Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Critical Security Advisories

Loading...
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJtN2MteDQyNC1nMm13
Malicious Package in asyync
Ecosystems: npm
Packages: asyync
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Critical
GSA_kwCzR0hTQS14NXI1LTJxcngtcnFqOM4AA5ik
Transparent TLS may not be applied to Marbles with certain manifest configurations
Ecosystems: go
Packages: github.com/edgelesssys/marblerun
Source: GitHub Advisory Database
Blast Radius: 5.5
Published: 2 months ago
Critical
GSA_kwCzR0hTQS01cDh2LTU4cW0tYzdmcM4AAu9_
python-jwt vulnerable to token forgery with new claims
Ecosystems: pypi
Packages: python-jwt
Source: GitHub Advisory Database
Blast Radius: 29.1
Published: over 1 year ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWN2N3gtNnJjNi1wcTV2
Double free in containers
Ecosystems: cargo
Packages: containers
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTI3N3AteHdwcC0zamY3
Malicious Package in rrgod
Ecosystems: npm
Packages: rrgod
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWhwY3gtM3B3OC1nM2oy
Free of uninitialized memory in telemetry
Ecosystems: cargo
Packages: telemetry
Source: GitHub Advisory Database
Blast Radius: 4.7
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS04ZjhnLTlqNzMtN3A4Ms4AAu0C
steal vulnerable to Prototype Pollution via optionName variable
Ecosystems: npm
Packages: steal
Source: GitHub Advisory Database
Blast Radius: 25.8
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS12d2hxLXBtM3ItZmptOc4AAu0V
steal vulnerable to Prototype Pollution via key variable in babel.js
Ecosystems: npm
Packages: steal
Source: GitHub Advisory Database
Blast Radius: 25.8
Published: over 1 year ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLThnbXgtY3BjZy1mOGg1
Double-free in id-map
Ecosystems: cargo
Packages: id-map
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZmcXgtaHY4OC1mOWN2
Double-free in id-map
Ecosystems: cargo
Packages: id-map
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXg2N3gtdmc5bS02NWMz
Integer overflow in base64
Ecosystems: cargo
Packages: base64
Source: GitHub Advisory Database
Blast Radius: 46.8
Published: over 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTloYzItdzlnZy1xNmp3
Malicious Package in boogeyman
Ecosystems: npm
Packages: boogeyman
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW01cDQtN3dmOS02dzk5
Malicious Package in regenrator
Ecosystems: npm
Packages: regenrator
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTdnZ3ctaDhwcC1yOTVy
October CMS Session ID not invalidated after logout
Ecosystems: packagist
Packages: october/rain
Source: GitHub Advisory Database
Blast Radius: 29.5
Published: about 3 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTMzZ2MtZjh2OS12OGht
Malicious Package in ladder-text-js
Ecosystems: npm
Packages: ladder-text-js
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTN3OGcteHIzZi0ybXA4
Out of bounds write in nalgebra
Ecosystems: cargo
Packages: nalgebra
Source: GitHub Advisory Database
Blast Radius: 36.8
Published: over 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWc0dmoteDd2OS1oODJt
Overflow in libsecp256k1
Ecosystems: cargo
Packages: libsecp256k1
Source: GitHub Advisory Database
Blast Radius: 36.8
Published: over 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTNjanYtNHBody1ndnZ2
Malicious Package in getcookies
Ecosystems: npm
Packages: getcookies
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Critical
GSA_kwCzR0hTQS0zZmhqLXdwdmoteDV3OM4AAwaM
laravel-jqgrid vulnerable to SQL Injection
Ecosystems: packagist
Packages: mgallegos/laravel-jqgrid
Source: GitHub Advisory Database
Blast Radius: 14.0
Published: over 1 year ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTU0Y3ItZ3Y4dy04MzI0
Malicious Package in xoc
Ecosystems: npm
Packages: xoc
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Critical
GSA_kwCzR0hTQS00bTZqLTIzcDItOGM1NM4AA5gn
Armeria SAML authentication bypass due to missing validation on unsigned SAML messages
Ecosystems: maven
Packages: com.linecorp.armeria:armeria-saml
Source: GitHub Advisory Database
Blast Radius: 4.3
Published: 2 months ago
Critical
GSA_kwCzR0hTQS13bWh3LWhwd2gtNDRwZ84AATvP
Apache ActiveMQ Apollo XXE Vulnerability
Ecosystems: maven
Packages: org.apache.activemq:apollo-project
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS1tOHI5LXF4eDgtbXJ4cM4AAwnn
rdiffweb Improper Access Control vulnerability
Ecosystems: pypi
Packages: rdiffweb
Source: GitHub Advisory Database
Blast Radius: 4.7
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS1qY3I2LW1tamotcGNod84AAwoZ
gorilla/handlers may allow requester to bypass expected behavior of the Same Origin Policy
Ecosystems: go
Packages: github.com/gorilla/handlers
Source: GitHub Advisory Database
Blast Radius: 44.0
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS1xd3ZwLWc5ajctMjhmNs4AAyxG
froxlor/froxlor vulnerable to unrestricted upload of file with dangerous type
Ecosystems: packagist
Packages: froxlor/froxlor
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTd4ZnEteGg2di00bXJt
Malicious Package in json-serializer
Ecosystems: npm
Packages: json-serializer
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Critical
GSA_kwCzR0hTQS14dmNoLTVndjQtOTg0aM0z6A
Prototype Pollution in minimist
Ecosystems: npm
Packages: minimist
Source: GitHub Advisory Database
Blast Radius: 61.8
Published: about 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTNmdjYtcTV4di1maHB3
Malicious Package in coffee-project
Ecosystems: npm
Packages: coffee-project
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Critical
GSA_kwCzR0hTQS1xampqLTdnN2gtNTR2M84AAu09
ThinkPHP deserialization vulnerability
Ecosystems: packagist
Packages: topthink/framework
Source: GitHub Advisory Database
Blast Radius: 34.4
Published: over 1 year ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXBxcXAteG1oai13Z2N3
crossbeam-deque Data Race before v0.7.4 and v0.8.1
Ecosystems: cargo
Packages: crossbeam-deque
Source: GitHub Advisory Database
Blast Radius: 44.3
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS01cmY0LWYyNGMtaHB2aM4AAuZt
SQL injection in jflyfox jfinal
Ecosystems: maven
Packages: com.jflyfox:jflyfox_jfinal
Source: GitHub Advisory Database
Blast Radius: 3.0
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS1mbWc0LXg4cHctaGpoZ84AA5dK
Fiber has Insecure CORS Configuration, Allowing Wildcard Origin with Credentials
Ecosystems: go
Packages: github.com/gofiber/fiber/v2
Source: GitHub Advisory Database
Blast Radius: 34.9
Published: 2 months ago
Critical
GSA_kwCzR0hTQS13djM5LWYzdngtM3Y2cc4AAuZ-
SQL injection in jflyfox jfinal
Ecosystems: maven
Packages: com.jflyfox:jflyfox_jfinal
Source: GitHub Advisory Database
Blast Radius: 3.0
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS1yYzU4LXFyOWotY3Bnd84AAwbo
Apache Airflow Hive Provider vulnerable to Command Injection
Ecosystems: pypi
Packages: apache-airflow-providers-apache-hive
Source: GitHub Advisory Database
Blast Radius: 12.5
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS02djczLWZnZjYtdzVqN8032w
Spring Cloud Function Code Injection with a specially crafted SpEL as a routing expression
Ecosystems: maven
Packages: org.springframework.cloud:spring-cloud-function-context
Source: GitHub Advisory Database
Blast Radius: 22.3
Published: about 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW13MzUtMjRnaC1mODJ3
keycloak-connect and keycloak-js improperly handle invalid tokens
Ecosystems: npm
Packages: keycloak-js, keycloak-connect
Source: GitHub Advisory Database
Blast Radius: 34.5
Published: over 6 years ago
Critical
GSA_kwCzR0hTQS02OXA2LXd2bXEtMjdnZ809lg
Command injection in ruby-git
Ecosystems: rubygems
Packages: git
Source: GitHub Advisory Database
Blast Radius: 42.1
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS1tNTRmLXJwNnItcnJybc4AAvG6
XXL-JOB contains a Command execution vulnerability in background tasks
Ecosystems: maven
Packages: com.xuxueli:xxl-job-core
Source: GitHub Advisory Database
Blast Radius: 30.8
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS1mcHJyLXJybTgtNDUzNM4AAwuU
Apache Dubbo vulnerable to remote code execution via Telnet Handler
Ecosystems: maven
Packages: org.apache.dubbo:dubbo-parent
Source: GitHub Advisory Database
Blast Radius: 4.7
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS12ZnYzLTl3NnYtMjNqcM4AAu1Q
typemap is Unmaintained
Ecosystems: cargo
Packages: typemap
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS1qOWZxLXZ3cXYtMmZtMs4AAuza
Server-Side Request Forgery (SSRF) in GitHub repository ionicabizau/parse-url
Ecosystems: npm
Packages: parse-url
Source: GitHub Advisory Database
Blast Radius: 48.3
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS13ZzR3LTVtNXItdzNwOM4AAyfR
OpenAPI Generator vulnerable to Server-Side Request Forgery
Ecosystems: maven
Packages: org.openapitools:openapi-generator-project
Source: GitHub Advisory Database
Blast Radius: 4.3
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS14cHdqLTd2OHEtbWNnas0V-g
Deno's static imports inside dynamically imported modules do not adhere to permission checks
Ecosystems: cargo
Packages: deno
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLThtNXYtZjJ3cC13cXI5
Malicious Package in ali-contributors
Ecosystems: npm
Packages: ali-contributors
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Critical
GSA_kwCzR0hTQS0yZ3dqLTdqbXYtaDI2cs07Ng
SQL Injection in Django
Ecosystems: pypi
Packages: Django
Source: GitHub Advisory Database
Blast Radius: 49.6
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS1nNDM0LTNxMmotaGo0cs4AAWhd
CodeIgniter Session Fixation Vulnerability
Ecosystems: packagist
Packages: codeigniter/framework
Source: GitHub Advisory Database
Blast Radius: 26.5
Published: almost 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW02Z3gtcmh2ai1maDUy
Denial of service in go-ethereum due to CVE-2020-28362
Ecosystems: go
Packages: github.com/ethereum/go-ethereum
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 3 years ago
Critical
GSA_kwCzR0hTQS1jd3doLTQzODItNmZ3cs4AASIn
Dulwich RCE Vulnerability
Ecosystems: pypi
Packages: dulwich
Source: GitHub Advisory Database
Blast Radius: 34.0
Published: almost 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJwODktNWYyMi04cXZm
Exposure of Sensitive Information to an Unauthorized Actor
Ecosystems: packagist
Packages: shopware/platform
Source: GitHub Advisory Database
Blast Radius: 14.4
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS1mZmhxLWc4NTYtOWYycM06-g
Arbitrary file upload in Ghost
Ecosystems: npm
Packages: ghost
Source: GitHub Advisory Database
Blast Radius: 26.2
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS0zcjQ4LTNtOHItNHI5d84AAyX0
Apache OpenMeetings missing authentication and can allow user impersonation
Ecosystems: maven
Packages: org.apache.openmeetings:openmeetings-parent
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS05NjhjLW1tMjgtamZ3NM0wFg
SQL injection in net.mingsoft:ms-mcms
Ecosystems: maven
Packages: net.mingsoft:ms-mcms
Source: GitHub Advisory Database
Blast Radius: 3.0
Published: about 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTV3MjUtaHhwNS1oOGM5
Improper Verification of Cryptographic Signature
Ecosystems: npm
Packages: tenvoy
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 3 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTdyOTYtOGczeC1nMzZt
Improper Verification of Cryptographic Signature
Ecosystems: npm
Packages: tenvoy
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 3 years ago
Critical
GSA_kwCzR0hTQS02cnczLTN3aHctanZqas0_mw
Git LFS can execute a binary from the current directory on Windows
Ecosystems: go
Packages: github.com/git-lfs/git-lfs, github.com/git-lfs/git-lfs/v3
Source: GitHub Advisory Database
Blast Radius: 13.9
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS04ZzIzLTJxNXAtODg2Ns4AAxzQ
Apache Airflow Google Provider Improper Input Validation vulnerability
Ecosystems: pypi
Packages: apache-airflow-providers-google
Source: GitHub Advisory Database
Blast Radius: 25.2
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS1wNGNjLXc1OTctNmNwbc4AAui1
Cryptographically weak PRNG in `utils.generateUUID`
Ecosystems: npm
Packages: nodebb
Source: GitHub Advisory Database
Blast Radius: 4.7
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS0yeHhjLTczZnYtMzZmN84AA1UC
llama-index vulnerable to arbitrary code execution
Ecosystems: pypi
Packages: llama-index
Source: GitHub Advisory Database
Blast Radius: 31.0
Published: 9 months ago
Critical
GSA_kwCzR0hTQS1oOW1oLW1ncHYtZ3Ftds4AAuXO
Remote code execution in Apache Flume
Ecosystems: maven
Packages: org.apache.flume.flume-ng-sources:flume-jms-source
Source: GitHub Advisory Database
Blast Radius: 20.5
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS1xbTk1LXBnY2ctcXFmcc4AAvix
Insufficient validation when decoding a Socket.IO packet
Ecosystems: npm
Packages: socket.io-parser
Source: GitHub Advisory Database
Blast Radius: 59.8
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS13M3JjLTJ3aGctdzkzNM4AAuEF
Mingsoft MCMS SQL injection vulnerability in /mdiy/model/delete URI via models List
Ecosystems: maven
Packages: net.mingsoft:ms-mcms
Source: GitHub Advisory Database
Blast Radius: 3.0
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS1nbXBoLXdmN2otOWdjbc4AAyiB
Etcd-io Improper Authentication vulnerability
Ecosystems: go
Packages: go.etcd.io/etcd/v3
Source: GitHub Advisory Database
Blast Radius: 31.0
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS02bTlmLXBqNnctdzg3Z84AAy88
Rancher Webhook is misconfigured during upgrade process
Ecosystems: go
Packages: github.com/rancher/rancher
Source: GitHub Advisory Database
Blast Radius: 16.0
Published: about 1 year ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW14cjUtcDM2di00Nzlt
Unrestricted Upload of File with Dangerous Type in jquery-file-upload
Ecosystems: npm
Packages: jquery-file-upload
Source: GitHub Advisory Database
Blast Radius: 25.8
Published: over 5 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJ4cTMtZ200cC01Zmo0
rails vulnerable to improper authentication
Ecosystems: rubygems
Packages: rails
Source: GitHub Advisory Database
Blast Radius: 58.4
Published: over 6 years ago
Critical
GSA_kwCzR0hTQS00eG03LTVxNzktM2ZjaM4AAz_y
XWiki Platform vulnerable to reflected cross-site scripting via xredirect parameter in DeleteApplication page
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-appwithinminutes-ui
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 11 months ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJ4MzItam05NS0yY3B4
Authentication Bypass in dex
Ecosystems: go
Packages: github.com/dexidp/dex
Source: GitHub Advisory Database
Blast Radius: 17.9
Published: over 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWh4N2otNDN3Mi03cmo3
Prototype pollution in nconf-toml
Ecosystems: npm
Packages: nconf-toml
Source: GitHub Advisory Database
Blast Radius: 6.8
Published: almost 3 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWd3dzctcDV3NC13cmZ2
Deserialization of Untrusted Data in jackson-databind
Ecosystems: maven
Packages: com.fasterxml.jackson.core:jackson-databind
Source: GitHub Advisory Database
Blast Radius: 52.8
Published: about 4 years ago
Critical
GSA_kwCzR0hTQS14YzkzLTU4N2ctbXhtN84AAyd0
Payara Server allows remote attackers to load malicious code on the server once a JNDI directory scan is performed
Ecosystems: maven
Packages: fish.payara.server:payara-aggregator
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS00cjJmLTZmbTktMnFnaM4AAw1-
Ecto lacks a protection mechanism
Ecosystems: hex
Packages: ecto
Source: GitHub Advisory Database
Blast Radius: 40.1
Published: over 1 year ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWNmNTUtcnE4eC1obTZm
Path Traversal in Dutchcoders transfer.sh
Ecosystems: go
Packages: github.com/dutchcoders/transfer.sh
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 3 years ago
Critical
GSA_kwCzR0hTQS03Nng0LXgzcDYtcnByOc4AAnsY
SaltStack Salt Directory Traversal vulnerability
Ecosystems: pypi
Packages: salt
Source: GitHub Advisory Database
Blast Radius: 23.9
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS05cTV3LTc5Y3YtOTQ3bc0Vog
Unsafe defaults in `remark-html`
Ecosystems: npm
Packages: remark-html
Source: GitHub Advisory Database
Blast Radius: 43.1
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS14eHczLTc2NW0tZjM3cM4AAnsH
SaltStack Salt Improper Authentication vulnerability
Ecosystems: pypi
Packages: salt
Source: GitHub Advisory Database
Blast Radius: 25.8
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS12dmozLTg1dmYtZmdtd84AAw93
global-modules-path Command Injection vulnerability
Ecosystems: npm
Packages: global-modules-path
Source: GitHub Advisory Database
Blast Radius: 46.5
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS14Z21oLWdmeHctMmh2ds4AAnsM
SaltStack Salt Server Side Template Injection
Ecosystems: pypi
Packages: salt
Source: GitHub Advisory Database
Blast Radius: 25.8
Published: almost 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTNxNXgtN214cC1ycDZq
Remote code execution via vulnerable Symphony dependecy injection
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 10.6
Published: over 4 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWY3OGYtMzUzbS1jZjRq
Code Injection in node-rules
Ecosystems: npm
Packages: node-rules
Source: GitHub Advisory Database
Blast Radius: 16.2
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS1nNHI4LTI4ZnAtZjI1Nc4AAwwx
aXMLRPC XML External Entity vulnerability
Ecosystems: maven
Packages: fr.turri:aXMLRPC
Source: GitHub Advisory Database
Blast Radius: 14.6
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS03cXFxLWdoMmYtd3E3Ns4AAt5c
ts-deepmerge before 2.0.2 vulnerable to Prototype Pollution
Ecosystems: npm
Packages: ts-deepmerge
Source: GitHub Advisory Database
Blast Radius: 33.3
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS04cnA2LXgzcjctNXF3M84AAnsd
SaltStack Salt is vulnerable to shell injection via ProxyCommand argument
Ecosystems: pypi
Packages: salt
Source: GitHub Advisory Database
Blast Radius: 25.8
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS13MmhyLTNtYzgtNDZnaM4AAnse
SaltStack Salt eauth tokens can be used once after expiration
Ecosystems: pypi
Packages: salt
Source: GitHub Advisory Database
Blast Radius: 23.9
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS0zaGM3LTJ4Y2MtN3A4Zs4AAwzZ
Squalor SQL Injection vulnerability
Ecosystems: go
Packages: github.com/square/squalor
Source: GitHub Advisory Database
Blast Radius: 4.7
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS1naGMyLWh4M3ctanFtcM4AAnsb
SaltStack Salt command injection in the Salt-API when using the Salt-SSH client
Ecosystems: pypi
Packages: salt
Source: GitHub Advisory Database
Blast Radius: 25.8
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS1yZ2czLTN3aDctdzkzNc0ypw
Unrestricted Upload of File with Dangerous Type in Zenario CMS
Ecosystems: packagist
Packages: tribalsystems/zenario
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS1yaDNtLXByMzYteGgyZs4AAwzQ
kelvinmo simplexrd vulnerable to Improper Restriction of XML External Entity Reference
Ecosystems: packagist
Packages: kelvinmo/simplexrd
Source: GitHub Advisory Database
Blast Radius: 7.6
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS1qNjZxLXFtcmMtODlyeM4AAm7X
jsonpickle unsafe deserialization
Ecosystems: pypi
Packages: jsonpickle
Source: GitHub Advisory Database
Blast Radius: 38.9
Published: almost 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTU2ODQtZzQ4My0yMjQ5
Signature Validation Bypass
Ecosystems: go
Packages: github.com/russellhaering/gosaml2
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 3 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXhocXEteDQ0Zi05Zmdn
Authentication Bypass in github.com/russellhaering/gosaml2
Ecosystems: go
Packages: github.com/russellhaering/gosaml2
Source: GitHub Advisory Database
Blast Radius: 21.5
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS02aHJnLXFtdmMtMnhoOM4AAvFP
joblib vulnerable to arbitrary code execution
Ecosystems: pypi
Packages: joblib
Source: GitHub Advisory Database
Blast Radius: 47.9
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS1mdmM2LXFqcDctbTRnNM06yw
Arbitrary file upload in Ghost
Ecosystems: npm
Packages: ghost
Source: GitHub Advisory Database
Blast Radius: 26.2
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS0zMmZ3LTl3cTgtOXg5Y84AAtxw
node-latex-pdf is susceptible to command injection
Ecosystems: npm
Packages: node-latex-pdf
Source: GitHub Advisory Database
Blast Radius: 5.9
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS1jcWZjLTk0NTItcjM2as4AAtxy
curljs Command Injection vulnerability
Ecosystems: npm
Packages: curljs
Source: GitHub Advisory Database
Blast Radius: 6.8
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS1waHJxLXY0cTItaG1xNs02Ag
Sabberworm PHP CSS Parser Code injection vulnerability in allSelectors()
Ecosystems: packagist
Packages: sabberworm/php-css-parser
Source: GitHub Advisory Database
Blast Radius: 42.3
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS1qcDQ1LTY1anctOTRtas4AAtx2
heroku-env susceptible to command injection
Ecosystems: npm
Packages: heroku-env
Source: GitHub Advisory Database
Blast Radius: 5.9
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS04dmoyLXZ4eDMtNjY3d80hfA
Arbitrary expression injection in Pillow
Ecosystems: pypi
Packages: Pillow
Source: GitHub Advisory Database
Blast Radius: 48.5
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS1wYzYyLWNxNXgtM2o1Z84AAto5
node-import `params` argument can be controlled by users without any sanitization
Ecosystems: npm
Packages: node-import
Source: GitHub Advisory Database
Blast Radius: 13.9
Published: almost 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTU3OWgtbXY5NC1nNGdw
Privilege Escalation in Kubernetes
Ecosystems: go
Packages: github.com/kubernetes/kubernetes
Source: GitHub Advisory Database
Blast Radius: 11.5
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS13cjR2LTNmMmgtNmhoaM4AAtpE
sonar-wrapper Command Injection vulnerability
Ecosystems: npm
Packages: sonar-wrapper
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Statistics
Advisories: 18,369
Packages: 8,294
Repositories: 1,289
Ecosystems: 12
Filter by Severity
Moderate 7,928 High 6,358 Critical 2,809 Low 985
Filter by Ecosystem
npm 952 maven 823 packagist 465 pypi 365 go 213 cargo 153 rubygems 110 nuget 49 actions 4 hex 4 swift 2
Filter by Package
magento/community-edition 27 com.fasterxml.jackson.core:jackson-databind 24 dolibarr/dolibarr 23 net.mingsoft:ms-mcms 18 org.jenkins-ci.main:jenkins-core 18 salt 16 moodle/moodle 15 topthink/framework 13 com.liferay.portal:release.portal.bom 13 langchain 12 drupal/core 12 com.liferay.portal:release.dxp.bom 12 org.apache.dubbo:dubbo 12 mlflow 12 magento/core 11 org.apache.struts:struts2-core 11 apache-airflow 10 vm2 10 tensorflow 9 org.xwiki.platform:xwiki-platform-oldcore 9 phpmyadmin/phpmyadmin 9 funadmin/funadmin 9 tensorflow-gpu 8 tensorflow-cpu 8 drupal/drupal 8 org.jeecgframework.boot:jeecg-boot-common 8 shopware/platform 8 rdiffweb 8 paddlepaddle 8 org.xwiki.platform:xwiki-platform-web-templates 8 ansible 7 froxlor/froxlor 7 rusqlite 7 studio-42/elfinder 7 org.xwiki.platform:xwiki-platform-administration-ui 7 sequelize 7 gogs.io/gogs 7 symfony/symfony 7 aaptjs 6 thorsten/phpmyfaq 6 parse-server 6 ezsystems/ezpublish-kernel 6 github.com/argoproj/argo-cd 6 github.com/answerdev/answer 6 org.apache.activemq:activemq-client 5 org.jeecgframework.boot:jeecg-boot-parent 5 ckb 5 nodebb 5 org.apache.tomcat.embed:tomcat-embed-core 5 org.jenkins-ci.plugins:script-security 5 steal 5 mercurial 5 centreon/centreon 5 zendframework/zendframework 5 org.xwiki.commons:xwiki-commons-xml 5 org.xwiki.platform:xwiki-platform-web 5 django 5 Microsoft.ChakraCore 5 shopware/core 5 org.apache.inlong:manager-pojo 5 safe-eval 5 Pillow 5 org.apache.shiro:shiro-core 5 org.apache.tapestry:tapestry-core 4 org.eclipse.jetty:jetty-server 4 smallvec 4 hermes-engine 4 pyload-ng 4 spree_auth_devise 4 contao/contao 4 librenms/librenms 4 PaddlePaddle 4 code.gitea.io/gitea 4 safer-eval 4 org.cloudfoundry.identity:cloudfoundry-identity-server 4 realms-shim 4 nukeviet/nukeviet 4 org.apache.openmeetings:openmeetings-parent 4 github.com/hashicorp/vault 4 baserproject/basercms 4 Django 4 calibreweb 4 mautic/core 4 swagger-ui 4 org.apache.inlong:manager-service 4 org.apache.kylin:kylin-server-base 4 org.xwiki.platform:xwiki-platform-flamingo-skin-resources 4 github.com/usememos/memos 4 prestashop/prestashop 4 net.opentsdb:opentsdb 4 github.com/argoproj/argo-cd/v2 4 feehi/cms 4 messagepack-rs 4 org.xwiki.platform:xwiki-platform-appwithinminutes-ui 4 apache-airflow-providers-apache-hive 4 openssl-src 4 org.jeecgframework.boot:jeecg-boot-base-core 4 nilsteampassnet/teampass 4 contao/core-bundle 4 github.com/pterodactyl/wings 3 rubygems-update 3 github.com/hashicorp/nomad 3 org.apache.any23:apache-any23 3 org.apache.ignite:ignite-core 3 org.apache.linkis:linkis 3 github.com/dexidp/dex 3 org.springframework.security:spring-security-core 3 nokogiri 3 @openzeppelin/contracts-upgradeable 3 codeigniter4/framework 3 io.dataease:dataease-plugin-common 3 feathers-sequelize 3 cobbler 3 zendframework/zendframework1 3 mongoose 3 nvflare 3 com.hazelcast:hazelcast 3 edu.stanford.nlp:stanford-corenlp 3 github.com/rancher/rancher 3 org.apache.inlong:manager-web 3 org.jenkins-ci.plugins:active-directory 3 org.apache.logging.log4j:log4j-core 3 org.apache.hadoop:hadoop-common 3 modoboa 3 org.apache.jmeter:ApacheJMeter 3 craftcms/cms 3 org.keycloak:keycloak-core 3 org.xwiki.platform:xwiki-platform-icon-ui 3 pimcore/pimcore 3 ro.pippo:pippo-core 3 io.undertow:undertow-core 3 showdoc/showdoc 3 symfony/security 3 symfony/security-core 3 com.jflyfox:jflyfox_jfinal 3 com.alibaba:dubbo 3 ezsystems/ezplatform-kernel 3 smarty/smarty 3 org.zenframework.z8.dependencies.commons:log4j-1.2.17 3 codiad/codiad 3 log4j:log4j 3 tribalsystems/zenario 3 org.xwiki.platform:xwiki-platform-flamingo-theme-ui 3 org.apache.ozone:ozone-main 3 phpmailer/phpmailer 3 org.apache.dolphinscheduler:dolphinscheduler 3 org.xwiki.platform:xwiki-platform-panels-ui 3 ray 3 francoisjacquet/rosariosis 3 strapi 3 org.jenkins-ci.plugins.workflow:workflow-cps 3 org.jeecgframework.boot:jeecg-boot-base 3 slp-validate 3 typo3/cms 3 facade/ignition 3 id-map 3 elefant/cms 3 impresscms/impresscms 3 handlebars 3 github.com/go-gitea/gitea 3 browserify-shim 3 org.xwiki.platform:xwiki-platform-search-ui 3 org.apache.storm:storm 3 dompdf/dompdf 3 org.apache.solr:solr-parent 3 org.richfaces:richfaces-core 3 ibexa/core 3 actix-web 3 lmdb 3 org.apache.solr:solr-core 3 jsrsasign 3 slpjs 3 publify_core 3 xcb 3 github.com/crewjam/saml 2 locutus 2 org.apache.shiro:shiro-web 2 tenvoy 2 org.apache.flume.flume-ng-sources:flume-jms-source 2 org.apache.derby:derby 2 org.apache.inlong:manager-dao 2 mathjs 2 github.com/sap/cloud-security-client-go 2 eslint-config-eslint 2 github.com/russellhaering/gosaml2 2 ghost 2 alextselegidis/easyappointments 2 org.springframework.amqp:spring-amqp 2 nadesiko3 2 apache-superset 2 org.apache.commons:commons-configuration2 2 llama-index 2 org.xwiki.platform:xwiki-platform-notifications-ui 2 traceroute 2 graphite-web 2 torchserve 2 com.hazelcast.jet:hazelcast-jet 2 org.xwiki.platform:xwiki-platform-attachment-ui 2 pidusage 2 org.xwiki.platform:xwiki-platform-invitation-ui 2
Filter by Repository
https://github.com/xwiki/xwiki-platform 81 https://github.com/FasterXML/jackson-databind 24 https://github.com/jenkinsci/jenkins 17 https://github.com/Dolibarr/dolibarr 15 https://github.com/saltstack/salt 14 https://github.com/apache/airflow 14 https://github.com/mlflow/mlflow 11 https://github.com/PaddlePaddle/Paddle 11 https://github.com/ming-soft/MCMS 10 https://github.com/patriksimek/vm2 10 https://github.com/jeecgboot/jeecg-boot 9 https://github.com/top-think/framework 9 https://github.com/funadmin/funadmin 9 https://github.com/tensorflow/tensorflow 9 https://github.com/apache/inlong 8 https://github.com/django/django 8 https://github.com/magento/magento2 8 https://github.com/ikus060/rdiffweb 8 https://github.com/langchain-ai/langchain 8 https://github.com/ansible/ansible 7 https://github.com/gogs/gogs 7 https://github.com/apache/struts 7 https://github.com/Studio-42/elFinder 7 https://github.com/argoproj/argo-cd 7 https://github.com/rusqlite/rusqlite 7 https://github.com/python-pillow/Pillow 7 https://github.com/sequelize/sequelize 7 https://github.com/go-gitea/gitea 7 https://github.com/parse-community/parse-server 6 https://github.com/answerdev/answer 6 https://github.com/thorsten/phpmyfaq 6 https://github.com/xwiki/xwiki-commons 6 https://github.com/shenzhim/aaptjs 6 https://github.com/shopware/platform 6 https://github.com/symfony/symfony 6 https://github.com/apache/tomcat 5 https://github.com/stealjs/steal 5 https://github.com/apache/activemq 5 https://github.com/nervosnetwork/ckb 5 https://github.com/NodeBB/NodeBB 5 https://github.com/moodle/moodle 5 https://github.com/hacksparrow/safe-eval 5 https://github.com/froxlor/froxlor 5 https://github.com/solidusio/solidus_auth_devise 5 https://github.com/keycloak/keycloak 5 https://github.com/dromara/hutool 4 https://github.com/dompdf/dompdf 4 https://github.com/ezsystems/ezpublish-kernel 4 https://github.com/pippo-java/pippo 4 https://github.com/janeczku/calibre-web 4 https://github.com/otake84/messagepack-rs 4 https://github.com/swagger-api/swagger-ui 4 https://github.com/contao/contao 4 https://github.com/OpenTSDB/opentsdb 4 https://github.com/PrestaShop/PrestaShop 4 https://github.com/CVEProject/cvelist 4 https://github.com/usememos/memos 4 https://github.com/liufee/cms 4 https://github.com/pyload/pyload 4 https://github.com/spring-projects/spring-framework 4 https://github.com/hwchase17/langchain 4 https://github.com/servo/rust-smallvec 4 https://github.com/cloudfoundry/uaa 4 https://github.com/neorazorx/facturascripts 3 https://github.com/github/securitylab 3 https://github.com/dexidp/dex 3 https://github.com/apache/shiro 3 https://github.com/feathersjs-ecosystem/feathers-sequelize 3 https://github.com/baserproject/basercms 3 https://github.com/pterodactyl/wings 3 https://github.com/simpleledger/slpjs 3 https://github.com/phpmyadmin/phpmyadmin 3 https://github.com/smarty-php/smarty 3 https://github.com/cobbler/cobbler 3 https://github.com/opencast/opencast 3 https://github.com/thlorenz/browserify-shim 3 https://github.com/facade/ignition 3 https://github.com/TeamSeri0us/pocs 3 https://github.com/rubygems/rubygems.org 3 https://github.com/facebook/hermes 3 https://github.com/mbechler/marshalsec 3 https://github.com/hazelcast/hazelcast 3 https://github.com/jflyfox/jfinal_cms 3 https://github.com/pimcore/pimcore 3 https://github.com/star7th/showdoc 3 https://github.com/rancher/rancher 3 https://github.com/ImpressCMS/impresscms 3 https://github.com/publify/publify 3 https://github.com/dwisiswant0/advisory 3 https://github.com/centreon/centreon-archived 3 https://github.com/shopware/shopware 3 https://github.com/LetianYuan/My-CVE-Public-References 3 https://github.com/kjur/jsrsasign 3 https://github.com/chakra-core/ChakraCore 3 https://github.com/dataease/dataease 3 https://github.com/run-llama/llama_index 3 https://github.com/jbroadway/elefant 3 https://github.com/strapi/strapi 3 https://github.com/apache/camel 3 https://github.com/octobercms/october 3 https://github.com/ibexa/core 3 https://github.com/denoland/deno 3 https://github.com/NVIDIA/NVFlare 3 https://github.com/crewjam/saml 3 https://github.com/modoboa/modoboa 3 https://github.com/actix/actix-web 3 https://github.com/PHPMailer/PHPMailer 3 https://github.com/ezsystems/ezplatform-kernel 3 https://github.com/rubygems/rubygems 3 https://github.com/nukeviet/nukeviet 3 https://github.com/twisted/twisted 3 https://github.com/craftcms/cms 3 https://github.com/andrewhickman/id-map 3 https://github.com/pytorch/serve 2 https://github.com/sidorares/node-mysql2 2 https://github.com/javamelody/javamelody 2 https://github.com/Netflix/security-bulletins 2 https://github.com/neo4j-contrib/neo4j-apoc-procedures 2 https://github.com/kubernetes/kubernetes 2 https://github.com/simpleledger/slp-validate.js 2 https://github.com/nodejs/llhttp 2 https://github.com/sjep/array 2 https://github.com/apache/submarine 2 https://github.com/OpenAPITools/openapi-generator 2 https://github.com/drupal/core 2 https://github.com/folio-org/mod-data-export-spring 2 https://github.com/apache/jmeter 2 https://github.com/google/flatbuffers 2 https://github.com/scalyr/scalyr-agent-2 2 https://github.com/IceWhaleTech/CasaOS 2 https://github.com/SAP/cloud-security-client-go 2 https://github.com/intelliants/subrion 2 https://github.com/benbusby/whoogle-search 2 https://github.com/laurent22/joplin 2 https://github.com/js-data/js-data 2 https://github.com/graphite-project/graphite-web 2 https://github.com/quarkusio/quarkus 2 https://github.com/gventuri/pandas-ai 2 https://github.com/dominictarr/event-stream 2 https://github.com/rochacbruno/quokka 2 https://github.com/Microsoft/ChakraCore 2 https://github.com/KnpLabs/snappy 2 https://github.com/gnzlbg/slice_deque 2 https://github.com/ADOdb/ADOdb 2 https://github.com/keystonejs/keystone 2 https://github.com/jfinal/jfinal 2 https://github.com/TribalSystems/Zenario 2 https://github.com/cockpit-hq/cockpit 2 https://github.com/stanfordnlp/corenlp 2 https://github.com/codeigniter4/CodeIgniter4 2 https://github.com/Automattic/mongoose 2 https://github.com/rest-client/rest-client 2 https://github.com/netvl/acc_reader 2 https://github.com/michaelschwarz/Ajax.NET-Professional 2 https://github.com/h2database/h2database 2 https://github.com/handlebars-lang/handlebars.js 2 https://github.com/jenkinsci/semantic-versioning-plugin 2 https://github.com/HtmlUnit/htmlunit 2 https://github.com/hashicorp/vault 2 https://github.com/totaljs/framework 2 https://github.com/noear/solon 2 https://github.com/top-think/thinkphp 2 https://github.com/getgrav/grav 2 https://github.com/web2py/web2py 2 https://github.com/SAP/cloud-pysec 2 https://github.com/nats-io/jwt 2 https://github.com/zoujingli/ThinkAdmin 2 https://github.com/jenkinsci/script-security-plugin 2 https://github.com/qcubed/qcubed 2 https://github.com/nystudio107/craft-seomatic 2 https://github.com/mautic/mautic 2 https://github.com/russellhaering/gosaml2 2 https://github.com/jmrozanec/cron-utils 2 https://github.com/hashicorp/go-getter 2 https://github.com/rubyzip/rubyzip 2 https://github.com/apache/kylin 2 https://github.com/ahdinosaur/set-in 2 https://github.com/waycrate/swhkd 2 https://github.com/ionicabizau/parse-url 2 https://github.com/reem/rust-traitobject 2 https://github.com/actix/actix-net 2 https://github.com/Agoric/realms-shim 2 https://github.com/gofiber/fiber 2 https://github.com/apache/incubator-streampark 2 https://github.com/git-lfs/git-lfs 2 https://github.com/puma/puma 2 https://github.com/skoranga/node-dns-sync 2 https://github.com/nilsteampassnet/teampass 2 https://github.com/evmos/evmos 2 https://github.com/rust-random/rand 2 https://github.com/MrSwitch/hello.js 2 https://github.com/OpenMage/magento-lts 2 https://github.com/ezsystems/ezplatform-admin-ui 2 https://github.com/xwiki/xwiki-rendering 2 https://github.com/grafana/grafana 2 https://github.com/Gerapy/Gerapy 2 https://github.com/Codiad/Codiad 2 https://github.com/moby/buildkit 2 https://github.com/soketi/soketi 2