Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Low Security Advisories

Loading...
Low
GSA_kwCzR0hTQS14NjdnLTQ3cDMtcmM3Zs4AAzg9
MindSpore vulnerable to memory corruption
Ecosystems: pypi
Packages: mindspore
Source: GitHub Advisory Database
Blast Radius: 5.5
Published: 12 months ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXc0cGotN3A2OC0zdmd2
Stored XSS in October
Ecosystems: packagist
Packages: october/backend
Source: GitHub Advisory Database
Blast Radius: 8.8
Published: almost 4 years ago
Low
GSA_kwCzR0hTQS05OHB4LTY0ODYtajdxY84AAzr1
Synapse has URL deny list bypass via oEmbed and image URLs when generating previews
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 5.0
Published: 12 months ago
Low
GSA_kwCzR0hTQS1jN2hoLTN2NmMtZmo0cc4AA1De
matrix-appservice-irc events can be crafted to leak parts of targeted messages from other bridged rooms
Ecosystems: npm
Packages: matrix-appservice-irc
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 10 months ago
Low
GSA_kwCzR0hTQS1ycWdwLWNjcGgtNXc2Nc0WwA
Cross-Site Request Forgery in firefly-iii
Ecosystems: packagist
Packages: grumpydictator/firefly-iii
Source: GitHub Advisory Database
Blast Radius: 2.4
Published: over 2 years ago
Low
GSA_kwCzR0hTQS1yMzJnLXc5Y3YtOWZnY84AA6g_
RosarioSIS cross site scripting vulnerability
Ecosystems: packagist
Packages: francoisjacquet/rosariosis
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 months ago
Low
GSA_kwCzR0hTQS1oMnBoLXZobTctZzRocM4AAwNV
Traefik may display authorization header in the debug logs
Ecosystems: go
Packages: github.com/traefik/traefik/v2
Source: GitHub Advisory Database
Blast Radius: 6.0
Published: over 1 year ago
Low
GSA_kwCzR0hTQS1ocGgzLWh2M2MtNzcyNc4AAw3b
Any Flarum user including unactivated can reply in public discussions whose first post was permanently deleted
Ecosystems: packagist
Packages: flarum/core
Source: GitHub Advisory Database
Blast Radius: 10.9
Published: over 1 year ago
Low
GSA_kwCzR0hTQS1wd2g4LTU4dnYtdnc0OM4AA15T
Jetty's OpenId Revoked authentication allows one request
Ecosystems: maven
Packages: org.eclipse.jetty:jetty-openid
Source: GitHub Advisory Database
Blast Radius: 5.4
Published: 8 months ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTNyOGotcG1jaC01ajJo
Internal exception message exposure for login action in Sylius
Ecosystems: packagist
Packages: sylius/sylius
Source: GitHub Advisory Database
Blast Radius: 10.1
Published: over 4 years ago
Low
GSA_kwCzR0hTQS0zNmZyLTN3ZzgtcTV2OM4AA3O6
Concrete CMS Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: concrete5/concrete5
Source: GitHub Advisory Database
Blast Radius: 3.0
Published: 6 months ago
Low
GSA_kwCzR0hTQS1yODQ3LTZ3NmgtcjhnNM4AA2vp
Flyte Admin SQL Injection in List Filters
Ecosystems: go
Packages: github.com/flyteorg/flyteadmin
Source: GitHub Advisory Database
Blast Radius: 2.4
Published: 7 months ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWh3djUtdzhnbS1mcTlm
Directory Traversal vulnerability in GET/PUT allows attackers to Disclose Information or Write Files via a crafted GET/PUT request
Ecosystems: pypi
Packages: xmpp-http-upload
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Low
GSA_kwCzR0hTQS1neDdnLXdqeGctand3as04GQ
Cross-Site Request Forgery in YOURLS
Ecosystems: packagist
Packages: yourls/yourls
Source: GitHub Advisory Database
Blast Radius: 2.4
Published: about 2 years ago
Low
GSA_kwCzR0hTQS0zZ2g2LXY1djktNnY5as4AA13n
Jetty vulnerable to errant command quoting in CGI Servlet
Ecosystems: maven
Packages: org.eclipse.jetty.ee8:jetty-ee8-servlets, org.eclipse.jetty.ee9:jetty-ee9-servlets, org.eclipse.jetty.ee10:jetty-ee10-servlets, org.eclipse.jetty:jetty-servlets
Source: GitHub Advisory Database
Blast Radius: 13.7
Published: 8 months ago
Low
GSA_kwCzR0hTQS12bXhnLXd4NmMtNGYzcs4AA0CZ
Admidio Improper Access Control vulnerability
Ecosystems: packagist
Packages: admidio/admidio
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 11 months ago
Low
GSA_kwCzR0hTQS00NzRmLW1janYtcGdybc4AAzA4
Concrete CMS (previously concrete5) is vulnerable to stored XSS in uploaded file and folder names
Ecosystems: packagist
Packages: concrete5/concrete5
Source: GitHub Advisory Database
Blast Radius: 3.0
Published: about 1 year ago
Low
GSA_kwCzR0hTQS05N3doLTZobWotZzhqOc4AA0GL
Spina Cross-site Scripting vulnerability
Ecosystems: rubygems
Packages: spina
Source: GitHub Advisory Database
Blast Radius: 6.3
Published: 11 months ago
Low
GSA_kwCzR0hTQS02Z2ptLTZ3ajYtNHB4Nc4AAt2Y
Byobu user preference to prevent private discussions being started are not respected
Ecosystems: packagist
Packages: fof/byobu
Source: GitHub Advisory Database
Blast Radius: 3.6
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS00eHI0LTg5bTUtNDZjN84AAy4z
eslint-detailed-reporter vulnerable to cross-site scripting
Ecosystems: npm
Packages: eslint-detailed-reporter
Source: GitHub Advisory Database
Blast Radius: 7.0
Published: about 1 year ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW02Y3AtdnhqeC02NWo2
SessionListener can prevent a session from being invalidated breaking logout
Ecosystems: maven
Packages: org.eclipse.jetty:jetty-server
Source: GitHub Advisory Database
Blast Radius: 15.9
Published: almost 3 years ago
Low
GSA_kwCzR0hTQS1jdzdwLXE3OWYtbTJ2N80W6Q
incomplete JupyterHub logout with simultaneous JupyterLab sessions
Ecosystems: pypi
Packages: jupyterhub
Source: GitHub Advisory Database
Blast Radius: 10.2
Published: over 2 years ago
Low
GSA_kwCzR0hTQS1wNTIzLWpycGgtcWpjNs0hAA
Insufficient Session Expiration in shopware
Ecosystems: packagist
Packages: shopware/shopware
Source: GitHub Advisory Database
Blast Radius: 5.8
Published: over 2 years ago
Low
GSA_kwCzR0hTQS00ZnA2LTU3NHAtZmMzNc4AA5L6
Mattermost Jira Plugin vulnerable to Cross-Site Request Forgery
Ecosystems: go
Packages: github.com/mattermost/mattermost-plugin-jira
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
Low
GSA_kwCzR0hTQS05cjI2LTV3ODgtcWhwOc4AA5X0
Authorization Bypass in moodle
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 5.0
Published: 3 months ago
Low
GSA_kwCzR0hTQS1jaDQ4LTlyM3EtcHY3eM4AAz_0
Vaadin vulnerable to possible information disclosure of class and method names in RPC response
Ecosystems: maven
Packages: com.vaadin:vaadin, com.vaadin:flow-server
Source: GitHub Advisory Database
Blast Radius: 11.4
Published: 11 months ago
Low
GSA_kwCzR0hTQS1tM2Y0LTk1N3gtbTc4Nc4AA5OZ
lambda-middleware Inefficient Regular Expression Complexity vulnerability
Ecosystems: npm
Packages: @lambda-middleware/json-deserializer
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 months ago
Low
GSA_kwCzR0hTQS14cXhtLTJycG0tMzg4Oc0kJQ
Comment reply notifications sent to incorrect users
Ecosystems: pypi
Packages: wagtail
Source: GitHub Advisory Database
Blast Radius: 11.5
Published: over 2 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXg3ZzItd3JycC1yNmgz
Use of a Broken or Risky Cryptographic Algorithm
Ecosystems: packagist
Packages: mautic/core
Source: GitHub Advisory Database
Blast Radius: 1.7
Published: over 2 years ago
Low
GSA_kwCzR0hTQS1yeHZqLTVtdjYtajVtY84AA070
Cross-site Scripting in Mingsoft MCMS
Ecosystems: maven
Packages: net.mingsoft:ms-mcms
Source: GitHub Advisory Database
Blast Radius: 1.1
Published: 10 months ago
Low
GSA_kwCzR0hTQS1nM2hoLXE1NWYtOWczd84AAzvf
RuoYi Uncontrolled Resource Consumption vulnerability
Ecosystems: maven
Packages: com.ruoyi:ruoyi
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 12 months ago
Low
GSA_kwCzR0hTQS1mNWg0LXdtcDUteGhnNs4AA0KF
Client Spoofing within the Keycloak Device Authorisation Grant
Ecosystems: maven
Packages: org.keycloak:keycloak-server-spi-private, org.keycloak:keycloak-services
Source: GitHub Advisory Database
Blast Radius: 9.7
Published: 11 months ago
Low
GSA_kwCzR0hTQS1xbXF3LXI0eDYtM3cycc4AAzLF
Answer Missing Authorization vulnerability
Ecosystems: go
Packages: github.com/answerdev/answer
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
Low
GSA_kwCzR0hTQS14NTVwLTY1MjYteG1tcM4AARct
Exposure of Sensitive Information to an Unauthorized Actor in Jenkins
Ecosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Low
GSA_kwCzR0hTQS1yam12LTUybXAtZ2pycs4AA480
vantage6 may create unencrypted tasks in encrypted collaboration
Ecosystems: pypi
Packages: vantage6
Source: GitHub Advisory Database
Blast Radius: 3.3
Published: 4 months ago
Low
GSA_kwCzR0hTQS05cGY3LWY0N3EtbXdwcc4AAiwc
Cross-site Scripting in RabbitMQ
Ecosystems: hex
Packages: rabbit_common
Source: GitHub Advisory Database
Blast Radius: 8.6
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS0yNG01LXI2aHYtY2NncM4AA2C5
Specific Cilium configurations vulnerable to DoS via Kubernetes annotations
Ecosystems: go
Packages: github.com/cilium/cilium
Source: GitHub Advisory Database
Blast Radius: 7.0
Published: 8 months ago
Low
GSA_kwCzR0hTQS0zN3E1LXY1cW0tYzl2OM4AA649
Transformers Deserialization of Untrusted Data vulnerability
Ecosystems: pypi
Packages: transformers
Source: GitHub Advisory Database
Blast Radius: 15.3
Published: about 1 month ago
Low
GSA_kwCzR0hTQS1xcjhmLWNqdzctODM4bc4AA5L-
Mattermost Jira Plugin does not properly check security levels
Ecosystems: go
Packages: github.com/mattermost/mattermost-plugin-jira
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
Low
GSA_kwCzR0hTQS14eDlwLXh4dmgtN2c4as4AA3Hw
Aiohttp has inconsistent interpretation of `Content-Length` vs. `Transfer-Encoding` differing in C and Python fallbacks
Ecosystems: pypi
Packages: aiohttp
Source: GitHub Advisory Database
Blast Radius: 16.4
Published: 6 months ago
Low
GSA_kwCzR0hTQS05amZ4LTg0djktMnJyMs4AA0z2
Nomad Caller ACL Token’s Secret ID is Exposed to Sentinel
Ecosystems: go
Packages: github.com/hashicorp/nomad
Source: GitHub Advisory Database
Blast Radius: 7.9
Published: 10 months ago
Low
GSA_kwCzR0hTQS0zcDIyLWdocTgtdjc0Oc01Ew
Renderers can obtain access to random bluetooth device without permission in Electron
Ecosystems: npm
Packages: electron
Source: GitHub Advisory Database
Blast Radius: 16.9
Published: about 2 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTk3MjItcnI2OC1yZnBn
Upload whitelisted files to any directory in OctoberCMS
Ecosystems: packagist
Packages: october/cms
Source: GitHub Advisory Database
Blast Radius: 8.5
Published: almost 4 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW01NHItdnJtdi1odzMz
Improper Sanitizing of plugin names in helm
Ecosystems: go
Packages: helm.sh/helm, helm.sh/helm/v3
Source: GitHub Advisory Database
Blast Radius: 12.6
Published: almost 3 years ago
Low
GSA_kwCzR0hTQS1yN3dyLTR3NXEtNTVtNs4AAz51
Cilium vulnerable to information leakage via incorrect ReferenceGrant handling
Ecosystems: go
Packages: github.com/cilium/cilium
Source: GitHub Advisory Database
Blast Radius: 6.8
Published: 11 months ago
Low
GSA_kwCzR0hTQS02OHA0LTk1eGYtN2d4OM4AA08P
Denial of service from large image
Ecosystems: go
Packages: github.com/crossplane/crossplane
Source: GitHub Advisory Database
Blast Radius: 4.7
Published: 10 months ago
Low
GSA_kwCzR0hTQS1wNnJwLW14ODUtbTQ1Oc4AA49f
Spring Cloud Contract vulnerable to local information disclosure
Ecosystems: maven
Packages: org.springframework.cloud:spring-cloud-contract-shade
Source: GitHub Advisory Database
Blast Radius: 3.8
Published: 4 months ago
Low
GSA_kwCzR0hTQS1jZzRoLWNmanAtaDN4Ms4AAmgS
Password stored in plain text by Jenkins VMware Lab Manager Slaves Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:labmanager
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS12d2Z2LXFwdzgtODNjN84AAmK3
Access token stored in plain text by Jenkins SMS Notification Plugin
Ecosystems: maven
Packages: com.hoiio.jenkins:sms
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS0yeDdyLTkzd3ctY3hycc4AA4Je
Winter CMS Local File Inclusion through Server Side Template Injection
Ecosystems: packagist
Packages: winter/wn-backend-module
Source: GitHub Advisory Database
Blast Radius: 4.5
Published: 5 months ago
Low
GSA_kwCzR0hTQS1mYzNqLWNmcXYtcGZybc4AAlOp
Password stored in plain text by Jenkins HP ALM Quality Center Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:hp-quality-center
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS1ndm1yLW1wNXEtOXd2d84AAtDz
Plaintext Storage of a Password in Jenkins Skype notifier Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:skype-notifier
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXE0aG0tZndjOS1obXY2
Insecure temporary file used in com.squareup:connect
Ecosystems: maven
Packages: com.squareup:connect
Source: GitHub Advisory Database
Blast Radius: 3.0
Published: almost 3 years ago
Low
GSA_kwCzR0hTQS1qcmpyLTdyZjQtM3dxaM4AAmKu
Password stored in plain text by Jenkins couchdb-statistics Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:couchdb-statistics
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS12NzI1LWM1ODgtaDkzNs4AAty1
OpenStack Nova Changing vnic_type breaks compute service restart
Ecosystems: pypi
Packages: nova
Source: GitHub Advisory Database
Blast Radius: 5.3
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS12NWY2LWhqbWYtOW1jNc4AA3lG
PyDrive2's unsafe YAML deserialization in LoadSettingsFile allows arbitrary code execution
Ecosystems: pypi
Packages: PyDrive2
Source: GitHub Advisory Database
Blast Radius: 6.8
Published: 6 months ago
Low
GSA_kwCzR0hTQS04NHA0LTdteGMtN3Boas37CA
Jenkins Amazon SNS Build Notifier Plugin stores credentials in plain text
Ecosystems: maven
Packages: org.jenkins-ci.plugins:snsnotify
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWpqY3gtOTk5bS0zNWhj
Improper Input Validation in Firefly III
Ecosystems: packagist
Packages: grumpydictator/firefly-iii
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: over 2 years ago
Low
GSA_kwCzR0hTQS1qNzVyLXZmNjQtNnJyaM4AAxzY
RestEasy Reactive implementation of Quarkus allows Creation of Temporary File With Insecure Permissions
Ecosystems: maven
Packages: io.quarkus.resteasy.reactive:resteasy-reactive-common
Source: GitHub Advisory Database
Blast Radius: 6.8
Published: about 1 year ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXg3amgtNTk1cS13cTgy
Incorrect Permission Assignment for Critical Resource in Ansible
Ecosystems: pypi
Packages: ansible
Source: GitHub Advisory Database
Blast Radius: 13.8
Published: over 2 years ago
Low
GSA_kwCzR0hTQS14MmN4LWg3dzQtcTZ4N84AAgmC
Jenkins Twitter Plugin stores credentials in plain text
Ecosystems: maven
Packages: org.jenkins-ci.plugins:twitter
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS1tNTlxLXZncTktNzVjcs4AAtD2
Password stored in plain text by Jenkins RQM Plugin
Ecosystems: maven
Packages: net.praqma:rqm-plugin
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS1yZmM4LXdycmYtd3Azd84AAgeE
Jenkins Azure PublisherSettings Credentials Plugin stored credentials in plain text
Ecosystems: maven
Packages: org.jenkins-ci.plugins:azure-publishersettings-credentials
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS1xaDg3LTJxdmgtNWpmOM4AAuZa
RabbitMQ password stored in plain text by Jenkins CollabNet Plugins Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:collabnet
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Low
GSA_kwCzR0hTQS1xY2ZyLTY1aGYtZjk4eM4AAhn4
Jenkins TestLink Plugin stores credentials in plain text
Ecosystems: maven
Packages: org.jenkins-ci.plugins:testlink
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS01NmhjLXdmNDktMmg5Ns4AAtDx
Plaintext Storage of a Password in Jenkins Deployment Dashboard Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:ec2-deployment-dashboard
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS0yMmptLTRoeHctMzVqZs4AAjo7
OpenStack Nova can leak consoleauth token into log files
Ecosystems: pypi
Packages: Nova
Source: GitHub Advisory Database
Blast Radius: 5.3
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS1oNWczLXY3MngtaGM2Zs4AAtEE
Plaintext Storage of a Password in Jenkins Jigomerge Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:jigomerge
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS1jYzdqLXh4N3EtZnIzNM33Tw
Jenkins Jabber Server Plugin stores credentials in plain text
Ecosystems: maven
Packages: de.e-nexus:jabber-server-plugin
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Low
GSA_kwCzR0hTQS1xOWhtLWhyODktaGdtN84AAyuh
Jenkins WSO2 Oauth Plugin does not mask the WSO2 Oauth client secret on the global configuration form
Ecosystems: maven
Packages: org.jenkins-ci.plugins:wso2id-oauth
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Low
GSA_kwCzR0hTQS1jN3A2LXgycDMtM3dwaM33UQ
Jenkins youtrack-plugin Plugin stored credentials in plain text
Ecosystems: maven
Packages: org.jenkins-ci.plugins:youtrack-plugin
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTI3djctcWhmdi1ycXE4
Insecure Credential Storage in web3
Ecosystems: npm
Packages: web3
Source: GitHub Advisory Database
Blast Radius: 16.3
Published: almost 5 years ago
Low
GSA_kwCzR0hTQS1qNXFnLXc5amctM3dnM80cpA
Inability to de-op players if listed in ops.txt with non-lowercase letters
Ecosystems: packagist
Packages: pocketmine/pocketmine-mp
Source: GitHub Advisory Database
Blast Radius: 6.9
Published: over 2 years ago
Low
GSA_kwCzR0hTQS03aGY2LWhnZ3AtdnZwOc33Zw
Jenkins CloudCoreo DeployTime Plugin stores credentials in plain text
Ecosystems: maven
Packages: com.cloudcoreo.plugins:cloudcoreo-deploytime
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Low
GSA_kwCzR0hTQS1tN3E4LThnNTYtbTc4d833aA
Jenkins Netsparker Enterprise Scan Plugin stored credentials in plain text
Ecosystems: maven
Packages: org.jenkins-ci.plugins:netsparker-cloud-scan
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Low
GSA_kwCzR0hTQS01NzIyLXY1d2MteDdoOM37DQ
Jenkins veracode-scanner Plugin stores credentials in plain text
Ecosystems: maven
Packages: org.jenkins-ci.plugins:veracode-scanner
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Low
GSA_kwCzR0hTQS1waHdyLXBtaDMtbThnMs37Dg
Jenkins aws-device-farm Plugin stores credentials in plain text
Ecosystems: maven
Packages: org.jenkins-ci.plugins:aws-device-farm
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Low
GSA_kwCzR0hTQS12djZwLTYzZzgtbThmd837BQ
Jenkins Audit to Database Plugin stores credentials in plain text
Ecosystems: maven
Packages: org.jenkins-ci.plugins:audit2db
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Low
GSA_kwCzR0hTQS1qdnI1LXI2NjMtcXhnd833YQ
Jenkins Sametime Plugin stores credentials in plain text
Ecosystems: maven
Packages: org.jenkins-ci.plugins:sametime
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Low
GSA_kwCzR0hTQS14NDY0LXI3ZjQtZ2ozbc33Yw
Jenkins Koji Plugin stores credentials in plain text
Ecosystems: maven
Packages: org.jenkins-ci.plugins:koji
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Low
GSA_kwCzR0hTQS1qY3dqLWo1NzQtOGoyY84AAgmI
Jenkins Azure AD Plugin stored the client secret unencrypted
Ecosystems: maven
Packages: org.jenkins-ci.plugins:azure-ad
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS1tMzRyLWY3aDYtYzNqMs37CQ
Jenkins AWS CloudWatch Logs Publisher Plugin stores credentials in plain text
Ecosystems: maven
Packages: org.jenkins-ci.plugins:aws-cloudwatch-logs-publisher
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Low
GSA_kwCzR0hTQS1tOWoyLWdycWYtZmcyNs4AAW5D
Jenkins Reverse Proxy Auth Plugin allows attackers with local file system access to obtain a list of authorities for logged in users
Ecosystems: maven
Packages: org.jenkins-ci.plugins:reverse-proxy-auth-plugin
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Low
GSA_kwCzR0hTQS00Y3hyLTR2d2MtNnBnN837Cw
Jenkins Bitbucket Approve Plugin stores credentials in plain text
Ecosystems: maven
Packages: org.jenkins-ci.plugins:bitbucket-approve
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Low
GSA_kwCzR0hTQS01ZnE5LXg5ZjQteDJyMs4AASkM
Jenkins z/OS Connector Plugin allows local attacker to retrieve configured password
Ecosystems: maven
Packages: org.jenkins-ci.plugins:zos-connector
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Low
GSA_kwCzR0hTQS05ZnBxLXYycDMtdzYzas33Xg
Jenkins Relution Enterprise Appstore Publisher Plugin stores credentials in plain text
Ecosystems: maven
Packages: org.jenkins-ci.plugins:relution-publisher
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Low
GSA_kwCzR0hTQS03NWhxLWg2ZzktaDRxNc4AA6jC
Wasmtime vulnerable to panic when using a dropped extenref-typed element segment
Ecosystems: cargo
Packages: wasmtime
Source: GitHub Advisory Database
Blast Radius: 11.2
Published: about 2 months ago
Low
GSA_kwCzR0hTQS03bWZwLTkzOHItZmNmas36-Q
Jenkins hyper.sh Commons Plugin stores credentials in plain text
Ecosystems: maven
Packages: sh.hyper.plugins:hyper-commons
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Low
GSA_kwCzR0hTQS1wZ3A5LXg4M2ctdjh4OM4AAtDV
Plaintext Storage of a Password in Jenkins RocketChat Notifier Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:rocketchatnotifier
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS1tMzY1LTk4ajgtdzk2d84AAjx3
Jenkins Zephyr for JIRA Test Management Plugin stores credentials in plain text
Ecosystems: maven
Packages: org.jenkins-ci.plugins:zephyr-for-jira-test-management
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS0ycWg2LWhodnYtbTJ3d84AAts9
Jenkins HTTP Request Plugin stores HTTP Request passwords unencrypted
Ecosystems: maven
Packages: org.jenkins-ci.plugins:http_request
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS03ang4LTI0NGctamZweM367g
Jenkins OWASP ZAP Plugin stores unencrypted credentials
Ecosystems: maven
Packages: org.jenkins-ci.plugins:zap
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Low
GSA_kwCzR0hTQS13cHBwLXhxZnYtNmNtN84AAtDW
Token stored in plain text by Jenkins Cisco Spark Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:cisco-spark
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS13cDcyLTdoajktNTI2Nc4AAyUI
Remote file existence check vulnerability in `mlflow server` and `mlflow ui` CLIs
Ecosystems: pypi
Packages: mlflow
Source: GitHub Advisory Database
Blast Radius: 12.2
Published: about 1 year ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXdtamYtanBqai05ZjNq
RuboCop gem Insecure use of /tmp
Ecosystems: rubygems
Packages: rubocop
Source: GitHub Advisory Database
Blast Radius: 16.7
Published: over 6 years ago
Low
GSA_kwCzR0hTQS1nZzhyLTI0cW0tcWZjaM4AAgmS
Jenkins Aqua MicroScanner Plugin stored credentials in plain text
Ecosystems: maven
Packages: org.jenkins-ci.plugins:aqua-microscanner
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS1xcWhxLThyMmMtYzNmNc4AA322
nvdApiKey is logged in debug mode
Ecosystems: maven
Packages: org.owasp:dependency-check-maven, org.owasp:dependency-check-cli, org.owasp:dependency-check-ant
Source: GitHub Advisory Database
Blast Radius: 6.9
Published: 5 months ago
Low
GSA_kwCzR0hTQS05aDc5LTVtMmYtbXFqMs4AAs7y
Squash TM Publisher (Squash4Jenkins) Plugin stores passwords stored in plain text
Ecosystems: maven
Packages: org.jenkins-ci.plugins:squashtm-publisher
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS1oeDNyLXF3eHYtNWp3Oc0zGw
Client Secret stored in plain text by Jenkins GitLab Authentication Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:gitlab-oauth
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Low
GSA_kwCzR0hTQS1yOXhjLTU0Y3EtOTlyN84AAiY4
Cleartext Storage of Sensitive Information in Jenkins ElasticBox CI Plugin
Ecosystems: maven
Packages: com.elasticbox.jenkins-ci.plugins:elasticbox
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Statistics
Advisories: 18,774
Packages: 8,381
Repositories: 451
Ecosystems: 12
Filter by Severity
Moderate 8,161 High 6,452 Critical 2,849 Low 1,017
Filter by Ecosystem
pypi 458 maven 282 packagist 181 npm 129 go 125 rubygems 48 cargo 40 nuget 19 hex 3 pub 1 swift 1 actions 1
Filter by Package
tensorflow 109 tensorflow-gpu 93 tensorflow-cpu 93 moodle/moodle 17 concrete5/concrete5 13 shopware/platform 12 typo3/cms 11 github.com/mattermost/mattermost/server/v8 10 phpmyadmin/phpmyadmin 10 shopware/core 10 nova 9 org.apache.tomcat:tomcat 9 org.jenkins-ci.main:jenkins-core 9 matrix-synapse 7 vyper 7 Umbraco.CMS 6 puppet 6 undici 5 k8s.io/kubernetes 5 wasmtime 5 sweetalert2 5 rack 5 helm.sh/helm/v3 5 typo3/cms-core 5 october/backend 5 baserproject/basercms 5 ansible 5 shopware/shopware 4 github.com/cilium/cilium 4 helm.sh/helm 4 electron 4 org.keycloak:keycloak-services 4 simplesamlphp/simplesamlphp 4 magento/community-edition 4 github.com/mattermost/mattermost-server/v6 4 com.vaadin:flow-server 4 actionpack 4 github.com/cosmos/cosmos-sdk 3 bin-links 3 go.etcd.io/etcd 3 nautobot 3 ethyca-fides 3 plone 3 org.graylog2:graylog2-server 3 @openzeppelin/contracts-upgradeable 3 wagtail 3 org.apache.hive:hive-exec 3 com.vaadin:vaadin-bom 3 org.apache.hive:hive-service 3 ckb 3 org.apache.hive:hive 3 node-forge 3 glance 3 passenger 3 cryptography 3 httplib2 3 sylius/sylius 3 symfony/symfony 3 github.com/mattermost/mattermost-server 3 craftcms/cms 2 silverstripe/framework 2 Flask-Security-Too 2 winter/wn-backend-module 2 org.apache.activemq:activemq-parent 2 braces 2 django 2 github.com/opencontainers/runc 2 github.com/authzed/spicedb 2 org.jenkins-ci.plugins:azure-ad 2 next-auth 2 org.jenkins-ci.plugins:bigpanda-jenkins 2 github.com/cometbft/cometbft 2 org.jenkins-ci.plugins:wso2id-oauth 2 activesupport 2 org.jenkins-ci.plugins:artifactory 2 github.com/mattermost/mattermost-plugin-jira 2 horizon 2 vantage6 2 s2n-quic 2 cargo 2 org.jenkins-ci.plugins:mercurial 2 org.jenkins-ci.plugins:repository-connector 2 Zope 2 go.etcd.io/etcd/client/v3 2 github.com/mutagen-io/mutagen 2 typo3/cms-install 2 aiohttp 2 grumpydictator/firefly-iii 2 moin 2 github.com/answerdev/answer 2 com.inedo.proget:inedo-proget 2 github.com/sigstore/cosign 2 org.jenkins-ci.plugins:ec2 2 github.com/containerd/containerd 2 Pillow 2 Django 2 node-ipc 2 salt 2 ceph-deploy 2 @apollo/server 2 tools.devnull:build-notifications 2 @openzeppelin/contracts 2 OctoPrint 2 flarum/core 2 parse-server 2 com.ruoyi:ruoyi 2 github.com/ntbosscher/gobase 2 langchain 2 Nova 2 github.com/hashicorp/nomad 2 gilacms/gila 2 october/cms 2 Flask-AppBuilder 2 ezsystems/ezplatform-kernel 2 keystone 2 ezsystems/ezpublish-kernel 2 microweber/microweber 2 typo3/cms-frontend 2 org.xwiki.platform:xwiki-platform-oldcore 2 pip 2 tuf 2 org.bouncycastle:bcprov-jdk14 2 symfony/security-http 2 org.eclipse.jetty:jetty-server 2 kafo 1 go.elastic.co/apm 1 Werkzeug 1 mindspore 1 github.com/nats-io/nats-server/v2 1 wiremock 1 com.github.tomakehurst:wiremock-jre8-standalone 1 com.github.tomakehurst:wiremock-jre8 1 org.wiremock:wiremock 1 org.wiremock:wiremock-standalone 1 django-basic-auth-ip-whitelist 1 qutebrowser 1 rabbit_common 1 automad/automad 1 github.com/Masterminds/goutils 1 @liquity/contracts 1 org.bouncycastle:bcprov-jdk18on 1 org.scala-sbt:io_3 1 org.scala-sbt:io_2.13 1 org.bouncycastle:bcprov-jdk15to18 1 org.scala-sbt:io_2.12 1 org.bouncycastle:bcprov-jdk13 1 org.scala-sbt:sbt 1 org.bouncycastle:bcprov-jdk12 1 io.jenkins.plugins:gitlab-branch-source 1 org.springframework.batch:spring-batch-core 1 org.jenkins-ci.plugins:ghprb 1 com.xuxueli:xxl-job-core 1 org.keycloak:keycloak-core 1 org.jenkins-ci.plugins:openshift-deployer 1 @diez/generation 1 virtualenv 1 com.typesafe.play:play 1 nokogiri 1 ember-source 1 github.com/oauth2-proxy/oauth2-proxy 1 @aedart/support 1 streamlit 1 github.com/oauth2-proxy/oauth2-proxy/v7 1 org.jenkins-ci.plugins:reverse-proxy-auth-plugin 1 thelounge 1 org.xmlunit:xmlunit-core 1 org.keycloak:keycloak-parent 1 merge-objects 1 bigint-money 1 put 1 firebase-tools 1 debug 1 solidus_backend 1 phpmyfaq/phpmyfaq 1 apostrophe 1 admidio/admidio 1 org.eclipse.jetty:jetty-openid 1 spina 1 org.keycloak:keycloak-server-spi-private 1 datasette-graphql 1 plone.restapi 1 github.com/flyteorg/flyteadmin 1 markdown-link-extractor 1 type-graphql 1 github.com/containers/podman/v4 1 xmpp-http-upload 1 tqdm 1 github.com/slsa-framework/slsa-verifier/v2 1 personnummer 1 github.com/slsa-framework/slsa-verifier 1 org.jenkins-ci.plugins:telegrambot 1 vodozemac 1 flarum/framework 1 net.sf.mpxj:mpxj 1 net.sf.mpxj 1 net.sf.mpxj-for-csharp 1 hyper 1 org.xwiki.platform:xwiki-platform-security-authentication-script 1 net.sf.mpxj-for-vb 1 mpxj 1
Filter by Repository
https://github.com/tensorflow/tensorflow 109 https://github.com/moodle/moodle 17 https://github.com/concretecms/concretecms 13 https://github.com/shopware/platform 12 https://github.com/openstack/nova 11 https://github.com/etcd-io/etcd 8 https://github.com/umbraco/Umbraco-CMS 7 https://github.com/matrix-org/synapse 7 https://github.com/phpmyadmin/phpmyadmin 7 https://github.com/eclipse/jetty.project 7 https://github.com/vyperlang/vyper 7 https://github.com/octobercms/october 7 https://github.com/rails/rails 6 https://github.com/sweetalert2/sweetalert2 5 https://github.com/nodejs/undici 5 https://github.com/rack/rack 5 https://github.com/ansible/ansible 5 https://github.com/helm/helm 5 https://github.com/kubernetes/kubernetes 5 https://github.com/keycloak/keycloak 5 https://github.com/bytecodealliance/wasmtime 5 https://github.com/baserproject/basercms 5 https://github.com/TYPO3/typo3 5 https://github.com/xwiki/xwiki-platform 5 https://github.com/puppetlabs/puppet 5 https://github.com/jenkinsci/jenkins 5 https://github.com/simplesamlphp/simplesamlphp 4 https://github.com/apache/tomcat 4 https://github.com/cilium/cilium 4 https://github.com/wintercms/winter 4 https://github.com/electron/electron 4 https://github.com/shopware/shopware 4 https://github.com/mattermost/mattermost 4 https://github.com/vaadin/platform 4 https://github.com/wagtail/wagtail 3 https://github.com/nautobot/nautobot 3 https://github.com/Graylog2/graylog2-server 3 https://github.com/django/django 3 https://github.com/digitalbazaar/forge 3 https://github.com/phusion/passenger 3 https://github.com/vaadin/flow 3 https://github.com/vantage6/vantage6 3 https://github.com/symfony/symfony 3 https://github.com/httplib2/httplib2 3 https://github.com/nervosnetwork/ckb 3 https://github.com/cosmos/cosmos-sdk 3 https://github.com/pyca/cryptography 3 https://github.com/ethyca/fides 3 https://github.com/Sylius/Sylius 3 https://github.com/CVEProject/cvelist 3 https://github.com/openstack/keystone 3 https://github.com/answerdev/answer 2 https://github.com/saltstack/salt 2 https://github.com/openstack/glance 2 https://github.com/aio-libs/aiohttp 2 https://github.com/aws/s2n-quic 2 https://github.com/ezsystems/ezplatform-kernel 2 https://github.com/ntbosscher/gobase 2 https://github.com/microweber/microweber 2 https://github.com/zopefoundation/Zope 2 https://github.com/quarkusio/quarkus 2 https://github.com/cometbft/cometbft 2 https://github.com/containerd/containerd 2 https://github.com/RIAEvangelist/node-ipc 2 https://github.com/Flask-Middleware/flask-security 2 https://github.com/TYPO3/TYPO3.CMS 2 https://github.com/bcgit/bc-java 2 https://github.com/hashicorp/nomad 2 https://github.com/OpenZeppelin/openzeppelin-contracts 2 https://github.com/nats-io/nats-server 2 https://github.com/jenkinsci/ec2-plugin 2 https://github.com/nextauthjs/next-auth 2 https://github.com/ceph/ceph-deploy 2 https://github.com/apollographql/apollo-server 2 https://github.com/apache/activemq 2 https://gitlab.com/sequoia-pgp/sequoia 2 https://github.com/GilaCMS/gila 2 https://github.com/opencontainers/runc 2 https://github.com/mutagen-io/mutagen 2 https://github.com/theupdateframework/python-tuf 2 https://github.com/parse-community/parse-server 2 https://github.com/openstack/horizon 2 https://github.com/octoprint/octoprint 2 https://github.com/dpgaspar/Flask-AppBuilder 2 https://github.com/opencontainers/distribution-spec 2 https://github.com/firefly-iii/firefly-iii 2 https://github.com/pypa/pip 2 https://github.com/sigstore/cosign 2 https://github.com/flarum/framework 2 https://github.com/rust-lang/cargo 2 https://github.com/authzed/spicedb 2 https://github.com/mattermost/mattermost-plugin-jira 2 https://github.com/micromatch/braces 2 https://github.com/craftcms/cms 2 https://github.com/tinymce/tinymce 1 https://github.com/ezsystems/ezpublish-kernel 1 https://github.com/NVIDIA/NeMo 1 https://github.com/vapor/postgres-nio 1 https://github.com/vega/vega 1 https://github.com/jquery-validation/jquery-validation 1 https://github.com/keylime/keylime 1 https://github.com/Azure/setup-kubectl 1 https://github.com/spinacms/spina 1 https://github.com/decidim/decidim 1 https://github.com/swagger-api/swagger-codegen 1 https://github.com/knative-extensions/eventing-github 1 https://github.com/simplegeo/python-oauth2 1 https://github.com/personnummer/csharp 1 https://github.com/Consensys/gnark-crypto 1 https://github.com/http4s/http4s 1 https://github.com/admidio/admidio 1 https://github.com/httpie/httpie 1 https://github.com/waysact/webpack-subresource-integrity 1 https://github.com/keystonejs/keystone 1 https://github.com/spring-projects/spring-data-rest 1 https://github.com/Twipped/ircdkit 1 https://github.com/directus/directus 1 https://github.com/cloudfoundry/uaa 1 https://github.com/plone/Products.CMFPlone 1 https://github.com/jenkinsci/mercurial-plugin 1 https://github.com/canonical/lxd 1 https://github.com/yiisoft/yii2-authclient 1 https://github.com/skylot/jadx 1 https://github.com/Masterminds/goutils 1 https://github.com/google/zerocopy 1 https://github.com/dojo/dijit 1 https://github.com/jeremylong/DependencyCheck 1 https://github.com/tauri-apps/tauri 1 https://github.com/node-red/node-red 1 https://github.com/ubernostrum/django-registration 1 https://github.com/rails/globalid 1 https://github.com/moq/moq 1 https://github.com/personnummer/php 1 https://github.com/openjdk/jfx 1 https://github.com/livehelperchat/livehelperchat 1 https://github.com/CosmWasm/cosmwasm 1 https://github.com/endojs/endo 1 https://github.com/cjvnjde/google-translate-api-browser 1 https://github.com/puma/puma 1 https://github.com/floriangaerber/Magnesium-PHP 1 https://github.com/zowe/imperative 1 https://github.com/derbyjs/derby 1 https://github.com/jenkinsci/digitalocean-plugin 1 https://github.com/croogo/croogo 1 https://github.com/theupdateframework/go-tuf 1 https://github.com/thelounge/thelounge 1 https://github.com/Cyber-Domain-Ontology/CDO-Utility-Local-UUID 1 https://github.com/joeferner/redis-commander 1 https://github.com/fastify/fastify-http-proxy 1 https://github.com/brefphp/bref 1 https://github.com/electron-userland/electron-packager 1 https://github.com/ktorio/ktor 1 https://github.com/PrestaShop/productcomments 1 https://github.com/mlflow/mlflow 1 https://github.com/kopia/kopia 1 https://github.com/jenkinsci/qmetry-for-jira-test-management-plugin 1 https://github.com/fluent/fluentd 1 https://github.com/python-imaging/Pillow 1 https://github.com/jenkinsci/email-ext-plugin 1 https://github.com/jcubic/jquery.terminal 1 https://github.com/medikoo/es5-ext 1 https://github.com/lexik/LexikJWTAuthenticationBundle 1 https://github.com/kitabisa/teler 1 https://github.com/jenkinsci/inedo-buildmaster-plugin 1 https://github.com/onionshare/onionshare 1 https://github.com/sparklemotion/sqlite3-ruby 1 https://github.com/memorysafety/sudo-rs 1 https://github.com/ericcornelissen/shescape 1 https://github.com/alphagov/tech-docs-gem 1 https://github.com/tailscale/tailscale 1 https://github.com/Nebulosus/shamir 1 https://github.com/ajenti/ajenti 1 https://github.com/xuxueli/xxl-job 1 https://github.com/yourls/yourls 1 https://github.com/bbatsov/rubocop 1 https://github.com/dan1hc/fgr 1 https://github.com/jenkinsci/github-plugin 1 https://github.com/kiwitcms/Kiwi 1 https://github.com/gradle/gradle 1 https://gitlab.com/edneville/please 1 https://github.com/xmlunit/xmlunit 1 https://github.com/octokit/octopoller.rb 1 https://github.com/disintegration/imaging 1 https://github.com/node-js-libs/cli 1 https://github.com/Brondahl/EnumStringValues 1 https://github.com/foxcpp/maddy 1 https://github.com/jenkinsci/git-client-plugin 1 https://github.com/personnummer/go 1 https://github.com/amundsen-io/amundsenfrontendlibrary 1 https://github.com/elastic/apm-agent-go 1 https://github.com/rust-vmm/linux-loader 1 https://github.com/jenkinsci/resource-disposer-plugin 1 https://github.com/zopefoundation/Products.GenericSetup 1 https://github.com/npm/npm 1 https://github.com/triaxtec/openapi-python-client 1 https://github.com/arguiot/EyeJS 1 https://github.com/dub-flow/vulnerability-research 1 https://github.com/jenkinsci/gitlab-plugin 1 https://github.com/impredicative/bitlyshortener 1