Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Low Security Advisories

Loading...
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW0zOGotcG1nMy12NXg1
Timing attack on django-basic-auth-ip-whitelist
Ecosystems: pypi
Packages: django-basic-auth-ip-whitelist
Source: GitHub Advisory Database
Blast Radius: 3.3
Published: almost 4 years ago
Low
GSA_kwCzR0hTQS1qNXZtLTdxY2MtMnd3Z84AA63w
Kopia: Storage connection credentials written to console on "repository status" CLI command with JSON output
Ecosystems: go
Packages: github.com/kopia/kopia
Source: GitHub Advisory Database
Blast Radius: 3.2
Published: about 1 month ago
Low
GSA_kwCzR0hTQS1tbTMyLWp3NzMtOTIyN84AAesM
Plone is vulnerable to File System Path Exposure
Ecosystems: pypi
Packages: plone
Source: GitHub Advisory Database
Blast Radius: 3.1
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS01Z3A1LXZ4ajYtNDI1N84AAx9T
OpenStack Glance Inclusion of Functionality from Untrusted Control Sphere vulnerability
Ecosystems: pypi
Packages: glance
Source: GitHub Advisory Database
Blast Radius: 3.1
Published: about 1 year ago
Low
GSA_kwCzR0hTQS1jcTk2LTk5NzQtdjhobc4AA6LE
Dynamic Variable Evaluation in qiskit-ibm-runtime
Ecosystems: pypi
Packages: qiskit-ibm-runtime
Source: GitHub Advisory Database
Blast Radius: 3.1
Published: about 2 months ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXE0aG0tZndjOS1obXY2
Insecure temporary file used in com.squareup:connect
Ecosystems: maven
Packages: com.squareup:connect
Source: GitHub Advisory Database
Blast Radius: 3.0
Published: almost 3 years ago
Low
GSA_kwCzR0hTQS0zNmZyLTN3ZzgtcTV2OM4AA3O6
Concrete CMS Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: concrete5/concrete5
Source: GitHub Advisory Database
Blast Radius: 3.0
Published: 6 months ago
Low
GSA_kwCzR0hTQS00NzRmLW1janYtcGdybc4AAzA4
Concrete CMS (previously concrete5) is vulnerable to stored XSS in uploaded file and folder names
Ecosystems: packagist
Packages: concrete5/concrete5
Source: GitHub Advisory Database
Blast Radius: 3.0
Published: about 1 year ago
Low
GSA_kwCzR0hTQS1yd2Y3LTY1MmYtNzZtds4AAml3
Magento 2 Community Edition vulnerable to Improper Authorization
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 2.9
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS0zOXJ3LTRtNjYtODJnZs4AAmmH
Magento incorrect user permissions vulnerability within the Inventory component
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 2.9
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS14aGc5LXh3Y2gtdnI3eM4AA585
quiche vulnerable to unbounded storage of information related to connection ID retirement
Ecosystems: cargo
Packages: quiche
Source: GitHub Advisory Database
Blast Radius: 2.9
Published: 2 months ago
Low
GSA_kwCzR0hTQS01dzV4LXE5cDUtOXFnM84AAuBj
OctoPrint does not have rate limiting on the login page
Ecosystems: pypi
Packages: OctoPrint
Source: GitHub Advisory Database
Blast Radius: 2.9
Published: over 1 year ago
Low
GSA_kwCzR0hTQS00OXdtLTRmcDYtaDU5Y84AAu_E
OctoPrint vulnerable to Unrestricted Upload of File with Dangerous Type
Ecosystems: pypi
Packages: OctoPrint
Source: GitHub Advisory Database
Blast Radius: 2.9
Published: over 1 year ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJjeGYtNjU2Ny03cHA2
Local Information Disclosure Vulnerability
Ecosystems: maven
Packages: com.datadoghq:datadog-api-client
Source: GitHub Advisory Database
Blast Radius: 2.9
Published: about 3 years ago
Low
GSA_kwCzR0hTQS1ycHg3LTMzajIteHg5eM0hRA
Arbitrary file deletion in NeMo ASR webapp
Ecosystems: pypi
Packages: nemo_toolkit
Source: GitHub Advisory Database
Blast Radius: 2.9
Published: about 2 years ago
Low
GSA_kwCzR0hTQS00M3c0LTRqM2MtangyOc4AA4EN
Winter CMS Stored XSS through Backend ColorPicker FormWidget
Ecosystems: packagist
Packages: winter/wn-backend-module
Source: GitHub Advisory Database
Blast Radius: 2.7
Published: 5 months ago
Low
GSA_kwCzR0hTQS00d3Z3LTc1cWgtZnFqcM4AA4EM
Winter CMS Stored XSS through privileged upload of Media Manager file followed by renaming
Ecosystems: packagist
Packages: winter/wn-system-module
Source: GitHub Advisory Database
Blast Radius: 2.7
Published: 5 months ago
Low
GSA_kwCzR0hTQS1qODVxLTQ2aGctMzZwMs4AA658
SpiceDB: LookupSubjects may return partial results if a specific kind of relation is used
Ecosystems: go
Packages: github.com/authzed/spicedb
Source: GitHub Advisory Database
Blast Radius: 2.7
Published: about 1 month ago
Low
GSA_kwCzR0hTQS1tNHdoLTg0OGotOXcycs4AAixg
Katello cleartext password storage issue
Ecosystems: rubygems
Packages: katello
Source: GitHub Advisory Database
Blast Radius: 2.7
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS14ZmpxLTlyeHEtcGg2bc4AAesN
Plone Denial of Service vulnerability via decompressing large zip archives
Ecosystems: pypi
Packages: plone
Source: GitHub Advisory Database
Blast Radius: 2.6
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS05cWhjLXBnNmotd2YyM84AA6nm
Concrete CMS Stored XSS in blocks of type file
Ecosystems: packagist
Packages: concrete5/concrete5
Source: GitHub Advisory Database
Blast Radius: 2.6
Published: about 1 month ago
Low
GSA_kwCzR0hTQS1yN3E0LWN3OXItdmhwNM4AA6nj
Concrete CMS Stored XSS in the Custom Class page editing
Ecosystems: packagist
Packages: concrete5/concrete5
Source: GitHub Advisory Database
Blast Radius: 2.6
Published: about 1 month ago
Low
GSA_kwCzR0hTQS14d3JoLXF4bWMteDhjOM4AA6ni
Concrete CMS Cross-site Scripting (XSS) in the Advanced File Search Filter
Ecosystems: packagist
Packages: concrete5/concrete5
Source: GitHub Advisory Database
Blast Radius: 2.6
Published: about 1 month ago
Low
GSA_kwCzR0hTQS1xZ205LXJ4bXEtanhtcc4AA6nk
Concrete CMS Stored XSS in the Search Field
Ecosystems: packagist
Packages: concrete5/concrete5
Source: GitHub Advisory Database
Blast Radius: 2.6
Published: about 1 month ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZxajgtYzI3dy1ycDMz
Cross-site scripting in Apache Syncome EndUser
Ecosystems: maven
Packages: org.apache.syncope.client:syncope-client-enduser
Source: GitHub Advisory Database
Blast Radius: 2.6
Published: over 2 years ago
Low
GSA_kwCzR0hTQS12cnY5LWNjajMtZzI4NM37Ew
Jenkins IRC Plugin stores credentials in plain text
Ecosystems: maven
Packages: org.jvnet.hudson.plugins:ircbot
Source: GitHub Advisory Database
Blast Radius: 2.6
Published: about 2 years ago
Low
GSA_kwCzR0hTQS1ycWdwLWNjcGgtNXc2Nc0WwA
Cross-Site Request Forgery in firefly-iii
Ecosystems: packagist
Packages: grumpydictator/firefly-iii
Source: GitHub Advisory Database
Blast Radius: 2.4
Published: over 2 years ago
Low
GSA_kwCzR0hTQS1yODQ3LTZ3NmgtcjhnNM4AA2vp
Flyte Admin SQL Injection in List Filters
Ecosystems: go
Packages: github.com/flyteorg/flyteadmin
Source: GitHub Advisory Database
Blast Radius: 2.4
Published: 7 months ago
Low
GSA_kwCzR0hTQS1neDdnLXdqeGctand3as04GQ
Cross-Site Request Forgery in YOURLS
Ecosystems: packagist
Packages: yourls/yourls
Source: GitHub Advisory Database
Blast Radius: 2.4
Published: about 2 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTMzcDYtZng0Mi03cmY1
Harbor is vulnerable to a limited Server-Side Request Forgery (SSRF) (CVE-2020-13788)
Ecosystems: go
Packages: github.com/goharbor/harbor
Source: GitHub Advisory Database
Blast Radius: 2.4
Published: over 2 years ago
Low
GSA_kwCzR0hTQS1qbXAyLXdjNHAtd2ZoMs4AAzGL
Mutagen list and monitor operations do not neutralize control characters in text controlled by remote endpoints
Ecosystems: go
Packages: github.com/mutagen-io/mutagen, github.com/mutagen-io/mutagen-compose
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: about 1 year ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWpqY3gtOTk5bS0zNWhj
Improper Input Validation in Firefly III
Ecosystems: packagist
Packages: grumpydictator/firefly-iii
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: over 2 years ago
Low
GSA_kwCzR0hTQS1tbWg2LTVjcGYtMmM3Ms4AA6RR
phpMyFAQ Path Traversal in Attachments
Ecosystems: packagist
Packages: phpmyfaq/phpmyfaq
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: about 2 months ago
Low
GSA_kwCzR0hTQS0zMng2LXF2dzYtbXhqNM0vig
Forwarding of confidentials headers to third parties in fluture-node
Ecosystems: pypi, npm
Packages: request-util, fluture-node
Source: GitHub Advisory Database
Blast Radius: 2.2
Published: about 2 years ago
Low
GSA_kwCzR0hTQS05cjZwLWhnNGctNWd4cM4AA3oU
Microweber missing standardized error handling mechanism
Ecosystems: packagist
Packages: microweber/microweber
Source: GitHub Advisory Database
Blast Radius: 2.2
Published: 5 months ago
Low
GSA_kwCzR0hTQS1tZ3A2LWo2NTgtdmN3Oc4AA5MT
Concrete CMS vulnerable to stored XSS in file tags and description attributes
Ecosystems: packagist
Packages: concrete5/concrete5
Source: GitHub Advisory Database
Blast Radius: 2.0
Published: 3 months ago
Low
GSA_kwCzR0hTQS05eHh2LXE2cHAtOTZ3cc4AA5mo
Concrete CMS Stored XSS
Ecosystems: packagist
Packages: concrete5/concrete5
Source: GitHub Advisory Database
Blast Radius: 2.0
Published: 3 months ago
Low
GSA_kwCzR0hTQS1jNWdqLXc0aHgtZ3ZteM0t6A
Business Logic Errors in microweber
Ecosystems: packagist
Packages: microweber/microweber
Source: GitHub Advisory Database
Blast Radius: 1.9
Published: about 2 years ago
Low
GSA_kwCzR0hTQS00bTdoLTM0eG0tNHdqds4AA5xy
Concrete CMS Stored Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: concrete5/concrete5
Source: GitHub Advisory Database
Blast Radius: 1.9
Published: 2 months ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWY3cjMtcDg2Ni1xOXFy
ircdkit vulnerable to Denial of Service due to unhandled connection end event
Ecosystems: npm
Packages: ircdkit
Source: GitHub Advisory Database
Blast Radius: 1.8
Published: almost 5 years ago
Low
GSA_kwCzR0hTQS1xMjVoLWpjaDgtZ2ZycM4AA5MS
Concrete CMS vulnerable to stored XSS via the Role Name field
Ecosystems: packagist
Packages: concrete5/concrete5
Source: GitHub Advisory Database
Blast Radius: 1.7
Published: 3 months ago
Low
GSA_kwCzR0hTQS1mZ3hqLWc3eDMtODVjcc4AAzA6
Stored cross site scripting in RSS displayer
Ecosystems: packagist
Packages: concrete5/concrete5
Source: GitHub Advisory Database
Blast Radius: 1.7
Published: about 1 year ago
Low
GSA_kwCzR0hTQS1wajQyLXI2NGYtNHhmcc4AA6ng
Concrete CMS Stored XSS on the calendar color settings screen
Ecosystems: packagist
Packages: concrete5/concrete5
Source: GitHub Advisory Database
Blast Radius: 1.7
Published: about 1 month ago
Low
GSA_kwCzR0hTQS05djN3LWNqN20tcWg1Z84AA5MU
Concrete CMS vulnerable to reflected XSS via the Image URL Import Feature
Ecosystems: packagist
Packages: concrete5/concrete5
Source: GitHub Advisory Database
Blast Radius: 1.7
Published: 3 months ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXg3ZzItd3JycC1yNmgz
Use of a Broken or Risky Cryptographic Algorithm
Ecosystems: packagist
Packages: mautic/core
Source: GitHub Advisory Database
Blast Radius: 1.7
Published: over 2 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXhoMnAtN3A4Ny1maGdo
Incorrect TCR calculation in batchLiquidateTroves() during Recovery Mode
Ecosystems: npm
Packages: @liquity/contracts
Source: GitHub Advisory Database
Blast Radius: 1.5
Published: almost 3 years ago
Low
GSA_kwCzR0hTQS1xcTI5LTV2amgtdnh3cs4AAvFY
rdiffweb vulnerable to Improper Cleanup on Thrown Exception
Ecosystems: pypi
Packages: rdiffweb
Source: GitHub Advisory Database
Blast Radius: 1.1
Published: over 1 year ago
Low
GSA_kwCzR0hTQS0zaHZqLTNjZzktdjI0Ms4AAx6e
Saleor Unauthenticated Information Disclosure Vulnerability via Python Exceptions
Ecosystems: pypi
Packages: saleor
Source: GitHub Advisory Database
Blast Radius: 1.1
Published: about 1 year ago
Low
GSA_kwCzR0hTQS1yeHZqLTVtdjYtajVtY84AA070
Cross-site Scripting in Mingsoft MCMS
Ecosystems: maven
Packages: net.mingsoft:ms-mcms
Source: GitHub Advisory Database
Blast Radius: 1.1
Published: 10 months ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTRtZjItZjN3aC1ndmYy
Subdomain checking of whitelisted domains could allow unintended redirects in oauth2-proxy
Ecosystems: go
Packages: github.com/oauth2-proxy/oauth2-proxy, github.com/oauth2-proxy/oauth2-proxy/v7
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 3 years ago
Low
GSA_kwCzR0hTQS1xdjY0LXc5OWMtcWNyOc4AA1-K
Jenkins temporary uploaded file created with insecure permissions
Ecosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 8 months ago
Low
GSA_kwCzR0hTQS0zN3hxLXE0MnAtcnYzcM4AA1fc
ntpd has Dependency on Vulnerable Third-Party Component
Ecosystems: cargo
Packages: ntpd
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 9 months ago
Low
GSA_kwCzR0hTQS0ycjNjLW02djctOTM1NM4AA1_x
sudo-rs Session File Relative Path Traversal vulnerability
Ecosystems: cargo
Packages: sudo-rs
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 8 months ago
Low
GSA_kwCzR0hTQS1ocTg3LWg0amctdnhmd84AA1-C
Jenkins temporary uploaded file created with insecure permissions
Ecosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 8 months ago
Low
GSA_kwCzR0hTQS1mamo0LTJxNzMtanZnY84AAxfR
Nervos CKB calculation of program load cycles may be missed when executing in resume mode
Ecosystems: cargo
Packages: ckb
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Low
GSA_kwCzR0hTQS0ycnJ4LXE2NWYtODk0Nc4AAjxp
Credentials transmitted in plain text by OpenShift Deployer Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:openshift-deployer
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS01amM1LW04N3gtODhmas4AA05e
Secret displayed without masking by Chef Identity Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:chef-identity
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 10 months ago
Low
GSA_kwCzR0hTQS1wNHd3LWo0cHItcXc2cc4AA01M
RuoYi vulnerable to Cross-site Scripting
Ecosystems: maven
Packages: com.ruoyi:ruoyi
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 10 months ago
Low
GSA_kwCzR0hTQS1obTU3LTRxcHgtZjczNM4AAjx2
Credentials transmitted in plain text by Jenkins DeployHub Plugin
Ecosystems: maven
Packages: com.openmake:deployhub
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS0zcncyLXdmYzgtd21qNc4AA0xu
Fides Webserver Vulnerable to SVG Bomb File Uploads
Ecosystems: pypi
Packages: ethyca-fides
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 10 months ago
Low
GSA_kwCzR0hTQS1mYzNqLWNmcXYtcGZybc4AAlOp
Password stored in plain text by Jenkins HP ALM Quality Center Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:hp-quality-center
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS1mMnd4LXhqZncteGp2Ns4AA0vw
topgrade Time-of-check Time-of-use (TOCTOU) Race Condition in remove_dir_all
Ecosystems: cargo
Packages: topgrade
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 10 months ago
Low
GSA_kwCzR0hTQS1nOTVjLTJqZ20taHFjNs4AA0xt
Fides Webserver Vulnerable to Zip Bomb File Uploads
Ecosystems: pypi
Packages: ethyca-fides
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 10 months ago
Low
GSA_kwCzR0hTQS05cGM4LW00dnAtZ2d2Zs4AA2kI
Artifact Hub allows unsafe rego built-in
Ecosystems: go
Packages: github.com/artifacthub/hub
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 months ago
Low
GSA_kwCzR0hTQS14Njc0LXY0NWotZnd4d84AA7DY
MSAL.NET applications targeting Xamarin Android and .NET Android (MAUI) susceptible to local denial of service
Ecosystems: nuget
Packages: Microsoft.Identity.Client
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 28 days ago
Low
GSA_kwCzR0hTQS04NHA0LTdteGMtN3Boas37CA
Jenkins Amazon SNS Build Notifier Plugin stores credentials in plain text
Ecosystems: maven
Packages: org.jenkins-ci.plugins:snsnotify
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Low
GSA_kwCzR0hTQS13ancyLTRqN2otNmdjM84AA0fu
Winter CMS stored XSS through privileged upload of SVG file
Ecosystems: packagist
Packages: wintercms/winter
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 10 months ago
Low
GSA_kwCzR0hTQS1jZzRoLWNmanAtaDN4Ms4AAmgS
Password stored in plain text by Jenkins VMware Lab Manager Slaves Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:labmanager
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS1weHYyLW1mcTctdmhwNs4AAiIj
Jenkins Inedo BuildMaster Plugin showed plain text password in configuration form
Ecosystems: maven
Packages: com.inedo.proget:inedo-proget
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS1tNTlxLXZncTktNzVjcs4AAtD2
Password stored in plain text by Jenkins RQM Plugin
Ecosystems: maven
Packages: net.praqma:rqm-plugin
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS1nM2hoLXE1NWYtOWczd84AAzvf
RuoYi Uncontrolled Resource Consumption vulnerability
Ecosystems: maven
Packages: com.ruoyi:ruoyi
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 11 months ago
Low
GSA_kwCzR0hTQS04ODVyLWhocHItY2M5cM4AA2rO
Jenkins Gogs Plugin uses non-constant time webhook token comparison
Ecosystems: maven
Packages: org.jenkins-ci.plugins:gogs-webhook
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 months ago
Low
GSA_kwCzR0hTQS01cjMzLW1namYtNjY1Ns4AA1Vz
Jenkins Tuleap Authentication Plugin non-constant time token comparison
Ecosystems: maven
Packages: io.jenkins.plugins:tuleap-oauth
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 9 months ago
Low
GSA_kwCzR0hTQS1qajU0LTVxMm0tcTdwas4AA8Ef
NATS server TLS missing ciphersuite settings when CLI flags used
Ecosystems: go
Packages: https://pkg.go.dev/github.com/nats-io/nats-server/v2
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 10 hours ago
Low
GSA_kwCzR0hTQS1mY3h3LWhoeHEtNDh3eM4AAYKI
Insecure temporary file usage in Jenkins Git Client Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:git-client
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS1nNDcyLWY4Y20tOHg1Zs4AAyuN
Jenkins WSO2 Oauth Plugin stores WSO2 Oauth client secret unencrypted in global config.xml file on Jenkins controller
Ecosystems: maven
Packages: org.jenkins-ci.plugins:wso2id-oauth
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Low
GSA_kwCzR0hTQS1wNzU2LXJmeGgteDYzaM4AAx-a
Azure/setup-kubectl: Escalation of privilege vulnerability for v3 and lower
Ecosystems: actions
Packages: Azure/setup-kubectl
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Low
GSA_kwCzR0hTQS1nNnJ4LTJ3ODQteG1nas4AA1uu
CSRF vulnerability in Jenkins Frugal Testing Plugin
Ecosystems: maven
Packages: io.jenkins.plugins:frugal-testing
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 8 months ago
Low
GSA_kwCzR0hTQS05OWpjLXY4cHEtNnFtNM33Vg
Jenkins Repository Connector Plugin has insufficiently protected credentials
Ecosystems: maven
Packages: org.jenkins-ci.plugins:repository-connector
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Low
GSA_kwCzR0hTQS0yM3EyLTVnZjgtZ2pwcM4AA7NN
Enabling Authentication does not close all logged in socket connections immediately
Ecosystems: npm
Packages: uptime-kuma
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 26 days ago
Low
GSA_kwCzR0hTQS1yd3J4LWhyZjItdjU3N833XQ
Jenkins Serena SRA Deploy Plugin stores credentials in plain text
Ecosystems: maven
Packages: com.urbancode.ds.jenkins.plugins:sra-deploy
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Low
GSA_kwCzR0hTQS1weDZ2LTZqaGYtajQ2cs4AAxqD
CSRF vulnerability in Synopsys Jenkins Coverity Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:synopsys-coverity
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Low
GSA_kwCzR0hTQS1xY2NtLXdtY3EtcHdyNs4AAv_M
Tailscale daemon is vulnerable to information disclosure via CSRF
Ecosystems: go
Packages: tailscale.com/cmd
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Low
GSA_kwCzR0hTQS05cm1mLTZxZ2otZzN3as4AA1Og
Froxlor vulnerable to business logic errors
Ecosystems: packagist
Packages: froxlor/froxlor
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 9 months ago
Low
GSA_kwCzR0hTQS1qdjYyLTZ4dmMtY2N3aM4AAiIf
Jenkins elOyente Plugin has Insufficiently Protected Credentials
Ecosystems: maven
Packages: com.technicolor:elOyente
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS03OTN3LXEyaDUtOGg1as4AAivX
Jenkins QMetry for JIRA Plugin shows plain text password in configuration form
Ecosystems: maven
Packages: org.jenkins-ci.plugins:qmetry-for-jira-test-management
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS01NmdqLTkyN3AtbWZwaM4AAiB_
Jenkins Aqua Security Serverless Scanner Plugin showed plain text password in job configuration form fields
Ecosystems: maven
Packages: org.jenkins-ci.plugins:aqua-serverless
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS14YzI3LWY5cTMtNDQ0OM4AA1rH
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in hyper-bump-it
Ecosystems: pypi
Packages: hyper-bump-it
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 8 months ago
Low
GSA_kwCzR0hTQS1qcDhyLWpoNWotY2d3Zs4AAiId
Jenkins CodeScan Plugin has Insufficiently Protected Credentials
Ecosystems: maven
Packages: com.villagechief.codescan.jenkins:codescan
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS1ycmdwLWMydzgtNnZnNs4AAyCG
Information disclosure through error stack traces related to agents
Ecosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Low
GSA_kwCzR0hTQS1xMnd2LW0zcHEteHB2Oc4AAjx7
Credentials transmitted in plain text by Skytap Cloud CI Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:skytap
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS13Yzd2LTc3anItNWMzbc0ZDg
bookstack is vulnerable to Cross-Site Request Forgery (CSRF)
Ecosystems: packagist
Packages: ssddanbrown/bookstack
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Low
GSA_kwCzR0hTQS03NXI2LTZqZzgtcGZjcc4AA74i
octo-sts vulnerable to unauthenticated attacker causing unbounded CPU and memory usage
Ecosystems: go
Packages: github.com/octo-sts/app
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 1 day ago
Low
GSA_kwCzR0hTQS1qbXFwLTM3bTUtNDl3aM4AA8EQ
sshproxy vulnerable to SSH option injection
Ecosystems: go
Packages: github.com/cea-hpc/sshproxy
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 12 hours ago
Low
GSA_kwCzR0hTQS04ZzZ2LWc4cWMtNXc3as4AAjkp
Token stored in plain text by DigitalOcean Plugin
Ecosystems: maven
Packages: com.dubture.jenkins:digitalocean-plugin
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS1tMzY1LTk4ajgtdzk2d84AAjx3
Jenkins Zephyr for JIRA Test Management Plugin stores credentials in plain text
Ecosystems: maven
Packages: org.jenkins-ci.plugins:zephyr-for-jira-test-management
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS1mZnI2LThjdjUtajYzN84AAjkV
Jenkins S3 Publisher Plugin transmits credentials in plain text during configuration
Ecosystems: maven
Packages: org.jenkins-ci.plugins:s3
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS0yajNyLXg2eGMtcXFxas4AAjkO
Credential stored in plain text by BMC Release Package and Deployment Plugin
Ecosystems: maven
Packages: RPD:bmc-rpd
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS1oMjljLXdjbTgtODgzaM0keg
Incorrect Permission Assignment for Critical Resource in OnionShare
Ecosystems: pypi
Packages: onionshare-cli
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Low
GSA_kwCzR0hTQS0yanh4LTJ4OTMtMnEyZs4AAvdu
Non-constant time webhook token comparison in Jenkins Generic Webhook Trigger Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:generic-webhook-trigger
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Statistics
Advisories: 18,592
Packages: 8,342
Repositories: 446
Ecosystems: 12
Filter by Severity
Moderate 8,063 High 6,401 Critical 2,824 Low 1,012
Filter by Ecosystem
pypi 458 maven 282 packagist 175 npm 129 go 125 rubygems 49 cargo 40 nuget 19 hex 3 pub 1 swift 1 actions 1
Filter by Package
tensorflow 109 tensorflow-cpu 93 tensorflow-gpu 93 moodle/moodle 17 concrete5/concrete5 13 shopware/platform 12 typo3/cms 11 shopware/core 10 phpmyadmin/phpmyadmin 10 github.com/mattermost/mattermost/server/v8 10 nova 9 org.jenkins-ci.main:jenkins-core 9 org.apache.tomcat:tomcat 9 vyper 7 matrix-synapse 7 Umbraco.CMS 6 puppet 6 sweetalert2 5 helm.sh/helm/v3 5 baserproject/basercms 5 typo3/cms-core 5 undici 5 wasmtime 5 ansible 5 rack 5 k8s.io/kubernetes 5 october/backend 5 org.keycloak:keycloak-services 4 electron 4 helm.sh/helm 4 github.com/cilium/cilium 4 actionpack 4 com.vaadin:flow-server 4 github.com/mattermost/mattermost-server/v6 4 simplesamlphp/simplesamlphp 4 magento/community-edition 4 shopware/shopware 4 org.graylog2:graylog2-server 3 github.com/mattermost/mattermost-server 3 @openzeppelin/contracts-upgradeable 3 sylius/sylius 3 passenger 3 ethyca-fides 3 bin-links 3 com.vaadin:vaadin-bom 3 wagtail 3 glance 3 ckb 3 org.apache.hive:hive 3 org.apache.hive:hive-service 3 symfony/symfony 3 github.com/cosmos/cosmos-sdk 3 org.apache.hive:hive-exec 3 httplib2 3 cryptography 3 plone 3 nautobot 3 node-forge 3 go.etcd.io/etcd 3 org.jenkins-ci.plugins:azure-ad 2 ceph-deploy 2 github.com/hashicorp/nomad 2 typo3/cms-frontend 2 gilacms/gila 2 salt 2 org.jenkins-ci.plugins:bigpanda-jenkins 2 node-ipc 2 Django 2 github.com/answerdev/answer 2 next-auth 2 github.com/authzed/spicedb 2 Pillow 2 github.com/containerd/containerd 2 org.jenkins-ci.plugins:ec2 2 github.com/sigstore/cosign 2 braces 2 winter/wn-backend-module 2 django 2 Flask-Security-Too 2 com.inedo.proget:inedo-proget 2 tuf 2 moin 2 horizon 2 october/cms 2 github.com/mattermost/mattermost-plugin-jira 2 com.ruoyi:ruoyi 2 org.apache.activemq:activemq-parent 2 @openzeppelin/contracts 2 craftcms/cms 2 parse-server 2 Nova 2 activesupport 2 flarum/core 2 org.jenkins-ci.plugins:artifactory 2 github.com/ntbosscher/gobase 2 langchain 2 org.jenkins-ci.plugins:wso2id-oauth 2 nokogiri 2 tools.devnull:build-notifications 2 @apollo/server 2 microweber/microweber 2 keystone 2 github.com/cometbft/cometbft 2 org.bouncycastle:bcprov-jdk14 2 pip 2 OctoPrint 2 github.com/opencontainers/runc 2 silverstripe/framework 2 Zope 2 grumpydictator/firefly-iii 2 aiohttp 2 typo3/cms-install 2 github.com/mutagen-io/mutagen 2 go.etcd.io/etcd/client/v3 2 org.jenkins-ci.plugins:mercurial 2 org.jenkins-ci.plugins:repository-connector 2 ezsystems/ezplatform-kernel 2 ezsystems/ezpublish-kernel 2 Flask-AppBuilder 2 org.eclipse.jetty:jetty-server 2 vantage6 2 cargo 2 s2n-quic 2 symfony/security-http 2 org.xwiki.platform:xwiki-platform-oldcore 2 es5-ext 1 fast-xml-parser 1 org.xwiki.platform:xwiki-platform-security-authentication-script 1 ajenti 1 org.jenkins-ci.plugins:snsnotify 1 org.scala-sbt:io_3 1 org.scala-sbt:io_2.13 1 org.scala-sbt:io_2.12 1 org.scala-sbt:sbt 1 org.keycloak:keycloak-core 1 org.jenkins-ci.plugins:openshift-deployer 1 @diez/generation 1 github.com/oauth2-proxy/oauth2-proxy 1 github.com/oauth2-proxy/oauth2-proxy/v7 1 github.com/nats-io/nats-server/v2 1 wiremock 1 com.github.tomakehurst:wiremock-jre8-standalone 1 com.github.tomakehurst:wiremock-jre8 1 org.wiremock:wiremock 1 org.wiremock:wiremock-standalone 1 rabbit_common 1 @liquity/contracts 1 github.com/Masterminds/goutils 1 automad/automad 1 mindspore 1 go.elastic.co/apm 1 kafo 1 net.sf.mpxj:mpxj 1 net.sf.mpxj 1 net.sf.mpxj-for-csharp 1 net.sf.mpxj-for-vb 1 mpxj 1 keylime 1 kimai/kimai 1 zerocopy 1 francoisjacquet/rosariosis 1 RPLY 1 seneca 1 hooka-tools 1 github.com/canonical/lxd 1 org.bouncycastle:bcprov-jdk13 1 org.bouncycastle:bcprov-jdk12 1 io.jenkins.plugins:gitlab-branch-source 1 org.springframework.batch:spring-batch-core 1 org.jenkins-ci.plugins:ghprb 1 com.xuxueli:xxl-job-core 1 virtualenv 1 com.typesafe.play:play 1 ember-source 1 @aedart/support 1 streamlit 1 org.jenkins-ci.plugins:reverse-proxy-auth-plugin 1 thelounge 1 flarum/framework 1 Werkzeug 1 django-basic-auth-ip-whitelist 1 qutebrowser 1 njwt 1 github.com/flyteorg/flyteadmin 1 plone.restapi 1 datasette-graphql 1 org.keycloak:keycloak-server-spi-private 1 spina 1 admidio/admidio 1 phpmyfaq/phpmyfaq 1 solidus_backend 1 debug 1 org.keycloak:keycloak-parent 1 org.xmlunit:xmlunit-core 1 github.com/consensys/gnark-crypto 1 github.com/tendermint/tendermint 1 github.com/aws/aws-sdk-go 1 github.com/goharbor/harbor 1 croogo/croogo 1 @floffah/build 1
Filter by Repository
https://github.com/tensorflow/tensorflow 109 https://github.com/moodle/moodle 17 https://github.com/concretecms/concretecms 13 https://github.com/shopware/platform 12 https://github.com/openstack/nova 11 https://github.com/etcd-io/etcd 8 https://github.com/umbraco/Umbraco-CMS 7 https://github.com/matrix-org/synapse 7 https://github.com/phpmyadmin/phpmyadmin 7 https://github.com/eclipse/jetty.project 7 https://github.com/vyperlang/vyper 7 https://github.com/octobercms/october 7 https://github.com/rails/rails 6 https://github.com/sweetalert2/sweetalert2 5 https://github.com/rack/rack 5 https://github.com/nodejs/undici 5 https://github.com/ansible/ansible 5 https://github.com/helm/helm 5 https://github.com/kubernetes/kubernetes 5 https://github.com/keycloak/keycloak 5 https://github.com/bytecodealliance/wasmtime 5 https://github.com/baserproject/basercms 5 https://github.com/TYPO3/typo3 5 https://github.com/xwiki/xwiki-platform 5 https://github.com/puppetlabs/puppet 5 https://github.com/jenkinsci/jenkins 5 https://github.com/simplesamlphp/simplesamlphp 4 https://github.com/apache/tomcat 4 https://github.com/cilium/cilium 4 https://github.com/wintercms/winter 4 https://github.com/shopware/shopware 4 https://github.com/electron/electron 4 https://github.com/mattermost/mattermost 4 https://github.com/vaadin/platform 4 https://github.com/vaadin/flow 3 https://github.com/CVEProject/cvelist 3 https://github.com/nautobot/nautobot 3 https://github.com/ethyca/fides 3 https://github.com/Graylog2/graylog2-server 3 https://github.com/symfony/symfony 3 https://github.com/openstack/keystone 3 https://github.com/Sylius/Sylius 3 https://github.com/pyca/cryptography 3 https://github.com/digitalbazaar/forge 3 https://github.com/wagtail/wagtail 3 https://github.com/httplib2/httplib2 3 https://github.com/vantage6/vantage6 3 https://github.com/django/django 3 https://github.com/phusion/passenger 3 https://github.com/cosmos/cosmos-sdk 3 https://github.com/nervosnetwork/ckb 3 https://github.com/apache/activemq 2 https://gitlab.com/sequoia-pgp/sequoia 2 https://github.com/dpgaspar/Flask-AppBuilder 2 https://github.com/GilaCMS/gila 2 https://github.com/mutagen-io/mutagen 2 https://github.com/answerdev/answer 2 https://github.com/sigstore/cosign 2 https://github.com/opencontainers/runc 2 https://github.com/parse-community/parse-server 2 https://github.com/aio-libs/aiohttp 2 https://github.com/sparklemotion/nokogiri 2 https://github.com/aws/s2n-quic 2 https://github.com/ntbosscher/gobase 2 https://github.com/openstack/horizon 2 https://github.com/microweber/microweber 2 https://github.com/zopefoundation/Zope 2 https://github.com/openstack/glance 2 https://github.com/quarkusio/quarkus 2 https://github.com/jenkinsci/ec2-plugin 2 https://github.com/OpenZeppelin/openzeppelin-contracts 2 https://github.com/TYPO3/TYPO3.CMS 2 https://github.com/hashicorp/nomad 2 https://github.com/authzed/spicedb 2 https://github.com/cometbft/cometbft 2 https://github.com/RIAEvangelist/node-ipc 2 https://github.com/containerd/containerd 2 https://github.com/Flask-Middleware/flask-security 2 https://github.com/bcgit/bc-java 2 https://github.com/mattermost/mattermost-plugin-jira 2 https://github.com/nats-io/nats-server 2 https://github.com/nextauthjs/next-auth 2 https://github.com/apollographql/apollo-server 2 https://github.com/ceph/ceph-deploy 2 https://github.com/octoprint/octoprint 2 https://github.com/micromatch/braces 2 https://github.com/rust-lang/cargo 2 https://github.com/craftcms/cms 2 https://github.com/theupdateframework/python-tuf 2 https://github.com/flarum/framework 2 https://github.com/pypa/pip 2 https://github.com/opencontainers/distribution-spec 2 https://github.com/ezsystems/ezplatform-kernel 2 https://github.com/firefly-iii/firefly-iii 2 https://github.com/saltstack/salt 2 https://github.com/electron-userland/electron-packager 1 https://github.com/ktorio/ktor 1 https://github.com/PrestaShop/productcomments 1 https://github.com/mlflow/mlflow 1 https://github.com/kopia/kopia 1 https://github.com/jcubic/jquery.terminal 1 https://github.com/floriangaerber/Magnesium-PHP 1 https://github.com/lexik/LexikJWTAuthenticationBundle 1 https://github.com/aedart/ion 1 https://github.com/kitabisa/teler 1 https://github.com/firebase/firebase-tools 1 https://github.com/jeremylong/DependencyCheck 1 https://github.com/tauri-apps/tauri 1 https://github.com/node-red/node-red 1 https://github.com/ubernostrum/django-registration 1 https://github.com/personnummer/php 1 https://github.com/tendermint/tendermint 1 https://github.com/elastic/apm-agent-dotnet 1 https://github.com/plone/Products.CMFPlone 1 https://github.com/jenkinsci/mercurial-plugin 1 https://github.com/canonical/lxd 1 https://github.com/thelounge/thelounge 1 https://github.com/jenkinsci/parameterized-remote-trigger-plugin 1 https://github.com/google/zerocopy 1 https://github.com/ezsystems/ezpublish-kernel 1 https://github.com/tinymce/tinymce 1 https://github.com/NVIDIA/NeMo 1 https://github.com/vapor/postgres-nio 1 https://github.com/jquery-validation/jquery-validation 1 https://github.com/zopefoundation/Products.PluggableAuthService 1 https://github.com/Azure/setup-kubectl 1 https://github.com/swagger-api/swagger-codegen 1 https://github.com/knative-extensions/eventing-github 1 https://github.com/dojo/dijit 1 https://github.com/fluent/fluentd 1 https://github.com/joeferner/redis-commander 1 https://github.com/fastify/fastify-http-proxy 1 https://github.com/brefphp/bref 1 https://github.com/medikoo/es5-ext 1 https://github.com/jenkinsci/resource-disposer-plugin 1 https://github.com/jenkinsci/email-ext-plugin 1 https://github.com/python-imaging/Pillow 1 https://github.com/jenkinsci/qmetry-for-jira-test-management-plugin 1 https://github.com/Cyber-Domain-Ontology/CDO-Utility-Local-UUID 1 https://github.com/simplegeo/python-oauth2 1 https://github.com/decidim/decidim 1 https://github.com/spinacms/spina 1 https://github.com/rust-vmm/linux-loader 1 https://github.com/elastic/apm-agent-go 1 https://github.com/amundsen-io/amundsenfrontendlibrary 1 https://github.com/personnummer/go 1 https://github.com/keylime/keylime 1 https://github.com/vega/vega 1 https://github.com/Masterminds/goutils 1 https://github.com/skylot/jadx 1 https://github.com/cloudfoundry/uaa 1 https://github.com/directus/directus 1 https://github.com/Twipped/ircdkit 1 https://github.com/openjdk/jfx 1 https://github.com/impredicative/bitlyshortener 1 https://github.com/livehelperchat/livehelperchat 1 https://github.com/CosmWasm/cosmwasm 1 https://github.com/cjvnjde/google-translate-api-browser 1 https://github.com/jenkinsci/gitlab-plugin 1 https://github.com/zowe/imperative 1 https://github.com/dub-flow/vulnerability-research 1 https://github.com/jenkinsci/digitalocean-plugin 1 https://github.com/theupdateframework/go-tuf 1 https://github.com/arguiot/EyeJS 1 https://github.com/croogo/croogo 1 https://github.com/triaxtec/openapi-python-client 1 https://github.com/npm/npm 1 https://github.com/derbyjs/derby 1 https://github.com/puma/puma 1 https://github.com/endojs/endo 1 https://github.com/moq/moq 1 https://github.com/rails/globalid 1 https://github.com/zopefoundation/Products.GenericSetup 1 https://github.com/rust-vmm/vm-memory 1 https://github.com/yourls/yourls 1 https://github.com/xuxueli/xxl-job 1 https://github.com/ajenti/ajenti 1 https://github.com/argoproj/argo-workflows 1 https://github.com/containers/podman 1 https://github.com/mapfish/mapfish-print 1 https://github.com/OpenZeppelin/openzeppelin-contracts-upgradeable 1 https://github.com/jenkinsci/m2release-plugin 1 https://github.com/tlsfuzzer/tlslite-ng 1 https://github.com/openstack/neutron 1 https://github.com/Nebulosus/shamir 1 https://github.com/tailscale/tailscale 1 https://github.com/matrix-org/vodozemac 1 https://github.com/tm-kn/django-basic-auth-ip-whitelist 1 https://github.com/alphagov/tech-docs-gem 1 https://github.com/Bouke/django-user-sessions 1 https://github.com/ericcornelissen/shescape 1 https://sourceforge.net/projects/sourceforge.net 1 https://github.com/memorysafety/sudo-rs 1 https://gitlab.com/edneville/please 1 https://github.com/xmlunit/xmlunit 1 https://github.com/octokit/octopoller.rb 1 https://github.com/disintegration/imaging 1 https://github.com/gradle/gradle 1 https://github.com/node-js-libs/cli 1