Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories

Loading...
Critical
GSA_kwCzR0hTQS00djM4LTk2NGMteGptd84AAy3x
Code injection via unescaped translations in xwiki-platform
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-administration-ui
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJ4cGctM2h4NC1mbTly
Out of bounds read in xcb
Ecosystems: cargo
Packages: xcb
Source: GitHub Advisory Database
Blast Radius: 32.6
Published: over 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWpqaGctcXc1di1yOHh4
Malicious Package in anarchy
Ecosystems: npm
Packages: anarchy
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTNjdjQteHh2Ny05MzRx
Improper Verification of Cryptographic Signature in Apache Pulsar in TensorFlow
Ecosystems: maven
Packages: org.apache.pulsar:pulsar
Source: GitHub Advisory Database
Blast Radius: 5.9
Published: almost 3 years ago
Critical
GSA_kwCzR0hTQS1ndjg3LXE2NmgtNDI3N80ckg
Command injection in itext7-core
Ecosystems: maven
Packages: com.itextpdf:itextpdf, com.itextpdf:itext7-core
Source: GitHub Advisory Database
Blast Radius: 38.2
Published: over 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTM4aHgtMzU0Mi04Zmgz
Malicious code in `electorn`
Ecosystems: npm
Packages: electorn
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Critical
GSA_kwCzR0hTQS01OWM5LXB4cTgtOWM3M84AA3uj
Improper JWT Signature Validation in SAP Security Services Library
Ecosystems: maven
Packages: com.sap.cloud.security.xsuaa:spring-xsuaa, com.sap.cloud.security:spring-security, com.sap.cloud.security:java-security
Source: GitHub Advisory Database
Blast Radius: 9.5
Published: 5 months ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXBybWMtNXY1dy1jNDY1
Client TLS credentials sent raw to server in npm package nats
Ecosystems: npm
Packages: nats
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 3 years ago
Critical
GSA_kwCzR0hTQS1tcGo4LXEzOXgtd3E1aM4AA2sN
crypto-es PBKDF2 1,000 times weaker than specified in 1993 and 1.3M times weaker than current standard
Ecosystems: npm
Packages: crypto-es
Source: GitHub Advisory Database
Blast Radius: 28.8
Published: 7 months ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW12Y2gtcmg2aC0ybTQ3
Malicious Package in equest
Ecosystems: npm
Packages: equest
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Critical
GSA_kwCzR0hTQS13OHY3LXByaHcteGpwd83opQ
Apache Flex BlazeDS unsafe deserialization
Ecosystems: maven
Packages: org.apache.flex.blazeds:flex-messaging-remoting, org.apache.flex.blazeds:flex-messaging-core
Source: GitHub Advisory Database
Blast Radius: 16.6
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS02d2hmLXE2cDUtODR3Z80WBw
Improper Access Control in Webauthn Framework
Ecosystems: packagist
Packages: web-auth/webauthn-framework
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS04NmZoLWo1OG0tN3BmNc0XvA
Improper Privilege Management in Apache Ozone
Ecosystems: maven
Packages: org.apache.ozone:ozone-main
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXc3d2ctMjRnMy0yYzc4
Malicious Package in requset
Ecosystems: npm
Packages: requset
Source: GitHub Advisory Database
Blast Radius: 16.7
Published: over 3 years ago
Critical
GSA_kwCzR0hTQS02NGN3LW01N2otNjV4as4AAgWy
Ansible Arbitrary Code Execution
Ecosystems: pypi
Packages: ansible
Source: GitHub Advisory Database
Blast Radius: 40.8
Published: almost 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTNjcGotbWozcS04Mndy
Malicious Package in bs58chek
Ecosystems: npm
Packages: bs58chek
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXIycHAteDRtbS00OTk5
XML External Entity (XXE) vulnerability in neo4j.procedure:apoc
Ecosystems: maven
Packages: org.neo4j.procedure:apoc
Source: GitHub Advisory Database
Blast Radius: 16.4
Published: over 5 years ago
Critical
GSA_kwCzR0hTQS0zcDYyLTZmamgtM3A1aM4AA0KH
Keycloak vulnerable to cross-site scripting when validating URI-schemes on SAML and OIDC
Ecosystems: maven
Packages: org.keycloak:keycloak-services
Source: GitHub Advisory Database
Blast Radius: 27.5
Published: 11 months ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW1xZ3YtNjd2eC1nNG01
Prototype Pollution in js-data
Ecosystems: npm
Packages: js-data
Source: GitHub Advisory Database
Blast Radius: 25.4
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS0ycG13LWN2YzctZnJ2aM0s2A
SQL injection in MCMS
Ecosystems: maven
Packages: net.mingsoft:ms-mcms
Source: GitHub Advisory Database
Blast Radius: 3.0
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS1nOGo4LW1naDktcTc3cM0teg
File upload leading to RCE in MCMS
Ecosystems: maven
Packages: net.mingsoft:ms-mcms
Source: GitHub Advisory Database
Blast Radius: 3.0
Published: about 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTUzNHctOTM3bS12N3gz
restforce vulnerable to Improper Input Validation
Ecosystems: rubygems
Packages: restforce
Source: GitHub Advisory Database
Blast Radius: 22.5
Published: almost 6 years ago
Critical
GSA_kwCzR0hTQS1wMjh4LTRyNWgtcGg2as4AA5aJ
Liferay Portal Message Board widget and Liferay DXP vulnerable to stored Cross-site Scripting
Ecosystems: maven
Packages: com.liferay.portal:release.dxp.bom, com.liferay.portal:release.portal.bom
Source: GitHub Advisory Database
Blast Radius: 13.8
Published: 3 months ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXEzY2MtN3A3Zy0zOTJj
Use after free in rusqlite
Ecosystems: cargo
Packages: rusqlite
Source: GitHub Advisory Database
Blast Radius: 33.8
Published: over 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWhodzItcHFoZi12bXgy
Use after free in actix-utils
Ecosystems: cargo
Packages: actix-utils
Source: GitHub Advisory Database
Blast Radius: 34.4
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS1xYzg2LXZnZjItNmZxNs4AAx9M
Moodle SQL Injection vulnerability
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 13.9
Published: about 1 year ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTR4NngtNzgycS1qZmM0
Command Injection in node-wifi
Ecosystems: npm
Packages: node-wifi
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLThxeDQtcjdmeC14YzR2
Malicious Package in requst
Ecosystems: npm
Packages: requst
Source: GitHub Advisory Database
Blast Radius: 10.6
Published: over 3 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTkyNngtbTZtNS0zbW1w
push-dir Enables OS Command Injection
Ecosystems: npm
Packages: push-dir
Source: GitHub Advisory Database
Blast Radius: 32.8
Published: over 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWYzcGMtYzJnZi1odmd3
Malicious Package in requets
Ecosystems: npm
Packages: requets
Source: GitHub Advisory Database
Blast Radius: 10.6
Published: over 3 years ago
Critical
GSA_kwCzR0hTQS00cmNoLTJmaDgtOTR2d84AA7Pp
MySQL2 for Node Arbitrary Code Injection
Ecosystems: npm
Packages: mysql2
Source: GitHub Advisory Database
Blast Radius: 50.0
Published: 23 days ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXBwcXAtNzh4eC0zcjM4
Out of bounds write in calamine
Ecosystems: cargo
Packages: calamine
Source: GitHub Advisory Database
Blast Radius: 19.9
Published: over 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXI4NjMtcDczOS0yNzVj
Malicious Package in reuest
Ecosystems: npm
Packages: reuest
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Critical
GSA_kwCzR0hTQS1xaHE4LXh3cXYtcHZ2Oc4AAYBx
OpenStack Swauth object/proxy server writing Auth Token to log file
Ecosystems: pypi
Packages: swauth
Source: GitHub Advisory Database
Blast Radius: 4.7
Published: almost 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXc4aGctbXh2aC05aDU3
Malicious Package in angular-bmap
Ecosystems: npm
Packages: angular-bmap
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Critical
GSA_kwCzR0hTQS04Zmo2LXBjNXItMzQ3cc4AAnuE
qcubed SQL injection vulnerability in profile.php via the strQuery parameter
Ecosystems: packagist
Packages: qcubed/qcubed
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWp3MzctNWdxci1jZjlq
Server-Side Request Forgery in ftp-srv
Ecosystems: npm
Packages: ftp-srv
Source: GitHub Advisory Database
Blast Radius: 18.3
Published: over 3 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTRyeDktNThtNy1ncjh3
Malicious Package in css_transform_step
Ecosystems: npm
Packages: css_transform_step
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 3 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXgyeGctNndjai02eGY5
SafeCurl before 0.9.2 has a DNS rebinding vulnerability.
Ecosystems: packagist
Packages: vanilla/safecurl
Source: GitHub Advisory Database
Blast Radius: 11.8
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS1oeGN3LXBxcWMtcnY4Nc4AARuz
Anchor CMS Logs Credentials
Ecosystems: packagist
Packages: anchorcms/anchor-cms
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS00Njh4LWZyY20tZ2h4Ns4AA5aB
Liferay Portal and Liferay DXP vulnerable to reflected Cross-site Scripting
Ecosystems: maven
Packages: com.liferay.portal:release.dxp.bom, com.liferay.portal:release.portal.bom
Source: GitHub Advisory Database
Blast Radius: 13.8
Published: 3 months ago
Critical
GSA_kwCzR0hTQS1mOXBnLWc5eHctcjVnMs0siw
SQL Injection in Jeecg-boot
Ecosystems: maven
Packages: org.jeecgframework.boot:jeecg-boot-base-core, org.jeecgframework.boot:jeecg-boot-base
Source: GitHub Advisory Database
Blast Radius: 23.2
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS1nZnFmLTl3OTgtN2pteM4AA5GB
Stimulsoft Dashboard.JS directory traversal vulnerability
Ecosystems: npm
Packages: stimulsoft-dashboards-js
Source: GitHub Advisory Database
Blast Radius: 2.7
Published: 3 months ago
Critical
GSA_kwCzR0hTQS00MjIzLXFqOTQtN3g5cM4AAQMh
elFinder command injection vulnerability in the PHP connector
Ecosystems: packagist
Packages: studio-42/elfinder
Source: GitHub Advisory Database
Blast Radius: 30.7
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS1oOTl3LTlxNXItZ2pxOc028Q
Puma vulnerable to HTTP Request Smuggling
Ecosystems: rubygems
Packages: puma
Source: GitHub Advisory Database
Blast Radius: 51.0
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS14ZzczLTk0ZnAtZzQ0Oc4AAyUH
mlflow is vulnerable to remote file access in `mlflow server` and `mlflow ui` CLIs
Ecosystems: pypi
Packages: mlflow
Source: GitHub Advisory Database
Blast Radius: 36.3
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS1wcjlxLXY1ODUtcXYyd800vg
Improper Privilege Management in Open Web Analytics
Ecosystems: packagist
Packages: open-web-analytics/open-web-analytics
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTVoNXItZmZjNC1jNDU1
strong_password Ruby gem malicious version causing Remote Code Execution vulnerability
Ecosystems: rubygems
Packages: strong_password
Source: GitHub Advisory Database
Blast Radius: 18.3
Published: almost 5 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW04OTgtaDRwbS1wcWZy
Arbitrary code execution due to an uncontrolled search path for the git binary
Ecosystems: go
Packages: github.com/MichaelMure/git-bug
Source: GitHub Advisory Database
Blast Radius: 3.0
Published: almost 3 years ago
Critical
GSA_kwCzR0hTQS0zMjlqLWpmdnItcmhyNs4AAyz5
Apache Spark vulnerable to Improper Privilege Management
Ecosystems: maven
Packages: org.apache.spark:spark-core_2.13, org.apache.spark:spark-core_2.12
Source: GitHub Advisory Database
Blast Radius: 34.4
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS1oNHc5LTZ4NzgtOHZyas4AAs5Z
Argo CD's external URLs for Deployments can include JavaScript
Ecosystems: go
Packages: github.com/argoproj/argo-cd/v2, github.com/argoproj/argo-cd
Source: GitHub Advisory Database
Blast Radius: 19.7
Published: almost 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXgydzUtNW0yZy03aDVt
XML External Entity Reference (XXE) in jackson-databind
Ecosystems: maven
Packages: com.fasterxml.jackson.core:jackson-databind
Source: GitHub Advisory Database
Blast Radius: 52.8
Published: over 5 years ago
Critical
GSA_kwCzR0hTQS1nN3hyLXY4MnctcWdncc4AArga
Code Injection in SEOmatic
Ecosystems: packagist
Packages: nystudio107/craft-seomatic
Source: GitHub Advisory Database
Blast Radius: 20.0
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS1ocm0zLTN4bTYteDMzaM4AAwoO
golang-nanoauth authentication bypass vulnerability
Ecosystems: go
Packages: github.com/nanobox-io/golang-nanoauth
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS05aGZnLXB4cjYtcTR2cM0fhQ
Use of a Broken or Risky Cryptographic Algorithm in crypto2
Ecosystems: cargo
Packages: crypto2
Source: GitHub Advisory Database
Blast Radius: 12.8
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS1qZmg4LWMyanAtNXYzcc0asw
Remote code injection in Log4j
Ecosystems: maven
Packages: org.apache.logging.log4j:log4j-core, uk.co.nichesolutions.logging.log4j:log4j-core, org.xbib.elasticsearch:log4j, com.guicedee.services:log4j-core
Source: GitHub Advisory Database
Blast Radius: 49.2
Published: over 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTh3d2YtMjY0NC1mOHg0
The Fuck Arbitrary File Deletion via Path Traversal
Ecosystems: pypi
Packages: thefuck
Source: GitHub Advisory Database
Blast Radius: 18.7
Published: almost 3 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXdneDctand3bS1jZ2p2
Improper Authentication in Apache Spark
Ecosystems: maven
Packages: org.apache.spark:spark-parent_2.11
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXBnd2otcHJwcS1qcGMy
Symfony Service IDs Allow Injection
Ecosystems: packagist
Packages: symfony/symfony, symfony/proxy-manager-bridge, symfony/dependency-injection
Source: GitHub Advisory Database
Blast Radius: 48.5
Published: over 4 years ago
Critical
GSA_kwCzR0hTQS03M3gzLThtcmctNXI5M84AA5aE
Liferay Portal Language Override edit screen and Liferay DXP vulnerable to reflected Cross-site Scripting
Ecosystems: maven
Packages: com.liferay.portal:release.dxp.bom, com.liferay.portal:release.portal.bom
Source: GitHub Advisory Database
Blast Radius: 14.7
Published: 3 months ago
Critical
GSA_kwCzR0hTQS1wZmNjLTNnNnItOHJnOM4AAxyW
Undertow client not checking server identity presented by server certificate in https connections
Ecosystems: maven
Packages: io.undertow:undertow-core
Source: GitHub Advisory Database
Blast Radius: 36.5
Published: about 1 year ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWoyMzktNGdxZy01ajU0
Inadequate Encryption Strength
Ecosystems: maven
Packages: org.primefaces:primefaces
Source: GitHub Advisory Database
Blast Radius: 39.9
Published: almost 3 years ago
Critical
GSA_kwCzR0hTQS01NHB2LXI2MmotOXFxY84AA5aC
Liferay Portal and Liferay DXP vulnerable to reflected Cross-site Scripting
Ecosystems: maven
Packages: com.liferay.portal:release.dxp.bom, com.liferay.portal:release.portal.bom
Source: GitHub Advisory Database
Blast Radius: 14.7
Published: 3 months ago
Critical
GSA_kwCzR0hTQS1mNXgyLXh2OTMtNHAyM84AAl0M
Access of Resource Using Incompatible Type in Facebook Hermes
Ecosystems: npm
Packages: hermes-engine
Source: GitHub Advisory Database
Blast Radius: 52.3
Published: almost 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTlteGYtZzN4Ni13djc0
Server-Side Request Forgery (SSRF) in jackson-databind
Ecosystems: maven
Packages: com.fasterxml.jackson.core:jackson-databind
Source: GitHub Advisory Database
Blast Radius: 53.9
Published: over 5 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXhwbTgtOThteC1oNGM1
Unsafe deserialization in MLAlchemy
Ecosystems: pypi
Packages: MLAlchemy
Source: GitHub Advisory Database
Blast Radius: 9.4
Published: almost 6 years ago
Critical
GSA_kwCzR0hTQS1yM2pjLTNxbW0tdzNwd84AA5JJ
SQLAlchemyDA unauthenticated arbitrary SQL query execution
Ecosystems: pypi
Packages: Products.SQLAlchemyDA
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
Critical
GSA_kwCzR0hTQS12MnhxLW0yMnctam1wcs4AA5aH
Liferay Portal and Liferay DXP's Users Admin module vulnerable to stored Cross-site Scripting
Ecosystems: maven
Packages: com.liferay.portal:release.dxp.bom, com.liferay.portal:release.portal.bom
Source: GitHub Advisory Database
Blast Radius: 13.8
Published: 3 months ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXgzd3ItdjR3eC01cXBj
Prototype Pollution
Ecosystems: npm
Packages: expand-hash
Source: GitHub Advisory Database
Blast Radius: 16.7
Published: almost 3 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTI2OW0tNjk1eC1qMzRw
Apache Qpid Broker vulnerable to authentication port spoofing
Ecosystems: maven
Packages: org.apache.qpid:qpid-broker
Source: GitHub Advisory Database
Blast Radius: 25.3
Published: over 5 years ago
Critical
GSA_kwCzR0hTQS1xMmN2LTdqNTgtcmZtas4AA5bF
Liferay Portal Document and Media widget and Liferay DXP vulnerable to stored Cross-site Scripting
Ecosystems: maven
Packages: com.liferay.portal:release.dxp.bom, com.liferay.portal:release.portal.bom
Source: GitHub Advisory Database
Blast Radius: 13.8
Published: 3 months ago
Critical
GSA_kwCzR0hTQS04NHgyLTJxdjYtcWc1Ns4AA5Ch
Nervos CKB P2P DoS Attacks
Ecosystems: cargo
Packages: ckb
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 months ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZnM2MtMm1oNS03cTZ4
Missing validation of JWT signature in `ManyDesigns/Portofino`
Ecosystems: maven
Packages: com.manydesigns:portofino-core, com.manydesigns:portofino-dispatcher
Source: GitHub Advisory Database
Blast Radius: 6.4
Published: about 3 years ago
Critical
GSA_kwCzR0hTQS1qOGZxLTg2YzUtNXYycs0WvA
Remote code execution in dask
Ecosystems: pypi
Packages: distributed
Source: GitHub Advisory Database
Blast Radius: 37.9
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS12ZnJqLWZ2NnAtM2NwZs4AAzpG
Brook's tproxy server is vulnerable to a drive-by command injection.
Ecosystems: go
Packages: github.com/txthinking/brook
Source: GitHub Advisory Database
Blast Radius: 5.8
Published: 12 months ago
Critical
GSA_kwCzR0hTQS0yOXJ2LWZxeDItNGM5Zs0z6w
Deserialization of Untrusted Data in SinGooCMS.Utility
Ecosystems: nuget
Packages: SinGooCMS.Utility
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS1xYzIyLXF3bTktajhyeM0dGQ
Remote Code Execution in npm-groovy-lint
Ecosystems: npm
Packages: npm-groovy-lint
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWd4NzMtMjQ5OC1yNTVj
Unsound casting in flatbuffers
Ecosystems: cargo
Packages: flatbuffers
Source: GitHub Advisory Database
Blast Radius: 28.9
Published: over 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJnamctNjZjeC01eDlt
Grafana Authentication Bypass
Ecosystems: go
Packages: github.com/grafana/grafana
Source: GitHub Advisory Database
Blast Radius: 16.6
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS0zODM5LTZyNjktbTQ5N84AAwoN
GoUtils's randomly-generated alphanumeric strings contain significantly less entropy than expected
Ecosystems: go
Packages: github.com/Masterminds/goutils
Source: GitHub Advisory Database
Blast Radius: 39.0
Published: over 1 year ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWdtOGcteGhoOC1ybXdy
Prototype Pollution in doc-path
Ecosystems: npm
Packages: doc-path
Source: GitHub Advisory Database
Blast Radius: 27.6
Published: about 3 years ago
Critical
GSA_kwCzR0hTQS00dnE3LTg2OTktNHhnY84AAtt0
WMAgent arbitrary code execution via a crafted dbs-client package
Ecosystems: pypi
Packages: global-workqueue, reqmon, reqmgr2, wmagent
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS14NDg3LTg2Nm0tcDhocs4AAze4
Server-Side Template Injection in Camaleon CMS
Ecosystems: rubygems
Packages: camaleon_cms
Source: GitHub Advisory Database
Blast Radius: 12.5
Published: 12 months ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWpmMm0tNDM1bS1teHc4
SQL Injection in hive-jdbc
Ecosystems: maven
Packages: org.apache.hive:hive-jdbc
Source: GitHub Advisory Database
Blast Radius: 30.7
Published: over 5 years ago
Critical
GSA_kwCzR0hTQS1qN2MzLTk2cmYtanJycM0cpw
Critical vulnerability in log4j may affect generated PEAR projects
Ecosystems: maven
Packages: de.averbis.textanalysis:pear-archetype
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTdoNDMtZ3gyNC1wNTI5
Prototype pollution in json8
Ecosystems: npm
Packages: json8
Source: GitHub Advisory Database
Blast Radius: 17.0
Published: about 3 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTVnd2gtZzc5ai12aDRx
Command Injection in pdf-image
Ecosystems: npm
Packages: pdf-image
Source: GitHub Advisory Database
Blast Radius: 22.6
Published: over 3 years ago
Critical
GSA_kwCzR0hTQS1tcXdyLTRxZjItMmhjds4AARmu
RubyGems vulnerable to Deserialization of Untrusted Data
Ecosystems: rubygems
Packages: rubygems-update
Source: GitHub Advisory Database
Blast Radius: 20.2
Published: about 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTY4d20tcGZqZi13cXA2
Authelia vulnerable to an authentication bypassed with malformed request URI on nginx
Ecosystems: go
Packages: github.com/authelia/authelia/v4
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTg0Y20tdjZqcC1nam1y
OS command injection in git-diff-apply
Ecosystems: npm
Packages: git-diff-apply
Source: GitHub Advisory Database
Blast Radius: 24.0
Published: about 4 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJybXAtZnc1ci1qNXF2
Improper Authentication in InfluxDB
Ecosystems: go
Packages: github.com/influxdata/influxdb
Source: GitHub Advisory Database
Blast Radius: 39.6
Published: almost 3 years ago
Critical
GSA_kwCzR0hTQS1qM3J2LXc0M3EtZjl4Ms4AAuFt
React Editable Json Tree vulnerable to arbitrary code execution via function parsing
Ecosystems: npm
Packages: react-editable-json-tree
Source: GitHub Advisory Database
Blast Radius: 12.6
Published: over 1 year ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZxNDgtdmpxMi1td2Nq
Command Injection in umount
Ecosystems: npm
Packages: umount
Source: GitHub Advisory Database
Blast Radius: 11.8
Published: almost 4 years ago
Critical
GSA_kwCzR0hTQS03eG04LXdqcTctODhyNc4AA47X
DeviceFarmer stf uses DES-ECB
Ecosystems: npm
Packages: @devicefarmer/stf
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 4 months ago
Critical
GSA_kwCzR0hTQS03NHdmLWN3amctOWNmMs4AAtpG
xopen is vulnerable to OS Command Injection in Exported Function xopen(filepath)
Ecosystems: npm
Packages: xopen
Source: GitHub Advisory Database
Blast Radius: 28.8
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS1tZjRmLWo1ODgtNXhtOM0bPQ
Apache Log4j Remote Code Execution
Ecosystems: maven
Packages: org.opencastproject:opencast-common
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS03OTQyLTJmeDgtcWhwZs4AAty-
Raneto v0.17.0 employs weak password complexity requirements
Ecosystems: npm
Packages: raneto
Source: GitHub Advisory Database
Blast Radius: 10.6
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS1yYzZoLXF3ajktMmM1M84AA5em
Apache DolphinScheduler vulnerable to arbitrary JavaScript execution as root for authenticated users
Ecosystems: maven
Packages: org.apache.dolphinscheduler:dolphinscheduler
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 months ago
Critical
GSA_kwCzR0hTQS1wcTJmLTNmZzMtcnc5Oc0yxg
SQL Injection in WordPress Zero Spam WordPress plugin
Ecosystems: packagist
Packages: bmarshall511/wordpress_zero_spam
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS1yNmNtLXdnNDgtcmgycs0xCw
Exposure of Private Personal Information to an Unauthorized Actor in alextselegidis/easyappointments
Ecosystems: packagist
Packages: alextselegidis/easyappointments
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Statistics
Advisories: 18,745
Packages: 8,373
Repositories: 5,073
Ecosystems: 12
Filter by Severity
Moderate 8,146 High 6,444 Critical 2,847 Low 1,015
Filter by Ecosystem
maven 5,573 packagist 3,982 pypi 3,844 npm 3,558 go 1,932 nuget 1,421 rubygems 815 cargo 780 swift 31 hex 30 actions 16 pub 8
Filter by Package
tensorflow 432 tensorflow-cpu 387 tensorflow-gpu 384 moodle/moodle 323 Microsoft.ChakraCore 247 magento/community-edition 203 org.jenkins-ci.main:jenkins-core 189 org.apache.tomcat:tomcat 134 pimcore/pimcore 116 dolibarr/dolibarr 107 typo3/cms 102 phpmyadmin/phpmyadmin 92 microweber/microweber 91 drupal/core 90 django 80 apache-airflow 78 typo3/cms-core 77 drupal/drupal 75 thorsten/phpmyfaq 70 com.fasterxml.jackson.core:jackson-databind 69 ansible 63 github.com/usememos/memos 59 actionpack 57 org.apache.struts:struts2-core 55 librenms/librenms 54 salt 53 symfony/symfony 53 concrete5/concrete5 52 Plone 52 apache-superset 49 shopware/platform 48 org.keycloak:keycloak-core 47 com.liferay.portal:release.portal.bom 45 nova 45 nokogiri 44 github.com/grafana/grafana 44 plone 43 baserproject/basercms 43 rdiffweb 42 Pillow 41 showdoc/showdoc 40 intelliants/subrion 40 craftcms/cms 40 github.com/mattermost/mattermost/server/v8 38 vyper 38 github.com/mattermost/mattermost-server/v6 37 froxlor/froxlor 37 nilsteampassnet/teampass 37 org.apache.tomcat.embed:tomcat-embed-core 36 com.jfinal:jfinal 36 shopware/core 36 com.thoughtworks.xstream:xstream 36 net.mingsoft:ms-mcms 35 matrix-synapse 35 moin 34 org.xwiki.platform:xwiki-platform-oldcore 34 github.com/answerdev/answer 34 org.elasticsearch:elasticsearch 32 k8s.io/kubernetes 32 silverstripe/framework 32 snipe/snipe-it 32 org.jenkins-ci.plugins:script-security 32 mlflow 31 Django 30 opencv-python 30 opencv-contrib-python 30 keystone 30 mautic/core 30 github.com/argoproj/argo-cd 29 parse-server 29 getgrav/grav 29 github.com/hashicorp/vault 28 github.com/rancher/rancher 28 org.keycloak:keycloak-services 27 io.undertow:undertow-core 27 shopware/shopware 27 centreon/centreon 27 github.com/hashicorp/consul 26 github.com/hashicorp/nomad 26 electron 26 openssl-src 26 prestashop/prestashop 26 rubygems-update 25 org.apache.solr:solr-core 25 org.keycloak:keycloak-parent 25 gogs.io/gogs 24 magento/core 24 org.springframework.security:spring-security-core 23 pocketmine/pocketmine-mp 23 github.com/argoproj/argo-cd/v2 23 remdex/livehelperchat 23 org.eclipse.jetty:jetty-server 23 puppet 23 grumpydictator/firefly-iii 22 getkirby/cms 22 org.apache.nifi:nifi 22 rack 22 org.bouncycastle:bcprov-jdk14 22 ckb 22 activerecord 21 @openzeppelin/contracts-upgradeable 21 contao/core-bundle 21 org.apache.openmeetings:openmeetings-parent 21 tribalsystems/zenario 20 org.cloudfoundry.identity:cloudfoundry-identity-server 20 @openzeppelin/contracts 20 github.com/docker/docker 20 github.com/ethereum/go-ethereum 20 github.com/cilium/cilium 20 code.gitea.io/gitea 19 laravel/framework 19 DotNetNuke.Core 19 org.springframework:spring-core 19 contao/contao 18 langchain 18 cockpit-hq/cockpit 18 forkcms/forkcms 18 com.vaadin:vaadin-bom 18 com.liferay.portal:release.dxp.bom 18 directus 18 Microsoft.AspNetCore.App.Runtime.win-x64 18 Microsoft.AspNetCore.App.Runtime.win-x86 18 glance 18 helm.sh/helm/v3 18 simplesamlphp/simplesamlphp 18 ezsystems/ezpublish-kernel 17 org.apache.geode:geode-core 17 mediawiki/core 17 org.xwiki.platform:xwiki-platform-web-templates 17 symfony/security 17 genix/cms 17 golang.org/x/net 17 francoisjacquet/rosariosis 17 mercurial 17 cakephp/cakephp 17 PaddlePaddle 17 cobbler 17 topthink/framework 17 Microsoft.AspNetCore.App.Runtime.win-arm 17 Microsoft.AspNetCore.App.Runtime.linux-musl-x64 16 Microsoft.AspNetCore.App.Runtime.linux-arm64 16 Microsoft.AspNetCore.App.Runtime.linux-x64 16 Microsoft.AspNetCore.App.Runtime.linux-arm 16 sequelize 16 pillow 16 neutron 16 rusqlite 16 yetiforce/yetiforce-crm 16 Microsoft.AspNetCore.App.Runtime.osx-x64 16 org.apache.dubbo:dubbo 16 org.bouncycastle:bcprov-jdk15 16 wasmtime 16 org.apache.activemq:activemq-client 16 Microsoft.AspNetCore.App.Runtime.win-arm64 15 notebook 15 org.apache.struts.xwork:xwork-core 15 Microsoft.AspNetCore.App.Runtime.linux-musl-arm64 15 gradio 15 cryptography 15 next 15 org.apache.jspwiki:jspwiki-main 15 paddlepaddle 15 github.com/goharbor/harbor 15 openmage/magento-lts 15 org.apache.inlong:manager-pojo 14 symfony/security-http 14 phpmailer/phpmailer 14 typo3/cms-backend 14 ec-cube/ec-cube 14 swagger-ui 14 zendframework/zendframework1 14 github.com/containerd/containerd 14 smarty/smarty 14 ghost 14 activesupport 14 tinymce 14 pyftpdlib 14 pyload-ng 14 org.xwiki.platform:xwiki-platform-web 14 publify_core 14 modoboa 14 github.com/traefik/traefik/v2 13 october/system 13 strapi 13 bolt/bolt 13 impresscms/impresscms 13 github.com/mattermost/mattermost-server 13 passenger 13 github.com/nats-io/nats-server/v2 13 org.apache.hadoop:hadoop-main 13 OctoPrint 13 ckeditor4 13 org.apache.cxf:cxf 13 lavalite/cms 13 joplin 13 codeigniter4/framework 13 elefant/cms 13 Microsoft.NETCore.App.Runtime.win-x86 12 Microsoft.NETCore.App.Runtime.win-arm64 12 dompdf/dompdf 12
Filter by Repository
https://github.com/tensorflow/tensorflow 432 https://github.com/chakra-core/ChakraCore 214 https://github.com/moodle/moodle 210 https://github.com/xwiki/xwiki-platform 172 https://github.com/jenkinsci/jenkins 148 https://github.com/pimcore/pimcore 111 https://github.com/apache/tomcat 96 https://github.com/apache/airflow 90 https://github.com/django/django 87 https://github.com/microweber/microweber 85 https://github.com/FasterXML/jackson-databind 70 https://github.com/thorsten/phpmyfaq 69 https://github.com/usememos/memos 59 https://github.com/keycloak/keycloak 59 https://github.com/Dolibarr/dolibarr 55 https://github.com/rails/rails 53 https://github.com/ansible/ansible 53 https://github.com/python-pillow/Pillow 52 https://github.com/kubernetes/kubernetes 49 https://github.com/symfony/symfony 47 https://github.com/apache/struts 46 https://github.com/librenms/librenms 46 https://github.com/TYPO3/typo3 46 https://github.com/shopware/platform 43 https://github.com/ikus060/rdiffweb 42 https://github.com/spring-projects/spring-framework 41 https://github.com/grafana/grafana 39 https://github.com/phpmyadmin/phpmyadmin 38 https://github.com/star7th/showdoc 38 https://github.com/vyperlang/vyper 38 https://github.com/plone/Products.CMFPlone 37 https://github.com/argoproj/argo-cd 37 https://github.com/openstack/nova 36 https://github.com/x-stream/xstream 36 https://github.com/answerdev/answer 34 https://github.com/concretecms/concretecms 34 https://github.com/apache/activemq 33 https://github.com/octobercms/october 33 https://github.com/sparklemotion/nokogiri 33 https://github.com/saltstack/salt 32 https://github.com/matrix-org/synapse 32 https://github.com/PaddlePaddle/Paddle 31 https://github.com/go-gitea/gitea 31 https://github.com/magento/magento2 31 https://github.com/parse-community/parse-server 29 https://github.com/craftcms/cms 29 https://github.com/opencv/opencv 28 https://github.com/mautic/mautic 28 https://github.com/CVEProject/cvelist 28 https://github.com/snipe/snipe-it 28 https://github.com/openstack/keystone 27 https://github.com/apache/inlong 26 https://github.com/froxlor/froxlor 26 https://github.com/mlflow/mlflow 25 https://github.com/electron/electron 25 https://github.com/rancher/rancher 25 https://github.com/shopware/shopware 24 https://github.com/getgrav/grav 24 https://github.com/dotnet/runtime 24 https://github.com/TYPO3/TYPO3.CMS 24 https://github.com/eclipse/jetty.project 23 https://github.com/pmmp/PocketMine-MP 23 https://github.com/livehelperchat/livehelperchat 23 https://github.com/github/advisory-database 23 https://github.com/nervosnetwork/ckb 22 https://github.com/contao/contao 22 https://github.com/firefly-iii/firefly-iii 22 https://github.com/baserproject/basercms 22 https://github.com/PrestaShop/PrestaShop 22 https://github.com/apache/nifi 21 https://github.com/strapi/strapi 21 https://github.com/jenkinsci/script-security-plugin 21 https://github.com/OpenNMS/opennms 20 https://github.com/cilium/cilium 20 https://github.com/netty/netty 20 https://github.com/OpenZeppelin/openzeppelin-contracts 20 https://github.com/jeecgboot/jeecg-boot 20 https://github.com/gogs/gogs 20 https://github.com/nilsteampassnet/teampass 19 https://github.com/helm/helm 19 https://github.com/apache/cxf 19 https://github.com/cloudfoundry/uaa 19 https://github.com/intelliants/subrion 19 https://github.com/hashicorp/consul 19 https://github.com/bcgit/bc-java 19 https://github.com/getkirby/kirby 18 https://github.com/nilsteampassnet/TeamPass 18 https://github.com/rubygems/rubygems 18 https://github.com/vaadin/platform 17 https://github.com/directus/directus 17 https://github.com/rack/rack 17 https://github.com/liufee/cms 17 https://github.com/bytecodealliance/wasmtime 17 https://github.com/forkcms/forkcms 16 https://github.com/opencast/opencast 16 https://github.com/sequelize/sequelize 16 https://github.com/hashicorp/vault 16 https://github.com/rusqlite/rusqlite 16 https://github.com/etcd-io/etcd 16 https://github.com/yetiforcecompany/yetiforcecrm 16 https://github.com/umbraco/Umbraco-CMS 16 https://github.com/ethereum/go-ethereum 16 https://github.com/puppetlabs/puppet 15 https://github.com/centreon/centreon 15 https://github.com/apache/camel 15 https://github.com/laravel/framework 15 https://github.com/OpenMage/magento-lts 15 https://github.com/geoserver/geoserver 15 https://github.com/simplesamlphp/simplesamlphp 15 https://github.com/goharbor/harbor 15 https://github.com/denoland/deno 15 https://github.com/PHPMailer/PHPMailer 14 https://github.com/tinymce/tinymce 14 https://github.com/cockpit-hq/cockpit 14 https://github.com/vantage6/vantage6 14 https://github.com/langchain-ai/langchain 14 https://github.com/cobbler/cobbler 14 https://github.com/pyca/cryptography 14 https://github.com/containerd/containerd 14 https://github.com/pyload/pyload 14 https://github.com/moby/moby 14 https://github.com/gradio-app/gradio 14 https://github.com/mattermost/mattermost 14 https://github.com/hashicorp/nomad 13 https://github.com/golang/go 13 https://github.com/swagger-api/swagger-ui 13 https://github.com/silverstripe/silverstripe-framework 13 https://github.com/modoboa/modoboa 13 https://github.com/dompdf/dompdf 13 https://github.com/ming-soft/MCMS 13 https://github.com/quarkusio/quarkus 13 https://github.com/traefik/traefik 13 https://github.com/undertow-io/undertow 13 https://github.com/publify/publify 13 https://github.com/xuxueli/xxl-job 13 https://github.com/patriksimek/vm2 12 https://github.com/centreon/centreon-archived 12 https://github.com/TryGhost/Ghost 12 https://github.com/twisted/twisted 12 https://github.com/ckeditor/ckeditor4 12 https://github.com/backstage/backstage 12 https://github.com/dromara/hutool 12 https://github.com/apache/dolphinscheduler 12 https://github.com/nodejs/undici 12 https://github.com/apache/kylin 12 https://github.com/laurent22/joplin 12 https://github.com/drupal/core 11 https://github.com/cloudflare/cfrpki 11 https://github.com/1Panel-dev/1Panel 11 https://github.com/opencontainers/runc 11 https://github.com/puma/puma 11 https://github.com/smarty-php/smarty 11 https://github.com/openfga/openfga 11 https://github.com/thorsten/phpMyFAQ 11 https://github.com/onionshare/onionshare 11 https://github.com/vaadin/flow 11 https://github.com/nats-io/nats-server 11 https://github.com/scrapy/scrapy 11 https://github.com/Studio-42/elFinder 11 https://github.com/vercel/next.js 11 https://github.com/zitadel/zitadel 11 https://github.com/ezsystems/ezpublish-kernel 11 https://github.com/urllib3/urllib3 11 https://github.com/containers/podman 11 https://github.com/igniterealtime/Openfire 11 https://github.com/cakephp/cakephp 11 https://github.com/top-think/framework 11 https://github.com/NodeBB/NodeBB 11 https://github.com/aio-libs/aiohttp 11 https://github.com/dotnet/aspnetcore 11 https://github.com/janeczku/calibre-web 11 https://github.com/dolibarr/dolibarr 10 https://github.com/keystonejs/keystone 10 https://github.com/jquery/jquery 10 https://github.com/pimcore/admin-ui-classic-bundle 10 https://github.com/nocodb/nocodb 10 https://github.com/jupyter/notebook 10 https://github.com/Sylius/Sylius 10 https://github.com/jenkinsci/git-plugin 10 https://github.com/phusion/passenger 10 https://github.com/nextauthjs/next-auth 10 https://github.com/codeigniter4/CodeIgniter4 10 https://github.com/dpgaspar/Flask-AppBuilder 10 https://github.com/OPCFoundation/UA-.NETStandard 10 https://github.com/wagtail/wagtail 10 https://github.com/greenpau/caddy-security 10 https://github.com/zopefoundation/Zope 10 https://github.com/openstack/glance 10 https://github.com/WWBN/AVideo 10 https://github.com/apache/superset 9 https://github.com/kevinpapst/kimai2 9 https://github.com/faucetsdn/ryu 9 https://github.com/spring-projects/spring-security 9 https://github.com/neorazorx/facturascripts 9 https://github.com/cui2shark/cms 9 https://github.com/giampaolo/pyftpdlib 9 https://github.com/cri-o/cri-o 9 https://github.com/bolt/bolt 9 https://github.com/semplon/GeniXCMS 9