Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Moderate Security Advisories

Loading...
Moderate
GSA_kwCzR0hTQS02bTcyLTQ2N3ctOTRyaM4AA4-w
Privilege Escalation in HashiCorp Consul
Ecosystems: go
Packages: github.com/hashicorp/consul
Source: GitHub Advisory Database
Blast Radius: 22.6
Published: 3 months ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXEzbTktOWZqMi1tZndy
URL Redirection to Untrusted Site ('Open Redirect') in Products.isurlinportal
Ecosystems: pypi
Packages: Products.isurlinportal
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 3 years ago
Moderate
GSA_kwCzR0hTQS1qd2Y4LW1qajgtcjhocc4AAgU0
DOMPDF Information Disclosure
Ecosystems: packagist
Packages: dompdf/dompdf
Source: GitHub Advisory Database
Blast Radius: 28.2
Published: almost 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWg5bWotZmdoYy02NjR3
Denial of Service in mqtt
Ecosystems: npm
Packages: mqtt
Source: GitHub Advisory Database
Blast Radius: 26.3
Published: over 6 years ago
Moderate
GSA_kwCzR0hTQS01aGN4LXZnODgtaGdwbc4AAhk7
Magento 2 Community Edition Insufficient Access Controls
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 7.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1nNXI2LXZybXgtOWd3as4AAlbR
LibreNMS SQL Injection vulnerability
Ecosystems: packagist
Packages: librenms/librenms
Source: GitHub Advisory Database
Blast Radius: 2.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1qOWg0LXA2cDctODY1Ms4AAygL
Jenkins OctoPerf Load Testing Plugin vulnerable to credential capture
Ecosystems: maven
Packages: org.jenkinsci.plugins:octoperf
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1wNHJ4LTd3dmctZndyY84AA4U1
CRI-O's pods can break out of resource confinement on cgroupv2
Ecosystems: go
Packages: github.com/cri-o/cri-o
Source: GitHub Advisory Database
Blast Radius: 11.6
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS1maGdnLWo5MmgtMjlyY84AAQYZ
Missing permission check in Jenkins SOASTA CloudTest Plugin
Ecosystems: maven
Packages: com.soasta.jenkins:cloudtest
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS12d3YyLTl3Y2otNjR2eM4AA4M1
Firefly III allows webhooks HTML Injection.
Ecosystems: packagist
Packages: grumpydictator/firefly-iii
Source: GitHub Advisory Database
Blast Radius: 4.5
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS1oODU1LTZocGgtdjM2M84AAyVZ
Hippo4j allows attacker to obtain sensitive info via ConfigVerifyController function of Tenant Management module
Ecosystems: maven
Packages: cn.hippo4j:hippo4j-all
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS12cHE5LWM2N3EtMjNmcc4AAYvw
Fastly Magento2 sensitive information disclosure
Ecosystems: packagist
Packages: fastly/magento2
Source: GitHub Advisory Database
Blast Radius: 6.8
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS00djVjLTV2NmMtMzdwas4AAtEF
Jenkins Matrix Reloaded Plugin vulnerable to CSRF
Ecosystems: maven
Packages: net.praqma:matrix-reloaded
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1jaDYzLTZjbWctZ3dnMs0zIw
Arbitrary JSON and property file read vulnerability in Jenkins Extended Choice Parameter Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:extended-choice-parameter
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS0ycjJ2LXEzOTktcXE5M80XHA
Request injection in Spring Cloud Gateway
Ecosystems: maven
Packages: org.springframework.cloud:spring-cloud-gateway
Source: GitHub Advisory Database
Blast Radius: 12.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1nd3BmLTk1amMtNjNyds4AArUl
Uncontrolled Resource Consumption in Mattermost server
Ecosystems: go
Packages: github.com/mattermost/mattermost-server
Source: GitHub Advisory Database
Blast Radius: 13.6
Published: almost 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWh4bXAtcHFjaC1jOG1t
Denial of service attack via incorrect parameters in Matrix Synapse
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 9.2
Published: over 3 years ago
Moderate
GSA_kwCzR0hTQS0ycnI4LTljNmctOGo1Y84AAmuH
Missing Authorization in Crafter CMS
Ecosystems: maven
Packages: org.craftercms:crafter-core
Source: GitHub Advisory Database
Blast Radius: 4.5
Published: almost 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWpmY2Mtcm03Zi14Z2Y4
Cross-Site Scripting in mavon-editor
Ecosystems: npm
Packages: mavon-editor
Source: GitHub Advisory Database
Blast Radius: 22.9
Published: over 3 years ago
Moderate
GSA_kwCzR0hTQS1tYzkyLWM4NTktanI2Ns02nQ
Path traversal vulnerability on Windows in Jenkins Continuous Integration with Toad Edge Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:ci-with-toad-edge
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS03ODR4LTd3ODgtdzU2NM4AAz7L
JeecgBoot vulnerable to SQL injection in queryTableDictItemsByCode
Ecosystems: maven
Packages: org.jeecgframework.boot:jeecg-boot-parent
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 11 months ago
Moderate
GSA_kwCzR0hTQS0yOXF2LWhoZzQtNng5Ns4AAuqU
Unauthenticated Sensitive Information Disclosure vulnerability
Ecosystems: packagist
Packages: libreform/libreform
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS05Nmp3LTN4dzQtbXE5cM4AAn2-
Incorrect permission checks in Jenkins Matrix Authorization Strategy Plugin may allow accessing some items
Ecosystems: maven
Packages: org.jenkins-ci.plugins:matrix-auth
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS13Y2hoLXd2cHgtcGY0N8360g
Jenkins Upload to pgyer Plugin stores credentials in plain text
Ecosystems: maven
Packages: ren.helloworld:upload-pgyer
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1xdzIyLTh3OXItODY0aM4AA2Qp
io.micronaut.security:micronaut-security-oauth2 has invalid IdTokenClaimsValidator logic on aud
Ecosystems: maven
Packages: io.micronaut.security:micronaut-security-oauth2
Source: GitHub Advisory Database
Blast Radius: 14.9
Published: 7 months ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJnZ3EtdmZjcC1nd2hq
Cross-Site Scripting in @hapi/boom
Ecosystems: npm
Packages: @hapi/boom
Source: GitHub Advisory Database
Blast Radius: 33.0
Published: over 3 years ago
Moderate
GSA_kwCzR0hTQS01eDZxLWZmd2otOHZjZs4AAaay
attic has improper verification of unencrypted backups
Ecosystems: pypi
Packages: attic
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTdyZzQtMjY2Yy1qcXc2
Predictable CSRF tokens in centreon/centreon
Ecosystems: packagist
Packages: centreon/centreon
Source: GitHub Advisory Database
Blast Radius: 3.1
Published: almost 3 years ago
Moderate
GSA_kwCzR0hTQS1qNTg2LWNqNjctdmc0cM0rQg
Cross-Site Request Forgery in Drupal core
Ecosystems: packagist
Packages: drupal/core
Source: GitHub Advisory Database
Blast Radius: 24.2
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1maHY4LW00ajQtY3d3Ms4AAt-G
Gitea allowed assignment of private issues
Ecosystems: go
Packages: code.gitea.io/gitea
Source: GitHub Advisory Database
Blast Radius: 10.3
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1qOTlxLXJ3cDYtNDk4Z84AAQE6
Gitea Arbitrary File Delete Vulnerability
Ecosystems: go
Packages: code.gitea.io/gitea
Source: GitHub Advisory Database
Blast Radius: 10.3
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS02ZzNqLXA1ZzYtOTkyZs4AA3ez
OpenSearch StackOverflow vulnerability
Ecosystems: maven
Packages: org.opensearch:opensearch
Source: GitHub Advisory Database
Blast Radius: 13.9
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS1meGdjLTk1eHgtZ3J2cc4AAyWI
TensorFlow Denial of Service vulnerability
Ecosystems: pypi
Packages: tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 31.6
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1yM2poLXFoZ2otZ3ZyOM4AA04N
Denial of service in neutron
Ecosystems: pypi
Packages: neutron
Source: GitHub Advisory Database
Blast Radius: 13.8
Published: 10 months ago
Moderate
GSA_kwCzR0hTQS14MjRqLTg3eDktanZ2Nc0W1Q
Publify `guest` role users can self-register even when the admin does not allow it
Ecosystems: rubygems
Packages: publify_core
Source: GitHub Advisory Database
Blast Radius: 5.9
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS01NnI5LTcydngtcTk4Oc4AAyQ2
Moodle arbitrary file read vulnerability
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 9.2
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS00cjhjLXBqN3gtbTVqeM4AAk3-
Comments plugin Cross-Site Request Forgery (CSRF)
Ecosystems: packagist
Packages: verbb/comments
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS04Mzd4LXh3dzYtN2pxbc3smg
PostgreSQL PL/Java Improper Privilege Management
Ecosystems: maven
Packages: postgresql:pljava-public
Source: GitHub Advisory Database
Blast Radius: 5.1
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS02NDJxLTJxNjgtOWozcM4AAwp-
usememos/memos Cross-Site Request Forgery vulnerability
Ecosystems: go
Packages: github.com/usememos/memos
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS12Y2dmLXZtcGMtcGg3Oc0lmA
Microweber Incorrect Permission Assignment for Critical Resource vulnerability
Ecosystems: packagist
Packages: microweber/microweber
Source: GitHub Advisory Database
Blast Radius: 4.5
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS01NjRyLWhqN3YtbWNyNc4AAyQv
Spring Framework vulnerable to denial of service via specially crafted SpEL expression
Ecosystems: maven
Packages: org.springframework:spring-expression
Source: GitHub Advisory Database
Blast Radius: 29.3
Published: about 1 year ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTM2cWgtMzVjbS01dzJ3
Authentication Bypass by Alternate Name in Apache Tomcat
Ecosystems: maven
Packages: org.apache.tomcat:tomcat
Source: GitHub Advisory Database
Blast Radius: 17.2
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1ydjZtLWNodnYtd214Z84AAWq1
phpMyAdmin Denial of service (DOS) attack in transformation feature
Ecosystems: packagist
Packages: phpmyadmin/phpmyadmin
Source: GitHub Advisory Database
Blast Radius: 7.6
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS03Z2djLTVyODQteGY1NM4AAtZZ
Mattermost users could access some sensitive information via API call
Ecosystems: go
Packages: github.com/mattermost/mattermost-server/v6
Source: GitHub Advisory Database
Blast Radius: 14.5
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS13ajZ4LWhjYzItZjMyas4AAyAz
Consul Server Panic when Ingress and API Gateways Configured with Peering Connections
Ecosystems: go
Packages: github.com/hashicorp/consul
Source: GitHub Advisory Database
Blast Radius: 22.6
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS14Yzk3LXI0OXEtY3hnY84AATj3
phpMyAdmin Local file inclusion through transformation feature
Ecosystems: packagist
Packages: phpmyadmin/phpmyadmin
Source: GitHub Advisory Database
Blast Radius: 7.6
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS00amgyLTNjODUtcTY3aM0llQ
Improper Privilege Management in apache-airflow
Ecosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Blast Radius: 20.7
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1tY2d3LTVmaHctM2ZxOM0yTQ
saleor Missing Authorization vulnerability
Ecosystems: pypi
Packages: saleor
Source: GitHub Advisory Database
Blast Radius: 2.0
Published: about 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTc5M2gtNmY3ci02cXZt
Druid ingestion system Authenticated users can read data from other sources than intended
Ecosystems: maven
Packages: org.apache.druid:druid-core
Source: GitHub Advisory Database
Blast Radius: 15.1
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1tcnE4LTUzcjQtM2o1bc0m4g
Permissive parameters and privilege escalation
Ecosystems: hex
Packages: coherence
Source: GitHub Advisory Database
Blast Radius: 10.5
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS01OTQ2LThwMzgtdmZmcM4AA0pU
Apache Airflow Improper Input Validation vulnerability
Ecosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Blast Radius: 20.7
Published: 10 months ago
Moderate
GSA_kwCzR0hTQS1wY3Y1LW0yd2gtNjZqM84AAnvw
Keycloak discloses information without authentication
Ecosystems: maven
Packages: org.keycloak:keycloak-core
Source: GitHub Advisory Database
Blast Radius: 19.9
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS01bTJoLTdyZjItcnB4Ns4AAuzF
UniSharp Laravel Filemanager directory traversal vulnerability
Ecosystems: packagist
Packages: unisharp/laravel-filemanager
Source: GitHub Advisory Database
Blast Radius: 22.2
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1mMmczLTNjNnEtNDQ3OM4AAmmC
Magento 2 Community Edition Incorrect Authorization
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 7.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1oajU3LWo1Y3ctMm13cM4AArNA
Ignition config accessible to unprivileged software on VMware
Ecosystems: go
Packages: github.com/coreos/ignition, github.com/coreos/ignition/v2
Source: GitHub Advisory Database
Blast Radius: 16.7
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1nZ3dyLTR2cjgtZzd3ds4AA0pO
Apache Airflow Path Traversal vulnerability
Ecosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Blast Radius: 20.7
Published: 10 months ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJ3YzYtMnJjai04djc2
scalarmult() vulnerable to degenerate public keys
Ecosystems: cargo
Packages: sodiumoxide
Source: GitHub Advisory Database
Blast Radius: 19.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1mcjZmLXhtZngtcnJwcc4AAlf1
Magento path traversal vulnerability
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 7.0
Published: almost 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWp4NmgtM2ZqeC1jZ3Y1
Apache Tomcat information exposure vulnerability
Ecosystems: maven
Packages: org.apache.tomcat.embed:tomcat-embed-core
Source: GitHub Advisory Database
Blast Radius: 27.0
Published: over 5 years ago
Moderate
GSA_kwCzR0hTQS1nanE0LTY5d2otcDZwcs0uLA
Path traversal in pimcore
Ecosystems: packagist
Packages: pimcore/pimcore
Source: GitHub Advisory Database
Blast Radius: 16.2
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1qNmY3LWhnaHctZzQzN84AAcGn
bottle.py vulnerable to CRLF Injection
Ecosystems: pypi
Packages: bottle
Source: GitHub Advisory Database
Blast Radius: 26.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS0zbXc0LTZyajYtNzRnNc0oeQ
Null pointer dereference in TensorFlow
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 31.6
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1wNHh4LXc2ZnItYzR3Oc4AAxVr
Clockwork Web contains a Cross-Site Request Forgery Vulnerability with Rails < 5.2
Ecosystems: rubygems
Packages: clockwork_web
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1wNzVjLTV4M2gtY3hjZ84AAvNV
Fat Free CRM vulnerable to Remote Denial of Service via Tasks endpoint
Ecosystems: rubygems
Packages: fat_free_crm
Source: GitHub Advisory Database
Blast Radius: 10.4
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1jZmg0LTd3cTktNnBnZ84AA0KK
WPGraphQL Plugin vulnerable to Server Side Request Forgery (SSRF)
Ecosystems: packagist
Packages: wp-graphql/wp-graphql
Source: GitHub Advisory Database
Blast Radius: 10.9
Published: 11 months ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXYzZjYtZjI5Zi1yZ3Zw
Missing Authorization in Drupal
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 24.2
Published: over 4 years ago
Moderate
GSA_kwCzR0hTQS03M3ByLWc2amotNWhjOc4AAtBO
Externally Controlled Reference to a Resource in Another Sphere in ruby-mysql
Ecosystems: rubygems
Packages: ruby-mysql
Source: GitHub Advisory Database
Blast Radius: 15.8
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1jdzljLXYzdjItOTlobc3uCw
Blind SQL Injection with privileged Cloud Foundry UAA endpoints
Ecosystems: maven
Packages: org.cloudfoundry.identity:cloudfoundry-identity-server
Source: GitHub Advisory Database
Blast Radius: 7.6
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS14NHF4LTRmanYtaG13Ns0oeA
Integer overflow leading to crash in Tensorflow
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 31.6
Published: over 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW1wdnctMjVtZy01OXZ4
Server-side Request Forgery (SSRF) via img tags in reportlab
Ecosystems: pypi
Packages: reportlab
Source: GitHub Advisory Database
Blast Radius: 26.9
Published: about 3 years ago
Moderate
GSA_kwCzR0hTQS12M20yLXBnOTYtdzMzbc4AAk84
Openstack cinder Improper handling of ScaleIO backend credentials
Ecosystems: pypi
Packages: os-brick, cinder
Source: GitHub Advisory Database
Blast Radius: 13.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS0zcDg3LWdxdzgtNHBmMs4AAUfM
Showdoc CSRF Vulnerability
Ecosystems: packagist
Packages: showdoc/showdoc
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1qcGo4LTQ5aHItd2N3ds4AAc7N
Drupal Denial of service via transliterate mechanism
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 24.2
Published: almost 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZjZ2gtaGpwdy1xM2dx
Utils.readChallengeTx does not verify the server account signature
Ecosystems: npm
Packages: stellar-sdk
Source: GitHub Advisory Database
Blast Radius: 18.5
Published: almost 3 years ago
Moderate
GSA_kwCzR0hTQS01ZjJyLXFwNzMtMzdtcs0ovg
`CHECK`-failures during Grappler's `SafeToRemoveIdentity` in Tensorflow
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 31.6
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1nM3hmLTg1d2MtNDVncc4AAlHZ
NukeViet Cross-Site Request Forgery (CSRF)
Ecosystems: packagist
Packages: nukeviet/nukeviet
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS12cDQ5LTJnNHItbTN4M84AAklX
SaltStack Salt is vulnerable Arbitrary Directory Access
Ecosystems: pypi
Packages: salt
Source: GitHub Advisory Database
Blast Radius: 17.1
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1jMnB4LWpjZ3ctOXg1N84AAlHz
NukeViet Cross-Site Request Forgery (CSRF)
Ecosystems: packagist
Packages: nukeviet/nukeviet
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS12Z213LTljd3ctcXE5Oc0n6Q
Incorrect Authorization in calibreweb
Ecosystems: pypi
Packages: calibreweb
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS02MzRjLXYyeHYtZmZwZ80WTw
Out-of-bounds Write in OpenCV
Ecosystems: pypi
Packages: opencv-contrib-python, opencv-python
Source: GitHub Advisory Database
Blast Radius: 31.4
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1wNzVqLXdjMzQtNTI3Y80Wdg
Exposure of Sensitive Information to an Unauthorized Actor in ansible
Ecosystems: pypi
Packages: ansible
Source: GitHub Advisory Database
Blast Radius: 27.1
Published: over 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWh3cnItcmhtbS12Y3Zm
NULL Pointer Dereference in Kubernetes CSI snapshot-controller
Ecosystems: go
Packages: github.com/kubernetes-csi/external-snapshotter/v3, github.com/kubernetes-csi/external-snapshotter/v2
Source: GitHub Advisory Database
Blast Radius: 16.7
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1maHBmLXBwNnAtNTVxY80n8g
Unsafe handling of user-specified cookies in treq
Ecosystems: pypi
Packages: treq
Source: GitHub Advisory Database
Blast Radius: 18.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1qY3h2LTJqM2gtbWc1Oc0WTg
Improper Restriction of Operations within the Bounds of a Memory Buffer in OpenCV
Ecosystems: pypi
Packages: opencv-contrib-python, opencv-python
Source: GitHub Advisory Database
Blast Radius: 31.4
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1xZmhnLW02cjgteHhwas0rPw
Incorrect Authorization in Drupal core
Ecosystems: packagist
Packages: drupal/core
Source: GitHub Advisory Database
Blast Radius: 24.2
Published: about 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTVmZzgtMjU0Ny1tcjhx
Misinterpretation of malicious XML input
Ecosystems: npm
Packages: @xmldom/xmldom, xmldom
Source: GitHub Advisory Database
Blast Radius: 36.6
Published: almost 3 years ago
Moderate
GSA_kwCzR0hTQS1ncDk1LXBwdjUtM2pjNc4AArTZ
sharp vulnerable to Command Injection in post-installation over build environment
Ecosystems: npm
Packages: sharp
Source: GitHub Advisory Database
Blast Radius: 34.1
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS0zZzV3LTZwdzctNmhycM4AAxOj
Path Traversal In Eclipse GlassFish
Ecosystems: maven
Packages: org.glassfish.main.web:web
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS0zcjV4LXg2eGYtbThmds02lw
Arbitrary file read vulnerability in Jenkins Tests Selector Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:selected-tests-executor
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTlmOGYtNTc0cS04am1m
Manipulation of product reviews via API
Ecosystems: packagist
Packages: shopware/core, shopware/platform
Source: GitHub Advisory Database
Blast Radius: 16.1
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS12YzI5LW12d3Ytd3Bjcc2KDg
Cross-site scripting (XSS) vulnerability in CakePHP
Ecosystems: packagist
Packages: cakephp/cakephp
Source: GitHub Advisory Database
Blast Radius: 24.3
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1nN2dmLTJycXctNXJ3eM4AAxPk
Publify contains Weak Password Requirements
Ecosystems: rubygems
Packages: publify_core
Source: GitHub Advisory Database
Blast Radius: 5.9
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1jMzhjLWM4bWgtdnE2OM4AA4Uz
Pimcore Customer Data Framework Improper Access Control allows unprivileged user to access customers duplicates list
Ecosystems: packagist
Packages: pimcore/customer-management-framework-bundle
Source: GitHub Advisory Database
Blast Radius: 7.4
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS1qZ2d3LTJxNmctYzNtNs0WPQ
Out-of-bounds Read in OpenCV
Ecosystems: pypi
Packages: opencv-contrib-python-headless, opencv-contrib-python, opencv-python-headless, opencv-python
Source: GitHub Advisory Database
Blast Radius: 31.4
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS0yMnAzLXFyaDktY3gzMs4AAtBv
URL previews of unusual or maliciously-crafted pages can crash Synapse media repositories or Synapse monoliths
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 9.2
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS01OGcyLXZncGctMzM1cc4AAyfN
request-baskets vulnerable to Server-Side Request Forgery
Ecosystems: go
Packages: github.com/darklynx/request-baskets
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS01NDI5LXBqd3ctNzY3Nc0hHA
SQL Injection in Apache Kylin
Ecosystems: maven
Packages: org.apache.kylin:kylin
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1xajdmLWo2aDktZzVycc4AAYQI
XML External Entity Reference in Apache NiFi
Ecosystems: maven
Packages: org.apache.nifi:nifi
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1meDVjLWg5ZjYtcnY3Y80osw
`CHECK`-fails due to attempting to build a reference tensor
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 31.6
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS00Mjh4LTl4YzItbThtas0oew
Division by zero in TFLite
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 31.6
Published: over 2 years ago
Statistics
Advisories: 18,440
Packages: 8,316
Repositories: 2,465
Ecosystems: 12
Filter by Severity
Moderate 7,964 High 6,379 Critical 2,816 Low 990
Filter by Ecosystem
maven 2,554 packagist 2,155 pypi 1,757 npm 1,062 go 881 nuget 537 rubygems 373 cargo 261 hex 14 swift 12 pub 3 actions 3
Filter by Package
moodle/moodle 247 tensorflow 207 tensorflow-cpu 191 tensorflow-gpu 190 org.jenkins-ci.main:jenkins-core 114 magento/community-edition 96 org.apache.tomcat:tomcat 92 pimcore/pimcore 86 typo3/cms 66 microweber/microweber 62 django 54 dolibarr/dolibarr 53 apache-airflow 52 typo3/cms-core 51 phpmyadmin/phpmyadmin 50 thorsten/phpmyfaq 45 actionpack 42 github.com/usememos/memos 42 apache-superset 40 drupal/core 36 plone 35 concrete5/concrete5 34 showdoc/showdoc 34 librenms/librenms 32 org.keycloak:keycloak-core 31 ansible 31 Plone 30 github.com/mattermost/mattermost-server/v6 30 drupal/drupal 28 intelliants/subrion 27 github.com/mattermost/mattermost/server/v8 27 symfony/symfony 27 craftcms/cms 26 silverstripe/framework 25 com.liferay.portal:release.portal.bom 25 org.elasticsearch:elasticsearch 24 snipe/snipe-it 24 github.com/grafana/grafana 23 baserproject/basercms 22 github.com/answerdev/answer 21 org.apache.struts:struts2-core 20 k8s.io/kubernetes 20 grumpydictator/firefly-iii 19 shopware/shopware 18 rdiffweb 18 froxlor/froxlor 18 shopware/platform 18 nilsteampassnet/teampass 18 matrix-synapse 18 remdex/livehelperchat 18 getkirby/cms 17 moin 17 org.apache.tomcat.embed:tomcat-embed-core 16 vyper 15 github.com/argoproj/argo-cd/v2 15 salt 14 yetiforce/yetiforce-crm 14 nova 14 puppet 14 tribalsystems/zenario 14 prestashop/prestashop 14 nokogiri 14 Pillow 13 forkcms/forkcms 13 Django 13 shopware/core 13 org.keycloak:keycloak-services 13 mautic/core 13 com.jfinal:jfinal 13 org.xwiki.platform:xwiki-platform-oldcore 13 io.undertow:undertow-core 13 org.apache.solr:solr-core 12 github.com/goharbor/harbor 12 com.thoughtworks.xstream:xstream 12 org.apache.jspwiki:jspwiki-main 12 github.com/hashicorp/consul 12 tinymce 12 github.com/docker/docker 12 github.com/hashicorp/vault 12 lavalite/cms 11 github.com/cilium/cilium 11 neutron 11 DotNetNuke.Core 11 github.com/hashicorp/nomad 11 getgrav/grav 11 github.com/argoproj/argo-cd 11 feehi/feehicms 11 org.keycloak:keycloak-parent 11 genix/cms 11 pyftpdlib 11 org.apache.nifi:nifi 10 org.springframework:spring-core 10 org.apache.jspwiki:jspwiki-war 10 activesupport 10 org.springframework.security:spring-security-core 10 PaddlePaddle 10 rack 10 notebook 10 ec-cube/ec-cube 10 github.com/mattermost/mattermost-server 10 github.com/greenpau/caddy-security 10 @openzeppelin/contracts-upgradeable 10 github.com/ethereum/go-ethereum 10 contao/core-bundle 10 github.com/containerd/containerd 10 com.vaadin:vaadin-bom 10 joplin 10 helm.sh/helm/v3 10 wallabag/wallabag 10 typo3/cms-backend 10 francoisjacquet/rosariosis 10 @openzeppelin/contracts 10 org.eclipse.jetty:jetty-server 10 fat_free_crm 10 angular 9 publify_core 9 ghost 9 rubygems-update 9 cakephp/cakephp 9 bolt/bolt 9 zendframework/zendframework1 9 ckeditor4 9 org.igniterealtime.openfire:parent 9 directus 9 org.jenkins-ci.plugins:script-security 9 org.opencrx:opencrx-core-models 9 org.mortbay.jetty:jetty 9 swagger-ui 9 code.gitea.io/gitea 9 tinymce/tinymce 9 jquery-rails 9 TinyMCE 9 glance 9 org.jenkins-ci.plugins:git 9 gogs.io/gogs 9 roundup 9 Microsoft.ChakraCore 8 org.apache.archiva:archiva 8 org.bouncycastle:bcprov-jdk14 8 org.apache.activemq:activemq-client 8 silverstripe/cms 8 sylius/sylius 8 rails-html-sanitizer 8 org.jenkins-ci.plugins:electricflow 8 github.com/kubeedge/kubeedge 8 opencv-python 8 opencv-contrib-python 8 bootstrap 8 rails 8 centreon/centreon 8 org.opencms:opencms-core 8 simplesamlphp/simplesamlphp 8 editor.md 8 contao/contao 8 wasmtime 8 github.com/openfga/openfga 8 impresscms/impresscms 8 actionview 8 electron 8 jquery 8 org.webjars.npm:jquery 8 keystone 7 org.opennms:opennms 7 org.jenkins-ci.plugins:email-ext 7 phpmyfaq/phpmyfaq 7 kevinpapst/kimai2 7 validator 7 io.jenkins:configuration-as-code 7 io.jenkins.blueocean:blueocean 7 org.jenkins-ci.plugins:config-file-provider 7 wagtail 7 vantage6 7 com.vaadin:flow-server 7 org.owasp.antisamy:antisamy 7 jQuery 7 github.com/1Panel-dev/1Panel 7 pillow 7 jQuery.UI.Combined 7 org.webjars.npm:jquery-ui 7 jquery-ui-rails 7 jquery-ui 7 OctoPrint 7 org.apache.james:james-server 7 modoboa 7 pyload-ng 7 org.bouncycastle:bcprov-jdk15 7 github.com/google/fscrypt 7 org.apache.cxf:cxf-core 7 trytond 7 phpbb/phpbb 7 org.jenkins-ci.plugins:subversion 7 org.apache.santuario:xmlsec 7 github.com/moby/moby 7 aiohttp 7 silverstripe/admin 7 next 7 org.bouncycastle:bcprov-jdk15on 7 activerecord 7 admidio/admidio 7 org.cloudfoundry.identity:cloudfoundry-identity-server 6
Filter by Repository
https://github.com/tensorflow/tensorflow 207 https://github.com/moodle/moodle 164 https://github.com/jenkinsci/jenkins 90 https://github.com/pimcore/pimcore 83 https://github.com/microweber/microweber 58 https://github.com/apache/tomcat 53 https://github.com/apache/airflow 51 https://github.com/django/django 50 https://github.com/thorsten/phpmyfaq 45 https://github.com/usememos/memos 42 https://github.com/xwiki/xwiki-platform 38 https://github.com/rails/rails 33 https://github.com/kubernetes/kubernetes 32 https://github.com/TYPO3/typo3 32 https://github.com/star7th/showdoc 32 https://github.com/librenms/librenms 30 https://github.com/plone/Products.CMFPlone 29 https://github.com/keycloak/keycloak 27 https://github.com/ansible/ansible 26 https://github.com/symfony/symfony 22 https://github.com/phpmyadmin/phpmyadmin 22 https://github.com/answerdev/answer 21 https://github.com/spring-projects/spring-framework 21 https://github.com/Dolibarr/dolibarr 21 https://github.com/craftcms/cms 21 https://github.com/snipe/snipe-it 20 https://github.com/argoproj/argo-cd 19 https://github.com/apache/activemq 19 https://github.com/concretecms/concretecms 19 https://github.com/firefly-iii/firefly-iii 19 https://github.com/grafana/grafana 18 https://github.com/ikus060/rdiffweb 18 https://github.com/python-pillow/Pillow 18 https://github.com/livehelperchat/livehelperchat 18 https://github.com/matrix-org/synapse 17 https://github.com/shopware/platform 17 https://github.com/apache/struts 17 https://github.com/shopware/shopware 16 https://github.com/magento/magento2 16 https://github.com/vyperlang/vyper 15 https://github.com/CVEProject/cvelist 15 https://github.com/yetiforcecompany/yetiforcecrm 14 https://github.com/PaddlePaddle/Paddle 14 https://github.com/froxlor/froxlor 14 https://github.com/TYPO3/TYPO3.CMS 14 https://github.com/OpenNMS/opennms 14 https://github.com/getkirby/kirby 13 https://github.com/mautic/mautic 13 https://github.com/go-gitea/gitea 13 https://github.com/x-stream/xstream 13 https://github.com/octobercms/october 13 https://github.com/netty/netty 12 https://github.com/tinymce/tinymce 12 https://github.com/apache/cxf 12 https://github.com/goharbor/harbor 12 https://github.com/contao/contao 11 https://github.com/cilium/cilium 11 https://github.com/intelliants/subrion 11 https://github.com/forkcms/forkcms 11 https://github.com/silverstripe/silverstripe-framework 11 https://github.com/PrestaShop/PrestaShop 11 https://github.com/containerd/containerd 10 https://github.com/moby/moby 10 https://github.com/nilsteampassnet/TeamPass 10 https://github.com/ethereum/go-ethereum 10 https://github.com/vaadin/platform 10 https://github.com/greenpau/caddy-security 10 https://github.com/laurent22/joplin 10 https://github.com/jquery/jquery 10 https://github.com/liufee/cms 10 https://github.com/OpenZeppelin/openzeppelin-contracts 10 https://github.com/helm/helm 10 https://github.com/baserproject/basercms 10 https://github.com/mattermost/mattermost 10 https://github.com/saltstack/salt 10 https://github.com/publify/publify 9 https://github.com/puppetlabs/puppet 9 https://github.com/geoserver/geoserver 9 https://github.com/apache/nifi 9 https://github.com/electron/electron 9 https://github.com/jenkinsci/git-plugin 9 https://github.com/strapi/strapi 9 https://github.com/github/advisory-database 9 https://github.com/sparklemotion/nokogiri 9 https://github.com/fatfreecrm/fat_free_crm 9 https://github.com/eclipse/jetty.project 8 https://github.com/openfga/openfga 8 https://github.com/LavaLite/cms 8 https://github.com/swagger-api/swagger-ui 8 https://github.com/hashicorp/consul 8 https://github.com/jupyter/notebook 8 https://github.com/ckeditor/ckeditor4 8 https://github.com/kubeedge/kubeedge 8 https://github.com/getgrav/grav 8 https://github.com/TryGhost/Ghost 8 https://github.com/wallabag/wallabag 8 https://github.com/rack/rack 8 https://github.com/rails/rails-html-sanitizer 8 https://github.com/nilsteampassnet/teampass 8 https://github.com/bcgit/bc-java 8 https://github.com/bytecodealliance/wasmtime 8 https://github.com/directus/directus 8 https://github.com/rubygems/rubygems 8 https://github.com/pandao/editor.md 8 https://github.com/traefik/traefik 7 https://github.com/gogs/gogs 7 https://github.com/google/fscrypt 7 https://github.com/giampaolo/pyftpdlib 7 https://github.com/apache/zeppelin 7 https://github.com/hashicorp/vault 7 https://github.com/dolibarr/dolibarr 7 https://github.com/chakra-core/ChakraCore 7 https://github.com/pyload/pyload 7 https://github.com/jeecgboot/jeecg-boot 7 https://github.com/aio-libs/aiohttp 7 https://github.com/modoboa/modoboa 7 https://github.com/vantage6/vantage6 7 https://github.com/jenkinsci/blueocean-plugin 7 https://github.com/wagtail/wagtail 7 https://github.com/thorsten/phpMyFAQ 7 https://github.com/nahsra/antisamy 7 https://github.com/opencv/opencv 7 https://github.com/vaadin/flow 7 https://github.com/twbs/bootstrap 7 https://github.com/1Panel-dev/1Panel 7 https://github.com/kevinpapst/kimai2 7 https://github.com/jenkinsci/configuration-as-code-plugin 6 https://github.com/croogo/croogo 6 https://github.com/opensearch-project/security 6 https://github.com/pimcore/customer-data-framework 6 https://github.com/jenkinsci/fortify-on-demand-uploader-plugin 6 https://github.com/panva/jose 6 https://github.com/parse-community/parse-server 6 https://github.com/jenkinsci/config-file-provider-plugin 6 https://github.com/openstack/keystone 6 https://github.com/Sylius/Sylius 6 https://github.com/simplesamlphp/simplesamlphp 6 https://github.com/jenkinsci/script-security-plugin 6 https://github.com/faucetsdn/ryu 6 https://github.com/dompdf/dompdf 6 https://github.com/urllib3/urllib3 6 https://github.com/pimcore/admin-ui-classic-bundle 6 https://github.com/cui2shark/security 6 https://github.com/dotnet/runtime 6 https://github.com/oroinc/orocommerce 6 https://github.com/onionshare/onionshare 6 https://github.com/containers/podman 6 https://github.com/d4wner/Vulnerabilities-Report 6 https://github.com/igniterealtime/Openfire 6 https://github.com/cubefs/cubefs 6 https://github.com/umbraco/Umbraco-CMS 6 https://github.com/neorazorx/facturascripts 6 https://github.com/backstage/backstage 6 https://github.com/opencast/opencast 6 https://github.com/ipython/ipython 6 https://github.com/jquery/jquery-ui 6 https://github.com/cloudflare/cfrpki 6 https://github.com/sulu/sulu 5 https://github.com/lxml/lxml 5 https://github.com/rancher/rancher 5 https://github.com/cri-o/cri-o 5 https://github.com/vercel/next.js 5 https://github.com/quarkusio/quarkus 5 https://github.com/evershopcommerce/evershop 5 https://github.com/numpy/numpy 5 https://github.com/Amanieu/parking_lot 5 https://github.com/pmmp/PocketMine-MP 5 https://github.com/jenkinsci/subversion-plugin 5 https://github.com/apache/lucene-solr 5 https://github.com/hashicorp/nomad 5 https://github.com/vapor/vapor 5 https://github.com/puma/puma 5 https://github.com/etcd-io/etcd 5 https://github.com/cloudfoundry/uaa 5 https://github.com/undertow-io/undertow 5 https://github.com/cakephp/cakephp 5 https://github.com/NodeBB/NodeBB 5 https://github.com/paritytech/frontier 5 https://github.com/admidio/admidio 5 https://github.com/nervosnetwork/ckb 5 https://github.com/centreon/centreon-archived 5 https://github.com/apache/tika 5 https://github.com/apache/kylin 5 https://github.com/opencontainers/runc 5 https://github.com/nodejs/undici 5 https://github.com/hyperium/hyper 5 https://github.com/jenkinsci/codedx-plugin 5 https://github.com/unshiftio/url-parse 5 https://github.com/TribalSystems/Zenario 5 https://github.com/kivikakk/comrak 5 https://github.com/semplon/GeniXCMS 5 https://github.com/lief-project/LIEF 5 https://github.com/alextselegidis/easyappointments 5 https://github.com/xuxueli/xxl-job 5 https://github.com/apache/dolphinscheduler 5 https://bitbucket.org/snakeyaml/snakeyaml 5 https://github.com/zitadel/zitadel 5 https://github.com/bolt/bolt 5 https://github.com/jenkinsci/electricflow-plugin 5