Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Critical Security Advisories
Loading...
Critical
Ecosystems: rubygems
Packages: datagrid
Source: GitHub Advisory Database
Blast Radius: 20.8
Published: almost 5 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJxcDUtcGc3dy04MzJw
datagrid contains code Injection backdoorEcosystems: rubygems
Packages: datagrid
Source: GitHub Advisory Database
Blast Radius: 20.8
Published: almost 5 years ago
Critical
Ecosystems: rubygems
Packages: simple_captcha2
Source: GitHub Advisory Database
Blast Radius: 22.2
Published: almost 5 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXdnNmotcjI4bS03Mjkz
Code backdoor in simple_captcha2Ecosystems: rubygems
Packages: simple_captcha2
Source: GitHub Advisory Database
Blast Radius: 22.2
Published: almost 5 years ago
Critical
Ecosystems: maven
Packages: org.ethereum:ethereumj-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 5 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWhmNHAtam03ci12ampq
Deserialization of Untrusted Data in EthereumJEcosystems: maven
Packages: org.ethereum:ethereumj-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 5 years ago
Critical
Ecosystems: pypi
Packages: aubio
Source: GitHub Advisory Database
Blast Radius: 18.5
Published: almost 5 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWdybWYtNGZxNi0ycjc5
aubio Buffer Overflow vulnerabilityEcosystems: pypi
Packages: aubio
Source: GitHub Advisory Database
Blast Radius: 18.5
Published: almost 5 years ago
Critical
Ecosystems: rubygems
Packages: marginalia
Source: GitHub Advisory Database
Blast Radius: 28.7
Published: almost 5 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWhyajUtcXA3eC1ycGc2
SQL Injection in marginaliaEcosystems: rubygems
Packages: marginalia
Source: GitHub Advisory Database
Blast Radius: 28.7
Published: almost 5 years ago
Critical
Ecosystems: pypi
Packages: ladon
Source: GitHub Advisory Database
Blast Radius: 12.1
Published: almost 5 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZnMzUtdmM5Zi1xN3gy
Improper Restriction of XML External Entity Reference in ladonEcosystems: pypi
Packages: ladon
Source: GitHub Advisory Database
Blast Radius: 12.1
Published: almost 5 years ago
Critical
Ecosystems: maven
Packages: com.thoughtworks.xstream:xstream
Source: GitHub Advisory Database
Blast Radius: 43.2
Published: almost 5 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWhmMjMtOXBmNy0zODhw
Deserialization of Untrusted Data and Code Injection in xstreamEcosystems: maven
Packages: com.thoughtworks.xstream:xstream
Source: GitHub Advisory Database
Blast Radius: 43.2
Published: almost 5 years ago
Critical
Ecosystems: maven
Packages: com.fasterxml.jackson.core:jackson-databind
Source: GitHub Advisory Database
Blast Radius: 52.8
Published: almost 5 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXFyN2otaDZnZy1qbWdj
Deserialization of Untrusted Data in jackson-databindEcosystems: maven
Packages: com.fasterxml.jackson.core:jackson-databind
Source: GitHub Advisory Database
Blast Radius: 52.8
Published: almost 5 years ago
Critical
Ecosystems: rubygems
Packages: paranoid2
Source: GitHub Advisory Database
Blast Radius: 16.9
Published: almost 5 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTRnNGMtOGdxaC1tNHZt
paranoid2 gem Code backdoorEcosystems: rubygems
Packages: paranoid2
Source: GitHub Advisory Database
Blast Radius: 16.9
Published: almost 5 years ago
Critical
Ecosystems: rubygems
Packages: slanger
Source: GitHub Advisory Database
Blast Radius: 10.2
Published: almost 5 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJnMzItbTNoZi03NzJ2
Slanger Arbitrary command executionEcosystems: rubygems
Packages: slanger
Source: GitHub Advisory Database
Blast Radius: 10.2
Published: almost 5 years ago
Critical
Ecosystems: npm
Packages: lodash.defaultsdeep, lodash-amd, lodash-es, lodash
Source: GitHub Advisory Database
Blast Radius: 57.2
Published: almost 5 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWpmODUtY3BjcC1qNjk1
Prototype Pollution in lodashEcosystems: npm
Packages: lodash.defaultsdeep, lodash-amd, lodash-es, lodash
Source: GitHub Advisory Database
Blast Radius: 57.2
Published: almost 5 years ago
Critical
Ecosystems: rubygems
Packages: strong_password
Source: GitHub Advisory Database
Blast Radius: 18.3
Published: almost 5 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTVoNXItZmZjNC1jNDU1
strong_password Ruby gem malicious version causing Remote Code Execution vulnerabilityEcosystems: rubygems
Packages: strong_password
Source: GitHub Advisory Database
Blast Radius: 18.3
Published: almost 5 years ago
Critical
Ecosystems: maven
Packages: org.apache.pdfbox:pdfbox
Source: GitHub Advisory Database
Blast Radius: 39.0
Published: almost 5 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWM5amotM3d2Zy1xNjVo
Vulnerability that affects org.apache.pdfbox:pdfboxEcosystems: maven
Packages: org.apache.pdfbox:pdfbox
Source: GitHub Advisory Database
Blast Radius: 39.0
Published: almost 5 years ago
Critical
Ecosystems: nuget
Packages: MadsKristensen.AspNetCore.Miniblog
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 5 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTk1OHItZzUzNC1jY21y
MadsKristensen.AspNetCore.Miniblog subject to Improper Input ValidationEcosystems: nuget
Packages: MadsKristensen.AspNetCore.Miniblog
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 5 years ago
Critical
Ecosystems: maven
Packages: io.hawt:hawtio-core
Source: GitHub Advisory Database
Blast Radius: 18.3
Published: almost 5 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW1jZzktNjRjcC14d3A3
Server-Side Request Forgery in Hawt HawtioEcosystems: maven
Packages: io.hawt:hawtio-core
Source: GitHub Advisory Database
Blast Radius: 18.3
Published: almost 5 years ago
Critical
Ecosystems: pypi
Packages: django-rest-registration
Source: GitHub Advisory Database
Blast Radius: 21.4
Published: almost 5 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXAzdzYtamNnNC01Mnho
Improper Verification of Cryptographic Signature in django-rest-registrationEcosystems: pypi
Packages: django-rest-registration
Source: GitHub Advisory Database
Blast Radius: 21.4
Published: almost 5 years ago
Critical
Ecosystems: npm
Packages: open
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 5 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTI4eGgtd3Bnci03Zm04
Command Injection in openEcosystems: npm
Packages: open
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 5 years ago
Critical
Ecosystems: npm
Packages: constantinople
Source: GitHub Advisory Database
Blast Radius: 53.3
Published: almost 5 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTR2bW0tbWhjcS00eDlq
Sandbox Bypass Leading to Arbitrary Code Execution in constantinopleEcosystems: npm
Packages: constantinople
Source: GitHub Advisory Database
Blast Radius: 53.3
Published: almost 5 years ago
Critical
Ecosystems: npm
Packages: squel
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 5 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTRxaHgtZzl3cC1nOW02
Failure to sanitize quotes which can lead to sql injection in squelEcosystems: npm
Packages: squel
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 5 years ago
Critical
Ecosystems: maven
Packages: io.undertow:undertow-core
Source: GitHub Advisory Database
Blast Radius: 36.5
Published: almost 5 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWp3Z3gtOW1taC02ODR3
Credential exposure through log files in UndertowEcosystems: maven
Packages: io.undertow:undertow-core
Source: GitHub Advisory Database
Blast Radius: 36.5
Published: almost 5 years ago
Critical
Ecosystems: rubygems
Packages: ruby-openid
Source: GitHub Advisory Database
Blast Radius: 37.7
Published: almost 5 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWZxZmotY21oNi1oajQ5
ruby-openid SSRF via claimed_id requestEcosystems: rubygems
Packages: ruby-openid
Source: GitHub Advisory Database
Blast Radius: 37.7
Published: almost 5 years ago
Critical
Ecosystems: npm
Packages: pem
Source: GitHub Advisory Database
Blast Radius: 35.3
Published: almost 5 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXBnY3ItN3dtNC1tY3Y2
Sensitive Data Exposure in pemEcosystems: npm
Packages: pem
Source: GitHub Advisory Database
Blast Radius: 35.3
Published: almost 5 years ago
Critical
Ecosystems: npm
Packages: express-cart
Source: GitHub Advisory Database
Blast Radius: 3.0
Published: almost 5 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTNmYzUtOXg5bS12cWM0
Privilege Escalation in express-cartEcosystems: npm
Packages: express-cart
Source: GitHub Advisory Database
Blast Radius: 3.0
Published: almost 5 years ago
Critical
Ecosystems: npm
Packages: command-exists
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 5 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWNmZjQtcnJxNi1oNzh3
Command Injection in command-existsEcosystems: npm
Packages: command-exists
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 5 years ago
Critical
Ecosystems: pypi
Packages: buildbot
Source: GitHub Advisory Database
Blast Radius: 20.9
Published: almost 5 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWc4NnAtaGd4NS0ycGZo
Improper Authentication in BuildbotEcosystems: pypi
Packages: buildbot
Source: GitHub Advisory Database
Blast Radius: 20.9
Published: almost 5 years ago
Critical
Ecosystems: maven
Packages: com.thoughtworks.xstream:xstream
Source: GitHub Advisory Database
Blast Radius: 43.2
Published: almost 5 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWY1NTQteDIyMi13Z2Y3
Command Injection in XstreamEcosystems: maven
Packages: com.thoughtworks.xstream:xstream
Source: GitHub Advisory Database
Blast Radius: 43.2
Published: almost 5 years ago
Critical
Ecosystems: pypi
Packages: tensorflow
Source: GitHub Advisory Database
Blast Radius: 47.7
Published: about 5 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW13NnYtY3JoOC04NTMz
Integer Overflow or Wraparound in Google TensorFlowEcosystems: pypi
Packages: tensorflow
Source: GitHub Advisory Database
Blast Radius: 47.7
Published: about 5 years ago
Critical
Ecosystems: nuget
Packages: Auth0-WCF-Service-JWT
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 5 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXFwdngtZ3BxbS1nOThq
Critical severity vulnerability that affects Auth0-WCF-Service-JWTEcosystems: nuget
Packages: Auth0-WCF-Service-JWT
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 5 years ago
Critical
Ecosystems: maven
Packages: com.ctrip.framework.apollo:apollo
Source: GitHub Advisory Database
Blast Radius: 3.0
Published: about 5 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWZ2eDMtZzYyNy1waG0y
Server-Side Request Forgery (SSRF) in com.ctrip.framework.apollo:apolloEcosystems: maven
Packages: com.ctrip.framework.apollo:apollo
Source: GitHub Advisory Database
Blast Radius: 3.0
Published: about 5 years ago
Critical
Ecosystems: pypi
Packages: SQLAlchemy
Source: GitHub Advisory Database
Blast Radius: 46.3
Published: about 5 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTg4N3ctNDVycS12eGdm
SQLAlchemy vulnerable to SQL Injection via order_by parameterEcosystems: pypi
Packages: SQLAlchemy
Source: GitHub Advisory Database
Blast Radius: 46.3
Published: about 5 years ago
Critical
Ecosystems: rubygems
Packages: bootstrap-sass
Source: GitHub Advisory Database
Blast Radius: 50.9
Published: about 5 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZxcXYtdjltMi00OHAy
Bootstrap-sass contains code execution backdoorEcosystems: rubygems
Packages: bootstrap-sass
Source: GitHub Advisory Database
Blast Radius: 50.9
Published: about 5 years ago
Critical
Ecosystems: maven
Packages: net.sf.robocode:robocode.host
Source: GitHub Advisory Database
Blast Radius: 10.6
Published: about 5 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXEyeHAtNzVtNy1ndjUy
Improper Input Validation in net.sf.robocode:robocode.host allows for external service interactionEcosystems: maven
Packages: net.sf.robocode:robocode.host
Source: GitHub Advisory Database
Blast Radius: 10.6
Published: about 5 years ago
Critical
Ecosystems: npm
Packages: morgan
Source: GitHub Advisory Database
Blast Radius: 58.7
Published: about 5 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWd3Zzktcmd2ai00aDVq
Code Injection in morganEcosystems: npm
Packages: morgan
Source: GitHub Advisory Database
Blast Radius: 58.7
Published: about 5 years ago
Critical
Ecosystems: pypi
Packages: ipycache
Source: GitHub Advisory Database
Blast Radius: 11.7
Published: about 5 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWdjbTQtcTJwZy14dzg5
ipycache is vulnerable to Code InjectionEcosystems: pypi
Packages: ipycache
Source: GitHub Advisory Database
Blast Radius: 11.7
Published: about 5 years ago
Critical
Ecosystems: maven
Packages: org.apache.solr:solr-core
Source: GitHub Advisory Database
Blast Radius: 36.2
Published: about 5 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXhoY3EtZnY3eC1ncnIy
Critical severity vulnerability that affects org.apache.solr:solr-coreEcosystems: maven
Packages: org.apache.solr:solr-core
Source: GitHub Advisory Database
Blast Radius: 36.2
Published: about 5 years ago
Critical
Ecosystems: rubygems
Packages: railties
Source: GitHub Advisory Database
Blast Radius: 58.2
Published: about 5 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW00MmgtbWg4NS00cWdj
Use of Insufficiently Random Values in Railties Allows Remote Code ExecutionEcosystems: rubygems
Packages: railties
Source: GitHub Advisory Database
Blast Radius: 58.2
Published: about 5 years ago
Critical
Ecosystems: maven
Packages: org.apache.jmeter:ApacheJMeter
Source: GitHub Advisory Database
Blast Radius: 18.0
Published: about 5 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXdnMzctN21ydi1jZndt
Unauthenticated Remote Code Execution in Apache JMeterEcosystems: maven
Packages: org.apache.jmeter:ApacheJMeter
Source: GitHub Advisory Database
Blast Radius: 18.0
Published: about 5 years ago
Critical
Ecosystems: maven
Packages: com.alipay.sofa:hessian
Source: GitHub Advisory Database
Blast Radius: 19.5
Published: about 5 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXBmd3AtOHBxNC1nN3B2
Incomplete List of Disallowed Inputs in SOFA-HessianEcosystems: maven
Packages: com.alipay.sofa:hessian
Source: GitHub Advisory Database
Blast Radius: 19.5
Published: about 5 years ago
Critical
Ecosystems: npm
Packages: shell-quote
Source: GitHub Advisory Database
Blast Radius: 62.4
Published: about 5 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXFnOHAtdjlxNC1naDM0
Potential Command Injection in shell-quoteEcosystems: npm
Packages: shell-quote
Source: GitHub Advisory Database
Blast Radius: 62.4
Published: about 5 years ago
Critical
Ecosystems: npm
Packages: console-io
Source: GitHub Advisory Database
Blast Radius: 15.9
Published: about 5 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXE1MmotNHEycS1oY2o2
Authentication Bypass in console-ioEcosystems: npm
Packages: console-io
Source: GitHub Advisory Database
Blast Radius: 15.9
Published: about 5 years ago
Critical
Ecosystems: npm
Packages: hapi-auth-jwt2
Source: GitHub Advisory Database
Blast Radius: 30.1
Published: about 5 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW1nOHItOWc2ai1od3Y5
Authentication Bypass in hapi-auth-jwt2Ecosystems: npm
Packages: hapi-auth-jwt2
Source: GitHub Advisory Database
Blast Radius: 30.1
Published: about 5 years ago
Critical
Ecosystems: npm
Packages: Haraka
Source: GitHub Advisory Database
Blast Radius: 13.2
Published: about 5 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXc1bTgtNXY5bS14aHg1
Critical severity vulnerability that affects HarakaEcosystems: npm
Packages: Haraka
Source: GitHub Advisory Database
Blast Radius: 13.2
Published: about 5 years ago
Critical
Ecosystems: npm
Packages: node.extend
Source: GitHub Advisory Database
Blast Radius: 45.6
Published: about 5 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXI5NmMtNTdwZi05ampt
Prototype Pollution in node.extendEcosystems: npm
Packages: node.extend
Source: GitHub Advisory Database
Blast Radius: 45.6
Published: about 5 years ago
Critical
Ecosystems: npm
Packages: just-extend
Source: GitHub Advisory Database
Blast Radius: 49.5
Published: about 5 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTY3NW0tODVydy1qM3c0
Prototype Pollution in just-extendEcosystems: npm
Packages: just-extend
Source: GitHub Advisory Database
Blast Radius: 49.5
Published: about 5 years ago
Critical
Ecosystems: npm
Packages: defaults-deep
Source: GitHub Advisory Database
Blast Radius: 34.7
Published: about 5 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXBqeHctMjJ4Zi02cHdj
Prototype Pollution in defaults-deepEcosystems: npm
Packages: defaults-deep
Source: GitHub Advisory Database
Blast Radius: 34.7
Published: about 5 years ago
Critical
Ecosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Blast Radius: 31.3
Published: over 5 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTlncWctM2Z4ci05aHY3
Apache Airflow vulnerable to XSSEcosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Blast Radius: 31.3
Published: over 5 years ago
Critical
Ecosystems: maven
Packages: org.springframework.ws:spring-xml, org.springframework.ws:spring-ws
Source: GitHub Advisory Database
Blast Radius: 28.9
Published: over 5 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTgyMjItNmZjOC1taHZm
Vulnerability that affects org.springframework.ws:spring-ws and org.springframework.ws:spring-xmlEcosystems: maven
Packages: org.springframework.ws:spring-xml, org.springframework.ws:spring-ws
Source: GitHub Advisory Database
Blast Radius: 28.9
Published: over 5 years ago
Critical
Ecosystems: pypi
Packages: modulemd
Source: GitHub Advisory Database
Blast Radius: 4.7
Published: over 5 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWpoamgtZ2h3eC02aDdy
modulemd uses an unsafe function for processing externally provided dataEcosystems: pypi
Packages: modulemd
Source: GitHub Advisory Database
Blast Radius: 4.7
Published: over 5 years ago
Critical
Ecosystems: maven
Packages: org.apache.karaf.specs:org.apache.karaf.specs.java.xml
Source: GitHub Advisory Database
Blast Radius: 10.9
Published: over 5 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTkyd2oteDc4Yy1tNGZ4
XML External Entity Reference in Apache KarafEcosystems: maven
Packages: org.apache.karaf.specs:org.apache.karaf.specs.java.xml
Source: GitHub Advisory Database
Blast Radius: 10.9
Published: over 5 years ago
Critical
Ecosystems: maven
Packages: com.mchange:c3p0
Source: GitHub Advisory Database
Blast Radius: 41.6
Published: over 5 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXE0ODUtajg5Ny1xYzI3
XML External Entity Reference in mchange:c3p0Ecosystems: maven
Packages: com.mchange:c3p0
Source: GitHub Advisory Database
Blast Radius: 41.6
Published: over 5 years ago
Critical
Ecosystems: maven
Packages: com.fasterxml.jackson.core:jackson-databind
Source: GitHub Advisory Database
Blast Radius: 52.8
Published: over 5 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTRncTUtY2g1Ny1jMm1n
Arbitrary Code Execution in jackson-databindEcosystems: maven
Packages: com.fasterxml.jackson.core:jackson-databind
Source: GitHub Advisory Database
Blast Radius: 52.8
Published: over 5 years ago
Critical
Ecosystems: maven
Packages: com.fasterxml.jackson.core:jackson-databind
Source: GitHub Advisory Database
Blast Radius: 52.8
Published: over 5 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXgydzUtNW0yZy03aDVt
XML External Entity Reference (XXE) in jackson-databindEcosystems: maven
Packages: com.fasterxml.jackson.core:jackson-databind
Source: GitHub Advisory Database
Blast Radius: 52.8
Published: over 5 years ago
Critical
Ecosystems: maven
Packages: com.fasterxml.jackson.core:jackson-databind
Source: GitHub Advisory Database
Blast Radius: 53.9
Published: over 5 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTlteGYtZzN4Ni13djc0
Server-Side Request Forgery (SSRF) in jackson-databindEcosystems: maven
Packages: com.fasterxml.jackson.core:jackson-databind
Source: GitHub Advisory Database
Blast Radius: 53.9
Published: over 5 years ago
Critical
Ecosystems: maven
Packages: com.fasterxml.jackson.core:jackson-databind
Source: GitHub Advisory Database
Blast Radius: 52.8
Published: over 5 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWM4aG0tN2hwcS03amhn
com.fasterxml.jackson.core:jackson-databind vulnerable to Deserialization of Untrusted DataEcosystems: maven
Packages: com.fasterxml.jackson.core:jackson-databind
Source: GitHub Advisory Database
Blast Radius: 52.8
Published: over 5 years ago
Critical
Ecosystems: maven
Packages: com.fasterxml.jackson.core:jackson-databind
Source: GitHub Advisory Database
Blast Radius: 52.8
Published: over 5 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW14OXYtZ21oNC1tZ3F3
Deserialization of Untrusted Data in jackson-databindEcosystems: maven
Packages: com.fasterxml.jackson.core:jackson-databind
Source: GitHub Advisory Database
Blast Radius: 52.8
Published: over 5 years ago
Critical
Ecosystems: maven
Packages: com.fasterxml.jackson.core:jackson-databind
Source: GitHub Advisory Database
Blast Radius: 52.8
Published: over 5 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWY5aHYtbWc1aC14Y3c5
Deserialization of Untrusted Data in jackson-databind due to polymorphic deserializationEcosystems: maven
Packages: com.fasterxml.jackson.core:jackson-databind
Source: GitHub Advisory Database
Blast Radius: 52.8
Published: over 5 years ago
Critical
Ecosystems: maven
Packages: com.fasterxml.jackson.core:jackson-databind
Source: GitHub Advisory Database
Blast Radius: 52.8
Published: over 5 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTY0NXAtODhxaC13Mzk4
Arbitrary Code Execution in jackson-databindEcosystems: maven
Packages: com.fasterxml.jackson.core:jackson-databind
Source: GitHub Advisory Database
Blast Radius: 52.8
Published: over 5 years ago
Critical
Ecosystems: pypi
Packages: recurly
Source: GitHub Advisory Database
Blast Radius: 10.9
Published: over 5 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTM4cnYtNWpxYy1tMmN2
Recurly vulnerable to SSRFEcosystems: pypi
Packages: recurly
Source: GitHub Advisory Database
Blast Radius: 10.9
Published: over 5 years ago
Critical
Ecosystems: pypi
Packages: bleach
Source: GitHub Advisory Database
Blast Radius: 47.8
Published: over 5 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW05bXEtcDJmOS1jZnF2
Bleach URI Scheme Restriction BypassEcosystems: pypi
Packages: bleach
Source: GitHub Advisory Database
Blast Radius: 47.8
Published: over 5 years ago
Critical
Ecosystems: pypi
Packages: pyyaml
Source: GitHub Advisory Database
Blast Radius: 49.9
Published: over 5 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJwcnctaDYydi1jMnc3
PyYAML insecurely deserializes YAML strings leading to arbitrary code executionEcosystems: pypi
Packages: pyyaml
Source: GitHub Advisory Database
Blast Radius: 49.9
Published: over 5 years ago
Critical
Ecosystems: pypi
Packages: definitions
Source: GitHub Advisory Database
Blast Radius: 14.5
Published: over 5 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXY0eDQtOThjZy13cjRn
Code injection in Danijar DefinitionsEcosystems: pypi
Packages: definitions
Source: GitHub Advisory Database
Blast Radius: 14.5
Published: over 5 years ago
Critical
Ecosystems: maven
Packages: commons-fileupload:commons-fileupload
Source: GitHub Advisory Database
Blast Radius: 49.2
Published: over 5 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTd4OWotNzIyMy1yZzVt
Improper Access Control in commons-fileuploadEcosystems: maven
Packages: commons-fileupload:commons-fileupload
Source: GitHub Advisory Database
Blast Radius: 49.2
Published: over 5 years ago
Critical
Ecosystems: maven
Packages: org.apache.hadoop:hadoop-main
Source: GitHub Advisory Database
Blast Radius: 8.9
Published: over 5 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW1xOHAtaDc5OC14Y3Jw
Exposure of Sensitive Information in HadoopEcosystems: maven
Packages: org.apache.hadoop:hadoop-main
Source: GitHub Advisory Database
Blast Radius: 8.9
Published: over 5 years ago
Critical
Ecosystems: maven
Packages: com.squareup.retrofit2:retrofit
Source: GitHub Advisory Database
Blast Radius: 45.8
Published: over 5 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWozNzktOWpyOS13NWNx
XML External Entity (XXE) vulnerability in Square RetrofitEcosystems: maven
Packages: com.squareup.retrofit2:retrofit
Source: GitHub Advisory Database
Blast Radius: 45.8
Published: over 5 years ago
Critical
Ecosystems: maven
Packages: org.esigate:esigate-core
Source: GitHub Advisory Database
Blast Radius: 10.6
Published: over 5 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWhqbTktNTc2cS0zOTlw
Remote Code Execution in esigate-coreEcosystems: maven
Packages: org.esigate:esigate-core
Source: GitHub Advisory Database
Blast Radius: 10.6
Published: over 5 years ago
Critical
Ecosystems: maven
Packages: org.bedework.caleng:bw-calendar-engine
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 5 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXhtdmctdzRmOS05OXI3
XML External Entity (XXE) vulnerability in bw-calendar-engineEcosystems: maven
Packages: org.bedework.caleng:bw-calendar-engine
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 5 years ago
Critical
Ecosystems: maven
Packages: org.exist-db:exist-core
Source: GitHub Advisory Database
Blast Radius: 20.4
Published: over 5 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWp4bTUtNXhjdy1oNTdx
exist-db:exist-core XML External Entity (XXE) vulnerabilityEcosystems: maven
Packages: org.exist-db:exist-core
Source: GitHub Advisory Database
Blast Radius: 20.4
Published: over 5 years ago
Critical
Ecosystems: maven
Packages: org.codelibs.fess:fess
Source: GitHub Advisory Database
Blast Radius: 13.2
Published: over 5 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTc3aHAtcGZ4dy00dzYz
XML External Entity (XXE) vulnerability in codelibs fessEcosystems: maven
Packages: org.codelibs.fess:fess
Source: GitHub Advisory Database
Blast Radius: 13.2
Published: over 5 years ago
Critical
Ecosystems: maven
Packages: org.neo4j.procedure:apoc
Source: GitHub Advisory Database
Blast Radius: 16.4
Published: over 5 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXIycHAteDRtbS00OTk5
XML External Entity (XXE) vulnerability in neo4j.procedure:apocEcosystems: maven
Packages: org.neo4j.procedure:apoc
Source: GitHub Advisory Database
Blast Radius: 16.4
Published: over 5 years ago
Critical
Ecosystems: pypi
Packages: ymlref
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 5 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLThyOGoteHZmai0zNmY5
Code injection in ymlrefEcosystems: pypi
Packages: ymlref
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 5 years ago
Critical
Ecosystems: maven
Packages: ro.pippo:pippo-core
Source: GitHub Advisory Database
Blast Radius: 14.2
Published: over 5 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJtbTUtZzYzaC1tNmc5
Improper Restriction of XML External Entity Reference in pippo-coreEcosystems: maven
Packages: ro.pippo:pippo-core
Source: GitHub Advisory Database
Blast Radius: 14.2
Published: over 5 years ago
Critical
Ecosystems: npm
Packages: jquery-file-upload
Source: GitHub Advisory Database
Blast Radius: 25.8
Published: over 5 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW14cjUtcDM2di00Nzlt
Unrestricted Upload of File with Dangerous Type in jquery-file-uploadEcosystems: npm
Packages: jquery-file-upload
Source: GitHub Advisory Database
Blast Radius: 25.8
Published: over 5 years ago
Critical
Ecosystems: pypi
Packages: pycrypto
Source: GitHub Advisory Database
Blast Radius: 43.9
Published: over 5 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWNxMjctdjd4cC1jMzU2
Buffer Overflow in pycryptoEcosystems: pypi
Packages: pycrypto
Source: GitHub Advisory Database
Blast Radius: 43.9
Published: over 5 years ago
Critical
Ecosystems: pypi
Packages: urllib3
Source: GitHub Advisory Database
Blast Radius: 55.1
Published: over 5 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXd3dzItdjd4ai14cmM2
Exposure of Sensitive Information to an Unauthorized Actor in urllib3Ecosystems: pypi
Packages: urllib3
Source: GitHub Advisory Database
Blast Radius: 55.1
Published: over 5 years ago
Critical
Ecosystems: npm
Packages: flatmap-stream, event-stream
Source: GitHub Advisory Database
Blast Radius: 53.7
Published: over 5 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW1oNmYtOGoyeC00NDgz
Critical severity vulnerability that affects event-stream and flatmap-streamEcosystems: npm
Packages: flatmap-stream, event-stream
Source: GitHub Advisory Database
Blast Radius: 53.7
Published: over 5 years ago
Critical
Ecosystems: maven
Packages: org.apache.hive:hive-jdbc
Source: GitHub Advisory Database
Blast Radius: 30.7
Published: over 5 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWpmMm0tNDM1bS1teHc4
SQL Injection in hive-jdbcEcosystems: maven
Packages: org.apache.hive:hive-jdbc
Source: GitHub Advisory Database
Blast Radius: 30.7
Published: over 5 years ago
Critical
Ecosystems: maven
Packages: org.apache.spark:spark-core_2.10, org.apache.spark:spark-core_2.11
Source: GitHub Advisory Database
Blast Radius: 38.7
Published: over 5 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXBoZzItOWM1Zy1tNHE3
Remote Code Execution in spark-coreEcosystems: maven
Packages: org.apache.spark:spark-core_2.10, org.apache.spark:spark-core_2.11
Source: GitHub Advisory Database
Blast Radius: 38.7
Published: over 5 years ago
Critical
Ecosystems: maven
Packages: com.jason-goodwin:authentikat-jwt_2.12
Source: GitHub Advisory Database
Blast Radius: 4.7
Published: over 5 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTNyaG0tNjdqNi00Mmpx
Exposure of Sensitive information in authentikat-jwtEcosystems: maven
Packages: com.jason-goodwin:authentikat-jwt_2.12
Source: GitHub Advisory Database
Blast Radius: 4.7
Published: over 5 years ago
Critical
Ecosystems: maven
Packages: org.apache.directory.api:apache-ldap-api
Source: GitHub Advisory Database
Blast Radius: 4.7
Published: over 5 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWNmdzUtdjdjdy02OWN3
Credential leak in org.apache.directory.api:apache-ldap-apiEcosystems: maven
Packages: org.apache.directory.api:apache-ldap-api
Source: GitHub Advisory Database
Blast Radius: 4.7
Published: over 5 years ago
Critical
Ecosystems: pypi
Packages: superset
Source: GitHub Advisory Database
Blast Radius: 13.0
Published: over 5 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZ4cDktd3YyZi13cW13
Deserialization of Untrusted Data in supersetEcosystems: pypi
Packages: superset
Source: GitHub Advisory Database
Blast Radius: 13.0
Published: over 5 years ago
Critical
Ecosystems: npm
Packages: jwt-simple
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 5 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZncngtdzZyZy04ZnFm
Forgeable Public/Private Tokens in jwt-simpleEcosystems: npm
Packages: jwt-simple
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 5 years ago
Critical
Ecosystems: npm
Packages: apex-publish-static-files
Source: GitHub Advisory Database
Blast Radius: 7.0
Published: over 5 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTlqbTMtNTgzNS01Mzdt
Command Injection in apex-publish-static-filesEcosystems: npm
Packages: apex-publish-static-files
Source: GitHub Advisory Database
Blast Radius: 7.0
Published: over 5 years ago
Critical
Ecosystems: maven
Packages: net.mingsoft:ms-mcms
Source: GitHub Advisory Database
Blast Radius: 3.0
Published: over 5 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWM3YzcteG04Zy14bTM2
Unrestricted Upload of File with Dangerous Type in mingsoft:ms-mcmsEcosystems: maven
Packages: net.mingsoft:ms-mcms
Source: GitHub Advisory Database
Blast Radius: 3.0
Published: over 5 years ago
Critical
Ecosystems: rubygems
Packages: mysql-binuuid-rails
Source: GitHub Advisory Database
Blast Radius: 8.3
Published: over 5 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZqNjMtMzVoai12bWNn
mysql-bunuuid-rails vulnerable to SQL injectionEcosystems: rubygems
Packages: mysql-binuuid-rails
Source: GitHub Advisory Database
Blast Radius: 8.3
Published: over 5 years ago
Critical
Ecosystems: maven
Packages: ro.pippo:pippo-core
Source: GitHub Advisory Database
Blast Radius: 14.2
Published: over 5 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTdmbTYtMnF3NC1nM3gz
Deserialization of Untrusted Data in PippoEcosystems: maven
Packages: ro.pippo:pippo-core
Source: GitHub Advisory Database
Blast Radius: 14.2
Published: over 5 years ago
Critical
Ecosystems: maven
Packages: ro.pippo:pippo-fastjson, com.alibaba:fastjson
Source: GitHub Advisory Database
Blast Radius: 49.7
Published: over 5 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXhqcnIteHY5bS00cHc1
Improper Input Validation in alilibaba:fastjsonEcosystems: maven
Packages: ro.pippo:pippo-fastjson, com.alibaba:fastjson
Source: GitHub Advisory Database
Blast Radius: 49.7
Published: over 5 years ago
Critical
Ecosystems: maven
Packages: com.github.penggle:kaptcha
Source: GitHub Advisory Database
Blast Radius: 36.4
Published: over 5 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLThxODktcHdoaC03d2Zx
Use of Insufficiently Random Values in penggle:kaptchaEcosystems: maven
Packages: com.github.penggle:kaptcha
Source: GitHub Advisory Database
Blast Radius: 36.4
Published: over 5 years ago
Critical
Ecosystems: maven
Packages: com.typesafe.akka:akka-actor_2.12, com.typesafe.akka:akka-actor_2.11
Source: GitHub Advisory Database
Blast Radius: 29.2
Published: over 5 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW1yOTUtOXJyNC02Njhm
Cryptographically Weak Pseudo-Random Number Generator (PRNG) in akka-actorEcosystems: maven
Packages: com.typesafe.akka:akka-actor_2.12, com.typesafe.akka:akka-actor_2.11
Source: GitHub Advisory Database
Blast Radius: 29.2
Published: over 5 years ago
Critical
Ecosystems: npm
Packages: blueimp-file-upload
Source: GitHub Advisory Database
Blast Radius: 30.4
Published: over 5 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTRjajgtZzljcC12NXdy
Unrestricted Upload of File with Dangerous Type in blueimp-file-uploadEcosystems: npm
Packages: blueimp-file-upload
Source: GitHub Advisory Database
Blast Radius: 30.4
Published: over 5 years ago
Critical
Ecosystems: maven
Packages: org.eclipse.rdf4j:rdf4j-runtime
Source: GitHub Advisory Database
Blast Radius: 23.4
Published: over 5 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZ4cTgtcHZnNC0zbWYz
Eclipse RDF4j vulnerable to XML External EntitiyEcosystems: maven
Packages: org.eclipse.rdf4j:rdf4j-runtime
Source: GitHub Advisory Database
Blast Radius: 23.4
Published: over 5 years ago
Critical
Ecosystems: maven
Packages: org.apache.qpid:qpid-broker
Source: GitHub Advisory Database
Blast Radius: 25.3
Published: over 5 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTI2OW0tNjk1eC1qMzRw
Apache Qpid Broker vulnerable to authentication port spoofingEcosystems: maven
Packages: org.apache.qpid:qpid-broker
Source: GitHub Advisory Database
Blast Radius: 25.3
Published: over 5 years ago
Critical
Ecosystems: maven
Packages: org.eclipse.jetty:jetty-server
Source: GitHub Advisory Database
Blast Radius: 44.5
Published: over 5 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZ4OXgtOHF3OS05cHA2
Jetty vulnerable to authorization bypass due to inconsistent HTTP request handling (HTTP Request Smuggling)Ecosystems: maven
Packages: org.eclipse.jetty:jetty-server
Source: GitHub Advisory Database
Blast Radius: 44.5
Published: over 5 years ago
Critical
Ecosystems: maven
Packages: org.eclipse.jetty:jetty-server
Source: GitHub Advisory Database
Blast Radius: 44.5
Published: over 5 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTg3MmctMmg4aC0zNjJx
Jetty contains an alias issue that could allow unauthenticated remote code execution due to specially crafted requestEcosystems: maven
Packages: org.eclipse.jetty:jetty-server
Source: GitHub Advisory Database
Blast Radius: 44.5
Published: over 5 years ago
Critical
Ecosystems: maven
Packages: org.eclipse.jetty:jetty-server
Source: GitHub Advisory Database
Blast Radius: 44.5
Published: over 5 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZnZzgtNzJmMi1xbTIz
Critical severity vulnerability that affects org.eclipse.jetty:jetty-serverEcosystems: maven
Packages: org.eclipse.jetty:jetty-server
Source: GitHub Advisory Database
Blast Radius: 44.5
Published: over 5 years ago
Critical
Ecosystems: maven
Packages: org.apache.struts:struts2-core
Source: GitHub Advisory Database
Blast Radius: 37.9
Published: over 5 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWo3N3EtMnFxZy02OTg5
Apache Struts vulnerable to remote arbitrary command execution due to improper input validationEcosystems: maven
Packages: org.apache.struts:struts2-core
Source: GitHub Advisory Database
Blast Radius: 37.9
Published: over 5 years ago
Critical
Ecosystems: maven
Packages: org.springframework.security.oauth:spring-security-oauth2
Source: GitHub Advisory Database
Blast Radius: 38.9
Published: over 5 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJycG0tcGo3cC03ajlx
Spring Security OAuth vulnerable to remote code execution (RCE)Ecosystems: maven
Packages: org.springframework.security.oauth:spring-security-oauth2
Source: GitHub Advisory Database
Blast Radius: 38.9
Published: over 5 years ago
Critical
Ecosystems: maven
Packages: com.fasterxml.jackson.dataformat:jackson-dataformat-xml
Source: GitHub Advisory Database
Blast Radius: 43.0
Published: over 5 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWhtcTYtZnJ2My00NzI3
jackson-dataformat-xml vulnerable to XML external entity (XXE)Ecosystems: maven
Packages: com.fasterxml.jackson.dataformat:jackson-dataformat-xml
Source: GitHub Advisory Database
Blast Radius: 43.0
Published: over 5 years ago
Critical
Ecosystems: maven
Packages: com.fasterxml.jackson.core:jackson-databind
Source: GitHub Advisory Database
Blast Radius: 52.8
Published: over 5 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJmeDYtdnA5Zy1yaDd2
jackson-databind vulnerable to remote code execution due to incorrect deserialization and blocklist bypassEcosystems: maven
Packages: com.fasterxml.jackson.core:jackson-databind
Source: GitHub Advisory Database
Blast Radius: 52.8
Published: over 5 years ago
Critical
Ecosystems: maven
Packages: com.fasterxml.jackson.core:jackson-databind
Source: GitHub Advisory Database
Blast Radius: 52.8
Published: over 5 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWg1OTItMzhjbS00Z2dw
jackson-databind vulnerable to deserialization flaw leading to unauthenticated remote code executionEcosystems: maven
Packages: com.fasterxml.jackson.core:jackson-databind
Source: GitHub Advisory Database
Blast Radius: 52.8
Published: over 5 years ago
Critical
Ecosystems: maven
Packages: com.orientechnologies:orientdb-core
Source: GitHub Advisory Database
Blast Radius: 25.5
Published: over 5 years ago
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXhtNnItNDQ2Ni1tcjc0
OrientDB vulnerable to Improper Privilage Management leading to arbitrary command injectionEcosystems: maven
Packages: com.orientechnologies:orientdb-core
Source: GitHub Advisory Database
Blast Radius: 25.5
Published: over 5 years ago
Statistics
Advisories: 18,312
Packages: 8,276
Repositories: 1,286
Ecosystems: 12
Packages: 8,276
Repositories: 1,286
Ecosystems: 12
Filter by Severity
Filter by Ecosystem
Filter by Package
magento/community-edition
27
com.fasterxml.jackson.core:jackson-databind
24
dolibarr/dolibarr
23
net.mingsoft:ms-mcms
18
org.jenkins-ci.main:jenkins-core
18
salt
16
moodle/moodle
15
com.liferay.portal:release.portal.bom
13
com.liferay.portal:release.dxp.bom
12
langchain
12
org.apache.dubbo:dubbo
12
topthink/framework
12
mlflow
12
org.apache.struts:struts2-core
11
drupal/core
11
magento/core
11
apache-airflow
10
vm2
10
phpmyadmin/phpmyadmin
9
org.xwiki.platform:xwiki-platform-oldcore
9
funadmin/funadmin
9
tensorflow
9
shopware/platform
8
paddlepaddle
8
org.jeecgframework.boot:jeecg-boot-common
8
org.xwiki.platform:xwiki-platform-web-templates
8
rdiffweb
8
tensorflow-cpu
8
drupal/drupal
8
tensorflow-gpu
8
studio-42/elfinder
7
symfony/symfony
7
gogs.io/gogs
7
froxlor/froxlor
7
ansible
7
org.xwiki.platform:xwiki-platform-administration-ui
7
sequelize
7
rusqlite
7
github.com/answerdev/answer
6
parse-server
6
thorsten/phpmyfaq
6
github.com/argoproj/argo-cd
6
aaptjs
6
ezsystems/ezpublish-kernel
6
safe-eval
5
django
5
org.jeecgframework.boot:jeecg-boot-parent
5
mercurial
5
org.apache.tomcat.embed:tomcat-embed-core
5
centreon/centreon
5
org.jenkins-ci.plugins:script-security
5
steal
5
nodebb
5
Microsoft.ChakraCore
5
shopware/core
5
Pillow
5
org.xwiki.commons:xwiki-commons-xml
5
org.xwiki.platform:xwiki-platform-web
5
zendframework/zendframework
5
org.apache.activemq:activemq-client
5
org.apache.inlong:manager-pojo
5
org.apache.shiro:shiro-core
5
ckb
5
org.cloudfoundry.identity:cloudfoundry-identity-server
4
spree_auth_devise
4
net.opentsdb:opentsdb
4
apache-airflow-providers-apache-hive
4
librenms/librenms
4
nilsteampassnet/teampass
4
github.com/usememos/memos
4
pyload-ng
4
org.apache.tapestry:tapestry-core
4
org.eclipse.jetty:jetty-server
4
smallvec
4
org.xwiki.platform:xwiki-platform-flamingo-skin-resources
4
code.gitea.io/gitea
4
github.com/hashicorp/vault
4
realms-shim
4
safer-eval
4
nukeviet/nukeviet
4
baserproject/basercms
4
org.jeecgframework.boot:jeecg-boot-base-core
4
hermes-engine
4
org.apache.kylin:kylin-server-base
4
swagger-ui
4
PaddlePaddle
4
calibreweb
4
org.apache.inlong:manager-service
4
org.xwiki.platform:xwiki-platform-appwithinminutes-ui
4
prestashop/prestashop
4
contao/core-bundle
4
contao/contao
4
messagepack-rs
4
github.com/argoproj/argo-cd/v2
4
org.apache.openmeetings:openmeetings-parent
4
Django
4
openssl-src
4
feehi/cms
4
@openzeppelin/contracts-upgradeable
3
nvflare
3
org.jenkins-ci.plugins:active-directory
3
browserify-shim
3
mongoose
3
org.apache.hadoop:hadoop-common
3
org.keycloak:keycloak-core
3
org.apache.logging.log4j:log4j-core
3
edu.stanford.nlp:stanford-corenlp
3
mautic/core
3
org.springframework.security:spring-security-core
3
com.alibaba:dubbo
3
rubygems-update
3
com.hazelcast:hazelcast
3
org.xwiki.platform:xwiki-platform-icon-ui
3
craftcms/cms
3
showdoc/showdoc
3
symfony/security
3
org.apache.linkis:linkis
3
elefant/cms
3
ro.pippo:pippo-core
3
org.apache.inlong:manager-web
3
symfony/security-core
3
org.jenkins-ci.plugins.workflow:workflow-cps
3
ezsystems/ezplatform-kernel
3
publify_core
3
lmdb
3
strapi
3
phpmailer/phpmailer
3
org.apache.storm:storm
3
com.jflyfox:jflyfox_jfinal
3
jsrsasign
3
ibexa/core
3
github.com/rancher/rancher
3
cobbler
3
codeigniter4/framework
3
org.xwiki.platform:xwiki-platform-panels-ui
3
slpjs
3
org.xwiki.platform:xwiki-platform-flamingo-theme-ui
3
github.com/dexidp/dex
3
pimcore/pimcore
3
facade/ignition
3
id-map
3
dompdf/dompdf
3
typo3/cms
3
zendframework/zendframework1
3
org.apache.dolphinscheduler:dolphinscheduler
3
tribalsystems/zenario
3
log4j:log4j
3
org.zenframework.z8.dependencies.commons:log4j-1.2.17
3
slp-validate
3
org.xwiki.platform:xwiki-platform-search-ui
3
org.apache.ignite:ignite-core
3
org.jeecgframework.boot:jeecg-boot-base
3
modoboa
3
codiad/codiad
3
francoisjacquet/rosariosis
3
io.dataease:dataease-plugin-common
3
github.com/hashicorp/nomad
3
feathers-sequelize
3
github.com/pterodactyl/wings
3
github.com/go-gitea/gitea
3
org.apache.ozone:ozone-main
3
xcb
3
org.apache.solr:solr-parent
3
handlebars
3
org.apache.any23:apache-any23
3
ray
3
smarty/smarty
3
impresscms/impresscms
3
nokogiri
3
actix-web
3
io.undertow:undertow-core
3
org.apache.jmeter:ApacheJMeter
3
org.apache.solr:solr-core
3
org.richfaces:richfaces-core
3
github.com/apache/trafficcontrol
2
net.bull.javamelody:javamelody-core
2
zendframework/zend-db
2
nystudio107/craft-seomatic
2
pyyaml
2
pyrocms/pyrocms
2
total4
2
org.xwiki.platform:xwiki-platform-scheduler-ui
2
pandasai
2
flatmap-stream
2
com.h2database:h2
2
wwbn/avideo
2
url-parse
2
xmlhttprequest-ssl
2
puma
2
stack_dst
2
activerecord
2
electron
2
typo3/phar-stream-wrapper
2
org.apache.rocketmq:rocketmq-namesrv
2
org.apache.shiro:shiro-web
2
locutus
2
acc_reader
2
apache-superset
2
org.springframework.amqp:spring-amqp
2
github.com/crewjam/saml
2
Filter by Repository
https://github.com/xwiki/xwiki-platform
81
https://github.com/FasterXML/jackson-databind
24
https://github.com/jenkinsci/jenkins
17
https://github.com/Dolibarr/dolibarr
15
https://github.com/apache/airflow
14
https://github.com/saltstack/salt
14
https://github.com/PaddlePaddle/Paddle
11
https://github.com/mlflow/mlflow
11
https://github.com/ming-soft/MCMS
10
https://github.com/patriksimek/vm2
10
https://github.com/funadmin/funadmin
9
https://github.com/jeecgboot/jeecg-boot
9
https://github.com/tensorflow/tensorflow
9
https://github.com/django/django
8
https://github.com/top-think/framework
8
https://github.com/apache/inlong
8
https://github.com/magento/magento2
8
https://github.com/langchain-ai/langchain
8
https://github.com/ikus060/rdiffweb
8
https://github.com/gogs/gogs
7
https://github.com/ansible/ansible
7
https://github.com/python-pillow/Pillow
7
https://github.com/apache/struts
7
https://github.com/sequelize/sequelize
7
https://github.com/go-gitea/gitea
7
https://github.com/Studio-42/elFinder
7
https://github.com/rusqlite/rusqlite
7
https://github.com/argoproj/argo-cd
7
https://github.com/shenzhim/aaptjs
6
https://github.com/xwiki/xwiki-commons
6
https://github.com/shopware/platform
6
https://github.com/parse-community/parse-server
6
https://github.com/thorsten/phpmyfaq
6
https://github.com/answerdev/answer
6
https://github.com/symfony/symfony
6
https://github.com/apache/tomcat
5
https://github.com/solidusio/solidus_auth_devise
5
https://github.com/stealjs/steal
5
https://github.com/keycloak/keycloak
5
https://github.com/froxlor/froxlor
5
https://github.com/nervosnetwork/ckb
5
https://github.com/NodeBB/NodeBB
5
https://github.com/hacksparrow/safe-eval
5
https://github.com/apache/activemq
5
https://github.com/moodle/moodle
5
https://github.com/pippo-java/pippo
4
https://github.com/PrestaShop/PrestaShop
4
https://github.com/swagger-api/swagger-ui
4
https://github.com/hwchase17/langchain
4
https://github.com/cloudfoundry/uaa
4
https://github.com/usememos/memos
4
https://github.com/contao/contao
4
https://github.com/dromara/hutool
4
https://github.com/liufee/cms
4
https://github.com/janeczku/calibre-web
4
https://github.com/dompdf/dompdf
4
https://github.com/otake84/messagepack-rs
4
https://github.com/OpenTSDB/opentsdb
4
https://github.com/ezsystems/ezpublish-kernel
4
https://github.com/CVEProject/cvelist
4
https://github.com/servo/rust-smallvec
4
https://github.com/spring-projects/spring-framework
4
https://github.com/pyload/pyload
4
https://github.com/dwisiswant0/advisory
3
https://github.com/kjur/jsrsasign
3
https://github.com/LetianYuan/My-CVE-Public-References
3
https://github.com/cobbler/cobbler
3
https://github.com/centreon/centreon-archived
3
https://github.com/apache/shiro
3
https://github.com/shopware/shopware
3
https://github.com/phpmyadmin/phpmyadmin
3
https://github.com/smarty-php/smarty
3
https://github.com/opencast/opencast
3
https://github.com/modoboa/modoboa
3
https://github.com/thlorenz/browserify-shim
3
https://github.com/PHPMailer/PHPMailer
3
https://github.com/baserproject/basercms
3
https://github.com/feathersjs-ecosystem/feathers-sequelize
3
https://github.com/chakra-core/ChakraCore
3
https://github.com/dataease/dataease
3
https://github.com/simpleledger/slpjs
3
https://github.com/octobercms/october
3
https://github.com/jflyfox/jfinal_cms
3
https://github.com/ibexa/core
3
https://github.com/twisted/twisted
3
https://github.com/hazelcast/hazelcast
3
https://github.com/mbechler/marshalsec
3
https://github.com/denoland/deno
3
https://github.com/facebook/hermes
3
https://github.com/NVIDIA/NVFlare
3
https://github.com/rubygems/rubygems.org
3
https://github.com/TeamSeri0us/pocs
3
https://github.com/github/securitylab
3
https://github.com/rubygems/rubygems
3
https://github.com/crewjam/saml
3
https://github.com/facade/ignition
3
https://github.com/actix/actix-web
3
https://github.com/publify/publify
3
https://github.com/ImpressCMS/impresscms
3
https://github.com/run-llama/llama_index
3
https://github.com/jbroadway/elefant
3
https://github.com/apache/camel
3
https://github.com/strapi/strapi
3
https://github.com/dexidp/dex
3
https://github.com/rancher/rancher
3
https://github.com/star7th/showdoc
3
https://github.com/andrewhickman/id-map
3
https://github.com/pterodactyl/wings
3
https://github.com/pimcore/pimcore
3
https://github.com/craftcms/cms
3
https://github.com/nukeviet/nukeviet
3
https://github.com/ezsystems/ezplatform-kernel
3
https://github.com/neorazorx/facturascripts
3
https://github.com/jenkinsci/semantic-versioning-plugin
2
https://github.com/stanfordnlp/corenlp
2
https://github.com/ahdinosaur/set-in
2
https://github.com/HtmlUnit/htmlunit
2
https://github.com/totaljs/framework
2
https://github.com/rest-client/rest-client
2
https://github.com/TribalSystems/Zenario
2
https://github.com/apache/kylin
2
https://github.com/hashicorp/go-getter
2
https://github.com/qcubed/qcubed
2
https://github.com/SAP/cloud-pysec
2
https://github.com/nats-io/jwt
2
https://github.com/top-think/thinkphp
2
https://github.com/getgrav/grav
2
https://github.com/simpleledger/slp-validate.js
2
https://github.com/javamelody/javamelody
2
https://github.com/ADOdb/ADOdb
2
https://github.com/rochacbruno/quokka
2
https://github.com/ionicabizau/parse-url
2
https://github.com/hashicorp/vault
2
https://github.com/noear/solon
2
https://github.com/handlebars-lang/handlebars.js
2
https://github.com/netvl/acc_reader
2
https://github.com/Automattic/mongoose
2
https://github.com/jfinal/jfinal
2
https://github.com/rubyzip/rubyzip
2
https://github.com/jmrozanec/cron-utils
2
https://github.com/zoujingli/ThinkAdmin
2
https://github.com/OpenAPITools/openapi-generator
2
https://github.com/sjep/array
2
https://github.com/nodejs/llhttp
2
https://github.com/pytorch/serve
2
https://github.com/benbusby/whoogle-search
2
https://github.com/gventuri/pandas-ai
2
https://github.com/SAP/cloud-security-client-go
2
https://github.com/google/flatbuffers
2
https://github.com/OpenZeppelin/openzeppelin-contracts-upgradeable
2
https://github.com/dfinity/agent-js
2
https://github.com/jaw187/node-traceroute
2
https://github.com/WWBN/AVideo
2
https://github.com/gofiber/fiber
2
https://github.com/markevans/dragonfly
2
https://github.com/line/armeria
2
https://github.com/nilsteampassnet/TeamPass
2
https://github.com/graphite-project/graphite-web
2
https://github.com/russellhaering/gosaml2
2
https://github.com/jenkinsci/script-security-plugin
2
https://github.com/mautic/mautic
2
https://github.com/web2py/web2py
2
https://github.com/kubernetes/kubernetes
2
https://github.com/js-data/js-data
2
https://github.com/Microsoft/ChakraCore
2
https://github.com/scalyr/scalyr-agent-2
2
https://github.com/ibexa/admin-ui
2
https://github.com/Kozea/Radicale
2
https://github.com/beego/beego
2
https://github.com/MrSwitch/hello.js
2
https://github.com/evmos/evmos
2
https://github.com/moby/buildkit
2
https://github.com/OpenZeppelin/openzeppelin-contracts
2
https://github.com/puma/puma
2
https://github.com/unshiftio/url-parse
2
https://github.com/dominictarr/libnested
2
https://github.com/fluxcd/flux2
2
https://github.com/http4s/http4s
2
https://github.com/sidorares/node-mysql2
2
https://github.com/neo4j-contrib/neo4j-apoc-procedures
2
https://github.com/keystonejs/keystone
2
https://github.com/cockpit-hq/cockpit
2
https://github.com/h2database/h2database
2
https://github.com/soketi/soketi
2
https://github.com/SAP/cloud-security-services-integration-library
2
https://github.com/KnpLabs/snappy
2
https://github.com/michaelschwarz/Ajax.NET-Professional
2
https://github.com/uasoft-indonesia/badaso
2
https://github.com/apache/flume
2
https://github.com/apache/dubbo
2
https://github.com/gnzlbg/slice_deque
2
https://github.com/alextselegidis/easyappointments
2
https://github.com/apache/submarine
2
https://github.com/kujirahand/nadesiko3
2
https://github.com/apache/karaf
2
https://github.com/centreon/centreon
2
https://github.com/Codiad/Codiad
2
https://github.com/folio-org/mod-data-export-spring
2
https://github.com/TogaTech/tEnvoy
2