Browse Security Advisories
Security Advisories
Critical
about 6 years ago
Cross-site scripting in Swagger-UI
maven, npm
io.springfox:springfox-swagger-ui, org.webjars.npm:swagger-ui, org.webjars:swagger-ui, swagger-ui
High
over 3 years ago
protobuf susceptible to buffer overflow
pypi, packagist, nuget
protobuf, google/protobuf, Google.Protobuf
Moderate
over 1 year ago
Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability
nuget, maven, npm, pypi
Azure.Identity, com.azure:azure-identity, @azure/identity, azure-identity
High
about 1 year ago
protobuf-java has potential Denial of Service issue
rubygems, maven
google-protobuf, com.google.protobuf:protobuf-kotlin-lite, com.google.protobuf:protobuf-kotlin, com.google.protobuf:protobuf-javalite, com.google.protobuf:protobuf-java
Critical
over 3 years ago
JGit Improper Input Validation vulnerability
pypi, maven
mercurial, org.eclipse.jgit:org.eclipse.jgit
Critical
5 months ago
form-data uses unsafe random function in form-data for choosing boundary
npm
form-data
High
3 months ago
simple-swizzle@0.2.3 contains malware after npm account takeover
npm
simple-swizzle
High
over 1 year ago
body-parser vulnerable to denial of service when url encoding is enabled
npm
body-parser
Critical
6 months ago
pbkdf2 returns predictable uninitialized/zero-filled memory for non-normalized or unimplemented algos
npm
pbkdf2
Critical
4 months ago
sha.js is missing type checks leading to hash rewind and passing on crafted data
npm
sha.js
Critical
4 months ago
cipher-base is missing type checks, leading to hash rewind and passing on crafted data
npm
cipher-base
Critical
10 months ago
Elliptic's private key extraction in ECDSA upon signing a malformed input (e.g. a string)
npm
elliptic
Critical
almost 7 years ago
Exposure of Sensitive Information to an Unauthorized Actor in urllib3
pypi
urllib3
Critical
4 months ago
Active Storage allowed transformation methods that were potentially unsafe
rubygems
activestorage
High
about 1 year ago
DOM Clobbering Gadget found in rollup bundled scripts that leads to XSS
npm
rollup
High
about 1 year ago
Symfony vulnerable to command execution hijack on Windows with Process class
packagist
symfony/symfony, symfony/process
High
about 4 years ago
Policies not properly enforced in bluemonday
go, pypi
github.com/microcosm-cc/bluemonday, pybluemonday
High
over 4 years ago
Catastrophic backtracking in URL authority parser when passed URL containing many @ characters
pypi
urllib3
High
3 months ago
tar-fs has a symlink validation bypass if destination directory is predictable with a specific tarball
npm
tar-fs
High
over 3 years ago
Vite before v2.9.13 vulnerable to directory traversal via crafted URL to victim's service
npm
vite
High
over 7 years ago
Gunicorn contains Improper Neutralization of CRLF sequences in HTTP headers
pypi
gunicorn
Critical
over 2 years ago
Django bypasses validation when using one form field to upload multiple files
pypi
Django
Critical
over 3 years ago
Django `Trunc()` and `Extract()` database functions vulnerable to SQL Injection
pypi
Django
Critical
over 3 years ago
Django user with hardcoded password created when running tests on Oracle
pypi
Django
High
about 1 year ago
Apache Commons IO: Possible denial of service attack on untrusted input to XmlStreamReader
maven
commons-io:commons-io
Critical
8 months ago
PyTorch: `torch.load` with `weights_only=True` leads to remote code execution
pypi
torch
High
over 4 years ago
StripComments filter contains a regular expression that is vulnerable to ReDOS (Regular Expression Denial of Service)
pypi
sqlparse
High
almost 5 years ago
PyCA Cryptography symmetrically encrypting large values can lead to integer overflow
pypi
cryptography
High
8 months ago
Homograph attack allows Unicode lookalike characters to bypass validation.
npm
base-x
Critical
about 1 year ago
Spring Security vulnerable to Authorization Bypass of Static Resources in WebFlux Applications
maven
org.springframework.security:spring-security-web
Critical
over 1 year ago
Nuxt vulnerable to remote code execution via the browser when running the test locally
npm
nuxt
High
almost 2 years ago
Python Cryptography package vulnerable to Bleichenbacher timing oracle attack
pypi
cryptography
Critical
about 5 years ago
Out of bounds write in tensorflow-lite
pypi
tensorflow-gpu, tensorflow-cpu, tensorflow
Critical
about 5 years ago
Out of bounds access in tensorflow-lite
pypi
tensorflow-gpu, tensorflow-cpu, tensorflow
High
about 3 years ago
Uncontrolled Resource Consumption in FasterXML jackson-databind
maven
com.fasterxml.jackson.core:jackson-databind
High
over 6 years ago
Pallets Project Flask is vulnerable to Denial of Service via Unexpected memory usage
pypi
flask
High
over 7 years ago
Flask is vulnerable to Denial of Service via incorrect encoding of JSON data
pypi
flask
Filter by Severity
Filter by Ecosystem
maven
6,981
packagist
5,505
pypi
4,968
npm
4,485
go
3,097
nuget
1,668
cargo
1,106
rubygems
902
hex
40
actions
39
swift
34
pub
10
Filter by Package
tensorflow
433
moodle/moodle
425
tensorflow-cpu
412
tensorflow-gpu
403
magento/community-edition
359
Microsoft.ChakraCore
247
org.jenkins-ci.main:jenkins-core
246
typo3/cms
168
com.liferay.portal:release.portal.bom
151
github.com/mattermost/mattermost/server/v8
145
org.apache.tomcat:tomcat
140
com.liferay.portal:release.dxp.bom
123
pimcore/pimcore
120
magento/project-community-edition
118
dolibarr/dolibarr
117
typo3/cms-core
107
phpmyadmin/phpmyadmin
107
microweber/microweber
103
drupal/core
103
github.com/mattermost/mattermost-server
96
Django
91
silverstripe/framework
90
librenms/librenms
89
apache-airflow
89
thorsten/phpmyfaq
75
github.com/usememos/memos
74
drupal/drupal
71
com.fasterxml.jackson.core:jackson-databind
69
concrete5/concrete5
67
salt
65
ansible
65
shopware/platform
62
apache-superset
61
symfony/symfony
61
org.apache.struts:struts2-core
58
actionpack
58
github.com/grafana/grafana
57
mlflow
55
Plone
54
craftcms/cms
53
shopware/core
52
github.com/hashicorp/vault
51
getgrav/grav
50
github.com/rancher/rancher
50
org.keycloak:keycloak-core
50
mautic/core
49
django
48
nova
48
baserproject/basercms
47
org.keycloak:keycloak-services
46
mantisbt/mantisbt
45
nokogiri
45
gradio
44
vyper
44
matrix-synapse
43
org.elasticsearch:elasticsearch
43
directus
43
org.xwiki.platform:xwiki-platform-oldcore
43
nilsteampassnet/teampass
42
rdiffweb
42
snipe/snipe-it
41
showdoc/showdoc
41
plone
41
k8s.io/kubernetes
41
intelliants/subrion
40
froxlor/froxlor
40
org.apache.tomcat.embed:tomcat-embed-core
40
picklescan
39
net.mingsoft:ms-mcms
38
github.com/mattermost/mattermost-server/v6
37
com.thoughtworks.xstream:xstream
37
com.jfinal:jfinal
36
github.com/argoproj/argo-cd/v2
36
io.undertow:undertow-core
35
parse-server
35
moin
35
rack
35
github.com/answerdev/answer
34
org.jenkins-ci.plugins:script-security
33
flowise
33
gogs.io/gogs
33
keystone
32
next
32
shopware/shopware
32
github.com/cilium/cilium
32
vllm
32
zendframework/zendframework1
32
github.com/hashicorp/consul
31
github.com/hashicorp/nomad
31
opencv-python
31
contao/core-bundle
31
opencv-contrib-python
31
github.com/argoproj/argo-cd
30
open-webui
29
github.com/docker/docker
29
mediawiki/core
28
electron
28
Pillow
28
pillow
28
org.apache.solr:solr-core
27
prestashop/prestashop
27
org.springframework.security:spring-security-core
27
centreon/centreon
27
org.opencms:opencms-core
27
DotNetNuke.Core
27
org.eclipse.jetty:jetty-server
25
org.apache.tomcat:tomcat-catalina
25
pocketmine/pocketmine-mp
25
github.com/zitadel/zitadel
25
openssl-src
25
getkirby/cms
25
github.com/traefik/traefik/v2
25
rubygems-update
25
magento/core
24
pyload-ng
24
org.keycloak:keycloak-parent
24
surrealdb
24
laravel/framework
23
simplesamlphp/simplesamlphp
23
puppet
23
grumpydictator/firefly-iii
23
remdex/livehelperchat
23
wasmtime
22
org.apache.openmeetings:openmeetings-parent
22
tribalsystems/zenario
22
phpoffice/phpspreadsheet
22
zendframework/zendframework
22
activerecord
22
deno
22
ckb
22
github.com/goharbor/harbor
21
org.apache.nifi:nifi
21
github.com/ethereum/go-ethereum
21
@openzeppelin/contracts
21
org.xwiki.platform:xwiki-platform-web-templates
21
@openzeppelin/contracts-upgradeable
21
glance
21
helm.sh/helm/v3
20
typo3/cms-backend
20
code.gitea.io/gitea
20
funadmin/funadmin
20
ethyca-fides
20
org.cloudfoundry.identity:cloudfoundry-identity-server
20
aim
20
cockpit-hq/cockpit
20
topthink/framework
19
org.bouncycastle:bcprov-jdk14
19
transformers
19
langchain
19
contao/contao
19
Microsoft.AspNetCore.App.Runtime.win-x64
19
neutron
19
github.com/traefik/traefik/v3
19
Microsoft.AspNetCore.App.Runtime.win-x86
18
com.liferay.portal:com.liferay.portal.impl
18
calibreweb
18
Microsoft.AspNetCore.App.Runtime.win-arm
18
github.com/openfga/openfga
18
org.springframework:spring-core
18
openmage/magento-lts
18
golang.org/x/net
18
mercurial
18
forkcms/forkcms
18
org.apache.jspwiki:jspwiki-main
18
com.vaadin:vaadin-bom
18
mindsdb
18
Microsoft.AspNetCore.App.Runtime.win-arm64
18
genix/cms
18
Microsoft.AspNetCore.App.Runtime.linux-arm
18
cobbler
18
francoisjacquet/rosariosis
17
opencart/opencart
17
OctoPrint
17
cryptography
17
github.com/1Panel-dev/1Panel
17
yetiforce/yetiforce-crm
17
org.apache.geode:geode-core
17
ezsystems/ezpublish-kernel
17
notebook
17
cakephp/cakephp
17
org.apache.inlong:manager-pojo
17
Microsoft.NetCore.App.Runtime.win-arm
17
github.com/containerd/containerd
17
PaddlePaddle
16
org.apache.ranger:ranger
16
paddlepaddle
16
tinymce
16
github.com/opencontainers/runc
16
Microsoft.AspNetCore.App.Runtime.linux-arm64
16
pgadmin4
16
Microsoft.AspNetCore.App.Runtime.linux-x64
16
lollms
16
org.apache.activemq:activemq-client
16
vite
16
Microsoft.AspNetCore.App.Runtime.osx-x64
16
Microsoft.NetCore.App.Runtime.win-arm64
16
sequelize
16
urllib3
16
org.apache.dubbo:dubbo
16
Microsoft.AspNetCore.App.Runtime.linux-musl-arm64
16
Filter by Repository
https://github.com/tensorflow/tensorflow
433
https://github.com/moodle/moodle
250
https://github.com/xwiki/xwiki-platform
222
https://github.com/chakra-core/ChakraCore
214
https://github.com/jenkinsci/jenkins
178
https://github.com/liferay/liferay-portal
170
https://github.com/django/django
121
https://github.com/apache/tomcat
118
https://github.com/pimcore/pimcore
116
https://github.com/apache/airflow
105
https://github.com/TYPO3/typo3
94
https://github.com/microweber/microweber
90
https://github.com/keycloak/keycloak
90
https://github.com/librenms/librenms
77
https://github.com/FasterXML/jackson-databind
70
https://github.com/rails/rails
70
https://github.com/thorsten/phpmyfaq
69
https://github.com/usememos/memos
68
https://github.com/silverstripe/silverstripe-framework
68
https://github.com/kubernetes/kubernetes
66
https://github.com/symfony/symfony
64
https://github.com/Dolibarr/dolibarr
60
https://github.com/ansible/ansible
59
https://github.com/mattermost/mattermost
59
https://github.com/python-pillow/Pillow
52
https://github.com/spring-projects/spring-framework
51
https://github.com/argoproj/argo-cd
50
https://github.com/grafana/grafana
47
https://github.com/apache/struts
47
https://github.com/rancher/rancher
46
https://github.com/mautic/mautic
46
https://github.com/phpmyadmin/phpmyadmin
45
https://github.com/concretecms/concretecms
44
https://github.com/vyperlang/vyper
44
https://github.com/shopware/platform
43
https://github.com/mantisbt/mantisbt
42
https://github.com/ikus060/rdiffweb
42
https://github.com/saltstack/salt
42
https://github.com/craftcms/cms
41
https://github.com/directus/directus
41
https://github.com/shopware/shopware
40
https://github.com/gradio-app/gradio
39
https://github.com/star7th/showdoc
39
https://github.com/mmaitre314/picklescan
39
https://github.com/magento/magento2
38
https://github.com/openstack/nova
38
https://github.com/dotnet/runtime
38
https://github.com/x-stream/xstream
37
https://github.com/plone/Products.CMFPlone
37
https://github.com/mlflow/mlflow
36
https://github.com/octobercms/october
36
https://github.com/umbraco/Umbraco-CMS
35
https://github.com/sparklemotion/nokogiri
35
https://github.com/apache/activemq
34
https://github.com/parse-community/parse-server
34
https://github.com/answerdev/answer
34
https://github.com/matrix-org/synapse
32
https://github.com/opencv/opencv
32
https://github.com/go-gitea/gitea
32
https://github.com/apache/inlong
31
https://github.com/PaddlePaddle/Paddle
31
https://github.com/cilium/cilium
31
https://github.com/snipe/snipe-it
30
https://github.com/contao/contao
30
https://github.com/rack/rack
29
https://github.com/strapi/strapi
29
https://github.com/FlowiseAI/Flowise
28
https://github.com/gogs/gogs
28
https://github.com/CVEProject/cvelist
28
https://github.com/openstack/keystone
28
https://github.com/electron/electron
28
https://github.com/netty/netty
27
https://github.com/zitadel/zitadel
26
https://github.com/github/advisory-database
26
https://github.com/geoserver/geoserver
26
https://github.com/froxlor/froxlor
26
https://github.com/apache/nifi
26
https://github.com/baserproject/basercms
26
https://github.com/bcgit/bc-java
25
https://github.com/traefik/traefik
25
https://github.com/vllm-project/vllm
25
https://github.com/langchain-ai/langchain
25
https://github.com/vercel/next.js
25
https://github.com/pmmp/PocketMine-MP
25
https://github.com/surrealdb/surrealdb
25
https://github.com/denoland/deno
25
https://github.com/pyload/pyload
24
https://github.com/hashicorp/consul
24
https://github.com/run-llama/llama_index
24
https://github.com/apache/cxf
24
https://github.com/getgrav/grav
24
https://github.com/eclipse/jetty.project
23
https://github.com/dnnsoftware/Dnn.Platform
23
https://github.com/moby/moby
23
https://github.com/nilsteampassnet/TeamPass
23
https://github.com/firefly-iii/firefly-iii
23
https://github.com/PrestaShop/PrestaShop
23
https://github.com/TYPO3/TYPO3.CMS
23
https://github.com/bytecodealliance/wasmtime
23
https://github.com/livehelperchat/livehelperchat
23
https://github.com/PHPOffice/PhpSpreadsheet
22
https://github.com/helm/helm
22
https://github.com/jenkinsci/script-security-plugin
22
https://github.com/nervosnetwork/ckb
22
https://github.com/getkirby/kirby
22
https://github.com/laravel/framework
21
https://github.com/hashicorp/vault
21
https://github.com/goharbor/harbor
21
https://github.com/OpenZeppelin/openzeppelin-contracts
21
https://github.com/undertow-io/undertow
21
https://github.com/jeecgboot/jeecg-boot
20
https://github.com/OpenNMS/opennms
20
https://github.com/simplesamlphp/simplesamlphp
20
https://github.com/ethyca/fides
20
https://github.com/opencast/opencast
20
https://github.com/funadmin/funadmin
20
https://github.com/containerd/containerd
19
https://github.com/alkacon/opencms-core
19
https://github.com/intelliants/subrion
19
https://github.com/huggingface/transformers
19
https://github.com/cloudfoundry/uaa
19
https://github.com/TYPO3-CMS/core
19
https://github.com/backstage/backstage
19
https://github.com/nilsteampassnet/teampass
19
https://github.com/rubygems/rubygems
18
https://github.com/OpenMage/magento-lts
18
https://github.com/vaadin/platform
18
https://github.com/opencontainers/runc
18
https://github.com/apache/camel
18
https://github.com/mindsdb/mindsdb
17
https://github.com/apache/kylin
17
https://github.com/ethereum/go-ethereum
17
https://github.com/vantage6/vantage6
17
https://github.com/liufee/cms
17
https://github.com/openfga/openfga
17
https://github.com/dotnet/aspnetcore
16
https://github.com/hashicorp/nomad
16
https://github.com/sequelize/sequelize
16
https://github.com/etcd-io/etcd
16
https://github.com/pyca/cryptography
16
https://github.com/yetiforcecompany/yetiforcecrm
16
https://github.com/forkcms/forkcms
16
https://github.com/vitejs/vite
16
https://github.com/quarkusio/quarkus
16
https://github.com/rusqlite/rusqlite
16
https://github.com/tinymce/tinymce
16
https://github.com/OPCFoundation/UA-.NETStandard
15
https://github.com/xuxueli/xxl-job
15
https://github.com/drupal/core
15
https://github.com/PHPMailer/PHPMailer
15
https://github.com/spring-projects/spring-security
15
https://github.com/cobbler/cobbler
15
https://github.com/MobSF/Mobile-Security-Framework-MobSF
15
https://github.com/dompdf/dompdf
15
https://github.com/centreon/centreon
15
https://github.com/ckeditor/ckeditor4
15
https://github.com/containers/podman
15
https://github.com/zendframework/zendframework
15
https://github.com/aio-libs/aiohttp
15
https://github.com/decidim/decidim
15
https://github.com/puppetlabs/puppet
15
https://github.com/nodejs/undici
15
https://github.com/thorsten/phpMyFAQ
15
https://github.com/cosmos/cosmos-sdk
14
https://github.com/TryGhost/Ghost
14
https://github.com/urllib3/urllib3
14
https://github.com/dpgaspar/Flask-AppBuilder
14
https://github.com/Graylog2/graylog2-server
14
https://github.com/pimcore/admin-ui-classic-bundle
14
https://github.com/apache/zeppelin
14
https://github.com/apache/superset
14
https://github.com/rails/rails-html-sanitizer
14
https://github.com/ming-soft/MCMS
14
https://github.com/pgadmin-org/pgadmin4
14
https://github.com/ImageMagick/ImageMagick
14
https://github.com/publify/publify
14
https://github.com/cockpit-hq/cockpit
14
https://github.com/golang/go
14
https://github.com/janeczku/calibre-web
14
https://github.com/twisted/twisted
14
https://github.com/dromara/hutool
13
https://github.com/apache/dolphinscheduler
13
https://github.com/modoboa/modoboa
13
https://github.com/zenml-io/zenml
13
https://github.com/swagger-api/swagger-ui
13
https://github.com/laurent22/joplin
13
https://github.com/OctoPrint/OctoPrint
13
https://github.com/1Panel-dev/1Panel
13
https://github.com/OpenRefine/OpenRefine
13
https://github.com/openbao/openbao
13
https://github.com/h2oai/h2o-3
13
https://github.com/NodeBB/NodeBB
12
https://github.com/nats-io/nats-server
12
https://github.com/codeigniter4/CodeIgniter4
12
https://github.com/wagtail/wagtail
12
https://github.com/nautobot/nautobot
12
https://github.com/yiisoft/yii2
12
https://github.com/centreon/centreon-archived
12
https://github.com/DSpace/DSpace
12