Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Low Security Advisories

Loading...
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZwZ2MtN2g3OC1neDhm
personnummer/js vulnerable to Improper Input Validation
Ecosystems: npm
Packages: personnummer
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXF2OHEtdjk5NS03Mmdy
personnummer/csharp vulnerable to Improper Input Validation
Ecosystems: nuget
Packages: personnummer
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 3 years ago
Low
GSA_kwCzR0hTQS12cmg3LTk5amgtM2Ztbc3StQ
Puppet arbitrary files overwrite via a symlink attack
Ecosystems: rubygems
Packages: puppet
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Low
GSA_kwCzR0hTQS0zcDVyLTdjdzMtMm02N84AAbli
Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat
Ecosystems: maven
Packages: org.apache.tomcat:tomcat
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJmcngtajloai02YzY1
User enumeration in authentication mechanisms
Ecosystems: packagist
Packages: lexik/jwt-authentication-bundle
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXA2OHYtZnJneC00cmpw
Denial of Service via Cache Flooding
Ecosystems: packagist
Packages: shopware/core, shopware/platform
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Low
GSA_kwCzR0hTQS03ajUyLTZmanAtNThncs0ynA
Inconsistent storage layout for ERC2771ContextUpgradeable
Ecosystems: npm
Packages: @openzeppelin/contracts-upgradeable
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Low
GSA_kwCzR0hTQS04eHd3LXgzZzMtNmpjds4AAxDv
ReDoS based DoS vulnerability in Action Dispatch
Ecosystems: rubygems
Packages: actionpack
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Low
GSA_kwCzR0hTQS00Z3Y1LXFodnItMzZ2ds3yag
Improper Link Resolution Before File Access in pip
Ecosystems: pypi
Packages: pip
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZndjktN3E0Zy1wbXZt
Persistent XSS in customer module in Shopware
Ecosystems: packagist
Packages: shopware/shopware
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Low
GSA_kwCzR0hTQS0zbXFmLWZ3YzYtdndxd84AAaYX
TYPO3 Cross-site scripting (XSS) vulnerability in the FORM content object
Ecosystems: packagist
Packages: typo3/cms-frontend
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Low
GSA_kwCzR0hTQS1jNGNtLXI5ZmgtamdqOc4AA5ML
commonground-api-common unexploitable privilege escalation in JWT authentication middleware
Ecosystems: pypi
Packages: vng-api-common-utrecht, vng-api-common, commonground-api-common
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXg1YzcteDdtMi1yaG1m
Local directory executable lookup in sops (Windows-only)
Ecosystems: go
Packages: go.mozilla.org/sops/v3
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 3 years ago
Low
GSA_kwCzR0hTQS1wajk2LTRqaHYtdjc5Ms4AArT9
Cross site scripting via cookies in gogs
Ecosystems: go
Packages: gogs.io/gogs
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS01Nng0LWo3cDktZmNmOc4AAui0
Command Injection in moment-timezone
Ecosystems: npm
Packages: moment-timezone
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWc3dzgtcHA5dy03cDMy
Creation of order credits was not validated by acl in admin orders
Ecosystems: packagist
Packages: shopware/core, shopware/platform
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 3 years ago
Low
GSA_kwCzR0hTQS1tYzhoLThxOTgtZzVocs4AAxzW
Race Condition Enabling Link Following and Time-of-check Time-of-use (TOCTOU) Race Condition in remove_dir_all
Ecosystems: cargo
Packages: remove_dir_all
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
Low
GSA_kwCzR0hTQS04Nmg1LXhjcHgtY2ZxY84AA5jS
ASA-2024-005: Potential slashing evasion during re-delegation
Ecosystems: go
Packages: github.com/cosmos/cosmos-sdk
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWpmZjMtbXdwMy1mOGN3
Exposure of Sensitive Information to an Unauthorized Actor in Products.GenericSetup
Ecosystems: pypi
Packages: Products.GenericSetup
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTcyNGMtNnZyZi05OXJx
Sensitive Data Exposure in loopback
Ecosystems: npm
Packages: loopback
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Low
GSA_kwCzR0hTQS0yM3EyLTVnZjgtZ2pwcM4AA7NN
Enabling Authentication does not close all logged in socket connections immediately
Ecosystems: npm
Packages: uptime-kuma
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 month ago
Low
GSA_kwCzR0hTQS1td200LTVxd3ItZzlwZs1Bjw
Keycloak is vulnerable to IDN homograph attack
Ecosystems: maven
Packages: org.keycloak:keycloak-services
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJtaGgtdzZxOC01aHh3
Remote Memory Disclosure in ws
Ecosystems: npm
Packages: ws
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 5 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZjcGMtbWo1Yy1tOXJx
Arbitrary File Write in cli
Ecosystems: npm
Packages: cli
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 5 years ago
Low
GSA_kwCzR0hTQS1qamh4LWpodnAtNzR3cc4AA5jN
Rails has possible ReDoS vulnerability in Accept header parsing in Action Dispatch
Ecosystems: rubygems
Packages: actionpack
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWNoNTItdmdxMi05NDNm
Regular Expression Denial of Service in marked
Ecosystems: npm
Packages: marked
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZ4ZjYtdzltcC05NWht
Puppet supports use of IP addresses in certnames without warning of potential risks
Ecosystems: rubygems
Packages: puppet
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 6 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLThqeGotOXI1Zi13M20y
Puppet allows local users to obtain sensitive configuration information
Ecosystems: rubygems
Packages: puppet
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 6 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWZxcnItcnJ3Zy02OXB2
Local API Login Credentials Disclosure in paratrooper-pingdom
Ecosystems: rubygems
Packages: paratrooper-pingdom
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 6 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW14OWYtdzhxcS1xNWpm
rest-client allows local users to obtain sensitive information by reading the log
Ecosystems: rubygems
Packages: rest-client
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 6 years ago
Low
GSA_kwCzR0hTQS04bXZ3LTIycjctdzZmcc3iEg
ruby_parser allows local users to overwrite arbitrary files via symlink attack on temporary file with predictable name
Ecosystems: rubygems
Packages: ruby_parser
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Low
GSA_kwCzR0hTQS1qNmdjLTc5Mm0tcWdtMs4AAxDy
ReDoS based DoS vulnerability in Active Support's underscore
Ecosystems: rubygems
Packages: activesupport
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Low
GSA_kwCzR0hTQS0yM2MyLWd3cDUtcHh3Oc4AAxDr
ReDoS based DoS vulnerability in GlobalID
Ecosystems: rubygems
Packages: globalid
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Low
GSA_kwCzR0hTQS13aHB4LXEzcnEtdzhqY84AAve6
Hardening of TypedArrays with non-canonical numeric property names in SES
Ecosystems: npm
Packages: ses
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Low
GSA_kwCzR0hTQS1wdjg4LWo2cmctcjU2cM4AAdTd
Jenkins allows attackers to obtain sensitive information
Ecosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWYzNjYtNHJ2di05NXgy
Buffer overflow in deprecated USB HALs and stack overflow in USB enumeration
Ecosystems: pypi
Packages: cryptoauthlib
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Low
GSA_kwCzR0hTQS03eDZxLTN2M20tY3dqZ84AAy8N
kiwi TCMS has possibility for user to update email address to unverified one
Ecosystems: pypi
Packages: kiwitcms
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWdxZjYtNzV2OC12cjI2
Arbitrary File Write in bin-links
Ecosystems: npm
Packages: bin-links
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Low
GSA_kwCzR0hTQS0yNW14LThmM3YtOHdoN84AAzpM
sequoia-openpgp vulnerable to out-of-bounds array access leading to panic
Ecosystems: cargo
Packages: sequoia-openpgp
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 12 months ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXYzanYtd3JmNC01ODQ1
Local Privilege Escalation in npm
Ecosystems: npm
Packages: npm
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Low
GSA_kwCzR0hTQS04Mmp2LTl3anctcHFoNs4AA7KU
Prototype pollution in emit function
Ecosystems: npm
Packages: derby
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 month ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWcycWotcG14bS05Zjhm
User enumeration in authentication mechanisms
Ecosystems: packagist
Packages: symfony/symfony, symfony/security-http
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 3 years ago
Low
GSA_kwCzR0hTQS13eGd3LXFqOTktNDRjMs0hQQ
Prototype Pollution in node-forge util.setPath API
Ecosystems: npm
Packages: node-forge
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLThmeGMtcW02NS12cHhn
Temporary urls leaked via logging
Ecosystems: pypi
Packages: swift
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWh2NTMtdmY1bS04cTk0
personnummer/go vulnerable to Improper Input Validation
Ecosystems: go
Packages: github.com/personnummer/go
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
Low
GSA_kwCzR0hTQS01ZnF2LW1wajgtaDdnbc4AAx5N
Lemur subject to insecure random generation
Ecosystems: pypi
Packages: lemur
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWc2MzYtcTVmYy00cHI3
accounts: Hash account number using Salt
Ecosystems: go
Packages: github.com/moov-io/customers
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWdtcTItMzlmZi1mNXFn
A failed upgrade may lead to hung goroutines
Ecosystems: go
Packages: github.com/cloudflare/tableflip
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTg1cmYteGg1NC13aHAz
Malicious URL drafting attack against iodines static file server may allow path traversal
Ecosystems: rubygems
Packages: iodine
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 4 years ago
Low
GSA_kwCzR0hTQS1oNTl4LXA3MzktOTgyY84AA5ue
LangChain directory traversal vulnerability
Ecosystems: pypi
Packages: langchain-core, langchain
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW1ndjItNTd2ai05OXhj
Low severity vulnerability that affects eye.js
Ecosystems: npm
Packages: eye.js
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 4 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTltcnEtY2pnaC0zMmcy
Low severity vulnerability that affects smartbanner.js
Ecosystems: npm
Packages: smartbanner.js
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 4 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXd4aHEtcG04di1jdzc1
Regular Expression Denial of Service in clean-css
Ecosystems: npm
Packages: clean-css
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 5 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXdyNXItbThwYy04NWo5
Improper Restriction of XML External Entity Reference in org.springframework.integration:spring-integration-ws and org.springframework.integration:spring-integration-xml
Ecosystems: maven
Packages: org.springframework.integration:spring-integration-ws, org.springframework.integration:spring-integration-xml
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 5 years ago
Low
GSA_kwCzR0hTQS1meHJjLWhnNmotNnYzeM4AAwSH
hutool-json vulnerable to memory exhaustion
Ecosystems: maven
Packages: cn.hutool:hutool-json
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Low
GSA_kwCzR0hTQS1xN3BwLXdjZ3ItcGZmeM4AA1rS
Crash when processing crafted TIFF files
Ecosystems: go
Packages: github.com/disintegration/imaging
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 9 months ago
Low
GSA_kwCzR0hTQS1tcnI4LXY0OXctMzMzM84AA0iP
sweetalert2 v11.6.14 and above contains potentially undesirable behavior
Ecosystems: npm
Packages: sweetalert2
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 10 months ago
Low
GSA_kwCzR0hTQS1qNDM2LWg3aG0tcng0Ns4AATVN
Puppet Labs Facter allows local users to obtain sensitive Amazon EC2 IAM instance metadata
Ecosystems: rubygems
Packages: facter
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Low
GSA_kwCzR0hTQS0yOHI5LXBxNGMtd3AzY84AAu94
personnummer/rust vulnerable to Improper Input Validation
Ecosystems: cargo
Packages: personnummer
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Low
GSA_kwCzR0hTQS0zZm1xLXg5cTYtd20zOc4AA8Rz
random_compat Uses insecure CSPRNG
Ecosystems: packagist
Packages: paragonie/random_compat
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 days ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW1yNnItbXZ3NC03MzZn
Vyper interfaces returning integer types less than 256 bits can be manipulated if uint256 is used
Ecosystems: pypi
Packages: vyper
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 4 years ago
Low
GSA_kwCzR0hTQS01ZnA2LTR4dzMteHFxM84AAzyU
@keystone-6/core's bundled cuid package known to be insecure
Ecosystems: npm
Packages: @keystone-6/core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 11 months ago
Low
GSA_kwCzR0hTQS05d3J3LXA5cm0tcjc4Ms4AA8Rx
onelogin/php-saml Improper signature validation on LogoutRequest/LogoutResponse.
Ecosystems: packagist
Packages: onelogin/php-saml
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 days ago
Low
GSA_kwCzR0hTQS1xZmg5LThwNTctbWpqas4AAzx5
git-url-parse crate vulnerable to Regular Expression Denial of Service
Ecosystems: cargo
Packages: git-url-parse
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 11 months ago
Low
GSA_kwCzR0hTQS0yOW1mLTYyeHgtMjhqcc4AAzpN
buffered-reader vulnerable to out-of-bounds array access leading to panic
Ecosystems: cargo
Packages: buffered-reader
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 12 months ago
Low
GSA_kwCzR0hTQS1ydzc1LW03Z3AtOTJtM84AAVFB
Django data leakage via querystring manipulation in admin
Ecosystems: pypi
Packages: Django
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Low
GSA_kwCzR0hTQS1wd2c3LTRoeHYtdjRjd84AAivO
Plaintext Storage in Jenkins Spira Importer Plugin
Ecosystems: maven
Packages: com.inflectra.spiratest.plugins:inflectra-spira-integration
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS1mNTd2LXE5NjYtN2ZoNs4AA8I3
Monolog Header injection in NativeMailerHandler
Ecosystems: packagist
Packages: monolog/monolog
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 days ago
Low
GSA_kwCzR0hTQS02d2p3LXFmODctZnY1ds4AA8Ii
Laravel Encrypter Failure to decryption vulnerability
Ecosystems: packagist
Packages: illuminate/encryption
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 days ago
Low
GSA_kwCzR0hTQS1jcDM5LTQzeHItMndycM30Lw
Moodle XSS Vulnerability
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Low
GSA_kwCzR0hTQS0zNjMzLTVoODItMzlwcc4AAu1W
Go-tuf Improperly handles multiple key IDs for the same public keys in attacker-controlled metadata
Ecosystems: go
Packages: github.com/theupdateframework/go-tuf
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTNmdzgtNjZ3Zi1wcjdt
methodOverride Middleware Reflected Cross-Site Scripting in connect
Ecosystems: npm
Packages: connect
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Low
GSA_kwCzR0hTQS1xcTZoLTVnNmotcTNjbc4AAwBN
sweetalert2 v11.4.9 and above contains hidden functionality
Ecosystems: npm
Packages: sweetalert2
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Low
GSA_kwCzR0hTQS1oM2doLTk3OHItNzQ3d84AATUz
puppetlabs-rabbitmq allows local users to obtain sensitive information
Ecosystems: hex
Packages: puppetlabs-rabbitmq
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Low
GSA_kwCzR0hTQS04amg5LXdxcGYtcTUyY84AAwBV
sweetalert2 v8.19.1 and above contains hidden functionality
Ecosystems: npm
Packages: sweetalert2
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJyNWgtZ2g0eC04aHA5
Resources Downloaded over Insecure Protocol in igniteui
Ecosystems: npm
Packages: igniteui
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 5 years ago
Low
GSA_kwCzR0hTQS03Yzk0LWd2dmotcjNtZ84AAzot
cheqd-node affected by Inter-blockchain Communication (IBC) protocol "Huckleberry" vulnerability
Ecosystems: go
Packages: github.com/cheqd/cheqd-node
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 12 months ago
Low
GSA_kwCzR0hTQS02OGMyLTRtcHgtcWg5Nc4AA5rz
Potential leakage of Sentry auth tokens by React Native SDK with Expo plugin
Ecosystems: npm
Packages: @sentry/react-native
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
Low
GSA_kwCzR0hTQS01Y3BxLTh3ajctaGYyds4AAzmB
Vulnerable OpenSSL included in cryptography wheels
Ecosystems: pypi
Packages: cryptography
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 12 months ago
Low
GSA_kwCzR0hTQS12cHFwLWh4NjgtcDJ3eM4AATkx
Improper Link Resolution Before File Access in Suds
Ecosystems: pypi
Packages: suds
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXE0M20tZmZ3ci1ycGNj
SSL Validation Defaults to False in electron-packager
Ecosystems: npm
Packages: electron-packager
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 5 years ago
Low
GSA_kwCzR0hTQS1weHY1LTV2bXAtM2pqNM4AAb0u
Improper Authentication in Apache Hadoop
Ecosystems: maven
Packages: org.apache.hadoop:hadoop-common
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Low
GSA_kwCzR0hTQS12bTY5LTQ3NHYtN3Eyd83iMA
Incorrect Default Permissions in Apache Commons FileUpload
Ecosystems: maven
Packages: commons-fileupload:commons-fileupload
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTdqZmgtMnhjOS1jY3Y3
Cross-Site Scripting in public
Ecosystems: npm
Packages: public
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 5 years ago
Low
GSA_kwCzR0hTQS1oODZqLTZoNm0tcWpxd80Z7g
Cross-Site Request Forgery in remdex/livehelperchat
Ecosystems: packagist
Packages: remdex/livehelperchat
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
Low
GSA_kwCzR0hTQS1wODR2LTQ1eGotd3dxas4AAxDz
ReDoS based DoS vulnerability in Action Dispatch
Ecosystems: rubygems
Packages: actionpack
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Low
GSA_kwCzR0hTQS00NTdyLWNxYzgtOXZqOc4AAwBT
sweetalert2 v10.16.10 and above contains hidden functionality
Ecosystems: npm
Packages: sweetalert2
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWM3ajctcDVqcS0yNmZm
Insecure use of temporary files in passenger
Ecosystems: rubygems
Packages: passenger
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 5 years ago
Low
GSA_kwCzR0hTQS1wNG01LTMycHItMmhxcs4AA5gm
PyPop C extensions possible vulnerability: missing arguments and redundant null pointers
Ecosystems: pypi
Packages: pypop-genomics
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 months ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTlwcjMtNzQ0OS05Nzdy
Cross-Site Scripting in express-cart
Ecosystems: npm
Packages: express-cart
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Low
GSA_kwCzR0hTQS04aGM1LXJtZ2YtcXg2cM4AA3a0
Keycloak vulnerable to LDAP Injection on UsernameForm Login
Ecosystems: maven
Packages: org.keycloak:keycloak-services, org.keycloak:keycloak-ldap-federation
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
Low
GSA_kwCzR0hTQS1nODkyLTloOG0tcjY5cs4AAWKU
Libcloud does not properly scrub data when destroying a DigitalOcean node
Ecosystems: pypi
Packages: apache-libcloud
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW04Nm0tNW00NC1wYzkz
Denial of Service in grpc-ts-health-check
Ecosystems: npm
Packages: grpc-ts-health-check
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWh4NzgtMjcycC1tcXFo
Authorization Bypass in graphql-shield
Ecosystems: npm
Packages: graphql-shield
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Low
GSA_kwCzR0hTQS1oOXdxLXhjcXgtbXF4bc4AA0m0
Vendure Cross Site Request Forgery vulnerability impacting all API requests
Ecosystems: npm
Packages: @vendure/core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 10 months ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJtajgtcGozai1oMzYy
Symlink reference outside of node_modules in bin-links
Ecosystems: npm
Packages: bin-links
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Low
GSA_kwCzR0hTQS1xcWgyLWg2Z3ctNng4eM4AAX1Z
Typo3 XSS Vulnerabilities
Ecosystems: packagist
Packages: typo3/cms
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Low
GSA_kwCzR0hTQS04OWYzLTc0bTYtZzI3Z830lg
Moodle Multiple cross-site scripting (XSS) vulnerabilities in the File Picker module
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTIyaDctN3d3Zy1xbWdn
Prototype Pollution in @hapi/hoek
Ecosystems: npm
Packages: @hapi/hoek
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Low
GSA_kwCzR0hTQS1tNDlmLWhjeHAtNmhtNs0WsA
pterodactyl/panel CSRF allowing an external page to trigger a user logout event
Ecosystems: packagist
Packages: pterodactyl/panel
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Statistics
Advisories: 18,774
Packages: 8,381
Repositories: 451
Ecosystems: 12
Filter by Severity
Moderate 8,161 High 6,452 Critical 2,849 Low 1,017
Filter by Ecosystem
pypi 458 maven 282 packagist 181 npm 129 go 125 rubygems 48 cargo 40 nuget 19 hex 3 pub 1 swift 1 actions 1
Filter by Package
tensorflow 109 tensorflow-gpu 93 tensorflow-cpu 93 moodle/moodle 17 concrete5/concrete5 13 shopware/platform 12 typo3/cms 11 github.com/mattermost/mattermost/server/v8 10 phpmyadmin/phpmyadmin 10 shopware/core 10 nova 9 org.apache.tomcat:tomcat 9 org.jenkins-ci.main:jenkins-core 9 matrix-synapse 7 vyper 7 Umbraco.CMS 6 puppet 6 undici 5 k8s.io/kubernetes 5 wasmtime 5 sweetalert2 5 rack 5 helm.sh/helm/v3 5 typo3/cms-core 5 october/backend 5 baserproject/basercms 5 ansible 5 shopware/shopware 4 github.com/cilium/cilium 4 helm.sh/helm 4 electron 4 org.keycloak:keycloak-services 4 simplesamlphp/simplesamlphp 4 magento/community-edition 4 github.com/mattermost/mattermost-server/v6 4 com.vaadin:flow-server 4 actionpack 4 github.com/cosmos/cosmos-sdk 3 bin-links 3 go.etcd.io/etcd 3 nautobot 3 ethyca-fides 3 plone 3 org.graylog2:graylog2-server 3 @openzeppelin/contracts-upgradeable 3 wagtail 3 org.apache.hive:hive-exec 3 com.vaadin:vaadin-bom 3 org.apache.hive:hive-service 3 ckb 3 org.apache.hive:hive 3 node-forge 3 glance 3 passenger 3 cryptography 3 httplib2 3 sylius/sylius 3 symfony/symfony 3 github.com/mattermost/mattermost-server 3 craftcms/cms 2 silverstripe/framework 2 Flask-Security-Too 2 winter/wn-backend-module 2 org.apache.activemq:activemq-parent 2 braces 2 django 2 github.com/opencontainers/runc 2 github.com/authzed/spicedb 2 org.jenkins-ci.plugins:azure-ad 2 next-auth 2 org.jenkins-ci.plugins:bigpanda-jenkins 2 github.com/cometbft/cometbft 2 org.jenkins-ci.plugins:wso2id-oauth 2 activesupport 2 org.jenkins-ci.plugins:artifactory 2 github.com/mattermost/mattermost-plugin-jira 2 horizon 2 vantage6 2 s2n-quic 2 cargo 2 org.jenkins-ci.plugins:mercurial 2 org.jenkins-ci.plugins:repository-connector 2 Zope 2 go.etcd.io/etcd/client/v3 2 github.com/mutagen-io/mutagen 2 typo3/cms-install 2 aiohttp 2 grumpydictator/firefly-iii 2 moin 2 github.com/answerdev/answer 2 com.inedo.proget:inedo-proget 2 github.com/sigstore/cosign 2 org.jenkins-ci.plugins:ec2 2 github.com/containerd/containerd 2 Pillow 2 Django 2 node-ipc 2 salt 2 ceph-deploy 2 @apollo/server 2 tools.devnull:build-notifications 2 @openzeppelin/contracts 2 OctoPrint 2 flarum/core 2 parse-server 2 com.ruoyi:ruoyi 2 github.com/ntbosscher/gobase 2 langchain 2 Nova 2 github.com/hashicorp/nomad 2 gilacms/gila 2 october/cms 2 Flask-AppBuilder 2 ezsystems/ezplatform-kernel 2 keystone 2 ezsystems/ezpublish-kernel 2 microweber/microweber 2 typo3/cms-frontend 2 org.xwiki.platform:xwiki-platform-oldcore 2 pip 2 tuf 2 org.bouncycastle:bcprov-jdk14 2 symfony/security-http 2 org.eclipse.jetty:jetty-server 2 kafo 1 go.elastic.co/apm 1 Werkzeug 1 mindspore 1 github.com/nats-io/nats-server/v2 1 wiremock 1 com.github.tomakehurst:wiremock-jre8-standalone 1 com.github.tomakehurst:wiremock-jre8 1 org.wiremock:wiremock 1 org.wiremock:wiremock-standalone 1 django-basic-auth-ip-whitelist 1 qutebrowser 1 rabbit_common 1 automad/automad 1 github.com/Masterminds/goutils 1 @liquity/contracts 1 org.bouncycastle:bcprov-jdk18on 1 org.scala-sbt:io_3 1 org.scala-sbt:io_2.13 1 org.bouncycastle:bcprov-jdk15to18 1 org.scala-sbt:io_2.12 1 org.bouncycastle:bcprov-jdk13 1 org.scala-sbt:sbt 1 org.bouncycastle:bcprov-jdk12 1 io.jenkins.plugins:gitlab-branch-source 1 org.springframework.batch:spring-batch-core 1 org.jenkins-ci.plugins:ghprb 1 com.xuxueli:xxl-job-core 1 org.keycloak:keycloak-core 1 org.jenkins-ci.plugins:openshift-deployer 1 @diez/generation 1 virtualenv 1 com.typesafe.play:play 1 nokogiri 1 ember-source 1 github.com/oauth2-proxy/oauth2-proxy 1 @aedart/support 1 streamlit 1 github.com/oauth2-proxy/oauth2-proxy/v7 1 org.jenkins-ci.plugins:reverse-proxy-auth-plugin 1 thelounge 1 org.xmlunit:xmlunit-core 1 org.keycloak:keycloak-parent 1 merge-objects 1 bigint-money 1 put 1 firebase-tools 1 debug 1 solidus_backend 1 phpmyfaq/phpmyfaq 1 apostrophe 1 admidio/admidio 1 org.eclipse.jetty:jetty-openid 1 spina 1 org.keycloak:keycloak-server-spi-private 1 datasette-graphql 1 plone.restapi 1 github.com/flyteorg/flyteadmin 1 markdown-link-extractor 1 type-graphql 1 github.com/containers/podman/v4 1 xmpp-http-upload 1 tqdm 1 github.com/slsa-framework/slsa-verifier/v2 1 personnummer 1 github.com/slsa-framework/slsa-verifier 1 org.jenkins-ci.plugins:telegrambot 1 vodozemac 1 flarum/framework 1 net.sf.mpxj:mpxj 1 net.sf.mpxj 1 net.sf.mpxj-for-csharp 1 hyper 1 org.xwiki.platform:xwiki-platform-security-authentication-script 1 net.sf.mpxj-for-vb 1 mpxj 1
Filter by Repository
https://github.com/tensorflow/tensorflow 109 https://github.com/moodle/moodle 17 https://github.com/concretecms/concretecms 13 https://github.com/shopware/platform 12 https://github.com/openstack/nova 11 https://github.com/etcd-io/etcd 8 https://github.com/umbraco/Umbraco-CMS 7 https://github.com/matrix-org/synapse 7 https://github.com/phpmyadmin/phpmyadmin 7 https://github.com/eclipse/jetty.project 7 https://github.com/vyperlang/vyper 7 https://github.com/octobercms/october 7 https://github.com/rails/rails 6 https://github.com/sweetalert2/sweetalert2 5 https://github.com/nodejs/undici 5 https://github.com/rack/rack 5 https://github.com/ansible/ansible 5 https://github.com/helm/helm 5 https://github.com/kubernetes/kubernetes 5 https://github.com/keycloak/keycloak 5 https://github.com/bytecodealliance/wasmtime 5 https://github.com/baserproject/basercms 5 https://github.com/TYPO3/typo3 5 https://github.com/xwiki/xwiki-platform 5 https://github.com/puppetlabs/puppet 5 https://github.com/jenkinsci/jenkins 5 https://github.com/simplesamlphp/simplesamlphp 4 https://github.com/apache/tomcat 4 https://github.com/cilium/cilium 4 https://github.com/wintercms/winter 4 https://github.com/electron/electron 4 https://github.com/shopware/shopware 4 https://github.com/mattermost/mattermost 4 https://github.com/vaadin/platform 4 https://github.com/wagtail/wagtail 3 https://github.com/nautobot/nautobot 3 https://github.com/Graylog2/graylog2-server 3 https://github.com/django/django 3 https://github.com/digitalbazaar/forge 3 https://github.com/phusion/passenger 3 https://github.com/vaadin/flow 3 https://github.com/vantage6/vantage6 3 https://github.com/symfony/symfony 3 https://github.com/httplib2/httplib2 3 https://github.com/nervosnetwork/ckb 3 https://github.com/cosmos/cosmos-sdk 3 https://github.com/pyca/cryptography 3 https://github.com/ethyca/fides 3 https://github.com/Sylius/Sylius 3 https://github.com/CVEProject/cvelist 3 https://github.com/openstack/keystone 3 https://github.com/answerdev/answer 2 https://github.com/saltstack/salt 2 https://github.com/openstack/glance 2 https://github.com/aio-libs/aiohttp 2 https://github.com/aws/s2n-quic 2 https://github.com/ezsystems/ezplatform-kernel 2 https://github.com/ntbosscher/gobase 2 https://github.com/microweber/microweber 2 https://github.com/zopefoundation/Zope 2 https://github.com/quarkusio/quarkus 2 https://github.com/cometbft/cometbft 2 https://github.com/containerd/containerd 2 https://github.com/RIAEvangelist/node-ipc 2 https://github.com/Flask-Middleware/flask-security 2 https://github.com/TYPO3/TYPO3.CMS 2 https://github.com/bcgit/bc-java 2 https://github.com/hashicorp/nomad 2 https://github.com/OpenZeppelin/openzeppelin-contracts 2 https://github.com/nats-io/nats-server 2 https://github.com/jenkinsci/ec2-plugin 2 https://github.com/nextauthjs/next-auth 2 https://github.com/ceph/ceph-deploy 2 https://github.com/apollographql/apollo-server 2 https://github.com/apache/activemq 2 https://gitlab.com/sequoia-pgp/sequoia 2 https://github.com/GilaCMS/gila 2 https://github.com/opencontainers/runc 2 https://github.com/mutagen-io/mutagen 2 https://github.com/theupdateframework/python-tuf 2 https://github.com/parse-community/parse-server 2 https://github.com/openstack/horizon 2 https://github.com/octoprint/octoprint 2 https://github.com/dpgaspar/Flask-AppBuilder 2 https://github.com/opencontainers/distribution-spec 2 https://github.com/firefly-iii/firefly-iii 2 https://github.com/pypa/pip 2 https://github.com/sigstore/cosign 2 https://github.com/flarum/framework 2 https://github.com/rust-lang/cargo 2 https://github.com/authzed/spicedb 2 https://github.com/mattermost/mattermost-plugin-jira 2 https://github.com/micromatch/braces 2 https://github.com/craftcms/cms 2 https://github.com/tinymce/tinymce 1 https://github.com/ezsystems/ezpublish-kernel 1 https://github.com/NVIDIA/NeMo 1 https://github.com/vapor/postgres-nio 1 https://github.com/vega/vega 1 https://github.com/jquery-validation/jquery-validation 1 https://github.com/keylime/keylime 1 https://github.com/Azure/setup-kubectl 1 https://github.com/spinacms/spina 1 https://github.com/decidim/decidim 1 https://github.com/swagger-api/swagger-codegen 1 https://github.com/knative-extensions/eventing-github 1 https://github.com/simplegeo/python-oauth2 1 https://github.com/personnummer/csharp 1 https://github.com/Consensys/gnark-crypto 1 https://github.com/http4s/http4s 1 https://github.com/admidio/admidio 1 https://github.com/httpie/httpie 1 https://github.com/waysact/webpack-subresource-integrity 1 https://github.com/keystonejs/keystone 1 https://github.com/spring-projects/spring-data-rest 1 https://github.com/Twipped/ircdkit 1 https://github.com/directus/directus 1 https://github.com/cloudfoundry/uaa 1 https://github.com/plone/Products.CMFPlone 1 https://github.com/jenkinsci/mercurial-plugin 1 https://github.com/canonical/lxd 1 https://github.com/yiisoft/yii2-authclient 1 https://github.com/skylot/jadx 1 https://github.com/Masterminds/goutils 1 https://github.com/google/zerocopy 1 https://github.com/dojo/dijit 1 https://github.com/jeremylong/DependencyCheck 1 https://github.com/tauri-apps/tauri 1 https://github.com/node-red/node-red 1 https://github.com/ubernostrum/django-registration 1 https://github.com/rails/globalid 1 https://github.com/moq/moq 1 https://github.com/personnummer/php 1 https://github.com/openjdk/jfx 1 https://github.com/livehelperchat/livehelperchat 1 https://github.com/CosmWasm/cosmwasm 1 https://github.com/endojs/endo 1 https://github.com/cjvnjde/google-translate-api-browser 1 https://github.com/puma/puma 1 https://github.com/floriangaerber/Magnesium-PHP 1 https://github.com/zowe/imperative 1 https://github.com/derbyjs/derby 1 https://github.com/jenkinsci/digitalocean-plugin 1 https://github.com/croogo/croogo 1 https://github.com/theupdateframework/go-tuf 1 https://github.com/thelounge/thelounge 1 https://github.com/Cyber-Domain-Ontology/CDO-Utility-Local-UUID 1 https://github.com/joeferner/redis-commander 1 https://github.com/fastify/fastify-http-proxy 1 https://github.com/brefphp/bref 1 https://github.com/electron-userland/electron-packager 1 https://github.com/ktorio/ktor 1 https://github.com/PrestaShop/productcomments 1 https://github.com/mlflow/mlflow 1 https://github.com/kopia/kopia 1 https://github.com/jenkinsci/qmetry-for-jira-test-management-plugin 1 https://github.com/fluent/fluentd 1 https://github.com/python-imaging/Pillow 1 https://github.com/jenkinsci/email-ext-plugin 1 https://github.com/jcubic/jquery.terminal 1 https://github.com/medikoo/es5-ext 1 https://github.com/lexik/LexikJWTAuthenticationBundle 1 https://github.com/kitabisa/teler 1 https://github.com/jenkinsci/inedo-buildmaster-plugin 1 https://github.com/onionshare/onionshare 1 https://github.com/sparklemotion/sqlite3-ruby 1 https://github.com/memorysafety/sudo-rs 1 https://github.com/ericcornelissen/shescape 1 https://github.com/alphagov/tech-docs-gem 1 https://github.com/tailscale/tailscale 1 https://github.com/Nebulosus/shamir 1 https://github.com/ajenti/ajenti 1 https://github.com/xuxueli/xxl-job 1 https://github.com/yourls/yourls 1 https://github.com/bbatsov/rubocop 1 https://github.com/dan1hc/fgr 1 https://github.com/jenkinsci/github-plugin 1 https://github.com/kiwitcms/Kiwi 1 https://github.com/gradle/gradle 1 https://gitlab.com/edneville/please 1 https://github.com/xmlunit/xmlunit 1 https://github.com/octokit/octopoller.rb 1 https://github.com/disintegration/imaging 1 https://github.com/node-js-libs/cli 1 https://github.com/Brondahl/EnumStringValues 1 https://github.com/foxcpp/maddy 1 https://github.com/jenkinsci/git-client-plugin 1 https://github.com/personnummer/go 1 https://github.com/amundsen-io/amundsenfrontendlibrary 1 https://github.com/elastic/apm-agent-go 1 https://github.com/rust-vmm/linux-loader 1 https://github.com/jenkinsci/resource-disposer-plugin 1 https://github.com/zopefoundation/Products.GenericSetup 1 https://github.com/npm/npm 1 https://github.com/triaxtec/openapi-python-client 1 https://github.com/arguiot/EyeJS 1 https://github.com/dub-flow/vulnerability-research 1 https://github.com/jenkinsci/gitlab-plugin 1 https://github.com/impredicative/bitlyshortener 1