjQtMjNxcs4AAiCB
Jenkins Dashboard View Plugin vulnerable to Cross-site Scripting
Ecosystems: maven
Packages: org.jenkins-ci.plugins:dashboard-view
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1tanE2LXB2OWMtcXBwcc4AA2i8
Arduino Create Agent path traversal - arbitrary file deletion vulnerability
Ecosystems: go
Packages: github.com/arduino/arduino-create-agent
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS05MndwLXI3aG0tNDJnN84AAx7S
XWiki Platform subject to Uncontrolled Resource Consumption
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-oldcore
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
High
GSA_kwCzR0hTQS0zdmY1LXhtMnAtNm1oNc4AA1R0
Cockpit Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: cockpit-hq/cockpit
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 9 months ago
Low
GSA_kwCzR0hTQS05cm1mLTZxZ2otZzN3as4AA1Og
Froxlor vulnerable to business logic errors
Ecosystems: packagist
Packages: froxlor/froxlor
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 9 months ago
Moderate
GSA_kwCzR0hTQS04NjJqLWN2OXAtNmhwZs4AAhns
Jenkins Codefresh Integration Plugin Improper Certificate Validation vulnerability
Ecosystems: maven
Packages: org.jenkins-ci.plugins:codefresh
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
High
GSA_kwCzR0hTQS00cGg3LTVjNDQtcHBwds4AAXfe
kajam allows local users to obtain sensitive information by listing the process
Ecosystems: rubygems
Packages: kajam
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1xM3IyLTIzcjgtd3FyOc4AAxz6
frp_form_answers allows Cross-site Scripting
Ecosystems: packagist
Packages: frappant/frp-form-answers
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS1xeGpnLWpoZ3ctcWhyds4AAyAC
org.xwiki.platform:xwiki-platform-panels-ui vulnerable to Eval Injection
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-panels-ui
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS1wdnA2LTUzcjktOHZ4aM4AAyAe
SQL Injection in Funadmin
Ecosystems: packagist
Packages: funadmin/funadmin
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS0zNmYyLWZjcngtZnA0as4AAyJ4
Authelia allows open redirects on the logout endpoint
Ecosystems: go
Packages: github.com/authelia/authelia/v4
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
High
GSA_kwCzR0hTQS1oZjloLXZ2NG0tMmYzM84AAyCn
Incorrect Authorization in Jenkins Core
Ecosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1jaDlnLXg5ajctcmNncM4AAyLq
imgproxy Cross-site Scripting vulnerability
Ecosystems: go
Packages: github.com/imgproxy/imgproxy/v3
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
High
GSA_kwCzR0hTQS1mY21tLTU0anAtN3ZmNs4AAyNq
Frontier's modexp precompile is slow for even modulus
Ecosystems: cargo
Packages: frontier
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
High
GSA_kwCzR0hTQS0zNG01LTc5NnAtbWpjcM4AAyde
Apache UIMA DUCC allows remote code execution
Ecosystems: maven
Packages: org.apache.uima:uima-ducc-parent
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS1tOHdmLXdtd2gtancybc4AAyAI
SQL Injection in Funadmin
Ecosystems: packagist
Packages: funadmin/funadmin
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS03ajRtLWY4N2ctNXI5cs4AAyV8
Complianz WordPress plugin vulnerable to cross-site scripting
Ecosystems: packagist
Packages: really-simple-plugins/complianz-gdpr
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
High
GSA_kwCzR0hTQS13NGc2LTh4cXAtZzkybc4AAyf9
Jenkins Phabricator Differential Plugin vulnerable to XML external entity (XXE) attacks
Ecosystems: maven
Packages: org.jenkins-ci.plugins:phabricator-plugin
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
High
GSA_kwCzR0hTQS02eDhmLXg2cXctcXd4M84AAyBo
cockpit-hq/cockpit is vulnerable to unrestricted file uploads
Ecosystems: packagist
Packages: cockpit-hq/cockpit
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1wM3c2LTNmN2YtcG05OM4AAygK
Jenkins OctoPerf Load Testing Plugin missing permission check allows for unauthorized server connections
Ecosystems: maven
Packages: org.jenkinsci.plugins:octoperf
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
High
GSA_kwCzR0hTQS03YzQ0LW01ODktMzZ3N84AAyf_
Jenkins Convert To Pipeline Plugin vulnerable to command injection
Ecosystems: maven
Packages: org.jenkins-ci.plugins:convert-to-pipeline
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS0ycjlyLThmY2ctbTM4Z84AAyoL
Goobi viewer Core has Cross-Site Scripting Vulnerability in User Nicknames
Ecosystems: maven
Packages: io.goobi.viewer:viewer-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS1xbTJoLW03OTktODZyY84AAypA
Apache Linkis JDBC EngineConn has deserialization vulnerability
Ecosystems: maven
Packages: org.apache.linkis:linkis-engineconn
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS1nZmhwLWpncDYtODM4as4AAvIk
Orckestra C1 CMS's deserialization of untrusted data allows for arbitrary code execution.
Ecosystems: nuget
Packages: CompositeC1.Core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1oYzcyLXZqM2ctNWcyZ84AArN9
Cross-site Scripting in ZKEACMS
Ecosystems: nuget
Packages: ZKEACMS.Publisher
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
High
GSA_kwCzR0hTQS0yaHc2LTRydjktODJmcM4AAyjG
Uvdesk remote code execution vulnerability
Ecosystems: packagist
Packages: uvdesk/community-skeleton
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
High
GSA_kwCzR0hTQS02dmdoLTlyM2MtMmN4cM4AAyu8
Improper Neutralization of Script-Related HTML Tags (XSS) in the LiveTable Macro
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-web-standard, org.xwiki.platform:xwiki-platform-web, org.xwiki.platform:xwiki-platform-web-templates, org.xwiki.platform:xwiki-platform-flamingo, org.xwiki.platform:xwiki-platform-flamingo-skin, org.xwiki.platform:xwiki-platform-flamingo-skin-resources
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWhnbXcteDg2NS1oZjl4
Arabic Prawn allows remote attackers to execute arbitrary commands via shell metacharacters
Ecosystems: rubygems
Packages: arabic-prawn
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 6 years ago
Moderate
GSA_kwCzR0hTQS1oZ3A5LTJjNHcteDltaM4AAttI
Jenkins Deployer Framework Plugin vulnerable to Path Traversal
Ecosystems: maven
Packages: org.jenkins-ci.plugins:deployer-framework
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
High
GSA_kwCzR0hTQS00dnFwLXBjbTMtNzN4cM4AA1Vs
Jenkins Folders Plugin cross-site request forgery vulnerability
Ecosystems: maven
Packages: org.jenkins-ci.plugins:cloudbees-folder
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 9 months ago
Moderate
GSA_kwCzR0hTQS1tbXF4LWc3OGMtaHZmas33fw
Jenkins AppDynamics Dashboard Plugin has insufficiently protected credentials
Ecosystems: maven
Packages: org.jenkins-ci.plugins:appdynamics-dashboard
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS00NDNtLTNmcjYtdzh3as4AA1Xk
PowerJob incorrect access control vulnerability
Ecosystems: maven
Packages: tech.powerjob:powerjob
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 9 months ago
High
GSA_kwCzR0hTQS1obW03LTZwaDktOGpmMs4AAyuz
org.xwiki.platform:xwiki-platform-livedata-macro vulnerable to Basic Cross-site Scripting
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-livedata-macro
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1qam01LTV2OXYtN2h4Ms4AAyuv
org.xwiki.platform:xwiki-platform-security-authentication-default XSS with authenticate endpoints
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-security-authentication-default
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS1xeDloLWM1djYtZ2hxaM4AAyut
org.xwiki.platform:xwiki-platform-panels-ui Eval Injection vulnerability
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-panels-ui
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS1wOW1qLXY1bWYtbTgyeM4AAyup
org.xwiki.platform:xwiki-platform-notifications-ui Eval Injection vulnerability
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-notifications-ui
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS05cGMyLXg5cWYtN2oycc4AAyuo
org.xwiki.platform:xwiki-platform-legacy-notification-activitymacro Eval Injection vulnerability
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-legacy-notification-activitymacro
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
High
GSA_kwCzR0hTQS00ZjhnLWZxNngtanFycs4AAyun
org.xwiki.platform:xwiki-platform-oldcore vulnerable to data leak through deleted documents
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-oldcore
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1oZnhwLWo5NWotY3dycM4AAx85
uvdesk/community-skeleton vulnerable to Stored Cross-site Scripting
Ecosystems: packagist
Packages: uvdesk/community-skeleton
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1xZ3c5LXZncmYtaDcyM84AAyuQ
Jenkins Report Portal Plugin allows users with Item/Extended Read permission to view tokens on Jenkins controller
Ecosystems: maven
Packages: org.jenkins-ci.plugins:reportportal
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1qNTVqLTI4d2MtdjMzOM4AAyuc
Jenkins Report Portal Plugin configuration form does not mask tokens
Ecosystems: maven
Packages: org.jenkins-ci.plugins:reportportal
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
High
GSA_kwCzR0hTQS1ycmp2LTM0cDUtNGM3cs4AArMw
SQL injection in helloxz/imgurl
Ecosystems: packagist
Packages: helloxz/imgurl
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Statistics
Advisories: 18,774
Packages: 8,381
Repositories: 5,080
Ecosystems: 12
Filter by Severity
Moderate 8,161 High 6,452 Critical 2,849 Low 1,017
Filter by Ecosystem
maven 5,573 packagist 4,003 pypi 3,848 npm 3,557 go 1,935 nuget 1,421 rubygems 815 cargo 780 swift 31 hex 30 actions 16 pub 8
Filter by Package
tensorflow 432 tensorflow-cpu 387 tensorflow-gpu 384 moodle/moodle 323 Microsoft.ChakraCore 247 magento/community-edition 203 org.jenkins-ci.main:jenkins-core 189 org.apache.tomcat:tomcat 134 pimcore/pimcore 116 dolibarr/dolibarr 107 typo3/cms 102 phpmyadmin/phpmyadmin 92 microweber/microweber 91 drupal/core 90 django 80 apache-airflow 78 typo3/cms-core 77 drupal/drupal 75 thorsten/phpmyfaq 70 com.fasterxml.jackson.core:jackson-databind 69 ansible 63 github.com/usememos/memos 59 actionpack 57 org.apache.struts:struts2-core 55 librenms/librenms 54 symfony/symfony 53 salt 53 Plone 52 concrete5/concrete5 52 apache-superset 49 shopware/platform 48 org.keycloak:keycloak-core 47 nova 45 com.liferay.portal:release.portal.bom 45 github.com/grafana/grafana 44 baserproject/basercms 43 nokogiri 43 plone 43 rdiffweb 42 Pillow 41 intelliants/subrion 40 showdoc/showdoc 40 craftcms/cms 40 vyper 38 github.com/mattermost/mattermost/server/v8 38 github.com/mattermost/mattermost-server/v6 37 nilsteampassnet/teampass 37 froxlor/froxlor 37 org.apache.tomcat.embed:tomcat-embed-core 36 shopware/core 36 com.jfinal:jfinal 36 com.thoughtworks.xstream:xstream 36 matrix-synapse 35 net.mingsoft:ms-mcms 35 moin 34 github.com/answerdev/answer 34 org.xwiki.platform:xwiki-platform-oldcore 34 mlflow 33 org.elasticsearch:elasticsearch 32 org.jenkins-ci.plugins:script-security 32 snipe/snipe-it 32 silverstripe/framework 32 k8s.io/kubernetes 32 keystone 30 opencv-contrib-python 30 opencv-python 30 mautic/core 30 Django 30 github.com/argoproj/argo-cd 29 getgrav/grav 29 parse-server 29 github.com/rancher/rancher 28 github.com/hashicorp/vault 28 centreon/centreon 27 io.undertow:undertow-core 27 org.keycloak:keycloak-services 27 shopware/shopware 27 github.com/hashicorp/nomad 26 prestashop/prestashop 26 github.com/hashicorp/consul 26 openssl-src 26 electron 26 rubygems-update 25 org.keycloak:keycloak-parent 25 org.apache.solr:solr-core 25 gogs.io/gogs 24 magento/core 24 pocketmine/pocketmine-mp 23 puppet 23 org.springframework.security:spring-security-core 23 github.com/argoproj/argo-cd/v2 23 remdex/livehelperchat 23 mediawiki/core 23 org.eclipse.jetty:jetty-server 23 ckb 22 grumpydictator/firefly-iii 22 getkirby/cms 22 org.bouncycastle:bcprov-jdk14 22 org.apache.nifi:nifi 22 rack 22 org.apache.openmeetings:openmeetings-parent 21 @openzeppelin/contracts-upgradeable 21 contao/core-bundle 21 activerecord 21 github.com/docker/docker 20 @openzeppelin/contracts 20 org.cloudfoundry.identity:cloudfoundry-identity-server 20 github.com/cilium/cilium 20 github.com/ethereum/go-ethereum 20 tribalsystems/zenario 20 DotNetNuke.Core 19 code.gitea.io/gitea 19 laravel/framework 19 org.springframework:spring-core 19 Microsoft.AspNetCore.App.Runtime.win-x64 18 com.vaadin:vaadin-bom 18 Microsoft.AspNetCore.App.Runtime.win-x86 18 langchain 18 com.liferay.portal:release.dxp.bom 18 forkcms/forkcms 18 glance 18 directus 18 contao/contao 18 helm.sh/helm/v3 18 cockpit-hq/cockpit 18 simplesamlphp/simplesamlphp 18 org.apache.geode:geode-core 17 topthink/framework 17 Microsoft.AspNetCore.App.Runtime.win-arm 17 cobbler 17 genix/cms 17 symfony/security 17 org.xwiki.platform:xwiki-platform-web-templates 17 golang.org/x/net 17 francoisjacquet/rosariosis 17 PaddlePaddle 17 cakephp/cakephp 17 mercurial 17 ezsystems/ezpublish-kernel 17 Microsoft.AspNetCore.App.Runtime.osx-x64 16 org.apache.dubbo:dubbo 16 wasmtime 16 org.apache.activemq:activemq-client 16 rusqlite 16 Microsoft.AspNetCore.App.Runtime.linux-x64 16 Microsoft.AspNetCore.App.Runtime.linux-musl-x64 16 Microsoft.AspNetCore.App.Runtime.linux-arm 16 neutron 16 Microsoft.AspNetCore.App.Runtime.linux-arm64 16 sequelize 16 yetiforce/yetiforce-crm 16 org.bouncycastle:bcprov-jdk15 16 pillow 16 notebook 15 org.apache.jspwiki:jspwiki-main 15 openmage/magento-lts 15 paddlepaddle 15 next 15 github.com/goharbor/harbor 15 Microsoft.AspNetCore.App.Runtime.win-arm64 15 gradio 15 Microsoft.AspNetCore.App.Runtime.linux-musl-arm64 15 cryptography 15 org.apache.struts.xwork:xwork-core 15 org.xwiki.platform:xwiki-platform-web 14 activesupport 14 zendframework/zendframework1 14 ghost 14 ec-cube/ec-cube 14 symfony/security-http 14 smarty/smarty 14 phpmailer/phpmailer 14 tinymce 14 pyload-ng 14 github.com/containerd/containerd 14 publify_core 14 swagger-ui 14 modoboa 14 org.apache.inlong:manager-pojo 14 typo3/cms-backend 14 pyftpdlib 14 codeigniter4/framework 13 github.com/mattermost/mattermost-server 13 lavalite/cms 13 github.com/traefik/traefik/v2 13 joplin 13 elefant/cms 13 october/system 13 strapi 13 bolt/bolt 13 ckeditor4 13 passenger 13 OctoPrint 13 impresscms/impresscms 13 github.com/nats-io/nats-server/v2 13 org.apache.cxf:cxf 13 org.apache.hadoop:hadoop-main 13 actionview 12 deno 12 undici 12
Filter by Repository
https://github.com/tensorflow/tensorflow 432 https://github.com/chakra-core/ChakraCore 214 https://github.com/moodle/moodle 210 https://github.com/xwiki/xwiki-platform 172 https://github.com/jenkinsci/jenkins 148 https://github.com/pimcore/pimcore 111 https://github.com/apache/tomcat 96 https://github.com/django/django 95 https://github.com/apache/airflow 90 https://github.com/microweber/microweber 85 https://github.com/FasterXML/jackson-databind 70 https://github.com/thorsten/phpmyfaq 69 https://github.com/usememos/memos 59 https://github.com/keycloak/keycloak 59 https://github.com/Dolibarr/dolibarr 55 https://github.com/rails/rails 53 https://github.com/ansible/ansible 53 https://github.com/python-pillow/Pillow 52 https://github.com/kubernetes/kubernetes 49 https://github.com/symfony/symfony 47 https://github.com/TYPO3/typo3 46 https://github.com/librenms/librenms 46 https://github.com/apache/struts 46 https://github.com/shopware/platform 43 https://github.com/ikus060/rdiffweb 42 https://github.com/spring-projects/spring-framework 41 https://github.com/grafana/grafana 39 https://github.com/star7th/showdoc 38 https://github.com/vyperlang/vyper 38 https://github.com/phpmyadmin/phpmyadmin 38 https://github.com/plone/Products.CMFPlone 37 https://github.com/argoproj/argo-cd 37 https://github.com/x-stream/xstream 36 https://github.com/openstack/nova 36 https://github.com/concretecms/concretecms 34 https://github.com/answerdev/answer 34 https://github.com/octobercms/october 33 https://github.com/apache/activemq 33 https://github.com/saltstack/salt 32 https://github.com/sparklemotion/nokogiri 32 https://github.com/matrix-org/synapse 32 https://github.com/go-gitea/gitea 31 https://github.com/PaddlePaddle/Paddle 31 https://github.com/magento/magento2 31 https://github.com/parse-community/parse-server 29 https://github.com/craftcms/cms 29 https://github.com/mautic/mautic 28 https://github.com/opencv/opencv 28 https://github.com/CVEProject/cvelist 28 https://github.com/snipe/snipe-it 28 https://github.com/mlflow/mlflow 27 https://github.com/openstack/keystone 27 https://github.com/froxlor/froxlor 26 https://github.com/apache/inlong 26 https://github.com/electron/electron 25 https://github.com/rancher/rancher 25 https://github.com/dotnet/runtime 24 https://github.com/shopware/shopware 24 https://github.com/getgrav/grav 24 https://github.com/TYPO3/TYPO3.CMS 24 https://github.com/pmmp/PocketMine-MP 23 https://github.com/github/advisory-database 23 https://github.com/livehelperchat/livehelperchat 23 https://github.com/eclipse/jetty.project 23 https://github.com/PrestaShop/PrestaShop 22 https://github.com/baserproject/basercms 22 https://github.com/firefly-iii/firefly-iii 22 https://github.com/nervosnetwork/ckb 22 https://github.com/contao/contao 22 https://github.com/apache/nifi 21 https://github.com/jenkinsci/script-security-plugin 21 https://github.com/strapi/strapi 21 https://github.com/netty/netty 20 https://github.com/jeecgboot/jeecg-boot 20 https://github.com/OpenNMS/opennms 20 https://github.com/cilium/cilium 20 https://github.com/OpenZeppelin/openzeppelin-contracts 20 https://github.com/gogs/gogs 20 https://github.com/nilsteampassnet/teampass 19 https://github.com/hashicorp/consul 19 https://github.com/bcgit/bc-java 19 https://github.com/apache/cxf 19 https://github.com/cloudfoundry/uaa 19 https://github.com/helm/helm 19 https://github.com/intelliants/subrion 19 https://github.com/rubygems/rubygems 18 https://github.com/nilsteampassnet/TeamPass 18 https://github.com/getkirby/kirby 18 https://github.com/vaadin/platform 17 https://github.com/rack/rack 17 https://github.com/liufee/cms 17 https://github.com/directus/directus 17 https://github.com/bytecodealliance/wasmtime 17 https://github.com/rusqlite/rusqlite 16 https://github.com/yetiforcecompany/yetiforcecrm 16 https://github.com/etcd-io/etcd 16 https://github.com/opencast/opencast 16 https://github.com/sequelize/sequelize 16 https://github.com/umbraco/Umbraco-CMS 16 https://github.com/forkcms/forkcms 16 https://github.com/ethereum/go-ethereum 16 https://github.com/hashicorp/vault 16 https://github.com/centreon/centreon 15 https://github.com/simplesamlphp/simplesamlphp 15 https://github.com/laravel/framework 15 https://github.com/puppetlabs/puppet 15 https://github.com/goharbor/harbor 15 https://github.com/geoserver/geoserver 15 https://github.com/OpenMage/magento-lts 15 https://github.com/denoland/deno 15 https://github.com/apache/camel 15 https://github.com/containerd/containerd 14 https://github.com/PHPMailer/PHPMailer 14 https://github.com/mattermost/mattermost 14 https://github.com/pyca/cryptography 14 https://github.com/cockpit-hq/cockpit 14 https://github.com/langchain-ai/langchain 14 https://github.com/moby/moby 14 https://github.com/cobbler/cobbler 14 https://github.com/vantage6/vantage6 14 https://github.com/tinymce/tinymce 14 https://github.com/gradio-app/gradio 14 https://github.com/pyload/pyload 14 https://github.com/quarkusio/quarkus 13 https://github.com/traefik/traefik 13 https://github.com/golang/go 13 https://github.com/hashicorp/nomad 13 https://github.com/swagger-api/swagger-ui 13 https://github.com/silverstripe/silverstripe-framework 13 https://github.com/xuxueli/xxl-job 13 https://github.com/dromara/hutool 13 https://github.com/publify/publify 13 https://github.com/modoboa/modoboa 13 https://github.com/undertow-io/undertow 13 https://github.com/ming-soft/MCMS 13 https://github.com/dompdf/dompdf 13 https://github.com/backstage/backstage 12 https://github.com/apache/dolphinscheduler 12 https://github.com/patriksimek/vm2 12 https://github.com/laurent22/joplin 12 https://github.com/ckeditor/ckeditor4 12 https://github.com/twisted/twisted 12 https://github.com/apache/kylin 12 https://github.com/nodejs/undici 12 https://github.com/TryGhost/Ghost 12 https://github.com/centreon/centreon-archived 12 https://github.com/igniterealtime/Openfire 11 https://github.com/top-think/framework 11 https://github.com/Studio-42/elFinder 11 https://github.com/thorsten/phpMyFAQ 11 https://github.com/dotnet/aspnetcore 11 https://github.com/janeczku/calibre-web 11 https://github.com/cakephp/cakephp 11 https://github.com/openfga/openfga 11 https://github.com/drupal/core 11 https://github.com/onionshare/onionshare 11 https://github.com/puma/puma 11 https://github.com/smarty-php/smarty 11 https://github.com/vaadin/flow 11 https://github.com/1Panel-dev/1Panel 11 https://github.com/aio-libs/aiohttp 11 https://github.com/containers/podman 11 https://github.com/ezsystems/ezpublish-kernel 11 https://github.com/cloudflare/cfrpki 11 https://github.com/nats-io/nats-server 11 https://github.com/zitadel/zitadel 11 https://github.com/opencontainers/runc 11 https://github.com/NodeBB/NodeBB 11 https://github.com/urllib3/urllib3 11 https://github.com/vercel/next.js 11 https://github.com/scrapy/scrapy 11 https://github.com/dolibarr/dolibarr 10 https://github.com/jquery/jquery 10 https://github.com/jenkinsci/git-plugin 10 https://github.com/keystonejs/keystone 10 https://github.com/wagtail/wagtail 10 https://github.com/pimcore/admin-ui-classic-bundle 10 https://github.com/openstack/glance 10 https://github.com/nextauthjs/next-auth 10 https://github.com/Sylius/Sylius 10 https://github.com/codeigniter4/CodeIgniter4 10 https://github.com/dpgaspar/Flask-AppBuilder 10 https://github.com/zopefoundation/Zope 10 https://github.com/greenpau/caddy-security 10 https://github.com/phusion/passenger 10 https://github.com/jupyter/notebook 10 https://github.com/nocodb/nocodb 10 https://github.com/OPCFoundation/UA-.NETStandard 10 https://github.com/WWBN/AVideo 10 https://github.com/Pylons/waitress 9 https://github.com/Graylog2/graylog2-server 9 https://github.com/spring-projects/spring-security 9 https://github.com/neorazorx/facturascripts 9 https://github.com/apache/lucene-solr 9 https://github.com/funadmin/funadmin 9 https://github.com/nautobot/nautobot 9 https://github.com/DSpace/DSpace 9 https://github.com/faucetsdn/ryu 9 https://github.com/semplon/GeniXCMS 9