Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Critical Security Advisories

Loading...
Critical
GSA_kwCzR0hTQS01Z21mLThnaDItaGhmcM4AAR2I
Jenkins SSH Plugin user passwords for encrypted SSH keys stored in plaintext
Ecosystems: maven
Packages: org.jenkins-ci.plugins:ssh, org.jvnet.hudson.plugins:ssh
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTdoOHgtd21xMi03bWZm
Command injection in launchpad
Ecosystems: npm
Packages: launchpad
Source: GitHub Advisory Database
Blast Radius: 31.0
Published: about 3 years ago
Critical
GSA_kwCzR0hTQS13M3JjLTJ3aGctdzkzNM4AAuEF
Mingsoft MCMS SQL injection vulnerability in /mdiy/model/delete URI via models List
Ecosystems: maven
Packages: net.mingsoft:ms-mcms
Source: GitHub Advisory Database
Blast Radius: 3.0
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS1qN213LTdjcnItNjU4ds37Kw
Richfaces vulnerable to arbitrary code execution
Ecosystems: maven
Packages: org.richfaces:richfaces-core
Source: GitHub Advisory Database
Blast Radius: 14.0
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS03eDM2LWg2Mnctdnc2Nc0frA
Out-of-bounds Write in actix-web
Ecosystems: cargo
Packages: actix-web
Source: GitHub Advisory Database
Blast Radius: 37.6
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS1xZzI1LWhnanYtY2c5cc4AAQar
Improper Neutralization of Special Elements in Output Used by a Downstream Component in Apache Groovy
Ecosystems: maven
Packages: org.codehaus.groovy:groovy
Source: GitHub Advisory Database
Blast Radius: 40.6
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS1mcHJyLXJybTgtNDUzNM4AAwuU
Apache Dubbo vulnerable to remote code execution via Telnet Handler
Ecosystems: maven
Packages: org.apache.dubbo:dubbo-parent
Source: GitHub Advisory Database
Blast Radius: 4.7
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS1maDU1LXZ3amMtNjljN84AAgdA
Unescaped control characters in Gitblit
Ecosystems: maven
Packages: com.gitblit:gitblit
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS1nd3FxLTZ2cTctNWo4Ns4AA1D8
langchain Code Injection vulnerability
Ecosystems: pypi
Packages: langchain
Source: GitHub Advisory Database
Blast Radius: 41.9
Published: 10 months ago
Critical
GSA_kwCzR0hTQS1xajkzLTM3ZjUtbXIyOc4AAX6N
Improper Input Validation in IpMatcher
Ecosystems: nuget
Packages: IpMatcher
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS01dng5LWo1Y3ctNDd2cc4AAxtv
Privilege escalation in MOSN
Ecosystems: go
Packages: mosn.io/mosn
Source: GitHub Advisory Database
Blast Radius: 13.2
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS1ocnAzLThwNXctMjdnds4AAQeT
Improper Input Validation in Spring AMQP
Ecosystems: maven
Packages: org.springframework.amqp:spring-amqp
Source: GitHub Advisory Database
Blast Radius: 34.4
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS02cjdyLWpqOGgtcHE2ds4AAQZS
Deserialization of Untrusted Data in Jython
Ecosystems: maven
Packages: org.python:jython, org.python:jython-standalone
Source: GitHub Advisory Database
Blast Radius: 31.8
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS1wcjc2LTVjbTUtdzljas4AA1Py
GitPython vulnerable to remote code execution due to insufficient sanitization of input arguments
Ecosystems: pypi
Packages: GitPython
Source: GitHub Advisory Database
Blast Radius: 43.5
Published: 9 months ago
Critical
GSA_kwCzR0hTQS03NXJ3LTM0cTYtNzJjcs4AArtB
Signature forgery in Biscuit
Ecosystems: go, maven, cargo
Packages: github.com/biscuit-auth/biscuit-go, com.clever-cloud:biscuit-java, biscuit-auth
Source: GitHub Advisory Database
Blast Radius: 12.3
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS1wNDZjLXc5bTMtN3FyMs0fqg
Use of Uninitialized Resource in flumedb.
Ecosystems: cargo
Packages: flumedb
Source: GitHub Advisory Database
Blast Radius: 3.0
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS1tNm04LTZncTgtYzlmas4AAzbB
Remote Code Execution Vulnerability in Validation Placeholders in CodeIgniter4
Ecosystems: packagist
Packages: codeigniter4/framework
Source: GitHub Advisory Database
Blast Radius: 32.7
Published: 12 months ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLThtangtaDIzaC13MnBn
Double free in stack_dst
Ecosystems: cargo
Packages: stack_dst
Source: GitHub Advisory Database
Blast Radius: 8.3
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS1yNDhoLWpyMmotOWc3OM4AAXCV
HashiCorp Terraform Amazon Web Services (AWS) uses an insecure PRNG
Ecosystems: go
Packages: github.com/hashicorp/terraform-provider-aws
Source: GitHub Advisory Database
Blast Radius: 19.9
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS1ocDV3LXcyOW0tdmc2M84AAz97
Apache Accumulo Improper Authentication vulnerability
Ecosystems: maven
Packages: org.apache.accumulo:accumulo-shell
Source: GitHub Advisory Database
Blast Radius: 13.0
Published: 11 months ago
Critical
GSA_kwCzR0hTQS1jcHFqLXIyOXEtY2hyaM4AAnvq
Loading a bgzip block can write out of bounds if size overflows.
Ecosystems: cargo
Packages: bam
Source: GitHub Advisory Database
Blast Radius: 6.8
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS1qYzR2LXZ2ZzYteGc3OM02eg
SQL Injection in ImpressCMS
Ecosystems: packagist
Packages: impresscms/impresscms
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS1xbTk1LXBnY2ctcXFmcc4AAvix
Insufficient validation when decoding a Socket.IO packet
Ecosystems: npm
Packages: socket.io-parser
Source: GitHub Advisory Database
Blast Radius: 59.8
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS05d2Y5LXF2dnAtMjkyOc4AAyAc
builderio/qwik is vulnerable to code injection
Ecosystems: npm
Packages: @builder.io/qwik
Source: GitHub Advisory Database
Blast Radius: 28.3
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS1qaGNmLWo0aGctdjY0cs4AAitC
Pimcore Access Control Issues
Ecosystems: packagist
Packages: pimcore/pimcore
Source: GitHub Advisory Database
Blast Radius: 24.4
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS0zZnB2LTU0ZmYtd3Fmas3jyQ
Deserialization of Untrusted Data in topthink/framework
Ecosystems: packagist
Packages: topthink/framework
Source: GitHub Advisory Database
Blast Radius: 34.4
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS1namc3LXFmdnAtOWhtNM4AAv9w
SQL injection in Dolibarr
Ecosystems: packagist
Packages: dolibarr/dolibarr
Source: GitHub Advisory Database
Blast Radius: 7.6
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS04d3E3LWhoamotZnBxds0l6Q
RCE in Mingsoft MCMS
Ecosystems: maven
Packages: net.mingsoft:ms-mcms
Source: GitHub Advisory Database
Blast Radius: 3.0
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS02cDNjLXY4dmMtYzI0NM0fkg
The `total_size` function for partial read the length of any `FixVec` is incorrect in molecule.
Ecosystems: cargo
Packages: molecule
Source: GitHub Advisory Database
Blast Radius: 20.9
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS04MnJyLW1xNHItcDRyM80uuw
SQL injection in francoisjacquet/rosariosis
Ecosystems: packagist
Packages: francoisjacquet/rosariosis
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS02NjQzLWg3aDUteDl3aM4AAz9W
Langchain vulnerable to arbitrary code execution
Ecosystems: pypi
Packages: langchain
Source: GitHub Advisory Database
Blast Radius: 41.9
Published: 11 months ago
Critical
GSA_kwCzR0hTQS00aHJwLW0zZjItNjQzas4AA4lt
Session fixation in Enonic XP
Ecosystems: maven
Packages: com.enonic.xp:lib-auth
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 4 months ago
Critical
GSA_kwCzR0hTQS0zODlwLWZjaHItcTJtZ80r8Q
Path Traversal in ImpressCMS
Ecosystems: packagist
Packages: impresscms/impresscms
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWNmdzUtdjdjdy02OWN3
Credential leak in org.apache.directory.api:apache-ldap-api
Ecosystems: maven
Packages: org.apache.directory.api:apache-ldap-api
Source: GitHub Advisory Database
Blast Radius: 4.7
Published: over 5 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTl4NjQtNXI3eC0ycTUz
Malicious Package in flatmap-stream
Ecosystems: npm
Packages: flatmap-stream
Source: GitHub Advisory Database
Blast Radius: 39.4
Published: over 3 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTY0NXAtODhxaC13Mzk4
Arbitrary Code Execution in jackson-databind
Ecosystems: maven
Packages: com.fasterxml.jackson.core:jackson-databind
Source: GitHub Advisory Database
Blast Radius: 52.8
Published: over 5 years ago
Critical
GSA_kwCzR0hTQS03cDhjLWNyZnItcTkzcM4AA1xg
hutool Buffer Overflow vulnerability
Ecosystems: maven
Packages: cn.hutool:hutool-json, cn.hutool:hutool-core
Source: GitHub Advisory Database
Blast Radius: 30.8
Published: 8 months ago
Critical
GSA_kwCzR0hTQS1yeGdmLXI4NDMtZzUzaM4AA1xh
hutool Buffer Overflow vulnerability
Ecosystems: maven
Packages: cn.hutool:hutool-json, cn.hutool:hutool-core
Source: GitHub Advisory Database
Blast Radius: 30.8
Published: 8 months ago
Critical
GSA_kwCzR0hTQS1xcjM4LWg5NmotMmozd84AAmhh
SaltStack Salt Command Injection in netapi ssh client
Ecosystems: pypi
Packages: salt
Source: GitHub Advisory Database
Blast Radius: 25.8
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS00d3JjLWY4cHEtZnBxcM4AAjLC
Pivotal Spring Framework contains unsafe Java deserialization methods
Ecosystems: maven
Packages: org.springframework:spring-web
Source: GitHub Advisory Database
Blast Radius: 50.8
Published: almost 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWg1ZjUtcmo0ci00MmY2
Incorrect access control in Neo4j Enterprise Database Server via LDAP authentication
Ecosystems: maven
Packages: org.neo4j:neo4j-enterprise
Source: GitHub Advisory Database
Blast Radius: 18.2
Published: over 5 years ago
Critical
GSA_kwCzR0hTQS02dmYyLW1mbXItcXFxd84AAz9f
Liufee CMS File Upload vulnerability
Ecosystems: packagist
Packages: feehi/cms
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 11 months ago
Critical
GSA_kwCzR0hTQS12OTM4LXFjYzktcnd2OM0fpQ
Use of Uninitialized Resource in buffoon.
Ecosystems: cargo
Packages: buffoon
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS13OXBoLXE0aDktcndxNs4AAYu2
CodeIgniter and Kohana vulnerable to PHP Object Injection
Ecosystems: packagist
Packages: kohana/core, codeigniter/framework
Source: GitHub Advisory Database
Blast Radius: 26.9
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS1qdjJyLWp4NnEtODlqZ80foA
Use of Uninitialized Resource in bronzedb-protocol.
Ecosystems: cargo
Packages: bronzedb-protocol
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWNocDQtcnY3OS02OGoz
Apache serialization mechanism does not have a list of classes allowed for serialization/deserialization
Ecosystems: maven
Packages: org.apache.ignite:ignite-core
Source: GitHub Advisory Database
Blast Radius: 28.2
Published: over 5 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJod3AtOXZtOS01NDdx
Command Injection in onion-oled-js
Ecosystems: npm
Packages: onion-oled-js
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 3 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLThtNXYtZjJ3cC13cXI5
Malicious Package in ali-contributors
Ecosystems: npm
Packages: ali-contributors
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Critical
GSA_kwCzR0hTQS02cjdjLTZ3OTYtOHB2d80ZPw
Remote Code Execution in AjaxNetProfessional
Ecosystems: nuget
Packages: AjaxNetProfessional
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS13ZjVwLWY1eHItYzRqas0YRg
SQL Injection in rosariosis
Ecosystems: packagist
Packages: francoisjacquet/rosariosis
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS12cXFnLXhndjctY2Y2OM4AAYBt
Deserialization of Untrusted Data in Spring AMQP
Ecosystems: maven
Packages: org.springframework.amqp:spring-amqp
Source: GitHub Advisory Database
Blast Radius: 34.4
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS00dmhmLTJodjctOG1yeM4AATvN
Improper Restriction of XML External Entity Reference in Apache ActiveMQ
Ecosystems: maven
Packages: org.apache.activemq:activemq-broker, org.apache.activemq:activemq-client
Source: GitHub Advisory Database
Blast Radius: 38.0
Published: about 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWM4aG0tN2hwcS03amhn
com.fasterxml.jackson.core:jackson-databind vulnerable to Deserialization of Untrusted Data
Ecosystems: maven
Packages: com.fasterxml.jackson.core:jackson-databind
Source: GitHub Advisory Database
Blast Radius: 52.8
Published: over 5 years ago
Critical
GSA_kwCzR0hTQS0yZ3dqLTdqbXYtaDI2cs07Ng
SQL Injection in Django
Ecosystems: pypi
Packages: Django
Source: GitHub Advisory Database
Blast Radius: 49.6
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS04Z2ptLWgzeGotbXA2d80fkQ
RPC call failure in ckb
Ecosystems: cargo
Packages: ckb
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS13cjZ2LTlmNzUtdmgyZ84AA4-q
Buildkit's interactive containers API does not validate entitlements check
Ecosystems: go
Packages: github.com/moby/buildkit
Source: GitHub Advisory Database
Blast Radius: 30.0
Published: 4 months ago
Critical
GSA_kwCzR0hTQS1yMjhoLXg2aHYtMmZxM80XJQ
Improper Verification of Cryptographic Signature in starkbank-ecdsa
Ecosystems: maven
Packages: com.starkbank:starkbank-ecdsa
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTU0eGotcTU4aC05eDU3
Arbitrary File Write in iobroker.admin
Ecosystems: npm
Packages: iobroker.admin
Source: GitHub Advisory Database
Blast Radius: 5.9
Published: over 3 years ago
Critical
GSA_kwCzR0hTQS1jcmg2LWZwNjctNjg4M84AAvn0
xmldom allows multiple root nodes in a DOM
Ecosystems: npm
Packages: @xmldom/xmldom, xmldom
Source: GitHub Advisory Database
Blast Radius: 55.2
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS14OHgyLXdjMmgtd2M0OM4AAvV4
Missing rate limit on rdiffweb
Ecosystems: pypi
Packages: rdiffweb
Source: GitHub Advisory Database
Blast Radius: 4.7
Published: over 1 year ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXg5Z20tcXhoaC1yZjc1
Malicious Package in cordova-plugin-china-picker
Ecosystems: npm
Packages: cordova-plugin-china-picker
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 3 years ago
Critical
GSA_kwCzR0hTQS1ocGY3LTRjMmctOWNoZs0V-A
Remote Code Execution in Halibut
Ecosystems: nuget
Packages: Halibut
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWM3bTctNDI1Ny1oNjk4
Prototype Pollution in templ8
Ecosystems: npm
Packages: templ8
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 3 years ago
Critical
GSA_kwCzR0hTQS1wcmdwLXc3dmYtY2g2Ms4AA1T_
LangChain vulnerable to arbitrary code execution
Ecosystems: pypi
Packages: langchain
Source: GitHub Advisory Database
Blast Radius: 41.9
Published: 9 months ago
Critical
GSA_kwCzR0hTQS12NGY0LTIzd2MtOTltaM4AA0KW
pipreqs vulnerable to Dependency Confusion
Ecosystems: pypi
Packages: pipreqs
Source: GitHub Advisory Database
Blast Radius: 34.0
Published: 11 months ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTM2eHctaGdmdi1qd203
Multiple security issues including data race, buffer overflow, and uninitialized memory drop in arr
Ecosystems: cargo
Packages: arr
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJnZnYtdjNqaC03ZmZw
Prototype Pollution in deeps
Ecosystems: npm
Packages: deeps
Source: GitHub Advisory Database
Blast Radius: 10.2
Published: about 3 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTk2NTgtYzI2di03cXZm
Use-after-free in yottadb
Ecosystems: cargo
Packages: yottadb
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS1mcHJwLXA4NjktdzZxMs4AAyjJ
LangChain vulnerable to code injection
Ecosystems: pypi
Packages: langchain
Source: GitHub Advisory Database
Blast Radius: 41.9
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS1oYzZxLTJtcHAtcXc3as4AAyD3
Cross-realm object access in Webpack 5
Ecosystems: npm
Packages: webpack
Source: GitHub Advisory Database
Blast Radius: 34.3
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS1oNDc1LTd2M2MtMjZxN84AAzEg
Command injection in OpenTSDB
Ecosystems: maven
Packages: net.opentsdb:opentsdb
Source: GitHub Advisory Database
Blast Radius: 22.0
Published: about 1 year ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWZtcnItbXg2ai1oM2g1
Prototype Pollution in confucious
Ecosystems: npm
Packages: confucious
Source: GitHub Advisory Database
Blast Radius: 3.0
Published: about 3 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZ3cDItZnczdi1tZm1j
Memory corruption in array-tools
Ecosystems: cargo
Packages: array-tools
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS1oaDMyLTczNDQtY2cyZs4AAgbh
Authorization bypass in Spring Security
Ecosystems: maven
Packages: org.springframework.security:spring-security-core
Source: GitHub Advisory Database
Blast Radius: 45.5
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS1oOW1oLW1ncHYtZ3Ftds4AAuXO
Remote code execution in Apache Flume
Ecosystems: maven
Packages: org.apache.flume.flume-ng-sources:flume-jms-source
Source: GitHub Advisory Database
Blast Radius: 20.5
Published: over 1 year ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWpoMm0tajhwcC01NXJj
Prototype Pollution in gedi
Ecosystems: npm
Packages: gedi
Source: GitHub Advisory Database
Blast Radius: 8.9
Published: about 3 years ago
Critical
GSA_kwCzR0hTQS1qbXc3LXBoNnAtMzNjY84AAXvi
Exposure of Sensitive Information in Jenkins Core
Ecosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS00cWhyLXE3d2YtOTR4cM4AAjpS
Deserialization of Untrusted Data in JYaml
Ecosystems: maven
Packages: org.jyaml:jyaml
Source: GitHub Advisory Database
Blast Radius: 23.7
Published: almost 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZxY3EtbXJtdy1tY21n
Rubyzip gem contains a Directory Traversal vulnerability in zip file component
Ecosystems: rubygems
Packages: rubyzip
Source: GitHub Advisory Database
Blast Radius: 57.1
Published: over 5 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWdwcHctM2g2aC12NnEy
Data race in internment
Ecosystems: cargo
Packages: internment
Source: GitHub Advisory Database
Blast Radius: 29.8
Published: over 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTM3amotd3A3Zy03d2o0
Read of uninitialized memory in cdr
Ecosystems: cargo
Packages: cdr
Source: GitHub Advisory Database
Blast Radius: 9.4
Published: over 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWZyNTItNGhxdy1wMjdm
Nokogiri does not forbid namespace nodes in XPointer ranges
Ecosystems: rubygems
Packages: nokogiri
Source: GitHub Advisory Database
Blast Radius: 59.2
Published: over 5 years ago
Critical
GSA_kwCzR0hTQS02dzI5LXg1ajQtcWhyd84AAlK8
Magento security mitigation bypass vulnerability
Ecosystems: packagist
Packages: magento/community-edition, magento/core
Source: GitHub Advisory Database
Blast Radius: 10.6
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS03NXA2LTUyZzMtcnFjOM1BLA
Keycloak vulnerable to privilege escalation on Token Exchange feature
Ecosystems: maven
Packages: org.keycloak:keycloak-services
Source: GitHub Advisory Database
Blast Radius: 26.9
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS00ZzJ4LXZxNXAtNXZqNs4AA5sL
Budibase affected by VM2 Constructor Escape Vulnerability
Ecosystems: npm
Packages: @budibase/server
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
Critical
GSA_kwCzR0hTQS01MjZ4LXJtN2otdjM4Oc4AArXl
Privilege escalation in Hashicorp Nomad
Ecosystems: go
Packages: github.com/hashicorp/nomad
Source: GitHub Advisory Database
Blast Radius: 22.7
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS03cThjLTQ5ZjQtNGM4cc4AAz61
Solon vulnerable to deserialization of untrusted data
Ecosystems: maven
Packages: org.noear:solon
Source: GitHub Advisory Database
Blast Radius: 18.7
Published: 11 months ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXE2cGotamg5NC01ZnBy
OS Command Injection in docker-compose-remote-api
Ecosystems: npm
Packages: docker-compose-remote-api
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 3 years ago
Critical
GSA_kwCzR0hTQS1mMjRqLWY5N3ctNjVoOM4AAiRn
Centreon Privilege Escalation
Ecosystems: packagist
Packages: centreon/centreon
Source: GitHub Advisory Database
Blast Radius: 4.7
Published: almost 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWh2Z2MtbWdnZy1weHIy
Malicious Package in js-sha7
Ecosystems: npm
Packages: js-sha7
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTNweHAtNjk2My00NnI5
Command Injection in pdfinfojs
Ecosystems: npm
Packages: pdfinfojs
Source: GitHub Advisory Database
Blast Radius: 9.4
Published: almost 6 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWdoaHAtOTk3dy1xcjI4
.NET Core Remote Code Execution Vulnerability
Ecosystems: nuget
Packages: System.Text.Encodings.Web
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 3 years ago
Critical
GSA_kwCzR0hTQS1mNzN3LTRtN2ctY2g5eM4AA1n1
Langchain vulnerable to arbitrary code execution via the evaluate function in the numexpr library
Ecosystems: pypi
Packages: langchain
Source: GitHub Advisory Database
Blast Radius: 41.9
Published: 9 months ago
Critical
GSA_kwCzR0hTQS03Mzh4LXY0OWctcDZoeM4AAlwV
Scalyr Agent 2 Missing SSL Certificate Validation
Ecosystems: pypi
Packages: scalyr-agent-2
Source: GitHub Advisory Database
Blast Radius: 3.0
Published: almost 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTQ1dzUtcHZyOC00cmg1
Command injection in eslint-fixer
Ecosystems: npm
Packages: eslint-fixer
Source: GitHub Advisory Database
Blast Radius: 8.9
Published: about 3 years ago
Critical
GSA_kwCzR0hTQS03bTdnLWpxNG0tOTh3Nc4AAe6O
Apache Solr for TYPO3 (solr) extension is vulnerable to Insecure Unserialize
Ecosystems: packagist
Packages: apache-solr-for-typo3/solr
Source: GitHub Advisory Database
Blast Radius: 14.8
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS1xcnZqLTI3NGgtaGZjZ80ZRw
Deserialization of Untrusted Data in topthink/framework
Ecosystems: packagist
Packages: topthink/framework
Source: GitHub Advisory Database
Blast Radius: 34.4
Published: over 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZnZzgtNzJmMi1xbTIz
Critical severity vulnerability that affects org.eclipse.jetty:jetty-server
Ecosystems: maven
Packages: org.eclipse.jetty:jetty-server
Source: GitHub Advisory Database
Blast Radius: 44.5
Published: over 5 years ago
Critical
GSA_kwCzR0hTQS02djU2LWNwZzYtM3JweM4AAQW7
Mercurial vulnerable to arbitrary code injection
Ecosystems: pypi
Packages: mercurial
Source: GitHub Advisory Database
Blast Radius: 31.8
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS0zcW1nLWM5dmMtcjQ3as4AAR1w
Mercurial is vulnerable to shell injection attack
Ecosystems: pypi
Packages: mercurial
Source: GitHub Advisory Database
Blast Radius: 31.8
Published: about 2 years ago
Statistics
Advisories: 18,752
Packages: 8,375
Repositories: 1,301
Ecosystems: 12
Filter by Severity
Moderate 8,149 High 6,447 Critical 2,848 Low 1,014
Filter by Ecosystem
npm 954 maven 826 packagist 491 pypi 370 go 215 cargo 154 rubygems 110 nuget 49 actions 4 hex 4 swift 2
Filter by Package
magento/community-edition 34 com.fasterxml.jackson.core:jackson-databind 24 dolibarr/dolibarr 23 org.jenkins-ci.main:jenkins-core 18 net.mingsoft:ms-mcms 18 salt 17 moodle/moodle 15 drupal/core 14 topthink/framework 13 com.liferay.portal:release.portal.bom 13 langchain 12 com.liferay.portal:release.dxp.bom 12 mlflow 12 org.apache.dubbo:dubbo 12 magento/core 11 org.apache.struts:struts2-core 11 apache-airflow 10 drupal/drupal 10 vm2 10 funadmin/funadmin 9 phpmyadmin/phpmyadmin 9 tensorflow 9 org.xwiki.platform:xwiki-platform-oldcore 9 froxlor/froxlor 8 paddlepaddle 8 org.jeecgframework.boot:jeecg-boot-common 8 rdiffweb 8 tensorflow-cpu 8 tensorflow-gpu 8 org.xwiki.platform:xwiki-platform-web-templates 8 shopware/platform 8 studio-42/elfinder 7 rusqlite 7 sequelize 7 ansible 7 gogs.io/gogs 7 symfony/symfony 7 org.xwiki.platform:xwiki-platform-administration-ui 7 github.com/argoproj/argo-cd 6 parse-server 6 thorsten/phpmyfaq 6 ezsystems/ezpublish-kernel 6 aaptjs 6 github.com/answerdev/answer 6 mercurial 5 centreon/centreon 5 shopware/core 5 org.jeecgframework.boot:jeecg-boot-parent 5 org.apache.shiro:shiro-core 5 org.jenkins-ci.plugins:script-security 5 org.apache.activemq:activemq-client 5 steal 5 Microsoft.ChakraCore 5 mautic/core 5 org.xwiki.commons:xwiki-commons-xml 5 nodebb 5 org.xwiki.platform:xwiki-platform-web 5 prestashop/prestashop 5 safe-eval 5 ckb 5 zendframework/zendframework 5 Pillow 5 django 5 org.apache.inlong:manager-pojo 5 realms-shim 4 calibreweb 4 github.com/grafana/grafana 4 hermes-engine 4 contao/core-bundle 4 org.apache.tomcat.embed:tomcat-embed-core 4 spree_auth_devise 4 pyload-ng 4 feehi/cms 4 librenms/librenms 4 PaddlePaddle 4 org.apache.openmeetings:openmeetings-parent 4 contao/contao 4 smallvec 4 code.gitea.io/gitea 4 org.cloudfoundry.identity:cloudfoundry-identity-server 4 Django 4 github.com/hashicorp/vault 4 nilsteampassnet/teampass 4 net.opentsdb:opentsdb 4 apache-airflow-providers-apache-hive 4 org.xwiki.platform:xwiki-platform-flamingo-skin-resources 4 org.apache.inlong:manager-service 4 org.eclipse.jetty:jetty-server 4 org.jeecgframework.boot:jeecg-boot-base-core 4 swagger-ui 4 org.apache.kylin:kylin-server-base 4 org.xwiki.platform:xwiki-platform-appwithinminutes-ui 4 github.com/usememos/memos 4 baserproject/basercms 4 openssl-src 4 safer-eval 4 nukeviet/nukeviet 4 org.apache.tapestry:tapestry-core 4 github.com/argoproj/argo-cd/v2 4 messagepack-rs 4 org.apache.solr:solr-parent 3 pimcore/pimcore 3 lmdb 3 org.richfaces:richfaces-core 3 org.xwiki.platform:xwiki-platform-flamingo-theme-ui 3 org.xwiki.platform:xwiki-platform-panels-ui 3 github.com/hashicorp/nomad 3 publify_core 3 nvflare 3 org.jenkins-ci.plugins:active-directory 3 org.apache.logging.log4j:log4j-core 3 zendframework/zendframework1 3 showdoc/showdoc 3 org.zenframework.z8.dependencies.commons:log4j-1.2.17 3 ezsystems/ezplatform-kernel 3 org.apache.hadoop:hadoop-common 3 @openzeppelin/contracts-upgradeable 3 com.alibaba:dubbo 3 symfony/security-core 3 modoboa 3 log4j:log4j 3 org.apache.storm:storm 3 symfony/security 3 edu.stanford.nlp:stanford-corenlp 3 org.xwiki.platform:xwiki-platform-icon-ui 3 ro.pippo:pippo-core 3 com.hazelcast:hazelcast 3 org.keycloak:keycloak-core 3 org.apache.ozone:ozone-main 3 adodb/adodb-php 3 smarty/smarty 3 slpjs 3 strapi 3 dompdf/dompdf 3 browserify-shim 3 actix-web 3 mongoose 3 facade/ignition 3 org.apache.linkis:linkis 3 com.jflyfox:jflyfox_jfinal 3 codiad/codiad 3 jsrsasign 3 io.undertow:undertow-core 3 ibexa/core 3 org.apache.jmeter:ApacheJMeter 3 cobbler 3 org.springframework.security:spring-security-core 3 github.com/dexidp/dex 3 github.com/pterodactyl/wings 3 simplesamlphp/simplesamlphp 3 org.jenkins-ci.plugins.workflow:workflow-cps 3 io.dataease:dataease-plugin-common 3 rubygems-update 3 org.apache.any23:apache-any23 3 org.apache.solr:solr-core 3 org.xwiki.platform:xwiki-platform-search-ui 3 xcb 3 phpmailer/phpmailer 3 github.com/rancher/rancher 3 craftcms/cms 3 francoisjacquet/rosariosis 3 ray 3 codeigniter4/framework 3 org.apache.dolphinscheduler:dolphinscheduler 3 nokogiri 3 typo3/cms 3 elefant/cms 3 impresscms/impresscms 3 org.apache.ignite:ignite-core 3 id-map 3 handlebars 3 tribalsystems/zenario 3 codeigniter/framework 3 feathers-sequelize 3 github.com/go-gitea/gitea 3 org.apache.inlong:manager-web 3 org.jeecgframework.boot:jeecg-boot-base 3 slp-validate 3 async-git 2 python-keystoneclient 2 org.apache.flume.flume-ng-sources:flume-jms-source 2 llama-index 2 eslint-config-eslint 2 org.apache.inlong:manager-dao 2 org.jenkins-ci.plugins:semantic-versioning-plugin 2 github.com/sap/cloud-security-client-go 2 org.apache.shiro:shiro-web 2 apache-superset 2 mathjs 2 github.com/crewjam/saml 2 alextselegidis/easyappointments 2 github.com/russellhaering/gosaml2 2 total4 2 org.apache.derby:derby 2 laravel/framework 2 org.apache.commons:commons-configuration2 2 org.xwiki.platform:xwiki-platform-attachment-ui 2 Radicale 2 com.hazelcast.jet:hazelcast-jet 2 vyper 2
Filter by Repository
https://github.com/xwiki/xwiki-platform 81 https://github.com/FasterXML/jackson-databind 24 https://github.com/jenkinsci/jenkins 17 https://github.com/Dolibarr/dolibarr 15 https://github.com/saltstack/salt 14 https://github.com/apache/airflow 14 https://github.com/mlflow/mlflow 11 https://github.com/PaddlePaddle/Paddle 11 https://github.com/ming-soft/MCMS 10 https://github.com/patriksimek/vm2 10 https://github.com/jeecgboot/jeecg-boot 9 https://github.com/tensorflow/tensorflow 9 https://github.com/top-think/framework 9 https://github.com/funadmin/funadmin 9 https://github.com/django/django 9 https://github.com/langchain-ai/langchain 8 https://github.com/magento/magento2 8 https://github.com/apache/inlong 8 https://github.com/ikus060/rdiffweb 8 https://github.com/argoproj/argo-cd 7 https://github.com/gogs/gogs 7 https://github.com/go-gitea/gitea 7 https://github.com/python-pillow/Pillow 7 https://github.com/Studio-42/elFinder 7 https://github.com/apache/struts 7 https://github.com/sequelize/sequelize 7 https://github.com/rusqlite/rusqlite 7 https://github.com/ansible/ansible 7 https://github.com/answerdev/answer 6 https://github.com/symfony/symfony 6 https://github.com/shenzhim/aaptjs 6 https://github.com/xwiki/xwiki-commons 6 https://github.com/thorsten/phpmyfaq 6 https://github.com/parse-community/parse-server 6 https://github.com/shopware/platform 6 https://github.com/solidusio/solidus_auth_devise 5 https://github.com/froxlor/froxlor 5 https://github.com/hacksparrow/safe-eval 5 https://github.com/moodle/moodle 5 https://github.com/NodeBB/NodeBB 5 https://github.com/apache/activemq 5 https://github.com/stealjs/steal 5 https://github.com/PrestaShop/PrestaShop 5 https://github.com/dromara/hutool 5 https://github.com/nervosnetwork/ckb 5 https://github.com/keycloak/keycloak 5 https://github.com/apache/tomcat 5 https://github.com/otake84/messagepack-rs 4 https://github.com/cloudfoundry/uaa 4 https://github.com/hwchase17/langchain 4 https://github.com/janeczku/calibre-web 4 https://github.com/swagger-api/swagger-ui 4 https://github.com/liufee/cms 4 https://github.com/OpenTSDB/opentsdb 4 https://github.com/grafana/grafana 4 https://github.com/servo/rust-smallvec 4 https://github.com/ezsystems/ezpublish-kernel 4 https://github.com/usememos/memos 4 https://github.com/dompdf/dompdf 4 https://github.com/pippo-java/pippo 4 https://github.com/pyload/pyload 4 https://github.com/contao/contao 4 https://github.com/CVEProject/cvelist 4 https://github.com/spring-projects/spring-framework 4 https://github.com/centreon/centreon-archived 3 https://github.com/cobbler/cobbler 3 https://github.com/opencast/opencast 3 https://github.com/pimcore/pimcore 3 https://github.com/thlorenz/browserify-shim 3 https://github.com/shopware/shopware 3 https://github.com/rancher/rancher 3 https://github.com/facebook/hermes 3 https://github.com/star7th/showdoc 3 https://github.com/pterodactyl/wings 3 https://github.com/feathersjs-ecosystem/feathers-sequelize 3 https://github.com/ImpressCMS/impresscms 3 https://github.com/facade/ignition 3 https://github.com/PHPMailer/PHPMailer 3 https://github.com/publify/publify 3 https://github.com/smarty-php/smarty 3 https://github.com/craftcms/cms 3 https://github.com/nukeviet/nukeviet 3 https://github.com/ezsystems/ezplatform-kernel 3 https://github.com/jflyfox/jfinal_cms 3 https://github.com/simpleledger/slpjs 3 https://github.com/phpmyadmin/phpmyadmin 3 https://github.com/crewjam/saml 3 https://github.com/chakra-core/ChakraCore 3 https://github.com/dataease/dataease 3 https://github.com/NVIDIA/NVFlare 3 https://github.com/ADOdb/ADOdb 3 https://github.com/ibexa/core 3 https://github.com/rubygems/rubygems.org 3 https://github.com/andrewhickman/id-map 3 https://github.com/apache/camel 3 https://github.com/rubygems/rubygems 3 https://github.com/twisted/twisted 3 https://github.com/hazelcast/hazelcast 3 https://github.com/actix/actix-web 3 https://github.com/modoboa/modoboa 3 https://github.com/dwisiswant0/advisory 3 https://github.com/run-llama/llama_index 3 https://github.com/jbroadway/elefant 3 https://github.com/strapi/strapi 3 https://github.com/octobercms/october 3 https://github.com/denoland/deno 3 https://github.com/mautic/mautic 3 https://github.com/TeamSeri0us/pocs 3 https://github.com/baserproject/basercms 3 https://github.com/LetianYuan/My-CVE-Public-References 3 https://github.com/dexidp/dex 3 https://github.com/github/securitylab 3 https://github.com/apache/shiro 3 https://github.com/neorazorx/facturascripts 3 https://github.com/kjur/jsrsasign 3 https://github.com/mbechler/marshalsec 3 https://github.com/jmrozanec/cron-utils 2 https://github.com/pytorch/serve 2 https://github.com/sjep/array 2 https://github.com/jfinal/jfinal 2 https://github.com/OpenAPITools/openapi-generator 2 https://github.com/simpleledger/slp-validate.js 2 https://github.com/top-think/thinkphp 2 https://github.com/SAP/cloud-pysec 2 https://github.com/apache/kylin 2 https://github.com/TribalSystems/Zenario 2 https://github.com/totaljs/framework 2 https://github.com/stanfordnlp/corenlp 2 https://github.com/HtmlUnit/htmlunit 2 https://github.com/ahdinosaur/set-in 2 https://github.com/kubernetes/kubernetes 2 https://github.com/Microsoft/ChakraCore 2 https://github.com/MrSwitch/hello.js 2 https://github.com/ibexa/admin-ui 2 https://github.com/evmos/evmos 2 https://github.com/beego/beego 2 https://github.com/dominictarr/libnested 2 https://github.com/fluxcd/flux2 2 https://github.com/moby/buildkit 2 https://github.com/unshiftio/url-parse 2 https://github.com/sidorares/node-mysql2 2 https://github.com/noear/solon 2 https://github.com/h2database/h2database 2 https://github.com/firebase/php-jwt 2 https://github.com/netvl/acc_reader 2 https://github.com/rubyzip/rubyzip 2 https://github.com/russellhaering/gosaml2 2 https://github.com/jenkinsci/semantic-versioning-plugin 2 https://github.com/rest-client/rest-client 2 https://github.com/hashicorp/go-getter 2 https://github.com/qcubed/qcubed 2 https://github.com/nats-io/jwt 2 https://github.com/getgrav/grav 2 https://github.com/rochacbruno/quokka 2 https://github.com/graphite-project/graphite-web 2 https://github.com/rails/rails 2 https://github.com/uasoft-indonesia/badaso 2 https://github.com/apache/flume 2 https://github.com/Froxlor/Froxlor 2 https://github.com/TogaTech/tEnvoy 2 https://github.com/PowerJob/PowerJob 2 https://github.com/Gerapy/Gerapy 2 https://github.com/rust-random/rand 2 https://github.com/hashicorp/nomad 2 https://github.com/vert-x3/vertx-web 2 https://github.com/apache/karaf 2 https://github.com/simplesamlphp/simplesamlphp 2 https://github.com/nilsteampassnet/teampass 2 https://github.com/sparklemotion/nokogiri 2 https://gitlab.com/francoisjacquet/rosariosis 2 https://github.com/laurent22/joplin 2 https://github.com/dominictarr/event-stream 2 https://github.com/KnpLabs/snappy 2 https://github.com/apache/incubator-streampark 2 https://github.com/SAP/cloud-security-services-integration-library 2 https://github.com/skoranga/node-dns-sync 2 https://github.com/commenthol/safer-eval 2 https://github.com/SAP/cloud-security-client-go 2 https://github.com/dfinity/agent-js 2 https://github.com/jaw187/node-traceroute 2 https://github.com/WWBN/AVideo 2 https://github.com/markevans/dragonfly 2 https://github.com/nilsteampassnet/TeamPass 2 https://github.com/soketi/soketi 2 https://github.com/line/armeria 2 https://github.com/gofiber/fiber 2 https://github.com/joomla/joomla-cms 2 https://github.com/OpenZeppelin/openzeppelin-contracts-upgradeable 2 https://github.com/google/flatbuffers 2 https://github.com/benbusby/whoogle-search 2 https://github.com/gventuri/pandas-ai 2 https://github.com/nodejs/llhttp 2 https://github.com/zoujingli/ThinkAdmin 2 https://github.com/Automattic/mongoose 2 https://github.com/handlebars-lang/handlebars.js 2 https://github.com/hashicorp/vault 2 https://github.com/ionicabizau/parse-url 2 https://github.com/cockpit-hq/cockpit 2 https://github.com/keystonejs/keystone 2