Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories

Browse all Security Advisories for

Loading...
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTV4YzYtZnBjNy00cXZn
CoAPthon DoS due to Exceptions
Ecosystems: pypi
Packages: CoAPthon
Source: GitHub Advisory Database
Blast Radius: 3.6
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWM2Zm0tcmd3NC04cTcz
CoAPthon3 vulnerable to Deserialization of Untrusted Data
Ecosystems: pypi
Packages: CoAPthon3
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXI4aDktaHE5Yy0ycDVj
High severity vulnerability that affects com.github.shyiko.ktlint:ktlint-core
Ecosystems: maven
Packages: com.github.shyiko.ktlint:ktlint-core
Source: GitHub Advisory Database
Blast Radius: 2.4
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJoaHctcDhtZy1qcm02
Path Traversal in http-live-simulator
Ecosystems: npm
Packages: http-live-simulator
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWdtMjktMzVjNy04Y2Z3
Cross-Site Scripting in buttle
Ecosystems: npm
Packages: buttle
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 5 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZxcXYtdjltMi00OHAy
Bootstrap-sass contains code execution backdoor
Ecosystems: rubygems
Packages: bootstrap-sass
Source: GitHub Advisory Database
Blast Radius: 50.9
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTUzNXYtNHg5cS00NDZj
Improper Authorization in org.apache.hbase:hbase
Ecosystems: maven
Packages: org.apache.hbase:hbase
Source: GitHub Advisory Database
Blast Radius: 27.5
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJ2NjItNHBtai14dzZo
Open Redirect vulnerability in jupyterhub and notebook
Ecosystems: pypi
Packages: jupyterhub, notebook
Source: GitHub Advisory Database
Blast Radius: 29.2
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTcycDUtMnI2Zy1mbTZ2
Moderate severity vulnerability that affects total.js
Ecosystems: npm
Packages: total.js
Source: GitHub Advisory Database
Blast Radius: 12.6
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWZtcHEtdzVxNi05dmY5
Moderate severity vulnerability that affects org.apache.jspwiki:jspwiki-main
Ecosystems: maven
Packages: org.apache.jspwiki:jspwiki-main
Source: GitHub Advisory Database
Blast Radius: 7.9
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWpwdjMtZzRjYy02dmZ4
Improper Control of Generation of Code ('Code Injection') in org.apache.activemq:activemq-client
Ecosystems: maven
Packages: org.apache.activemq:activemq-client
Source: GitHub Advisory Database
Blast Radius: 28.6
Published: over 5 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXEyeHAtNzVtNy1ndjUy
Improper Input Validation in net.sf.robocode:robocode.host allows for external service interaction
Ecosystems: maven
Packages: net.sf.robocode:robocode.host
Source: GitHub Advisory Database
Blast Radius: 10.6
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWgyZjQtdjRjNC02d3g0
Uncontrolled Resource Consumption in org.eclipse.jetty:jetty-server
Ecosystems: maven
Packages: org.eclipse.jetty:jetty-server
Source: GitHub Advisory Database
Blast Radius: 34.0
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXhnNzUtMzI3Ny1ndnZq
Directory Traversal in serve
Ecosystems: npm
Packages: serve
Source: GitHub Advisory Database
Blast Radius: 37.6
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXY1ODgtcWNwMy1qdjQ2
Path Traversal in serve
Ecosystems: npm
Packages: serve
Source: GitHub Advisory Database
Blast Radius: 37.6
Published: over 5 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWd3Zzktcmd2ai00aDVq
Code Injection in morgan
Ecosystems: npm
Packages: morgan
Source: GitHub Advisory Database
Blast Radius: 58.7
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWNqamYtOTRmZi00M3c3
jackson-databind Deserialization of Untrusted Data vulnerability
Ecosystems: maven
Packages: com.fasterxml.jackson.core:jackson-databind
Source: GitHub Advisory Database
Blast Radius: 40.4
Published: over 5 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWY1OHctNjQ5ci1xanI5
splunk-sdk does not properly verify untrusted TLS server certificates
Ecosystems: pypi
Packages: splunk-sdk
Source: GitHub Advisory Database
Blast Radius: 17.9
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJmY2gtanZnNS1jcmY2
Improper Input Validation python-gnupg
Ecosystems: pypi
Packages: python-gnupg
Source: GitHub Advisory Database
Blast Radius: 24.9
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTVjZjQtanF3cC01ODRn
Improper Privilege Management in org.apache.hadoop:hadoop-main
Ecosystems: maven
Packages: org.apache.hadoop:hadoop-main
Source: GitHub Advisory Database
Blast Radius: 6.7
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXBtdjYtZ2Y5OC1wM3I1
Command Injection in kill-port
Ecosystems: npm
Packages: kill-port
Source: GitHub Advisory Database
Blast Radius: 27.8
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXF3ajgtcDY2Mi0zbTd4
Path Traversal in localhost-now
Ecosystems: npm
Packages: localhost-now
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 5 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWdjbTQtcTJwZy14dzg5
ipycache is vulnerable to Code Injection
Ecosystems: pypi
Packages: ipycache
Source: GitHub Advisory Database
Blast Radius: 11.7
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTg2OWotNTg1NS1oanBt
Moderate severity vulnerability that affects org.apache.karaf:apache-karaf and org.apache.karaf:karaf
Ecosystems: maven
Packages: org.apache.karaf:apache-karaf, org.apache.karaf:karaf
Source: GitHub Advisory Database
Blast Radius: 20.2
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTU3M3gtamhxaC1qZzM2
Improper Certificate Validation in chloride
Ecosystems: rubygems
Packages: chloride
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZ2NGMtZzZxNy1wM3E3
Doorkeeper-openid_connect contains Open Redirect
Ecosystems: rubygems
Packages: doorkeeper-openid_connect
Source: GitHub Advisory Database
Blast Radius: 18.0
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTczcmYtNm1yZi03NTlx
devise Time-of-check Time-of-use Race Condition vulnerability
Ecosystems: rubygems
Packages: devise
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXhtYzgtY2pmci1waHgz
Regular Expression Denial of Service in highcharts
Ecosystems: npm
Packages: highcharts
Source: GitHub Advisory Database
Blast Radius: 31.7
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWg0MzYtNDMyeC04ZnZ4
Apache Commons Compress vulnerable to denial of service due to infinite loop
Ecosystems: maven
Packages: io.takari:commons-compress, com.liferay:com.liferay.portal.tools.bundle.support, org.apache.commons:commons-compress
Source: GitHub Advisory Database
Blast Radius: 24.1
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZtcXEtOHI0NC12bWpj
Exposure of Sensitive Information to an Unauthorized Actor in Apache Spark
Ecosystems: pypi, maven
Packages: pyspark, org.apache.spark:spark-core_2.11, org.apache.spark:spark-core_2.10
Source: GitHub Advisory Database
Blast Radius: 36.4
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLThjdzYtNXF2cC1xM3dq
Exposure of Sensitive Information to an Unauthorized Actor in Apache Spark via crafted URL
Ecosystems: maven
Packages: org.apache.spark:spark-core_2.11, org.apache.spark:spark-core_2.10
Source: GitHub Advisory Database
Blast Radius: 21.3
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTVndm0taHJ3NS1oNnhm
Improper Authentication in org.apache.hive:hive, org.apache.hive:hive-exec, and org.apache.hive:hive-service
Ecosystems: maven
Packages: org.apache.hive:hive-service, org.apache.hive:hive-exec, org.apache.hive:hive
Source: GitHub Advisory Database
Blast Radius: 25.4
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWdmMnYtOWhwNi00NHFn
org.apache.hive:hive, org.apache.hive:hive-exec, and org.apache.hive:hive-service vulnerable to Improper Certificate Validation
Ecosystems: maven
Packages: org.apache.hive:hive-exec, org.apache.hive:hive-service, org.apache.hive:hive
Source: GitHub Advisory Database
Blast Radius: 26.1
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJnOXEtY2hxMi13OHF3
Moderate severity vulnerability that affects org.apache.hive:hive, org.apache.hive:hive-exec, and org.apache.hive:hive-service
Ecosystems: maven
Packages: org.apache.hive:hive-service, org.apache.hive:hive-exec, org.apache.hive:hive
Source: GitHub Advisory Database
Blast Radius: 15.0
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZyaDgtMjdxOC1mcjhm
Server-Side Request Forgery (SSRF) in org.apache.solr:solr-core
Ecosystems: maven
Packages: org.apache.solr:solr-core
Source: GitHub Advisory Database
Blast Radius: 27.7
Published: over 5 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXhoY3EtZnY3eC1ncnIy
Critical severity vulnerability that affects org.apache.solr:solr-core
Ecosystems: maven
Packages: org.apache.solr:solr-core
Source: GitHub Advisory Database
Blast Radius: 36.2
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTc3cnYtNnZmdy14NGdj
spring-security-oauth and spring-security-oauth2 Open Redirect vulnerability
Ecosystems: maven
Packages: org.springframework.security.oauth:spring-security-oauth2, org.springframework.security.oauth:spring-security-oauth
Source: GitHub Advisory Database
Blast Radius: 25.8
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWdwMzItN2gyOS1ycHht
Moderate severity vulnerability that affects com.puppycrawl.tools:checkstyle
Ecosystems: maven
Packages: com.puppycrawl.tools:checkstyle
Source: GitHub Advisory Database
Blast Radius: 16.7
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJqNXYtZmM3NC1qOXEy
Cross-Site Scripting in editor.md
Ecosystems: npm
Packages: editor.md
Source: GitHub Advisory Database
Blast Radius: 12.7
Published: over 5 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW00MmgtbWg4NS00cWdj
Use of Insufficiently Random Values in Railties Allows Remote Code Execution
Ecosystems: rubygems
Packages: railties
Source: GitHub Advisory Database
Blast Radius: 58.2
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTg2ZzUtMndoMy1nYzlq
Path Traversal in Action View
Ecosystems: rubygems
Packages: actionview
Source: GitHub Advisory Database
Blast Radius: 43.3
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW02M2otd2g1dy1jMjUy
Denial of Service Vulnerability in Action View
Ecosystems: rubygems
Packages: actionview
Source: GitHub Advisory Database
Blast Radius: 43.3
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTg1NTQtanhjdy00NTRx
Webargs mishandles concurrent JSON parsing
Ecosystems: pypi
Packages: webargs
Source: GitHub Advisory Database
Blast Radius: 26.0
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWM5aDYteGhnOS14eHJ2
Improper Input Validation in Apache Qpid Broker-J
Ecosystems: maven
Packages: org.apache.qpid:apache-qpid-broker-j
Source: GitHub Advisory Database
Blast Radius: 5.8
Published: over 5 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXdnMzctN21ydi1jZndt
Unauthenticated Remote Code Execution in Apache JMeter
Ecosystems: maven
Packages: org.apache.jmeter:ApacheJMeter
Source: GitHub Advisory Database
Blast Radius: 18.0
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXAyeHEtdmNtNy14amo2
Stack Overflow in Apache Mesos
Ecosystems: maven
Packages: org.apache.mesos:mesos
Source: GitHub Advisory Database
Blast Radius: 22.4
Published: over 5 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXBmd3AtOHBxNC1nN3B2
Incomplete List of Disallowed Inputs in SOFA-Hessian
Ecosystems: maven
Packages: com.alipay.sofa:hessian
Source: GitHub Advisory Database
Blast Radius: 19.5
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTk5Y3YtOGN2di02NjZj
Apache Airflow vulnerable to Stored XSS
Ecosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Blast Radius: 17.6
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXhnamMtNDljdy01Mjlt
Moderate severity vulnerability that affects org.b3log:symphony
Ecosystems: maven
Packages: org.b3log:symphony
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWZ4N20tajcyOC1tancz
uap-core Regular Expression Denial of Service issue
Ecosystems: npm
Packages: uap-core
Source: GitHub Advisory Database
Blast Radius: 7.7
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTl2M20tOGZwOC1tajk5
Bootstrap Vulnerable to Cross-Site Scripting
Ecosystems: packagist, maven, rubygems, npm, nuget
Packages: twbs/bootstrap, org.webjars:bootstrap, twitter-bootstrap-rails, bootstrap-sass, bootstrap, bootstrap.sass, Bootstrap.Less
Source: GitHub Advisory Database
Blast Radius: 150.3
Published: almost 6 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWZ4d20tNTc5cS00OXFx
Moderate severity vulnerability that affects Bootstrap.Less, bootstrap, and bootstrap.sass
Ecosystems: nuget
Packages: Bootstrap.Less, bootstrap, bootstrap.sass
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 6 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXdoNzctM3g0bS00cTln
Moderate severity vulnerability that affects bootstrap and bootstrap-sass
Ecosystems: npm
Packages: bootstrap-sass, bootstrap
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 6 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTNxMzItajU3dy1xNHc3
Path Traversal in total.js
Ecosystems: npm
Packages: total.js
Source: GitHub Advisory Database
Blast Radius: 15.5
Published: almost 6 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTY2NjMtYzk2My0yZ3Fn
DoS due to excessively large websocket message in ws
Ecosystems: npm
Packages: ws
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 6 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXFnOHAtdjlxNC1naDM0
Potential Command Injection in shell-quote
Ecosystems: npm
Packages: shell-quote
Source: GitHub Advisory Database
Blast Radius: 62.4
Published: almost 6 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXE0M20tZmZ3ci1ycGNj
SSL Validation Defaults to False in electron-packager
Ecosystems: npm
Packages: electron-packager
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 6 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZmdmYtbXFxOC1yd3Fj
Sanitization bypass using HTML Entities in marked
Ecosystems: npm
Packages: marked
Source: GitHub Advisory Database
Blast Radius: 34.6
Published: almost 6 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTg1NngtY3AzcS00N3Zn
Insecure Default Configuration in airbrake
Ecosystems: npm
Packages: airbrake
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 6 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWpoNXctNjk2NC14NWNm
Downloads Resources over HTTP in chromedriver
Ecosystems: npm
Packages: chromedriver
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 6 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJocGotZzUzbS05Z2o2
closure-util downloads Resources over HTTP
Ecosystems: npm
Packages: closure-util
Source: GitHub Advisory Database
Blast Radius: 22.0
Published: almost 6 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTg5OWctNnE2dy03djk0
m-server Vulnerable to Directory Traversal
Ecosystems: npm
Packages: m-server
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 6 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZ2d3AtM2Y1NC14YzM5
Downloads Resources over HTTP in broccoli-closure
Ecosystems: npm
Packages: broccoli-closure
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 6 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTRwZjctNTc5dy1mNGdt
dwebp-bin downloads Resources over HTTP
Ecosystems: npm
Packages: dwebp-bin
Source: GitHub Advisory Database
Blast Radius: 6.8
Published: almost 6 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXF4OW0tMjd3aC03Zmpn
Downloads Resources over HTTP in jvminstall
Ecosystems: npm
Packages: jvminstall
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 6 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTlqZjMtZjJwZy03ODY4
nw-with-arm downloads Resources over HTTP
Ecosystems: npm
Packages: nw-with-arm
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 6 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTN2djUtNDJ3ci1tMzJn
Downloads Resources over HTTP in scala-bin
Ecosystems: npm
Packages: scala-bin
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 6 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWc5NWotcDhmNi1wd2g0
headless-browser-lite downloads Resources over HTTP
Ecosystems: npm
Packages: headless-browser-lite
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 6 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTNjODctcjlmNy1xZmdx
Downloads Resources over HTTP in macaca-chromedriver-zxa
Ecosystems: npm
Packages: macaca-chromedriver-zxa
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 6 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZwNDgteGZqMy1qdzY3
Downloads Resources over HTTP in fibjs
Ecosystems: npm
Packages: fibjs
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 6 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTg3ZzMteDg5Ni13Nzk4
Downloads Resources over HTTP in atom-node-module-installer
Ecosystems: npm
Packages: atom-node-module-installer
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 6 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXgzajgtZzR2OS02N2px
Downloads Resources over HTTP in pennyworth
Ecosystems: npm
Packages: pennyworth
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 6 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLThyOTgtcnFnNS00dm0z
node-browser downloads Resources over HTTP
Ecosystems: npm
Packages: node-browser
Source: GitHub Advisory Database
Blast Radius: 5.7
Published: almost 6 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTM2MngtMzRoMy1oNmg2
Downloads Resources over HTTP in box2d-native
Ecosystems: npm
Packages: box2d-native
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 6 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLThwNTItN2N4di02Yzk1
Downloads Resources over HTTP in curses
Ecosystems: npm
Packages: curses
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 6 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTczNWMtcjR2Yy02Z205
Downloads Resources over HTTP in bionode-sra
Ecosystems: npm
Packages: bionode-sra
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 6 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJtaGgtdzZxOC01aHh3
Remote Memory Disclosure in ws
Ecosystems: npm
Packages: ws
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 6 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWY3NTctOWM0eC1jaGZm
poco downloads Resources over HTTP
Ecosystems: npm
Packages: poco
Source: GitHub Advisory Database
Blast Radius: 15.0
Published: almost 6 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTcyMnEtM2c5eC12cDhx
Downloads Resources over HTTP in tomita-parser
Ecosystems: npm
Packages: tomita-parser
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 6 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTN4ODMtcDQ3Ni12djk1
Downloads Resources over HTTP in selenium-standalone-painful
Ecosystems: npm
Packages: selenium-standalone-painful
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 6 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTR2MmMtZzJ4Yy00N2Z2
Downloads Resources over HTTP in massif
Ecosystems: npm
Packages: massif
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 6 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTk4cHEtcG13OS00Z3Bt
SQL Injection in sequelize
Ecosystems: npm
Packages: sequelize
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 6 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJ2N3EtMnhxeC1mNHE1
Potential SQL Injection in sequelize
Ecosystems: npm
Packages: sequelize
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 6 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXgyamMtcHdmai1oOXAz
SQL Injection in sequelize
Ecosystems: npm
Packages: sequelize
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 6 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWNncHAtd20yaC02aHF4
SQL Injection in waterline-sequel
Ecosystems: npm
Packages: waterline-sequel
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 6 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTljMnAtanc4cC1mODR2
SQL Injection in sequelize
Ecosystems: npm
Packages: sequelize
Source: GitHub Advisory Database
Blast Radius: 39.6
Published: almost 6 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXY1djMtOGpxZi12ZzI3
Downloads Resources over HTTP in aerospike
Ecosystems: npm
Packages: aerospike
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 6 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXg1cGgtNGZyNC1nN2Z3
Downloads Resources over HTTP in galenframework-cli
Ecosystems: npm
Packages: galenframework-cli
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 6 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWpmZ3EtZzQ4eC1qcTgz
Downloads Resources over HTTP in iedriver
Ecosystems: npm
Packages: iedriver
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 6 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWczeHAtdjJmZi14NWMz
Downloads Resources over HTTP in go-ipfs-dep
Ecosystems: npm
Packages: go-ipfs-dep
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 6 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXdxN3EtN3ZmaC0yeDNo
install-nw downloads Resources over HTTP
Ecosystems: npm
Packages: install-nw
Source: GitHub Advisory Database
Blast Radius: 7.7
Published: almost 6 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWZmMjktZjU3dy0ybW0z
Downloads Resources over HTTP in geoip-lite-country
Ecosystems: npm
Packages: geoip-lite-country
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 6 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWc5M2gtNzVtOS0zcXE0
pngcrush-installer downloads Resources over HTTP
Ecosystems: npm
Packages: pngcrush-installer
Source: GitHub Advisory Database
Blast Radius: 3.9
Published: almost 6 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTR3bTUtcTd3di02angz
Downloads Resources over HTTP in bkjs-wand
Ecosystems: npm
Packages: bkjs-wand
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 6 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTdyOG0tNDVnYy1tMmM4
Downloads Resources over HTTP in mongodb-instance
Ecosystems: npm
Packages: mongodb-instance
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 6 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTM2MjctdzJxci01Znhy
fuseki downloads Resources over HTTP
Ecosystems: npm
Packages: fuseki
Source: GitHub Advisory Database
Blast Radius: 2.4
Published: almost 6 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWM0cXAtaDNtNi03ODVm
ibm_db downloads Resources over HTTP
Ecosystems: npm
Packages: ibm_db
Source: GitHub Advisory Database
Blast Radius: 27.3
Published: almost 6 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXFqZjQtNzY0Mi1jNTdw
Downloads Resources over HTTP in unicode
Ecosystems: npm
Packages: unicode
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 6 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWdjNmMtNXY5dy14bWh3
Downloads Resources over HTTP in nodewebkit
Ecosystems: npm
Packages: nodewebkit
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 6 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWhqZ3AtOGZmci1od3dy
closurecompiler downloads Resources over HTTP
Ecosystems: npm
Packages: closurecompiler
Source: GitHub Advisory Database
Blast Radius: 31.5
Published: almost 6 years ago
Statistics
Advisories: 20,786
Packages: 9,102
Repositories: 5,559
Ecosystems: 12
Filter by Severity
Moderate 8,878 High 7,317 Critical 3,078 Low 1,157
Filter by Ecosystem
maven 5,891 packagist 4,651 pypi 4,402 npm 3,830 go 2,314 nuget 1,553 cargo 891 rubygems 885 swift 33 hex 32 actions 21 pub 9
Filter by Package
tensorflow 433 tensorflow-gpu 427 tensorflow-cpu 423 moodle/moodle 367 Microsoft.ChakraCore 247 magento/community-edition 235 org.jenkins-ci.main:jenkins-core 193 typo3/cms 174 org.apache.tomcat:tomcat 132 pimcore/pimcore 118 dolibarr/dolibarr 113 typo3/cms-core 106 Django 100 microweber/microweber 94 phpmyadmin/phpmyadmin 92 drupal/core 92 silverstripe/framework 85 apache-airflow 85 drupal/drupal 78 librenms/librenms 74 Plone 72 thorsten/phpmyfaq 70 com.fasterxml.jackson.core:jackson-databind 69 symfony/symfony 69 github.com/usememos/memos 64 ansible 63 github.com/mattermost/mattermost/server/v8 61 concrete5/concrete5 60 actionpack 60 salt 56 org.apache.struts:struts2-core 55 org.keycloak:keycloak-core 52 shopware/platform 52 apache-superset 51 github.com/grafana/grafana 49 mlflow 47 baserproject/basercms 47 nova 47 com.liferay.portal:release.portal.bom 46 craftcms/cms 46 django 44 nokogiri 43 rdiffweb 42 plone 41 shopware/core 40 showdoc/showdoc 40 intelliants/subrion 39 org.apache.tomcat.embed:tomcat-embed-core 38 github.com/rancher/rancher 38 froxlor/froxlor 38 vyper 38 github.com/hashicorp/vault 37 com.thoughtworks.xstream:xstream 37 org.xwiki.platform:xwiki-platform-oldcore 37 nilsteampassnet/teampass 37 mautic/core 37 github.com/mattermost/mattermost-server/v6 37 org.keycloak:keycloak-services 37 k8s.io/kubernetes 36 com.jfinal:jfinal 36 org.elasticsearch:elasticsearch 36 matrix-synapse 35 moin 35 snipe/snipe-it 35 net.mingsoft:ms-mcms 35 zendframework/zendframework1 34 gradio 34 github.com/answerdev/answer 34 io.undertow:undertow-core 34 org.jenkins-ci.plugins:script-security 33 keystone 32 Pillow 31 opencv-python 31 parse-server 31 opencv-contrib-python 31 github.com/argoproj/argo-cd 31 shopware/shopware 30 github.com/hashicorp/consul 29 github.com/docker/docker 29 getgrav/grav 29 github.com/hashicorp/nomad 28 mediawiki/core 28 github.com/argoproj/argo-cd/v2 27 centreon/centreon 27 openssl-src 26 prestashop/prestashop 26 pillow 26 github.com/cilium/cilium 26 electron 26 directus 26 rubygems-update 25 org.keycloak:keycloak-parent 25 org.apache.solr:solr-core 25 gogs.io/gogs 25 magento/core 24 simplesamlphp/simplesamlphp 24 org.eclipse.jetty:jetty-server 24 org.springframework.security:spring-security-core 24 contao/core-bundle 24 zendframework/zendframework 23 rack 23 puppet 23 pocketmine/pocketmine-mp 23 remdex/livehelperchat 23 grumpydictator/firefly-iii 23 tribalsystems/zenario 22 ckb 22 getkirby/cms 22 org.bouncycastle:bcprov-jdk14 22 org.apache.nifi:nifi 21 Microsoft.AspNetCore.App.Runtime.win-x64 21 activerecord 21 org.apache.openmeetings:openmeetings-parent 21 Microsoft.AspNetCore.App.Runtime.win-x86 21 glance 21 @openzeppelin/contracts-upgradeable 21 Microsoft.AspNetCore.App.Runtime.win-arm 20 laravel/framework 20 org.cloudfoundry.identity:cloudfoundry-identity-server 20 langchain 20 funadmin/funadmin 20 code.gitea.io/gitea 20 github.com/ethereum/go-ethereum 20 org.springframework:spring-core 20 @openzeppelin/contracts 20 contao/contao 19 DotNetNuke.Core 19 org.xwiki.platform:xwiki-platform-web-templates 19 github.com/goharbor/harbor 19 wasmtime 19 github.com/traefik/traefik/v2 19 Microsoft.AspNetCore.App.Runtime.linux-arm64 18 cobbler 18 com.liferay.portal:release.dxp.bom 18 mercurial 18 Microsoft.AspNetCore.App.Runtime.linux-musl-x64 18 mindsdb 18 forkcms/forkcms 18 topthink/framework 18 Microsoft.AspNetCore.App.Runtime.linux-x64 18 Microsoft.AspNetCore.App.Runtime.osx-x64 18 cockpit-hq/cockpit 18 golang.org/x/net 18 next 18 Microsoft.AspNetCore.App.Runtime.linux-arm 18 Microsoft.AspNetCore.App.Runtime.win-arm64 18 com.vaadin:vaadin-bom 18 cakephp/cakephp 17 neutron 17 symfony/security 17 genix/cms 17 Microsoft.AspNetCore.App.Runtime.linux-musl-arm64 17 notebook 17 org.apache.geode:geode-core 17 francoisjacquet/rosariosis 17 opencart/opencart 17 ezsystems/ezpublish-kernel 17 helm.sh/helm/v3 17 paddlepaddle 16 yetiforce/yetiforce-crm 16 org.apache.dubbo:dubbo 16 github.com/zitadel/zitadel 16 rusqlite 16 org.bouncycastle:bcprov-jdk15 16 PaddlePaddle 16 typo3/cms-backend 16 sequelize 16 org.apache.jspwiki:jspwiki-main 16 cryptography 16 tinymce 16 openmage/magento-lts 16 symfony/security-http 16 org.apache.activemq:activemq-client 16 ethyca-fides 16 pyload-ng 16 phpbb/phpbb 16 calibreweb 15 october/system 15 surrealdb 15 ec-cube/ec-cube 15 org.apache.struts.xwork:xwork-core 15 OctoPrint 15 smarty/smarty 15 ckeditor4 15 ghost 15 phpmailer/phpmailer 14 joplin 14 activesupport 14 modoboa 14 camaleon_cms 14 rails-html-sanitizer 14 pyftpdlib 14 feehi/cms 14 github.com/nats-io/nats-server/v2 14 silverstripe/cms 14 aiohttp 14 publify_core 14 org.apache.tomcat:tomcat-coyote 14 github.com/containerd/containerd 14 org.xwiki.platform:xwiki-platform-web 14
Filter by Repository
https://github.com/tensorflow/tensorflow 433 https://github.com/moodle/moodle 218 https://github.com/chakra-core/ChakraCore 214 https://github.com/xwiki/xwiki-platform 183 https://github.com/jenkinsci/jenkins 150 https://github.com/pimcore/pimcore 113 https://github.com/django/django 113 https://github.com/apache/tomcat 101 https://github.com/apache/airflow 100 https://github.com/microweber/microweber 88 https://github.com/keycloak/keycloak 79 https://github.com/TYPO3/typo3 74 https://github.com/FasterXML/jackson-databind 70 https://github.com/thorsten/phpmyfaq 69 https://github.com/symfony/symfony 66 https://github.com/librenms/librenms 66 https://github.com/silverstripe/silverstripe-framework 64 https://github.com/usememos/memos 64 https://github.com/rails/rails 59 https://github.com/ansible/ansible 58 https://github.com/Dolibarr/dolibarr 56 https://github.com/kubernetes/kubernetes 53 https://github.com/python-pillow/Pillow 52 https://github.com/spring-projects/spring-framework 46 https://github.com/apache/struts 46 https://github.com/shopware/platform 43 https://github.com/argoproj/argo-cd 42 https://github.com/ikus060/rdiffweb 42 https://github.com/concretecms/concretecms 41 https://github.com/grafana/grafana 41 https://github.com/magento/magento2 38 https://github.com/star7th/showdoc 38 https://github.com/phpmyadmin/phpmyadmin 38 https://github.com/vyperlang/vyper 38 https://github.com/plone/Products.CMFPlone 37 https://github.com/openstack/nova 37 https://github.com/x-stream/xstream 37 https://github.com/mautic/mautic 35 https://github.com/octobercms/october 35 https://github.com/saltstack/salt 34 https://github.com/craftcms/cms 34 https://github.com/answerdev/answer 34 https://github.com/rancher/rancher 34 https://github.com/apache/activemq 33 https://github.com/dotnet/runtime 33 https://github.com/go-gitea/gitea 32 https://github.com/sparklemotion/nokogiri 32 https://github.com/matrix-org/synapse 32 https://github.com/opencv/opencv 32 https://github.com/parse-community/parse-server 31 https://github.com/PaddlePaddle/Paddle 31 https://github.com/mlflow/mlflow 31 https://github.com/gradio-app/gradio 31 https://github.com/snipe/snipe-it 30 https://github.com/shopware/shopware 28 https://github.com/CVEProject/cvelist 28 https://github.com/openstack/keystone 28 https://github.com/apache/inlong 27 https://github.com/froxlor/froxlor 26 https://github.com/baserproject/basercms 26 https://github.com/cilium/cilium 26 https://github.com/github/advisory-database 25 https://github.com/contao/contao 25 https://github.com/directus/directus 25 https://github.com/electron/electron 25 https://github.com/umbraco/Umbraco-CMS 25 https://github.com/strapi/strapi 24 https://github.com/getgrav/grav 24 https://github.com/gogs/gogs 24 https://github.com/TYPO3/TYPO3.CMS 24 https://github.com/livehelperchat/livehelperchat 23 https://github.com/firefly-iii/firefly-iii 23 https://github.com/eclipse/jetty.project 23 https://github.com/apache/nifi 23 https://github.com/pmmp/PocketMine-MP 23 https://github.com/langchain-ai/langchain 22 https://github.com/PrestaShop/PrestaShop 22 https://github.com/netty/netty 22 https://github.com/nervosnetwork/ckb 22 https://github.com/hashicorp/consul 22 https://github.com/jenkinsci/script-security-plugin 21 https://github.com/simplesamlphp/simplesamlphp 21 https://github.com/apache/cxf 21 https://github.com/bytecodealliance/wasmtime 20 https://github.com/funadmin/funadmin 20 https://github.com/jeecgboot/jeecg-boot 20 https://github.com/undertow-io/undertow 20 https://github.com/OpenNMS/opennms 20 https://github.com/OpenZeppelin/openzeppelin-contracts 20 https://github.com/bcgit/bc-java 19 https://github.com/cloudfoundry/uaa 19 https://github.com/nilsteampassnet/teampass 19 https://github.com/moby/moby 19 https://github.com/traefik/traefik 19 https://github.com/goharbor/harbor 19 https://github.com/getkirby/kirby 19 https://github.com/zitadel/zitadel 19 https://github.com/nilsteampassnet/TeamPass 18 https://github.com/geoserver/geoserver 18 https://github.com/rack/rack 18 https://github.com/helm/helm 18 https://github.com/intelliants/subrion 18 https://github.com/rubygems/rubygems 18 https://github.com/opencast/opencast 17 https://github.com/vaadin/platform 17 https://github.com/backstage/backstage 17 https://github.com/liufee/cms 17 https://github.com/hashicorp/vault 17 https://github.com/mindsdb/mindsdb 17 https://github.com/denoland/deno 16 https://github.com/tinymce/tinymce 16 https://github.com/etcd-io/etcd 16 https://github.com/ethereum/go-ethereum 16 https://github.com/sequelize/sequelize 16 https://github.com/forkcms/forkcms 16 https://github.com/OpenMage/magento-lts 16 https://github.com/pyload/pyload 16 https://github.com/TYPO3-CMS/core 16 https://github.com/mattermost/mattermost 16 https://github.com/laravel/framework 16 https://github.com/ethyca/fides 16 https://github.com/rusqlite/rusqlite 16 https://github.com/yetiforcecompany/yetiforcecrm 16 https://github.com/centreon/centreon 15 https://github.com/cobbler/cobbler 15 https://github.com/PHPMailer/PHPMailer 15 https://github.com/zendframework/zendframework 15 https://github.com/dompdf/dompdf 15 https://github.com/decidim/decidim 15 https://github.com/vantage6/vantage6 15 https://github.com/pyca/cryptography 15 https://github.com/surrealdb/surrealdb 15 https://github.com/puppetlabs/puppet 15 https://github.com/apache/camel 15 https://github.com/janeczku/calibre-web 14 https://github.com/hashicorp/nomad 14 https://github.com/twisted/twisted 14 https://github.com/vercel/next.js 14 https://github.com/aio-libs/aiohttp 14 https://github.com/dotnet/aspnetcore 14 https://github.com/containerd/containerd 14 https://github.com/rails/rails-html-sanitizer 14 https://github.com/cockpit-hq/cockpit 14 https://github.com/ckeditor/ckeditor4 14 https://github.com/xuxueli/xxl-job 14 https://github.com/TryGhost/Ghost 13 https://github.com/nodejs/undici 13 https://github.com/publify/publify 13 https://github.com/ming-soft/MCMS 13 https://github.com/apache/dolphinscheduler 13 https://github.com/modoboa/modoboa 13 https://github.com/swagger-api/swagger-ui 13 https://github.com/OPCFoundation/UA-.NETStandard 13 https://github.com/golang/go 13 https://github.com/laurent22/joplin 13 https://github.com/quarkusio/quarkus 13 https://github.com/dromara/hutool 13 https://github.com/OpenRefine/OpenRefine 13 https://github.com/patriksimek/vm2 12 https://github.com/wagtail/wagtail 12 https://github.com/centreon/centreon-archived 12 https://github.com/urllib3/urllib3 12 https://github.com/smarty-php/smarty 12 https://github.com/apache/kylin 12 https://github.com/pimcore/admin-ui-classic-bundle 12 https://github.com/containers/podman 12 https://github.com/PHPOffice/PhpSpreadsheet 12 https://github.com/puma/puma 12 https://github.com/openfga/openfga 12 https://github.com/opencontainers/runc 12 https://github.com/1Panel-dev/1Panel 12 https://github.com/openstack/glance 12 https://github.com/ezsystems/ezpublish-kernel 11 https://github.com/WWBN/AVideo 11 https://github.com/matrix-org/matrix-js-sdk 11 https://github.com/top-think/framework 11 https://github.com/thorsten/phpMyFAQ 11 https://github.com/NodeBB/NodeBB 11 https://github.com/cri-o/cri-o 11 https://github.com/dolibarr/dolibarr 11 https://github.com/Studio-42/elFinder 11 https://github.com/igniterealtime/Openfire 11 https://github.com/yiisoft/yii2 11 https://github.com/spring-projects/spring-security 11 https://github.com/Pylons/waitress 11 https://github.com/nats-io/nats-server 11 https://github.com/scrapy/scrapy 11 https://github.com/cloudflare/cfrpki 11 https://github.com/drupal/core 11 https://github.com/vaadin/flow 11 https://github.com/zenml-io/zenml 11 https://github.com/owen2345/camaleon-cms 11 https://github.com/onionshare/onionshare 11 https://github.com/Sylius/Sylius 11 https://github.com/cakephp/cakephp 11 https://github.com/getsentry/sentry 11 https://github.com/dpgaspar/Flask-AppBuilder 11 https://github.com/pomerium/pomerium 11 https://github.com/jenkinsci/git-plugin 10