Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories

Loading...
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTY0Z3YtcWcydi12eHY2
Array size is not checked in sized-chunks
Ecosystems: cargo
Packages: sized-chunks
Source: GitHub Advisory Database
Blast Radius: 26.3
Published: over 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZweDctdm02Ni1xeDhy
Path Traversal in github.com/unknwon/cae/zip
Ecosystems: go
Packages: github.com/unknwon/cae
Source: GitHub Advisory Database
Blast Radius: 14.8
Published: almost 3 years ago
High
GSA_kwCzR0hTQS00Mzc0LXA2NjctcDZjOM4AA2ZJ
HTTP/2 rapid reset can cause excessive work in net/http
Ecosystems: go
Packages: golang.org/x/net
Source: GitHub Advisory Database
Blast Radius: 40.8
Published: 7 months ago
High
GSA_kwCzR0hTQS1mZzdyLTJnNGotNWNncs0fhg
Race Condition in tokio
Ecosystems: cargo
Packages: tokio
Source: GitHub Advisory Database
Blast Radius: 38.3
Published: over 2 years ago
High
GSA_kwCzR0hTQS0yaHJ3LWh4NjctMzR4Ns4AAxpM
Resource exhaustion in Django
Ecosystems: pypi
Packages: Django
Source: GitHub Advisory Database
Blast Radius: 38.0
Published: over 1 year ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWozd2gtNW0yNi0ycGY3
Downloads Resources over HTTP in mystem-fix
Ecosystems: npm
Packages: mystem-fix
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 6 years ago
High
GSA_kwCzR0hTQS1waDI4LXd3ZmotZnY3Zs4AATHz
Prototype Pollution in sds
Ecosystems: npm
Packages: sds
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: about 2 years ago
High
GSA_kwCzR0hTQS1xN2h4LW1ydjUtNm1ycM4AAjM1
HashBrown CMS Directory Traversal
Ecosystems: npm
Packages: hashbrown-cms
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXEzamctNGM4Mi1qNHho
Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in Pivotal CredHub Service Broker
Ecosystems: maven
Packages: org.springframework.credhub:spring-credhub-core
Source: GitHub Advisory Database
Blast Radius: 9.0
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWNjaDYtNXg0aC02cWM1
Directory Traversal in tiny-http
Ecosystems: npm
Packages: tiny-http
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTM5d3ItZjRmZi14bTZw
Incorrect implementation in streebog
Ecosystems: cargo
Packages: streebog
Source: GitHub Advisory Database
Blast Radius: 11.5
Published: over 2 years ago
High
GSA_kwCzR0hTQS02MnYyLXh3aDMtNWd2eM4AAz2m
Jenkins Template Workflows Plugin vulnerable to Stored Cross-site Scripting
Ecosystems: maven
Packages: org.jenkins.plugin.templateWorkflows:template-workflows
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 11 months ago
High
GSA_kwCzR0hTQS14Zmc1LXZybWMtMjR3Y84AAqjy
Obsidian Dataview vulnerable to code injection due to unsafe eval
Ecosystems: npm
Packages: obsidian-dataview
Source: GitHub Advisory Database
Blast Radius: 15.4
Published: almost 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZybXEteDJodi12eHBw
Drupal core third-party PEAR Archive_Tar library is vulnerable to Deserialization of Untrusted Data
Ecosystems: packagist
Packages: drupal/drupal
Source: GitHub Advisory Database
Blast Radius: 17.6
Published: over 4 years ago
High
GSA_kwCzR0hTQS14cDc2LTM1N2ctOXdxcc3gGw
SciPy creates insecure temporary directories
Ecosystems: pypi
Packages: scipy
Source: GitHub Advisory Database
Blast Radius: 41.8
Published: about 2 years ago
High
GSA_kwCzR0hTQS1jMmZwLW1wbW0tY3F4ds4AAeyX
Code injection via property expansion in SoapUI
Ecosystems: maven
Packages: com.smartbear.soapui:soapui
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS0zM3ZqLXI2cDYteDRwOM4AA2YJ
Cross-Site Request Forgery (CSRF) in snipe/snipe-it
Ecosystems: packagist
Packages: snipe/snipe-it
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 7 months ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWM5aDUtaGY4ci1tOTd4
Dangling reference in flatbuffers
Ecosystems: cargo
Packages: flatbuffers
Source: GitHub Advisory Database
Blast Radius: 22.1
Published: over 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJ4ODMtcjU2Zy1jdjQ3
Improper certificate validation in org.apache.httpcomponents:httpclient
Ecosystems: maven
Packages: org.apache.httpcomponents:httpclient
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 5 years ago
High
GSA_kwCzR0hTQS1tbWhyLTNqcjctcWoycM4AAU4m
Auth0-ASPNET and Auth0-ASPNET-Owin vulnerable to Cross-Site Request Forgery
Ecosystems: nuget
Packages: auth0-aspnet, Auth0-ASPNET-Owin
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJqcG0tODI3cC1qNDRn
Stored XSS in TimelineJS3
Ecosystems: npm
Packages: @knight-lab/timelinejs
Source: GitHub Advisory Database
Blast Radius: 7.8
Published: almost 4 years ago
High
GSA_kwCzR0hTQS1jOXEzLXI0cnYtbWptN84AAxOU
Fix for arbitrary command execution in custom layout update through blocks
Ecosystems: packagist
Packages: openmage/magento-lts
Source: GitHub Advisory Database
Blast Radius: 10.7
Published: over 1 year ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTR3ajMtcDdoai1jdng4
Double free in ordnung
Ecosystems: cargo
Packages: ordnung
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
High
GSA_kwCzR0hTQS1taDc4LThmNDktdmpnM84AAiHs
Home Assistant information disclosure vulnerability
Ecosystems: pypi
Packages: homeassistant
Source: GitHub Advisory Database
Blast Radius: 20.6
Published: almost 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXFnbTYtOTQ3Mi1wd3E3
Integer Overflow in openssl-src
Ecosystems: cargo
Packages: openssl-src
Source: GitHub Advisory Database
Blast Radius: 26.7
Published: over 2 years ago
High
GSA_kwCzR0hTQS0yZzY4LWMzcWMtODk4Nc4AA7xx
Werkzeug debugger vulnerable to remote execution when interacting with attacker controlled domain
Ecosystems: pypi
Packages: Werkzeug
Source: GitHub Advisory Database
Blast Radius: 36.0
Published: 12 days ago
High
GSA_kwCzR0hTQS14NWoyLWc2M20tZjhnNM4AA5MK
pqc_kyber KyberSlash: division timings depending on secrets
Ecosystems: cargo
Packages: pqc_kyber
Source: GitHub Advisory Database
Blast Radius: 16.6
Published: 3 months ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWo3cHgtNmh3ai1ocGpn
Open Redirect in OAuth2 Proxy
Ecosystems: go
Packages: github.com/oauth2-proxy/oauth2-proxy
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWpwd2ctNmdmNS01dmg5
Out of bounds write in reorder
Ecosystems: cargo
Packages: reorder
Source: GitHub Advisory Database
Blast Radius: 4.4
Published: over 2 years ago
High
GSA_kwCzR0hTQS05djNqLTRqNjQtcDkzN84AA3Yg
OroPlatform vulnerable to path traversal during temporary file manipulations
Ecosystems: packagist
Packages: oro/platform
Source: GitHub Advisory Database
Blast Radius: 18.7
Published: 6 months ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTV4NXctdjR4cS1wNjRy
Directory Traversal in ewgaddis.lab6
Ecosystems: npm
Packages: ewgaddis.lab6
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 6 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWdtMjktMzVjNy04Y2Z3
Cross-Site Scripting in buttle
Ecosystems: npm
Packages: buttle
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJxNGctdzQ3Yy00Njc0
Unpreventable top-level navigation
Ecosystems: npm
Packages: electron
Source: GitHub Advisory Database
Blast Radius: 37.3
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTltcjgtNnBycC1nd2p2
SQL Injection in query-mysql
Ecosystems: npm
Packages: query-mysql
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW03cW0tcjJyNS1mNzdx
Cross-Site Scripting in react-marked-markdown
Ecosystems: npm
Packages: react-marked-markdown
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
High
GSA_kwCzR0hTQS03MmhnLTV3cjUtcm1mY84AA3C3
Statamic CMS remote code execution via front-end form uploads
Ecosystems: packagist
Packages: statamic/cms
Source: GitHub Advisory Database
Blast Radius: 21.7
Published: 6 months ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW13ajctcjV2Yy1obWM5
Directory Traversal in hcbserver
Ecosystems: npm
Packages: hcbserver
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXgyamoteDNxMi03aHBo
Directory Traversal in 11xiaoli
Ecosystems: npm
Packages: 11xiaoli
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWdjOWctNjdjcS1wN3Y0
Server-Side Request Forgery in Plone
Ecosystems: pypi
Packages: Plone
Source: GitHub Advisory Database
Blast Radius: 6.3
Published: almost 3 years ago
High
GSA_kwCzR0hTQS1qMnI3LTNydnctZzdneM4AA0pR
Apache Pulsar Broker's Rest Producer vulnerable to Incorrect Authorization
Ecosystems: maven
Packages: org.apache.pulsar:pulsar-broker
Source: GitHub Advisory Database
Blast Radius: 19.6
Published: 10 months ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXA0OTMtNjM1cS1yNmdy
Remote code execution via the `pretty` option.
Ecosystems: npm
Packages: pug-code-gen, pug
Source: GitHub Advisory Database
Blast Radius: 36.5
Published: about 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXh3cXctcmYycS14bWhm
Cross-Site Scripting in buefy
Ecosystems: npm
Packages: buefy
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTNodm0taGdwdy1yeDRq
Path Traversal in knightjs
Ecosystems: npm
Packages: knightjs
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 5 years ago
High
GSA_kwCzR0hTQS1yeGZxLTN2cGMtdnY3Ms046w
Files or Directories Accessible to External Parties in Adminer
Ecosystems: packagist
Packages: vrana/adminer
Source: GitHub Advisory Database
Blast Radius: 14.8
Published: about 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWh4d2MtNXZ3OS0ydzR3
NoSQL Injection in loopback-connector-mongodb
Ecosystems: npm
Packages: loopback-connector-mongodb
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTIzNjMtY3FnMi04NjNj
XML External Entity (XXE) Injection in JDOM
Ecosystems: maven
Packages: org.jdom:jdom
Source: GitHub Advisory Database
Blast Radius: 29.2
Published: almost 3 years ago
High
GSA_kwCzR0hTQS1ycWc4LXhqcDItcGc5d84AAhGF
LinOTP replay vulnerability with auto resynchronization enabled for TOTP token
Ecosystems: pypi
Packages: LinOTP
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZjYzYtNjZmNS1teGpq
Out-of-bounds write in ChakraCore
Ecosystems: nuget
Packages: Microsoft.ChakraCore
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 3 years ago
High
GSA_kwCzR0hTQS14Zjk2LXcyMjctcjdjNM4AAzfE
Spring Boot Welcome Page Denial of Service
Ecosystems: maven
Packages: org.springframework.boot:spring-boot-autoconfigure
Source: GitHub Advisory Database
Blast Radius: 33.1
Published: 12 months ago
High
GSA_kwCzR0hTQS1nZzM2LTkzNDYtOXF4Oc4AAe5s
phpMyAdmin Remote Code Execution
Ecosystems: packagist
Packages: phpmyadmin/phpmyadmin
Source: GitHub Advisory Database
Blast Radius: 10.1
Published: about 2 years ago
High
GSA_kwCzR0hTQS02MmcyLThwOWYtZ2hqcM4AAXC5
QuickAppsCMS Cross-Site Request Forgery (CSRF)
Ecosystems: packagist
Packages: quickapps/cms
Source: GitHub Advisory Database
Blast Radius: 7.9
Published: about 2 years ago
High
GSA_kwCzR0hTQS1neHd4LWM3bTgtZjk1aM4AAdYo
Drupal Open redirect vulnerability in the drupal_goto function
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 27.6
Published: about 2 years ago
High
GSA_kwCzR0hTQS1jZ3g2LWhwd3EtZmh2Nc4AAgZn
Integer Overflow or Wraparound in libxml2 affects Nokogiri
Ecosystems: rubygems
Packages: nokogiri
Source: GitHub Advisory Database
Blast Radius: 51.9
Published: almost 2 years ago
High
GSA_kwCzR0hTQS00aGNoLXI5eGYtNnZmcs4AAlB1
MJML vulnerable to path traversal
Ecosystems: npm
Packages: mjml
Source: GitHub Advisory Database
Blast Radius: 24.7
Published: almost 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXI4MmMtajRtcS01eGZ3
Update bitlyshortener to >=0.5.0 to prevent generating some invalid short URLs
Ecosystems: pypi
Packages: bitlyshortener
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
High
GSA_kwCzR0hTQS1wajR4LTJ4cjUtdzg3bc4AA08J
Possible image tampering from missing image validation for Packages
Ecosystems: go
Packages: github.com/crossplane/crossplane
Source: GitHub Advisory Database
Blast Radius: 11.6
Published: 10 months ago
High
GSA_kwCzR0hTQS1yY2p2LW1ncDgtcXZtcs4AA2eX
OpenTelemetry-Go Contrib vulnerable to denial of service in otelhttp due to unbound cardinality metrics
Ecosystems: go
Packages: go.opentelemetry.io/contrib/instrumentation/net/http/httptrace/otelhttptrace, go.opentelemetry.io/contrib/instrumentation/gopkg.in/macaron.v1/otelmacaron, go.opentelemetry.io/contrib/instrumentation/github.com/labstack/echo/otelecho, go.opentelemetry.io/contrib/instrumentation/github.com/gorilla/mux/otelmux, go.opentelemetry.io/contrib/instrumentation/github.com/gin-gonic/gin/otelgin, go.opentelemetry.io/contrib/instrumentation/github.com/emicklei/go-restful/otelrestful, go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp
Source: GitHub Advisory Database
Blast Radius: 31.4
Published: 7 months ago
High
GSA_kwCzR0hTQS04YzY5LXIzOGotcnBmas4AAxI6
Rancher cattle-token is predictable
Ecosystems: go
Packages: github.com/rancher/rancher
Source: GitHub Advisory Database
Blast Radius: 11.4
Published: over 1 year ago
High
GSA_kwCzR0hTQS01bTIyLWNmcTktODZ4Ns4AA2cN
Pickle serialization vulnerable to Deserialization of Untrusted Data
Ecosystems: pypi
Packages: vantage6
Source: GitHub Advisory Database
Blast Radius: 6.9
Published: 7 months ago
High
GSA_kwCzR0hTQS0zcDl2LXhwNnctd2NtY84AAUyK
QuickAppsCMS Cross-Site Request Forgery (CSRF)
Ecosystems: packagist
Packages: quickapps/cms
Source: GitHub Advisory Database
Blast Radius: 7.9
Published: about 2 years ago
High
GSA_kwCzR0hTQS01NWc3LTljd3YtNXFmds4AA2By
snappy-java's missing upper bound check on chunk length can lead to Denial of Service (DoS) impact
Ecosystems: maven
Packages: org.xerial.snappy:snappy-java
Source: GitHub Advisory Database
Blast Radius: 30.0
Published: 8 months ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXIyeDYtdnJ4eC1qZ3Y0
Data races in multiqueue
Ecosystems: cargo
Packages: multiqueue
Source: GitHub Advisory Database
Blast Radius: 9.8
Published: over 2 years ago
High
GSA_kwCzR0hTQS1qaG03LTM4eGotcHZtOM4AAgFD
Cobbler is vulnerable to code injection
Ecosystems: pypi
Packages: cobbler
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS1wZ2pqLTg2NnctZmM1Y80WeQ
Risk of code injection
Ecosystems: npm
Packages: rsshub
Source: GitHub Advisory Database
Blast Radius: 10.4
Published: over 2 years ago
High
GSA_kwCzR0hTQS1mZm1oLXg1NmotOXJjM84AAtG4
jquery-validation Regular Expression Denial of Service due to arbitrary input to url2 method
Ecosystems: npm
Packages: jquery-validation
Source: GitHub Advisory Database
Blast Radius: 31.8
Published: almost 2 years ago
High
GSA_kwCzR0hTQS0zbXY4LXgzamotM2o3bc4AAQA7
ChakraCore RCE Vulnerability
Ecosystems: nuget
Packages: Microsoft.ChakraCore
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS1jaGd3LTM2eHYtNDdjd84AAkoc
OpenStack Keystone EC2 and/or credential endpoints are not protected from a scoped context
Ecosystems: pypi
Packages: keystone
Source: GitHub Advisory Database
Blast Radius: 13.8
Published: almost 2 years ago
High
GSA_kwCzR0hTQS04aDNnLWhjd3AtNmh4cc4AAxbb
semver-tags is vulnerable to Command Injection via the getGitTagsRemote function
Ecosystems: npm
Packages: semver-tags
Source: GitHub Advisory Database
Blast Radius: 3.7
Published: over 1 year ago
High
GSA_kwCzR0hTQS14NzJmLWdnanctdjV4aM4AAoYA
Drupal Core Arbitrary PHP code execution vulnerability
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 32.8
Published: almost 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXdtNzctcTc0cC01NzYz
Path Traversal in superstatic
Ecosystems: npm
Packages: superstatic
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 6 years ago
High
GSA_kwCzR0hTQS14dmY3LTR2OXEtNTh3Ns4AArfv
Infinite loop in jpeg-js
Ecosystems: npm
Packages: jpeg-js
Source: GitHub Advisory Database
Blast Radius: 39.0
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1qOGhnLXY1cXYtOW0yOM4AA6gv
Centreon updateContactServiceCommands SQL Injection Remote Code Execution Vulnerability
Ecosystems: packagist
Packages: centreon/centreon
Source: GitHub Advisory Database
Blast Radius: 3.4
Published: about 2 months ago
High
GSA_kwCzR0hTQS1yODM4LXE2anAtNTh4eM0WdA
Improper Restriction of Excessive Authentication Attempts in py-bcrypt
Ecosystems: pypi
Packages: py-bcrypt
Source: GitHub Advisory Database
Blast Radius: 23.1
Published: over 2 years ago
High
GSA_kwCzR0hTQS03MjlxLWZjZ3AtcjV4aM4AA3kR
Apache Struts Improper Control of Dynamically-Managed Code Resources vulnerability
Ecosystems: maven
Packages: org.apache.struts:struts2-core
Source: GitHub Advisory Database
Blast Radius: 28.4
Published: 6 months ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTlqOHEtbTl4NS05ZzZq
Data races in async-coap
Ecosystems: cargo
Packages: async-coap
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
High
GSA_kwCzR0hTQS0yajRnLXY0ZnYtcmh3Z84AA6g0
Centreon updateContactHostCommands SQL Injection Remote Code Execution Vulnerability
Ecosystems: packagist
Packages: centreon/centreon
Source: GitHub Advisory Database
Blast Radius: 3.4
Published: about 2 months ago
High
GSA_kwCzR0hTQS14cHc4LXJjd3YtOGY4cM4AA2X-
io.netty:netty-codec-http2 vulnerable to HTTP/2 Rapid Reset Attack
Ecosystems: maven
Packages: io.netty:netty-codec-http2
Source: GitHub Advisory Database
Blast Radius: 23.7
Published: 7 months ago
High
GSA_kwCzR0hTQS01bWgyLTgyZzktNzJqds4AAmiZ
Subrion CMS CSRF Vulnerability
Ecosystems: packagist
Packages: intelliants/subrion
Source: GitHub Advisory Database
Blast Radius: 5.3
Published: almost 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXBwNzUteGZwdy0zN2c5
Prototype pollution in grpc and @grpc/grpc-js
Ecosystems: npm
Packages: @grpc/grpc-js, grpc
Source: GitHub Advisory Database
Blast Radius: 40.4
Published: about 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWd2MmgtZ2Y4bS1yNjhq
Exposure of server configuration in github.com/go-vela/server
Ecosystems: go
Packages: github.com/go-vela/compiler
Source: GitHub Advisory Database
Blast Radius: 3.5
Published: over 2 years ago
High
GSA_kwCzR0hTQS02MjZyLWNqNDctcDQ5Z84AA6gu
Centreon insertGraphTemplate SQL Injection Remote Code Execution Vulnerability
Ecosystems: packagist
Packages: centreon/centreon
Source: GitHub Advisory Database
Blast Radius: 4.2
Published: about 2 months ago
High
GSA_kwCzR0hTQS14NzZyLTk2NmgtNXF2Oc0fog
Out-of-bounds Write in vec-const
Ecosystems: cargo
Packages: vec-const
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWdxNGgtZjI1NC03Y3c5
Data races in ticketed_lock
Ecosystems: cargo
Packages: ticketed_lock
Source: GitHub Advisory Database
Blast Radius: 3.9
Published: over 2 years ago
High
GSA_kwCzR0hTQS1ocjg5LXc3cDYtcGptcc4AASqx
express-cart allows any user to create an admin user
Ecosystems: npm
Packages: express-cart
Source: GitHub Advisory Database
Blast Radius: 2.6
Published: about 2 years ago
High
GSA_kwCzR0hTQS1xZ3h4LTR4djUtNmhjd84AA6Rk
phpMyFAQ SQL Injection at "Save News"
Ecosystems: packagist
Packages: phpmyfaq/phpmyfaq
Source: GitHub Advisory Database
Blast Radius: 5.3
Published: about 2 months ago
High
GSA_kwCzR0hTQS13ZzZwLWptcGMteGptcs4AAz-Z
Backstage Scaffolder plugin has insecure sandbox
Ecosystems: npm
Packages: @backstage/plugin-scaffolder-backend
Source: GitHub Advisory Database
Blast Radius: 21.3
Published: 11 months ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWNycG0tZm00OC1jaGo3
SQL Injection in resquel
Ecosystems: npm
Packages: resquel
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
High
GSA_kwCzR0hTQS00dzYyLWNxNXItNW1tcc4AARAO
express-cart unrestricted file upload vulnerability
Ecosystems: npm
Packages: express-cart
Source: GitHub Advisory Database
Blast Radius: 2.6
Published: about 2 years ago
High
GSA_kwCzR0hTQS04cXhwLWc4anYtcDM3eM3rvA
Improper Authorization in Jenkins Core
Ecosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS05Nzd2LTI5ajktOXJ4Y83UkA
MoinMoin improper sanitizes user profiles
Ecosystems: pypi
Packages: moin
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS00YzkzLXE3OXYtbXc0Nc3__A
ChakraCore RCE Vulnerability
Ecosystems: nuget
Packages: Microsoft.ChakraCore
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZoaHcteGp2Zi13cHJy
Command Injection in @graphql-tools/git-loader
Ecosystems: npm
Packages: @graphql-tools/git-loader
Source: GitHub Advisory Database
Blast Radius: 38.9
Published: over 3 years ago
High
GSA_kwCzR0hTQS00d3JyLTloNXItbTkyd83e2w
Apache Struts Remote Java Code Execution
Ecosystems: maven
Packages: org.apache.struts.xwork:xwork-core, org.apache.struts:struts2-core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS1qN2g2LXhyN2ctbTJjNc4AAcrC
Code injection in Apache Struts
Ecosystems: maven
Packages: org.apache.struts:struts2-rest-plugin, org.apache.struts:struts2-core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS1nd2M5LTM0OHgtcXd2Ms03ng
Use after free in Wasmtime
Ecosystems: cargo
Packages: wasmtime
Source: GitHub Advisory Database
Blast Radius: 27.5
Published: about 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZjM3gtZ3g2Yy1nOTlm
Denial of Service in Bytom
Ecosystems: go
Packages: github.com/bytom/bytom
Source: GitHub Advisory Database
Blast Radius: 3.6
Published: over 2 years ago
High
GSA_kwCzR0hTQS13Z3cyLXd3cTgtYzd3Zs3_7A
ChakraCore RCE Vulnerability
Ecosystems: nuget
Packages: Microsoft.ChakraCore
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXBjaGMtOTQ5Zi01M201
Improper Input Validation in multi_xml
Ecosystems: rubygems
Packages: multi_xml
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 6 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWM3ZmgtY2hmNy1qcjV4
ReDOS in Vfsjfilechooser2
Ecosystems: maven
Packages: com.github.fracpete:vfsjfilechooser2
Source: GitHub Advisory Database
Blast Radius: 7.5
Published: over 2 years ago
High
GSA_kwCzR0hTQS1jdjI1LTNnbWctYzZtOM0grQ
Injection in UserFrosting
Ecosystems: packagist
Packages: userfrosting/userfrosting
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Statistics
Advisories: 18,774
Packages: 8,381
Repositories: 5,080
Ecosystems: 12
Filter by Severity
Moderate 8,161 High 6,452 Critical 2,849 Low 1,017
Filter by Ecosystem
maven 5,573 packagist 4,003 pypi 3,848 npm 3,557 go 1,935 nuget 1,421 rubygems 815 cargo 780 swift 31 hex 30 actions 16 pub 8
Filter by Package
tensorflow 432 tensorflow-cpu 387 tensorflow-gpu 384 moodle/moodle 323 Microsoft.ChakraCore 247 magento/community-edition 203 org.jenkins-ci.main:jenkins-core 189 org.apache.tomcat:tomcat 134 pimcore/pimcore 116 dolibarr/dolibarr 107 typo3/cms 102 phpmyadmin/phpmyadmin 92 microweber/microweber 91 drupal/core 90 django 80 apache-airflow 78 typo3/cms-core 77 drupal/drupal 75 thorsten/phpmyfaq 70 com.fasterxml.jackson.core:jackson-databind 69 ansible 63 github.com/usememos/memos 59 actionpack 57 org.apache.struts:struts2-core 55 librenms/librenms 54 symfony/symfony 53 salt 53 Plone 52 concrete5/concrete5 52 apache-superset 49 shopware/platform 48 org.keycloak:keycloak-core 47 nova 45 com.liferay.portal:release.portal.bom 45 github.com/grafana/grafana 44 baserproject/basercms 43 nokogiri 43 plone 43 rdiffweb 42 Pillow 41 intelliants/subrion 40 showdoc/showdoc 40 craftcms/cms 40 vyper 38 github.com/mattermost/mattermost/server/v8 38 github.com/mattermost/mattermost-server/v6 37 nilsteampassnet/teampass 37 froxlor/froxlor 37 org.apache.tomcat.embed:tomcat-embed-core 36 shopware/core 36 com.jfinal:jfinal 36 com.thoughtworks.xstream:xstream 36 matrix-synapse 35 net.mingsoft:ms-mcms 35 moin 34 github.com/answerdev/answer 34 org.xwiki.platform:xwiki-platform-oldcore 34 mlflow 33 org.elasticsearch:elasticsearch 32 org.jenkins-ci.plugins:script-security 32 snipe/snipe-it 32 silverstripe/framework 32 k8s.io/kubernetes 32 keystone 30 opencv-contrib-python 30 opencv-python 30 mautic/core 30 Django 30 github.com/argoproj/argo-cd 29 getgrav/grav 29 parse-server 29 github.com/rancher/rancher 28 github.com/hashicorp/vault 28 centreon/centreon 27 io.undertow:undertow-core 27 org.keycloak:keycloak-services 27 shopware/shopware 27 github.com/hashicorp/nomad 26 prestashop/prestashop 26 github.com/hashicorp/consul 26 openssl-src 26 electron 26 rubygems-update 25 org.keycloak:keycloak-parent 25 org.apache.solr:solr-core 25 gogs.io/gogs 24 magento/core 24 pocketmine/pocketmine-mp 23 puppet 23 org.springframework.security:spring-security-core 23 github.com/argoproj/argo-cd/v2 23 remdex/livehelperchat 23 mediawiki/core 23 org.eclipse.jetty:jetty-server 23 ckb 22 grumpydictator/firefly-iii 22 getkirby/cms 22 org.bouncycastle:bcprov-jdk14 22 org.apache.nifi:nifi 22 rack 22 org.apache.openmeetings:openmeetings-parent 21 @openzeppelin/contracts-upgradeable 21 contao/core-bundle 21 activerecord 21 github.com/docker/docker 20 @openzeppelin/contracts 20 org.cloudfoundry.identity:cloudfoundry-identity-server 20 github.com/cilium/cilium 20 github.com/ethereum/go-ethereum 20 tribalsystems/zenario 20 DotNetNuke.Core 19 code.gitea.io/gitea 19 laravel/framework 19 org.springframework:spring-core 19 Microsoft.AspNetCore.App.Runtime.win-x64 18 com.vaadin:vaadin-bom 18 Microsoft.AspNetCore.App.Runtime.win-x86 18 langchain 18 com.liferay.portal:release.dxp.bom 18 forkcms/forkcms 18 glance 18 directus 18 contao/contao 18 helm.sh/helm/v3 18 cockpit-hq/cockpit 18 simplesamlphp/simplesamlphp 18 org.apache.geode:geode-core 17 topthink/framework 17 Microsoft.AspNetCore.App.Runtime.win-arm 17 cobbler 17 genix/cms 17 symfony/security 17 org.xwiki.platform:xwiki-platform-web-templates 17 golang.org/x/net 17 francoisjacquet/rosariosis 17 PaddlePaddle 17 cakephp/cakephp 17 mercurial 17 ezsystems/ezpublish-kernel 17 Microsoft.AspNetCore.App.Runtime.osx-x64 16 org.apache.dubbo:dubbo 16 wasmtime 16 org.apache.activemq:activemq-client 16 rusqlite 16 Microsoft.AspNetCore.App.Runtime.linux-x64 16 Microsoft.AspNetCore.App.Runtime.linux-musl-x64 16 Microsoft.AspNetCore.App.Runtime.linux-arm 16 neutron 16 Microsoft.AspNetCore.App.Runtime.linux-arm64 16 sequelize 16 yetiforce/yetiforce-crm 16 org.bouncycastle:bcprov-jdk15 16 pillow 16 notebook 15 org.apache.jspwiki:jspwiki-main 15 openmage/magento-lts 15 paddlepaddle 15 next 15 github.com/goharbor/harbor 15 Microsoft.AspNetCore.App.Runtime.win-arm64 15 gradio 15 Microsoft.AspNetCore.App.Runtime.linux-musl-arm64 15 cryptography 15 org.apache.struts.xwork:xwork-core 15 org.xwiki.platform:xwiki-platform-web 14 activesupport 14 zendframework/zendframework1 14 ghost 14 ec-cube/ec-cube 14 symfony/security-http 14 smarty/smarty 14 phpmailer/phpmailer 14 tinymce 14 pyload-ng 14 github.com/containerd/containerd 14 publify_core 14 swagger-ui 14 modoboa 14 org.apache.inlong:manager-pojo 14 typo3/cms-backend 14 pyftpdlib 14 codeigniter4/framework 13 github.com/mattermost/mattermost-server 13 lavalite/cms 13 github.com/traefik/traefik/v2 13 joplin 13 elefant/cms 13 october/system 13 strapi 13 bolt/bolt 13 ckeditor4 13 passenger 13 OctoPrint 13 impresscms/impresscms 13 github.com/nats-io/nats-server/v2 13 org.apache.cxf:cxf 13 org.apache.hadoop:hadoop-main 13 actionview 12 deno 12 undici 12
Filter by Repository
https://github.com/tensorflow/tensorflow 432 https://github.com/chakra-core/ChakraCore 214 https://github.com/moodle/moodle 210 https://github.com/xwiki/xwiki-platform 172 https://github.com/jenkinsci/jenkins 148 https://github.com/pimcore/pimcore 111 https://github.com/apache/tomcat 96 https://github.com/django/django 95 https://github.com/apache/airflow 90 https://github.com/microweber/microweber 85 https://github.com/FasterXML/jackson-databind 70 https://github.com/thorsten/phpmyfaq 69 https://github.com/usememos/memos 59 https://github.com/keycloak/keycloak 59 https://github.com/Dolibarr/dolibarr 55 https://github.com/rails/rails 53 https://github.com/ansible/ansible 53 https://github.com/python-pillow/Pillow 52 https://github.com/kubernetes/kubernetes 49 https://github.com/symfony/symfony 47 https://github.com/TYPO3/typo3 46 https://github.com/librenms/librenms 46 https://github.com/apache/struts 46 https://github.com/shopware/platform 43 https://github.com/ikus060/rdiffweb 42 https://github.com/spring-projects/spring-framework 41 https://github.com/grafana/grafana 39 https://github.com/star7th/showdoc 38 https://github.com/vyperlang/vyper 38 https://github.com/phpmyadmin/phpmyadmin 38 https://github.com/plone/Products.CMFPlone 37 https://github.com/argoproj/argo-cd 37 https://github.com/x-stream/xstream 36 https://github.com/openstack/nova 36 https://github.com/concretecms/concretecms 34 https://github.com/answerdev/answer 34 https://github.com/octobercms/october 33 https://github.com/apache/activemq 33 https://github.com/saltstack/salt 32 https://github.com/sparklemotion/nokogiri 32 https://github.com/matrix-org/synapse 32 https://github.com/go-gitea/gitea 31 https://github.com/PaddlePaddle/Paddle 31 https://github.com/magento/magento2 31 https://github.com/parse-community/parse-server 29 https://github.com/craftcms/cms 29 https://github.com/mautic/mautic 28 https://github.com/opencv/opencv 28 https://github.com/CVEProject/cvelist 28 https://github.com/snipe/snipe-it 28 https://github.com/mlflow/mlflow 27 https://github.com/openstack/keystone 27 https://github.com/froxlor/froxlor 26 https://github.com/apache/inlong 26 https://github.com/electron/electron 25 https://github.com/rancher/rancher 25 https://github.com/dotnet/runtime 24 https://github.com/shopware/shopware 24 https://github.com/getgrav/grav 24 https://github.com/TYPO3/TYPO3.CMS 24 https://github.com/pmmp/PocketMine-MP 23 https://github.com/github/advisory-database 23 https://github.com/livehelperchat/livehelperchat 23 https://github.com/eclipse/jetty.project 23 https://github.com/PrestaShop/PrestaShop 22 https://github.com/baserproject/basercms 22 https://github.com/firefly-iii/firefly-iii 22 https://github.com/nervosnetwork/ckb 22 https://github.com/contao/contao 22 https://github.com/apache/nifi 21 https://github.com/jenkinsci/script-security-plugin 21 https://github.com/strapi/strapi 21 https://github.com/netty/netty 20 https://github.com/jeecgboot/jeecg-boot 20 https://github.com/OpenNMS/opennms 20 https://github.com/cilium/cilium 20 https://github.com/OpenZeppelin/openzeppelin-contracts 20 https://github.com/gogs/gogs 20 https://github.com/nilsteampassnet/teampass 19 https://github.com/hashicorp/consul 19 https://github.com/bcgit/bc-java 19 https://github.com/apache/cxf 19 https://github.com/cloudfoundry/uaa 19 https://github.com/helm/helm 19 https://github.com/intelliants/subrion 19 https://github.com/rubygems/rubygems 18 https://github.com/nilsteampassnet/TeamPass 18 https://github.com/getkirby/kirby 18 https://github.com/vaadin/platform 17 https://github.com/rack/rack 17 https://github.com/liufee/cms 17 https://github.com/directus/directus 17 https://github.com/bytecodealliance/wasmtime 17 https://github.com/rusqlite/rusqlite 16 https://github.com/yetiforcecompany/yetiforcecrm 16 https://github.com/etcd-io/etcd 16 https://github.com/opencast/opencast 16 https://github.com/sequelize/sequelize 16 https://github.com/umbraco/Umbraco-CMS 16 https://github.com/forkcms/forkcms 16 https://github.com/ethereum/go-ethereum 16 https://github.com/hashicorp/vault 16 https://github.com/centreon/centreon 15 https://github.com/simplesamlphp/simplesamlphp 15 https://github.com/laravel/framework 15 https://github.com/puppetlabs/puppet 15 https://github.com/goharbor/harbor 15 https://github.com/geoserver/geoserver 15 https://github.com/OpenMage/magento-lts 15 https://github.com/denoland/deno 15 https://github.com/apache/camel 15 https://github.com/containerd/containerd 14 https://github.com/PHPMailer/PHPMailer 14 https://github.com/mattermost/mattermost 14 https://github.com/pyca/cryptography 14 https://github.com/cockpit-hq/cockpit 14 https://github.com/langchain-ai/langchain 14 https://github.com/moby/moby 14 https://github.com/cobbler/cobbler 14 https://github.com/vantage6/vantage6 14 https://github.com/tinymce/tinymce 14 https://github.com/gradio-app/gradio 14 https://github.com/pyload/pyload 14 https://github.com/quarkusio/quarkus 13 https://github.com/traefik/traefik 13 https://github.com/golang/go 13 https://github.com/hashicorp/nomad 13 https://github.com/swagger-api/swagger-ui 13 https://github.com/silverstripe/silverstripe-framework 13 https://github.com/xuxueli/xxl-job 13 https://github.com/dromara/hutool 13 https://github.com/publify/publify 13 https://github.com/modoboa/modoboa 13 https://github.com/undertow-io/undertow 13 https://github.com/ming-soft/MCMS 13 https://github.com/dompdf/dompdf 13 https://github.com/backstage/backstage 12 https://github.com/apache/dolphinscheduler 12 https://github.com/patriksimek/vm2 12 https://github.com/laurent22/joplin 12 https://github.com/ckeditor/ckeditor4 12 https://github.com/twisted/twisted 12 https://github.com/apache/kylin 12 https://github.com/nodejs/undici 12 https://github.com/TryGhost/Ghost 12 https://github.com/centreon/centreon-archived 12 https://github.com/igniterealtime/Openfire 11 https://github.com/top-think/framework 11 https://github.com/Studio-42/elFinder 11 https://github.com/thorsten/phpMyFAQ 11 https://github.com/dotnet/aspnetcore 11 https://github.com/janeczku/calibre-web 11 https://github.com/cakephp/cakephp 11 https://github.com/openfga/openfga 11 https://github.com/drupal/core 11 https://github.com/onionshare/onionshare 11 https://github.com/puma/puma 11 https://github.com/smarty-php/smarty 11 https://github.com/vaadin/flow 11 https://github.com/1Panel-dev/1Panel 11 https://github.com/aio-libs/aiohttp 11 https://github.com/containers/podman 11 https://github.com/ezsystems/ezpublish-kernel 11 https://github.com/cloudflare/cfrpki 11 https://github.com/nats-io/nats-server 11 https://github.com/zitadel/zitadel 11 https://github.com/opencontainers/runc 11 https://github.com/NodeBB/NodeBB 11 https://github.com/urllib3/urllib3 11 https://github.com/vercel/next.js 11 https://github.com/scrapy/scrapy 11 https://github.com/dolibarr/dolibarr 10 https://github.com/jquery/jquery 10 https://github.com/jenkinsci/git-plugin 10 https://github.com/keystonejs/keystone 10 https://github.com/wagtail/wagtail 10 https://github.com/pimcore/admin-ui-classic-bundle 10 https://github.com/openstack/glance 10 https://github.com/nextauthjs/next-auth 10 https://github.com/Sylius/Sylius 10 https://github.com/codeigniter4/CodeIgniter4 10 https://github.com/dpgaspar/Flask-AppBuilder 10 https://github.com/zopefoundation/Zope 10 https://github.com/greenpau/caddy-security 10 https://github.com/phusion/passenger 10 https://github.com/jupyter/notebook 10 https://github.com/nocodb/nocodb 10 https://github.com/OPCFoundation/UA-.NETStandard 10 https://github.com/WWBN/AVideo 10 https://github.com/Pylons/waitress 9 https://github.com/Graylog2/graylog2-server 9 https://github.com/spring-projects/spring-security 9 https://github.com/neorazorx/facturascripts 9 https://github.com/apache/lucene-solr 9 https://github.com/funadmin/funadmin 9 https://github.com/nautobot/nautobot 9 https://github.com/DSpace/DSpace 9 https://github.com/faucetsdn/ryu 9 https://github.com/semplon/GeniXCMS 9