Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Low Security Advisories

Loading...
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTQ1MmctZjdmcC05amY3
Type confusion during tensor casts lead to dereferencing null pointers
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 12.2
Published: almost 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZmOTQtMzZnNS02OXY4
Division by zero in TFLite's implementation of `DepthToSpace`
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 12.2
Published: almost 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWM0NXctMnd4ci1wcDUz
Heap OOB read in `tf.raw_ops.Dequantize`
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 12.2
Published: almost 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXhtMnYtOHJydy13OXBt
Division by 0 in `Conv2DBackpropInput`
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 12.2
Published: almost 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWo4cWMtNWZxci01MmZw
Division by zero in `Conv2DBackpropFilter`
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 12.2
Published: almost 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTdmMzMtZjRmNS14d2d3
In-band key negotiation issue in AWS S3 Crypto SDK for golang
Ecosystems: go
Packages: github.com/aws/aws-sdk-go
Source: GitHub Advisory Database
Blast Radius: 12.1
Published: about 2 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWgzNjItbThmMi01eDdj
Password Hashing: Do not use MD5
Ecosystems: maven
Packages: org.opencastproject:opencast-common-jpa-impl
Source: GitHub Advisory Database
Blast Radius: 11.9
Published: over 4 years ago
Low
GSA_kwCzR0hTQS03cW00LXAzNzctZnIycs3ypg
ActiveMQ's OpenWire protocol exposes certain system details as plain text
Ecosystems: maven
Packages: org.apache.activemq:activemq-parent, org.apache.activemq:activemq-openwire-generator
Source: GitHub Advisory Database
Blast Radius: 11.9
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS1qZm1xLTRnNG0tOTlyaM4AASBR
Nimbus JOSE+JWT vulnerable to padding oracle attack
Ecosystems: maven
Packages: com.nimbusds:nimbus-jose-jwt
Source: GitHub Advisory Database
Blast Radius: 11.8
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS1weGh3LTU5NnItcndxNc4AA7Ph
Kubernetes allows bypassing mountable secrets policy imposed by the ServiceAccount admission plugin
Ecosystems: go
Packages: k8s.io/kubernetes
Source: GitHub Advisory Database
Blast Radius: 11.6
Published: 11 days ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTI0cjgtZm05ci1jcGoy
Low severity vulnerability that affects com.linecorp.armeria:armeria
Ecosystems: maven
Packages: com.linecorp.armeria:armeria
Source: GitHub Advisory Database
Blast Radius: 11.5
Published: over 4 years ago
Low
GSA_kwCzR0hTQS14cXhtLTJycG0tMzg4Oc0kJQ
Comment reply notifications sent to incorrect users
Ecosystems: pypi
Packages: wagtail
Source: GitHub Advisory Database
Blast Radius: 11.5
Published: over 2 years ago
Low
GSA_kwCzR0hTQS1yY20yLTIyZjMtcHF2M84AA7fu
Firebase vulnerable to CRSF attack
Ecosystems: npm
Packages: firebase-tools
Source: GitHub Advisory Database
Blast Radius: 11.4
Published: 2 days ago
Low
GSA_kwCzR0hTQS1jaDQ4LTlyM3EtcHY3eM4AAz_0
Vaadin vulnerable to possible information disclosure of class and method names in RPC response
Ecosystems: maven
Packages: com.vaadin:vaadin, com.vaadin:flow-server
Source: GitHub Advisory Database
Blast Radius: 11.4
Published: 11 months ago
Low
GSA_kwCzR0hTQS1yNjU3LTMzdnAtZ3AyMs4AAu9-
parse-server auth adapter app ID validation can be circumvented
Ecosystems: npm
Packages: parse-server
Source: GitHub Advisory Database
Blast Radius: 11.4
Published: over 1 year ago
Low
GSA_kwCzR0hTQS1xcHhtLTY4OXItMzg0Oc4AA5gL
Apache Camel data exposure vulnerability
Ecosystems: maven
Packages: org.apache.camel:camel-core
Source: GitHub Advisory Database
Blast Radius: 11.4
Published: 2 months ago
Low
GSA_kwCzR0hTQS0zaHJyLXh3dmctaHh2cs4AA5pB
Keycloak DoS via account lockout
Ecosystems: maven
Packages: org.keycloak:keycloak-core
Source: GitHub Advisory Database
Blast Radius: 11.3
Published: 2 months ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTc2ZjQtZnczMy02ajJ2
Potential sensitive data exposure in applications using Vaadin 15
Ecosystems: maven
Packages: com.vaadin:vaadin-bom
Source: GitHub Advisory Database
Blast Radius: 11.3
Published: about 3 years ago
Low
GSA_kwCzR0hTQS13MmgzLXZ2dnEtM201M84AA0fs
Pipelines do not validate child UIDs
Ecosystems: go
Packages: github.com/tektoncd/pipeline
Source: GitHub Advisory Database
Blast Radius: 11.3
Published: 10 months ago
Low
GSA_kwCzR0hTQS04NzI0LTV4bW0tdzV4cc4AA7R_
CosmWasm affected by arithmetic overflows
Ecosystems: cargo
Packages: cosmwasm-std
Source: GitHub Advisory Database
Blast Radius: 11.2
Published: 10 days ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWN4amMtcjJmcC03bXE2
Cross-site Scripting in dijit editor's LinkDialog plugin
Ecosystems: npm
Packages: dijit
Source: GitHub Advisory Database
Blast Radius: 11.2
Published: almost 4 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWMzNXYtcXdxZy04N2pj
express-basic-auth Timing Attack due to native string comparison instead of constant time string comparison
Ecosystems: npm
Packages: express-basic-auth
Source: GitHub Advisory Database
Blast Radius: 11.2
Published: almost 5 years ago
Low
GSA_kwCzR0hTQS03NWhxLWg2ZzktaDRxNc4AA6jC
Wasmtime vulnerable to panic when using a dropped extenref-typed element segment
Ecosystems: cargo
Packages: wasmtime
Source: GitHub Advisory Database
Blast Radius: 11.2
Published: about 1 month ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWM1MmYtcHE0Ny0ycjlq
plugin.yaml file allows for duplicate entries in helm
Ecosystems: go
Packages: helm.sh/helm, helm.sh/helm/v3
Source: GitHub Advisory Database
Blast Radius: 11.1
Published: almost 3 years ago
Low
GSA_kwCzR0hTQS1tOGNnLXhjMnAtcjNmY84AAydr
rootless: `/sys/fs/cgroup` is writable when cgroupns isn't unshared in runc
Ecosystems: go
Packages: github.com/opencontainers/runc
Source: GitHub Advisory Database
Blast Radius: 11.1
Published: about 1 year ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWZqcW0tMjQ2Yy1td3Fn
In Bouncy Castle JCE Provider the other party DH public key is not fully validated
Ecosystems: maven
Packages: org.bouncycastle:bcprov-jdk15, org.bouncycastle:bcprov-jdk14
Source: GitHub Advisory Database
Blast Radius: 11.1
Published: over 5 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW1qOXAtdjJyOC13Zjh3
Cross-site scripting in SimpleSAMLphp
Ecosystems: packagist
Packages: simplesamlphp/simplesamlphp
Source: GitHub Advisory Database
Blast Radius: 11.0
Published: over 4 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZnYzYtbTM2NC04NXd3
Log injection in SimpleSAMLphp
Ecosystems: packagist
Packages: simplesamlphp/simplesamlphp
Source: GitHub Advisory Database
Blast Radius: 11.0
Published: over 4 years ago
Low
GSA_kwCzR0hTQS0ydjQyLXhwM2otNDdtNM4AA6rp
Xuxueli xxl-job template injection vulnerability
Ecosystems: maven
Packages: com.xuxueli:xxl-job-core
Source: GitHub Advisory Database
Blast Radius: 11.0
Published: 28 days ago
Low
GSA_kwCzR0hTQS14bTY3LTU4N3EtcjJ2d84AAyAX
wasmtime vulnerable to miscompilation of `i8x16.select` with the same inputs on x86_64
Ecosystems: cargo
Packages: cranelift-codegen, wasmtime
Source: GitHub Advisory Database
Blast Radius: 10.9
Published: about 1 year ago
Low
GSA_kwCzR0hTQS1tcThqLTNoN2gtcDhnN84AArqs
Compromised child renderer processes could obtain IPC access without nodeIntegrationInSubFrames being enabled
Ecosystems: npm
Packages: electron
Source: GitHub Advisory Database
Blast Radius: 10.9
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS1ocGgzLWh2M2MtNzcyNc4AAw3b
Any Flarum user including unactivated can reply in public discussions whose first post was permanently deleted
Ecosystems: packagist
Packages: flarum/core
Source: GitHub Advisory Database
Blast Radius: 10.9
Published: over 1 year ago
Low
GSA_kwCzR0hTQS1wMjZnLTk3bTQtNnE3Y84AAy3M
Eclipse Jetty's cookie parsing of quoted values can exfiltrate values from other cookies
Ecosystems: maven
Packages: org.eclipse.jetty:jetty-server
Source: GitHub Advisory Database
Blast Radius: 10.9
Published: about 1 year ago
Low
GSA_kwCzR0hTQS1mcHBxLW1qNzYtZnBqMs4AAvrA
fluentd vulnerable to remote code execution due to insecure deserialization (in non-default configuration)
Ecosystems: rubygems
Packages: fluentd
Source: GitHub Advisory Database
Blast Radius: 10.8
Published: over 1 year ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXYyNGgtcGpqdi1tY3A2
Denial of service in Tendermint
Ecosystems: go
Packages: github.com/tendermint/tendermint
Source: GitHub Advisory Database
Blast Radius: 10.8
Published: almost 3 years ago
Low
GSA_kwCzR0hTQS1jajd2LTI3cGctd2Y3cc4AAtJM
Jetty invalid URI parsing may produce invalid HttpURI.authority
Ecosystems: maven
Packages: org.eclipse.jetty:jetty-http
Source: GitHub Advisory Database
Blast Radius: 10.5
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS03NDd2LTUyYzQtOHZqOM4AA6y7
Contao: Unencoded insert tags in the frontend
Ecosystems: packagist
Packages: contao/core-bundle
Source: GitHub Advisory Database
Blast Radius: 10.2
Published: 25 days ago
Low
GSA_kwCzR0hTQS1jdzdwLXE3OWYtbTJ2N80W6Q
incomplete JupyterHub logout with simultaneous JupyterLab sessions
Ecosystems: pypi
Packages: jupyterhub
Source: GitHub Advisory Database
Blast Radius: 10.2
Published: over 2 years ago
Low
GSA_kwCzR0hTQS04cTJtLXB3eGYtamM3Z84AAY6T
python-keystoneclient unsecure user password update
Ecosystems: pypi
Packages: python-keystoneclient
Source: GitHub Advisory Database
Blast Radius: 10.1
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS1wM3Z3LWZ2d3gtcWN2Nc2A-g
Cross-site scripting in Apache Struts
Ecosystems: maven
Packages: struts:struts
Source: GitHub Advisory Database
Blast Radius: 10.1
Published: about 2 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTNyOGotcG1jaC01ajJo
Internal exception message exposure for login action in Sylius
Ecosystems: packagist
Packages: sylius/sylius
Source: GitHub Advisory Database
Blast Radius: 10.1
Published: over 4 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJmamMteHJtZi01dnZ3
Privilege escalation by backend users assigned to the default "Publisher" system role
Ecosystems: packagist
Packages: october/backend
Source: GitHub Advisory Database
Blast Radius: 10.0
Published: over 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZyNTgtNHhnci1nbTZt
SilverStripe Priviledge escalation through cache pollution
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 9.8
Published: over 4 years ago
Low
GSA_kwCzR0hTQS1qeDdjLTdtajUtOTQzOM4AAvGq
Apache Tomcat Race Condition vulnerability
Ecosystems: maven
Packages: org.apache.tomcat:tomcat
Source: GitHub Advisory Database
Blast Radius: 9.8
Published: over 1 year ago
Low
GSA_kwCzR0hTQS1xdjk1LWczZ20teDU0Ms0Wfg
Hashicorp Vault Privilege Escalation Vulnerability
Ecosystems: go
Packages: github.com/hashicorp/vault
Source: GitHub Advisory Database
Blast Radius: 9.8
Published: over 2 years ago
Low
GSA_kwCzR0hTQS1jdmNjLTV4OTItZ21oY802tg
SaltStack Salt Improper Authentication via Man in the Middle Attack
Ecosystems: pypi
Packages: salt
Source: GitHub Advisory Database
Blast Radius: 9.7
Published: about 2 years ago
Low
GSA_kwCzR0hTQS1ydmdtLTM1anctcTYyOM4AAujy
Improper Control of Generation of Code ('Code Injection') in mdx-mermaid
Ecosystems: npm
Packages: mdx-mermaid
Source: GitHub Advisory Database
Blast Radius: 9.7
Published: over 1 year ago
Low
GSA_kwCzR0hTQS00N2czLW1mMjQtNjU1Oc4AA5WN
Vulnerability affecting the org.openjfx:javafx-media maven component of the OpenJFX project
Ecosystems: maven
Packages: org.openjfx:javafx-media
Source: GitHub Advisory Database
Blast Radius: 9.7
Published: 3 months ago
Low
GSA_kwCzR0hTQS1mNWg0LXdtcDUteGhnNs4AA0KF
Client Spoofing within the Keycloak Device Authorisation Grant
Ecosystems: maven
Packages: org.keycloak:keycloak-server-spi-private, org.keycloak:keycloak-services
Source: GitHub Advisory Database
Blast Radius: 9.7
Published: 10 months ago
Low
GSA_kwCzR0hTQS1xY2d4LTdwNWYtaHh2cs02gQ
Discoverability of user password hash in Statamic CMS
Ecosystems: packagist
Packages: statamic/cms
Source: GitHub Advisory Database
Blast Radius: 9.6
Published: about 2 years ago
Low
GSA_kwCzR0hTQS1yZmoyLXEzaDMtaG01as4AAu1O
Cargo extracting malicious crates can corrupt arbitrary files
Ecosystems: cargo
Packages: cargo
Source: GitHub Advisory Database
Blast Radius: 9.5
Published: over 1 year ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTNoNXItOTI4di1teGho
Unauthorized client-side property update in UIDL request handler in Vaadin 10 and 11
Ecosystems: maven
Packages: com.vaadin:vaadin-bom
Source: GitHub Advisory Database
Blast Radius: 9.5
Published: about 3 years ago
Low
GSA_kwCzR0hTQS1tdzZxLTk4bXAtZzhnOM0W5Q
Cross-site Scripting in bootstrap-table
Ecosystems: npm
Packages: bootstrap-table
Source: GitHub Advisory Database
Blast Radius: 9.5
Published: over 2 years ago
Low
GSA_kwCzR0hTQS02Nm00LWdjOGgtaHBqeM4AAyDt
Timing attack in eZ Platform Ibexa
Ecosystems: packagist
Packages: ezsystems/ezpublish-kernel, ezsystems/ezplatform-kernel
Source: GitHub Advisory Database
Blast Radius: 9.4
Published: about 1 year ago
Low
GSA_kwCzR0hTQS1wMmpoLTk1amctMnc1Nc4AA3Hv
Information Disclosure in typo3/cms-install tool
Ecosystems: packagist
Packages: typo3/cms-install
Source: GitHub Advisory Database
Blast Radius: 9.3
Published: 6 months ago
Low
GSA_kwCzR0hTQS1jY3hjLXZyNnAtNDg1OM0uIg
Improper Certificate Validation in Cosign
Ecosystems: go
Packages: github.com/sigstore/cosign
Source: GitHub Advisory Database
Blast Radius: 9.3
Published: about 2 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWo2cWotajg4OC12dmdx
Directory exposure in jetty
Ecosystems: maven
Packages: org.eclipse.jetty:jetty-deploy
Source: GitHub Advisory Database
Blast Radius: 9.3
Published: about 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJyM3YtcTl4My03ZzQ2
Link injection in SimpleSAMLphp
Ecosystems: packagist
Packages: simplesamlphp/simplesamlphp
Source: GitHub Advisory Database
Blast Radius: 9.3
Published: over 4 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTNwYzItZm03cC1xMnZn
Cross-site Scripting in October
Ecosystems: packagist
Packages: october/backend
Source: GitHub Advisory Database
Blast Radius: 9.3
Published: almost 4 years ago
Low
GSA_kwCzR0hTQS1tbW1tLWNoamYtam12d84AAmp5
Gitaly Insufficient Session Expiration vulnerability
Ecosystems: rubygems
Packages: gitaly
Source: GitHub Advisory Database
Blast Radius: 9.2
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS01OXFnLTkzamctMjM2Zs4AAxG7
Shopware has Insufficient Session Expiration in Administration
Ecosystems: packagist
Packages: shopware/core, shopware/platform
Source: GitHub Advisory Database
Blast Radius: 9.2
Published: over 1 year ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWM5OXItNjd4NC13aGo2
Reflected cross-site scripting in development mode handler in Vaadin 14, 15-19
Ecosystems: maven
Packages: com.vaadin:vaadin-bom
Source: GitHub Advisory Database
Blast Radius: 9.1
Published: almost 3 years ago
Low
GSA_kwCzR0hTQS04MnZ4LW1tNnItZ2c4d84AA4_5
Bref vulnerable to Body Parsing Inconsistency in Event-Driven Functions
Ecosystems: packagist
Packages: bref/bref
Source: GitHub Advisory Database
Blast Radius: 9.0
Published: 3 months ago
Low
GSA_kwCzR0hTQS1qajdjLWpydjQtYzY1eM4AA1_2
plone.namedfile vulnerable to Stored Cross Site Scripting with SVG images
Ecosystems: pypi
Packages: plone.namedfile
Source: GitHub Advisory Database
Blast Radius: 9.0
Published: 8 months ago
Low
GSA_kwCzR0hTQS1mYzc1LTU4cjgtcm0zaM4AA2kA
Wagtail vulnerable to disclosure of user names via admin bulk action views
Ecosystems: pypi
Packages: wagtail
Source: GitHub Advisory Database
Blast Radius: 8.9
Published: 7 months ago
Low
GSA_kwCzR0hTQS13MnY4LXBocDQtcDhoY84AA7eE
Wagtail has permission check bypass when editing a model with per-field restrictions through `wagtail.contrib.settings` or `ModelViewSet`
Ecosystems: pypi
Packages: wagtail
Source: GitHub Advisory Database
Blast Radius: 8.9
Published: 3 days ago
Low
GSA_kwCzR0hTQS14OXI1LWp4dnEtNDM4N80g-g
jquery.terminal self XSS on user input
Ecosystems: npm
Packages: jquery.terminal
Source: GitHub Advisory Database
Blast Radius: 8.8
Published: over 2 years ago
Low
GSA_kwCzR0hTQS02ODQ1LXh3MjItZmZ4ds4AA5Ef
Vyper sha3 codegen bug
Ecosystems: pypi
Packages: vyper
Source: GitHub Advisory Database
Blast Radius: 8.8
Published: 3 months ago
Low
GSA_kwCzR0hTQS12eG1tLWN3aDItcTc2Ms4AAzbG
Vyper's nonpayable default functions are sometimes payable
Ecosystems: pypi
Packages: vyper
Source: GitHub Advisory Database
Blast Radius: 8.8
Published: 12 months ago
Low
GSA_kwCzR0hTQS1ncDN3LTJ2Mm0tcDY4Ns4AA5Bo
Vyper's external calls can overflow return data to return input buffer
Ecosystems: pypi
Packages: vyper
Source: GitHub Advisory Database
Blast Radius: 8.8
Published: 3 months ago
Low
GSA_kwCzR0hTQS05cDhyLTR4cDQtZ3c1d84AA5gq
Vyper's `_abi_decode` vulnerable to Memory Overflow
Ecosystems: pypi
Packages: vyper
Source: GitHub Advisory Database
Blast Radius: 8.8
Published: 2 months ago
Low
GSA_kwCzR0hTQS00aHdxLTRjcG0tOHZteM4AA5gr
Vyper's `extract32` can ready dirty memory
Ecosystems: pypi
Packages: vyper
Source: GitHub Advisory Database
Blast Radius: 8.8
Published: 2 months ago
Low
GSA_kwCzR0hTQS1qNGczLTNxOHgtanhxcM4AA3ow
dbt-core's secret env vars written to package-lock.json in plaintext
Ecosystems: pypi
Packages: dbt-core
Source: GitHub Advisory Database
Blast Radius: 8.8
Published: 5 months ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXc0cGotN3A2OC0zdmd2
Stored XSS in October
Ecosystems: packagist
Packages: october/backend
Source: GitHub Advisory Database
Blast Radius: 8.8
Published: over 3 years ago
Low
GSA_kwCzR0hTQS12ZnA2LWpydzItOTlnOc4AA2_S
Cosign vulnerable to possible endless data attack from attacker-controlled registry
Ecosystems: go
Packages: github.com/sigstore/cosign, github.com/sigstore/cosign/v2
Source: GitHub Advisory Database
Blast Radius: 8.7
Published: 6 months ago
Low
GSA_kwCzR0hTQS02cHJ3LTh4aG0taDI0N84AAb59
Salt uses weak permissions on the cache data
Ecosystems: pypi
Packages: salt
Source: GitHub Advisory Database
Blast Radius: 8.7
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS03NDVwLXI2MzctN3Z2cM4AAvLo
Codeigniter4's Secure or HttpOnly flag set in Config\Cookie is not reflected in Cookies issued
Ecosystems: packagist
Packages: codeigniter4/framework
Source: GitHub Advisory Database
Blast Radius: 8.7
Published: over 1 year ago
Low
GSA_kwCzR0hTQS02cGM5LXhxcmctd2Zxd80zHw
Exposure of Sensitive information in httpie
Ecosystems: pypi
Packages: httpie
Source: GitHub Advisory Database
Blast Radius: 8.6
Published: about 2 years ago
Low
GSA_kwCzR0hTQS1oanAzLTVnMnEtN2p3d84AAzCk
Race Condition leading to logging errors
Ecosystems: rubygems
Packages: audited
Source: GitHub Advisory Database
Blast Radius: 8.6
Published: about 1 year ago
Low
GSA_kwCzR0hTQS05cGY3LWY0N3EtbXdwcc4AAiwc
Cross-site Scripting in RabbitMQ
Ecosystems: hex
Packages: rabbit_common
Source: GitHub Advisory Database
Blast Radius: 8.6
Published: almost 2 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTk3MjItcnI2OC1yZnBn
Upload whitelisted files to any directory in OctoberCMS
Ecosystems: packagist
Packages: october/cms
Source: GitHub Advisory Database
Blast Radius: 8.5
Published: almost 4 years ago
Low
GSA_kwCzR0hTQS1xOXd2LTIybTktdmhxaM4AAvvi
Tauri Filesystem Scope can be Partially Bypassed
Ecosystems: cargo
Packages: Tauri
Source: GitHub Advisory Database
Blast Radius: 8.4
Published: over 1 year ago
Low
GSA_kwCzR0hTQS1qZjJwLTRncWotODQ5Z84AAwED
Temporary File Information Disclosure vulnerability in MPXJ
Ecosystems: pypi, nuget, maven
Packages: mpxj, net.sf.mpxj-for-vb, net.sf.mpxj-for-csharp, net.sf.mpxj, net.sf.mpxj:mpxj
Source: GitHub Advisory Database
Blast Radius: 8.1
Published: over 1 year ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWptNTYtNWg2Ni13NDUz
Repository index file allows for duplicates of the same chart entry in helm
Ecosystems: go
Packages: helm.sh/helm, helm.sh/helm/v3
Source: GitHub Advisory Database
Blast Radius: 8.1
Published: almost 3 years ago
Low
GSA_kwCzR0hTQS1oYzVjLXI4bTUtMmdmaM4AA1_4
plone.restapi vulnerable to Stored Cross Site Scripting with SVG image in user portrait
Ecosystems: pypi
Packages: plone.restapi
Source: GitHub Advisory Database
Blast Radius: 8.0
Published: 8 months ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXFxYzUtcmdjYy1janFo
Information Disclosure in go.elastic.co/apm
Ecosystems: go
Packages: go.elastic.co/apm
Source: GitHub Advisory Database
Blast Radius: 7.9
Published: almost 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWpmdmYtcmZtcS1xd2Y4
Croos-site scripting in Croogo
Ecosystems: packagist
Packages: croogo/croogo
Source: GitHub Advisory Database
Blast Radius: 7.9
Published: almost 3 years ago
Low
GSA_kwCzR0hTQS05Y2ZoLXZ4OTMtODR2ds4AAzRE
PostgresNIO processes unencrypted bytes from man-in-the-middle
Ecosystems: swift
Packages: github.com/vapor/postgres-nio
Source: GitHub Advisory Database
Blast Radius: 7.9
Published: 12 months ago
Low
GSA_kwCzR0hTQS05amZ4LTg0djktMnJyMs4AA0z2
Nomad Caller ACL Token’s Secret ID is Exposed to Sentinel
Ecosystems: go
Packages: github.com/hashicorp/nomad
Source: GitHub Advisory Database
Blast Radius: 7.9
Published: 10 months ago
Low
GSA_kwCzR0hTQS1yOG03LTc5MmotNWp2cc4AAZvd
TYPO3 Cross-Site Scripting (XSS) vulnerabilities in Content Editing Wizards component
Ecosystems: packagist
Packages: typo3/cms
Source: GitHub Advisory Database
Blast Radius: 7.8
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS13ODhtLTI5MzYtcm14cs4AAuf5
wildfly-core allows user with access to management interface to access vault expression, retrieve item from vault
Ecosystems: maven
Packages: org.wildfly.core:wildfly-server
Source: GitHub Advisory Database
Blast Radius: 7.7
Published: over 1 year ago
Low
GSA_kwCzR0hTQS1yMjc1LWo1N2MtN21mMs4AA5ZI
Race condition in Endorsements
Ecosystems: rubygems
Packages: decidim
Source: GitHub Advisory Database
Blast Radius: 7.7
Published: 2 months ago
Low
GSA_kwCzR0hTQS02NWcyLXg1M3EtY21mNs4AAy9A
Sensitive Terraform Output Values Printed At Info Logging Level In Kitchen-Terraform
Ecosystems: rubygems
Packages: kitchen-terraform
Source: GitHub Advisory Database
Blast Radius: 7.7
Published: about 1 year ago
Low
GSA_kwCzR0hTQS1teGNjLTdoNW0teDU3cs4AAtsO
Jenkins GitHub plugin uses weak webhook signature function
Ecosystems: maven
Packages: com.coravy.hudson.plugins.github:github
Source: GitHub Advisory Database
Blast Radius: 7.6
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS13bThxLTk5NzUteGg1ds4AA1_u
Zope vulnerable to Stored Cross Site Scripting with SVG images
Ecosystems: pypi
Packages: Zope
Source: GitHub Advisory Database
Blast Radius: 7.6
Published: 8 months ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTI0bTMtdzhnOS1qd3Bx
Information disclosure of source code in SimpleSAMLphp
Ecosystems: packagist
Packages: simplesamlphp/simplesamlphp
Source: GitHub Advisory Database
Blast Radius: 7.5
Published: about 4 years ago
Low
GSA_kwCzR0hTQS1qaHByLWo3Y3EtM2pwM84AAz_s
Flask-AppBuilder vulnerable to possible disclosure of sensitive information on user error
Ecosystems: pypi
Packages: Flask-AppBuilder
Source: GitHub Advisory Database
Blast Radius: 7.5
Published: 11 months ago
Low
GSA_kwCzR0hTQS0zMmZmLTRnNzktdmdmY84AAtvO
Flask-AppBuilder before v4.1.3 allows inference of sensitive information through query strings
Ecosystems: pypi
Packages: Flask-AppBuilder
Source: GitHub Advisory Database
Blast Radius: 7.5
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS1ndzVwLXE4bWotcDdnaM4AA14F
Miscompilation of wasm `i64x2.shr_s` instruction with constant input on x86_64
Ecosystems: cargo
Packages: wasmtime
Source: GitHub Advisory Database
Blast Radius: 7.5
Published: 8 months ago
Low
GSA_kwCzR0hTQS1nOTZjLXg3cmgtOTlyM84AA0Xm
Graylog vulnerable to insecure source port usage for DNS queries
Ecosystems: maven
Packages: org.graylog2:graylog2-server
Source: GitHub Advisory Database
Blast Radius: 7.3
Published: 10 months ago
Statistics
Advisories: 18,369
Packages: 8,294
Repositories: 438
Ecosystems: 12
Filter by Severity
Moderate 7,928 High 6,358 Critical 2,809 Low 985
Filter by Ecosystem
pypi 441 maven 283 packagist 172 npm 128 go 120 rubygems 47 cargo 40 nuget 19 hex 3 pub 1 swift 1 actions 1
Filter by Package
tensorflow 109 tensorflow-cpu 93 tensorflow-gpu 93 moodle/moodle 17 concrete5/concrete5 13 shopware/platform 12 typo3/cms 11 shopware/core 10 github.com/mattermost/mattermost/server/v8 10 phpmyadmin/phpmyadmin 10 org.jenkins-ci.main:jenkins-core 9 org.apache.tomcat:tomcat 9 matrix-synapse 7 vyper 7 Umbraco.CMS 6 puppet 6 helm.sh/helm/v3 5 october/backend 5 k8s.io/kubernetes 5 baserproject/basercms 5 ansible 5 wasmtime 5 sweetalert2 5 undici 5 rack 5 helm.sh/helm 4 com.vaadin:flow-server 4 github.com/cilium/cilium 4 org.keycloak:keycloak-services 4 actionpack 4 electron 4 magento/community-edition 4 typo3/cms-core 4 simplesamlphp/simplesamlphp 4 github.com/mattermost/mattermost-server/v6 4 shopware/shopware 4 @openzeppelin/contracts-upgradeable 3 org.apache.hive:hive-exec 3 org.apache.hive:hive-service 3 org.graylog2:graylog2-server 3 passenger 3 httplib2 3 bin-links 3 org.apache.hive:hive 3 wagtail 3 nautobot 3 plone 3 ckb 3 symfony/symfony 3 github.com/cosmos/cosmos-sdk 3 go.etcd.io/etcd 3 github.com/mattermost/mattermost-server 3 ethyca-fides 3 cryptography 3 node-forge 3 com.vaadin:vaadin-bom 3 org.jenkins-ci.plugins:ec2 2 pip 2 gilacms/gila 2 github.com/sigstore/cosign 2 typo3/cms-frontend 2 com.inedo.proget:inedo-proget 2 craftcms/cms 2 org.apache.activemq:activemq-parent 2 ceph-deploy 2 @apollo/server 2 salt 2 tools.devnull:build-notifications 2 @openzeppelin/contracts 2 github.com/opencontainers/runc 2 Django 2 silverstripe/framework 2 github.com/answerdev/answer 2 org.jenkins-ci.plugins:azure-ad 2 moin 2 org.jenkins-ci.plugins:bigpanda-jenkins 2 node-ipc 2 next-auth 2 github.com/authzed/spicedb 2 winter/wn-backend-module 2 braces 2 Flask-Security-Too 2 Pillow 2 tuf 2 django 2 org.eclipse.jetty:jetty-server 2 grumpydictator/firefly-iii 2 aiohttp 2 github.com/ntbosscher/gobase 2 typo3/cms-install 2 github.com/mutagen-io/mutagen 2 parse-server 2 org.jenkins-ci.plugins:wso2id-oauth 2 symfony/security-http 2 org.xwiki.platform:xwiki-platform-oldcore 2 go.etcd.io/etcd/client/v3 2 october/cms 2 activesupport 2 Flask-AppBuilder 2 org.jenkins-ci.plugins:repository-connector 2 s2n-quic 2 langchain 2 cargo 2 com.ruoyi:ruoyi 2 github.com/cometbft/cometbft 2 sylius/sylius 2 org.bouncycastle:bcprov-jdk14 2 org.jenkins-ci.plugins:mercurial 2 Zope 2 microweber/microweber 2 github.com/hashicorp/nomad 2 org.jenkins-ci.plugins:artifactory 2 OctoPrint 2 vantage6 2 ezsystems/ezplatform-kernel 2 ezsystems/ezpublish-kernel 2 flarum/core 2 github.com/mattermost/mattermost-plugin-jira 2 org.scala-sbt:io_2.12 1 org.scala-sbt:io_2.13 1 hyper 1 org.scala-sbt:io_3 1 org.jenkins-ci.plugins:snsnotify 1 io.swagger:swagger-codegen 1 org.xwiki.platform:xwiki-platform-security-authentication-script 1 io.quarkus.resteasy.reactive:resteasy-reactive-common 1 es5-ext 1 com.github.tomakehurst:wiremock-jre8 1 com.github.tomakehurst:wiremock-jre8-standalone 1 wiremock 1 github.com/nats-io/nats-server/v2 1 github.com/oauth2-proxy/oauth2-proxy/v7 1 github.com/oauth2-proxy/oauth2-proxy 1 org.wiremock:wiremock 1 horizon 1 org.wiremock:wiremock-standalone 1 @diez/generation 1 org.jenkins-ci.plugins:openshift-deployer 1 org.keycloak:keycloak-core 1 rabbit_common 1 @liquity/contracts 1 github.com/Masterminds/goutils 1 org.scala-sbt:sbt 1 io.jenkins.plugins:tuleap-oauth 1 net.sf.mpxj:mpxj 1 net.sf.mpxj 1 net.sf.mpxj-for-csharp 1 net.sf.mpxj-for-vb 1 mpxj 1 keylime 1 zerocopy 1 francoisjacquet/rosariosis 1 RPLY 1 seneca 1 hooka-tools 1 github.com/canonical/lxd 1 njwt 1 ascii-art 1 merge-objects 1 bigint-money 1 put 1 org.springframework.batch:spring-batch-core 1 org.jenkins-ci.plugins:ghprb 1 com.xuxueli:xxl-job-core 1 virtualenv 1 com.typesafe.play:play 1 ember-source 1 @aedart/support 1 streamlit 1 org.jenkins-ci.plugins:reverse-proxy-auth-plugin 1 flarum/framework 1 Werkzeug 1 django-basic-auth-ip-whitelist 1 qutebrowser 1 automad/automad 1 mindspore 1 go.elastic.co/apm 1 kafo 1 firebase-tools 1 plone.restapi 1 datasette-graphql 1 org.keycloak:keycloak-server-spi-private 1 spina 1 admidio/admidio 1 phpmyfaq/phpmyfaq 1 solidus_backend 1 debug 1 org.keycloak:keycloak-parent 1 org.xmlunit:xmlunit-core 1 github.com/consensys/gnark-crypto 1 github.com/tendermint/tendermint 1 github.com/aws/aws-sdk-go 1 github.com/goharbor/harbor 1 croogo/croogo 1 @floffah/build 1 ajenti 1 apostrophe 1 org.eclipse.jetty:jetty-openid 1 type-graphql 1 org.bouncycastle:bcprov-jdk18on 1
Filter by Repository
https://github.com/tensorflow/tensorflow 109 https://github.com/moodle/moodle 17 https://github.com/concretecms/concretecms 13 https://github.com/shopware/platform 12 https://github.com/etcd-io/etcd 8 https://github.com/umbraco/Umbraco-CMS 7 https://github.com/matrix-org/synapse 7 https://github.com/phpmyadmin/phpmyadmin 7 https://github.com/eclipse/jetty.project 7 https://github.com/vyperlang/vyper 7 https://github.com/octobercms/october 7 https://github.com/rails/rails 6 https://github.com/helm/helm 5 https://github.com/nodejs/undici 5 https://github.com/kubernetes/kubernetes 5 https://github.com/keycloak/keycloak 5 https://github.com/bytecodealliance/wasmtime 5 https://github.com/baserproject/basercms 5 https://github.com/ansible/ansible 5 https://github.com/sweetalert2/sweetalert2 5 https://github.com/xwiki/xwiki-platform 5 https://github.com/puppetlabs/puppet 5 https://github.com/rack/rack 5 https://github.com/jenkinsci/jenkins 5 https://github.com/cilium/cilium 4 https://github.com/electron/electron 4 https://github.com/simplesamlphp/simplesamlphp 4 https://github.com/TYPO3/typo3 4 https://github.com/apache/tomcat 4 https://github.com/wintercms/winter 4 https://github.com/mattermost/mattermost 4 https://github.com/vaadin/platform 4 https://github.com/shopware/shopware 4 https://github.com/nautobot/nautobot 3 https://github.com/Graylog2/graylog2-server 3 https://github.com/vaadin/flow 3 https://github.com/CVEProject/cvelist 3 https://github.com/pyca/cryptography 3 https://github.com/httplib2/httplib2 3 https://github.com/ethyca/fides 3 https://github.com/django/django 3 https://github.com/phusion/passenger 3 https://github.com/cosmos/cosmos-sdk 3 https://github.com/vantage6/vantage6 3 https://github.com/wagtail/wagtail 3 https://github.com/digitalbazaar/forge 3 https://github.com/symfony/symfony 3 https://github.com/nervosnetwork/ckb 3 https://github.com/mattermost/mattermost-plugin-jira 2 https://github.com/zopefoundation/Zope 2 https://github.com/craftcms/cms 2 https://github.com/ezsystems/ezplatform-kernel 2 https://github.com/jenkinsci/ec2-plugin 2 https://github.com/hashicorp/nomad 2 https://github.com/Flask-Middleware/flask-security 2 https://github.com/saltstack/salt 2 https://github.com/nextauthjs/next-auth 2 https://github.com/apollographql/apollo-server 2 https://github.com/apache/activemq 2 https://gitlab.com/sequoia-pgp/sequoia 2 https://github.com/rust-lang/cargo 2 https://github.com/flarum/framework 2 https://github.com/opencontainers/runc 2 https://github.com/opencontainers/distribution-spec 2 https://github.com/ntbosscher/gobase 2 https://github.com/ceph/ceph-deploy 2 https://github.com/RIAEvangelist/node-ipc 2 https://github.com/cometbft/cometbft 2 https://github.com/openstack/keystone 2 https://github.com/Sylius/Sylius 2 https://github.com/TYPO3/TYPO3.CMS 2 https://github.com/OpenZeppelin/openzeppelin-contracts 2 https://github.com/GilaCMS/gila 2 https://github.com/quarkusio/quarkus 2 https://github.com/mutagen-io/mutagen 2 https://github.com/answerdev/answer 2 https://github.com/aio-libs/aiohttp 2 https://github.com/authzed/spicedb 2 https://github.com/dpgaspar/Flask-AppBuilder 2 https://github.com/parse-community/parse-server 2 https://github.com/aws/s2n-quic 2 https://github.com/octoprint/octoprint 2 https://github.com/sigstore/cosign 2 https://github.com/microweber/microweber 2 https://github.com/theupdateframework/python-tuf 2 https://github.com/pypa/pip 2 https://github.com/micromatch/braces 2 https://github.com/firefly-iii/firefly-iii 2 https://github.com/Consensys/gnark-crypto 1 https://github.com/rrrodzilla/rusty_paseto 1 https://github.com/httpie/httpie 1 https://github.com/waysact/webpack-subresource-integrity 1 https://github.com/keystonejs/keystone 1 https://github.com/contao/contao 1 https://github.com/statamic/cms 1 https://github.com/aws/aws-encryption-sdk-cli 1 https://github.com/plone/Products.CMFPlone 1 https://github.com/jenkinsci/mercurial-plugin 1 https://github.com/canonical/lxd 1 https://github.com/fluent/fluentd 1 https://github.com/aws/aws-sdk-go 1 https://github.com/google/zerocopy 1 https://github.com/ezsystems/ezpublish-kernel 1 https://github.com/tinymce/tinymce 1 https://github.com/NVIDIA/NeMo 1 https://github.com/vapor/postgres-nio 1 https://github.com/jquery-validation/jquery-validation 1 https://github.com/personnummer/java 1 https://github.com/gsemac/Gsemac.Common 1 https://github.com/parallaxsecond/parsec 1 https://github.com/karmada-io/karmada 1 https://github.com/python-pillow/Pillow 1 https://github.com/bcgit/bc-java 1 https://github.com/tokio-rs/tokio 1 https://github.com/senchalabs/connect 1 https://github.com/personnummer/js 1 https://github.com/erelsgl/limdu 1 https://github.com/sbt/sbt 1 https://github.com/personnummer/rust 1 https://github.com/jenkinsci/snsnotify-plugin 1 https://github.com/jenkinsci/credentials-binding-plugin 1 https://github.com/apache/storm 1 https://github.com/personnummer/python 1 https://github.com/authelia/authelia 1 https://github.com/rest-client/rest-client 1 https://github.com/IlicMiljan/Secure-Props 1 https://github.com/jenkinsci/backlog-plugin 1 https://github.com/PHPMailer/PHPMailer 1 https://github.com/personnummer/csharp 1 https://github.com/silverstripe/silverstripe-framework 1 https://github.com/openjdk/jfx 1 https://github.com/livehelperchat/livehelperchat 1 https://github.com/CosmWasm/cosmwasm 1 https://github.com/cjvnjde/google-translate-api-browser 1 https://github.com/actions/toolkit 1 https://github.com/zowe/imperative 1 https://github.com/ESAPI/esapi-java-legacy 1 https://github.com/jenkinsci/digitalocean-plugin 1 https://github.com/theupdateframework/go-tuf 1 https://github.com/croogo/croogo 1 https://github.com/moov-io/customers 1 https://github.com/ain/smartbanner.js 1 https://github.com/derbyjs/derby 1 https://github.com/puma/puma 1 https://github.com/endojs/endo 1 https://github.com/moq/moq 1 https://github.com/rails/globalid 1 https://github.com/medikoo/es5-ext 1 https://github.com/wiremock/wiremock 1 https://github.com/jenkinsci/email-ext-plugin 1 https://github.com/python-imaging/Pillow 1 https://github.com/jenkinsci/qmetry-for-jira-test-management-plugin 1 https://github.com/Azure/setup-kubectl 1 https://github.com/swagger-api/swagger-codegen 1 https://github.com/knative-extensions/eventing-github 1 https://github.com/dojo/dijit 1 https://github.com/jcubic/jquery.terminal 1 https://github.com/joeferner/redis-commander 1 https://github.com/fastify/fastify-http-proxy 1 https://github.com/brefphp/bref 1 https://github.com/electron-userland/electron-packager 1 https://github.com/ktorio/ktor 1 https://github.com/PrestaShop/productcomments 1 https://github.com/mlflow/mlflow 1 https://github.com/kopia/kopia 1 https://github.com/floriangaerber/Magnesium-PHP 1 https://github.com/lexik/LexikJWTAuthenticationBundle 1 https://github.com/kitabisa/teler 1 https://github.com/firebase/firebase-tools 1 https://github.com/jeremylong/DependencyCheck 1 https://github.com/tauri-apps/tauri 1 https://github.com/node-red/node-red 1 https://github.com/ubernostrum/django-registration 1 https://github.com/oauth2-proxy/oauth2-proxy 1 https://github.com/octokit/octokit.rb 1 https://github.com/jenkinsci/inedo-buildmaster-plugin 1 https://github.com/onionshare/onionshare 1 https://github.com/sparklemotion/sqlite3-ruby 1 https://github.com/memorysafety/sudo-rs 1 https://github.com/ericcornelissen/shescape 1 https://github.com/alphagov/tech-docs-gem 1 https://github.com/aws/aws-dynamodb-encryption-java 1 https://github.com/tailscale/tailscale 1 https://github.com/Nebulosus/shamir 1 https://github.com/RhinoSecurityLabs/CVEs 1 https://github.com/jenkinsci/support-core-plugin 1 https://github.com/ajenti/ajenti 1 https://github.com/xuxueli/xxl-job 1 https://github.com/yourls/yourls 1 https://github.com/bbatsov/rubocop 1 https://github.com/dan1hc/fgr 1 https://github.com/slsa-framework/slsa-verifier 1 https://github.com/jenkinsci/github-plugin 1 https://github.com/newcontext-oss/kitchen-terraform 1 https://github.com/kiwitcms/Kiwi 1 https://github.com/horazont/xmpp-http-upload 1 https://github.com/jenkinsci/git-client-plugin 1 https://github.com/personnummer/go 1 https://github.com/amundsen-io/amundsenfrontendlibrary 1