Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories

Loading...
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXFtcWMteDNyNC02djM5
Polymorphic deserialization of malicious object in jackson-databind
Ecosystems: maven
Packages: com.fasterxml.jackson.core:jackson-databind
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 4 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTNncGMtdzIzYy13NTl3
Sandbox Breakout / Arbitrary Code Execution in pitboss-ng
Ecosystems: npm
Packages: pitboss-ng
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXFybW0tdzR2NC1xN2Y4
Unauthorized access through URL manipulation
Ecosystems: pypi
Packages: docassemble
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTlyMjctOTk0Yy00eGNo
discord-html not escaping HTML code blocks when lacking a language identifier
Ecosystems: npm
Packages: discord-markdown
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 4 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTI2cTctZzU3di1teGNw
HTML Injection in shout
Ecosystems: npm
Packages: shout
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTI3Z20tZ2hyOS00djk1
Cross-site scripting vulnerability in TinyMCE
Ecosystems: npm
Packages: tinymce
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 4 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTc2OWYtNTM5di1mNWpn
PrestaShop gamification module ZIP archives were vulnerable from CVE-2017-9841
Ecosystems: packagist
Packages: prestashop/gamification
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 4 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWc3djItMnF4eC13anJ3
Symlink Attack in Libcontainer and Docker Engine
Ecosystems: go
Packages: github.com/docker/docker
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWdtcTItMzlmZi1mNXFn
A failed upgrade may lead to hung goroutines
Ecosystems: go
Packages: github.com/cloudflare/tableflip
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWc2MzYtcTVmYy00cHI3
accounts: Hash account number using Salt
Ecosystems: go
Packages: github.com/moov-io/customers
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWh2NTMtdmY1bS04cTk0
personnummer/go vulnerable to Improper Input Validation
Ecosystems: go
Packages: github.com/personnummer/go
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLThmeGMtcW02NS12cHhn
Temporary urls leaked via logging
Ecosystems: pypi
Packages: swift
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW1ndjItNTd2ai05OXhj
Low severity vulnerability that affects eye.js
Ecosystems: npm
Packages: eye.js
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 4 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXA3aDktdmY5Mi01Zmo1
Cross-site scripting in Products.CMFPlone and Products.PasswordResetTool
Ecosystems: pypi
Packages: Products.CMFPlone, Products.PasswordResetTool
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 6 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXE3d3gtNjJyNy1qMng3
Nokogiri vulnerable to libxml XML Entity Expansion
Ecosystems: rubygems
Packages: nokogiri
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 6 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTltcnEtY2pnaC0zMmcy
Low severity vulnerability that affects smartbanner.js
Ecosystems: npm
Packages: smartbanner.js
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 4 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXBwMmgtOTVobS1odjly
Improper Neutralization of Formula Elements in a CSV File in pimcore/pimcore
Ecosystems: packagist
Packages: pimcore/pimcore
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWg1NjMteGgyNS14NTRx
Workflow re-write vulnerability using input parameter
Ecosystems: go
Packages: github.com/argoproj/argo-workflows/v3
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 3 years ago
Critical
GSA_kwCzR0hTQS0yYzgzLXdmdjMtcTI1Zs0Vmg
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in ZMarkdown
Ecosystems: npm
Packages: rebber
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS01OTN2LXdjcXgtaHEyd80Vlw
Incorrect version tags linked to external repository
Ecosystems: npm
Packages: parse-server
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWg1ODItMnBjaC0zeHYz
Django Denial-of-service by filling session store
Ecosystems: pypi
Packages: django
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXg2NGctd2ptdy13MzI4
Injection vulnerability that affects ironic-discoverd
Ecosystems: pypi
Packages: python-ironic-inspector-client
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 5 years ago
High
GSA_kwCzR0hTQS03cnA2LXc3bWctaDhyd80V1w
XML External Entity Reference in Apache Jena
Ecosystems: maven
Packages: org.apache.jena:jena-core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWc4bTctcWh2Ny05aDV4
Path Traversal in serve-here.js
Ecosystems: npm
Packages: serve-here
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 5 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZjcGMtbWo1Yy1tOXJx
Arbitrary File Write in cli
Ecosystems: npm
Packages: cli
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJ4djMtaDc2Mi1jY3h2
Out-of-bounds Read in concat-with-sourcemaps
Ecosystems: npm
Packages: concat-with-sourcemaps
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLThmOTMtcnY0cC14NGp3
SQL Injection in sql
Ecosystems: npm
Packages: sql
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWczNzYtd2hnNy04OTZt
Directory Traversal in yjmyjmyjm
Ecosystems: npm
Packages: yjmyjmyjm
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXd4aHEtcG04di1jdzc1
Regular Expression Denial of Service in clean-css
Ecosystems: npm
Packages: clean-css
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWNnNDgtOWhoMi14Nm14
HTML Injection in preact
Ecosystems: npm
Packages: preact
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXhjN3Ytd3hjdy1qNDcy
Memory Exposure in tunnel-agent
Ecosystems: npm
Packages: tunnel-agent
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 5 years ago
High
GSA_kwCzR0hTQS0zNm1qLTZyN3ItbXFoZs0WCg
User can obtain JWT token even if account is disabled
Ecosystems: packagist
Packages: ezsystems/ezplatform-rest
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS1yNjRtLXFjaGotaHJqcM0YFg
Webcache Poisoning in shopware/platform and shopware/core
Ecosystems: packagist
Packages: shopware/platform, shopware/core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS1xYzIyLXF3bTktajhyeM0dGQ
Remote Code Execution in npm-groovy-lint
Ecosystems: npm
Packages: npm-groovy-lint
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
High
GSA_kwCzR0hTQS00aG05LTg0NGotam14cM4AAhJW
Uninitialized read in Nokogiri gem
Ecosystems: rubygems
Packages: nokogiri
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1oMndtLXAydmctNnB3NM4AAzxZ
Kredis JSON Possible Deserialization of Untrusted Data Vulnerability
Ecosystems: rubygems
Packages: kredis
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 11 months ago
Moderate
GSA_kwCzR0hTQS1tajZwLTNwYzktd2Y1bc4AAzhf
proxy denial of service vulnerability
Ecosystems: npm
Packages: proxy
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 12 months ago
Low
GSA_kwCzR0hTQS0yNW14LThmM3YtOHdoN84AAzpM
sequoia-openpgp vulnerable to out-of-bounds array access leading to panic
Ecosystems: cargo
Packages: sequoia-openpgp
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 12 months ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZ2d3AtM2Y1NC14YzM5
Downloads Resources over HTTP in broccoli-closure
Ecosystems: npm
Packages: broccoli-closure
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWczeHAtdjJmZi14NWMz
Downloads Resources over HTTP in go-ipfs-dep
Ecosystems: npm
Packages: go-ipfs-dep
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXFqZjQtNzY0Mi1jNTdw
Downloads Resources over HTTP in unicode
Ecosystems: npm
Packages: unicode
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 5 years ago
Moderate
GSA_kwCzR0hTQS14N2ZyLXBnOGYtOTNmNc4AAzhh
sccache vulnerable to privilege escalation if server is run as root
Ecosystems: cargo
Packages: sccache
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 12 months ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTR4YzkteGhyai12NTc0
Prototype Pollution in lodash
Ecosystems: npm
Packages: lodash
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 5 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXdyNXItbThwYy04NWo5
Improper Restriction of XML External Entity Reference in org.springframework.integration:spring-integration-ws and org.springframework.integration:spring-integration-xml
Ecosystems: maven
Packages: org.springframework.integration:spring-integration-ws, org.springframework.integration:spring-integration-xml
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 5 years ago
Moderate
GSA_kwCzR0hTQS01bWdqLW12djgtNDZtd84AAe0M
RubyGems does not verify SSL certificate
Ecosystems: rubygems
Packages: rubygems-update
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTI5Z3AtOTJ3cC05NHE4
react-dev-utils on Windows vulnerable to Remote Code Execution
Ecosystems: npm
Packages: react-dev-utils
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 5 years ago
Low
GSA_kwCzR0hTQS03eDZxLTN2M20tY3dqZ84AAy8N
kiwi TCMS has possibility for user to update email address to unverified one
Ecosystems: pypi
Packages: kiwitcms
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWNnangtbXdweC00N2p2
Private Data Disclosure in express-restify-mongoose
Ecosystems: npm
Packages: express-restify-mongoose
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJwNjktZ3hwbS01NDY5
Downloads Resources over HTTP in alto-saxophone
Ecosystems: npm
Packages: alto-saxophone
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 6 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXcyM2YtZjNjNS1yOXFo
ikst Downloads Resources over HTTP
Ecosystems: npm
Packages: ikst
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 6 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWg5NWotaDJydi1xcmc0
Moderate severity vulnerability that affects django
Ecosystems: pypi
Packages: django
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 6 years ago
Moderate
GSA_kwCzR0hTQS12ODgyLWNjajYtamM0OM3iGw
Rack vulnerable to Denial of Service
Ecosystems: rubygems
Packages: rack
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWZ2N3gtNGhwYy1oZjlm
Moderate severity vulnerability that affects org.apache.cxf.fediz:fediz-spring, org.apache.cxf.fediz:fediz-spring2, and org.apache.cxf.fediz:fediz-spring3
Ecosystems: maven
Packages: org.apache.cxf.fediz:fediz-spring, org.apache.cxf.fediz:fediz-spring3, org.apache.cxf.fediz:fediz-spring2
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXFwd2otbXZ2Ny12M205
High severity vulnerability that affects org.apache.cxf.fediz:fediz-spring and org.apache.cxf.fediz:fediz-spring2
Ecosystems: maven
Packages: org.apache.cxf.fediz:fediz-spring2, org.apache.cxf.fediz:fediz-spring
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 5 years ago
Moderate
GSA_kwCzR0hTQS1wN21qLXh2eGctZ3JmZs4AAyEy
`out_reference::Out::from_raw` should be `unsafe`
Ecosystems: cargo
Packages: out-reference
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTk1OXEtMzJnOC12dnA3
Moderate severity vulnerability that affects org.keycloak:keycloak-core
Ecosystems: maven
Packages: org.keycloak:keycloak-core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 5 years ago
Moderate
GSA_kwCzR0hTQS1qcDU3LTlqMzctNTQ3Ns4AAfSa
spree_auth_devise allows remote authenticated users to assign themselves arbitrary roles
Ecosystems: rubygems
Packages: spree_auth_devise
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1oaDJ4LTdtZjktNzhmcs4AAcfW
Sup Code Injection vulnerability
Ecosystems: rubygems
Packages: sup
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1nODk3LWNnZmMtN3E4ds4AAe1L
Fat Free CRM has fixed token value
Ecosystems: rubygems
Packages: fat_free_crm
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS1xNzltLWM1NDYtMmc2M84AAxG-
CakePHP vulnerable to Denial of Service attack through XML payloads
Ecosystems: packagist
Packages: cakephp/cakephp
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS12bTc0LWo0d3EtODJ4as4AAxBY
Sisimai Inefficient Regular Expression Complexity vulnerability
Ecosystems: rubygems
Packages: sisimai
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWZtajUtd3Y5Ni1yMmNo
Denial of service vulnerability in org.apache.httpcomponents:httpclient
Ecosystems: maven
Packages: org.apache.httpcomponents:httpclient
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 5 years ago
Moderate
GSA_kwCzR0hTQS1mODV3LXd2YzctY3J3Y84AAxG3
bumpalo has use-after-free due to a lifetime error in `Vec::into_iter()`
Ecosystems: cargo
Packages: bumpalo
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Low
GSA_kwCzR0hTQS0yM2MyLWd3cDUtcHh3Oc4AAxDr
ReDoS based DoS vulnerability in GlobalID
Ecosystems: rubygems
Packages: globalid
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Low
GSA_kwCzR0hTQS1qNmdjLTc5Mm0tcWdtMs4AAxDy
ReDoS based DoS vulnerability in Active Support's underscore
Ecosystems: rubygems
Packages: activesupport
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWZ4cGctZ2c5Zy03Nmdq
Cross-site scripting in django
Ecosystems: pypi
Packages: django
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 6 years ago
Moderate
GSA_kwCzR0hTQS1nZmdtLWNocjMteDZweM4AAwqk
prettytable-rs: Force cast a &Vec<T> to &[T] may lead to undefined behavior
Ecosystems: cargo
Packages: prettytable-rs
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS01d3Z2LXE1ZnYtMjM4OM4AAwqh
hyper-staticfile's location header incorporates user input, allowing open redirect
Ecosystems: cargo
Packages: hyper-staticfile
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWM3ajctcDVqcS0yNmZm
Insecure use of temporary files in passenger
Ecosystems: rubygems
Packages: passenger
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTczMjItOW14Ni01ajJt
redcarpet Buffer Overflow vulnerability
Ecosystems: rubygems
Packages: redcarpet
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 6 years ago
Moderate
GSA_kwCzR0hTQS04Y2Y3LTMyZ3ctd3IzM84AAwgf
jsonwebtoken unrestricted key type could lead to legacy keys usage
Ecosystems: npm
Packages: jsonwebtoken
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJncjQtOWpoNS1qNGo2
Rack vulnerable to Denial of Service via large parameter depth request
Ecosystems: rubygems
Packages: rack
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 6 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW14OWYtdzhxcS1xNWpm
rest-client allows local users to obtain sensitive information by reading the log
Ecosystems: rubygems
Packages: rest-client
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 6 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWZxcnItcnJ3Zy02OXB2
Local API Login Credentials Disclosure in paratrooper-pingdom
Ecosystems: rubygems
Packages: paratrooper-pingdom
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 6 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZtMjgtbXJtNy1mcGpx
sfpagent Command Injection vulnerability
Ecosystems: rubygems
Packages: sfpagent
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 6 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWNmMzYtOTg1Zy12NzNj
omniauth-facebook Cross-Site Request Forgery vulnerability
Ecosystems: rubygems
Packages: omniauth-facebook
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 6 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXI1aGMtOXh4NS05N3J3
i18n gem Cross-site Scripting vulnerability
Ecosystems: rubygems
Packages: i18n
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 6 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWcyNjYtM2NyaC1oN2dq
ldoce Gem Arbitrary Command Execution
Ecosystems: rubygems
Packages: ldoce
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 6 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTljMmotNTkzcS0zZzgy
activesupport Improper Input Validation vulnerability
Ecosystems: rubygems
Packages: activesupport
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 6 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZjOHAtcXBodi02Njh2
Denial of service in ruby-openid
Ecosystems: rubygems
Packages: ruby-openid
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 6 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXYycjktYzg0ai12N3ht
RDoc contains XSS vulnerability
Ecosystems: rubygems
Packages: rdoc
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 6 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWg3N3gtbTVxOC1jMjlo
Rack vulnerable to REDoS
Ecosystems: rubygems
Packages: rack
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 6 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJtaGgtdzZxOC01aHh3
Remote Memory Disclosure in ws
Ecosystems: npm
Packages: ws
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWZnbXgtOGg5My0yNmZo
omniauth-oauth2 Cross-Site Request Forgery vulnerability
Ecosystems: rubygems
Packages: omniauth-oauth2
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 6 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLThqeGotOXI1Zi13M20y
Puppet allows local users to obtain sensitive configuration information
Ecosystems: rubygems
Packages: puppet
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 6 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTdnNjUtZ2hyZy1ocGY1
actionpack Cross-site Scripting vulnerability
Ecosystems: rubygems
Packages: actionpack
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 6 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWhncHAtcHA4OS00Zmdm
Action Pack contains database-query restrictions bypass
Ecosystems: rubygems
Packages: actionpack
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 6 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZ4ZjYtdzltcC05NWht
Puppet supports use of IP addresses in certnames without warning of potential risks
Ecosystems: rubygems
Packages: puppet
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 6 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXY1amctNTU4ai1xNjdj
actionpack Cross-site Scripting vulnerability
Ecosystems: rubygems
Packages: actionpack
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 6 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXI3cTItNWdxZy02Yzdx
actionpack Improper Input Validation vulnerability
Ecosystems: rubygems
Packages: actionpack
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 6 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWNwamMtcDdmYy1qOXho
Mail Improper Input Validation vulnerability
Ecosystems: rubygems
Packages: mail
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 6 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLThxcmgtaDltMi01ZnZm
Cross site scripting that affects rails
Ecosystems: rubygems
Packages: activesupport, actionpack
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 6 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTlwM3Ytd2Yydy12Mjlj
Moderate severity vulnerability that affects rails
Ecosystems: rubygems
Packages: rails
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 6 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXhmOTYtMzJxMi05cncy
Rails ActiveRecord gem vulnerable to SQL injection
Ecosystems: rubygems
Packages: activerecord
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 6 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW01aDYtaHIzcS0yMmg1
npm Token Leak in npm
Ecosystems: npm
Packages: npm
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 6 years ago
High
GSA_kwCzR0hTQS1oMmc1LTJyaHgtZmZnas0wSw
Command injection in Weblate
Ecosystems: pypi
Packages: Weblate
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS13Mmo1LTNyY3gtdng3eM0y7Q
Sysctls applied to containers with host IPC or host network namespaces can affect the host
Ecosystems: go
Packages: github.com/cri-o/cri-o
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTY4NXctdmM4NC13eGN4
Doorkeeper contains Cross-site Request Forgery
Ecosystems: rubygems
Packages: doorkeeper
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTNocmMtZjQzOS03Mjdn
Apache Camel XML External Entity vulnerability
Ecosystems: maven
Packages: org.apache.camel:camel-core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJmdzUtcnZmMi1qcTU2
Apache Camel's XSLT component allows remote attackers to read arbitrary files
Ecosystems: maven
Packages: org.apache.camel:camel-core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 5 years ago
Statistics
Advisories: 18,752
Packages: 8,375
Repositories: 5,076
Ecosystems: 12
Filter by Severity
Moderate 8,149 High 6,447 Critical 2,848 Low 1,014
Filter by Ecosystem
maven 5,573 packagist 3,982 pypi 3,848 npm 3,558 go 1,934 nuget 1,421 rubygems 815 cargo 780 swift 31 hex 30 actions 16 pub 8
Filter by Package
tensorflow 432 tensorflow-cpu 387 tensorflow-gpu 384 moodle/moodle 323 Microsoft.ChakraCore 247 magento/community-edition 203 org.jenkins-ci.main:jenkins-core 189 org.apache.tomcat:tomcat 134 pimcore/pimcore 116 dolibarr/dolibarr 107 typo3/cms 102 phpmyadmin/phpmyadmin 92 microweber/microweber 91 drupal/core 90 django 80 apache-airflow 78 typo3/cms-core 77 drupal/drupal 75 thorsten/phpmyfaq 70 com.fasterxml.jackson.core:jackson-databind 69 ansible 63 github.com/usememos/memos 59 actionpack 57 org.apache.struts:struts2-core 55 librenms/librenms 54 salt 53 symfony/symfony 53 concrete5/concrete5 52 Plone 52 apache-superset 49 shopware/platform 48 org.keycloak:keycloak-core 47 com.liferay.portal:release.portal.bom 45 nova 45 github.com/grafana/grafana 44 plone 43 baserproject/basercms 43 nokogiri 43 rdiffweb 42 Pillow 41 showdoc/showdoc 40 craftcms/cms 40 intelliants/subrion 40 vyper 38 github.com/mattermost/mattermost/server/v8 38 nilsteampassnet/teampass 37 froxlor/froxlor 37 github.com/mattermost/mattermost-server/v6 37 shopware/core 36 com.jfinal:jfinal 36 com.thoughtworks.xstream:xstream 36 org.apache.tomcat.embed:tomcat-embed-core 36 matrix-synapse 35 net.mingsoft:ms-mcms 35 moin 34 org.xwiki.platform:xwiki-platform-oldcore 34 github.com/answerdev/answer 34 mlflow 33 k8s.io/kubernetes 32 org.jenkins-ci.plugins:script-security 32 silverstripe/framework 32 snipe/snipe-it 32 org.elasticsearch:elasticsearch 32 opencv-contrib-python 30 keystone 30 opencv-python 30 mautic/core 30 Django 30 getgrav/grav 29 parse-server 29 github.com/argoproj/argo-cd 29 github.com/rancher/rancher 28 github.com/hashicorp/vault 28 io.undertow:undertow-core 27 org.keycloak:keycloak-services 27 centreon/centreon 27 shopware/shopware 27 github.com/hashicorp/consul 26 electron 26 openssl-src 26 prestashop/prestashop 26 github.com/hashicorp/nomad 26 org.apache.solr:solr-core 25 rubygems-update 25 org.keycloak:keycloak-parent 25 magento/core 24 gogs.io/gogs 24 remdex/livehelperchat 23 org.springframework.security:spring-security-core 23 puppet 23 pocketmine/pocketmine-mp 23 github.com/argoproj/argo-cd/v2 23 org.eclipse.jetty:jetty-server 23 org.bouncycastle:bcprov-jdk14 22 grumpydictator/firefly-iii 22 rack 22 getkirby/cms 22 org.apache.nifi:nifi 22 ckb 22 contao/core-bundle 21 org.apache.openmeetings:openmeetings-parent 21 activerecord 21 @openzeppelin/contracts-upgradeable 21 tribalsystems/zenario 20 org.cloudfoundry.identity:cloudfoundry-identity-server 20 github.com/ethereum/go-ethereum 20 github.com/cilium/cilium 20 @openzeppelin/contracts 20 github.com/docker/docker 20 DotNetNuke.Core 19 code.gitea.io/gitea 19 org.springframework:spring-core 19 laravel/framework 19 forkcms/forkcms 18 langchain 18 com.liferay.portal:release.dxp.bom 18 cockpit-hq/cockpit 18 contao/contao 18 Microsoft.AspNetCore.App.Runtime.win-x86 18 simplesamlphp/simplesamlphp 18 glance 18 Microsoft.AspNetCore.App.Runtime.win-x64 18 com.vaadin:vaadin-bom 18 directus 18 helm.sh/helm/v3 18 PaddlePaddle 17 mercurial 17 golang.org/x/net 17 mediawiki/core 17 org.xwiki.platform:xwiki-platform-web-templates 17 cobbler 17 genix/cms 17 org.apache.geode:geode-core 17 ezsystems/ezpublish-kernel 17 Microsoft.AspNetCore.App.Runtime.win-arm 17 topthink/framework 17 cakephp/cakephp 17 symfony/security 17 francoisjacquet/rosariosis 17 org.bouncycastle:bcprov-jdk15 16 org.apache.dubbo:dubbo 16 Microsoft.AspNetCore.App.Runtime.linux-musl-x64 16 Microsoft.AspNetCore.App.Runtime.linux-x64 16 rusqlite 16 Microsoft.AspNetCore.App.Runtime.linux-arm64 16 org.apache.activemq:activemq-client 16 Microsoft.AspNetCore.App.Runtime.linux-arm 16 Microsoft.AspNetCore.App.Runtime.osx-x64 16 sequelize 16 pillow 16 wasmtime 16 neutron 16 yetiforce/yetiforce-crm 16 paddlepaddle 15 org.apache.struts.xwork:xwork-core 15 Microsoft.AspNetCore.App.Runtime.win-arm64 15 next 15 cryptography 15 gradio 15 Microsoft.AspNetCore.App.Runtime.linux-musl-arm64 15 github.com/goharbor/harbor 15 org.apache.jspwiki:jspwiki-main 15 notebook 15 openmage/magento-lts 15 phpmailer/phpmailer 14 publify_core 14 github.com/containerd/containerd 14 modoboa 14 org.apache.inlong:manager-pojo 14 smarty/smarty 14 org.xwiki.platform:xwiki-platform-web 14 ec-cube/ec-cube 14 typo3/cms-backend 14 pyftpdlib 14 ghost 14 symfony/security-http 14 swagger-ui 14 pyload-ng 14 zendframework/zendframework1 14 activesupport 14 tinymce 14 codeigniter4/framework 13 github.com/traefik/traefik/v2 13 strapi 13 passenger 13 lavalite/cms 13 bolt/bolt 13 joplin 13 github.com/nats-io/nats-server/v2 13 org.apache.cxf:cxf 13 OctoPrint 13 october/system 13 ckeditor4 13 elefant/cms 13 impresscms/impresscms 13 github.com/mattermost/mattermost-server 13 org.apache.hadoop:hadoop-main 13 phpmyfaq/phpmyfaq 12 github.com/go-gitea/gitea 12 undici 12
Filter by Repository
https://github.com/tensorflow/tensorflow 432 https://github.com/chakra-core/ChakraCore 214 https://github.com/moodle/moodle 210 https://github.com/xwiki/xwiki-platform 172 https://github.com/jenkinsci/jenkins 148 https://github.com/pimcore/pimcore 111 https://github.com/apache/tomcat 96 https://github.com/django/django 94 https://github.com/apache/airflow 90 https://github.com/microweber/microweber 85 https://github.com/FasterXML/jackson-databind 70 https://github.com/thorsten/phpmyfaq 69 https://github.com/keycloak/keycloak 59 https://github.com/usememos/memos 59 https://github.com/Dolibarr/dolibarr 55 https://github.com/rails/rails 53 https://github.com/ansible/ansible 53 https://github.com/python-pillow/Pillow 52 https://github.com/kubernetes/kubernetes 49 https://github.com/symfony/symfony 47 https://github.com/apache/struts 46 https://github.com/TYPO3/typo3 46 https://github.com/librenms/librenms 46 https://github.com/shopware/platform 43 https://github.com/ikus060/rdiffweb 42 https://github.com/spring-projects/spring-framework 41 https://github.com/grafana/grafana 39 https://github.com/vyperlang/vyper 38 https://github.com/phpmyadmin/phpmyadmin 38 https://github.com/star7th/showdoc 38 https://github.com/plone/Products.CMFPlone 37 https://github.com/argoproj/argo-cd 37 https://github.com/openstack/nova 36 https://github.com/x-stream/xstream 36 https://github.com/concretecms/concretecms 34 https://github.com/answerdev/answer 34 https://github.com/apache/activemq 33 https://github.com/octobercms/october 33 https://github.com/saltstack/salt 32 https://github.com/matrix-org/synapse 32 https://github.com/sparklemotion/nokogiri 32 https://github.com/PaddlePaddle/Paddle 31 https://github.com/magento/magento2 31 https://github.com/go-gitea/gitea 31 https://github.com/parse-community/parse-server 29 https://github.com/craftcms/cms 29 https://github.com/mautic/mautic 28 https://github.com/opencv/opencv 28 https://github.com/snipe/snipe-it 28 https://github.com/CVEProject/cvelist 28 https://github.com/mlflow/mlflow 27 https://github.com/openstack/keystone 27 https://github.com/froxlor/froxlor 26 https://github.com/apache/inlong 26 https://github.com/rancher/rancher 25 https://github.com/electron/electron 25 https://github.com/dotnet/runtime 24 https://github.com/TYPO3/TYPO3.CMS 24 https://github.com/shopware/shopware 24 https://github.com/getgrav/grav 24 https://github.com/github/advisory-database 23 https://github.com/pmmp/PocketMine-MP 23 https://github.com/livehelperchat/livehelperchat 23 https://github.com/eclipse/jetty.project 23 https://github.com/PrestaShop/PrestaShop 22 https://github.com/nervosnetwork/ckb 22 https://github.com/baserproject/basercms 22 https://github.com/contao/contao 22 https://github.com/firefly-iii/firefly-iii 22 https://github.com/jenkinsci/script-security-plugin 21 https://github.com/apache/nifi 21 https://github.com/strapi/strapi 21 https://github.com/cilium/cilium 20 https://github.com/jeecgboot/jeecg-boot 20 https://github.com/gogs/gogs 20 https://github.com/netty/netty 20 https://github.com/OpenNMS/opennms 20 https://github.com/OpenZeppelin/openzeppelin-contracts 20 https://github.com/helm/helm 19 https://github.com/bcgit/bc-java 19 https://github.com/apache/cxf 19 https://github.com/nilsteampassnet/teampass 19 https://github.com/hashicorp/consul 19 https://github.com/cloudfoundry/uaa 19 https://github.com/intelliants/subrion 19 https://github.com/nilsteampassnet/TeamPass 18 https://github.com/getkirby/kirby 18 https://github.com/rubygems/rubygems 18 https://github.com/bytecodealliance/wasmtime 17 https://github.com/directus/directus 17 https://github.com/liufee/cms 17 https://github.com/vaadin/platform 17 https://github.com/rack/rack 17 https://github.com/etcd-io/etcd 16 https://github.com/opencast/opencast 16 https://github.com/rusqlite/rusqlite 16 https://github.com/yetiforcecompany/yetiforcecrm 16 https://github.com/sequelize/sequelize 16 https://github.com/forkcms/forkcms 16 https://github.com/hashicorp/vault 16 https://github.com/ethereum/go-ethereum 16 https://github.com/umbraco/Umbraco-CMS 16 https://github.com/laravel/framework 15 https://github.com/puppetlabs/puppet 15 https://github.com/geoserver/geoserver 15 https://github.com/OpenMage/magento-lts 15 https://github.com/centreon/centreon 15 https://github.com/goharbor/harbor 15 https://github.com/apache/camel 15 https://github.com/simplesamlphp/simplesamlphp 15 https://github.com/denoland/deno 15 https://github.com/moby/moby 14 https://github.com/vantage6/vantage6 14 https://github.com/containerd/containerd 14 https://github.com/langchain-ai/langchain 14 https://github.com/mattermost/mattermost 14 https://github.com/pyca/cryptography 14 https://github.com/tinymce/tinymce 14 https://github.com/PHPMailer/PHPMailer 14 https://github.com/gradio-app/gradio 14 https://github.com/cockpit-hq/cockpit 14 https://github.com/cobbler/cobbler 14 https://github.com/pyload/pyload 14 https://github.com/xuxueli/xxl-job 13 https://github.com/modoboa/modoboa 13 https://github.com/swagger-api/swagger-ui 13 https://github.com/ming-soft/MCMS 13 https://github.com/traefik/traefik 13 https://github.com/dromara/hutool 13 https://github.com/golang/go 13 https://github.com/dompdf/dompdf 13 https://github.com/hashicorp/nomad 13 https://github.com/undertow-io/undertow 13 https://github.com/quarkusio/quarkus 13 https://github.com/publify/publify 13 https://github.com/silverstripe/silverstripe-framework 13 https://github.com/TryGhost/Ghost 12 https://github.com/ckeditor/ckeditor4 12 https://github.com/laurent22/joplin 12 https://github.com/apache/kylin 12 https://github.com/apache/dolphinscheduler 12 https://github.com/nodejs/undici 12 https://github.com/patriksimek/vm2 12 https://github.com/backstage/backstage 12 https://github.com/centreon/centreon-archived 12 https://github.com/twisted/twisted 12 https://github.com/1Panel-dev/1Panel 11 https://github.com/nats-io/nats-server 11 https://github.com/janeczku/calibre-web 11 https://github.com/scrapy/scrapy 11 https://github.com/urllib3/urllib3 11 https://github.com/smarty-php/smarty 11 https://github.com/Studio-42/elFinder 11 https://github.com/aio-libs/aiohttp 11 https://github.com/NodeBB/NodeBB 11 https://github.com/cakephp/cakephp 11 https://github.com/puma/puma 11 https://github.com/vaadin/flow 11 https://github.com/top-think/framework 11 https://github.com/drupal/core 11 https://github.com/opencontainers/runc 11 https://github.com/dotnet/aspnetcore 11 https://github.com/cloudflare/cfrpki 11 https://github.com/zitadel/zitadel 11 https://github.com/vercel/next.js 11 https://github.com/igniterealtime/Openfire 11 https://github.com/ezsystems/ezpublish-kernel 11 https://github.com/containers/podman 11 https://github.com/openfga/openfga 11 https://github.com/thorsten/phpMyFAQ 11 https://github.com/onionshare/onionshare 11 https://github.com/nocodb/nocodb 10 https://github.com/phusion/passenger 10 https://github.com/dolibarr/dolibarr 10 https://github.com/Sylius/Sylius 10 https://github.com/jquery/jquery 10 https://github.com/jupyter/notebook 10 https://github.com/dpgaspar/Flask-AppBuilder 10 https://github.com/nextauthjs/next-auth 10 https://github.com/greenpau/caddy-security 10 https://github.com/pimcore/admin-ui-classic-bundle 10 https://github.com/WWBN/AVideo 10 https://github.com/jenkinsci/git-plugin 10 https://github.com/wagtail/wagtail 10 https://github.com/zopefoundation/Zope 10 https://github.com/OPCFoundation/UA-.NETStandard 10 https://github.com/keystonejs/keystone 10 https://github.com/codeigniter4/CodeIgniter4 10 https://github.com/openstack/glance 10 https://github.com/cui2shark/cms 9 https://github.com/giampaolo/pyftpdlib 9 https://github.com/cosmos/cosmos-sdk 9 https://github.com/ethyca/fides 9 https://github.com/Pylons/waitress 9 https://github.com/funadmin/funadmin 9 https://github.com/pgadmin-org/pgadmin4 9 https://github.com/openstack/horizon 9 https://github.com/LavaLite/cms 9 https://github.com/fatfreecrm/fat_free_crm 9