Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

High Security Advisories

Loading...
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTdyN20tNWgyNy0yOWhw
Potential infinite loop in Pillow
Ecosystems: pypi
Packages: Pillow
Source: GitHub Advisory Database
Blast Radius: 37.1
Published: almost 3 years ago
High
GSA_kwCzR0hTQS1xcmp2LXJmNXEtcXB4Y84AAt2X
Rust-WebSocket memory allocation based on untrusted length
Ecosystems: cargo
Packages: websocket
Source: GitHub Advisory Database
Blast Radius: 22.5
Published: almost 2 years ago
High
GSA_kwCzR0hTQS00cng2LWc1dmctNWYzas4AAtvP
Juniper is vulnerable to @DOS GraphQL Nested Fragments overflow
Ecosystems: cargo
Packages: juniper
Source: GitHub Advisory Database
Blast Radius: 18.2
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1taHhqLTg1cjMtMng1Nc4AAtkt
file-type vulnerable to Infinite Loop via malformed MKV file
Ecosystems: npm
Packages: file-type
Source: GitHub Advisory Database
Blast Radius: 43.3
Published: almost 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWhtbTktcjJtMi1xZzl3
Nil dereference in NATS JWT causing DoS of nats-server
Ecosystems: go
Packages: github.com/nats-io/jwt, github.com/nats-io/nats-server/v2
Source: GitHub Advisory Database
Blast Radius: 33.1
Published: almost 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTloNGgtOHc1cC1mMjh3
Go Ethereum Denial of Service
Ecosystems: go
Packages: github.com/ethereum/go-ethereum
Source: GitHub Advisory Database
Blast Radius: 28.8
Published: almost 3 years ago
High
GSA_kwCzR0hTQS1xaDl4LWdjZmgtcGNyd84AAtkL
OpenZeppelin Contracts's ERC165Checker may revert instead of returning false
Ecosystems: npm
Packages: @openzeppelin/contracts-upgradeable, @openzeppelin/contracts
Source: GitHub Advisory Database
Blast Radius: 34.1
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1jajg4LTg4bXItOTcyd84AAtcv
glob-parent 6.0.0 vulnerable to Regular Expression Denial of Service
Ecosystems: npm
Packages: glob-parent
Source: GitHub Advisory Database
Blast Radius: 28.7
Published: almost 2 years ago
High
GSA_kwCzR0hTQS0zNzZ2LXhnangtN21mcs4AAtZ5
fastify-bearer-auth vulnerable to Timing Attack Vector
Ecosystems: npm
Packages: @fastify/bearer-auth, fastify-bearer-auth
Source: GitHub Advisory Database
Blast Radius: 11.7
Published: almost 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXBtcXAtaDg3Yy1tcjc4
XML Entity Expansion and Improper Input Validation in Kubernetes API server
Ecosystems: go
Packages: k8s.io/kubernetes
Source: GitHub Advisory Database
Blast Radius: 32.3
Published: almost 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTM4OTItMnI1Mi1wNjVt
HTTP Request Smuggling in goliath
Ecosystems: rubygems
Packages: goliath
Source: GitHub Advisory Database
Blast Radius: 18.7
Published: almost 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWhwbXItcHJyMi1jcWM0
Gitea Remote Code Execution
Ecosystems: go
Packages: github.com/go-gitea/gitea
Source: GitHub Advisory Database
Blast Radius: 12.1
Published: about 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTRmcXgtNzRydi02Mzh3
Pivotal Concourse SQL Injection Vulnerability
Ecosystems: go
Packages: github.com/concourse/concourse
Source: GitHub Advisory Database
Blast Radius: 10.1
Published: about 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWdoNzgtNDhoMy1mcmpx
Improper exception handling in Aedes
Ecosystems: npm
Packages: aedes
Source: GitHub Advisory Database
Blast Radius: 22.6
Published: about 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTM1cTItNDdxNy0zcGMz
Node-Redis potential exponential regex in monitor mode
Ecosystems: npm
Packages: redis
Source: GitHub Advisory Database
Blast Radius: 38.9
Published: about 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTh2OXgtOXhxZy1yOG1y
Prototype pollution in json8-merge-patch
Ecosystems: npm
Packages: json8-merge-patch
Source: GitHub Advisory Database
Blast Radius: 4.5
Published: about 3 years ago
High
GSA_kwCzR0hTQS01ZjJtLTQ2NmotMzg0OM4AAguS
Denial of service in ASP.NET Core
Ecosystems: nuget
Packages: System.Private.Uri
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWNxOHItZmMzcS02aGcy
Denial of Service (DoS) via the unsetByPath function in jsjoints
Ecosystems: npm
Packages: jointjs
Source: GitHub Advisory Database
Blast Radius: 20.3
Published: about 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXdncGotN2Myai12Zmpt
Indico Tampering with links (e.g. password reset) in sent emails
Ecosystems: pypi
Packages: indico
Source: GitHub Advisory Database
Blast Radius: 7.5
Published: about 3 years ago
High
GSA_kwCzR0hTQS1wZjdoLWgyd3EtbTdwZ80XuQ
Exposure of Resource to Wrong Sphere in salt
Ecosystems: pypi
Packages: salt
Source: GitHub Advisory Database
Blast Radius: 19.7
Published: over 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWZycHctanJ3eC1oY2Z2
Path Traversal in node-red-contrib-huemagic
Ecosystems: npm
Packages: node-red-contrib-huemagic
Source: GitHub Advisory Database
Blast Radius: 7.5
Published: about 3 years ago
High
GSA_kwCzR0hTQS1wZnYyLTM3ZjctOW02d84AAQ1w
Improper Verification of Cryptographic Signature in Nimbus JOSE+JWT
Ecosystems: maven
Packages: com.nimbusds:nimbus-jose-jwt
Source: GitHub Advisory Database
Blast Radius: 28.5
Published: about 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZ4aHgtZ21obS02MjNj
Improper Access Control in moodle
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 10.6
Published: about 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTUzN2gtcnY5cS12dnBo
Python-RSA decryption of ciphertext leads to DoS
Ecosystems: pypi
Packages: rsa
Source: GitHub Advisory Database
Blast Radius: 36.3
Published: about 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWZjNDItaDdxNC1xcDho
Command Injection in killport
Ecosystems: npm
Packages: killport
Source: GitHub Advisory Database
Blast Radius: 11.5
Published: about 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXFyOWgtdnI1cC1wd3d4
Denial of Service (DoS) in restify-paginate
Ecosystems: npm
Packages: restify-paginate
Source: GitHub Advisory Database
Blast Radius: 5.8
Published: about 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTdyMjgtM20zZi1yMnBy
Regular Expression Denial of Service (ReDoS)
Ecosystems: npm
Packages: is-svg
Source: GitHub Advisory Database
Blast Radius: 47.0
Published: about 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWZyMjgtNTY5ai01M2M0
Django Incorrect Default Permissions
Ecosystems: pypi
Packages: django
Source: GitHub Advisory Database
Blast Radius: 38.0
Published: about 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLThoYzQteHhtMy01cHBw
Active Record subject to Regular Expression Denial-of-Service (ReDoS)
Ecosystems: rubygems
Packages: activerecord
Source: GitHub Advisory Database
Blast Radius: 44.7
Published: about 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTI4OGMtY3E0aC04OGdx
XML External Entity (XXE) Injection in Jackson Databind
Ecosystems: maven
Packages: com.fasterxml.jackson.core:jackson-databind
Source: GitHub Advisory Database
Blast Radius: 40.4
Published: about 3 years ago
High
GSA_kwCzR0hTQS03cjNyLWdxOHAtdjlqas4AAs7L
Improper handling of CSS at-rules in lettersanitizer
Ecosystems: npm
Packages: lettersanitizer
Source: GitHub Advisory Database
Blast Radius: 14.4
Published: almost 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTdwZ3EtaGhxOS05cjI3
Directory Traversal in lab6drewfusbyu
Ecosystems: npm
Packages: lab6drewfusbyu
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 6 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTN2ZzItNHF4Yy1jaDRq
Directory Traversal in unicorn-list
Ecosystems: npm
Packages: unicorn-list
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 6 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWYycmMtNnhqcS05NWdx
Directory Traversal in shenliru
Ecosystems: npm
Packages: shenliru
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJyZmMtZzJnaC14dmpt
Directory Traversal in 22lixian
Ecosystems: npm
Packages: 22lixian
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 6 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTlqNW0tODczZi14aDc2
Directory Traversal in static-html-server
Ecosystems: npm
Packages: static-html-server
Source: GitHub Advisory Database
Blast Radius: 5.8
Published: almost 6 years ago
High
GSA_kwCzR0hTQS12OHg2LTU5ZzQtNWczd84AArY6
Denial of service binding form from JSON in Play Framework
Ecosystems: maven
Packages: com.typesafe.play:play_2.12, com.typesafe.play:play_2.13
Source: GitHub Advisory Database
Blast Radius: 17.5
Published: almost 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTltNHgtOHcyOS1yNzhn
Server-Side Request Forgery in @uppy/companion
Ecosystems: npm
Packages: @uppy/companion
Source: GitHub Advisory Database
Blast Radius: 14.4
Published: almost 4 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWY5M2otaG1jci1qY3do
Moped Rubygem Data Injection Vulnerability
Ecosystems: rubygems
Packages: moped
Source: GitHub Advisory Database
Blast Radius: 29.4
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXg2NGctNHh4OS1maDZ4
Denial of Service in Cryptacular
Ecosystems: maven
Packages: org.cryptacular:cryptacular
Source: GitHub Advisory Database
Blast Radius: 20.9
Published: almost 4 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWgzOWctcTYzdi00aDlw
Exposure of sensitive information to an unauthorized actor in HyperKitty
Ecosystems: pypi
Packages: HyperKitty
Source: GitHub Advisory Database
Blast Radius: 3.6
Published: almost 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZwY2MtM3JmeC00Z3Bt
Dom4j contains a XML Injection vulnerability
Ecosystems: maven
Packages: dom4j:dom4j, org.dom4j:dom4j
Source: GitHub Advisory Database
Blast Radius: 33.5
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZjOGYtcXBoZy1xamdw
Validation Bypass in kind-of
Ecosystems: npm
Packages: kind-of
Source: GitHub Advisory Database
Blast Radius: 47.5
Published: about 4 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXhmdjMtcnJmbS1mMnJ2
Information Exposure in Netty
Ecosystems: maven
Packages: io.netty:netty, org.jboss.netty:netty, io.netty:netty-parent
Source: GitHub Advisory Database
Blast Radius: 31.2
Published: almost 4 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXY0cmgtOHA4Mi02aDV3
Regular expression denial of service in url-regex
Ecosystems: npm
Packages: url-regex
Source: GitHub Advisory Database
Blast Radius: 37.5
Published: almost 4 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWo2dzktZnY2cS0zcTUy
Rack allows Percent-encoded cookies to overwrite existing prefixed cookie names
Ecosystems: rubygems
Packages: rack
Source: GitHub Advisory Database
Blast Radius: 45.1
Published: almost 4 years ago
High
GSA_kwCzR0hTQS1nZ2Z4LWg5eGotNXY5Y84AAgak
Insecure PRNG use in random_password_generator
Ecosystems: rubygems
Packages: random_password_generator
Source: GitHub Advisory Database
Blast Radius: 7.8
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1jdmo3LTVmM2MtOXZnOc4AArBc
AttesterSlashing number overflow
Ecosystems: npm
Packages: @chainsafe/lodestar
Source: GitHub Advisory Database
Blast Radius: 4.5
Published: almost 2 years ago
High
GSA_kwCzR0hTQS12cDU2LXI3cXYtNzgzds4AAwog
ahh vulnerable to Path Traversal
Ecosystems: go
Packages: aahframe.work, github.com/go-aah/aah
Source: GitHub Advisory Database
Blast Radius: 13.2
Published: over 1 year ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTVnbTMtcHg2NC1ydzcy
Uncontrolled Resource Consumption in Pillow
Ecosystems: pypi
Packages: Pillow
Source: GitHub Advisory Database
Blast Radius: 37.1
Published: about 4 years ago
High
GSA_kwCzR0hTQS12aDM4LWdoeDYtdm12Z83X8Q
Code Injection in Masuit.Tools.Core
Ecosystems: nuget
Packages: Masuit.Tools.Core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS1xZjh4LXZxanYtOTJncs3fnA
Authentication bypass and denial of service (DoS) vulnerabilities in Apple Game Center auth adapter
Ecosystems: npm
Packages: parse-server
Source: GitHub Advisory Database
Blast Radius: 23.1
Published: about 2 years ago
High
GSA_kwCzR0hTQS1jdng1LW04dmctdnhnY81BlA
Arbitrary filesystem write access from velocity.
Ecosystems: maven
Packages: org.xwiki.commons:xwiki-commons-velocity
Source: GitHub Advisory Database
Blast Radius: 13.6
Published: about 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTg5bXEtNHg0Ny01djgz
Prototype Pollution in angular
Ecosystems: npm
Packages: angular
Source: GitHub Advisory Database
Blast Radius: 35.7
Published: over 4 years ago
High
GSA_kwCzR0hTQS1nNXJyLXA2OWgtN3YzZ80_qQ
Insufficient type validation in pocketmine/pocketmine-mp
Ecosystems: packagist
Packages: pocketmine/pocketmine-mp
Source: GitHub Advisory Database
Blast Radius: 15.6
Published: about 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW12cXAtcTM3Yy13Zjlq
io.ratpack:ratpack-core vulnerable to Improper Neutralization of Special Elements in Output ('Injection')
Ecosystems: maven
Packages: io.ratpack:ratpack-core
Source: GitHub Advisory Database
Blast Radius: 17.6
Published: over 4 years ago
High
GSA_kwCzR0hTQS1jcmpyLTlyYzUtZ2h3OM054g
Nokogiri Inefficient Regular Expression Complexity
Ecosystems: rubygems
Packages: nokogiri
Source: GitHub Advisory Database
Blast Radius: 45.3
Published: about 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW1wZjItcTM0Yy1mYzZq
Infinite Loop in scapy
Ecosystems: pypi
Packages: scapy
Source: GitHub Advisory Database
Blast Radius: 26.5
Published: almost 5 years ago
High
GSA_kwCzR0hTQS0zaGpnLXZjN3ItcmNyd805Qw
Denial of Service vulnerability in @podium/layout and @podium/proxy
Ecosystems: npm
Packages: @podium/proxy, @podium/layout
Source: GitHub Advisory Database
Blast Radius: 12.3
Published: about 2 years ago
High
GSA_kwCzR0hTQS1xdmY4LXA4M3ctdjU4as03pQ
Podman's default inheritable capabilities for linux container not empty
Ecosystems: go
Packages: github.com/containers/podman/v4
Source: GitHub Advisory Database
Blast Radius: 14.3
Published: about 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWo0NG0tcW02cC1ocDdt
Arbitrary File Overwrite in tar
Ecosystems: npm
Packages: tar
Source: GitHub Advisory Database
Blast Radius: 48.8
Published: about 5 years ago
High
GSA_kwCzR0hTQS01amZ3LTM1eHAtNW00Ms04jQ
Buffer length underflow in LoginPacket causing unchecked exceptions to be thrown
Ecosystems: packagist
Packages: pocketmine/bedrock-protocol
Source: GitHub Advisory Database
Blast Radius: 15.3
Published: about 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW1oMzMtN3JycS02NjJ3
Improper Certificate Validation in urllib3
Ecosystems: pypi
Packages: urllib3
Source: GitHub Advisory Database
Blast Radius: 42.2
Published: about 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTNxMzItajU3dy1xNHc3
Path Traversal in total.js
Ecosystems: npm
Packages: total.js
Source: GitHub Advisory Database
Blast Radius: 15.5
Published: about 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTdxcXYtcjJxNC1qeGht
High severity vulnerability that affects privacyIDEA
Ecosystems: pypi
Packages: privacyIDEA
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 5 years ago
High
GSA_kwCzR0hTQS1wNzM3LXA1N2ctNGNwcs01tA
Insertion of Sensitive Information into Log File in Jupyter notebook
Ecosystems: pypi
Packages: jupyter-server
Source: GitHub Advisory Database
Blast Radius: 29.0
Published: about 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWo4N2MtY2o2NS12bWg1
rendertron LFI vulnerability
Ecosystems: npm
Packages: rendertron
Source: GitHub Advisory Database
Blast Radius: 6.8
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTRxNjktcTRxNy14ODJj
rendertron can remotely shut down Chrome instance
Ecosystems: npm
Packages: rendertron
Source: GitHub Advisory Database
Blast Radius: 6.8
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXF2MnYtbTU5Zi12NWZ3
Insecure randomness in socket.io
Ecosystems: npm
Packages: socket.io
Source: GitHub Advisory Database
Blast Radius: 46.0
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXE1YzQtMzlmNS1tNjhq
Regular Expression Denial of Service in decamelize
Ecosystems: npm
Packages: decamelize
Source: GitHub Advisory Database
Blast Radius: 49.4
Published: almost 6 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTV3OHEteDdoYy1qaHA2
Directory Traversal in node-simple-router
Ecosystems: npm
Packages: node-simple-router
Source: GitHub Advisory Database
Blast Radius: 13.2
Published: almost 6 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWY5NG0tbXFoci1tYzI5
Uncontrolled Resource Consumption in spray-json when parsing decimal digit fields
Ecosystems: maven
Packages: io.spray:spray-json_2.10, io.spray:spray-json_2.11, io.spray:spray-json_2.12
Source: GitHub Advisory Database
Blast Radius: 19.2
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWhjOXctNHA4Ny1qNTQ5
Prototype Pollution in cached-path-relative
Ecosystems: npm
Packages: cached-path-relative
Source: GitHub Advisory Database
Blast Radius: 38.2
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLThjcnYtNDlmci0yaDZq
Spring Security and Spring Framework may not recognize certain paths that should be protected
Ecosystems: maven
Packages: org.springframework.security:spring-security-core, org.springframework:spring-core
Source: GitHub Advisory Database
Blast Radius: 39.0
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTQ2ajMtcjRwai00ODM1
The host name verification missing in Apache Tomcat
Ecosystems: maven
Packages: org.apache.tomcat.embed:tomcat-embed-core
Source: GitHub Advisory Database
Blast Radius: 31.1
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTR2aGotOThyNi00MjRo
In Bouncy Castle JCE Provider it is possible to inject extra elements in the sequence making up the signature and still have it validate
Ecosystems: maven
Packages: org.bouncycastle:bcprov-jdk15, org.bouncycastle:bcprov-jdk14
Source: GitHub Advisory Database
Blast Radius: 22.5
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWN2ajQtZzNneC04dnFx
Restlet Framework allows remote attackers to access arbitrary files via a crafted REST API HTTP request
Ecosystems: maven
Packages: org.restlet.jse:org.restlet
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJtOGgtZmdyOC0ycTl3
Pivotal Spring Framework Paths provided to the ResourceServlet were not properly sanitized
Ecosystems: maven
Packages: org.springframework:spring-webmvc
Source: GitHub Advisory Database
Blast Radius: 40.2
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZnODctZmY5cS12ODQ3
websockets is vulnerable to denial of service by memory exhaustion
Ecosystems: pypi
Packages: websockets
Source: GitHub Advisory Database
Blast Radius: 33.6
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXhycjQtNzRtYy1ycGpj
Pyro mishandles pid files in temporary directory locations and opening the pid file as root
Ecosystems: pypi
Packages: pyro
Source: GitHub Advisory Database
Blast Radius: 7.8
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJtMzktNjJmbS1xOHIz
Regular Expression Denial of Service in sshpk
Ecosystems: npm
Packages: sshpk
Source: GitHub Advisory Database
Blast Radius: 27.1
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTgzMmgteGc3Ni00Z3Y2
ReDoS in brace-expansion
Ecosystems: npm
Packages: brace-expansion
Source: GitHub Advisory Database
Blast Radius: 45.9
Published: over 6 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLThqamYtdzdqNi0zMjNj
Samlify vulnerable to Authentication Bypass by allowing tokens to be reused with different usernames
Ecosystems: npm
Packages: samlify
Source: GitHub Advisory Database
Blast Radius: 17.1
Published: over 6 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWhqY3AtajM4OS01OWZm
Regular Expression Denial of Service in marked
Ecosystems: npm
Packages: marked
Source: GitHub Advisory Database
Blast Radius: 42.5
Published: over 6 years ago
High
GSA_kwCzR0hTQS1nOWhnLXg5YzktN3hncs4AAmvU
XXE vulnerability in Jenkins CVS Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:cvs
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
High
GSA_kwCzR0hTQS12M2M1LWpxcjYtN3FtOM4AAwjq
Python Charmers Future denial of service vulnerability
Ecosystems: pypi
Packages: future
Source: GitHub Advisory Database
Blast Radius: 36.8
Published: over 1 year ago
High
GSA_kwCzR0hTQS03cmYzLW1xcHgtaDd4Z84AAwSP
Jettison Out-of-bounds Write vulnerability
Ecosystems: maven
Packages: org.codehaus.jettison:jettison
Source: GitHub Advisory Database
Blast Radius: 29.9
Published: over 1 year ago
High
GSA_kwCzR0hTQS1qNXA3LWpmNHEtNzQycc4AAwnP
markdown-it vulnerable to Inefficient Regular Expression Complexity
Ecosystems: npm
Packages: markdown-it
Source: GitHub Advisory Database
Blast Radius: 39.8
Published: over 1 year ago
High
GSA_kwCzR0hTQS1wNmZnLTcyM2YtaGdwd84AAwot
shiyanhui/dht vulnerable to Uncontrolled Resource Consumption
Ecosystems: go
Packages: github.com/shiyanhui/dht
Source: GitHub Advisory Database
Blast Radius: 10.5
Published: over 1 year ago
High
GSA_kwCzR0hTQS1ycTJ3LTM3aDktdmc5NM4AAwuy
Apache Tomcat improperly escapes input from JsonErrorReportValve
Ecosystems: maven
Packages: org.apache.tomcat:tomcat-util, org.apache.tomcat:tomcat-catalina, org.apache.tomcat.embed:tomcat-embed-core
Source: GitHub Advisory Database
Blast Radius: 31.1
Published: over 1 year ago
High
GSA_kwCzR0hTQS04ZjdmLXZxZzUtanJ2Oc4AAw3c
.NET Denial of Service Vulnerability
Ecosystems: nuget
Packages: Microsoft.NetCore.App.Runtime.win-x86, Microsoft.NetCore.App.Runtime.win-x64, Microsoft.NetCore.App.Runtime.win-arm64, Microsoft.NetCore.App.Runtime.win-arm, Microsoft.NetCore.App.Runtime.osx-x64, Microsoft.NetCore.App.Runtime.osx-arm64, Microsoft.NetCore.App.Runtime.linux-x64, Microsoft.NetCore.App.Runtime.linux-musl-x64, Microsoft.NetCore.App.Runtime.linux-musl-arm64, Microsoft.NetCore.App.Runtime.linux-musl-arm, Microsoft.NetCore.App.Runtime.linux-arm64, Microsoft.NetCore.App.Runtime.linux-arm
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
High
GSA_kwCzR0hTQS1xdjY2LWY4NzYtdmp2cs4AAw6F
skeemas Inefficient Regular Expression Complexity vulnerability
Ecosystems: npm
Packages: skeemas
Source: GitHub Advisory Database
Blast Radius: 13.9
Published: over 1 year ago
High
GSA_kwCzR0hTQS02bTdjLTQ1ZmYtMzMyOM4AAwuL
FrameworkUserBundle Generates Error Message Containing Sensitive Information
Ecosystems: packagist
Packages: sumocoders/framework-user-bundle
Source: GitHub Advisory Database
Blast Radius: 4.5
Published: over 1 year ago
High
GSA_kwCzR0hTQS13eGdoLThnbXItM3FoM84AAwzL
terminal-kit Inefficient Regular Expression Complexity vulnerability
Ecosystems: npm
Packages: terminal-kit
Source: GitHub Advisory Database
Blast Radius: 23.2
Published: over 1 year ago
High
GSA_kwCzR0hTQS1xcmc3LWhmeDctOTVjNc4AAxJC
Command injection in Git package in Wrangler
Ecosystems: go
Packages: github.com/rancher/wrangler
Source: GitHub Advisory Database
Blast Radius: 20.3
Published: over 1 year ago
High
GSA_kwCzR0hTQS02NWY1LW1mcGYtdmZoas4AAxDt
Denial of service via header parsing in Rack
Ecosystems: rubygems
Packages: rack
Source: GitHub Advisory Database
Blast Radius: 45.1
Published: over 1 year ago
High
GSA_kwCzR0hTQS1nM3B2LXBqNWYtM2hmcc4AAxCV
mechanize Regular Expression Denial of Service vulnerability
Ecosystems: pypi
Packages: mechanize
Source: GitHub Advisory Database
Blast Radius: 23.7
Published: over 1 year ago
High
GSA_kwCzR0hTQS1maGc3LW04OXEtMjVyM84AAxIw
ReDoS Vulnerability in ua-parser-js version
Ecosystems: npm
Packages: ua-parser-js
Source: GitHub Advisory Database
Blast Radius: 45.0
Published: over 1 year ago
High
GSA_kwCzR0hTQS1jcHgzLTkzdzctNDU3eM4AAvlf
Ansible leaks password to logs
Ecosystems: pypi
Packages: ansible
Source: GitHub Advisory Database
Blast Radius: 31.3
Published: over 1 year ago
High
GSA_kwCzR0hTQS01Y2Y4LXZycjgtOGhqbc4AAx7N
XWiki Platform packages Expose Sensitive Information to an Unauthorized Actor
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-wiki-ui-mainwiki, org.xwiki.platform:xwiki-platform-livetable-ui
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Statistics
Advisories: 18,592
Packages: 8,342
Repositories: 2,453
Ecosystems: 12
Filter by Severity
Moderate 8,062 High 6,401 Critical 2,824 Low 1,013
Filter by Ecosystem
maven 1,876 npm 1,408 pypi 1,198 packagist 1,025 nuget 786 go 695 cargo 324 rubygems 284 swift 16 hex 9 actions 8 pub 4
Filter by Package
Microsoft.ChakraCore 234 tensorflow 107 tensorflow-cpu 95 tensorflow-gpu 93 magento/community-edition 55 org.jenkins-ci.main:jenkins-core 48 moodle/moodle 44 com.fasterxml.jackson.core:jackson-databind 43 org.apache.tomcat:tomcat 33 dolibarr/dolibarr 31 drupal/core 28 microweber/microweber 27 pimcore/pimcore 27 nokogiri 25 drupal/drupal 24 phpmyadmin/phpmyadmin 23 org.apache.struts:struts2-core 23 com.thoughtworks.xstream:xstream 22 opencv-contrib-python 22 opencv-python 22 typo3/cms 22 com.jfinal:jfinal 21 Pillow 21 salt 20 ansible 20 thorsten/phpmyfaq 19 django 19 github.com/rancher/rancher 19 typo3/cms-core 18 org.jenkins-ci.plugins:script-security 18 librenms/librenms 18 mlflow 17 Plone 17 pocketmine/pocketmine-mp 17 openssl-src 17 apache-airflow 16 org.apache.tomcat.embed:tomcat-embed-core 16 symfony/symfony 16 getgrav/grav 15 parse-server 15 rdiffweb 15 nilsteampassnet/teampass 15 Microsoft.AspNetCore.App.Runtime.win-x64 14 vyper 14 net.mingsoft:ms-mcms 14 centreon/centreon 14 Microsoft.AspNetCore.App.Runtime.win-x86 14 github.com/hashicorp/consul 14 github.com/usememos/memos 13 golang.org/x/net 13 Microsoft.AspNetCore.App.Runtime.win-arm 13 rubygems-update 13 Microsoft.AspNetCore.App.Runtime.osx-x64 12 Microsoft.AspNetCore.App.Runtime.win-arm64 12 activerecord 12 baserproject/basercms 12 Microsoft.AspNetCore.App.Runtime.linux-musl-arm64 12 org.keycloak:keycloak-core 12 org.apache.openmeetings:openmeetings-parent 12 electron 12 Microsoft.AspNetCore.App.Runtime.linux-musl-x64 12 Microsoft.AspNetCore.App.Runtime.linux-arm 12 Microsoft.AspNetCore.App.Runtime.linux-arm64 12 Microsoft.AspNetCore.App.Runtime.linux-x64 12 actionpack 11 mautic/core 11 github.com/nats-io/nats-server/v2 11 github.com/argoproj/argo-cd 11 io.undertow:undertow-core 11 github.com/hashicorp/vault 11 org.keycloak:keycloak-parent 11 intelliants/subrion 11 shopware/platform 10 Django 10 keystone 10 org.springframework.security:spring-security-core 10 github.com/hashicorp/nomad 10 cockpit-hq/cockpit 10 matrix-synapse 10 org.apache.nifi:nifi 10 org.xwiki.platform:xwiki-platform-oldcore 10 openmage/magento-lts 10 froxlor/froxlor 10 cobbler 10 org.apache.geode:geode-core 9 org.apache.solr:solr-core 9 Microsoft.NetCore.App.Runtime.win-arm64 9 craftcms/cms 9 rusqlite 9 mercurial 9 ckb 9 org.cloudfoundry.identity:cloudfoundry-identity-server 9 Microsoft.NetCore.App.Runtime.win-arm 9 Microsoft.NetCore.App.Runtime.win-x64 9 org.apache.struts.xwork:xwork-core 9 Microsoft.NetCore.App.Runtime.win-x86 9 org.apache.hadoop:hadoop-main 9 github.com/ethereum/go-ethereum 9 org.bouncycastle:bcprov-jdk14 9 october/system 8 Microsoft.NETCore.App.Runtime.win-arm64 8 Microsoft.NETCore.App.Runtime.win-x64 8 Microsoft.NETCore.App.Runtime.win-x86 8 shopware/core 8 org.bouncycastle:bcprov-jdk15 8 gradio 8 github.com/sylabs/singularity 8 org.keycloak:keycloak-services 8 Microsoft.AspNetCore.App.Runtime.linux-musl-arm 8 org.apache.commons:commons-compress 7 next 7 phpmailer/phpmailer 7 apache-superset 7 org.craftercms:crafter-studio 7 codeigniter4/framework 7 github.com/docker/docker 7 DotNetNuke.Core 7 symfony/security 7 org.jenkins-ci.plugins.workflow:workflow-cps 7 com.liferay.portal:release.portal.bom 7 tar 7 cn.hutool:hutool-core 7 magento/core 7 snipe/snipe-it 7 org.elasticsearch:elasticsearch 7 org.eclipse.jetty:jetty-server 7 org.jenkins-ci.plugins.workflow:workflow-cps-global-lib 7 cakephp/cakephp 7 org.apache.inlong:manager-pojo 7 org.springframework:spring-core 7 smarty/smarty 7 strapi 7 gogs.io/gogs 7 deno 7 pillow 7 com.xuxueli:xxl-job 7 istio.io/istio 6 opencv-contrib-python-headless 6 rack 6 @strapi/strapi 6 Microsoft.NETCore.App 6 wwbn/avideo 6 golang.org/x/crypto 6 sequelize 6 handlebars 6 symfony/security-http 6 org.apache.cxf:cxf 6 Microsoft.AspNetCore.App.Runtime.osx-arm64 6 npm 6 prestashop/prestashop 6 github.com/hyperledger/fabric 6 composer/composer 6 github.com/gravitl/netmaker 6 org.apache.camel:camel-core 6 github.com/grafana/grafana 6 contao/contao 6 contao/core-bundle 6 Microsoft.AspNetCore.All 6 guzzlehttp/guzzle 6 de.tum.in.ase:artemis-java-test-sandbox 6 @openzeppelin/contracts 6 laravel/framework 6 waitress 6 github.com/traefik/traefik/v2 6 cryptography 6 k8s.io/kubernetes 6 github.com/zitadel/zitadel 6 org.apache.tika:tika-core 6 opencv-python-headless 6 sized-chunks 6 nautobot 6 express-cart 6 kiwitcms 6 org.apache.tomcat:tomcat-coyote 6 directus 5 plone 5 github.com/nats-io/jwt 5 serve 5 org.apache.mesos:mesos 5 matrix-js-sdk 5 forkcms/forkcms 5 zope 5 github.com/IBAX-io/go-ibax 5 Microsoft.WindowsDesktop.App.Runtime.win-x86 5 Microsoft.WindowsDesktop.App.Runtime.win-x64 5 org.xwiki.platform:xwiki-platform-web 5 phpbb/phpbb 5 genix/cms 5 twisted 5 github.com/opencontainers/runc 5 org.apache.tomcat:tomcat-catalina 5 pear/archive_tar 5 github.com/cilium/cilium 5 org.apache.dolphinscheduler:dolphinscheduler 5 code.gitea.io/gitea 5 github.com/answerdev/answer 5 ua-parser-js 5 com.vaadin:vaadin-bom 5 github.com/go-gitea/gitea 5 CefSharp.Common 5
Filter by Repository
https://github.com/chakra-core/ChakraCore 204 https://github.com/tensorflow/tensorflow 107 https://github.com/xwiki/xwiki-platform 48 https://github.com/FasterXML/jackson-databind 44 https://github.com/jenkinsci/jenkins 36 https://github.com/apache/tomcat 34 https://github.com/python-pillow/Pillow 26 https://github.com/pimcore/pimcore 25 https://github.com/microweber/microweber 25 https://github.com/apache/airflow 25 https://github.com/moodle/moodle 24 https://github.com/django/django 24 https://github.com/keycloak/keycloak 22 https://github.com/x-stream/xstream 22 https://github.com/apache/struts 22 https://github.com/opencv/opencv 21 https://github.com/sparklemotion/nokogiri 20 https://github.com/Dolibarr/dolibarr 19 https://github.com/thorsten/phpmyfaq 18 https://github.com/dotnet/runtime 17 https://github.com/pmmp/PocketMine-MP 17 https://github.com/symfony/symfony 16 https://github.com/spring-projects/spring-framework 16 https://github.com/rancher/rancher 16 https://github.com/parse-community/parse-server 15 https://github.com/ikus060/rdiffweb 15 https://github.com/ansible/ansible 15 https://github.com/vyperlang/vyper 14 https://github.com/librenms/librenms 14 https://github.com/apache/inlong 14 https://github.com/github/advisory-database 14 https://github.com/usememos/memos 13 https://github.com/jenkinsci/script-security-plugin 13 https://github.com/getgrav/grav 13 https://github.com/rails/rails 12 https://github.com/mlflow/mlflow 12 https://github.com/hashicorp/consul 11 https://github.com/apache/nifi 11 https://github.com/electron/electron 11 https://github.com/mautic/mautic 11 https://github.com/argoproj/argo-cd 10 https://github.com/centreon/centreon 10 https://github.com/octobercms/october 10 https://github.com/OpenMage/magento-lts 10 https://github.com/go-gitea/gitea 10 https://github.com/openstack/keystone 9 https://github.com/kubernetes/kubernetes 9 https://github.com/strapi/strapi 9 https://github.com/rusqlite/rusqlite 9 https://github.com/golang/go 9 https://github.com/apache/camel 9 https://github.com/cui2shark/cms 9 https://github.com/cloudfoundry/uaa 9 https://github.com/nilsteampassnet/teampass 9 https://github.com/nervosnetwork/ckb 9 https://github.com/cockpit-hq/cockpit 8 https://github.com/shopware/platform 8 https://github.com/matrix-org/synapse 8 https://github.com/gradio-app/gradio 8 https://github.com/TYPO3/TYPO3.CMS 8 https://github.com/bcgit/bc-java 8 https://github.com/cobbler/cobbler 8 https://github.com/denoland/deno 8 https://github.com/nats-io/nats-server 8 https://github.com/DSpace/DSpace 7 https://github.com/netty/netty 7 https://github.com/apache/cxf 7 https://github.com/plone/Products.CMFPlone 7 https://github.com/rubygems/rubygems 7 https://github.com/dotnet/aspnetcore 7 https://github.com/hashicorp/vault 7 https://github.com/snipe/snipe-it 7 https://github.com/eclipse/jetty.project 7 https://github.com/spring-projects/spring-security 7 https://github.com/apache/activemq 7 https://github.com/undertow-io/undertow 7 https://github.com/PHPMailer/PHPMailer 7 https://github.com/DrunkenShells/Disclosures 6 https://github.com/nilsteampassnet/TeamPass 6 https://github.com/istio/istio 6 https://github.com/WWBN/AVideo 6 https://github.com/TYPO3/typo3 6 https://github.com/kiwitcms/Kiwi 6 https://github.com/sequelize/sequelize 6 https://github.com/guzzle/guzzle 6 https://github.com/phpmyadmin/phpmyadmin 6 https://github.com/gravitl/netmaker 6 https://github.com/intelliants/subrion 6 https://github.com/saltstack/salt 6 https://github.com/xuxueli/xxl-job 6 https://github.com/zitadel/zitadel 6 https://github.com/CVEProject/cvelist 6 https://github.com/dnnsoftware/Dnn.Platform 6 https://github.com/OPCFoundation/UA-.NETStandard 6 https://github.com/Pylons/waitress 6 https://github.com/backstage/backstage 6 https://github.com/ls1intum/Ares 6 https://github.com/npm/node-tar 6 https://github.com/PaddlePaddle/Paddle 6 https://github.com/pyca/cryptography 6 https://github.com/opencast/opencast 6 https://github.com/OpenNMS/opennms 6 https://github.com/magento/magento2 6 https://github.com/hyperledger/fabric 6 https://github.com/bodil/sized-chunks 6 https://github.com/dromara/hutool 6 https://github.com/contao/contao 6 https://github.com/nautobot/nautobot 6 https://github.com/OpenZeppelin/openzeppelin-contracts 6 https://github.com/smarty-php/smarty 6 https://github.com/froxlor/froxlor 6 https://github.com/directus/directus 5 https://github.com/cilium/cilium 5 https://github.com/PrestaShop/PrestaShop 5 https://github.com/gogs/gogs 5 https://github.com/codeigniter4/CodeIgniter4 5 https://github.com/aubio/aubio 5 https://github.com/cakephp/cakephp 5 https://github.com/drupal/core 5 https://github.com/apache/kylin 5 https://github.com/getkirby/kirby 5 https://github.com/pear/Archive_Tar 5 https://github.com/protocolbuffers/protobuf 5 https://github.com/apache/hadoop 5 https://github.com/ethereum/go-ethereum 5 https://github.com/zopefoundation/Zope 5 https://github.com/geoserver/geoserver 5 https://github.com/laravel/framework 5 https://github.com/faisalman/ua-parser-js 5 https://github.com/docker/docker 5 https://github.com/IBAX-io/go-ibax 5 https://github.com/answerdev/answer 5 https://github.com/apache/dolphinscheduler 5 https://github.com/composer/composer 5 https://github.com/twisted/twisted 5 https://github.com/matrix-org/matrix-js-sdk 5 https://github.com/vercel/next.js 5 https://github.com/cefsharp/CefSharp 5 https://github.com/grafana/grafana 5 https://github.com/forkcms/forkcms 5 https://github.com/BlackFan/client-side-prototype-pollution 5 https://github.com/traefik/traefik 5 https://github.com/apache/xmlgraphics-batik 5 https://github.com/hpcng/singularity 5 https://github.com/jenkinsci/workflow-cps-global-lib-plugin 4 https://github.com/pimcore/admin-ui-classic-bundle 4 https://github.com/free5gc/free5gc 4 https://github.com/yiisoft/yii2 4 https://github.com/ericcornelissen/shescape 4 https://github.com/0xJacky/nginx-ui 4 https://github.com/livehelperchat/livehelperchat 4 https://github.com/scrapy/scrapy 4 https://github.com/tidwall/gjson 4 https://github.com/playframework/playframework 4 https://github.com/wixtoolset/issues 4 https://github.com/cri-o/cri-o 4 https://github.com/surrealdb/surrealdb 4 https://github.com/igniterealtime/Openfire 4 https://github.com/npm/cli 4 https://github.com/quarkusio/quarkus 4 https://github.com/ckeditor/ckeditor4 4 https://github.com/nightcloudos/new_cms 4 https://github.com/nocodb/nocodb 4 https://github.com/totaljs/framework 4 https://github.com/apple/swift-nio-http2 4 https://github.com/RaspAP/raspap-webgui 4 https://github.com/kubernetes/ingress-nginx 4 https://github.com/jettison-json/jettison 4 https://github.com/Froxlor/Froxlor 4 https://github.com/PrismJS/prism 4 https://github.com/ethyca/fides 4 https://github.com/restlet/restlet-framework-java 4 https://github.com/statamic/cms 4 https://github.com/vantage6/vantage6 4 https://github.com/containers/podman 4 https://github.com/bolt/bolt 4 https://github.com/containers/buildah 4 https://github.com/opencontainers/runc 4 https://github.com/phpseclib/phpseclib 4 https://github.com/centreon/centreon-archived 4 https://github.com/hashicorp/nomad 4 https://github.com/fiveai/Cachet 4 https://github.com/baserproject/basercms 4 https://github.com/jhipster/generator-jhipster 4 https://github.com/cloudflare/cfrpki 4 https://github.com/apache/geode 4 https://github.com/libp2p/go-libp2p 4 https://github.com/jnqnfe/pulse-binding-rust 4 https://github.com/pgadmin-org/pgadmin4 4 https://github.com/jeecgboot/jeecg-boot 4 https://github.com/Codiad/Codiad 4 https://github.com/nextauthjs/next-auth 3 https://github.com/pf4j/pf4j 3 https://github.com/dotnet/sdk 3 https://github.com/infor-design/enterprise-ng 3 https://github.com/ming-soft/MCMS 3 https://github.com/openfga/openfga 3 https://github.com/microsoft/msquic 3 https://github.com/edgelesssys/constellation 3