Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

High Security Advisories

Loading...
High
GSA_kwCzR0hTQS1ybWN4LWZnNXcteDhqOc4AAwD8
FusionAuth vulnerable to directory traversal attack
Ecosystems: maven
Packages: io.fusionauth:fusionauth-java-client
Source: GitHub Advisory Database
Blast Radius: 8.1
Published: over 1 year ago
High
GSA_kwCzR0hTQS13NGp2LTZyZzQtcHI0bc0ikQ
Cross-Site Request Forgery in Jenkins Bitbucket Branch Source Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:cloudbees-bitbucket-branch-source
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
High
GSA_kwCzR0hTQS00bTdwLTU1am0tM3Z3ds0sTg
Improper Neutralization of Special Elements used in an OS Command in Jenkins Pipeline: Groovy Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins.workflow:workflow-cps
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS0zZjk5LWh2ZzQtcWp3as0Weg
Insecure random number generation in keypair
Ecosystems: npm
Packages: keypair
Source: GitHub Advisory Database
Blast Radius: 37.6
Published: over 2 years ago
High
GSA_kwCzR0hTQS1jdmh3LTI1OTMtNWoycc0WXg
Double Free in OpenCV
Ecosystems: pypi
Packages: opencv-contrib-python, opencv-python
Source: GitHub Advisory Database
Blast Radius: 42.5
Published: over 2 years ago
High
GSA_kwCzR0hTQS1wajg0LXFqbTMtNzdtZ80sTA
Jenkins Pipeline: Multibranch Plugin vulnerable to OS Command Injection
Ecosystems: maven
Packages: org.jenkins-ci.plugins.workflow:workflow-multibranch
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS03dzJ3LWZ3cGYtOW00aM0sRg
Jenkins Pipeline: Deprecated Groovy Libraries Plugin Protection Mechanism Failure
Ecosystems: maven
Packages: org.jenkins-ci.plugins.workflow:workflow-cps-global-lib
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS1obXg5LWptM3YtMzNods4AArq7
InputStream::read_exact : `Read` on uninitialized buffer causes UB
Ecosystems: cargo
Packages: buffoon
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW1nNTMteHI4bS04Nmh3
Open Redirect in Liferay Portal
Ecosystems: maven
Packages: com.liferay.portal:release.portal.bom
Source: GitHub Advisory Database
Blast Radius: 11.4
Published: about 3 years ago
High
GSA_kwCzR0hTQS01cGhjLTg0OWgtdmN4Z84AArq6
`Read` on uninitialized buffer can cause UB (impl of `ReadKVExt`)
Ecosystems: cargo
Packages: bronzedb-protocol
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1yYzJ3LXI0anEtN3BmeM3r1w
Improper Authorization in Apache Xalan-Java
Ecosystems: maven
Packages: xalan:xalan
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTk0NDgtYzl3cS1qZzl2
Improper Privilege Management in Apache Karaf
Ecosystems: maven
Packages: org.apache.karaf:apache-karaf
Source: GitHub Advisory Database
Blast Radius: 27.3
Published: over 5 years ago
High
GSA_kwCzR0hTQS1mMzR4LThwZjYtcWM5Y80Vow
HTTP header injection in Sonatype Nexus Repository
Ecosystems: maven
Packages: org.sonatype.nexus:nexus-repository
Source: GitHub Advisory Database
Blast Radius: 14.4
Published: over 2 years ago
High
GSA_kwCzR0hTQS1mNDRxLTYzNGMtanZ3ds4AAwM5
libp2p DoS vulnerability from lack of resource management
Ecosystems: npm
Packages: libp2p
Source: GitHub Advisory Database
Blast Radius: 26.3
Published: over 1 year ago
High
GSA_kwCzR0hTQS04NGNtLXZqd20tbTk3Oc4AAgY3
Path traversal in Jenkins Git Mercurial and Repo Plugins
Ecosystems: maven
Packages: org.jenkins-ci.plugins:repo, org.jenkins-ci.plugins:mercurial, org.jenkins-ci.plugins:git
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1qdmd3LWdjY3YtcTVwOM4AAwMw
libp2p DoS vulnerability from lack of resource management
Ecosystems: cargo
Packages: libp2p
Source: GitHub Advisory Database
Blast Radius: 24.1
Published: over 1 year ago
High
GSA_kwCzR0hTQS00NjN3LWh4ZnYtZzlmNs4AAv4r
Apache Archiva vulnerable to Sensitive Information Disclosure via anonymous user
Ecosystems: maven
Packages: org.apache.archiva:archiva-common
Source: GitHub Advisory Database
Blast Radius: 13.1
Published: over 1 year ago
High
GSA_kwCzR0hTQS1weGN4LWN4cTgtNG1td84AATn1
Uncontrolled Resource Consumption in Apache Tomcat
Ecosystems: maven
Packages: org.apache.tomcat:tomcat
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS00bTQyLThxZnEtaDNxOc4AAgY5
Cross-site Scripting in Jenkins Rundeck Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:rundeck
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWdmMmotN3F3Zy00ZjV4
Improper Authentication in Keycloak
Ecosystems: maven
Packages: org.keycloak:keycloak-core
Source: GitHub Advisory Database
Blast Radius: 24.8
Published: over 5 years ago
High
GSA_kwCzR0hTQS1tcHgzLW14MnAtOWd2M84AAemo
Improper Neutralization of Special Elements used in a Command in FitNesse Wiki
Ecosystems: maven
Packages: org.fitnesse:fitnesse
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1obWhnLTk1d2gtcjY5Oc4AAolK
DNS based denial of service in Apache Wicket
Ecosystems: maven
Packages: org.apache.wicket:wicket-core
Source: GitHub Advisory Database
Blast Radius: 24.1
Published: almost 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLThwOGctZjl2Zy1yN3hy
Directory Traversal vulnerability in Square Retrofit
Ecosystems: maven
Packages: com.squareup.retrofit2:retrofit
Source: GitHub Advisory Database
Blast Radius: 37.7
Published: over 5 years ago
High
GSA_kwCzR0hTQS03cmp2LXEzcHAtd2M0cM4AAgZG
Cross-site Scripting in Jenkins Global Variable String Parameter Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:global-variable-string-parameter
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
High
GSA_kwCzR0hTQS14cjZxLXFxeDctNTUzZ84AAYP5
JBoss Keycloak CSRF Vulnerability
Ecosystems: maven
Packages: org.keycloak:keycloak-services
Source: GitHub Advisory Database
Blast Radius: 24.2
Published: almost 2 years ago
High
GSA_kwCzR0hTQS05Z2g4LXdwNTMtY2NjNs4AAwEB
ghost vulnerable to unauthorized newsletter modification via improper access controls
Ecosystems: npm
Packages: ghost
Source: GitHub Advisory Database
Blast Radius: 22.7
Published: over 1 year ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTUzNnAtNHBjai01bXI5
raspap-webgui in RaspAP 2.6.6 allows attackers to execute commands as root because of the insecure sudoers permissions.
Ecosystems: packagist
Packages: billz/raspap-webgui
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTgzcjgtcDh2Ni02Z2Zt
Slock<T> allows sending non-Send types across thread boundaries
Ecosystems: cargo
Packages: slock
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
High
GSA_kwCzR0hTQS1xM2o2LTIyd2YtM2poOc4AAzSh
github.com/ipfs/go-bitswap vulnerable to DOS unbounded persistent memory leak
Ecosystems: go
Packages: github.com/ipfs/go-bitswap
Source: GitHub Advisory Database
Blast Radius: 22.9
Published: about 1 year ago
High
GSA_kwCzR0hTQS01cG1wLTd3Yzktdjd2d84AAgZI
Cross-site Scripting in Jenkins JDK Parameter Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:JDK_Parameter_Plugin
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
High
GSA_kwCzR0hTQS13eHJ4LXBjNDQtcmNnY84AAzfs
keep-module-latest vulnerable to Command Injection due to missing input sanitization
Ecosystems: npm
Packages: keep-module-latest
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 12 months ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWY1Y3gtNXdyMy01cXJj
Reference binding to nullptr in boosted trees
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 34.6
Published: over 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXEzZzMtaDlyNC1wcnJj
Reference binding to nullptr and heap OOB in binary cwise ops
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 35.5
Published: over 2 years ago
High
GSA_kwCzR0hTQS05dzIzLXc3NTctbXZ2OM4AAgZR
Cross-site Scripting in Jenkins vboxwrapper Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:vboxwrapper
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWh3cjctOGd4eC1majVw
Null pointer dereference in `RaggedTensorToTensor`
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 37.5
Published: over 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTMzNTgtNGY3Zi1wNGo0
Use after free in generic-array
Ecosystems: cargo
Packages: generic-array
Source: GitHub Advisory Database
Blast Radius: 34.9
Published: over 2 years ago
High
GSA_kwCzR0hTQS05cGc1LTNwamMtZjh3bc4AArNt
Path traversal in ginadmin
Ecosystems: go
Packages: github.com/gphper/ginadmin
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWh4dzktanhxdy1qYzhq
Data races in dces
Ecosystems: cargo
Packages: dces
Source: GitHub Advisory Database
Blast Radius: 7.7
Published: over 2 years ago
High
GSA_kwCzR0hTQS01ODI0LTZqZnYteHIzcs4AArNk
Arbitrary file read in ginadmin
Ecosystems: go
Packages: github.com/gphper/ginadmin
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1tdzRyLTVtZmMtbTV2Y84AAgZQ
Cross site scripting in Jenkins Selection tasks Plugin
Ecosystems: maven
Packages: org.jvnet.hudson.plugins:selection-tasks-plugin
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1qNjN4LWY2NTctMm05Z84AA1Ba
Answer has Weak Password Requirements
Ecosystems: go
Packages: github.com/answerdev/answer
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 10 months ago
High
GSA_kwCzR0hTQS1oM3Y5LTQ2cHAtaDMzd84AAgZH
Cross-site Scripting in Jenkins Multiselect parameter Plugin
Ecosystems: maven
Packages: io.jenkins.plugins:multiselect-parameter
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTc0OGYtd3Y3Ni14OWhn
Arbitrary file upload in Fork CMS
Ecosystems: packagist
Packages: forkcms/forkcms
Source: GitHub Advisory Database
Blast Radius: 5.3
Published: over 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWo4anctZzZmcS1tcDdo
SQL injection in hibernate-core
Ecosystems: maven
Packages: org.hibernate:hibernate-core
Source: GitHub Advisory Database
Blast Radius: 38.2
Published: over 2 years ago
High
GSA_kwCzR0hTQS05ZzMzLTQ4amgtanE3ds4AAgZF
Cross Site Request Forgery in Jenkins SSH Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:ssh
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
High
GSA_kwCzR0hTQS14NWptLXJqMzctNXFoN83maA
Sandbox Bypass in Script Security Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:script-security
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTI0d2YtN3ZmMi1wdjU5
XXE vulnerability on Launch import with externally-defined DTD file
Ecosystems: maven
Packages: com.epam.reportportal:service-api
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: almost 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTNwd2gtNW1tYy1td3J4
Denial of Service in nes
Ecosystems: npm
Packages: nes
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 6 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZ4aGYteDQ5Yy1tNW02
Github Token Leak in aegir
Ecosystems: npm
Packages: aegir
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 6 years ago
High
GSA_kwCzR0hTQS04NzZwLTgyNTkteGpnZ84AA1LS
libp2p nodes vulnerable to attack using large RSA keys
Ecosystems: go
Packages: github.com/libp2p/go-libp2p
Source: GitHub Advisory Database
Blast Radius: 25.5
Published: 9 months ago
High
GSA_kwCzR0hTQS14dzJyLWY4eHYtYzh4cM4AA1LX
PrestaShop XSS injection through Validate::isCleanHTML method
Ecosystems: packagist
Packages: prestashop/prestashop
Source: GitHub Advisory Database
Blast Radius: 2.5
Published: 9 months ago
High
GSA_kwCzR0hTQS1nN3dtLTIybTYtNTc3NM4AAUex
Asset Pipeline plugin for Grails vulnerable to Path Traversal
Ecosystems: maven
Packages: org.grails.plugins:asset-pipeline
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS12cmg3LXg2NHYtN3Z4cc4AAxfo
openssl-src contains `NULL` dereference during PKCS7 data verification
Ecosystems: cargo
Packages: openssl-src
Source: GitHub Advisory Database
Blast Radius: 26.7
Published: over 1 year ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXdydnItOG1weC1yN3Bw
mime Regular Expression Denial of Service when MIME lookup performed on untrusted user input
Ecosystems: npm
Packages: mime
Source: GitHub Advisory Database
Blast Radius: 48.1
Published: almost 6 years ago
High
GSA_kwCzR0hTQS1mcTU2LWM3cmotajNqOc0sKg
Missing permission checks in Jenkins Chef Sinatra Plugin allow XXE
Ecosystems: maven
Packages: org.jenkins-ci.plugins:sinatra-chef-builder
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS02OTg4LWc4OW0tMjd2Zs4AAniS
Magento stored cross-site scripting (XSS) in the customer address upload feature
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 8.7
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1tNXdwLXAzZ2otN3E1Z80sLA
Missing Authorization in Jenkins dbCharts Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:dbCharts
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS01cDRoLTMzNzctN3c2N839kg
golang.org/x/net/html NULL Pointer Dereference vulnerability
Ecosystems: go
Packages: golang.org/x/net
Source: GitHub Advisory Database
Blast Radius: 40.8
Published: about 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTYyZzktNmh3NS1yd2Zw
Path Traversal in resolve-path
Ecosystems: npm
Packages: resolve-path
Source: GitHub Advisory Database
Blast Radius: 34.9
Published: almost 6 years ago
High
GSA_kwCzR0hTQS1oOGptLTJ4NTMteGhwNc4AAvn1
X.509 Email Address Variable Length Buffer Overflow
Ecosystems: cargo
Packages: openssl-src
Source: GitHub Advisory Database
Blast Radius: 26.7
Published: over 1 year ago
High
GSA_kwCzR0hTQS02NTVxLTlndmctcTRjbc4AAjQ_
Remote code execution in ASP.NET Core
Ecosystems: nuget
Packages: Microsoft.AspNetCore.App.Runtime.win-x86, Microsoft.AspNetCore.App.Runtime.win-x64, Microsoft.AspNetCore.App.Runtime.win-arm, Microsoft.AspNetCore.App.Runtime.osx-x64, Microsoft.AspNetCore.App.Runtime.linux-x64, Microsoft.AspNetCore.App.Runtime.linux-musl-x64, Microsoft.AspNetCore.App.Runtime.linux-musl-arm64, Microsoft.AspNetCore.App.Runtime.linux-arm64, Microsoft.AspNetCore.App.Runtime.linux-arm, Microsoft.AspNetCore.Http.Connections, Microsoft.AspNetCore.App, Microsoft.AspNetCore.All
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
High
GSA_kwCzR0hTQS05Nnh2LXJtd2otNnA5d84AAz6C
Grav Server-side Template Injection (SSTI) via Twig Default Filters
Ecosystems: packagist
Packages: getgrav/grav
Source: GitHub Advisory Database
Blast Radius: 6.9
Published: 11 months ago
High
GSA_kwCzR0hTQS1tdjQyLXB4NTQtODdqd84AATn6
Improper Access Control in Apache Tomcat
Ecosystems: maven
Packages: org.apache.tomcat:tomcat
Source: GitHub Advisory Database
Blast Radius: 23.2
Published: about 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXA2bXItcHhnNC02OGh4
Symlink Arbitrary File Overwrite in bower
Ecosystems: npm
Packages: bower
Source: GitHub Advisory Database
Blast Radius: 39.2
Published: over 4 years ago
High
GSA_kwCzR0hTQS03anczLTVxNHctODlxZ84AAQY6
Improper Input Validation in Apache Struts
Ecosystems: maven
Packages: org.apache.struts:struts-core
Source: GitHub Advisory Database
Blast Radius: 22.7
Published: about 2 years ago
High
GSA_kwCzR0hTQS01dzVtLXBmdzktYzhmcM4AAzxe
Snowflake Python Connector vulnerable to Command Injection
Ecosystems: pypi
Packages: snowflake-connector-python
Source: GitHub Advisory Database
Blast Radius: 24.7
Published: 11 months ago
High
GSA_kwCzR0hTQS00djY3LXdnODgtMzdwOc4AAbLR
Apache OpenMeetings displays Tomcat version and detailed error stack trace
Ecosystems: maven
Packages: org.apache.openmeetings:openmeetings-parent
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1tZzNtLWY0NzUtMjhods0YQg
Path Traversal in @backstage/plugin-scaffolder-backend
Ecosystems: npm
Packages: @backstage/plugin-scaffolder-backend
Source: GitHub Advisory Database
Blast Radius: 22.3
Published: over 2 years ago
High
GSA_kwCzR0hTQS1oZjRwLW1oYzgteDJncM4AATm7
Apache Archiva vulnerable to Cross Site Request Forgery
Ecosystems: maven
Packages: org.apache.archiva:archiva
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS1ycjMzLWo1cDUtcHBmOM3X3w
GeoServer allows SSRF via the option for setting a proxy host
Ecosystems: maven
Packages: org.geoserver:gs-main
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS13cnhmLXg4cm0tNmdnZ84AAyiM
Fluent Fluentd and Fluent-ui use default password
Ecosystems: rubygems
Packages: fluentd-ui, fluentd
Source: GitHub Advisory Database
Blast Radius: 30.7
Published: about 1 year ago
High
GSA_kwCzR0hTQS0yangyLXFjbTQtcmY5aM4AAzw_
Incomplete Internal State Distinction in GRPCWebToHTTP2ServerCodec
Ecosystems: swift
Packages: github.com/grpc/grpc-swift
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 11 months ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTM5cGotZ3E4cS05cGZq
Authentication Weakness in keystone
Ecosystems: npm
Packages: keystone
Source: GitHub Advisory Database
Blast Radius: 22.0
Published: almost 6 years ago
High
GSA_kwCzR0hTQS1xNG1wLWp2aDItNzZmas4AAv2m
Pillow subject to DoS via SAMPLESPERPIXEL tag
Ecosystems: pypi
Packages: pillow
Source: GitHub Advisory Database
Blast Radius: 37.1
Published: over 1 year ago
High
GSA_kwCzR0hTQS04bTQ5LTJ4ajgtNjd2Oc03OA
Data Loss/Denial of Service in SWHKD
Ecosystems: cargo
Packages: Simple-Wayland-HotKey-Daemon
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS1ndzQyLWY5MzktZmh2bc4AAzcT
Administration Console authentication bypass in openfire xmppserver
Ecosystems: maven
Packages: org.igniterealtime.openfire:xmppserver
Source: GitHub Advisory Database
Blast Radius: 13.1
Published: 12 months ago
High
GSA_kwCzR0hTQS01aGpoLWMyNm0teHc4d83X2w
ProxyScotch is vulnerable to a server-side Request Forgery (SSRF)
Ecosystems: go
Packages: github.com/hoppscotch/proxyscotch
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS1xYzRqLWhyajYtY3BwZs4AA3R3
upydev has weak encryption padding
Ecosystems: pypi
Packages: upydev
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
High
GSA_kwCzR0hTQS1tcTR2LTZ2ZzQtNzk2Y84AA1P3
apache-airflow-providers-apache-drill Improper Input Validation vulnerability
Ecosystems: pypi
Packages: apache-airflow-providers-apache-drill
Source: GitHub Advisory Database
Blast Radius: 3.6
Published: 9 months ago
High
GSA_kwCzR0hTQS1tZjdjLTM1bXEtNzVwas4AAW6w
Insecure Inherited Permissions in Apache Hadoop
Ecosystems: maven
Packages: org.apache.hadoop:hadoop-common
Source: GitHub Advisory Database
Blast Radius: 38.3
Published: about 2 years ago
High
GSA_kwCzR0hTQS03NzNnLXgyNzQtOHFtZs4AAzue
SwiftNIO Extras vulnerable to improper detection of complete HTTP body decompression
Ecosystems: swift
Packages: github.com/apple/swift-nio-extras
Source: GitHub Advisory Database
Blast Radius: 20.6
Published: 11 months ago
High
GSA_kwCzR0hTQS03cnZwLXhxajctcnhmMs4AA1QS
Daylight Studio FUEL-CMS SQLi Vulnerability
Ecosystems: packagist
Packages: codeigniter/framework
Source: GitHub Advisory Database
Blast Radius: 23.8
Published: 9 months ago
High
GSA_kwCzR0hTQS04eGM2LWc4eHctaDJjNM0_nw
YARP Denial of Service Vulnerability
Ecosystems: nuget
Packages: Yarp.ReverseProxy
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTgzcjMtYzc5dy1mNndj
High severity vulnerability that affects org.apache.hive:hive, org.apache.hive:hive-exec, and org.apache.hive:hive-service
Ecosystems: maven
Packages: org.apache.hive:hive-service, org.apache.hive:hive-exec, org.apache.hive:hive
Source: GitHub Advisory Database
Blast Radius: 28.9
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWY4NjUtbTZjcS1qOXZ4
ReDOS in Mpmath
Ecosystems: pypi
Packages: mpmath
Source: GitHub Advisory Database
Blast Radius: 30.9
Published: almost 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXh2Y2gtcjR3Zi1oOHc5
Improper Certificate Validation in proton-j
Ecosystems: maven
Packages: org.apache.qpid:proton-j
Source: GitHub Advisory Database
Blast Radius: 20.2
Published: over 5 years ago
High
GSA_kwCzR0hTQS00Njk2LWc3amoteGcyaM4AAuES
Mapbox is vulnerable to Integer Overflow
Ecosystems: maven
Packages: com.mapbox.mapboxsdk:mapbox-android-core
Source: GitHub Advisory Database
Blast Radius: 12.2
Published: over 1 year ago
High
GSA_kwCzR0hTQS12aGdyLWdmeDMtZmczN803hg
Unrestricted Upload of File with Dangerous Type in WPanel 4
Ecosystems: packagist
Packages: wpanel/wpanel4-cms
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS03bWZyLTc3NGYtdzVyOc06lg
Improper Certificate Validation
Ecosystems: nuget
Packages: Microsoft.NETCore.App, System.Security.Cryptography.X509Certificates
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS1obTM3LTl4aDItcTQ5Oc4AAtHw
Possible leak of key's raw field if declared length is incorrect
Ecosystems: pypi
Packages: openssh-key-parser
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1oNjQyLTVoNzQtM3g5Y84AAs7r
Reflected Cross-site Scripting in Jenkins Nested View Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:nested-view
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJ4NnItNzQyNy05NWNt
Deserialization of Untrusted Data in Apache Camel RabbitMQ
Ecosystems: maven
Packages: org.apache.camel:camel-rabbitmq
Source: GitHub Advisory Database
Blast Radius: 24.8
Published: almost 3 years ago
High
GSA_kwCzR0hTQS02OTIzLTU0NnAtNnJyY84AAs7q
Cross-site Scripting in Jenkins Image Tag Parameter Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:image-tag-parameter
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
High
GSA_kwCzR0hTQS0yOWY4LXE3bWYtN2Nxas04tg
Logic error in Apache Pinot
Ecosystems: maven
Packages: org.apache.pinot:pinot
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWg1cTgtNTY5Ny05cDlo
Cross-Site Request Forgery in express-cart
Ecosystems: npm
Packages: express-cart
Source: GitHub Advisory Database
Blast Radius: 2.6
Published: over 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXhnYzktOXc0di1oMzNo
High severity vulnerability that affects org.apache.syncope:syncope-core
Ecosystems: maven
Packages: org.apache.syncope:syncope-core
Source: GitHub Advisory Database
Blast Radius: 6.9
Published: over 5 years ago
High
GSA_kwCzR0hTQS04cng2LXY1cTQteHczas02sA
enkins Coverage/Complexity Scatter Plot Plugin XML External Entity Reference vulnerability
Ecosystems: maven
Packages: org.jenkins-ci.plugins:covcomplplot
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS1mOTlyLWpqZ3ItZjM3M804wg
SQL injection in ImpressCMS
Ecosystems: packagist
Packages: impresscms/impresscms
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS13bTVnLXA5OXEtNjZnNM4AAz3C
elFinder vulnerable to path traversal in LocalVolumeDriver connector
Ecosystems: packagist
Packages: studio-42/elfinder
Source: GitHub Advisory Database
Blast Radius: 23.5
Published: 11 months ago
High
GSA_kwCzR0hTQS04NWY5LXc5Y3gtaDM2M802vg
Cross site request forgery in Jenkins Job and Node ownership Plugin
Ecosystems: maven
Packages: com.synopsys.jenkinsci:ownership
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Statistics
Advisories: 18,743
Packages: 8,372
Repositories: 2,461
Ecosystems: 12
Filter by Severity
Moderate 8,145 High 6,444 Critical 2,847 Low 1,014
Filter by Ecosystem
maven 1,876 npm 1,408 pypi 1,198 packagist 1,068 nuget 786 go 695 cargo 324 rubygems 284 swift 16 hex 9 actions 8 pub 4
Filter by Package
Microsoft.ChakraCore 234 tensorflow 107 tensorflow-cpu 95 tensorflow-gpu 93 magento/community-edition 59 org.jenkins-ci.main:jenkins-core 48 moodle/moodle 44 com.fasterxml.jackson.core:jackson-databind 43 org.apache.tomcat:tomcat 33 dolibarr/dolibarr 31 drupal/core 30 pimcore/pimcore 27 microweber/microweber 27 drupal/drupal 26 nokogiri 25 org.apache.struts:struts2-core 23 phpmyadmin/phpmyadmin 23 com.thoughtworks.xstream:xstream 22 opencv-contrib-python 22 opencv-python 22 typo3/cms 22 Pillow 21 com.jfinal:jfinal 21 salt 20 ansible 20 django 19 github.com/rancher/rancher 19 thorsten/phpmyfaq 19 typo3/cms-core 18 librenms/librenms 18 org.jenkins-ci.plugins:script-security 18 mlflow 17 pocketmine/pocketmine-mp 17 Plone 17 openssl-src 17 apache-airflow 16 getgrav/grav 16 symfony/symfony 16 org.apache.tomcat.embed:tomcat-embed-core 16 parse-server 15 nilsteampassnet/teampass 15 rdiffweb 15 centreon/centreon 14 Microsoft.AspNetCore.App.Runtime.win-x86 14 net.mingsoft:ms-mcms 14 vyper 14 github.com/hashicorp/consul 14 Microsoft.AspNetCore.App.Runtime.win-x64 14 github.com/usememos/memos 13 Microsoft.AspNetCore.App.Runtime.win-arm 13 rubygems-update 13 golang.org/x/net 13 Microsoft.AspNetCore.App.Runtime.linux-arm64 12 Microsoft.AspNetCore.App.Runtime.linux-musl-arm64 12 Microsoft.AspNetCore.App.Runtime.linux-arm 12 Microsoft.AspNetCore.App.Runtime.linux-musl-x64 12 Microsoft.AspNetCore.App.Runtime.linux-x64 12 org.keycloak:keycloak-core 12 Microsoft.AspNetCore.App.Runtime.osx-x64 12 activerecord 12 baserproject/basercms 12 Microsoft.AspNetCore.App.Runtime.win-arm64 12 org.apache.openmeetings:openmeetings-parent 12 electron 12 mautic/core 11 org.keycloak:keycloak-parent 11 intelliants/subrion 11 io.undertow:undertow-core 11 github.com/argoproj/argo-cd 11 github.com/hashicorp/vault 11 actionpack 11 github.com/nats-io/nats-server/v2 11 org.springframework.security:spring-security-core 10 froxlor/froxlor 10 cobbler 10 Django 10 shopware/platform 10 keystone 10 org.xwiki.platform:xwiki-platform-oldcore 10 cockpit-hq/cockpit 10 matrix-synapse 10 openmage/magento-lts 10 github.com/hashicorp/nomad 10 org.apache.nifi:nifi 10 Microsoft.NetCore.App.Runtime.win-arm64 9 github.com/ethereum/go-ethereum 9 Microsoft.NetCore.App.Runtime.win-arm 9 org.cloudfoundry.identity:cloudfoundry-identity-server 9 mercurial 9 org.apache.solr:solr-core 9 org.apache.geode:geode-core 9 org.bouncycastle:bcprov-jdk14 9 laravel/framework 9 Microsoft.NetCore.App.Runtime.win-x64 9 Microsoft.NetCore.App.Runtime.win-x86 9 craftcms/cms 9 org.apache.hadoop:hadoop-main 9 org.apache.struts.xwork:xwork-core 9 ckb 9 rusqlite 9 org.bouncycastle:bcprov-jdk15 8 gradio 8 Microsoft.NETCore.App.Runtime.win-x86 8 Microsoft.NETCore.App.Runtime.win-arm64 8 shopware/core 8 october/system 8 github.com/sylabs/singularity 8 Microsoft.NETCore.App.Runtime.win-x64 8 Microsoft.AspNetCore.App.Runtime.linux-musl-arm 8 org.keycloak:keycloak-services 8 DotNetNuke.Core 7 smarty/smarty 7 snipe/snipe-it 7 org.craftercms:crafter-studio 7 org.eclipse.jetty:jetty-server 7 org.apache.inlong:manager-pojo 7 org.apache.commons:commons-compress 7 next 7 cn.hutool:hutool-core 7 tar 7 gogs.io/gogs 7 org.jenkins-ci.plugins.workflow:workflow-cps 7 com.liferay.portal:release.portal.bom 7 apache-superset 7 cakephp/cakephp 7 com.xuxueli:xxl-job 7 org.jenkins-ci.plugins.workflow:workflow-cps-global-lib 7 strapi 7 org.springframework:spring-core 7 symfony/security 7 deno 7 org.elasticsearch:elasticsearch 7 phpmailer/phpmailer 7 pillow 7 github.com/docker/docker 7 codeigniter4/framework 7 magento/core 7 org.apache.tika:tika-core 6 handlebars 6 @strapi/strapi 6 org.apache.tomcat:tomcat-coyote 6 github.com/hyperledger/fabric 6 github.com/zitadel/zitadel 6 sized-chunks 6 npm 6 github.com/grafana/grafana 6 istio.io/istio 6 contao/contao 6 contao/core-bundle 6 github.com/traefik/traefik/v2 6 ezsystems/ezpublish-kernel 6 golang.org/x/crypto 6 nautobot 6 opencv-python-headless 6 opencv-contrib-python-headless 6 @openzeppelin/contracts 6 Microsoft.NETCore.App 6 wwbn/avideo 6 github.com/gravitl/netmaker 6 Microsoft.AspNetCore.All 6 org.apache.camel:camel-core 6 kiwitcms 6 k8s.io/kubernetes 6 express-cart 6 rack 6 Microsoft.AspNetCore.App.Runtime.osx-arm64 6 cryptography 6 sequelize 6 org.apache.cxf:cxf 6 symfony/security-http 6 prestashop/prestashop 6 composer/composer 6 de.tum.in.ase:artemis-java-test-sandbox 6 guzzlehttp/guzzle 6 waitress 6 zope 5 phpbb/phpbb 5 github.com/nats-io/jwt 5 passenger 5 Microsoft.WindowsDesktop.App.Runtime.win-x86 5 Microsoft.WindowsDesktop.App.Runtime.win-x64 5 forkcms/forkcms 5 serve 5 github.com/opencontainers/runc 5 matrix-js-sdk 5 statamic/cms 5 com.vaadin:vaadin-bom 5 aubio 5 Microsoft.AspNetCore.App 5 pear/archive_tar 5 github.com/answerdev/answer 5 org.apache.dolphinscheduler:dolphinscheduler 5 code.gitea.io/gitea 5 directus 5 @openzeppelin/contracts-upgradeable 5 genix/cms 5 github.com/IBAX-io/go-ibax 5 getkirby/cms 5 ezsystems/ezpublish-legacy 5 plone 5
Filter by Repository
https://github.com/chakra-core/ChakraCore 204 https://github.com/tensorflow/tensorflow 107 https://github.com/xwiki/xwiki-platform 48 https://github.com/FasterXML/jackson-databind 44 https://github.com/jenkinsci/jenkins 36 https://github.com/apache/tomcat 34 https://github.com/python-pillow/Pillow 26 https://github.com/apache/airflow 25 https://github.com/microweber/microweber 25 https://github.com/pimcore/pimcore 25 https://github.com/moodle/moodle 24 https://github.com/django/django 24 https://github.com/x-stream/xstream 22 https://github.com/keycloak/keycloak 22 https://github.com/apache/struts 22 https://github.com/opencv/opencv 21 https://github.com/sparklemotion/nokogiri 20 https://github.com/Dolibarr/dolibarr 19 https://github.com/thorsten/phpmyfaq 18 https://github.com/pmmp/PocketMine-MP 17 https://github.com/dotnet/runtime 17 https://github.com/rancher/rancher 16 https://github.com/symfony/symfony 16 https://github.com/spring-projects/spring-framework 16 https://github.com/ansible/ansible 15 https://github.com/ikus060/rdiffweb 15 https://github.com/parse-community/parse-server 15 https://github.com/github/advisory-database 14 https://github.com/librenms/librenms 14 https://github.com/vyperlang/vyper 14 https://github.com/apache/inlong 14 https://github.com/getgrav/grav 14 https://github.com/usememos/memos 13 https://github.com/jenkinsci/script-security-plugin 13 https://github.com/mlflow/mlflow 12 https://github.com/rails/rails 12 https://github.com/apache/nifi 11 https://github.com/electron/electron 11 https://github.com/hashicorp/consul 11 https://github.com/mautic/mautic 11 https://github.com/OpenMage/magento-lts 10 https://github.com/octobercms/october 10 https://github.com/centreon/centreon 10 https://github.com/go-gitea/gitea 10 https://github.com/argoproj/argo-cd 10 https://github.com/rusqlite/rusqlite 9 https://github.com/kubernetes/kubernetes 9 https://github.com/strapi/strapi 9 https://github.com/cloudfoundry/uaa 9 https://github.com/cui2shark/cms 9 https://github.com/nilsteampassnet/teampass 9 https://github.com/openstack/keystone 9 https://github.com/apache/camel 9 https://github.com/golang/go 9 https://github.com/nervosnetwork/ckb 9 https://github.com/TYPO3/TYPO3.CMS 8 https://github.com/matrix-org/synapse 8 https://github.com/cockpit-hq/cockpit 8 https://github.com/bcgit/bc-java 8 https://github.com/gradio-app/gradio 8 https://github.com/denoland/deno 8 https://github.com/shopware/platform 8 https://github.com/nats-io/nats-server 8 https://github.com/cobbler/cobbler 8 https://github.com/dotnet/aspnetcore 7 https://github.com/netty/netty 7 https://github.com/spring-projects/spring-security 7 https://github.com/snipe/snipe-it 7 https://github.com/rubygems/rubygems 7 https://github.com/apache/cxf 7 https://github.com/eclipse/jetty.project 7 https://github.com/DSpace/DSpace 7 https://github.com/PHPMailer/PHPMailer 7 https://github.com/plone/Products.CMFPlone 7 https://github.com/undertow-io/undertow 7 https://github.com/apache/activemq 7 https://github.com/hashicorp/vault 7 https://github.com/laravel/framework 7 https://github.com/intelliants/subrion 6 https://github.com/dromara/hutool 6 https://github.com/CVEProject/cvelist 6 https://github.com/zitadel/zitadel 6 https://github.com/dnnsoftware/Dnn.Platform 6 https://github.com/Pylons/waitress 6 https://github.com/ls1intum/Ares 6 https://github.com/opencast/opencast 6 https://github.com/OpenNMS/opennms 6 https://github.com/magento/magento2 6 https://github.com/npm/node-tar 6 https://github.com/contao/contao 6 https://github.com/nilsteampassnet/TeamPass 6 https://github.com/TYPO3/typo3 6 https://github.com/phpmyadmin/phpmyadmin 6 https://github.com/sequelize/sequelize 6 https://github.com/hyperledger/fabric 6 https://github.com/pyca/cryptography 6 https://github.com/PaddlePaddle/Paddle 6 https://github.com/backstage/backstage 6 https://github.com/smarty-php/smarty 6 https://github.com/bodil/sized-chunks 6 https://github.com/DrunkenShells/Disclosures 6 https://github.com/kiwitcms/Kiwi 6 https://github.com/OpenZeppelin/openzeppelin-contracts 6 https://github.com/nautobot/nautobot 6 https://github.com/OPCFoundation/UA-.NETStandard 6 https://github.com/froxlor/froxlor 6 https://github.com/guzzle/guzzle 6 https://github.com/gravitl/netmaker 6 https://github.com/WWBN/AVideo 6 https://github.com/saltstack/salt 6 https://github.com/istio/istio 6 https://github.com/xuxueli/xxl-job 6 https://github.com/codeigniter4/CodeIgniter4 5 https://github.com/geoserver/geoserver 5 https://github.com/faisalman/ua-parser-js 5 https://github.com/IBAX-io/go-ibax 5 https://github.com/forkcms/forkcms 5 https://github.com/apache/hadoop 5 https://github.com/twisted/twisted 5 https://github.com/aubio/aubio 5 https://github.com/apache/xmlgraphics-batik 5 https://github.com/grafana/grafana 5 https://github.com/directus/directus 5 https://github.com/hpcng/singularity 5 https://github.com/drupal/core 5 https://github.com/cefsharp/CefSharp 5 https://github.com/gogs/gogs 5 https://github.com/vercel/next.js 5 https://github.com/PrestaShop/PrestaShop 5 https://github.com/pear/Archive_Tar 5 https://github.com/zopefoundation/Zope 5 https://github.com/apache/kylin 5 https://github.com/composer/composer 5 https://github.com/protocolbuffers/protobuf 5 https://github.com/docker/docker 5 https://github.com/BlackFan/client-side-prototype-pollution 5 https://github.com/cakephp/cakephp 5 https://github.com/apache/dolphinscheduler 5 https://github.com/ethereum/go-ethereum 5 https://github.com/getkirby/kirby 5 https://github.com/answerdev/answer 5 https://github.com/traefik/traefik 5 https://github.com/cilium/cilium 5 https://github.com/matrix-org/matrix-js-sdk 5 https://github.com/wixtoolset/issues 4 https://github.com/jeecgboot/jeecg-boot 4 https://github.com/containers/buildah 4 https://github.com/PrismJS/prism 4 https://github.com/0xJacky/nginx-ui 4 https://github.com/opencontainers/runc 4 https://github.com/centreon/centreon-archived 4 https://github.com/surrealdb/surrealdb 4 https://github.com/pimcore/admin-ui-classic-bundle 4 https://github.com/cri-o/cri-o 4 https://github.com/kubernetes/ingress-nginx 4 https://github.com/fiveai/Cachet 4 https://github.com/ezsystems/ezpublish-legacy 4 https://github.com/baserproject/basercms 4 https://github.com/playframework/playframework 4 https://github.com/vantage6/vantage6 4 https://github.com/livehelperchat/livehelperchat 4 https://github.com/yiisoft/yii2 4 https://github.com/restlet/restlet-framework-java 4 https://github.com/cloudflare/cfrpki 4 https://github.com/hashicorp/nomad 4 https://github.com/tidwall/gjson 4 https://github.com/jhipster/generator-jhipster 4 https://github.com/phpseclib/phpseclib 4 https://github.com/Codiad/Codiad 4 https://github.com/statamic/cms 4 https://github.com/pgadmin-org/pgadmin4 4 https://github.com/igniterealtime/Openfire 4 https://github.com/Froxlor/Froxlor 4 https://github.com/libp2p/go-libp2p 4 https://github.com/jettison-json/jettison 4 https://github.com/containers/podman 4 https://github.com/scrapy/scrapy 4 https://github.com/jenkinsci/workflow-cps-global-lib-plugin 4 https://github.com/nightcloudos/new_cms 4 https://github.com/bolt/bolt 4 https://github.com/totaljs/framework 4 https://github.com/RaspAP/raspap-webgui 4 https://github.com/ethyca/fides 4 https://github.com/jnqnfe/pulse-binding-rust 4 https://github.com/apache/geode 4 https://github.com/quarkusio/quarkus 4 https://github.com/ericcornelissen/shescape 4 https://github.com/apple/swift-nio-http2 4 https://github.com/npm/cli 4 https://github.com/nocodb/nocodb 4 https://github.com/ckeditor/ckeditor4 4 https://github.com/free5gc/free5gc 4 https://github.com/pallets/werkzeug 3 https://github.com/jenkinsci/junit-plugin 3 https://github.com/resteasy/Resteasy 3 https://github.com/esphome/esphome 3 https://github.com/reportportal/reportportal 3 https://github.com/facebook/hermes 3 https://github.com/crossbeam-rs/crossbeam 3