Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Critical Security Advisories

Loading...
Critical
GSA_kwCzR0hTQS1nOGo4LW1naDktcTc3cM0teg
File upload leading to RCE in MCMS
Ecosystems: maven
Packages: net.mingsoft:ms-mcms
Source: GitHub Advisory Database
Blast Radius: 3.0
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS0ycG13LWN2YzctZnJ2aM0s2A
SQL injection in MCMS
Ecosystems: maven
Packages: net.mingsoft:ms-mcms
Source: GitHub Advisory Database
Blast Radius: 3.0
Published: about 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW04OTgtaDRwbS1wcWZy
Arbitrary code execution due to an uncontrolled search path for the git binary
Ecosystems: go
Packages: github.com/MichaelMure/git-bug
Source: GitHub Advisory Database
Blast Radius: 3.0
Published: almost 3 years ago
Critical
GSA_kwCzR0hTQS1ocjUyLWY5dnAtNTgyY80flw
Use of Uninitialized Resource in messagepack-rs.
Ecosystems: cargo
Packages: messagepack-rs
Source: GitHub Advisory Database
Blast Radius: 3.0
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS1xNXJnLXdnN2gtNzNtNc4AAh_b
LibreNMS Information Disclosure
Ecosystems: packagist
Packages: librenms/librenms
Source: GitHub Advisory Database
Blast Radius: 3.0
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS04d3E3LWhoamotZnBxds0l6Q
RCE in Mingsoft MCMS
Ecosystems: maven
Packages: net.mingsoft:ms-mcms
Source: GitHub Advisory Database
Blast Radius: 3.0
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS02eGo5LWhwcTMtdzNxd84AArXB
Code injection in MCMS
Ecosystems: maven
Packages: net.mingsoft:ms-mcms
Source: GitHub Advisory Database
Blast Radius: 3.0
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS12dzVtLXF3MnItbTkyM80fmQ
Use of Uninitialized Resource in messagepack-rs.
Ecosystems: cargo
Packages: messagepack-rs
Source: GitHub Advisory Database
Blast Radius: 3.0
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS13M3JjLTJ3aGctdzkzNM4AAuEF
Mingsoft MCMS SQL injection vulnerability in /mdiy/model/delete URI via models List
Ecosystems: maven
Packages: net.mingsoft:ms-mcms
Source: GitHub Advisory Database
Blast Radius: 3.0
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS03Nmo0LWdnZ3EtN3JnOc02HQ
SQLinjection in falcon-plus
Ecosystems: go
Packages: github.com/open-falcon/falcon-plus
Source: GitHub Advisory Database
Blast Radius: 3.0
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS1tZmp3LXg0cTQtNjlwOc4AAigf
Ignite Realtime Openfire vulnerable to Server Side Request Forgery
Ecosystems: maven
Packages: org.igniterealtime.openfire:parent
Source: GitHub Advisory Database
Blast Radius: 3.0
Published: almost 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTlqanItcXFmcC1wcHd4
remote code execution via git repo provider
Ecosystems: pypi
Packages: binderhub
Source: GitHub Advisory Database
Blast Radius: 2.9
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS00NXZtLTNqMzgtN3A3OM4AA8ER
PrestaShop cross-site scripting via customer contact form in FO, through file upload
Ecosystems: packagist
Packages: prestashop/prestashop
Source: GitHub Advisory Database
Blast Radius: 2.9
Published: 2 days ago
Critical
GSA_kwCzR0hTQS02NnA4LWo0NTktcnE2M84AAxiH
Pterodactyl Wings contains UNIX Symbolic Link (Symlink) Following resulting in deletion of files and directories on the host system
Ecosystems: go
Packages: github.com/pterodactyl/wings
Source: GitHub Advisory Database
Blast Radius: 2.9
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS1xcDcyLTk2cDItZzY0NM4AAtSN
Tooxie Shiva 0.10.0 allows absolute path traversal because Flask send_file function used unsafely
Ecosystems: pypi
Packages: shiva
Source: GitHub Advisory Database
Blast Radius: 2.8
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS14Z2djLXFwcmcteDZtd84AAs7K
Weave GitOps leaked cluster credentials into logs on connection errors
Ecosystems: go
Packages: github.com/weaveworks/weave-gitops
Source: GitHub Advisory Database
Blast Radius: 2.7
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS02bWpnLTM3Y3AtNDJ4Nc4AA3ul
Improper Privilege Management in sap-xssec
Ecosystems: pypi
Packages: sap-xssec
Source: GitHub Advisory Database
Blast Radius: 2.7
Published: 5 months ago
Critical
GSA_kwCzR0hTQS1tcnE0LTdjaDctMjQ2Nc0mqQ
Server Side Twig Template Injection
Ecosystems: packagist
Packages: prestashop/prestashop
Source: GitHub Advisory Database
Blast Radius: 2.7
Published: over 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWd2bTctOGZxMy1xamoy
Malicious Package in bs85
Ecosystems: npm
Packages: bs85
Source: GitHub Advisory Database
Blast Radius: 2.7
Published: over 3 years ago
Critical
GSA_kwCzR0hTQS1wNzQ0LTRxNnAtaHZjMs4AAzSb
Wings vulnerable to escape to host from installation container
Ecosystems: go
Packages: github.com/pterodactyl/wings
Source: GitHub Advisory Database
Blast Radius: 2.7
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS00Zzc2LXczeHctMng2d84AAyGN
Full authentication bypass if SASL authorization username is specified
Ecosystems: go
Packages: github.com/foxcpp/maddy
Source: GitHub Advisory Database
Blast Radius: 2.7
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS1wOTloLXBmZzYtcXJmZ84AA3r0
Privilege escalation in sap-xssec
Ecosystems: pypi
Packages: sap-xssec
Source: GitHub Advisory Database
Blast Radius: 2.7
Published: 5 months ago
Critical
GSA_kwCzR0hTQS1nZjQ2LXBybTQtNTZwY84AA1LW
PrestaShop SQL manager vulnerability
Ecosystems: packagist
Packages: prestashop/prestashop
Source: GitHub Advisory Database
Blast Radius: 2.7
Published: 9 months ago
Critical
GSA_kwCzR0hTQS1nZnFmLTl3OTgtN2pteM4AA5GB
Stimulsoft Dashboard.JS directory traversal vulnerability
Ecosystems: npm
Packages: stimulsoft-dashboards-js
Source: GitHub Advisory Database
Blast Radius: 2.7
Published: 3 months ago
Critical
GSA_kwCzR0hTQS1nYzc5LWdoNGYtOWc2d80tdQ
Server Side Template Injection in MCMS
Ecosystems: maven
Packages: net.mingsoft:ms-mcms
Source: GitHub Advisory Database
Blast Radius: 2.7
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS1tNGo1LWhncXEtNWpmMs4AARcl
Insecure cookie sharing in Hawtio
Ecosystems: maven
Packages: io.hawt:project
Source: GitHub Advisory Database
Blast Radius: 2.7
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS03ZzUzLWpqMjUtamhncs4AAx9K
Remote code execution in Funadmin
Ecosystems: packagist
Packages: funadmin/funadmin
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS01bTN3LXJ2dmgtOGZ4Ns4AAQML
Joomla! Object Injection Vulnerability
Ecosystems: packagist
Packages: joomla/joomla-cms
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWg3M2ctOGcyNy14eGN4
Command injection in corenlp-js-prefab
Ecosystems: npm
Packages: corenlp-js-prefab
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 3 years ago
Critical
GSA_kwCzR0hTQS05OWpnLXIzZjQtcnB4as4AA3ss
memory overflow vulnerability in OpenEXR-viewer
Ecosystems: actions
Packages: afichet/openexr-viewer
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 5 months ago
Critical
GSA_kwCzR0hTQS1tOHJ3LXJjcHEtMnZwMs4AA3uk
Improper Privilege Management in github.com/sap/cloud-security-client-go
Ecosystems: go
Packages: github.com/sap/cloud-security-client-go
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 5 months ago
Critical
GSA_kwCzR0hTQS02eHhyLTY0OG0tZ2NoNs4AA0ic
XWiki Platform vulnerable to cross-site request forgery (CSRF) via the REST API
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-rest-server, com.xpn.xwiki.platform:xwiki-rest, com.xpn.xwiki.platform:xwiki-core-rest-server
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 10 months ago
Critical
GSA_kwCzR0hTQS1ncWoyLTMyNHAtdng3M84AA3hv
Microcks contains a Server-Side Request Forgery (SSRF) via the component /jobs and /artifact/download
Ecosystems: maven
Packages: io.github.microcks:microcks
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 5 months ago
Critical
GSA_kwCzR0hTQS04Z2ptLWgzeGotbXA2d80fkQ
RPC call failure in ckb
Ecosystems: cargo
Packages: ckb
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS04djh3LXY4eGctNzlyZs4AA3lB
tj-actions/branch-names's Improper Sanitization of Branch Name Leads to Arbitrary Code Injection
Ecosystems: actions
Packages: tj-actions/branch-names
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 5 months ago
Critical
GSA_kwCzR0hTQS04d2N3LWN3MmYtaDRnMs4AAmgA
Improper Authentication (empty password) in Jenkins Active Directory Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:active-directory
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS04cWZtLWg4cmgtaDNyN84AA3b4
PHPMemcachedAdmin Path Traversal vulnerability
Ecosystems: packagist
Packages: elijaa/phpmemcacheadmin
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 6 months ago
Critical
GSA_kwCzR0hTQS05MmNnLWdocTYtOTU4N84AA3r1
Privilege escalation in sap/cloud-security-client-go
Ecosystems: go
Packages: github.com/sap/cloud-security-client-go
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 5 months ago
Critical
GSA_kwCzR0hTQS05aHFoLWZtaGctdnEyas4AAv_O
Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') in AttachmentSelector.xml
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-attachment-ui
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTdjNnEtanF3Yy00NDIz
Path Traversal in Crafter CMS Crafter Studio
Ecosystems: maven
Packages: org.craftercms:crafter-studio
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS04dzVxLTVmcHEtdjRwbc4AAwrb
usememos/memos Cross-site Scripting vulnerability
Ecosystems: go
Packages: github.com/usememos/memos
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS04anByLWZmOTItaHBmOc4AA3RO
Run Shell Command allows Cross-Site Request Forgery
Ecosystems: maven
Packages: org.xwiki.contrib:xwiki-application-admintools
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 6 months ago
Critical
GSA_kwCzR0hTQS01MmNmLTIyNmYtcmhyNs0ViQ
Default CORS config allows any origin with credentials
Ecosystems: maven
Packages: org.http4s:http4s-server
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS01OXg2LWc0anItNGh4Y84AAzyA
GeoServer RCE due to improper control of generation of code in jai-ext`Jiffle` map algebra language
Ecosystems: maven
Packages: org.geoserver:gs-wps, org.geoserver:gs-wfs, org.geoserver:gs-wms
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 11 months ago
Critical
GSA_kwCzR0hTQS02OTc4LTR3OTItNDI4cM4AArcs
Backdoor in api-res-py
Ecosystems: pypi
Packages: api-res-py
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS13N3ZtLTR2M2otdmdwd84AA1Db
PyroCMS remote code execution vulnerability
Ecosystems: packagist
Packages: pyrocms/pyrocms
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 10 months ago
Critical
GSA_kwCzR0hTQS00ZzM4LWhybTQtcmc5NM4AAqkP
Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins
Ecosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS13N3BtLWNjNHYtZjNnOM4AAj-r
Deserialization of Untrusted Data in Liferay Portal
Ecosystems: maven
Packages: com.liferay.portal:com.liferay.portal-kernel
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS00eDVoLXhtdjQtOTl3eM4AA0Vr
Apache Linkis Authentication Bypass vulnerability
Ecosystems: maven
Packages: org.apache.linkis:linkis
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 11 months ago
Critical
GSA_kwCzR0hTQS1mcHZ3LTZtNXYtaHFmcM4AA3W4
Capsule Proxy Authentication bypass using an empty token
Ecosystems: go
Packages: github.com/clastix/capsule-proxy, github.com/projectcapsule/capsule-proxy
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 6 months ago
Critical
GSA_kwCzR0hTQS1jY3I4LTR4cjctY2dqM84AAmCk
Sandbox bypass vulnerability in Jenkins Script Security Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:script-security
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS1ybXh3LWM0OGgtMnZmNc4AA2-Y
XWiki Platform privilege escalation from script right to programming right through title displayer
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-display-api
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 6 months ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWM1NjYtMmdyZy1tandn
Serialization vulnerability in Apache Tapestry
Ecosystems: maven
Packages: org.apache.tapestry:tapestry-project
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS00djM4LTk2NGMteGptd84AAy3x
Code injection via unescaped translations in xwiki-platform
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-administration-ui
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS1qOXJjLXczd3YtZnY2Ms4AA2_R
XWiki Platform vulnerable to reflected cross-site scripting through revision parameter in content menu
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-flamingo-skin-resources
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 6 months ago
Critical
GSA_kwCzR0hTQS1oaHBtLTVjcDItaGc0eM3mcw
Deserialization of Untrusted Data in Jenkins
Ecosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS02eDY1LXZxcDctNXI2M84AAR2T
alchemist.vim vulnerable to remote code execution
Ecosystems: hex
Packages: alchemist.vim
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS14eDM2LTZydjQtZ2o4cs4AAqnc
ecdsa-elixir fails to check signatures, vulnerable to message forging
Ecosystems: hex
Packages: ecdsa-elixir
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS1tN3ZoLXBnZnEtdjRycc4AA1xW
Jeecg boot SQL Injection vulnerability
Ecosystems: maven
Packages: org.jeecgframework.boot:jeecg-boot-parent
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 8 months ago
Critical
GSA_kwCzR0hTQS05Mm1yLTR3MnEtNDU3OM4AAbHa
Exposure of Sensitive Information to an Unauthorized Actor in Jenkins
Ecosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS03dmY0LXg1bTItcjZncs4AA7QP
OpenMetadata vulnerable to SpEL Injection in `PUT /api/v1/policies` (`GHSL-2023-252`)
Ecosystems: maven
Packages: org.open-metadata:openmetadata-service
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 23 days ago
Critical
GSA_kwCzR0hTQS1xNzRmLXJmMjctOGh4Y84AA2zZ
OpenCRX allows a remote attacker to execute arbitrary code via a crafted request
Ecosystems: maven
Packages: org.opencrx:opencrx-client
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 months ago
Critical
GSA_kwCzR0hTQS02MnByLXFxZjctaGg4Oc4AA2_Q
XWiki Platform vulnerable to remote code execution through the section parameter in Administration as guest
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-administration, org.xwiki.platform:xwiki-platform-administration-ui
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 6 months ago
Critical
GSA_kwCzR0hTQS05ampjLWdyZzUtNjdnas4AA3W2
SQL injection vulnerability in Meshery
Ecosystems: go
Packages: github.com/layer5io/meshery
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 6 months ago
Critical
GSA_kwCzR0hTQS0yNndjLTN3cXAtZzNycM3mng
Deserialization of Untrusted Data in Jenkins
Ecosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS12amhmLTh2cXgtdnFwcc4AAwyJ
KubePi allows malicious actor to login with a forged JWT token via Hardcoded Jwtsigkeys
Ecosystems: go
Packages: github.com/KubeOperator/kubepi
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS0ycnZ4LWN2ZmMtbWNwMs4AAbX5
New Relic .NET Agent contains SQL Injection
Ecosystems: nuget
Packages: NewRelic.Agent
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXY3MjYtM3ZnOS1jcDM0
Missing Authorization in FastReport
Ecosystems: nuget
Packages: FastReport.OpenSource
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 3 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWhmNHAtam03ci12ampq
Deserialization of Untrusted Data in EthereumJ
Ecosystems: maven
Packages: org.ethereum:ethereumj-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 5 years ago
Critical
GSA_kwCzR0hTQS0zNmZtLWozM3ctYzI1Zs4AAzSe
Privilege escalation (PR)/RCE from account through class sheet
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-test-ui
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS0yeDloLWgzYzQtd3FxaM4AATaP
Improper Neutralization of Special Elements used in an LDAP Query in Jenkins
Ecosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS02OHc3LTcyamctNnFwcM4AA5RM
NuGet Client Security Feature Bypass Vulnerability
Ecosystems: nuget
Packages: NuGet.Packaging, NuGet.CommandLine
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 months ago
Critical
GSA_kwCzR0hTQS05NHBmLTkyaHctMmhqY84AA0KQ
XWiki Platform vulnerable to Code injection through NotificationRSSService
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-notifications-ui
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 11 months ago
Critical
GSA_kwCzR0hTQS1yODR2LXFmZjgtanY1Z84AAnsE
Remote code execution in vscode-npm-script
Ecosystems: npm
Packages: vscode-npm-script
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS1nODZnLWNobTgtN3IycM4AAtvI
check-spelling workflow vulnerable to token leakage via symlink attack
Ecosystems: actions
Packages: check-spelling/check-spelling
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS03OTN3LWczMjUtaHJ3Ms4AA0KM
XWiki Platform vulnerable to persistent Cross-site Scripting through CKEditor Configuration pages
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-ckeditor-ui, org.xwiki.contrib:application-ckeditor-ui
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 11 months ago
Critical
GSA_kwCzR0hTQS1naGY2LTJmNDItbWpoOc4AA2sK
XWiki users can be tricked to execute scripts as the create page action doesn't display the page's title
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-web, org.xwiki.platform:xwiki-platform-web-templates
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 months ago
Critical
GSA_kwCzR0hTQS03NHI2LWdyajktOHJxNs0ZEw
Remote Code Execution in AjaxNetProfessional
Ecosystems: nuget
Packages: AjaxNetProfessional
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWdjNDUtajNtNS04cWZx
Server-Side Request Forgery in Feehi CMS
Ecosystems: packagist
Packages: feehi/cms
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 3 years ago
Critical
GSA_kwCzR0hTQS12NTU4LWZodzItdjQ2d84AAqz8
Unsafe entry in Script Security list of approved signatures in Pipeline Remote Loader Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:workflow-remote-loader
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS1tajV3LXc1ODgtajZ4Z84AAuFw
Use of Hard-coded Credentials in AgileConfig.Client
Ecosystems: nuget
Packages: AgileConfig.Client
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS1yZjkyLTN2anItdzYyOM4AAmgK
Improper Authentication in Jenkins Active Directory Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:active-directory
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS1mZzI5LTM3cHgtYzd3bc4AA3et
RuoYi vulnerable to SQL injection vulnerability
Ecosystems: maven
Packages: com.ruoyi:ruoyi
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 6 months ago
Critical
GSA_kwCzR0hTQS1tOHI0LWM3am0tdzc4Ms4AAmvY
Jenkins Plugin Installation Manager Tool did not verify plugin downloads
Ecosystems: maven
Packages: io.jenkins.plugin-management:plugin-management-parent-pom
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTU5OWgtOHdwai03NXhq
Authentication Bypass in tyk-identity-broker
Ecosystems: go
Packages: github.com/tyktechnologies/tyk-identity-broker
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 3 years ago
Critical
GSA_kwCzR0hTQS1tajljLXZqcDktcGdnaM4AAiY2
Incorrect Authorization in Puppet Enterprise Pipeline Jenkins Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins.workflow:puppet-enterprise-pipeline
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS01Z2M0LWN4OXgtOWM0M84AArd5
Code Injection in metacalc
Ecosystems: npm
Packages: metacalc
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW0zd3ctN2hycC1ndzl3
Drop of uninitialized memory in Ozone
Ecosystems: cargo
Packages: ozone
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS1jOWMyLXdjeGgtM3c1as4AAxpZ
Sandbox escape in Jenkins Email Extension Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:email-ext
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS1xd3ZwLWc5ajctMjhmNs4AAyxG
froxlor/froxlor vulnerable to unrestricted upload of file with dangerous type
Ecosystems: packagist
Packages: froxlor/froxlor
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS1jNXY4LTJxNHItNXc5ds4AAu1e
XWiki Platform Mentions UI vulnerable to Cross-site Scripting
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-mentions-ui
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS1tMmZjLTloNW0tMjljbc4AAt1k
@acrontum/filesystem-template vulnerable to Command Injection due to fetchRepo API missing sanitization
Ecosystems: npm
Packages: @acrontum/filesystem-template
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS1yNmdwLXJmZjItcDNoZs4AA7Ca
llama-index-core Command Injection vulnerability
Ecosystems: pypi
Packages: llama-index-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 month ago
Critical
GSA_kwCzR0hTQS01cjc0LXBnbXEtOTJtbc33bA
Script security sandbox bypass in Jenkins Job DSL Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:job-dsl
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS1xZzQ0LXhxd2otd2MyOM4AA32H
Apache StreamPark: Authenticated system users could trigger remote command execution
Ecosystems: maven
Packages: org.apache.streampark:streampark
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 5 months ago
Critical
GSA_kwCzR0hTQS03N2pnLWNwdzktNzN2Z84AA3bl
Apache Cocoon Improper Restriction of XML External Entity Reference vulnerability
Ecosystems: maven
Packages: org.apache.cocoon:cocoon
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 6 months ago
Critical
GSA_kwCzR0hTQS0zNzgzLTYydmMtanI3eM4AA8K_
ConsoleMe has an Arbitrary File Read Vulnerability via Limited Git command
Ecosystems: pypi
Packages: consoleme
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 6 hours ago
Critical
GSA_kwCzR0hTQS14OXE0LXF3ZmgtOWdqcc4AAxJ-
Session fixation vulnerability in Jenkins Bitbucket OAuth Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:bitbucket-oauth
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS1jbXdtLTQ1bWotbXBnM84AAwV0
SCIFIO vulnerable to Path Traversal
Ecosystems: maven
Packages: io.scif:scifio
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS1mNDZwLXE2amgtMjI2bc4AAiIP
Incorrect Authorization in Jenkins Kubernetes :: Pipeline :: Arquillian Steps Plugin
Ecosystems: maven
Packages: io.fabric8.pipeline:kubernetes-pipeline-arquillian-steps
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Statistics
Advisories: 18,752
Packages: 8,375
Repositories: 1,301
Ecosystems: 12
Filter by Severity
Moderate 8,149 High 6,447 Critical 2,848 Low 1,014
Filter by Ecosystem
npm 954 maven 826 packagist 491 pypi 370 go 215 cargo 154 rubygems 110 nuget 49 actions 4 hex 4 swift 2
Filter by Package
magento/community-edition 34 com.fasterxml.jackson.core:jackson-databind 24 dolibarr/dolibarr 23 org.jenkins-ci.main:jenkins-core 18 net.mingsoft:ms-mcms 18 salt 17 moodle/moodle 15 drupal/core 14 topthink/framework 13 com.liferay.portal:release.portal.bom 13 langchain 12 com.liferay.portal:release.dxp.bom 12 mlflow 12 org.apache.dubbo:dubbo 12 magento/core 11 org.apache.struts:struts2-core 11 apache-airflow 10 drupal/drupal 10 vm2 10 funadmin/funadmin 9 phpmyadmin/phpmyadmin 9 tensorflow 9 org.xwiki.platform:xwiki-platform-oldcore 9 froxlor/froxlor 8 paddlepaddle 8 org.jeecgframework.boot:jeecg-boot-common 8 rdiffweb 8 tensorflow-cpu 8 tensorflow-gpu 8 org.xwiki.platform:xwiki-platform-web-templates 8 shopware/platform 8 studio-42/elfinder 7 rusqlite 7 sequelize 7 ansible 7 gogs.io/gogs 7 symfony/symfony 7 org.xwiki.platform:xwiki-platform-administration-ui 7 github.com/argoproj/argo-cd 6 parse-server 6 thorsten/phpmyfaq 6 ezsystems/ezpublish-kernel 6 aaptjs 6 github.com/answerdev/answer 6 mercurial 5 centreon/centreon 5 shopware/core 5 org.jeecgframework.boot:jeecg-boot-parent 5 org.apache.shiro:shiro-core 5 org.jenkins-ci.plugins:script-security 5 org.apache.activemq:activemq-client 5 steal 5 Microsoft.ChakraCore 5 mautic/core 5 org.xwiki.commons:xwiki-commons-xml 5 nodebb 5 org.xwiki.platform:xwiki-platform-web 5 prestashop/prestashop 5 safe-eval 5 ckb 5 zendframework/zendframework 5 Pillow 5 django 5 org.apache.inlong:manager-pojo 5 realms-shim 4 calibreweb 4 github.com/grafana/grafana 4 hermes-engine 4 contao/core-bundle 4 org.apache.tomcat.embed:tomcat-embed-core 4 spree_auth_devise 4 pyload-ng 4 feehi/cms 4 librenms/librenms 4 PaddlePaddle 4 org.apache.openmeetings:openmeetings-parent 4 contao/contao 4 smallvec 4 code.gitea.io/gitea 4 org.cloudfoundry.identity:cloudfoundry-identity-server 4 Django 4 github.com/hashicorp/vault 4 nilsteampassnet/teampass 4 net.opentsdb:opentsdb 4 apache-airflow-providers-apache-hive 4 org.xwiki.platform:xwiki-platform-flamingo-skin-resources 4 org.apache.inlong:manager-service 4 org.eclipse.jetty:jetty-server 4 org.jeecgframework.boot:jeecg-boot-base-core 4 swagger-ui 4 org.apache.kylin:kylin-server-base 4 org.xwiki.platform:xwiki-platform-appwithinminutes-ui 4 github.com/usememos/memos 4 baserproject/basercms 4 openssl-src 4 safer-eval 4 nukeviet/nukeviet 4 org.apache.tapestry:tapestry-core 4 github.com/argoproj/argo-cd/v2 4 messagepack-rs 4 org.apache.solr:solr-parent 3 pimcore/pimcore 3 lmdb 3 org.richfaces:richfaces-core 3 org.xwiki.platform:xwiki-platform-flamingo-theme-ui 3 org.xwiki.platform:xwiki-platform-panels-ui 3 github.com/hashicorp/nomad 3 publify_core 3 nvflare 3 org.jenkins-ci.plugins:active-directory 3 org.apache.logging.log4j:log4j-core 3 zendframework/zendframework1 3 showdoc/showdoc 3 org.zenframework.z8.dependencies.commons:log4j-1.2.17 3 ezsystems/ezplatform-kernel 3 org.apache.hadoop:hadoop-common 3 @openzeppelin/contracts-upgradeable 3 com.alibaba:dubbo 3 symfony/security-core 3 modoboa 3 log4j:log4j 3 org.apache.storm:storm 3 symfony/security 3 edu.stanford.nlp:stanford-corenlp 3 org.xwiki.platform:xwiki-platform-icon-ui 3 ro.pippo:pippo-core 3 com.hazelcast:hazelcast 3 org.keycloak:keycloak-core 3 org.apache.ozone:ozone-main 3 adodb/adodb-php 3 smarty/smarty 3 slpjs 3 strapi 3 dompdf/dompdf 3 browserify-shim 3 actix-web 3 mongoose 3 facade/ignition 3 org.apache.linkis:linkis 3 com.jflyfox:jflyfox_jfinal 3 codiad/codiad 3 jsrsasign 3 io.undertow:undertow-core 3 ibexa/core 3 org.apache.jmeter:ApacheJMeter 3 cobbler 3 org.springframework.security:spring-security-core 3 github.com/dexidp/dex 3 github.com/pterodactyl/wings 3 simplesamlphp/simplesamlphp 3 org.jenkins-ci.plugins.workflow:workflow-cps 3 io.dataease:dataease-plugin-common 3 rubygems-update 3 org.apache.any23:apache-any23 3 org.apache.solr:solr-core 3 org.xwiki.platform:xwiki-platform-search-ui 3 xcb 3 phpmailer/phpmailer 3 github.com/rancher/rancher 3 craftcms/cms 3 francoisjacquet/rosariosis 3 ray 3 codeigniter4/framework 3 org.apache.dolphinscheduler:dolphinscheduler 3 nokogiri 3 typo3/cms 3 elefant/cms 3 impresscms/impresscms 3 org.apache.ignite:ignite-core 3 id-map 3 handlebars 3 tribalsystems/zenario 3 codeigniter/framework 3 feathers-sequelize 3 github.com/go-gitea/gitea 3 org.apache.inlong:manager-web 3 org.jeecgframework.boot:jeecg-boot-base 3 slp-validate 3 async-git 2 python-keystoneclient 2 org.apache.flume.flume-ng-sources:flume-jms-source 2 llama-index 2 eslint-config-eslint 2 org.apache.inlong:manager-dao 2 org.jenkins-ci.plugins:semantic-versioning-plugin 2 github.com/sap/cloud-security-client-go 2 org.apache.shiro:shiro-web 2 apache-superset 2 mathjs 2 github.com/crewjam/saml 2 alextselegidis/easyappointments 2 github.com/russellhaering/gosaml2 2 total4 2 org.apache.derby:derby 2 laravel/framework 2 org.apache.commons:commons-configuration2 2 org.xwiki.platform:xwiki-platform-attachment-ui 2 Radicale 2 com.hazelcast.jet:hazelcast-jet 2 vyper 2
Filter by Repository
https://github.com/xwiki/xwiki-platform 81 https://github.com/FasterXML/jackson-databind 24 https://github.com/jenkinsci/jenkins 17 https://github.com/Dolibarr/dolibarr 15 https://github.com/saltstack/salt 14 https://github.com/apache/airflow 14 https://github.com/mlflow/mlflow 11 https://github.com/PaddlePaddle/Paddle 11 https://github.com/ming-soft/MCMS 10 https://github.com/patriksimek/vm2 10 https://github.com/jeecgboot/jeecg-boot 9 https://github.com/tensorflow/tensorflow 9 https://github.com/top-think/framework 9 https://github.com/funadmin/funadmin 9 https://github.com/django/django 9 https://github.com/langchain-ai/langchain 8 https://github.com/magento/magento2 8 https://github.com/apache/inlong 8 https://github.com/ikus060/rdiffweb 8 https://github.com/argoproj/argo-cd 7 https://github.com/gogs/gogs 7 https://github.com/go-gitea/gitea 7 https://github.com/python-pillow/Pillow 7 https://github.com/Studio-42/elFinder 7 https://github.com/apache/struts 7 https://github.com/sequelize/sequelize 7 https://github.com/rusqlite/rusqlite 7 https://github.com/ansible/ansible 7 https://github.com/answerdev/answer 6 https://github.com/symfony/symfony 6 https://github.com/shenzhim/aaptjs 6 https://github.com/xwiki/xwiki-commons 6 https://github.com/thorsten/phpmyfaq 6 https://github.com/parse-community/parse-server 6 https://github.com/shopware/platform 6 https://github.com/solidusio/solidus_auth_devise 5 https://github.com/froxlor/froxlor 5 https://github.com/hacksparrow/safe-eval 5 https://github.com/moodle/moodle 5 https://github.com/NodeBB/NodeBB 5 https://github.com/apache/activemq 5 https://github.com/stealjs/steal 5 https://github.com/PrestaShop/PrestaShop 5 https://github.com/dromara/hutool 5 https://github.com/nervosnetwork/ckb 5 https://github.com/keycloak/keycloak 5 https://github.com/apache/tomcat 5 https://github.com/otake84/messagepack-rs 4 https://github.com/cloudfoundry/uaa 4 https://github.com/hwchase17/langchain 4 https://github.com/janeczku/calibre-web 4 https://github.com/swagger-api/swagger-ui 4 https://github.com/liufee/cms 4 https://github.com/OpenTSDB/opentsdb 4 https://github.com/grafana/grafana 4 https://github.com/servo/rust-smallvec 4 https://github.com/ezsystems/ezpublish-kernel 4 https://github.com/usememos/memos 4 https://github.com/dompdf/dompdf 4 https://github.com/pippo-java/pippo 4 https://github.com/pyload/pyload 4 https://github.com/contao/contao 4 https://github.com/CVEProject/cvelist 4 https://github.com/spring-projects/spring-framework 4 https://github.com/centreon/centreon-archived 3 https://github.com/cobbler/cobbler 3 https://github.com/opencast/opencast 3 https://github.com/pimcore/pimcore 3 https://github.com/thlorenz/browserify-shim 3 https://github.com/shopware/shopware 3 https://github.com/rancher/rancher 3 https://github.com/facebook/hermes 3 https://github.com/star7th/showdoc 3 https://github.com/pterodactyl/wings 3 https://github.com/feathersjs-ecosystem/feathers-sequelize 3 https://github.com/ImpressCMS/impresscms 3 https://github.com/facade/ignition 3 https://github.com/PHPMailer/PHPMailer 3 https://github.com/publify/publify 3 https://github.com/smarty-php/smarty 3 https://github.com/craftcms/cms 3 https://github.com/nukeviet/nukeviet 3 https://github.com/ezsystems/ezplatform-kernel 3 https://github.com/jflyfox/jfinal_cms 3 https://github.com/simpleledger/slpjs 3 https://github.com/phpmyadmin/phpmyadmin 3 https://github.com/crewjam/saml 3 https://github.com/chakra-core/ChakraCore 3 https://github.com/dataease/dataease 3 https://github.com/NVIDIA/NVFlare 3 https://github.com/ADOdb/ADOdb 3 https://github.com/ibexa/core 3 https://github.com/rubygems/rubygems.org 3 https://github.com/andrewhickman/id-map 3 https://github.com/apache/camel 3 https://github.com/rubygems/rubygems 3 https://github.com/twisted/twisted 3 https://github.com/hazelcast/hazelcast 3 https://github.com/actix/actix-web 3 https://github.com/modoboa/modoboa 3 https://github.com/dwisiswant0/advisory 3 https://github.com/run-llama/llama_index 3 https://github.com/jbroadway/elefant 3 https://github.com/strapi/strapi 3 https://github.com/octobercms/october 3 https://github.com/denoland/deno 3 https://github.com/mautic/mautic 3 https://github.com/TeamSeri0us/pocs 3 https://github.com/baserproject/basercms 3 https://github.com/LetianYuan/My-CVE-Public-References 3 https://github.com/dexidp/dex 3 https://github.com/github/securitylab 3 https://github.com/apache/shiro 3 https://github.com/neorazorx/facturascripts 3 https://github.com/kjur/jsrsasign 3 https://github.com/mbechler/marshalsec 3 https://github.com/jmrozanec/cron-utils 2 https://github.com/pytorch/serve 2 https://github.com/sjep/array 2 https://github.com/jfinal/jfinal 2 https://github.com/OpenAPITools/openapi-generator 2 https://github.com/simpleledger/slp-validate.js 2 https://github.com/top-think/thinkphp 2 https://github.com/SAP/cloud-pysec 2 https://github.com/apache/kylin 2 https://github.com/TribalSystems/Zenario 2 https://github.com/totaljs/framework 2 https://github.com/stanfordnlp/corenlp 2 https://github.com/HtmlUnit/htmlunit 2 https://github.com/ahdinosaur/set-in 2 https://github.com/kubernetes/kubernetes 2 https://github.com/Microsoft/ChakraCore 2 https://github.com/MrSwitch/hello.js 2 https://github.com/ibexa/admin-ui 2 https://github.com/evmos/evmos 2 https://github.com/beego/beego 2 https://github.com/dominictarr/libnested 2 https://github.com/fluxcd/flux2 2 https://github.com/moby/buildkit 2 https://github.com/unshiftio/url-parse 2 https://github.com/sidorares/node-mysql2 2 https://github.com/noear/solon 2 https://github.com/h2database/h2database 2 https://github.com/firebase/php-jwt 2 https://github.com/netvl/acc_reader 2 https://github.com/rubyzip/rubyzip 2 https://github.com/russellhaering/gosaml2 2 https://github.com/jenkinsci/semantic-versioning-plugin 2 https://github.com/rest-client/rest-client 2 https://github.com/hashicorp/go-getter 2 https://github.com/qcubed/qcubed 2 https://github.com/nats-io/jwt 2 https://github.com/getgrav/grav 2 https://github.com/rochacbruno/quokka 2 https://github.com/graphite-project/graphite-web 2 https://github.com/rails/rails 2 https://github.com/uasoft-indonesia/badaso 2 https://github.com/apache/flume 2 https://github.com/Froxlor/Froxlor 2 https://github.com/TogaTech/tEnvoy 2 https://github.com/PowerJob/PowerJob 2 https://github.com/Gerapy/Gerapy 2 https://github.com/rust-random/rand 2 https://github.com/hashicorp/nomad 2 https://github.com/vert-x3/vertx-web 2 https://github.com/apache/karaf 2 https://github.com/simplesamlphp/simplesamlphp 2 https://github.com/nilsteampassnet/teampass 2 https://github.com/sparklemotion/nokogiri 2 https://gitlab.com/francoisjacquet/rosariosis 2 https://github.com/laurent22/joplin 2 https://github.com/dominictarr/event-stream 2 https://github.com/KnpLabs/snappy 2 https://github.com/apache/incubator-streampark 2 https://github.com/SAP/cloud-security-services-integration-library 2 https://github.com/skoranga/node-dns-sync 2 https://github.com/commenthol/safer-eval 2 https://github.com/SAP/cloud-security-client-go 2 https://github.com/dfinity/agent-js 2 https://github.com/jaw187/node-traceroute 2 https://github.com/WWBN/AVideo 2 https://github.com/markevans/dragonfly 2 https://github.com/nilsteampassnet/TeamPass 2 https://github.com/soketi/soketi 2 https://github.com/line/armeria 2 https://github.com/gofiber/fiber 2 https://github.com/joomla/joomla-cms 2 https://github.com/OpenZeppelin/openzeppelin-contracts-upgradeable 2 https://github.com/google/flatbuffers 2 https://github.com/benbusby/whoogle-search 2 https://github.com/gventuri/pandas-ai 2 https://github.com/nodejs/llhttp 2 https://github.com/zoujingli/ThinkAdmin 2 https://github.com/Automattic/mongoose 2 https://github.com/handlebars-lang/handlebars.js 2 https://github.com/hashicorp/vault 2 https://github.com/ionicabizau/parse-url 2 https://github.com/cockpit-hq/cockpit 2 https://github.com/keystonejs/keystone 2