Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories

Browse all Security Advisories for

Loading...
Low
GSA_kwCzR0hTQS1yODQ3LTZ3NmgtcjhnNM4AA2vp
Flyte Admin SQL Injection in List Filters
Ecosystems: go
Packages: github.com/flyteorg/flyteadmin
Source: GitHub Advisory Database
Blast Radius: 2.4
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS1jcmc5LTQ0aDIteHczNc4AA2vl
Apache ActiveMQ is vulnerable to Remote Code Execution
Ecosystems: maven
Packages: org.apache.activemq:activemq-openwire-legacy, org.apache.activemq:activemq-client
Source: GitHub Advisory Database
Blast Radius: 38.1
Published: about 1 year ago
High
GSA_kwCzR0hTQS13NnJwLXZ4ajItZmpocs4AA2us
Cosmos packet-forward-middleware vulnerable to chain-halt
Ecosystems: go
Packages: github.com/cosmos/ibc-apps/middleware/packet-forward-middleware/v6, github.com/cosmos/ibc-apps/middleware/packet-forward-middleware/v5, github.com/cosmos/ibc-apps/middleware/packet-forward-middleware/v4
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1xaGhqLTdocmMtZ3FqNc4AA2ur
Home Assistant vulnerable to account takeover via auth_callback login
Ecosystems: pypi
Packages: homeassistant
Source: GitHub Advisory Database
Blast Radius: 11.8
Published: about 1 year ago
High
GSA_kwCzR0hTQS14OXc1LXYzcTItM3Jod84AA2uZ
browserify-sign upper bound check issue in `dsaVerify` leads to a signature forgery attack
Ecosystems: npm
Packages: browserify-sign
Source: GitHub Advisory Database
Blast Radius: 43.6
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS12cm02LWM4NzgtZnBxNs4AA2uY
baserCMS Code Injection Vulnerability in Mail Form Feature
Ecosystems: packagist
Packages: baserproject/basercms
Source: GitHub Advisory Database
Blast Radius: 3.2
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1mdzl4LWNxanEtN2p4Nc4AA2uX
baserCMS CSRF vulnerability in Content preview Feature
Ecosystems: packagist
Packages: baserproject/basercms
Source: GitHub Advisory Database
Blast Radius: 2.8
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1obXFqLWd2Mm0taHE1Nc4AA2uW
baserCMS Directory Traversal vulnerability in Form submission data management Feature
Ecosystems: packagist
Packages: baserproject/basercms
Source: GitHub Advisory Database
Blast Radius: 3.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1nZ2o0LTc4cm0tNnhnds4AA2uV
baserCMS Cross-site Scripting vulnerability in File upload Feature
Ecosystems: packagist
Packages: baserproject/basercms
Source: GitHub Advisory Database
Blast Radius: 3.7
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS04dnF4LXBycTQtcnFycc4AA2uU
baserCMS Cross-site Scripting Vulnerability in Favorites Feature
Ecosystems: packagist
Packages: baserproject/basercms
Source: GitHub Advisory Database
Blast Radius: 3.7
Published: about 1 year ago
High
GSA_kwCzR0hTQS0yY3FmLTZ4djktZjIyd84AA2uM
Elasticsearch vulnerable to Uncontrolled Resource Consumption
Ecosystems: maven
Packages: org.elasticsearch:elasticsearch
Source: GitHub Advisory Database
Blast Radius: 32.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1xd3J4LTQ1eGYtampmN84AA2uL
Elasticsearch vulnerable to stack overflow in the search API
Ecosystems: maven
Packages: org.elasticsearch:elasticsearch
Source: GitHub Advisory Database
Blast Radius: 27.7
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS05OXBjLTY5cTktanhmMs4AA2uQ
Elasticsearch allows insertion of sensitive information into log files when using deprecated URIs
Ecosystems: maven
Packages: org.elasticsearch:elasticsearch
Source: GitHub Advisory Database
Blast Radius: 17.5
Published: about 1 year ago
High
GSA_kwCzR0hTQS01d2o0LXdmZnEtMzM3OM4AA2tO
Ingress nginx annotation injection causes arbitrary command execution
Ecosystems: go
Packages: k8s.io/ingress-nginx
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
High
GSA_kwCzR0hTQS1mcDlmLTQ0YzItY3cyN84AA2tB
Ingress-nginx code injection via nginx.ingress.kubernetes.io/permanent-redirect annotation
Ecosystems: go
Packages: k8s.io/ingress-nginx
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
High
GSA_kwCzR0hTQS1ndnJtLXcyZjktZjc3cc4AA2sh
Ingress-nginx path sanitization can be bypassed
Ecosystems: go
Packages: k8s.io/ingress-nginx
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
High
GSA_kwCzR0hTQS1tNDI1LW1xOTQtMjU3Z84AA2sQ
gRPC-Go HTTP/2 Rapid Reset vulnerability
Ecosystems: go
Packages: google.golang.org/grpc
Source: GitHub Advisory Database
Blast Radius: 39.0
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS14d2NxLXBtOG0tYzR2Zs4AA2sP
crypto-js PBKDF2 1,000 times weaker than specified in 1993 and 1.3M times weaker than current standard
Ecosystems: npm
Packages: crypto-js
Source: GitHub Advisory Database
Blast Radius: 47.5
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS14Yzh4LXZwNzktcDN3bc4AA2sO
twisted.web has disordered HTTP pipeline response
Ecosystems: pypi
Packages: twisted
Source: GitHub Advisory Database
Blast Radius: 20.8
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS1tcGo4LXEzOXgtd3E1aM4AA2sN
crypto-es PBKDF2 1,000 times weaker than specified in 1993 and 1.3M times weaker than current standard
Ecosystems: npm
Packages: crypto-es
Source: GitHub Advisory Database
Blast Radius: 28.8
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS05M2doLWpnamotcjkyOc4AA2sM
XWiki Platform vulnerable to XSS with edit right in the create document form for existing pages
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-web, org.xwiki.platform:xwiki-platform-web-templates
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS1xY2o5LWdjcGctNHcyd84AA2sL
XWiki Platform web templates vulnerable to reflected XSS in the create document form if name validation is enabled
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-web-templates
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS1naGY2LTJmNDItbWpoOc4AA2sK
XWiki users can be tricked to execute scripts as the create page action doesn't display the page's title
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-web, org.xwiki.platform:xwiki-platform-web-templates
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS1ncjgyLThmajItZ2djM84AA2sJ
XWiki Platform XSS vulnerability from account in the create page form via template provider
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-web, org.xwiki.platform:xwiki-web-standard, org.xwiki.platform:xwiki-platform-web-templates
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS12Y3ZyLXY0MjYtM20zbc4AA2sI
org.xwiki.platform:xwiki-platform-office-importer vulnerable to arbitrary server side file writing from account through office converter
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-office-importer
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
High
GSA_kwCzR0hTQS0zNWo1LW0yOXIteGZxNc4AA2sH
XWiki Rendering's footnote macro vulnerable to privilege escalation via the footnote macro
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-core-rendering-macro-footnotes, org.xwiki.rendering:xwiki-rendering-macro-footnotes
Source: GitHub Advisory Database
Blast Radius: 14.9
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1naDY0LXF4aDUtNG0zM84AA2sG
org.xwiki.platform:xwiki-platform-oldcore may leak data through deleted and re-created documents
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-oldcore
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
High
GSA_kwCzR0hTQS1yd3d4LTY1NzItbXAyOc4AA2sF
org.xwiki.platform:xwiki-platform-attachment-api vulnerable to Missing Authorization on Attachment Move
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-attachment-api
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
High
GSA_kwCzR0hTQS12MnJyLXh3OTUtd2NqeM4AA2sE
Privilege escalation (PR)/remote code execution from account through Menu.UIExtensionSheet
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-menu-ui, org.xwiki.platform:xwiki-platform-menu
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS02NjN3LTJ4cDMtNTczOc4AA2sD
org.xwiki.rendering:xwiki-rendering-xml Improper Neutralization of Invalid Characters in Identifiers in Web Pages vulnerability
Ecosystems: maven
Packages: org.xwiki.rendering:xwiki-rendering-xml
Source: GitHub Advisory Database
Blast Radius: 6.8
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1tcTI2LWczMzktMjZ4Zs4AA2sC
Command Injection in pip when used with Mercurial
Ecosystems: pypi
Packages: pip
Source: GitHub Advisory Database
Blast Radius: 25.0
Published: about 1 year ago
Low
GSA_kwCzR0hTQS04ODU5LXY5anAtY3BoZs4AA2rz
Jenkins Multibranch Scan Webhook Trigger Plugin uses non-constant time webhook token comparison
Ecosystems: maven
Packages: igalg.jenkins.plugins:multibranch-scan-webhook-trigger
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
High
GSA_kwCzR0hTQS1tdjc3LWZqNjMtcTV3OM4AA2q7
Stored XSS vulnerability in Jenkins GitHub Plugin
Ecosystems: maven
Packages: com.coravy.hudson.plugins.github:github
Source: GitHub Advisory Database
Blast Radius: 19.7
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS12dzY0LWc3YzYtbW03Z84AA2r2
Jenkins lambdatest-automation Plugin missing permission check
Ecosystems: maven
Packages: org.jenkins-ci.plugins:lambdatest-automation
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
High
GSA_kwCzR0hTQS1qd3gzLTJocTMtNjgyY84AA2rF
Jenkins Edgewall Trac Plugin vulnerable to Stored XSS
Ecosystems: maven
Packages: org.jenkins-ci.plugins:trac
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Low
GSA_kwCzR0hTQS1ocHYzLWY1cDctcHhqOc4AA2rA
Jenkins lambdatest-automation Plugin may expose Credentials access token
Ecosystems: maven
Packages: org.jenkins-ci.plugins:lambdatest-automation
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Low
GSA_kwCzR0hTQS0yeHBxLTU5NTItMzh3M84AA2rM
Jenkins MSTeams Webhook Trigger Plugin uses non-constant time webhook token comparison
Ecosystems: maven
Packages: io.jenkins.plugins:teams-webhook-trigger
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Low
GSA_kwCzR0hTQS04Nmo5LTI1bTItOXc5N84AA2rS
Non-constant time webhook token hash comparison in Jenkins Zanata Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:zanata
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
High
GSA_kwCzR0hTQS1qeDd4LXJmM2YtajY0NM4AA2ry
Jenkins CloudBees CD Plugin vulnerable to arbitrary file deletion
Ecosystems: maven
Packages: org.jenkins-ci.plugins:electricflow
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Low
GSA_kwCzR0hTQS04ODVyLWhocHItY2M5cM4AA2rO
Jenkins Gogs Plugin uses non-constant time webhook token comparison
Ecosystems: maven
Packages: org.jenkins-ci.plugins:gogs-webhook
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS05Z2d3LWg5bWYtNGpoN84AA2r1
Jenkins CloudBees CD Plugin vulnerable to arbitrary file read
Ecosystems: maven
Packages: org.jenkins-ci.plugins:electricflow
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS02Nmh2LWZoY20tN3htN84AA2r0
Jenkins Warnings Plugin exposures system-scoped credentials
Ecosystems: maven
Packages: io.jenkins.plugins:warnings-ng
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS01NGY2LTlteDktODZmN84AA2pn
SaToken privilege escalation vulnerability
Ecosystems: maven
Packages: cn.dev33:sa-token-core
Source: GitHub Advisory Database
Blast Radius: 19.9
Published: about 1 year ago
High
GSA_kwCzR0hTQS13OXZoLWh2NWctN3dtcs4AA2pw
SaToken authentication bypass vulnerability
Ecosystems: maven
Packages: cn.dev33:sa-token-core
Source: GitHub Advisory Database
Blast Radius: 17.9
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS04Zzg3LTczdnEtNDQzcM4AA2p7
Zenario CMS Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: tribalsystems/zenario
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
High
GSA_kwCzR0hTQS05MjQyLTZwMzYtNjI1Ns4AA2pR
Inefficient Regular Expression Complexity in node-email-check
Ecosystems: npm
Packages: node-email-check
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
High
GSA_kwCzR0hTQS03ZzI0LXFnODgtcDQzcc4AA2pM
jose4j uses weak cryptographic algorithm
Ecosystems: maven
Packages: org.bitbucket.b_c:jose4j
Source: GitHub Advisory Database
Blast Radius: 24.4
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1teDQ3LWg1ZnYtZ2h3aM4AA2pK
light-oauth2 missing public key verification
Ecosystems: maven
Packages: com.networknt:light-oauth2
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS0zajJmLTU4cnEtZzZwN84AA2o5
Sureness uses hardcoded key
Ecosystems: maven
Packages: com.usthe.sureness:sureness-core
Source: GitHub Advisory Database
Blast Radius: 10.9
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1ocmZ2LW1xcDgtcTVyd84AA2oc
Werkzeug DoS: High resource usage when parsing multipart/form-data containing a large part with CR/LF character at the beginning
Ecosystems: pypi
Packages: werkzeug
Source: GitHub Advisory Database
Blast Radius: 27.4
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1qcTZjLXI5eGYtcXhqbc4AA2ob
dtale vulnerable to Remote Code Execution through the Custom Filter Input
Ecosystems: pypi
Packages: dtale
Source: GitHub Advisory Database
Blast Radius: 11.8
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS01ODczLTZmd3EtNDYzZs4AA2oa
stellar-strkey vulnerable to panic in SignedPayload::from_payload
Ecosystems: cargo
Packages: stellar-strkey
Source: GitHub Advisory Database
Blast Radius: 5.3
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS00cjV4LXgyODMtd205Ns4AA2oW
Jumpserver Koko vulnerable to remote code execution on the host system via MongoDB shell
Ecosystems: go
Packages: github.com/jumpserver/koko
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
High
GSA_kwCzR0hTQS1yMmh3LTc0eHYtNGdxcM4AA2oV
Nautobot vulnerable to exposure of hashed user passwords via REST API
Ecosystems: pypi
Packages: nautobot
Source: GitHub Advisory Database
Blast Radius: 12.9
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS02ODc4LTZ3YzItcGY1aM4AA2oU
Sequential calls of encryption API (`encrypt`, `wrap`, and `dump`) result in nonce reuse
Ecosystems: cargo
Packages: cocoon
Source: GitHub Advisory Database
Blast Radius: 3.8
Published: about 1 year ago
High
GSA_kwCzR0hTQS01cHIzLW01aG0tOTk1Ns4AA2oT
WPS Server Side Request Forgery vulnerability
Ecosystems: maven
Packages: org.geoserver.extension:gs-wps-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1jcXBjLXgyYzYtMmdtZs4AA2oS
Unsecured WMS dynamic styling sld=<url> parameter affords blind unauthenticated SSRF
Ecosystems: maven
Packages: org.geoserver.web:gs-web-app, org.geoserver:gs-wms
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Low
GSA_kwCzR0hTQS1mZ2pqLTVqbXItZ2g4M84AA2oR
Fides JavaScript Injection Vulnerability in Privacy Center URL
Ecosystems: pypi
Packages: ethyca-fides
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1yanhnLXJwZzMtOXI4Oc4AA2oP
Fides Information Disclosure Vulnerability in Config API Endpoint
Ecosystems: pypi
Packages: ethyca-fides
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
High
GSA_kwCzR0hTQS1qcTN3LTltZ2YtNDNtNM4AA2oO
Fides Server-Side Request Forgery Vulnerability in Custom Integration Upload
Ecosystems: pypi
Packages: ethyca-fides
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
High
GSA_kwCzR0hTQS0zcHg3LWptMnAtNmgyY84AA2oN
encoded_id-rails potential DOS vulnerability due to URIs with extremely long encoded IDs
Ecosystems: rubygems
Packages: encoded_id-rails
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Low
GSA_kwCzR0hTQS1oOW13LWdyZ3gtMmZoZs4AA2oM
sbt vulnerable to arbitrary file write via archive extraction (Zip Slip)
Ecosystems: maven
Packages: org.scala-sbt:io_3, org.scala-sbt:io_2.13, org.scala-sbt:io_2.12, org.scala-sbt:sbt
Source: GitHub Advisory Database
Blast Radius: 13.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1tbThoLTg1ODctcDQ2aM4AA2oL
RabbitMQ Java client's Lack of Message Size Limitation leads to Remote DoS Attack
Ecosystems: maven
Packages: com.rabbitmq:amqp-client
Source: GitHub Advisory Database
Blast Radius: 19.9
Published: about 1 year ago
High
GSA_kwCzR0hTQS03OTJxLXE2N2gtdzU3Oc4AA2oK
Parse Server may crash when uploading file without extension
Ecosystems: npm
Packages: parse-server
Source: GitHub Advisory Database
Blast Radius: 23.1
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS00cXY2LTM3eHEtbWdxMs4AA2oD
Concrete CMS Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: concrete5/concrete5
Source: GitHub Advisory Database
Blast Radius: 4.6
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS05cXFnLW1oN2MtY2hmcc4AA2oC
Apache Airflow vulnerable to Exposure of Sensitive Information
Ecosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Blast Radius: 13.7
Published: about 1 year ago
High
GSA_kwCzR0hTQS1jcXZ2LXIzZzMtMjZyZs4AA2nX
free5GC udm vulnerable to Invalid Curve Attack
Ecosystems: go
Packages: github.com/free5gc/udm
Source: GitHub Advisory Database
Blast Radius: 7.2
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1oNDU0LXJxM20tODlyY84AA2nE
Wagtail CRX CodeRed Extensions vulnerable to Path Traversal
Ecosystems: pypi
Packages: coderedcms
Source: GitHub Advisory Database
Blast Radius: 8.5
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS05eDQzLTVxY3EtaDc5cc4AA2nF
Django Grappelli Open Redirect vulnerability
Ecosystems: pypi
Packages: django-grappelli
Source: GitHub Advisory Database
Blast Radius: 20.1
Published: about 1 year ago
Low
GSA_kwCzR0hTQS1jNTloLXI2cDgtcTl3Y84AA2m9
Next.js missing cache-control header may lead to CDN caching empty reply
Ecosystems: npm
Packages: next
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
High
GSA_kwCzR0hTQS02aDhwLTRoeDktdzY2Y84AA2mq
Langchain Server-Side Request Forgery vulnerability
Ecosystems: pypi
Packages: langchain
Source: GitHub Advisory Database
Blast Radius: 32.0
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS04aDV3LWY2cTktd2czNc4AA2mm
Langchain SQL Injection vulnerability
Ecosystems: pypi
Packages: langchain
Source: GitHub Advisory Database
Blast Radius: 41.9
Published: about 1 year ago
High
GSA_kwCzR0hTQS1qNDR2LW1tZjIteHZtOc4AA2mh
PDM Trojan Lockfile
Ecosystems: pypi
Packages: pdm
Source: GitHub Advisory Database
Blast Radius: 11.4
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS01N2NyLXJxM2YtcHBteM4AA2me
modoboa Cross-Site Request Forgery vulnerability
Ecosystems: pypi
Packages: modoboa
Source: GitHub Advisory Database
Blast Radius: 6.4
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS1wcWdtLTlnODItd2NtN84AA2mf
modoboa Cross-site Scripting vulnerability
Ecosystems: pypi
Packages: modoboa
Source: GitHub Advisory Database
Blast Radius: 11.8
Published: about 1 year ago
High
GSA_kwCzR0hTQS05d2ozLWNmcTgtd3B2as4AA2mc
modoboa Cross-site Scripting vulnerability
Ecosystems: pypi
Packages: modoboa
Source: GitHub Advisory Database
Blast Radius: 8.5
Published: about 1 year ago
High
GSA_kwCzR0hTQS0ycmNwLWp2cjQtcjI1Oc4AA2mV
Tauri's Updater Private Keys Possibly Leaked via Vite Environment Variables
Ecosystems: cargo, npm
Packages: tauri-cli, @tauri-apps/cli
Source: GitHub Advisory Database
Blast Radius: 37.2
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS02aHZnLTYycTgtOTV2N84AA2mT
svg_optimizer rubygem external XML entity (XXE) vulnerability
Ecosystems: rubygems
Packages: svg_optimizer
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS14ZnJqLTZ2dmMtM3htMs4AA2mS
Apache Santuario - XML Security for Java are vulnerable to private key disclosure
Ecosystems: maven
Packages: org.apache.santuario:xmlsec
Source: GitHub Advisory Database
Blast Radius: 22.2
Published: about 1 year ago
High
GSA_kwCzR0hTQS1jZ2Y4LWgzZnAtaDk1Ns4AA2lB
Pleaser privilege escalation vulnerability
Ecosystems: cargo
Packages: pleaser
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS00MzJmLTk2N2YtdnhnNM4AA2k2
Evolution CMS Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: evolutioncms/evolution
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS00Y3F2LXEzM3gtd2Z4d84AA2kt
Yamcs Cross-site Scripting vulnerability
Ecosystems: maven
Packages: org.yamcs:yamcs
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS02NDNmLWhwY2MtMmd2OM4AA2ku
Yamcs Cross-site Scripting vulnerability
Ecosystems: maven
Packages: org.yamcs:yamcs
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS12OXZqLTlweHYtbXIyd84AA2kx
mycli has Inadequate Encryption Strength
Ecosystems: pypi
Packages: mycli
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS01aDQ3LTlybTUtZngzZs4AA2ks
Evolution CMS Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: evolutioncms/evolution
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS02NDZyLThmY2MtcDgycs4AA2kw
Subrion CMS vulnerable to Cross-site Scripting
Ecosystems: packagist
Packages: intelliants/subrion
Source: GitHub Advisory Database
Blast Radius: 3.7
Published: about 1 year ago
High
GSA_kwCzR0hTQS1obWd3LTlqcmctaGYybc4AA2kX
Directus crashes on invalid WebSocket message
Ecosystems: npm
Packages: directus
Source: GitHub Advisory Database
Blast Radius: 15.5
Published: about 1 year ago
High
GSA_kwCzR0hTQS13NG0yLXFtaDMtMmc4Zs4AA2kP
Yamcs Path Traversal vulnerability
Ecosystems: maven
Packages: org.yamcs:yamcs
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS00M2Z3LTUzNmotdzM3as4AA2kO
Yamcs API Directory Traversal vulnerability
Ecosystems: maven
Packages: org.yamcs:yamcs
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1xMjRtLTZoMzgtNXhqOM4AA2kK
ydb-go-sdk token in custom credentials object can leak through logs
Ecosystems: go
Packages: github.com/ydb-platform/ydb-go-sdk/v3
Source: GitHub Advisory Database
Blast Radius: 9.3
Published: about 1 year ago
High
GSA_kwCzR0hTQS1obXE0LWMycjQtNXE4aM4AA2kJ
Artifact Hub arbitrary file read vulnerability
Ecosystems: go
Packages: github.com/artifacthub/hub
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Low
GSA_kwCzR0hTQS05cGM4LW00dnAtZ2d2Zs4AA2kI
Artifact Hub allows unsafe rego built-in
Ecosystems: go
Packages: github.com/artifacthub/hub
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1nNnBxLXg1MzktN3c0as4AA2kH
Artifact Hub has Incorrect Docker Hub registry check
Ecosystems: go
Packages: github.com/artifacthub/hub
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1oZ3F4LXIyaHAtanIzOM4AA2kG
TinyMCE XSS vulnerability in notificationManager.open API
Ecosystems: packagist, nuget, npm
Packages: tinymce/tinymce, TinyMCE, tinymce
Source: GitHub Advisory Database
Blast Radius: 43.2
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS12NjVyLXAzdnYtampmds4AA2kF
TinyMCE mXSS vulnerability in undo/redo, getContent API, resetContent API, and Autosave plugin
Ecosystems: packagist, nuget, npm
Packages: tinymce/tinymce, TinyMCE, tinymce
Source: GitHub Advisory Database
Blast Radius: 43.2
Published: about 1 year ago
High
GSA_kwCzR0hTQS1jcjQ1LTk4dzktZ3dxeM4AA2kE
Viewing wget extractor output while logged in as an admin allows archived JS to execute in the admins context
Ecosystems: pypi
Packages: archivebox
Source: GitHub Advisory Database
Blast Radius: 3.9
Published: about 1 year ago
High
GSA_kwCzR0hTQS1mcjJnLTloam0td3IyM84AA2kD
NATS.io: Adding accounts for just the system account adds auth bypass
Ecosystems: go
Packages: github.com/nats-io/nats-server/v2
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1qcmYyLWg1ajYtM3Jycc4AA2kC
Bunkum tokens cached in the AuthenticationService are susceptible to a use-after-free
Ecosystems: nuget
Packages: Bunkum
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
High
GSA_kwCzR0hTQS1yMzQ0LXh3M3AtMmZyas4AA2kB
Apollo Router vulnerable to Improper Check or Handling of Exceptional Conditions
Ecosystems: cargo
Packages: apollo-router
Source: GitHub Advisory Database
Blast Radius: 4.5
Published: about 1 year ago
Low
GSA_kwCzR0hTQS1mYzc1LTU4cjgtcm0zaM4AA2kA
Wagtail vulnerable to disclosure of user names via admin bulk action views
Ecosystems: pypi
Packages: wagtail
Source: GitHub Advisory Database
Blast Radius: 8.9
Published: about 1 year ago
Statistics
Advisories: 20,795
Packages: 9,103
Repositories: 5,559
Ecosystems: 12
Filter by Severity
Moderate 8,881 High 7,321 Critical 3,078 Low 1,157
Filter by Ecosystem
maven 5,892 packagist 4,649 pypi 4,409 npm 3,830 go 2,315 nuget 1,553 cargo 891 rubygems 885 swift 33 hex 32 actions 21 pub 9
Filter by Package
tensorflow 433 tensorflow-gpu 427 tensorflow-cpu 423 moodle/moodle 367 Microsoft.ChakraCore 247 magento/community-edition 235 org.jenkins-ci.main:jenkins-core 193 typo3/cms 174 org.apache.tomcat:tomcat 132 pimcore/pimcore 118 dolibarr/dolibarr 113 typo3/cms-core 106 Django 100 microweber/microweber 94 drupal/core 92 phpmyadmin/phpmyadmin 92 silverstripe/framework 85 apache-airflow 85 drupal/drupal 78 librenms/librenms 74 Plone 72 thorsten/phpmyfaq 70 symfony/symfony 69 com.fasterxml.jackson.core:jackson-databind 69 github.com/usememos/memos 64 ansible 63 github.com/mattermost/mattermost/server/v8 61 concrete5/concrete5 60 actionpack 60 salt 56 org.apache.struts:struts2-core 55 org.keycloak:keycloak-core 52 shopware/platform 52 apache-superset 51 github.com/grafana/grafana 49 nova 47 baserproject/basercms 47 mlflow 47 com.liferay.portal:release.portal.bom 46 craftcms/cms 46 django 44 nokogiri 43 rdiffweb 42 plone 41 matrix-synapse 41 showdoc/showdoc 40 shopware/core 40 intelliants/subrion 39 org.apache.tomcat.embed:tomcat-embed-core 38 froxlor/froxlor 38 github.com/rancher/rancher 38 vyper 38 org.xwiki.platform:xwiki-platform-oldcore 37 github.com/mattermost/mattermost-server/v6 37 mautic/core 37 com.thoughtworks.xstream:xstream 37 org.keycloak:keycloak-services 37 nilsteampassnet/teampass 37 github.com/hashicorp/vault 37 com.jfinal:jfinal 36 org.elasticsearch:elasticsearch 36 k8s.io/kubernetes 36 net.mingsoft:ms-mcms 35 snipe/snipe-it 35 moin 35 zendframework/zendframework1 34 io.undertow:undertow-core 34 github.com/answerdev/answer 34 gradio 34 org.jenkins-ci.plugins:script-security 33 keystone 32 github.com/argoproj/argo-cd 31 opencv-contrib-python 31 Pillow 31 opencv-python 31 parse-server 31 shopware/shopware 30 github.com/docker/docker 29 getgrav/grav 29 github.com/hashicorp/consul 29 mediawiki/core 28 github.com/hashicorp/nomad 28 github.com/argoproj/argo-cd/v2 27 centreon/centreon 27 openssl-src 26 electron 26 pillow 26 github.com/cilium/cilium 26 directus 26 prestashop/prestashop 26 gogs.io/gogs 25 org.keycloak:keycloak-parent 25 org.apache.solr:solr-core 25 rubygems-update 25 org.springframework.security:spring-security-core 24 magento/core 24 simplesamlphp/simplesamlphp 24 org.eclipse.jetty:jetty-server 24 contao/core-bundle 24 rack 23 grumpydictator/firefly-iii 23 zendframework/zendframework 23 pocketmine/pocketmine-mp 23 puppet 23 remdex/livehelperchat 23 ckb 22 org.bouncycastle:bcprov-jdk14 22 tribalsystems/zenario 22 getkirby/cms 22 activerecord 21 org.apache.openmeetings:openmeetings-parent 21 org.apache.nifi:nifi 21 Microsoft.AspNetCore.App.Runtime.win-x64 21 @openzeppelin/contracts-upgradeable 21 Microsoft.AspNetCore.App.Runtime.win-x86 21 glance 21 org.springframework:spring-core 20 langchain 20 code.gitea.io/gitea 20 @openzeppelin/contracts 20 org.cloudfoundry.identity:cloudfoundry-identity-server 20 laravel/framework 20 funadmin/funadmin 20 github.com/ethereum/go-ethereum 20 Microsoft.AspNetCore.App.Runtime.win-arm 20 DotNetNuke.Core 19 github.com/traefik/traefik/v2 19 org.xwiki.platform:xwiki-platform-web-templates 19 contao/contao 19 github.com/goharbor/harbor 19 wasmtime 19 forkcms/forkcms 18 Microsoft.AspNetCore.App.Runtime.linux-arm 18 Microsoft.AspNetCore.App.Runtime.linux-arm64 18 Microsoft.AspNetCore.App.Runtime.linux-musl-x64 18 Microsoft.AspNetCore.App.Runtime.linux-x64 18 golang.org/x/net 18 Microsoft.AspNetCore.App.Runtime.osx-x64 18 mercurial 18 cobbler 18 com.vaadin:vaadin-bom 18 topthink/framework 18 com.liferay.portal:release.dxp.bom 18 next 18 Microsoft.AspNetCore.App.Runtime.win-arm64 18 mindsdb 18 cockpit-hq/cockpit 18 Microsoft.AspNetCore.App.Runtime.linux-musl-arm64 17 org.apache.geode:geode-core 17 notebook 17 helm.sh/helm/v3 17 francoisjacquet/rosariosis 17 symfony/security 17 ezsystems/ezpublish-kernel 17 genix/cms 17 cakephp/cakephp 17 opencart/opencart 17 neutron 17 ethyca-fides 16 rusqlite 16 tinymce 16 pyload-ng 16 org.bouncycastle:bcprov-jdk15 16 openmage/magento-lts 16 paddlepaddle 16 org.apache.activemq:activemq-client 16 yetiforce/yetiforce-crm 16 sequelize 16 org.apache.dubbo:dubbo 16 typo3/cms-backend 16 org.apache.jspwiki:jspwiki-main 16 PaddlePaddle 16 phpbb/phpbb 16 cryptography 16 github.com/zitadel/zitadel 16 ghost 15 ec-cube/ec-cube 15 october/system 15 surrealdb 15 calibreweb 15 symfony/security-http 15 OctoPrint 15 ckeditor4 15 smarty/smarty 15 org.apache.struts.xwork:xwork-core 15 modoboa 14 camaleon_cms 14 publify_core 14 rails-html-sanitizer 14 feehi/cms 14 org.xwiki.platform:xwiki-platform-web 14 silverstripe/cms 14 bolt/bolt 14 phpmailer/phpmailer 14 swagger-ui 14 github.com/containerd/containerd 14 activesupport 14 org.apache.inlong:manager-pojo 14 aiohttp 14 org.apache.tomcat:tomcat-coyote 14
Filter by Repository
https://github.com/tensorflow/tensorflow 433 https://github.com/moodle/moodle 218 https://github.com/chakra-core/ChakraCore 214 https://github.com/xwiki/xwiki-platform 183 https://github.com/jenkinsci/jenkins 150 https://github.com/django/django 113 https://github.com/pimcore/pimcore 113 https://github.com/apache/tomcat 101 https://github.com/apache/airflow 100 https://github.com/microweber/microweber 88 https://github.com/keycloak/keycloak 79 https://github.com/TYPO3/typo3 75 https://github.com/FasterXML/jackson-databind 70 https://github.com/thorsten/phpmyfaq 69 https://github.com/librenms/librenms 66 https://github.com/symfony/symfony 64 https://github.com/usememos/memos 64 https://github.com/silverstripe/silverstripe-framework 64 https://github.com/rails/rails 59 https://github.com/ansible/ansible 58 https://github.com/Dolibarr/dolibarr 56 https://github.com/kubernetes/kubernetes 53 https://github.com/python-pillow/Pillow 52 https://github.com/spring-projects/spring-framework 46 https://github.com/apache/struts 46 https://github.com/shopware/platform 43 https://github.com/argoproj/argo-cd 42 https://github.com/ikus060/rdiffweb 42 https://github.com/grafana/grafana 41 https://github.com/concretecms/concretecms 41 https://github.com/star7th/showdoc 38 https://github.com/phpmyadmin/phpmyadmin 38 https://github.com/vyperlang/vyper 38 https://github.com/magento/magento2 38 https://github.com/plone/Products.CMFPlone 37 https://github.com/x-stream/xstream 37 https://github.com/openstack/nova 37 https://github.com/octobercms/october 35 https://github.com/mautic/mautic 35 https://github.com/answerdev/answer 34 https://github.com/craftcms/cms 34 https://github.com/saltstack/salt 34 https://github.com/rancher/rancher 34 https://github.com/apache/activemq 33 https://github.com/dotnet/runtime 33 https://github.com/opencv/opencv 32 https://github.com/go-gitea/gitea 32 https://github.com/matrix-org/synapse 32 https://github.com/sparklemotion/nokogiri 32 https://github.com/PaddlePaddle/Paddle 31 https://github.com/parse-community/parse-server 31 https://github.com/mlflow/mlflow 31 https://github.com/gradio-app/gradio 31 https://github.com/snipe/snipe-it 30 https://github.com/shopware/shopware 28 https://github.com/CVEProject/cvelist 28 https://github.com/openstack/keystone 28 https://github.com/apache/inlong 27 https://github.com/cilium/cilium 26 https://github.com/baserproject/basercms 26 https://github.com/froxlor/froxlor 26 https://github.com/umbraco/Umbraco-CMS 25 https://github.com/github/advisory-database 25 https://github.com/directus/directus 25 https://github.com/contao/contao 25 https://github.com/electron/electron 25 https://github.com/strapi/strapi 24 https://github.com/gogs/gogs 24 https://github.com/getgrav/grav 24 https://github.com/pmmp/PocketMine-MP 23 https://github.com/apache/nifi 23 https://github.com/eclipse/jetty.project 23 https://github.com/livehelperchat/livehelperchat 23 https://github.com/TYPO3/TYPO3.CMS 23 https://github.com/firefly-iii/firefly-iii 23 https://github.com/nervosnetwork/ckb 22 https://github.com/hashicorp/consul 22 https://github.com/PrestaShop/PrestaShop 22 https://github.com/netty/netty 22 https://github.com/langchain-ai/langchain 22 https://github.com/apache/cxf 21 https://github.com/simplesamlphp/simplesamlphp 21 https://github.com/jenkinsci/script-security-plugin 21 https://github.com/OpenZeppelin/openzeppelin-contracts 20 https://github.com/undertow-io/undertow 20 https://github.com/funadmin/funadmin 20 https://github.com/bytecodealliance/wasmtime 20 https://github.com/jeecgboot/jeecg-boot 20 https://github.com/OpenNMS/opennms 20 https://github.com/cloudfoundry/uaa 19 https://github.com/goharbor/harbor 19 https://github.com/moby/moby 19 https://github.com/nilsteampassnet/teampass 19 https://github.com/traefik/traefik 19 https://github.com/getkirby/kirby 19 https://github.com/bcgit/bc-java 19 https://github.com/zitadel/zitadel 19 https://github.com/nilsteampassnet/TeamPass 18 https://github.com/intelliants/subrion 18 https://github.com/rubygems/rubygems 18 https://github.com/geoserver/geoserver 18 https://github.com/helm/helm 18 https://github.com/rack/rack 18 https://github.com/opencast/opencast 17 https://github.com/hashicorp/vault 17 https://github.com/liufee/cms 17 https://github.com/backstage/backstage 17 https://github.com/mindsdb/mindsdb 17 https://github.com/vaadin/platform 17 https://github.com/ethyca/fides 16 https://github.com/tinymce/tinymce 16 https://github.com/ethereum/go-ethereum 16 https://github.com/sequelize/sequelize 16 https://github.com/laravel/framework 16 https://github.com/pyload/pyload 16 https://github.com/TYPO3-CMS/core 16 https://github.com/denoland/deno 16 https://github.com/yetiforcecompany/yetiforcecrm 16 https://github.com/rusqlite/rusqlite 16 https://github.com/forkcms/forkcms 16 https://github.com/OpenMage/magento-lts 16 https://github.com/mattermost/mattermost 16 https://github.com/etcd-io/etcd 16 https://github.com/surrealdb/surrealdb 15 https://github.com/vantage6/vantage6 15 https://github.com/apache/camel 15 https://github.com/centreon/centreon 15 https://github.com/cobbler/cobbler 15 https://github.com/zendframework/zendframework 15 https://github.com/puppetlabs/puppet 15 https://github.com/PHPMailer/PHPMailer 15 https://github.com/decidim/decidim 15 https://github.com/pyca/cryptography 15 https://github.com/dompdf/dompdf 15 https://github.com/hashicorp/nomad 14 https://github.com/dotnet/aspnetcore 14 https://github.com/twisted/twisted 14 https://github.com/vercel/next.js 14 https://github.com/cockpit-hq/cockpit 14 https://github.com/janeczku/calibre-web 14 https://github.com/ckeditor/ckeditor4 14 https://github.com/aio-libs/aiohttp 14 https://github.com/xuxueli/xxl-job 14 https://github.com/rails/rails-html-sanitizer 14 https://github.com/containerd/containerd 14 https://github.com/modoboa/modoboa 13 https://github.com/apache/dolphinscheduler 13 https://github.com/OPCFoundation/UA-.NETStandard 13 https://github.com/nodejs/undici 13 https://github.com/swagger-api/swagger-ui 13 https://github.com/dromara/hutool 13 https://github.com/publify/publify 13 https://github.com/TryGhost/Ghost 13 https://github.com/golang/go 13 https://github.com/OpenRefine/OpenRefine 13 https://github.com/laurent22/joplin 13 https://github.com/ming-soft/MCMS 13 https://github.com/quarkusio/quarkus 13 https://github.com/openstack/glance 12 https://github.com/openfga/openfga 12 https://github.com/wagtail/wagtail 12 https://github.com/centreon/centreon-archived 12 https://github.com/urllib3/urllib3 12 https://github.com/1Panel-dev/1Panel 12 https://github.com/apache/kylin 12 https://github.com/containers/podman 12 https://github.com/pimcore/admin-ui-classic-bundle 12 https://github.com/puma/puma 12 https://github.com/PHPOffice/PhpSpreadsheet 12 https://github.com/opencontainers/runc 12 https://github.com/patriksimek/vm2 12 https://github.com/smarty-php/smarty 12 https://github.com/nats-io/nats-server 11 https://github.com/cri-o/cri-o 11 https://github.com/dpgaspar/Flask-AppBuilder 11 https://github.com/thorsten/phpMyFAQ 11 https://github.com/yiisoft/yii2 11 https://github.com/cakephp/cakephp 11 https://github.com/WWBN/AVideo 11 https://github.com/vaadin/flow 11 https://github.com/pomerium/pomerium 11 https://github.com/matrix-org/matrix-js-sdk 11 https://github.com/getsentry/sentry 11 https://github.com/scrapy/scrapy 11 https://github.com/Studio-42/elFinder 11 https://github.com/NodeBB/NodeBB 11 https://github.com/spring-projects/spring-security 11 https://github.com/igniterealtime/Openfire 11 https://github.com/Pylons/waitress 11 https://github.com/Sylius/Sylius 11 https://github.com/cloudflare/cfrpki 11 https://github.com/owen2345/camaleon-cms 11 https://github.com/ezsystems/ezpublish-kernel 11 https://github.com/onionshare/onionshare 11 https://github.com/dolibarr/dolibarr 11 https://github.com/zenml-io/zenml 11 https://github.com/drupal/core 11 https://github.com/top-think/framework 11 https://github.com/keystonejs/keystone 10