Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Low Security Advisories

Loading...
Low
GSA_kwCzR0hTQS1yeHJtLXh2cDQtanF2aM4AAeks
OpenStack Keystone Sensitive information disclosure via log files
Ecosystems: pypi
Packages: keystone
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS04cXc5LWdmN3ctNDJ4Nc4AA4a1
Minor fix to previous patch for CVE-2022-35918
Ecosystems: pypi
Packages: streamlit
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 months ago
Low
GSA_kwCzR0hTQS0ydzg3LTVxY2otajZneM4AAefe
OpenStack Compute (Nova) Denial of service due to improper validation of virtual size of QCOW2 image
Ecosystems: pypi
Packages: nova
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS13NDI5LXhjNTUtaGM0OM4AAefd
OpenStack Nova host data leak to vm instance in rescue mode
Ecosystems: pypi
Packages: nova
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW0zM3YtMzM4aC00djlm
Path traversal in Node-Red
Ecosystems: npm
Packages: @node-red/runtime
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 3 years ago
Low
GSA_kwCzR0hTQS12MmY5LXJ2Nnctdnc4cs4AA74X
Sylius potentially vulnerable to Cross Site Scripting via "Name" field (Taxons, Products, Options, Variants) in Admin Panel
Ecosystems: packagist
Packages: sylius/sylius
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 days ago
Low
GSA_kwCzR0hTQS01NjQ0LTJ2M2gtNXc0eM4AAefz
OpenStack Nova denial of service through compressed disk images
Ecosystems: pypi
Packages: nova
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS1qdjM0LXh2anEtcHBjaM4AAeqY
OpenStack Nova VMWare driver leaks rescued images
Ecosystems: pypi
Packages: nova
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTkzeGotOG1ydi00NDRt
Regular Expression Denial of Service (REDoS) in httplib2
Ecosystems: pypi
Packages: httplib2
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Low
GSA_kwCzR0hTQS13djhnLWZ4OWotcTJqZ84AAdaE
phpMyAdmin cross-site scripting Vulnerability via ENUM value
Ecosystems: packagist
Packages: phpmyadmin/phpmyadmin
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS1yM3c0LTM2eDYtN3I5Oc4AA8Ey
Nokogiri updates packaged libxml2 to v2.12.7 to resolve CVE-2024-34459
Ecosystems: rubygems
Packages: nokogiri
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 1 day ago
Low
GSA_kwCzR0hTQS1nNDlxLWp3NDItNng4Nc4AA74Q
thelounge may publicly disclose of all usernames/idents via port 113
Ecosystems: npm
Packages: thelounge
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 7 days ago
Low
GSA_kwCzR0hTQS03MzNyLTh4Y3Atdzltcs4AA4N5
Flarum's logout Route allows open redirects
Ecosystems: packagist
Packages: flarum/framework, flarum/core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 months ago
Low
GSA_kwCzR0hTQS1nZnJoLWd3cWMtNjNjds4AA5El
Sulu HTML Injection via Autocomplete Suggestion
Ecosystems: packagist
Packages: sulu/sulu
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
Low
GSA_kwCzR0hTQS05dzk3LTlycXgtOHY0as4AA4Jd
Mattermost allows demoted guests to change group names
Ecosystems: go
Packages: github.com/mattermost/mattermost/server/v8
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 months ago
Low
GSA_kwCzR0hTQS1jOWNwLTljNzUtOXY4Y84AA8Eg
containerd started with non-empty inheritable Linux process capabilities
Ecosystems: go
Packages: github.com/containerd/containerd
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 1 day ago
Low
GSA_kwCzR0hTQS1tcTZ2LXczNWctM2M5N84AA5C1
Local File Inclusion vulnerability in zmarkdown
Ecosystems: npm
Packages: zmarkdown
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
Low
GSA_kwCzR0hTQS12OTMzLXZ4NXAtajd3Ms4AAU0n
OpenStack Oslo utility sensitive information exposure via log files
Ecosystems: pypi
Packages: oslo.utils
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLThwZmgtbW0yZy1obWMz
Authenticated Server Side Request Forgery
Ecosystems: packagist
Packages: shopware/core, shopware/platform
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWNxNmgtdzNtYy01N2Y0
Information exposure via query strings in URL
Ecosystems: packagist
Packages: shopware/core, shopware/platform
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTVxNTgteDVoMi12NXJ4
Authenticated Privilege Escalation
Ecosystems: packagist
Packages: shopware/core, shopware/platform
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Low
GSA_kwCzR0hTQS1wam14LTRnYzYtaHd2OM4AAgJb
Drupal cross-site scripting vulnerability via actions feature and trigger module
Ecosystems: packagist
Packages: drupal/drupal
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS1jN2hoLTN2NmMtZmo0cc4AA1De
matrix-appservice-irc events can be crafted to leak parts of targeted messages from other bridged rooms
Ecosystems: npm
Packages: matrix-appservice-irc
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 10 months ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTQ3cWctcTU4di03dnJw
UNEDITABLE_SCHEMAS and UNEDITABLE_TABLE_DESCRIPTION_MATCH_RULES not respected by frontend service backend
Ecosystems: pypi
Packages: amundsen-frontend
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Low
GSA_kwCzR0hTQS1oeHZwLTY1NXgteHhxds4AAekI
Kafo allows local users to obtain passwords and other sensitive information by reading default_values.yaml
Ecosystems: rubygems
Packages: kafo
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS1nNHdnLWNmcGYtOTY4Oc4AA0zn
keylime fails to flag device as untrusted when signature does not validate
Ecosystems: pypi
Packages: keylime
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 10 months ago
Low
GSA_kwCzR0hTQS1qbTc3LXFwaGYtYzR3OM4AA0_V
pyca/cryptography's wheels include vulnerable OpenSSL
Ecosystems: pypi
Packages: cryptography
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 10 months ago
Low
GSA_kwCzR0hTQS01NmY4LWc2OHItajY5Oc4AAf1H
Cross-site Scripting in Apache Struts
Ecosystems: maven
Packages: org.apache.struts:struts2-core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS0zbXY1LTM0M2MtdzJxZ84AA3yl
Ref methods into_ref, into_mut, into_slice, and into_slice_mut are unsound when used with cell::Ref or cell::RefMut
Ecosystems: cargo
Packages: zerocopy
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 5 months ago
Low
GSA_kwCzR0hTQS00d3h3LTQyd3gtMndmeM4AA5MP
Apache Solr Schema Designer blindly "trusts" all configsets
Ecosystems: maven
Packages: org.apache.solr:solr-core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
Low
GSA_kwCzR0hTQS1xdmdnLXI2cnEtdndmeM4AA8G7
datadog/dd-trace Circumvents open_basedir INI directive
Ecosystems: packagist
Packages: datadog/dd-trace
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 16 hours ago
Low
GSA_kwCzR0hTQS05M3BtLTVwNWYtM2doeM4AAxD0
Denial of Service Vulnerability in Rack Content-Disposition parsing
Ecosystems: rubygems
Packages: rack
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Low
GSA_kwCzR0hTQS05Z2NmLXBxOTktcmp3M84AAZrR
RPLY Predictable Tmpfile Names Allows Cache Spoofing
Ecosystems: pypi
Packages: RPLY
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJ4d3YtM2NjOS1mcDdj
Sensitive Data Exposure in seneca
Ecosystems: npm
Packages: seneca
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 4 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW0zNm0teDRjNS1yanhq
Silently Runs Cryptocoin Miner in hooka-tools
Ecosystems: npm
Packages: hooka-tools
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Low
GSA_kwCzR0hTQS14OXFxLTIzNmotZ2o5N84AA3lE
Canonical LXD documentation improvement to make clear restricted.devices.disk=allow without restricted.devices.disk.paths also allows shift=true
Ecosystems: go
Packages: github.com/canonical/lxd
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 5 months ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTIyaDctN3d3Zy1xbWdn
Prototype Pollution in @hapi/hoek
Ecosystems: npm
Packages: @hapi/hoek
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJtajgtcGozai1oMzYy
Symlink reference outside of node_modules in bin-links
Ecosystems: npm
Packages: bin-links
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWczcXctOXBncC14cGo0
Out-of-bounds Read in njwt
Ecosystems: npm
Packages: njwt
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTlocWotMzhqMi01amdt
Command Injection in ascii-art
Ecosystems: npm
Packages: ascii-art
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTk5MmYtd2Y0dy14MzZ2
Prototype Pollution in merge-objects
Ecosystems: npm
Packages: merge-objects
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTlyM20tbWhmbS0zOWNt
Incorrect Calculation in bigint-money
Ecosystems: npm
Packages: bigint-money
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXY2Z3YtZmc0Ni1oODlq
Sensitive Data Exposure in put
Ecosystems: npm
Packages: put
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXB2NnItdmNoaC1jeGc5
Denial of Service in apostrophe
Ecosystems: npm
Packages: apostrophe
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Low
GSA_kwCzR0hTQS1oOXdxLXhjcXgtbXF4bc4AA0m0
Vendure Cross Site Request Forgery vulnerability impacting all API requests
Ecosystems: npm
Packages: @vendure/core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 10 months ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWh4NzgtMjcycC1tcXFo
Authorization Bypass in graphql-shield
Ecosystems: npm
Packages: graphql-shield
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW04Nm0tNW00NC1wYzkz
Denial of Service in grpc-ts-health-check
Ecosystems: npm
Packages: grpc-ts-health-check
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXY0NW0tMndjcC1nZzk4
Global node_modules Binary Overwrite in bin-links
Ecosystems: npm
Packages: bin-links
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Low
GSA_kwCzR0hTQS1nODkyLTloOG0tcjY5cs4AAWKU
Libcloud does not properly scrub data when destroying a DigitalOcean node
Ecosystems: pypi
Packages: apache-libcloud
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXhmNjQtMmY5cC02cHFx
Information Exposure in type-graphql
Ecosystems: npm
Packages: type-graphql
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTlwcjMtNzQ0OS05Nzdy
Cross-Site Scripting in express-cart
Ecosystems: npm
Packages: express-cart
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Low
GSA_kwCzR0hTQS1yMnh2LXZwcjItNDJtOc4AA2_p
slsa-verifier vulnerable to mproper validation of npm's publish attestations
Ecosystems: go
Packages: github.com/slsa-framework/slsa-verifier, github.com/slsa-framework/slsa-verifier/v2
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
Low
GSA_kwCzR0hTQS1wODR2LTQ1eGotd3dxas4AAxDz
ReDoS based DoS vulnerability in Action Dispatch
Ecosystems: rubygems
Packages: actionpack
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZwOWMtZnB4eC03NDR2
personnummer/ruby vulnerable to Improper Input Validation
Ecosystems: rubygems
Packages: personnummer
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTdqZmgtMnhjOS1jY3Y3
Cross-Site Scripting in public
Ecosystems: npm
Packages: public
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 5 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWh3djUtdzhnbS1mcTlm
Directory Traversal vulnerability in GET/PUT allows attackers to Disclose Information or Write Files via a crafted GET/PUT request
Ecosystems: pypi
Packages: xmpp-http-upload
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Low
GSA_kwCzR0hTQS02OGMyLTRtcHgtcWg5Nc4AA5rz
Potential leakage of Sentry auth tokens by React Native SDK with Expo plugin
Ecosystems: npm
Packages: @sentry/react-native
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJyNWgtZ2g0eC04aHA5
Resources Downloaded over Insecure Protocol in igniteui
Ecosystems: npm
Packages: igniteui
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 5 years ago
Low
GSA_kwCzR0hTQS12bThxLW01N2ctcGZmM84AA6CU
Regular expression denial-of-service in Django
Ecosystems: pypi
Packages: django
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 months ago
Low
GSA_kwCzR0hTQS1tbWg2LW03djktNTk1Ns4AArVk
Regular expression denial of service in markdown-link-extractor
Ecosystems: npm
Packages: markdown-link-extractor
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWhyZmgtZnA0eC1jcnJx
Persistent XSS in newsletter module in Shopware
Ecosystems: packagist
Packages: shopware/shopware
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Low
GSA_kwCzR0hTQS1ycHg2LWhwMmgtZ3d3NM36_A
Jenkins Bugzilla Plugin stores credentials in plain text
Ecosystems: maven
Packages: org.jvnet.hudson.plugins:bugzilla
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Low
GSA_kwCzR0hTQS1jd3F2LTRjZjItNXZmas366w
Jenkins FTP publisher Plugin stores credentials in plain text
Ecosystems: maven
Packages: org.jvnet.hudson.plugins:ftppublisher
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Low
GSA_kwCzR0hTQS04amg5LXdxcGYtcTUyY84AAwBV
sweetalert2 v8.19.1 and above contains hidden functionality
Ecosystems: npm
Packages: sweetalert2
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Low
GSA_kwCzR0hTQS1xcTZoLTVnNmotcTNjbc4AAwBN
sweetalert2 v11.4.9 and above contains hidden functionality
Ecosystems: npm
Packages: sweetalert2
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTNmdzgtNjZ3Zi1wcjdt
methodOverride Middleware Reflected Cross-Site Scripting in connect
Ecosystems: npm
Packages: connect
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTI4ZnctODhocS02am1t
Persistent XSS in shopping worlds
Ecosystems: packagist
Packages: shopware/shopware
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTc0aHYtcWpqcS1oN2c1
datasette-graphql leaks details of the schema of private database files
Ecosystems: pypi
Packages: datasette-graphql
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Low
GSA_kwCzR0hTQS0zNjMzLTVoODItMzlwcc4AAu1W
Go-tuf Improperly handles multiple key IDs for the same public keys in attacker-controlled metadata
Ecosystems: go
Packages: github.com/theupdateframework/go-tuf
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Low
GSA_kwCzR0hTQS12NXAyLXZnM2MtcG1ycs2psg
Apache Tomcat Path Traversal Vulnerability
Ecosystems: maven
Packages: org.apache.tomcat:tomcat
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXBnNTMtNTZjZy00bThx
Token verification bug in next-auth
Ecosystems: npm
Packages: next-auth
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Low
GSA_kwCzR0hTQS02d2p3LXFmODctZnY1ds4AA8Ii
Laravel Encrypter Failure to decryption vulnerability
Ecosystems: packagist
Packages: illuminate/encryption
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 13 hours ago
Low
GSA_kwCzR0hTQS1mNTd2LXE5NjYtN2ZoNs4AA8I3
Monolog Header injection in NativeMailerHandler
Ecosystems: packagist
Packages: monolog/monolog
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 11 hours ago
Low
GSA_kwCzR0hTQS12bXhnLXd4NmMtNGYzcs4AA0CZ
Admidio Improper Access Control vulnerability
Ecosystems: packagist
Packages: admidio/admidio
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 11 months ago
Low
GSA_kwCzR0hTQS1xZmg5LThwNTctbWpqas4AAzx5
git-url-parse crate vulnerable to Regular Expression Denial of Service
Ecosystems: cargo
Packages: git-url-parse
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 11 months ago
Low
GSA_kwCzR0hTQS01ZnA2LTR4dzMteHFxM84AAzyU
@keystone-6/core's bundled cuid package known to be insecure
Ecosystems: npm
Packages: @keystone-6/core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 11 months ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW1yNnItbXZ3NC03MzZn
Vyper interfaces returning integer types less than 256 bits can be manipulated if uint256 is used
Ecosystems: pypi
Packages: vyper
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 4 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXhoZngtaGdtZi12NnZw
Potential Host Header Poisoning on misconfigured servers
Ecosystems: packagist
Packages: october/backend
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 3 years ago
Low
GSA_kwCzR0hTQS1tcnI4LXY0OXctMzMzM84AA0iP
sweetalert2 v11.6.14 and above contains potentially undesirable behavior
Ecosystems: npm
Packages: sweetalert2
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 10 months ago
Low
GSA_kwCzR0hTQS1jaGZtLTY4dnYtcHZ3Nc4AA7eI
XMLUnit for Java has Insecure Defaults when Processing XSLT Stylesheets
Ecosystems: maven
Packages: org.xmlunit:xmlunit-core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 15 days ago
Low
GSA_kwCzR0hTQS1wZmZnLTkyY2cteGY1Y84AA2Qs
gnark-crypto's exponentiation in the pairing target group GT using GLV can give incorrect results
Ecosystems: go
Packages: github.com/consensys/gnark-crypto
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 7 months ago
Low
GSA_kwCzR0hTQS1ocTU4LXA5bXYtMzM4Y84AA2Jf
CometBFT's default for `BlockParams.MaxBytes` consensus parameter may increase block times and affect consensus participation
Ecosystems: go
Packages: github.com/cometbft/cometbft
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 8 months ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWc1NGgtbTM5My1jcHdx
devices resource list treated as a blacklist by default
Ecosystems: go
Packages: github.com/opencontainers/runc
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
Low
GSA_kwCzR0hTQS05dng2LTd4eGYteDk2N84AA5qR
OpenZeppelin Contracts base64 encoding may read from potentially dirty memory
Ecosystems: npm
Packages: @openzeppelin/contracts-upgradeable, @openzeppelin/contracts
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWpjZ3ItOTY5OC04Mmp4
Improper Neutralization of Special Elements used in a Command ('Command Injection') in @floffah/build
Ecosystems: npm
Packages: @floffah/build
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 3 years ago
Low
GSA_kwCzR0hTQS14ajV2LTZ2NGctamZ3Ns4AA5mD
Rack has possible DoS Vulnerability with Range Header
Ecosystems: rubygems
Packages: rack
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
Low
GSA_kwCzR0hTQS02OGpoLXJmNngtODM2Zs4AAz6F
@apollo/server vulnerable to unsafe application of Content Security Policy via reused nonces
Ecosystems: npm
Packages: @apollo/server
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 11 months ago
Low
GSA_kwCzR0hTQS05Y3J4LXAzNTctNXZ3OM4AAeli
Ajenti Cross-site scripting (XSS) vulnerability
Ecosystems: pypi
Packages: ajenti
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS1tOWo3LXhjajctNDJqOc4AAagr
MoinMoin Cross-site Scripting (XSS) vulnerability
Ecosystems: pypi
Packages: moin
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS1qNDM2LWg3aG0tcng0Ns4AATVN
Puppet Labs Facter allows local users to obtain sensitive Amazon EC2 IAM instance metadata
Ecosystems: rubygems
Packages: facter
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Low
GSA_kwCzR0hTQS1ncHY1LTd4M2ctZ2hqds4AAz4I
fast-xml-parser regex vulnerability patch could be improved from a safety perspective
Ecosystems: npm
Packages: fast-xml-parser
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 11 months ago
Low
GSA_kwCzR0hTQS0yOW1mLTYyeHgtMjhqcc4AAzpN
buffered-reader vulnerable to out-of-bounds array access leading to panic
Ecosystems: cargo
Packages: buffered-reader
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 12 months ago
Low
GSA_kwCzR0hTQS00Z21qLTNwM2gtZ204aM4AA5gl
es5-ext vulnerable to Regular Expression Denial of Service in `function#copy` and `function#toStringTokens`
Ecosystems: npm
Packages: es5-ext
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
Low
GSA_kwCzR0hTQS03OWpmLWNjbTgtNDN3N84AAdxo
ceph-deploy uses world-readable permissions on client.admin key
Ecosystems: pypi
Packages: ceph-deploy
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS05dzRmLTN2MzctNmY3Nc4AAcy3
ceph-deploy allows local users to obtain sensitive information by reading the file
Ecosystems: pypi
Packages: ceph-deploy
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS1oMndnLTgzZmMteHZtOc4AAyMw
Answer vulnerable to Business Logic Errors
Ecosystems: go
Packages: github.com/answerdev/answer
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
Low
GSA_kwCzR0hTQS1jcDM5LTQzeHItMndycM30Lw
Moodle XSS Vulnerability
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Low
GSA_kwCzR0hTQS05djhoLTU3Z3YtcWNoNs2qog
Django vulnerable to Denial of Service via i18n middleware component
Ecosystems: pypi
Packages: Django
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Low
GSA_kwCzR0hTQS03Yzk0LWd2dmotcjNtZ84AAzot
cheqd-node affected by Inter-blockchain Communication (IBC) protocol "Huckleberry" vulnerability
Ecosystems: go
Packages: github.com/cheqd/cheqd-node
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 12 months ago
Low
GSA_kwCzR0hTQS01Y3BxLTh3ajctaGYyds4AAzmB
Vulnerable OpenSSL included in cryptography wheels
Ecosystems: pypi
Packages: cryptography
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 12 months ago
Statistics
Advisories: 18,745
Packages: 8,373
Repositories: 449
Ecosystems: 12
Filter by Severity
Moderate 8,146 High 6,444 Critical 2,847 Low 1,015
Filter by Ecosystem
pypi 458 maven 282 packagist 178 npm 129 go 125 rubygems 49 cargo 40 nuget 19 hex 3 pub 1 swift 1 actions 1
Filter by Package
tensorflow 109 tensorflow-gpu 93 tensorflow-cpu 93 moodle/moodle 17 concrete5/concrete5 13 shopware/platform 12 typo3/cms 11 github.com/mattermost/mattermost/server/v8 10 phpmyadmin/phpmyadmin 10 shopware/core 10 nova 9 org.apache.tomcat:tomcat 9 org.jenkins-ci.main:jenkins-core 9 matrix-synapse 7 vyper 7 puppet 6 Umbraco.CMS 6 k8s.io/kubernetes 5 typo3/cms-core 5 wasmtime 5 helm.sh/helm/v3 5 sweetalert2 5 ansible 5 undici 5 baserproject/basercms 5 rack 5 october/backend 5 org.keycloak:keycloak-services 4 com.vaadin:flow-server 4 shopware/shopware 4 simplesamlphp/simplesamlphp 4 electron 4 actionpack 4 magento/community-edition 4 github.com/mattermost/mattermost-server/v6 4 github.com/cilium/cilium 4 helm.sh/helm 4 com.vaadin:vaadin-bom 3 wagtail 3 bin-links 3 ckb 3 plone 3 github.com/cosmos/cosmos-sdk 3 sylius/sylius 3 @openzeppelin/contracts-upgradeable 3 passenger 3 httplib2 3 org.apache.hive:hive 3 ethyca-fides 3 org.apache.hive:hive-service 3 org.apache.hive:hive-exec 3 node-forge 3 glance 3 org.graylog2:graylog2-server 3 cryptography 3 go.etcd.io/etcd 3 nautobot 3 github.com/mattermost/mattermost-server 3 symfony/symfony 3 tuf 2 moin 2 @apollo/server 2 ceph-deploy 2 org.jenkins-ci.plugins:azure-ad 2 github.com/opencontainers/runc 2 tools.devnull:build-notifications 2 silverstripe/framework 2 @openzeppelin/contracts 2 craftcms/cms 2 pip 2 org.apache.activemq:activemq-parent 2 typo3/cms-frontend 2 salt 2 Flask-Security-Too 2 com.inedo.proget:inedo-proget 2 winter/wn-backend-module 2 braces 2 django 2 org.jenkins-ci.plugins:bigpanda-jenkins 2 node-ipc 2 github.com/sigstore/cosign 2 org.jenkins-ci.plugins:ec2 2 Django 2 github.com/answerdev/answer 2 github.com/containerd/containerd 2 next-auth 2 github.com/authzed/spicedb 2 Pillow 2 ezsystems/ezpublish-kernel 2 org.eclipse.jetty:jetty-server 2 cargo 2 s2n-quic 2 vantage6 2 horizon 2 symfony/security-http 2 org.xwiki.platform:xwiki-platform-oldcore 2 github.com/mattermost/mattermost-plugin-jira 2 october/cms 2 com.ruoyi:ruoyi 2 Nova 2 activesupport 2 parse-server 2 flarum/core 2 org.jenkins-ci.plugins:artifactory 2 github.com/ntbosscher/gobase 2 langchain 2 nokogiri 2 org.jenkins-ci.plugins:wso2id-oauth 2 keystone 2 microweber/microweber 2 github.com/cometbft/cometbft 2 gilacms/gila 2 github.com/hashicorp/nomad 2 OctoPrint 2 Zope 2 grumpydictator/firefly-iii 2 aiohttp 2 typo3/cms-install 2 github.com/mutagen-io/mutagen 2 ezsystems/ezplatform-kernel 2 Flask-AppBuilder 2 org.jenkins-ci.plugins:mercurial 2 org.jenkins-ci.plugins:repository-connector 2 org.bouncycastle:bcprov-jdk14 2 go.etcd.io/etcd/client/v3 2 fast-xml-parser 1 org.scala-sbt:io_3 1 org.wiremock:wiremock-standalone 1 github.com/oauth2-proxy/oauth2-proxy 1 ajenti 1 org.jenkins-ci.plugins:snsnotify 1 org.wiremock:wiremock 1 org.scala-sbt:io_2.13 1 org.scala-sbt:io_2.12 1 com.github.tomakehurst:wiremock-jre8 1 com.github.tomakehurst:wiremock-jre8-standalone 1 es5-ext 1 org.scala-sbt:sbt 1 wiremock 1 org.xwiki.platform:xwiki-platform-security-authentication-script 1 github.com/nats-io/nats-server/v2 1 rabbit_common 1 org.keycloak:keycloak-core 1 github.com/oauth2-proxy/oauth2-proxy/v7 1 hyper 1 org.jenkins-ci.plugins:openshift-deployer 1 @diez/generation 1 @liquity/contracts 1 github.com/Masterminds/goutils 1 qutebrowser 1 automad/automad 1 mindspore 1 go.elastic.co/apm 1 kafo 1 net.sf.mpxj:mpxj 1 net.sf.mpxj 1 net.sf.mpxj-for-csharp 1 net.sf.mpxj-for-vb 1 mpxj 1 keylime 1 kimai/kimai 1 zerocopy 1 francoisjacquet/rosariosis 1 RPLY 1 seneca 1 hooka-tools 1 org.bouncycastle:bcprov-jdk15to18 1 org.bouncycastle:bcprov-jdk13 1 org.bouncycastle:bcprov-jdk12 1 io.jenkins.plugins:gitlab-branch-source 1 org.springframework.batch:spring-batch-core 1 org.jenkins-ci.plugins:ghprb 1 com.xuxueli:xxl-job-core 1 virtualenv 1 com.typesafe.play:play 1 ember-source 1 @aedart/support 1 streamlit 1 org.jenkins-ci.plugins:reverse-proxy-auth-plugin 1 thelounge 1 flarum/framework 1 Werkzeug 1 django-basic-auth-ip-whitelist 1 github.com/canonical/lxd 1 markdown-link-extractor 1 github.com/flyteorg/flyteadmin 1 plone.restapi 1 datasette-graphql 1 org.keycloak:keycloak-server-spi-private 1 spina 1 admidio/admidio 1 phpmyfaq/phpmyfaq 1 solidus_backend 1 debug 1 org.keycloak:keycloak-parent 1 org.xmlunit:xmlunit-core 1 github.com/consensys/gnark-crypto 1 github.com/tendermint/tendermint 1 github.com/aws/aws-sdk-go 1 github.com/goharbor/harbor 1
Filter by Repository
https://github.com/tensorflow/tensorflow 109 https://github.com/moodle/moodle 17 https://github.com/concretecms/concretecms 13 https://github.com/shopware/platform 12 https://github.com/openstack/nova 11 https://github.com/etcd-io/etcd 8 https://github.com/umbraco/Umbraco-CMS 7 https://github.com/matrix-org/synapse 7 https://github.com/phpmyadmin/phpmyadmin 7 https://github.com/eclipse/jetty.project 7 https://github.com/vyperlang/vyper 7 https://github.com/octobercms/october 7 https://github.com/rails/rails 6 https://github.com/sweetalert2/sweetalert2 5 https://github.com/nodejs/undici 5 https://github.com/rack/rack 5 https://github.com/ansible/ansible 5 https://github.com/helm/helm 5 https://github.com/kubernetes/kubernetes 5 https://github.com/keycloak/keycloak 5 https://github.com/bytecodealliance/wasmtime 5 https://github.com/baserproject/basercms 5 https://github.com/TYPO3/typo3 5 https://github.com/xwiki/xwiki-platform 5 https://github.com/puppetlabs/puppet 5 https://github.com/jenkinsci/jenkins 5 https://github.com/simplesamlphp/simplesamlphp 4 https://github.com/apache/tomcat 4 https://github.com/cilium/cilium 4 https://github.com/wintercms/winter 4 https://github.com/shopware/shopware 4 https://github.com/electron/electron 4 https://github.com/mattermost/mattermost 4 https://github.com/vaadin/platform 4 https://github.com/django/django 3 https://github.com/cosmos/cosmos-sdk 3 https://github.com/ethyca/fides 3 https://github.com/nautobot/nautobot 3 https://github.com/symfony/symfony 3 https://github.com/pyca/cryptography 3 https://github.com/vaadin/flow 3 https://github.com/Sylius/Sylius 3 https://github.com/httplib2/httplib2 3 https://github.com/openstack/keystone 3 https://github.com/vantage6/vantage6 3 https://github.com/wagtail/wagtail 3 https://github.com/CVEProject/cvelist 3 https://github.com/phusion/passenger 3 https://github.com/nervosnetwork/ckb 3 https://github.com/Graylog2/graylog2-server 3 https://github.com/digitalbazaar/forge 3 https://github.com/apollographql/apollo-server 2 https://github.com/flarum/framework 2 https://github.com/rust-lang/cargo 2 https://github.com/aws/s2n-quic 2 https://github.com/nextauthjs/next-auth 2 https://github.com/apache/activemq 2 https://github.com/quarkusio/quarkus 2 https://github.com/saltstack/salt 2 https://github.com/jenkinsci/ec2-plugin 2 https://github.com/ezsystems/ezplatform-kernel 2 https://github.com/openstack/glance 2 https://github.com/ntbosscher/gobase 2 https://github.com/sparklemotion/nokogiri 2 https://github.com/craftcms/cms 2 https://github.com/nats-io/nats-server 2 https://github.com/ceph/ceph-deploy 2 https://github.com/microweber/microweber 2 https://github.com/aio-libs/aiohttp 2 https://github.com/zopefoundation/Zope 2 https://github.com/octoprint/octoprint 2 https://github.com/cometbft/cometbft 2 https://github.com/GilaCMS/gila 2 https://github.com/containerd/containerd 2 https://github.com/RIAEvangelist/node-ipc 2 https://github.com/openstack/horizon 2 https://github.com/sigstore/cosign 2 https://github.com/parse-community/parse-server 2 https://github.com/theupdateframework/python-tuf 2 https://gitlab.com/sequoia-pgp/sequoia 2 https://github.com/firefly-iii/firefly-iii 2 https://github.com/Flask-Middleware/flask-security 2 https://github.com/TYPO3/TYPO3.CMS 2 https://github.com/mutagen-io/mutagen 2 https://github.com/mattermost/mattermost-plugin-jira 2 https://github.com/dpgaspar/Flask-AppBuilder 2 https://github.com/hashicorp/nomad 2 https://github.com/bcgit/bc-java 2 https://github.com/micromatch/braces 2 https://github.com/pypa/pip 2 https://github.com/opencontainers/runc 2 https://github.com/answerdev/answer 2 https://github.com/authzed/spicedb 2 https://github.com/OpenZeppelin/openzeppelin-contracts 2 https://github.com/opencontainers/distribution-spec 2 https://github.com/brefphp/bref 1 https://github.com/swagger-api/swagger-codegen 1 https://github.com/fastify/fastify-http-proxy 1 https://github.com/joeferner/redis-commander 1 https://github.com/thelounge/thelounge 1 https://github.com/knative-extensions/eventing-github 1 https://github.com/dojo/dijit 1 https://github.com/PHPMailer/PHPMailer 1 https://github.com/personnummer/csharp 1 https://github.com/Consensys/gnark-crypto 1 https://github.com/httpie/httpie 1 https://github.com/waysact/webpack-subresource-integrity 1 https://github.com/keystonejs/keystone 1 https://github.com/plone/Products.CMFPlone 1 https://github.com/jenkinsci/mercurial-plugin 1 https://github.com/canonical/lxd 1 https://github.com/yiisoft/yii2-authclient 1 https://github.com/google/zerocopy 1 https://github.com/ezsystems/ezpublish-kernel 1 https://github.com/tinymce/tinymce 1 https://github.com/NVIDIA/NeMo 1 https://github.com/vapor/postgres-nio 1 https://github.com/jquery-validation/jquery-validation 1 https://github.com/Azure/setup-kubectl 1 https://github.com/theupdateframework/go-tuf 1 https://github.com/croogo/croogo 1 https://github.com/derbyjs/derby 1 https://github.com/puma/puma 1 https://github.com/endojs/endo 1 https://github.com/moq/moq 1 https://github.com/rails/globalid 1 https://github.com/medikoo/es5-ext 1 https://github.com/jenkinsci/email-ext-plugin 1 https://github.com/python-imaging/Pillow 1 https://github.com/jenkinsci/qmetry-for-jira-test-management-plugin 1 https://github.com/Cyber-Domain-Ontology/CDO-Utility-Local-UUID 1 https://github.com/simplegeo/python-oauth2 1 https://github.com/decidim/decidim 1 https://github.com/spinacms/spina 1 https://github.com/keylime/keylime 1 https://github.com/vega/vega 1 https://github.com/Masterminds/goutils 1 https://github.com/skylot/jadx 1 https://github.com/cloudfoundry/uaa 1 https://github.com/directus/directus 1 https://github.com/Twipped/ircdkit 1 https://github.com/electron-userland/electron-packager 1 https://github.com/ktorio/ktor 1 https://github.com/PrestaShop/productcomments 1 https://github.com/mlflow/mlflow 1 https://github.com/kopia/kopia 1 https://github.com/fluent/fluentd 1 https://github.com/jcubic/jquery.terminal 1 https://github.com/lexik/LexikJWTAuthenticationBundle 1 https://github.com/kitabisa/teler 1 https://github.com/firebase/firebase-tools 1 https://github.com/jeremylong/DependencyCheck 1 https://github.com/tauri-apps/tauri 1 https://github.com/node-red/node-red 1 https://github.com/ubernostrum/django-registration 1 https://github.com/personnummer/php 1 https://github.com/openjdk/jfx 1 https://github.com/livehelperchat/livehelperchat 1 https://github.com/CosmWasm/cosmwasm 1 https://github.com/cjvnjde/google-translate-api-browser 1 https://github.com/floriangaerber/Magnesium-PHP 1 https://github.com/zowe/imperative 1 https://github.com/jenkinsci/digitalocean-plugin 1 https://github.com/jenkinsci/inedo-buildmaster-plugin 1 https://github.com/onionshare/onionshare 1 https://github.com/sparklemotion/sqlite3-ruby 1 https://github.com/memorysafety/sudo-rs 1 https://github.com/ericcornelissen/shescape 1 https://github.com/alphagov/tech-docs-gem 1 https://github.com/tailscale/tailscale 1 https://github.com/Nebulosus/shamir 1 https://github.com/ajenti/ajenti 1 https://github.com/xuxueli/xxl-job 1 https://github.com/yourls/yourls 1 https://github.com/bbatsov/rubocop 1 https://github.com/dan1hc/fgr 1 https://github.com/jenkinsci/github-plugin 1 https://github.com/kiwitcms/Kiwi 1 https://github.com/gradle/gradle 1 https://gitlab.com/edneville/please 1 https://github.com/xmlunit/xmlunit 1 https://github.com/octokit/octopoller.rb 1 https://github.com/disintegration/imaging 1 https://github.com/node-js-libs/cli 1 https://github.com/Brondahl/EnumStringValues 1 https://github.com/foxcpp/maddy 1 https://github.com/jenkinsci/git-client-plugin 1 https://github.com/personnummer/go 1 https://github.com/amundsen-io/amundsenfrontendlibrary 1 https://github.com/elastic/apm-agent-go 1 https://github.com/rust-vmm/linux-loader 1 https://github.com/jenkinsci/resource-disposer-plugin 1 https://github.com/zopefoundation/Products.GenericSetup 1 https://github.com/npm/npm 1 https://github.com/triaxtec/openapi-python-client 1 https://github.com/arguiot/EyeJS 1 https://github.com/dub-flow/vulnerability-research 1 https://github.com/jenkinsci/gitlab-plugin 1 https://github.com/impredicative/bitlyshortener 1