Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories

Browse all Security Advisories for

Loading...
Critical
GSA_kwCzR0hTQS1wOHEzLWg2NTItNjV2eM4AA3a2
October CMS safe mode bypass using Twig sandbox escape
Ecosystems: packagist
Packages: october/system
Source: GitHub Advisory Database
Blast Radius: 23.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1xMjJqLTVyM2ctOWhtaM4AA3a1
October CMS safe mode bypass using Page template injection
Ecosystems: packagist
Packages: october/system
Source: GitHub Advisory Database
Blast Radius: 12.4
Published: about 1 year ago
Low
GSA_kwCzR0hTQS04aGM1LXJtZ2YtcXg2cM4AA3a0
Keycloak vulnerable to LDAP Injection on UsernameForm Login
Ecosystems: maven
Packages: org.keycloak:keycloak-services, org.keycloak:keycloak-ldap-federation
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
High
GSA_kwCzR0hTQS0yd21qLTQ2cmotcW0yd84AA3az
ZITADEL Account Takeover via Malicious Host Header Injection
Ecosystems: go
Packages: github.com/zitadel/zitadel
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS13cGZjLXI1cXEtN3I3cM4AA3af
Jenkins NeuVector Vulnerability Scanner Plugin Cross-Site Request Forgery vulnerability
Ecosystems: maven
Packages: io.jenkins.plugins:neuvector-vulnerability-scanner
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1xbWhxLTg3NmYtY3I2Nc4AA3ag
Jenkins Jira Plugin vulnerable to exposure of system-scoped credentials
Ecosystems: maven
Packages: org.jenkins-ci.plugins:jira
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
High
GSA_kwCzR0hTQS05ZjVnLXJnY3ItOGdyd84AA3aj
Jenkins MATLAB Plugin cross-site request forgery vulnerability
Ecosystems: maven
Packages: org.jenkins-ci.plugins:matlab
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
High
GSA_kwCzR0hTQS04MnE5LTg4bTItNHY2OM4AA3ai
Jenkins MATLAB Plugin XML External Entity vulnerability
Ecosystems: maven
Packages: org.jenkins-ci.plugins:matlab
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1wZ3BqLTgzZzMtbWZyMs4AA3ah
Jenkins Google Compute Engine Plugin has incorrect permission checks
Ecosystems: maven
Packages: org.jenkins-ci.plugins:google-compute-engine
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
High
GSA_kwCzR0hTQS1jdjR4LTlmMzQtOHJwOc4AA3ae
Jenkins MATLAB Plugin missing permission checks
Ecosystems: maven
Packages: org.jenkins-ci.plugins:matlab
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1waDg3LTR4MmctNmhwNM4AA3al
Jenkins NeuVector Vulnerability Scanner Plugin missing permission check
Ecosystems: maven
Packages: io.jenkins.plugins:neuvector-vulnerability-scanner
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
High
GSA_kwCzR0hTQS12bXE2LTVtNjgtZjUzbc4AA3ab
logback serialization vulnerability
Ecosystems: maven
Packages: ch.qos.logback:logback-classic, ch.qos.logback:logback-core
Source: GitHub Advisory Database
Blast Radius: 36.6
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1jMzh3LTc0cGctMzZocs4AA3Z_
Marvin Attack: potential key recovery through timing sidechannels
Ecosystems: cargo
Packages: rsa
Source: GitHub Advisory Database
Blast Radius: 20.6
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS00Z3J4LTJ4OXctNTk2Y84AA3Z-
Marvin Attack: potential key recovery through timing sidechannels
Ecosystems: cargo
Packages: rsa
Source: GitHub Advisory Database
Blast Radius: 20.6
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS14cGhmLWN4OGgtN3E5Z84AA3Zx
`openssl` `X509StoreRef::objects` is unsound
Ecosystems: cargo
Packages: openssl
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1qZmhtLTVnaGgtMmY5N84AA3Zw
cryptography vulnerable to NULL-dereference when loading PKCS7 certificates
Ecosystems: pypi
Packages: cryptography
Source: GitHub Advisory Database
Blast Radius: 30.2
Published: about 1 year ago
High
GSA_kwCzR0hTQS1mNjc4LWo1NzktNHhmNc4AA3Zv
Apache Superset - Elevation of Privilege
Ecosystems: pypi
Packages: apache-superset
Source: GitHub Advisory Database
Blast Radius: 9.8
Published: about 1 year ago
High
GSA_kwCzR0hTQS13dzd4LTNneGgtcW02cs4AA3Zu
Validation of SignedInfo
Ecosystems: packagist
Packages: simplesamlphp/saml2, simplesamlphp/xml-security
Source: GitHub Advisory Database
Blast Radius: 18.5
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1mZ3B3LTR3NjktajI1Ns4AA3Zs
Apache Superset Exposure of Sensitive Information to an Unauthorized Actor vulnerability
Ecosystems: pypi
Packages: apache-superset
Source: GitHub Advisory Database
Blast Radius: 5.8
Published: about 1 year ago
High
GSA_kwCzR0hTQS05dmZjLXF4Yzgtd3Jwcc4AA3Zm
ureport arbitrary file read vulnerability
Ecosystems: maven
Packages: com.bstek.ureport:ureport2-core
Source: GitHub Advisory Database
Blast Radius: 8.4
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1oYzc0LTl2am0tYzl4ds4AA3Zp
Apache Superset Open Redirect vulnerability
Ecosystems: pypi
Packages: apache-superset
Source: GitHub Advisory Database
Blast Radius: 7.2
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS0zaHA3LTRxcTQtdjVjNs4AA3Zt
Apache Superset Allocation of Resources Without Limits or Throttling vulnerability
Ecosystems: pypi
Packages: apache-superset
Source: GitHub Advisory Database
Blast Radius: 8.7
Published: about 1 year ago
High
GSA_kwCzR0hTQS1mY2N2LWptbXAtcWc3Ns4AA3Zq
Apache Tomcat Improper Input Validation vulnerability
Ecosystems: maven
Packages: org.apache.tomcat.embed:tomcat-embed-core, org.apache.tomcat:tomcat-catalina
Source: GitHub Advisory Database
Blast Radius: 31.1
Published: about 1 year ago
High
GSA_kwCzR0hTQS01M3Y0LTQyZmctZzI4N84AA3Zo
Apache ActiveMQ Deserialization of Untrusted Data vulnerability
Ecosystems: maven
Packages: org.apache.activemq:apache-activemq
Source: GitHub Advisory Database
Blast Radius: 12.5
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS14d2g5LWdjMzktNTI5OM4AA3Zk
github.com/go-resty/resty/v2 HTTP request body disclosure
Ecosystems: go
Packages: github.com/go-resty/resty/v2
Source: GitHub Advisory Database
Blast Radius: 22.9
Published: about 1 year ago
High
GSA_kwCzR0hTQS12OTRoLWh2aGctbWY5aM4AA3ZR
Spring Framework vulnerable to denial of service
Ecosystems: maven
Packages: org.springframework:spring-webmvc
Source: GitHub Advisory Database
Blast Radius: 40.2
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1qamZoLTU4OWctM2hqeM4AA3ZY
Spring Boot Actuator denial of service vulnerability
Ecosystems: maven
Packages: org.springframework.boot:spring-boot-actuator
Source: GitHub Advisory Database
Blast Radius: 20.8
Published: about 1 year ago
High
GSA_kwCzR0hTQS1xMjR2LWhwZzMtdjNqcM4AA3ZQ
Reactor Netty HTTP Server denial of service vulnerability
Ecosystems: maven
Packages: io.projectreactor.netty:reactor-netty-core
Source: GitHub Advisory Database
Blast Radius: 18.8
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS0zOTJoLXI0NmotcTI0cM4AA3Ym
OwnCast remote code execution vulnerability
Ecosystems: go
Packages: github.com/owncast/owncast
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
High
GSA_kwCzR0hTQS02OHByLTZmamMtd21nbc4AA3Yo
Improper Neutralization of Input in Advanced User Interface for Jolt
Ecosystems: maven
Packages: org.apache.nifi:nifi-jolt-transform-json-ui
Source: GitHub Advisory Database
Blast Radius: 14.4
Published: about 1 year ago
Low
GSA_kwCzR0hTQS00MjMzLTdxNXEtbTdwNs4AA3Yl
google-translate-api-browser Server-Side Request Forgery (SSRF) Vulnerability
Ecosystems: npm
Packages: google-translate-api-browser
Source: GitHub Advisory Database
Blast Radius: 7.2
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS04OGcyLXhnaDktNHBoMs4AA3Yk
OroCommerce get-totals-for-checkout API endpoint returns unwanted data
Ecosystems: packagist
Packages: oro/commerce
Source: GitHub Advisory Database
Blast Radius: 10.5
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS04Z3dqLTY4dzYtN3Y2Y84AA3Yj
OroCommerce Customer Portal Incorrect Customer and Customer Group Frontend Menus pages visibility
Ecosystems: packagist
Packages: oro/customer-portal
Source: GitHub Advisory Database
Blast Radius: 4.5
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS04OTd3LWp2N2otNnI3Z84AA3Yi
OroCRMCallBundle has incorrect call view page visibility
Ecosystems: packagist
Packages: oro/crm-call-bundle
Source: GitHub Advisory Database
Blast Radius: 5.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS14MnhtLXA2dnEtNDgyZ84AA3Yh
OroCalendarBundle has incorrect system calendar events visibility
Ecosystems: packagist
Packages: oro/calendar-bundle
Source: GitHub Advisory Database
Blast Radius: 6.2
Published: about 1 year ago
High
GSA_kwCzR0hTQS05djNqLTRqNjQtcDkzN84AA3Yg
OroPlatform vulnerable to path traversal during temporary file manipulations
Ecosystems: packagist
Packages: oro/platform
Source: GitHub Advisory Database
Blast Radius: 18.7
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1xbXZqLTRxcjktdjU0N84AA3Yf
Knative Serving vulnerable to attacker-controlled pod causing denial of service of autoscaler
Ecosystems: go
Packages: knative.dev/serving
Source: GitHub Advisory Database
Blast Radius: 14.0
Published: about 1 year ago
High
GSA_kwCzR0hTQS05d3dnLXIzYzctNHZmZ84AA3Ye
Pimcore Admin UI has Two Factor Authentication disabled for non admin security firewalls
Ecosystems: packagist
Packages: pimcore/admin-ui-classic-bundle
Source: GitHub Advisory Database
Blast Radius: 7.2
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1xM3F4LWM2ZzItN3B3Ms4AA3Yd
aiohttp's ClientSession is vulnerable to CRLF injection via version
Ecosystems: pypi
Packages: aiohttp
Source: GitHub Advisory Database
Blast Radius: 34.7
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1xdnJ3LXY5cnYtNXJqeM4AA3Yc
aiohttp's ClientSession is vulnerable to CRLF injection via method
Ecosystems: pypi
Packages: aiohttp
Source: GitHub Advisory Database
Blast Radius: 25.6
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1wamp3LXFoZzgtcDJwOc4AA3Yb
aiohttp has vulnerable dependency that is vulnerable to request smuggling
Ecosystems: pypi
Packages: aiohttp
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
High
GSA_kwCzR0hTQS1qcHI3LXE1MjMtaHgyNc4AA3X2
phpseclib vulnerable to denial of service
Ecosystems: packagist
Packages: phpseclib/phpseclib
Source: GitHub Advisory Database
Blast Radius: 35.2
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1yNjhoLWpoaGotOWp2bc4AA3Xs
Validator.isValidSafeHTML is being deprecated and will be deleted from org.owasp.esapi:esapi in 1 year
Ecosystems: maven
Packages: org.owasp.esapi:esapi
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1oZnhoLXJqdjctMjM2Oc4AA3Xr
Uptime Kuma Authenticated remote code execution via TailscalePing
Ecosystems: npm
Packages: uptime-kuma
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1jNmNnLTczcDMtOTczaM4AA3Xa
Apache DolphinScheduler Exposure of Sensitive Information to an Unauthorized Actor vulnerability
Ecosystems: maven
Packages: org.apache.dolphinscheduler:dolphinscheduler-api
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS04NWpqLWM5anItOWpoeM4AA3Xb
Mattermost Improper Access Control vulnerability
Ecosystems: go
Packages: github.com/mattermost/mattermost-server/v6, github.com/mattermost/mattermost/server/v8
Source: GitHub Advisory Database
Blast Radius: 9.6
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS13cThxLTk5cDUteGZyd84AA3Xf
Apache Superset Cross-site Scripting vulnerability
Ecosystems: pypi
Packages: apache-superset
Source: GitHub Advisory Database
Blast Radius: 5.8
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS0zNDg3LTNqN2MtN2d3as4AA3XX
Mattermost Uncontrolled Resource Consumption vulnerability
Ecosystems: go
Packages: github.com/mattermost/mattermost-server/v6, github.com/mattermost/mattermost/server/v8
Source: GitHub Advisory Database
Blast Radius: 11.8
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS12djY1LWZqZmotNDczNs4AA3Xl
Apache Superset has Incorrect Default Permissions
Ecosystems: pypi
Packages: apache-superset
Source: GitHub Advisory Database
Blast Radius: 5.8
Published: about 1 year ago
Low
GSA_kwCzR0hTQS1qY2d2LTNwZnEtajRocs4AA3Xh
Mattermost Injection vulnerability
Ecosystems: go
Packages: github.com/mattermost/mattermost-server/v6, github.com/mattermost/mattermost/server/v8
Source: GitHub Advisory Database
Blast Radius: 6.9
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1qajQ2LTljZ2gtcW1meM4AA3Xc
Mattermost Improper Access Control vulnerability
Ecosystems: go
Packages: github.com/mattermost/mattermost-server/v6, github.com/mattermost/mattermost/server/v8
Source: GitHub Advisory Database
Blast Radius: 9.6
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1jMzdyLXY4angtN2N2Ms4AA3Xi
Mattermost Uncontrolled Resource Consumption vulnerability
Ecosystems: go
Packages: github.com/mattermost/mattermost-server/v6, github.com/mattermost/mattermost/server/v8
Source: GitHub Advisory Database
Blast Radius: 9.6
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS00Z2h4LThqdzgtcDc2cc4AA3XZ
Mattermost Open Redirect vulnerability
Ecosystems: go
Packages: github.com/mattermost/mattermost-server/v6, github.com/mattermost/mattermost/server/v8
Source: GitHub Advisory Database
Blast Radius: 9.6
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1qNGMzLTNoNzMtNzRtOc4AA3Xj
Mattermost Uncontrolled Resource Consumption vulnerability
Ecosystems: go
Packages: github.com/mattermost/mattermost-server/v6, github.com/mattermost/mattermost/server/v8
Source: GitHub Advisory Database
Blast Radius: 9.6
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1wNXByLXZtM2otanh4Zs4AA3Xm
Mattermost Exposure of Sensitive Information to an Unauthorized Actor vulnerability
Ecosystems: go
Packages: github.com/mattermost/mattermost-server/v6, github.com/mattermost/mattermost/server/v8
Source: GitHub Advisory Database
Blast Radius: 9.6
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1qanI3LTM3MnItY3g3eM4AA3XY
Mattermost Exposure of Sensitive Information to an Unauthorized Actor vulnerability
Ecosystems: go
Packages: github.com/mattermost/mattermost-server/v6, github.com/mattermost/mattermost/server/v8
Source: GitHub Advisory Database
Blast Radius: 9.6
Published: about 1 year ago
High
GSA_kwCzR0hTQS03cHZ4LTQ1ODUtaHF3d84AA3W_
sequelize-typescript Prototype Pollution vulnerability
Ecosystems: npm
Packages: sequelize-typescript
Source: GitHub Advisory Database
Blast Radius: 28.4
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS12NHYyLThoODgtNjVxas4AA3W6
Attribute Injection leading to XSS(Cross-Site-Scripting)
Ecosystems: npm
Packages: uptime-kuma
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1ycXI4LXB4aDctY3EzZ84AA3W5
Ethereum ABI decoder DoS when parsing ZST
Ecosystems: pypi
Packages: eth-abi
Source: GitHub Advisory Database
Blast Radius: 13.8
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS1mcHZ3LTZtNXYtaHFmcM4AA3W4
Capsule Proxy Authentication bypass using an empty token
Ecosystems: go
Packages: github.com/clastix/capsule-proxy, github.com/projectcapsule/capsule-proxy
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS05ampjLWdyZzUtNjdnas4AA3W2
SQL injection vulnerability in Meshery
Ecosystems: go
Packages: github.com/layer5io/meshery
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
High
GSA_kwCzR0hTQS00dnZjLXI0cDQtcWdycs4AA3Wo
Apache DolphinScheduler sensitive information disclosure
Ecosystems: pypi, maven
Packages: apache-dolphinscheduler, org.apache.dolphinscheduler:dolphinscheduler
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS03NXcyLXF2NTUteDdmds4AA3We
openssl npm package vulnerable to command execution
Ecosystems: npm
Packages: openssl
Source: GitHub Advisory Database
Blast Radius: 24.3
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS13anhqLTVtN2ctbWc3cc4AA3WZ
Bouncy Castle Denial of Service (DoS)
Ecosystems: maven
Packages: org.bouncycastle:bcprov-jdk15on, org.bouncycastle:bcprov-jdk16, org.bouncycastle:bcprov-jdk15to18, org.bouncycastle:bcprov-jdk15, org.bouncycastle:bcprov-jdk14, org.bouncycastle:bcprov-ext-jdk16, org.bouncycastle:bcprov-ext-jdk15on, org.bouncycastle:bcpkix-jdk18on, org.bouncycastle:bcprov-jdk18on
Source: GitHub Advisory Database
Blast Radius: 23.5
Published: about 1 year ago
Low
GSA_kwCzR0hTQS04NXA0LXEzNTctNzJoOc4AA3WE
Apache Storm Local Information Disclosure Vulnerability in Storm-core on Unix-Like systems due temporary files
Ecosystems: maven
Packages: org.apache.storm:storm-core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS0yZ2htLXI3NWotcGp4Ms4AA3VQ
Cross-site Scripting in DOMSanitizer
Ecosystems: packagist
Packages: rhukster/dom-sanitizer
Source: GitHub Advisory Database
Blast Radius: 10.2
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS12NDI3LWM0OWotOHc2eM4AA3VI
Cleartext Storage of Sensitive Information in HMAC SHA256 Authentication
Ecosystems: packagist
Packages: codeigniter4/shield
Source: GitHub Advisory Database
Blast Radius: 7.7
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1qNzJmLWg3NTItbXg0d84AA3VH
Insertion of Sensitive Information into Log
Ecosystems: packagist
Packages: codeigniter4/shield
Source: GitHub Advisory Database
Blast Radius: 7.7
Published: about 1 year ago
High
GSA_kwCzR0hTQS1jZjlmLXdtaHAtdjRwcs4AA3U3
Cross-site Scripting potential in custom links, job buttons, and computed fields
Ecosystems: pypi
Packages: nautobot
Source: GitHub Advisory Database
Blast Radius: 11.9
Published: about 1 year ago
High
GSA_kwCzR0hTQS04ampoLWozYzItY2pjds4AA3U2
Cross-site Scripting via uploaded assets
Ecosystems: packagist
Packages: statamic/cms
Source: GitHub Advisory Database
Blast Radius: 19.4
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1yZ2c5LTI2NGgtM2hmd84AA3Ul
Directory Traversal in jeecg-boot
Ecosystems: maven
Packages: org.jeecgframework.boot:jeecg-boot-common
Source: GitHub Advisory Database
Blast Radius: 13.3
Published: about 1 year ago
High
GSA_kwCzR0hTQS0yNDkyLXh4cWYtNmg3OM4AA3T0
Cross Site Request Forgery in SwiftyEdit
Ecosystems: packagist
Packages: swiftyedit/swiftyedit
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS12bTRwLWdoODIteHE5Ns4AA3Ti
Cross-site Scripting in Admidio
Ecosystems: packagist
Packages: admidio/admidio
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS12NWdqLWZ4M2ctaGNwd84AA3TT
SQL injection in Apache Submarine
Ecosystems: pypi
Packages: apache-submarine
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS0yODVtLXZoZnEteHg0aM4AA3TU
Elasticsearch Improper Handling of Exceptional Conditions
Ecosystems: maven
Packages: org.elasticsearch:elasticsearch
Source: GitHub Advisory Database
Blast Radius: 27.7
Published: about 1 year ago
High
GSA_kwCzR0hTQS01eHFtLWhjNDUtZjJnMs4AA3TF
APM Java Agent Local Privilege Escalation issue
Ecosystems: maven
Packages: co.elastic.apm:apm-agent-parent
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Low
GSA_kwCzR0hTQS1oeDkzLWdjNzMtNXJwcs4AA3TE
Exposure of Sensitive Information in Elastic APM .NET Agent
Ecosystems: nuget
Packages: Elastic.Apm
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1xZjNjLXJ3OWYtamg3ds4AA3S4
Clear Text Credentials Exposed via Onboarding Task
Ecosystems: pypi
Packages: nautobot-device-onboarding
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
High
GSA_kwCzR0hTQS1oNzNtLXBjZnctMjVoMs4AA3S3
Download to arbitrary folder can lead to RCE
Ecosystems: pypi
Packages: pyload-ng
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
High
GSA_kwCzR0hTQS12Y2NnLWY0Z3AtNDV4Oc4AA3S2
Eval Injection in fastbots
Ecosystems: pypi
Packages: fastbots
Source: GitHub Advisory Database
Blast Radius: 2.5
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS0yYzdjLTNtajktOGZxaM4AA3S1
Decryption of malicious PBES2 JWE objects can consume unbounded system resources
Ecosystems: go
Packages: github.com/square/go-jose, github.com/go-jose/go-jose/v3
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1tMm1qLXByNGYtaDlqcM4AA3R9
TorchServe ZipSlip
Ecosystems: pypi
Packages: torchserve
Source: GitHub Advisory Database
Blast Radius: 11.0
Published: about 1 year ago
High
GSA_kwCzR0hTQS1xYzRqLWhyajYtY3BwZs4AA3R3
upydev has weak encryption padding
Ecosystems: pypi
Packages: upydev
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS12NjR3LTQ5eHctcXE4Oc4AA3R1
Possible user mocking that bypasses basic authentication
Ecosystems: npm
Packages: next-auth
Source: GitHub Advisory Database
Blast Radius: 22.7
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS02aDY3LTkzNHItODJnN84AA3RQ
Bypass of field access control in strapi-plugin-protected-populate
Ecosystems: npm
Packages: strapi-plugin-protected-populate
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
High
GSA_kwCzR0hTQS00ZjRjLXJoanYtNHdnds4AA3RP
Cross-Site Request Forgery with QueryOnXWiki allows arbitrary database queries
Ecosystems: maven
Packages: org.xwiki.contrib:xwiki-application-admintools
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS04anByLWZmOTItaHBmOc4AA3RO
Run Shell Command allows Cross-Site Request Forgery
Ecosystems: maven
Packages: org.xwiki.contrib:xwiki-application-admintools
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
High
GSA_kwCzR0hTQS03ZnFyLTk3ajctamdmNM4AA3RN
Whole content of all documents of all wikis exposed to anybody with view right on Solr suggest service
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-search-solr-query
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS03cmZnLTYyNzMtZjV3cM4AA3RM
Cookies are sent to external images in rendered diff (and server side request forgery)
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-diff-xml
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1jMmZmLTg4eDIteDlwZ84AA3RL
JWT Algorithm Confusion
Ecosystems: npm
Packages: fast-jwt
Source: GitHub Advisory Database
Blast Radius: 18.8
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS04aGNyLTV4MmctOWY3as4AA3Qs
Deserialization of Untrusted Data in apache-submarine
Ecosystems: pypi
Packages: apache-submarine
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS1yY2pjLWM0cGoteHhycM4AA3Qr
Apache Derby: LDAP injection vulnerability in authenticator
Ecosystems: maven
Packages: org.apache.derby:derby
Source: GitHub Advisory Database
Blast Radius: 42.6
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1jaGo1LTh3eGotcnhnOM4AA3QF
Cross-site Scripting in OpenCRX
Ecosystems: maven
Packages: org.opencrx:opencrx-core-models
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS05NnE0LTdmd3ItZ214aM4AA3QG
Cross-site Scripting in OpenCRX
Ecosystems: maven
Packages: org.opencrx:opencrx-core-models
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1oaGNmLTc5cG0tcjhyOc4AA3QE
Cross-site Scripting in OpenCRX
Ecosystems: maven
Packages: org.opencrx:opencrx-core-models
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1xam14LXE1bTQteHFmNc4AA3QH
Cross-site Scripting in OpenCRX
Ecosystems: maven
Packages: org.opencrx:opencrx-core-models
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS01cGh3LTZnM3ItNTV4eM4AA3QA
Cross-site Scripting in OpenCRX
Ecosystems: maven
Packages: org.opencrx:opencrx-core-models
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1tZnA1LXZoNTgtM2ozcs4AA3QB
Cross-site Scripting in OpenCRX
Ecosystems: maven
Packages: org.opencrx:opencrx-core-models
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS0zZzc5LWo4aHEtcjR4ds4AA3QD
Cross-site Scripting in OpenCRX
Ecosystems: maven
Packages: org.opencrx:opencrx-core-models
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1neDgyLWptNXEtZ2Z3Ms4AA3QC
Cross-site Scripting in OpenCRX
Ecosystems: maven
Packages: org.opencrx:opencrx-core-models
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Statistics
Advisories: 20,764
Packages: 9,094
Repositories: 5,554
Ecosystems: 12
Filter by Severity
Moderate 8,870 High 7,310 Critical 3,076 Low 1,152
Filter by Ecosystem
maven 5,883 packagist 4,648 pypi 4,400 npm 3,827 go 2,310 nuget 1,553 cargo 890 rubygems 880 swift 33 hex 32 actions 21 pub 9
Filter by Package
tensorflow 433 tensorflow-gpu 427 tensorflow-cpu 423 moodle/moodle 367 Microsoft.ChakraCore 247 magento/community-edition 235 org.jenkins-ci.main:jenkins-core 193 typo3/cms 174 org.apache.tomcat:tomcat 132 pimcore/pimcore 118 dolibarr/dolibarr 113 typo3/cms-core 106 Django 100 microweber/microweber 94 drupal/core 92 phpmyadmin/phpmyadmin 92 apache-airflow 85 silverstripe/framework 85 drupal/drupal 78 librenms/librenms 74 Plone 72 thorsten/phpmyfaq 70 symfony/symfony 69 com.fasterxml.jackson.core:jackson-databind 69 github.com/usememos/memos 64 ansible 63 github.com/mattermost/mattermost/server/v8 61 actionpack 60 concrete5/concrete5 60 salt 56 org.apache.struts:struts2-core 55 shopware/platform 52 org.keycloak:keycloak-core 52 apache-superset 51 github.com/grafana/grafana 49 nova 47 baserproject/basercms 47 mlflow 47 craftcms/cms 46 com.liferay.portal:release.portal.bom 46 django 44 nokogiri 43 rdiffweb 42 plone 41 showdoc/showdoc 40 shopware/core 40 intelliants/subrion 39 froxlor/froxlor 38 org.apache.tomcat.embed:tomcat-embed-core 38 github.com/rancher/rancher 38 vyper 38 github.com/mattermost/mattermost-server/v6 37 com.thoughtworks.xstream:xstream 37 nilsteampassnet/teampass 37 org.keycloak:keycloak-services 37 mautic/core 37 org.xwiki.platform:xwiki-platform-oldcore 37 github.com/hashicorp/vault 37 k8s.io/kubernetes 36 com.jfinal:jfinal 36 org.elasticsearch:elasticsearch 36 moin 35 snipe/snipe-it 35 net.mingsoft:ms-mcms 35 matrix-synapse 35 github.com/answerdev/answer 34 io.undertow:undertow-core 34 zendframework/zendframework1 34 gradio 34 org.jenkins-ci.plugins:script-security 33 keystone 32 opencv-python 31 Pillow 31 opencv-contrib-python 31 parse-server 31 github.com/argoproj/argo-cd 31 shopware/shopware 30 getgrav/grav 29 github.com/hashicorp/consul 29 github.com/docker/docker 29 github.com/hashicorp/nomad 28 mediawiki/core 28 centreon/centreon 27 github.com/argoproj/argo-cd/v2 27 prestashop/prestashop 26 pillow 26 openssl-src 26 electron 26 directus 26 github.com/cilium/cilium 26 gogs.io/gogs 25 org.keycloak:keycloak-parent 25 org.apache.solr:solr-core 25 rubygems-update 25 contao/core-bundle 24 org.eclipse.jetty:jetty-server 24 magento/core 24 org.springframework.security:spring-security-core 24 puppet 23 simplesamlphp/simplesamlphp 23 rack 23 pocketmine/pocketmine-mp 23 grumpydictator/firefly-iii 23 remdex/livehelperchat 23 zendframework/zendframework 23 org.bouncycastle:bcprov-jdk14 22 getkirby/cms 22 ckb 22 tribalsystems/zenario 22 org.apache.openmeetings:openmeetings-parent 21 org.apache.nifi:nifi 21 glance 21 @openzeppelin/contracts-upgradeable 21 activerecord 21 Microsoft.AspNetCore.App.Runtime.win-x64 21 Microsoft.AspNetCore.App.Runtime.win-x86 21 code.gitea.io/gitea 20 laravel/framework 20 langchain 20 Microsoft.AspNetCore.App.Runtime.win-arm 20 github.com/ethereum/go-ethereum 20 org.cloudfoundry.identity:cloudfoundry-identity-server 20 @openzeppelin/contracts 20 funadmin/funadmin 20 org.springframework:spring-core 19 github.com/traefik/traefik/v2 19 github.com/goharbor/harbor 19 DotNetNuke.Core 19 contao/contao 19 org.xwiki.platform:xwiki-platform-web-templates 19 wasmtime 19 Microsoft.AspNetCore.App.Runtime.win-arm64 18 cobbler 18 com.vaadin:vaadin-bom 18 Microsoft.AspNetCore.App.Runtime.linux-arm64 18 cockpit-hq/cockpit 18 mercurial 18 Microsoft.AspNetCore.App.Runtime.linux-x64 18 next 18 forkcms/forkcms 18 topthink/framework 18 mindsdb 18 com.liferay.portal:release.dxp.bom 18 Microsoft.AspNetCore.App.Runtime.linux-musl-x64 18 Microsoft.AspNetCore.App.Runtime.osx-x64 18 Microsoft.AspNetCore.App.Runtime.linux-arm 18 golang.org/x/net 18 notebook 17 francoisjacquet/rosariosis 17 opencart/opencart 17 Microsoft.AspNetCore.App.Runtime.linux-musl-arm64 17 helm.sh/helm/v3 17 neutron 17 cakephp/cakephp 17 symfony/security 17 org.apache.geode:geode-core 17 genix/cms 17 ezsystems/ezpublish-kernel 17 org.apache.activemq:activemq-client 16 ethyca-fides 16 pyload-ng 16 yetiforce/yetiforce-crm 16 rusqlite 16 paddlepaddle 16 typo3/cms-backend 16 tinymce 16 openmage/magento-lts 16 github.com/zitadel/zitadel 16 PaddlePaddle 16 sequelize 16 phpbb/phpbb 16 cryptography 16 org.bouncycastle:bcprov-jdk15 16 org.apache.dubbo:dubbo 16 org.apache.jspwiki:jspwiki-main 16 smarty/smarty 15 surrealdb 15 OctoPrint 15 symfony/security-http 15 org.apache.struts.xwork:xwork-core 15 october/system 15 calibreweb 15 ghost 15 ec-cube/ec-cube 15 ckeditor4 15 modoboa 14 github.com/containerd/containerd 14 phpmailer/phpmailer 14 aiohttp 14 dompdf/dompdf 14 bolt/bolt 14 feehi/cms 14 org.apache.tomcat:tomcat-coyote 14 joplin 14 camaleon_cms 14 publify_core 14 activesupport 14 pyftpdlib 14 silverstripe/cms 14 lollms 14
Filter by Repository
https://github.com/tensorflow/tensorflow 433 https://github.com/moodle/moodle 218 https://github.com/chakra-core/ChakraCore 214 https://github.com/xwiki/xwiki-platform 183 https://github.com/jenkinsci/jenkins 150 https://github.com/django/django 113 https://github.com/pimcore/pimcore 113 https://github.com/apache/tomcat 101 https://github.com/apache/airflow 100 https://github.com/microweber/microweber 88 https://github.com/keycloak/keycloak 79 https://github.com/TYPO3/typo3 74 https://github.com/FasterXML/jackson-databind 70 https://github.com/thorsten/phpmyfaq 69 https://github.com/librenms/librenms 66 https://github.com/silverstripe/silverstripe-framework 64 https://github.com/symfony/symfony 64 https://github.com/usememos/memos 64 https://github.com/rails/rails 59 https://github.com/ansible/ansible 58 https://github.com/Dolibarr/dolibarr 56 https://github.com/kubernetes/kubernetes 53 https://github.com/python-pillow/Pillow 52 https://github.com/apache/struts 46 https://github.com/spring-projects/spring-framework 45 https://github.com/shopware/platform 43 https://github.com/ikus060/rdiffweb 42 https://github.com/argoproj/argo-cd 42 https://github.com/grafana/grafana 41 https://github.com/concretecms/concretecms 41 https://github.com/vyperlang/vyper 38 https://github.com/phpmyadmin/phpmyadmin 38 https://github.com/star7th/showdoc 38 https://github.com/magento/magento2 38 https://github.com/x-stream/xstream 37 https://github.com/openstack/nova 37 https://github.com/plone/Products.CMFPlone 37 https://github.com/mautic/mautic 35 https://github.com/octobercms/october 35 https://github.com/answerdev/answer 34 https://github.com/rancher/rancher 34 https://github.com/saltstack/salt 34 https://github.com/craftcms/cms 34 https://github.com/apache/activemq 33 https://github.com/dotnet/runtime 33 https://github.com/matrix-org/synapse 32 https://github.com/opencv/opencv 32 https://github.com/go-gitea/gitea 32 https://github.com/sparklemotion/nokogiri 32 https://github.com/gradio-app/gradio 31 https://github.com/mlflow/mlflow 31 https://github.com/PaddlePaddle/Paddle 31 https://github.com/parse-community/parse-server 31 https://github.com/snipe/snipe-it 30 https://github.com/openstack/keystone 28 https://github.com/shopware/shopware 28 https://github.com/CVEProject/cvelist 28 https://github.com/apache/inlong 27 https://github.com/cilium/cilium 26 https://github.com/baserproject/basercms 26 https://github.com/froxlor/froxlor 26 https://github.com/contao/contao 25 https://github.com/electron/electron 25 https://github.com/github/advisory-database 25 https://github.com/umbraco/Umbraco-CMS 25 https://github.com/directus/directus 25 https://github.com/TYPO3/TYPO3.CMS 24 https://github.com/gogs/gogs 24 https://github.com/strapi/strapi 24 https://github.com/getgrav/grav 24 https://github.com/eclipse/jetty.project 23 https://github.com/apache/nifi 23 https://github.com/livehelperchat/livehelperchat 23 https://github.com/pmmp/PocketMine-MP 23 https://github.com/firefly-iii/firefly-iii 23 https://github.com/langchain-ai/langchain 22 https://github.com/nervosnetwork/ckb 22 https://github.com/hashicorp/consul 22 https://github.com/PrestaShop/PrestaShop 22 https://github.com/apache/cxf 21 https://github.com/jenkinsci/script-security-plugin 21 https://github.com/netty/netty 21 https://github.com/simplesamlphp/simplesamlphp 20 https://github.com/bytecodealliance/wasmtime 20 https://github.com/OpenZeppelin/openzeppelin-contracts 20 https://github.com/jeecgboot/jeecg-boot 20 https://github.com/undertow-io/undertow 20 https://github.com/funadmin/funadmin 20 https://github.com/OpenNMS/opennms 20 https://github.com/zitadel/zitadel 19 https://github.com/getkirby/kirby 19 https://github.com/goharbor/harbor 19 https://github.com/bcgit/bc-java 19 https://github.com/traefik/traefik 19 https://github.com/cloudfoundry/uaa 19 https://github.com/nilsteampassnet/teampass 19 https://github.com/helm/helm 18 https://github.com/rack/rack 18 https://github.com/geoserver/geoserver 18 https://github.com/nilsteampassnet/TeamPass 18 https://github.com/rubygems/rubygems 18 https://github.com/intelliants/subrion 18 https://github.com/moby/moby 17 https://github.com/liufee/cms 17 https://github.com/hashicorp/vault 17 https://github.com/mindsdb/mindsdb 17 https://github.com/opencast/opencast 17 https://github.com/vaadin/platform 17 https://github.com/yetiforcecompany/yetiforcecrm 16 https://github.com/pyload/pyload 16 https://github.com/ethyca/fides 16 https://github.com/TYPO3-CMS/core 16 https://github.com/tinymce/tinymce 16 https://github.com/mattermost/mattermost 16 https://github.com/OpenMage/magento-lts 16 https://github.com/sequelize/sequelize 16 https://github.com/ethereum/go-ethereum 16 https://github.com/rusqlite/rusqlite 16 https://github.com/etcd-io/etcd 16 https://github.com/denoland/deno 16 https://github.com/laravel/framework 16 https://github.com/forkcms/forkcms 16 https://github.com/backstage/backstage 16 https://github.com/vantage6/vantage6 15 https://github.com/cobbler/cobbler 15 https://github.com/dompdf/dompdf 15 https://github.com/zendframework/zendframework 15 https://github.com/centreon/centreon 15 https://github.com/PHPMailer/PHPMailer 15 https://github.com/decidim/decidim 15 https://github.com/surrealdb/surrealdb 15 https://github.com/pyca/cryptography 15 https://github.com/puppetlabs/puppet 15 https://github.com/apache/camel 15 https://github.com/aio-libs/aiohttp 14 https://github.com/cockpit-hq/cockpit 14 https://github.com/dotnet/aspnetcore 14 https://github.com/janeczku/calibre-web 14 https://github.com/twisted/twisted 14 https://github.com/xuxueli/xxl-job 14 https://github.com/vercel/next.js 14 https://github.com/containerd/containerd 14 https://github.com/hashicorp/nomad 14 https://github.com/ckeditor/ckeditor4 14 https://github.com/golang/go 13 https://github.com/ming-soft/MCMS 13 https://github.com/OpenRefine/OpenRefine 13 https://github.com/modoboa/modoboa 13 https://github.com/TryGhost/Ghost 13 https://github.com/apache/dolphinscheduler 13 https://github.com/nodejs/undici 13 https://github.com/OPCFoundation/UA-.NETStandard 13 https://github.com/publify/publify 13 https://github.com/laurent22/joplin 13 https://github.com/swagger-api/swagger-ui 13 https://github.com/dromara/hutool 13 https://github.com/quarkusio/quarkus 13 https://github.com/centreon/centreon-archived 12 https://github.com/containers/podman 12 https://github.com/urllib3/urllib3 12 https://github.com/opencontainers/runc 12 https://github.com/pimcore/admin-ui-classic-bundle 12 https://github.com/smarty-php/smarty 12 https://github.com/openfga/openfga 12 https://github.com/apache/kylin 12 https://github.com/openstack/glance 12 https://github.com/puma/puma 12 https://github.com/patriksimek/vm2 12 https://github.com/wagtail/wagtail 12 https://github.com/PHPOffice/PhpSpreadsheet 12 https://github.com/1Panel-dev/1Panel 12 https://github.com/Sylius/Sylius 11 https://github.com/owen2345/camaleon-cms 11 https://github.com/spring-projects/spring-security 11 https://github.com/matrix-org/matrix-js-sdk 11 https://github.com/yiisoft/yii2 11 https://github.com/vaadin/flow 11 https://github.com/Studio-42/elFinder 11 https://github.com/igniterealtime/Openfire 11 https://github.com/thorsten/phpMyFAQ 11 https://github.com/pomerium/pomerium 11 https://github.com/dolibarr/dolibarr 11 https://github.com/zenml-io/zenml 11 https://github.com/dpgaspar/Flask-AppBuilder 11 https://github.com/NodeBB/NodeBB 11 https://github.com/nats-io/nats-server 11 https://github.com/cri-o/cri-o 11 https://github.com/cakephp/cakephp 11 https://github.com/Pylons/waitress 11 https://github.com/scrapy/scrapy 11 https://github.com/ezsystems/ezpublish-kernel 11 https://github.com/cloudflare/cfrpki 11 https://github.com/getsentry/sentry 11 https://github.com/onionshare/onionshare 11 https://github.com/drupal/core 11 https://github.com/top-think/framework 11 https://github.com/WWBN/AVideo 11 https://github.com/nautobot/nautobot 10 https://github.com/phusion/passenger 10