Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Critical Security Advisories

Loading...
Critical
GSA_kwCzR0hTQS1yNHY0LTNqajctamMyOc4AAiSP
OpenStack Octavia Amphora-Agent not requiring Client-Certificate
Ecosystems: pypi
Packages: octavia
Source: GitHub Advisory Database
Blast Radius: 4.3
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS1mcDdoLWY5ZjUteDRxN84AAz9l
XWiki vulnerable to stored cross-site scripting via any wiki document and the displaycontent/rendercontent template
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-web-templates, org.xwiki.platform:xwiki-platform-web
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 11 months ago
Critical
GSA_kwCzR0hTQS0ycm1tLTg3djctMzRyas0wfg
Improper Restriction of XML External Entity Reference in Any23
Ecosystems: maven
Packages: org.apache.any23:apache-any23
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWhnN3ctMnBmNy1teG0y
Malicious Package in wbe3
Ecosystems: npm
Packages: wbe3
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 3 years ago
Critical
GSA_kwCzR0hTQS1xNTZoLXg5aDUtcTUzY84AArfc
Server-Side Request Forgery in kityminder
Ecosystems: npm
Packages: kityminder
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW13M3ItcGZtZy14cDky
Improper Restriction of Recursive Entity References in Apache XMLBeans
Ecosystems: maven
Packages: org.apache.xmlbeans:xmlbeans
Source: GitHub Advisory Database
Blast Radius: 35.6
Published: almost 3 years ago
Critical
GSA_kwCzR0hTQS1qM2NxLWg2dmgtZ3g3Zs4AAqj5
Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins
Ecosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS1xNXZ4LTQ0djQtZ2NoNM4AAtZv
llhttp allows HTTP Request Smuggling via Improper Delimiting of Header Fields
Ecosystems: npm
Packages: llhttp
Source: GitHub Advisory Database
Blast Radius: 6.4
Published: almost 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTNtNnItMzlwMy1qcTI1
Doorkeeper is vulnerable to replay attacks
Ecosystems: rubygems
Packages: doorkeeper
Source: GitHub Advisory Database
Blast Radius: 34.0
Published: over 6 years ago
Critical
GSA_kwCzR0hTQS00NXgzLW13N3Etd2Y3Zs3stw
elFinder Path Traversal vulnerability
Ecosystems: packagist
Packages: studio-42/elfinder
Source: GitHub Advisory Database
Blast Radius: 28.5
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS1tY3B3LWNwMzUtcDNoOM4AAh6y
OpenStack os-vif Ageing time of 0 disables linuxbridge MAC learning
Ecosystems: pypi
Packages: os-vif
Source: GitHub Advisory Database
Blast Radius: 16.4
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS1wOHEzLWg2NTItNjV2eM4AA3a2
October CMS safe mode bypass using Twig sandbox escape
Ecosystems: packagist
Packages: october/system
Source: GitHub Advisory Database
Blast Radius: 23.0
Published: 6 months ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLThnN3AtNzRoOC1oZzQ4
Denial of Service in https-proxy-agent
Ecosystems: npm
Packages: https-proxy-agent
Source: GitHub Advisory Database
Blast Radius: 56.4
Published: almost 6 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWdjNDUtajNtNS04cWZx
Server-Side Request Forgery in Feehi CMS
Ecosystems: packagist
Packages: feehi/cms
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 3 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTI3ZmotbWM4dy1qOXdn
RSA signature validation vulnerability on maleable encoded message in jsrsasign
Ecosystems: npm
Packages: jsrsasign
Source: GitHub Advisory Database
Blast Radius: 35.5
Published: about 3 years ago
Critical
GSA_kwCzR0hTQS01OHY3LTU4YzItcXdtOc4AA2Jv
phpMyFAQ Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: thorsten/phpmyfaq
Source: GitHub Advisory Database
Blast Radius: 5.5
Published: 8 months ago
Critical
GSA_kwCzR0hTQS1wcDR3LWc1cDQtODVwMs4AA2Jz
phpMyFAQ Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: thorsten/phpmyfaq
Source: GitHub Advisory Database
Blast Radius: 5.4
Published: 8 months ago
Critical
GSA_kwCzR0hTQS1ycGhjLWg1NzItMng5Zs0yuw
Cross-site Scripting in showdoc/showdoc
Ecosystems: packagist
Packages: showdoc/showdoc
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS1tNGo1LWhncXEtNWpmMs4AARcl
Insecure cookie sharing in Hawtio
Ecosystems: maven
Packages: io.hawt:project
Source: GitHub Advisory Database
Blast Radius: 2.7
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS1wM3czLTRwcG0tYzNmNs1Btg
Cross site scripting in FacturaScripts
Ecosystems: packagist
Packages: facturascripts/facturascripts
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS0zODYzLTI0NDctNjY5cM4AA35m
transformers has a Deserialization of Untrusted Data vulnerability
Ecosystems: pypi
Packages: transformers
Source: GitHub Advisory Database
Blast Radius: 40.5
Published: 5 months ago
Critical
GSA_kwCzR0hTQS1tMjY5LXdqNmctYzQ1Oc4AAb4u
PySAML2 XML external entity attack
Ecosystems: pypi
Packages: pysaml2
Source: GitHub Advisory Database
Blast Radius: 23.2
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS1mZmY4LTR3OXAtN3Y3Ns4AAbau
Command Injection in Pygments
Ecosystems: pypi
Packages: Pygments
Source: GitHub Advisory Database
Blast Radius: 43.6
Published: about 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXhtdmctdzRmOS05OXI3
XML External Entity (XXE) vulnerability in bw-calendar-engine
Ecosystems: maven
Packages: org.bedework.caleng:bw-calendar-engine
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 5 years ago
Critical
GSA_kwCzR0hTQS1teGhxLXh3M2ctcnBoY84AA74V
lobe-chat `/api/proxy` endpoint Server-Side Request Forgery vulnerability
Ecosystems: npm
Packages: @lobehub/chat
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 6 days ago
Critical
GSA_kwCzR0hTQS04d3AyLXZ4cGcteGN2cM1BJg
Cross site scripting in facturascripts
Ecosystems: packagist
Packages: neorazorx/facturascripts
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZtbTYtdzRjZi03ZjN4
Authentication Bypass For Endpoints With Anonymous Access in Opencast
Ecosystems: maven
Packages: org.opencastproject:opencast-kernel
Source: GitHub Advisory Database
Blast Radius: 13.3
Published: over 4 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWpjODMtY3BmOS1xN2M2
False-negative validation results in MINT transactions with invalid baton
Ecosystems: npm
Packages: slpjs
Source: GitHub Advisory Database
Blast Radius: 15.5
Published: about 4 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTR3OTctNTd2Mi0zdzQ0
False-negative validation results in MINT transactions with invalid baton
Ecosystems: npm
Packages: slp-validate
Source: GitHub Advisory Database
Blast Radius: 8.2
Published: about 4 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXBmajMtNTZobS1qd3E1
Template injection in cron-utils
Ecosystems: maven
Packages: com.cronutils:cron-utils
Source: GitHub Advisory Database
Blast Radius: 23.0
Published: over 3 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTY2cTktZjdmZi1tbXg2
Local file inclusion vulnerability in http4s
Ecosystems: maven
Packages: org.http4s:http4s-server_2.12
Source: GitHub Advisory Database
Blast Radius: 4.6
Published: about 4 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZqbXItamZoNy14ZzNo
False-positive validity for NFT1 genesis transactions
Ecosystems: npm
Packages: slp-validate
Source: GitHub Advisory Database
Blast Radius: 7.2
Published: almost 4 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWNjMnAtNGpoci14aGh4
False-positive validity for NFT1 genesis transactions in SLPJS
Ecosystems: npm
Packages: slpjs
Source: GitHub Advisory Database
Blast Radius: 13.5
Published: almost 4 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTYyN3AtcnI3OC05OXJq
GitLab auth uses full name instead of username as user ID, allowing impersonation
Ecosystems: go
Packages: github.com/concourse/dex, github.com/concourse/concourse
Source: GitHub Advisory Database
Blast Radius: 11.9
Published: over 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXBnY3ItN3dtNC1tY3Y2
Sensitive Data Exposure in pem
Ecosystems: npm
Packages: pem
Source: GitHub Advisory Database
Blast Radius: 35.3
Published: almost 5 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXB4OHYtaHh4eC0ycmdo
Potential Code Injection in Sprout Forms
Ecosystems: packagist
Packages: barrelstrength/sprout-forms, barrelstrength/sprout-base-email
Source: GitHub Advisory Database
Blast Radius: 8.0
Published: about 4 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXc4cmMtcGd4cS14MmNq
Negative charge in shopping cart in Shopizer
Ecosystems: maven
Packages: com.shopizer:sm-core-model
Source: GitHub Advisory Database
Blast Radius: 14.9
Published: about 4 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXdteDYtdnhjZi1jM2dy
Validation Bypass in slp-validate
Ecosystems: npm
Packages: slp-validate
Source: GitHub Advisory Database
Blast Radius: 5.4
Published: over 4 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTQyNWMtY2NmMy0zanJy
Critical severity vulnerability that affects slpjs
Ecosystems: npm
Packages: slpjs
Source: GitHub Advisory Database
Blast Radius: 10.3
Published: over 4 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXdxNHItODM0Mi1qbWM5
SQL injection in vhs (aka VHS: Fluid ViewHelpers)
Ecosystems: packagist
Packages: fluidtypo3/vhs
Source: GitHub Advisory Database
Blast Radius: 9.8
Published: about 3 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWhxbTItZ3dxZi1yNWc1
SQL injection in TYPO3 extension
Ecosystems: packagist
Packages: ecodev/newsletter
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW02Z3gtcmh2ai1maDUy
Denial of service in go-ethereum due to CVE-2020-28362
Ecosystems: go
Packages: github.com/ethereum/go-ethereum
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 3 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTg3NnItaGo0NS1mdzdn
Sandbox Breakout / Arbitrary Code Execution in safer-eval
Ecosystems: npm
Packages: safer-eval
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Critical
GSA_kwCzR0hTQS02bW1mLXY1cTctdncyd84AAqut
Asterix Heap-based Buffer Overflow
Ecosystems: pypi
Packages: asterix_decoder
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS0zcDdnLXdyZ2ctd3E0Nc4AAv0Y
GraphQL queries can expose password hashes
Ecosystems: packagist
Packages: ibexa/graphql
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS14ZnFnLXA0OGctaGg5NM4AArUB
Login timing attack in ezsystems/ezpublish-kernel
Ecosystems: packagist
Packages: ezsystems/ezpublish-kernel
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWNoaDItcnZoZy13cXdy
Malicious Package in json-serializer
Ecosystems: npm
Packages: json-serializer
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Critical
GSA_kwCzR0hTQS02N3IzLWg4OTktOXc5Nc4AArT7
Embedded Malicious Code in ctx
Ecosystems: pypi
Packages: ctx
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTg4cmMtM3A5OC1yZ3Z4
After order payment process manipulation in shopware/platform and shopware/core
Ecosystems: packagist
Packages: shopware/core, shopware/platform
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 3 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTQ1Y3AtaHBjOS04MzQ3
Malicious Package in css_transform_support
Ecosystems: npm
Packages: css_transform_support
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 3 years ago
Critical
GSA_kwCzR0hTQS1oNjNjLXh2cGYtMjY0as4AA8GG
ADOdb SQL injection vulnerability
Ecosystems: packagist
Packages: adodb/adodb-php
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 1 day ago
Critical
GSA_kwCzR0hTQS1ncDZqLXZ4NTQtNXBtZs0guA
Incorrect validation of parties IDs leaks secret keys in Secret-sharing scheme
Ecosystems: go
Packages: github.com/keep-network/keep-ecdsa
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWM3aHItajRtai1qMnc2
Verification Bypass in jsonwebtoken
Ecosystems: npm
Packages: jsonwebtoken
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 5 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWZ4NmYtZnBmdi01aG1j
Malicious Package in uploader-plugin
Ecosystems: npm
Packages: uploader-plugin
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXAyMzktOTNmNy1oNnhm
Cross-Site Scripting in swagger-ui
Ecosystems: npm
Packages: swagger-ui
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW1qanEtYzg4cS1xaHI2
Cross-Site Scripting in dompurify
Ecosystems: npm
Packages: dompurify
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Critical
GSA_kwCzR0hTQS1oM2o4LWZyNXEtOHJmcs4AAo7l
JFinal Java Deserialization Vulnerability
Ecosystems: maven
Packages: com.jfinal:jfinal
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS1oMjRjLTZwNnAtbTN2eM4AA1oF
tss-lib leaks secret keys in response to incorrectly constructed Paillier moduli
Ecosystems: go
Packages: github.com/bnb-chain/tss-lib
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 9 months ago
Critical
GSA_kwCzR0hTQS14NTYzLTZocXYtMjZtcs4AA3P0
Ibis PyArrow dependency allows arbitrary code execution when loading a malicious data file
Ecosystems: pypi
Packages: ibis-framework
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTRyeDktNThtNy1ncjh3
Malicious Package in css_transform_step
Ecosystems: npm
Packages: css_transform_step
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 3 years ago
Critical
GSA_kwCzR0hTQS05NGc3LWhwdjgtaDlxbc0bRQ
Remote code injection in Log4j
Ecosystems: maven
Packages: com.splunk.logging:splunk-library-javalogging
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWpmNTUtcmdweC1wNnJ4
Malicious Package in iie-viz
Ecosystems: npm
Packages: iie-viz
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXBybWMtNXY1dy1jNDY1
Client TLS credentials sent raw to server in npm package nats
Ecosystems: npm
Packages: nats
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 3 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTRxaHgtZzl3cC1nOW02
Failure to sanitize quotes which can lead to sql injection in squel
Ecosystems: npm
Packages: squel
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 5 years ago
Critical
GSA_kwCzR0hTQS0zMmd2LTZjZjMtd2Ntcc0ymQ
HTTP/2 DoS Attacks: Ping, Reset, and Settings Floods
Ecosystems: pypi
Packages: twisted
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS1yODR2LXFmZjgtanY1Z84AAnsE
Remote code execution in vscode-npm-script
Ecosystems: npm
Packages: vscode-npm-script
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS1mNmcyLWg3cXYtM201ds4AA5zK
Remote Code Execution by uploading a phar file using frontmatter
Ecosystems: packagist
Packages: getgrav/grav
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 months ago
Critical
GSA_kwCzR0hTQS1qZjhjLTM2dnctOTh4NM4AA8HT
Drupal core Remote Code Execution
Ecosystems: packagist
Packages: drupal/drupal
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 1 day ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLThqNmotNGgyYy1jNjVw
Arbitrary Code Execution in require-node
Ecosystems: npm
Packages: require-node
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Critical
GSA_kwCzR0hTQS04ajdjLTY4MngtcjlmMs4AA8I2
Magento RCE,XSS and other vulnerabilities
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 1 day ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTR4NngtNzgycS1qZmM0
Command Injection in node-wifi
Ecosystems: npm
Packages: node-wifi
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Critical
GSA_kwCzR0hTQS1qang3LTg0NjItdzRtNM4AA8HS
Drupal Core Insufficient Contextual Links validation leads to Remote Code Execution
Ecosystems: packagist
Packages: drupal/drupal
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 1 day ago
Critical
GSA_kwCzR0hTQS01Z21oLTg1eDgtNWN4N84AA8I0
Magento remote code execution (RCE), Cross-Site Scripting (XSS) and other vulnerabilities
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 1 day ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXEzNDgtZjkzeC05Z3g0
Lack of Input Validation in zendesk_api_client_php for Zendesk Subdomain
Ecosystems: packagist
Packages: zendesk/zendesk_api_client_php
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 3 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTU2cjktdjY1Yy0zNGpt
Malicious Package in radicjs
Ecosystems: npm
Packages: radicjs
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTg0cWotOXFmMi1xOTJy
Malicious Package in pm-controls
Ecosystems: npm
Packages: pm-controls
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZ2NTItM21ycC00NTVt
Malicious Package in m-backdoor
Ecosystems: npm
Packages: m-backdoor
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 3 years ago
Critical
GSA_kwCzR0hTQS12ZnYzLTl3NnYtMjNqcM4AAu1Q
typemap is Unmaintained
Ecosystems: cargo
Packages: typemap
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS1nNmpjLXhyYzMtNHd3cc4AAv0d
Ibexa DXP users with the Company admin role can assign any role to any user
Ecosystems: packagist
Packages: ibexa/admin-ui
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLThxaDcteHc1OC0zd3c3
Malicious Package in radic-util
Ecosystems: npm
Packages: radic-util
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTRxcWMtbXA1Zi1jY3Y0
Command Injection in bestzip
Ecosystems: npm
Packages: bestzip
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTc4ajMtN3dwbS1xaHZw
Shell Metacharacter Injection in kelredd-pruview
Ecosystems: rubygems
Packages: kelredd-pruview
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 6 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTQ2MjctdzM3My0zNzV2
Malicious Package in grunt-radical
Ecosystems: npm
Packages: grunt-radical
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXBqaDMtanY3dy05anBy
Command Injection in gm
Ecosystems: npm
Packages: gm
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTI4ZjgtaHFtYy03cGg4
Malicious Package in ember-power-timepicker
Ecosystems: npm
Packages: ember-power-timepicker
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWo4cXItcnZjdi1jcmh2
Malicious Package in electron-native-notify
Ecosystems: npm
Packages: electron-native-notify
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWYydnYtaDV4NC01N2dy
Leak of information via Store-API
Ecosystems: packagist
Packages: shopware/platform
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWM3MjItcHY1dy1jZmcy
Malicious Package in github-jquery-widgets
Ecosystems: npm
Packages: github-jquery-widgets
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXE1cHEtcGdydi1maDg5
dns-sync command injection vulnerability
Ecosystems: npm
Packages: dns-sync
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 6 years ago
Critical
GSA_kwCzR0hTQS1jdjI1LTNweHItNHE3eM4AA8Iz
Magento Open Source Security Advisory: Patch SUPEE-10975
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 1 day ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXh4dnctNDVycC0zbWoy
Deserialization Code Execution in js-yaml
Ecosystems: npm
Packages: js-yaml
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 6 years ago
Critical
GSA_kwCzR0hTQS0yNmhxLTcyODYtbWc4Zs4AA8Iy
Magento Patch SUPEE-9652 - Remote Code Execution using mail vulnerability
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 1 day ago
Critical
GSA_kwCzR0hTQS01Nmo3LTJwbTgtcmdteM4AArT_
OS Command Injection in gogs
Ecosystems: go
Packages: gogs.io/gogs
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTVqM2ctamZxMy03and4
Arbitrary JavaScript Execution in bassmaster
Ecosystems: npm
Packages: bassmaster
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 6 years ago
Critical
GSA_kwCzR0hTQS03djY4LTNwcjUtaDNjcs4AA8HF
Drupal Core Insufficient Contextual Links validation leads to Remote Code Execution
Ecosystems: packagist
Packages: drupal/core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 1 day ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJqdmotNjczcS00aGZ3
Command Injection in traceroute
Ecosystems: npm
Packages: traceroute
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Critical
GSA_kwCzR0hTQS02bWdwLXY1Y20tZ2hnNc4AA8HE
Drupal core Remote Code Execution
Ecosystems: packagist
Packages: drupal/core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 1 day ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZqZnItcDZocC1qcXF3
Command Injection in ungit
Ecosystems: npm
Packages: ungit
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXFjZmYtZmZ4My1tMjVj
Command Injection in meta-git
Ecosystems: npm
Packages: meta-git
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWNmd2MteGpmcC00NGpn
Command Injection in gnuplot
Ecosystems: npm
Packages: gnuplot
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Statistics
Advisories: 18,752
Packages: 8,375
Repositories: 1,301
Ecosystems: 12
Filter by Severity
Moderate 8,149 High 6,447 Critical 2,848 Low 1,014
Filter by Ecosystem
npm 954 maven 826 packagist 491 pypi 370 go 215 cargo 154 rubygems 110 nuget 49 actions 4 hex 4 swift 2
Filter by Package
magento/community-edition 34 com.fasterxml.jackson.core:jackson-databind 24 dolibarr/dolibarr 23 org.jenkins-ci.main:jenkins-core 18 net.mingsoft:ms-mcms 18 salt 17 moodle/moodle 15 drupal/core 14 topthink/framework 13 com.liferay.portal:release.portal.bom 13 langchain 12 com.liferay.portal:release.dxp.bom 12 mlflow 12 org.apache.dubbo:dubbo 12 magento/core 11 org.apache.struts:struts2-core 11 apache-airflow 10 drupal/drupal 10 vm2 10 funadmin/funadmin 9 phpmyadmin/phpmyadmin 9 tensorflow 9 org.xwiki.platform:xwiki-platform-oldcore 9 froxlor/froxlor 8 paddlepaddle 8 org.jeecgframework.boot:jeecg-boot-common 8 rdiffweb 8 tensorflow-cpu 8 tensorflow-gpu 8 org.xwiki.platform:xwiki-platform-web-templates 8 shopware/platform 8 studio-42/elfinder 7 rusqlite 7 sequelize 7 ansible 7 gogs.io/gogs 7 symfony/symfony 7 org.xwiki.platform:xwiki-platform-administration-ui 7 github.com/argoproj/argo-cd 6 parse-server 6 thorsten/phpmyfaq 6 ezsystems/ezpublish-kernel 6 aaptjs 6 github.com/answerdev/answer 6 mercurial 5 centreon/centreon 5 shopware/core 5 org.jeecgframework.boot:jeecg-boot-parent 5 org.apache.shiro:shiro-core 5 org.jenkins-ci.plugins:script-security 5 org.apache.activemq:activemq-client 5 steal 5 Microsoft.ChakraCore 5 mautic/core 5 org.xwiki.commons:xwiki-commons-xml 5 nodebb 5 org.xwiki.platform:xwiki-platform-web 5 prestashop/prestashop 5 safe-eval 5 ckb 5 zendframework/zendframework 5 Pillow 5 django 5 org.apache.inlong:manager-pojo 5 realms-shim 4 calibreweb 4 github.com/grafana/grafana 4 hermes-engine 4 contao/core-bundle 4 org.apache.tomcat.embed:tomcat-embed-core 4 spree_auth_devise 4 pyload-ng 4 feehi/cms 4 librenms/librenms 4 PaddlePaddle 4 org.apache.openmeetings:openmeetings-parent 4 contao/contao 4 smallvec 4 code.gitea.io/gitea 4 org.cloudfoundry.identity:cloudfoundry-identity-server 4 Django 4 github.com/hashicorp/vault 4 nilsteampassnet/teampass 4 net.opentsdb:opentsdb 4 apache-airflow-providers-apache-hive 4 org.xwiki.platform:xwiki-platform-flamingo-skin-resources 4 org.apache.inlong:manager-service 4 org.eclipse.jetty:jetty-server 4 org.jeecgframework.boot:jeecg-boot-base-core 4 swagger-ui 4 org.apache.kylin:kylin-server-base 4 org.xwiki.platform:xwiki-platform-appwithinminutes-ui 4 github.com/usememos/memos 4 baserproject/basercms 4 openssl-src 4 safer-eval 4 nukeviet/nukeviet 4 org.apache.tapestry:tapestry-core 4 github.com/argoproj/argo-cd/v2 4 messagepack-rs 4 org.apache.solr:solr-parent 3 pimcore/pimcore 3 lmdb 3 org.richfaces:richfaces-core 3 org.xwiki.platform:xwiki-platform-flamingo-theme-ui 3 org.xwiki.platform:xwiki-platform-panels-ui 3 github.com/hashicorp/nomad 3 publify_core 3 nvflare 3 org.jenkins-ci.plugins:active-directory 3 org.apache.logging.log4j:log4j-core 3 zendframework/zendframework1 3 showdoc/showdoc 3 org.zenframework.z8.dependencies.commons:log4j-1.2.17 3 ezsystems/ezplatform-kernel 3 org.apache.hadoop:hadoop-common 3 @openzeppelin/contracts-upgradeable 3 com.alibaba:dubbo 3 symfony/security-core 3 modoboa 3 log4j:log4j 3 org.apache.storm:storm 3 symfony/security 3 edu.stanford.nlp:stanford-corenlp 3 org.xwiki.platform:xwiki-platform-icon-ui 3 ro.pippo:pippo-core 3 com.hazelcast:hazelcast 3 org.keycloak:keycloak-core 3 org.apache.ozone:ozone-main 3 adodb/adodb-php 3 smarty/smarty 3 slpjs 3 strapi 3 dompdf/dompdf 3 browserify-shim 3 actix-web 3 mongoose 3 facade/ignition 3 org.apache.linkis:linkis 3 com.jflyfox:jflyfox_jfinal 3 codiad/codiad 3 jsrsasign 3 io.undertow:undertow-core 3 ibexa/core 3 org.apache.jmeter:ApacheJMeter 3 cobbler 3 org.springframework.security:spring-security-core 3 github.com/dexidp/dex 3 github.com/pterodactyl/wings 3 simplesamlphp/simplesamlphp 3 org.jenkins-ci.plugins.workflow:workflow-cps 3 io.dataease:dataease-plugin-common 3 rubygems-update 3 org.apache.any23:apache-any23 3 org.apache.solr:solr-core 3 org.xwiki.platform:xwiki-platform-search-ui 3 xcb 3 phpmailer/phpmailer 3 github.com/rancher/rancher 3 craftcms/cms 3 francoisjacquet/rosariosis 3 ray 3 codeigniter4/framework 3 org.apache.dolphinscheduler:dolphinscheduler 3 nokogiri 3 typo3/cms 3 elefant/cms 3 impresscms/impresscms 3 org.apache.ignite:ignite-core 3 id-map 3 handlebars 3 tribalsystems/zenario 3 codeigniter/framework 3 feathers-sequelize 3 github.com/go-gitea/gitea 3 org.apache.inlong:manager-web 3 org.jeecgframework.boot:jeecg-boot-base 3 slp-validate 3 async-git 2 python-keystoneclient 2 org.apache.flume.flume-ng-sources:flume-jms-source 2 llama-index 2 eslint-config-eslint 2 org.apache.inlong:manager-dao 2 org.jenkins-ci.plugins:semantic-versioning-plugin 2 github.com/sap/cloud-security-client-go 2 org.apache.shiro:shiro-web 2 apache-superset 2 mathjs 2 github.com/crewjam/saml 2 alextselegidis/easyappointments 2 github.com/russellhaering/gosaml2 2 total4 2 org.apache.derby:derby 2 laravel/framework 2 org.apache.commons:commons-configuration2 2 org.xwiki.platform:xwiki-platform-attachment-ui 2 Radicale 2 com.hazelcast.jet:hazelcast-jet 2 vyper 2
Filter by Repository
https://github.com/xwiki/xwiki-platform 81 https://github.com/FasterXML/jackson-databind 24 https://github.com/jenkinsci/jenkins 17 https://github.com/Dolibarr/dolibarr 15 https://github.com/saltstack/salt 14 https://github.com/apache/airflow 14 https://github.com/mlflow/mlflow 11 https://github.com/PaddlePaddle/Paddle 11 https://github.com/ming-soft/MCMS 10 https://github.com/patriksimek/vm2 10 https://github.com/jeecgboot/jeecg-boot 9 https://github.com/tensorflow/tensorflow 9 https://github.com/top-think/framework 9 https://github.com/funadmin/funadmin 9 https://github.com/django/django 9 https://github.com/langchain-ai/langchain 8 https://github.com/magento/magento2 8 https://github.com/apache/inlong 8 https://github.com/ikus060/rdiffweb 8 https://github.com/argoproj/argo-cd 7 https://github.com/gogs/gogs 7 https://github.com/go-gitea/gitea 7 https://github.com/python-pillow/Pillow 7 https://github.com/Studio-42/elFinder 7 https://github.com/apache/struts 7 https://github.com/sequelize/sequelize 7 https://github.com/rusqlite/rusqlite 7 https://github.com/ansible/ansible 7 https://github.com/answerdev/answer 6 https://github.com/symfony/symfony 6 https://github.com/shenzhim/aaptjs 6 https://github.com/xwiki/xwiki-commons 6 https://github.com/thorsten/phpmyfaq 6 https://github.com/parse-community/parse-server 6 https://github.com/shopware/platform 6 https://github.com/solidusio/solidus_auth_devise 5 https://github.com/froxlor/froxlor 5 https://github.com/hacksparrow/safe-eval 5 https://github.com/moodle/moodle 5 https://github.com/NodeBB/NodeBB 5 https://github.com/apache/activemq 5 https://github.com/stealjs/steal 5 https://github.com/PrestaShop/PrestaShop 5 https://github.com/dromara/hutool 5 https://github.com/nervosnetwork/ckb 5 https://github.com/keycloak/keycloak 5 https://github.com/apache/tomcat 5 https://github.com/otake84/messagepack-rs 4 https://github.com/cloudfoundry/uaa 4 https://github.com/hwchase17/langchain 4 https://github.com/janeczku/calibre-web 4 https://github.com/swagger-api/swagger-ui 4 https://github.com/liufee/cms 4 https://github.com/OpenTSDB/opentsdb 4 https://github.com/grafana/grafana 4 https://github.com/servo/rust-smallvec 4 https://github.com/ezsystems/ezpublish-kernel 4 https://github.com/usememos/memos 4 https://github.com/dompdf/dompdf 4 https://github.com/pippo-java/pippo 4 https://github.com/pyload/pyload 4 https://github.com/contao/contao 4 https://github.com/CVEProject/cvelist 4 https://github.com/spring-projects/spring-framework 4 https://github.com/centreon/centreon-archived 3 https://github.com/cobbler/cobbler 3 https://github.com/opencast/opencast 3 https://github.com/pimcore/pimcore 3 https://github.com/thlorenz/browserify-shim 3 https://github.com/shopware/shopware 3 https://github.com/rancher/rancher 3 https://github.com/facebook/hermes 3 https://github.com/star7th/showdoc 3 https://github.com/pterodactyl/wings 3 https://github.com/feathersjs-ecosystem/feathers-sequelize 3 https://github.com/ImpressCMS/impresscms 3 https://github.com/facade/ignition 3 https://github.com/PHPMailer/PHPMailer 3 https://github.com/publify/publify 3 https://github.com/smarty-php/smarty 3 https://github.com/craftcms/cms 3 https://github.com/nukeviet/nukeviet 3 https://github.com/ezsystems/ezplatform-kernel 3 https://github.com/jflyfox/jfinal_cms 3 https://github.com/simpleledger/slpjs 3 https://github.com/phpmyadmin/phpmyadmin 3 https://github.com/crewjam/saml 3 https://github.com/chakra-core/ChakraCore 3 https://github.com/dataease/dataease 3 https://github.com/NVIDIA/NVFlare 3 https://github.com/ADOdb/ADOdb 3 https://github.com/ibexa/core 3 https://github.com/rubygems/rubygems.org 3 https://github.com/andrewhickman/id-map 3 https://github.com/apache/camel 3 https://github.com/rubygems/rubygems 3 https://github.com/twisted/twisted 3 https://github.com/hazelcast/hazelcast 3 https://github.com/actix/actix-web 3 https://github.com/modoboa/modoboa 3 https://github.com/dwisiswant0/advisory 3 https://github.com/run-llama/llama_index 3 https://github.com/jbroadway/elefant 3 https://github.com/strapi/strapi 3 https://github.com/octobercms/october 3 https://github.com/denoland/deno 3 https://github.com/mautic/mautic 3 https://github.com/TeamSeri0us/pocs 3 https://github.com/baserproject/basercms 3 https://github.com/LetianYuan/My-CVE-Public-References 3 https://github.com/dexidp/dex 3 https://github.com/github/securitylab 3 https://github.com/apache/shiro 3 https://github.com/neorazorx/facturascripts 3 https://github.com/kjur/jsrsasign 3 https://github.com/mbechler/marshalsec 3 https://github.com/jmrozanec/cron-utils 2 https://github.com/pytorch/serve 2 https://github.com/sjep/array 2 https://github.com/jfinal/jfinal 2 https://github.com/OpenAPITools/openapi-generator 2 https://github.com/simpleledger/slp-validate.js 2 https://github.com/top-think/thinkphp 2 https://github.com/SAP/cloud-pysec 2 https://github.com/apache/kylin 2 https://github.com/TribalSystems/Zenario 2 https://github.com/totaljs/framework 2 https://github.com/stanfordnlp/corenlp 2 https://github.com/HtmlUnit/htmlunit 2 https://github.com/ahdinosaur/set-in 2 https://github.com/kubernetes/kubernetes 2 https://github.com/Microsoft/ChakraCore 2 https://github.com/MrSwitch/hello.js 2 https://github.com/ibexa/admin-ui 2 https://github.com/evmos/evmos 2 https://github.com/beego/beego 2 https://github.com/dominictarr/libnested 2 https://github.com/fluxcd/flux2 2 https://github.com/moby/buildkit 2 https://github.com/unshiftio/url-parse 2 https://github.com/sidorares/node-mysql2 2 https://github.com/noear/solon 2 https://github.com/h2database/h2database 2 https://github.com/firebase/php-jwt 2 https://github.com/netvl/acc_reader 2 https://github.com/rubyzip/rubyzip 2 https://github.com/russellhaering/gosaml2 2 https://github.com/jenkinsci/semantic-versioning-plugin 2 https://github.com/rest-client/rest-client 2 https://github.com/hashicorp/go-getter 2 https://github.com/qcubed/qcubed 2 https://github.com/nats-io/jwt 2 https://github.com/getgrav/grav 2 https://github.com/rochacbruno/quokka 2 https://github.com/graphite-project/graphite-web 2 https://github.com/rails/rails 2 https://github.com/uasoft-indonesia/badaso 2 https://github.com/apache/flume 2 https://github.com/Froxlor/Froxlor 2 https://github.com/TogaTech/tEnvoy 2 https://github.com/PowerJob/PowerJob 2 https://github.com/Gerapy/Gerapy 2 https://github.com/rust-random/rand 2 https://github.com/hashicorp/nomad 2 https://github.com/vert-x3/vertx-web 2 https://github.com/apache/karaf 2 https://github.com/simplesamlphp/simplesamlphp 2 https://github.com/nilsteampassnet/teampass 2 https://github.com/sparklemotion/nokogiri 2 https://gitlab.com/francoisjacquet/rosariosis 2 https://github.com/laurent22/joplin 2 https://github.com/dominictarr/event-stream 2 https://github.com/KnpLabs/snappy 2 https://github.com/apache/incubator-streampark 2 https://github.com/SAP/cloud-security-services-integration-library 2 https://github.com/skoranga/node-dns-sync 2 https://github.com/commenthol/safer-eval 2 https://github.com/SAP/cloud-security-client-go 2 https://github.com/dfinity/agent-js 2 https://github.com/jaw187/node-traceroute 2 https://github.com/WWBN/AVideo 2 https://github.com/markevans/dragonfly 2 https://github.com/nilsteampassnet/TeamPass 2 https://github.com/soketi/soketi 2 https://github.com/line/armeria 2 https://github.com/gofiber/fiber 2 https://github.com/joomla/joomla-cms 2 https://github.com/OpenZeppelin/openzeppelin-contracts-upgradeable 2 https://github.com/google/flatbuffers 2 https://github.com/benbusby/whoogle-search 2 https://github.com/gventuri/pandas-ai 2 https://github.com/nodejs/llhttp 2 https://github.com/zoujingli/ThinkAdmin 2 https://github.com/Automattic/mongoose 2 https://github.com/handlebars-lang/handlebars.js 2 https://github.com/hashicorp/vault 2 https://github.com/ionicabizau/parse-url 2 https://github.com/cockpit-hq/cockpit 2 https://github.com/keystonejs/keystone 2