Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Critical Security Advisories

Loading...
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZqcXctcjN3dy13ajJ3
Expression Language Injection in Apache Syncope
Ecosystems: maven
Packages: org.apache.syncope:syncope-core
Source: GitHub Advisory Database
Published: almost 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWY3OGYtMzUzbS1jZjRq
Code Injection in node-rules
Ecosystems: npm
Packages: node-rules
Source: GitHub Advisory Database
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS03NHI2LWdyajktOHJxNs0ZEw
Remote Code Execution in AjaxNetProfessional
Ecosystems: nuget
Packages: AjaxNetProfessional
Source: GitHub Advisory Database
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS1yYzdoLXg2Y3EtOTg4cc3p0Q
Improper Input Validation in JGroups
Ecosystems: maven
Packages: org.jgroups:jgroups
Source: GitHub Advisory Database
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS05N2p2LWMzNDItNXhoY84AAwaR
FurqanSoftware/node-whois vulnerable to Prototype Pollution
Ecosystems: npm
Packages: whois
Source: GitHub Advisory Database
Published: 6 months ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTRtNnEtcnhobS02NzV3
OS Command Injection in adb-driver
Ecosystems: npm
Packages: adb-driver
Source: GitHub Advisory Database
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS1jbXdtLTQ1bWotbXBnM84AAwV0
SCIFIO vulnerable to Path Traversal
Ecosystems: maven
Packages: io.scif:scifio
Source: GitHub Advisory Database
Published: 6 months ago
Critical
GSA_kwCzR0hTQS1wZ2o2LWptajUtd3FmeM4AAqj8
Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins
Ecosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS0yYzc5LWgyaDUtZzNmd84AAqj1
Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins
Ecosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS1tOWhyLTI1OWYtMnYyM84AAqj9
Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins
Ecosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS0zcTg0LXZydngtcmZ2Zs4AAqkF
Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins
Ecosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS1jdnZtLTRjcjktcjQzNs4AAqkD
Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins
Ecosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS02dnA1LXZ2OXAtN3E2Ms4AAxkU
Command Injection in thorsten/phpmyfaq
Ecosystems: packagist
Packages: thorsten/phpmyfaq
Source: GitHub Advisory Database
Published: 4 months ago
Critical
GSA_kwCzR0hTQS02ZmNqLTl2ZnctanEybc4AAxlu
Arbitrary file deletion in ureport
Ecosystems: maven
Packages: com.bstek.ureport:ureport2-core
Source: GitHub Advisory Database
Published: 4 months ago
Critical
GSA_kwCzR0hTQS1qcnBnLTM1aHctbTRwOc0ptg
Capture-replay in Gitea
Ecosystems: go
Packages: github.com/go-gitea/gitea
Source: GitHub Advisory Database
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS1qanZwLXdmcDgtcnY2Oc4AAwyg
globalpom-utils has Insecure Temporary File
Ecosystems: maven
Packages: com.anrisoftware.globalpom:globalpomutils
Source: GitHub Advisory Database
Published: 5 months ago
Critical
GSA_kwCzR0hTQS1odzQ2LXZnNnctODhmas4AAwXM
replicator vulnerable to Deserialization of Untrusted Data
Ecosystems: npm
Packages: replicator
Source: GitHub Advisory Database
Published: 6 months ago
Critical
GSA_kwCzR0hTQS0zNnAzLXdqbWctaDk0eM03aQ
Remote Code Execution in Spring Framework
Ecosystems: maven
Packages: org.springframework:spring-webflux, org.springframework:spring-webmvc, org.springframework:spring-beans, org.springframework.boot:spring-boot-starter-webflux, org.springframework.boot:spring-boot-starter-web
Source: GitHub Advisory Database
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS1nNTk0LTU1bXAtZjZxOM4AAwRe
Improper Privilege Management in rdiffweb
Ecosystems: pypi
Packages: rdiffweb
Source: GitHub Advisory Database
Published: 6 months ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXdwZ2gtaG12NC1yM3Y1
Prototype pollution in safe-obj
Ecosystems: npm
Packages: safe-obj
Source: GitHub Advisory Database
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS1wOW04LTI3eDgtcmc4N80XOQ
Critical vulnerability found in cron-utils
Ecosystems: maven
Packages: com.cronutils:cron-utils
Source: GitHub Advisory Database
Published: over 1 year ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTMyNjkteDRwdy12ZmZn
OS Command Injection in diskusage-ng
Ecosystems: npm
Packages: diskusage-ng
Source: GitHub Advisory Database
Published: over 1 year ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWYyanctcHIyYy05eDk2
Code injection in @rkesters/gnuplot
Ecosystems: npm
Packages: @rkesters/gnuplot
Source: GitHub Advisory Database
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS00djM4LTk2NGMteGptd84AAy3x
Code injection via unescaped translations in xwiki-platform
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-administration-ui
Source: GitHub Advisory Database
Published: about 1 month ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXI1Y3EtOTUzNy05cnBm
Prototype Pollution in mixme
Ecosystems: npm
Packages: mixme
Source: GitHub Advisory Database
Published: over 1 year ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWhwdzctM3ZxMy1tbXY2
Insecure deserialization in Wire
Ecosystems: nuget
Packages: Wire
Source: GitHub Advisory Database
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS1xaHE4LTJmM20tZ3h2cM4AAyAP
SQL Injection in Funadmin
Ecosystems: packagist
Packages: funadmin/funadmin
Source: GitHub Advisory Database
Published: 3 months ago
Critical
GSA_kwCzR0hTQS12aHJ2LTlmOWctcmZyeM4AAx99
SQL Injection in Funadmin
Ecosystems: packagist
Packages: funadmin/funadmin
Source: GitHub Advisory Database
Published: 3 months ago
Critical
GSA_kwCzR0hTQS1yaDNtLXByMzYteGgyZs4AAwzQ
kelvinmo simplexrd vulnerable to Improper Restriction of XML External Entity Reference
Ecosystems: packagist
Packages: kelvinmo/simplexrd
Source: GitHub Advisory Database
Published: 5 months ago
Critical
GSA_kwCzR0hTQS02OGh2LTg5MjYtajM0Y84AAwyF
DBRisinajumi d2files SQL Injection vulnerability
Ecosystems: packagist
Packages: dbrisinajumi/d2files
Source: GitHub Advisory Database
Published: 5 months ago
Critical
GSA_kwCzR0hTQS1tamd3LWYyYzQtZjhxas4AAwzj
WebPA SQL Injection vulnerability
Ecosystems: packagist
Packages: webpa/webpa
Source: GitHub Advisory Database
Published: 5 months ago
Critical
GSA_kwCzR0hTQS12NDN2LXB2OTUtamM1Nc4AAx-F
SQL Injection in Funadmin
Ecosystems: packagist
Packages: funadmin/funadmin
Source: GitHub Advisory Database
Published: 3 months ago
Critical
GSA_kwCzR0hTQS04cGg4LTlxMmotYzNycc4AAwx-
nodebatis SQL Injection vulnerability
Ecosystems: npm
Packages: nodebatis
Source: GitHub Advisory Database
Published: 5 months ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTY3bW0tbTN3eC1qN2Zy
Command injection in gitlog
Ecosystems: npm
Packages: gitlog
Source: GitHub Advisory Database
Published: about 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTh2MjctMmZnOS03aDYy
Withdrawn: Arbitrary Code Execution in static-eval
Ecosystems: npm
Packages: static-eval
Source: GitHub Advisory Database
Published: about 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJwY20td2hxYy1qZnc4
Use after free in libflate
Ecosystems: cargo
Packages: libflate
Source: GitHub Advisory Database
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS13NjZqLXhjN3ItbTJqds4AAwJR
camel-ldap component allows LDAP Injection when using the filter option
Ecosystems: maven
Packages: org.apache.camel:camel-ldap
Source: GitHub Advisory Database
Published: 6 months ago
Critical
GSA_kwCzR0hTQS0yYzI5LXdjNjUtNGN4Oc4AAlq3
linux-cmdline is vulnerable to Prototype Pollution via the constructor
Ecosystems: npm
Packages: linux-cmdline
Source: GitHub Advisory Database
Published: about 1 year ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWYydnYtaDV4NC01N2dy
Leak of information via Store-API
Ecosystems: packagist
Packages: shopware/platform
Source: GitHub Advisory Database
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS1jbTdmLWhmMmctZ2hycM4AAwCw
PyroCMS vulnerable to stored Cross Site Scripting
Ecosystems: packagist
Packages: pyrocms/pyrocms
Source: GitHub Advisory Database
Published: 6 months ago
Critical
GSA_kwCzR0hTQS1nMzg5LXJmNXAtZmc1Ns4AAwCr
Badaso vulnerable to Remote Code Execution (RCE)
Ecosystems: packagist
Packages: badaso/core
Source: GitHub Advisory Database
Published: 6 months ago
Critical
GSA_kwCzR0hTQS1jaDNyLWo1eDMtNnEybc4AAy46
vm2 Sandbox Escape vulnerability
Ecosystems: npm
Packages: vm2
Source: GitHub Advisory Database
Published: about 1 month ago
Critical
GSA_kwCzR0hTQS1jdmg0LWNqYzktODRxbc4AAwFH
owncast is vulnerable to SQL Injection
Ecosystems: go
Packages: github.com/owncast/owncast
Source: GitHub Advisory Database
Published: 6 months ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWpyZzMtcXE5OS0zNWc3
Deserialization of Untrusted Data in Jodd
Ecosystems: maven
Packages: org.jodd:jodd-all
Source: GitHub Advisory Database
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS1yM3I1LWpodzYtNDYzNM05bw
Insecure temporary file usage in SWHKD
Ecosystems: cargo
Packages: Simple-Wayland-HotKey-Daemon
Source: GitHub Advisory Database
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS00ajJ4LXYzbXItNDY3bc4AAwCt
Jeecg-boot vulnerable to SQL injection via updateNullByEmptyString
Ecosystems: maven
Packages: org.jeecgframework.boot:jeecg-boot-common
Source: GitHub Advisory Database
Published: 6 months ago
Critical
GSA_kwCzR0hTQS05bWg5LTQ0cTMtdjc5eM4AAy5F
PowerJob vulnerable to remote code execution
Ecosystems: maven
Packages: tech.powerjob:powerjob
Source: GitHub Advisory Database
Published: about 1 month ago
Critical
GSA_kwCzR0hTQS14Mzd2LTM2d3YtNnY2aM4AAy5a
Cross-site Scripting in org.xwiki.commons:xwiki-commons-xml
Ecosystems: maven
Packages: org.xwiki.commons:xwiki-commons-xml
Source: GitHub Advisory Database
Published: about 1 month ago
Critical
GSA_kwCzR0hTQS1ncjU4LTc2cnAtbW1nNM4AAwCL
wger vulnerable to brute force attempts
Ecosystems: pypi
Packages: wger
Source: GitHub Advisory Database
Published: 6 months ago
Critical
GSA_kwCzR0hTQS1nNWNqLTVoNTgtajkzd84AAwC4
Jeecg-boot vulnerable to SQL Injection
Ecosystems: maven
Packages: org.jeecgframework.boot:jeecg-boot-common
Source: GitHub Advisory Database
Published: 6 months ago
Critical
GSA_kwCzR0hTQS01Y3FtLWNyeG0tNnFwds0bSA
Buffer overrun in CGI.escape_html
Ecosystems: rubygems
Packages: cgi
Source: GitHub Advisory Database
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS13cWc3LW14NnAtMnJ3M84AAwBL
Command injection in Apache DolphinScheduler Alert Plugins
Ecosystems: maven
Packages: org.apache.dolphinscheduler:dolphinscheduler-alert-plugins
Source: GitHub Advisory Database
Published: 6 months ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXY4dzktMjc4OS02aGhy
Deserialization of Untrusted Data in bson
Ecosystems: npm
Packages: bson
Source: GitHub Advisory Database
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS1tZmp3LXg0cTQtNjlwOc4AAigf
Ignite Realtime Openfire vulnerable to Server Side Request Forgery
Ecosystems: maven
Packages: org.igniterealtime.openfire:parent
Source: GitHub Advisory Database
Published: about 1 year ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWdycGYtZ2c3di01ZzVo
SQL Injection in Apache SkyWalking
Ecosystems: maven
Packages: org.apache.skywalking:oap-server
Source: GitHub Advisory Database
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS05ajM2LTNjcDQtcmg0as4AAy5x
XWiki vulnerable to Code Injection in template provider administration
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-administration-ui, org.xwiki.platform:xwiki-platform-administration, org.xwiki.platform.applications:xwiki-application-administration
Source: GitHub Advisory Database
Published: about 1 month ago
Critical
GSA_kwCzR0hTQS1ybWYyLXB3ZnEtaDc1as4AAwAD
OS Command Injection in Apache Airflow
Ecosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Published: 6 months ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW0yOTgtZmg1Yy1qYzY2
Object injection in PHPMailer/PHPMailer
Ecosystems: packagist
Packages: phpmailer/phpmailer
Source: GitHub Advisory Database
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS1oZzV4LTN3M3gtN2c5Ns4AAy5v
xwiki-platform-web-templates vulnerable to Eval Injection
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-web-templates
Source: GitHub Advisory Database
Published: about 1 month ago
Critical
GSA_kwCzR0hTQS1wbWcyLXJwaDgtcDhyNs4AAwYe
Alist vulnerable to Path Traversal
Ecosystems: go
Packages: github.com/alist-org/alist/v3
Source: GitHub Advisory Database
Published: 6 months ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXc4ZmgtcHZxMi14OGM0
Malicious npm package: sonatype
Ecosystems: npm
Packages: sonatype
Source: GitHub Advisory Database
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS01N3d4LW05ODMtMmY4OM0XCw
Incomplete validation in boosted trees code
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS1qZ2c3LXcycmotNThjas4AAy5-
XWiki Platform vulnerable to privilege escalation from view right on XWiki.Notifications.Code.LegacyNotificationAdministration
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-legacy-events-hibernate-ui, org.xwiki.platform:xwiki-platform-distribution-war
Source: GitHub Advisory Database
Published: about 1 month ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWc0NzUtcGNoNS02d3Z2
Authentication bypass in MAGMI
Ecosystems: packagist
Packages: dweeves/magmi
Source: GitHub Advisory Database
Published: about 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWp3MzctNWdxci1jZjlq
Server-Side Request Forgery in ftp-srv
Ecosystems: npm
Packages: ftp-srv
Source: GitHub Advisory Database
Published: almost 3 years ago
Critical
GSA_kwCzR0hTQS1namc3LXFmdnAtOWhtNM4AAv9w
SQL injection in Dolibarr
Ecosystems: packagist
Packages: dolibarr/dolibarr
Source: GitHub Advisory Database
Published: 6 months ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTh2Zm0tNDM4OC02cnBj
Apache is vulnerable to XXE in XSD validation processor
Ecosystems: maven
Packages: org.apache.camel:camel-core
Source: GitHub Advisory Database
Published: over 4 years ago
Critical
GSA_kwCzR0hTQS1qZ3JnLXF2cHAtOXZ3cs4AAy59
XWiki Platform vulnerable to code injection from account through AWM view sheet
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-appwithinminutes-ui
Source: GitHub Advisory Database
Published: about 1 month ago
Critical
GSA_kwCzR0hTQS14OTNqLTNoaDMtNngyM84AAv9W
Insufficient Session Expiration in librenms/librenms
Ecosystems: packagist
Packages: librenms/librenms
Source: GitHub Advisory Database
Published: 7 months ago
Critical
GSA_kwCzR0hTQS0zcjQ4LTNtOHItNHI5d84AAyX0
Apache OpenMeetings missing authentication and can allow user impersonation
Ecosystems: maven
Packages: org.apache.openmeetings:openmeetings-parent
Source: GitHub Advisory Database
Published: 2 months ago
Critical
GSA_kwCzR0hTQS1mYzQyLTV3NTYtcXc3aM4AAy57
XWiki Platform vulnerable to code injection from account through XWiki.SchedulerJobSheet
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-scheduler-ui
Source: GitHub Advisory Database
Published: about 1 month ago
Critical
GSA_kwCzR0hTQS14NzY0LWZmOHItOWhweM4AAy56
XWiki Platform vulnerable to code injection in display method used in user profiles
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-oldcore
Source: GitHub Advisory Database
Published: about 1 month ago
Critical
GSA_kwCzR0hTQS02dzhoLTI2eHgtY2Y4cc4AAv_U
Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') in org.xwiki.platform:xwiki-platform-menu-ui
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-menu-ui
Source: GitHub Advisory Database
Published: 6 months ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWY4ZmgtOHJnbS0yMjdo
OS Command Injection in node-prompt-here
Ecosystems: npm
Packages: node-prompt-here
Source: GitHub Advisory Database
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS1mM2dqLWh2djQtZjU3ds4AAv5G
XML External Entity Reference in Jenkins CCCC Plugin
Ecosystems: maven
Packages: com.thalesgroup.jenkins-ci.plugins:cccc
Source: GitHub Advisory Database
Published: 7 months ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXFyN2otaDZnZy1qbWdj
Deserialization of Untrusted Data in jackson-databind
Ecosystems: maven
Packages: com.fasterxml.jackson.core:jackson-databind
Source: GitHub Advisory Database
Published: almost 4 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWh2cHItOWNyNi1xNXY3
Apache Camel's camel-snakeyaml component is vulnerable to Java object de-serialization
Ecosystems: maven
Packages: org.apache.camel:camel-snakeyaml
Source: GitHub Advisory Database
Published: over 4 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZqdzctNmdmcS02d2Y1
Path Traversal in Eclipse Vert
Ecosystems: maven
Packages: io.vertx:vertx-web
Source: GitHub Advisory Database
Published: over 1 year ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWhoeDktcDY5di1jeDJq
Authentication bypass in Apache Airflow
Ecosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Published: about 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWY5NmctMjRjZy1mMjR3
SQL Injection in odata4j
Ecosystems: maven
Packages: org.odata4j:odata4j-parent, org.odata4j:odata4j-dist, org.odata4j:odata4j-core
Source: GitHub Advisory Database
Published: about 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTIzODItcXg1aC1ydnFo
SQL Injection in odata4j
Ecosystems: maven
Packages: org.odata4j:odata4j-parent, org.odata4j:odata4j-dist, org.odata4j:odata4j-core
Source: GitHub Advisory Database
Published: about 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWp4bTUtNXhjdy1oNTdx
exist-db:exist-core XML External Entity (XXE) vulnerability
Ecosystems: maven
Packages: org.exist-db:exist-core
Source: GitHub Advisory Database
Published: over 4 years ago
Critical
GSA_kwCzR0hTQS04aDgzLWNoaDItZmNocM4AAv0g
eZ Platform users with the Company admin role can assign any role to any user
Ecosystems: packagist
Packages: ezsystems/ezplatform-kernel
Source: GitHub Advisory Database
Published: 7 months ago
Critical
GSA_kwCzR0hTQS00NDZxLXh4ZzUtM3ZoaM4AAv0f
eZ Platform users with the Company admin role can assign any role to any user
Ecosystems: packagist
Packages: ezsystems/repository-forms
Source: GitHub Advisory Database
Published: 7 months ago
Critical
GSA_kwCzR0hTQS1wY3BtLXZjNHYtY212eM4AAv0e
eZ Platform users with the Company admin role can assign any role to any user
Ecosystems: packagist
Packages: ezsystems/ezplatform-admin-ui
Source: GitHub Advisory Database
Published: 7 months ago
Critical
GSA_kwCzR0hTQS1nNmpjLXhyYzMtNHd3cc4AAv0d
Ibexa DXP users with the Company admin role can assign any role to any user
Ecosystems: packagist
Packages: ibexa/admin-ui
Source: GitHub Advisory Database
Published: 7 months ago
Critical
GSA_kwCzR0hTQS03NjQ0LWN4cDgtaDIzcs4AAv0b
ibexa/admin-ui vulnerable to Cross-site Scripting in content type name/shortname
Ecosystems: packagist
Packages: ibexa/admin-ui
Source: GitHub Advisory Database
Published: 7 months ago
Critical
GSA_kwCzR0hTQS01OGg1LWg1NTQtNDI5cc4AAv0Z
ezplatform-admin-ui vulnerable to Cross-Site Scripting (XSS)
Ecosystems: packagist
Packages: ezsystems/ezplatform-admin-ui
Source: GitHub Advisory Database
Published: 7 months ago
Critical
GSA_kwCzR0hTQS1naDdtLWo2NzMtd205N84AAv7L
Dolibarr vulnerable to privilege escalation
Ecosystems: packagist
Packages: dolibarr/dolibarr
Source: GitHub Advisory Database
Published: 7 months ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW1qOHgtY3ByOC14Mzlo
Remote code execution in Apache Tapestry
Ecosystems: maven
Packages: org.apache.tapestry:tapestry-core
Source: GitHub Advisory Database
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS1oMzc2LWoyNjItdmhxNs0g_w
RCE in H2 Console
Ecosystems: maven
Packages: com.h2database:h2
Source: GitHub Advisory Database
Published: over 1 year ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJxOGctNXBjNS13cmhy
Insufficient Entropy in cryptiles
Ecosystems: npm
Packages: cryptiles
Source: GitHub Advisory Database
Published: over 4 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXhwNWotd2o0aC0yanE5
Injection and Improper Input Validation in Apache Unomi
Ecosystems: maven
Packages: org.apache.unomi:unomi
Source: GitHub Advisory Database
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS1wcm01LThnMm0tMjRnZ84AAvvh
Remote code execution via MongoDB BSON parser through prototype pollution
Ecosystems: npm
Packages: parse-server
Source: GitHub Advisory Database
Published: 7 months ago
Critical
GSA_kwCzR0hTQS13Mzk1LWhwcTktN3h3cs4AAXMW
Apache Geode unsafe deserialization in TcpServer
Ecosystems: maven
Packages: org.apache.geode:geode-core
Source: GitHub Advisory Database
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS00ajM4LXdqaGYtODg0cs384Q
Arbitrary code execution in Richfaces
Ecosystems: maven
Packages: org.richfaces:richfaces-core
Source: GitHub Advisory Database
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS0zaHg2LWZxcGoteGZqcs386w
RichFaces vulnerable to Expression Language Injection
Ecosystems: maven
Packages: org.richfaces:richfaces-core
Source: GitHub Advisory Database
Published: about 1 year ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZmN3Atajh4Ni14dndw
Incorrect Authorization in Apache Solr
Ecosystems: maven
Packages: org.apache.solr:solr-parent
Source: GitHub Advisory Database
Published: about 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTdjNnEtanF3Yy00NDIz
Path Traversal in Crafter CMS Crafter Studio
Ecosystems: maven
Packages: org.craftercms:crafter-studio
Source: GitHub Advisory Database
Published: over 1 year ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTI3ZmotbWM4dy1qOXdn
RSA signature validation vulnerability on maleable encoded message in jsrsasign
Ecosystems: npm
Packages: jsrsasign
Source: GitHub Advisory Database
Published: about 2 years ago
Filter by Package
com.fasterxml.jackson.core:jackson-databind 23 org.jenkins-ci.main:jenkins-core 16 net.mingsoft:ms-mcms 15 org.apache.dubbo:dubbo 11 apache-airflow 9 org.apache.struts:struts2-core 9 rdiffweb 8 vm2 8 funadmin/funadmin 8 tensorflow 8 sequelize 8 tensorflow-cpu 7 tensorflow-gpu 7 gogs.io/gogs 7 rusqlite 7 github.com/answerdev/answer 6 shopware/platform 6 topthink/framework 6 moodle/moodle 6 Pillow 6 aaptjs 6 org.xwiki.platform:xwiki-platform-oldcore 5 steal 5 safe-eval 5 org.apache.shiro:shiro-core 5 github.com/argoproj/argo-cd 5 ezsystems/ezpublish-kernel 5 symfony/symfony 4 dolibarr/dolibarr 4 thorsten/phpmyfaq 4 org.xwiki.commons:xwiki-commons-xml 4 org.apache.tapestry:tapestry-core 4 github.com/hashicorp/vault 4 com.jflyfox:jflyfox_jfinal 4 nodebb 4 safer-eval 4 swagger-ui 4 calibreweb 4 org.springframework.security:spring-security-core 4 org.apache.activemq:activemq-client 4 shopware/core 4 org.jeecgframework.boot:jeecg-boot-base-core 4 hermes-engine 4 prestashop/prestashop 4 org.jenkins-ci.plugins:script-security 4 django 4 Django 4 mlflow 4 realms-shim 4 spree_auth_devise 4 messagepack-rs 4 openssl-src 4 smallvec 4 org.eclipse.jetty:jetty-server 4 log4j:log4j 3 slp-validate 3 org.apache.kylin:kylin-server-base 3 org.apache.solr:solr-core 3 dns-sync 3 org.xwiki.platform:xwiki-platform-flamingo-theme-ui 3 baserproject/basercms 3 apache-airflow-providers-apache-hive 3 org.xwiki.platform:xwiki-platform-panels-ui 3 org.xwiki.platform:xwiki-platform-administration-ui 3 org.jeecgframework.boot:jeecg-boot-common 3 phpmailer/phpmailer 3 parse-server 3 org.apache.openmeetings:openmeetings-parent 3 ezsystems/ezplatform-kernel 3 jsrsasign 3 org.apache.solr:solr-parent 3 org.richfaces:richfaces-core 3 org.apache.jmeter:ApacheJMeter 3 rubygems-update 3 ckb 3 org.apache.nifi:nifi 3 org.jenkins-ci.plugins.workflow:workflow-cps 3 github.com/dexidp/dex 3 org.apache.logging.log4j:log4j-core 3 code.gitea.io/gitea 3 @openzeppelin/contracts-upgradeable 3 nokogiri 3 io.dataease:dataease-plugin-common 3 gerapy 3 publify_core 3 slpjs 3 francoisjacquet/rosariosis 3 xcb 3 impresscms/impresscms 3 ibexa/core 3 net.opentsdb:opentsdb 3 edu.stanford.nlp:stanford-corenlp 3 strapi 3 com.hazelcast:hazelcast 3 org.apache.ignite:ignite-core 3 ansible 3 com.alibaba:dubbo 3 feathers-sequelize 3 tribalsystems/zenario 3 org.jeecgframework.boot:jeecg-boot-base 3 github.com/nats-io/nats-server/v2 3 nvflare 3 actix-web 3 org.apache.ozone:ozone-main 3 github.com/usememos/memos 3 org.apache.any23:apache-any23 3 handlebars 3 @sequelize/core 3 id-map 3 org.apache.hadoop:hadoop-common 3 io.undertow:undertow-core 3 dompdf/dompdf 3 org.apache.xmlrpc:xmlrpc 2 org.apache.commons:commons-configuration2 2 waitress 2 Twisted 2 pagekit/pagekit 2 org.jenkins-ci.plugins:active-directory 2 verot/class.upload.php 2 org.apache.ranger:ranger 2 org.apache.tomcat.embed:tomcat-embed-core 2 rubyzip 2 org.jeecgframework.boot:jeecg-boot-parent 2 AjaxNetProfessional 2 github.com/go-gitea/gitea 2 com.cronutils:cron-utils 2 badaso/core 2 Simple-Wayland-HotKey-Daemon 2 tech.powerjob:powerjob 2 org.xwiki.platform:xwiki-platform-distribution-war 2 librenms/librenms 2 org.odata4j:odata4j-core 2 org.odata4j:odata4j-dist 2 io.vertx:vertx-web 2 org.odata4j:odata4j-parent 2 ibexa/admin-ui 2 ezsystems/ezplatform-admin-ui 2 com.h2database:h2 2 org.apache.storm:storm 2 cn.hutool:hutool-all 2 org.apache.geode:geode-core 2 openmage/magento-lts 2 async-git 2 centreon/centreon 2 org.apache.shiro:shiro-spring 2 org.apache.dolphinscheduler:dolphinscheduler 2 nukeviet/nukeviet 2 org.apache.dubbo:dubbo-parent 2 yeoman-genrator 2 flatbuffers 2 json-serializer 2 org.keycloak:keycloak-core 2 set-in 2 github.com/rancher/rancher 2 flatmap-stream 2 eslint-config-eslint 2 froxlor/froxlor 2 org.apache.cassandra:cassandra-all 2 mautic/core 2 feehi/cms 2 traitobject 2 org.xwiki.platform:xwiki-platform-wiki-ui-mainwiki 2 deno 2 parse-url 2 modoboa 2 @openzeppelin/contracts 2 ro.pippo:pippo-core 2 net.bull.javamelody:javamelody-core 2 rest-client 2 pillow 2 ca.uhn.hapi.fhir:org.hl7.fhir.r4b 2 ca.uhn.hapi.fhir:org.hl7.fhir.utilities 2 ca.uhn.hapi.fhir:org.hl7.fhir.validation 2 ca.uhn.hapi.fhir:org.hl7.fhir.r5 2 ca.uhn.hapi.fhir:org.hl7.fhir.convertors 2 ca.uhn.hapi.fhir:org.hl7.fhir.core 2 org.springframework.amqp:spring-amqp 2 org.springframework:spring-core 2 org.springframework.security.oauth:spring-security-oauth2 2 org.apache.tomcat:tomcat 2 drupal/core 2 pyload-ng 2 @xmldom/xmldom 2 xmldom 2 pdfkit 2 github.com/argoproj/argo-cd/v2 2 giting 2 org.jenkins-ci.plugins:semantic-versioning-plugin 2 paddlepaddle 2 org.apache.shenyu:shenyu-common 2 org.jenkins-ci.plugins:email-ext 2 facturascripts/facturascripts 2 ctx 2 org.xwiki.platform:xwiki-platform-rendering-async-macro 2 org.xwiki.platform:xwiki-platform-attachment-ui 2 @keystone-6/core 2 github.com/russellhaering/goxmldsig 2 activerecord 2 shell-quote 2 ejs 2 com.hazelcast.jet:hazelcast-jet 2 phpmyadmin/phpmyadmin 2 wwbn/avideo 2 pyyaml 2 quokka 2 python-keystoneclient 2 mathjs 2 org.xwiki.platform:xwiki-platform-icon-ui 2 libnested 2 showdoc/showdoc 2 codeigniter4/framework 2 github.com/git-lfs/git-lfs 2 github.com/nats-io/jwt 2 org.neo4j.procedure:apoc 2 ozone 2 org.apache.cxf:cxf 2 nadesiko3 2 acc_reader 2 alextselegidis/easyappointments 2 github.com/crewjam/saml 2 com.thoughtworks.xstream:xstream 2 github.com/fluxcd/kustomize-controller 2 github.com/fluxcd/flux2 2 slice-deque 2 arr 2 topthink/think 2 locutus 2 github.com/russellhaering/gosaml2 2 tenvoy 2 org.codehaus.groovy:groovy 2 flarum/core 2 stack_dst 2 bestzip 2 laravel/laravel 2 xmlhttprequest-ssl 2 total.js 2 facade/ignition 2 github.com/pterodactyl/wings 2 dragonfly 2 failure 2 github.com/beego/beego/v2 2 github.com/beego/beego 2 parsel 2 dompurify 2 rand_core 2 org.apache.ivy:ivy 1 soap:soap 1 exotel 1 flat 1 flood 1 github.com/Masterminds/goutils 1 github.com/ecnepsnai/web 1 node-serialize 1 json-pointer 1 clickhouse-driver 1 github.com/gorilla/handlers 1 github.com/yi-ge/unzip 1 joblib 1 directus 1 yourls/yourls 1 net.sf.mpxj:mpxj 1 activestorage 1 org.apache.cxf:cxf-core 1 generator-jhipster-kotlin 1 org.ff4j:ff4j-core 1 studio-42/elfinder 1 kill-process-by-name 1 modulemd 1 doorkeeper 1 espeak-ruby 1 openssl.js 1 colorscore 1 org.apache.maven:maven 1 js-yaml 1 kelredd-pruview 1 cremefraiche 1 js-extend 1 @ronomon/opened 1 net.sf.robocode:robocode.api 1 github.com/sjqzhang/go-fastdfs 1 github.com/hashicorp/nomad/client/allocrunner/taskrunner/template 1 org.http4s:http4s-server 1 pdfinfojs 1 https-proxy-agent 1 restforce 1 growl 1 flintcms 1 git-fastclone 1 jsonwebtoken 1 macaddress 1 nalgebra 1 dojox 1 linked-hash-map 1 DotNetNuke.Core 1 com.ctrip.framework.apollo:apollo 1 org.thymeleaf:thymeleaf-spring5 1 adplug 1 msrcrypto 1 merge-options 1 redis-store 1