Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Moderate Security Advisories

Loading...
Moderate
GSA_kwCzR0hTQS1jd2gyLXE0NHgtNXczY84AA3Bl
Moodle Acceptance of Extraneous Untrusted Data With Trusted Data vulnerability
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 7.5
Published: 6 months ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTltcXAtN3YyaC0yMzgy
Denial of Service in Tensorflow
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 25.8
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW1oNzQtNG01Zy1mY2p4
Malicious users could abuse Sydent to control the content of invitation emails
Ecosystems: pypi
Packages: matrix-sydent
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 3 years ago
Moderate
GSA_kwCzR0hTQS05cDI2LTY5OHItdzRoeM4AA4-t
BuildKit vulnerable to possible panic when incorrect parameters sent from frontend
Ecosystems: go
Packages: github.com/moby/buildkit
Source: GitHub Advisory Database
Blast Radius: 16.2
Published: 3 months ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTgyaHgtdzJyNS1jMndx
Kubernetes API Server DoS Via API Requests
Ecosystems: go
Packages: k8s.io/apiserver
Source: GitHub Advisory Database
Blast Radius: 23.7
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1qZ3ByLXFydzItNmdwM84AAXvS
Exposure of Sensitive Information in Jenkins Core
Ecosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS05cHY3LXZmdm0tNnZyN84AA19X
graphql Uncontrolled Resource Consumption vulnerability
Ecosystems: npm
Packages: graphql
Source: GitHub Advisory Database
Blast Radius: 29.8
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS04aDk1LWpjcDUtcGpwcs4AA5Wt
Improper Validation of Array Index in github.com/greenpau/caddy-security
Ecosystems: go
Packages: github.com/greenpau/caddy-security
Source: GitHub Advisory Database
Blast Radius: 2.5
Published: 3 months ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXc0N2otaHFwZi1xdzl3
Out of bounds read in lazy-init
Ecosystems: cargo
Packages: lazy-init
Source: GitHub Advisory Database
Blast Radius: 7.2
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1yNzVtLTI2Y3EtbWp4Y84AA6ax
Serverpod improved security for stored password hashes
Ecosystems: pub
Packages: serverpod_auth_server
Source: GitHub Advisory Database
Blast Radius: 3.2
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS1mcjI2LXFqYzgtbXZqeM0Wjw
Possible route enumeration in production mode via RouteNotFoundError view in Vaadin 10, 11-14, and 15-19
Ecosystems: maven
Packages: com.vaadin:flow-server
Source: GitHub Advisory Database
Blast Radius: 11.2
Published: over 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZjMnAtcjQ2eC1tM3Z4
Argument injection in lettre
Ecosystems: cargo
Packages: lettre
Source: GitHub Advisory Database
Blast Radius: 14.6
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS13eDg3LWg1MzktNDc3Nc0yNQ
Moodle Information Disclosure vulnerability
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 7.5
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS04Y3h3LXd2aGMtcDR4NM4AAvdj
Jenkins NUnit Plugin vulnerable to Protection Mechanism Failure
Ecosystems: maven
Packages: org.jenkins-ci.plugins:nunit
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZyM3AtZmN2bS14aDdj
SSRF vulnerability in Arache Airflow
Ecosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Blast Radius: 16.9
Published: over 3 years ago
Moderate
GSA_kwCzR0hTQS00djd4LXBxeGYtY3g3bc4AA6pf
net/http, x/net/http2: close connections when receiving too many headers
Ecosystems: go
Packages: golang.org/x/net, net/http, golang.org/x/net/http2
Source: GitHub Advisory Database
Blast Radius: 28.8
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS12NTdoLTZobWgtZzJwNM4AAvAd
Weight not properly refunded after EVM execution
Ecosystems: cargo
Packages: frontier
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS02cng5LTg4OXEtdnYycs4AAwWw
Helm vulnerable to denial of service through string value parsing
Ecosystems: go
Packages: helm.sh/helm/v3
Source: GitHub Advisory Database
Blast Radius: 19.6
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS01M2M0LWhobWgtdnc1cc4AAwWx
Helm vulnerable to denial of service through through repository index file
Ecosystems: go
Packages: helm.sh/helm/v3
Source: GitHub Advisory Database
Blast Radius: 19.6
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1jcXBjLXgyYzYtMmdtZs4AA2oS
Unsecured WMS dynamic styling sld=<url> parameter affords blind unauthenticated SSRF
Ecosystems: maven
Packages: org.geoserver.web:gs-web-app, org.geoserver:gs-wms
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS02dmpmLTQ4Zmgtdnh4as4AA5Xv
Improper Handling of Parameters in moodle
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 7.5
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS1jMmo3LTY2bTMtcjRmZs4AAt2f
JSPUI's "Internal System Error" page prints exceptions and stack traces without sanitization
Ecosystems: maven
Packages: org.dspace:dspace-jspui
Source: GitHub Advisory Database
Blast Radius: 11.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS01NDk5LXFqdmgtNmo3d84AApa3
Observable Discrepancy in Wildfly Elytron
Ecosystems: maven
Packages: org.wildfly.security:wildfly-elytron
Source: GitHub Advisory Database
Blast Radius: 13.5
Published: almost 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTh3OTQtY2Y2Zy1jOG1n
Man-in-the-Middle (MitM)
Ecosystems: go
Packages: github.com/docker/docker
Source: GitHub Advisory Database
Blast Radius: 24.4
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS05OThyLWo5cngtcW04bc4AAvbW
Apache Isis webconsole module may directly query the database in prototype mode
Ecosystems: maven
Packages: org.apache.isis.core:isis-core
Source: GitHub Advisory Database
Blast Radius: 4.8
Published: over 1 year ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXhmNXAtODdjaC1neHcy
Marked ReDoS due to email addresses being evaluated in quadratic time
Ecosystems: npm
Packages: marked
Source: GitHub Advisory Database
Blast Radius: 30.1
Published: almost 5 years ago
Moderate
GSA_kwCzR0hTQS00Y3J3LXc4cHctMmhtZs4AAwOT
Buildah (as part of Podman) vulnerable to Link Following
Ecosystems: go
Packages: github.com/containers/podman/v4
Source: GitHub Advisory Database
Blast Radius: 10.1
Published: over 1 year ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXE4cWotZmM5cS1jcGhy
Undefined behavior in Tensorflow
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 25.8
Published: over 3 years ago
Moderate
GSA_kwCzR0hTQS1xNmNwLXFmd3EtNGdjds4AA6qI
h2 servers vulnerable to degradation of service with CONTINUATION Flood
Ecosystems: cargo
Packages: h2
Source: GitHub Advisory Database
Blast Radius: 24.1
Published: 30 days ago
Moderate
GSA_kwCzR0hTQS1ndmM3LWdqcnctaGo2Nc4AA4lm
Improper Verification of Cryptographic Signature in aws-encryption-sdk-java
Ecosystems: maven
Packages: com.amazonaws:aws-encryption-sdk-java
Source: GitHub Advisory Database
Blast Radius: 10.1
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS13aHBoLTQ0NmgtNm05ds075w
Azure SDK for .NET Information Disclosure Vulnerability.
Ecosystems: nuget
Packages: Microsoft.Rest.ClientRuntime
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1odjVnLXE0aDMtNjRxNM4AA4lr
Hard-coded credentials in org.folio:mod-remote-storage
Ecosystems: maven
Packages: org.folio:mod-remote-storage
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS01anBtLXg1OHYtNjI0ds4AA6Rf
Netty's HttpPostRequestDecoder can OOM
Ecosystems: maven
Packages: io.netty:netty-codec-http
Source: GitHub Advisory Database
Blast Radius: 20.2
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS00NDl3LWM3N2Mtdm1mNs4AAttO
Lack of authentication mechanism in Jenkins Git Plugin webhook
Ecosystems: maven
Packages: org.jenkins-ci.plugins:git
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWNmMngtcnFjOC1ncmZx
Regular expression deinal of service in express-validators
Ecosystems: npm
Packages: express-validators
Source: GitHub Advisory Database
Blast Radius: 9.4
Published: almost 3 years ago
Moderate
GSA_kwCzR0hTQS1wZjM4LWN3M3AtMjJxOc1Bjg
Keycloak is vulnerable to IDN homograph attack
Ecosystems: maven
Packages: org.keycloak:keycloak-services
Source: GitHub Advisory Database
Blast Radius: 14.6
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS00M2oyLXI0djMtbThqcM4AAknk
Secrets are not masked by Jenkins Credentials Binding Plugin in builds without build steps
Ecosystems: maven
Packages: org.jenkins-ci.plugins:credentials-binding
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS0yNzR3LTJqNXctbTJ4as4AAhlV
Magento 2 Community Edition Information Disclosure
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 5.7
Published: almost 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWo4ZjQtMnc0cC1taGpj
Moderate severity vulnerability that affects Microsoft.AspNetCore.Mvc
Ecosystems: nuget
Packages: Microsoft.AspNetCore.Mvc.WebApiCompatShim, Microsoft.AspNetCore.Mvc.ViewFeatures, Microsoft.AspNetCore.Mvc.TagHelpers, Microsoft.AspNetCore.Mvc.Razor, Microsoft.AspNetCore.Mvc.Razor.Host, Microsoft.AspNetCore.Mvc.Localization, Microsoft.AspNetCore.Mvc.Formatters.Xml, Microsoft.AspNetCore.Mvc.Formatters.Json, Microsoft.AspNetCore.Mvc.DataAnnotations, Microsoft.AspNetCore.Mvc.Cors, Microsoft.AspNetCore.Mvc.ApiExplorer, Microsoft.AspNetCore.Mvc.Abstractions, System.Net.WebSockets.Client, System.Net.Security, System.Net.Http.WinHttpHandler, System.Text.Encodings.Web, System.Net.Http, Microsoft.AspNetCore.Mvc.Core, Microsoft.AspNetCore.Mvc
Source: GitHub Advisory Database
Blast Radius: 7.6
Published: over 5 years ago
Moderate
GSA_kwCzR0hTQS01dzRoLXhycjUtNzI3M84AARPt
Moodle Exposure of Sensitive Information to an Unauthorized Actor
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 7.5
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS02NTN2LXJxeDktajg1cM4AAvtM
deep-object-diff vulnerable to Prototype Pollution
Ecosystems: npm
Packages: deep-object-diff
Source: GitHub Advisory Database
Blast Radius: 25.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1qOGcyLTZmYzctcThmOM4AA1gY
Pyramid static view path traversal up one directory
Ecosystems: pypi
Packages: pyramid
Source: GitHub Advisory Database
Blast Radius: 19.2
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS03cjg3LWNqNDgtd2o0Nc1BKw
Potential Captcha Validate Bypass in flask-session-captcha
Ecosystems: pypi
Packages: flask-session-captcha
Source: GitHub Advisory Database
Blast Radius: 6.4
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS13Zmp3LXc2cHYtOHA3Zs0n7g
Observable Response Discrepancy in Flask-AppBuilder
Ecosystems: pypi
Packages: Flask-AppBuilder
Source: GitHub Advisory Database
Blast Radius: 14.7
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS14eGhmLXhxNnYtYzhtas4AAs8W
Improper authorization in Jenkins Embeddable Build Status Plugin bypasses ViewStatus permission requirement
Ecosystems: maven
Packages: org.jenkins-ci.plugins:embeddable-build-status
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXY3ZmYtOHdjeC1nbWM1
Authorization Before Parsing and Canonicalization in jetty
Ecosystems: maven
Packages: org.eclipse.jetty:jetty-webapp
Source: GitHub Advisory Database
Blast Radius: 22.7
Published: about 3 years ago
Moderate
GSA_kwCzR0hTQS1weDNyLTI3cWMtaHg1Z84AAs70
NT auth module vulnerability in OpenAM
Ecosystems: maven
Packages: org.openidentityplatform.openam:openam-core
Source: GitHub Advisory Database
Blast Radius: 1.6
Published: almost 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJjZjItMjM4My1oNGp2
Improperly Controlled Modification of Dynamically-Determined Object Attributes in querymen
Ecosystems: npm
Packages: querymen
Source: GitHub Advisory Database
Blast Radius: 12.5
Published: almost 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXdnOW0tZ3czaC1oZzgz
field_test gem contains injection vulnerability
Ecosystems: rubygems
Packages: field_test
Source: GitHub Advisory Database
Blast Radius: 11.4
Published: almost 5 years ago
Moderate
GSA_kwCzR0hTQS1qeDVxLWczN20taDVoas0guQ
Client-Side JavaScript Prototype Pollution in oro/platform
Ecosystems: packagist
Packages: oro/platform
Source: GitHub Advisory Database
Blast Radius: 11.5
Published: over 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZjN3YtMmY0OS04aDI2
Django Incorrect HTTP detection with reverse-proxy connecting via HTTPS
Ecosystems: pypi
Packages: django
Source: GitHub Advisory Database
Blast Radius: 26.8
Published: almost 5 years ago
Moderate
GSA_kwCzR0hTQS1wODh3LWZoeHcteHZjY84AAv_W
Exposure of Private Personal Information to an Unauthorized Actor in org.xwiki.platform:xwiki-platform-rest-server
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-rest-server
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXA5cGMtMjk5cC12eGdw
yargs-parser Vulnerable to Prototype Pollution
Ecosystems: npm
Packages: yargs-parser
Source: GitHub Advisory Database
Blast Radius: 35.2
Published: over 3 years ago
Moderate
GSA_kwCzR0hTQS00NzkzLTh3d2gtanh4cs4AArMr
Business Logic Errors in Para
Ecosystems: maven
Packages: com.erudika:para-core
Source: GitHub Advisory Database
Blast Radius: 5.9
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1nOHhnLWpnajYtNDlyM83ifg
Django is vulnerable to Denial of Service attack in formset
Ecosystems: pypi
Packages: django
Source: GitHub Advisory Database
Blast Radius: 26.8
Published: about 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXc5bXAtcDJ3cC0yeGY3
Improper file downloads in Apache Tapestry
Ecosystems: maven
Packages: org.apache.tapestry:tapestry-core
Source: GitHub Advisory Database
Blast Radius: 15.3
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1qNDUzLWhtNXgtYzQ2d84AAwMu
Echo vulnerable to directory traversal
Ecosystems: go
Packages: github.com/labstack/echo/v4
Source: GitHub Advisory Database
Blast Radius: 22.5
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS12anh4LWpnY3gtOWZxMs4AAxul
Pixelfed allows user enumeration via reset password functionality
Ecosystems: packagist
Packages: pixelfed/pixelfed
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS00NnAyLWZ3cWctM2g2bc4AASkB
Incorrect Authorization in Jenkins Git Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:git
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1jcHczLXg3Z2YtcDg3Ms4AATSW
Exposure of Sensitive Information to an Unauthorized Actor in Jenkins
Ecosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS00aGc0LTltZjUtd3h4cc4AA1rF
incorrect order of evaluation of side effects for some builtins
Ecosystems: pypi
Packages: vyper
Source: GitHub Advisory Database
Blast Radius: 12.6
Published: 8 months ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXhjNjctaGp4Ni1jZ2c2
Installation information leak in Eclipse Jetty
Ecosystems: maven
Packages: org.eclipse.jetty:jetty-server
Source: GitHub Advisory Database
Blast Radius: 24.1
Published: about 5 years ago
Moderate
GSA_kwCzR0hTQS1xNDhyLXhnOWgtNzhtOM4AAv4a
Concrete CMS vulnerable to XML External Entity
Ecosystems: packagist
Packages: concrete5/concrete5
Source: GitHub Advisory Database
Blast Radius: 4.5
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS04Y3JyLXhmMzUtNWY1cM4AAQ7H
Jenkins Job Import Plugin CSRF vulnerability
Ecosystems: maven
Packages: org.jenkins-ci.plugins:job-import-plugin
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS00OHd3LThoN2ctNGh3cc0-Xw
TYPO3 is vulnerable to Spam Abuse in the native form content element
Ecosystems: packagist
Packages: typo3/cms-frontend
Source: GitHub Advisory Database
Blast Radius: 14.4
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1nYzM3LTlnN2YtOTZmeM0Xqw
Apache Ozone exposes OM, SCM and Datanode metadata
Ecosystems: maven
Packages: org.apache.ozone:ozone-main
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1jcXI2LTN4M2YtOXdyM84AA0V1
Apache InLong SQL Injection vulnerability
Ecosystems: maven
Packages: org.apache.inlong:manager-service, org.apache.inlong:manager-pojo
Source: GitHub Advisory Database
Blast Radius: 8.2
Published: 10 months ago
Moderate
GSA_kwCzR0hTQS1mOWN4LTc4OWMtdzJtcs4AASj-
Incorrect Authorization in Jenkins Mercurial Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:mercurial
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZqNTQtY2pyeC14Njk2
Observable Discrepancy in Argo
Ecosystems: go
Packages: github.com/argoproj/argo-cd
Source: GitHub Advisory Database
Blast Radius: 7.9
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1nNTh4LXAzcGotcmc1Ms4AAcC-
Moodle Glossary search displays entries without checking user permissions to view them
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 7.5
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS00MnFtLTh2OG0tbTc4Y84AAzlJ
PocketMine MP vulnerable to uncontrolled resource consumption via mismatched type of 'InventoryTransactionPacket'
Ecosystems: packagist
Packages: pocketmine/pocketmine-mp
Source: GitHub Advisory Database
Blast Radius: 11.0
Published: 11 months ago
Moderate
GSA_kwCzR0hTQS1tcDkyLTNqZm0tMzU3Nc4AA206
Synapse vulnerable to leak of remote user device information
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 7.5
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS0zNDg3LTNqN2MtN2d3as4AA3XX
Mattermost Uncontrolled Resource Consumption vulnerability
Ecosystems: go
Packages: github.com/mattermost/mattermost-server/v6, github.com/mattermost/mattermost/server/v8
Source: GitHub Advisory Database
Blast Radius: 11.8
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS1nbXY0LXI0MzgtcDY3Zs0v7g
Leading white space bypasses protocol validation
Ecosystems: npm
Packages: urijs
Source: GitHub Advisory Database
Blast Radius: 27.9
Published: about 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXc0anEtcWg0Ny1odmpx
Improper Input Validation in Xerces
Ecosystems: maven
Packages: xerces:xercesImpl
Source: GitHub Advisory Database
Blast Radius: 22.5
Published: about 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXIyOHYtbXc2Ny1tNXA5
Django Denial-of-service possibility in urlize and urlizetrunc template filters
Ecosystems: pypi
Packages: django
Source: GitHub Advisory Database
Blast Radius: 26.8
Published: over 5 years ago
Moderate
GSA_kwCzR0hTQS1od3ZtLXZmdzgtOTNtd80cpQ
Vulnerable dependency in XTDB connector
Ecosystems: maven
Packages: org.odpi.egeria:egeria-connector-xtdb
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS13cjIzLW05bTItampmNM3zjA
Bolt Improper Access Control
Ecosystems: packagist
Packages: bolt/bolt
Source: GitHub Advisory Database
Blast Radius: 12.5
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS0yZ3JoLWdyMzctMjI4M84AA327
Solr search discloses email addresses of users
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-search-solr-api
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS03aDRwLTI3bWgtaG1yd84AA25h
Django Denial of service vulnerability in django.utils.encoding.uri_to_iri
Ecosystems: pypi
Packages: django
Source: GitHub Advisory Database
Blast Radius: 26.8
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS1oZ2c2LTh4NjItbTlnZs3wQw
Improper Certificate Validation in Apache CXF
Ecosystems: maven
Packages: org.apache.cxf:cxf-core
Source: GitHub Advisory Database
Blast Radius: 17.1
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1mcnF4LWpmY20tNmpqcs4AAzfX
malformed proposed intoto entries can cause a panic
Ecosystems: go
Packages: github.com/sigstore/rekor
Source: GitHub Advisory Database
Blast Radius: 15.4
Published: 11 months ago
Moderate
GSA_kwCzR0hTQS1yNmozLXB4NWctY3EzeM4AA2X8
Apache Tomcat Improper Input Validation vulnerability
Ecosystems: maven
Packages: org.apache.tomcat.embed:tomcat-embed-core, org.apache.tomcat:tomcat
Source: GitHub Advisory Database
Blast Radius: 22.0
Published: 7 months ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTdyODItN3h2Ny14Y3Bq
Cross-site scripting in Apache HttpClient
Ecosystems: maven
Packages: org.apache.httpcomponents:httpclient
Source: GitHub Advisory Database
Blast Radius: 27.3
Published: almost 3 years ago
Moderate
GSA_kwCzR0hTQS12NHZqLTQ5bTUtd2pod84AAb6c
Plone vulnerable to unauthorized disclosure of site content
Ecosystems: pypi
Packages: Plone
Source: GitHub Advisory Database
Blast Radius: 4.5
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS0zcXgyLTZmNzgtdzJqMs4AA3v6
Denial of service caused by infinite recursion when parsing SVG images
Ecosystems: packagist
Packages: dompdf/dompdf
Source: GitHub Advisory Database
Blast Radius: 23.0
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS1xaDZ3LXBxNTItcXh4cc4AAxuy
Pixelfed may allow unauthorized actor to view private posts
Ecosystems: packagist
Packages: pixelfed/pixelfed
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS0ycXA0LWczcTMtZjkyd80u-Q
Improper Locking in JetBrains Kotlin
Ecosystems: maven
Packages: org.jetbrains.kotlin:kotlin-stdlib
Source: GitHub Advisory Database
Blast Radius: 26.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS0yaDQ0LXgyd3gtNDlmNM4AAzbE
Potential HTTP policy bypass when using header rules in Cilium
Ecosystems: go
Packages: github.com/cilium/cilium
Source: GitHub Advisory Database
Blast Radius: 10.7
Published: 12 months ago
Moderate
GSA_kwCzR0hTQS05N2pnLTQzYzktcTZwZs05dA
Unauthenticated user can retrieve the list of users through uorgsuggest.vm
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-web-templates
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS13cnh2LTJqNXEtbTM4d84AAtHM
lxml NULL Pointer Dereference allows attackers to cause a denial of service
Ecosystems: pypi
Packages: lxml
Source: GitHub Advisory Database
Blast Radius: 26.8
Published: almost 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW1qNHgtd2N4Zi1obTh4
Json-jwt did not verify the cryptographic signature for data
Ecosystems: rubygems
Packages: json-jwt
Source: GitHub Advisory Database
Blast Radius: 17.3
Published: almost 6 years ago
Moderate
GSA_kwCzR0hTQS02aDY3LTkzNHItODJnN84AA3RQ
Bypass of field access control in strapi-plugin-protected-populate
Ecosystems: npm
Packages: strapi-plugin-protected-populate
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXhneGMtdjJxZy1jaG1o
Directory Traversal in Django
Ecosystems: pypi
Packages: Django
Source: GitHub Advisory Database
Blast Radius: 26.8
Published: about 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXBmeGYtd2g5Ni1mdmpj
Log Forging in generator-jhipster-kotlin
Ecosystems: npm
Packages: generator-jhipster-kotlin
Source: GitHub Advisory Database
Blast Radius: 8.7
Published: almost 4 years ago
Moderate
GSA_kwCzR0hTQS03NzZmLXF4MjUtcTNjY84AAykj
xml2js is vulnerable to prototype pollution
Ecosystems: npm
Packages: xml2js
Source: GitHub Advisory Database
Blast Radius: 31.9
Published: about 1 year ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTIzeHAtajczNy0yODJ2
Path Traversal in takeapeek
Ecosystems: npm
Packages: takeapeek
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 5 years ago
Moderate
GSA_kwCzR0hTQS14aDlnLWNwM3YtcDhxNM0myA
Missing Authorization in Crater Invoice
Ecosystems: packagist
Packages: bytefury/crater
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS12ZzV4LTZxNjYtcnZneM4AAwzt
Barzahlen Payment Module PHP SDK vulnerable to Observable Timing Discrepancy
Ecosystems: packagist
Packages: barzahlen/barzahlen-php
Source: GitHub Advisory Database
Blast Radius: 3.7
Published: over 1 year ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTRyNXgtcWpxYy1wNTc5
Tracking Module in botbait
Ecosystems: npm
Packages: botbait
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Statistics
Advisories: 18,372
Packages: 8,294
Repositories: 2,453
Ecosystems: 12
Filter by Severity
Moderate 7,930 High 6,358 Critical 2,810 Low 985
Filter by Ecosystem
maven 2,550 packagist 2,149 pypi 1,736 npm 1,061 go 876 nuget 537 rubygems 373 cargo 261 hex 14 swift 12 pub 3 actions 3
Filter by Package
moodle/moodle 247 tensorflow 207 tensorflow-cpu 191 tensorflow-gpu 190 org.jenkins-ci.main:jenkins-core 114 magento/community-edition 96 org.apache.tomcat:tomcat 92 pimcore/pimcore 86 typo3/cms 66 microweber/microweber 62 django 54 dolibarr/dolibarr 53 apache-airflow 52 typo3/cms-core 51 phpmyadmin/phpmyadmin 50 thorsten/phpmyfaq 45 actionpack 42 github.com/usememos/memos 42 apache-superset 39 drupal/core 36 plone 35 concrete5/concrete5 34 showdoc/showdoc 34 librenms/librenms 32 org.keycloak:keycloak-core 31 ansible 31 github.com/mattermost/mattermost-server/v6 30 drupal/drupal 28 Plone 28 symfony/symfony 27 github.com/mattermost/mattermost/server/v8 27 intelliants/subrion 27 craftcms/cms 26 com.liferay.portal:release.portal.bom 25 silverstripe/framework 25 snipe/snipe-it 24 org.elasticsearch:elasticsearch 24 github.com/grafana/grafana 23 baserproject/basercms 22 github.com/answerdev/answer 21 org.apache.struts:struts2-core 20 k8s.io/kubernetes 20 grumpydictator/firefly-iii 19 froxlor/froxlor 18 shopware/shopware 18 shopware/platform 18 remdex/livehelperchat 18 matrix-synapse 18 nilsteampassnet/teampass 18 rdiffweb 18 getkirby/cms 17 org.apache.tomcat.embed:tomcat-embed-core 16 moin 16 vyper 15 github.com/argoproj/argo-cd/v2 15 yetiforce/yetiforce-crm 14 salt 14 nokogiri 14 prestashop/prestashop 14 puppet 14 nova 13 org.keycloak:keycloak-services 13 shopware/core 13 org.xwiki.platform:xwiki-platform-oldcore 13 forkcms/forkcms 13 io.undertow:undertow-core 13 Pillow 13 com.jfinal:jfinal 13 mautic/core 13 github.com/goharbor/harbor 12 Django 12 org.apache.solr:solr-core 12 tribalsystems/zenario 12 github.com/hashicorp/vault 12 com.thoughtworks.xstream:xstream 12 github.com/hashicorp/consul 12 github.com/docker/docker 12 tinymce 12 org.apache.jspwiki:jspwiki-main 12 lavalite/cms 11 github.com/argoproj/argo-cd 11 pyftpdlib 11 github.com/cilium/cilium 11 github.com/hashicorp/nomad 11 getgrav/grav 11 DotNetNuke.Core 11 feehi/feehicms 11 genix/cms 11 neutron 11 org.keycloak:keycloak-parent 11 joplin 10 com.vaadin:vaadin-bom 10 github.com/mattermost/mattermost-server 10 francoisjacquet/rosariosis 10 typo3/cms-backend 10 helm.sh/helm/v3 10 notebook 10 org.apache.jspwiki:jspwiki-war 10 PaddlePaddle 10 ec-cube/ec-cube 10 activesupport 10 org.apache.nifi:nifi 10 fat_free_crm 10 org.springframework:spring-core 10 org.springframework.security:spring-security-core 10 contao/core-bundle 10 rack 10 @openzeppelin/contracts-upgradeable 10 wallabag/wallabag 10 org.eclipse.jetty:jetty-server 10 github.com/containerd/containerd 10 github.com/greenpau/caddy-security 10 @openzeppelin/contracts 10 github.com/ethereum/go-ethereum 10 publify_core 9 cakephp/cakephp 9 directus 9 TinyMCE 9 tinymce/tinymce 9 bolt/bolt 9 org.jenkins-ci.plugins:git 9 ghost 9 org.jenkins-ci.plugins:script-security 9 org.igniterealtime.openfire:parent 9 glance 9 jquery-rails 9 zendframework/zendframework1 9 gogs.io/gogs 9 swagger-ui 9 org.mortbay.jetty:jetty 9 org.opencrx:opencrx-core-models 9 code.gitea.io/gitea 9 rubygems-update 9 ckeditor4 9 angular 9 org.apache.archiva:archiva 8 Microsoft.ChakraCore 8 contao/contao 8 roundup 8 bootstrap 8 rails-html-sanitizer 8 github.com/openfga/openfga 8 opencv-python 8 impresscms/impresscms 8 actionview 8 simplesamlphp/simplesamlphp 8 opencv-contrib-python 8 editor.md 8 silverstripe/cms 8 rails 8 electron 8 centreon/centreon 8 org.opencms:opencms-core 8 github.com/kubeedge/kubeedge 8 org.webjars.npm:jquery 8 jquery 8 wasmtime 8 org.bouncycastle:bcprov-jdk14 8 org.jenkins-ci.plugins:electricflow 8 org.apache.activemq:activemq-client 8 vantage6 7 silverstripe/admin 7 pyload-ng 7 trytond 7 validator 7 org.apache.james:james-server 7 phpbb/phpbb 7 OctoPrint 7 wagtail 7 kevinpapst/kimai2 7 next 7 github.com/moby/moby 7 org.bouncycastle:bcprov-jdk15on 7 org.jenkins-ci.plugins:config-file-provider 7 org.jenkins-ci.plugins:subversion 7 modoboa 7 org.jenkins-ci.plugins:email-ext 7 org.bouncycastle:bcprov-jdk15 7 org.apache.santuario:xmlsec 7 admidio/admidio 7 aiohttp 7 io.jenkins.blueocean:blueocean 7 io.jenkins:configuration-as-code 7 phpmyfaq/phpmyfaq 7 org.apache.cxf:cxf-core 7 org.owasp.antisamy:antisamy 7 com.vaadin:flow-server 7 keystone 7 jquery-ui 7 jQuery 7 github.com/google/fscrypt 7 org.opennms:opennms 7 jquery-ui-rails 7 sylius/sylius 7 activerecord 7 jQuery.UI.Combined 7 pillow 7 org.webjars.npm:jquery-ui 7 url-parse 6 sanitize-html 6
Filter by Repository
https://github.com/tensorflow/tensorflow 207 https://github.com/moodle/moodle 164 https://github.com/jenkinsci/jenkins 90 https://github.com/pimcore/pimcore 83 https://github.com/microweber/microweber 58 https://github.com/apache/tomcat 53 https://github.com/apache/airflow 51 https://github.com/thorsten/phpmyfaq 45 https://github.com/django/django 43 https://github.com/usememos/memos 42 https://github.com/xwiki/xwiki-platform 38 https://github.com/rails/rails 33 https://github.com/TYPO3/typo3 32 https://github.com/kubernetes/kubernetes 32 https://github.com/star7th/showdoc 32 https://github.com/librenms/librenms 30 https://github.com/plone/Products.CMFPlone 29 https://github.com/keycloak/keycloak 27 https://github.com/ansible/ansible 26 https://github.com/symfony/symfony 22 https://github.com/phpmyadmin/phpmyadmin 22 https://github.com/Dolibarr/dolibarr 21 https://github.com/answerdev/answer 21 https://github.com/craftcms/cms 21 https://github.com/spring-projects/spring-framework 21 https://github.com/snipe/snipe-it 20 https://github.com/firefly-iii/firefly-iii 19 https://github.com/apache/activemq 19 https://github.com/concretecms/concretecms 19 https://github.com/argoproj/argo-cd 19 https://github.com/grafana/grafana 18 https://github.com/python-pillow/Pillow 18 https://github.com/livehelperchat/livehelperchat 18 https://github.com/ikus060/rdiffweb 18 https://github.com/apache/struts 17 https://github.com/matrix-org/synapse 17 https://github.com/shopware/platform 17 https://github.com/shopware/shopware 16 https://github.com/magento/magento2 16 https://github.com/CVEProject/cvelist 15 https://github.com/vyperlang/vyper 15 https://github.com/OpenNMS/opennms 14 https://github.com/TYPO3/TYPO3.CMS 14 https://github.com/froxlor/froxlor 14 https://github.com/PaddlePaddle/Paddle 14 https://github.com/yetiforcecompany/yetiforcecrm 14 https://github.com/x-stream/xstream 13 https://github.com/octobercms/october 13 https://github.com/mautic/mautic 13 https://github.com/go-gitea/gitea 13 https://github.com/getkirby/kirby 13 https://github.com/netty/netty 12 https://github.com/tinymce/tinymce 12 https://github.com/apache/cxf 12 https://github.com/goharbor/harbor 12 https://github.com/PrestaShop/PrestaShop 11 https://github.com/cilium/cilium 11 https://github.com/silverstripe/silverstripe-framework 11 https://github.com/contao/contao 11 https://github.com/intelliants/subrion 11 https://github.com/forkcms/forkcms 11 https://github.com/vaadin/platform 10 https://github.com/greenpau/caddy-security 10 https://github.com/ethereum/go-ethereum 10 https://github.com/laurent22/joplin 10 https://github.com/OpenZeppelin/openzeppelin-contracts 10 https://github.com/helm/helm 10 https://github.com/saltstack/salt 10 https://github.com/baserproject/basercms 10 https://github.com/mattermost/mattermost 10 https://github.com/liufee/cms 10 https://github.com/nilsteampassnet/TeamPass 10 https://github.com/containerd/containerd 10 https://github.com/jquery/jquery 10 https://github.com/moby/moby 10 https://github.com/strapi/strapi 9 https://github.com/geoserver/geoserver 9 https://github.com/sparklemotion/nokogiri 9 https://github.com/fatfreecrm/fat_free_crm 9 https://github.com/puppetlabs/puppet 9 https://github.com/github/advisory-database 9 https://github.com/apache/nifi 9 https://github.com/jenkinsci/git-plugin 9 https://github.com/electron/electron 9 https://github.com/publify/publify 9 https://github.com/eclipse/jetty.project 8 https://github.com/openfga/openfga 8 https://github.com/nilsteampassnet/teampass 8 https://github.com/wallabag/wallabag 8 https://github.com/kubeedge/kubeedge 8 https://github.com/jupyter/notebook 8 https://github.com/hashicorp/consul 8 https://github.com/ckeditor/ckeditor4 8 https://github.com/pandao/editor.md 8 https://github.com/bcgit/bc-java 8 https://github.com/rails/rails-html-sanitizer 8 https://github.com/rack/rack 8 https://github.com/bytecodealliance/wasmtime 8 https://github.com/swagger-api/swagger-ui 8 https://github.com/getgrav/grav 8 https://github.com/directus/directus 8 https://github.com/LavaLite/cms 8 https://github.com/rubygems/rubygems 8 https://github.com/TryGhost/Ghost 8 https://github.com/opencv/opencv 7 https://github.com/giampaolo/pyftpdlib 7 https://github.com/vaadin/flow 7 https://github.com/wagtail/wagtail 7 https://github.com/apache/zeppelin 7 https://github.com/kevinpapst/kimai2 7 https://github.com/jeecgboot/jeecg-boot 7 https://github.com/nahsra/antisamy 7 https://github.com/thorsten/phpMyFAQ 7 https://github.com/pyload/pyload 7 https://github.com/google/fscrypt 7 https://github.com/chakra-core/ChakraCore 7 https://github.com/gogs/gogs 7 https://github.com/twbs/bootstrap 7 https://github.com/aio-libs/aiohttp 7 https://github.com/jenkinsci/blueocean-plugin 7 https://github.com/dolibarr/dolibarr 7 https://github.com/hashicorp/vault 7 https://github.com/traefik/traefik 7 https://github.com/vantage6/vantage6 7 https://github.com/modoboa/modoboa 7 https://github.com/ipython/ipython 6 https://github.com/jenkinsci/fortify-on-demand-uploader-plugin 6 https://github.com/cloudflare/cfrpki 6 https://github.com/pimcore/admin-ui-classic-bundle 6 https://github.com/dompdf/dompdf 6 https://github.com/opencast/opencast 6 https://github.com/panva/jose 6 https://github.com/backstage/backstage 6 https://github.com/cui2shark/security 6 https://github.com/jenkinsci/script-security-plugin 6 https://github.com/parse-community/parse-server 6 https://github.com/simplesamlphp/simplesamlphp 6 https://github.com/pimcore/customer-data-framework 6 https://github.com/jenkinsci/config-file-provider-plugin 6 https://github.com/urllib3/urllib3 6 https://github.com/croogo/croogo 6 https://github.com/onionshare/onionshare 6 https://github.com/containers/podman 6 https://github.com/dotnet/runtime 6 https://github.com/opensearch-project/security 6 https://github.com/d4wner/Vulnerabilities-Report 6 https://github.com/oroinc/orocommerce 6 https://github.com/neorazorx/facturascripts 6 https://github.com/cosmos/cosmos-sdk 6 https://github.com/cubefs/cubefs 6 https://github.com/1Panel-dev/1Panel 6 https://github.com/jquery/jquery-ui 6 https://github.com/igniterealtime/Openfire 6 https://github.com/jenkinsci/configuration-as-code-plugin 6 https://github.com/umbraco/Umbraco-CMS 6 https://github.com/admidio/admidio 5 https://github.com/jenkinsci/electricflow-plugin 5 https://github.com/kivikakk/comrak 5 https://github.com/puma/puma 5 https://github.com/apache/tika 5 https://github.com/vapor/vapor 5 https://github.com/cloudfoundry/uaa 5 https://github.com/vercel/next.js 5 https://github.com/NodeBB/NodeBB 5 https://github.com/numpy/numpy 5 https://github.com/lief-project/LIEF 5 https://github.com/Sylius/Sylius 5 https://github.com/hashicorp/nomad 5 https://github.com/etcd-io/etcd 5 https://github.com/openstack/keystone 5 https://github.com/paritytech/frontier 5 https://github.com/lxml/lxml 5 https://github.com/hyperium/hyper 5 https://github.com/evershopcommerce/evershop 5 https://github.com/undertow-io/undertow 5 https://github.com/sulu/sulu 5 https://github.com/rancher/rancher 5 https://github.com/cri-o/cri-o 5 https://github.com/yiisoft/yii2 5 https://github.com/opencontainers/runc 5 https://github.com/pmmp/PocketMine-MP 5 https://github.com/jenkinsci/subversion-plugin 5 https://github.com/apache/dolphinscheduler 5 https://github.com/apache/superset 5 https://github.com/bolt/bolt 5 https://github.com/OctoPrint/OctoPrint 5 https://bitbucket.org/snakeyaml/snakeyaml 5 https://github.com/nodejs/undici 5 https://github.com/zitadel/zitadel 5 https://github.com/apache/kylin 5 https://github.com/quarkusio/quarkus 5 https://github.com/unshiftio/url-parse 5 https://github.com/nervosnetwork/ckb 5 https://github.com/xuxueli/xxl-job 5 https://github.com/centreon/centreon-archived 5 https://github.com/semplon/GeniXCMS 5 https://github.com/apache/lucene-solr 5 https://github.com/alextselegidis/easyappointments 5 https://github.com/Amanieu/parking_lot 5