Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

High Security Advisories

Loading...
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXg2ZmctZjQ1bS1qZjVx
Regular Expression Denial of Service in semver
Ecosystems: npm
Packages: semver
Source: GitHub Advisory Database
Blast Radius: 45.9
Published: over 6 years ago
High
GSA_kwCzR0hTQS1mOHE2LXA5NHgtMzd2M84AAvaI
minimatch ReDoS vulnerability
Ecosystems: npm
Packages: minimatch
Source: GitHub Advisory Database
Blast Radius: 47.6
Published: over 1 year ago
High
GSA_kwCzR0hTQS0yNDJ4LTdjbTYtNHc4as4AAid7
Nokogiri affected by libxslt Use of Uninitialized Resource/Use After Free vulnerability
Ecosystems: rubygems
Packages: nokogiri
Source: GitHub Advisory Database
Blast Radius: 45.3
Published: almost 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWd3cGYtNjJ4cC12cmc2
Information Exposure in cordova-android
Ecosystems: npm
Packages: cordova-android
Source: GitHub Advisory Database
Blast Radius: 33.9
Published: over 3 years ago
High
GSA_kwCzR0hTQS1mNDc1LWpnZzMtM2p3Y84AA0cl
Apache InLong Exposure of Resource to Wrong Sphere vulnerability
Ecosystems: maven
Packages: org.apache.inlong:manager-web, org.apache.inlong:manager-test, org.apache.inlong:manager-service, org.apache.inlong:manager-dao, org.apache.inlong:manager-pojo
Source: GitHub Advisory Database
Blast Radius: 11.6
Published: 10 months ago
High
GSA_kwCzR0hTQS1tNmNqLTkzdjYtY3ZyNc0n8A
Junrar vulnerable to infinite loop via extracting carefully crafted RAR archive
Ecosystems: maven
Packages: com.github.junrar:junrar
Source: GitHub Advisory Database
Blast Radius: 19.8
Published: over 2 years ago
High
GSA_kwCzR0hTQS02M3FqLXA4Z2gtNXh4eM4AATE7
Plaintext Storage of Sensitive Information in Laravel Log Viewer before v0.13.0
Ecosystems: packagist
Packages: rap2hpoutre/laravel-log-viewer
Source: GitHub Advisory Database
Blast Radius: 24.8
Published: about 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTNyOGYtZ3BoeC05bTJj
Path Traversal in mcstatic
Ecosystems: npm
Packages: mcstatic
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 6 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTI1Z2YtOHFyci1nNzhy
Hashicorp Consul Missing SSL Certificate Validation
Ecosystems: go
Packages: github.com/hashicorp/consul
Source: GitHub Advisory Database
Blast Radius: 26.1
Published: almost 3 years ago
High
GSA_kwCzR0hTQS1xdndmLXczNW0tNnI5Nc4AAXiU
XXE Vulnerability in XMLBundle 0.1.7
Ecosystems: packagist
Packages: desperado/xml-bundle
Source: GitHub Advisory Database
Blast Radius: 6.3
Published: almost 2 years ago
High
GSA_kwCzR0hTQS0zZzlxLWNtZ3YtZzRwNs4AAv6M
Arbitrary file read vulnerability in Jenkins Pipeline Utility Steps Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:pipeline-utility-steps
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWMybTQtdzVobS12cWp3
crossenv is malware
Ecosystems: npm
Packages: crossenv
Source: GitHub Advisory Database
Blast Radius: 14.1
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTlmZzUtZjVwai1yd2Nj
gruntcli is malware
Ecosystems: npm
Packages: gruntcli
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLThndjYtZzd2cC1ocjM0
mysqljs is malware
Ecosystems: npm
Packages: mysqljs
Source: GitHub Advisory Database
Blast Radius: 10.5
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTVtaHYtOXF3OC1qNjNn
mssql.js is malware
Ecosystems: npm
Packages: mssql.js
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 5 years ago
High
GSA_kwCzR0hTQS02eDI4LTdoOGMtY2h4NM4AAvDp
Dompdf allows remote file inclusion because URI validation failure does not halt font registration
Ecosystems: packagist
Packages: dompdf/dompdf
Source: GitHub Advisory Database
Blast Radius: 32.6
Published: over 1 year ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTNwOGYtajJ2dy03aHc5
mssql-node is malware
Ecosystems: npm
Packages: mssql-node
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWY4cmotNHY3Zy1wNXJq
Directory Traversal in jansenstuffpleasework
Ecosystems: npm
Packages: jansenstuffpleasework
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
High
GSA_kwCzR0hTQS00ZjYzLTg5dzktM2pqds4AAvPY
Using a Custom Cipher with `NID_undef` may lead to NULL encryption
Ecosystems: cargo
Packages: openssl-src
Source: GitHub Advisory Database
Blast Radius: 26.7
Published: over 1 year ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWY3amctbWN2dy05Z3d2
Directory Traversal in reecerver
Ecosystems: npm
Packages: reecerver
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 6 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXhqM2gtdmM5ai1qODIz
Directory Traversal in nodeaaaaa
Ecosystems: npm
Packages: nodeaaaaa
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 6 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWNjdzUtN3ZmaC1wNWht
Directory Traversal in dmmcquay.lab6
Ecosystems: npm
Packages: dmmcquay.lab6
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
High
GSA_kwCzR0hTQS0zMzgyLXI5cTgtNGhmZ80vag
HashiCorp Nomad vulnerable to Allocation of Resources Without Limits or Throttling
Ecosystems: go
Packages: github.com/hashicorp/nomad
Source: GitHub Advisory Database
Blast Radius: 17.4
Published: about 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXE0OGctcDVjeC1jN2M3
Directory Traversal in yzt
Ecosystems: npm
Packages: yzt
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTY2MngtZmhxZy05cDh2
Regular Expression Denial of Service in ua-parser-js
Ecosystems: npm
Packages: ua-parser-js
Source: GitHub Advisory Database
Blast Radius: 45.0
Published: about 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWhoZmYtM2M4OS01bTdw
Directory Traversal in byucslabsix
Ecosystems: npm
Packages: byucslabsix
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 6 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW0zajktcDR4Mi05N3E2
Directory Traversal in liyujing
Ecosystems: npm
Packages: liyujing
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
High
GSA_kwCzR0hTQS1qYzM2LTQyY2YtdnF3as018g
Nokogiri affected by zlib's Out-of-bounds Write vulnerability
Ecosystems: rubygems
Packages: nokogiri
Source: GitHub Advisory Database
Blast Radius: 45.3
Published: about 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZ3ODMtMjJnai01cHY5
Directory Traversal in cyber-js
Ecosystems: npm
Packages: cyber-js
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 6 years ago
High
GSA_kwCzR0hTQS03ZjN4LTJ3Y3gtaHd3OM4AAuz9
steal vulnerable to Regular Expression Denial of Service via input variable
Ecosystems: npm
Packages: steal
Source: GitHub Advisory Database
Blast Radius: 19.7
Published: over 1 year ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWY5N2gtMnBmeC1mNTlm
HTTP response splitting in uvicorn
Ecosystems: pypi
Packages: uvicorn
Source: GitHub Advisory Database
Blast Radius: 35.3
Published: almost 4 years ago
High
GSA_kwCzR0hTQS05ODQ5LXA3amMtOXJtds4AAz_r
org.nokogiri:nekohtml vulnerable to Uncontrolled Resource Consumption
Ecosystems: maven
Packages: org.nokogiri:nekohtml
Source: GitHub Advisory Database
Blast Radius: 3.6
Published: 11 months ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTcyaHYtcnA0cS1xN2Yz
babelcli is malware
Ecosystems: npm
Packages: babelcli
Source: GitHub Advisory Database
Blast Radius: 6.8
Published: over 5 years ago
High
GSA_kwCzR0hTQS1wNGM5LXg3NDItcWg4Y84AAz26
pbjson vulnerable to stack exhaustion
Ecosystems: maven
Packages: com.progsbase.libraries:JSON
Source: GitHub Advisory Database
Blast Radius: 6.3
Published: 11 months ago
High
GSA_kwCzR0hTQS1meHdyLTJ2eG0tY2c3cM4AActF
OpenStack Object Storage (Swift) allows remote attackers to cause a denial of service
Ecosystems: pypi
Packages: swift
Source: GitHub Advisory Database
Blast Radius: 12.9
Published: almost 2 years ago
High
GSA_kwCzR0hTQS14aG1mLW1tdjItNGhoeM4AAu14
Go-CVSS has Out-of-bounds Read vulnerability in ParseVector function
Ecosystems: go
Packages: github.com/pandatix/go-cvss
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
High
GSA_kwCzR0hTQS14dzVmLWc5Mzctd2dtMs4AAX4F
ChakraCore RCE Vulnerability
Ecosystems: nuget
Packages: Microsoft.ChakraCore
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTNoNjgtd3Z2Ni04cjVo
Improper Removal of Sensitive Information Before Storage or Transfer in Apache Jackrabbit Oak
Ecosystems: maven
Packages: org.apache.jackrabbit:oak-core
Source: GitHub Advisory Database
Blast Radius: 14.4
Published: over 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXFwZ3YtZzc5Mi13aDZ4
Uncontrolled Resource Consumption in parse_duration
Ecosystems: cargo
Packages: parse_duration
Source: GitHub Advisory Database
Blast Radius: 15.3
Published: over 2 years ago
High
GSA_kwCzR0hTQS03Z2Y3LWp2NjUtd2ptaM4AAzoL
xml-rs vulnerable to denial of service via invalid token in XML document
Ecosystems: cargo
Packages: xml-rs
Source: GitHub Advisory Database
Blast Radius: 31.3
Published: 11 months ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTl2ZmotNWc3aC00cDI0
Server side template injection in Apache Camel
Ecosystems: maven
Packages: org.apache.camel:camel-robotframework
Source: GitHub Advisory Database
Blast Radius: 10.5
Published: almost 4 years ago
High
GSA_kwCzR0hTQS05cXZ3LTQ2Z2YtNGZ2OM0fjQ
Use After Free in tremor-script
Ecosystems: cargo
Packages: tremor-script
Source: GitHub Advisory Database
Blast Radius: 5.8
Published: over 2 years ago
High
GSA_kwCzR0hTQS1jODZmLTlncnYtcG1xZs4AAunq
Apache IoTDB grafana-connector contains an interface without authorization
Ecosystems: maven
Packages: org.apache.iotdb:iotdb-grafana-connector
Source: GitHub Advisory Database
Blast Radius: 13.9
Published: over 1 year ago
High
GSA_kwCzR0hTQS04N3hoLTlxNmgtcjVjY80ehQ
Use After Free in rusqlite
Ecosystems: cargo
Packages: rusqlite
Source: GitHub Advisory Database
Blast Radius: 25.9
Published: over 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXI4ajUtaDVjeC02NWdn
ReDOS in IS-SVG
Ecosystems: npm
Packages: is-svg
Source: GitHub Advisory Database
Blast Radius: 47.0
Published: over 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWpwMjctY3dwMi01cXFy
jquery.js is malware
Ecosystems: npm
Packages: jquery.js
Source: GitHub Advisory Database
Blast Radius: 15.8
Published: almost 6 years ago
High
GSA_kwCzR0hTQS03NmZnLW1ocmctZm1tZ84AAufn
XNIO `notifyReadClosed` method logging message to unexpected end
Ecosystems: maven
Packages: org.jboss.xnio:xnio-all
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: over 1 year ago
High
GSA_kwCzR0hTQS04OXc3LTVxNDUtcjUzd84AAwbi
lite-server vulnerable to Denial of Service
Ecosystems: maven, npm
Packages: org.webjars.npm:lite-server, lite-server
Source: GitHub Advisory Database
Blast Radius: 35.4
Published: over 1 year ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTMydjctZ2hwci1jOGhn
Mishandling of format strings in ncurses
Ecosystems: cargo
Packages: ncurses
Source: GitHub Advisory Database
Blast Radius: 19.0
Published: over 2 years ago
High
GSA_kwCzR0hTQS00Z2c1LXZ4M2oteHdjN84AAwQz
Protobuf Java vulnerable to Uncontrolled Resource Consumption
Ecosystems: maven
Packages: com.google.protobuf:protobuf-javalite, com.google.protobuf:protobuf-java
Source: GitHub Advisory Database
Blast Radius: 34.4
Published: over 1 year ago
High
GSA_kwCzR0hTQS03NTI3LTg4NTUtOWNmOM4AAudx
Incorrect header handling in mod-wsgi
Ecosystems: pypi
Packages: mod-wsgi
Source: GitHub Advisory Database
Blast Radius: 19.4
Published: over 1 year ago
High
GSA_kwCzR0hTQS1wODZ4LTc1ajgtdzR4aM4AAwPl
Stored XSS vulnerability in Jenkins Checkmarx Plugin
Ecosystems: maven
Packages: com.checkmarx.jenkins:checkmarx
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
High
GSA_kwCzR0hTQS04bXgyLWdxeDktcm03Zs4AAuZq
Uncontrolled Resource Consumption in opcua
Ecosystems: cargo
Packages: opcua
Source: GitHub Advisory Database
Blast Radius: 4.5
Published: over 1 year ago
High
GSA_kwCzR0hTQS1mdzk5LWY5MzMtcmdoOM0WRQ
Out-of-bounds Read and Out-of-bounds Write in OpenCV
Ecosystems: pypi
Packages: opencv-contrib-python-headless, opencv-contrib-python, opencv-python-headless, opencv-python
Source: GitHub Advisory Database
Blast Radius: 36.2
Published: over 2 years ago
High
GSA_kwCzR0hTQS1oMjhjLTQ1M20taDl4bc4AAuGu
Path Traversal in Payara
Ecosystems: maven
Packages: fish.payara.api:payara-bom
Source: GitHub Advisory Database
Blast Radius: 13.5
Published: over 1 year ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJ3ZzYtM2Ztai13NHd4
tkinter is malware
Ecosystems: npm
Packages: tkinter
Source: GitHub Advisory Database
Blast Radius: 5.2
Published: over 5 years ago
High
GSA_kwCzR0hTQS14cDNyLTl3eDgtcTJtbc4AAvcw
Agent-to-controller security bypass vulnerabilities in Jenkins Compuware Topaz for Total Test Plugin
Ecosystems: maven
Packages: com.compuware.jenkins:compuware-topaz-for-total-test
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTh3eDItOXE0OC12bTly
RFD attack via Content-Disposition header sourced from request input by Spring MVC or Spring WebFlux Application
Ecosystems: maven
Packages: org.springframework:spring-webflux, org.springframework:spring-webmvc
Source: GitHub Advisory Database
Blast Radius: 40.2
Published: over 4 years ago
High
GSA_kwCzR0hTQS12cjRqLWdqOHEtbTg5ds4AAVZh
ChakraCore RCE Vulnerability
Ecosystems: nuget
Packages: Microsoft.ChakraCore
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZxaHAtY3hnYy02d21t
regular expression denial-of-service (ReDoS) in Bleach
Ecosystems: pypi
Packages: bleach
Source: GitHub Advisory Database
Blast Radius: 36.6
Published: about 4 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJwcTgtbW13aC1xOWht
Directory traversal in Eclipse Mojarra
Ecosystems: maven
Packages: org.glassfish:mojarra-parent
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
High
GSA_kwCzR0hTQS12bWZ4LWdjZnEtd3ZtMs4AAi6z
Nokogiri implementation of libxslt vulnerable to heap corruption
Ecosystems: rubygems
Packages: nokogiri
Source: GitHub Advisory Database
Blast Radius: 45.3
Published: almost 2 years ago
High
GSA_kwCzR0hTQS14MmZtLTkzd3ctZ2d2eM3pEA
Nokogiri gem, via libxml, is affected by DoS vulnerabilities
Ecosystems: rubygems
Packages: nokogiri
Source: GitHub Advisory Database
Blast Radius: 45.3
Published: about 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTU4cXAtNTMyOC12N21o
cumulative-distribution-function Infinite Loop vulnerability
Ecosystems: npm
Packages: cumulative-distribution-function
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: about 3 years ago
High
GSA_kwCzR0hTQS01OTl2LXc0OGgtcmpybc4AAu1h
XWiki Platform Web Templates vulnerable to Missing Authorization, Exposure of Private Personal Information to Unauthorized Actor
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-web, org.xwiki.platform:xwiki-platform-web-templates
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
High
GSA_kwCzR0hTQS1xOThjLXJxeDctN2doZs4AAqz7
Improper handling of untrusted branches in Gitea Jenkins Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:gitea
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
High
GSA_kwCzR0hTQS12aGZ3LXY2OXAtY3Jjd84AArtX
Uncontrolled Resource Consumption in OPCFoundation.NetStandard.Opc.Ua.Core
Ecosystems: nuget
Packages: OPCFoundation.NetStandard.Opc.Ua.Core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXY0cWgtNjM2Ny00Y3gy
Server-Side Request Forgery (SSRF) in Apache Olingo
Ecosystems: maven
Packages: org.apache.olingo:odata-client-core
Source: GitHub Advisory Database
Blast Radius: 14.2
Published: over 4 years ago
High
GSA_kwCzR0hTQS1nNGc0LTNwcXctOG03Zs0egw
Use After Free in rusqlite
Ecosystems: cargo
Packages: rusqlite
Source: GitHub Advisory Database
Blast Radius: 25.9
Published: over 2 years ago
High
GSA_kwCzR0hTQS01NW01LXdoY3YtYzQ5Y80frw
Use of Uninitialized Resource in smallvec
Ecosystems: cargo
Packages: smallvec
Source: GitHub Advisory Database
Blast Radius: 36.2
Published: over 2 years ago
High
GSA_kwCzR0hTQS1mY2c4LW1nOWctNmhjNM4AAuij
.NET Denial of Service Vulnerability
Ecosystems: nuget
Packages: Microsoft.AspNetCore.App.Runtime.linux-musl-arm, Microsoft.AspNetCore.App.Runtime.linux-musl-arm64, Microsoft.AspNetCore.App.Runtime.win-arm, Microsoft.AspNetCore.App.Runtime.win-arm64, Microsoft.AspNetCore.App.Runtime.linux-arm, Microsoft.AspNetCore.App.Runtime.linux-arm64, Microsoft.AspNetCore.App.Runtime.linux-musl-x64, Microsoft.AspNetCore.App.Runtime.osx-x64, Microsoft.AspNetCore.App.Runtime.win-x86, Microsoft.AspNetCore.App.Runtime.linux-x64, Microsoft.AspNetCore.App.Runtime.win-x64
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
High
GSA_kwCzR0hTQS14aHc2LWhqYzktNjc5bc0hGg
Pac4j token validation bypass if OpenID Connect provider supports none algorithm
Ecosystems: maven
Packages: org.pac4j:pac4j-oidc
Source: GitHub Advisory Database
Blast Radius: 17.8
Published: over 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWY5ZnEtdmp2aC03Nzlw
Improper Input Validation in vault-ssh-helper
Ecosystems: go
Packages: github.com/hashicorp/vault-ssh-helper
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWg4OTYtbXg5eC1nMzJn
XML External Entity injection in Apache Camel
Ecosystems: maven
Packages: org.apache.camel:camel-xmljson, org.apache.camel:camel-core
Source: GitHub Advisory Database
Blast Radius: 29.5
Published: almost 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTV2NzIteGc0OC01cnBt
Denial of Service in ws
Ecosystems: npm
Packages: ws
Source: GitHub Advisory Database
Blast Radius: 44.7
Published: almost 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJqZnYtZzNmaC14cTN2
Excessive memory usage in tokio-rustls
Ecosystems: cargo
Packages: tokio-rustls
Source: GitHub Advisory Database
Blast Radius: 31.3
Published: over 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXhtOW0tMnZqOC1mbWZy
Uninitialized memory access in toodee
Ecosystems: cargo
Packages: toodee
Source: GitHub Advisory Database
Blast Radius: 3.6
Published: over 2 years ago
High
GSA_kwCzR0hTQS13cGdjLTVjcjUtaDlnZ84AAwPI
phpMyFAQ has insecure HTTP cookies
Ecosystems: packagist
Packages: thorsten/phpmyfaq
Source: GitHub Advisory Database
Blast Radius: 4.5
Published: over 1 year ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWNod3ItaGYzdy1jOTg0
Regular Expression Denial of Service in dat.gui
Ecosystems: npm
Packages: dat.gui
Source: GitHub Advisory Database
Blast Radius: 26.5
Published: about 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWh4ODMtcnBxZi1tMjY3
user/group information can be corrupted across storing in fsimage and reading back from fsimage
Ecosystems: maven
Packages: org.apache.hadoop:hadoop-main
Source: GitHub Advisory Database
Blast Radius: 6.8
Published: over 4 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW0zanctNjJtNy1qamNt
typed-ast Out-of-bounds Read
Ecosystems: pypi
Packages: typed-ast
Source: GitHub Advisory Database
Blast Radius: 36.2
Published: over 4 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXB3NTQtbWgzOS13M2hj
Regular expression denial of service in npm-user-validate
Ecosystems: npm
Packages: npm-user-validate
Source: GitHub Advisory Database
Blast Radius: 38.0
Published: about 3 years ago
High
GSA_kwCzR0hTQS00bWd2LW01Y20tZjloN84AAobT
Vault GitHub Action did not correctly mask multi-line secrets in output
Ecosystems: actions
Packages: hashicorp/vault-action
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
High
GSA_kwCzR0hTQS12ajJtLTlmNWotbXByNc4AAzuh
Vapor vulnerable to denial of service in HTTP Range Request of FileMiddleware
Ecosystems: swift
Packages: github.com/vapor/vapor
Source: GitHub Advisory Database
Blast Radius: 21.8
Published: 11 months ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZ3eGotNm01bS1ycnZo
The REST Plugin in Apache Struts is using an outdated XStream library
Ecosystems: maven
Packages: org.apache.struts:struts2-rest-plugin
Source: GitHub Advisory Database
Blast Radius: 17.4
Published: over 5 years ago
High
GSA_kwCzR0hTQS1qN3FwLW1meGYtOHhqd84AAwM3
libp2p DoS vulnerability from lack of resource management
Ecosystems: go
Packages: github.com/libp2p/go-libp2p
Source: GitHub Advisory Database
Blast Radius: 25.5
Published: over 1 year ago
High
GSA_kwCzR0hTQS02cHg4LTIydzUtdzMzNM4AAUYz
Denial of service in ASP.NET Core
Ecosystems: nuget
Packages: Microsoft.AspNetCore.All, Microsoft.AspNetCore.App, Microsoft.NETCore.App, System.Net.WebSockets.WebSocketProtocol, Microsoft.AspNetCore.Server.Kestrel.Core, Microsoft.AspNetCore.WebSockets
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXI2ajktODc1OS1nNjJ3
Improper Restriction of XML External Entity Reference in jackson-mapper-asl
Ecosystems: maven
Packages: org.codehaus.jackson:jackson-mapper-asl
Source: GitHub Advisory Database
Blast Radius: 36.3
Published: over 4 years ago
High
GSA_kwCzR0hTQS0zcnA2LXJqdzQtY3EzOc4AASeG
Cross-origin Resource Sharing bypass in ASP.NET Core
Ecosystems: nuget
Packages: Microsoft.AspNetCore.Mvc.Cors, Microsoft.AspNetCore.Mvc.Core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTI3NzctMnZxOC1jNHY0
SQL Injection in sequelize
Ecosystems: npm
Packages: sequelize
Source: GitHub Advisory Database
Blast Radius: 39.6
Published: about 5 years ago
High
GSA_kwCzR0hTQS00anh4LTRxeHctcHJ4bc4AAguX
Denial of service in ASP.NET Core
Ecosystems: nuget
Packages: Microsoft.AspNetCore.SignalR.Protocols.MessagePack
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWdxOW0tcXZweC02OGhj
Pallets Werkzeug Insufficient Entropy
Ecosystems: pypi
Packages: werkzeug
Source: GitHub Advisory Database
Blast Radius: 36.0
Published: over 4 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTNmeDQtN2Y2OS01bW1n
Integer Overflow in go-jose
Ecosystems: go
Packages: github.com/square/go-jose
Source: GitHub Advisory Database
Blast Radius: 20.3
Published: almost 3 years ago
High
GSA_kwCzR0hTQS1nNWZtLWpwOXYtMjQzMs4AAs5b
Improper Handling of `callbackUrl` parameter in next-auth
Ecosystems: npm
Packages: next-auth
Source: GitHub Advisory Database
Blast Radius: 32.1
Published: almost 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXc2OXctanZjNy13amd2
Undertow Missing Authorization when requesting a protected directory without trailing slash
Ecosystems: maven
Packages: io.undertow:undertow-servlet
Source: GitHub Advisory Database
Blast Radius: 26.7
Published: almost 5 years ago
High
GSA_kwCzR0hTQS14M2NyLXg5NDktaDVqds4AAUbI
RDF4J vulnerable to zip slip
Ecosystems: maven
Packages: org.eclipse.rdf4j:rdf4j
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: almost 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXg1MmYtaDc0cC05amg4
node-sqlite is malware
Ecosystems: npm
Packages: node-sqlite
Source: GitHub Advisory Database
Blast Radius: 6.8
Published: almost 6 years ago
High
GSA_kwCzR0hTQS1jNXd4LTZjMmMtZjdybc4AAwSZ
TYPO3 CMS vulnerable to Arbitrary Code Execution via Form Framework
Ecosystems: packagist
Packages: typo3/cms, typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 26.9
Published: over 1 year ago
High
GSA_kwCzR0hTQS12cGN2LTc4Y3Atd2hyM84AAShw
Use after free in Apache Mesos
Ecosystems: maven
Packages: org.apache.mesos:mesos
Source: GitHub Advisory Database
Blast Radius: 22.4
Published: about 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXI2djMtaHB4ai1yOHJ2
Code Injection in PyXDG
Ecosystems: pypi
Packages: pyxdg
Source: GitHub Advisory Database
Blast Radius: 30.0
Published: almost 5 years ago
Statistics
Advisories: 18,456
Packages: 8,319
Repositories: 2,448
Ecosystems: 12
Filter by Severity
Moderate 7,973 High 6,382 Critical 2,818 Low 992
Filter by Ecosystem
maven 1,876 npm 1,408 pypi 1,184 packagist 1,025 nuget 786 go 690 cargo 324 rubygems 284 swift 16 hex 9 actions 8 pub 4
Filter by Package
Microsoft.ChakraCore 234 tensorflow 107 tensorflow-cpu 95 tensorflow-gpu 93 magento/community-edition 55 org.jenkins-ci.main:jenkins-core 48 moodle/moodle 44 com.fasterxml.jackson.core:jackson-databind 43 org.apache.tomcat:tomcat 33 dolibarr/dolibarr 31 drupal/core 28 microweber/microweber 27 pimcore/pimcore 27 nokogiri 25 drupal/drupal 24 org.apache.struts:struts2-core 23 phpmyadmin/phpmyadmin 23 opencv-contrib-python 22 opencv-python 22 typo3/cms 22 com.thoughtworks.xstream:xstream 22 Pillow 21 com.jfinal:jfinal 21 salt 20 ansible 20 github.com/rancher/rancher 19 django 19 thorsten/phpmyfaq 19 typo3/cms-core 18 org.jenkins-ci.plugins:script-security 18 librenms/librenms 18 pocketmine/pocketmine-mp 17 openssl-src 17 mlflow 17 org.apache.tomcat.embed:tomcat-embed-core 16 symfony/symfony 16 apache-airflow 16 nilsteampassnet/teampass 15 parse-server 15 rdiffweb 15 getgrav/grav 15 vyper 14 Microsoft.AspNetCore.App.Runtime.win-x64 14 github.com/hashicorp/consul 14 Plone 14 net.mingsoft:ms-mcms 14 Microsoft.AspNetCore.App.Runtime.win-x86 14 centreon/centreon 14 Microsoft.AspNetCore.App.Runtime.win-arm 13 rubygems-update 13 golang.org/x/net 13 github.com/usememos/memos 13 Microsoft.AspNetCore.App.Runtime.linux-arm64 12 Microsoft.AspNetCore.App.Runtime.linux-arm 12 activerecord 12 org.keycloak:keycloak-core 12 Microsoft.AspNetCore.App.Runtime.linux-musl-arm64 12 Microsoft.AspNetCore.App.Runtime.linux-musl-x64 12 Microsoft.AspNetCore.App.Runtime.linux-x64 12 baserproject/basercms 12 Microsoft.AspNetCore.App.Runtime.osx-x64 12 electron 12 Microsoft.AspNetCore.App.Runtime.win-arm64 12 org.apache.openmeetings:openmeetings-parent 12 github.com/nats-io/nats-server/v2 11 org.keycloak:keycloak-parent 11 io.undertow:undertow-core 11 github.com/argoproj/argo-cd 11 github.com/hashicorp/vault 11 actionpack 11 mautic/core 11 intelliants/subrion 11 froxlor/froxlor 10 openmage/magento-lts 10 matrix-synapse 10 org.apache.nifi:nifi 10 cockpit-hq/cockpit 10 cobbler 10 shopware/platform 10 org.xwiki.platform:xwiki-platform-oldcore 10 org.springframework.security:spring-security-core 10 github.com/hashicorp/nomad 10 org.apache.struts.xwork:xwork-core 9 Django 9 github.com/ethereum/go-ethereum 9 mercurial 9 craftcms/cms 9 rusqlite 9 org.bouncycastle:bcprov-jdk14 9 org.apache.solr:solr-core 9 ckb 9 Microsoft.NetCore.App.Runtime.win-arm 9 org.apache.geode:geode-core 9 Microsoft.NetCore.App.Runtime.win-arm64 9 Microsoft.NetCore.App.Runtime.win-x86 9 org.cloudfoundry.identity:cloudfoundry-identity-server 9 Microsoft.NetCore.App.Runtime.win-x64 9 org.apache.hadoop:hadoop-main 9 github.com/sylabs/singularity 8 org.bouncycastle:bcprov-jdk15 8 Microsoft.AspNetCore.App.Runtime.linux-musl-arm 8 gradio 8 shopware/core 8 org.keycloak:keycloak-services 8 october/system 8 Microsoft.NETCore.App.Runtime.win-arm64 8 Microsoft.NETCore.App.Runtime.win-x64 8 Microsoft.NETCore.App.Runtime.win-x86 8 symfony/security 7 github.com/docker/docker 7 gogs.io/gogs 7 org.jenkins-ci.plugins.workflow:workflow-cps 7 smarty/smarty 7 phpmailer/phpmailer 7 codeigniter4/framework 7 pillow 7 DotNetNuke.Core 7 org.apache.inlong:manager-pojo 7 cakephp/cakephp 7 next 7 com.xuxueli:xxl-job 7 com.liferay.portal:release.portal.bom 7 deno 7 apache-superset 7 strapi 7 org.springframework:spring-core 7 keystone 7 org.craftercms:crafter-studio 7 tar 7 org.jenkins-ci.plugins.workflow:workflow-cps-global-lib 7 org.elasticsearch:elasticsearch 7 org.eclipse.jetty:jetty-server 7 cn.hutool:hutool-core 7 magento/core 7 org.apache.commons:commons-compress 7 snipe/snipe-it 7 github.com/hyperledger/fabric 6 @strapi/strapi 6 handlebars 6 org.apache.cxf:cxf 6 sequelize 6 express-cart 6 org.apache.tomcat:tomcat-coyote 6 sized-chunks 6 k8s.io/kubernetes 6 cryptography 6 kiwitcms 6 rack 6 laravel/framework 6 @openzeppelin/contracts 6 github.com/zitadel/zitadel 6 guzzlehttp/guzzle 6 github.com/traefik/traefik/v2 6 org.apache.tika:tika-core 6 github.com/gravitl/netmaker 6 waitress 6 Microsoft.NETCore.App 6 composer/composer 6 prestashop/prestashop 6 symfony/security-http 6 opencv-python-headless 6 opencv-contrib-python-headless 6 contao/contao 6 contao/core-bundle 6 npm 6 wwbn/avideo 6 de.tum.in.ase:artemis-java-test-sandbox 6 Microsoft.AspNetCore.App.Runtime.osx-arm64 6 istio.io/istio 6 golang.org/x/crypto 6 nautobot 6 Microsoft.AspNetCore.All 6 org.apache.camel:camel-core 6 directus 5 github.com/cilium/cilium 5 org.apache.tomcat:tomcat-catalina 5 plone 5 passenger 5 github.com/IBAX-io/go-ibax 5 github.com/go-gitea/gitea 5 org.xwiki.platform:xwiki-platform-web 5 CefSharp.Common 5 ua-parser-js 5 zope 5 Microsoft.WindowsDesktop.App.Runtime.win-x86 5 Microsoft.WindowsDesktop.App.Runtime.win-x64 5 Microsoft.AspNetCore.App 5 org.apache.mesos:mesos 5 statamic/cms 5 getkirby/cms 5 phpbb/phpbb 5 matrix-js-sdk 5 twisted 5 code.gitea.io/gitea 5 github.com/opencontainers/runc 5 org.apache.dolphinscheduler:dolphinscheduler 5 github.com/answerdev/answer 5 forkcms/forkcms 5 github.com/nats-io/jwt 5 aubio 5
Filter by Repository
https://github.com/chakra-core/ChakraCore 204 https://github.com/tensorflow/tensorflow 107 https://github.com/xwiki/xwiki-platform 48 https://github.com/FasterXML/jackson-databind 44 https://github.com/jenkinsci/jenkins 36 https://github.com/apache/tomcat 34 https://github.com/python-pillow/Pillow 26 https://github.com/microweber/microweber 25 https://github.com/apache/airflow 25 https://github.com/pimcore/pimcore 25 https://github.com/moodle/moodle 24 https://github.com/django/django 23 https://github.com/x-stream/xstream 22 https://github.com/keycloak/keycloak 22 https://github.com/apache/struts 22 https://github.com/opencv/opencv 21 https://github.com/sparklemotion/nokogiri 20 https://github.com/Dolibarr/dolibarr 19 https://github.com/thorsten/phpmyfaq 18 https://github.com/dotnet/runtime 17 https://github.com/pmmp/PocketMine-MP 17 https://github.com/rancher/rancher 16 https://github.com/symfony/symfony 16 https://github.com/spring-projects/spring-framework 16 https://github.com/parse-community/parse-server 15 https://github.com/ikus060/rdiffweb 15 https://github.com/ansible/ansible 15 https://github.com/vyperlang/vyper 14 https://github.com/apache/inlong 14 https://github.com/librenms/librenms 14 https://github.com/github/advisory-database 14 https://github.com/getgrav/grav 13 https://github.com/usememos/memos 13 https://github.com/jenkinsci/script-security-plugin 13 https://github.com/rails/rails 12 https://github.com/mlflow/mlflow 12 https://github.com/hashicorp/consul 11 https://github.com/apache/nifi 11 https://github.com/electron/electron 11 https://github.com/mautic/mautic 11 https://github.com/OpenMage/magento-lts 10 https://github.com/centreon/centreon 10 https://github.com/argoproj/argo-cd 10 https://github.com/go-gitea/gitea 10 https://github.com/octobercms/october 10 https://github.com/cui2shark/cms 9 https://github.com/rusqlite/rusqlite 9 https://github.com/apache/camel 9 https://github.com/golang/go 9 https://github.com/kubernetes/kubernetes 9 https://github.com/nervosnetwork/ckb 9 https://github.com/cloudfoundry/uaa 9 https://github.com/strapi/strapi 9 https://github.com/nilsteampassnet/teampass 9 https://github.com/denoland/deno 8 https://github.com/shopware/platform 8 https://github.com/bcgit/bc-java 8 https://github.com/matrix-org/synapse 8 https://github.com/gradio-app/gradio 8 https://github.com/cobbler/cobbler 8 https://github.com/nats-io/nats-server 8 https://github.com/TYPO3/TYPO3.CMS 8 https://github.com/cockpit-hq/cockpit 8 https://github.com/spring-projects/spring-security 7 https://github.com/eclipse/jetty.project 7 https://github.com/undertow-io/undertow 7 https://github.com/apache/cxf 7 https://github.com/apache/activemq 7 https://github.com/rubygems/rubygems 7 https://github.com/hashicorp/vault 7 https://github.com/DSpace/DSpace 7 https://github.com/snipe/snipe-it 7 https://github.com/plone/Products.CMFPlone 7 https://github.com/PHPMailer/PHPMailer 7 https://github.com/dotnet/aspnetcore 7 https://github.com/netty/netty 7 https://github.com/OpenZeppelin/openzeppelin-contracts 6 https://github.com/smarty-php/smarty 6 https://github.com/pyca/cryptography 6 https://github.com/magento/magento2 6 https://github.com/ls1intum/Ares 6 https://github.com/nilsteampassnet/TeamPass 6 https://github.com/Pylons/waitress 6 https://github.com/zitadel/zitadel 6 https://github.com/hyperledger/fabric 6 https://github.com/PaddlePaddle/Paddle 6 https://github.com/DrunkenShells/Disclosures 6 https://github.com/nautobot/nautobot 6 https://github.com/xuxueli/xxl-job 6 https://github.com/CVEProject/cvelist 6 https://github.com/saltstack/salt 6 https://github.com/istio/istio 6 https://github.com/guzzle/guzzle 6 https://github.com/gravitl/netmaker 6 https://github.com/WWBN/AVideo 6 https://github.com/dnnsoftware/Dnn.Platform 6 https://github.com/OpenNMS/opennms 6 https://github.com/dromara/hutool 6 https://github.com/intelliants/subrion 6 https://github.com/phpmyadmin/phpmyadmin 6 https://github.com/npm/node-tar 6 https://github.com/openstack/keystone 6 https://github.com/TYPO3/typo3 6 https://github.com/backstage/backstage 6 https://github.com/bodil/sized-chunks 6 https://github.com/contao/contao 6 https://github.com/sequelize/sequelize 6 https://github.com/OPCFoundation/UA-.NETStandard 6 https://github.com/opencast/opencast 6 https://github.com/froxlor/froxlor 6 https://github.com/kiwitcms/Kiwi 6 https://github.com/apache/kylin 5 https://github.com/cilium/cilium 5 https://github.com/PrestaShop/PrestaShop 5 https://github.com/faisalman/ua-parser-js 5 https://github.com/apache/hadoop 5 https://github.com/ethereum/go-ethereum 5 https://github.com/protocolbuffers/protobuf 5 https://github.com/twisted/twisted 5 https://github.com/forkcms/forkcms 5 https://github.com/vercel/next.js 5 https://github.com/hpcng/singularity 5 https://github.com/apache/xmlgraphics-batik 5 https://github.com/docker/docker 5 https://github.com/answerdev/answer 5 https://github.com/laravel/framework 5 https://github.com/codeigniter4/CodeIgniter4 5 https://github.com/cefsharp/CefSharp 5 https://github.com/composer/composer 5 https://github.com/aubio/aubio 5 https://github.com/directus/directus 5 https://github.com/matrix-org/matrix-js-sdk 5 https://github.com/BlackFan/client-side-prototype-pollution 5 https://github.com/geoserver/geoserver 5 https://github.com/getkirby/kirby 5 https://github.com/cakephp/cakephp 5 https://github.com/gogs/gogs 5 https://github.com/pear/Archive_Tar 5 https://github.com/zopefoundation/Zope 5 https://github.com/drupal/core 5 https://github.com/traefik/traefik 5 https://github.com/apache/dolphinscheduler 5 https://github.com/IBAX-io/go-ibax 5 https://github.com/RaspAP/raspap-webgui 4 https://github.com/jettison-json/jettison 4 https://github.com/hashicorp/nomad 4 https://github.com/vantage6/vantage6 4 https://github.com/wixtoolset/issues 4 https://github.com/jhipster/generator-jhipster 4 https://github.com/quarkusio/quarkus 4 https://github.com/surrealdb/surrealdb 4 https://github.com/apache/geode 4 https://github.com/containers/podman 4 https://github.com/ethyca/fides 4 https://github.com/cloudflare/cfrpki 4 https://github.com/phpseclib/phpseclib 4 https://github.com/baserproject/basercms 4 https://github.com/nightcloudos/new_cms 4 https://github.com/cri-o/cri-o 4 https://github.com/jnqnfe/pulse-binding-rust 4 https://github.com/centreon/centreon-archived 4 https://github.com/tidwall/gjson 4 https://github.com/statamic/cms 4 https://github.com/restlet/restlet-framework-java 4 https://github.com/fiveai/Cachet 4 https://github.com/igniterealtime/Openfire 4 https://github.com/totaljs/framework 4 https://github.com/pgadmin-org/pgadmin4 4 https://github.com/free5gc/free5gc 4 https://github.com/PrismJS/prism 4 https://github.com/ericcornelissen/shescape 4 https://github.com/kubernetes/ingress-nginx 4 https://github.com/jenkinsci/workflow-cps-global-lib-plugin 4 https://github.com/playframework/playframework 4 https://github.com/apple/swift-nio-http2 4 https://github.com/ckeditor/ckeditor4 4 https://github.com/Froxlor/Froxlor 4 https://github.com/pimcore/admin-ui-classic-bundle 4 https://github.com/0xJacky/nginx-ui 4 https://github.com/nocodb/nocodb 4 https://github.com/containers/buildah 4 https://github.com/jeecgboot/jeecg-boot 4 https://github.com/opencontainers/runc 4 https://github.com/libp2p/go-libp2p 4 https://github.com/npm/cli 4 https://github.com/Codiad/Codiad 4 https://github.com/livehelperchat/livehelperchat 4 https://github.com/scrapy/scrapy 4 https://github.com/bolt/bolt 4 https://github.com/yiisoft/yii2 4 https://github.com/pyload/pyload 3 https://github.com/apache/openmeetings 3 https://github.com/liufee/cms 3 https://github.com/mrvautin/expressCart 3 https://github.com/puma/puma 3 https://github.com/libxmljs/libxmljs 3 https://github.com/matrix-org/matrix-react-sdk 3 https://github.com/steveukx/git-js 3 https://github.com/open-policy-agent/opa 3