Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Moderate Security Advisories

Browse all Security Advisories for Moderate

Loading...
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTI0cjgtZm05ci1jcGoy
Low severity vulnerability that affects com.linecorp.armeria:armeria
Ecosystems: maven
Packages: com.linecorp.armeria:armeria
Source: GitHub Advisory Database
Blast Radius: 11.5
Published: almost 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWh2bWYtcjkyci0yN2hy
Django allows unintended model editing
Ecosystems: pypi
Packages: Django
Source: GitHub Advisory Database
Blast Radius: 32.9
Published: almost 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJoNDYtM2ZnYy1tdnJm
Validation bypass is possible in Json Pattern Validator
Ecosystems: npm
Packages: jpv
Source: GitHub Advisory Database
Blast Radius: 9.5
Published: almost 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTI2cDgteHJqMi1tdjUz
Apache NiFi process group information disclosure
Ecosystems: maven
Packages: org.apache.nifi:nifi, org.apache.nifi:nifi-web-api
Source: GitHub Advisory Database
Blast Radius: 9.8
Published: almost 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTc0NHItdnYyZy0yeDZn
Apache NiFi information disclosure by XXE
Ecosystems: maven
Packages: org.apache.nifi:nifi, org.apache.nifi:nifi-security
Source: GitHub Advisory Database
Blast Radius: 9.4
Published: almost 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTR4NnYtcndoNC01NWp3
Pomelo allows external control of critical state data
Ecosystems: npm
Packages: pomelo
Source: GitHub Advisory Database
Blast Radius: 15.2
Published: almost 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZyamMtNHB3ci0zdnA3
Cross-Site Scripting in iobroker.web
Ecosystems: npm
Packages: iobroker.web
Source: GitHub Advisory Database
Blast Radius: 4.3
Published: almost 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTVoOWotcTZqMi0yNTNm
Unescaped exception messages in error responses in Jetty
Ecosystems: maven
Packages: org.eclipse.jetty:jetty-server
Source: GitHub Advisory Database
Blast Radius: 27.7
Published: almost 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTR2cGMtNWp4NC1jZnFn
User enumeration leak using switch user functionality in Symfony
Ecosystems: packagist
Packages: symfony/symfony, symfony/security-http
Source: GitHub Advisory Database
Blast Radius: 23.3
Published: almost 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWZwZmYtMzg0ai12eHE3
Data leakage via SQL Injection in Pimcore
Ecosystems: packagist
Packages: pimcore/pimcore
Source: GitHub Advisory Database
Blast Radius: 16.2
Published: almost 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW01MngtMjlwcS13M3Z2
Pannellum Cross-Site Scripting due to data not being sanitized for URIs or vbscript
Ecosystems: npm
Packages: pannellum
Source: GitHub Advisory Database
Blast Radius: 9.3
Published: almost 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXEzcDQtZ3c3ci13cWpj
Apache Airflow vulnerable to XSS and local file disclosure
Ecosystems: pypi
Packages: airflow
Source: GitHub Advisory Database
Blast Radius: 9.0
Published: almost 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTV3aHEtajVxZy13anZw
Stored Cross-Site Scripting vulnerability in admin component of DotNetNuke
Ecosystems: nuget
Packages: DotNetNuke.Core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXBmOGYtdzI2Ny1tcTJo
The rack-cors rubygem may allow directory traveral
Ecosystems: rubygems
Packages: rack-cors
Source: GitHub Advisory Database
Blast Radius: 24.7
Published: almost 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWp2eDUtcm02cS1neDdw
Lack of access control on upoaded files
Ecosystems: packagist
Packages: silverstripe/assets, silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 19.3
Published: almost 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXc3cjctcjhyOS12cmcy
Session fixation in change password form
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 22.9
Published: almost 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXhtNmoteDM0Mi1nd3E5
SilverStripe Versioned Files module Unpublished files are exposed publicly
Ecosystems: packagist
Packages: silverstripe/framework, symbiote/silverstripe-versionedfiles
Source: GitHub Advisory Database
Blast Radius: 19.3
Published: almost 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWc5OTYtcTVyOC13N2cy
Symfony Cross-site Scripting (XSS) vulnerability
Ecosystems: packagist
Packages: drupal/drupal, drupal/core, symfony/symfony, symfony/framework-bundle
Source: GitHub Advisory Database
Blast Radius: 25.8
Published: almost 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWZtNjgtODltOC00Z2pq
Composer JavaScript injection possible via html comments
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 6.6
Published: almost 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXh2NjktZjd4NS1yNHF3
Magento Cross-Site Scripting via Attribute Set Name
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 5.8
Published: almost 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTYyZngtM3Y0Zi1td3ht
Bypass of sitemp access restrictions
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 7.0
Published: almost 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTQyN2ctMnI4My0zY2Nt
Information disclosure through processing of external XML entities
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 5.3
Published: almost 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTdxcXItM3BqMy1xMmY1
XSS issues in the management interface
Ecosystems: maven
Packages: org.opencms:opencms-core
Source: GitHub Advisory Database
Blast Radius: 8.2
Published: almost 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJwNnAtdjY5cC05bW05
XSS in login form
Ecosystems: maven
Packages: org.opencms:opencms-core
Source: GitHub Advisory Database
Blast Radius: 8.2
Published: almost 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTM2aGYtNmhwMi05ZzRj
Local file inclusion allows unauthorized access to internal resources in Alkacon OpenCms
Ecosystems: maven
Packages: org.opencms:opencms-core
Source: GitHub Advisory Database
Blast Radius: 5.8
Published: almost 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWZ4cDgtN2g1dy1oMjM1
XSS in search engine
Ecosystems: maven
Packages: org.opencms:opencms-core
Source: GitHub Advisory Database
Blast Radius: 8.2
Published: almost 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXB3cmYtcTdoOC1qanI3
Authorization Bypass Through User-Controlled Key in Bagisto
Ecosystems: packagist
Packages: bagisto/bagisto
Source: GitHub Advisory Database
Blast Radius: 6.8
Published: about 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTYyNjgtdjQzNC00NW01
Cross-site Scripting in Grav
Ecosystems: packagist
Packages: getgrav/grav
Source: GitHub Advisory Database
Blast Radius: 5.8
Published: about 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW01NTMtOXdteC01MzNo
Cross-site scripting in Dolibarr
Ecosystems: packagist
Packages: dolibarr/dolibarr
Source: GitHub Advisory Database
Blast Radius: 4.7
Published: about 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTU4cDgtOWc1OS1xMmhy
Potential DOS attack due to unrestricted attachment count in messages
Ecosystems: maven
Packages: org.apache.cxf:apache-cxf, org.apache.cxf:cxf
Source: GitHub Advisory Database
Blast Radius: 13.4
Published: about 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWpxd2Mtam01Ni13Y3dq
Cross-site scripting in Jupyter Notebook
Ecosystems: pypi
Packages: notebook
Source: GitHub Advisory Database
Blast Radius: 25.3
Published: about 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWNqOHAtNTN2OS0yYzI2
Cross-site Scripting in Bolt
Ecosystems: packagist
Packages: bolt/bolt
Source: GitHub Advisory Database
Blast Radius: 14.4
Published: about 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJjNzUtY2Y1Yy1teHZo
Use of Cryptographically Weak Pseudo-Random Number Generator in org.pac4j:pac4j-saml
Ecosystems: maven
Packages: org.pac4j:pac4j-saml
Source: GitHub Advisory Database
Blast Radius: 9.6
Published: about 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWMzZ3YtOWN4Zi02ZjU3
Loofah Allows Cross-site Scripting
Ecosystems: rubygems
Packages: loofah
Source: GitHub Advisory Database
Blast Radius: 30.9
Published: about 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXh3eDYtdm1qNC01cnY4
Denial of service via deserialization attack in nifi
Ecosystems: maven
Packages: org.apache.nifi:nifi-framework-cluster-protocol
Source: GitHub Advisory Database
Blast Radius: 9.3
Published: about 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXhnNTktbTd3eC04NTNx
Cross-site Scripting in node-red-dashboard
Ecosystems: npm
Packages: node-red-dashboard
Source: GitHub Advisory Database
Blast Radius: 13.7
Published: about 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXI1M3ctZzR4bS0zZ2M2
Haml vulnerable to cross-site scripting
Ecosystems: rubygems
Packages: haml
Source: GitHub Advisory Database
Blast Radius: 31.0
Published: about 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXY3eDMtN2h3Ny1wY2pn
Renovate vulnerable to leakage of temporary repository tokens into Pull Request comments
Ecosystems: npm
Packages: renovate
Source: GitHub Advisory Database
Blast Radius: 13.2
Published: about 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTk3NGotd2p4eC13Z2dq
Incorrect Access Control vulnerability in api-platform/core
Ecosystems: packagist
Packages: api-platform/core
Source: GitHub Advisory Database
Blast Radius: 23.6
Published: about 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJmaDgtMjVoOS1taGdm
Cross-site Scripting in YII2-CMS
Ecosystems: packagist
Packages: yii2mod/yii2-cms
Source: GitHub Advisory Database
Blast Radius: 6.1
Published: about 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWY0aGgteHhxaC13Z3Bx
Exposure of Sensitive Information to an Unauthorized Actor in LibreNMS
Ecosystems: packagist
Packages: librenms/librenms
Source: GitHub Advisory Database
Blast Radius: 1.6
Published: about 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTI3N3YtZ3dmci1obXBq
Missing Authentication for Critical Function in LibreNMS
Ecosystems: packagist
Packages: librenms/librenms
Source: GitHub Advisory Database
Blast Radius: 2.7
Published: about 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTdxbWctcWc1My1tcnA4
Cross-site scripting in Apache JSPWiki
Ecosystems: maven
Packages: org.apache.jspwiki:jspwiki-war
Source: GitHub Advisory Database
Blast Radius: 8.2
Published: about 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTNyeDIteDZteC1ncmoz
Cross-site scripting in Apache JSPWiki
Ecosystems: maven
Packages: org.apache.jspwiki:jspwiki-war
Source: GitHub Advisory Database
Blast Radius: 8.2
Published: about 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWd3ZnEtcXdtcC14OXhn
Cross-site scripting in Apache JSPWiki
Ecosystems: maven
Packages: org.apache.jspwiki:jspwiki-war
Source: GitHub Advisory Database
Blast Radius: 8.2
Published: about 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWc2d3ctMng0My1oOTYz
Cross-site scripting in Apache JSPWiki
Ecosystems: maven
Packages: org.apache.jspwiki:jspwiki-war
Source: GitHub Advisory Database
Blast Radius: 8.2
Published: about 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXYzZjYtZjI5Zi1yZ3Zw
Missing Authorization in Drupal
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 24.2
Published: about 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTVtMnYtaGM2NC01Nmg2
Rubyzip denial of service
Ecosystems: rubygems
Packages: rubyzip
Source: GitHub Advisory Database
Blast Radius: 32.0
Published: about 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXE4d2MtOXh2cC1nM2Mz
Cross-site scripting in Sakai
Ecosystems: maven
Packages: org.sakaiproject:chat-base
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJ3cHItODNnMy05Nmc3
Cross-site scripting in padrino-contrib
Ecosystems: rubygems
Packages: padrino-contrib
Source: GitHub Advisory Database
Blast Radius: 9.3
Published: about 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZtNHItY2dtMy02cTdx
Cross-Site Scripting in status-board
Ecosystems: npm
Packages: status-board
Source: GitHub Advisory Database
Blast Radius: 6.4
Published: about 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTg4NjQtcmhtdy01bTZm
Status Board vulnerable to Cross-Site Scripting before v1.1.82
Ecosystems: npm
Packages: status-board
Source: GitHub Advisory Database
Blast Radius: 6.4
Published: about 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTRmZ3EtZ3E5Zy0zcnc3
Improper Verification of Cryptographic Signature in keycloak
Ecosystems: maven
Packages: org.keycloak:keycloak-core
Source: GitHub Advisory Database
Blast Radius: 24.8
Published: about 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTN2NDMtODc3eC1xZ21x
Moderate severity vulnerability that affects league/commonmark
Ecosystems: packagist
Packages: league/commonmark
Source: GitHub Advisory Database
Blast Radius: 32.8
Published: about 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTYzcWMtcDJ4NC05Zmdm
Improper Handling of Exceptional Conditions and Origin Validation Error in Eclipse Paho Java client library
Ecosystems: maven
Packages: org.eclipse.paho:org.eclipse.paho.client.mqttv3
Source: GitHub Advisory Database
Blast Radius: 28.0
Published: about 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWd2eHYtNWZwMi0zNThx
Incorrect Resource Transfer Between Spheres in eclipse-wtp
Ecosystems: maven
Packages: com.diffplug.spotless:spotless-eclipse-groovy, com.diffplug.spotless:spotless-eclipse-cdt, com.diffplug.spotless:spotless-eclipse-wtp
Source: GitHub Advisory Database
Blast Radius: 4.1
Published: about 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWZjanctOHJoai1nd3dj
Authentication Bypass in Devise
Ecosystems: rubygems
Packages: devise
Source: GitHub Advisory Database
Blast Radius: 28.4
Published: about 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTUzNnEtOGd4eC1tNzgy
Cross-Site Scripting in dojo
Ecosystems: npm
Packages: dojo
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWZ4aDYtdzQ3Ni1oZ3I0
Directory Traversal in SharpCompress
Ecosystems: nuget
Packages: sharpcompress
Source: GitHub Advisory Database
Blast Radius: 12.9
Published: about 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWdqaDQtZmN2My13aHBx
Cross-Site Scripting in webtorrent
Ecosystems: npm
Packages: webtorrent
Source: GitHub Advisory Database
Blast Radius: 17.8
Published: about 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJqNXgtNTZwNi1oajZ4
Path Traversal in statichttpserver
Ecosystems: npm
Packages: statichttpserver
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTRxOTgtd3I3Mi1oMzV3
Improper input validation in Apache Santuario XML Security for Java
Ecosystems: maven
Packages: org.apache.santuario:xmlsec
Source: GitHub Advisory Database
Blast Radius: 18.8
Published: about 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWY1ZjQtbTdxcC13Nmdj
Cross-site Scripting in Jooby
Ecosystems: maven
Packages: org.jooby:jooby
Source: GitHub Advisory Database
Blast Radius: 10.6
Published: about 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZ4NnYtMnJnNi04NjVo
Cross-site Scripting in django-js-reverse
Ecosystems: pypi
Packages: django-js-reverse
Source: GitHub Advisory Database
Blast Radius: 14.9
Published: about 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLThjcHctNzNmMi13NTht
Cross-Site Scripting in selectize-plugin-a11y
Ecosystems: npm
Packages: selectize-plugin-a11y
Source: GitHub Advisory Database
Blast Radius: 3.7
Published: about 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTVxZnYtcnI3OS1jaHg1
Cross-site Scripting in Ignite Realtime Openfire
Ecosystems: maven
Packages: org.igniterealtime.openfire:xmppserver
Source: GitHub Advisory Database
Blast Radius: 9.3
Published: about 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWpwNnIteGNqai01aDdy
Cross-Site Scripting in cyberchef
Ecosystems: npm
Packages: cyberchef
Source: GitHub Advisory Database
Blast Radius: 6.6
Published: about 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTc3amYtZmpqZi14Y3d3
Invalid Curve Attack in openpgp
Ecosystems: npm
Packages: openpgp
Source: GitHub Advisory Database
Blast Radius: 18.3
Published: about 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTVxNTQtOHA5ai14NzRq
Cross-site Scripting in pandao editor.md
Ecosystems: npm
Packages: editor.md
Source: GitHub Advisory Database
Blast Radius: 12.7
Published: about 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXg2NWMtNGZnai01ZmMz
Cross-site Scripting in pandao
Ecosystems: npm
Packages: editor.md
Source: GitHub Advisory Database
Blast Radius: 12.7
Published: about 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTY1cDgtM2htNC1oOWg4
Denial of Service in rgb2hex
Ecosystems: npm
Packages: rgb2hex
Source: GitHub Advisory Database
Blast Radius: 27.7
Published: about 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTNqNXgtN2NjZi1wcGdt
Cross-site scripting in recommender-xblock
Ecosystems: pypi
Packages: recommender-xblock
Source: GitHub Advisory Database
Blast Radius: 10.6
Published: about 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTRwOGYtbW1mai1yNDVn
Cross-site scripting in fat_free_crm
Ecosystems: rubygems
Packages: fat_free_crm
Source: GitHub Advisory Database
Blast Radius: 9.8
Published: about 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWZwcXAtdjMyMy00NHh2
Cross-site scripting in Apache Ranger
Ecosystems: maven
Packages: org.apache.ranger:ranger
Source: GitHub Advisory Database
Blast Radius: 1.8
Published: about 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTRtcTUtbWo1OS1xcTlj
Allocation of Resources Without Limits or Throttling in Apache Tika
Ecosystems: maven
Packages: org.apache.tika:tika-parsers
Source: GitHub Advisory Database
Blast Radius: 23.7
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWp2cHAtaHhqai01Y2Nj
Improper Input Validation and Missing Authentication for Critical Function in Apache ActiveMQ
Ecosystems: maven
Packages: org.apache.activemq:activemq-client
Source: GitHub Advisory Database
Blast Radius: 18.7
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWdyZ20tcHBoNS1qNWg3
Exposure of Sensitive Information to an Unauthorized Actor in ansible
Ecosystems: pypi
Packages: ansible
Source: GitHub Advisory Database
Blast Radius: 22.5
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTdqOTMtMmg2ci1obTQ5
Cross-Site Scripting in http-file-server
Ecosystems: npm
Packages: http-file-server
Source: GitHub Advisory Database
Blast Radius: 1.6
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWo2NTctNTlydi1xd202
Cross-Site Scripting in min-http-server
Ecosystems: npm
Packages: min-http-server
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWhoNTYteDYyZy1ndmhj
Cross-site scripting in CLEditor
Ecosystems: nuget
Packages: CLEditor
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXg1cnEtajJ4Zy1oN3Ft
Regular Expression Denial of Service (ReDoS) in lodash
Ecosystems: npm
Packages: lodash-amd, lodash-es, lodash
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTVmcmgtOGNtai1nYzU5
System.Management.Automation subject to bypass via script debugging
Ecosystems: nuget
Packages: System.Management.Automation
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWNtZmctODd2cS1nNWc0
Deserialization of untrusted data in FasterXML jackson-databind
Ecosystems: maven
Packages: com.fasterxml.jackson.core:jackson-databind
Source: GitHub Advisory Database
Blast Radius: 31.8
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW1mdjgtcTM5Zi1tZ2Zn
Cross-site Scripting in invenio-communities
Ecosystems: pypi
Packages: invenio-communities
Source: GitHub Advisory Database
Blast Radius: 8.0
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWo5bTItNmhxMi00cjNj
Cross-site Scripting in invenio-previewer
Ecosystems: pypi
Packages: invenio-previewer
Source: GitHub Advisory Database
Blast Radius: 10.9
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZ4aDMtbXZ2Ny0yNjVq
Cross-site scripting invenio-records
Ecosystems: pypi
Packages: invenio-records
Source: GitHub Advisory Database
Blast Radius: 11.0
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTk0bWYteGZnNS1yMjQ3
Invenio-App vulnerable to host header injection attack
Ecosystems: pypi
Packages: invenio-app
Source: GitHub Advisory Database
Blast Radius: 11.7
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXdnOW0tZ3czaC1oZzgz
field_test gem contains injection vulnerability
Ecosystems: rubygems
Packages: field_test
Source: GitHub Advisory Database
Blast Radius: 11.4
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTY2NzctODNwcC1mODYy
Cross-Site Scripting in @nuxt/devalue
Ecosystems: npm
Packages: @nuxt/devalue
Source: GitHub Advisory Database
Blast Radius: 29.3
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJtcDUtbTk2OC1nd3Iy
Path Traversal in http-file-server
Ecosystems: npm
Packages: http-file-server
Source: GitHub Advisory Database
Blast Radius: 1.6
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTh3M2otZzk4My04amg1
Sensitive Data Exposure in parse-server
Ecosystems: npm
Packages: parse-server
Source: GitHub Advisory Database
Blast Radius: 16.3
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTVwNXctajNnNy13NHd2
Authentication bypass via incorrect XML canonicalization and DOM traversal in saml2-js
Ecosystems: npm
Packages: saml2-js
Source: GitHub Advisory Database
Blast Radius: 26.5
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTR4Y3YtOWpqeC1nZmoz
Denial of Service in mem
Ecosystems: npm
Packages: mem
Source: GitHub Advisory Database
Blast Radius: 32.3
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW1waDQtdmhyeC1tdjY3
Deserialization of Untrusted Data in FasterXML jackson-databind
Ecosystems: maven
Packages: com.fasterxml.jackson.core:jackson-databind
Source: GitHub Advisory Database
Blast Radius: 31.8
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZjN3YtMmY0OS04aDI2
Django Incorrect HTTP detection with reverse-proxy connecting via HTTPS
Ecosystems: pypi
Packages: Django
Source: GitHub Advisory Database
Blast Radius: 26.8
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTM4Y2ctZ2c5ai1xOWo5
Improper Certificate Validation and Insufficient Verification of Data Authenticity in Keycloak
Ecosystems: maven
Packages: org.keycloak:keycloak-core
Source: GitHub Advisory Database
Blast Radius: 14.7
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTI4aHAtZmdjci0ycjRo
Cross-Site Scripting via JSONP
Ecosystems: npm
Packages: angular
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW14anIteG1jZy1mZzd3
Arbitrary Code Injection in mobile-icon-resizer
Ecosystems: npm
Packages: mobile-icon-resizer
Source: GitHub Advisory Database
Blast Radius: 3.1
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXA0MjYtcXcycC12OTV2
Argument Injection in Apache Geode server
Ecosystems: maven
Packages: org.apache.geode:geode-core
Source: GitHub Advisory Database
Blast Radius: 16.7
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW1mNngtN21tNC14Mmc3
Out-of-bounds Read in stringstream
Ecosystems: npm
Packages: stringstream
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 5 years ago
Statistics
Advisories: 20,545
Packages: 8,999
Repositories: 2,700
Ecosystems: 12
Filter by Package
moodle/moodle 267 tensorflow 208 tensorflow-cpu 205 tensorflow-gpu 204 magento/community-edition 132 typo3/cms 119 org.jenkins-ci.main:jenkins-core 117 org.apache.tomcat:tomcat 91 pimcore/pimcore 86 typo3/cms-core 72 microweber/microweber 65 silverstripe/framework 64 dolibarr/dolibarr 55 apache-airflow 53 phpmyadmin/phpmyadmin 50 drupal/core 48 thorsten/phpmyfaq 45 actionpack 45 github.com/usememos/memos 45 Django 44 apache-superset 42 github.com/mattermost/mattermost/server/v8 42 drupal/drupal 40 Plone 38 concrete5/concrete5 36 github.com/grafana/grafana 36 librenms/librenms 35 org.keycloak:keycloak-core 35 showdoc/showdoc 34 symfony/symfony 33 ansible 32 github.com/mattermost/mattermost-server/v6 30 moin 30 plone 29 nova 29 craftcms/cms 28 org.elasticsearch:elasticsearch 28 intelliants/subrion 26 baserproject/basercms 26 com.liferay.portal:release.portal.bom 25 snipe/snipe-it 24 django 24 k8s.io/kubernetes 22 github.com/answerdev/answer 21 grumpydictator/firefly-iii 20 org.apache.struts:struts2-core 20 mediawiki/core 20 shopware/platform 19 shopware/shopware 19 froxlor/froxlor 18 remdex/livehelperchat 18 nilsteampassnet/teampass 18 matrix-synapse 17 zendframework/zendframework1 17 github.com/docker/docker 17 mautic/core 17 gradio 17 keystone 17 getkirby/cms 16 rdiffweb 16 directus 16 github.com/argoproj/argo-cd/v2 16 org.apache.tomcat.embed:tomcat-embed-core 16 glance 15 github.com/cilium/cilium 15 org.keycloak:keycloak-services 15 prestashop/prestashop 15 io.undertow:undertow-core 15 tinymce 14 org.xwiki.platform:xwiki-platform-oldcore 14 shopware/core 14 github.com/hashicorp/vault 14 puppet 14 vyper 14 nokogiri 14 github.com/hashicorp/consul 14 yetiforce/yetiforce-crm 14 forkcms/forkcms 13 tribalsystems/zenario 13 org.apache.jspwiki:jspwiki-main 13 github.com/hashicorp/nomad 13 com.jfinal:jfinal 13 simplesamlphp/simplesamlphp 12 com.thoughtworks.xstream:xstream 12 github.com/goharbor/harbor 12 contao/core-bundle 12 org.bouncycastle:bcprov-jdk14 11 rack 11 org.keycloak:keycloak-parent 11 roundup 11 org.springframework.security:spring-security-core 11 ec-cube/ec-cube 11 feehi/feehicms 11 lavalite/cms 11 genix/cms 11 TinyMCE 11 github.com/argoproj/argo-cd 11 tinymce/tinymce 11 org.eclipse.jetty:jetty-server 11 org.apache.solr:solr-core 11 DotNetNuke.Core 11 getgrav/grav 11 @openzeppelin/contracts 10 github.com/containerd/containerd 10 joplin 10 opencart/opencart 10 org.springframework:spring-core 10 fat_free_crm 10 PaddlePaddle 10 wallabag/wallabag 10 github.com/mattermost/mattermost-server 10 silverstripe/cms 10 github.com/ethereum/go-ethereum 10 @openzeppelin/contracts-upgradeable 10 bolt/bolt 10 ckeditor4 10 org.bouncycastle:bcprov-jdk15on 10 com.vaadin:vaadin-bom 10 activesupport 10 ghost 10 org.apache.nifi:nifi 10 francoisjacquet/rosariosis 10 salt 10 org.apache.jspwiki:jspwiki-war 10 github.com/greenpau/caddy-security 10 typo3/cms-backend 10 bootstrap 10 zendframework/zendframework 10 bootstrap 10 rubygems-update 9 org.mortbay.jetty:jetty 9 org.webjars:bootstrap 9 bootstrap 9 publify_core 9 notebook 9 code.gitea.io/gitea 9 horizon 9 org.opencrx:opencrx-core-models 9 wasmtime 9 github.com/traefik/traefik/v2 9 org.igniterealtime.openfire:parent 9 gogs.io/gogs 9 github.com/zitadel/zitadel 9 org.jenkins-ci.plugins:git 9 pyftpdlib 9 helm.sh/helm/v3 9 angular 9 wagtail 9 org.opencms:opencms-core 9 twbs/bootstrap 9 aiohttp 9 swagger-ui 9 cakephp/cakephp 9 camaleon_cms 8 laravel/framework 8 contao/contao 8 sylius/sylius 8 impresscms/impresscms 8 electron 8 bootstrap.sass 8 actionview 8 rails-html-sanitizer 8 github.com/kubeedge/kubeedge 8 next 8 centreon/centreon 8 onionshare-cli 8 org.apache.activemq:activemq-client 8 org.jenkins-ci.plugins:electricflow 8 jquery-rails 8 rails 8 modoboa 8 opencv-contrib-python 8 pimcore/admin-ui-classic-bundle 8 org.jenkins-ci.plugins:script-security 8 opencv-python 8 phpbb/phpbb 8 OctoPrint 8 editor.md 8 Microsoft.ChakraCore 8 github.com/openfga/openfga 8 feehi/cms 7 org.webjars.npm:jquery 7 silverstripe/admin 7 bootstrap-sass 7 jquery-ui-rails 7 github.com/google/fscrypt 7 jQuery.UI.Combined 7 org.webjars.npm:jquery-ui 7 pyload-ng 7 org.bouncycastle:bcprov-jdk15 7 org.bouncycastle:bcprov-jdk15to18 7 org.opennms:opennms 7 com.vaadin:flow-server 7 neutron 7 admidio/admidio 7 org.apache.santuario:xmlsec 7 sulu/sulu 7 swift 7 org.jenkins-ci.plugins:email-ext 7 vantage6 7
Filter by Repository
https://github.com/tensorflow/tensorflow 208 https://github.com/moodle/moodle 167 https://github.com/jenkinsci/jenkins 91 https://github.com/pimcore/pimcore 83 https://github.com/microweber/microweber 61 https://github.com/apache/tomcat 53 https://github.com/django/django 53 https://github.com/TYPO3/typo3 53 https://github.com/apache/airflow 53 https://github.com/silverstripe/silverstripe-framework 47 https://github.com/usememos/memos 45 https://github.com/thorsten/phpmyfaq 45 https://github.com/xwiki/xwiki-platform 43 https://github.com/rails/rails 39 https://github.com/kubernetes/kubernetes 35 https://github.com/librenms/librenms 33 https://github.com/star7th/showdoc 32 https://github.com/keycloak/keycloak 31 https://github.com/ansible/ansible 31 https://github.com/grafana/grafana 30 https://github.com/symfony/symfony 27 https://github.com/spring-projects/spring-framework 24 https://github.com/craftcms/cms 23 https://github.com/phpmyadmin/phpmyadmin 22 https://github.com/argoproj/argo-cd 22 https://github.com/Dolibarr/dolibarr 22 https://github.com/concretecms/concretecms 21 https://github.com/answerdev/answer 21 https://github.com/plone/Products.CMFPlone 20 https://github.com/magento/magento2 20 https://github.com/firefly-iii/firefly-iii 20 https://github.com/snipe/snipe-it 20 https://github.com/apache/activemq 19 https://github.com/openstack/nova 19 https://github.com/livehelperchat/livehelperchat 18 https://github.com/mautic/mautic 17 https://github.com/apache/struts 17 https://github.com/shopware/platform 17 https://github.com/shopware/shopware 17 https://github.com/ikus060/rdiffweb 16 https://github.com/matrix-org/synapse 16 https://github.com/CVEProject/cvelist 15 https://github.com/cilium/cilium 15 https://github.com/directus/directus 15 https://github.com/openstack/keystone 15 https://github.com/yetiforcecompany/yetiforcecrm 14 https://github.com/baserproject/basercms 14 https://github.com/vyperlang/vyper 14 https://github.com/PaddlePaddle/Paddle 14 https://github.com/umbraco/Umbraco-CMS 14 https://github.com/OpenNMS/opennms 14 https://github.com/froxlor/froxlor 14 https://github.com/tinymce/tinymce 14 https://github.com/TYPO3/TYPO3.CMS 14 https://github.com/apache/cxf 14 https://github.com/gradio-app/gradio 14 https://github.com/octobercms/october 13 https://github.com/x-stream/xstream 13 https://github.com/go-gitea/gitea 13 https://github.com/getkirby/kirby 13 https://github.com/contao/contao 13 https://github.com/netty/netty 12 https://github.com/goharbor/harbor 12 https://github.com/PrestaShop/PrestaShop 12 https://github.com/mattermost/mattermost 11 https://github.com/moby/moby 11 https://github.com/apache/nifi 11 https://github.com/forkcms/forkcms 11 https://github.com/OpenZeppelin/openzeppelin-contracts 10 https://github.com/geoserver/geoserver 10 https://github.com/greenpau/caddy-security 10 https://github.com/traefik/traefik 10 https://github.com/nilsteampassnet/TeamPass 10 https://github.com/simplesamlphp/simplesamlphp 10 https://github.com/hashicorp/consul 10 https://github.com/zitadel/zitadel 10 https://github.com/laurent22/joplin 10 https://github.com/github/advisory-database 10 https://github.com/strapi/strapi 10 https://github.com/intelliants/subrion 10 https://github.com/containerd/containerd 10 https://github.com/ethereum/go-ethereum 10 https://github.com/backstage/backstage 10 https://github.com/liufee/cms 10 https://github.com/vaadin/platform 10 https://github.com/wagtail/wagtail 9 https://github.com/publify/publify 9 https://github.com/rack/rack 9 https://github.com/fatfreecrm/fat_free_crm 9 https://github.com/TryGhost/Ghost 9 https://github.com/jquery/jquery 9 https://github.com/aio-libs/aiohttp 9 https://github.com/TYPO3-CMS/core 9 https://github.com/sparklemotion/nokogiri 9 https://github.com/ckeditor/ckeditor4 9 https://github.com/puppetlabs/puppet 9 https://github.com/electron/electron 9 https://github.com/helm/helm 9 https://github.com/jenkinsci/git-plugin 9 https://github.com/openstack/glance 9 https://github.com/bytecodealliance/wasmtime 9 https://github.com/rubygems/rubygems 8 https://github.com/apache/zeppelin 8 https://github.com/kubeedge/kubeedge 8 https://github.com/pimcore/admin-ui-classic-bundle 8 https://github.com/openfga/openfga 8 https://github.com/dotnet/runtime 8 https://github.com/eclipse/jetty.project 8 https://github.com/onionshare/onionshare 8 https://github.com/getgrav/grav 8 https://github.com/decidim/decidim 8 https://github.com/python-pillow/Pillow 8 https://github.com/wallabag/wallabag 8 https://github.com/swagger-api/swagger-ui 8 https://github.com/bcgit/bc-java 8 https://github.com/rails/rails-html-sanitizer 8 https://github.com/LavaLite/cms 8 https://github.com/pandao/editor.md 8 https://github.com/nilsteampassnet/teampass 8 https://github.com/zendframework/zendframework 8 https://github.com/modoboa/modoboa 8 https://github.com/jupyter/notebook 7 https://github.com/scrapy/scrapy 7 https://github.com/sulu/sulu 7 https://github.com/opencv/opencv 7 https://github.com/jeecgboot/jeecg-boot 7 https://github.com/dolibarr/dolibarr 7 https://github.com/vantage6/vantage6 7 https://github.com/undertow-io/undertow 7 https://github.com/1Panel-dev/1Panel 7 https://github.com/thorsten/phpMyFAQ 7 https://github.com/laravel/framework 7 https://github.com/saltstack/salt 7 https://github.com/Sylius/Sylius 7 https://github.com/containers/podman 7 https://github.com/gogs/gogs 7 https://github.com/openstack/horizon 7 https://github.com/hashicorp/vault 7 https://github.com/jenkinsci/blueocean-plugin 7 https://github.com/twbs/bootstrap 7 https://github.com/urllib3/urllib3 7 https://github.com/nahsra/antisamy 7 https://github.com/pyload/pyload 7 https://github.com/vaadin/flow 7 https://github.com/kevinpapst/kimai2 7 https://github.com/chakra-core/ChakraCore 7 https://github.com/google/fscrypt 7 https://github.com/oroinc/orocommerce 6 https://github.com/tornadoweb/tornado 6 https://github.com/puma/puma 6 https://github.com/pimcore/customer-data-framework 6 https://github.com/mantisbt/mantisbt 6 https://github.com/opencast/opencast 6 https://github.com/jenkinsci/configuration-as-code-plugin 6 https://github.com/opencart/opencart 6 https://github.com/apache/superset 6 https://github.com/jenkinsci/fortify-on-demand-uploader-plugin 6 https://github.com/jquery/jquery-ui 6 https://github.com/croogo/croogo 6 https://github.com/zenml-io/zenml 6 https://github.com/yiisoft/yii2 6 https://github.com/jenkinsci/script-security-plugin 6 https://github.com/nocodb/nocodb 6 https://github.com/ckan/ckan 6 https://github.com/neorazorx/facturascripts 6 https://github.com/d4wner/Vulnerabilities-Report 6 https://github.com/panva/jose 6 https://github.com/dompdf/dompdf 6 https://github.com/owen2345/camaleon-cms 6 https://github.com/parse-community/parse-server 6 https://github.com/stacklok/minder 6 https://github.com/rancher/rancher 6 https://github.com/lxml/lxml 6 https://github.com/ruby/rexml 6 https://github.com/cubefs/cubefs 6 https://github.com/vercel/next.js 6 https://github.com/cui2shark/security 6 https://github.com/igniterealtime/Openfire 6 https://github.com/hashicorp/nomad 6 https://github.com/opensearch-project/security 6 https://github.com/giampaolo/pyftpdlib 6 https://github.com/pomerium/pomerium 6 https://github.com/cloudflare/cfrpki 6 https://github.com/jenkinsci/config-file-provider-plugin 6 https://github.com/PHPOffice/PhpSpreadsheet 6 https://github.com/psf/requests 5 https://github.com/unshiftio/url-parse 5 https://github.com/cri-o/cri-o 5 https://github.com/OPCFoundation/UA-.NETStandard 5 https://github.com/opencontainers/runc 5 https://github.com/apache/tika 5 https://github.com/vapor/vapor 5 https://github.com/alkacon/opencms-core 5 https://github.com/matrix-org/matrix-appservice-irc 5 https://github.com/lief-project/LIEF 5 https://github.com/pmmp/PocketMine-MP 5 https://github.com/NodeBB/NodeBB 5 https://github.com/Amanieu/parking_lot 5 https://github.com/jenkinsci/subversion-plugin 5