Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

High Security Advisories

Loading...
High
GSA_kwCzR0hTQS1qN2hwLWg4angtNXBwcs4AA10j
libwebp: OOB write in BuildHuffmanTable
Ecosystems: nuget, cargo, pypi, go, npm
Packages: magick.net-q8-x64, magick.net-q8-openmp-x64, magick.net-q8-anycpu, magick.net-q16-x64, magick.net-q16-hdri-anycpu, magick.net-q16-anycpu, webp, Pillow, github.com/chai2010/webp, SkiaSharp, electron, libwebp-sys, libwebp-sys2
Source: GitHub Advisory Database
Blast Radius: 130.8
Published: 8 months ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW1ocHAtODc1dy05Y3B2
Denial of Service in jquery
Ecosystems: rubygems, maven, nuget, npm
Packages: jquery-rails, org.webjars.npm:jquery, jQuery, jquery
Source: GitHub Advisory Database
Blast Radius: 129.0
Published: over 6 years ago
High
GSA_kwCzR0hTQS03N3JtLTl4OWgteGozZ80mxQ
NULL Pointer Dereference in Protocol Buffers
Ecosystems: maven, pypi, go, packagist, nuget
Packages: com.google.protobuf:protobuf-java, protobuf, github.com/protocolbuffers/protobuf, google/protobuf, Google.Protobuf
Source: GitHub Advisory Database
Blast Radius: 111.3
Published: over 2 years ago
High
GSA_kwCzR0hTQS1qd3Z3LXY3YzUtbTgyaM3tlQ
protobuf susceptible to buffer overflow
Ecosystems: pypi, packagist, go, maven, nuget
Packages: protobuf, google/protobuf, github.com/protocolbuffers/protobuf, com.google.protobuf:protobuf-parent, Google.Protobuf
Source: GitHub Advisory Database
Blast Radius: 94.2
Published: almost 2 years ago
High
GSA_kwCzR0hTQS02NjI4LXE2ajktdzh2Z84AA0dX
gRPC Reachable Assertion issue
Ecosystems: rubygems, pypi, maven
Packages: grpc, grpcio, io.grpc:grpc-protobuf
Source: GitHub Advisory Database
Blast Radius: 89.7
Published: 10 months ago
High
GSA_kwCzR0hTQS1jZmdwLTI5NzctMmZtbc4AA0N9
Connection confusion in gRPC
Ecosystems: rubygems, pypi, maven
Packages: grpc, grpcio, io.grpc:grpc-protobuf
Source: GitHub Advisory Database
Blast Radius: 88.5
Published: 10 months ago
High
GSA_kwCzR0hTQS14NHFyLTJmdmYtM21yNc4AAxfn
Vulnerable OpenSSL included in cryptography wheels
Ecosystems: cargo, pypi
Packages: openssl-src, cryptography
Source: GitHub Advisory Database
Blast Radius: 64.2
Published: about 1 year ago
High
GSA_kwCzR0hTQS13cnZ3LWhnMjItNG02N80hQw
A potential Denial of Service issue in protobuf-java
Ecosystems: maven, rubygems
Packages: com.google.protobuf:protobuf-kotlin, com.google.protobuf:protobuf-java, google-protobuf
Source: GitHub Advisory Database
Blast Radius: 61.8
Published: over 2 years ago
High
GSA_kwCzR0hTQS1wMjVtLWpwajQtcWNycs4AA127
Denial of Service Vulnerability in gRPC TCP Server (Posix-compatible platforms)
Ecosystems: pypi, rubygems
Packages: grpcio, grpc
Source: GitHub Advisory Database
Blast Radius: 61.2
Published: 8 months ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLThmODktMmZ3ai01djVy
Improper Input Validation in klona
Ecosystems: npm
Packages: klona
Source: GitHub Advisory Database
Blast Radius: 59.4
Published: about 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTkyeGotbXFwNy12bWNq
Prototype Pollution in node-forge
Ecosystems: npm
Packages: node-forge
Source: GitHub Advisory Database
Blast Radius: 57.0
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTUycDktdjc0NC1td2pq
Remote code execution in Kramdown
Ecosystems: rubygems
Packages: kramdown
Source: GitHub Advisory Database
Blast Radius: 55.7
Published: about 3 years ago
High
GSA_kwCzR0hTQS1yNjgzLWoyeDQtdjg3Z80j_w
node-fetch forwards secure headers to untrusted sites
Ecosystems: npm
Packages: node-fetch
Source: GitHub Advisory Database
Blast Radius: 55.1
Published: over 2 years ago
High
GSA_kwCzR0hTQS1yaHJ2LTY0NWgtZmpmaM4AA2Jb
Apache Avro Java SDK vulnerable to Improper Input Validation
Ecosystems: pypi, maven
Packages: avro, org.apache.avro:avro
Source: GitHub Advisory Database
Blast Radius: 54.2
Published: 7 months ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTU5NTUtOXdwci0zN2po
Arbitrary File Creation/Overwrite on Windows via insufficient relative path sanitization
Ecosystems: npm
Packages: tar
Source: GitHub Advisory Database
Blast Radius: 53.3
Published: over 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXI2MjgtbWhtaC1xamh3
Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning
Ecosystems: npm
Packages: tar
Source: GitHub Advisory Database
Blast Radius: 53.3
Published: almost 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXFxODktaHEzZi0zOTNw
Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning using symbolic links
Ecosystems: npm
Packages: tar
Source: GitHub Advisory Database
Blast Radius: 53.3
Published: over 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTlyMnctMzk0di01M3Fj
Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning using symbolic links
Ecosystems: npm
Packages: tar
Source: GitHub Advisory Database
Blast Radius: 53.3
Published: over 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTNqZnEtZzQ1OC03cW05
Arbitrary File Creation/Overwrite due to insufficient absolute path sanitization
Ecosystems: npm
Packages: tar
Source: GitHub Advisory Database
Blast Radius: 53.3
Published: almost 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWc3OG0tMmNobS1yN3F2
Regular Expression Denial of Service in websocket-extensions (NPM package)
Ecosystems: npm
Packages: websocket-extensions
Source: GitHub Advisory Database
Blast Radius: 53.2
Published: almost 4 years ago
High
GSA_kwCzR0hTQS1yNThyLTc0Z3gtNnd4M84AAVTq
Nokogiri gem, via libxml, is affected by DoS vulnerabilities
Ecosystems: rubygems
Packages: nokogiri
Source: GitHub Advisory Database
Blast Radius: 53.1
Published: almost 2 years ago
High
GSA_kwCzR0hTQS01OWdwLXFxbTctY3c0as4AApYf
Nokogiri has vulnerable dependencies on libxml2 and libxslt
Ecosystems: rubygems
Packages: nokogiri
Source: GitHub Advisory Database
Blast Radius: 53.1
Published: almost 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXBmNm0tZnhwcS1mZzh2
Nokogiri implementation of libxslt lacks integer overflow checks
Ecosystems: rubygems
Packages: nokogiri
Source: GitHub Advisory Database
Blast Radius: 53.1
Published: almost 6 years ago
High
GSA_kwCzR0hTQS12NGY4LTI4NDctcndtN84AAoiI
Nokogiri Implements libxml2 version vulnerable to use-after-free
Ecosystems: rubygems
Packages: nokogiri
Source: GitHub Advisory Database
Blast Radius: 53.1
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1wandtLXJ2aDItYzg3d80Wrw
Embedded malware in ua-parser-js
Ecosystems: npm
Packages: ua-parser-js
Source: GitHub Advisory Database
Blast Radius: 52.8
Published: over 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTNtcHItaHEzcC00OWg5
Prototype Pollution in mixin-deep
Ecosystems: npm
Packages: mixin-deep
Source: GitHub Advisory Database
Blast Radius: 52.7
Published: almost 6 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTlnOXctaG12ai01aDU3
Prototype Pollution in merge-deep
Ecosystems: npm
Packages: merge-deep
Source: GitHub Advisory Database
Blast Radius: 52.5
Published: almost 6 years ago
High
GSA_kwCzR0hTQS1ocTdwLWozNzctNnY2M84AAxDu
SQL Injection Vulnerability via ActiveRecord comments
Ecosystems: rubygems
Packages: activerecord
Source: GitHub Advisory Database
Blast Radius: 52.4
Published: over 1 year ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTVwbTgtNDkyYy05MnA1
Prototype Pollution in chartkick
Ecosystems: npm, rubygems
Packages: chartkick
Source: GitHub Advisory Database
Blast Radius: 52.1
Published: over 4 years ago
High
GSA_kwCzR0hTQS1qdzlmLWhoNDktY3ZwOc4AAoiz
Nokogiri contains libxml Out-of-bounds Write vulnerability
Ecosystems: rubygems
Packages: nokogiri
Source: GitHub Advisory Database
Blast Radius: 51.9
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1jZ3g2LWhwd3EtZmh2Nc4AAgZn
Integer Overflow or Wraparound in libxml2 affects Nokogiri
Ecosystems: rubygems
Packages: nokogiri
Source: GitHub Advisory Database
Blast Radius: 51.9
Published: almost 2 years ago
High
GSA_kwCzR0hTQS00dzR2LTVoYzkteHJyMs4AA5Mb
angular vulnerable to super-linear runtime due to backtracking
Ecosystems: maven, npm
Packages: org.webjars.bower:angular, org.webjars.npm:angular, angular
Source: GitHub Advisory Database
Blast Radius: 51.8
Published: 3 months ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTVmOWgtOXBqdi12Nmo3
Directory traversal in Rack::Directory app bundled with Rack
Ecosystems: rubygems
Packages: rack
Source: GitHub Advisory Database
Blast Radius: 51.8
Published: almost 4 years ago
High
GSA_kwCzR0hTQS1jNDI5LTVwN3YtdmdqcM4AAvB6
hoek subject to prototype pollution via the clone function.
Ecosystems: npm
Packages: hoek, @hapi/hoek
Source: GitHub Advisory Database
Blast Radius: 51.1
Published: over 1 year ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWdqY3ctdjQ0Ny0ydzdx
Forgeable Public/Private Tokens in jws
Ecosystems: npm
Packages: jws
Source: GitHub Advisory Database
Blast Radius: 51.0
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWNyM3gtN20zOS1jNmpx
Remote code execution via user-provided local names in ActionView
Ecosystems: rubygems
Packages: actionview
Source: GitHub Advisory Database
Blast Radius: 50.9
Published: almost 4 years ago
High
GSA_kwCzR0hTQS00dnJ2LWNoOTYtNmg0Ms4AAS7X
Improper Privilege Management in MySQL Connectors Java
Ecosystems: maven
Packages: mysql:mysql-connector-java
Source: GitHub Advisory Database
Blast Radius: 50.6
Published: almost 2 years ago
High
GSA_kwCzR0hTQS03NGZqLTJqMmgtYzQycc0hVA
Exposure of sensitive information in follow-redirects
Ecosystems: npm
Packages: follow-redirects
Source: GitHub Advisory Database
Blast Radius: 50.4
Published: over 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTlxajktMzZqbS1wcnB2
Regular Expression Denial of Service in fresh
Ecosystems: npm
Packages: fresh
Source: GitHub Advisory Database
Blast Radius: 50.3
Published: almost 6 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWpwNHgtdzYzbS03d2dt
Prototype Pollution in hoek
Ecosystems: npm
Packages: hoek
Source: GitHub Advisory Database
Blast Radius: 50.1
Published: about 6 years ago
High
GSA_kwCzR0hTQS13MnBtLXI3OGgtNG03ds0dSA
OS Command Injection in Laravel Framework
Ecosystems: packagist
Packages: laravel/framework
Source: GitHub Advisory Database
Blast Radius: 50.0
Published: over 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTNwcXgtNGZxZi1qNDlm
Deserialization of Untrusted Data in PyYAML
Ecosystems: pypi
Packages: pyyaml
Source: GitHub Advisory Database
Blast Radius: 49.9
Published: about 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTN3Y3EteDNtcS02cjlw
Potential memory exposure in dns-packet
Ecosystems: npm
Packages: dns-packet
Source: GitHub Advisory Database
Blast Radius: 49.8
Published: almost 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW1wY2YtNGdtaC0yM3c4
Regular Expression Denial of Service in forwarded
Ecosystems: npm
Packages: forwarded
Source: GitHub Advisory Database
Blast Radius: 49.6
Published: almost 6 years ago
High
GSA_kwCzR0hTQS14aDI5LXIydzUtd3g4bc4AAgdN
Nokogiri Improperly Handles Unexpected Data Type
Ecosystems: rubygems
Packages: nokogiri
Source: GitHub Advisory Database
Blast Radius: 49.5
Published: almost 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXE1YzQtMzlmNS1tNjhq
Regular Expression Denial of Service in decamelize
Ecosystems: npm
Packages: decamelize
Source: GitHub Advisory Database
Blast Radius: 49.4
Published: almost 6 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTNjcXItNThybS01N2Y4
Arbitrary Code Execution in Handlebars
Ecosystems: npm
Packages: handlebars
Source: GitHub Advisory Database
Blast Radius: 49.4
Published: about 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWh4Y2MtZjUycC13Yzk0
Insecure serialization leading to RCE in serialize-javascript
Ecosystems: npm
Packages: serialize-javascript
Source: GitHub Advisory Database
Blast Radius: 49.4
Published: over 3 years ago
High
GSA_kwCzR0hTQS03aDI2LTYzbTctcWhmMs0XTw
HTML comments vulnerability allowing to execute JavaScript code
Ecosystems: packagist, npm
Packages: ckeditor/ckeditor, ckeditor4
Source: GitHub Advisory Database
Blast Radius: 49.0
Published: over 2 years ago
High
GSA_kwCzR0hTQS00anFjLThtNXItOXJwcs0Vvg
Prototype Pollution in set-value
Ecosystems: npm, nuget
Packages: set-value, set-value-nuget
Source: GitHub Advisory Database
Blast Radius: 49.0
Published: over 2 years ago
High
GSA_kwCzR0hTQS04Y3cyLWp2NWMtYzgyNc4AAina
Missing Initialization of Resource in Apache Arrow
Ecosystems: pypi, rubygems
Packages: pyarrow, red-arrow
Source: GitHub Advisory Database
Blast Radius: 49.0
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1janc0LTJ3OXItcjhtds4AAinR
Missing Initialization of Resource in Apache Arrow
Ecosystems: pypi, rubygems
Packages: pyarrow, red-arrow
Source: GitHub Advisory Database
Blast Radius: 49.0
Published: almost 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXB4NGgteGczMi1xOTU1
ReDoS in normalize-url
Ecosystems: npm
Packages: normalize-url
Source: GitHub Advisory Database
Blast Radius: 48.9
Published: almost 3 years ago
High
GSA_kwCzR0hTQS0yeHhoLWY4cjMtaHZ2cs4AASRm
Improper Access Control in MySQL Connectors Java
Ecosystems: maven
Packages: mysql:mysql-connector-java
Source: GitHub Advisory Database
Blast Radius: 48.9
Published: almost 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWdmanItM2ptbS00Zzl2
Symlink Arbitrary File Overwrite in tar
Ecosystems: npm
Packages: tar
Source: GitHub Advisory Database
Blast Radius: 48.8
Published: over 6 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWo0NG0tcW02cC1ocDdt
Arbitrary File Overwrite in tar
Ecosystems: npm
Packages: tar
Source: GitHub Advisory Database
Blast Radius: 48.8
Published: about 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXE4cGotMnZxeC04Z2dj
Denial of service in css-what
Ecosystems: npm
Packages: css-what
Source: GitHub Advisory Database
Blast Radius: 48.6
Published: almost 3 years ago
High
GSA_kwCzR0hTQS1wMjhoLWNjN3EtYzRmZ84AAvJj
css-what vulnerable to ReDoS due to use of insecure regular expression
Ecosystems: npm
Packages: css-what
Source: GitHub Advisory Database
Blast Radius: 48.6
Published: over 1 year ago
High
GSA_kwCzR0hTQS1ycDY1LTljZjMtY2p4cs0V5A
Inefficient Regular Expression Complexity in nth-check
Ecosystems: npm
Packages: nth-check
Source: GitHub Advisory Database
Blast Radius: 48.6
Published: over 2 years ago
High
GSA_kwCzR0hTQS1jZm00LXFqaDItNDc2Nc00KA
Improper Verification of Cryptographic Signature in node-forge
Ecosystems: npm
Packages: node-forge
Source: GitHub Advisory Database
Blast Radius: 48.6
Published: about 2 years ago
High
GSA_kwCzR0hTQS14NGpnLW1qcngtNDM0Z800KQ
Improper Verification of Cryptographic Signature in node-forge
Ecosystems: npm
Packages: node-forge
Source: GitHub Advisory Database
Blast Radius: 48.6
Published: about 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWNmNjYteHdmcC1ndmM0
Missing Origin Validation in webpack-dev-server
Ecosystems: npm
Packages: webpack-dev-server
Source: GitHub Advisory Database
Blast Radius: 48.5
Published: over 5 years ago
High
GSA_kwCzR0hTQS1wNDloLWhqdm0tamczaM0W2w
PCX P mode buffer overflow in Pillow
Ecosystems: pypi
Packages: Pillow
Source: GitHub Advisory Database
Blast Radius: 48.5
Published: over 2 years ago
High
GSA_kwCzR0hTQS1mbXg0LTI2cjMtd3hwZs0v8A
Integer overflow in cmark-gfm table parsing extension leads to heap memory corruption
Ecosystems: rubygems
Packages: commonmarker
Source: GitHub Advisory Database
Blast Radius: 48.4
Published: about 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXdydnItOG1weC1yN3Bw
mime Regular Expression Denial of Service when MIME lookup performed on untrusted user input
Ecosystems: npm
Packages: mime
Source: GitHub Advisory Database
Blast Radius: 48.1
Published: almost 6 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWZmNnItNWp3bS04Mjky
Regular Expression Denial of Service in no-case
Ecosystems: npm
Packages: no-case
Source: GitHub Advisory Database
Blast Radius: 48.0
Published: almost 6 years ago
High
GSA_kwCzR0hTQS13cjNqLXB3ajktaHFxNs4AA6Nc
Path traversal in webpack-dev-middleware
Ecosystems: npm
Packages: webpack-dev-middleware
Source: GitHub Advisory Database
Blast Radius: 48.0
Published: about 2 months ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXdoZ20tanIyMy1nM2o5
Uncontrolled Resource Consumption in ansi-html
Ecosystems: npm
Packages: ansi-html
Source: GitHub Advisory Database
Blast Radius: 47.9
Published: over 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTNmeDUtZnd2ci14cmpn
Regular Expression Denial of Service in ms
Ecosystems: npm
Packages: ms
Source: GitHub Advisory Database
Blast Radius: 47.7
Published: over 6 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWM5ZjQteGoyNC04anF4
Regular Expression Denial of Service in uglify-js
Ecosystems: npm
Packages: uglify-js
Source: GitHub Advisory Database
Blast Radius: 47.6
Published: over 6 years ago
High
GSA_kwCzR0hTQS1mOHE2LXA5NHgtMzd2M84AAvaI
minimatch ReDoS vulnerability
Ecosystems: npm
Packages: minimatch
Source: GitHub Advisory Database
Blast Radius: 47.6
Published: over 1 year ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWh4bTItcjM0Zi1xbWM1
Regular Expression Denial of Service in minimatch
Ecosystems: npm
Packages: minimatch
Source: GitHub Advisory Database
Blast Radius: 47.6
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZjOGYtcXBoZy1xamdw
Validation Bypass in kind-of
Ecosystems: npm
Packages: kind-of
Source: GitHub Advisory Database
Blast Radius: 47.5
Published: about 4 years ago
High
GSA_kwCzR0hTQS1ocnBwLWg5OTgtajNwcM4AAwDM
qs vulnerable to Prototype Pollution
Ecosystems: npm
Packages: qs
Source: GitHub Advisory Database
Blast Radius: 47.4
Published: over 1 year ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWdxZ3YtNmpxNS1qamo5
Prototype Pollution Protection Bypass in qs
Ecosystems: npm
Packages: qs
Source: GitHub Advisory Database
Blast Radius: 47.4
Published: about 4 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTU4cHAtOWM3Ni01NjI1
jackson-databind mishandles the interaction between serialization gadgets and typing
Ecosystems: maven
Packages: com.fasterxml.jackson.core:jackson-databind
Source: GitHub Advisory Database
Blast Radius: 47.4
Published: almost 4 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXYzeHctYzk2My1mNWhj
jackson-databind mishandles the interaction between serialization gadgets and typing
Ecosystems: maven
Packages: com.fasterxml.jackson.core:jackson-databind
Source: GitHub Advisory Database
Blast Radius: 47.4
Published: almost 4 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTc1OG0tdjU2di1ncmo0
jackson-databind mishandles the interaction between serialization gadgets and typing
Ecosystems: maven
Packages: com.fasterxml.jackson.core:jackson-databind
Source: GitHub Advisory Database
Blast Radius: 47.4
Published: about 4 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTl2dnAtZnh3Ni1qY3hy
jackson-databind mishandles the interaction between serialization gadgets and typing
Ecosystems: maven
Packages: com.fasterxml.jackson.core:jackson-databind
Source: GitHub Advisory Database
Blast Radius: 47.4
Published: almost 4 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJmNnItMmM0cS0ydndn
jackson-databind mishandles the interaction between serialization gadgets and typing
Ecosystems: maven
Packages: com.fasterxml.jackson.core:jackson-databind
Source: GitHub Advisory Database
Blast Radius: 47.4
Published: almost 4 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTk1Y20tODhmNS1mMmM3
jackson-databind mishandles the interaction between serialization gadgets and typing
Ecosystems: maven
Packages: com.fasterxml.jackson.core:jackson-databind
Source: GitHub Advisory Database
Blast Radius: 47.4
Published: about 4 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWZxd2YtcGp3Zi03dnF2
jackson-databind mishandles the interaction between serialization gadgets and typing
Ecosystems: maven
Packages: com.fasterxml.jackson.core:jackson-databind
Source: GitHub Advisory Database
Blast Radius: 47.4
Published: almost 4 years ago
High
GSA_kwCzR0hTQS13OXAzLTVjcjgtbTNqas0kWg
Deserialization of Untrusted Data in Log4j 1.x
Ecosystems: maven
Packages: org.zenframework.z8.dependencies.commons:log4j-1.2.17, log4j:log4j
Source: GitHub Advisory Database
Blast Radius: 47.3
Published: over 2 years ago
High
GSA_kwCzR0hTQS1mOTNmLWczM3ItOHBjcM3o4A
Improper Restriction of XML External Entity Reference in Spring Framework
Ecosystems: maven
Packages: org.springframework:spring-webmvc
Source: GitHub Advisory Database
Blast Radius: 47.1
Published: almost 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWZwNHctanhocC1tMjNw
Dependency Confusion in Bundler
Ecosystems: rubygems
Packages: bundler
Source: GitHub Advisory Database
Blast Radius: 47.1
Published: almost 3 years ago
High
GSA_kwCzR0hTQS1mOXh2LXE5NjktcHF4NM4AAy8A
Uncaught Exception in yaml
Ecosystems: npm
Packages: yaml
Source: GitHub Advisory Database
Blast Radius: 47.1
Published: about 1 year ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWZmN3gtcXJnNy1xZ2dt
dot-prop Prototype Pollution vulnerability
Ecosystems: npm
Packages: dot-prop
Source: GitHub Advisory Database
Blast Radius: 47.1
Published: almost 4 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXI4ajUtaDVjeC02NWdn
ReDOS in IS-SVG
Ecosystems: npm
Packages: is-svg
Source: GitHub Advisory Database
Blast Radius: 47.0
Published: over 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTdyMjgtM20zZi1yMnBy
Regular Expression Denial of Service (ReDoS)
Ecosystems: npm
Packages: is-svg
Source: GitHub Advisory Database
Blast Radius: 47.0
Published: about 3 years ago
High
GSA_kwCzR0hTQS1yYzQ3LTY2NjctMmo1as4AAxS-
http-cache-semantics vulnerable to Regular Expression Denial of Service
Ecosystems: maven, npm
Packages: org.webjars.npm:http-cache-semantics, http-cache-semantics
Source: GitHub Advisory Database
Blast Radius: 46.9
Published: over 1 year ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWc3cTUtcGpqci1ncXZw
Regular Expression Denial of Service in tough-cookie
Ecosystems: npm
Packages: tough-cookie
Source: GitHub Advisory Database
Blast Radius: 46.9
Published: almost 6 years ago
High
GSA_kwCzR0hTQS00d2Y1LXZwaGYtYzJ4Y84AAtaQ
Terser insecure use of regular expressions leads to ReDoS
Ecosystems: npm
Packages: terser
Source: GitHub Advisory Database
Blast Radius: 46.9
Published: almost 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTQyMjgtN3F2eC1mNHJx
Injection and Command Injection in devcert
Ecosystems: npm
Packages: devcert
Source: GitHub Advisory Database
Blast Radius: 46.8
Published: almost 3 years ago
High
GSA_kwCzR0hTQS1oaHEzLWZmNzgtanYzZ84AAvRq
loader-utils is vulnerable to Regular Expression Denial of Service (ReDoS)
Ecosystems: npm
Packages: loader-utils
Source: GitHub Advisory Database
Blast Radius: 46.7
Published: over 1 year ago
High
GSA_kwCzR0hTQS0zcmZtLWpod2otNzQ4OM4AAvVB
loader-utils is vulnerable to Regular Expression Denial of Service (ReDoS) via url variable
Ecosystems: npm
Packages: loader-utils
Source: GitHub Advisory Database
Blast Radius: 46.7
Published: over 1 year ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJndzItOHE5dy1jdzhw
Ruby-ffi has a DLL loading issue
Ecosystems: rubygems
Packages: ffi
Source: GitHub Advisory Database
Blast Radius: 46.7
Published: over 5 years ago
High
GSA_kwCzR0hTQS1md3I3LXYybXYtaGgyNc05EQ
Prototype Pollution in async
Ecosystems: npm
Packages: async
Source: GitHub Advisory Database
Blast Radius: 46.5
Published: about 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXA2bWMtbTQ2OC04M2d3
Prototype Pollution in lodash
Ecosystems: npm
Packages: lodash.updatewith, lodash.update, lodash.setwith, lodash.set, lodash.pick, lodash-es, lodash
Source: GitHub Advisory Database
Blast Radius: 46.5
Published: almost 4 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTc1NGgtNXIyNy03eDNy
RCE in Symfony
Ecosystems: packagist
Packages: symfony/symfony, symfony/http-kernel
Source: GitHub Advisory Database
Blast Radius: 46.4
Published: over 3 years ago
High
GSA_kwCzR0hTQS1xOGhnLXBmOHYtY3hyds02BA
Symfony Http-Kernel has non-constant time comparison in UriSigner
Ecosystems: packagist
Packages: symfony/symfony, symfony/http-kernel
Source: GitHub Advisory Database
Blast Radius: 46.4
Published: about 2 years ago
Statistics
Advisories: 18,400
Packages: 8,303
Repositories: 2,441
Ecosystems: 12
Filter by Severity
Moderate 7,949 High 6,364 Critical 2,810 Low 986
Filter by Ecosystem
maven 1,875 npm 1,404 pypi 1,174 packagist 1,024 nuget 785 go 688 cargo 323 rubygems 284 swift 16 hex 9 actions 8 pub 4
Filter by Package
Microsoft.ChakraCore 234 tensorflow 107 tensorflow-cpu 95 tensorflow-gpu 93 magento/community-edition 55 org.jenkins-ci.main:jenkins-core 48 moodle/moodle 44 com.fasterxml.jackson.core:jackson-databind 43 org.apache.tomcat:tomcat 33 dolibarr/dolibarr 31 drupal/core 28 microweber/microweber 27 pimcore/pimcore 27 nokogiri 25 drupal/drupal 24 org.apache.struts:struts2-core 23 phpmyadmin/phpmyadmin 23 opencv-contrib-python 22 com.thoughtworks.xstream:xstream 22 typo3/cms 22 opencv-python 22 com.jfinal:jfinal 21 Pillow 21 ansible 20 django 19 github.com/rancher/rancher 19 thorsten/phpmyfaq 19 salt 18 librenms/librenms 18 org.jenkins-ci.plugins:script-security 18 typo3/cms-core 18 openssl-src 17 pocketmine/pocketmine-mp 17 mlflow 17 org.apache.tomcat.embed:tomcat-embed-core 16 symfony/symfony 16 apache-airflow 16 getgrav/grav 15 rdiffweb 15 parse-server 15 nilsteampassnet/teampass 15 centreon/centreon 14 Microsoft.AspNetCore.App.Runtime.win-x86 14 Microsoft.AspNetCore.App.Runtime.win-x64 14 vyper 14 net.mingsoft:ms-mcms 14 github.com/hashicorp/consul 14 Plone 14 Microsoft.AspNetCore.App.Runtime.win-arm 13 golang.org/x/net 13 rubygems-update 13 github.com/usememos/memos 13 Microsoft.AspNetCore.App.Runtime.linux-musl-x64 12 Microsoft.AspNetCore.App.Runtime.linux-x64 12 org.keycloak:keycloak-core 12 Microsoft.AspNetCore.App.Runtime.osx-x64 12 Microsoft.AspNetCore.App.Runtime.win-arm64 12 activerecord 12 Microsoft.AspNetCore.App.Runtime.linux-musl-arm64 12 Microsoft.AspNetCore.App.Runtime.linux-arm64 12 Microsoft.AspNetCore.App.Runtime.linux-arm 12 org.apache.openmeetings:openmeetings-parent 12 baserproject/basercms 12 electron 12 github.com/hashicorp/vault 11 org.keycloak:keycloak-parent 11 github.com/nats-io/nats-server/v2 11 intelliants/subrion 11 mautic/core 11 github.com/argoproj/argo-cd 11 actionpack 11 io.undertow:undertow-core 11 org.apache.nifi:nifi 10 org.springframework.security:spring-security-core 10 cobbler 10 froxlor/froxlor 10 org.xwiki.platform:xwiki-platform-oldcore 10 cockpit-hq/cockpit 10 shopware/platform 10 github.com/hashicorp/nomad 10 openmage/magento-lts 10 matrix-synapse 10 Microsoft.NetCore.App.Runtime.win-arm 9 Microsoft.NetCore.App.Runtime.win-arm64 9 org.apache.struts.xwork:xwork-core 9 craftcms/cms 9 org.cloudfoundry.identity:cloudfoundry-identity-server 9 rusqlite 9 org.apache.solr:solr-core 9 org.bouncycastle:bcprov-jdk14 9 ckb 9 Django 9 org.apache.geode:geode-core 9 github.com/ethereum/go-ethereum 9 org.apache.hadoop:hadoop-main 9 Microsoft.NetCore.App.Runtime.win-x86 9 mercurial 9 Microsoft.NetCore.App.Runtime.win-x64 9 org.bouncycastle:bcprov-jdk15 8 github.com/sylabs/singularity 8 gradio 8 Microsoft.NETCore.App.Runtime.win-x64 8 Microsoft.NETCore.App.Runtime.win-arm64 8 org.keycloak:keycloak-services 8 Microsoft.NETCore.App.Runtime.win-x86 8 october/system 8 Microsoft.AspNetCore.App.Runtime.linux-musl-arm 8 shopware/core 8 smarty/smarty 7 tar 7 org.craftercms:crafter-studio 7 snipe/snipe-it 7 cn.hutool:hutool-core 7 gogs.io/gogs 7 magento/core 7 apache-superset 7 org.eclipse.jetty:jetty-server 7 github.com/docker/docker 7 codeigniter4/framework 7 com.liferay.portal:release.portal.bom 7 DotNetNuke.Core 7 org.apache.commons:commons-compress 7 symfony/security 7 org.jenkins-ci.plugins.workflow:workflow-cps-global-lib 7 strapi 7 phpmailer/phpmailer 7 pillow 7 org.elasticsearch:elasticsearch 7 org.jenkins-ci.plugins.workflow:workflow-cps 7 org.springframework:spring-core 7 com.xuxueli:xxl-job 7 cakephp/cakephp 7 sequelize 6 org.apache.cxf:cxf 6 handlebars 6 golang.org/x/crypto 6 github.com/zitadel/zitadel 6 rack 6 org.apache.inlong:manager-pojo 6 org.apache.camel:camel-core 6 kiwitcms 6 Microsoft.AspNetCore.All 6 k8s.io/kubernetes 6 opencv-python-headless 6 opencv-contrib-python-headless 6 org.apache.tomcat:tomcat-coyote 6 composer/composer 6 prestashop/prestashop 6 deno 6 symfony/security-http 6 Microsoft.AspNetCore.App.Runtime.osx-arm64 6 sized-chunks 6 cryptography 6 express-cart 6 github.com/gravitl/netmaker 6 guzzlehttp/guzzle 6 org.apache.tika:tika-core 6 wwbn/avideo 6 de.tum.in.ase:artemis-java-test-sandbox 6 github.com/traefik/traefik/v2 6 waitress 6 istio.io/istio 6 contao/core-bundle 6 laravel/framework 6 contao/contao 6 Microsoft.NETCore.App 6 @strapi/strapi 6 @openzeppelin/contracts 6 github.com/hyperledger/fabric 6 npm 6 serve 5 zope 5 github.com/nats-io/jwt 5 forkcms/forkcms 5 Microsoft.WindowsDesktop.App.Runtime.win-x86 5 org.apache.dolphinscheduler:dolphinscheduler 5 code.gitea.io/gitea 5 next 5 getkirby/cms 5 OPCFoundation.NetStandard.Opc.Ua.Core 5 pear/archive_tar 5 org.xwiki.platform:xwiki-platform-web 5 @openzeppelin/contracts-upgradeable 5 genix/cms 5 plone 5 CefSharp.Common 5 github.com/cilium/cilium 5 org.apache.tomcat:tomcat-catalina 5 Microsoft.AspNetCore.App 5 org.apache.xmlgraphics:batik 5 github.com/IBAX-io/go-ibax 5 Microsoft.WindowsDesktop.App.Runtime.win-x64 5 phpbb/phpbb 5 nautobot 5 org.apache.mesos:mesos 5 github.com/opencontainers/runc 5 ua-parser-js 5 github.com/go-gitea/gitea 5 twisted 5 matrix-js-sdk 5
Filter by Repository
https://github.com/chakra-core/ChakraCore 204 https://github.com/tensorflow/tensorflow 107 https://github.com/xwiki/xwiki-platform 48 https://github.com/FasterXML/jackson-databind 44 https://github.com/jenkinsci/jenkins 36 https://github.com/apache/tomcat 34 https://github.com/python-pillow/Pillow 26 https://github.com/apache/airflow 25 https://github.com/microweber/microweber 25 https://github.com/pimcore/pimcore 25 https://github.com/moodle/moodle 24 https://github.com/django/django 22 https://github.com/apache/struts 22 https://github.com/x-stream/xstream 22 https://github.com/keycloak/keycloak 22 https://github.com/opencv/opencv 21 https://github.com/sparklemotion/nokogiri 20 https://github.com/Dolibarr/dolibarr 19 https://github.com/thorsten/phpmyfaq 18 https://github.com/pmmp/PocketMine-MP 17 https://github.com/dotnet/runtime 17 https://github.com/symfony/symfony 16 https://github.com/spring-projects/spring-framework 16 https://github.com/rancher/rancher 16 https://github.com/parse-community/parse-server 15 https://github.com/ansible/ansible 15 https://github.com/ikus060/rdiffweb 15 https://github.com/vyperlang/vyper 14 https://github.com/github/advisory-database 14 https://github.com/librenms/librenms 14 https://github.com/usememos/memos 13 https://github.com/jenkinsci/script-security-plugin 13 https://github.com/apache/inlong 13 https://github.com/getgrav/grav 13 https://github.com/rails/rails 12 https://github.com/mlflow/mlflow 12 https://github.com/apache/nifi 11 https://github.com/hashicorp/consul 11 https://github.com/electron/electron 11 https://github.com/mautic/mautic 11 https://github.com/centreon/centreon 10 https://github.com/argoproj/argo-cd 10 https://github.com/go-gitea/gitea 10 https://github.com/octobercms/october 10 https://github.com/OpenMage/magento-lts 10 https://github.com/golang/go 9 https://github.com/strapi/strapi 9 https://github.com/kubernetes/kubernetes 9 https://github.com/cui2shark/cms 9 https://github.com/apache/camel 9 https://github.com/nilsteampassnet/teampass 9 https://github.com/cloudfoundry/uaa 9 https://github.com/nervosnetwork/ckb 9 https://github.com/rusqlite/rusqlite 9 https://github.com/gradio-app/gradio 8 https://github.com/cockpit-hq/cockpit 8 https://github.com/matrix-org/synapse 8 https://github.com/cobbler/cobbler 8 https://github.com/bcgit/bc-java 8 https://github.com/shopware/platform 8 https://github.com/TYPO3/TYPO3.CMS 8 https://github.com/nats-io/nats-server 8 https://github.com/rubygems/rubygems 7 https://github.com/denoland/deno 7 https://github.com/DSpace/DSpace 7 https://github.com/hashicorp/vault 7 https://github.com/apache/cxf 7 https://github.com/snipe/snipe-it 7 https://github.com/undertow-io/undertow 7 https://github.com/netty/netty 7 https://github.com/apache/activemq 7 https://github.com/dotnet/aspnetcore 7 https://github.com/eclipse/jetty.project 7 https://github.com/PHPMailer/PHPMailer 7 https://github.com/plone/Products.CMFPlone 7 https://github.com/spring-projects/spring-security 7 https://github.com/hyperledger/fabric 6 https://github.com/smarty-php/smarty 6 https://github.com/PaddlePaddle/Paddle 6 https://github.com/intelliants/subrion 6 https://github.com/CVEProject/cvelist 6 https://github.com/npm/node-tar 6 https://github.com/contao/contao 6 https://github.com/opencast/opencast 6 https://github.com/OpenNMS/opennms 6 https://github.com/sequelize/sequelize 6 https://github.com/pyca/cryptography 6 https://github.com/guzzle/guzzle 6 https://github.com/gravitl/netmaker 6 https://github.com/backstage/backstage 6 https://github.com/zitadel/zitadel 6 https://github.com/dromara/hutool 6 https://github.com/phpmyadmin/phpmyadmin 6 https://github.com/TYPO3/typo3 6 https://github.com/OpenZeppelin/openzeppelin-contracts 6 https://github.com/Pylons/waitress 6 https://github.com/ls1intum/Ares 6 https://github.com/magento/magento2 6 https://github.com/nilsteampassnet/TeamPass 6 https://github.com/kiwitcms/Kiwi 6 https://github.com/WWBN/AVideo 6 https://github.com/istio/istio 6 https://github.com/dnnsoftware/Dnn.Platform 6 https://github.com/froxlor/froxlor 6 https://github.com/saltstack/salt 6 https://github.com/xuxueli/xxl-job 6 https://github.com/bodil/sized-chunks 6 https://github.com/DrunkenShells/Disclosures 6 https://github.com/OPCFoundation/UA-.NETStandard 6 https://github.com/getkirby/kirby 5 https://github.com/apache/hadoop 5 https://github.com/cakephp/cakephp 5 https://github.com/traefik/traefik 5 https://github.com/PrestaShop/PrestaShop 5 https://github.com/twisted/twisted 5 https://github.com/directus/directus 5 https://github.com/matrix-org/matrix-js-sdk 5 https://github.com/cefsharp/CefSharp 5 https://github.com/gogs/gogs 5 https://github.com/hpcng/singularity 5 https://github.com/pear/Archive_Tar 5 https://github.com/cilium/cilium 5 https://github.com/faisalman/ua-parser-js 5 https://github.com/nautobot/nautobot 5 https://github.com/apache/xmlgraphics-batik 5 https://github.com/laravel/framework 5 https://github.com/composer/composer 5 https://github.com/drupal/core 5 https://github.com/forkcms/forkcms 5 https://github.com/aubio/aubio 5 https://github.com/BlackFan/client-side-prototype-pollution 5 https://github.com/docker/docker 5 https://github.com/ethereum/go-ethereum 5 https://github.com/zopefoundation/Zope 5 https://github.com/apache/kylin 5 https://github.com/codeigniter4/CodeIgniter4 5 https://github.com/answerdev/answer 5 https://github.com/IBAX-io/go-ibax 5 https://github.com/protocolbuffers/protobuf 5 https://github.com/geoserver/geoserver 5 https://github.com/apache/dolphinscheduler 5 https://github.com/centreon/centreon-archived 4 https://github.com/libp2p/go-libp2p 4 https://github.com/statamic/cms 4 https://github.com/jnqnfe/pulse-binding-rust 4 https://github.com/0xJacky/nginx-ui 4 https://github.com/RaspAP/raspap-webgui 4 https://github.com/ckeditor/ckeditor4 4 https://github.com/wixtoolset/issues 4 https://github.com/surrealdb/surrealdb 4 https://github.com/vantage6/vantage6 4 https://github.com/pimcore/admin-ui-classic-bundle 4 https://github.com/ethyca/fides 4 https://github.com/openstack/keystone 4 https://github.com/scrapy/scrapy 4 https://github.com/restlet/restlet-framework-java 4 https://github.com/tidwall/gjson 4 https://github.com/kubernetes/ingress-nginx 4 https://github.com/opencontainers/runc 4 https://github.com/cloudflare/cfrpki 4 https://github.com/livehelperchat/livehelperchat 4 https://github.com/yiisoft/yii2 4 https://github.com/Codiad/Codiad 4 https://github.com/totaljs/framework 4 https://github.com/nightcloudos/new_cms 4 https://github.com/containers/buildah 4 https://github.com/bolt/bolt 4 https://github.com/baserproject/basercms 4 https://github.com/Froxlor/Froxlor 4 https://github.com/igniterealtime/Openfire 4 https://github.com/pgadmin-org/pgadmin4 4 https://github.com/hashicorp/nomad 4 https://github.com/jettison-json/jettison 4 https://github.com/jhipster/generator-jhipster 4 https://github.com/ericcornelissen/shescape 4 https://github.com/cri-o/cri-o 4 https://github.com/apache/geode 4 https://github.com/PrismJS/prism 4 https://github.com/containers/podman 4 https://github.com/jenkinsci/workflow-cps-global-lib-plugin 4 https://github.com/fiveai/Cachet 4 https://github.com/free5gc/free5gc 4 https://github.com/phpseclib/phpseclib 4 https://github.com/quarkusio/quarkus 4 https://github.com/apple/swift-nio-http2 4 https://github.com/npm/cli 4 https://github.com/jeecgboot/jeecg-boot 4 https://github.com/playframework/playframework 4 https://github.com/pallets/werkzeug 3 https://github.com/matrix-org/matrix-react-sdk 3 https://github.com/Ylianst/MeshCentral 3 https://github.com/onionshare/onionshare 3 https://github.com/francoisjacquet/rosariosis 3 https://github.com/evershopcommerce/evershop 3 https://github.com/nltk/nltk 3 https://github.com/janeczku/calibre-web 3 https://github.com/gitpython-developers/GitPython 3 https://github.com/minio/minio 3 https://github.com/stealjs/steal 3