Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Low Security Advisories

Loading...
Low
GSA_kwCzR0hTQS01NmdqLTkyN3AtbWZwaM4AAiB_
Jenkins Aqua Security Serverless Scanner Plugin showed plain text password in job configuration form fields
Ecosystems: maven
Packages: org.jenkins-ci.plugins:aqua-serverless
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS1ncXhyLWh2cnctNmhmaM4AAzWv
Jenkins NS-ND Integration Performance Publisher Plugin displays credentials without masking
Ecosystems: maven
Packages: io.jenkins.plugins:cavisson-ns-nd-integration
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 12 months ago
Low
GSA_kwCzR0hTQS1obTU3LTRxcHgtZjczNM4AAjx2
Credentials transmitted in plain text by Jenkins DeployHub Plugin
Ecosystems: maven
Packages: com.openmake:deployhub
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS05cWhjLXBnNmotd2YyM84AA6nm
Concrete CMS Stored XSS in blocks of type file
Ecosystems: packagist
Packages: concrete5/concrete5
Source: GitHub Advisory Database
Blast Radius: 2.6
Published: about 1 month ago
Low
GSA_kwCzR0hTQS14d3JoLXF4bWMteDhjOM4AA6ni
Concrete CMS Cross-site Scripting (XSS) in the Advanced File Search Filter
Ecosystems: packagist
Packages: concrete5/concrete5
Source: GitHub Advisory Database
Blast Radius: 2.6
Published: about 1 month ago
Low
GSA_kwCzR0hTQS1yN3E0LWN3OXItdmhwNM4AA6nj
Concrete CMS Stored XSS in the Custom Class page editing
Ecosystems: packagist
Packages: concrete5/concrete5
Source: GitHub Advisory Database
Blast Radius: 2.6
Published: about 1 month ago
Low
GSA_kwCzR0hTQS1xZ205LXJ4bXEtanhtcc4AA6nk
Concrete CMS Stored XSS in the Search Field
Ecosystems: packagist
Packages: concrete5/concrete5
Source: GitHub Advisory Database
Blast Radius: 2.6
Published: about 1 month ago
Low
GSA_kwCzR0hTQS0zcDRnLXJjdzUtODI5OM4AAzUC
etcd Key name can be accessed via LeaseTimeToLive API
Ecosystems: go
Packages: github.com/etcd-io/etcd
Source: GitHub Advisory Database
Blast Radius: 5.9
Published: about 1 year ago
Low
GSA_kwCzR0hTQS1nM3Y2LXI4cDktd3hnOc4AA1Pz
Mattermost fails to correctly delete attachments
Ecosystems: go
Packages: github.com/mattermost/mattermost-server/v6
Source: GitHub Advisory Database
Blast Radius: 6.9
Published: 9 months ago
Low
GSA_kwCzR0hTQS1mcDZwLTV4dnctbTc0Zs4AAZQc
Django User Enumeration Vulnerability
Ecosystems: pypi
Packages: django
Source: GitHub Advisory Database
Blast Radius: 15.7
Published: almost 2 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWc5ZnctOXg4Ny1ybXJq
Privilege Context Switching Error in Elasticsearch
Ecosystems: maven
Packages: org.elasticsearch:elasticsearch
Source: GitHub Advisory Database
Blast Radius: 13.2
Published: about 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXY2d3AtNG02Zi1nY2pn
`aiohttp` Open Redirect vulnerability (`normalize_path_middleware` middleware)
Ecosystems: pypi
Packages: aiohttp
Source: GitHub Advisory Database
Blast Radius: 14.9
Published: about 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWMzNXYtcXdxZy04N2pj
express-basic-auth Timing Attack due to native string comparison instead of constant time string comparison
Ecosystems: npm
Packages: express-basic-auth
Source: GitHub Advisory Database
Blast Radius: 11.2
Published: almost 5 years ago
Low
GSA_kwCzR0hTQS1qZm1xLTRnNG0tOTlyaM4AASBR
Nimbus JOSE+JWT vulnerable to padding oracle attack
Ecosystems: maven
Packages: com.nimbusds:nimbus-jose-jwt
Source: GitHub Advisory Database
Blast Radius: 11.8
Published: about 2 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTc2ZjQtZnczMy02ajJ2
Potential sensitive data exposure in applications using Vaadin 15
Ecosystems: maven
Packages: com.vaadin:vaadin-bom
Source: GitHub Advisory Database
Blast Radius: 11.3
Published: about 3 years ago
Low
GSA_kwCzR0hTQS14bTY3LTU4N3EtcjJ2d84AAyAX
wasmtime vulnerable to miscompilation of `i8x16.select` with the same inputs on x86_64
Ecosystems: cargo
Packages: cranelift-codegen, wasmtime
Source: GitHub Advisory Database
Blast Radius: 10.9
Published: about 1 year ago
Low
GSA_kwCzR0hTQS12ZnA2LWpydzItOTlnOc4AA2_S
Cosign vulnerable to possible endless data attack from attacker-controlled registry
Ecosystems: go
Packages: github.com/sigstore/cosign, github.com/sigstore/cosign/v2
Source: GitHub Advisory Database
Blast Radius: 8.7
Published: 6 months ago
Low
GSA_kwCzR0hTQS1mNmc4LXB4dnAtOTMyOM4AAiIK
Jenkins Inedo ProGet Plugin Plugin has Cleartext Transmission of Sensitive Information
Ecosystems: maven
Packages: com.inedo.proget:inedo-proget
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS05aHZmLXBmcTMtN3BwNs4AAjR5
CSRF vulnerability in Jenkins Amazon EC2 Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:ec2
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS1mcnFjLWYyaDgtZmp2Zs4AA19h
Spring for GraphQL may be exposed to GraphQL context with values from a different session
Ecosystems: maven
Packages: org.springframework.graphql:spring-graphql
Source: GitHub Advisory Database
Blast Radius: 6.9
Published: 8 months ago
Low
GSA_kwCzR0hTQS12dmcyLWhnM2MtbXFqM84AAjkh
Client secret transmitted in plain text by Azure AD Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:azure-ad
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS13d2d4LTk0djYtZmMycM4AASyU
Jenkins SSH Agent Plugin exposes SSH private key password to users with permission to read the build log
Ecosystems: maven
Packages: org.jenkins-ci.plugins:ssh-agent
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Low
GSA_kwCzR0hTQS1tZjRwLXdqcm0tY21qcM4AAvdJ
AWS secrets displayed without masking by Jenkins S3 Explorer Plugin
Ecosystems: maven
Packages: io.jenkins.plugins:s3explorer
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Low
GSA_kwCzR0hTQS1xaDM2LTQ0anYtYzh4as0oSA
Potential proxy IP restriction bypass in Kubernetes
Ecosystems: go
Packages: k8s.io/kubernetes
Source: GitHub Advisory Database
Blast Radius: 13.4
Published: over 2 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTN4NGMtcHEzMy00dzNx
Improper authorisation of members discloses room membership to non-members
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 4.4
Published: over 2 years ago
Low
GSA_kwCzR0hTQS03ZmY4LXFmd3gtOGd4Nc4AAknO
Improper masking of some secrets in Jenkins Credentials Binding Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:credentials-binding
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS02M2pnLTV3djYtN2dods4AAV9P
Jenkins Resource Disposer Plugin allows attacker to stop tracking specified resource
Ecosystems: maven
Packages: org.jenkins-ci.plugins:resource-disposer
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Low
GSA_kwCzR0hTQS1oZjd3LWY0aDQtOXhwOM4AAYZt
Exposure of Sensitive Information in Jenkins Datadog plugin
Ecosystems: maven
Packages: org.datadog.jenkins.plugins:datadog
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXYyNGgtcGpqdi1tY3A2
Denial of service in Tendermint
Ecosystems: go
Packages: github.com/tendermint/tendermint
Source: GitHub Advisory Database
Blast Radius: 10.8
Published: almost 3 years ago
Low
GSA_kwCzR0hTQS1mODk5LTRtcjQtZnFwds4AA4Uf
Apache Answer Race Condition vulnerability
Ecosystems: go
Packages: github.com/apache/incubator-answer
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 4 months ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWg2bXEtM2NqNi1oNzM4
Reverse Tabnabbing in showdown
Ecosystems: npm
Packages: showdown
Source: GitHub Advisory Database
Blast Radius: 13.6
Published: over 3 years ago
Low
GSA_kwCzR0hTQS1mbTZxLTk3Z3ctYzR3aM0sPg
Agent-to-controller security bypass in Jenkins HashiCorp Vault Plugin
Ecosystems: maven
Packages: com.datapipe.jenkins.plugins:hashicorp-vault-plugin
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Low
GSA_kwCzR0hTQS14cjdwLThxODItODc4cc4AAwLZ
teler dashboard vulnerable to DOM-based cross-site scripting (XSS)
Ecosystems: go
Packages: teler.app
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Low
GSA_kwCzR0hTQS1tdzZxLTk4bXAtZzhnOM0W5Q
Cross-site Scripting in bootstrap-table
Ecosystems: npm
Packages: bootstrap-table
Source: GitHub Advisory Database
Blast Radius: 9.5
Published: over 2 years ago
Low
GSA_kwCzR0hTQS12dzQ3LW1yNDQtM2pmOc0V6g
Confused Deputy in Kubernetes
Ecosystems: go
Packages: k8s.io/kubernetes
Source: GitHub Advisory Database
Blast Radius: 13.4
Published: over 2 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZxbWYtZmo2bS02ODZj
Open Redirect in Flask-Security-Too
Ecosystems: pypi
Packages: Flask-Security-Too
Source: GitHub Advisory Database
Blast Radius: 5.6
Published: almost 3 years ago
Low
GSA_kwCzR0hTQS1yMjc1LWo1N2MtN21mMs4AA5ZI
Race condition in Endorsements
Ecosystems: rubygems
Packages: decidim
Source: GitHub Advisory Database
Blast Radius: 7.7
Published: 3 months ago
Low
GSA_kwCzR0hTQS13Nmh3LTU3anEtaDdmNc4AAknq
CSRF vulnerability in Amazon EC2 Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:ec2
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWYzcGctcXd2Zy1wOTlj
Lenient Parsing of Content-Length Header When Prefixed with Plus Sign
Ecosystems: cargo
Packages: hyper
Source: GitHub Advisory Database
Blast Radius: 14.2
Published: almost 3 years ago
Low
GSA_kwCzR0hTQS1ndmNqLTcyaDQtOHhtOc4AAjx0
Jenkins Quality Gates Plugin transmits credentials in plain text during configuration
Ecosystems: maven
Packages: org.jenkins-ci.plugins:quality-gates
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS1teGNjLTdoNW0teDU3cs4AAtsO
Jenkins GitHub plugin uses weak webhook signature function
Ecosystems: maven
Packages: com.coravy.hudson.plugins.github:github
Source: GitHub Advisory Database
Blast Radius: 7.6
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS1oanAzLTVnMnEtN2p3d84AAzCk
Race Condition leading to logging errors
Ecosystems: rubygems
Packages: audited
Source: GitHub Advisory Database
Blast Radius: 8.6
Published: about 1 year ago
Low
GSA_kwCzR0hTQS05cjZwLWhnNGctNWd4cM4AA3oU
Microweber missing standardized error handling mechanism
Ecosystems: packagist
Packages: microweber/microweber
Source: GitHub Advisory Database
Blast Radius: 2.2
Published: 5 months ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJqd3ctMng4di1tOXY5
Potential sensitive data exposure in applications using Vaadin 15
Ecosystems: maven
Packages: com.vaadin:flow-server
Source: GitHub Advisory Database
Blast Radius: 6.5
Published: about 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXhoMnAtN3A4Ny1maGdo
Incorrect TCR calculation in batchLiquidateTroves() during Recovery Mode
Ecosystems: npm
Packages: @liquity/contracts
Source: GitHub Advisory Database
Blast Radius: 1.5
Published: almost 3 years ago
Low
GSA_kwCzR0hTQS03eHA4LTd3cXgtNWhxeM4AAjcV
Jenkins REST APIs vulnerable to clickjacking
Ecosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXY5MzYtajhncC05cTNw
Open redirects on some federation and push requests
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 4.4
Published: about 3 years ago
Low
GSA_kwCzR0hTQS05MnBnLThnNTctaHFweM4AAnqH
Support bundles can include user session IDs in Jenkins Support Core Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:support-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS1yOG03LTc5MmotNWp2cc4AAZvd
TYPO3 Cross-Site Scripting (XSS) vulnerabilities in Content Editing Wizards component
Ecosystems: packagist
Packages: typo3/cms
Source: GitHub Advisory Database
Blast Radius: 7.8
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS1wNzU2LXJmeGgteDYzaM4AAx-a
Azure/setup-kubectl: Escalation of privilege vulnerability for v3 and lower
Ecosystems: actions
Packages: Azure/setup-kubectl
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Low
GSA_kwCzR0hTQS1qbXAyLXdjNHAtd2ZoMs4AAzGL
Mutagen list and monitor operations do not neutralize control characters in text controlled by remote endpoints
Ecosystems: go
Packages: github.com/mutagen-io/mutagen, github.com/mutagen-io/mutagen-compose
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: about 1 year ago
Low
GSA_kwCzR0hTQS1xaDU0LTl2YzUtbTlmZ80WgQ
MD5 hash support in github.com/foxcpp/maddy
Ecosystems: go
Packages: github.com/foxcpp/maddy
Source: GitHub Advisory Database
Blast Radius: 0.9
Published: over 2 years ago
Low
GSA_kwCzR0hTQS1mOWpnLThwMzItMmY1Nc0hRw
kubectl ANSI escape characters not filtered
Ecosystems: go
Packages: k8s.io/kubernetes
Source: GitHub Advisory Database
Blast Radius: 12.9
Published: over 2 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWM1MmYtcHE0Ny0ycjlq
plugin.yaml file allows for duplicate entries in helm
Ecosystems: go
Packages: helm.sh/helm, helm.sh/helm/v3
Source: GitHub Advisory Database
Blast Radius: 11.1
Published: almost 3 years ago
Low
GSA_kwCzR0hTQS1tYzh2LW1ncmYtOGY0bc0XWA
Clarify Content-Type handling
Ecosystems: go
Packages: github.com/opencontainers/distribution-spec
Source: GitHub Advisory Database
Blast Radius: 4.9
Published: over 2 years ago
Low
GSA_kwCzR0hTQS01ajV3LWc2NjUtNW0zNc0XXw
Ambiguous OCI manifest parsing
Ecosystems: go
Packages: github.com/containerd/containerd
Source: GitHub Advisory Database
Blast Radius: 13.3
Published: over 2 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTI0bTMtdzhnOS1qd3Bx
Information disclosure of source code in SimpleSAMLphp
Ecosystems: packagist
Packages: simplesamlphp/simplesamlphp
Source: GitHub Advisory Database
Blast Radius: 7.5
Published: about 4 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTd3Z3ItNzY2Ni03cHdq
Path Traversal in openapi-python-client
Ecosystems: pypi
Packages: openapi-python-client
Source: GitHub Advisory Database
Blast Radius: 6.9
Published: over 3 years ago
Low
GSA_kwCzR0hTQS1nbTJnLTJ4cjktcHh4as4AA0J6
Temporal Server vulnerable to Incorrect Authorization and Insecure Default Initialization of Resource
Ecosystems: go
Packages: go.temporal.io/server
Source: GitHub Advisory Database
Blast Radius: 4.4
Published: 11 months ago
Low
GSA_kwCzR0hTQS1jZjZ2LTlqNTctdjZyNs4AA0Nx
code.gitea.io/gitea Open Redirect vulnerability
Ecosystems: go
Packages: code.gitea.io/gitea
Source: GitHub Advisory Database
Blast Radius: 4.7
Published: 11 months ago
Low
GSA_kwCzR0hTQS1xcTk3LXZtNWgtcnJoZ80psQ
OCI Manifest Type Confusion Issue
Ecosystems: go
Packages: github.com/docker/distribution
Source: GitHub Advisory Database
Blast Radius: 13.6
Published: over 2 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJjeGYtNjU2Ny03cHA2
Local Information Disclosure Vulnerability
Ecosystems: maven
Packages: com.datadoghq:datadog-api-client
Source: GitHub Advisory Database
Blast Radius: 2.9
Published: about 3 years ago
Low
GSA_kwCzR0hTQS03N3ZoLXhwbWctNzJxaM0XWQ
Clarify `mediaType` handling
Ecosystems: go
Packages: github.com/opencontainers/image-spec
Source: GitHub Advisory Database
Blast Radius: 13.6
Published: over 2 years ago
Low
GSA_kwCzR0hTQS04cTJtLXB3eGYtamM3Z84AAY6T
python-keystoneclient unsecure user password update
Ecosystems: pypi
Packages: python-keystoneclient
Source: GitHub Advisory Database
Blast Radius: 10.1
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS1xcHhtLTY4OXItMzg0Oc4AA5gL
Apache Camel data exposure vulnerability
Ecosystems: maven
Packages: org.apache.camel:camel-core
Source: GitHub Advisory Database
Blast Radius: 11.4
Published: 3 months ago
Low
GSA_kwCzR0hTQS1xdjk1LWczZ20teDU0Ms0Wfg
Hashicorp Vault Privilege Escalation Vulnerability
Ecosystems: go
Packages: github.com/hashicorp/vault
Source: GitHub Advisory Database
Blast Radius: 9.8
Published: over 2 years ago
Low
GSA_kwCzR0hTQS1ocWZ4LTR4NHctdm13cM0-2g
Openstack nova qcow format could expose host filesystem information
Ecosystems: pypi
Packages: nova
Source: GitHub Advisory Database
Blast Radius: 4.5
Published: about 2 years ago
Low
GSA_kwCzR0hTQS1qZjJwLTRncWotODQ5Z84AAwED
Temporary File Information Disclosure vulnerability in MPXJ
Ecosystems: pypi, nuget, maven
Packages: mpxj, net.sf.mpxj-for-vb, net.sf.mpxj-for-csharp, net.sf.mpxj, net.sf.mpxj:mpxj
Source: GitHub Advisory Database
Blast Radius: 8.1
Published: over 1 year ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWZ4M3YtNTUzeC0zYzRx
Stored XSS by authenticated backend user with access to upload files
Ecosystems: packagist
Packages: october/backend
Source: GitHub Advisory Database
Blast Radius: 7.0
Published: over 3 years ago
Low
GSA_kwCzR0hTQS01Z3A1LXZ4ajYtNDI1N84AAx9T
OpenStack Glance Inclusion of Functionality from Untrusted Control Sphere vulnerability
Ecosystems: pypi
Packages: glance
Source: GitHub Advisory Database
Blast Radius: 3.1
Published: about 1 year ago
Low
GSA_kwCzR0hTQS1jcTk2LTk5NzQtdjhobc4AA6LE
Dynamic Variable Evaluation in qiskit-ibm-runtime
Ecosystems: pypi
Packages: qiskit-ibm-runtime
Source: GitHub Advisory Database
Blast Radius: 3.1
Published: about 2 months ago
Low
GSA_kwCzR0hTQS1mYzc1LTU4cjgtcm0zaM4AA2kA
Wagtail vulnerable to disclosure of user names via admin bulk action views
Ecosystems: pypi
Packages: wagtail
Source: GitHub Advisory Database
Blast Radius: 8.9
Published: 7 months ago
Low
GSA_kwCzR0hTQS0zMmZmLTRnNzktdmdmY84AAtvO
Flask-AppBuilder before v4.1.3 allows inference of sensitive information through query strings
Ecosystems: pypi
Packages: Flask-AppBuilder
Source: GitHub Advisory Database
Blast Radius: 7.5
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS01Zmg3LTdtdzctbW14Nc4AA7VJ
Mattermost allows team admins to promote guests to team admins
Ecosystems: go
Packages: github.com/mattermost/mattermost-server
Source: GitHub Advisory Database
Blast Radius: 5.6
Published: 19 days ago
Low
GSA_kwCzR0hTQS1tNHdoLTg0OGotOXcycs4AAixg
Katello cleartext password storage issue
Ecosystems: rubygems
Packages: katello
Source: GitHub Advisory Database
Blast Radius: 2.7
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS01cXg5LTlmZmotNXI4Zs4AA7VE
Mattermost fails to fully validate role changes
Ecosystems: go
Packages: github.com/mattermost/mattermost-server
Source: GitHub Advisory Database
Blast Radius: 5.6
Published: 19 days ago
Low
GSA_kwCzR0hTQS0zcncyLXdmYzgtd21qNc4AA0xu
Fides Webserver Vulnerable to SVG Bomb File Uploads
Ecosystems: pypi
Packages: ethyca-fides
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 10 months ago
Low
GSA_kwCzR0hTQS1nOTVjLTJqZ20taHFjNs4AA0xt
Fides Webserver Vulnerable to Zip Bomb File Uploads
Ecosystems: pypi
Packages: ethyca-fides
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 10 months ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWo2cWotajg4OC12dmdx
Directory exposure in jetty
Ecosystems: maven
Packages: org.eclipse.jetty:jetty-deploy
Source: GitHub Advisory Database
Blast Radius: 9.3
Published: about 3 years ago
Low
GSA_kwCzR0hTQS1oOHdoLWY3Z3ctZndwcs4AA2I9
Mattermost Incorrect Authorization vulnerability
Ecosystems: go
Packages: github.com/mattermost/mattermost-server/v6, github.com/mattermost/mattermost/server/v8
Source: GitHub Advisory Database
Blast Radius: 6.0
Published: 8 months ago
Low
GSA_kwCzR0hTQS1mN3F3LWpqOWMtcnBxOc4AAzkQ
In Lima, a malicious disk image could read a single file on the host filesystem as a qcow2/vmdk backing file
Ecosystems: go
Packages: github.com/lima-vm/lima
Source: GitHub Advisory Database
Blast Radius: 3.8
Published: 12 months ago
Low
GSA_kwCzR0hTQS1jNWdqLXc0aHgtZ3ZteM0t6A
Business Logic Errors in microweber
Ecosystems: packagist
Packages: microweber/microweber
Source: GitHub Advisory Database
Blast Radius: 1.9
Published: about 2 years ago
Low
GSA_kwCzR0hTQS13anB2LWZyZjItM3I1OM4AAvFz
EC-CUBE Directory traversal vulnerability
Ecosystems: packagist
Packages: ec-cube/ec-cube
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXY5bWYtamdxMy1jMjho
Data Amplification in Play Framework
Ecosystems: maven
Packages: com.typesafe.play:play
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Low
GSA_kwCzR0hTQS1yd2Y3LTY1MmYtNzZtds4AAml3
Magento 2 Community Edition vulnerable to Improper Authorization
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 2.9
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS1ycDY1LWpwYzctOGg4cM4AA2I7
Mattermost Incorrect Authorization vulnerability
Ecosystems: go
Packages: github.com/mattermost/mattermost-server/v6, github.com/mattermost/mattermost/server/v8
Source: GitHub Advisory Database
Blast Radius: 6.0
Published: 8 months ago
Low
GSA_kwCzR0hTQS03Y3A3LWpmcDYtamg0Zs4AAxFz
Shopware's log module vulnerable to Improper Output Neutralization
Ecosystems: packagist
Packages: shopware/core, shopware/platform
Source: GitHub Advisory Database
Blast Radius: 6.7
Published: over 1 year ago
Low
GSA_kwCzR0hTQS05cXJwLWg3ZnctNDJoZ84AArTY
Path Traversal in XWiki Platform
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-oldcore
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS1qaHByLWo3Y3EtM2pwM84AAz_s
Flask-AppBuilder vulnerable to possible disclosure of sensitive information on user error
Ecosystems: pypi
Packages: Flask-AppBuilder
Source: GitHub Advisory Database
Blast Radius: 7.5
Published: 11 months ago
Low
GSA_kwCzR0hTQS1jajd2LTI3cGctd2Y3cc4AAtJM
Jetty invalid URI parsing may produce invalid HttpURI.authority
Ecosystems: maven
Packages: org.eclipse.jetty:jetty-http
Source: GitHub Advisory Database
Blast Radius: 10.5
Published: almost 2 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZyNTgtNHhnci1nbTZt
SilverStripe Priviledge escalation through cache pollution
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 9.8
Published: over 4 years ago
Low
GSA_kwCzR0hTQS13MnY4LXBocDQtcDhoY84AA7eE
Wagtail has permission check bypass when editing a model with per-field restrictions through `wagtail.contrib.settings` or `ModelViewSet`
Ecosystems: pypi
Packages: wagtail
Source: GitHub Advisory Database
Blast Radius: 8.9
Published: 14 days ago
Low
GSA_kwCzR0hTQS1weGh3LTU5NnItcndxNc4AA7Ph
Kubernetes allows bypassing mountable secrets policy imposed by the ServiceAccount admission plugin
Ecosystems: go
Packages: k8s.io/kubernetes
Source: GitHub Advisory Database
Blast Radius: 11.6
Published: 23 days ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJ2ZmMtZzhqNS05Y2Nm
Generation of Error Message Containing Sensitive Information in Keycloak
Ecosystems: maven
Packages: org.keycloak:keycloak-parent
Source: GitHub Advisory Database
Blast Radius: 4.4
Published: over 2 years ago
Low
GSA_kwCzR0hTQS1jZ2hnLWpjdjYtNHY1bc4AASj5
Jenkins Coverity Plugin has Insufficiently Protected Credentials
Ecosystems: maven
Packages: org.jenkins-ci.plugins:coverity
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Low
GSA_kwCzR0hTQS0zOXJ3LTRtNjYtODJnZs4AAmmH
Magento incorrect user permissions vulnerability within the Inventory component
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 2.9
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS1ocHYzLWY1cDctcHhqOc4AA2rA
Jenkins lambdatest-automation Plugin may expose Credentials access token
Ecosystems: maven
Packages: org.jenkins-ci.plugins:lambdatest-automation
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 months ago
Low
GSA_kwCzR0hTQS05Zm1jLTVmcTQtNWp3aM4AAvx0
HashiCorp Nomad vulnerable to Insufficient Session Expiration
Ecosystems: go
Packages: github.com/hashicorp/nomad
Source: GitHub Advisory Database
Blast Radius: 6.3
Published: over 1 year ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTUybXEtNmpjdi1qNzl4
User content sandbox can be confused into opening arbitrary documents
Ecosystems: npm
Packages: matrix-react-sdk
Source: GitHub Advisory Database
Blast Radius: 4.9
Published: about 3 years ago
Low
GSA_kwCzR0hTQS0zZzM1LXY1M3ItZ3B4Y84AA5qJ
Mattermost race condition
Ecosystems: go
Packages: github.com/mattermost/mattermost/server/v8
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
Statistics
Advisories: 18,592
Packages: 8,342
Repositories: 446
Ecosystems: 12
Filter by Severity
Moderate 8,063 High 6,401 Critical 2,824 Low 1,012
Filter by Ecosystem
pypi 458 maven 282 packagist 175 npm 129 go 125 rubygems 49 cargo 40 nuget 19 hex 3 pub 1 swift 1 actions 1
Filter by Package
tensorflow 109 tensorflow-cpu 93 tensorflow-gpu 93 moodle/moodle 17 concrete5/concrete5 13 shopware/platform 12 typo3/cms 11 shopware/core 10 phpmyadmin/phpmyadmin 10 github.com/mattermost/mattermost/server/v8 10 nova 9 org.jenkins-ci.main:jenkins-core 9 org.apache.tomcat:tomcat 9 vyper 7 matrix-synapse 7 Umbraco.CMS 6 puppet 6 sweetalert2 5 helm.sh/helm/v3 5 baserproject/basercms 5 typo3/cms-core 5 undici 5 wasmtime 5 ansible 5 rack 5 k8s.io/kubernetes 5 october/backend 5 org.keycloak:keycloak-services 4 electron 4 helm.sh/helm 4 github.com/cilium/cilium 4 actionpack 4 com.vaadin:flow-server 4 github.com/mattermost/mattermost-server/v6 4 simplesamlphp/simplesamlphp 4 magento/community-edition 4 shopware/shopware 4 org.graylog2:graylog2-server 3 github.com/mattermost/mattermost-server 3 @openzeppelin/contracts-upgradeable 3 sylius/sylius 3 passenger 3 ethyca-fides 3 bin-links 3 com.vaadin:vaadin-bom 3 wagtail 3 glance 3 ckb 3 org.apache.hive:hive 3 org.apache.hive:hive-service 3 symfony/symfony 3 github.com/cosmos/cosmos-sdk 3 org.apache.hive:hive-exec 3 httplib2 3 cryptography 3 plone 3 nautobot 3 node-forge 3 go.etcd.io/etcd 3 org.jenkins-ci.plugins:azure-ad 2 ceph-deploy 2 github.com/hashicorp/nomad 2 typo3/cms-frontend 2 gilacms/gila 2 salt 2 org.jenkins-ci.plugins:bigpanda-jenkins 2 node-ipc 2 Django 2 github.com/answerdev/answer 2 next-auth 2 github.com/authzed/spicedb 2 Pillow 2 github.com/containerd/containerd 2 org.jenkins-ci.plugins:ec2 2 github.com/sigstore/cosign 2 braces 2 winter/wn-backend-module 2 django 2 Flask-Security-Too 2 com.inedo.proget:inedo-proget 2 tuf 2 moin 2 horizon 2 october/cms 2 github.com/mattermost/mattermost-plugin-jira 2 com.ruoyi:ruoyi 2 org.apache.activemq:activemq-parent 2 @openzeppelin/contracts 2 craftcms/cms 2 parse-server 2 Nova 2 activesupport 2 flarum/core 2 org.jenkins-ci.plugins:artifactory 2 github.com/ntbosscher/gobase 2 langchain 2 org.jenkins-ci.plugins:wso2id-oauth 2 nokogiri 2 tools.devnull:build-notifications 2 @apollo/server 2 microweber/microweber 2 keystone 2 github.com/cometbft/cometbft 2 org.bouncycastle:bcprov-jdk14 2 pip 2 OctoPrint 2 github.com/opencontainers/runc 2 silverstripe/framework 2 Zope 2 grumpydictator/firefly-iii 2 aiohttp 2 typo3/cms-install 2 github.com/mutagen-io/mutagen 2 go.etcd.io/etcd/client/v3 2 org.jenkins-ci.plugins:mercurial 2 org.jenkins-ci.plugins:repository-connector 2 ezsystems/ezplatform-kernel 2 ezsystems/ezpublish-kernel 2 Flask-AppBuilder 2 org.eclipse.jetty:jetty-server 2 vantage6 2 cargo 2 s2n-quic 2 symfony/security-http 2 org.xwiki.platform:xwiki-platform-oldcore 2 es5-ext 1 fast-xml-parser 1 org.xwiki.platform:xwiki-platform-security-authentication-script 1 ajenti 1 org.jenkins-ci.plugins:snsnotify 1 org.scala-sbt:io_3 1 org.scala-sbt:io_2.13 1 org.scala-sbt:io_2.12 1 org.scala-sbt:sbt 1 org.keycloak:keycloak-core 1 org.jenkins-ci.plugins:openshift-deployer 1 @diez/generation 1 github.com/oauth2-proxy/oauth2-proxy 1 github.com/oauth2-proxy/oauth2-proxy/v7 1 github.com/nats-io/nats-server/v2 1 wiremock 1 com.github.tomakehurst:wiremock-jre8-standalone 1 com.github.tomakehurst:wiremock-jre8 1 org.wiremock:wiremock 1 org.wiremock:wiremock-standalone 1 rabbit_common 1 @liquity/contracts 1 github.com/Masterminds/goutils 1 automad/automad 1 mindspore 1 go.elastic.co/apm 1 kafo 1 net.sf.mpxj:mpxj 1 net.sf.mpxj 1 net.sf.mpxj-for-csharp 1 net.sf.mpxj-for-vb 1 mpxj 1 keylime 1 kimai/kimai 1 zerocopy 1 francoisjacquet/rosariosis 1 RPLY 1 seneca 1 hooka-tools 1 github.com/canonical/lxd 1 org.bouncycastle:bcprov-jdk13 1 org.bouncycastle:bcprov-jdk12 1 io.jenkins.plugins:gitlab-branch-source 1 org.springframework.batch:spring-batch-core 1 org.jenkins-ci.plugins:ghprb 1 com.xuxueli:xxl-job-core 1 virtualenv 1 com.typesafe.play:play 1 ember-source 1 @aedart/support 1 streamlit 1 org.jenkins-ci.plugins:reverse-proxy-auth-plugin 1 thelounge 1 flarum/framework 1 Werkzeug 1 django-basic-auth-ip-whitelist 1 qutebrowser 1 njwt 1 github.com/flyteorg/flyteadmin 1 plone.restapi 1 datasette-graphql 1 org.keycloak:keycloak-server-spi-private 1 spina 1 admidio/admidio 1 phpmyfaq/phpmyfaq 1 solidus_backend 1 debug 1 org.keycloak:keycloak-parent 1 org.xmlunit:xmlunit-core 1 github.com/consensys/gnark-crypto 1 github.com/tendermint/tendermint 1 github.com/aws/aws-sdk-go 1 github.com/goharbor/harbor 1 croogo/croogo 1 @floffah/build 1
Filter by Repository
https://github.com/tensorflow/tensorflow 109 https://github.com/moodle/moodle 17 https://github.com/concretecms/concretecms 13 https://github.com/shopware/platform 12 https://github.com/openstack/nova 11 https://github.com/etcd-io/etcd 8 https://github.com/umbraco/Umbraco-CMS 7 https://github.com/matrix-org/synapse 7 https://github.com/phpmyadmin/phpmyadmin 7 https://github.com/eclipse/jetty.project 7 https://github.com/vyperlang/vyper 7 https://github.com/octobercms/october 7 https://github.com/rails/rails 6 https://github.com/sweetalert2/sweetalert2 5 https://github.com/rack/rack 5 https://github.com/nodejs/undici 5 https://github.com/ansible/ansible 5 https://github.com/helm/helm 5 https://github.com/kubernetes/kubernetes 5 https://github.com/keycloak/keycloak 5 https://github.com/bytecodealliance/wasmtime 5 https://github.com/baserproject/basercms 5 https://github.com/TYPO3/typo3 5 https://github.com/xwiki/xwiki-platform 5 https://github.com/puppetlabs/puppet 5 https://github.com/jenkinsci/jenkins 5 https://github.com/simplesamlphp/simplesamlphp 4 https://github.com/apache/tomcat 4 https://github.com/cilium/cilium 4 https://github.com/wintercms/winter 4 https://github.com/shopware/shopware 4 https://github.com/electron/electron 4 https://github.com/mattermost/mattermost 4 https://github.com/vaadin/platform 4 https://github.com/vaadin/flow 3 https://github.com/CVEProject/cvelist 3 https://github.com/nautobot/nautobot 3 https://github.com/ethyca/fides 3 https://github.com/Graylog2/graylog2-server 3 https://github.com/symfony/symfony 3 https://github.com/openstack/keystone 3 https://github.com/Sylius/Sylius 3 https://github.com/pyca/cryptography 3 https://github.com/digitalbazaar/forge 3 https://github.com/wagtail/wagtail 3 https://github.com/httplib2/httplib2 3 https://github.com/vantage6/vantage6 3 https://github.com/django/django 3 https://github.com/phusion/passenger 3 https://github.com/cosmos/cosmos-sdk 3 https://github.com/nervosnetwork/ckb 3 https://github.com/apache/activemq 2 https://gitlab.com/sequoia-pgp/sequoia 2 https://github.com/dpgaspar/Flask-AppBuilder 2 https://github.com/GilaCMS/gila 2 https://github.com/mutagen-io/mutagen 2 https://github.com/answerdev/answer 2 https://github.com/sigstore/cosign 2 https://github.com/opencontainers/runc 2 https://github.com/parse-community/parse-server 2 https://github.com/aio-libs/aiohttp 2 https://github.com/sparklemotion/nokogiri 2 https://github.com/aws/s2n-quic 2 https://github.com/ntbosscher/gobase 2 https://github.com/openstack/horizon 2 https://github.com/microweber/microweber 2 https://github.com/zopefoundation/Zope 2 https://github.com/openstack/glance 2 https://github.com/quarkusio/quarkus 2 https://github.com/jenkinsci/ec2-plugin 2 https://github.com/OpenZeppelin/openzeppelin-contracts 2 https://github.com/TYPO3/TYPO3.CMS 2 https://github.com/hashicorp/nomad 2 https://github.com/authzed/spicedb 2 https://github.com/cometbft/cometbft 2 https://github.com/RIAEvangelist/node-ipc 2 https://github.com/containerd/containerd 2 https://github.com/Flask-Middleware/flask-security 2 https://github.com/bcgit/bc-java 2 https://github.com/mattermost/mattermost-plugin-jira 2 https://github.com/nats-io/nats-server 2 https://github.com/nextauthjs/next-auth 2 https://github.com/apollographql/apollo-server 2 https://github.com/ceph/ceph-deploy 2 https://github.com/octoprint/octoprint 2 https://github.com/micromatch/braces 2 https://github.com/rust-lang/cargo 2 https://github.com/craftcms/cms 2 https://github.com/theupdateframework/python-tuf 2 https://github.com/flarum/framework 2 https://github.com/pypa/pip 2 https://github.com/opencontainers/distribution-spec 2 https://github.com/ezsystems/ezplatform-kernel 2 https://github.com/firefly-iii/firefly-iii 2 https://github.com/saltstack/salt 2 https://github.com/electron-userland/electron-packager 1 https://github.com/ktorio/ktor 1 https://github.com/PrestaShop/productcomments 1 https://github.com/mlflow/mlflow 1 https://github.com/kopia/kopia 1 https://github.com/jcubic/jquery.terminal 1 https://github.com/floriangaerber/Magnesium-PHP 1 https://github.com/lexik/LexikJWTAuthenticationBundle 1 https://github.com/aedart/ion 1 https://github.com/kitabisa/teler 1 https://github.com/firebase/firebase-tools 1 https://github.com/jeremylong/DependencyCheck 1 https://github.com/tauri-apps/tauri 1 https://github.com/node-red/node-red 1 https://github.com/ubernostrum/django-registration 1 https://github.com/personnummer/php 1 https://github.com/tendermint/tendermint 1 https://github.com/elastic/apm-agent-dotnet 1 https://github.com/plone/Products.CMFPlone 1 https://github.com/jenkinsci/mercurial-plugin 1 https://github.com/canonical/lxd 1 https://github.com/thelounge/thelounge 1 https://github.com/jenkinsci/parameterized-remote-trigger-plugin 1 https://github.com/google/zerocopy 1 https://github.com/ezsystems/ezpublish-kernel 1 https://github.com/tinymce/tinymce 1 https://github.com/NVIDIA/NeMo 1 https://github.com/vapor/postgres-nio 1 https://github.com/jquery-validation/jquery-validation 1 https://github.com/zopefoundation/Products.PluggableAuthService 1 https://github.com/Azure/setup-kubectl 1 https://github.com/swagger-api/swagger-codegen 1 https://github.com/knative-extensions/eventing-github 1 https://github.com/dojo/dijit 1 https://github.com/fluent/fluentd 1 https://github.com/joeferner/redis-commander 1 https://github.com/fastify/fastify-http-proxy 1 https://github.com/brefphp/bref 1 https://github.com/medikoo/es5-ext 1 https://github.com/jenkinsci/resource-disposer-plugin 1 https://github.com/jenkinsci/email-ext-plugin 1 https://github.com/python-imaging/Pillow 1 https://github.com/jenkinsci/qmetry-for-jira-test-management-plugin 1 https://github.com/Cyber-Domain-Ontology/CDO-Utility-Local-UUID 1 https://github.com/simplegeo/python-oauth2 1 https://github.com/decidim/decidim 1 https://github.com/spinacms/spina 1 https://github.com/rust-vmm/linux-loader 1 https://github.com/elastic/apm-agent-go 1 https://github.com/amundsen-io/amundsenfrontendlibrary 1 https://github.com/personnummer/go 1 https://github.com/keylime/keylime 1 https://github.com/vega/vega 1 https://github.com/Masterminds/goutils 1 https://github.com/skylot/jadx 1 https://github.com/cloudfoundry/uaa 1 https://github.com/directus/directus 1 https://github.com/Twipped/ircdkit 1 https://github.com/openjdk/jfx 1 https://github.com/impredicative/bitlyshortener 1 https://github.com/livehelperchat/livehelperchat 1 https://github.com/CosmWasm/cosmwasm 1 https://github.com/cjvnjde/google-translate-api-browser 1 https://github.com/jenkinsci/gitlab-plugin 1 https://github.com/zowe/imperative 1 https://github.com/dub-flow/vulnerability-research 1 https://github.com/jenkinsci/digitalocean-plugin 1 https://github.com/theupdateframework/go-tuf 1 https://github.com/arguiot/EyeJS 1 https://github.com/croogo/croogo 1 https://github.com/triaxtec/openapi-python-client 1 https://github.com/npm/npm 1 https://github.com/derbyjs/derby 1 https://github.com/puma/puma 1 https://github.com/endojs/endo 1 https://github.com/moq/moq 1 https://github.com/rails/globalid 1 https://github.com/zopefoundation/Products.GenericSetup 1 https://github.com/rust-vmm/vm-memory 1 https://github.com/yourls/yourls 1 https://github.com/xuxueli/xxl-job 1 https://github.com/ajenti/ajenti 1 https://github.com/argoproj/argo-workflows 1 https://github.com/containers/podman 1 https://github.com/mapfish/mapfish-print 1 https://github.com/OpenZeppelin/openzeppelin-contracts-upgradeable 1 https://github.com/jenkinsci/m2release-plugin 1 https://github.com/tlsfuzzer/tlslite-ng 1 https://github.com/openstack/neutron 1 https://github.com/Nebulosus/shamir 1 https://github.com/tailscale/tailscale 1 https://github.com/matrix-org/vodozemac 1 https://github.com/tm-kn/django-basic-auth-ip-whitelist 1 https://github.com/alphagov/tech-docs-gem 1 https://github.com/Bouke/django-user-sessions 1 https://github.com/ericcornelissen/shescape 1 https://sourceforge.net/projects/sourceforge.net 1 https://github.com/memorysafety/sudo-rs 1 https://gitlab.com/edneville/please 1 https://github.com/xmlunit/xmlunit 1 https://github.com/octokit/octopoller.rb 1 https://github.com/disintegration/imaging 1 https://github.com/gradle/gradle 1 https://github.com/node-js-libs/cli 1