Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

High Security Advisories

Loading...
High
GSA_kwCzR0hTQS1tNm01LXBwNGctZmNjOM0WNA
S3 storage write is not aborted on errors leading to unbounded memory usage
Ecosystems: go
Packages: github.com/foxcpp/maddy
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: over 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXFwd2YtNGZ4NS1jcnFx
Directory Traversal in earlybird
Ecosystems: npm
Packages: earlybird
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: over 3 years ago
High
GSA_kwCzR0hTQS05Zzh3LXBqcHItcHJyNM4AARcn
Path Traversal in io.hawt:project
Ecosystems: maven
Packages: io.hawt:project
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: about 2 years ago
High
GSA_kwCzR0hTQS1mdmY1LXhwODMtdnJxcM4AAu_6
ICEcoder vulnerable to Path Traversal
Ecosystems: packagist
Packages: icecoder/icecoder
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: over 1 year ago
High
GSA_kwCzR0hTQS04OTM2LTQ0Z3ctNzY2NM4AAdXr
TripleO Heat templates might allow remote attackers to obtain sensitive information from private containers
Ecosystems: pypi
Packages: tripleo-heat-templates
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: almost 2 years ago
High
GSA_kwCzR0hTQS04OXFtLXdjbXctM21nZ84AAw0u
Gitops Run insecure communication
Ecosystems: go
Packages: github.com/weaveworks/weave-gitops
Source: GitHub Advisory Database
Blast Radius: 2.2
Published: over 1 year ago
High
GSA_kwCzR0hTQS1wZnc0LXhqZ20tMjY3Y84AAuzz
Dendrite signature checks not applied to some retrieved missing events
Ecosystems: go
Packages: github.com/matrix-org/dendrite
Source: GitHub Advisory Database
Blast Radius: 2.2
Published: over 1 year ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWNxNzctOGpweC04OTJn
Command Injection in killing
Ecosystems: npm
Packages: killing
Source: GitHub Advisory Database
Blast Radius: 2.2
Published: about 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW04Zm0tbXY1dy0zM3B2
Command Injection in psnode
Ecosystems: npm
Packages: psnode
Source: GitHub Advisory Database
Blast Radius: 2.2
Published: about 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWp4Y2MtZzc1eC1xZ3c5
Calipso Arbitrary File Write via Archive Extraction (Zip Slip)
Ecosystems: npm
Packages: calipso
Source: GitHub Advisory Database
Blast Radius: 2.2
Published: almost 3 years ago
High
GSA_kwCzR0hTQS1qNngzLTNqcXEtbTkyMs4AAuww
CrafterCMS OS Command Injection vulnerability
Ecosystems: maven
Packages: org.craftercms:craftercms
Source: GitHub Advisory Database
Blast Radius: 2.2
Published: over 1 year ago
High
GSA_kwCzR0hTQS1qaDU3LWozdnEtaDQzOM4AA7PQ
LibreNMS vulnerable to a Time-Based Blind SQL injection leads to database extraction
Ecosystems: packagist
Packages: librenms/librenms
Source: GitHub Advisory Database
Blast Radius: 2.2
Published: 23 days ago
High
GSA_kwCzR0hTQS1yaDVmLTJ3NnItcTd2as4AAhfW
Podman Path Traversal Vulnerability leads to arbitrary file read/write
Ecosystems: go
Packages: github.com/containers/podman
Source: GitHub Advisory Database
Blast Radius: 2.2
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1yOXZ2LXhqNHctZzhtOM3zOw
Apache ActiveMQ Artemis RCE Via Deserialization Gadget Chain
Ecosystems: maven
Packages: org.apache.activemq:artemis-pom
Source: GitHub Advisory Database
Blast Radius: 2.2
Published: about 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTRyamYtbXhmbS05OGg1
SQL injection vulnerability in the policy admin tool in Apache Ranger
Ecosystems: maven
Packages: org.apache.ranger:ranger
Source: GitHub Advisory Database
Blast Radius: 2.2
Published: over 5 years ago
High
GSA_kwCzR0hTQS1wcGZtLXJqNnAtMzhxNs0sYw
Improper Authorization in librenms
Ecosystems: packagist
Packages: librenms/librenms
Source: GitHub Advisory Database
Blast Radius: 2.1
Published: about 2 years ago
High
GSA_kwCzR0hTQS03Mm05LTdjOHgtcG1td84AA7PP
LibreNMS uses Improper Sanitization on Service template name leads to Stored XSS
Ecosystems: packagist
Packages: librenms/librenms
Source: GitHub Advisory Database
Blast Radius: 2.1
Published: 23 days ago
High
GSA_kwCzR0hTQS0zM3dmLTRjcm0tMjMyMs0sag
Improper Access Control in librenms
Ecosystems: packagist
Packages: librenms/librenms
Source: GitHub Advisory Database
Blast Radius: 2.1
Published: about 2 years ago
High
GSA_kwCzR0hTQS1tcDc2LTd3NXYtcHI3Nc4AA6CN
TurboBoost Commands vulnerable to arbitrary method invocation
Ecosystems: npm, rubygems
Packages: @turbo-boost/commands, turbo_boost-commands
Source: GitHub Advisory Database
Blast Radius: 2.0
Published: 2 months ago
High
GSA_kwCzR0hTQS1xZjg3LXE0Z2ctY2c0M84AAxgj
bottlerocket dependency openssl is vulnerable to dereferenced null pointers
Ecosystems: cargo
Packages: bottlerocket/update-operator
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
High
GSA_kwCzR0hTQS1xZ203LW03N2YtajhwZs4AAygA
Jenkins Performance Publisher Plugin vulnerable to XML external entity (XXE) attacks
Ecosystems: maven
Packages: org.jenkins-ci.plugins:perfpublisher
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXBqeHYtdzNxai1qOG0z
Directory Traversal in elFinder.AspNet
Ecosystems: nuget
Packages: elFinder.AspNet
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 3 years ago
High
GSA_kwCzR0hTQS1mZjQ1LTJqcDktNjlqY84AA1Y1
Cockpit Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: cockpit-hq/cockpit
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 9 months ago
High
GSA_kwCzR0hTQS1oZ3E5LXE4ZzItM2ptZ84AAQKq
Command Injection in VIVO Vitro
Ecosystems: maven
Packages: org.vivoweb:vitro-project
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS1nNmgyLTR4NjQtYzU5eM4AAg9r
Improper Restriction of XML External Entity Reference Jenkins Token Macro Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:oken-macro
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
High
GSA_kwCzR0hTQS01dmZ4LTh3Nm0taDN2NM0WHA
Pterodactyl Panel vulnerable to authentication bypass due to improper user-provided security token verification
Ecosystems: packagist
Packages: pterodactyl/panel
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZjYzYtNjZmNS1teGpq
Out-of-bounds write in ChakraCore
Ecosystems: nuget
Packages: Microsoft.ChakraCore
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 3 years ago
High
GSA_kwCzR0hTQS1mbXYyLWp2M3AtNnc0N84AAQA9
ChakraCore RCE Vulnerability
Ecosystems: nuget
Packages: Microsoft.ChakraCore
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS1jeHY3LTZqZ2YtN2d3Zs4AAntT
ThinkAdmin Admin Panel Access using Default Credentials
Ecosystems: packagist
Packages: zoujingli/thinkadmin
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1wN3FxLXJydncteDU1eM4AAxzp
Froxlor Cross-Site Request Forgery vulnerability
Ecosystems: packagist
Packages: froxlor/froxlor
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
High
GSA_kwCzR0hTQS1tamcyLTMyNnEtNDlmOc4AAQA2
ChakraCore RCE Vulnerability
Ecosystems: nuget
Packages: Microsoft.ChakraCore
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS03aDJqLWg1eHAtaDNnaM4AAgZC
Missing Authorization in Jenkins SSH plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:ssh
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1ycGZnLXhmODgtY3E1cs4AAQE-
ChakraCore RCE Vulnerability
Ecosystems: nuget
Packages: Microsoft.ChakraCore
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS0ybW1jLTVwaGotNHdqas4AAQFB
ChakraCore RCE Vulnerability
Ecosystems: nuget
Packages: Microsoft.ChakraCore
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS1jaDIyLXgydjMtdjZ2cc0kdg
OTF-001: Improper Input Sanitation: The path parameter of the requested URL is not sanitized before being passed to the QT frontend
Ecosystems: pypi
Packages: onionshare-cli
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
High
GSA_kwCzR0hTQS02dzV3LXd4OHctMmNxOc4AAwpK
usememos/memos Improper Access Control vulnerability
Ecosystems: go
Packages: github.com/usememos/memos
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
High
GSA_kwCzR0hTQS1oNjZwLW03NjYtMzNmds4AASkc
AWS CodeDeploy Plugin stored AWS Secret Key in plain text
Ecosystems: maven
Packages: com.amazonaws:codedeploy
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS02ZzU3LWgzOGMtcTUyZ84AAUF0
Cross-Site Request Forgery in Jenkins Mailer Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:mailer
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS03Z3J4LWY5NDUtbWo5Ns4AA7cr
Uptime Kuma vulnerable to authenticated remote code execution via malicious plugin installation
Ecosystems: npm
Packages: uptime-kuma
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 14 days ago
High
GSA_kwCzR0hTQS0yNTg5LXIyNngtbWg4cM4AAQAn
ChakraCore RCE Vulnerability
Ecosystems: nuget
Packages: Microsoft.ChakraCore
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS12OWpnLW02ZzUtaDNoaM4AAVaY
ChakraCore RCE Vulnerability
Ecosystems: nuget
Packages: Microsoft.ChakraCore
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS01NHE0LTc0cDMtbWdjd84AAxqd
rttys SQL Injection vulnerability
Ecosystems: go
Packages: github.com/zhaojh329/rttys
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
High
GSA_kwCzR0hTQS1mY2dmLWo4Y2YtaDJybc4AAvoS
IBAX go-ibax vulnerable to SQL injection
Ecosystems: go
Packages: github.com/IBAX-io/go-ibax
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
High
GSA_kwCzR0hTQS1yd2NmLWdxMjItcGg4M84AAvoH
IBAX go-ibax vulnerable to SQL injection
Ecosystems: go
Packages: github.com/IBAX-io/go-ibax
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
High
GSA_kwCzR0hTQS1qcm1mLXhocjYtMzQyOM4AAiOG
Jenkins SourceGear Vault plugin transmits credentials in plain text
Ecosystems: maven
Packages: org.jenkins-ci.plugins:vault-scm-plugin
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1tNmdmLXAyNnAtbXgyd84AAhRA
Jenkins Docker Plugin contains Cross-Site Request Forgery
Ecosystems: maven
Packages: io.jenkins.docker:docker-plugin
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
High
GSA_kwCzR0hTQS12cDYyLW05NTgtcWo4Y84AAwu3
Gravitee API Management contains Path Traversal
Ecosystems: maven
Packages: io.gravitee.apim:gravitee-api-management
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
High
GSA_kwCzR0hTQS00cTk2LTlmNjMtcDdqas02ew
Path Traversal in ImpressCMS
Ecosystems: packagist
Packages: impresscms/impresscms
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS13NTk4LTI1aG0tanF4M84AAkDH
RCE vulnerability in Jenkins Pipeline: AWS Steps Plugin
Ecosystems: maven
Packages: de.taimos:pipeline-aws
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
High
GSA_kwCzR0hTQS02cmg1LTIzaHgtajQ1Ms3rtw
Improper Authorization in Jenkins Core
Ecosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS1wcmZ3LTNxeDYtZzl4cs3z6Q
Improper Limitation of a Pathname to a Restricted Directory in Jboss EAP Undertow
Ecosystems: maven
Packages: org.jboss.eap:wildfly-undertow
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS1tZ3FoLTNxbTctZ3g4Ms4AAvoA
IBAX go-ibax vulnerable to SQL injection
Ecosystems: go
Packages: github.com/IBAX-io/go-ibax
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
High
GSA_kwCzR0hTQS1nNjd4LW1ncnYtbTNnds4AAj1j
ChakraCore RCE Vulnerability
Ecosystems: nuget
Packages: Microsoft.ChakraCore
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1mM3F3LTdwOXAtajg3Zs4AAQA6
ChakraCore RCE Vulnerability
Ecosystems: nuget
Packages: Microsoft.ChakraCore
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS1oeGo0LTg4NWYtZ3JncM4AAmJ-
Wildfly-OpenSSL memory leak flaw
Ecosystems: maven
Packages: org.wildfly.openssl:wildfly-openssl-natives-parent
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1xOWc0LTlmeDQtdjUzM84AAu-j
Stored XSS vulnerability in Jenkins DotCi Plugin
Ecosystems: maven
Packages: com.groupon.jenkins-ci.plugins:DotCi
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
High
GSA_kwCzR0hTQS1xdjZmLXJjdjYtNnEzeM4AAnOP
Improper handling of REST API XML deserialization errors in Jenkins
Ecosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXh4M2gtajNjeC04cWZq
Insufficient Entropy in DotNetNuke
Ecosystems: nuget
Packages: DotNetNuke.Core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 5 years ago
High
GSA_kwCzR0hTQS04NWh3LXc0MzYtYzcyNc4AAU6Q
XML External Entity Reference in Apache Cayenne
Ecosystems: maven
Packages: org.apache.cayenne:cayenne-parent
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS0yOHg5LWhjNHAtOXZoMs4AAl8c
Stored XSS vulnerability in android-lint Plugin
Ecosystems: maven
Packages: org.jvnet.hudson.plugins:android-lint
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTY4NjYteDdjZi1ybWg1
Directory Traversal in sencisho
Ecosystems: npm
Packages: sencisho
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 6 years ago
High
GSA_kwCzR0hTQS0zbXY4LXgzamotM2o3bc4AAQA7
ChakraCore RCE Vulnerability
Ecosystems: nuget
Packages: Microsoft.ChakraCore
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJweG0tdm1yNy01ZjVm
Data races in convec
Ecosystems: cargo
Packages: convec
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
High
GSA_kwCzR0hTQS12cTVoLXFneG0tMm0zOc4AAyf-
Jenkins Crap4J Plugin vulnerable to XML external entity (XXE) attacks
Ecosystems: maven
Packages: org.jenkins-ci.plugins:crap4j
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
High
GSA_kwCzR0hTQS0zdmN4LXc5NGgtNjh2Z84AAXTZ
XXE vulnerability in Jenkins Android Lint Plugin
Ecosystems: maven
Packages: org.jvnet.hudson.plugins:android-lint
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS03MmdtLXBwNnEtZ3B4Nc4AAX4k
ChakraCore RCE Vulnerability
Ecosystems: nuget
Packages: Microsoft.ChakraCore
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS04Mzh4LXBjdngtNnA1d84AAyW0
Snappier vulnerable to buffer overrun due to improper restriction of operations within the bounds of a memory buffer
Ecosystems: nuget
Packages: Snappier
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTc5d2YtcWNxdi1yMjJy
Remote code execution in better-macro
Ecosystems: cargo
Packages: better-macro
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXc5dnYtcTk4Ni12ajd4
Out of bounds read in uu_od
Ecosystems: cargo
Packages: uu_od
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
High
GSA_kwCzR0hTQS03cXBtLXZtd3YtaHE3aM4AAu-m
Stored XSS vulnerability in Jenkins Walti plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:walti
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
High
GSA_kwCzR0hTQS12d3FoLWNtdnAtNjY5NM3_vw
ChakraCore RCE Vulnerability
Ecosystems: nuget
Packages: Microsoft.ChakraCore
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS1weG1yLXEyeDMtOXg5bc4AA4Y4
Authenticated (user role) remote command execution by modifying `nginx` settings (GHSL-2023-269)
Ecosystems: go
Packages: github.com/0xJacky/Nginx-UI
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 4 months ago
High
GSA_kwCzR0hTQS02MnYyLXh3aDMtNWd2eM4AAz2m
Jenkins Template Workflows Plugin vulnerable to Stored Cross-site Scripting
Ecosystems: maven
Packages: org.jenkins.plugin.templateWorkflows:template-workflows
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 11 months ago
High
GSA_kwCzR0hTQS12cjZ2LXdqZnctcnhjcs4AAlYW
Stored XSS vulnerability in Jenkins Matrix Authorization Strategy Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:matrix-auth
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
High
GSA_kwCzR0hTQS05cmhjLXZqanAtZ2Njd84AAl8n
Stored XSS vulnerability in Locked Files Report Plugin
Ecosystems: maven
Packages: org.jvnet.hudson.plugins:locked-files-report
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1qNjdtLXdwdjYtcHY0NM3_5Q
ChakraCore RCE Vulnerability
Ecosystems: nuget
Packages: Microsoft.ChakraCore
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS1wbTcyLTI3bWctZmMyOM4AAxPg
Froxlor contains Weak Password Requirements
Ecosystems: packagist
Packages: froxlor/froxlor
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJtcDgtcXZxbS0zeHdx
Restlet Framework Ja-rs extension is vulnerable to XXE when using SimpleXMLProvider
Ecosystems: maven
Packages: org.restlet.jse:org.restlet.ext.jaxrs
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 5 years ago
High
GSA_kwCzR0hTQS1nNTh4LTU3ZnYtODZqaM4AA1u1
Jenkins Google Login Plugin non-constant time token comparison
Ecosystems: maven
Packages: org.jenkins-ci.plugins:google-login
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 8 months ago
High
GSA_kwCzR0hTQS05OW1xLWh3NW0tZ3dqas4AAtsN
Missing permission check in Coverity Plugin allows capturing credentials
Ecosystems: maven
Packages: org.jenkins-ci.plugins:coverity
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1yYzQ0LTVjbWgtODc5bc4AAzeU
Unrestricted recursion in htmlunit
Ecosystems: maven
Packages: org.htmlunit:htmlunit
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 12 months ago
High
GSA_kwCzR0hTQS01eDNmLTdtNTItOWNnZs4AAtsr
Jenkins Coverity Plugin vulnerable to cross-site request forgery (CSRF)
Ecosystems: maven
Packages: org.jenkins-ci.plugins:coverity
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1najNxLXA4Y20tMjZybc4AAjxj
Sandbox bypass vulnerability in Script Security Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:script-security
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1wY2dwLXZmZ3EtbWY1as3_9w
ChakraCore RCE Vulnerability
Ecosystems: nuget
Packages: Microsoft.ChakraCore
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS1wNnFjLTM3aHEtd3FyNs4AAoNm
Remote code execution vulnerability in Jenkins Templating Engine Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:templating-engine
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTRnNTMtdnA3cS1nZmp2
constructEvent does not verify header
Ecosystems: npm
Packages: @worker-tools/stripe-webhook
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 3 years ago
High
GSA_kwCzR0hTQS00cWY1LTd4YzItd3FwZ84AAjqw
DNN Path Traversal via Zip Slip
Ecosystems: nuget
Packages: DotNetNuke.Core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWd2dnYtdzU1OS0yaGc2
Data races in scottqueue
Ecosystems: cargo
Packages: scottqueue
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
High
GSA_kwCzR0hTQS05cmpwLXI1OGotZnhncc0VkQ
Path traversal in elFinder.NetCore
Ecosystems: nuget
Packages: elFinder.NetCore
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
High
GSA_kwCzR0hTQS12ZzJnLTY5OGgtdjl3M84AAmK5
PyroCMS Vulnerable to CSRF
Ecosystems: packagist
Packages: pyrocms/pyrocms
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTI0NnItcjJ3Zi1mcmh4
Malicious password-reset in Akaunting
Ecosystems: packagist
Packages: akaunting/akaunting
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
High
GSA_kwCzR0hTQS05MmoyLTVyN3AtNmhqd84AAcqh
Restlet is vulnerable to Arbitrary Java Code Execution via crafted XML
Ecosystems: maven
Packages: org.restlet.jse:org.restlet
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
High
GSA_kwCzR0hTQS02Y2Y2LThodnItcjY4d84AA6o3
dectalk-tts Uses Unencrypted HTTP Request
Ecosystems: npm
Packages: dectalk-tts
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 month ago
High
GSA_kwCzR0hTQS1jMmhnLTJqajYtaDh2aM4AAllD
CSRF vulnerability in Jenkins Pipeline Maven Integration Plugin allow capturing credentials
Ecosystems: maven
Packages: org.jenkins-ci.plugins:pipeline-maven
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
High
GSA_kwCzR0hTQS04NTM4LTI1djQtMjVwZ84AAv5K
XXE vulnerability in Jenkins JAPEX Plugin
Ecosystems: maven
Packages: org.jvnet.hudson.plugins:japex
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
High
GSA_kwCzR0hTQS1yd2c1LTJwdjktNjMzd84AA0qS
Jenkins OpenShift Login Plugin session fixation vulnerability
Ecosystems: maven
Packages: org.openshift.jenkins:openshift-login
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 10 months ago
High
GSA_kwCzR0hTQS0zMjRoLTJ2N2gtcTN4eM4AAkZs
RCE vulnerability in Jenkins Yaml Axis Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:yaml-axis
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
High
GSA_kwCzR0hTQS01cjhxLTlmd3YtMmdwcs4AAQab
Jenkins Slack Notification Plugin CSRF vulnerability and missing permission checks
Ecosystems: maven
Packages: org.jenkins-ci.plugins:slack
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS05ZjM3LWdneG0taDZ3eM4AAmvW
CSRF vulnerability in Jenkins Shelve Project Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:shelve-project-plugin
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1jdjI1LTNnbWctYzZtOM0grQ
Injection in UserFrosting
Ecosystems: packagist
Packages: userfrosting/userfrosting
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Statistics
Advisories: 18,592
Packages: 8,342
Repositories: 2,453
Ecosystems: 12
Filter by Severity
Moderate 8,063 High 6,401 Critical 2,824 Low 1,012
Filter by Ecosystem
maven 1,876 npm 1,408 pypi 1,198 packagist 1,025 nuget 786 go 695 cargo 324 rubygems 284 swift 16 hex 9 actions 8 pub 4
Filter by Package
Microsoft.ChakraCore 234 tensorflow 107 tensorflow-cpu 95 tensorflow-gpu 93 magento/community-edition 55 org.jenkins-ci.main:jenkins-core 48 moodle/moodle 44 com.fasterxml.jackson.core:jackson-databind 43 org.apache.tomcat:tomcat 33 dolibarr/dolibarr 31 drupal/core 28 microweber/microweber 27 pimcore/pimcore 27 nokogiri 25 drupal/drupal 24 org.apache.struts:struts2-core 23 phpmyadmin/phpmyadmin 23 typo3/cms 22 opencv-python 22 opencv-contrib-python 22 com.thoughtworks.xstream:xstream 22 Pillow 21 com.jfinal:jfinal 21 ansible 20 salt 20 thorsten/phpmyfaq 19 github.com/rancher/rancher 19 django 19 org.jenkins-ci.plugins:script-security 18 typo3/cms-core 18 librenms/librenms 18 mlflow 17 openssl-src 17 Plone 17 pocketmine/pocketmine-mp 17 symfony/symfony 16 org.apache.tomcat.embed:tomcat-embed-core 16 apache-airflow 16 getgrav/grav 15 nilsteampassnet/teampass 15 parse-server 15 rdiffweb 15 Microsoft.AspNetCore.App.Runtime.win-x86 14 net.mingsoft:ms-mcms 14 vyper 14 Microsoft.AspNetCore.App.Runtime.win-x64 14 centreon/centreon 14 github.com/hashicorp/consul 14 rubygems-update 13 Microsoft.AspNetCore.App.Runtime.win-arm 13 github.com/usememos/memos 13 golang.org/x/net 13 Microsoft.AspNetCore.App.Runtime.linux-musl-arm64 12 Microsoft.AspNetCore.App.Runtime.linux-arm 12 Microsoft.AspNetCore.App.Runtime.linux-arm64 12 org.apache.openmeetings:openmeetings-parent 12 org.keycloak:keycloak-core 12 activerecord 12 Microsoft.AspNetCore.App.Runtime.win-arm64 12 Microsoft.AspNetCore.App.Runtime.osx-x64 12 Microsoft.AspNetCore.App.Runtime.linux-x64 12 electron 12 Microsoft.AspNetCore.App.Runtime.linux-musl-x64 12 baserproject/basercms 12 github.com/nats-io/nats-server/v2 11 mautic/core 11 actionpack 11 github.com/hashicorp/vault 11 intelliants/subrion 11 org.keycloak:keycloak-parent 11 io.undertow:undertow-core 11 github.com/argoproj/argo-cd 11 org.xwiki.platform:xwiki-platform-oldcore 10 Django 10 keystone 10 cobbler 10 matrix-synapse 10 github.com/hashicorp/nomad 10 openmage/magento-lts 10 org.springframework.security:spring-security-core 10 froxlor/froxlor 10 shopware/platform 10 org.apache.nifi:nifi 10 cockpit-hq/cockpit 10 org.apache.geode:geode-core 9 craftcms/cms 9 org.apache.solr:solr-core 9 Microsoft.NetCore.App.Runtime.win-arm64 9 org.cloudfoundry.identity:cloudfoundry-identity-server 9 org.bouncycastle:bcprov-jdk14 9 Microsoft.NetCore.App.Runtime.win-arm 9 Microsoft.NetCore.App.Runtime.win-x64 9 org.apache.struts.xwork:xwork-core 9 github.com/ethereum/go-ethereum 9 Microsoft.NetCore.App.Runtime.win-x86 9 org.apache.hadoop:hadoop-main 9 ckb 9 mercurial 9 rusqlite 9 Microsoft.AspNetCore.App.Runtime.linux-musl-arm 8 shopware/core 8 Microsoft.NETCore.App.Runtime.win-x86 8 gradio 8 Microsoft.NETCore.App.Runtime.win-x64 8 org.bouncycastle:bcprov-jdk15 8 github.com/sylabs/singularity 8 Microsoft.NETCore.App.Runtime.win-arm64 8 org.keycloak:keycloak-services 8 october/system 8 smarty/smarty 7 symfony/security 7 pillow 7 cakephp/cakephp 7 phpmailer/phpmailer 7 apache-superset 7 magento/core 7 org.craftercms:crafter-studio 7 org.elasticsearch:elasticsearch 7 strapi 7 com.liferay.portal:release.portal.bom 7 DotNetNuke.Core 7 deno 7 next 7 cn.hutool:hutool-core 7 org.apache.inlong:manager-pojo 7 org.eclipse.jetty:jetty-server 7 github.com/docker/docker 7 org.jenkins-ci.plugins.workflow:workflow-cps 7 org.jenkins-ci.plugins.workflow:workflow-cps-global-lib 7 org.springframework:spring-core 7 snipe/snipe-it 7 com.xuxueli:xxl-job 7 codeigniter4/framework 7 gogs.io/gogs 7 tar 7 org.apache.commons:commons-compress 7 composer/composer 6 rack 6 symfony/security-http 6 sequelize 6 org.apache.tomcat:tomcat-coyote 6 github.com/traefik/traefik/v2 6 github.com/zitadel/zitadel 6 handlebars 6 prestashop/prestashop 6 istio.io/istio 6 @strapi/strapi 6 waitress 6 opencv-contrib-python-headless 6 org.apache.cxf:cxf 6 @openzeppelin/contracts 6 wwbn/avideo 6 de.tum.in.ase:artemis-java-test-sandbox 6 golang.org/x/crypto 6 opencv-python-headless 6 org.apache.tika:tika-core 6 Microsoft.AspNetCore.App.Runtime.osx-arm64 6 nautobot 6 kiwitcms 6 contao/contao 6 contao/core-bundle 6 laravel/framework 6 org.apache.camel:camel-core 6 github.com/grafana/grafana 6 github.com/hyperledger/fabric 6 github.com/gravitl/netmaker 6 npm 6 guzzlehttp/guzzle 6 sized-chunks 6 express-cart 6 Microsoft.NETCore.App 6 k8s.io/kubernetes 6 cryptography 6 Microsoft.AspNetCore.All 6 org.apache.tomcat:tomcat-catalina 5 github.com/cilium/cilium 5 zope 5 github.com/answerdev/answer 5 github.com/nats-io/jwt 5 @openzeppelin/contracts-upgradeable 5 github.com/IBAX-io/go-ibax 5 com.vaadin:vaadin-bom 5 github.com/go-gitea/gitea 5 Microsoft.WindowsDesktop.App.Runtime.win-x64 5 Microsoft.WindowsDesktop.App.Runtime.win-x86 5 phpbb/phpbb 5 getkirby/cms 5 matrix-js-sdk 5 twisted 5 org.xwiki.platform:xwiki-platform-web 5 forkcms/forkcms 5 aubio 5 serve 5 ua-parser-js 5 pear/archive_tar 5 CefSharp.Common 5 statamic/cms 5 passenger 5 Microsoft.AspNetCore.App 5 genix/cms 5
Filter by Repository
https://github.com/chakra-core/ChakraCore 204 https://github.com/tensorflow/tensorflow 107 https://github.com/xwiki/xwiki-platform 48 https://github.com/FasterXML/jackson-databind 44 https://github.com/jenkinsci/jenkins 36 https://github.com/apache/tomcat 34 https://github.com/python-pillow/Pillow 26 https://github.com/pimcore/pimcore 25 https://github.com/microweber/microweber 25 https://github.com/apache/airflow 25 https://github.com/moodle/moodle 24 https://github.com/django/django 24 https://github.com/keycloak/keycloak 22 https://github.com/x-stream/xstream 22 https://github.com/apache/struts 22 https://github.com/opencv/opencv 21 https://github.com/sparklemotion/nokogiri 20 https://github.com/Dolibarr/dolibarr 19 https://github.com/thorsten/phpmyfaq 18 https://github.com/dotnet/runtime 17 https://github.com/pmmp/PocketMine-MP 17 https://github.com/symfony/symfony 16 https://github.com/spring-projects/spring-framework 16 https://github.com/rancher/rancher 16 https://github.com/parse-community/parse-server 15 https://github.com/ikus060/rdiffweb 15 https://github.com/ansible/ansible 15 https://github.com/vyperlang/vyper 14 https://github.com/librenms/librenms 14 https://github.com/apache/inlong 14 https://github.com/github/advisory-database 14 https://github.com/usememos/memos 13 https://github.com/jenkinsci/script-security-plugin 13 https://github.com/getgrav/grav 13 https://github.com/rails/rails 12 https://github.com/mlflow/mlflow 12 https://github.com/hashicorp/consul 11 https://github.com/apache/nifi 11 https://github.com/electron/electron 11 https://github.com/mautic/mautic 11 https://github.com/argoproj/argo-cd 10 https://github.com/centreon/centreon 10 https://github.com/octobercms/october 10 https://github.com/OpenMage/magento-lts 10 https://github.com/go-gitea/gitea 10 https://github.com/openstack/keystone 9 https://github.com/kubernetes/kubernetes 9 https://github.com/strapi/strapi 9 https://github.com/rusqlite/rusqlite 9 https://github.com/golang/go 9 https://github.com/apache/camel 9 https://github.com/cui2shark/cms 9 https://github.com/cloudfoundry/uaa 9 https://github.com/nilsteampassnet/teampass 9 https://github.com/nervosnetwork/ckb 9 https://github.com/cockpit-hq/cockpit 8 https://github.com/shopware/platform 8 https://github.com/matrix-org/synapse 8 https://github.com/gradio-app/gradio 8 https://github.com/TYPO3/TYPO3.CMS 8 https://github.com/bcgit/bc-java 8 https://github.com/cobbler/cobbler 8 https://github.com/denoland/deno 8 https://github.com/nats-io/nats-server 8 https://github.com/DSpace/DSpace 7 https://github.com/netty/netty 7 https://github.com/apache/cxf 7 https://github.com/plone/Products.CMFPlone 7 https://github.com/rubygems/rubygems 7 https://github.com/dotnet/aspnetcore 7 https://github.com/hashicorp/vault 7 https://github.com/snipe/snipe-it 7 https://github.com/eclipse/jetty.project 7 https://github.com/spring-projects/spring-security 7 https://github.com/apache/activemq 7 https://github.com/undertow-io/undertow 7 https://github.com/PHPMailer/PHPMailer 7 https://github.com/DrunkenShells/Disclosures 6 https://github.com/nilsteampassnet/TeamPass 6 https://github.com/istio/istio 6 https://github.com/WWBN/AVideo 6 https://github.com/TYPO3/typo3 6 https://github.com/kiwitcms/Kiwi 6 https://github.com/sequelize/sequelize 6 https://github.com/guzzle/guzzle 6 https://github.com/phpmyadmin/phpmyadmin 6 https://github.com/gravitl/netmaker 6 https://github.com/intelliants/subrion 6 https://github.com/saltstack/salt 6 https://github.com/xuxueli/xxl-job 6 https://github.com/zitadel/zitadel 6 https://github.com/CVEProject/cvelist 6 https://github.com/dnnsoftware/Dnn.Platform 6 https://github.com/OPCFoundation/UA-.NETStandard 6 https://github.com/Pylons/waitress 6 https://github.com/backstage/backstage 6 https://github.com/ls1intum/Ares 6 https://github.com/npm/node-tar 6 https://github.com/PaddlePaddle/Paddle 6 https://github.com/pyca/cryptography 6 https://github.com/opencast/opencast 6 https://github.com/OpenNMS/opennms 6 https://github.com/magento/magento2 6 https://github.com/hyperledger/fabric 6 https://github.com/bodil/sized-chunks 6 https://github.com/dromara/hutool 6 https://github.com/contao/contao 6 https://github.com/nautobot/nautobot 6 https://github.com/OpenZeppelin/openzeppelin-contracts 6 https://github.com/smarty-php/smarty 6 https://github.com/froxlor/froxlor 6 https://github.com/directus/directus 5 https://github.com/cilium/cilium 5 https://github.com/PrestaShop/PrestaShop 5 https://github.com/gogs/gogs 5 https://github.com/codeigniter4/CodeIgniter4 5 https://github.com/aubio/aubio 5 https://github.com/cakephp/cakephp 5 https://github.com/drupal/core 5 https://github.com/apache/kylin 5 https://github.com/getkirby/kirby 5 https://github.com/pear/Archive_Tar 5 https://github.com/protocolbuffers/protobuf 5 https://github.com/apache/hadoop 5 https://github.com/ethereum/go-ethereum 5 https://github.com/zopefoundation/Zope 5 https://github.com/geoserver/geoserver 5 https://github.com/laravel/framework 5 https://github.com/faisalman/ua-parser-js 5 https://github.com/docker/docker 5 https://github.com/IBAX-io/go-ibax 5 https://github.com/answerdev/answer 5 https://github.com/apache/dolphinscheduler 5 https://github.com/composer/composer 5 https://github.com/twisted/twisted 5 https://github.com/matrix-org/matrix-js-sdk 5 https://github.com/vercel/next.js 5 https://github.com/cefsharp/CefSharp 5 https://github.com/grafana/grafana 5 https://github.com/forkcms/forkcms 5 https://github.com/BlackFan/client-side-prototype-pollution 5 https://github.com/traefik/traefik 5 https://github.com/apache/xmlgraphics-batik 5 https://github.com/hpcng/singularity 5 https://github.com/jenkinsci/workflow-cps-global-lib-plugin 4 https://github.com/pimcore/admin-ui-classic-bundle 4 https://github.com/free5gc/free5gc 4 https://github.com/yiisoft/yii2 4 https://github.com/ericcornelissen/shescape 4 https://github.com/0xJacky/nginx-ui 4 https://github.com/livehelperchat/livehelperchat 4 https://github.com/scrapy/scrapy 4 https://github.com/tidwall/gjson 4 https://github.com/playframework/playframework 4 https://github.com/wixtoolset/issues 4 https://github.com/cri-o/cri-o 4 https://github.com/surrealdb/surrealdb 4 https://github.com/igniterealtime/Openfire 4 https://github.com/npm/cli 4 https://github.com/quarkusio/quarkus 4 https://github.com/ckeditor/ckeditor4 4 https://github.com/nightcloudos/new_cms 4 https://github.com/nocodb/nocodb 4 https://github.com/totaljs/framework 4 https://github.com/apple/swift-nio-http2 4 https://github.com/RaspAP/raspap-webgui 4 https://github.com/kubernetes/ingress-nginx 4 https://github.com/jettison-json/jettison 4 https://github.com/Froxlor/Froxlor 4 https://github.com/PrismJS/prism 4 https://github.com/ethyca/fides 4 https://github.com/restlet/restlet-framework-java 4 https://github.com/statamic/cms 4 https://github.com/vantage6/vantage6 4 https://github.com/containers/podman 4 https://github.com/bolt/bolt 4 https://github.com/containers/buildah 4 https://github.com/opencontainers/runc 4 https://github.com/phpseclib/phpseclib 4 https://github.com/centreon/centreon-archived 4 https://github.com/hashicorp/nomad 4 https://github.com/fiveai/Cachet 4 https://github.com/baserproject/basercms 4 https://github.com/jhipster/generator-jhipster 4 https://github.com/cloudflare/cfrpki 4 https://github.com/apache/geode 4 https://github.com/libp2p/go-libp2p 4 https://github.com/jnqnfe/pulse-binding-rust 4 https://github.com/pgadmin-org/pgadmin4 4 https://github.com/jeecgboot/jeecg-boot 4 https://github.com/Codiad/Codiad 4 https://github.com/nextauthjs/next-auth 3 https://github.com/pf4j/pf4j 3 https://github.com/dotnet/sdk 3 https://github.com/infor-design/enterprise-ng 3 https://github.com/ming-soft/MCMS 3 https://github.com/openfga/openfga 3 https://github.com/microsoft/msquic 3 https://github.com/edgelesssys/constellation 3