Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories

Browse all Security Advisories for

Loading...
High
GSA_kwCzR0hTQS1xaG1wLWg1NHgtMzhxcs0V5w
Apprise vulnerable to regex injection with IFTTT Plugin
Ecosystems: pypi
Packages: apprise
Source: GitHub Advisory Database
Blast Radius: 22.2
Published: about 3 years ago
High
GSA_kwCzR0hTQS1ycDY1LTljZjMtY2p4cs0V5A
Inefficient Regular Expression Complexity in nth-check
Ecosystems: npm
Packages: nth-check
Source: GitHub Advisory Database
Blast Radius: 48.6
Published: about 3 years ago
High
GSA_kwCzR0hTQS04djYzLWNxcWMtNnIyY80V4w
Prototype Pollution in object-path
Ecosystems: npm
Packages: object-path
Source: GitHub Advisory Database
Blast Radius: 44.8
Published: about 3 years ago
High
GSA_kwCzR0hTQS01OWc5LTdnZngtYzcycM0V1g
Infinite loop in Tomcat due to parsing error
Ecosystems: maven
Packages: org.apache.tomcat:tomcat
Source: GitHub Advisory Database
Blast Radius: 19.8
Published: about 3 years ago
High
GSA_kwCzR0hTQS1yZjN3LTI5aDMtcjYzNs0V1Q
Arbitrary Code Execution in feehi/cms
Ecosystems: packagist
Packages: feehi/cms
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 3 years ago
High
GSA_kwCzR0hTQS02cTNwLTM2ZjQtY3d4ds0V0A
Server-Side Request Forgery in UReport
Ecosystems: maven
Packages: com.bstek.ureport:ureport2-console
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 3 years ago
Critical
GSA_kwCzR0hTQS03MjlmLXd2ajMtYzRwas0Vzw
Remote code execution in UReport
Ecosystems: maven
Packages: com.bstek.ureport:ureport2-core
Source: GitHub Advisory Database
Blast Radius: 10.9
Published: about 3 years ago
Moderate
GSA_kwCzR0hTQS1ocWhwLTVwODMtaHg5Ns0Vzg
prismjs Regular Expression Denial of Service vulnerability
Ecosystems: npm
Packages: prismjs
Source: GitHub Advisory Database
Blast Radius: 34.7
Published: about 3 years ago
Moderate
GSA_kwCzR0hTQS00Z2YyLXh2OTctNjNtMs0VzQ
Exposure of Sensitive Information in keycloak
Ecosystems: maven
Packages: org.keycloak:keycloak-core
Source: GitHub Advisory Database
Blast Radius: 17.1
Published: about 3 years ago
Moderate
GSA_kwCzR0hTQS1jcHE4LXgzNWctbTQzOc0VzA
Cross-site Scripting in yourls
Ecosystems: packagist
Packages: yourls/yourls
Source: GitHub Advisory Database
Blast Radius: 4.6
Published: about 3 years ago
Moderate
GSA_kwCzR0hTQS1tOWZxLWM5aHAtNTlnN80Vyw
Cross-site Scripting in yourls
Ecosystems: packagist
Packages: yourls/yourls
Source: GitHub Advisory Database
Blast Radius: 3.8
Published: about 3 years ago
Moderate
GSA_kwCzR0hTQS1mMmM1LTk5N3ctN2Y1Y80Vyg
Cross-site Scripting in peertube
Ecosystems: npm
Packages: peertube
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 3 years ago
High
GSA_kwCzR0hTQS00NGM2LTR2MjItNG1oeM0VyQ
semver-regex Regular Expression Denial of Service (ReDOS)
Ecosystems: npm
Packages: semver-regex
Source: GitHub Advisory Database
Blast Radius: 41.8
Published: about 3 years ago
High
GSA_kwCzR0hTQS12dmYyLXBwajktcHA0Oc0VyA
Inefficient Regular Expression Complexity in vuelidate
Ecosystems: npm
Packages: @vuelidate/validators
Source: GitHub Advisory Database
Blast Radius: 23.7
Published: about 3 years ago
Moderate
GSA_kwCzR0hTQS00NWg1LXI5NjgtNXhyN80Vxw
Exposure of sensitive information in Elasticsearch
Ecosystems: maven
Packages: org.elasticsearch:elasticsearch
Source: GitHub Advisory Database
Blast Radius: 27.7
Published: about 3 years ago
High
GSA_kwCzR0hTQS1qZ3J4LW1neHgtamY5ds0Vxg
tmpl vulnerable to Inefficient Regular Expression Complexity which may lead to resource exhaustion
Ecosystems: npm
Packages: tmpl
Source: GitHub Advisory Database
Blast Radius: 46.1
Published: about 3 years ago
High
GSA_kwCzR0hTQS03cnA2LXc3bWctaDhyd80V1w
XML External Entity Reference in Apache Jena
Ecosystems: maven
Packages: org.apache.jena:jena-core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 3 years ago
High
GSA_kwCzR0hTQS05M3E4LWdxNjktd3Ftd80V3g
Inefficient Regular Expression Complexity in chalk/ansi-regex
Ecosystems: npm
Packages: ansi-regex
Source: GitHub Advisory Database
Blast Radius: 45.7
Published: about 3 years ago
High
GSA_kwCzR0hTQS00OXgzLTgyMjgtM3czbc0V3w
Inefficient Regular Expression Complexity in code-server
Ecosystems: npm
Packages: code-server
Source: GitHub Advisory Database
Blast Radius: 3.6
Published: about 3 years ago
Critical
GSA_kwCzR0hTQS1mNmpwLWo2dzMtdzlobc0V4A
Apache Shiro vulnerable to a specially crafted HTTP request causing an authentication bypass
Ecosystems: maven
Packages: org.apache.shiro:shiro-core
Source: GitHub Advisory Database
Blast Radius: 41.9
Published: about 3 years ago
High
GSA_kwCzR0hTQS05MnY5LXhoMnEtZnE5Zs0V4Q
Prototype Pollution in cookiex/deep
Ecosystems: npm
Packages: @cookiex/deep
Source: GitHub Advisory Database
Blast Radius: 2.6
Published: about 3 years ago
High
GSA_kwCzR0hTQS00NjhxLXY0amotNDg1aM0V4g
Inefficient Regular Expression Complexity in taro
Ecosystems: npm
Packages: @tarojs/helper
Source: GitHub Advisory Database
Blast Radius: 21.8
Published: about 3 years ago
Moderate
GSA_kwCzR0hTQS1xODc5LTlnOTUtNTZteM0V3Q
Wrong type for `Linker`-define functions when used across two `Engine`s
Ecosystems: cargo
Packages: wasmtime
Source: GitHub Advisory Database
Blast Radius: 21.4
Published: about 3 years ago
Moderate
GSA_kwCzR0hTQS00ODczLTM2aDktd3Y0Oc0V3A
Out-of-bounds read/write and invalid free with `externref`s and GC safepoints in Wasmtime
Ecosystems: cargo
Packages: wasmtime
Source: GitHub Advisory Database
Blast Radius: 21.4
Published: about 3 years ago
Moderate
GSA_kwCzR0hTQS12NGNwLWg5NHItbTd4Zs0V2w
Use after free passing `externref`s to Wasm in Wasmtime
Ecosystems: cargo
Packages: wasmtime
Source: GitHub Advisory Database
Blast Radius: 21.4
Published: about 3 years ago
Moderate
GSA_kwCzR0hTQS01Nzl4LWNqdnItY3FqOc0V2g
Observable Response Discrepancy in Lost Password Service
Ecosystems: packagist
Packages: pimcore/pimcore
Source: GitHub Advisory Database
Blast Radius: 13.2
Published: about 3 years ago
Moderate
GSA_kwCzR0hTQS1qcDdmLWdyY3YtNm1qZs0V2Q
Partial path traversal in sharpcompress
Ecosystems: nuget
Packages: sharpcompress
Source: GitHub Advisory Database
Blast Radius: 10.1
Published: about 3 years ago
Critical
GSA_kwCzR0hTQS0yMmdoLTNyOXEteGYzOM0V2A
Lacking Protection against HTTP Request Smuggling in mitmproxy
Ecosystems: pypi
Packages: mitmproxy
Source: GitHub Advisory Database
Blast Radius: 22.7
Published: about 3 years ago
Moderate
GSA_kwCzR0hTQS1maHY4LWZ4NWYtN2Z4Zs0V1A
Prototype Pollution in the merge and clone helper methods
Ecosystems: npm
Packages: zrender
Source: GitHub Advisory Database
Blast Radius: 28.3
Published: about 3 years ago
Moderate
GSA_kwCzR0hTQS1tYzIyLTVxOTItOHY4Nc0V0w
Memory Safety Issue when using patch or merge on state and assign the result back to state
Ecosystems: cargo
Packages: tremor-script
Source: GitHub Advisory Database
Blast Radius: 5.1
Published: about 3 years ago
Moderate
GSA_kwCzR0hTQS13ZnJqLXFxYzItODNjbc0V0g
Remote command injection when using sendmail email transport
Ecosystems: npm
Packages: ghost
Source: GitHub Advisory Database
Blast Radius: 15.5
Published: about 3 years ago
High
GSA_kwCzR0hTQS04NHA3LWZoOWMtNmc4aM0V0Q
Prototype Pollution in mixme
Ecosystems: npm
Packages: mixme
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 3 years ago
Moderate
GSA_kwCzR0hTQS1jNzdmLTRyZ2otamZyNM0VxQ
Cross-site Scripting in Beego
Ecosystems: go
Packages: github.com/beego/beego/v2
Source: GitHub Advisory Database
Blast Radius: 15.8
Published: about 3 years ago
Critical
GSA_kwCzR0hTQS01dnAzLXY0aGMtZ3g3Ns0VxA
UUPSUpgradeable vulnerability in @openzeppelin/contracts
Ecosystems: npm
Packages: @openzeppelin/contracts-upgradeable, @openzeppelin/contracts
Source: GitHub Advisory Database
Blast Radius: 44.5
Published: about 3 years ago
Critical
GSA_kwCzR0hTQS1xNGg5LTQ2eGctbTN4Oc0Vww
UUPSUpgradeable vulnerability in @openzeppelin/contracts-upgradeable
Ecosystems: npm
Packages: @openzeppelin/contracts-upgradeable
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 3 years ago
High
GSA_kwCzR0hTQS0yZ2hjLTZ2ODktcHc5as0Vwg
body-parser-xml vulnerable to Prototype Pollution
Ecosystems: npm
Packages: body-parser-xml
Source: GitHub Advisory Database
Blast Radius: 19.2
Published: about 3 years ago
High
GSA_kwCzR0hTQS0ycmg1LWp2Z3gtcGd3M80VwQ
Any storage file can be downloaded from p.sh if full server path is known
Ecosystems: packagist
Packages: ezsystems/ezplatform
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 3 years ago
High
GSA_kwCzR0hTQS1ncWNmLTgzcnEtZ3Bmcs0VwA
Any storage file can be downloaded from p.sh if full server path is known
Ecosystems: packagist
Packages: ibexa/post-install
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 3 years ago
Moderate
GSA_kwCzR0hTQS0yM2NtLXg2ajctNmhxM80Vvw
matrix-js-sdk can be tricked into disclosing E2EE room keys to a participating homeserver
Ecosystems: npm
Packages: matrix-js-sdk
Source: GitHub Advisory Database
Blast Radius: 17.8
Published: about 3 years ago
Critical
GSA_kwCzR0hTQS1jcXFoLTQ5bXgtZnE2M80Vug
merge vulnerable to Prototype Pollution
Ecosystems: npm
Packages: @viking04/merge
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 3 years ago
High
GSA_kwCzR0hTQS00anFjLThtNXItOXJwcs0Vvg
Prototype Pollution in set-value
Ecosystems: npm, nuget
Packages: set-value, set-value-nuget
Source: GitHub Advisory Database
Blast Radius: 49.0
Published: about 3 years ago
Critical
GSA_kwCzR0hTQS05OXB4LTc3MjQtNDg0ds0VvQ
Remote Code Execution in Any23
Ecosystems: maven
Packages: org.apache.any23:apache-any23
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 3 years ago
Critical
GSA_kwCzR0hTQS04MzhyLWh2d2gtMjRoOM0VvA
XML Injection in Any23
Ecosystems: maven
Packages: org.apache.any23:apache-any23
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 3 years ago
Moderate
GSA_kwCzR0hTQS1td2dqLTd4N2otNjk2Ns0Vuw
Deserialization of Untrusted Data in ParlAI
Ecosystems: pypi
Packages: parlai
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 3 years ago
High
GSA_kwCzR0hTQS1naDhqLTJwZ2YteDQ1OM0VuQ
Infinite Loop in rencode
Ecosystems: pypi
Packages: rencode
Source: GitHub Advisory Database
Blast Radius: 14.8
Published: about 3 years ago
Moderate
GSA_kwCzR0hTQS1tODdmLTlmdnYtMm1nZ80VuA
Deserialization of Untrusted Data in parlai
Ecosystems: pypi
Packages: parlai
Source: GitHub Advisory Database
Blast Radius: 11.6
Published: about 3 years ago
High
GSA_kwCzR0hTQS00aHBxLXJqY3gtN3ZqOc0Vtw
Clearance Gem Open Redirect Vulnerability
Ecosystems: rubygems
Packages: clearance
Source: GitHub Advisory Database
Blast Radius: 22.7
Published: about 3 years ago
Critical
GSA_kwCzR0hTQS1xODk3LTlqeGYtamc5cs0VtA
Security check skip in Apache Dubbo
Ecosystems: maven
Packages: org.apache.dubbo:dubbo
Source: GitHub Advisory Database
Blast Radius: 34.4
Published: about 3 years ago
High
GSA_kwCzR0hTQS1wNXc4LXdxaGotOWhoZs0VtQ
StripComments filter contains a regular expression that is vulnerable to ReDOS (Regular Expression Denial of Service)
Ecosystems: pypi
Packages: sqlparse
Source: GitHub Advisory Database
Blast Radius: 39.8
Published: about 3 years ago
Critical
GSA_kwCzR0hTQS1xdm03LTIzY2otNDM3ds0Vsw
Remote Code Execution in Apache Dubbo
Ecosystems: maven
Packages: org.apache.dubbo:dubbo
Source: GitHub Advisory Database
Blast Radius: 34.4
Published: about 3 years ago
High
GSA_kwCzR0hTQS1jZmMyLXdqY20tYzhmbc0Vsg
Incorrect Authorization with specially crafted requests
Ecosystems: go
Packages: github.com/pomerium/pomerium
Source: GitHub Advisory Database
Blast Radius: 6.0
Published: about 3 years ago
High
GSA_kwCzR0hTQS01d2pmLTYyaHctcTc4cs0VsQ
Excessive CPU usage
Ecosystems: go
Packages: github.com/pomerium/pomerium
Source: GitHub Advisory Database
Blast Radius: 5.2
Published: about 3 years ago
High
GSA_kwCzR0hTQS1namNnLXZyeGcteG1nds0VsA
Incorrect handling of H2 GOAWAY + SETTINGS frames
Ecosystems: go
Packages: github.com/pomerium/pomerium
Source: GitHub Advisory Database
Blast Radius: 6.0
Published: about 3 years ago
High
GSA_kwCzR0hTQS05dmpwLXY3NmYtZzM2M80Vrw
SnappyFrameDecoder doesn't restrict chunk length any may buffer skippable chunks in an unnecessary way
Ecosystems: maven
Packages: io.netty:netty, org.jboss.netty:netty, io.netty:netty-codec
Source: GitHub Advisory Database
Blast Radius: 31.2
Published: about 3 years ago
High
GSA_kwCzR0hTQS1ncmc0LXdmMjktcjl2ds0Vrg
Bzip2Decoder doesn't allow setting size restrictions for decompressed data
Ecosystems: maven
Packages: io.netty:netty, org.jboss.netty:netty, io.netty:netty-codec
Source: GitHub Advisory Database
Blast Radius: 31.2
Published: about 3 years ago
Moderate
GSA_kwCzR0hTQS1qZjl2LXE4dmgtM2ZtY80VrQ
Cross-site scripting in ICEcoder
Ecosystems: packagist
Packages: icecoder/icecoder
Source: GitHub Advisory Database
Blast Radius: 1.6
Published: about 3 years ago
High
GSA_kwCzR0hTQS0yajU4LXB3d3YteDY2Ns0VrA
Cross-Site Request Forgery in sqlite-web
Ecosystems: pypi
Packages: sqlite-web
Source: GitHub Advisory Database
Blast Radius: 11.9
Published: about 3 years ago
Moderate
GSA_kwCzR0hTQS0ycjJ3LWpyaDItcDRncs0Vqw
Cross-site Scripting in LibreNMS
Ecosystems: packagist
Packages: librenms/librenms
Source: GitHub Advisory Database
Blast Radius: 1.6
Published: about 3 years ago
Critical
GSA_kwCzR0hTQS1jNDQyLTMyNzgtcmhyZ80Vqg
Unrestricted File Upload in ShowDoc v2.9.5
Ecosystems: packagist
Packages: showdoc/showdoc
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 3 years ago
High
GSA_kwCzR0hTQS02MjRmLWNxdnItM3F3NM0VqQ
Flask-AppBuilder Open Redirect vulnerability
Ecosystems: pypi
Packages: Flask-AppBuilder
Source: GitHub Advisory Database
Blast Radius: 19.9
Published: about 3 years ago
Moderate
GSA_kwCzR0hTQS02aHc1LTZnY3gtcGhtd80VpQ
HashiCorp Consul and Consul Enterprise 1.10.1 Txn.Apply endpoint allowed services to register proxies for other services, enabling access to service traffic.
Ecosystems: go
Packages: github.com/hashicorp/consul
Source: GitHub Advisory Database
Blast Radius: 22.6
Published: about 3 years ago
High
GSA_kwCzR0hTQS1jY3c4LTc2ODgtdnF4NM0Vpw
HashiCorp Consul Privilege Escalation Vulnerability
Ecosystems: go
Packages: github.com/hashicorp/consul
Source: GitHub Advisory Database
Blast Radius: 30.6
Published: about 3 years ago
High
GSA_kwCzR0hTQS1jOHgzLXJnNzItZnd3Z80Vpg
Privilege escalation in Hashicorp Nomad
Ecosystems: go
Packages: github.com/hashicorp/nomad
Source: GitHub Advisory Database
Blast Radius: 20.4
Published: about 3 years ago
High
GSA_kwCzR0hTQS1yNTc3LTRocTctNzNxaM0VpA
Remote Code Execution in Apache Dubbo
Ecosystems: maven
Packages: org.apache.dubbo:dubbo
Source: GitHub Advisory Database
Blast Radius: 30.9
Published: about 3 years ago
Critical
GSA_kwCzR0hTQS1jcHg5LTRyd3YtNDg2ds0VqA
Hessian protocol configuration vulnerability in Apache Dubbo
Ecosystems: maven
Packages: org.apache.dubbo:dubbo
Source: GitHub Advisory Database
Blast Radius: 34.4
Published: about 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZncjgtYzNtNS1tdnJn
Exposure of Sensitive Information to an Unauthorized Actor
Ecosystems: packagist
Packages: shopware/platform
Source: GitHub Advisory Database
Blast Radius: 11.8
Published: about 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTY4djktM2pqcS1ydnA0
Exposure of Sensitive Information to an Unauthorized Actor
Ecosystems: packagist
Packages: shopware/platform
Source: GitHub Advisory Database
Blast Radius: 7.0
Published: about 3 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJwODktNWYyMi04cXZm
Exposure of Sensitive Information to an Unauthorized Actor
Ecosystems: packagist
Packages: shopware/platform
Source: GitHub Advisory Database
Blast Radius: 14.4
Published: about 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWM3dmctdzhxOC1jM3dm
Session Fixation
Ecosystems: packagist
Packages: shopware/platform
Source: GitHub Advisory Database
Blast Radius: 9.3
Published: about 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTd2bXctN3g1Ny1xNmp3
Cross-site scripting
Ecosystems: packagist
Packages: shopware/shopware
Source: GitHub Advisory Database
Blast Radius: 7.9
Published: about 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXF3cHAtZmdyai1oNzhx
Exposure of Sensitive Information to an Unauthorized Actor
Ecosystems: packagist
Packages: shopware/shopware
Source: GitHub Advisory Database
Blast Radius: 8.8
Published: about 3 years ago
High
GSA_kwCzR0hTQS1mMzR4LThwZjYtcWM5Y80Vow
HTTP header injection in Sonatype Nexus Repository
Ecosystems: maven
Packages: org.sonatype.nexus:nexus-repository
Source: GitHub Advisory Database
Blast Radius: 14.4
Published: about 3 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTdxNDQtZ2Z2cS02Zzkz
SQL Injection in Subrion CMS
Ecosystems: packagist
Packages: intelliants/subrion
Source: GitHub Advisory Database
Blast Radius: 5.9
Published: about 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTNjMzMtMzQ2NS1maHgy
Exposure of Resource to Wrong Sphere in LibreNMS
Ecosystems: packagist
Packages: librenms/librenms
Source: GitHub Advisory Database
Blast Radius: 2.6
Published: about 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWpqY3gtOTk5bS0zNWhj
Improper Input Validation in Firefly III
Ecosystems: packagist
Packages: grumpydictator/firefly-iii
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: about 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTc0OGYtd3Y3Ni14OWhn
Arbitrary file upload in Fork CMS
Ecosystems: packagist
Packages: forkcms/forkcms
Source: GitHub Advisory Database
Blast Radius: 5.3
Published: about 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTU5MnYtN2ZybS1oNDRx
Cross-site scripting in LavaLite-CMS
Ecosystems: packagist
Packages: lavalite/cms
Source: GitHub Advisory Database
Blast Radius: 2.9
Published: about 3 years ago
High
GSA_kwCzR0hTQS0zcTZnLXZmNTgtN200Z80Vmw
Regular Expression Denial of Service in flask-restx
Ecosystems: pypi
Packages: flask-restx
Source: GitHub Advisory Database
Blast Radius: 25.3
Published: about 3 years ago
Critical
GSA_kwCzR0hTQS05cTV3LTc5Y3YtOTQ3bc0Vog
Unsafe defaults in `remark-html`
Ecosystems: npm
Packages: remark-html
Source: GitHub Advisory Database
Blast Radius: 43.1
Published: about 3 years ago
Critical
GSA_kwCzR0hTQS1yNjU5LTh4ZnAtajMyN80VoQ
objection.js Prototype Pollution vulnerability
Ecosystems: npm
Packages: objection
Source: GitHub Advisory Database
Blast Radius: 34.1
Published: about 3 years ago
Moderate
GSA_kwCzR0hTQS1tZnY3LWdxNDMtdzk2Nc0VoA
Incomplete List of Disallowed Inputs in Kubernetes
Ecosystems: go
Packages: k8s.io/kubernetes
Source: GitHub Advisory Database
Blast Radius: 20.7
Published: about 3 years ago
Moderate
GSA_kwCzR0hTQS05N3B2LTQzMzgtcjV2cM0Vnw
Cross-site Scripting in file-upload-with-preview
Ecosystems: npm
Packages: file-upload-with-preview
Source: GitHub Advisory Database
Blast Radius: 8.1
Published: about 3 years ago
Moderate
GSA_kwCzR0hTQS1mbW05LTNndjgtNThmNM0Vng
Improper Handling of Missing Values in kaml
Ecosystems: maven
Packages: com.charleskorn.kaml:kaml
Source: GitHub Advisory Database
Blast Radius: 9.6
Published: about 3 years ago
Moderate
GSA_kwCzR0hTQS13M2o0LTc2cXctd3dqbc0VnQ
Older releases of better_errors open to Cross-Site Request Forgery attack
Ecosystems: rubygems
Packages: better_errors
Source: GitHub Advisory Database
Blast Radius: 30.4
Published: about 3 years ago
High
GSA_kwCzR0hTQS05OHZ2LXB3NnItcTZxNM0VnA
Uncontrolled Resource Consumption in pillow
Ecosystems: pypi
Packages: pillow
Source: GitHub Advisory Database
Blast Radius: 37.1
Published: about 3 years ago
Critical
GSA_kwCzR0hTQS0yYzgzLXdmdjMtcTI1Zs0Vmg
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in ZMarkdown
Ecosystems: npm
Packages: rebber
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 3 years ago
High
GSA_kwCzR0hTQS1oNzdmLXh4eDctNDg1OM0VmQ
User impersonation due to incorrect handling of the login JWT
Ecosystems: maven
Packages: org.geysermc:connector
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 3 years ago
High
GSA_kwCzR0hTQS1jOHhwLThtZjMtNjJoOc0VmA
OctoRPKI lacks contextual out-of-bounds check when validating RPKI ROA maxLength values
Ecosystems: go
Packages: github.com/cloudflare/cfrpki
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 3 years ago
Critical
GSA_kwCzR0hTQS01OTN2LXdjcXgtaHEyd80Vlw
Incorrect version tags linked to external repository
Ecosystems: npm
Packages: parse-server
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 3 years ago
High
GSA_kwCzR0hTQS1jMzZ2LWZtZ3EtbThoeM0Vlg
Prototype Pollution in immer
Ecosystems: npm
Packages: immer
Source: GitHub Advisory Database
Blast Radius: 46.3
Published: about 3 years ago
High
GSA_kwCzR0hTQS04N3AyLWN2aHEtcTRtds0VlA
Authentication bypass in Apache Zeppelin
Ecosystems: maven
Packages: org.apache.zeppelin:zeppelin
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 3 years ago
Critical
GSA_kwCzR0hTQS00cXc4LXBncHItcDltcc0VlQ
Bash command injection in Apache Zeppelin
Ecosystems: maven
Packages: org.apache.zeppelin:zeppelin
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 3 years ago
Moderate
GSA_kwCzR0hTQS1tZjdxLWd3NWYtcThqas0Vkw
Cross-site Scripting in Apache Zeppelin
Ecosystems: maven
Packages: org.apache.zeppelin:zeppelin
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 3 years ago
High
GSA_kwCzR0hTQS1qcHd4LWZmanEtd3I0d80Vkg
Content object state fetch functions open to SQL injection
Ecosystems: packagist
Packages: ezsystems/ezpublish-legacy
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 3 years ago
High
GSA_kwCzR0hTQS05cmpwLXI1OGotZnhncc0VkQ
Path traversal in elFinder.NetCore
Ecosystems: nuget
Packages: elFinder.NetCore
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 3 years ago
Critical
GSA_kwCzR0hTQS13bXBtLWZxN3ItanE1Ns0VkA
Imporoper path validation in elFinder.NetCore
Ecosystems: nuget
Packages: elFinder.NetCore
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 3 years ago
High
GSA_kwCzR0hTQS12OXcyLXY3ajktcmpwcs0Vjw
Remote code execution in Eclipse Theia
Ecosystems: npm
Packages: @theia/mini-browser
Source: GitHub Advisory Database
Blast Radius: 20.3
Published: about 3 years ago
Moderate
GSA_kwCzR0hTQS1wOTJ4LXIzNnctOTM5Nc0Vjg
Type confusion in mpath
Ecosystems: npm
Packages: mpath
Source: GitHub Advisory Database
Blast Radius: 32.6
Published: about 3 years ago
High
GSA_kwCzR0hTQS01OGcyLTlmcXItMzZxMs0VjQ
Prototype Pollution in Proto
Ecosystems: npm
Packages: Proto
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWdyajUtOHg2cS1oYzlx
Path traversal in Grafana Loki
Ecosystems: go
Packages: github.com/grafana/loki
Source: GitHub Advisory Database
Blast Radius: 13.4
Published: about 3 years ago
Statistics
Advisories: 20,351
Packages: 8,931
Repositories: 5,446
Ecosystems: 12
Filter by Severity
Moderate 8,817 High 7,060 Critical 3,018 Low 1,120
Filter by Ecosystem
maven 5,802 packagist 4,526 pypi 4,296 npm 3,783 go 2,245 nuget 1,532 rubygems 872 cargo 862 swift 32 hex 30 actions 19 pub 9
Filter by Package
tensorflow 433 tensorflow-gpu 425 tensorflow-cpu 422 moodle/moodle 343 Microsoft.ChakraCore 247 magento/community-edition 235 org.jenkins-ci.main:jenkins-core 193 typo3/cms 174 org.apache.tomcat:tomcat 132 pimcore/pimcore 118 dolibarr/dolibarr 112 typo3/cms-core 106 Django 100 microweber/microweber 94 phpmyadmin/phpmyadmin 92 drupal/core 92 silverstripe/framework 85 apache-airflow 84 drupal/drupal 77 Plone 72 thorsten/phpmyfaq 70 com.fasterxml.jackson.core:jackson-databind 69 symfony/symfony 64 ansible 63 github.com/usememos/memos 63 concrete5/concrete5 60 actionpack 60 librenms/librenms 60 github.com/mattermost/mattermost/server/v8 56 org.apache.struts:struts2-core 55 salt 55 shopware/platform 52 org.keycloak:keycloak-core 51 apache-superset 51 nova 47 github.com/grafana/grafana 47 mlflow 46 com.liferay.portal:release.portal.bom 46 django 44 baserproject/basercms 43 craftcms/cms 43 nokogiri 43 rdiffweb 42 plone 41 shopware/core 40 showdoc/showdoc 40 intelliants/subrion 39 vyper 38 froxlor/froxlor 38 org.xwiki.platform:xwiki-platform-oldcore 37 org.apache.tomcat.embed:tomcat-embed-core 37 nilsteampassnet/teampass 37 github.com/mattermost/mattermost-server/v6 37 mautic/core 37 org.keycloak:keycloak-services 36 org.elasticsearch:elasticsearch 36 com.thoughtworks.xstream:xstream 36 com.jfinal:jfinal 36 github.com/hashicorp/vault 36 net.mingsoft:ms-mcms 35 matrix-synapse 35 moin 35 github.com/rancher/rancher 34 snipe/snipe-it 34 k8s.io/kubernetes 34 zendframework/zendframework1 34 github.com/answerdev/answer 34 gradio 32 io.undertow:undertow-core 32 org.jenkins-ci.plugins:script-security 32 Pillow 31 parse-server 31 opencv-contrib-python 31 opencv-python 31 github.com/argoproj/argo-cd 31 keystone 31 shopware/shopware 30 getgrav/grav 29 github.com/docker/docker 29 github.com/argoproj/argo-cd/v2 27 centreon/centreon 27 github.com/hashicorp/nomad 27 directus 26 github.com/hashicorp/consul 26 pillow 26 electron 26 openssl-src 26 prestashop/prestashop 26 org.apache.solr:solr-core 25 github.com/cilium/cilium 25 rubygems-update 25 org.keycloak:keycloak-parent 25 magento/core 24 org.eclipse.jetty:jetty-server 24 mediawiki/core 24 gogs.io/gogs 24 org.springframework.security:spring-security-core 24 contao/core-bundle 24 zendframework/zendframework 23 rack 23 pocketmine/pocketmine-mp 23 puppet 23 simplesamlphp/simplesamlphp 23 grumpydictator/firefly-iii 23 remdex/livehelperchat 23 tribalsystems/zenario 22 getkirby/cms 22 ckb 22 org.bouncycastle:bcprov-jdk14 22 @openzeppelin/contracts-upgradeable 21 org.apache.openmeetings:openmeetings-parent 21 Microsoft.AspNetCore.App.Runtime.win-x64 21 Microsoft.AspNetCore.App.Runtime.win-x86 21 org.apache.nifi:nifi 21 activerecord 21 @openzeppelin/contracts 20 Microsoft.AspNetCore.App.Runtime.win-arm 20 glance 20 code.gitea.io/gitea 20 github.com/ethereum/go-ethereum 20 org.cloudfoundry.identity:cloudfoundry-identity-server 20 contao/contao 19 DotNetNuke.Core 19 org.xwiki.platform:xwiki-platform-web-templates 19 laravel/framework 19 org.springframework:spring-core 19 mindsdb 18 Microsoft.AspNetCore.App.Runtime.linux-musl-x64 18 com.liferay.portal:release.dxp.bom 18 github.com/traefik/traefik/v2 18 Microsoft.AspNetCore.App.Runtime.linux-x64 18 Microsoft.AspNetCore.App.Runtime.linux-arm64 18 forkcms/forkcms 18 github.com/goharbor/harbor 18 Microsoft.AspNetCore.App.Runtime.osx-x64 18 mercurial 18 cockpit-hq/cockpit 18 Microsoft.AspNetCore.App.Runtime.win-arm64 18 topthink/framework 18 next 18 Microsoft.AspNetCore.App.Runtime.linux-arm 18 langchain 18 com.vaadin:vaadin-bom 18 golang.org/x/net 18 wasmtime 18 francoisjacquet/rosariosis 17 cobbler 17 notebook 17 genix/cms 17 org.apache.geode:geode-core 17 helm.sh/helm/v3 17 Microsoft.AspNetCore.App.Runtime.linux-musl-arm64 17 PaddlePaddle 17 symfony/security 17 cakephp/cakephp 17 ezsystems/ezpublish-kernel 17 opencart/opencart 17 typo3/cms-backend 16 sequelize 16 org.apache.activemq:activemq-client 16 org.bouncycastle:bcprov-jdk15 16 rusqlite 16 tinymce 16 cryptography 16 org.apache.jspwiki:jspwiki-main 16 yetiforce/yetiforce-crm 16 neutron 16 openmage/magento-lts 16 org.apache.dubbo:dubbo 16 ethyca-fides 15 october/system 15 ec-cube/ec-cube 15 smarty/smarty 15 ckeditor4 15 paddlepaddle 15 pyload-ng 15 org.apache.struts.xwork:xwork-core 15 ghost 15 silverstripe/cms 14 activesupport 14 feehi/cms 14 publify_core 14 github.com/zitadel/zitadel 14 github.com/nats-io/nats-server/v2 14 org.apache.inlong:manager-pojo 14 phpmailer/phpmailer 14 org.xwiki.platform:xwiki-platform-web 14 pyftpdlib 14 github.com/containerd/containerd 14 swagger-ui 14 bolt/bolt 14 symfony/security-http 14 modoboa 14 elefant/cms 13 passenger 13 joplin 13 github.com/mattermost/mattermost-server 13 vantage6 13 github.com/opencontainers/runc 13 org.apache.cxf:cxf 13
Filter by Repository
https://github.com/tensorflow/tensorflow 433 https://github.com/chakra-core/ChakraCore 214 https://github.com/moodle/moodle 214 https://github.com/xwiki/xwiki-platform 183 https://github.com/jenkinsci/jenkins 150 https://github.com/pimcore/pimcore 113 https://github.com/django/django 113 https://github.com/apache/airflow 98 https://github.com/apache/tomcat 97 https://github.com/microweber/microweber 88 https://github.com/TYPO3/typo3 74 https://github.com/keycloak/keycloak 74 https://github.com/FasterXML/jackson-databind 70 https://github.com/thorsten/phpmyfaq 69 https://github.com/silverstripe/silverstripe-framework 64 https://github.com/usememos/memos 63 https://github.com/rails/rails 59 https://github.com/symfony/symfony 57 https://github.com/ansible/ansible 56 https://github.com/Dolibarr/dolibarr 56 https://github.com/python-pillow/Pillow 52 https://github.com/kubernetes/kubernetes 52 https://github.com/librenms/librenms 52 https://github.com/apache/struts 46 https://github.com/spring-projects/spring-framework 45 https://github.com/shopware/platform 43 https://github.com/argoproj/argo-cd 42 https://github.com/ikus060/rdiffweb 42 https://github.com/concretecms/concretecms 41 https://github.com/grafana/grafana 40 https://github.com/magento/magento2 38 https://github.com/vyperlang/vyper 38 https://github.com/star7th/showdoc 38 https://github.com/phpmyadmin/phpmyadmin 38 https://github.com/plone/Products.CMFPlone 37 https://github.com/openstack/nova 37 https://github.com/x-stream/xstream 36 https://github.com/octobercms/october 35 https://github.com/mautic/mautic 35 https://github.com/saltstack/salt 34 https://github.com/answerdev/answer 34 https://github.com/apache/activemq 33 https://github.com/matrix-org/synapse 32 https://github.com/sparklemotion/nokogiri 32 https://github.com/go-gitea/gitea 32 https://github.com/opencv/opencv 32 https://github.com/craftcms/cms 31 https://github.com/PaddlePaddle/Paddle 31 https://github.com/dotnet/runtime 31 https://github.com/parse-community/parse-server 31 https://github.com/gradio-app/gradio 30 https://github.com/snipe/snipe-it 30 https://github.com/mlflow/mlflow 30 https://github.com/rancher/rancher 29 https://github.com/shopware/shopware 28 https://github.com/CVEProject/cvelist 28 https://github.com/openstack/keystone 28 https://github.com/apache/inlong 27 https://github.com/froxlor/froxlor 26 https://github.com/directus/directus 25 https://github.com/electron/electron 25 https://github.com/contao/contao 25 https://github.com/cilium/cilium 25 https://github.com/getgrav/grav 24 https://github.com/github/advisory-database 24 https://github.com/gogs/gogs 24 https://github.com/strapi/strapi 24 https://github.com/TYPO3/TYPO3.CMS 24 https://github.com/pmmp/PocketMine-MP 23 https://github.com/firefly-iii/firefly-iii 23 https://github.com/eclipse/jetty.project 23 https://github.com/livehelperchat/livehelperchat 23 https://github.com/baserproject/basercms 22 https://github.com/apache/nifi 22 https://github.com/PrestaShop/PrestaShop 22 https://github.com/nervosnetwork/ckb 22 https://github.com/jenkinsci/script-security-plugin 21 https://github.com/apache/cxf 21 https://github.com/OpenNMS/opennms 20 https://github.com/OpenZeppelin/openzeppelin-contracts 20 https://github.com/jeecgboot/jeecg-boot 20 https://github.com/netty/netty 20 https://github.com/simplesamlphp/simplesamlphp 20 https://github.com/langchain-ai/langchain 20 https://github.com/umbraco/Umbraco-CMS 20 https://github.com/cloudfoundry/uaa 19 https://github.com/hashicorp/consul 19 https://github.com/nilsteampassnet/teampass 19 https://github.com/bytecodealliance/wasmtime 19 https://github.com/bcgit/bc-java 19 https://github.com/getkirby/kirby 19 https://github.com/helm/helm 18 https://github.com/traefik/traefik 18 https://github.com/rubygems/rubygems 18 https://github.com/nilsteampassnet/TeamPass 18 https://github.com/intelliants/subrion 18 https://github.com/rack/rack 18 https://github.com/geoserver/geoserver 18 https://github.com/goharbor/harbor 18 https://github.com/mindsdb/mindsdb 17 https://github.com/vaadin/platform 17 https://github.com/undertow-io/undertow 17 https://github.com/moby/moby 17 https://github.com/zitadel/zitadel 17 https://github.com/liufee/cms 17 https://github.com/OpenMage/magento-lts 16 https://github.com/ethereum/go-ethereum 16 https://github.com/TYPO3-CMS/core 16 https://github.com/tinymce/tinymce 16 https://github.com/opencast/opencast 16 https://github.com/rusqlite/rusqlite 16 https://github.com/backstage/backstage 16 https://github.com/etcd-io/etcd 16 https://github.com/sequelize/sequelize 16 https://github.com/forkcms/forkcms 16 https://github.com/yetiforcecompany/yetiforcecrm 16 https://github.com/hashicorp/vault 16 https://github.com/puppetlabs/puppet 15 https://github.com/zendframework/zendframework 15 https://github.com/denoland/deno 15 https://github.com/pyload/pyload 15 https://github.com/PHPMailer/PHPMailer 15 https://github.com/centreon/centreon 15 https://github.com/ethyca/fides 15 https://github.com/mattermost/mattermost 15 https://github.com/pyca/cryptography 15 https://github.com/apache/camel 15 https://github.com/vantage6/vantage6 15 https://github.com/laravel/framework 15 https://github.com/cobbler/cobbler 14 https://github.com/ckeditor/ckeditor4 14 https://github.com/xuxueli/xxl-job 14 https://github.com/twisted/twisted 14 https://github.com/decidim/decidim 14 https://github.com/dotnet/aspnetcore 14 https://github.com/vercel/next.js 14 https://github.com/containerd/containerd 14 https://github.com/cockpit-hq/cockpit 14 https://github.com/dompdf/dompdf 13 https://github.com/dromara/hutool 13 https://github.com/hashicorp/nomad 13 https://github.com/ming-soft/MCMS 13 https://github.com/quarkusio/quarkus 13 https://github.com/apache/dolphinscheduler 13 https://github.com/swagger-api/swagger-ui 13 https://github.com/publify/publify 13 https://github.com/golang/go 13 https://github.com/nodejs/undici 13 https://github.com/OPCFoundation/UA-.NETStandard 13 https://github.com/modoboa/modoboa 13 https://github.com/TryGhost/Ghost 13 https://github.com/laurent22/joplin 12 https://github.com/opencontainers/runc 12 https://github.com/centreon/centreon-archived 12 https://github.com/smarty-php/smarty 12 https://github.com/apache/kylin 12 https://github.com/pimcore/admin-ui-classic-bundle 12 https://github.com/urllib3/urllib3 12 https://github.com/wagtail/wagtail 12 https://github.com/puma/puma 12 https://github.com/openfga/openfga 12 https://github.com/surrealdb/surrealdb 12 https://github.com/1Panel-dev/1Panel 12 https://github.com/patriksimek/vm2 12 https://github.com/containers/podman 12 https://github.com/aio-libs/aiohttp 12 https://github.com/yiisoft/yii2 11 https://github.com/owen2345/camaleon-cms 11 https://github.com/pomerium/pomerium 11 https://github.com/drupal/core 11 https://github.com/thorsten/phpMyFAQ 11 https://github.com/NodeBB/NodeBB 11 https://github.com/cloudflare/cfrpki 11 https://github.com/vaadin/flow 11 https://github.com/ezsystems/ezpublish-kernel 11 https://github.com/onionshare/onionshare 11 https://github.com/Studio-42/elFinder 11 https://github.com/cakephp/cakephp 11 https://github.com/dpgaspar/Flask-AppBuilder 11 https://github.com/WWBN/AVideo 11 https://github.com/janeczku/calibre-web 11 https://github.com/openstack/glance 11 https://github.com/top-think/framework 11 https://github.com/Sylius/Sylius 11 https://github.com/igniterealtime/Openfire 11 https://github.com/scrapy/scrapy 11 https://github.com/nats-io/nats-server 11 https://github.com/dolibarr/dolibarr 10 https://github.com/keystonejs/keystone 10 https://github.com/jquery/jquery 10 https://github.com/nautobot/nautobot 10 https://github.com/jupyter/notebook 10 https://github.com/funadmin/funadmin 10 https://github.com/matrix-org/matrix-js-sdk 10 https://github.com/apache/zeppelin 10 https://github.com/zopefoundation/Zope 10 https://github.com/zenml-io/zenml 10 https://github.com/spring-projects/spring-security 10 https://github.com/PHPOffice/PhpSpreadsheet 10