Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Low Security Advisories

Loading...
Low
GSA_kwCzR0hTQS05cGM4LW00dnAtZ2d2Zs4AA2kI
Artifact Hub allows unsafe rego built-in
Ecosystems: go
Packages: github.com/artifacthub/hub
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 months ago
Low
GSA_kwCzR0hTQS02ZjN2LTJyMmotMnJwcs4AA70x
Kimai information disclosure vulnerability
Ecosystems: packagist
Packages: kimai/kimai
Source: GitHub Advisory Database
Blast Radius: 4.5
Published: 12 days ago
Low
GSA_kwCzR0hTQS04ODVyLWhocHItY2M5cM4AA2rO
Jenkins Gogs Plugin uses non-constant time webhook token comparison
Ecosystems: maven
Packages: org.jenkins-ci.plugins:gogs-webhook
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 months ago
Low
GSA_kwCzR0hTQS12NHc1LXAyaGctOGZoNs4AAcGU
Urllib3 Incorrect Certificate Validation
Ecosystems: pypi
Packages: urllib3
Source: GitHub Advisory Database
Blast Radius: 20.8
Published: about 2 years ago
Low
GSA_kwCzR0hTQS01dzV4LXE5cDUtOXFnM84AAuBj
OctoPrint does not have rate limiting on the login page
Ecosystems: pypi
Packages: OctoPrint
Source: GitHub Advisory Database
Blast Radius: 2.9
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS0zaHZqLTNjZzktdjI0Ms4AAx6e
Saleor Unauthenticated Information Disclosure Vulnerability via Python Exceptions
Ecosystems: pypi
Packages: saleor
Source: GitHub Advisory Database
Blast Radius: 1.1
Published: about 1 year ago
Low
GSA_kwCzR0hTQS1tbTMyLWp3NzMtOTIyN84AAesM
Plone is vulnerable to File System Path Exposure
Ecosystems: pypi
Packages: plone
Source: GitHub Advisory Database
Blast Radius: 3.1
Published: about 2 years ago
Low
GSA_kwCzR0hTQS04ODU5LXY5anAtY3BoZs4AA2rz
Jenkins Multibranch Scan Webhook Trigger Plugin uses non-constant time webhook token comparison
Ecosystems: maven
Packages: igalg.jenkins.plugins:multibranch-scan-webhook-trigger
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 months ago
Low
GSA_kwCzR0hTQS12dnA3LXI0MjItcng4M84AAyu5
Unauthenticated user can have information about hidden users on subwikis through uorgsuggest.vm
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-web-templates
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Low
GSA_kwCzR0hTQS1qeDdjLTdtajUtOTQzOM4AAvGq
Apache Tomcat Race Condition vulnerability
Ecosystems: maven
Packages: org.apache.tomcat:tomcat
Source: GitHub Advisory Database
Blast Radius: 9.8
Published: over 1 year ago
Low
GSA_kwCzR0hTQS1mdjd4LXY2N3ctY3Zxds4AAu-J
Spring Data REST can expose hidden entity attributes
Ecosystems: maven
Packages: org.springframework.data:spring-data-rest-core
Source: GitHub Advisory Database
Blast Radius: 12.4
Published: over 1 year ago
Low
GSA_kwCzR0hTQS1ydjhoLXA0M3ItNHg1cs4AAdHu
SimpleGeo python-oauth2 vulnerable to the use of Insufficiently Random Values to generate nonces
Ecosystems: pypi
Packages: oauth2
Source: GitHub Advisory Database
Blast Radius: 14.2
Published: about 2 years ago
Low
GSA_kwCzR0hTQS1nOTZjLXg3cmgtOTlyM84AA0Xm
Graylog vulnerable to insecure source port usage for DNS queries
Ecosystems: maven
Packages: org.graylog2:graylog2-server
Source: GitHub Advisory Database
Blast Radius: 7.3
Published: 11 months ago
Low
GSA_kwCzR0hTQS00Zjc0LTg0djMtajlxNc4AA2C1
matrix-synapse vulnerable to temporary storage of plaintext passwords during password changes
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 5.2
Published: 8 months ago
Low
GSA_kwCzR0hTQS03NW1jLTNwamMtNzI3cc4AA3uo
Unauthenticated db-file-storage views
Ecosystems: pypi
Packages: nautobot
Source: GitHub Advisory Database
Blast Radius: 6.2
Published: 5 months ago
Low
GSA_kwCzR0hTQS1yZjU0LTdxcnItOTZqNs4AA2ea
vantage6 does not properly delete linked resources when deleting a collaboration
Ecosystems: pypi
Packages: vantage6
Source: GitHub Advisory Database
Blast Radius: 3.5
Published: 7 months ago
Low
GSA_kwCzR0hTQS0yanh4LTJ4OTMtMnEyZs4AAvdu
Non-constant time webhook token comparison in Jenkins Generic Webhook Trigger Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:generic-webhook-trigger
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Low
GSA_kwCzR0hTQS05dzk3LTlycXgtOHY0as4AA4Jd
Mattermost allows demoted guests to change group names
Ecosystems: go
Packages: github.com/mattermost/mattermost/server/v8
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 5 months ago
Low
GSA_kwCzR0hTQS00MzQ4LXgyOTItaDQzN84AAwoe
GoBase Race Condition vulnerability
Ecosystems: go
Packages: github.com/ntbosscher/gobase
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Low
GSA_kwCzR0hTQS13d3hoLTc0ZngtMzNjNs4AAzCl
Possible prototype pollution in metadata record, when using meta decorator
Ecosystems: npm
Packages: @aedart/support
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
Low
GSA_kwCzR0hTQS1tcjhxLTdmNWotd2M3Oc4AAmnC
Magento information disclosure vulnerability
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 4.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS1oM2dxLWo3cDkteDNwNM4AA4Gf
Mattermost Cross-site Scripting vulnerability
Ecosystems: go
Packages: github.com/mattermost/mattermost/server/v8
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 5 months ago
Low
GSA_kwCzR0hTQS04MnZ4LW1tNnItZ2c4d84AA4_5
Bref vulnerable to Body Parsing Inconsistency in Event-Driven Functions
Ecosystems: packagist
Packages: bref/bref
Source: GitHub Advisory Database
Blast Radius: 9.0
Published: 4 months ago
Low
GSA_kwCzR0hTQS0zaHJyLXh3dmctaHh2cs4AA5pB
Keycloak DoS via account lockout
Ecosystems: maven
Packages: org.keycloak:keycloak-core
Source: GitHub Advisory Database
Blast Radius: 11.3
Published: 3 months ago
Low
GSA_kwCzR0hTQS14cXc5LWZmeDctZzk5OM4AAbaV
phpMyAdmin cookie-attribute injection
Ecosystems: packagist
Packages: phpmyadmin/phpmyadmin
Source: GitHub Advisory Database
Blast Radius: 4.4
Published: about 2 years ago
Low
GSA_kwCzR0hTQS01Nzg2LTNxamctbXI4OM4AAgY-
Path traversal in Jenkins Mercurial Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:mercurial
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Low
GSA_kwCzR0hTQS05Y2ZoLXZ4OTMtODR2ds4AAzRE
PostgresNIO processes unencrypted bytes from man-in-the-middle
Ecosystems: swift
Packages: github.com/vapor/postgres-nio
Source: GitHub Advisory Database
Blast Radius: 7.9
Published: about 1 year ago
Low
GSA_kwCzR0hTQS12NWd3LW13N2YtODRweM4AAzXu
Starlette has Path Traversal vulnerability in StaticFiles
Ecosystems: pypi
Packages: starlette
Source: GitHub Advisory Database
Blast Radius: 16.6
Published: about 1 year ago
Low
GSA_kwCzR0hTQS1wNGc0LXdncmgtcXJnMs4AAxeb
Panic due to malformed WALs in go.etcd.io/etcd
Ecosystems: go
Packages: go.etcd.io/etcd
Source: GitHub Advisory Database
Blast Radius: 17.0
Published: over 1 year ago
Low
GSA_kwCzR0hTQS1oMjljLXdjbTgtODgzaM0keg
Incorrect Permission Assignment for Critical Resource in OnionShare
Ecosystems: pypi
Packages: onionshare-cli
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Low
GSA_kwCzR0hTQS1ncDN3LTJ2Mm0tcDY4Ns4AA5Bo
Vyper's external calls can overflow return data to return input buffer
Ecosystems: pypi
Packages: vyper
Source: GitHub Advisory Database
Blast Radius: 8.8
Published: 4 months ago
Low
GSA_kwCzR0hTQS1xY2d4LTdwNWYtaHh2cs02gQ
Discoverability of user password hash in Statamic CMS
Ecosystems: packagist
Packages: statamic/cms
Source: GitHub Advisory Database
Blast Radius: 9.6
Published: about 2 years ago
Low
GSA_kwCzR0hTQS0zeGc4LWNjOGYtOXd2Ms4AAv9V
Unsanitized input leading to code injection in Dalli
Ecosystems: rubygems
Packages: dalli
Source: GitHub Advisory Database
Blast Radius: 15.0
Published: over 1 year ago
Low
GSA_kwCzR0hTQS03cW00LXAzNzctZnIycs3ypg
ActiveMQ's OpenWire protocol exposes certain system details as plain text
Ecosystems: maven
Packages: org.apache.activemq:activemq-parent, org.apache.activemq:activemq-openwire-generator
Source: GitHub Advisory Database
Blast Radius: 11.9
Published: about 2 years ago
Low
GSA_kwCzR0hTQS04dmZjLWZjcjItNDdwas4AAgZA
Path traversal in Jenkins REPO Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:git, org.jenkins-ci.plugins:mercurial, org.jenkins-ci.plugins:repo
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Low
GSA_kwCzR0hTQS1tNzMyLXd2aDItN2NxNM4AA6R7
Unauthenticated views may expose information to anonymous users
Ecosystems: pypi
Packages: nautobot
Source: GitHub Advisory Database
Blast Radius: 6.2
Published: about 2 months ago
Low
GSA_kwCzR0hTQS04OTZ2LXBoNXctMzc5aM4AA2Hj
Economizzer Insecure Direct Object Reference vulnerability
Ecosystems: packagist
Packages: gugoan/economizzer
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 8 months ago
Low
GSA_kwCzR0hTQS00OXdtLTRmcDYtaDU5Y84AAu_E
OctoPrint vulnerable to Unrestricted Upload of File with Dangerous Type
Ecosystems: pypi
Packages: OctoPrint
Source: GitHub Advisory Database
Blast Radius: 2.9
Published: over 1 year ago
Low
GSA_kwCzR0hTQS1mOWY5LTRyNjMtNHFjY84AAvda
Non-constant time webhook token comparison in Jenkins GitLab Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:gitlab-plugin
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Low
GSA_kwCzR0hTQS00MjMzLTdxNXEtbTdwNs4AA3Yl
google-translate-api-browser Server-Side Request Forgery (SSRF) Vulnerability
Ecosystems: npm
Packages: google-translate-api-browser
Source: GitHub Advisory Database
Blast Radius: 7.2
Published: 6 months ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTU4YzctcHg1di04Mmho
Potential sensitive information disclosed in error reports
Ecosystems: pypi
Packages: django-registration
Source: GitHub Advisory Database
Blast Radius: 13.6
Published: about 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWgyeDctMmZmNi12MzJw
gobase subject to Incorrect routing of some HTTP requests when using httpauth due to a race condition
Ecosystems: go
Packages: github.com/ntbosscher/gobase
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXA2OTItN21tMy0zZnhn
actionpack is vulnerable to remote bypass authentication
Ecosystems: rubygems
Packages: actionpack
Source: GitHub Advisory Database
Blast Radius: 22.0
Published: over 6 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWd4cGotY3g3Zy04NThj
Regular Expression Denial of Service in debug
Ecosystems: npm
Packages: debug
Source: GitHub Advisory Database
Blast Radius: 22.8
Published: almost 6 years ago
Low
GSA_kwCzR0hTQS04NzlwLThndzQtbWNwd84AA6CK
fgr Vulnerable to Insecure Default Variable Initialization
Ecosystems: pypi
Packages: fgr
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 2 months ago
Low
GSA_kwCzR0hTQS03NXI2LTZqZzgtcGZjcc4AA74i
octo-sts vulnerable to unauthenticated attacker causing unbounded CPU and memory usage
Ecosystems: go
Packages: github.com/octo-sts/app
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 6 days ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTU0bWctdmdycC1td3g5
Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in Ratpack
Ecosystems: maven
Packages: io.ratpack:ratpack-groovy, io.ratpack:ratpack-java, io.ratpack:ratpack-session
Source: GitHub Advisory Database
Blast Radius: 4.4
Published: about 5 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTRmYzQtY2hnNy1oOGdo
Unprotected dynamically loaded chunks
Ecosystems: npm
Packages: webpack-subresource-integrity
Source: GitHub Advisory Database
Blast Radius: 21.5
Published: over 3 years ago
Low
GSA_kwCzR0hTQS12eHJjLTY4eHgteDQ4Z802BQ
Twig Sandbox Information Disclosure
Ecosystems: packagist
Packages: twig/twig
Source: GitHub Advisory Database
Blast Radius: 18.9
Published: about 2 years ago
Low
GSA_kwCzR0hTQS13MmgzLXZ2dnEtM201M84AA0fs
Pipelines do not validate child UIDs
Ecosystems: go
Packages: github.com/tektoncd/pipeline
Source: GitHub Advisory Database
Blast Radius: 11.3
Published: 11 months ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWhqNTYtODRqdy02N2g2
Potential Denial-of-Service in bindata
Ecosystems: rubygems
Packages: bindata
Source: GitHub Advisory Database
Blast Radius: 12.9
Published: almost 3 years ago
Low
GSA_kwCzR0hTQS05cDhyLTR4cDQtZ3c1d84AA5gq
Vyper's `_abi_decode` vulnerable to Memory Overflow
Ecosystems: pypi
Packages: vyper
Source: GitHub Advisory Database
Blast Radius: 8.8
Published: 3 months ago
Low
GSA_kwCzR0hTQS00OGYyLW03amctODY2eM4AArZd
Failed payment recorded has completed in Silverstripe Omnipay
Ecosystems: packagist
Packages: silverstripe/silverstripe-omnipay
Source: GitHub Advisory Database
Blast Radius: 5.2
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS01cjMzLW1namYtNjY1Ns4AA1Vz
Jenkins Tuleap Authentication Plugin non-constant time token comparison
Ecosystems: maven
Packages: io.jenkins.plugins:tuleap-oauth
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 9 months ago
Low
GSA_kwCzR0hTQS01NTJmLTk3d2YtcG1wcc4AA6LG
Umbraco possible user enumeration
Ecosystems: nuget
Packages: UmbracoCMS
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 2 months ago
Low
GSA_kwCzR0hTQS00OHcyLXJtNjUtNjJ4eM0Whw
Puma with proxy which forwards LF characters as line endings could allow HTTP request smuggling
Ecosystems: rubygems
Packages: puma
Source: GitHub Advisory Database
Blast Radius: 20.7
Published: over 2 years ago
Low
GSA_kwCzR0hTQS0zd3hnLXc5NmotOGhxOc4AAzex
CraftCMS stored XSS in Quick Post widget error message
Ecosystems: packagist
Packages: craftcms/cms
Source: GitHub Advisory Database
Blast Radius: 12.7
Published: 12 months ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJ4bXItYzlqbS03bW04
Exposure of Sensitive Information to an Unauthorized Actor in Apache hive
Ecosystems: maven
Packages: org.apache.hive:hive-service, org.apache.hive:hive-exec, org.apache.hive:hive
Source: GitHub Advisory Database
Blast Radius: 12.9
Published: over 5 years ago
Low
GSA_kwCzR0hTQS1qcTZnLTR2NW0td205cs4AA04k
Information Disclosure due to Out-of-scope Site Resolution
Ecosystems: packagist
Packages: typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 13.3
Published: 10 months ago
Low
GSA_kwCzR0hTQS14OXI1LWp4dnEtNDM4N80g-g
jquery.terminal self XSS on user input
Ecosystems: npm
Packages: jquery.terminal
Source: GitHub Advisory Database
Blast Radius: 8.8
Published: over 2 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXFxM2oteHA0OS1qNzNm
Plugin archive directory traversal in Helm
Ecosystems: go
Packages: helm.sh/helm/v3
Source: GitHub Advisory Database
Blast Radius: 13.7
Published: almost 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTNwYzItZm03cC1xMnZn
Cross-site Scripting in October
Ecosystems: packagist
Packages: october/backend
Source: GitHub Advisory Database
Blast Radius: 9.3
Published: almost 4 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZ3cXEtNXZyYy14dzlo
Improper validation of certificate with host mismatch in Apache Log4j SMTP appender
Ecosystems: maven
Packages: org.apache.logging.log4j:log4j-core, org.apache.logging.log4j:log4j
Source: GitHub Advisory Database
Blast Radius: 18.2
Published: almost 4 years ago
Low
GSA_kwCzR0hTQS12eG1tLWN3aDItcTc2Ms4AAzbG
Vyper's nonpayable default functions are sometimes payable
Ecosystems: pypi
Packages: vyper
Source: GitHub Advisory Database
Blast Radius: 8.8
Published: 12 months ago
Low
GSA_kwCzR0hTQS1jdmNjLTV4OTItZ21oY802tg
SaltStack Salt Improper Authentication via Man in the Middle Attack
Ecosystems: pypi
Packages: salt
Source: GitHub Advisory Database
Blast Radius: 9.7
Published: about 2 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXE5Y3AtbWM5Ni1tNHcy
XML External Entity in Dashboard Widget
Ecosystems: packagist
Packages: typo3/cms, typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 13.3
Published: over 3 years ago
Low
GSA_kwCzR0hTQS1wM3Z3LWZ2d3gtcWN2Nc2A-g
Cross-site scripting in Apache Struts
Ecosystems: maven
Packages: struts:struts
Source: GitHub Advisory Database
Blast Radius: 10.1
Published: about 2 years ago
Low
GSA_kwCzR0hTQS0yNHd2LW12NW0teHY0aM4AAyUq
redis-py Race Condition vulnerability
Ecosystems: pypi
Packages: redis
Source: GitHub Advisory Database
Blast Radius: 18.0
Published: about 1 year ago
Low
GSA_kwCzR0hTQS1wMmpoLTk1amctMnc1Nc4AA3Hv
Information Disclosure in typo3/cms-install tool
Ecosystems: packagist
Packages: typo3/cms-install
Source: GitHub Advisory Database
Blast Radius: 9.3
Published: 6 months ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWN4amMtcjJmcC03bXE2
Cross-site Scripting in dijit editor's LinkDialog plugin
Ecosystems: npm
Packages: dijit
Source: GitHub Advisory Database
Blast Radius: 11.2
Published: almost 4 years ago
Low
GSA_kwCzR0hTQS00aHdxLTRjcG0tOHZteM4AA5gr
Vyper's `extract32` can ready dirty memory
Ecosystems: pypi
Packages: vyper
Source: GitHub Advisory Database
Blast Radius: 8.8
Published: 3 months ago
Low
GSA_kwCzR0hTQS1qajdjLWpydjQtYzY1eM4AA1_2
plone.namedfile vulnerable to Stored Cross Site Scripting with SVG images
Ecosystems: pypi
Packages: plone.namedfile
Source: GitHub Advisory Database
Blast Radius: 9.0
Published: 8 months ago
Low
GSA_kwCzR0hTQS1oOWo3LTV4dmMtcWhnNc4AA5fj
langchain Server-Side Request Forgery vulnerability
Ecosystems: pypi
Packages: langchain
Source: GitHub Advisory Database
Blast Radius: 15.8
Published: 3 months ago
Low
GSA_kwCzR0hTQS05djcyLXA1cDMtOXc2Nc4AARb4
Exposure of Sensitive Information to an Unauthorized Actor in Jenkins-mailer-plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:mailer
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Low
GSA_kwCzR0hTQS1yNjU3LTMzdnAtZ3AyMs4AAu9-
parse-server auth adapter app ID validation can be circumvented
Ecosystems: npm
Packages: parse-server
Source: GitHub Advisory Database
Blast Radius: 11.4
Published: over 1 year ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTl2cDUtbTM4dy1qNzc2
Aliases are never checked in helm
Ecosystems: go
Packages: helm.sh/helm, helm.sh/helm/v3
Source: GitHub Advisory Database
Blast Radius: 13.7
Published: almost 3 years ago
Low
GSA_kwCzR0hTQS1tNTRoLTV4NWYtNW02cs4AA0IM
SpiceDB's LookupResources may return partial results
Ecosystems: go
Packages: github.com/authzed/spicedb
Source: GitHub Advisory Database
Blast Radius: 4.6
Published: 11 months ago
Low
GSA_kwCzR0hTQS1mcGo3LTl4bTYtOGhncs0ijQ
Observable Discrepancy and Observable Timing Discrepancy in Jenkins Configuration as Code Plugin
Ecosystems: maven
Packages: io.jenkins:configuration-as-code
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Low
GSA_kwCzR0hTQS1ocTg3LWg0amctdnhmd84AA1-C
Jenkins temporary uploaded file created with insecure permissions
Ecosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 8 months ago
Low
GSA_kwCzR0hTQS1xdjY0LXc5OWMtcWNyOc4AA1-K
Jenkins temporary uploaded file created with insecure permissions
Ecosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 8 months ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTlycGMtNXY5cS01cjdm
Incomplete validation in `SparseReshape`
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 17.5
Published: almost 3 years ago
Low
GSA_kwCzR0hTQS01ODRtLTdyNG0tOGo2ds4AAyCI
Incorrect Authorization in Jenkins Core
Ecosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Low
GSA_kwCzR0hTQS1ydmdtLTM1anctcTYyOM4AAujy
Improper Control of Generation of Code ('Code Injection') in mdx-mermaid
Ecosystems: npm
Packages: mdx-mermaid
Source: GitHub Advisory Database
Blast Radius: 9.7
Published: over 1 year ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW1xNWMtcHJoMy0zZjNo
Invalid validation in `QuantizeAndDequantizeV2`
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 17.5
Published: almost 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJ4Z2oteGhnZi1nZ2p2
Heap buffer overflow in `BandedTriangularSolve`
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 17.5
Published: almost 3 years ago
Low
GSA_kwCzR0hTQS0zajZtLW01djUtOTc4Nc4AAm2e
OpenCart Cross-Site Request Forgery (CSRF)
Ecosystems: packagist
Packages: opencart/opencart
Source: GitHub Advisory Database
Blast Radius: 4.1
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS14NTVwLTY1MjYteG1tcM4AARct
Exposure of Sensitive Information to an Unauthorized Actor in Jenkins
Ecosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Low
GSA_kwCzR0hTQS03Zzk3LTdyM2MtNWNjNs4AA58e
In Quarkus, git credentials could be inadvertently published
Ecosystems: maven
Packages: io.quarkus:quarkus-kubernetes-deployment
Source: GitHub Advisory Database
Blast Radius: 7.3
Published: 2 months ago
Low
GSA_kwCzR0hTQS1oMnBoLXZobTctZzRocM4AAwNV
Traefik may display authorization header in the debug logs
Ecosystems: go
Packages: github.com/traefik/traefik/v2
Source: GitHub Advisory Database
Blast Radius: 6.0
Published: over 1 year ago
Low
GSA_kwCzR0hTQS1qbXFwLTM3bTUtNDl3aM4AA8EQ
sshproxy vulnerable to SSH option injection
Ecosystems: go
Packages: github.com/cea-hpc/sshproxy
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 5 days ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTRyY3EtanYyZi04OThq
Incorrect Provision of Specified Functionality in qutebrowser
Ecosystems: pypi
Packages: qutebrowser
Source: GitHub Advisory Database
Blast Radius: 4.6
Published: about 4 years ago
Low
GSA_kwCzR0hTQS1jN2hoLTN2NmMtZmo0cc4AA1De
matrix-appservice-irc events can be crafted to leak parts of targeted messages from other bridged rooms
Ecosystems: npm
Packages: matrix-appservice-irc
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 10 months ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTNyOGotcG1jaC01ajJo
Internal exception message exposure for login action in Sylius
Ecosystems: packagist
Packages: sylius/sylius
Source: GitHub Advisory Database
Blast Radius: 10.1
Published: over 4 years ago
Low
GSA_kwCzR0hTQS1yam12LTUybXAtZ2pycs4AA480
vantage6 may create unencrypted tasks in encrypted collaboration
Ecosystems: pypi
Packages: vantage6
Source: GitHub Advisory Database
Blast Radius: 3.3
Published: 4 months ago
Low
GSA_kwCzR0hTQS12ZjVtLXhyaG0tdjk5Oc4AA4AF
Nautobot missing object-level permissions enforcement when running Job Buttons
Ecosystems: pypi
Packages: nautobot
Source: GitHub Advisory Database
Blast Radius: 5.9
Published: 5 months ago
Low
GSA_kwCzR0hTQS14NjdnLTQ3cDMtcmM3Zs4AAzg9
MindSpore vulnerable to memory corruption
Ecosystems: pypi
Packages: mindspore
Source: GitHub Advisory Database
Blast Radius: 5.5
Published: 12 months ago
Low
GSA_kwCzR0hTQS1ocGgzLWh2M2MtNzcyNc4AAw3b
Any Flarum user including unactivated can reply in public discussions whose first post was permanently deleted
Ecosystems: packagist
Packages: flarum/core
Source: GitHub Advisory Database
Blast Radius: 10.9
Published: over 1 year ago
Low
GSA_kwCzR0hTQS14and4LTc4eDctcTZqY84AA8EH
TYPO3 vulnerable to an HTML Injection in the History Module
Ecosystems: packagist
Packages: typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 12.6
Published: 5 days ago
Low
GSA_kwCzR0hTQS1yMzJnLXc5Y3YtOWZnY84AA6g_
RosarioSIS cross site scripting vulnerability
Ecosystems: packagist
Packages: francoisjacquet/rosariosis
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 months ago
Low
GSA_kwCzR0hTQS1ycWdwLWNjcGgtNXc2Nc0WwA
Cross-Site Request Forgery in firefly-iii
Ecosystems: packagist
Packages: grumpydictator/firefly-iii
Source: GitHub Advisory Database
Blast Radius: 2.4
Published: over 2 years ago
Statistics
Advisories: 18,774
Packages: 8,381
Repositories: 451
Ecosystems: 12
Filter by Severity
Moderate 8,161 High 6,452 Critical 2,849 Low 1,017
Filter by Ecosystem
pypi 458 maven 282 packagist 181 npm 129 go 125 rubygems 48 cargo 40 nuget 19 hex 3 pub 1 swift 1 actions 1
Filter by Package
tensorflow 109 tensorflow-gpu 93 tensorflow-cpu 93 moodle/moodle 17 concrete5/concrete5 13 shopware/platform 12 typo3/cms 11 github.com/mattermost/mattermost/server/v8 10 phpmyadmin/phpmyadmin 10 shopware/core 10 nova 9 org.apache.tomcat:tomcat 9 org.jenkins-ci.main:jenkins-core 9 matrix-synapse 7 vyper 7 Umbraco.CMS 6 puppet 6 undici 5 k8s.io/kubernetes 5 wasmtime 5 sweetalert2 5 rack 5 helm.sh/helm/v3 5 typo3/cms-core 5 october/backend 5 baserproject/basercms 5 ansible 5 shopware/shopware 4 github.com/cilium/cilium 4 helm.sh/helm 4 electron 4 org.keycloak:keycloak-services 4 simplesamlphp/simplesamlphp 4 magento/community-edition 4 github.com/mattermost/mattermost-server/v6 4 com.vaadin:flow-server 4 actionpack 4 github.com/cosmos/cosmos-sdk 3 bin-links 3 go.etcd.io/etcd 3 nautobot 3 ethyca-fides 3 plone 3 org.graylog2:graylog2-server 3 @openzeppelin/contracts-upgradeable 3 wagtail 3 org.apache.hive:hive-exec 3 com.vaadin:vaadin-bom 3 org.apache.hive:hive-service 3 ckb 3 org.apache.hive:hive 3 node-forge 3 glance 3 passenger 3 cryptography 3 httplib2 3 sylius/sylius 3 symfony/symfony 3 github.com/mattermost/mattermost-server 3 craftcms/cms 2 silverstripe/framework 2 Flask-Security-Too 2 winter/wn-backend-module 2 org.apache.activemq:activemq-parent 2 braces 2 django 2 github.com/opencontainers/runc 2 github.com/authzed/spicedb 2 org.jenkins-ci.plugins:azure-ad 2 next-auth 2 org.jenkins-ci.plugins:bigpanda-jenkins 2 github.com/cometbft/cometbft 2 org.jenkins-ci.plugins:wso2id-oauth 2 activesupport 2 org.jenkins-ci.plugins:artifactory 2 github.com/mattermost/mattermost-plugin-jira 2 horizon 2 vantage6 2 s2n-quic 2 cargo 2 org.jenkins-ci.plugins:mercurial 2 org.jenkins-ci.plugins:repository-connector 2 Zope 2 go.etcd.io/etcd/client/v3 2 github.com/mutagen-io/mutagen 2 typo3/cms-install 2 aiohttp 2 grumpydictator/firefly-iii 2 moin 2 github.com/answerdev/answer 2 com.inedo.proget:inedo-proget 2 github.com/sigstore/cosign 2 org.jenkins-ci.plugins:ec2 2 github.com/containerd/containerd 2 Pillow 2 Django 2 node-ipc 2 salt 2 ceph-deploy 2 @apollo/server 2 tools.devnull:build-notifications 2 @openzeppelin/contracts 2 OctoPrint 2 flarum/core 2 parse-server 2 com.ruoyi:ruoyi 2 github.com/ntbosscher/gobase 2 langchain 2 Nova 2 github.com/hashicorp/nomad 2 gilacms/gila 2 october/cms 2 Flask-AppBuilder 2 ezsystems/ezplatform-kernel 2 keystone 2 ezsystems/ezpublish-kernel 2 microweber/microweber 2 typo3/cms-frontend 2 org.xwiki.platform:xwiki-platform-oldcore 2 pip 2 tuf 2 org.bouncycastle:bcprov-jdk14 2 symfony/security-http 2 org.eclipse.jetty:jetty-server 2 kafo 1 go.elastic.co/apm 1 Werkzeug 1 mindspore 1 github.com/nats-io/nats-server/v2 1 wiremock 1 com.github.tomakehurst:wiremock-jre8-standalone 1 com.github.tomakehurst:wiremock-jre8 1 org.wiremock:wiremock 1 org.wiremock:wiremock-standalone 1 django-basic-auth-ip-whitelist 1 qutebrowser 1 rabbit_common 1 automad/automad 1 github.com/Masterminds/goutils 1 @liquity/contracts 1 org.bouncycastle:bcprov-jdk18on 1 org.scala-sbt:io_3 1 org.scala-sbt:io_2.13 1 org.bouncycastle:bcprov-jdk15to18 1 org.scala-sbt:io_2.12 1 org.bouncycastle:bcprov-jdk13 1 org.scala-sbt:sbt 1 org.bouncycastle:bcprov-jdk12 1 io.jenkins.plugins:gitlab-branch-source 1 org.springframework.batch:spring-batch-core 1 org.jenkins-ci.plugins:ghprb 1 com.xuxueli:xxl-job-core 1 org.keycloak:keycloak-core 1 org.jenkins-ci.plugins:openshift-deployer 1 @diez/generation 1 virtualenv 1 com.typesafe.play:play 1 nokogiri 1 ember-source 1 github.com/oauth2-proxy/oauth2-proxy 1 @aedart/support 1 streamlit 1 github.com/oauth2-proxy/oauth2-proxy/v7 1 org.jenkins-ci.plugins:reverse-proxy-auth-plugin 1 thelounge 1 org.xmlunit:xmlunit-core 1 org.keycloak:keycloak-parent 1 merge-objects 1 bigint-money 1 put 1 firebase-tools 1 debug 1 solidus_backend 1 phpmyfaq/phpmyfaq 1 apostrophe 1 admidio/admidio 1 org.eclipse.jetty:jetty-openid 1 spina 1 org.keycloak:keycloak-server-spi-private 1 datasette-graphql 1 plone.restapi 1 github.com/flyteorg/flyteadmin 1 markdown-link-extractor 1 type-graphql 1 github.com/containers/podman/v4 1 xmpp-http-upload 1 tqdm 1 github.com/slsa-framework/slsa-verifier/v2 1 personnummer 1 github.com/slsa-framework/slsa-verifier 1 org.jenkins-ci.plugins:telegrambot 1 vodozemac 1 flarum/framework 1 net.sf.mpxj:mpxj 1 net.sf.mpxj 1 net.sf.mpxj-for-csharp 1 hyper 1 org.xwiki.platform:xwiki-platform-security-authentication-script 1 net.sf.mpxj-for-vb 1 mpxj 1
Filter by Repository
https://github.com/tensorflow/tensorflow 109 https://github.com/moodle/moodle 17 https://github.com/concretecms/concretecms 13 https://github.com/shopware/platform 12 https://github.com/openstack/nova 11 https://github.com/etcd-io/etcd 8 https://github.com/umbraco/Umbraco-CMS 7 https://github.com/matrix-org/synapse 7 https://github.com/phpmyadmin/phpmyadmin 7 https://github.com/eclipse/jetty.project 7 https://github.com/vyperlang/vyper 7 https://github.com/octobercms/october 7 https://github.com/rails/rails 6 https://github.com/sweetalert2/sweetalert2 5 https://github.com/nodejs/undici 5 https://github.com/rack/rack 5 https://github.com/ansible/ansible 5 https://github.com/helm/helm 5 https://github.com/kubernetes/kubernetes 5 https://github.com/keycloak/keycloak 5 https://github.com/bytecodealliance/wasmtime 5 https://github.com/baserproject/basercms 5 https://github.com/TYPO3/typo3 5 https://github.com/xwiki/xwiki-platform 5 https://github.com/puppetlabs/puppet 5 https://github.com/jenkinsci/jenkins 5 https://github.com/simplesamlphp/simplesamlphp 4 https://github.com/apache/tomcat 4 https://github.com/cilium/cilium 4 https://github.com/wintercms/winter 4 https://github.com/electron/electron 4 https://github.com/shopware/shopware 4 https://github.com/mattermost/mattermost 4 https://github.com/vaadin/platform 4 https://github.com/wagtail/wagtail 3 https://github.com/nautobot/nautobot 3 https://github.com/Graylog2/graylog2-server 3 https://github.com/django/django 3 https://github.com/digitalbazaar/forge 3 https://github.com/phusion/passenger 3 https://github.com/vaadin/flow 3 https://github.com/vantage6/vantage6 3 https://github.com/symfony/symfony 3 https://github.com/httplib2/httplib2 3 https://github.com/nervosnetwork/ckb 3 https://github.com/cosmos/cosmos-sdk 3 https://github.com/pyca/cryptography 3 https://github.com/ethyca/fides 3 https://github.com/Sylius/Sylius 3 https://github.com/CVEProject/cvelist 3 https://github.com/openstack/keystone 3 https://github.com/answerdev/answer 2 https://github.com/saltstack/salt 2 https://github.com/openstack/glance 2 https://github.com/aio-libs/aiohttp 2 https://github.com/aws/s2n-quic 2 https://github.com/ezsystems/ezplatform-kernel 2 https://github.com/ntbosscher/gobase 2 https://github.com/microweber/microweber 2 https://github.com/zopefoundation/Zope 2 https://github.com/quarkusio/quarkus 2 https://github.com/cometbft/cometbft 2 https://github.com/containerd/containerd 2 https://github.com/RIAEvangelist/node-ipc 2 https://github.com/Flask-Middleware/flask-security 2 https://github.com/TYPO3/TYPO3.CMS 2 https://github.com/bcgit/bc-java 2 https://github.com/hashicorp/nomad 2 https://github.com/OpenZeppelin/openzeppelin-contracts 2 https://github.com/nats-io/nats-server 2 https://github.com/jenkinsci/ec2-plugin 2 https://github.com/nextauthjs/next-auth 2 https://github.com/ceph/ceph-deploy 2 https://github.com/apollographql/apollo-server 2 https://github.com/apache/activemq 2 https://gitlab.com/sequoia-pgp/sequoia 2 https://github.com/GilaCMS/gila 2 https://github.com/opencontainers/runc 2 https://github.com/mutagen-io/mutagen 2 https://github.com/theupdateframework/python-tuf 2 https://github.com/parse-community/parse-server 2 https://github.com/openstack/horizon 2 https://github.com/octoprint/octoprint 2 https://github.com/dpgaspar/Flask-AppBuilder 2 https://github.com/opencontainers/distribution-spec 2 https://github.com/firefly-iii/firefly-iii 2 https://github.com/pypa/pip 2 https://github.com/sigstore/cosign 2 https://github.com/flarum/framework 2 https://github.com/rust-lang/cargo 2 https://github.com/authzed/spicedb 2 https://github.com/mattermost/mattermost-plugin-jira 2 https://github.com/micromatch/braces 2 https://github.com/craftcms/cms 2 https://github.com/tinymce/tinymce 1 https://github.com/ezsystems/ezpublish-kernel 1 https://github.com/NVIDIA/NeMo 1 https://github.com/vapor/postgres-nio 1 https://github.com/vega/vega 1 https://github.com/jquery-validation/jquery-validation 1 https://github.com/keylime/keylime 1 https://github.com/Azure/setup-kubectl 1 https://github.com/spinacms/spina 1 https://github.com/decidim/decidim 1 https://github.com/swagger-api/swagger-codegen 1 https://github.com/knative-extensions/eventing-github 1 https://github.com/simplegeo/python-oauth2 1 https://github.com/personnummer/csharp 1 https://github.com/Consensys/gnark-crypto 1 https://github.com/http4s/http4s 1 https://github.com/admidio/admidio 1 https://github.com/httpie/httpie 1 https://github.com/waysact/webpack-subresource-integrity 1 https://github.com/keystonejs/keystone 1 https://github.com/spring-projects/spring-data-rest 1 https://github.com/Twipped/ircdkit 1 https://github.com/directus/directus 1 https://github.com/cloudfoundry/uaa 1 https://github.com/plone/Products.CMFPlone 1 https://github.com/jenkinsci/mercurial-plugin 1 https://github.com/canonical/lxd 1 https://github.com/yiisoft/yii2-authclient 1 https://github.com/skylot/jadx 1 https://github.com/Masterminds/goutils 1 https://github.com/google/zerocopy 1 https://github.com/dojo/dijit 1 https://github.com/jeremylong/DependencyCheck 1 https://github.com/tauri-apps/tauri 1 https://github.com/node-red/node-red 1 https://github.com/ubernostrum/django-registration 1 https://github.com/rails/globalid 1 https://github.com/moq/moq 1 https://github.com/personnummer/php 1 https://github.com/openjdk/jfx 1 https://github.com/livehelperchat/livehelperchat 1 https://github.com/CosmWasm/cosmwasm 1 https://github.com/endojs/endo 1 https://github.com/cjvnjde/google-translate-api-browser 1 https://github.com/puma/puma 1 https://github.com/floriangaerber/Magnesium-PHP 1 https://github.com/zowe/imperative 1 https://github.com/derbyjs/derby 1 https://github.com/jenkinsci/digitalocean-plugin 1 https://github.com/croogo/croogo 1 https://github.com/theupdateframework/go-tuf 1 https://github.com/thelounge/thelounge 1 https://github.com/Cyber-Domain-Ontology/CDO-Utility-Local-UUID 1 https://github.com/joeferner/redis-commander 1 https://github.com/fastify/fastify-http-proxy 1 https://github.com/brefphp/bref 1 https://github.com/electron-userland/electron-packager 1 https://github.com/ktorio/ktor 1 https://github.com/PrestaShop/productcomments 1 https://github.com/mlflow/mlflow 1 https://github.com/kopia/kopia 1 https://github.com/jenkinsci/qmetry-for-jira-test-management-plugin 1 https://github.com/fluent/fluentd 1 https://github.com/python-imaging/Pillow 1 https://github.com/jenkinsci/email-ext-plugin 1 https://github.com/jcubic/jquery.terminal 1 https://github.com/medikoo/es5-ext 1 https://github.com/lexik/LexikJWTAuthenticationBundle 1 https://github.com/kitabisa/teler 1 https://github.com/jenkinsci/inedo-buildmaster-plugin 1 https://github.com/onionshare/onionshare 1 https://github.com/sparklemotion/sqlite3-ruby 1 https://github.com/memorysafety/sudo-rs 1 https://github.com/ericcornelissen/shescape 1 https://github.com/alphagov/tech-docs-gem 1 https://github.com/tailscale/tailscale 1 https://github.com/Nebulosus/shamir 1 https://github.com/ajenti/ajenti 1 https://github.com/xuxueli/xxl-job 1 https://github.com/yourls/yourls 1 https://github.com/bbatsov/rubocop 1 https://github.com/dan1hc/fgr 1 https://github.com/jenkinsci/github-plugin 1 https://github.com/kiwitcms/Kiwi 1 https://github.com/gradle/gradle 1 https://gitlab.com/edneville/please 1 https://github.com/xmlunit/xmlunit 1 https://github.com/octokit/octopoller.rb 1 https://github.com/disintegration/imaging 1 https://github.com/node-js-libs/cli 1 https://github.com/Brondahl/EnumStringValues 1 https://github.com/foxcpp/maddy 1 https://github.com/jenkinsci/git-client-plugin 1 https://github.com/personnummer/go 1 https://github.com/amundsen-io/amundsenfrontendlibrary 1 https://github.com/elastic/apm-agent-go 1 https://github.com/rust-vmm/linux-loader 1 https://github.com/jenkinsci/resource-disposer-plugin 1 https://github.com/zopefoundation/Products.GenericSetup 1 https://github.com/npm/npm 1 https://github.com/triaxtec/openapi-python-client 1 https://github.com/arguiot/EyeJS 1 https://github.com/dub-flow/vulnerability-research 1 https://github.com/jenkinsci/gitlab-plugin 1 https://github.com/impredicative/bitlyshortener 1