Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Moderate Security Advisories

Loading...
Moderate
GSA_kwCzR0hTQS02NjhxLXFydjctOTlmbc0ctg
Deserialization of Untrusted Data in logback
Ecosystems: maven
Packages: ch.qos.logback:logback-core
Source: GitHub Advisory Database
Blast Radius: 30.6
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS03N3hjLWhqdjgtd3c5N84AArqt
AutoUpdater module fails to validate certain nested components of the bundle
Ecosystems: npm
Packages: electron
Source: GitHub Advisory Database
Blast Radius: 32.8
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS13d2NoLWNtcXItaGhybc4AAuaC
ansible-runner 2.0.0 default temporary files written to world R/W locations
Ecosystems: pypi
Packages: ansible-runner
Source: GitHub Advisory Database
Blast Radius: 18.9
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS03djI4LWcycHEtZ2dnOM4AArtH
Ghost vulnerable to remote code execution in locale setting change
Ecosystems: npm
Packages: ghost
Source: GitHub Advisory Database
Blast Radius: 17.6
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1majR4LW02Mmotd3Z3Z84AA1vL
Apache Superset Deserialization of Untrusted Data vulnerability
Ecosystems: pypi
Packages: apache-superset
Source: GitHub Advisory Database
Blast Radius: 8.9
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS05ZnJ3LXdtdnEtNXJyY83t9g
Cloud Foundry UAA Identity Zone Admin Privilege Escalation
Ecosystems: maven
Packages: org.cloudfoundry.identity:cloudfoundry-identity-server
Source: GitHub Advisory Database
Blast Radius: 7.8
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS04NjkyLWc2ZzktZ201cM4AAx7U
xwiki contains Exposed Dangerous Method or Function
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-store-filesystem-oldcore
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS04MzNjLXhoNzktcDQyOc4AAy62
A potential risk in clusternet which can be leveraged to make a cluster-level privilege escalation
Ecosystems: go
Packages: github.com/clusternet/clusternet
Source: GitHub Advisory Database
Blast Radius: 7.6
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1yNjl2LXE0OGctMzk2Ns4AAzCX
phpMyFAQ Improper Access Control vulnerability
Ecosystems: packagist
Packages: thorsten/phpmyfaq
Source: GitHub Advisory Database
Blast Radius: 4.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1nNzZqLTRjeHgtMjNoOc0kvw
Improper Handling of Insufficient Permissions or Privileges in MySQL Connectors Java
Ecosystems: maven
Packages: mysql:mysql-connector-java
Source: GitHub Advisory Database
Blast Radius: 38.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS00ZjV4LXE0amMteGZjZs0kWw
Cross-site Scripting in pimcore
Ecosystems: packagist
Packages: pimcore/pimcore
Source: GitHub Advisory Database
Blast Radius: 16.4
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS0ycmh4LXFoeHAtNWpwd84AA8Qi
Submariner Operator sets unnecessary RBAC permissions in helm charts
Ecosystems: go
Packages: github.com/submariner-io/submariner-operator
Source: GitHub Advisory Database
Blast Radius: 8.6
Published: about 20 hours ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXFtMjgtN2hxdi13ZzVq
OS Command Injection in ng-packagr
Ecosystems: npm
Packages: ng-packagr
Source: GitHub Advisory Database
Blast Radius: 28.2
Published: about 3 years ago
Moderate
GSA_kwCzR0hTQS1jZjZyLXE2NzgtZjJwN84AAt9d
Microweber's title parameter in the body of POST request vulnerable to stored XSS
Ecosystems: packagist
Packages: microweber/microweber
Source: GitHub Advisory Database
Blast Radius: 4.6
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS03Z3dqLTdmaG0tdnc0d84AA8HH
Drupal core unrestricted file upload
Ecosystems: packagist
Packages: drupal/core
Source: GitHub Advisory Database
Blast Radius: 24.6
Published: 3 days ago
Moderate
GSA_kwCzR0hTQS13Z3g3LWpwNTYtNjVtcc4AA74m
Mantis Bug Tracker (MantisBT) vulnerable to cross-site scripting
Ecosystems: packagist
Packages: mantisbt/mantisbt
Source: GitHub Advisory Database
Blast Radius: 4.0
Published: 5 days ago
Moderate
GSA_kwCzR0hTQS1qajZ3LTJjcWctN3A5NM4AA69Y
Mautic SQL Injection in dynamic Reports
Ecosystems: packagist
Packages: mautic/core
Source: GitHub Advisory Database
Blast Radius: 3.1
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS04NDg5LTQ0bXYtZ2dqOM0fsA
Improper Input Validation and Injection in Apache Log4j2
Ecosystems: maven
Packages: org.apache.logging.log4j:log4j-core
Source: GitHub Advisory Database
Blast Radius: 32.5
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS00dnJjLXE3bTYtdnE3d84AAvzN
Lin CMS vulnerable to Improper Authentication
Ecosystems: maven, pypi
Packages: io.github.talelin:lin-cms-core, Lin-CMS
Source: GitHub Advisory Database
Blast Radius: 5.1
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1mZjVjLTkzOHctOGM5cc4AA8Eq
Grafana Escalation from admin to server admin when auth proxy is used
Ecosystems: go
Packages: github.com/grafana/grafana
Source: GitHub Advisory Database
Blast Radius: 11.2
Published: 4 days ago
Moderate
GSA_kwCzR0hTQS02dmM4LTN4ZjItcXJ4eM4AAil8
Magento 2 Community Edition RCE Vulnerability
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 7.1
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS02cXFwLTR2bTMtMzU5ds4AA2A5
OpenStack Barbican credential leak flaw
Ecosystems: pypi
Packages: barbican
Source: GitHub Advisory Database
Blast Radius: 3.1
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS1qOGM4LTY3dnAtNm14N80W-A
Arbitrary memory read in `ImmutableConst`
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 32.1
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1oanI0LWZoZ3AtMjNnOc4AAnka
qlib Deserialization of Untrusted Data vulnerability
Ecosystems: pypi
Packages: pyqlib
Source: GitHub Advisory Database
Blast Radius: 9.6
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS03ajY5LXFmYzMtMmZxOc4AA3tj
Ansible template injection vulnerability
Ecosystems: pypi
Packages: ansible-core
Source: GitHub Advisory Database
Blast Radius: 22.0
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS1jcHE4LXgzNWctbTQzOc0VzA
Cross-site Scripting in yourls
Ecosystems: packagist
Packages: yourls/yourls
Source: GitHub Advisory Database
Blast Radius: 4.6
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1yeDI4LXIyM3AtMnFjM84AAz8q
AWS CDK EKS overly permissive trust policies
Ecosystems: npm
Packages: @aws-cdk/aws-eks, aws-cdk-lib
Source: GitHub Advisory Database
Blast Radius: 24.2
Published: 11 months ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTNoeGgtOGNwMi1nNGhn
Use after free and segfault in shape inference functions
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 32.1
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS00Z3ByLXA2MzQtOTIyeM4AA04d
Cross site scripting via input unit widget
Ecosystems: packagist
Packages: contao/core-bundle
Source: GitHub Advisory Database
Blast Radius: 21.7
Published: 10 months ago
Moderate
GSA_kwCzR0hTQS0yMnIzLTl3NTUtY2o1NM4AA5Lq
Pkg Local Privilege Escalation
Ecosystems: npm
Packages: pkg
Source: GitHub Advisory Database
Blast Radius: 26.2
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS0zNG1yLTZxOHgtZzlyNs4AA3q5
Server-Side Request Forgery in mindsdb
Ecosystems: pypi
Packages: mindsdb
Source: GitHub Advisory Database
Blast Radius: 12.2
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS00YzlxLTY0Z3EteGh4NM4AAq4u
phpMyAdmin Cross-Site Request Forgery (CSRF)
Ecosystems: packagist
Packages: phpmyadmin/phpmyadmin
Source: GitHub Advisory Database
Blast Radius: 7.6
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS0yOXF2LWhoZzQtNng5Ns4AAuqU
Unauthenticated Sensitive Information Disclosure vulnerability
Ecosystems: packagist
Packages: libreform/libreform
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS03OW0zLXEzd2gtYzNxbc4AAX6X
Publify Incorrect Authorization
Ecosystems: rubygems
Packages: publify_core
Source: GitHub Advisory Database
Blast Radius: 5.9
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1ncDk1LXBwdjUtM2pjNc4AArTZ
sharp vulnerable to Command Injection in post-installation over build environment
Ecosystems: npm
Packages: sharp
Source: GitHub Advisory Database
Blast Radius: 34.1
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS12eGhqLTN4N3AtanhwNc4AAdMS
Exposure of Sensitive Information to an Unauthorized Actor in RESTEasy
Ecosystems: maven
Packages: org.jboss.resteasy:resteasy-client
Source: GitHub Advisory Database
Blast Radius: 24.7
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1qOWg0LXA2cDctODY1Ms4AAygL
Jenkins OctoPerf Load Testing Plugin vulnerable to credential capture
Ecosystems: maven
Packages: org.jenkinsci.plugins:octoperf
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1xaDZ4LWo4MmgtdnBmOc4AA7CK
gradio Server-Side Request Forgery vulnerability
Ecosystems: pypi
Packages: gradio
Source: GitHub Advisory Database
Blast Radius: 26.5
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS1mNmZ2LWZqZzgtNG02d84AATvS
OpenRefine Directory Traversal
Ecosystems: maven
Packages: org.openrefine:main
Source: GitHub Advisory Database
Blast Radius: 11.7
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS02am02LWNtY3AtZnFqcc0sVA
Nomad Spread Job Stanza May Trigger Panic in Servers
Ecosystems: go
Packages: github.com/hashicorp/nomad
Source: GitHub Advisory Database
Blast Radius: 15.1
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1yM2poLXFoZ2otZ3ZyOM4AA04N
Denial of service in neutron
Ecosystems: pypi
Packages: neutron
Source: GitHub Advisory Database
Blast Radius: 13.8
Published: 10 months ago
Moderate
GSA_kwCzR0hTQS0zZzV3LTZwdzctNmhycM4AAxOj
Path Traversal In Eclipse GlassFish
Ecosystems: maven
Packages: org.glassfish.main.web:web
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS14cmgyLWMzcm0tMzVqcs4AAq-v
HornetQ REST vulnerable to Improper Restriction of XML External Entity Reference
Ecosystems: maven
Packages: org.hornetq.rest:hornetq-rest
Source: GitHub Advisory Database
Blast Radius: 8.2
Published: almost 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTRmOW0tcHh3aC02OGhn
Cross-Site Scripting in swagger-ui
Ecosystems: npm
Packages: swagger-ui
Source: GitHub Advisory Database
Blast Radius: 25.5
Published: over 3 years ago
Moderate
GSA_kwCzR0hTQS01NDd4LTc0OHYtdnA2cM4AA5A9
Dash apps vulnerable to Cross-site Scripting
Ecosystems: pypi, npm
Packages: dash-core-components, dash-html-components, dash
Source: GitHub Advisory Database
Blast Radius: 32.3
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS1nbTY3LWg1d3ItdzNjds4AA0Ts
Apache Zeppelin Improper Input Validation vulnerability
Ecosystems: maven
Packages: org.apache.zeppelin:zeppelin
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 11 months ago
Moderate
GSA_kwCzR0hTQS0yMnAzLXFyaDktY3gzMs4AAtBv
URL previews of unusual or maliciously-crafted pages can crash Synapse media repositories or Synapse monoliths
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 9.2
Published: almost 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWg5bWotZmdoYy02NjR3
Denial of Service in mqtt
Ecosystems: npm
Packages: mqtt
Source: GitHub Advisory Database
Blast Radius: 26.3
Published: over 6 years ago
Moderate
GSA_kwCzR0hTQS1jNzlmLXBxZ2YtZmhwM84AA3n1
Directory Traversal in Gladys Assistant
Ecosystems: npm
Packages: gladys
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS1mY2dtLTYycDMtZjdjbc4AAbZ8
phpMyAdmin Local file exposure
Ecosystems: packagist
Packages: phpmyadmin/phpmyadmin
Source: GitHub Advisory Database
Blast Radius: 7.6
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS05dzR3LWNwYzgtaDJmcc0wjg
Exposure of Sensitive Information to an Unauthorized Actor in httpie
Ecosystems: pypi
Packages: httpie
Source: GitHub Advisory Database
Blast Radius: 23.3
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS02NDJxLTJxNjgtOWozcM4AAwp-
usememos/memos Cross-Site Request Forgery vulnerability
Ecosystems: go
Packages: github.com/usememos/memos
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS14d2M4LXJmNm0teHI4Ns4AA0KS
hnswlib Double Free vulnerability
Ecosystems: pypi
Packages: hnswlib
Source: GitHub Advisory Database
Blast Radius: 21.8
Published: 11 months ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJ3YzYtMnJjai04djc2
scalarmult() vulnerable to degenerate public keys
Ecosystems: cargo
Packages: sodiumoxide
Source: GitHub Advisory Database
Blast Radius: 19.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1oY2N4LWNnNHYtaHJqeM4AAt-c
JetBrain Ktor before 2.1.0 vulnerable to selection of wrong authentication provider
Ecosystems: maven
Packages: io.ktor:ktor
Source: GitHub Advisory Database
Blast Radius: 9.9
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS04djM4LXB3NjItOWN3Ms0s1g
url-parse Incorrectly parses URLs that include an '@'
Ecosystems: npm
Packages: url-parse
Source: GitHub Advisory Database
Blast Radius: 41.7
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1mNTZnLWNocXAtMjJtOc4AA5Ct
Use after free in libpulse-binding
Ecosystems: cargo
Packages: libpulse-binding
Source: GitHub Advisory Database
Blast Radius: 18.2
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS00NHc3LWdoOWMtNHF2cs4AAgeG
Missing permission check in Jenkins XebiaLabs XL Deploy Plugin
Ecosystems: maven
Packages: com.xebialabs.deployit.ci:deployit-plugin
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS02bWgyLTk4Z3Itd3Y3Ns4AAiKB
phpBB Cross-Site Request Forgery (CSRF)
Ecosystems: packagist
Packages: phpbb/phpbb
Source: GitHub Advisory Database
Blast Radius: 14.5
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS12Y3ZnLXhncjgtcDVncc4AAzw7
Arbitrary file read using percent-encoded relative paths in FileMiddleware
Ecosystems: swift
Packages: github.com/vapor/vapor
Source: GitHub Advisory Database
Blast Radius: 18.9
Published: 11 months ago
Moderate
GSA_kwCzR0hTQS01MnZmLWh2djMtOThoN84AAx7V
xwiki vulnerable to Improper Handling of Exceptional Conditions
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-rendering-parser
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS0zY2YyLXg0MjMteDU4Ms0eBQ
Exposure of Sensitive Information to an Unauthorized Actor and Origin Validation Error in podman
Ecosystems: go
Packages: github.com/containers/podman/v3
Source: GitHub Advisory Database
Blast Radius: 11.2
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS12M2Y3LWo5NjgtNGg1Zs0oaw
Division by zero in Tensorflow
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 31.6
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS14cmN2LWY5Z20tdjQyY80hew
Out-of-bounds Read in Pillow
Ecosystems: pypi
Packages: Pillow
Source: GitHub Advisory Database
Blast Radius: 32.2
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1meGdjLTk1eHgtZ3J2cc4AAyWI
TensorFlow Denial of Service vulnerability
Ecosystems: pypi
Packages: tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 31.6
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS0ycXhwLXhteDYtY3E0Zs4AAxel
Cross-Site Request Forgery (CSRF) in wallabag/wallabag
Ecosystems: packagist
Packages: wallabag/wallabag
Source: GitHub Advisory Database
Blast Radius: 4.5
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS03Y3I5LXJtcXItZnBxcM0yeA
Path traversal in FreeTAKServer-UI
Ecosystems: pypi
Packages: FreeTAKServer-UI
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1nbWhmLTM3ZngtYzRxOM4AAxJT
Missing permission checks in Jenkins Orka Plugin allow capturing credentials
Ecosystems: maven
Packages: io.jenkins.plugins:macstadium-orka
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS04Mzd4LXh3dzYtN2pxbc3smg
PostgreSQL PL/Java Improper Privilege Management
Ecosystems: maven
Packages: postgresql:pljava-public
Source: GitHub Advisory Database
Blast Radius: 5.1
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS04ZzRtLWNqbTItOTZ3cc0z7w
Sandbox escape in notevil and argencoders-notevil
Ecosystems: npm
Packages: argencoders-notevil, notevil
Source: GitHub Advisory Database
Blast Radius: 19.6
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS13NHY1LTU0cDgtbTRqNc4AAxJ3
Missing permission checks in Jenkins GitHub Pull Request Builder Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:ghprb
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWM2cXItaDV2cS01OWpj
Untrusted users can run pending migrations in production in Rails
Ecosystems: rubygems
Packages: actionpack
Source: GitHub Advisory Database
Blast Radius: 38.6
Published: almost 4 years ago
Moderate
GSA_kwCzR0hTQS1yd3c3LTJncHctZnY2as0osg
Crash when type cannot be specialized in Tensorflow
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 31.6
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1nNXI2LXZybXgtOWd3as4AAlbR
LibreNMS SQL Injection vulnerability
Ecosystems: packagist
Packages: librenms/librenms
Source: GitHub Advisory Database
Blast Radius: 2.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1wNHJ4LTd3dmctZndyY84AA4U1
CRI-O's pods can break out of resource confinement on cgroupv2
Ecosystems: go
Packages: github.com/cri-o/cri-o
Source: GitHub Advisory Database
Blast Radius: 11.6
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS01anBoLXdycTctdjloZs4AAwBJ
Denial of service in Mattermost
Ecosystems: go
Packages: github.com/mattermost/mattermost-server
Source: GitHub Advisory Database
Blast Radius: 13.6
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1nM3hmLTg1d2MtNDVncc4AAlHZ
NukeViet Cross-Site Request Forgery (CSRF)
Ecosystems: packagist
Packages: nukeviet/nukeviet
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS12YzI5LW12d3Ytd3Bjcc2KDg
Cross-site scripting (XSS) vulnerability in CakePHP
Ecosystems: packagist
Packages: cakephp/cakephp
Source: GitHub Advisory Database
Blast Radius: 24.3
Published: about 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWZmdzMtNm1wNi1qbXZq
Improper Access Control in Apache Airflow
Ecosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Blast Radius: 20.7
Published: about 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW1nMmctOHB3ai1yMmoy
Authentication bypass in SilverStripe GraphQL
Ecosystems: packagist
Packages: silverstripe/graphql
Source: GitHub Advisory Database
Blast Radius: 15.5
Published: almost 3 years ago
Moderate
GSA_kwCzR0hTQS1jMnB4LWpjZ3ctOXg1N84AAlHz
NukeViet Cross-Site Request Forgery (CSRF)
Ecosystems: packagist
Packages: nukeviet/nukeviet
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1oNng3LWpxNDYtZnAzM80ijA
Improper credentials masking in Jenkins HashiCorp Vault Plugin
Ecosystems: maven
Packages: com.datapipe.jenkins.plugins:hashicorp-vault-plugin
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1yZ3A4LXBtMjgtMzc1Oc4AA7CB
langchain vulnerable to path traversal
Ecosystems: pypi
Packages: langchain
Source: GitHub Advisory Database
Blast Radius: 27.8
Published: about 1 month ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTlmOGYtNTc0cS04am1m
Manipulation of product reviews via API
Ecosystems: packagist
Packages: shopware/core, shopware/platform
Source: GitHub Advisory Database
Blast Radius: 16.1
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS01ZnJoLXd4NnYtOG0ycs4AAo_g
CSRF vulnerabilities in Jenkins requests-plugin Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:requests
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS14cnhtLW12cW0tcjU1M84AAUMu
Helm Path Traversal
Ecosystems: go
Packages: helm.sh/helm
Source: GitHub Advisory Database
Blast Radius: 10.9
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS12Z213LTljd3ctcXE5Oc0n6Q
Incorrect Authorization in calibreweb
Ecosystems: pypi
Packages: calibreweb
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1qOTlxLXJ3cDYtNDk4Z84AAQE6
Gitea Arbitrary File Delete Vulnerability
Ecosystems: go
Packages: code.gitea.io/gitea
Source: GitHub Advisory Database
Blast Radius: 10.3
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1qNmY3LWhnaHctZzQzN84AAcGn
bottle.py vulnerable to CRLF Injection
Ecosystems: pypi
Packages: bottle
Source: GitHub Advisory Database
Blast Radius: 26.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1qcjJtLTI5d2otdzlxY80ycw
SQL Injection in FreeTAKServer-UI
Ecosystems: pypi
Packages: FreeTAKServer-UI
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1nZ3dyLTR2cjgtZzd3ds4AA0pO
Apache Airflow Path Traversal vulnerability
Ecosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Blast Radius: 20.7
Published: 10 months ago
Moderate
GSA_kwCzR0hTQS01NnI5LTcydngtcTk4Oc4AAyQ2
Moodle arbitrary file read vulnerability
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 9.2
Published: about 1 year ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJoanItZmc2Yy12Mmg2
Unauthorized access to Class instance in Jinjava
Ecosystems: maven
Packages: com.hubspot.jinjava:jinjava
Source: GitHub Advisory Database
Blast Radius: 15.3
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS02N2d2LXhydzctcDcyd84AA35i
Phpsysinfo Cross Site Request Forgery (CSRF) vulnerability
Ecosystems: packagist
Packages: phpsysinfo/phpsysinfo
Source: GitHub Advisory Database
Blast Radius: 6.2
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS00Zzg4LTRoZ20tbTk5eM4AA3BK
NASA Open MCT Cross Site Request Forgery (CSRF) vulnerability
Ecosystems: npm
Packages: openmct
Source: GitHub Advisory Database
Blast Radius: 10.1
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS02aHc1LTZnY3gtcGhtd80VpQ
HashiCorp Consul and Consul Enterprise 1.10.1 Txn.Apply endpoint allowed services to register proxies for other services, enabling access to service traffic.
Ecosystems: go
Packages: github.com/hashicorp/consul
Source: GitHub Advisory Database
Blast Radius: 22.6
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1xNGc3LWpyeHYtNjdyOc0XeQ
Silent Configuration Failure in Puppet Agent
Ecosystems: rubygems
Packages: puppet
Source: GitHub Advisory Database
Blast Radius: 26.6
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1xMzk0LWg3ZjUtN2Y0NM4AApRX
Generation of Error Message Containing Sensitive Information in Elasticsearch
Ecosystems: maven
Packages: org.elasticsearch.client:elasticsearch-rest-client
Source: GitHub Advisory Database
Blast Radius: 23.2
Published: almost 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWpqNm0tcjhqYy0yZ3A3
Asymmetric Resource Consumption (Amplification) in Docker containers created by Wings
Ecosystems: go
Packages: github.com/pterodactyl/wings
Source: GitHub Advisory Database
Blast Radius: 2.0
Published: almost 3 years ago
Moderate
GSA_kwCzR0hTQS05M2o1LWc4NDUtOXdxcM0XhQ
Unsafe HTTP Redirect in Puppet Agent and Puppet Server
Ecosystems: rubygems
Packages: puppet
Source: GitHub Advisory Database
Blast Radius: 26.6
Published: over 2 years ago
Statistics
Advisories: 18,774
Packages: 8,381
Repositories: 2,494
Ecosystems: 12
Filter by Severity
Moderate 8,161 High 6,452 Critical 2,849 Low 1,017
Filter by Ecosystem
maven 2,589 packagist 2,256 pypi 1,820 npm 1,067 go 899 nuget 567 rubygems 373 cargo 262 hex 14 swift 12 pub 3 actions 3
Filter by Package
moodle/moodle 247 tensorflow 207 tensorflow-cpu 191 tensorflow-gpu 190 org.jenkins-ci.main:jenkins-core 114 magento/community-edition 106 org.apache.tomcat:tomcat 92 pimcore/pimcore 86 typo3/cms 66 microweber/microweber 62 django 54 typo3/cms-core 54 dolibarr/dolibarr 53 apache-airflow 52 phpmyadmin/phpmyadmin 50 drupal/core 46 thorsten/phpmyfaq 45 github.com/usememos/memos 42 actionpack 42 apache-superset 40 drupal/drupal 38 plone 35 concrete5/concrete5 34 showdoc/showdoc 34 github.com/grafana/grafana 33 Plone 32 librenms/librenms 32 ansible 31 nova 31 org.keycloak:keycloak-core 31 github.com/mattermost/mattermost-server/v6 30 moin 27 github.com/mattermost/mattermost/server/v8 27 intelliants/subrion 27 symfony/symfony 27 craftcms/cms 26 silverstripe/framework 25 com.liferay.portal:release.portal.bom 25 snipe/snipe-it 24 org.elasticsearch:elasticsearch 24 baserproject/basercms 22 github.com/answerdev/answer 21 org.apache.struts:struts2-core 20 k8s.io/kubernetes 20 grumpydictator/firefly-iii 19 shopware/platform 18 shopware/shopware 18 rdiffweb 18 froxlor/froxlor 18 matrix-synapse 18 remdex/livehelperchat 18 mediawiki/core 18 nilsteampassnet/teampass 18 getkirby/cms 17 keystone 17 org.apache.tomcat.embed:tomcat-embed-core 16 prestashop/prestashop 15 github.com/argoproj/argo-cd/v2 15 vyper 15 tribalsystems/zenario 14 puppet 14 Django 14 salt 14 glance 14 nokogiri 14 yetiforce/yetiforce-crm 14 mautic/core 13 org.keycloak:keycloak-services 13 forkcms/forkcms 13 org.xwiki.platform:xwiki-platform-oldcore 13 github.com/docker/docker 13 io.undertow:undertow-core 13 Pillow 13 com.jfinal:jfinal 13 shopware/core 13 tinymce 12 github.com/goharbor/harbor 12 org.apache.solr:solr-core 12 github.com/hashicorp/consul 12 org.apache.jspwiki:jspwiki-main 12 com.thoughtworks.xstream:xstream 12 neutron 12 github.com/hashicorp/vault 12 github.com/hashicorp/nomad 11 lavalite/cms 11 DotNetNuke.Core 11 pyftpdlib 11 feehi/feehicms 11 github.com/cilium/cilium 11 genix/cms 11 org.bouncycastle:bcprov-jdk14 11 getgrav/grav 11 github.com/argoproj/argo-cd 11 directus 11 org.keycloak:keycloak-parent 11 @openzeppelin/contracts 10 org.eclipse.jetty:jetty-server 10 notebook 10 github.com/ethereum/go-ethereum 10 ec-cube/ec-cube 10 rack 10 org.springframework.security:spring-security-core 10 github.com/greenpau/caddy-security 10 org.bouncycastle:bcprov-jdk15on 10 fat_free_crm 10 github.com/mattermost/mattermost-server 10 @openzeppelin/contracts-upgradeable 10 contao/core-bundle 10 org.apache.jspwiki:jspwiki-war 10 org.apache.nifi:nifi 10 wallabag/wallabag 10 francoisjacquet/rosariosis 10 com.vaadin:vaadin-bom 10 typo3/cms-backend 10 activesupport 10 joplin 10 github.com/containerd/containerd 10 org.springframework:spring-core 10 PaddlePaddle 10 helm.sh/helm/v3 10 swagger-ui 9 roundup 9 TinyMCE 9 org.igniterealtime.openfire:parent 9 org.mortbay.jetty:jetty 9 cakephp/cakephp 9 org.jenkins-ci.plugins:git 9 org.opencrx:opencrx-core-models 9 ghost 9 zendframework/zendframework1 9 gogs.io/gogs 9 angular 9 bolt/bolt 9 publify_core 9 rubygems-update 9 org.jenkins-ci.plugins:script-security 9 horizon 9 ckeditor4 9 tinymce/tinymce 9 code.gitea.io/gitea 9 github.com/openfga/openfga 8 org.apache.activemq:activemq-client 8 wasmtime 8 org.apache.archiva:archiva 8 electron 8 simplesamlphp/simplesamlphp 8 rails-html-sanitizer 8 jquery-rails 8 github.com/kubeedge/kubeedge 8 opencv-python 8 bootstrap 8 org.opencms:opencms-core 8 laravel/framework 8 org.jenkins-ci.plugins:electricflow 8 editor.md 8 rails 8 sylius/sylius 8 contao/contao 8 silverstripe/cms 8 centreon/centreon 8 opencv-contrib-python 8 Microsoft.ChakraCore 8 impresscms/impresscms 8 actionview 8 io.jenkins:configuration-as-code 7 github.com/moby/moby 7 modoboa 7 com.vaadin:flow-server 7 pyload-ng 7 silverstripe/admin 7 trytond 7 phpbb/phpbb 7 admidio/admidio 7 aiohttp 7 validator 7 org.apache.cxf:cxf-core 7 org.opennms:opennms 7 kevinpapst/kimai2 7 io.jenkins.blueocean:blueocean 7 pillow 7 wagtail 7 org.apache.santuario:xmlsec 7 org.bouncycastle:bcprov-jdk15 7 jquery-ui 7 jquery-ui-rails 7 org.bouncycastle:bcprov-jdk15to18 7 org.webjars.npm:jquery-ui 7 jQuery.UI.Combined 7 github.com/google/fscrypt 7 org.owasp.antisamy:antisamy 7 org.jenkins-ci.plugins:subversion 7 phpmyfaq/phpmyfaq 7 activerecord 7 next 7 org.jenkins-ci.plugins:email-ext 7 OctoPrint 7 org.apache.james:james-server 7 github.com/1Panel-dev/1Panel 7 swift 7 vantage6 7
Filter by Repository
https://github.com/tensorflow/tensorflow 207 https://github.com/moodle/moodle 164 https://github.com/jenkinsci/jenkins 90 https://github.com/pimcore/pimcore 83 https://github.com/microweber/microweber 58 https://github.com/django/django 57 https://github.com/apache/tomcat 53 https://github.com/apache/airflow 51 https://github.com/thorsten/phpmyfaq 45 https://github.com/usememos/memos 42 https://github.com/xwiki/xwiki-platform 38 https://github.com/TYPO3/typo3 35 https://github.com/kubernetes/kubernetes 33 https://github.com/rails/rails 33 https://github.com/star7th/showdoc 32 https://github.com/librenms/librenms 30 https://github.com/plone/Products.CMFPlone 29 https://github.com/grafana/grafana 29 https://github.com/keycloak/keycloak 27 https://github.com/ansible/ansible 26 https://github.com/phpmyadmin/phpmyadmin 22 https://github.com/symfony/symfony 22 https://github.com/spring-projects/spring-framework 21 https://github.com/craftcms/cms 21 https://github.com/answerdev/answer 21 https://github.com/openstack/nova 21 https://github.com/Dolibarr/dolibarr 21 https://github.com/snipe/snipe-it 20 https://github.com/apache/activemq 19 https://github.com/argoproj/argo-cd 19 https://github.com/concretecms/concretecms 19 https://github.com/firefly-iii/firefly-iii 19 https://github.com/ikus060/rdiffweb 18 https://github.com/python-pillow/Pillow 18 https://github.com/livehelperchat/livehelperchat 18 https://github.com/matrix-org/synapse 17 https://github.com/shopware/platform 17 https://github.com/apache/struts 17 https://github.com/magento/magento2 16 https://github.com/shopware/shopware 16 https://github.com/vyperlang/vyper 15 https://github.com/openstack/keystone 15 https://github.com/CVEProject/cvelist 15 https://github.com/PaddlePaddle/Paddle 14 https://github.com/froxlor/froxlor 14 https://github.com/yetiforcecompany/yetiforcecrm 14 https://github.com/OpenNMS/opennms 14 https://github.com/TYPO3/TYPO3.CMS 14 https://github.com/go-gitea/gitea 13 https://github.com/octobercms/october 13 https://github.com/getkirby/kirby 13 https://github.com/x-stream/xstream 13 https://github.com/mautic/mautic 13 https://github.com/goharbor/harbor 12 https://github.com/netty/netty 12 https://github.com/PrestaShop/PrestaShop 12 https://github.com/tinymce/tinymce 12 https://github.com/apache/cxf 12 https://github.com/contao/contao 11 https://github.com/intelliants/subrion 11 https://github.com/forkcms/forkcms 11 https://github.com/silverstripe/silverstripe-framework 11 https://github.com/cilium/cilium 11 https://github.com/saltstack/salt 10 https://github.com/laurent22/joplin 10 https://github.com/ethereum/go-ethereum 10 https://github.com/moby/moby 10 https://github.com/liufee/cms 10 https://github.com/baserproject/basercms 10 https://github.com/nilsteampassnet/TeamPass 10 https://github.com/OpenZeppelin/openzeppelin-contracts 10 https://github.com/vaadin/platform 10 https://github.com/helm/helm 10 https://github.com/greenpau/caddy-security 10 https://github.com/containerd/containerd 10 https://github.com/mattermost/mattermost 10 https://github.com/directus/directus 10 https://github.com/github/advisory-database 9 https://github.com/strapi/strapi 9 https://github.com/electron/electron 9 https://github.com/geoserver/geoserver 9 https://github.com/fatfreecrm/fat_free_crm 9 https://github.com/apache/nifi 9 https://github.com/publify/publify 9 https://github.com/jquery/jquery 9 https://github.com/puppetlabs/puppet 9 https://github.com/sparklemotion/nokogiri 9 https://github.com/jenkinsci/git-plugin 9 https://github.com/getgrav/grav 8 https://github.com/pandao/editor.md 8 https://github.com/LavaLite/cms 8 https://github.com/openfga/openfga 8 https://github.com/swagger-api/swagger-ui 8 https://github.com/eclipse/jetty.project 8 https://github.com/ckeditor/ckeditor4 8 https://github.com/bcgit/bc-java 8 https://github.com/rails/rails-html-sanitizer 8 https://github.com/TryGhost/Ghost 8 https://github.com/openstack/glance 8 https://github.com/hashicorp/consul 8 https://github.com/rack/rack 8 https://github.com/rubygems/rubygems 8 https://github.com/bytecodealliance/wasmtime 8 https://github.com/wallabag/wallabag 8 https://github.com/nilsteampassnet/teampass 8 https://github.com/kubeedge/kubeedge 8 https://github.com/jupyter/notebook 8 https://github.com/twbs/bootstrap 7 https://github.com/aio-libs/aiohttp 7 https://github.com/vaadin/flow 7 https://github.com/pyload/pyload 7 https://github.com/nahsra/antisamy 7 https://github.com/opencv/opencv 7 https://github.com/dolibarr/dolibarr 7 https://github.com/hashicorp/vault 7 https://github.com/laravel/framework 7 https://github.com/traefik/traefik 7 https://github.com/wagtail/wagtail 7 https://github.com/scrapy/scrapy 7 https://github.com/apache/zeppelin 7 https://github.com/dotnet/runtime 7 https://github.com/openstack/horizon 7 https://github.com/chakra-core/ChakraCore 7 https://github.com/jeecgboot/jeecg-boot 7 https://github.com/vantage6/vantage6 7 https://github.com/thorsten/phpMyFAQ 7 https://github.com/jenkinsci/blueocean-plugin 7 https://github.com/modoboa/modoboa 7 https://github.com/google/fscrypt 7 https://github.com/1Panel-dev/1Panel 7 https://github.com/gogs/gogs 7 https://github.com/kevinpapst/kimai2 7 https://github.com/giampaolo/pyftpdlib 7 https://github.com/cui2shark/security 6 https://github.com/parse-community/parse-server 6 https://github.com/opensearch-project/security 6 https://github.com/neorazorx/facturascripts 6 https://github.com/ipython/ipython 6 https://github.com/cloudflare/cfrpki 6 https://github.com/jenkinsci/configuration-as-code-plugin 6 https://github.com/pimcore/customer-data-framework 6 https://github.com/jenkinsci/config-file-provider-plugin 6 https://github.com/opencast/opencast 6 https://github.com/panva/jose 6 https://github.com/igniterealtime/Openfire 6 https://github.com/croogo/croogo 6 https://github.com/backstage/backstage 6 https://github.com/jenkinsci/fortify-on-demand-uploader-plugin 6 https://github.com/jquery/jquery-ui 6 https://github.com/urllib3/urllib3 6 https://github.com/dompdf/dompdf 6 https://github.com/containers/podman 6 https://github.com/d4wner/Vulnerabilities-Report 6 https://github.com/umbraco/Umbraco-CMS 6 https://github.com/pimcore/admin-ui-classic-bundle 6 https://github.com/onionshare/onionshare 6 https://github.com/cubefs/cubefs 6 https://github.com/faucetsdn/ryu 6 https://github.com/simplesamlphp/simplesamlphp 6 https://github.com/oroinc/orocommerce 6 https://github.com/jenkinsci/script-security-plugin 6 https://github.com/Sylius/Sylius 6 https://github.com/nocodb/nocodb 6 https://github.com/OctoPrint/OctoPrint 5 https://github.com/cosmos/cosmos-sdk 5 https://github.com/cri-o/cri-o 5 https://github.com/rancher/rancher 5 https://github.com/sulu/sulu 5 https://github.com/opencontainers/runc 5 https://github.com/pmmp/PocketMine-MP 5 https://github.com/cloudfoundry/uaa 5 https://github.com/hashicorp/nomad 5 https://github.com/lief-project/LIEF 5 https://github.com/admidio/admidio 5 https://github.com/unshiftio/url-parse 5 https://github.com/hyperium/hyper 5 https://github.com/puma/puma 5 https://github.com/apache/superset 5 https://github.com/mantisbt/mantisbt 5 https://github.com/etcd-io/etcd 5 https://github.com/paritytech/frontier 5 https://github.com/gradio-app/gradio 5 https://github.com/nervosnetwork/ckb 5 https://github.com/cakephp/cakephp 5 https://github.com/evershopcommerce/evershop 5 https://github.com/NodeBB/NodeBB 5 https://github.com/TribalSystems/Zenario 5 https://github.com/kivikakk/comrak 5 https://github.com/jenkinsci/codedx-plugin 5 https://github.com/alextselegidis/easyappointments 5 https://github.com/apache/tika 5 https://bitbucket.org/snakeyaml/snakeyaml 5 https://github.com/bolt/bolt 5 https://github.com/zitadel/zitadel 5 https://github.com/jenkinsci/subversion-plugin 5 https://github.com/lxml/lxml 5 https://github.com/xuxueli/xxl-job 5 https://github.com/yiisoft/yii2 5 https://github.com/apache/dolphinscheduler 5