Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories

Loading...
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTg2ODctdnY5ai1oZ3Bo
Improper Input Validation in Automattic Mongoose
Ecosystems: npm
Packages: mongoose
Source: GitHub Advisory Database
Blast Radius: 53.9
Published: over 4 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTlteGYtZzN4Ni13djc0
Server-Side Request Forgery (SSRF) in jackson-databind
Ecosystems: maven
Packages: com.fasterxml.jackson.core:jackson-databind
Source: GitHub Advisory Database
Blast Radius: 53.9
Published: over 5 years ago
Critical
GSA_kwCzR0hTQS04bW1tLTl2MnEteDNmOc4AAvPk
tschaub gh-pages vulnerable to prototype pollution
Ecosystems: npm
Packages: gh-pages
Source: GitHub Advisory Database
Blast Radius: 53.7
Published: over 1 year ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW1oNmYtOGoyeC00NDgz
Critical severity vulnerability that affects event-stream and flatmap-stream
Ecosystems: npm
Packages: flatmap-stream, event-stream
Source: GitHub Advisory Database
Blast Radius: 53.7
Published: over 5 years ago
Critical
GSA_kwCzR0hTQS05N20zLXcyY3AtNHh4Ns0zNw
Embedded Malicious Code in node-ipc
Ecosystems: npm
Packages: node-ipc
Source: GitHub Advisory Database
Blast Radius: 53.6
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS13NzQ5LXAzdjYtaGNjcc0wwQ
Possible code injection vulnerability in Rails / Active Storage
Ecosystems: rubygems
Packages: activestorage
Source: GitHub Advisory Database
Blast Radius: 53.5
Published: about 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXFnZnItNWhxcC12cnc5
Path Traversal in decompress
Ecosystems: npm
Packages: decompress
Source: GitHub Advisory Database
Blast Radius: 53.4
Published: over 3 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTR2bW0tbWhjcS00eDlq
Sandbox Bypass Leading to Arbitrary Code Execution in constantinople
Ecosystems: npm
Packages: constantinople
Source: GitHub Advisory Database
Blast Radius: 53.3
Published: almost 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTNqZnEtZzQ1OC03cW05
Arbitrary File Creation/Overwrite due to insufficient absolute path sanitization
Ecosystems: npm
Packages: tar
Source: GitHub Advisory Database
Blast Radius: 53.3
Published: almost 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXI2MjgtbWhtaC1xamh3
Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning
Ecosystems: npm
Packages: tar
Source: GitHub Advisory Database
Blast Radius: 53.3
Published: almost 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTU5NTUtOXdwci0zN2po
Arbitrary File Creation/Overwrite on Windows via insufficient relative path sanitization
Ecosystems: npm
Packages: tar
Source: GitHub Advisory Database
Blast Radius: 53.3
Published: over 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTlyMnctMzk0di01M3Fj
Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning using symbolic links
Ecosystems: npm
Packages: tar
Source: GitHub Advisory Database
Blast Radius: 53.3
Published: over 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXFxODktaHEzZi0zOTNw
Arbitrary File Creation/Overwrite via insufficient symlink protection due to directory cache poisoning using symbolic links
Ecosystems: npm
Packages: tar
Source: GitHub Advisory Database
Blast Radius: 53.3
Published: over 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXdjOXYtbWo2My1tOWc1
Remote Code Execution in pg
Ecosystems: npm
Packages: pg
Source: GitHub Advisory Database
Blast Radius: 53.3
Published: almost 6 years ago
Critical
GSA_kwCzR0hTQS00NWh4LXdmaGotNDczeM0kjA
Arbitrary code execution in H2 Console
Ecosystems: maven
Packages: com.h2database:h2
Source: GitHub Advisory Database
Blast Radius: 53.2
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS1oMzc2LWoyNjItdmhxNs0g_w
RCE in H2 Console
Ecosystems: maven
Packages: com.h2database:h2
Source: GitHub Advisory Database
Blast Radius: 53.2
Published: over 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWc3OG0tMmNobS1yN3F2
Regular Expression Denial of Service in websocket-extensions (NPM package)
Ecosystems: npm
Packages: websocket-extensions
Source: GitHub Advisory Database
Blast Radius: 53.2
Published: almost 4 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXBmNm0tZnhwcS1mZzh2
Nokogiri implementation of libxslt lacks integer overflow checks
Ecosystems: rubygems
Packages: nokogiri
Source: GitHub Advisory Database
Blast Radius: 53.1
Published: almost 6 years ago
High
GSA_kwCzR0hTQS12NGY4LTI4NDctcndtN84AAoiI
Nokogiri Implements libxml2 version vulnerable to use-after-free
Ecosystems: rubygems
Packages: nokogiri
Source: GitHub Advisory Database
Blast Radius: 53.1
Published: almost 2 years ago
High
GSA_kwCzR0hTQS01OWdwLXFxbTctY3c0as4AApYf
Nokogiri has vulnerable dependencies on libxml2 and libxslt
Ecosystems: rubygems
Packages: nokogiri
Source: GitHub Advisory Database
Blast Radius: 53.1
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1yNThyLTc0Z3gtNnd4M84AAVTq
Nokogiri gem, via libxml, is affected by DoS vulnerabilities
Ecosystems: rubygems
Packages: nokogiri
Source: GitHub Advisory Database
Blast Radius: 53.1
Published: about 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXY4djgtNjg1OS1xeG00
Arbitrary shell command execution in logkitty
Ecosystems: npm
Packages: logkitty
Source: GitHub Advisory Database
Blast Radius: 52.9
Published: almost 4 years ago
Critical
GSA_kwCzR0hTQS1mNTk4LW1mcHYtZ21meM4AAxzf
Sequelize - Default support for “raw attributes” when using parentheses
Ecosystems: npm
Packages: sequelize, @sequelize/core
Source: GitHub Advisory Database
Blast Radius: 52.9
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS13cmg5LWNqdjMtMmhwd84AAxxu
Sequelize vulnerable to SQL Injection via replacements
Ecosystems: npm
Packages: sequelize
Source: GitHub Advisory Database
Blast Radius: 52.9
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS12cWZ4LWdqOTYtM3c5Nc4AAxyK
Unsafe fall-through in getWhereConditions
Ecosystems: npm
Packages: @sequelize/core, sequelize
Source: GitHub Advisory Database
Blast Radius: 52.9
Published: about 1 year ago
High
GSA_kwCzR0hTQS1wandtLXJ2aDItYzg3d80Wrw
Embedded malware in ua-parser-js
Ecosystems: npm
Packages: ua-parser-js
Source: GitHub Advisory Database
Blast Radius: 52.8
Published: over 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJmeDYtdnA5Zy1yaDd2
jackson-databind vulnerable to remote code execution due to incorrect deserialization and blocklist bypass
Ecosystems: maven
Packages: com.fasterxml.jackson.core:jackson-databind
Source: GitHub Advisory Database
Blast Radius: 52.8
Published: over 5 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXgydzUtNW0yZy03aDVt
XML External Entity Reference (XXE) in jackson-databind
Ecosystems: maven
Packages: com.fasterxml.jackson.core:jackson-databind
Source: GitHub Advisory Database
Blast Radius: 52.8
Published: over 5 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWdqbXctdmY5aC1nMjV2
jackson-databind polymorphic typing issue
Ecosystems: maven
Packages: com.fasterxml.jackson.core:jackson-databind
Source: GitHub Advisory Database
Blast Radius: 52.8
Published: over 4 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXA0M3gteGZqZi01amhy
jackson-databind mishandles the interaction between serialization gadgets and typing
Ecosystems: maven
Packages: com.fasterxml.jackson.core:jackson-databind
Source: GitHub Advisory Database
Blast Radius: 52.8
Published: about 4 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTVwMzQtNW02cC1wNThn
jackson-databind mishandles the interaction between serialization gadgets and typing
Ecosystems: maven
Packages: com.fasterxml.jackson.core:jackson-databind
Source: GitHub Advisory Database
Blast Radius: 52.8
Published: about 4 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWNnZ2otZnZ2My1jcXd2
FasterXML jackson-databind allows unauthenticated remote code execution
Ecosystems: maven
Packages: com.fasterxml.jackson.core:jackson-databind
Source: GitHub Advisory Database
Blast Radius: 52.8
Published: over 5 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW14N3AtNjY3OS04ZzNx
Polymorphic Typing in FasterXML jackson-databind
Ecosystems: maven
Packages: com.fasterxml.jackson.core:jackson-databind
Source: GitHub Advisory Database
Blast Radius: 52.8
Published: over 4 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXE5M2gtamM0OS03OGdn
jackson-databind mishandles the interaction between serialization gadgets and typing
Ecosystems: maven
Packages: com.fasterxml.jackson.core:jackson-databind
Source: GitHub Advisory Database
Blast Radius: 52.8
Published: about 4 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWYzajUtcm1tcC0zZmM1
Improper Input Validation in jackson-databind
Ecosystems: maven
Packages: com.fasterxml.jackson.core:jackson-databind
Source: GitHub Advisory Database
Blast Radius: 52.8
Published: almost 4 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTY0NXAtODhxaC13Mzk4
Arbitrary Code Execution in jackson-databind
Ecosystems: maven
Packages: com.fasterxml.jackson.core:jackson-databind
Source: GitHub Advisory Database
Blast Radius: 52.8
Published: over 5 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWg4MjItcjRyNS12OGpn
Polymorphic Typing issue in FasterXML jackson-databind
Ecosystems: maven
Packages: com.fasterxml.jackson.core:jackson-databind
Source: GitHub Advisory Database
Blast Radius: 52.8
Published: over 4 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXFyN2otaDZnZy1qbWdj
Deserialization of Untrusted Data in jackson-databind
Ecosystems: maven
Packages: com.fasterxml.jackson.core:jackson-databind
Source: GitHub Advisory Database
Blast Radius: 52.8
Published: almost 5 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXF4eHgtMnBwNy01aG14
jackson-databind is vulnerable to a deserialization flaw
Ecosystems: maven
Packages: com.fasterxml.jackson.core:jackson-databind
Source: GitHub Advisory Database
Blast Radius: 52.8
Published: over 5 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWd3dzctcDV3NC13cmZ2
Deserialization of Untrusted Data in jackson-databind
Ecosystems: maven
Packages: com.fasterxml.jackson.core:jackson-databind
Source: GitHub Advisory Database
Blast Radius: 52.8
Published: about 4 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWZtbWMtNzQycS1qZzc1
jackson-databind polymorphic typing issue
Ecosystems: maven
Packages: com.fasterxml.jackson.core:jackson-databind
Source: GitHub Advisory Database
Blast Radius: 52.8
Published: over 4 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTR3ODItcjMyOS0zcTY3
Deserialization of Untrusted Data in jackson-databind
Ecosystems: maven
Packages: com.fasterxml.jackson.core:jackson-databind
Source: GitHub Advisory Database
Blast Radius: 52.8
Published: about 4 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTRncTUtY2g1Ny1jMm1n
Arbitrary Code Execution in jackson-databind
Ecosystems: maven
Packages: com.fasterxml.jackson.core:jackson-databind
Source: GitHub Advisory Database
Blast Radius: 52.8
Published: over 5 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZmcHAtcmdqOS04cndj
Deserialization of untrusted data in FasterXML jackson-databind
Ecosystems: maven
Packages: com.fasterxml.jackson.core:jackson-databind
Source: GitHub Advisory Database
Blast Radius: 52.8
Published: almost 5 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWY5aHYtbWc1aC14Y3c5
Deserialization of Untrusted Data in jackson-databind due to polymorphic deserialization
Ecosystems: maven
Packages: com.fasterxml.jackson.core:jackson-databind
Source: GitHub Advisory Database
Blast Radius: 52.8
Published: over 5 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTg1Y3ctaGo2NS1xcXY5
Polymorphic Typing issue in FasterXML jackson-databind
Ecosystems: maven
Packages: com.fasterxml.jackson.core:jackson-databind
Source: GitHub Advisory Database
Blast Radius: 52.8
Published: over 4 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW14OXYtZ21oNC1tZ3F3
Deserialization of Untrusted Data in jackson-databind
Ecosystems: maven
Packages: com.fasterxml.jackson.core:jackson-databind
Source: GitHub Advisory Database
Blast Radius: 52.8
Published: over 5 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWg1OTItMzhjbS00Z2dw
jackson-databind vulnerable to deserialization flaw leading to unauthenticated remote code execution
Ecosystems: maven
Packages: com.fasterxml.jackson.core:jackson-databind
Source: GitHub Advisory Database
Blast Radius: 52.8
Published: over 5 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWM4aG0tN2hwcS03amhn
com.fasterxml.jackson.core:jackson-databind vulnerable to Deserialization of Untrusted Data
Ecosystems: maven
Packages: com.fasterxml.jackson.core:jackson-databind
Source: GitHub Advisory Database
Blast Radius: 52.8
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTNtcHItaHEzcC00OWg5
Prototype Pollution in mixin-deep
Ecosystems: npm
Packages: mixin-deep
Source: GitHub Advisory Database
Blast Radius: 52.7
Published: almost 6 years ago
Critical
GSA_kwCzR0hTQS02NWZnLTg0ZjYtM2pxM80kaQ
SQL Injection in Log4j 1.2.x
Ecosystems: maven
Packages: org.zenframework.z8.dependencies.commons:log4j-1.2.17, log4j:log4j
Source: GitHub Advisory Database
Blast Radius: 52.7
Published: over 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJxcmcteDIyOS0zdjhx
Deserialization of Untrusted Data in Log4j
Ecosystems: maven
Packages: org.zenframework.z8.dependencies.commons:log4j-1.2.17, log4j:log4j
Source: GitHub Advisory Database
Blast Radius: 52.7
Published: over 4 years ago
Critical
GSA_kwCzR0hTQS1mN3ZoLXF3cDMteDM3bc0kWQ
Deserialization of Untrusted Data in Apache Log4j
Ecosystems: maven
Packages: org.zenframework.z8.dependencies.commons:log4j-1.2.17, log4j:log4j
Source: GitHub Advisory Database
Blast Radius: 52.7
Published: over 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTlnOXctaG12ai01aDU3
Prototype Pollution in merge-deep
Ecosystems: npm
Packages: merge-deep
Source: GitHub Advisory Database
Blast Radius: 52.5
Published: almost 6 years ago
Critical
GSA_kwCzR0hTQS1qdmdtLXBmcXYtODg3eM4AATVs
Bundler allows attacker to inject arbitrary code via secondary Gem source
Ecosystems: rubygems
Packages: bundler
Source: GitHub Advisory Database
Blast Radius: 52.5
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS0yNHJwLXEzdzYtdmM1Ns4AA5cA
org.postgresql:postgresql vulnerable to SQL Injection via line comment generation
Ecosystems: maven
Packages: org.postgresql:postgresql
Source: GitHub Advisory Database
Blast Radius: 52.5
Published: 3 months ago
High
GSA_kwCzR0hTQS1ocTdwLWozNzctNnY2M84AAxDu
SQL Injection Vulnerability via ActiveRecord comments
Ecosystems: rubygems
Packages: activerecord
Source: GitHub Advisory Database
Blast Radius: 52.4
Published: over 1 year ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTQ4d3ctajRmYy00MzVw
Command injection in nodemailer
Ecosystems: npm
Packages: nodemailer
Source: GitHub Advisory Database
Blast Radius: 52.3
Published: about 3 years ago
Critical
GSA_kwCzR0hTQS0zMjdjLXF4M3YtaDY3M84AAmKw
Always-Incorrect Control Flow Implementation in Facebook Hermes
Ecosystems: npm
Packages: hermes-engine
Source: GitHub Advisory Database
Blast Radius: 52.3
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS03bWhjLXByZ3YtcjNxNM0j-w
Access of Resource Using Incompatible Type in Hermes
Ecosystems: npm
Packages: hermes-engine
Source: GitHub Advisory Database
Blast Radius: 52.3
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS1tcGg4LTY3ODctcjhod84AAo3T
Use After Free in Hermes
Ecosystems: npm
Packages: hermes-engine
Source: GitHub Advisory Database
Blast Radius: 52.3
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS1mNXgyLXh2OTMtNHAyM84AAl0M
Access of Resource Using Incompatible Type in Facebook Hermes
Ecosystems: npm
Packages: hermes-engine
Source: GitHub Advisory Database
Blast Radius: 52.3
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS1tNXY3LXByMzItbWp4Ms0Wbw
Critical severity vulnerability in Ignition
Ecosystems: packagist
Packages: facade/ignition
Source: GitHub Advisory Database
Blast Radius: 52.2
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS12aHJwLThxeDQtdnI2Y80XYA
Incorrect Access Control in Ignition
Ecosystems: packagist
Packages: facade/ignition
Source: GitHub Advisory Database
Blast Radius: 52.2
Published: over 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTRxd3AtN2M2Ny1qbWNj
Unauthenticated remote code execution in Ignition
Ecosystems: packagist
Packages: facade/ignition
Source: GitHub Advisory Database
Blast Radius: 52.2
Published: about 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTVwbTgtNDkyYy05MnA1
Prototype Pollution in chartkick
Ecosystems: npm, rubygems
Packages: chartkick
Source: GitHub Advisory Database
Blast Radius: 52.1
Published: over 4 years ago
Critical
GSA_kwCzR0hTQS03ZjN4LXg0cHItd3Foas4AAtA8
Server-Side Request Forgery in parse-url
Ecosystems: npm
Packages: parse-url
Source: GitHub Advisory Database
Blast Radius: 52.0
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1jZ3g2LWhwd3EtZmh2Nc4AAgZn
Integer Overflow or Wraparound in libxml2 affects Nokogiri
Ecosystems: rubygems
Packages: nokogiri
Source: GitHub Advisory Database
Blast Radius: 51.9
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1qdzlmLWhoNDktY3ZwOc4AAoiz
Nokogiri contains libxml Out-of-bounds Write vulnerability
Ecosystems: rubygems
Packages: nokogiri
Source: GitHub Advisory Database
Blast Radius: 51.9
Published: almost 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWo5eHAtOTJ2Yy01NTlq
SQL Injection in sequelize
Ecosystems: npm
Packages: sequelize
Source: GitHub Advisory Database
Blast Radius: 51.8
Published: over 4 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW05anctMjM3ci1ndmZ2
SQL Injection in sequelize
Ecosystems: npm
Packages: sequelize
Source: GitHub Advisory Database
Blast Radius: 51.8
Published: over 4 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTV2OWgtcTNnai1jMzJ4
SQL Injection via GeoJSON in sequelize
Ecosystems: npm
Packages: sequelize
Source: GitHub Advisory Database
Blast Radius: 51.8
Published: over 3 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTI1OTgtMmY1OS1ybWhx
SQL Injection in sequelize
Ecosystems: npm
Packages: sequelize
Source: GitHub Advisory Database
Blast Radius: 51.8
Published: over 4 years ago
High
GSA_kwCzR0hTQS00dzR2LTVoYzkteHJyMs4AA5Mb
angular vulnerable to super-linear runtime due to backtracking
Ecosystems: maven, npm
Packages: org.webjars.bower:angular, org.webjars.npm:angular, angular
Source: GitHub Advisory Database
Blast Radius: 51.8
Published: 3 months ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTVmOWgtOXBqdi12Nmo3
Directory traversal in Rack::Directory app bundled with Rack
Ecosystems: rubygems
Packages: rack
Source: GitHub Advisory Database
Blast Radius: 51.8
Published: almost 4 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXBwNTctbXFtaC00NGg3
Command Injection in macaddress
Ecosystems: npm
Packages: macaddress
Source: GitHub Advisory Database
Blast Radius: 51.7
Published: over 5 years ago
High
GSA_kwCzR0hTQS1jNDI5LTVwN3YtdmdqcM4AAvB6
hoek subject to prototype pollution via the clone function.
Ecosystems: npm
Packages: hoek, @hapi/hoek
Source: GitHub Advisory Database
Blast Radius: 51.1
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS1oOTl3LTlxNXItZ2pxOc028Q
Puma vulnerable to HTTP Request Smuggling
Ecosystems: rubygems
Packages: puma
Source: GitHub Advisory Database
Blast Radius: 51.0
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS1oY2o0LXhmNngtNjN3as4AAvUC
Grunt-karma vulnerable to prototype pollution
Ecosystems: npm
Packages: grunt-karma
Source: GitHub Advisory Database
Blast Radius: 51.0
Published: over 1 year ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWdqY3ctdjQ0Ny0ydzdx
Forgeable Public/Private Tokens in jws
Ecosystems: npm
Packages: jws
Source: GitHub Advisory Database
Blast Radius: 51.0
Published: over 3 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXA1aGctM3htMy1nY2pn
Spring Framework allows applications to expose STOMP over WebSocket endpoints
Ecosystems: maven
Packages: org.springframework:spring-core
Source: GitHub Advisory Database
Blast Radius: 50.9
Published: over 5 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTNybXYtMnBnNS14dnFq
Improperly Implemented Security Check for Standard in org.springframework:spring-core
Ecosystems: maven
Packages: org.springframework:spring-core
Source: GitHub Advisory Database
Blast Radius: 50.9
Published: over 5 years ago
Moderate
GSA_kwCzR0hTQS01ZzJoLTl4NXYtNWgzeM4AAw18
phoenix_html allows Cross-site Scripting in HEEx class attributes
Ecosystems: hex, npm
Packages: phoenix_html
Source: GitHub Advisory Database
Blast Radius: 50.9
Published: over 1 year ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZmdzQtaHI2OS1nM3J2
Prototype Pollution in property-expr
Ecosystems: npm
Packages: property-expr
Source: GitHub Advisory Database
Blast Radius: 50.9
Published: about 3 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZxcXYtdjltMi00OHAy
Bootstrap-sass contains code execution backdoor
Ecosystems: rubygems
Packages: bootstrap-sass
Source: GitHub Advisory Database
Blast Radius: 50.9
Published: about 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWNyM3gtN20zOS1jNmpx
Remote code execution via user-provided local names in ActionView
Ecosystems: rubygems
Packages: actionview
Source: GitHub Advisory Database
Blast Radius: 50.9
Published: almost 4 years ago
Critical
GSA_kwCzR0hTQS00d3JjLWY4cHEtZnBxcM4AAjLC
Pivotal Spring Framework contains unsafe Java deserialization methods
Ecosystems: maven
Packages: org.springframework:spring-web
Source: GitHub Advisory Database
Blast Radius: 50.8
Published: almost 2 years ago
High
GSA_kwCzR0hTQS00dnJ2LWNoOTYtNmg0Ms4AAS7X
Improper Privilege Management in MySQL Connectors Java
Ecosystems: maven
Packages: mysql:mysql-connector-java
Source: GitHub Advisory Database
Blast Radius: 50.6
Published: about 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZtZmctcmpqbS1yanJq
QOS.ch Logback vulnerable to Deserialization of Untrusted Data
Ecosystems: maven
Packages: ch.qos.logback:logback-core, ch.qos.logback:logback-classic
Source: GitHub Advisory Database
Blast Radius: 50.6
Published: almost 3 years ago
Critical
GSA_kwCzR0hTQS1wcXdoLTQ0amotcDVybc4AAQXh
Hostname verification in Apache HttpClient 4.3 was disabled by default
Ecosystems: maven
Packages: org.apache.httpcomponents:httpclient
Source: GitHub Advisory Database
Blast Radius: 50.5
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS1qanc1LXh4ajYtcGN2Nc4AAktO
scikit-learn Deserialization of Untrusted Data
Ecosystems: pypi
Packages: scikit-learn
Source: GitHub Advisory Database
Blast Radius: 50.5
Published: almost 2 years ago
High
GSA_kwCzR0hTQS03NGZqLTJqMmgtYzQycc0hVA
Exposure of sensitive information in follow-redirects
Ecosystems: npm
Packages: follow-redirects
Source: GitHub Advisory Database
Blast Radius: 50.4
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS1yN2NqLThoamcteDYyMs0XOw
DBAL 3 SQL Injection Security Vulnerability
Ecosystems: packagist
Packages: doctrine/dbal
Source: GitHub Advisory Database
Blast Radius: 50.4
Published: over 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTlxajktMzZqbS1wcnB2
Regular Expression Denial of Service in fresh
Ecosystems: npm
Packages: fresh
Source: GitHub Advisory Database
Blast Radius: 50.3
Published: almost 6 years ago
Critical
GSA_kwCzR0hTQS05NTdqLTU5YzItajY5Ms0WaA
Prototype pollution in getobject
Ecosystems: npm
Packages: getobject
Source: GitHub Advisory Database
Blast Radius: 50.2
Published: over 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWpwNHgtdzYzbS03d2dt
Prototype Pollution in hoek
Ecosystems: npm
Packages: hoek
Source: GitHub Advisory Database
Blast Radius: 50.1
Published: about 6 years ago
Critical
GSA_kwCzR0hTQS1mcHc3LWoyaGctNjl2Nc4AA66u
mysql2 Remote Code Execution (RCE) via the readCodeFor function
Ecosystems: npm
Packages: mysql2
Source: GitHub Advisory Database
Blast Radius: 50.0
Published: about 1 month ago
Critical
GSA_kwCzR0hTQS00cmNoLTJmaDgtOTR2d84AA7Pp
MySQL2 for Node Arbitrary Code Injection
Ecosystems: npm
Packages: mysql2
Source: GitHub Advisory Database
Blast Radius: 50.0
Published: 24 days ago
High
GSA_kwCzR0hTQS13MnBtLXI3OGgtNG03ds0dSA
OS Command Injection in Laravel Framework
Ecosystems: packagist
Packages: laravel/framework
Source: GitHub Advisory Database
Blast Radius: 50.0
Published: over 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTY3NTctanA4NC1neGZ4
Improper Input Validation in PyYAML
Ecosystems: pypi
Packages: pyyaml
Source: GitHub Advisory Database
Blast Radius: 49.9
Published: about 3 years ago
Statistics
Advisories: 18,752
Packages: 8,375
Repositories: 5,076
Ecosystems: 12
Filter by Severity
Moderate 8,149 High 6,447 Critical 2,848 Low 1,014
Filter by Ecosystem
maven 5,573 packagist 3,982 pypi 3,848 npm 3,558 go 1,934 nuget 1,421 rubygems 815 cargo 780 swift 31 hex 30 actions 16 pub 8
Filter by Package
tensorflow 432 tensorflow-cpu 387 tensorflow-gpu 384 moodle/moodle 323 Microsoft.ChakraCore 247 magento/community-edition 203 org.jenkins-ci.main:jenkins-core 189 org.apache.tomcat:tomcat 134 pimcore/pimcore 116 dolibarr/dolibarr 107 typo3/cms 102 phpmyadmin/phpmyadmin 92 microweber/microweber 91 drupal/core 90 django 80 apache-airflow 78 typo3/cms-core 77 drupal/drupal 75 thorsten/phpmyfaq 70 com.fasterxml.jackson.core:jackson-databind 69 ansible 63 github.com/usememos/memos 59 actionpack 57 org.apache.struts:struts2-core 55 librenms/librenms 54 symfony/symfony 53 salt 53 concrete5/concrete5 52 Plone 52 apache-superset 49 shopware/platform 48 org.keycloak:keycloak-core 47 com.liferay.portal:release.portal.bom 45 nova 45 github.com/grafana/grafana 44 baserproject/basercms 43 plone 43 nokogiri 43 rdiffweb 42 Pillow 41 showdoc/showdoc 40 intelliants/subrion 40 craftcms/cms 40 github.com/mattermost/mattermost/server/v8 38 vyper 38 github.com/mattermost/mattermost-server/v6 37 froxlor/froxlor 37 nilsteampassnet/teampass 37 shopware/core 36 com.thoughtworks.xstream:xstream 36 com.jfinal:jfinal 36 org.apache.tomcat.embed:tomcat-embed-core 36 net.mingsoft:ms-mcms 35 matrix-synapse 35 org.xwiki.platform:xwiki-platform-oldcore 34 github.com/answerdev/answer 34 moin 34 mlflow 33 snipe/snipe-it 32 org.jenkins-ci.plugins:script-security 32 silverstripe/framework 32 org.elasticsearch:elasticsearch 32 k8s.io/kubernetes 32 mautic/core 30 Django 30 opencv-contrib-python 30 opencv-python 30 keystone 30 parse-server 29 github.com/argoproj/argo-cd 29 getgrav/grav 29 github.com/rancher/rancher 28 github.com/hashicorp/vault 28 centreon/centreon 27 shopware/shopware 27 io.undertow:undertow-core 27 org.keycloak:keycloak-services 27 github.com/hashicorp/nomad 26 github.com/hashicorp/consul 26 openssl-src 26 electron 26 prestashop/prestashop 26 org.keycloak:keycloak-parent 25 rubygems-update 25 org.apache.solr:solr-core 25 magento/core 24 gogs.io/gogs 24 github.com/argoproj/argo-cd/v2 23 remdex/livehelperchat 23 org.springframework.security:spring-security-core 23 pocketmine/pocketmine-mp 23 puppet 23 org.eclipse.jetty:jetty-server 23 org.apache.nifi:nifi 22 getkirby/cms 22 grumpydictator/firefly-iii 22 ckb 22 rack 22 org.bouncycastle:bcprov-jdk14 22 activerecord 21 @openzeppelin/contracts-upgradeable 21 org.apache.openmeetings:openmeetings-parent 21 contao/core-bundle 21 github.com/ethereum/go-ethereum 20 org.cloudfoundry.identity:cloudfoundry-identity-server 20 github.com/docker/docker 20 tribalsystems/zenario 20 @openzeppelin/contracts 20 github.com/cilium/cilium 20 code.gitea.io/gitea 19 DotNetNuke.Core 19 org.springframework:spring-core 19 laravel/framework 19 com.liferay.portal:release.dxp.bom 18 glance 18 Microsoft.AspNetCore.App.Runtime.win-x64 18 Microsoft.AspNetCore.App.Runtime.win-x86 18 forkcms/forkcms 18 helm.sh/helm/v3 18 cockpit-hq/cockpit 18 contao/contao 18 directus 18 com.vaadin:vaadin-bom 18 simplesamlphp/simplesamlphp 18 langchain 18 genix/cms 17 ezsystems/ezpublish-kernel 17 PaddlePaddle 17 Microsoft.AspNetCore.App.Runtime.win-arm 17 org.apache.geode:geode-core 17 cakephp/cakephp 17 golang.org/x/net 17 org.xwiki.platform:xwiki-platform-web-templates 17 symfony/security 17 mercurial 17 cobbler 17 francoisjacquet/rosariosis 17 topthink/framework 17 mediawiki/core 17 Microsoft.AspNetCore.App.Runtime.linux-musl-x64 16 org.apache.activemq:activemq-client 16 Microsoft.AspNetCore.App.Runtime.linux-arm64 16 Microsoft.AspNetCore.App.Runtime.linux-x64 16 Microsoft.AspNetCore.App.Runtime.linux-arm 16 rusqlite 16 Microsoft.AspNetCore.App.Runtime.osx-x64 16 sequelize 16 yetiforce/yetiforce-crm 16 wasmtime 16 pillow 16 org.apache.dubbo:dubbo 16 org.bouncycastle:bcprov-jdk15 16 neutron 16 Microsoft.AspNetCore.App.Runtime.win-arm64 15 github.com/goharbor/harbor 15 openmage/magento-lts 15 paddlepaddle 15 cryptography 15 notebook 15 org.apache.struts.xwork:xwork-core 15 Microsoft.AspNetCore.App.Runtime.linux-musl-arm64 15 next 15 gradio 15 org.apache.jspwiki:jspwiki-main 15 swagger-ui 14 ghost 14 phpmailer/phpmailer 14 org.xwiki.platform:xwiki-platform-web 14 ec-cube/ec-cube 14 zendframework/zendframework1 14 activesupport 14 github.com/containerd/containerd 14 pyload-ng 14 tinymce 14 pyftpdlib 14 smarty/smarty 14 modoboa 14 org.apache.inlong:manager-pojo 14 typo3/cms-backend 14 symfony/security-http 14 publify_core 14 github.com/mattermost/mattermost-server 13 org.apache.cxf:cxf 13 github.com/nats-io/nats-server/v2 13 github.com/traefik/traefik/v2 13 elefant/cms 13 passenger 13 october/system 13 org.apache.hadoop:hadoop-main 13 joplin 13 impresscms/impresscms 13 OctoPrint 13 strapi 13 bolt/bolt 13 ckeditor4 13 lavalite/cms 13 codeigniter4/framework 13 github.com/opencontainers/runc 12 swift 12 Microsoft.NETCore.App.Runtime.win-arm64 12
Filter by Repository
https://github.com/tensorflow/tensorflow 432 https://github.com/chakra-core/ChakraCore 214 https://github.com/moodle/moodle 210 https://github.com/xwiki/xwiki-platform 172 https://github.com/jenkinsci/jenkins 148 https://github.com/pimcore/pimcore 111 https://github.com/apache/tomcat 96 https://github.com/django/django 94 https://github.com/apache/airflow 90 https://github.com/microweber/microweber 85 https://github.com/FasterXML/jackson-databind 70 https://github.com/thorsten/phpmyfaq 69 https://github.com/keycloak/keycloak 59 https://github.com/usememos/memos 59 https://github.com/Dolibarr/dolibarr 55 https://github.com/rails/rails 53 https://github.com/ansible/ansible 53 https://github.com/python-pillow/Pillow 52 https://github.com/kubernetes/kubernetes 49 https://github.com/symfony/symfony 47 https://github.com/apache/struts 46 https://github.com/TYPO3/typo3 46 https://github.com/librenms/librenms 46 https://github.com/shopware/platform 43 https://github.com/ikus060/rdiffweb 42 https://github.com/spring-projects/spring-framework 41 https://github.com/grafana/grafana 39 https://github.com/vyperlang/vyper 38 https://github.com/phpmyadmin/phpmyadmin 38 https://github.com/star7th/showdoc 38 https://github.com/plone/Products.CMFPlone 37 https://github.com/argoproj/argo-cd 37 https://github.com/openstack/nova 36 https://github.com/x-stream/xstream 36 https://github.com/concretecms/concretecms 34 https://github.com/answerdev/answer 34 https://github.com/apache/activemq 33 https://github.com/octobercms/october 33 https://github.com/saltstack/salt 32 https://github.com/matrix-org/synapse 32 https://github.com/sparklemotion/nokogiri 32 https://github.com/PaddlePaddle/Paddle 31 https://github.com/magento/magento2 31 https://github.com/go-gitea/gitea 31 https://github.com/parse-community/parse-server 29 https://github.com/craftcms/cms 29 https://github.com/mautic/mautic 28 https://github.com/opencv/opencv 28 https://github.com/snipe/snipe-it 28 https://github.com/CVEProject/cvelist 28 https://github.com/mlflow/mlflow 27 https://github.com/openstack/keystone 27 https://github.com/froxlor/froxlor 26 https://github.com/apache/inlong 26 https://github.com/rancher/rancher 25 https://github.com/electron/electron 25 https://github.com/dotnet/runtime 24 https://github.com/TYPO3/TYPO3.CMS 24 https://github.com/shopware/shopware 24 https://github.com/getgrav/grav 24 https://github.com/github/advisory-database 23 https://github.com/pmmp/PocketMine-MP 23 https://github.com/livehelperchat/livehelperchat 23 https://github.com/eclipse/jetty.project 23 https://github.com/PrestaShop/PrestaShop 22 https://github.com/nervosnetwork/ckb 22 https://github.com/baserproject/basercms 22 https://github.com/contao/contao 22 https://github.com/firefly-iii/firefly-iii 22 https://github.com/jenkinsci/script-security-plugin 21 https://github.com/apache/nifi 21 https://github.com/strapi/strapi 21 https://github.com/cilium/cilium 20 https://github.com/jeecgboot/jeecg-boot 20 https://github.com/gogs/gogs 20 https://github.com/netty/netty 20 https://github.com/OpenNMS/opennms 20 https://github.com/OpenZeppelin/openzeppelin-contracts 20 https://github.com/helm/helm 19 https://github.com/bcgit/bc-java 19 https://github.com/apache/cxf 19 https://github.com/nilsteampassnet/teampass 19 https://github.com/hashicorp/consul 19 https://github.com/cloudfoundry/uaa 19 https://github.com/intelliants/subrion 19 https://github.com/nilsteampassnet/TeamPass 18 https://github.com/getkirby/kirby 18 https://github.com/rubygems/rubygems 18 https://github.com/bytecodealliance/wasmtime 17 https://github.com/directus/directus 17 https://github.com/liufee/cms 17 https://github.com/vaadin/platform 17 https://github.com/rack/rack 17 https://github.com/etcd-io/etcd 16 https://github.com/opencast/opencast 16 https://github.com/rusqlite/rusqlite 16 https://github.com/yetiforcecompany/yetiforcecrm 16 https://github.com/sequelize/sequelize 16 https://github.com/forkcms/forkcms 16 https://github.com/hashicorp/vault 16 https://github.com/ethereum/go-ethereum 16 https://github.com/umbraco/Umbraco-CMS 16 https://github.com/laravel/framework 15 https://github.com/puppetlabs/puppet 15 https://github.com/geoserver/geoserver 15 https://github.com/OpenMage/magento-lts 15 https://github.com/centreon/centreon 15 https://github.com/goharbor/harbor 15 https://github.com/apache/camel 15 https://github.com/simplesamlphp/simplesamlphp 15 https://github.com/denoland/deno 15 https://github.com/moby/moby 14 https://github.com/vantage6/vantage6 14 https://github.com/containerd/containerd 14 https://github.com/langchain-ai/langchain 14 https://github.com/mattermost/mattermost 14 https://github.com/pyca/cryptography 14 https://github.com/tinymce/tinymce 14 https://github.com/PHPMailer/PHPMailer 14 https://github.com/gradio-app/gradio 14 https://github.com/cockpit-hq/cockpit 14 https://github.com/cobbler/cobbler 14 https://github.com/pyload/pyload 14 https://github.com/xuxueli/xxl-job 13 https://github.com/modoboa/modoboa 13 https://github.com/swagger-api/swagger-ui 13 https://github.com/ming-soft/MCMS 13 https://github.com/traefik/traefik 13 https://github.com/dromara/hutool 13 https://github.com/golang/go 13 https://github.com/dompdf/dompdf 13 https://github.com/hashicorp/nomad 13 https://github.com/undertow-io/undertow 13 https://github.com/quarkusio/quarkus 13 https://github.com/publify/publify 13 https://github.com/silverstripe/silverstripe-framework 13 https://github.com/TryGhost/Ghost 12 https://github.com/ckeditor/ckeditor4 12 https://github.com/laurent22/joplin 12 https://github.com/apache/kylin 12 https://github.com/apache/dolphinscheduler 12 https://github.com/nodejs/undici 12 https://github.com/patriksimek/vm2 12 https://github.com/backstage/backstage 12 https://github.com/centreon/centreon-archived 12 https://github.com/twisted/twisted 12 https://github.com/1Panel-dev/1Panel 11 https://github.com/nats-io/nats-server 11 https://github.com/janeczku/calibre-web 11 https://github.com/scrapy/scrapy 11 https://github.com/urllib3/urllib3 11 https://github.com/smarty-php/smarty 11 https://github.com/Studio-42/elFinder 11 https://github.com/aio-libs/aiohttp 11 https://github.com/NodeBB/NodeBB 11 https://github.com/cakephp/cakephp 11 https://github.com/puma/puma 11 https://github.com/vaadin/flow 11 https://github.com/top-think/framework 11 https://github.com/drupal/core 11 https://github.com/opencontainers/runc 11 https://github.com/dotnet/aspnetcore 11 https://github.com/cloudflare/cfrpki 11 https://github.com/zitadel/zitadel 11 https://github.com/vercel/next.js 11 https://github.com/igniterealtime/Openfire 11 https://github.com/ezsystems/ezpublish-kernel 11 https://github.com/containers/podman 11 https://github.com/openfga/openfga 11 https://github.com/thorsten/phpMyFAQ 11 https://github.com/onionshare/onionshare 11 https://github.com/nocodb/nocodb 10 https://github.com/phusion/passenger 10 https://github.com/dolibarr/dolibarr 10 https://github.com/Sylius/Sylius 10 https://github.com/jquery/jquery 10 https://github.com/jupyter/notebook 10 https://github.com/dpgaspar/Flask-AppBuilder 10 https://github.com/nextauthjs/next-auth 10 https://github.com/greenpau/caddy-security 10 https://github.com/pimcore/admin-ui-classic-bundle 10 https://github.com/WWBN/AVideo 10 https://github.com/jenkinsci/git-plugin 10 https://github.com/wagtail/wagtail 10 https://github.com/zopefoundation/Zope 10 https://github.com/OPCFoundation/UA-.NETStandard 10 https://github.com/keystonejs/keystone 10 https://github.com/codeigniter4/CodeIgniter4 10 https://github.com/openstack/glance 10 https://github.com/cui2shark/cms 9 https://github.com/giampaolo/pyftpdlib 9 https://github.com/cosmos/cosmos-sdk 9 https://github.com/ethyca/fides 9 https://github.com/Pylons/waitress 9 https://github.com/funadmin/funadmin 9 https://github.com/pgadmin-org/pgadmin4 9 https://github.com/openstack/horizon 9 https://github.com/LavaLite/cms 9 https://github.com/fatfreecrm/fat_free_crm 9