Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Moderate Security Advisories

Loading...
Moderate
GSA_kwCzR0hTQS04OXAzLTlqOGMtZnFoNM4AAyDu
User account enumeration in eZ Publish Ibexa Kernel
Ecosystems: packagist
Packages: ezsystems/ezpublish-kernel
Source: GitHub Advisory Database
Blast Radius: 13.5
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS04NzhtLTNnNnEtNTk0cc4AAx7E
OpenZeppelin Contracts contains Incorrect Calculation
Ecosystems: npm
Packages: @openzeppelin/contracts-upgradeable, @openzeppelin/contracts
Source: GitHub Advisory Database
Blast Radius: 29.5
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1wN21qLXh2eGctZ3JmZs4AAyEy
`out_reference::Out::from_raw` should be `unsafe`
Ecosystems: cargo
Packages: out-reference
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS05eHBqLW12cDItMzk0M84AAxyJ
OpenNMS has potential Insertion of Sensitive Information into Log File vulnerability
Ecosystems: maven
Packages: org.opennms:opennms
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS00anB2LThyNTctcHY3as4AAx8Q
@nestjs/core vulnerable to Information Exposure via StreamableFile pipe
Ecosystems: npm
Packages: @nestjs/core
Source: GitHub Advisory Database
Blast Radius: 25.9
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS05OGhxLTNxdmctcGc3OM4AAQ3l
Gem in a Box vulnerable to Cross-site Scripting
Ecosystems: rubygems
Packages: geminabox
Source: GitHub Advisory Database
Blast Radius: 13.2
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS12ODgyLWNjajYtamM0OM3iGw
Rack vulnerable to Denial of Service
Ecosystems: rubygems
Packages: rack
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS12ODI5LXg2aGgtY3Fmcc4AAyDd
Crossplane-runtime contains Improper Input Validation via Compositions
Ecosystems: go
Packages: github.com/crossplane/crossplane
Source: GitHub Advisory Database
Blast Radius: 8.6
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1ndjg2LTQzcnYtNzltMs4AATay
RubyGems Improper Input Validation vulnerability
Ecosystems: maven, rubygems
Packages: org.jruby:jruby-stdlib, rubygems-update
Source: GitHub Advisory Database
Blast Radius: 19.6
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS12aG04LXd3cmYtM2djd84AAyE1
Path Traversal Vulnerability in `LESS` Parser allows reading of sensitive server files
Ecosystems: packagist
Packages: flarum/core
Source: GitHub Advisory Database
Blast Radius: 20.2
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1wOHA3LXgyODgtMjhnNs4AAyJl
Server-Side Request Forgery in Request
Ecosystems: npm
Packages: @cypress/request, request
Source: GitHub Advisory Database
Blast Radius: 36.2
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS14NWozLW1xOWctOGpjOM4AAyK4
Cross-site Scripting (XSS) in UrlSlug Data type
Ecosystems: packagist
Packages: pimcore/pimcore
Source: GitHub Advisory Database
Blast Radius: 11.9
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS12cTU5LTV4MjYtaDYzOc4AAyK3
Authorization Bypass Through User-Controlled Key play-with-docker
Ecosystems: go
Packages: github.com/play-with-docker/play-with-docker
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS13NnB2LWM3NTctNnJncs4AAqLL
apollo_upload_server has Denial of Service vulnerability
Ecosystems: rubygems
Packages: apollo_upload_server
Source: GitHub Advisory Database
Blast Radius: 19.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS04Zmc4LWpoMmgtZjJoY84AAyLE
Potential network policy bypass when routing IPv6 traffic
Ecosystems: go
Packages: github.com/cilium/cilium
Source: GitHub Advisory Database
Blast Radius: 8.5
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS00aGM0LXBnZngtM21yeM4AAyLD
cilium-agent container can access the host via `hostPath` mount
Ecosystems: go
Packages: github.com/cilium/cilium
Source: GitHub Advisory Database
Blast Radius: 8.9
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS02eDV2LWN4cHAtcGM1eM4AAyMs
Answer has Observable Response Discrepancy
Ecosystems: go
Packages: github.com/answerdev/answer
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1qeHI2LTdxZzUtOHd2Ns4AAyPK
OpenNMS Meridian and Horizon vulnerable to Cross-Site Request Forgery
Ecosystems: maven
Packages: org.opennms:opennms-webapp
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS0ycTVjLXF3OWMtZm12cc4AAyQf
Argo CD authenticated but unauthorized users may enumerate Application names via the API
Ecosystems: go
Packages: github.com/argoproj/argo-cd/v2, github.com/argoproj/argo-cd
Source: GitHub Advisory Database
Blast Radius: 11.5
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1oaDUyLWc1YzQtd3ByaM4AAyQl
Moodle may allow authenticated users to enumerate other user's names via learning plans page
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 6.1
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS03N2ptLWYzdmoteHZ4Ms4AAyQq
Moodle vulnerable to Cross-site Scripting
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 8.6
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS04dnhjLXI1d3Atdmd2Y84AAyUG
Versionize::deserialize implementation for FamStructWrapper<T> is lacking bound checks, potentially leading to out of bounds memory accesses
Ecosystems: cargo
Packages: versionize
Source: GitHub Advisory Database
Blast Radius: 9.3
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1mcW0yLWdoOHctZ3I2OM4AAyT9
TensorFlow vulnerable to segfault when opening multiframe gif
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 31.6
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1jajZyLThweGotNWp2Ns4AAyCF
Incorrect Permission Preservation in Jenkins Core
Ecosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1jcDR3LTZ4NHctdjJoNc4AAyW1
lambdaisland/uri `authority-regex` returns the wrong authority
Ecosystems: maven
Packages: lambdaisland:uri
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS01cjN4LXA3eHgteDZxNc4AAyXo
Comrak AST node data is not validated (GHSL-2023-049)
Ecosystems: cargo
Packages: comrak
Source: GitHub Advisory Database
Blast Radius: 14.5
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1mN3JwLXh4NjctNHBqOc4AAyiW
Phachon mm-wiki vulnerable to stored cross-site scripting (XSS)
Ecosystems: go
Packages: github.com/phachon/mm-wiki
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1td3h3LWh4dnAtNHIycs4AAyfe
Firefly III vulnerable to improper input validation
Ecosystems: packagist
Packages: grumpydictator/firefly-iii
Source: GitHub Advisory Database
Blast Radius: 4.1
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1oN3Z2LTQ2cDUtcHJtaM4AAyjs
Firefly III insufficiently expires sessions
Ecosystems: packagist
Packages: grumpydictator/firefly-iii
Source: GitHub Advisory Database
Blast Radius: 2.9
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS02d3JmLW14ZmotcGY1cM4AAyit
Docker Swarm encrypted overlay network with a single endpoint is unauthenticated
Ecosystems: go
Packages: github.com/docker/docker
Source: GitHub Advisory Database
Blast Radius: 31.3
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS03djdnLTl2eDYtdmNnMs4AAyoN
Goobi viewer Core Reflected Cross-Site Scripting Vulnerability Using LOGID Parameter
Ecosystems: maven
Packages: io.goobi.viewer:viewer-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS13amZjLXBnZnAtcHY5Y84AAy65
Improper Input Validation in nyholm/psr7
Ecosystems: packagist
Packages: nyholm/psr7
Source: GitHub Advisory Database
Blast Radius: 22.5
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1naDV3LWdmZmgtNjhwcs4AAyug
Jenkins Lucene-Search Plugin vulnerable to Cross-Site Request Forgery
Ecosystems: maven
Packages: org.jenkins-ci.plugins:lucene-search
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS02ZzY3LXEzOWctcjc5cc4AAyyO
matrix-js-sdk vulnerable to invisible eavesdropping in group calls
Ecosystems: npm
Packages: matrix-js-sdk
Source: GitHub Advisory Database
Blast Radius: 15.1
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1xdzY5LXJxajgtNnF3OM4AAy3u
OutOfMemoryError for large multipart without filename in Eclipse Jetty
Ecosystems: maven
Packages: org.eclipse.jetty:jetty-server
Source: GitHub Advisory Database
Blast Radius: 24.1
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1mcDM2LW1qdzUtZm1neM4AAy5w
xwiki-platform-web-templates allows users to be created even when registration is disabled without validation via template macro
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-web-templates
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS0zanh3LWN2MzUtMm1tds4AAy5X
Apache DolphinScheduler's python gateway suffered from improper authentication
Ecosystems: maven
Packages: org.apache.dolphinscheduler:dolphinscheduler-api
Source: GitHub Advisory Database
Blast Radius: 8.2
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS05anE1LXh3cXctcThqM84AAy53
XWiki Platform vulnerable to page render failure due to broken translations
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-localization-source-wiki
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1nNjZ2LTN2NjItZzM3Nc4AAy6F
RosarioSIS improper access control vulnerability
Ecosystems: packagist
Packages: francoisjacquet/rosariosis
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS13cW04LWp4OHItOHJjcc4AAy-r
Cross-site scripting vulnerabilities in old version of bundled TinyMCE
Ecosystems: packagist
Packages: silverstripe/admin
Source: GitHub Advisory Database
Blast Radius: 14.8
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS0yYzY3LXA0eGgtbTM0d84AAy_5
Cross-site Scripting (XSS) in Website Settings name field
Ecosystems: packagist
Packages: pimcore/pimcore
Source: GitHub Advisory Database
Blast Radius: 13.4
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1qaDN3LTZqcDItdnFxbc4AAy-8
Missing permission check of canView in GridFieldPrintButton
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 15.6
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS0yMjk1LXZoMjgtcHBoY84AAzAC
Cross-site Scripting (XSS) in DataObjects QuantityValue Unit Definition
Ecosystems: packagist
Packages: pimcore/pimcore
Source: GitHub Advisory Database
Blast Radius: 12.9
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS00NzZnLXY3aGYtY3c1bc4AAy__
Cross-site Scripting (XSS) in Document Properties Parameter
Ecosystems: packagist
Packages: pimcore/pimcore
Source: GitHub Advisory Database
Blast Radius: 12.9
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS02ZnZmLXg4YzYtMmY2as4AAzAT
Cross-site Scripting (XSS) in DataObject Any Getter grid operator
Ecosystems: packagist
Packages: pimcore/pimcore
Source: GitHub Advisory Database
Blast Radius: 13.4
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1oZzc3LXZ4OXYtZjQ5eM4AAzAS
Path Traversal in Asset "import from server" option
Ecosystems: packagist
Packages: pimcore/pimcore
Source: GitHub Advisory Database
Blast Radius: 16.2
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1mNTVyLThyY3YtbXFjZs4AAzA0
Concrete CMS missing secure cookie parameters
Ecosystems: packagist
Packages: concrete5/concrete5
Source: GitHub Advisory Database
Blast Radius: 4.5
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1tcGhtLWdxaDktcTU5eM4AAzE_
Stored cross site scripting in Microbin
Ecosystems: cargo
Packages: microbin
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS01NXZxLXhwamYtcjJ4Y84AAzAP
Lightbend Alpakka Kafka logs credentials on debug level
Ecosystems: maven
Packages: com.typesafe.akka:akka-stream-kafka
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS01bWdqLW12djgtNDZtd84AAe0M
RubyGems does not verify SSL certificate
Ecosystems: rubygems
Packages: rubygems-update
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS0yZmZwLXc2NjUtOW1neM4AAzGt
Cross Site Scripting in nilsteampassnet/teampass
Ecosystems: packagist
Packages: nilsteampassnet/teampass
Source: GitHub Advisory Database
Blast Radius: 3.3
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1qNG14LTk4aHctNnJ2Ns4AAzGz
craftcms/cms vulnerable to cross site scripting in RSS feed widget
Ecosystems: packagist
Packages: craftcms/cms
Source: GitHub Advisory Database
Blast Radius: 21.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS02OTg3LXhjY3YtZmhqcM4AAzW0
Jenkins Pipeline Utility Steps Plugin arbitrary file write vulnerability
Ecosystems: maven
Packages: org.jenkins-ci.plugins:pipeline-utility-steps
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1ncGMyLWY2Mm0tYzZoNs4AAzXO
Jenkins Code Dx Plugin stores API keys in plain text
Ecosystems: maven
Packages: org.jenkins-ci.plugins:codedx
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS05N3dwLTYzd3EtaGZ3aM4AAzXC
Jenkins Ansible Plugin job configuration form does not mask variables
Ecosystems: maven
Packages: org.jenkins-ci.plugins:ansible
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1wcDhtLXBycjctd3I4d84AAzXG
Jenkins Sidebar Link Plugin vulnerable to Path Traversal
Ecosystems: maven
Packages: org.jenkins-ci.plugins:sidebar-link
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS05NXg0LWo3dmMtaDhtZs4AAzYH
ReactPHP's HTTP server continues parsing unused multipart parts after reaching input field and file upload limits
Ecosystems: packagist
Packages: react/http
Source: GitHub Advisory Database
Blast Radius: 17.5
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS13MnBtLWZyNjItamd2NM4AAzXb
Moodle vulnerable to stored Cross-site Scripting
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 7.6
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1oNzltLTVjbTItMjc4Y84AAza1
User data exposure in Apache InLong
Ecosystems: maven
Packages: org.apache.inlong:manager-web, org.apache.inlong:manager-service, org.apache.inlong:manager-pojo, org.apache.inlong:manager-dao
Source: GitHub Advisory Database
Blast Radius: 10.0
Published: 12 months ago
Moderate
GSA_kwCzR0hTQS1qOHIyLTZ4ODYtcTMzcc4AAzbI
Unintended leak of Proxy-Authorization header in requests
Ecosystems: pypi
Packages: requests
Source: GitHub Advisory Database
Blast Radius: 35.6
Published: 12 months ago
Moderate
GSA_kwCzR0hTQS04Nzc1LTVod3Ytd3I2ds4AAzbF
Potential for cross-site scripting in PostHog-js
Ecosystems: npm
Packages: posthog-js
Source: GitHub Advisory Database
Blast Radius: 18.5
Published: 12 months ago
Moderate
GSA_kwCzR0hTQS1qdjNmLTdtMzMtcXA2Nc4AAze1
Minio console object names with RIGHT-TO-LEFT OVERRIDE unicode character can be exploited
Ecosystems: go
Packages: github.com/minio/console
Source: GitHub Advisory Database
Blast Radius: 7.6
Published: 12 months ago
Moderate
GSA_kwCzR0hTQS1mM3djLTN2eHYteG12cs4AAzdM
Synapse Outgoing federation to specific hosts can be disabled by sending malicious invites
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 7.1
Published: 12 months ago
Moderate
GSA_kwCzR0hTQS1nODJ3LTU4amYtZ2N4eM4AAze2
secrets-store-csi-driver discloses service account tokens in logs
Ecosystems: go
Packages: sigs.k8s.io/secrets-store-csi-driver
Source: GitHub Advisory Database
Blast Radius: 9.6
Published: 12 months ago
Moderate
GSA_kwCzR0hTQS1xdnE4LWN3N2YtbTdtNM4AAzeH
Apache JSPWiki vulnerable to cross-site scripting on several plugins
Ecosystems: maven
Packages: org.apache.jspwiki:jspwiki-war, org.apache.jspwiki:jspwiki-main
Source: GitHub Advisory Database
Blast Radius: 8.2
Published: 12 months ago
Moderate
GSA_kwCzR0hTQS05cXBqLXFxMnItNW1jY84AAzew
html inputs of type password recorded in plaintext when converted to text inputs
Ecosystems: npm
Packages: highlight.run
Source: GitHub Advisory Database
Blast Radius: 10.3
Published: 12 months ago
Moderate
GSA_kwCzR0hTQS14N2ZyLXBnOGYtOTNmNc4AAzhh
sccache vulnerable to privilege escalation if server is run as root
Ecosystems: cargo
Packages: sccache
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 12 months ago
Moderate
GSA_kwCzR0hTQS03eDk0LWp4NzUtM2doNs4AAzfU
Stored cross site scripting in Craft CMS
Ecosystems: packagist
Packages: craftcms/cms
Source: GitHub Advisory Database
Blast Radius: 18.6
Published: 12 months ago
Moderate
GSA_kwCzR0hTQS1oNWc5LTJwMzUtNTRjN84AAzjW
nilsteampassnet/teampass vulnerable to cross-site scripting
Ecosystems: packagist
Packages: nilsteampassnet/teampass
Source: GitHub Advisory Database
Blast Radius: 3.3
Published: 12 months ago
Moderate
GSA_kwCzR0hTQS1tajZwLTNwYzktd2Y1bc4AAzhf
proxy denial of service vulnerability
Ecosystems: npm
Packages: proxy
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 12 months ago
Moderate
GSA_kwCzR0hTQS01aDN4LTl3dnEtdzRtMs4AAzvg
OpenZeppelin Contracts's governor proposal creation may be blocked by frontrunning
Ecosystems: npm
Packages: @openzeppelin/contracts-upgradeable, @openzeppelin/contracts
Source: GitHub Advisory Database
Blast Radius: 24.1
Published: 12 months ago
Moderate
GSA_kwCzR0hTQS1oMndtLXAydmctNnB3NM4AAzxZ
Kredis JSON Possible Deserialization of Untrusted Data Vulnerability
Ecosystems: rubygems
Packages: kredis
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 11 months ago
Moderate
GSA_kwCzR0hTQS00cXZ4LXFxNXctNjk1cM4AAUQ2
HashiCorp Consul can use cleartext agent-to-agent RPC communication
Ecosystems: go
Packages: github.com/hashicorp/consul
Source: GitHub Advisory Database
Blast Radius: 20.5
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS03dzJjLXc0N2gtNzg5d84AAzyW
Doorkeeper Improper Authentication vulnerability
Ecosystems: rubygems
Packages: doorkeeper
Source: GitHub Advisory Database
Blast Radius: 15.7
Published: 11 months ago
Moderate
GSA_kwCzR0hTQS05MjdoLXg0cWotcjI0Ms4AAUL4
github.com/gofiber/fiber/v2 vulnerable to Origin Validation Error
Ecosystems: go
Packages: github.com/gofiber/fiber/v2
Source: GitHub Advisory Database
Blast Radius: 21.9
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS14M2NjLXgzOXAtNDJxeM4AAzz_
fast-xml-parser vulnerable to Prototype Pollution through tag or attribute name
Ecosystems: npm
Packages: fast-xml-parser
Source: GitHub Advisory Database
Blast Radius: 33.8
Published: 11 months ago
Moderate
GSA_kwCzR0hTQS1ycmd3LTNoZzMtOXg4Y80hSg
XSS vulnerability in translations
Ecosystems: packagist
Packages: oro/platform
Source: GitHub Advisory Database
Blast Radius: 15.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1wcXI2LWNtcjItaDhoZs4AAz4B
snappy-java's Integer Overflow vulnerability in shuffle leads to DoS
Ecosystems: maven
Packages: org.xerial.snappy:snappy-java
Source: GitHub Advisory Database
Blast Radius: 23.6
Published: 11 months ago
Moderate
GSA_kwCzR0hTQS03ZzQ1LTRybTYtM21tM84AAz3U
Guava vulnerable to insecure use of temporary directory
Ecosystems: maven
Packages: com.google.guava:guava
Source: GitHub Advisory Database
Blast Radius: 29.4
Published: 11 months ago
Moderate
GSA_kwCzR0hTQS04ZjZ4LXY2ODUtZzJ4Y84AAz2D
Apache Struts vulnerable to memory exhaustion
Ecosystems: maven
Packages: org.apache.struts:struts2-core
Source: GitHub Advisory Database
Blast Radius: 24.6
Published: 11 months ago
Moderate
GSA_kwCzR0hTQS1mNG02LXgyeGotamM3d84AAz50
ke_search (aka Faceted Search) vulnerable to Cross-Site Scripting
Ecosystems: packagist
Packages: tpwd/ke_search
Source: GitHub Advisory Database
Blast Radius: 5.3
Published: 11 months ago
Moderate
GSA_kwCzR0hTQS12djM4LTR4Y2otcTRyd80kAQ
Cross-site Scripting in Apache Knox SSO
Ecosystems: maven
Packages: org.apache.knox:gateway-service-knoxsso
Source: GitHub Advisory Database
Blast Radius: 4.7
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS05YzIyLXB3eHctcDZoeM0bQg
OpenZeppelin Contracts initializer reentrancy may lead to double initialization
Ecosystems: npm
Packages: @openzeppelin/contracts-upgradeable, @openzeppelin/contracts
Source: GitHub Advisory Database
Blast Radius: 25.4
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS04cXY4LWZxNXctcDk2Ns0a1Q
phpservermon is vulnerable to CRLF Injection
Ecosystems: packagist
Packages: phpservermon/phpservermon
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1qM2Y3LTdybWMtNndxas0YEQ
Improper certificate management in AWS IoT Device SDK v2
Ecosystems: pypi, npm, maven
Packages: awsiotsdk, aws-iot-device-sdk-v2, software.amazon.awssdk.iotdevicesdk:aws-iot-device-sdk
Source: GitHub Advisory Database
Blast Radius: 31.6
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS13d2dxLTlqaGYtcWd3Ns0XQQ
Cross-Site Request Forgery allowing sending of test emails and generation of node auto-deployment keys
Ecosystems: packagist
Packages: pterodactyl/panel
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS04NDRtLWNwcjktamNtaM0XLQ
Rails Multisite secure/signed cookies share secrets between sites in a multi-site application
Ecosystems: rubygems
Packages: rails_multisite
Source: GitHub Advisory Database
Blast Radius: 18.2
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS01aHgyLXF4OGotcWpxbc0XFA
Overflow/crash in `tf.image.resize` when size is large
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 26.8
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1oNjdtLXhnOGYtZnhjZs0XBg
Deadlock in mutually recursive `tf.function` objects
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 26.8
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS14M3Y4LWM4cXgtM2ozcs0XBA
Null pointer exception in `DeserializeSparse`
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 26.8
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1ncDJmLTI1NG0tcmgzMs0W9A
Unauthorized access to data in @sap-cloud-sdk/core
Ecosystems: npm
Packages: @sap-cloud-sdk/core
Source: GitHub Advisory Database
Blast Radius: 15.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS04Z3dqLThoeGMtMjg1d80W4g
Prototype Pollution in json-ptr
Ecosystems: npm
Packages: json-ptr
Source: GitHub Advisory Database
Blast Radius: 22.8
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS05Z2ozLWh3cDUtcG13Y80WtQ
XSS in the `altField` option of the Datepicker widget in jquery-ui
Ecosystems: rubygems, maven, nuget, npm
Packages: jquery-ui-rails, org.webjars.npm:jquery-ui, jQuery.UI.Combined, jquery-ui
Source: GitHub Advisory Database
Blast Radius: 59.3
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1tODM2LWd4d3EtajJwbc0WvQ
Improper Access Control in github.com/treeverse/lakefs
Ecosystems: go
Packages: github.com/treeverse/lakefs
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1wdnY4LThmeDktaDY3M80WlQ
Path Traversal in @backstage/plugin-scaffolder-backend
Ecosystems: npm
Packages: @backstage/plugin-scaffolder-backend
Source: GitHub Advisory Database
Blast Radius: 17.9
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1nZ212LTZxOXAtOWdtNs0WhA
Cross-site Scripting in django-unicorn
Ecosystems: pypi
Packages: django-unicorn
Source: GitHub Advisory Database
Blast Radius: 7.8
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1xY2d4LWNycngtMzh2Nc0Wiw
Denial of service in DataCommunicator class in Vaadin 8
Ecosystems: maven
Packages: com.vaadin:vaadin-server
Source: GitHub Advisory Database
Blast Radius: 14.6
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS01ZjM4LTlqdzItNnI2aM0WZQ
Cross-site Scripting in teddy
Ecosystems: npm
Packages: teddy
Source: GitHub Advisory Database
Blast Radius: 6.4
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1mNzk0LXI2eGMtaGYzds0WCQ
Improper Access Control in passport-oauth2
Ecosystems: npm
Packages: passport-oauth2
Source: GitHub Advisory Database
Blast Radius: 24.9
Published: over 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZ2MngtdnJwai1xcXBx
Cross-site scripting in Bleach
Ecosystems: pypi
Packages: bleach
Source: GitHub Advisory Database
Blast Radius: 29.7
Published: over 3 years ago
Statistics
Advisories: 18,774
Packages: 8,381
Repositories: 2,494
Ecosystems: 12
Filter by Severity
Moderate 8,161 High 6,452 Critical 2,849 Low 1,017
Filter by Ecosystem
maven 2,589 packagist 2,256 pypi 1,820 npm 1,067 go 899 nuget 567 rubygems 373 cargo 262 hex 14 swift 12 pub 3 actions 3
Filter by Package
moodle/moodle 247 tensorflow 207 tensorflow-cpu 191 tensorflow-gpu 190 org.jenkins-ci.main:jenkins-core 114 magento/community-edition 106 org.apache.tomcat:tomcat 92 pimcore/pimcore 86 typo3/cms 66 microweber/microweber 62 django 54 typo3/cms-core 54 dolibarr/dolibarr 53 apache-airflow 52 phpmyadmin/phpmyadmin 50 drupal/core 46 thorsten/phpmyfaq 45 github.com/usememos/memos 42 actionpack 42 apache-superset 40 drupal/drupal 38 plone 35 concrete5/concrete5 34 showdoc/showdoc 34 github.com/grafana/grafana 33 Plone 32 librenms/librenms 32 ansible 31 nova 31 org.keycloak:keycloak-core 31 github.com/mattermost/mattermost-server/v6 30 moin 27 github.com/mattermost/mattermost/server/v8 27 intelliants/subrion 27 symfony/symfony 27 craftcms/cms 26 silverstripe/framework 25 com.liferay.portal:release.portal.bom 25 snipe/snipe-it 24 org.elasticsearch:elasticsearch 24 baserproject/basercms 22 github.com/answerdev/answer 21 org.apache.struts:struts2-core 20 k8s.io/kubernetes 20 grumpydictator/firefly-iii 19 shopware/platform 18 shopware/shopware 18 rdiffweb 18 froxlor/froxlor 18 matrix-synapse 18 remdex/livehelperchat 18 mediawiki/core 18 nilsteampassnet/teampass 18 getkirby/cms 17 keystone 17 org.apache.tomcat.embed:tomcat-embed-core 16 prestashop/prestashop 15 github.com/argoproj/argo-cd/v2 15 vyper 15 tribalsystems/zenario 14 puppet 14 Django 14 salt 14 glance 14 nokogiri 14 yetiforce/yetiforce-crm 14 mautic/core 13 org.keycloak:keycloak-services 13 forkcms/forkcms 13 org.xwiki.platform:xwiki-platform-oldcore 13 github.com/docker/docker 13 io.undertow:undertow-core 13 Pillow 13 com.jfinal:jfinal 13 shopware/core 13 tinymce 12 github.com/goharbor/harbor 12 org.apache.solr:solr-core 12 github.com/hashicorp/consul 12 org.apache.jspwiki:jspwiki-main 12 com.thoughtworks.xstream:xstream 12 neutron 12 github.com/hashicorp/vault 12 github.com/hashicorp/nomad 11 lavalite/cms 11 DotNetNuke.Core 11 pyftpdlib 11 feehi/feehicms 11 github.com/cilium/cilium 11 genix/cms 11 org.bouncycastle:bcprov-jdk14 11 getgrav/grav 11 github.com/argoproj/argo-cd 11 directus 11 org.keycloak:keycloak-parent 11 @openzeppelin/contracts 10 org.eclipse.jetty:jetty-server 10 notebook 10 github.com/ethereum/go-ethereum 10 ec-cube/ec-cube 10 rack 10 org.springframework.security:spring-security-core 10 github.com/greenpau/caddy-security 10 org.bouncycastle:bcprov-jdk15on 10 fat_free_crm 10 github.com/mattermost/mattermost-server 10 @openzeppelin/contracts-upgradeable 10 contao/core-bundle 10 org.apache.jspwiki:jspwiki-war 10 org.apache.nifi:nifi 10 wallabag/wallabag 10 francoisjacquet/rosariosis 10 com.vaadin:vaadin-bom 10 typo3/cms-backend 10 activesupport 10 joplin 10 github.com/containerd/containerd 10 org.springframework:spring-core 10 PaddlePaddle 10 helm.sh/helm/v3 10 swagger-ui 9 roundup 9 TinyMCE 9 org.igniterealtime.openfire:parent 9 org.mortbay.jetty:jetty 9 cakephp/cakephp 9 org.jenkins-ci.plugins:git 9 org.opencrx:opencrx-core-models 9 ghost 9 zendframework/zendframework1 9 gogs.io/gogs 9 angular 9 bolt/bolt 9 publify_core 9 rubygems-update 9 org.jenkins-ci.plugins:script-security 9 horizon 9 ckeditor4 9 tinymce/tinymce 9 code.gitea.io/gitea 9 github.com/openfga/openfga 8 org.apache.activemq:activemq-client 8 wasmtime 8 org.apache.archiva:archiva 8 electron 8 simplesamlphp/simplesamlphp 8 rails-html-sanitizer 8 jquery-rails 8 github.com/kubeedge/kubeedge 8 opencv-python 8 bootstrap 8 org.opencms:opencms-core 8 laravel/framework 8 org.jenkins-ci.plugins:electricflow 8 editor.md 8 rails 8 sylius/sylius 8 contao/contao 8 silverstripe/cms 8 centreon/centreon 8 opencv-contrib-python 8 Microsoft.ChakraCore 8 impresscms/impresscms 8 actionview 8 io.jenkins:configuration-as-code 7 github.com/moby/moby 7 modoboa 7 com.vaadin:flow-server 7 pyload-ng 7 silverstripe/admin 7 trytond 7 phpbb/phpbb 7 admidio/admidio 7 aiohttp 7 validator 7 org.apache.cxf:cxf-core 7 org.opennms:opennms 7 kevinpapst/kimai2 7 io.jenkins.blueocean:blueocean 7 pillow 7 wagtail 7 org.apache.santuario:xmlsec 7 org.bouncycastle:bcprov-jdk15 7 jquery-ui 7 jquery-ui-rails 7 org.bouncycastle:bcprov-jdk15to18 7 org.webjars.npm:jquery-ui 7 jQuery.UI.Combined 7 github.com/google/fscrypt 7 org.owasp.antisamy:antisamy 7 org.jenkins-ci.plugins:subversion 7 phpmyfaq/phpmyfaq 7 activerecord 7 next 7 org.jenkins-ci.plugins:email-ext 7 OctoPrint 7 org.apache.james:james-server 7 github.com/1Panel-dev/1Panel 7 swift 7 vantage6 7
Filter by Repository
https://github.com/tensorflow/tensorflow 207 https://github.com/moodle/moodle 164 https://github.com/jenkinsci/jenkins 90 https://github.com/pimcore/pimcore 83 https://github.com/microweber/microweber 58 https://github.com/django/django 57 https://github.com/apache/tomcat 53 https://github.com/apache/airflow 51 https://github.com/thorsten/phpmyfaq 45 https://github.com/usememos/memos 42 https://github.com/xwiki/xwiki-platform 38 https://github.com/TYPO3/typo3 35 https://github.com/kubernetes/kubernetes 33 https://github.com/rails/rails 33 https://github.com/star7th/showdoc 32 https://github.com/librenms/librenms 30 https://github.com/plone/Products.CMFPlone 29 https://github.com/grafana/grafana 29 https://github.com/keycloak/keycloak 27 https://github.com/ansible/ansible 26 https://github.com/phpmyadmin/phpmyadmin 22 https://github.com/symfony/symfony 22 https://github.com/spring-projects/spring-framework 21 https://github.com/craftcms/cms 21 https://github.com/answerdev/answer 21 https://github.com/openstack/nova 21 https://github.com/Dolibarr/dolibarr 21 https://github.com/snipe/snipe-it 20 https://github.com/apache/activemq 19 https://github.com/argoproj/argo-cd 19 https://github.com/concretecms/concretecms 19 https://github.com/firefly-iii/firefly-iii 19 https://github.com/ikus060/rdiffweb 18 https://github.com/python-pillow/Pillow 18 https://github.com/livehelperchat/livehelperchat 18 https://github.com/matrix-org/synapse 17 https://github.com/shopware/platform 17 https://github.com/apache/struts 17 https://github.com/magento/magento2 16 https://github.com/shopware/shopware 16 https://github.com/vyperlang/vyper 15 https://github.com/openstack/keystone 15 https://github.com/CVEProject/cvelist 15 https://github.com/PaddlePaddle/Paddle 14 https://github.com/froxlor/froxlor 14 https://github.com/yetiforcecompany/yetiforcecrm 14 https://github.com/OpenNMS/opennms 14 https://github.com/TYPO3/TYPO3.CMS 14 https://github.com/go-gitea/gitea 13 https://github.com/octobercms/october 13 https://github.com/getkirby/kirby 13 https://github.com/x-stream/xstream 13 https://github.com/mautic/mautic 13 https://github.com/goharbor/harbor 12 https://github.com/netty/netty 12 https://github.com/PrestaShop/PrestaShop 12 https://github.com/tinymce/tinymce 12 https://github.com/apache/cxf 12 https://github.com/contao/contao 11 https://github.com/intelliants/subrion 11 https://github.com/forkcms/forkcms 11 https://github.com/silverstripe/silverstripe-framework 11 https://github.com/cilium/cilium 11 https://github.com/saltstack/salt 10 https://github.com/laurent22/joplin 10 https://github.com/ethereum/go-ethereum 10 https://github.com/moby/moby 10 https://github.com/liufee/cms 10 https://github.com/baserproject/basercms 10 https://github.com/nilsteampassnet/TeamPass 10 https://github.com/OpenZeppelin/openzeppelin-contracts 10 https://github.com/vaadin/platform 10 https://github.com/helm/helm 10 https://github.com/greenpau/caddy-security 10 https://github.com/containerd/containerd 10 https://github.com/mattermost/mattermost 10 https://github.com/directus/directus 10 https://github.com/github/advisory-database 9 https://github.com/strapi/strapi 9 https://github.com/electron/electron 9 https://github.com/geoserver/geoserver 9 https://github.com/fatfreecrm/fat_free_crm 9 https://github.com/apache/nifi 9 https://github.com/publify/publify 9 https://github.com/jquery/jquery 9 https://github.com/puppetlabs/puppet 9 https://github.com/sparklemotion/nokogiri 9 https://github.com/jenkinsci/git-plugin 9 https://github.com/getgrav/grav 8 https://github.com/pandao/editor.md 8 https://github.com/LavaLite/cms 8 https://github.com/openfga/openfga 8 https://github.com/swagger-api/swagger-ui 8 https://github.com/eclipse/jetty.project 8 https://github.com/ckeditor/ckeditor4 8 https://github.com/bcgit/bc-java 8 https://github.com/rails/rails-html-sanitizer 8 https://github.com/TryGhost/Ghost 8 https://github.com/openstack/glance 8 https://github.com/hashicorp/consul 8 https://github.com/rack/rack 8 https://github.com/rubygems/rubygems 8 https://github.com/bytecodealliance/wasmtime 8 https://github.com/wallabag/wallabag 8 https://github.com/nilsteampassnet/teampass 8 https://github.com/kubeedge/kubeedge 8 https://github.com/jupyter/notebook 8 https://github.com/twbs/bootstrap 7 https://github.com/aio-libs/aiohttp 7 https://github.com/vaadin/flow 7 https://github.com/pyload/pyload 7 https://github.com/nahsra/antisamy 7 https://github.com/opencv/opencv 7 https://github.com/dolibarr/dolibarr 7 https://github.com/hashicorp/vault 7 https://github.com/laravel/framework 7 https://github.com/traefik/traefik 7 https://github.com/wagtail/wagtail 7 https://github.com/scrapy/scrapy 7 https://github.com/apache/zeppelin 7 https://github.com/dotnet/runtime 7 https://github.com/openstack/horizon 7 https://github.com/chakra-core/ChakraCore 7 https://github.com/jeecgboot/jeecg-boot 7 https://github.com/vantage6/vantage6 7 https://github.com/thorsten/phpMyFAQ 7 https://github.com/jenkinsci/blueocean-plugin 7 https://github.com/modoboa/modoboa 7 https://github.com/google/fscrypt 7 https://github.com/1Panel-dev/1Panel 7 https://github.com/gogs/gogs 7 https://github.com/kevinpapst/kimai2 7 https://github.com/giampaolo/pyftpdlib 7 https://github.com/cui2shark/security 6 https://github.com/parse-community/parse-server 6 https://github.com/opensearch-project/security 6 https://github.com/neorazorx/facturascripts 6 https://github.com/ipython/ipython 6 https://github.com/cloudflare/cfrpki 6 https://github.com/jenkinsci/configuration-as-code-plugin 6 https://github.com/pimcore/customer-data-framework 6 https://github.com/jenkinsci/config-file-provider-plugin 6 https://github.com/opencast/opencast 6 https://github.com/panva/jose 6 https://github.com/igniterealtime/Openfire 6 https://github.com/croogo/croogo 6 https://github.com/backstage/backstage 6 https://github.com/jenkinsci/fortify-on-demand-uploader-plugin 6 https://github.com/jquery/jquery-ui 6 https://github.com/urllib3/urllib3 6 https://github.com/dompdf/dompdf 6 https://github.com/containers/podman 6 https://github.com/d4wner/Vulnerabilities-Report 6 https://github.com/umbraco/Umbraco-CMS 6 https://github.com/pimcore/admin-ui-classic-bundle 6 https://github.com/onionshare/onionshare 6 https://github.com/cubefs/cubefs 6 https://github.com/faucetsdn/ryu 6 https://github.com/simplesamlphp/simplesamlphp 6 https://github.com/oroinc/orocommerce 6 https://github.com/jenkinsci/script-security-plugin 6 https://github.com/Sylius/Sylius 6 https://github.com/nocodb/nocodb 6 https://github.com/OctoPrint/OctoPrint 5 https://github.com/cosmos/cosmos-sdk 5 https://github.com/cri-o/cri-o 5 https://github.com/rancher/rancher 5 https://github.com/sulu/sulu 5 https://github.com/opencontainers/runc 5 https://github.com/pmmp/PocketMine-MP 5 https://github.com/cloudfoundry/uaa 5 https://github.com/hashicorp/nomad 5 https://github.com/lief-project/LIEF 5 https://github.com/admidio/admidio 5 https://github.com/unshiftio/url-parse 5 https://github.com/hyperium/hyper 5 https://github.com/puma/puma 5 https://github.com/apache/superset 5 https://github.com/mantisbt/mantisbt 5 https://github.com/etcd-io/etcd 5 https://github.com/paritytech/frontier 5 https://github.com/gradio-app/gradio 5 https://github.com/nervosnetwork/ckb 5 https://github.com/cakephp/cakephp 5 https://github.com/evershopcommerce/evershop 5 https://github.com/NodeBB/NodeBB 5 https://github.com/TribalSystems/Zenario 5 https://github.com/kivikakk/comrak 5 https://github.com/jenkinsci/codedx-plugin 5 https://github.com/alextselegidis/easyappointments 5 https://github.com/apache/tika 5 https://bitbucket.org/snakeyaml/snakeyaml 5 https://github.com/bolt/bolt 5 https://github.com/zitadel/zitadel 5 https://github.com/jenkinsci/subversion-plugin 5 https://github.com/lxml/lxml 5 https://github.com/xuxueli/xxl-job 5 https://github.com/yiisoft/yii2 5 https://github.com/apache/dolphinscheduler 5