Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Moderate Security Advisories

Loading...
Moderate
GSA_kwCzR0hTQS1xOWo1LTJtangtOHgyOM4AAu-3
Missing permission check in Jenkins SCM HttpClient Plugin allow capturing credentials
Ecosystems: maven
Packages: com.meowlomo.jenkins:scm-httpclient
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS03andnLWhxODUtYzZtNs4AAu-n
Jenkins SmallTest Plugin missing hostname validation
Ecosystems: maven
Packages: com.smalltest:smalltest
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXY0N2YtdnAzcC01ajZo
"Cross-site scripting in ThinkAdmin"
Ecosystems: packagist
Packages: zoujingli/thinkadmin
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 3 years ago
Moderate
GSA_kwCzR0hTQS1weHA1LWc2Nmgtd3B2Ms4AAu-r
Missing hostname validation in Jenkins View26 Test-Reporting Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:view26
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1xNzM2LXJnY3AtcTQ0M84AAhRD
Jenkins Gogs Plugin stored credentials in plain text
Ecosystems: maven
Packages: org.jenkins-ci.plugins:gogs-webhook
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS12cmdoLTV3M2MtZ2dmOM0Y3g
showdoc is vulnerable to Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
Ecosystems: packagist
Packages: showdoc/showdoc
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS02ajI3LTN4ZnctY2oyd84AAxJ_
Missing permissions check in Jenkins JIRA Pipeline Steps Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:jira-steps
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS13cnJqLXIyajQtOTY5d84AAUdt
Umbraco CMS vulnerable to stored XSS
Ecosystems: nuget
Packages: umbraco
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS0yMnhwLTdyY3gteHAzNM33Vw
Jenkins Slack Notification Plugin missing permission check
Ecosystems: maven
Packages: org.jenkins-ci.plugins:slack
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1ycTk5LTkzYzUtMzNmNs4AAs9A
Cross-Site Request Forgery in Jenkins ThreadFix Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:threadfix
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS03ZjMyLWhtNGgtdzc3cc4AA5Cs
github-slug-action use of `set-env` Runner commands which are processed via stdout
Ecosystems: actions
Packages: rlespinasse/github-slug-action
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS12cTdqLTZwY3EtZjQ4cM4AAl8N
Path traversal vulnerability in Blue Ocean Plugin
Ecosystems: maven
Packages: io.jenkins.blueocean:blueocean
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS05OG00LW0yYzMtcXhncc4AAivU
Jenkins JIRA Plugin allows users to select and use credentials with System scope
Ecosystems: maven
Packages: org.jenkins-ci.plugins:jira
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS13NHY1LTU0cDgtbTRqNc4AAxJ3
Missing permission checks in Jenkins GitHub Pull Request Builder Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:ghprb
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1mcmdyLWM1ZjItOHFoaM4AAyCc
Denial of service in Jenkins Core
Ecosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1nbWhmLTM3ZngtYzRxOM4AAxJT
Missing permission checks in Jenkins Orka Plugin allow capturing credentials
Ecosystems: maven
Packages: io.jenkins.plugins:macstadium-orka
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1wY2NtLWo2dmotand3Zs0ytQ
Cross-site Scripting in ShowDoc
Ecosystems: packagist
Packages: showdoc/showdoc
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS01aHcyLTMyN3YtdnZyNs4AAmCe
Missing permission check in Jenkins Implied Labels Plugin allows reconfiguring the plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:implied-labels
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS12M2Z2LXY5bTYtMjZnM84AAzWt
Jenkins HashiCorp Vault Plugin has improper masking of credentials
Ecosystems: maven
Packages: com.datapipe.jenkins.plugins:hashicorp-vault-plugin
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS02Zng5LTI5eDItZm1mas4AAwpG
usememos/memos Improper Access Control vulnerability
Ecosystems: go
Packages: github.com/usememos/memos
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS03cTlyLXZoZzItNzg5d84AAjkS
Stored XSS vulnerability in Jenkins brakeman Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:brakeman
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS03eGdqLWo5aHAtYzY5Ms4AAzXQ
Jenkins WSO2 Oauth Plugin cross-site request forgery vulnerability
Ecosystems: maven
Packages: org.jenkins-ci.plugins:wso2id-oauth
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1tOTNoLTVxbXgtcHBoZ84AARcf
Improper Authentication in Jenkins
Ecosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1xNnE5LTgzeHctbXA2cM4AAq6J
Improper Neutralization of Input During Web Page Generation in Jenkins
Ecosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1xNzZyLTdwNHEtbXFwd84AA5qL
Cockpit CMS Cross-Site Scripting vulnerability
Ecosystems: packagist
Packages: cockpit-hq/cockpit
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS12M2NnLTdyOWgtcjJnNs4AAxIz
Field-level security issue with .keyword fields in OpenSearch
Ecosystems: maven
Packages: org.opensearch:opensearch-security
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1xOHFxLTJwNXAtcmc0NM4AAknX
Missing SSH host key validation in Jenkins Amazon EC2 Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:ec2
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1yeDc2LXh3MzUtNnJoOM4AAxTJ
Apache Linkis vulnerable to Exposure of Sensitive Information
Ecosystems: maven
Packages: org.apache.linkis:linkis
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS12cXFtLWM5Z3gtNzczcc4AAxPr
Froxlor contains Business Logic Errors
Ecosystems: packagist
Packages: froxlor/froxlor
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS14amNoLXdxbXctZmdjcM4AAhnr
Relution Enterprise Appstore Publisher Jenkins Plugin contains Cross-Site Request Forgery
Ecosystems: maven
Packages: org.jenkins-ci.plugins:relution-publisher
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS03bThyLWdtYzMtM3A0ds4AAyzD
alextselegidis/easyappointments vulnerable to Stored Cross-site Scripting
Ecosystems: packagist
Packages: alextselegidis/easyappointments
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS13d2Z3LW01NGctZ3Y3Ms4AAQDD
ChakraCore information disclosure vulnerability
Ecosystems: nuget
Packages: Microsoft.ChakraCore
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS0zNzJmLWpjNDctN2dyNc0sOw
Missing permission check in Jenkins Conjur Secrets Plugin allows enumerating credentials IDs
Ecosystems: maven
Packages: org.conjur.jenkins:conjur-credentials
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS13N3c0LXFqZ2ctMzcyeM4AAxPp
Froxlor contains Static Code Injection
Ecosystems: packagist
Packages: froxlor/froxlor
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1mdmNmLXdneGotaDdjaM4AAQ6_
CSRF vulnerability in Jenkins Nomad Plugin allow SSRF
Ecosystems: maven
Packages: rg.jenkins-ci.plugins:kmap-jenkins
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1tcXI4LTN2OGotNDZ3ds4AAhfh
Missing Authorization in Jenkins Configuration as Code Plugin
Ecosystems: maven
Packages: io.jenkins:configuration-as-code
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS14OGo3LXZ4aDktcDY3Z84AAvdM
CSRF vulnerability in Jenkins Katalon Plugin allows capturing credentials
Ecosystems: maven
Packages: org.jenkins-ci.plugins:katalon
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS04Z3E0LXg3MnItNnhjcs4AAiIa
Jenkins Google Calendar Plugin has Insufficiently Protected Credentials
Ecosystems: maven
Packages: org.jenkins-ci.plugins:gcal
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS00d2NjLWp2M3AtcHJxd84AAbzD
Cherry Music Cross-site Scripting (XSS) vulnerability
Ecosystems: pypi
Packages: CherryMusic
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS13Y2hoLXd2cHgtcGY0N8360g
Jenkins Upload to pgyer Plugin stores credentials in plain text
Ecosystems: maven
Packages: ren.helloworld:upload-pgyer
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1tMzNjLWNqamotMm1nNM33hA
Missing permission check in Azure VM Agents Plugin allowed modifying VM configuration
Ecosystems: maven
Packages: org.jenkins-ci.plugins:azure-vm-agents
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS05anY1LXdmNDQtOHZmbc4AAmK0
Stored XSS vulnerability in Jenkins Active Choices Plugin
Ecosystems: maven
Packages: org.biouno:uno-choice
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1mcWhtLWZqanYtN3E4eM4AAtsy
CSRF vulnerability in Jenkins openstack-heat Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:openstack-heat
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS12NzU5LTNmaDktODRteM4AAZq3
Jenkins directory traversal vulnerability
Ecosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS12OTJwLXBobXAteGZmcs4AAwno
usememos/memos vulnerable to stored Cross-site Scripting
Ecosystems: go
Packages: github.com/usememos/memos
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS0yajRoLWNqZ2gtNjU5ds4AAlOO
Reflected XSS vulnerability in Jenkins VncViewer Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:vncviewer
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS0zZm04LTdncGYtcDhmbc4AAbxG
SocialNetwork Cross-Site Scripting (XSS) vulnerability
Ecosystems: packagist
Packages: movingbytes/social-network
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1namo1LTk5OGctdjM2ds0keA
Improper Access Control in Onionshare
Ecosystems: pypi
Packages: onionshare-cli
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1md2h2LTlwaGotd3JqNc4AAyjA
Uvdesk vulnerable to stored cross-site scripting (XSS)
Ecosystems: packagist
Packages: uvdesk/community-skeleton
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWdyNGMtNXJxNi1jZ2gz
OPC UA applications can allow a remote attacker to determine a Server's private key
Ecosystems: nuget
Packages: OPCFoundation.NetStandard.Opc.Ua
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 5 years ago
Moderate
GSA_kwCzR0hTQS00NGNnLXFjcHItZndqaM0upA
Cross site scripting in francoisjacquet/rosariosis
Ecosystems: packagist
Packages: francoisjacquet/rosariosis
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS14Z2NjLXIyZjMtcnE2cM38Tw
ChakraCore information disclosure vulnerability
Ecosystems: nuget
Packages: Microsoft.ChakraCore
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW12cmctNWM0dy03cXY0
Cross-site Scripting in yii2cmf
Ecosystems: packagist
Packages: yidashi/yii2cmf
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTU4MjItcHc1Ny12djM3
XSS vulnerability when listing users on add & modify server pages.
Ecosystems: packagist
Packages: pterodactyl/panel
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 3 years ago
Moderate
GSA_kwCzR0hTQS1naDV3LWdmZmgtNjhwcs4AAyug
Jenkins Lucene-Search Plugin vulnerable to Cross-Site Request Forgery
Ecosystems: maven
Packages: org.jenkins-ci.plugins:lucene-search
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXY1cnYtaHB4Zy04eDQ5
Signature validation bypass in ServiceStack
Ecosystems: nuget
Packages: ServiceStack
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 3 years ago
Moderate
GSA_kwCzR0hTQS1naGNxLTQ3MnctdmY0aM05dQ
Incorrect Use of Privileged APIs in org.xwiki.platform.skin.skinx
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-skin-skinx
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTVjNmMtdzRjNC12Z3Z4
Stored XSS vulnerability in Jenkins Scriptler Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:scriptler
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1mcDM2LW1qdzUtZm1neM4AAy5w
xwiki-platform-web-templates allows users to be created even when registration is disabled without validation via template macro
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-web-templates
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS03OXJtLWYyNmctMjk2cM4AAhf5
Jenkins Maven Release Plugin vulnerable to Cross-site Scripting
Ecosystems: maven
Packages: org.jenkins-ci.plugins.m2release:m2release
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS04OHFqLTNxNmgtOG01cc4AAiCD
Jenkins Build Environment Plugin vulnerable to Cross-site Scripting
Ecosystems: maven
Packages: org.jenkins-ci.plugins:build-environment
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS00MnEyLW01NGYtamg5Nc4AAwp8
sememos/memos vulnerable to Improper Handling of Values
Ecosystems: go
Packages: github.com/usememos/memos
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1qbXA5LWY0MnEtNGc4Nc4AAjkw
Passwords stored in plain text by Harvest SCM Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:harvest
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS05ajJwLThxcWYtaDU1Y84AAxl7
Cross-site Scripting in UDX Stateless Media Plugin
Ecosystems: packagist
Packages: wpcloud/wp-stateless
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1oMjdnLTcybWgtOW0zM84AAiIW
Jenkins Git Changelog Plugin has Insufficiently Protected Credentials
Ecosystems: maven
Packages: de.wellnerbou.jenkins:git-changelog
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1tZnZxLW0zamotODg2NM4AAwo8
usememos/memos vulnerable to Improper Verification of Source of a Communication Channel
Ecosystems: go
Packages: github.com/usememos/memos
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1mcGgyLWZ3anEtcHJqZs4AAlOi
Users with Overall/Read access could enumerate credentials IDs in Jenkins Fortify on Demand Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:fortify-on-demand-uploader
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1wcHY5LXY0M2MteHFwcM4AAqqQ
XXE vulnerability in Jenkins pom2config Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:pom2config
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1oajMyLTltY3ctNWN3aM4AAk1I
Missing permission check in Jenkins Project Inheritance Plugin
Ecosystems: maven
Packages: hudson.plugins:project-inheritance
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS02aG1tLTc3cjItaDZocs4AAjR8
Missing permission checks in Jenkins Amazon EC2 Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:ec2
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1nNjZ2LTN2NjItZzM3Nc4AAy6F
RosarioSIS improper access control vulnerability
Ecosystems: packagist
Packages: francoisjacquet/rosariosis
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS13d2dxLTlqaGYtcWd3Ns0XQQ
Cross-Site Request Forgery allowing sending of test emails and generation of node auto-deployment keys
Ecosystems: packagist
Packages: pterodactyl/panel
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTVjNjYteDR3bS1yamZ4
Cross-site scripting (XSS) vulnerability in the user-profile biography section in DotNetNuke (DNN)
Ecosystems: nuget
Packages: DotNetNuke.Core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 5 years ago
Moderate
GSA_kwCzR0hTQS00OHAzLXhmdnctZzU5Y802fg
Incorrect Access Control in ImpressCMS
Ecosystems: packagist
Packages: impresscms/impresscms
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1tcGhtLWdxaDktcTU5eM4AAzE_
Stored cross site scripting in Microbin
Ecosystems: cargo
Packages: microbin
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS01NXZxLXhwamYtcjJ4Y84AAzAP
Lightbend Alpakka Kafka logs credentials on debug level
Ecosystems: maven
Packages: com.typesafe.akka:akka-stream-kafka
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1xcnJmLXh2Y2YtcDY0cc4AAwo9
usememos/memos vulnerable Improper Restriction of Excessive Authentication Attempts
Ecosystems: go
Packages: github.com/usememos/memos
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS04cXY4LWZxNXctcDk2Ns0a1Q
phpservermon is vulnerable to CRLF Injection
Ecosystems: packagist
Packages: phpservermon/phpservermon
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS02OTg3LXhjY3YtZmhqcM4AAzW0
Jenkins Pipeline Utility Steps Plugin arbitrary file write vulnerability
Ecosystems: maven
Packages: org.jenkins-ci.plugins:pipeline-utility-steps
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1xY3cyLTQ5MnYtNTd4as4AAwkV
usememos/memos missing Secure cookie attribute
Ecosystems: go
Packages: github.com/usememos/memos
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1ncGMyLWY2Mm0tYzZoNs4AAzXO
Jenkins Code Dx Plugin stores API keys in plain text
Ecosystems: maven
Packages: org.jenkins-ci.plugins:codedx
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS03djlwLTM0cjItcTY2OM4AAmKt
Incorrect default pattern in Jenkins Audit Trail Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:audit-trail
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTU3djQtbTlqeC1taDhy
Improper Input Validation
Ecosystems: go
Packages: github.com/ovn-org/ovn-kubernetes
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 3 years ago
Moderate
GSA_kwCzR0hTQS05N3dwLTYzd3EtaGZ3aM4AAzXC
Jenkins Ansible Plugin job configuration form does not mask variables
Ecosystems: maven
Packages: org.jenkins-ci.plugins:ansible
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTNwY3ItNDk4Mi01NDht
Exposure of .env if project root is configured as web root in shopware/production
Ecosystems: packagist
Packages: shopware/production
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 3 years ago
Moderate
GSA_kwCzR0hTQS1jcDR3LTZ4NHctdjJoNc4AAyW1
lambdaisland/uri `authority-regex` returns the wrong authority
Ecosystems: maven
Packages: lambdaisland:uri
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1wcDhtLXBycjctd3I4d84AAzXG
Jenkins Sidebar Link Plugin vulnerable to Path Traversal
Ecosystems: maven
Packages: org.jenkins-ci.plugins:sidebar-link
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWpqaHctNW14cC0yZzJx
Cross-site Scripting in OpenNMS Horizon
Ecosystems: maven
Packages: org.opennms:opennms
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTVmcmgtOGNtai1nYzU5
System.Management.Automation subject to bypass via script debugging
Ecosystems: nuget
Packages: System.Management.Automation
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 5 years ago
Moderate
GSA_kwCzR0hTQS1mN3JwLXh4NjctNHBqOc4AAyiW
Phachon mm-wiki vulnerable to stored cross-site scripting (XSS)
Ecosystems: go
Packages: github.com/phachon/mm-wiki
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLThoNzctM3h3ci1ocWho
Cross-site scripting in Jenkins Kiuwan Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:kiuwanJenkinsPlugin
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 3 years ago
Moderate
GSA_kwCzR0hTQS13NnFmLWo0cXItZjk0Ns4AAwrc
Froxlor Improper Authorization vulnerability
Ecosystems: packagist
Packages: froxlor/froxlor
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS14ZmpxLTVtNHctY2M2aM4AAs8j
Jenkins Beaker builder Plugin Missing Authorization vulnerability
Ecosystems: maven
Packages: org.jenkins-ci.plugins:beaker-builder
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1neHFmLTRnNHAtcTNoY84AAwqD
usememos/memos vulnerable to stored Cross-site Scripting
Ecosystems: go
Packages: github.com/usememos/memos
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS12MmZwLWg0cXgteDNyNs4AAfac
Improper Access Control in JBoss mod_cluster
Ecosystems: maven
Packages: org.jboss.mod_cluster:mod_cluster
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1qM2c5LTNmdnYtZ3FmcM4AAYve
Cross-site Scripting In Apache Brooklyn
Ecosystems: maven
Packages: org.apache.brooklyn:brooklyn
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1jMzN3LXBtNTItbXF2Zs4AAvij
@dependencytrack/frontend vulnerable to Persistent Cross-Site-Scripting via Vulnerability Details
Ecosystems: npm
Packages: @dependencytrack/frontend
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1xOHYzLTdoNnEtZzM5cc4AAs74
Cross-Site Request Forgery in Jenkins Jianliao Notification Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:jianliao
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1xd2M4LXZqaDMtZ20yas4AAu9a
YetiForce CRM vulnerable to stored Cross-site Scripting via WorkFlow module
Ecosystems: packagist
Packages: yetiforce/yetiforce-crm
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXE3Y2ctNDNtZy1xcDY5
ASP.NET Core Information Disclosure Vulnerability
Ecosystems: nuget
Packages: Microsoft.AspNetCore.Authentication.JwtBearer
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Statistics
Advisories: 18,774
Packages: 8,381
Repositories: 2,494
Ecosystems: 12
Filter by Severity
Moderate 8,161 High 6,452 Critical 2,849 Low 1,017
Filter by Ecosystem
maven 2,589 packagist 2,256 pypi 1,820 npm 1,067 go 899 nuget 567 rubygems 373 cargo 262 hex 14 swift 12 pub 3 actions 3
Filter by Package
moodle/moodle 247 tensorflow 207 tensorflow-cpu 191 tensorflow-gpu 190 org.jenkins-ci.main:jenkins-core 114 magento/community-edition 106 org.apache.tomcat:tomcat 92 pimcore/pimcore 86 typo3/cms 66 microweber/microweber 62 django 54 typo3/cms-core 54 dolibarr/dolibarr 53 apache-airflow 52 phpmyadmin/phpmyadmin 50 drupal/core 46 thorsten/phpmyfaq 45 github.com/usememos/memos 42 actionpack 42 apache-superset 40 drupal/drupal 38 plone 35 concrete5/concrete5 34 showdoc/showdoc 34 github.com/grafana/grafana 33 Plone 32 librenms/librenms 32 ansible 31 nova 31 org.keycloak:keycloak-core 31 github.com/mattermost/mattermost-server/v6 30 moin 27 github.com/mattermost/mattermost/server/v8 27 intelliants/subrion 27 symfony/symfony 27 craftcms/cms 26 silverstripe/framework 25 com.liferay.portal:release.portal.bom 25 snipe/snipe-it 24 org.elasticsearch:elasticsearch 24 baserproject/basercms 22 github.com/answerdev/answer 21 org.apache.struts:struts2-core 20 k8s.io/kubernetes 20 grumpydictator/firefly-iii 19 shopware/platform 18 shopware/shopware 18 rdiffweb 18 froxlor/froxlor 18 matrix-synapse 18 remdex/livehelperchat 18 mediawiki/core 18 nilsteampassnet/teampass 18 getkirby/cms 17 keystone 17 org.apache.tomcat.embed:tomcat-embed-core 16 prestashop/prestashop 15 github.com/argoproj/argo-cd/v2 15 vyper 15 tribalsystems/zenario 14 puppet 14 Django 14 salt 14 glance 14 nokogiri 14 yetiforce/yetiforce-crm 14 mautic/core 13 org.keycloak:keycloak-services 13 forkcms/forkcms 13 org.xwiki.platform:xwiki-platform-oldcore 13 github.com/docker/docker 13 io.undertow:undertow-core 13 Pillow 13 com.jfinal:jfinal 13 shopware/core 13 tinymce 12 github.com/goharbor/harbor 12 org.apache.solr:solr-core 12 github.com/hashicorp/consul 12 org.apache.jspwiki:jspwiki-main 12 com.thoughtworks.xstream:xstream 12 neutron 12 github.com/hashicorp/vault 12 github.com/hashicorp/nomad 11 lavalite/cms 11 DotNetNuke.Core 11 pyftpdlib 11 feehi/feehicms 11 github.com/cilium/cilium 11 genix/cms 11 org.bouncycastle:bcprov-jdk14 11 getgrav/grav 11 github.com/argoproj/argo-cd 11 directus 11 org.keycloak:keycloak-parent 11 @openzeppelin/contracts 10 org.eclipse.jetty:jetty-server 10 notebook 10 github.com/ethereum/go-ethereum 10 ec-cube/ec-cube 10 rack 10 org.springframework.security:spring-security-core 10 github.com/greenpau/caddy-security 10 org.bouncycastle:bcprov-jdk15on 10 fat_free_crm 10 github.com/mattermost/mattermost-server 10 @openzeppelin/contracts-upgradeable 10 contao/core-bundle 10 org.apache.jspwiki:jspwiki-war 10 org.apache.nifi:nifi 10 wallabag/wallabag 10 francoisjacquet/rosariosis 10 com.vaadin:vaadin-bom 10 typo3/cms-backend 10 activesupport 10 joplin 10 github.com/containerd/containerd 10 org.springframework:spring-core 10 PaddlePaddle 10 helm.sh/helm/v3 10 swagger-ui 9 roundup 9 TinyMCE 9 org.igniterealtime.openfire:parent 9 org.mortbay.jetty:jetty 9 cakephp/cakephp 9 org.jenkins-ci.plugins:git 9 org.opencrx:opencrx-core-models 9 ghost 9 zendframework/zendframework1 9 gogs.io/gogs 9 angular 9 bolt/bolt 9 publify_core 9 rubygems-update 9 org.jenkins-ci.plugins:script-security 9 horizon 9 ckeditor4 9 tinymce/tinymce 9 code.gitea.io/gitea 9 github.com/openfga/openfga 8 org.apache.activemq:activemq-client 8 wasmtime 8 org.apache.archiva:archiva 8 electron 8 simplesamlphp/simplesamlphp 8 rails-html-sanitizer 8 jquery-rails 8 github.com/kubeedge/kubeedge 8 opencv-python 8 bootstrap 8 org.opencms:opencms-core 8 laravel/framework 8 org.jenkins-ci.plugins:electricflow 8 editor.md 8 rails 8 sylius/sylius 8 contao/contao 8 silverstripe/cms 8 centreon/centreon 8 opencv-contrib-python 8 Microsoft.ChakraCore 8 impresscms/impresscms 8 actionview 8 io.jenkins:configuration-as-code 7 github.com/moby/moby 7 modoboa 7 com.vaadin:flow-server 7 pyload-ng 7 silverstripe/admin 7 trytond 7 phpbb/phpbb 7 admidio/admidio 7 aiohttp 7 validator 7 org.apache.cxf:cxf-core 7 org.opennms:opennms 7 kevinpapst/kimai2 7 io.jenkins.blueocean:blueocean 7 pillow 7 wagtail 7 org.apache.santuario:xmlsec 7 org.bouncycastle:bcprov-jdk15 7 jquery-ui 7 jquery-ui-rails 7 org.bouncycastle:bcprov-jdk15to18 7 org.webjars.npm:jquery-ui 7 jQuery.UI.Combined 7 github.com/google/fscrypt 7 org.owasp.antisamy:antisamy 7 org.jenkins-ci.plugins:subversion 7 phpmyfaq/phpmyfaq 7 activerecord 7 next 7 org.jenkins-ci.plugins:email-ext 7 OctoPrint 7 org.apache.james:james-server 7 github.com/1Panel-dev/1Panel 7 swift 7 vantage6 7
Filter by Repository
https://github.com/tensorflow/tensorflow 207 https://github.com/moodle/moodle 164 https://github.com/jenkinsci/jenkins 90 https://github.com/pimcore/pimcore 83 https://github.com/microweber/microweber 58 https://github.com/django/django 57 https://github.com/apache/tomcat 53 https://github.com/apache/airflow 51 https://github.com/thorsten/phpmyfaq 45 https://github.com/usememos/memos 42 https://github.com/xwiki/xwiki-platform 38 https://github.com/TYPO3/typo3 35 https://github.com/kubernetes/kubernetes 33 https://github.com/rails/rails 33 https://github.com/star7th/showdoc 32 https://github.com/librenms/librenms 30 https://github.com/plone/Products.CMFPlone 29 https://github.com/grafana/grafana 29 https://github.com/keycloak/keycloak 27 https://github.com/ansible/ansible 26 https://github.com/phpmyadmin/phpmyadmin 22 https://github.com/symfony/symfony 22 https://github.com/spring-projects/spring-framework 21 https://github.com/craftcms/cms 21 https://github.com/answerdev/answer 21 https://github.com/openstack/nova 21 https://github.com/Dolibarr/dolibarr 21 https://github.com/snipe/snipe-it 20 https://github.com/apache/activemq 19 https://github.com/argoproj/argo-cd 19 https://github.com/concretecms/concretecms 19 https://github.com/firefly-iii/firefly-iii 19 https://github.com/ikus060/rdiffweb 18 https://github.com/python-pillow/Pillow 18 https://github.com/livehelperchat/livehelperchat 18 https://github.com/matrix-org/synapse 17 https://github.com/shopware/platform 17 https://github.com/apache/struts 17 https://github.com/magento/magento2 16 https://github.com/shopware/shopware 16 https://github.com/vyperlang/vyper 15 https://github.com/openstack/keystone 15 https://github.com/CVEProject/cvelist 15 https://github.com/PaddlePaddle/Paddle 14 https://github.com/froxlor/froxlor 14 https://github.com/yetiforcecompany/yetiforcecrm 14 https://github.com/OpenNMS/opennms 14 https://github.com/TYPO3/TYPO3.CMS 14 https://github.com/go-gitea/gitea 13 https://github.com/octobercms/october 13 https://github.com/getkirby/kirby 13 https://github.com/x-stream/xstream 13 https://github.com/mautic/mautic 13 https://github.com/goharbor/harbor 12 https://github.com/netty/netty 12 https://github.com/PrestaShop/PrestaShop 12 https://github.com/tinymce/tinymce 12 https://github.com/apache/cxf 12 https://github.com/contao/contao 11 https://github.com/intelliants/subrion 11 https://github.com/forkcms/forkcms 11 https://github.com/silverstripe/silverstripe-framework 11 https://github.com/cilium/cilium 11 https://github.com/saltstack/salt 10 https://github.com/laurent22/joplin 10 https://github.com/ethereum/go-ethereum 10 https://github.com/moby/moby 10 https://github.com/liufee/cms 10 https://github.com/baserproject/basercms 10 https://github.com/nilsteampassnet/TeamPass 10 https://github.com/OpenZeppelin/openzeppelin-contracts 10 https://github.com/vaadin/platform 10 https://github.com/helm/helm 10 https://github.com/greenpau/caddy-security 10 https://github.com/containerd/containerd 10 https://github.com/mattermost/mattermost 10 https://github.com/directus/directus 10 https://github.com/github/advisory-database 9 https://github.com/strapi/strapi 9 https://github.com/electron/electron 9 https://github.com/geoserver/geoserver 9 https://github.com/fatfreecrm/fat_free_crm 9 https://github.com/apache/nifi 9 https://github.com/publify/publify 9 https://github.com/jquery/jquery 9 https://github.com/puppetlabs/puppet 9 https://github.com/sparklemotion/nokogiri 9 https://github.com/jenkinsci/git-plugin 9 https://github.com/getgrav/grav 8 https://github.com/pandao/editor.md 8 https://github.com/LavaLite/cms 8 https://github.com/openfga/openfga 8 https://github.com/swagger-api/swagger-ui 8 https://github.com/eclipse/jetty.project 8 https://github.com/ckeditor/ckeditor4 8 https://github.com/bcgit/bc-java 8 https://github.com/rails/rails-html-sanitizer 8 https://github.com/TryGhost/Ghost 8 https://github.com/openstack/glance 8 https://github.com/hashicorp/consul 8 https://github.com/rack/rack 8 https://github.com/rubygems/rubygems 8 https://github.com/bytecodealliance/wasmtime 8 https://github.com/wallabag/wallabag 8 https://github.com/nilsteampassnet/teampass 8 https://github.com/kubeedge/kubeedge 8 https://github.com/jupyter/notebook 8 https://github.com/twbs/bootstrap 7 https://github.com/aio-libs/aiohttp 7 https://github.com/vaadin/flow 7 https://github.com/pyload/pyload 7 https://github.com/nahsra/antisamy 7 https://github.com/opencv/opencv 7 https://github.com/dolibarr/dolibarr 7 https://github.com/hashicorp/vault 7 https://github.com/laravel/framework 7 https://github.com/traefik/traefik 7 https://github.com/wagtail/wagtail 7 https://github.com/scrapy/scrapy 7 https://github.com/apache/zeppelin 7 https://github.com/dotnet/runtime 7 https://github.com/openstack/horizon 7 https://github.com/chakra-core/ChakraCore 7 https://github.com/jeecgboot/jeecg-boot 7 https://github.com/vantage6/vantage6 7 https://github.com/thorsten/phpMyFAQ 7 https://github.com/jenkinsci/blueocean-plugin 7 https://github.com/modoboa/modoboa 7 https://github.com/google/fscrypt 7 https://github.com/1Panel-dev/1Panel 7 https://github.com/gogs/gogs 7 https://github.com/kevinpapst/kimai2 7 https://github.com/giampaolo/pyftpdlib 7 https://github.com/cui2shark/security 6 https://github.com/parse-community/parse-server 6 https://github.com/opensearch-project/security 6 https://github.com/neorazorx/facturascripts 6 https://github.com/ipython/ipython 6 https://github.com/cloudflare/cfrpki 6 https://github.com/jenkinsci/configuration-as-code-plugin 6 https://github.com/pimcore/customer-data-framework 6 https://github.com/jenkinsci/config-file-provider-plugin 6 https://github.com/opencast/opencast 6 https://github.com/panva/jose 6 https://github.com/igniterealtime/Openfire 6 https://github.com/croogo/croogo 6 https://github.com/backstage/backstage 6 https://github.com/jenkinsci/fortify-on-demand-uploader-plugin 6 https://github.com/jquery/jquery-ui 6 https://github.com/urllib3/urllib3 6 https://github.com/dompdf/dompdf 6 https://github.com/containers/podman 6 https://github.com/d4wner/Vulnerabilities-Report 6 https://github.com/umbraco/Umbraco-CMS 6 https://github.com/pimcore/admin-ui-classic-bundle 6 https://github.com/onionshare/onionshare 6 https://github.com/cubefs/cubefs 6 https://github.com/faucetsdn/ryu 6 https://github.com/simplesamlphp/simplesamlphp 6 https://github.com/oroinc/orocommerce 6 https://github.com/jenkinsci/script-security-plugin 6 https://github.com/Sylius/Sylius 6 https://github.com/nocodb/nocodb 6 https://github.com/OctoPrint/OctoPrint 5 https://github.com/cosmos/cosmos-sdk 5 https://github.com/cri-o/cri-o 5 https://github.com/rancher/rancher 5 https://github.com/sulu/sulu 5 https://github.com/opencontainers/runc 5 https://github.com/pmmp/PocketMine-MP 5 https://github.com/cloudfoundry/uaa 5 https://github.com/hashicorp/nomad 5 https://github.com/lief-project/LIEF 5 https://github.com/admidio/admidio 5 https://github.com/unshiftio/url-parse 5 https://github.com/hyperium/hyper 5 https://github.com/puma/puma 5 https://github.com/apache/superset 5 https://github.com/mantisbt/mantisbt 5 https://github.com/etcd-io/etcd 5 https://github.com/paritytech/frontier 5 https://github.com/gradio-app/gradio 5 https://github.com/nervosnetwork/ckb 5 https://github.com/cakephp/cakephp 5 https://github.com/evershopcommerce/evershop 5 https://github.com/NodeBB/NodeBB 5 https://github.com/TribalSystems/Zenario 5 https://github.com/kivikakk/comrak 5 https://github.com/jenkinsci/codedx-plugin 5 https://github.com/alextselegidis/easyappointments 5 https://github.com/apache/tika 5 https://bitbucket.org/snakeyaml/snakeyaml 5 https://github.com/bolt/bolt 5 https://github.com/zitadel/zitadel 5 https://github.com/jenkinsci/subversion-plugin 5 https://github.com/lxml/lxml 5 https://github.com/xuxueli/xxl-job 5 https://github.com/yiisoft/yii2 5 https://github.com/apache/dolphinscheduler 5