Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories

Loading...
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTN2djUtNDJ3ci1tMzJn
Downloads Resources over HTTP in scala-bin
Ecosystems: npm
Packages: scala-bin
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW1tN2gtMzIzci05cDRn
Downloads Resources over HTTP in imageoptim
Ecosystems: npm
Packages: imageoptim
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 5 years ago
Moderate
GSA_kwCzR0hTQS1oM3J3LTc3dzctOTJnZs4AA5NA
Samly access control vulnerability
Ecosystems: hex
Packages: Samly
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXI5cTQtdzNmbS13cm0y
Cross-Site Scripting in google-closure-library
Ecosystems: npm
Packages: google-closure-library
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Critical
GSA_kwCzR0hTQS0zMmd2LTZjZjMtd2Ntcc0ymQ
HTTP/2 DoS Attacks: Ping, Reset, and Settings Floods
Ecosystems: pypi
Packages: twisted
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS01bXE4LWg4MnAtd2pmMs1mbg
Jetty Javascript Inclusion Vulnerability
Ecosystems: maven
Packages: org.mortbay.jetty:jetty
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWM3cHAtZzJ2Mi0yNzY2
DOM-based XSS in gmail-js
Ecosystems: npm
Packages: gmail-js
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXczNjQtOHZmdi1ndmY1
Downloads Resources over HTTP in phantomjs-cheniu
Ecosystems: npm
Packages: phantomjs-cheniu
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXA5cG0tNTV2cC0yanF3
Downloads Resources over HTTP in soci
Ecosystems: npm
Packages: soci
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTg5djItZzM3bS1nM2Zm
Improper Verification of Cryptographic Signature in aws-encryption-sdk-cli
Ecosystems: pypi
Packages: aws-encryption-sdk-cli
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 3 years ago
Moderate
GSA_kwCzR0hTQS01OHh2LTdoOXItbXgzY84AA8HR
Drupal Malicious file upload with filenames stating with dot
Ecosystems: packagist
Packages: drupal/drupal
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 days ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTVybTMtcWh4Zi1yaDNy
Downloads Resources over HTTP in co-cli-installer
Ecosystems: npm
Packages: co-cli-installer
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTVwcTgtMnEyNC1tajNw
Downloads Resources over HTTP in fis-parser-sass-bin
Ecosystems: npm
Packages: fis-parser-sass-bin
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 5 years ago
Low
GSA_kwCzR0hTQS12bThxLW01N2ctcGZmM84AA6CU
Regular expression denial-of-service in Django
Ecosystems: pypi
Packages: django
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 months ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWg0NXAtdzkzMy1qeGgz
Improper Verification of Cryptographic Signature in aws-encryption-sdk-javascript
Ecosystems: npm
Packages: @aws-crypto/client-node, @aws-crypto/client-browser
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWgyanYtNXYzZi03bTdq
Downloads Resources over HTTP in adamvr-geoip-lite
Ecosystems: npm
Packages: adamvr-geoip-lite
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXg1aDQtOWdxdy05NDJq
Improper Verification of Cryptographic Signature in aws-encryption-sdk
Ecosystems: pypi
Packages: aws-encryption-sdk
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 3 years ago
Moderate
GSA_kwCzR0hTQS1yNjdyLTQyd3gtYzhyN84AA8HO
Drupal External URL injection through URL aliases leading to Open Redirect
Ecosystems: packagist
Packages: drupal/drupal
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 days ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTU1eGgtNTNtNi05MzZy
Improper Verification of Cryptographic Signature in aws-encryption-sdk-java
Ecosystems: maven
Packages: com.amazonaws:aws-encryption-sdk-java
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTNjcnItOXZtZy04NjR2
Active Record Improper Input Validation
Ecosystems: rubygems
Packages: activerecord
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 6 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTlwMnctcm14NC05bXc3
Command Injection in strapi
Ecosystems: npm
Packages: strapi
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWdwcHAtNXhjNS13ZnB4
Active Record allows bypassing of database-query restrictions
Ecosystems: rubygems
Packages: activerecord
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 6 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWh3NHIteHIzOC1obThq
Downloads Resources over HTTP in unicode-json
Ecosystems: npm
Packages: unicode-json
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLThyNmgtN3g5Zy14bXc5
will_paginate Cross-site Scripting vulnerability
Ecosystems: rubygems
Packages: will_paginate
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 6 years ago
Moderate
GSA_kwCzR0hTQS02d3I2LTU0bXctbXZocs3vlA
BaserCMS privilege escallation
Ecosystems: packagist
Packages: baserproject/basercms
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTN3cWgtaDQyci14OGZx
Denial of Service in @hapi/subtext
Ecosystems: npm
Packages: @hapi/subtext
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Critical
GSA_kwCzR0hTQS03djY4LTNwcjUtaDNjcs4AA8HF
Drupal Core Insufficient Contextual Links validation leads to Remote Code Execution
Ecosystems: packagist
Packages: drupal/core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 days ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTIyaDctN3d3Zy1xbWdn
Prototype Pollution in @hapi/hoek
Ecosystems: npm
Packages: @hapi/hoek
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Moderate
GSA_kwCzR0hTQS1wbWdtLWgzY2MtbTRoas4AA5Va
React Native Document Picker Directory Traversal vulnerability
Ecosystems: npm
Packages: react-native-document-picker
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJqdmotNjczcS00aGZ3
Command Injection in traceroute
Ecosystems: npm
Packages: traceroute
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Critical
GSA_kwCzR0hTQS02bWdwLXY1Y20tZ2hnNc4AA8HE
Drupal core Remote Code Execution
Ecosystems: packagist
Packages: drupal/core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 days ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXdodjYtcmo4NC0ydmgy
Cross-Site Scripting in nextcloud-vue-collections
Ecosystems: npm
Packages: nextcloud-vue-collections
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Moderate
GSA_kwCzR0hTQS1mODRxLW1najktOGpmY84AA8HB
Drupal Content moderation Access bypass
Ecosystems: packagist
Packages: drupal/core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 days ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWNmd2MteGpmcC00NGpn
Command Injection in gnuplot
Ecosystems: npm
Packages: gnuplot
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJtajgtcGozai1oMzYy
Symlink reference outside of node_modules in bin-links
Ecosystems: npm
Packages: bin-links
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTlwNDktY3doMy00cWhm
Malicious Package in grunt-radic
Ecosystems: npm
Packages: grunt-radic
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWNncXYteDVjeC14dnFo
Arbitrary Code Injection in pouchdb
Ecosystems: npm
Packages: pouchdb
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 6 years ago
High
GSA_kwCzR0hTQS12eGYyLTdyYzMtcHhteM1vqQ
Cheetah Path Search Order Hijacking
Ecosystems: pypi
Packages: cheetah
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZ3amMtcTlweC1yOXZx
Denial of Service in ecstatic
Ecosystems: npm
Packages: ecstatic
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 6 years ago
Critical
GSA_kwCzR0hTQS02cTl2LTRocTYtNW02N84AA8G_
Doctrine SQL injection vulnerability
Ecosystems: packagist
Packages: doctrine/orm
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 days ago
Moderate
GSA_kwCzR0hTQS1qM2ozLWpyZmgtY20yd84AAVA_
Django Denial-of-service possibility with strip_tags
Ecosystems: pypi
Packages: Django
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1obXZqLWdjOXEtbWc5cM3e3g
Apache Struts's DebuggingInterceptor component allows remote code execution in developer mode
Ecosystems: maven
Packages: org.apache.struts.xwork:xwork-core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS04MnJtLTI4cTktNDM1cM1B1w
Mailman Cross-site scripting (XSS) vulnerability
Ecosystems: pypi
Packages: mailman
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS03Y2djLWZqdjQtNTJ4Ns4AAzdI
Malware in pre-build binaries of bignum
Ecosystems: npm
Packages: bignum
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 12 months ago
Low
GSA_kwCzR0hTQS05Z2NmLXBxOTktcmp3M84AAZrR
RPLY Predictable Tmpfile Names Allows Cache Spoofing
Ecosystems: pypi
Packages: RPLY
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJ4ODMtcjU2Zy1jdjQ3
Improper certificate validation in org.apache.httpcomponents:httpclient
Ecosystems: maven
Packages: org.apache.httpcomponents:httpclient
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 5 years ago
High
GSA_kwCzR0hTQS05MmoyLTVyN3AtNmhqd84AAcqh
Restlet is vulnerable to Arbitrary Java Code Execution via crafted XML
Ecosystems: maven
Packages: org.restlet.jse:org.restlet
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWNmamgtcDNnNC0zcTJm
VBScript Content Injection in marked
Ecosystems: npm
Packages: marked
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 6 years ago
Moderate
GSA_kwCzR0hTQS1xNHhmLTdmdzUtNHg4ds4AA8Id
Laravel Hijacked authentication cookies vulnerability
Ecosystems: packagist
Packages: illuminate/auth
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 days ago
Moderate
GSA_kwCzR0hTQS12amM0LTN2Z3gtcHE5aM4AA7wx
Nebari prints temporary Keycloak root password
Ecosystems: pypi
Packages: nebari
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 13 days ago
Critical
GSA_kwCzR0hTQS05Z3h2LXg3cnAtcjJoY84AA8Ib
gree/jose - "None" Algorithm treated as valid in tokens
Ecosystems: packagist
Packages: gree/jose
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 days ago
Moderate
GSA_kwCzR0hTQS0zOTJoLXI0NmotcTI0cM4AA3Ym
OwnCast remote code execution vulnerability
Ecosystems: go
Packages: github.com/owncast/owncast
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
High
GSA_kwCzR0hTQS13dmh4LXE0MjctZmdoM84AA7xy
Arbitrary HTML present after sanitization because of unicode normalization
Ecosystems: pypi
Packages: html-sanitizer
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 13 days ago
Moderate
GSA_kwCzR0hTQS1qanE4LXZmanEtajZ2NM4AAWAn
Improper Limitation of a Pathname to a Restricted Directory in Elasticsearch
Ecosystems: maven
Packages: org.elasticsearch:elasticsearch
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1wang4LTk4NHAtN3AzeM4AA8IW
FOSUserBundle Entropy is lost in the TokenGenerator
Ecosystems: packagist
Packages: friendsofsymfony/user-bundle
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 days ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWhwcjUtd3A3Yy1oaDVx
Cross-Site Scripting in mrk.js
Ecosystems: npm
Packages: mrk.js
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXdtN3EtcnhjaC00M214
Byass due to validation before canonicalization in serve
Ecosystems: npm
Packages: serve
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZtaDQtMzIydi1jZnBj
Cross-Site Scripting in cmmn-js-properties-panel
Ecosystems: npm
Packages: cmmn-js-properties-panel
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Moderate
GSA_kwCzR0hTQS03aG1tLXdnMjMtMnc3bc4AA7wS
Ryu Infinite Loop vulnerability
Ecosystems: pypi
Packages: ryu
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 14 days ago
Moderate
GSA_kwCzR0hTQS1mOTloLXczMzctbXY1Ns4AA0pu
iprange may panic when parsing ranges with invalid masks
Ecosystems: go
Packages: github.com/malfunkt/iprange
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 10 months ago
Moderate
GSA_kwCzR0hTQS1jN3c2LTMzajMtajNteM4AA7wU
Ryu Infinite Loop vulnerability
Ecosystems: pypi
Packages: ryu
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 14 days ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWY4cnEtbTI4aC04aHhq
Cross-Site Scripting in htmr
Ecosystems: npm
Packages: htmr
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Moderate
GSA_kwCzR0hTQS0zOWoyLTRwOWotNXc0as4AA8IQ
Ez Platform Object Injection in legacy shop module
Ecosystems: packagist
Packages: ezsystems/ezpublish-legacy
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 days ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTk5MmYtd2Y0dy14MzZ2
Prototype Pollution in merge-objects
Ecosystems: npm
Packages: merge-objects
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWh4d2MtNXZ3OS0ydzR3
NoSQL Injection in loopback-connector-mongodb
Ecosystems: npm
Packages: loopback-connector-mongodb
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJtdnEteHA0OC00Yzc3
Denial of Service in subtext
Ecosystems: npm
Packages: subtext
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Moderate
GSA_kwCzR0hTQS1tNWpmLThjcm0tcjY1bc4AA7ve
Vditor allows Cross-site Scripting via an attribute of an `A` element
Ecosystems: npm
Packages: vditor
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 16 days ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXY0eDgtZ3c0OS03aHY0
Path Traversal in swagger-injector
Ecosystems: npm
Packages: swagger-injector
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXY2dnYtaGhxYy02aGgy
Malicious Package in pyramid-proportion
Ecosystems: npm
Packages: pyramid-proportion
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW04Nm0tNW00NC1wYzkz
Denial of Service in grpc-ts-health-check
Ecosystems: npm
Packages: grpc-ts-health-check
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXIydnctamdxOS1qcXgy
Improper Authorization in @sap-cloud-sdk/core
Ecosystems: npm
Packages: @sap-cloud-sdk/core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW02d2gtbThtOC02eHg1
cofeescript is malware
Ecosystems: npm
Packages: cofeescript
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 6 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWc2NHEtM3ZnOC04Zjkz
Prototype Pollution in subtext
Ecosystems: npm
Packages: subtext
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTdwNncteDJnci1ycmY4
Cross-Site Scripting in ag-grid-community
Ecosystems: npm
Packages: ag-grid-community
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
High
GSA_kwCzR0hTQS02NHZqLTkzM2YtNnBtM84AA8Ht
eZ Platform Object Injection in SiteAccessMatchListener
Ecosystems: packagist
Packages: ezsystems/ezpublish-kernel
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 days ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXhycjYtNnd3My1mM3Ft
Sandbox Breakout / Arbitrary Code Execution in value-censorship
Ecosystems: npm
Packages: value-censorship
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
High
GSA_kwCzR0hTQS04MnJ2LTQ1cGMtdjI4d84AA8Hs
eZ Publish Legacy Patch EZSA-2018-001 for Several vulnerabilities
Ecosystems: packagist
Packages: ezsystems/ezpublish-legacy
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 days ago
High
GSA_kwCzR0hTQS1jYzJqLTkyanEtd2dqZ84AA8Hr
eZ Publish Information disclosure in backend content tree menu
Ecosystems: packagist
Packages: ezsystems/ezpublish-legacy
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 days ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWg5N2ctNG14Ny01cDJw
Open Redirect in apostrophe
Ecosystems: npm
Packages: apostrophe
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Moderate
GSA_kwCzR0hTQS1xNzQ4LW1jd2cteG1xds4AAdkP
OpenStack Image Service (Glance) allows remote authenticated users to bypass access restrictions
Ecosystems: pypi
Packages: glance
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS01aGNyLWczMnAtaDc0Y84AA7WP
Lavalite CMS Cross Site Scripting vulnerability
Ecosystems: packagist
Packages: lavalite/cms
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 22 days ago
Moderate
GSA_kwCzR0hTQS1jM3F2LW1mOGgtNDM0cs2z1g
Roundup vulnerability related to Cross-site scripting (XSS)
Ecosystems: pypi
Packages: roundup
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS1wd2dtLWp2cXYtNnY4cM4AAf3k
Plone anonymous access to sub-objects in CMFEditions where KwAsAttributes classes were publishable
Ecosystems: pypi
Packages: Plone
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS12Mmd3LXg1amYtcGd3ds25UQ
Mercurial Directory traversal vulnerability
Ecosystems: pypi
Packages: mercurial
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTN3YzgtNjU5Zy1yODhx
Low severity vulnerability that affects org.springframework.batch:spring-batch-core
Ecosystems: maven
Packages: org.springframework.batch:spring-batch-core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 5 years ago
Moderate
GSA_kwCzR0hTQS00ajN3LWc2MngtaHJjcM2vAg
Plone Cross-site request forgery (CSRF)
Ecosystems: pypi
Packages: Plone
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS00MzdwLXF3OTUtd3Fxcs4AAa6S
Trac vulnerable to denial of service
Ecosystems: pypi
Packages: Trac
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWgycjQtNHhnZi0zODY1
Downloads Resources over HTTP in product-monitor
Ecosystems: npm
Packages: product-monitor
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 5 years ago
Moderate
GSA_kwCzR0hTQS1yN2o0LTgyeHctOG05cM2Kqg
Plone allows a user to masquerade as a group
Ecosystems: pypi
Packages: Plone
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS14Znh2LWY5NDUtNHF2Ns4AAX-t
JBoss RichFaces Improper Input Validation vulnerability
Ecosystems: maven
Packages: org.richfaces:richfaces
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTR3aGMtcHA0eC05cGYz
jquery-rails and jquery-ujs subject to Exposure of Sensitive Information
Ecosystems: rubygems
Packages: jquery-ujs, jquery-rails
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 6 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTQ5MzYtcmoyNS02d202
nori contains Improper Input Validation
Ecosystems: rubygems
Packages: nori
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 6 years ago
Critical
GSA_kwCzR0hTQS02bW1mLXY1cTctdncyd84AAqut
Asterix Heap-based Buffer Overflow
Ecosystems: pypi
Packages: asterix_decoder
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJodmMteDMyaC01NTI2
No CSRF Validation in droppy
Ecosystems: npm
Packages: droppy
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXhnNXItOGo5Ny0yd3Jq
Directory Traversal in restafary
Ecosystems: npm
Packages: restafary
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJxd2gtYzUzNS1qOWh3
Downloads Resources over HTTP in js-given
Ecosystems: npm
Packages: js-given
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJqMzgtODdmMy05M3A2
Downloads Resources over HTTP in limbus-buildgen
Ecosystems: npm
Packages: limbus-buildgen
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 5 years ago
Moderate
GSA_kwCzR0hTQS1qNmMzLTNjNHctcXY4cM30bg
Moodle cross-site scripting (XSS) vulnerabilities
Ecosystems: packagist
Packages: typo3/cms, moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1ndzJxLWNndnEtOWczds4AAZ71
Roundup Cross-site scripting (XSS) vulnerability
Ecosystems: pypi
Packages: roundup
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXFtdjQtamdwNy1tZjY4
Sails before 0.12.7 vulnerable to Broken CORS
Ecosystems: npm
Packages: sails
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 5 years ago
Statistics
Advisories: 18,774
Packages: 8,381
Repositories: 5,080
Ecosystems: 12
Filter by Severity
Moderate 8,161 High 6,452 Critical 2,849 Low 1,017
Filter by Ecosystem
maven 5,573 packagist 4,003 pypi 3,848 npm 3,557 go 1,935 nuget 1,421 rubygems 815 cargo 780 swift 31 hex 30 actions 16 pub 8
Filter by Package
tensorflow 432 tensorflow-cpu 387 tensorflow-gpu 384 moodle/moodle 323 Microsoft.ChakraCore 247 magento/community-edition 203 org.jenkins-ci.main:jenkins-core 189 org.apache.tomcat:tomcat 134 pimcore/pimcore 116 dolibarr/dolibarr 107 typo3/cms 102 phpmyadmin/phpmyadmin 92 microweber/microweber 91 drupal/core 90 django 80 apache-airflow 78 typo3/cms-core 77 drupal/drupal 75 thorsten/phpmyfaq 70 com.fasterxml.jackson.core:jackson-databind 69 ansible 63 github.com/usememos/memos 59 actionpack 57 org.apache.struts:struts2-core 55 librenms/librenms 54 symfony/symfony 53 salt 53 Plone 52 concrete5/concrete5 52 apache-superset 49 shopware/platform 48 org.keycloak:keycloak-core 47 nova 45 com.liferay.portal:release.portal.bom 45 github.com/grafana/grafana 44 baserproject/basercms 43 nokogiri 43 plone 43 rdiffweb 42 Pillow 41 intelliants/subrion 40 showdoc/showdoc 40 craftcms/cms 40 vyper 38 github.com/mattermost/mattermost/server/v8 38 github.com/mattermost/mattermost-server/v6 37 nilsteampassnet/teampass 37 froxlor/froxlor 37 org.apache.tomcat.embed:tomcat-embed-core 36 shopware/core 36 com.jfinal:jfinal 36 com.thoughtworks.xstream:xstream 36 matrix-synapse 35 net.mingsoft:ms-mcms 35 moin 34 github.com/answerdev/answer 34 org.xwiki.platform:xwiki-platform-oldcore 34 mlflow 33 org.elasticsearch:elasticsearch 32 org.jenkins-ci.plugins:script-security 32 snipe/snipe-it 32 silverstripe/framework 32 k8s.io/kubernetes 32 keystone 30 opencv-contrib-python 30 opencv-python 30 mautic/core 30 Django 30 github.com/argoproj/argo-cd 29 getgrav/grav 29 parse-server 29 github.com/rancher/rancher 28 github.com/hashicorp/vault 28 centreon/centreon 27 io.undertow:undertow-core 27 org.keycloak:keycloak-services 27 shopware/shopware 27 github.com/hashicorp/nomad 26 prestashop/prestashop 26 github.com/hashicorp/consul 26 openssl-src 26 electron 26 rubygems-update 25 org.keycloak:keycloak-parent 25 org.apache.solr:solr-core 25 gogs.io/gogs 24 magento/core 24 pocketmine/pocketmine-mp 23 puppet 23 org.springframework.security:spring-security-core 23 github.com/argoproj/argo-cd/v2 23 remdex/livehelperchat 23 mediawiki/core 23 org.eclipse.jetty:jetty-server 23 ckb 22 grumpydictator/firefly-iii 22 getkirby/cms 22 org.bouncycastle:bcprov-jdk14 22 org.apache.nifi:nifi 22 rack 22 org.apache.openmeetings:openmeetings-parent 21 @openzeppelin/contracts-upgradeable 21 contao/core-bundle 21 activerecord 21 github.com/docker/docker 20 @openzeppelin/contracts 20 org.cloudfoundry.identity:cloudfoundry-identity-server 20 github.com/cilium/cilium 20 github.com/ethereum/go-ethereum 20 tribalsystems/zenario 20 DotNetNuke.Core 19 code.gitea.io/gitea 19 laravel/framework 19 org.springframework:spring-core 19 Microsoft.AspNetCore.App.Runtime.win-x64 18 com.vaadin:vaadin-bom 18 Microsoft.AspNetCore.App.Runtime.win-x86 18 langchain 18 com.liferay.portal:release.dxp.bom 18 forkcms/forkcms 18 glance 18 directus 18 contao/contao 18 helm.sh/helm/v3 18 cockpit-hq/cockpit 18 simplesamlphp/simplesamlphp 18 org.apache.geode:geode-core 17 topthink/framework 17 Microsoft.AspNetCore.App.Runtime.win-arm 17 cobbler 17 genix/cms 17 symfony/security 17 org.xwiki.platform:xwiki-platform-web-templates 17 golang.org/x/net 17 francoisjacquet/rosariosis 17 PaddlePaddle 17 cakephp/cakephp 17 mercurial 17 ezsystems/ezpublish-kernel 17 Microsoft.AspNetCore.App.Runtime.osx-x64 16 org.apache.dubbo:dubbo 16 wasmtime 16 org.apache.activemq:activemq-client 16 rusqlite 16 Microsoft.AspNetCore.App.Runtime.linux-x64 16 Microsoft.AspNetCore.App.Runtime.linux-musl-x64 16 Microsoft.AspNetCore.App.Runtime.linux-arm 16 neutron 16 Microsoft.AspNetCore.App.Runtime.linux-arm64 16 sequelize 16 yetiforce/yetiforce-crm 16 org.bouncycastle:bcprov-jdk15 16 pillow 16 notebook 15 org.apache.jspwiki:jspwiki-main 15 openmage/magento-lts 15 paddlepaddle 15 next 15 github.com/goharbor/harbor 15 Microsoft.AspNetCore.App.Runtime.win-arm64 15 gradio 15 Microsoft.AspNetCore.App.Runtime.linux-musl-arm64 15 cryptography 15 org.apache.struts.xwork:xwork-core 15 org.xwiki.platform:xwiki-platform-web 14 activesupport 14 zendframework/zendframework1 14 ghost 14 ec-cube/ec-cube 14 symfony/security-http 14 smarty/smarty 14 phpmailer/phpmailer 14 tinymce 14 pyload-ng 14 github.com/containerd/containerd 14 publify_core 14 swagger-ui 14 modoboa 14 org.apache.inlong:manager-pojo 14 typo3/cms-backend 14 pyftpdlib 14 codeigniter4/framework 13 github.com/mattermost/mattermost-server 13 lavalite/cms 13 github.com/traefik/traefik/v2 13 joplin 13 elefant/cms 13 october/system 13 strapi 13 bolt/bolt 13 ckeditor4 13 passenger 13 OctoPrint 13 impresscms/impresscms 13 github.com/nats-io/nats-server/v2 13 org.apache.cxf:cxf 13 org.apache.hadoop:hadoop-main 13 actionview 12 deno 12 undici 12
Filter by Repository
https://github.com/tensorflow/tensorflow 432 https://github.com/chakra-core/ChakraCore 214 https://github.com/moodle/moodle 210 https://github.com/xwiki/xwiki-platform 172 https://github.com/jenkinsci/jenkins 148 https://github.com/pimcore/pimcore 111 https://github.com/apache/tomcat 96 https://github.com/django/django 95 https://github.com/apache/airflow 90 https://github.com/microweber/microweber 85 https://github.com/FasterXML/jackson-databind 70 https://github.com/thorsten/phpmyfaq 69 https://github.com/usememos/memos 59 https://github.com/keycloak/keycloak 59 https://github.com/Dolibarr/dolibarr 55 https://github.com/rails/rails 53 https://github.com/ansible/ansible 53 https://github.com/python-pillow/Pillow 52 https://github.com/kubernetes/kubernetes 49 https://github.com/symfony/symfony 47 https://github.com/TYPO3/typo3 46 https://github.com/librenms/librenms 46 https://github.com/apache/struts 46 https://github.com/shopware/platform 43 https://github.com/ikus060/rdiffweb 42 https://github.com/spring-projects/spring-framework 41 https://github.com/grafana/grafana 39 https://github.com/star7th/showdoc 38 https://github.com/vyperlang/vyper 38 https://github.com/phpmyadmin/phpmyadmin 38 https://github.com/plone/Products.CMFPlone 37 https://github.com/argoproj/argo-cd 37 https://github.com/x-stream/xstream 36 https://github.com/openstack/nova 36 https://github.com/concretecms/concretecms 34 https://github.com/answerdev/answer 34 https://github.com/octobercms/october 33 https://github.com/apache/activemq 33 https://github.com/saltstack/salt 32 https://github.com/sparklemotion/nokogiri 32 https://github.com/matrix-org/synapse 32 https://github.com/go-gitea/gitea 31 https://github.com/PaddlePaddle/Paddle 31 https://github.com/magento/magento2 31 https://github.com/parse-community/parse-server 29 https://github.com/craftcms/cms 29 https://github.com/mautic/mautic 28 https://github.com/opencv/opencv 28 https://github.com/CVEProject/cvelist 28 https://github.com/snipe/snipe-it 28 https://github.com/mlflow/mlflow 27 https://github.com/openstack/keystone 27 https://github.com/froxlor/froxlor 26 https://github.com/apache/inlong 26 https://github.com/electron/electron 25 https://github.com/rancher/rancher 25 https://github.com/dotnet/runtime 24 https://github.com/shopware/shopware 24 https://github.com/getgrav/grav 24 https://github.com/TYPO3/TYPO3.CMS 24 https://github.com/pmmp/PocketMine-MP 23 https://github.com/github/advisory-database 23 https://github.com/livehelperchat/livehelperchat 23 https://github.com/eclipse/jetty.project 23 https://github.com/PrestaShop/PrestaShop 22 https://github.com/baserproject/basercms 22 https://github.com/firefly-iii/firefly-iii 22 https://github.com/nervosnetwork/ckb 22 https://github.com/contao/contao 22 https://github.com/apache/nifi 21 https://github.com/jenkinsci/script-security-plugin 21 https://github.com/strapi/strapi 21 https://github.com/netty/netty 20 https://github.com/jeecgboot/jeecg-boot 20 https://github.com/OpenNMS/opennms 20 https://github.com/cilium/cilium 20 https://github.com/OpenZeppelin/openzeppelin-contracts 20 https://github.com/gogs/gogs 20 https://github.com/nilsteampassnet/teampass 19 https://github.com/hashicorp/consul 19 https://github.com/bcgit/bc-java 19 https://github.com/apache/cxf 19 https://github.com/cloudfoundry/uaa 19 https://github.com/helm/helm 19 https://github.com/intelliants/subrion 19 https://github.com/rubygems/rubygems 18 https://github.com/nilsteampassnet/TeamPass 18 https://github.com/getkirby/kirby 18 https://github.com/vaadin/platform 17 https://github.com/rack/rack 17 https://github.com/liufee/cms 17 https://github.com/directus/directus 17 https://github.com/bytecodealliance/wasmtime 17 https://github.com/rusqlite/rusqlite 16 https://github.com/yetiforcecompany/yetiforcecrm 16 https://github.com/etcd-io/etcd 16 https://github.com/opencast/opencast 16 https://github.com/sequelize/sequelize 16 https://github.com/umbraco/Umbraco-CMS 16 https://github.com/forkcms/forkcms 16 https://github.com/ethereum/go-ethereum 16 https://github.com/hashicorp/vault 16 https://github.com/centreon/centreon 15 https://github.com/simplesamlphp/simplesamlphp 15 https://github.com/laravel/framework 15 https://github.com/puppetlabs/puppet 15 https://github.com/goharbor/harbor 15 https://github.com/geoserver/geoserver 15 https://github.com/OpenMage/magento-lts 15 https://github.com/denoland/deno 15 https://github.com/apache/camel 15 https://github.com/containerd/containerd 14 https://github.com/PHPMailer/PHPMailer 14 https://github.com/mattermost/mattermost 14 https://github.com/pyca/cryptography 14 https://github.com/cockpit-hq/cockpit 14 https://github.com/langchain-ai/langchain 14 https://github.com/moby/moby 14 https://github.com/cobbler/cobbler 14 https://github.com/vantage6/vantage6 14 https://github.com/tinymce/tinymce 14 https://github.com/gradio-app/gradio 14 https://github.com/pyload/pyload 14 https://github.com/quarkusio/quarkus 13 https://github.com/traefik/traefik 13 https://github.com/golang/go 13 https://github.com/hashicorp/nomad 13 https://github.com/swagger-api/swagger-ui 13 https://github.com/silverstripe/silverstripe-framework 13 https://github.com/xuxueli/xxl-job 13 https://github.com/dromara/hutool 13 https://github.com/publify/publify 13 https://github.com/modoboa/modoboa 13 https://github.com/undertow-io/undertow 13 https://github.com/ming-soft/MCMS 13 https://github.com/dompdf/dompdf 13 https://github.com/backstage/backstage 12 https://github.com/apache/dolphinscheduler 12 https://github.com/patriksimek/vm2 12 https://github.com/laurent22/joplin 12 https://github.com/ckeditor/ckeditor4 12 https://github.com/twisted/twisted 12 https://github.com/apache/kylin 12 https://github.com/nodejs/undici 12 https://github.com/TryGhost/Ghost 12 https://github.com/centreon/centreon-archived 12 https://github.com/igniterealtime/Openfire 11 https://github.com/top-think/framework 11 https://github.com/Studio-42/elFinder 11 https://github.com/thorsten/phpMyFAQ 11 https://github.com/dotnet/aspnetcore 11 https://github.com/janeczku/calibre-web 11 https://github.com/cakephp/cakephp 11 https://github.com/openfga/openfga 11 https://github.com/drupal/core 11 https://github.com/onionshare/onionshare 11 https://github.com/puma/puma 11 https://github.com/smarty-php/smarty 11 https://github.com/vaadin/flow 11 https://github.com/1Panel-dev/1Panel 11 https://github.com/aio-libs/aiohttp 11 https://github.com/containers/podman 11 https://github.com/ezsystems/ezpublish-kernel 11 https://github.com/cloudflare/cfrpki 11 https://github.com/nats-io/nats-server 11 https://github.com/zitadel/zitadel 11 https://github.com/opencontainers/runc 11 https://github.com/NodeBB/NodeBB 11 https://github.com/urllib3/urllib3 11 https://github.com/vercel/next.js 11 https://github.com/scrapy/scrapy 11 https://github.com/dolibarr/dolibarr 10 https://github.com/jquery/jquery 10 https://github.com/jenkinsci/git-plugin 10 https://github.com/keystonejs/keystone 10 https://github.com/wagtail/wagtail 10 https://github.com/pimcore/admin-ui-classic-bundle 10 https://github.com/openstack/glance 10 https://github.com/nextauthjs/next-auth 10 https://github.com/Sylius/Sylius 10 https://github.com/codeigniter4/CodeIgniter4 10 https://github.com/dpgaspar/Flask-AppBuilder 10 https://github.com/zopefoundation/Zope 10 https://github.com/greenpau/caddy-security 10 https://github.com/phusion/passenger 10 https://github.com/jupyter/notebook 10 https://github.com/nocodb/nocodb 10 https://github.com/OPCFoundation/UA-.NETStandard 10 https://github.com/WWBN/AVideo 10 https://github.com/Pylons/waitress 9 https://github.com/Graylog2/graylog2-server 9 https://github.com/spring-projects/spring-security 9 https://github.com/neorazorx/facturascripts 9 https://github.com/apache/lucene-solr 9 https://github.com/funadmin/funadmin 9 https://github.com/nautobot/nautobot 9 https://github.com/DSpace/DSpace 9 https://github.com/faucetsdn/ryu 9 https://github.com/semplon/GeniXCMS 9