Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories

Browse all Security Advisories for

Loading...
Moderate
GSA_kwCzR0hTQS00cjY1LTM1cXEtY2g4as0wGw
Ansible discloses sensitive information in traceback error message
Ecosystems: pypi
Packages: ansible
Source: GitHub Advisory Database
Blast Radius: 22.9
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS05NjhjLW1tMjgtamZ3NM0wFg
SQL injection in net.mingsoft:ms-mcms
Ecosystems: maven
Packages: net.mingsoft:ms-mcms
Source: GitHub Advisory Database
Blast Radius: 3.0
Published: over 2 years ago
High
GSA_kwCzR0hTQS1tcTQ3LTZ3d3Ytdjc5d80wHQ
Path traversal in claircore
Ecosystems: go
Packages: github.com/quay/claircore
Source: GitHub Advisory Database
Blast Radius: 10.6
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS05OXdoLTk3M2YtNzc5cM0v-w
XML External Entity Reference in Hazelcast
Ecosystems: maven
Packages: com.hazelcast:hazelcast
Source: GitHub Advisory Database
Blast Radius: 39.4
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS0zZ3g5LTM3d3ctOXF3Ns0v8w
Spring Cloud Gateway vulnerable to Code Injection when Gateway Actuator endpoint enabled, exposed, unsecured
Ecosystems: maven
Packages: org.springframework.cloud:spring-cloud-gateway
Source: GitHub Advisory Database
Blast Radius: 18.4
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1wZ3E2LWNjcWotaHBxcs0v_A
Elasticsearch privilege escalation
Ecosystems: maven
Packages: org.elasticsearch:elasticsearch
Source: GitHub Advisory Database
Blast Radius: 18.4
Published: over 2 years ago
High
GSA_kwCzR0hTQS1mbXg0LTI2cjMtd3hwZs0v8A
Integer overflow in cmark-gfm table parsing extension leads to heap memory corruption
Ecosystems: rubygems
Packages: commonmarker
Source: GitHub Advisory Database
Blast Radius: 48.4
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS00NDZ3LXJybTQtcjQ3Zs0v7w
Exposure of home directory through shescape on Unix with Bash
Ecosystems: npm
Packages: shescape
Source: GitHub Advisory Database
Blast Radius: 8.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1nbXY0LXI0MzgtcDY3Zs0v7g
Leading white space bypasses protocol validation
Ecosystems: npm
Packages: urijs
Source: GitHub Advisory Database
Blast Radius: 27.9
Published: over 2 years ago
High
GSA_kwCzR0hTQS12M3dyLTY3cHgtNDR4Z80v7Q
Execution with Unnecessary Privileges in arc-electron
Ecosystems: npm
Packages: @advanced-rest-client/base
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
High
GSA_kwCzR0hTQS1ydjZyLTNmNXEtOXJneM0v7A
Twisted SSH client and server deny of service during SSH handshake.
Ecosystems: pypi
Packages: twisted
Source: GitHub Advisory Database
Blast Radius: 29.5
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1nY3g1LTNwNWYtZjh2cM0v5w
Prototype Pollution in jquery.cookie
Ecosystems: nuget
Packages: jquery.cookie
Source: GitHub Advisory Database
Blast Radius: 14.2
Published: over 2 years ago
High
GSA_kwCzR0hTQS00MnFtLWMzY2YtOXd2Ms0vxw
Code injection in dolibarr/dolibarr
Ecosystems: packagist
Packages: dolibarr/dolibarr
Source: GitHub Advisory Database
Blast Radius: 6.8
Published: over 2 years ago
High
GSA_kwCzR0hTQS1jbTl3LWM0cmotcjJjZs0vug
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in view_component
Ecosystems: rubygems
Packages: view_component
Source: GitHub Advisory Database
Blast Radius: 26.0
Published: over 2 years ago
High
GSA_kwCzR0hTQS1jcnAyLXFycjUtOHBxN80vuQ
containerd CRI plugin: Insecure handling of image volumes
Ecosystems: go
Packages: github.com/containerd/containerd
Source: GitHub Advisory Database
Blast Radius: 33.2
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS14dm0yLTl4dmMtaHg3Zs0vuA
Improper Restriction of XML External Entity Reference in com.monitorjbl:xlsx-streamer
Ecosystems: maven
Packages: com.monitorjbl:xlsx-streamer
Source: GitHub Advisory Database
Blast Radius: 24.4
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS0ycDg5LXBwYzItbXJxNM0vow
Cross site scripting in getgrav/grav
Ecosystems: packagist
Packages: getgrav/grav
Source: GitHub Advisory Database
Blast Radius: 4.4
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS12cG13LTc3dm0tNG1qZ80vmw
Cross-site Scripting in Cipi
Ecosystems: packagist
Packages: andreapollastri/cipi
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1oaHFqLWNmangtdmoyNc0vlw
Cross site scripting in reveal.js
Ecosystems: npm
Packages: reveal.js
Source: GitHub Advisory Database
Blast Radius: 32.6
Published: over 2 years ago
High
GSA_kwCzR0hTQS03cjc5LW1ycDYtOG1occ0vkw
Rate limit missing in microweber
Ecosystems: packagist
Packages: microweber/microweber
Source: GitHub Advisory Database
Blast Radius: 5.2
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS1jeGY3LXFyYzUtOTQ0Ns0viw
Remote shell execution vulnerability in image_processing
Ecosystems: rubygems
Packages: image_processing
Source: GitHub Advisory Database
Blast Radius: 44.1
Published: over 2 years ago
Low
GSA_kwCzR0hTQS0zMng2LXF2dzYtbXhqNM0vig
Forwarding of confidentials headers to third parties in fluture-node
Ecosystems: pypi, npm
Packages: request-util, fluture-node
Source: GitHub Advisory Database
Blast Radius: 2.2
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1tZmptLXZoNTQtM2Y5Ns0viQ
Scrapy cookie-setting is not restricted based on the public suffix list
Ecosystems: pypi
Packages: scrapy
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1janZyLW1majctajRqOM0viA
Incorrect Authorization and Exposure of Sensitive Information to an Unauthorized Actor in scrapy
Ecosystems: pypi
Packages: scrapy
Source: GitHub Advisory Database
Blast Radius: 22.4
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS03ZjYzLWg2ZzMtN2N3bc0vhw
Cross Site Scripting (XSS) in @finastra/ssr-pages
Ecosystems: npm
Packages: @finastra/ssr-pages
Source: GitHub Advisory Database
Blast Radius: 4.7
Published: over 2 years ago
High
GSA_kwCzR0hTQS13NmN4LXFnMnEtcnZxOM0vhg
Path Traversal in @finastra/ssr-pages
Ecosystems: npm
Packages: @finastra/ssr-pages
Source: GitHub Advisory Database
Blast Radius: 5.9
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1tajZtLTI0NmgtOXc1Ns0vhQ
Improper regex in htaccess file
Ecosystems: packagist
Packages: mautic/core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1qMzR2LTM1NTItNXI3as0vhA
Multiple security issues in Pomerium's embedded envoy
Ecosystems: go
Packages: github.com/pomerium/pomerium
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS1yNWhjLXdtM2ctaGp3Ns0vgw
Server-Side Request Forgery (SSRF) in rudloff/alltube
Ecosystems: packagist
Packages: rudloff/alltube
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS00djM3LTI0Z20taDU1NM0vgg
Cross-Site Request Forgery (CSRF) Protection Bypass Vulnerability in CodeIgniter4
Ecosystems: packagist
Packages: codeigniter4/framework
Source: GitHub Advisory Database
Blast Radius: 21.0
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS14anA0LTZ3NzUtcXJqN80vgQ
Remote CLI Command Execution Vulnerability in CodeIgniter4
Ecosystems: packagist
Packages: codeigniter4/framework
Source: GitHub Advisory Database
Blast Radius: 31.3
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1wOTN2LW0ycjItNDM4N80vgA
Denial of service via insufficient metadata validation
Ecosystems: go
Packages: github.com/google/fscrypt
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS13NGY4LWZ4cTItajM1ds0vfw
Possible privilege escalation via bash completion script
Ecosystems: go
Packages: github.com/google/fscrypt
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1jaHhmLWZqY2YtN2Z3cM0vfg
Possible filesystem space exhaustion by local users
Ecosystems: go
Packages: github.com/google/fscrypt
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1ndjlqLTR3MjQtcTd2eM0vfQ
Improper random number generation in github.com/coredns/coredns
Ecosystems: go
Packages: github.com/coredns/coredns
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
High
GSA_kwCzR0hTQS0yajZ2LXhwZjMteHZyds0vfA
Use of Externally-Controlled Format String in wire-avs
Ecosystems: maven
Packages: com.wire:avs
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
High
GSA_kwCzR0hTQS0zMzgyLXI5cTgtNGhmZ80vag
HashiCorp Nomad vulnerable to Allocation of Resources Without Limits or Throttling
Ecosystems: go
Packages: github.com/hashicorp/nomad
Source: GitHub Advisory Database
Blast Radius: 17.4
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS12aG02LWd3ODItNmY4as0vOA
Cross site scripting in LibreNMS
Ecosystems: packagist
Packages: librenms/librenms
Source: GitHub Advisory Database
Blast Radius: 1.4
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS01ODc1LXA2NTItMnBwbc0vMg
Exposure of Resource to Wrong Sphere in microweber
Ecosystems: packagist
Packages: microweber/microweber
Source: GitHub Advisory Database
Blast Radius: 3.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS14cmpmLXBodnYtcjR2cs0vLg
Command injection in strapi
Ecosystems: npm
Packages: strapi
Source: GitHub Advisory Database
Blast Radius: 22.1
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS02bTI2LTI1cTItY3E0Ns0vLw
Cross-site Scripting in microweber
Ecosystems: packagist
Packages: microweber/microweber
Source: GitHub Advisory Database
Blast Radius: 3.4
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS00cDkyLWZ2NnYtZmhmas0vMA
Cross-site Scripting in microweber
Ecosystems: packagist
Packages: microweber/microweber
Source: GitHub Advisory Database
Blast Radius: 3.8
Published: over 2 years ago
High
GSA_kwCzR0hTQS1qOGpwLTl4NDItNHBqNc0vKQ
Unrestricted Upload of File with Dangerous Type in MODX Revolution
Ecosystems: packagist
Packages: modx/revolution
Source: GitHub Advisory Database
Blast Radius: 5.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS02NXh3LXBjcXctaGpyaM0vEA
Apache Airflow Cross-site Scripting Vulnerability
Ecosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Blast Radius: 19.5
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS13eGpnLXA1OWotNmM5Ms0vCQ
Command injection in github.com/google/fscrypt
Ecosystems: go
Packages: github.com/google/fscrypt
Source: GitHub Advisory Database
Blast Radius: 7.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1tcHE0LXJqajgtZmpwaM0vDQ
Uncontrolled Resource Consumption in github.com/google/fscrypt
Ecosystems: go
Packages: github.com/google/fscrypt
Source: GitHub Advisory Database
Blast Radius: 7.7
Published: over 2 years ago
High
GSA_kwCzR0hTQS00Mjg0LXgyNnItNGhoY80vIw
Cross Site Request Forgery in Apache JSPWiki
Ecosystems: maven
Packages: org.apache.jspwiki:jspwiki-main
Source: GitHub Advisory Database
Blast Radius: 11.4
Published: over 2 years ago
High
GSA_kwCzR0hTQS0zdjdnLTRwZzMtN3I2as0vDg
OS Command injection in Apache Airflow
Ecosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Blast Radius: 28.1
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS05OTUzLWZtcnctdjR2bc0vIg
Cross-site Scripting in Apache JSPWiki
Ecosystems: maven
Packages: org.apache.jspwiki:jspwiki-main
Source: GitHub Advisory Database
Blast Radius: 7.9
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS04dnE2LTVmNjYtaHAzcs0vDA
Logic error in dolibarr/dolibarr
Ecosystems: packagist
Packages: dolibarr/dolibarr
Source: GitHub Advisory Database
Blast Radius: 3.3
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS04dndtLTh2ajgtcnFqZs0vCg
User login denial of service in github.com/google/fscrypt
Ecosystems: go
Packages: github.com/google/fscrypt
Source: GitHub Advisory Database
Blast Radius: 7.7
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS0ycXA0LWczcTMtZjkyd80u-Q
Improper Locking in JetBrains Kotlin
Ecosystems: maven
Packages: org.jetbrains.kotlin:kotlin-stdlib
Source: GitHub Advisory Database
Blast Radius: 26.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS00M3g5LTdoZnYtbXhyZs0u_g
jQuery-Upload-File XSS in fileNameStr
Ecosystems: npm
Packages: jquery-file-upload
Source: GitHub Advisory Database
Blast Radius: 16.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1yYzN4LWpmNWcteHZjNc0u4Q
Open redirect in karma
Ecosystems: npm
Packages: karma
Source: GitHub Advisory Database
Blast Radius: 32.4
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS02anA2LTlyZjktZ2M2Ns0u1Q
Cross-site Scripting in Weblate
Ecosystems: pypi
Packages: Weblate
Source: GitHub Advisory Database
Blast Radius: 1.6
Published: over 2 years ago
High
GSA_kwCzR0hTQS1mcTQyLWM1cmctOTJjMs0u1A
Vulnerable dependencies in Nokogiri
Ecosystems: rubygems
Packages: nokogiri
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
High
GSA_kwCzR0hTQS1tZjIyLTkycG0tbThwOM0u0w
Cross site scripting in @awsui/components-react
Ecosystems: npm
Packages: @awsui/components-react
Source: GitHub Advisory Database
Blast Radius: 16.2
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS0zNzU2LWh3aHYtcXc1OM0uwg
Cross site scripting in francoisjacquet/rosariosis
Ecosystems: packagist
Packages: francoisjacquet/rosariosis
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS04MnJyLW1xNHItcDRyM80uuw
SQL injection in francoisjacquet/rosariosis
Ecosystems: packagist
Packages: francoisjacquet/rosariosis
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS00NGNnLXFjcHItZndqaM0upA
Cross site scripting in francoisjacquet/rosariosis
Ecosystems: packagist
Packages: francoisjacquet/rosariosis
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS14MnA4LXJnZm0tcXczds0uwQ
Access Control vulnerability within CoreNLP
Ecosystems: maven
Packages: edu.stanford.nlp:stanford-corenlp
Source: GitHub Advisory Database
Blast Radius: 32.9
Published: over 2 years ago
High
GSA_kwCzR0hTQS02cjg2LTJqbTktOW1oNM0uxg
File upload restriction bypass in Zenario CMS
Ecosystems: packagist
Packages: tribalsystems/zenario
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS00djZwLWN4ZjktOThyZs0ufw
Allocation of Resources Without Limits or Throttling in metadata-extractor
Ecosystems: maven
Packages: com.drewnoakes:metadata-extractor
Source: GitHub Advisory Database
Blast Radius: 17.5
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1wNXBnLXdtOXEtOHY2cs0ugQ
Improper Handling of Exceptional Conditions inn metadata-extractor
Ecosystems: maven
Packages: com.drewnoakes:metadata-extractor
Source: GitHub Advisory Database
Blast Radius: 17.5
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS1waDYyLTg3Njgtcjg3ds0uqg
Arbitrary file delete in ectouch/ectouch
Ecosystems: packagist
Packages: ectouch/ectouch
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1xNjJoLWp3MzgtMjR2aM0ufQ
Uncaught Exception in zip4j
Ecosystems: maven
Packages: net.lingala.zip4j:zip4j
Source: GitHub Advisory Database
Blast Radius: 19.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1wdzk3LTZ2NzQtOXczcM0ulw
EC-CUBE improperly handles HTTP Host header values
Ecosystems: packagist
Packages: ec-cube/ec-cube
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1oajkzLTVmZzMtM2Nocs0uhw
HashiCorp Consul Ingress Gateway Panic Can Shutdown Servers
Ecosystems: go
Packages: github.com/hashicorp/consul
Source: GitHub Advisory Database
Blast Radius: 22.6
Published: over 2 years ago
High
GSA_kwCzR0hTQS02dzR2LXFyNG0tOTdnZ80ucg
Multi-Factor Authentication issue in Laravel Fortify
Ecosystems: packagist
Packages: laravel/fortify
Source: GitHub Advisory Database
Blast Radius: 31.8
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS04d3I0LTJ3bTYtdzNwcs0uRg
B2 Command Line Tool TOCTOU application key disclosure
Ecosystems: pypi
Packages: b2
Source: GitHub Advisory Database
Blast Radius: 6.9
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS01M202LTQ0cmMtaDJxNc0uRQ
Missing server signature validation in OctoberCMS
Ecosystems: packagist
Packages: october/system
Source: GitHub Advisory Database
Blast Radius: 12.2
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1wODY3LWZ4ZnItcGgyd80uRA
b2-sdk-python TOCTOU application key disclosure
Ecosystems: pypi
Packages: b2sdk
Source: GitHub Advisory Database
Blast Radius: 9.3
Published: over 2 years ago
High
GSA_kwCzR0hTQS1oanA4LTJjbTMtY2M0Nc0uQw
Cookie exposure in requestretry
Ecosystems: npm
Packages: requestretry
Source: GitHub Advisory Database
Blast Radius: 35.9
Published: over 2 years ago
High
GSA_kwCzR0hTQS12cWoyLTR2OG0tOHZycc0uPQ
Insecure Temporary File in mlflow
Ecosystems: pypi
Packages: mlflow
Source: GitHub Advisory Database
Blast Radius: 30.4
Published: over 2 years ago
High
GSA_kwCzR0hTQS1tanZjLWo2cnYtOXhqOM0uPA
Insertion of Sensitive Information Into Debugging Code in Microweber
Ecosystems: packagist
Packages: microweber/microweber
Source: GitHub Advisory Database
Blast Radius: 6.2
Published: over 2 years ago
High
GSA_kwCzR0hTQS1qOGN4LWo5ajItZjI5d80uQg
Insecure Storage of Sensitive Information in Microweber
Ecosystems: packagist
Packages: microweber/microweber
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
High
GSA_kwCzR0hTQS1oajhnLWN3OHgtMmM2bc0uOw
Cross-site Scripting in Microweber
Ecosystems: packagist
Packages: microweber/microweber
Source: GitHub Advisory Database
Blast Radius: 5.3
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS00Y3h3LWhxNDQtcjM0NM0uNQ
Off-by-one Error in v2fly/v2ray-core
Ecosystems: go
Packages: github.com/v2fly/v2ray-core, github.com/v2fly/v2ray-core/v4
Source: GitHub Advisory Database
Blast Radius: 17.7
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS00eGM3LXgyanItY3I3NM0uNA
Improper Authorization in dolibarr/dolibarr
Ecosystems: packagist
Packages: dolibarr/dolibarr
Source: GitHub Advisory Database
Blast Radius: 5.1
Published: over 2 years ago
High
GSA_kwCzR0hTQS05Y3d2LWNwcHgtbXFqbc0uMA
Improper Authentication in Capsule Proxy
Ecosystems: go
Packages: github.com/clastix/capsule-proxy
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1qbWhmLTlmajgtODhnaM0uLw
Open Redirect in AllTube
Ecosystems: packagist
Packages: rudloff/alltube
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
High
GSA_kwCzR0hTQS03OWp3LTJmNDYtd3YyMs0uLg
Authenticated remote code execution in October CMS
Ecosystems: packagist
Packages: october/system
Source: GitHub Advisory Database
Blast Radius: 18.2
Published: over 2 years ago
High
GSA_kwCzR0hTQS04NTZxLXh2M2MtN2YyZs0uLQ
Unauthenticated control plane denial of service attack in Istio
Ecosystems: go
Packages: istio.io/istio
Source: GitHub Advisory Database
Blast Radius: 16.3
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1nanE0LTY5d2otcDZwcs0uLA
Path traversal in pimcore
Ecosystems: packagist
Packages: pimcore/pimcore
Source: GitHub Advisory Database
Blast Radius: 16.2
Published: over 2 years ago
High
GSA_kwCzR0hTQS12djZqLXd3NngtNTRneM0uJA
Use after free in Animation
Ecosystems: nuget
Packages: CefSharp.Wpf.NETCore, CefSharp.WinForms.NETCore, CefSharp.OffScreen.NETCore, CefSharp.Common.NETCore, CefSharp.Wpf.HwndHost, CefSharp.Wpf, CefSharp.WinForms, CefSharp.OffScreen, CefSharp.Common
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
High
GSA_kwCzR0hTQS04NmYzLWhmMjQtNzZxNM0uIw
Use of Hard-coded Cryptographic Key in Netmaker
Ecosystems: go
Packages: github.com/gravitl/netmaker
Source: GitHub Advisory Database
Blast Radius: 5.6
Published: over 2 years ago
Low
GSA_kwCzR0hTQS1jY3hjLXZyNnAtNDg1OM0uIg
Improper Certificate Validation in Cosign
Ecosystems: go
Packages: github.com/sigstore/cosign
Source: GitHub Advisory Database
Blast Radius: 9.3
Published: over 2 years ago
High
GSA_kwCzR0hTQS0zOTQ5LWY0OTQtY205Oc0uIQ
Cross-site Scripting in Prism
Ecosystems: npm
Packages: prismjs
Source: GitHub Advisory Database
Blast Radius: 40.0
Published: over 2 years ago
High
GSA_kwCzR0hTQS1mZ3Y4LXZqNWMtMnBwcc0uIA
Incorrect Authorization in runc
Ecosystems: go
Packages: github.com/opencontainers/selinux, github.com/opencontainers/runc
Source: GitHub Advisory Database
Blast Radius: 33.2
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1qZjVyLThobTItZjg3Ms0uHQ
url-parse incorrectly parses hostname / protocol due to unstripped leading control characters.
Ecosystems: npm
Packages: url-parse
Source: GitHub Advisory Database
Blast Radius: 41.7
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS1oZ2poLTcyM2gtbXgyas0t5g
Authorization Bypass Through User-Controlled Key in url-parse
Ecosystems: npm
Packages: url-parse
Source: GitHub Advisory Database
Blast Radius: 58.4
Published: over 2 years ago
Low
GSA_kwCzR0hTQS1jNWdqLXc0aHgtZ3ZteM0t6A
Business Logic Errors in microweber
Ecosystems: packagist
Packages: microweber/microweber
Source: GitHub Advisory Database
Blast Radius: 1.9
Published: over 2 years ago
High
GSA_kwCzR0hTQS01OTQ2LW1wdzUtcHF4eM0t4A
Incorrect Default Permissions in Cobbler
Ecosystems: pypi
Packages: cobbler
Source: GitHub Advisory Database
Blast Radius: 7.4
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS1qM2NoLXZqcGgtOHE2ds0t4w
Command injection in Alluxio
Ecosystems: maven
Packages: org.alluxio:alluxio-core-common
Source: GitHub Advisory Database
Blast Radius: 17.4
Published: over 2 years ago
High
GSA_kwCzR0hTQS02Y200LWdtODUtOTcyY80t2w
Command Injection in Cobbler
Ecosystems: pypi
Packages: cobbler
Source: GitHub Advisory Database
Blast Radius: 8.1
Published: over 2 years ago
High
GSA_kwCzR0hTQS14ODMyLXIycmotNGc1cM0t1w
SSRF in Kitodo.Presentation
Ecosystems: packagist
Packages: kitodo/presentation
Source: GitHub Advisory Database
Blast Radius: 9.0
Published: over 2 years ago
High
GSA_kwCzR0hTQS02eDNqLXg5cnAtd2h4cM0txg
Unrestricted Upload of File with Dangerous Type in showdoc
Ecosystems: packagist
Packages: showdoc/showdoc
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS0zOG05LTN2ZzQtcnd2cM0txQ
Cross-site Scripting in microweber
Ecosystems: packagist
Packages: microweber/microweber
Source: GitHub Advisory Database
Blast Radius: 4.5
Published: over 2 years ago
High
GSA_kwCzR0hTQS1yZ3A1LW0ycHEtM2ZtZ80t0Q
Cross-site Scripting in microweber
Ecosystems: packagist
Packages: microweber/microweber
Source: GitHub Advisory Database
Blast Radius: 6.2
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS0zcDlqLTQ0MngtaGpwN80t0g
Business Logic Errors in microweber
Ecosystems: packagist
Packages: microweber/microweber
Source: GitHub Advisory Database
Blast Radius: 3.7
Published: over 2 years ago
Statistics
Advisories: 20,359
Packages: 8,934
Repositories: 5,448
Ecosystems: 12
Filter by Severity
Moderate 8,822 High 7,063 Critical 3,018 Low 1,120
Filter by Ecosystem
maven 5,802 packagist 4,526 pypi 4,297 npm 3,786 go 2,244 nuget 1,539 rubygems 872 cargo 862 swift 32 hex 30 actions 19 pub 9
Filter by Package
tensorflow 433 tensorflow-gpu 425 tensorflow-cpu 422 moodle/moodle 343 Microsoft.ChakraCore 247 magento/community-edition 235 org.jenkins-ci.main:jenkins-core 193 typo3/cms 174 org.apache.tomcat:tomcat 132 pimcore/pimcore 118 dolibarr/dolibarr 112 typo3/cms-core 106 Django 100 microweber/microweber 94 phpmyadmin/phpmyadmin 92 drupal/core 92 silverstripe/framework 85 apache-airflow 84 drupal/drupal 77 Plone 72 thorsten/phpmyfaq 70 com.fasterxml.jackson.core:jackson-databind 69 symfony/symfony 64 github.com/usememos/memos 63 ansible 63 actionpack 60 concrete5/concrete5 60 librenms/librenms 60 github.com/mattermost/mattermost/server/v8 56 salt 55 org.apache.struts:struts2-core 55 shopware/platform 52 org.keycloak:keycloak-core 51 apache-superset 51 nova 47 github.com/grafana/grafana 47 mlflow 46 com.liferay.portal:release.portal.bom 46 django 44 nokogiri 43 baserproject/basercms 43 craftcms/cms 43 rdiffweb 42 plone 41 showdoc/showdoc 40 shopware/core 40 intelliants/subrion 39 froxlor/froxlor 38 vyper 38 mautic/core 37 org.apache.tomcat.embed:tomcat-embed-core 37 nilsteampassnet/teampass 37 org.xwiki.platform:xwiki-platform-oldcore 37 github.com/mattermost/mattermost-server/v6 37 com.jfinal:jfinal 36 org.elasticsearch:elasticsearch 36 org.keycloak:keycloak-services 36 com.thoughtworks.xstream:xstream 36 github.com/hashicorp/vault 36 matrix-synapse 35 net.mingsoft:ms-mcms 35 moin 35 snipe/snipe-it 34 k8s.io/kubernetes 34 github.com/rancher/rancher 34 github.com/answerdev/answer 34 zendframework/zendframework1 34 gradio 32 org.jenkins-ci.plugins:script-security 32 io.undertow:undertow-core 32 opencv-contrib-python 31 Pillow 31 opencv-python 31 github.com/argoproj/argo-cd 31 parse-server 31 keystone 31 shopware/shopware 30 getgrav/grav 29 github.com/docker/docker 29 github.com/hashicorp/nomad 27 github.com/argoproj/argo-cd/v2 27 centreon/centreon 27 pillow 26 openssl-src 26 prestashop/prestashop 26 directus 26 electron 26 github.com/hashicorp/consul 26 org.apache.solr:solr-core 25 github.com/cilium/cilium 25 rubygems-update 25 org.keycloak:keycloak-parent 25 org.springframework.security:spring-security-core 24 mediawiki/core 24 magento/core 24 contao/core-bundle 24 gogs.io/gogs 24 org.eclipse.jetty:jetty-server 24 pocketmine/pocketmine-mp 23 remdex/livehelperchat 23 zendframework/zendframework 23 puppet 23 grumpydictator/firefly-iii 23 rack 23 simplesamlphp/simplesamlphp 23 tribalsystems/zenario 22 ckb 22 org.bouncycastle:bcprov-jdk14 22 getkirby/cms 22 activerecord 21 org.apache.openmeetings:openmeetings-parent 21 Microsoft.AspNetCore.App.Runtime.win-x86 21 Microsoft.AspNetCore.App.Runtime.win-x64 21 org.apache.nifi:nifi 21 @openzeppelin/contracts-upgradeable 21 Microsoft.AspNetCore.App.Runtime.win-arm 20 code.gitea.io/gitea 20 @openzeppelin/contracts 20 org.cloudfoundry.identity:cloudfoundry-identity-server 20 github.com/ethereum/go-ethereum 20 glance 20 org.xwiki.platform:xwiki-platform-web-templates 19 org.springframework:spring-core 19 DotNetNuke.Core 19 laravel/framework 19 contao/contao 19 topthink/framework 18 mercurial 18 mindsdb 18 com.vaadin:vaadin-bom 18 wasmtime 18 golang.org/x/net 18 langchain 18 cockpit-hq/cockpit 18 github.com/goharbor/harbor 18 Microsoft.AspNetCore.App.Runtime.linux-arm 18 com.liferay.portal:release.dxp.bom 18 Microsoft.AspNetCore.App.Runtime.linux-arm64 18 next 18 Microsoft.AspNetCore.App.Runtime.osx-x64 18 Microsoft.AspNetCore.App.Runtime.win-arm64 18 Microsoft.AspNetCore.App.Runtime.linux-x64 18 forkcms/forkcms 18 github.com/traefik/traefik/v2 18 Microsoft.AspNetCore.App.Runtime.linux-musl-x64 18 cakephp/cakephp 17 genix/cms 17 PaddlePaddle 17 cobbler 17 opencart/opencart 17 notebook 17 Microsoft.AspNetCore.App.Runtime.linux-musl-arm64 17 helm.sh/helm/v3 17 symfony/security 17 org.apache.geode:geode-core 17 ezsystems/ezpublish-kernel 17 francoisjacquet/rosariosis 17 typo3/cms-backend 16 openmage/magento-lts 16 org.apache.dubbo:dubbo 16 yetiforce/yetiforce-crm 16 tinymce 16 org.bouncycastle:bcprov-jdk15 16 neutron 16 rusqlite 16 cryptography 16 org.apache.activemq:activemq-client 16 sequelize 16 org.apache.jspwiki:jspwiki-main 16 pyload-ng 15 smarty/smarty 15 org.apache.struts.xwork:xwork-core 15 ec-cube/ec-cube 15 ghost 15 ckeditor4 15 october/system 15 paddlepaddle 15 ethyca-fides 15 org.apache.inlong:manager-pojo 14 bolt/bolt 14 silverstripe/cms 14 feehi/cms 14 symfony/security-http 14 activesupport 14 org.xwiki.platform:xwiki-platform-web 14 modoboa 14 phpmailer/phpmailer 14 swagger-ui 14 github.com/zitadel/zitadel 14 pyftpdlib 14 github.com/containerd/containerd 14 github.com/nats-io/nats-server/v2 14 publify_core 14 undici 13 deno 13 passenger 13 camaleon_cms 13 vantage6 13 joplin 13 org.apache.hadoop:hadoop-main 13
Filter by Repository
https://github.com/tensorflow/tensorflow 433 https://github.com/chakra-core/ChakraCore 214 https://github.com/moodle/moodle 214 https://github.com/xwiki/xwiki-platform 183 https://github.com/jenkinsci/jenkins 150 https://github.com/pimcore/pimcore 113 https://github.com/django/django 113 https://github.com/apache/airflow 98 https://github.com/apache/tomcat 97 https://github.com/microweber/microweber 88 https://github.com/TYPO3/typo3 74 https://github.com/keycloak/keycloak 74 https://github.com/FasterXML/jackson-databind 70 https://github.com/thorsten/phpmyfaq 69 https://github.com/silverstripe/silverstripe-framework 64 https://github.com/usememos/memos 63 https://github.com/rails/rails 59 https://github.com/symfony/symfony 57 https://github.com/Dolibarr/dolibarr 56 https://github.com/ansible/ansible 56 https://github.com/librenms/librenms 52 https://github.com/kubernetes/kubernetes 52 https://github.com/python-pillow/Pillow 52 https://github.com/apache/struts 46 https://github.com/spring-projects/spring-framework 45 https://github.com/shopware/platform 43 https://github.com/argoproj/argo-cd 42 https://github.com/ikus060/rdiffweb 42 https://github.com/concretecms/concretecms 41 https://github.com/grafana/grafana 40 https://github.com/star7th/showdoc 38 https://github.com/vyperlang/vyper 38 https://github.com/magento/magento2 38 https://github.com/phpmyadmin/phpmyadmin 38 https://github.com/openstack/nova 37 https://github.com/plone/Products.CMFPlone 37 https://github.com/x-stream/xstream 36 https://github.com/octobercms/october 35 https://github.com/mautic/mautic 35 https://github.com/answerdev/answer 34 https://github.com/saltstack/salt 33 https://github.com/apache/activemq 33 https://github.com/go-gitea/gitea 32 https://github.com/matrix-org/synapse 32 https://github.com/opencv/opencv 32 https://github.com/sparklemotion/nokogiri 32 https://github.com/parse-community/parse-server 31 https://github.com/PaddlePaddle/Paddle 31 https://github.com/craftcms/cms 31 https://github.com/dotnet/runtime 31 https://github.com/snipe/snipe-it 30 https://github.com/mlflow/mlflow 30 https://github.com/gradio-app/gradio 30 https://github.com/rancher/rancher 29 https://github.com/CVEProject/cvelist 28 https://github.com/openstack/keystone 28 https://github.com/shopware/shopware 28 https://github.com/apache/inlong 27 https://github.com/froxlor/froxlor 26 https://github.com/directus/directus 25 https://github.com/contao/contao 25 https://github.com/electron/electron 25 https://github.com/umbraco/Umbraco-CMS 25 https://github.com/cilium/cilium 25 https://github.com/strapi/strapi 24 https://github.com/TYPO3/TYPO3.CMS 24 https://github.com/github/advisory-database 24 https://github.com/getgrav/grav 24 https://github.com/gogs/gogs 24 https://github.com/eclipse/jetty.project 23 https://github.com/livehelperchat/livehelperchat 23 https://github.com/firefly-iii/firefly-iii 23 https://github.com/pmmp/PocketMine-MP 23 https://github.com/PrestaShop/PrestaShop 22 https://github.com/baserproject/basercms 22 https://github.com/apache/nifi 22 https://github.com/nervosnetwork/ckb 22 https://github.com/jenkinsci/script-security-plugin 21 https://github.com/apache/cxf 21 https://github.com/netty/netty 20 https://github.com/OpenZeppelin/openzeppelin-contracts 20 https://github.com/simplesamlphp/simplesamlphp 20 https://github.com/OpenNMS/opennms 20 https://github.com/jeecgboot/jeecg-boot 20 https://github.com/langchain-ai/langchain 20 https://github.com/cloudfoundry/uaa 19 https://github.com/bcgit/bc-java 19 https://github.com/getkirby/kirby 19 https://github.com/bytecodealliance/wasmtime 19 https://github.com/hashicorp/consul 19 https://github.com/nilsteampassnet/teampass 19 https://github.com/goharbor/harbor 18 https://github.com/helm/helm 18 https://github.com/rubygems/rubygems 18 https://github.com/intelliants/subrion 18 https://github.com/geoserver/geoserver 18 https://github.com/traefik/traefik 18 https://github.com/nilsteampassnet/TeamPass 18 https://github.com/rack/rack 18 https://github.com/moby/moby 17 https://github.com/liufee/cms 17 https://github.com/undertow-io/undertow 17 https://github.com/vaadin/platform 17 https://github.com/zitadel/zitadel 17 https://github.com/mindsdb/mindsdb 17 https://github.com/tinymce/tinymce 16 https://github.com/ethereum/go-ethereum 16 https://github.com/etcd-io/etcd 16 https://github.com/OpenMage/magento-lts 16 https://github.com/hashicorp/vault 16 https://github.com/yetiforcecompany/yetiforcecrm 16 https://github.com/backstage/backstage 16 https://github.com/forkcms/forkcms 16 https://github.com/TYPO3-CMS/core 16 https://github.com/rusqlite/rusqlite 16 https://github.com/sequelize/sequelize 16 https://github.com/opencast/opencast 16 https://github.com/apache/camel 15 https://github.com/pyload/pyload 15 https://github.com/denoland/deno 15 https://github.com/zendframework/zendframework 15 https://github.com/ethyca/fides 15 https://github.com/puppetlabs/puppet 15 https://github.com/pyca/cryptography 15 https://github.com/vantage6/vantage6 15 https://github.com/centreon/centreon 15 https://github.com/PHPMailer/PHPMailer 15 https://github.com/mattermost/mattermost 15 https://github.com/laravel/framework 15 https://github.com/ckeditor/ckeditor4 14 https://github.com/cockpit-hq/cockpit 14 https://github.com/twisted/twisted 14 https://github.com/cobbler/cobbler 14 https://github.com/xuxueli/xxl-job 14 https://github.com/vercel/next.js 14 https://github.com/dotnet/aspnetcore 14 https://github.com/containerd/containerd 14 https://github.com/decidim/decidim 14 https://github.com/golang/go 13 https://github.com/quarkusio/quarkus 13 https://github.com/dompdf/dompdf 13 https://github.com/hashicorp/nomad 13 https://github.com/swagger-api/swagger-ui 13 https://github.com/publify/publify 13 https://github.com/OPCFoundation/UA-.NETStandard 13 https://github.com/dromara/hutool 13 https://github.com/modoboa/modoboa 13 https://github.com/ming-soft/MCMS 13 https://github.com/nodejs/undici 13 https://github.com/TryGhost/Ghost 13 https://github.com/apache/dolphinscheduler 13 https://github.com/wagtail/wagtail 12 https://github.com/1Panel-dev/1Panel 12 https://github.com/apache/kylin 12 https://github.com/surrealdb/surrealdb 12 https://github.com/puma/puma 12 https://github.com/smarty-php/smarty 12 https://github.com/centreon/centreon-archived 12 https://github.com/containers/podman 12 https://github.com/patriksimek/vm2 12 https://github.com/opencontainers/runc 12 https://github.com/aio-libs/aiohttp 12 https://github.com/pimcore/admin-ui-classic-bundle 12 https://github.com/openfga/openfga 12 https://github.com/urllib3/urllib3 12 https://github.com/laurent22/joplin 12 https://github.com/pomerium/pomerium 11 https://github.com/drupal/core 11 https://github.com/top-think/framework 11 https://github.com/owen2345/camaleon-cms 11 https://github.com/yiisoft/yii2 11 https://github.com/thorsten/phpMyFAQ 11 https://github.com/NodeBB/NodeBB 11 https://github.com/onionshare/onionshare 11 https://github.com/WWBN/AVideo 11 https://github.com/cloudflare/cfrpki 11 https://github.com/scrapy/scrapy 11 https://github.com/Studio-42/elFinder 11 https://github.com/cakephp/cakephp 11 https://github.com/igniterealtime/Openfire 11 https://github.com/vaadin/flow 11 https://github.com/ezsystems/ezpublish-kernel 11 https://github.com/Sylius/Sylius 11 https://github.com/janeczku/calibre-web 11 https://github.com/dpgaspar/Flask-AppBuilder 11 https://github.com/openstack/glance 11 https://github.com/nats-io/nats-server 11 https://github.com/codeigniter4/CodeIgniter4 10 https://github.com/matrix-org/matrix-js-sdk 10 https://github.com/nocodb/nocodb 10 https://github.com/DSpace/DSpace 10 https://github.com/zenml-io/zenml 10 https://github.com/funadmin/funadmin 10 https://github.com/PHPOffice/PhpSpreadsheet 10 https://github.com/phusion/passenger 10 https://github.com/pgadmin-org/pgadmin4 10 https://github.com/dolibarr/dolibarr 10 https://github.com/apache/zeppelin 10 https://github.com/nextauthjs/next-auth 10