Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

High Security Advisories

Loading...
High
GSA_kwCzR0hTQS02Z2pmLTd3OTktajd4N80WOA
Deleted Admin Can Sign In to Admin Interface
Ecosystems: packagist
Packages: october/system, october/october
Source: GitHub Advisory Database
Blast Radius: 18.2
Published: over 2 years ago
High
GSA_kwCzR0hTQS02cmg1LTIzaHgtajQ1Ms3rtw
Improper Authorization in Jenkins Core
Ecosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
High
GSA_kwCzR0hTQS04djVwLTJjcHYtYzJ4Ns1l6A
Apache Tomcat Source Code Disclosure
Ecosystems: maven
Packages: org.apache.tomcat:tomcat
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS1yODRwLTg4ZzItMnZ4Ms3l_Q
Apache Tomcat EncryptInterceptor error leads to Uncontrolled Resource Consumption
Ecosystems: maven
Packages: org.apache.tomcat:tomcat
Source: GitHub Advisory Database
Blast Radius: 19.8
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1mNTRwLWY2anAtNHJocs0W_A
Heap OOB in `FusedBatchNorm` kernels
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 34.6
Published: over 2 years ago
High
GSA_kwCzR0hTQS0zcW1jLTJyNzYtNHJxcM4AAv0B
Redwood is vulnerable to account takeover via dbAuth "forgot-password"
Ecosystems: npm
Packages: @redwoodjs/api
Source: GitHub Advisory Database
Blast Radius: 23.1
Published: over 1 year ago
High
GSA_kwCzR0hTQS03d3J2LTZoNDItdzU0Zs4AA0t5
PocketMine-MP vulnerable to server crash using badly formatted sign NBT in BlockActorDataPacket
Ecosystems: packagist
Packages: pocketmine/pocketmine-mp
Source: GitHub Advisory Database
Blast Radius: 15.6
Published: 10 months ago
High
GSA_kwCzR0hTQS01Z2c3LTV3djgtNGdjas4AARkT
Undertow Request Smuggling vulnerability
Ecosystems: maven
Packages: io.undertow:undertow-core
Source: GitHub Advisory Database
Blast Radius: 27.9
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1tcHB2LTc5Y2gtdnc2cc4AAz98
Apache Tomcat vulnerable to information leak
Ecosystems: maven
Packages: org.apache.tomcat:tomcat-coyote, org.apache.tomcat.embed:tomcat-embed-core
Source: GitHub Advisory Database
Blast Radius: 31.1
Published: 11 months ago
High
GSA_kwCzR0hTQS0zdnYzLTU4NXEtd3Y2eM4AAXdO
Apache Guacamole Race Condition vulnerability
Ecosystems: maven
Packages: org.apache.guacamole:guacamole-common
Source: GitHub Advisory Database
Blast Radius: 14.7
Published: almost 2 years ago
High
GSA_kwCzR0hTQS14OWpwLTR3OG0tNGYzY84AArfm
Cross Site Scripting vulnerability in django-jsonform's admin form.
Ecosystems: pypi
Packages: django-jsonform
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
High
GSA_kwCzR0hTQS04Y3BoLW02ODUtNnY2cs4AA7DZ
OpenFGA Authorization Bypass
Ecosystems: go
Packages: github.com/openfga/openfga
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 18 days ago
High
GSA_kwCzR0hTQS1wNTQzLWpnNDMtOXBtNc1izg
Apache Tomcat may be started without proper security settings
Ecosystems: maven
Packages: org.apache.tomcat:tomcat
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS1oeGd4LTU4NHgtdndtOM4AAyfW
Appwrite Server-Side Request Forgery vulnerability
Ecosystems: packagist
Packages: appwrite/server-ce
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
High
GSA_kwCzR0hTQS1xNncyLWp4Y20tMmNyas4AAgH6
Improper Authentication in pyftpdlib
Ecosystems: pypi
Packages: pyftpdlib
Source: GitHub Advisory Database
Blast Radius: 18.3
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1yMmg1LTNoZ3ctOGozNM4AAxt2
User data in TPM attestation vulnerable to MITM
Ecosystems: go
Packages: github.com/edgelesssys/constellation/v2
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
High
GSA_kwCzR0hTQS1wNDloLWhqdm0tamczaM0W2w
PCX P mode buffer overflow in Pillow
Ecosystems: pypi
Packages: Pillow
Source: GitHub Advisory Database
Blast Radius: 48.5
Published: over 2 years ago
High
GSA_kwCzR0hTQS1mNTUzLWoyZ3YtZzVyOc4AAT8o
Apache Solr Kerberos delegation token functionality flaws
Ecosystems: maven
Packages: org.apache.solr:solr-core
Source: GitHub Advisory Database
Blast Radius: 27.7
Published: almost 2 years ago
High
GSA_kwCzR0hTQS05NW0yLXA5OGYtMjRyNc4AAXMV
Apache Geode unsafe deserialization of application objects
Ecosystems: maven
Packages: org.apache.geode:geode-core
Source: GitHub Advisory Database
Blast Radius: 19.2
Published: almost 2 years ago
High
GSA_kwCzR0hTQS0yZ3c2LTczd2MteDg4Zs4AAbvJ
Apache Geode information disclosure vulnerability
Ecosystems: maven
Packages: org.apache.geode:geode-core
Source: GitHub Advisory Database
Blast Radius: 19.2
Published: almost 2 years ago
High
GSA_kwCzR0hTQS05ODk1LWc2eDUteHdjcM4AAwL0
Quarkus CORS filter allows simple GET and POST requests with an invalid Origin to proceed
Ecosystems: maven
Packages: io.quarkus:quarkus-vertx-http
Source: GitHub Advisory Database
Blast Radius: 17.0
Published: over 1 year ago
High
GSA_kwCzR0hTQS1oMjJyLWg3N3ctMmc1Zs4AAXex
Apache Geode gfsh authorization vulnerability
Ecosystems: maven
Packages: org.apache.geode:geode-core
Source: GitHub Advisory Database
Blast Radius: 18.2
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1jM3JwLTRjamgtY3AzOM1h4g
Zope does not properly verify the access for objects with proxy roles
Ecosystems: pypi
Packages: zope
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW03anYtaHE3aC1tcTdj
Infinite Loop in Apache Tomcat
Ecosystems: maven
Packages: org.apache.tomcat:tomcat
Source: GitHub Advisory Database
Blast Radius: 19.8
Published: about 2 years ago
High
GSA_kwCzR0hTQS02cHBnLXJncmctZjU3M84AA7ET
Dolibarr vulnerable to Cross-Site Request Forgery
Ecosystems: packagist
Packages: dolibarr/dolibarr
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 18 days ago
High
GSA_kwCzR0hTQS1jZjJqLXZmMzYtYzZ3OM0WxA
Communities and collections administrators can escalate their privilege up to system administrator
Ecosystems: maven
Packages: org.dspace:dspace-api
Source: GitHub Advisory Database
Blast Radius: 18.0
Published: over 2 years ago
High
GSA_kwCzR0hTQS02cW14LTQyaDItajhoNs4AA7I9
.NET Elevation of Privilege Vulnerability
Ecosystems: nuget
Packages: Microsoft.WindowsDesktop.App.Runtime.win-x86, Microsoft.WindowsDesktop.App.Runtime.win-x64, Microsoft.WindowsDesktop.App.Runtime.win-arm64
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 17 days ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXY2ZnEtcTc5Mi1qNDZq
Improper Input Validation in Apache Unomi
Ecosystems: maven
Packages: org.apache.unomi:unomi
Source: GitHub Advisory Database
Blast Radius: 6.8
Published: about 2 years ago
High
GSA_kwCzR0hTQS12anhjLWZydzQtam1oNc4AAjYW
Undertow vulnerable to Uncontrolled Resource Consumption
Ecosystems: maven
Packages: io.undertow:undertow-core
Source: GitHub Advisory Database
Blast Radius: 27.9
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1jZ3JnLXgzNHItNzhmM83uBA
Cloud Foundry UAA password reset vulnerability
Ecosystems: maven
Packages: org.cloudfoundry.identity:cloudfoundry-identity-server
Source: GitHub Advisory Database
Blast Radius: 8.5
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1tcnY4LXBxZmotN2dwNc4AA7I1
Keycloak path traversal vulnerability in the redirect validation
Ecosystems: maven
Packages: org.keycloak:keycloak-services
Source: GitHub Advisory Database
Blast Radius: 19.5
Published: 17 days ago
High
GSA_kwCzR0hTQS0zcGNxLTM0dzUtcDRnMs0WpQ
modern-async's `forEachSeries` and `forEachLimit` functions do not limit the number of requests
Ecosystems: npm
Packages: modern-async
Source: GitHub Advisory Database
Blast Radius: 11.4
Published: over 2 years ago
High
GSA_kwCzR0hTQS00cTJ2LWo2MzktY3A3cM4AAV9t
Improper Access Control in Apache Shiro
Ecosystems: maven
Packages: org.apache.shiro:shiro-web, org.apache.shiro:shiro-all
Source: GitHub Advisory Database
Blast Radius: 30.3
Published: almost 2 years ago
High
GSA_kwCzR0hTQS12M2M5LXc2ZzItaGpnM84AAgdO
Cross-Site Request Forgery in XXL-Job
Ecosystems: maven
Packages: com.xuxueli:xxl-job
Source: GitHub Advisory Database
Blast Radius: 6.2
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1mNmZtLXIyNnEtcDc0N84AAgbL
Improper Removal of Sensitive Information Before Storage or Transfer in Strapi
Ecosystems: npm
Packages: @strapi/strapi, strapi
Source: GitHub Advisory Database
Blast Radius: 31.8
Published: almost 2 years ago
High
GSA_kwCzR0hTQS14M3I1LXE2bWotbTQ4Nc0WnA
Improper sanitization of target names
Ecosystems: cargo
Packages: tough
Source: GitHub Advisory Database
Blast Radius: 14.0
Published: over 2 years ago
High
GSA_kwCzR0hTQS04bTQ1LTJyam0tajM0N84AA7I8
Handling untrusted input can result in a crash, leading to loss of availability / denial of service
Ecosystems: npm
Packages: @solana/web3.js
Source: GitHub Advisory Database
Blast Radius: 31.3
Published: 17 days ago
High
GSA_kwCzR0hTQS13aDZ3LTY5eGMtNXJxNc4AAraK
Improper Check for Unusual or Exceptional Conditions in Elasticsearch
Ecosystems: maven
Packages: org.elasticsearch:elasticsearch
Source: GitHub Advisory Database
Blast Radius: 32.0
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1oN3ZxLTVxZ3ctand3cc0WlA
CSV Injection Vulnerability
Ecosystems: packagist
Packages: craftcms/cms
Source: GitHub Advisory Database
Blast Radius: 30.3
Published: over 2 years ago
High
GSA_kwCzR0hTQS1wcDNjLWNmNmotbTNmZs4AArZm
Server-Side Request Forgery in Jodd HTTP
Ecosystems: maven
Packages: org.jodd:jodd-http
Source: GitHub Advisory Database
Blast Radius: 19.1
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1nN3hxLXh2OGMtaDk4Y84AA7Da
Cross-site Scripting (XSS) possible due to improper sanitisation of `href` attributes on `<a>` tags
Ecosystems: rubygems
Packages: phlex
Source: GitHub Advisory Database
Blast Radius: 8.7
Published: 18 days ago
High
GSA_kwCzR0hTQS1oOHAyLThnNzItcXBnaM4AAxzI
Apache Airflow Google Provider Improper Input Validation vulnerability
Ecosystems: pypi
Packages: apache-airflow-providers-google
Source: GitHub Advisory Database
Blast Radius: 19.3
Published: about 1 year ago
High
GSA_kwCzR0hTQS1wcmp2LWpqMjYtd2Y4aM4AATRB
ClassLoader manipulation in Apache Struts
Ecosystems: maven
Packages: org.apache.struts:struts2-core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
High
GSA_kwCzR0hTQS00cWdqLTltdmctMzkyOc4AAWri
Special top object can be used to access Struts' internals
Ecosystems: maven
Packages: org.apache.struts:struts2-core
Source: GitHub Advisory Database
Blast Radius: 28.4
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1mdncyLTJwZjctNzd2d84AAv2h
Apache Airflow subject to Exposure of Sensitive Information
Ecosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Blast Radius: 23.9
Published: over 1 year ago
High
GSA_kwCzR0hTQS12NDl4LThodm0tcTM0N84AAUGo
Exposure of Sensitive Information in Apache Pluto
Ecosystems: maven
Packages: org.apache.portals.pluto:pluto-container
Source: GitHub Advisory Database
Blast Radius: 11.1
Published: almost 2 years ago
High
GSA_kwCzR0hTQS00OW01LTI4MzgtcTJyds4AAgUo
Ansible unsafe evaluation of some strings
Ecosystems: pypi
Packages: ansible
Source: GitHub Advisory Database
Blast Radius: 31.3
Published: almost 2 years ago
High
GSA_kwCzR0hTQS05djczLXg1NjItd3Y1eM4AArVa
OS Command Injection in gitsome
Ecosystems: npm
Packages: gitsome
Source: GitHub Advisory Database
Blast Radius: 2.6
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1wcjloLWc3cDctcnJxaM4AAXci
XML External Entity Reference in Jenkins FindBugs Plugin
Ecosystems: maven
Packages: org.jvnet.hudson.plugins.findbugs:library
Source: GitHub Advisory Database
Blast Radius: 5.3
Published: almost 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLThtZmMtdjd3di1wNjJn
Path Traversal in Yarn
Ecosystems: npm
Packages: yarn
Source: GitHub Advisory Database
Blast Radius: 36.4
Published: about 2 years ago
High
GSA_kwCzR0hTQS13cjdyLXZnM2MtNTRyNc4AASr6
Missing Encryption of Sensitive Data in Apache Guacamole
Ecosystems: maven
Packages: org.apache.guacamole:guacamole-common
Source: GitHub Advisory Database
Blast Radius: 13.6
Published: almost 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXFocWYtZ2hnaC14Mm00
High severity vulnerability that affects Microsoft.AspNetCore.Mvc
Ecosystems: nuget
Packages: DisCatSharp, Microsoft.AspNetCore.Mvc.WebApiCompatShim, Microsoft.AspNetCore.Mvc.ViewFeatures, Microsoft.AspNetCore.Mvc.TagHelpers, Microsoft.AspNetCore.Mvc.Razor, Microsoft.AspNetCore.Mvc.Razor.Host, Microsoft.AspNetCore.Mvc.Localization, Microsoft.AspNetCore.Mvc.Formatters.Xml, Microsoft.AspNetCore.Mvc.Formatters.Json, Microsoft.AspNetCore.Mvc.DataAnnotations, Microsoft.AspNetCore.Mvc.Cors, Microsoft.AspNetCore.Mvc.ApiExplorer, Microsoft.AspNetCore.Mvc.Abstractions, System.Net.WebSockets.Client, System.Net.Security, System.Net.Http.WinHttpHandler, System.Text.Encodings.Web, System.Net.Http, Microsoft.AspNetCore.Mvc.Core, Microsoft.AspNetCore.Mvc
Source: GitHub Advisory Database
Blast Radius: 10.4
Published: over 5 years ago
High
GSA_kwCzR0hTQS1oNWNnLTUzZzctZ3Fqd84AA5zS
RPyC's missing security check results in code execution when using numpy.array on the server-side.
Ecosystems: pypi
Packages: rpyc
Source: GitHub Advisory Database
Blast Radius: 23.3
Published: about 2 months ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWd4NXctcnJocC1mNDM2
XSS in mdBook
Ecosystems: cargo
Packages: mdBook
Source: GitHub Advisory Database
Blast Radius: 21.8
Published: over 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWNxcjctNzhwai0zZzdq
File Descriptor Leak Can Cause DoS Vulnerability in hapi
Ecosystems: npm
Packages: hapi
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 6 years ago
High
GSA_kwCzR0hTQS04dzN4LTQ1N3Itd2c1M80WXA
Out-of-bounds Write in OpenCV
Ecosystems: pypi
Packages: opencv-contrib-python, opencv-python
Source: GitHub Advisory Database
Blast Radius: 42.5
Published: over 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXdxNngtZzY4NS13NWYy
Improper Restriction of XML External Entity Reference in Plone
Ecosystems: pypi
Packages: plone.supermodel, plone.app.dexterity, plone.app.theming, plone.app.event, Plone
Source: GitHub Advisory Database
Blast Radius: 25.9
Published: about 3 years ago
High
GSA_kwCzR0hTQS0zM2gyLTY5ajMtcjMzNs0WWw
Out-of-bounds Read in OpenCV
Ecosystems: pypi
Packages: opencv-contrib-python, opencv-python
Source: GitHub Advisory Database
Blast Radius: 42.5
Published: over 2 years ago
High
GSA_kwCzR0hTQS1ycXhnLXh2Y3EtM3YyZs0WVA
Out-of-bounds Write in OpenCV
Ecosystems: pypi
Packages: opencv-contrib-python, opencv-python
Source: GitHub Advisory Database
Blast Radius: 42.5
Published: over 2 years ago
High
GSA_kwCzR0hTQS1oNmozLWozNWYtdjJ4N84AA5zM
PocketMine-MP server crash with certain invalid JSON payloads in `LoginPacket` due to dependency vulnerability (3rd time)
Ecosystems: packagist
Packages: pocketmine/pocketmine-mp
Source: GitHub Advisory Database
Blast Radius: 15.6
Published: about 2 months ago
High
GSA_kwCzR0hTQS12YzI5LXJqOTItZ2M3as0WUw
Out-of-bounds Write in OpenCV
Ecosystems: pypi
Packages: opencv-contrib-python, opencv-python
Source: GitHub Advisory Database
Blast Radius: 42.5
Published: over 2 years ago
High
GSA_kwCzR0hTQS1yY3J4LWZwanAtbWZyd84AAvq7
Unchecked Return Value to NULL Pointer Dereference in PDFDocumentHandler.cpp
Ecosystems: npm
Packages: hummus, muhammara
Source: GitHub Advisory Database
Blast Radius: 18.4
Published: over 1 year ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTM1amgtcjNoNC02amht
Command Injection in lodash
Ecosystems: npm
Packages: lodash-template, lodash.template, lodash-es, lodash
Source: GitHub Advisory Database
Blast Radius: 45.4
Published: almost 3 years ago
High
GSA_kwCzR0hTQS1tNDNjLTY0OW0tcG00OM0WTA
Integer Overflow or Wraparound in OpenCV.
Ecosystems: pypi
Packages: opencv-contrib-python, opencv-python
Source: GitHub Advisory Database
Blast Radius: 42.5
Published: over 2 years ago
High
GSA_kwCzR0hTQS0zMnc5LTJxcGMtNWY5ds3qwg
Docker image code execution with Apache Mesos
Ecosystems: maven
Packages: org.apache.mesos:mesos
Source: GitHub Advisory Database
Blast Radius: 23.3
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1oZ3E5LXE4ZzItM2ptZ84AAQKq
Command Injection in VIVO Vitro
Ecosystems: maven
Packages: org.vivoweb:vitro-project
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1oNWdmLWNtbTgtY2c3Y84AA5zE
CasaOS-UserService allows unauthorized access to any file
Ecosystems: go
Packages: github.com/IceWhaleTech/CasaOS-UserService
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 months ago
High
GSA_kwCzR0hTQS03OTQ3LTQ4cTctY3A1bc4AA7Lv
Dolibarr Application Home Page has HTML injection vulnerability
Ecosystems: packagist
Packages: dolibarr/dolibarr
Source: GitHub Advisory Database
Blast Radius: 5.5
Published: 16 days ago
High
GSA_kwCzR0hTQS0yajV3LWN3YzMtOGh4d84AAi-s
Improper Certificate Validation in Jenkins Spira Importer Plugin
Ecosystems: maven
Packages: com.inflectra.spiratest.plugins:inflectra-spira-integration
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
High
GSA_kwCzR0hTQS05NXEzLXBwcHAtcjY4M84AAUUI
Crash when decoding malformed HTTP requests or malformed JSON payload
Ecosystems: maven
Packages: org.apache.mesos:mesos
Source: GitHub Advisory Database
Blast Radius: 22.4
Published: almost 2 years ago
High
GSA_kwCzR0hTQS03OTQ0LWg1cnctcW1qeM1jgQ
ZCatalog plug-in for Zope allows anonymous users to bypass access restrictions
Ecosystems: pypi
Packages: zope
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS02MzYzLXY1bTQtZnZxM84AA68U
timber/timber vulnerable to Deserialization of Untrusted Data
Ecosystems: packagist
Packages: timber/timber
Source: GitHub Advisory Database
Blast Radius: 21.6
Published: 22 days ago
High
GSA_kwCzR0hTQS1yOGc5LXc0ZjMtOWNybc4AAiBx
LMDB invalid write
Ecosystems: pypi
Packages: lmdb
Source: GitHub Advisory Database
Blast Radius: 26.2
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1tNm01LXBwNGctZmNjOM0WNA
S3 storage write is not aborted on errors leading to unbounded memory usage
Ecosystems: go
Packages: github.com/foxcpp/maddy
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: over 2 years ago
High
GSA_kwCzR0hTQS1jaGozLWY3eHctMzY3bc4AArf7
OS Command Injection in git-promise
Ecosystems: npm
Packages: git-promise
Source: GitHub Advisory Database
Blast Radius: 20.1
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1oZnJ4LTZxZ2otZnA2Y84AAxvU
Apache Commons FileUpload denial of service vulnerability
Ecosystems: maven
Packages: org.apache.tomcat.embed:tomcat-embed-core, org.apache.tomcat:tomcat-coyote, commons-fileupload:commons-fileupload
Source: GitHub Advisory Database
Blast Radius: 37.6
Published: about 1 year ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWc5Y2ctaDNqbS1jd3Jj
Prototype Pollution in @hapi/subtext
Ecosystems: npm
Packages: @hapi/subtext
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
High
GSA_kwCzR0hTQS1oOWgzLWp4NTgtNmhxcc4AAygE
Jenkins Mashup Portlets Plugin vulnerable to stored cross-site scripting
Ecosystems: maven
Packages: javagh.jenkins:mashup-portlets-plugin
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTU4NTQtanZ4eC0yY2c5
Denial of Service in subtext
Ecosystems: npm
Packages: subtext
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
High
GSA_kwCzR0hTQS1tNHBxLWZ2MnctNmhyd84AA5xp
Deno's deno_runtime vulnerable to interactive permission prompt spoofing via improper ANSI stripping
Ecosystems: cargo
Packages: deno_runtime
Source: GitHub Advisory Database
Blast Radius: 13.7
Published: about 2 months ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTl2cnctbTg4Zy13NzVx
Denial of Service in @hapi/accept
Ecosystems: npm
Packages: @hapi/accept
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWdqcGgteGY1cS02bWZx
Denial of Service in @hapi/ammo
Ecosystems: npm
Packages: @hapi/ammo
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
High
GSA_kwCzR0hTQS1oajljLThqbW0tOGM1Ms4AArT6
Packing does not respect root-level ignore files in workspaces
Ecosystems: npm
Packages: npm
Source: GitHub Advisory Database
Blast Radius: 38.6
Published: almost 2 years ago
High
GSA_kwCzR0hTQS04MjNmLWN3bTktNGc3NM0WLA
Splash authentication credentials potentially leaked to target websites
Ecosystems: pypi
Packages: scrapy-splash
Source: GitHub Advisory Database
Blast Radius: 19.5
Published: over 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXc0dnAtM21xNy03djgy
Cross-Site Scripting in lazysizes
Ecosystems: npm
Packages: lazysizes
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
High
GSA_kwCzR0hTQS03cHIzLXA1Zm0tOHI5eM0WDw
LiveQuery publishes user session tokens in parse-server
Ecosystems: npm
Packages: parse-server
Source: GitHub Advisory Database
Blast Radius: 23.1
Published: over 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTNmeDUtZnd2ci14cmpn
Regular Expression Denial of Service in ms
Ecosystems: npm
Packages: ms
Source: GitHub Advisory Database
Blast Radius: 47.7
Published: over 6 years ago
High
GSA_kwCzR0hTQS1naDhqLTJwZ2YteDQ1OM0VuQ
Infinite Loop in rencode
Ecosystems: pypi
Packages: rencode
Source: GitHub Advisory Database
Blast Radius: 14.8
Published: over 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWM5ZjQteGoyNC04anF4
Regular Expression Denial of Service in uglify-js
Ecosystems: npm
Packages: uglify-js
Source: GitHub Advisory Database
Blast Radius: 47.6
Published: over 6 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXczdzgtMzdqdi0yYzU4
Cross-Site Scripting in mustache
Ecosystems: npm
Packages: mustache
Source: GitHub Advisory Database
Blast Radius: 32.6
Published: over 6 years ago
High
GSA_kwCzR0hTQS00cm1qLXc1OG0tZnZjaM4AAx9G
Moodle vulnerable to Server-Side Request Forgery
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 10.6
Published: about 1 year ago
High
GSA_kwCzR0hTQS1xeDZoLTk1NjctNWZxd84AAXnF
Arbitrary file write in Apache Commons Fileupload
Ecosystems: maven
Packages: commons-fileupload:commons-fileupload
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWM5Mm0tcnJyYy1xNXdm
safemode gem allows context-dependent attackers to obtain sensitive information via the inspect method
Ecosystems: rubygems
Packages: safemode
Source: GitHub Advisory Database
Blast Radius: 12.7
Published: over 6 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW05NGMtMzdnNi1jamhj
Fake objects feature vulnerability allowing to execute JavaScript code using malformed HTML.
Ecosystems: npm
Packages: ckeditor4
Source: GitHub Advisory Database
Blast Radius: 20.0
Published: over 2 years ago
High
GSA_kwCzR0hTQS03ajRoLTh3cGYtcnFmaM3mvw
Missing XML Validation in Apache Xerces2
Ecosystems: maven
Packages: xerces:xercesImpl
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
High
GSA_kwCzR0hTQS02NjkyLThxcWYtNzlqY84AArs6
`Read` on uninitialized buffer may cause UB ('tectonic_xdv' crate)
Ecosystems: cargo
Packages: tectonic_xdv
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1mOGg1LXYydmctNDZycs4AA6o6
quarkus-core leaks local environment variables from Quarkus namespace during application's build
Ecosystems: maven
Packages: io.quarkus:quarkus-core
Source: GitHub Advisory Database
Blast Radius: 19.0
Published: 30 days ago
High
GSA_kwCzR0hTQS1tY3BoLW0yNWotOGo2M84AA4Jm
tj-actions/changed-files has Potential Actions command injection in output filenames (GHSL-2023-271)
Ecosystems: actions
Packages: tj-actions/changed-files
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 4 months ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWNoODItZ3FoNi05eGo5
Prototype Pollution in get-setter
Ecosystems: npm
Packages: get-setter
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
High
GSA_kwCzR0hTQS00N3hjLTlycjItcTdwNM4AAvif
Improper Control of Generation of Code ('Code Injection') in Azure CLI
Ecosystems: pypi
Packages: azure-cli
Source: GitHub Advisory Database
Blast Radius: 19.6
Published: over 1 year ago
Statistics
Advisories: 18,369
Packages: 8,294
Repositories: 2,439
Ecosystems: 12
Filter by Severity
Moderate 7,928 High 6,358 Critical 2,809 Low 985
Filter by Ecosystem
maven 1,875 npm 1,402 pypi 1,170 packagist 1,024 nuget 785 go 687 cargo 323 rubygems 284 swift 16 hex 9 actions 8 pub 4
Filter by Package
Microsoft.ChakraCore 234 tensorflow 107 tensorflow-cpu 95 tensorflow-gpu 93 magento/community-edition 55 org.jenkins-ci.main:jenkins-core 48 moodle/moodle 44 com.fasterxml.jackson.core:jackson-databind 43 org.apache.tomcat:tomcat 33 dolibarr/dolibarr 31 drupal/core 28 microweber/microweber 27 pimcore/pimcore 27 nokogiri 25 drupal/drupal 24 org.apache.struts:struts2-core 23 phpmyadmin/phpmyadmin 23 typo3/cms 22 opencv-python 22 opencv-contrib-python 22 com.thoughtworks.xstream:xstream 22 Pillow 21 com.jfinal:jfinal 21 ansible 20 thorsten/phpmyfaq 19 github.com/rancher/rancher 19 django 19 typo3/cms-core 18 org.jenkins-ci.plugins:script-security 18 librenms/librenms 18 salt 18 openssl-src 17 pocketmine/pocketmine-mp 17 mlflow 17 org.apache.tomcat.embed:tomcat-embed-core 16 apache-airflow 16 symfony/symfony 16 rdiffweb 15 getgrav/grav 15 nilsteampassnet/teampass 15 parse-server 15 net.mingsoft:ms-mcms 14 Plone 14 centreon/centreon 14 vyper 14 github.com/hashicorp/consul 14 Microsoft.AspNetCore.App.Runtime.win-x86 14 Microsoft.AspNetCore.App.Runtime.win-x64 14 golang.org/x/net 13 rubygems-update 13 Microsoft.AspNetCore.App.Runtime.win-arm 13 github.com/usememos/memos 13 Microsoft.AspNetCore.App.Runtime.osx-x64 12 Microsoft.AspNetCore.App.Runtime.win-arm64 12 org.keycloak:keycloak-core 12 Microsoft.AspNetCore.App.Runtime.linux-x64 12 Microsoft.AspNetCore.App.Runtime.linux-musl-x64 12 Microsoft.AspNetCore.App.Runtime.linux-musl-arm64 12 Microsoft.AspNetCore.App.Runtime.linux-arm64 12 baserproject/basercms 12 electron 12 activerecord 12 org.apache.openmeetings:openmeetings-parent 12 Microsoft.AspNetCore.App.Runtime.linux-arm 12 org.keycloak:keycloak-parent 11 mautic/core 11 github.com/argoproj/argo-cd 11 intelliants/subrion 11 actionpack 11 io.undertow:undertow-core 11 github.com/nats-io/nats-server/v2 11 github.com/hashicorp/vault 11 cobbler 10 cockpit-hq/cockpit 10 org.springframework.security:spring-security-core 10 org.apache.nifi:nifi 10 github.com/hashicorp/nomad 10 shopware/platform 10 froxlor/froxlor 10 org.xwiki.platform:xwiki-platform-oldcore 10 matrix-synapse 10 openmage/magento-lts 10 craftcms/cms 9 org.cloudfoundry.identity:cloudfoundry-identity-server 9 Django 9 org.apache.geode:geode-core 9 org.apache.solr:solr-core 9 rusqlite 9 org.apache.struts.xwork:xwork-core 9 org.apache.hadoop:hadoop-main 9 org.bouncycastle:bcprov-jdk14 9 Microsoft.NetCore.App.Runtime.win-x86 9 Microsoft.NetCore.App.Runtime.win-arm 9 ckb 9 Microsoft.NetCore.App.Runtime.win-x64 9 Microsoft.NetCore.App.Runtime.win-arm64 9 mercurial 9 Microsoft.AspNetCore.App.Runtime.linux-musl-arm 8 Microsoft.NETCore.App.Runtime.win-arm64 8 october/system 8 github.com/ethereum/go-ethereum 8 shopware/core 8 gradio 8 org.keycloak:keycloak-services 8 Microsoft.NETCore.App.Runtime.win-x86 8 github.com/sylabs/singularity 8 org.bouncycastle:bcprov-jdk15 8 Microsoft.NETCore.App.Runtime.win-x64 8 com.liferay.portal:release.portal.bom 7 apache-superset 7 gogs.io/gogs 7 DotNetNuke.Core 7 org.craftercms:crafter-studio 7 smarty/smarty 7 snipe/snipe-it 7 symfony/security 7 phpmailer/phpmailer 7 pillow 7 org.eclipse.jetty:jetty-server 7 org.jenkins-ci.plugins.workflow:workflow-cps-global-lib 7 codeigniter4/framework 7 cakephp/cakephp 7 com.xuxueli:xxl-job 7 strapi 7 org.elasticsearch:elasticsearch 7 cn.hutool:hutool-core 7 magento/core 7 org.jenkins-ci.plugins.workflow:workflow-cps 7 org.springframework:spring-core 7 org.apache.commons:commons-compress 7 tar 7 github.com/docker/docker 7 handlebars 6 github.com/zitadel/zitadel 6 waitress 6 de.tum.in.ase:artemis-java-test-sandbox 6 npm 6 symfony/security-http 6 prestashop/prestashop 6 composer/composer 6 Microsoft.AspNetCore.App.Runtime.osx-arm64 6 @openzeppelin/contracts 6 github.com/traefik/traefik/v2 6 Microsoft.AspNetCore.All 6 guzzlehttp/guzzle 6 opencv-contrib-python-headless 6 org.apache.tomcat:tomcat-coyote 6 opencv-python-headless 6 github.com/gravitl/netmaker 6 contao/contao 6 Microsoft.NETCore.App 6 contao/core-bundle 6 deno 6 org.apache.camel:camel-core 6 @strapi/strapi 6 sized-chunks 6 k8s.io/kubernetes 6 org.apache.inlong:manager-pojo 6 golang.org/x/crypto 6 github.com/hyperledger/fabric 6 sequelize 6 kiwitcms 6 org.apache.cxf:cxf 6 cryptography 6 istio.io/istio 6 org.apache.tika:tika-core 6 wwbn/avideo 6 laravel/framework 6 rack 6 express-cart 6 github.com/cilium/cilium 5 keystone 5 zope 5 directus 5 pear/archive_tar 5 Microsoft.WindowsDesktop.App.Runtime.win-x64 5 github.com/go-gitea/gitea 5 next 5 org.apache.tomcat:tomcat-catalina 5 CefSharp.Common 5 Microsoft.WindowsDesktop.App.Runtime.win-x86 5 passenger 5 org.xwiki.platform:xwiki-platform-web 5 forkcms/forkcms 5 org.apache.xmlgraphics:batik 5 serve 5 statamic/cms 5 getkirby/cms 5 github.com/nats-io/jwt 5 OPCFoundation.NetStandard.Opc.Ua.Core 5 org.apache.mesos:mesos 5 github.com/answerdev/answer 5 @openzeppelin/contracts-upgradeable 5 plone 5 aubio 5 code.gitea.io/gitea 5 org.apache.dolphinscheduler:dolphinscheduler 5 genix/cms 5 matrix-js-sdk 5 com.vaadin:vaadin-bom 5
Filter by Repository
https://github.com/chakra-core/ChakraCore 204 https://github.com/tensorflow/tensorflow 107 https://github.com/xwiki/xwiki-platform 48 https://github.com/FasterXML/jackson-databind 44 https://github.com/jenkinsci/jenkins 36 https://github.com/apache/tomcat 34 https://github.com/python-pillow/Pillow 26 https://github.com/apache/airflow 25 https://github.com/microweber/microweber 25 https://github.com/pimcore/pimcore 25 https://github.com/moodle/moodle 24 https://github.com/keycloak/keycloak 22 https://github.com/x-stream/xstream 22 https://github.com/apache/struts 22 https://github.com/opencv/opencv 21 https://github.com/sparklemotion/nokogiri 20 https://github.com/django/django 20 https://github.com/Dolibarr/dolibarr 19 https://github.com/thorsten/phpmyfaq 18 https://github.com/dotnet/runtime 17 https://github.com/pmmp/PocketMine-MP 17 https://github.com/symfony/symfony 16 https://github.com/spring-projects/spring-framework 16 https://github.com/rancher/rancher 16 https://github.com/ansible/ansible 15 https://github.com/parse-community/parse-server 15 https://github.com/ikus060/rdiffweb 15 https://github.com/vyperlang/vyper 14 https://github.com/github/advisory-database 14 https://github.com/librenms/librenms 14 https://github.com/apache/inlong 13 https://github.com/usememos/memos 13 https://github.com/jenkinsci/script-security-plugin 13 https://github.com/getgrav/grav 13 https://github.com/rails/rails 12 https://github.com/mlflow/mlflow 12 https://github.com/hashicorp/consul 11 https://github.com/mautic/mautic 11 https://github.com/electron/electron 11 https://github.com/apache/nifi 11 https://github.com/argoproj/argo-cd 10 https://github.com/go-gitea/gitea 10 https://github.com/OpenMage/magento-lts 10 https://github.com/octobercms/october 10 https://github.com/centreon/centreon 10 https://github.com/apache/camel 9 https://github.com/cui2shark/cms 9 https://github.com/rusqlite/rusqlite 9 https://github.com/strapi/strapi 9 https://github.com/kubernetes/kubernetes 9 https://github.com/cloudfoundry/uaa 9 https://github.com/golang/go 9 https://github.com/nervosnetwork/ckb 9 https://github.com/nilsteampassnet/teampass 9 https://github.com/shopware/platform 8 https://github.com/gradio-app/gradio 8 https://github.com/matrix-org/synapse 8 https://github.com/bcgit/bc-java 8 https://github.com/TYPO3/TYPO3.CMS 8 https://github.com/cockpit-hq/cockpit 8 https://github.com/cobbler/cobbler 8 https://github.com/nats-io/nats-server 8 https://github.com/netty/netty 7 https://github.com/DSpace/DSpace 7 https://github.com/dotnet/aspnetcore 7 https://github.com/plone/Products.CMFPlone 7 https://github.com/eclipse/jetty.project 7 https://github.com/snipe/snipe-it 7 https://github.com/rubygems/rubygems 7 https://github.com/hashicorp/vault 7 https://github.com/spring-projects/spring-security 7 https://github.com/undertow-io/undertow 7 https://github.com/apache/cxf 7 https://github.com/denoland/deno 7 https://github.com/PHPMailer/PHPMailer 7 https://github.com/apache/activemq 7 https://github.com/zitadel/zitadel 6 https://github.com/dnnsoftware/Dnn.Platform 6 https://github.com/dromara/hutool 6 https://github.com/opencast/opencast 6 https://github.com/contao/contao 6 https://github.com/CVEProject/cvelist 6 https://github.com/OpenNMS/opennms 6 https://github.com/intelliants/subrion 6 https://github.com/npm/node-tar 6 https://github.com/sequelize/sequelize 6 https://github.com/pyca/cryptography 6 https://github.com/backstage/backstage 6 https://github.com/gravitl/netmaker 6 https://github.com/guzzle/guzzle 6 https://github.com/smarty-php/smarty 6 https://github.com/nilsteampassnet/TeamPass 6 https://github.com/WWBN/AVideo 6 https://github.com/magento/magento2 6 https://github.com/ls1intum/Ares 6 https://github.com/Pylons/waitress 6 https://github.com/istio/istio 6 https://github.com/saltstack/salt 6 https://github.com/xuxueli/xxl-job 6 https://github.com/DrunkenShells/Disclosures 6 https://github.com/OPCFoundation/UA-.NETStandard 6 https://github.com/bodil/sized-chunks 6 https://github.com/OpenZeppelin/openzeppelin-contracts 6 https://github.com/phpmyadmin/phpmyadmin 6 https://github.com/PaddlePaddle/Paddle 6 https://github.com/hyperledger/fabric 6 https://github.com/kiwitcms/Kiwi 6 https://github.com/froxlor/froxlor 6 https://github.com/TYPO3/typo3 6 https://github.com/twisted/twisted 5 https://github.com/forkcms/forkcms 5 https://github.com/cefsharp/CefSharp 5 https://github.com/aubio/aubio 5 https://github.com/apache/hadoop 5 https://github.com/gogs/gogs 5 https://github.com/directus/directus 5 https://github.com/cakephp/cakephp 5 https://github.com/matrix-org/matrix-js-sdk 5 https://github.com/traefik/traefik 5 https://github.com/docker/docker 5 https://github.com/hpcng/singularity 5 https://github.com/apache/xmlgraphics-batik 5 https://github.com/getkirby/kirby 5 https://github.com/nautobot/nautobot 5 https://github.com/cilium/cilium 5 https://github.com/faisalman/ua-parser-js 5 https://github.com/PrestaShop/PrestaShop 5 https://github.com/pear/Archive_Tar 5 https://github.com/BlackFan/client-side-prototype-pollution 5 https://github.com/laravel/framework 5 https://github.com/composer/composer 5 https://github.com/drupal/core 5 https://github.com/answerdev/answer 5 https://github.com/zopefoundation/Zope 5 https://github.com/codeigniter4/CodeIgniter4 5 https://github.com/geoserver/geoserver 5 https://github.com/apache/kylin 5 https://github.com/apache/dolphinscheduler 5 https://github.com/IBAX-io/go-ibax 5 https://github.com/protocolbuffers/protobuf 5 https://github.com/vantage6/vantage6 4 https://github.com/jeecgboot/jeecg-boot 4 https://github.com/cloudflare/cfrpki 4 https://github.com/npm/cli 4 https://github.com/containers/buildah 4 https://github.com/containers/podman 4 https://github.com/openstack/keystone 4 https://github.com/centreon/centreon-archived 4 https://github.com/statamic/cms 4 https://github.com/restlet/restlet-framework-java 4 https://github.com/ckeditor/ckeditor4 4 https://github.com/fiveai/Cachet 4 https://github.com/ethereum/go-ethereum 4 https://github.com/surrealdb/surrealdb 4 https://github.com/scrapy/scrapy 4 https://github.com/0xJacky/nginx-ui 4 https://github.com/libp2p/go-libp2p 4 https://github.com/playframework/playframework 4 https://github.com/PrismJS/prism 4 https://github.com/tidwall/gjson 4 https://github.com/Froxlor/Froxlor 4 https://github.com/ericcornelissen/shescape 4 https://github.com/pimcore/admin-ui-classic-bundle 4 https://github.com/yiisoft/yii2 4 https://github.com/jenkinsci/workflow-cps-global-lib-plugin 4 https://github.com/free5gc/free5gc 4 https://github.com/opencontainers/runc 4 https://github.com/Codiad/Codiad 4 https://github.com/bolt/bolt 4 https://github.com/livehelperchat/livehelperchat 4 https://github.com/jhipster/generator-jhipster 4 https://github.com/phpseclib/phpseclib 4 https://github.com/apache/geode 4 https://github.com/cri-o/cri-o 4 https://github.com/quarkusio/quarkus 4 https://github.com/baserproject/basercms 4 https://github.com/kubernetes/ingress-nginx 4 https://github.com/wixtoolset/issues 4 https://github.com/hashicorp/nomad 4 https://github.com/RaspAP/raspap-webgui 4 https://github.com/jettison-json/jettison 4 https://github.com/jnqnfe/pulse-binding-rust 4 https://github.com/ethyca/fides 4 https://github.com/nightcloudos/new_cms 4 https://github.com/igniterealtime/Openfire 4 https://github.com/apple/swift-nio-http2 4 https://github.com/pgadmin-org/pgadmin4 4 https://github.com/totaljs/framework 4 https://github.com/microsoft/msquic 3 https://github.com/authzed/spicedb 3 https://github.com/digitalbazaar/forge 3 https://github.com/siderolabs/talos 3 https://gitlab.com/edneville/please 3 https://github.com/jenkinsci/gitlab-plugin 3 https://github.com/rack/rack 3 https://github.com/TryGhost/Ghost 3 https://github.com/dub-flow/vulnerability-research 3 https://github.com/steveukx/git-js 3 https://github.com/npm/npm 3