Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

High Security Advisories

Loading...
High
GSA_kwCzR0hTQS01MnJoLTVycGotYzN3Ns3jTw
Improper handling of multiline messages in node-irc
Ecosystems: npm
Packages: matrix-org-irc
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS1mZmptLTRxd2MtN2NtZs4AAu2A
TensorFlow vulnerable to OOB write in `scatter_nd` in TF Lite
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 34.1
Published: over 1 year ago
High
GSA_kwCzR0hTQS1weHJ3LWoyZnYtaHgzaM4AAu1_
TensorFlow vulnerable to OOB read in `Gather_nd` in TF Lite
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 34.1
Published: over 1 year ago
High
GSA_kwCzR0hTQS00M3YyLTZncnAtOXBwOc4AAWOM
Apache Tomcat does not enforce the maxHttpHeaderSize limit
Ecosystems: maven
Packages: org.apache.tomcat:tomcat
Source: GitHub Advisory Database
Blast Radius: 19.8
Published: about 2 years ago
High
GSA_kwCzR0hTQS03NTk5LWZxZ20tdjg0cM4AAwrj
rgb2hex vulnerable to inefficient regular expression complexity
Ecosystems: npm
Packages: rgb2hex
Source: GitHub Advisory Database
Blast Radius: 31.9
Published: over 1 year ago
High
GSA_kwCzR0hTQS05dmg2LXFmdjYtdmNxcM3XyQ
snipe-IT vulnerable to host header injection
Ecosystems: packagist
Packages: snipe/snipe-it
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS1ncnI0LXd2MzgtZjY4d84AAwSU
Jettison Out-of-bounds Write vulnerability
Ecosystems: maven
Packages: org.codehaus.jettison:jettison
Source: GitHub Advisory Database
Blast Radius: 29.9
Published: over 1 year ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXc2OHItNXA0NS01cnFw
Improper Input Validation in Laravel
Ecosystems: packagist
Packages: laravel/framework
Source: GitHub Advisory Database
Blast Radius: 42.6
Published: about 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXA4cTgtamZjdi1nMmgy
Directory Traversal in Archive_Tar
Ecosystems: packagist
Packages: pear/archive_tar
Source: GitHub Advisory Database
Blast Radius: 26.1
Published: almost 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZwYzItN3htZi1wcG1m
Out-of-bounds Write in ChakraCore
Ecosystems: nuget
Packages: Microsoft.ChakraCore
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 3 years ago
High
GSA_kwCzR0hTQS1xNmg3LTRxZ3ctMmo5cM09kw
Hashicorp Consul HTTP health check endpoints returning an HTTP redirect may be abused as SSRF vector
Ecosystems: go
Packages: github.com/hashicorp/consul
Source: GitHub Advisory Database
Blast Radius: 26.1
Published: about 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTRmMjYtdjZmci05aG1w
Improper Input Validation in Centreon Web
Ecosystems: packagist
Packages: centreon/centreon
Source: GitHub Advisory Database
Blast Radius: 3.4
Published: almost 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTN3eHEtN3I4bS1xcG1n
ffmepg is malware
Ecosystems: npm
Packages: ffmepg
Source: GitHub Advisory Database
Blast Radius: 5.2
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTQ5dnYtNnE3cS13NWNm
OS Command Injection in Strapi
Ecosystems: npm
Packages: strapi
Source: GitHub Advisory Database
Blast Radius: 26.1
Published: over 2 years ago
High
GSA_kwCzR0hTQS0zMnJwLXEzN3Atamc2d809eQ
Insecure plugin handling in Mattermost
Ecosystems: go
Packages: github.com/mattermost/mattermost-server/v6
Source: GitHub Advisory Database
Blast Radius: 19.6
Published: about 2 years ago
High
GSA_kwCzR0hTQS03N3g0LTU1cTctNHZtas4AA7O1
Apache HugeGraph-Hubble: SSRF in Hubble connection page
Ecosystems: maven
Packages: org.apache.hugegraph:hugegraph-hubble
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 26 days ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXE1d3ItZnZwcS1wNjdn
Integer Overflow in png-img
Ecosystems: npm
Packages: png-img
Source: GitHub Advisory Database
Blast Radius: 17.6
Published: over 2 years ago
High
GSA_kwCzR0hTQS1yZjNmLTNwMzctMnFoNM4AAumL
python-scciclient vulnerable to Man-in-the-middle (MITM) attacks
Ecosystems: pypi
Packages: python-scciclient
Source: GitHub Advisory Database
Blast Radius: 7.7
Published: over 1 year ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWNqeDctMzk5eC1wMnJq
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in micronaut-core
Ecosystems: maven
Packages: io.micronaut:micronaut-http-server-netty
Source: GitHub Advisory Database
Blast Radius: 23.5
Published: almost 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTV2ajgtM3YyaC1oMzh2
Remote Code Execution in next
Ecosystems: npm
Packages: next
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTdmNTMtZm1tdi1tZmp2
Regular expression denial of service in react-native
Ecosystems: npm
Packages: react-native
Source: GitHub Advisory Database
Blast Radius: 41.7
Published: almost 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLThoMmctcjI5Mi1qOHho
HashiCorp Consul L7 deny intention results in an allow action
Ecosystems: go
Packages: github.com/hashicorp/consul
Source: GitHub Advisory Database
Blast Radius: 26.1
Published: almost 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXAyNGotaDQ3Ny03NnEz
Uncontrolled Search Path Element in sharkdp/bat
Ecosystems: cargo
Packages: bat
Source: GitHub Advisory Database
Blast Radius: 15.9
Published: over 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJxanctcDV2ci1jNjk1
Basic-auth app bundle credential exposure in gatsby-source-wordpress
Ecosystems: npm
Packages: gatsby-source-wordpress
Source: GitHub Advisory Database
Blast Radius: 24.0
Published: almost 3 years ago
High
GSA_kwCzR0hTQS1wcTY3LTlqZjktaGMzY84AA03-
JDBC URL bypassing by allowLoadLocalInfileInPath param
Ecosystems: maven
Packages: org.apache.inlong:manager-pojo
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 10 months ago
High
GSA_kwCzR0hTQS02am1tLW1wNnctNHJyZ81BKg
OutOfMemory Exception by specifically crafted processing instruction in NekoHtml Parser
Ecosystems: maven
Packages: net.sourceforge.htmlunit:neko-htmlunit
Source: GitHub Advisory Database
Blast Radius: 14.9
Published: about 2 years ago
High
GSA_kwCzR0hTQS1wMjVtLWpwajQtcWNycs4AA127
Denial of Service Vulnerability in gRPC TCP Server (Posix-compatible platforms)
Ecosystems: pypi, rubygems
Packages: grpcio, grpc
Source: GitHub Advisory Database
Blast Radius: 61.2
Published: 8 months ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXg3Z20tcmZndi13OTcz
Potential DoS with NumberFilter conversion to integer values.
Ecosystems: pypi
Packages: django-filter
Source: GitHub Advisory Database
Blast Radius: 34.6
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXc2cnEtNmgzNC12aDdx
Cached redirect poisoning via X-Forwarded-Host header
Ecosystems: maven
Packages: io.ratpack:ratpack-core
Source: GitHub Advisory Database
Blast Radius: 16.5
Published: almost 3 years ago
High
GSA_kwCzR0hTQS1mcGg5LWY1cjYtdmhxZs4AAuz2
Eclipse Milo vulnerable to Resource Exhaustion (Denial of Service)
Ecosystems: maven
Packages: org.eclipse.milo:sdk-server
Source: GitHub Advisory Database
Blast Radius: 14.3
Published: over 1 year ago
High
GSA_kwCzR0hTQS04bTVoLWhycW0tcHhtMs1BTQ
Path traversal in the OWASP Enterprise Security API
Ecosystems: maven
Packages: org.owasp.esapi:esapi
Source: GitHub Advisory Database
Blast Radius: 23.8
Published: about 2 years ago
High
GSA_kwCzR0hTQS01eDVxLThjZ20tMmhqcc4AAyfX
Karate has vulnerable dependency on json-smart package (CVE-2023-1370)
Ecosystems: maven
Packages: com.intuit.karate:karate-core
Source: GitHub Advisory Database
Blast Radius: 16.2
Published: about 1 year ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW1wNmYtcDlncC12cGo5
Array size is not checked in sized-chunks
Ecosystems: cargo
Packages: sized-chunks
Source: GitHub Advisory Database
Blast Radius: 26.3
Published: over 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWdqNzctNTl3aC02Nmhn
Regular Expression Denial of Service (ReDoS) in Prism
Ecosystems: npm
Packages: prismjs
Source: GitHub Advisory Database
Blast Radius: 39.5
Published: almost 3 years ago
High
GSA_kwCzR0hTQS05d3J2LWc3NWgtOGNjY80_qw
Improper Access Control in Shopware
Ecosystems: packagist
Packages: shopware/core, shopware/platform
Source: GitHub Advisory Database
Blast Radius: 20.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS1mbXE3LWdoOHYtbWp2Y84AAuw1
WildFly vulnerable to Insecure Default Initialization of Resource
Ecosystems: maven
Packages: org.wildfly.bom:wildfly
Source: GitHub Advisory Database
Blast Radius: 4.5
Published: over 1 year ago
High
GSA_kwCzR0hTQS0zNnhyLTR4MmYtY2ZqOc4AA5ZD
Deserialization of Untrusted Data in Apache Camel SQL
Ecosystems: maven
Packages: org.apache.camel:camel-sql
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJqeDgtdjRodi1neDNo
XXE vulnerability in Launch import
Ecosystems: maven
Packages: com.epam.reportportal:service-api
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: almost 3 years ago
High
GSA_kwCzR0hTQS03Z203LThxOHYtOWdmMs0_qg
Server-Side Request Forgery (SSRF) in Shopware
Ecosystems: packagist
Packages: shopware/core, shopware/platform
Source: GitHub Advisory Database
Blast Radius: 17.8
Published: about 2 years ago
High
GSA_kwCzR0hTQS1xdjk4LTMzNjktZzM2NM4AAuzr
KubeVirt vulnerable to arbitrary file read on host
Ecosystems: go
Packages: kubevirt.io/kubevirt
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
High
GSA_kwCzR0hTQS1tNDNwLTU1cmYtOGMyas4AA5ZF
Deserialization of Untrusted Data in Apache Camel CassandraQL
Ecosystems: maven
Packages: org.apache.camel:camel-cassandraql
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
High
GSA_kwCzR0hTQS13N3I2LXY0ajctaDk0d84AAygm
Apache James server's JMX management service vulnerable to privilege escalation by local user
Ecosystems: maven
Packages: org.apache.james:javax-mail-extension
Source: GitHub Advisory Database
Blast Radius: 8.9
Published: about 1 year ago
High
GSA_kwCzR0hTQS12eDhxLWo3aDktdmY2cc0xuQ
Exposure of Sensitive Information to an Unauthorized Actor in PhpMyAdmin
Ecosystems: packagist
Packages: phpmyadmin/phpmyadmin
Source: GitHub Advisory Database
Blast Radius: 8.8
Published: about 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZncjgtYzNtNS1tdnJn
Exposure of Sensitive Information to an Unauthorized Actor
Ecosystems: packagist
Packages: shopware/platform
Source: GitHub Advisory Database
Blast Radius: 11.8
Published: over 2 years ago
High
GSA_kwCzR0hTQS1mZjJ3LXdtNDgtamhxas4AA5Yj
Arbitrary File Read Vulnerability in Apache Dolphinscheduler
Ecosystems: maven
Packages: org.apache.dolphinscheduler:dolphinscheduler
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 months ago
High
GSA_kwCzR0hTQS13M3c2LTI2ZjItcDQ3NM4AA5YR
Broken Access Control in Spring Security With Direct Use of isFullyAuthenticated
Ecosystems: maven
Packages: org.springframework.security:spring-security-core
Source: GitHub Advisory Database
Blast Radius: 34.4
Published: 3 months ago
High
GSA_kwCzR0hTQS0zaDZjLWM0NzUtam03ds4AA7PT
Arbitrary Code Execution in Gitea
Ecosystems: go
Packages: code.gitea.io/gitea
Source: GitHub Advisory Database
Blast Radius: 11.4
Published: 26 days ago
High
GSA_kwCzR0hTQS0ycW01LXI4MmctNWhjeM4AAl7V
ThinkAdmin directory traversal vulnerability
Ecosystems: packagist
Packages: zoujingli/thinkadmin
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
High
GSA_kwCzR0hTQS0zcjdnLXdycHItajVnNM0_pQ
Improper Authentication in django-mfa3
Ecosystems: pypi
Packages: django-mfa3
Source: GitHub Advisory Database
Blast Radius: 6.2
Published: about 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTdxNGgtcGo3OC1qN3Zn
Authorization service vulnerable to DDos attacks in Apache CFX
Ecosystems: maven
Packages: org.apache.cxf:apache-cxf, org.apache.cxf:cxf
Source: GitHub Advisory Database
Blast Radius: 15.5
Published: about 3 years ago
High
GSA_kwCzR0hTQS1neDQzLWZxcngtNmZjd84AAyj-
thorsten/phpmyfaq vulnerable to business logic errors
Ecosystems: packagist
Packages: thorsten/phpmyfaq
Source: GitHub Advisory Database
Blast Radius: 5.0
Published: about 1 year ago
High
GSA_kwCzR0hTQS13cXF2LWpjZnItOWY1Z84AAw0x
PocketMine-MP has improperly handled dye colour IDs in banner NBT, leading to server crash
Ecosystems: packagist
Packages: pocketmine/pocketmine-mp
Source: GitHub Advisory Database
Blast Radius: 15.6
Published: over 1 year ago
High
GSA_kwCzR0hTQS1oN3dtLXBoNDMtYzM5cM4AAZaj
Scrapy denial of service vulnerability
Ecosystems: pypi
Packages: scrapy
Source: GitHub Advisory Database
Blast Radius: 25.8
Published: about 2 years ago
High
GSA_kwCzR0hTQS02ajU4LWdyaHYtMjc2Oc4AAua6
ansible-runner vulnerable to shell command injection
Ecosystems: pypi
Packages: ansible-runner
Source: GitHub Advisory Database
Blast Radius: 22.3
Published: over 1 year ago
High
GSA_kwCzR0hTQS1xcGdjLXhoN2otNTJxOM4AAuaR
node-opcua DoS vulnerability via message with memory allocation that exceeds v8's memory limit
Ecosystems: npm
Packages: node-opcua
Source: GitHub Advisory Database
Blast Radius: 17.3
Published: over 1 year ago
High
GSA_kwCzR0hTQS1nOTRwLWgyNjMtYzI2cc0_uA
Cross Site Request Forgery in Mingsoft MCMS
Ecosystems: maven
Packages: net.mingsoft:ms-mcms
Source: GitHub Advisory Database
Blast Radius: 2.6
Published: about 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTloNmctZ3A5NS14M3E1
actionpack is vulnerable to denial of service because of a wildcard controller route
Ecosystems: rubygems
Packages: actionpack
Source: GitHub Advisory Database
Blast Radius: 44.6
Published: over 6 years ago
High
GSA_kwCzR0hTQS05aGNyLTloY3YteDZwds4AAypf
Flask-AppBuilder Has No Rate Limiting on Login AUTH DB
Ecosystems: pypi
Packages: Flask-AppBuilder
Source: GitHub Advisory Database
Blast Radius: 20.8
Published: about 1 year ago
High
GSA_kwCzR0hTQS01OGNoLWMyamYtNWcyM84AAygG
Jenkins remote-jobs-view-plugin vulnerable to XML external entity attacks
Ecosystems: maven
Packages: com.sap.jenkinsci:remote-jobs-view-plugin
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWZmcHYtYzRobS0zeDZ2
actionpack is vulnerable to denial of service via a crafted HTTP Accept header
Ecosystems: rubygems
Packages: actionpack
Source: GitHub Advisory Database
Blast Radius: 44.6
Published: over 6 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWg5Z2otcnFydy14NGZx
Server Side Request Forgery in Apache Axis
Ecosystems: maven
Packages: axis:axis, org.apache.axis:axis
Source: GitHub Advisory Database
Blast Radius: 25.4
Published: about 5 years ago
High
GSA_kwCzR0hTQS02MzZqLTd4N3ItZ3Z3Ms03Uw
Old sessions not blocked by login enable function in Snipe-IT
Ecosystems: packagist
Packages: snipe/snipe-it
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWZqcXItZngzZi1nNHJ2
Electron protocol handler browser vulnerable to Command Injection
Ecosystems: npm
Packages: electron
Source: GitHub Advisory Database
Blast Radius: 43.7
Published: about 6 years ago
High
GSA_kwCzR0hTQS0yanY1LTlyODgtM3czcM4AA5N5
python-multipart vulnerable to Content-Type Header ReDoS
Ecosystems: pypi
Packages: starlette, fastapi, python-multipart
Source: GitHub Advisory Database
Blast Radius: 34.8
Published: 3 months ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWdoZ2otM3hxci02amZt
Jetty vulnerable to exposure of sensitive information to unauthenticated remote users
Ecosystems: maven
Packages: org.eclipse.jetty:jetty-server
Source: GitHub Advisory Database
Blast Radius: 34.0
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWh2OTYteHh4Mi01djd3
Downloads Resources over HTTP in nw
Ecosystems: npm
Packages: nw
Source: GitHub Advisory Database
Blast Radius: 22.6
Published: about 5 years ago
High
GSA_kwCzR0hTQS13Y204LTg2eDYtOG12M84AAt5X
Apache Avro Rust SDK's Reader could consume memory beyond allowed constraints
Ecosystems: cargo
Packages: apache-avro
Source: GitHub Advisory Database
Blast Radius: 14.1
Published: almost 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJtdzUteHBnOS1qcjI5
Use of Cryptographically Weak Pseudo-Random Number Generator in Rclone
Ecosystems: go
Packages: github.com/rclone/rclone
Source: GitHub Advisory Database
Blast Radius: 12.3
Published: almost 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWY1ZzgtNXFxNy05Mzh3
Pillow Out-of-bounds Read
Ecosystems: pypi
Packages: Pillow
Source: GitHub Advisory Database
Blast Radius: 35.1
Published: about 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJwY2ctZjlxNi0ybXE2
Remote Code Execution via traversal in TAL expressions
Ecosystems: pypi
Packages: Zope
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 3 years ago
High
GSA_kwCzR0hTQS1jNDM4LTZmNnItcGc4d84AAuA3
4thline cling uPnP protocol issue can lead to denial of service
Ecosystems: maven
Packages: org.fourthline.cling:cling-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1md3I3LXYybXYtaGgyNc05EQ
Prototype Pollution in async
Ecosystems: npm
Packages: async
Source: GitHub Advisory Database
Blast Radius: 46.5
Published: about 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXh3N2Mtang5bS14aDVn
Reflected cross-site scripting issue in Datasette
Ecosystems: pypi
Packages: datasette
Source: GitHub Advisory Database
Blast Radius: 17.7
Published: almost 3 years ago
High
GSA_kwCzR0hTQS1ocnBwLWg5OTgtajNwcM4AAwDM
qs vulnerable to Prototype Pollution
Ecosystems: npm
Packages: qs
Source: GitHub Advisory Database
Blast Radius: 47.4
Published: over 1 year ago
High
GSA_kwCzR0hTQS1tajJjLTVtanYtZ21tas07WA
SQL Injection in Pimcore
Ecosystems: packagist
Packages: pimcore/pimcore
Source: GitHub Advisory Database
Blast Radius: 18.7
Published: about 2 years ago
High
GSA_kwCzR0hTQS0zdzVnLTk4OXAtMzVyOM4AAt5a
Apache Avro Rust SDK corrupted data read can cause crash
Ecosystems: cargo
Packages: apache-avro
Source: GitHub Advisory Database
Blast Radius: 14.1
Published: almost 2 years ago
High
GSA_kwCzR0hTQS0zanJqLXg2Y2otOTdjcM4AAqu3
Moodle contains CSRF vulnerability
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 12.5
Published: almost 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW12NTUtMjN4cC0zd3A4
Access control flaw in Kiali
Ecosystems: go
Packages: github.com/kiali/kiali
Source: GitHub Advisory Database
Blast Radius: 8.4
Published: almost 3 years ago
High
GSA_kwCzR0hTQS1waGh3LTN3YzktOHE3Nc4AAnsW
SaltStack Salt command injection via a crafted process name
Ecosystems: pypi
Packages: salt
Source: GitHub Advisory Database
Blast Radius: 20.5
Published: almost 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLThoMmotY2d4OC02eHY3
Cross-Site Request Forgery (CSRF) in FastAPI
Ecosystems: pypi
Packages: fastapi
Source: GitHub Advisory Database
Blast Radius: 38.0
Published: almost 3 years ago
High
GSA_kwCzR0hTQS01bXZqLXJ2cDgtcmY0Nc4AA08N
Insufficient Session Expiration after a password change
Ecosystems: packagist
Packages: getkirby/cms
Source: GitHub Advisory Database
Blast Radius: 18.8
Published: 10 months ago
High
GSA_kwCzR0hTQS0yMm05LW0zd3ctNTNoM84AAw3Z
Flarum post mentions can be used to read any post on the forum without access control
Ecosystems: packagist
Packages: flarum/mentions
Source: GitHub Advisory Database
Blast Radius: 13.6
Published: over 1 year ago
High
GSA_kwCzR0hTQS1oaHI5LTd4dmgtOHhnY804rA
Server side request forgery in LiveHelperChat
Ecosystems: packagist
Packages: remdex/livehelperchat
Source: GitHub Advisory Database
Blast Radius: 5.4
Published: about 2 years ago
High
GSA_kwCzR0hTQS12eDh2LWczcDMtODh2Z8043Q
Weak password hash in LiveHelperChat
Ecosystems: packagist
Packages: remdex/livehelperchat
Source: GitHub Advisory Database
Blast Radius: 5.2
Published: about 2 years ago
High
GSA_kwCzR0hTQS1xam1xLThoanItcWN2Ns05Qg
SQL Injection when creating an application with Reactive SQL backend
Ecosystems: npm
Packages: generator-jhipster
Source: GitHub Advisory Database
Blast Radius: 33.3
Published: about 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWpyZ2YtdmZ3Mi1oajI2
RCE via PHP Object injection via SOAP Requests
Ecosystems: packagist
Packages: openmage/magento-lts
Source: GitHub Advisory Database
Blast Radius: 12.1
Published: over 3 years ago
High
GSA_kwCzR0hTQS03Y2g0LXJyOTktY3Fjd84AAw6Q
gatsby-transformer-remark has possible unsanitized JavaScript code injection
Ecosystems: npm
Packages: gatsby-transformer-remark
Source: GitHub Advisory Database
Blast Radius: 38.3
Published: over 1 year ago
High
GSA_kwCzR0hTQS01amM4LTh4aHYtZzhxbc4AAZ9l
Improper Input Validation in XFire
Ecosystems: maven
Packages: org.codehaus.xfire:xfire-core
Source: GitHub Advisory Database
Blast Radius: 16.5
Published: about 2 years ago
High
GSA_kwCzR0hTQS0yamd3LTI4cWgtNm1nOM4AAyuZ
Jenkins Quay.io trigger Plugin Cross-site Scripting vulnerability
Ecosystems: maven
Packages: org.jenkins-ci.plugins:quayio-trigger
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
High
GSA_kwCzR0hTQS0zd3c0LWdnNGYtanI3Zs4AA5Eq
Python Cryptography package vulnerable to Bleichenbacher timing oracle attack
Ecosystems: pypi
Packages: cryptography
Source: GitHub Advisory Database
Blast Radius: 38.4
Published: 3 months ago
High
GSA_kwCzR0hTQS03cXc0LTlyNjgtMnJteM4AA5Em
mingSoft MCMS File Upload vulnerability
Ecosystems: maven
Packages: net.mingsoft:ms-mcms
Source: GitHub Advisory Database
Blast Radius: 2.6
Published: 3 months ago
High
GSA_kwCzR0hTQS14ancyLTZqbTktcmY2N84AA1lM
Sandbox escape via various forms of "format".
Ecosystems: pypi
Packages: RestrictedPython
Source: GitHub Advisory Database
Blast Radius: 23.7
Published: 9 months ago
High
GSA_kwCzR0hTQS1tODdmLTM5cTktNmY1Nc04jA
Sensitive Auth & Cookie data stored in Jupyter server logs
Ecosystems: pypi
Packages: notebook
Source: GitHub Advisory Database
Blast Radius: 35.8
Published: about 2 years ago
High
GSA_kwCzR0hTQS00N2g2LWhmcHYtN3Boas4AAilz
Magento 2 Community Edition RCE Vulnerability
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 9.5
Published: almost 2 years ago
High
GSA_kwCzR0hTQS00djJxLWhqeDMtYzR2cs4AAq98
Magento remote code execution vulnerability
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 9.5
Published: almost 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTI3Zzgtcjl2dy03NjV4
Private Field data leak
Ecosystems: npm
Packages: @keystonejs/keystone
Source: GitHub Advisory Database
Blast Radius: 18.7
Published: almost 3 years ago
High
GSA_kwCzR0hTQS1mNzNoLTIyNGMtNjJxcs4AAil7
Magento Server-Side Request Forgery (SSRF)
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 7.8
Published: almost 2 years ago
High
GSA_kwCzR0hTQS0yY2c0LTdxNHgtN3JyMs4AAt7T
mc-kill-port vulnerable to Arbitrary Command Execution via kill function
Ecosystems: npm
Packages: mc-kill-port
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
High
GSA_kwCzR0hTQS01Y213LWZocTktOGZoaM03fg
Type Confusion in LiveHelperChat
Ecosystems: packagist
Packages: remdex/livehelperchat
Source: GitHub Advisory Database
Blast Radius: 5.2
Published: about 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXc2djItcWNobS1ncmo3
Insecure permissions on user namespace / fakeroot temporary rootfs in Singularity
Ecosystems: go
Packages: github.com/sylabs/singularity
Source: GitHub Advisory Database
Blast Radius: 7.3
Published: over 2 years ago
Statistics
Advisories: 18,774
Packages: 8,381
Repositories: 2,465
Ecosystems: 12
Filter by Severity
Moderate 8,161 High 6,452 Critical 2,849 Low 1,017
Filter by Ecosystem
maven 1,876 npm 1,408 pypi 1,200 packagist 1,073 nuget 786 go 696 cargo 324 rubygems 284 swift 16 hex 9 actions 8 pub 4
Filter by Package
Microsoft.ChakraCore 234 tensorflow 107 tensorflow-cpu 95 tensorflow-gpu 93 magento/community-edition 59 org.jenkins-ci.main:jenkins-core 48 moodle/moodle 44 com.fasterxml.jackson.core:jackson-databind 43 org.apache.tomcat:tomcat 33 dolibarr/dolibarr 31 drupal/core 30 microweber/microweber 27 pimcore/pimcore 27 drupal/drupal 26 nokogiri 25 org.apache.struts:struts2-core 23 phpmyadmin/phpmyadmin 23 com.thoughtworks.xstream:xstream 22 opencv-contrib-python 22 opencv-python 22 typo3/cms 22 Pillow 21 com.jfinal:jfinal 21 ansible 20 salt 20 django 19 github.com/rancher/rancher 19 thorsten/phpmyfaq 19 typo3/cms-core 18 org.jenkins-ci.plugins:script-security 18 librenms/librenms 18 mlflow 18 Plone 17 openssl-src 17 pocketmine/pocketmine-mp 17 getgrav/grav 16 symfony/symfony 16 org.apache.tomcat.embed:tomcat-embed-core 16 apache-airflow 16 parse-server 15 rdiffweb 15 nilsteampassnet/teampass 15 Microsoft.AspNetCore.App.Runtime.win-x86 14 Microsoft.AspNetCore.App.Runtime.win-x64 14 github.com/hashicorp/consul 14 net.mingsoft:ms-mcms 14 vyper 14 centreon/centreon 14 Microsoft.AspNetCore.App.Runtime.win-arm 13 github.com/usememos/memos 13 rubygems-update 13 golang.org/x/net 13 Microsoft.AspNetCore.App.Runtime.osx-x64 12 Microsoft.AspNetCore.App.Runtime.linux-x64 12 Microsoft.AspNetCore.App.Runtime.linux-musl-x64 12 Microsoft.AspNetCore.App.Runtime.linux-arm 12 org.keycloak:keycloak-core 12 baserproject/basercms 12 Microsoft.AspNetCore.App.Runtime.linux-musl-arm64 12 org.apache.openmeetings:openmeetings-parent 12 electron 12 Microsoft.AspNetCore.App.Runtime.linux-arm64 12 activerecord 12 Microsoft.AspNetCore.App.Runtime.win-arm64 12 intelliants/subrion 11 github.com/argoproj/argo-cd 11 mautic/core 11 github.com/hashicorp/vault 11 github.com/nats-io/nats-server/v2 11 actionpack 11 org.keycloak:keycloak-parent 11 io.undertow:undertow-core 11 keystone 10 shopware/platform 10 org.springframework.security:spring-security-core 10 cobbler 10 Django 10 org.apache.nifi:nifi 10 org.xwiki.platform:xwiki-platform-oldcore 10 cockpit-hq/cockpit 10 froxlor/froxlor 10 openmage/magento-lts 10 github.com/hashicorp/nomad 10 matrix-synapse 10 org.bouncycastle:bcprov-jdk14 9 craftcms/cms 9 ckb 9 github.com/ethereum/go-ethereum 9 Microsoft.NetCore.App.Runtime.win-arm 9 org.apache.hadoop:hadoop-main 9 mercurial 9 Microsoft.NetCore.App.Runtime.win-arm64 9 org.apache.struts.xwork:xwork-core 9 org.cloudfoundry.identity:cloudfoundry-identity-server 9 Microsoft.NetCore.App.Runtime.win-x64 9 rusqlite 9 Microsoft.NetCore.App.Runtime.win-x86 9 org.apache.geode:geode-core 9 org.apache.solr:solr-core 9 laravel/framework 9 Microsoft.NETCore.App.Runtime.win-arm64 8 Microsoft.NETCore.App.Runtime.win-x64 8 gradio 8 Microsoft.NETCore.App.Runtime.win-x86 8 shopware/core 8 Microsoft.AspNetCore.App.Runtime.linux-musl-arm 8 org.bouncycastle:bcprov-jdk15 8 org.keycloak:keycloak-services 8 github.com/sylabs/singularity 8 october/system 8 cn.hutool:hutool-core 7 DotNetNuke.Core 7 tar 7 com.liferay.portal:release.portal.bom 7 snipe/snipe-it 7 apache-superset 7 com.xuxueli:xxl-job 7 strapi 7 org.elasticsearch:elasticsearch 7 deno 7 cakephp/cakephp 7 org.eclipse.jetty:jetty-server 7 symfony/security 7 phpmailer/phpmailer 7 pillow 7 org.apache.commons:commons-compress 7 magento/core 7 next 7 gogs.io/gogs 7 codeigniter4/framework 7 org.craftercms:crafter-studio 7 org.jenkins-ci.plugins.workflow:workflow-cps-global-lib 7 smarty/smarty 7 org.springframework:spring-core 7 org.jenkins-ci.plugins.workflow:workflow-cps 7 org.apache.inlong:manager-pojo 7 github.com/docker/docker 7 cryptography 6 Microsoft.NETCore.App 6 waitress 6 contao/core-bundle 6 contao/contao 6 Microsoft.AspNetCore.All 6 rack 6 sequelize 6 guzzlehttp/guzzle 6 ezsystems/ezpublish-kernel 6 github.com/hyperledger/fabric 6 @strapi/strapi 6 @openzeppelin/contracts 6 org.apache.camel:camel-core 6 opencv-python-headless 6 Microsoft.AspNetCore.App.Runtime.osx-arm64 6 opencv-contrib-python-headless 6 github.com/gravitl/netmaker 6 github.com/grafana/grafana 6 org.apache.tomcat:tomcat-coyote 6 nautobot 6 sized-chunks 6 kiwitcms 6 golang.org/x/crypto 6 org.apache.tika:tika-core 6 symfony/security-http 6 wwbn/avideo 6 prestashop/prestashop 6 npm 6 composer/composer 6 k8s.io/kubernetes 6 de.tum.in.ase:artemis-java-test-sandbox 6 express-cart 6 github.com/traefik/traefik/v2 6 github.com/zitadel/zitadel 6 istio.io/istio 6 org.apache.cxf:cxf 6 handlebars 6 org.xwiki.platform:xwiki-platform-web 5 pear/archive_tar 5 directus 5 org.apache.xmlgraphics:batik 5 phpbb/phpbb 5 zope 5 Microsoft.WindowsDesktop.App.Runtime.win-x86 5 Microsoft.WindowsDesktop.App.Runtime.win-x64 5 OPCFoundation.NetStandard.Opc.Ua.Core 5 getkirby/cms 5 org.apache.mesos:mesos 5 com.vaadin:vaadin-bom 5 ezsystems/ezpublish-legacy 5 @openzeppelin/contracts-upgradeable 5 plone 5 genix/cms 5 github.com/nats-io/jwt 5 CefSharp.Common 5 org.apache.tomcat:tomcat-catalina 5 github.com/cilium/cilium 5 forkcms/forkcms 5 serve 5 github.com/go-gitea/gitea 5 github.com/answerdev/answer 5 aubio 5
Filter by Repository
https://github.com/chakra-core/ChakraCore 204 https://github.com/tensorflow/tensorflow 107 https://github.com/xwiki/xwiki-platform 48 https://github.com/FasterXML/jackson-databind 44 https://github.com/jenkinsci/jenkins 36 https://github.com/apache/tomcat 34 https://github.com/django/django 26 https://github.com/python-pillow/Pillow 26 https://github.com/apache/airflow 25 https://github.com/pimcore/pimcore 25 https://github.com/microweber/microweber 25 https://github.com/moodle/moodle 24 https://github.com/keycloak/keycloak 22 https://github.com/apache/struts 22 https://github.com/x-stream/xstream 22 https://github.com/opencv/opencv 21 https://github.com/sparklemotion/nokogiri 20 https://github.com/Dolibarr/dolibarr 19 https://github.com/thorsten/phpmyfaq 18 https://github.com/pmmp/PocketMine-MP 17 https://github.com/dotnet/runtime 17 https://github.com/rancher/rancher 16 https://github.com/spring-projects/spring-framework 16 https://github.com/symfony/symfony 16 https://github.com/ansible/ansible 15 https://github.com/ikus060/rdiffweb 15 https://github.com/parse-community/parse-server 15 https://github.com/github/advisory-database 14 https://github.com/apache/inlong 14 https://github.com/librenms/librenms 14 https://github.com/vyperlang/vyper 14 https://github.com/getgrav/grav 14 https://github.com/mlflow/mlflow 13 https://github.com/usememos/memos 13 https://github.com/jenkinsci/script-security-plugin 13 https://github.com/rails/rails 12 https://github.com/hashicorp/consul 11 https://github.com/mautic/mautic 11 https://github.com/electron/electron 11 https://github.com/apache/nifi 11 https://github.com/centreon/centreon 10 https://github.com/OpenMage/magento-lts 10 https://github.com/go-gitea/gitea 10 https://github.com/argoproj/argo-cd 10 https://github.com/octobercms/october 10 https://github.com/strapi/strapi 9 https://github.com/golang/go 9 https://github.com/cui2shark/cms 9 https://github.com/openstack/keystone 9 https://github.com/rusqlite/rusqlite 9 https://github.com/apache/camel 9 https://github.com/cloudfoundry/uaa 9 https://github.com/nilsteampassnet/teampass 9 https://github.com/kubernetes/kubernetes 9 https://github.com/nervosnetwork/ckb 9 https://github.com/TYPO3/TYPO3.CMS 8 https://github.com/cobbler/cobbler 8 https://github.com/gradio-app/gradio 8 https://github.com/cockpit-hq/cockpit 8 https://github.com/nats-io/nats-server 8 https://github.com/denoland/deno 8 https://github.com/bcgit/bc-java 8 https://github.com/matrix-org/synapse 8 https://github.com/shopware/platform 8 https://github.com/netty/netty 7 https://github.com/dotnet/aspnetcore 7 https://github.com/PHPMailer/PHPMailer 7 https://github.com/eclipse/jetty.project 7 https://github.com/spring-projects/spring-security 7 https://github.com/undertow-io/undertow 7 https://github.com/snipe/snipe-it 7 https://github.com/hashicorp/vault 7 https://github.com/laravel/framework 7 https://github.com/rubygems/rubygems 7 https://github.com/DSpace/DSpace 7 https://github.com/apache/activemq 7 https://github.com/plone/Products.CMFPlone 7 https://github.com/apache/cxf 7 https://github.com/nautobot/nautobot 6 https://github.com/DrunkenShells/Disclosures 6 https://github.com/istio/istio 6 https://github.com/PaddlePaddle/Paddle 6 https://github.com/hyperledger/fabric 6 https://github.com/OpenNMS/opennms 6 https://github.com/intelliants/subrion 6 https://github.com/smarty-php/smarty 6 https://github.com/pyca/cryptography 6 https://github.com/CVEProject/cvelist 6 https://github.com/xuxueli/xxl-job 6 https://github.com/saltstack/salt 6 https://github.com/TYPO3/typo3 6 https://github.com/guzzle/guzzle 6 https://github.com/sequelize/sequelize 6 https://github.com/kiwitcms/Kiwi 6 https://github.com/contao/contao 6 https://github.com/bodil/sized-chunks 6 https://github.com/dnnsoftware/Dnn.Platform 6 https://github.com/phpmyadmin/phpmyadmin 6 https://github.com/dromara/hutool 6 https://github.com/gravitl/netmaker 6 https://github.com/zitadel/zitadel 6 https://github.com/OpenZeppelin/openzeppelin-contracts 6 https://github.com/Pylons/waitress 6 https://github.com/ls1intum/Ares 6 https://github.com/magento/magento2 6 https://github.com/npm/node-tar 6 https://github.com/OPCFoundation/UA-.NETStandard 6 https://github.com/nilsteampassnet/TeamPass 6 https://github.com/WWBN/AVideo 6 https://github.com/backstage/backstage 6 https://github.com/opencast/opencast 6 https://github.com/froxlor/froxlor 6 https://github.com/ethereum/go-ethereum 5 https://github.com/hpcng/singularity 5 https://github.com/cilium/cilium 5 https://github.com/apache/hadoop 5 https://github.com/drupal/core 5 https://github.com/getkirby/kirby 5 https://github.com/PrestaShop/PrestaShop 5 https://github.com/directus/directus 5 https://github.com/forkcms/forkcms 5 https://github.com/composer/composer 5 https://github.com/pear/Archive_Tar 5 https://github.com/zopefoundation/Zope 5 https://github.com/geoserver/geoserver 5 https://github.com/vercel/next.js 5 https://github.com/aubio/aubio 5 https://github.com/BlackFan/client-side-prototype-pollution 5 https://github.com/gogs/gogs 5 https://github.com/answerdev/answer 5 https://github.com/docker/docker 5 https://github.com/apache/xmlgraphics-batik 5 https://github.com/traefik/traefik 5 https://github.com/codeigniter4/CodeIgniter4 5 https://github.com/cakephp/cakephp 5 https://github.com/matrix-org/matrix-js-sdk 5 https://github.com/twisted/twisted 5 https://github.com/apache/kylin 5 https://github.com/apache/dolphinscheduler 5 https://github.com/protocolbuffers/protobuf 5 https://github.com/cefsharp/CefSharp 5 https://github.com/grafana/grafana 5 https://github.com/IBAX-io/go-ibax 5 https://github.com/faisalman/ua-parser-js 5 https://github.com/ericcornelissen/shescape 4 https://github.com/jenkinsci/workflow-cps-global-lib-plugin 4 https://github.com/playframework/playframework 4 https://github.com/containers/podman 4 https://github.com/tidwall/gjson 4 https://github.com/jettison-json/jettison 4 https://github.com/vantage6/vantage6 4 https://github.com/fiveai/Cachet 4 https://github.com/kubernetes/ingress-nginx 4 https://github.com/apache/geode 4 https://github.com/yiisoft/yii2 4 https://github.com/totaljs/framework 4 https://github.com/bolt/bolt 4 https://github.com/phpseclib/phpseclib 4 https://github.com/opencontainers/runc 4 https://github.com/apple/swift-nio-http2 4 https://github.com/scrapy/scrapy 4 https://github.com/PrismJS/prism 4 https://github.com/free5gc/free5gc 4 https://github.com/Codiad/Codiad 4 https://github.com/0xJacky/nginx-ui 4 https://github.com/hashicorp/nomad 4 https://github.com/nocodb/nocodb 4 https://github.com/containers/buildah 4 https://github.com/quarkusio/quarkus 4 https://github.com/livehelperchat/livehelperchat 4 https://github.com/baserproject/basercms 4 https://github.com/ethyca/fides 4 https://github.com/pgadmin-org/pgadmin4 4 https://github.com/wixtoolset/issues 4 https://github.com/pimcore/admin-ui-classic-bundle 4 https://github.com/cri-o/cri-o 4 https://github.com/igniterealtime/Openfire 4 https://github.com/RaspAP/raspap-webgui 4 https://github.com/ckeditor/ckeditor4 4 https://github.com/npm/cli 4 https://github.com/cloudflare/cfrpki 4 https://github.com/libp2p/go-libp2p 4 https://github.com/statamic/cms 4 https://github.com/centreon/centreon-archived 4 https://github.com/surrealdb/surrealdb 4 https://github.com/restlet/restlet-framework-java 4 https://github.com/jnqnfe/pulse-binding-rust 4 https://github.com/Froxlor/Froxlor 4 https://github.com/nightcloudos/new_cms 4 https://github.com/jhipster/generator-jhipster 4 https://github.com/ezsystems/ezpublish-legacy 4 https://github.com/jeecgboot/jeecg-boot 4 https://github.com/jfhbrook/node-ecstatic 3 https://github.com/dpgaspar/Flask-AppBuilder 3 https://github.com/phusion/passenger 3 https://github.com/grpc/grpc 3 https://github.com/jupyterhub/oauthenticator 3 https://gitlab.com/edneville/please 3 https://github.com/edgelesssys/constellation 3