Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories

Browse all Security Advisories for

Critical

MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJ4MzItam05NS0yY3B4

Authentication Bypass in dex
Ecosystems: go
Packages: github.com/dexidp/dex
Source: GitHub Advisory Database
Blast Radius: 17.9
Published: almost 3 years ago

Critical

GSA_kwCzR0hTQS1xYzIyLXF3bTktajhyeM0dGQ

Remote Code Execution in npm-groovy-lint
Ecosystems: npm
Packages: npm-groovy-lint
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 3 years ago

Moderate

MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJmM20tbWh2Ny14Mzlm

Denial of Service in OpenShift Origin
Ecosystems: go
Packages: github.com/openshift/origin
Source: GitHub Advisory Database
Blast Radius: 12.9
Published: almost 3 years ago

Critical

MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW0zZm0taDVqcC1xNzlw

Authorization bypass in Openshift
Ecosystems: go
Packages: github.com/openshift/origin
Source: GitHub Advisory Database
Blast Radius: 29.3
Published: almost 3 years ago

Critical

MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTY4d20tcGZqZi13cXA2

Authelia vulnerable to an authentication bypassed with malformed request URI on nginx
Ecosystems: go
Packages: github.com/authelia/authelia/v4
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 3 years ago

Moderate

MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXd4YzQtZjRtNi13d3F2

Excessive Platform Resource Consumption within a Loop in Kubernetes
Ecosystems: go
Packages: github.com/go-yaml/yaml, gopkg.in/yaml.v2
Source: GitHub Advisory Database
Blast Radius: 35.1
Published: almost 3 years ago

High

GSA_kwCzR0hTQS1wNnhjLXhyNjItNnIyZ80dEw

Apache Log4j2 vulnerable to Improper Input Validation and Uncontrolled Recursion
Ecosystems: maven
Packages: org.apache.logging.log4j:log4j-core
Source: GitHub Advisory Database
Blast Radius: 42.3
Published: almost 3 years ago

Moderate

GSA_kwCzR0hTQS1mcGZ2LWpxbTktZjVqbc0c3Q

Incorrect Comparison in NumPy
Ecosystems: pypi
Packages: numpy
Source: GitHub Advisory Database
Blast Radius: 30.1
Published: almost 3 years ago

High

GSA_kwCzR0hTQS1xajI3LTMyd3AtZ2hyZ80c2Q

Pyo Buffer Overflow Vulnerability
Ecosystems: pypi
Packages: pyo
Source: GitHub Advisory Database
Blast Radius: 13.7
Published: almost 3 years ago

High

GSA_kwCzR0hTQS0zdzZwLThmODItZ3c4cs0c1Q

Using JMSAppender in log4j configuration may lead to deserialization of untrusted data
Ecosystems: maven
Packages: ru.yandex.clickhouse:clickhouse-jdbc-bridge
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 3 years ago

Moderate

GSA_kwCzR0hTQS1nN3A4LXIyY2gtNHJtZs0crA

Malicious Atomix node queries expose sensitive information
Ecosystems: maven
Packages: io.atomix:atomix
Source: GitHub Advisory Database
Blast Radius: 12.4
Published: almost 3 years ago

High

GSA_kwCzR0hTQS03ZnIyLTk0aDctY2NnMs0crQ

An issue in Atomix v3.1.5 allows unauthorized Atomix nodes to join a target cluster via providing configuration information.
Ecosystems: maven
Packages: io.atomix:atomix
Source: GitHub Advisory Database
Blast Radius: 14.4
Published: almost 3 years ago

High

GSA_kwCzR0hTQS1tNGgzLTdtYzItdjI5Nc0crw

An issue in Atomix v3.1.5 allows a malicious Atomix node to remove states of ONOS storage via abuse of primitive operations.
Ecosystems: maven
Packages: io.atomix:atomix
Source: GitHub Advisory Database
Blast Radius: 15.5
Published: almost 3 years ago

Moderate

GSA_kwCzR0hTQS1tZjI3LXdnNjYtbThmNc0csA

A vulnerability in Atomix v3.1.5 allows attackers to cause a denial of service (DoS) via a Raft session flooding attack using Raft OpenSessionRequest messages.
Ecosystems: maven
Packages: io.atomix:atomix
Source: GitHub Advisory Database
Blast Radius: 12.4
Published: almost 3 years ago

Moderate

GSA_kwCzR0hTQS02dnZoLTU3OTQtdnBtas0csQ

An issue in Atomix v3.1.5 allows attackers to cause a denial of service (DoS) via false member down event messages.
Ecosystems: maven
Packages: io.atomix:atomix
Source: GitHub Advisory Database
Blast Radius: 11.3
Published: almost 3 years ago

High

GSA_kwCzR0hTQS0yZnF3LTY4NGMtcHZwN80csg

An issue in Atomix v3.1.5 allows attackers to cause a denial of service (DoS) via false link event messages sent to a master ONOS node.
Ecosystems: maven
Packages: io.atomix:atomix
Source: GitHub Advisory Database
Blast Radius: 15.5
Published: almost 3 years ago

High

GSA_kwCzR0hTQS00amhjLXdqcjMtcHdoMs0cqw

An issue in Atomix v3.1.5 allows unauthorized Atomix nodes to become the lead node.
Ecosystems: maven
Packages: io.atomix:atomix
Source: GitHub Advisory Database
Blast Radius: 14.4
Published: almost 3 years ago

Moderate

GSA_kwCzR0hTQS02NjhxLXFydjctOTlmbc0ctg

Deserialization of Untrusted Data in logback
Ecosystems: maven
Packages: ch.qos.logback:logback-core
Source: GitHub Advisory Database
Blast Radius: 30.6
Published: almost 3 years ago

Moderate

GSA_kwCzR0hTQS1ycGc3LXE0Y3YtcDQ2Ns0cuw

livehelperchat is vulnerable to Cross-Site Request Forgery (CSRF)
Ecosystems: packagist
Packages: remdex/livehelperchat
Source: GitHub Advisory Database
Blast Radius: 4.5
Published: almost 3 years ago

Moderate

GSA_kwCzR0hTQS1qODVmLXh3OXgtZmZ3cM0cvw

yetiforcecrm is vulnerable to Cross-site Scripting
Ecosystems: packagist
Packages: yetiforce/yetiforce-crm
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 3 years ago

Moderate

GSA_kwCzR0hTQS14bWdqLTVmaDMteGptbc0c1A

Path traversal when MessageBus::Diagnostics is enabled
Ecosystems: rubygems
Packages: message_bus
Source: GitHub Advisory Database
Blast Radius: 12.4
Published: almost 3 years ago

Low

GSA_kwCzR0hTQS01NXh2LWY4NWMtMjQ4cc0c0w

Regular Expression Denial of Service (ReDoS) in jsx-slack
Ecosystems: npm
Packages: jsx-slack
Source: GitHub Advisory Database
Blast Radius: 3.3
Published: almost 3 years ago

Critical

GSA_kwCzR0hTQS1xODY4LWM0dnctcWp4M80czw

ThinkPHP5 SQL Injection vulnerability
Ecosystems: packagist
Packages: topthink/framework
Source: GitHub Advisory Database
Blast Radius: 34.4
Published: almost 3 years ago

High

GSA_kwCzR0hTQS1xMzRoLTk3d2YtOHI4as0cqA

vault-cli contains possible RCE when reading user-defined data
Ecosystems: pypi
Packages: vault-cli
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 3 years ago

Critical

GSA_kwCzR0hTQS1qN2MzLTk2cmYtanJycM0cpw

Critical vulnerability in log4j may affect generated PEAR projects
Ecosystems: maven
Packages: de.averbis.textanalysis:pear-archetype
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 3 years ago

High

GSA_kwCzR0hTQS03djd3LWY3YzYtZjgyOc0cow

YetiForceCRM is vulnerable to Business Logic Errors because product amount can be a negative number
Ecosystems: packagist
Packages: yetiforce/yetiforce-crm
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 3 years ago

Moderate

GSA_kwCzR0hTQS1jeGc3LTg0d3AtOHBjcc0cog

YetiForceCRM is vulnerable to Business Logic Errors in the weight of a product
Ecosystems: packagist
Packages: yetiforce/yetiforce-crm
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 3 years ago

Moderate

GSA_kwCzR0hTQS1md2g3LXY0Z2YteHY3d80ciw

yetiforcecrm is vulnerable to Cross-site Scripting
Ecosystems: packagist
Packages: yetiforce/yetiforce-crm
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 3 years ago

Moderate

GSA_kwCzR0hTQS05YzVjLTVqNGgtOHEyY80btQ

BookStack is vulnerable to Improper Access Control.
Ecosystems: packagist
Packages: ssddanbrown/bookstack
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 3 years ago

High

MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXE2Z3EtOTk3dy1mNTVn

Infinite loop in xz
Ecosystems: go
Packages: github.com/ulikunitz/xz
Source: GitHub Advisory Database
Blast Radius: 31.7
Published: almost 3 years ago

Low

GSA_kwCzR0hTQS1qNXFnLXc5amctM3dnM80cpA

Inability to de-op players if listed in ops.txt with non-lowercase letters
Ecosystems: packagist
Packages: pocketmine/pocketmine-mp
Source: GitHub Advisory Database
Blast Radius: 6.9
Published: almost 3 years ago

Moderate

GSA_kwCzR0hTQS1od3ZtLXZmdzgtOTNtd80cpQ

Vulnerable dependency in XTDB connector
Ecosystems: maven
Packages: org.odpi.egeria:egeria-connector-xtdb
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 3 years ago

Moderate

GSA_kwCzR0hTQS0ybXF2LTRqM3Itdmp2cM0cpg

Open redirect in @auth0/nextjs-auth0
Ecosystems: npm
Packages: @auth0/nextjs-auth0
Source: GitHub Advisory Database
Blast Radius: 20.4
Published: almost 3 years ago

Moderate

GSA_kwCzR0hTQS1ycDJjLWpyZ3AtY3ZyOM0ZGQ

Code injection in plupload
Ecosystems: npm
Packages: plupload
Source: GitHub Advisory Database
Blast Radius: 9.2
Published: almost 3 years ago

Moderate

GSA_kwCzR0hTQS04Yzl4LXdmZ2otdjc4d80ZIQ

Open Redirect in showdoc
Ecosystems: packagist
Packages: showdoc/showdoc
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 3 years ago

High

GSA_kwCzR0hTQS1oeDZnLXE5djIteGg3ds0ZFw

Information exposure in elgg
Ecosystems: packagist
Packages: elgg/elgg
Source: GitHub Advisory Database
Blast Radius: 10.1
Published: almost 3 years ago

Critical

GSA_kwCzR0hTQS03NHI2LWdyajktOHJxNs0ZEw

Remote Code Execution in AjaxNetProfessional
Ecosystems: nuget
Packages: AjaxNetProfessional
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 3 years ago

Critical

GSA_kwCzR0hTQS0yd3IyLThxanEtZ2g1Nc0ZDA

Exposure of Resource to Wrong Sphere in org.craftercms:crafter-search
Ecosystems: maven
Packages: org.craftercms:crafter-search
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 3 years ago

High

GSA_kwCzR0hTQS14cTU4LTY5aDItNzY1bc0ZAQ

Cross Site Request Forgery in mailman
Ecosystems: pypi
Packages: mailman
Source: GitHub Advisory Database
Blast Radius: 10.6
Published: almost 3 years ago

Critical

GSA_kwCzR0hTQS14OTQ5LTdjbTYtZm02cM0avQ

Code Injection in md-to-pdf.
Ecosystems: npm
Packages: md-to-pdf
Source: GitHub Advisory Database
Blast Radius: 22.5
Published: almost 3 years ago

Moderate

GSA_kwCzR0hTQS1qMjhxLXA4d3ctY3A4N80auw

Prototype Pollution in merge-deep2.
Ecosystems: npm
Packages: merge-deep2
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 3 years ago

Moderate

GSA_kwCzR0hTQS05dndmLTU0bTktZ2M0Zs0aug

snipe-it is vulnerable to Improper Access Control
Ecosystems: packagist
Packages: snipe/snipe-it
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 3 years ago

Moderate

GSA_kwCzR0hTQS12eHI0LXJ4dzctZzd2Ns0auQ

Prototype Pollution in comb
Ecosystems: npm
Packages: comb
Source: GitHub Advisory Database
Blast Radius: 11.2
Published: almost 3 years ago

High

GSA_kwCzR0hTQS03cnBqLWhnNDctY3g2Ms0auA

Improper Restriction of XML External Entity Reference in com.h2database:h2.
Ecosystems: maven
Packages: com.h2database:h2
Source: GitHub Advisory Database
Blast Radius: 44.0
Published: almost 3 years ago

Moderate

GSA_kwCzR0hTQS13anBjLWNndncteHgyM80atw

Prototype Pollution in sey
Ecosystems: npm
Packages: sey
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 3 years ago

Moderate

GSA_kwCzR0hTQS04dzN4LXI2eDctYzVyNc0ayw

Cross-site Scripting in pimcore
Ecosystems: packagist
Packages: pimcore/pimcore
Source: GitHub Advisory Database
Blast Radius: 15.2
Published: almost 3 years ago

Moderate

GSA_kwCzR0hTQS0ydjJ2LWZ4N3ItZjJmaM0azA

pimcore is vulnerable to Cross-Site Request Forgery (CSRF)
Ecosystems: packagist
Packages: pimcore/pimcore
Source: GitHub Advisory Database
Blast Radius: 10.7
Published: almost 3 years ago

Moderate

GSA_kwCzR0hTQS0zcDg1LXA0cWctaGNycM0azQ

pimcore is vulnerable to Cross-site Scripting
Ecosystems: packagist
Packages: pimcore/pimcore
Source: GitHub Advisory Database
Blast Radius: 15.2
Published: almost 3 years ago

Moderate

GSA_kwCzR0hTQS04cXY4LWZxNXctcDk2Ns0a1Q

phpservermon is vulnerable to CRLF Injection
Ecosystems: packagist
Packages: phpservermon/phpservermon
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 3 years ago

Moderate

GSA_kwCzR0hTQS12NGNyLW01ZjgtZ3h3OM0a0Q

yetiforcecrm is vulnerable to Cross-Site Request Forgery (CSRF)
Ecosystems: packagist
Packages: yetiforce/yetiforce-crm
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 3 years ago

Moderate

GSA_kwCzR0hTQS1yeGNoLWdwNjItNTc0d80bSg

snipe-it is vulnerable to Cross-site Scripting
Ecosystems: packagist
Packages: snipe/snipe-it
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 3 years ago

High

GSA_kwCzR0hTQS1jNjl3LWpqNTYtODM0d80bUg

Improper Certificate Validation and Improper Validation of Certificate with Host Mismatch in Apache Sling Commons Messaging Mail
Ecosystems: maven
Packages: org.apache.sling:org.apache.sling.commons.messaging.mail
Source: GitHub Advisory Database
Blast Radius: 5.2
Published: almost 3 years ago

Moderate

GSA_kwCzR0hTQS1ycDQyLWM0NWotZzQ2eM0bdg

yetiforcecrm is vulnerable to Cross-site Scripting
Ecosystems: packagist
Packages: yetiforce/yetiforce-crm
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 3 years ago

Moderate

GSA_kwCzR0hTQS1qcWZwLW01ZjgtdmcyOM0clA

Dolibarr Cross Site Scripting (XSS) vulnerability
Ecosystems: packagist
Packages: dolibarr/dolibarr
Source: GitHub Advisory Database
Blast Radius: 4.2
Published: almost 3 years ago

Critical

GSA_kwCzR0hTQS1ndjg3LXE2NmgtNDI3N80ckg

Command injection in itext7-core
Ecosystems: maven
Packages: com.itextpdf:itextpdf, com.itextpdf:itext7-core
Source: GitHub Advisory Database
Blast Radius: 38.2
Published: almost 3 years ago

High

GSA_kwCzR0hTQS04NHB4LXE2OHItMmZjOc0bsw

Privilege escalation in the Sulu Admin panel
Ecosystems: packagist
Packages: sulu/sulu
Source: GitHub Advisory Database
Blast Radius: 15.1
Published: almost 3 years ago

High

GSA_kwCzR0hTQS12eDZqLXBqcmgtdmdqaM0bsg

PHP file inclusion in the Sulu admin panel
Ecosystems: packagist
Packages: sulu/sulu
Source: GitHub Advisory Database
Blast Radius: 18.1
Published: almost 3 years ago

High

GSA_kwCzR0hTQS1nanJqLTlyajQtcGd3eM0bsQ

DoS Vulnerability from Upstream Actix Web Issues
Ecosystems: cargo
Packages: perseus-actix-web
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 3 years ago

High

GSA_kwCzR0hTQS1tbWpmLWY1anctdzcycc0bZA

Invalid handling of `X509_verify_cert()` internal errors in libssl
Ecosystems: cargo
Packages: openssl-src
Source: GitHub Advisory Database
Blast Radius: 26.7
Published: almost 3 years ago

High

GSA_kwCzR0hTQS0yaGZqLWN4dzctZzQ1cM0bRg

Unsafe inline XSS in pasting DOM element into chat
Ecosystems: go
Packages: github.com/owncast/owncast
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 3 years ago

Moderate

GSA_kwCzR0hTQS05YzIyLXB3eHctcDZoeM0bQg

OpenZeppelin Contracts initializer reentrancy may lead to double initialization
Ecosystems: npm
Packages: @openzeppelin/contracts-upgradeable, @openzeppelin/contracts
Source: GitHub Advisory Database
Blast Radius: 25.4
Published: almost 3 years ago

Critical

GSA_kwCzR0hTQS05NGc3LWhwdjgtaDlxbc0bRQ

Remote code injection in Log4j
Ecosystems: maven
Packages: com.splunk.logging:splunk-library-javalogging
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 3 years ago

Critical

GSA_kwCzR0hTQS01OWc0LWhwZzMtM2djcM0bQw

Files Accessible to External Parties in Opencast
Ecosystems: maven
Packages: org.opencastproject:opencast-ingest-service-impl
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 3 years ago

High

GSA_kwCzR0hTQS1oY3h4LW1wNmctNmdyOc0bPw

Opencast publishes global system account credentials
Ecosystems: maven
Packages: org.opencastproject:opencast-common
Source: GitHub Advisory Database
Blast Radius: 11.8
Published: almost 3 years ago

High

GSA_kwCzR0hTQS1qNG1tLTdwajMtamY3ds0bQQ

HTTP Method Spoofing
Ecosystems: maven
Packages: org.opencastproject:opencast-common
Source: GitHub Advisory Database
Blast Radius: 11.8
Published: almost 3 years ago

Critical

GSA_kwCzR0hTQS01Y3FtLWNyeG0tNnFwds0bSA

Buffer overrun in CGI.escape_html
Ecosystems: rubygems
Packages: cgi
Source: GitHub Advisory Database
Blast Radius: 26.4
Published: almost 3 years ago

Moderate

GSA_kwCzR0hTQS1xcGhjLWhmNXEtdjhmY80bRw

actionpack Open Redirect in Host Authorization Middleware
Ecosystems: rubygems
Packages: actionpack
Source: GitHub Advisory Database
Blast Radius: 36.2
Published: almost 3 years ago

High

GSA_kwCzR0hTQS1waDk4LXY3OGYtanFybc0bPg

SQL injection in jackalope/jackalope-doctrine-dbal
Ecosystems: packagist
Packages: jackalope/jackalope-doctrine-dbal
Source: GitHub Advisory Database
Blast Radius: 23.2
Published: almost 3 years ago

Critical

GSA_kwCzR0hTQS1tZjRmLWo1ODgtNXhtOM0bPQ

Apache Log4j Remote Code Execution
Ecosystems: maven
Packages: org.opencastproject:opencast-common
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 3 years ago

High

GSA_kwCzR0hTQS1mcDVyLXYzdzktNDMzM80bRA

JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data
Ecosystems: maven
Packages: org.zenframework.z8.dependencies.commons:log4j-1.2.17, log4j:log4j
Source: GitHub Advisory Database
Blast Radius: 40.3
Published: almost 3 years ago

Critical

Advisories: 20,351
Packages: 8,930
Repositories: 5,446
Ecosystems: 12

Filter by Severity

Moderate 8,817 High 7,060 Critical 3,018 Low 1,120

Filter by Ecosystem

maven 5,802 packagist 4,526 pypi 4,296 npm 3,783 go 2,244 nuget 1,532 rubygems 872 cargo 862 swift 32 hex 30 actions 19 pub 9

Filter by Package

Filter by Repository