Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Low Security Advisories

Loading...
Low
GSA_kwCzR0hTQS0yeHBxLTU5NTItMzh3M84AA2rM
Jenkins MSTeams Webhook Trigger Plugin uses non-constant time webhook token comparison
Ecosystems: maven
Packages: io.jenkins.plugins:teams-webhook-trigger
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 6 months ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWc5NWYtcDI5cS05eHc0
Regular Expression Denial of Service in braces
Ecosystems: npm
Packages: braces
Source: GitHub Advisory Database
Blast Radius: 22.5
Published: almost 5 years ago
Low
GSA_kwCzR0hTQS02ODQ1LXh3MjItZmZ4ds4AA5Ef
Vyper sha3 codegen bug
Ecosystems: pypi
Packages: vyper
Source: GitHub Advisory Database
Blast Radius: 8.8
Published: 3 months ago
Low
GSA_kwCzR0hTQS05cGM4LW00dnAtZ2d2Zs4AA2kI
Artifact Hub allows unsafe rego built-in
Ecosystems: go
Packages: github.com/artifacthub/hub
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 months ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWY3cjMtcDg2Ni1xOXFy
ircdkit vulnerable to Denial of Service due to unhandled connection end event
Ecosystems: npm
Packages: ircdkit
Source: GitHub Advisory Database
Blast Radius: 1.8
Published: almost 5 years ago
Low
GSA_kwCzR0hTQS1xNzY4LXg5bTYtbTlxcM4AAtkI
undici before v5.8.0 vulnerable to uncleared cookies on cross-host / cross-origin redirect
Ecosystems: npm
Packages: undici
Source: GitHub Advisory Database
Blast Radius: 18.5
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS1oYzVjLXI4bTUtMmdmaM4AA1_4
plone.restapi vulnerable to Stored Cross Site Scripting with SVG image in user portrait
Ecosystems: pypi
Packages: plone.restapi
Source: GitHub Advisory Database
Blast Radius: 8.0
Published: 7 months ago
Low
GSA_kwCzR0hTQS05dzk3LTlycXgtOHY0as4AA4Jd
Mattermost allows demoted guests to change group names
Ecosystems: go
Packages: github.com/mattermost/mattermost/server/v8
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 months ago
Low
GSA_kwCzR0hTQS02Nm00LWdjOGgtaHBqeM4AAyDt
Timing attack in eZ Platform Ibexa
Ecosystems: packagist
Packages: ezsystems/ezpublish-kernel, ezsystems/ezplatform-kernel
Source: GitHub Advisory Database
Blast Radius: 9.4
Published: about 1 year ago
Low
GSA_kwCzR0hTQS1qajdjLWpydjQtYzY1eM4AA1_2
plone.namedfile vulnerable to Stored Cross Site Scripting with SVG images
Ecosystems: pypi
Packages: plone.namedfile
Source: GitHub Advisory Database
Blast Radius: 9.0
Published: 7 months ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTNwYzItZm03cC1xMnZn
Cross-site Scripting in October
Ecosystems: packagist
Packages: october/backend
Source: GitHub Advisory Database
Blast Radius: 9.3
Published: almost 4 years ago
Low
GSA_kwCzR0hTQS05Y2ZoLXZ4OTMtODR2ds4AAzRE
PostgresNIO processes unencrypted bytes from man-in-the-middle
Ecosystems: swift
Packages: github.com/vapor/postgres-nio
Source: GitHub Advisory Database
Blast Radius: 7.9
Published: 12 months ago
Low
GSA_kwCzR0hTQS1nOTZjLXg3cmgtOTlyM84AA0Xm
Graylog vulnerable to insecure source port usage for DNS queries
Ecosystems: maven
Packages: org.graylog2:graylog2-server
Source: GitHub Advisory Database
Blast Radius: 7.3
Published: 10 months ago
Low
GSA_kwCzR0hTQS01OXFnLTkzamctMjM2Zs4AAxG7
Shopware has Insufficient Session Expiration in Administration
Ecosystems: packagist
Packages: shopware/core, shopware/platform
Source: GitHub Advisory Database
Blast Radius: 9.2
Published: over 1 year ago
Low
GSA_kwCzR0hTQS1tNTRoLTV4NWYtNW02cs4AA0IM
SpiceDB's LookupResources may return partial results
Ecosystems: go
Packages: github.com/authzed/spicedb
Source: GitHub Advisory Database
Blast Radius: 4.6
Published: 10 months ago
Low
GSA_kwCzR0hTQS04ODVyLWhocHItY2M5cM4AA2rO
Jenkins Gogs Plugin uses non-constant time webhook token comparison
Ecosystems: maven
Packages: org.jenkins-ci.plugins:gogs-webhook
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 6 months ago
Low
GSA_kwCzR0hTQS1ydjhoLXA0M3ItNHg1cs4AAdHu
SimpleGeo python-oauth2 vulnerable to the use of Insufficiently Random Values to generate nonces
Ecosystems: pypi
Packages: oauth2
Source: GitHub Advisory Database
Blast Radius: 14.2
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS01dzV4LXE5cDUtOXFnM84AAuBj
OctoPrint does not have rate limiting on the login page
Ecosystems: pypi
Packages: OctoPrint
Source: GitHub Advisory Database
Blast Radius: 2.9
Published: over 1 year ago
Low
GSA_kwCzR0hTQS1wNGc0LXdncmgtcXJnMs4AAxeb
Panic due to malformed WALs in go.etcd.io/etcd
Ecosystems: go
Packages: go.etcd.io/etcd
Source: GitHub Advisory Database
Blast Radius: 17.0
Published: about 1 year ago
Low
GSA_kwCzR0hTQS00MzQ4LXgyOTItaDQzN84AAwoe
GoBase Race Condition vulnerability
Ecosystems: go
Packages: github.com/ntbosscher/gobase
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXE5Y3AtbWM5Ni1tNHcy
XML External Entity in Dashboard Widget
Ecosystems: packagist
Packages: typo3/cms, typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 13.3
Published: over 3 years ago
Low
GSA_kwCzR0hTQS12dnA3LXI0MjItcng4M84AAyu5
Unauthenticated user can have information about hidden users on subwikis through uorgsuggest.vm
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-web-templates
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Low
GSA_kwCzR0hTQS14aGc5LXh3Y2gtdnI3eM4AA585
quiche vulnerable to unbounded storage of information related to connection ID retirement
Ecosystems: cargo
Packages: quiche
Source: GitHub Advisory Database
Blast Radius: 2.9
Published: about 2 months ago
Low
GSA_kwCzR0hTQS1mdjd4LXY2N3ctY3Zxds4AAu-J
Spring Data REST can expose hidden entity attributes
Ecosystems: maven
Packages: org.springframework.data:spring-data-rest-core
Source: GitHub Advisory Database
Blast Radius: 12.4
Published: over 1 year ago
Low
GSA_kwCzR0hTQS13bThxLTk5NzUteGg1ds4AA1_u
Zope vulnerable to Stored Cross Site Scripting with SVG images
Ecosystems: pypi
Packages: Zope
Source: GitHub Advisory Database
Blast Radius: 7.6
Published: 7 months ago
Low
GSA_kwCzR0hTQS01NTJmLTk3d2YtcG1wcc4AA6LG
Umbraco possible user enumeration
Ecosystems: nuget
Packages: UmbracoCMS
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 month ago
Low
GSA_kwCzR0hTQS1mcGo3LTl4bTYtOGhncs0ijQ
Observable Discrepancy and Observable Timing Discrepancy in Jenkins Configuration as Code Plugin
Ecosystems: maven
Packages: io.jenkins:configuration-as-code
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Low
GSA_kwCzR0hTQS1qeDdjLTdtajUtOTQzOM4AAvGq
Apache Tomcat Race Condition vulnerability
Ecosystems: maven
Packages: org.apache.tomcat:tomcat
Source: GitHub Advisory Database
Blast Radius: 9.8
Published: over 1 year ago
Low
GSA_kwCzR0hTQS1tbTMyLWp3NzMtOTIyN84AAesM
Plone is vulnerable to File System Path Exposure
Ecosystems: pypi
Packages: plone
Source: GitHub Advisory Database
Blast Radius: 3.1
Published: almost 2 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTM0N3gtODc3cC1oY3d4
Information Disclosure in Password Reset
Ecosystems: packagist
Packages: typo3/cms, typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 13.3
Published: almost 4 years ago
Low
GSA_kwCzR0hTQS14cXc5LWZmeDctZzk5OM4AAbaV
phpMyAdmin cookie-attribute injection
Ecosystems: packagist
Packages: phpmyadmin/phpmyadmin
Source: GitHub Advisory Database
Blast Radius: 4.4
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS03cW00LXAzNzctZnIycs3ypg
ActiveMQ's OpenWire protocol exposes certain system details as plain text
Ecosystems: maven
Packages: org.apache.activemq:activemq-parent, org.apache.activemq:activemq-openwire-generator
Source: GitHub Advisory Database
Blast Radius: 11.9
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS04OTZ2LXBoNXctMzc5aM4AA2Hj
Economizzer Insecure Direct Object Reference vulnerability
Ecosystems: packagist
Packages: gugoan/economizzer
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 months ago
Low
GSA_kwCzR0hTQS13MmgzLXZ2dnEtM201M84AA0fs
Pipelines do not validate child UIDs
Ecosystems: go
Packages: github.com/tektoncd/pipeline
Source: GitHub Advisory Database
Blast Radius: 11.3
Published: 10 months ago
Low
GSA_kwCzR0hTQS1oMjljLXdjbTgtODgzaM0keg
Incorrect Permission Assignment for Critical Resource in OnionShare
Ecosystems: pypi
Packages: onionshare-cli
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Low
GSA_kwCzR0hTQS01Nzg2LTNxamctbXI4OM4AAgY-
Path traversal in Jenkins Mercurial Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:mercurial
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTRmYzQtY2hnNy1oOGdo
Unprotected dynamically loaded chunks
Ecosystems: npm
Packages: webpack-subresource-integrity
Source: GitHub Advisory Database
Blast Radius: 21.5
Published: over 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTU4YzctcHg1di04Mmho
Potential sensitive information disclosed in error reports
Ecosystems: pypi
Packages: django-registration
Source: GitHub Advisory Database
Blast Radius: 13.6
Published: about 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXA2OTItN21tMy0zZnhn
actionpack is vulnerable to remote bypass authentication
Ecosystems: rubygems
Packages: actionpack
Source: GitHub Advisory Database
Blast Radius: 22.0
Published: over 6 years ago
Low
GSA_kwCzR0hTQS12eG1tLWN3aDItcTc2Ms4AAzbG
Vyper's nonpayable default functions are sometimes payable
Ecosystems: pypi
Packages: vyper
Source: GitHub Advisory Database
Blast Radius: 8.8
Published: 12 months ago
Low
GSA_kwCzR0hTQS0yanh4LTJ4OTMtMnEyZs4AAvdu
Non-constant time webhook token comparison in Jenkins Generic Webhook Trigger Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:generic-webhook-trigger
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Low
GSA_kwCzR0hTQS04NzlwLThndzQtbWNwd84AA6CK
fgr Vulnerable to Insecure Default Variable Initialization
Ecosystems: pypi
Packages: fgr
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 months ago
Low
GSA_kwCzR0hTQS00OGYyLW03amctODY2eM4AArZd
Failed payment recorded has completed in Silverstripe Omnipay
Ecosystems: packagist
Packages: silverstripe/silverstripe-omnipay
Source: GitHub Advisory Database
Blast Radius: 5.2
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS1xY2d4LTdwNWYtaHh2cs02gQ
Discoverability of user password hash in Statamic CMS
Ecosystems: packagist
Packages: statamic/cms
Source: GitHub Advisory Database
Blast Radius: 9.6
Published: about 2 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWhqNTYtODRqdy02N2g2
Potential Denial-of-Service in bindata
Ecosystems: rubygems
Packages: bindata
Source: GitHub Advisory Database
Blast Radius: 12.9
Published: almost 3 years ago
Low
GSA_kwCzR0hTQS0zeGc4LWNjOGYtOXd2Ms4AAv9V
Unsanitized input leading to code injection in Dalli
Ecosystems: rubygems
Packages: dalli
Source: GitHub Advisory Database
Blast Radius: 15.0
Published: over 1 year ago
Low
GSA_kwCzR0hTQS1mOWY5LTRyNjMtNHFjY84AAvda
Non-constant time webhook token comparison in Jenkins GitLab Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:gitlab-plugin
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Low
GSA_kwCzR0hTQS05cDhyLTR4cDQtZ3c1d84AA5gq
Vyper's `_abi_decode` vulnerable to Memory Overflow
Ecosystems: pypi
Packages: vyper
Source: GitHub Advisory Database
Blast Radius: 8.8
Published: 2 months ago
Low
GSA_kwCzR0hTQS0zd3hnLXc5NmotOGhxOc4AAzex
CraftCMS stored XSS in Quick Post widget error message
Ecosystems: packagist
Packages: craftcms/cms
Source: GitHub Advisory Database
Blast Radius: 12.7
Published: 11 months ago
Low
GSA_kwCzR0hTQS12NWd3LW13N2YtODRweM4AAzXu
Starlette has Path Traversal vulnerability in StaticFiles
Ecosystems: pypi
Packages: starlette
Source: GitHub Advisory Database
Blast Radius: 16.6
Published: 12 months ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWd4cGotY3g3Zy04NThj
Regular Expression Denial of Service in debug
Ecosystems: npm
Packages: debug
Source: GitHub Advisory Database
Blast Radius: 22.8
Published: over 5 years ago
Low
GSA_kwCzR0hTQS12eHJjLTY4eHgteDQ4Z802BQ
Twig Sandbox Information Disclosure
Ecosystems: packagist
Packages: twig/twig
Source: GitHub Advisory Database
Blast Radius: 18.9
Published: about 2 years ago
Low
GSA_kwCzR0hTQS00OXdtLTRmcDYtaDU5Y84AAu_E
OctoPrint vulnerable to Unrestricted Upload of File with Dangerous Type
Ecosystems: pypi
Packages: OctoPrint
Source: GitHub Advisory Database
Blast Radius: 2.9
Published: over 1 year ago
Low
GSA_kwCzR0hTQS01cjMzLW1namYtNjY1Ns4AA1Vz
Jenkins Tuleap Authentication Plugin non-constant time token comparison
Ecosystems: maven
Packages: io.jenkins.plugins:tuleap-oauth
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 9 months ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZ3cXEtNXZyYy14dzlo
Improper validation of certificate with host mismatch in Apache Log4j SMTP appender
Ecosystems: maven
Packages: org.apache.logging.log4j:log4j-core, org.apache.logging.log4j:log4j
Source: GitHub Advisory Database
Blast Radius: 18.2
Published: almost 4 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJ4bXItYzlqbS03bW04
Exposure of Sensitive Information to an Unauthorized Actor in Apache hive
Ecosystems: maven
Packages: org.apache.hive:hive-service, org.apache.hive:hive-exec, org.apache.hive:hive
Source: GitHub Advisory Database
Blast Radius: 12.9
Published: over 5 years ago
Low
GSA_kwCzR0hTQS1wMmpoLTk1amctMnc1Nc4AA3Hv
Information Disclosure in typo3/cms-install tool
Ecosystems: packagist
Packages: typo3/cms-install
Source: GitHub Advisory Database
Blast Radius: 9.3
Published: 6 months ago
Low
GSA_kwCzR0hTQS00MjMzLTdxNXEtbTdwNs4AA3Yl
google-translate-api-browser Server-Side Request Forgery (SSRF) Vulnerability
Ecosystems: npm
Packages: google-translate-api-browser
Source: GitHub Advisory Database
Blast Radius: 7.2
Published: 5 months ago
Low
GSA_kwCzR0hTQS1wM3Z3LWZ2d3gtcWN2Nc2A-g
Cross-site scripting in Apache Struts
Ecosystems: maven
Packages: struts:struts
Source: GitHub Advisory Database
Blast Radius: 10.1
Published: about 2 years ago
Low
GSA_kwCzR0hTQS00aHdxLTRjcG0tOHZteM4AA5gr
Vyper's `extract32` can ready dirty memory
Ecosystems: pypi
Packages: vyper
Source: GitHub Advisory Database
Blast Radius: 8.8
Published: 2 months ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTU0bWctdmdycC1td3g5
Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in Ratpack
Ecosystems: maven
Packages: io.ratpack:ratpack-groovy, io.ratpack:ratpack-java, io.ratpack:ratpack-session
Source: GitHub Advisory Database
Blast Radius: 4.4
Published: almost 5 years ago
Low
GSA_kwCzR0hTQS00Zjc0LTg0djMtajlxNc4AA2C1
matrix-synapse vulnerable to temporary storage of plaintext passwords during password changes
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 5.2
Published: 7 months ago
Low
GSA_kwCzR0hTQS0zaHJyLXh3dmctaHh2cs4AA5pB
Keycloak DoS via account lockout
Ecosystems: maven
Packages: org.keycloak:keycloak-core
Source: GitHub Advisory Database
Blast Radius: 11.3
Published: 2 months ago
Low
GSA_kwCzR0hTQS1oOWo3LTV4dmMtcWhnNc4AA5fj
langchain Server-Side Request Forgery vulnerability
Ecosystems: pypi
Packages: langchain
Source: GitHub Advisory Database
Blast Radius: 15.8
Published: 2 months ago
Low
GSA_kwCzR0hTQS1yZjU0LTdxcnItOTZqNs4AA2ea
vantage6 does not properly delete linked resources when deleting a collaboration
Ecosystems: pypi
Packages: vantage6
Source: GitHub Advisory Database
Blast Radius: 3.5
Published: 7 months ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXFxM2oteHA0OS1qNzNm
Plugin archive directory traversal in Helm
Ecosystems: go
Packages: helm.sh/helm/v3
Source: GitHub Advisory Database
Blast Radius: 13.7
Published: almost 3 years ago
Low
GSA_kwCzR0hTQS04dmZjLWZjcjItNDdwas4AAgZA
Path traversal in Jenkins REPO Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:git, org.jenkins-ci.plugins:mercurial, org.jenkins-ci.plugins:repo
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWgyeDctMmZmNi12MzJw
gobase subject to Incorrect routing of some HTTP requests when using httpauth due to a race condition
Ecosystems: go
Packages: github.com/ntbosscher/gobase
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTl2cDUtbTM4dy1qNzc2
Aliases are never checked in helm
Ecosystems: go
Packages: helm.sh/helm, helm.sh/helm/v3
Source: GitHub Advisory Database
Blast Radius: 13.7
Published: almost 3 years ago
Low
GSA_kwCzR0hTQS0zaHZqLTNjZzktdjI0Ms4AAx6e
Saleor Unauthenticated Information Disclosure Vulnerability via Python Exceptions
Ecosystems: pypi
Packages: saleor
Source: GitHub Advisory Database
Blast Radius: 1.1
Published: about 1 year ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWN4amMtcjJmcC03bXE2
Cross-site Scripting in dijit editor's LinkDialog plugin
Ecosystems: npm
Packages: dijit
Source: GitHub Advisory Database
Blast Radius: 11.2
Published: almost 4 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXh3aGYtZzZqNS1qNWdj
Float cast overflow undefined behavior
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 18.0
Published: over 3 years ago
Low
GSA_kwCzR0hTQS03NW1jLTNwamMtNzI3cc4AA3uo
Unauthenticated db-file-storage views
Ecosystems: pypi
Packages: nautobot
Source: GitHub Advisory Database
Blast Radius: 6.2
Published: 5 months ago
Low
GSA_kwCzR0hTQS1tNzMyLXd2aDItN2NxNM4AA6R7
Unauthenticated views may expose information to anonymous users
Ecosystems: pypi
Packages: nautobot
Source: GitHub Advisory Database
Blast Radius: 6.2
Published: about 1 month ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJyM3YtcTl4My03ZzQ2
Link injection in SimpleSAMLphp
Ecosystems: packagist
Packages: simplesamlphp/simplesamlphp
Source: GitHub Advisory Database
Blast Radius: 9.3
Published: over 4 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW1xNWMtcHJoMy0zZjNo
Invalid validation in `QuantizeAndDequantizeV2`
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 17.5
Published: almost 3 years ago
Low
GSA_kwCzR0hTQS1xdjY0LXc5OWMtcWNyOc4AA1-K
Jenkins temporary uploaded file created with insecure permissions
Ecosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 8 months ago
Low
GSA_kwCzR0hTQS1ocTg3LWg0amctdnhmd84AA1-C
Jenkins temporary uploaded file created with insecure permissions
Ecosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 8 months ago
Low
GSA_kwCzR0hTQS01ODRtLTdyNG0tOGo2ds4AAyCI
Incorrect Authorization in Jenkins Core
Ecosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTlycGMtNXY5cS01cjdm
Incomplete validation in `SparseReshape`
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 17.5
Published: almost 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJ4Z2oteGhnZi1nZ2p2
Heap buffer overflow in `BandedTriangularSolve`
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 17.5
Published: almost 3 years ago
Low
GSA_kwCzR0hTQS1ydmdtLTM1anctcTYyOM4AAujy
Improper Control of Generation of Code ('Code Injection') in mdx-mermaid
Ecosystems: npm
Packages: mdx-mermaid
Source: GitHub Advisory Database
Blast Radius: 9.7
Published: over 1 year ago
Low
GSA_kwCzR0hTQS0zajZtLW01djUtOTc4Nc4AAm2e
OpenCart Cross-Site Request Forgery (CSRF)
Ecosystems: packagist
Packages: opencart/opencart
Source: GitHub Advisory Database
Blast Radius: 4.1
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS0ydjQyLXhwM2otNDdtNM4AA6rp
Xuxueli xxl-job template injection vulnerability
Ecosystems: maven
Packages: com.xuxueli:xxl-job-core
Source: GitHub Advisory Database
Blast Radius: 11.0
Published: 26 days ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTN4YzcteGc2Ny1wdzk5
Sensitive Data Exposure in sequelize-cli
Ecosystems: npm
Packages: sequelize-cli
Source: GitHub Advisory Database
Blast Radius: 16.5
Published: almost 5 years ago
Low
GSA_kwCzR0hTQS1yam12LTUybXAtZ2pycs4AA480
vantage6 may create unencrypted tasks in encrypted collaboration
Ecosystems: pypi
Packages: vantage6
Source: GitHub Advisory Database
Blast Radius: 3.3
Published: 3 months ago
Low
GSA_kwCzR0hTQS05OHB4LTY0ODYtajdxY84AAzr1
Synapse has URL deny list bypass via oEmbed and image URLs when generating previews
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 5.0
Published: 11 months ago
Low
GSA_kwCzR0hTQS03Zzk3LTdyM2MtNWNjNs4AA58e
In Quarkus, git credentials could be inadvertently published
Ecosystems: maven
Packages: io.quarkus:quarkus-kubernetes-deployment
Source: GitHub Advisory Database
Blast Radius: 7.3
Published: about 2 months ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW1md2gtNW0yMy1qNDZ3
Environment Variable Injection in GitHub Actions
Ecosystems: npm
Packages: @actions/core
Source: GitHub Advisory Database
Blast Radius: 18.1
Published: over 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXc0cGotN3A2OC0zdmd2
Stored XSS in October
Ecosystems: packagist
Packages: october/backend
Source: GitHub Advisory Database
Blast Radius: 8.8
Published: over 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXg3ZzItd3JycC1yNmgz
Use of a Broken or Risky Cryptographic Algorithm
Ecosystems: packagist
Packages: mautic/core
Source: GitHub Advisory Database
Blast Radius: 1.7
Published: over 2 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTRyY3EtanYyZi04OThq
Incorrect Provision of Specified Functionality in qutebrowser
Ecosystems: pypi
Packages: qutebrowser
Source: GitHub Advisory Database
Blast Radius: 4.6
Published: almost 4 years ago
Low
GSA_kwCzR0hTQS1oMnBoLXZobTctZzRocM4AAwNV
Traefik may display authorization header in the debug logs
Ecosystems: go
Packages: github.com/traefik/traefik/v2
Source: GitHub Advisory Database
Blast Radius: 6.0
Published: over 1 year ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTNyOGotcG1jaC01ajJo
Internal exception message exposure for login action in Sylius
Ecosystems: packagist
Packages: sylius/sylius
Source: GitHub Advisory Database
Blast Radius: 10.1
Published: over 4 years ago
Low
GSA_kwCzR0hTQS1weDZ2LTZqaGYtajQ2cs4AAxqD
CSRF vulnerability in Synopsys Jenkins Coverity Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:synopsys-coverity
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Low
GSA_kwCzR0hTQS14NjdnLTQ3cDMtcmM3Zs4AAzg9
MindSpore vulnerable to memory corruption
Ecosystems: pypi
Packages: mindspore
Source: GitHub Advisory Database
Blast Radius: 5.5
Published: 11 months ago
Low
GSA_kwCzR0hTQS1yMzJnLXc5Y3YtOWZnY84AA6g_
RosarioSIS cross site scripting vulnerability
Ecosystems: packagist
Packages: francoisjacquet/rosariosis
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 month ago
Low
GSA_kwCzR0hTQS1xbXF3LXI0eDYtM3cycc4AAzLF
Answer Missing Authorization vulnerability
Ecosystems: go
Packages: github.com/answerdev/answer
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 12 months ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWh3djUtdzhnbS1mcTlm
Directory Traversal vulnerability in GET/PUT allows attackers to Disclose Information or Write Files via a crafted GET/PUT request
Ecosystems: pypi
Packages: xmpp-http-upload
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Low
GSA_kwCzR0hTQS1wd2g4LTU4dnYtdnc0OM4AA15T
Jetty's OpenId Revoked authentication allows one request
Ecosystems: maven
Packages: org.eclipse.jetty:jetty-openid
Source: GitHub Advisory Database
Blast Radius: 5.4
Published: 8 months ago
Statistics
Advisories: 18,317
Packages: 8,278
Repositories: 435
Ecosystems: 12
Filter by Severity
Moderate 7,906 High 6,339 Critical 2,804 Low 981
Filter by Ecosystem
pypi 440 maven 277 packagist 172 npm 127 go 120 rubygems 48 cargo 39 nuget 19 hex 3 pub 1 swift 1 actions 1
Filter by Package
tensorflow 109 tensorflow-gpu 93 tensorflow-cpu 93 moodle/moodle 17 concrete5/concrete5 13 shopware/platform 12 typo3/cms 11 github.com/mattermost/mattermost/server/v8 10 phpmyadmin/phpmyadmin 10 shopware/core 10 org.apache.tomcat:tomcat 9 org.jenkins-ci.main:jenkins-core 9 matrix-synapse 7 vyper 7 puppet 6 Umbraco.CMS 6 rack 6 helm.sh/helm/v3 5 ansible 5 wasmtime 5 baserproject/basercms 5 october/backend 5 sweetalert2 5 k8s.io/kubernetes 5 undici 5 org.keycloak:keycloak-services 4 shopware/shopware 4 com.vaadin:flow-server 4 github.com/mattermost/mattermost-server/v6 4 github.com/cilium/cilium 4 helm.sh/helm 4 magento/community-edition 4 simplesamlphp/simplesamlphp 4 electron 4 typo3/cms-core 4 actionpack 4 @openzeppelin/contracts-upgradeable 3 symfony/symfony 3 passenger 3 bin-links 3 org.apache.hive:hive 3 httplib2 3 org.apache.hive:hive-service 3 org.apache.hive:hive-exec 3 ethyca-fides 3 ckb 3 com.vaadin:vaadin-bom 3 go.etcd.io/etcd 3 github.com/mattermost/mattermost-server 3 node-forge 3 plone 3 github.com/cosmos/cosmos-sdk 3 wagtail 3 cryptography 3 org.graylog2:graylog2-server 3 nautobot 3 Zope 2 github.com/opencontainers/runc 2 org.jenkins-ci.plugins:ec2 2 com.inedo.proget:inedo-proget 2 github.com/sigstore/cosign 2 github.com/hashicorp/nomad 2 org.jenkins-ci.plugins:azure-ad 2 node-ipc 2 org.jenkins-ci.plugins:bigpanda-jenkins 2 winter/wn-backend-module 2 silverstripe/framework 2 braces 2 next-auth 2 github.com/authzed/spicedb 2 Flask-Security-Too 2 django 2 tuf 2 moin 2 pip 2 typo3/cms-frontend 2 Pillow 2 gilacms/gila 2 github.com/mutagen-io/mutagen 2 org.jenkins-ci.plugins:artifactory 2 github.com/answerdev/answer 2 go.etcd.io/etcd/client/v3 2 @apollo/server 2 org.jenkins-ci.plugins:repository-connector 2 s2n-quic 2 microweber/microweber 2 cargo 2 Django 2 flarum/core 2 github.com/ntbosscher/gobase 2 craftcms/cms 2 langchain 2 com.ruoyi:ruoyi 2 ceph-deploy 2 salt 2 github.com/cometbft/cometbft 2 parse-server 2 org.jenkins-ci.plugins:mercurial 2 sylius/sylius 2 tools.devnull:build-notifications 2 vantage6 2 @openzeppelin/contracts 2 github.com/mattermost/mattermost-plugin-jira 2 ezsystems/ezplatform-kernel 2 ezsystems/ezpublish-kernel 2 org.eclipse.jetty:jetty-server 2 OctoPrint 2 activesupport 2 org.jenkins-ci.plugins:wso2id-oauth 2 Flask-AppBuilder 2 grumpydictator/firefly-iii 2 aiohttp 2 org.xwiki.platform:xwiki-platform-oldcore 2 symfony/security-http 2 october/cms 2 typo3/cms-install 2 org.apache.activemq:activemq-parent 2 org.xwiki.platform:xwiki-platform-security-authentication-script 1 rabbit_common 1 hyper 1 github.com/Masterminds/goutils 1 @liquity/contracts 1 org.jenkins-ci.plugins:qmetry-for-jira-test-management 1 zod 1 io.jenkins.plugins:tuleap-oauth 1 io.quarkus.resteasy.reactive:resteasy-reactive-common 1 io.swagger:swagger-codegen 1 org.jenkins-ci.plugins:snsnotify 1 org.scala-sbt:io_3 1 org.scala-sbt:io_2.13 1 org.scala-sbt:io_2.12 1 org.scala-sbt:sbt 1 org.keycloak:keycloak-core 1 org.jenkins-ci.plugins:openshift-deployer 1 @diez/generation 1 horizon 1 github.com/oauth2-proxy/oauth2-proxy 1 github.com/oauth2-proxy/oauth2-proxy/v7 1 github.com/nats-io/nats-server/v2 1 wiremock 1 com.github.tomakehurst:wiremock-jre8-standalone 1 com.github.tomakehurst:wiremock-jre8 1 org.wiremock:wiremock 1 qutebrowser 1 automad/automad 1 mindspore 1 go.elastic.co/apm 1 kafo 1 net.sf.mpxj:mpxj 1 net.sf.mpxj 1 net.sf.mpxj-for-csharp 1 net.sf.mpxj-for-vb 1 mpxj 1 keylime 1 zerocopy 1 francoisjacquet/rosariosis 1 RPLY 1 seneca 1 hooka-tools 1 github.com/canonical/lxd 1 org.jenkins-ci.plugins:synopsys-coverity 1 contao/core-bundle 1 basti-cdk 1 io.jenkins.plugins:gitlab-branch-source 1 keystone 1 org.springframework.batch:spring-batch-core 1 org.jenkins-ci.plugins:ghprb 1 com.xuxueli:xxl-job-core 1 virtualenv 1 com.typesafe.play:play 1 ember-source 1 @aedart/support 1 streamlit 1 org.jenkins-ci.plugins:reverse-proxy-auth-plugin 1 flarum/framework 1 Werkzeug 1 django-basic-auth-ip-whitelist 1 org.keycloak:keycloak-server-spi-private 1 spina 1 admidio/admidio 1 phpmyfaq/phpmyfaq 1 solidus_backend 1 debug 1 org.keycloak:keycloak-parent 1 org.xmlunit:xmlunit-core 1 github.com/consensys/gnark-crypto 1 github.com/tendermint/tendermint 1 github.com/aws/aws-sdk-go 1 github.com/goharbor/harbor 1 croogo/croogo 1 @floffah/build 1 ajenti 1 fast-xml-parser 1 es5-ext 1 njwt 1 ascii-art 1 merge-objects 1 bigint-money 1 put 1 apostrophe 1
Filter by Repository
https://github.com/tensorflow/tensorflow 109 https://github.com/moodle/moodle 17 https://github.com/concretecms/concretecms 13 https://github.com/shopware/platform 12 https://github.com/etcd-io/etcd 8 https://github.com/umbraco/Umbraco-CMS 7 https://github.com/matrix-org/synapse 7 https://github.com/phpmyadmin/phpmyadmin 7 https://github.com/eclipse/jetty.project 7 https://github.com/vyperlang/vyper 7 https://github.com/octobercms/october 7 https://github.com/rack/rack 6 https://github.com/rails/rails 6 https://github.com/helm/helm 5 https://github.com/nodejs/undici 5 https://github.com/kubernetes/kubernetes 5 https://github.com/keycloak/keycloak 5 https://github.com/bytecodealliance/wasmtime 5 https://github.com/baserproject/basercms 5 https://github.com/ansible/ansible 5 https://github.com/sweetalert2/sweetalert2 5 https://github.com/xwiki/xwiki-platform 5 https://github.com/puppetlabs/puppet 5 https://github.com/jenkinsci/jenkins 5 https://github.com/cilium/cilium 4 https://github.com/electron/electron 4 https://github.com/simplesamlphp/simplesamlphp 4 https://github.com/TYPO3/typo3 4 https://github.com/apache/tomcat 4 https://github.com/wintercms/winter 4 https://github.com/mattermost/mattermost 4 https://github.com/vaadin/platform 4 https://github.com/shopware/shopware 4 https://github.com/ethyca/fides 3 https://github.com/pyca/cryptography 3 https://github.com/nautobot/nautobot 3 https://github.com/digitalbazaar/forge 3 https://github.com/Graylog2/graylog2-server 3 https://github.com/wagtail/wagtail 3 https://github.com/httplib2/httplib2 3 https://github.com/vantage6/vantage6 3 https://github.com/cosmos/cosmos-sdk 3 https://github.com/symfony/symfony 3 https://github.com/CVEProject/cvelist 3 https://github.com/nervosnetwork/ckb 3 https://github.com/vaadin/flow 3 https://github.com/phusion/passenger 3 https://gitlab.com/sequoia-pgp/sequoia 2 https://github.com/apache/activemq 2 https://github.com/apollographql/apollo-server 2 https://github.com/GilaCMS/gila 2 https://github.com/ceph/ceph-deploy 2 https://github.com/mutagen-io/mutagen 2 https://github.com/answerdev/answer 2 https://github.com/opencontainers/runc 2 https://github.com/aio-libs/aiohttp 2 https://github.com/aws/s2n-quic 2 https://github.com/zopefoundation/Zope 2 https://github.com/ntbosscher/gobase 2 https://github.com/craftcms/cms 2 https://github.com/microweber/microweber 2 https://github.com/octoprint/octoprint 2 https://github.com/parse-community/parse-server 2 https://github.com/sigstore/cosign 2 https://github.com/dpgaspar/Flask-AppBuilder 2 https://github.com/mattermost/mattermost-plugin-jira 2 https://github.com/authzed/spicedb 2 https://github.com/django/django 2 https://github.com/quarkusio/quarkus 2 https://github.com/jenkinsci/ec2-plugin 2 https://github.com/OpenZeppelin/openzeppelin-contracts 2 https://github.com/TYPO3/TYPO3.CMS 2 https://github.com/Sylius/Sylius 2 https://github.com/hashicorp/nomad 2 https://github.com/openstack/keystone 2 https://github.com/cometbft/cometbft 2 https://github.com/RIAEvangelist/node-ipc 2 https://github.com/Flask-Middleware/flask-security 2 https://github.com/nextauthjs/next-auth 2 https://github.com/ezsystems/ezplatform-kernel 2 https://github.com/saltstack/salt 2 https://github.com/flarum/framework 2 https://github.com/rust-lang/cargo 2 https://github.com/micromatch/braces 2 https://github.com/firefly-iii/firefly-iii 2 https://github.com/opencontainers/distribution-spec 2 https://github.com/pypa/pip 2 https://github.com/theupdateframework/python-tuf 2 https://github.com/dojo/dijit 1 https://github.com/jcubic/jquery.terminal 1 https://github.com/joeferner/redis-commander 1 https://github.com/fastify/fastify-http-proxy 1 https://github.com/brefphp/bref 1 https://github.com/electron-userland/electron-packager 1 https://github.com/ktorio/ktor 1 https://github.com/PrestaShop/productcomments 1 https://github.com/mlflow/mlflow 1 https://github.com/kopia/kopia 1 https://github.com/floriangaerber/Magnesium-PHP 1 https://github.com/lexik/LexikJWTAuthenticationBundle 1 https://github.com/openstack/nova 1 https://github.com/kitabisa/teler 1 https://github.com/jeremylong/DependencyCheck 1 https://github.com/tauri-apps/tauri 1 https://github.com/node-red/node-red 1 https://github.com/tendermint/tendermint 1 https://github.com/elastic/apm-agent-dotnet 1 https://github.com/jenkinsci/parameterized-remote-trigger-plugin 1 https://github.com/dub-flow/vulnerability-research 1 https://github.com/plone/Products.CMFPlone 1 https://github.com/jenkinsci/mercurial-plugin 1 https://github.com/canonical/lxd 1 https://github.com/fluent/fluentd 1 https://github.com/aedart/ion 1 https://github.com/impredicative/bitlyshortener 1 https://github.com/google/zerocopy 1 https://github.com/ezsystems/ezpublish-kernel 1 https://github.com/tinymce/tinymce 1 https://github.com/NVIDIA/NeMo 1 https://github.com/vapor/postgres-nio 1 https://github.com/jquery-validation/jquery-validation 1 https://github.com/jenkinsci/gitlab-plugin 1 https://github.com/Azure/setup-kubectl 1 https://github.com/swagger-api/swagger-codegen 1 https://github.com/knative-extensions/eventing-github 1 https://github.com/rails/globalid 1 https://github.com/medikoo/es5-ext 1 https://github.com/jenkinsci/resource-disposer-plugin 1 https://github.com/jenkinsci/email-ext-plugin 1 https://github.com/python-imaging/Pillow 1 https://github.com/jenkinsci/qmetry-for-jira-test-management-plugin 1 https://github.com/Cyber-Domain-Ontology/CDO-Utility-Local-UUID 1 https://github.com/simplegeo/python-oauth2 1 https://github.com/decidim/decidim 1 https://github.com/elastic/apm-agent-go 1 https://github.com/spinacms/spina 1 https://github.com/amundsen-io/amundsenfrontendlibrary 1 https://github.com/personnummer/go 1 https://github.com/keylime/keylime 1 https://github.com/vega/vega 1 https://github.com/Masterminds/goutils 1 https://github.com/skylot/jadx 1 https://github.com/cloudfoundry/uaa 1 https://github.com/directus/directus 1 https://github.com/Twipped/ircdkit 1 https://github.com/ubernostrum/django-registration 1 https://github.com/personnummer/php 1 https://github.com/arguiot/EyeJS 1 https://github.com/openjdk/jfx 1 https://github.com/livehelperchat/livehelperchat 1 https://github.com/CosmWasm/cosmwasm 1 https://github.com/cjvnjde/google-translate-api-browser 1 https://github.com/triaxtec/openapi-python-client 1 https://github.com/zowe/imperative 1 https://github.com/ESAPI/esapi-java-legacy 1 https://github.com/jenkinsci/digitalocean-plugin 1 https://github.com/theupdateframework/go-tuf 1 https://github.com/croogo/croogo 1 https://github.com/npm/npm 1 https://github.com/rust-vmm/linux-loader 1 https://github.com/derbyjs/derby 1 https://github.com/puma/puma 1 https://github.com/endojs/endo 1 https://github.com/moq/moq 1 https://github.com/zopefoundation/Products.GenericSetup 1 https://github.com/jenkinsci/git-client-plugin 1 https://github.com/waycrate/swhkd 1 https://github.com/Nebulosus/shamir 1 https://github.com/ConsenSys/discovery 1 https://github.com/personnummer/dart 1 https://github.com/magento/magento2 1 https://github.com/rust-vmm/vm-memory 1 https://github.com/tailscale/tailscale 1 https://github.com/argoproj/argo-workflows 1 https://github.com/containers/podman 1 https://github.com/alphagov/tech-docs-gem 1 https://github.com/mapfish/mapfish-print 1 https://github.com/ericcornelissen/shescape 1 https://github.com/memorysafety/sudo-rs 1 https://github.com/OpenZeppelin/openzeppelin-contracts-upgradeable 1 https://github.com/jenkinsci/m2release-plugin 1 https://github.com/sparklemotion/sqlite3-ruby 1 https://github.com/tlsfuzzer/tlslite-ng 1 https://github.com/tm-kn/django-basic-auth-ip-whitelist 1 https://github.com/onionshare/onionshare 1 https://github.com/jenkinsci/inedo-buildmaster-plugin 1 https://github.com/jenkinsci/github-plugin 1 https://github.com/kiwitcms/Kiwi 1 https://github.com/gradle/gradle 1 https://github.com/dan1hc/fgr 1 https://github.com/bbatsov/rubocop 1 https://gitlab.com/edneville/please 1 https://github.com/xmlunit/xmlunit 1 https://github.com/octokit/octopoller.rb 1 https://github.com/yourls/yourls 1 https://github.com/xuxueli/xxl-job 1 https://github.com/disintegration/imaging 1 https://github.com/node-js-libs/cli 1 https://github.com/Brondahl/EnumStringValues 1