Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

High Security Advisories

Loading...
High
GSA_kwCzR0hTQS0ycmg1LWp2Z3gtcGd3M80VwQ
Any storage file can be downloaded from p.sh if full server path is known
Ecosystems: packagist
Packages: ezsystems/ezplatform
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
High
GSA_kwCzR0hTQS1xbWgyLWg3cjYtZ202cc4AAb0w
Client BlockTokens not checked in Apache Hadoop
Ecosystems: maven
Packages: org.apache.hadoop:hadoop-client
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTQ4dnEtOGpxdi1nbTZm
Remote memory exhaustion in ckb
Ecosystems: cargo
Packages: ckb
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
High
GSA_kwCzR0hTQS14OWpwLTR3OG0tNGYzY84AArfm
Cross Site Scripting vulnerability in django-jsonform's admin form.
Ecosystems: pypi
Packages: django-jsonform
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
High
GSA_kwCzR0hTQS12ampmLTNydmctZ3Yzds4AAd0E
Dulwich Buffer Overflow when handling pack files
Ecosystems: pypi
Packages: dulwich
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1taGZ2LThyYzktdzM4Y801_g
Arbitrary shell execution
Ecosystems: packagist
Packages: squizlabs/php_codesniffer
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS04NDZnLXA3aG0tZjU0cs4AA7Ba
AWS Amplify CLI has incorrect trust policy management
Ecosystems: npm
Packages: @aws-amplify/cli
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 25 days ago
High
GSA_kwCzR0hTQS12eGYyLTdyYzMtcHhteM1vqQ
Cheetah Path Search Order Hijacking
Ecosystems: pypi
Packages: cheetah
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXIydnctamdxOS1qcXgy
Improper Authorization in @sap-cloud-sdk/core
Ecosystems: npm
Packages: @sap-cloud-sdk/core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTIzdnctbWh2NS1ncnY1
Denial of Service in @hapi/hapi
Ecosystems: npm
Packages: @hapi/hapi
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXhyNTMtbTkzNy1qcjlj
Cross-Site Scripting in ngx-md
Ecosystems: npm
Packages: ngx-md
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTUzM3AtZzJocS1xcjI2
Command Injection in treekill
Ecosystems: npm
Packages: treekill
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTczdjgtdjZnNC12cnBt
Arbitrary File Overwrite in decompress-zip
Ecosystems: npm
Packages: decompress-zip
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTg4NHAtNzRqaC14cmcy
Command Injection in tree-kill
Ecosystems: npm
Packages: tree-kill
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWpyajktNXFwNi0ydjhx
Machine-In-The-Middle in airtable
Ecosystems: npm
Packages: airtable
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXA5NHctNDJnMy1mN2g0
Holder can (re)create authentic credentials after receiving a credential in vp-toolkit
Ecosystems: npm
Packages: vp-toolkit
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 4 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTgzcHEtNDY2ai1mYzZq
Prototype Pollution in sahmat
Ecosystems: npm
Packages: sahmat
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXFjY2YtcTdwNC0zcTNq
Prototype Pollution in safe-object2
Ecosystems: npm
Packages: safe-object2
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLThqNDktNDlqcS12d2Nx
Prototype Pollution in getsetdeep
Ecosystems: npm
Packages: getsetdeep
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
High
GSA_kwCzR0hTQS1xZjg3LXE0Z2ctY2c0M84AAxgj
bottlerocket dependency openssl is vulnerable to dereferenced null pointers
Ecosystems: cargo
Packages: bottlerocket/update-operator
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJycXYtdmpydy1ocmNy
Arbitrary Code Execution in json-ptr
Ecosystems: npm
Packages: json-ptr
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 3 years ago
High
GSA_kwCzR0hTQS1xcnFxLTljNjMteGZyZ84AAt79
tower-http's improper validation of Windows paths could lead to directory traversal attack
Ecosystems: cargo
Packages: tower-http
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXBocGgteHBqNC13dmN2
Cross-Site Scripting in hexo-admin
Ecosystems: npm
Packages: hexo-admin
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW1oNWMtNjc5dy1oaDRy
Denial of Service in mongodb
Ecosystems: npm
Packages: mongodb
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
High
GSA_kwCzR0hTQS04bXY1LTd4OTUtN3djZs4AArsr
`mopa` is technically unsound
Ecosystems: cargo
Packages: mopa
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWh2NHctamhjai02d2Z3
Cross-Site Scripting in snekserve
Ecosystems: npm
Packages: snekserve
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWh2eHEtajJyNC00am04
Regular Expression Denial of Service in sql-injection
Ecosystems: npm
Packages: sql-injection
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTRyZ2otOG1xMy1oZ2dq
Denial of Service in @hapi/subtext
Ecosystems: npm
Packages: @hapi/subtext
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWc5d2ctd3E0Zi0yeDV3
Cross-Site Scripting in console-feed
Ecosystems: npm
Packages: console-feed
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJtbWMtOGNxai1oZnAz
Authentication Bypass in otpauth
Ecosystems: npm
Packages: otpauth
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXY3Y3AtNTMyNi01NGZo
Path Traversal in bruteser
Ecosystems: npm
Packages: bruteser
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWg3MjYteDM2di1yeDQ1
Prototype Pollution in lodash.merge
Ecosystems: npm
Packages: lodash.merge
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLThtZ2ctNXg2NS1tNG00
Command Injection in soletta-dev-app
Ecosystems: npm
Packages: soletta-dev-app
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTRxOGYtNXh4ai05NDZy
Command Injection in addax
Ecosystems: npm
Packages: addax
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW14bWotODRxOC0zNHI3
Command Injection in expressfs
Ecosystems: npm
Packages: expressfs
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXY4NngtZjQ3cS1mN2Y0
Unauthorized File Access in atompm
Ecosystems: npm
Packages: atompm
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
High
GSA_kwCzR0hTQS04djVwLTJjcHYtYzJ4Ns1l6A
Apache Tomcat Source Code Disclosure
Ecosystems: maven
Packages: org.apache.tomcat:tomcat
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXIzN2gtajQ4My1jampt
Improper rate limiting in Koel
Ecosystems: packagist
Packages: phanan/koel
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTQ0dmYtOGZmbS12MnFo
Sensitive Data Exposure in rails-session-decoder
Ecosystems: npm
Packages: rails-session-decoder
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTlwNjQtaDVxNC1waHBt
Remote Code Execution in office-converter
Ecosystems: npm
Packages: office-converter
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW01Y2gtZ3g4Zy1yZzcz
Remote Code Execution in pomelo-monitor
Ecosystems: npm
Packages: pomelo-monitor
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJwY2ctZjlxNi0ybXE2
Remote Code Execution via traversal in TAL expressions
Ecosystems: pypi
Packages: Zope
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 3 years ago
High
GSA_kwCzR0hTQS13dmh4LXE0MjctZmdoM84AA7xy
Arbitrary HTML present after sanitization because of unicode normalization
Ecosystems: pypi
Packages: html-sanitizer
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 5 days ago
High
GSA_kwCzR0hTQS1mMjJqLTM3amotY3h3Oc4AAe6U
SaltStack MITM SSH attack in salt-ssh
Ecosystems: pypi
Packages: salt
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
High
GSA_kwCzR0hTQS05MmoyLTVyN3AtNmhqd84AAcqh
Restlet is vulnerable to Arbitrary Java Code Execution via crafted XML
Ecosystems: maven
Packages: org.restlet.jse:org.restlet
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJ4ODMtcjU2Zy1jdjQ3
Improper certificate validation in org.apache.httpcomponents:httpclient
Ecosystems: maven
Packages: org.apache.httpcomponents:httpclient
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXh4NjgtamZjZy14bW1m
Commons FileUpload Denial of service vulnerability
Ecosystems: maven
Packages: org.apache.tomcat:tomcat, commons-fileupload:commons-fileupload
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 5 years ago
High
GSA_kwCzR0hTQS1ocjhnLWY2cjYtbXIyMs4AArN6
Buffer over-flow in Pillow
Ecosystems: pypi
Packages: Pillow
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
High
GSA_kwCzR0hTQS00MzdwLXF3OTUtd3Fxcs4AAa6S
Trac vulnerable to denial of service
Ecosystems: pypi
Packages: Trac
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWdxNjctcHA5dy00M2dw
Cryptographically weak CSRF tokens in Apache MyFaces
Ecosystems: maven
Packages: org.apache.myfaces.core:myfaces-core-module
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTlwMnctcm14NC05bXc3
Command Injection in strapi
Ecosystems: npm
Packages: strapi
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXh3NzktaGh2Ni01Nzhj
Cross-Site Scripting in serve
Ecosystems: npm
Packages: serve
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWptZ3ctNnZqZy1qandn
actionpack Improper Input Validation vulnerability
Ecosystems: rubygems
Packages: actionpack
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 6 years ago
High
GSA_kwCzR0hTQS1oZmcyLXdmNmoteDUzcM4AAXh2
SQLAlchemy vulnerable to SQL injection
Ecosystems: pypi
Packages: SQLAlchemy
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTVwcTgtMnEyNC1tajNw
Downloads Resources over HTTP in fis-parser-sass-bin
Ecosystems: npm
Packages: fis-parser-sass-bin
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTVybTMtcWh4Zi1yaDNy
Downloads Resources over HTTP in co-cli-installer
Ecosystems: npm
Packages: co-cli-installer
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXA5cG0tNTV2cC0yanF3
Downloads Resources over HTTP in soci
Ecosystems: npm
Packages: soci
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 5 years ago
High
GSA_kwCzR0hTQS00ajVqLTU4ajctNmMzd84AAdzt
Dulwich Arbitrary code execution via commit with directory path starting with .git
Ecosystems: pypi
Packages: dulwich
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
High
GSA_kwCzR0hTQS03d3gzLXZyMmYtNnAyOc4AAe6H
SaltStack Privilege Escalation vulnerability
Ecosystems: pypi
Packages: salt
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWozY3ItajlqeC1tZjRw
Downloads Resources over HTTP in redis-srvr
Ecosystems: npm
Packages: redis-srvr
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 5 years ago
High
GSA_kwCzR0hTQS04bWo3LXd4bWMtZjQyNM4AArsu
Use after free in Neon external buffers
Ecosystems: cargo
Packages: neon
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1oZjI2LXZ2bXgteDhjOM2qvQ
Plone Arbitrary Code Execution via Unsafe Handling of Pickles
Ecosystems: pypi
Packages: plone
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS1xODlnLTR2aGgtbXZ2bc4AArsz
Incorrect Lifetime Bounds on Closures in `rusqlite`
Ecosystems: cargo
Packages: rusqlite
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTY3Y3gtcmhocS1tZmhx
High severity vulnerability that affects indico
Ecosystems: pypi
Packages: indico
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 4 years ago
High
GSA_kwCzR0hTQS1mZjJ3LXdtNDgtamhxas4AA5Yj
Arbitrary File Read Vulnerability in Apache Dolphinscheduler
Ecosystems: maven
Packages: org.apache.dolphinscheduler:dolphinscheduler
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 months ago
High
GSA_kwCzR0hTQS1tNDNwLTU1cmYtOGMyas4AA5ZF
Deserialization of Untrusted Data in Apache Camel CassandraQL
Ecosystems: maven
Packages: org.apache.camel:camel-cassandraql
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
High
GSA_kwCzR0hTQS1qajIzLWZqMnYtbTg3Ms3QuA
MoinMoin Improper Access Control vulnerability
Ecosystems: pypi
Packages: moin
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS01ampyLWdtcTMtZjk4Ns3U0Q
MoinMoin has improper default configuration
Ecosystems: pypi
Packages: moin
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS1xdjk4LTMzNjktZzM2NM4AAuzr
KubeVirt vulnerable to arbitrary file read on host
Ecosystems: go
Packages: kubevirt.io/kubevirt
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXBjaGMtOTQ5Zi01M201
Improper Input Validation in multi_xml
Ecosystems: rubygems
Packages: multi_xml
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 6 years ago
High
GSA_kwCzR0hTQS1mZ2gzLXB3bXAtM3F3M84AA73r
Apache Inlong Deserialization of Untrusted Data vulnerability
Ecosystems: maven
Packages: org.apache.inlong:manager-pojo
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 days ago
High
GSA_kwCzR0hTQS14NW03LXJ3Zngtdzdxbc4AArmG
Remote Code Execution in Apache Flume
Ecosystems: maven
Packages: org.apache.flume.flume-ng-sources:flume-jms-source
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
High
GSA_kwCzR0hTQS05NHZjLXA4dzctNXA0Oc4AA2QD
Bundled libwebp in imagecodecs vulnerable
Ecosystems: pypi
Packages: imagecodecs
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 7 months ago
High
GSA_kwCzR0hTQS13d2ZoLTI4aHgtdzJyMs4AAdeo
Joomla! Framework Remote Code Injection Vulnerability
Ecosystems: packagist
Packages: joomla/session
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
High
GSA_kwCzR0hTQS0zNnhyLTR4MmYtY2ZqOc4AA5ZD
Deserialization of Untrusted Data in Apache Camel SQL
Ecosystems: maven
Packages: org.apache.camel:camel-sql
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJ4dmotajNxaC14OGMz
private_address_check contains race condition
Ecosystems: rubygems
Packages: private_address_check
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 6 years ago
High
GSA_kwCzR0hTQS00OHI5LTR2OTMteDR3aM4AAfr2
DOMPDF Remote File Inclusion Vulnerability
Ecosystems: packagist
Packages: dompdf/dompdf
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
High
GSA_kwCzR0hTQS03anJwLXI2angtMzJjd81JdA
MoinMoin allows administrative access
Ecosystems: pypi
Packages: Moin
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS05NzYzLTRmOTQtZ2ZjaM4AA4Ql
CIRCL's Kyber: timing side-channel (kyberslash2)
Ecosystems: go
Packages: github.com/cloudflare/circl
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 months ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWdoMnctajdjeC0yNjY0
Active Record contains SQL Injection
Ecosystems: rubygems
Packages: activerecord
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 6 years ago
High
GSA_kwCzR0hTQS1wcTY3LTlqZjktaGMzY84AA03-
JDBC URL bypassing by allowLoadLocalInfileInPath param
Ecosystems: maven
Packages: org.apache.inlong:manager-pojo
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 10 months ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTV2ajgtM3YyaC1oMzh2
Remote Code Execution in next
Ecosystems: npm
Packages: next
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
High
GSA_kwCzR0hTQS1nOGZjLXZyY2ctOHZqZ84AA7BP
Constallation has pods exposed to peers in VPC
Ecosystems: go
Packages: github.com/edgelesssys/constellation/v2
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 25 days ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJmbWYtcng4dy05MzV3
Sounder Contains Arbitrary Command Execution Vulnerability
Ecosystems: rubygems
Packages: sounder
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 6 years ago
High
GSA_kwCzR0hTQS1qcjIyLThxZ20tNHE4N84AA5s3
phpseclib does not properly limit the ASN1 OID length
Ecosystems: packagist
Packages: phpseclib/phpseclib
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 months ago
High
GSA_kwCzR0hTQS13NnJwLXZ4ajItZmpocs4AA2us
Cosmos packet-forward-middleware vulnerable to chain-halt
Ecosystems: go
Packages: github.com/cosmos/ibc-apps/middleware/packet-forward-middleware/v6, github.com/cosmos/ibc-apps/middleware/packet-forward-middleware/v5, github.com/cosmos/ibc-apps/middleware/packet-forward-middleware/v4
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 7 months ago
High
GSA_kwCzR0hTQS03M3YyLXJ4cXAtN3E0Zs4AA6dc
aliyundrive-webdav vulnerable to Command Injection
Ecosystems: pypi, cargo
Packages: aliyundrive-webdav
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 month ago
High
GSA_kwCzR0hTQS1oZzM1LW1wMjUtcWY2aM4AA5sw
phpseclib a large prime can cause a denial of service
Ecosystems: packagist
Packages: phpseclib/phpseclib
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 months ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJ3dmotamdjNC1mcXE1
Downloads Resources over HTTP in cobalt-cli
Ecosystems: npm
Packages: cobalt-cli
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 5 years ago
High
GSA_kwCzR0hTQS05cXdnLWNyZzktbTJ2Y84AAyUK
`openssl` `SubjectAlternativeName` and `ExtendedKeyUsage::other` allow arbitrary file read
Ecosystems: cargo
Packages: openssl
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWo0bXItOXh3My1jOWp4
Out-of-bounds Read in base64-url
Ecosystems: npm
Packages: base64-url
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTRqNTktaGZ3Ni02dzdo
Downloads Resources over HTTP in cmake
Ecosystems: npm
Packages: cmake
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW1ncjItM21wdi00M2dj
Downloads Resources over HTTP in openframe-image
Ecosystems: npm
Packages: openframe-image
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTRjY2Mtam0ycC12ZzNw
Downloads Resources over HTTP in windows-latestchromedriver
Ecosystems: npm
Packages: windows-latestchromedriver
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXA3MnAtcmpyMi1yNDM5
Server-Side Request Forgery in terriajs-server
Ecosystems: npm
Packages: terriajs-server
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWh4eDYtcDI0di13Zzhj
Curl Gem insufficient URL escaping command injection
Ecosystems: rubygems
Packages: curl
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 6 years ago
High
GSA_kwCzR0hTQS02Y3BqLTNnODMtcTJqNM4AAes6
Improper Restriction of XML External Entity Reference in Apache Solr
Ecosystems: maven
Packages: org.apache.solr:solr-core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZtaHctZmhqNi1tM2c1
Path Traversal in angular-http-server
Ecosystems: npm
Packages: angular-http-server
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTdmcWotY2c3OS1mMnB2
Thumbshooter vulnerable to Code Injection
Ecosystems: rubygems
Packages: thumbshooter
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 6 years ago
High
GSA_kwCzR0hTQS1ncWNmLTgzcnEtZ3Bmcs0VwA
Any storage file can be downloaded from p.sh if full server path is known
Ecosystems: packagist
Packages: ibexa/post-install
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
Statistics
Advisories: 18,438
Packages: 8,316
Repositories: 2,448
Ecosystems: 12
Filter by Severity
Moderate 7,962 High 6,379 Critical 2,816 Low 990
Filter by Ecosystem
maven 1,876 npm 1,407 pypi 1,183 packagist 1,024 nuget 786 go 690 cargo 324 rubygems 284 swift 16 hex 9 actions 8 pub 4
Filter by Package
Microsoft.ChakraCore 234 tensorflow 107 tensorflow-cpu 95 tensorflow-gpu 93 magento/community-edition 55 org.jenkins-ci.main:jenkins-core 48 moodle/moodle 44 com.fasterxml.jackson.core:jackson-databind 43 org.apache.tomcat:tomcat 33 dolibarr/dolibarr 31 drupal/core 28 microweber/microweber 27 pimcore/pimcore 27 nokogiri 25 drupal/drupal 24 org.apache.struts:struts2-core 23 phpmyadmin/phpmyadmin 23 com.thoughtworks.xstream:xstream 22 typo3/cms 22 opencv-contrib-python 22 opencv-python 22 Pillow 21 com.jfinal:jfinal 21 ansible 20 salt 20 github.com/rancher/rancher 19 django 19 thorsten/phpmyfaq 19 typo3/cms-core 18 librenms/librenms 18 org.jenkins-ci.plugins:script-security 18 mlflow 17 pocketmine/pocketmine-mp 17 openssl-src 17 symfony/symfony 16 org.apache.tomcat.embed:tomcat-embed-core 16 apache-airflow 16 getgrav/grav 15 nilsteampassnet/teampass 15 parse-server 15 rdiffweb 15 centreon/centreon 14 Microsoft.AspNetCore.App.Runtime.win-x86 14 Plone 14 Microsoft.AspNetCore.App.Runtime.win-x64 14 vyper 14 net.mingsoft:ms-mcms 14 github.com/hashicorp/consul 14 golang.org/x/net 13 rubygems-update 13 github.com/usememos/memos 13 Microsoft.AspNetCore.App.Runtime.win-arm 13 baserproject/basercms 12 activerecord 12 Microsoft.AspNetCore.App.Runtime.win-arm64 12 Microsoft.AspNetCore.App.Runtime.linux-arm 12 Microsoft.AspNetCore.App.Runtime.linux-musl-arm64 12 electron 12 Microsoft.AspNetCore.App.Runtime.linux-x64 12 Microsoft.AspNetCore.App.Runtime.linux-musl-x64 12 org.apache.openmeetings:openmeetings-parent 12 org.keycloak:keycloak-core 12 Microsoft.AspNetCore.App.Runtime.linux-arm64 12 Microsoft.AspNetCore.App.Runtime.osx-x64 12 github.com/nats-io/nats-server/v2 11 mautic/core 11 github.com/hashicorp/vault 11 io.undertow:undertow-core 11 intelliants/subrion 11 org.keycloak:keycloak-parent 11 actionpack 11 github.com/argoproj/argo-cd 11 github.com/hashicorp/nomad 10 org.springframework.security:spring-security-core 10 openmage/magento-lts 10 org.xwiki.platform:xwiki-platform-oldcore 10 org.apache.nifi:nifi 10 shopware/platform 10 froxlor/froxlor 10 matrix-synapse 10 cockpit-hq/cockpit 10 cobbler 10 org.apache.solr:solr-core 9 ckb 9 org.apache.geode:geode-core 9 org.cloudfoundry.identity:cloudfoundry-identity-server 9 org.bouncycastle:bcprov-jdk14 9 org.apache.hadoop:hadoop-main 9 craftcms/cms 9 rusqlite 9 Django 9 github.com/ethereum/go-ethereum 9 mercurial 9 org.apache.struts.xwork:xwork-core 9 Microsoft.NetCore.App.Runtime.win-x86 9 Microsoft.NetCore.App.Runtime.win-arm 9 Microsoft.NetCore.App.Runtime.win-x64 9 Microsoft.NetCore.App.Runtime.win-arm64 9 org.bouncycastle:bcprov-jdk15 8 shopware/core 8 Microsoft.AspNetCore.App.Runtime.linux-musl-arm 8 october/system 8 org.keycloak:keycloak-services 8 Microsoft.NETCore.App.Runtime.win-x86 8 Microsoft.NETCore.App.Runtime.win-x64 8 gradio 8 Microsoft.NETCore.App.Runtime.win-arm64 8 github.com/sylabs/singularity 8 deno 7 smarty/smarty 7 org.craftercms:crafter-studio 7 apache-superset 7 org.eclipse.jetty:jetty-server 7 pillow 7 symfony/security 7 snipe/snipe-it 7 com.liferay.portal:release.portal.bom 7 phpmailer/phpmailer 7 org.jenkins-ci.plugins.workflow:workflow-cps-global-lib 7 cakephp/cakephp 7 next 7 org.apache.inlong:manager-pojo 7 org.elasticsearch:elasticsearch 7 org.jenkins-ci.plugins.workflow:workflow-cps 7 cn.hutool:hutool-core 7 strapi 7 github.com/docker/docker 7 codeigniter4/framework 7 org.apache.commons:commons-compress 7 com.xuxueli:xxl-job 7 DotNetNuke.Core 7 keystone 7 tar 7 gogs.io/gogs 7 org.springframework:spring-core 7 magento/core 7 contao/core-bundle 6 contao/contao 6 k8s.io/kubernetes 6 Microsoft.AspNetCore.App.Runtime.osx-arm64 6 guzzlehttp/guzzle 6 express-cart 6 sequelize 6 github.com/hyperledger/fabric 6 Microsoft.AspNetCore.All 6 istio.io/istio 6 github.com/zitadel/zitadel 6 symfony/security-http 6 waitress 6 de.tum.in.ase:artemis-java-test-sandbox 6 prestashop/prestashop 6 org.apache.tika:tika-core 6 npm 6 rack 6 composer/composer 6 Microsoft.NETCore.App 6 @strapi/strapi 6 opencv-contrib-python-headless 6 opencv-python-headless 6 org.apache.cxf:cxf 6 org.apache.tomcat:tomcat-coyote 6 @openzeppelin/contracts 6 github.com/traefik/traefik/v2 6 golang.org/x/crypto 6 org.apache.camel:camel-core 6 github.com/gravitl/netmaker 6 wwbn/avideo 6 laravel/framework 6 cryptography 6 sized-chunks 6 kiwitcms 6 handlebars 6 Microsoft.WindowsDesktop.App.Runtime.win-x86 5 Microsoft.WindowsDesktop.App.Runtime.win-x64 5 zope 5 org.apache.mesos:mesos 5 OPCFoundation.NetStandard.Opc.Ua.Core 5 org.xwiki.platform:xwiki-platform-web 5 getkirby/cms 5 code.gitea.io/gitea 5 org.apache.dolphinscheduler:dolphinscheduler 5 serve 5 pear/archive_tar 5 genix/cms 5 org.apache.tomcat:tomcat-catalina 5 nautobot 5 twisted 5 passenger 5 forkcms/forkcms 5 github.com/IBAX-io/go-ibax 5 Microsoft.AspNetCore.App 5 github.com/nats-io/jwt 5 phpbb/phpbb 5 org.apache.xmlgraphics:batik 5 ua-parser-js 5 CefSharp.Common 5 matrix-js-sdk 5 statamic/cms 5 @openzeppelin/contracts-upgradeable 5 github.com/opencontainers/runc 5
Filter by Repository
https://github.com/chakra-core/ChakraCore 204 https://github.com/tensorflow/tensorflow 107 https://github.com/xwiki/xwiki-platform 48 https://github.com/FasterXML/jackson-databind 44 https://github.com/jenkinsci/jenkins 36 https://github.com/apache/tomcat 34 https://github.com/python-pillow/Pillow 26 https://github.com/microweber/microweber 25 https://github.com/apache/airflow 25 https://github.com/pimcore/pimcore 25 https://github.com/moodle/moodle 24 https://github.com/django/django 23 https://github.com/x-stream/xstream 22 https://github.com/apache/struts 22 https://github.com/keycloak/keycloak 22 https://github.com/opencv/opencv 21 https://github.com/sparklemotion/nokogiri 20 https://github.com/Dolibarr/dolibarr 19 https://github.com/thorsten/phpmyfaq 18 https://github.com/dotnet/runtime 17 https://github.com/pmmp/PocketMine-MP 17 https://github.com/rancher/rancher 16 https://github.com/spring-projects/spring-framework 16 https://github.com/symfony/symfony 16 https://github.com/parse-community/parse-server 15 https://github.com/ikus060/rdiffweb 15 https://github.com/ansible/ansible 15 https://github.com/apache/inlong 14 https://github.com/github/advisory-database 14 https://github.com/librenms/librenms 14 https://github.com/vyperlang/vyper 14 https://github.com/jenkinsci/script-security-plugin 13 https://github.com/getgrav/grav 13 https://github.com/usememos/memos 13 https://github.com/mlflow/mlflow 12 https://github.com/rails/rails 12 https://github.com/mautic/mautic 11 https://github.com/hashicorp/consul 11 https://github.com/apache/nifi 11 https://github.com/electron/electron 11 https://github.com/octobercms/october 10 https://github.com/OpenMage/magento-lts 10 https://github.com/argoproj/argo-cd 10 https://github.com/go-gitea/gitea 10 https://github.com/centreon/centreon 10 https://github.com/cui2shark/cms 9 https://github.com/kubernetes/kubernetes 9 https://github.com/nervosnetwork/ckb 9 https://github.com/cloudfoundry/uaa 9 https://github.com/nilsteampassnet/teampass 9 https://github.com/golang/go 9 https://github.com/strapi/strapi 9 https://github.com/apache/camel 9 https://github.com/rusqlite/rusqlite 9 https://github.com/TYPO3/TYPO3.CMS 8 https://github.com/denoland/deno 8 https://github.com/cobbler/cobbler 8 https://github.com/nats-io/nats-server 8 https://github.com/shopware/platform 8 https://github.com/cockpit-hq/cockpit 8 https://github.com/matrix-org/synapse 8 https://github.com/gradio-app/gradio 8 https://github.com/bcgit/bc-java 8 https://github.com/eclipse/jetty.project 7 https://github.com/DSpace/DSpace 7 https://github.com/hashicorp/vault 7 https://github.com/apache/activemq 7 https://github.com/plone/Products.CMFPlone 7 https://github.com/spring-projects/spring-security 7 https://github.com/PHPMailer/PHPMailer 7 https://github.com/rubygems/rubygems 7 https://github.com/netty/netty 7 https://github.com/apache/cxf 7 https://github.com/snipe/snipe-it 7 https://github.com/dotnet/aspnetcore 7 https://github.com/undertow-io/undertow 7 https://github.com/phpmyadmin/phpmyadmin 6 https://github.com/intelliants/subrion 6 https://github.com/npm/node-tar 6 https://github.com/DrunkenShells/Disclosures 6 https://github.com/bodil/sized-chunks 6 https://github.com/saltstack/salt 6 https://github.com/opencast/opencast 6 https://github.com/pyca/cryptography 6 https://github.com/openstack/keystone 6 https://github.com/zitadel/zitadel 6 https://github.com/WWBN/AVideo 6 https://github.com/TYPO3/typo3 6 https://github.com/xuxueli/xxl-job 6 https://github.com/kiwitcms/Kiwi 6 https://github.com/dromara/hutool 6 https://github.com/ls1intum/Ares 6 https://github.com/smarty-php/smarty 6 https://github.com/backstage/backstage 6 https://github.com/CVEProject/cvelist 6 https://github.com/sequelize/sequelize 6 https://github.com/guzzle/guzzle 6 https://github.com/magento/magento2 6 https://github.com/contao/contao 6 https://github.com/Pylons/waitress 6 https://github.com/gravitl/netmaker 6 https://github.com/PaddlePaddle/Paddle 6 https://github.com/OpenZeppelin/openzeppelin-contracts 6 https://github.com/nilsteampassnet/TeamPass 6 https://github.com/hyperledger/fabric 6 https://github.com/OPCFoundation/UA-.NETStandard 6 https://github.com/froxlor/froxlor 6 https://github.com/istio/istio 6 https://github.com/dnnsoftware/Dnn.Platform 6 https://github.com/OpenNMS/opennms 6 https://github.com/ethereum/go-ethereum 5 https://github.com/docker/docker 5 https://github.com/apache/hadoop 5 https://github.com/protocolbuffers/protobuf 5 https://github.com/forkcms/forkcms 5 https://github.com/gogs/gogs 5 https://github.com/zopefoundation/Zope 5 https://github.com/geoserver/geoserver 5 https://github.com/apache/xmlgraphics-batik 5 https://github.com/cakephp/cakephp 5 https://github.com/traefik/traefik 5 https://github.com/BlackFan/client-side-prototype-pollution 5 https://github.com/apache/kylin 5 https://github.com/PrestaShop/PrestaShop 5 https://github.com/drupal/core 5 https://github.com/composer/composer 5 https://github.com/directus/directus 5 https://github.com/laravel/framework 5 https://github.com/faisalman/ua-parser-js 5 https://github.com/hpcng/singularity 5 https://github.com/cilium/cilium 5 https://github.com/nautobot/nautobot 5 https://github.com/vercel/next.js 5 https://github.com/apache/dolphinscheduler 5 https://github.com/aubio/aubio 5 https://github.com/twisted/twisted 5 https://github.com/IBAX-io/go-ibax 5 https://github.com/matrix-org/matrix-js-sdk 5 https://github.com/cefsharp/CefSharp 5 https://github.com/getkirby/kirby 5 https://github.com/codeigniter4/CodeIgniter4 5 https://github.com/answerdev/answer 5 https://github.com/pear/Archive_Tar 5 https://github.com/apache/geode 4 https://github.com/wixtoolset/issues 4 https://github.com/containers/buildah 4 https://github.com/baserproject/basercms 4 https://github.com/Codiad/Codiad 4 https://github.com/npm/cli 4 https://github.com/phpseclib/phpseclib 4 https://github.com/jeecgboot/jeecg-boot 4 https://github.com/ericcornelissen/shescape 4 https://github.com/opencontainers/runc 4 https://github.com/jnqnfe/pulse-binding-rust 4 https://github.com/jhipster/generator-jhipster 4 https://github.com/RaspAP/raspap-webgui 4 https://github.com/hashicorp/nomad 4 https://github.com/bolt/bolt 4 https://github.com/totaljs/framework 4 https://github.com/cloudflare/cfrpki 4 https://github.com/containers/podman 4 https://github.com/quarkusio/quarkus 4 https://github.com/tidwall/gjson 4 https://github.com/livehelperchat/livehelperchat 4 https://github.com/jenkinsci/workflow-cps-global-lib-plugin 4 https://github.com/vantage6/vantage6 4 https://github.com/free5gc/free5gc 4 https://github.com/kubernetes/ingress-nginx 4 https://github.com/ethyca/fides 4 https://github.com/igniterealtime/Openfire 4 https://github.com/PrismJS/prism 4 https://github.com/pgadmin-org/pgadmin4 4 https://github.com/jettison-json/jettison 4 https://github.com/ckeditor/ckeditor4 4 https://github.com/Froxlor/Froxlor 4 https://github.com/playframework/playframework 4 https://github.com/pimcore/admin-ui-classic-bundle 4 https://github.com/restlet/restlet-framework-java 4 https://github.com/statamic/cms 4 https://github.com/apple/swift-nio-http2 4 https://github.com/0xJacky/nginx-ui 4 https://github.com/fiveai/Cachet 4 https://github.com/surrealdb/surrealdb 4 https://github.com/scrapy/scrapy 4 https://github.com/libp2p/go-libp2p 4 https://github.com/cri-o/cri-o 4 https://github.com/centreon/centreon-archived 4 https://github.com/nightcloudos/new_cms 4 https://github.com/yiisoft/yii2 4 https://github.com/handlebars-lang/handlebars.js 3 https://github.com/containous/traefik 3 https://github.com/sveltejs/kit 3 https://github.com/matrix-org/matrix-react-sdk 3 https://github.com/decidim/decidim 3 https://github.com/rack/rack 3 https://github.com/inventree/InvenTree 3 https://github.com/siderolabs/talos 3 https://sourceforge.net/projects/phpmyadmin.sourceforge.net 3 https://github.com/django-helpdesk/django-helpdesk 3