Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories

Loading...
Moderate
GSA_kwCzR0hTQS1jN2ZtLWp4NTktd2pmNs0lQA
Authorization Bypass Through User-Controlled Key in LiveHelperChat
Ecosystems: packagist
Packages: remdex/livehelperchat
Source: GitHub Advisory Database
Blast Radius: 4.5
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS03djN4LWg3cjItMzRqds0lXg
Insufficient Session Expiration in Pterodactyl API
Ecosystems: packagist
Packages: pterodactyl/panel
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1yY3J2LTIyOGMtZ3Byas0lXw
Invalid URL generation in bitlyshortener
Ecosystems: pypi
Packages: bitlyshortener
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1yOGo0LTk2bXgtcmpjY80liA
Improper Restriction of XML External Entity Reference in skylot/jadx
Ecosystems: maven
Packages: io.github.skylot:jadx-core
Source: GitHub Advisory Database
Blast Radius: 6.9
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1wbTN2LXF4ZjYtZmd4ds0ljw
Cross-site Scripting in pimcore
Ecosystems: packagist
Packages: pimcore/pimcore
Source: GitHub Advisory Database
Blast Radius: 13.4
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1tOHJwLXE4MnItYzVtZs0lmQ
Cross-site Scripting in microweber
Ecosystems: packagist
Packages: microweber/microweber
Source: GitHub Advisory Database
Blast Radius: 3.8
Published: over 2 years ago
High
GSA_kwCzR0hTQS03d3Y4LWc5N3ItNDMyaM0llg
Exposure of Sensitive Information to an Unauthorized Actor in microweber
Ecosystems: packagist
Packages: microweber/microweber
Source: GitHub Advisory Database
Blast Radius: 5.2
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS12Y2dmLXZtcGMtcGg3Oc0lmA
Microweber Incorrect Permission Assignment for Critical Resource vulnerability
Ecosystems: packagist
Packages: microweber/microweber
Source: GitHub Advisory Database
Blast Radius: 4.5
Published: over 2 years ago
High
GSA_kwCzR0hTQS1wNWhqLXh4ZnItcHdjM80lkg
Code Injection in microweber
Ecosystems: packagist
Packages: microweber/microweber
Source: GitHub Advisory Database
Blast Radius: 5.2
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1nNzZqLTRjeHgtMjNoOc0kvw
Improper Handling of Insufficient Permissions or Privileges in MySQL Connectors Java
Ecosystems: maven
Packages: mysql:mysql-connector-java
Source: GitHub Advisory Database
Blast Radius: 38.0
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS1mN3ZoLXF3cDMteDM3bc0kWQ
Deserialization of Untrusted Data in Apache Log4j
Ecosystems: maven
Packages: org.zenframework.z8.dependencies.commons:log4j-1.2.17, log4j:log4j
Source: GitHub Advisory Database
Blast Radius: 52.7
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS03bWhjLXByZ3YtcjNxNM0j-w
Access of Resource Using Incompatible Type in Hermes
Ecosystems: npm
Packages: hermes-engine
Source: GitHub Advisory Database
Blast Radius: 52.3
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS02NGc3LW12dzYtdjlxas0jWA
Improper Privilege Management in shelljs
Ecosystems: npm
Packages: shelljs
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
High
GSA_kwCzR0hTQS01aGZqLXI3MjUtd3BjNM0jVg
october/system arbitrary code execution
Ecosystems: packagist
Packages: october/system
Source: GitHub Advisory Database
Blast Radius: 22.3
Published: over 2 years ago
High
GSA_kwCzR0hTQS13djIzLXBmajctMm1qas0jVw
October/System authenticated file write leads to remote code execution
Ecosystems: packagist
Packages: october/system
Source: GitHub Advisory Database
Blast Radius: 22.3
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1taDgzLWpjdzUtcmpoOM0jUA
XML External Entity Reference in edu.stanford.nlp:stanford-corenlp
Ecosystems: maven
Packages: edu.stanford.nlp:stanford-corenlp
Source: GitHub Advisory Database
Blast Radius: 20.5
Published: over 2 years ago
High
GSA_kwCzR0hTQS01djJoLXIyY3gtNXhnas0jVA
Inefficient Regular Expression Complexity in marked
Ecosystems: npm
Packages: marked
Source: GitHub Advisory Database
Blast Radius: 42.5
Published: over 2 years ago
High
GSA_kwCzR0hTQS1ycnJtLXFqbTQtdjhoZs0jUw
Inefficient Regular Expression Complexity in marked
Ecosystems: npm
Packages: marked
Source: GitHub Advisory Database
Blast Radius: 42.5
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1jamcyLTJmamctZnBoNM0jVQ
Integer underflow in Frontier
Ecosystems: cargo
Packages: frontier
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
High
GSA_kwCzR0hTQS14aDk5LWh3N2gtd2Y2M80iuQ
Unchecked validity of Facing values in PlayerActionPacket
Ecosystems: packagist
Packages: pocketmine/pocketmine-mp
Source: GitHub Advisory Database
Blast Radius: 15.6
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1oeDdjLXFwZnEteGNycM0iuA
Cross-site Scripting in django-cms
Ecosystems: pypi
Packages: django-cms
Source: GitHub Advisory Database
Blast Radius: 17.0
Published: over 2 years ago
High
GSA_kwCzR0hTQS0yNzNyLW1ncjQtdjM0Zs0ieg
Uncaught Exception in engine.io
Ecosystems: npm
Packages: engine.io
Source: GitHub Advisory Database
Blast Radius: 45.6
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1tNnc4LWZxN3YtcGg0bc0h8A
GovernorCompatibilityBravo incorrect ABI encoding may lead to unexpected behavior
Ecosystems: npm
Packages: @openzeppelin/contracts-upgradeable, @openzeppelin/contracts
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
High
GSA_kwCzR0hTQS03cDhmLThoam0td205Ms0h7w
Lookup operations do not take into account wildcards in SpiceDB
Ecosystems: go
Packages: github.com/authzed/spicedb
Source: GitHub Advisory Database
Blast Radius: 10.0
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS1xNGo3LXYyN3ItZmdjeM0h4w
Prototype Pollution in realms-shim
Ecosystems: npm
Packages: realms-shim
Source: GitHub Advisory Database
Blast Radius: 17.6
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS04NXJxLWhwOHgtZ2hqcc0imA
Cross-Site Request Forgery in Jenkins Mailer Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:mailer
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS12cXdnLTR2NmYtaDZ4Nc0ilw
Stored XSS vulnerability in Matrix Project Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:matrix-project
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS01NTh4LWg3cmctOTk3ds0imQ
Incorrect Permission Assignment for Critical Resource in Jenkins Mailer Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:mailer
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
High
GSA_kwCzR0hTQS1qcHhqLXZncTUtcHJqY80ilQ
OS command execution vulnerability in Jenkins Docker Commons Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:docker-commons
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1ncW0yLTJnY3gtcDg4d80ilg
Incorrect Permission Assignment for Critical Resource in Jenkins Credentials Binding Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:credentials
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS13Mm1oLTZ4ajUtZjc3Zs0ilA
Incorrect Permission Assignment for Critical Resource in Jenkins Bitbucket Branch Source Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:cloudbees-bitbucket-branch-source
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
High
GSA_kwCzR0hTQS13NGp2LTZyZzQtcHI0bc0ikQ
Cross-Site Request Forgery in Jenkins Bitbucket Branch Source Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:cloudbees-bitbucket-branch-source
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS05d3hoLWpqajUtNjdjds0ikA
Missing permission checks in SSH Agent Plugin allow enumerating credentials IDs
Ecosystems: maven
Packages: org.jenkins-ci.plugins:ssh-agent
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1nZzltLXgzY2ctNjl2aM0ijw
Access key stored in plain text by Jenkins Metrics Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:metrics
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1jOGNjLWhqNTctdm02Nc0ijg
User passwords transmitted in plain text by Jenkins Active Directory Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:active-directory
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1oNng3LWpxNDYtZnAzM80ijA
Improper credentials masking in Jenkins HashiCorp Vault Plugin
Ecosystems: maven
Packages: com.datapipe.jenkins.plugins:hashicorp-vault-plugin
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1manBtLWhmN2MteGdjMs0iiw
Stored XSS vulnerability in Jenkins Publish Over SSH Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:publish-over-ssh
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS01cXg1LXZnNXctNW14M80iiQ
Stored XSS vulnerability in Jenkins Badge Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:badge
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS12YzRyLWo4ajYtM2ZwNs0ikg
Missing permission check in Jenkins Publish Over SSH Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:publish-over-ssh
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS04ODRjLTl3d2gtOXA2ds0iig
CSRF vulnerability and missing permission checks in Jenkins Publish Over SSH Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:publish-over-ssh
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1jdzY4LXhtbTQtYzgzcs0ihw
Agent-to-controller security bypass in Jenkins Conjur Secrets Plugin allows retrieving all credentials
Ecosystems: maven
Packages: org.conjur.jenkins:conjur-credentials
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1qOHJnLTRoam0tOHI5Nc0ihQ
Path traversal vulnerability in Jenkins Publish Over SSH Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:publish-over-ssh
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1taDhnLThqd3AtcTZ4d80iiA
CSRF vulnerability in Jenkins batch task Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:batch-task
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Low
GSA_kwCzR0hTQS1yM3JyLXdwaDYtOTYzOM0ihg
Password stored in plain text by Jenkins Publish Over SSH Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:publish-over-ssh
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
High
GSA_kwCzR0hTQS04eGpwLXJwMjktdjVqOM0igw
Agent-to-controller security bypass in Jenkins Debian Package Builder Plugin
Ecosystems: maven
Packages: ru.yandex.jenkins.plugins.debuilder:debian-package-builder
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1nN2Z4LW1tamMtcjdnds0ihA
Agent-to-controller security bypass in Jenkins Conjur Secrets Plugin allows decrypting secrets
Ecosystems: maven
Packages: org.conjur.jenkins:conjur-credentials
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS02Z2YyLXB2cXctMzdwaM0h5Q
Log entry injection in Spring Framework
Ecosystems: maven
Packages: org.springframework:spring-core
Source: GitHub Advisory Database
Blast Radius: 22.4
Published: over 2 years ago
High
GSA_kwCzR0hTQS1nam01LTgzY3ctcDNwMs0h4g
Prototype Pollution in extend2
Ecosystems: npm
Packages: extend2
Source: GitHub Advisory Database
Blast Radius: 24.1
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS1wd203LXFyNmotM3ZqZ80h4Q
Prototype Pollution in realms-shim
Ecosystems: npm
Packages: realms-shim
Source: GitHub Advisory Database
Blast Radius: 17.6
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS04cXZ4LWY1Z2YtZzQzds0hYQ
Logic error in dolibarr
Ecosystems: packagist
Packages: dolibarr/dolibarr
Source: GitHub Advisory Database
Blast Radius: 3.3
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS12cDV4LTN2OHItcXByd80hYA
Deserialization of Untrusted Data in Dubbo
Ecosystems: maven
Packages: org.apache.dubbo:dubbo
Source: GitHub Advisory Database
Blast Radius: 34.4
Published: over 2 years ago
High
GSA_kwCzR0hTQS03NGZqLTJqMmgtYzQycc0hVA
Exposure of sensitive information in follow-redirects
Ecosystems: npm
Packages: follow-redirects
Source: GitHub Advisory Database
Blast Radius: 50.4
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS03dzU0LWdwOHgtZjMzbc0hUQ
Potential exposure of tokens to an Unauthorized Actor
Ecosystems: npm
Packages: @replit/crosis
Source: GitHub Advisory Database
Blast Radius: 6.8
Published: over 2 years ago
High
GSA_kwCzR0hTQS00aDljLXY1dmctNW02bc0hUA
Access to restricted PHP code by dynamic static class access in smarty
Ecosystems: packagist
Packages: smarty/smarty
Source: GitHub Advisory Database
Blast Radius: 29.7
Published: over 2 years ago
High
GSA_kwCzR0hTQS0yOWdwLTJjM20tM2o2bc0hTw
Sandbox Escape by math function in smarty
Ecosystems: packagist
Packages: smarty/smarty
Source: GitHub Advisory Database
Blast Radius: 27.3
Published: over 2 years ago
High
GSA_kwCzR0hTQS1tN3ZwLWhxd3YtN201eM0hTg
Unbounded memory usage on exposed HTTP/2 (non-gRPC) endpoints
Ecosystems: go
Packages: github.com/spiffe/spire
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
High
GSA_kwCzR0hTQS1xYzl4LWdqY3YtNDY1d80hTQ
Pipenv's requirements.txt parsing allows malicious index url in comments
Ecosystems: pypi
Packages: pipenv
Source: GitHub Advisory Database
Blast Radius: 32.3
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS02dmZjLXF2M2YtdnI2Y80hTA
Uncontrolled Resource Consumption in markdown-it
Ecosystems: npm
Packages: markdown-it
Source: GitHub Advisory Database
Blast Radius: 28.2
Published: over 2 years ago
High
GSA_kwCzR0hTQS1ocmd4LTdqNnYteGo4Ms0hSw
Reflected cross-site scripting (XSS) vulnerability
Ecosystems: npm
Packages: @keystone-next/auth, @keystone-6/auth
Source: GitHub Advisory Database
Blast Radius: 16.1
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1ycmd3LTNoZzMtOXg4Y80hSg
XSS vulnerability in translations
Ecosystems: packagist
Packages: oro/platform
Source: GitHub Advisory Database
Blast Radius: 15.0
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS0ydzhnLW01ajgtN204N80hSQ
Zalgo-like output that crashes the server
Ecosystems: npm
Packages: @soketi/soketi
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1wdzNjLWg3d3AtY3ZoeM0hfQ
Improper Initialization in Pillow
Ecosystems: pypi
Packages: Pillow
Source: GitHub Advisory Database
Blast Radius: 32.2
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS14cmN2LWY5Z20tdjQyY80hew
Out-of-bounds Read in Pillow
Ecosystems: pypi
Packages: Pillow
Source: GitHub Advisory Database
Blast Radius: 32.2
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS04dmoyLXZ4eDMtNjY3d80hfA
Arbitrary expression injection in Pillow
Ecosystems: pypi
Packages: Pillow
Source: GitHub Advisory Database
Blast Radius: 48.5
Published: over 2 years ago
High
GSA_kwCzR0hTQS1yNDc4LWMycGMtbTdneM0hcQ
DNS reply verification issue in dnslinb
Ecosystems: pypi
Packages: dnslib
Source: GitHub Advisory Database
Blast Radius: 20.1
Published: over 2 years ago
High
GSA_kwCzR0hTQS04YzVqLTlyOWYtYzZ3OM0g8Q
Information disclosure in Django
Ecosystems: pypi
Packages: Django
Source: GitHub Advisory Database
Blast Radius: 38.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1qcmgyLWhjNHItN2p3eM0g8w
Directory-traversal in Django
Ecosystems: pypi
Packages: Django
Source: GitHub Advisory Database
Blast Radius: 26.8
Published: over 2 years ago
High
GSA_kwCzR0hTQS01M3F3LXE3NjUtNGZ3d80g9Q
Denial-of-service in Django
Ecosystems: pypi
Packages: Django
Source: GitHub Advisory Database
Blast Radius: 38.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS05aGczLWhtbWYtYzNncs0hhg
Path Traversal in nemo-toolkit
Ecosystems: pypi
Packages: nemo-toolkit
Source: GitHub Advisory Database
Blast Radius: 6.3
Published: over 2 years ago
High
GSA_kwCzR0hTQS01cnFnLWptNGYtY3F4N80hSA
Infinite loop causing Denial of Service in colors
Ecosystems: npm
Packages: Colors
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS0zcXA2LW03aHAtanJ3Zs0hKw
Cross-site Scripting in Apache Pluto
Ecosystems: maven
Packages: org.apache.portals.pluto:pluto-portal
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS14NTg4LWczOGotZjY3Ms0hLg
Cross-site Scripting in Apache Pluto
Ecosystems: maven
Packages: org.apache.portals.pluto:pluto-portal
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1qZzZqLWpyeHYtMmhoOc0hLA
Cross-site Scripting in Apache Pluto
Ecosystems: maven
Packages: org.apache.portals.pluto:pluto-portal
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1oM3ZxLXd2OGotMzZnd80hOQ
Cross-site Scripting in Scratch-Svg-Renderer
Ecosystems: npm
Packages: scratch-svg-renderer
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
High
GSA_kwCzR0hTQS1tZ3BmLWhoZ2YtY3hnNM0hGQ
In Apache Kylin, Cross-origin requests with credentials are allowed to be sent from any origin.
Ecosystems: maven
Packages: org.apache.kylin:kylin
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
High
GSA_kwCzR0hTQS05Zmo1LWpnNmYtcWc1cs0hGA
Use of Hard-coded Credentials in Apache Kylin
Ecosystems: maven
Packages: org.apache.kylin:kylin
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS01NDI5LXBqd3ctNzY3Nc0hHA
SQL Injection in Apache Kylin
Ecosystems: maven
Packages: org.apache.kylin:kylin
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS13cng3LXFnbWotbWYycc0hHg
Server-Side Request Forgery in Apache Kylin
Ecosystems: maven
Packages: org.apache.kylin:kylin
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1xNjU2LWcyeDMtOGNnaM0hHQ
Kylin can receive user input and load any class through Class.forName(...).
Ecosystems: maven
Packages: org.apache.kylin:kylin
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1odzNtLThoMjUtOGZyd80hKA
Command Injection in Apache Kylin
Ecosystems: maven
Packages: org.apache.kylin:kylin
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1mcWd3LTZxajUtOGhtcM0gyA
Infinite Loop in Apache James
Ecosystems: maven
Packages: org.apache.james:james-server
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS04NHdnLXJncDgtMmhnNM0gxA
Command Injection in Apache James
Ecosystems: maven
Packages: org.apache.james:james-server
Source: GitHub Advisory Database
Blast Radius: 6.9
Published: over 2 years ago
High
GSA_kwCzR0hTQS1yNTh4LXdqZzgtNjNtOc0g1Q
Denial of Service in Apache James
Ecosystems: maven
Packages: org.apache.james:james-server
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
High
GSA_kwCzR0hTQS04Njh4LXJnNGMtY2pxZ80hDQ
Allocation of Resources Without Limits or Throttling in Apache Avro
Ecosystems: nuget
Packages: Apache.Avro
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
High
GSA_kwCzR0hTQS14aHc2LWhqYzktNjc5bc0hGg
Pac4j token validation bypass if OpenID Connect provider supports none algorithm
Ecosystems: maven
Packages: org.pac4j:pac4j-oidc
Source: GitHub Advisory Database
Blast Radius: 17.8
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1naGhtLXhyd3AtNzVtOc0hCw
bookstack is vulnerable to Improper Access Control
Ecosystems: packagist
Packages: ssddanbrown/bookstack
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1qcjM3LTY2cGotMzZ2N80g8A
Cross-site Scripting in DayByDay CRM
Ecosystems: packagist
Packages: bottelet/flarepoint
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS00NGd2LWZnY2otdzU0Ns0g7w
Missing Authorization in DayByDay CRM
Ecosystems: packagist
Packages: bottelet/flarepoint
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1mcnhwLXh4eDgtaHJnNs0g7A
Missing Authorization in DayByDay CRM
Ecosystems: packagist
Packages: bottelet/flarepoint
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
High
GSA_kwCzR0hTQS05NnY2LWhyd2ctcDM3OM0g6g
Weak Password Requirements in Daybyday CRM
Ecosystems: packagist
Packages: bottelet/flarepoint
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
High
GSA_kwCzR0hTQS13NnJwLTR2ajctdjJtOM0g9g
Missing Authorization in DayByDay CRM
Ecosystems: packagist
Packages: bottelet/flarepoint
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
High
GSA_kwCzR0hTQS04NmNoLTZ3N3YtdjZ4Zs0hRQ
Denial of Service in soketi
Ecosystems: npm
Packages: @soketi/soketi
Source: GitHub Advisory Database
Blast Radius: 5.8
Published: over 2 years ago
Low
GSA_kwCzR0hTQS01cnJxLXB4ZjYtNmp4Nc0hQg
Prototype Pollution in node-forge debug API.
Ecosystems: npm
Packages: node-forge
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
Low
GSA_kwCzR0hTQS13eGd3LXFqOTktNDRjMs0hQQ
Prototype Pollution in node-forge util.setPath API
Ecosystems: npm
Packages: node-forge
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
Low
GSA_kwCzR0hTQS1nZjhxLWpycG0tanZ4cc0hQA
URL parsing in node-forge could lead to undesired behavior.
Ecosystems: npm
Packages: node-forge
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
Low
GSA_kwCzR0hTQS1mOWpnLThwMzItMmY1Nc0hRw
kubectl ANSI escape characters not filtered
Ecosystems: go
Packages: k8s.io/kubernetes
Source: GitHub Advisory Database
Blast Radius: 12.9
Published: over 2 years ago
High
GSA_kwCzR0hTQS12MzYyLTI4OTUtaDlyMs0egQ
Use After Free in lru
Ecosystems: cargo
Packages: lru
Source: GitHub Advisory Database
Blast Radius: 28.1
Published: over 2 years ago
High
GSA_kwCzR0hTQS13cnZ3LWhnMjItNG02N80hQw
A potential Denial of Service issue in protobuf-java
Ecosystems: maven, rubygems
Packages: com.google.protobuf:protobuf-kotlin, com.google.protobuf:protobuf-java, google-protobuf
Source: GitHub Advisory Database
Blast Radius: 61.8
Published: over 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTU2Nm0tcWo3OC1yd3c1
Regular Expression Denial of Service in postcss
Ecosystems: npm
Packages: postcss
Source: GitHub Advisory Database
Blast Radius: 34.8
Published: over 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTMyNjkteDRwdy12ZmZn
OS Command Injection in diskusage-ng
Ecosystems: npm
Packages: diskusage-ng
Source: GitHub Advisory Database
Blast Radius: 25.8
Published: over 2 years ago
Statistics
Advisories: 18,774
Packages: 8,381
Repositories: 5,080
Ecosystems: 12
Filter by Severity
Moderate 8,161 High 6,452 Critical 2,849 Low 1,017
Filter by Ecosystem
maven 5,573 packagist 4,003 pypi 3,848 npm 3,557 go 1,935 nuget 1,421 rubygems 815 cargo 780 swift 31 hex 30 actions 16 pub 8
Filter by Package
tensorflow 432 tensorflow-cpu 387 tensorflow-gpu 384 moodle/moodle 323 Microsoft.ChakraCore 247 magento/community-edition 203 org.jenkins-ci.main:jenkins-core 189 org.apache.tomcat:tomcat 134 pimcore/pimcore 116 dolibarr/dolibarr 107 typo3/cms 102 phpmyadmin/phpmyadmin 92 microweber/microweber 91 drupal/core 90 django 80 apache-airflow 78 typo3/cms-core 77 drupal/drupal 75 thorsten/phpmyfaq 70 com.fasterxml.jackson.core:jackson-databind 69 ansible 63 github.com/usememos/memos 59 actionpack 57 org.apache.struts:struts2-core 55 librenms/librenms 54 symfony/symfony 53 salt 53 Plone 52 concrete5/concrete5 52 apache-superset 49 shopware/platform 48 org.keycloak:keycloak-core 47 nova 45 com.liferay.portal:release.portal.bom 45 github.com/grafana/grafana 44 baserproject/basercms 43 nokogiri 43 plone 43 rdiffweb 42 Pillow 41 intelliants/subrion 40 showdoc/showdoc 40 craftcms/cms 40 vyper 38 github.com/mattermost/mattermost/server/v8 38 github.com/mattermost/mattermost-server/v6 37 nilsteampassnet/teampass 37 froxlor/froxlor 37 org.apache.tomcat.embed:tomcat-embed-core 36 shopware/core 36 com.jfinal:jfinal 36 com.thoughtworks.xstream:xstream 36 matrix-synapse 35 net.mingsoft:ms-mcms 35 moin 34 github.com/answerdev/answer 34 org.xwiki.platform:xwiki-platform-oldcore 34 mlflow 33 org.elasticsearch:elasticsearch 32 org.jenkins-ci.plugins:script-security 32 snipe/snipe-it 32 silverstripe/framework 32 k8s.io/kubernetes 32 keystone 30 opencv-contrib-python 30 opencv-python 30 mautic/core 30 Django 30 github.com/argoproj/argo-cd 29 getgrav/grav 29 parse-server 29 github.com/rancher/rancher 28 github.com/hashicorp/vault 28 centreon/centreon 27 io.undertow:undertow-core 27 org.keycloak:keycloak-services 27 shopware/shopware 27 github.com/hashicorp/nomad 26 prestashop/prestashop 26 github.com/hashicorp/consul 26 openssl-src 26 electron 26 rubygems-update 25 org.keycloak:keycloak-parent 25 org.apache.solr:solr-core 25 gogs.io/gogs 24 magento/core 24 pocketmine/pocketmine-mp 23 puppet 23 org.springframework.security:spring-security-core 23 github.com/argoproj/argo-cd/v2 23 remdex/livehelperchat 23 mediawiki/core 23 org.eclipse.jetty:jetty-server 23 ckb 22 grumpydictator/firefly-iii 22 getkirby/cms 22 org.bouncycastle:bcprov-jdk14 22 org.apache.nifi:nifi 22 rack 22 org.apache.openmeetings:openmeetings-parent 21 @openzeppelin/contracts-upgradeable 21 contao/core-bundle 21 activerecord 21 github.com/docker/docker 20 @openzeppelin/contracts 20 org.cloudfoundry.identity:cloudfoundry-identity-server 20 github.com/cilium/cilium 20 github.com/ethereum/go-ethereum 20 tribalsystems/zenario 20 DotNetNuke.Core 19 code.gitea.io/gitea 19 laravel/framework 19 org.springframework:spring-core 19 Microsoft.AspNetCore.App.Runtime.win-x64 18 com.vaadin:vaadin-bom 18 Microsoft.AspNetCore.App.Runtime.win-x86 18 langchain 18 com.liferay.portal:release.dxp.bom 18 forkcms/forkcms 18 glance 18 directus 18 contao/contao 18 helm.sh/helm/v3 18 cockpit-hq/cockpit 18 simplesamlphp/simplesamlphp 18 org.apache.geode:geode-core 17 topthink/framework 17 Microsoft.AspNetCore.App.Runtime.win-arm 17 cobbler 17 genix/cms 17 symfony/security 17 org.xwiki.platform:xwiki-platform-web-templates 17 golang.org/x/net 17 francoisjacquet/rosariosis 17 PaddlePaddle 17 cakephp/cakephp 17 mercurial 17 ezsystems/ezpublish-kernel 17 Microsoft.AspNetCore.App.Runtime.osx-x64 16 org.apache.dubbo:dubbo 16 wasmtime 16 org.apache.activemq:activemq-client 16 rusqlite 16 Microsoft.AspNetCore.App.Runtime.linux-x64 16 Microsoft.AspNetCore.App.Runtime.linux-musl-x64 16 Microsoft.AspNetCore.App.Runtime.linux-arm 16 neutron 16 Microsoft.AspNetCore.App.Runtime.linux-arm64 16 sequelize 16 yetiforce/yetiforce-crm 16 org.bouncycastle:bcprov-jdk15 16 pillow 16 notebook 15 org.apache.jspwiki:jspwiki-main 15 openmage/magento-lts 15 paddlepaddle 15 next 15 github.com/goharbor/harbor 15 Microsoft.AspNetCore.App.Runtime.win-arm64 15 gradio 15 Microsoft.AspNetCore.App.Runtime.linux-musl-arm64 15 cryptography 15 org.apache.struts.xwork:xwork-core 15 org.xwiki.platform:xwiki-platform-web 14 activesupport 14 zendframework/zendframework1 14 ghost 14 ec-cube/ec-cube 14 symfony/security-http 14 smarty/smarty 14 phpmailer/phpmailer 14 tinymce 14 pyload-ng 14 github.com/containerd/containerd 14 publify_core 14 swagger-ui 14 modoboa 14 org.apache.inlong:manager-pojo 14 typo3/cms-backend 14 pyftpdlib 14 codeigniter4/framework 13 github.com/mattermost/mattermost-server 13 lavalite/cms 13 github.com/traefik/traefik/v2 13 joplin 13 elefant/cms 13 october/system 13 strapi 13 bolt/bolt 13 ckeditor4 13 passenger 13 OctoPrint 13 impresscms/impresscms 13 github.com/nats-io/nats-server/v2 13 org.apache.cxf:cxf 13 org.apache.hadoop:hadoop-main 13 actionview 12 deno 12 undici 12
Filter by Repository
https://github.com/tensorflow/tensorflow 432 https://github.com/chakra-core/ChakraCore 214 https://github.com/moodle/moodle 210 https://github.com/xwiki/xwiki-platform 172 https://github.com/jenkinsci/jenkins 148 https://github.com/pimcore/pimcore 111 https://github.com/apache/tomcat 96 https://github.com/django/django 94 https://github.com/apache/airflow 90 https://github.com/microweber/microweber 85 https://github.com/FasterXML/jackson-databind 70 https://github.com/thorsten/phpmyfaq 69 https://github.com/usememos/memos 59 https://github.com/keycloak/keycloak 59 https://github.com/Dolibarr/dolibarr 55 https://github.com/rails/rails 53 https://github.com/ansible/ansible 53 https://github.com/python-pillow/Pillow 52 https://github.com/kubernetes/kubernetes 49 https://github.com/symfony/symfony 47 https://github.com/TYPO3/typo3 46 https://github.com/librenms/librenms 46 https://github.com/apache/struts 46 https://github.com/shopware/platform 43 https://github.com/ikus060/rdiffweb 42 https://github.com/spring-projects/spring-framework 41 https://github.com/grafana/grafana 39 https://github.com/star7th/showdoc 38 https://github.com/vyperlang/vyper 38 https://github.com/phpmyadmin/phpmyadmin 38 https://github.com/plone/Products.CMFPlone 37 https://github.com/argoproj/argo-cd 37 https://github.com/x-stream/xstream 36 https://github.com/openstack/nova 36 https://github.com/concretecms/concretecms 34 https://github.com/answerdev/answer 34 https://github.com/octobercms/october 33 https://github.com/apache/activemq 33 https://github.com/saltstack/salt 32 https://github.com/sparklemotion/nokogiri 32 https://github.com/matrix-org/synapse 32 https://github.com/go-gitea/gitea 31 https://github.com/PaddlePaddle/Paddle 31 https://github.com/magento/magento2 31 https://github.com/parse-community/parse-server 29 https://github.com/craftcms/cms 29 https://github.com/mautic/mautic 28 https://github.com/opencv/opencv 28 https://github.com/CVEProject/cvelist 28 https://github.com/snipe/snipe-it 28 https://github.com/mlflow/mlflow 27 https://github.com/openstack/keystone 27 https://github.com/froxlor/froxlor 26 https://github.com/apache/inlong 26 https://github.com/electron/electron 25 https://github.com/rancher/rancher 25 https://github.com/dotnet/runtime 24 https://github.com/shopware/shopware 24 https://github.com/getgrav/grav 24 https://github.com/TYPO3/TYPO3.CMS 24 https://github.com/pmmp/PocketMine-MP 23 https://github.com/github/advisory-database 23 https://github.com/livehelperchat/livehelperchat 23 https://github.com/eclipse/jetty.project 23 https://github.com/PrestaShop/PrestaShop 22 https://github.com/baserproject/basercms 22 https://github.com/firefly-iii/firefly-iii 22 https://github.com/nervosnetwork/ckb 22 https://github.com/contao/contao 22 https://github.com/apache/nifi 21 https://github.com/jenkinsci/script-security-plugin 21 https://github.com/strapi/strapi 21 https://github.com/netty/netty 20 https://github.com/jeecgboot/jeecg-boot 20 https://github.com/OpenNMS/opennms 20 https://github.com/cilium/cilium 20 https://github.com/OpenZeppelin/openzeppelin-contracts 20 https://github.com/gogs/gogs 20 https://github.com/nilsteampassnet/teampass 19 https://github.com/hashicorp/consul 19 https://github.com/bcgit/bc-java 19 https://github.com/apache/cxf 19 https://github.com/cloudfoundry/uaa 19 https://github.com/helm/helm 19 https://github.com/intelliants/subrion 19 https://github.com/rubygems/rubygems 18 https://github.com/nilsteampassnet/TeamPass 18 https://github.com/getkirby/kirby 18 https://github.com/vaadin/platform 17 https://github.com/rack/rack 17 https://github.com/liufee/cms 17 https://github.com/directus/directus 17 https://github.com/bytecodealliance/wasmtime 17 https://github.com/rusqlite/rusqlite 16 https://github.com/yetiforcecompany/yetiforcecrm 16 https://github.com/etcd-io/etcd 16 https://github.com/opencast/opencast 16 https://github.com/sequelize/sequelize 16 https://github.com/umbraco/Umbraco-CMS 16 https://github.com/forkcms/forkcms 16 https://github.com/ethereum/go-ethereum 16 https://github.com/hashicorp/vault 16 https://github.com/centreon/centreon 15 https://github.com/simplesamlphp/simplesamlphp 15 https://github.com/laravel/framework 15 https://github.com/puppetlabs/puppet 15 https://github.com/goharbor/harbor 15 https://github.com/geoserver/geoserver 15 https://github.com/OpenMage/magento-lts 15 https://github.com/denoland/deno 15 https://github.com/apache/camel 15 https://github.com/containerd/containerd 14 https://github.com/PHPMailer/PHPMailer 14 https://github.com/mattermost/mattermost 14 https://github.com/pyca/cryptography 14 https://github.com/cockpit-hq/cockpit 14 https://github.com/langchain-ai/langchain 14 https://github.com/moby/moby 14 https://github.com/cobbler/cobbler 14 https://github.com/vantage6/vantage6 14 https://github.com/tinymce/tinymce 14 https://github.com/gradio-app/gradio 14 https://github.com/pyload/pyload 14 https://github.com/quarkusio/quarkus 13 https://github.com/traefik/traefik 13 https://github.com/golang/go 13 https://github.com/hashicorp/nomad 13 https://github.com/swagger-api/swagger-ui 13 https://github.com/silverstripe/silverstripe-framework 13 https://github.com/xuxueli/xxl-job 13 https://github.com/dromara/hutool 13 https://github.com/publify/publify 13 https://github.com/modoboa/modoboa 13 https://github.com/undertow-io/undertow 13 https://github.com/ming-soft/MCMS 13 https://github.com/dompdf/dompdf 13 https://github.com/backstage/backstage 12 https://github.com/apache/dolphinscheduler 12 https://github.com/patriksimek/vm2 12 https://github.com/laurent22/joplin 12 https://github.com/ckeditor/ckeditor4 12 https://github.com/twisted/twisted 12 https://github.com/apache/kylin 12 https://github.com/nodejs/undici 12 https://github.com/TryGhost/Ghost 12 https://github.com/centreon/centreon-archived 12 https://github.com/igniterealtime/Openfire 11 https://github.com/top-think/framework 11 https://github.com/Studio-42/elFinder 11 https://github.com/thorsten/phpMyFAQ 11 https://github.com/dotnet/aspnetcore 11 https://github.com/janeczku/calibre-web 11 https://github.com/cakephp/cakephp 11 https://github.com/openfga/openfga 11 https://github.com/drupal/core 11 https://github.com/onionshare/onionshare 11 https://github.com/puma/puma 11 https://github.com/smarty-php/smarty 11 https://github.com/vaadin/flow 11 https://github.com/1Panel-dev/1Panel 11 https://github.com/aio-libs/aiohttp 11 https://github.com/containers/podman 11 https://github.com/ezsystems/ezpublish-kernel 11 https://github.com/cloudflare/cfrpki 11 https://github.com/nats-io/nats-server 11 https://github.com/zitadel/zitadel 11 https://github.com/opencontainers/runc 11 https://github.com/NodeBB/NodeBB 11 https://github.com/urllib3/urllib3 11 https://github.com/vercel/next.js 11 https://github.com/scrapy/scrapy 11 https://github.com/dolibarr/dolibarr 10 https://github.com/jquery/jquery 10 https://github.com/jenkinsci/git-plugin 10 https://github.com/keystonejs/keystone 10 https://github.com/wagtail/wagtail 10 https://github.com/pimcore/admin-ui-classic-bundle 10 https://github.com/openstack/glance 10 https://github.com/nextauthjs/next-auth 10 https://github.com/Sylius/Sylius 10 https://github.com/codeigniter4/CodeIgniter4 10 https://github.com/dpgaspar/Flask-AppBuilder 10 https://github.com/zopefoundation/Zope 10 https://github.com/greenpau/caddy-security 10 https://github.com/phusion/passenger 10 https://github.com/jupyter/notebook 10 https://github.com/nocodb/nocodb 10 https://github.com/OPCFoundation/UA-.NETStandard 10 https://github.com/WWBN/AVideo 10 https://github.com/Pylons/waitress 9 https://github.com/Graylog2/graylog2-server 9 https://github.com/spring-projects/spring-security 9 https://github.com/neorazorx/facturascripts 9 https://github.com/apache/lucene-solr 9 https://github.com/funadmin/funadmin 9 https://github.com/nautobot/nautobot 9 https://github.com/DSpace/DSpace 9 https://github.com/faucetsdn/ryu 9 https://github.com/semplon/GeniXCMS 9