Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

High Security Advisories

Loading...
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWhtdjItNzlxOC1mdjZn
Uncontrolled Resource Consumption in urllib3
Ecosystems: pypi
Packages: urllib3
Source: GitHub Advisory Database
Blast Radius: 42.2
Published: about 3 years ago
High
GSA_kwCzR0hTQS14cXI4LTdqd3ItcmhwN84AA04J
Removal of e-Tugra root certificate
Ecosystems: pypi
Packages: certifi
Source: GitHub Advisory Database
Blast Radius: 42.1
Published: 10 months ago
High
GSA_kwCzR0hTQS00anJ2LXBwcDQtam01N83X4A
Deserialization of Untrusted Data in Gson
Ecosystems: maven
Packages: com.google.code.gson:gson
Source: GitHub Advisory Database
Blast Radius: 42.1
Published: about 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXgybWMtOGZnai0zd21y
Improper Input Validation in tar-fs
Ecosystems: npm
Packages: tar-fs
Source: GitHub Advisory Database
Blast Radius: 42.1
Published: about 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXg3amctNnB3Zy1meDVo
HTTP Smuggling via Transfer-Encoding Header in Puma
Ecosystems: rubygems
Packages: puma
Source: GitHub Advisory Database
Blast Radius: 42.1
Published: almost 4 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXEyOG0tOHhqdy04dnI1
Puma's Keepalive Connections Causing Denial Of Service
Ecosystems: rubygems
Packages: puma
Source: GitHub Advisory Database
Blast Radius: 42.1
Published: about 3 years ago
High
GSA_kwCzR0hTQS0yd3JwLTZmZzYtaG1jNc4AA7Ch
Spring Framework URL Parsing with Host Validation
Ecosystems: maven
Packages: org.springframework:spring-web
Source: GitHub Advisory Database
Blast Radius: 42.0
Published: about 1 month ago
High
GSA_kwCzR0hTQS1jY2d2LXZqNjIteGY5aM4AA5d5
Spring Web vulnerable to Open Redirect or Server Side Request Forgery
Ecosystems: maven
Packages: org.springframework:spring-web
Source: GitHub Advisory Database
Blast Radius: 42.0
Published: 3 months ago
High
GSA_kwCzR0hTQS1oZ2poLTlyajItZzY3as4AA6DE
Spring Framework URL Parsing with Host Validation Vulnerability
Ecosystems: maven
Packages: org.springframework:spring-web
Source: GitHub Advisory Database
Blast Radius: 42.0
Published: 2 months ago
High
GSA_kwCzR0hTQS0yN3g0LWo0NzYtanA1Zs4AAe-Z
Setuptools vulnerable to Man-in-the-middle attacks
Ecosystems: pypi
Packages: setuptools
Source: GitHub Advisory Database
Blast Radius: 41.9
Published: about 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTYzeG0tcng1cC14dnFy
Heap buffer overflow in Tensorflow
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 41.9
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXBnNTktMmY5Mi01Y3Bo
Heap buffer overflow in Tensorflow
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 41.9
Published: over 3 years ago
High
GSA_kwCzR0hTQS1qcXY1LTd4cHgtcWo3NM4AAyEw
sqlite vulnerable to code execution due to Object coercion
Ecosystems: npm
Packages: sqlite3
Source: GitHub Advisory Database
Blast Radius: 41.8
Published: about 1 year ago
High
GSA_kwCzR0hTQS00NGM2LTR2MjItNG1oeM0VyQ
semver-regex Regular Expression Denial of Service (ReDOS)
Ecosystems: npm
Packages: semver-regex
Source: GitHub Advisory Database
Blast Radius: 41.8
Published: over 2 years ago
High
GSA_kwCzR0hTQS1nOTU0LTVod3AtcHAyNM4AArQX
Prototype Pollution in protobufjs
Ecosystems: npm
Packages: protobufjs
Source: GitHub Advisory Database
Blast Radius: 41.8
Published: almost 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTd3cHctMmhqbS04OWdw
Prototype Pollution in merge
Ecosystems: npm
Packages: merge
Source: GitHub Advisory Database
Blast Radius: 41.8
Published: about 3 years ago
High
GSA_kwCzR0hTQS14cDc2LTM1N2ctOXdxcc3gGw
SciPy creates insecure temporary directories
Ecosystems: pypi
Packages: scipy
Source: GitHub Advisory Database
Blast Radius: 41.8
Published: about 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWY1MjItZmZnOC1qOHI2
Regular Expression Denial of Service in is-my-json-valid
Ecosystems: npm
Packages: is-my-json-valid
Source: GitHub Advisory Database
Blast Radius: 41.7
Published: over 6 years ago
High
GSA_kwCzR0hTQS0zNTNmLTV4ZjQtcXc2N84AAzpR
Vite Server Options (server.fs.deny) can be bypassed using double forward-slash (//)
Ecosystems: npm
Packages: vite
Source: GitHub Advisory Database
Blast Radius: 41.7
Published: 12 months ago
High
GSA_kwCzR0hTQS1jMjR2LThyZmMtdzh2d84AA4lu
Vite dev server option `server.fs.deny` can be bypassed when hosted on case-insensitive filesystem
Ecosystems: npm
Packages: vite
Source: GitHub Advisory Database
Blast Radius: 41.7
Published: 4 months ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXd3NHgtcndxNi1xcGdm
OmniAuth Ruby gem Cross-site Request Forgery in request phase
Ecosystems: rubygems
Packages: omniauth
Source: GitHub Advisory Database
Blast Radius: 41.7
Published: almost 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTdmNTMtZm1tdi1tZmp2
Regular expression denial of service in react-native
Ecosystems: npm
Packages: react-native
Source: GitHub Advisory Database
Blast Radius: 41.7
Published: almost 3 years ago
High
GSA_kwCzR0hTQS03Nnc4LW1xeDQtd2pyZs4AA8G8
Doctrine DBAL SQL injection possibility
Ecosystems: packagist
Packages: doctrine/dbal
Source: GitHub Advisory Database
Blast Radius: 41.7
Published: 3 days ago
High
GSA_kwCzR0hTQS13MjQ4LWZmajItNHY1cc4AAreN
Fix failure to strip Authorization header on HTTP downgrade
Ecosystems: packagist
Packages: guzzlehttp/guzzle
Source: GitHub Advisory Database
Blast Radius: 41.6
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1mMndmLTI1eGMtNjljOc4AAreO
Failure to strip the Cookie header on change in host or HTTP downgrade
Ecosystems: packagist
Packages: guzzlehttp/guzzle
Source: GitHub Advisory Database
Blast Radius: 41.6
Published: almost 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW01cGotdmpqZi00bTNo
Arbitrary Code Execution in grunt
Ecosystems: npm
Packages: grunt
Source: GitHub Advisory Database
Blast Radius: 41.6
Published: about 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXIyajYtcDY3aC1xNjM5
Secret disclosure when containing characters that become URI encoded
Ecosystems: npm
Packages: semantic-release
Source: GitHub Advisory Database
Blast Radius: 41.6
Published: over 3 years ago
High
GSA_kwCzR0hTQS0yNW1wLWc2ZnYtbXF4eM0ZPg
Unexpected server crash in Next.js.
Ecosystems: npm
Packages: next
Source: GitHub Advisory Database
Blast Radius: 41.5
Published: over 2 years ago
High
GSA_kwCzR0hTQS1mcjVoLXJxcDgtbWo2Z84AA74P
Next.js Server-Side Request Forgery in Server Actions
Ecosystems: npm
Packages: next
Source: GitHub Advisory Database
Blast Radius: 41.5
Published: 9 days ago
High
GSA_kwCzR0hTQS03N3I1LWd3M2otMm1wZs4AA74O
Next.js Vulnerable to HTTP Request Smuggling
Ecosystems: npm
Packages: next
Source: GitHub Advisory Database
Blast Radius: 41.5
Published: 9 days ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTlncjMtNzg5Ny1wcDdt
XSS in Image Optimization API for Next.js
Ecosystems: npm
Packages: next
Source: GitHub Advisory Database
Blast Radius: 41.5
Published: over 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTNmNWMtNHF4ai12bXBm
Next.js Directory Traversal Vulnerability
Ecosystems: npm
Packages: next
Source: GitHub Advisory Database
Blast Radius: 41.5
Published: over 6 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW0zNHgtd2dyaC1nODk3
Directory traversal vulnerability in Next.js
Ecosystems: npm
Packages: next
Source: GitHub Advisory Database
Blast Radius: 41.5
Published: over 6 years ago
High
GSA_kwCzR0hTQS01NXg1LWZqNmMtaDZtOM0a1g
lxml's HTML Cleaner allows crafted and SVG embedded scripts to pass through
Ecosystems: pypi
Packages: lxml
Source: GitHub Advisory Database
Blast Radius: 41.5
Published: over 2 years ago
High
GSA_kwCzR0hTQS13cGc3LTJjODgtcjh4ds0m1w
Exposure of Sensitive Information in simple-get
Ecosystems: npm
Packages: simple-get
Source: GitHub Advisory Database
Blast Radius: 41.5
Published: over 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXc1cDctaDV3OC0yaGZx
Regular Expression Denial of Service in trim
Ecosystems: npm
Packages: trim
Source: GitHub Advisory Database
Blast Radius: 41.5
Published: about 3 years ago
High
GSA_kwCzR0hTQS1mODI1LWY5OGMtZ2ozZ84AAtty
automattic/mongoose vulnerable to Prototype pollution via Schema.path
Ecosystems: npm
Packages: mongoose
Source: GitHub Advisory Database
Blast Radius: 41.4
Published: almost 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXF4MmYtNDc3Yy0zNXJx
method-override ReDoS when untrusted user input passed into X-HTTP-Method-Override header
Ecosystems: npm
Packages: method-override
Source: GitHub Advisory Database
Blast Radius: 41.4
Published: almost 6 years ago
High
GSA_kwCzR0hTQS1wOXc4LTJtcHEtNDloOc4AAxaw
is-url Inefficient Regular Expression Complexity vulnerability
Ecosystems: npm
Packages: is-url
Source: GitHub Advisory Database
Blast Radius: 41.4
Published: over 1 year ago
High
GSA_kwCzR0hTQS1mdzN2LXg0ZjItdjY3M84AAtnx
Mistune vulnerable to catastrophic backtracking
Ecosystems: pypi
Packages: mistune
Source: GitHub Advisory Database
Blast Radius: 41.3
Published: almost 2 years ago
High
GSA_kwCzR0hTQS00cTZwLXI2djItanZjNc4AA2HC
Chaijs/get-func-name vulnerable to ReDoS
Ecosystems: npm
Packages: get-func-name
Source: GitHub Advisory Database
Blast Radius: 41.3
Published: 8 months ago
High
GSA_kwCzR0hTQS1wdjdoLWh4NWgtbWdmas4AArfz
Unsafe deserialization in com.alibaba:fastjson
Ecosystems: maven
Packages: com.alibaba:fastjson
Source: GitHub Advisory Database
Blast Radius: 41.1
Published: almost 2 years ago
High
GSA_kwCzR0hTQS0zNjltLTJndjYtbXcyOM4AAU7q
WEBrick RCE Vulnerability
Ecosystems: rubygems
Packages: webrick
Source: GitHub Advisory Database
Blast Radius: 41.1
Published: about 2 years ago
High
GSA_kwCzR0hTQS1ybTM2LTk0ZzgtODM1cs3k_w
Race Condition in Grunt
Ecosystems: npm
Packages: grunt
Source: GitHub Advisory Database
Blast Radius: 41.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS0zZjJjLWptNnYtY3IzNc4AAYRU
Django DNS Rebinding Vulnerability
Ecosystems: pypi
Packages: django
Source: GitHub Advisory Database
Blast Radius: 41.0
Published: about 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW00MngtMzdwMy1mdjV3
Circumvention of file size limits in ActiveStorage
Ecosystems: rubygems
Packages: activestorage
Source: GitHub Advisory Database
Blast Radius: 41.0
Published: almost 4 years ago
High
GSA_kwCzR0hTQS01NHhxLWNncXItcnBtM84AA3N1
sharp vulnerability in libwebp dependency CVE-2023-4863
Ecosystems: npm
Packages: sharp
Source: GitHub Advisory Database
Blast Radius: 41.0
Published: 6 months ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJqOWMtOXZtdi03bTM5
Missing Regex anchor in Rack-Cors allows malicious third party site to perform CORS request
Ecosystems: rubygems
Packages: rack-cors
Source: GitHub Advisory Database
Blast Radius: 40.9
Published: almost 6 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWdoNngtNHdoci0ycXY0
Null pointer dereference and heap OOB read in operations restoring tensors
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 40.9
Published: over 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTQ4cnctajQ4OS05Mjht
Signature wrapping vulnerability in Spring Security
Ecosystems: maven
Packages: org.springframework.security:spring-security-core
Source: GitHub Advisory Database
Blast Radius: 40.9
Published: almost 4 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTNwMzItajQ1Ny1wZzV4
Query Binding Exploitation
Ecosystems: packagist
Packages: laravel/framework, illuminate/database
Source: GitHub Advisory Database
Blast Radius: 40.9
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXg3cDUtcDJjOS1waHZn
Unexpected database bindings
Ecosystems: packagist
Packages: illuminate/database, laravel/framework
Source: GitHub Advisory Database
Blast Radius: 40.9
Published: over 3 years ago
High
GSA_kwCzR0hTQS02OWNoLXcybTItM3ZqcM4AAvV0
golang.org/x/text/language Denial of service via crafted Accept-Language header
Ecosystems: go
Packages: golang.org/x/text
Source: GitHub Advisory Database
Blast Radius: 40.9
Published: over 1 year ago
High
GSA_kwCzR0hTQS1wcHA5LTdqZmYtNXZqMs4AAwmL
golang.org/x/text/language Out-of-bounds Read vulnerability
Ecosystems: go
Packages: golang.org/x/text
Source: GitHub Advisory Database
Blast Radius: 40.9
Published: over 1 year ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTMycGMteHBoeC1xNGY2
Gunicorn contains Improper Neutralization of CRLF sequences in HTTP headers
Ecosystems: pypi
Packages: gunicorn
Source: GitHub Advisory Database
Blast Radius: 40.8
Published: almost 6 years ago
High
GSA_kwCzR0hTQS1tdjkzLXd2Y3AtN203cs4AAQd1
golang.org/x/net/html Improper Validation of Array Index vulnerability
Ecosystems: go
Packages: golang.org/x/net
Source: GitHub Advisory Database
Blast Radius: 40.8
Published: about 2 years ago
High
GSA_kwCzR0hTQS1mY2Y5LTZmdjItZmM1ds39nQ
golang.org/x/net/html has Improper Restriction of Operations within the Bounds of a Memory Buffer
Ecosystems: go
Packages: golang.org/x/net
Source: GitHub Advisory Database
Blast Radius: 40.8
Published: about 2 years ago
High
GSA_kwCzR0hTQS1oZ3I4LTZoOXgtZjdxOc4AAhsD
golang.org/x/net/http vulnerable to ping floods
Ecosystems: go
Packages: golang.org/x/net
Source: GitHub Advisory Database
Blast Radius: 40.8
Published: almost 2 years ago
High
GSA_kwCzR0hTQS0yd3AyLWNobWgtcjkzNM39mw
golang.org/x/net/html NULL Pointer Dereference vulnerability
Ecosystems: go
Packages: golang.org/x/net
Source: GitHub Advisory Database
Blast Radius: 40.8
Published: about 2 years ago
High
GSA_kwCzR0hTQS01cDRoLTMzNzctN3c2N839kg
golang.org/x/net/html NULL Pointer Dereference vulnerability
Ecosystems: go
Packages: golang.org/x/net
Source: GitHub Advisory Database
Blast Radius: 40.8
Published: about 2 years ago
High
GSA_kwCzR0hTQS1meGc1LXdxNngtdnI0d84AAw-p
golang.org/x/net/http2/h2c vulnerable to request smuggling attack
Ecosystems: go
Packages: golang.org/x/net
Source: GitHub Advisory Database
Blast Radius: 40.8
Published: over 1 year ago
High
GSA_kwCzR0hTQS0zOXFjLTk2aDctOTU2Zs4AAhsE
golang.org/x/net/http vulnerable to a reset flood
Ecosystems: go
Packages: golang.org/x/net
Source: GitHub Advisory Database
Blast Radius: 40.8
Published: almost 2 years ago
High
GSA_kwCzR0hTQS00Mzc0LXA2NjctcDZjOM4AA2ZJ
HTTP/2 rapid reset can cause excessive work in net/http
Ecosystems: go
Packages: golang.org/x/net
Source: GitHub Advisory Database
Blast Radius: 40.8
Published: 7 months ago
High
GSA_kwCzR0hTQS04M2cyLThtOTMtdjN3N84AAom0
golang.org/x/net/html Infinite Loop vulnerability
Ecosystems: go
Packages: golang.org/x/net
Source: GitHub Advisory Database
Blast Radius: 40.8
Published: almost 2 years ago
High
GSA_kwCzR0hTQS12dnB4LWo4ZjMtM3c2aM4AAxtM
Uncontrolled Resource Consumption
Ecosystems: go
Packages: golang.org/x/net
Source: GitHub Advisory Database
Blast Radius: 40.8
Published: about 1 year ago
High
GSA_kwCzR0hTQS12Znc1LWhyZ3EtaDV3Zs4AA2Bv
x/net/html Vulnerable to DoS During HTML Parsing
Ecosystems: go
Packages: golang.org/x/net
Source: GitHub Advisory Database
Blast Radius: 40.8
Published: 8 months ago
High
GSA_kwCzR0hTQS00cjc4LWh4NzUtampqMs39zQ
golang.org/x/net/html has Improper Restriction of Operations within the Bounds of a Memory Buffer
Ecosystems: go
Packages: golang.org/x/net
Source: GitHub Advisory Database
Blast Radius: 40.8
Published: about 2 years ago
High
GSA_kwCzR0hTQS02OWNnLXA4NzktNzYyMs4AAuoj
golang.org/x/net/http2 Denial of Service vulnerability
Ecosystems: go
Packages: golang.org/x/net/http2, golang.org/x/net
Source: GitHub Advisory Database
Blast Radius: 40.8
Published: over 1 year ago
High
GSA_kwCzR0hTQS0zdm00LTIyZnAtNXJmbc4AArAQ
golang.org/x/crypto/ssh NULL Pointer Dereference vulnerability
Ecosystems: go
Packages: golang.org/x/crypto
Source: GitHub Advisory Database
Blast Radius: 40.7
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1nd2M5LW03cmgtajJ3d84AAup1
x/crypto/ssh vulnerable to panic via malformed packets
Ecosystems: go
Packages: golang.org/x/crypto
Source: GitHub Advisory Database
Blast Radius: 40.7
Published: over 1 year ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWNqamMteHA4di04NTV3
Helm uses crypto package vulnerable to panic from malformed X.509 certificate
Ecosystems: go
Packages: helm.sh/helm/v3, golang.org/x/crypto, github.com/helm/helm
Source: GitHub Advisory Database
Blast Radius: 40.7
Published: almost 3 years ago
High
GSA_kwCzR0hTQS04YzI2LXdtaDUtNmc5ds00tw
golang.org/x/crypto/ssh Denial of service via crafted Signer
Ecosystems: go
Packages: golang.org/x/crypto
Source: GitHub Advisory Database
Blast Radius: 40.7
Published: about 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWZmaGctN21oNC0zM2M0
Improper Verification of Cryptographic Signature in golang.org/x/crypto
Ecosystems: go
Packages: golang.org/x/crypto
Source: GitHub Advisory Database
Blast Radius: 40.7
Published: almost 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLThjcjgtNHZmdy1tcjdo
REXML round-trip instability
Ecosystems: rubygems
Packages: rexml
Source: GitHub Advisory Database
Blast Radius: 40.7
Published: about 3 years ago
High
GSA_kwCzR0hTQS02cTZxLTg4eHAtNmYycs4AAwoj
yaml package for Go can consume excessive amounts of CPU or memory
Ecosystems: go
Packages: gopkg.in/yaml.v2
Source: GitHub Advisory Database
Blast Radius: 40.5
Published: over 1 year ago
High
GSA_kwCzR0hTQS1nZndqLWZ3cWotZnAzds4AAonj
Improper Privilege Management in Spring Framework
Ecosystems: maven
Packages: org.springframework:spring-web
Source: GitHub Advisory Database
Blast Radius: 40.4
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1qampoLWpqeHAtd3BmZs4AAvJv
Uncontrolled Resource Consumption in Jackson-databind
Ecosystems: maven
Packages: com.fasterxml.jackson.core:jackson-databind
Source: GitHub Advisory Database
Blast Radius: 40.4
Published: over 1 year ago
High
GSA_kwCzR0hTQS01N2oyLXc0Y3gtNjJoMs0ybA
Deeply nested json in jackson-databind
Ecosystems: maven
Packages: com.fasterxml.jackson.core:jackson-databind
Source: GitHub Advisory Database
Blast Radius: 40.4
Published: about 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTV3dzktajgzbS1xN3F4
Information exposure in FasterXML jackson-databind
Ecosystems: maven
Packages: com.fasterxml.jackson.core:jackson-databind
Source: GitHub Advisory Database
Blast Radius: 40.4
Published: almost 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTI4OGMtY3E0aC04OGdx
XML External Entity (XXE) Injection in Jackson Databind
Ecosystems: maven
Packages: com.fasterxml.jackson.core:jackson-databind
Source: GitHub Advisory Database
Blast Radius: 40.4
Published: about 3 years ago
High
GSA_kwCzR0hTQS0zeDh4LTc5bTItM3cyd84AAyLf
jackson-databind possible Denial of Service if using JDK serialization to serialize JsonNode
Ecosystems: maven
Packages: com.fasterxml.jackson.core:jackson-databind
Source: GitHub Advisory Database
Blast Radius: 40.4
Published: about 1 year ago
High
GSA_kwCzR0hTQS1yZ3Y5LXE1NDMtcnFnNM4AAvJu
Uncontrolled Resource Consumption in FasterXML jackson-databind
Ecosystems: maven
Packages: com.fasterxml.jackson.core:jackson-databind
Source: GitHub Advisory Database
Blast Radius: 40.4
Published: over 1 year ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWNqamYtOTRmZi00M3c3
jackson-databind Deserialization of Untrusted Data vulnerability
Ecosystems: maven
Packages: com.fasterxml.jackson.core:jackson-databind
Source: GitHub Advisory Database
Blast Radius: 40.4
Published: about 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZ3cXAtdjR2Ni1jODdj
Deserialization of Untrusted Data
Ecosystems: maven
Packages: com.fasterxml.jackson.core:jackson-databind
Source: GitHub Advisory Database
Blast Radius: 40.4
Published: almost 4 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWd3cDQtaGZ2Ni1wN2h3
Deserialization of untrusted data in FasterXML jackson-databind
Ecosystems: maven
Packages: com.fasterxml.jackson.core:jackson-databind
Source: GitHub Advisory Database
Blast Radius: 40.4
Published: almost 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWNmNnItM3dnYy1oODYz
Polymorphic deserialization of malicious object in jackson-databind
Ecosystems: maven
Packages: com.fasterxml.jackson.core:jackson-databind
Source: GitHub Advisory Database
Blast Radius: 40.4
Published: about 4 years ago
High
GSA_kwCzR0hTQS1nNGc3LXE3MjYtdjVoZ84AATux
Symfony CSRF Token Fixation
Ecosystems: packagist
Packages: symfony/security, symfony/security-http, symfony/security-bundle, symfony/symfony
Source: GitHub Advisory Database
Blast Radius: 40.4
Published: about 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXBwNzUteGZwdy0zN2c5
Prototype pollution in grpc and @grpc/grpc-js
Ecosystems: npm
Packages: @grpc/grpc-js, grpc
Source: GitHub Advisory Database
Blast Radius: 40.4
Published: about 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTg4Y2MtZzgzNS03NnJw
Improper Restriction of XML External Entity Reference
Ecosystems: maven
Packages: org.postgresql:postgresql
Source: GitHub Advisory Database
Blast Radius: 40.4
Published: over 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTI2NXEtMjhycC1jaHE1
Insecure Entropy Source - Math.random() in node-uuid
Ecosystems: npm
Packages: node-uuid
Source: GitHub Advisory Database
Blast Radius: 40.4
Published: about 4 years ago
High
GSA_kwCzR0hTQS1wdzVjLXhxZjItNnhjMs4AAdEh
Doctrine Security Misconfiguration Vulnerability
Ecosystems: packagist
Packages: zfcampus/zf-apigility-doctrine, zendframework/zendframework, zendframework/zend-cache, doctrine/cache, aws/aws-sdk-php, zendframework/zendframework1, doctrine/mongodb-odm-bundle, doctrine/mongodb-odm, doctrine/orm, doctrine/common, doctrine/annotations
Source: GitHub Advisory Database
Blast Radius: 40.4
Published: about 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTY5OXEtd2NmZi1nOW1q
Unsafe deserialization in Yii 2
Ecosystems: packagist
Packages: yiisoft/yii2
Source: GitHub Advisory Database
Blast Radius: 40.3
Published: over 3 years ago
High
GSA_kwCzR0hTQS1mcDVyLXYzdzktNDMzM80bRA
JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data
Ecosystems: maven
Packages: org.zenframework.z8.dependencies.commons:log4j-1.2.17, log4j:log4j
Source: GitHub Advisory Database
Blast Radius: 40.3
Published: over 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTczcmcteDY4My1tM3F3
Buffer overflow in canvas
Ecosystems: npm
Packages: canvas
Source: GitHub Advisory Database
Blast Radius: 40.3
Published: about 3 years ago
High
GSA_kwCzR0hTQS05cDk1LWZ4dmctcWdxMs4AAwKh
simple-git vulnerable to Remote Code Execution when enabling the ext transport protocol
Ecosystems: npm
Packages: simple-git
Source: GitHub Advisory Database
Blast Radius: 40.3
Published: over 1 year ago
High
GSA_kwCzR0hTQS0zZjk1LXI0NHYtOG1yZ80ySg
Command injection in simple-git
Ecosystems: npm
Packages: simple-git
Source: GitHub Advisory Database
Blast Radius: 40.3
Published: about 2 years ago
High
GSA_kwCzR0hTQS0yOHhyLW13eGctM3FjOM03tQ
Command injection in simple-git
Ecosystems: npm
Packages: simple-git
Source: GitHub Advisory Database
Blast Radius: 40.3
Published: about 2 years ago
High
GSA_kwCzR0hTQS03ZnY5LW03OXItajl4OM4AAa1R
Electron vulnerable to remote command execution
Ecosystems: npm
Packages: electron
Source: GitHub Advisory Database
Blast Radius: 40.3
Published: about 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWh2OWMtcXdxZy1xajN2
Electron webPreferences vulnerability can be used to perform remote code execution
Ecosystems: npm
Packages: electron
Source: GitHub Advisory Database
Blast Radius: 40.3
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTh4d2ctd3Y3di00dnFw
Electron Vulnerable to Code Execution by Re-Enabling Node.js Integration
Ecosystems: npm
Packages: electron
Source: GitHub Advisory Database
Blast Radius: 40.3
Published: about 6 years ago
Statistics
Advisories: 18,774
Packages: 8,381
Repositories: 2,465
Ecosystems: 12
Filter by Severity
Moderate 8,161 High 6,452 Critical 2,849 Low 1,017
Filter by Ecosystem
maven 1,876 npm 1,408 pypi 1,200 packagist 1,073 nuget 786 go 696 cargo 324 rubygems 284 swift 16 hex 9 actions 8 pub 4
Filter by Package
Microsoft.ChakraCore 234 tensorflow 107 tensorflow-cpu 95 tensorflow-gpu 93 magento/community-edition 59 org.jenkins-ci.main:jenkins-core 48 moodle/moodle 44 com.fasterxml.jackson.core:jackson-databind 43 org.apache.tomcat:tomcat 33 dolibarr/dolibarr 31 drupal/core 30 microweber/microweber 27 pimcore/pimcore 27 drupal/drupal 26 nokogiri 25 org.apache.struts:struts2-core 23 phpmyadmin/phpmyadmin 23 com.thoughtworks.xstream:xstream 22 opencv-contrib-python 22 opencv-python 22 typo3/cms 22 Pillow 21 com.jfinal:jfinal 21 ansible 20 salt 20 django 19 github.com/rancher/rancher 19 thorsten/phpmyfaq 19 typo3/cms-core 18 org.jenkins-ci.plugins:script-security 18 librenms/librenms 18 mlflow 18 Plone 17 openssl-src 17 pocketmine/pocketmine-mp 17 getgrav/grav 16 symfony/symfony 16 org.apache.tomcat.embed:tomcat-embed-core 16 apache-airflow 16 parse-server 15 rdiffweb 15 nilsteampassnet/teampass 15 Microsoft.AspNetCore.App.Runtime.win-x86 14 Microsoft.AspNetCore.App.Runtime.win-x64 14 github.com/hashicorp/consul 14 net.mingsoft:ms-mcms 14 vyper 14 centreon/centreon 14 Microsoft.AspNetCore.App.Runtime.win-arm 13 github.com/usememos/memos 13 rubygems-update 13 golang.org/x/net 13 Microsoft.AspNetCore.App.Runtime.osx-x64 12 Microsoft.AspNetCore.App.Runtime.linux-x64 12 Microsoft.AspNetCore.App.Runtime.linux-musl-x64 12 Microsoft.AspNetCore.App.Runtime.linux-arm 12 org.keycloak:keycloak-core 12 baserproject/basercms 12 Microsoft.AspNetCore.App.Runtime.linux-musl-arm64 12 org.apache.openmeetings:openmeetings-parent 12 electron 12 Microsoft.AspNetCore.App.Runtime.linux-arm64 12 activerecord 12 Microsoft.AspNetCore.App.Runtime.win-arm64 12 intelliants/subrion 11 github.com/argoproj/argo-cd 11 mautic/core 11 github.com/hashicorp/vault 11 github.com/nats-io/nats-server/v2 11 actionpack 11 org.keycloak:keycloak-parent 11 io.undertow:undertow-core 11 keystone 10 shopware/platform 10 org.springframework.security:spring-security-core 10 cobbler 10 Django 10 org.apache.nifi:nifi 10 org.xwiki.platform:xwiki-platform-oldcore 10 cockpit-hq/cockpit 10 froxlor/froxlor 10 openmage/magento-lts 10 github.com/hashicorp/nomad 10 matrix-synapse 10 org.bouncycastle:bcprov-jdk14 9 craftcms/cms 9 ckb 9 github.com/ethereum/go-ethereum 9 Microsoft.NetCore.App.Runtime.win-arm 9 org.apache.hadoop:hadoop-main 9 mercurial 9 Microsoft.NetCore.App.Runtime.win-arm64 9 org.apache.struts.xwork:xwork-core 9 org.cloudfoundry.identity:cloudfoundry-identity-server 9 Microsoft.NetCore.App.Runtime.win-x64 9 rusqlite 9 Microsoft.NetCore.App.Runtime.win-x86 9 org.apache.geode:geode-core 9 org.apache.solr:solr-core 9 laravel/framework 9 Microsoft.NETCore.App.Runtime.win-arm64 8 Microsoft.NETCore.App.Runtime.win-x64 8 gradio 8 Microsoft.NETCore.App.Runtime.win-x86 8 shopware/core 8 Microsoft.AspNetCore.App.Runtime.linux-musl-arm 8 org.bouncycastle:bcprov-jdk15 8 org.keycloak:keycloak-services 8 github.com/sylabs/singularity 8 october/system 8 cn.hutool:hutool-core 7 DotNetNuke.Core 7 tar 7 com.liferay.portal:release.portal.bom 7 snipe/snipe-it 7 apache-superset 7 com.xuxueli:xxl-job 7 strapi 7 org.elasticsearch:elasticsearch 7 deno 7 cakephp/cakephp 7 org.eclipse.jetty:jetty-server 7 symfony/security 7 phpmailer/phpmailer 7 pillow 7 org.apache.commons:commons-compress 7 magento/core 7 next 7 gogs.io/gogs 7 codeigniter4/framework 7 org.craftercms:crafter-studio 7 org.jenkins-ci.plugins.workflow:workflow-cps-global-lib 7 smarty/smarty 7 org.springframework:spring-core 7 org.jenkins-ci.plugins.workflow:workflow-cps 7 org.apache.inlong:manager-pojo 7 github.com/docker/docker 7 cryptography 6 Microsoft.NETCore.App 6 waitress 6 contao/core-bundle 6 contao/contao 6 Microsoft.AspNetCore.All 6 rack 6 sequelize 6 guzzlehttp/guzzle 6 ezsystems/ezpublish-kernel 6 github.com/hyperledger/fabric 6 @strapi/strapi 6 @openzeppelin/contracts 6 org.apache.camel:camel-core 6 opencv-python-headless 6 Microsoft.AspNetCore.App.Runtime.osx-arm64 6 opencv-contrib-python-headless 6 github.com/gravitl/netmaker 6 github.com/grafana/grafana 6 org.apache.tomcat:tomcat-coyote 6 nautobot 6 sized-chunks 6 kiwitcms 6 golang.org/x/crypto 6 org.apache.tika:tika-core 6 symfony/security-http 6 wwbn/avideo 6 prestashop/prestashop 6 npm 6 composer/composer 6 k8s.io/kubernetes 6 de.tum.in.ase:artemis-java-test-sandbox 6 express-cart 6 github.com/traefik/traefik/v2 6 github.com/zitadel/zitadel 6 istio.io/istio 6 org.apache.cxf:cxf 6 handlebars 6 org.xwiki.platform:xwiki-platform-web 5 pear/archive_tar 5 directus 5 org.apache.xmlgraphics:batik 5 phpbb/phpbb 5 zope 5 Microsoft.WindowsDesktop.App.Runtime.win-x86 5 Microsoft.WindowsDesktop.App.Runtime.win-x64 5 OPCFoundation.NetStandard.Opc.Ua.Core 5 getkirby/cms 5 org.apache.mesos:mesos 5 com.vaadin:vaadin-bom 5 ezsystems/ezpublish-legacy 5 @openzeppelin/contracts-upgradeable 5 plone 5 genix/cms 5 github.com/nats-io/jwt 5 CefSharp.Common 5 org.apache.tomcat:tomcat-catalina 5 github.com/cilium/cilium 5 forkcms/forkcms 5 serve 5 github.com/go-gitea/gitea 5 github.com/answerdev/answer 5 aubio 5
Filter by Repository
https://github.com/chakra-core/ChakraCore 204 https://github.com/tensorflow/tensorflow 107 https://github.com/xwiki/xwiki-platform 48 https://github.com/FasterXML/jackson-databind 44 https://github.com/jenkinsci/jenkins 36 https://github.com/apache/tomcat 34 https://github.com/django/django 26 https://github.com/python-pillow/Pillow 26 https://github.com/apache/airflow 25 https://github.com/pimcore/pimcore 25 https://github.com/microweber/microweber 25 https://github.com/moodle/moodle 24 https://github.com/keycloak/keycloak 22 https://github.com/apache/struts 22 https://github.com/x-stream/xstream 22 https://github.com/opencv/opencv 21 https://github.com/sparklemotion/nokogiri 20 https://github.com/Dolibarr/dolibarr 19 https://github.com/thorsten/phpmyfaq 18 https://github.com/pmmp/PocketMine-MP 17 https://github.com/dotnet/runtime 17 https://github.com/rancher/rancher 16 https://github.com/spring-projects/spring-framework 16 https://github.com/symfony/symfony 16 https://github.com/ansible/ansible 15 https://github.com/ikus060/rdiffweb 15 https://github.com/parse-community/parse-server 15 https://github.com/github/advisory-database 14 https://github.com/apache/inlong 14 https://github.com/librenms/librenms 14 https://github.com/vyperlang/vyper 14 https://github.com/getgrav/grav 14 https://github.com/mlflow/mlflow 13 https://github.com/usememos/memos 13 https://github.com/jenkinsci/script-security-plugin 13 https://github.com/rails/rails 12 https://github.com/hashicorp/consul 11 https://github.com/mautic/mautic 11 https://github.com/electron/electron 11 https://github.com/apache/nifi 11 https://github.com/centreon/centreon 10 https://github.com/OpenMage/magento-lts 10 https://github.com/go-gitea/gitea 10 https://github.com/argoproj/argo-cd 10 https://github.com/octobercms/october 10 https://github.com/strapi/strapi 9 https://github.com/golang/go 9 https://github.com/cui2shark/cms 9 https://github.com/openstack/keystone 9 https://github.com/rusqlite/rusqlite 9 https://github.com/apache/camel 9 https://github.com/cloudfoundry/uaa 9 https://github.com/nilsteampassnet/teampass 9 https://github.com/kubernetes/kubernetes 9 https://github.com/nervosnetwork/ckb 9 https://github.com/TYPO3/TYPO3.CMS 8 https://github.com/cobbler/cobbler 8 https://github.com/gradio-app/gradio 8 https://github.com/cockpit-hq/cockpit 8 https://github.com/nats-io/nats-server 8 https://github.com/denoland/deno 8 https://github.com/bcgit/bc-java 8 https://github.com/matrix-org/synapse 8 https://github.com/shopware/platform 8 https://github.com/netty/netty 7 https://github.com/dotnet/aspnetcore 7 https://github.com/PHPMailer/PHPMailer 7 https://github.com/eclipse/jetty.project 7 https://github.com/spring-projects/spring-security 7 https://github.com/undertow-io/undertow 7 https://github.com/snipe/snipe-it 7 https://github.com/hashicorp/vault 7 https://github.com/laravel/framework 7 https://github.com/rubygems/rubygems 7 https://github.com/DSpace/DSpace 7 https://github.com/apache/activemq 7 https://github.com/plone/Products.CMFPlone 7 https://github.com/apache/cxf 7 https://github.com/nautobot/nautobot 6 https://github.com/DrunkenShells/Disclosures 6 https://github.com/istio/istio 6 https://github.com/PaddlePaddle/Paddle 6 https://github.com/hyperledger/fabric 6 https://github.com/OpenNMS/opennms 6 https://github.com/intelliants/subrion 6 https://github.com/smarty-php/smarty 6 https://github.com/pyca/cryptography 6 https://github.com/CVEProject/cvelist 6 https://github.com/xuxueli/xxl-job 6 https://github.com/saltstack/salt 6 https://github.com/TYPO3/typo3 6 https://github.com/guzzle/guzzle 6 https://github.com/sequelize/sequelize 6 https://github.com/kiwitcms/Kiwi 6 https://github.com/contao/contao 6 https://github.com/bodil/sized-chunks 6 https://github.com/dnnsoftware/Dnn.Platform 6 https://github.com/phpmyadmin/phpmyadmin 6 https://github.com/dromara/hutool 6 https://github.com/gravitl/netmaker 6 https://github.com/zitadel/zitadel 6 https://github.com/OpenZeppelin/openzeppelin-contracts 6 https://github.com/Pylons/waitress 6 https://github.com/ls1intum/Ares 6 https://github.com/magento/magento2 6 https://github.com/npm/node-tar 6 https://github.com/OPCFoundation/UA-.NETStandard 6 https://github.com/nilsteampassnet/TeamPass 6 https://github.com/WWBN/AVideo 6 https://github.com/backstage/backstage 6 https://github.com/opencast/opencast 6 https://github.com/froxlor/froxlor 6 https://github.com/ethereum/go-ethereum 5 https://github.com/hpcng/singularity 5 https://github.com/cilium/cilium 5 https://github.com/apache/hadoop 5 https://github.com/drupal/core 5 https://github.com/getkirby/kirby 5 https://github.com/PrestaShop/PrestaShop 5 https://github.com/directus/directus 5 https://github.com/forkcms/forkcms 5 https://github.com/composer/composer 5 https://github.com/pear/Archive_Tar 5 https://github.com/zopefoundation/Zope 5 https://github.com/geoserver/geoserver 5 https://github.com/vercel/next.js 5 https://github.com/aubio/aubio 5 https://github.com/BlackFan/client-side-prototype-pollution 5 https://github.com/gogs/gogs 5 https://github.com/answerdev/answer 5 https://github.com/docker/docker 5 https://github.com/apache/xmlgraphics-batik 5 https://github.com/traefik/traefik 5 https://github.com/codeigniter4/CodeIgniter4 5 https://github.com/cakephp/cakephp 5 https://github.com/matrix-org/matrix-js-sdk 5 https://github.com/twisted/twisted 5 https://github.com/apache/kylin 5 https://github.com/apache/dolphinscheduler 5 https://github.com/protocolbuffers/protobuf 5 https://github.com/cefsharp/CefSharp 5 https://github.com/grafana/grafana 5 https://github.com/IBAX-io/go-ibax 5 https://github.com/faisalman/ua-parser-js 5 https://github.com/ericcornelissen/shescape 4 https://github.com/jenkinsci/workflow-cps-global-lib-plugin 4 https://github.com/playframework/playframework 4 https://github.com/containers/podman 4 https://github.com/tidwall/gjson 4 https://github.com/jettison-json/jettison 4 https://github.com/vantage6/vantage6 4 https://github.com/fiveai/Cachet 4 https://github.com/kubernetes/ingress-nginx 4 https://github.com/apache/geode 4 https://github.com/yiisoft/yii2 4 https://github.com/totaljs/framework 4 https://github.com/bolt/bolt 4 https://github.com/phpseclib/phpseclib 4 https://github.com/opencontainers/runc 4 https://github.com/apple/swift-nio-http2 4 https://github.com/scrapy/scrapy 4 https://github.com/PrismJS/prism 4 https://github.com/free5gc/free5gc 4 https://github.com/Codiad/Codiad 4 https://github.com/0xJacky/nginx-ui 4 https://github.com/hashicorp/nomad 4 https://github.com/nocodb/nocodb 4 https://github.com/containers/buildah 4 https://github.com/quarkusio/quarkus 4 https://github.com/livehelperchat/livehelperchat 4 https://github.com/baserproject/basercms 4 https://github.com/ethyca/fides 4 https://github.com/pgadmin-org/pgadmin4 4 https://github.com/wixtoolset/issues 4 https://github.com/pimcore/admin-ui-classic-bundle 4 https://github.com/cri-o/cri-o 4 https://github.com/igniterealtime/Openfire 4 https://github.com/RaspAP/raspap-webgui 4 https://github.com/ckeditor/ckeditor4 4 https://github.com/npm/cli 4 https://github.com/cloudflare/cfrpki 4 https://github.com/libp2p/go-libp2p 4 https://github.com/statamic/cms 4 https://github.com/centreon/centreon-archived 4 https://github.com/surrealdb/surrealdb 4 https://github.com/restlet/restlet-framework-java 4 https://github.com/jnqnfe/pulse-binding-rust 4 https://github.com/Froxlor/Froxlor 4 https://github.com/nightcloudos/new_cms 4 https://github.com/jhipster/generator-jhipster 4 https://github.com/ezsystems/ezpublish-legacy 4 https://github.com/jeecgboot/jeecg-boot 4 https://github.com/jfhbrook/node-ecstatic 3 https://github.com/dpgaspar/Flask-AppBuilder 3 https://github.com/phusion/passenger 3 https://github.com/grpc/grpc 3 https://github.com/jupyterhub/oauthenticator 3 https://gitlab.com/edneville/please 3 https://github.com/edgelesssys/constellation 3