Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Critical Security Advisories

Loading...
Critical
GSA_kwCzR0hTQS1jY2hxLWZyZ3YtcmpoNc4AA0sM
vm2 Sandbox Escape vulnerability
Ecosystems: npm
Packages: vm2
Source: GitHub Advisory Database
Blast Radius: 46.2
Published: 10 months ago
Critical
GSA_kwCzR0hTQS13aHBqLThmM3ctNjdwNc4AAzV1
vm2 Sandbox Escape vulnerability
Ecosystems: npm
Packages: vm2
Source: GitHub Advisory Database
Blast Radius: 46.2
Published: 12 months ago
Critical
GSA_kwCzR0hTQS1nNjQ0LTlnZngtcTRxNM4AA0sL
vm2 Sandbox Escape vulnerability
Ecosystems: npm
Packages: vm2
Source: GitHub Advisory Database
Blast Radius: 46.2
Published: 10 months ago
Critical
GSA_kwCzR0hTQS00dzJqLTJyZzQtNW1qd84AAweA
vm2 vulnerable to Arbitrary Code Execution
Ecosystems: npm
Packages: vm2
Source: GitHub Advisory Database
Blast Radius: 46.2
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS14ajcyLXd2ZnYtODk4Nc4AAyu7
vm2 Sandbox Escape vulnerability
Ecosystems: npm
Packages: vm2
Source: GitHub Advisory Database
Blast Radius: 46.2
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS1meDR3LXY0M2otdmM0Nc4AAtGB
SQL injection in typeORM
Ecosystems: npm
Packages: typeorm
Source: GitHub Advisory Database
Blast Radius: 46.2
Published: almost 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXBmMmotOXFtcC1qcXIy
TypeORM vulnerable to MAID and Prototype Pollution
Ecosystems: npm
Packages: typeorm
Source: GitHub Advisory Database
Blast Radius: 46.2
Published: almost 3 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWozNzktOWpyOS13NWNx
XML External Entity (XXE) vulnerability in Square Retrofit
Ecosystems: maven
Packages: com.squareup.retrofit2:retrofit
Source: GitHub Advisory Database
Blast Radius: 45.8
Published: over 5 years ago
Critical
GSA_kwCzR0hTQS1oNmd3LXI1MmMtNzI0cs0oig
NULL Pointer Dereference and Access of Uninitialized Pointer in TensorFlow
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 45.8
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS01N3d4LW05ODMtMmY4OM0XCw
Incomplete validation in boosted trees code
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 45.8
Published: over 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXI2angtOWc0OC0ycjVy
Arbitrary code execution due to YAML deserialization
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 45.8
Published: over 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTVqY2YtYzVyZy1ybW04
paperclip Server-Side Request Forgery vulnerability
Ecosystems: rubygems
Packages: paperclip
Source: GitHub Advisory Database
Blast Radius: 45.7
Published: over 6 years ago
Critical
GSA_kwCzR0hTQS13dmo1LXI3OHItaGhmcc4AAWjw
Symfony Authentication Bypass
Ecosystems: packagist
Packages: symfony/symfony, symfony/security, symfony/security-core
Source: GitHub Advisory Database
Blast Radius: 45.6
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS0zNWM1LTI4cGctMnFnNM4AAWke
Symfony Authentication Bypass
Ecosystems: packagist
Packages: symfony/symfony, symfony/security, symfony/security-core
Source: GitHub Advisory Database
Blast Radius: 45.6
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS1xODd2LXE4ZnctZ21qNc4AAgyh
Symfony Incorrect Access Control
Ecosystems: packagist
Packages: symfony/symfony, symfony/security, symfony/security-core
Source: GitHub Advisory Database
Blast Radius: 45.6
Published: almost 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXI5NmMtNTdwZi05ampt
Prototype Pollution in node.extend
Ecosystems: npm
Packages: node.extend
Source: GitHub Advisory Database
Blast Radius: 45.6
Published: about 5 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWNnNzUtNjkzOC13eDU4
python-docutils allows insecure usage of temporary files
Ecosystems: pypi
Packages: docutils
Source: GitHub Advisory Database
Blast Radius: 45.6
Published: about 4 years ago
Critical
GSA_kwCzR0hTQS1oaDMyLTczNDQtY2cyZs4AAgbh
Authorization bypass in Spring Security
Ecosystems: maven
Packages: org.springframework.security:spring-security-core
Source: GitHub Advisory Database
Blast Radius: 45.5
Published: almost 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXdtdjQtNXc3Ni12cDln
Authorization Bypass in Spring Security
Ecosystems: maven
Packages: org.springframework.security:spring-security-core
Source: GitHub Advisory Database
Blast Radius: 45.5
Published: over 3 years ago
Critical
GSA_kwCzR0hTQS1tbW1oLXdjeG0tMndyNM4AAvnr
Spring Security authorization rules can be bypassed via forward or include dispatcher types
Ecosystems: maven
Packages: org.springframework.security:spring-security-core
Source: GitHub Advisory Database
Blast Radius: 45.5
Published: over 1 year ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWZnNDctM2MyeC1tMndy
TimelockController vulnerability in OpenZeppelin Contracts
Ecosystems: npm
Packages: @openzeppelin/contracts
Source: GitHub Advisory Database
Blast Radius: 45.4
Published: over 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZyaHgtaHF4bS04cDM2
Double free in http
Ecosystems: cargo
Packages: http
Source: GitHub Advisory Database
Blast Radius: 45.4
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS04cXY1LTY4ZzQtMjQ4as4AAvC6
Scala subject to file deletion, code execution due to Java deserialization chain with LazyList object deserialization
Ecosystems: maven
Packages: org.scala-lang:scala-library
Source: GitHub Advisory Database
Blast Radius: 45.4
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS05ajU5LTc1cWotNzk1d80yIg
Path traversal in Pillow
Ecosystems: pypi
Packages: Pillow
Source: GitHub Advisory Database
Blast Radius: 45.0
Published: about 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJ3djctM3Y0NS1oZzI5
Out-of-bounds Read
Ecosystems: pypi
Packages: Pillow
Source: GitHub Advisory Database
Blast Radius: 45.0
Published: almost 3 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTc3Z2MtdjJ4di1ydnZo
Out-of-bounds Read in Pillow
Ecosystems: pypi
Packages: Pillow
Source: GitHub Advisory Database
Blast Radius: 45.0
Published: almost 3 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWgzcXItcnEyai03NHc0
HTTP Request Smuggling in hyper
Ecosystems: cargo
Packages: hyper
Source: GitHub Advisory Database
Blast Radius: 44.9
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS03cmpyLTNxNTUtdnYzM80bQA
Incomplete fix for Apache Log4j vulnerability
Ecosystems: maven
Packages: org.apache.logging.log4j:log4j-core
Source: GitHub Advisory Database
Blast Radius: 44.8
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS1mYzd4LTJjbWMtOGoyZ80fkw
Incorrect hash in sha2
Ecosystems: cargo
Packages: sha2
Source: GitHub Advisory Database
Blast Radius: 44.8
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS14N20zLWpwcmctd2M1Z84AA2Bl
Gevent allows remote attacker to escalate privileges
Ecosystems: pypi
Packages: gevent
Source: GitHub Advisory Database
Blast Radius: 44.7
Published: 7 months ago
Critical
GSA_kwCzR0hTQS01YzVmLTd2ZnEtMzczMs4AArZl
JMESPath for Ruby uses unsafe JSON.load when safe JSON.parse is preferable
Ecosystems: rubygems
Packages: jmespath
Source: GitHub Advisory Database
Blast Radius: 44.7
Published: almost 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXc0cmMtcngyNS04bTg2
Improper Input Validation in Symfony
Ecosystems: packagist
Packages: symfony/var-exporter, symfony/symfony
Source: GitHub Advisory Database
Blast Radius: 44.6
Published: about 4 years ago
Critical
GSA_kwCzR0hTQS01dnAzLXY0aGMtZ3g3Ns0VxA
UUPSUpgradeable vulnerability in @openzeppelin/contracts
Ecosystems: npm
Packages: @openzeppelin/contracts-upgradeable, @openzeppelin/contracts
Source: GitHub Advisory Database
Blast Radius: 44.5
Published: over 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZnZzgtNzJmMi1xbTIz
Critical severity vulnerability that affects org.eclipse.jetty:jetty-server
Ecosystems: maven
Packages: org.eclipse.jetty:jetty-server
Source: GitHub Advisory Database
Blast Radius: 44.5
Published: over 5 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZ4OXgtOHF3OS05cHA2
Jetty vulnerable to authorization bypass due to inconsistent HTTP request handling (HTTP Request Smuggling)
Ecosystems: maven
Packages: org.eclipse.jetty:jetty-server
Source: GitHub Advisory Database
Blast Radius: 44.5
Published: over 5 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTg3MmctMmg4aC0zNjJx
Jetty contains an alias issue that could allow unauthenticated remote code execution due to specially crafted request
Ecosystems: maven
Packages: org.eclipse.jetty:jetty-server
Source: GitHub Advisory Database
Blast Radius: 44.5
Published: over 5 years ago
Critical
GSA_kwCzR0hTQS03Y2ZxLTcydzItMjRxNM4AA1_W
Yii2 allows attackers to execute any local .php file via a relative path in the view parameter
Ecosystems: packagist
Packages: yiisoft/yii2
Source: GitHub Advisory Database
Blast Radius: 44.4
Published: 8 months ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWg2ZmctbWp4Zy1ocXE0
Integer truncation in Shard API usage
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 44.3
Published: over 3 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXc1Z2gtMndyMi1wbTZn
Denial of Service in Tensorflow
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 44.3
Published: over 3 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWc3cDUtNTc1OS1xdjQ2
Data leak in Tensorflow
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 44.3
Published: over 3 years ago
Critical
GSA_kwCzR0hTQS05amp3LWhmNzItM214d84AAvMC
TensorFlow vulnerable to heap out of bounds read in filesystem glob matching
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 44.3
Published: over 1 year ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXBxcXAteG1oai13Z2N3
crossbeam-deque Data Race before v0.7.4 and v0.8.1
Ecosystems: cargo
Packages: crossbeam-deque
Source: GitHub Advisory Database
Blast Radius: 44.3
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS1jeGY3LXFyYzUtOTQ0Ns0viw
Remote shell execution vulnerability in image_processing
Ecosystems: rubygems
Packages: image_processing
Source: GitHub Advisory Database
Blast Radius: 44.1
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS1qY3I2LW1tamotcGNod84AAwoZ
gorilla/handlers may allow requester to bypass expected behavior of the Same Origin Policy
Ecosystems: go
Packages: github.com/gorilla/handlers
Source: GitHub Advisory Database
Blast Radius: 44.0
Published: over 1 year ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTIzMnItNjZjZy03OXB4
Paramiko not properly checking authentication before processing other requests
Ecosystems: pypi
Packages: paramiko
Source: GitHub Advisory Database
Blast Radius: 44.0
Published: almost 6 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWNxMjctdjd4cC1jMzU2
Buffer Overflow in pycrypto
Ecosystems: pypi
Packages: pycrypto
Source: GitHub Advisory Database
Blast Radius: 43.9
Published: over 5 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTlxY2YtYzI2ci14NXJm
XML external entity injection in Terracotta Quartz Scheduler
Ecosystems: maven
Packages: org.quartz-scheduler:quartz
Source: GitHub Advisory Database
Blast Radius: 43.9
Published: almost 4 years ago
Critical
GSA_kwCzR0hTQS1nbXdwLTNwd2MtM2ozZ84AAvS-
mockery is vulnerable to prototype pollution
Ecosystems: npm
Packages: mockery
Source: GitHub Advisory Database
Blast Radius: 43.9
Published: over 1 year ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWh3ajMtbTNwNi1oajM4
dom4j allows External Entities by default which might enable XXE attacks
Ecosystems: maven
Packages: dom4j:dom4j, org.dom4j:dom4j
Source: GitHub Advisory Database
Blast Radius: 43.8
Published: almost 4 years ago
Critical
GSA_kwCzR0hTQS0zaDZmLWc1ZjMtZ2M0d84AA0zc
Access Control Bypass in Spring Security
Ecosystems: maven
Packages: org.springframework.security:spring-security-config
Source: GitHub Advisory Database
Blast Radius: 43.8
Published: 10 months ago
Critical
GSA_kwCzR0hTQS1qdmZ2LWhycmMtNnE3Ms0wUg
Improper Restriction of XML External Entity Reference in Liquibase
Ecosystems: maven
Packages: org.liquibase:liquibase-core
Source: GitHub Advisory Database
Blast Radius: 43.8
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS1oMnAzLWg0OGgtOWpqN84AAR2Q
PIDUsage Enables OS Command Injection
Ecosystems: npm
Packages: pidusage
Source: GitHub Advisory Database
Blast Radius: 43.7
Published: almost 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLThqNHctNWZ3NC1ybTI3
Prototype Pollution in deeply
Ecosystems: npm
Packages: deeply
Source: GitHub Advisory Database
Blast Radius: 43.6
Published: over 4 years ago
Critical
GSA_kwCzR0hTQS1mZmY4LTR3OXAtN3Y3Ns4AAbau
Command Injection in Pygments
Ecosystems: pypi
Packages: Pygments
Source: GitHub Advisory Database
Blast Radius: 43.6
Published: almost 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXhqeGMtdmZ3Mi1jZzk2
Use after free in openssl
Ecosystems: cargo
Packages: openssl
Source: GitHub Advisory Database
Blast Radius: 43.6
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS1wcjc2LTVjbTUtdzljas4AA1Py
GitPython vulnerable to remote code execution due to insufficient sanitization of input arguments
Ecosystems: pypi
Packages: GitPython
Source: GitHub Advisory Database
Blast Radius: 43.5
Published: 9 months ago
Critical
GSA_kwCzR0hTQS0zY3c1LTdjeHctdjVxZ84AAxTp
Dompdf vulnerable to URI validation failure on SVG parsing
Ecosystems: packagist
Packages: dompdf/dompdf
Source: GitHub Advisory Database
Blast Radius: 43.4
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS01NmdqLW12aDYtcnA3Nc4AAxd4
URI validation failure on SVG parsing. Bypass of CVE-2023-23924
Ecosystems: packagist
Packages: dompdf/dompdf
Source: GitHub Advisory Database
Blast Radius: 43.4
Published: about 1 year ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJjd2otOGNodi05cHA5
XML External Entity attack in log4net
Ecosystems: nuget
Packages: log4net
Source: GitHub Advisory Database
Blast Radius: 43.4
Published: over 3 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTl3Y2ctanJ3Zi04Z2c3
Prototype Pollution in express-fileupload
Ecosystems: npm
Packages: express-fileupload
Source: GitHub Advisory Database
Blast Radius: 43.3
Published: over 3 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTR3NXgteDUzOS1wcGY1
Incorrect handling of credential expiry by /nats-io/nats-server
Ecosystems: go
Packages: github.com/nats-io/nats-server/v2, github.com/nats-io/jwt
Source: GitHub Advisory Database
Blast Radius: 43.2
Published: about 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWY1NTQteDIyMi13Z2Y3
Command Injection in Xstream
Ecosystems: maven
Packages: com.thoughtworks.xstream:xstream
Source: GitHub Advisory Database
Blast Radius: 43.2
Published: almost 5 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWhmMjMtOXBmNy0zODhw
Deserialization of Untrusted Data and Code Injection in xstream
Ecosystems: maven
Packages: com.thoughtworks.xstream:xstream
Source: GitHub Advisory Database
Blast Radius: 43.2
Published: almost 5 years ago
Critical
GSA_kwCzR0hTQS05N20zLTUyd3IteHZ2Ms4AA5dJ
Dompdf's usage of vulnerable version of phenx/php-svg-lib leads to restriction bypass and potential RCE
Ecosystems: packagist
Packages: phenx/php-svg-lib
Source: GitHub Advisory Database
Blast Radius: 43.2
Published: 2 months ago
Critical
GSA_kwCzR0hTQS05cTV3LTc5Y3YtOTQ3bc0Vog
Unsafe defaults in `remark-html`
Ecosystems: npm
Packages: remark-html
Source: GitHub Advisory Database
Blast Radius: 43.1
Published: over 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWhtcTYtZnJ2My00NzI3
jackson-dataformat-xml vulnerable to XML external entity (XXE)
Ecosystems: maven
Packages: com.fasterxml.jackson.dataformat:jackson-dataformat-xml
Source: GitHub Advisory Database
Blast Radius: 43.0
Published: over 5 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTdjajQtZ2o4bS1tMmY3
Authentication bypass in Apache Shiro
Ecosystems: maven
Packages: org.apache.shiro:shiro-spring
Source: GitHub Advisory Database
Blast Radius: 42.9
Published: about 3 years ago
Critical
GSA_kwCzR0hTQS01d3ZwLTdmM2gtNndtbc4AA3Am
PyArrow: Arbitrary code execution when loading a malicious data file
Ecosystems: pypi
Packages: pyarrow
Source: GitHub Advisory Database
Blast Radius: 42.9
Published: 6 months ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXY5OGotN2NyYy13dnJq
Authentication bypass in Apache Shiro
Ecosystems: maven
Packages: org.apache.shiro:shiro-spring-boot-starter, org.apache.shiro:shiro-spring, org.apache.shiro:shiro-web
Source: GitHub Advisory Database
Blast Radius: 42.9
Published: about 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXgzcmgtbTd2cC0zNWYy
Operation on a Resource after Expiration or Release in Jetty Server
Ecosystems: maven
Packages: org.eclipse.jetty:jetty-server
Source: GitHub Advisory Database
Blast Radius: 42.7
Published: over 3 years ago
Critical
GSA_kwCzR0hTQS04d201LThoOWMtNDdwY84AAtzA
Apache Hadoop argument injection vulnerability
Ecosystems: maven
Packages: org.apache.hadoop:hadoop-common
Source: GitHub Advisory Database
Blast Radius: 42.6
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS1neDJjLWZ2aGMtcGg0as05Xg
Path traversal in Hadoop
Ecosystems: maven
Packages: org.apache.hadoop:hadoop-common
Source: GitHub Advisory Database
Blast Radius: 42.6
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS1ybXBqLTdjOTYtbXJnOM4AArin
Apache Hadoop heap overflow before v2.10.2, v3.2.3, v3.3.2
Ecosystems: maven
Packages: org.apache.hadoop:hadoop-common
Source: GitHub Advisory Database
Blast Radius: 42.6
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS1yY2pjLWM0cGoteHhycM4AA3Qr
Apache Derby: LDAP injection vulnerability in authenticator
Ecosystems: maven
Packages: org.apache.derby:derby
Source: GitHub Advisory Database
Blast Radius: 42.6
Published: 6 months ago
Critical
GSA_kwCzR0hTQS14NzUyLXFqdjQtYzRoY804Ig
Remote code injection in dompdf/dompdf
Ecosystems: packagist
Packages: dompdf/dompdf
Source: GitHub Advisory Database
Blast Radius: 42.6
Published: about 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXI0M2gtZ21ybS1oNWM5
Access of Uninitialized Pointer in linked-hash-map
Ecosystems: cargo
Packages: linked-hash-map
Source: GitHub Advisory Database
Blast Radius: 42.5
Published: over 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXIzeDQtd3I0aC1wdzMz
Sandbox Breakout / Arbitrary Code Execution in safer-eval
Ecosystems: npm
Packages: safer-eval
Source: GitHub Advisory Database
Blast Radius: 42.5
Published: over 4 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWhnY2gtamptci1ncDd3
Sandbox Breakout / Arbitrary Code Execution in safer-eval
Ecosystems: npm
Packages: safer-eval
Source: GitHub Advisory Database
Blast Radius: 42.5
Published: over 4 years ago
Critical
GSA_kwCzR0hTQS1xNHhjLTdjdzgtY2dmas4AAnA8
dset vulnerable to prototype pollution
Ecosystems: npm
Packages: dset
Source: GitHub Advisory Database
Blast Radius: 42.5
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS1xNDZ2LWNqNXYtaHZnNs4AAYKo
Use of a Broken or Risky Cryptographic Algorithm in Apache Hadoop
Ecosystems: maven
Packages: org.apache.hadoop:hadoop-client
Source: GitHub Advisory Database
Blast Radius: 42.4
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS04eGY0LXc3cXctcGpqd802tA
Firebase PHP-JWT key/algorithm type confusion
Ecosystems: packagist
Packages: firebase/php-jwt
Source: GitHub Advisory Database
Blast Radius: 42.3
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS1waHJxLXY0cTItaG1xNs02Ag
Sabberworm PHP CSS Parser Code injection vulnerability in allSelectors()
Ecosystems: packagist
Packages: sabberworm/php-css-parser
Source: GitHub Advisory Database
Blast Radius: 42.3
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS1ncDJqLW1nNHctMnJoNc4AAkmW
chrome-launcher subject to OS Command Injection
Ecosystems: npm
Packages: chrome-launcher
Source: GitHub Advisory Database
Blast Radius: 42.3
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS12cGY1LTgyYzgtOXYzNs0XwA
Prototype Pollution in algoliasearch-helper
Ecosystems: npm
Packages: algoliasearch-helper
Source: GitHub Advisory Database
Blast Radius: 42.3
Published: over 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJqeDItNzZyYy0ydjd2
Kubernetes Privilege Escalation
Ecosystems: go
Packages: k8s.io/kubernetes
Source: GitHub Advisory Database
Blast Radius: 42.2
Published: almost 3 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTg2NGotNnFwcC1jbXJy
SQL Injection in Geocoder
Ecosystems: rubygems
Packages: geocoder
Source: GitHub Advisory Database
Blast Radius: 42.2
Published: almost 4 years ago
Critical
GSA_kwCzR0hTQS02OXA2LXd2bXEtMjdnZ809lg
Command injection in ruby-git
Ecosystems: rubygems
Packages: git
Source: GitHub Advisory Database
Blast Radius: 42.1
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS1yNDhxLTlnNXItOHEyaM4AArc1
Authorization Bypass Through User-Controlled Key in go-restful
Ecosystems: go
Packages: github.com/emicklei/go-restful/v2, github.com/emicklei/go-restful, github.com/emicklei/go-restful/v3
Source: GitHub Advisory Database
Blast Radius: 42.1
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS13NTU5LTYyM3AtdmZnOM3fzg
MyBatis PageHelper vulnerable to time-blind SQL injection via orderBy parameter
Ecosystems: maven
Packages: com.github.pagehelper:pagehelper
Source: GitHub Advisory Database
Blast Radius: 42.1
Published: almost 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWg2cmotOHIzYy05Z3Bq
bson is vulnerable to denial of service due to incorrect regex validation
Ecosystems: rubygems
Packages: bson
Source: GitHub Advisory Database
Blast Radius: 42.0
Published: about 6 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTRwYzMtOTZteC13d2M4
Remote code execution in PHPMailer
Ecosystems: packagist
Packages: phpmailer/phpmailer
Source: GitHub Advisory Database
Blast Radius: 42.0
Published: about 4 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW0yOTgtZmg1Yy1qYzY2
Object injection in PHPMailer/PHPMailer
Ecosystems: packagist
Packages: phpmailer/phpmailer
Source: GitHub Advisory Database
Blast Radius: 42.0
Published: almost 3 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTVmMzctZ3h2aC0yM3Y2
Remote code execution in PHPMailer
Ecosystems: packagist
Packages: phpmailer/phpmailer
Source: GitHub Advisory Database
Blast Radius: 42.0
Published: about 4 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTQ0NDYtNjU2cC1mNTRn
Deserialization of Untrusted Data in Bouncy castle
Ecosystems: maven
Packages: org.bouncycastle:bcprov-jdk15on
Source: GitHub Advisory Database
Blast Radius: 41.9
Published: over 5 years ago
Critical
GSA_kwCzR0hTQS1mNmpwLWo2dzMtdzlobc0V4A
Apache Shiro vulnerable to a specially crafted HTTP request causing an authentication bypass
Ecosystems: maven
Packages: org.apache.shiro:shiro-core
Source: GitHub Advisory Database
Blast Radius: 41.9
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS00NXg5LXE2dmotY3Fncc4AAvPr
Apache Shiro Authentication Bypass vulnerability
Ecosystems: maven
Packages: org.apache.shiro:shiro-core
Source: GitHub Advisory Database
Blast Radius: 41.9
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS00Y2Y1LXhtaHAtM3hqN84AAtCe
Improper Authorization in Apache Shiro
Ecosystems: maven
Packages: org.apache.shiro:shiro-core
Source: GitHub Advisory Database
Blast Radius: 41.9
Published: almost 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTcydzktZmNqNS0zZmNn
Improper Authentication in Apache Shiro
Ecosystems: maven
Packages: org.apache.shiro:shiro-core
Source: GitHub Advisory Database
Blast Radius: 41.9
Published: almost 3 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTI2Z3ItY3ZxMy1xeGdm
Improper Authentication in Apache Shiro
Ecosystems: maven
Packages: org.apache.shiro:shiro-core
Source: GitHub Advisory Database
Blast Radius: 41.9
Published: almost 3 years ago
Critical
GSA_kwCzR0hTQS00djNnLWc4NHctaHY3cs3oqg
Authentication Bypass Using an Alternate Path or Channel in Apache Tomcat
Ecosystems: maven
Packages: org.apache.tomcat.embed:tomcat-embed-jasper, org.apache.tomcat:jasper, org.apache.tomcat:tomcat-jasper
Source: GitHub Advisory Database
Blast Radius: 41.9
Published: almost 2 years ago
Statistics
Advisories: 18,369
Packages: 8,294
Repositories: 1,289
Ecosystems: 12
Filter by Severity
Moderate 7,928 High 6,358 Critical 2,809 Low 985
Filter by Ecosystem
npm 952 maven 823 packagist 465 pypi 365 go 213 cargo 153 rubygems 110 nuget 49 actions 4 hex 4 swift 2
Filter by Package
magento/community-edition 27 com.fasterxml.jackson.core:jackson-databind 24 dolibarr/dolibarr 23 net.mingsoft:ms-mcms 18 org.jenkins-ci.main:jenkins-core 18 salt 16 moodle/moodle 15 topthink/framework 13 com.liferay.portal:release.portal.bom 13 langchain 12 drupal/core 12 com.liferay.portal:release.dxp.bom 12 org.apache.dubbo:dubbo 12 mlflow 12 magento/core 11 org.apache.struts:struts2-core 11 apache-airflow 10 vm2 10 tensorflow 9 org.xwiki.platform:xwiki-platform-oldcore 9 phpmyadmin/phpmyadmin 9 funadmin/funadmin 9 tensorflow-gpu 8 tensorflow-cpu 8 drupal/drupal 8 org.jeecgframework.boot:jeecg-boot-common 8 shopware/platform 8 rdiffweb 8 paddlepaddle 8 org.xwiki.platform:xwiki-platform-web-templates 8 ansible 7 froxlor/froxlor 7 rusqlite 7 studio-42/elfinder 7 org.xwiki.platform:xwiki-platform-administration-ui 7 sequelize 7 gogs.io/gogs 7 symfony/symfony 7 aaptjs 6 thorsten/phpmyfaq 6 parse-server 6 ezsystems/ezpublish-kernel 6 github.com/argoproj/argo-cd 6 github.com/answerdev/answer 6 org.apache.activemq:activemq-client 5 org.jeecgframework.boot:jeecg-boot-parent 5 ckb 5 nodebb 5 org.apache.tomcat.embed:tomcat-embed-core 5 org.jenkins-ci.plugins:script-security 5 steal 5 mercurial 5 centreon/centreon 5 zendframework/zendframework 5 org.xwiki.commons:xwiki-commons-xml 5 org.xwiki.platform:xwiki-platform-web 5 django 5 Microsoft.ChakraCore 5 shopware/core 5 org.apache.inlong:manager-pojo 5 safe-eval 5 Pillow 5 org.apache.shiro:shiro-core 5 org.apache.tapestry:tapestry-core 4 org.eclipse.jetty:jetty-server 4 smallvec 4 hermes-engine 4 pyload-ng 4 spree_auth_devise 4 contao/contao 4 librenms/librenms 4 PaddlePaddle 4 code.gitea.io/gitea 4 safer-eval 4 org.cloudfoundry.identity:cloudfoundry-identity-server 4 realms-shim 4 nukeviet/nukeviet 4 org.apache.openmeetings:openmeetings-parent 4 github.com/hashicorp/vault 4 baserproject/basercms 4 Django 4 calibreweb 4 mautic/core 4 swagger-ui 4 org.apache.inlong:manager-service 4 org.apache.kylin:kylin-server-base 4 org.xwiki.platform:xwiki-platform-flamingo-skin-resources 4 github.com/usememos/memos 4 prestashop/prestashop 4 net.opentsdb:opentsdb 4 github.com/argoproj/argo-cd/v2 4 feehi/cms 4 messagepack-rs 4 org.xwiki.platform:xwiki-platform-appwithinminutes-ui 4 apache-airflow-providers-apache-hive 4 openssl-src 4 org.jeecgframework.boot:jeecg-boot-base-core 4 nilsteampassnet/teampass 4 contao/core-bundle 4 github.com/pterodactyl/wings 3 rubygems-update 3 github.com/hashicorp/nomad 3 org.apache.any23:apache-any23 3 org.apache.ignite:ignite-core 3 org.apache.linkis:linkis 3 github.com/dexidp/dex 3 org.springframework.security:spring-security-core 3 nokogiri 3 @openzeppelin/contracts-upgradeable 3 codeigniter4/framework 3 io.dataease:dataease-plugin-common 3 feathers-sequelize 3 cobbler 3 zendframework/zendframework1 3 mongoose 3 nvflare 3 com.hazelcast:hazelcast 3 edu.stanford.nlp:stanford-corenlp 3 github.com/rancher/rancher 3 org.apache.inlong:manager-web 3 org.jenkins-ci.plugins:active-directory 3 org.apache.logging.log4j:log4j-core 3 org.apache.hadoop:hadoop-common 3 modoboa 3 org.apache.jmeter:ApacheJMeter 3 craftcms/cms 3 org.keycloak:keycloak-core 3 org.xwiki.platform:xwiki-platform-icon-ui 3 pimcore/pimcore 3 ro.pippo:pippo-core 3 io.undertow:undertow-core 3 showdoc/showdoc 3 symfony/security 3 symfony/security-core 3 com.jflyfox:jflyfox_jfinal 3 com.alibaba:dubbo 3 ezsystems/ezplatform-kernel 3 smarty/smarty 3 org.zenframework.z8.dependencies.commons:log4j-1.2.17 3 codiad/codiad 3 log4j:log4j 3 tribalsystems/zenario 3 org.xwiki.platform:xwiki-platform-flamingo-theme-ui 3 org.apache.ozone:ozone-main 3 phpmailer/phpmailer 3 org.apache.dolphinscheduler:dolphinscheduler 3 org.xwiki.platform:xwiki-platform-panels-ui 3 ray 3 francoisjacquet/rosariosis 3 strapi 3 org.jenkins-ci.plugins.workflow:workflow-cps 3 org.jeecgframework.boot:jeecg-boot-base 3 slp-validate 3 typo3/cms 3 facade/ignition 3 id-map 3 elefant/cms 3 impresscms/impresscms 3 handlebars 3 github.com/go-gitea/gitea 3 browserify-shim 3 org.xwiki.platform:xwiki-platform-search-ui 3 org.apache.storm:storm 3 dompdf/dompdf 3 org.apache.solr:solr-parent 3 org.richfaces:richfaces-core 3 ibexa/core 3 actix-web 3 lmdb 3 org.apache.solr:solr-core 3 jsrsasign 3 slpjs 3 publify_core 3 xcb 3 github.com/crewjam/saml 2 locutus 2 org.apache.shiro:shiro-web 2 tenvoy 2 org.apache.flume.flume-ng-sources:flume-jms-source 2 org.apache.derby:derby 2 org.apache.inlong:manager-dao 2 mathjs 2 github.com/sap/cloud-security-client-go 2 eslint-config-eslint 2 github.com/russellhaering/gosaml2 2 ghost 2 alextselegidis/easyappointments 2 org.springframework.amqp:spring-amqp 2 nadesiko3 2 apache-superset 2 org.apache.commons:commons-configuration2 2 llama-index 2 org.xwiki.platform:xwiki-platform-notifications-ui 2 traceroute 2 graphite-web 2 torchserve 2 com.hazelcast.jet:hazelcast-jet 2 org.xwiki.platform:xwiki-platform-attachment-ui 2 pidusage 2 org.xwiki.platform:xwiki-platform-invitation-ui 2
Filter by Repository
https://github.com/xwiki/xwiki-platform 81 https://github.com/FasterXML/jackson-databind 24 https://github.com/jenkinsci/jenkins 17 https://github.com/Dolibarr/dolibarr 15 https://github.com/saltstack/salt 14 https://github.com/apache/airflow 14 https://github.com/mlflow/mlflow 11 https://github.com/PaddlePaddle/Paddle 11 https://github.com/ming-soft/MCMS 10 https://github.com/patriksimek/vm2 10 https://github.com/jeecgboot/jeecg-boot 9 https://github.com/top-think/framework 9 https://github.com/funadmin/funadmin 9 https://github.com/tensorflow/tensorflow 9 https://github.com/apache/inlong 8 https://github.com/django/django 8 https://github.com/magento/magento2 8 https://github.com/ikus060/rdiffweb 8 https://github.com/langchain-ai/langchain 8 https://github.com/ansible/ansible 7 https://github.com/gogs/gogs 7 https://github.com/apache/struts 7 https://github.com/Studio-42/elFinder 7 https://github.com/argoproj/argo-cd 7 https://github.com/rusqlite/rusqlite 7 https://github.com/python-pillow/Pillow 7 https://github.com/sequelize/sequelize 7 https://github.com/go-gitea/gitea 7 https://github.com/parse-community/parse-server 6 https://github.com/answerdev/answer 6 https://github.com/thorsten/phpmyfaq 6 https://github.com/xwiki/xwiki-commons 6 https://github.com/shenzhim/aaptjs 6 https://github.com/shopware/platform 6 https://github.com/symfony/symfony 6 https://github.com/apache/tomcat 5 https://github.com/stealjs/steal 5 https://github.com/apache/activemq 5 https://github.com/nervosnetwork/ckb 5 https://github.com/NodeBB/NodeBB 5 https://github.com/moodle/moodle 5 https://github.com/hacksparrow/safe-eval 5 https://github.com/froxlor/froxlor 5 https://github.com/solidusio/solidus_auth_devise 5 https://github.com/keycloak/keycloak 5 https://github.com/dromara/hutool 4 https://github.com/dompdf/dompdf 4 https://github.com/ezsystems/ezpublish-kernel 4 https://github.com/pippo-java/pippo 4 https://github.com/janeczku/calibre-web 4 https://github.com/otake84/messagepack-rs 4 https://github.com/swagger-api/swagger-ui 4 https://github.com/contao/contao 4 https://github.com/OpenTSDB/opentsdb 4 https://github.com/PrestaShop/PrestaShop 4 https://github.com/CVEProject/cvelist 4 https://github.com/usememos/memos 4 https://github.com/liufee/cms 4 https://github.com/pyload/pyload 4 https://github.com/spring-projects/spring-framework 4 https://github.com/hwchase17/langchain 4 https://github.com/servo/rust-smallvec 4 https://github.com/cloudfoundry/uaa 4 https://github.com/neorazorx/facturascripts 3 https://github.com/github/securitylab 3 https://github.com/dexidp/dex 3 https://github.com/apache/shiro 3 https://github.com/feathersjs-ecosystem/feathers-sequelize 3 https://github.com/baserproject/basercms 3 https://github.com/pterodactyl/wings 3 https://github.com/simpleledger/slpjs 3 https://github.com/phpmyadmin/phpmyadmin 3 https://github.com/smarty-php/smarty 3 https://github.com/cobbler/cobbler 3 https://github.com/opencast/opencast 3 https://github.com/thlorenz/browserify-shim 3 https://github.com/facade/ignition 3 https://github.com/TeamSeri0us/pocs 3 https://github.com/rubygems/rubygems.org 3 https://github.com/facebook/hermes 3 https://github.com/mbechler/marshalsec 3 https://github.com/hazelcast/hazelcast 3 https://github.com/jflyfox/jfinal_cms 3 https://github.com/pimcore/pimcore 3 https://github.com/star7th/showdoc 3 https://github.com/rancher/rancher 3 https://github.com/ImpressCMS/impresscms 3 https://github.com/publify/publify 3 https://github.com/dwisiswant0/advisory 3 https://github.com/centreon/centreon-archived 3 https://github.com/shopware/shopware 3 https://github.com/LetianYuan/My-CVE-Public-References 3 https://github.com/kjur/jsrsasign 3 https://github.com/chakra-core/ChakraCore 3 https://github.com/dataease/dataease 3 https://github.com/run-llama/llama_index 3 https://github.com/jbroadway/elefant 3 https://github.com/strapi/strapi 3 https://github.com/apache/camel 3 https://github.com/octobercms/october 3 https://github.com/ibexa/core 3 https://github.com/denoland/deno 3 https://github.com/NVIDIA/NVFlare 3 https://github.com/crewjam/saml 3 https://github.com/modoboa/modoboa 3 https://github.com/actix/actix-web 3 https://github.com/PHPMailer/PHPMailer 3 https://github.com/ezsystems/ezplatform-kernel 3 https://github.com/rubygems/rubygems 3 https://github.com/nukeviet/nukeviet 3 https://github.com/twisted/twisted 3 https://github.com/craftcms/cms 3 https://github.com/andrewhickman/id-map 3 https://github.com/pytorch/serve 2 https://github.com/sidorares/node-mysql2 2 https://github.com/javamelody/javamelody 2 https://github.com/Netflix/security-bulletins 2 https://github.com/neo4j-contrib/neo4j-apoc-procedures 2 https://github.com/kubernetes/kubernetes 2 https://github.com/simpleledger/slp-validate.js 2 https://github.com/nodejs/llhttp 2 https://github.com/sjep/array 2 https://github.com/apache/submarine 2 https://github.com/OpenAPITools/openapi-generator 2 https://github.com/drupal/core 2 https://github.com/folio-org/mod-data-export-spring 2 https://github.com/apache/jmeter 2 https://github.com/google/flatbuffers 2 https://github.com/scalyr/scalyr-agent-2 2 https://github.com/IceWhaleTech/CasaOS 2 https://github.com/SAP/cloud-security-client-go 2 https://github.com/intelliants/subrion 2 https://github.com/benbusby/whoogle-search 2 https://github.com/laurent22/joplin 2 https://github.com/js-data/js-data 2 https://github.com/graphite-project/graphite-web 2 https://github.com/quarkusio/quarkus 2 https://github.com/gventuri/pandas-ai 2 https://github.com/dominictarr/event-stream 2 https://github.com/rochacbruno/quokka 2 https://github.com/Microsoft/ChakraCore 2 https://github.com/KnpLabs/snappy 2 https://github.com/gnzlbg/slice_deque 2 https://github.com/ADOdb/ADOdb 2 https://github.com/keystonejs/keystone 2 https://github.com/jfinal/jfinal 2 https://github.com/TribalSystems/Zenario 2 https://github.com/cockpit-hq/cockpit 2 https://github.com/stanfordnlp/corenlp 2 https://github.com/codeigniter4/CodeIgniter4 2 https://github.com/Automattic/mongoose 2 https://github.com/rest-client/rest-client 2 https://github.com/netvl/acc_reader 2 https://github.com/michaelschwarz/Ajax.NET-Professional 2 https://github.com/h2database/h2database 2 https://github.com/handlebars-lang/handlebars.js 2 https://github.com/jenkinsci/semantic-versioning-plugin 2 https://github.com/HtmlUnit/htmlunit 2 https://github.com/hashicorp/vault 2 https://github.com/totaljs/framework 2 https://github.com/noear/solon 2 https://github.com/top-think/thinkphp 2 https://github.com/getgrav/grav 2 https://github.com/web2py/web2py 2 https://github.com/SAP/cloud-pysec 2 https://github.com/nats-io/jwt 2 https://github.com/zoujingli/ThinkAdmin 2 https://github.com/jenkinsci/script-security-plugin 2 https://github.com/qcubed/qcubed 2 https://github.com/nystudio107/craft-seomatic 2 https://github.com/mautic/mautic 2 https://github.com/russellhaering/gosaml2 2 https://github.com/jmrozanec/cron-utils 2 https://github.com/hashicorp/go-getter 2 https://github.com/rubyzip/rubyzip 2 https://github.com/apache/kylin 2 https://github.com/ahdinosaur/set-in 2 https://github.com/waycrate/swhkd 2 https://github.com/ionicabizau/parse-url 2 https://github.com/reem/rust-traitobject 2 https://github.com/actix/actix-net 2 https://github.com/Agoric/realms-shim 2 https://github.com/gofiber/fiber 2 https://github.com/apache/incubator-streampark 2 https://github.com/git-lfs/git-lfs 2 https://github.com/puma/puma 2 https://github.com/skoranga/node-dns-sync 2 https://github.com/nilsteampassnet/teampass 2 https://github.com/evmos/evmos 2 https://github.com/rust-random/rand 2 https://github.com/MrSwitch/hello.js 2 https://github.com/OpenMage/magento-lts 2 https://github.com/ezsystems/ezplatform-admin-ui 2 https://github.com/xwiki/xwiki-rendering 2 https://github.com/grafana/grafana 2 https://github.com/Gerapy/Gerapy 2 https://github.com/Codiad/Codiad 2 https://github.com/moby/buildkit 2 https://github.com/soketi/soketi 2