Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Moderate Security Advisories

Loading...
Moderate
GSA_kwCzR0hTQS13NnE3LXd3MngtN2dtM83WcA
Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat
Ecosystems: maven
Packages: org.apache.tomcat:tomcat
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS02MmNmLWp2cHAtNDhxNs4AA4du
Drupal Denial of Service vulnerability
Ecosystems: packagist
Packages: drupal/core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS01ZnBxLTNjOXAtM3Izd84AA4E3
ShifuML shifu code injection vulnerability
Ecosystems: maven
Packages: ml.shifu:shifu
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 5 months ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXFybWMtZmo0NS1xZmMy
Prototype Pollution in extend
Ecosystems: npm
Packages: extend
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 5 years ago
Moderate
GSA_kwCzR0hTQS03ajZ4LTQybW0tcDdqbc4AA0Rd
Zinc Cross-site Scripting vulnerability
Ecosystems: go
Packages: github.com/zinclabs/zinc, github.com/zincsearch/zincsearch
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 11 months ago
Moderate
GSA_kwCzR0hTQS1wMjZ2LTk3dnAtamN4Ns4AAWNP
Access controll bypass in Apache Tomcat
Ecosystems: maven
Packages: org.apache.tomcat:tomcat
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1mcjQ3LXIyMjQtYzM2bc4AAiAI
Cross-site Scripting in LimeSurvey
Ecosystems: packagist
Packages: limesurvey/limesurvey
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1oeHFxLXc0bXItbWM2Ms3e2A
Apache Struts's ParameterInterceptor component does not prevent access to public constructors
Ecosystems: maven
Packages: org.apache.struts:struts2-core, org.apache.struts.xwork:xwork-core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS12cHIzLWY1OTQtbWc1Z84AAcrl
Improper Control of Generation of Code ('Code Injection') in Spring Framework
Ecosystems: maven
Packages: org.springframework:spring
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS03cnE0LXFjcHctNzRncc4AArtK
Formula Injection in Exported Data
Ecosystems: pypi
Packages: inventree
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS0zeHBqLWpndjUtcTR2ds4AAWNB
Access restriction bypass in Apache Tomcat
Ecosystems: maven
Packages: org.apache.tomcat:tomcat
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXczN2MtcTY1My1xZzk1
actionpack Cross-site Scripting vulnerability
Ecosystems: rubygems
Packages: actionpack
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 6 years ago
Moderate
GSA_kwCzR0hTQS05cXIyLWZ4MmctcGZ2aM29lA
Joomla! Open Redirect vulnerability
Ecosystems: packagist
Packages: joomla/framework
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWY1MmctNmpoeC01ODZw
Denial of Service in handlebars
Ecosystems: npm
Packages: handlebars
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Moderate
GSA_kwCzR0hTQS1wYzU0LXBjaG0teGN3Ns4AAdza
XML External Entity Reference in RESTEasy
Ecosystems: maven
Packages: org.jboss.resteasy:resteasy-jaxrs
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS03NTJjLXZmcGYtY3Ayd84AArAR
openark/orchestrator cross-site scripting vulnerability
Ecosystems: go
Packages: github.com/openark/orchestrator
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1xaGNoLWc4cXItcDQ5N84AAd_A
OpenStack Cinder Exposure of Sensitive Information to an Unauthorized Actor vulnerability
Ecosystems: pypi
Packages: cinder
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1qZ2g4LXZjaHctcTNnN84AAxOa
safeurl-python contains Server-Side Request Forgery
Ecosystems: pypi
Packages: safeurl-python
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1qODZ2LTJ2anItZmc4Zs4AA5Cm
Etcd Gateway TLS endpoint validation only confirms TCP reachability
Ecosystems: go
Packages: go.etcd.io/etcd
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 months ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWhnd20tcHY5aC1xNW03
Potential XSS in jQuery dependency in Mirador
Ecosystems: npm
Packages: mirador
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Moderate
GSA_kwCzR0hTQS1nYzQzLWc2MmMtOTlnMs4AAYOX
Improper Access Control in MySQL Connectors Java
Ecosystems: maven
Packages: mysql:mysql-connector-java
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS14YzRnLTd2dzgtOTI0aM4AAaFr
Arbitrary file overwrite in OpenStack Nova
Ecosystems: pypi
Packages: nova
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWo4cjItMng5NC0ycTY3
Cross-Site Scripting in diagram-js-direct-editing
Ecosystems: npm
Packages: diagram-js-direct-editing
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Moderate
GSA_kwCzR0hTQS02cjV2LWhwMzItZmpxd84AAWPc
Improper Access Control in Apache WSS4J
Ecosystems: maven
Packages: org.apache.ws.security:wss4j
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTg2bXItNm04OS12Z2oz
Buffer Overflow in node-weakauras-parser
Ecosystems: npm
Packages: node-weakauras-parser
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Moderate
GSA_kwCzR0hTQS1xNTZoLWpqajYtNTJtZs4AAZnl
Improper Restriction of XML External Entity Reference in Apache POI
Ecosystems: maven
Packages: org.apache.poi:poi
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS0yeHh4LWZoYzgtOXF2cc06mA
Missing `is_nil` requirement
Ecosystems: hex
Packages: ecto
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1xcThtLTlycHgtdzJmbc4AA1EV
Admidio Insufficient Session Expiration vulnerability
Ecosystems: packagist
Packages: admidio/admidio
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 10 months ago
Moderate
GSA_kwCzR0hTQS1wOTN2LW0ycjItNDM4N80vgA
Denial of service via insufficient metadata validation
Ecosystems: go
Packages: github.com/google/fscrypt
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1od3J4LXdjNzUtbWdoN84AAV4o
Spree allows remote attackers to obtain sensitive information
Ecosystems: rubygems
Packages: spree
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1wMmo3LTZnOWgtMzJ4aM02wg
Cross site scripting in Shopizer
Ecosystems: maven
Packages: com.shopizer:shopizer
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1qcG1mLThjajItNTk1Z84AAd97
Improper Link Resolution Before File Access in Apache Hadoop
Ecosystems: maven
Packages: org.apache.hadoop:hadoop-client
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS01d2ZwLTg2NDMtYzU4eM4AAZnQ
Improper Input Validation in Apache POI
Ecosystems: maven
Packages: org.apache.poi:poi
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS04cjMzLXE1ajUtcmg3Z84AA5Jo
APM Server vulnerable to Insertion of Sensitive Information into Log File
Ecosystems: go
Packages: github.com/elastic/apm-server
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS13eDhxLXJnZnItY2Y2ds0XGw
Insufficient Granularity of Access Control in github.com/google/exposure-notifications-verification-server
Ecosystems: go
Packages: github.com/google/exposure-notifications-verification-server
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS02Y3ZmLW01OHEtaDl3Zs4AAxwk
Answer vulnerable to Cross-site Scripting
Ecosystems: go
Packages: github.com/answerdev/answer
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXc5OTItMmdtai05eHhq
Cross-Site Scripting in swagger-ui
Ecosystems: npm
Packages: swagger-ui
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Moderate
GSA_kwCzR0hTQS0yYzNwLTlqNWYtMzNnM84AASbN
Apache OpenMeetings responds to insecure HTTP methods
Ecosystems: maven
Packages: org.apache.openmeetings:openmeetings-parent
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1tN3dyLTJ4ZjctY205cM4AA5v_
pgx SQL Injection via Line Comment Creation
Ecosystems: go
Packages: github.com/jackc/pgx/v4, github.com/jackc/pgx
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS1meDVwLWY2NGgtOTN4Y804Iw
Opened exploitable ports in default docker-compose.yaml in go-ipfs
Ecosystems: go
Packages: github.com/ipfs/go-ipfs
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS04NmZwLWpnd20td2dqNc1mcQ
Apache Tomcat XSS Vulnerability
Ecosystems: maven
Packages: org.apache.tomcat:tomcat
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTUzbWotbWMzOC1xODk0
Remote Memory Exposure in openwhisk
Ecosystems: npm
Packages: openwhisk
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTNmOTUtdzVoNS1mcTg2
Prototype Pollution in mergify
Ecosystems: npm
Packages: mergify
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Moderate
GSA_kwCzR0hTQS1tcnd3LTI3dmMtZ2dods4AA5wA
pgx SQL Injection via Protocol Message Size Overflow
Ecosystems: go
Packages: github.com/jackc/pgx/v5, github.com/jackc/pgx/v4, github.com/jackc/pgproto3/v2, github.com/jackc/pgproto3, github.com/jackc/pgx
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWZ2cTYtNTVndi1qeDlm
SQL Injection in mysql
Ecosystems: npm
Packages: mysql
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Moderate
GSA_kwCzR0hTQS00MmozLTQ5OHEtbTZ2cM4AATn7
Improper Input Validation in Apache Tomcat
Ecosystems: maven
Packages: org.apache.tomcat:tomcat
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTkzOW0tNHhwdy12MzR2
Arbitrary Code Execution in blazar-dashboard
Ecosystems: pypi
Packages: blazar-dashboard
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXByNW0tNHcyMi04NDgz
NanoHTTPD Cross-site Scripting vulnerability
Ecosystems: maven
Packages: org.nanohttpd:nanohttpd-nanolets
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 3 years ago
Moderate
GSA_kwCzR0hTQS14aDV4LWo4amYtcGNweM4AATn8
Improper Neutralization of CRLF Sequences in HTTP Headers in Apache Tomcat
Ecosystems: maven
Packages: org.apache.tomcat:tomcat
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS05ODRtLXJqMjgtOGM2eM4AAYda
Plone unauthorized member addition vulnerability
Ecosystems: pypi
Packages: Products.CMFPlone
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1meHdtLXJ4NjgtcDV2eM0YRQ
XSS in richtext custom tag attributes in ezsystems/ezplatform-richtext
Ecosystems: packagist
Packages: ezsystems/ezplatform-richtext
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS05bXBmLWczZmMtOXJnds4AAe9p
FriendsOfSymfony FOSUserBundle denial of service via login form
Ecosystems: packagist
Packages: friendsofsymfony/user-bundle
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1wcmMzLTdmNDQtdzQ4as4AATn3
Missing XML Validation in Apache Tomcat
Ecosystems: maven
Packages: org.apache.tomcat:tomcat
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS05d2hoLTU4MnItNTg5aM4AAW52
ldap_fluff authentication bypass
Ecosystems: rubygems
Packages: ldap_fluff
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS02aDY3LTkzNHItODJnN84AA3RQ
Bypass of field access control in strapi-plugin-protected-populate
Ecosystems: npm
Packages: strapi-plugin-protected-populate
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS12Y2NwLTV2NWgtcDhtNs4AAehR
Typo3 Information Disclosure
Ecosystems: packagist
Packages: typo3/cms
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS05OHBmLWdmaDMteDNtcM4AAv0C
Read the Docs vulnerable to Cross-Site Scripting (XSS)
Ecosystems: npm
Packages: readthedocs
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS13cng3LXFnbWotbWYycc0hHg
Server-Side Request Forgery in Apache Kylin
Ecosystems: maven
Packages: org.apache.kylin:kylin
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTV4M3YtMmd4ci01OW0y
Directory traversal in Apache RocketMQ
Ecosystems: maven
Packages: org.apache.rocketmq:rocketmq-broker
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 4 years ago
Moderate
GSA_kwCzR0hTQS03andoLTN2cnEtcTNtOM4AA5wG
pgproto3 SQL Injection via Protocol Message Size Overflow
Ecosystems: go
Packages: github.com/jackc/pgx/v5, github.com/jackc/pgx/v4, github.com/jackc/pgproto3/v2, github.com/jackc/pgproto3
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS04MzUzLWZnY3IteGZoeM4AAVMV
Improper Input Validation in Bouncy Castle
Ecosystems: maven
Packages: org.bouncycastle:bcprov-jdk15on
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS01NDI5LXBqd3ctNzY3Nc0hHA
SQL Injection in Apache Kylin
Ecosystems: maven
Packages: org.apache.kylin:kylin
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS14OXZjLTVxNzctbTd4NM4AAxHP
Improper Input Validation in pyload-ng
Ecosystems: pypi
Packages: pyload-ng
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1wMzU4LTU4amotaHA2Nc4AAdHv
Improper Authentication in Apache ActiveMQ
Ecosystems: maven
Packages: org.apache.activemq:activemq-client
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZyM2MtOHhmMy1nZ3Jy
Directory traversal outside of SENDFILE_ROOT in django-sendfile2
Ecosystems: pypi
Packages: django-sendfile2
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 4 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW00NnAtZ2dtNS01ajgz
Rails vulnerable to Cross-site Scripting
Ecosystems: rubygems
Packages: actionpack, rails
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 6 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTMzOHYtMzk1OC04djhy
Information disclosure in JBoss Weld
Ecosystems: maven
Packages: org.jboss.weld:weld-core-bom
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 4 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXc0MmctN3ZmYy14ZjM3
Introspection in schema validation in Apollo Server
Ecosystems: npm
Packages: apollo-server-micro, apollo-server-lambda, apollo-server-koa, apollo-server-hapi, apollo-server-fastify, apollo-server-express, apollo-server-cloudflare, apollo-server-cloud-functions, apollo-server-core, apollo-server-cache-memcached, apollo-server-azure-functions, apollo-server
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 4 years ago
Moderate
GSA_kwCzR0hTQS13eDdjLThqMzUtbXBnOM4AAWDM
Fat Free CRM Cross-Site Request Forgery vulnerability
Ecosystems: rubygems
Packages: fat_free_crm
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1oOHI5LTQ2N3ItdmpqZs4AAwv-
pyLoad vulnerable to Improper Restriction of Rendered UI Layers or Frames
Ecosystems: pypi
Packages: pyload-ng
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1xcHYyLWp4YzctMzYzOM0rzw
Exposure of Sensitive Information in snipe/snipe-it
Ecosystems: packagist
Packages: snipe/snipe-it
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1jaHhmLWZqY2YtN2Z3cM0vfg
Possible filesystem space exhaustion by local users
Ecosystems: go
Packages: github.com/google/fscrypt
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1ndjlqLTR3MjQtcTd2eM0vfQ
Improper random number generation in github.com/coredns/coredns
Ecosystems: go
Packages: github.com/coredns/coredns
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS13Y2Z4LTNtNnYtNGZyZ84AAeVa
Fat Free CRM subject to Cross-site Scripting
Ecosystems: rubygems
Packages: fat_free_crm
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS14cDhwLTlycTUtNHdnds4AAcYZ
ZendXml and Zend Framework contain XXE and XEE Vulnerabilities
Ecosystems: packagist
Packages: zendframework/zendframework, zendframework/zendxml, zendframework/zendframework1
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS13bTh4LXBocDUtaHZxNs4AAx-c
Maligned causes incorrect deallocation
Ecosystems: cargo
Packages: maligned
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS04NjJnLTloNW0tbTNxds0W6A
coreos-installer < 0.10.0 writes world-readable Ignition config to installed system
Ecosystems: cargo
Packages: coreos-installer
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS00cDg4LWNmaHEtZjN2Z84AAw_X
phpMyFAQ has Weak Password Requirements
Ecosystems: packagist
Packages: thorsten/phpmyfaq
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS14bWY0LWozajcteGo3cc1kWA
Apache Tomcat DoS Via Requests Including Null Characters
Ecosystems: maven
Packages: org.apache.tomcat:tomcat
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS0yZ2g4LWdyNngtN3EyNs4AAej4
SOAPpy vulnerable to XXE attacks
Ecosystems: pypi
Packages: SOAPpy
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1xNjU2LWcyeDMtOGNnaM0hHQ
Kylin can receive user input and load any class through Class.forName(...).
Ecosystems: maven
Packages: org.apache.kylin:kylin
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS05djR2LTlmajUtcDk4Ms4AAx90
Answer vulnerable to Cross-site Scripting
Ecosystems: go
Packages: github.com/answerdev/answer
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1oMjg5LXg1d2MteGN2OM0scA
Improper Validation of Certificate with Host Mismatch in mellium.im/xmpp/websocket
Ecosystems: go
Packages: mellium.im/xmpp
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTdycm0tdjQ1Zi1qcDY0
Nokogiri updates packaged dependency on libxml2 from 2.9.10 to 2.9.12
Ecosystems: rubygems
Packages: nokogiri
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 3 years ago
Moderate
GSA_kwCzR0hTQS0yNmhyLXEyd3AtcnZjNc4AA3q9
User with permission to write actions can impersonate another user when auth token is configured in environment variable
Ecosystems: go
Packages: github.com/treeverse/lakefs
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 5 months ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTM5NXctcWhxci05ZnI2
Path Traversal in Apache Flink
Ecosystems: maven
Packages: org.apache.flink:flink-runtime_2.12, org.apache.flink:flink-runtime_2.11
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZ4ODUtajVqMi0yN2p4
actionpack Path Traversal vulnerability
Ecosystems: rubygems
Packages: actionpack
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 6 years ago
Moderate
GSA_kwCzR0hTQS1qOHg3LXFjdzQteHg4Nc4AAxM5
Cross-site Scripting (XSS) in serve-lite
Ecosystems: npm
Packages: serve-lite
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS12OTM1LXBxbXItZzh2Oc0W1w
Unexpected panics in num-bigint
Ecosystems: cargo
Packages: num-bigint
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXcyOW0tZmpwNC1xaG1x
Unsafe Identifiers in Opencast
Ecosystems: maven
Packages: org.opencastproject:base
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 4 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWh4aGotaHA5bS1xd2M0
private_address_check vulnerable to bypass of Resolv.getaddresses method
Ecosystems: rubygems
Packages: private_address_check
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 6 years ago
Moderate
GSA_kwCzR0hTQS12Z213LTljd3ctcXE5Oc0n6Q
Incorrect Authorization in calibreweb
Ecosystems: pypi
Packages: calibreweb
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS0zNGZwLXh2eHAtcmcyMs4AAdIM
Apache ActiveMQ default configuration subject to denial of service
Ecosystems: maven
Packages: org.apache.activemq:activemq-web-demo, org.apache.activemq:apache-activemq
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1xam03LTU1dnYtM2M1Zs4AAxDO
mel-spintax has Inefficient Regular Expression Complexity
Ecosystems: npm
Packages: mel-spintax
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1mcThxLTU1djMtMjk4Ns4AAyg5
Pimcore Perspective Editor vulnerable to stored cross-site scripting (XSS) in perspective name
Ecosystems: packagist
Packages: pimcore/perspective-editor
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1oNzk4LWg3ZmYtOTN4ds30VA
Moodle Arbitrary Redirect
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS14d2hqLXBxY2ctOHJjcs4AAxHB
CakePHP vulnerable to Cross-site Scripting in some development error pages
Ecosystems: packagist
Packages: cakephp/cakephp
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1nNnB3LTk5OXctajc1bc4AAxG5
ELF header parsing library doesn't check for valid offset
Ecosystems: cargo
Packages: elf_rs
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS0zNTMzLXJ2cGMtNng1Ns4AAfYQ
Exposure of Sensitive Information to an Unauthorized Actor in Spring Security
Ecosystems: maven
Packages: org.springframework.security:spring-security-core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS00Zmd2LTg0NDgtZ2Y4Ms4AA0Rf
Zinc Cross-site Scripting vulnerability
Ecosystems: go
Packages: github.com/zinclabs/zinc, github.com/zincsearch/zincsearch
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 11 months ago
Statistics
Advisories: 18,774
Packages: 8,381
Repositories: 2,494
Ecosystems: 12
Filter by Severity
Moderate 8,161 High 6,452 Critical 2,849 Low 1,017
Filter by Ecosystem
maven 2,589 packagist 2,256 pypi 1,820 npm 1,067 go 899 nuget 567 rubygems 373 cargo 262 hex 14 swift 12 pub 3 actions 3
Filter by Package
moodle/moodle 247 tensorflow 207 tensorflow-cpu 191 tensorflow-gpu 190 org.jenkins-ci.main:jenkins-core 114 magento/community-edition 106 org.apache.tomcat:tomcat 92 pimcore/pimcore 86 typo3/cms 66 microweber/microweber 62 django 54 typo3/cms-core 54 dolibarr/dolibarr 53 apache-airflow 52 phpmyadmin/phpmyadmin 50 drupal/core 46 thorsten/phpmyfaq 45 github.com/usememos/memos 42 actionpack 42 apache-superset 40 drupal/drupal 38 plone 35 concrete5/concrete5 34 showdoc/showdoc 34 github.com/grafana/grafana 33 Plone 32 librenms/librenms 32 ansible 31 nova 31 org.keycloak:keycloak-core 31 github.com/mattermost/mattermost-server/v6 30 moin 27 github.com/mattermost/mattermost/server/v8 27 intelliants/subrion 27 symfony/symfony 27 craftcms/cms 26 silverstripe/framework 25 com.liferay.portal:release.portal.bom 25 snipe/snipe-it 24 org.elasticsearch:elasticsearch 24 baserproject/basercms 22 github.com/answerdev/answer 21 org.apache.struts:struts2-core 20 k8s.io/kubernetes 20 grumpydictator/firefly-iii 19 shopware/platform 18 shopware/shopware 18 rdiffweb 18 froxlor/froxlor 18 matrix-synapse 18 remdex/livehelperchat 18 mediawiki/core 18 nilsteampassnet/teampass 18 getkirby/cms 17 keystone 17 org.apache.tomcat.embed:tomcat-embed-core 16 prestashop/prestashop 15 github.com/argoproj/argo-cd/v2 15 vyper 15 tribalsystems/zenario 14 puppet 14 Django 14 salt 14 glance 14 nokogiri 14 yetiforce/yetiforce-crm 14 mautic/core 13 org.keycloak:keycloak-services 13 forkcms/forkcms 13 org.xwiki.platform:xwiki-platform-oldcore 13 github.com/docker/docker 13 io.undertow:undertow-core 13 Pillow 13 com.jfinal:jfinal 13 shopware/core 13 tinymce 12 github.com/goharbor/harbor 12 org.apache.solr:solr-core 12 github.com/hashicorp/consul 12 org.apache.jspwiki:jspwiki-main 12 com.thoughtworks.xstream:xstream 12 neutron 12 github.com/hashicorp/vault 12 github.com/hashicorp/nomad 11 lavalite/cms 11 DotNetNuke.Core 11 pyftpdlib 11 feehi/feehicms 11 github.com/cilium/cilium 11 genix/cms 11 org.bouncycastle:bcprov-jdk14 11 getgrav/grav 11 github.com/argoproj/argo-cd 11 directus 11 org.keycloak:keycloak-parent 11 @openzeppelin/contracts 10 org.eclipse.jetty:jetty-server 10 notebook 10 github.com/ethereum/go-ethereum 10 ec-cube/ec-cube 10 rack 10 org.springframework.security:spring-security-core 10 github.com/greenpau/caddy-security 10 org.bouncycastle:bcprov-jdk15on 10 fat_free_crm 10 github.com/mattermost/mattermost-server 10 @openzeppelin/contracts-upgradeable 10 contao/core-bundle 10 org.apache.jspwiki:jspwiki-war 10 org.apache.nifi:nifi 10 wallabag/wallabag 10 francoisjacquet/rosariosis 10 com.vaadin:vaadin-bom 10 typo3/cms-backend 10 activesupport 10 joplin 10 github.com/containerd/containerd 10 org.springframework:spring-core 10 PaddlePaddle 10 helm.sh/helm/v3 10 swagger-ui 9 roundup 9 TinyMCE 9 org.igniterealtime.openfire:parent 9 org.mortbay.jetty:jetty 9 cakephp/cakephp 9 org.jenkins-ci.plugins:git 9 org.opencrx:opencrx-core-models 9 ghost 9 zendframework/zendframework1 9 gogs.io/gogs 9 angular 9 bolt/bolt 9 publify_core 9 rubygems-update 9 org.jenkins-ci.plugins:script-security 9 horizon 9 ckeditor4 9 tinymce/tinymce 9 code.gitea.io/gitea 9 github.com/openfga/openfga 8 org.apache.activemq:activemq-client 8 wasmtime 8 org.apache.archiva:archiva 8 electron 8 simplesamlphp/simplesamlphp 8 rails-html-sanitizer 8 jquery-rails 8 github.com/kubeedge/kubeedge 8 opencv-python 8 bootstrap 8 org.opencms:opencms-core 8 laravel/framework 8 org.jenkins-ci.plugins:electricflow 8 editor.md 8 rails 8 sylius/sylius 8 contao/contao 8 silverstripe/cms 8 centreon/centreon 8 opencv-contrib-python 8 Microsoft.ChakraCore 8 impresscms/impresscms 8 actionview 8 io.jenkins:configuration-as-code 7 github.com/moby/moby 7 modoboa 7 com.vaadin:flow-server 7 pyload-ng 7 silverstripe/admin 7 trytond 7 phpbb/phpbb 7 admidio/admidio 7 aiohttp 7 validator 7 org.apache.cxf:cxf-core 7 org.opennms:opennms 7 kevinpapst/kimai2 7 io.jenkins.blueocean:blueocean 7 pillow 7 wagtail 7 org.apache.santuario:xmlsec 7 org.bouncycastle:bcprov-jdk15 7 jquery-ui 7 jquery-ui-rails 7 org.bouncycastle:bcprov-jdk15to18 7 org.webjars.npm:jquery-ui 7 jQuery.UI.Combined 7 github.com/google/fscrypt 7 org.owasp.antisamy:antisamy 7 org.jenkins-ci.plugins:subversion 7 phpmyfaq/phpmyfaq 7 activerecord 7 next 7 org.jenkins-ci.plugins:email-ext 7 OctoPrint 7 org.apache.james:james-server 7 github.com/1Panel-dev/1Panel 7 swift 7 vantage6 7
Filter by Repository
https://github.com/tensorflow/tensorflow 207 https://github.com/moodle/moodle 164 https://github.com/jenkinsci/jenkins 90 https://github.com/pimcore/pimcore 83 https://github.com/microweber/microweber 58 https://github.com/django/django 57 https://github.com/apache/tomcat 53 https://github.com/apache/airflow 51 https://github.com/thorsten/phpmyfaq 45 https://github.com/usememos/memos 42 https://github.com/xwiki/xwiki-platform 38 https://github.com/TYPO3/typo3 35 https://github.com/kubernetes/kubernetes 33 https://github.com/rails/rails 33 https://github.com/star7th/showdoc 32 https://github.com/librenms/librenms 30 https://github.com/plone/Products.CMFPlone 29 https://github.com/grafana/grafana 29 https://github.com/keycloak/keycloak 27 https://github.com/ansible/ansible 26 https://github.com/phpmyadmin/phpmyadmin 22 https://github.com/symfony/symfony 22 https://github.com/spring-projects/spring-framework 21 https://github.com/craftcms/cms 21 https://github.com/answerdev/answer 21 https://github.com/openstack/nova 21 https://github.com/Dolibarr/dolibarr 21 https://github.com/snipe/snipe-it 20 https://github.com/apache/activemq 19 https://github.com/argoproj/argo-cd 19 https://github.com/concretecms/concretecms 19 https://github.com/firefly-iii/firefly-iii 19 https://github.com/ikus060/rdiffweb 18 https://github.com/python-pillow/Pillow 18 https://github.com/livehelperchat/livehelperchat 18 https://github.com/matrix-org/synapse 17 https://github.com/shopware/platform 17 https://github.com/apache/struts 17 https://github.com/magento/magento2 16 https://github.com/shopware/shopware 16 https://github.com/vyperlang/vyper 15 https://github.com/openstack/keystone 15 https://github.com/CVEProject/cvelist 15 https://github.com/PaddlePaddle/Paddle 14 https://github.com/froxlor/froxlor 14 https://github.com/yetiforcecompany/yetiforcecrm 14 https://github.com/OpenNMS/opennms 14 https://github.com/TYPO3/TYPO3.CMS 14 https://github.com/go-gitea/gitea 13 https://github.com/octobercms/october 13 https://github.com/getkirby/kirby 13 https://github.com/x-stream/xstream 13 https://github.com/mautic/mautic 13 https://github.com/goharbor/harbor 12 https://github.com/netty/netty 12 https://github.com/PrestaShop/PrestaShop 12 https://github.com/tinymce/tinymce 12 https://github.com/apache/cxf 12 https://github.com/contao/contao 11 https://github.com/intelliants/subrion 11 https://github.com/forkcms/forkcms 11 https://github.com/silverstripe/silverstripe-framework 11 https://github.com/cilium/cilium 11 https://github.com/saltstack/salt 10 https://github.com/laurent22/joplin 10 https://github.com/ethereum/go-ethereum 10 https://github.com/moby/moby 10 https://github.com/liufee/cms 10 https://github.com/baserproject/basercms 10 https://github.com/nilsteampassnet/TeamPass 10 https://github.com/OpenZeppelin/openzeppelin-contracts 10 https://github.com/vaadin/platform 10 https://github.com/helm/helm 10 https://github.com/greenpau/caddy-security 10 https://github.com/containerd/containerd 10 https://github.com/mattermost/mattermost 10 https://github.com/directus/directus 10 https://github.com/github/advisory-database 9 https://github.com/strapi/strapi 9 https://github.com/electron/electron 9 https://github.com/geoserver/geoserver 9 https://github.com/fatfreecrm/fat_free_crm 9 https://github.com/apache/nifi 9 https://github.com/publify/publify 9 https://github.com/jquery/jquery 9 https://github.com/puppetlabs/puppet 9 https://github.com/sparklemotion/nokogiri 9 https://github.com/jenkinsci/git-plugin 9 https://github.com/getgrav/grav 8 https://github.com/pandao/editor.md 8 https://github.com/LavaLite/cms 8 https://github.com/openfga/openfga 8 https://github.com/swagger-api/swagger-ui 8 https://github.com/eclipse/jetty.project 8 https://github.com/ckeditor/ckeditor4 8 https://github.com/bcgit/bc-java 8 https://github.com/rails/rails-html-sanitizer 8 https://github.com/TryGhost/Ghost 8 https://github.com/openstack/glance 8 https://github.com/hashicorp/consul 8 https://github.com/rack/rack 8 https://github.com/rubygems/rubygems 8 https://github.com/bytecodealliance/wasmtime 8 https://github.com/wallabag/wallabag 8 https://github.com/nilsteampassnet/teampass 8 https://github.com/kubeedge/kubeedge 8 https://github.com/jupyter/notebook 8 https://github.com/twbs/bootstrap 7 https://github.com/aio-libs/aiohttp 7 https://github.com/vaadin/flow 7 https://github.com/pyload/pyload 7 https://github.com/nahsra/antisamy 7 https://github.com/opencv/opencv 7 https://github.com/dolibarr/dolibarr 7 https://github.com/hashicorp/vault 7 https://github.com/laravel/framework 7 https://github.com/traefik/traefik 7 https://github.com/wagtail/wagtail 7 https://github.com/scrapy/scrapy 7 https://github.com/apache/zeppelin 7 https://github.com/dotnet/runtime 7 https://github.com/openstack/horizon 7 https://github.com/chakra-core/ChakraCore 7 https://github.com/jeecgboot/jeecg-boot 7 https://github.com/vantage6/vantage6 7 https://github.com/thorsten/phpMyFAQ 7 https://github.com/jenkinsci/blueocean-plugin 7 https://github.com/modoboa/modoboa 7 https://github.com/google/fscrypt 7 https://github.com/1Panel-dev/1Panel 7 https://github.com/gogs/gogs 7 https://github.com/kevinpapst/kimai2 7 https://github.com/giampaolo/pyftpdlib 7 https://github.com/cui2shark/security 6 https://github.com/parse-community/parse-server 6 https://github.com/opensearch-project/security 6 https://github.com/neorazorx/facturascripts 6 https://github.com/ipython/ipython 6 https://github.com/cloudflare/cfrpki 6 https://github.com/jenkinsci/configuration-as-code-plugin 6 https://github.com/pimcore/customer-data-framework 6 https://github.com/jenkinsci/config-file-provider-plugin 6 https://github.com/opencast/opencast 6 https://github.com/panva/jose 6 https://github.com/igniterealtime/Openfire 6 https://github.com/croogo/croogo 6 https://github.com/backstage/backstage 6 https://github.com/jenkinsci/fortify-on-demand-uploader-plugin 6 https://github.com/jquery/jquery-ui 6 https://github.com/urllib3/urllib3 6 https://github.com/dompdf/dompdf 6 https://github.com/containers/podman 6 https://github.com/d4wner/Vulnerabilities-Report 6 https://github.com/umbraco/Umbraco-CMS 6 https://github.com/pimcore/admin-ui-classic-bundle 6 https://github.com/onionshare/onionshare 6 https://github.com/cubefs/cubefs 6 https://github.com/faucetsdn/ryu 6 https://github.com/simplesamlphp/simplesamlphp 6 https://github.com/oroinc/orocommerce 6 https://github.com/jenkinsci/script-security-plugin 6 https://github.com/Sylius/Sylius 6 https://github.com/nocodb/nocodb 6 https://github.com/OctoPrint/OctoPrint 5 https://github.com/cosmos/cosmos-sdk 5 https://github.com/cri-o/cri-o 5 https://github.com/rancher/rancher 5 https://github.com/sulu/sulu 5 https://github.com/opencontainers/runc 5 https://github.com/pmmp/PocketMine-MP 5 https://github.com/cloudfoundry/uaa 5 https://github.com/hashicorp/nomad 5 https://github.com/lief-project/LIEF 5 https://github.com/admidio/admidio 5 https://github.com/unshiftio/url-parse 5 https://github.com/hyperium/hyper 5 https://github.com/puma/puma 5 https://github.com/apache/superset 5 https://github.com/mantisbt/mantisbt 5 https://github.com/etcd-io/etcd 5 https://github.com/paritytech/frontier 5 https://github.com/gradio-app/gradio 5 https://github.com/nervosnetwork/ckb 5 https://github.com/cakephp/cakephp 5 https://github.com/evershopcommerce/evershop 5 https://github.com/NodeBB/NodeBB 5 https://github.com/TribalSystems/Zenario 5 https://github.com/kivikakk/comrak 5 https://github.com/jenkinsci/codedx-plugin 5 https://github.com/alextselegidis/easyappointments 5 https://github.com/apache/tika 5 https://bitbucket.org/snakeyaml/snakeyaml 5 https://github.com/bolt/bolt 5 https://github.com/zitadel/zitadel 5 https://github.com/jenkinsci/subversion-plugin 5 https://github.com/lxml/lxml 5 https://github.com/xuxueli/xxl-job 5 https://github.com/yiisoft/yii2 5 https://github.com/apache/dolphinscheduler 5