Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories

Browse all Security Advisories for

Loading...
Moderate
GSA_kwCzR0hTQS1qY2h3LTI1eHAtand3Y84AA4JD
Follow Redirects improperly handles URLs in the url.parse() function
Ecosystems: npm
Packages: follow-redirects
Source: GitHub Advisory Database
Blast Radius: 38.5
Published: 11 months ago
High
GSA_kwCzR0hTQS12N2hnLTc3djktMjQ0Nc4AA4HT
Apache DolphinScheduler: Arbitrary js execute as root for authenticated users
Ecosystems: maven
Packages: org.apache.dolphinscheduler:dolphinscheduler-master
Source: GitHub Advisory Database
Blast Radius: 15.8
Published: 11 months ago
High
GSA_kwCzR0hTQS0zdnZoLThjNjUtMzJqNM4AA4HN
Mingsoft MCMS SQL injection
Ecosystems: maven
Packages: net.mingsoft:ms-mcms
Source: GitHub Advisory Database
Blast Radius: 2.6
Published: 11 months ago
Moderate
GSA_kwCzR0hTQS1yY3ZyLTh3aHgtM201cM4AA4HM
Layui cross-site scripting (XSS) vulnerability
Ecosystems: npm
Packages: layui
Source: GitHub Advisory Database
Blast Radius: 8.3
Published: 11 months ago
Critical
GSA_kwCzR0hTQS00OWpwLWNnaGMtcDVwas4AA4HF
JeecgBoot server-side template injection
Ecosystems: maven
Packages: org.jeecgframework.boot:jeecg-boot-common
Source: GitHub Advisory Database
Blast Radius: 18.6
Published: 11 months ago
Critical
GSA_kwCzR0hTQS1mcjI5LXc2ajQtNTI1Zs4AA4HB
Jeecg Boot SQL Injection
Ecosystems: maven
Packages: org.jeecgframework.boot:jeecg-boot-common
Source: GitHub Advisory Database
Blast Radius: 20.1
Published: 11 months ago
Critical
GSA_kwCzR0hTQS01djlyLTc4OGMtd2M4cM4AA4G-
Jeecg Boot SQL injection vulnerability
Ecosystems: maven
Packages: org.jeecgframework.boot:jeecg-boot-common
Source: GitHub Advisory Database
Blast Radius: 20.1
Published: 11 months ago
High
GSA_kwCzR0hTQS1maHI3LThqeDQtcjljcM4AA4G4
Infinispan REST Server's bulk read endpoints do not properly evaluate user permissions
Ecosystems: maven
Packages: org.infinispan:infinispan-server-rest
Source: GitHub Advisory Database
Blast Radius: 10.3
Published: 11 months ago
High
GSA_kwCzR0hTQS1yNHcyLWhqbXItMzZtN84AA4G2
Infinispan REST Server's cache retrieval endpoints do not properly evaluate the necessary admin permissions
Ecosystems: maven
Packages: org.infinispan:infinispan-server-rest
Source: GitHub Advisory Database
Blast Radius: 10.3
Published: 11 months ago
High
GSA_kwCzR0hTQS1md3ZnLTI3MzktMjJ2N84AA4Gz
Miniflare vulnerable to Server-Side Request Forgery (SSRF)
Ecosystems: npm
Packages: miniflare
Source: GitHub Advisory Database
Blast Radius: 25.8
Published: 11 months ago
High
GSA_kwCzR0hTQS1mZ3djLTNqNnctY2gyMs4AA4Gu
easy-rules-mvel vulnerable to remote code execution
Ecosystems: maven
Packages: org.jeasy:easy-rules-mvel
Source: GitHub Advisory Database
Blast Radius: 16.9
Published: 11 months ago
Moderate
GSA_kwCzR0hTQS0yMjY4LTk4d2gtcWZoZs4AA4GU
JLine vulnerable to out of memory error
Ecosystems: maven
Packages: org.jline:jline-parent
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 11 months ago
Low
GSA_kwCzR0hTQS1oM2dxLWo3cDkteDNwNM4AA4Gf
Mattermost Cross-site Scripting vulnerability
Ecosystems: go
Packages: github.com/mattermost/mattermost/server/v8
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 11 months ago
Moderate
GSA_kwCzR0hTQS01ZnBxLTNjOXAtM3Izd84AA4E3
ShifuML shifu code injection vulnerability
Ecosystems: maven
Packages: ml.shifu:shifu
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 11 months ago
Low
GSA_kwCzR0hTQS00M3c0LTRqM2MtangyOc4AA4EN
Winter CMS Stored XSS through Backend ColorPicker FormWidget
Ecosystems: packagist
Packages: winter/wn-backend-module
Source: GitHub Advisory Database
Blast Radius: 2.7
Published: 11 months ago
Low
GSA_kwCzR0hTQS00d3Z3LTc1cWgtZnFqcM4AA4EM
Winter CMS Stored XSS through privileged upload of Media Manager file followed by renaming
Ecosystems: packagist
Packages: winter/wn-system-module
Source: GitHub Advisory Database
Blast Radius: 2.7
Published: 11 months ago
High
GSA_kwCzR0hTQS00ODhtLXc5ZnAtNW1tMs4AA4ED
Infinispan circular object references causes out of memory errors
Ecosystems: maven
Packages: org.infinispan.protostream:protostream
Source: GitHub Advisory Database
Blast Radius: 16.1
Published: 11 months ago
Moderate
GSA_kwCzR0hTQS1qcHZ3LXA4cHItOWcyeM4AA4D9
Ansible symlink attack vulnerability
Ecosystems: pypi
Packages: ansible
Source: GitHub Advisory Database
Blast Radius: 26.3
Published: 11 months ago
Moderate
GSA_kwCzR0hTQS13cG14LTU2NHgtaDJtaM4AA4D8
ewen-lbh/ffcss Late-Unicode normalization vulnerability
Ecosystems: go
Packages: github.com/ewen-lbh/ffcss
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 11 months ago
High
GSA_kwCzR0hTQS03aHBqLTdoaHgtMmZneM4AA4D7
msgpackr's conversion of property names to strings can trigger infinite recursion
Ecosystems: npm
Packages: msgpackr
Source: GitHub Advisory Database
Blast Radius: 40.0
Published: 11 months ago
Moderate
GSA_kwCzR0hTQS14aHZ2LTNqd3ctYzQ4N84AA4D6
ActiveAdmin CSV Injection leading to sensitive information disclosure
Ecosystems: rubygems
Packages: activeadmin
Source: GitHub Advisory Database
Blast Radius: 21.9
Published: 11 months ago
Moderate
GSA_kwCzR0hTQS1nZzU3LTU4N2YtaDV2Ns4AA429
Infinispan caches credentials in clear text
Ecosystems: maven
Packages: org.infinispan:infinispan-cachestore-jdbc, org.infinispan:infinispan-cachestore-sql, org.infinispan:infinispan-cachestore-remote, org.infinispan:infinispan-cachestore-jdbc-common, org.infinispan:infinispan-client-hotrod, org.infinispan:infinispan-hotrod, org.infinispan:infinispan-commons, org.infinispan:infinispan-core
Source: GitHub Advisory Database
Blast Radius: 9.7
Published: 11 months ago
Moderate
GSA_kwCzR0hTQS1jdzJyLTRwODItcXY3Oc4AA4Dz
DoS with algorithms that use PBKDF2 due to unbounded PBES2 Count value
Ecosystems: pypi
Packages: jwcrypto
Source: GitHub Advisory Database
Blast Radius: 17.5
Published: 11 months ago
High
GSA_kwCzR0hTQS1tNWhmLW0zcjIteHE1M84AA4C9
hutool-core was discovered to contain a stack overflow via NumberUtil.toBigDecimal method
Ecosystems: maven
Packages: cn.hutool:hutool-core
Source: GitHub Advisory Database
Blast Radius: 23.6
Published: 11 months ago
Critical
GSA_kwCzR0hTQS14aGd4LTc5NzQtYzh2Ns4AA4C7
hyavijava stack overflow vulnerability
Ecosystems: maven
Packages: com.github:hyavijava
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 11 months ago
Moderate
GSA_kwCzR0hTQS1oNjNqLXhxeDYtdzU4cs4AA4C8
mvel2 TimeOut error exists in the ParseTools.subCompileExpression method
Ecosystems: maven
Packages: org.mvel:mvel2
Source: GitHub Advisory Database
Blast Radius: 18.3
Published: 11 months ago
High
GSA_kwCzR0hTQS03bTdoLXJndnAtM3Y0cs4AA4C6
hutool-core discovered to contain an infinite loop in the StrSplitter.splitByRegex function
Ecosystems: maven
Packages: cn.hutool:hutool-core
Source: GitHub Advisory Database
Blast Radius: 23.6
Published: 11 months ago
Moderate
GSA_kwCzR0hTQS1wZmgyLWhmbXEtcGhnNc4AA4C3
json-path Out-of-bounds Write vulnerability
Ecosystems: maven
Packages: com.jayway.jsonpath:json-path
Source: GitHub Advisory Database
Blast Radius: 24.2
Published: 11 months ago
High
GSA_kwCzR0hTQS1tdzk5LTljaGMteHc3cs4AA4Cr
Maliciously crafted Git server replies can cause DoS on go-git clients
Ecosystems: go
Packages: gopkg.in/src-d/go-git.v4, github.com/go-git/go-git/v5
Source: GitHub Advisory Database
Blast Radius: 31.0
Published: 11 months ago
Moderate
GSA_kwCzR0hTQS02NzJoLTZ4ODktNzZtNc4AA4Cj
Open redirect vulnerability in Flask-Security-Too
Ecosystems: pypi
Packages: Flask-Security-Too
Source: GitHub Advisory Database
Blast Radius: 11.0
Published: 11 months ago
Moderate
GSA_kwCzR0hTQS04d2p4LXAyZjgtNXJqcM4AA4Bj
OpenCRX Cross-site Scripting vulnerability
Ecosystems: maven
Packages: org.opencrx:opencrx-core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 11 months ago
Moderate
GSA_kwCzR0hTQS1xcDQyLTVwajctNGNjbc4AA4Bf
Concrete CMS Cross Site Request Forgery (CSRF)
Ecosystems: packagist
Packages: concrete5/concrete5
Source: GitHub Advisory Database
Blast Radius: 3.6
Published: 11 months ago
Moderate
GSA_kwCzR0hTQS1qcGZwLXhxM3AtNGgzcs4AA4Am
Deis Workflow Manager race condition vulnerability
Ecosystems: go
Packages: github.com/deis/workflow-manager
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 11 months ago
Low
GSA_kwCzR0hTQS12ZjVtLXhyaG0tdjk5Oc4AA4AF
Nautobot missing object-level permissions enforcement when running Job Buttons
Ecosystems: pypi
Packages: nautobot
Source: GitHub Advisory Database
Blast Radius: 5.9
Published: 12 months ago
Moderate
GSA_kwCzR0hTQS1od2NjLTRjdjgtY2YzaM4AA4AE
Snowflake Connector .NET does not properly check the Certificate Revocation List (CRL)
Ecosystems: nuget
Packages: Snowflake.Data
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 12 months ago
Moderate
GSA_kwCzR0hTQS1yZnEzLXdwamgtcHB2Z84AA4Ac
WSO2 Registry Stored Cross Site Scripting (XSS) vulnerability
Ecosystems: maven
Packages: org.wso2.carbon.registry:carbon-registry
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 12 months ago
High
GSA_kwCzR0hTQS1qY3JyLXJyNnctOGM4M84AA3_v
free5GC AMF denial of service vulnerability
Ecosystems: go
Packages: github.com/free5gc/amf
Source: GitHub Advisory Database
Blast Radius: 7.2
Published: 12 months ago
High
GSA_kwCzR0hTQS03YzQ0LTdqN3YtdzU1NM4AA3_x
Buildkite Elastic CI for AWS symbolic link following vulnerability
Ecosystems: go
Packages: github.com/buildkite/elastic-ci-stack-for-aws/v6
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 12 months ago
High
GSA_kwCzR0hTQS1yNWhnLTM0OXEtbWcycc4AA3_u
Buildkite Elastic CI for AWS time-of-check-time-of-use race condition vulnerability
Ecosystems: go
Packages: github.com/buildkite/elastic-ci-stack-for-aws/v6
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 12 months ago
Moderate
GSA_kwCzR0hTQS01NTd2LXhjZzYtcm01bc4AA3_F
Potential URI resolution path traversal in the AWS SDK for PHP
Ecosystems: packagist
Packages: aws/aws-sdk-php
Source: GitHub Advisory Database
Blast Radius: 26.6
Published: 12 months ago
High
GSA_kwCzR0hTQS02Z2dyLWN3djQtZzdxZ84AA3_E
Remotely exploitable denial of service in Rosenpass
Ecosystems: cargo
Packages: rosenpass
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 12 months ago
Low
GSA_kwCzR0hTQS1xNXEzLXFtMjYtOWp3bc4AA3-T
Authenticated Blind SSRF in automad/automad
Ecosystems: packagist
Packages: automad/automad
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 12 months ago
Moderate
GSA_kwCzR0hTQS00ajh3LXA2aHYtM3F4Y84AA3-Y
Cross-Site Request Forgery (CSRF) in automad/automad
Ecosystems: packagist
Packages: automad/automad
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 12 months ago
High
GSA_kwCzR0hTQS1tcHdxLWozeGYtN201d84AA39_
The redirect_uri validation logic allows for bypassing explicitly allowed hosts that would otherwise be restricted
Ecosystems: maven
Packages: org.keycloak:keycloak-services
Source: GitHub Advisory Database
Blast Radius: 19.5
Published: 12 months ago
High
GSA_kwCzR0hTQS02cW0yLXdweHEtN3FoMs4AA39-
Gradio makes the `/file` secure against file traversal and server-side request forgery attacks
Ecosystems: pypi
Packages: gradio
Source: GitHub Advisory Database
Blast Radius: 35.0
Published: 12 months ago
Moderate
GSA_kwCzR0hTQS1yMjRmLWhnNTgtdmZyd84AA399
unsafe-libyaml unaligned write of u64 on 32-bit and 16-bit platforms
Ecosystems: cargo
Packages: unsafe-libyaml
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 12 months ago
Moderate
GSA_kwCzR0hTQS1wcWo1LTM3eGYteDVnY84AA39f
blinksocks has weak encryption algorithms
Ecosystems: npm
Packages: blinksocks
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 12 months ago
High
GSA_kwCzR0hTQS1mMjNoLTUyaGotOTlwNs4AA39b
Apache IoTDB: Unsafe deserialize map in Sync Tool
Ecosystems: maven
Packages: org.apache.iotdb:iotdb-parent
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 12 months ago
Moderate
GSA_kwCzR0hTQS02bTlyLTd3cngteG1yNs4AA39d
Apache Airflow Cross-Site Request Forgery vulnerability
Ecosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Blast Radius: 20.7
Published: 12 months ago
Critical
GSA_kwCzR0hTQS1qajkzLTM5cGYtN21jZs4AA39a
bsock uses weak hashing algorithms
Ecosystems: npm
Packages: bsock
Source: GitHub Advisory Database
Blast Radius: 20.4
Published: 12 months ago
Moderate
GSA_kwCzR0hTQS01OTM4LTc5aGcteGgzcc4AA39c
Apache Airflow Improper Access Control vulnerability
Ecosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Blast Radius: 20.7
Published: 12 months ago
Moderate
GSA_kwCzR0hTQS1weGNoLXdyN20tcnd4as4AA39U
Apache Airflow has a stored cross-site scripting vulnerability
Ecosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Blast Radius: 17.2
Published: 12 months ago
Moderate
GSA_kwCzR0hTQS04ZjU3LXdjbWctNGptaM4AA39V
Apache Airflow vulnerable to Exposure of Resource to Wrong Sphere
Ecosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Blast Radius: 13.7
Published: 12 months ago
Moderate
GSA_kwCzR0hTQS0zcGp2LXI3dzQtMmNmNc4AA38i
Grails data binding causes JVM crash and/or other denial of service
Ecosystems: maven
Packages: org.grails:grails-databinding
Source: GitHub Advisory Database
Blast Radius: 5.1
Published: 12 months ago
Moderate
GSA_kwCzR0hTQS1taHBxLTk2MzgteDZwd84AA38h
Denial of service when decrypting attack controlled input in github.com/dvsekhvalnov/jose2go
Ecosystems: go
Packages: github.com/dvsekhvalnov/jose2go
Source: GitHub Advisory Database
Blast Radius: 18.7
Published: 12 months ago
High
GSA_kwCzR0hTQS12NjhnLXdtOGMtNng3as4AA38Z
transformers has a Deserialization of Untrusted Data vulnerability
Ecosystems: pypi
Packages: transformers
Source: GitHub Advisory Database
Blast Radius: 35.1
Published: 12 months ago
High
GSA_kwCzR0hTQS04N2ZnLTl4NXctajNybc4AA371
MainWP Dashboard SQL Command Injection vulnerability
Ecosystems: packagist
Packages: mainwp/mainwp
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 12 months ago
High
GSA_kwCzR0hTQS04M3E1LXdocXAtcjhqcs4AA37j
Apache Pulsar WebSocket Proxy contains an Improper Authentication vulnerability
Ecosystems: maven
Packages: org.apache.pulsar:pulsar-websocket
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 12 months ago
Critical
GSA_kwCzR0hTQS1oaDhwLXA4bXAtZ3Fobc4AA37i
MLFlow Path Traversal Vulnerability
Ecosystems: pypi
Packages: mlflow
Source: GitHub Advisory Database
Blast Radius: 36.3
Published: 12 months ago
High
GSA_kwCzR0hTQS1xZzhwLTMyZ3ItZ2g2eM4AA37h
MLflow Local File Disclosure Vulnerability
Ecosystems: pypi
Packages: mlflow
Source: GitHub Advisory Database
Blast Radius: 27.8
Published: 12 months ago
High
GSA_kwCzR0hTQS01cjNxLTkzcTMtZjk3OM4AA37c
MLflow Path Traversal Vulnerability
Ecosystems: pypi
Packages: mlflow
Source: GitHub Advisory Database
Blast Radius: 27.8
Published: 12 months ago
High
GSA_kwCzR0hTQS13djhxLTRmODUtMnA4cM4AA37f
MLflow Path Traversal Vulnerability
Ecosystems: pypi
Packages: mlflow
Source: GitHub Advisory Database
Blast Radius: 32.6
Published: 12 months ago
Critical
GSA_kwCzR0hTQS01OXYzLTg5OHItcXdoas4AA37g
MLflow Server-Side Request Forgery (SSRF)
Ecosystems: pypi
Packages: mlflow
Source: GitHub Advisory Database
Blast Radius: 36.3
Published: 12 months ago
High
GSA_kwCzR0hTQS13cTU5LTRxNnItNjM1cs4AA360
Authentication bypass vulnerability in navidrome's subsonic endpoint
Ecosystems: go
Packages: github.com/navidrome/navidrome
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 12 months ago
High
GSA_kwCzR0hTQS05d2dnLW05OXEtaGhmY84AA36z
Expired tokens can be renewed without validating the account password
Ecosystems: pypi
Packages: emailproxy
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 12 months ago
High
GSA_kwCzR0hTQS1wNWY4LXFmMjQtMjRjas4AA36y
Velocity execution without script right through tree macro
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-index-tree-macro
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 12 months ago
Moderate
GSA_kwCzR0hTQS03d3c1LTR3cWMtbTkyY84AA36e
containerd allows RAPL to be accessible to a container
Ecosystems: go
Packages: github.com/containerd/containerd
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 12 months ago
Critical
GSA_kwCzR0hTQS0zODYzLTI0NDctNjY5cM4AA35m
transformers has a Deserialization of Untrusted Data vulnerability
Ecosystems: pypi
Packages: transformers
Source: GitHub Advisory Database
Blast Radius: 40.5
Published: 12 months ago
Critical
GSA_kwCzR0hTQS1qeDZxLWZxOWgtNmc3cc4AA35v
Pedroetb TTS-API OS Command Injection
Ecosystems: npm
Packages: tts-api
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 12 months ago
Moderate
GSA_kwCzR0hTQS02N2d2LXhydzctcDcyd84AA35i
Phpsysinfo Cross Site Request Forgery (CSRF) vulnerability
Ecosystems: packagist
Packages: phpsysinfo/phpsysinfo
Source: GitHub Advisory Database
Blast Radius: 6.2
Published: 12 months ago
Moderate
GSA_kwCzR0hTQS1qZnhqLXhmNjcteDcyM84AA35f
Apache Superset SQL injection vulnerability
Ecosystems: pypi
Packages: apache-superset
Source: GitHub Advisory Database
Blast Radius: 8.7
Published: 12 months ago
Moderate
GSA_kwCzR0hTQS05NW1nLWpnZngtNTR2Oc4AA35k
Apache Superset uncontrolled resource consumption
Ecosystems: pypi
Packages: apache-superset
Source: GitHub Advisory Database
Blast Radius: 8.7
Published: 12 months ago
High
GSA_kwCzR0hTQS1nNDlqLWo0ODktM3hwZs4AA35g
Apache Superset incorrect write permissions vulnerability
Ecosystems: pypi
Packages: apache-superset
Source: GitHub Advisory Database
Blast Radius: 10.3
Published: 12 months ago
High
GSA_kwCzR0hTQS1odmM2LTQydmYtamhmOM4AA35I
mlflow Command Injection vulnerability
Ecosystems: pypi
Packages: mlflow
Source: GitHub Advisory Database
Blast Radius: 32.6
Published: 12 months ago
Moderate
GSA_kwCzR0hTQS02MjVwLWp3Y3AtcjJyNc4AA35N
Corveda PHPSandbox Protection Mechanism Failure vulnerability
Ecosystems: packagist
Packages: corveda/phpsandbox
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 12 months ago
Moderate
GSA_kwCzR0hTQS0zcDc1LXE1Y2MtcW1qN84AA34_
Keycloak Open Redirect vulnerability
Ecosystems: maven
Packages: org.keycloak:keycloak-parent
Source: GitHub Advisory Database
Blast Radius: 7.4
Published: 12 months ago
High
GSA_kwCzR0hTQS1nNTZ4LTdqNnctZzhyOM4AA34j
Grackle has StackOverflowError in GraphQL query processing
Ecosystems: maven
Packages: edu.gemini:gsp-graphql-core_native0.4_3, edu.gemini:gsp-graphql-core_native0.4_2.13, edu.gemini:gsp-graphql-core_sjs1_3, edu.gemini:gsp-graphql-core_sjs1_2.13, edu.gemini:gsp-graphql-core_3, edu.gemini:gsp-graphql-core_2.13, org.typelevel:grackle-core_native0.4_3, org.typelevel:grackle-core_native0.4_2.13, org.typelevel:grackle-core_sjs1_3, org.typelevel:grackle-core_sjs1_2.13, org.typelevel:grackle-core_3, org.typelevel:grackle-core_2.13
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 12 months ago
Low
GSA_kwCzR0hTQS13OHZoLXA3NGoteDl4cM4AA34Q
yii2-authclient vulnerable to possible timing attack on string comparison in OAuth1, OAuth2 and OpenID Connect implementation
Ecosystems: packagist
Packages: yiisoft/yii2-authclient
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 12 months ago
High
GSA_kwCzR0hTQS14M3YzLTh4ZzgtOHY3Ms4AA34P
Sentry's Astro SDK vulnerable to ReDoS
Ecosystems: npm
Packages: @sentry/astro
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 12 months ago
Moderate
GSA_kwCzR0hTQS1ydzU0LTY4MjYtYzhqNc4AA34O
yiisoft/yii2-authclient's Oauth2 PKCE implementation is vulnerable
Ecosystems: packagist
Packages: yiisoft/yii2-authclient
Source: GitHub Advisory Database
Blast Radius: 21.3
Published: 12 months ago
Moderate
GSA_kwCzR0hTQS1yOHh4LTh2bTgteDZ3as4AA34N
Resque vulnerable to Reflected Cross Site Scripting through pathnames
Ecosystems: rubygems
Packages: resque
Source: GitHub Advisory Database
Blast Radius: 24.6
Published: 12 months ago
Moderate
GSA_kwCzR0hTQS1nYzNqLXZ2d2YtNHJwOM4AA34M
Resque vulnerable to reflected XSS in resque-web failed and queues lists
Ecosystems: rubygems
Packages: resque
Source: GitHub Advisory Database
Blast Radius: 24.6
Published: 12 months ago
Moderate
GSA_kwCzR0hTQS1yOW1xLW03MngtMjU3Z84AA34L
Resque vulnerable to reflected XSS in Queue Endpoint
Ecosystems: rubygems
Packages: resque
Source: GitHub Advisory Database
Blast Radius: 24.6
Published: 12 months ago
Moderate
GSA_kwCzR0hTQS00aDcyLTM0ajYtajh4N84AA34K
Maloja error page XSS vulnerability
Ecosystems: pypi
Packages: malojaserver
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 12 months ago
Moderate
GSA_kwCzR0hTQS1jdmcyLTdjM2otZzM2as4AA34J
Keycloak vulnerable to reflected XSS via wildcard in OIDC redirect_uri
Ecosystems: maven
Packages: org.keycloak:keycloak-services
Source: GitHub Advisory Database
Blast Radius: 12.6
Published: 12 months ago
Moderate
GSA_kwCzR0hTQS05aG1xLWZtMzMteDR4eM4AA34I
Resque Scheduler Reflected XSS In Delayed Jobs View
Ecosystems: rubygems
Packages: resque-scheduler
Source: GitHub Advisory Database
Blast Radius: 21.7
Published: 12 months ago
Moderate
GSA_kwCzR0hTQS00NXg3LXB4MzYteDh3OM4AA34H
Prefix Truncation Attack against ChaCha20-Poly1305 and Encrypt-then-MAC aka Terrapin
Ecosystems: pypi, go, cargo
Packages: paramiko, golang.org/x/crypto, russh
Source: GitHub Advisory Database
Blast Radius: 63.5
Published: 12 months ago
Moderate
GSA_kwCzR0hTQS1oZm1jLTc1MjUtbWo1Nc4AA34G
AsyncSSH vulnerable to Prefix Truncation Attack (a.k.a. Terrapin Attack) against ChaCha20-Poly1305 and Encrypt-then-MAC
Ecosystems: pypi
Packages: asyncssh
Source: GitHub Advisory Database
Blast Radius: 16.9
Published: 12 months ago
Moderate
GSA_kwCzR0hTQS1yamhmLTRtaDgtOXhqcc4AA34F
Zerocopy: Some Ref methods are unsound with some type parameters
Ecosystems: cargo
Packages: zerocopy
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 12 months ago
Moderate
GSA_kwCzR0hTQS0zeDN3LTg0OXEtNDIzds4AA33W
Xnx3 Wangmarket Cross-Site Scripting vulnerability
Ecosystems: maven
Packages: com.xnx3.wangmarket:wangmarket
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 12 months ago
Moderate
GSA_kwCzR0hTQS13OHhqLTk5MmctODQyZs4AA33M
phpMyFAQ Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: thorsten/phpmyfaq
Source: GitHub Advisory Database
Blast Radius: 3.3
Published: 12 months ago
Moderate
GSA_kwCzR0hTQS00aDM3LXE1ajMtaHc5Ns4AA33O
phpMyFAQ Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: thorsten/phpmyfaq
Source: GitHub Advisory Database
Blast Radius: 3.3
Published: 12 months ago
High
GSA_kwCzR0hTQS1wd2ZyLThwcTcteDlxds4AA32_
Unauthenticated Denial of Service in the octokit/webhooks library
Ecosystems: npm
Packages: probot, octokit, @octokit/app, @octokit/webhooks
Source: GitHub Advisory Database
Blast Radius: 32.3
Published: 12 months ago
Critical
GSA_kwCzR0hTQS1xajg2LXA3NHItN3dwNc4AA32-
Remote code execution/programming rights with configuration section from any user account
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-administration-ui
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 12 months ago
Critical
GSA_kwCzR0hTQS1jcDNqLTI3M3gtM2p4Y84AA329
XSS/CSRF Remote Code Execution in XWiki.ConfigurableClass
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-administration-ui
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 12 months ago
Critical
GSA_kwCzR0hTQS03NjU0LXZmaDYtcnc2eM4AA328
Remote code execution from account through SearchAdmin
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-search-ui
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 12 months ago
Moderate
GSA_kwCzR0hTQS0yZ3JoLWdyMzctMjI4M84AA327
Solr search discloses email addresses of users
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-search-solr-api
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 12 months ago
High
GSA_kwCzR0hTQS1wNmNwLTZyMzUtMzJtaM4AA324
Solr search discloses password hashes of all users
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-search-solr-api
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 12 months ago
High
GSA_kwCzR0hTQS0zNTZqLWhnNDUteDUyNc4AA323
Potential CSV export data leak
Ecosystems: rubygems
Packages: activeadmin
Source: GitHub Advisory Database
Blast Radius: 35.8
Published: 12 months ago
Low
GSA_kwCzR0hTQS1xcWhxLThyMmMtYzNmNc4AA322
nvdApiKey is logged in debug mode
Ecosystems: maven
Packages: org.owasp:dependency-check-maven, org.owasp:dependency-check-cli, org.owasp:dependency-check-ant
Source: GitHub Advisory Database
Blast Radius: 6.9
Published: 12 months ago
Statistics
Advisories: 20,749
Packages: 9,077
Repositories: 5,549
Ecosystems: 12
Filter by Severity
Moderate 8,858 High 7,309 Critical 3,076 Low 1,150
Filter by Ecosystem
maven 5,878 packagist 4,636 pypi 4,397 npm 3,818 go 2,305 nuget 1,553 cargo 890 rubygems 880 swift 33 hex 32 actions 21 pub 9
Filter by Package
tensorflow 433 tensorflow-gpu 427 tensorflow-cpu 423 moodle/moodle 367 Microsoft.ChakraCore 247 magento/community-edition 235 org.jenkins-ci.main:jenkins-core 193 typo3/cms 174 org.apache.tomcat:tomcat 132 pimcore/pimcore 118 dolibarr/dolibarr 113 typo3/cms-core 106 Django 100 microweber/microweber 94 phpmyadmin/phpmyadmin 92 drupal/core 92 silverstripe/framework 85 apache-airflow 85 drupal/drupal 78 librenms/librenms 74 Plone 72 thorsten/phpmyfaq 70 symfony/symfony 69 com.fasterxml.jackson.core:jackson-databind 69 github.com/usememos/memos 64 ansible 63 github.com/mattermost/mattermost/server/v8 61 concrete5/concrete5 60 actionpack 60 salt 56 org.apache.struts:struts2-core 55 org.keycloak:keycloak-core 52 shopware/platform 52 apache-superset 51 github.com/grafana/grafana 49 mlflow 47 baserproject/basercms 47 nova 47 com.liferay.portal:release.portal.bom 46 craftcms/cms 46 django 44 nokogiri 43 rdiffweb 42 plone 41 showdoc/showdoc 40 shopware/core 40 intelliants/subrion 39 vyper 38 org.apache.tomcat.embed:tomcat-embed-core 38 github.com/rancher/rancher 38 froxlor/froxlor 38 github.com/mattermost/mattermost-server/v6 37 nilsteampassnet/teampass 37 github.com/hashicorp/vault 37 org.keycloak:keycloak-services 37 mautic/core 37 com.thoughtworks.xstream:xstream 37 org.xwiki.platform:xwiki-platform-oldcore 37 org.elasticsearch:elasticsearch 36 k8s.io/kubernetes 36 com.jfinal:jfinal 36 matrix-synapse 35 moin 35 net.mingsoft:ms-mcms 35 snipe/snipe-it 35 github.com/answerdev/answer 34 gradio 34 io.undertow:undertow-core 34 zendframework/zendframework1 34 org.jenkins-ci.plugins:script-security 33 keystone 32 opencv-contrib-python 31 opencv-python 31 parse-server 31 Pillow 31 github.com/argoproj/argo-cd 31 shopware/shopware 30 getgrav/grav 29 github.com/docker/docker 29 github.com/hashicorp/consul 29 mediawiki/core 28 github.com/hashicorp/nomad 28 github.com/argoproj/argo-cd/v2 27 centreon/centreon 27 prestashop/prestashop 26 electron 26 github.com/cilium/cilium 26 openssl-src 26 directus 26 pillow 26 org.keycloak:keycloak-parent 25 gogs.io/gogs 25 org.apache.solr:solr-core 25 rubygems-update 25 magento/core 24 org.eclipse.jetty:jetty-server 24 org.springframework.security:spring-security-core 24 contao/core-bundle 24 rack 23 simplesamlphp/simplesamlphp 23 zendframework/zendframework 23 grumpydictator/firefly-iii 23 remdex/livehelperchat 23 pocketmine/pocketmine-mp 23 puppet 23 tribalsystems/zenario 22 getkirby/cms 22 ckb 22 org.bouncycastle:bcprov-jdk14 22 glance 21 Microsoft.AspNetCore.App.Runtime.win-x86 21 @openzeppelin/contracts-upgradeable 21 Microsoft.AspNetCore.App.Runtime.win-x64 21 org.apache.openmeetings:openmeetings-parent 21 activerecord 21 org.apache.nifi:nifi 21 org.cloudfoundry.identity:cloudfoundry-identity-server 20 langchain 20 funadmin/funadmin 20 @openzeppelin/contracts 20 laravel/framework 20 Microsoft.AspNetCore.App.Runtime.win-arm 20 code.gitea.io/gitea 20 github.com/ethereum/go-ethereum 20 contao/contao 19 org.xwiki.platform:xwiki-platform-web-templates 19 wasmtime 19 DotNetNuke.Core 19 org.springframework:spring-core 19 github.com/goharbor/harbor 19 next 18 golang.org/x/net 18 Microsoft.AspNetCore.App.Runtime.win-arm64 18 Microsoft.AspNetCore.App.Runtime.osx-x64 18 Microsoft.AspNetCore.App.Runtime.linux-x64 18 Microsoft.AspNetCore.App.Runtime.linux-musl-x64 18 mercurial 18 topthink/framework 18 cobbler 18 mindsdb 18 github.com/traefik/traefik/v2 18 Microsoft.AspNetCore.App.Runtime.linux-arm64 18 com.liferay.portal:release.dxp.bom 18 Microsoft.AspNetCore.App.Runtime.linux-arm 18 forkcms/forkcms 18 cockpit-hq/cockpit 18 com.vaadin:vaadin-bom 18 Microsoft.AspNetCore.App.Runtime.linux-musl-arm64 17 symfony/security 17 notebook 17 cakephp/cakephp 17 org.apache.geode:geode-core 17 genix/cms 17 ezsystems/ezpublish-kernel 17 helm.sh/helm/v3 17 opencart/opencart 17 neutron 17 francoisjacquet/rosariosis 17 phpbb/phpbb 16 sequelize 16 paddlepaddle 16 cryptography 16 org.apache.activemq:activemq-client 16 github.com/zitadel/zitadel 16 org.apache.dubbo:dubbo 16 tinymce 16 org.apache.jspwiki:jspwiki-main 16 typo3/cms-backend 16 rusqlite 16 PaddlePaddle 16 yetiforce/yetiforce-crm 16 org.bouncycastle:bcprov-jdk15 16 ethyca-fides 16 pyload-ng 16 openmage/magento-lts 16 OctoPrint 15 symfony/security-http 15 october/system 15 surrealdb 15 ghost 15 calibreweb 15 ec-cube/ec-cube 15 org.apache.struts.xwork:xwork-core 15 ckeditor4 15 smarty/smarty 15 modoboa 14 github.com/containerd/containerd 14 publify_core 14 org.apache.tomcat:tomcat-coyote 14 pyftpdlib 14 phpmailer/phpmailer 14 aiohttp 14 github.com/nats-io/nats-server/v2 14 joplin 14 org.apache.inlong:manager-pojo 14 camaleon_cms 14 dompdf/dompdf 14 org.xwiki.platform:xwiki-platform-web 14 bolt/bolt 14 activesupport 14
Filter by Repository
https://github.com/tensorflow/tensorflow 433 https://github.com/moodle/moodle 218 https://github.com/chakra-core/ChakraCore 214 https://github.com/xwiki/xwiki-platform 183 https://github.com/jenkinsci/jenkins 150 https://github.com/pimcore/pimcore 113 https://github.com/django/django 113 https://github.com/apache/tomcat 101 https://github.com/apache/airflow 100 https://github.com/microweber/microweber 88 https://github.com/keycloak/keycloak 79 https://github.com/TYPO3/typo3 74 https://github.com/FasterXML/jackson-databind 70 https://github.com/thorsten/phpmyfaq 69 https://github.com/librenms/librenms 66 https://github.com/silverstripe/silverstripe-framework 64 https://github.com/symfony/symfony 64 https://github.com/usememos/memos 64 https://github.com/rails/rails 59 https://github.com/ansible/ansible 58 https://github.com/Dolibarr/dolibarr 56 https://github.com/kubernetes/kubernetes 53 https://github.com/python-pillow/Pillow 52 https://github.com/apache/struts 46 https://github.com/spring-projects/spring-framework 45 https://github.com/shopware/platform 43 https://github.com/ikus060/rdiffweb 42 https://github.com/argoproj/argo-cd 42 https://github.com/grafana/grafana 41 https://github.com/concretecms/concretecms 41 https://github.com/vyperlang/vyper 38 https://github.com/star7th/showdoc 38 https://github.com/phpmyadmin/phpmyadmin 38 https://github.com/magento/magento2 38 https://github.com/x-stream/xstream 37 https://github.com/openstack/nova 37 https://github.com/plone/Products.CMFPlone 37 https://github.com/octobercms/october 35 https://github.com/mautic/mautic 35 https://github.com/answerdev/answer 34 https://github.com/craftcms/cms 34 https://github.com/saltstack/salt 34 https://github.com/rancher/rancher 34 https://github.com/dotnet/runtime 33 https://github.com/apache/activemq 33 https://github.com/opencv/opencv 32 https://github.com/go-gitea/gitea 32 https://github.com/sparklemotion/nokogiri 32 https://github.com/matrix-org/synapse 32 https://github.com/parse-community/parse-server 31 https://github.com/mlflow/mlflow 31 https://github.com/gradio-app/gradio 31 https://github.com/PaddlePaddle/Paddle 31 https://github.com/snipe/snipe-it 30 https://github.com/openstack/keystone 28 https://github.com/shopware/shopware 28 https://github.com/CVEProject/cvelist 28 https://github.com/apache/inlong 27 https://github.com/cilium/cilium 26 https://github.com/froxlor/froxlor 26 https://github.com/baserproject/basercms 26 https://github.com/directus/directus 25 https://github.com/contao/contao 25 https://github.com/github/advisory-database 25 https://github.com/electron/electron 25 https://github.com/umbraco/Umbraco-CMS 25 https://github.com/gogs/gogs 24 https://github.com/getgrav/grav 24 https://github.com/strapi/strapi 24 https://github.com/TYPO3/TYPO3.CMS 24 https://github.com/pmmp/PocketMine-MP 23 https://github.com/eclipse/jetty.project 23 https://github.com/firefly-iii/firefly-iii 23 https://github.com/livehelperchat/livehelperchat 23 https://github.com/apache/nifi 23 https://github.com/langchain-ai/langchain 22 https://github.com/hashicorp/consul 22 https://github.com/PrestaShop/PrestaShop 22 https://github.com/nervosnetwork/ckb 22 https://github.com/jenkinsci/script-security-plugin 21 https://github.com/apache/cxf 21 https://github.com/netty/netty 21 https://github.com/funadmin/funadmin 20 https://github.com/jeecgboot/jeecg-boot 20 https://github.com/OpenNMS/opennms 20 https://github.com/undertow-io/undertow 20 https://github.com/OpenZeppelin/openzeppelin-contracts 20 https://github.com/simplesamlphp/simplesamlphp 20 https://github.com/bytecodealliance/wasmtime 20 https://github.com/cloudfoundry/uaa 19 https://github.com/bcgit/bc-java 19 https://github.com/zitadel/zitadel 19 https://github.com/getkirby/kirby 19 https://github.com/goharbor/harbor 19 https://github.com/nilsteampassnet/teampass 19 https://github.com/rubygems/rubygems 18 https://github.com/geoserver/geoserver 18 https://github.com/nilsteampassnet/TeamPass 18 https://github.com/intelliants/subrion 18 https://github.com/rack/rack 18 https://github.com/traefik/traefik 18 https://github.com/helm/helm 18 https://github.com/moby/moby 17 https://github.com/liufee/cms 17 https://github.com/vaadin/platform 17 https://github.com/mindsdb/mindsdb 17 https://github.com/opencast/opencast 17 https://github.com/hashicorp/vault 17 https://github.com/backstage/backstage 16 https://github.com/tinymce/tinymce 16 https://github.com/etcd-io/etcd 16 https://github.com/ethyca/fides 16 https://github.com/yetiforcecompany/yetiforcecrm 16 https://github.com/sequelize/sequelize 16 https://github.com/ethereum/go-ethereum 16 https://github.com/TYPO3-CMS/core 16 https://github.com/laravel/framework 16 https://github.com/denoland/deno 16 https://github.com/forkcms/forkcms 16 https://github.com/rusqlite/rusqlite 16 https://github.com/pyload/pyload 16 https://github.com/mattermost/mattermost 16 https://github.com/OpenMage/magento-lts 16 https://github.com/centreon/centreon 15 https://github.com/dompdf/dompdf 15 https://github.com/zendframework/zendframework 15 https://github.com/decidim/decidim 15 https://github.com/vantage6/vantage6 15 https://github.com/puppetlabs/puppet 15 https://github.com/surrealdb/surrealdb 15 https://github.com/apache/camel 15 https://github.com/pyca/cryptography 15 https://github.com/PHPMailer/PHPMailer 15 https://github.com/cobbler/cobbler 15 https://github.com/xuxueli/xxl-job 14 https://github.com/aio-libs/aiohttp 14 https://github.com/vercel/next.js 14 https://github.com/cockpit-hq/cockpit 14 https://github.com/janeczku/calibre-web 14 https://github.com/hashicorp/nomad 14 https://github.com/dotnet/aspnetcore 14 https://github.com/ckeditor/ckeditor4 14 https://github.com/twisted/twisted 14 https://github.com/containerd/containerd 14 https://github.com/publify/publify 13 https://github.com/OPCFoundation/UA-.NETStandard 13 https://github.com/golang/go 13 https://github.com/swagger-api/swagger-ui 13 https://github.com/laurent22/joplin 13 https://github.com/OpenRefine/OpenRefine 13 https://github.com/dromara/hutool 13 https://github.com/ming-soft/MCMS 13 https://github.com/apache/dolphinscheduler 13 https://github.com/nodejs/undici 13 https://github.com/TryGhost/Ghost 13 https://github.com/quarkusio/quarkus 13 https://github.com/modoboa/modoboa 13 https://github.com/openstack/glance 12 https://github.com/apache/kylin 12 https://github.com/centreon/centreon-archived 12 https://github.com/opencontainers/runc 12 https://github.com/openfga/openfga 12 https://github.com/puma/puma 12 https://github.com/patriksimek/vm2 12 https://github.com/urllib3/urllib3 12 https://github.com/pimcore/admin-ui-classic-bundle 12 https://github.com/containers/podman 12 https://github.com/smarty-php/smarty 12 https://github.com/PHPOffice/PhpSpreadsheet 12 https://github.com/1Panel-dev/1Panel 12 https://github.com/wagtail/wagtail 12 https://github.com/nats-io/nats-server 11 https://github.com/getsentry/sentry 11 https://github.com/zenml-io/zenml 11 https://github.com/vaadin/flow 11 https://github.com/cri-o/cri-o 11 https://github.com/NodeBB/NodeBB 11 https://github.com/dolibarr/dolibarr 11 https://github.com/spring-projects/spring-security 11 https://github.com/onionshare/onionshare 11 https://github.com/cakephp/cakephp 11 https://github.com/WWBN/AVideo 11 https://github.com/igniterealtime/Openfire 11 https://github.com/thorsten/phpMyFAQ 11 https://github.com/matrix-org/matrix-js-sdk 11 https://github.com/pomerium/pomerium 11 https://github.com/Studio-42/elFinder 11 https://github.com/Pylons/waitress 11 https://github.com/scrapy/scrapy 11 https://github.com/dpgaspar/Flask-AppBuilder 11 https://github.com/Sylius/Sylius 11 https://github.com/drupal/core 11 https://github.com/ezsystems/ezpublish-kernel 11 https://github.com/yiisoft/yii2 11 https://github.com/owen2345/camaleon-cms 11 https://github.com/top-think/framework 11 https://github.com/cloudflare/cfrpki 11 https://github.com/opencart/opencart 10 https://github.com/nocodb/nocodb 10