Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories

Browse all Security Advisories for

Loading...
Critical
GSA_kwCzR0hTQS12MnJnLThjd3ItNzVnOM00Hg
Deserializer tampering in Apache Dubbo
Ecosystems: maven
Packages: com.alibaba:dubbo, org.apache.dubbo:dubbo
Source: GitHub Advisory Database
Blast Radius: 40.5
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS01NGZ4LWdtNzQtcTY3Ns00HQ
Permissions bypass in SmallRye
Ecosystems: maven
Packages: io.smallrye.config:smallrye-config
Source: GitHub Advisory Database
Blast Radius: 10.0
Published: over 2 years ago
High
GSA_kwCzR0hTQS1tOWNqLXY1NWYtOHgyNs00HA
Authentication Bypass in keycloak
Ecosystems: maven
Packages: org.keycloak:keycloak-core
Source: GitHub Advisory Database
Blast Radius: 26.9
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS00cjhxLWd2OWotM3h4Ns00Gw
Open Redirect
Ecosystems: packagist
Packages: hyn/multi-tenant
Source: GitHub Advisory Database
Blast Radius: 10.0
Published: over 2 years ago
High
GSA_kwCzR0hTQS1mbTM1LWpnZzMtM2dyeM00Gg
NaN/INF in serverbound movement packets can crash clients and servers
Ecosystems: packagist
Packages: pocketmine/pocketmine-mp
Source: GitHub Advisory Database
Blast Radius: 15.6
Published: over 2 years ago
High
GSA_kwCzR0hTQS1naG04LW1teDcteHZnMs00GQ
Information Exposure in Apache Tapestry
Ecosystems: maven
Packages: org.apache.tapestry:tapestry-core
Source: GitHub Advisory Database
Blast Radius: 21.6
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1oMnJqLTh3Z2ctbW00M800GA
Craft CMS Cross-site Scripting Vulnerability
Ecosystems: packagist
Packages: craftcms/cms
Source: GitHub Advisory Database
Blast Radius: 21.0
Published: over 2 years ago
High
GSA_kwCzR0hTQS0zcmozLXFwMmotNGZqMs00Fw
Cross-Site Request Forgery in Jenkins P4 Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:p4
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
High
GSA_kwCzR0hTQS13ZnhwLTRxZ3ctcXAzY800Fg
XML external entity (XXE) attacks in Jenkins Xcode integration Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:xcode-plugin
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1ndjI2LWpwajktYzhncc00FQ
Incomplete validation in `SparseSparseMinimum`
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 25.8
Published: over 2 years ago
High
GSA_kwCzR0hTQS02eHA2LWZtYzgtcG1tcs00FA
Temporary Directory Hijacking Vulnerability in Keycloak
Ecosystems: maven
Packages: org.keycloak:keycloak-core
Source: GitHub Advisory Database
Blast Radius: 22.4
Published: over 2 years ago
High
GSA_kwCzR0hTQS0ydjgyLTU3NDYtdndxY800Ew
XSS in doc_link
Ecosystems: packagist
Packages: vrana/adminer
Source: GitHub Advisory Database
Blast Radius: 14.8
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS13NGYzLTdmN2MteDY1Ms00Eg
SQL Injection in tribalsystems/zenario
Ecosystems: packagist
Packages: tribalsystems/zenario
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS1meGhwLXdydzktM3I5N800EQ
XML external entity (XXE) injection in Apache Nutch
Ecosystems: maven
Packages: org.apache.nutch:nutch
Source: GitHub Advisory Database
Blast Radius: 17.1
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS12dzgzLWgzbXEtM3F3as00EA
Path Traversal in Spring-integration-zip
Ecosystems: maven
Packages: org.springframework.integration:spring-integration-zip
Source: GitHub Advisory Database
Blast Radius: 4.8
Published: over 2 years ago
High
GSA_kwCzR0hTQS12cmNjLWc2dmotbWg1d800DQ
Denial of service in go-ethereum
Ecosystems: go
Packages: github.com/ethereum/go-ethereum
Source: GitHub Advisory Database
Blast Radius: 28.8
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS05Z3FyLXhwODYtZjg3aM0z9Q
Code injection in npm git
Ecosystems: npm
Packages: git
Source: GitHub Advisory Database
Blast Radius: 23.9
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS14NW04LTJyOHYtOGY5N80z8w
Prototype Pollution in libnested
Ecosystems: npm
Packages: libnested
Source: GitHub Advisory Database
Blast Radius: 22.2
Published: over 2 years ago
High
GSA_kwCzR0hTQS1meDk1LTg4M3YtNHE0aM0z9A
Path traversal in github.com/valyala/fasthttp
Ecosystems: go
Packages: github.com/valyala/fasthttp
Source: GitHub Advisory Database
Blast Radius: 33.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS03eDQ4LTc0NjYtM2czM800CA
Command injection in guake
Ecosystems: pypi
Packages: guake
Source: GitHub Advisory Database
Blast Radius: 8.3
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS12aHhjLWZobTUtcWNwOc0z8g
Prototype Pollution in bodymen
Ecosystems: npm
Packages: bodymen
Source: GitHub Advisory Database
Blast Radius: 14.6
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS02OTU2LTgzZmctNXdjNc0z-w
Prototype Pollution in set-in
Ecosystems: npm
Packages: set-in
Source: GitHub Advisory Database
Blast Radius: 7.6
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS04ZzRtLWNqbTItOTZ3cc0z7w
Sandbox escape in notevil and argencoders-notevil
Ecosystems: npm
Packages: argencoders-notevil, notevil
Source: GitHub Advisory Database
Blast Radius: 19.6
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS02Nnd3LTk5OXEtbWZmcc0z7g
Arbitrary code execution in post-loader
Ecosystems: npm
Packages: post-loader
Source: GitHub Advisory Database
Blast Radius: 17.4
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS04djNqLWpmZzMtdjNmds0z8A
Prototype Pollution in Sails.js
Ecosystems: npm
Packages: sails
Source: GitHub Advisory Database
Blast Radius: 37.8
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS0yOXJ2LWZxeDItNGM5Zs0z6w
Deserialization of Untrusted Data in SinGooCMS.Utility
Ecosystems: nuget
Packages: SinGooCMS.Utility
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
High
GSA_kwCzR0hTQS04bTJmLTc0cjIteDNmMs0z7Q
Code injection in accesslog
Ecosystems: npm
Packages: accesslog
Source: GitHub Advisory Database
Blast Radius: 7.4
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS14dmNoLTVndjQtOTg0aM0z6A
Prototype Pollution in minimist
Ecosystems: npm
Packages: minimist
Source: GitHub Advisory Database
Blast Radius: 61.8
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1wYzMyLXg3MzctNzRjds0zpg
Cross-site Scripting in Pimcore
Ecosystems: packagist
Packages: pimcore/pimcore
Source: GitHub Advisory Database
Blast Radius: 13.4
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1qMjlmLW0yM2gtM3A4cM0zyw
Cross-site Scripting in Pimcore
Ecosystems: packagist
Packages: pimcore/pimcore
Source: GitHub Advisory Database
Blast Radius: 13.4
Published: over 2 years ago
High
GSA_kwCzR0hTQS05dnAzLTdxd3EtODNyOc0zpw
Server-Side Request Forgery in FUXA
Ecosystems: npm
Packages: @frangoteam/fuxa
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS14bXEzLWhnangtNjk5N80zxQ
Cross-site Scripting in Pimcore
Ecosystems: packagist
Packages: pimcore/pimcore
Source: GitHub Advisory Database
Blast Radius: 13.4
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1maDV2LTVmMzUtMnJ2Ms0zsQ
Insertion of Sensitive Information into Log File in ansible
Ecosystems: pypi
Packages: ansible
Source: GitHub Advisory Database
Blast Radius: 22.9
Published: over 2 years ago
High
GSA_kwCzR0hTQS0zMmo5LTZxcW0tbXE5Z80zSA
Unhandled case in node-lmdb
Ecosystems: npm
Packages: node-lmdb
Source: GitHub Advisory Database
Blast Radius: 16.2
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1ocXE3LTJxMnYtODJ4cc0zPQ
Cross-site Scripting in sanitize-url
Ecosystems: npm
Packages: @braintree/sanitize-url
Source: GitHub Advisory Database
Blast Radius: 22.4
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1jcjhjLTk3MnYtcm1wM80zQA
pgAdmin 4 Path Traversal vulnerability
Ecosystems: pypi
Packages: pgadmin4
Source: GitHub Advisory Database
Blast Radius: 11.1
Published: over 2 years ago
Low
GSA_kwCzR0hTQS0zbXBwLXhmdmgtcWgzN80zOQ
node-ipc behavior change
Ecosystems: npm
Packages: node-ipc
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
Low
GSA_kwCzR0hTQS04Z3IzLTJnanctamo3Z80zOA
Hidden functionality in node-ipc
Ecosystems: npm
Packages: node-ipc
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS05N20zLXcyY3AtNHh4Ns0zNw
Embedded Malicious Code in node-ipc
Ecosystems: npm
Packages: node-ipc
Source: GitHub Advisory Database
Blast Radius: 53.6
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS00ZmM0LTRwNWctNnc4Oc0zNg
Cross-site Scripting in CKEditor4
Ecosystems: npm
Packages: ckeditor4
Source: GitHub Advisory Database
Blast Radius: 14.8
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS12cHdxLTZjcDQtZmZxY80zEw
Stored Cross-site Scripting in ShowDoc
Ecosystems: packagist
Packages: showdoc/showdoc
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1tOGdxLTgzZ2gtdjQyds0zFA
XML External Entities Vulnerability in CVRF-CSAF-Converter
Ecosystems: pypi
Packages: cvrf2csaf
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
High
GSA_kwCzR0hTQS1ocmY0LWhjcGMtMzM0Nc0zLg
Denial of service in microweber
Ecosystems: packagist
Packages: microweber/microweber
Source: GitHub Advisory Database
Blast Radius: 5.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1xNzNtLTNxN3ItZnBmN80zJw
Cross-site Scripting in ShowDoc
Ecosystems: packagist
Packages: showdoc/showdoc
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1qNmpnLXc3OWMtN3A4ds0zJQ
File Upload Restriction Bypass leading to Cross-site Scripting in ShowDoc
Ecosystems: packagist
Packages: showdoc/showdoc
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS12OTR2LXB4cXAtNXFnas0zLA
Cross-site Scripting in ShowDoc
Ecosystems: packagist
Packages: showdoc/showdoc
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS0yMmhjLTQ3Y2MtN3g2Zs0zFQ
Cross-site Scripting in Pimcore
Ecosystems: packagist
Packages: pimcore/pimcore
Source: GitHub Advisory Database
Blast Radius: 13.4
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS04Yzc2LW14djUtdzRnOM0zEg
Stored Cross-site Scripting in Microweber
Ecosystems: packagist
Packages: microweber/microweber
Source: GitHub Advisory Database
Blast Radius: 4.8
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS05ZmNjLTdnNDQtbXhyas0zKg
Cross-site Scripting in ShowDoc
Ecosystems: packagist
Packages: showdoc/showdoc
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Low
GSA_kwCzR0hTQS02cGM5LXhxcmctd2Zxd80zHw
Exposure of Sensitive information in httpie
Ecosystems: pypi
Packages: httpie
Source: GitHub Advisory Database
Blast Radius: 8.6
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1xM3gyLWp2cDMtd2o3OM0zEQ
Unrestricted XML files leading to cross-site scripting in Microweber
Ecosystems: packagist
Packages: microweber/microweber
Source: GitHub Advisory Database
Blast Radius: 3.8
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1nNzk1LTRoeHgtcXF3bc0zKA
Cross-site Scripting in Pimcore
Ecosystems: packagist
Packages: pimcore/pimcore
Source: GitHub Advisory Database
Blast Radius: 13.4
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS13ZzhwLXc5NDYtYzQ4Ms0zIQ
Cross-site Scripting in ShowDoc
Ecosystems: packagist
Packages: showdoc/showdoc
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS12OG1wLWhoanEtaDRjas0zDw
Cross-site Scripting in ShowDoc
Ecosystems: packagist
Packages: showdoc/showdoc
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS14bTN4LTc4N20tcDY2cs0zIA
Cross-site Scripting in ShowDoc
Ecosystems: packagist
Packages: showdoc/showdoc
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS0zcGc4LWM0NzMtdzZycs0zJg
Stored Cross-site Scripting in showdoc
Ecosystems: packagist
Packages: showdoc/showdoc
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
High
GSA_kwCzR0hTQS01Znh2LXh4NXAtZzJmds0zEA
Integer Overflow in microweber
Ecosystems: packagist
Packages: microweber/microweber
Source: GitHub Advisory Database
Blast Radius: 5.0
Published: over 2 years ago
Low
GSA_kwCzR0hTQS01bXBmLWh3OGYtODZ3Oc0y-g
Sensitive parameter values captured in build metadata files by Jenkins Parameterized Trigger Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:parameterized-trigger
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS02Zmc0LTM2djcteHYzMs0y_g
Stored Cross-site Scripting vulnerability in Jenkins Dashboard View Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:dashboard-view
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
High
GSA_kwCzR0hTQS14M21oLWp2anctM3h3eM0zKw
openssl-src's infinite loop in `BN_mod_sqrt()` reachable when parsing certificates
Ecosystems: cargo
Packages: openssl-src
Source: GitHub Advisory Database
Blast Radius: 26.7
Published: over 2 years ago
High
GSA_kwCzR0hTQS1yNmhoLTVnM3Etd3dnY80zGg
Stored Cross-site Scripting in grav
Ecosystems: packagist
Packages: getgrav/grav
Source: GitHub Advisory Database
Blast Radius: 6.8
Published: over 2 years ago
High
GSA_kwCzR0hTQS14M20zLWc4dzYtbWYyOM0y-w
Agent-to-controller security bypass in Jenkins Semantic Versioning Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:semantic-versioning-plugin
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1nNTg1LWo1NXYtMzhoN80zKQ
Cross-site Scripting in ShowDoc
Ecosystems: packagist
Packages: showdoc/showdoc
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS04NzRyLTQ2YzYtN3A0cs0zAg
Stored Cross-site Scripting vulnerability in Jenkins Favorite Plugin
Ecosystems: maven
Packages: org.jvnet.hudson.plugins:favorite
Source: GitHub Advisory Database
Blast Radius: 10.4
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1jaDYzLTZjbWctZ3dnMs0zIw
Arbitrary JSON and property file read vulnerability in Jenkins Extended Choice Parameter Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:extended-choice-parameter
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
High
GSA_kwCzR0hTQS1wdjRtLTdjNjgtZjRjNc0y_A
CSRF vulnerability in Jenkins CloudBees AWS Credentials Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:aws-credentials
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1jaHI2LTM4NnEtNG0zds0y_Q
Stored Cross-site Scripting vulnerability in Jenkins Folder-based Authorization Strategy Plugin
Ecosystems: maven
Packages: io.jenkins.plugins:folder-auth
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
High
GSA_kwCzR0hTQS1oMnY1LTNocGMtODVqNc0zIg
Stored Cross-site Scripting vulnerability in Jenkins Extended Choice Parameter Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:extended-choice-parameter
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1mcXB4LXhmanItMnFyOc0zGA
CSRF vulnerability and missing permission checks in Jenkins Extended Choice Parameter Plugin allow SSRF
Ecosystems: maven
Packages: org.jenkins-ci.plugins:extended-choice-parameter
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1tOWd2LTQ1MjMtamZmbc0y_w
Missing permission checks in AWS Credentials Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:aws-credentials
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS14OTVjLXFycXItMnYyN80zGQ
CSRF vulnerability and missing permission checks in Extended Choice Parameter Plugin allow SSRF
Ecosystems: maven
Packages: org.jenkins-ci.plugins:extended-choice-parameter
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Low
GSA_kwCzR0hTQS1oeDNyLXF3eHYtNWp3Oc0zGw
Client Secret stored in plain text by Jenkins GitLab Authentication Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:gitlab-oauth
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS13ajc4LTh4cngtcGhyN80y-Q
Stored Cross-site Scripting vulnerability in Jenkins global-build-stats Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:global-build-stats
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS03NzU2LTU2aHItMnZjcM0zHA
Stored Cross-site Scripting vulnerability in Jenkins List Git Branches Parameter Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:list-git-branches-parameter
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS0yM3g1LWo2OGctNmpwd80y-A
Missing permission checks in Jenkins kubernetes-cd Plugin allow enumerating credentials IDs
Ecosystems: maven
Packages: org.jenkins-ci.plugins:kubernetes-cd
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS14NzVyLWc2M20tODJ3as0zFw
Passwords stored in plain text by Jenkins dbCharts Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:dbCharts
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
High
GSA_kwCzR0hTQS12cTZjLWZ2eHctcDQ1ds0zFg
CSRF vulnerability in Jenkins kubernetes-cd Plugin allow capturing credentials
Ecosystems: maven
Packages: org.jenkins-ci.plugins:kubernetes-cd
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS05d3ZyLXg4M20tODR2NM0zHg
Passwords stored in plain text by Jenkins Vmware vRealize CodeStream Plugin
Ecosystems: maven
Packages: com.vmware.vcac:vmware-vrealize-codestream
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1tNHg3LTQ0YzgtamcyeM0zDg
CSRF vulnerability in Jenkins Release Helper Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:release-helper
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
High
GSA_kwCzR0hTQS0zNWg5LWg0MzktdnZtcs0zBg
Stored Cross-site Scripting vulnerability in Jenkins Environment Dashboard Plugin
Ecosystems: maven
Packages: io.jenkins.plugins:environment-dashboard
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1wOWdxLTc2ZmotNHA0cM0zCw
Missing permission checks in Jenkins Release Helper Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:release-helper
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1mcHhxLXc3cDktcjkyNM0zBw
Arbitrary file read vulnerability in Jenkins kubernetes-cd Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:kubernetes-cd
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS04Zzl3LTVqdjYtN200eM0zDA
Personal tokens stored in plain text by Jenkins incapptic connect uploader Plugin
Ecosystems: maven
Packages: com.incapptic.plugins:incapptic-connect-uploader
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
High
GSA_kwCzR0hTQS03OTRqLWh4OTYtNHczbc0zCg
CSRF vulnerability and missing permission checks in Jenkins kubernetes-cd Plugin allow capturing credentials
Ecosystems: maven
Packages: org.jenkins-ci.plugins:kubernetes-cd
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
High
GSA_kwCzR0hTQS1wNHYyLXI5OXYtd2pjMs0y8w
Nicotine+ DoS on Null Character in Download Request
Ecosystems: pypi
Packages: nicotine-plus
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1oM3E0LXZtdzQtY3ByNc0y9Q
Path Traversal in Gitea
Ecosystems: go
Packages: code.gitea.io/gitea
Source: GitHub Advisory Database
Blast Radius: 8.4
Published: over 2 years ago
High
GSA_kwCzR0hTQS02eDJtLXc0NDktcXd4N80y7g
Code Injection in CRI-O
Ecosystems: go
Packages: github.com/cri-o/cri-o
Source: GitHub Advisory Database
Blast Radius: 15.7
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS13Mmo1LTNyY3gtdng3eM0y7Q
Sysctls applied to containers with host IPC or host network namespaces can affect the host
Ecosystems: go
Packages: github.com/cri-o/cri-o
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS0yeG1tLWc0ODItNDQzOc0y7A
DQL injection through sorting parameters blocked
Ecosystems: packagist
Packages: sylius/grid-bundle
Source: GitHub Advisory Database
Blast Radius: 23.6
Published: over 2 years ago
High
GSA_kwCzR0hTQS1yam1xLTZ2NTUtNHJqds0y6w
Improper Authorization in org.cometd.oort
Ecosystems: maven
Packages: org.cometd.java:cometd-java-oort
Source: GitHub Advisory Database
Blast Radius: 11.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS13ZzRyLXE3NHItcDdjOM0y5w
Cross-site Scripting in ShowDoc
Ecosystems: packagist
Packages: showdoc/showdoc
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1tZzVoLTlyaHEtNGNxeM0y3g
Cross-site Scripting in ShowDoc
Ecosystems: packagist
Packages: showdoc/showdoc
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1wcTM3LTRjNGctdjM4Y80y1g
Cross-site Scripting in vditor
Ecosystems: npm
Packages: vditor
Source: GitHub Advisory Database
Blast Radius: 15.4
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1tdzc1LXF2ZnItaHBtcs0y2Q
Cross-site Scripting in ShowDoc
Ecosystems: packagist
Packages: showdoc/showdoc
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS04Mmo0LXZyMjUteDM5NM0y2g
Cross-site Scripting in ShowDoc
Ecosystems: packagist
Packages: showdoc/showdoc
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1xcTc0LXZnY2YtNTRjM80yrA
Cross-site Scripting in ShowDoc
Ecosystems: packagist
Packages: showdoc/showdoc
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS14OHdqLWNxbXAtM3dtbc0ypQ
Cross-site Scripting in Zenario CMS
Ecosystems: packagist
Packages: tribalsystems/zenario
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS1yZ2czLTN3aDctdzkzNc0ypw
Unrestricted Upload of File with Dangerous Type in Zenario CMS
Ecosystems: packagist
Packages: tribalsystems/zenario
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS1wcTJmLTNmZzMtcnc5Oc0yxg
SQL Injection in WordPress Zero Spam WordPress plugin
Ecosystems: packagist
Packages: bmarshall511/wordpress_zero_spam
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS1ycGhjLWg1NzItMng5Zs0yuw
Cross-site Scripting in showdoc/showdoc
Ecosystems: packagist
Packages: showdoc/showdoc
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Statistics
Advisories: 20,359
Packages: 8,934
Repositories: 5,448
Ecosystems: 12
Filter by Severity
Moderate 8,821 High 7,064 Critical 3,018 Low 1,120
Filter by Ecosystem
maven 5,802 packagist 4,526 pypi 4,297 npm 3,786 go 2,244 nuget 1,539 rubygems 872 cargo 862 swift 32 hex 30 actions 19 pub 9
Filter by Package
tensorflow 433 tensorflow-gpu 425 tensorflow-cpu 422 moodle/moodle 343 Microsoft.ChakraCore 247 magento/community-edition 235 org.jenkins-ci.main:jenkins-core 193 typo3/cms 174 org.apache.tomcat:tomcat 132 pimcore/pimcore 118 dolibarr/dolibarr 112 typo3/cms-core 106 Django 100 microweber/microweber 94 phpmyadmin/phpmyadmin 92 drupal/core 92 silverstripe/framework 85 apache-airflow 84 drupal/drupal 77 Plone 72 thorsten/phpmyfaq 70 com.fasterxml.jackson.core:jackson-databind 69 symfony/symfony 64 github.com/usememos/memos 63 ansible 63 concrete5/concrete5 60 librenms/librenms 60 actionpack 60 github.com/mattermost/mattermost/server/v8 56 salt 55 org.apache.struts:struts2-core 55 shopware/platform 52 apache-superset 51 org.keycloak:keycloak-core 51 github.com/grafana/grafana 47 nova 47 com.liferay.portal:release.portal.bom 46 mlflow 46 django 44 nokogiri 43 craftcms/cms 43 baserproject/basercms 43 rdiffweb 42 plone 41 shopware/core 40 showdoc/showdoc 40 intelliants/subrion 39 vyper 38 froxlor/froxlor 38 org.xwiki.platform:xwiki-platform-oldcore 37 org.apache.tomcat.embed:tomcat-embed-core 37 nilsteampassnet/teampass 37 github.com/mattermost/mattermost-server/v6 37 mautic/core 37 com.thoughtworks.xstream:xstream 36 com.jfinal:jfinal 36 org.elasticsearch:elasticsearch 36 github.com/hashicorp/vault 36 org.keycloak:keycloak-services 36 net.mingsoft:ms-mcms 35 matrix-synapse 35 moin 35 k8s.io/kubernetes 34 github.com/rancher/rancher 34 zendframework/zendframework1 34 github.com/answerdev/answer 34 snipe/snipe-it 34 io.undertow:undertow-core 32 org.jenkins-ci.plugins:script-security 32 gradio 32 keystone 31 opencv-python 31 opencv-contrib-python 31 Pillow 31 github.com/argoproj/argo-cd 31 parse-server 31 shopware/shopware 30 getgrav/grav 29 github.com/docker/docker 29 github.com/argoproj/argo-cd/v2 27 centreon/centreon 27 github.com/hashicorp/nomad 27 pillow 26 electron 26 prestashop/prestashop 26 directus 26 openssl-src 26 github.com/hashicorp/consul 26 rubygems-update 25 org.keycloak:keycloak-parent 25 org.apache.solr:solr-core 25 github.com/cilium/cilium 25 contao/core-bundle 24 mediawiki/core 24 gogs.io/gogs 24 magento/core 24 org.springframework.security:spring-security-core 24 org.eclipse.jetty:jetty-server 24 grumpydictator/firefly-iii 23 remdex/livehelperchat 23 rack 23 zendframework/zendframework 23 simplesamlphp/simplesamlphp 23 puppet 23 pocketmine/pocketmine-mp 23 ckb 22 tribalsystems/zenario 22 org.bouncycastle:bcprov-jdk14 22 getkirby/cms 22 org.apache.openmeetings:openmeetings-parent 21 activerecord 21 Microsoft.AspNetCore.App.Runtime.win-x64 21 Microsoft.AspNetCore.App.Runtime.win-x86 21 @openzeppelin/contracts-upgradeable 21 org.apache.nifi:nifi 21 Microsoft.AspNetCore.App.Runtime.win-arm 20 glance 20 org.cloudfoundry.identity:cloudfoundry-identity-server 20 @openzeppelin/contracts 20 code.gitea.io/gitea 20 github.com/ethereum/go-ethereum 20 laravel/framework 19 org.xwiki.platform:xwiki-platform-web-templates 19 org.springframework:spring-core 19 DotNetNuke.Core 19 contao/contao 19 Microsoft.AspNetCore.App.Runtime.linux-x64 18 next 18 Microsoft.AspNetCore.App.Runtime.linux-musl-x64 18 mercurial 18 topthink/framework 18 mindsdb 18 Microsoft.AspNetCore.App.Runtime.osx-x64 18 forkcms/forkcms 18 Microsoft.AspNetCore.App.Runtime.linux-arm 18 langchain 18 wasmtime 18 github.com/goharbor/harbor 18 cockpit-hq/cockpit 18 com.liferay.portal:release.dxp.bom 18 golang.org/x/net 18 github.com/traefik/traefik/v2 18 Microsoft.AspNetCore.App.Runtime.win-arm64 18 com.vaadin:vaadin-bom 18 Microsoft.AspNetCore.App.Runtime.linux-arm64 18 PaddlePaddle 17 helm.sh/helm/v3 17 symfony/security 17 francoisjacquet/rosariosis 17 cobbler 17 ezsystems/ezpublish-kernel 17 org.apache.geode:geode-core 17 opencart/opencart 17 genix/cms 17 notebook 17 cakephp/cakephp 17 Microsoft.AspNetCore.App.Runtime.linux-musl-arm64 17 cryptography 16 tinymce 16 org.apache.dubbo:dubbo 16 typo3/cms-backend 16 sequelize 16 rusqlite 16 org.apache.jspwiki:jspwiki-main 16 yetiforce/yetiforce-crm 16 org.apache.activemq:activemq-client 16 openmage/magento-lts 16 neutron 16 org.bouncycastle:bcprov-jdk15 16 paddlepaddle 15 ec-cube/ec-cube 15 ckeditor4 15 org.apache.struts.xwork:xwork-core 15 smarty/smarty 15 ghost 15 october/system 15 ethyca-fides 15 pyload-ng 15 org.apache.inlong:manager-pojo 14 silverstripe/cms 14 github.com/containerd/containerd 14 pyftpdlib 14 publify_core 14 phpmailer/phpmailer 14 feehi/cms 14 modoboa 14 github.com/zitadel/zitadel 14 github.com/nats-io/nats-server/v2 14 symfony/security-http 14 swagger-ui 14 bolt/bolt 14 activesupport 14 org.xwiki.platform:xwiki-platform-web 14 undici 13 strapi 13 Microsoft.AspNetCore.App.Runtime.linux-musl-arm 13 pimcore/admin-ui-classic-bundle 13 joplin 13 camaleon_cms 13 angular 13
Filter by Repository
https://github.com/tensorflow/tensorflow 433 https://github.com/moodle/moodle 214 https://github.com/chakra-core/ChakraCore 214 https://github.com/xwiki/xwiki-platform 183 https://github.com/jenkinsci/jenkins 150 https://github.com/django/django 113 https://github.com/pimcore/pimcore 113 https://github.com/apache/airflow 98 https://github.com/apache/tomcat 97 https://github.com/microweber/microweber 88 https://github.com/TYPO3/typo3 74 https://github.com/keycloak/keycloak 74 https://github.com/FasterXML/jackson-databind 70 https://github.com/thorsten/phpmyfaq 69 https://github.com/silverstripe/silverstripe-framework 64 https://github.com/usememos/memos 63 https://github.com/rails/rails 59 https://github.com/symfony/symfony 57 https://github.com/ansible/ansible 56 https://github.com/Dolibarr/dolibarr 56 https://github.com/kubernetes/kubernetes 52 https://github.com/python-pillow/Pillow 52 https://github.com/librenms/librenms 52 https://github.com/apache/struts 46 https://github.com/spring-projects/spring-framework 45 https://github.com/shopware/platform 43 https://github.com/ikus060/rdiffweb 42 https://github.com/argoproj/argo-cd 42 https://github.com/concretecms/concretecms 41 https://github.com/grafana/grafana 40 https://github.com/magento/magento2 38 https://github.com/star7th/showdoc 38 https://github.com/phpmyadmin/phpmyadmin 38 https://github.com/vyperlang/vyper 38 https://github.com/plone/Products.CMFPlone 37 https://github.com/openstack/nova 37 https://github.com/x-stream/xstream 36 https://github.com/octobercms/october 35 https://github.com/mautic/mautic 35 https://github.com/answerdev/answer 34 https://github.com/apache/activemq 33 https://github.com/saltstack/salt 33 https://github.com/sparklemotion/nokogiri 32 https://github.com/go-gitea/gitea 32 https://github.com/matrix-org/synapse 32 https://github.com/opencv/opencv 32 https://github.com/parse-community/parse-server 31 https://github.com/dotnet/runtime 31 https://github.com/craftcms/cms 31 https://github.com/PaddlePaddle/Paddle 31 https://github.com/snipe/snipe-it 30 https://github.com/gradio-app/gradio 30 https://github.com/mlflow/mlflow 30 https://github.com/rancher/rancher 29 https://github.com/shopware/shopware 28 https://github.com/CVEProject/cvelist 28 https://github.com/openstack/keystone 28 https://github.com/apache/inlong 27 https://github.com/froxlor/froxlor 26 https://github.com/directus/directus 25 https://github.com/contao/contao 25 https://github.com/electron/electron 25 https://github.com/cilium/cilium 25 https://github.com/umbraco/Umbraco-CMS 25 https://github.com/strapi/strapi 24 https://github.com/TYPO3/TYPO3.CMS 24 https://github.com/github/advisory-database 24 https://github.com/getgrav/grav 24 https://github.com/gogs/gogs 24 https://github.com/eclipse/jetty.project 23 https://github.com/livehelperchat/livehelperchat 23 https://github.com/pmmp/PocketMine-MP 23 https://github.com/firefly-iii/firefly-iii 23 https://github.com/PrestaShop/PrestaShop 22 https://github.com/baserproject/basercms 22 https://github.com/apache/nifi 22 https://github.com/nervosnetwork/ckb 22 https://github.com/jenkinsci/script-security-plugin 21 https://github.com/apache/cxf 21 https://github.com/OpenZeppelin/openzeppelin-contracts 20 https://github.com/netty/netty 20 https://github.com/langchain-ai/langchain 20 https://github.com/simplesamlphp/simplesamlphp 20 https://github.com/OpenNMS/opennms 20 https://github.com/jeecgboot/jeecg-boot 20 https://github.com/cloudfoundry/uaa 19 https://github.com/getkirby/kirby 19 https://github.com/bytecodealliance/wasmtime 19 https://github.com/bcgit/bc-java 19 https://github.com/nilsteampassnet/teampass 19 https://github.com/hashicorp/consul 19 https://github.com/helm/helm 18 https://github.com/goharbor/harbor 18 https://github.com/intelliants/subrion 18 https://github.com/rubygems/rubygems 18 https://github.com/geoserver/geoserver 18 https://github.com/traefik/traefik 18 https://github.com/nilsteampassnet/TeamPass 18 https://github.com/rack/rack 18 https://github.com/moby/moby 17 https://github.com/liufee/cms 17 https://github.com/undertow-io/undertow 17 https://github.com/vaadin/platform 17 https://github.com/mindsdb/mindsdb 17 https://github.com/zitadel/zitadel 17 https://github.com/ethereum/go-ethereum 16 https://github.com/etcd-io/etcd 16 https://github.com/tinymce/tinymce 16 https://github.com/sequelize/sequelize 16 https://github.com/yetiforcecompany/yetiforcecrm 16 https://github.com/hashicorp/vault 16 https://github.com/OpenMage/magento-lts 16 https://github.com/backstage/backstage 16 https://github.com/forkcms/forkcms 16 https://github.com/TYPO3-CMS/core 16 https://github.com/rusqlite/rusqlite 16 https://github.com/opencast/opencast 16 https://github.com/pyload/pyload 15 https://github.com/apache/camel 15 https://github.com/denoland/deno 15 https://github.com/zendframework/zendframework 15 https://github.com/puppetlabs/puppet 15 https://github.com/ethyca/fides 15 https://github.com/pyca/cryptography 15 https://github.com/mattermost/mattermost 15 https://github.com/vantage6/vantage6 15 https://github.com/centreon/centreon 15 https://github.com/PHPMailer/PHPMailer 15 https://github.com/laravel/framework 15 https://github.com/cobbler/cobbler 14 https://github.com/twisted/twisted 14 https://github.com/xuxueli/xxl-job 14 https://github.com/dotnet/aspnetcore 14 https://github.com/containerd/containerd 14 https://github.com/decidim/decidim 14 https://github.com/vercel/next.js 14 https://github.com/cockpit-hq/cockpit 14 https://github.com/ckeditor/ckeditor4 14 https://github.com/nodejs/undici 13 https://github.com/modoboa/modoboa 13 https://github.com/OPCFoundation/UA-.NETStandard 13 https://github.com/publify/publify 13 https://github.com/dompdf/dompdf 13 https://github.com/apache/dolphinscheduler 13 https://github.com/dromara/hutool 13 https://github.com/hashicorp/nomad 13 https://github.com/swagger-api/swagger-ui 13 https://github.com/quarkusio/quarkus 13 https://github.com/TryGhost/Ghost 13 https://github.com/golang/go 13 https://github.com/ming-soft/MCMS 13 https://github.com/containers/podman 12 https://github.com/urllib3/urllib3 12 https://github.com/laurent22/joplin 12 https://github.com/apache/kylin 12 https://github.com/smarty-php/smarty 12 https://github.com/pimcore/admin-ui-classic-bundle 12 https://github.com/aio-libs/aiohttp 12 https://github.com/centreon/centreon-archived 12 https://github.com/patriksimek/vm2 12 https://github.com/wagtail/wagtail 12 https://github.com/1Panel-dev/1Panel 12 https://github.com/surrealdb/surrealdb 12 https://github.com/opencontainers/runc 12 https://github.com/openfga/openfga 12 https://github.com/puma/puma 12 https://github.com/thorsten/phpMyFAQ 11 https://github.com/Studio-42/elFinder 11 https://github.com/WWBN/AVideo 11 https://github.com/top-think/framework 11 https://github.com/owen2345/camaleon-cms 11 https://github.com/janeczku/calibre-web 11 https://github.com/igniterealtime/Openfire 11 https://github.com/yiisoft/yii2 11 https://github.com/ezsystems/ezpublish-kernel 11 https://github.com/cloudflare/cfrpki 11 https://github.com/drupal/core 11 https://github.com/pomerium/pomerium 11 https://github.com/scrapy/scrapy 11 https://github.com/cakephp/cakephp 11 https://github.com/NodeBB/NodeBB 11 https://github.com/vaadin/flow 11 https://github.com/Sylius/Sylius 11 https://github.com/dpgaspar/Flask-AppBuilder 11 https://github.com/onionshare/onionshare 11 https://github.com/nats-io/nats-server 11 https://github.com/openstack/glance 11 https://github.com/phusion/passenger 10 https://github.com/pgadmin-org/pgadmin4 10 https://github.com/nextauthjs/next-auth 10 https://github.com/jenkinsci/git-plugin 10 https://github.com/funadmin/funadmin 10 https://github.com/jupyter/notebook 10 https://github.com/DSpace/DSpace 10 https://github.com/PHPOffice/PhpSpreadsheet 10 https://github.com/zenml-io/zenml 10 https://github.com/nocodb/nocodb 10 https://github.com/codeigniter4/CodeIgniter4 10 https://github.com/apache/zeppelin 10