Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Moderate Security Advisories

Loading...
Moderate
GSA_kwCzR0hTQS02cng5LTg4OXEtdnYycs4AAwWw
Helm vulnerable to denial of service through string value parsing
Ecosystems: go
Packages: helm.sh/helm/v3
Source: GitHub Advisory Database
Blast Radius: 19.6
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1mOWN4LTc4OWMtdzJtcs4AASj-
Incorrect Authorization in Jenkins Mercurial Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:mercurial
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXc0anEtcWg0Ny1odmpx
Improper Input Validation in Xerces
Ecosystems: maven
Packages: xerces:xercesImpl
Source: GitHub Advisory Database
Blast Radius: 22.5
Published: over 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXIyOHYtbXc2Ny1tNXA5
Django Denial-of-service possibility in urlize and urlizetrunc template filters
Ecosystems: pypi
Packages: django
Source: GitHub Advisory Database
Blast Radius: 26.8
Published: over 5 years ago
Moderate
GSA_kwCzR0hTQS13bXZxLXE5aDgtN2o0Z84AARPv
Moodle sensitive information disclosure
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 7.5
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS12NTdoLTZobWgtZzJwNM4AAvAd
Weight not properly refunded after EVM execution
Ecosystems: cargo
Packages: frontier
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1nNDR2LTZxZm0tZjZjaM4AAyMu
Answer has Guessable CAPTCHA
Ecosystems: go
Packages: github.com/answerdev/answer
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS03d3I2LWZqNHgtODkzds4AAvLP
rdiffweb allows a new password to be the same as the previous password
Ecosystems: pypi
Packages: rdiffweb
Source: GitHub Advisory Database
Blast Radius: 2.5
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1od3ZtLXZmdzgtOTNtd80cpQ
Vulnerable dependency in XTDB connector
Ecosystems: maven
Packages: org.odpi.egeria:egeria-connector-xtdb
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS13Zmp3LXc2cHYtOHA3Zs0n7g
Observable Response Discrepancy in Flask-AppBuilder
Ecosystems: pypi
Packages: Flask-AppBuilder
Source: GitHub Advisory Database
Blast Radius: 14.7
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS03M3Y1LXc2ZmctMm00NM4AAvdc
Jenkins Tuleap Git Branch Source Plugin allows unauthenticated attackers to trigger Tuleap projects whose configured repo matches attacker-specified value
Ecosystems: maven
Packages: org.jenkins-ci.plugins:tuleap-git-branch-source
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTR4NnYtcndoNC01NWp3
Pomelo allows external control of critical state data
Ecosystems: npm
Packages: pomelo
Source: GitHub Advisory Database
Blast Radius: 15.2
Published: over 4 years ago
Moderate
GSA_kwCzR0hTQS13OWdxLThxMzUtM2pjY84AASj9
Jenkins Subversion Plugin Incorrect Authorization vulnerability
Ecosystems: maven
Packages: org.jenkins-ci.plugins:subversion
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1manc4LTNncDgtNGN2eM4AA8Kw
Denial of service of Minder Server with attacker-controlled REST endpoint
Ecosystems: go
Packages: github.com/stacklok/minder
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 2 days ago
Moderate
GSA_kwCzR0hTQS1mcnF4LWpmY20tNmpqcs4AAzfX
malformed proposed intoto entries can cause a panic
Ecosystems: go
Packages: github.com/sigstore/rekor
Source: GitHub Advisory Database
Blast Radius: 15.4
Published: 12 months ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWZ2Z2YtNmg2aC0zMzIy
Django Directory Traversal via archive.extract
Ecosystems: pypi
Packages: django
Source: GitHub Advisory Database
Blast Radius: 26.8
Published: about 3 years ago
Moderate
GSA_kwCzR0hTQS1obWNoLTk5NDctODJyas4AAilT
Magento 2 Community Edition Weak Cryptography
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 5.7
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1tajM1LTJyZ2YtY3Y4cM4AA6l2
OpenID Connect client Atom Exhaustion in provider configuration worker ets table location
Ecosystems: hex
Packages: oidcc
Source: GitHub Advisory Database
Blast Radius: 1.6
Published: about 1 month ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWM5ZzYtOTMzNS14Njk3
Improper Input Validation in SocksJS-Node
Ecosystems: npm
Packages: sockjs
Source: GitHub Advisory Database
Blast Radius: 34.2
Published: about 3 years ago
Moderate
GSA_kwCzR0hTQS0yNTJoLTJjbXEtcG1yNs4AAwXI
easywebpack-cli Path Traversal vulnerability
Ecosystems: npm
Packages: @easy-team/easywebpack-cli
Source: GitHub Advisory Database
Blast Radius: 6.2
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS0yMmYyLXY1N2MtajljeM4AA5mE
Rack vulnerable to ReDoS in content type parsing (2nd degree polynomial)
Ecosystems: rubygems
Packages: rack
Source: GitHub Advisory Database
Blast Radius: 31.9
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS1jOHd2LXF3d2MtNmo3M84AAqQT
MediaWiki allows a denial of service
Ecosystems: packagist
Packages: mediawiki/core
Source: GitHub Advisory Database
Blast Radius: 5.3
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS14M3JtLTY0NGgtNjdtOM0WPw
Out-of-bounds Read in OpenCV
Ecosystems: pypi
Packages: opencv-contrib-python-headless, opencv-contrib-python, opencv-python-headless, opencv-python
Source: GitHub Advisory Database
Blast Radius: 25.6
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS12cTdqLTZwY3EtZjQ4cM4AAl8N
Path traversal vulnerability in Blue Ocean Plugin
Ecosystems: maven
Packages: io.jenkins.blueocean:blueocean
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTRyNjItdjR2cS1ocjk2
Regular Expression Denial of Service (REDoS) in Marked
Ecosystems: npm
Packages: marked
Source: GitHub Advisory Database
Blast Radius: 30.1
Published: over 3 years ago
Moderate
GSA_kwCzR0hTQS0zaGcyLXI3NXgtZzY5bc4AA17W
Vyper has incorrect re-entrancy lock when key is empty string
Ecosystems: pypi
Packages: vyper
Source: GitHub Advisory Database
Blast Radius: 12.6
Published: 8 months ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXBydjIteHdyNy1ocjU3
Uncontrolled Resource Consumption in rdf-graph-array
Ecosystems: npm
Packages: rdf-graph-array
Source: GitHub Advisory Database
Blast Radius: 8.2
Published: about 3 years ago
Moderate
GSA_kwCzR0hTQS02N2Z4LXd4NzgtangzM84AAwWy
Helm vulnerable to denial of service through schema file
Ecosystems: go
Packages: helm.sh/helm/v3
Source: GitHub Advisory Database
Blast Radius: 19.6
Published: over 1 year ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWpyaDctbWhoeC02aDg4
Denial of service (via resource exhaustion) due to improper input validation on groups/communities endpoints
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 7.5
Published: about 3 years ago
Moderate
GSA_kwCzR0hTQS1qNGhxLWY2M3gtZjM5cs4AA6O2
Slow String Operations via MultiPart Requests in Event-Driven Functions
Ecosystems: packagist
Packages: bref/bref
Source: GitHub Advisory Database
Blast Radius: 12.9
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS02M2N2LTRwYzItNGZjZs4AA3lw
Mattermost Exposure of Sensitive Information to an Unauthorized Actor vulnerability
Ecosystems: go
Packages: github.com/mattermost/mattermost/server/v8, github.com/mattermost/mattermost-server/v6
Source: GitHub Advisory Database
Blast Radius: 11.8
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS1wcjJtLXB4N2oteGc2Nc4AA584
aiosmtpd vulnerable to SMTP smuggling
Ecosystems: pypi
Packages: aiosmtpd
Source: GitHub Advisory Database
Blast Radius: 13.2
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS03bXA2LTkyOXAtcHFoas4AA19V
Croc requires senders to provide local IP addresses in cleartext
Ecosystems: go
Packages: github.com/schollz/croc/v9
Source: GitHub Advisory Database
Blast Radius: 2.5
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS0zdzN3LXB4bW0tMncyas4AAzxu
crypto-js uses insecure random numbers
Ecosystems: npm
Packages: crypto-js
Source: GitHub Advisory Database
Blast Radius: 27.6
Published: 11 months ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWY1ZmotNzI2NS1qeGhq
Gitea Exposes Private Email Addresses
Ecosystems: go
Packages: github.com/go-gitea/gitea
Source: GitHub Advisory Database
Blast Radius: 8.5
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1qOGcyLTZmYzctcThmOM4AA1gY
Pyramid static view path traversal up one directory
Ecosystems: pypi
Packages: pyramid
Source: GitHub Advisory Database
Blast Radius: 19.2
Published: 9 months ago
Moderate
GSA_kwCzR0hTQS01ZjNmLXBnMmMtY3hjds2uSQ
Improper Input Validation in pyftpdlib
Ecosystems: pypi
Packages: pyftpdlib
Source: GitHub Advisory Database
Blast Radius: 13.3
Published: about 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXc5ZmcteGZmaC1wMzYy
Denial of service (via resource exhaustion) due to improper input validation on third-party identifier endpoints
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 7.5
Published: about 3 years ago
Moderate
GSA_kwCzR0hTQS1waGY4LTNxZ3Ytcmc1cc37zQ
Missing Authorization in Jenkins Blue Ocean Plugin
Ecosystems: maven
Packages: io.jenkins.blueocean:blueocean
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLThoNTUtNDlqbS03Mzl4
Directory Traversal in easyquick
Ecosystems: npm
Packages: easyquick
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 5 years ago
Moderate
GSA_kwCzR0hTQS0yMmdqLThxajItZmo0Ns4AAzEK
Moodle External Control of File Name or Path vulnerability
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 7.5
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS01aDN4LTZnd2YtNzNqbc4AA6B2
vantage6 vulnerable to a username timing attack on recover password/MFA token
Ecosystems: pypi
Packages: vantage6
Source: GitHub Advisory Database
Blast Radius: 5.1
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS12MnYyLWhwaDgtcTV4cM4AA4PH
@fastify/reply-from JSON Content-Type parsing confusion
Ecosystems: npm
Packages: @fastify/reply-from
Source: GitHub Advisory Database
Blast Radius: 13.6
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS1qNHAzLTJtMmgtY3Y1Zs3wzA
Cloud Foundry UAA Denial of Service through client token revocation endpoint
Ecosystems: maven
Packages: org.cloudfoundry.identity:cloudfoundry-identity-server
Source: GitHub Advisory Database
Blast Radius: 6.2
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1ybTk3LXg1NTYtcTM2aM4AA5fD
sanitize-html Information Exposure vulnerability
Ecosystems: npm
Packages: sanitize-html
Source: GitHub Advisory Database
Blast Radius: 26.3
Published: 3 months ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWdyNGMtNXJxNi1jZ2gz
OPC UA applications can allow a remote attacker to determine a Server's private key
Ecosystems: nuget
Packages: OPCFoundation.NetStandard.Opc.Ua
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 5 years ago
Moderate
GSA_kwCzR0hTQS02aHdnLXc1amctOWM2eM4AA4-y
Path Traversal in Moby builder
Ecosystems: go
Packages: github.com/docker/docker, github.com/moby/moby
Source: GitHub Advisory Database
Blast Radius: 24.4
Published: 4 months ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXhtNmoteDM0Mi1nd3E5
SilverStripe Versioned Files module Unpublished files are exposed publicly
Ecosystems: packagist
Packages: silverstripe/framework, symbiote/silverstripe-versionedfiles
Source: GitHub Advisory Database
Blast Radius: 19.3
Published: over 4 years ago
Moderate
GSA_kwCzR0hTQS0zNDg3LTNqN2MtN2d3as4AA3XX
Mattermost Uncontrolled Resource Consumption vulnerability
Ecosystems: go
Packages: github.com/mattermost/mattermost-server/v6, github.com/mattermost/mattermost/server/v8
Source: GitHub Advisory Database
Blast Radius: 11.8
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS03Zmo3LTM5d2otYzY0Zs4AAzud
SwiftNIO vulnerable to Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')
Ecosystems: swift
Packages: github.com/apple/swift-nio
Source: GitHub Advisory Database
Blast Radius: 15.8
Published: 12 months ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTQ2YzQtOHdycC1qOTl2
Improper Validation and Sanitization in url-parse
Ecosystems: npm
Packages: url-parse
Source: GitHub Advisory Database
Blast Radius: 34.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS02dzhjLTZqcmctcXdqMs4AActJ
Radicale regex metacharacters injection in the user name
Ecosystems: pypi
Packages: Radicale
Source: GitHub Advisory Database
Blast Radius: 7.8
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS05MzI3LW1xbTYteDk3as4AAWQL
SimpleSAMLphp Information leakage issue in the sanitycheck module
Ecosystems: packagist
Packages: simplesamlphp/simplesamlphp
Source: GitHub Advisory Database
Blast Radius: 13.3
Published: about 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXdmd3EteGM1Ny1mcTd2
eivindfjeldstad-dot contains prototype pollution vulnerability
Ecosystems: npm
Packages: @eivifj/dot
Source: GitHub Advisory Database
Blast Radius: 10.3
Published: almost 3 years ago
Moderate
GSA_kwCzR0hTQS01Mmo5LXYzamMtOXhnY84AAdMF
Tryton allows users to read the hashed password
Ecosystems: pypi
Packages: trytond
Source: GitHub Advisory Database
Blast Radius: 12.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1yZnh4LWd4d2MtOTIzY84AAc9H
Drupal Views can allow unauthorized users to see Statistics information
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 19.7
Published: about 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTR2cGMtNWp4NC1jZnFn
User enumeration leak using switch user functionality in Symfony
Ecosystems: packagist
Packages: symfony/symfony, symfony/security-http
Source: GitHub Advisory Database
Blast Radius: 23.3
Published: over 4 years ago
Moderate
GSA_kwCzR0hTQS12NHZqLTQ5bTUtd2pod84AAb6c
Plone vulnerable to unauthorized disclosure of site content
Ecosystems: pypi
Packages: Plone
Source: GitHub Advisory Database
Blast Radius: 4.5
Published: about 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXY3ZmYtOHdjeC1nbWM1
Authorization Before Parsing and Canonicalization in jetty
Ecosystems: maven
Packages: org.eclipse.jetty:jetty-webapp
Source: GitHub Advisory Database
Blast Radius: 22.7
Published: about 3 years ago
Moderate
GSA_kwCzR0hTQS1tNzI4LXF2eGgteGZqcc4AARXr
Improper Privilege Management in X-Pack
Ecosystems: maven
Packages: org.elasticsearch.plugin:x-pack
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTltNmotZmNnNS0yNDQy
Path traversal in url-parse
Ecosystems: npm
Packages: url-parse
Source: GitHub Advisory Database
Blast Radius: 34.0
Published: about 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXhneGMtdjJxZy1jaG1o
Directory Traversal in Django
Ecosystems: pypi
Packages: Django
Source: GitHub Advisory Database
Blast Radius: 26.8
Published: about 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWNqYzctNDl2Mi1qcDY0
Incomplete validation in `SparseAdd`
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 25.8
Published: almost 3 years ago
Moderate
GSA_kwCzR0hTQS01NDR4LTJqeDktNHBmZ80mzw
Path traversal in Apache Karaf
Ecosystems: maven
Packages: org.apache.karaf:apache-karaf
Source: GitHub Advisory Database
Blast Radius: 16.4
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS13eDU0LTMyNzgtbTVnNM4AAgbg
Integer overflow in BCrypt class in Spring Security
Ecosystems: maven
Packages: org.springframework.security:spring-security-core
Source: GitHub Advisory Database
Blast Radius: 24.6
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS01aHI2LXI4aDYtd2gyMs4AAo5W
JetPack Exposure of Resource to Wrong Sphere
Ecosystems: packagist
Packages: automattic/jetpack
Source: GitHub Advisory Database
Blast Radius: 3.2
Published: almost 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTI0NHItZmNqMy1naGpx
Exposure of class information in RESTEasy
Ecosystems: maven
Packages: org.jboss.resteasy:resteasy-core
Source: GitHub Advisory Database
Blast Radius: 13.5
Published: about 3 years ago
Moderate
GSA_kwCzR0hTQS13M3hnLTdxNm0tM3h3cM3kQg
Improper Access Control in wp-graphql
Ecosystems: packagist
Packages: wp-graphql/wp-graphql
Source: GitHub Advisory Database
Blast Radius: 8.9
Published: about 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTRndzMtOGY3Ny1mNzJj
Regular expression denial of service in codemirror
Ecosystems: npm
Packages: codemirror
Source: GitHub Advisory Database
Blast Radius: 26.8
Published: about 3 years ago
Moderate
GSA_kwCzR0hTQS05bWg4LTlqNjQtNDQzZs4AA0RO
HashiCorp Vault's revocation list not respected
Ecosystems: go
Packages: github.com/hashicorp/vault
Source: GitHub Advisory Database
Blast Radius: 17.8
Published: 11 months ago
Moderate
GSA_kwCzR0hTQS00ODl4LWNjanctcTdjNM4AASsP
Paymorrow Improper Input Validation vulnerability
Ecosystems: packagist
Packages: oxid-esales/paymorrow-module
Source: GitHub Advisory Database
Blast Radius: 2.5
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1nOHhnLWpnajYtNDlyM83ifg
Django is vulnerable to Denial of Service attack in formset
Ecosystems: pypi
Packages: django
Source: GitHub Advisory Database
Blast Radius: 26.8
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1ydmpwLThxajQtOHAyOc4AAyMv
Answer has Observable Timing Discrepancy
Ecosystems: go
Packages: github.com/answerdev/answer
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS0yNTU3LXg5bWctNzZ3OM4AA5Zz
ASA-2024-002: Default `PrepareProposalHandler` may produce invalid proposals when used with default `SenderNonceMempool`
Ecosystems: go
Packages: github.com/cosmos/cosmos-sdk
Source: GitHub Advisory Database
Blast Radius: 17.8
Published: 3 months ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXc5bXAtcDJ3cC0yeGY3
Improper file downloads in Apache Tapestry
Ecosystems: maven
Packages: org.apache.tapestry:tapestry-core
Source: GitHub Advisory Database
Blast Radius: 15.3
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS01eDdtLTY3MzctMjZjcs4AA7Bg
SixLabors.ImageSharp vulnerable to data leakage
Ecosystems: nuget
Packages: SixLabors.ImageSharp
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS05aDZnLXByMjgtN2NxcM4AA4-p
nodemailer ReDoS when trying to send a specially crafted email
Ecosystems: npm
Packages: nodemailer
Source: GitHub Advisory Database
Blast Radius: 28.3
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS03bTlyLXJxOWotd21taM4AAw1h
PocketMine-MP vulnerable to denial-of-service by sending large modal form responses
Ecosystems: packagist
Packages: pocketmine/pocketmine-mp
Source: GitHub Advisory Database
Blast Radius: 11.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1yMnZ3LXA3N2YtdmMyN84AAbYy
phpMyAdmin Bypass logout timeout
Ecosystems: packagist
Packages: phpmyadmin/phpmyadmin
Source: GitHub Advisory Database
Blast Radius: 6.2
Published: about 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTQzZ2MtbWp4Zy1ndnJx
XStream is vulnerable to an Arbitrary Code Execution attack
Ecosystems: maven
Packages: com.thoughtworks.xstream:xstream
Source: GitHub Advisory Database
Blast Radius: 23.4
Published: about 3 years ago
Moderate
GSA_kwCzR0hTQS04aDhwLXgyODktdnZxcs0pyQ
Gitea displaying raw OpenID error in UI
Ecosystems: go
Packages: github.com/go-gitea/gitea
Source: GitHub Advisory Database
Blast Radius: 8.5
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS04cTk1LWpqN3AteDkzeM4AARNT
Openstack Neutron vulnerable to eavesdropping on private traffic
Ecosystems: pypi
Packages: neutron
Source: GitHub Advisory Database
Blast Radius: 11.3
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS0yYzNwLTlqNWYtMzNnM84AASbN
Apache OpenMeetings responds to insecure HTTP methods
Ecosystems: maven
Packages: org.apache.openmeetings:openmeetings-parent
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS01OWg4LWgzNHItcTljds4AAigs
Ignite Realtime Openfire directory traversal vulnerability
Ecosystems: maven
Packages: org.igniterealtime.openfire:parent
Source: GitHub Advisory Database
Blast Radius: 1.6
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1mZjV4LTdxZzUtdndmMs4AA3uh
Denial of service caused by infinite recursion when parsing SVG document
Ecosystems: packagist
Packages: phenx/php-svg-lib
Source: GitHub Advisory Database
Blast Radius: 22.9
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS1oM3E0LXZtdzQtY3ByNc0y9Q
Path Traversal in Gitea
Ecosystems: go
Packages: code.gitea.io/gitea
Source: GitHub Advisory Database
Blast Radius: 8.4
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1qNTY5LWZnaHctZjlyeM3uUg
Ansible sensitive information disclosure
Ecosystems: pypi
Packages: ansible
Source: GitHub Advisory Database
Blast Radius: 22.1
Published: about 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW1oNzQtNG01Zy1mY2p4
Malicious users could abuse Sydent to control the content of invitation emails
Ecosystems: pypi
Packages: matrix-sydent
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWh3ajktaDVtcC0zcG0z
Regular Expression Denial of Service in postcss
Ecosystems: npm
Packages: postcss
Source: GitHub Advisory Database
Blast Radius: 34.8
Published: about 3 years ago
Moderate
GSA_kwCzR0hTQS00Mnh3LXA2MngtaHdjZs3oxA
Improper Access Control in Apache Derby
Ecosystems: maven
Packages: org.apache.derby:derby
Source: GitHub Advisory Database
Blast Radius: 23.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1jM3d2LXFtamotNDVyNs4AA7S8
Information disclosure in podman
Ecosystems: go
Packages: github.com/containers/podman/v2
Source: GitHub Advisory Database
Blast Radius: 5.7
Published: 24 days ago
Moderate
GSA_kwCzR0hTQS13bTYzLTc2MjctY2gzM84AA3P1
@vendure/core's insecure currencyCode handling allows wrong payment amounts
Ecosystems: npm
Packages: @vendure/core
Source: GitHub Advisory Database
Blast Radius: 9.8
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS13eDg3LWg1MzktNDc3Nc0yNQ
Moodle Information Disclosure vulnerability
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 7.5
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1yODk0LTVyN3YtN3J4M84AAwy5
easy-scrypt Observable Timing Discrepancy vulnerability
Ecosystems: go
Packages: github.com/agnivade/easy-scrypt
Source: GitHub Advisory Database
Blast Radius: 1.6
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1mcGZ2LWpxbTktZjVqbc0c3Q
Incorrect Comparison in NumPy
Ecosystems: pypi
Packages: numpy
Source: GitHub Advisory Database
Blast Radius: 30.1
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1nODVyLTZ4MnEtNDV3N84AA7Bf
SixLabors.ImageSharp vulnerable to Memory Allocation with Excessive Size Value
Ecosystems: nuget
Packages: SixLabors.ImageSharp
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS02dmZjLXF2M2YtdnI2Y80hTA
Uncontrolled Resource Consumption in markdown-it
Ecosystems: npm
Packages: markdown-it
Source: GitHub Advisory Database
Blast Radius: 28.2
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS12cXhxLTN3cXYtcjl4cM4AAhk8
Magento 2 Community Edition Information Disclosure
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 5.7
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1nOW1yLTl4ZmMtNGdmN84AAzdc
Insecure Default Initialization In Liferay Portal
Ecosystems: maven
Packages: com.liferay.portal:release.portal.bom
Source: GitHub Advisory Database
Blast Radius: 8.0
Published: 12 months ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJqcXEtOThmNi02ajNy
Improper Input Validation in sanitize-html
Ecosystems: npm
Packages: sanitize-html
Source: GitHub Advisory Database
Blast Radius: 26.3
Published: about 3 years ago
Statistics
Advisories: 18,774
Packages: 8,381
Repositories: 2,494
Ecosystems: 12
Filter by Severity
Moderate 8,161 High 6,452 Critical 2,849 Low 1,017
Filter by Ecosystem
maven 2,589 packagist 2,256 pypi 1,820 npm 1,067 go 899 nuget 567 rubygems 373 cargo 262 hex 14 swift 12 pub 3 actions 3
Filter by Package
moodle/moodle 247 tensorflow 207 tensorflow-cpu 191 tensorflow-gpu 190 org.jenkins-ci.main:jenkins-core 114 magento/community-edition 106 org.apache.tomcat:tomcat 92 pimcore/pimcore 86 typo3/cms 66 microweber/microweber 62 django 54 typo3/cms-core 54 dolibarr/dolibarr 53 apache-airflow 52 phpmyadmin/phpmyadmin 50 drupal/core 46 thorsten/phpmyfaq 45 github.com/usememos/memos 42 actionpack 42 apache-superset 40 drupal/drupal 38 plone 35 concrete5/concrete5 34 showdoc/showdoc 34 github.com/grafana/grafana 33 Plone 32 librenms/librenms 32 ansible 31 nova 31 org.keycloak:keycloak-core 31 github.com/mattermost/mattermost-server/v6 30 moin 27 github.com/mattermost/mattermost/server/v8 27 intelliants/subrion 27 symfony/symfony 27 craftcms/cms 26 silverstripe/framework 25 com.liferay.portal:release.portal.bom 25 snipe/snipe-it 24 org.elasticsearch:elasticsearch 24 baserproject/basercms 22 github.com/answerdev/answer 21 org.apache.struts:struts2-core 20 k8s.io/kubernetes 20 grumpydictator/firefly-iii 19 shopware/platform 18 shopware/shopware 18 rdiffweb 18 froxlor/froxlor 18 matrix-synapse 18 remdex/livehelperchat 18 mediawiki/core 18 nilsteampassnet/teampass 18 getkirby/cms 17 keystone 17 org.apache.tomcat.embed:tomcat-embed-core 16 prestashop/prestashop 15 github.com/argoproj/argo-cd/v2 15 vyper 15 tribalsystems/zenario 14 puppet 14 Django 14 salt 14 glance 14 nokogiri 14 yetiforce/yetiforce-crm 14 mautic/core 13 org.keycloak:keycloak-services 13 forkcms/forkcms 13 org.xwiki.platform:xwiki-platform-oldcore 13 github.com/docker/docker 13 io.undertow:undertow-core 13 Pillow 13 com.jfinal:jfinal 13 shopware/core 13 tinymce 12 github.com/goharbor/harbor 12 org.apache.solr:solr-core 12 github.com/hashicorp/consul 12 org.apache.jspwiki:jspwiki-main 12 com.thoughtworks.xstream:xstream 12 neutron 12 github.com/hashicorp/vault 12 github.com/hashicorp/nomad 11 lavalite/cms 11 DotNetNuke.Core 11 pyftpdlib 11 feehi/feehicms 11 github.com/cilium/cilium 11 genix/cms 11 org.bouncycastle:bcprov-jdk14 11 getgrav/grav 11 github.com/argoproj/argo-cd 11 directus 11 org.keycloak:keycloak-parent 11 @openzeppelin/contracts 10 org.eclipse.jetty:jetty-server 10 notebook 10 github.com/ethereum/go-ethereum 10 ec-cube/ec-cube 10 rack 10 org.springframework.security:spring-security-core 10 github.com/greenpau/caddy-security 10 org.bouncycastle:bcprov-jdk15on 10 fat_free_crm 10 github.com/mattermost/mattermost-server 10 @openzeppelin/contracts-upgradeable 10 contao/core-bundle 10 org.apache.jspwiki:jspwiki-war 10 org.apache.nifi:nifi 10 wallabag/wallabag 10 francoisjacquet/rosariosis 10 com.vaadin:vaadin-bom 10 typo3/cms-backend 10 activesupport 10 joplin 10 github.com/containerd/containerd 10 org.springframework:spring-core 10 PaddlePaddle 10 helm.sh/helm/v3 10 swagger-ui 9 roundup 9 TinyMCE 9 org.igniterealtime.openfire:parent 9 org.mortbay.jetty:jetty 9 cakephp/cakephp 9 org.jenkins-ci.plugins:git 9 org.opencrx:opencrx-core-models 9 ghost 9 zendframework/zendframework1 9 gogs.io/gogs 9 angular 9 bolt/bolt 9 publify_core 9 rubygems-update 9 org.jenkins-ci.plugins:script-security 9 horizon 9 ckeditor4 9 tinymce/tinymce 9 code.gitea.io/gitea 9 github.com/openfga/openfga 8 org.apache.activemq:activemq-client 8 wasmtime 8 org.apache.archiva:archiva 8 electron 8 simplesamlphp/simplesamlphp 8 rails-html-sanitizer 8 jquery-rails 8 github.com/kubeedge/kubeedge 8 opencv-python 8 bootstrap 8 org.opencms:opencms-core 8 laravel/framework 8 org.jenkins-ci.plugins:electricflow 8 editor.md 8 rails 8 sylius/sylius 8 contao/contao 8 silverstripe/cms 8 centreon/centreon 8 opencv-contrib-python 8 Microsoft.ChakraCore 8 impresscms/impresscms 8 actionview 8 io.jenkins:configuration-as-code 7 github.com/moby/moby 7 modoboa 7 com.vaadin:flow-server 7 pyload-ng 7 silverstripe/admin 7 trytond 7 phpbb/phpbb 7 admidio/admidio 7 aiohttp 7 validator 7 org.apache.cxf:cxf-core 7 org.opennms:opennms 7 kevinpapst/kimai2 7 io.jenkins.blueocean:blueocean 7 pillow 7 wagtail 7 org.apache.santuario:xmlsec 7 org.bouncycastle:bcprov-jdk15 7 jquery-ui 7 jquery-ui-rails 7 org.bouncycastle:bcprov-jdk15to18 7 org.webjars.npm:jquery-ui 7 jQuery.UI.Combined 7 github.com/google/fscrypt 7 org.owasp.antisamy:antisamy 7 org.jenkins-ci.plugins:subversion 7 phpmyfaq/phpmyfaq 7 activerecord 7 next 7 org.jenkins-ci.plugins:email-ext 7 OctoPrint 7 org.apache.james:james-server 7 github.com/1Panel-dev/1Panel 7 swift 7 vantage6 7
Filter by Repository
https://github.com/tensorflow/tensorflow 207 https://github.com/moodle/moodle 164 https://github.com/jenkinsci/jenkins 90 https://github.com/pimcore/pimcore 83 https://github.com/microweber/microweber 58 https://github.com/django/django 57 https://github.com/apache/tomcat 53 https://github.com/apache/airflow 51 https://github.com/thorsten/phpmyfaq 45 https://github.com/usememos/memos 42 https://github.com/xwiki/xwiki-platform 38 https://github.com/TYPO3/typo3 35 https://github.com/kubernetes/kubernetes 33 https://github.com/rails/rails 33 https://github.com/star7th/showdoc 32 https://github.com/librenms/librenms 30 https://github.com/plone/Products.CMFPlone 29 https://github.com/grafana/grafana 29 https://github.com/keycloak/keycloak 27 https://github.com/ansible/ansible 26 https://github.com/phpmyadmin/phpmyadmin 22 https://github.com/symfony/symfony 22 https://github.com/spring-projects/spring-framework 21 https://github.com/craftcms/cms 21 https://github.com/answerdev/answer 21 https://github.com/openstack/nova 21 https://github.com/Dolibarr/dolibarr 21 https://github.com/snipe/snipe-it 20 https://github.com/apache/activemq 19 https://github.com/argoproj/argo-cd 19 https://github.com/concretecms/concretecms 19 https://github.com/firefly-iii/firefly-iii 19 https://github.com/ikus060/rdiffweb 18 https://github.com/python-pillow/Pillow 18 https://github.com/livehelperchat/livehelperchat 18 https://github.com/matrix-org/synapse 17 https://github.com/shopware/platform 17 https://github.com/apache/struts 17 https://github.com/magento/magento2 16 https://github.com/shopware/shopware 16 https://github.com/vyperlang/vyper 15 https://github.com/openstack/keystone 15 https://github.com/CVEProject/cvelist 15 https://github.com/PaddlePaddle/Paddle 14 https://github.com/froxlor/froxlor 14 https://github.com/yetiforcecompany/yetiforcecrm 14 https://github.com/OpenNMS/opennms 14 https://github.com/TYPO3/TYPO3.CMS 14 https://github.com/go-gitea/gitea 13 https://github.com/octobercms/october 13 https://github.com/getkirby/kirby 13 https://github.com/x-stream/xstream 13 https://github.com/mautic/mautic 13 https://github.com/goharbor/harbor 12 https://github.com/netty/netty 12 https://github.com/PrestaShop/PrestaShop 12 https://github.com/tinymce/tinymce 12 https://github.com/apache/cxf 12 https://github.com/contao/contao 11 https://github.com/intelliants/subrion 11 https://github.com/forkcms/forkcms 11 https://github.com/silverstripe/silverstripe-framework 11 https://github.com/cilium/cilium 11 https://github.com/saltstack/salt 10 https://github.com/laurent22/joplin 10 https://github.com/ethereum/go-ethereum 10 https://github.com/moby/moby 10 https://github.com/liufee/cms 10 https://github.com/baserproject/basercms 10 https://github.com/nilsteampassnet/TeamPass 10 https://github.com/OpenZeppelin/openzeppelin-contracts 10 https://github.com/vaadin/platform 10 https://github.com/helm/helm 10 https://github.com/greenpau/caddy-security 10 https://github.com/containerd/containerd 10 https://github.com/mattermost/mattermost 10 https://github.com/directus/directus 10 https://github.com/github/advisory-database 9 https://github.com/strapi/strapi 9 https://github.com/electron/electron 9 https://github.com/geoserver/geoserver 9 https://github.com/fatfreecrm/fat_free_crm 9 https://github.com/apache/nifi 9 https://github.com/publify/publify 9 https://github.com/jquery/jquery 9 https://github.com/puppetlabs/puppet 9 https://github.com/sparklemotion/nokogiri 9 https://github.com/jenkinsci/git-plugin 9 https://github.com/getgrav/grav 8 https://github.com/pandao/editor.md 8 https://github.com/LavaLite/cms 8 https://github.com/openfga/openfga 8 https://github.com/swagger-api/swagger-ui 8 https://github.com/eclipse/jetty.project 8 https://github.com/ckeditor/ckeditor4 8 https://github.com/bcgit/bc-java 8 https://github.com/rails/rails-html-sanitizer 8 https://github.com/TryGhost/Ghost 8 https://github.com/openstack/glance 8 https://github.com/hashicorp/consul 8 https://github.com/rack/rack 8 https://github.com/rubygems/rubygems 8 https://github.com/bytecodealliance/wasmtime 8 https://github.com/wallabag/wallabag 8 https://github.com/nilsteampassnet/teampass 8 https://github.com/kubeedge/kubeedge 8 https://github.com/jupyter/notebook 8 https://github.com/twbs/bootstrap 7 https://github.com/aio-libs/aiohttp 7 https://github.com/vaadin/flow 7 https://github.com/pyload/pyload 7 https://github.com/nahsra/antisamy 7 https://github.com/opencv/opencv 7 https://github.com/dolibarr/dolibarr 7 https://github.com/hashicorp/vault 7 https://github.com/laravel/framework 7 https://github.com/traefik/traefik 7 https://github.com/wagtail/wagtail 7 https://github.com/scrapy/scrapy 7 https://github.com/apache/zeppelin 7 https://github.com/dotnet/runtime 7 https://github.com/openstack/horizon 7 https://github.com/chakra-core/ChakraCore 7 https://github.com/jeecgboot/jeecg-boot 7 https://github.com/vantage6/vantage6 7 https://github.com/thorsten/phpMyFAQ 7 https://github.com/jenkinsci/blueocean-plugin 7 https://github.com/modoboa/modoboa 7 https://github.com/google/fscrypt 7 https://github.com/1Panel-dev/1Panel 7 https://github.com/gogs/gogs 7 https://github.com/kevinpapst/kimai2 7 https://github.com/giampaolo/pyftpdlib 7 https://github.com/cui2shark/security 6 https://github.com/parse-community/parse-server 6 https://github.com/opensearch-project/security 6 https://github.com/neorazorx/facturascripts 6 https://github.com/ipython/ipython 6 https://github.com/cloudflare/cfrpki 6 https://github.com/jenkinsci/configuration-as-code-plugin 6 https://github.com/pimcore/customer-data-framework 6 https://github.com/jenkinsci/config-file-provider-plugin 6 https://github.com/opencast/opencast 6 https://github.com/panva/jose 6 https://github.com/igniterealtime/Openfire 6 https://github.com/croogo/croogo 6 https://github.com/backstage/backstage 6 https://github.com/jenkinsci/fortify-on-demand-uploader-plugin 6 https://github.com/jquery/jquery-ui 6 https://github.com/urllib3/urllib3 6 https://github.com/dompdf/dompdf 6 https://github.com/containers/podman 6 https://github.com/d4wner/Vulnerabilities-Report 6 https://github.com/umbraco/Umbraco-CMS 6 https://github.com/pimcore/admin-ui-classic-bundle 6 https://github.com/onionshare/onionshare 6 https://github.com/cubefs/cubefs 6 https://github.com/faucetsdn/ryu 6 https://github.com/simplesamlphp/simplesamlphp 6 https://github.com/oroinc/orocommerce 6 https://github.com/jenkinsci/script-security-plugin 6 https://github.com/Sylius/Sylius 6 https://github.com/nocodb/nocodb 6 https://github.com/OctoPrint/OctoPrint 5 https://github.com/cosmos/cosmos-sdk 5 https://github.com/cri-o/cri-o 5 https://github.com/rancher/rancher 5 https://github.com/sulu/sulu 5 https://github.com/opencontainers/runc 5 https://github.com/pmmp/PocketMine-MP 5 https://github.com/cloudfoundry/uaa 5 https://github.com/hashicorp/nomad 5 https://github.com/lief-project/LIEF 5 https://github.com/admidio/admidio 5 https://github.com/unshiftio/url-parse 5 https://github.com/hyperium/hyper 5 https://github.com/puma/puma 5 https://github.com/apache/superset 5 https://github.com/mantisbt/mantisbt 5 https://github.com/etcd-io/etcd 5 https://github.com/paritytech/frontier 5 https://github.com/gradio-app/gradio 5 https://github.com/nervosnetwork/ckb 5 https://github.com/cakephp/cakephp 5 https://github.com/evershopcommerce/evershop 5 https://github.com/NodeBB/NodeBB 5 https://github.com/TribalSystems/Zenario 5 https://github.com/kivikakk/comrak 5 https://github.com/jenkinsci/codedx-plugin 5 https://github.com/alextselegidis/easyappointments 5 https://github.com/apache/tika 5 https://bitbucket.org/snakeyaml/snakeyaml 5 https://github.com/bolt/bolt 5 https://github.com/zitadel/zitadel 5 https://github.com/jenkinsci/subversion-plugin 5 https://github.com/lxml/lxml 5 https://github.com/xuxueli/xxl-job 5 https://github.com/yiisoft/yii2 5 https://github.com/apache/dolphinscheduler 5