Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

High Security Advisories

Loading...
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXdtZmctNTVmOS1qOGhx
Server-Side Template Injection
Ecosystems: maven
Packages: com.browserup:browserup-proxy
Source: GitHub Advisory Database
Blast Radius: 6.0
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTR3NHAteHdyci05Y3Jo
Injection in Apache Syncope
Ecosystems: maven
Packages: org.apache.syncope:syncope-core
Source: GitHub Advisory Database
Blast Radius: 9.4
Published: almost 3 years ago
High
GSA_kwCzR0hTQS1xNW1xLTZmamctNG13OM0WQg
SQL Injection in thinkjs
Ecosystems: npm
Packages: thinkjs
Source: GitHub Advisory Database
Blast Radius: 24.0
Published: over 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTk5N2MtZmo4ai1ycTVo
Arbitrary Code Execution
Ecosystems: go
Packages: github.com/docker/docker
Source: GitHub Advisory Database
Blast Radius: 45.1
Published: about 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXY1NGYteGNtcC00M2Ny
Deserialization of Untrusted Data in Apache ShardingSphere
Ecosystems: maven
Packages: org.apache.shardingsphere:shardingsphere
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTQyMjgtN3F2eC1mNHJx
Injection and Command Injection in devcert
Ecosystems: npm
Packages: devcert
Source: GitHub Advisory Database
Blast Radius: 46.8
Published: almost 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTgzNmctNWZyNS1mZ2Ny
Missing Authentication for Critical Function in Apache TomEE
Ecosystems: maven
Packages: org.apache.tomee:tomee
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS1tM3h2LXgzcGgtbXEyMs0yUg
Server-side Template Injection in nystudio107/craft-seomatic
Ecosystems: packagist
Packages: nystudio107/craft-seomatic
Source: GitHub Advisory Database
Blast Radius: 20.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS1wNDloLWhqdm0tamczaM0W2w
PCX P mode buffer overflow in Pillow
Ecosystems: pypi
Packages: Pillow
Source: GitHub Advisory Database
Blast Radius: 48.5
Published: over 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTg1Y3AtcDQyNi00MmY1
Prototype Pollution in deep-get-set
Ecosystems: npm
Packages: deep-get-set
Source: GitHub Advisory Database
Blast Radius: 21.8
Published: about 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTd2bTctajhwNy1oMzQ2
Code injection in blamer
Ecosystems: npm
Packages: blamer
Source: GitHub Advisory Database
Blast Radius: 31.6
Published: about 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJod2YtaHFwci1xOGcy
Code Injection in script-manager
Ecosystems: npm
Packages: script-manager
Source: GitHub Advisory Database
Blast Radius: 21.9
Published: about 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXhteGgtZzd3ai04bTRt
OS Command Injection in curling
Ecosystems: npm
Packages: curling
Source: GitHub Advisory Database
Blast Radius: 10.2
Published: about 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWNqMmgtd3czNi12OTMy
Improper Certificate Validation in HashiCorp Nomad
Ecosystems: go
Packages: github.com/hashicorp/nomad
Source: GitHub Advisory Database
Blast Radius: 22.7
Published: almost 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTNwcXgtNGZxZi1qNDlm
Deserialization of Untrusted Data in PyYAML
Ecosystems: pypi
Packages: pyyaml
Source: GitHub Advisory Database
Blast Radius: 49.9
Published: about 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTNmdzQtNGgzbS04OTJo
OS Command Injection in serial-number
Ecosystems: npm
Packages: serial-number
Source: GitHub Advisory Database
Blast Radius: 14.3
Published: about 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXdocTYtbWoyci1tanFj
OS Command Injection in lsof
Ecosystems: npm
Packages: lsof
Source: GitHub Advisory Database
Blast Radius: 23.4
Published: about 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJ4NnItNzQyNy05NWNt
Deserialization of Untrusted Data in Apache Camel RabbitMQ
Ecosystems: maven
Packages: org.apache.camel:camel-rabbitmq
Source: GitHub Advisory Database
Blast Radius: 24.8
Published: almost 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTUycDktdjc0NC1td2pq
Remote code execution in Kramdown
Ecosystems: rubygems
Packages: kramdown
Source: GitHub Advisory Database
Blast Radius: 55.7
Published: about 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWpxbWMtZnh4cC1yNTg5
Deserialization of Untrusted Data in Tendenci
Ecosystems: pypi
Packages: tendenci
Source: GitHub Advisory Database
Blast Radius: 12.5
Published: almost 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTc5cW0taDM1Zi1ocjc3
OS Command Injection in compile-sass
Ecosystems: npm
Packages: compile-sass
Source: GitHub Advisory Database
Blast Radius: 17.4
Published: about 3 years ago
High
GSA_kwCzR0hTQS0yajZ2LXhwZjMteHZyds0vfA
Use of Externally-Controlled Format String in wire-avs
Ecosystems: maven
Packages: com.wire:avs
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWg1dmotZjdyOS13NTY0
Entropy Backdoor in text-qrcode
Ecosystems: npm
Packages: text-qrcode
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTl4OWotODM2dy04ZjU1
Incorrect Calculation in the MSR JavaScript Cryptography Library
Ecosystems: npm
Packages: msrcrypto
Source: GitHub Advisory Database
Blast Radius: 28.1
Published: over 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZtNWotdnFyNi12N3Y4
OS Command Injection in pixl-class
Ecosystems: npm
Packages: pixl-class
Source: GitHub Advisory Database
Blast Radius: 16.3
Published: over 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTVmamotY2ZoMi1naGM1
Server-Side Request Forgery and Inclusion of Functionality from Untrusted Control Sphere in jsreport
Ecosystems: npm
Packages: jsreport
Source: GitHub Advisory Database
Blast Radius: 20.4
Published: about 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTc5d2YtcWNxdi1yMjJy
Remote code execution in better-macro
Ecosystems: cargo
Packages: better-macro
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXhwNHgtajl2aC1jM3dm
OS Command Injection and Command Injection in kill-port-process
Ecosystems: npm
Packages: kill-port-process
Source: GitHub Advisory Database
Blast Radius: 27.5
Published: about 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWhtdzItbXZ2aC1qZjVq
OS Command Injection in enpeem
Ecosystems: npm
Packages: enpeem
Source: GitHub Advisory Database
Blast Radius: 22.6
Published: about 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLThmODktMmZ3ai01djVy
Improper Input Validation in klona
Ecosystems: npm
Packages: klona
Source: GitHub Advisory Database
Blast Radius: 59.4
Published: about 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXdjNmYtY2pjcC1jYzMz
Improper Certificate Validation in Apache IoTDB
Ecosystems: maven
Packages: org.apache.iotdb:iotdb-parent
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWhqZ20tZjd2eC1tNWc3
Deserialization of Untrusted Data in Apache Heron
Ecosystems: maven
Packages: org.apache.heron:heron-simulator
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXY2ZnEtcTc5Mi1qNDZq
Improper Input Validation in Apache Unomi
Ecosystems: maven
Packages: org.apache.unomi:unomi
Source: GitHub Advisory Database
Blast Radius: 6.8
Published: about 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJ2N3AtbW13cS14Njc0
Improper Input Validation and Code Injection in pdf-image
Ecosystems: npm
Packages: pdf-image
Source: GitHub Advisory Database
Blast Radius: 22.6
Published: almost 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXFmeHYtcXF2Zy0yNHBn
OS Command Injection in im-metadata
Ecosystems: npm
Packages: im-metadata
Source: GitHub Advisory Database
Blast Radius: 14.6
Published: about 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXI5dm0tcmhtZi03aHh4
OS Command Injection in im-resize
Ecosystems: npm
Packages: im-resize
Source: GitHub Advisory Database
Blast Radius: 14.6
Published: about 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWo5NzctZzV2ai1qMjdn
Cross-Site Scripting in scratch-svg-renderer
Ecosystems: npm
Packages: scratch-svg-renderer
Source: GitHub Advisory Database
Blast Radius: 23.5
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWdnMmctbTV3Yy12Y2Nx
Rebuild-bot workflow may allow unauthorised repository modifications
Ecosystems: npm
Packages: projen
Source: GitHub Advisory Database
Blast Radius: 30.1
Published: about 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTVobW0teDhxOC13NWpo
LDAP authentication bypass with empty password
Ecosystems: pypi
Packages: alerta-server
Source: GitHub Advisory Database
Blast Radius: 11.2
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTc5MnItbWgycS1wOHFw
Server Side Request Forgery (SSRF) in org.mitre:openid-connect-server
Ecosystems: maven
Packages: org.mitre:openid-connect-server
Source: GitHub Advisory Database
Blast Radius: 14.6
Published: almost 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTl4cjgtOGhtYy0zODlm
Cross-Site Scripting in vant
Ecosystems: npm
Packages: vant
Source: GitHub Advisory Database
Blast Radius: 37.8
Published: over 4 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWd3NTUtam00aC14MzM5
Improper Validation of Certificate with Host Mismatch in Java-WebSocket
Ecosystems: maven
Packages: org.java-websocket:Java-WebSocket
Source: GitHub Advisory Database
Blast Radius: 31.1
Published: almost 4 years ago
High
GSA_kwCzR0hTQS13cjNjLWczMjYtNDg2Y84AAw0t
GitOps Run allows for Kubernetes workload injection
Ecosystems: go
Packages: github.com/weaveworks/weave-gitops
Source: GitHub Advisory Database
Blast Radius: 2.7
Published: over 1 year ago
High
GSA_kwCzR0hTQS1obW03LTZwaDktOGpmMs4AAyuz
org.xwiki.platform:xwiki-platform-livedata-macro vulnerable to Basic Cross-site Scripting
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-livedata-macro
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
High
GSA_kwCzR0hTQS01Y3gyLXZxM2gteDUyY84AAy8Z
Apache superset missing check for default SECRET_KEY
Ecosystems: pypi
Packages: apache-superset
Source: GitHub Advisory Database
Blast Radius: 11.9
Published: about 1 year ago
High
GSA_kwCzR0hTQS02dmdoLTlyM2MtMmN4cM4AAyu8
Improper Neutralization of Script-Related HTML Tags (XSS) in the LiveTable Macro
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-web-standard, org.xwiki.platform:xwiki-platform-web, org.xwiki.platform:xwiki-platform-web-templates, org.xwiki.platform:xwiki-platform-flamingo, org.xwiki.platform:xwiki-platform-flamingo-skin, org.xwiki.platform:xwiki-platform-flamingo-skin-resources
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
High
GSA_kwCzR0hTQS1nam1xLXg1eDctd2MzNs4AAu1g
XWiki Platform vulnerable to Cross-site Scripting in the deleted attachments list
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-index-ui
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
High
GSA_kwCzR0hTQS0zajkzLTdyZjctcDdtNs4AAyjv
thorsten/phpmyfaq vulnerable to stored cross-site scripting (XSS) in FAQ comment username parameter
Ecosystems: packagist
Packages: thorsten/phpmyfaq
Source: GitHub Advisory Database
Blast Radius: 5.4
Published: about 1 year ago
High
GSA_kwCzR0hTQS0zMmZxLW0ycTUtaDgzZ84AAx7W
XWiki-Platform vulnerable to stored Cross-site Scripting via the HTML displayer in Live Data
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-livedata-macro
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
High
GSA_kwCzR0hTQS1teGYyLTRyMjItNWhxOc4AAu1J
XWiki Platform Web Parent POM vulnerable to XSS in the attachment history
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-web
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZnNWYtZjVwbS1tanJn
Istio may not check inbound TCP connections against istio-policy
Ecosystems: go
Packages: istio.io/istio
Source: GitHub Advisory Database
Blast Radius: 19.3
Published: about 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTY5OXEtd2NmZi1nOW1q
Unsafe deserialization in Yii 2
Ecosystems: packagist
Packages: yiisoft/yii2
Source: GitHub Advisory Database
Blast Radius: 40.3
Published: over 3 years ago
High
GSA_kwCzR0hTQS05cjlqLTU3cmYtZjZ2as4AAu1f
XWiki Platform Attachment UI vulnerable to cross-site scripting in the move attachment form
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-attachment-ui
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWpmZjItcWp3OC01NDc2
Command Injection Vulnerability in systeminformation
Ecosystems: npm
Packages: systeminformation
Source: GitHub Advisory Database
Blast Radius: 37.4
Published: about 3 years ago
High
GSA_kwCzR0hTQS01ajJnLTNwaDQtcmd2bc4AAxOY
Fix for authenticated remote code execution through layout update
Ecosystems: packagist
Packages: openmage/magento-lts
Source: GitHub Advisory Database
Blast Radius: 13.1
Published: over 1 year ago
High
GSA_kwCzR0hTQS1xNTY0LXZ2eDgtOTM4OM4AAmCg
CSRF vulnerability in Jenkins warnings Plugin allows remote code execution
Ecosystems: maven
Packages: org.jvnet.hudson.plugins:warnings
Source: GitHub Advisory Database
Blast Radius: 10.1
Published: almost 2 years ago
High
GSA_kwCzR0hTQS04dzN4LTQ1N3Itd2c1M80WXA
Out-of-bounds Write in OpenCV
Ecosystems: pypi
Packages: opencv-contrib-python, opencv-python
Source: GitHub Advisory Database
Blast Radius: 42.5
Published: over 2 years ago
High
GSA_kwCzR0hTQS12MzN4LXE4Z2gtNHg0Ms30UQ
Moodle multiple cross-site request forgery (CSRF) vulnerabilities
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 12.5
Published: almost 2 years ago
High
GSA_kwCzR0hTQS05djczLXg1NjItd3Y1eM4AArVa
OS Command Injection in gitsome
Ecosystems: npm
Packages: gitsome
Source: GitHub Advisory Database
Blast Radius: 2.6
Published: almost 2 years ago
High
GSA_kwCzR0hTQS12ajNqLThtNngtbWpxNs0sMg
Missing permission check in Jenkins SCP publisher Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:scp
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXdxNngtZzY4NS13NWYy
Improper Restriction of XML External Entity Reference in Plone
Ecosystems: pypi
Packages: plone.supermodel, plone.app.dexterity, plone.app.theming, plone.app.event, Plone
Source: GitHub Advisory Database
Blast Radius: 25.9
Published: about 3 years ago
High
GSA_kwCzR0hTQS00N2g2LWhmcHYtN3Boas4AAilz
Magento 2 Community Edition RCE Vulnerability
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 9.5
Published: almost 2 years ago
High
GSA_kwCzR0hTQS03dnI1LTcydzctcTZqY84AAvdg
Sandbox bypass vulnerabilities in Jenkins Script Security Plugin and in Pipeline: Groovy Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins.workflow:workflow-cps, org.jenkins-ci.plugins:script-security
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
High
GSA_kwCzR0hTQS03cXc0LTlyNjgtMnJteM4AA5Em
mingSoft MCMS File Upload vulnerability
Ecosystems: maven
Packages: net.mingsoft:ms-mcms
Source: GitHub Advisory Database
Blast Radius: 2.6
Published: 3 months ago
High
GSA_kwCzR0hTQS1wcjloLWc3cDctcnJxaM4AAXci
XML External Entity Reference in Jenkins FindBugs Plugin
Ecosystems: maven
Packages: org.jvnet.hudson.plugins.findbugs:library
Source: GitHub Advisory Database
Blast Radius: 5.3
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1oN3ZxLTVxZ3ctand3cc0WlA
CSV Injection Vulnerability
Ecosystems: packagist
Packages: craftcms/cms
Source: GitHub Advisory Database
Blast Radius: 30.3
Published: over 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJ3ajktNDM0eC05aHZw
Insecure Deserialization in Backend User Settings in TYPO3 CMS
Ecosystems: packagist
Packages: typo3/cms, typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 31.6
Published: almost 4 years ago
High
GSA_kwCzR0hTQS1mdzQ1LTkzOHYtcDI2as4AArAn
mootools-more vulnerable to prototype pollution
Ecosystems: npm
Packages: mootools-more
Source: GitHub Advisory Database
Blast Radius: 6.8
Published: almost 2 years ago
High
GSA_kwCzR0hTQS05ZnFjLTljcHItdzczcc4AAxav
froxlor is vulnerable to privilege escalation from customer to root via directory-options
Ecosystems: packagist
Packages: froxlor/froxlor
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
High
GSA_kwCzR0hTQS03cTU2LW1wNGMtZ2dnZ84AAc2q
Improper Access Control in Apache Hadoop
Ecosystems: maven
Packages: org.apache.hadoop:hadoop-common
Source: GitHub Advisory Database
Blast Radius: 38.3
Published: almost 2 years ago
High
GSA_kwCzR0hTQS12M2M5LXc2ZzItaGpnM84AAgdO
Cross-Site Request Forgery in XXL-Job
Ecosystems: maven
Packages: com.xuxueli:xxl-job
Source: GitHub Advisory Database
Blast Radius: 6.2
Published: almost 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTk1Y20tODhmNS1mMmM3
jackson-databind mishandles the interaction between serialization gadgets and typing
Ecosystems: maven
Packages: com.fasterxml.jackson.core:jackson-databind
Source: GitHub Advisory Database
Blast Radius: 47.4
Published: about 4 years ago
High
GSA_kwCzR0hTQS1mNnhwLTU5anEtcjM1Y84AAyiT
Phachon mm-wiki Cross Site Request Forgery vulnerability
Ecosystems: go
Packages: github.com/phachon/mm-wiki
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
High
GSA_kwCzR0hTQS1mNmZtLXIyNnEtcDc0N84AAgbL
Improper Removal of Sensitive Information Before Storage or Transfer in Strapi
Ecosystems: npm
Packages: @strapi/strapi, strapi
Source: GitHub Advisory Database
Blast Radius: 31.8
Published: almost 2 years ago
High
GSA_kwCzR0hTQS00djJxLWhqeDMtYzR2cs4AAq98
Magento remote code execution vulnerability
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 9.5
Published: almost 2 years ago
High
GSA_kwCzR0hTQS05cjNoLXdtM3gtdjI0Nc4AAlOm
RCE vulnerability in ElasticBox Jenkins Kubernetes CI/CD Plugin
Ecosystems: maven
Packages: com.elasticbox.jenkins-ci.plugins:kubernetes-ci
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
High
GSA_kwCzR0hTQS0zODcyLWY0OHAtcHhxas0wPw
Improper Neutralization of Special Elements used in a Command ('Command Injection') in Weblate
Ecosystems: pypi
Packages: Weblate
Source: GitHub Advisory Database
Blast Radius: 2.6
Published: about 2 years ago
High
GSA_kwCzR0hTQS1oaG1mLTdyZ2ctZ2N3Nc4AAjY6
Plone SQL Injection Vulnerability
Ecosystems: pypi
Packages: Plone
Source: GitHub Advisory Database
Blast Radius: 7.4
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1xOWc0LTlmeDQtdjUzM84AAu-j
Stored XSS vulnerability in Jenkins DotCi Plugin
Ecosystems: maven
Packages: com.groupon.jenkins-ci.plugins:DotCi
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
High
GSA_kwCzR0hTQS0yamd3LTI4cWgtNm1nOM4AAyuZ
Jenkins Quay.io trigger Plugin Cross-site Scripting vulnerability
Ecosystems: maven
Packages: org.jenkins-ci.plugins:quayio-trigger
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
High
GSA_kwCzR0hTQS12cDRyLWg3NjUtNW13cM4AAxtC
Code Injection in froxlor/froxlor
Ecosystems: packagist
Packages: froxlor/froxlor
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
High
GSA_kwCzR0hTQS12Y3FnLTNwMjkteHc3M80W2Q
Integer overflow in Pillow
Ecosystems: pypi
Packages: Pillow
Source: GitHub Advisory Database
Blast Radius: 43.6
Published: over 2 years ago
High
GSA_kwCzR0hTQS01bXYyLXJ4M3EtNHcyds0pgA
Code injection in Twig
Ecosystems: packagist
Packages: twig/twig
Source: GitHub Advisory Database
Blast Radius: 45.1
Published: about 2 years ago
High
GSA_kwCzR0hTQS05cGd4LXBmMzYtdzQ2cs4AAnV9
CakePHP allows method override parameters to bypass CSRF checks
Ecosystems: packagist
Packages: cakephp/cakephp
Source: GitHub Advisory Database
Blast Radius: 32.9
Published: almost 2 years ago
High
GSA_kwCzR0hTQS12YzI5LXJqOTItZ2M3as0WUw
Out-of-bounds Write in OpenCV
Ecosystems: pypi
Packages: opencv-contrib-python, opencv-python
Source: GitHub Advisory Database
Blast Radius: 42.5
Published: over 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXBxbTYtY2d3ci14NnBm
Signature validation bypass in XmlSecLibs
Ecosystems: packagist
Packages: robrichards/xmlseclibs
Source: GitHub Advisory Database
Blast Radius: 26.4
Published: over 4 years ago
High
GSA_kwCzR0hTQS0ydjVqLXE3NHEtcjUzZs0YzQ
django-helpdesk is vulnerable to Cross-site Scripting
Ecosystems: pypi
Packages: django-helpdesk
Source: GitHub Advisory Database
Blast Radius: 12.3
Published: over 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWZqcXItZngzZi1nNHJ2
Electron protocol handler browser vulnerable to Command Injection
Ecosystems: npm
Packages: electron
Source: GitHub Advisory Database
Blast Radius: 43.7
Published: about 6 years ago
High
GSA_kwCzR0hTQS00cHd3LWZxZ2gtMzZoas0xVA
Unrestricted Upload of File with Dangerous Type in Croogo
Ecosystems: packagist
Packages: croogo/croogo
Source: GitHub Advisory Database
Blast Radius: 14.5
Published: about 2 years ago
High
GSA_kwCzR0hTQS0ycTRnLXdmbTYtNWZwbc02rA
SaltStack Improper Verification of Cryptographic Signature
Ecosystems: pypi
Packages: salt
Source: GitHub Advisory Database
Blast Radius: 23.2
Published: about 2 years ago
High
GSA_kwCzR0hTQS14bTJtLTJxNmgtMjJqd84AAzyM
Apache NiFi vulnerable to Code Injection
Ecosystems: maven
Packages: org.apache.nifi:nifi-dbcp-service-nar, org.apache.nifi:nifi-hikari-dbcp-service, org.apache.nifi:nifi-dbcp-base
Source: GitHub Advisory Database
Blast Radius: 16.9
Published: 11 months ago
High
GSA_kwCzR0hTQS12bXF2LTQ3ajgtZ3d2OM4AA57r
Remote Code Execution Vulnerability in Microsoft Django Backend for SQL Server
Ecosystems: pypi
Packages: mssql-django
Source: GitHub Advisory Database
Blast Radius: 18.2
Published: about 2 months ago
High
GSA_kwCzR0hTQS1tNHBxLWZ2MnctNmhyd84AA5xp
Deno's deno_runtime vulnerable to interactive permission prompt spoofing via improper ANSI stripping
Ecosystems: cargo
Packages: deno_runtime
Source: GitHub Advisory Database
Blast Radius: 13.7
Published: 2 months ago
High
GSA_kwCzR0hTQS1nOTRwLWgyNjMtYzI2cc0_uA
Cross Site Request Forgery in Mingsoft MCMS
Ecosystems: maven
Packages: net.mingsoft:ms-mcms
Source: GitHub Advisory Database
Blast Radius: 2.6
Published: about 2 years ago
High
GSA_kwCzR0hTQS03YzZwLTg0OGotd2g1aM4AA5KP
Composer code execution and possible privilege escalation via compromised InstalledVersions.php or installed.php
Ecosystems: packagist
Packages: composer/composer
Source: GitHub Advisory Database
Blast Radius: 40.0
Published: 3 months ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW01dnItM203NC1qd3hw
Missing Required Cryptographic Step Leading to Sensitive Information Disclosure in TYPO3 CMS
Ecosystems: packagist
Packages: typo3/cms, typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 31.6
Published: almost 4 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTlxNjktZzVnYy05Zmdm
Cross-Site Request Forgery in Vert.x-Web framework
Ecosystems: maven
Packages: io.vertx:vertx-web
Source: GitHub Advisory Database
Blast Radius: 33.7
Published: about 3 years ago
High
GSA_kwCzR0hTQS0zM2gyLTY5ajMtcjMzNs0WWw
Out-of-bounds Read in OpenCV
Ecosystems: pypi
Packages: opencv-contrib-python, opencv-python
Source: GitHub Advisory Database
Blast Radius: 42.5
Published: over 2 years ago
High
GSA_kwCzR0hTQS1xcWZjLW05aGMtcHF2M84AARGl
Deserialization of Untrusted Data in Infinispan
Ecosystems: maven
Packages: org.infinispan:infinispan-core
Source: GitHub Advisory Database
Blast Radius: 31.8
Published: almost 2 years ago
High
GSA_kwCzR0hTQS14ZzV2LTY5NmgtYzN2cs4AAXVN
Cloud Foundry UAA SessionID present in Audit Event Logs
Ecosystems: maven
Packages: org.cloudfoundry.identity:cloudfoundry-identity-server
Source: GitHub Advisory Database
Blast Radius: 10.3
Published: almost 2 years ago
Statistics
Advisories: 18,389
Packages: 8,298
Repositories: 2,440
Ecosystems: 12
Filter by Severity
Moderate 7,943 High 6,361 Critical 2,810 Low 985
Filter by Ecosystem
maven 1,875 npm 1,402 pypi 1,174 packagist 1,024 nuget 785 go 687 cargo 323 rubygems 284 swift 16 hex 9 actions 8 pub 4
Filter by Package
Microsoft.ChakraCore 234 tensorflow 107 tensorflow-cpu 95 tensorflow-gpu 93 magento/community-edition 55 org.jenkins-ci.main:jenkins-core 48 moodle/moodle 44 com.fasterxml.jackson.core:jackson-databind 43 org.apache.tomcat:tomcat 33 dolibarr/dolibarr 31 drupal/core 28 pimcore/pimcore 27 microweber/microweber 27 nokogiri 25 drupal/drupal 24 phpmyadmin/phpmyadmin 23 org.apache.struts:struts2-core 23 typo3/cms 22 com.thoughtworks.xstream:xstream 22 opencv-python 22 opencv-contrib-python 22 Pillow 21 com.jfinal:jfinal 21 ansible 20 thorsten/phpmyfaq 19 github.com/rancher/rancher 19 django 19 salt 18 org.jenkins-ci.plugins:script-security 18 librenms/librenms 18 typo3/cms-core 18 pocketmine/pocketmine-mp 17 openssl-src 17 mlflow 17 apache-airflow 16 org.apache.tomcat.embed:tomcat-embed-core 16 symfony/symfony 16 rdiffweb 15 getgrav/grav 15 parse-server 15 nilsteampassnet/teampass 15 Plone 14 net.mingsoft:ms-mcms 14 github.com/hashicorp/consul 14 centreon/centreon 14 Microsoft.AspNetCore.App.Runtime.win-x64 14 Microsoft.AspNetCore.App.Runtime.win-x86 14 vyper 14 golang.org/x/net 13 Microsoft.AspNetCore.App.Runtime.win-arm 13 rubygems-update 13 github.com/usememos/memos 13 org.apache.openmeetings:openmeetings-parent 12 org.keycloak:keycloak-core 12 baserproject/basercms 12 Microsoft.AspNetCore.App.Runtime.linux-arm 12 Microsoft.AspNetCore.App.Runtime.linux-arm64 12 Microsoft.AspNetCore.App.Runtime.linux-musl-arm64 12 electron 12 Microsoft.AspNetCore.App.Runtime.linux-musl-x64 12 Microsoft.AspNetCore.App.Runtime.linux-x64 12 Microsoft.AspNetCore.App.Runtime.osx-x64 12 activerecord 12 Microsoft.AspNetCore.App.Runtime.win-arm64 12 mautic/core 11 intelliants/subrion 11 github.com/hashicorp/vault 11 actionpack 11 github.com/nats-io/nats-server/v2 11 io.undertow:undertow-core 11 github.com/argoproj/argo-cd 11 org.keycloak:keycloak-parent 11 froxlor/froxlor 10 cockpit-hq/cockpit 10 cobbler 10 org.xwiki.platform:xwiki-platform-oldcore 10 shopware/platform 10 org.apache.nifi:nifi 10 github.com/hashicorp/nomad 10 openmage/magento-lts 10 matrix-synapse 10 org.springframework.security:spring-security-core 10 org.apache.hadoop:hadoop-main 9 org.apache.solr:solr-core 9 mercurial 9 org.bouncycastle:bcprov-jdk14 9 rusqlite 9 org.apache.geode:geode-core 9 github.com/ethereum/go-ethereum 9 Microsoft.NetCore.App.Runtime.win-arm 9 ckb 9 Microsoft.NetCore.App.Runtime.win-x86 9 org.apache.struts.xwork:xwork-core 9 Microsoft.NetCore.App.Runtime.win-x64 9 craftcms/cms 9 Django 9 Microsoft.NetCore.App.Runtime.win-arm64 9 org.cloudfoundry.identity:cloudfoundry-identity-server 9 gradio 8 Microsoft.AspNetCore.App.Runtime.linux-musl-arm 8 github.com/sylabs/singularity 8 Microsoft.NETCore.App.Runtime.win-x64 8 Microsoft.NETCore.App.Runtime.win-arm64 8 org.keycloak:keycloak-services 8 october/system 8 org.bouncycastle:bcprov-jdk15 8 shopware/core 8 Microsoft.NETCore.App.Runtime.win-x86 8 smarty/smarty 7 gogs.io/gogs 7 org.eclipse.jetty:jetty-server 7 org.craftercms:crafter-studio 7 apache-superset 7 com.liferay.portal:release.portal.bom 7 cakephp/cakephp 7 snipe/snipe-it 7 tar 7 org.jenkins-ci.plugins.workflow:workflow-cps 7 pillow 7 DotNetNuke.Core 7 com.xuxueli:xxl-job 7 strapi 7 org.elasticsearch:elasticsearch 7 phpmailer/phpmailer 7 org.jenkins-ci.plugins.workflow:workflow-cps-global-lib 7 cn.hutool:hutool-core 7 org.apache.commons:commons-compress 7 org.springframework:spring-core 7 symfony/security 7 codeigniter4/framework 7 github.com/docker/docker 7 magento/core 7 handlebars 6 cryptography 6 contao/core-bundle 6 rack 6 waitress 6 opencv-contrib-python-headless 6 opencv-python-headless 6 Microsoft.NETCore.App 6 org.apache.cxf:cxf 6 de.tum.in.ase:artemis-java-test-sandbox 6 golang.org/x/crypto 6 contao/contao 6 laravel/framework 6 org.apache.inlong:manager-pojo 6 github.com/traefik/traefik/v2 6 @strapi/strapi 6 deno 6 express-cart 6 Microsoft.AspNetCore.App.Runtime.osx-arm64 6 org.apache.camel:camel-core 6 prestashop/prestashop 6 org.apache.tomcat:tomcat-coyote 6 Microsoft.AspNetCore.All 6 github.com/hyperledger/fabric 6 k8s.io/kubernetes 6 wwbn/avideo 6 npm 6 composer/composer 6 istio.io/istio 6 github.com/gravitl/netmaker 6 @openzeppelin/contracts 6 org.apache.tika:tika-core 6 github.com/zitadel/zitadel 6 sized-chunks 6 guzzlehttp/guzzle 6 kiwitcms 6 sequelize 6 symfony/security-http 6 github.com/opencontainers/runc 5 serve 5 github.com/IBAX-io/go-ibax 5 plone 5 zope 5 forkcms/forkcms 5 Microsoft.WindowsDesktop.App.Runtime.win-x86 5 github.com/cilium/cilium 5 Microsoft.WindowsDesktop.App.Runtime.win-x64 5 directus 5 matrix-js-sdk 5 nautobot 5 passenger 5 pear/archive_tar 5 Microsoft.AspNetCore.App 5 ua-parser-js 5 org.apache.tomcat:tomcat-catalina 5 github.com/answerdev/answer 5 CefSharp.Common 5 @openzeppelin/contracts-upgradeable 5 org.apache.mesos:mesos 5 code.gitea.io/gitea 5 twisted 5 github.com/nats-io/jwt 5 org.apache.dolphinscheduler:dolphinscheduler 5 getkirby/cms 5 org.xwiki.platform:xwiki-platform-web 5 phpbb/phpbb 5 statamic/cms 5 com.vaadin:vaadin-bom 5
Filter by Repository
https://github.com/chakra-core/ChakraCore 204 https://github.com/tensorflow/tensorflow 107 https://github.com/xwiki/xwiki-platform 48 https://github.com/FasterXML/jackson-databind 44 https://github.com/jenkinsci/jenkins 36 https://github.com/apache/tomcat 34 https://github.com/python-pillow/Pillow 26 https://github.com/microweber/microweber 25 https://github.com/apache/airflow 25 https://github.com/pimcore/pimcore 25 https://github.com/moodle/moodle 24 https://github.com/x-stream/xstream 22 https://github.com/keycloak/keycloak 22 https://github.com/apache/struts 22 https://github.com/opencv/opencv 21 https://github.com/sparklemotion/nokogiri 20 https://github.com/django/django 20 https://github.com/Dolibarr/dolibarr 19 https://github.com/thorsten/phpmyfaq 18 https://github.com/pmmp/PocketMine-MP 17 https://github.com/dotnet/runtime 17 https://github.com/rancher/rancher 16 https://github.com/spring-projects/spring-framework 16 https://github.com/symfony/symfony 16 https://github.com/parse-community/parse-server 15 https://github.com/ansible/ansible 15 https://github.com/ikus060/rdiffweb 15 https://github.com/librenms/librenms 14 https://github.com/vyperlang/vyper 14 https://github.com/github/advisory-database 14 https://github.com/apache/inlong 13 https://github.com/jenkinsci/script-security-plugin 13 https://github.com/getgrav/grav 13 https://github.com/usememos/memos 13 https://github.com/rails/rails 12 https://github.com/mlflow/mlflow 12 https://github.com/apache/nifi 11 https://github.com/electron/electron 11 https://github.com/mautic/mautic 11 https://github.com/hashicorp/consul 11 https://github.com/argoproj/argo-cd 10 https://github.com/centreon/centreon 10 https://github.com/go-gitea/gitea 10 https://github.com/octobercms/october 10 https://github.com/OpenMage/magento-lts 10 https://github.com/nilsteampassnet/teampass 9 https://github.com/nervosnetwork/ckb 9 https://github.com/rusqlite/rusqlite 9 https://github.com/golang/go 9 https://github.com/cloudfoundry/uaa 9 https://github.com/cui2shark/cms 9 https://github.com/strapi/strapi 9 https://github.com/kubernetes/kubernetes 9 https://github.com/apache/camel 9 https://github.com/bcgit/bc-java 8 https://github.com/matrix-org/synapse 8 https://github.com/nats-io/nats-server 8 https://github.com/shopware/platform 8 https://github.com/cobbler/cobbler 8 https://github.com/TYPO3/TYPO3.CMS 8 https://github.com/gradio-app/gradio 8 https://github.com/cockpit-hq/cockpit 8 https://github.com/rubygems/rubygems 7 https://github.com/PHPMailer/PHPMailer 7 https://github.com/apache/cxf 7 https://github.com/plone/Products.CMFPlone 7 https://github.com/eclipse/jetty.project 7 https://github.com/spring-projects/spring-security 7 https://github.com/snipe/snipe-it 7 https://github.com/dotnet/aspnetcore 7 https://github.com/netty/netty 7 https://github.com/DSpace/DSpace 7 https://github.com/denoland/deno 7 https://github.com/apache/activemq 7 https://github.com/undertow-io/undertow 7 https://github.com/hashicorp/vault 7 https://github.com/DrunkenShells/Disclosures 6 https://github.com/opencast/opencast 6 https://github.com/kiwitcms/Kiwi 6 https://github.com/TYPO3/typo3 6 https://github.com/pyca/cryptography 6 https://github.com/Pylons/waitress 6 https://github.com/zitadel/zitadel 6 https://github.com/ls1intum/Ares 6 https://github.com/gravitl/netmaker 6 https://github.com/phpmyadmin/phpmyadmin 6 https://github.com/sequelize/sequelize 6 https://github.com/guzzle/guzzle 6 https://github.com/PaddlePaddle/Paddle 6 https://github.com/nilsteampassnet/TeamPass 6 https://github.com/WWBN/AVideo 6 https://github.com/intelliants/subrion 6 https://github.com/saltstack/salt 6 https://github.com/xuxueli/xxl-job 6 https://github.com/CVEProject/cvelist 6 https://github.com/dnnsoftware/Dnn.Platform 6 https://github.com/OPCFoundation/UA-.NETStandard 6 https://github.com/backstage/backstage 6 https://github.com/istio/istio 6 https://github.com/npm/node-tar 6 https://github.com/OpenZeppelin/openzeppelin-contracts 6 https://github.com/hyperledger/fabric 6 https://github.com/contao/contao 6 https://github.com/OpenNMS/opennms 6 https://github.com/froxlor/froxlor 6 https://github.com/dromara/hutool 6 https://github.com/smarty-php/smarty 6 https://github.com/bodil/sized-chunks 6 https://github.com/magento/magento2 6 https://github.com/aubio/aubio 5 https://github.com/codeigniter4/CodeIgniter4 5 https://github.com/gogs/gogs 5 https://github.com/PrestaShop/PrestaShop 5 https://github.com/nautobot/nautobot 5 https://github.com/directus/directus 5 https://github.com/cilium/cilium 5 https://github.com/drupal/core 5 https://github.com/getkirby/kirby 5 https://github.com/apache/kylin 5 https://github.com/pear/Archive_Tar 5 https://github.com/protocolbuffers/protobuf 5 https://github.com/apache/hadoop 5 https://github.com/ethereum/go-ethereum 5 https://github.com/geoserver/geoserver 5 https://github.com/zopefoundation/Zope 5 https://github.com/hpcng/singularity 5 https://github.com/laravel/framework 5 https://github.com/apache/xmlgraphics-batik 5 https://github.com/cakephp/cakephp 5 https://github.com/BlackFan/client-side-prototype-pollution 5 https://github.com/forkcms/forkcms 5 https://github.com/faisalman/ua-parser-js 5 https://github.com/traefik/traefik 5 https://github.com/docker/docker 5 https://github.com/twisted/twisted 5 https://github.com/IBAX-io/go-ibax 5 https://github.com/answerdev/answer 5 https://github.com/matrix-org/matrix-js-sdk 5 https://github.com/cefsharp/CefSharp 5 https://github.com/apache/dolphinscheduler 5 https://github.com/composer/composer 5 https://github.com/vantage6/vantage6 4 https://github.com/tidwall/gjson 4 https://github.com/Codiad/Codiad 4 https://github.com/playframework/playframework 4 https://github.com/free5gc/free5gc 4 https://github.com/pimcore/admin-ui-classic-bundle 4 https://github.com/yiisoft/yii2 4 https://github.com/jenkinsci/workflow-cps-global-lib-plugin 4 https://github.com/scrapy/scrapy 4 https://github.com/ericcornelissen/shescape 4 https://github.com/livehelperchat/livehelperchat 4 https://github.com/0xJacky/nginx-ui 4 https://github.com/wixtoolset/issues 4 https://github.com/cri-o/cri-o 4 https://github.com/surrealdb/surrealdb 4 https://github.com/igniterealtime/Openfire 4 https://github.com/npm/cli 4 https://github.com/openstack/keystone 4 https://github.com/quarkusio/quarkus 4 https://github.com/ckeditor/ckeditor4 4 https://github.com/nightcloudos/new_cms 4 https://github.com/totaljs/framework 4 https://github.com/apple/swift-nio-http2 4 https://github.com/kubernetes/ingress-nginx 4 https://github.com/RaspAP/raspap-webgui 4 https://github.com/Froxlor/Froxlor 4 https://github.com/PrismJS/prism 4 https://github.com/jettison-json/jettison 4 https://github.com/ethyca/fides 4 https://github.com/restlet/restlet-framework-java 4 https://github.com/statamic/cms 4 https://github.com/containers/podman 4 https://github.com/bolt/bolt 4 https://github.com/containers/buildah 4 https://github.com/jnqnfe/pulse-binding-rust 4 https://github.com/jhipster/generator-jhipster 4 https://github.com/libp2p/go-libp2p 4 https://github.com/opencontainers/runc 4 https://github.com/phpseclib/phpseclib 4 https://github.com/fiveai/Cachet 4 https://github.com/pgadmin-org/pgadmin4 4 https://github.com/apache/geode 4 https://github.com/hashicorp/nomad 4 https://github.com/baserproject/basercms 4 https://github.com/cloudflare/cfrpki 4 https://github.com/centreon/centreon-archived 4 https://github.com/jeecgboot/jeecg-boot 4 https://github.com/containous/traefik 3 https://github.com/thorsten/phpMyFAQ 3 https://github.com/peteroupc/CBOR-Java 3 https://github.com/TryGhost/Ghost 3 https://github.com/vercel/next.js 3 https://github.com/yarnpkg/yarn 3 https://github.com/infor-design/enterprise-ng 3 https://github.com/openfga/openfga 3 https://github.com/pf4j/pf4j 3 https://github.com/nocodb/nocodb 3 https://github.com/dotnet/sdk 3