Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

High Security Advisories

Loading...
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWc1bTctNTdwaC1qNnA4
OS Command Injection in Nexus Yum Repository Plugin
Ecosystems: maven
Packages: org.sonatype.nexus.plugins:nexus-yum-repository-plugin
Source: GitHub Advisory Database
Blast Radius: 2.6
Published: over 4 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJybTgtMzJnNC13OG0z
Cross-site Request Forgery (CSRF)
Ecosystems: go
Packages: github.com/bitly/oauth2_proxy
Source: GitHub Advisory Database
Blast Radius: 2.6
Published: over 2 years ago
High
GSA_kwCzR0hTQS00dzYyLWNxNXItNW1tcc4AARAO
express-cart unrestricted file upload vulnerability
Ecosystems: npm
Packages: express-cart
Source: GitHub Advisory Database
Blast Radius: 2.6
Published: about 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWc5eGgtM3c1Zy0yMjly
SQL Injection in LibreNMS
Ecosystems: packagist
Packages: librenms/librenms
Source: GitHub Advisory Database
Blast Radius: 2.6
Published: over 4 years ago
High
GSA_kwCzR0hTQS1ocjg5LXc3cDYtcGptcc4AASqx
express-cart allows any user to create an admin user
Ecosystems: npm
Packages: express-cart
Source: GitHub Advisory Database
Blast Radius: 2.6
Published: about 2 years ago
High
GSA_kwCzR0hTQS1mZ2poLXgzZjgtOGdtaM4AAhSU
Mirumee Saleor CSRF Protection Disabled
Ecosystems: pypi
Packages: saleor
Source: GitHub Advisory Database
Blast Radius: 2.6
Published: almost 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWM5OWgtZmdxbS02Njc5
UnixAuthenticationService in Apache Ranger was updated to correctly handle user input to avoid Stack-based buffer overflow
Ecosystems: maven
Packages: org.apache.ranger:ranger
Source: GitHub Advisory Database
Blast Radius: 2.6
Published: over 5 years ago
High
GSA_kwCzR0hTQS1tMjQ2LXB2MjgtNHI2Zs4AAU2r
Mingsoft MCMS CSRF vulnerability
Ecosystems: maven
Packages: net.mingsoft:ms-mcms
Source: GitHub Advisory Database
Blast Radius: 2.6
Published: about 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXhqNnItMmpwbS1xdnhw
Code injection issue for java-spring-cloud-stream-template
Ecosystems: npm
Packages: @asyncapi/java-spring-cloud-stream-template
Source: GitHub Advisory Database
Blast Radius: 2.6
Published: over 2 years ago
High
GSA_kwCzR0hTQS05MnY5LXhoMnEtZnE5Zs0V4Q
Prototype Pollution in cookiex/deep
Ecosystems: npm
Packages: @cookiex/deep
Source: GitHub Advisory Database
Blast Radius: 2.6
Published: over 2 years ago
High
GSA_kwCzR0hTQS1nbXBxLXhyeGoteGg4bc4AAv0j
Arches vulnerable to execution of arbitrary SQL
Ecosystems: pypi
Packages: arches
Source: GitHub Advisory Database
Blast Radius: 2.6
Published: over 1 year ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWd3cmotODhmcC01bTM2
Code injection in Narou
Ecosystems: rubygems
Packages: narou
Source: GitHub Advisory Database
Blast Radius: 2.6
Published: almost 3 years ago
High
GSA_kwCzR0hTQS1ncW1mLWpxZ3Ytdjhmd84AA7v4
Pterodactyl Wings vulnerable to Arbitrary File Write/Read
Ecosystems: go
Packages: github.com/pterodactyl/wings
Source: GitHub Advisory Database
Blast Radius: 2.6
Published: 12 days ago
High
GSA_kwCzR0hTQS0ycThjLWdxZjQtbWczds4AA17s
Cross site scripting in librenms
Ecosystems: packagist
Packages: librenms/librenms
Source: GitHub Advisory Database
Blast Radius: 2.5
Published: 8 months ago
High
GSA_kwCzR0hTQS12Y2NnLWY0Z3AtNDV4Oc4AA3S2
Eval Injection in fastbots
Ecosystems: pypi
Packages: fastbots
Source: GitHub Advisory Database
Blast Radius: 2.5
Published: 6 months ago
High
GSA_kwCzR0hTQS1wOHIzLTgzcjgtandqNc4AAxfU
Pterodactyl Wings contains UNIX Symbolic Link (Symlink) Following
Ecosystems: go
Packages: github.com/pterodactyl/wings
Source: GitHub Advisory Database
Blast Radius: 2.5
Published: over 1 year ago
High
GSA_kwCzR0hTQS14dzJyLWY4eHYtYzh4cM4AA1LX
PrestaShop XSS injection through Validate::isCleanHTML method
Ecosystems: packagist
Packages: prestashop/prestashop
Source: GitHub Advisory Database
Blast Radius: 2.5
Published: 9 months ago
High
GSA_kwCzR0hTQS1nNTNnLXE1MzktOTNjds3jtQ
Server-Side Request Forgery in scout-browser
Ecosystems: pypi
Packages: scout-browser
Source: GitHub Advisory Database
Blast Radius: 2.5
Published: about 2 years ago
High
GSA_kwCzR0hTQS05eHZmLWNqdmYtZmY1cc4AA6Rg
WP Crontrol vulnerable to possible RCE when combined with a pre-condition
Ecosystems: packagist
Packages: johnbillion/wp-crontrol
Source: GitHub Advisory Database
Blast Radius: 2.5
Published: about 2 months ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTg3OHgtODVoYy1nYzRn
SQL Injection in LibreNMS
Ecosystems: packagist
Packages: librenms/librenms
Source: GitHub Advisory Database
Blast Radius: 2.4
Published: over 4 years ago
High
GSA_kwCzR0hTQS1maDdyLTk5NnEtZ3ZjcM4AAy9g
Possible XSS injection through Validate::isCleanHTML method
Ecosystems: packagist
Packages: prestashop/prestashop
Source: GitHub Advisory Database
Blast Radius: 2.4
Published: about 1 year ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXd4M3EtNng3eC1qanc0
mystem downloads Resources over HTTP
Ecosystems: npm
Packages: mystem
Source: GitHub Advisory Database
Blast Radius: 2.4
Published: about 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXhqNmYteDdqbS04NWZm
openframe-ascii-image downloads Resources over HTTP
Ecosystems: npm
Packages: openframe-ascii-image
Source: GitHub Advisory Database
Blast Radius: 2.4
Published: about 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXgyNjgtNmpobS0ybXg4
libsbmlsim downloads Resources over HTTP
Ecosystems: npm
Packages: libsbmlsim
Source: GitHub Advisory Database
Blast Radius: 2.4
Published: about 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWNyNmMtODVmaC1jcXBn
Downloads Resources over HTTP in haxeshim
Ecosystems: npm
Packages: haxeshim
Source: GitHub Advisory Database
Blast Radius: 2.4
Published: almost 6 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXI4aDktaHE5Yy0ycDVj
High severity vulnerability that affects com.github.shyiko.ktlint:ktlint-core
Ecosystems: maven
Packages: com.github.shyiko.ktlint:ktlint-core
Source: GitHub Advisory Database
Blast Radius: 2.4
Published: about 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXhxOHItcjcyci1wcXdt
Downloads Resources over HTTP in roslib-socketio
Ecosystems: npm
Packages: roslib-socketio
Source: GitHub Advisory Database
Blast Radius: 2.4
Published: over 3 years ago
High
GSA_kwCzR0hTQS03M3d4LXJwajMtbXg0Ns0teQ
Path traversal in MCMS
Ecosystems: maven
Packages: net.mingsoft:ms-mcms
Source: GitHub Advisory Database
Blast Radius: 2.4
Published: about 2 years ago
High
GSA_kwCzR0hTQS14Z3BtLXEzbXEtNDZycc4AA4Lv
PrestaShop some attribute not escaped in Validate::isCleanHTML method
Ecosystems: packagist
Packages: prestashop/prestashop
Source: GitHub Advisory Database
Blast Radius: 2.4
Published: 4 months ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTY4NmYtY2gzci14d21o
Data races in unicycle
Ecosystems: cargo
Packages: unicycle
Source: GitHub Advisory Database
Blast Radius: 2.4
Published: over 2 years ago
High
GSA_kwCzR0hTQS12anIyLXdwZmgtNXI5cM4AAzGU
Apache Ranger Hive Plugin missing permissions check
Ecosystems: maven
Packages: org.apache.ranger:ranger-hive-plugin
Source: GitHub Advisory Database
Blast Radius: 2.4
Published: about 1 year ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXh3MjItd3YyOS0zMjk5
ApiKey secret could be revelated on network issue
Ecosystems: npm
Packages: node-etsy-client
Source: GitHub Advisory Database
Blast Radius: 2.4
Published: about 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWpwcHgtaHcyZi04Z3g0
chromedriver126 downloads Resources over HTTP
Ecosystems: npm
Packages: chromedriver126
Source: GitHub Advisory Database
Blast Radius: 2.4
Published: about 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTM2MjctdzJxci01Znhy
fuseki downloads Resources over HTTP
Ecosystems: npm
Packages: fuseki
Source: GitHub Advisory Database
Blast Radius: 2.4
Published: about 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWdmOHYtdnhmOS03YzY2
cloudpub-redis downloads Resources over HTTP
Ecosystems: npm
Packages: cloudpub-redis
Source: GitHub Advisory Database
Blast Radius: 2.4
Published: about 5 years ago
High
GSA_kwCzR0hTQS03aHY2LWd2MzgtNzh3as4AAzl_
DataEase API interface has IDOR vulnerability
Ecosystems: maven
Packages: io.dataease:dataease-plugin-common
Source: GitHub Advisory Database
Blast Radius: 2.4
Published: 12 months ago
High
GSA_kwCzR0hTQS1nNXFyLXhnZzctOHEyd84AAxND
Command Injection in puppet-facter
Ecosystems: npm
Packages: puppet-facter
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: over 1 year ago
High
GSA_kwCzR0hTQS1tcjZoLTd4Mm0tcmdtcc4AA2dG
SQL injection in librenms/librenms
Ecosystems: packagist
Packages: librenms/librenms
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: 7 months ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWNnbWctMnY2bS1mamc3
Free of uninitialized memory in autorand
Ecosystems: cargo
Packages: autorand
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: over 2 years ago
High
GSA_kwCzR0hTQS01NDloLXI3ZzktMnFwZs4AAzft
n158 vulnerable to Command Injection due to improper input sanitization in the 'module.exports' function
Ecosystems: npm
Packages: n158
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: 12 months ago
High
GSA_kwCzR0hTQS1nM2NjLXB2amotOXhxOc4AASlU
Yelp OSXCollector Improper Certificate Validation
Ecosystems: pypi
Packages: osxcollector
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: about 2 years ago
High
GSA_kwCzR0hTQS03N2ZxLTR4ZjUtaHBoNM4AAgbs
Buffer overflow in wasm3
Ecosystems: pypi
Packages: pywasm3
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1yZm0yLWY5NGotcWhqcM4AA7Om
OpenStack Storlets arbitrary code execution vulnerability
Ecosystems: pypi
Packages: storlets
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: 23 days ago
High
GSA_kwCzR0hTQS04cjRtLTVwNnAtNTJycM4AAy-t
Arbitrary file read via SQL injection
Ecosystems: packagist
Packages: prestashop/prestashop
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: about 1 year ago
High
GSA_kwCzR0hTQS1mM2h3LTNoNzQtd3I5OM4AAv9Y
Cross-site Scripting in librenms/librenms
Ecosystems: packagist
Packages: librenms/librenms
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: over 1 year ago
High
GSA_kwCzR0hTQS02YzZwLWg3OWYtZzZwNM4AAvxx
Istio may allow identity impersonation if user has localhost access
Ecosystems: go
Packages: github.com/istio/istio
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: over 1 year ago
High
GSA_kwCzR0hTQS1tNnBmLWNtM2YtNzg3Ns4AA1Tn
LibreNMS Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: librenms/librenms
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: 9 months ago
High
GSA_kwCzR0hTQS1mdmY1LXhwODMtdnJxcM4AAu_6
ICEcoder vulnerable to Path Traversal
Ecosystems: packagist
Packages: icecoder/icecoder
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: over 1 year ago
High
GSA_kwCzR0hTQS1tOTRwLTg5NDItcG00Oc4AAdYe
OpenStack TripleO Heat templates spoof metadata requests
Ecosystems: pypi
Packages: tripleo-heat-templates
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: almost 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXF2cDQtcnBtci14d3Jy
Possible bypass of token claim validation when OAuth2 Introspection caching is enabled
Ecosystems: go
Packages: github.com/ory/oathkeeper
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: almost 3 years ago
High
GSA_kwCzR0hTQS0yY2pjLXJnbXAteDY0Oc3uew
Traefik Missing Authentication
Ecosystems: go
Packages: github.com/traefik/traefik
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: about 2 years ago
High
GSA_kwCzR0hTQS0zNW01LThjdmotODc4M80W7g
Improper hashing in enrocrypt
Ecosystems: pypi
Packages: enrocrypt
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: over 2 years ago
High
GSA_kwCzR0hTQS1oNTd3LXZoMzQtZjhjd84AA4dr
Code injection in mingSoft MCMS
Ecosystems: maven
Packages: net.mingsoft:ms-mcms
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: 4 months ago
High
GSA_kwCzR0hTQS03anJ3LXA4amMtdjZxd84AAw6V
sviehb/jefferson vulnerable to path traversal
Ecosystems: pypi
Packages: jefferson
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: over 1 year ago
High
GSA_kwCzR0hTQS0zZndxLXF2NXYtMnd4Zs4AAxDR
Path Traversal in web-node-server
Ecosystems: npm
Packages: web-node-server
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: over 1 year ago
High
GSA_kwCzR0hTQS14djU5LWdjM3ItcmY5Ms4AAtHT
Insufficient Session Expiration in Nakama
Ecosystems: go
Packages: github.com/heroiclabs/nakama
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1qeHF2LWpjdmgtN2dyNM4AAtvs
Atlantis Events vulnerable to Timing Attack
Ecosystems: go
Packages: github.com/runatlantis/atlantis
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: almost 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXFwd2YtNGZ4NS1jcnFx
Directory Traversal in earlybird
Ecosystems: npm
Packages: earlybird
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWZqcjYtaG0zOS00Y2Y5
Double free in basic_dsp_matrix
Ecosystems: cargo
Packages: basic_dsp_matrix
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: over 2 years ago
High
GSA_kwCzR0hTQS05Zzh3LXBqcHItcHJyNM4AARcn
Path Traversal in io.hawt:project
Ecosystems: maven
Packages: io.hawt:project
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: about 2 years ago
High
GSA_kwCzR0hTQS1qOTg0LXE0cWMtNnF4Zs4AAdNg
librsvg DoS via Cyclic References
Ecosystems: cargo
Packages: librsvg
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: almost 2 years ago
High
GSA_kwCzR0hTQS02eHhqLWdjanEtd2dmNM0ZdA
SQL injection in prestashop/prestashop
Ecosystems: packagist
Packages: prestashop/prestashop
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: over 2 years ago
High
GSA_kwCzR0hTQS03NmZnLW1ocmctZm1tZ84AAufn
XNIO `notifyReadClosed` method logging message to unexpected end
Ecosystems: maven
Packages: org.jboss.xnio:xnio-all
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: over 1 year ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXYzcHgtNmNjOC1mOGoz
Path traversal in servey
Ecosystems: npm
Packages: servey
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: about 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXc0cHYtdzU2Yy1tZzR2
Path Traversal in stattic
Ecosystems: npm
Packages: stattic
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: almost 6 years ago
High
GSA_kwCzR0hTQS02cHE2LWNydzktNTIyaM4AAiif
Cezerin Unauthorized Acces
Ecosystems: npm
Packages: cezerin
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: almost 2 years ago
High
GSA_kwCzR0hTQS12YzQyLW1ncjItdzM0cs4AAi6K
Modoboa is vulnerable to an XML External Entity Injection (XXE)
Ecosystems: pypi
Packages: modoboa-dmarc
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: almost 2 years ago
High
GSA_kwCzR0hTQS12ZnhjLXIyZ3gtdjJ2cc4AAg3I
Hybrid Group Gobot Improper Certificate Validation vulnerability
Ecosystems: go
Packages: github.com/hybridgroup/gobot
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: almost 2 years ago
High
GSA_kwCzR0hTQS03NW0zLWY0aHItMnZoOc4AAz2i
jjson vulnerable to stack exhaustion
Ecosystems: maven
Packages: de.grobmeier.json:jjson
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: 11 months ago
High
GSA_kwCzR0hTQS1jcXh4LTY2d2gtOHBqd803oQ
Improper Removal of Sensitive Information Before Storage or Transfer in irrd
Ecosystems: pypi
Packages: irrd
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: about 2 years ago
High
GSA_kwCzR0hTQS1waHdxLTlnYzQtcTVjOM0msg
Mingsoft MCMS SQL injection vulnerability
Ecosystems: maven
Packages: net.mingsoft:ms-mcms
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: over 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTdxZm0tNm0zMy1yZ2c5
XML External Entity Reference
Ecosystems: maven
Packages: com.epam.reportportal:service-api
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: almost 3 years ago
High
GSA_kwCzR0hTQS12OW1wLWo4ZzctMnE2bc4AAxPu
Paranoidhttp Server-Side Request Forgery vulnerability
Ecosystems: go
Packages: github.com/hakobe/paranoidhttp
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: over 1 year ago
High
GSA_kwCzR0hTQS1meGZmLXd4eHYtYzJqY84AA3OX
PyPinkSign uses a non-random or static IV for Cipher Block Chaining (CBC) mode in AES encryption
Ecosystems: pypi
Packages: pypinksign
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: 6 months ago
High
GSA_kwCzR0hTQS1tNm01LXBwNGctZmNjOM0WNA
S3 storage write is not aborted on errors leading to unbounded memory usage
Ecosystems: go
Packages: github.com/foxcpp/maddy
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: over 2 years ago
High
GSA_kwCzR0hTQS1xNmh4LTNtNHAtNzQ5aM4AA3qn
DOS by abusing `fetchOptions.retry`.
Ecosystems: npm
Packages: nuxt-api-party
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: 5 months ago
High
GSA_kwCzR0hTQS13cDQ3LTlyM2gteGZncc0pdg
Server-Side Request Forgery in Apache Traffic Control
Ecosystems: go
Packages: github.com/apache/trafficcontrol
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: over 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTdoanAtOTdnMy1ycTkz
Path Traversal in minsoft:ms-mcms
Ecosystems: maven
Packages: net.mingsoft:ms-mcms
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: over 5 years ago
High
GSA_kwCzR0hTQS1jNDl2LTM1ZmYtcTlmN84AAmAg
DotPlant2 Improper Restriction of XML External Entity Reference
Ecosystems: packagist
Packages: devgroup/dotplant
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: almost 2 years ago
High
GSA_kwCzR0hTQS04OTM2LTQ0Z3ctNzY2NM4AAdXr
TripleO Heat templates might allow remote attackers to obtain sensitive information from private containers
Ecosystems: pypi
Packages: tripleo-heat-templates
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1xcWMyLXB2NjgtcTcyaM0mug
Mingsoft MCMS SQL injection vulnerability
Ecosystems: maven
Packages: net.mingsoft:ms-mcms
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: over 2 years ago
High
GSA_kwCzR0hTQS13cXh3LThoNWctaHE1Ns4AAxVm
Switcher Client contains Regular Expression Denial of Service (ReDoS)
Ecosystems: npm
Packages: switcher-client
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: over 1 year ago
High
GSA_kwCzR0hTQS1yd3J4LXgyaHctOWg1d84AAyMH
Apache Sling Resource Merger has Excessive Iteration vulnerability
Ecosystems: maven
Packages: org.apache.sling:org.apache.sling.resourcemerger
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: about 1 year ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJqeDgtdjRodi1neDNo
XXE vulnerability in Launch import
Ecosystems: maven
Packages: com.epam.reportportal:service-api
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: almost 3 years ago
High
GSA_kwCzR0hTQS04OHY4LXY0NmctNmM5d84AAxPx
Servst vulnerable to Path Traversal
Ecosystems: npm
Packages: servst
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: over 1 year ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXIzMzYtanhmci00YzNj
Path Traversal in LibreNMS
Ecosystems: packagist
Packages: librenms/librenms
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: over 4 years ago
High
GSA_kwCzR0hTQS1tcW1wLTRtY3Atdmc4ds3_eg
Apache ORC vulnerable to Uncontrolled Recursion
Ecosystems: maven
Packages: org.apache.orc:orc
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: about 2 years ago
High
GSA_kwCzR0hTQS1oZ2d2LW1jcDQtdnhjNc0ydA
Improper Authentication in FreeTAKServer
Ecosystems: pypi
Packages: FreeTAKServer
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: about 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTU4cXAtNTMyOC12N21o
cumulative-distribution-function Infinite Loop vulnerability
Ecosystems: npm
Packages: cumulative-distribution-function
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: about 3 years ago
High
GSA_kwCzR0hTQS1waDI4LXd3ZmotZnY3Zs4AATHz
Prototype Pollution in sds
Ecosystems: npm
Packages: sds
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: about 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTR4MjUtZjQ1eC1ncnY1
Missing encryption in Apache Directory Studio
Ecosystems: maven
Packages: org.apache.directory.studio:org.apache.directory.studio.parent
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: almost 3 years ago
High
GSA_kwCzR0hTQS13cjhoLXc5NjktMzZtOM4AAxwt
GoPistolet vulnerable to Improper Resource Shutdown or Release
Ecosystems: go
Packages: github.com/gopistolet/gopistolet
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: about 1 year ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXFweHAtNWo1Ni1nZzN4
samlr XML nodes comment attack
Ecosystems: rubygems
Packages: samlr
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: almost 5 years ago
High
GSA_kwCzR0hTQS1qNnYyLW13eG0tZjk1Ms4AA0JQ
py-xml XML External Entity Injection vulnerability
Ecosystems: pypi
Packages: py-xml
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: 11 months ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTI0d2YtN3ZmMi1wdjU5
XXE vulnerability on Launch import with externally-defined DTD file
Ecosystems: maven
Packages: com.epam.reportportal:service-api
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: almost 3 years ago
High
GSA_kwCzR0hTQS1yM2ZxLWNtbXctY3Btbc4AAg2e
Containous Traefik Exposes Password Hashes
Ecosystems: go
Packages: github.com/traefik/traefik
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: almost 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZmdmYtNmd4NS1tcXY2
Incorrect Authorization in ORY Oathkeeper
Ecosystems: go
Packages: github.com/ory/oathkeeper
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: almost 3 years ago
High
GSA_kwCzR0hTQS04cnY3LWc3NzItcHAzas4AA1oD
DataEase vulnerable to SQL injection
Ecosystems: maven
Packages: io.dataease:dataease-plugin-common
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: 9 months ago
High
GSA_kwCzR0hTQS1mMndyLWM0YzQteGpnN83wPg
Apache Traffic Control vulnerable to Slowloris-style Denial of Service attack
Ecosystems: go
Packages: github.com/apache/trafficcontrol
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: about 2 years ago
High
GSA_kwCzR0hTQS0zNjh4LXdtbWctaHE1Y84AAxxt
Apollo has potential access control security issue in eureka
Ecosystems: maven
Packages: com.ctrip.framework.apollo:apollo
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: about 1 year ago
Statistics
Advisories: 18,592
Packages: 8,342
Repositories: 2,453
Ecosystems: 12
Filter by Severity
Moderate 8,063 High 6,401 Critical 2,824 Low 1,012
Filter by Ecosystem
maven 1,876 npm 1,408 pypi 1,198 packagist 1,025 nuget 786 go 695 cargo 324 rubygems 284 swift 16 hex 9 actions 8 pub 4
Filter by Package
Microsoft.ChakraCore 234 tensorflow 107 tensorflow-cpu 95 tensorflow-gpu 93 magento/community-edition 55 org.jenkins-ci.main:jenkins-core 48 moodle/moodle 44 com.fasterxml.jackson.core:jackson-databind 43 org.apache.tomcat:tomcat 33 dolibarr/dolibarr 31 drupal/core 28 microweber/microweber 27 pimcore/pimcore 27 nokogiri 25 drupal/drupal 24 phpmyadmin/phpmyadmin 23 org.apache.struts:struts2-core 23 opencv-python 22 opencv-contrib-python 22 com.thoughtworks.xstream:xstream 22 typo3/cms 22 Pillow 21 com.jfinal:jfinal 21 ansible 20 salt 20 django 19 thorsten/phpmyfaq 19 github.com/rancher/rancher 19 org.jenkins-ci.plugins:script-security 18 librenms/librenms 18 typo3/cms-core 18 Plone 17 openssl-src 17 pocketmine/pocketmine-mp 17 mlflow 17 org.apache.tomcat.embed:tomcat-embed-core 16 apache-airflow 16 symfony/symfony 16 rdiffweb 15 getgrav/grav 15 nilsteampassnet/teampass 15 parse-server 15 centreon/centreon 14 vyper 14 net.mingsoft:ms-mcms 14 Microsoft.AspNetCore.App.Runtime.win-x64 14 Microsoft.AspNetCore.App.Runtime.win-x86 14 github.com/hashicorp/consul 14 rubygems-update 13 github.com/usememos/memos 13 golang.org/x/net 13 Microsoft.AspNetCore.App.Runtime.win-arm 13 Microsoft.AspNetCore.App.Runtime.win-arm64 12 baserproject/basercms 12 Microsoft.AspNetCore.App.Runtime.osx-x64 12 Microsoft.AspNetCore.App.Runtime.linux-x64 12 Microsoft.AspNetCore.App.Runtime.linux-musl-x64 12 activerecord 12 Microsoft.AspNetCore.App.Runtime.linux-musl-arm64 12 Microsoft.AspNetCore.App.Runtime.linux-arm64 12 electron 12 Microsoft.AspNetCore.App.Runtime.linux-arm 12 org.keycloak:keycloak-core 12 org.apache.openmeetings:openmeetings-parent 12 actionpack 11 github.com/nats-io/nats-server/v2 11 mautic/core 11 intelliants/subrion 11 github.com/hashicorp/vault 11 io.undertow:undertow-core 11 github.com/argoproj/argo-cd 11 org.keycloak:keycloak-parent 11 Django 10 cockpit-hq/cockpit 10 github.com/hashicorp/nomad 10 openmage/magento-lts 10 shopware/platform 10 matrix-synapse 10 org.xwiki.platform:xwiki-platform-oldcore 10 org.apache.nifi:nifi 10 keystone 10 cobbler 10 org.springframework.security:spring-security-core 10 froxlor/froxlor 10 org.apache.geode:geode-core 9 ckb 9 Microsoft.NetCore.App.Runtime.win-x86 9 github.com/ethereum/go-ethereum 9 org.apache.struts.xwork:xwork-core 9 org.apache.solr:solr-core 9 org.cloudfoundry.identity:cloudfoundry-identity-server 9 org.bouncycastle:bcprov-jdk14 9 mercurial 9 Microsoft.NetCore.App.Runtime.win-arm64 9 Microsoft.NetCore.App.Runtime.win-arm 9 rusqlite 9 Microsoft.NetCore.App.Runtime.win-x64 9 craftcms/cms 9 org.apache.hadoop:hadoop-main 9 Microsoft.NETCore.App.Runtime.win-x86 8 org.keycloak:keycloak-services 8 shopware/core 8 github.com/sylabs/singularity 8 gradio 8 Microsoft.AspNetCore.App.Runtime.linux-musl-arm 8 october/system 8 Microsoft.NETCore.App.Runtime.win-arm64 8 Microsoft.NETCore.App.Runtime.win-x64 8 org.bouncycastle:bcprov-jdk15 8 cakephp/cakephp 7 org.elasticsearch:elasticsearch 7 magento/core 7 org.eclipse.jetty:jetty-server 7 github.com/docker/docker 7 pillow 7 phpmailer/phpmailer 7 DotNetNuke.Core 7 com.xuxueli:xxl-job 7 apache-superset 7 smarty/smarty 7 symfony/security 7 cn.hutool:hutool-core 7 next 7 strapi 7 deno 7 codeigniter4/framework 7 snipe/snipe-it 7 org.apache.inlong:manager-pojo 7 com.liferay.portal:release.portal.bom 7 org.jenkins-ci.plugins.workflow:workflow-cps-global-lib 7 tar 7 org.craftercms:crafter-studio 7 org.apache.commons:commons-compress 7 org.springframework:spring-core 7 gogs.io/gogs 7 org.jenkins-ci.plugins.workflow:workflow-cps 7 handlebars 6 sequelize 6 rack 6 org.apache.cxf:cxf 6 kiwitcms 6 Microsoft.AspNetCore.App.Runtime.osx-arm64 6 laravel/framework 6 github.com/grafana/grafana 6 k8s.io/kubernetes 6 cryptography 6 org.apache.tomcat:tomcat-coyote 6 express-cart 6 sized-chunks 6 github.com/hyperledger/fabric 6 contao/core-bundle 6 contao/contao 6 @openzeppelin/contracts 6 waitress 6 Microsoft.NETCore.App 6 guzzlehttp/guzzle 6 de.tum.in.ase:artemis-java-test-sandbox 6 github.com/zitadel/zitadel 6 org.apache.tika:tika-core 6 github.com/traefik/traefik/v2 6 org.apache.camel:camel-core 6 github.com/gravitl/netmaker 6 composer/composer 6 prestashop/prestashop 6 @strapi/strapi 6 symfony/security-http 6 nautobot 6 wwbn/avideo 6 opencv-contrib-python-headless 6 npm 6 istio.io/istio 6 Microsoft.AspNetCore.All 6 opencv-python-headless 6 golang.org/x/crypto 6 directus 5 org.apache.mesos:mesos 5 github.com/IBAX-io/go-ibax 5 org.apache.tomcat:tomcat-catalina 5 github.com/cilium/cilium 5 plone 5 Microsoft.AspNetCore.App 5 matrix-js-sdk 5 org.xwiki.platform:xwiki-platform-web 5 github.com/nats-io/jwt 5 zope 5 ua-parser-js 5 github.com/go-gitea/gitea 5 CefSharp.Common 5 Microsoft.WindowsDesktop.App.Runtime.win-x86 5 Microsoft.WindowsDesktop.App.Runtime.win-x64 5 getkirby/cms 5 statamic/cms 5 github.com/opencontainers/runc 5 github.com/answerdev/answer 5 twisted 5 code.gitea.io/gitea 5 org.apache.dolphinscheduler:dolphinscheduler 5 serve 5 forkcms/forkcms 5 passenger 5
Filter by Repository
https://github.com/chakra-core/ChakraCore 204 https://github.com/tensorflow/tensorflow 107 https://github.com/xwiki/xwiki-platform 48 https://github.com/FasterXML/jackson-databind 44 https://github.com/jenkinsci/jenkins 36 https://github.com/apache/tomcat 34 https://github.com/python-pillow/Pillow 26 https://github.com/pimcore/pimcore 25 https://github.com/microweber/microweber 25 https://github.com/apache/airflow 25 https://github.com/moodle/moodle 24 https://github.com/django/django 24 https://github.com/keycloak/keycloak 22 https://github.com/x-stream/xstream 22 https://github.com/apache/struts 22 https://github.com/opencv/opencv 21 https://github.com/sparklemotion/nokogiri 20 https://github.com/Dolibarr/dolibarr 19 https://github.com/thorsten/phpmyfaq 18 https://github.com/dotnet/runtime 17 https://github.com/pmmp/PocketMine-MP 17 https://github.com/symfony/symfony 16 https://github.com/spring-projects/spring-framework 16 https://github.com/rancher/rancher 16 https://github.com/parse-community/parse-server 15 https://github.com/ikus060/rdiffweb 15 https://github.com/ansible/ansible 15 https://github.com/vyperlang/vyper 14 https://github.com/librenms/librenms 14 https://github.com/apache/inlong 14 https://github.com/github/advisory-database 14 https://github.com/usememos/memos 13 https://github.com/jenkinsci/script-security-plugin 13 https://github.com/getgrav/grav 13 https://github.com/rails/rails 12 https://github.com/mlflow/mlflow 12 https://github.com/hashicorp/consul 11 https://github.com/apache/nifi 11 https://github.com/electron/electron 11 https://github.com/mautic/mautic 11 https://github.com/argoproj/argo-cd 10 https://github.com/centreon/centreon 10 https://github.com/octobercms/october 10 https://github.com/OpenMage/magento-lts 10 https://github.com/go-gitea/gitea 10 https://github.com/openstack/keystone 9 https://github.com/kubernetes/kubernetes 9 https://github.com/strapi/strapi 9 https://github.com/rusqlite/rusqlite 9 https://github.com/golang/go 9 https://github.com/apache/camel 9 https://github.com/cui2shark/cms 9 https://github.com/cloudfoundry/uaa 9 https://github.com/nilsteampassnet/teampass 9 https://github.com/nervosnetwork/ckb 9 https://github.com/cockpit-hq/cockpit 8 https://github.com/shopware/platform 8 https://github.com/matrix-org/synapse 8 https://github.com/gradio-app/gradio 8 https://github.com/TYPO3/TYPO3.CMS 8 https://github.com/bcgit/bc-java 8 https://github.com/cobbler/cobbler 8 https://github.com/denoland/deno 8 https://github.com/nats-io/nats-server 8 https://github.com/DSpace/DSpace 7 https://github.com/netty/netty 7 https://github.com/apache/cxf 7 https://github.com/plone/Products.CMFPlone 7 https://github.com/rubygems/rubygems 7 https://github.com/dotnet/aspnetcore 7 https://github.com/hashicorp/vault 7 https://github.com/snipe/snipe-it 7 https://github.com/eclipse/jetty.project 7 https://github.com/spring-projects/spring-security 7 https://github.com/apache/activemq 7 https://github.com/undertow-io/undertow 7 https://github.com/PHPMailer/PHPMailer 7 https://github.com/DrunkenShells/Disclosures 6 https://github.com/nilsteampassnet/TeamPass 6 https://github.com/istio/istio 6 https://github.com/WWBN/AVideo 6 https://github.com/TYPO3/typo3 6 https://github.com/kiwitcms/Kiwi 6 https://github.com/sequelize/sequelize 6 https://github.com/guzzle/guzzle 6 https://github.com/phpmyadmin/phpmyadmin 6 https://github.com/gravitl/netmaker 6 https://github.com/intelliants/subrion 6 https://github.com/saltstack/salt 6 https://github.com/xuxueli/xxl-job 6 https://github.com/zitadel/zitadel 6 https://github.com/CVEProject/cvelist 6 https://github.com/dnnsoftware/Dnn.Platform 6 https://github.com/OPCFoundation/UA-.NETStandard 6 https://github.com/Pylons/waitress 6 https://github.com/backstage/backstage 6 https://github.com/ls1intum/Ares 6 https://github.com/npm/node-tar 6 https://github.com/PaddlePaddle/Paddle 6 https://github.com/pyca/cryptography 6 https://github.com/opencast/opencast 6 https://github.com/OpenNMS/opennms 6 https://github.com/magento/magento2 6 https://github.com/hyperledger/fabric 6 https://github.com/bodil/sized-chunks 6 https://github.com/dromara/hutool 6 https://github.com/contao/contao 6 https://github.com/nautobot/nautobot 6 https://github.com/OpenZeppelin/openzeppelin-contracts 6 https://github.com/smarty-php/smarty 6 https://github.com/froxlor/froxlor 6 https://github.com/directus/directus 5 https://github.com/cilium/cilium 5 https://github.com/PrestaShop/PrestaShop 5 https://github.com/gogs/gogs 5 https://github.com/codeigniter4/CodeIgniter4 5 https://github.com/aubio/aubio 5 https://github.com/cakephp/cakephp 5 https://github.com/drupal/core 5 https://github.com/apache/kylin 5 https://github.com/getkirby/kirby 5 https://github.com/pear/Archive_Tar 5 https://github.com/protocolbuffers/protobuf 5 https://github.com/apache/hadoop 5 https://github.com/ethereum/go-ethereum 5 https://github.com/zopefoundation/Zope 5 https://github.com/geoserver/geoserver 5 https://github.com/laravel/framework 5 https://github.com/faisalman/ua-parser-js 5 https://github.com/docker/docker 5 https://github.com/IBAX-io/go-ibax 5 https://github.com/answerdev/answer 5 https://github.com/apache/dolphinscheduler 5 https://github.com/composer/composer 5 https://github.com/twisted/twisted 5 https://github.com/matrix-org/matrix-js-sdk 5 https://github.com/vercel/next.js 5 https://github.com/cefsharp/CefSharp 5 https://github.com/grafana/grafana 5 https://github.com/forkcms/forkcms 5 https://github.com/BlackFan/client-side-prototype-pollution 5 https://github.com/traefik/traefik 5 https://github.com/apache/xmlgraphics-batik 5 https://github.com/hpcng/singularity 5 https://github.com/jenkinsci/workflow-cps-global-lib-plugin 4 https://github.com/pimcore/admin-ui-classic-bundle 4 https://github.com/free5gc/free5gc 4 https://github.com/yiisoft/yii2 4 https://github.com/ericcornelissen/shescape 4 https://github.com/0xJacky/nginx-ui 4 https://github.com/livehelperchat/livehelperchat 4 https://github.com/scrapy/scrapy 4 https://github.com/tidwall/gjson 4 https://github.com/playframework/playframework 4 https://github.com/wixtoolset/issues 4 https://github.com/cri-o/cri-o 4 https://github.com/surrealdb/surrealdb 4 https://github.com/igniterealtime/Openfire 4 https://github.com/npm/cli 4 https://github.com/quarkusio/quarkus 4 https://github.com/ckeditor/ckeditor4 4 https://github.com/nightcloudos/new_cms 4 https://github.com/nocodb/nocodb 4 https://github.com/totaljs/framework 4 https://github.com/apple/swift-nio-http2 4 https://github.com/RaspAP/raspap-webgui 4 https://github.com/kubernetes/ingress-nginx 4 https://github.com/jettison-json/jettison 4 https://github.com/Froxlor/Froxlor 4 https://github.com/PrismJS/prism 4 https://github.com/ethyca/fides 4 https://github.com/restlet/restlet-framework-java 4 https://github.com/statamic/cms 4 https://github.com/vantage6/vantage6 4 https://github.com/containers/podman 4 https://github.com/bolt/bolt 4 https://github.com/containers/buildah 4 https://github.com/opencontainers/runc 4 https://github.com/phpseclib/phpseclib 4 https://github.com/centreon/centreon-archived 4 https://github.com/hashicorp/nomad 4 https://github.com/fiveai/Cachet 4 https://github.com/baserproject/basercms 4 https://github.com/jhipster/generator-jhipster 4 https://github.com/cloudflare/cfrpki 4 https://github.com/apache/geode 4 https://github.com/libp2p/go-libp2p 4 https://github.com/jnqnfe/pulse-binding-rust 4 https://github.com/pgadmin-org/pgadmin4 4 https://github.com/jeecgboot/jeecg-boot 4 https://github.com/Codiad/Codiad 4 https://github.com/nextauthjs/next-auth 3 https://github.com/pf4j/pf4j 3 https://github.com/dotnet/sdk 3 https://github.com/infor-design/enterprise-ng 3 https://github.com/ming-soft/MCMS 3 https://github.com/openfga/openfga 3 https://github.com/microsoft/msquic 3 https://github.com/edgelesssys/constellation 3