Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories

Browse all Security Advisories for

Loading...
High
GSA_kwCzR0hTQS1oaHJqLXdwNDItMzJ2M80tpw
Generation of Error Message Containing Sensitive Information in microweber
Ecosystems: packagist
Packages: microweber/microweber
Source: GitHub Advisory Database
Blast Radius: 5.2
Published: over 2 years ago
High
GSA_kwCzR0hTQS02cnJ3LTRmbTktcmdods0tqA
Use of Hard-coded Cryptographic Key in Netmaker
Ecosystems: go
Packages: github.com/gravitl/netmaker
Source: GitHub Advisory Database
Blast Radius: 6.8
Published: over 2 years ago
High
GSA_kwCzR0hTQS0zd3dqLXdoMnctZzR4cM0tpA
CRLF Injection in microweber
Ecosystems: packagist
Packages: microweber/microweber
Source: GitHub Advisory Database
Blast Radius: 5.3
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS01MnZ2LTN2ZjctZjd3aM0thg
Server-Side Request Forgery and Uncontrolled Resource Consumption in LemMinX
Ecosystems: maven
Packages: org.eclipse.lemminx:lemminx-parent
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1ocnh2LTY5NGYtMjJnM80tkw
Exposure of Sensitive Information to an Unauthorized Actor in LemMinX
Ecosystems: maven
Packages: org.eclipse.lemminx:lemminx-parent
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1nZ2dwLWdoMnAtOTk2eM0tfQ
Path Traversal in LemMinX
Ecosystems: maven
Packages: org.eclipse.lemminx:lemminx-parent
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
High
GSA_kwCzR0hTQS03M3d4LXJwajMtbXg0Ns0teQ
Path traversal in MCMS
Ecosystems: maven
Packages: net.mingsoft:ms-mcms
Source: GitHub Advisory Database
Blast Radius: 2.4
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS1nOGo4LW1naDktcTc3cM0teg
File upload leading to RCE in MCMS
Ecosystems: maven
Packages: net.mingsoft:ms-mcms
Source: GitHub Advisory Database
Blast Radius: 3.0
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS1tNjM5LTl3aGctZnc5N80teA
Prototype Pollution in object-extend
Ecosystems: npm
Packages: object-extend
Source: GitHub Advisory Database
Blast Radius: 17.0
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS14d3Y2LXY3cXgtZjVqY80tiQ
Code injection in ezsystems/ezpublish-kernel
Ecosystems: packagist
Packages: ezsystems/ezpublish-kernel
Source: GitHub Advisory Database
Blast Radius: 25.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS14OHh4LXg4MnEtNDJxM80tiA
Exposure of Resource to Wrong Sphere in ezsystems/ezplatform-kernel
Ecosystems: packagist
Packages: ezsystems/ezplatform-kernel
Source: GitHub Advisory Database
Blast Radius: 10.6
Published: over 2 years ago
High
GSA_kwCzR0hTQS1ycHZyLW13N3ItMjV4eM0tdw
MCMS Arbitrary File Deletion vulnerability
Ecosystems: maven
Packages: net.mingsoft:ms-mcms, net.mingsoft:ms-basic
Source: GitHub Advisory Database
Blast Radius: 7.1
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS1nYzc5LWdoNGYtOWc2d80tdQ
Server Side Template Injection in MCMS
Ecosystems: maven
Packages: net.mingsoft:ms-mcms
Source: GitHub Advisory Database
Blast Radius: 2.7
Published: over 2 years ago
High
GSA_kwCzR0hTQS1mbWZ2LXg4bXAtNTc2N80s5g
Improper input validation in Drupal core
Ecosystems: packagist
Packages: drupal/core
Source: GitHub Advisory Database
Blast Radius: 27.9
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1wd3dtLXB3eDItMmh3N80s5A
Generation of Error Message Containing Sensitive Information in Snipe-IT
Ecosystems: packagist
Packages: snipe/snipe-it
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS03M3E0LWozMjQtMnFjY80s4w
Incorrect authorization in Drupal core
Ecosystems: packagist
Packages: drupal/core
Source: GitHub Advisory Database
Blast Radius: 24.2
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS01OXg0LTY3bWgtcHg1NM0s4Q
Crypt_GPG does not prevent additional options in GPG calls
Ecosystems: packagist
Packages: pear/crypt_gpg
Source: GitHub Advisory Database
Blast Radius: 10.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1naHd3LWN2NHYtaG14eM0s1w
Cross-Site Request Forgery microweber
Ecosystems: packagist
Packages: microweber/microweber
Source: GitHub Advisory Database
Blast Radius: 3.0
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS0ycG13LWN2YzctZnJ2aM0s2A
SQL injection in MCMS
Ecosystems: maven
Packages: net.mingsoft:ms-mcms
Source: GitHub Advisory Database
Blast Radius: 3.0
Published: over 2 years ago
High
GSA_kwCzR0hTQS13bXJ4LTU3aG0tbXc3cs0s7Q
Arbitrary file reads in HashiCorp Nomad
Ecosystems: go
Packages: github.com/hashicorp/nomad
Source: GitHub Advisory Database
Blast Radius: 17.4
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS00Y3BnLTN2Z3ctNDg3N80s1Q
Prototype pollution in Plist before 3.0.5 can cause denial of service
Ecosystems: npm
Packages: plist
Source: GitHub Advisory Database
Blast Radius: 55.3
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS04djM4LXB3NjItOWN3Ms0s1g
url-parse Incorrectly parses URLs that include an '@'
Ecosystems: npm
Packages: url-parse
Source: GitHub Advisory Database
Blast Radius: 41.7
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1mbXZtLXg4bXYtNDdtas0s0Q
Improper CSP in Image Optimization API for Next.js versions between 10.0.0 and 12.1.0
Ecosystems: npm
Packages: next
Source: GitHub Advisory Database
Blast Radius: 32.7
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1oMmZqLTc3d2gtZmg1d80s0A
Cross-site Scripting in livehelperchat
Ecosystems: packagist
Packages: remdex/livehelperchat
Source: GitHub Advisory Database
Blast Radius: 4.7
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1nY3Y4LWdoNHItMjV4Ns0szg
Authorization Bypass Through User-Controlled Key in urijs
Ecosystems: npm
Packages: urijs
Source: GitHub Advisory Database
Blast Radius: 34.3
Published: over 2 years ago
High
GSA_kwCzR0hTQS1qNTd3LTNjMzktZ3BwNc0svQ
Improper Privilege Management in Snipe-IT
Ecosystems: packagist
Packages: snipe/snipe-it
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS12OXA5LTUzNXctNDI4Nc0shg
Prototype Pollution in litespeed.js and appwrite/server-ce
Ecosystems: packagist, npm
Packages: appwrite/server-ce, litespeed.js
Source: GitHub Advisory Database
Blast Radius: 13.3
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS1mOGZ2LWY3ODYtOTkzM80skg
Magento improper input validation vulnerability
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 10.6
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS1wN3c5LThteHctcDNnN80shw
Improper Certificate Validation in Hutool
Ecosystems: maven
Packages: cn.hutool:hutool-http
Source: GitHub Advisory Database
Blast Radius: 26.6
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS12aDJyLXg5N2MtMnZwcs0slg
SQL Injection in Jeecg-boot
Ecosystems: maven
Packages: org.jeecgframework.boot:jeecg-boot-base-core, org.jeecgframework.boot:jeecg-boot-base
Source: GitHub Advisory Database
Blast Radius: 23.2
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS1mOXBnLWc5eHctcjVnMs0siw
SQL Injection in Jeecg-boot
Ecosystems: maven
Packages: org.jeecgframework.boot:jeecg-boot-base-core, org.jeecgframework.boot:jeecg-boot-base
Source: GitHub Advisory Database
Blast Radius: 23.2
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS12ZzI3LWhyM3YtM2Nxds0scg
open redirect in pollbot
Ecosystems: pypi
Packages: pollbot
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
High
GSA_kwCzR0hTQS03cDc5LTZ4MnYtNWg4OM0scQ
Server crash if running Python 3.10 w/ Sanic 20.12
Ecosystems: pypi
Packages: sanic
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1oMjg5LXg1d2MteGN2OM0scA
Improper Validation of Certificate with Host Mismatch in mellium.im/xmpp/websocket
Ecosystems: go
Packages: mellium.im/xmpp
Source: GitHub Advisory Database
Blast Radius: 6.6
Published: over 2 years ago
High
GSA_kwCzR0hTQS1xYzg0LWdxZjQtOTkyNs0sbw
crossbeam-utils Race Condition vulnerability
Ecosystems: cargo
Packages: crossbeam-utils
Source: GitHub Advisory Database
Blast Radius: 38.1
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS04OHhxLXc4Y3EteGZnN80sbg
Invalid drop of partially-initialized instances in the pooling instance allocator for modules with defined `externref` globals
Ecosystems: cargo
Packages: wasmtime
Source: GitHub Advisory Database
Blast Radius: 17.3
Published: over 2 years ago
High
GSA_kwCzR0hTQS1ocmh4LTZoMzQtajVoY80sbQ
Skip the router TLS configuration when the host header is an FQDN
Ecosystems: go
Packages: github.com/traefik/traefik/v2
Source: GitHub Advisory Database
Blast Radius: 12.7
Published: over 2 years ago
High
GSA_kwCzR0hTQS1jZzNxLWo1NGYtNXA3cM0sbA
Uncontrolled Resource Consumption in promhttp
Ecosystems: go
Packages: github.com/prometheus/client_golang
Source: GitHub Advisory Database
Blast Radius: 37.7
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS02NzNqLXFtNWYteHB2OM0saw
pgjdbc Arbitrary File Write Vulnerability
Ecosystems: maven
Packages: org.postgresql:postgresql
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
High
GSA_kwCzR0hTQS0zM3dmLTRjcm0tMjMyMs0sag
Improper Access Control in librenms
Ecosystems: packagist
Packages: librenms/librenms
Source: GitHub Advisory Database
Blast Radius: 2.1
Published: over 2 years ago
High
GSA_kwCzR0hTQS1wcGZtLXJqNnAtMzhxNs0sYw
Improper Authorization in librenms
Ecosystems: packagist
Packages: librenms/librenms
Source: GitHub Advisory Database
Blast Radius: 2.1
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS0yNTRxLXJxbXctdng0Nc0sYQ
Exposure of Sensitive Information to an Unauthorized Actor in librenms
Ecosystems: packagist
Packages: librenms/librenms
Source: GitHub Advisory Database
Blast Radius: 2.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1najI2LWc1cWYtanJoN80sYA
Cross-site Scripting in librenms
Ecosystems: packagist
Packages: librenms/librenms
Source: GitHub Advisory Database
Blast Radius: 1.6
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1ydzk4LTU4NDYtcHFoeM0sWA
Open redirect in microweber
Ecosystems: packagist
Packages: microweber/microweber
Source: GitHub Advisory Database
Blast Radius: 4.3
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS12cHE3LW00cW0tcDJncM0sVw
Microweber vulnerable to Improper Validation of Specified Quantity in Input
Ecosystems: packagist
Packages: microweber/microweber
Source: GitHub Advisory Database
Blast Radius: 3.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS02am02LWNtY3AtZnFqcc0sVA
Nomad Spread Job Stanza May Trigger Panic in Servers
Ecosystems: go
Packages: github.com/hashicorp/nomad
Source: GitHub Advisory Database
Blast Radius: 15.1
Published: over 2 years ago
High
GSA_kwCzR0hTQS00bTdwLTU1am0tM3Z3ds0sTg
Improper Neutralization of Special Elements used in an OS Command in Jenkins Pipeline: Groovy Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins.workflow:workflow-cps
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
High
GSA_kwCzR0hTQS1wajg0LXFqbTMtNzdtZ80sTA
Jenkins Pipeline: Multibranch Plugin vulnerable to OS Command Injection
Ecosystems: maven
Packages: org.jenkins-ci.plugins.workflow:workflow-multibranch
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
High
GSA_kwCzR0hTQS1nOWZ4LTZqNWMtZ3Jtd80sSw
Improper Neutralization of Special Elements used in an OS Command in Jenkins Pipeline: Shared Groovy Libraries Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins.workflow:workflow-cps-global-lib
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1xMjM0LXg4ODctOXJ4aM0sSg
Improper Link Resolution Before File Access in Jenkins Pipeline: Shared Groovy Libraries Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins.workflow:workflow-cps-global-lib
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS02NDczLWdxcmotNHA2Nc0sSQ
Improper Link Resolution Before File Access in Jenkins Pipeline: Groovy Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins.workflow:workflow-cps
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS01aGZ2LW1nNXgtbXYzMs0sRw
Improper Limitation of a Pathname to a Restricted Directory in Jenkins Pipeline: Shared Groovy Libraries Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins.workflow:workflow-cps-global-lib
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS0ybTl3LTl4aDItd3hjM80sSA
Link Following in Jenkins Pipeline Multibranch Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins.workflow:workflow-multibranch
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1xdjZxLXg5dnItdzdqM80sRQ
Jenkins Pipeline: Groovy Plugin has Insufficiently Protected Credentials
Ecosystems: maven
Packages: org.jenkins-ci.plugins.workflow:workflow-cps
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
High
GSA_kwCzR0hTQS03dzJ3LWZ3cGYtOW00aM0sRg
Jenkins Pipeline: Deprecated Groovy Libraries Plugin Protection Mechanism Failure
Ecosystems: maven
Packages: org.jenkins-ci.plugins.workflow:workflow-cps-global-lib
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
High
GSA_kwCzR0hTQS1wZndwLXE5ODQtdzd3aM0sRA
Jenkins Pipeline: Deprecated Groovy Libraries Plugin Protection Mechanism Failure
Ecosystems: maven
Packages: org.jenkins-ci.plugins.workflow:workflow-cps-global-lib
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
High
GSA_kwCzR0hTQS03cmN3LWZ3ZmgtMmgyZ80sQw
Jenkins Pipeline: Deprecated Groovy Libraries Plugin Protection Mechanism Failure
Ecosystems: maven
Packages: org.jenkins-ci.plugins.workflow:workflow-cps-global-lib
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1nODRmLWNtYzgtNjgyY80sQQ
Password parameter default values exposed by Jenkins Pipeline: Build Step Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:pipeline-build-step
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1xcXd4LWhjcDYtMjV2cs0sQA
Stored XSS vulnerability in Jenkins Generic Webhook Trigger Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:generic-webhook-trigger
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Low
GSA_kwCzR0hTQS1mbTZxLTk3Z3ctYzR3aM0sPg
Agent-to-controller security bypass in Jenkins HashiCorp Vault Plugin
Ecosystems: maven
Packages: com.datapipe.jenkins.plugins:hashicorp-vault-plugin
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS01bThmLXYzZ3ctaDk0d80sPw
Jenkins Support Core Plugin stores sensitive data in plain text
Ecosystems: maven
Packages: org.jenkins-ci.plugins:support-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
High
GSA_kwCzR0hTQS02cThyLTVwbTYtdjJxOM0sPA
Stored Cross-site Scripting vulnerability in Jenkins Custom Checkbox Parameter Plugin
Ecosystems: maven
Packages: io.jenkins.plugins:custom-checkbox-parameter
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS0yM2g1LThwaDYtN3JmY80sPQ
Path traversal vulnerability in Jenkins Fortify Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:fortify
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
High
GSA_kwCzR0hTQS01M2M0LWNtaGYtZ3A3d80sOg
Stored Cross-site Scripting vulnerability in Jenkins Agent Server Parameter Plugin
Ecosystems: maven
Packages: io.jenkins.plugins:agent-server-parameter
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS0zNzJmLWpjNDctN2dyNc0sOw
Missing permission check in Jenkins Conjur Secrets Plugin allows enumerating credentials IDs
Ecosystems: maven
Packages: org.conjur.jenkins:conjur-credentials
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1maGZoLTZjamctNTdyZ80sQg
Jenkins Snow Commander Plugin 2.0 vulnerable to Cross-Site Request Forgery
Ecosystems: maven
Packages: io.jenkins.plugins:embotics-vcommander
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS0ycGhxLWdoZjgtNjU4Ns0sOQ
Jenkins Snow Commander Plugin prior to 2.0 vulnerable to Missing Authorization
Ecosystems: maven
Packages: io.jenkins.plugins:embotics-vcommander
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
High
GSA_kwCzR0hTQS1nNXdoLWZ3NG0tMnYyOM0sOA
CSRF vulnerability in Jenkins autonomiq plugin
Ecosystems: maven
Packages: io.jenkins.plugins:autonomiq
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS02anY3LTI4bXYtcXA5Y80sNw
Missing permission check in Jenkins autonomiq Plugin
Ecosystems: maven
Packages: io.jenkins.plugins:autonomiq
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1tdnE4LWhneGgtNHYyZ80sNg
Open redirect vulnerability in Jenkins GitLab Authentication Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:gitlab-oauth
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
High
GSA_kwCzR0hTQS03ZzdnLTgyZnAtaHB4eM0sNQ
CSRF vulnerability in Jenkins SCP publisher Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:scp
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS0yNTg3LXc5M2ctNjNtMs0sNA
Agent-to-controller security bypass in Jenkins HashiCorp Vault Plugin allows reading arbitrary files
Ecosystems: maven
Packages: com.datapipe.jenkins.plugins:hashicorp-vault-plugin
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS01cGNmLXZ4bTMtZnJwaM0sMw
CSRF vulnerability in Jenkins Checkmarx Plugin allow capturing credentials
Ecosystems: maven
Packages: com.checkmarx.jenkins:checkmarx
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
High
GSA_kwCzR0hTQS12ajNqLThtNngtbWpxNs0sMg
Missing permission check in Jenkins SCP publisher Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:scp
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1nYzdxLTd2ZzMtaDhnZs0sMA
Stored Cross-site Scripting vulnerability in Jenkins Promoted Builds (Simple) Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:promoted-builds-simple
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS13d2Y2LXgycnYtdnhxaM0sMQ
Missing permission checks in Jenkins Checkmarx Plugin allow capturing credentials
Ecosystems: maven
Packages: com.checkmarx.jenkins:checkmarx
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS02NHE5LWYzOGgtOW13eM0sLg
Protection Mechanism Failure in Jenkins Doktor Plugin
Ecosystems: maven
Packages: by.dev.madhead.doktor:doktor
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1tdjVjLTcyNGYtM2ZxN80sLw
Stored Cross-site Scripting vulnerability in Jenkins Team Views Plugin
Ecosystems: maven
Packages: com.sonymobile.jenkins.plugins.teamviews:team-views
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
High
GSA_kwCzR0hTQS12eDZmLTZycDYtZjJweM0sLQ
Cross-Site Request Forgery in Jenkins dbCharts Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:dbCharts
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
High
GSA_kwCzR0hTQS1tNXdwLXAzZ2otN3E1Z80sLA
Missing Authorization in Jenkins dbCharts Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:dbCharts
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
High
GSA_kwCzR0hTQS14OTJ2LXh2M3gtOXYyOc0sKw
CSRF vulnerability in Jenkins Chef Sinatra Plugin allow XXE
Ecosystems: maven
Packages: org.jenkins-ci.plugins:sinatra-chef-builder
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
High
GSA_kwCzR0hTQS1mcTU2LWM3cmotajNqOc0sKg
Missing permission checks in Jenkins Chef Sinatra Plugin allow XXE
Ecosystems: maven
Packages: org.jenkins-ci.plugins:sinatra-chef-builder
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
High
GSA_kwCzR0hTQS0zOHc4LWgyMjItd3JwcM0sKQ
Improper Restriction of XML External Entity Reference in Jenkins Chef Sinatra
Ecosystems: maven
Packages: org.jenkins-ci.plugins:sinatra-chef-builder
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Low
GSA_kwCzR0hTQS12d3g0LWZycHItdzI3as0sKA
Improper Synchronization in Jenkins Convertigo Mobile Platform Plugin
Ecosystems: maven
Packages: com.convertigo.jenkins.plugins:convertigo-mobile-platform
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS04cDhxLXd2eHgtanE5NM0sJw
Missing permission check in Jenkins SWAMP Plugin allows capturing credentials
Ecosystems: maven
Packages: org.continuousassurance.swamp.jenkins:swamp
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS0ycGo2LTVocWMtdzV4Oc0sJg
CSRF vulnerability in Jenkins SWAMP Plugin allows capturing credentials
Ecosystems: maven
Packages: org.continuousassurance.swamp.jenkins:swamp
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXE5dnctd3I1Ny14anYz
Information Exposure in Heketi
Ecosystems: go
Packages: github.com/heketi/heketi
Source: GitHub Advisory Database
Blast Radius: 27.3
Published: over 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWY5ZnEtdmp2aC03Nzlw
Improper Input Validation in vault-ssh-helper
Ecosystems: go
Packages: github.com/hashicorp/vault-ssh-helper
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTRmcXgtNzRydi02Mzh3
Pivotal Concourse SQL Injection Vulnerability
Ecosystems: go
Packages: github.com/concourse/concourse
Source: GitHub Advisory Database
Blast Radius: 10.1
Published: over 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTV3bWctajg0dy00amo0
Arbitrary File Write via Archive Extraction in mholt/archiver
Ecosystems: go
Packages: github.com/mholt/archiver
Source: GitHub Advisory Database
Blast Radius: 17.8
Published: over 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWpwMzItdm1tNi0zdmY1
Directory Traversal in Kubernetes
Ecosystems: go
Packages: k8s.io/kubernetes, github.com/kubernetes/kubernetes
Source: GitHub Advisory Database
Blast Radius: 28.0
Published: over 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLThtOWctNjQ3Zy01cHh3
Infinite loop in Yubico yubihsm-connector
Ecosystems: go
Packages: github.com/Yubico/yubihsm-connector
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJnamctNjZjeC01eDlt
Grafana Authentication Bypass
Ecosystems: go
Packages: github.com/grafana/grafana
Source: GitHub Advisory Database
Blast Radius: 16.6
Published: over 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWc5bXAtOGczaC0zYzVj
flynn/noise has improper nonce handling yielding potential state DoS
Ecosystems: go
Packages: github.com/flynn/noise
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWhwbXItcHJyMi1jcWM0
Gitea Remote Code Execution
Ecosystems: go
Packages: github.com/go-gitea/gitea
Source: GitHub Advisory Database
Blast Radius: 12.1
Published: over 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXEycXItM2MycC05MjM1
Denial of Service (DoS) in HashiCorp Consul
Ecosystems: go
Packages: github.com/hashicorp/consul
Source: GitHub Advisory Database
Blast Radius: 18.4
Published: over 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTc3Y3ItNmdyOC03cnI5
Use After Free in HashiCorp Nomad
Ecosystems: go
Packages: github.com/hashicorp/nomad
Source: GitHub Advisory Database
Blast Radius: 21.1
Published: over 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZ4NTctN2Y0cS1mcGM3
Arbitrary redirects under /new endpoint
Ecosystems: go
Packages: github.com/prometheus/prometheus
Source: GitHub Advisory Database
Blast Radius: 22.8
Published: over 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWh3cnItcmhtbS12Y3Zm
NULL Pointer Dereference in Kubernetes CSI snapshot-controller
Ecosystems: go
Packages: github.com/kubernetes-csi/external-snapshotter/v3, github.com/kubernetes-csi/external-snapshotter/v2
Source: GitHub Advisory Database
Blast Radius: 16.7
Published: over 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTQ0Z2ctcG1xci00NjY5
Access Restriction Bypass in Docker
Ecosystems: go
Packages: github.com/docker/docker
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
Statistics
Advisories: 20,359
Packages: 8,934
Repositories: 5,448
Ecosystems: 12
Filter by Severity
Moderate 8,822 High 7,063 Critical 3,018 Low 1,120
Filter by Ecosystem
maven 5,802 packagist 4,526 pypi 4,297 npm 3,786 go 2,244 nuget 1,539 rubygems 872 cargo 862 swift 32 hex 30 actions 19 pub 9
Filter by Package
tensorflow 433 tensorflow-gpu 425 tensorflow-cpu 422 moodle/moodle 343 Microsoft.ChakraCore 247 magento/community-edition 235 org.jenkins-ci.main:jenkins-core 193 typo3/cms 174 org.apache.tomcat:tomcat 132 pimcore/pimcore 118 dolibarr/dolibarr 112 typo3/cms-core 106 Django 100 microweber/microweber 94 phpmyadmin/phpmyadmin 92 drupal/core 92 silverstripe/framework 85 apache-airflow 84 drupal/drupal 77 Plone 72 thorsten/phpmyfaq 70 com.fasterxml.jackson.core:jackson-databind 69 symfony/symfony 64 github.com/usememos/memos 63 ansible 63 actionpack 60 concrete5/concrete5 60 librenms/librenms 60 github.com/mattermost/mattermost/server/v8 56 org.apache.struts:struts2-core 55 salt 55 shopware/platform 52 org.keycloak:keycloak-core 51 apache-superset 51 nova 47 github.com/grafana/grafana 47 com.liferay.portal:release.portal.bom 46 mlflow 46 django 44 baserproject/basercms 43 craftcms/cms 43 nokogiri 43 rdiffweb 42 plone 41 shopware/core 40 showdoc/showdoc 40 intelliants/subrion 39 froxlor/froxlor 38 vyper 38 org.xwiki.platform:xwiki-platform-oldcore 37 mautic/core 37 org.apache.tomcat.embed:tomcat-embed-core 37 github.com/mattermost/mattermost-server/v6 37 nilsteampassnet/teampass 37 com.jfinal:jfinal 36 com.thoughtworks.xstream:xstream 36 github.com/hashicorp/vault 36 org.elasticsearch:elasticsearch 36 org.keycloak:keycloak-services 36 net.mingsoft:ms-mcms 35 moin 35 matrix-synapse 35 zendframework/zendframework1 34 github.com/rancher/rancher 34 k8s.io/kubernetes 34 github.com/answerdev/answer 34 snipe/snipe-it 34 gradio 32 org.jenkins-ci.plugins:script-security 32 io.undertow:undertow-core 32 opencv-python 31 opencv-contrib-python 31 Pillow 31 parse-server 31 github.com/argoproj/argo-cd 31 keystone 31 shopware/shopware 30 github.com/docker/docker 29 getgrav/grav 29 github.com/hashicorp/nomad 27 centreon/centreon 27 github.com/argoproj/argo-cd/v2 27 openssl-src 26 directus 26 pillow 26 github.com/hashicorp/consul 26 electron 26 prestashop/prestashop 26 github.com/cilium/cilium 25 org.keycloak:keycloak-parent 25 org.apache.solr:solr-core 25 rubygems-update 25 org.springframework.security:spring-security-core 24 contao/core-bundle 24 org.eclipse.jetty:jetty-server 24 magento/core 24 mediawiki/core 24 gogs.io/gogs 24 remdex/livehelperchat 23 rack 23 grumpydictator/firefly-iii 23 pocketmine/pocketmine-mp 23 puppet 23 simplesamlphp/simplesamlphp 23 zendframework/zendframework 23 tribalsystems/zenario 22 org.bouncycastle:bcprov-jdk14 22 getkirby/cms 22 ckb 22 @openzeppelin/contracts-upgradeable 21 Microsoft.AspNetCore.App.Runtime.win-x86 21 org.apache.openmeetings:openmeetings-parent 21 org.apache.nifi:nifi 21 Microsoft.AspNetCore.App.Runtime.win-x64 21 activerecord 21 @openzeppelin/contracts 20 github.com/ethereum/go-ethereum 20 code.gitea.io/gitea 20 glance 20 org.cloudfoundry.identity:cloudfoundry-identity-server 20 Microsoft.AspNetCore.App.Runtime.win-arm 20 org.xwiki.platform:xwiki-platform-web-templates 19 contao/contao 19 org.springframework:spring-core 19 DotNetNuke.Core 19 laravel/framework 19 mindsdb 18 Microsoft.AspNetCore.App.Runtime.linux-musl-x64 18 next 18 Microsoft.AspNetCore.App.Runtime.linux-arm64 18 Microsoft.AspNetCore.App.Runtime.osx-x64 18 cockpit-hq/cockpit 18 Microsoft.AspNetCore.App.Runtime.linux-x64 18 wasmtime 18 topthink/framework 18 com.liferay.portal:release.dxp.bom 18 github.com/goharbor/harbor 18 github.com/traefik/traefik/v2 18 forkcms/forkcms 18 Microsoft.AspNetCore.App.Runtime.linux-arm 18 com.vaadin:vaadin-bom 18 langchain 18 mercurial 18 golang.org/x/net 18 Microsoft.AspNetCore.App.Runtime.win-arm64 18 genix/cms 17 cobbler 17 helm.sh/helm/v3 17 ezsystems/ezpublish-kernel 17 notebook 17 PaddlePaddle 17 opencart/opencart 17 org.apache.geode:geode-core 17 cakephp/cakephp 17 francoisjacquet/rosariosis 17 Microsoft.AspNetCore.App.Runtime.linux-musl-arm64 17 symfony/security 17 yetiforce/yetiforce-crm 16 sequelize 16 cryptography 16 openmage/magento-lts 16 org.apache.dubbo:dubbo 16 org.apache.jspwiki:jspwiki-main 16 tinymce 16 org.bouncycastle:bcprov-jdk15 16 typo3/cms-backend 16 neutron 16 org.apache.activemq:activemq-client 16 rusqlite 16 ethyca-fides 15 october/system 15 ghost 15 ckeditor4 15 org.apache.struts.xwork:xwork-core 15 ec-cube/ec-cube 15 pyload-ng 15 smarty/smarty 15 paddlepaddle 15 org.apache.inlong:manager-pojo 14 github.com/zitadel/zitadel 14 github.com/nats-io/nats-server/v2 14 pyftpdlib 14 github.com/containerd/containerd 14 symfony/security-http 14 bolt/bolt 14 org.xwiki.platform:xwiki-platform-web 14 activesupport 14 phpmailer/phpmailer 14 silverstripe/cms 14 modoboa 14 publify_core 14 swagger-ui 14 feehi/cms 14 strapi 13 org.apache.cxf:cxf 13 Microsoft.AspNetCore.App.Runtime.linux-musl-arm 13 studio-42/elfinder 13 lollms 13 lavalite/cms 13 angular 13
Filter by Repository
https://github.com/tensorflow/tensorflow 433 https://github.com/chakra-core/ChakraCore 214 https://github.com/moodle/moodle 214 https://github.com/xwiki/xwiki-platform 183 https://github.com/jenkinsci/jenkins 150 https://github.com/django/django 113 https://github.com/pimcore/pimcore 113 https://github.com/apache/airflow 98 https://github.com/apache/tomcat 97 https://github.com/microweber/microweber 88 https://github.com/TYPO3/typo3 74 https://github.com/keycloak/keycloak 74 https://github.com/FasterXML/jackson-databind 70 https://github.com/thorsten/phpmyfaq 69 https://github.com/silverstripe/silverstripe-framework 64 https://github.com/usememos/memos 63 https://github.com/rails/rails 59 https://github.com/symfony/symfony 57 https://github.com/ansible/ansible 56 https://github.com/Dolibarr/dolibarr 56 https://github.com/python-pillow/Pillow 52 https://github.com/librenms/librenms 52 https://github.com/kubernetes/kubernetes 52 https://github.com/apache/struts 46 https://github.com/spring-projects/spring-framework 45 https://github.com/shopware/platform 43 https://github.com/argoproj/argo-cd 42 https://github.com/ikus060/rdiffweb 42 https://github.com/concretecms/concretecms 41 https://github.com/grafana/grafana 40 https://github.com/vyperlang/vyper 38 https://github.com/star7th/showdoc 38 https://github.com/phpmyadmin/phpmyadmin 38 https://github.com/magento/magento2 38 https://github.com/openstack/nova 37 https://github.com/plone/Products.CMFPlone 37 https://github.com/x-stream/xstream 36 https://github.com/mautic/mautic 35 https://github.com/octobercms/october 35 https://github.com/answerdev/answer 34 https://github.com/saltstack/salt 33 https://github.com/apache/activemq 33 https://github.com/matrix-org/synapse 32 https://github.com/opencv/opencv 32 https://github.com/sparklemotion/nokogiri 32 https://github.com/go-gitea/gitea 32 https://github.com/parse-community/parse-server 31 https://github.com/craftcms/cms 31 https://github.com/PaddlePaddle/Paddle 31 https://github.com/dotnet/runtime 31 https://github.com/mlflow/mlflow 30 https://github.com/snipe/snipe-it 30 https://github.com/gradio-app/gradio 30 https://github.com/rancher/rancher 29 https://github.com/CVEProject/cvelist 28 https://github.com/shopware/shopware 28 https://github.com/openstack/keystone 28 https://github.com/apache/inlong 27 https://github.com/froxlor/froxlor 26 https://github.com/contao/contao 25 https://github.com/cilium/cilium 25 https://github.com/umbraco/Umbraco-CMS 25 https://github.com/directus/directus 25 https://github.com/electron/electron 25 https://github.com/TYPO3/TYPO3.CMS 24 https://github.com/strapi/strapi 24 https://github.com/github/advisory-database 24 https://github.com/gogs/gogs 24 https://github.com/getgrav/grav 24 https://github.com/firefly-iii/firefly-iii 23 https://github.com/eclipse/jetty.project 23 https://github.com/livehelperchat/livehelperchat 23 https://github.com/pmmp/PocketMine-MP 23 https://github.com/baserproject/basercms 22 https://github.com/nervosnetwork/ckb 22 https://github.com/PrestaShop/PrestaShop 22 https://github.com/apache/nifi 22 https://github.com/jenkinsci/script-security-plugin 21 https://github.com/apache/cxf 21 https://github.com/netty/netty 20 https://github.com/jeecgboot/jeecg-boot 20 https://github.com/OpenNMS/opennms 20 https://github.com/langchain-ai/langchain 20 https://github.com/simplesamlphp/simplesamlphp 20 https://github.com/OpenZeppelin/openzeppelin-contracts 20 https://github.com/getkirby/kirby 19 https://github.com/cloudfoundry/uaa 19 https://github.com/hashicorp/consul 19 https://github.com/bytecodealliance/wasmtime 19 https://github.com/bcgit/bc-java 19 https://github.com/nilsteampassnet/teampass 19 https://github.com/intelliants/subrion 18 https://github.com/nilsteampassnet/TeamPass 18 https://github.com/rack/rack 18 https://github.com/helm/helm 18 https://github.com/rubygems/rubygems 18 https://github.com/geoserver/geoserver 18 https://github.com/traefik/traefik 18 https://github.com/goharbor/harbor 18 https://github.com/moby/moby 17 https://github.com/liufee/cms 17 https://github.com/undertow-io/undertow 17 https://github.com/mindsdb/mindsdb 17 https://github.com/vaadin/platform 17 https://github.com/zitadel/zitadel 17 https://github.com/TYPO3-CMS/core 16 https://github.com/sequelize/sequelize 16 https://github.com/ethereum/go-ethereum 16 https://github.com/yetiforcecompany/yetiforcecrm 16 https://github.com/opencast/opencast 16 https://github.com/rusqlite/rusqlite 16 https://github.com/tinymce/tinymce 16 https://github.com/etcd-io/etcd 16 https://github.com/backstage/backstage 16 https://github.com/forkcms/forkcms 16 https://github.com/OpenMage/magento-lts 16 https://github.com/hashicorp/vault 16 https://github.com/puppetlabs/puppet 15 https://github.com/pyload/pyload 15 https://github.com/laravel/framework 15 https://github.com/ethyca/fides 15 https://github.com/denoland/deno 15 https://github.com/mattermost/mattermost 15 https://github.com/vantage6/vantage6 15 https://github.com/pyca/cryptography 15 https://github.com/apache/camel 15 https://github.com/zendframework/zendframework 15 https://github.com/centreon/centreon 15 https://github.com/PHPMailer/PHPMailer 15 https://github.com/decidim/decidim 14 https://github.com/containerd/containerd 14 https://github.com/xuxueli/xxl-job 14 https://github.com/dotnet/aspnetcore 14 https://github.com/twisted/twisted 14 https://github.com/cockpit-hq/cockpit 14 https://github.com/vercel/next.js 14 https://github.com/cobbler/cobbler 14 https://github.com/ckeditor/ckeditor4 14 https://github.com/swagger-api/swagger-ui 13 https://github.com/quarkusio/quarkus 13 https://github.com/nodejs/undici 13 https://github.com/OPCFoundation/UA-.NETStandard 13 https://github.com/modoboa/modoboa 13 https://github.com/publify/publify 13 https://github.com/dromara/hutool 13 https://github.com/hashicorp/nomad 13 https://github.com/ming-soft/MCMS 13 https://github.com/dompdf/dompdf 13 https://github.com/apache/dolphinscheduler 13 https://github.com/golang/go 13 https://github.com/TryGhost/Ghost 13 https://github.com/apache/kylin 12 https://github.com/laurent22/joplin 12 https://github.com/puma/puma 12 https://github.com/aio-libs/aiohttp 12 https://github.com/opencontainers/runc 12 https://github.com/containers/podman 12 https://github.com/smarty-php/smarty 12 https://github.com/patriksimek/vm2 12 https://github.com/urllib3/urllib3 12 https://github.com/openfga/openfga 12 https://github.com/1Panel-dev/1Panel 12 https://github.com/pimcore/admin-ui-classic-bundle 12 https://github.com/wagtail/wagtail 12 https://github.com/surrealdb/surrealdb 12 https://github.com/centreon/centreon-archived 12 https://github.com/pomerium/pomerium 11 https://github.com/cakephp/cakephp 11 https://github.com/scrapy/scrapy 11 https://github.com/Studio-42/elFinder 11 https://github.com/thorsten/phpMyFAQ 11 https://github.com/owen2345/camaleon-cms 11 https://github.com/janeczku/calibre-web 11 https://github.com/yiisoft/yii2 11 https://github.com/igniterealtime/Openfire 11 https://github.com/nats-io/nats-server 11 https://github.com/dpgaspar/Flask-AppBuilder 11 https://github.com/drupal/core 11 https://github.com/onionshare/onionshare 11 https://github.com/vaadin/flow 11 https://github.com/Sylius/Sylius 11 https://github.com/NodeBB/NodeBB 11 https://github.com/top-think/framework 11 https://github.com/ezsystems/ezpublish-kernel 11 https://github.com/WWBN/AVideo 11 https://github.com/cloudflare/cfrpki 11 https://github.com/openstack/glance 11 https://github.com/jupyter/notebook 10 https://github.com/zopefoundation/Zope 10 https://github.com/jenkinsci/git-plugin 10 https://github.com/matrix-org/matrix-js-sdk 10 https://github.com/phusion/passenger 10 https://github.com/pgadmin-org/pgadmin4 10 https://github.com/DSpace/DSpace 10 https://github.com/jquery/jquery 10 https://github.com/nautobot/nautobot 10 https://github.com/keystonejs/keystone 10 https://github.com/dolibarr/dolibarr 10 https://github.com/opencart/opencart 10