Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories

Loading...
Critical
GSA_kwCzR0hTQS1nNTZ3LWN3ZzQtaHh4Oc4AAwAq
Code injection in quarkus dev ui config editor
Ecosystems: maven
Packages: io.quarkus:quarkus-vertx-http-deployment
Source: GitHub Advisory Database
Blast Radius: 21.8
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS03NDg4LTZ4M3ItMjN3Nc4AAtX6
Ganga allows absolute path traversal
Ecosystems: pypi
Packages: ganga
Source: GitHub Advisory Database
Blast Radius: 5.6
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS0zamNoLTlxZ3AtNDg0NM4AArrG
Generated code can read and write out of bounds in safe code
Ecosystems: cargo
Packages: flatbuffers
Source: GitHub Advisory Database
Blast Radius: 28.9
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS03Mmd4LXFxMm0tNnhyMs4AAiOT
Improper Control of Generation of Code in Jenkins Script Security Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:script-security
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS14d2NxLXBtOG0tYzR2Zs4AA2sP
crypto-js PBKDF2 1,000 times weaker than specified in 1993 and 1.3M times weaker than current standard
Ecosystems: npm
Packages: crypto-js
Source: GitHub Advisory Database
Blast Radius: 47.5
Published: 7 months ago
Critical
GSA_kwCzR0hTQS02bTRoLWhmcHAteDhjeM4AAwgV
docconv OS Command Injection vulnerability
Ecosystems: go
Packages: code.sajari.com/docconv, github.com/sajari/docconv
Source: GitHub Advisory Database
Blast Radius: 24.6
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS13N3BtLWNjNHYtZjNnOM4AAj-r
Deserialization of Untrusted Data in Liferay Portal
Ecosystems: maven
Packages: com.liferay.portal:com.liferay.portal-kernel
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS00ZzM4LWhybTQtcmc5NM4AAqkP
Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins
Ecosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS04Y3c2LTRyMzItNnIzaM4AAx7Q
XWiki Platform may allow privilege escalation to programming rights via user's first name
Ecosystems: maven
Packages: org.xwiki.commons:xwiki-commons-xml
Source: GitHub Advisory Database
Blast Radius: 18.9
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS13anEzLTdqeHgtd2hqOc4AAzYV
mlflow Path Traversal vulnerability
Ecosystems: pypi
Packages: mlflow
Source: GitHub Advisory Database
Blast Radius: 36.3
Published: about 1 year ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTdxOWYteDZybS1xbXhy
Command Injection in compass-compile
Ecosystems: npm
Packages: compass-compile
Source: GitHub Advisory Database
Blast Radius: 3.0
Published: over 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTd4YzUtZ2dwcC1nMjQ5
pwntools Server-Side Template Injection (SSTI) vulnerability
Ecosystems: pypi
Packages: pwntools
Source: GitHub Advisory Database
Blast Radius: 23.0
Published: about 3 years ago
Critical
GSA_kwCzR0hTQS04M2c3LThmY2gtcDM3bc4AAwDL
PaddlePaddle vulnerable to code injection via winstr
Ecosystems: pypi
Packages: paddlepaddle
Source: GitHub Advisory Database
Blast Radius: 32.8
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS1wbWhjLTJnNGYtODVjZ84AA03a
Path Traversal in Apache Shiro
Ecosystems: maven
Packages: org.apache.shiro:shiro-web
Source: GitHub Advisory Database
Blast Radius: 39.6
Published: 10 months ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWc0dzctM3FyOC01NjIz
Improper type usage in rusqlite
Ecosystems: cargo
Packages: rusqlite
Source: GitHub Advisory Database
Blast Radius: 33.8
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS05OWMzLXFjMnEtcDk0bc4AAxxW
GeoTools OGC Filter SQL Injection Vulnerabilities
Ecosystems: maven
Packages: org.geotools:gt-jdbc
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS0zNzM4LXA5eDMtbXY5cs4AAx7O
XWiki Platform vulnerable to privilege escalation via properties with wiki syntax that are executed with wrong author
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-legacy-oldcore, org.xwiki.platform:xwiki-platform-oldcore
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS1jNzMyLXh2djgtZzk0Y84AAxHL
Command Injection in Apache Airflow and Apache Airflow MySQL Provider
Ecosystems: pypi
Packages: apache-airflow-providers-mysql, apache-airflow
Source: GitHub Advisory Database
Blast Radius: 31.3
Published: over 1 year ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTdjamMtaHZ4Zi1ncWg3
Use after free and double free in bitvec
Ecosystems: cargo
Packages: bitvec
Source: GitHub Advisory Database
Blast Radius: 39.2
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS1qZmdwLXEyaGctdzI4Nc4AAkun
WSO2 API Manager vulnerable to SSRF
Ecosystems: maven
Packages: org.wso2.am:am-parent
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS1xbTJoLW03OTktODZyY84AAypA
Apache Linkis JDBC EngineConn has deserialization vulnerability
Ecosystems: maven
Packages: org.apache.linkis:linkis-engineconn
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTU0eGotcTU4aC05eDU3
Arbitrary File Write in iobroker.admin
Ecosystems: npm
Packages: iobroker.admin
Source: GitHub Advisory Database
Blast Radius: 5.9
Published: over 3 years ago
Critical
GSA_kwCzR0hTQS1qNzdyLTJmeGYtNWpyd83fmw
Improper path handling in kustomization files allows path traversal
Ecosystems: go
Packages: github.com/fluxcd/flux2, github.com/fluxcd/kustomize-controller
Source: GitHub Advisory Database
Blast Radius: 13.8
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS13MzVwLXd4d2otcmNtOc4AA2bq
Server-Side Request Forgery (SSRF) in vriteio/vrite
Ecosystems: npm
Packages: @vrite/sdk
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 7 months ago
Critical
GSA_kwCzR0hTQS1ybXBqLTdjOTYtbXJnOM4AArin
Apache Hadoop heap overflow before v2.10.2, v3.2.3, v3.3.2
Ecosystems: maven
Packages: org.apache.hadoop:hadoop-common
Source: GitHub Advisory Database
Blast Radius: 42.6
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS1jcmg2LWZwNjctNjg4M84AAvn0
xmldom allows multiple root nodes in a DOM
Ecosystems: npm
Packages: @xmldom/xmldom, xmldom
Source: GitHub Advisory Database
Blast Radius: 55.2
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS1wNDZnLThjM3EtODlwMs4AA2AM
FUXA SQL Injection vulnerability
Ecosystems: npm
Packages: fuxa-server
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 8 months ago
Critical
GSA_kwCzR0hTQS14OHgyLXdjMmgtd2M0OM4AAvV4
Missing rate limit on rdiffweb
Ecosystems: pypi
Packages: rdiffweb
Source: GitHub Advisory Database
Blast Radius: 4.7
Published: over 1 year ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXBmOGotdmhnOC14bWMz
karma-mojo enables OS Command Injection
Ecosystems: npm
Packages: karma-mojo
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS1nNzVjLWNqcjYtMzltY84AAz9m
XWiki Platform's Mail.MailConfig can be edited by any user with edit rights
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-mail-send-default
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 11 months ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWMzbTMtYzM5cS1wdjIz
Out of bounds write in slice-deque
Ecosystems: cargo
Packages: slice-deque
Source: GitHub Advisory Database
Blast Radius: 29.5
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS1obXg2LWdjMnAtNXA4Ms3u2w
Nablarch Incomplete Cryptography
Ecosystems: maven
Packages: com.nablarch.framework:nablarch-fw-web
Source: GitHub Advisory Database
Blast Radius: 13.9
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS03eGZqLTRqcGctNTh2Zs4AAUsi
ThinkPHP SQLi Vulnerability
Ecosystems: packagist
Packages: topthink/framework
Source: GitHub Advisory Database
Blast Radius: 34.4
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS1mcDdoLWY5ZjUteDRxN84AAz9l
XWiki vulnerable to stored cross-site scripting via any wiki document and the displaycontent/rendercontent template
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-web-templates, org.xwiki.platform:xwiki-platform-web
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 11 months ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJqNTUtcGN3NS14NGgy
active-support impersonates 'activesupport' gem
Ecosystems: rubygems
Packages: active-support
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 6 years ago
Critical
GSA_kwCzR0hTQS03NTdwLXZ4NDMtZnA5cs4AA01i
KubePi Privilege Escalation vulnerability
Ecosystems: go
Packages: github.com/KubeOperator/kubepi
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 10 months ago
Critical
GSA_kwCzR0hTQS00cTJ3LXJ3N20teHF3Ns3uzg
Sony Neural Network Libraries reliance on untrusted inputs prior to v1.0.10
Ecosystems: pypi
Packages: nnabla
Source: GitHub Advisory Database
Blast Radius: 17.4
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS1ocGY3LTRjMmctOWNoZs0V-A
Remote Code Execution in Halibut
Ecosystems: nuget
Packages: Halibut
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS03N2NjLXczd20tNndocM4AAwyB
dssp vulnerable to Improper Restriction of XML External Entity Reference
Ecosystems: maven
Packages: be.e_contract.dssp:dssp-client
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS1majM1LW05NHItOWg0Y84AAktJ
Maltego incorrectly shares a MISP connection across users in a remote-transform use case
Ecosystems: pypi
Packages: MISP-maltego
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS1xM3E1LXF2aDUtY213Nc4AAz9T
liufee CMS File Upload vulnerability
Ecosystems: packagist
Packages: feehi/cms
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 11 months ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZtNHItbTNnYy1oNHI1
OS Command Injection in install-package
Ecosystems: npm
Packages: install-package
Source: GitHub Advisory Database
Blast Radius: 8.3
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS0yampxLXg1NDgtcmhwds4AAvIq
isolated-vm has vulnerable CachedDataOptions in API
Ecosystems: npm
Packages: isolated-vm
Source: GitHub Advisory Database
Blast Radius: 22.2
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS1qeDJ4LWZnOXAtN2djN84AAyBw
Funadmin vulnerable to SQL injection
Ecosystems: packagist
Packages: funadmin/funadmin
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS14eDM2LTZydjQtZ2o4cs4AAqnc
ecdsa-elixir fails to check signatures, vulnerable to message forging
Ecosystems: hex
Packages: ecdsa-elixir
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJtNHctNjY5Ni1yNzdw
nb-connect invalidly assumes the memory layout of std::net::SocketAddr
Ecosystems: cargo
Packages: nb-connect
Source: GitHub Advisory Database
Blast Radius: 30.3
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS1mNzc2LXc5djItN3Zmas4AA2fh
XWiki Change Request Application UI XSS and remote code execution through change request title
Ecosystems: maven
Packages: org.xwiki.contrib.changerequest:application-changerequest-ui
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 months ago
Critical
GSA_kwCzR0hTQS1wcDhyLXZ2MmotOWo1ds4AAu1P
traitobject is Unmaintained
Ecosystems: cargo
Packages: traitobject
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS02bWY1LTM2djktM2gyd84AAz9p
XWiki Platform vulnerable to privilege escalation (PR) from view right via Invitation application
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-invitation-ui
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 11 months ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWZnNDctM2MyeC1tMndy
TimelockController vulnerability in OpenZeppelin Contracts
Ecosystems: npm
Packages: @openzeppelin/contracts
Source: GitHub Advisory Database
Blast Radius: 45.4
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS0zaDZmLWc1ZjMtZ2M0d84AA0zc
Access Control Bypass in Spring Security
Ecosystems: maven
Packages: org.springframework.security:spring-security-config
Source: GitHub Advisory Database
Blast Radius: 43.8
Published: 10 months ago
Critical
GSA_kwCzR0hTQS0yY3B4LTZwcXAtd2YzNc4AAtvK
fs2-io skips mTLS client verification
Ecosystems: maven
Packages: co.fs2:fs2-io
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS1tN2d2LXY4eHgtdjQ3d84AAvtQ
XWiki OIDC Authenticator vulnerable to bypassing OpenID login by providing a custom provider
Ecosystems: maven
Packages: org.xwiki.contrib.oidc:oidc-authenticator
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS03bWc1LXJ3MzktcTY3Zs4AAwyN
himiklab yii2-jqgrid-widget vulnerable to SQL Injection
Ecosystems: packagist
Packages: himiklab/yii2-jqgrid-widget
Source: GitHub Advisory Database
Blast Radius: 11.2
Published: over 1 year ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTR3ODItcjMyOS0zcTY3
Deserialization of Untrusted Data in jackson-databind
Ecosystems: maven
Packages: com.fasterxml.jackson.core:jackson-databind
Source: GitHub Advisory Database
Blast Radius: 52.8
Published: about 4 years ago
Critical
GSA_kwCzR0hTQS04d3d3LWNmZmgtNHE5OM4AA08I
Anyone with a share link can RESET all website data in Umami
Ecosystems: npm
Packages: umami
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 10 months ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTM2eHctaGdmdi1qd203
Multiple security issues including data race, buffer overflow, and uninitialized memory drop in arr
Ecosystems: cargo
Packages: arr
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS00amcyLTg0YzItcGo5Nc0V7A
Improper Control of Generation of Code ('Code Injection') in @asyncapi/modelina
Ecosystems: npm
Packages: @asyncapi/modelina
Source: GitHub Advisory Database
Blast Radius: 16.0
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS12NTd4LWd4ZmotNDg0cc0kcQ
Security Advisory for "Log4Shell"
Ecosystems: maven
Packages: com.hazelcast:hazelcast, com.hazelcast.jet:hazelcast-jet
Source: GitHub Advisory Database
Blast Radius: 40.2
Published: over 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWc1N2otcTQ4cC05dm0y
Command injection in Gerapy
Ecosystems: pypi
Packages: gerapy
Source: GitHub Advisory Database
Blast Radius: 15.0
Published: about 3 years ago
Critical
GSA_kwCzR0hTQS1oOHBqLWN4eDItamZnMs1BpQ
Improper Input Validation in httpx
Ecosystems: pypi
Packages: httpx
Source: GitHub Advisory Database
Blast Radius: 40.5
Published: about 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTR2aHctNHJ3Ny1qZnB2
Path traversal in mozwire
Ecosystems: cargo
Packages: mozwire
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS03N3hxLTdjNnAtNnhwNs3gbA
RubyGem openshift-origin-controller is vulnerable to command injection
Ecosystems: rubygems
Packages: openshift-origin-controller
Source: GitHub Advisory Database
Blast Radius: 11.2
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS1mcjV3LTk4bWMtamp2Z80l5Q
Arbitrary file upload in Mingsoft MCMS
Ecosystems: maven
Packages: net.mingsoft:ms-mcms
Source: GitHub Advisory Database
Blast Radius: 3.0
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS1qZnBoLTNocGctMmY2Nc3Xww
Incorrect Permission Assignment for Critical Resource in ShopXO
Ecosystems: packagist
Packages: shopxo/shopxo
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS12bTZwLTM1cnctM2Z4Y84AAt3H
Cockpit before 2.2.0 vulnerable to Insufficient Session Expiration
Ecosystems: packagist
Packages: aheinze/cockpit
Source: GitHub Advisory Database
Blast Radius: 10.6
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS05OTYzLWdtaDgtdnZtNs4AAxJN
Session fixation vulnerability in Jenkins Keycloak Authentication Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:keycloak
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTd3Z2gtNXE0cS02d3g1
Malicious Package in 1337qq-js
Ecosystems: npm
Packages: 1337qq-js
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 3 years ago
Critical
GSA_kwCzR0hTQS1tOHdmLXdtd2gtancybc4AAyAI
SQL Injection in Funadmin
Ecosystems: packagist
Packages: funadmin/funadmin
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS03Y3JjLXIzd2ctY2ZnZs4AA26r
Json response for search reveals Solr credentials
Ecosystems: packagist
Packages: ezsystems/ezplatform-solr-search-engine
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 7 months ago
Critical
GSA_kwCzR0hTQS12MzJtLXBmOXEtcDN4Z84AA3PR
Liferay Portal XSS with `p_l_back_url_title` on edit content page
Ecosystems: maven
Packages: com.liferay.portal:release.portal.bom
Source: GitHub Advisory Database
Blast Radius: 14.7
Published: 6 months ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWZwam0tcnAyZy0zcjRj
Django Rest Framework jwt allows obtaining new token from notionally invalidated token
Ecosystems: pypi
Packages: drf-jwt
Source: GitHub Advisory Database
Blast Radius: 22.4
Published: almost 4 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTI5ZmgteGNqci1wN3J4
Malicious Package in web3-eht
Ecosystems: npm
Packages: web3-eht
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 3 years ago
Critical
GSA_kwCzR0hTQS1yMzY0LTJwajQtcGY3Zs4AAzf1
ruby-saml vulnerable to XPath injection
Ecosystems: rubygems
Packages: ruby-saml
Source: GitHub Advisory Database
Blast Radius: 32.9
Published: 12 months ago
Critical
GSA_kwCzR0hTQS1oYzZxLTJtcHAtcXc3as4AAyD3
Cross-realm object access in Webpack 5
Ecosystems: npm
Packages: webpack
Source: GitHub Advisory Database
Blast Radius: 34.3
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS1oNDc1LTd2M2MtMjZxN84AAzEg
Command injection in OpenTSDB
Ecosystems: maven
Packages: net.opentsdb:opentsdb
Source: GitHub Advisory Database
Blast Radius: 22.0
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS01Z21mLThnaDItaGhmcM4AAR2I
Jenkins SSH Plugin user passwords for encrypted SSH keys stored in plaintext
Ecosystems: maven
Packages: org.jenkins-ci.plugins:ssh, org.jvnet.hudson.plugins:ssh
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS13cThmLXhtcTMtNXZxOc4AAy8R
Remote code execution in broccoli-compass
Ecosystems: npm
Packages: broccoli-compass
Source: GitHub Advisory Database
Blast Radius: 11.2
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS12cjIyLTQzZ2otcngzZs4AAjgN
omniauth-weibo-oauth2 included a code-execution backdoor inserted by a third party
Ecosystems: rubygems
Packages: omniauth-weibo-oauth2
Source: GitHub Advisory Database
Blast Radius: 24.6
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS00bTVwLTV3NXctM2pjZs4AAvTD
com.enonic.xp:lib-auth vulnerable to Session Fixation
Ecosystems: maven
Packages: com.enonic.xp:lib-auth
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS04NTltLTJwZngtZndoZs4AA08D
Code injection in oscore
Ecosystems: maven
Packages: opensymphony:oscore
Source: GitHub Advisory Database
Blast Radius: 18.3
Published: 10 months ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWYyanYtcjlyZi03OTg4
Remote code execution in handlebars when compiling templates
Ecosystems: maven, npm
Packages: org.webjars.bowergithub.wycats:handlebars.js, org.webjars.npm:handlebars, org.webjars:handlebars, handlebars
Source: GitHub Advisory Database
Blast Radius: 79.2
Published: about 3 years ago
Critical
GSA_kwCzR0hTQS1yNDhxLTlnNXItOHEyaM4AArc1
Authorization Bypass Through User-Controlled Key in go-restful
Ecosystems: go
Packages: github.com/emicklei/go-restful/v2, github.com/emicklei/go-restful, github.com/emicklei/go-restful/v3
Source: GitHub Advisory Database
Blast Radius: 42.1
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS05M203LWM2OWYtNWNmas4AAvMA
xmlquery lacks check for whether LoadURL response is in XML format, causing denial of service
Ecosystems: go
Packages: github.com/antchfx/xmlquery
Source: GitHub Advisory Database
Blast Radius: 32.5
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS0yNjQ3LWM2MzktcXYyas0wvQ
Server-Side Request Forgery in calibreweb
Ecosystems: pypi
Packages: calibreweb
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS1ncjgyLThmajItZ2djM84AA2sJ
XWiki Platform XSS vulnerability from account in the create page form via template provider
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-web, org.xwiki.platform:xwiki-web-standard, org.xwiki.platform:xwiki-platform-web-templates
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 months ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW03OTQtcXY1OS1najdj
Malicious Package in signqle
Ecosystems: npm
Packages: signqle
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 3 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWM5ajMtd3FwaC01eHg5
Command Injection in egg-scripts
Ecosystems: npm
Packages: egg-scripts
Source: GitHub Advisory Database
Blast Radius: 32.3
Published: over 5 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZyeGotNHFody01dndx
Malicious Package in scryptys
Ecosystems: npm
Packages: scryptys
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 3 years ago
Critical
GSA_kwCzR0hTQS02ODc0LTI4OWctZjdoN84AA0XW
Apache StreamPark Path Traversal vulnerability
Ecosystems: maven
Packages: org.apache.streampark:streampark-common_2.11, org.apache.streampark:streampark-common_2.12
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 11 months ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTkyNzItNTl4Mi1nd2Yy
Malicious Package in ripedm160
Ecosystems: npm
Packages: ripedm160
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 3 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWpjdzgtcjl4bS0zMmM2
Command Injection in dns-sync
Ecosystems: npm
Packages: dns-sync
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 6 years ago
Critical
GSA_kwCzR0hTQS01NDY5LWM1cDIteHY1Z84AAtlp
Dataease before 1.11.2 allows arbitrary code execution via crafter plugin
Ecosystems: maven
Packages: io.dataease:dataease-plugin-common
Source: GitHub Advisory Database
Blast Radius: 3.0
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS1maDU1LXZ3amMtNjljN84AAgdA
Unescaped control characters in Gitblit
Ecosystems: maven
Packages: com.gitblit:gitblit
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS1nd3ZtLXZycDQtNHBwNc4AAyUN
angular-server-side-configuration information disclosure vulnerability in monorepo with node.js backend
Ecosystems: npm
Packages: angular-server-side-configuration
Source: GitHub Advisory Database
Blast Radius: 10.7
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS1nd3FxLTZ2cTctNWo4Ns4AA1D8
langchain Code Injection vulnerability
Ecosystems: pypi
Packages: langchain
Source: GitHub Advisory Database
Blast Radius: 41.9
Published: 10 months ago
Critical
GSA_kwCzR0hTQS12OTJmLWp4NnAtNzNyeM4AA18p
Improper Control of Generation of Code ('Code Injection') in jai-ext
Ecosystems: maven
Packages: it.geosolutions.jaiext.jiffle:jt-jiffle-language, it.geosolutions.jaiext.jiffle:jt-jiffle
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 8 months ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTN3ajgtdnA5aC1ybTZt
total.js Remote Code Execution Vulnerability
Ecosystems: npm
Packages: total.js
Source: GitHub Advisory Database
Blast Radius: 20.3
Published: about 3 years ago
Critical
GSA_kwCzR0hTQS14djk3LWM2MnYtNDU4N84AAtxf
NextAuth.js before 4.10.3 and 3.29.10 sending verification requests (magic link) to unwanted emails
Ecosystems: npm
Packages: next-auth
Source: GitHub Advisory Database
Blast Radius: 39.0
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS1xajkzLTM3ZjUtbXIyOc4AAX6N
Improper Input Validation in IpMatcher
Ecosystems: nuget
Packages: IpMatcher
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Statistics
Advisories: 18,774
Packages: 8,381
Repositories: 5,080
Ecosystems: 12
Filter by Severity
Moderate 8,161 High 6,452 Critical 2,849 Low 1,017
Filter by Ecosystem
maven 5,573 packagist 4,003 pypi 3,848 npm 3,557 go 1,935 nuget 1,421 rubygems 815 cargo 780 swift 31 hex 30 actions 16 pub 8
Filter by Package
tensorflow 432 tensorflow-cpu 387 tensorflow-gpu 384 moodle/moodle 323 Microsoft.ChakraCore 247 magento/community-edition 203 org.jenkins-ci.main:jenkins-core 189 org.apache.tomcat:tomcat 134 pimcore/pimcore 116 dolibarr/dolibarr 107 typo3/cms 102 phpmyadmin/phpmyadmin 92 microweber/microweber 91 drupal/core 90 django 80 apache-airflow 78 typo3/cms-core 77 drupal/drupal 75 thorsten/phpmyfaq 70 com.fasterxml.jackson.core:jackson-databind 69 ansible 63 github.com/usememos/memos 59 actionpack 57 org.apache.struts:struts2-core 55 librenms/librenms 54 symfony/symfony 53 salt 53 Plone 52 concrete5/concrete5 52 apache-superset 49 shopware/platform 48 org.keycloak:keycloak-core 47 nova 45 com.liferay.portal:release.portal.bom 45 github.com/grafana/grafana 44 baserproject/basercms 43 nokogiri 43 plone 43 rdiffweb 42 Pillow 41 intelliants/subrion 40 showdoc/showdoc 40 craftcms/cms 40 vyper 38 github.com/mattermost/mattermost/server/v8 38 github.com/mattermost/mattermost-server/v6 37 nilsteampassnet/teampass 37 froxlor/froxlor 37 org.apache.tomcat.embed:tomcat-embed-core 36 shopware/core 36 com.jfinal:jfinal 36 com.thoughtworks.xstream:xstream 36 matrix-synapse 35 net.mingsoft:ms-mcms 35 moin 34 github.com/answerdev/answer 34 org.xwiki.platform:xwiki-platform-oldcore 34 mlflow 33 org.elasticsearch:elasticsearch 32 org.jenkins-ci.plugins:script-security 32 snipe/snipe-it 32 silverstripe/framework 32 k8s.io/kubernetes 32 keystone 30 opencv-contrib-python 30 opencv-python 30 mautic/core 30 Django 30 github.com/argoproj/argo-cd 29 getgrav/grav 29 parse-server 29 github.com/rancher/rancher 28 github.com/hashicorp/vault 28 centreon/centreon 27 io.undertow:undertow-core 27 org.keycloak:keycloak-services 27 shopware/shopware 27 github.com/hashicorp/nomad 26 prestashop/prestashop 26 github.com/hashicorp/consul 26 openssl-src 26 electron 26 rubygems-update 25 org.keycloak:keycloak-parent 25 org.apache.solr:solr-core 25 gogs.io/gogs 24 magento/core 24 pocketmine/pocketmine-mp 23 puppet 23 org.springframework.security:spring-security-core 23 github.com/argoproj/argo-cd/v2 23 remdex/livehelperchat 23 mediawiki/core 23 org.eclipse.jetty:jetty-server 23 ckb 22 grumpydictator/firefly-iii 22 getkirby/cms 22 org.bouncycastle:bcprov-jdk14 22 org.apache.nifi:nifi 22 rack 22 org.apache.openmeetings:openmeetings-parent 21 @openzeppelin/contracts-upgradeable 21 contao/core-bundle 21 activerecord 21 github.com/docker/docker 20 @openzeppelin/contracts 20 org.cloudfoundry.identity:cloudfoundry-identity-server 20 github.com/cilium/cilium 20 github.com/ethereum/go-ethereum 20 tribalsystems/zenario 20 DotNetNuke.Core 19 code.gitea.io/gitea 19 laravel/framework 19 org.springframework:spring-core 19 Microsoft.AspNetCore.App.Runtime.win-x64 18 com.vaadin:vaadin-bom 18 Microsoft.AspNetCore.App.Runtime.win-x86 18 langchain 18 com.liferay.portal:release.dxp.bom 18 forkcms/forkcms 18 glance 18 directus 18 contao/contao 18 helm.sh/helm/v3 18 cockpit-hq/cockpit 18 simplesamlphp/simplesamlphp 18 org.apache.geode:geode-core 17 topthink/framework 17 Microsoft.AspNetCore.App.Runtime.win-arm 17 cobbler 17 genix/cms 17 symfony/security 17 org.xwiki.platform:xwiki-platform-web-templates 17 golang.org/x/net 17 francoisjacquet/rosariosis 17 PaddlePaddle 17 cakephp/cakephp 17 mercurial 17 ezsystems/ezpublish-kernel 17 Microsoft.AspNetCore.App.Runtime.osx-x64 16 org.apache.dubbo:dubbo 16 wasmtime 16 org.apache.activemq:activemq-client 16 rusqlite 16 Microsoft.AspNetCore.App.Runtime.linux-x64 16 Microsoft.AspNetCore.App.Runtime.linux-musl-x64 16 Microsoft.AspNetCore.App.Runtime.linux-arm 16 neutron 16 Microsoft.AspNetCore.App.Runtime.linux-arm64 16 sequelize 16 yetiforce/yetiforce-crm 16 org.bouncycastle:bcprov-jdk15 16 pillow 16 notebook 15 org.apache.jspwiki:jspwiki-main 15 openmage/magento-lts 15 paddlepaddle 15 next 15 github.com/goharbor/harbor 15 Microsoft.AspNetCore.App.Runtime.win-arm64 15 gradio 15 Microsoft.AspNetCore.App.Runtime.linux-musl-arm64 15 cryptography 15 org.apache.struts.xwork:xwork-core 15 org.xwiki.platform:xwiki-platform-web 14 activesupport 14 zendframework/zendframework1 14 ghost 14 ec-cube/ec-cube 14 symfony/security-http 14 smarty/smarty 14 phpmailer/phpmailer 14 tinymce 14 pyload-ng 14 github.com/containerd/containerd 14 publify_core 14 swagger-ui 14 modoboa 14 org.apache.inlong:manager-pojo 14 typo3/cms-backend 14 pyftpdlib 14 codeigniter4/framework 13 github.com/mattermost/mattermost-server 13 lavalite/cms 13 github.com/traefik/traefik/v2 13 joplin 13 elefant/cms 13 october/system 13 strapi 13 bolt/bolt 13 ckeditor4 13 passenger 13 OctoPrint 13 impresscms/impresscms 13 github.com/nats-io/nats-server/v2 13 org.apache.cxf:cxf 13 org.apache.hadoop:hadoop-main 13 actionview 12 deno 12 undici 12
Filter by Repository
https://github.com/tensorflow/tensorflow 432 https://github.com/chakra-core/ChakraCore 214 https://github.com/moodle/moodle 210 https://github.com/xwiki/xwiki-platform 172 https://github.com/jenkinsci/jenkins 148 https://github.com/pimcore/pimcore 111 https://github.com/apache/tomcat 96 https://github.com/django/django 94 https://github.com/apache/airflow 90 https://github.com/microweber/microweber 85 https://github.com/FasterXML/jackson-databind 70 https://github.com/thorsten/phpmyfaq 69 https://github.com/usememos/memos 59 https://github.com/keycloak/keycloak 59 https://github.com/Dolibarr/dolibarr 55 https://github.com/rails/rails 53 https://github.com/ansible/ansible 53 https://github.com/python-pillow/Pillow 52 https://github.com/kubernetes/kubernetes 49 https://github.com/symfony/symfony 47 https://github.com/TYPO3/typo3 46 https://github.com/librenms/librenms 46 https://github.com/apache/struts 46 https://github.com/shopware/platform 43 https://github.com/ikus060/rdiffweb 42 https://github.com/spring-projects/spring-framework 41 https://github.com/grafana/grafana 39 https://github.com/star7th/showdoc 38 https://github.com/vyperlang/vyper 38 https://github.com/phpmyadmin/phpmyadmin 38 https://github.com/plone/Products.CMFPlone 37 https://github.com/argoproj/argo-cd 37 https://github.com/x-stream/xstream 36 https://github.com/openstack/nova 36 https://github.com/concretecms/concretecms 34 https://github.com/answerdev/answer 34 https://github.com/octobercms/october 33 https://github.com/apache/activemq 33 https://github.com/saltstack/salt 32 https://github.com/sparklemotion/nokogiri 32 https://github.com/matrix-org/synapse 32 https://github.com/go-gitea/gitea 31 https://github.com/PaddlePaddle/Paddle 31 https://github.com/magento/magento2 31 https://github.com/parse-community/parse-server 29 https://github.com/craftcms/cms 29 https://github.com/mautic/mautic 28 https://github.com/opencv/opencv 28 https://github.com/CVEProject/cvelist 28 https://github.com/snipe/snipe-it 28 https://github.com/mlflow/mlflow 27 https://github.com/openstack/keystone 27 https://github.com/froxlor/froxlor 26 https://github.com/apache/inlong 26 https://github.com/electron/electron 25 https://github.com/rancher/rancher 25 https://github.com/dotnet/runtime 24 https://github.com/shopware/shopware 24 https://github.com/getgrav/grav 24 https://github.com/TYPO3/TYPO3.CMS 24 https://github.com/pmmp/PocketMine-MP 23 https://github.com/github/advisory-database 23 https://github.com/livehelperchat/livehelperchat 23 https://github.com/eclipse/jetty.project 23 https://github.com/PrestaShop/PrestaShop 22 https://github.com/baserproject/basercms 22 https://github.com/firefly-iii/firefly-iii 22 https://github.com/nervosnetwork/ckb 22 https://github.com/contao/contao 22 https://github.com/apache/nifi 21 https://github.com/jenkinsci/script-security-plugin 21 https://github.com/strapi/strapi 21 https://github.com/netty/netty 20 https://github.com/jeecgboot/jeecg-boot 20 https://github.com/OpenNMS/opennms 20 https://github.com/cilium/cilium 20 https://github.com/OpenZeppelin/openzeppelin-contracts 20 https://github.com/gogs/gogs 20 https://github.com/nilsteampassnet/teampass 19 https://github.com/hashicorp/consul 19 https://github.com/bcgit/bc-java 19 https://github.com/apache/cxf 19 https://github.com/cloudfoundry/uaa 19 https://github.com/helm/helm 19 https://github.com/intelliants/subrion 19 https://github.com/rubygems/rubygems 18 https://github.com/nilsteampassnet/TeamPass 18 https://github.com/getkirby/kirby 18 https://github.com/vaadin/platform 17 https://github.com/rack/rack 17 https://github.com/liufee/cms 17 https://github.com/directus/directus 17 https://github.com/bytecodealliance/wasmtime 17 https://github.com/rusqlite/rusqlite 16 https://github.com/yetiforcecompany/yetiforcecrm 16 https://github.com/etcd-io/etcd 16 https://github.com/opencast/opencast 16 https://github.com/sequelize/sequelize 16 https://github.com/umbraco/Umbraco-CMS 16 https://github.com/forkcms/forkcms 16 https://github.com/ethereum/go-ethereum 16 https://github.com/hashicorp/vault 16 https://github.com/centreon/centreon 15 https://github.com/simplesamlphp/simplesamlphp 15 https://github.com/laravel/framework 15 https://github.com/puppetlabs/puppet 15 https://github.com/goharbor/harbor 15 https://github.com/geoserver/geoserver 15 https://github.com/OpenMage/magento-lts 15 https://github.com/denoland/deno 15 https://github.com/apache/camel 15 https://github.com/containerd/containerd 14 https://github.com/PHPMailer/PHPMailer 14 https://github.com/mattermost/mattermost 14 https://github.com/pyca/cryptography 14 https://github.com/cockpit-hq/cockpit 14 https://github.com/langchain-ai/langchain 14 https://github.com/moby/moby 14 https://github.com/cobbler/cobbler 14 https://github.com/vantage6/vantage6 14 https://github.com/tinymce/tinymce 14 https://github.com/gradio-app/gradio 14 https://github.com/pyload/pyload 14 https://github.com/quarkusio/quarkus 13 https://github.com/traefik/traefik 13 https://github.com/golang/go 13 https://github.com/hashicorp/nomad 13 https://github.com/swagger-api/swagger-ui 13 https://github.com/silverstripe/silverstripe-framework 13 https://github.com/xuxueli/xxl-job 13 https://github.com/dromara/hutool 13 https://github.com/publify/publify 13 https://github.com/modoboa/modoboa 13 https://github.com/undertow-io/undertow 13 https://github.com/ming-soft/MCMS 13 https://github.com/dompdf/dompdf 13 https://github.com/backstage/backstage 12 https://github.com/apache/dolphinscheduler 12 https://github.com/patriksimek/vm2 12 https://github.com/laurent22/joplin 12 https://github.com/ckeditor/ckeditor4 12 https://github.com/twisted/twisted 12 https://github.com/apache/kylin 12 https://github.com/nodejs/undici 12 https://github.com/TryGhost/Ghost 12 https://github.com/centreon/centreon-archived 12 https://github.com/igniterealtime/Openfire 11 https://github.com/top-think/framework 11 https://github.com/Studio-42/elFinder 11 https://github.com/thorsten/phpMyFAQ 11 https://github.com/dotnet/aspnetcore 11 https://github.com/janeczku/calibre-web 11 https://github.com/cakephp/cakephp 11 https://github.com/openfga/openfga 11 https://github.com/drupal/core 11 https://github.com/onionshare/onionshare 11 https://github.com/puma/puma 11 https://github.com/smarty-php/smarty 11 https://github.com/vaadin/flow 11 https://github.com/1Panel-dev/1Panel 11 https://github.com/aio-libs/aiohttp 11 https://github.com/containers/podman 11 https://github.com/ezsystems/ezpublish-kernel 11 https://github.com/cloudflare/cfrpki 11 https://github.com/nats-io/nats-server 11 https://github.com/zitadel/zitadel 11 https://github.com/opencontainers/runc 11 https://github.com/NodeBB/NodeBB 11 https://github.com/urllib3/urllib3 11 https://github.com/vercel/next.js 11 https://github.com/scrapy/scrapy 11 https://github.com/dolibarr/dolibarr 10 https://github.com/jquery/jquery 10 https://github.com/jenkinsci/git-plugin 10 https://github.com/keystonejs/keystone 10 https://github.com/wagtail/wagtail 10 https://github.com/pimcore/admin-ui-classic-bundle 10 https://github.com/openstack/glance 10 https://github.com/nextauthjs/next-auth 10 https://github.com/Sylius/Sylius 10 https://github.com/codeigniter4/CodeIgniter4 10 https://github.com/dpgaspar/Flask-AppBuilder 10 https://github.com/zopefoundation/Zope 10 https://github.com/greenpau/caddy-security 10 https://github.com/phusion/passenger 10 https://github.com/jupyter/notebook 10 https://github.com/nocodb/nocodb 10 https://github.com/OPCFoundation/UA-.NETStandard 10 https://github.com/WWBN/AVideo 10 https://github.com/Pylons/waitress 9 https://github.com/Graylog2/graylog2-server 9 https://github.com/spring-projects/spring-security 9 https://github.com/neorazorx/facturascripts 9 https://github.com/apache/lucene-solr 9 https://github.com/funadmin/funadmin 9 https://github.com/nautobot/nautobot 9 https://github.com/DSpace/DSpace 9 https://github.com/faucetsdn/ryu 9 https://github.com/semplon/GeniXCMS 9