Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Critical Security Advisories

Loading...
Critical
GSA_kwCzR0hTQS0yNnh4LW00cTIteGhxOM0XUg
Authentication Bypass by CSRF Weakness
Ecosystems: rubygems
Packages: spree_auth_devise
Source: GitHub Advisory Database
Blast Radius: 31.4
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS01NjI5LTg4NTUtZ2Y0Z80XUQ
Authentication Bypass by CSRF Weakness
Ecosystems: rubygems
Packages: solidus_core
Source: GitHub Advisory Database
Blast Radius: 25.8
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS14bTM0LXY4NWgtOXBnMs0XUA
Authentication Bypass by CSRF Weakness
Ecosystems: rubygems
Packages: solidus_auth_devise
Source: GitHub Advisory Database
Blast Radius: 25.6
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS12cGZwLTVnd3EtZzUzM80XVg
Improper Authentication in Apache ShenYu Admin
Ecosystems: maven
Packages: org.apache.shenyu:shenyu-admin
Source: GitHub Advisory Database
Blast Radius: 16.1
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS1yN2NqLThoamcteDYyMs0XOw
DBAL 3 SQL Injection Security Vulnerability
Ecosystems: packagist
Packages: doctrine/dbal
Source: GitHub Advisory Database
Blast Radius: 50.4
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS1wOW04LTI3eDgtcmc4N80XOQ
Critical vulnerability found in cron-utils
Ecosystems: maven
Packages: com.cronutils:cron-utils
Source: GitHub Advisory Database
Blast Radius: 29.5
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS1xOXE2LWY1NTYtZ3BtN80XJw
Improper Verification of Cryptographic Signature in starkbank-ecdsa
Ecosystems: npm
Packages: starkbank-ecdsa
Source: GitHub Advisory Database
Blast Radius: 22.6
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS1qM2p3LWoyajgtMnd2Oc0XJg
Improper Verification of Cryptographic Signature in starkbank-ecdsa
Ecosystems: nuget
Packages: starkbank-ecdsa
Source: GitHub Advisory Database
Blast Radius: 24.3
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS1yMjhoLXg2aHYtMmZxM80XJQ
Improper Verification of Cryptographic Signature in starkbank-ecdsa
Ecosystems: maven
Packages: com.starkbank:starkbank-ecdsa
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS05MnZtLW14amYtanFmM80XJA
Improper Verification of Cryptographic Signature in starkbank-ecdsa
Ecosystems: pypi
Packages: starkbank-ecdsa
Source: GitHub Advisory Database
Blast Radius: 29.3
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS1xY2o2LWpxcmctNHdwMs0XHQ
Template injection in thymeleaf-spring5
Ecosystems: maven
Packages: org.thymeleaf:thymeleaf-spring5
Source: GitHub Advisory Database
Blast Radius: 37.3
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS01N3d4LW05ODMtMmY4OM0XCw
Incomplete validation in boosted trees code
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 45.8
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS05ajltLTh3amMtZmY5Ns0XGg
Apostrophe CMS Insufficient Session Expiration vulnerability
Ecosystems: npm
Packages: apostrophe
Source: GitHub Advisory Database
Blast Radius: 21.2
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS1nMnE1LTU0MzMtcmhyZs0W4A
Embedded malware in rc
Ecosystems: npm
Packages: rc
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS03M3FyLXBmbXEtNnJwOM0W3w
Embedded malware in coa
Ecosystems: npm
Packages: coa
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS00cXdxLXE0cHItcnI3cs0WzA
Vulnerability in packageCmd function leads to arbitrary code execution via filePath parameters
Ecosystems: npm
Packages: aaptjs
Source: GitHub Advisory Database
Blast Radius: 26.4
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS05Y3EzLWZqMmgtZ2dqNc0WzQ
Vulnerability in remove function leads to arbitrary code execution via filePath parameters
Ecosystems: npm
Packages: aaptjs
Source: GitHub Advisory Database
Blast Radius: 26.4
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS1yNDk2LTdoZ3AtNTN3Zs0Wyw
Vulnerability in dump function leads to arbitrary code execution via filePath parameters
Ecosystems: npm
Packages: aaptjs
Source: GitHub Advisory Database
Blast Radius: 26.4
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS00Zzd4LTd2Z3EtM2oyOM0Wyg
Vulnerability in list function leads to arbitrary code execution via filePath parameters
Ecosystems: npm
Packages: aaptjs
Source: GitHub Advisory Database
Blast Radius: 26.4
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS12ODk5LTI4ZzQtcW1oOM0WyQ
XML External Entity vulnerability in Easy-XML
Ecosystems: pypi
Packages: easy-xml
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS12aGZwLTl3dmotZ3d2Z80WyA
XML External Entity vulnerability in MODX CMS
Ecosystems: packagist
Packages: modx/revolution
Source: GitHub Advisory Database
Blast Radius: 6.4
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS03Znc3LWdoMjMtZjgzMs0Wxw
Vulnerability in singleCrunch function leads to arbitrary code execution via filePath parameters
Ecosystems: npm
Packages: aaptjs
Source: GitHub Advisory Database
Blast Radius: 26.4
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS1tN3AyLWdoZmgtcGp2eM0Wxg
Vulnerability in crunch function leads to arbitrary code execution via filePath parameters
Ecosystems: npm
Packages: aaptjs
Source: GitHub Advisory Database
Blast Radius: 26.4
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS01eHZjLXZnbXAtamdjM80Wvg
Improper Access Control in jupyterhub-firstuseauthenticator
Ecosystems: pypi
Packages: jupyterhub-firstuseauthenticator
Source: GitHub Advisory Database
Blast Radius: 14.2
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS1qOGZxLTg2YzUtNXYycs0WvA
Remote code execution in dask
Ecosystems: pypi
Packages: distributed
Source: GitHub Advisory Database
Blast Radius: 37.9
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS13NzI5LTc2MzMtMmZ3Nc0WuQ
Deserialization of Untrusted Data leading to Remote Code Execution in Apache Storm
Ecosystems: maven
Packages: org.apache.storm:storm
Source: GitHub Advisory Database
Blast Radius: 12.1
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS02NzY4LW1jamMtODIyM80WuA
Command injection leading to Remote Code Execution in Apache Storm
Ecosystems: maven
Packages: org.apache.storm:storm
Source: GitHub Advisory Database
Blast Radius: 12.1
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS00Mjg2LWg0N2gtbTV2Ns0WtA
Showdoc File Upload Vulnerability
Ecosystems: packagist
Packages: showdoc/showdoc
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS0zdzczLWZtZjMtaGc1Y80Wmw
Policies not properly enforced in OWASP Java HTML Sanitizer
Ecosystems: maven
Packages: com.googlecode.owasp-java-html-sanitizer:owasp-java-html-sanitizer
Source: GitHub Advisory Database
Blast Radius: 30.0
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS1yamYyLWoycjYtcThncs0Wlw
Prototype Pollution in vm2
Ecosystems: npm
Packages: vm2
Source: GitHub Advisory Database
Blast Radius: 46.2
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS1nNjdnLWh2YzMteG12Zs0WkA
Inconsistent input sanitisation leads to XSS vectors
Ecosystems: pypi
Packages: omero-web, omero-figure
Source: GitHub Advisory Database
Blast Radius: 13.5
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS04NGczLWN2ODktbTlnbc0WQQ
Prototype pollution vulnerability in 'patchmerge'
Ecosystems: npm
Packages: patchmerge
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS03dnhyLTZjeGctajN4OM0WRw
OS Command Injection in ftpd
Ecosystems: rubygems
Packages: ftpd
Source: GitHub Advisory Database
Blast Radius: 12.1
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS1tYzd3LTRjamYtYzk3M80WSQ
OS Command Injection in node-opencv
Ecosystems: npm
Packages: opencv
Source: GitHub Advisory Database
Blast Radius: 23.0
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS0ydzNmLTl3M3EtcXc3N80Whg
Prototype Pollution in config-handler
Ecosystems: npm
Packages: config-handler
Source: GitHub Advisory Database
Blast Radius: 6.8
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS1meHdmLTQ1YzctNHBwcs0WgA
Prototype pollution in object-hierarchy-access
Ecosystems: npm
Packages: object-hierarchy-access
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS1majU4LWgyZnItM3BwMs0WeA
SQL Injection and Cross-site Scripting in class-validator
Ecosystems: npm
Packages: class-validator
Source: GitHub Advisory Database
Blast Radius: 46.6
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS1xOXA0LXFmYzgtZnZwcM0Wdw
SQL Injection in medoo
Ecosystems: packagist
Packages: catfan/medoo
Source: GitHub Advisory Database
Blast Radius: 27.8
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS1jM3hxLWNqOGYtNzgyOc0WdQ
Inadequate Encryption Strength in python-keystoneclient
Ecosystems: pypi
Packages: python-keystoneclient
Source: GitHub Advisory Database
Blast Radius: 34.3
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS1tNXY3LXByMzItbWp4Ms0Wbw
Critical severity vulnerability in Ignition
Ecosystems: packagist
Packages: facade/ignition
Source: GitHub Advisory Database
Blast Radius: 52.2
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS03YzdnLTcycTctNHhobc0WbA
Prototype pollution vulnerability in 'deepref'
Ecosystems: npm
Packages: deepref
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS1teDN4LWdocW0tcjQzaM0Wag
Prototype pollution vulnerability in 'predefine'
Ecosystems: npm
Packages: predefine
Source: GitHub Advisory Database
Blast Radius: 30.3
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS0zcjl4LW1qcm0tMjcyNc0WaQ
Prototype pollution vulnerability in 'libnested'
Ecosystems: npm
Packages: libnested
Source: GitHub Advisory Database
Blast Radius: 22.2
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS05NTdqLTU5YzItajY5Ms0WaA
Prototype pollution in getobject
Ecosystems: npm
Packages: getobject
Source: GitHub Advisory Database
Blast Radius: 50.2
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS12bWZoLWM1NDctdjQ1aM0WMA
Remote code execution in ruby-jss
Ecosystems: rubygems
Packages: ruby-jss
Source: GitHub Advisory Database
Blast Radius: 4.7
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS03NTM0LW1tNDUtYzc0ds0WKQ
Buffer Overflow in Pillow
Ecosystems: pypi
Packages: pillow
Source: GitHub Advisory Database
Blast Radius: 48.5
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS14cHYyLThwcGotNzloaM0WHQ
Expression injection in AviatorScript
Ecosystems: maven
Packages: com.googlecode.aviator:aviator
Source: GitHub Advisory Database
Blast Radius: 25.9
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS05Mzc4LWY0djctamdtNM0WFw
Deserialization of Untrusted Data in org.apache.ddlutils:ddlutils
Ecosystems: maven
Packages: org.apache.ddlutils:ddlutils
Source: GitHub Advisory Database
Blast Radius: 22.1
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS1tN2g1LWZqanEtNTU5Zs0WEg
SQL Injection in topthink/thinkphp
Ecosystems: packagist
Packages: topthink/thinkphp
Source: GitHub Advisory Database
Blast Radius: 10.2
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS14djd2LXJmNmcteHdyY80WEA
Directory Traversal in typo3/phar-stream-wrapper
Ecosystems: packagist
Packages: drupal/drupal, drupal/core, typo3/phar-stream-wrapper
Source: GitHub Advisory Database
Blast Radius: 36.5
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS02d2hmLXE2cDUtODR3Z80WBw
Improper Access Control in Webauthn Framework
Ecosystems: packagist
Packages: web-auth/webauthn-framework
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS0zYzljLTJwNjUtcXZ3ds0V_A
Prototype pollution in aurelia-path
Ecosystems: npm
Packages: aurelia-path
Source: GitHub Advisory Database
Blast Radius: 28.6
Published: over 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTRmcjItajRnOS1tcHBm
Prototype Pollution in deephas
Ecosystems: npm
Packages: deephas
Source: GitHub Advisory Database
Blast Radius: 20.5
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS14cHdqLTd2OHEtbWNnas0V-g
Deno's static imports inside dynamically imported modules do not adhere to permission checks
Ecosystems: cargo
Packages: deno
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS1ocGY3LTRjMmctOWNoZs0V-A
Remote Code Execution in Halibut
Ecosystems: nuget
Packages: Halibut
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXhwZnAtZjU2OS1xM3Ay
SQL Injection in Django
Ecosystems: pypi
Packages: Django
Source: GitHub Advisory Database
Blast Radius: 49.6
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS00amcyLTg0YzItcGo5Nc0V7A
Improper Control of Generation of Code ('Code Injection') in @asyncapi/modelina
Ecosystems: npm
Packages: @asyncapi/modelina
Source: GitHub Advisory Database
Blast Radius: 16.0
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS03MjlmLXd2ajMtYzRwas0Vzw
Remote code execution in UReport
Ecosystems: maven
Packages: com.bstek.ureport:ureport2-core
Source: GitHub Advisory Database
Blast Radius: 10.9
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS1mNmpwLWo2dzMtdzlobc0V4A
Apache Shiro vulnerable to a specially crafted HTTP request causing an authentication bypass
Ecosystems: maven
Packages: org.apache.shiro:shiro-core
Source: GitHub Advisory Database
Blast Radius: 41.9
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS01dnAzLXY0aGMtZ3g3Ns0VxA
UUPSUpgradeable vulnerability in @openzeppelin/contracts
Ecosystems: npm
Packages: @openzeppelin/contracts-upgradeable, @openzeppelin/contracts
Source: GitHub Advisory Database
Blast Radius: 44.5
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS1xNGg5LTQ2eGctbTN4Oc0Vww
UUPSUpgradeable vulnerability in @openzeppelin/contracts-upgradeable
Ecosystems: npm
Packages: @openzeppelin/contracts-upgradeable
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS1jcXFoLTQ5bXgtZnE2M80Vug
merge vulnerable to Prototype Pollution
Ecosystems: npm
Packages: @viking04/merge
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS05OXB4LTc3MjQtNDg0ds0VvQ
Remote Code Execution in Any23
Ecosystems: maven
Packages: org.apache.any23:apache-any23
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS04MzhyLWh2d2gtMjRoOM0VvA
XML Injection in Any23
Ecosystems: maven
Packages: org.apache.any23:apache-any23
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS1xODk3LTlqeGYtamc5cs0VtA
Security check skip in Apache Dubbo
Ecosystems: maven
Packages: org.apache.dubbo:dubbo
Source: GitHub Advisory Database
Blast Radius: 34.4
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS1xdm03LTIzY2otNDM3ds0Vsw
Remote Code Execution in Apache Dubbo
Ecosystems: maven
Packages: org.apache.dubbo:dubbo
Source: GitHub Advisory Database
Blast Radius: 34.4
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS1jNDQyLTMyNzgtcmhyZ80Vqg
Unrestricted File Upload in ShowDoc v2.9.5
Ecosystems: packagist
Packages: showdoc/showdoc
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS1jcHg5LTRyd3YtNDg2ds0VqA
Hessian protocol configuration vulnerability in Apache Dubbo
Ecosystems: maven
Packages: org.apache.dubbo:dubbo
Source: GitHub Advisory Database
Blast Radius: 34.4
Published: over 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJwODktNWYyMi04cXZm
Exposure of Sensitive Information to an Unauthorized Actor
Ecosystems: packagist
Packages: shopware/platform
Source: GitHub Advisory Database
Blast Radius: 14.4
Published: over 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTdxNDQtZ2Z2cS02Zzkz
SQL Injection in Subrion CMS
Ecosystems: packagist
Packages: intelliants/subrion
Source: GitHub Advisory Database
Blast Radius: 5.9
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS05cTV3LTc5Y3YtOTQ3bc0Vog
Unsafe defaults in `remark-html`
Ecosystems: npm
Packages: remark-html
Source: GitHub Advisory Database
Blast Radius: 43.1
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS1yNjU5LTh4ZnAtajMyN80VoQ
objection.js Prototype Pollution vulnerability
Ecosystems: npm
Packages: objection
Source: GitHub Advisory Database
Blast Radius: 34.1
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS0yYzgzLXdmdjMtcTI1Zs0Vmg
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in ZMarkdown
Ecosystems: npm
Packages: rebber
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS01OTN2LXdjcXgtaHEyd80Vlw
Incorrect version tags linked to external repository
Ecosystems: npm
Packages: parse-server
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS00cXc4LXBncHItcDltcc0VlQ
Bash command injection in Apache Zeppelin
Ecosystems: maven
Packages: org.apache.zeppelin:zeppelin
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS13bXBtLWZxN3ItanE1Ns0VkA
Imporoper path validation in elFinder.NetCore
Ecosystems: nuget
Packages: elFinder.NetCore
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS0zM2Y5LWo4MzktcmY4aM0VjA
Prototype Pollution in immer
Ecosystems: npm
Packages: immer
Source: GitHub Advisory Database
Blast Radius: 60.5
Published: over 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWhxbTItZ3dxZi1yNWc1
SQL injection in TYPO3 extension
Ecosystems: packagist
Packages: ecodev/newsletter
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS01MmNmLTIyNmYtcmhyNs0ViQ
Default CORS config allows any origin with credentials
Ecosystems: maven
Packages: org.http4s:http4s-server
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXc4NzMteGNxcS14OTIy
Command Injection in Simiki
Ecosystems: pypi
Packages: simiki
Source: GitHub Advisory Database
Blast Radius: 6.8
Published: over 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTQ1NzQtcXYzdy1mY21n
Deserialization of Untrusted Data in codeception/codeception
Ecosystems: packagist
Packages: codeception/codeception
Source: GitHub Advisory Database
Blast Radius: 41.5
Published: over 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWY5Y3YtNjY1ci0yNzVo
Prototype Pollution in merge-change
Ecosystems: npm
Packages: merge-change
Source: GitHub Advisory Database
Blast Radius: 6.8
Published: over 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWg5N2YtNTI1OC01NTkz
Incorrect Authorization in serverless-offline
Ecosystems: npm
Packages: serverless-offline
Source: GitHub Advisory Database
Blast Radius: 40.0
Published: over 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXY5ajQtY3A2My1xdjYy
Tarslip in go-unarr
Ecosystems: go
Packages: github.com/gen2brain/go-unarr
Source: GitHub Advisory Database
Blast Radius: 15.8
Published: over 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXBjNHctOHY1ai0yOXc5
Deserialization of Untrusted Data in Neo4j
Ecosystems: maven
Packages: org.neo4j:neo4j
Source: GitHub Advisory Database
Blast Radius: 31.7
Published: over 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTQ1dzctN2c2My0ybTV3
Drop of uninitialized memory in stack_dst
Ecosystems: cargo
Packages: stack_dst
Source: GitHub Advisory Database
Blast Radius: 8.3
Published: over 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLThtangtaDIzaC13MnBn
Double free in stack_dst
Ecosystems: cargo
Packages: stack_dst
Source: GitHub Advisory Database
Blast Radius: 8.3
Published: over 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXdjdnAtcjhqOC00N3Bj
Double free in toodee
Ecosystems: cargo
Packages: toodee
Source: GitHub Advisory Database
Blast Radius: 4.7
Published: over 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXY5Mm0taGhody12djl2
Code injection in codiad
Ecosystems: packagist
Packages: codiad/codiad
Source: GitHub Advisory Database
Blast Radius: 5.9
Published: over 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTIzZnEtcTdoYy05OTNy
HashiCorp Vault underlying database had excessively broad filesystem permissions from v1.4.0 until v1.8.0
Ecosystems: go
Packages: github.com/hashicorp/vault
Source: GitHub Advisory Database
Blast Radius: 33.0
Published: over 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTRxMnItcXhwNi1oNWo2
Improper Restriction of XML External Entity Reference in Quokka
Ecosystems: pypi
Packages: quokka
Source: GitHub Advisory Database
Blast Radius: 5.9
Published: over 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTk4aHYtcWZmMy04Nzkz
Unrestricted Upload of File with Dangerous Type in django-widgy
Ecosystems: pypi
Packages: django-widgy
Source: GitHub Advisory Database
Blast Radius: 8.3
Published: over 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTN4ZzUtNmMzai12cDh4
Improper Restriction of XML External Entity Reference in Quokka
Ecosystems: pypi
Packages: quokka
Source: GitHub Advisory Database
Blast Radius: 5.9
Published: over 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWNwdjgtNnhnci1ybWY2
Dolibarr Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: dolibarr/dolibarr
Source: GitHub Advisory Database
Blast Radius: 7.1
Published: over 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTlqanItcXFmcC1wcHd4
remote code execution via git repo provider
Ecosystems: pypi
Packages: binderhub
Source: GitHub Advisory Database
Blast Radius: 2.9
Published: over 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZydzQtdzczci02bW04
TimelockController vulnerability in OpenZeppelin Contracts
Ecosystems: npm
Packages: @openzeppelin/contracts-upgradeable
Source: GitHub Advisory Database
Blast Radius: 36.9
Published: over 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWZnNDctM2MyeC1tMndy
TimelockController vulnerability in OpenZeppelin Contracts
Ecosystems: npm
Packages: @openzeppelin/contracts
Source: GitHub Advisory Database
Blast Radius: 45.4
Published: over 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTQ1cDctYzk1OS1yZ2Nt
Process crashes when the cell used as DepGroup is not alive
Ecosystems: cargo
Packages: ckb
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXBxcXAteG1oai13Z2N3
crossbeam-deque Data Race before v0.7.4 and v0.8.1
Ecosystems: cargo
Packages: crossbeam-deque
Source: GitHub Advisory Database
Blast Radius: 44.3
Published: over 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTN2djMtZnJycS02NDg2
Use of Uninitialized Resource in alg_ds
Ecosystems: cargo
Packages: alg_ds
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Statistics
Advisories: 18,752
Packages: 8,375
Repositories: 1,301
Ecosystems: 12
Filter by Severity
Moderate 8,149 High 6,447 Critical 2,848 Low 1,014
Filter by Ecosystem
npm 954 maven 826 packagist 491 pypi 370 go 215 cargo 154 rubygems 110 nuget 49 actions 4 hex 4 swift 2
Filter by Package
magento/community-edition 34 com.fasterxml.jackson.core:jackson-databind 24 dolibarr/dolibarr 23 org.jenkins-ci.main:jenkins-core 18 net.mingsoft:ms-mcms 18 salt 17 moodle/moodle 15 drupal/core 14 topthink/framework 13 com.liferay.portal:release.portal.bom 13 langchain 12 com.liferay.portal:release.dxp.bom 12 mlflow 12 org.apache.dubbo:dubbo 12 magento/core 11 org.apache.struts:struts2-core 11 apache-airflow 10 drupal/drupal 10 vm2 10 funadmin/funadmin 9 phpmyadmin/phpmyadmin 9 tensorflow 9 org.xwiki.platform:xwiki-platform-oldcore 9 froxlor/froxlor 8 paddlepaddle 8 org.jeecgframework.boot:jeecg-boot-common 8 rdiffweb 8 tensorflow-cpu 8 tensorflow-gpu 8 org.xwiki.platform:xwiki-platform-web-templates 8 shopware/platform 8 studio-42/elfinder 7 rusqlite 7 sequelize 7 ansible 7 gogs.io/gogs 7 symfony/symfony 7 org.xwiki.platform:xwiki-platform-administration-ui 7 github.com/argoproj/argo-cd 6 parse-server 6 thorsten/phpmyfaq 6 ezsystems/ezpublish-kernel 6 aaptjs 6 github.com/answerdev/answer 6 mercurial 5 centreon/centreon 5 shopware/core 5 org.jeecgframework.boot:jeecg-boot-parent 5 org.apache.shiro:shiro-core 5 org.jenkins-ci.plugins:script-security 5 org.apache.activemq:activemq-client 5 steal 5 Microsoft.ChakraCore 5 mautic/core 5 org.xwiki.commons:xwiki-commons-xml 5 nodebb 5 org.xwiki.platform:xwiki-platform-web 5 prestashop/prestashop 5 safe-eval 5 ckb 5 zendframework/zendframework 5 Pillow 5 django 5 org.apache.inlong:manager-pojo 5 realms-shim 4 calibreweb 4 github.com/grafana/grafana 4 hermes-engine 4 contao/core-bundle 4 org.apache.tomcat.embed:tomcat-embed-core 4 spree_auth_devise 4 pyload-ng 4 feehi/cms 4 librenms/librenms 4 PaddlePaddle 4 org.apache.openmeetings:openmeetings-parent 4 contao/contao 4 smallvec 4 code.gitea.io/gitea 4 org.cloudfoundry.identity:cloudfoundry-identity-server 4 Django 4 github.com/hashicorp/vault 4 nilsteampassnet/teampass 4 net.opentsdb:opentsdb 4 apache-airflow-providers-apache-hive 4 org.xwiki.platform:xwiki-platform-flamingo-skin-resources 4 org.apache.inlong:manager-service 4 org.eclipse.jetty:jetty-server 4 org.jeecgframework.boot:jeecg-boot-base-core 4 swagger-ui 4 org.apache.kylin:kylin-server-base 4 org.xwiki.platform:xwiki-platform-appwithinminutes-ui 4 github.com/usememos/memos 4 baserproject/basercms 4 openssl-src 4 safer-eval 4 nukeviet/nukeviet 4 org.apache.tapestry:tapestry-core 4 github.com/argoproj/argo-cd/v2 4 messagepack-rs 4 org.apache.solr:solr-parent 3 pimcore/pimcore 3 lmdb 3 org.richfaces:richfaces-core 3 org.xwiki.platform:xwiki-platform-flamingo-theme-ui 3 org.xwiki.platform:xwiki-platform-panels-ui 3 github.com/hashicorp/nomad 3 publify_core 3 nvflare 3 org.jenkins-ci.plugins:active-directory 3 org.apache.logging.log4j:log4j-core 3 zendframework/zendframework1 3 showdoc/showdoc 3 org.zenframework.z8.dependencies.commons:log4j-1.2.17 3 ezsystems/ezplatform-kernel 3 org.apache.hadoop:hadoop-common 3 @openzeppelin/contracts-upgradeable 3 com.alibaba:dubbo 3 symfony/security-core 3 modoboa 3 log4j:log4j 3 org.apache.storm:storm 3 symfony/security 3 edu.stanford.nlp:stanford-corenlp 3 org.xwiki.platform:xwiki-platform-icon-ui 3 ro.pippo:pippo-core 3 com.hazelcast:hazelcast 3 org.keycloak:keycloak-core 3 org.apache.ozone:ozone-main 3 adodb/adodb-php 3 smarty/smarty 3 slpjs 3 strapi 3 dompdf/dompdf 3 browserify-shim 3 actix-web 3 mongoose 3 facade/ignition 3 org.apache.linkis:linkis 3 com.jflyfox:jflyfox_jfinal 3 codiad/codiad 3 jsrsasign 3 io.undertow:undertow-core 3 ibexa/core 3 org.apache.jmeter:ApacheJMeter 3 cobbler 3 org.springframework.security:spring-security-core 3 github.com/dexidp/dex 3 github.com/pterodactyl/wings 3 simplesamlphp/simplesamlphp 3 org.jenkins-ci.plugins.workflow:workflow-cps 3 io.dataease:dataease-plugin-common 3 rubygems-update 3 org.apache.any23:apache-any23 3 org.apache.solr:solr-core 3 org.xwiki.platform:xwiki-platform-search-ui 3 xcb 3 phpmailer/phpmailer 3 github.com/rancher/rancher 3 craftcms/cms 3 francoisjacquet/rosariosis 3 ray 3 codeigniter4/framework 3 org.apache.dolphinscheduler:dolphinscheduler 3 nokogiri 3 typo3/cms 3 elefant/cms 3 impresscms/impresscms 3 org.apache.ignite:ignite-core 3 id-map 3 handlebars 3 tribalsystems/zenario 3 codeigniter/framework 3 feathers-sequelize 3 github.com/go-gitea/gitea 3 org.apache.inlong:manager-web 3 org.jeecgframework.boot:jeecg-boot-base 3 slp-validate 3 async-git 2 python-keystoneclient 2 org.apache.flume.flume-ng-sources:flume-jms-source 2 llama-index 2 eslint-config-eslint 2 org.apache.inlong:manager-dao 2 org.jenkins-ci.plugins:semantic-versioning-plugin 2 github.com/sap/cloud-security-client-go 2 org.apache.shiro:shiro-web 2 apache-superset 2 mathjs 2 github.com/crewjam/saml 2 alextselegidis/easyappointments 2 github.com/russellhaering/gosaml2 2 total4 2 org.apache.derby:derby 2 laravel/framework 2 org.apache.commons:commons-configuration2 2 org.xwiki.platform:xwiki-platform-attachment-ui 2 Radicale 2 com.hazelcast.jet:hazelcast-jet 2 vyper 2
Filter by Repository
https://github.com/xwiki/xwiki-platform 81 https://github.com/FasterXML/jackson-databind 24 https://github.com/jenkinsci/jenkins 17 https://github.com/Dolibarr/dolibarr 15 https://github.com/saltstack/salt 14 https://github.com/apache/airflow 14 https://github.com/mlflow/mlflow 11 https://github.com/PaddlePaddle/Paddle 11 https://github.com/ming-soft/MCMS 10 https://github.com/patriksimek/vm2 10 https://github.com/jeecgboot/jeecg-boot 9 https://github.com/tensorflow/tensorflow 9 https://github.com/top-think/framework 9 https://github.com/funadmin/funadmin 9 https://github.com/django/django 9 https://github.com/langchain-ai/langchain 8 https://github.com/magento/magento2 8 https://github.com/apache/inlong 8 https://github.com/ikus060/rdiffweb 8 https://github.com/argoproj/argo-cd 7 https://github.com/gogs/gogs 7 https://github.com/go-gitea/gitea 7 https://github.com/python-pillow/Pillow 7 https://github.com/Studio-42/elFinder 7 https://github.com/apache/struts 7 https://github.com/sequelize/sequelize 7 https://github.com/rusqlite/rusqlite 7 https://github.com/ansible/ansible 7 https://github.com/answerdev/answer 6 https://github.com/symfony/symfony 6 https://github.com/shenzhim/aaptjs 6 https://github.com/xwiki/xwiki-commons 6 https://github.com/thorsten/phpmyfaq 6 https://github.com/parse-community/parse-server 6 https://github.com/shopware/platform 6 https://github.com/solidusio/solidus_auth_devise 5 https://github.com/froxlor/froxlor 5 https://github.com/hacksparrow/safe-eval 5 https://github.com/moodle/moodle 5 https://github.com/NodeBB/NodeBB 5 https://github.com/apache/activemq 5 https://github.com/stealjs/steal 5 https://github.com/PrestaShop/PrestaShop 5 https://github.com/dromara/hutool 5 https://github.com/nervosnetwork/ckb 5 https://github.com/keycloak/keycloak 5 https://github.com/apache/tomcat 5 https://github.com/otake84/messagepack-rs 4 https://github.com/cloudfoundry/uaa 4 https://github.com/hwchase17/langchain 4 https://github.com/janeczku/calibre-web 4 https://github.com/swagger-api/swagger-ui 4 https://github.com/liufee/cms 4 https://github.com/OpenTSDB/opentsdb 4 https://github.com/grafana/grafana 4 https://github.com/servo/rust-smallvec 4 https://github.com/ezsystems/ezpublish-kernel 4 https://github.com/usememos/memos 4 https://github.com/dompdf/dompdf 4 https://github.com/pippo-java/pippo 4 https://github.com/pyload/pyload 4 https://github.com/contao/contao 4 https://github.com/CVEProject/cvelist 4 https://github.com/spring-projects/spring-framework 4 https://github.com/centreon/centreon-archived 3 https://github.com/cobbler/cobbler 3 https://github.com/opencast/opencast 3 https://github.com/pimcore/pimcore 3 https://github.com/thlorenz/browserify-shim 3 https://github.com/shopware/shopware 3 https://github.com/rancher/rancher 3 https://github.com/facebook/hermes 3 https://github.com/star7th/showdoc 3 https://github.com/pterodactyl/wings 3 https://github.com/feathersjs-ecosystem/feathers-sequelize 3 https://github.com/ImpressCMS/impresscms 3 https://github.com/facade/ignition 3 https://github.com/PHPMailer/PHPMailer 3 https://github.com/publify/publify 3 https://github.com/smarty-php/smarty 3 https://github.com/craftcms/cms 3 https://github.com/nukeviet/nukeviet 3 https://github.com/ezsystems/ezplatform-kernel 3 https://github.com/jflyfox/jfinal_cms 3 https://github.com/simpleledger/slpjs 3 https://github.com/phpmyadmin/phpmyadmin 3 https://github.com/crewjam/saml 3 https://github.com/chakra-core/ChakraCore 3 https://github.com/dataease/dataease 3 https://github.com/NVIDIA/NVFlare 3 https://github.com/ADOdb/ADOdb 3 https://github.com/ibexa/core 3 https://github.com/rubygems/rubygems.org 3 https://github.com/andrewhickman/id-map 3 https://github.com/apache/camel 3 https://github.com/rubygems/rubygems 3 https://github.com/twisted/twisted 3 https://github.com/hazelcast/hazelcast 3 https://github.com/actix/actix-web 3 https://github.com/modoboa/modoboa 3 https://github.com/dwisiswant0/advisory 3 https://github.com/run-llama/llama_index 3 https://github.com/jbroadway/elefant 3 https://github.com/strapi/strapi 3 https://github.com/octobercms/october 3 https://github.com/denoland/deno 3 https://github.com/mautic/mautic 3 https://github.com/TeamSeri0us/pocs 3 https://github.com/baserproject/basercms 3 https://github.com/LetianYuan/My-CVE-Public-References 3 https://github.com/dexidp/dex 3 https://github.com/github/securitylab 3 https://github.com/apache/shiro 3 https://github.com/neorazorx/facturascripts 3 https://github.com/kjur/jsrsasign 3 https://github.com/mbechler/marshalsec 3 https://github.com/jmrozanec/cron-utils 2 https://github.com/pytorch/serve 2 https://github.com/sjep/array 2 https://github.com/jfinal/jfinal 2 https://github.com/OpenAPITools/openapi-generator 2 https://github.com/simpleledger/slp-validate.js 2 https://github.com/top-think/thinkphp 2 https://github.com/SAP/cloud-pysec 2 https://github.com/apache/kylin 2 https://github.com/TribalSystems/Zenario 2 https://github.com/totaljs/framework 2 https://github.com/stanfordnlp/corenlp 2 https://github.com/HtmlUnit/htmlunit 2 https://github.com/ahdinosaur/set-in 2 https://github.com/kubernetes/kubernetes 2 https://github.com/Microsoft/ChakraCore 2 https://github.com/MrSwitch/hello.js 2 https://github.com/ibexa/admin-ui 2 https://github.com/evmos/evmos 2 https://github.com/beego/beego 2 https://github.com/dominictarr/libnested 2 https://github.com/fluxcd/flux2 2 https://github.com/moby/buildkit 2 https://github.com/unshiftio/url-parse 2 https://github.com/sidorares/node-mysql2 2 https://github.com/noear/solon 2 https://github.com/h2database/h2database 2 https://github.com/firebase/php-jwt 2 https://github.com/netvl/acc_reader 2 https://github.com/rubyzip/rubyzip 2 https://github.com/russellhaering/gosaml2 2 https://github.com/jenkinsci/semantic-versioning-plugin 2 https://github.com/rest-client/rest-client 2 https://github.com/hashicorp/go-getter 2 https://github.com/qcubed/qcubed 2 https://github.com/nats-io/jwt 2 https://github.com/getgrav/grav 2 https://github.com/rochacbruno/quokka 2 https://github.com/graphite-project/graphite-web 2 https://github.com/rails/rails 2 https://github.com/uasoft-indonesia/badaso 2 https://github.com/apache/flume 2 https://github.com/Froxlor/Froxlor 2 https://github.com/TogaTech/tEnvoy 2 https://github.com/PowerJob/PowerJob 2 https://github.com/Gerapy/Gerapy 2 https://github.com/rust-random/rand 2 https://github.com/hashicorp/nomad 2 https://github.com/vert-x3/vertx-web 2 https://github.com/apache/karaf 2 https://github.com/simplesamlphp/simplesamlphp 2 https://github.com/nilsteampassnet/teampass 2 https://github.com/sparklemotion/nokogiri 2 https://gitlab.com/francoisjacquet/rosariosis 2 https://github.com/laurent22/joplin 2 https://github.com/dominictarr/event-stream 2 https://github.com/KnpLabs/snappy 2 https://github.com/apache/incubator-streampark 2 https://github.com/SAP/cloud-security-services-integration-library 2 https://github.com/skoranga/node-dns-sync 2 https://github.com/commenthol/safer-eval 2 https://github.com/SAP/cloud-security-client-go 2 https://github.com/dfinity/agent-js 2 https://github.com/jaw187/node-traceroute 2 https://github.com/WWBN/AVideo 2 https://github.com/markevans/dragonfly 2 https://github.com/nilsteampassnet/TeamPass 2 https://github.com/soketi/soketi 2 https://github.com/line/armeria 2 https://github.com/gofiber/fiber 2 https://github.com/joomla/joomla-cms 2 https://github.com/OpenZeppelin/openzeppelin-contracts-upgradeable 2 https://github.com/google/flatbuffers 2 https://github.com/benbusby/whoogle-search 2 https://github.com/gventuri/pandas-ai 2 https://github.com/nodejs/llhttp 2 https://github.com/zoujingli/ThinkAdmin 2 https://github.com/Automattic/mongoose 2 https://github.com/handlebars-lang/handlebars.js 2 https://github.com/hashicorp/vault 2 https://github.com/ionicabizau/parse-url 2 https://github.com/cockpit-hq/cockpit 2 https://github.com/keystonejs/keystone 2