Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories

Browse all Security Advisories for

Loading...
High
GSA_kwCzR0hTQS1mcDVyLXYzdzktNDMzM80bRA
JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data
Ecosystems: maven
Packages: org.zenframework.z8.dependencies.commons:log4j-1.2.17, log4j:log4j
Source: GitHub Advisory Database
Blast Radius: 40.3
Published: almost 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW03Mm0tbWhxMi05cDZj
Uncaught Exception in jsoup
Ecosystems: maven
Packages: org.jsoup:jsoup
Source: GitHub Advisory Database
Blast Radius: 36.1
Published: about 3 years ago
High
GSA_kwCzR0hTQS1mdnhmLXI5ZnctNDlwY84AArtW
Incorrect Implementation of Authentication Algorithm in OPCFoundation.NetStandard.Opc.Ua.Core
Ecosystems: nuget
Packages: OPCFoundation.NetStandard.Opc.Ua.Core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXg1NHYtcXh4ci05M3Fj
Missing release of memory in sized-chunks
Ecosystems: cargo
Packages: sized-chunks
Source: GitHub Advisory Database
Blast Radius: 26.3
Published: about 3 years ago
High
GSA_kwCzR0hTQS1qaGpoLTc3Nm0tNDc2Nc4AAujv
Denial of service due to incorrect application of event authorization rules
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 10.6
Published: about 2 years ago
High
GSA_kwCzR0hTQS1jOGZqLTRwbTgtbXAyY84AAui6
Broken Authorization in ZITADEL Actions
Ecosystems: go
Packages: github.com/zitadel/zitadel
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS02cTMyLWhxNDctNXFxM84AA_QF
@actions/artifact has an Arbitrary File Write via artifact extraction
Ecosystems: npm
Packages: @actions/artifact
Source: GitHub Advisory Database
Blast Radius: 19.5
Published: 17 days ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZmajYtMjc1cS00cHZt
graphite.composer.views.send_email vulnerable to SSRF
Ecosystems: pypi
Packages: graphite-web
Source: GitHub Advisory Database
Blast Radius: 12.0
Published: almost 5 years ago
High
GSA_kwCzR0hTQS0yNmNtLXFyYzYtbWZnas0W0A
Improper Neutralization of Special Elements used in an LDAP Query in stevenweathers/thunderdome-planning-poker
Ecosystems: go
Packages: github.com/stevenweathers/thunderdome-planning-poker
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 3 years ago
High
GSA_kwCzR0hTQS1xbWhqLW0yOXYtZ3Ztcs4AAuFg
Bots using py-cord as Discord API wrapper are vulnerable to shutdowns through remote code execution
Ecosystems: pypi
Packages: py-cord
Source: GitHub Advisory Database
Blast Radius: 21.3
Published: about 2 years ago
High
GSA_kwCzR0hTQS14NHI3LW0ycTktNjljOM0W6g
GraphiQL introspection schema template injection attack
Ecosystems: npm
Packages: graphiql
Source: GitHub Advisory Database
Blast Radius: 26.0
Published: almost 3 years ago
High
GSA_kwCzR0hTQS1jeHd3LTdnNTYtMnZoNs4AA_QJ
@actions/download-artifact has an Arbitrary File Write via artifact extraction
Ecosystems: actions
Packages: actions/download-artifact
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 17 days ago
High
GSA_kwCzR0hTQS12eDc3LTVwZjQtYzl3cs1-bA
CherryPy Directory traversal vulnerability
Ecosystems: pypi
Packages: cherrypy
Source: GitHub Advisory Database
Blast Radius: 26.0
Published: over 2 years ago
High
GSA_kwCzR0hTQS0zNjJ2LXdnNXAtNjR3Ms0Wgw
Incorrect Privilege Assignment in HashiCorp Vault
Ecosystems: go
Packages: github.com/hashicorp/vault
Source: GitHub Advisory Database
Blast Radius: 27.3
Published: almost 3 years ago
High
GSA_kwCzR0hTQS1wN3I4LTd3ODctOGc0Ns4AA9J9
Dolibarr arbitrary file upload vulnerability
Ecosystems: packagist
Packages: dolibarr/dolibarr
Source: GitHub Advisory Database
Blast Radius: 6.8
Published: 3 months ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXc2NGMtcHhqai1oODY2
Ansible does not verify that the server hostname matches a domain name in certificates
Ecosystems: pypi
Packages: ansible
Source: GitHub Advisory Database
Blast Radius: 31.3
Published: almost 6 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXhmaGgtZzlmNS14NG00
Resource exhaustion in socket.io-parser
Ecosystems: npm
Packages: socket.io-parser
Source: GitHub Advisory Database
Blast Radius: 45.8
Published: about 3 years ago
High
GSA_kwCzR0hTQS14eGMyLWo3amotNmc1bc4AAtzF
Raneto Denial of Service via crafted payload injected into `Search` parameter
Ecosystems: npm
Packages: raneto
Source: GitHub Advisory Database
Blast Radius: 8.1
Published: about 2 years ago
High
GSA_kwCzR0hTQS1wY2poLTZyNWgtcjkycs4AAt8D
django-sendfile2 before 0.7.0 contains reflected file download vulnerability
Ecosystems: pypi
Packages: django-sendfile2
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS1nbXBxLXhyeGoteGg4bc4AAv0j
Arches vulnerable to execution of arbitrary SQL
Ecosystems: pypi
Packages: arches
Source: GitHub Advisory Database
Blast Radius: 2.6
Published: almost 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTdwcmYtdnc0cC1xcjU5
Prototype pollution in supermixer
Ecosystems: npm
Packages: supermixer
Source: GitHub Advisory Database
Blast Radius: 10.7
Published: almost 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTc2OWYtNTM5di1mNWpn
PrestaShop gamification module ZIP archives were vulnerable from CVE-2017-9841
Ecosystems: packagist
Packages: prestashop/gamification
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 4 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTlnd3gtOWN3cC01YzJt
Billion laughs attack (XML bomb)
Ecosystems: maven
Packages: org.opencastproject:opencast-kernel
Source: GitHub Advisory Database
Blast Radius: 12.4
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWpwNDYtZnc2Yy0zcG05
Directory Traversal in scott-blanch-weather-app
Ecosystems: npm
Packages: scott-blanch-weather-app
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 4 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTRtOXItNWdxcC03ajgy
High severity vulnerability that affects org.dspace:dspace-xmlui
Ecosystems: maven
Packages: org.dspace:dspace-xmlui
Source: GitHub Advisory Database
Blast Radius: 15.4
Published: almost 6 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWZtcXctdnFoNS1jd3E5
Apache NiFi user log out issue
Ecosystems: maven
Packages: org.apache.nifi:nifi-web-api, org.apache.nifi:nifi-web-security
Source: GitHub Advisory Database
Blast Radius: 16.3
Published: almost 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXcyMjItNTNjNi1jODZw
Remote Code Execution in electron
Ecosystems: npm
Packages: electron
Source: GitHub Advisory Database
Blast Radius: 43.7
Published: over 6 years ago
High
GSA_kwCzR0hTQS12OXF2LWM3d20td2dtZs4AA85E
Composer has multiple command injections via malicious git/hg branch names
Ecosystems: packagist
Packages: composer/composer
Source: GitHub Advisory Database
Blast Radius: 40.0
Published: 3 months ago
High
GSA_kwCzR0hTQS1jNTd2LTR2ZzUtY20yeM4AA5I5
Apache Pulsar SASL Authentication Provider observable timing discrepancy vulnerability
Ecosystems: maven
Packages: org.apache.pulsar:pulsar-broker-auth-sasl
Source: GitHub Advisory Database
Blast Radius: 7.1
Published: 8 months ago
High
GSA_kwCzR0hTQS0zNm1qLTZyN3ItbXFoZs0WCg
User can obtain JWT token even if account is disabled
Ecosystems: packagist
Packages: ezsystems/ezplatform-rest
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 3 years ago
High
GSA_kwCzR0hTQS02OTU1LTY3aG0tdmpqcc4AAt2o
Drupal core arbitrary PHP code execution
Ecosystems: packagist
Packages: drupal/core
Source: GitHub Advisory Database
Blast Radius: 26.8
Published: about 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXBwNzQtMzl3Mi12NHc5
Permissions bypass in pleaser
Ecosystems: cargo
Packages: pleaser
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 3 years ago
High
GSA_kwCzR0hTQS14aDN2LTZmOWotd3h3M84AAt2d
Drupal core Information Disclosure vulnerability
Ecosystems: packagist
Packages: drupal/core
Source: GitHub Advisory Database
Blast Radius: 27.9
Published: about 2 years ago
High
GSA_kwCzR0hTQS04Y3c5LTVobXYtNzd3Ns4AAt2Z
sanic vulnerable to Path Traversal when using `app.static` if using encoded `%2F` URLs
Ecosystems: pypi
Packages: sanic
Source: GitHub Advisory Database
Blast Radius: 29.1
Published: about 2 years ago
High
GSA_kwCzR0hTQS1janc0LTJ3OXItcjhtds4AAinR
Missing Initialization of Resource in Apache Arrow
Ecosystems: pypi, rubygems
Packages: pyarrow, red-arrow
Source: GitHub Advisory Database
Blast Radius: 49.0
Published: over 2 years ago
High
GSA_kwCzR0hTQS1jcGN4LXIyZ3EteDg5M84AA9Nu
LocalAI path traversal vulnerability
Ecosystems: go
Packages: github.com/go-skynet/LocalAI
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTVwbTgtNDkyYy05MnA1
Prototype Pollution in chartkick
Ecosystems: npm, rubygems
Packages: chartkick
Source: GitHub Advisory Database
Blast Radius: 52.1
Published: almost 5 years ago
High
GSA_kwCzR0hTQS00cng2LWc1dmctNWYzas4AAtvP
Juniper is vulnerable to @DOS GraphQL Nested Fragments overflow
Ecosystems: cargo
Packages: juniper
Source: GitHub Advisory Database
Blast Radius: 18.2
Published: about 2 years ago
High
GSA_kwCzR0hTQS14MzRqLXd4cTgtN3Zjbc4AAb4d
Umbraco CMS vulnerable to CSRF
Ecosystems: nuget
Packages: Umbraco.CMS
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
High
GSA_kwCzR0hTQS14dzM1LXJyY3AtZzd4bc4AA-Az
Woodpecker's custom workspace allow to overwrite plugin entrypoint executable
Ecosystems: go
Packages: go.woodpecker-ci.org/woodpecker, go.woodpecker-ci.org/woodpecker/v2
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 2 months ago
High
GSA_kwCzR0hTQS13M2o2LThqMzQtcTQzeM4AAf7B
Apache Libcloud does not verify SSL certificates for HTTPS connections
Ecosystems: pypi
Packages: apache-libcloud
Source: GitHub Advisory Database
Blast Radius: 24.9
Published: over 2 years ago
High
GSA_kwCzR0hTQS1oaHBnLXY2M3Atd3A3d84AA-AC
TorchServe gRPC Port Exposure
Ecosystems: pypi
Packages: torchserve
Source: GitHub Advisory Database
Blast Radius: 17.0
Published: 2 months ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTIzd2MtdjRtZi14N3Y0
Directory Traversal in intsol-package
Ecosystems: npm
Packages: intsol-package
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 6 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTRmNjgtNDlxcS1oMzky
Improper certificate validation in em-imap
Ecosystems: rubygems
Packages: em-imap
Source: GitHub Advisory Database
Blast Radius: 5.8
Published: over 3 years ago
High
GSA_kwCzR0hTQS00ZzYzLWM2NG0tMjV3Oc4AAtkM
OpenZeppelin Contracts's SignatureChecker may revert on invalid EIP-1271 signers
Ecosystems: npm
Packages: @openzeppelin/contracts-upgradeable, @openzeppelin/contracts
Source: GitHub Advisory Database
Blast Radius: 34.1
Published: about 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJmNGotajI3Mi1majg2
Django vulnerable to information leakage in AuthenticationForm
Ecosystems: pypi
Packages: Django, django
Source: GitHub Advisory Database
Blast Radius: 38.0
Published: almost 6 years ago
High
GSA_kwCzR0hTQS1qOG1nLXBxYzUteDlnas4AA8rn
MLFlow unsafe deserialization
Ecosystems: pypi
Packages: mlflow
Source: GitHub Advisory Database
Blast Radius: 32.6
Published: 4 months ago
High
GSA_kwCzR0hTQS1jNW1qLTM5Y2YtM3BwNc4AA8zF
TYPO3 Security Misconfiguration for Backend User Accounts
Ecosystems: packagist
Packages: typo3/cms
Source: GitHub Advisory Database
Blast Radius: 19.1
Published: 4 months ago
High
GSA_kwCzR0hTQS0yd21qLTQ2cmotcW0yd84AA3az
ZITADEL Account Takeover via Malicious Host Header Injection
Ecosystems: go
Packages: github.com/zitadel/zitadel
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 10 months ago
High
GSA_kwCzR0hTQS1jcjNmLXIyNGotM2Nod80WIw
Cobbler before 3.3.0 allows authorization bypass for modification of settings.
Ecosystems: pypi
Packages: cobbler
Source: GitHub Advisory Database
Blast Radius: 7.8
Published: almost 3 years ago
High
GSA_kwCzR0hTQS14M3YzLTh4ZzgtOHY3Ms4AA34P
Sentry's Astro SDK vulnerable to ReDoS
Ecosystems: npm
Packages: @sentry/astro
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 9 months ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWpqZ3ctamYzMy03Zmc5
Directory Traversal in mfrs
Ecosystems: npm
Packages: mfrs
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 4 years ago
High
GSA_kwCzR0hTQS00aHE4LWpncjgtbXc5as4AAtbw
grunt-util-property 0.0.2 function call can add/modify properties of Object.prototype using a __proto__ payload
Ecosystems: npm
Packages: grunt-util-property
Source: GitHub Advisory Database
Blast Radius: 12.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS03cDhqLXF2NngtZjRnNM4AA8rh
MLFlow unsafe deserialization
Ecosystems: pypi
Packages: mlflow
Source: GitHub Advisory Database
Blast Radius: 32.6
Published: 4 months ago
High
GSA_kwCzR0hTQS00M2M0LTlxZ2oteDc0Ms4AA8re
MLFlow unsafe deserialization
Ecosystems: pypi
Packages: mlflow
Source: GitHub Advisory Database
Blast Radius: 32.6
Published: 4 months ago
High
GSA_kwCzR0hTQS01Z2dyLW1wZ3ctM21neM4AAQY4
Improper Input Validation in Apache Struts
Ecosystems: maven
Packages: org.apache.struts:struts-core
Source: GitHub Advisory Database
Blast Radius: 23.0
Published: over 2 years ago
High
GSA_kwCzR0hTQS1jdjZjLTc5NjMtd3hjZ84AA8rv
MLFlow unsafe deserialization
Ecosystems: pypi
Packages: mlflow
Source: GitHub Advisory Database
Blast Radius: 32.6
Published: 4 months ago
High
GSA_kwCzR0hTQS0zZjk1LXI0NHYtOG1yZ80ySg
Command injection in simple-git
Ecosystems: npm
Packages: simple-git
Source: GitHub Advisory Database
Blast Radius: 40.3
Published: over 2 years ago
High
GSA_kwCzR0hTQS05OWo3LW1oZmgtdzg0cM4AAtgn
Slack Morphism for Rust before 0.41.0 can leak Slack OAuth client information in application debug logs
Ecosystems: cargo
Packages: slack-morphism
Source: GitHub Advisory Database
Blast Radius: 6.8
Published: about 2 years ago
High
GSA_kwCzR0hTQS01cjNxLTkzcTMtZjk3OM4AA37c
MLflow Path Traversal Vulnerability
Ecosystems: pypi
Packages: mlflow
Source: GitHub Advisory Database
Blast Radius: 27.8
Published: 9 months ago
High
GSA_kwCzR0hTQS13djhxLTRmODUtMnA4cM4AA37f
MLflow Path Traversal Vulnerability
Ecosystems: pypi
Packages: mlflow
Source: GitHub Advisory Database
Blast Radius: 32.6
Published: 9 months ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTM0anEtNTQ4eC1tMng5
Improper Resource Shutdown or Release in TYPO3 extension
Ecosystems: packagist
Packages: webcoast/deferred-image-processing
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 3 years ago
High
GSA_kwCzR0hTQS04NzNxLXdwcXIteGZnd84AAd8X
Bottle does not properly limit content-types
Ecosystems: pypi
Packages: bottle
Source: GitHub Advisory Database
Blast Radius: 39.2
Published: over 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXE4ajYtcHdxeC1wbTk2
Insecure template handling in Squirrelly
Ecosystems: npm
Packages: squirrelly
Source: GitHub Advisory Database
Blast Radius: 21.9
Published: over 3 years ago
High
GSA_kwCzR0hTQS14djU5LWdjM3ItcmY5Ms4AAtHT
Insufficient Session Expiration in Nakama
Ecosystems: go
Packages: github.com/heroiclabs/nakama
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: about 2 years ago
High
GSA_kwCzR0hTQS0zMzlxLTYyd20tYzM5d84AAtaB
Undertow vulnerable to Denial of Service (DoS) attacks
Ecosystems: maven
Packages: io.undertow:undertow-core
Source: GitHub Advisory Database
Blast Radius: 27.9
Published: about 2 years ago
High
GSA_kwCzR0hTQS1wbXY5LTN4cXAtOHc0Ms4AA_rJ
Mesop has a local file Inclusion via static file serving functionality
Ecosystems: pypi
Packages: mesop
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 2 days ago
High
GSA_kwCzR0hTQS1yOG0yLTR4MzctNjU5Ms4AAuzv
.NET Denial of Service Vulnerability
Ecosystems: nuget
Packages: Microsoft.AspNetCore.App.Runtime.win-x86, Microsoft.AspNetCore.App.Runtime.win-x64, Microsoft.AspNetCore.App.Runtime.win-arm64, Microsoft.AspNetCore.App.Runtime.win-arm, Microsoft.AspNetCore.App.Runtime.osx-x64, Microsoft.AspNetCore.App.Runtime.osx-arm64, Microsoft.AspNetCore.App.Runtime.linux-x64, Microsoft.AspNetCore.App.Runtime.linux-musl-x64, Microsoft.AspNetCore.App.Runtime.linux-musl-arm64, Microsoft.AspNetCore.App.Runtime.linux-musl-arm, Microsoft.AspNetCore.App.Runtime.linux-arm64, Microsoft.AspNetCore.App.Runtime.linux-arm
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS1jdjR4LTlmMzQtOHJwOc4AA3ae
Jenkins MATLAB Plugin missing permission checks
Ecosystems: maven
Packages: org.jenkins-ci.plugins:matlab
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 10 months ago
High
GSA_kwCzR0hTQS1oaDk1LTV4bTUtdjh2N84AA8zA
TYPO3 CMS Possible Insecure Deserialization in Extbase Request Handling
Ecosystems: packagist
Packages: typo3/cms
Source: GitHub Advisory Database
Blast Radius: 21.1
Published: 4 months ago
High
GSA_kwCzR0hTQS13ZjV4LWNyM3IteHI3N84AAtYt
vm2 before 3.6.11 vulnerable to sandbox escape
Ecosystems: npm
Packages: vm2
Source: GitHub Advisory Database
Blast Radius: 39.2
Published: about 2 years ago
High
GSA_kwCzR0hTQS05eGc3LWdnOW0tcm1xOc3JJQ
Django Admin Media Handler Vulnerable to Directory Traversal
Ecosystems: pypi
Packages: Django
Source: GitHub Advisory Database
Blast Radius: 38.0
Published: over 2 years ago
High
GSA_kwCzR0hTQS0yY3Y2LTY0MzctMzlwMs0yfQ
Cross-site Scripting in microweber
Ecosystems: packagist
Packages: microweber/microweber
Source: GitHub Advisory Database
Blast Radius: 3.4
Published: over 2 years ago
High
GSA_kwCzR0hTQS00Mm1tLXg4MjgtNTZjN84AAnqE
CSRF vulnerability in Jenkins Configuration Slicing Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:configurationslicing
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
High
GSA_kwCzR0hTQS05ZjVnLXJnY3ItOGdyd84AA3aj
Jenkins MATLAB Plugin cross-site request forgery vulnerability
Ecosystems: maven
Packages: org.jenkins-ci.plugins:matlab
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 10 months ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWZmaGctN21oNC0zM2M0
Improper Verification of Cryptographic Signature in golang.org/x/crypto
Ecosystems: go
Packages: golang.org/x/crypto
Source: GitHub Advisory Database
Blast Radius: 40.7
Published: over 3 years ago
High
GSA_kwCzR0hTQS13cTU5LTRxNnItNjM1cs4AA360
Authentication bypass vulnerability in navidrome's subsonic endpoint
Ecosystems: go
Packages: github.com/navidrome/navidrome
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 9 months ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTV4YzYtZnBjNy00cXZn
CoAPthon DoS due to Exceptions
Ecosystems: pypi
Packages: CoAPthon
Source: GitHub Advisory Database
Blast Radius: 3.6
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWpwNGotNDdmOS0ydmMz
Integer Overflow or Wraparound in NATS Server
Ecosystems: go
Packages: github.com/nats-io/nats-server/v2
Source: GitHub Advisory Database
Blast Radius: 33.0
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTM4OTItMnI1Mi1wNjVt
HTTP Request Smuggling in goliath
Ecosystems: rubygems
Packages: goliath
Source: GitHub Advisory Database
Blast Radius: 18.7
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWc4d2ctY2p3Yy14aGhw
Heap OOB in nested `tf.map_fn` with `RaggedTensor`s
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 34.6
Published: about 3 years ago
High
GSA_kwCzR0hTQS1nNXd3LTVqaDctNjNjeM4AAwQP
Protobuf Java vulnerable to Uncontrolled Resource Consumption
Ecosystems: maven
Packages: com.google.protobuf:protobuf-javalite, com.google.protobuf:protobuf-java
Source: GitHub Advisory Database
Blast Radius: 34.4
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1tcHdxLWozeGYtN201d84AA39_
The redirect_uri validation logic allows for bypassing explicitly allowed hosts that would otherwise be restricted
Ecosystems: maven
Packages: org.keycloak:keycloak-services
Source: GitHub Advisory Database
Blast Radius: 19.5
Published: 9 months ago
High
GSA_kwCzR0hTQS04MnE5LTg4bTItNHY2OM4AA3ai
Jenkins MATLAB Plugin XML External Entity vulnerability
Ecosystems: maven
Packages: org.jenkins-ci.plugins:matlab
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 10 months ago
High
GSA_kwCzR0hTQS1wcDNmLTk4cWctNWc3Nc4AAtU9
aws-iam-authenticator allow-listed IAM identity may be able to modify their username, escalate privileges before v0.5.9
Ecosystems: go
Packages: sigs.k8s.io/aws-iam-authenticator
Source: GitHub Advisory Database
Blast Radius: 20.3
Published: about 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXY2Y2otcjg4cC05MnJt
Buffer Overflow in centra
Ecosystems: npm
Packages: centra
Source: GitHub Advisory Database
Blast Radius: 24.3
Published: almost 5 years ago
High
GSA_kwCzR0hTQS00Z2pyLXZnZngtOXF2d84AAwP5
AList vulnerable to Improper Preservation of Permissions
Ecosystems: go
Packages: github.com/alist-org/alist/v3
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTd4d2otNXI0di00Mjlw
NPE in TFLite
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 38.0
Published: about 3 years ago
High
GSA_kwCzR0hTQS1tY2c2LWgzNjItY21xNc0yIQ
Improper Authorization in cobbler
Ecosystems: pypi
Packages: cobbler
Source: GitHub Advisory Database
Blast Radius: 8.5
Published: over 2 years ago
High
GSA_kwCzR0hTQS05cnI2LWpwZzctOWpnNs0yFQ
Authentication Bypass by Capture-replay in Apache Spark
Ecosystems: pypi, maven
Packages: pyspark, org.apache.spark:spark-core
Source: GitHub Advisory Database
Blast Radius: 29.5
Published: over 2 years ago
High
GSA_kwCzR0hTQS1yOWh4LXZ3bXYtcTU3Oc4AAwjs
pypa/setuptools vulnerable to Regular Expression Denial of Service (ReDoS)
Ecosystems: pypi
Packages: setuptools
Source: GitHub Advisory Database
Blast Radius: 37.4
Published: over 1 year ago
High
GSA_kwCzR0hTQS04bTVxLWNycXEtNnBtZs1AOA
Unrestricted Upload of File with Dangerous Type in Apache Struts2
Ecosystems: maven
Packages: org.apache.struts:struts2-core
Source: GitHub Advisory Database
Blast Radius: 33.4
Published: over 2 years ago
High
GSA_kwCzR0hTQS12Y3I4LWg4cXAtcWo4aM4AAh6e
Cross-Site Request Forgery in Jenkins
Ecosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWdoNzgtNDhoMy1mcmpx
Improper exception handling in Aedes
Ecosystems: npm
Packages: aedes
Source: GitHub Advisory Database
Blast Radius: 22.6
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXhjcmctMjloNy1oNGNq
XXE in PHPSpreadsheet due to encoding issue
Ecosystems: packagist
Packages: phpoffice/phpspreadsheet
Source: GitHub Advisory Database
Blast Radius: 37.9
Published: almost 5 years ago
High
GSA_kwCzR0hTQS00bXE0LTdydzMtdm01as4AA3ui
Wasmer filesystem sandbox not enforced
Ecosystems: cargo
Packages: wasmer-cli
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 9 months ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXdqeDgtY2dybS1oaDhw
Unrestricted file uploads in Contao
Ecosystems: packagist
Packages: contao/contao, contao/core-bundle
Source: GitHub Advisory Database
Blast Radius: 28.9
Published: almost 5 years ago
High
GSA_kwCzR0hTQS04N205LXJ2OHAtcmdtZ84AA84S
go-grpc-compression has a zstd decompression bombing vulnerability
Ecosystems: go
Packages: github.com/mostynb/go-grpc-compression
Source: GitHub Advisory Database
Blast Radius: 20.3
Published: 3 months ago
High
GSA_kwCzR0hTQS1yNWM3LXFjYzktNXY3bc4AARb2
Jenkins Pipeline Classpath Step plugin allowed Script Security sandbox bypass
Ecosystems: maven
Packages: cprice404:pipeline-classpath
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWhod2MtOGc0OS1qOGp4
Ruby_parser-legacy Incorrect Permission Assignment for Critical Resource
Ecosystems: rubygems
Packages: ruby_parser-legacy
Source: GitHub Advisory Database
Blast Radius: 5.5
Published: almost 5 years ago
Statistics
Advisories: 20,108
Packages: 8,840
Repositories: 5,393
Ecosystems: 12
Filter by Severity
Moderate 8,758 High 6,920 Critical 2,995 Low 1,110
Filter by Ecosystem
maven 5,764 packagist 4,467 pypi 4,220 npm 3,735 go 2,203 nuget 1,508 rubygems 859 cargo 849 swift 32 hex 30 actions 19 pub 8
Filter by Package
tensorflow 433 tensorflow-gpu 425 tensorflow-cpu 422 moodle/moodle 343 Microsoft.ChakraCore 247 magento/community-edition 215 org.jenkins-ci.main:jenkins-core 191 typo3/cms 174 org.apache.tomcat:tomcat 132 pimcore/pimcore 118 dolibarr/dolibarr 112 typo3/cms-core 106 Django 98 microweber/microweber 94 phpmyadmin/phpmyadmin 92 drupal/core 92 silverstripe/framework 85 apache-airflow 84 drupal/drupal 77 thorsten/phpmyfaq 70 com.fasterxml.jackson.core:jackson-databind 69 symfony/symfony 64 ansible 63 github.com/usememos/memos 63 actionpack 58 concrete5/concrete5 58 github.com/mattermost/mattermost/server/v8 55 org.apache.struts:struts2-core 55 salt 55 librenms/librenms 54 shopware/platform 52 Plone 52 apache-superset 51 org.keycloak:keycloak-core 50 nova 47 github.com/grafana/grafana 47 mlflow 46 com.liferay.portal:release.portal.bom 45 django 44 baserproject/basercms 43 nokogiri 43 craftcms/cms 43 plone 43 rdiffweb 42 Pillow 41 shopware/core 40 showdoc/showdoc 40 intelliants/subrion 39 vyper 38 froxlor/froxlor 38 org.apache.tomcat.embed:tomcat-embed-core 37 mautic/core 37 org.xwiki.platform:xwiki-platform-oldcore 37 nilsteampassnet/teampass 37 github.com/mattermost/mattermost-server/v6 37 com.jfinal:jfinal 36 com.thoughtworks.xstream:xstream 36 org.elasticsearch:elasticsearch 36 moin 35 matrix-synapse 35 net.mingsoft:ms-mcms 35 zendframework/zendframework1 34 org.keycloak:keycloak-services 34 github.com/answerdev/answer 34 github.com/hashicorp/vault 34 k8s.io/kubernetes 34 snipe/snipe-it 33 github.com/rancher/rancher 33 io.undertow:undertow-core 32 org.jenkins-ci.plugins:script-security 32 keystone 31 opencv-contrib-python 31 github.com/argoproj/argo-cd 31 opencv-python 31 parse-server 30 shopware/shopware 30 getgrav/grav 29 github.com/docker/docker 29 github.com/hashicorp/nomad 27 github.com/argoproj/argo-cd/v2 27 centreon/centreon 27 directus 26 electron 26 openssl-src 26 github.com/hashicorp/consul 26 prestashop/prestashop 26 org.keycloak:keycloak-parent 25 rubygems-update 25 org.apache.solr:solr-core 25 magento/core 24 mediawiki/core 24 gogs.io/gogs 24 contao/core-bundle 24 org.springframework.security:spring-security-core 24 github.com/cilium/cilium 24 zendframework/zendframework 23 puppet 23 simplesamlphp/simplesamlphp 23 grumpydictator/firefly-iii 23 remdex/livehelperchat 23 rack 23 org.eclipse.jetty:jetty-server 23 pocketmine/pocketmine-mp 23 ckb 22 org.apache.nifi:nifi 22 org.bouncycastle:bcprov-jdk14 22 getkirby/cms 22 org.apache.openmeetings:openmeetings-parent 21 activerecord 21 @openzeppelin/contracts-upgradeable 21 github.com/ethereum/go-ethereum 20 glance 20 @openzeppelin/contracts 20 tribalsystems/zenario 20 org.cloudfoundry.identity:cloudfoundry-identity-server 20 Microsoft.AspNetCore.App.Runtime.win-x86 20 Microsoft.AspNetCore.App.Runtime.win-x64 20 code.gitea.io/gitea 20 Microsoft.AspNetCore.App.Runtime.win-arm 19 org.springframework:spring-core 19 DotNetNuke.Core 19 laravel/framework 19 org.xwiki.platform:xwiki-platform-web-templates 19 langchain 18 mindsdb 18 com.vaadin:vaadin-bom 18 contao/contao 18 github.com/traefik/traefik/v2 18 gradio 18 com.liferay.portal:release.dxp.bom 18 topthink/framework 18 golang.org/x/net 18 cockpit-hq/cockpit 18 github.com/goharbor/harbor 18 forkcms/forkcms 18 Microsoft.AspNetCore.App.Runtime.osx-x64 17 Microsoft.AspNetCore.App.Runtime.linux-arm64 17 helm.sh/helm/v3 17 Microsoft.AspNetCore.App.Runtime.linux-arm 17 opencart/opencart 17 genix/cms 17 symfony/security 17 ezsystems/ezpublish-kernel 17 francoisjacquet/rosariosis 17 Microsoft.AspNetCore.App.Runtime.linux-musl-x64 17 Microsoft.AspNetCore.App.Runtime.linux-x64 17 cobbler 17 Microsoft.AspNetCore.App.Runtime.win-arm64 17 PaddlePaddle 17 org.apache.geode:geode-core 17 cakephp/cakephp 17 mercurial 17 next 17 org.bouncycastle:bcprov-jdk15 16 org.apache.dubbo:dubbo 16 cryptography 16 neutron 16 rusqlite 16 sequelize 16 yetiforce/yetiforce-crm 16 org.apache.activemq:activemq-client 16 Microsoft.AspNetCore.App.Runtime.linux-musl-arm64 16 openmage/magento-lts 16 notebook 16 org.apache.jspwiki:jspwiki-main 16 wasmtime 16 tinymce 16 pillow 16 ec-cube/ec-cube 15 org.apache.struts.xwork:xwork-core 15 paddlepaddle 15 ghost 15 ckeditor4 15 smarty/smarty 15 pyload-ng 15 october/system 15 ethyca-fides 15 feehi/cms 14 github.com/nats-io/nats-server/v2 14 github.com/containerd/containerd 14 silverstripe/cms 14 swagger-ui 14 symfony/security-http 14 bolt/bolt 14 pyftpdlib 14 github.com/zitadel/zitadel 14 modoboa 14 org.xwiki.platform:xwiki-platform-web 14 phpmailer/phpmailer 14 typo3/cms-backend 14 activesupport 14 publify_core 14 org.apache.inlong:manager-pojo 14 studio-42/elfinder 13 twisted 13 angular 13 strapi 13 vantage6 13 github.com/mattermost/mattermost-server 13 pimcore/admin-ui-classic-bundle 13
Filter by Repository
https://github.com/tensorflow/tensorflow 433 https://github.com/chakra-core/ChakraCore 214 https://github.com/moodle/moodle 214 https://github.com/xwiki/xwiki-platform 183 https://github.com/jenkinsci/jenkins 150 https://github.com/pimcore/pimcore 113 https://github.com/django/django 111 https://github.com/apache/airflow 98 https://github.com/apache/tomcat 97 https://github.com/microweber/microweber 88 https://github.com/TYPO3/typo3 72 https://github.com/FasterXML/jackson-databind 70 https://github.com/thorsten/phpmyfaq 69 https://github.com/keycloak/keycloak 69 https://github.com/silverstripe/silverstripe-framework 64 https://github.com/usememos/memos 63 https://github.com/symfony/symfony 57 https://github.com/ansible/ansible 56 https://github.com/Dolibarr/dolibarr 56 https://github.com/rails/rails 55 https://github.com/python-pillow/Pillow 52 https://github.com/kubernetes/kubernetes 50 https://github.com/apache/struts 46 https://github.com/librenms/librenms 46 https://github.com/shopware/platform 43 https://github.com/spring-projects/spring-framework 43 https://github.com/argoproj/argo-cd 42 https://github.com/ikus060/rdiffweb 42 https://github.com/grafana/grafana 40 https://github.com/concretecms/concretecms 39 https://github.com/vyperlang/vyper 38 https://github.com/magento/magento2 38 https://github.com/star7th/showdoc 38 https://github.com/phpmyadmin/phpmyadmin 38 https://github.com/plone/Products.CMFPlone 37 https://github.com/openstack/nova 37 https://github.com/x-stream/xstream 36 https://github.com/mautic/mautic 35 https://github.com/octobercms/october 35 https://github.com/saltstack/salt 34 https://github.com/answerdev/answer 34 https://github.com/apache/activemq 33 https://github.com/sparklemotion/nokogiri 32 https://github.com/go-gitea/gitea 32 https://github.com/opencv/opencv 32 https://github.com/matrix-org/synapse 32 https://github.com/craftcms/cms 31 https://github.com/PaddlePaddle/Paddle 31 https://github.com/mlflow/mlflow 30 https://github.com/parse-community/parse-server 30 https://github.com/snipe/snipe-it 29 https://github.com/rancher/rancher 28 https://github.com/dotnet/runtime 28 https://github.com/openstack/keystone 28 https://github.com/shopware/shopware 28 https://github.com/CVEProject/cvelist 28 https://github.com/apache/inlong 27 https://github.com/froxlor/froxlor 26 https://github.com/electron/electron 25 https://github.com/directus/directus 25 https://github.com/contao/contao 25 https://github.com/getgrav/grav 24 https://github.com/TYPO3/TYPO3.CMS 24 https://github.com/cilium/cilium 24 https://github.com/gogs/gogs 24 https://github.com/strapi/strapi 24 https://github.com/pmmp/PocketMine-MP 23 https://github.com/eclipse/jetty.project 23 https://github.com/github/advisory-database 23 https://github.com/livehelperchat/livehelperchat 23 https://github.com/firefly-iii/firefly-iii 23 https://github.com/baserproject/basercms 22 https://github.com/nervosnetwork/ckb 22 https://github.com/apache/nifi 22 https://github.com/PrestaShop/PrestaShop 22 https://github.com/apache/cxf 21 https://github.com/jenkinsci/script-security-plugin 21 https://github.com/langchain-ai/langchain 20 https://github.com/simplesamlphp/simplesamlphp 20 https://github.com/jeecgboot/jeecg-boot 20 https://github.com/netty/netty 20 https://github.com/OpenZeppelin/openzeppelin-contracts 20 https://github.com/umbraco/Umbraco-CMS 20 https://github.com/OpenNMS/opennms 20 https://github.com/nilsteampassnet/teampass 19 https://github.com/hashicorp/consul 19 https://github.com/bcgit/bc-java 19 https://github.com/cloudfoundry/uaa 19 https://github.com/getkirby/kirby 19 https://github.com/goharbor/harbor 18 https://github.com/nilsteampassnet/TeamPass 18 https://github.com/helm/helm 18 https://github.com/geoserver/geoserver 18 https://github.com/rack/rack 18 https://github.com/intelliants/subrion 18 https://github.com/traefik/traefik 18 https://github.com/rubygems/rubygems 18 https://github.com/liufee/cms 17 https://github.com/moby/moby 17 https://github.com/zitadel/zitadel 17 https://github.com/bytecodealliance/wasmtime 17 https://github.com/vaadin/platform 17 https://github.com/mindsdb/mindsdb 17 https://github.com/opencast/opencast 16 https://github.com/tinymce/tinymce 16 https://github.com/OpenMage/magento-lts 16 https://github.com/gradio-app/gradio 16 https://github.com/rusqlite/rusqlite 16 https://github.com/etcd-io/etcd 16 https://github.com/forkcms/forkcms 16 https://github.com/yetiforcecompany/yetiforcecrm 16 https://github.com/ethereum/go-ethereum 16 https://github.com/TYPO3-CMS/core 16 https://github.com/hashicorp/vault 16 https://github.com/sequelize/sequelize 16 https://github.com/vantage6/vantage6 15 https://github.com/undertow-io/undertow 15 https://github.com/denoland/deno 15 https://github.com/pyload/pyload 15 https://github.com/centreon/centreon 15 https://github.com/laravel/framework 15 https://github.com/PHPMailer/PHPMailer 15 https://github.com/zendframework/zendframework 15 https://github.com/puppetlabs/puppet 15 https://github.com/apache/camel 15 https://github.com/ethyca/fides 15 https://github.com/backstage/backstage 15 https://github.com/pyca/cryptography 15 https://github.com/cobbler/cobbler 14 https://github.com/twisted/twisted 14 https://github.com/ckeditor/ckeditor4 14 https://github.com/mattermost/mattermost 14 https://github.com/containerd/containerd 14 https://github.com/xuxueli/xxl-job 14 https://github.com/cockpit-hq/cockpit 14 https://github.com/publify/publify 13 https://github.com/vercel/next.js 13 https://github.com/TryGhost/Ghost 13 https://github.com/swagger-api/swagger-ui 13 https://github.com/decidim/decidim 13 https://github.com/modoboa/modoboa 13 https://github.com/dompdf/dompdf 13 https://github.com/apache/dolphinscheduler 13 https://github.com/dromara/hutool 13 https://github.com/nodejs/undici 13 https://github.com/ming-soft/MCMS 13 https://github.com/golang/go 13 https://github.com/dotnet/aspnetcore 13 https://github.com/hashicorp/nomad 13 https://github.com/quarkusio/quarkus 13 https://github.com/pimcore/admin-ui-classic-bundle 12 https://github.com/urllib3/urllib3 12 https://github.com/centreon/centreon-archived 12 https://github.com/smarty-php/smarty 12 https://github.com/patriksimek/vm2 12 https://github.com/wagtail/wagtail 12 https://github.com/puma/puma 12 https://github.com/aio-libs/aiohttp 12 https://github.com/1Panel-dev/1Panel 12 https://github.com/opencontainers/runc 12 https://github.com/openfga/openfga 12 https://github.com/laurent22/joplin 12 https://github.com/apache/kylin 12 https://github.com/scrapy/scrapy 11 https://github.com/containers/podman 11 https://github.com/top-think/framework 11 https://github.com/Studio-42/elFinder 11 https://github.com/ezsystems/ezpublish-kernel 11 https://github.com/openstack/glance 11 https://github.com/nats-io/nats-server 11 https://github.com/igniterealtime/Openfire 11 https://github.com/yiisoft/yii2 11 https://github.com/OPCFoundation/UA-.NETStandard 11 https://github.com/thorsten/phpMyFAQ 11 https://github.com/dpgaspar/Flask-AppBuilder 11 https://github.com/WWBN/AVideo 11 https://github.com/onionshare/onionshare 11 https://github.com/Sylius/Sylius 11 https://github.com/drupal/core 11 https://github.com/cakephp/cakephp 11 https://github.com/vaadin/flow 11 https://github.com/cloudflare/cfrpki 11 https://github.com/janeczku/calibre-web 11 https://github.com/NodeBB/NodeBB 11 https://github.com/nocodb/nocodb 10 https://github.com/greenpau/caddy-security 10 https://github.com/cri-o/cri-o 10 https://github.com/jenkinsci/git-plugin 10 https://github.com/zopefoundation/Zope 10 https://github.com/getsentry/sentry 10 https://github.com/pomerium/pomerium 10 https://github.com/DSpace/DSpace 10 https://github.com/surrealdb/surrealdb 10 https://github.com/keystonejs/keystone 10 https://github.com/phusion/passenger 10 https://github.com/jquery/jquery 10 https://github.com/spring-projects/spring-security 10 https://github.com/apache/zeppelin 10 https://github.com/zenml-io/zenml 10