Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Critical Security Advisories

Loading...
Critical
GSA_kwCzR0hTQS1wbWhjLTJnNGYtODVjZ84AA03a
Path Traversal in Apache Shiro
Ecosystems: maven
Packages: org.apache.shiro:shiro-web
Source: GitHub Advisory Database
Blast Radius: 39.6
Published: 10 months ago
Critical
GSA_kwCzR0hTQS1td2h3LTZwMjctNGNyY84AAuk7
Quarkus does not terminate HTTP requests header context
Ecosystems: maven
Packages: io.quarkus:quarkus-core-parent
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS1wNGNjLXc1OTctNmNwbc4AAui1
Cryptographically weak PRNG in `utils.generateUUID`
Ecosystems: npm
Packages: nodebb
Source: GitHub Advisory Database
Blast Radius: 4.7
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS00NXg5LXE2dmotY3Fncc4AAvPr
Apache Shiro Authentication Bypass vulnerability
Ecosystems: maven
Packages: org.apache.shiro:shiro-core
Source: GitHub Advisory Database
Blast Radius: 41.9
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS05N2N2LTZwamYtNWY5cc4AAUF3
AsyncSSH SSH Server Authentication Bypass
Ecosystems: pypi
Packages: AsyncSSH
Source: GitHub Advisory Database
Blast Radius: 28.1
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS1oZjJtLWo5OHItNGZxd80YdA
API token verification can be bypassed in NodeBB
Ecosystems: npm
Packages: nodebb
Source: GitHub Advisory Database
Blast Radius: 4.7
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS1qNjlmLWZnaDUtZjdtY84AAwqU
iText RUPS XML External Entity vulnerability
Ecosystems: maven
Packages: com.itextpdf:itext-rups
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS03N2NjLXczd20tNndocM4AAwyB
dssp vulnerable to Improper Restriction of XML External Entity Reference
Ecosystems: maven
Packages: be.e_contract.dssp:dssp-client
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS1xMngzLTJmOWctaDU1Oc4AAyQm
Moodle's Mustache pix helper contained a potential Mustache injection risk if combined with user input
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 13.9
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS1mcmczLWdwY3gtOTY4Zs4AAjE-
SwiftNIO SSL arbitrary code execution vulnerability
Ecosystems: swift
Packages: github.com/apple/swift-nio-ssl
Source: GitHub Advisory Database
Blast Radius: 29.0
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS01cXhxLXZnbW0tcTM5bc4AAvli
RCE vulnerability in Pimcore/Mail & Dynamic Text Layout
Ecosystems: packagist
Packages: pimcore/pimcore
Source: GitHub Advisory Database
Blast Radius: 24.4
Published: over 1 year ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTQyNmgtMjR2ai1xd3hm
Command Injection in npm-programmatic
Ecosystems: npm
Packages: npm-programmatic
Source: GitHub Advisory Database
Blast Radius: 29.9
Published: about 4 years ago
Critical
GSA_kwCzR0hTQS1neDZyLXFjMnYtM3Azds4AA1_3
systeminformation SSID Command Injection Vulnerability
Ecosystems: npm
Packages: systeminformation
Source: GitHub Advisory Database
Blast Radius: 41.2
Published: 8 months ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJwNjgtZjc0di05d2M2
ActiveSupport potentially unintended unmarshalling of user-provided objects in MemCacheStore and RedisCacheStore
Ecosystems: rubygems
Packages: activesupport
Source: GitHub Advisory Database
Blast Radius: 60.1
Published: almost 4 years ago
Critical
GSA_kwCzR0hTQS00eHF4LXBxcGotOWZxd84AAvMB
gajira-create GitHub action vulnerable to arbitrary code execution
Ecosystems: actions
Packages: atlassian/gajira-create
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS1ycHhnLWhnNzktaDhxOc4AAtZ0
SQL Injection in typo3 extension "LUX - TYPO3 Marketing Automation"
Ecosystems: packagist
Packages: in2code/lux
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS05M203LWM2OWYtNWNmas4AAvMA
xmlquery lacks check for whether LoadURL response is in XML format, causing denial of service
Ecosystems: go
Packages: github.com/antchfx/xmlquery
Source: GitHub Advisory Database
Blast Radius: 32.5
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS05OTYzLWdtaDgtdnZtNs4AAxJN
Session fixation vulnerability in Jenkins Keycloak Authentication Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:keycloak
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWY1YzkteDlqNi04N3Fw
Prototype pollution in dotty
Ecosystems: npm
Packages: dotty
Source: GitHub Advisory Database
Blast Radius: 34.4
Published: over 3 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTR3ODItcjMyOS0zcTY3
Deserialization of Untrusted Data in jackson-databind
Ecosystems: maven
Packages: com.fasterxml.jackson.core:jackson-databind
Source: GitHub Advisory Database
Blast Radius: 52.8
Published: about 4 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZjM2YtcDV3cC0zNG1o
OS Command Injection in async-git
Ecosystems: npm
Packages: async-git
Source: GitHub Advisory Database
Blast Radius: 10.2
Published: over 3 years ago
Critical
GSA_kwCzR0hTQS1wcHh4LW05MjYtZzU2Oc4AA0RP
Apache Kylin vulnerable to remote code execution
Ecosystems: maven
Packages: org.apache.kylin:kylin-server-base, org.apache.kylin:kylin-spark-project, org.apache.kylin:kylin-core-common
Source: GitHub Advisory Database
Blast Radius: 16.8
Published: 11 months ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXEyeHAtNzVtNy1ndjUy
Improper Input Validation in net.sf.robocode:robocode.host allows for external service interaction
Ecosystems: maven
Packages: net.sf.robocode:robocode.host
Source: GitHub Advisory Database
Blast Radius: 10.6
Published: about 5 years ago
Critical
GSA_kwCzR0hTQS1tZnZnLXF3Y3ctcXZjOM4AAyQi
baserCMS allows any file to be uploaded
Ecosystems: packagist
Packages: baserproject/basercms
Source: GitHub Advisory Database
Blast Radius: 5.9
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS03N3h4LXJ4dmgtcTY4Ms4AAvLg
HyperSQL DataBase vulnerable to remote code execution when processing untrusted input
Ecosystems: maven
Packages: org.hsqldb:hsqldb
Source: GitHub Advisory Database
Blast Radius: 46.5
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS0zM202LXE5djUtNjJyN84AA6Xq
Predictable SIF UUID Identifiers
Ecosystems: go
Packages: github.com/apptainer/sif, github.com/satori/go.uuid
Source: GitHub Advisory Database
Blast Radius: 46.3
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS05bXdmLW13NzQtOWN2Nc4AAxzN
Apache Airflow Hive Provider Improper Input Validation vulnerability
Ecosystems: pypi
Packages: apache-airflow-providers-apache-hive
Source: GitHub Advisory Database
Blast Radius: 12.5
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS01cDQyLW02ZjMtaHBtas4AA1Wh
tree-kit Prototype Pollution vulnerability
Ecosystems: npm
Packages: tree-kit
Source: GitHub Advisory Database
Blast Radius: 29.9
Published: 9 months ago
Critical
GSA_kwCzR0hTQS1ycDZ4LWdndzYtOGc1Ns4AA2do
Authorization Bypass in Apache InLong
Ecosystems: maven
Packages: org.apache.inlong:manager-pojo
Source: GitHub Advisory Database
Blast Radius: 14.5
Published: 7 months ago
Critical
GSA_kwCzR0hTQS03ZzVmLXdyeDgtNWNjZs4AAxxV
GeoServer OGC Filter SQL Injection Vulnerabilities
Ecosystems: maven
Packages: org.geoserver.community:gs-jdbcconfig
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS13YzR4LXFtcjItcmo4aM4AAu82
steal vulnerable to Prototype Pollution via alias variable
Ecosystems: npm
Packages: steal
Source: GitHub Advisory Database
Blast Radius: 25.8
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS01d3c2LXB4NDItd2M4Nc4AApqI
SM2 Decryption Buffer Overflow
Ecosystems: cargo
Packages: openssl-src
Source: GitHub Advisory Database
Blast Radius: 34.9
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS1qajk1LTU1Y3ItOTU5N84AA1Co
Aerospike Java Client vulnerable to unsafe deserialization of server responses
Ecosystems: maven
Packages: com.aerospike:aerospike-client
Source: GitHub Advisory Database
Blast Radius: 23.2
Published: 10 months ago
Critical
GSA_kwCzR0hTQS05Mmo1LTM0NTktcWdwNM4AA1T7
LangChain vulnerable to arbitrary code execution
Ecosystems: pypi
Packages: langchain
Source: GitHub Advisory Database
Blast Radius: 41.9
Published: 9 months ago
Critical
GSA_kwCzR0hTQS14cnJoLWg4NnctcHdmas4AA1T6
Alluxio vulnerable to arbitrary code execution
Ecosystems: maven
Packages: org.alluxio:alluxio-parent
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 9 months ago
Critical
GSA_kwCzR0hTQS1majMyLXE2MjYtcGpqY84AA1UA
LangChain vulnerable to arbitrary code execution
Ecosystems: pypi
Packages: langchain
Source: GitHub Advisory Database
Blast Radius: 41.9
Published: 9 months ago
Critical
GSA_kwCzR0hTQS04ODMyLTRtbTUteDJyNs4AA6Aa
discordrb OS Command Injection vulnerability
Ecosystems: rubygems
Packages: discordrb
Source: GitHub Advisory Database
Blast Radius: 24.7
Published: 2 months ago
Critical
GSA_kwCzR0hTQS02eHhyLTY0OG0tZ2NoNs4AA0ic
XWiki Platform vulnerable to cross-site request forgery (CSRF) via the REST API
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-rest-server, com.xpn.xwiki.platform:xwiki-rest, com.xpn.xwiki.platform:xwiki-core-rest-server
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 10 months ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWdjbTktY2Mzci1jNnZq
Cross-site Scripting (XSS) in Eclipse Theia
Ecosystems: npm
Packages: @theia/preview
Source: GitHub Advisory Database
Blast Radius: 22.4
Published: about 3 years ago
Critical
GSA_kwCzR0hTQS1td3hqLWc3ZnctN2hjOM4AAz_v
XWiki Platform vulnerable to reflected cross-site scripting via xredirect parameter in restore template
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-flamingo-skin-resources
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 11 months ago
Critical
GSA_kwCzR0hTQS12ZnJqLWZ2NnAtM2NwZs4AAzpG
Brook's tproxy server is vulnerable to a drive-by command injection.
Ecosystems: go
Packages: github.com/txthinking/brook
Source: GitHub Advisory Database
Blast Radius: 5.8
Published: 12 months ago
Critical
GSA_kwCzR0hTQS1qOXJjLXczd3YtZnY2Ms4AA2_R
XWiki Platform vulnerable to reflected cross-site scripting through revision parameter in content menu
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-flamingo-skin-resources
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 6 months ago
Critical
GSA_kwCzR0hTQS05OTVmLTl4NXItMnJjas4AAwCZ
Heap buffer overflow in GPU
Ecosystems: npm
Packages: electron
Source: GitHub Advisory Database
Blast Radius: 48.2
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS12MzJtLXBmOXEtcDN4Z84AA3PR
Liferay Portal XSS with `p_l_back_url_title` on edit content page
Ecosystems: maven
Packages: com.liferay.portal:release.portal.bom
Source: GitHub Advisory Database
Blast Radius: 14.7
Published: 6 months ago
Critical
GSA_kwCzR0hTQS05cTl2LXFnd3gtODRtcs4AA05R
Command injection in PaddlePaddle
Ecosystems: pypi
Packages: paddlepaddle
Source: GitHub Advisory Database
Blast Radius: 32.4
Published: 10 months ago
Critical
GSA_kwCzR0hTQS1yZjdwLTc5eHEtOHh3bc4AA4LC
PaddlePaddle command injection in _wget_download
Ecosystems: pypi
Packages: PaddlePaddle
Source: GitHub Advisory Database
Blast Radius: 32.4
Published: 4 months ago
Critical
GSA_kwCzR0hTQS1yd2h2LWh2ajItcXJxbc4AA5aN
Liferay Portal Frontend JS module's portlet.js and Liferay DXP vulnerable to Cross-site Scripting
Ecosystems: maven
Packages: com.liferay.portal:release.dxp.bom, com.liferay.portal:release.portal.bom
Source: GitHub Advisory Database
Blast Radius: 14.7
Published: 3 months ago
Critical
GSA_kwCzR0hTQS1yNThtLXY1cHItamhocc4AAxqX
Cross-site Scripting in kimai/kimai
Ecosystems: packagist
Packages: kimai/kimai
Source: GitHub Advisory Database
Blast Radius: 11.7
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS1yOHhjLXh4aDMtcTV4M84AAz_x
XWiki Platform vulnerable to reflected cross-site scripting via back and xcontinue parameters in resubmit template
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-web-templates
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 11 months ago
Critical
GSA_kwCzR0hTQS1tY3ZnLWc5d3gtdjV2eM4AAu6Y
Valine code injection vulnerability
Ecosystems: npm
Packages: valine
Source: GitHub Advisory Database
Blast Radius: 30.3
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS1xOWhnLTlxajItbXhmOc4AAz9u
XWiki Platform vulnerable to cross-site scripting via xcontinue parameter in previewactions template
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-flamingo-skin-resources
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 11 months ago
Critical
GSA_kwCzR0hTQS14cGpnLTdoeDctd2djeM4AA5aI
Liferay Portal and Liferay DXP vulnerable to Cross-site Scripting
Ecosystems: maven
Packages: com.liferay.portal:release.dxp.bom, com.liferay.portal:release.portal.bom
Source: GitHub Advisory Database
Blast Radius: 14.7
Published: 3 months ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTlqanItcXFmcC1wcHd4
remote code execution via git repo provider
Ecosystems: pypi
Packages: binderhub
Source: GitHub Advisory Database
Blast Radius: 2.9
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS04NG1tLXByamctNDl4bc4AAxci
tinymighty WikiSEO is vulnerable to cross-site scripting via modifyHTML function
Ecosystems: packagist
Packages: tinymighty/wiki-seo
Source: GitHub Advisory Database
Blast Radius: 5.8
Published: over 1 year ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXE2dzItODlocS1ocTI3
keycloak Self Stored Cross-site Scripting vulnerability
Ecosystems: maven
Packages: org.keycloak:keycloak-core
Source: GitHub Advisory Database
Blast Radius: 29.7
Published: almost 3 years ago
Critical
GSA_kwCzR0hTQS1jcDNqLTI3M3gtM2p4Y84AA329
XSS/CSRF Remote Code Execution in XWiki.ConfigurableClass
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-administration-ui
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 5 months ago
Critical
GSA_kwCzR0hTQS0zY3I1LTI0NDYtOHBnM84AA4Kt
PaddlePaddle command injection in convert_shape_compare
Ecosystems: pypi
Packages: PaddlePaddle
Source: GitHub Advisory Database
Blast Radius: 32.4
Published: 4 months ago
Critical
GSA_kwCzR0hTQS00MnE3LTk1ajctdzYybc4AA8GE
Mautic is vulnerable to XSS vulnerability
Ecosystems: packagist
Packages: mautic/core
Source: GitHub Advisory Database
Blast Radius: 4.6
Published: 1 day ago
Critical
GSA_kwCzR0hTQS14NTI1LTU0aGYteHI1M84AA74W
Blind XSS Leading to Froxlor Application Compromise
Ecosystems: packagist
Packages: froxlor/froxlor
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 days ago
Critical
GSA_kwCzR0hTQS1wZ3BqLXY4NXEtaDVmbc4AA4kU
Cross-Site Request Forgery on any API call in pyLoad may lead to admin privilege escalation
Ecosystems: pypi
Packages: pyload-ng
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 months ago
Critical
GSA_kwCzR0hTQS00NXZtLTNqMzgtN3A3OM4AA8ER
PrestaShop cross-site scripting via customer contact form in FO, through file upload
Ecosystems: packagist
Packages: prestashop/prestashop
Source: GitHub Advisory Database
Blast Radius: 2.9
Published: 2 days ago
Critical
GSA_kwCzR0hTQS1oZ3B3LTZwNGgtajZoNc4AA2-W
XWiki Platform vulnerable to remote code execution via the edit action because it lacks CSRF token
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-oldcore
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 6 months ago
Critical
GSA_kwCzR0hTQS1yNXZoLWdjM3ItcjI0d84AA63v
XWiki Platform CSRF remote code execution through the realtime HTML Converter API
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-realtime-ui
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 month ago
Critical
GSA_kwCzR0hTQS01NnhnLXdmY2MtZzgyOc4AA74j
llama-cpp-python vulnerable to Remote Code Execution by Server-Side Template Injection in Model Metadata
Ecosystems: pypi
Packages: llama-cpp-python
Source: GitHub Advisory Database
Blast Radius: 31.3
Published: 4 days ago
Critical
GSA_kwCzR0hTQS1jcnhqLWhybXAtNHJ3Zs4AAvG8
Labstack Echo Open Redirect vulnerability
Ecosystems: go
Packages: github.com/labstack/echo/v4
Source: GitHub Advisory Database
Blast Radius: 41.3
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS03M3gzLThtcmctNXI5M84AA5aE
Liferay Portal Language Override edit screen and Liferay DXP vulnerable to reflected Cross-site Scripting
Ecosystems: maven
Packages: com.liferay.portal:release.dxp.bom, com.liferay.portal:release.portal.bom
Source: GitHub Advisory Database
Blast Radius: 14.7
Published: 3 months ago
Critical
GSA_kwCzR0hTQS01NHB2LXI2MmotOXFxY84AA5aC
Liferay Portal and Liferay DXP vulnerable to reflected Cross-site Scripting
Ecosystems: maven
Packages: com.liferay.portal:release.dxp.bom, com.liferay.portal:release.portal.bom
Source: GitHub Advisory Database
Blast Radius: 14.7
Published: 3 months ago
Critical
GSA_kwCzR0hTQS05dmdxLXc1cHYtdjc3cc4AA5JF
Liferay Portal stored cross-site scripting (XSS) vulnerability
Ecosystems: maven
Packages: com.liferay.portal:release.dxp.bom, com.liferay.portal:release.portal.bom
Source: GitHub Advisory Database
Blast Radius: 14.7
Published: 3 months ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXFmY3YtNXdody03cGN3
Exposure of Sensitive Information to an Unauthorized Actor in AEgir
Ecosystems: npm
Packages: aegir
Source: GitHub Advisory Database
Blast Radius: 28.2
Published: almost 4 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWdjbTQtcTJwZy14dzg5
ipycache is vulnerable to Code Injection
Ecosystems: pypi
Packages: ipycache
Source: GitHub Advisory Database
Blast Radius: 11.7
Published: about 5 years ago
Critical
GSA_kwCzR0hTQS1nN3BjLTc5OXEtNzQzZs4AAlf2
Magento DOM-based Cross-site scripting vulnerability
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 10.5
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS14MjM0LW1nN3EtbThnOM4AAz_w
XWiki Platform vulnerable to reflected cross-site scripting via xredirect parameter in deletespace template
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-web-templates
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 11 months ago
Critical
GSA_kwCzR0hTQS02NjN3LTJ4cDMtNTczOc4AA2sD
org.xwiki.rendering:xwiki-rendering-xml Improper Neutralization of Invalid Characters in Identifiers in Web Pages vulnerability
Ecosystems: maven
Packages: org.xwiki.rendering:xwiki-rendering-xml
Source: GitHub Advisory Database
Blast Radius: 6.8
Published: 7 months ago
Critical
GSA_kwCzR0hTQS1xY2o5LWdjcGctNHcyd84AA2sL
XWiki Platform web templates vulnerable to reflected XSS in the create document form if name validation is enabled
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-web-templates
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 months ago
Critical
GSA_kwCzR0hTQS0yampxLXg1NDgtcmhwds4AAvIq
isolated-vm has vulnerable CachedDataOptions in API
Ecosystems: npm
Packages: isolated-vm
Source: GitHub Advisory Database
Blast Radius: 22.2
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS04MzRjLXgyOWMtZjQyY84AAz_t
XWiki Platform vulnerable to reflected cross-site scripting via xredirect parameter in delete template
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-flamingo-skin-resources
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 11 months ago
Critical
GSA_kwCzR0hTQS1wZ3ZoLXAzZzQtODZqd84AAxVl
AVideo contains Command injection when embedding a video link
Ecosystems: packagist
Packages: wwbn/avideo
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS00eG03LTVxNzktM2ZjaM4AAz_y
XWiki Platform vulnerable to reflected cross-site scripting via xredirect parameter in DeleteApplication page
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-appwithinminutes-ui
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 11 months ago
Critical
GSA_kwCzR0hTQS1qNWg5LTlyMzktNDNxNc4AA4K-
PaddlePaddle command injection in get_online_pass_interval
Ecosystems: pypi
Packages: PaddlePaddle
Source: GitHub Advisory Database
Blast Radius: 32.4
Published: 4 months ago
Critical
GSA_kwCzR0hTQS04anByLWZmOTItaHBmOc4AA3RO
Run Shell Command allows Cross-Site Request Forgery
Ecosystems: maven
Packages: org.xwiki.contrib:xwiki-application-admintools
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 6 months ago
Critical
GSA_kwCzR0hTQS02MndmLWgyNnYtNW01N84AA19I
Cross Site Scripting vulnerability in Dolibarr ERP CRM
Ecosystems: packagist
Packages: dolibarr/dolibarr
Source: GitHub Advisory Database
Blast Radius: 7.5
Published: 8 months ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTVjNjYtdjI5aC14amg4
XSS Cross Site Scripting
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-web, org.xwiki.platform:xwiki-platform-oldcore
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 3 years ago
Critical
GSA_kwCzR0hTQS12cXA2LXJjM2gtODNjcM4AAv_L
Tailscale Windows daemon is vulnerable to RCE via CSRF
Ecosystems: go
Packages: tailscale.com
Source: GitHub Advisory Database
Blast Radius: 19.2
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS1nODZnLWNobTgtN3IycM4AAtvI
check-spelling workflow vulnerable to token leakage via symlink attack
Ecosystems: actions
Packages: check-spelling/check-spelling
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS0zNzgzLTYydmMtanI3eM4AA8K_
ConsoleMe has an Arbitrary File Read Vulnerability via Limited Git command
Ecosystems: pypi
Packages: consoleme
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 7 hours ago
Critical
GSA_kwCzR0hTQS1xNmpwLWdjd3ctOHYyas4AAv_X
Missing Authorization in Filter Stream Converter Application of XWiki-platform
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-filter-ui
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS1wanBjLTg3bXAtNDMzMs4AArNG
Cross-site Scripting vulnerability in Mautic's tracking pixel functionality
Ecosystems: packagist
Packages: mautic/core
Source: GitHub Advisory Database
Blast Radius: 4.6
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS02NnA4LWo0NTktcnE2M84AAxiH
Pterodactyl Wings contains UNIX Symbolic Link (Symlink) Following resulting in deletion of files and directories on the host system
Ecosystems: go
Packages: github.com/pterodactyl/wings
Source: GitHub Advisory Database
Blast Radius: 2.9
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS1ncXZmLTNoZ3AtNWh4ds4AA3xA
Gradio Exposure of Sensitive Information to an Unauthorized Actor vulnerability
Ecosystems: pypi
Packages: gradio
Source: GitHub Advisory Database
Blast Radius: 39.1
Published: 5 months ago
Critical
GSA_kwCzR0hTQS1yd2hoLTZ4ODMtODR2Ns4AA4od
Cross-site Scripting in Apache superset
Ecosystems: pypi
Packages: apache-superset
Source: GitHub Advisory Database
Blast Radius: 12.9
Published: 4 months ago
Critical
GSA_kwCzR0hTQS00bThjLWg3ZnItZ3E1Y83uFw
Cloud Foundry vulnerable to Cross-Site Request Forgery
Ecosystems: maven
Packages: org.cloudfoundry.identity:cloudfoundry-identity-server
Source: GitHub Advisory Database
Blast Radius: 11.3
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS05NHc5LTk3cDMtcDM2OM4AA2gP
CSRF Token Reuse Vulnerability
Ecosystems: go
Packages: github.com/gofiber/fiber/v2
Source: GitHub Advisory Database
Blast Radius: 35.7
Published: 7 months ago
Critical
GSA_kwCzR0hTQS1nOWN2LXYzdjQtM2g4cs4AA0pM
Apache Pulsar Incorrect Authorization vulnerability
Ecosystems: maven
Packages: org.apache.pulsar:pulsar
Source: GitHub Advisory Database
Blast Radius: 5.8
Published: 10 months ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWg2bTctajRoMy05cmY1
Remote Code Execution in SyliusResourceBundle
Ecosystems: packagist
Packages: sylius/resource-bundle
Source: GitHub Advisory Database
Blast Radius: 25.9
Published: over 3 years ago
Critical
GSA_kwCzR0hTQS04d3d3LWNmZmgtNHE5OM4AA08I
Anyone with a share link can RESET all website data in Umami
Ecosystems: npm
Packages: umami
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 10 months ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTcybWgtMjY5eC03bWg1
Improper Certificate Validation in xmlhttprequest-ssl
Ecosystems: npm
Packages: xmlhttprequest-ssl
Source: GitHub Advisory Database
Blast Radius: 56.7
Published: almost 3 years ago
Critical
GSA_kwCzR0hTQS12Z3Y4LTVjcGotcWoyZs4AA5bL
pymatgen vulnerable to arbitrary code execution when parsing a maliciously crafted JonesFaithfulTransformation transformation_string
Ecosystems: pypi
Packages: pymatgen
Source: GitHub Advisory Database
Blast Radius: 25.0
Published: 3 months ago
Critical
GSA_kwCzR0hTQS03dmY0LXg1bTItcjZncs4AA7QP
OpenMetadata vulnerable to SpEL Injection in `PUT /api/v1/policies` (`GHSL-2023-252`)
Ecosystems: maven
Packages: org.open-metadata:openmetadata-service
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 23 days ago
Critical
GSA_kwCzR0hTQS1mbWc0LXg4cHctaGpoZ84AA5dK
Fiber has Insecure CORS Configuration, Allowing Wildcard Origin with Credentials
Ecosystems: go
Packages: github.com/gofiber/fiber/v2
Source: GitHub Advisory Database
Blast Radius: 34.9
Published: 3 months ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXI2angtOWc0OC0ycjVy
Arbitrary code execution due to YAML deserialization
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 45.8
Published: over 2 years ago
Statistics
Advisories: 18,752
Packages: 8,375
Repositories: 1,301
Ecosystems: 12
Filter by Severity
Moderate 8,149 High 6,447 Critical 2,848 Low 1,014
Filter by Ecosystem
npm 954 maven 826 packagist 491 pypi 370 go 215 cargo 154 rubygems 110 nuget 49 actions 4 hex 4 swift 2
Filter by Package
magento/community-edition 34 com.fasterxml.jackson.core:jackson-databind 24 dolibarr/dolibarr 23 org.jenkins-ci.main:jenkins-core 18 net.mingsoft:ms-mcms 18 salt 17 moodle/moodle 15 drupal/core 14 topthink/framework 13 com.liferay.portal:release.portal.bom 13 langchain 12 com.liferay.portal:release.dxp.bom 12 mlflow 12 org.apache.dubbo:dubbo 12 magento/core 11 org.apache.struts:struts2-core 11 apache-airflow 10 drupal/drupal 10 vm2 10 funadmin/funadmin 9 phpmyadmin/phpmyadmin 9 tensorflow 9 org.xwiki.platform:xwiki-platform-oldcore 9 froxlor/froxlor 8 paddlepaddle 8 org.jeecgframework.boot:jeecg-boot-common 8 rdiffweb 8 tensorflow-cpu 8 tensorflow-gpu 8 org.xwiki.platform:xwiki-platform-web-templates 8 shopware/platform 8 studio-42/elfinder 7 rusqlite 7 sequelize 7 ansible 7 gogs.io/gogs 7 symfony/symfony 7 org.xwiki.platform:xwiki-platform-administration-ui 7 github.com/argoproj/argo-cd 6 parse-server 6 thorsten/phpmyfaq 6 ezsystems/ezpublish-kernel 6 aaptjs 6 github.com/answerdev/answer 6 mercurial 5 centreon/centreon 5 shopware/core 5 org.jeecgframework.boot:jeecg-boot-parent 5 org.apache.shiro:shiro-core 5 org.jenkins-ci.plugins:script-security 5 org.apache.activemq:activemq-client 5 steal 5 Microsoft.ChakraCore 5 mautic/core 5 org.xwiki.commons:xwiki-commons-xml 5 nodebb 5 org.xwiki.platform:xwiki-platform-web 5 prestashop/prestashop 5 safe-eval 5 ckb 5 zendframework/zendframework 5 Pillow 5 django 5 org.apache.inlong:manager-pojo 5 realms-shim 4 calibreweb 4 github.com/grafana/grafana 4 hermes-engine 4 contao/core-bundle 4 org.apache.tomcat.embed:tomcat-embed-core 4 spree_auth_devise 4 pyload-ng 4 feehi/cms 4 librenms/librenms 4 PaddlePaddle 4 org.apache.openmeetings:openmeetings-parent 4 contao/contao 4 smallvec 4 code.gitea.io/gitea 4 org.cloudfoundry.identity:cloudfoundry-identity-server 4 Django 4 github.com/hashicorp/vault 4 nilsteampassnet/teampass 4 net.opentsdb:opentsdb 4 apache-airflow-providers-apache-hive 4 org.xwiki.platform:xwiki-platform-flamingo-skin-resources 4 org.apache.inlong:manager-service 4 org.eclipse.jetty:jetty-server 4 org.jeecgframework.boot:jeecg-boot-base-core 4 swagger-ui 4 org.apache.kylin:kylin-server-base 4 org.xwiki.platform:xwiki-platform-appwithinminutes-ui 4 github.com/usememos/memos 4 baserproject/basercms 4 openssl-src 4 safer-eval 4 nukeviet/nukeviet 4 org.apache.tapestry:tapestry-core 4 github.com/argoproj/argo-cd/v2 4 messagepack-rs 4 org.apache.solr:solr-parent 3 pimcore/pimcore 3 lmdb 3 org.richfaces:richfaces-core 3 org.xwiki.platform:xwiki-platform-flamingo-theme-ui 3 org.xwiki.platform:xwiki-platform-panels-ui 3 github.com/hashicorp/nomad 3 publify_core 3 nvflare 3 org.jenkins-ci.plugins:active-directory 3 org.apache.logging.log4j:log4j-core 3 zendframework/zendframework1 3 showdoc/showdoc 3 org.zenframework.z8.dependencies.commons:log4j-1.2.17 3 ezsystems/ezplatform-kernel 3 org.apache.hadoop:hadoop-common 3 @openzeppelin/contracts-upgradeable 3 com.alibaba:dubbo 3 symfony/security-core 3 modoboa 3 log4j:log4j 3 org.apache.storm:storm 3 symfony/security 3 edu.stanford.nlp:stanford-corenlp 3 org.xwiki.platform:xwiki-platform-icon-ui 3 ro.pippo:pippo-core 3 com.hazelcast:hazelcast 3 org.keycloak:keycloak-core 3 org.apache.ozone:ozone-main 3 adodb/adodb-php 3 smarty/smarty 3 slpjs 3 strapi 3 dompdf/dompdf 3 browserify-shim 3 actix-web 3 mongoose 3 facade/ignition 3 org.apache.linkis:linkis 3 com.jflyfox:jflyfox_jfinal 3 codiad/codiad 3 jsrsasign 3 io.undertow:undertow-core 3 ibexa/core 3 org.apache.jmeter:ApacheJMeter 3 cobbler 3 org.springframework.security:spring-security-core 3 github.com/dexidp/dex 3 github.com/pterodactyl/wings 3 simplesamlphp/simplesamlphp 3 org.jenkins-ci.plugins.workflow:workflow-cps 3 io.dataease:dataease-plugin-common 3 rubygems-update 3 org.apache.any23:apache-any23 3 org.apache.solr:solr-core 3 org.xwiki.platform:xwiki-platform-search-ui 3 xcb 3 phpmailer/phpmailer 3 github.com/rancher/rancher 3 craftcms/cms 3 francoisjacquet/rosariosis 3 ray 3 codeigniter4/framework 3 org.apache.dolphinscheduler:dolphinscheduler 3 nokogiri 3 typo3/cms 3 elefant/cms 3 impresscms/impresscms 3 org.apache.ignite:ignite-core 3 id-map 3 handlebars 3 tribalsystems/zenario 3 codeigniter/framework 3 feathers-sequelize 3 github.com/go-gitea/gitea 3 org.apache.inlong:manager-web 3 org.jeecgframework.boot:jeecg-boot-base 3 slp-validate 3 async-git 2 python-keystoneclient 2 org.apache.flume.flume-ng-sources:flume-jms-source 2 llama-index 2 eslint-config-eslint 2 org.apache.inlong:manager-dao 2 org.jenkins-ci.plugins:semantic-versioning-plugin 2 github.com/sap/cloud-security-client-go 2 org.apache.shiro:shiro-web 2 apache-superset 2 mathjs 2 github.com/crewjam/saml 2 alextselegidis/easyappointments 2 github.com/russellhaering/gosaml2 2 total4 2 org.apache.derby:derby 2 laravel/framework 2 org.apache.commons:commons-configuration2 2 org.xwiki.platform:xwiki-platform-attachment-ui 2 Radicale 2 com.hazelcast.jet:hazelcast-jet 2 vyper 2
Filter by Repository
https://github.com/xwiki/xwiki-platform 81 https://github.com/FasterXML/jackson-databind 24 https://github.com/jenkinsci/jenkins 17 https://github.com/Dolibarr/dolibarr 15 https://github.com/saltstack/salt 14 https://github.com/apache/airflow 14 https://github.com/mlflow/mlflow 11 https://github.com/PaddlePaddle/Paddle 11 https://github.com/ming-soft/MCMS 10 https://github.com/patriksimek/vm2 10 https://github.com/jeecgboot/jeecg-boot 9 https://github.com/tensorflow/tensorflow 9 https://github.com/top-think/framework 9 https://github.com/funadmin/funadmin 9 https://github.com/django/django 9 https://github.com/langchain-ai/langchain 8 https://github.com/magento/magento2 8 https://github.com/apache/inlong 8 https://github.com/ikus060/rdiffweb 8 https://github.com/argoproj/argo-cd 7 https://github.com/gogs/gogs 7 https://github.com/go-gitea/gitea 7 https://github.com/python-pillow/Pillow 7 https://github.com/Studio-42/elFinder 7 https://github.com/apache/struts 7 https://github.com/sequelize/sequelize 7 https://github.com/rusqlite/rusqlite 7 https://github.com/ansible/ansible 7 https://github.com/answerdev/answer 6 https://github.com/symfony/symfony 6 https://github.com/shenzhim/aaptjs 6 https://github.com/xwiki/xwiki-commons 6 https://github.com/thorsten/phpmyfaq 6 https://github.com/parse-community/parse-server 6 https://github.com/shopware/platform 6 https://github.com/solidusio/solidus_auth_devise 5 https://github.com/froxlor/froxlor 5 https://github.com/hacksparrow/safe-eval 5 https://github.com/moodle/moodle 5 https://github.com/NodeBB/NodeBB 5 https://github.com/apache/activemq 5 https://github.com/stealjs/steal 5 https://github.com/PrestaShop/PrestaShop 5 https://github.com/dromara/hutool 5 https://github.com/nervosnetwork/ckb 5 https://github.com/keycloak/keycloak 5 https://github.com/apache/tomcat 5 https://github.com/otake84/messagepack-rs 4 https://github.com/cloudfoundry/uaa 4 https://github.com/hwchase17/langchain 4 https://github.com/janeczku/calibre-web 4 https://github.com/swagger-api/swagger-ui 4 https://github.com/liufee/cms 4 https://github.com/OpenTSDB/opentsdb 4 https://github.com/grafana/grafana 4 https://github.com/servo/rust-smallvec 4 https://github.com/ezsystems/ezpublish-kernel 4 https://github.com/usememos/memos 4 https://github.com/dompdf/dompdf 4 https://github.com/pippo-java/pippo 4 https://github.com/pyload/pyload 4 https://github.com/contao/contao 4 https://github.com/CVEProject/cvelist 4 https://github.com/spring-projects/spring-framework 4 https://github.com/centreon/centreon-archived 3 https://github.com/cobbler/cobbler 3 https://github.com/opencast/opencast 3 https://github.com/pimcore/pimcore 3 https://github.com/thlorenz/browserify-shim 3 https://github.com/shopware/shopware 3 https://github.com/rancher/rancher 3 https://github.com/facebook/hermes 3 https://github.com/star7th/showdoc 3 https://github.com/pterodactyl/wings 3 https://github.com/feathersjs-ecosystem/feathers-sequelize 3 https://github.com/ImpressCMS/impresscms 3 https://github.com/facade/ignition 3 https://github.com/PHPMailer/PHPMailer 3 https://github.com/publify/publify 3 https://github.com/smarty-php/smarty 3 https://github.com/craftcms/cms 3 https://github.com/nukeviet/nukeviet 3 https://github.com/ezsystems/ezplatform-kernel 3 https://github.com/jflyfox/jfinal_cms 3 https://github.com/simpleledger/slpjs 3 https://github.com/phpmyadmin/phpmyadmin 3 https://github.com/crewjam/saml 3 https://github.com/chakra-core/ChakraCore 3 https://github.com/dataease/dataease 3 https://github.com/NVIDIA/NVFlare 3 https://github.com/ADOdb/ADOdb 3 https://github.com/ibexa/core 3 https://github.com/rubygems/rubygems.org 3 https://github.com/andrewhickman/id-map 3 https://github.com/apache/camel 3 https://github.com/rubygems/rubygems 3 https://github.com/twisted/twisted 3 https://github.com/hazelcast/hazelcast 3 https://github.com/actix/actix-web 3 https://github.com/modoboa/modoboa 3 https://github.com/dwisiswant0/advisory 3 https://github.com/run-llama/llama_index 3 https://github.com/jbroadway/elefant 3 https://github.com/strapi/strapi 3 https://github.com/octobercms/october 3 https://github.com/denoland/deno 3 https://github.com/mautic/mautic 3 https://github.com/TeamSeri0us/pocs 3 https://github.com/baserproject/basercms 3 https://github.com/LetianYuan/My-CVE-Public-References 3 https://github.com/dexidp/dex 3 https://github.com/github/securitylab 3 https://github.com/apache/shiro 3 https://github.com/neorazorx/facturascripts 3 https://github.com/kjur/jsrsasign 3 https://github.com/mbechler/marshalsec 3 https://github.com/jmrozanec/cron-utils 2 https://github.com/pytorch/serve 2 https://github.com/sjep/array 2 https://github.com/jfinal/jfinal 2 https://github.com/OpenAPITools/openapi-generator 2 https://github.com/simpleledger/slp-validate.js 2 https://github.com/top-think/thinkphp 2 https://github.com/SAP/cloud-pysec 2 https://github.com/apache/kylin 2 https://github.com/TribalSystems/Zenario 2 https://github.com/totaljs/framework 2 https://github.com/stanfordnlp/corenlp 2 https://github.com/HtmlUnit/htmlunit 2 https://github.com/ahdinosaur/set-in 2 https://github.com/kubernetes/kubernetes 2 https://github.com/Microsoft/ChakraCore 2 https://github.com/MrSwitch/hello.js 2 https://github.com/ibexa/admin-ui 2 https://github.com/evmos/evmos 2 https://github.com/beego/beego 2 https://github.com/dominictarr/libnested 2 https://github.com/fluxcd/flux2 2 https://github.com/moby/buildkit 2 https://github.com/unshiftio/url-parse 2 https://github.com/sidorares/node-mysql2 2 https://github.com/noear/solon 2 https://github.com/h2database/h2database 2 https://github.com/firebase/php-jwt 2 https://github.com/netvl/acc_reader 2 https://github.com/rubyzip/rubyzip 2 https://github.com/russellhaering/gosaml2 2 https://github.com/jenkinsci/semantic-versioning-plugin 2 https://github.com/rest-client/rest-client 2 https://github.com/hashicorp/go-getter 2 https://github.com/qcubed/qcubed 2 https://github.com/nats-io/jwt 2 https://github.com/getgrav/grav 2 https://github.com/rochacbruno/quokka 2 https://github.com/graphite-project/graphite-web 2 https://github.com/rails/rails 2 https://github.com/uasoft-indonesia/badaso 2 https://github.com/apache/flume 2 https://github.com/Froxlor/Froxlor 2 https://github.com/TogaTech/tEnvoy 2 https://github.com/PowerJob/PowerJob 2 https://github.com/Gerapy/Gerapy 2 https://github.com/rust-random/rand 2 https://github.com/hashicorp/nomad 2 https://github.com/vert-x3/vertx-web 2 https://github.com/apache/karaf 2 https://github.com/simplesamlphp/simplesamlphp 2 https://github.com/nilsteampassnet/teampass 2 https://github.com/sparklemotion/nokogiri 2 https://gitlab.com/francoisjacquet/rosariosis 2 https://github.com/laurent22/joplin 2 https://github.com/dominictarr/event-stream 2 https://github.com/KnpLabs/snappy 2 https://github.com/apache/incubator-streampark 2 https://github.com/SAP/cloud-security-services-integration-library 2 https://github.com/skoranga/node-dns-sync 2 https://github.com/commenthol/safer-eval 2 https://github.com/SAP/cloud-security-client-go 2 https://github.com/dfinity/agent-js 2 https://github.com/jaw187/node-traceroute 2 https://github.com/WWBN/AVideo 2 https://github.com/markevans/dragonfly 2 https://github.com/nilsteampassnet/TeamPass 2 https://github.com/soketi/soketi 2 https://github.com/line/armeria 2 https://github.com/gofiber/fiber 2 https://github.com/joomla/joomla-cms 2 https://github.com/OpenZeppelin/openzeppelin-contracts-upgradeable 2 https://github.com/google/flatbuffers 2 https://github.com/benbusby/whoogle-search 2 https://github.com/gventuri/pandas-ai 2 https://github.com/nodejs/llhttp 2 https://github.com/zoujingli/ThinkAdmin 2 https://github.com/Automattic/mongoose 2 https://github.com/handlebars-lang/handlebars.js 2 https://github.com/hashicorp/vault 2 https://github.com/ionicabizau/parse-url 2 https://github.com/cockpit-hq/cockpit 2 https://github.com/keystonejs/keystone 2