Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories

Loading...
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJwODItdjc3di1tcHBy
Airbrake keys not being filtered
Ecosystems: rubygems
Packages: airbrake-ruby
Source: GitHub Advisory Database
Blast Radius: 28.2
Published: over 4 years ago
Critical
GSA_kwCzR0hTQS00dzhmLWhqbTkteHdnZs4AArZc
Path Traversal in django-s3file
Ecosystems: pypi
Packages: django-s3file
Source: GitHub Advisory Database
Blast Radius: 7.7
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS14MjRnLTl3N3YtdnByaM4AArN3
HashiCorp go-getter command injection
Ecosystems: go
Packages: github.com/hashicorp/go-getter/gcs/v2, github.com/hashicorp/go-getter/s3/v2, github.com/hashicorp/go-getter/v2, github.com/hashicorp/go-getter
Source: GitHub Advisory Database
Blast Radius: 37.6
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS1mcDdoLWY5ZjUteDRxN84AAz9l
XWiki vulnerable to stored cross-site scripting via any wiki document and the displaycontent/rendercontent template
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-web-templates, org.xwiki.platform:xwiki-platform-web
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 11 months ago
Critical
GSA_kwCzR0hTQS04Y3c2LTRyMzItNnIzaM4AAx7Q
XWiki Platform may allow privilege escalation to programming rights via user's first name
Ecosystems: maven
Packages: org.xwiki.commons:xwiki-commons-xml
Source: GitHub Advisory Database
Blast Radius: 18.9
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS1jdjI1LTNweHItNHE3eM4AA8Iz
Magento Open Source Security Advisory: Patch SUPEE-10975
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 days ago
Critical
GSA_kwCzR0hTQS03N2pnLWNwdzktNzN2Z84AA3bl
Apache Cocoon Improper Restriction of XML External Entity Reference vulnerability
Ecosystems: maven
Packages: org.apache.cocoon:cocoon
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 6 months ago
Critical
GSA_kwCzR0hTQS04ajdjLTY4MngtcjlmMs4AA8I2
Magento RCE,XSS and other vulnerabilities
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 days ago
Critical
GSA_kwCzR0hTQS13cmh4LTNweHItNnZnZ84AAhPp
Wikimedia MediaWiki Incorrect Access Control vulnerability
Ecosystems: packagist
Packages: mediawiki/core
Source: GitHub Advisory Database
Blast Radius: 9.8
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS13cTRoLTdyNDItNWhycs4AArQV
Possible shell escape sequence injection vulnerability in Rack
Ecosystems: rubygems
Packages: rack
Source: GitHub Advisory Database
Blast Radius: 60.2
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS1xd204LXZnbTYtZjg2cM33Ug
Script security sandbox bypass in Jenkins Email Extension Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:email-ext
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS1yNm1jLW1ydnItMjNjcs32ew
Sandbox bypass in Jenkins Pipeline: Groovy Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins.workflow:workflow-cps
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS1tNm1nLWp2amYtdzQ0eM4AAtpF
conf-cfg-ini Prototype Pollution via malicious INI file before v1.2.2
Ecosystems: npm
Packages: conf-cfg-ini
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS1tOHh3LTl4NXgtNnZoM84AAwLr
py7zr directory traversal vulnerability
Ecosystems: pypi
Packages: py7zr
Source: GitHub Advisory Database
Blast Radius: 29.2
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS0yaHZjLWh3ZzMtaHB2d84AAwMf
PaddlePaddle Out-of-bounds Read vulnerability
Ecosystems: pypi
Packages: paddlepaddle
Source: GitHub Advisory Database
Blast Radius: 30.4
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS01bWM3LW02ODYtcDZqZ800Hw
Deserialization of Untrusted Data in Apache Dubbo
Ecosystems: maven
Packages: com.alibaba:dubbo, org.apache.dubbo:dubbo
Source: GitHub Advisory Database
Blast Radius: 40.5
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS13Mzl4LWNodm0tcGozY83X2g
Deserialization of Untrusted Data in com.bstek.ureport:ureport2-console
Ecosystems: maven
Packages: com.bstek.ureport:ureport2-console
Source: GitHub Advisory Database
Blast Radius: 18.6
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS03NXJ3LTM0cTYtNzJjcs4AArtB
Signature forgery in Biscuit
Ecosystems: go, maven, cargo
Packages: github.com/biscuit-auth/biscuit-go, com.clever-cloud:biscuit-java, biscuit-auth
Source: GitHub Advisory Database
Blast Radius: 12.3
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS1yODR2LXFmZjgtanY1Z84AAnsE
Remote code execution in vscode-npm-script
Ecosystems: npm
Packages: vscode-npm-script
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS1neDJjLWZ2aGMtcGg0as05Xg
Path traversal in Hadoop
Ecosystems: maven
Packages: org.apache.hadoop:hadoop-common
Source: GitHub Advisory Database
Blast Radius: 42.6
Published: about 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWN3NnctcTg4ai02bXFm
Potential session hijack in Apache CXF
Ecosystems: maven
Packages: org.apache.cxf:cxf
Source: GitHub Advisory Database
Blast Radius: 20.3
Published: over 4 years ago
Critical
GSA_kwCzR0hTQS13MzdmLXB2dngtd2N3bc4AAgZ7
Incorrect Calculation in moodle
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 13.9
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS02aDV4LTdjNW0tN2NyN83l_g
Exposure of Sensitive Information in eventsource
Ecosystems: npm
Packages: eventsource
Source: GitHub Advisory Database
Blast Radius: 59.3
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS1wNjR4LThyeHgtd2Y2cc4AAtF-
Django `Trunc()` and `Extract()` database functions vulnerable to SQL Injection
Ecosystems: pypi
Packages: django
Source: GitHub Advisory Database
Blast Radius: 49.6
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS02N3IzLWg4OTktOXc5Nc4AArT7
Embedded Malicious Code in ctx
Ecosystems: pypi
Packages: ctx
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWc1N2otcTQ4cC05dm0y
Command injection in Gerapy
Ecosystems: pypi
Packages: gerapy
Source: GitHub Advisory Database
Blast Radius: 15.0
Published: about 3 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWhnNGMtcmd2bS05NjRn
SQL Injection in pycsw
Ecosystems: pypi
Packages: pycsw
Source: GitHub Advisory Database
Blast Radius: 18.6
Published: almost 6 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW1tOGotOXg4NC1tOWN2
Arbitrary code injection in json-sanitizer
Ecosystems: maven
Packages: com.mikesamuel:json-sanitizer
Source: GitHub Advisory Database
Blast Radius: 19.5
Published: almost 3 years ago
Critical
GSA_kwCzR0hTQS01Nmo3LTJwbTgtcmdteM4AArT_
OS Command Injection in gogs
Ecosystems: go
Packages: gogs.io/gogs
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS1ncjU4LTc2cnAtbW1nNM4AAwCL
wger vulnerable to brute force attempts
Ecosystems: pypi
Packages: wger
Source: GitHub Advisory Database
Blast Radius: 7.6
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS0yM3hmLTU1MzUtNjJ2Nc4AAyeJ
jeecg-boot vulnerable to SQL injection
Ecosystems: maven
Packages: org.jeecgframework.boot:jeecg-boot-parent
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS1qM3E0LWdtajQtbWo5Nc4AAvB7
rdiffweb vulnerable to account access via session fixation
Ecosystems: pypi
Packages: rdiffweb
Source: GitHub Advisory Database
Blast Radius: 4.7
Published: over 1 year ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWM5ajMtd3FwaC01eHg5
Command Injection in egg-scripts
Ecosystems: npm
Packages: egg-scripts
Source: GitHub Advisory Database
Blast Radius: 32.3
Published: over 5 years ago
Critical
GSA_kwCzR0hTQS12eGY3LW14MjItanIyNM4AAyu4
org.xwiki.platform:xwiki-platform-rendering-xwiki vulnerable to stored cross-site scripting via HTML and raw macro
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-rendering-xwiki
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS05ajltLTh3amMtZmY5Ns0XGg
Apostrophe CMS Insufficient Session Expiration vulnerability
Ecosystems: npm
Packages: apostrophe
Source: GitHub Advisory Database
Blast Radius: 21.2
Published: over 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXdteDYtdnhjZi1jM2dy
Validation Bypass in slp-validate
Ecosystems: npm
Packages: slp-validate
Source: GitHub Advisory Database
Blast Radius: 5.4
Published: over 4 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW1qNjMtNjR4Ny01N3hm
Path traversal in impacket
Ecosystems: pypi
Packages: impacket
Source: GitHub Advisory Database
Blast Radius: 29.5
Published: almost 3 years ago
Critical
GSA_kwCzR0hTQS14cjJjLTV3ODktNjNwds01MA
Poetry before v1.1.9 contains Untrusted Search Path
Ecosystems: pypi
Packages: poetry
Source: GitHub Advisory Database
Blast Radius: 32.3
Published: about 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJqeDItNzZyYy0ydjd2
Kubernetes Privilege Escalation
Ecosystems: go
Packages: k8s.io/kubernetes
Source: GitHub Advisory Database
Blast Radius: 42.2
Published: about 3 years ago
Critical
GSA_kwCzR0hTQS1xcDcyLTk2cDItZzY0NM4AAtSN
Tooxie Shiva 0.10.0 allows absolute path traversal because Flask send_file function used unsafely
Ecosystems: pypi
Packages: shiva
Source: GitHub Advisory Database
Blast Radius: 2.8
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS1yNXB2LTdnODktY3htY84AA04B
SQL injection in audit endpoint
Ecosystems: maven
Packages: org.apache.inlong:manager-service
Source: GitHub Advisory Database
Blast Radius: 15.1
Published: 10 months ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTI3ZmotbWM4dy1qOXdn
RSA signature validation vulnerability on maleable encoded message in jsrsasign
Ecosystems: npm
Packages: jsrsasign
Source: GitHub Advisory Database
Blast Radius: 35.5
Published: about 3 years ago
Critical
GSA_kwCzR0hTQS1nZmhwLWpncDYtODM4as4AAvIk
Orckestra C1 CMS's deserialization of untrusted data allows for arbitrary code execution.
Ecosystems: nuget
Packages: CompositeC1.Core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS02MzY3LXAzdjgtN21nd84AAtpR
google-cloudstorage-commands Command Injection vulnerability
Ecosystems: npm
Packages: google-cloudstorage-commands
Source: GitHub Advisory Database
Blast Radius: 4.7
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS12NTU4LWZodzItdjQ2d84AAqz8
Unsafe entry in Script Security list of approved signatures in Pipeline Remote Loader Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:workflow-remote-loader
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS1qODN4LXI5cXEtOWc0ds4AAyBh
Froxlor is vulnerable to authentication bypass
Ecosystems: packagist
Packages: froxlor/froxlor
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS05OXA1LXFwcXgtbWh3Y84AA08H
Code injection in BoofCV
Ecosystems: maven
Packages: org.boofcv:boofcv-core
Source: GitHub Advisory Database
Blast Radius: 15.9
Published: 10 months ago
Critical
GSA_kwCzR0hTQS00M2Z3LTUzNmotdzM3as4AA2kO
Yamcs API Directory Traversal vulnerability
Ecosystems: maven
Packages: org.yamcs:yamcs
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 months ago
Critical
GSA_kwCzR0hTQS0zNzM4LXA5eDMtbXY5cs4AAx7O
XWiki Platform vulnerable to privilege escalation via properties with wiki syntax that are executed with wrong author
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-legacy-oldcore, org.xwiki.platform:xwiki-platform-oldcore
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS1qajk1LTU1Y3ItOTU5N84AA1Co
Aerospike Java Client vulnerable to unsafe deserialization of server responses
Ecosystems: maven
Packages: com.aerospike:aerospike-client
Source: GitHub Advisory Database
Blast Radius: 23.2
Published: 10 months ago
Critical
GSA_kwCzR0hTQS01NjdyLXZxajctNWN3N84AAbZ2
phpMyAdmin Authentication Bypass
Ecosystems: packagist
Packages: phpmyadmin/phpmyadmin
Source: GitHub Advisory Database
Blast Radius: 11.5
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS01d3c2LXB4NDItd2M4Nc4AApqI
SM2 Decryption Buffer Overflow
Ecosystems: cargo
Packages: openssl-src
Source: GitHub Advisory Database
Blast Radius: 34.9
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS14djk3LWM2MnYtNDU4N84AAtxf
NextAuth.js before 4.10.3 and 3.29.10 sending verification requests (magic link) to unwanted emails
Ecosystems: npm
Packages: next-auth
Source: GitHub Advisory Database
Blast Radius: 39.0
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS1nZjQ2LXBybTQtNTZwY84AA1LW
PrestaShop SQL manager vulnerability
Ecosystems: packagist
Packages: prestashop/prestashop
Source: GitHub Advisory Database
Blast Radius: 2.7
Published: 9 months ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWZoajktY2pqaC0yN3Zt
Active Record contains deserialization of arbitrary YAML
Ecosystems: rubygems
Packages: activerecord
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 6 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTU5OWgtOHdwai03NXhq
Authentication Bypass in tyk-identity-broker
Ecosystems: go
Packages: github.com/tyktechnologies/tyk-identity-broker
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 3 years ago
Critical
GSA_kwCzR0hTQS1wcHh4LW05MjYtZzU2Oc4AA0RP
Apache Kylin vulnerable to remote code execution
Ecosystems: maven
Packages: org.apache.kylin:kylin-server-base, org.apache.kylin:kylin-spark-project, org.apache.kylin:kylin-core-common
Source: GitHub Advisory Database
Blast Radius: 16.8
Published: 11 months ago
Critical
GSA_kwCzR0hTQS1nMjdqLTc0ZnAteGZwcs04jw
Insecure default value for CORS configuration
Ecosystems: npm
Packages: directus
Source: GitHub Advisory Database
Blast Radius: 20.2
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS00N3A3LXhmY2MtNHB2Oc4AAz-X
php-imap vulnerable to RCE through a directory traversal vulnerability
Ecosystems: packagist
Packages: webklex/laravel-imap, webklex/php-imap
Source: GitHub Advisory Database
Blast Radius: 18.2
Published: 11 months ago
Critical
GSA_kwCzR0hTQS05OTYzLWdtaDgtdnZtNs4AAxJN
Session fixation vulnerability in Jenkins Keycloak Authentication Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:keycloak
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS05M203LWM2OWYtNWNmas4AAvMA
xmlquery lacks check for whether LoadURL response is in XML format, causing denial of service
Ecosystems: go
Packages: github.com/antchfx/xmlquery
Source: GitHub Advisory Database
Blast Radius: 32.5
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS02N2o0LTJtaDYtODYyN84AAx7w
json-logic-js Command Injection vulnerability
Ecosystems: npm
Packages: json-logic-js
Source: GitHub Advisory Database
Blast Radius: 29.3
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS1tajljLXZqcDktcGdnaM4AAiY2
Incorrect Authorization in Puppet Enterprise Pipeline Jenkins Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins.workflow:puppet-enterprise-pipeline
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS1xOGNtLTN2NjItamo3Oc4AA04Z
Remote code execution in Apache Jackrabbit
Ecosystems: maven
Packages: org.apache.jackrabbit:jackrabbit-standalone-components, org.apache.jackrabbit:jackrabbit-standalone, org.apache.jackrabbit:jackrabbit-webapp
Source: GitHub Advisory Database
Blast Radius: 13.0
Published: 10 months ago
Critical
GSA_kwCzR0hTQS03Mjg2LXBnZnYtdnh2aM4AA2YZ
Authorization Bypass Through User-Controlled Key vulnerability in Apache ZooKeeper
Ecosystems: maven
Packages: org.apache.zookeeper:zookeeper
Source: GitHub Advisory Database
Blast Radius: 41.3
Published: 7 months ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXFteGYtZnhxNy13NTlm
Malicious Package in angular-material-sidenav-rnd
Ecosystems: npm
Packages: angular-material-sidenav-rnd
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Critical
GSA_kwCzR0hTQS03N2NjLXczd20tNndocM4AAwyB
dssp vulnerable to Improper Restriction of XML External Entity Reference
Ecosystems: maven
Packages: be.e_contract.dssp:dssp-client
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS02bWpwLTJybTYtOWc4Nc4AAwyI
XWiki CKEditor.HTMLConverter vulnerable to Remote Code Execution via Cross-Site Request Forgery
Ecosystems: maven
Packages: org.xwiki.contrib:application-ckeditor-ui
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXdnangtaG0zNC1xZ2Y3
SQL injection in Centreon
Ecosystems: packagist
Packages: centreon/centreon
Source: GitHub Advisory Database
Blast Radius: 4.7
Published: over 4 years ago
Critical
GSA_kwCzR0hTQS04ZnhyLXFmcjktcDM0d84AA2Lz
TorchServe Server-Side Request Forgery vulnerability
Ecosystems: pypi
Packages: torchserve
Source: GitHub Advisory Database
Blast Radius: 20.3
Published: 8 months ago
Critical
GSA_kwCzR0hTQS1oZjYyLTV2eGgtanB3as4AAitU
Pimcore 2FA Vulnerable to Brute Forcing
Ecosystems: packagist
Packages: pimcore/pimcore
Source: GitHub Advisory Database
Blast Radius: 24.4
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS13N3FnLWo0MzUtNzhxd84AAydg
Use of hard-coded, security-relevant constants in deepset-ai/haystack
Ecosystems: pypi
Packages: farm-haystack
Source: GitHub Advisory Database
Blast Radius: 23.3
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS1yeGc5LXhyaHAtNjRnas4AAnr8
.NET Core Remote Code Execution Vulnerability
Ecosystems: nuget
Packages: System.Drawing.Common
Source: GitHub Advisory Database
Blast Radius: 10.9
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS1tOTM5LXZyZnAtOXY4cM4AAtod
js-ini Prorotype Pollution when malicious INI files submitted to an application that parses it with `parse`
Ecosystems: npm
Packages: js-ini
Source: GitHub Advisory Database
Blast Radius: 13.0
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS05Mjl3LXE0MzMtNGg5eM4AAqj-
Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins
Ecosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS1majhmLTU2d2MtcTM2cs4AA0u5
rabbitmq-connector plugin module in Apache EventMesh platforms allows attackers to send controlled message
Ecosystems: maven
Packages: org.apache.eventmesh:eventmesh-connector-rabbitmq
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 10 months ago
Critical
GSA_kwCzR0hTQS01bTNtLXE4Y3EtNzdnNM4AAz_c
fuadmin vulnerable to insecure file upload
Ecosystems: packagist
Packages: funadmin/funadmin
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 11 months ago
Critical
GSA_kwCzR0hTQS1tOHhoLWNxYzItNXE2Zs02eQ
Type Confusion in ImpressCMS
Ecosystems: packagist
Packages: impresscms/impresscms
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS14ZmpxLXczY3ctaDVmcc4AAVUw
Zend Framework Allows SQL Injection
Ecosystems: packagist
Packages: zendframework/zendframework
Source: GitHub Advisory Database
Blast Radius: 38.2
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS03dnJ2LTVtMmgtcmp3Oc4AAtpA
ion-parser Prototype Pollution when malicious INI file submitted to application that parses with `parse`
Ecosystems: npm
Packages: ion-parser
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXAycTktOWNxNi1oM2p3
Out of bounds read in Ozone
Ecosystems: cargo
Packages: ozone
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS1mNzc2LXc5djItN3Zmas4AA2fh
XWiki Change Request Application UI XSS and remote code execution through change request title
Ecosystems: maven
Packages: org.xwiki.contrib.changerequest:application-changerequest-ui
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 months ago
Critical
GSA_kwCzR0hTQS00NXgzLW13N3Etd2Y3Zs3stw
elFinder Path Traversal vulnerability
Ecosystems: packagist
Packages: studio-42/elfinder
Source: GitHub Advisory Database
Blast Radius: 28.5
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS0ycnIzLXJ2NDktcDQyZs4AAvl1
phpMyFAQ contains Weak Password Requirements
Ecosystems: packagist
Packages: thorsten/phpmyfaq
Source: GitHub Advisory Database
Blast Radius: 5.9
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS1jNXY4LTJxNHItNXc5ds4AAu1e
XWiki Platform Mentions UI vulnerable to Cross-site Scripting
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-mentions-ui
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS03OXhmLTY3cjQtcTJqas4AAyqY
safe-eval vulnerable to Sandbox Bypass due to improper input sanitization
Ecosystems: npm
Packages: safe-eval
Source: GitHub Advisory Database
Blast Radius: 34.4
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS04dmg2LTh3NzYtdjZtM84AAQVU
October CMS File Upload Vulnerability
Ecosystems: packagist
Packages: october/october
Source: GitHub Advisory Database
Blast Radius: 8.3
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS02MndmLWgyNnYtNW01N84AA19I
Cross Site Scripting vulnerability in Dolibarr ERP CRM
Ecosystems: packagist
Packages: dolibarr/dolibarr
Source: GitHub Advisory Database
Blast Radius: 7.5
Published: 8 months ago
Critical
GSA_kwCzR0hTQS03eGZqLTRqcGctNTh2Zs4AAUsi
ThinkPHP SQLi Vulnerability
Ecosystems: packagist
Packages: topthink/framework
Source: GitHub Advisory Database
Blast Radius: 34.4
Published: about 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJyZnctaGc5bS1qNDdo
Signature Validation Bypass
Ecosystems: go
Packages: github.com/russellhaering/goxmldsig
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 3 years ago
Critical
GSA_kwCzR0hTQS14M3gzLXF3anEtOGdqNM4AAwSr
Apache CXF Server-Side Request Forgery vulnerability
Ecosystems: maven
Packages: org.apache.cxf:cxf-core
Source: GitHub Advisory Database
Blast Radius: 31.7
Published: over 1 year ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTd4YzUtZ2dwcC1nMjQ5
pwntools Server-Side Template Injection (SSTI) vulnerability
Ecosystems: pypi
Packages: pwntools
Source: GitHub Advisory Database
Blast Radius: 23.0
Published: about 3 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWhwcjYtZjR2cS1teGNo
Command injection in LocalStack
Ecosystems: pypi
Packages: localstack
Source: GitHub Advisory Database
Blast Radius: 18.9
Published: almost 3 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWMzbTMtYzM5cS1wdjIz
Out of bounds write in slice-deque
Ecosystems: cargo
Packages: slice-deque
Source: GitHub Advisory Database
Blast Radius: 29.5
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS1mcjZxLWp2N2otMzVnM80oGQ
Path Traversal in w-zip
Ecosystems: npm
Packages: w-zip
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS12OTJmLWp4NnAtNzNyeM4AA18p
Improper Control of Generation of Code ('Code Injection') in jai-ext
Ecosystems: maven
Packages: it.geosolutions.jaiext.jiffle:jt-jiffle-language, it.geosolutions.jaiext.jiffle:jt-jiffle
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 8 months ago
Critical
GSA_kwCzR0hTQS00cnI2LWdmNTktZ2d3Nc4AA8Rn
namshi/jose - Verification bypass
Ecosystems: packagist
Packages: namshi/jose
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 14 hours ago
Critical
GSA_kwCzR0hTQS1qeDZxLWZxOWgtNmc3cc4AA35v
Pedroetb TTS-API OS Command Injection
Ecosystems: npm
Packages: tts-api
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 5 months ago
Critical
GSA_kwCzR0hTQS0zaGM3LTJ4Y2MtN3A4Zs4AAwzZ
Squalor SQL Injection vulnerability
Ecosystems: go
Packages: github.com/square/squalor
Source: GitHub Advisory Database
Blast Radius: 4.7
Published: over 1 year ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTQ1dzUtcHZyOC00cmg1
Command injection in eslint-fixer
Ecosystems: npm
Packages: eslint-fixer
Source: GitHub Advisory Database
Blast Radius: 8.9
Published: about 3 years ago
Statistics
Advisories: 18,774
Packages: 8,381
Repositories: 5,080
Ecosystems: 12
Filter by Severity
Moderate 8,161 High 6,452 Critical 2,849 Low 1,017
Filter by Ecosystem
maven 5,573 packagist 4,003 pypi 3,848 npm 3,557 go 1,935 nuget 1,421 rubygems 815 cargo 780 swift 31 hex 30 actions 16 pub 8
Filter by Package
tensorflow 432 tensorflow-cpu 387 tensorflow-gpu 384 moodle/moodle 323 Microsoft.ChakraCore 247 magento/community-edition 203 org.jenkins-ci.main:jenkins-core 189 org.apache.tomcat:tomcat 134 pimcore/pimcore 116 dolibarr/dolibarr 107 typo3/cms 102 phpmyadmin/phpmyadmin 92 microweber/microweber 91 drupal/core 90 django 80 apache-airflow 78 typo3/cms-core 77 drupal/drupal 75 thorsten/phpmyfaq 70 com.fasterxml.jackson.core:jackson-databind 69 ansible 63 github.com/usememos/memos 59 actionpack 57 org.apache.struts:struts2-core 55 librenms/librenms 54 symfony/symfony 53 salt 53 Plone 52 concrete5/concrete5 52 apache-superset 49 shopware/platform 48 org.keycloak:keycloak-core 47 nova 45 com.liferay.portal:release.portal.bom 45 github.com/grafana/grafana 44 baserproject/basercms 43 nokogiri 43 plone 43 rdiffweb 42 Pillow 41 intelliants/subrion 40 showdoc/showdoc 40 craftcms/cms 40 vyper 38 github.com/mattermost/mattermost/server/v8 38 github.com/mattermost/mattermost-server/v6 37 nilsteampassnet/teampass 37 froxlor/froxlor 37 org.apache.tomcat.embed:tomcat-embed-core 36 shopware/core 36 com.jfinal:jfinal 36 com.thoughtworks.xstream:xstream 36 matrix-synapse 35 net.mingsoft:ms-mcms 35 moin 34 github.com/answerdev/answer 34 org.xwiki.platform:xwiki-platform-oldcore 34 mlflow 33 org.elasticsearch:elasticsearch 32 org.jenkins-ci.plugins:script-security 32 snipe/snipe-it 32 silverstripe/framework 32 k8s.io/kubernetes 32 keystone 30 opencv-contrib-python 30 opencv-python 30 mautic/core 30 Django 30 github.com/argoproj/argo-cd 29 getgrav/grav 29 parse-server 29 github.com/rancher/rancher 28 github.com/hashicorp/vault 28 centreon/centreon 27 io.undertow:undertow-core 27 org.keycloak:keycloak-services 27 shopware/shopware 27 github.com/hashicorp/nomad 26 prestashop/prestashop 26 github.com/hashicorp/consul 26 openssl-src 26 electron 26 rubygems-update 25 org.keycloak:keycloak-parent 25 org.apache.solr:solr-core 25 gogs.io/gogs 24 magento/core 24 pocketmine/pocketmine-mp 23 puppet 23 org.springframework.security:spring-security-core 23 github.com/argoproj/argo-cd/v2 23 remdex/livehelperchat 23 mediawiki/core 23 org.eclipse.jetty:jetty-server 23 ckb 22 grumpydictator/firefly-iii 22 getkirby/cms 22 org.bouncycastle:bcprov-jdk14 22 org.apache.nifi:nifi 22 rack 22 org.apache.openmeetings:openmeetings-parent 21 @openzeppelin/contracts-upgradeable 21 contao/core-bundle 21 activerecord 21 github.com/docker/docker 20 @openzeppelin/contracts 20 org.cloudfoundry.identity:cloudfoundry-identity-server 20 github.com/cilium/cilium 20 github.com/ethereum/go-ethereum 20 tribalsystems/zenario 20 DotNetNuke.Core 19 code.gitea.io/gitea 19 laravel/framework 19 org.springframework:spring-core 19 Microsoft.AspNetCore.App.Runtime.win-x64 18 com.vaadin:vaadin-bom 18 Microsoft.AspNetCore.App.Runtime.win-x86 18 langchain 18 com.liferay.portal:release.dxp.bom 18 forkcms/forkcms 18 glance 18 directus 18 contao/contao 18 helm.sh/helm/v3 18 cockpit-hq/cockpit 18 simplesamlphp/simplesamlphp 18 org.apache.geode:geode-core 17 topthink/framework 17 Microsoft.AspNetCore.App.Runtime.win-arm 17 cobbler 17 genix/cms 17 symfony/security 17 org.xwiki.platform:xwiki-platform-web-templates 17 golang.org/x/net 17 francoisjacquet/rosariosis 17 PaddlePaddle 17 cakephp/cakephp 17 mercurial 17 ezsystems/ezpublish-kernel 17 Microsoft.AspNetCore.App.Runtime.osx-x64 16 org.apache.dubbo:dubbo 16 wasmtime 16 org.apache.activemq:activemq-client 16 rusqlite 16 Microsoft.AspNetCore.App.Runtime.linux-x64 16 Microsoft.AspNetCore.App.Runtime.linux-musl-x64 16 Microsoft.AspNetCore.App.Runtime.linux-arm 16 neutron 16 Microsoft.AspNetCore.App.Runtime.linux-arm64 16 sequelize 16 yetiforce/yetiforce-crm 16 org.bouncycastle:bcprov-jdk15 16 pillow 16 notebook 15 org.apache.jspwiki:jspwiki-main 15 openmage/magento-lts 15 paddlepaddle 15 next 15 github.com/goharbor/harbor 15 Microsoft.AspNetCore.App.Runtime.win-arm64 15 gradio 15 Microsoft.AspNetCore.App.Runtime.linux-musl-arm64 15 cryptography 15 org.apache.struts.xwork:xwork-core 15 org.xwiki.platform:xwiki-platform-web 14 activesupport 14 zendframework/zendframework1 14 ghost 14 ec-cube/ec-cube 14 symfony/security-http 14 smarty/smarty 14 phpmailer/phpmailer 14 tinymce 14 pyload-ng 14 github.com/containerd/containerd 14 publify_core 14 swagger-ui 14 modoboa 14 org.apache.inlong:manager-pojo 14 typo3/cms-backend 14 pyftpdlib 14 codeigniter4/framework 13 github.com/mattermost/mattermost-server 13 lavalite/cms 13 github.com/traefik/traefik/v2 13 joplin 13 elefant/cms 13 october/system 13 strapi 13 bolt/bolt 13 ckeditor4 13 passenger 13 OctoPrint 13 impresscms/impresscms 13 github.com/nats-io/nats-server/v2 13 org.apache.cxf:cxf 13 org.apache.hadoop:hadoop-main 13 actionview 12 deno 12 undici 12
Filter by Repository
https://github.com/tensorflow/tensorflow 432 https://github.com/chakra-core/ChakraCore 214 https://github.com/moodle/moodle 210 https://github.com/xwiki/xwiki-platform 172 https://github.com/jenkinsci/jenkins 148 https://github.com/pimcore/pimcore 111 https://github.com/apache/tomcat 96 https://github.com/django/django 95 https://github.com/apache/airflow 90 https://github.com/microweber/microweber 85 https://github.com/FasterXML/jackson-databind 70 https://github.com/thorsten/phpmyfaq 69 https://github.com/usememos/memos 59 https://github.com/keycloak/keycloak 59 https://github.com/Dolibarr/dolibarr 55 https://github.com/rails/rails 53 https://github.com/ansible/ansible 53 https://github.com/python-pillow/Pillow 52 https://github.com/kubernetes/kubernetes 49 https://github.com/symfony/symfony 47 https://github.com/TYPO3/typo3 46 https://github.com/librenms/librenms 46 https://github.com/apache/struts 46 https://github.com/shopware/platform 43 https://github.com/ikus060/rdiffweb 42 https://github.com/spring-projects/spring-framework 41 https://github.com/grafana/grafana 39 https://github.com/star7th/showdoc 38 https://github.com/vyperlang/vyper 38 https://github.com/phpmyadmin/phpmyadmin 38 https://github.com/plone/Products.CMFPlone 37 https://github.com/argoproj/argo-cd 37 https://github.com/x-stream/xstream 36 https://github.com/openstack/nova 36 https://github.com/concretecms/concretecms 34 https://github.com/answerdev/answer 34 https://github.com/octobercms/october 33 https://github.com/apache/activemq 33 https://github.com/saltstack/salt 32 https://github.com/sparklemotion/nokogiri 32 https://github.com/matrix-org/synapse 32 https://github.com/go-gitea/gitea 31 https://github.com/PaddlePaddle/Paddle 31 https://github.com/magento/magento2 31 https://github.com/parse-community/parse-server 29 https://github.com/craftcms/cms 29 https://github.com/mautic/mautic 28 https://github.com/opencv/opencv 28 https://github.com/CVEProject/cvelist 28 https://github.com/snipe/snipe-it 28 https://github.com/mlflow/mlflow 27 https://github.com/openstack/keystone 27 https://github.com/froxlor/froxlor 26 https://github.com/apache/inlong 26 https://github.com/electron/electron 25 https://github.com/rancher/rancher 25 https://github.com/dotnet/runtime 24 https://github.com/shopware/shopware 24 https://github.com/getgrav/grav 24 https://github.com/TYPO3/TYPO3.CMS 24 https://github.com/pmmp/PocketMine-MP 23 https://github.com/github/advisory-database 23 https://github.com/livehelperchat/livehelperchat 23 https://github.com/eclipse/jetty.project 23 https://github.com/PrestaShop/PrestaShop 22 https://github.com/baserproject/basercms 22 https://github.com/firefly-iii/firefly-iii 22 https://github.com/nervosnetwork/ckb 22 https://github.com/contao/contao 22 https://github.com/apache/nifi 21 https://github.com/jenkinsci/script-security-plugin 21 https://github.com/strapi/strapi 21 https://github.com/netty/netty 20 https://github.com/jeecgboot/jeecg-boot 20 https://github.com/OpenNMS/opennms 20 https://github.com/cilium/cilium 20 https://github.com/OpenZeppelin/openzeppelin-contracts 20 https://github.com/gogs/gogs 20 https://github.com/nilsteampassnet/teampass 19 https://github.com/hashicorp/consul 19 https://github.com/bcgit/bc-java 19 https://github.com/apache/cxf 19 https://github.com/cloudfoundry/uaa 19 https://github.com/helm/helm 19 https://github.com/intelliants/subrion 19 https://github.com/rubygems/rubygems 18 https://github.com/nilsteampassnet/TeamPass 18 https://github.com/getkirby/kirby 18 https://github.com/vaadin/platform 17 https://github.com/rack/rack 17 https://github.com/liufee/cms 17 https://github.com/directus/directus 17 https://github.com/bytecodealliance/wasmtime 17 https://github.com/rusqlite/rusqlite 16 https://github.com/yetiforcecompany/yetiforcecrm 16 https://github.com/etcd-io/etcd 16 https://github.com/opencast/opencast 16 https://github.com/sequelize/sequelize 16 https://github.com/umbraco/Umbraco-CMS 16 https://github.com/forkcms/forkcms 16 https://github.com/ethereum/go-ethereum 16 https://github.com/hashicorp/vault 16 https://github.com/centreon/centreon 15 https://github.com/simplesamlphp/simplesamlphp 15 https://github.com/laravel/framework 15 https://github.com/puppetlabs/puppet 15 https://github.com/goharbor/harbor 15 https://github.com/geoserver/geoserver 15 https://github.com/OpenMage/magento-lts 15 https://github.com/denoland/deno 15 https://github.com/apache/camel 15 https://github.com/containerd/containerd 14 https://github.com/PHPMailer/PHPMailer 14 https://github.com/mattermost/mattermost 14 https://github.com/pyca/cryptography 14 https://github.com/cockpit-hq/cockpit 14 https://github.com/langchain-ai/langchain 14 https://github.com/moby/moby 14 https://github.com/cobbler/cobbler 14 https://github.com/vantage6/vantage6 14 https://github.com/tinymce/tinymce 14 https://github.com/gradio-app/gradio 14 https://github.com/pyload/pyload 14 https://github.com/quarkusio/quarkus 13 https://github.com/traefik/traefik 13 https://github.com/golang/go 13 https://github.com/hashicorp/nomad 13 https://github.com/swagger-api/swagger-ui 13 https://github.com/silverstripe/silverstripe-framework 13 https://github.com/xuxueli/xxl-job 13 https://github.com/dromara/hutool 13 https://github.com/publify/publify 13 https://github.com/modoboa/modoboa 13 https://github.com/undertow-io/undertow 13 https://github.com/ming-soft/MCMS 13 https://github.com/dompdf/dompdf 13 https://github.com/backstage/backstage 12 https://github.com/apache/dolphinscheduler 12 https://github.com/patriksimek/vm2 12 https://github.com/laurent22/joplin 12 https://github.com/ckeditor/ckeditor4 12 https://github.com/twisted/twisted 12 https://github.com/apache/kylin 12 https://github.com/nodejs/undici 12 https://github.com/TryGhost/Ghost 12 https://github.com/centreon/centreon-archived 12 https://github.com/igniterealtime/Openfire 11 https://github.com/top-think/framework 11 https://github.com/Studio-42/elFinder 11 https://github.com/thorsten/phpMyFAQ 11 https://github.com/dotnet/aspnetcore 11 https://github.com/janeczku/calibre-web 11 https://github.com/cakephp/cakephp 11 https://github.com/openfga/openfga 11 https://github.com/drupal/core 11 https://github.com/onionshare/onionshare 11 https://github.com/puma/puma 11 https://github.com/smarty-php/smarty 11 https://github.com/vaadin/flow 11 https://github.com/1Panel-dev/1Panel 11 https://github.com/aio-libs/aiohttp 11 https://github.com/containers/podman 11 https://github.com/ezsystems/ezpublish-kernel 11 https://github.com/cloudflare/cfrpki 11 https://github.com/nats-io/nats-server 11 https://github.com/zitadel/zitadel 11 https://github.com/opencontainers/runc 11 https://github.com/NodeBB/NodeBB 11 https://github.com/urllib3/urllib3 11 https://github.com/vercel/next.js 11 https://github.com/scrapy/scrapy 11 https://github.com/dolibarr/dolibarr 10 https://github.com/jquery/jquery 10 https://github.com/jenkinsci/git-plugin 10 https://github.com/keystonejs/keystone 10 https://github.com/wagtail/wagtail 10 https://github.com/pimcore/admin-ui-classic-bundle 10 https://github.com/openstack/glance 10 https://github.com/nextauthjs/next-auth 10 https://github.com/Sylius/Sylius 10 https://github.com/codeigniter4/CodeIgniter4 10 https://github.com/dpgaspar/Flask-AppBuilder 10 https://github.com/zopefoundation/Zope 10 https://github.com/greenpau/caddy-security 10 https://github.com/phusion/passenger 10 https://github.com/jupyter/notebook 10 https://github.com/nocodb/nocodb 10 https://github.com/OPCFoundation/UA-.NETStandard 10 https://github.com/WWBN/AVideo 10 https://github.com/Pylons/waitress 9 https://github.com/Graylog2/graylog2-server 9 https://github.com/spring-projects/spring-security 9 https://github.com/neorazorx/facturascripts 9 https://github.com/apache/lucene-solr 9 https://github.com/funadmin/funadmin 9 https://github.com/nautobot/nautobot 9 https://github.com/DSpace/DSpace 9 https://github.com/faucetsdn/ryu 9 https://github.com/semplon/GeniXCMS 9