Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Critical Security Advisories

Loading...
Critical
GSA_kwCzR0hTQS1tN3hxLThqcDgtcmoyY807OQ
Command injection in npm-dependency-versions
Ecosystems: npm
Packages: npm-dependency-versions
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXBmOGotdmhnOC14bWMz
karma-mojo enables OS Command Injection
Ecosystems: npm
Packages: karma-mojo
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS02cnczLTN3aHctanZqas0_mw
Git LFS can execute a binary from the current directory on Windows
Ecosystems: go
Packages: github.com/git-lfs/git-lfs, github.com/git-lfs/git-lfs/v3
Source: GitHub Advisory Database
Blast Radius: 13.9
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS03eGZqLTRqcGctNTh2Zs4AAUsi
ThinkPHP SQLi Vulnerability
Ecosystems: packagist
Packages: topthink/framework
Source: GitHub Advisory Database
Blast Radius: 34.4
Published: almost 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWYyanYtcjlyZi03OTg4
Remote code execution in handlebars when compiling templates
Ecosystems: maven, npm
Packages: org.webjars.bowergithub.wycats:handlebars.js, org.webjars.npm:handlebars, org.webjars:handlebars, handlebars
Source: GitHub Advisory Database
Blast Radius: 79.2
Published: almost 3 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWo1Mm0tNDg5eC12NjM0
Double free in linea
Ecosystems: cargo
Packages: linea
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS05d2M5LTQ5OHctaDh4ds4AAjcc
Magento deserialization vulnerability
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 10.6
Published: almost 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTR4MjUtcHZody01MjI0
Algorithms compute incorrect results in blake2
Ecosystems: cargo
Packages: blake2
Source: GitHub Advisory Database
Blast Radius: 36.9
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS03Z2NwLTJnbXEtdzN4aM4AARmK
RubyGems Code Injection vulnerability
Ecosystems: rubygems
Packages: rubygems-update
Source: GitHub Advisory Database
Blast Radius: 20.2
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS0zM2Y5LWo4MzktcmY4aM0VjA
Prototype Pollution in immer
Ecosystems: npm
Packages: immer
Source: GitHub Advisory Database
Blast Radius: 60.5
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS04dmg2LTh3NzYtdjZtM84AAQVU
October CMS File Upload Vulnerability
Ecosystems: packagist
Packages: october/october
Source: GitHub Advisory Database
Blast Radius: 8.3
Published: almost 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTVycnYtbTM2aC1xd2Y4
Use-after-free in chttp
Ecosystems: cargo
Packages: chttp
Source: GitHub Advisory Database
Blast Radius: 6.8
Published: over 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTNjdjQteHh2Ny05MzRx
Improper Verification of Cryptographic Signature in Apache Pulsar in TensorFlow
Ecosystems: maven
Packages: org.apache.pulsar:pulsar
Source: GitHub Advisory Database
Blast Radius: 5.9
Published: almost 3 years ago
Critical
GSA_kwCzR0hTQS1qcmNjLTdqZjUtM3B4Z84AAYP1
Injection in Apache NiFi
Ecosystems: maven
Packages: org.apache.nifi:nifi
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS1tbW1oLXdjeG0tMndyNM4AAvnr
Spring Security authorization rules can be bypassed via forward or include dispatcher types
Ecosystems: maven
Packages: org.springframework.security:spring-security-core
Source: GitHub Advisory Database
Blast Radius: 45.5
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS04cndyLXgzN3AtbXgyM84AAvn2
X.509 Email Address 4-byte Buffer Overflow
Ecosystems: cargo
Packages: openssl-src
Source: GitHub Advisory Database
Blast Radius: 34.9
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS04cjZqLXY4cG0tZnF3M84AA2SB
Code injection in fsevents
Ecosystems: npm
Packages: fsevents
Source: GitHub Advisory Database
Blast Radius: 65.9
Published: 7 months ago
Critical
GSA_kwCzR0hTQS14NzUyLXFqdjQtYzRoY804Ig
Remote code injection in dompdf/dompdf
Ecosystems: packagist
Packages: dompdf/dompdf
Source: GitHub Advisory Database
Blast Radius: 42.6
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS1td2h3LTZwMjctNGNyY84AAuk7
Quarkus does not terminate HTTP requests header context
Ecosystems: maven
Packages: io.quarkus:quarkus-core-parent
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS0ycnIzLXJ2NDktcDQyZs4AAvl1
phpMyFAQ contains Weak Password Requirements
Ecosystems: packagist
Packages: thorsten/phpmyfaq
Source: GitHub Advisory Database
Blast Radius: 5.9
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS1xcHY4LTRwanEtcXFoN84AAvis
feathers-sequelize contains improper input validation leading to SQL injection
Ecosystems: npm
Packages: feathers-sequelize
Source: GitHub Advisory Database
Blast Radius: 25.1
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS1jZ21tLWMybTktZmY3cs4AA0E5
jFinal Server-Side Template Injection vulnerability
Ecosystems: maven
Packages: com.jfinal:jfinal
Source: GitHub Advisory Database
Blast Radius: 28.7
Published: 10 months ago
Critical
GSA_kwCzR0hTQS04Nzg3LTYzcHgtM20yM84AATHc
Cobbler has Exposed Dangerous Method or Function
Ecosystems: pypi
Packages: cobbler
Source: GitHub Advisory Database
Blast Radius: 10.2
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS01M3h2LWMyaHgtNXc2cc0d_Q
Command Injection in node-windows
Ecosystems: npm
Packages: node-windows
Source: GitHub Advisory Database
Blast Radius: 29.0
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS00NDhoLTdobXAtOTlmZ84AAbWe
ChakraCore RCE Vulnerability
Ecosystems: nuget
Packages: Microsoft.ChakraCore
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWc0dzctM3FyOC01NjIz
Improper type usage in rusqlite
Ecosystems: cargo
Packages: rusqlite
Source: GitHub Advisory Database
Blast Radius: 33.8
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS01Y3FtLWNyeG0tNnFwds0bSA
Buffer overrun in CGI.escape_html
Ecosystems: rubygems
Packages: cgi
Source: GitHub Advisory Database
Blast Radius: 26.4
Published: over 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTdjamMtaHZ4Zi1ncWg3
Use after free and double free in bitvec
Ecosystems: cargo
Packages: bitvec
Source: GitHub Advisory Database
Blast Radius: 39.2
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS1xaHE4LXh3cXYtcHZ2Oc4AAYBx
OpenStack Swauth object/proxy server writing Auth Token to log file
Ecosystems: pypi
Packages: swauth
Source: GitHub Advisory Database
Blast Radius: 4.7
Published: almost 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXAycTktOWNxNi1oM2p3
Out of bounds read in Ozone
Ecosystems: cargo
Packages: ozone
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTdyOTYtOGczeC1nMzZt
Improper Verification of Cryptographic Signature
Ecosystems: npm
Packages: tenvoy
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 3 years ago
Critical
GSA_kwCzR0hTQS14ZmpxLXczY3ctaDVmcc4AAVUw
Zend Framework Allows SQL Injection
Ecosystems: packagist
Packages: zendframework/zendframework
Source: GitHub Advisory Database
Blast Radius: 38.2
Published: almost 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLThoNGotdm0zci12Y3Ez
Use after free in rusqlite
Ecosystems: cargo
Packages: rusqlite
Source: GitHub Advisory Database
Blast Radius: 33.8
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS00Y3BnLTN2Z3ctNDg3N80s1Q
Prototype pollution in Plist before 3.0.5 can cause denial of service
Ecosystems: npm
Packages: plist
Source: GitHub Advisory Database
Blast Radius: 55.3
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS1majhmLTU2d2MtcTM2cs4AA0u5
rabbitmq-connector plugin module in Apache EventMesh platforms allows attackers to send controlled message
Ecosystems: maven
Packages: org.apache.eventmesh:eventmesh-connector-rabbitmq
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 10 months ago
Critical
GSA_kwCzR0hTQS1oeDhwLTltNDgtZzc2cs4AAyiO
Ming-Soft MCMS vulnerable to SQL injection
Ecosystems: maven
Packages: net.mingsoft:ms-mcms
Source: GitHub Advisory Database
Blast Radius: 3.0
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS05cWdtLXc4N3EtaHg4Oc06zg
Unrestricted Upload of File with Dangerous Type in Strapi
Ecosystems: npm
Packages: strapi
Source: GitHub Advisory Database
Blast Radius: 35.5
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS05NjhjLW1tMjgtamZ3NM0wFg
SQL injection in net.mingsoft:ms-mcms
Ecosystems: maven
Packages: net.mingsoft:ms-mcms
Source: GitHub Advisory Database
Blast Radius: 3.0
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS03OWd2LTVjZ3gteDZyeM0-8Q
Typo3 Authentication Bypass
Ecosystems: packagist
Packages: typo3/cms
Source: GitHub Advisory Database
Blast Radius: 25.6
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS1yeGc5LXhyaHAtNjRnas4AAnr8
.NET Core Remote Code Execution Vulnerability
Ecosystems: nuget
Packages: System.Drawing.Common
Source: GitHub Advisory Database
Blast Radius: 10.9
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS1wNW0zLTI3dmgtNTJqNM4AAvit
Feather-Sequelize cleanQuery method vulnerable to Prototype Pollution
Ecosystems: npm
Packages: feathers-sequelize
Source: GitHub Advisory Database
Blast Radius: 25.1
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS1qdnh4LTh4eGYtNTQ5Nc4AAbYo
phpMyAdmin CSRF Vulnerability
Ecosystems: packagist
Packages: phpmyadmin/phpmyadmin
Source: GitHub Advisory Database
Blast Radius: 11.5
Published: almost 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJxZ3gtaHBnNC00NTZy
Use-after-free in actix-codec
Ecosystems: cargo
Packages: actix-codec
Source: GitHub Advisory Database
Blast Radius: 37.0
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS13N3FnLWo0MzUtNzhxd84AAydg
Use of hard-coded, security-relevant constants in deepset-ai/haystack
Ecosystems: pypi
Packages: farm-haystack
Source: GitHub Advisory Database
Blast Radius: 23.3
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS1md3Y0LTZteGMteDVoM84AAuh1
morgan-json vulnerable to Arbitrary Code Execution
Ecosystems: npm
Packages: morgan-json
Source: GitHub Advisory Database
Blast Radius: 21.2
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS1xZndxLWNoZjQtanZ3Z84AAUl6
karo Metacharacter Handling Remote Command Execution
Ecosystems: rubygems
Packages: karo
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS04NGczLWN2ODktbTlnbc0WQQ
Prototype pollution vulnerability in 'patchmerge'
Ecosystems: npm
Packages: patchmerge
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZ4YzItbWozOS1xNTk5
Strapi allows unauthenticated attacker to reset admin password without valid reset token
Ecosystems: npm
Packages: strapi
Source: GitHub Advisory Database
Blast Radius: 35.5
Published: over 4 years ago
Critical
GSA_kwCzR0hTQS1mcjV3LTk4bWMtamp2Z80l5Q
Arbitrary file upload in Mingsoft MCMS
Ecosystems: maven
Packages: net.mingsoft:ms-mcms
Source: GitHub Advisory Database
Blast Radius: 3.0
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS1ybXBqLTdjOTYtbXJnOM4AArin
Apache Hadoop heap overflow before v2.10.2, v3.2.3, v3.3.2
Ecosystems: maven
Packages: org.apache.hadoop:hadoop-common
Source: GitHub Advisory Database
Blast Radius: 42.6
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS1oNnIyLXBndngtNjgzY84AApjs
Lin-CMS-Flask vulnerable to Improper Authentication
Ecosystems: pypi
Packages: Lin-CMS
Source: GitHub Advisory Database
Blast Radius: 3.0
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS02Nmo4LWM4M20tZ2o1Zs4AA6wb
Apache Zeppelin remote code execution by adding malicious JDBC connection string
Ecosystems: maven
Packages: org.apache.zeppelin:zeppelin-jdbc
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 23 days ago
Critical
GSA_kwCzR0hTQS14NnI1LXZ4ZmctZ3Ezds4AAhU1
Helm Improper Certificate Validation
Ecosystems: go
Packages: helm.sh/helm
Source: GitHub Advisory Database
Blast Radius: 16.5
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS03ZzUzLWpqMjUtamhncs4AAx9K
Remote code execution in Funadmin
Ecosystems: packagist
Packages: funadmin/funadmin
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS1oZjYyLTV2eGgtanB3as4AAitU
Pimcore 2FA Vulnerable to Brute Forcing
Ecosystems: packagist
Packages: pimcore/pimcore
Source: GitHub Advisory Database
Blast Radius: 24.4
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS1ncnZxLXZqcXIteDh2bc4AA076
Code injection in webmagic-core
Ecosystems: maven
Packages: us.codecraft:webmagic-core
Source: GitHub Advisory Database
Blast Radius: 31.6
Published: 9 months ago
Critical
GSA_kwCzR0hTQS00NXg5LXE2dmotY3Fncc4AAvPr
Apache Shiro Authentication Bypass vulnerability
Ecosystems: maven
Packages: org.apache.shiro:shiro-core
Source: GitHub Advisory Database
Blast Radius: 41.9
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS05N2N2LTZwamYtNWY5cc4AAUF3
AsyncSSH SSH Server Authentication Bypass
Ecosystems: pypi
Packages: AsyncSSH
Source: GitHub Advisory Database
Blast Radius: 28.1
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS0zMmdyLXg3NmctMjY3d84AAxhv
SQL injection in webbuilders-group silverstripe-kapost-bridge
Ecosystems: packagist
Packages: webbuilders-group/silverstripe-kapost-bridge
Source: GitHub Advisory Database
Blast Radius: 6.8
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS1qNjlmLWZnaDUtZjdtY84AAwqU
iText RUPS XML External Entity vulnerability
Ecosystems: maven
Packages: com.itextpdf:itext-rups
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS03N2NjLXczd20tNndocM4AAwyB
dssp vulnerable to Improper Restriction of XML External Entity Reference
Ecosystems: maven
Packages: be.e_contract.dssp:dssp-client
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS1xMngzLTJmOWctaDU1Oc4AAyQm
Moodle's Mustache pix helper contained a potential Mustache injection risk if combined with user input
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 13.9
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS1tOHdmLXdtd2gtancybc4AAyAI
SQL Injection in Funadmin
Ecosystems: packagist
Packages: funadmin/funadmin
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXFteGYtZnhxNy13NTlm
Malicious Package in angular-material-sidenav-rnd
Ecosystems: npm
Packages: angular-material-sidenav-rnd
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTMzcnYtbTJncC1tbTJy
Prototype pollution in safe-flat
Ecosystems: npm
Packages: safe-flat
Source: GitHub Advisory Database
Blast Radius: 17.4
Published: almost 3 years ago
Critical
GSA_kwCzR0hTQS1neDZyLXFjMnYtM3Azds4AA1_3
systeminformation SSID Command Injection Vulnerability
Ecosystems: npm
Packages: systeminformation
Source: GitHub Advisory Database
Blast Radius: 41.2
Published: 7 months ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJwNjgtZjc0di05d2M2
ActiveSupport potentially unintended unmarshalling of user-provided objects in MemCacheStore and RedisCacheStore
Ecosystems: rubygems
Packages: activesupport
Source: GitHub Advisory Database
Blast Radius: 60.1
Published: almost 4 years ago
Critical
GSA_kwCzR0hTQS00eHF4LXBxcGotOWZxd84AAvMB
gajira-create GitHub action vulnerable to arbitrary code execution
Ecosystems: actions
Packages: atlassian/gajira-create
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS02djU2LWNwZzYtM3JweM4AAQW7
Mercurial vulnerable to arbitrary code injection
Ecosystems: pypi
Packages: mercurial
Source: GitHub Advisory Database
Blast Radius: 31.8
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS05M203LWM2OWYtNWNmas4AAvMA
xmlquery lacks check for whether LoadURL response is in XML format, causing denial of service
Ecosystems: go
Packages: github.com/antchfx/xmlquery
Source: GitHub Advisory Database
Blast Radius: 32.5
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS05OTYzLWdtaDgtdnZtNs4AAxJN
Session fixation vulnerability in Jenkins Keycloak Authentication Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:keycloak
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWY1YzkteDlqNi04N3Fw
Prototype pollution in dotty
Ecosystems: npm
Packages: dotty
Source: GitHub Advisory Database
Blast Radius: 34.4
Published: about 3 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTR3ODItcjMyOS0zcTY3
Deserialization of Untrusted Data in jackson-databind
Ecosystems: maven
Packages: com.fasterxml.jackson.core:jackson-databind
Source: GitHub Advisory Database
Blast Radius: 52.8
Published: about 4 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWh2Z2MtbWdnZy1weHIy
Malicious Package in js-sha7
Ecosystems: npm
Packages: js-sha7
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Critical
GSA_kwCzR0hTQS14NDg3LTg2Nm0tcDhocs4AAze4
Server-Side Template Injection in Camaleon CMS
Ecosystems: rubygems
Packages: camaleon_cms
Source: GitHub Advisory Database
Blast Radius: 12.5
Published: 11 months ago
Critical
GSA_kwCzR0hTQS1wcHh4LW05MjYtZzU2Oc4AA0RP
Apache Kylin vulnerable to remote code execution
Ecosystems: maven
Packages: org.apache.kylin:kylin-server-base, org.apache.kylin:kylin-spark-project, org.apache.kylin:kylin-core-common
Source: GitHub Advisory Database
Blast Radius: 16.8
Published: 10 months ago
Critical
GSA_kwCzR0hTQS1tZnZnLXF3Y3ctcXZjOM4AAyQi
baserCMS allows any file to be uploaded
Ecosystems: packagist
Packages: baserproject/basercms
Source: GitHub Advisory Database
Blast Radius: 5.9
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS03N3h4LXJ4dmgtcTY4Ms4AAvLg
HyperSQL DataBase vulnerable to remote code execution when processing untrusted input
Ecosystems: maven
Packages: org.hsqldb:hsqldb
Source: GitHub Advisory Database
Blast Radius: 46.5
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS12cXFnLXhndjctY2Y2OM4AAYBt
Deserialization of Untrusted Data in Spring AMQP
Ecosystems: maven
Packages: org.springframework.amqp:spring-amqp
Source: GitHub Advisory Database
Blast Radius: 34.4
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS0yeHhjLTczZnYtMzZmN84AA1UC
llama-index vulnerable to arbitrary code execution
Ecosystems: pypi
Packages: llama-index
Source: GitHub Advisory Database
Blast Radius: 31.0
Published: 9 months ago
Critical
GSA_kwCzR0hTQS01cDQyLW02ZjMtaHBtas4AA1Wh
tree-kit Prototype Pollution vulnerability
Ecosystems: npm
Packages: tree-kit
Source: GitHub Advisory Database
Blast Radius: 29.9
Published: 9 months ago
Critical
GSA_kwCzR0hTQS1ycDZ4LWdndzYtOGc1Ns4AA2do
Authorization Bypass in Apache InLong
Ecosystems: maven
Packages: org.apache.inlong:manager-pojo
Source: GitHub Advisory Database
Blast Radius: 14.5
Published: 7 months ago
Critical
GSA_kwCzR0hTQS03ZzVmLXdyeDgtNWNjZs4AAxxV
GeoServer OGC Filter SQL Injection Vulnerabilities
Ecosystems: maven
Packages: org.geoserver.community:gs-jdbcconfig
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWY5OG0tcTNoci1wNXdx
Prototype Pollution in locutus
Ecosystems: npm
Packages: locutus
Source: GitHub Advisory Database
Blast Radius: 36.2
Published: almost 3 years ago
Critical
GSA_kwCzR0hTQS01d3c2LXB4NDItd2M4Nc4AApqI
SM2 Decryption Buffer Overflow
Ecosystems: cargo
Packages: openssl-src
Source: GitHub Advisory Database
Blast Radius: 34.9
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS1qajk1LTU1Y3ItOTU5N84AA1Co
Aerospike Java Client vulnerable to unsafe deserialization of server responses
Ecosystems: maven
Packages: com.aerospike:aerospike-client
Source: GitHub Advisory Database
Blast Radius: 23.2
Published: 9 months ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXFyN2otaDZnZy1qbWdj
Deserialization of Untrusted Data in jackson-databind
Ecosystems: maven
Packages: com.fasterxml.jackson.core:jackson-databind
Source: GitHub Advisory Database
Blast Radius: 52.8
Published: almost 5 years ago
Critical
GSA_kwCzR0hTQS14cnJoLWg4NnctcHdmas4AA1T6
Alluxio vulnerable to arbitrary code execution
Ecosystems: maven
Packages: org.alluxio:alluxio-parent
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 9 months ago
Critical
GSA_kwCzR0hTQS1majMyLXE2MjYtcGpqY84AA1UA
LangChain vulnerable to arbitrary code execution
Ecosystems: pypi
Packages: langchain
Source: GitHub Advisory Database
Blast Radius: 41.9
Published: 9 months ago
Critical
GSA_kwCzR0hTQS04bXA4LTI4eGgtcjQ4Ns4AAmv-
keyget vulnerable to prototype pollution
Ecosystems: npm
Packages: keyget
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS02aDhjLWd3MzMtY2ptMs4AAlcw
DevSpace vulnerable to remote code execution
Ecosystems: go
Packages: github.com/loft-sh/devspace
Source: GitHub Advisory Database
Blast Radius: 5.9
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS04ZnA5LTQzcHctNTZ2d84AA1UK
PandasAI vulnerable to arbitrary code execution
Ecosystems: pypi
Packages: pandasai
Source: GitHub Advisory Database
Blast Radius: 16.1
Published: 9 months ago
Critical
GSA_kwCzR0hTQS1mdjRtLTVqMmMtNzg3cs4AAWOg
Bacula-web SQL Injection Vulnerabilities
Ecosystems: packagist
Packages: bacula-web/bacula-web
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS13dnB2LTg1MjQtd2c2eM4AAXRX
mxGraph vulnerable to XXE attacks
Ecosystems: npm
Packages: mxgraph
Source: GitHub Advisory Database
Blast Radius: 23.5
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS05ZnEyLXg5cjYtd2ZtZs4AAq9p
Numpy Deserialization of Untrusted Data
Ecosystems: pypi
Packages: numpy
Source: GitHub Advisory Database
Blast Radius: 55.7
Published: almost 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZxcHItOW1jNS03Z2No
Command Injection in async-git
Ecosystems: npm
Packages: async-git
Source: GitHub Advisory Database
Blast Radius: 10.2
Published: about 3 years ago
Critical
GSA_kwCzR0hTQS1wdnA2LTUzcjktOHZ4aM4AAyAe
SQL Injection in Funadmin
Ecosystems: packagist
Packages: funadmin/funadmin
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS1qNjhmLThoNnAtOWg1cc0-5A
Struts ParameterInterceptor vulnerability allows remote command execution
Ecosystems: maven
Packages: org.apache.struts:struts2-core
Source: GitHub Advisory Database
Blast Radius: 37.2
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS1nM3ZmLTQ3ZnYtOGYzY84AA1QP
MrSwitch hello.js vulnerable to prototype pollution
Ecosystems: npm
Packages: hellojs
Source: GitHub Advisory Database
Blast Radius: 24.5
Published: 9 months ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTQ4N3ctcHFjbS02M2hx
Command injection in buns
Ecosystems: npm
Packages: buns
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Statistics
Advisories: 18,311
Packages: 8,276
Repositories: 1,285
Ecosystems: 12
Filter by Severity
Moderate 7,904 High 6,338 Critical 2,801 Low 981
Filter by Ecosystem
npm 952 maven 823 packagist 462 pypi 363 go 211 cargo 152 rubygems 110 nuget 49 actions 4 hex 4 swift 2
Filter by Package
magento/community-edition 27 com.fasterxml.jackson.core:jackson-databind 24 dolibarr/dolibarr 23 org.jenkins-ci.main:jenkins-core 18 net.mingsoft:ms-mcms 18 salt 16 moodle/moodle 15 com.liferay.portal:release.portal.bom 13 topthink/framework 12 mlflow 12 com.liferay.portal:release.dxp.bom 12 langchain 12 org.apache.dubbo:dubbo 12 org.apache.struts:struts2-core 11 magento/core 11 drupal/core 11 vm2 10 apache-airflow 10 phpmyadmin/phpmyadmin 9 org.xwiki.platform:xwiki-platform-oldcore 9 tensorflow 9 funadmin/funadmin 9 org.xwiki.platform:xwiki-platform-web-templates 8 shopware/platform 8 paddlepaddle 8 org.jeecgframework.boot:jeecg-boot-common 8 drupal/drupal 8 rdiffweb 8 tensorflow-gpu 8 tensorflow-cpu 8 symfony/symfony 7 gogs.io/gogs 7 rusqlite 7 studio-42/elfinder 7 org.xwiki.platform:xwiki-platform-administration-ui 7 sequelize 7 ansible 7 froxlor/froxlor 7 parse-server 6 thorsten/phpmyfaq 6 github.com/argoproj/argo-cd 6 aaptjs 6 github.com/answerdev/answer 6 ezsystems/ezpublish-kernel 6 org.jeecgframework.boot:jeecg-boot-parent 5 org.apache.activemq:activemq-client 5 django 5 centreon/centreon 5 steal 5 Pillow 5 mercurial 5 nodebb 5 ckb 5 org.xwiki.platform:xwiki-platform-web 5 Microsoft.ChakraCore 5 org.apache.shiro:shiro-core 5 org.jenkins-ci.plugins:script-security 5 org.xwiki.commons:xwiki-commons-xml 5 zendframework/zendframework 5 safe-eval 5 shopware/core 5 org.apache.inlong:manager-pojo 5 org.apache.tomcat.embed:tomcat-embed-core 5 code.gitea.io/gitea 4 PaddlePaddle 4 org.apache.inlong:manager-service 4 openssl-src 4 net.opentsdb:opentsdb 4 baserproject/basercms 4 org.xwiki.platform:xwiki-platform-appwithinminutes-ui 4 nukeviet/nukeviet 4 Django 4 apache-airflow-providers-apache-hive 4 calibreweb 4 spree_auth_devise 4 librenms/librenms 4 smallvec 4 feehi/cms 4 org.xwiki.platform:xwiki-platform-flamingo-skin-resources 4 prestashop/prestashop 4 org.apache.openmeetings:openmeetings-parent 4 org.apache.kylin:kylin-server-base 4 hermes-engine 4 nilsteampassnet/teampass 4 realms-shim 4 pyload-ng 4 org.apache.tapestry:tapestry-core 4 github.com/hashicorp/vault 4 contao/contao 4 swagger-ui 4 safer-eval 4 github.com/usememos/memos 4 messagepack-rs 4 org.eclipse.jetty:jetty-server 4 contao/core-bundle 4 org.jeecgframework.boot:jeecg-boot-base-core 4 org.cloudfoundry.identity:cloudfoundry-identity-server 4 github.com/argoproj/argo-cd/v2 4 github.com/rancher/rancher 3 rubygems-update 3 craftcms/cms 3 ibexa/core 3 github.com/hashicorp/nomad 3 github.com/dexidp/dex 3 org.xwiki.platform:xwiki-platform-panels-ui 3 codeigniter4/framework 3 org.xwiki.platform:xwiki-platform-flamingo-theme-ui 3 facade/ignition 3 id-map 3 cobbler 3 slpjs 3 typo3/cms 3 org.apache.dolphinscheduler:dolphinscheduler 3 jsrsasign 3 com.jflyfox:jflyfox_jfinal 3 slp-validate 3 log4j:log4j 3 org.zenframework.z8.dependencies.commons:log4j-1.2.17 3 org.apache.ignite:ignite-core 3 org.jeecgframework.boot:jeecg-boot-base 3 @openzeppelin/contracts-upgradeable 3 org.jenkins-ci.plugins:active-directory 3 nvflare 3 org.keycloak:keycloak-core 3 org.apache.logging.log4j:log4j-core 3 dompdf/dompdf 3 org.xwiki.platform:xwiki-platform-icon-ui 3 edu.stanford.nlp:stanford-corenlp 3 com.hazelcast:hazelcast 3 browserify-shim 3 mongoose 3 org.springframework.security:spring-security-core 3 showdoc/showdoc 3 ro.pippo:pippo-core 3 ezsystems/ezplatform-kernel 3 org.apache.hadoop:hadoop-common 3 francoisjacquet/rosariosis 3 strapi 3 impresscms/impresscms 3 codiad/codiad 3 org.apache.inlong:manager-web 3 handlebars 3 mautic/core 3 phpmailer/phpmailer 3 actix-web 3 org.apache.ozone:ozone-main 3 org.jenkins-ci.plugins.workflow:workflow-cps 3 org.apache.any23:apache-any23 3 symfony/security 3 symfony/security-core 3 com.alibaba:dubbo 3 github.com/pterodactyl/wings 3 io.undertow:undertow-core 3 org.apache.jmeter:ApacheJMeter 3 zendframework/zendframework1 3 io.dataease:dataease-plugin-common 3 github.com/go-gitea/gitea 3 org.apache.storm:storm 3 smarty/smarty 3 feathers-sequelize 3 lmdb 3 nokogiri 3 publify_core 3 org.apache.linkis:linkis 3 tribalsystems/zenario 3 org.xwiki.platform:xwiki-platform-search-ui 3 ray 3 xcb 3 pimcore/pimcore 3 org.apache.solr:solr-core 3 elefant/cms 3 modoboa 3 org.apache.solr:solr-parent 3 org.richfaces:richfaces-core 3 total4 2 pandasai 2 org.xwiki.platform:xwiki-platform-scheduler-ui 2 alextselegidis/easyappointments 2 net.bull.javamelody:javamelody-core 2 js-data 2 zendframework/zend-db 2 pdfkit 2 github.com/gofiber/fiber/v2 2 github.com/crewjam/saml 2 pyyaml 2 async-git 2 nadesiko3 2 silverstripe/framework 2 flatmap-stream 2 org.springframework.amqp:spring-amqp 2 org.apache.shiro:shiro-web 2 wwbn/avideo 2 apache-superset 2 activerecord 2 org.jenkins-ci.plugins:semantic-versioning-plugin 2 url-parse 2 xmlhttprequest-ssl 2 stack_dst 2 puma 2 openmage/magento-lts 2
Filter by Repository
https://github.com/xwiki/xwiki-platform 81 https://github.com/FasterXML/jackson-databind 24 https://github.com/jenkinsci/jenkins 17 https://github.com/Dolibarr/dolibarr 15 https://github.com/apache/airflow 14 https://github.com/saltstack/salt 14 https://github.com/PaddlePaddle/Paddle 11 https://github.com/mlflow/mlflow 11 https://github.com/ming-soft/MCMS 10 https://github.com/patriksimek/vm2 10 https://github.com/tensorflow/tensorflow 9 https://github.com/funadmin/funadmin 9 https://github.com/jeecgboot/jeecg-boot 9 https://github.com/top-think/framework 8 https://github.com/django/django 8 https://github.com/apache/inlong 8 https://github.com/langchain-ai/langchain 8 https://github.com/magento/magento2 8 https://github.com/ikus060/rdiffweb 8 https://github.com/ansible/ansible 7 https://github.com/python-pillow/Pillow 7 https://github.com/argoproj/argo-cd 7 https://github.com/gogs/gogs 7 https://github.com/Studio-42/elFinder 7 https://github.com/apache/struts 7 https://github.com/rusqlite/rusqlite 7 https://github.com/go-gitea/gitea 7 https://github.com/sequelize/sequelize 7 https://github.com/shopware/platform 6 https://github.com/xwiki/xwiki-commons 6 https://github.com/parse-community/parse-server 6 https://github.com/shenzhim/aaptjs 6 https://github.com/answerdev/answer 6 https://github.com/symfony/symfony 6 https://github.com/thorsten/phpmyfaq 6 https://github.com/moodle/moodle 5 https://github.com/apache/activemq 5 https://github.com/nervosnetwork/ckb 5 https://github.com/apache/tomcat 5 https://github.com/solidusio/solidus_auth_devise 5 https://github.com/NodeBB/NodeBB 5 https://github.com/hacksparrow/safe-eval 5 https://github.com/keycloak/keycloak 5 https://github.com/froxlor/froxlor 5 https://github.com/stealjs/steal 5 https://github.com/pippo-java/pippo 4 https://github.com/cloudfoundry/uaa 4 https://github.com/OpenTSDB/opentsdb 4 https://github.com/hwchase17/langchain 4 https://github.com/otake84/messagepack-rs 4 https://github.com/PrestaShop/PrestaShop 4 https://github.com/janeczku/calibre-web 4 https://github.com/ezsystems/ezpublish-kernel 4 https://github.com/swagger-api/swagger-ui 4 https://github.com/usememos/memos 4 https://github.com/dromara/hutool 4 https://github.com/spring-projects/spring-framework 4 https://github.com/liufee/cms 4 https://github.com/contao/contao 4 https://github.com/servo/rust-smallvec 4 https://github.com/CVEProject/cvelist 4 https://github.com/dompdf/dompdf 4 https://github.com/pyload/pyload 4 https://github.com/run-llama/llama_index 3 https://github.com/crewjam/saml 3 https://github.com/github/securitylab 3 https://github.com/feathersjs-ecosystem/feathers-sequelize 3 https://github.com/PHPMailer/PHPMailer 3 https://github.com/facebook/hermes 3 https://github.com/rubygems/rubygems 3 https://github.com/apache/shiro 3 https://github.com/dataease/dataease 3 https://github.com/chakra-core/ChakraCore 3 https://github.com/simpleledger/slpjs 3 https://github.com/twisted/twisted 3 https://github.com/pimcore/pimcore 3 https://github.com/jbroadway/elefant 3 https://github.com/thlorenz/browserify-shim 3 https://github.com/opencast/opencast 3 https://github.com/strapi/strapi 3 https://github.com/mbechler/marshalsec 3 https://github.com/apache/camel 3 https://github.com/cobbler/cobbler 3 https://github.com/hazelcast/hazelcast 3 https://github.com/denoland/deno 3 https://github.com/NVIDIA/NVFlare 3 https://github.com/smarty-php/smarty 3 https://github.com/dwisiswant0/advisory 3 https://github.com/centreon/centreon-archived 3 https://github.com/actix/actix-web 3 https://github.com/shopware/shopware 3 https://github.com/andrewhickman/id-map 3 https://github.com/TeamSeri0us/pocs 3 https://github.com/LetianYuan/My-CVE-Public-References 3 https://github.com/star7th/showdoc 3 https://github.com/craftcms/cms 3 https://github.com/jflyfox/jfinal_cms 3 https://github.com/kjur/jsrsasign 3 https://github.com/octobercms/october 3 https://github.com/nukeviet/nukeviet 3 https://github.com/baserproject/basercms 3 https://github.com/rubygems/rubygems.org 3 https://github.com/ezsystems/ezplatform-kernel 3 https://github.com/dexidp/dex 3 https://github.com/phpmyadmin/phpmyadmin 3 https://github.com/publify/publify 3 https://github.com/ImpressCMS/impresscms 3 https://github.com/facade/ignition 3 https://github.com/modoboa/modoboa 3 https://github.com/pterodactyl/wings 3 https://github.com/rancher/rancher 3 https://github.com/ibexa/core 3 https://github.com/neorazorx/facturascripts 3 https://github.com/netvl/acc_reader 2 https://github.com/ibexa/admin-ui 2 https://github.com/evmos/evmos 2 https://github.com/Automattic/mongoose 2 https://github.com/javamelody/javamelody 2 https://github.com/ADOdb/ADOdb 2 https://github.com/beego/beego 2 https://github.com/Kozea/Radicale 2 https://github.com/rochacbruno/quokka 2 https://github.com/graphite-project/graphite-web 2 https://github.com/jfinal/jfinal 2 https://github.com/intelliants/subrion 2 https://github.com/IceWhaleTech/CasaOS 2 https://github.com/MrSwitch/hello.js 2 https://github.com/josdejong/mathjs 2 https://github.com/apache/jmeter 2 https://github.com/rust-lang-nursery/failure 2 https://github.com/yaml/pyyaml 2 https://github.com/enonic/xp 2 https://github.com/jenkinsci/script-security-plugin 2 https://github.com/cockpit-hq/cockpit 2 https://github.com/mautic/mautic 2 https://github.com/TribalSystems/Zenario 2 https://github.com/russellhaering/gosaml2 2 https://github.com/keystonejs/keystone 2 https://github.com/OpenZeppelin/openzeppelin-contracts 2 https://github.com/ahdinosaur/set-in 2 https://github.com/neo4j-contrib/neo4j-apoc-procedures 2 https://github.com/sidorares/node-mysql2 2 https://github.com/rest-client/rest-client 2 https://github.com/http4s/http4s 2 https://github.com/dominictarr/libnested 2 https://github.com/unshiftio/url-parse 2 https://github.com/totaljs/framework 2 https://github.com/stanfordnlp/corenlp 2 https://github.com/HtmlUnit/htmlunit 2 https://github.com/jenkinsci/semantic-versioning-plugin 2 https://github.com/puma/puma 2 https://github.com/fluxcd/flux2 2 https://github.com/thepowersgang/stack_dst-rs 2 https://github.com/simpleledger/slp-validate.js 2 https://github.com/handlebars-lang/handlebars.js 2 https://github.com/scalyr/scalyr-agent-2 2 https://github.com/hashicorp/vault 2 https://github.com/noear/solon 2 https://github.com/js-data/js-data 2 https://github.com/Microsoft/ChakraCore 2 https://github.com/top-think/thinkphp 2 https://github.com/kubernetes/kubernetes 2 https://github.com/getgrav/grav 2 https://github.com/SAP/cloud-pysec 2 https://github.com/nats-io/jwt 2 https://github.com/moby/buildkit 2 https://github.com/qcubed/qcubed 2 https://github.com/ionicabizau/parse-url 2 https://github.com/h2database/h2database 2 https://github.com/web2py/web2py 2 https://github.com/hashicorp/go-getter 2 https://github.com/apache/kylin 2 https://github.com/gnzlbg/slice_deque 2 https://github.com/apache/karaf 2 https://github.com/markevans/dragonfly 2 https://github.com/SAP/cloud-security-client-go 2 https://github.com/Codiad/Codiad 2 https://github.com/Netflix/security-bulletins 2 https://github.com/folio-org/mod-data-export-spring 2 https://github.com/vert-x3/vertx-web 2 https://github.com/TYPO3/phar-stream-wrapper 2 https://github.com/gventuri/pandas-ai 2 https://github.com/hashicorp/nomad 2 https://github.com/benbusby/whoogle-search 2 https://github.com/michaelschwarz/Ajax.NET-Professional 2 https://github.com/openstack/python-keystoneclient 2 https://github.com/drupal/core 2 https://github.com/reem/rust-traitobject 2 https://github.com/Agoric/realms-shim 2 https://github.com/codeigniter4/CodeIgniter4 2 https://github.com/ezsystems/ezplatform-admin-ui 2 https://github.com/laurent22/joplin 2 https://github.com/dominictarr/event-stream 2 https://github.com/dfinity/agent-js 2 https://github.com/KnpLabs/snappy 2 https://github.com/omrilotan/async-git 2 https://github.com/apache/incubator-streampark 2 https://gitlab.com/francoisjacquet/rosariosis 2 https://github.com/apache/dolphinscheduler 2