Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Low Security Advisories

Loading...
Low
GSA_kwCzR0hTQS1ydjhoLXA0M3ItNHg1cs4AAdHu
SimpleGeo python-oauth2 vulnerable to the use of Insufficiently Random Values to generate nonces
Ecosystems: pypi
Packages: oauth2
Source: GitHub Advisory Database
Blast Radius: 14.2
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS05dzRmLTN2MzctNmY3Nc4AAcy3
ceph-deploy allows local users to obtain sensitive information by reading the file
Ecosystems: pypi
Packages: ceph-deploy
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS1qcW1yLXdxZ3AtOG1oMs4AAcfP
phpMyAdmin cross-site scripting Vulnerability in Table or Column Names
Ecosystems: packagist
Packages: phpmyadmin/phpmyadmin
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS1wNjMyLTV3NzQteDh4eM4AAcSd
phpMyAdmin Cross-site scripting (XSS) vulnerability via pageNumber value
Ecosystems: packagist
Packages: phpmyadmin/phpmyadmin
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS12NHc1LXAyaGctOGZoNs4AAcGU
Urllib3 Incorrect Certificate Validation
Ecosystems: pypi
Packages: urllib3
Source: GitHub Advisory Database
Blast Radius: 20.8
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS02cHJ3LTh4aG0taDI0N84AAb59
Salt uses weak permissions on the cache data
Ecosystems: pypi
Packages: salt
Source: GitHub Advisory Database
Blast Radius: 8.7
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS1weHY1LTV2bXAtM2pqNM4AAb0u
Improper Authentication in Apache Hadoop
Ecosystems: maven
Packages: org.apache.hadoop:hadoop-common
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS0zcDVyLTdjdzMtMm02N84AAbli
Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat
Ecosystems: maven
Packages: org.apache.tomcat:tomcat
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS14cXc5LWZmeDctZzk5OM4AAbaV
phpMyAdmin cookie-attribute injection
Ecosystems: packagist
Packages: phpmyadmin/phpmyadmin
Source: GitHub Advisory Database
Blast Radius: 4.4
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS1xam1nLTc3eGgtN21qd84AAah4
Loggerhead XSS via filename
Ecosystems: pypi
Packages: loggerhead
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS1tOWo3LXhjajctNDJqOc4AAagr
MoinMoin Cross-site Scripting (XSS) vulnerability
Ecosystems: pypi
Packages: moin
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS05aHczLTRndnAtOG12Nc4AAaYZ
TYPO3 Cross-site scripting (XSS) vulnerability in the click enlarge functionality
Ecosystems: packagist
Packages: typo3/cms-frontend
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS05aGgyLThjdzYtaGZ2N84AAaYV
TYPO3 Cross-Site Scripting vulnerability in the Install Tool
Ecosystems: packagist
Packages: typo3/cms-install
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS0zbXFmLWZ3YzYtdndxd84AAaYX
TYPO3 Cross-site scripting (XSS) vulnerability in the FORM content object
Ecosystems: packagist
Packages: typo3/cms-frontend
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS1ocTNmLTlnZjctNzNyOM4AAaKV
Openstack Compute (Nova) Denial of service via network request that triggers large number of iptables rules
Ecosystems: pypi
Packages: nova
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS03dzZjLTVwcjQtN3F2cM4AAaFi
Typo3 Backend XSS Vulnerability
Ecosystems: packagist
Packages: typo3/cms
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS03Z2c4LTNyNmotNWc1Nc4AAaFh
Typo3 Backend Configuration XSS Vulnerability
Ecosystems: packagist
Packages: typo3/cms
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS1xdnByLXFtNnctNnJjY84AAZ-c
OpenStack Keystone intended authorization restrictions bypass
Ecosystems: pypi
Packages: Keystone
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS1xbW13LWNoMnEtajZ4eM4AAZ8F
Typo3 Backend API XSS Vulnerability
Ecosystems: packagist
Packages: typo3/cms
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS13NTYzLXJxMzctY3ZxNc4AAZ8H
Typo3 Backend History Module Vulnerable to XSS
Ecosystems: packagist
Packages: typo3/cms
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS1yZ2Y2LTlxN2ctNTVxZ84AAZ8K
Typo3 Function Menu API XSS Vulnerability
Ecosystems: packagist
Packages: typo3/cms
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS1jOHc5LTgzdmctcjh2ds4AAZ6A
OpenStack Glance is vulnerable to Exposure of Sensitive Information
Ecosystems: pypi
Packages: glance
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS1xajY5LWNoanAtZzRmNc4AAZvc
TYPO3 Cross-site scripting (XSS) vulnerability in the Extbase Framework
Ecosystems: packagist
Packages: typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS1yOG03LTc5MmotNWp2cc4AAZvd
TYPO3 Cross-Site Scripting (XSS) vulnerabilities in Content Editing Wizards component
Ecosystems: packagist
Packages: typo3/cms
Source: GitHub Advisory Database
Blast Radius: 7.8
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS05Z2NmLXBxOTktcmp3M84AAZrR
RPLY Predictable Tmpfile Names Allows Cache Spoofing
Ecosystems: pypi
Packages: RPLY
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS03MzcyLXE0NTktanhocs4AAZrH
pyxdg Arbitrary File Overwrite via Race Condition
Ecosystems: pypi
Packages: pyxdg
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS1mcDZwLTV4dnctbTc0Zs4AAZQc
Django User Enumeration Vulnerability
Ecosystems: pypi
Packages: django
Source: GitHub Advisory Database
Blast Radius: 15.7
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS04cTJtLXB3eGYtamM3Z84AAY6T
python-keystoneclient unsecure user password update
Ecosystems: pypi
Packages: python-keystoneclient
Source: GitHub Advisory Database
Blast Radius: 10.1
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS1oZjd3LWY0aDQtOXhwOM4AAYZt
Exposure of Sensitive Information in Jenkins Datadog plugin
Ecosystems: maven
Packages: org.datadog.jenkins.plugins:datadog
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS1mY3h3LWhoeHEtNDh3eM4AAYKI
Insecure temporary file usage in Jenkins Git Client Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:git-client
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS04NnFqLTRoNTUtZnZwd84AAX1a
OpenStack Heat template URL information leakage
Ecosystems: pypi
Packages: openstack-heat
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Low
GSA_kwCzR0hTQS1xcWgyLWg2Z3ctNng4eM4AAX1Z
Typo3 XSS Vulnerabilities
Ecosystems: packagist
Packages: typo3/cms
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Low
GSA_kwCzR0hTQS1tOWoyLWdycWYtZmcyNs4AAW5D
Jenkins Reverse Proxy Auth Plugin allows attackers with local file system access to obtain a list of authorities for logged in users
Ecosystems: maven
Packages: org.jenkins-ci.plugins:reverse-proxy-auth-plugin
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Low
GSA_kwCzR0hTQS04NzZqLTRxNzMtN2Y1Ns4AAW5C
Jenkins GitHub Pull Request Builder Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:ghprb
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Low
GSA_kwCzR0hTQS0zaHc2LWdjOGgtOTI0M84AAWQT
Jenkins meliora-testlab Plugin allows attackers with file system access to Jenkins master to obtain API key
Ecosystems: maven
Packages: org.jenkins-ci.plugins:meliora-testlab
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Low
GSA_kwCzR0hTQS1nODkyLTloOG0tcjY5cs4AAWKU
Libcloud does not properly scrub data when destroying a DigitalOcean node
Ecosystems: pypi
Packages: apache-libcloud
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Low
GSA_kwCzR0hTQS05ODloLXd2OHgtOTMzcM4AAWA8
TYPO3 cross-site scripting (XSS)
Ecosystems: packagist
Packages: typo3/cms
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Low
GSA_kwCzR0hTQS1qNWpoLWhwcjQtaDMzMs4AAV_7
Symfony Session Fixation Vulnerability
Ecosystems: packagist
Packages: symfony/security, symfony/security-http, symfony/symfony
Source: GitHub Advisory Database
Blast Radius: 13.6
Published: about 2 years ago
Low
GSA_kwCzR0hTQS02M2pnLTV3djYtN2dods4AAV9P
Jenkins Resource Disposer Plugin allows attacker to stop tracking specified resource
Ecosystems: maven
Packages: org.jenkins-ci.plugins:resource-disposer
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Low
GSA_kwCzR0hTQS1oMjU5LTNyamctNXFwM84AAVUs
Exposure of Sensitive Information to an Unauthorized Actor in JBoss Fuse
Ecosystems: maven
Packages: org.jboss.fuse:jboss-fuse
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Low
GSA_kwCzR0hTQS1ydzc1LW03Z3AtOTJtM84AAVFB
Django data leakage via querystring manipulation in admin
Ecosystems: pypi
Packages: Django
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Low
GSA_kwCzR0hTQS1xNTg2LXhwd3ItamMzas4AAU_C
phpMyAdmin cross-site scripting vulnerability in crafted view name
Ecosystems: packagist
Packages: phpmyadmin/phpmyadmin
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Low
GSA_kwCzR0hTQS1wY3F2LWM0NnYtMnA0ds4AAU8C
Ansible Arbitrary File Overwrite Vulnerability
Ecosystems: pypi
Packages: ansible
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Low
GSA_kwCzR0hTQS1majI0LWdocDktMzl2M84AAU8E
Ansible uses a socket with predictable filename in /tmp
Ecosystems: pypi
Packages: Ansible
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Low
GSA_kwCzR0hTQS1ncnA1LWgzNzktajc1eM4AAU0P
OpenStack Nova live snapshots use an insecure local directory
Ecosystems: pypi
Packages: nova
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Low
GSA_kwCzR0hTQS12OTMzLXZ4NXAtajd3Ms4AAU0n
OpenStack Oslo utility sensitive information exposure via log files
Ecosystems: pypi
Packages: oslo.utils
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Low
GSA_kwCzR0hTQS1xNDhxLTc3cXYtY2Y5cM4AAUp3
httplib2 incorrectly checks SSL certificate
Ecosystems: pypi
Packages: httplib2
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Low
GSA_kwCzR0hTQS1qZjJ3LW1xNnItNTZ2OM4AAUTk
Caddy allows enumeration of Certificates and Hostnames
Ecosystems: go
Packages: github.com/caddyserver/caddy
Source: GitHub Advisory Database
Blast Radius: 12.3
Published: about 2 years ago
Low
GSA_kwCzR0hTQS1majZjLXByZ2otZ3Izcs4AATys
Improper Limitation of a Pathname to a Restricted Directory in Apache Tomcat
Ecosystems: maven
Packages: org.apache.tomcat:tomcat
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Low
GSA_kwCzR0hTQS12cHFwLWh4NjgtcDJ3eM4AATkx
Improper Link Resolution Before File Access in Suds
Ecosystems: pypi
Packages: suds
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Low
GSA_kwCzR0hTQS1oOGM1LWM5MmctanE2eM4AATfr
Improper Input Validation in Jenkins
Ecosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Low
GSA_kwCzR0hTQS1qNDM2LWg3aG0tcng0Ns4AATVN
Puppet Labs Facter allows local users to obtain sensitive Amazon EC2 IAM instance metadata
Ecosystems: rubygems
Packages: facter
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Low
GSA_kwCzR0hTQS1oM2doLTk3OHItNzQ3d84AATUz
puppetlabs-rabbitmq allows local users to obtain sensitive information
Ecosystems: hex
Packages: puppetlabs-rabbitmq
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Low
GSA_kwCzR0hTQS12NTh3LTZ4YzItdzc5Oc4AATUx
Puppet Denial of Service and Arbitrary File Write
Ecosystems: rubygems
Packages: puppet
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Low
GSA_kwCzR0hTQS13d2d4LTk0djYtZmMycM4AASyU
Jenkins SSH Agent Plugin exposes SSH private key password to users with permission to read the build log
Ecosystems: maven
Packages: org.jenkins-ci.plugins:ssh-agent
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Low
GSA_kwCzR0hTQS01ZnE5LXg5ZjQteDJyMs4AASkM
Jenkins z/OS Connector Plugin allows local attacker to retrieve configured password
Ecosystems: maven
Packages: org.jenkins-ci.plugins:zos-connector
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Low
GSA_kwCzR0hTQS1jZ2hnLWpjdjYtNHY1bc4AASj5
Jenkins Coverity Plugin has Insufficiently Protected Credentials
Ecosystems: maven
Packages: org.jenkins-ci.plugins:coverity
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Low
GSA_kwCzR0hTQS0yY2YzLWcyNDMtaGhmeM4AASTB
MySQL Connectors Privilege Escalation
Ecosystems: pypi
Packages: mysql-connector-python
Source: GitHub Advisory Database
Blast Radius: 13.8
Published: about 2 years ago
Low
GSA_kwCzR0hTQS1jamNmLXdtMnAtNTloNc4AASTJ
Exposure of Sensitive Information to an Unauthorized Actor in Oracle MySQL Connectors Java
Ecosystems: maven
Packages: mysql:mysql-connector-java
Source: GitHub Advisory Database
Blast Radius: 19.0
Published: about 2 years ago
Low
GSA_kwCzR0hTQS1qZm1xLTRnNG0tOTlyaM4AASBR
Nimbus JOSE+JWT vulnerable to padding oracle attack
Ecosystems: maven
Packages: com.nimbusds:nimbus-jose-jwt
Source: GitHub Advisory Database
Blast Radius: 11.8
Published: about 2 years ago
Low
GSA_kwCzR0hTQS1yajRwLTdtbTYtZ205as4AARto
JBossWS vulnerable to uncontrolled recursion
Ecosystems: maven
Packages: org.jboss.ws:jbossws-common
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Low
GSA_kwCzR0hTQS14NTVwLTY1MjYteG1tcM4AARct
Exposure of Sensitive Information to an Unauthorized Actor in Jenkins
Ecosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Low
GSA_kwCzR0hTQS05djcyLXA1cDMtOXc2Nc4AARb4
Exposure of Sensitive Information to an Unauthorized Actor in Jenkins-mailer-plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:mailer
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Low
GSA_kwCzR0hTQS12cnY5LWNjajMtZzI4NM37Ew
Jenkins IRC Plugin stores credentials in plain text
Ecosystems: maven
Packages: org.jvnet.hudson.plugins:ircbot
Source: GitHub Advisory Database
Blast Radius: 2.6
Published: about 2 years ago
Low
GSA_kwCzR0hTQS12anI2LWNxMjItbTRxNc37Mw
Jenkins AWS Elastic Beanstalk Publisher Plugin stores credentials in plain text
Ecosystems: maven
Packages: org.jenkins-ci.plugins:aws-beanstalk-publisher-plugin
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Low
GSA_kwCzR0hTQS00Y3hyLTR2d2MtNnBnN837Cw
Jenkins Bitbucket Approve Plugin stores credentials in plain text
Ecosystems: maven
Packages: org.jenkins-ci.plugins:bitbucket-approve
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Low
GSA_kwCzR0hTQS03ang4LTI0NGctamZweM367g
Jenkins OWASP ZAP Plugin stores unencrypted credentials
Ecosystems: maven
Packages: org.jenkins-ci.plugins:zap
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Low
GSA_kwCzR0hTQS04NHA0LTdteGMtN3Boas37CA
Jenkins Amazon SNS Build Notifier Plugin stores credentials in plain text
Ecosystems: maven
Packages: org.jenkins-ci.plugins:snsnotify
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Low
GSA_kwCzR0hTQS1waHdyLXBtaDMtbThnMs37Dg
Jenkins aws-device-farm Plugin stores credentials in plain text
Ecosystems: maven
Packages: org.jenkins-ci.plugins:aws-device-farm
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Low
GSA_kwCzR0hTQS1jd3F2LTRjZjItNXZmas366w
Jenkins FTP publisher Plugin stores credentials in plain text
Ecosystems: maven
Packages: org.jvnet.hudson.plugins:ftppublisher
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Low
GSA_kwCzR0hTQS01NzIyLXY1d2MteDdoOM37DQ
Jenkins veracode-scanner Plugin stores credentials in plain text
Ecosystems: maven
Packages: org.jenkins-ci.plugins:veracode-scanner
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Low
GSA_kwCzR0hTQS0zajN2LTdmOGYtdjJ4cM36_w
Jenkins Aqua Security Scanner Plugin stores credentials in plain text
Ecosystems: maven
Packages: org.jenkins-ci.plugins:aqua-security-scanner
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Low
GSA_kwCzR0hTQS1tMzRyLWY3aDYtYzNqMs37CQ
Jenkins AWS CloudWatch Logs Publisher Plugin stores credentials in plain text
Ecosystems: maven
Packages: org.jenkins-ci.plugins:aws-cloudwatch-logs-publisher
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Low
GSA_kwCzR0hTQS1ycHg2LWhwMmgtZ3d3NM36_A
Jenkins Bugzilla Plugin stores credentials in plain text
Ecosystems: maven
Packages: org.jvnet.hudson.plugins:bugzilla
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Low
GSA_kwCzR0hTQS13cmd3LXY5ODctNXFtd837DA
Jenkins CloudShare Docker-Machine Plugin stores credentials in plain text
Ecosystems: maven
Packages: org.jenkins-ci.plugins:cloudshare-docker
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Low
GSA_kwCzR0hTQS1yNzk4LXF4N3ItdjNnd836-A
Jenkins Octopus Deploy Plugin stores credentials in plain text
Ecosystems: maven
Packages: hudson.plugins.octopusdeploy:octopusdeploy
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Low
GSA_kwCzR0hTQS12djZwLTYzZzgtbThmd837BQ
Jenkins Audit to Database Plugin stores credentials in plain text
Ecosystems: maven
Packages: org.jenkins-ci.plugins:audit2db
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Low
GSA_kwCzR0hTQS03bWZwLTkzOHItZmNmas36-Q
Jenkins hyper.sh Commons Plugin stores credentials in plain text
Ecosystems: maven
Packages: sh.hyper.plugins:hyper-commons
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Low
GSA_kwCzR0hTQS1teG13LTZxZ2otaDY3eM33gg
Jenkins PRQA Plugin stored password in plain text
Ecosystems: maven
Packages: com.programmingresearch:prqa-plugin
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Low
GSA_kwCzR0hTQS05OWpjLXY4cHEtNnFtNM33Vg
Jenkins Repository Connector Plugin has insufficiently protected credentials
Ecosystems: maven
Packages: org.jenkins-ci.plugins:repository-connector
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Low
GSA_kwCzR0hTQS1jYzdqLXh4N3EtZnIzNM33Tw
Jenkins Jabber Server Plugin stores credentials in plain text
Ecosystems: maven
Packages: de.e-nexus:jabber-server-plugin
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Low
GSA_kwCzR0hTQS1jN3A2LXgycDMtM3dwaM33UQ
Jenkins youtrack-plugin Plugin stored credentials in plain text
Ecosystems: maven
Packages: org.jenkins-ci.plugins:youtrack-plugin
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Low
GSA_kwCzR0hTQS01NWY4LW04dzUtZm1xOM33Rw
Jenkins Minio Storage Plugin stores credentials in plain text
Ecosystems: maven
Packages: org.jenkins-ci.plugins:minio-storage
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Low
GSA_kwCzR0hTQS14NDY0LXI3ZjQtZ2ozbc33Yw
Jenkins Koji Plugin stores credentials in plain text
Ecosystems: maven
Packages: org.jenkins-ci.plugins:koji
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Low
GSA_kwCzR0hTQS1tN3E4LThnNTYtbTc4d833aA
Jenkins Netsparker Enterprise Scan Plugin stored credentials in plain text
Ecosystems: maven
Packages: org.jenkins-ci.plugins:netsparker-cloud-scan
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Low
GSA_kwCzR0hTQS03aGY2LWhnZ3AtdnZwOc33Zw
Jenkins CloudCoreo DeployTime Plugin stores credentials in plain text
Ecosystems: maven
Packages: com.cloudcoreo.plugins:cloudcoreo-deploytime
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Low
GSA_kwCzR0hTQS1qdnI1LXI2NjMtcXhnd833YQ
Jenkins Sametime Plugin stores credentials in plain text
Ecosystems: maven
Packages: org.jenkins-ci.plugins:sametime
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Low
GSA_kwCzR0hTQS1yd3J4LWhyZjItdjU3N833XQ
Jenkins Serena SRA Deploy Plugin stores credentials in plain text
Ecosystems: maven
Packages: com.urbancode.ds.jenkins.plugins:sra-deploy
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Low
GSA_kwCzR0hTQS05ZnBxLXYycDMtdzYzas33Xg
Jenkins Relution Enterprise Appstore Publisher Plugin stores credentials in plain text
Ecosystems: maven
Packages: org.jenkins-ci.plugins:relution-publisher
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Low
GSA_kwCzR0hTQS1jYzk0LWh3ajMtcmY2Nc30lw
Moodle's login_as feature leaks information from external repositories
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Low
GSA_kwCzR0hTQS04OWYzLTc0bTYtZzI3Z830lg
Moodle Multiple cross-site scripting (XSS) vulnerabilities in the File Picker module
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Low
GSA_kwCzR0hTQS03NWM2LXhxd3ItdjJyOc30bQ
Moodle cross-site scripting (XSS) vulnerability
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Low
GSA_kwCzR0hTQS0yamN3LXI3OXgtNHI1ds30ZA
Moodle does not set the RISK_XSS bit for graders
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Low
GSA_kwCzR0hTQS05Zm13LW00cXgtNmNxOM30TA
Moodle cross-site scripting (XSS) vulnerability
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Low
GSA_kwCzR0hTQS00cHBnLTJteDYtZnF4Oc30Sg
Moodle allows attackers to bypass intended login restrictions
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Low
GSA_kwCzR0hTQS02cjd4LTZxOTgtcWNxcM30Lg
Moodle does not set the RISK_XSS bit for graders
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Low
GSA_kwCzR0hTQS1jcDM5LTQzeHItMndycM30Lw
Moodle XSS Vulnerability
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Low
GSA_kwCzR0hTQS13Nzd2LXhweHItYzZwds30LQ
Moodle cross-site scripting (XSS) vulnerability
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Low
GSA_kwCzR0hTQS12cmY2LXE3cWotNjl2Nc30JA
Moodle allows attackers to upload files containing JavaScript
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Low
GSA_kwCzR0hTQS1qajNqLW1oZ2MtZzRtNM30NQ
Moodle cross-site scripting (XSS) vulnerability
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Statistics
Advisories: 18,745
Packages: 8,373
Repositories: 449
Ecosystems: 12
Filter by Severity
Moderate 8,146 High 6,444 Critical 2,847 Low 1,015
Filter by Ecosystem
pypi 458 maven 282 packagist 178 npm 129 go 125 rubygems 49 cargo 40 nuget 19 hex 3 pub 1 swift 1 actions 1
Filter by Package
tensorflow 109 tensorflow-gpu 93 tensorflow-cpu 93 moodle/moodle 17 concrete5/concrete5 13 shopware/platform 12 typo3/cms 11 github.com/mattermost/mattermost/server/v8 10 phpmyadmin/phpmyadmin 10 shopware/core 10 nova 9 org.apache.tomcat:tomcat 9 org.jenkins-ci.main:jenkins-core 9 matrix-synapse 7 vyper 7 puppet 6 Umbraco.CMS 6 k8s.io/kubernetes 5 typo3/cms-core 5 wasmtime 5 helm.sh/helm/v3 5 sweetalert2 5 ansible 5 undici 5 baserproject/basercms 5 rack 5 october/backend 5 org.keycloak:keycloak-services 4 com.vaadin:flow-server 4 shopware/shopware 4 simplesamlphp/simplesamlphp 4 electron 4 actionpack 4 magento/community-edition 4 github.com/mattermost/mattermost-server/v6 4 github.com/cilium/cilium 4 helm.sh/helm 4 com.vaadin:vaadin-bom 3 wagtail 3 bin-links 3 ckb 3 plone 3 github.com/cosmos/cosmos-sdk 3 sylius/sylius 3 @openzeppelin/contracts-upgradeable 3 passenger 3 httplib2 3 org.apache.hive:hive 3 ethyca-fides 3 org.apache.hive:hive-service 3 org.apache.hive:hive-exec 3 node-forge 3 glance 3 org.graylog2:graylog2-server 3 cryptography 3 go.etcd.io/etcd 3 nautobot 3 github.com/mattermost/mattermost-server 3 symfony/symfony 3 tuf 2 moin 2 @apollo/server 2 ceph-deploy 2 org.jenkins-ci.plugins:azure-ad 2 github.com/opencontainers/runc 2 tools.devnull:build-notifications 2 silverstripe/framework 2 @openzeppelin/contracts 2 craftcms/cms 2 pip 2 org.apache.activemq:activemq-parent 2 typo3/cms-frontend 2 salt 2 Flask-Security-Too 2 com.inedo.proget:inedo-proget 2 winter/wn-backend-module 2 braces 2 django 2 org.jenkins-ci.plugins:bigpanda-jenkins 2 node-ipc 2 github.com/sigstore/cosign 2 org.jenkins-ci.plugins:ec2 2 Django 2 github.com/answerdev/answer 2 github.com/containerd/containerd 2 next-auth 2 github.com/authzed/spicedb 2 Pillow 2 ezsystems/ezpublish-kernel 2 org.eclipse.jetty:jetty-server 2 cargo 2 s2n-quic 2 vantage6 2 horizon 2 symfony/security-http 2 org.xwiki.platform:xwiki-platform-oldcore 2 github.com/mattermost/mattermost-plugin-jira 2 october/cms 2 com.ruoyi:ruoyi 2 Nova 2 activesupport 2 parse-server 2 flarum/core 2 org.jenkins-ci.plugins:artifactory 2 github.com/ntbosscher/gobase 2 langchain 2 nokogiri 2 org.jenkins-ci.plugins:wso2id-oauth 2 keystone 2 microweber/microweber 2 github.com/cometbft/cometbft 2 gilacms/gila 2 github.com/hashicorp/nomad 2 OctoPrint 2 Zope 2 grumpydictator/firefly-iii 2 aiohttp 2 typo3/cms-install 2 github.com/mutagen-io/mutagen 2 ezsystems/ezplatform-kernel 2 Flask-AppBuilder 2 org.jenkins-ci.plugins:mercurial 2 org.jenkins-ci.plugins:repository-connector 2 org.bouncycastle:bcprov-jdk14 2 go.etcd.io/etcd/client/v3 2 fast-xml-parser 1 org.scala-sbt:io_3 1 org.wiremock:wiremock-standalone 1 github.com/oauth2-proxy/oauth2-proxy 1 ajenti 1 org.jenkins-ci.plugins:snsnotify 1 org.wiremock:wiremock 1 org.scala-sbt:io_2.13 1 org.scala-sbt:io_2.12 1 com.github.tomakehurst:wiremock-jre8 1 com.github.tomakehurst:wiremock-jre8-standalone 1 es5-ext 1 org.scala-sbt:sbt 1 wiremock 1 org.xwiki.platform:xwiki-platform-security-authentication-script 1 github.com/nats-io/nats-server/v2 1 rabbit_common 1 org.keycloak:keycloak-core 1 github.com/oauth2-proxy/oauth2-proxy/v7 1 hyper 1 org.jenkins-ci.plugins:openshift-deployer 1 @diez/generation 1 @liquity/contracts 1 github.com/Masterminds/goutils 1 qutebrowser 1 automad/automad 1 mindspore 1 go.elastic.co/apm 1 kafo 1 net.sf.mpxj:mpxj 1 net.sf.mpxj 1 net.sf.mpxj-for-csharp 1 net.sf.mpxj-for-vb 1 mpxj 1 keylime 1 kimai/kimai 1 zerocopy 1 francoisjacquet/rosariosis 1 RPLY 1 seneca 1 hooka-tools 1 org.bouncycastle:bcprov-jdk15to18 1 org.bouncycastle:bcprov-jdk13 1 org.bouncycastle:bcprov-jdk12 1 io.jenkins.plugins:gitlab-branch-source 1 org.springframework.batch:spring-batch-core 1 org.jenkins-ci.plugins:ghprb 1 com.xuxueli:xxl-job-core 1 virtualenv 1 com.typesafe.play:play 1 ember-source 1 @aedart/support 1 streamlit 1 org.jenkins-ci.plugins:reverse-proxy-auth-plugin 1 thelounge 1 flarum/framework 1 Werkzeug 1 django-basic-auth-ip-whitelist 1 github.com/canonical/lxd 1 markdown-link-extractor 1 github.com/flyteorg/flyteadmin 1 plone.restapi 1 datasette-graphql 1 org.keycloak:keycloak-server-spi-private 1 spina 1 admidio/admidio 1 phpmyfaq/phpmyfaq 1 solidus_backend 1 debug 1 org.keycloak:keycloak-parent 1 org.xmlunit:xmlunit-core 1 github.com/consensys/gnark-crypto 1 github.com/tendermint/tendermint 1 github.com/aws/aws-sdk-go 1 github.com/goharbor/harbor 1
Filter by Repository
https://github.com/tensorflow/tensorflow 109 https://github.com/moodle/moodle 17 https://github.com/concretecms/concretecms 13 https://github.com/shopware/platform 12 https://github.com/openstack/nova 11 https://github.com/etcd-io/etcd 8 https://github.com/umbraco/Umbraco-CMS 7 https://github.com/matrix-org/synapse 7 https://github.com/phpmyadmin/phpmyadmin 7 https://github.com/eclipse/jetty.project 7 https://github.com/vyperlang/vyper 7 https://github.com/octobercms/october 7 https://github.com/rails/rails 6 https://github.com/sweetalert2/sweetalert2 5 https://github.com/nodejs/undici 5 https://github.com/rack/rack 5 https://github.com/ansible/ansible 5 https://github.com/helm/helm 5 https://github.com/kubernetes/kubernetes 5 https://github.com/keycloak/keycloak 5 https://github.com/bytecodealliance/wasmtime 5 https://github.com/baserproject/basercms 5 https://github.com/TYPO3/typo3 5 https://github.com/xwiki/xwiki-platform 5 https://github.com/puppetlabs/puppet 5 https://github.com/jenkinsci/jenkins 5 https://github.com/simplesamlphp/simplesamlphp 4 https://github.com/apache/tomcat 4 https://github.com/cilium/cilium 4 https://github.com/wintercms/winter 4 https://github.com/shopware/shopware 4 https://github.com/electron/electron 4 https://github.com/mattermost/mattermost 4 https://github.com/vaadin/platform 4 https://github.com/django/django 3 https://github.com/cosmos/cosmos-sdk 3 https://github.com/ethyca/fides 3 https://github.com/nautobot/nautobot 3 https://github.com/symfony/symfony 3 https://github.com/pyca/cryptography 3 https://github.com/vaadin/flow 3 https://github.com/Sylius/Sylius 3 https://github.com/httplib2/httplib2 3 https://github.com/openstack/keystone 3 https://github.com/vantage6/vantage6 3 https://github.com/wagtail/wagtail 3 https://github.com/CVEProject/cvelist 3 https://github.com/phusion/passenger 3 https://github.com/nervosnetwork/ckb 3 https://github.com/Graylog2/graylog2-server 3 https://github.com/digitalbazaar/forge 3 https://github.com/apollographql/apollo-server 2 https://github.com/flarum/framework 2 https://github.com/rust-lang/cargo 2 https://github.com/aws/s2n-quic 2 https://github.com/nextauthjs/next-auth 2 https://github.com/apache/activemq 2 https://github.com/quarkusio/quarkus 2 https://github.com/saltstack/salt 2 https://github.com/jenkinsci/ec2-plugin 2 https://github.com/ezsystems/ezplatform-kernel 2 https://github.com/openstack/glance 2 https://github.com/ntbosscher/gobase 2 https://github.com/sparklemotion/nokogiri 2 https://github.com/craftcms/cms 2 https://github.com/nats-io/nats-server 2 https://github.com/ceph/ceph-deploy 2 https://github.com/microweber/microweber 2 https://github.com/aio-libs/aiohttp 2 https://github.com/zopefoundation/Zope 2 https://github.com/octoprint/octoprint 2 https://github.com/cometbft/cometbft 2 https://github.com/GilaCMS/gila 2 https://github.com/containerd/containerd 2 https://github.com/RIAEvangelist/node-ipc 2 https://github.com/openstack/horizon 2 https://github.com/sigstore/cosign 2 https://github.com/parse-community/parse-server 2 https://github.com/theupdateframework/python-tuf 2 https://gitlab.com/sequoia-pgp/sequoia 2 https://github.com/firefly-iii/firefly-iii 2 https://github.com/Flask-Middleware/flask-security 2 https://github.com/TYPO3/TYPO3.CMS 2 https://github.com/mutagen-io/mutagen 2 https://github.com/mattermost/mattermost-plugin-jira 2 https://github.com/dpgaspar/Flask-AppBuilder 2 https://github.com/hashicorp/nomad 2 https://github.com/bcgit/bc-java 2 https://github.com/micromatch/braces 2 https://github.com/pypa/pip 2 https://github.com/opencontainers/runc 2 https://github.com/answerdev/answer 2 https://github.com/authzed/spicedb 2 https://github.com/OpenZeppelin/openzeppelin-contracts 2 https://github.com/opencontainers/distribution-spec 2 https://github.com/brefphp/bref 1 https://github.com/swagger-api/swagger-codegen 1 https://github.com/fastify/fastify-http-proxy 1 https://github.com/joeferner/redis-commander 1 https://github.com/thelounge/thelounge 1 https://github.com/knative-extensions/eventing-github 1 https://github.com/dojo/dijit 1 https://github.com/PHPMailer/PHPMailer 1 https://github.com/personnummer/csharp 1 https://github.com/Consensys/gnark-crypto 1 https://github.com/httpie/httpie 1 https://github.com/waysact/webpack-subresource-integrity 1 https://github.com/keystonejs/keystone 1 https://github.com/plone/Products.CMFPlone 1 https://github.com/jenkinsci/mercurial-plugin 1 https://github.com/canonical/lxd 1 https://github.com/yiisoft/yii2-authclient 1 https://github.com/google/zerocopy 1 https://github.com/ezsystems/ezpublish-kernel 1 https://github.com/tinymce/tinymce 1 https://github.com/NVIDIA/NeMo 1 https://github.com/vapor/postgres-nio 1 https://github.com/jquery-validation/jquery-validation 1 https://github.com/Azure/setup-kubectl 1 https://github.com/theupdateframework/go-tuf 1 https://github.com/croogo/croogo 1 https://github.com/derbyjs/derby 1 https://github.com/puma/puma 1 https://github.com/endojs/endo 1 https://github.com/moq/moq 1 https://github.com/rails/globalid 1 https://github.com/medikoo/es5-ext 1 https://github.com/jenkinsci/email-ext-plugin 1 https://github.com/python-imaging/Pillow 1 https://github.com/jenkinsci/qmetry-for-jira-test-management-plugin 1 https://github.com/Cyber-Domain-Ontology/CDO-Utility-Local-UUID 1 https://github.com/simplegeo/python-oauth2 1 https://github.com/decidim/decidim 1 https://github.com/spinacms/spina 1 https://github.com/keylime/keylime 1 https://github.com/vega/vega 1 https://github.com/Masterminds/goutils 1 https://github.com/skylot/jadx 1 https://github.com/cloudfoundry/uaa 1 https://github.com/directus/directus 1 https://github.com/Twipped/ircdkit 1 https://github.com/electron-userland/electron-packager 1 https://github.com/ktorio/ktor 1 https://github.com/PrestaShop/productcomments 1 https://github.com/mlflow/mlflow 1 https://github.com/kopia/kopia 1 https://github.com/fluent/fluentd 1 https://github.com/jcubic/jquery.terminal 1 https://github.com/lexik/LexikJWTAuthenticationBundle 1 https://github.com/kitabisa/teler 1 https://github.com/firebase/firebase-tools 1 https://github.com/jeremylong/DependencyCheck 1 https://github.com/tauri-apps/tauri 1 https://github.com/node-red/node-red 1 https://github.com/ubernostrum/django-registration 1 https://github.com/personnummer/php 1 https://github.com/openjdk/jfx 1 https://github.com/livehelperchat/livehelperchat 1 https://github.com/CosmWasm/cosmwasm 1 https://github.com/cjvnjde/google-translate-api-browser 1 https://github.com/floriangaerber/Magnesium-PHP 1 https://github.com/zowe/imperative 1 https://github.com/jenkinsci/digitalocean-plugin 1 https://github.com/jenkinsci/inedo-buildmaster-plugin 1 https://github.com/onionshare/onionshare 1 https://github.com/sparklemotion/sqlite3-ruby 1 https://github.com/memorysafety/sudo-rs 1 https://github.com/ericcornelissen/shescape 1 https://github.com/alphagov/tech-docs-gem 1 https://github.com/tailscale/tailscale 1 https://github.com/Nebulosus/shamir 1 https://github.com/ajenti/ajenti 1 https://github.com/xuxueli/xxl-job 1 https://github.com/yourls/yourls 1 https://github.com/bbatsov/rubocop 1 https://github.com/dan1hc/fgr 1 https://github.com/jenkinsci/github-plugin 1 https://github.com/kiwitcms/Kiwi 1 https://github.com/gradle/gradle 1 https://gitlab.com/edneville/please 1 https://github.com/xmlunit/xmlunit 1 https://github.com/octokit/octopoller.rb 1 https://github.com/disintegration/imaging 1 https://github.com/node-js-libs/cli 1 https://github.com/Brondahl/EnumStringValues 1 https://github.com/foxcpp/maddy 1 https://github.com/jenkinsci/git-client-plugin 1 https://github.com/personnummer/go 1 https://github.com/amundsen-io/amundsenfrontendlibrary 1 https://github.com/elastic/apm-agent-go 1 https://github.com/rust-vmm/linux-loader 1 https://github.com/jenkinsci/resource-disposer-plugin 1 https://github.com/zopefoundation/Products.GenericSetup 1 https://github.com/npm/npm 1 https://github.com/triaxtec/openapi-python-client 1 https://github.com/arguiot/EyeJS 1 https://github.com/dub-flow/vulnerability-research 1 https://github.com/jenkinsci/gitlab-plugin 1 https://github.com/impredicative/bitlyshortener 1