Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Low Security Advisories

Loading...
Low
GSA_kwCzR0hTQS1nNnJ4LTJ3ODQteG1nas4AA1uu
CSRF vulnerability in Jenkins Frugal Testing Plugin
Ecosystems: maven
Packages: io.jenkins.plugins:frugal-testing
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 9 months ago
Low
GSA_kwCzR0hTQS1xN3BwLXdjZ3ItcGZmeM4AA1rS
Crash when processing crafted TIFF files
Ecosystems: go
Packages: github.com/disintegration/imaging
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 9 months ago
Low
GSA_kwCzR0hTQS14YzI3LWY5cTMtNDQ0OM4AA1rH
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in hyper-bump-it
Ecosystems: pypi
Packages: hyper-bump-it
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 9 months ago
Low
GSA_kwCzR0hTQS00OWhoLWZwcngtbTY4Z84AA1rB
Default functions in VolatileMemory trait lack bounds checks, potentially leading to out-of-bounds memory accesses
Ecosystems: cargo
Packages: vm-memory
Source: GitHub Advisory Database
Blast Radius: 6.1
Published: 9 months ago
Low
GSA_kwCzR0hTQS1qNWczLTVjOHItN3FmeM4AA1lN
Prevent logging invalid header values
Ecosystems: npm
Packages: apollo-server-core, @apollo/server
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 9 months ago
Low
GSA_kwCzR0hTQS0zN3hxLXE0MnAtcnYzcM4AA1fc
ntpd has Dependency on Vulnerable Third-Party Component
Ecosystems: cargo
Packages: ntpd
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 9 months ago
Low
GSA_kwCzR0hTQS13cnJqLWg1N3Itdng5cM4AA1fa
Malicious dependencies can inject arbitrary JavaScript into cargo-generated timing reports
Ecosystems: cargo
Packages: cargo
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 9 months ago
Low
GSA_kwCzR0hTQS1xNHBwLWozNmgtM2dxZ84AA1e3
Minimal `basti` IAM Policy Allows Shell Access
Ecosystems: npm
Packages: basti-cdk
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 9 months ago
Low
GSA_kwCzR0hTQS1jcjVxLTZxOWYtcnE2cc4AA1eP
Active Support Possibly Discloses Locally Encrypted Files
Ecosystems: rubygems
Packages: activesupport
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 9 months ago
Low
GSA_kwCzR0hTQS01cjMzLW1namYtNjY1Ns4AA1Vz
Jenkins Tuleap Authentication Plugin non-constant time token comparison
Ecosystems: maven
Packages: io.jenkins.plugins:tuleap-oauth
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 9 months ago
Low
GSA_kwCzR0hTQS1nM3Y2LXI4cDktd3hnOc4AA1Pz
Mattermost fails to correctly delete attachments
Ecosystems: go
Packages: github.com/mattermost/mattermost-server/v6
Source: GitHub Advisory Database
Blast Radius: 6.9
Published: 9 months ago
Low
GSA_kwCzR0hTQS05cm1mLTZxZ2otZzN3as4AA1Og
Froxlor vulnerable to business logic errors
Ecosystems: packagist
Packages: froxlor/froxlor
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 9 months ago
Low
GSA_kwCzR0hTQS02cjc4LW02NG0tcXdjZs4AA1OC
Moq v4.20.0-rc to 4.20.1 share hashed user data
Ecosystems: nuget
Packages: moq
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 9 months ago
Low
GSA_kwCzR0hTQS1jN2hoLTN2NmMtZmo0cc4AA1De
matrix-appservice-irc events can be crafted to leak parts of targeted messages from other bridged rooms
Ecosystems: npm
Packages: matrix-appservice-irc
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 10 months ago
Low
GSA_kwCzR0hTQS1qbTc3LXFwaGYtYzR3OM4AA0_V
pyca/cryptography's wheels include vulnerable OpenSSL
Ecosystems: pypi
Packages: cryptography
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 10 months ago
Low
GSA_kwCzR0hTQS0zNnh4LTd2ZjYtN212M84AA0-N
Silverstripe Framework: Members with no password can be created and bypass custom login forms
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 10 months ago
Low
GSA_kwCzR0hTQS02OHA0LTk1eGYtN2d4OM4AA08P
Denial of service from large image
Ecosystems: go
Packages: github.com/crossplane/crossplane
Source: GitHub Advisory Database
Blast Radius: 4.7
Published: 10 months ago
Low
GSA_kwCzR0hTQS1yeHZqLTVtdjYtajVtY84AA070
Cross-site Scripting in Mingsoft MCMS
Ecosystems: maven
Packages: net.mingsoft:ms-mcms
Source: GitHub Advisory Database
Blast Radius: 1.1
Published: 10 months ago
Low
GSA_kwCzR0hTQS1nY2g1LWh3cWYtbXhocM4AA069
Unsoundness in `intern` methods on `intaglio` symbol interners
Ecosystems: cargo
Packages: intaglio
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 10 months ago
Low
GSA_kwCzR0hTQS01amM1LW04N3gtODhmas4AA05e
Secret displayed without masking by Chef Identity Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:chef-identity
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 10 months ago
Low
GSA_kwCzR0hTQS1qcTZnLTR2NW0td205cs4AA04k
Information Disclosure due to Out-of-scope Site Resolution
Ecosystems: packagist
Packages: typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 13.3
Published: 10 months ago
Low
GSA_kwCzR0hTQS1yZmhnLXJqZnAtOXE4cc4AA03d
Potential denial of service after connection migration
Ecosystems: cargo
Packages: s2n-quic
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 10 months ago
Low
GSA_kwCzR0hTQS1wNHd3LWo0cHItcXc2cc4AA01M
RuoYi vulnerable to Cross-site Scripting
Ecosystems: maven
Packages: com.ruoyi:ruoyi
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 10 months ago
Low
GSA_kwCzR0hTQS05amZ4LTg0djktMnJyMs4AA0z2
Nomad Caller ACL Token’s Secret ID is Exposed to Sentinel
Ecosystems: go
Packages: github.com/hashicorp/nomad
Source: GitHub Advisory Database
Blast Radius: 7.9
Published: 10 months ago
Low
GSA_kwCzR0hTQS1nNHdnLWNmcGYtOTY4Oc4AA0zn
keylime fails to flag device as untrusted when signature does not validate
Ecosystems: pypi
Packages: keylime
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 10 months ago
Low
GSA_kwCzR0hTQS04aGM2LXc0NG0td2Z4Zs4AA0zl
Potential leak of credentials in Micro Focus Dimensions CM Jenkins Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:dimensionsscm
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 10 months ago
Low
GSA_kwCzR0hTQS0zcncyLXdmYzgtd21qNc4AA0xu
Fides Webserver Vulnerable to SVG Bomb File Uploads
Ecosystems: pypi
Packages: ethyca-fides
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 10 months ago
Low
GSA_kwCzR0hTQS1nOTVjLTJqZ20taHFjNs4AA0xt
Fides Webserver Vulnerable to Zip Bomb File Uploads
Ecosystems: pypi
Packages: ethyca-fides
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 10 months ago
Low
GSA_kwCzR0hTQS1mMnd4LXhqZncteGp2Ns4AA0vw
topgrade Time-of-check Time-of-use (TOCTOU) Race Condition in remove_dir_all
Ecosystems: cargo
Packages: topgrade
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 10 months ago
Low
GSA_kwCzR0hTQS1oOXdxLXhjcXgtbXF4bc4AA0m0
Vendure Cross Site Request Forgery vulnerability impacting all API requests
Ecosystems: npm
Packages: @vendure/core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 10 months ago
Low
GSA_kwCzR0hTQS01OHF3LXA3cW0tNXJ2aM4AA0ib
Eclipse Jetty XmlParser allows arbitrary DOCTYPE declarations
Ecosystems: maven
Packages: org.eclipse.jetty:jetty-xml
Source: GitHub Advisory Database
Blast Radius: 13.8
Published: 10 months ago
Low
GSA_kwCzR0hTQS1tcnI4LXY0OXctMzMzM84AA0iP
sweetalert2 v11.6.14 and above contains potentially undesirable behavior
Ecosystems: npm
Packages: sweetalert2
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 10 months ago
Low
GSA_kwCzR0hTQS02ZzJ3LTI1N3YtM2M5Zs4AA0hB
Apache Camel information exposure vulnerability
Ecosystems: maven
Packages: org.apache.camel:camel-jira
Source: GitHub Advisory Database
Blast Radius: 7.2
Published: 10 months ago
Low
GSA_kwCzR0hTQS13ancyLTRqN2otNmdjM84AA0fu
Winter CMS stored XSS through privileged upload of SVG file
Ecosystems: packagist
Packages: wintercms/winter
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 11 months ago
Low
GSA_kwCzR0hTQS13MmgzLXZ2dnEtM201M84AA0fs
Pipelines do not validate child UIDs
Ecosystems: go
Packages: github.com/tektoncd/pipeline
Source: GitHub Advisory Database
Blast Radius: 11.3
Published: 11 months ago
Low
GSA_kwCzR0hTQS0ycTRwLWY2Z2YtbXFyNc4AA0Xn
Graylog server has partial path traversal vulnerability in Support Bundle feature
Ecosystems: maven
Packages: org.graylog2:graylog2-server
Source: GitHub Advisory Database
Blast Radius: 6.5
Published: 11 months ago
Low
GSA_kwCzR0hTQS1nOTZjLXg3cmgtOTlyM84AA0Xm
Graylog vulnerable to insecure source port usage for DNS queries
Ecosystems: maven
Packages: org.graylog2:graylog2-server
Source: GitHub Advisory Database
Blast Radius: 7.3
Published: 11 months ago
Low
GSA_kwCzR0hTQS0zZnFtLWZyaGctN2M4Nc4AA0Xl
Graylog user session is still usable after logout
Ecosystems: maven
Packages: org.graylog2:graylog2-server
Source: GitHub Advisory Database
Blast Radius: 5.1
Published: 11 months ago
Low
GSA_kwCzR0hTQS1jZjZ2LTlqNTctdjZyNs4AA0Nx
code.gitea.io/gitea Open Redirect vulnerability
Ecosystems: go
Packages: code.gitea.io/gitea
Source: GitHub Advisory Database
Blast Radius: 4.7
Published: 11 months ago
Low
GSA_kwCzR0hTQS13NXc1LTI4ODItNDdwY84AA0KY
github.com/cosmos/cosmos-sdk's x/crisis does not charge ConstantFee
Ecosystems: go
Packages: github.com/cosmos/cosmos-sdk
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 11 months ago
Low
GSA_kwCzR0hTQS1mNWg0LXdtcDUteGhnNs4AA0KF
Client Spoofing within the Keycloak Device Authorisation Grant
Ecosystems: maven
Packages: org.keycloak:keycloak-server-spi-private, org.keycloak:keycloak-services
Source: GitHub Advisory Database
Blast Radius: 9.7
Published: 11 months ago
Low
GSA_kwCzR0hTQS1nOTh2LWh2M2YtaGNmcs4AA0KD
atty potential unaligned read
Ecosystems: cargo
Packages: atty
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 11 months ago
Low
GSA_kwCzR0hTQS1nbTJnLTJ4cjktcHh4as4AA0J6
Temporal Server vulnerable to Incorrect Authorization and Insecure Default Initialization of Resource
Ecosystems: go
Packages: go.temporal.io/server
Source: GitHub Advisory Database
Blast Radius: 4.4
Published: 11 months ago
Low
GSA_kwCzR0hTQS0zNzN3LXJqODQtcHY2eM4AA0In
SafeURL-Python's hostname blocklist does not block FQDNs
Ecosystems: pypi
Packages: SafeURL-Python
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 11 months ago
Low
GSA_kwCzR0hTQS1tNTRoLTV4NWYtNW02cs4AA0IM
SpiceDB's LookupResources may return partial results
Ecosystems: go
Packages: github.com/authzed/spicedb
Source: GitHub Advisory Database
Blast Radius: 4.6
Published: 11 months ago
Low
GSA_kwCzR0hTQS05N3doLTZobWotZzhqOc4AA0GL
Spina Cross-site Scripting vulnerability
Ecosystems: rubygems
Packages: spina
Source: GitHub Advisory Database
Blast Radius: 6.3
Published: 11 months ago
Low
GSA_kwCzR0hTQS12bXhnLXd4NmMtNGYzcs4AA0CZ
Admidio Improper Access Control vulnerability
Ecosystems: packagist
Packages: admidio/admidio
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 11 months ago
Low
GSA_kwCzR0hTQS0zZzdwLThxaHgtbWM4cs4AAz_2
Shescape potential environment variable exposure on Windows with CMD
Ecosystems: npm
Packages: shescape
Source: GitHub Advisory Database
Blast Radius: 4.5
Published: 11 months ago
Low
GSA_kwCzR0hTQS1jaDQ4LTlyM3EtcHY3eM4AAz_0
Vaadin vulnerable to possible information disclosure of class and method names in RPC response
Ecosystems: maven
Packages: com.vaadin:vaadin, com.vaadin:flow-server
Source: GitHub Advisory Database
Blast Radius: 11.4
Published: 11 months ago
Low
GSA_kwCzR0hTQS1qaHByLWo3Y3EtM2pwM84AAz_s
Flask-AppBuilder vulnerable to possible disclosure of sensitive information on user error
Ecosystems: pypi
Packages: Flask-AppBuilder
Source: GitHub Advisory Database
Blast Radius: 7.5
Published: 11 months ago
Low
GSA_kwCzR0hTQS02OGpoLXJmNngtODM2Zs4AAz6F
@apollo/server vulnerable to unsafe application of Content Security Policy via reused nonces
Ecosystems: npm
Packages: @apollo/server
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 11 months ago
Low
GSA_kwCzR0hTQS1yN3dyLTR3NXEtNTVtNs4AAz51
Cilium vulnerable to information leakage via incorrect ReferenceGrant handling
Ecosystems: go
Packages: github.com/cilium/cilium
Source: GitHub Advisory Database
Blast Radius: 6.8
Published: 11 months ago
Low
GSA_kwCzR0hTQS1ncHY1LTd4M2ctZ2hqds4AAz4I
fast-xml-parser regex vulnerability patch could be improved from a safety perspective
Ecosystems: npm
Packages: fast-xml-parser
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 11 months ago
Low
GSA_kwCzR0hTQS01ZnA2LTR4dzMteHFxM84AAzyU
@keystone-6/core's bundled cuid package known to be insecure
Ecosystems: npm
Packages: @keystone-6/core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 11 months ago
Low
GSA_kwCzR0hTQS1xZmg5LThwNTctbWpqas4AAzx5
git-url-parse crate vulnerable to Regular Expression Denial of Service
Ecosystems: cargo
Packages: git-url-parse
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 11 months ago
Low
GSA_kwCzR0hTQS1nM2hoLXE1NWYtOWczd84AAzvf
RuoYi Uncontrolled Resource Consumption vulnerability
Ecosystems: maven
Packages: com.ruoyi:ruoyi
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 12 months ago
Low
GSA_kwCzR0hTQS05OHB4LTY0ODYtajdxY84AAzr1
Synapse has URL deny list bypass via oEmbed and image URLs when generating previews
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 5.0
Published: 12 months ago
Low
GSA_kwCzR0hTQS0yOW1mLTYyeHgtMjhqcc4AAzpN
buffered-reader vulnerable to out-of-bounds array access leading to panic
Ecosystems: cargo
Packages: buffered-reader
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 12 months ago
Low
GSA_kwCzR0hTQS0yNW14LThmM3YtOHdoN84AAzpM
sequoia-openpgp vulnerable to out-of-bounds array access leading to panic
Ecosystems: cargo
Packages: sequoia-openpgp
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 12 months ago
Low
GSA_kwCzR0hTQS03Yzk0LWd2dmotcjNtZ84AAzot
cheqd-node affected by Inter-blockchain Communication (IBC) protocol "Huckleberry" vulnerability
Ecosystems: go
Packages: github.com/cheqd/cheqd-node
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 12 months ago
Low
GSA_kwCzR0hTQS01Y3BxLTh3ajctaGYyds4AAzmB
Vulnerable OpenSSL included in cryptography wheels
Ecosystems: pypi
Packages: cryptography
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 12 months ago
Low
GSA_kwCzR0hTQS1xZmM1LTZyM2otamoyMs4AAzmA
Go package github.com/cosmos/cosmos-sdk module x/crisis does NOT cause chain halt
Ecosystems: go
Packages: github.com/cosmos/cosmos-sdk
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 12 months ago
Low
GSA_kwCzR0hTQS1mN3F3LWpqOWMtcnBxOc4AAzkQ
In Lima, a malicious disk image could read a single file on the host filesystem as a qcow2/vmdk backing file
Ecosystems: go
Packages: github.com/lima-vm/lima
Source: GitHub Advisory Database
Blast Radius: 3.8
Published: 12 months ago
Low
GSA_kwCzR0hTQS14NjdnLTQ3cDMtcmM3Zs4AAzg9
MindSpore vulnerable to memory corruption
Ecosystems: pypi
Packages: mindspore
Source: GitHub Advisory Database
Blast Radius: 5.5
Published: 12 months ago
Low
GSA_kwCzR0hTQS0zd3hnLXc5NmotOGhxOc4AAzex
CraftCMS stored XSS in Quick Post widget error message
Ecosystems: packagist
Packages: craftcms/cms
Source: GitHub Advisory Database
Blast Radius: 12.7
Published: 12 months ago
Low
GSA_kwCzR0hTQS12eG1tLWN3aDItcTc2Ms4AAzbG
Vyper's nonpayable default functions are sometimes payable
Ecosystems: pypi
Packages: vyper
Source: GitHub Advisory Database
Blast Radius: 8.8
Published: 12 months ago
Low
GSA_kwCzR0hTQS12NWd3LW13N2YtODRweM4AAzXu
Starlette has Path Traversal vulnerability in StaticFiles
Ecosystems: pypi
Packages: starlette
Source: GitHub Advisory Database
Blast Radius: 16.6
Published: about 1 year ago
Low
GSA_kwCzR0hTQS1ncXhyLWh2cnctNmhmaM4AAzWv
Jenkins NS-ND Integration Performance Publisher Plugin displays credentials without masking
Ecosystems: maven
Packages: io.jenkins.plugins:cavisson-ns-nd-integration
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Low
GSA_kwCzR0hTQS0zcDRnLXJjdzUtODI5OM4AAzUC
etcd Key name can be accessed via LeaseTimeToLive API
Ecosystems: go
Packages: github.com/etcd-io/etcd
Source: GitHub Advisory Database
Blast Radius: 5.9
Published: about 1 year ago
Low
GSA_kwCzR0hTQS05Y2ZoLXZ4OTMtODR2ds4AAzRE
PostgresNIO processes unencrypted bytes from man-in-the-middle
Ecosystems: swift
Packages: github.com/vapor/postgres-nio
Source: GitHub Advisory Database
Blast Radius: 7.9
Published: about 1 year ago
Low
GSA_kwCzR0hTQS1xbXF3LXI0eDYtM3cycc4AAzLF
Answer Missing Authorization vulnerability
Ecosystems: go
Packages: github.com/answerdev/answer
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
Low
GSA_kwCzR0hTQS1qbXAyLXdjNHAtd2ZoMs4AAzGL
Mutagen list and monitor operations do not neutralize control characters in text controlled by remote endpoints
Ecosystems: go
Packages: github.com/mutagen-io/mutagen, github.com/mutagen-io/mutagen-compose
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: about 1 year ago
Low
GSA_kwCzR0hTQS1md2o0LTcyZm0tYzkzZ84AAzGI
Under-validated ComSpec and cmd.exe resolution in Mutagen projects
Ecosystems: go
Packages: github.com/mutagen-io/mutagen
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
Low
GSA_kwCzR0hTQS13d3hoLTc0ZngtMzNjNs4AAzCl
Possible prototype pollution in metadata record, when using meta decorator
Ecosystems: npm
Packages: @aedart/support
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
Low
GSA_kwCzR0hTQS1oanAzLTVnMnEtN2p3d84AAzCk
Race Condition leading to logging errors
Ecosystems: rubygems
Packages: audited
Source: GitHub Advisory Database
Blast Radius: 8.6
Published: about 1 year ago
Low
GSA_kwCzR0hTQS1mZ3hqLWc3eDMtODVjcc4AAzA6
Stored cross site scripting in RSS displayer
Ecosystems: packagist
Packages: concrete5/concrete5
Source: GitHub Advisory Database
Blast Radius: 1.7
Published: about 1 year ago
Low
GSA_kwCzR0hTQS00NzRmLW1janYtcGdybc4AAzA4
Concrete CMS (previously concrete5) is vulnerable to stored XSS in uploaded file and folder names
Ecosystems: packagist
Packages: concrete5/concrete5
Source: GitHub Advisory Database
Blast Radius: 3.0
Published: about 1 year ago
Low
GSA_kwCzR0hTQS1jaDg5LTVnNDUtcXdjN84AAy_z
Undefined Behavior in Rust runtime functions
Ecosystems: cargo
Packages: wasmtime
Source: GitHub Advisory Database
Blast Radius: 13.2
Published: about 1 year ago
Low
GSA_kwCzR0hTQS13OW1yLTI4bXctajhoZ84AAy-4
Hop-by-hop abuse to malform header mutator
Ecosystems: go
Packages: github.com/ory/oathkeeper
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
Low
GSA_kwCzR0hTQS02NWcyLXg1M3EtY21mNs4AAy9A
Sensitive Terraform Output Values Printed At Info Logging Level In Kitchen-Terraform
Ecosystems: rubygems
Packages: kitchen-terraform
Source: GitHub Advisory Database
Blast Radius: 7.7
Published: about 1 year ago
Low
GSA_kwCzR0hTQS03eDZxLTN2M20tY3dqZ84AAy8N
kiwi TCMS has possibility for user to update email address to unverified one
Ecosystems: pypi
Packages: kiwitcms
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
Low
GSA_kwCzR0hTQS00eHI0LTg5bTUtNDZjN84AAy4z
eslint-detailed-reporter vulnerable to cross-site scripting
Ecosystems: npm
Packages: eslint-detailed-reporter
Source: GitHub Advisory Database
Blast Radius: 7.0
Published: about 1 year ago
Low
GSA_kwCzR0hTQS1xNTVjLWhtcGYtNmgyZ84AAy4x
AzuraCast/AzuraCast vulnerable to cross-site scripting
Ecosystems: packagist
Packages: azuracast/azuracast
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Low
GSA_kwCzR0hTQS1wMjZnLTk3bTQtNnE3Y84AAy3M
Eclipse Jetty's cookie parsing of quoted values can exfiltrate values from other cookies
Ecosystems: maven
Packages: org.eclipse.jetty:jetty-server
Source: GitHub Advisory Database
Blast Radius: 10.9
Published: about 1 year ago
Low
GSA_kwCzR0hTQS12dnA3LXI0MjItcng4M84AAyu5
Unauthenticated user can have information about hidden users on subwikis through uorgsuggest.vm
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-web-templates
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Low
GSA_kwCzR0hTQS1nNDcyLWY4Y20tOHg1Zs4AAyuN
Jenkins WSO2 Oauth Plugin stores WSO2 Oauth client secret unencrypted in global config.xml file on Jenkins controller
Ecosystems: maven
Packages: org.jenkins-ci.plugins:wso2id-oauth
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Low
GSA_kwCzR0hTQS1xOWhtLWhyODktaGdtN84AAyuh
Jenkins WSO2 Oauth Plugin does not mask the WSO2 Oauth client secret on the global configuration form
Ecosystems: maven
Packages: org.jenkins-ci.plugins:wso2id-oauth
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Low
GSA_kwCzR0hTQS14Mnh3LWh3OGctNjc3M84AAyrS
govuk_tech_docs vulnerable to unescaped HTML on search results page
Ecosystems: rubygems
Packages: govuk_tech_docs
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
Low
GSA_kwCzR0hTQS1jMzN3LTI0cDktOG0yNM4AAygl
configobj ReDoS exploitable by developer using values in a server-side configuration file
Ecosystems: pypi
Packages: configobj
Source: GitHub Advisory Database
Blast Radius: 14.6
Published: about 1 year ago
Low
GSA_kwCzR0hTQS1tOGNnLXhjMnAtcjNmY84AAydr
rootless: `/sys/fs/cgroup` is writable when cgroupns isn't unshared in runc
Ecosystems: go
Packages: github.com/opencontainers/runc
Source: GitHub Advisory Database
Blast Radius: 11.1
Published: about 1 year ago
Low
GSA_kwCzR0hTQS0yNHd2LW12NW0teHY0aM4AAyUq
redis-py Race Condition vulnerability
Ecosystems: pypi
Packages: redis
Source: GitHub Advisory Database
Blast Radius: 18.0
Published: about 1 year ago
Low
GSA_kwCzR0hTQS13cDcyLTdoajktNTI2Nc4AAyUI
Remote file existence check vulnerability in `mlflow server` and `mlflow ui` CLIs
Ecosystems: pypi
Packages: mlflow
Source: GitHub Advisory Database
Blast Radius: 12.2
Published: about 1 year ago
Low
GSA_kwCzR0hTQS1oMndnLTgzZmMteHZtOc4AAyMw
Answer vulnerable to Business Logic Errors
Ecosystems: go
Packages: github.com/answerdev/answer
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
Low
GSA_kwCzR0hTQS1jNnFnLWNqajgtNDdxcM4AAyIq
Possible Denial of Service Vulnerability in Rack's header parsing
Ecosystems: rubygems
Packages: rack
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
Low
GSA_kwCzR0hTQS02Nm00LWdjOGgtaHBqeM4AAyDt
Timing attack in eZ Platform Ibexa
Ecosystems: packagist
Packages: ezsystems/ezpublish-kernel, ezsystems/ezplatform-kernel
Source: GitHub Advisory Database
Blast Radius: 9.4
Published: about 1 year ago
Low
GSA_kwCzR0hTQS01ODRtLTdyNG0tOGo2ds4AAyCI
Incorrect Authorization in Jenkins Core
Ecosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Low
GSA_kwCzR0hTQS1ycmdwLWMydzgtNnZnNs4AAyCG
Information disclosure through error stack traces related to agents
Ecosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Low
GSA_kwCzR0hTQS14bTY3LTU4N3EtcjJ2d84AAyAX
wasmtime vulnerable to miscompilation of `i8x16.select` with the same inputs on x86_64
Ecosystems: cargo
Packages: cranelift-codegen, wasmtime
Source: GitHub Advisory Database
Blast Radius: 10.9
Published: about 1 year ago
Low
GSA_kwCzR0hTQS1wNzU2LXJmeGgteDYzaM4AAx-a
Azure/setup-kubectl: Escalation of privilege vulnerability for v3 and lower
Ecosystems: actions
Packages: Azure/setup-kubectl
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Low
GSA_kwCzR0hTQS01Z3A1LXZ4ajYtNDI1N84AAx9T
OpenStack Glance Inclusion of Functionality from Untrusted Control Sphere vulnerability
Ecosystems: pypi
Packages: glance
Source: GitHub Advisory Database
Blast Radius: 3.1
Published: about 1 year ago
Statistics
Advisories: 18,774
Packages: 8,381
Repositories: 451
Ecosystems: 12
Filter by Severity
Moderate 8,161 High 6,452 Critical 2,849 Low 1,017
Filter by Ecosystem
pypi 458 maven 282 packagist 181 npm 129 go 125 rubygems 48 cargo 40 nuget 19 hex 3 pub 1 swift 1 actions 1
Filter by Package
tensorflow 109 tensorflow-gpu 93 tensorflow-cpu 93 moodle/moodle 17 concrete5/concrete5 13 shopware/platform 12 typo3/cms 11 github.com/mattermost/mattermost/server/v8 10 phpmyadmin/phpmyadmin 10 shopware/core 10 nova 9 org.apache.tomcat:tomcat 9 org.jenkins-ci.main:jenkins-core 9 matrix-synapse 7 vyper 7 Umbraco.CMS 6 puppet 6 undici 5 k8s.io/kubernetes 5 wasmtime 5 sweetalert2 5 rack 5 helm.sh/helm/v3 5 typo3/cms-core 5 october/backend 5 baserproject/basercms 5 ansible 5 shopware/shopware 4 github.com/cilium/cilium 4 helm.sh/helm 4 electron 4 org.keycloak:keycloak-services 4 simplesamlphp/simplesamlphp 4 magento/community-edition 4 github.com/mattermost/mattermost-server/v6 4 com.vaadin:flow-server 4 actionpack 4 github.com/cosmos/cosmos-sdk 3 bin-links 3 go.etcd.io/etcd 3 nautobot 3 ethyca-fides 3 plone 3 org.graylog2:graylog2-server 3 @openzeppelin/contracts-upgradeable 3 wagtail 3 org.apache.hive:hive-exec 3 com.vaadin:vaadin-bom 3 org.apache.hive:hive-service 3 ckb 3 org.apache.hive:hive 3 node-forge 3 glance 3 passenger 3 cryptography 3 httplib2 3 sylius/sylius 3 symfony/symfony 3 github.com/mattermost/mattermost-server 3 craftcms/cms 2 silverstripe/framework 2 Flask-Security-Too 2 winter/wn-backend-module 2 org.apache.activemq:activemq-parent 2 braces 2 django 2 github.com/opencontainers/runc 2 github.com/authzed/spicedb 2 org.jenkins-ci.plugins:azure-ad 2 next-auth 2 org.jenkins-ci.plugins:bigpanda-jenkins 2 github.com/cometbft/cometbft 2 org.jenkins-ci.plugins:wso2id-oauth 2 activesupport 2 org.jenkins-ci.plugins:artifactory 2 github.com/mattermost/mattermost-plugin-jira 2 horizon 2 vantage6 2 s2n-quic 2 cargo 2 org.jenkins-ci.plugins:mercurial 2 org.jenkins-ci.plugins:repository-connector 2 Zope 2 go.etcd.io/etcd/client/v3 2 github.com/mutagen-io/mutagen 2 typo3/cms-install 2 aiohttp 2 grumpydictator/firefly-iii 2 moin 2 github.com/answerdev/answer 2 com.inedo.proget:inedo-proget 2 github.com/sigstore/cosign 2 org.jenkins-ci.plugins:ec2 2 github.com/containerd/containerd 2 Pillow 2 Django 2 node-ipc 2 salt 2 ceph-deploy 2 @apollo/server 2 tools.devnull:build-notifications 2 @openzeppelin/contracts 2 OctoPrint 2 flarum/core 2 parse-server 2 com.ruoyi:ruoyi 2 github.com/ntbosscher/gobase 2 langchain 2 Nova 2 github.com/hashicorp/nomad 2 gilacms/gila 2 october/cms 2 Flask-AppBuilder 2 ezsystems/ezplatform-kernel 2 keystone 2 ezsystems/ezpublish-kernel 2 microweber/microweber 2 typo3/cms-frontend 2 org.xwiki.platform:xwiki-platform-oldcore 2 pip 2 tuf 2 org.bouncycastle:bcprov-jdk14 2 symfony/security-http 2 org.eclipse.jetty:jetty-server 2 kafo 1 go.elastic.co/apm 1 Werkzeug 1 mindspore 1 github.com/nats-io/nats-server/v2 1 wiremock 1 com.github.tomakehurst:wiremock-jre8-standalone 1 com.github.tomakehurst:wiremock-jre8 1 org.wiremock:wiremock 1 org.wiremock:wiremock-standalone 1 django-basic-auth-ip-whitelist 1 qutebrowser 1 rabbit_common 1 automad/automad 1 github.com/Masterminds/goutils 1 @liquity/contracts 1 org.bouncycastle:bcprov-jdk18on 1 org.scala-sbt:io_3 1 org.scala-sbt:io_2.13 1 org.bouncycastle:bcprov-jdk15to18 1 org.scala-sbt:io_2.12 1 org.bouncycastle:bcprov-jdk13 1 org.scala-sbt:sbt 1 org.bouncycastle:bcprov-jdk12 1 io.jenkins.plugins:gitlab-branch-source 1 org.springframework.batch:spring-batch-core 1 org.jenkins-ci.plugins:ghprb 1 com.xuxueli:xxl-job-core 1 org.keycloak:keycloak-core 1 org.jenkins-ci.plugins:openshift-deployer 1 @diez/generation 1 virtualenv 1 com.typesafe.play:play 1 nokogiri 1 ember-source 1 github.com/oauth2-proxy/oauth2-proxy 1 @aedart/support 1 streamlit 1 github.com/oauth2-proxy/oauth2-proxy/v7 1 org.jenkins-ci.plugins:reverse-proxy-auth-plugin 1 thelounge 1 org.xmlunit:xmlunit-core 1 org.keycloak:keycloak-parent 1 merge-objects 1 bigint-money 1 put 1 firebase-tools 1 debug 1 solidus_backend 1 phpmyfaq/phpmyfaq 1 apostrophe 1 admidio/admidio 1 org.eclipse.jetty:jetty-openid 1 spina 1 org.keycloak:keycloak-server-spi-private 1 datasette-graphql 1 plone.restapi 1 github.com/flyteorg/flyteadmin 1 markdown-link-extractor 1 type-graphql 1 github.com/containers/podman/v4 1 xmpp-http-upload 1 tqdm 1 github.com/slsa-framework/slsa-verifier/v2 1 personnummer 1 github.com/slsa-framework/slsa-verifier 1 org.jenkins-ci.plugins:telegrambot 1 vodozemac 1 flarum/framework 1 net.sf.mpxj:mpxj 1 net.sf.mpxj 1 net.sf.mpxj-for-csharp 1 hyper 1 org.xwiki.platform:xwiki-platform-security-authentication-script 1 net.sf.mpxj-for-vb 1 mpxj 1
Filter by Repository
https://github.com/tensorflow/tensorflow 109 https://github.com/moodle/moodle 17 https://github.com/concretecms/concretecms 13 https://github.com/shopware/platform 12 https://github.com/openstack/nova 11 https://github.com/etcd-io/etcd 8 https://github.com/umbraco/Umbraco-CMS 7 https://github.com/matrix-org/synapse 7 https://github.com/phpmyadmin/phpmyadmin 7 https://github.com/eclipse/jetty.project 7 https://github.com/vyperlang/vyper 7 https://github.com/octobercms/october 7 https://github.com/rails/rails 6 https://github.com/sweetalert2/sweetalert2 5 https://github.com/nodejs/undici 5 https://github.com/rack/rack 5 https://github.com/ansible/ansible 5 https://github.com/helm/helm 5 https://github.com/kubernetes/kubernetes 5 https://github.com/keycloak/keycloak 5 https://github.com/bytecodealliance/wasmtime 5 https://github.com/baserproject/basercms 5 https://github.com/TYPO3/typo3 5 https://github.com/xwiki/xwiki-platform 5 https://github.com/puppetlabs/puppet 5 https://github.com/jenkinsci/jenkins 5 https://github.com/simplesamlphp/simplesamlphp 4 https://github.com/apache/tomcat 4 https://github.com/cilium/cilium 4 https://github.com/wintercms/winter 4 https://github.com/electron/electron 4 https://github.com/shopware/shopware 4 https://github.com/mattermost/mattermost 4 https://github.com/vaadin/platform 4 https://github.com/wagtail/wagtail 3 https://github.com/nautobot/nautobot 3 https://github.com/Graylog2/graylog2-server 3 https://github.com/django/django 3 https://github.com/digitalbazaar/forge 3 https://github.com/phusion/passenger 3 https://github.com/vaadin/flow 3 https://github.com/vantage6/vantage6 3 https://github.com/symfony/symfony 3 https://github.com/httplib2/httplib2 3 https://github.com/nervosnetwork/ckb 3 https://github.com/cosmos/cosmos-sdk 3 https://github.com/pyca/cryptography 3 https://github.com/ethyca/fides 3 https://github.com/Sylius/Sylius 3 https://github.com/CVEProject/cvelist 3 https://github.com/openstack/keystone 3 https://github.com/answerdev/answer 2 https://github.com/saltstack/salt 2 https://github.com/openstack/glance 2 https://github.com/aio-libs/aiohttp 2 https://github.com/aws/s2n-quic 2 https://github.com/ezsystems/ezplatform-kernel 2 https://github.com/ntbosscher/gobase 2 https://github.com/microweber/microweber 2 https://github.com/zopefoundation/Zope 2 https://github.com/quarkusio/quarkus 2 https://github.com/cometbft/cometbft 2 https://github.com/containerd/containerd 2 https://github.com/RIAEvangelist/node-ipc 2 https://github.com/Flask-Middleware/flask-security 2 https://github.com/TYPO3/TYPO3.CMS 2 https://github.com/bcgit/bc-java 2 https://github.com/hashicorp/nomad 2 https://github.com/OpenZeppelin/openzeppelin-contracts 2 https://github.com/nats-io/nats-server 2 https://github.com/jenkinsci/ec2-plugin 2 https://github.com/nextauthjs/next-auth 2 https://github.com/ceph/ceph-deploy 2 https://github.com/apollographql/apollo-server 2 https://github.com/apache/activemq 2 https://gitlab.com/sequoia-pgp/sequoia 2 https://github.com/GilaCMS/gila 2 https://github.com/opencontainers/runc 2 https://github.com/mutagen-io/mutagen 2 https://github.com/theupdateframework/python-tuf 2 https://github.com/parse-community/parse-server 2 https://github.com/openstack/horizon 2 https://github.com/octoprint/octoprint 2 https://github.com/dpgaspar/Flask-AppBuilder 2 https://github.com/opencontainers/distribution-spec 2 https://github.com/firefly-iii/firefly-iii 2 https://github.com/pypa/pip 2 https://github.com/sigstore/cosign 2 https://github.com/flarum/framework 2 https://github.com/rust-lang/cargo 2 https://github.com/authzed/spicedb 2 https://github.com/mattermost/mattermost-plugin-jira 2 https://github.com/micromatch/braces 2 https://github.com/craftcms/cms 2 https://github.com/tinymce/tinymce 1 https://github.com/ezsystems/ezpublish-kernel 1 https://github.com/NVIDIA/NeMo 1 https://github.com/vapor/postgres-nio 1 https://github.com/vega/vega 1 https://github.com/jquery-validation/jquery-validation 1 https://github.com/keylime/keylime 1 https://github.com/Azure/setup-kubectl 1 https://github.com/spinacms/spina 1 https://github.com/decidim/decidim 1 https://github.com/swagger-api/swagger-codegen 1 https://github.com/knative-extensions/eventing-github 1 https://github.com/simplegeo/python-oauth2 1 https://github.com/personnummer/csharp 1 https://github.com/Consensys/gnark-crypto 1 https://github.com/http4s/http4s 1 https://github.com/admidio/admidio 1 https://github.com/httpie/httpie 1 https://github.com/waysact/webpack-subresource-integrity 1 https://github.com/keystonejs/keystone 1 https://github.com/spring-projects/spring-data-rest 1 https://github.com/Twipped/ircdkit 1 https://github.com/directus/directus 1 https://github.com/cloudfoundry/uaa 1 https://github.com/plone/Products.CMFPlone 1 https://github.com/jenkinsci/mercurial-plugin 1 https://github.com/canonical/lxd 1 https://github.com/yiisoft/yii2-authclient 1 https://github.com/skylot/jadx 1 https://github.com/Masterminds/goutils 1 https://github.com/google/zerocopy 1 https://github.com/dojo/dijit 1 https://github.com/jeremylong/DependencyCheck 1 https://github.com/tauri-apps/tauri 1 https://github.com/node-red/node-red 1 https://github.com/ubernostrum/django-registration 1 https://github.com/rails/globalid 1 https://github.com/moq/moq 1 https://github.com/personnummer/php 1 https://github.com/openjdk/jfx 1 https://github.com/livehelperchat/livehelperchat 1 https://github.com/CosmWasm/cosmwasm 1 https://github.com/endojs/endo 1 https://github.com/cjvnjde/google-translate-api-browser 1 https://github.com/puma/puma 1 https://github.com/floriangaerber/Magnesium-PHP 1 https://github.com/zowe/imperative 1 https://github.com/derbyjs/derby 1 https://github.com/jenkinsci/digitalocean-plugin 1 https://github.com/croogo/croogo 1 https://github.com/theupdateframework/go-tuf 1 https://github.com/thelounge/thelounge 1 https://github.com/Cyber-Domain-Ontology/CDO-Utility-Local-UUID 1 https://github.com/joeferner/redis-commander 1 https://github.com/fastify/fastify-http-proxy 1 https://github.com/brefphp/bref 1 https://github.com/electron-userland/electron-packager 1 https://github.com/ktorio/ktor 1 https://github.com/PrestaShop/productcomments 1 https://github.com/mlflow/mlflow 1 https://github.com/kopia/kopia 1 https://github.com/jenkinsci/qmetry-for-jira-test-management-plugin 1 https://github.com/fluent/fluentd 1 https://github.com/python-imaging/Pillow 1 https://github.com/jenkinsci/email-ext-plugin 1 https://github.com/jcubic/jquery.terminal 1 https://github.com/medikoo/es5-ext 1 https://github.com/lexik/LexikJWTAuthenticationBundle 1 https://github.com/kitabisa/teler 1 https://github.com/jenkinsci/inedo-buildmaster-plugin 1 https://github.com/onionshare/onionshare 1 https://github.com/sparklemotion/sqlite3-ruby 1 https://github.com/memorysafety/sudo-rs 1 https://github.com/ericcornelissen/shescape 1 https://github.com/alphagov/tech-docs-gem 1 https://github.com/tailscale/tailscale 1 https://github.com/Nebulosus/shamir 1 https://github.com/ajenti/ajenti 1 https://github.com/xuxueli/xxl-job 1 https://github.com/yourls/yourls 1 https://github.com/bbatsov/rubocop 1 https://github.com/dan1hc/fgr 1 https://github.com/jenkinsci/github-plugin 1 https://github.com/kiwitcms/Kiwi 1 https://github.com/gradle/gradle 1 https://gitlab.com/edneville/please 1 https://github.com/xmlunit/xmlunit 1 https://github.com/octokit/octopoller.rb 1 https://github.com/disintegration/imaging 1 https://github.com/node-js-libs/cli 1 https://github.com/Brondahl/EnumStringValues 1 https://github.com/foxcpp/maddy 1 https://github.com/jenkinsci/git-client-plugin 1 https://github.com/personnummer/go 1 https://github.com/amundsen-io/amundsenfrontendlibrary 1 https://github.com/elastic/apm-agent-go 1 https://github.com/rust-vmm/linux-loader 1 https://github.com/jenkinsci/resource-disposer-plugin 1 https://github.com/zopefoundation/Products.GenericSetup 1 https://github.com/npm/npm 1 https://github.com/triaxtec/openapi-python-client 1 https://github.com/arguiot/EyeJS 1 https://github.com/dub-flow/vulnerability-research 1 https://github.com/jenkinsci/gitlab-plugin 1 https://github.com/impredicative/bitlyshortener 1