Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories

Loading...
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWY1MmctNmpoeC01ODZw
Denial of Service in handlebars
Ecosystems: npm
Packages: handlebars
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Moderate
GSA_kwCzR0hTQS1yNW0yLWc1Z2MtcTQzcs4AAdTe
Jenkins Denial of Service vulnerability
Ecosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1nNjZxLWdyeGMtNjRqM84AAWk9
Cross-site Scripting in JavaMelody
Ecosystems: maven
Packages: net.bull.javamelody:javamelody-core
Source: GitHub Advisory Database
Blast Radius: 17.4
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS0ycDZyLTM3cDktODlwMs0Wnw
Authz Module Non-Determinism
Ecosystems: go
Packages: github.com/cosmos/cosmos-sdk
Source: GitHub Advisory Database
Blast Radius: 21.9
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1wYzU0LXBjaG0teGN3Ns4AAdza
XML External Entity Reference in RESTEasy
Ecosystems: maven
Packages: org.jboss.resteasy:resteasy-jaxrs
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS05bWg4LTlqNjQtNDQzZs4AA0RO
HashiCorp Vault's revocation list not respected
Ecosystems: go
Packages: github.com/hashicorp/vault
Source: GitHub Advisory Database
Blast Radius: 17.8
Published: 11 months ago
Moderate
GSA_kwCzR0hTQS1mcjN3LTJwMjItNnc3cM4AA572
URL Redirection to Untrusted Site in OAuth2/OpenID in directus
Ecosystems: npm
Packages: directus
Source: GitHub Advisory Database
Blast Radius: 11.1
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS1qcDd2LTM1ODctMjk1Ns4AAxfm
Credential disclosure in syft when SYFT_ATTEST_PASSWORD environment variable set
Ecosystems: go
Packages: github.com/anchore/syft
Source: GitHub Advisory Database
Blast Radius: 14.6
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1naDI3LTM4cDUtbXJ4Y83oyA
Improper Control of Generation of Code in Apache Kafka
Ecosystems: maven
Packages: org.apache.kafka:kafka
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS14cjM3LXBqZmgtcXd3Y84AAjcY
Fortify Plugin stored credentials in plain text
Ecosystems: maven
Packages: org.jenkins-ci.plugins:fortify
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLThoODQtOGo0Zi1wOTdx
Injection in bodymen
Ecosystems: npm
Packages: bodymen
Source: GitHub Advisory Database
Blast Radius: 14.6
Published: about 3 years ago
Moderate
GSA_kwCzR0hTQS13cXY0LTlncjMtM3FnaM4AATfl
Exposure of Sensitive Information to an Unauthorized Actor in Jenkins
Ecosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS00NDUzLWcyOTUtMjRtaM4AAs5Q
Cross site scripting in Elefant CMS
Ecosystems: packagist
Packages: elefant/cms
Source: GitHub Advisory Database
Blast Radius: 3.3
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1tOTljLXEyNnItbTdtN84AA7I6
Evmos vulnerable to unauthorized account creation with vesting module
Ecosystems: go
Packages: github.com/evmos/evmos/v13, github.com/evmos/evmos/v13/x/vesting
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS13NGY4LWZ4cTItajM1ds0vfw
Possible privilege escalation via bash completion script
Ecosystems: go
Packages: github.com/google/fscrypt
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1qaGpnLXcyY3AtNWo0NM4AAce9
Django DoS in django.views.static.serve
Ecosystems: pypi
Packages: django
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS0zanA2LXE5Y2ctcnZnas4AAu-c
Missing permission check in Jenkins build-publisher Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:build-publisher
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS00eDYzLTNwN3EteG1oN84AAWxX
Jenkins HTML Publisher Plugin path traversal vulnerability
Ecosystems: maven
Packages: org.jenkins-ci.plugins:htmlpublisher
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS14N2o3LXFwN2otaHczcc0XPw
Cross-site scripting (XSS) from writer field content in the site frontend
Ecosystems: packagist
Packages: getkirby/cms
Source: GitHub Advisory Database
Blast Radius: 13.9
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1yNTJoLWZqbTctOTNqOM4AA7I0
BlazeMeter Jenkins plugin vulnerable to Cross-Site Request Forgery
Ecosystems: maven
Packages: com.blazemeter.plugins:BlazeMeterJenkinsPlugin
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS14d2o3LTI5ajctcnc3Ns4AAs5R
Cross site scripting in Elefant CMS
Ecosystems: packagist
Packages: elefant/cms
Source: GitHub Advisory Database
Blast Radius: 3.7
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS02Y3A3LWc5NzItdzltOc0wjA
Use of a Key Past its Expiration Date and Insufficient Session Expiration in Maddy Mail Server
Ecosystems: go
Packages: github.com/foxcpp/maddy
Source: GitHub Advisory Database
Blast Radius: 1.9
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS05Zm1nLTg5ZngtcjMzd84AAtB0
Quadratic blowup in Convert::xml2array()
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 23.6
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS0zODljLWNmODctcW13as4AA6HZ
Cross-site Scripting in livewire/livewire
Ecosystems: packagist
Packages: livewire/livewire
Source: GitHub Advisory Database
Blast Radius: 26.0
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS03ZjdnLThxM3gtanB4Oc4AAs5A
Cross site scripting in Elefant CMS
Ecosystems: packagist
Packages: elefant/cms
Source: GitHub Advisory Database
Blast Radius: 3.3
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS14OTVoLTk3OXgtY2Yzas0Wmg
Policies not properly enforced in bluemonday
Ecosystems: go, pypi
Packages: github.com/microcosm-cc/bluemonday, pybluemonday
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1wMzdwLXdnOTItMmZjNM4AAu-P
Missing permission checks in Jenkins CONS3RT Plugin allow enumerating credentials IDs
Ecosystems: maven
Packages: org.jenkins-ci.plugins:cons3rt
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1wOW01LTNoajctY3A1cs4AAnD2
futures_task::noop_waker_ref can segfault due to dereferencing a NULL pointer
Ecosystems: cargo
Packages: futures-task
Source: GitHub Advisory Database
Blast Radius: 25.7
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS04cm1tLWdtMjgtcGo4cc4AA7I3
Keycloak Cross-site Scripting (XSS) via assertion consumer service URL in SAML POST-binding flow
Ecosystems: maven
Packages: org.keycloak:keycloak-services
Source: GitHub Advisory Database
Blast Radius: 16.5
Published: about 1 month ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXFwanAtN3JwMi05YzNm
Moderate severity vulnerability that affects validator
Ecosystems: npm
Packages: validator
Source: GitHub Advisory Database
Blast Radius: 34.7
Published: over 6 years ago
Moderate
GSA_kwCzR0hTQS05bWc0LXYzOTItOGo2OM4AA6IR
erlang-jose vulnerable to denial of service via large p2c value
Ecosystems: hex
Packages: jose
Source: GitHub Advisory Database
Blast Radius: 16.5
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS13eDhxLXJnZnItY2Y2ds0XGw
Insufficient Granularity of Access Control in github.com/google/exposure-notifications-verification-server
Ecosystems: go
Packages: github.com/google/exposure-notifications-verification-server
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1qODc0LTQ3eHgtOXhmZ84AAv6K
Missing permission check in Jenkins Delete log Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:delete-log-plugin
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1xOHFxLTJwNXAtcmc0NM4AAknX
Missing SSH host key validation in Jenkins Amazon EC2 Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:ec2
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS00Mnh3LXA2MngtaHdjZs3oxA
Improper Access Control in Apache Derby
Ecosystems: maven
Packages: org.apache.derby:derby
Source: GitHub Advisory Database
Blast Radius: 23.0
Published: about 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXE0cXEtZm03cS1jd3A1
Multiple XSS Filter Bypasses in validator
Ecosystems: npm
Packages: validator
Source: GitHub Advisory Database
Blast Radius: 34.7
Published: over 6 years ago
Moderate
GSA_kwCzR0hTQS1mcTg2LTNmMjktcHgyY80ovA
`CHECK`-failures during Grappler's `IsSimplifiableReshape` in Tensorflow
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 31.6
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS03djk0LTY0aGotbTgyaM0XDA
FPE in `ParallelConcat`
Ecosystems: pypi
Packages: tensorflow
Source: GitHub Advisory Database
Blast Radius: 26.8
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1tN3dyLTJ4ZjctY205cM4AA5v_
pgx SQL Injection via Line Comment Creation
Ecosystems: go
Packages: github.com/jackc/pgx/v4, github.com/jackc/pgx
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS1nbTY3LWg1d3ItdzNjds4AA0Ts
Apache Zeppelin Improper Input Validation vulnerability
Ecosystems: maven
Packages: org.apache.zeppelin:zeppelin
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 11 months ago
Moderate
GSA_kwCzR0hTQS04NmZwLWpnd20td2dqNc1mcQ
Apache Tomcat XSS Vulnerability
Ecosystems: maven
Packages: org.apache.tomcat:tomcat
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1qMnhxLXBmZmYtbXZnZ84AATB3
Loop with Unreachable Exit Condition in Apache PDFBox
Ecosystems: maven
Packages: org.apache.pdfbox:pdfbox
Source: GitHub Advisory Database
Blast Radius: 25.9
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS12NnEyLTRxcjMtNWN3Ns4AA6Gm
Unencrypted traffic between nodes when using WireGuard and L7 policies
Ecosystems: go
Packages: github.com/cilium/cilium
Source: GitHub Advisory Database
Blast Radius: 12.3
Published: 2 months ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTV2N3Itamc5ci12cTQ0
Insecure Cryptography Algorithm in simple-crypto-js
Ecosystems: npm
Packages: simple-crypto-js
Source: GitHub Advisory Database
Blast Radius: 15.3
Published: over 3 years ago
Moderate
GSA_kwCzR0hTQS1wNzVqLXdjMzQtNTI3Y80Wdg
Exposure of Sensitive Information to an Unauthorized Actor in ansible
Ecosystems: pypi
Packages: ansible
Source: GitHub Advisory Database
Blast Radius: 27.1
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1nZ3dyLTR2cjgtZzd3ds4AA0pO
Apache Airflow Path Traversal vulnerability
Ecosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Blast Radius: 20.7
Published: 10 months ago
Moderate
GSA_kwCzR0hTQS0zcHBtLWZ3aG0tcXFnNs4AAvxr
FeehiCMS is vulnerable to Cross-Site Scripting (XSS)
Ecosystems: packagist
Packages: feehi/cms
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS05OWc1LTU2NDMteHBocM4AAv0J
mm-wiki is vulnerable to Cross-Site Scripting (XSS)
Ecosystems: go
Packages: github.com/phachon/mm-wiki
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS02aHB2LXYycngtYzVnNs0XCg
FPE in convolutions with zero size filters
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 26.8
Published: over 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW00NWctZjQ1eC12djIy
Improper input validation in CNCF Cortex
Ecosystems: go
Packages: github.com/cortexproject/cortex
Source: GitHub Advisory Database
Blast Radius: 15.3
Published: almost 3 years ago
Moderate
GSA_kwCzR0hTQS0yNGg4LWNwcW0tcW1mM84AAs7v
Cross-Site Request Forgery in Jenkins Convertigo Mobile Platform Plugin
Ecosystems: maven
Packages: com.convertigo.jenkins.plugins:convertigo-mobile-platform
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS01NnI5LTcydngtcTk4Oc4AAyQ2
Moodle arbitrary file read vulnerability
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 9.2
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS05OHBmLWdmaDMteDNtcM4AAv0C
Read the Docs vulnerable to Cross-Site Scripting (XSS)
Ecosystems: npm
Packages: readthedocs
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS12aHFyLTNncjItN3B4Oc4AAU4H
Subrion CMS Cross-site Scripting
Ecosystems: packagist
Packages: intelliants/subrion
Source: GitHub Advisory Database
Blast Radius: 3.7
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1qODloLXFydnIteGMzNs4AA6Gl
Unencrypted traffic between nodes when using IPsec and L7 policies
Ecosystems: go
Packages: github.com/cilium/cilium
Source: GitHub Advisory Database
Blast Radius: 12.3
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS1qOGM4LTY3dnAtNm14N80W-A
Arbitrary memory read in `ImmutableConst`
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 32.1
Published: over 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW00NnAtZ2dtNS01ajgz
Rails vulnerable to Cross-site Scripting
Ecosystems: rubygems
Packages: actionpack, rails
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 6 years ago
Moderate
GSA_kwCzR0hTQS13OHZxLTNoZjkteHBweM4AA1v7
Apollo Router Unnamed "Subscription" operation results in Denial-of-Service
Ecosystems: cargo
Packages: apollo-router
Source: GitHub Advisory Database
Blast Radius: 3.6
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS1qcnZyLWdtcXYtaGdyaM4AAvxg
Subrion CMS is vulnerable to Cross-Site Scripting (XSS)
Ecosystems: packagist
Packages: intelliants/subrion
Source: GitHub Advisory Database
Blast Radius: 3.7
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS04NDc3LTN2MzktZ2dwbc3mcQ
Improper Validation of Integrity Check Value in Bouncy Castle
Ecosystems: maven
Packages: org.bouncycastle:bcprov-jdk15on
Source: GitHub Advisory Database
Blast Radius: 18.8
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS04dmpwLWhmZ2gtNjhyas4AAwXa
FeehiCMS Cross Site Scripting vulnerability
Ecosystems: packagist
Packages: feehi/feehicms
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1yZ2h3LTZweDItZmd3Y84AArKB
Improper Certificate Validation in MongoDB
Ecosystems: maven
Packages: org.mongodb:mongodb-driver-legacy, org.mongodb:mongodb-driver-sync, org.mongodb:mongo-java-driver, org.mongodb:mongodb-driver
Source: GitHub Advisory Database
Blast Radius: 30.1
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS02NXY4LTZwdnctand2cc4AAyq3
Answer vulnerable to Insertion of Sensitive Information Into Sent Data
Ecosystems: go
Packages: github.com/answerdev/answer
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXBtcHItdmM1cS1oM2p3
Exposure of Resource to Wrong Sphere in valib
Ecosystems: npm
Packages: valib
Source: GitHub Advisory Database
Blast Radius: 12.4
Published: about 3 years ago
Moderate
GSA_kwCzR0hTQS13amc4LXB4cWotYzNjN84AA0TB
Artesãos SEOTools Open Redirect vulnerability
Ecosystems: packagist
Packages: artesaos/seotools
Source: GitHub Advisory Database
Blast Radius: 17.6
Published: 11 months ago
Moderate
GSA_kwCzR0hTQS04NjJnLTloNW0tbTNxds0W6A
coreos-installer < 0.10.0 writes world-readable Ignition config to installed system
Ecosystems: cargo
Packages: coreos-installer
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS13eGpnLXA1OWotNmM5Ms0vCQ
Command injection in github.com/google/fscrypt
Ecosystems: go
Packages: github.com/google/fscrypt
Source: GitHub Advisory Database
Blast Radius: 7.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1xZ2M3LW1nbTMtcTI1M84AAxtL
Uncontrolled Resource Consumption in golang.org/x/image
Ecosystems: go
Packages: golang.org/x/image
Source: GitHub Advisory Database
Blast Radius: 27.9
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS14bWY0LWozajcteGo3cc1kWA
Apache Tomcat DoS Via Requests Including Null Characters
Ecosystems: maven
Packages: org.apache.tomcat:tomcat
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1nbTQ4LTgzeDQtODRqZ84AArex
Server-side request forgery in Apache Dubbo
Ecosystems: maven
Packages: com.alibaba:dubbo, org.apache.dubbo:dubbo
Source: GitHub Advisory Database
Blast Radius: 25.2
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS04ZjI0LTZtMjktd20ycs4AA4ih
use-after-free in tracing
Ecosystems: cargo
Packages: tracing
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS14djVmLTI5OTctcWhycc4AAbrG
Craft CMS XSS Vulnerability
Ecosystems: packagist
Packages: craftcms/cms
Source: GitHub Advisory Database
Blast Radius: 21.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS05ajM5LTQ2ODYtbTNjNM4AA6LL
Ibexa Kernel's files with blacklisted extensions can be still saved to drafts
Ecosystems: packagist
Packages: ibexa/core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS0zajltLWhjdjktcnBqOM0W3Q
XSS vulnerability allowing arbitrary JavaScript execution
Ecosystems: npm
Packages: @grafana/data
Source: GitHub Advisory Database
Blast Radius: 20.8
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS12cHFtLTg4YzQteDRjds4AARKl
Exposure of Sensitive Information to an Unauthorized Actor in Elasticsearch
Ecosystems: maven
Packages: org.elasticsearch:elasticsearch
Source: GitHub Advisory Database
Blast Radius: 27.7
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1ocDU2LXh2ZjQtZzZ3cs4AA19U
Cros secrets may be disclosed to untrusted relay
Ecosystems: go
Packages: github.com/schollz/croc/v9
Source: GitHub Advisory Database
Blast Radius: 2.5
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS1jcDd2LXZtdjctNngycc4AARke
Incorrect Authorization in Undertow
Ecosystems: maven
Packages: io.undertow:undertow-core
Source: GitHub Advisory Database
Blast Radius: 22.0
Published: about 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTI3cWYtandtOC1nN2Yz
FPE in LSH in TFLite
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 26.8
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS03OWd4LTNmbTgtcXhxcc4AAwCx
Microweber vulnerable to cross-site scripting (XSS)
Ecosystems: packagist
Packages: microweber/microweber
Source: GitHub Advisory Database
Blast Radius: 4.3
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS0yd2NqLXFyNzYtOTc2OM4AA4K6
PaddlePaddle segfault in paddle.put_along_axis
Ecosystems: pypi
Packages: paddlepaddle
Source: GitHub Advisory Database
Blast Radius: 15.7
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS0zMnhwLW02dmctZ3dwas4AAlk-
Missing permission check in Jenkins Pipeline Maven Integration Plugin allows enumerating credentials IDs
Ecosystems: maven
Packages: org.jenkins-ci.plugins:pipeline-maven
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXE3ZjctNTQ0aC02N2g5
FPE in TFLite pooling operations
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 26.8
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS0yMmYyLXY1N2MtajljeM4AA5mE
Rack vulnerable to ReDoS in content type parsing (2nd degree polynomial)
Ecosystems: rubygems
Packages: rack
Source: GitHub Advisory Database
Blast Radius: 31.9
Published: 3 months ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTljOGgtMm12My00OXd3
Division by 0 in most convolution operators
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 26.8
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1jOWg2LXY3OHctNTJ3as4AA7JB
Keycloak vulnerable to session hijacking via re-authentication
Ecosystems: maven
Packages: org.keycloak:keycloak-services
Source: GitHub Advisory Database
Blast Radius: 17.9
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS12cTdqLTZwY3EtZjQ4cM4AAl8N
Path traversal vulnerability in Blue Ocean Plugin
Ecosystems: maven
Packages: io.jenkins.blueocean:blueocean
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS14N21mLXdyaDktcjc2Y84AA6Gj
XSS via the "Snapshot Test" feature in Classic Webcam plugin settings
Ecosystems: pypi
Packages: OctoPrint
Source: GitHub Advisory Database
Blast Radius: 3.1
Published: 2 months ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZ4ODUtajVqMi0yN2p4
actionpack Path Traversal vulnerability
Ecosystems: rubygems
Packages: actionpack
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 6 years ago
Moderate
GSA_kwCzR0hTQS1td3ZoLXAzaHgteDRnZ84AA6LK
Ibexa Kernel's files with blacklisted extensions can be still saved to drafts
Ecosystems: packagist
Packages: ezsystems/ezplatform-kernel
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS1tcjc4LXY1NXAtNzc3N84AA4K5
PaddlePaddle segfault in paddle.mode
Ecosystems: pypi
Packages: PaddlePaddle
Source: GitHub Advisory Database
Blast Radius: 15.7
Published: 5 months ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWdyNDQtN2dyYy0zN3Zx
ActiveRecord vulnerable to modification of protected model attributes
Ecosystems: rubygems
Packages: activerecord
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 6 years ago
Moderate
GSA_kwCzR0hTQS12OTM1LXBxbXItZzh2Oc0W1w
Unexpected panics in num-bigint
Ecosystems: cargo
Packages: num-bigint
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1xN2NwLXI2Y2otaHBmNc4AAXd6
Apache Geode OQL bind parameter vulnerability
Ecosystems: maven
Packages: org.apache.geode:geode-core
Source: GitHub Advisory Database
Blast Radius: 13.6
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS02cjZoLXZoZzctNTN4N84AAoKy
Cross Site Scripting (XSS) in LavaLite 5.8.0
Ecosystems: packagist
Packages: lavalite/cms
Source: GitHub Advisory Database
Blast Radius: 3.3
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS0yNTJoLTJjbXEtcG1yNs4AAwXI
easywebpack-cli Path Traversal vulnerability
Ecosystems: npm
Packages: @easy-team/easywebpack-cli
Source: GitHub Advisory Database
Blast Radius: 6.2
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1tcnJ3LWdyaHEtODZnZs4AAx3Z
Ascii (crate) allows out-of-bounds array indexing in safe code
Ecosystems: cargo
Packages: ascii
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1ycDRwLWc2OXItNDM4eM3pDQ
Cross-Site Request Forgery in Spring Framework
Ecosystems: maven
Packages: org.springframework:spring-oxm
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1ndmdjLXJ4bWgtNWh2d84AAVO9
Apache Tomcat affected by infinite loop in Double.parseDouble method in Java Runtime Environment
Ecosystems: maven
Packages: org.apache.tomcat:tomcat
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS01cDJ4LTg0MjctOWZncM4AA5Nz
Moodle Improper Access Control vulnerability
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 9.2
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS1yM21tLXY0eDctMnBobc4AAyuW
Jenkins NeuVector Vulnerability Scanner Plugin disables SSL/TLS certificate and hostname validation
Ecosystems: maven
Packages: io.jenkins.plugins:neuvector-vulnerability-scanner
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Statistics
Advisories: 18,774
Packages: 8,381
Repositories: 5,080
Ecosystems: 12
Filter by Severity
Moderate 8,161 High 6,452 Critical 2,849 Low 1,017
Filter by Ecosystem
maven 5,573 packagist 4,003 pypi 3,848 npm 3,557 go 1,935 nuget 1,421 rubygems 815 cargo 780 swift 31 hex 30 actions 16 pub 8
Filter by Package
tensorflow 432 tensorflow-cpu 387 tensorflow-gpu 384 moodle/moodle 323 Microsoft.ChakraCore 247 magento/community-edition 203 org.jenkins-ci.main:jenkins-core 189 org.apache.tomcat:tomcat 134 pimcore/pimcore 116 dolibarr/dolibarr 107 typo3/cms 102 phpmyadmin/phpmyadmin 92 microweber/microweber 91 drupal/core 90 django 80 apache-airflow 78 typo3/cms-core 77 drupal/drupal 75 thorsten/phpmyfaq 70 com.fasterxml.jackson.core:jackson-databind 69 ansible 63 github.com/usememos/memos 59 actionpack 57 org.apache.struts:struts2-core 55 librenms/librenms 54 symfony/symfony 53 salt 53 Plone 52 concrete5/concrete5 52 apache-superset 49 shopware/platform 48 org.keycloak:keycloak-core 47 nova 45 com.liferay.portal:release.portal.bom 45 github.com/grafana/grafana 44 baserproject/basercms 43 nokogiri 43 plone 43 rdiffweb 42 Pillow 41 intelliants/subrion 40 showdoc/showdoc 40 craftcms/cms 40 vyper 38 github.com/mattermost/mattermost/server/v8 38 github.com/mattermost/mattermost-server/v6 37 nilsteampassnet/teampass 37 froxlor/froxlor 37 org.apache.tomcat.embed:tomcat-embed-core 36 shopware/core 36 com.jfinal:jfinal 36 com.thoughtworks.xstream:xstream 36 matrix-synapse 35 net.mingsoft:ms-mcms 35 moin 34 github.com/answerdev/answer 34 org.xwiki.platform:xwiki-platform-oldcore 34 mlflow 33 org.elasticsearch:elasticsearch 32 org.jenkins-ci.plugins:script-security 32 snipe/snipe-it 32 silverstripe/framework 32 k8s.io/kubernetes 32 keystone 30 opencv-contrib-python 30 opencv-python 30 mautic/core 30 Django 30 github.com/argoproj/argo-cd 29 getgrav/grav 29 parse-server 29 github.com/rancher/rancher 28 github.com/hashicorp/vault 28 centreon/centreon 27 io.undertow:undertow-core 27 org.keycloak:keycloak-services 27 shopware/shopware 27 github.com/hashicorp/nomad 26 prestashop/prestashop 26 github.com/hashicorp/consul 26 openssl-src 26 electron 26 rubygems-update 25 org.keycloak:keycloak-parent 25 org.apache.solr:solr-core 25 gogs.io/gogs 24 magento/core 24 pocketmine/pocketmine-mp 23 puppet 23 org.springframework.security:spring-security-core 23 github.com/argoproj/argo-cd/v2 23 remdex/livehelperchat 23 mediawiki/core 23 org.eclipse.jetty:jetty-server 23 ckb 22 grumpydictator/firefly-iii 22 getkirby/cms 22 org.bouncycastle:bcprov-jdk14 22 org.apache.nifi:nifi 22 rack 22 org.apache.openmeetings:openmeetings-parent 21 @openzeppelin/contracts-upgradeable 21 contao/core-bundle 21 activerecord 21 github.com/docker/docker 20 @openzeppelin/contracts 20 org.cloudfoundry.identity:cloudfoundry-identity-server 20 github.com/cilium/cilium 20 github.com/ethereum/go-ethereum 20 tribalsystems/zenario 20 DotNetNuke.Core 19 code.gitea.io/gitea 19 laravel/framework 19 org.springframework:spring-core 19 Microsoft.AspNetCore.App.Runtime.win-x64 18 com.vaadin:vaadin-bom 18 Microsoft.AspNetCore.App.Runtime.win-x86 18 langchain 18 com.liferay.portal:release.dxp.bom 18 forkcms/forkcms 18 glance 18 directus 18 contao/contao 18 helm.sh/helm/v3 18 cockpit-hq/cockpit 18 simplesamlphp/simplesamlphp 18 org.apache.geode:geode-core 17 topthink/framework 17 Microsoft.AspNetCore.App.Runtime.win-arm 17 cobbler 17 genix/cms 17 symfony/security 17 org.xwiki.platform:xwiki-platform-web-templates 17 golang.org/x/net 17 francoisjacquet/rosariosis 17 PaddlePaddle 17 cakephp/cakephp 17 mercurial 17 ezsystems/ezpublish-kernel 17 Microsoft.AspNetCore.App.Runtime.osx-x64 16 org.apache.dubbo:dubbo 16 wasmtime 16 org.apache.activemq:activemq-client 16 rusqlite 16 Microsoft.AspNetCore.App.Runtime.linux-x64 16 Microsoft.AspNetCore.App.Runtime.linux-musl-x64 16 Microsoft.AspNetCore.App.Runtime.linux-arm 16 neutron 16 Microsoft.AspNetCore.App.Runtime.linux-arm64 16 sequelize 16 yetiforce/yetiforce-crm 16 org.bouncycastle:bcprov-jdk15 16 pillow 16 notebook 15 org.apache.jspwiki:jspwiki-main 15 openmage/magento-lts 15 paddlepaddle 15 next 15 github.com/goharbor/harbor 15 Microsoft.AspNetCore.App.Runtime.win-arm64 15 gradio 15 Microsoft.AspNetCore.App.Runtime.linux-musl-arm64 15 cryptography 15 org.apache.struts.xwork:xwork-core 15 org.xwiki.platform:xwiki-platform-web 14 activesupport 14 zendframework/zendframework1 14 ghost 14 ec-cube/ec-cube 14 symfony/security-http 14 smarty/smarty 14 phpmailer/phpmailer 14 tinymce 14 pyload-ng 14 github.com/containerd/containerd 14 publify_core 14 swagger-ui 14 modoboa 14 org.apache.inlong:manager-pojo 14 typo3/cms-backend 14 pyftpdlib 14 codeigniter4/framework 13 github.com/mattermost/mattermost-server 13 lavalite/cms 13 github.com/traefik/traefik/v2 13 joplin 13 elefant/cms 13 october/system 13 strapi 13 bolt/bolt 13 ckeditor4 13 passenger 13 OctoPrint 13 impresscms/impresscms 13 github.com/nats-io/nats-server/v2 13 org.apache.cxf:cxf 13 org.apache.hadoop:hadoop-main 13 actionview 12 deno 12 undici 12
Filter by Repository
https://github.com/tensorflow/tensorflow 432 https://github.com/chakra-core/ChakraCore 214 https://github.com/moodle/moodle 210 https://github.com/xwiki/xwiki-platform 172 https://github.com/jenkinsci/jenkins 148 https://github.com/pimcore/pimcore 111 https://github.com/apache/tomcat 96 https://github.com/django/django 95 https://github.com/apache/airflow 90 https://github.com/microweber/microweber 85 https://github.com/FasterXML/jackson-databind 70 https://github.com/thorsten/phpmyfaq 69 https://github.com/usememos/memos 59 https://github.com/keycloak/keycloak 59 https://github.com/Dolibarr/dolibarr 55 https://github.com/rails/rails 53 https://github.com/ansible/ansible 53 https://github.com/python-pillow/Pillow 52 https://github.com/kubernetes/kubernetes 49 https://github.com/symfony/symfony 47 https://github.com/TYPO3/typo3 46 https://github.com/librenms/librenms 46 https://github.com/apache/struts 46 https://github.com/shopware/platform 43 https://github.com/ikus060/rdiffweb 42 https://github.com/spring-projects/spring-framework 41 https://github.com/grafana/grafana 39 https://github.com/star7th/showdoc 38 https://github.com/vyperlang/vyper 38 https://github.com/phpmyadmin/phpmyadmin 38 https://github.com/plone/Products.CMFPlone 37 https://github.com/argoproj/argo-cd 37 https://github.com/x-stream/xstream 36 https://github.com/openstack/nova 36 https://github.com/concretecms/concretecms 34 https://github.com/answerdev/answer 34 https://github.com/octobercms/october 33 https://github.com/apache/activemq 33 https://github.com/saltstack/salt 32 https://github.com/sparklemotion/nokogiri 32 https://github.com/matrix-org/synapse 32 https://github.com/go-gitea/gitea 31 https://github.com/PaddlePaddle/Paddle 31 https://github.com/magento/magento2 31 https://github.com/parse-community/parse-server 29 https://github.com/craftcms/cms 29 https://github.com/mautic/mautic 28 https://github.com/opencv/opencv 28 https://github.com/CVEProject/cvelist 28 https://github.com/snipe/snipe-it 28 https://github.com/mlflow/mlflow 27 https://github.com/openstack/keystone 27 https://github.com/froxlor/froxlor 26 https://github.com/apache/inlong 26 https://github.com/electron/electron 25 https://github.com/rancher/rancher 25 https://github.com/dotnet/runtime 24 https://github.com/shopware/shopware 24 https://github.com/getgrav/grav 24 https://github.com/TYPO3/TYPO3.CMS 24 https://github.com/pmmp/PocketMine-MP 23 https://github.com/github/advisory-database 23 https://github.com/livehelperchat/livehelperchat 23 https://github.com/eclipse/jetty.project 23 https://github.com/PrestaShop/PrestaShop 22 https://github.com/baserproject/basercms 22 https://github.com/firefly-iii/firefly-iii 22 https://github.com/nervosnetwork/ckb 22 https://github.com/contao/contao 22 https://github.com/apache/nifi 21 https://github.com/jenkinsci/script-security-plugin 21 https://github.com/strapi/strapi 21 https://github.com/netty/netty 20 https://github.com/jeecgboot/jeecg-boot 20 https://github.com/OpenNMS/opennms 20 https://github.com/cilium/cilium 20 https://github.com/OpenZeppelin/openzeppelin-contracts 20 https://github.com/gogs/gogs 20 https://github.com/nilsteampassnet/teampass 19 https://github.com/hashicorp/consul 19 https://github.com/bcgit/bc-java 19 https://github.com/apache/cxf 19 https://github.com/cloudfoundry/uaa 19 https://github.com/helm/helm 19 https://github.com/intelliants/subrion 19 https://github.com/rubygems/rubygems 18 https://github.com/nilsteampassnet/TeamPass 18 https://github.com/getkirby/kirby 18 https://github.com/vaadin/platform 17 https://github.com/rack/rack 17 https://github.com/liufee/cms 17 https://github.com/directus/directus 17 https://github.com/bytecodealliance/wasmtime 17 https://github.com/rusqlite/rusqlite 16 https://github.com/yetiforcecompany/yetiforcecrm 16 https://github.com/etcd-io/etcd 16 https://github.com/opencast/opencast 16 https://github.com/sequelize/sequelize 16 https://github.com/umbraco/Umbraco-CMS 16 https://github.com/forkcms/forkcms 16 https://github.com/ethereum/go-ethereum 16 https://github.com/hashicorp/vault 16 https://github.com/centreon/centreon 15 https://github.com/simplesamlphp/simplesamlphp 15 https://github.com/laravel/framework 15 https://github.com/puppetlabs/puppet 15 https://github.com/goharbor/harbor 15 https://github.com/geoserver/geoserver 15 https://github.com/OpenMage/magento-lts 15 https://github.com/denoland/deno 15 https://github.com/apache/camel 15 https://github.com/containerd/containerd 14 https://github.com/PHPMailer/PHPMailer 14 https://github.com/mattermost/mattermost 14 https://github.com/pyca/cryptography 14 https://github.com/cockpit-hq/cockpit 14 https://github.com/langchain-ai/langchain 14 https://github.com/moby/moby 14 https://github.com/cobbler/cobbler 14 https://github.com/vantage6/vantage6 14 https://github.com/tinymce/tinymce 14 https://github.com/gradio-app/gradio 14 https://github.com/pyload/pyload 14 https://github.com/quarkusio/quarkus 13 https://github.com/traefik/traefik 13 https://github.com/golang/go 13 https://github.com/hashicorp/nomad 13 https://github.com/swagger-api/swagger-ui 13 https://github.com/silverstripe/silverstripe-framework 13 https://github.com/xuxueli/xxl-job 13 https://github.com/dromara/hutool 13 https://github.com/publify/publify 13 https://github.com/modoboa/modoboa 13 https://github.com/undertow-io/undertow 13 https://github.com/ming-soft/MCMS 13 https://github.com/dompdf/dompdf 13 https://github.com/backstage/backstage 12 https://github.com/apache/dolphinscheduler 12 https://github.com/patriksimek/vm2 12 https://github.com/laurent22/joplin 12 https://github.com/ckeditor/ckeditor4 12 https://github.com/twisted/twisted 12 https://github.com/apache/kylin 12 https://github.com/nodejs/undici 12 https://github.com/TryGhost/Ghost 12 https://github.com/centreon/centreon-archived 12 https://github.com/igniterealtime/Openfire 11 https://github.com/top-think/framework 11 https://github.com/Studio-42/elFinder 11 https://github.com/thorsten/phpMyFAQ 11 https://github.com/dotnet/aspnetcore 11 https://github.com/janeczku/calibre-web 11 https://github.com/cakephp/cakephp 11 https://github.com/openfga/openfga 11 https://github.com/drupal/core 11 https://github.com/onionshare/onionshare 11 https://github.com/puma/puma 11 https://github.com/smarty-php/smarty 11 https://github.com/vaadin/flow 11 https://github.com/1Panel-dev/1Panel 11 https://github.com/aio-libs/aiohttp 11 https://github.com/containers/podman 11 https://github.com/ezsystems/ezpublish-kernel 11 https://github.com/cloudflare/cfrpki 11 https://github.com/nats-io/nats-server 11 https://github.com/zitadel/zitadel 11 https://github.com/opencontainers/runc 11 https://github.com/NodeBB/NodeBB 11 https://github.com/urllib3/urllib3 11 https://github.com/vercel/next.js 11 https://github.com/scrapy/scrapy 11 https://github.com/dolibarr/dolibarr 10 https://github.com/jquery/jquery 10 https://github.com/jenkinsci/git-plugin 10 https://github.com/keystonejs/keystone 10 https://github.com/wagtail/wagtail 10 https://github.com/pimcore/admin-ui-classic-bundle 10 https://github.com/openstack/glance 10 https://github.com/nextauthjs/next-auth 10 https://github.com/Sylius/Sylius 10 https://github.com/codeigniter4/CodeIgniter4 10 https://github.com/dpgaspar/Flask-AppBuilder 10 https://github.com/zopefoundation/Zope 10 https://github.com/greenpau/caddy-security 10 https://github.com/phusion/passenger 10 https://github.com/jupyter/notebook 10 https://github.com/nocodb/nocodb 10 https://github.com/OPCFoundation/UA-.NETStandard 10 https://github.com/WWBN/AVideo 10 https://github.com/Pylons/waitress 9 https://github.com/Graylog2/graylog2-server 9 https://github.com/spring-projects/spring-security 9 https://github.com/neorazorx/facturascripts 9 https://github.com/apache/lucene-solr 9 https://github.com/funadmin/funadmin 9 https://github.com/nautobot/nautobot 9 https://github.com/DSpace/DSpace 9 https://github.com/faucetsdn/ryu 9 https://github.com/semplon/GeniXCMS 9