Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

High Security Advisories

Loading...
High
GSA_kwCzR0hTQS14NzJmLWdnanctdjV4aM4AAoYA
Drupal Core Arbitrary PHP code execution vulnerability
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 32.8
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1qd3FyLWpjd3AtNDQ1d84AAWWR
OpenCart Cross-Site Request Forgery (CSRF)
Ecosystems: packagist
Packages: opencart/opencart
Source: GitHub Advisory Database
Blast Radius: 10.3
Published: almost 2 years ago
High
GSA_kwCzR0hTQS04djd2LTZtbW0teGp4bc4AAlC9
Dolibarr SQL injection vulnerability in accountancy/customer/card.php
Ecosystems: packagist
Packages: dolibarr/dolibarr
Source: GitHub Advisory Database
Blast Radius: 6.8
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1yMnZxLXA2NTgtcDI3NM4AAxlx
SameSite Attribute vulnerability in pimCore
Ecosystems: packagist
Packages: pimcore/pimcore
Source: GitHub Advisory Database
Blast Radius: 21.9
Published: about 1 year ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXB4NHctcmN2Mi02eDh4
Arbitrary code execution in Apache ServiceComb java-chassis
Ecosystems: maven
Packages: org.apache.servicecomb:java-chassis
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS02NXY2LTNjOW0taG1ycM4AAxK2
Arbitrary file write in net.mingsoft:ms-mcms
Ecosystems: maven
Packages: net.mingsoft:ms-mcms
Source: GitHub Advisory Database
Blast Radius: 2.6
Published: over 1 year ago
High
GSA_kwCzR0hTQS1mNnhwLTU5anEtcjM1Y84AAyiT
Phachon mm-wiki Cross Site Request Forgery vulnerability
Ecosystems: go
Packages: github.com/phachon/mm-wiki
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
High
GSA_kwCzR0hTQS1wZ2pjLWdjN2ctcDJjNs3uCg
Cloud Foundry UAA Privilege Escalation
Ecosystems: maven
Packages: org.cloudfoundry.identity:cloudfoundry-identity-server
Source: GitHub Advisory Database
Blast Radius: 10.3
Published: almost 2 years ago
High
GSA_kwCzR0hTQS12Y3FnLTNwMjkteHc3M80W2Q
Integer overflow in Pillow
Ecosystems: pypi
Packages: Pillow
Source: GitHub Advisory Database
Blast Radius: 43.6
Published: over 2 years ago
High
GSA_kwCzR0hTQS03MjIyLXIzN3gtOHEzbc4AAw_j
Apache Superset vulnerable to Cross-Site Request Forgery via legacy REST API endpoints
Ecosystems: pypi
Packages: apache-superset
Source: GitHub Advisory Database
Blast Radius: 11.8
Published: over 1 year ago
High
GSA_kwCzR0hTQS12eG1oLXA1MmotaDMzbc4AAxJ5
Session fixation vulnerability in Jenkins OpenId Connect Authentication Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:oic-auth
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
High
GSA_kwCzR0hTQS1mdzQ1LTkzOHYtcDI2as4AArAn
mootools-more vulnerable to prototype pollution
Ecosystems: npm
Packages: mootools-more
Source: GitHub Advisory Database
Blast Radius: 6.8
Published: almost 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTNjajMtanJycC05cnhm
Unchecked Return Value in xcb
Ecosystems: cargo
Packages: xcb
Source: GitHub Advisory Database
Blast Radius: 29.2
Published: over 2 years ago
High
GSA_kwCzR0hTQS12MzN4LXE4Z2gtNHg0Ms30UQ
Moodle multiple cross-site request forgery (CSRF) vulnerabilities
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 12.5
Published: almost 2 years ago
High
GSA_kwCzR0hTQS03cTU2LW1wNGMtZ2dnZ84AAc2q
Improper Access Control in Apache Hadoop
Ecosystems: maven
Packages: org.apache.hadoop:hadoop-common
Source: GitHub Advisory Database
Blast Radius: 38.3
Published: almost 2 years ago
High
GSA_kwCzR0hTQS0zdjdnLTRwZzMtN3I2as0vDg
OS Command injection in Apache Airflow
Ecosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Blast Radius: 28.1
Published: about 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTk1Y20tODhmNS1mMmM3
jackson-databind mishandles the interaction between serialization gadgets and typing
Ecosystems: maven
Packages: com.fasterxml.jackson.core:jackson-databind
Source: GitHub Advisory Database
Blast Radius: 47.4
Published: about 4 years ago
High
GSA_kwCzR0hTQS12NmM4LXB3aHEtMjg4bc4AA1aE
Nacos Spring vulnerable to Unsafe Deserialization
Ecosystems: maven
Packages: com.alibaba.nacos:nacos-spring-context
Source: GitHub Advisory Database
Blast Radius: 18.6
Published: 9 months ago
High
GSA_kwCzR0hTQS01aGZqLXI3MjUtd3BjNM0jVg
october/system arbitrary code execution
Ecosystems: packagist
Packages: october/system
Source: GitHub Advisory Database
Blast Radius: 22.3
Published: over 2 years ago
High
GSA_kwCzR0hTQS03aHFyLWoyNm0tZ213cM4AAQnJ
Pimcore Unserialize Remote Code Execution
Ecosystems: packagist
Packages: pimcore/pimcore
Source: GitHub Advisory Database
Blast Radius: 21.9
Published: almost 2 years ago
High
GSA_kwCzR0hTQS12dzI3LWZ3amYtNXF4bc0Wqg
Arbitrary command execution on Windows via qutebrowserurl: URL handler
Ecosystems: pypi
Packages: qutebrowser
Source: GitHub Advisory Database
Blast Radius: 11.6
Published: over 2 years ago
High
GSA_kwCzR0hTQS13djIzLXBmajctMm1qas0jVw
October/System authenticated file write leads to remote code execution
Ecosystems: packagist
Packages: october/system
Source: GitHub Advisory Database
Blast Radius: 22.3
Published: over 2 years ago
High
GSA_kwCzR0hTQS05ZnFjLTljcHItdzczcc4AAxav
froxlor is vulnerable to privilege escalation from customer to root via directory-options
Ecosystems: packagist
Packages: froxlor/froxlor
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
High
GSA_kwCzR0hTQS1mbXg0LTI2cjMtd3hwZs0v8A
Integer overflow in cmark-gfm table parsing extension leads to heap memory corruption
Ecosystems: rubygems
Packages: commonmarker
Source: GitHub Advisory Database
Blast Radius: 48.4
Published: about 2 years ago
High
GSA_kwCzR0hTQS1wcTdmLWNxNnEtOTR4aM4AAs5P
Cross-Site Request Forgery in Elefant CMS
Ecosystems: packagist
Packages: elefant/cms
Source: GitHub Advisory Database
Blast Radius: 5.3
Published: almost 2 years ago
High
GSA_kwCzR0hTQS02OTU0LWg1YzgtbTI5Zs4AAtsM
Jenkins Lucene-Search Plugin vulnerable to reflected (XSS) cross-site scripting
Ecosystems: maven
Packages: org.jenkins-ci.plugins:lucene-search
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
High
GSA_kwCzR0hTQS0yOTdmLXI5dzctdzQ5Ms4AAve8
Magento Improper input validation vulnerability
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 9.5
Published: over 1 year ago
High
GSA_kwCzR0hTQS01bXYyLXJ4M3EtNHcyds0pgA
Code injection in Twig
Ecosystems: packagist
Packages: twig/twig
Source: GitHub Advisory Database
Blast Radius: 45.1
Published: about 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWg1OWYtcDU2Zy1nNzV2
SQL Injection in librenms
Ecosystems: packagist
Packages: librenms/librenms
Source: GitHub Advisory Database
Blast Radius: 2.6
Published: almost 3 years ago
High
GSA_kwCzR0hTQS1jNDVjLTM5ZjYtNmd3Oc4AAxI_
Rancher generated tokens not revoked after modifications made to authentication provider
Ecosystems: go
Packages: github.com/rancher/rancher
Source: GitHub Advisory Database
Blast Radius: 14.1
Published: over 1 year ago
High
GSA_kwCzR0hTQS03dnI1LTcydzctcTZqY84AAvdg
Sandbox bypass vulnerabilities in Jenkins Script Security Plugin and in Pipeline: Groovy Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins.workflow:workflow-cps, org.jenkins-ci.plugins:script-security
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
High
GSA_kwCzR0hTQS05cjNoLXdtM3gtdjI0Nc4AAlOm
RCE vulnerability in ElasticBox Jenkins Kubernetes CI/CD Plugin
Ecosystems: maven
Packages: com.elasticbox.jenkins-ci.plugins:kubernetes-ci
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
High
GSA_kwCzR0hTQS12M2M5LXc2ZzItaGpnM84AAgdO
Cross-Site Request Forgery in XXL-Job
Ecosystems: maven
Packages: com.xuxueli:xxl-job
Source: GitHub Advisory Database
Blast Radius: 6.2
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1mNmZtLXIyNnEtcDc0N84AAgbL
Improper Removal of Sensitive Information Before Storage or Transfer in Strapi
Ecosystems: npm
Packages: @strapi/strapi, strapi
Source: GitHub Advisory Database
Blast Radius: 31.8
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1xeHBtLTVnaGMtNmdjMs4AAx84
jeecg-boot contains SQL Injection vulnerability
Ecosystems: maven
Packages: org.jeecgframework.boot:jeecg-boot-parent
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
High
GSA_kwCzR0hTQS02djU1LWg2bTUtMjM1Ms4AA3kq
Cross-Site Request Forgery in JFinalCMS via /admin/div/delete
Ecosystems: maven
Packages: com.jfinal:jfinal
Source: GitHub Advisory Database
Blast Radius: 25.8
Published: 5 months ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWg1aDgtcGM2aC1qdnZ4
Composer's missing argument delimiter can lead to code execution via VCS repository URLs or source download URLs on systems with Mercurial
Ecosystems: packagist
Packages: composer/composer
Source: GitHub Advisory Database
Blast Radius: 40.0
Published: about 3 years ago
High
GSA_kwCzR0hTQS1oN3ZxLTVxZ3ctand3cc0WlA
CSV Injection Vulnerability
Ecosystems: packagist
Packages: craftcms/cms
Source: GitHub Advisory Database
Blast Radius: 30.3
Published: over 2 years ago
High
GSA_kwCzR0hTQS1xNTY0LXZ2eDgtOTM4OM4AAmCg
CSRF vulnerability in Jenkins warnings Plugin allows remote code execution
Ecosystems: maven
Packages: org.jvnet.hudson.plugins:warnings
Source: GitHub Advisory Database
Blast Radius: 10.1
Published: almost 2 years ago
High
GSA_kwCzR0hTQS0yMmNxLXh4cjktanJyds4AAUs0
Zenario CMS vulnerable to CSRF
Ecosystems: packagist
Packages: tribalsystems/zenario
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
High
GSA_kwCzR0hTQS0ydzRoLWY0NHctOTY4Zs4AApV5
Improper Privilege Management in Neo4j Graph Database
Ecosystems: maven
Packages: org.neo4j:neo4j-kernel
Source: GitHub Advisory Database
Blast Radius: 25.9
Published: almost 2 years ago
High
GSA_kwCzR0hTQS02MzR4LXBjM3EtY2Y0Y84AArNC
PHP Code Injection by malicious block or filename in Smarty
Ecosystems: packagist
Packages: smarty/smarty
Source: GitHub Advisory Database
Blast Radius: 29.7
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1yM3AzLTVmMzUtaDZtZs4AAwpF
usememos/memos Improper Privilege Management vulnerability
Ecosystems: go
Packages: github.com/usememos/memos
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
High
GSA_kwCzR0hTQS1tanZjLWo2cnYtOXhqOM0uPA
Insertion of Sensitive Information Into Debugging Code in Microweber
Ecosystems: packagist
Packages: microweber/microweber
Source: GitHub Advisory Database
Blast Radius: 6.2
Published: about 2 years ago
High
GSA_kwCzR0hTQS0zbXBnLXEyNmotODNqNc4AAxHH
Command injection in yiisoft/yii2-gii
Ecosystems: packagist
Packages: yiisoft/yii2-gii
Source: GitHub Advisory Database
Blast Radius: 37.6
Published: over 1 year ago
High
GSA_kwCzR0hTQS1mcTRoLW0zYzgtOG0yds4AArip
Improper Privilege Management in NocoDB
Ecosystems: npm
Packages: nocodb
Source: GitHub Advisory Database
Blast Radius: 14.9
Published: almost 2 years ago
High
GSA_kwCzR0hTQS05djczLXg1NjItd3Y1eM4AArVa
OS Command Injection in gitsome
Ecosystems: npm
Packages: gitsome
Source: GitHub Advisory Database
Blast Radius: 2.6
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1wcjloLWc3cDctcnJxaM4AAXci
XML External Entity Reference in Jenkins FindBugs Plugin
Ecosystems: maven
Packages: org.jvnet.hudson.plugins.findbugs:library
Source: GitHub Advisory Database
Blast Radius: 5.3
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1qOTdnLTc3ZmotOWM0cM4AAyrA
Answer vulnerable to account takeover because password reset links do not expire
Ecosystems: go
Packages: github.com/answerdev/answer
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
High
GSA_kwCzR0hTQS0yOTd4LTh4ajQtdmN4ds4AAj6G
Improper Control of Generation of Code in doT
Ecosystems: npm
Packages: dot
Source: GitHub Advisory Database
Blast Radius: 42.7
Published: almost 2 years ago
High
GSA_kwCzR0hTQS13MjNxLTRodzMtMnBwNs4AA1vd
Minio vulnerable to Privilege Escalation on Windows via Path separator manipulation
Ecosystems: go
Packages: github.com/minio/minio
Source: GitHub Advisory Database
Blast Radius: 19.4
Published: 8 months ago
High
GSA_kwCzR0hTQS0zNXJmLXYyanYtZ2ZnN80XKA
Privilege escalation to cluster admin on multi-tenant environments
Ecosystems: go
Packages: github.com/fluxcd/kustomize-controller
Source: GitHub Advisory Database
Blast Radius: 12.1
Published: over 2 years ago
High
GSA_kwCzR0hTQS00aDljLXY1dmctNW02bc0hUA
Access to restricted PHP code by dynamic static class access in smarty
Ecosystems: packagist
Packages: smarty/smarty
Source: GitHub Advisory Database
Blast Radius: 29.7
Published: over 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWMzMnctM2NxaC1mNmp4
Weak Password Recovery Mechanism for Forgotten Password
Ecosystems: packagist
Packages: dolibarr/dolibarr
Source: GitHub Advisory Database
Blast Radius: 6.8
Published: over 2 years ago
High
GSA_kwCzR0hTQS1wNHA1LTN2MmotdzVyds4AASlG
Improper Privilege Management in Jenkins
Ecosystems: maven
Packages: org.jenkins-ci.plugins:script-security
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXE3cGYtcXI5Ni0ydnE1
Deserialization of Untrusted Data in swagger-parser
Ecosystems: maven
Packages: io.swagger:swagger-parser, io.swagger:swagger-codegen
Source: GitHub Advisory Database
Blast Radius: 22.1
Published: over 5 years ago
High
GSA_kwCzR0hTQS0zcDl2LXhwNnctd2NtY84AAUyK
QuickAppsCMS Cross-Site Request Forgery (CSRF)
Ecosystems: packagist
Packages: quickapps/cms
Source: GitHub Advisory Database
Blast Radius: 7.9
Published: almost 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWp2OWMtdzc0cS02NzYy
Insecure permissions on build temporary rootfs in Singularity
Ecosystems: go
Packages: github.com/sylabs/singularity
Source: GitHub Advisory Database
Blast Radius: 7.9
Published: almost 3 years ago
High
GSA_kwCzR0hTQS1tMnhwLWp4ZmctcXE2Z84AAv_x
CKAN contains Improper Authentication leading to account takeover
Ecosystems: pypi
Packages: ckan
Source: GitHub Advisory Database
Blast Radius: 12.1
Published: over 1 year ago
High
GSA_kwCzR0hTQS1yd2NmLWdxMjItcGg4M84AAvoH
IBAX go-ibax vulnerable to SQL injection
Ecosystems: go
Packages: github.com/IBAX-io/go-ibax
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
High
GSA_kwCzR0hTQS04aGNoLXE4NmctajM4d84AA3kc
Cross-Site Request Forgery in JFinalCMS via /admin/category/update
Ecosystems: maven
Packages: com.jfinal:jfinal
Source: GitHub Advisory Database
Blast Radius: 25.8
Published: 5 months ago
High
GSA_kwCzR0hTQS1xdnc5LTY1Njctd3E3OM4AAlco
MunkiReport reportdata module SQL injection vulnerability
Ecosystems: packagist
Packages: munkireport/reportdata
Source: GitHub Advisory Database
Blast Radius: 2.6
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1yZ3A1LW0ycHEtM2ZtZ80t0Q
Cross-site Scripting in microweber
Ecosystems: packagist
Packages: microweber/microweber
Source: GitHub Advisory Database
Blast Radius: 6.2
Published: about 2 years ago
High
GSA_kwCzR0hTQS00djJxLWhqeDMtYzR2cs4AAq98
Magento remote code execution vulnerability
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 9.5
Published: almost 2 years ago
High
GSA_kwCzR0hTQS13MnBtLXI3OGgtNG03ds0dSA
OS Command Injection in Laravel Framework
Ecosystems: packagist
Packages: laravel/framework
Source: GitHub Advisory Database
Blast Radius: 50.0
Published: over 2 years ago
High
GSA_kwCzR0hTQS01anFwLXdtaGotZzMzZs4AAwqB
usememos/memos Cross-Site Request Forgery vulnerability
Ecosystems: go
Packages: github.com/usememos/memos
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
High
GSA_kwCzR0hTQS02eDJtLXc0NDktcXd4N80y7g
Code Injection in CRI-O
Ecosystems: go
Packages: github.com/cri-o/cri-o
Source: GitHub Advisory Database
Blast Radius: 15.7
Published: about 2 years ago
High
GSA_kwCzR0hTQS02ZzU2LXY5cWctanA5Ms4AA7S7
Heketi Arbitrary Code Execution
Ecosystems: go
Packages: github.com/heketi/heketi
Source: GitHub Advisory Database
Blast Radius: 30.8
Published: 10 days ago
High
GSA_kwCzR0hTQS1od3FjLXBnanctdmpxcM0WDg
Cross-Site Request Forgery in GilaCMS
Ecosystems: packagist
Packages: gilacms/gila
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
High
GSA_kwCzR0hTQS02Y3ZtLXY2cWotaGpxOc4AASk2
CSRF vulnerability and missing permission checks in GitHub Plugin allowed capturing credentials
Ecosystems: maven
Packages: com.coravy.hudson.plugins.github:github
Source: GitHub Advisory Database
Blast Radius: 21.6
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1qNjY0LXFoaDQtaHBmOM4AAyCa
Cross-site Scripting vulnerability in Jenkins
Ecosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
High
GSA_kwCzR0hTQS0zanJqLXg2Y2otOTdjcM4AAqu3
Moodle contains CSRF vulnerability
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 12.5
Published: almost 2 years ago
High
GSA_kwCzR0hTQS03OGhqLTk1MnEtOTlyd84AAUaT
Dolibarr error-based SQL injection vulnerability in product/card.php
Ecosystems: packagist
Packages: dolibarr/dolibarr
Source: GitHub Advisory Database
Blast Radius: 6.8
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1mNzdoLW05dzItdnZnMs0Y3A
showdoc is vulnerable to Cross-Site Request Forgery (CSRF)
Ecosystems: packagist
Packages: showdoc/showdoc
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWZqcXItZngzZi1nNHJ2
Electron protocol handler browser vulnerable to Command Injection
Ecosystems: npm
Packages: electron
Source: GitHub Advisory Database
Blast Radius: 43.7
Published: about 6 years ago
High
GSA_kwCzR0hTQS1wN3FxLXJydncteDU1eM4AAxzp
Froxlor Cross-Site Request Forgery vulnerability
Ecosystems: packagist
Packages: froxlor/froxlor
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW12NTUtMjN4cC0zd3A4
Access control flaw in Kiali
Ecosystems: go
Packages: github.com/kiali/kiali
Source: GitHub Advisory Database
Blast Radius: 8.4
Published: almost 3 years ago
High
GSA_kwCzR0hTQS1qcXdoLWpycGctNWozaM4AATaI
Jenkins Favorite Plugin vulnerable to Cross-Site Request Forgery
Ecosystems: maven
Packages: org.jvnet.hudson.plugins:favorite
Source: GitHub Advisory Database
Blast Radius: 17.0
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1tNHBxLWZ2MnctNmhyd84AA5xp
Deno's deno_runtime vulnerable to interactive permission prompt spoofing via improper ANSI stripping
Ecosystems: cargo
Packages: deno_runtime
Source: GitHub Advisory Database
Blast Radius: 13.7
Published: about 2 months ago
High
GSA_kwCzR0hTQS1oaG1mLTdyZ2ctZ2N3Nc4AAjY6
Plone SQL Injection Vulnerability
Ecosystems: pypi
Packages: Plone
Source: GitHub Advisory Database
Blast Radius: 7.4
Published: almost 2 years ago
High
GSA_kwCzR0hTQS12cDRyLWg3NjUtNW13cM4AAxtC
Code Injection in froxlor/froxlor
Ecosystems: packagist
Packages: froxlor/froxlor
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTU4cHAtOWM3Ni01NjI1
jackson-databind mishandles the interaction between serialization gadgets and typing
Ecosystems: maven
Packages: com.fasterxml.jackson.core:jackson-databind
Source: GitHub Advisory Database
Blast Radius: 47.4
Published: almost 4 years ago
High
GSA_kwCzR0hTQS03cXc0LTlyNjgtMnJteM4AA5Em
mingSoft MCMS File Upload vulnerability
Ecosystems: maven
Packages: net.mingsoft:ms-mcms
Source: GitHub Advisory Database
Blast Radius: 2.6
Published: 3 months ago
High
GSA_kwCzR0hTQS0yamd3LTI4cWgtNm1nOM4AAyuZ
Jenkins Quay.io trigger Plugin Cross-site Scripting vulnerability
Ecosystems: maven
Packages: org.jenkins-ci.plugins:quayio-trigger
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
High
GSA_kwCzR0hTQS00N2g2LWhmcHYtN3Boas4AAilz
Magento 2 Community Edition RCE Vulnerability
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 9.5
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1qZjlqLWh4MmotbTl4aM4AAlx7
CSRF vulnerability in Jenkins Database Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:database
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
High
GSA_kwCzR0hTQS01cXc1LTg5bXctd2NnMs0ohQ
Out of bounds write in Tensorflow
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 42.8
Published: about 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZ4NDgtajR4NC1jcXcz
Path Traversal in Hadoop
Ecosystems: maven
Packages: org.apache.hadoop:hadoop-main
Source: GitHub Advisory Database
Blast Radius: 7.9
Published: over 5 years ago
High
GSA_kwCzR0hTQS1xNWg2LTQ5Z2ctMndmZ84AAnmm
GramAddict bot uses dependency with reverse tcp backdoor
Ecosystems: pypi
Packages: GramAddict
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
High
GSA_kwCzR0hTQS01cjNmLTNtM2otd2NqMs02qA
SaltStack Salt Authentication Bypass by Capture-replay
Ecosystems: pypi
Packages: salt
Source: GitHub Advisory Database
Blast Radius: 23.2
Published: about 2 years ago
High
GSA_kwCzR0hTQS14ZzV2LTY5NmgtYzN2cs4AAXVN
Cloud Foundry UAA SessionID present in Audit Event Logs
Ecosystems: maven
Packages: org.cloudfoundry.identity:cloudfoundry-identity-server
Source: GitHub Advisory Database
Blast Radius: 10.3
Published: almost 2 years ago
High
GSA_kwCzR0hTQS00cHd3LWZxZ2gtMzZoas0xVA
Unrestricted Upload of File with Dangerous Type in Croogo
Ecosystems: packagist
Packages: croogo/croogo
Source: GitHub Advisory Database
Blast Radius: 14.5
Published: about 2 years ago
High
GSA_kwCzR0hTQS12ajN4LXZmbTQtaHZ4Y84AAiLR
phpBB Cross-Site Request Forgery (CSRF)
Ecosystems: packagist
Packages: phpbb/phpbb
Source: GitHub Advisory Database
Blast Radius: 19.6
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1oNjhjLTRqaDMtY3A5as4AAj7a
Umbraco CMS Authenticated File Upload
Ecosystems: nuget
Packages: UmbracoCMS.Core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
High
GSA_kwCzR0hTQS01eHI1LXYyaDctMnc3d84AArMn
SQL injection in SiteServer CMS
Ecosystems: nuget
Packages: SSCMS
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
High
GSA_kwCzR0hTQS02MmcyLThwOWYtZ2hqcM4AAXC5
QuickAppsCMS Cross-Site Request Forgery (CSRF)
Ecosystems: packagist
Packages: quickapps/cms
Source: GitHub Advisory Database
Blast Radius: 7.9
Published: almost 2 years ago
High
GSA_kwCzR0hTQS05Yzc4LXZjcTctN3Z4cc0ogQ
Out of bounds write in TFLite
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 42.8
Published: about 2 years ago
High
GSA_kwCzR0hTQS1jY3c4LTc2ODgtdnF4NM0Vpw
HashiCorp Consul Privilege Escalation Vulnerability
Ecosystems: go
Packages: github.com/hashicorp/consul
Source: GitHub Advisory Database
Blast Radius: 30.6
Published: over 2 years ago
High
GSA_kwCzR0hTQS1najNxLXA4Y20tMjZybc4AAjxj
Sandbox bypass vulnerability in Script Security Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:script-security
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
High
GSA_kwCzR0hTQS00dzU5LWMzZ2MtcnJocM4AAx3q
vantage6 refresh tokens do not expire
Ecosystems: pypi
Packages: vantage6
Source: GitHub Advisory Database
Blast Radius: 8.4
Published: about 1 year ago
Statistics
Advisories: 18,369
Packages: 8,294
Repositories: 2,439
Ecosystems: 12
Filter by Severity
Moderate 7,928 High 6,358 Critical 2,809 Low 985
Filter by Ecosystem
maven 1,875 npm 1,402 pypi 1,170 packagist 1,024 nuget 785 go 687 cargo 323 rubygems 284 swift 16 hex 9 actions 8 pub 4
Filter by Package
Microsoft.ChakraCore 234 tensorflow 107 tensorflow-cpu 95 tensorflow-gpu 93 magento/community-edition 55 org.jenkins-ci.main:jenkins-core 48 moodle/moodle 44 com.fasterxml.jackson.core:jackson-databind 43 org.apache.tomcat:tomcat 33 dolibarr/dolibarr 31 drupal/core 28 microweber/microweber 27 pimcore/pimcore 27 nokogiri 25 drupal/drupal 24 org.apache.struts:struts2-core 23 phpmyadmin/phpmyadmin 23 typo3/cms 22 opencv-python 22 opencv-contrib-python 22 com.thoughtworks.xstream:xstream 22 Pillow 21 com.jfinal:jfinal 21 ansible 20 thorsten/phpmyfaq 19 github.com/rancher/rancher 19 django 19 typo3/cms-core 18 org.jenkins-ci.plugins:script-security 18 librenms/librenms 18 salt 18 openssl-src 17 pocketmine/pocketmine-mp 17 mlflow 17 org.apache.tomcat.embed:tomcat-embed-core 16 apache-airflow 16 symfony/symfony 16 rdiffweb 15 getgrav/grav 15 nilsteampassnet/teampass 15 parse-server 15 net.mingsoft:ms-mcms 14 Plone 14 centreon/centreon 14 vyper 14 github.com/hashicorp/consul 14 Microsoft.AspNetCore.App.Runtime.win-x86 14 Microsoft.AspNetCore.App.Runtime.win-x64 14 golang.org/x/net 13 rubygems-update 13 Microsoft.AspNetCore.App.Runtime.win-arm 13 github.com/usememos/memos 13 Microsoft.AspNetCore.App.Runtime.osx-x64 12 Microsoft.AspNetCore.App.Runtime.win-arm64 12 org.keycloak:keycloak-core 12 Microsoft.AspNetCore.App.Runtime.linux-x64 12 Microsoft.AspNetCore.App.Runtime.linux-musl-x64 12 Microsoft.AspNetCore.App.Runtime.linux-musl-arm64 12 Microsoft.AspNetCore.App.Runtime.linux-arm64 12 baserproject/basercms 12 electron 12 activerecord 12 org.apache.openmeetings:openmeetings-parent 12 Microsoft.AspNetCore.App.Runtime.linux-arm 12 org.keycloak:keycloak-parent 11 mautic/core 11 github.com/argoproj/argo-cd 11 intelliants/subrion 11 actionpack 11 io.undertow:undertow-core 11 github.com/nats-io/nats-server/v2 11 github.com/hashicorp/vault 11 cobbler 10 cockpit-hq/cockpit 10 org.springframework.security:spring-security-core 10 org.apache.nifi:nifi 10 github.com/hashicorp/nomad 10 shopware/platform 10 froxlor/froxlor 10 org.xwiki.platform:xwiki-platform-oldcore 10 matrix-synapse 10 openmage/magento-lts 10 craftcms/cms 9 org.cloudfoundry.identity:cloudfoundry-identity-server 9 Django 9 org.apache.geode:geode-core 9 org.apache.solr:solr-core 9 rusqlite 9 org.apache.struts.xwork:xwork-core 9 org.apache.hadoop:hadoop-main 9 org.bouncycastle:bcprov-jdk14 9 Microsoft.NetCore.App.Runtime.win-x86 9 Microsoft.NetCore.App.Runtime.win-arm 9 ckb 9 Microsoft.NetCore.App.Runtime.win-x64 9 Microsoft.NetCore.App.Runtime.win-arm64 9 mercurial 9 Microsoft.AspNetCore.App.Runtime.linux-musl-arm 8 Microsoft.NETCore.App.Runtime.win-arm64 8 october/system 8 github.com/ethereum/go-ethereum 8 shopware/core 8 gradio 8 org.keycloak:keycloak-services 8 Microsoft.NETCore.App.Runtime.win-x86 8 github.com/sylabs/singularity 8 org.bouncycastle:bcprov-jdk15 8 Microsoft.NETCore.App.Runtime.win-x64 8 com.liferay.portal:release.portal.bom 7 apache-superset 7 gogs.io/gogs 7 DotNetNuke.Core 7 org.craftercms:crafter-studio 7 smarty/smarty 7 snipe/snipe-it 7 symfony/security 7 phpmailer/phpmailer 7 pillow 7 org.eclipse.jetty:jetty-server 7 org.jenkins-ci.plugins.workflow:workflow-cps-global-lib 7 codeigniter4/framework 7 cakephp/cakephp 7 com.xuxueli:xxl-job 7 strapi 7 org.elasticsearch:elasticsearch 7 cn.hutool:hutool-core 7 magento/core 7 org.jenkins-ci.plugins.workflow:workflow-cps 7 org.springframework:spring-core 7 org.apache.commons:commons-compress 7 tar 7 github.com/docker/docker 7 handlebars 6 github.com/zitadel/zitadel 6 waitress 6 de.tum.in.ase:artemis-java-test-sandbox 6 npm 6 symfony/security-http 6 prestashop/prestashop 6 composer/composer 6 Microsoft.AspNetCore.App.Runtime.osx-arm64 6 @openzeppelin/contracts 6 github.com/traefik/traefik/v2 6 Microsoft.AspNetCore.All 6 guzzlehttp/guzzle 6 opencv-contrib-python-headless 6 org.apache.tomcat:tomcat-coyote 6 opencv-python-headless 6 github.com/gravitl/netmaker 6 contao/contao 6 Microsoft.NETCore.App 6 contao/core-bundle 6 deno 6 org.apache.camel:camel-core 6 @strapi/strapi 6 sized-chunks 6 k8s.io/kubernetes 6 org.apache.inlong:manager-pojo 6 golang.org/x/crypto 6 github.com/hyperledger/fabric 6 sequelize 6 kiwitcms 6 org.apache.cxf:cxf 6 cryptography 6 istio.io/istio 6 org.apache.tika:tika-core 6 wwbn/avideo 6 laravel/framework 6 rack 6 express-cart 6 github.com/cilium/cilium 5 keystone 5 zope 5 directus 5 pear/archive_tar 5 Microsoft.WindowsDesktop.App.Runtime.win-x64 5 github.com/go-gitea/gitea 5 next 5 org.apache.tomcat:tomcat-catalina 5 CefSharp.Common 5 Microsoft.WindowsDesktop.App.Runtime.win-x86 5 passenger 5 org.xwiki.platform:xwiki-platform-web 5 forkcms/forkcms 5 org.apache.xmlgraphics:batik 5 serve 5 statamic/cms 5 getkirby/cms 5 github.com/nats-io/jwt 5 OPCFoundation.NetStandard.Opc.Ua.Core 5 org.apache.mesos:mesos 5 github.com/answerdev/answer 5 @openzeppelin/contracts-upgradeable 5 plone 5 aubio 5 code.gitea.io/gitea 5 org.apache.dolphinscheduler:dolphinscheduler 5 genix/cms 5 matrix-js-sdk 5 com.vaadin:vaadin-bom 5
Filter by Repository
https://github.com/chakra-core/ChakraCore 204 https://github.com/tensorflow/tensorflow 107 https://github.com/xwiki/xwiki-platform 48 https://github.com/FasterXML/jackson-databind 44 https://github.com/jenkinsci/jenkins 36 https://github.com/apache/tomcat 34 https://github.com/python-pillow/Pillow 26 https://github.com/apache/airflow 25 https://github.com/microweber/microweber 25 https://github.com/pimcore/pimcore 25 https://github.com/moodle/moodle 24 https://github.com/keycloak/keycloak 22 https://github.com/x-stream/xstream 22 https://github.com/apache/struts 22 https://github.com/opencv/opencv 21 https://github.com/sparklemotion/nokogiri 20 https://github.com/django/django 20 https://github.com/Dolibarr/dolibarr 19 https://github.com/thorsten/phpmyfaq 18 https://github.com/dotnet/runtime 17 https://github.com/pmmp/PocketMine-MP 17 https://github.com/symfony/symfony 16 https://github.com/spring-projects/spring-framework 16 https://github.com/rancher/rancher 16 https://github.com/ansible/ansible 15 https://github.com/parse-community/parse-server 15 https://github.com/ikus060/rdiffweb 15 https://github.com/vyperlang/vyper 14 https://github.com/github/advisory-database 14 https://github.com/librenms/librenms 14 https://github.com/apache/inlong 13 https://github.com/usememos/memos 13 https://github.com/jenkinsci/script-security-plugin 13 https://github.com/getgrav/grav 13 https://github.com/rails/rails 12 https://github.com/mlflow/mlflow 12 https://github.com/hashicorp/consul 11 https://github.com/mautic/mautic 11 https://github.com/electron/electron 11 https://github.com/apache/nifi 11 https://github.com/argoproj/argo-cd 10 https://github.com/go-gitea/gitea 10 https://github.com/OpenMage/magento-lts 10 https://github.com/octobercms/october 10 https://github.com/centreon/centreon 10 https://github.com/apache/camel 9 https://github.com/cui2shark/cms 9 https://github.com/rusqlite/rusqlite 9 https://github.com/strapi/strapi 9 https://github.com/kubernetes/kubernetes 9 https://github.com/cloudfoundry/uaa 9 https://github.com/golang/go 9 https://github.com/nervosnetwork/ckb 9 https://github.com/nilsteampassnet/teampass 9 https://github.com/shopware/platform 8 https://github.com/gradio-app/gradio 8 https://github.com/matrix-org/synapse 8 https://github.com/bcgit/bc-java 8 https://github.com/TYPO3/TYPO3.CMS 8 https://github.com/cockpit-hq/cockpit 8 https://github.com/cobbler/cobbler 8 https://github.com/nats-io/nats-server 8 https://github.com/netty/netty 7 https://github.com/DSpace/DSpace 7 https://github.com/dotnet/aspnetcore 7 https://github.com/plone/Products.CMFPlone 7 https://github.com/eclipse/jetty.project 7 https://github.com/snipe/snipe-it 7 https://github.com/rubygems/rubygems 7 https://github.com/hashicorp/vault 7 https://github.com/spring-projects/spring-security 7 https://github.com/undertow-io/undertow 7 https://github.com/apache/cxf 7 https://github.com/denoland/deno 7 https://github.com/PHPMailer/PHPMailer 7 https://github.com/apache/activemq 7 https://github.com/zitadel/zitadel 6 https://github.com/dnnsoftware/Dnn.Platform 6 https://github.com/dromara/hutool 6 https://github.com/opencast/opencast 6 https://github.com/contao/contao 6 https://github.com/CVEProject/cvelist 6 https://github.com/OpenNMS/opennms 6 https://github.com/intelliants/subrion 6 https://github.com/npm/node-tar 6 https://github.com/sequelize/sequelize 6 https://github.com/pyca/cryptography 6 https://github.com/backstage/backstage 6 https://github.com/gravitl/netmaker 6 https://github.com/guzzle/guzzle 6 https://github.com/smarty-php/smarty 6 https://github.com/nilsteampassnet/TeamPass 6 https://github.com/WWBN/AVideo 6 https://github.com/magento/magento2 6 https://github.com/ls1intum/Ares 6 https://github.com/Pylons/waitress 6 https://github.com/istio/istio 6 https://github.com/saltstack/salt 6 https://github.com/xuxueli/xxl-job 6 https://github.com/DrunkenShells/Disclosures 6 https://github.com/OPCFoundation/UA-.NETStandard 6 https://github.com/bodil/sized-chunks 6 https://github.com/OpenZeppelin/openzeppelin-contracts 6 https://github.com/phpmyadmin/phpmyadmin 6 https://github.com/PaddlePaddle/Paddle 6 https://github.com/hyperledger/fabric 6 https://github.com/kiwitcms/Kiwi 6 https://github.com/froxlor/froxlor 6 https://github.com/TYPO3/typo3 6 https://github.com/twisted/twisted 5 https://github.com/forkcms/forkcms 5 https://github.com/cefsharp/CefSharp 5 https://github.com/aubio/aubio 5 https://github.com/apache/hadoop 5 https://github.com/gogs/gogs 5 https://github.com/directus/directus 5 https://github.com/cakephp/cakephp 5 https://github.com/matrix-org/matrix-js-sdk 5 https://github.com/traefik/traefik 5 https://github.com/docker/docker 5 https://github.com/hpcng/singularity 5 https://github.com/apache/xmlgraphics-batik 5 https://github.com/getkirby/kirby 5 https://github.com/nautobot/nautobot 5 https://github.com/cilium/cilium 5 https://github.com/faisalman/ua-parser-js 5 https://github.com/PrestaShop/PrestaShop 5 https://github.com/pear/Archive_Tar 5 https://github.com/BlackFan/client-side-prototype-pollution 5 https://github.com/laravel/framework 5 https://github.com/composer/composer 5 https://github.com/drupal/core 5 https://github.com/answerdev/answer 5 https://github.com/zopefoundation/Zope 5 https://github.com/codeigniter4/CodeIgniter4 5 https://github.com/geoserver/geoserver 5 https://github.com/apache/kylin 5 https://github.com/apache/dolphinscheduler 5 https://github.com/IBAX-io/go-ibax 5 https://github.com/protocolbuffers/protobuf 5 https://github.com/vantage6/vantage6 4 https://github.com/jeecgboot/jeecg-boot 4 https://github.com/cloudflare/cfrpki 4 https://github.com/npm/cli 4 https://github.com/containers/buildah 4 https://github.com/containers/podman 4 https://github.com/openstack/keystone 4 https://github.com/centreon/centreon-archived 4 https://github.com/statamic/cms 4 https://github.com/restlet/restlet-framework-java 4 https://github.com/ckeditor/ckeditor4 4 https://github.com/fiveai/Cachet 4 https://github.com/ethereum/go-ethereum 4 https://github.com/surrealdb/surrealdb 4 https://github.com/scrapy/scrapy 4 https://github.com/0xJacky/nginx-ui 4 https://github.com/libp2p/go-libp2p 4 https://github.com/playframework/playframework 4 https://github.com/PrismJS/prism 4 https://github.com/tidwall/gjson 4 https://github.com/Froxlor/Froxlor 4 https://github.com/ericcornelissen/shescape 4 https://github.com/pimcore/admin-ui-classic-bundle 4 https://github.com/yiisoft/yii2 4 https://github.com/jenkinsci/workflow-cps-global-lib-plugin 4 https://github.com/free5gc/free5gc 4 https://github.com/opencontainers/runc 4 https://github.com/Codiad/Codiad 4 https://github.com/bolt/bolt 4 https://github.com/livehelperchat/livehelperchat 4 https://github.com/jhipster/generator-jhipster 4 https://github.com/phpseclib/phpseclib 4 https://github.com/apache/geode 4 https://github.com/cri-o/cri-o 4 https://github.com/quarkusio/quarkus 4 https://github.com/baserproject/basercms 4 https://github.com/kubernetes/ingress-nginx 4 https://github.com/wixtoolset/issues 4 https://github.com/hashicorp/nomad 4 https://github.com/RaspAP/raspap-webgui 4 https://github.com/jettison-json/jettison 4 https://github.com/jnqnfe/pulse-binding-rust 4 https://github.com/ethyca/fides 4 https://github.com/nightcloudos/new_cms 4 https://github.com/igniterealtime/Openfire 4 https://github.com/apple/swift-nio-http2 4 https://github.com/pgadmin-org/pgadmin4 4 https://github.com/totaljs/framework 4 https://github.com/microsoft/msquic 3 https://github.com/authzed/spicedb 3 https://github.com/digitalbazaar/forge 3 https://github.com/siderolabs/talos 3 https://gitlab.com/edneville/please 3 https://github.com/jenkinsci/gitlab-plugin 3 https://github.com/rack/rack 3 https://github.com/TryGhost/Ghost 3 https://github.com/dub-flow/vulnerability-research 3 https://github.com/steveukx/git-js 3 https://github.com/npm/npm 3