Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

High Security Advisories

Loading...
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJtOGgtZmdyOC0ycTl3
Pivotal Spring Framework Paths provided to the ResourceServlet were not properly sanitized
Ecosystems: maven
Packages: org.springframework:spring-webmvc
Source: GitHub Advisory Database
Blast Radius: 40.2
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZnODctZmY5cS12ODQ3
websockets is vulnerable to denial of service by memory exhaustion
Ecosystems: pypi
Packages: websockets
Source: GitHub Advisory Database
Blast Radius: 33.6
Published: over 5 years ago
High
GSA_kwCzR0hTQS1tdjJ3LTRqcWMtNmZnNM0yoA
Command injection in libvcs and vcspull
Ecosystems: pypi
Packages: vcspull, libvcs
Source: GitHub Advisory Database
Blast Radius: 5.7
Published: about 2 years ago
High
GSA_kwCzR0hTQS1oMmc1LTJyaHgtZmZnas0wSw
Command injection in Weblate
Ecosystems: pypi
Packages: Weblate
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXhycjQtNzRtYy1ycGpj
Pyro mishandles pid files in temporary directory locations and opening the pid file as root
Ecosystems: pypi
Packages: pyro
Source: GitHub Advisory Database
Blast Radius: 7.8
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJtMzktNjJmbS1xOHIz
Regular Expression Denial of Service in sshpk
Ecosystems: npm
Packages: sshpk
Source: GitHub Advisory Database
Blast Radius: 27.1
Published: over 5 years ago
High
GSA_kwCzR0hTQS1ndzVoLWg2aGotZjU2Z80ymw
Gogs vulnerable to improper PAM authorization handling
Ecosystems: go
Packages: gogs.io/gogs
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLThnZzYtM3I2My0yNW04
git-fastclone permits arbitrary shell command execution from .gitmodules
Ecosystems: rubygems
Packages: git-fastclone
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW01aDYtaHIzcS0yMmg1
npm Token Leak in npm
Ecosystems: npm
Packages: npm
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 6 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTgzMmgteGc3Ni00Z3Y2
ReDoS in brace-expansion
Ecosystems: npm
Packages: brace-expansion
Source: GitHub Advisory Database
Blast Radius: 45.9
Published: over 6 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLThqamYtdzdqNi0zMjNj
Samlify vulnerable to Authentication Bypass by allowing tokens to be reused with different usernames
Ecosystems: npm
Packages: samlify
Source: GitHub Advisory Database
Blast Radius: 17.1
Published: over 6 years ago
High
GSA_kwCzR0hTQS14Mjh3LWh2d2MtbXA3Nc0yEQ
Static Code Injection in Microweber
Ecosystems: packagist
Packages: microweber/microweber
Source: GitHub Advisory Database
Blast Radius: 5.4
Published: about 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXhmOTYtMzJxMi05cncy
Rails ActiveRecord gem vulnerable to SQL injection
Ecosystems: rubygems
Packages: activerecord
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 6 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXE5N3YtNzY0Zy1yMnJw
gollum and gollum-lib allow remote authenticated users to execute arbitrary code
Ecosystems: rubygems
Packages: gollum-lib, gollum
Source: GitHub Advisory Database
Blast Radius: 26.3
Published: over 6 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZtMjgtbXJtNy1mcGpx
sfpagent Command Injection vulnerability
Ecosystems: rubygems
Packages: sfpagent
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 6 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWhqY3AtajM4OS01OWZm
Regular Expression Denial of Service in marked
Ecosystems: npm
Packages: marked
Source: GitHub Advisory Database
Blast Radius: 42.5
Published: over 6 years ago
High
GSA_kwCzR0hTQS1tM2NxLXhjeDktM2d2bc4AAweX
kyverno verifyImages rule bypass possible with malicious proxy/registry
Ecosystems: go
Packages: github.com/kyverno/kyverno
Source: GitHub Advisory Database
Blast Radius: 9.8
Published: over 1 year ago
High
GSA_kwCzR0hTQS1nOWhnLXg5YzktN3hncs4AAmvU
XXE vulnerability in Jenkins CVS Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:cvs
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
High
GSA_kwCzR0hTQS04aDQzLXhnNWctOWNqN84AAwnh
Microweber vulnerable to unrestricted malicious uploads
Ecosystems: packagist
Packages: microweber/microweber
Source: GitHub Advisory Database
Blast Radius: 5.0
Published: over 1 year ago
High
GSA_kwCzR0hTQS1xZzY2LXh2N3YtbTgzNM4AAl8l
Stored XSS vulnerability in computer-queue-plugin Plugin
Ecosystems: maven
Packages: jenkins.ci.plugins.computerqueue:computer-queue-plugin
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
High
GSA_kwCzR0hTQS12M2M1LWpxcjYtN3FtOM4AAwjq
Python Charmers Future denial of service vulnerability
Ecosystems: pypi
Packages: future
Source: GitHub Advisory Database
Blast Radius: 36.8
Published: over 1 year ago
High
GSA_kwCzR0hTQS03cmYzLW1xcHgtaDd4Z84AAwSP
Jettison Out-of-bounds Write vulnerability
Ecosystems: maven
Packages: org.codehaus.jettison:jettison
Source: GitHub Advisory Database
Blast Radius: 29.9
Published: over 1 year ago
High
GSA_kwCzR0hTQS04Z2g4LWhxd2cteGYzNM4AAwl1
Starcounter-Jack JSON-Patch Prototype Pollution vulnerability
Ecosystems: npm
Packages: fast-json-patch
Source: GitHub Advisory Database
Blast Radius: 31.9
Published: over 1 year ago
High
GSA_kwCzR0hTQS1qNXA3LWpmNHEtNzQycc4AAwnP
markdown-it vulnerable to Inefficient Regular Expression Complexity
Ecosystems: npm
Packages: markdown-it
Source: GitHub Advisory Database
Blast Radius: 39.8
Published: over 1 year ago
High
GSA_kwCzR0hTQS13ZjMzLTZ4MzMtd2NmOc4AAwnp
rdiffweb vulnerable to Authentication Bypass by Primary Weakness
Ecosystems: pypi
Packages: rdiffweb
Source: GitHub Advisory Database
Blast Radius: 3.4
Published: over 1 year ago
High
GSA_kwCzR0hTQS1wNmZnLTcyM2YtaGdwd84AAwot
shiyanhui/dht vulnerable to Uncontrolled Resource Consumption
Ecosystems: go
Packages: github.com/shiyanhui/dht
Source: GitHub Advisory Database
Blast Radius: 10.5
Published: over 1 year ago
High
GSA_kwCzR0hTQS1xOXFyLWp3cHctM3F2ds4AAwoY
Golf may allow attacker to bypass CSRF protections due to weak PRNG
Ecosystems: go
Packages: github.com/dinever/golf
Source: GitHub Advisory Database
Blast Radius: 7.4
Published: over 1 year ago
High
GSA_kwCzR0hTQS1ycTJ3LTM3aDktdmc5NM4AAwuy
Apache Tomcat improperly escapes input from JsonErrorReportValve
Ecosystems: maven
Packages: org.apache.tomcat:tomcat-util, org.apache.tomcat:tomcat-catalina, org.apache.tomcat.embed:tomcat-embed-core
Source: GitHub Advisory Database
Blast Radius: 31.1
Published: over 1 year ago
High
GSA_kwCzR0hTQS12cGZqLTVnZzUtZnZmbc4AAjxu
XXE vulnerability in Jenkins Cobertura Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:cobertura
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
High
GSA_kwCzR0hTQS04N21tLXF4bTUtY3AzZs4AAwos
go-resolver vulnerable to attacker-controlled domains due to unvalidated RRSIG RRs
Ecosystems: go
Packages: github.com/peterzen/goresolver
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
High
GSA_kwCzR0hTQS1wZnByLTM0NjMtYzZqaM4AAw1C
ruby-git has potential remote code execution vulnerability
Ecosystems: rubygems
Packages: git
Source: GitHub Advisory Database
Blast Radius: 34.4
Published: over 1 year ago
High
GSA_kwCzR0hTQS00anJtLWMzMngtdzRqZs4AAw3Y
convict vulnerable to Prototype Pollution
Ecosystems: npm
Packages: convict
Source: GitHub Advisory Database
Blast Radius: 28.6
Published: over 1 year ago
High
GSA_kwCzR0hTQS04ZjdmLXZxZzUtanJ2Oc4AAw3c
.NET Denial of Service Vulnerability
Ecosystems: nuget
Packages: Microsoft.NetCore.App.Runtime.win-x86, Microsoft.NetCore.App.Runtime.win-x64, Microsoft.NetCore.App.Runtime.win-arm64, Microsoft.NetCore.App.Runtime.win-arm, Microsoft.NetCore.App.Runtime.osx-x64, Microsoft.NetCore.App.Runtime.osx-arm64, Microsoft.NetCore.App.Runtime.linux-x64, Microsoft.NetCore.App.Runtime.linux-musl-x64, Microsoft.NetCore.App.Runtime.linux-musl-arm64, Microsoft.NetCore.App.Runtime.linux-musl-arm, Microsoft.NetCore.App.Runtime.linux-arm64, Microsoft.NetCore.App.Runtime.linux-arm
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
High
GSA_kwCzR0hTQS1xdjY2LWY4NzYtdmp2cs4AAw6F
skeemas Inefficient Regular Expression Complexity vulnerability
Ecosystems: npm
Packages: skeemas
Source: GitHub Advisory Database
Blast Radius: 13.9
Published: over 1 year ago
High
GSA_kwCzR0hTQS02bTdjLTQ1ZmYtMzMyOM4AAwuL
FrameworkUserBundle Generates Error Message Containing Sensitive Information
Ecosystems: packagist
Packages: sumocoders/framework-user-bundle
Source: GitHub Advisory Database
Blast Radius: 4.5
Published: over 1 year ago
High
GSA_kwCzR0hTQS13eGdoLThnbXItM3FoM84AAwzL
terminal-kit Inefficient Regular Expression Complexity vulnerability
Ecosystems: npm
Packages: terminal-kit
Source: GitHub Advisory Database
Blast Radius: 23.2
Published: over 1 year ago
High
GSA_kwCzR0hTQS1jM2NnLW12NXctY3Z3OM4AAjkk
XXE vulnerability in FitNesse Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:fitnesse
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1xcmc3LWhmeDctOTVjNc4AAxJC
Command injection in Git package in Wrangler
Ecosystems: go
Packages: github.com/rancher/wrangler
Source: GitHub Advisory Database
Blast Radius: 20.3
Published: over 1 year ago
High
GSA_kwCzR0hTQS1tYzUyLWpwbTItY3FoNs4AAxFx
Deno is vulnerable to race condition via interactive permission prompt spoofing
Ecosystems: cargo
Packages: deno
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
High
GSA_kwCzR0hTQS02NWY1LW1mcGYtdmZoas4AAxDt
Denial of service via header parsing in Rack
Ecosystems: rubygems
Packages: rack
Source: GitHub Advisory Database
Blast Radius: 45.1
Published: over 1 year ago
High
GSA_kwCzR0hTQS1xOTVoLWNxcnYtOGp2Nc4AAxGB
ExifTool vulnerable to arbitrary code execution
Ecosystems: rubygems
Packages: exiftool_vendored
Source: GitHub Advisory Database
Blast Radius: 12.5
Published: over 1 year ago
High
GSA_kwCzR0hTQS1nM3B2LXBqNWYtM2hmcc4AAxCV
mechanize Regular Expression Denial of Service vulnerability
Ecosystems: pypi
Packages: mechanize
Source: GitHub Advisory Database
Blast Radius: 23.7
Published: over 1 year ago
High
GSA_kwCzR0hTQS1xNzltLWM1NDYtMmc2M84AAxG-
CakePHP vulnerable to Denial of Service attack through XML payloads
Ecosystems: packagist
Packages: cakephp/cakephp
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
High
GSA_kwCzR0hTQS00Mzh4LTJwOXYtZzhoOc4AArCm
Camaleon CMS Insufficient Session Expiration vulnerability
Ecosystems: rubygems
Packages: camaleon_cms
Source: GitHub Advisory Database
Blast Radius: 11.3
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1maGc3LW04OXEtMjVyM84AAxIw
ReDoS Vulnerability in ua-parser-js version
Ecosystems: npm
Packages: ua-parser-js
Source: GitHub Advisory Database
Blast Radius: 45.0
Published: over 1 year ago
High
GSA_kwCzR0hTQS1jcHgzLTkzdzctNDU3eM4AAvlf
Ansible leaks password to logs
Ecosystems: pypi
Packages: ansible
Source: GitHub Advisory Database
Blast Radius: 31.3
Published: over 1 year ago
High
GSA_kwCzR0hTQS1oNjMyLXA3NjQtcGpxbc4AAxOZ
DataFlow upload remote code execution vulnerability
Ecosystems: packagist
Packages: openmage/magento-lts
Source: GitHub Advisory Database
Blast Radius: 10.7
Published: over 1 year ago
High
GSA_kwCzR0hTQS02OWYyLTQzNzUtcXY5aM4AAxMO
Command injection in smartctl
Ecosystems: npm
Packages: smartctl
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
High
GSA_kwCzR0hTQS02NXJwLW1ocWYtOGdqM84AAxy9
rangy vulnerable to Prototype Pollution
Ecosystems: npm
Packages: rangy
Source: GitHub Advisory Database
Blast Radius: 21.8
Published: about 1 year ago
High
GSA_kwCzR0hTQS05aGhjLXBqNHctdzVyds4AAx5K
Keycloak Cross-site Scripting on OpenID connect login service
Ecosystems: maven
Packages: org.keycloak:keycloak-parent
Source: GitHub Advisory Database
Blast Radius: 13.1
Published: about 1 year ago
High
GSA_kwCzR0hTQS01Y2Y4LXZycjgtOGhqbc4AAx7N
XWiki Platform packages Expose Sensitive Information to an Unauthorized Actor
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-wiki-ui-mainwiki, org.xwiki.platform:xwiki-platform-livetable-ui
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
High
GSA_kwCzR0hTQS01Zzk3LXdoYzktOGc3as4AAx8P
node-static and @nubosoftware/node-static vulnerable to Directory Traversal
Ecosystems: npm
Packages: @nubosoftware/node-static, node-static
Source: GitHub Advisory Database
Blast Radius: 36.8
Published: about 1 year ago
High
GSA_kwCzR0hTQS1nd2ZnLWNxbWctY2Y4Zs4AAmJ3
WEBRick vulnerable to HTTP Request/Response Smuggling
Ecosystems: rubygems
Packages: webrick
Source: GitHub Advisory Database
Blast Radius: 35.0
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1jZjQ2LTZ4eGgtcGM3Nc4AAhJV
libxslt Type Confusion vulnerability that affects Nokogiri
Ecosystems: rubygems
Packages: nokogiri
Source: GitHub Advisory Database
Blast Radius: 45.3
Published: almost 2 years ago
High
GSA_kwCzR0hTQS0zeDh4LTc5bTItM3cyd84AAyLf
jackson-databind possible Denial of Service if using JDK serialization to serialize JsonNode
Ecosystems: maven
Packages: com.fasterxml.jackson.core:jackson-databind
Source: GitHub Advisory Database
Blast Radius: 40.4
Published: about 1 year ago
High
GSA_kwCzR0hTQS1xajJ3LW13MnItcHYzOc4AATbJ
RubyGems Deserialization of Untrusted Data vulnerability
Ecosystems: maven, rubygems
Packages: org.jruby:jruby-stdlib, rubygems-update
Source: GitHub Advisory Database
Blast Radius: 28.9
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1qaDM2LXE5N2MtOTkyOM4AAx5b
Kubernetes vulnerable to validation bypass
Ecosystems: go
Packages: github.com/kubernetes/kubernetes
Source: GitHub Advisory Database
Blast Radius: 10.3
Published: about 1 year ago
High
GSA_kwCzR0hTQS1qcXY1LTd4cHgtcWo3NM4AAyEw
sqlite vulnerable to code execution due to Object coercion
Ecosystems: npm
Packages: sqlite3
Source: GitHub Advisory Database
Blast Radius: 41.8
Published: about 1 year ago
High
GSA_kwCzR0hTQS02N2c4LWM3MjQtOG1wM84AAyJ5
DDOS attack on graphql endpoints
Ecosystems: packagist
Packages: silverstripe/graphql
Source: GitHub Advisory Database
Blast Radius: 17.9
Published: about 1 year ago
High
GSA_kwCzR0hTQS14YzlwLXI1cWotOHhtOc4AAyK5
Improper quoting of columns when calling methods "getByUuid" & "exists" on UUID Model
Ecosystems: packagist
Packages: pimcore/pimcore
Source: GitHub Advisory Database
Blast Radius: 19.7
Published: about 1 year ago
High
GSA_kwCzR0hTQS04bXc4LWo1ODMtdnFmZ81ADQ
RubyGems passenger gem allows remote attackers to delete files
Ecosystems: rubygems
Packages: passenger
Source: GitHub Advisory Database
Blast Radius: 26.4
Published: about 2 years ago
High
GSA_kwCzR0hTQS05MzI0LWp2NTMtOWNjOM4AAyNs
dio vulnerable to CRLF injection with HTTP method string
Ecosystems: pub
Packages: dio
Source: GitHub Advisory Database
Blast Radius: 32.7
Published: about 1 year ago
High
GSA_kwCzR0hTQS01bXFqLXhjNDktMjQ2cM4AAyO-
crewjam/saml vulnerable to Denial Of Service Via Deflate Decompression Bomb
Ecosystems: go
Packages: github.com/crewjam/saml
Source: GitHub Advisory Database
Blast Radius: 21.4
Published: about 1 year ago
High
GSA_kwCzR0hTQS1xanFjLXZxY2YtNXF2as4AAyUD
TensorFlow vulnerable to seg fault in `tf.raw_ops.Print`
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 36.5
Published: about 1 year ago
High
GSA_kwCzR0hTQS1nZjk3LXE3Mm0tNzU3Oc4AAyT2
TensorFlow has Null Pointer Error in RandomShuffle with XLA enable
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 36.5
Published: about 1 year ago
High
GSA_kwCzR0hTQS03eDR2LTlneGctOWh3as4AAyT1
TensorFlow has Segfault in Bincount with XLA
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 36.5
Published: about 1 year ago
High
GSA_kwCzR0hTQS02NDd2LXI3cXEtMjRmaM4AAyT3
TensorFlow has Floating Point Exception in TensorListSplit with XLA
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 36.5
Published: about 1 year ago
High
GSA_kwCzR0hTQS01dzk2LTg2NmYtNnJtOM4AAyTy
TensorFlow has Floating Point Exception in TFLite in conv kernel
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 36.5
Published: about 1 year ago
High
GSA_kwCzR0hTQS1tOHE5LTd2MmYtcWp4Oc4AAyj4
thorsten/phpmyfaq vulnerable to stored cross-site scripting (XSS) via artlang parameter
Ecosystems: packagist
Packages: thorsten/phpmyfaq
Source: GitHub Advisory Database
Blast Radius: 5.0
Published: about 1 year ago
High
GSA_kwCzR0hTQS1oaGptLW1wbWYtY3hnOc4AAyj1
Microweber vulnerable to stored cross-site scripting (XSS) via X-Forwarded-For header
Ecosystems: packagist
Packages: microweber/microweber
Source: GitHub Advisory Database
Blast Radius: 5.2
Published: about 1 year ago
High
GSA_kwCzR0hTQS0yeDljLXF3Z2YtOTR4cs4AAyX5
matrix-react-sdk Prototype pollution vulnerability
Ecosystems: npm
Packages: matrix-react-sdk
Source: GitHub Advisory Database
Blast Radius: 13.6
Published: about 1 year ago
High
GSA_kwCzR0hTQS03ajk4LWg3ZnAtNHZ3as4AAyaT
smarty Cross-site Scripting vulnerability in Javascript escaping
Ecosystems: packagist
Packages: smarty/smarty
Source: GitHub Advisory Database
Blast Radius: 23.9
Published: about 1 year ago
High
GSA_kwCzR0hTQS0yd2NyLTg3d2YtY2Y5as4AAyds
Kiwi TCMS Stored Cross-site Scripting via SVG file
Ecosystems: pypi
Packages: kiwitcms
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
High
GSA_kwCzR0hTQS04NXBmLXI0YzctM2o5cs4AAyn4
Apache Airflow Drill Provider vulnerable to improper input validation
Ecosystems: pypi
Packages: apache-airflow-providers-apache-drill
Source: GitHub Advisory Database
Blast Radius: 3.6
Published: about 1 year ago
High
GSA_kwCzR0hTQS1mZmo5LTRjcmMtcTd3Zs4AAyn3
Apache Airflow Spark Provider vulnerable to improper input validation
Ecosystems: pypi
Packages: apache-airflow-providers-apache-spark
Source: GitHub Advisory Database
Blast Radius: 13.8
Published: about 1 year ago
High
GSA_kwCzR0hTQS00ZzNqLWM0d2ctNmo3eM4AAyyP
Snowflake JDBC vulnerable to command injection via SSO URL authentication
Ecosystems: maven
Packages: net.snowflake:snowflake-jdbc
Source: GitHub Advisory Database
Blast Radius: 21.0
Published: about 1 year ago
High
GSA_kwCzR0hTQS03djJ2LTlybTQtN204Zs4AAy1O
Improper Control of Generation of Code in Twig rendered views
Ecosystems: packagist
Packages: shopware/core, shopware/platform
Source: GitHub Advisory Database
Blast Radius: 21.8
Published: about 1 year ago
High
GSA_kwCzR0hTQS05M2hxLTV3Z2MtamM4Ms4AAy45
GovernorCompatibilityBravo may trim proposal calldata
Ecosystems: npm
Packages: @openzeppelin/contracts-upgradeable, @openzeppelin/contracts
Source: GitHub Advisory Database
Blast Radius: 40.0
Published: about 1 year ago
High
GSA_kwCzR0hTQS05MzljLTNnOTctdnB2ds4AAy-V
Access control issues in blackbox_exporter
Ecosystems: go
Packages: github.com/prometheus/blackbox_exporter
Source: GitHub Advisory Database
Blast Radius: 9.2
Published: about 1 year ago
High
GSA_kwCzR0hTQS14djgzLXg0NDMtN3Jtd84AAy9h
HTML injection in search results via plaintext message highlighting
Ecosystems: npm
Packages: matrix-react-sdk
Source: GitHub Advisory Database
Blast Radius: 15.5
Published: about 1 year ago
High
GSA_kwCzR0hTQS1waDl4LTR2YzktbTM5Z84AAzUF
Vyper vulnerable to incorrect ordering of arguments for kwargs passed to internal calls
Ecosystems: pypi
Packages: vyper
Source: GitHub Advisory Database
Blast Radius: 17.8
Published: 12 months ago
High
GSA_kwCzR0hTQS0yOTN2LTUzMjktMzZ3cM4AAzHj
MCMS vulnerable to arbitrary code execution via crafted thumbnail
Ecosystems: maven
Packages: net.mingsoft:ms-mcms
Source: GitHub Advisory Database
Blast Radius: 2.6
Published: about 1 year ago
High
GSA_kwCzR0hTQS1qaDg1LXd3djktMjRods4AAzV0
Any file can be included with the pymdown-snippets extension
Ecosystems: pypi
Packages: pymdown-extensions
Source: GitHub Advisory Database
Blast Radius: 29.5
Published: 12 months ago
High
GSA_kwCzR0hTQS00eHFxLTczd2ctNW1qcM4AAzUr
git-url-parse Regular Expression Denial of Service
Ecosystems: pypi
Packages: git-url-parse
Source: GitHub Advisory Database
Blast Radius: 19.6
Published: 12 months ago
High
GSA_kwCzR0hTQS1jcW1qLTkyeGYtcjZyOc4AAzcU
Insufficient validation when decoding a Socket.IO packet
Ecosystems: npm
Packages: socket.io-parser
Source: GitHub Advisory Database
Blast Radius: 44.5
Published: 12 months ago
High
GSA_kwCzR0hTQS13N2p3LXE0ZmctcWM0Y84AAzdN
nfpm has incorrect default permissions
Ecosystems: go
Packages: github.com/goreleaser/nfpm, github.com/goreleaser/nfpm/v2
Source: GitHub Advisory Database
Blast Radius: 24.8
Published: 12 months ago
High
GSA_kwCzR0hTQS0yZnFtLW00cjItZmg5OM4AAzr5
kiwitcms vulnerable to stored cross-site scripting via unrestricted file upload
Ecosystems: pypi
Packages: kiwitcms
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 11 months ago
High
GSA_kwCzR0hTQS01NDloLXI3ZzktMnFwZs4AAzft
n158 vulnerable to Command Injection due to improper input sanitization in the 'module.exports' function
Ecosystems: npm
Packages: n158
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: 12 months ago
High
GSA_kwCzR0hTQS03eHB2LTRwbTkteGNoMs4AAznN
mx-chain-go does not treat invalid transaction with wrong username correctly
Ecosystems: go
Packages: github.com/multiversx/mx-chain-go
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 11 months ago
High
GSA_kwCzR0hTQS01Y3I5LTVqeDMtMmczOc4AAzrM
avo vulnerable to Stored XSS (Cross Site Scripting) in html content based fields
Ecosystems: rubygems
Packages: avo
Source: GitHub Advisory Database
Blast Radius: 10.7
Published: 11 months ago
High
GSA_kwCzR0hTQS00YzMyLXc2YzctNzd4NM4AAzpH
SQL injection when using MySQL/PostgreSQL data checking
Ecosystems: go
Packages: github.com/megaease/easeprobe
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 11 months ago
High
GSA_kwCzR0hTQS1xY20zLXZmcTUtd2ZyMs4AAzr_
RedCloth Regular Expression Denial of Service issue
Ecosystems: rubygems
Packages: RedCloth
Source: GitHub Advisory Database
Blast Radius: 32.8
Published: 11 months ago
High
GSA_kwCzR0hTQS1oNTN3LTdxdzctdmg1Y84AAzxg
Snowflake NodeJS Driver vulnerable to Command Injection
Ecosystems: npm
Packages: snowflake-sdk
Source: GitHub Advisory Database
Blast Radius: 24.9
Published: 11 months ago
High
GSA_kwCzR0hTQS03bTJ3LTlndzctYzN4cM31tA
open-uri-cached Gem for Ruby Unsafe Temporary File Creation Enables Code Execution
Ecosystems: rubygems
Packages: open-uri-cached
Source: GitHub Advisory Database
Blast Radius: 22.0
Published: almost 2 years ago
High
GSA_kwCzR0hTQS00aG05LTg0NGotam14cM4AAhJW
Uninitialized read in Nokogiri gem
Ecosystems: rubygems
Packages: nokogiri
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
High
GSA_kwCzR0hTQS02cW1mLW1tYzctNmMycM4AAz3D
NuGet Client Remote Code Execution Vulnerability
Ecosystems: nuget
Packages: NuGet.Protocol, NuGet.Common, NuGet.CommandLine, NuGet.Commands, NuGet.PackageManagement, Microsoft.Build.NuGetSdkResolver
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 11 months ago
High
GSA_kwCzR0hTQS1qeDdxLXh4bXctNDR2Zs4AAz3G
.NET Elevation of Privilege Vulnerability
Ecosystems: nuget
Packages: Microsoft.NetCore.App.Runtime.win-x86, Microsoft.NetCore.App.Runtime.win-x64, Microsoft.NetCore.App.Runtime.win-arm64, Microsoft.NetCore.App.Runtime.win-arm, Microsoft.NetCore.App.Runtime.osx-x64, Microsoft.NetCore.App.Runtime.osx-arm64, Microsoft.NetCore.App.Runtime.linux-x64, Microsoft.NetCore.App.Runtime.linux-musl-x64, Microsoft.NetCore.App.Runtime.linux-musl-arm64, Microsoft.NetCore.App.Runtime.linux-musl-arm, Microsoft.NetCore.App.Runtime.linux-arm64, Microsoft.NetCore.App.Runtime.linux-arm
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 11 months ago
High
GSA_kwCzR0hTQS00ZzQyLWdxcmctNDYzM84AAz2O
Apache Struts vulnerable to memory exhaustion
Ecosystems: maven
Packages: org.apache.struts:struts2-core
Source: GitHub Advisory Database
Blast Radius: 28.4
Published: 11 months ago
High
GSA_kwCzR0hTQS1yNnd3LTU5NjMtN3I5Nc4AAzxC
Denial of Service via reachable assertion
Ecosystems: swift
Packages: github.com/grpc/grpc-swift
Source: GitHub Advisory Database
Blast Radius: 13.3
Published: 11 months ago
High
GSA_kwCzR0hTQS01djJoLXIyY3gtNXhnas0jVA
Inefficient Regular Expression Complexity in marked
Ecosystems: npm
Packages: marked
Source: GitHub Advisory Database
Blast Radius: 42.5
Published: over 2 years ago
Statistics
Advisories: 18,440
Packages: 8,316
Repositories: 2,448
Ecosystems: 12
Filter by Severity
Moderate 7,964 High 6,379 Critical 2,816 Low 990
Filter by Ecosystem
maven 1,876 npm 1,407 pypi 1,183 packagist 1,024 nuget 786 go 690 cargo 324 rubygems 284 swift 16 hex 9 actions 8 pub 4
Filter by Package
Microsoft.ChakraCore 234 tensorflow 107 tensorflow-cpu 95 tensorflow-gpu 93 magento/community-edition 55 org.jenkins-ci.main:jenkins-core 48 moodle/moodle 44 com.fasterxml.jackson.core:jackson-databind 43 org.apache.tomcat:tomcat 33 dolibarr/dolibarr 31 drupal/core 28 microweber/microweber 27 pimcore/pimcore 27 nokogiri 25 drupal/drupal 24 org.apache.struts:struts2-core 23 phpmyadmin/phpmyadmin 23 com.thoughtworks.xstream:xstream 22 typo3/cms 22 opencv-contrib-python 22 opencv-python 22 Pillow 21 com.jfinal:jfinal 21 ansible 20 salt 20 github.com/rancher/rancher 19 django 19 thorsten/phpmyfaq 19 typo3/cms-core 18 librenms/librenms 18 org.jenkins-ci.plugins:script-security 18 mlflow 17 pocketmine/pocketmine-mp 17 openssl-src 17 symfony/symfony 16 org.apache.tomcat.embed:tomcat-embed-core 16 apache-airflow 16 getgrav/grav 15 nilsteampassnet/teampass 15 parse-server 15 rdiffweb 15 centreon/centreon 14 Microsoft.AspNetCore.App.Runtime.win-x86 14 Plone 14 Microsoft.AspNetCore.App.Runtime.win-x64 14 vyper 14 net.mingsoft:ms-mcms 14 github.com/hashicorp/consul 14 golang.org/x/net 13 rubygems-update 13 github.com/usememos/memos 13 Microsoft.AspNetCore.App.Runtime.win-arm 13 baserproject/basercms 12 activerecord 12 Microsoft.AspNetCore.App.Runtime.win-arm64 12 Microsoft.AspNetCore.App.Runtime.linux-arm 12 Microsoft.AspNetCore.App.Runtime.linux-musl-arm64 12 electron 12 Microsoft.AspNetCore.App.Runtime.linux-x64 12 Microsoft.AspNetCore.App.Runtime.linux-musl-x64 12 org.apache.openmeetings:openmeetings-parent 12 org.keycloak:keycloak-core 12 Microsoft.AspNetCore.App.Runtime.linux-arm64 12 Microsoft.AspNetCore.App.Runtime.osx-x64 12 github.com/nats-io/nats-server/v2 11 mautic/core 11 github.com/hashicorp/vault 11 io.undertow:undertow-core 11 intelliants/subrion 11 org.keycloak:keycloak-parent 11 actionpack 11 github.com/argoproj/argo-cd 11 github.com/hashicorp/nomad 10 org.springframework.security:spring-security-core 10 openmage/magento-lts 10 org.xwiki.platform:xwiki-platform-oldcore 10 org.apache.nifi:nifi 10 shopware/platform 10 froxlor/froxlor 10 matrix-synapse 10 cockpit-hq/cockpit 10 cobbler 10 org.apache.solr:solr-core 9 ckb 9 org.apache.geode:geode-core 9 org.cloudfoundry.identity:cloudfoundry-identity-server 9 org.bouncycastle:bcprov-jdk14 9 org.apache.hadoop:hadoop-main 9 craftcms/cms 9 rusqlite 9 Django 9 github.com/ethereum/go-ethereum 9 mercurial 9 org.apache.struts.xwork:xwork-core 9 Microsoft.NetCore.App.Runtime.win-x86 9 Microsoft.NetCore.App.Runtime.win-arm 9 Microsoft.NetCore.App.Runtime.win-x64 9 Microsoft.NetCore.App.Runtime.win-arm64 9 org.bouncycastle:bcprov-jdk15 8 shopware/core 8 Microsoft.AspNetCore.App.Runtime.linux-musl-arm 8 october/system 8 org.keycloak:keycloak-services 8 Microsoft.NETCore.App.Runtime.win-x86 8 Microsoft.NETCore.App.Runtime.win-x64 8 gradio 8 Microsoft.NETCore.App.Runtime.win-arm64 8 github.com/sylabs/singularity 8 deno 7 smarty/smarty 7 org.craftercms:crafter-studio 7 apache-superset 7 org.eclipse.jetty:jetty-server 7 pillow 7 symfony/security 7 snipe/snipe-it 7 com.liferay.portal:release.portal.bom 7 phpmailer/phpmailer 7 org.jenkins-ci.plugins.workflow:workflow-cps-global-lib 7 cakephp/cakephp 7 next 7 org.apache.inlong:manager-pojo 7 org.elasticsearch:elasticsearch 7 org.jenkins-ci.plugins.workflow:workflow-cps 7 cn.hutool:hutool-core 7 strapi 7 github.com/docker/docker 7 codeigniter4/framework 7 org.apache.commons:commons-compress 7 com.xuxueli:xxl-job 7 DotNetNuke.Core 7 keystone 7 tar 7 gogs.io/gogs 7 org.springframework:spring-core 7 magento/core 7 contao/core-bundle 6 contao/contao 6 k8s.io/kubernetes 6 Microsoft.AspNetCore.App.Runtime.osx-arm64 6 guzzlehttp/guzzle 6 express-cart 6 sequelize 6 github.com/hyperledger/fabric 6 Microsoft.AspNetCore.All 6 istio.io/istio 6 github.com/zitadel/zitadel 6 symfony/security-http 6 waitress 6 de.tum.in.ase:artemis-java-test-sandbox 6 prestashop/prestashop 6 org.apache.tika:tika-core 6 npm 6 rack 6 composer/composer 6 Microsoft.NETCore.App 6 @strapi/strapi 6 opencv-contrib-python-headless 6 opencv-python-headless 6 org.apache.cxf:cxf 6 org.apache.tomcat:tomcat-coyote 6 @openzeppelin/contracts 6 github.com/traefik/traefik/v2 6 golang.org/x/crypto 6 org.apache.camel:camel-core 6 github.com/gravitl/netmaker 6 wwbn/avideo 6 laravel/framework 6 cryptography 6 sized-chunks 6 kiwitcms 6 handlebars 6 Microsoft.WindowsDesktop.App.Runtime.win-x86 5 Microsoft.WindowsDesktop.App.Runtime.win-x64 5 zope 5 org.apache.mesos:mesos 5 OPCFoundation.NetStandard.Opc.Ua.Core 5 org.xwiki.platform:xwiki-platform-web 5 getkirby/cms 5 code.gitea.io/gitea 5 org.apache.dolphinscheduler:dolphinscheduler 5 serve 5 pear/archive_tar 5 genix/cms 5 org.apache.tomcat:tomcat-catalina 5 nautobot 5 twisted 5 passenger 5 forkcms/forkcms 5 github.com/IBAX-io/go-ibax 5 Microsoft.AspNetCore.App 5 github.com/nats-io/jwt 5 phpbb/phpbb 5 org.apache.xmlgraphics:batik 5 ua-parser-js 5 CefSharp.Common 5 matrix-js-sdk 5 statamic/cms 5 @openzeppelin/contracts-upgradeable 5 github.com/opencontainers/runc 5
Filter by Repository
https://github.com/chakra-core/ChakraCore 204 https://github.com/tensorflow/tensorflow 107 https://github.com/xwiki/xwiki-platform 48 https://github.com/FasterXML/jackson-databind 44 https://github.com/jenkinsci/jenkins 36 https://github.com/apache/tomcat 34 https://github.com/python-pillow/Pillow 26 https://github.com/microweber/microweber 25 https://github.com/apache/airflow 25 https://github.com/pimcore/pimcore 25 https://github.com/moodle/moodle 24 https://github.com/django/django 23 https://github.com/x-stream/xstream 22 https://github.com/apache/struts 22 https://github.com/keycloak/keycloak 22 https://github.com/opencv/opencv 21 https://github.com/sparklemotion/nokogiri 20 https://github.com/Dolibarr/dolibarr 19 https://github.com/thorsten/phpmyfaq 18 https://github.com/dotnet/runtime 17 https://github.com/pmmp/PocketMine-MP 17 https://github.com/rancher/rancher 16 https://github.com/spring-projects/spring-framework 16 https://github.com/symfony/symfony 16 https://github.com/parse-community/parse-server 15 https://github.com/ikus060/rdiffweb 15 https://github.com/ansible/ansible 15 https://github.com/apache/inlong 14 https://github.com/github/advisory-database 14 https://github.com/librenms/librenms 14 https://github.com/vyperlang/vyper 14 https://github.com/jenkinsci/script-security-plugin 13 https://github.com/getgrav/grav 13 https://github.com/usememos/memos 13 https://github.com/mlflow/mlflow 12 https://github.com/rails/rails 12 https://github.com/mautic/mautic 11 https://github.com/hashicorp/consul 11 https://github.com/apache/nifi 11 https://github.com/electron/electron 11 https://github.com/octobercms/october 10 https://github.com/OpenMage/magento-lts 10 https://github.com/argoproj/argo-cd 10 https://github.com/go-gitea/gitea 10 https://github.com/centreon/centreon 10 https://github.com/cui2shark/cms 9 https://github.com/kubernetes/kubernetes 9 https://github.com/nervosnetwork/ckb 9 https://github.com/cloudfoundry/uaa 9 https://github.com/nilsteampassnet/teampass 9 https://github.com/golang/go 9 https://github.com/strapi/strapi 9 https://github.com/apache/camel 9 https://github.com/rusqlite/rusqlite 9 https://github.com/TYPO3/TYPO3.CMS 8 https://github.com/denoland/deno 8 https://github.com/cobbler/cobbler 8 https://github.com/nats-io/nats-server 8 https://github.com/shopware/platform 8 https://github.com/cockpit-hq/cockpit 8 https://github.com/matrix-org/synapse 8 https://github.com/gradio-app/gradio 8 https://github.com/bcgit/bc-java 8 https://github.com/eclipse/jetty.project 7 https://github.com/DSpace/DSpace 7 https://github.com/hashicorp/vault 7 https://github.com/apache/activemq 7 https://github.com/plone/Products.CMFPlone 7 https://github.com/spring-projects/spring-security 7 https://github.com/PHPMailer/PHPMailer 7 https://github.com/rubygems/rubygems 7 https://github.com/netty/netty 7 https://github.com/apache/cxf 7 https://github.com/snipe/snipe-it 7 https://github.com/dotnet/aspnetcore 7 https://github.com/undertow-io/undertow 7 https://github.com/phpmyadmin/phpmyadmin 6 https://github.com/intelliants/subrion 6 https://github.com/npm/node-tar 6 https://github.com/DrunkenShells/Disclosures 6 https://github.com/bodil/sized-chunks 6 https://github.com/saltstack/salt 6 https://github.com/opencast/opencast 6 https://github.com/pyca/cryptography 6 https://github.com/openstack/keystone 6 https://github.com/zitadel/zitadel 6 https://github.com/WWBN/AVideo 6 https://github.com/TYPO3/typo3 6 https://github.com/xuxueli/xxl-job 6 https://github.com/kiwitcms/Kiwi 6 https://github.com/dromara/hutool 6 https://github.com/ls1intum/Ares 6 https://github.com/smarty-php/smarty 6 https://github.com/backstage/backstage 6 https://github.com/CVEProject/cvelist 6 https://github.com/sequelize/sequelize 6 https://github.com/guzzle/guzzle 6 https://github.com/magento/magento2 6 https://github.com/contao/contao 6 https://github.com/Pylons/waitress 6 https://github.com/gravitl/netmaker 6 https://github.com/PaddlePaddle/Paddle 6 https://github.com/OpenZeppelin/openzeppelin-contracts 6 https://github.com/nilsteampassnet/TeamPass 6 https://github.com/hyperledger/fabric 6 https://github.com/OPCFoundation/UA-.NETStandard 6 https://github.com/froxlor/froxlor 6 https://github.com/istio/istio 6 https://github.com/dnnsoftware/Dnn.Platform 6 https://github.com/OpenNMS/opennms 6 https://github.com/ethereum/go-ethereum 5 https://github.com/docker/docker 5 https://github.com/apache/hadoop 5 https://github.com/protocolbuffers/protobuf 5 https://github.com/forkcms/forkcms 5 https://github.com/gogs/gogs 5 https://github.com/zopefoundation/Zope 5 https://github.com/geoserver/geoserver 5 https://github.com/apache/xmlgraphics-batik 5 https://github.com/cakephp/cakephp 5 https://github.com/traefik/traefik 5 https://github.com/BlackFan/client-side-prototype-pollution 5 https://github.com/apache/kylin 5 https://github.com/PrestaShop/PrestaShop 5 https://github.com/drupal/core 5 https://github.com/composer/composer 5 https://github.com/directus/directus 5 https://github.com/laravel/framework 5 https://github.com/faisalman/ua-parser-js 5 https://github.com/hpcng/singularity 5 https://github.com/cilium/cilium 5 https://github.com/nautobot/nautobot 5 https://github.com/vercel/next.js 5 https://github.com/apache/dolphinscheduler 5 https://github.com/aubio/aubio 5 https://github.com/twisted/twisted 5 https://github.com/IBAX-io/go-ibax 5 https://github.com/matrix-org/matrix-js-sdk 5 https://github.com/cefsharp/CefSharp 5 https://github.com/getkirby/kirby 5 https://github.com/codeigniter4/CodeIgniter4 5 https://github.com/answerdev/answer 5 https://github.com/pear/Archive_Tar 5 https://github.com/apache/geode 4 https://github.com/wixtoolset/issues 4 https://github.com/containers/buildah 4 https://github.com/baserproject/basercms 4 https://github.com/Codiad/Codiad 4 https://github.com/npm/cli 4 https://github.com/phpseclib/phpseclib 4 https://github.com/jeecgboot/jeecg-boot 4 https://github.com/ericcornelissen/shescape 4 https://github.com/opencontainers/runc 4 https://github.com/jnqnfe/pulse-binding-rust 4 https://github.com/jhipster/generator-jhipster 4 https://github.com/RaspAP/raspap-webgui 4 https://github.com/hashicorp/nomad 4 https://github.com/bolt/bolt 4 https://github.com/totaljs/framework 4 https://github.com/cloudflare/cfrpki 4 https://github.com/containers/podman 4 https://github.com/quarkusio/quarkus 4 https://github.com/tidwall/gjson 4 https://github.com/livehelperchat/livehelperchat 4 https://github.com/jenkinsci/workflow-cps-global-lib-plugin 4 https://github.com/vantage6/vantage6 4 https://github.com/free5gc/free5gc 4 https://github.com/kubernetes/ingress-nginx 4 https://github.com/ethyca/fides 4 https://github.com/igniterealtime/Openfire 4 https://github.com/PrismJS/prism 4 https://github.com/pgadmin-org/pgadmin4 4 https://github.com/jettison-json/jettison 4 https://github.com/ckeditor/ckeditor4 4 https://github.com/Froxlor/Froxlor 4 https://github.com/playframework/playframework 4 https://github.com/pimcore/admin-ui-classic-bundle 4 https://github.com/restlet/restlet-framework-java 4 https://github.com/statamic/cms 4 https://github.com/apple/swift-nio-http2 4 https://github.com/0xJacky/nginx-ui 4 https://github.com/fiveai/Cachet 4 https://github.com/surrealdb/surrealdb 4 https://github.com/scrapy/scrapy 4 https://github.com/libp2p/go-libp2p 4 https://github.com/cri-o/cri-o 4 https://github.com/centreon/centreon-archived 4 https://github.com/nightcloudos/new_cms 4 https://github.com/yiisoft/yii2 4 https://github.com/handlebars-lang/handlebars.js 3 https://github.com/containous/traefik 3 https://github.com/sveltejs/kit 3 https://github.com/matrix-org/matrix-react-sdk 3 https://github.com/decidim/decidim 3 https://github.com/rack/rack 3 https://github.com/inventree/InvenTree 3 https://github.com/siderolabs/talos 3 https://sourceforge.net/projects/phpmyadmin.sourceforge.net 3 https://github.com/django-helpdesk/django-helpdesk 3