Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories

Browse all Security Advisories for

Loading...
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWozNzctMng3Ni01NTho
Improper Input Validation in is-email
Ecosystems: npm
Packages: is-email
Source: GitHub Advisory Database
Blast Radius: 18.3
Published: almost 3 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTl4N20tOWhwZy14eG13
Prototype Pollution in putil-merge
Ecosystems: npm
Packages: putil-merge
Source: GitHub Advisory Database
Blast Radius: 16.5
Published: almost 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXE1d3ItZnZwcS1wNjdn
Integer Overflow in png-img
Ecosystems: npm
Packages: png-img
Source: GitHub Advisory Database
Blast Radius: 17.6
Published: almost 3 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWhtODItcXI0NS1oN213
Prototype Pollution in field
Ecosystems: npm
Packages: field
Source: GitHub Advisory Database
Blast Radius: 12.3
Published: almost 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTQ5dnYtNnE3cS13NWNm
OS Command Injection in Strapi
Ecosystems: npm
Packages: strapi
Source: GitHub Advisory Database
Blast Radius: 26.1
Published: almost 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTIzZnAtZm1ydi1mNXB4
Uncontrolled Resource Consumption in strapi
Ecosystems: npm
Packages: strapi-admin
Source: GitHub Advisory Database
Blast Radius: 17.6
Published: almost 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTNoNjgtd3Z2Ni04cjVo
Improper Removal of Sensitive Information Before Storage or Transfer in Apache Jackrabbit Oak
Ecosystems: maven
Packages: org.apache.jackrabbit:oak-core
Source: GitHub Advisory Database
Blast Radius: 14.4
Published: almost 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXY1MjUtYzNnNS1jZzlw
Unsafe Deserialization that can Result in Code Execution
Ecosystems: maven
Packages: com.rabbitmq.jms:rabbitmq-jms
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 3 years ago
Critical
GSA_kwCzR0hTQS1qZmg4LWMyanAtNXYzcc0asw
Remote code injection in Log4j
Ecosystems: maven
Packages: org.apache.logging.log4j:log4j-core, uk.co.nichesolutions.logging.log4j:log4j-core, org.xbib.elasticsearch:log4j, com.guicedee.services:log4j-core
Source: GitHub Advisory Database
Blast Radius: 49.2
Published: almost 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZqNTQtY2pyeC14Njk2
Observable Discrepancy in Argo
Ecosystems: go
Packages: github.com/argoproj/argo-cd
Source: GitHub Advisory Database
Blast Radius: 7.9
Published: almost 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXYzOWgtcW0zMi04Z3dx
Improperly Controlled Modification of Dynamically-Determined Object Attributes in express-mock-middleware
Ecosystems: npm
Packages: express-mock-middleware
Source: GitHub Advisory Database
Blast Radius: 5.3
Published: almost 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTNwOTQtdmo5Ny1mbTRx
OS Command Injection in fsa
Ecosystems: npm
Packages: fsa
Source: GitHub Advisory Database
Blast Radius: 15.3
Published: almost 3 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTRtNnEtcnhobS02NzV3
OS Command Injection in adb-driver
Ecosystems: npm
Packages: adb-driver
Source: GitHub Advisory Database
Blast Radius: 26.7
Published: almost 3 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTNxOXgtdzUzcC1qZzUz
OS Command Injection in heroku-addonpool
Ecosystems: npm
Packages: heroku-addonpool
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTc2cW0tNGY5My1mZzZm
Improper Input Validation in xdLocalStorage
Ecosystems: npm
Packages: xdLocalStorage
Source: GitHub Advisory Database
Blast Radius: 5.0
Published: almost 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWM2YzQtam1xeC0zcjMz
Open Redirect in xdLocalStorage
Ecosystems: npm
Packages: xdLocalStorage
Source: GitHub Advisory Database
Blast Radius: 4.3
Published: almost 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZyYzctNmc4dy1qaDU2
Improper Input Validation in xdLocalStorage
Ecosystems: npm
Packages: xdLocalStorage
Source: GitHub Advisory Database
Blast Radius: 5.0
Published: almost 3 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTdxOWYteDZybS1xbXhy
Command Injection in compass-compile
Ecosystems: npm
Packages: compass-compile
Source: GitHub Advisory Database
Blast Radius: 3.0
Published: almost 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXhtYzgtMjZxNC1xamh4
Denial of Service (DoS) in Jackson Dataformat CBOR
Ecosystems: maven
Packages: com.fasterxml.jackson.dataformat:jackson-dataformat-cbor
Source: GitHub Advisory Database
Blast Radius: 27.1
Published: almost 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZmcXgtMzNxbS1nODY5
Unsafe Deserialization in jackson-databind
Ecosystems: maven
Packages: com.fasterxml.jackson.core:jackson-databind
Source: GitHub Advisory Database
Blast Radius: 43.6
Published: almost 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXI2OTUtN3ZyOS1qZ2My
Unsafe Deserialization in jackson-databind
Ecosystems: maven
Packages: com.fasterxml.jackson.core:jackson-databind
Source: GitHub Advisory Database
Blast Radius: 43.6
Published: almost 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWY5eGgtMnFncC1jcTU3
Unsafe Deserialization in jackson-databind
Ecosystems: maven
Packages: com.fasterxml.jackson.core:jackson-databind
Source: GitHub Advisory Database
Blast Radius: 43.6
Published: almost 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTltNmYtN3hjcS04dmY4
Unsafe Deserialization in jackson-databind
Ecosystems: maven
Packages: com.fasterxml.jackson.core:jackson-databind
Source: GitHub Advisory Database
Blast Radius: 43.6
Published: almost 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW02eDQtOTd3eC00cTI3
Unsafe Deserialization in jackson-databind
Ecosystems: maven
Packages: com.fasterxml.jackson.core:jackson-databind
Source: GitHub Advisory Database
Blast Radius: 43.6
Published: almost 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLThjNGotMzRyNC14cjhn
Unsafe Deserialization in jackson-databind
Ecosystems: maven
Packages: com.fasterxml.jackson.core:jackson-databind
Source: GitHub Advisory Database
Blast Radius: 43.6
Published: almost 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWN2bTktZmptOS0zNTcy
Unsafe Deserialization in jackson-databind
Ecosystems: maven
Packages: com.fasterxml.jackson.core:jackson-databind
Source: GitHub Advisory Database
Blast Radius: 43.6
Published: almost 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTh3MjYtNmYyNS1jbTl4
Unsafe Deserialization in jackson-databind
Ecosystems: maven
Packages: com.fasterxml.jackson.core:jackson-databind
Source: GitHub Advisory Database
Blast Radius: 43.6
Published: almost 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTlncGgtMjJ4aC04eDk4
Unsafe Deserialization in jackson-databind
Ecosystems: maven
Packages: com.fasterxml.jackson.core:jackson-databind
Source: GitHub Advisory Database
Blast Radius: 43.6
Published: almost 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTg5cXItMzY5Zi01bTV4
Unsafe Deserialization in jackson-databind
Ecosystems: maven
Packages: com.fasterxml.jackson.core:jackson-databind
Source: GitHub Advisory Database
Blast Radius: 43.6
Published: almost 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXFqdzItaHI5OC1xZ2Zo
Unsafe Deserialization in jackson-databind
Ecosystems: maven
Packages: com.fasterxml.jackson.core:jackson-databind
Source: GitHub Advisory Database
Blast Radius: 43.6
Published: almost 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTVyNXItNmhwai04Z2c5
Serialization gadget exploit in jackson-databind
Ecosystems: maven
Packages: com.fasterxml.jackson.core:jackson-databind
Source: GitHub Advisory Database
Blast Radius: 43.6
Published: almost 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXIzZ3ItY3hyZi1oZzI1
Serialization gadgets exploit in jackson-databind
Ecosystems: maven
Packages: com.fasterxml.jackson.core:jackson-databind
Source: GitHub Advisory Database
Blast Radius: 43.6
Published: almost 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXdoOGctM2oyYy1ycWo1
Serialization gadgets exploit in jackson-databind
Ecosystems: maven
Packages: com.fasterxml.jackson.core:jackson-databind
Source: GitHub Advisory Database
Blast Radius: 43.6
Published: almost 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWgzY3ctZzRtcS1jNXgy
Code Injection in jackson-databind
Ecosystems: maven
Packages: com.fasterxml.jackson.core:jackson-databind
Source: GitHub Advisory Database
Blast Radius: 43.6
Published: almost 3 years ago
High
GSA_kwCzR0hTQS12NnJoLWhwNXgtODZyds0afw
Potential bypass of an upstream access control based on URL paths in Django
Ecosystems: pypi
Packages: Django
Source: GitHub Advisory Database
Blast Radius: 36.9
Published: almost 3 years ago
Moderate
GSA_kwCzR0hTQS13eDVqLTU0bW0tcnFxcc0ahg
HTTP request smuggling in netty
Ecosystems: maven
Packages: io.netty:netty, org.jboss.netty:netty, io.netty:netty-codec-http
Source: GitHub Advisory Database
Blast Radius: 27.1
Published: almost 3 years ago
High
GSA_kwCzR0hTQS1tM3JmLTdtNHctcjY2cc0ahQ
Improper Authentication in Flask-AppBuilder
Ecosystems: pypi
Packages: Flask-AppBuilder
Source: GitHub Advisory Database
Blast Radius: 22.4
Published: almost 3 years ago
Moderate
GSA_kwCzR0hTQS03cmcyLXF4bWYtaGh4Oc0ahA
Session fixation in express-openid-connect
Ecosystems: npm
Packages: express-openid-connect
Source: GitHub Advisory Database
Blast Radius: 13.4
Published: almost 3 years ago
Moderate
GSA_kwCzR0hTQS1xcm1tLXc3NXctM3dweM0agw
Server side request forgery in SwaggerUI
Ecosystems: nuget, npm
Packages: Swashbuckle.AspNetCore.SwaggerUI, swagger-ui-react, swagger-ui-dist, swagger-ui
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 3 years ago
Moderate
GSA_kwCzR0hTQS1nZ21yLTQ0Y3YtMjRwbc0Z-w
Code injection via unsafe YAML loading
Ecosystems: pypi
Packages: sockeye
Source: GitHub Advisory Database
Blast Radius: 4.7
Published: almost 3 years ago
High
GSA_kwCzR0hTQS1yNTYyLW04NjItNjN3M80aGg
APM Java Agent Local Privilege Escalation
Ecosystems: pypi
Packages: elastic-apm
Source: GitHub Advisory Database
Blast Radius: 21.1
Published: almost 3 years ago
Moderate
GSA_kwCzR0hTQS02NmhmLTJwNnctanFmd80Zdg
Laravel Framework XSS in Blade templating engine
Ecosystems: packagist
Packages: illuminate/view, laravel/framework
Source: GitHub Advisory Database
Blast Radius: 34.6
Published: almost 3 years ago
High
GSA_kwCzR0hTQS0yNWY1LWdjNGgtaGMyMs0Zhw
Improper Privilege Management in devise_masquerade
Ecosystems: rubygems
Packages: devise_masquerade
Source: GitHub Advisory Database
Blast Radius: 19.6
Published: almost 3 years ago
Moderate
GSA_kwCzR0hTQS05YzR4LTVoZ3EtcTN3aM0Z-Q
Instance config inline secret exposure in Grafana
Ecosystems: go
Packages: github.com/grafana/agent
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 3 years ago
Moderate
GSA_kwCzR0hTQS1majdmLXZxODQtZmg0M80Z-g
Local Code Execution through Argument Injection via dash leading git url parameter in Gemfile.
Ecosystems: rubygems
Packages: bundler
Source: GitHub Advisory Database
Blast Radius: 35.9
Published: almost 3 years ago
Critical
GSA_kwCzR0hTQS13anFjLWo1Mzctajlnas0Z-A
Command injection in git-it-electron
Ecosystems: npm
Packages: git-it-electron
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 3 years ago
High
GSA_kwCzR0hTQS1xeG1yLXF4aDYtMmNjOc0ZdQ
ReDos vulnerability on guest checkout email validation
Ecosystems: rubygems
Packages: solidus_core
Source: GitHub Advisory Database
Blast Radius: 20.8
Published: almost 3 years ago
High
GSA_kwCzR0hTQS02eHhqLWdjanEtd2dmNM0ZdA
SQL injection in prestashop/prestashop
Ecosystems: packagist
Packages: prestashop/prestashop
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: almost 3 years ago
Moderate
GSA_kwCzR0hTQS12OTVjLXA1aG0teHE4Zs0ZQA
Overflow in netlink bytemsg length field allows attacker to override netlink-based container configuration in RunC
Ecosystems: go
Packages: github.com/opencontainers/runc
Source: GitHub Advisory Database
Blast Radius: 26.6
Published: almost 3 years ago
Critical
GSA_kwCzR0hTQS02cjdjLTZ3OTYtOHB2d80ZPw
Remote Code Execution in AjaxNetProfessional
Ecosystems: nuget
Packages: AjaxNetProfessional
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 3 years ago
High
GSA_kwCzR0hTQS0yNW1wLWc2ZnYtbXF4eM0ZPg
Unexpected server crash in Next.js.
Ecosystems: npm
Packages: next
Source: GitHub Advisory Database
Blast Radius: 41.5
Published: almost 3 years ago
Critical
GSA_kwCzR0hTQS1xcnZqLTI3NGgtaGZjZ80ZRw
Deserialization of Untrusted Data in topthink/framework
Ecosystems: packagist
Packages: topthink/framework
Source: GitHub Advisory Database
Blast Radius: 34.4
Published: almost 3 years ago
Moderate
GSA_kwCzR0hTQS14cjM4LXc3NHEtcjhqds0ZQQ
Permissions not properly checked in Invenio-Drafts-Resources
Ecosystems: pypi
Packages: invenio-app-rdm, invenio-rdm-records, invenio-drafts-resources
Source: GitHub Advisory Database
Blast Radius: 8.5
Published: almost 3 years ago
Moderate
GSA_kwCzR0hTQS05NWpwLTc3dzYtcWo1Ms0ZPQ
Cross-site Scripting in python-cjson
Ecosystems: pypi
Packages: python-cjson
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 3 years ago
High
GSA_kwCzR0hTQS03aHBqLWhmY3ItNXF3bc0ZPA
Code injection in FreeIPA
Ecosystems: pypi
Packages: freeipa, ipa
Source: GitHub Advisory Database
Blast Radius: 7.9
Published: almost 3 years ago
Moderate
GSA_kwCzR0hTQS1nNnZxLXdjOHctNGc2Oc0Y3Q
firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)
Ecosystems: packagist
Packages: grumpydictator/firefly-iii
Source: GitHub Advisory Database
Blast Radius: 3.0
Published: almost 3 years ago
Critical
GSA_kwCzR0hTQS1taDlqLXY2bXEtcGZjaM0ZMQ
Path manipulation in matyhtf/framework
Ecosystems: packagist
Packages: matyhtf/framework
Source: GitHub Advisory Database
Blast Radius: 4.7
Published: almost 3 years ago
High
GSA_kwCzR0hTQS1qOTZwLXI1MjMtOHIzd80Xew
HTTP Request Smuggling in github.com/hyperledger/fabric
Ecosystems: go
Packages: github.com/hyperledger/fabric
Source: GitHub Advisory Database
Blast Radius: 19.5
Published: almost 3 years ago
Moderate
GSA_kwCzR0hTQS01dnI2LWhtNjgtNWo5cM0YwQ
Cross-site Scripting in LibreNMS
Ecosystems: packagist
Packages: librenms/librenms
Source: GitHub Advisory Database
Blast Radius: 1.8
Published: almost 3 years ago
Moderate
GSA_kwCzR0hTQS00Z3doLTJwcXgtZjVjY80Ywg
Cross-site Scripting in LibreNMS
Ecosystems: packagist
Packages: librenms/librenms
Source: GitHub Advisory Database
Blast Radius: 1.8
Published: almost 3 years ago
Moderate
GSA_kwCzR0hTQS02dzlwLTg4cWctcDNnM80YyA
Cross-site Scripting in CKAN
Ecosystems: pypi
Packages: ckan
Source: GitHub Advisory Database
Blast Radius: 7.5
Published: almost 3 years ago
Moderate
GSA_kwCzR0hTQS1nd3B4LXEyaDktd3hneM0YzA
elgg is vulnerable to Authorization Bypass Through User-Controlled Key
Ecosystems: packagist
Packages: elgg/elgg
Source: GitHub Advisory Database
Blast Radius: 7.9
Published: almost 3 years ago
Moderate
GSA_kwCzR0hTQS02N2M3LTV2OWotMjI3cs0Yyw
Cross-site Scripting in kimai2
Ecosystems: packagist
Packages: kevinpapst/kimai2
Source: GitHub Advisory Database
Blast Radius: 8.1
Published: almost 3 years ago
Moderate
GSA_kwCzR0hTQS05dzhmLTd3Z3ItMmg3Z80Yzw
kimai2 is vulnerable to Improper Access Control
Ecosystems: packagist
Packages: kevinpapst/kimai2
Source: GitHub Advisory Database
Blast Radius: 8.3
Published: almost 3 years ago
Moderate
GSA_kwCzR0hTQS02cHFtLXh2ZmMtdzdwNM0Yzg
showdoc is vulnerable to Cross-Site Request Forgery (CSRF)
Ecosystems: packagist
Packages: showdoc/showdoc
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 3 years ago
High
GSA_kwCzR0hTQS0ydjVqLXE3NHEtcjUzZs0YzQ
django-helpdesk is vulnerable to Cross-site Scripting
Ecosystems: pypi
Packages: django-helpdesk
Source: GitHub Advisory Database
Blast Radius: 12.3
Published: almost 3 years ago
Moderate
GSA_kwCzR0hTQS1mNTQ1LXZwd3AtcjlqN80Y0A
showdoc is vulnerable to URL Redirection to Untrusted Site
Ecosystems: packagist
Packages: showdoc/showdoc
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 3 years ago
Moderate
GSA_kwCzR0hTQS01ZmgzLTI1eHItZzg1aM0Y1A
snipe-it is vulnerable to Cross-site Scripting
Ecosystems: packagist
Packages: snipe/snipe-it
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 3 years ago
High
GSA_kwCzR0hTQS14NjhjLTRnbW0tNWc0M80Y0w
kimai2 is vulnerable to Cross-site Scripting
Ecosystems: packagist
Packages: kevinpapst/kimai2
Source: GitHub Advisory Database
Blast Radius: 10.2
Published: almost 3 years ago
High
GSA_kwCzR0hTQS1mNzdoLW05dzItdnZnMs0Y3A
showdoc is vulnerable to Cross-Site Request Forgery (CSRF)
Ecosystems: packagist
Packages: showdoc/showdoc
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 3 years ago
Moderate
GSA_kwCzR0hTQS12cmdoLTV3M2MtZ2dmOM0Y3g
showdoc is vulnerable to Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
Ecosystems: packagist
Packages: showdoc/showdoc
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 3 years ago
Low
GSA_kwCzR0hTQS13Yzd2LTc3anItNWMzbc0ZDg
bookstack is vulnerable to Cross-Site Request Forgery (CSRF)
Ecosystems: packagist
Packages: ssddanbrown/bookstack
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 3 years ago
High
GSA_kwCzR0hTQS04ZnA0LXJwNmMtNWdjds0Y7g
Path Traversal in com.linecorp.armeria:armeria
Ecosystems: maven
Packages: com.linecorp.armeria:armeria
Source: GitHub Advisory Database
Blast Radius: 18.0
Published: almost 3 years ago
Moderate
GSA_kwCzR0hTQS1xNGc3LWpyeHYtNjdyOc0XeQ
Silent Configuration Failure in Puppet Agent
Ecosystems: rubygems
Packages: puppet
Source: GitHub Advisory Database
Blast Radius: 26.6
Published: almost 3 years ago
Moderate
GSA_kwCzR0hTQS05M2o1LWc4NDUtOXdxcM0XhQ
Unsafe HTTP Redirect in Puppet Agent and Puppet Server
Ecosystems: rubygems
Packages: puppet
Source: GitHub Advisory Database
Blast Radius: 26.6
Published: almost 3 years ago
Moderate
GSA_kwCzR0hTQS04OXE1LW1qNzgtcHc1d80X1g
Cross-site Scripting in pekeupload
Ecosystems: npm
Packages: pekeupload
Source: GitHub Advisory Database
Blast Radius: 1.8
Published: almost 3 years ago
Moderate
GSA_kwCzR0hTQS02Z3d3LXFwbTYtbWMyZ80X1A
Server-Side Request Forgery in ssrf-agent
Ecosystems: npm
Packages: ssrf-agent
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 3 years ago
Moderate
GSA_kwCzR0hTQS0zbTNoLXY5aHYtOWo0aM0X9Q
Cross-site Scripting in django-wiki
Ecosystems: pypi
Packages: wiki
Source: GitHub Advisory Database
Blast Radius: 10.8
Published: almost 3 years ago
Moderate
GSA_kwCzR0hTQS1jZnFqLTlnMmctdzdxNs0YJg
Apache JSPWiki Cross-site Scripting due to carefully crafted plugin link invocation
Ecosystems: maven
Packages: org.apache.jspwiki:jspwiki-main
Source: GitHub Advisory Database
Blast Radius: 7.9
Published: almost 3 years ago
Critical
GSA_kwCzR0hTQS13ZjVwLWY1eHItYzRqas0YRg
SQL Injection in rosariosis
Ecosystems: packagist
Packages: francoisjacquet/rosariosis
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 3 years ago
Critical
GSA_kwCzR0hTQS1wZm13LXZqNzQtcGg4Z80YjQ
HashiCorp Vault Incorrect Permission Assignment for Critical Resource
Ecosystems: go
Packages: github.com/hashicorp/vault
Source: GitHub Advisory Database
Blast Radius: 30.6
Published: almost 3 years ago
Critical
GSA_kwCzR0hTQS13cDRoLXB2Z3ctNTcyN80Y7Q
Improperly Controlled Modification of Dynamically-Determined Object Attributes in Apache Struts
Ecosystems: maven
Packages: org.apache.struts:struts2-core
Source: GitHub Advisory Database
Blast Radius: 37.2
Published: almost 3 years ago
Critical
GSA_kwCzR0hTQS03cnBjLTltODgtY2Y5d80YPQ
OS Command Injection Vulnerability and Potential Zip Slip Vulnerability in baserCMS
Ecosystems: packagist
Packages: baserproject/basercms
Source: GitHub Advisory Database
Blast Radius: 5.5
Published: almost 3 years ago
High
GSA_kwCzR0hTQS00eDJmLTU0d3ItNGhqZ80YPg
Potential Zip Slip Vulnerability in baserCMS
Ecosystems: packagist
Packages: baserproject/basercms
Source: GitHub Advisory Database
Blast Radius: 4.6
Published: almost 3 years ago
High
GSA_kwCzR0hTQS13N2ZqLTMzNnItdnc0Oc0YPw
Cross-Site Scripting vulnerability in @backstage/plugin-auth-backend
Ecosystems: npm
Packages: @backstage/plugin-auth-backend
Source: GitHub Advisory Database
Blast Radius: 18.3
Published: almost 3 years ago
High
GSA_kwCzR0hTQS0yZzhnLTYzajQtOXczcs0YQA
RCE vulnerability affecting v1beta3 templates in @backstage/plugin-scaffolder-backend
Ecosystems: npm
Packages: @backstage/plugin-scaffolder-backend
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 3 years ago
High
GSA_kwCzR0hTQS1mMzRtLXg5cGotNjJ2cc0YQQ
Cross-Site Scripting Vulnerability in @joeattardi/emoji-button
Ecosystems: npm
Packages: @joeattardi/emoji-button
Source: GitHub Advisory Database
Blast Radius: 20.3
Published: almost 3 years ago
High
GSA_kwCzR0hTQS1tZzNtLWY0NzUtMjhods0YQg
Path Traversal in @backstage/plugin-scaffolder-backend
Ecosystems: npm
Packages: @backstage/plugin-scaffolder-backend
Source: GitHub Advisory Database
Blast Radius: 22.3
Published: almost 3 years ago
Moderate
GSA_kwCzR0hTQS05anA4LWN3d3gtcDY0cc0YRA
XSS in richtext custom tag attributes in ezsystems/ezplatform-richtext
Ecosystems: packagist
Packages: ezsystems/ezplatform-admin-ui
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 3 years ago
Moderate
GSA_kwCzR0hTQS1meHdtLXJ4NjgtcDV2eM0YRQ
XSS in richtext custom tag attributes in ezsystems/ezplatform-richtext
Ecosystems: packagist
Packages: ezsystems/ezplatform-richtext
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 3 years ago
Moderate
GSA_kwCzR0hTQS1xNTRyLXI5cHItdzdxds0Ylg
Hexo Vulnerable to XSS
Ecosystems: npm
Packages: hexo
Source: GitHub Advisory Database
Blast Radius: 19.9
Published: almost 3 years ago
Moderate
GSA_kwCzR0hTQS1qbTZwLXdmamcteG03eM0Yfg
bookstack is vulnerable to Improper Access Control
Ecosystems: packagist
Packages: ssddanbrown/bookstack
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 3 years ago
Moderate
GSA_kwCzR0hTQS05NDVxLWNoNDYtcGNoZ80Yiw
Deserialization of Untrusted Data in Spring AMQP
Ecosystems: maven
Packages: org.springframework.amqp:spring-amqp
Source: GitHub Advisory Database
Blast Radius: 22.8
Published: almost 3 years ago
Moderate
GSA_kwCzR0hTQS1md2Y2LXJ3NjktaGhqNM0YQw
Improper Neutralization of Formula Elements in a CSV File in html-2-csv
Ecosystems: pypi
Packages: html-to-csv
Source: GitHub Advisory Database
Blast Radius: 3.9
Published: almost 3 years ago
Moderate
GSA_kwCzR0hTQS1xcHBnLXY3NWMtcjVmZs0Ycg
S3Scanner allows Directory Traversal
Ecosystems: pypi
Packages: s3scanner
Source: GitHub Advisory Database
Blast Radius: 6.4
Published: almost 3 years ago
Critical
GSA_kwCzR0hTQS1oZjJtLWo5OHItNGZxd80YdA
API token verification can be bypassed in NodeBB
Ecosystems: npm
Packages: nodebb
Source: GitHub Advisory Database
Blast Radius: 4.7
Published: almost 3 years ago
Critical
GSA_kwCzR0hTQS13eDY5LXJ2ZzMteDdmY80YdQ
XSS via prototype pollution in NodeBB
Ecosystems: npm
Packages: nodebb
Source: GitHub Advisory Database
Blast Radius: 4.3
Published: almost 3 years ago
Moderate
GSA_kwCzR0hTQS1wZmo3LTJxZnctdndnbc0Ydg
NodeBB vulnerable to path traversal in translator module
Ecosystems: npm
Packages: nodebb
Source: GitHub Advisory Database
Blast Radius: 2.4
Published: almost 3 years ago
High
GSA_kwCzR0hTQS1oZjc5LThoanAtcnJ2cc0Ydw
Use After Free in lucet
Ecosystems: cargo
Packages: lucet-runtime
Source: GitHub Advisory Database
Blast Radius: 6.0
Published: almost 3 years ago
Moderate
GSA_kwCzR0hTQS00NThmLTI2cjMteDJjM80YLw
Cross-site Scripting in github.com/schollz/rwtxt
Ecosystems: go
Packages: github.com/schollz/rwtxt
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 3 years ago
Statistics
Advisories: 20,351
Packages: 8,931
Repositories: 5,446
Ecosystems: 12
Filter by Severity
Moderate 8,817 High 7,060 Critical 3,018 Low 1,120
Filter by Ecosystem
maven 5,802 packagist 4,526 pypi 4,296 npm 3,783 go 2,245 nuget 1,532 rubygems 872 cargo 862 swift 32 hex 30 actions 19 pub 9
Filter by Package
tensorflow 433 tensorflow-gpu 425 tensorflow-cpu 422 moodle/moodle 343 Microsoft.ChakraCore 247 magento/community-edition 235 org.jenkins-ci.main:jenkins-core 193 typo3/cms 174 org.apache.tomcat:tomcat 132 pimcore/pimcore 118 dolibarr/dolibarr 112 typo3/cms-core 106 Django 100 microweber/microweber 94 drupal/core 92 phpmyadmin/phpmyadmin 92 silverstripe/framework 85 apache-airflow 84 drupal/drupal 77 Plone 72 thorsten/phpmyfaq 70 com.fasterxml.jackson.core:jackson-databind 69 symfony/symfony 64 github.com/usememos/memos 63 ansible 63 concrete5/concrete5 60 actionpack 60 librenms/librenms 60 github.com/mattermost/mattermost/server/v8 56 salt 55 org.apache.struts:struts2-core 55 shopware/platform 52 org.keycloak:keycloak-core 51 apache-superset 51 github.com/grafana/grafana 47 nova 47 mlflow 46 com.liferay.portal:release.portal.bom 46 django 44 baserproject/basercms 43 craftcms/cms 43 nokogiri 43 rdiffweb 42 plone 41 shopware/core 40 showdoc/showdoc 40 intelliants/subrion 39 vyper 38 froxlor/froxlor 38 org.xwiki.platform:xwiki-platform-oldcore 37 nilsteampassnet/teampass 37 mautic/core 37 github.com/mattermost/mattermost-server/v6 37 org.apache.tomcat.embed:tomcat-embed-core 37 org.keycloak:keycloak-services 36 org.elasticsearch:elasticsearch 36 com.jfinal:jfinal 36 github.com/hashicorp/vault 36 com.thoughtworks.xstream:xstream 36 moin 35 matrix-synapse 35 net.mingsoft:ms-mcms 35 github.com/rancher/rancher 34 snipe/snipe-it 34 zendframework/zendframework1 34 github.com/answerdev/answer 34 k8s.io/kubernetes 34 org.jenkins-ci.plugins:script-security 32 gradio 32 io.undertow:undertow-core 32 opencv-contrib-python 31 keystone 31 Pillow 31 github.com/argoproj/argo-cd 31 parse-server 31 opencv-python 31 shopware/shopware 30 github.com/docker/docker 29 getgrav/grav 29 github.com/argoproj/argo-cd/v2 27 centreon/centreon 27 github.com/hashicorp/nomad 27 prestashop/prestashop 26 directus 26 electron 26 github.com/hashicorp/consul 26 openssl-src 26 pillow 26 org.keycloak:keycloak-parent 25 org.apache.solr:solr-core 25 github.com/cilium/cilium 25 rubygems-update 25 mediawiki/core 24 contao/core-bundle 24 org.springframework.security:spring-security-core 24 gogs.io/gogs 24 org.eclipse.jetty:jetty-server 24 magento/core 24 puppet 23 remdex/livehelperchat 23 pocketmine/pocketmine-mp 23 simplesamlphp/simplesamlphp 23 zendframework/zendframework 23 rack 23 grumpydictator/firefly-iii 23 ckb 22 tribalsystems/zenario 22 getkirby/cms 22 org.bouncycastle:bcprov-jdk14 22 org.apache.openmeetings:openmeetings-parent 21 Microsoft.AspNetCore.App.Runtime.win-x86 21 org.apache.nifi:nifi 21 activerecord 21 Microsoft.AspNetCore.App.Runtime.win-x64 21 @openzeppelin/contracts-upgradeable 21 glance 20 github.com/ethereum/go-ethereum 20 Microsoft.AspNetCore.App.Runtime.win-arm 20 code.gitea.io/gitea 20 org.cloudfoundry.identity:cloudfoundry-identity-server 20 @openzeppelin/contracts 20 laravel/framework 19 org.xwiki.platform:xwiki-platform-web-templates 19 DotNetNuke.Core 19 org.springframework:spring-core 19 contao/contao 19 topthink/framework 18 cockpit-hq/cockpit 18 wasmtime 18 com.vaadin:vaadin-bom 18 mindsdb 18 langchain 18 com.liferay.portal:release.dxp.bom 18 github.com/traefik/traefik/v2 18 Microsoft.AspNetCore.App.Runtime.linux-arm 18 mercurial 18 github.com/goharbor/harbor 18 next 18 golang.org/x/net 18 Microsoft.AspNetCore.App.Runtime.osx-x64 18 Microsoft.AspNetCore.App.Runtime.linux-arm64 18 forkcms/forkcms 18 Microsoft.AspNetCore.App.Runtime.win-arm64 18 Microsoft.AspNetCore.App.Runtime.linux-x64 18 Microsoft.AspNetCore.App.Runtime.linux-musl-x64 18 francoisjacquet/rosariosis 17 helm.sh/helm/v3 17 notebook 17 symfony/security 17 PaddlePaddle 17 Microsoft.AspNetCore.App.Runtime.linux-musl-arm64 17 ezsystems/ezpublish-kernel 17 cobbler 17 genix/cms 17 org.apache.geode:geode-core 17 cakephp/cakephp 17 opencart/opencart 17 openmage/magento-lts 16 tinymce 16 org.apache.activemq:activemq-client 16 org.apache.jspwiki:jspwiki-main 16 cryptography 16 org.apache.dubbo:dubbo 16 typo3/cms-backend 16 sequelize 16 org.bouncycastle:bcprov-jdk15 16 neutron 16 rusqlite 16 yetiforce/yetiforce-crm 16 ckeditor4 15 ghost 15 ethyca-fides 15 pyload-ng 15 org.apache.struts.xwork:xwork-core 15 ec-cube/ec-cube 15 october/system 15 smarty/smarty 15 paddlepaddle 15 modoboa 14 silverstripe/cms 14 symfony/security-http 14 bolt/bolt 14 activesupport 14 swagger-ui 14 org.xwiki.platform:xwiki-platform-web 14 github.com/nats-io/nats-server/v2 14 phpmailer/phpmailer 14 org.apache.inlong:manager-pojo 14 publify_core 14 github.com/containerd/containerd 14 feehi/cms 14 github.com/zitadel/zitadel 14 pyftpdlib 14 strapi 13 org.apache.cxf:cxf 13 undici 13 vantage6 13 studio-42/elfinder 13 impresscms/impresscms 13 Microsoft.AspNetCore.App.Runtime.linux-musl-arm 13
Filter by Repository
https://github.com/tensorflow/tensorflow 433 https://github.com/moodle/moodle 214 https://github.com/chakra-core/ChakraCore 214 https://github.com/xwiki/xwiki-platform 183 https://github.com/jenkinsci/jenkins 150 https://github.com/pimcore/pimcore 113 https://github.com/django/django 113 https://github.com/apache/airflow 98 https://github.com/apache/tomcat 97 https://github.com/microweber/microweber 88 https://github.com/TYPO3/typo3 74 https://github.com/keycloak/keycloak 74 https://github.com/FasterXML/jackson-databind 70 https://github.com/thorsten/phpmyfaq 69 https://github.com/silverstripe/silverstripe-framework 64 https://github.com/usememos/memos 63 https://github.com/rails/rails 59 https://github.com/symfony/symfony 57 https://github.com/ansible/ansible 56 https://github.com/Dolibarr/dolibarr 56 https://github.com/python-pillow/Pillow 52 https://github.com/kubernetes/kubernetes 52 https://github.com/librenms/librenms 52 https://github.com/apache/struts 46 https://github.com/spring-projects/spring-framework 45 https://github.com/shopware/platform 43 https://github.com/argoproj/argo-cd 42 https://github.com/ikus060/rdiffweb 42 https://github.com/concretecms/concretecms 41 https://github.com/grafana/grafana 40 https://github.com/magento/magento2 38 https://github.com/vyperlang/vyper 38 https://github.com/star7th/showdoc 38 https://github.com/phpmyadmin/phpmyadmin 38 https://github.com/plone/Products.CMFPlone 37 https://github.com/openstack/nova 37 https://github.com/x-stream/xstream 36 https://github.com/mautic/mautic 35 https://github.com/octobercms/october 35 https://github.com/saltstack/salt 34 https://github.com/answerdev/answer 34 https://github.com/apache/activemq 33 https://github.com/matrix-org/synapse 32 https://github.com/sparklemotion/nokogiri 32 https://github.com/opencv/opencv 32 https://github.com/go-gitea/gitea 32 https://github.com/craftcms/cms 31 https://github.com/PaddlePaddle/Paddle 31 https://github.com/dotnet/runtime 31 https://github.com/parse-community/parse-server 31 https://github.com/mlflow/mlflow 30 https://github.com/gradio-app/gradio 30 https://github.com/snipe/snipe-it 30 https://github.com/rancher/rancher 29 https://github.com/shopware/shopware 28 https://github.com/CVEProject/cvelist 28 https://github.com/openstack/keystone 28 https://github.com/apache/inlong 27 https://github.com/froxlor/froxlor 26 https://github.com/directus/directus 25 https://github.com/contao/contao 25 https://github.com/electron/electron 25 https://github.com/cilium/cilium 25 https://github.com/TYPO3/TYPO3.CMS 24 https://github.com/gogs/gogs 24 https://github.com/getgrav/grav 24 https://github.com/strapi/strapi 24 https://github.com/github/advisory-database 24 https://github.com/livehelperchat/livehelperchat 23 https://github.com/eclipse/jetty.project 23 https://github.com/firefly-iii/firefly-iii 23 https://github.com/pmmp/PocketMine-MP 23 https://github.com/nervosnetwork/ckb 22 https://github.com/baserproject/basercms 22 https://github.com/apache/nifi 22 https://github.com/PrestaShop/PrestaShop 22 https://github.com/apache/cxf 21 https://github.com/jenkinsci/script-security-plugin 21 https://github.com/OpenNMS/opennms 20 https://github.com/umbraco/Umbraco-CMS 20 https://github.com/langchain-ai/langchain 20 https://github.com/OpenZeppelin/openzeppelin-contracts 20 https://github.com/jeecgboot/jeecg-boot 20 https://github.com/simplesamlphp/simplesamlphp 20 https://github.com/netty/netty 20 https://github.com/getkirby/kirby 19 https://github.com/cloudfoundry/uaa 19 https://github.com/bcgit/bc-java 19 https://github.com/nilsteampassnet/teampass 19 https://github.com/hashicorp/consul 19 https://github.com/bytecodealliance/wasmtime 19 https://github.com/intelliants/subrion 18 https://github.com/traefik/traefik 18 https://github.com/rack/rack 18 https://github.com/geoserver/geoserver 18 https://github.com/goharbor/harbor 18 https://github.com/helm/helm 18 https://github.com/rubygems/rubygems 18 https://github.com/nilsteampassnet/TeamPass 18 https://github.com/vaadin/platform 17 https://github.com/undertow-io/undertow 17 https://github.com/liufee/cms 17 https://github.com/moby/moby 17 https://github.com/mindsdb/mindsdb 17 https://github.com/zitadel/zitadel 17 https://github.com/sequelize/sequelize 16 https://github.com/TYPO3-CMS/core 16 https://github.com/hashicorp/vault 16 https://github.com/opencast/opencast 16 https://github.com/forkcms/forkcms 16 https://github.com/rusqlite/rusqlite 16 https://github.com/etcd-io/etcd 16 https://github.com/OpenMage/magento-lts 16 https://github.com/tinymce/tinymce 16 https://github.com/ethereum/go-ethereum 16 https://github.com/backstage/backstage 16 https://github.com/yetiforcecompany/yetiforcecrm 16 https://github.com/centreon/centreon 15 https://github.com/PHPMailer/PHPMailer 15 https://github.com/zendframework/zendframework 15 https://github.com/pyca/cryptography 15 https://github.com/puppetlabs/puppet 15 https://github.com/ethyca/fides 15 https://github.com/pyload/pyload 15 https://github.com/vantage6/vantage6 15 https://github.com/laravel/framework 15 https://github.com/apache/camel 15 https://github.com/denoland/deno 15 https://github.com/mattermost/mattermost 15 https://github.com/decidim/decidim 14 https://github.com/dotnet/aspnetcore 14 https://github.com/cockpit-hq/cockpit 14 https://github.com/xuxueli/xxl-job 14 https://github.com/vercel/next.js 14 https://github.com/cobbler/cobbler 14 https://github.com/containerd/containerd 14 https://github.com/ckeditor/ckeditor4 14 https://github.com/twisted/twisted 14 https://github.com/golang/go 13 https://github.com/publify/publify 13 https://github.com/ming-soft/MCMS 13 https://github.com/dompdf/dompdf 13 https://github.com/apache/dolphinscheduler 13 https://github.com/nodejs/undici 13 https://github.com/swagger-api/swagger-ui 13 https://github.com/quarkusio/quarkus 13 https://github.com/OPCFoundation/UA-.NETStandard 13 https://github.com/TryGhost/Ghost 13 https://github.com/dromara/hutool 13 https://github.com/modoboa/modoboa 13 https://github.com/hashicorp/nomad 13 https://github.com/urllib3/urllib3 12 https://github.com/laurent22/joplin 12 https://github.com/smarty-php/smarty 12 https://github.com/opencontainers/runc 12 https://github.com/centreon/centreon-archived 12 https://github.com/apache/kylin 12 https://github.com/pimcore/admin-ui-classic-bundle 12 https://github.com/wagtail/wagtail 12 https://github.com/puma/puma 12 https://github.com/openfga/openfga 12 https://github.com/patriksimek/vm2 12 https://github.com/containers/podman 12 https://github.com/aio-libs/aiohttp 12 https://github.com/1Panel-dev/1Panel 12 https://github.com/surrealdb/surrealdb 12 https://github.com/drupal/core 11 https://github.com/pomerium/pomerium 11 https://github.com/thorsten/phpMyFAQ 11 https://github.com/NodeBB/NodeBB 11 https://github.com/owen2345/camaleon-cms 11 https://github.com/cloudflare/cfrpki 11 https://github.com/yiisoft/yii2 11 https://github.com/top-think/framework 11 https://github.com/janeczku/calibre-web 11 https://github.com/WWBN/AVideo 11 https://github.com/dpgaspar/Flask-AppBuilder 11 https://github.com/onionshare/onionshare 11 https://github.com/vaadin/flow 11 https://github.com/Studio-42/elFinder 11 https://github.com/ezsystems/ezpublish-kernel 11 https://github.com/cakephp/cakephp 11 https://github.com/nats-io/nats-server 11 https://github.com/scrapy/scrapy 11 https://github.com/igniterealtime/Openfire 11 https://github.com/openstack/glance 11 https://github.com/Sylius/Sylius 11 https://github.com/nautobot/nautobot 10 https://github.com/jquery/jquery 10 https://github.com/zopefoundation/Zope 10 https://github.com/dolibarr/dolibarr 10 https://github.com/jupyter/notebook 10 https://github.com/keystonejs/keystone 10 https://github.com/matrix-org/matrix-js-sdk 10 https://github.com/zenml-io/zenml 10 https://github.com/funadmin/funadmin 10 https://github.com/apache/zeppelin 10 https://github.com/nextauthjs/next-auth 10 https://github.com/apache/superset 10