Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories

Browse all Security Advisories for

Loading...
High
GSA_kwCzR0hTQS1yd2YzLXc0anEtZjRjbc4AA3pe
Directory Traversal in evershop
Ecosystems: npm
Packages: @evershop/evershop
Source: GitHub Advisory Database
Blast Radius: 8.3
Published: 12 months ago
Moderate
GSA_kwCzR0hTQS00d3JtLXFtcTItNWZqeM4AA3pc
Directory Traversal in evershop
Ecosystems: npm
Packages: @evershop/evershop
Source: GitHub Advisory Database
Blast Radius: 5.3
Published: 12 months ago
Moderate
GSA_kwCzR0hTQS03NDQzLTU5NjItd3A0cs4AA3pf
Directory Traversal in evershop
Ecosystems: npm
Packages: @evershop/evershop
Source: GitHub Advisory Database
Blast Radius: 5.4
Published: 12 months ago
Low
GSA_kwCzR0hTQS1qNGczLTNxOHgtanhxcM4AA3ow
dbt-core's secret env vars written to package-lock.json in plaintext
Ecosystems: pypi
Packages: dbt-core
Source: GitHub Advisory Database
Blast Radius: 8.8
Published: 12 months ago
Moderate
GSA_kwCzR0hTQS1tNDJ2LXF2M2MtaDZqN84AA3os
Cross-site Scripting in JFinalCMS
Ecosystems: maven
Packages: com.jfinal:jfinal
Source: GitHub Advisory Database
Blast Radius: 15.8
Published: 12 months ago
Moderate
GSA_kwCzR0hTQS1mMnc4LTRtNDgtNXFycc4AA3oj
Cross-site Scripting in JFinalCMS
Ecosystems: maven
Packages: com.jfinal:jfinal
Source: GitHub Advisory Database
Blast Radius: 15.8
Published: 12 months ago
Moderate
GSA_kwCzR0hTQS1oamZwLTJqN3EteG14NM4AA3ot
Cross-site Scripting in JFinalCMS
Ecosystems: maven
Packages: com.jfinal:jfinal
Source: GitHub Advisory Database
Blast Radius: 15.8
Published: 12 months ago
High
GSA_kwCzR0hTQS03Nzg3LXA3eDYtZnEzas4AA3oi
Candid infinite decoding loop through specially crafted payload
Ecosystems: cargo
Packages: candid
Source: GitHub Advisory Database
Blast Radius: 16.7
Published: 12 months ago
High
GSA_kwCzR0hTQS05ajV3LTJjcWMtY3dqOc4AA3oh
Magento LTS vulnerable to Stored XSS via TinyMCE WYSIWYG Editor
Ecosystems: packagist
Packages: openmage/magento-lts
Source: GitHub Advisory Database
Blast Radius: 11.2
Published: 12 months ago
Moderate
GSA_kwCzR0hTQS1oZmdyLWgzdmMtcDZjMs4AA3og
DockerSpawner allows any image by default
Ecosystems: pypi
Packages: dockerspawner
Source: GitHub Advisory Database
Blast Radius: 7.4
Published: 12 months ago
High
GSA_kwCzR0hTQS1taDhqLTlqdmgtZ2pmNs4AA3oc
mockjs vulnerable to Prototype Pollution via the Util.extend function
Ecosystems: npm
Packages: mockjs
Source: GitHub Advisory Database
Blast Radius: 35.9
Published: 12 months ago
High
GSA_kwCzR0hTQS1wOHE2LXFyZ2otN2d4Ms4AA3oa
Microweber allows a remote attacker to obtain sensitive information via the HTTP GET method
Ecosystems: packagist
Packages: microweber/microweber
Source: GitHub Advisory Database
Blast Radius: 5.2
Published: 12 months ago
Low
GSA_kwCzR0hTQS05cjZwLWhnNGctNWd4cM4AA3oU
Microweber missing standardized error handling mechanism
Ecosystems: packagist
Packages: microweber/microweber
Source: GitHub Advisory Database
Blast Radius: 2.2
Published: 12 months ago
Moderate
GSA_kwCzR0hTQS1jNzlmLXBxZ2YtZmhwM84AA3n1
Directory Traversal in Gladys Assistant
Ecosystems: npm
Packages: gladys
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 12 months ago
Critical
GSA_kwCzR0hTQS0yajM5LXFjam0tNDI4d84AA3mt
Apache Struts vulnerable to path traversal
Ecosystems: maven
Packages: org.apache.struts:struts2-core
Source: GitHub Advisory Database
Blast Radius: 37.2
Published: 12 months ago
Moderate
GSA_kwCzR0hTQS12d2hmLTN2Nngtd2ZmOM4AA3mS
Cross-site Scripting (XSS) in MLflow
Ecosystems: pypi
Packages: mlflow
Source: GitHub Advisory Database
Blast Radius: 24.1
Published: 12 months ago
Moderate
GSA_kwCzR0hTQS0zcnB4LXBnbWYtajk2aM4AA3mF
Microweber Business Logic Errors
Ecosystems: packagist
Packages: microweber/microweber
Source: GitHub Advisory Database
Blast Radius: 4.1
Published: 12 months ago
Low
GSA_kwCzR0hTQS12N2hjLTg3amMtcXJycs4AA3l6
eventing-github vulnerable to denial of service caused by improper enforcement of the timeout on individual read operations
Ecosystems: go
Packages: knative.dev/eventing-github
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 12 months ago
Moderate
GSA_kwCzR0hTQS14ZnY1LWpxZ3AtdnFoas4AA3l0
Quarkus Cache Runtime exposes sensitive information to an unauthorized actor
Ecosystems: maven
Packages: io.quarkus:quarkus-cache
Source: GitHub Advisory Database
Blast Radius: 13.2
Published: 12 months ago
High
GSA_kwCzR0hTQS03NjY0LWhjcDctZjQ5N84AA3lu
Mattermost Injection vulnerability
Ecosystems: go
Packages: github.com/mattermost/mattermost/server, github.com/mattermost/mattermost/server/v8, github.com/mattermost/mattermost-server/v6
Source: GitHub Advisory Database
Blast Radius: 15.8
Published: 12 months ago
Moderate
GSA_kwCzR0hTQS02M2N2LTRwYzItNGZjZs4AA3lw
Mattermost Exposure of Sensitive Information to an Unauthorized Actor vulnerability
Ecosystems: go
Packages: github.com/mattermost/mattermost/server/v8, github.com/mattermost/mattermost-server/v6
Source: GitHub Advisory Database
Blast Radius: 11.8
Published: 12 months ago
Moderate
GSA_kwCzR0hTQS01ODQ0LXEzZmMtNTZyaM4AA3lZ
pubnub Insufficient Entropy vulnerability
Ecosystems: swift, pypi, pub, packagist, cargo, rubygems, nuget, go, maven, npm
Packages: github.com/pubnub/swift, pubnub, pubnub/pubnub, Pubnub, github.com/pubnub/go/v5, github.com/pubnub/go/v6, github.com/pubnub/go, github.com/pubnub/go/v7, com.pubnub:pubnub, com.pubnub:pubnub-kotlin
Source: GitHub Advisory Database
Blast Radius: 82.5
Published: 12 months ago
Low
GSA_kwCzR0hTQS12NWY2LWhqbWYtOW1jNc4AA3lG
PyDrive2's unsafe YAML deserialization in LoadSettingsFile allows arbitrary code execution
Ecosystems: pypi
Packages: PyDrive2
Source: GitHub Advisory Database
Blast Radius: 6.8
Published: 12 months ago
Moderate
GSA_kwCzR0hTQS1wanJqLWg0ZmctNmdtNM4AA3lF
tokio-boring vulnerable to resource exhaustion via memory leak
Ecosystems: cargo
Packages: tokio-boring
Source: GitHub Advisory Database
Blast Radius: 7.6
Published: 12 months ago
Low
GSA_kwCzR0hTQS14OXFxLTIzNmotZ2o5N84AA3lE
Canonical LXD documentation improvement to make clear restricted.devices.disk=allow without restricted.devices.disk.paths also allows shift=true
Ecosystems: go
Packages: github.com/canonical/lxd
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 12 months ago
Moderate
GSA_kwCzR0hTQS05MnIzLW0ybWctcGo5N84AA3lD
Vite XSS vulnerability in `server.transformIndexHtml` via URL payload
Ecosystems: npm
Packages: vite
Source: GitHub Advisory Database
Blast Radius: 33.9
Published: 12 months ago
High
GSA_kwCzR0hTQS04ajk4LWNqZnItcXgzaM4AA3lC
github.com/ecies/go vulnerable to possible private key restoration
Ecosystems: go
Packages: github.com/ecies/go/v2
Source: GitHub Advisory Database
Blast Radius: 8.1
Published: 12 months ago
Critical
GSA_kwCzR0hTQS04djh3LXY4eGctNzlyZs4AA3lB
tj-actions/branch-names's Improper Sanitization of Branch Name Leads to Arbitrary Code Injection
Ecosystems: actions
Packages: tj-actions/branch-names
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 12 months ago
Moderate
GSA_kwCzR0hTQS03Zjl4LWd3ODUtOGdyZs4AA3lA
lestrrat-go/jwx's malicious parameters in JWE can cause a DOS
Ecosystems: go
Packages: github.com/lestrrat-go/jwx/v2, github.com/lestrrat-go/jwx
Source: GitHub Advisory Database
Blast Radius: 18.3
Published: 12 months ago
Moderate
GSA_kwCzR0hTQS03bWM2LXg5MjUtN3F2eM4AA3k_
Test code in published microsoft-graph-beta package exposes phpinfo()
Ecosystems: packagist
Packages: microsoft/microsoft-graph-beta
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 12 months ago
Moderate
GSA_kwCzR0hTQS1taGhwLWMzY20tMnI4Ns4AA3k-
Test code in published microsoft-graph-core package exposes phpinfo()
Ecosystems: packagist
Packages: microsoft/microsoft-graph-core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 12 months ago
Moderate
GSA_kwCzR0hTQS1jZ3dxLTZwcnEtOGg5cc4AA3k9
Test code in published microsoft-graph package exposes phpinfo()
Ecosystems: packagist
Packages: microsoft/microsoft-graph
Source: GitHub Advisory Database
Blast Radius: 13.2
Published: 12 months ago
High
GSA_kwCzR0hTQS0yZnI3LWNjN3AtcDQ1cc4AA3k6
Data leak of password hash through change requests
Ecosystems: maven
Packages: org.xwiki.contrib.changerequest:application-changerequest-default
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 12 months ago
Moderate
GSA_kwCzR0hTQS1ydjc0LW0yODMtNWo5Nc4AA3k5
Elasticsearch-hadoop Unsafe Deserialization
Ecosystems: maven
Packages: org.elasticsearch:elasticsearch-hadoop
Source: GitHub Advisory Database
Blast Radius: 14.8
Published: 12 months ago
Moderate
GSA_kwCzR0hTQS1oNTZnLWdxOXYtdmM4cs4AA3kx
jupyter-server errors include tracebacks with path information
Ecosystems: pypi
Packages: jupyter-server
Source: GitHub Advisory Database
Blast Radius: 16.6
Published: 12 months ago
High
GSA_kwCzR0hTQS02ZndnLWpyZnctZmY3cM4AA3kw
Traefik docker container using 100% CPU
Ecosystems: go
Packages: github.com/traefik/traefik/v3, github.com/traefik/traefik/v2
Source: GitHub Advisory Database
Blast Radius: 12.9
Published: 12 months ago
Moderate
GSA_kwCzR0hTQS04Zzg1LXdocWgtY3IyZs4AA3kv
Traefik vulnerable to potential DDoS via ACME HTTPChallenge
Ecosystems: go
Packages: github.com/traefik/traefik/v3, github.com/traefik/traefik/v2
Source: GitHub Advisory Database
Blast Radius: 10.1
Published: 12 months ago
Moderate
GSA_kwCzR0hTQS1mdmhqLTRxZmgtcTJobc4AA3ku
Traefik incorrectly processes fragment in the URL, leads to Authorization Bypass
Ecosystems: go
Packages: github.com/traefik/traefik/v3, github.com/traefik/traefik/v2
Source: GitHub Advisory Database
Blast Radius: 11.2
Published: 12 months ago
High
GSA_kwCzR0hTQS0zMmoyLWM3bXgtdjRqas4AA3kp
Cross-Site Request Forgery in JFinalCMS via /admin/nav/update
Ecosystems: maven
Packages: com.jfinal:jfinal
Source: GitHub Advisory Database
Blast Radius: 25.8
Published: 12 months ago
High
GSA_kwCzR0hTQS1td3ZxLWdjNXctbTc4Zs4AA3kh
Cross-Site Request Forgery in JFinalCMS via /admin/category/delete
Ecosystems: maven
Packages: com.jfinal:jfinal
Source: GitHub Advisory Database
Blast Radius: 25.8
Published: 12 months ago
High
GSA_kwCzR0hTQS1wdjNnLXZjM3EtOGM5Z84AA3kt
Cross-Site Request Forgery in JFinalCMS via admin/nav/delete
Ecosystems: maven
Packages: com.jfinal:jfinal
Source: GitHub Advisory Database
Blast Radius: 25.8
Published: 12 months ago
High
GSA_kwCzR0hTQS1odjRjLXY4ajgtNTRjd84AA3ki
Cross-Site Request Forgery in JFinalCMS via /admin/nav/save
Ecosystems: maven
Packages: com.jfinal:jfinal
Source: GitHub Advisory Database
Blast Radius: 25.8
Published: 12 months ago
High
GSA_kwCzR0hTQS1ycTJxLWhjNmgtMnB4Ms4AA3kl
Cross-Site Request Forgery in JFinalCMS via /admin/tag/save
Ecosystems: maven
Packages: com.jfinal:jfinal
Source: GitHub Advisory Database
Blast Radius: 25.8
Published: 12 months ago
High
GSA_kwCzR0hTQS04ODJnLWdqcXAtOXZqcM4AA3kf
Cross-Site Request Forgery in JFinalCMS via /admin/category/save
Ecosystems: maven
Packages: com.jfinal:jfinal
Source: GitHub Advisory Database
Blast Radius: 25.8
Published: 12 months ago
High
GSA_kwCzR0hTQS02djU1LWg2bTUtMjM1Ms4AA3kq
Cross-Site Request Forgery in JFinalCMS via /admin/div/delete
Ecosystems: maven
Packages: com.jfinal:jfinal
Source: GitHub Advisory Database
Blast Radius: 25.8
Published: 12 months ago
High
GSA_kwCzR0hTQS1yMjIyLW1jZmYtMjdmZs4AA3ke
Cross-Site Request Forgery in JFinalCMS via /admin/div/update
Ecosystems: maven
Packages: com.jfinal:jfinal
Source: GitHub Advisory Database
Blast Radius: 25.8
Published: 12 months ago
High
GSA_kwCzR0hTQS04aGNoLXE4NmctajM4d84AA3kc
Cross-Site Request Forgery in JFinalCMS via /admin/category/update
Ecosystems: maven
Packages: com.jfinal:jfinal
Source: GitHub Advisory Database
Blast Radius: 25.8
Published: 12 months ago
High
GSA_kwCzR0hTQS01ZjU2LWg2ZmctcmNyaM4AA3kg
Cross-Site Request Forgery in JFinalCMS via /admin/category/updateStatus
Ecosystems: maven
Packages: com.jfinal:jfinal
Source: GitHub Advisory Database
Blast Radius: 25.8
Published: 12 months ago
High
GSA_kwCzR0hTQS1ndzI2LWNjaGMtOGYyZs4AA3kr
Cross-Site Request Forgery in JFinalCMS via /admin/form/save
Ecosystems: maven
Packages: com.jfinal:jfinal
Source: GitHub Advisory Database
Blast Radius: 25.8
Published: 12 months ago
High
GSA_kwCzR0hTQS13NDkyLTdnOW0tajJ3d84AA3ka
Cross-Site Request Forgery in JFinalCMS
Ecosystems: maven
Packages: com.jfinal:jfinal
Source: GitHub Advisory Database
Blast Radius: 25.8
Published: 12 months ago
High
GSA_kwCzR0hTQS1nZmh2LXh4cWotaDMyM84AA3kn
Cross-Site Request Forgery in JFinalCMS via /admin/friend_link/update
Ecosystems: maven
Packages: com.jfinal:jfinal
Source: GitHub Advisory Database
Blast Radius: 25.8
Published: 12 months ago
High
GSA_kwCzR0hTQS1yMndqLW14dmgtd3FmaM4AA3kj
Cross-Site Request Forgery in JFinalCMS via the component /admin/friend_link/save
Ecosystems: maven
Packages: com.jfinal:jfinal
Source: GitHub Advisory Database
Blast Radius: 25.8
Published: 12 months ago
High
GSA_kwCzR0hTQS1jajdqLTIzd2YtbWhyeM4AA3kk
Cross-Site Request Forgery in JFinalCMS
Ecosystems: maven
Packages: com.jfinal:jfinal
Source: GitHub Advisory Database
Blast Radius: 25.8
Published: 12 months ago
High
GSA_kwCzR0hTQS03NjVmLTNtZ3gtMjRwd84AA3kd
Cross-Site Request Forgery in JFinalCMS via /admin/friend_link/delete
Ecosystems: maven
Packages: com.jfinal:jfinal
Source: GitHub Advisory Database
Blast Radius: 25.8
Published: 12 months ago
High
GSA_kwCzR0hTQS1yNm1nLWZxODctZ3czNM4AA3kb
Cross-Site Request Forgery in JFinalCMS via /admin/tag/update
Ecosystems: maven
Packages: com.jfinal:jfinal
Source: GitHub Advisory Database
Blast Radius: 25.8
Published: 12 months ago
High
GSA_kwCzR0hTQS05d3ZqLXdyMmYtNm14Ns4AA3km
Cross-Site Request Forgery in JFinalCMS
Ecosystems: maven
Packages: com.jfinal:jfinal
Source: GitHub Advisory Database
Blast Radius: 25.8
Published: 12 months ago
High
GSA_kwCzR0hTQS1yN3cyLWo5NnYtdnc4bc4AA3ko
Cross-Site Request Forgery in JFinalCMS via /admin/slide/update
Ecosystems: maven
Packages: com.jfinal:jfinal
Source: GitHub Advisory Database
Blast Radius: 25.8
Published: 12 months ago
High
GSA_kwCzR0hTQS03MjlxLWZjZ3AtcjV4aM4AA3kR
Apache Struts Improper Control of Dynamically-Managed Code Resources vulnerability
Ecosystems: maven
Packages: org.apache.struts:struts2-core
Source: GitHub Advisory Database
Blast Radius: 28.4
Published: 12 months ago
High
GSA_kwCzR0hTQS13cXhmLTQ0N20tNmY1Zs4AA3kN
Information exposure in MLflow
Ecosystems: pypi
Packages: mlflow
Source: GitHub Advisory Database
Blast Radius: 27.8
Published: 12 months ago
Moderate
GSA_kwCzR0hTQS04djZqLWdjNzQtZm1wcM4AA3hz
Ajax Pro Cross-site Scripting
Ecosystems: nuget
Packages: AjaxNetProfessional
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 12 months ago
High
GSA_kwCzR0hTQS1qM3JxLTR4ancteGc2M84AA3hy
Go package github.com/edgelesssys/marblerun CLI commands susceptible to MITM attacks
Ecosystems: go
Packages: github.com/edgelesssys/marblerun
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 12 months ago
Critical
GSA_kwCzR0hTQS0zN3ZxLWhyMmYtZzdoN84AA3hx
HtmlUnit vulnerable to Remote Code Execution (RCE) via XSTL
Ecosystems: maven
Packages: org.htmlunit:htmlunit
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 12 months ago
Critical
GSA_kwCzR0hTQS1ncWoyLTMyNHAtdng3M84AA3hv
Microcks contains a Server-Side Request Forgery (SSRF) via the component /jobs and /artifact/download
Ecosystems: maven
Packages: io.github.microcks:microcks
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 12 months ago
High
GSA_kwCzR0hTQS03Z3E5LXA5NGYtZzV2Oc4AA3hu
ThinkAdmin arbitrary file upload vulnerability
Ecosystems: packagist
Packages: zoujingli/thinkadmin
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 12 months ago
Critical
GSA_kwCzR0hTQS12d2dnLTJxODItMzhjNc4AA3hw
Solon is vulnerable to Deserialization of Untrusted Data
Ecosystems: maven
Packages: org.noear:solon
Source: GitHub Advisory Database
Blast Radius: 18.7
Published: 12 months ago
Moderate
GSA_kwCzR0hTQS00ZzZxLTc3ajctdnZqY84AA3hm
Logging of the firestore key within nodejs-firestore
Ecosystems: npm
Packages: @google-cloud/firestore
Source: GitHub Advisory Database
Blast Radius: 19.3
Published: 12 months ago
High
GSA_kwCzR0hTQS1nbTYyLXJ3NGctdnJjNM4AA3hi
Logback is vulnerable to an attacker mounting a Denial-Of-Service attack by sending poisoned data
Ecosystems: maven
Packages: ch.qos.logback:logback-core
Source: GitHub Advisory Database
Blast Radius: 32.9
Published: 12 months ago
Critical
GSA_kwCzR0hTQS02cHF4LXY5ZzQtNWhjOM4AA3fC
Jupiter allows attackers to execute arbitrary commands via sending a crafted RPC request
Ecosystems: maven
Packages: org.jupiter-rpc:jupiter-rpc
Source: GitHub Advisory Database
Blast Radius: 4.7
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS13ajdmLTQ2OG0tNm12OM4AA3e_
Environment variables still accessible through /proc
Ecosystems: cargo
Packages: birdcage
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS03bTQ4LXdjOTMtOWc4Nc4AA3e-
ASAR Integrity bypass via filetype confusion in electron
Ecosystems: npm
Packages: electron
Source: GitHub Advisory Database
Blast Radius: 30.3
Published: about 1 year ago
High
GSA_kwCzR0hTQS03dndyLWc2cG0tOWhjOM4AA3e0
Cookie leakage between different users in fastapi-proxy-lib
Ecosystems: pypi
Packages: fastapi-proxy-lib
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS02ZzNqLXA1ZzYtOTkyZs4AA3ez
OpenSearch StackOverflow vulnerability
Ecosystems: maven
Packages: org.opensearch:opensearch
Source: GitHub Advisory Database
Blast Radius: 13.9
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1yOGo5LTVjajctY3YzOc4AA3ey
Reflected XSS Vulnerability in dpaste
Ecosystems: pypi
Packages: Dpaste
Source: GitHub Advisory Database
Blast Radius: 3.7
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS1mZzI5LTM3cHgtYzd3bc4AA3et
RuoYi vulnerable to SQL injection vulnerability
Ecosystems: maven
Packages: com.ruoyi:ruoyi
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
High
GSA_kwCzR0hTQS1xdzRoLTN4amotODRjY84AA3d-
Apache Tiles: Unvalidated input may lead to path traversal and XXE
Ecosystems: maven
Packages: org.apache.tiles:tiles-core
Source: GitHub Advisory Database
Blast Radius: 29.2
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1qMjRoLXhjcGMtOWp3OM4AA3d2
Eclipse IDE XXE in eclipse.platform
Ecosystems: maven
Packages: org.eclipse.jdt:org.eclipse.jdt.ui, org.eclipse.platform:org.eclipse.urischeme, org.eclipse.platform:org.eclipse.ui.workbench, org.eclipse.platform:org.eclipse.ui.ide, org.eclipse.platform:org.eclipse.ui.forms, org.eclipse.platform:org.eclipse.jface, org.eclipse.platform:org.eclipse.platform, org.eclipse.platform:org.eclipse.core.runtime
Source: GitHub Advisory Database
Blast Radius: 10.8
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1wcnIzLWMzbTUtcDdxMs4AA3d1
@adobe/css-tools Improper Input Validation and Inefficient Regular Expression Complexity
Ecosystems: npm
Packages: @adobe/css-tools
Source: GitHub Advisory Database
Blast Radius: 27.7
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS04cWZtLWg4cmgtaDNyN84AA3b4
PHPMemcachedAdmin Path Traversal vulnerability
Ecosystems: packagist
Packages: elijaa/phpmemcacheadmin
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1wcjR3LW00cnAtZ3A4N84AA3ck
PHPMemcachedAdmin vulnerable to cross-site scripting (XSS) via improper encoding
Ecosystems: packagist
Packages: elijaa/phpmemcacheadmin
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS03N2pnLWNwdzktNzN2Z84AA3bl
Apache Cocoon Improper Restriction of XML External Entity Reference vulnerability
Ecosystems: maven
Packages: org.apache.cocoon:cocoon
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1yNDRxLTk4Z3gtcG1oMs4AA3bb
Apache DolphinScheduler Missing Authorization vulnerability
Ecosystems: maven
Packages: org.apache.dolphinscheduler:dolphinscheduler-service, org.apache.dolphinscheduler:dolphinscheduler-dao, org.apache.dolphinscheduler:dolphinscheduler-common, org.apache.dolphinscheduler:dolphinscheduler-api
Source: GitHub Advisory Database
Blast Radius: 12.4
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS04djR3LWpyMzMtNHJoM84AA3bY
Apache Cocoon SQL Injection vulnerability
Ecosystems: maven
Packages: org.apache.cocoon:cocoon
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
High
GSA_kwCzR0hTQS0yYzd4LXczbXgtaDdwNs4AA3ba
Microweber file upload vulnerability
Ecosystems: packagist
Packages: microweber/microweber
Source: GitHub Advisory Database
Blast Radius: 6.2
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1ydng4LXAzeHAtZmozcM4AA3a4
October CMS stored XSS by authenticated backend user with improper configuration
Ecosystems: packagist
Packages: october/system
Source: GitHub Advisory Database
Blast Radius: 13.7
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1neGh4LWc0ZnEtNDloas4AA3a3
CarrierWave Content-Type allowlist bypass vulnerability, possibly leading to XSS
Ecosystems: rubygems
Packages: carrierwave
Source: GitHub Advisory Database
Blast Radius: 32.8
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS1wOHEzLWg2NTItNjV2eM4AA3a2
October CMS safe mode bypass using Twig sandbox escape
Ecosystems: packagist
Packages: october/system
Source: GitHub Advisory Database
Blast Radius: 23.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1xMjJqLTVyM2ctOWhtaM4AA3a1
October CMS safe mode bypass using Page template injection
Ecosystems: packagist
Packages: october/system
Source: GitHub Advisory Database
Blast Radius: 12.4
Published: about 1 year ago
Low
GSA_kwCzR0hTQS04aGM1LXJtZ2YtcXg2cM4AA3a0
Keycloak vulnerable to LDAP Injection on UsernameForm Login
Ecosystems: maven
Packages: org.keycloak:keycloak-services, org.keycloak:keycloak-ldap-federation
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
High
GSA_kwCzR0hTQS0yd21qLTQ2cmotcW0yd84AA3az
ZITADEL Account Takeover via Malicious Host Header Injection
Ecosystems: go
Packages: github.com/zitadel/zitadel
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
High
GSA_kwCzR0hTQS1jdjR4LTlmMzQtOHJwOc4AA3ae
Jenkins MATLAB Plugin missing permission checks
Ecosystems: maven
Packages: org.jenkins-ci.plugins:matlab
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1waDg3LTR4MmctNmhwNM4AA3al
Jenkins NeuVector Vulnerability Scanner Plugin missing permission check
Ecosystems: maven
Packages: io.jenkins.plugins:neuvector-vulnerability-scanner
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
High
GSA_kwCzR0hTQS04MnE5LTg4bTItNHY2OM4AA3ai
Jenkins MATLAB Plugin XML External Entity vulnerability
Ecosystems: maven
Packages: org.jenkins-ci.plugins:matlab
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS13cGZjLXI1cXEtN3I3cM4AA3af
Jenkins NeuVector Vulnerability Scanner Plugin Cross-Site Request Forgery vulnerability
Ecosystems: maven
Packages: io.jenkins.plugins:neuvector-vulnerability-scanner
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
High
GSA_kwCzR0hTQS05ZjVnLXJnY3ItOGdyd84AA3aj
Jenkins MATLAB Plugin cross-site request forgery vulnerability
Ecosystems: maven
Packages: org.jenkins-ci.plugins:matlab
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1xbWhxLTg3NmYtY3I2Nc4AA3ag
Jenkins Jira Plugin vulnerable to exposure of system-scoped credentials
Ecosystems: maven
Packages: org.jenkins-ci.plugins:jira
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1wZ3BqLTgzZzMtbWZyMs4AA3ah
Jenkins Google Compute Engine Plugin has incorrect permission checks
Ecosystems: maven
Packages: org.jenkins-ci.plugins:google-compute-engine
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
High
GSA_kwCzR0hTQS12bXE2LTVtNjgtZjUzbc4AA3ab
logback serialization vulnerability
Ecosystems: maven
Packages: ch.qos.logback:logback-classic, ch.qos.logback:logback-core
Source: GitHub Advisory Database
Blast Radius: 36.6
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1jMzh3LTc0cGctMzZocs4AA3Z_
Marvin Attack: potential key recovery through timing sidechannels
Ecosystems: cargo
Packages: rsa
Source: GitHub Advisory Database
Blast Radius: 20.6
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS00Z3J4LTJ4OXctNTk2Y84AA3Z-
Marvin Attack: potential key recovery through timing sidechannels
Ecosystems: cargo
Packages: rsa
Source: GitHub Advisory Database
Blast Radius: 20.6
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS14cGhmLWN4OGgtN3E5Z84AA3Zx
`openssl` `X509StoreRef::objects` is unsound
Ecosystems: cargo
Packages: openssl
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
Statistics
Advisories: 20,749
Packages: 9,077
Repositories: 5,549
Ecosystems: 12
Filter by Severity
Moderate 8,858 High 7,309 Critical 3,076 Low 1,150
Filter by Ecosystem
maven 5,878 packagist 4,636 pypi 4,397 npm 3,818 go 2,305 nuget 1,553 cargo 890 rubygems 880 swift 33 hex 32 actions 21 pub 9
Filter by Package
tensorflow 433 tensorflow-gpu 427 tensorflow-cpu 423 moodle/moodle 367 Microsoft.ChakraCore 247 magento/community-edition 235 org.jenkins-ci.main:jenkins-core 193 typo3/cms 174 org.apache.tomcat:tomcat 132 pimcore/pimcore 118 dolibarr/dolibarr 113 typo3/cms-core 106 Django 100 microweber/microweber 94 drupal/core 92 phpmyadmin/phpmyadmin 92 apache-airflow 85 silverstripe/framework 85 drupal/drupal 78 librenms/librenms 74 Plone 72 thorsten/phpmyfaq 70 com.fasterxml.jackson.core:jackson-databind 69 symfony/symfony 69 github.com/usememos/memos 64 ansible 63 github.com/mattermost/mattermost/server/v8 61 concrete5/concrete5 60 actionpack 60 salt 56 org.apache.struts:struts2-core 55 shopware/platform 52 org.keycloak:keycloak-core 52 apache-superset 51 github.com/grafana/grafana 49 baserproject/basercms 47 mlflow 47 nova 47 com.liferay.portal:release.portal.bom 46 craftcms/cms 46 django 44 nokogiri 43 rdiffweb 42 plone 41 shopware/core 40 showdoc/showdoc 40 intelliants/subrion 39 github.com/rancher/rancher 38 org.apache.tomcat.embed:tomcat-embed-core 38 froxlor/froxlor 38 vyper 38 org.keycloak:keycloak-services 37 nilsteampassnet/teampass 37 mautic/core 37 org.xwiki.platform:xwiki-platform-oldcore 37 github.com/mattermost/mattermost-server/v6 37 com.thoughtworks.xstream:xstream 37 github.com/hashicorp/vault 37 com.jfinal:jfinal 36 k8s.io/kubernetes 36 org.elasticsearch:elasticsearch 36 matrix-synapse 35 net.mingsoft:ms-mcms 35 moin 35 snipe/snipe-it 35 github.com/answerdev/answer 34 gradio 34 zendframework/zendframework1 34 io.undertow:undertow-core 34 org.jenkins-ci.plugins:script-security 33 keystone 32 parse-server 31 Pillow 31 opencv-python 31 opencv-contrib-python 31 github.com/argoproj/argo-cd 31 shopware/shopware 30 getgrav/grav 29 github.com/hashicorp/consul 29 github.com/docker/docker 29 github.com/hashicorp/nomad 28 mediawiki/core 28 github.com/argoproj/argo-cd/v2 27 centreon/centreon 27 prestashop/prestashop 26 electron 26 pillow 26 openssl-src 26 directus 26 github.com/cilium/cilium 26 org.apache.solr:solr-core 25 org.keycloak:keycloak-parent 25 rubygems-update 25 gogs.io/gogs 25 org.springframework.security:spring-security-core 24 contao/core-bundle 24 org.eclipse.jetty:jetty-server 24 magento/core 24 simplesamlphp/simplesamlphp 23 remdex/livehelperchat 23 zendframework/zendframework 23 pocketmine/pocketmine-mp 23 puppet 23 rack 23 grumpydictator/firefly-iii 23 getkirby/cms 22 tribalsystems/zenario 22 org.bouncycastle:bcprov-jdk14 22 ckb 22 org.apache.openmeetings:openmeetings-parent 21 glance 21 @openzeppelin/contracts-upgradeable 21 Microsoft.AspNetCore.App.Runtime.win-x64 21 activerecord 21 org.apache.nifi:nifi 21 Microsoft.AspNetCore.App.Runtime.win-x86 21 org.cloudfoundry.identity:cloudfoundry-identity-server 20 laravel/framework 20 @openzeppelin/contracts 20 Microsoft.AspNetCore.App.Runtime.win-arm 20 code.gitea.io/gitea 20 github.com/ethereum/go-ethereum 20 langchain 20 funadmin/funadmin 20 contao/contao 19 org.springframework:spring-core 19 wasmtime 19 DotNetNuke.Core 19 github.com/goharbor/harbor 19 org.xwiki.platform:xwiki-platform-web-templates 19 mindsdb 18 topthink/framework 18 golang.org/x/net 18 github.com/traefik/traefik/v2 18 mercurial 18 Microsoft.AspNetCore.App.Runtime.osx-x64 18 Microsoft.AspNetCore.App.Runtime.linux-x64 18 Microsoft.AspNetCore.App.Runtime.linux-musl-x64 18 next 18 Microsoft.AspNetCore.App.Runtime.win-arm64 18 Microsoft.AspNetCore.App.Runtime.linux-arm64 18 Microsoft.AspNetCore.App.Runtime.linux-arm 18 com.liferay.portal:release.dxp.bom 18 com.vaadin:vaadin-bom 18 cockpit-hq/cockpit 18 cobbler 18 forkcms/forkcms 18 org.apache.geode:geode-core 17 cakephp/cakephp 17 genix/cms 17 francoisjacquet/rosariosis 17 neutron 17 opencart/opencart 17 ezsystems/ezpublish-kernel 17 symfony/security 17 Microsoft.AspNetCore.App.Runtime.linux-musl-arm64 17 notebook 17 helm.sh/helm/v3 17 org.apache.activemq:activemq-client 16 phpbb/phpbb 16 cryptography 16 sequelize 16 github.com/zitadel/zitadel 16 paddlepaddle 16 ethyca-fides 16 org.apache.dubbo:dubbo 16 tinymce 16 org.apache.jspwiki:jspwiki-main 16 openmage/magento-lts 16 pyload-ng 16 typo3/cms-backend 16 org.bouncycastle:bcprov-jdk15 16 yetiforce/yetiforce-crm 16 PaddlePaddle 16 rusqlite 16 ec-cube/ec-cube 15 smarty/smarty 15 ckeditor4 15 OctoPrint 15 org.apache.struts.xwork:xwork-core 15 surrealdb 15 calibreweb 15 symfony/security-http 15 ghost 15 october/system 15 lollms 14 org.apache.inlong:manager-pojo 14 feehi/cms 14 org.apache.tomcat:tomcat-coyote 14 modoboa 14 activesupport 14 dompdf/dompdf 14 aiohttp 14 joplin 14 camaleon_cms 14 phpmailer/phpmailer 14 swagger-ui 14 publify_core 14 github.com/nats-io/nats-server/v2 14 silverstripe/cms 14
Filter by Repository
https://github.com/tensorflow/tensorflow 433 https://github.com/moodle/moodle 218 https://github.com/chakra-core/ChakraCore 214 https://github.com/xwiki/xwiki-platform 183 https://github.com/jenkinsci/jenkins 150 https://github.com/pimcore/pimcore 113 https://github.com/django/django 113 https://github.com/apache/tomcat 101 https://github.com/apache/airflow 100 https://github.com/microweber/microweber 88 https://github.com/keycloak/keycloak 79 https://github.com/TYPO3/typo3 74 https://github.com/FasterXML/jackson-databind 70 https://github.com/thorsten/phpmyfaq 69 https://github.com/librenms/librenms 66 https://github.com/silverstripe/silverstripe-framework 64 https://github.com/symfony/symfony 64 https://github.com/usememos/memos 64 https://github.com/rails/rails 59 https://github.com/ansible/ansible 58 https://github.com/Dolibarr/dolibarr 56 https://github.com/kubernetes/kubernetes 53 https://github.com/python-pillow/Pillow 52 https://github.com/apache/struts 46 https://github.com/spring-projects/spring-framework 45 https://github.com/shopware/platform 43 https://github.com/ikus060/rdiffweb 42 https://github.com/argoproj/argo-cd 42 https://github.com/grafana/grafana 41 https://github.com/concretecms/concretecms 41 https://github.com/vyperlang/vyper 38 https://github.com/star7th/showdoc 38 https://github.com/phpmyadmin/phpmyadmin 38 https://github.com/magento/magento2 38 https://github.com/x-stream/xstream 37 https://github.com/openstack/nova 37 https://github.com/plone/Products.CMFPlone 37 https://github.com/octobercms/october 35 https://github.com/mautic/mautic 35 https://github.com/answerdev/answer 34 https://github.com/craftcms/cms 34 https://github.com/saltstack/salt 34 https://github.com/rancher/rancher 34 https://github.com/dotnet/runtime 33 https://github.com/apache/activemq 33 https://github.com/opencv/opencv 32 https://github.com/go-gitea/gitea 32 https://github.com/sparklemotion/nokogiri 32 https://github.com/matrix-org/synapse 32 https://github.com/parse-community/parse-server 31 https://github.com/mlflow/mlflow 31 https://github.com/gradio-app/gradio 31 https://github.com/PaddlePaddle/Paddle 31 https://github.com/snipe/snipe-it 30 https://github.com/openstack/keystone 28 https://github.com/shopware/shopware 28 https://github.com/CVEProject/cvelist 28 https://github.com/apache/inlong 27 https://github.com/cilium/cilium 26 https://github.com/froxlor/froxlor 26 https://github.com/baserproject/basercms 26 https://github.com/directus/directus 25 https://github.com/contao/contao 25 https://github.com/electron/electron 25 https://github.com/github/advisory-database 25 https://github.com/umbraco/Umbraco-CMS 25 https://github.com/gogs/gogs 24 https://github.com/getgrav/grav 24 https://github.com/TYPO3/TYPO3.CMS 24 https://github.com/strapi/strapi 24 https://github.com/pmmp/PocketMine-MP 23 https://github.com/eclipse/jetty.project 23 https://github.com/firefly-iii/firefly-iii 23 https://github.com/livehelperchat/livehelperchat 23 https://github.com/apache/nifi 23 https://github.com/langchain-ai/langchain 22 https://github.com/hashicorp/consul 22 https://github.com/PrestaShop/PrestaShop 22 https://github.com/nervosnetwork/ckb 22 https://github.com/jenkinsci/script-security-plugin 21 https://github.com/apache/cxf 21 https://github.com/netty/netty 21 https://github.com/funadmin/funadmin 20 https://github.com/jeecgboot/jeecg-boot 20 https://github.com/OpenNMS/opennms 20 https://github.com/undertow-io/undertow 20 https://github.com/OpenZeppelin/openzeppelin-contracts 20 https://github.com/simplesamlphp/simplesamlphp 20 https://github.com/bytecodealliance/wasmtime 20 https://github.com/cloudfoundry/uaa 19 https://github.com/bcgit/bc-java 19 https://github.com/zitadel/zitadel 19 https://github.com/getkirby/kirby 19 https://github.com/goharbor/harbor 19 https://github.com/nilsteampassnet/teampass 19 https://github.com/rubygems/rubygems 18 https://github.com/geoserver/geoserver 18 https://github.com/nilsteampassnet/TeamPass 18 https://github.com/intelliants/subrion 18 https://github.com/rack/rack 18 https://github.com/traefik/traefik 18 https://github.com/helm/helm 18 https://github.com/moby/moby 17 https://github.com/liufee/cms 17 https://github.com/vaadin/platform 17 https://github.com/mindsdb/mindsdb 17 https://github.com/opencast/opencast 17 https://github.com/hashicorp/vault 17 https://github.com/backstage/backstage 16 https://github.com/tinymce/tinymce 16 https://github.com/etcd-io/etcd 16 https://github.com/ethyca/fides 16 https://github.com/yetiforcecompany/yetiforcecrm 16 https://github.com/sequelize/sequelize 16 https://github.com/ethereum/go-ethereum 16 https://github.com/TYPO3-CMS/core 16 https://github.com/laravel/framework 16 https://github.com/denoland/deno 16 https://github.com/forkcms/forkcms 16 https://github.com/rusqlite/rusqlite 16 https://github.com/pyload/pyload 16 https://github.com/mattermost/mattermost 16 https://github.com/OpenMage/magento-lts 16 https://github.com/centreon/centreon 15 https://github.com/dompdf/dompdf 15 https://github.com/zendframework/zendframework 15 https://github.com/decidim/decidim 15 https://github.com/vantage6/vantage6 15 https://github.com/puppetlabs/puppet 15 https://github.com/surrealdb/surrealdb 15 https://github.com/apache/camel 15 https://github.com/pyca/cryptography 15 https://github.com/PHPMailer/PHPMailer 15 https://github.com/cobbler/cobbler 15 https://github.com/xuxueli/xxl-job 14 https://github.com/aio-libs/aiohttp 14 https://github.com/vercel/next.js 14 https://github.com/cockpit-hq/cockpit 14 https://github.com/janeczku/calibre-web 14 https://github.com/hashicorp/nomad 14 https://github.com/dotnet/aspnetcore 14 https://github.com/ckeditor/ckeditor4 14 https://github.com/twisted/twisted 14 https://github.com/containerd/containerd 14 https://github.com/publify/publify 13 https://github.com/OPCFoundation/UA-.NETStandard 13 https://github.com/golang/go 13 https://github.com/swagger-api/swagger-ui 13 https://github.com/laurent22/joplin 13 https://github.com/OpenRefine/OpenRefine 13 https://github.com/dromara/hutool 13 https://github.com/ming-soft/MCMS 13 https://github.com/apache/dolphinscheduler 13 https://github.com/nodejs/undici 13 https://github.com/TryGhost/Ghost 13 https://github.com/quarkusio/quarkus 13 https://github.com/modoboa/modoboa 13 https://github.com/openstack/glance 12 https://github.com/apache/kylin 12 https://github.com/centreon/centreon-archived 12 https://github.com/opencontainers/runc 12 https://github.com/openfga/openfga 12 https://github.com/puma/puma 12 https://github.com/patriksimek/vm2 12 https://github.com/urllib3/urllib3 12 https://github.com/pimcore/admin-ui-classic-bundle 12 https://github.com/containers/podman 12 https://github.com/smarty-php/smarty 12 https://github.com/PHPOffice/PhpSpreadsheet 12 https://github.com/1Panel-dev/1Panel 12 https://github.com/wagtail/wagtail 12 https://github.com/nats-io/nats-server 11 https://github.com/getsentry/sentry 11 https://github.com/zenml-io/zenml 11 https://github.com/vaadin/flow 11 https://github.com/cri-o/cri-o 11 https://github.com/NodeBB/NodeBB 11 https://github.com/dolibarr/dolibarr 11 https://github.com/spring-projects/spring-security 11 https://github.com/onionshare/onionshare 11 https://github.com/cakephp/cakephp 11 https://github.com/WWBN/AVideo 11 https://github.com/igniterealtime/Openfire 11 https://github.com/thorsten/phpMyFAQ 11 https://github.com/matrix-org/matrix-js-sdk 11 https://github.com/pomerium/pomerium 11 https://github.com/Studio-42/elFinder 11 https://github.com/Pylons/waitress 11 https://github.com/scrapy/scrapy 11 https://github.com/dpgaspar/Flask-AppBuilder 11 https://github.com/yiisoft/yii2 11 https://github.com/drupal/core 11 https://github.com/ezsystems/ezpublish-kernel 11 https://github.com/Sylius/Sylius 11 https://github.com/owen2345/camaleon-cms 11 https://github.com/top-think/framework 11 https://github.com/cloudflare/cfrpki 11 https://github.com/opencart/opencart 10 https://github.com/nocodb/nocodb 10