Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Low Security Advisories

Loading...
Low
GSA_kwCzR0hTQS14NjdnLTQ3cDMtcmM3Zs4AAzg9
MindSpore vulnerable to memory corruption
Ecosystems: pypi
Packages: mindspore
Source: GitHub Advisory Database
Blast Radius: 5.5
Published: 12 months ago
Low
GSA_kwCzR0hTQS03ajloLWNoMzgtNDc0cs4AA398
Stored Cross-site scripting affecting automad/automad
Ecosystems: packagist
Packages: automad/automad
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 5 months ago
Low
GSA_kwCzR0hTQS1xZ205LXJ4bXEtanhtcc4AA6nk
Concrete CMS Stored XSS in the Search Field
Ecosystems: packagist
Packages: concrete5/concrete5
Source: GitHub Advisory Database
Blast Radius: 2.6
Published: about 1 month ago
Low
GSA_kwCzR0hTQS1yN3E0LWN3OXItdmhwNM4AA6nj
Concrete CMS Stored XSS in the Custom Class page editing
Ecosystems: packagist
Packages: concrete5/concrete5
Source: GitHub Advisory Database
Blast Radius: 2.6
Published: about 1 month ago
Low
GSA_kwCzR0hTQS14d3JoLXF4bWMteDhjOM4AA6ni
Concrete CMS Cross-site Scripting (XSS) in the Advanced File Search Filter
Ecosystems: packagist
Packages: concrete5/concrete5
Source: GitHub Advisory Database
Blast Radius: 2.6
Published: about 1 month ago
Low
GSA_kwCzR0hTQS1wajQyLXI2NGYtNHhmcc4AA6ng
Concrete CMS Stored XSS on the calendar color settings screen
Ecosystems: packagist
Packages: concrete5/concrete5
Source: GitHub Advisory Database
Blast Radius: 1.7
Published: about 1 month ago
Low
GSA_kwCzR0hTQS05cWhjLXBnNmotd2YyM84AA6nm
Concrete CMS Stored XSS in blocks of type file
Ecosystems: packagist
Packages: concrete5/concrete5
Source: GitHub Advisory Database
Blast Radius: 2.6
Published: about 1 month ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTRyY3EtanYyZi04OThq
Incorrect Provision of Specified Functionality in qutebrowser
Ecosystems: pypi
Packages: qutebrowser
Source: GitHub Advisory Database
Blast Radius: 4.6
Published: about 4 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW0zOGotcG1nMy12NXg1
Timing attack on django-basic-auth-ip-whitelist
Ecosystems: pypi
Packages: django-basic-auth-ip-whitelist
Source: GitHub Advisory Database
Blast Radius: 3.3
Published: almost 4 years ago
Low
GSA_kwCzR0hTQS1tNHY4LXdxdnItcDlmN84AA6o1
Undici's Proxy-Authorization header not cleared on cross-origin redirect for dispatch, request, stream, pipeline
Ecosystems: npm
Packages: undici
Source: GitHub Advisory Database
Blast Radius: 19.5
Published: about 1 month ago
Low
GSA_kwCzR0hTQS05dzk3LTlycXgtOHY0as4AA4Jd
Mattermost allows demoted guests to change group names
Ecosystems: go
Packages: github.com/mattermost/mattermost/server/v8
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 months ago
Low
GSA_kwCzR0hTQS1ocWZ4LTR4NHctdm13cM0-2g
Openstack nova qcow format could expose host filesystem information
Ecosystems: pypi
Packages: nova
Source: GitHub Advisory Database
Blast Radius: 4.5
Published: about 2 years ago
Low
GSA_kwCzR0hTQS0yMmptLTRoeHctMzVqZs4AAjo7
OpenStack Nova can leak consoleauth token into log files
Ecosystems: pypi
Packages: Nova
Source: GitHub Advisory Database
Blast Radius: 5.3
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS1weDhoLTZxeHYtbTIycc4AAxpo
Incorrect parsing of nameless cookies leads to __Host- cookies bypass
Ecosystems: pypi
Packages: Werkzeug
Source: GitHub Advisory Database
Blast Radius: 12.5
Published: about 1 year ago
Low
GSA_kwCzR0hTQS03MzNyLTh4Y3Atdzltcs4AA4N5
Flarum's logout Route allows open redirects
Ecosystems: packagist
Packages: flarum/framework, flarum/core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 months ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW1qOXAtdjJyOC13Zjh3
Cross-site scripting in SimpleSAMLphp
Ecosystems: packagist
Packages: simplesamlphp/simplesamlphp
Source: GitHub Advisory Database
Blast Radius: 11.0
Published: over 4 years ago
Low
GSA_kwCzR0hTQS1nNDlxLWp3NDItNng4Nc4AA74Q
thelounge may publicly disclose of all usernames/idents via port 113
Ecosystems: npm
Packages: thelounge
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 days ago
Low
GSA_kwCzR0hTQS12MmY5LXJ2Nnctdnc4cs4AA74X
Sylius potentially vulnerable to Cross Site Scripting via "Name" field (Taxons, Products, Options, Variants) in Admin Panel
Ecosystems: packagist
Packages: sylius/sylius
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 5 days ago
Low
GSA_kwCzR0hTQS1tOWoyLWdycWYtZmcyNs4AAW5D
Jenkins Reverse Proxy Auth Plugin allows attackers with local file system access to obtain a list of authorities for logged in users
Ecosystems: maven
Packages: org.jenkins-ci.plugins:reverse-proxy-auth-plugin
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Low
GSA_kwCzR0hTQS04cXc5LWdmN3ctNDJ4Nc4AA4a1
Minor fix to previous patch for CVE-2022-35918
Ecosystems: pypi
Packages: streamlit
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 months ago
Low
GSA_kwCzR0hTQS13d3hoLTc0ZngtMzNjNs4AAzCl
Possible prototype pollution in metadata record, when using meta decorator
Ecosystems: npm
Packages: @aedart/support
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
Low
GSA_kwCzR0hTQS0zcDg3LXczYzUtMjdnZs4AAd7r
phpMyAdmin Multiple XSS Vulnerabilities After Inline Editing and Save
Ecosystems: packagist
Packages: phpmyadmin/phpmyadmin
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTRxNTMtZnFoYy1jcjQ2
ember-source Cross-site Scripting vulnerability
Ecosystems: rubygems
Packages: ember-source
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 5 years ago
Low
GSA_kwCzR0hTQS1yNGZtLWc2NWgtY3I1NM4AA5qG
Mattermost incorrectly allows access individual posts
Ecosystems: go
Packages: github.com/mattermost/mattermost/server/v8
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
Low
GSA_kwCzR0hTQS1yOTVoLTl4OGYtcjNmN84AA74p
Nokogiri updates packaged libxml2 to v2.12.7 to resolve CVE-2024-34459
Ecosystems: rubygems
Packages: nokogiri
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 days ago
Low
GSA_kwCzR0hTQS0zNzg3LTZwcnYtaDl3M84AA5Vg
Undici proxy-authorization header not cleared on cross-origin redirect in fetch
Ecosystems: npm
Packages: undici
Source: GitHub Advisory Database
Blast Radius: 19.5
Published: 3 months ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXY5bWYtamdxMy1jMjho
Data Amplification in Play Framework
Ecosystems: maven
Packages: com.typesafe.play:play
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Low
GSA_kwCzR0hTQS0zamhjLXdqcWYtNWYyY84AAf0J
Virtualenv Allows Symlink Attack on /tmp/
Ecosystems: pypi
Packages: virtualenv
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS0ydjQyLXhwM2otNDdtNM4AA6rp
Xuxueli xxl-job template injection vulnerability
Ecosystems: maven
Packages: com.xuxueli:xxl-job-core
Source: GitHub Advisory Database
Blast Radius: 11.0
Published: about 1 month ago
Low
GSA_kwCzR0hTQS04NzZqLTRxNzMtN2Y1Ns4AAW5C
Jenkins GitHub Pull Request Builder Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:ghprb
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTN3YzgtNjU5Zy1yODhx
Low severity vulnerability that affects org.springframework.batch:spring-batch-core
Ecosystems: maven
Packages: org.springframework.batch:spring-batch-core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 5 years ago
Low
GSA_kwCzR0hTQS1xZmM1LTZyM2otamoyMs4AAzmA
Go package github.com/cosmos/cosmos-sdk module x/crisis does NOT cause chain halt
Ecosystems: go
Packages: github.com/cosmos/cosmos-sdk
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 12 months ago
Low
GSA_kwCzR0hTQS1mODg5LXdmd20tNnA3bc4AAeuL
OpenStack Identity Keystone Privilege Escalation vulnerability
Ecosystems: pypi
Packages: keystone
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS1mNjdmLTJqNnItbTRjOc4AA4q0
Non-constant time webhook token comparison in Jenkins GitLab Branch Source Plugin
Ecosystems: maven
Packages: io.jenkins.plugins:gitlab-branch-source
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 4 months ago
Low
GSA_kwCzR0hTQS01M21yLTQ0cHAtY3JmNM3yaQ
pip lack of randomness in build directory
Ecosystems: pypi
Packages: pip
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Low
GSA_kwCzR0hTQS00aDhmLTJ3dngtZ2c1d84AA7vg
Bouncy Castle Java Cryptography API vulnerable to DNS poisoning
Ecosystems: maven
Packages: org.bouncycastle:bcprov-jdk12, org.bouncycastle:bcprov-jdk13, org.bouncycastle:bcprov-jdk14, org.bouncycastle:bcprov-jdk15to18, org.bouncycastle:bcprov-jdk18on
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 12 days ago
Low
GSA_kwCzR0hTQS1oaHBqLTZwajctd3B4Nc4AAdRw
OpenStack Neutron Race condition vulnerability
Ecosystems: pypi
Packages: neutron
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS1ocTNmLTlnZjctNzNyOM4AAaKV
Openstack Compute (Nova) Denial of service via network request that triggers large number of iptables rules
Ecosystems: pypi
Packages: nova
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS1ncnA1LWgzNzktajc1eM4AAU0P
OpenStack Nova live snapshots use an insecure local directory
Ecosystems: pypi
Packages: nova
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Low
GSA_kwCzR0hTQS1xNHBwLWozNmgtM2dxZ84AA1e3
Minimal `basti` IAM Policy Allows Shell Access
Ecosystems: npm
Packages: basti-cdk
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 9 months ago
Low
GSA_kwCzR0hTQS1jOWpwLTI0NGotdmg3OM30Cw
Moodle cross-site scripting (XSS) vulnerability
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Low
GSA_kwCzR0hTQS03NDd2LTUyYzQtOHZqOM4AA6y7
Contao: Unencoded insert tags in the frontend
Ecosystems: packagist
Packages: contao/core-bundle
Source: GitHub Advisory Database
Blast Radius: 10.2
Published: about 1 month ago
Low
GSA_kwCzR0hTQS1qajNqLW1oZ2MtZzRtNM30NQ
Moodle cross-site scripting (XSS) vulnerability
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Low
GSA_kwCzR0hTQS04ZzY4LTJoY2otaDh2Z83ydQ
OpenStack Dashboard (Horizon) Cross-site scripting (XSS) vulnerability in the Host Aggregates interface
Ecosystems: pypi
Packages: horizon
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Low
GSA_kwCzR0hTQS1qbXFwLTM3bTUtNDl3aM4AA8EQ
sshproxy vulnerable to SSH option injection
Ecosystems: go
Packages: github.com/cea-hpc/sshproxy
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 1 day ago
Low
GSA_kwCzR0hTQS14and4LTc4eDctcTZqY84AA8EH
TYPO3 vulnerable to an HTML Injection in the History Module
Ecosystems: packagist
Packages: typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 12.6
Published: 1 day ago
Low
GSA_kwCzR0hTQS03NXI2LTZqZzgtcGZjcc4AA74i
octo-sts vulnerable to unauthenticated attacker causing unbounded CPU and memory usage
Ecosystems: go
Packages: github.com/octo-sts/app
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 2 days ago
Low
GSA_kwCzR0hTQS00eHc2LWhqNXAtNGo3Oc4AAetK
OpenStack Glance sensitive information disclosure via logs
Ecosystems: pypi
Packages: glance
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS1jOHc5LTgzdmctcjh2ds4AAZ6A
OpenStack Glance is vulnerable to Exposure of Sensitive Information
Ecosystems: pypi
Packages: glance
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS12NzI1LWM1ODgtaDkzNs4AAty1
OpenStack Nova Changing vnic_type breaks compute service restart
Ecosystems: pypi
Packages: nova
Source: GitHub Advisory Database
Blast Radius: 5.3
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS1jNnFnLWNqajgtNDdxcM4AAyIq
Possible Denial of Service Vulnerability in Rack's header parsing
Ecosystems: rubygems
Packages: rack
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
Low
GSA_kwCzR0hTQS14cDlqLThwNjgtOXE5M84AA6p2
Mattermost Server Improper Access Control
Ecosystems: go
Packages: github.com/mattermost/mattermost/server/v8
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 month ago
Low
GSA_kwCzR0hTQS00M2NtLTczcHgtNXY0bc4AAfDv
OpenStack Compute (Nova) Resource limit circumvention in Nova private flavors
Ecosystems: pypi
Packages: nova
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS1xM3J3LXdjajYtOGNqZs4AAe62
OpenStack Cinder LVMVolumeDriver does not zero deleted snapshots
Ecosystems: pypi
Packages: cinder
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS1weDZ2LTZqaGYtajQ2cs4AAxqD
CSRF vulnerability in Synopsys Jenkins Coverity Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:synopsys-coverity
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Low
GSA_kwCzR0hTQS1yeHJtLXh2cDQtanF2aM4AAeks
OpenStack Keystone Sensitive information disclosure via log files
Ecosystems: pypi
Packages: keystone
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWM0cXItZ21yOS12MjN3
Prefix escape
Ecosystems: npm
Packages: fastify-http-proxy
Source: GitHub Advisory Database
Blast Radius: 22.9
Published: about 3 years ago
Low
GSA_kwCzR0hTQS1nNnJ4LTJ3ODQteG1nas4AA1uu
CSRF vulnerability in Jenkins Frugal Testing Plugin
Ecosystems: maven
Packages: io.jenkins.plugins:frugal-testing
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 8 months ago
Low
GSA_kwCzR0hTQS0ydzg3LTVxY2otajZneM4AAefe
OpenStack Compute (Nova) Denial of service due to improper validation of virtual size of QCOW2 image
Ecosystems: pypi
Packages: nova
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS1wNnJwLW14ODUtbTQ1Oc4AA49f
Spring Cloud Contract vulnerable to local information disclosure
Ecosystems: maven
Packages: org.springframework.cloud:spring-cloud-contract-shade
Source: GitHub Advisory Database
Blast Radius: 3.8
Published: 4 months ago
Low
GSA_kwCzR0hTQS13NDI5LXhjNTUtaGM0OM4AAefd
OpenStack Nova host data leak to vm instance in rescue mode
Ecosystems: pypi
Packages: nova
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW0zM3YtMzM4aC00djlm
Path traversal in Node-Red
Ecosystems: npm
Packages: @node-red/runtime
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 3 years ago
Low
GSA_kwCzR0hTQS0zN3E1LXY1cW0tYzl2OM4AA649
Transformers Deserialization of Untrusted Data vulnerability
Ecosystems: pypi
Packages: transformers
Source: GitHub Advisory Database
Blast Radius: 15.3
Published: about 1 month ago
Low
GSA_kwCzR0hTQS01NjQ0LTJ2M2gtNXc0eM4AAefz
OpenStack Nova denial of service through compressed disk images
Ecosystems: pypi
Packages: nova
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS1qdjM0LXh2anEtcHBjaM4AAeqY
OpenStack Nova VMWare driver leaks rescued images
Ecosystems: pypi
Packages: nova
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTkzeGotOG1ydi00NDRt
Regular Expression Denial of Service (REDoS) in httplib2
Ecosystems: pypi
Packages: httplib2
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Low
GSA_kwCzR0hTQS13djhnLWZ4OWotcTJqZ84AAdaE
phpMyAdmin cross-site scripting Vulnerability via ENUM value
Ecosystems: packagist
Packages: phpmyadmin/phpmyadmin
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS1jZzRoLWNmanAtaDN4Ms4AAmgS
Password stored in plain text by Jenkins VMware Lab Manager Slaves Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:labmanager
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS1yM3c0LTM2eDYtN3I5Oc4AA8Ey
Nokogiri updates packaged libxml2 to v2.12.7 to resolve CVE-2024-34459
Ecosystems: rubygems
Packages: nokogiri
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 23 hours ago
Low
GSA_kwCzR0hTQS02ODQ1LXh3MjItZmZ4ds4AA5Ef
Vyper sha3 codegen bug
Ecosystems: pypi
Packages: vyper
Source: GitHub Advisory Database
Blast Radius: 8.8
Published: 3 months ago
Low
GSA_kwCzR0hTQS1qODVxLTQ2aGctMzZwMs4AA658
SpiceDB: LookupSubjects may return partial results if a specific kind of relation is used
Ecosystems: go
Packages: github.com/authzed/spicedb
Source: GitHub Advisory Database
Blast Radius: 2.7
Published: about 1 month ago
Low
GSA_kwCzR0hTQS1nZnJoLWd3cWMtNjNjds4AA5El
Sulu HTML Injection via Autocomplete Suggestion
Ecosystems: packagist
Packages: sulu/sulu
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
Low
GSA_kwCzR0hTQS04d2poLTU5Y3ctOXhoNM4AA8Ej
Grafana Forward OAuth Identity Token can allow users to access some data sources
Ecosystems: go
Packages: github.com/grafana/grafana
Source: GitHub Advisory Database
Blast Radius: 3.7
Published: about 23 hours ago
Low
GSA_kwCzR0hTQS1jOWNwLTljNzUtOXY4Y84AA8Eg
containerd started with non-empty inheritable Linux process capabilities
Ecosystems: go
Packages: github.com/containerd/containerd
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 24 hours ago
Low
GSA_kwCzR0hTQS1qajU0LTVxMm0tcTdwas4AA8Ef
NATS server TLS missing ciphersuite settings when CLI flags used
Ecosystems: go
Packages: https://pkg.go.dev/github.com/nats-io/nats-server/v2
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 24 hours ago
Low
GSA_kwCzR0hTQS1tcTZ2LXczNWctM2M5N84AA5C1
Local File Inclusion vulnerability in zmarkdown
Ecosystems: npm
Packages: zmarkdown
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
Low
GSA_kwCzR0hTQS12OTMzLXZ4NXAtajd3Ms4AAU0n
OpenStack Oslo utility sensitive information exposure via log files
Ecosystems: pypi
Packages: oslo.utils
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTR3NDYtdzQ0bS0zanEz
Parse Server stores password in plain text
Ecosystems: npm
Packages: parse-server
Source: GitHub Advisory Database
Blast Radius: 23.7
Published: over 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLThwZmgtbW0yZy1obWMz
Authenticated Server Side Request Forgery
Ecosystems: packagist
Packages: shopware/core, shopware/platform
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWNxNmgtdzNtYy01N2Y0
Information exposure via query strings in URL
Ecosystems: packagist
Packages: shopware/core, shopware/platform
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTVxNTgteDVoMi12NXJ4
Authenticated Privilege Escalation
Ecosystems: packagist
Packages: shopware/core, shopware/platform
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Low
GSA_kwCzR0hTQS1wam14LTRnYzYtaHd2OM4AAgJb
Drupal cross-site scripting vulnerability via actions feature and trigger module
Ecosystems: packagist
Packages: drupal/drupal
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS1jN2hoLTN2NmMtZmo0cc4AA1De
matrix-appservice-irc events can be crafted to leak parts of targeted messages from other bridged rooms
Ecosystems: npm
Packages: matrix-appservice-irc
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 10 months ago
Low
GSA_kwCzR0hTQS1obTU3LTRxcHgtZjczNM4AAjx2
Credentials transmitted in plain text by Jenkins DeployHub Plugin
Ecosystems: maven
Packages: com.openmake:deployhub
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS05cXhyLXFqNTQtaDY3Ms4AA6o2
Undici's fetch with integrity option is too lax when algorithm is specified but hash value is in incorrect
Ecosystems: npm
Packages: undici
Source: GitHub Advisory Database
Blast Radius: 13.0
Published: about 1 month ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTQ3cWctcTU4di03dnJw
UNEDITABLE_SCHEMAS and UNEDITABLE_TABLE_DESCRIPTION_MATCH_RULES not respected by frontend service backend
Ecosystems: pypi
Packages: amundsen-frontend
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXE5Y3AtbWM5Ni1tNHcy
XML External Entity in Dashboard Widget
Ecosystems: packagist
Packages: typo3/cms, typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 13.3
Published: over 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXh3aGYtZzZqNS1qNWdj
Float cast overflow undefined behavior
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 18.0
Published: over 3 years ago
Low
GSA_kwCzR0hTQS1qbTc3LXFwaGYtYzR3OM4AA0_V
pyca/cryptography's wheels include vulnerable OpenSSL
Ecosystems: pypi
Packages: cryptography
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 10 months ago
Low
GSA_kwCzR0hTQS01NmY4LWc2OHItajY5Oc4AAf1H
Cross-site Scripting in Apache Struts
Ecosystems: maven
Packages: org.apache.struts:struts2-core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS1wNHd3LWo0cHItcXc2cc4AA01M
RuoYi vulnerable to Cross-site Scripting
Ecosystems: maven
Packages: com.ruoyi:ruoyi
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 10 months ago
Low
GSA_kwCzR0hTQS1xMnd2LW0zcHEteHB2Oc4AAjx7
Credentials transmitted in plain text by Skytap Cloud CI Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:skytap
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS02OHA0LTk1eGYtN2d4OM4AA08P
Denial of service from large image
Ecosystems: go
Packages: github.com/crossplane/crossplane
Source: GitHub Advisory Database
Blast Radius: 4.7
Published: 10 months ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTU2cGMtNmpxcC14cWo4
Context isolation bypass in Electron
Ecosystems: npm
Packages: electron
Source: GitHub Advisory Database
Blast Radius: 27.8
Published: over 3 years ago
Low
GSA_kwCzR0hTQS00d3h3LTQyd3gtMndmeM4AA5MP
Apache Solr Schema Designer blindly "trusts" all configsets
Ecosystems: maven
Packages: org.apache.solr:solr-core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
Low
GSA_kwCzR0hTQS1xMjVoLWpjaDgtZ2ZycM4AA5MS
Concrete CMS vulnerable to stored XSS via the Role Name field
Ecosystems: packagist
Packages: concrete5/concrete5
Source: GitHub Advisory Database
Blast Radius: 1.7
Published: 3 months ago
Low
GSA_kwCzR0hTQS1xdmdnLXI2cnEtdndmeM4AA8G7
datadog/dd-trace Circumvents open_basedir INI directive
Ecosystems: packagist
Packages: datadog/dd-trace
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 3 hours ago
Low
GSA_kwCzR0hTQS05M3BtLTVwNWYtM2doeM4AAxD0
Denial of Service Vulnerability in Rack Content-Disposition parsing
Ecosystems: rubygems
Packages: rack
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Low
GSA_kwCzR0hTQS1qcTZnLTR2NW0td205cs4AA04k
Information Disclosure due to Out-of-scope Site Resolution
Ecosystems: packagist
Packages: typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 13.3
Published: 10 months ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW1md2gtNW0yMy1qNDZ3
Environment Variable Injection in GitHub Actions
Ecosystems: npm
Packages: @actions/core
Source: GitHub Advisory Database
Blast Radius: 18.1
Published: over 3 years ago
Statistics
Advisories: 18,644
Packages: 8,353
Repositories: 447
Ecosystems: 12
Filter by Severity
Moderate 8,091 High 6,413 Critical 2,834 Low 1,013
Filter by Ecosystem
pypi 458 maven 282 packagist 176 npm 129 go 125 rubygems 49 cargo 40 nuget 19 hex 3 pub 1 swift 1 actions 1
Filter by Package
tensorflow 109 tensorflow-gpu 93 tensorflow-cpu 93 moodle/moodle 17 concrete5/concrete5 13 shopware/platform 12 typo3/cms 11 github.com/mattermost/mattermost/server/v8 10 shopware/core 10 phpmyadmin/phpmyadmin 10 nova 9 org.apache.tomcat:tomcat 9 org.jenkins-ci.main:jenkins-core 9 matrix-synapse 7 vyper 7 Umbraco.CMS 6 puppet 6 undici 5 typo3/cms-core 5 k8s.io/kubernetes 5 wasmtime 5 sweetalert2 5 helm.sh/helm/v3 5 rack 5 october/backend 5 ansible 5 baserproject/basercms 5 electron 4 shopware/shopware 4 github.com/cilium/cilium 4 helm.sh/helm 4 org.keycloak:keycloak-services 4 magento/community-edition 4 github.com/mattermost/mattermost-server/v6 4 com.vaadin:flow-server 4 simplesamlphp/simplesamlphp 4 actionpack 4 github.com/cosmos/cosmos-sdk 3 bin-links 3 nautobot 3 go.etcd.io/etcd 3 org.graylog2:graylog2-server 3 ethyca-fides 3 plone 3 glance 3 @openzeppelin/contracts-upgradeable 3 wagtail 3 com.vaadin:vaadin-bom 3 org.apache.hive:hive-exec 3 org.apache.hive:hive-service 3 org.apache.hive:hive 3 ckb 3 node-forge 3 cryptography 3 passenger 3 httplib2 3 sylius/sylius 3 symfony/symfony 3 github.com/mattermost/mattermost-server 3 org.apache.activemq:activemq-parent 2 @openzeppelin/contracts 2 Flask-Security-Too 2 django 2 winter/wn-backend-module 2 silverstripe/framework 2 github.com/opencontainers/runc 2 braces 2 org.jenkins-ci.plugins:azure-ad 2 github.com/authzed/spicedb 2 next-auth 2 org.jenkins-ci.plugins:bigpanda-jenkins 2 github.com/cometbft/cometbft 2 org.jenkins-ci.plugins:wso2id-oauth 2 org.jenkins-ci.plugins:artifactory 2 activesupport 2 github.com/mattermost/mattermost-plugin-jira 2 horizon 2 s2n-quic 2 cargo 2 vantage6 2 org.jenkins-ci.plugins:repository-connector 2 org.jenkins-ci.plugins:mercurial 2 go.etcd.io/etcd/client/v3 2 github.com/mutagen-io/mutagen 2 typo3/cms-install 2 aiohttp 2 grumpydictator/firefly-iii 2 Zope 2 moin 2 com.inedo.proget:inedo-proget 2 github.com/sigstore/cosign 2 org.jenkins-ci.plugins:ec2 2 github.com/containerd/containerd 2 Pillow 2 github.com/answerdev/answer 2 node-ipc 2 Django 2 salt 2 ceph-deploy 2 @apollo/server 2 tools.devnull:build-notifications 2 craftcms/cms 2 nokogiri 2 github.com/hashicorp/nomad 2 github.com/ntbosscher/gobase 2 com.ruoyi:ruoyi 2 OctoPrint 2 flarum/core 2 gilacms/gila 2 ezsystems/ezplatform-kernel 2 ezsystems/ezpublish-kernel 2 langchain 2 Flask-AppBuilder 2 microweber/microweber 2 keystone 2 october/cms 2 typo3/cms-frontend 2 org.eclipse.jetty:jetty-server 2 pip 2 org.xwiki.platform:xwiki-platform-oldcore 2 symfony/security-http 2 parse-server 2 tuf 2 org.bouncycastle:bcprov-jdk14 2 Nova 2 automad/automad 1 wiremock 1 github.com/nats-io/nats-server/v2 1 qutebrowser 1 github.com/oauth2-proxy/oauth2-proxy/v7 1 django-basic-auth-ip-whitelist 1 com.github.tomakehurst:wiremock-jre8-standalone 1 com.github.tomakehurst:wiremock-jre8 1 org.wiremock:wiremock 1 org.wiremock:wiremock-standalone 1 mindspore 1 go.elastic.co/apm 1 rabbit_common 1 @liquity/contracts 1 kafo 1 net.sf.mpxj:mpxj 1 org.jenkins-ci.plugins:snsnotify 1 org.bouncycastle:bcprov-jdk13 1 org.scala-sbt:io_3 1 org.scala-sbt:io_2.13 1 org.bouncycastle:bcprov-jdk12 1 io.jenkins.plugins:gitlab-branch-source 1 org.scala-sbt:io_2.12 1 org.springframework.batch:spring-batch-core 1 org.jenkins-ci.plugins:ghprb 1 com.xuxueli:xxl-job-core 1 org.scala-sbt:sbt 1 virtualenv 1 com.typesafe.play:play 1 org.keycloak:keycloak-core 1 org.jenkins-ci.plugins:openshift-deployer 1 @diez/generation 1 ember-source 1 @aedart/support 1 streamlit 1 org.jenkins-ci.plugins:reverse-proxy-auth-plugin 1 github.com/oauth2-proxy/oauth2-proxy 1 thelounge 1 flarum/framework 1 Werkzeug 1 github.com/aws/aws-sdk-go 1 github.com/tendermint/tendermint 1 github.com/consensys/gnark-crypto 1 firebase-tools 1 org.xmlunit:xmlunit-core 1 apostrophe 1 org.keycloak:keycloak-parent 1 debug 1 solidus_backend 1 phpmyfaq/phpmyfaq 1 org.eclipse.jetty:jetty-openid 1 admidio/admidio 1 type-graphql 1 tqdm 1 spina 1 org.keycloak:keycloak-server-spi-private 1 datasette-graphql 1 plone.restapi 1 github.com/slsa-framework/slsa-verifier/v2 1 github.com/flyteorg/flyteadmin 1 markdown-link-extractor 1 github.com/slsa-framework/slsa-verifier 1 vodozemac 1 github.com/containers/podman/v4 1 org.jenkins-ci.plugins:telegrambot 1 xmpp-http-upload 1 net.sf.mpxj 1 net.sf.mpxj-for-csharp 1 net.sf.mpxj-for-vb 1 mpxj 1 github.com/Masterminds/goutils 1 hyper 1 keylime 1 org.xwiki.platform:xwiki-platform-security-authentication-script 1 kimai/kimai 1
Filter by Repository
https://github.com/tensorflow/tensorflow 109 https://github.com/moodle/moodle 17 https://github.com/concretecms/concretecms 13 https://github.com/shopware/platform 12 https://github.com/openstack/nova 11 https://github.com/etcd-io/etcd 8 https://github.com/umbraco/Umbraco-CMS 7 https://github.com/matrix-org/synapse 7 https://github.com/phpmyadmin/phpmyadmin 7 https://github.com/eclipse/jetty.project 7 https://github.com/vyperlang/vyper 7 https://github.com/octobercms/october 7 https://github.com/rails/rails 6 https://github.com/sweetalert2/sweetalert2 5 https://github.com/rack/rack 5 https://github.com/nodejs/undici 5 https://github.com/ansible/ansible 5 https://github.com/helm/helm 5 https://github.com/kubernetes/kubernetes 5 https://github.com/keycloak/keycloak 5 https://github.com/bytecodealliance/wasmtime 5 https://github.com/baserproject/basercms 5 https://github.com/TYPO3/typo3 5 https://github.com/xwiki/xwiki-platform 5 https://github.com/puppetlabs/puppet 5 https://github.com/jenkinsci/jenkins 5 https://github.com/simplesamlphp/simplesamlphp 4 https://github.com/apache/tomcat 4 https://github.com/cilium/cilium 4 https://github.com/wintercms/winter 4 https://github.com/shopware/shopware 4 https://github.com/electron/electron 4 https://github.com/mattermost/mattermost 4 https://github.com/vaadin/platform 4 https://github.com/ethyca/fides 3 https://github.com/vantage6/vantage6 3 https://github.com/django/django 3 https://github.com/cosmos/cosmos-sdk 3 https://github.com/symfony/symfony 3 https://github.com/vaadin/flow 3 https://github.com/httplib2/httplib2 3 https://github.com/digitalbazaar/forge 3 https://github.com/CVEProject/cvelist 3 https://github.com/pyca/cryptography 3 https://github.com/Sylius/Sylius 3 https://github.com/openstack/keystone 3 https://github.com/Graylog2/graylog2-server 3 https://github.com/nautobot/nautobot 3 https://github.com/nervosnetwork/ckb 3 https://github.com/phusion/passenger 3 https://github.com/wagtail/wagtail 3 https://github.com/GilaCMS/gila 2 https://github.com/jenkinsci/ec2-plugin 2 https://gitlab.com/sequoia-pgp/sequoia 2 https://github.com/mutagen-io/mutagen 2 https://github.com/answerdev/answer 2 https://github.com/saltstack/salt 2 https://github.com/quarkusio/quarkus 2 https://github.com/ezsystems/ezplatform-kernel 2 https://github.com/openstack/glance 2 https://github.com/craftcms/cms 2 https://github.com/opencontainers/runc 2 https://github.com/nats-io/nats-server 2 https://github.com/apollographql/apollo-server 2 https://github.com/zopefoundation/Zope 2 https://github.com/microweber/microweber 2 https://github.com/apache/activemq 2 https://github.com/aws/s2n-quic 2 https://github.com/ceph/ceph-deploy 2 https://github.com/aio-libs/aiohttp 2 https://github.com/ntbosscher/gobase 2 https://github.com/sparklemotion/nokogiri 2 https://github.com/nextauthjs/next-auth 2 https://github.com/openstack/horizon 2 https://github.com/sigstore/cosign 2 https://github.com/theupdateframework/python-tuf 2 https://github.com/parse-community/parse-server 2 https://github.com/firefly-iii/firefly-iii 2 https://github.com/Flask-Middleware/flask-security 2 https://github.com/TYPO3/TYPO3.CMS 2 https://github.com/hashicorp/nomad 2 https://github.com/dpgaspar/Flask-AppBuilder 2 https://github.com/containerd/containerd 2 https://github.com/mattermost/mattermost-plugin-jira 2 https://github.com/RIAEvangelist/node-ipc 2 https://github.com/bcgit/bc-java 2 https://github.com/cometbft/cometbft 2 https://github.com/micromatch/braces 2 https://github.com/pypa/pip 2 https://github.com/octoprint/octoprint 2 https://github.com/rust-lang/cargo 2 https://github.com/OpenZeppelin/openzeppelin-contracts 2 https://github.com/authzed/spicedb 2 https://github.com/flarum/framework 2 https://github.com/opencontainers/distribution-spec 2 https://github.com/brefphp/bref 1 https://github.com/fastify/fastify-http-proxy 1 https://github.com/waysact/webpack-subresource-integrity 1 https://github.com/httpie/httpie 1 https://github.com/dojo/dijit 1 https://github.com/fluent/fluentd 1 https://github.com/joeferner/redis-commander 1 https://github.com/PHPMailer/PHPMailer 1 https://github.com/personnummer/csharp 1 https://github.com/Consensys/gnark-crypto 1 https://github.com/knative-extensions/eventing-github 1 https://github.com/swagger-api/swagger-codegen 1 https://github.com/keystonejs/keystone 1 https://github.com/Azure/setup-kubectl 1 https://github.com/jquery-validation/jquery-validation 1 https://github.com/vapor/postgres-nio 1 https://github.com/NVIDIA/NeMo 1 https://github.com/plone/Products.CMFPlone 1 https://github.com/jenkinsci/mercurial-plugin 1 https://github.com/tinymce/tinymce 1 https://github.com/canonical/lxd 1 https://github.com/thelounge/thelounge 1 https://github.com/ezsystems/ezpublish-kernel 1 https://github.com/theupdateframework/go-tuf 1 https://github.com/croogo/croogo 1 https://github.com/derbyjs/derby 1 https://github.com/puma/puma 1 https://github.com/endojs/endo 1 https://github.com/moq/moq 1 https://github.com/rails/globalid 1 https://github.com/medikoo/es5-ext 1 https://github.com/jenkinsci/email-ext-plugin 1 https://github.com/python-imaging/Pillow 1 https://github.com/jenkinsci/qmetry-for-jira-test-management-plugin 1 https://github.com/Cyber-Domain-Ontology/CDO-Utility-Local-UUID 1 https://github.com/simplegeo/python-oauth2 1 https://github.com/decidim/decidim 1 https://github.com/spinacms/spina 1 https://github.com/keylime/keylime 1 https://github.com/vega/vega 1 https://github.com/Masterminds/goutils 1 https://github.com/skylot/jadx 1 https://github.com/cloudfoundry/uaa 1 https://github.com/directus/directus 1 https://github.com/Twipped/ircdkit 1 https://github.com/google/zerocopy 1 https://github.com/electron-userland/electron-packager 1 https://github.com/ktorio/ktor 1 https://github.com/PrestaShop/productcomments 1 https://github.com/mlflow/mlflow 1 https://github.com/kopia/kopia 1 https://github.com/jcubic/jquery.terminal 1 https://github.com/floriangaerber/Magnesium-PHP 1 https://github.com/lexik/LexikJWTAuthenticationBundle 1 https://github.com/kitabisa/teler 1 https://github.com/firebase/firebase-tools 1 https://github.com/jeremylong/DependencyCheck 1 https://github.com/tauri-apps/tauri 1 https://github.com/node-red/node-red 1 https://github.com/ubernostrum/django-registration 1 https://github.com/personnummer/php 1 https://github.com/openjdk/jfx 1 https://github.com/livehelperchat/livehelperchat 1 https://github.com/CosmWasm/cosmwasm 1 https://github.com/cjvnjde/google-translate-api-browser 1 https://github.com/zowe/imperative 1 https://github.com/jenkinsci/digitalocean-plugin 1 https://github.com/spring-projects/spring-data-rest 1 https://github.com/jenkinsci/inedo-buildmaster-plugin 1 https://github.com/onionshare/onionshare 1 https://github.com/sparklemotion/sqlite3-ruby 1 https://github.com/memorysafety/sudo-rs 1 https://github.com/ericcornelissen/shescape 1 https://github.com/alphagov/tech-docs-gem 1 https://github.com/tailscale/tailscale 1 https://github.com/Nebulosus/shamir 1 https://github.com/ajenti/ajenti 1 https://github.com/xuxueli/xxl-job 1 https://github.com/yourls/yourls 1 https://github.com/bbatsov/rubocop 1 https://github.com/dan1hc/fgr 1 https://github.com/jenkinsci/github-plugin 1 https://github.com/kiwitcms/Kiwi 1 https://github.com/gradle/gradle 1 https://gitlab.com/edneville/please 1 https://github.com/xmlunit/xmlunit 1 https://github.com/octokit/octopoller.rb 1 https://github.com/disintegration/imaging 1 https://github.com/node-js-libs/cli 1 https://github.com/Brondahl/EnumStringValues 1 https://github.com/foxcpp/maddy 1 https://github.com/jenkinsci/git-client-plugin 1 https://github.com/personnummer/go 1 https://github.com/amundsen-io/amundsenfrontendlibrary 1 https://github.com/elastic/apm-agent-go 1 https://github.com/rust-vmm/linux-loader 1 https://github.com/jenkinsci/resource-disposer-plugin 1 https://github.com/zopefoundation/Products.GenericSetup 1 https://github.com/npm/npm 1 https://github.com/triaxtec/openapi-python-client 1 https://github.com/arguiot/EyeJS 1 https://github.com/dub-flow/vulnerability-research 1 https://github.com/jenkinsci/gitlab-plugin 1 https://github.com/impredicative/bitlyshortener 1