Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Critical Security Advisories

Loading...
Critical
GSA_kwCzR0hTQS14cDdwLTNneDctajZ3eM0kHw
calibre-web is vulnerable to Business Logic Errors
Ecosystems: pypi
Packages: calibreweb
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS1wcXdoLTQ0amotcDVybc4AAQXh
Hostname verification in Apache HttpClient 4.3 was disabled by default
Ecosystems: maven
Packages: org.apache.httpcomponents:httpclient
Source: GitHub Advisory Database
Blast Radius: 50.5
Published: about 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTRqajQtbTUycC04cngz
Prototype pollution in set-object-value
Ecosystems: npm
Packages: set-object-value
Source: GitHub Advisory Database
Blast Radius: 10.6
Published: about 3 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWo3N3EtMnFxZy02OTg5
Apache Struts vulnerable to remote arbitrary command execution due to improper input validation
Ecosystems: maven
Packages: org.apache.struts:struts2-core
Source: GitHub Advisory Database
Blast Radius: 37.9
Published: over 5 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWZnZmotcmoyNC1tajdx
Malicious Package in kraken-api
Ecosystems: npm
Packages: kraken-api
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Critical
GSA_kwCzR0hTQS1wNHhoLTQ4NjktOHZyZ84AApw_
AdaptiveScale LXDUI Hardcoded JWT Secret Key
Ecosystems: pypi
Packages: lxdui
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS03MjlmLXd2ajMtYzRwas0Vzw
Remote code execution in UReport
Ecosystems: maven
Packages: com.bstek.ureport:ureport2-core
Source: GitHub Advisory Database
Blast Radius: 10.9
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS14ZzQ3LXI2N3Atdmh2Nc4AAWdB
Improper Input Validation in Deap
Ecosystems: npm
Packages: deap
Source: GitHub Advisory Database
Blast Radius: 38.9
Published: about 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXdydmMtNzJ3Ny14cG1q
Incorrect Comparison in sodiumoxide
Ecosystems: cargo
Packages: sodiumoxide
Source: GitHub Advisory Database
Blast Radius: 28.6
Published: over 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLThocTItZmNxbS0zOWhx
Malicious Package in rimrafall
Ecosystems: npm
Packages: rimrafall
Source: GitHub Advisory Database
Blast Radius: 5.9
Published: over 3 years ago
Critical
GSA_kwCzR0hTQS1mOGZ2LWY3ODYtOTkzM80skg
Magento improper input validation vulnerability
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 10.6
Published: about 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLThtcmYtNjRmdy0yeDc1
Command injection in fs-path
Ecosystems: npm
Packages: fs-path
Source: GitHub Advisory Database
Blast Radius: 27.6
Published: about 3 years ago
Critical
GSA_kwCzR0hTQS04Y3hwLWNqbTgtZmozNs4AAj0O
Improper Neutralization of Special Elements used in an OS Command in Blamer
Ecosystems: npm
Packages: blamer
Source: GitHub Advisory Database
Blast Radius: 31.6
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS02dzg5LWM2NXctangyY84AAxE2
Jeecg-boot is vulnerable to SQL injection
Ecosystems: maven
Packages: org.jeecgframework.boot:jeecg-module-system, org.jeecgframework.boot:jeecg-boot-base-core
Source: GitHub Advisory Database
Blast Radius: 23.2
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS00Z3FwLTI5NnItajVtcc4AAUrW
Apache XML-RPC vulnerable to Deserialization of Untrusted Data
Ecosystems: maven
Packages: org.apache.xmlrpc:xmlrpc
Source: GitHub Advisory Database
Blast Radius: 13.2
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS00NW14LWc4NW0td3dtM84AApcx
Obsidian does not require user confirmation for non-http/https URLs.
Ecosystems: npm
Packages: obsidian
Source: GitHub Advisory Database
Blast Radius: 29.5
Published: almost 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLThtbWYtcXA3ai0ydzI0
Malicious Package in colour-string
Ecosystems: npm
Packages: colour-string
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXBtOXYtMzI1Zi01Zzc0
Malicious Package in saync
Ecosystems: npm
Packages: saync
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Critical
GSA_kwCzR0hTQS1nMmMzLXZ3ZmYtbTN4cs4AAuhr
Font-Converter Vulnerable to Arbitrary Command Injection
Ecosystems: npm
Packages: font-converter
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS13Z3htLXJnNTMtaDJjNs4AAnAt
Prototype pollution vulnerability in 'deep-set'
Ecosystems: npm
Packages: deep-set
Source: GitHub Advisory Database
Blast Radius: 20.9
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS14NzR4LXFmNWotMzVqaM33fg
Sandbox bypass vulnerability in Jenkins Pipeline: Groovy Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins.workflow:workflow-cps
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS00d2M2LWhxdjktcWM5N84AAz9s
XWiki Platform vulnerable to stored cross-site scripting in ClassEditSheet page via name parameters
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-appwithinminutes-ui
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 11 months ago
Critical
GSA_kwCzR0hTQS05NXJwLTZncXAtNjYyMs4AA1lI
Command Injection Vulnerability in find-exec
Ecosystems: npm
Packages: find-exec
Source: GitHub Advisory Database
Blast Radius: 27.4
Published: 9 months ago
Critical
GSA_kwCzR0hTQS03dnhyLTZjeGctajN4OM0WRw
OS Command Injection in ftpd
Ecosystems: rubygems
Packages: ftpd
Source: GitHub Advisory Database
Blast Radius: 12.1
Published: over 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTUzangtNHd3aC1nY3Fq
Malicious Package in angular-location-update
Ecosystems: npm
Packages: angular-location-update
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Critical
GSA_kwCzR0hTQS1qZjg2LTk0MzQtZjhjMs4AAi3L
Keycloak Authentication Error
Ecosystems: maven
Packages: org.keycloak:keycloak-parent
Source: GitHub Advisory Database
Blast Radius: 15.8
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS14MzhqLTRycjUtaHFyas4AAnOo
git-big-picture Code Execution
Ecosystems: pypi
Packages: git-big-picture
Source: GitHub Advisory Database
Blast Radius: 3.0
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS02MzI1LTZnMzItN3AzNc4AAxNI
flash_tool Gem for Ruby File Download Handling Arbitrary Command Execution
Ecosystems: rubygems
Packages: flash_tool
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS05MnJ2LTRqMmgtOG1qas4AA1xE
Snappy PHAR deserialization vulnerability
Ecosystems: packagist
Packages: knplabs/knp-snappy
Source: GitHub Advisory Database
Blast Radius: 32.6
Published: 8 months ago
Critical
GSA_kwCzR0hTQS1oNnhnLXJnMzMtOW1mNM4AAolT
deep-defaults vulnerable to prototype pollution
Ecosystems: npm
Packages: deep-defaults
Source: GitHub Advisory Database
Blast Radius: 32.4
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS1mNDc1LXg4M20tcng1bc4AA3Ax
Label Studio has Hardcoded Django `SECRET_KEY` that can be Abused to Forge Session Tokens
Ecosystems: pypi
Packages: label-studio
Source: GitHub Advisory Database
Blast Radius: 15.6
Published: 6 months ago
Critical
GSA_kwCzR0hTQS04NjZ3LXdtNGgtOTVjNs4AAvP-
thlorenz browserify-shim vulnerable to prototype pollution
Ecosystems: npm
Packages: browserify-shim
Source: GitHub Advisory Database
Blast Radius: 40.4
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS04bW1tLTl2MnEteDNmOc4AAvPk
tschaub gh-pages vulnerable to prototype pollution
Ecosystems: npm
Packages: gh-pages
Source: GitHub Advisory Database
Blast Radius: 53.7
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS12bXFxLTdxdngtNjhxeM4AAjn8
promise-probe OS command injection vulnerability
Ecosystems: npm
Packages: promise-probe
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS01ODh3LXc2bXYtM2N3Nc3sUg
Ansible Insertion of Sensitive Information into Log File vulnerability
Ecosystems: pypi
Packages: ansible
Source: GitHub Advisory Database
Blast Radius: 40.8
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS1wM3I1LXgzaHItZ3BnNc4AA10e
OpenRefine Remote Code execution in project import with mysql jdbc url attack
Ecosystems: maven
Packages: org.openrefine:database
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 8 months ago
Critical
GSA_kwCzR0hTQS1yYzU3LTlyM3gtOThjcc4AArse
XML External Entity Reference in drools
Ecosystems: maven
Packages: org.drools:drools-core
Source: GitHub Advisory Database
Blast Radius: 33.3
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS04NDc4LTUzcHYtanh2bc0pvQ
Joplin Vulnerable to Code Injection
Ecosystems: npm
Packages: joplin
Source: GitHub Advisory Database
Blast Radius: 14.0
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS00bXEyLWdjNGotY213Ns4AA4Y6
Django Template Engine Vulnerable to XSS
Ecosystems: go
Packages: github.com/gofiber/template/django/v3
Source: GitHub Advisory Database
Blast Radius: 6.5
Published: 4 months ago
Critical
GSA_kwCzR0hTQS05N3g5LTU5cnYtcTVwbc4AA4Tl
Hyperledger Aries Cloud Agent Python result of presentation verification not checked for LDP-VC
Ecosystems: pypi
Packages: aries-cloudagent
Source: GitHub Advisory Database
Blast Radius: 14.3
Published: 4 months ago
Critical
GSA_kwCzR0hTQS1qcDN3LTNxODgtMzRjZs4AArs0
Miscomputation when performing AES encryption in rust-crypto
Ecosystems: cargo
Packages: rust-crypto
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXAzMmctMjQyYy03Nmgz
Malicious Package in geoheat
Ecosystems: npm
Packages: geoheat
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Critical
GSA_kwCzR0hTQS05YzI0LWczMmctMzVyas4AAWPD
Drupal PECL YAML parser unsafe object handling
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 36.5
Published: about 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWYydnYtaDV4NC01N2dy
Leak of information via Store-API
Ecosystems: packagist
Packages: shopware/platform
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Critical
GSA_kwCzR0hTQS14OXE0LXF3ZmgtOWdqcc4AAxJ-
Session fixation vulnerability in Jenkins Bitbucket OAuth Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:bitbucket-oauth
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZyaHgtaHF4bS04cDM2
Double free in http
Ecosystems: cargo
Packages: http
Source: GitHub Advisory Database
Blast Radius: 45.4
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS01NGp3LWpxcjktNmNqOc4AAxM2
Command injection in vagrant.js
Ecosystems: npm
Packages: vagrant.js
Source: GitHub Advisory Database
Blast Radius: 3.0
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS1qOHdyLWZ3ZjItdnZyOc4AAxM9
Command Injection in create-choo-electron
Ecosystems: npm
Packages: create-choo-electron
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJ4cGctM2h4NC1mbTly
Out of bounds read in xcb
Ecosystems: cargo
Packages: xcb
Source: GitHub Advisory Database
Blast Radius: 32.6
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS02cHFmLWM5OXAtNzU4ds4AA0KO
org.xwiki.commons:xwiki-commons-xml's HTML sanitizer allows form elements in restricted
Ecosystems: maven
Packages: org.xwiki.commons:xwiki-commons-xml
Source: GitHub Advisory Database
Blast Radius: 17.2
Published: 11 months ago
Critical
GSA_kwCzR0hTQS01Z2M0LWN4OXgtOWM0M84AArd5
Code Injection in metacalc
Ecosystems: npm
Packages: metacalc
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS1yd2h4LTZoeDctcHFjOM4AA2As
SQL injection in jeecgboot
Ecosystems: maven
Packages: org.jeecgframework.boot:jeecg-boot-common
Source: GitHub Advisory Database
Blast Radius: 20.1
Published: 8 months ago
Critical
GSA_kwCzR0hTQS14N20zLWpwcmctd2M1Z84AA2Bl
Gevent allows remote attacker to escalate privileges
Ecosystems: pypi
Packages: gevent
Source: GitHub Advisory Database
Blast Radius: 44.7
Published: 8 months ago
Critical
GSA_kwCzR0hTQS02amhtLTR2bXgtbXI3Ns0mbA
SQL injection in Moodle
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 13.9
Published: over 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXYyNnctZ2N4aC12NHI3
Prototype polluation in just-safe-set
Ecosystems: npm
Packages: just-safe-set
Source: GitHub Advisory Database
Blast Radius: 32.2
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS0zcDYyLTZmamgtM3A1aM4AA0KH
Keycloak vulnerable to cross-site scripting when validating URI-schemes on SAML and OIDC
Ecosystems: maven
Packages: org.keycloak:keycloak-services
Source: GitHub Advisory Database
Blast Radius: 27.5
Published: 11 months ago
Critical
GSA_kwCzR0hTQS03bWhjLXByZ3YtcjNxNM0j-w
Access of Resource Using Incompatible Type in Hermes
Ecosystems: npm
Packages: hermes-engine
Source: GitHub Advisory Database
Blast Radius: 52.3
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS01MnZqLW1yMmotZjhqaM4AArVX
Server-Side Template Injection in formio
Ecosystems: npm
Packages: formio
Source: GitHub Advisory Database
Blast Radius: 9.8
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS00cmNoLTJmaDgtOTR2d84AA7Pp
MySQL2 for Node Arbitrary Code Injection
Ecosystems: npm
Packages: mysql2
Source: GitHub Advisory Database
Blast Radius: 50.0
Published: 25 days ago
Critical
GSA_kwCzR0hTQS01OHY3LTU4YzItcXdtOc4AA2Jv
phpMyFAQ Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: thorsten/phpmyfaq
Source: GitHub Advisory Database
Blast Radius: 5.5
Published: 8 months ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWp3MzctNWdxci1jZjlq
Server-Side Request Forgery in ftp-srv
Ecosystems: npm
Packages: ftp-srv
Source: GitHub Advisory Database
Blast Radius: 18.3
Published: over 3 years ago
Critical
GSA_kwCzR0hTQS1nZmY3LWc1cjgtbWc4bc01GA
Prototype Pollution in simple-plist
Ecosystems: npm
Packages: simple-plist
Source: GitHub Advisory Database
Blast Radius: 54.0
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS02djM5LXAyeHEtZzVjM80mjg
Missing authentication in ShenYu
Ecosystems: maven
Packages: org.apache.shenyu:shenyu-common
Source: GitHub Advisory Database
Blast Radius: 15.0
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS03dmY0LXg1bTItcjZncs4AA7QP
OpenMetadata vulnerable to SpEL Injection in `PUT /api/v1/policies` (`GHSL-2023-252`)
Ecosystems: maven
Packages: org.open-metadata:openmetadata-service
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 24 days ago
Critical
GSA_kwCzR0hTQS14MncyLXFndjYtOHhybc39cw
Elefant CMS PHP Code Execution Vulnerability
Ecosystems: packagist
Packages: elefant/cms
Source: GitHub Advisory Database
Blast Radius: 5.9
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS0yanh3LTRobTQtNnc4N84AA4mj
SQL injection in llama-index
Ecosystems: pypi
Packages: llama-index
Source: GitHub Advisory Database
Blast Radius: 31.0
Published: 4 months ago
Critical
GSA_kwCzR0hTQS02N3EzLWd3d3ctcG00Z84AAbLM
Apache OpenMeetings does not correctly validate uploaded XML documents
Ecosystems: maven
Packages: org.apache.openmeetings:openmeetings-parent
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS00ZzgyLTNqY3ItcTUyd84AArNL
Malware in ctx
Ecosystems: pypi
Packages: ctx
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS1xaDl3LXI3ZzUtcTkzOc4AA7QZ
Zend Framework SQL injection vulnerability
Ecosystems: packagist
Packages: zendframework/zendframework, zendframework/zend-db, zendframework/zendframework1
Source: GitHub Advisory Database
Blast Radius: 38.2
Published: 24 days ago
Critical
GSA_kwCzR0hTQS1mNmpwLWo2dzMtdzlobc0V4A
Apache Shiro vulnerable to a specially crafted HTTP request causing an authentication bypass
Ecosystems: maven
Packages: org.apache.shiro:shiro-core
Source: GitHub Advisory Database
Blast Radius: 41.9
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS03Zmg5LTkzM2ctODg1cM4AAUGf
Drupal Core Remote Code Execution Vulnerability
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 36.5
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS0yOTd4LWo5cG0teGpnZ84AA7QY
Drupal Core Remote Code Execution Vulnerability
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 36.5
Published: 24 days ago
Critical
GSA_kwCzR0hTQS0yNW14LTJteG0tNjM0M84AAvsH
@keystone-6/core's NODE_ENV defaults to development with esbuild
Ecosystems: npm
Packages: @keystone-6/core
Source: GitHub Advisory Database
Blast Radius: 20.8
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS1mNHF4LWpxZnEtNzc4Nc4AASZQ
Drupal Entity access bypass for entities that do not have UUIDs or have protected revisions
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 36.5
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS00eDVoLXhtdjQtOTl3eM4AA0Vr
Apache Linkis Authentication Bypass vulnerability
Ecosystems: maven
Packages: org.apache.linkis:linkis
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 11 months ago
Critical
GSA_kwCzR0hTQS03eDM2LWg2Mnctdnc2Nc0frA
Out-of-bounds Write in actix-web
Ecosystems: cargo
Packages: actix-web
Source: GitHub Advisory Database
Blast Radius: 37.6
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS1jOXZ2LWZoZ3YtY2pjM84AA5aA
agent-js: Insecure Key Generation in `Ed25519KeyIdentity.generate`
Ecosystems: npm
Packages: @dfinity/auth-client, @dfinity/identity
Source: GitHub Advisory Database
Blast Radius: 22.9
Published: 3 months ago
Critical
GSA_kwCzR0hTQS13eHFwLWp3YzktZzM5eM4AAoYB
Drupal Core Access bypass vulnerability
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 36.5
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS1wNDZjLXc5bTMtN3FyMs0fqg
Use of Uninitialized Resource in flumedb.
Ecosystems: cargo
Packages: flumedb
Source: GitHub Advisory Database
Blast Radius: 3.0
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS1nY2h2LTM2NGgtcjg5Ns3jtg
XML External Entity Reference in apache jena
Ecosystems: maven
Packages: org.apache.jena:jena
Source: GitHub Advisory Database
Blast Radius: 17.8
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS0zZnB2LTU0ZmYtd3Fmas3jyQ
Deserialization of Untrusted Data in topthink/framework
Ecosystems: packagist
Packages: topthink/framework
Source: GitHub Advisory Database
Blast Radius: 34.4
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS02cDNjLXY4dmMtYzI0NM0fkg
The `total_size` function for partial read the length of any `FixVec` is incorrect in molecule.
Ecosystems: cargo
Packages: molecule
Source: GitHub Advisory Database
Blast Radius: 20.9
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS01dnJjLTdqZnItNDY0Ms4AAtxv
monorepo-build Command Injection vulnerability
Ecosystems: npm
Packages: monorepo-build
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS1mYzd4LTJjbWMtOGoyZ80fkw
Incorrect hash in sha2
Ecosystems: cargo
Packages: sha2
Source: GitHub Advisory Database
Blast Radius: 44.8
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS13OHhoLTkzcWgtMzV2d8068Q
Unrestricted Upload of File with Dangerous Type in Payload
Ecosystems: npm
Packages: payload
Source: GitHub Advisory Database
Blast Radius: 25.9
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS0yZ3hqLXFycDItNTNqds0flA
Incorrect reliance on Trait memory layout in mopa
Ecosystems: cargo
Packages: mopa
Source: GitHub Advisory Database
Blast Radius: 27.3
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS1jaGo3LXczZjYtY3Zmas4AA4mF
Code Injection in paddlepaddle
Ecosystems: pypi
Packages: paddlepaddle
Source: GitHub Advisory Database
Blast Radius: 31.1
Published: 4 months ago
Critical
GSA_kwCzR0hTQS13cDZjLTI5cjMtanF3Oc4AA08A
SQL injection in jeecg-boot
Ecosystems: maven
Packages: org.jeecgframework.boot:jeecg-boot-common
Source: GitHub Advisory Database
Blast Radius: 20.1
Published: 10 months ago
Critical
GSA_kwCzR0hTQS04Z2ptLWgzeGotbXA2d80fkQ
RPC call failure in ckb
Ecosystems: cargo
Packages: ckb
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS12Z3Y4LTVjcGotcWoyZs4AA5bL
pymatgen vulnerable to arbitrary code execution when parsing a maliciously crafted JonesFaithfulTransformation transformation_string
Ecosystems: pypi
Packages: pymatgen
Source: GitHub Advisory Database
Blast Radius: 25.0
Published: 3 months ago
Critical
GSA_kwCzR0hTQS1ndmo4LTRjajQtaDc3Ns1RFA
Object state limitation has no effect
Ecosystems: packagist
Packages: ibexa/core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS1tcXc5LTNjam0teHdwM84AAvIw
Moodle Minor SQL injection risk in admin user browsing
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 13.9
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS0yaG1tLXEyNzIteG1oZs4AAvIu
Moodle remote code execution
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 13.9
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS02eHhyLTY0OG0tZ2NoNs4AA0ic
XWiki Platform vulnerable to cross-site request forgery (CSRF) via the REST API
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-rest-server, com.xpn.xwiki.platform:xwiki-rest, com.xpn.xwiki.platform:xwiki-core-rest-server
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 10 months ago
Critical
GSA_kwCzR0hTQS14aHEzLTQ1NXIteHY0NM4AAayr
Moodle SQL injection via user preferences
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 13.9
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS05N2htLTJtZnItMnA5N84AA0f9
TeamPass Code Injection vulnerability
Ecosystems: packagist
Packages: nilsteampassnet/teampass
Source: GitHub Advisory Database
Blast Radius: 5.5
Published: 10 months ago
Critical
GSA_kwCzR0hTQS03N2g4LTVqM2gtamNqZs4AAxTc
Dromara Hutool Deserialization of Untrusted Data vulnerability
Ecosystems: maven
Packages: cn.hutool:hutool-all
Source: GitHub Advisory Database
Blast Radius: 41.0
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS05dzdmLW00ajQtajN4d80g4g
Gerapy < 0.9.8 may cause remote code execution
Ecosystems: pypi
Packages: gerapy
Source: GitHub Advisory Database
Blast Radius: 15.0
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS1jNmg0LWdjM2YtaGdqcc0eZw
Prototype Pollution in js-data
Ecosystems: npm
Packages: js-data
Source: GitHub Advisory Database
Blast Radius: 25.4
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS1wY2NyLXE3djktNWYyN80eMw
Apache Solr Improper Input Validation and Path Traversal
Ecosystems: maven
Packages: org.apache.solr:solr-parent
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
Statistics
Advisories: 18,774
Packages: 8,381
Repositories: 1,300
Ecosystems: 12
Filter by Severity
Moderate 8,161 High 6,452 Critical 2,849 Low 1,017
Filter by Ecosystem
npm 953 maven 826 packagist 493 pypi 370 go 215 cargo 154 rubygems 110 nuget 49 actions 4 hex 4 swift 2
Filter by Package
magento/community-edition 34 com.fasterxml.jackson.core:jackson-databind 24 dolibarr/dolibarr 23 org.jenkins-ci.main:jenkins-core 18 net.mingsoft:ms-mcms 18 salt 17 moodle/moodle 15 drupal/core 14 topthink/framework 13 com.liferay.portal:release.portal.bom 13 com.liferay.portal:release.dxp.bom 12 org.apache.dubbo:dubbo 12 langchain 12 mlflow 12 magento/core 11 org.apache.struts:struts2-core 11 apache-airflow 10 vm2 10 drupal/drupal 10 tensorflow 9 phpmyadmin/phpmyadmin 9 org.xwiki.platform:xwiki-platform-oldcore 9 funadmin/funadmin 9 tensorflow-gpu 8 tensorflow-cpu 8 paddlepaddle 8 froxlor/froxlor 8 org.jeecgframework.boot:jeecg-boot-common 8 shopware/platform 8 rdiffweb 8 org.xwiki.platform:xwiki-platform-web-templates 8 rusqlite 7 studio-42/elfinder 7 org.xwiki.platform:xwiki-platform-administration-ui 7 sequelize 7 gogs.io/gogs 7 ansible 7 symfony/symfony 7 thorsten/phpmyfaq 6 github.com/answerdev/answer 6 github.com/argoproj/argo-cd 6 parse-server 6 aaptjs 6 ezsystems/ezpublish-kernel 6 mautic/core 5 Microsoft.ChakraCore 5 django 5 org.jenkins-ci.plugins:script-security 5 org.xwiki.platform:xwiki-platform-web 5 safe-eval 5 org.jeecgframework.boot:jeecg-boot-parent 5 org.apache.inlong:manager-pojo 5 mercurial 5 org.apache.shiro:shiro-core 5 centreon/centreon 5 zendframework/zendframework 5 org.apache.activemq:activemq-client 5 shopware/core 5 prestashop/prestashop 5 ckb 5 steal 5 org.xwiki.commons:xwiki-commons-xml 5 Pillow 5 nodebb 5 org.cloudfoundry.identity:cloudfoundry-identity-server 4 github.com/grafana/grafana 4 nukeviet/nukeviet 4 github.com/argoproj/argo-cd/v2 4 org.apache.kylin:kylin-server-base 4 openssl-src 4 org.apache.tapestry:tapestry-core 4 baserproject/basercms 4 org.xwiki.platform:xwiki-platform-appwithinminutes-ui 4 librenms/librenms 4 pyload-ng 4 apache-airflow-providers-apache-hive 4 PaddlePaddle 4 net.opentsdb:opentsdb 4 feehi/cms 4 calibreweb 4 contao/core-bundle 4 spree_auth_devise 4 org.xwiki.platform:xwiki-platform-flamingo-skin-resources 4 swagger-ui 4 org.apache.tomcat.embed:tomcat-embed-core 4 safer-eval 4 github.com/hashicorp/vault 4 org.eclipse.jetty:jetty-server 4 github.com/usememos/memos 4 code.gitea.io/gitea 4 org.jeecgframework.boot:jeecg-boot-base-core 4 smallvec 4 hermes-engine 4 org.apache.openmeetings:openmeetings-parent 4 messagepack-rs 4 org.apache.inlong:manager-service 4 contao/contao 4 Django 4 realms-shim 4 nilsteampassnet/teampass 4 codeigniter4/framework 3 org.apache.logging.log4j:log4j-core 3 showdoc/showdoc 3 lmdb 3 org.jenkins-ci.plugins:active-directory 3 github.com/dexidp/dex 3 org.xwiki.platform:xwiki-platform-icon-ui 3 zendframework/zendframework1 3 org.apache.storm:storm 3 github.com/rancher/rancher 3 org.xwiki.platform:xwiki-platform-search-ui 3 org.apache.dolphinscheduler:dolphinscheduler 3 typo3/cms 3 org.apache.ignite:ignite-core 3 org.apache.inlong:manager-web 3 com.hazelcast:hazelcast 3 modoboa 3 log4j:log4j 3 org.zenframework.z8.dependencies.commons:log4j-1.2.17 3 id-map 3 tribalsystems/zenario 3 @openzeppelin/contracts-upgradeable 3 pimcore/pimcore 3 org.xwiki.platform:xwiki-platform-panels-ui 3 nvflare 3 org.xwiki.platform:xwiki-platform-flamingo-theme-ui 3 org.jeecgframework.boot:jeecg-boot-base 3 slp-validate 3 org.keycloak:keycloak-core 3 ro.pippo:pippo-core 3 facade/ignition 3 symfony/security 3 edu.stanford.nlp:stanford-corenlp 3 com.jflyfox:jflyfox_jfinal 3 symfony/security-core 3 com.alibaba:dubbo 3 ezsystems/ezplatform-kernel 3 org.apache.hadoop:hadoop-common 3 jsrsasign 3 codeigniter/framework 3 impresscms/impresscms 3 github.com/go-gitea/gitea 3 simplesamlphp/simplesamlphp 3 nokogiri 3 org.apache.any23:apache-any23 3 org.apache.linkis:linkis 3 craftcms/cms 3 handlebars 3 smarty/smarty 3 rubygems-update 3 io.dataease:dataease-plugin-common 3 org.jenkins-ci.plugins.workflow:workflow-cps 3 github.com/pterodactyl/wings 3 org.apache.ozone:ozone-main 3 adodb/adodb-php 3 slpjs 3 strapi 3 cobbler 3 dompdf/dompdf 3 org.springframework.security:spring-security-core 3 browserify-shim 3 org.apache.jmeter:ApacheJMeter 3 actix-web 3 ibexa/core 3 mongoose 3 io.undertow:undertow-core 3 org.apache.solr:solr-parent 3 xcb 3 phpmailer/phpmailer 3 org.apache.solr:solr-core 3 elefant/cms 3 org.richfaces:richfaces-core 3 francoisjacquet/rosariosis 3 ray 3 github.com/hashicorp/nomad 3 publify_core 3 feathers-sequelize 3 codiad/codiad 3 alextselegidis/easyappointments 2 eslint-config-eslint 2 github.com/beego/beego 2 github.com/beego/beego/v2 2 mysql2 2 org.xwiki.platform:xwiki-platform-attachment-ui 2 org.apache.flume.flume-ng-sources:flume-jms-source 2 llama-index 2 Radicale 2 github.com/russellhaering/gosaml2 2 laravel/framework 2 org.keycloak:keycloak-services 2 com.hazelcast.jet:hazelcast-jet 2 org.apache.derby:derby 2 cn.hutool:hutool-all 2 org.apache.inlong:manager-dao 2 @keystone-6/core 2 joplin 2 ctx 2 org.xwiki.platform:xwiki-platform-administration 2 org.xwiki.platform:xwiki-platform-distribution-war 2 org.jenkins-ci.plugins:semantic-versioning-plugin 2
Filter by Repository
https://github.com/xwiki/xwiki-platform 81 https://github.com/FasterXML/jackson-databind 24 https://github.com/jenkinsci/jenkins 17 https://github.com/Dolibarr/dolibarr 15 https://github.com/apache/airflow 14 https://github.com/saltstack/salt 14 https://github.com/mlflow/mlflow 11 https://github.com/PaddlePaddle/Paddle 11 https://github.com/ming-soft/MCMS 10 https://github.com/patriksimek/vm2 10 https://github.com/funadmin/funadmin 9 https://github.com/jeecgboot/jeecg-boot 9 https://github.com/tensorflow/tensorflow 9 https://github.com/django/django 9 https://github.com/top-think/framework 9 https://github.com/langchain-ai/langchain 8 https://github.com/magento/magento2 8 https://github.com/ikus060/rdiffweb 8 https://github.com/apache/inlong 8 https://github.com/argoproj/argo-cd 7 https://github.com/Studio-42/elFinder 7 https://github.com/python-pillow/Pillow 7 https://github.com/gogs/gogs 7 https://github.com/go-gitea/gitea 7 https://github.com/ansible/ansible 7 https://github.com/sequelize/sequelize 7 https://github.com/rusqlite/rusqlite 7 https://github.com/apache/struts 7 https://github.com/thorsten/phpmyfaq 6 https://github.com/shopware/platform 6 https://github.com/shenzhim/aaptjs 6 https://github.com/parse-community/parse-server 6 https://github.com/symfony/symfony 6 https://github.com/xwiki/xwiki-commons 6 https://github.com/answerdev/answer 6 https://github.com/apache/tomcat 5 https://github.com/solidusio/solidus_auth_devise 5 https://github.com/PrestaShop/PrestaShop 5 https://github.com/nervosnetwork/ckb 5 https://github.com/froxlor/froxlor 5 https://github.com/NodeBB/NodeBB 5 https://github.com/apache/activemq 5 https://github.com/dromara/hutool 5 https://github.com/keycloak/keycloak 5 https://github.com/hacksparrow/safe-eval 5 https://github.com/moodle/moodle 5 https://github.com/stealjs/steal 5 https://github.com/swagger-api/swagger-ui 4 https://github.com/hwchase17/langchain 4 https://github.com/OpenTSDB/opentsdb 4 https://github.com/janeczku/calibre-web 4 https://github.com/otake84/messagepack-rs 4 https://github.com/cloudfoundry/uaa 4 https://github.com/pippo-java/pippo 4 https://github.com/usememos/memos 4 https://github.com/contao/contao 4 https://github.com/dompdf/dompdf 4 https://github.com/spring-projects/spring-framework 4 https://github.com/ezsystems/ezpublish-kernel 4 https://github.com/servo/rust-smallvec 4 https://github.com/grafana/grafana 4 https://github.com/liufee/cms 4 https://github.com/pyload/pyload 4 https://github.com/CVEProject/cvelist 4 https://github.com/centreon/centreon-archived 3 https://github.com/shopware/shopware 3 https://github.com/modoboa/modoboa 3 https://github.com/PHPMailer/PHPMailer 3 https://github.com/publify/publify 3 https://github.com/facade/ignition 3 https://github.com/feathersjs-ecosystem/feathers-sequelize 3 https://github.com/ImpressCMS/impresscms 3 https://github.com/star7th/showdoc 3 https://github.com/thlorenz/browserify-shim 3 https://github.com/cobbler/cobbler 3 https://github.com/opencast/opencast 3 https://github.com/pimcore/pimcore 3 https://github.com/smarty-php/smarty 3 https://github.com/rancher/rancher 3 https://github.com/facebook/hermes 3 https://github.com/craftcms/cms 3 https://github.com/nukeviet/nukeviet 3 https://github.com/ezsystems/ezplatform-kernel 3 https://github.com/hazelcast/hazelcast 3 https://github.com/jflyfox/jfinal_cms 3 https://github.com/simpleledger/slpjs 3 https://github.com/phpmyadmin/phpmyadmin 3 https://github.com/crewjam/saml 3 https://github.com/chakra-core/ChakraCore 3 https://github.com/dataease/dataease 3 https://github.com/NVIDIA/NVFlare 3 https://github.com/ibexa/core 3 https://github.com/ADOdb/ADOdb 3 https://github.com/rubygems/rubygems.org 3 https://github.com/andrewhickman/id-map 3 https://github.com/rubygems/rubygems 3 https://github.com/twisted/twisted 3 https://github.com/apache/camel 3 https://github.com/actix/actix-web 3 https://github.com/pterodactyl/wings 3 https://github.com/dwisiswant0/advisory 3 https://github.com/run-llama/llama_index 3 https://github.com/jbroadway/elefant 3 https://github.com/strapi/strapi 3 https://github.com/octobercms/october 3 https://github.com/denoland/deno 3 https://github.com/mautic/mautic 3 https://github.com/TeamSeri0us/pocs 3 https://github.com/github/securitylab 3 https://github.com/baserproject/basercms 3 https://github.com/dexidp/dex 3 https://github.com/LetianYuan/My-CVE-Public-References 3 https://github.com/neorazorx/facturascripts 3 https://github.com/apache/shiro 3 https://github.com/kjur/jsrsasign 3 https://github.com/mbechler/marshalsec 3 https://github.com/jmrozanec/cron-utils 2 https://github.com/sjep/array 2 https://github.com/pytorch/serve 2 https://github.com/OpenAPITools/openapi-generator 2 https://github.com/jfinal/jfinal 2 https://github.com/simpleledger/slp-validate.js 2 https://github.com/top-think/thinkphp 2 https://github.com/SAP/cloud-pysec 2 https://github.com/apache/kylin 2 https://github.com/TribalSystems/Zenario 2 https://github.com/totaljs/framework 2 https://github.com/stanfordnlp/corenlp 2 https://github.com/HtmlUnit/htmlunit 2 https://github.com/ahdinosaur/set-in 2 https://github.com/kubernetes/kubernetes 2 https://github.com/Microsoft/ChakraCore 2 https://github.com/MrSwitch/hello.js 2 https://github.com/ibexa/admin-ui 2 https://github.com/evmos/evmos 2 https://github.com/beego/beego 2 https://github.com/dominictarr/libnested 2 https://github.com/fluxcd/flux2 2 https://github.com/moby/buildkit 2 https://github.com/unshiftio/url-parse 2 https://github.com/sidorares/node-mysql2 2 https://github.com/noear/solon 2 https://github.com/h2database/h2database 2 https://github.com/firebase/php-jwt 2 https://github.com/netvl/acc_reader 2 https://github.com/rubyzip/rubyzip 2 https://github.com/russellhaering/gosaml2 2 https://github.com/jenkinsci/semantic-versioning-plugin 2 https://github.com/rest-client/rest-client 2 https://github.com/hashicorp/go-getter 2 https://github.com/qcubed/qcubed 2 https://github.com/nats-io/jwt 2 https://github.com/getgrav/grav 2 https://github.com/rochacbruno/quokka 2 https://github.com/graphite-project/graphite-web 2 https://github.com/rails/rails 2 https://github.com/uasoft-indonesia/badaso 2 https://github.com/apache/flume 2 https://github.com/Froxlor/Froxlor 2 https://github.com/TogaTech/tEnvoy 2 https://github.com/PowerJob/PowerJob 2 https://github.com/Gerapy/Gerapy 2 https://github.com/rust-random/rand 2 https://github.com/hashicorp/nomad 2 https://github.com/vert-x3/vertx-web 2 https://github.com/apache/karaf 2 https://github.com/simplesamlphp/simplesamlphp 2 https://github.com/nilsteampassnet/teampass 2 https://github.com/sparklemotion/nokogiri 2 https://github.com/laurent22/joplin 2 https://gitlab.com/francoisjacquet/rosariosis 2 https://github.com/dominictarr/event-stream 2 https://github.com/KnpLabs/snappy 2 https://github.com/apache/incubator-streampark 2 https://github.com/SAP/cloud-security-services-integration-library 2 https://github.com/skoranga/node-dns-sync 2 https://github.com/commenthol/safer-eval 2 https://github.com/SAP/cloud-security-client-go 2 https://github.com/dfinity/agent-js 2 https://github.com/jaw187/node-traceroute 2 https://github.com/WWBN/AVideo 2 https://github.com/markevans/dragonfly 2 https://github.com/soketi/soketi 2 https://github.com/nilsteampassnet/TeamPass 2 https://github.com/line/armeria 2 https://github.com/gofiber/fiber 2 https://github.com/joomla/joomla-cms 2 https://github.com/OpenZeppelin/openzeppelin-contracts-upgradeable 2 https://github.com/benbusby/whoogle-search 2 https://github.com/google/flatbuffers 2 https://github.com/gventuri/pandas-ai 2 https://github.com/nodejs/llhttp 2 https://github.com/zoujingli/ThinkAdmin 2 https://github.com/Automattic/mongoose 2 https://github.com/handlebars-lang/handlebars.js 2 https://github.com/hashicorp/vault 2 https://github.com/ionicabizau/parse-url 2 https://github.com/cockpit-hq/cockpit 2 https://github.com/keystonejs/keystone 2