Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Critical Security Advisories

Loading...
Critical
GSA_kwCzR0hTQS04NDM0LXY3eHctOG05eM0loA
Improper Neutralization of Argument Delimiters in a Decompiling Package Process in APKLeaks
Ecosystems: pypi
Packages: APKLeaks
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS1mN3ZoLXF3cDMteDM3bc0kWQ
Deserialization of Untrusted Data in Apache Log4j
Ecosystems: maven
Packages: org.zenframework.z8.dependencies.commons:log4j-1.2.17, log4j:log4j
Source: GitHub Advisory Database
Blast Radius: 52.7
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS03bWhjLXByZ3YtcjNxNM0j-w
Access of Resource Using Incompatible Type in Hermes
Ecosystems: npm
Packages: hermes-engine
Source: GitHub Advisory Database
Blast Radius: 52.3
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS1xNGo3LXYyN3ItZmdjeM0h4w
Prototype Pollution in realms-shim
Ecosystems: npm
Packages: realms-shim
Source: GitHub Advisory Database
Blast Radius: 17.6
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS1wd203LXFyNmotM3ZqZ80h4Q
Prototype Pollution in realms-shim
Ecosystems: npm
Packages: realms-shim
Source: GitHub Advisory Database
Blast Radius: 17.6
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS12cDV4LTN2OHItcXByd80hYA
Deserialization of Untrusted Data in Dubbo
Ecosystems: maven
Packages: org.apache.dubbo:dubbo
Source: GitHub Advisory Database
Blast Radius: 34.4
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS0ydzhnLW01ajgtN204N80hSQ
Zalgo-like output that crashes the server
Ecosystems: npm
Packages: @soketi/soketi
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS04dmoyLXZ4eDMtNjY3d80hfA
Arbitrary expression injection in Pillow
Ecosystems: pypi
Packages: Pillow
Source: GitHub Advisory Database
Blast Radius: 48.5
Published: over 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTMyNjkteDRwdy12ZmZn
OS Command Injection in diskusage-ng
Ecosystems: npm
Packages: diskusage-ng
Source: GitHub Advisory Database
Blast Radius: 25.8
Published: over 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWNxcjIteGhnNi1wMjY4
OS Command Injection in node-mpv
Ecosystems: npm
Packages: node-mpv
Source: GitHub Advisory Database
Blast Radius: 16.7
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS1oMzc2LWoyNjItdmhxNs0g_w
RCE in H2 Console
Ecosystems: maven
Packages: com.h2database:h2
Source: GitHub Advisory Database
Blast Radius: 53.2
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS04Y3c1LXJ2OTgtNWM0Ns0g-A
Arbitrary PHP code execution in Drupal
Ecosystems: packagist
Packages: drupal/core, drupal/drupal
Source: GitHub Advisory Database
Blast Radius: 36.5
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS05cWo2LTRyZnEtdm04NM0frg
Out-of-bounds Write in actix-web
Ecosystems: cargo
Packages: actix-web
Source: GitHub Advisory Database
Blast Radius: 37.6
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS03eDM2LWg2Mnctdnc2Nc0frA
Out-of-bounds Write in actix-web
Ecosystems: cargo
Packages: actix-web
Source: GitHub Advisory Database
Blast Radius: 37.6
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS1mZ2ZtLWhxanctMzI2Nc0frQ
Out-of-bounds Write in actix-web
Ecosystems: cargo
Packages: actix-web
Source: GitHub Advisory Database
Blast Radius: 37.6
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS1wNDZjLXc5bTMtN3FyMs0fqg
Use of Uninitialized Resource in flumedb.
Ecosystems: cargo
Packages: flumedb
Source: GitHub Advisory Database
Blast Radius: 3.0
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS03OTlmLXI3OHAtZ3E5Y80fow
Use of Uninitialized Resource in acc_reader.
Ecosystems: cargo
Packages: acc_reader
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS1wNGNyLTY0eDQtZjkyZs0fpA
Use of Uninitialized Resource in acc_reader.
Ecosystems: cargo
Packages: acc_reader
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS12OTM4LXFjYzktcnd2OM0fpQ
Use of Uninitialized Resource in buffoon.
Ecosystems: cargo
Packages: buffoon
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS1qdjJyLWp4NnEtODlqZ80foA
Use of Uninitialized Resource in bronzedb-protocol.
Ecosystems: cargo
Packages: bronzedb-protocol
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS1jdzRqLWNmNmMtbW1mds0fnw
Use of Uninitialized Resource in binjs_io.
Ecosystems: cargo
Packages: binjs_io
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS05NzgzLTQycG0teDVqcc0fnA
Use of Uninitialized Resource in csv-sniffer.
Ecosystems: cargo
Packages: csv-sniffer
Source: GitHub Advisory Database
Blast Radius: 3.0
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS05bXA3LTQ1cWgtcjhqOM0fnQ
columnar: Read on uninitialized buffer may cause UB (ColumnarReadExt::read_typed_vec())
Ecosystems: cargo
Packages: columnar
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS13NDI4LWY2NXItaDRxMs0fmw
Deserialization of Untrusted Data in rust-cpuid
Ecosystems: cargo
Packages: raw-cpuid
Source: GitHub Advisory Database
Blast Radius: 33.5
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS02NHd2LTh2d3AteGd3Ms0fmg
Use of Uninitialized Resource in ash.
Ecosystems: cargo
Packages: ash
Source: GitHub Advisory Database
Blast Radius: 35.9
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS1qcWpqLXI0cXAteDJnaM0flQ
Use of Uninitialized Resource in messagepack-rs.
Ecosystems: cargo
Packages: messagepack-rs
Source: GitHub Advisory Database
Blast Radius: 3.0
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS1qd2ZoLWo2MjMtbTk3aM0flg
Use of Uninitialized Resource in messagepack-rs
Ecosystems: cargo
Packages: messagepack-rs
Source: GitHub Advisory Database
Blast Radius: 3.0
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS1ocjUyLWY5dnAtNTgyY80flw
Use of Uninitialized Resource in messagepack-rs.
Ecosystems: cargo
Packages: messagepack-rs
Source: GitHub Advisory Database
Blast Radius: 3.0
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS1mZjJyLXhwd3EtNndoas0fmA
Use of Uninitialized Resource in gfx-auxil
Ecosystems: cargo
Packages: gfx-auxil
Source: GitHub Advisory Database
Blast Radius: 27.2
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS12dzVtLXF3MnItbTkyM80fmQ
Use of Uninitialized Resource in messagepack-rs.
Ecosystems: cargo
Packages: messagepack-rs
Source: GitHub Advisory Database
Blast Radius: 3.0
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS0yZ3hqLXFycDItNTNqds0flA
Incorrect reliance on Trait memory layout in mopa
Ecosystems: cargo
Packages: mopa
Source: GitHub Advisory Database
Blast Radius: 27.3
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS04Z2ptLWgzeGotbXA2d80fkQ
RPC call failure in ckb
Ecosystems: cargo
Packages: ckb
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS02cDNjLXY4dmMtYzI0NM0fkg
The `total_size` function for partial read the length of any `FixVec` is incorrect in molecule.
Ecosystems: cargo
Packages: molecule
Source: GitHub Advisory Database
Blast Radius: 20.9
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS1mYzd4LTJjbWMtOGoyZ80fkw
Incorrect hash in sha2
Ecosystems: cargo
Packages: sha2
Source: GitHub Advisory Database
Blast Radius: 44.8
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS1xMng1LTZxN3Etcjg3Ms0fjg
Use After Free in tremor-script
Ecosystems: cargo
Packages: tremor-script
Source: GitHub Advisory Database
Blast Radius: 7.6
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS1xd3Z4LWM4ajctNWc3Nc0fjA
Use of Uninitialized Resource in tectonic_xdv
Ecosystems: cargo
Packages: tectonic_xdv
Source: GitHub Advisory Database
Blast Radius: 11.8
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS1yNTdyLWo5OGctNTg3Zs0fig
Pointer dereference in nanorand
Ecosystems: cargo
Packages: nanorand
Source: GitHub Advisory Database
Blast Radius: 34.3
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS1jNWh4LXc5NDUtajRwcc0fiQ
Memory flaw in zeroize_derive
Ecosystems: cargo
Packages: zeroize_derive
Source: GitHub Advisory Database
Blast Radius: 38.5
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS05aGZnLXB4cjYtcTR2cM0fhQ
Use of a Broken or Risky Cryptographic Algorithm in crypto2
Ecosystems: cargo
Packages: crypto2
Source: GitHub Advisory Database
Blast Radius: 12.8
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS1jNmg0LWdjM2YtaGdqcc0eZw
Prototype Pollution in js-data
Ecosystems: npm
Packages: js-data
Source: GitHub Advisory Database
Blast Radius: 25.4
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS1wY2NyLXE3djktNWYyN80eMw
Apache Solr Improper Input Validation and Path Traversal
Ecosystems: maven
Packages: org.apache.solr:solr-parent
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS02cGoyLTVmcXEteHZqY80c2g
Incorrect Authorization in latte/latte
Ecosystems: packagist
Packages: latte/latte
Source: GitHub Advisory Database
Blast Radius: 32.9
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS0zcXBtLWg5Y2gtcHgzY80gtg
Remote code injection, Improper Input Validation and Uncontrolled Recursion in Log4j library
Ecosystems: maven
Packages: org.powernukkit:powernukkit
Source: GitHub Advisory Database
Blast Radius: 12.6
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS1ncDZqLXZ4NTQtNXBtZs0guA
Incorrect validation of parties IDs leaks secret keys in Secret-sharing scheme
Ecosystems: go
Packages: github.com/keep-network/keep-ecdsa
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS05dzdmLW00ajQtajN4d80g4g
Gerapy < 0.9.8 may cause remote code execution
Ecosystems: pypi
Packages: gerapy
Source: GitHub Advisory Database
Blast Radius: 15.0
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS01M3h2LWMyaHgtNXc2cc0d_Q
Command Injection in node-windows
Ecosystems: npm
Packages: node-windows
Source: GitHub Advisory Database
Blast Radius: 29.0
Published: over 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTYyN3AtcnI3OC05OXJq
GitLab auth uses full name instead of username as user ID, allowing impersonation
Ecosystems: go
Packages: github.com/concourse/dex, github.com/concourse/concourse
Source: GitHub Advisory Database
Blast Radius: 11.9
Published: over 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW05aHAtN3I5OS05NGg1
Critical security issues in XML encoding in github.com/dexidp/dex
Ecosystems: go
Packages: github.com/russellhaering/goxmldsig, github.com/dexidp/dex
Source: GitHub Advisory Database
Blast Radius: 29.6
Published: over 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJ4MzItam05NS0yY3B4
Authentication Bypass in dex
Ecosystems: go
Packages: github.com/dexidp/dex
Source: GitHub Advisory Database
Blast Radius: 17.9
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS1xYzIyLXF3bTktajhyeM0dGQ
Remote Code Execution in npm-groovy-lint
Ecosystems: npm
Packages: npm-groovy-lint
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW0zZm0taDVqcC1xNzlw
Authorization bypass in Openshift
Ecosystems: go
Packages: github.com/openshift/origin
Source: GitHub Advisory Database
Blast Radius: 29.3
Published: over 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTY4d20tcGZqZi13cXA2
Authelia vulnerable to an authentication bypassed with malformed request URI on nginx
Ecosystems: go
Packages: github.com/authelia/authelia/v4
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS1xODY4LWM0dnctcWp4M80czw
ThinkPHP5 SQL Injection vulnerability
Ecosystems: packagist
Packages: topthink/framework
Source: GitHub Advisory Database
Blast Radius: 34.4
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS1qN2MzLTk2cmYtanJycM0cpw
Critical vulnerability in log4j may affect generated PEAR projects
Ecosystems: maven
Packages: de.averbis.textanalysis:pear-archetype
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS03NHI2LWdyajktOHJxNs0ZEw
Remote Code Execution in AjaxNetProfessional
Ecosystems: nuget
Packages: AjaxNetProfessional
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS0yd3IyLThxanEtZ2g1Nc0ZDA
Exposure of Resource to Wrong Sphere in org.craftercms:crafter-search
Ecosystems: maven
Packages: org.craftercms:crafter-search
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS14OTQ5LTdjbTYtZm02cM0avQ
Code Injection in md-to-pdf.
Ecosystems: npm
Packages: md-to-pdf
Source: GitHub Advisory Database
Blast Radius: 22.5
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS1ndjg3LXE2NmgtNDI3N80ckg
Command injection in itext7-core
Ecosystems: maven
Packages: com.itextpdf:itextpdf, com.itextpdf:itext7-core
Source: GitHub Advisory Database
Blast Radius: 38.2
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS05NGc3LWhwdjgtaDlxbc0bRQ
Remote code injection in Log4j
Ecosystems: maven
Packages: com.splunk.logging:splunk-library-javalogging
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS01OWc0LWhwZzMtM2djcM0bQw
Files Accessible to External Parties in Opencast
Ecosystems: maven
Packages: org.opencastproject:opencast-ingest-service-impl
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS01Y3FtLWNyeG0tNnFwds0bSA
Buffer overrun in CGI.escape_html
Ecosystems: rubygems
Packages: cgi
Source: GitHub Advisory Database
Blast Radius: 26.4
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS1tZjRmLWo1ODgtNXhtOM0bPQ
Apache Log4j Remote Code Execution
Ecosystems: maven
Packages: org.opencastproject:opencast-common
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS03cmpyLTNxNTUtdnYzM80bQA
Incomplete fix for Apache Log4j vulnerability
Ecosystems: maven
Packages: org.apache.logging.log4j:log4j-core
Source: GitHub Advisory Database
Blast Radius: 44.8
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS03OTJqLTl3ajMtajYzNM0Z9w
Command injection in github-todos
Ecosystems: npm
Packages: github-todos
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS0zM2djLTZjdzktdzNnNM0ZXg
Deserialization of Untrusted Data in topthink/framework
Ecosystems: packagist
Packages: topthink/framework
Source: GitHub Advisory Database
Blast Radius: 34.4
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS03Mjg5LWNod2otN2g4Ns0ZMg
Path traversal in librenms/librenms
Ecosystems: packagist
Packages: librenms/librenms
Source: GitHub Advisory Database
Blast Radius: 3.0
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS14eGZoLXg5OHAtajhmcs0atA
Remote code injection in Log4j (through pax-logging-log4j2)
Ecosystems: maven
Packages: org.ops4j.pax.logging:pax-logging-log4j2
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWY3OGYtMzUzbS1jZjRq
Code Injection in node-rules
Ecosystems: npm
Packages: node-rules
Source: GitHub Advisory Database
Blast Radius: 16.2
Published: over 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXYyNnctZ2N4aC12NHI3
Prototype polluation in just-safe-set
Ecosystems: npm
Packages: just-safe-set
Source: GitHub Advisory Database
Blast Radius: 32.2
Published: over 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWc3bXEtcmZqMi0yNXdx
Code Injection in total4
Ecosystems: npm
Packages: total4
Source: GitHub Advisory Database
Blast Radius: 27.5
Published: over 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTdmbTYtZ3hxZy0ycHdy
Code Injection in total.js
Ecosystems: npm
Packages: total.js
Source: GitHub Advisory Database
Blast Radius: 20.3
Published: over 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTl4N20tOWhwZy14eG13
Prototype Pollution in putil-merge
Ecosystems: npm
Packages: putil-merge
Source: GitHub Advisory Database
Blast Radius: 16.5
Published: over 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWhtODItcXI0NS1oN213
Prototype Pollution in field
Ecosystems: npm
Packages: field
Source: GitHub Advisory Database
Blast Radius: 12.3
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS1qZmg4LWMyanAtNXYzcc0asw
Remote code injection in Log4j
Ecosystems: maven
Packages: org.apache.logging.log4j:log4j-core, uk.co.nichesolutions.logging.log4j:log4j-core, org.xbib.elasticsearch:log4j, com.guicedee.services:log4j-core
Source: GitHub Advisory Database
Blast Radius: 49.2
Published: over 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTRtNnEtcnhobS02NzV3
OS Command Injection in adb-driver
Ecosystems: npm
Packages: adb-driver
Source: GitHub Advisory Database
Blast Radius: 26.7
Published: over 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTNxOXgtdzUzcC1qZzUz
OS Command Injection in heroku-addonpool
Ecosystems: npm
Packages: heroku-addonpool
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTdxOWYteDZybS1xbXhy
Command Injection in compass-compile
Ecosystems: npm
Packages: compass-compile
Source: GitHub Advisory Database
Blast Radius: 3.0
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS13anFjLWo1Mzctajlnas0Z-A
Command injection in git-it-electron
Ecosystems: npm
Packages: git-it-electron
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS02cjdjLTZ3OTYtOHB2d80ZPw
Remote Code Execution in AjaxNetProfessional
Ecosystems: nuget
Packages: AjaxNetProfessional
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS1xcnZqLTI3NGgtaGZjZ80ZRw
Deserialization of Untrusted Data in topthink/framework
Ecosystems: packagist
Packages: topthink/framework
Source: GitHub Advisory Database
Blast Radius: 34.4
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS1taDlqLXY2bXEtcGZjaM0ZMQ
Path manipulation in matyhtf/framework
Ecosystems: packagist
Packages: matyhtf/framework
Source: GitHub Advisory Database
Blast Radius: 4.7
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS13ZjVwLWY1eHItYzRqas0YRg
SQL Injection in rosariosis
Ecosystems: packagist
Packages: francoisjacquet/rosariosis
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS1wZm13LXZqNzQtcGg4Z80YjQ
HashiCorp Vault Incorrect Permission Assignment for Critical Resource
Ecosystems: go
Packages: github.com/hashicorp/vault
Source: GitHub Advisory Database
Blast Radius: 30.6
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS13cDRoLXB2Z3ctNTcyN80Y7Q
Improperly Controlled Modification of Dynamically-Determined Object Attributes in Apache Struts
Ecosystems: maven
Packages: org.apache.struts:struts2-core
Source: GitHub Advisory Database
Blast Radius: 37.2
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS03cnBjLTltODgtY2Y5d80YPQ
OS Command Injection Vulnerability and Potential Zip Slip Vulnerability in baserCMS
Ecosystems: packagist
Packages: baserproject/basercms
Source: GitHub Advisory Database
Blast Radius: 5.5
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS1oZjJtLWo5OHItNGZxd80YdA
API token verification can be bypassed in NodeBB
Ecosystems: npm
Packages: nodebb
Source: GitHub Advisory Database
Blast Radius: 4.7
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS13eDY5LXJ2ZzMteDdmY80YdQ
XSS via prototype pollution in NodeBB
Ecosystems: npm
Packages: nodebb
Source: GitHub Advisory Database
Blast Radius: 4.3
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS04Z3c2LXc1cnctNGc1Y80YMA
Incorrect Default Permissions in Apache JSPWiki
Ecosystems: maven
Packages: org.apache.jspwiki:jspwiki-main
Source: GitHub Advisory Database
Blast Radius: 11.8
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS1yNjRtLXFjaGotaHJqcM0YFg
Webcache Poisoning in shopware/platform and shopware/core
Ecosystems: packagist
Packages: shopware/platform, shopware/core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS12cGY1LTgyYzgtOXYzNs0XwA
Prototype Pollution in algoliasearch-helper
Ecosystems: npm
Packages: algoliasearch-helper
Source: GitHub Advisory Database
Blast Radius: 42.3
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS0zdzVoLXg0cmgtaGMyOM0Xmg
Exposure of sensitive information in Apache Ozone
Ecosystems: maven
Packages: org.apache.ozone:ozone-main
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS0zM3hoLXhjaDktcDZoas0XrQ
Incorrect Authorization in Apache Ozone
Ecosystems: maven
Packages: org.apache.ozone:ozone-main
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS04NmZoLWo1OG0tN3BmNc0XvA
Improper Privilege Management in Apache Ozone
Ecosystems: maven
Packages: org.apache.ozone:ozone-main
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS04amhwLTJnY3ItcXc5Ns0Xzg
Moodle vulnerable to RCE via unsafe deserialization
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 13.9
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS03ZzQ3LXh4ZmYtOXA4Nc0WIA
Remote unauthenticated attackers able to upload files in Onionshare
Ecosystems: pypi
Packages: onionshare-cli
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS12aHJwLThxeDQtdnI2Y80XYA
Incorrect Access Control in Ignition
Ecosystems: packagist
Packages: facade/ignition
Source: GitHub Advisory Database
Blast Radius: 52.2
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS04OTZyLWYyN3ItNTVtd80XPA
json-schema is vulnerable to Prototype Pollution
Ecosystems: npm
Packages: json-schema
Source: GitHub Advisory Database
Blast Radius: 60.7
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS1ncHFjLTRwcDctNTk1NM0XVQ
Authentication Bypass by CSRF Weakness
Ecosystems: rubygems
Packages: spree_auth_devise
Source: GitHub Advisory Database
Blast Radius: 31.4
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS04eGZ3LTVxODItMzY1Ms0XVA
Authentication Bypass by CSRF Weakness
Ecosystems: rubygems
Packages: spree_auth_devise
Source: GitHub Advisory Database
Blast Radius: 31.4
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS02bXFyLXE4NnEtNmd3cs0XUw
Authentication Bypass by CSRF Weakness
Ecosystems: rubygems
Packages: spree_auth_devise
Source: GitHub Advisory Database
Blast Radius: 31.4
Published: over 2 years ago
Statistics
Advisories: 18,752
Packages: 8,375
Repositories: 1,301
Ecosystems: 12
Filter by Severity
Moderate 8,149 High 6,447 Critical 2,848 Low 1,014
Filter by Ecosystem
npm 954 maven 826 packagist 491 pypi 370 go 215 cargo 154 rubygems 110 nuget 49 actions 4 hex 4 swift 2
Filter by Package
magento/community-edition 34 com.fasterxml.jackson.core:jackson-databind 24 dolibarr/dolibarr 23 org.jenkins-ci.main:jenkins-core 18 net.mingsoft:ms-mcms 18 salt 17 moodle/moodle 15 drupal/core 14 topthink/framework 13 com.liferay.portal:release.portal.bom 13 langchain 12 com.liferay.portal:release.dxp.bom 12 mlflow 12 org.apache.dubbo:dubbo 12 magento/core 11 org.apache.struts:struts2-core 11 apache-airflow 10 drupal/drupal 10 vm2 10 funadmin/funadmin 9 phpmyadmin/phpmyadmin 9 tensorflow 9 org.xwiki.platform:xwiki-platform-oldcore 9 froxlor/froxlor 8 paddlepaddle 8 org.jeecgframework.boot:jeecg-boot-common 8 rdiffweb 8 tensorflow-cpu 8 tensorflow-gpu 8 org.xwiki.platform:xwiki-platform-web-templates 8 shopware/platform 8 studio-42/elfinder 7 rusqlite 7 sequelize 7 ansible 7 gogs.io/gogs 7 symfony/symfony 7 org.xwiki.platform:xwiki-platform-administration-ui 7 github.com/argoproj/argo-cd 6 parse-server 6 thorsten/phpmyfaq 6 ezsystems/ezpublish-kernel 6 aaptjs 6 github.com/answerdev/answer 6 mercurial 5 centreon/centreon 5 shopware/core 5 org.jeecgframework.boot:jeecg-boot-parent 5 org.apache.shiro:shiro-core 5 org.jenkins-ci.plugins:script-security 5 org.apache.activemq:activemq-client 5 steal 5 Microsoft.ChakraCore 5 mautic/core 5 org.xwiki.commons:xwiki-commons-xml 5 nodebb 5 org.xwiki.platform:xwiki-platform-web 5 prestashop/prestashop 5 safe-eval 5 ckb 5 zendframework/zendframework 5 Pillow 5 django 5 org.apache.inlong:manager-pojo 5 realms-shim 4 calibreweb 4 github.com/grafana/grafana 4 hermes-engine 4 contao/core-bundle 4 org.apache.tomcat.embed:tomcat-embed-core 4 spree_auth_devise 4 pyload-ng 4 feehi/cms 4 librenms/librenms 4 PaddlePaddle 4 org.apache.openmeetings:openmeetings-parent 4 contao/contao 4 smallvec 4 code.gitea.io/gitea 4 org.cloudfoundry.identity:cloudfoundry-identity-server 4 Django 4 github.com/hashicorp/vault 4 nilsteampassnet/teampass 4 net.opentsdb:opentsdb 4 apache-airflow-providers-apache-hive 4 org.xwiki.platform:xwiki-platform-flamingo-skin-resources 4 org.apache.inlong:manager-service 4 org.eclipse.jetty:jetty-server 4 org.jeecgframework.boot:jeecg-boot-base-core 4 swagger-ui 4 org.apache.kylin:kylin-server-base 4 org.xwiki.platform:xwiki-platform-appwithinminutes-ui 4 github.com/usememos/memos 4 baserproject/basercms 4 openssl-src 4 safer-eval 4 nukeviet/nukeviet 4 org.apache.tapestry:tapestry-core 4 github.com/argoproj/argo-cd/v2 4 messagepack-rs 4 org.apache.solr:solr-parent 3 pimcore/pimcore 3 lmdb 3 org.richfaces:richfaces-core 3 org.xwiki.platform:xwiki-platform-flamingo-theme-ui 3 org.xwiki.platform:xwiki-platform-panels-ui 3 github.com/hashicorp/nomad 3 publify_core 3 nvflare 3 org.jenkins-ci.plugins:active-directory 3 org.apache.logging.log4j:log4j-core 3 zendframework/zendframework1 3 showdoc/showdoc 3 org.zenframework.z8.dependencies.commons:log4j-1.2.17 3 ezsystems/ezplatform-kernel 3 org.apache.hadoop:hadoop-common 3 @openzeppelin/contracts-upgradeable 3 com.alibaba:dubbo 3 symfony/security-core 3 modoboa 3 log4j:log4j 3 org.apache.storm:storm 3 symfony/security 3 edu.stanford.nlp:stanford-corenlp 3 org.xwiki.platform:xwiki-platform-icon-ui 3 ro.pippo:pippo-core 3 com.hazelcast:hazelcast 3 org.keycloak:keycloak-core 3 org.apache.ozone:ozone-main 3 adodb/adodb-php 3 smarty/smarty 3 slpjs 3 strapi 3 dompdf/dompdf 3 browserify-shim 3 actix-web 3 mongoose 3 facade/ignition 3 org.apache.linkis:linkis 3 com.jflyfox:jflyfox_jfinal 3 codiad/codiad 3 jsrsasign 3 io.undertow:undertow-core 3 ibexa/core 3 org.apache.jmeter:ApacheJMeter 3 cobbler 3 org.springframework.security:spring-security-core 3 github.com/dexidp/dex 3 github.com/pterodactyl/wings 3 simplesamlphp/simplesamlphp 3 org.jenkins-ci.plugins.workflow:workflow-cps 3 io.dataease:dataease-plugin-common 3 rubygems-update 3 org.apache.any23:apache-any23 3 org.apache.solr:solr-core 3 org.xwiki.platform:xwiki-platform-search-ui 3 xcb 3 phpmailer/phpmailer 3 github.com/rancher/rancher 3 craftcms/cms 3 francoisjacquet/rosariosis 3 ray 3 codeigniter4/framework 3 org.apache.dolphinscheduler:dolphinscheduler 3 nokogiri 3 typo3/cms 3 elefant/cms 3 impresscms/impresscms 3 org.apache.ignite:ignite-core 3 id-map 3 handlebars 3 tribalsystems/zenario 3 codeigniter/framework 3 feathers-sequelize 3 github.com/go-gitea/gitea 3 org.apache.inlong:manager-web 3 org.jeecgframework.boot:jeecg-boot-base 3 slp-validate 3 async-git 2 python-keystoneclient 2 org.apache.flume.flume-ng-sources:flume-jms-source 2 llama-index 2 eslint-config-eslint 2 org.apache.inlong:manager-dao 2 org.jenkins-ci.plugins:semantic-versioning-plugin 2 github.com/sap/cloud-security-client-go 2 org.apache.shiro:shiro-web 2 apache-superset 2 mathjs 2 github.com/crewjam/saml 2 alextselegidis/easyappointments 2 github.com/russellhaering/gosaml2 2 total4 2 org.apache.derby:derby 2 laravel/framework 2 org.apache.commons:commons-configuration2 2 org.xwiki.platform:xwiki-platform-attachment-ui 2 Radicale 2 com.hazelcast.jet:hazelcast-jet 2 vyper 2
Filter by Repository
https://github.com/xwiki/xwiki-platform 81 https://github.com/FasterXML/jackson-databind 24 https://github.com/jenkinsci/jenkins 17 https://github.com/Dolibarr/dolibarr 15 https://github.com/saltstack/salt 14 https://github.com/apache/airflow 14 https://github.com/mlflow/mlflow 11 https://github.com/PaddlePaddle/Paddle 11 https://github.com/ming-soft/MCMS 10 https://github.com/patriksimek/vm2 10 https://github.com/jeecgboot/jeecg-boot 9 https://github.com/tensorflow/tensorflow 9 https://github.com/top-think/framework 9 https://github.com/funadmin/funadmin 9 https://github.com/django/django 9 https://github.com/langchain-ai/langchain 8 https://github.com/magento/magento2 8 https://github.com/apache/inlong 8 https://github.com/ikus060/rdiffweb 8 https://github.com/argoproj/argo-cd 7 https://github.com/gogs/gogs 7 https://github.com/go-gitea/gitea 7 https://github.com/python-pillow/Pillow 7 https://github.com/Studio-42/elFinder 7 https://github.com/apache/struts 7 https://github.com/sequelize/sequelize 7 https://github.com/rusqlite/rusqlite 7 https://github.com/ansible/ansible 7 https://github.com/answerdev/answer 6 https://github.com/symfony/symfony 6 https://github.com/shenzhim/aaptjs 6 https://github.com/xwiki/xwiki-commons 6 https://github.com/thorsten/phpmyfaq 6 https://github.com/parse-community/parse-server 6 https://github.com/shopware/platform 6 https://github.com/solidusio/solidus_auth_devise 5 https://github.com/froxlor/froxlor 5 https://github.com/hacksparrow/safe-eval 5 https://github.com/moodle/moodle 5 https://github.com/NodeBB/NodeBB 5 https://github.com/apache/activemq 5 https://github.com/stealjs/steal 5 https://github.com/PrestaShop/PrestaShop 5 https://github.com/dromara/hutool 5 https://github.com/nervosnetwork/ckb 5 https://github.com/keycloak/keycloak 5 https://github.com/apache/tomcat 5 https://github.com/otake84/messagepack-rs 4 https://github.com/cloudfoundry/uaa 4 https://github.com/hwchase17/langchain 4 https://github.com/janeczku/calibre-web 4 https://github.com/swagger-api/swagger-ui 4 https://github.com/liufee/cms 4 https://github.com/OpenTSDB/opentsdb 4 https://github.com/grafana/grafana 4 https://github.com/servo/rust-smallvec 4 https://github.com/ezsystems/ezpublish-kernel 4 https://github.com/usememos/memos 4 https://github.com/dompdf/dompdf 4 https://github.com/pippo-java/pippo 4 https://github.com/pyload/pyload 4 https://github.com/contao/contao 4 https://github.com/CVEProject/cvelist 4 https://github.com/spring-projects/spring-framework 4 https://github.com/centreon/centreon-archived 3 https://github.com/cobbler/cobbler 3 https://github.com/opencast/opencast 3 https://github.com/pimcore/pimcore 3 https://github.com/thlorenz/browserify-shim 3 https://github.com/shopware/shopware 3 https://github.com/rancher/rancher 3 https://github.com/facebook/hermes 3 https://github.com/star7th/showdoc 3 https://github.com/pterodactyl/wings 3 https://github.com/feathersjs-ecosystem/feathers-sequelize 3 https://github.com/ImpressCMS/impresscms 3 https://github.com/facade/ignition 3 https://github.com/PHPMailer/PHPMailer 3 https://github.com/publify/publify 3 https://github.com/smarty-php/smarty 3 https://github.com/craftcms/cms 3 https://github.com/nukeviet/nukeviet 3 https://github.com/ezsystems/ezplatform-kernel 3 https://github.com/jflyfox/jfinal_cms 3 https://github.com/simpleledger/slpjs 3 https://github.com/phpmyadmin/phpmyadmin 3 https://github.com/crewjam/saml 3 https://github.com/chakra-core/ChakraCore 3 https://github.com/dataease/dataease 3 https://github.com/NVIDIA/NVFlare 3 https://github.com/ADOdb/ADOdb 3 https://github.com/ibexa/core 3 https://github.com/rubygems/rubygems.org 3 https://github.com/andrewhickman/id-map 3 https://github.com/apache/camel 3 https://github.com/rubygems/rubygems 3 https://github.com/twisted/twisted 3 https://github.com/hazelcast/hazelcast 3 https://github.com/actix/actix-web 3 https://github.com/modoboa/modoboa 3 https://github.com/dwisiswant0/advisory 3 https://github.com/run-llama/llama_index 3 https://github.com/jbroadway/elefant 3 https://github.com/strapi/strapi 3 https://github.com/octobercms/october 3 https://github.com/denoland/deno 3 https://github.com/mautic/mautic 3 https://github.com/TeamSeri0us/pocs 3 https://github.com/baserproject/basercms 3 https://github.com/LetianYuan/My-CVE-Public-References 3 https://github.com/dexidp/dex 3 https://github.com/github/securitylab 3 https://github.com/apache/shiro 3 https://github.com/neorazorx/facturascripts 3 https://github.com/kjur/jsrsasign 3 https://github.com/mbechler/marshalsec 3 https://github.com/jmrozanec/cron-utils 2 https://github.com/pytorch/serve 2 https://github.com/sjep/array 2 https://github.com/jfinal/jfinal 2 https://github.com/OpenAPITools/openapi-generator 2 https://github.com/simpleledger/slp-validate.js 2 https://github.com/top-think/thinkphp 2 https://github.com/SAP/cloud-pysec 2 https://github.com/apache/kylin 2 https://github.com/TribalSystems/Zenario 2 https://github.com/totaljs/framework 2 https://github.com/stanfordnlp/corenlp 2 https://github.com/HtmlUnit/htmlunit 2 https://github.com/ahdinosaur/set-in 2 https://github.com/kubernetes/kubernetes 2 https://github.com/Microsoft/ChakraCore 2 https://github.com/MrSwitch/hello.js 2 https://github.com/ibexa/admin-ui 2 https://github.com/evmos/evmos 2 https://github.com/beego/beego 2 https://github.com/dominictarr/libnested 2 https://github.com/fluxcd/flux2 2 https://github.com/moby/buildkit 2 https://github.com/unshiftio/url-parse 2 https://github.com/sidorares/node-mysql2 2 https://github.com/noear/solon 2 https://github.com/h2database/h2database 2 https://github.com/firebase/php-jwt 2 https://github.com/netvl/acc_reader 2 https://github.com/rubyzip/rubyzip 2 https://github.com/russellhaering/gosaml2 2 https://github.com/jenkinsci/semantic-versioning-plugin 2 https://github.com/rest-client/rest-client 2 https://github.com/hashicorp/go-getter 2 https://github.com/qcubed/qcubed 2 https://github.com/nats-io/jwt 2 https://github.com/getgrav/grav 2 https://github.com/rochacbruno/quokka 2 https://github.com/graphite-project/graphite-web 2 https://github.com/rails/rails 2 https://github.com/uasoft-indonesia/badaso 2 https://github.com/apache/flume 2 https://github.com/Froxlor/Froxlor 2 https://github.com/TogaTech/tEnvoy 2 https://github.com/PowerJob/PowerJob 2 https://github.com/Gerapy/Gerapy 2 https://github.com/rust-random/rand 2 https://github.com/hashicorp/nomad 2 https://github.com/vert-x3/vertx-web 2 https://github.com/apache/karaf 2 https://github.com/simplesamlphp/simplesamlphp 2 https://github.com/nilsteampassnet/teampass 2 https://github.com/sparklemotion/nokogiri 2 https://gitlab.com/francoisjacquet/rosariosis 2 https://github.com/laurent22/joplin 2 https://github.com/dominictarr/event-stream 2 https://github.com/KnpLabs/snappy 2 https://github.com/apache/incubator-streampark 2 https://github.com/SAP/cloud-security-services-integration-library 2 https://github.com/skoranga/node-dns-sync 2 https://github.com/commenthol/safer-eval 2 https://github.com/SAP/cloud-security-client-go 2 https://github.com/dfinity/agent-js 2 https://github.com/jaw187/node-traceroute 2 https://github.com/WWBN/AVideo 2 https://github.com/markevans/dragonfly 2 https://github.com/nilsteampassnet/TeamPass 2 https://github.com/soketi/soketi 2 https://github.com/line/armeria 2 https://github.com/gofiber/fiber 2 https://github.com/joomla/joomla-cms 2 https://github.com/OpenZeppelin/openzeppelin-contracts-upgradeable 2 https://github.com/google/flatbuffers 2 https://github.com/benbusby/whoogle-search 2 https://github.com/gventuri/pandas-ai 2 https://github.com/nodejs/llhttp 2 https://github.com/zoujingli/ThinkAdmin 2 https://github.com/Automattic/mongoose 2 https://github.com/handlebars-lang/handlebars.js 2 https://github.com/hashicorp/vault 2 https://github.com/ionicabizau/parse-url 2 https://github.com/cockpit-hq/cockpit 2 https://github.com/keystonejs/keystone 2