Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Moderate Security Advisories

Loading...
Moderate
GSA_kwCzR0hTQS03bXY0LTR4cGcteHE0NM02AQ
FormField with square brackets in field name skips validation
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 19.3
Published: about 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWg0bTQtcGdwNC13aGdt
The reset password form reveal users email address
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-web
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 3 years ago
Moderate
GSA_kwCzR0hTQS0ycXA0LWczcTMtZjkyd80u-Q
Improper Locking in JetBrains Kotlin
Ecosystems: maven
Packages: org.jetbrains.kotlin:kotlin-stdlib
Source: GitHub Advisory Database
Blast Radius: 26.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS0zaGcyLXI3NXgtZzY5bc4AA17W
Vyper has incorrect re-entrancy lock when key is empty string
Ecosystems: pypi
Packages: vyper
Source: GitHub Advisory Database
Blast Radius: 12.6
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS03bXA2LTkyOXAtcHFoas4AA19V
Croc requires senders to provide local IP addresses in cleartext
Ecosystems: go
Packages: github.com/schollz/croc/v9
Source: GitHub Advisory Database
Blast Radius: 2.5
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS12MnYyLWhwaDgtcTV4cM4AA4PH
@fastify/reply-from JSON Content-Type parsing confusion
Ecosystems: npm
Packages: @fastify/reply-from
Source: GitHub Advisory Database
Blast Radius: 13.6
Published: 4 months ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTRnOWYtNjNyeC01Y3c0
Segfault in Tensorflow
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 25.8
Published: over 3 years ago
Moderate
GSA_kwCzR0hTQS1janJmLXhnNzctY2hwd830BQ
Moodle Incorrect sanitation of attributes in forums
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 7.5
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1jM2o2LTMzcjQtODlxM84AAnXg
Moodle Client side denial of service via personal message
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 7.5
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS12NjR3LTQ5eHctcXE4Oc4AA3R1
Possible user mocking that bypasses basic authentication
Ecosystems: npm
Packages: next-auth
Source: GitHub Advisory Database
Blast Radius: 22.7
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS14Y2dwLWM2aHAtY2o0cs4AAhkW
Magento 2 Community Edition Path Disclosure
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 5.7
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1ndjI2LWpwajktYzhncc00FQ
Incomplete validation in `SparseSparseMinimum`
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 25.8
Published: about 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXBmeGYtd2g5Ni1mdmpj
Log Forging in generator-jhipster-kotlin
Ecosystems: npm
Packages: generator-jhipster-kotlin
Source: GitHub Advisory Database
Blast Radius: 8.7
Published: almost 4 years ago
Moderate
GSA_kwCzR0hTQS1tNzQ4LWhqcWctcnBwOM4AAu-1
rdiffweb has insecure HTTP cookies
Ecosystems: pypi
Packages: rdiffweb
Source: GitHub Advisory Database
Blast Radius: 2.5
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS02ajJ2LWc5cmctcWNtNc4AAbZ7
phpMyAdmin Local file exposure through symlinks with UploadDir
Ecosystems: packagist
Packages: phpmyadmin/phpmyadmin
Source: GitHub Advisory Database
Blast Radius: 6.2
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1tMzkyLTIzNWotOXI3cs4AAu1U
TYPO3 CMS vulnerable to User Enumeration via Response Timing
Ecosystems: packagist
Packages: typo3/cms, typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 19.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS13bTljLXZjdjItdnBxY84AAVES
phpMyAdmin full path disclosure vulnerability
Ecosystems: packagist
Packages: phpmyadmin/phpmyadmin
Source: GitHub Advisory Database
Blast Radius: 6.2
Published: about 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTd4eDMtbTU4NC14OTk0
A poorly-behaved client could use keepalive requests to monopolize Puma's reactor and create a denial of service attack
Ecosystems: rubygems
Packages: puma
Source: GitHub Advisory Database
Blast Radius: 29.7
Published: over 4 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTR2cGMtNWp4NC1jZnFn
User enumeration leak using switch user functionality in Symfony
Ecosystems: packagist
Packages: symfony/symfony, symfony/security-http
Source: GitHub Advisory Database
Blast Radius: 23.3
Published: over 4 years ago
Moderate
GSA_kwCzR0hTQS1oM2ZnLWg1djMtdmY4bc0gsw
CSRF forgery protection bypass in solidus_frontend
Ecosystems: rubygems
Packages: solidus_frontend
Source: GitHub Advisory Database
Blast Radius: 14.1
Published: over 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWM4eGYtbTRmZi1qY3hq
Moderate severity vulnerability that affects org.bouncycastle:bcprov-jdk14 and org.bouncycastle:bcprov-jdk15
Ecosystems: maven
Packages: org.bouncycastle:bcprov-jdk15, org.bouncycastle:bcprov-jdk14
Source: GitHub Advisory Database
Blast Radius: 15.9
Published: over 5 years ago
Moderate
GSA_kwCzR0hTQS1xbXZqLTRxcjktdjU0N84AA3Yf
Knative Serving vulnerable to attacker-controlled pod causing denial of service of autoscaler
Ecosystems: go
Packages: knative.dev/serving
Source: GitHub Advisory Database
Blast Radius: 14.0
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS1qaDJqLTcyNDgtOXAzY84AAiHS
Pagekit User enumeration
Ecosystems: packagist
Packages: pagekit/pagekit
Source: GitHub Advisory Database
Blast Radius: 3.2
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS01eDk2LWo3OTctNXFxd84AA7Si
Sensitive Information leak via Log File in Kubernetes
Ecosystems: go
Packages: github.com/kubernetes/kubernetes
Source: GitHub Advisory Database
Blast Radius: 6.2
Published: 25 days ago
Moderate
GSA_kwCzR0hTQS1yOXBjLWcyOXctZjg2as30Fg
Moodle sensitive information disclosure
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 7.5
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1ycTQyLTU4cWYtdjNxeM4AA3Pz
LibreNMS vulnerable to rate limiting bypass on login page
Ecosystems: packagist
Packages: librenms/librenms
Source: GitHub Advisory Database
Blast Radius: 1.6
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS1nZncyLTRqdmgtd2dmZ84AA3K1
AIOHTTP has problems in HTTP parser (the python one, not llhttp)
Ecosystems: pypi
Packages: aiohttp
Source: GitHub Advisory Database
Blast Radius: 25.6
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS1xNmoyLWc4cWYtd3ZmN80WQw
Verification check bypass in Gate One
Ecosystems: pypi
Packages: gateone
Source: GitHub Advisory Database
Blast Radius: 3.7
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1wcHg1LXEzNTktcHZ3as4AA7UK
vyper's range(start, start + N) reverts for negative numbers
Ecosystems: pypi
Packages: vyper
Source: GitHub Advisory Database
Blast Radius: 12.6
Published: 24 days ago
Moderate
GSA_kwCzR0hTQS1yNTZ4LWo0Mzgtdnc1bc4AA7UI
vyper performs double eval of the slice args when buffer from adhoc locations
Ecosystems: pypi
Packages: vyper
Source: GitHub Advisory Database
Blast Radius: 12.6
Published: 24 days ago
Moderate
GSA_kwCzR0hTQS04N2hjLXBobWotcmhnaM4AASX6
TYPO3 Information Disclosure Vulnerability
Ecosystems: packagist
Packages: typo3/cms
Source: GitHub Advisory Database
Blast Radius: 13.8
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS01NTljLXc1NHgtODM0Ms4AASdQ
GeniXCMS Mailbox validation logic vulnerability
Ecosystems: packagist
Packages: genix/cms
Source: GitHub Advisory Database
Blast Radius: 3.2
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1tMmgyLTI2NGYtZjQ4Ns3X3A
angular vulnerable to regular expression denial of service (ReDoS)
Ecosystems: npm
Packages: angular
Source: GitHub Advisory Database
Blast Radius: 25.2
Published: about 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTVyYzQtOHFxaC12cTdm
vercel/serve allows access to restricted files if filename is URL encoded.
Ecosystems: npm
Packages: serve
Source: GitHub Advisory Database
Blast Radius: 26.6
Published: almost 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWM1NmYtZ3J2My1ncGZy
Regular expression denial of service in forms
Ecosystems: npm
Packages: forms
Source: GitHub Advisory Database
Blast Radius: 13.6
Published: almost 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXAyYzQtZ3hwNC1qM3hw
Denial of service in Valine
Ecosystems: npm
Packages: valine
Source: GitHub Advisory Database
Blast Radius: 16.6
Published: almost 3 years ago
Moderate
GSA_kwCzR0hTQS1jN3Y0LW0yNjktNDk5Nc0Wow
Exposure of Sensitive Information to an Unauthorized Actor in Moodle
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 7.5
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1xdnFnLTZycDgtNHA5aM4AAzSi
github.com/ipfs/kubo affected by DOS Bitswap unbounded persistent memory leak
Ecosystems: go
Packages: github.com/ipfs/kubo
Source: GitHub Advisory Database
Blast Radius: 12.0
Published: about 1 year ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWNqYzctNDl2Mi1qcDY0
Incomplete validation in `SparseAdd`
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 25.8
Published: almost 3 years ago
Moderate
GSA_kwCzR0hTQS01Mmo5LXYzamMtOXhnY84AAdMF
Tryton allows users to read the hashed password
Ecosystems: pypi
Packages: trytond
Source: GitHub Advisory Database
Blast Radius: 12.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS02dzhjLTZqcmctcXdqMs4AActJ
Radicale regex metacharacters injection in the user name
Ecosystems: pypi
Packages: Radicale
Source: GitHub Advisory Database
Blast Radius: 7.8
Published: about 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWdyNGMtNXJxNi1jZ2gz
OPC UA applications can allow a remote attacker to determine a Server's private key
Ecosystems: nuget
Packages: OPCFoundation.NetStandard.Opc.Ua
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 5 years ago
Moderate
GSA_kwCzR0hTQS04NTNwLTU2NzgtaHY4Zs4AAz3Y
ink! vulnerable to incorrect decoding of storage value when using `DelegateCall`
Ecosystems: cargo
Packages: ink_env, ink
Source: GitHub Advisory Database
Blast Radius: 10.8
Published: 11 months ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWh3cW0teDc4NS1xaDhw
Incorrect Permission Assignment for Critical Resource in Hashicorp Consul
Ecosystems: go
Packages: github.com/hashicorp/consul
Source: GitHub Advisory Database
Blast Radius: 18.4
Published: almost 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTVnbTYtcjc5cS1oZmd3
Denial of service in direct_mail
Ecosystems: packagist
Packages: directmailteam/direct-mail
Source: GitHub Advisory Database
Blast Radius: 2.5
Published: almost 3 years ago
Moderate
GSA_kwCzR0hTQS01bWhnLXd2OHctcDU5as4AA5sN
Directus version number disclosure
Ecosystems: npm
Packages: directus
Source: GitHub Advisory Database
Blast Radius: 10.9
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS1xNXFqLXgyaDUtMzk0Nc4AA7eF
Zitadel exposing internal database user name and host information
Ecosystems: go
Packages: github.com/zitadel/zitadel
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 18 days ago
Moderate
GSA_kwCzR0hTQS01anBtLXg1OHYtNjI0ds4AA6Rf
Netty's HttpPostRequestDecoder can OOM
Ecosystems: maven
Packages: io.netty:netty-codec-http
Source: GitHub Advisory Database
Blast Radius: 20.2
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS1ycjU5LWg2cmgtdjg0ds4AA6vw
Apache Zeppelin SAP: connecting to a malicious SAP server allowed it to perform XXE
Ecosystems: maven
Packages: org.apache.zeppelin:sap
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 month ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTQ1cTItMzRyZi1tcjk0
Code Injection in mquery
Ecosystems: npm
Packages: mquery
Source: GitHub Advisory Database
Blast Radius: 30.9
Published: over 3 years ago
Moderate
GSA_kwCzR0hTQS1wcXY0LXhncWgtajh2aM4AAdYs
Drupal sensitive information disclosure
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 19.7
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS03NzRxLXdmY3AtdmMycc4AAj8n
Moodle Email media URL tokens were not checking for user status
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 7.5
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS12OTNoLXJ3ajgtNzhxaM4AA0ac
Apache OpenMeetings insufficient authorization vulnerability
Ecosystems: maven
Packages: org.apache.openmeetings:openmeetings-db
Source: GitHub Advisory Database
Blast Radius: 5.1
Published: 11 months ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWZwbTUtdnY5Ny1qZndn
Uncontrolled Resource Consumption in firebase
Ecosystems: npm
Packages: @firebase/util
Source: GitHub Advisory Database
Blast Radius: 28.9
Published: about 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTh4ajMtNzI1OC13NHEy
Directory Traversal in dasafio
Ecosystems: npm
Packages: dasafio
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 3 years ago
Moderate
GSA_kwCzR0hTQS1mbTVoLTU4ZzItNG0zZs4AA3Bj
Moodle Improper Access Control vulnerability
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 7.5
Published: 6 months ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTlwOW0tam04dy05NHAy
Improper Handling of Highly Compressed Data (Data Amplification) and Memory Allocation with Excessive Size Value in eventlet
Ecosystems: pypi
Packages: eventlet
Source: GitHub Advisory Database
Blast Radius: 21.4
Published: about 3 years ago
Moderate
GSA_kwCzR0hTQS1ydmpwLThxajQtOHAyOc4AAyMv
Answer has Observable Timing Discrepancy
Ecosystems: go
Packages: github.com/answerdev/answer
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1tdjRoLXFtMjQteDRnaM4AAWnW
Converse.js Exposure of Sensitive Information
Ecosystems: npm, packagist
Packages: converse.js, jcbrand/converse.js
Source: GitHub Advisory Database
Blast Radius: 8.6
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS00aGc0LTltZjUtd3h4cc4AA1rF
incorrect order of evaluation of side effects for some builtins
Ecosystems: pypi
Packages: vyper
Source: GitHub Advisory Database
Blast Radius: 12.6
Published: 9 months ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJocGctdndxai02aDZ3
Authentication bypass in Apache Kylin
Ecosystems: maven
Packages: org.apache.kylin:kylin
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS03cjg3LWNqNDgtd2o0Nc1BKw
Potential Captcha Validate Bypass in flask-session-captcha
Ecosystems: pypi
Packages: flask-session-captcha
Source: GitHub Advisory Database
Blast Radius: 6.4
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1xcHBnLXY3NWMtcjVmZs0Ycg
S3Scanner allows Directory Traversal
Ecosystems: pypi
Packages: s3scanner
Source: GitHub Advisory Database
Blast Radius: 6.4
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1wNzgyLXhncDQtOGhyOM4AAs76
golang.org/x/sys/unix has Incorrect privilege reporting in syscall
Ecosystems: go
Packages: golang.org/x/sys
Source: GitHub Advisory Database
Blast Radius: 29.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1jeDk0LW1yZzktcnE0as4AArBC
Pion/DTLS contains buffer for inbound DTLS fragments with no limit
Ecosystems: go
Packages: github.com/pion/dtls/v2, github.com/pion/dtls
Source: GitHub Advisory Database
Blast Radius: 16.0
Published: almost 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXY3ZmYtOHdjeC1nbWM1
Authorization Before Parsing and Canonicalization in jetty
Ecosystems: maven
Packages: org.eclipse.jetty:jetty-webapp
Source: GitHub Advisory Database
Blast Radius: 22.7
Published: about 3 years ago
Moderate
GSA_kwCzR0hTQS01Mjk3LXdycnAtcmNqN84AA6ui
Shopware Improper Session Handling in store-api account logout
Ecosystems: packagist
Packages: shopware/platform, shopware/core
Source: GitHub Advisory Database
Blast Radius: 13.1
Published: about 1 month ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZqdjUtZ3Aydy02NXZt
Encoded URIs can access WEB-INF directory in Eclipse Jetty
Ecosystems: maven
Packages: org.eclipse.jetty:jetty-webapp
Source: GitHub Advisory Database
Blast Radius: 22.7
Published: almost 3 years ago
Moderate
GSA_kwCzR0hTQS1tNDRqLWNmcm0tZzhxY84AA76G
Bouncy Castle crafted signature and public key can be used to trigger an infinite loop
Ecosystems: nuget, maven
Packages: BouncyCastle.Cryptography, BouncyCastle, org.bouncycastle:bcpkix-jdk14, org.bouncycastle:bcpkix-jdk15to18, org.bouncycastle:bcpkix-jdk18on, org.bouncycastle:bctls-jdk15to18, org.bouncycastle:bctls-jdk14, org.bouncycastle:bctls-jdk18on, org.bouncycastle:bcprov-jdk14, org.bouncycastle:bcprov-jdk15to18, org.bouncycastle:bcprov-jdk15on, org.bouncycastle:bcprov-jdk18on
Source: GitHub Advisory Database
Blast Radius: 23.7
Published: 5 days ago
Moderate
GSA_kwCzR0hTQS0zNmc4LTYycXYtNTk1N84AA8EK
TYPO3 vulnerable to an Uncontrolled Resource Consumption in the ShowImageController
Ecosystems: packagist
Packages: typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 19.0
Published: 5 days ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW1qNHgtd2N4Zi1obTh4
Json-jwt did not verify the cryptographic signature for data
Ecosystems: rubygems
Packages: json-jwt
Source: GitHub Advisory Database
Blast Radius: 17.3
Published: almost 6 years ago
Moderate
GSA_kwCzR0hTQS1jN3hyLTczNnAtMjlqM80-LA
TYPO3 is vulnerable to Insecure randomness in uniqid function
Ecosystems: packagist
Packages: typo3/cms-install
Source: GitHub Advisory Database
Blast Radius: 13.4
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1mZjlqLXB3eGctcTVwMs4AAvsz
deep-parse-json vulnerable to Prototype Pollution
Ecosystems: npm
Packages: deep-parse-json
Source: GitHub Advisory Database
Blast Radius: 7.4
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1wZmgyLWhmbXEtcGhnNc4AA4C3
json-path Out-of-bounds Write vulnerability
Ecosystems: maven
Packages: com.jayway.jsonpath:json-path
Source: GitHub Advisory Database
Blast Radius: 24.2
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS1xcXY5LWdxaDUtN2g5Oc4AAwlj
Snipe-IT allows attackers to check whether a user account exists
Ecosystems: packagist
Packages: snipe/snipe-it
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS13MzMzLTVmOTYtbWpycs4AA8HU
Drupal core Denial of Service
Ecosystems: packagist
Packages: drupal/drupal
Source: GitHub Advisory Database
Blast Radius: 11.7
Published: 4 days ago
Moderate
GSA_kwCzR0hTQS1meDJjLTk2dmotOTg1ds4AAwRn
HAProxyMessageDecoder Stack Exhaustion DoS
Ecosystems: maven
Packages: io.netty:netty-codec-haproxy
Source: GitHub Advisory Database
Blast Radius: 14.5
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS12ZmdjLWM3NmgtbXdoNM4AA8HN
Drupal core Cross-Site Scripting (XSS) vulnerabilities
Ecosystems: packagist
Packages: drupal/core
Source: GitHub Advisory Database
Blast Radius: 19.7
Published: 4 days ago
Moderate
GSA_kwCzR0hTQS1jNXdjLXYyODctODJwY84AAgYl
HashiCorp Vault improper configuration of multi factor authentication
Ecosystems: go
Packages: github.com/hashicorp/vault
Source: GitHub Advisory Database
Blast Radius: 17.8
Published: about 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWhycHAtZjg0dy14aGZn
Outdated Static Dependency in vue-moment
Ecosystems: npm
Packages: vue-moment
Source: GitHub Advisory Database
Blast Radius: 19.9
Published: over 3 years ago
Moderate
GSA_kwCzR0hTQS04aDk1LWpjcDUtcGpwcs4AA5Wt
Improper Validation of Array Index in github.com/greenpau/caddy-security
Ecosystems: go
Packages: github.com/greenpau/caddy-security
Source: GitHub Advisory Database
Blast Radius: 2.5
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS13N2pyLXdxdzYtNTR4Y84AAjcJ
Non-constant time comparison of inbound TCP agent connection secret
Ecosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS13aHBoLTQ0NmgtNm05ds075w
Azure SDK for .NET Information Disclosure Vulnerability.
Ecosystems: nuget
Packages: Microsoft.Rest.ClientRuntime
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS00M2oyLXI0djMtbThqcM4AAknk
Secrets are not masked by Jenkins Credentials Binding Plugin in builds without build steps
Ecosystems: maven
Packages: org.jenkins-ci.plugins:credentials-binding
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1tdmozLXFycWgtY2p2cs4AA0ON
CometBFT PeerState JSON serialization deadlock
Ecosystems: go
Packages: github.com/cometbft/cometbft
Source: GitHub Advisory Database
Blast Radius: 11.1
Published: 11 months ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXhnZ3gtZng2dy12N2No
Improper Neutralization of Wildcards or Matching Symbols
Ecosystems: maven
Packages: org.springframework.data:spring-data-jpa
Source: GitHub Advisory Database
Blast Radius: 24.5
Published: almost 5 years ago
Moderate
GSA_kwCzR0hTQS1od3ZtLXZmdzgtOTNtd80cpQ
Vulnerable dependency in XTDB connector
Ecosystems: maven
Packages: org.odpi.egeria:egeria-connector-xtdb
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS05YzVjLTVqNGgtOHEyY80btQ
BookStack is vulnerable to Improper Access Control.
Ecosystems: packagist
Packages: ssddanbrown/bookstack
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS01M2ptLTNoYzktZnFxY84AAvAA
Apache Batik vulnerable to Server-Side Request Forgery
Ecosystems: maven
Packages: org.apache.xmlgraphics:batik
Source: GitHub Advisory Database
Blast Radius: 4.1
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1jNXh2LXFjOHAtbWgyds4AAu_9
Apache Batik Server-Side Request Forgery
Ecosystems: maven
Packages: org.apache.xmlgraphics:batik
Source: GitHub Advisory Database
Blast Radius: 4.1
Published: over 1 year ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZmbW0tNDdxYy1wNG00
Unauthorized File Access in harp
Ecosystems: npm
Packages: harp
Source: GitHub Advisory Database
Blast Radius: 16.1
Published: almost 5 years ago
Moderate
GSA_kwCzR0hTQS13OWdxLThxMzUtM2pjY84AASj9
Jenkins Subversion Plugin Incorrect Authorization vulnerability
Ecosystems: maven
Packages: org.jenkins-ci.plugins:subversion
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS02dmZnLThwcHYtaDVoZ84AAhPq
MediaWiki Incorrect Access Control vulnerability
Ecosystems: packagist
Packages: mediawiki/core
Source: GitHub Advisory Database
Blast Radius: 5.3
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS13cHJ2LTkzcjQtamoycM4AAz8m
OpenZeppelin Contracts using MerkleProof multiproofs may allow proving arbitrary leaves for specific trees
Ecosystems: npm
Packages: @openzeppelin/contracts-upgradeable, @openzeppelin/contracts
Source: GitHub Advisory Database
Blast Radius: 24.1
Published: 11 months ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTY4NmctM3hyMy14NHg2
Information Exposure on Case Insensitive File Systems in serve
Ecosystems: npm
Packages: serve
Source: GitHub Advisory Database
Blast Radius: 26.6
Published: almost 6 years ago
Moderate
GSA_kwCzR0hTQS0yNTg3LXc5M2ctNjNtMs0sNA
Agent-to-controller security bypass in Jenkins HashiCorp Vault Plugin allows reading arbitrary files
Ecosystems: maven
Packages: com.datapipe.jenkins.plugins:hashicorp-vault-plugin
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW12bWYtY3ZmeC1xZzU1
Regular Expression Denial of Service in bleach
Ecosystems: npm
Packages: bleach
Source: GitHub Advisory Database
Blast Radius: 4.8
Published: over 3 years ago
Moderate
GSA_kwCzR0hTQS0zODNwLXhxeHgtcnJtcM4AAdBJ
Denial of service in Apache Struts
Ecosystems: maven
Packages: ognl:ognl, org.apache.struts:struts2-core
Source: GitHub Advisory Database
Blast Radius: 20.1
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1yYzhxLTQ1djgteDZ4Y802-g
Path Disclosure within joomla/filesystem class
Ecosystems: packagist
Packages: joomla/filesystem
Source: GitHub Advisory Database
Blast Radius: 11.3
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS12djg5LXhnZ3gtcXFoMs4AAknT
Improper permission checks in Jenkins Copy Artifact Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:copyartifact
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Statistics
Advisories: 18,774
Packages: 8,381
Repositories: 2,494
Ecosystems: 12
Filter by Severity
Moderate 8,161 High 6,452 Critical 2,849 Low 1,017
Filter by Ecosystem
maven 2,589 packagist 2,256 pypi 1,820 npm 1,067 go 899 nuget 567 rubygems 373 cargo 262 hex 14 swift 12 pub 3 actions 3
Filter by Package
moodle/moodle 247 tensorflow 207 tensorflow-cpu 191 tensorflow-gpu 190 org.jenkins-ci.main:jenkins-core 114 magento/community-edition 106 org.apache.tomcat:tomcat 92 pimcore/pimcore 86 typo3/cms 66 microweber/microweber 62 django 54 typo3/cms-core 54 dolibarr/dolibarr 53 apache-airflow 52 phpmyadmin/phpmyadmin 50 drupal/core 46 thorsten/phpmyfaq 45 github.com/usememos/memos 42 actionpack 42 apache-superset 40 drupal/drupal 38 plone 35 concrete5/concrete5 34 showdoc/showdoc 34 github.com/grafana/grafana 33 Plone 32 librenms/librenms 32 ansible 31 nova 31 org.keycloak:keycloak-core 31 github.com/mattermost/mattermost-server/v6 30 moin 27 github.com/mattermost/mattermost/server/v8 27 intelliants/subrion 27 symfony/symfony 27 craftcms/cms 26 silverstripe/framework 25 com.liferay.portal:release.portal.bom 25 snipe/snipe-it 24 org.elasticsearch:elasticsearch 24 baserproject/basercms 22 github.com/answerdev/answer 21 org.apache.struts:struts2-core 20 k8s.io/kubernetes 20 grumpydictator/firefly-iii 19 shopware/platform 18 shopware/shopware 18 rdiffweb 18 froxlor/froxlor 18 matrix-synapse 18 remdex/livehelperchat 18 mediawiki/core 18 nilsteampassnet/teampass 18 getkirby/cms 17 keystone 17 org.apache.tomcat.embed:tomcat-embed-core 16 prestashop/prestashop 15 github.com/argoproj/argo-cd/v2 15 vyper 15 tribalsystems/zenario 14 puppet 14 Django 14 salt 14 glance 14 nokogiri 14 yetiforce/yetiforce-crm 14 mautic/core 13 org.keycloak:keycloak-services 13 forkcms/forkcms 13 org.xwiki.platform:xwiki-platform-oldcore 13 github.com/docker/docker 13 io.undertow:undertow-core 13 Pillow 13 com.jfinal:jfinal 13 shopware/core 13 tinymce 12 github.com/goharbor/harbor 12 org.apache.solr:solr-core 12 github.com/hashicorp/consul 12 org.apache.jspwiki:jspwiki-main 12 com.thoughtworks.xstream:xstream 12 neutron 12 github.com/hashicorp/vault 12 github.com/hashicorp/nomad 11 lavalite/cms 11 DotNetNuke.Core 11 pyftpdlib 11 feehi/feehicms 11 github.com/cilium/cilium 11 genix/cms 11 org.bouncycastle:bcprov-jdk14 11 getgrav/grav 11 github.com/argoproj/argo-cd 11 directus 11 org.keycloak:keycloak-parent 11 @openzeppelin/contracts 10 org.eclipse.jetty:jetty-server 10 notebook 10 github.com/ethereum/go-ethereum 10 ec-cube/ec-cube 10 rack 10 org.springframework.security:spring-security-core 10 github.com/greenpau/caddy-security 10 org.bouncycastle:bcprov-jdk15on 10 fat_free_crm 10 github.com/mattermost/mattermost-server 10 @openzeppelin/contracts-upgradeable 10 contao/core-bundle 10 org.apache.jspwiki:jspwiki-war 10 org.apache.nifi:nifi 10 wallabag/wallabag 10 francoisjacquet/rosariosis 10 com.vaadin:vaadin-bom 10 typo3/cms-backend 10 activesupport 10 joplin 10 github.com/containerd/containerd 10 org.springframework:spring-core 10 PaddlePaddle 10 helm.sh/helm/v3 10 swagger-ui 9 roundup 9 TinyMCE 9 org.igniterealtime.openfire:parent 9 org.mortbay.jetty:jetty 9 cakephp/cakephp 9 org.jenkins-ci.plugins:git 9 org.opencrx:opencrx-core-models 9 ghost 9 zendframework/zendframework1 9 gogs.io/gogs 9 angular 9 bolt/bolt 9 publify_core 9 rubygems-update 9 org.jenkins-ci.plugins:script-security 9 horizon 9 ckeditor4 9 tinymce/tinymce 9 code.gitea.io/gitea 9 github.com/openfga/openfga 8 org.apache.activemq:activemq-client 8 wasmtime 8 org.apache.archiva:archiva 8 electron 8 simplesamlphp/simplesamlphp 8 rails-html-sanitizer 8 jquery-rails 8 github.com/kubeedge/kubeedge 8 opencv-python 8 bootstrap 8 org.opencms:opencms-core 8 laravel/framework 8 org.jenkins-ci.plugins:electricflow 8 editor.md 8 rails 8 sylius/sylius 8 contao/contao 8 silverstripe/cms 8 centreon/centreon 8 opencv-contrib-python 8 Microsoft.ChakraCore 8 impresscms/impresscms 8 actionview 8 io.jenkins:configuration-as-code 7 github.com/moby/moby 7 modoboa 7 com.vaadin:flow-server 7 pyload-ng 7 silverstripe/admin 7 trytond 7 phpbb/phpbb 7 admidio/admidio 7 aiohttp 7 validator 7 org.apache.cxf:cxf-core 7 org.opennms:opennms 7 kevinpapst/kimai2 7 io.jenkins.blueocean:blueocean 7 pillow 7 wagtail 7 org.apache.santuario:xmlsec 7 org.bouncycastle:bcprov-jdk15 7 jquery-ui 7 jquery-ui-rails 7 org.bouncycastle:bcprov-jdk15to18 7 org.webjars.npm:jquery-ui 7 jQuery.UI.Combined 7 github.com/google/fscrypt 7 org.owasp.antisamy:antisamy 7 org.jenkins-ci.plugins:subversion 7 phpmyfaq/phpmyfaq 7 activerecord 7 next 7 org.jenkins-ci.plugins:email-ext 7 OctoPrint 7 org.apache.james:james-server 7 github.com/1Panel-dev/1Panel 7 swift 7 vantage6 7
Filter by Repository
https://github.com/tensorflow/tensorflow 207 https://github.com/moodle/moodle 164 https://github.com/jenkinsci/jenkins 90 https://github.com/pimcore/pimcore 83 https://github.com/microweber/microweber 58 https://github.com/django/django 57 https://github.com/apache/tomcat 53 https://github.com/apache/airflow 51 https://github.com/thorsten/phpmyfaq 45 https://github.com/usememos/memos 42 https://github.com/xwiki/xwiki-platform 38 https://github.com/TYPO3/typo3 35 https://github.com/kubernetes/kubernetes 33 https://github.com/rails/rails 33 https://github.com/star7th/showdoc 32 https://github.com/librenms/librenms 30 https://github.com/plone/Products.CMFPlone 29 https://github.com/grafana/grafana 29 https://github.com/keycloak/keycloak 27 https://github.com/ansible/ansible 26 https://github.com/phpmyadmin/phpmyadmin 22 https://github.com/symfony/symfony 22 https://github.com/spring-projects/spring-framework 21 https://github.com/craftcms/cms 21 https://github.com/answerdev/answer 21 https://github.com/openstack/nova 21 https://github.com/Dolibarr/dolibarr 21 https://github.com/snipe/snipe-it 20 https://github.com/apache/activemq 19 https://github.com/argoproj/argo-cd 19 https://github.com/concretecms/concretecms 19 https://github.com/firefly-iii/firefly-iii 19 https://github.com/ikus060/rdiffweb 18 https://github.com/python-pillow/Pillow 18 https://github.com/livehelperchat/livehelperchat 18 https://github.com/matrix-org/synapse 17 https://github.com/shopware/platform 17 https://github.com/apache/struts 17 https://github.com/magento/magento2 16 https://github.com/shopware/shopware 16 https://github.com/vyperlang/vyper 15 https://github.com/openstack/keystone 15 https://github.com/CVEProject/cvelist 15 https://github.com/PaddlePaddle/Paddle 14 https://github.com/froxlor/froxlor 14 https://github.com/yetiforcecompany/yetiforcecrm 14 https://github.com/OpenNMS/opennms 14 https://github.com/TYPO3/TYPO3.CMS 14 https://github.com/go-gitea/gitea 13 https://github.com/octobercms/october 13 https://github.com/getkirby/kirby 13 https://github.com/x-stream/xstream 13 https://github.com/mautic/mautic 13 https://github.com/goharbor/harbor 12 https://github.com/netty/netty 12 https://github.com/PrestaShop/PrestaShop 12 https://github.com/tinymce/tinymce 12 https://github.com/apache/cxf 12 https://github.com/contao/contao 11 https://github.com/intelliants/subrion 11 https://github.com/forkcms/forkcms 11 https://github.com/silverstripe/silverstripe-framework 11 https://github.com/cilium/cilium 11 https://github.com/saltstack/salt 10 https://github.com/laurent22/joplin 10 https://github.com/ethereum/go-ethereum 10 https://github.com/moby/moby 10 https://github.com/liufee/cms 10 https://github.com/baserproject/basercms 10 https://github.com/nilsteampassnet/TeamPass 10 https://github.com/OpenZeppelin/openzeppelin-contracts 10 https://github.com/vaadin/platform 10 https://github.com/helm/helm 10 https://github.com/greenpau/caddy-security 10 https://github.com/containerd/containerd 10 https://github.com/mattermost/mattermost 10 https://github.com/directus/directus 10 https://github.com/github/advisory-database 9 https://github.com/strapi/strapi 9 https://github.com/electron/electron 9 https://github.com/geoserver/geoserver 9 https://github.com/fatfreecrm/fat_free_crm 9 https://github.com/apache/nifi 9 https://github.com/publify/publify 9 https://github.com/jquery/jquery 9 https://github.com/puppetlabs/puppet 9 https://github.com/sparklemotion/nokogiri 9 https://github.com/jenkinsci/git-plugin 9 https://github.com/getgrav/grav 8 https://github.com/pandao/editor.md 8 https://github.com/LavaLite/cms 8 https://github.com/openfga/openfga 8 https://github.com/swagger-api/swagger-ui 8 https://github.com/eclipse/jetty.project 8 https://github.com/ckeditor/ckeditor4 8 https://github.com/bcgit/bc-java 8 https://github.com/rails/rails-html-sanitizer 8 https://github.com/TryGhost/Ghost 8 https://github.com/openstack/glance 8 https://github.com/hashicorp/consul 8 https://github.com/rack/rack 8 https://github.com/rubygems/rubygems 8 https://github.com/bytecodealliance/wasmtime 8 https://github.com/wallabag/wallabag 8 https://github.com/nilsteampassnet/teampass 8 https://github.com/kubeedge/kubeedge 8 https://github.com/jupyter/notebook 8 https://github.com/twbs/bootstrap 7 https://github.com/aio-libs/aiohttp 7 https://github.com/vaadin/flow 7 https://github.com/pyload/pyload 7 https://github.com/nahsra/antisamy 7 https://github.com/opencv/opencv 7 https://github.com/dolibarr/dolibarr 7 https://github.com/hashicorp/vault 7 https://github.com/laravel/framework 7 https://github.com/traefik/traefik 7 https://github.com/wagtail/wagtail 7 https://github.com/scrapy/scrapy 7 https://github.com/apache/zeppelin 7 https://github.com/dotnet/runtime 7 https://github.com/openstack/horizon 7 https://github.com/chakra-core/ChakraCore 7 https://github.com/jeecgboot/jeecg-boot 7 https://github.com/vantage6/vantage6 7 https://github.com/thorsten/phpMyFAQ 7 https://github.com/jenkinsci/blueocean-plugin 7 https://github.com/modoboa/modoboa 7 https://github.com/google/fscrypt 7 https://github.com/1Panel-dev/1Panel 7 https://github.com/gogs/gogs 7 https://github.com/kevinpapst/kimai2 7 https://github.com/giampaolo/pyftpdlib 7 https://github.com/cui2shark/security 6 https://github.com/parse-community/parse-server 6 https://github.com/opensearch-project/security 6 https://github.com/neorazorx/facturascripts 6 https://github.com/ipython/ipython 6 https://github.com/cloudflare/cfrpki 6 https://github.com/jenkinsci/configuration-as-code-plugin 6 https://github.com/pimcore/customer-data-framework 6 https://github.com/jenkinsci/config-file-provider-plugin 6 https://github.com/opencast/opencast 6 https://github.com/panva/jose 6 https://github.com/igniterealtime/Openfire 6 https://github.com/croogo/croogo 6 https://github.com/backstage/backstage 6 https://github.com/jenkinsci/fortify-on-demand-uploader-plugin 6 https://github.com/jquery/jquery-ui 6 https://github.com/urllib3/urllib3 6 https://github.com/dompdf/dompdf 6 https://github.com/containers/podman 6 https://github.com/d4wner/Vulnerabilities-Report 6 https://github.com/umbraco/Umbraco-CMS 6 https://github.com/pimcore/admin-ui-classic-bundle 6 https://github.com/onionshare/onionshare 6 https://github.com/cubefs/cubefs 6 https://github.com/faucetsdn/ryu 6 https://github.com/simplesamlphp/simplesamlphp 6 https://github.com/oroinc/orocommerce 6 https://github.com/jenkinsci/script-security-plugin 6 https://github.com/Sylius/Sylius 6 https://github.com/nocodb/nocodb 6 https://github.com/OctoPrint/OctoPrint 5 https://github.com/cosmos/cosmos-sdk 5 https://github.com/cri-o/cri-o 5 https://github.com/rancher/rancher 5 https://github.com/sulu/sulu 5 https://github.com/opencontainers/runc 5 https://github.com/pmmp/PocketMine-MP 5 https://github.com/cloudfoundry/uaa 5 https://github.com/hashicorp/nomad 5 https://github.com/lief-project/LIEF 5 https://github.com/admidio/admidio 5 https://github.com/unshiftio/url-parse 5 https://github.com/hyperium/hyper 5 https://github.com/puma/puma 5 https://github.com/apache/superset 5 https://github.com/mantisbt/mantisbt 5 https://github.com/etcd-io/etcd 5 https://github.com/paritytech/frontier 5 https://github.com/gradio-app/gradio 5 https://github.com/nervosnetwork/ckb 5 https://github.com/cakephp/cakephp 5 https://github.com/evershopcommerce/evershop 5 https://github.com/NodeBB/NodeBB 5 https://github.com/TribalSystems/Zenario 5 https://github.com/kivikakk/comrak 5 https://github.com/jenkinsci/codedx-plugin 5 https://github.com/alextselegidis/easyappointments 5 https://github.com/apache/tika 5 https://bitbucket.org/snakeyaml/snakeyaml 5 https://github.com/bolt/bolt 5 https://github.com/zitadel/zitadel 5 https://github.com/jenkinsci/subversion-plugin 5 https://github.com/lxml/lxml 5 https://github.com/xuxueli/xxl-job 5 https://github.com/yiisoft/yii2 5 https://github.com/apache/dolphinscheduler 5