Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories

Browse all Security Advisories for

Loading...
High
GSA_kwCzR0hTQS01ODM2LWdyY2MtOGo4Oc4AA2A4
OpenStack Heat information leak vulnerability
Ecosystems: pypi
Packages: openstack-heat
Source: GitHub Advisory Database
Blast Radius: 7.7
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS02cXFwLTR2bTMtMzU5ds4AA2A5
OpenStack Barbican credential leak flaw
Ecosystems: pypi
Packages: barbican
Source: GitHub Advisory Database
Blast Radius: 3.1
Published: about 1 year ago
High
GSA_kwCzR0hTQS05Mmh4LTNtaDYtaGM0Oc4AA2A6
kube-apiserver authentication bypass vulnerability
Ecosystems: go
Packages: github.com/openshift/apiserver-library-go
Source: GitHub Advisory Database
Blast Radius: 15.6
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS02ZjRtLWo1NnctNTVjM84AA2A3
Kiali content spoofing vulnerability
Ecosystems: go
Packages: github.com/kiali/kiali
Source: GitHub Advisory Database
Blast Radius: 4.1
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS1yd2h4LTZoeDctcHFjOM4AA2As
SQL injection in jeecgboot
Ecosystems: maven
Packages: org.jeecgframework.boot:jeecg-boot-common
Source: GitHub Advisory Database
Blast Radius: 20.1
Published: about 1 year ago
High
GSA_kwCzR0hTQS1tOXhxLTZoMmotNjVyMs4AA2Ar
Markdown vulnerable to Out-of-bounds Read while parsing citations
Ecosystems: go
Packages: github.com/gomarkdown/markdown
Source: GitHub Advisory Database
Blast Radius: 22.5
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS00MjN3LXAydzktcjd2cc4AA2An
AEADs/aes-gcm: Plaintext exposed in decrypt_in_place_detached even on tag verification failure
Ecosystems: cargo
Packages: aes-gcm
Source: GitHub Advisory Database
Blast Radius: 18.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1naHA4LTUydngtNzdqNM4AA2Al
pgAdmin failed to properly control the server code
Ecosystems: pypi
Packages: pgadmin4
Source: GitHub Advisory Database
Blast Radius: 10.2
Published: about 1 year ago
High
GSA_kwCzR0hTQS00NWMzLWM0YzMtOHJxZ84AA2AN
FUXA vulnerable to Local File Inclusion
Ecosystems: npm
Packages: @frangoteam/fuxa
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
High
GSA_kwCzR0hTQS13d2ZqLWg4NDMtM2hycc4AA2AL
FUXA local file inclusion vulnerability
Ecosystems: npm
Packages: fuxa-server
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
High
GSA_kwCzR0hTQS12OXE1LTljcnAtOTJmOc4AA2AH
FUXA SQL Injection vulnerability
Ecosystems: npm
Packages: fuxa-server
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS1wNDZnLThjM3EtODlwMs4AA2AM
FUXA SQL Injection vulnerability
Ecosystems: npm
Packages: fuxa-server
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
High
GSA_kwCzR0hTQS1xOHdjLWo1bTktMjd3M84AA1_5
Denial of Service issue in quinn-proto
Ecosystems: cargo
Packages: quinn-proto
Source: GitHub Advisory Database
Blast Radius: 24.0
Published: about 1 year ago
Low
GSA_kwCzR0hTQS1oYzVjLXI4bTUtMmdmaM4AA1_4
plone.restapi vulnerable to Stored Cross Site Scripting with SVG image in user portrait
Ecosystems: pypi
Packages: plone.restapi
Source: GitHub Advisory Database
Blast Radius: 8.0
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS1neDZyLXFjMnYtM3Azds4AA1_3
systeminformation SSID Command Injection Vulnerability
Ecosystems: npm
Packages: systeminformation
Source: GitHub Advisory Database
Blast Radius: 41.2
Published: about 1 year ago
Low
GSA_kwCzR0hTQS1qajdjLWpydjQtYzY1eM4AA1_2
plone.namedfile vulnerable to Stored Cross Site Scripting with SVG images
Ecosystems: pypi
Packages: plone.namedfile
Source: GitHub Advisory Database
Blast Radius: 9.0
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS1qNjQ2LWdqNXAtcDQ1Z84AA1_1
CefSharp affected by heap buffer overflow in WebP
Ecosystems: nuget
Packages: CefSharp.Common.NETCore, CefSharp.Common
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
High
GSA_kwCzR0hTQS13aGhyLTdmMnctcXFqMs4AA1_0
phonenumber panics on parsing crafted RFC3966 inputs
Ecosystems: cargo
Packages: phonenumber
Source: GitHub Advisory Database
Blast Radius: 12.5
Published: about 1 year ago
High
GSA_kwCzR0hTQS1jeHZwLTgyY3EtNTdoMs4AA1_z
blurhash panics on parsing crafted inputs
Ecosystems: cargo
Packages: blurhash
Source: GitHub Advisory Database
Blast Radius: 7.8
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS12NXdmLWpnMzctcjltNc4AA1_y
SQLpage vulnerable to public exposure of database credentials
Ecosystems: cargo
Packages: sqlpage
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Low
GSA_kwCzR0hTQS0ycjNjLW02djctOTM1NM4AA1_x
sudo-rs Session File Relative Path Traversal vulnerability
Ecosystems: cargo
Packages: sudo-rs
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Low
GSA_kwCzR0hTQS12OGdyLW01MzMtZ2hqOc4AA1_w
Vulnerable OpenSSL included in cryptography wheels
Ecosystems: pypi
Packages: cryptography
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1oNnJwLW1wcm0teGdjcc4AA1_v
plone.rest vulnerable to Denial of Service when ++api++ is used many times
Ecosystems: pypi
Packages: plone.rest
Source: GitHub Advisory Database
Blast Radius: 8.6
Published: about 1 year ago
Low
GSA_kwCzR0hTQS13bThxLTk5NzUteGg1ds4AA1_u
Zope vulnerable to Stored Cross Site Scripting with SVG images
Ecosystems: pypi
Packages: Zope
Source: GitHub Advisory Database
Blast Radius: 7.6
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS14cnBtLWhjY2ctMjh4N84AA1_d
Improper Input Validation in nocodb
Ecosystems: npm
Packages: nocodb
Source: GitHub Advisory Database
Blast Radius: 11.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1tcGc3LTJyeDktaDVxcM4AA1_V
Contao Cross-site Scripting vulnerabililty
Ecosystems: packagist
Packages: contao/core
Source: GitHub Advisory Database
Blast Radius: 16.8
Published: about 1 year ago
High
GSA_kwCzR0hTQS03MjVtLXc4MzItcTk3M84AA1_U
Composer allows cache poisoning from other projects built on the same host
Ecosystems: packagist
Packages: composer/composer
Source: GitHub Advisory Database
Blast Radius: 40.0
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS03Y2ZxLTcydzItMjRxNM4AA1_W
Yii2 allows attackers to execute any local .php file via a relative path in the view parameter
Ecosystems: packagist
Packages: yiisoft/yii2
Source: GitHub Advisory Database
Blast Radius: 44.4
Published: about 1 year ago
High
GSA_kwCzR0hTQS05bWNyLTg3M20teGN4cM4AA1_X
Tungstenite allows remote attackers to cause a denial of service
Ecosystems: cargo
Packages: tungstenite
Source: GitHub Advisory Database
Blast Radius: 29.4
Published: about 1 year ago
High
GSA_kwCzR0hTQS1jNjQ3LXB4bTItYzUyd84AA1-0
Vyper vulnerable to memory corruption in certain builtins utilizing `msize`
Ecosystems: pypi
Packages: vyper
Source: GitHub Advisory Database
Blast Radius: 19.2
Published: about 1 year ago
High
GSA_kwCzR0hTQS1weGc1LWgzNHItN3E4cM4AA1-z
GeoNode vulnerable to SSRF Bypass to return internal host data
Ecosystems: pypi
Packages: GeoNode
Source: GitHub Advisory Database
Blast Radius: 10.4
Published: about 1 year ago
High
GSA_kwCzR0hTQS1mdjJoLTc1M2otOWczOc4AA1-y
Sustainsys.Saml2 Insufficient Identity Provider Issuer Validation
Ecosystems: nuget
Packages: Kentor.AuthServices, Sustainsys.Saml2
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
High
GSA_kwCzR0hTQS14NGhoLXZqbTctZzJqds4AA1-x
Faktory Web Dashboard can lead to denial of service(DOS) via malicious user input
Ecosystems: go
Packages: github.com/contribsys/faktory
Source: GitHub Advisory Database
Blast Radius: 9.9
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS0yNzlmLXF3Z2gtaDVtcM4AA1-D
Jenkins does not exclude sensitive build variables from search
Ecosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
High
GSA_kwCzR0hTQS01NXdwLTNwcTQtdzhwOc4AA1-L
Jenkins temporary plugin file created with insecure permissions
Ecosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
High
GSA_kwCzR0hTQS0yNjJmLTc3cTUtcnF2Ns4AA1-E
Jenkins Build Failure Analyzer Plugin Cross-site Scripting vulnerability
Ecosystems: maven
Packages: com.sonyericsson.jenkins.plugins.bfa:build-failure-analyzer
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
High
GSA_kwCzR0hTQS01ajQ2LTVod3EtZ3doN84AA1-J
Jenkins Cross-site Scripting vulnerability
Ecosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS0yd3doLXFnaDgtdzl4d84AA1-F
Jenkins Build Failure Analyzer Plugin Cross-Site Request Forgery vulnerability
Ecosystems: maven
Packages: com.sonyericsson.jenkins.plugins.bfa:build-failure-analyzer
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Low
GSA_kwCzR0hTQS1xdjY0LXc5OWMtcWNyOc4AA1-K
Jenkins temporary uploaded file created with insecure permissions
Ecosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Low
GSA_kwCzR0hTQS1ocTg3LWg0amctdnhmd84AA1-C
Jenkins temporary uploaded file created with insecure permissions
Ecosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS01OHJxLTY5anAteGMyM84AA1-M
Jenkins Build Failure Analyzer Plugin Cross-Site Request Forgery vulnerability
Ecosystems: maven
Packages: com.sonyericsson.jenkins.plugins.bfa:build-failure-analyzer
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS01NXE2LXIzaG0tN2ZmNM4AA1-G
Jenkins Build Failure Analyzer Plugin missing permission check
Ecosystems: maven
Packages: com.sonyericsson.jenkins.plugins.bfa:build-failure-analyzer
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS1wajk4LTJ4ZjYtY2ZmNc4AA19n
ReportLab vulnerable to remote code execution via paraparser
Ecosystems: pypi
Packages: reportlab
Source: GitHub Advisory Database
Blast Radius: 40.5
Published: about 1 year ago
High
GSA_kwCzR0hTQS00ZjRyLXdndjItamp2Z84AA19i
Quarkus HTTP vulnerable to incorrect evaluation of permissions
Ecosystems: maven
Packages: io.quarkus:quarkus-keycloak-authorization, io.quarkus:quarkus-csrf-reactive, io.quarkus:quarkus-undertow, io.quarkus:quarkus-vertx-http
Source: GitHub Advisory Database
Blast Radius: 21.5
Published: about 1 year ago
Low
GSA_kwCzR0hTQS1mcnFjLWYyaDgtZmp2Zs4AA19h
Spring for GraphQL may be exposed to GraphQL context with values from a different session
Ecosystems: maven
Packages: org.springframework.graphql:spring-graphql
Source: GitHub Advisory Database
Blast Radius: 6.9
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS05cHY3LXZmdm0tNnZyN84AA19X
graphql Uncontrolled Resource Consumption vulnerability
Ecosystems: npm
Packages: graphql
Source: GitHub Advisory Database
Blast Radius: 29.8
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS04Yzh3LWY3d3AtMmpyMs4AA19Y
Sender can cause a receiver to overwrite files during ZIP extraction in Croc
Ecosystems: go
Packages: github.com/schollz/croc
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
High
GSA_kwCzR0hTQS0zNjRjLXZ2cXgtNDQ2Y84AA19Z
Croc sender may place ANSI or CSI escape sequences in filename to attach receiver's terminal device
Ecosystems: go
Packages: github.com/schollz/croc/v9
Source: GitHub Advisory Database
Blast Radius: 3.7
Published: about 1 year ago
High
GSA_kwCzR0hTQS1wcGpoLXhwNXYtNDZ3Y84AA19W
Croc sender may send dangerous new files to receiver
Ecosystems: go
Packages: github.com/schollz/croc/v9
Source: GitHub Advisory Database
Blast Radius: 3.7
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS03ZzN2LTRnZ3IteHZqZs4AA19a
Croc may expose secret to local users
Ecosystems: go
Packages: github.com/schollz/croc/v9
Source: GitHub Advisory Database
Blast Radius: 2.2
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS03bXA2LTkyOXAtcHFoas4AA19V
Croc requires senders to provide local IP addresses in cleartext
Ecosystems: go
Packages: github.com/schollz/croc/v9
Source: GitHub Advisory Database
Blast Radius: 2.5
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1ocDU2LXh2ZjQtZzZ3cs4AA19U
Cros secrets may be disclosed to untrusted relay
Ecosystems: go
Packages: github.com/schollz/croc/v9
Source: GitHub Advisory Database
Blast Radius: 2.5
Published: about 1 year ago
High
GSA_kwCzR0hTQS02NzczLXJmanYtYzU0d84AA18-
Dolibarr allows a remote privileged attacker to execute arbitrary code via a crafted command/script
Ecosystems: packagist
Packages: dolibarr/dolibarr
Source: GitHub Advisory Database
Blast Radius: 5.6
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS02MndmLWgyNnYtNW01N84AA19I
Cross Site Scripting vulnerability in Dolibarr ERP CRM
Ecosystems: packagist
Packages: dolibarr/dolibarr
Source: GitHub Advisory Database
Blast Radius: 7.5
Published: about 1 year ago
High
GSA_kwCzR0hTQS1nOGg3LW1jcDYtcGY0N84AA18_
File Upload vulnerability in Dolibarr ERP CRM
Ecosystems: packagist
Packages: dolibarr/dolibarr
Source: GitHub Advisory Database
Blast Radius: 6.8
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS12OTJmLWp4NnAtNzNyeM4AA18p
Improper Control of Generation of Code ('Code Injection') in jai-ext
Ecosystems: maven
Packages: it.geosolutions.jaiext.jiffle:jt-jiffle-language, it.geosolutions.jaiext.jiffle:jt-jiffle
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS0zY2poLXA2cHctamh2Oc4AA18e
Pow Mnesia cache doesn't invalidate all expired keys on startup
Ecosystems: hex
Packages: pow
Source: GitHub Advisory Database
Blast Radius: 15.5
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS02ZjlwLWc0NjYtZjh2OM4AA17_
blamer vulnerable to Arbitrary Argument Injection via the blameByFile() API
Ecosystems: npm
Packages: blamer
Source: GitHub Advisory Database
Blast Radius: 21.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS05NXhyLWNxNmgtdndyM84AA18A
Jodit Editor vulnerable to cross-site scripting
Ecosystems: npm
Packages: jodit
Source: GitHub Advisory Database
Blast Radius: 18.1
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS12cGpjLTRqY3YtamMyOc4AA17t
NATS nats-server allows directory traversal via unintended path to a management action
Ecosystems: go
Packages: github.com/nats-io/nats-server
Source: GitHub Advisory Database
Blast Radius: 22.6
Published: about 1 year ago
High
GSA_kwCzR0hTQS0ycThjLWdxZjQtbWczds4AA17s
Cross site scripting in librenms
Ecosystems: packagist
Packages: librenms/librenms
Source: GitHub Advisory Database
Blast Radius: 2.5
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS02cWpmLTdnM2otcXgyNc4AA17k
Neos CMS Cross Site Scripting vulnerability
Ecosystems: packagist
Packages: neos/media-browser
Source: GitHub Advisory Database
Blast Radius: 9.9
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS1yODdxLWZxMzctcHZyNs4AA17X
A remote command execution (RCE) vulnerability in the /api/runscript endpoint of FUXA
Ecosystems: npm
Packages: @frangoteam/fuxa
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS0zaGcyLXI3NXgtZzY5bc4AA17W
Vyper has incorrect re-entrancy lock when key is empty string
Ecosystems: pypi
Packages: vyper
Source: GitHub Advisory Database
Blast Radius: 12.6
Published: about 1 year ago
High
GSA_kwCzR0hTQS0zcDg2LTk5NTUtaDM5M84AA17V
Arbitrary File Overwrite in Eclipse JGit
Ecosystems: maven
Packages: org.eclipse.jgit:org.eclipse.jgit
Source: GitHub Advisory Database
Blast Radius: 34.7
Published: about 1 year ago
High
GSA_kwCzR0hTQS0yZzdyLTl4cTUtYzZods4AA167
Cross-Site Request Forgery (CSRF) in usememos/memos
Ecosystems: go
Packages: github.com/usememos/memos
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS12NHE5LXFncWYtN2p3cM4AA15s
Gradio arbitrary file upload vulnerability
Ecosystems: pypi
Packages: gradio
Source: GitHub Advisory Database
Blast Radius: 19.6
Published: about 1 year ago
High
GSA_kwCzR0hTQS0yMnJyLWYzcDgtNWdmOM4AA15b
Directus affected by VM2 sandbox escape vulnerability
Ecosystems: npm
Packages: directus
Source: GitHub Advisory Database
Blast Radius: 15.9
Published: about 1 year ago
Low
GSA_kwCzR0hTQS1wd2g4LTU4dnYtdnc0OM4AA15T
Jetty's OpenId Revoked authentication allows one request
Ecosystems: maven
Packages: org.eclipse.jetty:jetty-openid
Source: GitHub Advisory Database
Blast Radius: 5.4
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1xeHJxLTM3NnEtcDM5aM4AA14y
LibreNMS Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: librenms/librenms
Source: GitHub Advisory Database
Blast Radius: 1.6
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1xanB3LXJnNTYtamg4ds4AA143
LibreNMS Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: librenms/librenms
Source: GitHub Advisory Database
Blast Radius: 1.8
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1tNmpqLWZnbWgtM3A4cs4AA145
LibreNMS Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: librenms/librenms
Source: GitHub Advisory Database
Blast Radius: 1.6
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1qcDNjLWc0NnYtamcyY84AA14w
LibreNMS Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: librenms/librenms
Source: GitHub Advisory Database
Blast Radius: 1.6
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS01N20yLW1wYzctZ3dneM4AA14x
LibreNMS Code Injection vulnerability
Ecosystems: packagist
Packages: librenms/librenms
Source: GitHub Advisory Database
Blast Radius: 1.6
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS01amptLXFwNDgtcXA4Ns4AA144
LibreNMS Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: librenms/librenms
Source: GitHub Advisory Database
Blast Radius: 1.6
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1odnBxLTd2Y2MtNWhqNc4AA14n
Froala Editor Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: froala/wysiwyg-editor
Source: GitHub Advisory Database
Blast Radius: 9.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS12ODRmLTZyMzktY3BmY84AA14s
HashiCorp Vault Improper Input Validation vulnerability
Ecosystems: go
Packages: github.com/hashicorp/vault
Source: GitHub Advisory Database
Blast Radius: 22.9
Published: about 1 year ago
Low
GSA_kwCzR0hTQS1ndzVwLXE4bWotcDdnaM4AA14F
Miscompilation of wasm `i64x2.shr_s` instruction with constant input on x86_64
Ecosystems: cargo
Packages: wasmtime
Source: GitHub Advisory Database
Blast Radius: 7.5
Published: about 1 year ago
High
GSA_kwCzR0hTQS05MmpoLWd3Y2gtanEzOM4AA13q
PocketMine-MP server crash with certain invalid JSON payloads in `LoginPacket` due to dependency vulnerability (again)
Ecosystems: packagist
Packages: pocketmine/pocketmine-mp
Source: GitHub Advisory Database
Blast Radius: 15.6
Published: about 1 year ago
High
GSA_kwCzR0hTQS03OXJjLWpqaDYtcmM4Oc4AA13p
PocketMine-MP server crash due to incorrect EC curve used for LoginPacket identityPublicKey
Ecosystems: packagist
Packages: pocketmine/pocketmine-mp
Source: GitHub Advisory Database
Blast Radius: 15.6
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1obXI3LW00OGctNDhmNs4AA13o
Jetty accepts "+" prefixed value in Content-Length
Ecosystems: maven
Packages: org.eclipse.jetty:jetty-http
Source: GitHub Advisory Database
Blast Radius: 20.7
Published: about 1 year ago
Low
GSA_kwCzR0hTQS0zZ2g2LXY1djktNnY5as4AA13n
Jetty vulnerable to errant command quoting in CGI Servlet
Ecosystems: maven
Packages: org.eclipse.jetty.ee8:jetty-ee8-servlets, org.eclipse.jetty.ee9:jetty-ee9-servlets, org.eclipse.jetty.ee10:jetty-ee10-servlets, org.eclipse.jetty:jetty-servlets
Source: GitHub Advisory Database
Blast Radius: 13.7
Published: about 1 year ago
High
GSA_kwCzR0hTQS1tNG1tLXBnOTMtZnY3OM4AA13k
Undertow denial of service vulnerability
Ecosystems: maven
Packages: io.undertow:undertow-core
Source: GitHub Advisory Database
Blast Radius: 27.9
Published: about 1 year ago
High
GSA_kwCzR0hTQS01aGo5LW03NmcteHJjOM4AA13e
Apache HDFS Provider error message suggested
Ecosystems: pypi
Packages: apache-airflow-providers-apache-hdfs
Source: GitHub Advisory Database
Blast Radius: 9.4
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1jZ3dmLXc4MnEtNWpycs4AA13c
Apache Commons Compress denial of service vulnerability
Ecosystems: maven
Packages: org.apache.commons:commons-compress
Source: GitHub Advisory Database
Blast Radius: 24.1
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS0zcWMyLXYzaHAtNmN2OM4AA13Y
sidekiq Denial of Service vulnerability
Ecosystems: rubygems
Packages: sidekiq
Source: GitHub Advisory Database
Blast Radius: 25.1
Published: about 1 year ago
High
GSA_kwCzR0hTQS1wMjVtLWpwajQtcWNycs4AA127
Denial of Service Vulnerability in gRPC TCP Server (Posix-compatible platforms)
Ecosystems: pypi, rubygems
Packages: grpcio, grpc
Source: GitHub Advisory Database
Blast Radius: 61.2
Published: about 1 year ago
High
GSA_kwCzR0hTQS0yNHEyLTU5aG0tcmg5cs4AA12t
Strapi Improper Rate Limiting vulnerability
Ecosystems: npm
Packages: @strapi/plugin-users-permissions, @strapi/admin
Source: GitHub Advisory Database
Blast Radius: 25.3
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1tMjg0LTg1bWYtY2dyY84AA12s
Strapi's field level permissions not being respected in relationship title
Ecosystems: npm
Packages: @strapi/plugin-content-manager
Source: GitHub Advisory Database
Blast Radius: 23.5
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS12OGdnLTRtcTItODhxNM4AA12r
Strapi may leak sensitive user information, user reset password, tokens via content-manager views
Ecosystems: npm
Packages: @strapi/utils, @strapi/admin, @strapi/plugin-content-manager
Source: GitHub Advisory Database
Blast Radius: 20.1
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS00dzhyLTN4cnctdjI1Z84AA12q
Craft CMS Remote Code Execution vulnerability
Ecosystems: packagist
Packages: craftcms/cms
Source: GitHub Advisory Database
Blast Radius: 34.4
Published: about 1 year ago
High
GSA_kwCzR0hTQS02am13LTZteHctdzRqY84AA12e
BER/CER/DER decoder panics on invalid input
Ecosystems: cargo
Packages: bcder
Source: GitHub Advisory Database
Blast Radius: 15.3
Published: about 1 year ago
High
GSA_kwCzR0hTQS01cTY2LXY1M3EtcG0zNc4AA11p
Keycloak vulnerable to Plaintext Storage of User Password
Ecosystems: maven
Packages: org.keycloak:keycloak-core
Source: GitHub Advisory Database
Blast Radius: 26.9
Published: about 1 year ago
High
GSA_kwCzR0hTQS0zcWY5LXF4ZmotNHdoY84AA11o
Microsoft Security Advisory CVE-2023-36792: .NET Remote Code Execution Vulnerability
Ecosystems: nuget
Packages: Microsoft.NETCore.App.Runtime.win-x86, Microsoft.NETCore.App.Runtime.win-x64, Microsoft.NETCore.App.Runtime.win-arm64
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
High
GSA_kwCzR0hTQS0zOGZxLWg1aGMtZ3d2OM4AA11n
Microsoft Security Advisory CVE-2023-36794: .NET Remote Code Execution Vulnerability
Ecosystems: nuget
Packages: Microsoft.NETCore.App.Runtime.win-x86, Microsoft.NETCore.App.Runtime.win-x64, Microsoft.NETCore.App.Runtime.win-arm64
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
High
GSA_kwCzR0hTQS1nNHA4LWc3bXEtd3B4NM4AA11m
Microsoft Security Advisory CVE-2023-36793: .NET Remote Code Execution Vulnerability
Ecosystems: nuget
Packages: Microsoft.NETCore.App.Runtime.win-x86, Microsoft.NETCore.App.Runtime.win-x64, Microsoft.NETCore.App.Runtime.win-arm64
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
High
GSA_kwCzR0hTQS1oN2ptLWc4N3AtNTkzNc4AA11l
Microsoft Security Advisory CVE-2023-36796: .NET Remote Code Execution Vulnerability
Ecosystems: nuget
Packages: Microsoft.NETCore.App.Runtime.win-x86, Microsoft.NETCore.App.Runtime.win-x64, Microsoft.NETCore.App.Runtime.win-arm64
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1oM2h2LTYzcTUtamdwcs4AA11k
Microsoft Security Advisory CVE-2023-36799: .NET Denial of Service Vulnerability
Ecosystems: nuget
Packages: Microsoft.NETCore.App.Runtime.linux-musl-arm64, Microsoft.NETCore.App.Runtime.linux-arm64, Microsoft.NETCore.App.Runtime.linux-arm, Microsoft.NETCore.App.Runtime.linux-musl-arm, Microsoft.NETCore.App.Runtime.linux-musl-x64, Microsoft.NETCore.App.Runtime.linux-x64
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
High
GSA_kwCzR0hTQS1tanFoLXY1ZjItZzJtd84AA11j
Apache Airflow information exposure vulnerability
Ecosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Blast Radius: 20.7
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS13cGc4LW1mNmgtZ205Ms4AA11i
Apache Airflow Incorrect Authorization vulnerability
Ecosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Blast Radius: 13.7
Published: about 1 year ago
Statistics
Advisories: 20,807
Packages: 9,111
Repositories: 5,566
Ecosystems: 12
Filter by Severity
Moderate 8,889 High 7,322 Critical 3,078 Low 1,159
Filter by Ecosystem
maven 5,893 packagist 4,644 pypi 4,409 npm 3,832 go 2,319 nuget 1,553 cargo 896 rubygems 885 swift 33 hex 32 actions 21 pub 9
Filter by Package
tensorflow 433 tensorflow-gpu 427 tensorflow-cpu 423 moodle/moodle 367 Microsoft.ChakraCore 247 magento/community-edition 235 org.jenkins-ci.main:jenkins-core 193 typo3/cms 174 org.apache.tomcat:tomcat 132 pimcore/pimcore 118 dolibarr/dolibarr 113 typo3/cms-core 106 Django 100 microweber/microweber 94 drupal/core 92 phpmyadmin/phpmyadmin 92 silverstripe/framework 85 apache-airflow 85 drupal/drupal 78 librenms/librenms 74 Plone 72 thorsten/phpmyfaq 70 symfony/symfony 69 com.fasterxml.jackson.core:jackson-databind 69 github.com/usememos/memos 64 ansible 63 github.com/mattermost/mattermost/server/v8 61 actionpack 60 concrete5/concrete5 60 salt 56 org.apache.struts:struts2-core 55 org.keycloak:keycloak-core 52 shopware/platform 52 apache-superset 51 github.com/grafana/grafana 49 nova 47 baserproject/basercms 47 mlflow 47 com.liferay.portal:release.portal.bom 46 craftcms/cms 46 django 44 nokogiri 43 rdiffweb 42 plone 41 matrix-synapse 41 shopware/core 40 showdoc/showdoc 40 intelliants/subrion 39 vyper 38 org.apache.tomcat.embed:tomcat-embed-core 38 github.com/rancher/rancher 38 froxlor/froxlor 38 nilsteampassnet/teampass 37 github.com/mattermost/mattermost-server/v6 37 org.xwiki.platform:xwiki-platform-oldcore 37 github.com/hashicorp/vault 37 org.keycloak:keycloak-services 37 com.thoughtworks.xstream:xstream 37 mautic/core 37 org.elasticsearch:elasticsearch 36 com.jfinal:jfinal 36 k8s.io/kubernetes 36 snipe/snipe-it 35 moin 35 net.mingsoft:ms-mcms 35 gradio 34 zendframework/zendframework1 34 io.undertow:undertow-core 34 github.com/answerdev/answer 34 org.jenkins-ci.plugins:script-security 33 keystone 32 parse-server 31 Pillow 31 opencv-contrib-python 31 github.com/argoproj/argo-cd 31 opencv-python 31 shopware/shopware 30 getgrav/grav 29 github.com/hashicorp/consul 29 github.com/docker/docker 29 github.com/hashicorp/nomad 28 mediawiki/core 28 centreon/centreon 27 github.com/argoproj/argo-cd/v2 27 pillow 26 directus 26 github.com/cilium/cilium 26 prestashop/prestashop 26 electron 26 openssl-src 26 gogs.io/gogs 25 org.apache.solr:solr-core 25 rubygems-update 25 org.keycloak:keycloak-parent 25 org.eclipse.jetty:jetty-server 24 magento/core 24 contao/core-bundle 24 org.springframework.security:spring-security-core 24 zendframework/zendframework 23 remdex/livehelperchat 23 puppet 23 pocketmine/pocketmine-mp 23 grumpydictator/firefly-iii 23 rack 23 simplesamlphp/simplesamlphp 23 tribalsystems/zenario 22 getkirby/cms 22 ckb 22 org.bouncycastle:bcprov-jdk14 22 Microsoft.AspNetCore.App.Runtime.win-x86 21 glance 21 org.apache.nifi:nifi 21 @openzeppelin/contracts-upgradeable 21 org.apache.openmeetings:openmeetings-parent 21 activerecord 21 Microsoft.AspNetCore.App.Runtime.win-x64 21 funadmin/funadmin 20 github.com/ethereum/go-ethereum 20 @openzeppelin/contracts 20 Microsoft.AspNetCore.App.Runtime.win-arm 20 org.springframework:spring-core 20 langchain 20 code.gitea.io/gitea 20 org.cloudfoundry.identity:cloudfoundry-identity-server 20 laravel/framework 20 contao/contao 19 github.com/goharbor/harbor 19 org.xwiki.platform:xwiki-platform-web-templates 19 github.com/traefik/traefik/v2 19 wasmtime 19 DotNetNuke.Core 19 forkcms/forkcms 18 topthink/framework 18 golang.org/x/net 18 cobbler 18 Microsoft.AspNetCore.App.Runtime.win-arm64 18 com.vaadin:vaadin-bom 18 mercurial 18 next 18 Microsoft.AspNetCore.App.Runtime.osx-x64 18 cockpit-hq/cockpit 18 Microsoft.AspNetCore.App.Runtime.linux-musl-x64 18 mindsdb 18 Microsoft.AspNetCore.App.Runtime.linux-arm64 18 Microsoft.AspNetCore.App.Runtime.linux-x64 18 Microsoft.AspNetCore.App.Runtime.linux-arm 18 com.liferay.portal:release.dxp.bom 18 genix/cms 17 francoisjacquet/rosariosis 17 notebook 17 Microsoft.AspNetCore.App.Runtime.linux-musl-arm64 17 org.apache.geode:geode-core 17 cakephp/cakephp 17 neutron 17 ezsystems/ezpublish-kernel 17 opencart/opencart 17 symfony/security 17 helm.sh/helm/v3 17 rusqlite 16 tinymce 16 org.bouncycastle:bcprov-jdk15 16 ethyca-fides 16 org.apache.activemq:activemq-client 16 typo3/cms-backend 16 PaddlePaddle 16 yetiforce/yetiforce-crm 16 org.apache.dubbo:dubbo 16 github.com/zitadel/zitadel 16 paddlepaddle 16 openmage/magento-lts 16 pyload-ng 16 sequelize 16 phpbb/phpbb 16 org.apache.jspwiki:jspwiki-main 16 cryptography 16 smarty/smarty 15 october/system 15 surrealdb 15 ec-cube/ec-cube 15 calibreweb 15 ghost 15 org.apache.struts.xwork:xwork-core 15 ckeditor4 15 OctoPrint 15 symfony/security-http 15 modoboa 14 github.com/containerd/containerd 14 publify_core 14 silverstripe/cms 14 pyftpdlib 14 joplin 14 org.apache.inlong:manager-pojo 14 lollms 14 swagger-ui 14 org.xwiki.platform:xwiki-platform-web 14 camaleon_cms 14 rails-html-sanitizer 14 bolt/bolt 14 feehi/cms 14 org.apache.tomcat:tomcat-coyote 14
Filter by Repository
https://github.com/tensorflow/tensorflow 433 https://github.com/moodle/moodle 218 https://github.com/chakra-core/ChakraCore 214 https://github.com/xwiki/xwiki-platform 183 https://github.com/jenkinsci/jenkins 150 https://github.com/pimcore/pimcore 113 https://github.com/django/django 113 https://github.com/apache/tomcat 101 https://github.com/apache/airflow 100 https://github.com/microweber/microweber 88 https://github.com/keycloak/keycloak 79 https://github.com/TYPO3/typo3 75 https://github.com/FasterXML/jackson-databind 70 https://github.com/thorsten/phpmyfaq 69 https://github.com/librenms/librenms 66 https://github.com/silverstripe/silverstripe-framework 64 https://github.com/symfony/symfony 64 https://github.com/usememos/memos 64 https://github.com/rails/rails 59 https://github.com/ansible/ansible 58 https://github.com/Dolibarr/dolibarr 56 https://github.com/kubernetes/kubernetes 53 https://github.com/python-pillow/Pillow 52 https://github.com/apache/struts 46 https://github.com/spring-projects/spring-framework 46 https://github.com/shopware/platform 43 https://github.com/argoproj/argo-cd 42 https://github.com/ikus060/rdiffweb 42 https://github.com/concretecms/concretecms 41 https://github.com/grafana/grafana 41 https://github.com/star7th/showdoc 38 https://github.com/vyperlang/vyper 38 https://github.com/phpmyadmin/phpmyadmin 38 https://github.com/magento/magento2 38 https://github.com/plone/Products.CMFPlone 37 https://github.com/x-stream/xstream 37 https://github.com/openstack/nova 37 https://github.com/octobercms/october 35 https://github.com/mautic/mautic 35 https://github.com/rancher/rancher 34 https://github.com/craftcms/cms 34 https://github.com/saltstack/salt 34 https://github.com/answerdev/answer 34 https://github.com/apache/activemq 33 https://github.com/dotnet/runtime 33 https://github.com/sparklemotion/nokogiri 32 https://github.com/opencv/opencv 32 https://github.com/go-gitea/gitea 32 https://github.com/matrix-org/synapse 32 https://github.com/gradio-app/gradio 31 https://github.com/parse-community/parse-server 31 https://github.com/PaddlePaddle/Paddle 31 https://github.com/mlflow/mlflow 31 https://github.com/snipe/snipe-it 30 https://github.com/CVEProject/cvelist 28 https://github.com/shopware/shopware 28 https://github.com/openstack/keystone 28 https://github.com/apache/inlong 27 https://github.com/cilium/cilium 26 https://github.com/baserproject/basercms 26 https://github.com/froxlor/froxlor 26 https://github.com/umbraco/Umbraco-CMS 25 https://github.com/github/advisory-database 25 https://github.com/contao/contao 25 https://github.com/directus/directus 25 https://github.com/electron/electron 25 https://github.com/getgrav/grav 24 https://github.com/gogs/gogs 24 https://github.com/strapi/strapi 24 https://github.com/livehelperchat/livehelperchat 23 https://github.com/pmmp/PocketMine-MP 23 https://github.com/apache/nifi 23 https://github.com/TYPO3/TYPO3.CMS 23 https://github.com/eclipse/jetty.project 23 https://github.com/firefly-iii/firefly-iii 23 https://github.com/hashicorp/consul 22 https://github.com/nervosnetwork/ckb 22 https://github.com/netty/netty 22 https://github.com/PrestaShop/PrestaShop 22 https://github.com/langchain-ai/langchain 22 https://github.com/jenkinsci/script-security-plugin 21 https://github.com/apache/cxf 21 https://github.com/undertow-io/undertow 20 https://github.com/funadmin/funadmin 20 https://github.com/OpenZeppelin/openzeppelin-contracts 20 https://github.com/bytecodealliance/wasmtime 20 https://github.com/OpenNMS/opennms 20 https://github.com/jeecgboot/jeecg-boot 20 https://github.com/simplesamlphp/simplesamlphp 20 https://github.com/moby/moby 20 https://github.com/bcgit/bc-java 19 https://github.com/traefik/traefik 19 https://github.com/cloudfoundry/uaa 19 https://github.com/zitadel/zitadel 19 https://github.com/nilsteampassnet/teampass 19 https://github.com/goharbor/harbor 19 https://github.com/getkirby/kirby 19 https://github.com/nilsteampassnet/TeamPass 18 https://github.com/rubygems/rubygems 18 https://github.com/helm/helm 18 https://github.com/geoserver/geoserver 18 https://github.com/rack/rack 18 https://github.com/intelliants/subrion 18 https://github.com/hashicorp/vault 17 https://github.com/mindsdb/mindsdb 17 https://github.com/liufee/cms 17 https://github.com/opencast/opencast 17 https://github.com/vaadin/platform 17 https://github.com/backstage/backstage 17 https://github.com/mattermost/mattermost 16 https://github.com/ethyca/fides 16 https://github.com/yetiforcecompany/yetiforcecrm 16 https://github.com/forkcms/forkcms 16 https://github.com/etcd-io/etcd 16 https://github.com/TYPO3-CMS/core 16 https://github.com/sequelize/sequelize 16 https://github.com/laravel/framework 16 https://github.com/denoland/deno 16 https://github.com/ethereum/go-ethereum 16 https://github.com/pyload/pyload 16 https://github.com/tinymce/tinymce 16 https://github.com/OpenMage/magento-lts 16 https://github.com/rusqlite/rusqlite 16 https://github.com/centreon/centreon 15 https://github.com/vantage6/vantage6 15 https://github.com/apache/camel 15 https://github.com/puppetlabs/puppet 15 https://github.com/zendframework/zendframework 15 https://github.com/dompdf/dompdf 15 https://github.com/pyca/cryptography 15 https://github.com/cobbler/cobbler 15 https://github.com/surrealdb/surrealdb 15 https://github.com/decidim/decidim 15 https://github.com/PHPMailer/PHPMailer 15 https://github.com/ckeditor/ckeditor4 14 https://github.com/vercel/next.js 14 https://github.com/cockpit-hq/cockpit 14 https://github.com/xuxueli/xxl-job 14 https://github.com/containerd/containerd 14 https://github.com/dotnet/aspnetcore 14 https://github.com/aio-libs/aiohttp 14 https://github.com/hashicorp/nomad 14 https://github.com/rails/rails-html-sanitizer 14 https://github.com/twisted/twisted 14 https://github.com/janeczku/calibre-web 14 https://github.com/dromara/hutool 13 https://github.com/publify/publify 13 https://github.com/OpenRefine/OpenRefine 13 https://github.com/golang/go 13 https://github.com/quarkusio/quarkus 13 https://github.com/TryGhost/Ghost 13 https://github.com/apache/dolphinscheduler 13 https://github.com/ming-soft/MCMS 13 https://github.com/laurent22/joplin 13 https://github.com/modoboa/modoboa 13 https://github.com/swagger-api/swagger-ui 13 https://github.com/OPCFoundation/UA-.NETStandard 13 https://github.com/nodejs/undici 13 https://github.com/openfga/openfga 12 https://github.com/centreon/centreon-archived 12 https://github.com/openstack/glance 12 https://github.com/pimcore/admin-ui-classic-bundle 12 https://github.com/puma/puma 12 https://github.com/smarty-php/smarty 12 https://github.com/1Panel-dev/1Panel 12 https://github.com/containers/podman 12 https://github.com/opencontainers/runc 12 https://github.com/PHPOffice/PhpSpreadsheet 12 https://github.com/apache/kylin 12 https://github.com/patriksimek/vm2 12 https://github.com/urllib3/urllib3 12 https://github.com/wagtail/wagtail 12 https://github.com/igniterealtime/Openfire 11 https://github.com/Pylons/waitress 11 https://github.com/pomerium/pomerium 11 https://github.com/ezsystems/ezpublish-kernel 11 https://github.com/getsentry/sentry 11 https://github.com/Studio-42/elFinder 11 https://github.com/cri-o/cri-o 11 https://github.com/drupal/core 11 https://github.com/spring-projects/spring-security 11 https://github.com/scrapy/scrapy 11 https://github.com/nats-io/nats-server 11 https://github.com/thorsten/phpMyFAQ 11 https://github.com/top-think/framework 11 https://github.com/yiisoft/yii2 11 https://github.com/dpgaspar/Flask-AppBuilder 11 https://github.com/onionshare/onionshare 11 https://github.com/zenml-io/zenml 11 https://github.com/matrix-org/matrix-js-sdk 11 https://github.com/cloudflare/cfrpki 11 https://github.com/Sylius/Sylius 11 https://github.com/dolibarr/dolibarr 11 https://github.com/owen2345/camaleon-cms 11 https://github.com/NodeBB/NodeBB 11 https://github.com/WWBN/AVideo 11 https://github.com/cakephp/cakephp 11 https://github.com/vaadin/flow 11 https://github.com/jenkinsci/git-plugin 10