Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

High Security Advisories

Loading...
High
GSA_kwCzR0hTQS02aDc4LTg1djItbW1jaM4AA5CX
PHPMailer Shell command injection
Ecosystems: packagist
Packages: phpmailer/phpmailer
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 months ago
High
GSA_kwCzR0hTQS1qd3ZqLXB3d3ctM21qNc4AA8Ir
laravel framework Unexpected database bindings via requests
Ecosystems: packagist
Packages: laravel/framework
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 days ago
High
GSA_kwCzR0hTQS1qNDk0LTd4MnYtdnZ2cM4AA0sO
mx-chain-go's relayed transactions always increment nonce
Ecosystems: go
Packages: github.com/multiversx/mx-chain-go
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 10 months ago
High
GSA_kwCzR0hTQS0zZzQzLXhmcnctcHY1bc4AA8IS
eZ Platform User data disclosure
Ecosystems: packagist
Packages: ezsystems/repository-forms
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 days ago
High
GSA_kwCzR0hTQS1tZjk4LXIyZ2YtMngzd84AAU0b
OpenStack Keystone Improper Authentication vulnerability
Ecosystems: pypi
Packages: keystone
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS02MzZqLTd4N3ItZ3Z3Ms03Uw
Old sessions not blocked by login enable function in Snipe-IT
Ecosystems: packagist
Packages: snipe/snipe-it
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS05bWp4LXdmcXAtajVwaM4AAwvv
window-control vulnerable to Command Injection due to improper input sanitization
Ecosystems: npm
Packages: window-control
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
High
GSA_kwCzR0hTQS03OTY4LWg0bTQtZ2htOc4AAxpr
No protection against brute-force attacks on login page
Ecosystems: pypi
Packages: kiwitcms
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
High
GSA_kwCzR0hTQS14aG1mLW1tdjItNGhoeM4AAu14
Go-CVSS has Out-of-bounds Read vulnerability in ParseVector function
Ecosystems: go
Packages: github.com/pandatix/go-cvss
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
High
GSA_kwCzR0hTQS1teHJ4LWZnOHAtNXA1as4AAvaq
Bifrost vulnerable to authentication check flaw that leads to authentication bypass
Ecosystems: go
Packages: github.com/brokercap/Bifrost
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJtdnEteHA0OC00Yzc3
Denial of Service in subtext
Ecosystems: npm
Packages: subtext
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWY3cDUtdzJjci03Y3A3
Puppet Improper Input Validation vulnerability
Ecosystems: rubygems
Packages: puppet
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 6 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJwY2ctZjlxNi0ybXE2
Remote Code Execution via traversal in TAL expressions
Ecosystems: pypi
Packages: Zope
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTRtcDMtMzg1ci12NjNm
Denial of service attack due to invalid JSON
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
High
GSA_kwCzR0hTQS1obTc1LTh3NmgtNGY4Zs4AA0B0
Admidio Improper Neutralization of Formula Elements in a CSV File vulnerability
Ecosystems: packagist
Packages: admidio/admidio
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 11 months ago
High
GSA_kwCzR0hTQS05Nzd2LTI5ajktOXJ4Y83UkA
MoinMoin improper sanitizes user profiles
Ecosystems: pypi
Packages: moin
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTRxMmYtOGc3NC1xbTU2
Cross-Site Scripting in takeapeek
Ecosystems: npm
Packages: takeapeek
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
High
GSA_kwCzR0hTQS0zdndyLWpqNGYtaDk4eM4AA8Hq
eZ Publish Remote code execution in file uploads
Ecosystems: packagist
Packages: ezsystems/ezpublish-kernel
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 days ago
High
GSA_kwCzR0hTQS00cmdjLTVnNnItMnJqZs4AA3q-
lakeFS logs S3 credentials in plain text
Ecosystems: go
Packages: github.com/treeverse/lakefs
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 5 months ago
High
GSA_kwCzR0hTQS1nN3BqLTN2OTctM3Z4cM4AAems
Pimcore Vulnerable to PHP Object Injection Attacks
Ecosystems: packagist
Packages: pimcore/pimcore
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWNyZjctZnZqeC04NjNx
Path Traversal in zero
Ecosystems: npm
Packages: zero
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
High
GSA_kwCzR0hTQS1ycjR4LWNyaGYtODg4Ns4AA2X5
Cache variables with the operations when transforms exist on the root level even if variables change in the further requests with the same operation
Ecosystems: npm
Packages: @graphql-mesh/runtime
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 7 months ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTN2M2MtcjV2Mi02OHBo
private_address_check contains Incomplete List of Disallowed Inputs
Ecosystems: rubygems
Packages: private_address_check
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 6 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTVnNmotOGh2NC12Zmdq
Cross-Site Scripting in node-red
Ecosystems: npm
Packages: node-red
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
High
GSA_kwCzR0hTQS03Mm02LTIzZmYtN3EyNs4AATvM
Improper Authentication in Apache WSS4J
Ecosystems: maven
Packages: org.apache.activemq:activemq-jaas, org.apache.activemq:activemq-broker
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS1jcWY3LWZmOWgtNzk2N84AAYwU
Django ReDoS in validators.URLValidator
Ecosystems: pypi
Packages: django
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTlqOHEtbTl4NS05ZzZq
Data races in async-coap
Ecosystems: cargo
Packages: async-coap
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
High
GSA_kwCzR0hTQS1mcTQyLWM1cmctOTJjMs0u1A
Vulnerable dependencies in Nokogiri
Ecosystems: rubygems
Packages: nokogiri
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXF3ajgtcDY2Mi0zbTd4
Path Traversal in localhost-now
Ecosystems: npm
Packages: localhost-now
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW1ncjItM21wdi00M2dj
Downloads Resources over HTTP in openframe-image
Ecosystems: npm
Packages: openframe-image
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWY1Y3YteHJ2OS1yOHc3
NoSQL injection in express-cart
Ecosystems: npm
Packages: express-cart
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWY5dmMtcTNoaC1xaGZ2
Content Injection in remarkable
Ecosystems: npm
Packages: remarkable
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWZqOTMtN3dtNC04eDJn
Cross-Site Scripting in jquery-mobile
Ecosystems: npm
Packages: jquery-mobile
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXdtNzctcTc0cC01NzYz
Path Traversal in superstatic
Ecosystems: npm
Packages: superstatic
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 6 years ago
High
GSA_kwCzR0hTQS1jOXI5LTNoMzgtcjd2as4AAa-U
Authenticated RCE in Zen Cart 1.5.5e
Ecosystems: packagist
Packages: zencart/zencart
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS02eHczLWNwcWotOG14cs4AAwGR
ThinkCMF Cross Site Request Forgery (CSRF) vulnerability
Ecosystems: packagist
Packages: thinkcmf/thinkcmf
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
High
GSA_kwCzR0hTQS1qaG03LTM4eGotcHZtOM4AAgFD
Cobbler is vulnerable to code injection
Ecosystems: pypi
Packages: cobbler
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS13NHE0LWpjbTctZzRtNs4AArr5
Insufficiently Protected Credentials in PowerJob
Ecosystems: maven
Packages: com.github.kfcfans:powerjob
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1xNzN2LTc5eDMtanYyd84AA8Hj
eZ Platform Admin UI Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: ezsystems/ezplatform-admin-ui
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 days ago
High
GSA_kwCzR0hTQS1yajdtLTJwM2ctZmp4Z84AAxba
create-choo-app3 is vulnerable to Command Injection via the devInstall function
Ecosystems: npm
Packages: create-choo-app3
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
High
GSA_kwCzR0hTQS0ycmg1LWp2Z3gtcGd3M80VwQ
Any storage file can be downloaded from p.sh if full server path is known
Ecosystems: packagist
Packages: ezsystems/ezplatform
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
High
GSA_kwCzR0hTQS0yajZ2LXhwZjMteHZyds0vfA
Use of Externally-Controlled Format String in wire-avs
Ecosystems: maven
Packages: com.wire:avs
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS0zOTg4LWg3NXYtaHdmNs01_w
Arbitrary shell execution
Ecosystems: packagist
Packages: squizlabs/php_codesniffer
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTRqNTktaGZ3Ni02dzdo
Downloads Resources over HTTP in cmake
Ecosystems: npm
Packages: cmake
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 6 years ago
High
GSA_kwCzR0hTQS1obWhxLTM4MnEtbXA1Ns4AATQ0
ClassLoader manipulation in Apache Struts
Ecosystems: maven
Packages: org.apache.struts:struts2-core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWoyNTctamZ2di1oM3g1
Privilege Escalation in Channelmgnt plug-in for Sopel
Ecosystems: pypi
Packages: sopel_plugins.channelmgnt
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
High
GSA_kwCzR0hTQS1xMmNnLXhmOXAtaDQ1N84AAYyu
Incomplete exclude pattern in Apache Struts
Ecosystems: maven
Packages: org.apache.struts.xwork:xwork-core, org.apache.struts:struts2-core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS1tZnIzLTljajgtaDJxbc4AAZnm
SaltStack Salt Insecure Temporary File Creation
Ecosystems: pypi
Packages: salt
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJoYzMtNzZqdy00ZjJ4
Denial of Service in @commercial/ammo
Ecosystems: npm
Packages: @commercial/ammo
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWN2Zm0teGpjOC1mMnZt
Denial of Service in @commercial/subtext
Ecosystems: npm
Packages: @commercial/subtext
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
High
GSA_kwCzR0hTQS02d205LTk2Nm0tNzNqcs4AAmwu
EC-CUBE Improper input validation vulnerability
Ecosystems: packagist
Packages: ec-cube/ec-cube
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTlyN2gtNjYzOS12NW13
Cross-Site Scripting in bootstrap-select
Ecosystems: npm
Packages: bootstrap-select
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTg1ajYtZjhqNi1xMjZ4
Unaligned references in Obstack
Ecosystems: cargo
Packages: obstack
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
High
GSA_kwCzR0hTQS1oeDc5LXg4N2MtaGdtM84AAlGK
EC-CUBE Directory traversal vulnerability
Ecosystems: packagist
Packages: ec-cube/ec-cube
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZ2NnEtOWNmdy00Yzgz
smb is malware
Ecosystems: npm
Packages: smb
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTlxZ2gtN3BncC1ocDdy
Cross-Site Scripting in graylog-web-interface
Ecosystems: npm
Packages: graylog-web-interface
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
High
GSA_kwCzR0hTQS0zNDRtLXFjanEteGdyZs4AAxmC
Vulnerable OpenSSL included in sgx-dcap-quote-verify-python
Ecosystems: pypi
Packages: sgx-dcap-quote-verify-python
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
High
GSA_kwCzR0hTQS0zeHBoLWNwOGYtMjIyOc0aLw
Prototype Pollution in @fabiocaccamo/utils.js
Ecosystems: npm
Packages: @fabiocaccamo/utils.js
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXd3ZjItNWNqOC1qeDZ3
nodesqlite is malware
Ecosystems: npm
Packages: nodesqlite
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 6 years ago
High
GSA_kwCzR0hTQS13eGc2LWY3NzMtZzJmN84AAgWQ
jQuery File Upload Plugin Unrestricted file upload vulnerability
Ecosystems: packagist
Packages: blueimp/jquery-file-upload
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXE2NDMtdzlqcC1xMnFn
Hardcoded Initialization Vector in parsel
Ecosystems: npm
Packages: parsel
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZwNzctZnFxcC03OWo4
Prototype Pollution in decal
Ecosystems: npm
Packages: decal
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLThxcDMtcHZ3Yy0yZzRw
nodefabric is malware
Ecosystems: npm
Packages: nodefabric
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 6 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTlxcmctaDlnOC1jNjVx
Prototype Pollution in deep-setter
Ecosystems: npm
Packages: deep-setter
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
High
GSA_kwCzR0hTQS00anE5LTJ4aHctanB4N84AA3K3
Java: DoS Vulnerability in JSON-JAVA
Ecosystems: maven
Packages: org.json:json
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTRyOTctNzhnZi1xMjR2
Prototype Pollution in klona
Ecosystems: npm
Packages: klona
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWc2NHEtM3ZnOC04Zjkz
Prototype Pollution in subtext
Ecosystems: npm
Packages: subtext
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
High
GSA_kwCzR0hTQS1tcXBxLTJwNjgtNDZmds4AA4Qg
pyload Unauthenticated Flask Configuration Leakage vulnerability
Ecosystems: pypi
Packages: pyload-ng
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 months ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTdyNWYtN3FyNC1wZjZx
Sandbox Breakout / Arbitrary Code Execution in notevil
Ecosystems: npm
Packages: notevil
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW1tN3ItMjY1dy1qdjZm
Server-Side Request Forgery in @uppy/companion
Ecosystems: npm
Packages: @uppy/companion
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZwcTMtOTI4cS14Nnc2
Prototype Pollution
Ecosystems: npm
Packages: utils-extend
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
High
GSA_kwCzR0hTQS1mNmpoLWh2ZzItOTUyNc4AA4iq
crystals-go vulnerable to KyberSlash (timing side-channel attack for Kyber)
Ecosystems: go
Packages: github.com/kudelskisecurity/crystals-go
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 months ago
High
GSA_kwCzR0hTQS1tcGc1LWZ2d3AtNDJtMs4AArrD
Unsoundness in `dashmap` references
Ecosystems: cargo
Packages: dashmap
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTI5NTgtNXI0ci13dnY2
Directory Traversal in caolilinode
Ecosystems: npm
Packages: caolilinode
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTgzcHEtNDY2ai1mYzZq
Prototype Pollution in sahmat
Ecosystems: npm
Packages: sahmat
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXFjY2YtcTdwNC0zcTNq
Prototype Pollution in safe-object2
Ecosystems: npm
Packages: safe-object2
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLThqNDktNDlqcS12d2Nx
Prototype Pollution in getsetdeep
Ecosystems: npm
Packages: getsetdeep
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXY0NjQtcmN4Ny1qODc1
Directory Traversal in infraserver
Ecosystems: npm
Packages: infraserver
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 6 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTVtaHYtOXF3OC1qNjNn
mssql.js is malware
Ecosystems: npm
Packages: mssql.js
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXBxNXgtcnBycS04anJq
Directory Traversal in exxxxxxxxxxx
Ecosystems: npm
Packages: exxxxxxxxxxx
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 6 years ago
High
GSA_kwCzR0hTQS1nOTdjLWpmeDYteHZ4aM4AAcl9
Symfony Vulnerable to Timing Attack
Ecosystems: packagist
Packages: symfony/symfony, symfony/security, symfony/security-http, symfony/form
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS1qamZmLXEzcTQtNWhoOM4AA7Lu
@andrei-tatar/nora-firebase-common Prototype Pollution vulnerability
Ecosystems: npm
Packages: @andrei-tatar/nora-firebase-common
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 month ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXIydnctamdxOS1qcXgy
Improper Authorization in @sap-cloud-sdk/core
Ecosystems: npm
Packages: @sap-cloud-sdk/core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
High
GSA_kwCzR0hTQS14cHd3LWc5angtaHA4cs4AArs4
Miscomputed sha2 results when using AVX2 backend
Ecosystems: cargo
Packages: sha2
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXBocGgteHBqNC13dmN2
Cross-Site Scripting in hexo-admin
Ecosystems: npm
Packages: hexo-admin
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW1oNWMtNjc5dy1oaDRy
Denial of Service in mongodb
Ecosystems: npm
Packages: mongodb
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWNoODItZ3FoNi05eGo5
Prototype Pollution in get-setter
Ecosystems: npm
Packages: get-setter
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXhtOWYtdnhteC00bTU4
Data Flow Sanitation Issue Fix
Ecosystems: packagist
Packages: openmage/magento-lts
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTNwOGYtajJ2dy03aHc5
mssql-node is malware
Ecosystems: npm
Packages: mssql-node
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWc5d2ctd3E0Zi0yeDV3
Cross-Site Scripting in console-feed
Ecosystems: npm
Packages: console-feed
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJtbWMtOGNxai1oZnAz
Authentication Bypass in otpauth
Ecosystems: npm
Packages: otpauth
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXY3Y3AtNTMyNi01NGZo
Path Traversal in bruteser
Ecosystems: npm
Packages: bruteser
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXE0Y3EtNTM5Yy0zbW1t
Directory Traversal in serveryztyzt
Ecosystems: npm
Packages: serveryztyzt
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTc3OWYtd2d4Zy1xcjhm
Prototype Pollution in lodash.mergewith
Ecosystems: npm
Packages: lodash.mergewith
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTQ2ZmgtOGZjNS14Y3d4
Prototype Pollution in lodash.defaultsdeep
Ecosystems: npm
Packages: lodash.defaultsdeep
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTU5NDctbTRmZy14aHFn
Prototype Pollution in lodash.mergewith
Ecosystems: npm
Packages: lodash.mergewith
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWg1bXAtNXE0cC1nZ2Y1
Prototype Pollution in lodash.defaultsdeep
Ecosystems: npm
Packages: lodash.defaultsdeep
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXc3NTQtZ3E4ci1wZjVm
MiniMagick Gem for Ruby URI Handling Arbitrary Command Injection
Ecosystems: rubygems
Packages: mini_magick
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 6 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJtOTYtOXc0ai13Z3Y3
Prototype Pollution in lodash.merge
Ecosystems: npm
Packages: lodash.merge
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
High
GSA_kwCzR0hTQS02NjkyLThxcWYtNzlqY84AArs6
`Read` on uninitialized buffer may cause UB ('tectonic_xdv' crate)
Ecosystems: cargo
Packages: tectonic_xdv
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Statistics
Advisories: 18,774
Packages: 8,381
Repositories: 2,465
Ecosystems: 12
Filter by Severity
Moderate 8,161 High 6,452 Critical 2,849 Low 1,017
Filter by Ecosystem
maven 1,876 npm 1,408 pypi 1,200 packagist 1,073 nuget 786 go 696 cargo 324 rubygems 284 swift 16 hex 9 actions 8 pub 4
Filter by Package
Microsoft.ChakraCore 234 tensorflow 107 tensorflow-cpu 95 tensorflow-gpu 93 magento/community-edition 59 org.jenkins-ci.main:jenkins-core 48 moodle/moodle 44 com.fasterxml.jackson.core:jackson-databind 43 org.apache.tomcat:tomcat 33 dolibarr/dolibarr 31 drupal/core 30 microweber/microweber 27 pimcore/pimcore 27 drupal/drupal 26 nokogiri 25 org.apache.struts:struts2-core 23 phpmyadmin/phpmyadmin 23 com.thoughtworks.xstream:xstream 22 opencv-contrib-python 22 opencv-python 22 typo3/cms 22 Pillow 21 com.jfinal:jfinal 21 ansible 20 salt 20 django 19 github.com/rancher/rancher 19 thorsten/phpmyfaq 19 typo3/cms-core 18 org.jenkins-ci.plugins:script-security 18 librenms/librenms 18 mlflow 18 Plone 17 openssl-src 17 pocketmine/pocketmine-mp 17 getgrav/grav 16 symfony/symfony 16 org.apache.tomcat.embed:tomcat-embed-core 16 apache-airflow 16 parse-server 15 rdiffweb 15 nilsteampassnet/teampass 15 Microsoft.AspNetCore.App.Runtime.win-x86 14 Microsoft.AspNetCore.App.Runtime.win-x64 14 github.com/hashicorp/consul 14 net.mingsoft:ms-mcms 14 vyper 14 centreon/centreon 14 Microsoft.AspNetCore.App.Runtime.win-arm 13 github.com/usememos/memos 13 rubygems-update 13 golang.org/x/net 13 Microsoft.AspNetCore.App.Runtime.osx-x64 12 Microsoft.AspNetCore.App.Runtime.linux-x64 12 Microsoft.AspNetCore.App.Runtime.linux-musl-x64 12 Microsoft.AspNetCore.App.Runtime.linux-arm 12 org.keycloak:keycloak-core 12 baserproject/basercms 12 Microsoft.AspNetCore.App.Runtime.linux-musl-arm64 12 org.apache.openmeetings:openmeetings-parent 12 electron 12 Microsoft.AspNetCore.App.Runtime.linux-arm64 12 activerecord 12 Microsoft.AspNetCore.App.Runtime.win-arm64 12 intelliants/subrion 11 github.com/argoproj/argo-cd 11 mautic/core 11 github.com/hashicorp/vault 11 github.com/nats-io/nats-server/v2 11 actionpack 11 org.keycloak:keycloak-parent 11 io.undertow:undertow-core 11 keystone 10 shopware/platform 10 org.springframework.security:spring-security-core 10 cobbler 10 Django 10 org.apache.nifi:nifi 10 org.xwiki.platform:xwiki-platform-oldcore 10 cockpit-hq/cockpit 10 froxlor/froxlor 10 openmage/magento-lts 10 github.com/hashicorp/nomad 10 matrix-synapse 10 org.bouncycastle:bcprov-jdk14 9 craftcms/cms 9 ckb 9 github.com/ethereum/go-ethereum 9 Microsoft.NetCore.App.Runtime.win-arm 9 org.apache.hadoop:hadoop-main 9 mercurial 9 Microsoft.NetCore.App.Runtime.win-arm64 9 org.apache.struts.xwork:xwork-core 9 org.cloudfoundry.identity:cloudfoundry-identity-server 9 Microsoft.NetCore.App.Runtime.win-x64 9 rusqlite 9 Microsoft.NetCore.App.Runtime.win-x86 9 org.apache.geode:geode-core 9 org.apache.solr:solr-core 9 laravel/framework 9 Microsoft.NETCore.App.Runtime.win-arm64 8 Microsoft.NETCore.App.Runtime.win-x64 8 gradio 8 Microsoft.NETCore.App.Runtime.win-x86 8 shopware/core 8 Microsoft.AspNetCore.App.Runtime.linux-musl-arm 8 org.bouncycastle:bcprov-jdk15 8 org.keycloak:keycloak-services 8 github.com/sylabs/singularity 8 october/system 8 cn.hutool:hutool-core 7 DotNetNuke.Core 7 tar 7 com.liferay.portal:release.portal.bom 7 snipe/snipe-it 7 apache-superset 7 com.xuxueli:xxl-job 7 strapi 7 org.elasticsearch:elasticsearch 7 deno 7 cakephp/cakephp 7 org.eclipse.jetty:jetty-server 7 symfony/security 7 phpmailer/phpmailer 7 pillow 7 org.apache.commons:commons-compress 7 magento/core 7 next 7 gogs.io/gogs 7 codeigniter4/framework 7 org.craftercms:crafter-studio 7 org.jenkins-ci.plugins.workflow:workflow-cps-global-lib 7 smarty/smarty 7 org.springframework:spring-core 7 org.jenkins-ci.plugins.workflow:workflow-cps 7 org.apache.inlong:manager-pojo 7 github.com/docker/docker 7 cryptography 6 Microsoft.NETCore.App 6 waitress 6 contao/core-bundle 6 contao/contao 6 Microsoft.AspNetCore.All 6 rack 6 sequelize 6 guzzlehttp/guzzle 6 ezsystems/ezpublish-kernel 6 github.com/hyperledger/fabric 6 @strapi/strapi 6 @openzeppelin/contracts 6 org.apache.camel:camel-core 6 opencv-python-headless 6 Microsoft.AspNetCore.App.Runtime.osx-arm64 6 opencv-contrib-python-headless 6 github.com/gravitl/netmaker 6 github.com/grafana/grafana 6 org.apache.tomcat:tomcat-coyote 6 nautobot 6 sized-chunks 6 kiwitcms 6 golang.org/x/crypto 6 org.apache.tika:tika-core 6 symfony/security-http 6 wwbn/avideo 6 prestashop/prestashop 6 npm 6 composer/composer 6 k8s.io/kubernetes 6 de.tum.in.ase:artemis-java-test-sandbox 6 express-cart 6 github.com/traefik/traefik/v2 6 github.com/zitadel/zitadel 6 istio.io/istio 6 org.apache.cxf:cxf 6 handlebars 6 org.xwiki.platform:xwiki-platform-web 5 pear/archive_tar 5 directus 5 org.apache.xmlgraphics:batik 5 phpbb/phpbb 5 zope 5 Microsoft.WindowsDesktop.App.Runtime.win-x86 5 Microsoft.WindowsDesktop.App.Runtime.win-x64 5 OPCFoundation.NetStandard.Opc.Ua.Core 5 getkirby/cms 5 org.apache.mesos:mesos 5 com.vaadin:vaadin-bom 5 ezsystems/ezpublish-legacy 5 @openzeppelin/contracts-upgradeable 5 plone 5 genix/cms 5 github.com/nats-io/jwt 5 CefSharp.Common 5 org.apache.tomcat:tomcat-catalina 5 github.com/cilium/cilium 5 forkcms/forkcms 5 serve 5 github.com/go-gitea/gitea 5 github.com/answerdev/answer 5 aubio 5
Filter by Repository
https://github.com/chakra-core/ChakraCore 204 https://github.com/tensorflow/tensorflow 107 https://github.com/xwiki/xwiki-platform 48 https://github.com/FasterXML/jackson-databind 44 https://github.com/jenkinsci/jenkins 36 https://github.com/apache/tomcat 34 https://github.com/django/django 26 https://github.com/python-pillow/Pillow 26 https://github.com/apache/airflow 25 https://github.com/pimcore/pimcore 25 https://github.com/microweber/microweber 25 https://github.com/moodle/moodle 24 https://github.com/keycloak/keycloak 22 https://github.com/apache/struts 22 https://github.com/x-stream/xstream 22 https://github.com/opencv/opencv 21 https://github.com/sparklemotion/nokogiri 20 https://github.com/Dolibarr/dolibarr 19 https://github.com/thorsten/phpmyfaq 18 https://github.com/pmmp/PocketMine-MP 17 https://github.com/dotnet/runtime 17 https://github.com/rancher/rancher 16 https://github.com/spring-projects/spring-framework 16 https://github.com/symfony/symfony 16 https://github.com/ansible/ansible 15 https://github.com/ikus060/rdiffweb 15 https://github.com/parse-community/parse-server 15 https://github.com/github/advisory-database 14 https://github.com/apache/inlong 14 https://github.com/librenms/librenms 14 https://github.com/vyperlang/vyper 14 https://github.com/getgrav/grav 14 https://github.com/mlflow/mlflow 13 https://github.com/usememos/memos 13 https://github.com/jenkinsci/script-security-plugin 13 https://github.com/rails/rails 12 https://github.com/hashicorp/consul 11 https://github.com/mautic/mautic 11 https://github.com/electron/electron 11 https://github.com/apache/nifi 11 https://github.com/centreon/centreon 10 https://github.com/OpenMage/magento-lts 10 https://github.com/go-gitea/gitea 10 https://github.com/argoproj/argo-cd 10 https://github.com/octobercms/october 10 https://github.com/strapi/strapi 9 https://github.com/golang/go 9 https://github.com/cui2shark/cms 9 https://github.com/openstack/keystone 9 https://github.com/rusqlite/rusqlite 9 https://github.com/apache/camel 9 https://github.com/cloudfoundry/uaa 9 https://github.com/nilsteampassnet/teampass 9 https://github.com/kubernetes/kubernetes 9 https://github.com/nervosnetwork/ckb 9 https://github.com/TYPO3/TYPO3.CMS 8 https://github.com/cobbler/cobbler 8 https://github.com/gradio-app/gradio 8 https://github.com/cockpit-hq/cockpit 8 https://github.com/nats-io/nats-server 8 https://github.com/denoland/deno 8 https://github.com/bcgit/bc-java 8 https://github.com/matrix-org/synapse 8 https://github.com/shopware/platform 8 https://github.com/netty/netty 7 https://github.com/dotnet/aspnetcore 7 https://github.com/PHPMailer/PHPMailer 7 https://github.com/eclipse/jetty.project 7 https://github.com/spring-projects/spring-security 7 https://github.com/undertow-io/undertow 7 https://github.com/snipe/snipe-it 7 https://github.com/hashicorp/vault 7 https://github.com/laravel/framework 7 https://github.com/rubygems/rubygems 7 https://github.com/DSpace/DSpace 7 https://github.com/apache/activemq 7 https://github.com/plone/Products.CMFPlone 7 https://github.com/apache/cxf 7 https://github.com/nautobot/nautobot 6 https://github.com/DrunkenShells/Disclosures 6 https://github.com/istio/istio 6 https://github.com/PaddlePaddle/Paddle 6 https://github.com/hyperledger/fabric 6 https://github.com/OpenNMS/opennms 6 https://github.com/intelliants/subrion 6 https://github.com/smarty-php/smarty 6 https://github.com/pyca/cryptography 6 https://github.com/CVEProject/cvelist 6 https://github.com/xuxueli/xxl-job 6 https://github.com/saltstack/salt 6 https://github.com/TYPO3/typo3 6 https://github.com/guzzle/guzzle 6 https://github.com/sequelize/sequelize 6 https://github.com/kiwitcms/Kiwi 6 https://github.com/contao/contao 6 https://github.com/bodil/sized-chunks 6 https://github.com/dnnsoftware/Dnn.Platform 6 https://github.com/phpmyadmin/phpmyadmin 6 https://github.com/dromara/hutool 6 https://github.com/gravitl/netmaker 6 https://github.com/zitadel/zitadel 6 https://github.com/OpenZeppelin/openzeppelin-contracts 6 https://github.com/Pylons/waitress 6 https://github.com/ls1intum/Ares 6 https://github.com/magento/magento2 6 https://github.com/npm/node-tar 6 https://github.com/OPCFoundation/UA-.NETStandard 6 https://github.com/nilsteampassnet/TeamPass 6 https://github.com/WWBN/AVideo 6 https://github.com/backstage/backstage 6 https://github.com/opencast/opencast 6 https://github.com/froxlor/froxlor 6 https://github.com/ethereum/go-ethereum 5 https://github.com/hpcng/singularity 5 https://github.com/cilium/cilium 5 https://github.com/apache/hadoop 5 https://github.com/drupal/core 5 https://github.com/getkirby/kirby 5 https://github.com/PrestaShop/PrestaShop 5 https://github.com/directus/directus 5 https://github.com/forkcms/forkcms 5 https://github.com/composer/composer 5 https://github.com/pear/Archive_Tar 5 https://github.com/zopefoundation/Zope 5 https://github.com/geoserver/geoserver 5 https://github.com/vercel/next.js 5 https://github.com/aubio/aubio 5 https://github.com/BlackFan/client-side-prototype-pollution 5 https://github.com/gogs/gogs 5 https://github.com/answerdev/answer 5 https://github.com/docker/docker 5 https://github.com/apache/xmlgraphics-batik 5 https://github.com/traefik/traefik 5 https://github.com/codeigniter4/CodeIgniter4 5 https://github.com/cakephp/cakephp 5 https://github.com/matrix-org/matrix-js-sdk 5 https://github.com/twisted/twisted 5 https://github.com/apache/kylin 5 https://github.com/apache/dolphinscheduler 5 https://github.com/protocolbuffers/protobuf 5 https://github.com/cefsharp/CefSharp 5 https://github.com/grafana/grafana 5 https://github.com/IBAX-io/go-ibax 5 https://github.com/faisalman/ua-parser-js 5 https://github.com/ericcornelissen/shescape 4 https://github.com/jenkinsci/workflow-cps-global-lib-plugin 4 https://github.com/playframework/playframework 4 https://github.com/containers/podman 4 https://github.com/tidwall/gjson 4 https://github.com/jettison-json/jettison 4 https://github.com/vantage6/vantage6 4 https://github.com/fiveai/Cachet 4 https://github.com/kubernetes/ingress-nginx 4 https://github.com/apache/geode 4 https://github.com/yiisoft/yii2 4 https://github.com/totaljs/framework 4 https://github.com/bolt/bolt 4 https://github.com/phpseclib/phpseclib 4 https://github.com/opencontainers/runc 4 https://github.com/apple/swift-nio-http2 4 https://github.com/scrapy/scrapy 4 https://github.com/PrismJS/prism 4 https://github.com/free5gc/free5gc 4 https://github.com/Codiad/Codiad 4 https://github.com/0xJacky/nginx-ui 4 https://github.com/hashicorp/nomad 4 https://github.com/nocodb/nocodb 4 https://github.com/containers/buildah 4 https://github.com/quarkusio/quarkus 4 https://github.com/livehelperchat/livehelperchat 4 https://github.com/baserproject/basercms 4 https://github.com/ethyca/fides 4 https://github.com/pgadmin-org/pgadmin4 4 https://github.com/wixtoolset/issues 4 https://github.com/pimcore/admin-ui-classic-bundle 4 https://github.com/cri-o/cri-o 4 https://github.com/igniterealtime/Openfire 4 https://github.com/RaspAP/raspap-webgui 4 https://github.com/ckeditor/ckeditor4 4 https://github.com/npm/cli 4 https://github.com/cloudflare/cfrpki 4 https://github.com/libp2p/go-libp2p 4 https://github.com/statamic/cms 4 https://github.com/centreon/centreon-archived 4 https://github.com/surrealdb/surrealdb 4 https://github.com/restlet/restlet-framework-java 4 https://github.com/jnqnfe/pulse-binding-rust 4 https://github.com/Froxlor/Froxlor 4 https://github.com/nightcloudos/new_cms 4 https://github.com/jhipster/generator-jhipster 4 https://github.com/ezsystems/ezpublish-legacy 4 https://github.com/jeecgboot/jeecg-boot 4 https://github.com/jfhbrook/node-ecstatic 3 https://github.com/dpgaspar/Flask-AppBuilder 3 https://github.com/phusion/passenger 3 https://github.com/grpc/grpc 3 https://github.com/jupyterhub/oauthenticator 3 https://gitlab.com/edneville/please 3 https://github.com/edgelesssys/constellation 3