Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Moderate Security Advisories

Loading...
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTk4bWYtOGY1Ny02NHFm
actionpack Cross-site Scripting vulnerability
Ecosystems: rubygems
Packages: actionpack
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 6 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWc5bXAtOGczaC0zYzVj
flynn/noise has improper nonce handling yielding potential state DoS
Ecosystems: go
Packages: github.com/flynn/noise
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTdoNXYtODV3OS1wcTZj
Denial of service (via resource exhaustion) due to improper input validation in third-party identifier endpoint
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWZtajUtd3Y5Ni1yMmNo
Denial of service vulnerability in org.apache.httpcomponents:httpclient
Ecosystems: maven
Packages: org.apache.httpcomponents:httpclient
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWc3djItMnF4eC13anJ3
Symlink Attack in Libcontainer and Docker Engine
Ecosystems: go
Packages: github.com/docker/docker
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZjcjUteHI5aC1tdmM1
python-gnupg vulnerable to shell injection
Ecosystems: pypi
Packages: python-gnupg
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 5 years ago
Moderate
GSA_kwCzR0hTQS03cjl4LXFycHItM2N4d84AAt8A
mofh Vulnerable to Improper Restriction of XML External Entity Reference
Ecosystems: pypi
Packages: mofh
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTc3M3EtNTMzNC01Z2Y5
Memory over-allocation in evm-core
Ecosystems: cargo
Packages: evm-core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS14cjhmLTU5cHAtcnh4aM4AAq4d
Elevation of privilege in ASP.NET Core
Ecosystems: nuget
Packages: Microsoft.AspNetCore.SpaServices
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1qcjhqLTJqaHAtbTY3ds4AAu1Y
nftables binding to an already bound chain
Ecosystems: go
Packages: github.com/siderolabs/talos
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS05Z2dwLTVyZjQteDdxOc4AAe1h
Fat Free CRM vulnerable to SQL Injection
Ecosystems: rubygems
Packages: fat_free_crm
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1jMmhtLW1qeHYtODlyNM4AA1rG
Multiple soundness issues in lexical
Ecosystems: cargo
Packages: lexical
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS1wNzV2LTM2N3ItMnYyM84AAu2E
`cell-project` used incorrect variance when projecting through `&Cell<T>`
Ecosystems: cargo
Packages: cell-project
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1qaDR4LTR3bWYtNjdwcs4AAfNX
Zend Framework XEE Vulnerability
Ecosystems: packagist
Packages: zendframework/zendframework1
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS02d2NyLXdjcW0tM21maM4AAcl8
Django settings leak in date template filter
Ecosystems: pypi
Packages: django
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1oNWp2LWhnNjgtbWpoZ84AAdTm
Jenkins allows attackers to configure restricted projects
Ecosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS12ajZxLXYyaDctNnE1bc4AAZqz
Jenkins cross-site scripting (XSS) vulnerability
Ecosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1tNnc4LWZxN3YtcGg0bc0h8A
GovernorCompatibilityBravo incorrect ABI encoding may lead to unexpected behavior
Ecosystems: npm
Packages: @openzeppelin/contracts-upgradeable, @openzeppelin/contracts
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS0zcXdjLTQ3amYtNXJmN84AA5xT
eth-abi is vulnerable to recursive DoS
Ecosystems: pypi
Packages: eth-abi
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 months ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZmanItbTd2Ni1mcGc5
jquey is malware
Ecosystems: npm
Packages: jquey
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 6 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTNwY3ItNDk4Mi01NDht
Exposure of .env if project root is configured as web root in shopware/production
Ecosystems: packagist
Packages: shopware/production
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 3 years ago
Moderate
GSA_kwCzR0hTQS1ydjRoLW00d2Mtdjk5d84AA5r9
Apache Archiva Incorrect Authorization vulnerability
Ecosystems: maven
Packages: org.apache.archiva:archiva
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS1xZzRnLTZqY3Etcnc5M81Z2w
Jakarta Apache Tomcat Reveals Physical Paths
Ecosystems: maven
Packages: org.apache.tomcat:tomcat
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS03NG01LTJjN3ctOXczeM4AAxo7
MultipartParser denial of service with too many fields or files
Ecosystems: pypi
Packages: starlette
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWg1Nm0tdnd4Yy0zcXB3
Directory traversal vulnerability in actionpack
Ecosystems: rubygems
Packages: actionpack
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 6 years ago
Moderate
GSA_kwCzR0hTQS1weDd3LWM5Z3ctN2dqM84AA5hU
Apache James server: Privilege escalation via JMX pre-authentication deserialization
Ecosystems: maven
Packages: org.apache.james:james-server
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWNoNnAtNGpjbS1oOHZo
Moderate severity vulnerability that affects Microsoft.AspNetCore.Mvc and Microsoft.AspNetCore.Mvc.Core
Ecosystems: nuget
Packages: Microsoft.AspNetCore.Mvc.WebApiCompatShim, Microsoft.AspNetCore.Mvc.ViewFeatures, Microsoft.AspNetCore.Mvc.TagHelpers, Microsoft.AspNetCore.Mvc.Razor, Microsoft.AspNetCore.Mvc.Razor.Host, Microsoft.AspNetCore.Mvc.Localization, Microsoft.AspNetCore.Mvc.Formatters.Xml, Microsoft.AspNetCore.Mvc.Formatters.Json, Microsoft.AspNetCore.Mvc.DataAnnotations, Microsoft.AspNetCore.Mvc.Cors, Microsoft.AspNetCore.Mvc.ApiExplorer, Microsoft.AspNetCore.Mvc.Abstractions, System.Net.WebSockets.Client, System.Net.Security, System.Net.Http.WinHttpHandler, System.Text.Encodings.Web, System.Net.Http, Microsoft.AspNetCore.Mvc.Core, Microsoft.AspNetCore.Mvc
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 5 years ago
Moderate
GSA_kwCzR0hTQS1xcnA5LTIzcDctZzVtZs4AA5ic
Apache Ambari XML External Entity injection
Ecosystems: maven
Packages: org.apache.ambari.contrib.views:wfmanager
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS12OHZqLWN2MjctaGp2OM4AA5gM
LangChain Experimental vulnerable to arbitrary code execution
Ecosystems: pypi
Packages: langchain-experimental
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS05cTI0LWh3bWMtNzk3eM4AA5cx
Apache Answer Race Condition vulnerability
Ecosystems: go
Packages: github.com/apache/incubator-answer
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS1wY204LXFxcnAtdzZxZs4AA5c8
Enhavo Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: enhavo/enhavo-app
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS13NjZoLWMydmotY203Zs30og
Moodle Authentication Bypass in File Upload
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS14N3I0LTI2bTktaG1ncc4AAa6_
Moodle vulnerable to symlink attack
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS04amZ4LWg2cTItdjRnM84AAdTg
Jenkins session fixation vulnerability
Ecosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS03NXgyLTZoNG0taDZteM4AA5oj
FullStackHero's WebAPI Boilerplate host header injection vulnerability
Ecosystems: nuget
Packages: FullStackHero.WebAPI.Boilerplate
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS1jMzcyLXg1N3AtNng3ds2_bw
Apache Geronimo Application Server multiple cross-site scripting (XSS) vulnerabilities
Ecosystems: maven
Packages: org.apache.geronimo.plugins:console
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS00NmY5LWY4am0tbXcyeM2_OQ
Plone Cross-site Scripting vulnerability in the LiveSearch module
Ecosystems: pypi
Packages: Plone
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS13Yzh3LWdoNW0tNjJmds4AAavw
MoinMoin Access Restrictions Bypassed due to improper ACL enforcement
Ecosystems: pypi
Packages: moin
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS03MzN2LTIybWctN2Y4d84AAa6V
TYPO3 Cross-site Scripting vulnerability in the file backend module
Ecosystems: packagist
Packages: typo3/cms-backend
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1tOGg4LTZydmctZjRtZ823Mw
Apache Tomcat Path Traversal Vulnerability
Ecosystems: maven
Packages: org.apache.tomcat:tomcat
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS13Zm0zLWdxOWgtbXJqbc4AA5dw
Appwrite Directory Traversal vulnerability
Ecosystems: packagist
Packages: appwrite/server-ce
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS14MzM3LTQzbXItZ2czaM20wg
Ignite Realtime Openfire allows remote authenticated users to cause a denial of service
Ecosystems: maven
Packages: org.igniterealtime.openfire:openfire, org.igniterealtime.openfire:parent
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS03OHhqLWNnaDUtMmgyMs4AA5Ki
NPM IP package incorrectly identifies some private IP addresses as public
Ecosystems: npm
Packages: ip
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS14ODlyLTJ3anEtbWo3eM16gg
Apache Tomcat Discloses MS-DOS Pathname
Ecosystems: maven
Packages: org.apache.tomcat:tomcat
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS01bXA0LTMycnItdjN4Nc4AA5Rp
Absolute path traversal vulnerability in digdag server
Ecosystems: maven
Packages: io.digdag:digdag-server
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS1nZ3g5LTQ3MjgtNTg4cs3JTg
Apache Tomcat Directory Traversal vulnerability
Ecosystems: maven
Packages: org.apache.tomcat:tomcat
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1qOXEyLWY5cTctamhncc4AAxG9
CakePHP SecurityComponent cross form submission issue
Ecosystems: packagist
Packages: cakephp/cakephp
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXBtdzQtamd4eC1wY3E5
File System Bounds Escape
Ecosystems: npm
Packages: ftp-srv
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 3 years ago
Moderate
GSA_kwCzR0hTQS1qamc5LW1mNjMtdnFycM4AAZ9F
Cross-site scripting in yui 2.4.0
Ecosystems: npm
Packages: yui2
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXY1cnYtaHB4Zy04eDQ5
Signature validation bypass in ServiceStack
Ecosystems: nuget
Packages: ServiceStack
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 3 years ago
Moderate
GSA_kwCzR0hTQS1oNWptLWpqZ3gtcTJ3Zs2VbA
XWiki Remote Code Execution
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-oldcore
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS14d212LWN4N3AtZnFmY84AA5Oo
caddy-security plugin for Caddy vulnerable to reflected Cross-site Scripting
Ecosystems: go
Packages: github.com/greenpau/caddy-security
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXFxeHAteHA5di12dng2
jquery-ui Tooltip widget vulnerable to XSS
Ecosystems: nuget, maven, rubygems, npm
Packages: jQuery.UI.Combined, org.webjars.npm:jquery-ui, jquery-ui-rails, jquery-ui
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 6 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTU4MjItcHc1Ny12djM3
XSS vulnerability when listing users on add & modify server pages.
Ecosystems: packagist
Packages: pterodactyl/panel
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 3 years ago
Moderate
GSA_kwCzR0hTQS04cjd4LXFxNTUtNzR2Ms30dQ
Moodle does not enforce the forceloginforprofiles setting
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS00cHJoLWdxdzgtcmdoNc2XRQ
Apache Tomcat Directory Traversal
Ecosystems: maven
Packages: org.apache.tomcat:tomcat
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1qY3doLXJqNmotdm03Nc2Bfg
Plone allows remote users to modify arbitrary portraits
Ecosystems: pypi
Packages: plone
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1xZ2ZnLWd2ZmYtNTIzds4AAVGx
python-glanceclient vulnerable to SSL server spoofing due to unverified X.509 certificate
Ecosystems: pypi
Packages: python-glanceclient
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1xZzV2LWp3NmYtcnBmas4AAUqF
SabreDAV Directory Traversal vulnerability
Ecosystems: packagist
Packages: sabre/dav
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1oNGMzLTUyNzUtdnJtZ84AA5Cu
Nervos CKB Pool does not remove the conflicting transactions from the statistics
Ecosystems: cargo
Packages: ckb
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS1qeGN2LXY4NTYtajV2Z81lCQ
Apache Tomcat Source Code Disclosure
Ecosystems: maven
Packages: org.apache.tomcat:tomcat
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWZ3eDUtNWZxai1qdjk4
Cross-Site Scripting in morris.js
Ecosystems: npm
Packages: morris.js
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 5 years ago
Moderate
GSA_kwCzR0hTQS14cjk2LTdjY3AtcGc1Y82YIg
DotNetNuke Vulnerable to XSS in Pass-Through Values
Ecosystems: nuget
Packages: DotNetNuke.Core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWp4cXEtY3FtNi1wZnE5
Regular Expression Denial of Service in slug
Ecosystems: npm
Packages: slug
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 6 years ago
Moderate
GSA_kwCzR0hTQS05eDhtLTJ4cGYtY3JwM84AAtvM
Scrapy before 2.6.2 and 1.8.3 vulnerable to one proxy sending credentials to another
Ecosystems: pypi
Packages: scrapy
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS13Mjc3LXdwcWYtcmNmds4AA5H1
Svix vulnerable to improper comparison of different-length signatures
Ecosystems: cargo
Packages: svix
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS00amp3LXhycjYtOXYzcM2uCQ
Mortbay Jetty Double Slash URI Information Disclosure Vulnerability
Ecosystems: maven
Packages: org.mortbay.jetty:jetty
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS00cXc0LWpwcDQtOGd2cM4AAu97
Unbounded resource exhaustion in cmark-gfm autolink extension may lead to denial of service
Ecosystems: rubygems
Packages: commonmarker
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS12Yzc0LWM0bTYtOTk3Oc4AAZvj
TYPO3 Flow Cross-site scripting (XSS) vulnerability
Ecosystems: packagist
Packages: typo3/flow, neos/flow
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS14Yzl4LWpqNzctOXA5as4AA5Ek
Nokogiri update packaged libxml2 to v2.12.5 to resolve CVE-2024-25062
Ecosystems: rubygems
Packages: nokogiri
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTloeDktdzJqNi1ydzc2
Script Injection in Show In Browser gem
Ecosystems: rubygems
Packages: show_in_browser
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 6 years ago
Moderate
GSA_kwCzR0hTQS1yeDdqLW13NGMtNzZnOc4AATRU
Authlogic Information Exposure vulnerability
Ecosystems: rubygems
Packages: authlogic
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS13MzI3LXdxMjgtM3ZtZs3QXA
CuteSoft CuteEditor Path Traversal vulnerability
Ecosystems: nuget
Packages: CuteEditor
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1tY3hyLWZ4NWYtOTZxcc0Xjw
Server-Side Request Forgery in Concrete CMS
Ecosystems: packagist
Packages: concrete5/core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1mamg2LXA1NjYtd3I2cc4AAtkO
skylot jadx affected by Incorrect Behavior Order in vulnerable dependency
Ecosystems: maven
Packages: io.github.skylot:jadx-core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS0zZ204LTMydnYtcThtcM30tQ
Moodle Cross-site Scripting vulnerability in the KSES text cleaning filter
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1wNzZmLXdyMjItNHJ2Ns4AAxHA
CakePHP vulnerable to Remote File Inclusion through View template name manipulation
Ecosystems: packagist
Packages: cakephp/cakephp
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWc3dzktdm01bS00OHE4
Downloads Resources over HTTP in arcanist
Ecosystems: npm
Packages: arcanist
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 5 years ago
Moderate
GSA_kwCzR0hTQS12NzhjLTRwNjMtMmo2Y84AAuiz
Cleartext Transmission of Sensitive Information in moment-timezone
Ecosystems: npm
Packages: moment-timezone
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS01eGY5LTN2NjMtd3c2Zs3wTQ
Uncontrolled Resource Consumption in Apache CXF
Ecosystems: maven
Packages: org.apache.cxf:cxf-core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1qd2gyLXZycjktdmNwMs4AAuiu
mz-avro's incorrect use of `set_len` allows for un-initialized memory
Ecosystems: cargo
Packages: mz-avro
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS13cGZyLTYyOTctOXY1N80p2w
User object created with invalid provider data in GoTrue
Ecosystems: go
Packages: github.com/netlify/gotrue
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1wNWo3LTI2d2otNDIzas30Hw
Moodle allows discovery of an author's username
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS0zNnhtLTM1cXEtNzk1d84AA1zR
Inventory exposes reference to non-Sync data to an arbitrary thread
Ecosystems: cargo
Packages: inventory
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS1qY3I2LTRmcnEtOWdqas4AA1zQ
Users vulnerable to unaligned read of `*const *const c_char` pointer
Ecosystems: cargo
Packages: users
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 8 months ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWY1bWgtaHE2aC13aHh2
Directory Traversal in bitty
Ecosystems: npm
Packages: bitty
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 5 years ago
Moderate
GSA_kwCzR0hTQS1tOTV4LW0yNWMtdzltcM4AAw6k
XML-RPC for PHP allows access to local files via malicious argument to the Client::send method
Ecosystems: packagist
Packages: phpxmlrpc/phpxmlrpc
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS03dmN4LXY2NXEtOXdwZ84AAw6j
XML-RPC for PHP's `Wrapper::buildClientWrapperCode` method allows code injection via malicious `$client` argument
Ecosystems: packagist
Packages: phpxmlrpc/phpxmlrpc
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1oNnAzLXA0dngtd3I4cc4AAw6h
dompurify vulnerable to Cross-site Scripting
Ecosystems: pypi
Packages: dompurify
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1ndzVqLTc3ZjktdjJnMs3wSw
Loop with Unreachable Exit Condition in Apache CXF
Ecosystems: maven
Packages: org.apache.cxf:cxf-rt-frontend-jaxrs
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS0zbTNyLTgyZ2MtNTNtas4AAWKg
Improper Neutralization of Input During Web Page Generation in Mojarra
Ecosystems: maven
Packages: org.glassfish:javax.faces
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS02Z2pqLWM1bWotNGN2cM4AATod
Improper Input Validation in Apache Tomcat
Ecosystems: maven
Packages: org.apache.tomcat:tomcat
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS14Mjc5LTY4cnItanA0cM4AAvME
Blst vulnerable to incorrect results for some inputs in blst_fp_eucl_inverse function
Ecosystems: go
Packages: github.com/supranational/blst
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS02ODhwLXBnajQtNzdoaM30Tg
Moodle allows attackers to obtain sensitive course-structure information
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS05cXhoLTI1OHYtNjY2Y84AAt5y
owning_ref vulnerable to multiple soundness issues
Ecosystems: cargo
Packages: owning_ref
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1oaHE3LWpmMnAtaHc5Y830Jg
Moodle multiple cross-site request forgery (CSRF) vulnerabilities
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1wNDk3LTM3ZmMteHZ2Y830Mw
Moodle allows attackers to cause a denial of service
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS0zNXByLWdxbTYtcjM2Ns30RQ
Moodle allows attackers to obtain sensitive personal-contact and unread-message-count information
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS0yNjdqLWN3dmctajI4Y830fw
Moodle attackers to modify grade metadata
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1mOThwLTlwcDYtN3E2Y821nA
Apache Tomcat Cross-site scripting (XSS) vulnerability
Ecosystems: maven
Packages: org.apache.tomcat.embed:tomcat-embed-core, org.apache.tomcat:tomcat
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Statistics
Advisories: 18,440
Packages: 8,316
Repositories: 2,465
Ecosystems: 12
Filter by Severity
Moderate 7,964 High 6,379 Critical 2,816 Low 990
Filter by Ecosystem
maven 2,554 packagist 2,155 pypi 1,757 npm 1,062 go 881 nuget 537 rubygems 373 cargo 261 hex 14 swift 12 pub 3 actions 3
Filter by Package
moodle/moodle 247 tensorflow 207 tensorflow-cpu 191 tensorflow-gpu 190 org.jenkins-ci.main:jenkins-core 114 magento/community-edition 96 org.apache.tomcat:tomcat 92 pimcore/pimcore 86 typo3/cms 66 microweber/microweber 62 django 54 dolibarr/dolibarr 53 apache-airflow 52 typo3/cms-core 51 phpmyadmin/phpmyadmin 50 thorsten/phpmyfaq 45 actionpack 42 github.com/usememos/memos 42 apache-superset 40 drupal/core 36 plone 35 concrete5/concrete5 34 showdoc/showdoc 34 librenms/librenms 32 org.keycloak:keycloak-core 31 ansible 31 Plone 30 github.com/mattermost/mattermost-server/v6 30 drupal/drupal 28 intelliants/subrion 27 github.com/mattermost/mattermost/server/v8 27 symfony/symfony 27 craftcms/cms 26 silverstripe/framework 25 com.liferay.portal:release.portal.bom 25 org.elasticsearch:elasticsearch 24 snipe/snipe-it 24 github.com/grafana/grafana 23 baserproject/basercms 22 github.com/answerdev/answer 21 org.apache.struts:struts2-core 20 k8s.io/kubernetes 20 grumpydictator/firefly-iii 19 shopware/shopware 18 rdiffweb 18 froxlor/froxlor 18 shopware/platform 18 nilsteampassnet/teampass 18 matrix-synapse 18 remdex/livehelperchat 18 getkirby/cms 17 moin 17 org.apache.tomcat.embed:tomcat-embed-core 16 vyper 15 github.com/argoproj/argo-cd/v2 15 salt 14 yetiforce/yetiforce-crm 14 nova 14 puppet 14 tribalsystems/zenario 14 prestashop/prestashop 14 nokogiri 14 Pillow 13 forkcms/forkcms 13 Django 13 shopware/core 13 org.keycloak:keycloak-services 13 mautic/core 13 com.jfinal:jfinal 13 org.xwiki.platform:xwiki-platform-oldcore 13 io.undertow:undertow-core 13 org.apache.solr:solr-core 12 github.com/goharbor/harbor 12 com.thoughtworks.xstream:xstream 12 org.apache.jspwiki:jspwiki-main 12 github.com/hashicorp/consul 12 tinymce 12 github.com/docker/docker 12 github.com/hashicorp/vault 12 lavalite/cms 11 github.com/cilium/cilium 11 neutron 11 DotNetNuke.Core 11 github.com/hashicorp/nomad 11 getgrav/grav 11 github.com/argoproj/argo-cd 11 feehi/feehicms 11 org.keycloak:keycloak-parent 11 genix/cms 11 pyftpdlib 11 org.apache.nifi:nifi 10 org.springframework:spring-core 10 org.apache.jspwiki:jspwiki-war 10 activesupport 10 org.springframework.security:spring-security-core 10 PaddlePaddle 10 rack 10 notebook 10 ec-cube/ec-cube 10 github.com/mattermost/mattermost-server 10 github.com/greenpau/caddy-security 10 @openzeppelin/contracts-upgradeable 10 github.com/ethereum/go-ethereum 10 contao/core-bundle 10 github.com/containerd/containerd 10 com.vaadin:vaadin-bom 10 joplin 10 helm.sh/helm/v3 10 wallabag/wallabag 10 typo3/cms-backend 10 francoisjacquet/rosariosis 10 @openzeppelin/contracts 10 org.eclipse.jetty:jetty-server 10 fat_free_crm 10 angular 9 publify_core 9 ghost 9 rubygems-update 9 cakephp/cakephp 9 bolt/bolt 9 zendframework/zendframework1 9 ckeditor4 9 org.igniterealtime.openfire:parent 9 directus 9 org.jenkins-ci.plugins:script-security 9 org.opencrx:opencrx-core-models 9 org.mortbay.jetty:jetty 9 swagger-ui 9 code.gitea.io/gitea 9 tinymce/tinymce 9 jquery-rails 9 TinyMCE 9 glance 9 org.jenkins-ci.plugins:git 9 gogs.io/gogs 9 roundup 9 Microsoft.ChakraCore 8 org.apache.archiva:archiva 8 org.bouncycastle:bcprov-jdk14 8 org.apache.activemq:activemq-client 8 silverstripe/cms 8 sylius/sylius 8 rails-html-sanitizer 8 org.jenkins-ci.plugins:electricflow 8 github.com/kubeedge/kubeedge 8 opencv-python 8 opencv-contrib-python 8 bootstrap 8 rails 8 centreon/centreon 8 org.opencms:opencms-core 8 simplesamlphp/simplesamlphp 8 editor.md 8 contao/contao 8 wasmtime 8 github.com/openfga/openfga 8 impresscms/impresscms 8 actionview 8 electron 8 jquery 8 org.webjars.npm:jquery 8 keystone 7 org.opennms:opennms 7 org.jenkins-ci.plugins:email-ext 7 phpmyfaq/phpmyfaq 7 kevinpapst/kimai2 7 validator 7 io.jenkins:configuration-as-code 7 io.jenkins.blueocean:blueocean 7 org.jenkins-ci.plugins:config-file-provider 7 wagtail 7 vantage6 7 com.vaadin:flow-server 7 org.owasp.antisamy:antisamy 7 jQuery 7 github.com/1Panel-dev/1Panel 7 pillow 7 jQuery.UI.Combined 7 org.webjars.npm:jquery-ui 7 jquery-ui-rails 7 jquery-ui 7 OctoPrint 7 org.apache.james:james-server 7 modoboa 7 pyload-ng 7 org.bouncycastle:bcprov-jdk15 7 github.com/google/fscrypt 7 org.apache.cxf:cxf-core 7 trytond 7 phpbb/phpbb 7 org.jenkins-ci.plugins:subversion 7 org.apache.santuario:xmlsec 7 github.com/moby/moby 7 aiohttp 7 silverstripe/admin 7 next 7 org.bouncycastle:bcprov-jdk15on 7 activerecord 7 admidio/admidio 7 org.cloudfoundry.identity:cloudfoundry-identity-server 6
Filter by Repository
https://github.com/tensorflow/tensorflow 207 https://github.com/moodle/moodle 164 https://github.com/jenkinsci/jenkins 90 https://github.com/pimcore/pimcore 83 https://github.com/microweber/microweber 58 https://github.com/apache/tomcat 53 https://github.com/apache/airflow 51 https://github.com/django/django 50 https://github.com/thorsten/phpmyfaq 45 https://github.com/usememos/memos 42 https://github.com/xwiki/xwiki-platform 38 https://github.com/rails/rails 33 https://github.com/kubernetes/kubernetes 32 https://github.com/TYPO3/typo3 32 https://github.com/star7th/showdoc 32 https://github.com/librenms/librenms 30 https://github.com/plone/Products.CMFPlone 29 https://github.com/keycloak/keycloak 27 https://github.com/ansible/ansible 26 https://github.com/symfony/symfony 22 https://github.com/phpmyadmin/phpmyadmin 22 https://github.com/answerdev/answer 21 https://github.com/spring-projects/spring-framework 21 https://github.com/Dolibarr/dolibarr 21 https://github.com/craftcms/cms 21 https://github.com/snipe/snipe-it 20 https://github.com/argoproj/argo-cd 19 https://github.com/apache/activemq 19 https://github.com/concretecms/concretecms 19 https://github.com/firefly-iii/firefly-iii 19 https://github.com/grafana/grafana 18 https://github.com/ikus060/rdiffweb 18 https://github.com/python-pillow/Pillow 18 https://github.com/livehelperchat/livehelperchat 18 https://github.com/matrix-org/synapse 17 https://github.com/shopware/platform 17 https://github.com/apache/struts 17 https://github.com/shopware/shopware 16 https://github.com/magento/magento2 16 https://github.com/vyperlang/vyper 15 https://github.com/CVEProject/cvelist 15 https://github.com/yetiforcecompany/yetiforcecrm 14 https://github.com/PaddlePaddle/Paddle 14 https://github.com/froxlor/froxlor 14 https://github.com/TYPO3/TYPO3.CMS 14 https://github.com/OpenNMS/opennms 14 https://github.com/getkirby/kirby 13 https://github.com/mautic/mautic 13 https://github.com/go-gitea/gitea 13 https://github.com/x-stream/xstream 13 https://github.com/octobercms/october 13 https://github.com/netty/netty 12 https://github.com/tinymce/tinymce 12 https://github.com/apache/cxf 12 https://github.com/goharbor/harbor 12 https://github.com/contao/contao 11 https://github.com/cilium/cilium 11 https://github.com/intelliants/subrion 11 https://github.com/forkcms/forkcms 11 https://github.com/silverstripe/silverstripe-framework 11 https://github.com/PrestaShop/PrestaShop 11 https://github.com/containerd/containerd 10 https://github.com/moby/moby 10 https://github.com/nilsteampassnet/TeamPass 10 https://github.com/ethereum/go-ethereum 10 https://github.com/vaadin/platform 10 https://github.com/greenpau/caddy-security 10 https://github.com/laurent22/joplin 10 https://github.com/jquery/jquery 10 https://github.com/liufee/cms 10 https://github.com/OpenZeppelin/openzeppelin-contracts 10 https://github.com/helm/helm 10 https://github.com/baserproject/basercms 10 https://github.com/mattermost/mattermost 10 https://github.com/saltstack/salt 10 https://github.com/publify/publify 9 https://github.com/puppetlabs/puppet 9 https://github.com/geoserver/geoserver 9 https://github.com/apache/nifi 9 https://github.com/electron/electron 9 https://github.com/jenkinsci/git-plugin 9 https://github.com/strapi/strapi 9 https://github.com/github/advisory-database 9 https://github.com/sparklemotion/nokogiri 9 https://github.com/fatfreecrm/fat_free_crm 9 https://github.com/eclipse/jetty.project 8 https://github.com/openfga/openfga 8 https://github.com/LavaLite/cms 8 https://github.com/swagger-api/swagger-ui 8 https://github.com/hashicorp/consul 8 https://github.com/jupyter/notebook 8 https://github.com/ckeditor/ckeditor4 8 https://github.com/kubeedge/kubeedge 8 https://github.com/getgrav/grav 8 https://github.com/TryGhost/Ghost 8 https://github.com/wallabag/wallabag 8 https://github.com/rack/rack 8 https://github.com/rails/rails-html-sanitizer 8 https://github.com/nilsteampassnet/teampass 8 https://github.com/bcgit/bc-java 8 https://github.com/bytecodealliance/wasmtime 8 https://github.com/directus/directus 8 https://github.com/rubygems/rubygems 8 https://github.com/pandao/editor.md 8 https://github.com/traefik/traefik 7 https://github.com/gogs/gogs 7 https://github.com/google/fscrypt 7 https://github.com/giampaolo/pyftpdlib 7 https://github.com/apache/zeppelin 7 https://github.com/hashicorp/vault 7 https://github.com/dolibarr/dolibarr 7 https://github.com/chakra-core/ChakraCore 7 https://github.com/pyload/pyload 7 https://github.com/jeecgboot/jeecg-boot 7 https://github.com/aio-libs/aiohttp 7 https://github.com/modoboa/modoboa 7 https://github.com/vantage6/vantage6 7 https://github.com/jenkinsci/blueocean-plugin 7 https://github.com/wagtail/wagtail 7 https://github.com/thorsten/phpMyFAQ 7 https://github.com/nahsra/antisamy 7 https://github.com/opencv/opencv 7 https://github.com/vaadin/flow 7 https://github.com/twbs/bootstrap 7 https://github.com/1Panel-dev/1Panel 7 https://github.com/kevinpapst/kimai2 7 https://github.com/jenkinsci/configuration-as-code-plugin 6 https://github.com/croogo/croogo 6 https://github.com/opensearch-project/security 6 https://github.com/pimcore/customer-data-framework 6 https://github.com/jenkinsci/fortify-on-demand-uploader-plugin 6 https://github.com/panva/jose 6 https://github.com/parse-community/parse-server 6 https://github.com/jenkinsci/config-file-provider-plugin 6 https://github.com/openstack/keystone 6 https://github.com/Sylius/Sylius 6 https://github.com/simplesamlphp/simplesamlphp 6 https://github.com/jenkinsci/script-security-plugin 6 https://github.com/faucetsdn/ryu 6 https://github.com/dompdf/dompdf 6 https://github.com/urllib3/urllib3 6 https://github.com/pimcore/admin-ui-classic-bundle 6 https://github.com/cui2shark/security 6 https://github.com/dotnet/runtime 6 https://github.com/oroinc/orocommerce 6 https://github.com/onionshare/onionshare 6 https://github.com/containers/podman 6 https://github.com/d4wner/Vulnerabilities-Report 6 https://github.com/igniterealtime/Openfire 6 https://github.com/cubefs/cubefs 6 https://github.com/umbraco/Umbraco-CMS 6 https://github.com/neorazorx/facturascripts 6 https://github.com/backstage/backstage 6 https://github.com/opencast/opencast 6 https://github.com/ipython/ipython 6 https://github.com/jquery/jquery-ui 6 https://github.com/cloudflare/cfrpki 6 https://github.com/sulu/sulu 5 https://github.com/lxml/lxml 5 https://github.com/rancher/rancher 5 https://github.com/cri-o/cri-o 5 https://github.com/vercel/next.js 5 https://github.com/quarkusio/quarkus 5 https://github.com/evershopcommerce/evershop 5 https://github.com/numpy/numpy 5 https://github.com/Amanieu/parking_lot 5 https://github.com/pmmp/PocketMine-MP 5 https://github.com/jenkinsci/subversion-plugin 5 https://github.com/apache/lucene-solr 5 https://github.com/hashicorp/nomad 5 https://github.com/vapor/vapor 5 https://github.com/puma/puma 5 https://github.com/etcd-io/etcd 5 https://github.com/cloudfoundry/uaa 5 https://github.com/undertow-io/undertow 5 https://github.com/cakephp/cakephp 5 https://github.com/NodeBB/NodeBB 5 https://github.com/paritytech/frontier 5 https://github.com/admidio/admidio 5 https://github.com/nervosnetwork/ckb 5 https://github.com/centreon/centreon-archived 5 https://github.com/apache/tika 5 https://github.com/apache/kylin 5 https://github.com/opencontainers/runc 5 https://github.com/nodejs/undici 5 https://github.com/hyperium/hyper 5 https://github.com/jenkinsci/codedx-plugin 5 https://github.com/unshiftio/url-parse 5 https://github.com/TribalSystems/Zenario 5 https://github.com/kivikakk/comrak 5 https://github.com/semplon/GeniXCMS 5 https://github.com/lief-project/LIEF 5 https://github.com/alextselegidis/easyappointments 5 https://github.com/xuxueli/xxl-job 5 https://github.com/apache/dolphinscheduler 5 https://bitbucket.org/snakeyaml/snakeyaml 5 https://github.com/zitadel/zitadel 5 https://github.com/bolt/bolt 5 https://github.com/jenkinsci/electricflow-plugin 5