Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Critical Security Advisories
Loading...
Critical
Ecosystems: go
Packages: github.com/KubeOperator/kubepi
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 10 months ago
GSA_kwCzR0hTQS03NTdwLXZ4NDMtZnA5cs4AA01i
KubePi Privilege Escalation vulnerabilityEcosystems: go
Packages: github.com/KubeOperator/kubepi
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 10 months ago
Critical
Ecosystems: maven
Packages: org.openidentityplatform.openam:openam-federation-library
Source: GitHub Advisory Database
Blast Radius: 7.1
Published: 10 months ago
GSA_kwCzR0hTQS00bWg4LTl3cTYtcmp4Z84AA00j
OpenAM vulnerable to user impersonation using SAMLv1.x SSO processEcosystems: maven
Packages: org.openidentityplatform.openam:openam-federation-library
Source: GitHub Advisory Database
Blast Radius: 7.1
Published: 10 months ago
Critical
Ecosystems: maven
Packages: org.springframework.security:spring-security-config
Source: GitHub Advisory Database
Blast Radius: 43.8
Published: 10 months ago
GSA_kwCzR0hTQS0zaDZmLWc1ZjMtZ2M0d84AA0zc
Access Control Bypass in Spring SecurityEcosystems: maven
Packages: org.springframework.security:spring-security-config
Source: GitHub Advisory Database
Blast Radius: 43.8
Published: 10 months ago
Critical
Ecosystems: pypi
Packages: mlflow
Source: GitHub Advisory Database
Blast Radius: 37.1
Published: 10 months ago
GSA_kwCzR0hTQS1mbXhqLTZoOWctNnZ3M84AA0y8
MLflow Path Traversal vulnerabilityEcosystems: pypi
Packages: mlflow
Source: GitHub Advisory Database
Blast Radius: 37.1
Published: 10 months ago
Critical
Ecosystems: pypi
Packages: postgraas-server
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 10 months ago
GSA_kwCzR0hTQS12Z2htLThjanAtaGp3Ns4AA0xF
postgraas-server vulnerable to SQL injectionEcosystems: pypi
Packages: postgraas-server
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 10 months ago
Critical
Ecosystems: go
Packages: github.com/IceWhaleTech/CasaOS
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 10 months ago
GSA_kwCzR0hTQS1tNXE1LThtZnctcDJocs4AA0vD
CasaOS contains weak JWT secretsEcosystems: go
Packages: github.com/IceWhaleTech/CasaOS
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 10 months ago
Critical
Ecosystems: go
Packages: github.com/IceWhaleTech/CasaOS-Gateway
Source: GitHub Advisory Database
Blast Radius: 5.9
Published: 10 months ago
GSA_kwCzR0hTQS12amg3LTVyNngteGg2Z84AA0vC
CasaOS Gateway vulnerable to incorrect identification of source IP addressesEcosystems: go
Packages: github.com/IceWhaleTech/CasaOS-Gateway
Source: GitHub Advisory Database
Blast Radius: 5.9
Published: 10 months ago
Critical
Ecosystems: maven
Packages: org.apache.eventmesh:eventmesh-connector-rabbitmq
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 10 months ago
GSA_kwCzR0hTQS1majhmLTU2d2MtcTM2cs4AA0u5
rabbitmq-connector plugin module in Apache EventMesh platforms allows attackers to send controlled messageEcosystems: maven
Packages: org.apache.eventmesh:eventmesh-connector-rabbitmq
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 10 months ago
Critical
Ecosystems: npm
Packages: mongoose
Source: GitHub Advisory Database
Blast Radius: 59.2
Published: 10 months ago
GSA_kwCzR0hTQS05bTkzLXc4dzYtNzZoaM4AA0uj
Mongoose Prototype Pollution vulnerabilityEcosystems: npm
Packages: mongoose
Source: GitHub Advisory Database
Blast Radius: 59.2
Published: 10 months ago
Critical
Ecosystems: npm
Packages: clevertap-cordova
Source: GitHub Advisory Database
Blast Radius: 5.6
Published: 10 months ago
GSA_kwCzR0hTQS14MnBoLXFxd20tOWNjNs4AA0uL
CleverTap Cordova plugin vulnerable to Cross-site ScriptingEcosystems: npm
Packages: clevertap-cordova
Source: GitHub Advisory Database
Blast Radius: 5.6
Published: 10 months ago
Critical
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-skin-ui
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 10 months ago
GSA_kwCzR0hTQS1oNHZwLTY5cjgtZ3ZqZ84AA0t7
org.xwiki.platform:xwiki-platform-skin-ui Eval Injection vulnerabilityEcosystems: maven
Packages: org.xwiki.platform:xwiki-platform-skin-ui
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 10 months ago
Critical
Ecosystems: packagist
Packages: froxlor/froxlor
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 10 months ago
GSA_kwCzR0hTQS1jNnY1LXBmNjYteGZxOM4AA0tO
Froxlor vulnerable to Improper Encoding or Escaping of OutputEcosystems: packagist
Packages: froxlor/froxlor
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 10 months ago
Critical
Ecosystems: npm
Packages: vm2
Source: GitHub Advisory Database
Blast Radius: 46.2
Published: 10 months ago
GSA_kwCzR0hTQS1jY2hxLWZyZ3YtcmpoNc4AA0sM
vm2 Sandbox Escape vulnerabilityEcosystems: npm
Packages: vm2
Source: GitHub Advisory Database
Blast Radius: 46.2
Published: 10 months ago
Critical
Ecosystems: npm
Packages: vm2
Source: GitHub Advisory Database
Blast Radius: 46.2
Published: 10 months ago
GSA_kwCzR0hTQS1nNjQ0LTlnZngtcTRxNM4AA0sL
vm2 Sandbox Escape vulnerabilityEcosystems: npm
Packages: vm2
Source: GitHub Advisory Database
Blast Radius: 46.2
Published: 10 months ago
Critical
Ecosystems: maven
Packages: org.apache.pulsar:pulsar
Source: GitHub Advisory Database
Blast Radius: 5.8
Published: 10 months ago
GSA_kwCzR0hTQS1nOWN2LXYzdjQtM2g4cs4AA0pM
Apache Pulsar Incorrect Authorization vulnerabilityEcosystems: maven
Packages: org.apache.pulsar:pulsar
Source: GitHub Advisory Database
Blast Radius: 5.8
Published: 10 months ago
Critical
Ecosystems: maven
Packages: org.apache.rocketmq:rocketmq-namesrv
Source: GitHub Advisory Database
Blast Radius: 24.8
Published: 10 months ago
GSA_kwCzR0hTQS1ncHE4LTk2M3ctOHFjOc4AA0pS
RocketMQ NameServer component Code Injection vulnerabilityEcosystems: maven
Packages: org.apache.rocketmq:rocketmq-namesrv
Source: GitHub Advisory Database
Blast Radius: 24.8
Published: 10 months ago
Critical
Ecosystems: packagist
Packages: orchid/platform
Source: GitHub Advisory Database
Blast Radius: 22.2
Published: 10 months ago
GSA_kwCzR0hTQS1waDZnLXA3MnYtcGMzcM4AA0m1
Orchid Deserialization of Untrusted Data vulnerability leads to Remote Code ExecutionEcosystems: packagist
Packages: orchid/platform
Source: GitHub Advisory Database
Blast Radius: 22.2
Published: 10 months ago
Critical
Ecosystems: pypi
Packages: xalpha
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 10 months ago
GSA_kwCzR0hTQS1qeDNxLTVyZ2YtdnJycs4AA0kS
xalpha vulnerable to Remote Code ExecutionEcosystems: pypi
Packages: xalpha
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 10 months ago
Critical
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-rest-server, com.xpn.xwiki.platform:xwiki-rest, com.xpn.xwiki.platform:xwiki-core-rest-server
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 10 months ago
GSA_kwCzR0hTQS02eHhyLTY0OG0tZ2NoNs4AA0ic
XWiki Platform vulnerable to cross-site request forgery (CSRF) via the REST APIEcosystems: maven
Packages: org.xwiki.platform:xwiki-platform-rest-server, com.xpn.xwiki.platform:xwiki-rest, com.xpn.xwiki.platform:xwiki-core-rest-server
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 10 months ago
Critical
Ecosystems: packagist
Packages: nilsteampassnet/teampass
Source: GitHub Advisory Database
Blast Radius: 5.5
Published: 10 months ago
GSA_kwCzR0hTQS05N2htLTJtZnItMnA5N84AA0f9
TeamPass Code Injection vulnerabilityEcosystems: packagist
Packages: nilsteampassnet/teampass
Source: GitHub Advisory Database
Blast Radius: 5.5
Published: 10 months ago
Critical
Ecosystems: maven
Packages: org.apache.rocketmq:rocketmq-namesrv, org.apache.rocketmq:rocketmq-controller, org.apache.rocketmq:rocketmq-broker
Source: GitHub Advisory Database
Blast Radius: 24.8
Published: 10 months ago
GSA_kwCzR0hTQS14M2NxLThmMzItNWY2M84AA0bY
Apache RocketMQ may have remote code execution vulnerability when using update configuration functionEcosystems: maven
Packages: org.apache.rocketmq:rocketmq-namesrv, org.apache.rocketmq:rocketmq-controller, org.apache.rocketmq:rocketmq-broker
Source: GitHub Advisory Database
Blast Radius: 24.8
Published: 10 months ago
Critical
Ecosystems: maven
Packages: org.apache.inlong:manager-service, org.apache.inlong:manager-web, org.apache.inlong:manager-dao, org.apache.inlong:manager-pojo
Source: GitHub Advisory Database
Blast Radius: 14.1
Published: 10 months ago
GSA_kwCzR0hTQS03NTdwLTdocDUtcHFtcs4AA0c6
Apache InLong Insufficient Session Expiration vulnerabilityEcosystems: maven
Packages: org.apache.inlong:manager-service, org.apache.inlong:manager-web, org.apache.inlong:manager-dao, org.apache.inlong:manager-pojo
Source: GitHub Advisory Database
Blast Radius: 14.1
Published: 10 months ago
Critical
Ecosystems: maven
Packages: org.apache.inlong:manager-pojo
Source: GitHub Advisory Database
Blast Radius: 14.5
Published: 10 months ago
GSA_kwCzR0hTQS13M3dyLWdtd2YtcjMzM84AA0cy
Apache InLong has Weak Password Requirements in Apache InLongEcosystems: maven
Packages: org.apache.inlong:manager-pojo
Source: GitHub Advisory Database
Blast Radius: 14.5
Published: 10 months ago
Critical
Ecosystems: maven
Packages: org.apache.inlong:manager-web, org.apache.inlong:manager-service
Source: GitHub Advisory Database
Blast Radius: 14.1
Published: 10 months ago
GSA_kwCzR0hTQS13eDc5LXIzcTgtZnE5aM4AA0cv
Apache InLong has Files or Directories Accessible to External Parties in Apache InLongEcosystems: maven
Packages: org.apache.inlong:manager-web, org.apache.inlong:manager-service
Source: GitHub Advisory Database
Blast Radius: 14.1
Published: 10 months ago
Critical
Ecosystems: maven
Packages: org.apache.inlong:manager-web, org.apache.inlong:manager-service, org.apache.inlong:manager-dao, org.apache.inlong:manager-pojo
Source: GitHub Advisory Database
Blast Radius: 15.1
Published: 10 months ago
GSA_kwCzR0hTQS1xNXA1LXhnOTMtMmpxY84AA0cp
Apache InLong Improper Privilege Management vulnerabilityEcosystems: maven
Packages: org.apache.inlong:manager-web, org.apache.inlong:manager-service, org.apache.inlong:manager-dao, org.apache.inlong:manager-pojo
Source: GitHub Advisory Database
Blast Radius: 15.1
Published: 10 months ago
Critical
Ecosystems: maven
Packages: org.apache.streampark:streampark
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 10 months ago
GSA_kwCzR0hTQS1tNWg4LTJwanctdmczas4AA0XS
Apache StreamPark Improper Input Validation vulnerabilityEcosystems: maven
Packages: org.apache.streampark:streampark
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 10 months ago
Critical
Ecosystems: maven
Packages: org.apache.streampark:streampark-common_2.11, org.apache.streampark:streampark-common_2.12
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 10 months ago
GSA_kwCzR0hTQS02ODc0LTI4OWctZjdoN84AA0XW
Apache StreamPark Path Traversal vulnerabilityEcosystems: maven
Packages: org.apache.streampark:streampark-common_2.11, org.apache.streampark:streampark-common_2.12
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 10 months ago
Critical
Ecosystems: maven
Packages: org.apache.linkis:linkis
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 10 months ago
GSA_kwCzR0hTQS00eDVoLXhtdjQtOTl3eM4AA0Vr
Apache Linkis Authentication Bypass vulnerabilityEcosystems: maven
Packages: org.apache.linkis:linkis
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 10 months ago
Critical
Ecosystems: maven
Packages: net.sourceforge.htmlunit:htmlunit
Source: GitHub Advisory Database
Blast Radius: 39.5
Published: 10 months ago
GSA_kwCzR0hTQS0zeHJyLTdtNnAtcDd4aM4AA0VW
HtmlUnit Code Injection vulnerabilityEcosystems: maven
Packages: net.sourceforge.htmlunit:htmlunit
Source: GitHub Advisory Database
Blast Radius: 39.5
Published: 10 months ago
Critical
Ecosystems: maven
Packages: org.apache.linkis:linkis
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 10 months ago
GSA_kwCzR0hTQS1wajVqLXc3bXctdzc5N84AA0VR
Apache Linkis Zip Slip issueEcosystems: maven
Packages: org.apache.linkis:linkis
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 10 months ago
Critical
Ecosystems: maven
Packages: org.apache.linkis:linkis
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 10 months ago
GSA_kwCzR0hTQS14ODRyLWpycW0tM2hqOM4AA0VV
Apache Linkis Unrestricted File Upload vulnerabilityEcosystems: maven
Packages: org.apache.linkis:linkis
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 10 months ago
Critical
Ecosystems: maven
Packages: org.apache.kylin:kylin-server-base, org.apache.kylin:kylin-spark-project, org.apache.kylin:kylin-core-common
Source: GitHub Advisory Database
Blast Radius: 16.8
Published: 10 months ago
GSA_kwCzR0hTQS1wcHh4LW05MjYtZzU2Oc4AA0RP
Apache Kylin vulnerable to remote code executionEcosystems: maven
Packages: org.apache.kylin:kylin-server-base, org.apache.kylin:kylin-spark-project, org.apache.kylin:kylin-core-common
Source: GitHub Advisory Database
Blast Radius: 16.8
Published: 10 months ago
Critical
Ecosystems: pypi
Packages: langchain
Source: GitHub Advisory Database
Blast Radius: 41.9
Published: 10 months ago
GSA_kwCzR0hTQS01N2ZjLThxODItZ2ZwM84AA0QS
langchain vulnerable to arbitrary code executionEcosystems: pypi
Packages: langchain
Source: GitHub Advisory Database
Blast Radius: 41.9
Published: 10 months ago
Critical
Ecosystems: npm
Packages: protobufjs
Source: GitHub Advisory Database
Blast Radius: 54.7
Published: 10 months ago
GSA_kwCzR0hTQS1oNzU1LThxcDktY3E4Nc4AA0Nr
protobufjs Prototype Pollution vulnerabilityEcosystems: npm
Packages: protobufjs
Source: GitHub Advisory Database
Blast Radius: 54.7
Published: 10 months ago
Critical
Ecosystems: pypi
Packages: langchain
Source: GitHub Advisory Database
Blast Radius: 41.9
Published: 10 months ago
GSA_kwCzR0hTQS0ycW1qLTc5NjItY2pxOM4AA0Lt
langchain arbitrary code execution vulnerabilityEcosystems: pypi
Packages: langchain
Source: GitHub Advisory Database
Blast Radius: 41.9
Published: 10 months ago
Critical
Ecosystems: pypi
Packages: apache-airflow-providers-apache-hive
Source: GitHub Advisory Database
Blast Radius: 12.5
Published: 10 months ago
GSA_kwCzR0hTQS1oZzZjLXFxY20tcjc5cs4AA0Le
Apache Airflow Hive Provider Beeline remote code execution with PrincipalEcosystems: pypi
Packages: apache-airflow-providers-apache-hive
Source: GitHub Advisory Database
Blast Radius: 12.5
Published: 10 months ago
Critical
Ecosystems: maven
Packages: net.opentsdb:opentsdb
Source: GitHub Advisory Database
Blast Radius: 22.0
Published: 10 months ago
GSA_kwCzR0hTQS03NmY3LTl2NTItdjJmd84AA0Kb
Remote Code Execution for 2.4.1 and earlierEcosystems: maven
Packages: net.opentsdb:opentsdb
Source: GitHub Advisory Database
Blast Radius: 22.0
Published: 10 months ago
Critical
Ecosystems: pypi
Packages: pipreqs
Source: GitHub Advisory Database
Blast Radius: 34.0
Published: 10 months ago
GSA_kwCzR0hTQS12NGY0LTIzd2MtOTltaM4AA0KW
pipreqs vulnerable to Dependency ConfusionEcosystems: pypi
Packages: pipreqs
Source: GitHub Advisory Database
Blast Radius: 34.0
Published: 10 months ago
Critical
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-oldcore
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 10 months ago
GSA_kwCzR0hTQS04cTlxLXI5djItNjQ0bc4AA0KR
Upgrading doesn't prevent exploiting vulnerable XWiki documentsEcosystems: maven
Packages: org.xwiki.platform:xwiki-platform-oldcore
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 10 months ago
Critical
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-notifications-ui
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 10 months ago
GSA_kwCzR0hTQS05NHBmLTkyaHctMmhqY84AA0KQ
XWiki Platform vulnerable to Code injection through NotificationRSSServiceEcosystems: maven
Packages: org.xwiki.platform:xwiki-platform-notifications-ui
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 10 months ago
Critical
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-icon-ui, org.xwiki.platform:xwiki-platform-icon-default, org.xwiki.platform:xwiki-platform-icon-script
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 10 months ago
GSA_kwCzR0hTQS1mbTY4LWo3d3ctaDl4Zs4AA0KP
XWiki Platform vulnerable to Code Injection in icon themesEcosystems: maven
Packages: org.xwiki.platform:xwiki-platform-icon-ui, org.xwiki.platform:xwiki-platform-icon-default, org.xwiki.platform:xwiki-platform-icon-script
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 10 months ago
Critical
Ecosystems: maven
Packages: org.xwiki.commons:xwiki-commons-xml
Source: GitHub Advisory Database
Blast Radius: 17.2
Published: 10 months ago
GSA_kwCzR0hTQS02cHFmLWM5OXAtNzU4ds4AA0KO
org.xwiki.commons:xwiki-commons-xml's HTML sanitizer allows form elements in restrictedEcosystems: maven
Packages: org.xwiki.commons:xwiki-commons-xml
Source: GitHub Advisory Database
Blast Radius: 17.2
Published: 10 months ago
Critical
Ecosystems: npm
Packages: parse-server
Source: GitHub Advisory Database
Blast Radius: 30.2
Published: 10 months ago
GSA_kwCzR0hTQS00NjJ4LWMzanctN3ZyNs4AA0KN
Parse Server vulnerable to remote code execution via MongoDB BSON parser through prototype pollutionEcosystems: npm
Packages: parse-server
Source: GitHub Advisory Database
Blast Radius: 30.2
Published: 10 months ago
Critical
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-ckeditor-ui, org.xwiki.contrib:application-ckeditor-ui
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 10 months ago
GSA_kwCzR0hTQS03OTN3LWczMjUtaHJ3Ms4AA0KM
XWiki Platform vulnerable to persistent Cross-site Scripting through CKEditor Configuration pagesEcosystems: maven
Packages: org.xwiki.platform:xwiki-platform-ckeditor-ui, org.xwiki.contrib:application-ckeditor-ui
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 10 months ago
Critical
Ecosystems: maven
Packages: org.keycloak:keycloak-services
Source: GitHub Advisory Database
Blast Radius: 27.5
Published: 10 months ago
GSA_kwCzR0hTQS0zcDYyLTZmamgtM3A1aM4AA0KH
Keycloak vulnerable to cross-site scripting when validating URI-schemes on SAML and OIDCEcosystems: maven
Packages: org.keycloak:keycloak-services
Source: GitHub Advisory Database
Blast Radius: 27.5
Published: 10 months ago
Critical
Ecosystems: go
Packages: github.com/labring/sealos
Source: GitHub Advisory Database
Blast Radius: 13.4
Published: 10 months ago
GSA_kwCzR0hTQS03NGo4LXc3ZjktcHA2Ms4AA0KE
Improper configuration of RBAC permissions obtaining cluster control permissionsEcosystems: go
Packages: github.com/labring/sealos
Source: GitHub Advisory Database
Blast Radius: 13.4
Published: 10 months ago
Critical
Ecosystems: npm
Packages: git-commit-info
Source: GitHub Advisory Database
Blast Radius: 16.1
Published: 10 months ago
GSA_kwCzR0hTQS1oNDJqLW1ybXAtOTM2Oc4AA0GE
git-commit-info vulnerable to Command InjectionEcosystems: npm
Packages: git-commit-info
Source: GitHub Advisory Database
Blast Radius: 16.1
Published: 10 months ago
Critical
Ecosystems: maven
Packages: com.jfinal:jfinal
Source: GitHub Advisory Database
Blast Radius: 28.7
Published: 10 months ago
GSA_kwCzR0hTQS1jZ21tLWMybTktZmY3cs4AA0E5
jFinal Server-Side Template Injection vulnerabilityEcosystems: maven
Packages: com.jfinal:jfinal
Source: GitHub Advisory Database
Blast Radius: 28.7
Published: 10 months ago
Critical
Ecosystems: pypi
Packages: fief-server
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 10 months ago
GSA_kwCzR0hTQS1oajhtLTlmaGYtdjdqcM4AA0D-
fief-server Server-Side Template Injection vulnerabilityEcosystems: pypi
Packages: fief-server
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 10 months ago
Critical
Ecosystems: go
Packages: github.com/grafana/grafana
Source: GitHub Advisory Database
Blast Radius: 16.0
Published: 11 months ago
GSA_kwCzR0hTQS1tcHYzLWc4bTMtM2ZqY84AA0AQ
Grafana vulnerable to Authentication Bypass by SpoofingEcosystems: go
Packages: github.com/grafana/grafana
Source: GitHub Advisory Database
Blast Radius: 16.0
Published: 11 months ago
Critical
Ecosystems: nuget
Packages: System.Linq.Dynamic.Core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 11 months ago
GSA_kwCzR0hTQS13NjVxLWpjbXYtMjhnas4AAz_-
Dynamic Linq vulnerable to remote code executionEcosystems: nuget
Packages: System.Linq.Dynamic.Core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 11 months ago
Critical
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-appwithinminutes-ui
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 11 months ago
GSA_kwCzR0hTQS00eG03LTVxNzktM2ZjaM4AAz_y
XWiki Platform vulnerable to reflected cross-site scripting via xredirect parameter in DeleteApplication pageEcosystems: maven
Packages: org.xwiki.platform:xwiki-platform-appwithinminutes-ui
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 11 months ago
Critical
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-web-templates
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 11 months ago
GSA_kwCzR0hTQS1yOHhjLXh4aDMtcTV4M84AAz_x
XWiki Platform vulnerable to reflected cross-site scripting via back and xcontinue parameters in resubmit templateEcosystems: maven
Packages: org.xwiki.platform:xwiki-platform-web-templates
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 11 months ago
Critical
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-web-templates
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 11 months ago
GSA_kwCzR0hTQS14MjM0LW1nN3EtbThnOM4AAz_w
XWiki Platform vulnerable to reflected cross-site scripting via xredirect parameter in deletespace templateEcosystems: maven
Packages: org.xwiki.platform:xwiki-platform-web-templates
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 11 months ago
Critical
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-flamingo-skin-resources
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 11 months ago
GSA_kwCzR0hTQS1td3hqLWc3ZnctN2hjOM4AAz_v
XWiki Platform vulnerable to reflected cross-site scripting via xredirect parameter in restore templateEcosystems: maven
Packages: org.xwiki.platform:xwiki-platform-flamingo-skin-resources
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 11 months ago
Critical
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-flamingo-skin-resources
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 11 months ago
GSA_kwCzR0hTQS04MzRjLXgyOWMtZjQyY84AAz_t
XWiki Platform vulnerable to reflected cross-site scripting via xredirect parameter in delete templateEcosystems: maven
Packages: org.xwiki.platform:xwiki-platform-flamingo-skin-resources
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 11 months ago
Critical
Ecosystems: packagist
Packages: funadmin/funadmin
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 11 months ago
GSA_kwCzR0hTQS01bTNtLXE4Y3EtNzdnNM4AAz_c
fuadmin vulnerable to insecure file uploadEcosystems: packagist
Packages: funadmin/funadmin
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 11 months ago
Critical
Ecosystems: packagist
Packages: hhxsv5/laravel-s
Source: GitHub Advisory Database
Blast Radius: 21.4
Published: 11 months ago
GSA_kwCzR0hTQS1xMmZwLWp3ODctODZweM4AAz-_
laravel-s vulnerable to Local File InclusionEcosystems: packagist
Packages: hhxsv5/laravel-s
Source: GitHub Advisory Database
Blast Radius: 21.4
Published: 11 months ago
Critical
Ecosystems: packagist
Packages: webklex/laravel-imap, webklex/php-imap
Source: GitHub Advisory Database
Blast Radius: 18.2
Published: 11 months ago
GSA_kwCzR0hTQS00N3A3LXhmY2MtNHB2Oc4AAz-X
php-imap vulnerable to RCE through a directory traversal vulnerabilityEcosystems: packagist
Packages: webklex/laravel-imap, webklex/php-imap
Source: GitHub Advisory Database
Blast Radius: 18.2
Published: 11 months ago
Critical
Ecosystems: maven
Packages: org.apache.accumulo:accumulo-shell
Source: GitHub Advisory Database
Blast Radius: 13.0
Published: 11 months ago
GSA_kwCzR0hTQS1ocDV3LXcyOW0tdmc2M84AAz97
Apache Accumulo Improper Authentication vulnerabilityEcosystems: maven
Packages: org.apache.accumulo:accumulo-shell
Source: GitHub Advisory Database
Blast Radius: 13.0
Published: 11 months ago
Critical
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-flamingo-skin-resources
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 11 months ago
GSA_kwCzR0hTQS1xOWhnLTlxajItbXhmOc4AAz9u
XWiki Platform vulnerable to cross-site scripting via xcontinue parameter in previewactions templateEcosystems: maven
Packages: org.xwiki.platform:xwiki-platform-flamingo-skin-resources
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 11 months ago
Critical
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-appwithinminutes-ui
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 11 months ago
GSA_kwCzR0hTQS00d2M2LWhxdjktcWM5N84AAz9s
XWiki Platform vulnerable to stored cross-site scripting in ClassEditSheet page via name parametersEcosystems: maven
Packages: org.xwiki.platform:xwiki-platform-appwithinminutes-ui
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 11 months ago
Critical
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-like-ui
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 11 months ago
GSA_kwCzR0hTQS1yZjhqLXEzOWctN3hmbc4AAz9r
XWiki Platform vulnerable to privilege escalation (PR) from account through like LiveTableResultsEcosystems: maven
Packages: org.xwiki.platform:xwiki-platform-like-ui
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 11 months ago
Critical
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-invitation-ui
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 11 months ago
GSA_kwCzR0hTQS02bWY1LTM2djktM2gyd84AAz9p
XWiki Platform vulnerable to privilege escalation (PR) from view right via Invitation applicationEcosystems: maven
Packages: org.xwiki.platform:xwiki-platform-invitation-ui
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 11 months ago
Critical
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-mail-send-default
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 11 months ago
GSA_kwCzR0hTQS1nNzVjLWNqcjYtMzltY84AAz9m
XWiki Platform's Mail.MailConfig can be edited by any user with edit rightsEcosystems: maven
Packages: org.xwiki.platform:xwiki-platform-mail-send-default
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 11 months ago
Critical
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-web-templates, org.xwiki.platform:xwiki-platform-web
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 11 months ago
GSA_kwCzR0hTQS1mcDdoLWY5ZjUteDRxN84AAz9l
XWiki vulnerable to stored cross-site scripting via any wiki document and the displaycontent/rendercontent templateEcosystems: maven
Packages: org.xwiki.platform:xwiki-platform-web-templates, org.xwiki.platform:xwiki-platform-web
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 11 months ago
Critical
Ecosystems: packagist
Packages: feehi/cms
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 11 months ago
GSA_kwCzR0hTQS02dmYyLW1mbXItcXFxd84AAz9f
Liufee CMS File Upload vulnerabilityEcosystems: packagist
Packages: feehi/cms
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 11 months ago
Critical
Ecosystems: pypi
Packages: langchain
Source: GitHub Advisory Database
Blast Radius: 41.9
Published: 11 months ago
GSA_kwCzR0hTQS02NjQzLWg3aDUteDl3aM4AAz9W
Langchain vulnerable to arbitrary code executionEcosystems: pypi
Packages: langchain
Source: GitHub Advisory Database
Blast Radius: 41.9
Published: 11 months ago
Critical
Ecosystems: packagist
Packages: feehi/cms
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 11 months ago
GSA_kwCzR0hTQS1xM3E1LXF2aDUtY213Nc4AAz9T
liufee CMS File Upload vulnerabilityEcosystems: packagist
Packages: feehi/cms
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 11 months ago
Critical
Ecosystems: maven
Packages: org.noear:solon
Source: GitHub Advisory Database
Blast Radius: 18.7
Published: 11 months ago
GSA_kwCzR0hTQS03cThjLTQ5ZjQtNGM4cc4AAz61
Solon vulnerable to deserialization of untrusted dataEcosystems: maven
Packages: org.noear:solon
Source: GitHub Advisory Database
Blast Radius: 18.7
Published: 11 months ago
Critical
Ecosystems: packagist
Packages: getgrav/grav
Source: GitHub Advisory Database
Blast Radius: 8.7
Published: 11 months ago
GSA_kwCzR0hTQS1mOWpmLTRjcDQtNGZxNc4AAz6B
Grav Server Side Template Injection (SSTI) vulnerabilityEcosystems: packagist
Packages: getgrav/grav
Source: GitHub Advisory Database
Blast Radius: 8.7
Published: 11 months ago
Critical
Ecosystems: maven
Packages: org.jeecgframework.boot:jeecg-boot-parent
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 11 months ago
GSA_kwCzR0hTQS05MzRnLWZ2Y2MtNDgzM84AAz57
jeecg-boot SQL injection vulnerabilityEcosystems: maven
Packages: org.jeecgframework.boot:jeecg-boot-parent
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 11 months ago
Critical
Ecosystems: pypi
Packages: langchain
Source: GitHub Advisory Database
Blast Radius: 41.9
Published: 11 months ago
GSA_kwCzR0hTQS14MzJjLTU5djUtaDdmZ84AAz28
Langchain OS Command Injection vulnerabilityEcosystems: pypi
Packages: langchain
Source: GitHub Advisory Database
Blast Radius: 41.9
Published: 11 months ago
Critical
Ecosystems: maven
Packages: net.pwall.json:jsonutil
Source: GitHub Advisory Database
Blast Radius: 12.3
Published: 11 months ago
GSA_kwCzR0hTQS13MnJyLXd2aDktbTJtN84AAz2y
JSONUtil vulnerable to stack exhaustionEcosystems: maven
Packages: net.pwall.json:jsonutil
Source: GitHub Advisory Database
Blast Radius: 12.3
Published: 11 months ago
Critical
Ecosystems: maven
Packages: org.geoserver:gs-wps, org.geoserver:gs-wfs, org.geoserver:gs-wms
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 11 months ago
GSA_kwCzR0hTQS01OXg2LWc0anItNGh4Y84AAzyA
GeoServer RCE due to improper control of generation of code in jai-ext`Jiffle` map algebra languageEcosystems: maven
Packages: org.geoserver:gs-wps, org.geoserver:gs-wfs, org.geoserver:gs-wms
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 11 months ago
Critical
Ecosystems: packagist
Packages: froxlor/froxlor
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 11 months ago
GSA_kwCzR0hTQS1jaHc0LTg4eGMtNzl3Ns4AAzvv
Froxlor vulnerable to Improper Restriction of Excessive Authentication AttemptsEcosystems: packagist
Packages: froxlor/froxlor
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 11 months ago
Critical
Ecosystems: maven
Packages: com.xuxueli:xxl-rpc-core
Source: GitHub Advisory Database
Blast Radius: 21.9
Published: 11 months ago
GSA_kwCzR0hTQS1jMjlnLXEzaDMtbXdjZs4AAzvH
xxl-rpc deserialization vulnerabilityEcosystems: maven
Packages: com.xuxueli:xxl-rpc-core
Source: GitHub Advisory Database
Blast Radius: 21.9
Published: 11 months ago
Critical
Ecosystems: go
Packages: rancher/rancher
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 11 months ago
GSA_kwCzR0hTQS1wOTc2LWg1MmMtMjZwNs4AAzpQ
Rancher vulnerable to Privilege Escalation via manipulation of SecretsEcosystems: go
Packages: rancher/rancher
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 11 months ago
Critical
Ecosystems: go
Packages: github.com/txthinking/brook
Source: GitHub Advisory Database
Blast Radius: 5.8
Published: 11 months ago
GSA_kwCzR0hTQS12ZnJqLWZ2NnAtM2NwZs4AAzpG
Brook's tproxy server is vulnerable to a drive-by command injection.Ecosystems: go
Packages: github.com/txthinking/brook
Source: GitHub Advisory Database
Blast Radius: 5.8
Published: 11 months ago
Critical
Ecosystems: packagist
Packages: nilsteampassnet/teampass
Source: GitHub Advisory Database
Blast Radius: 5.5
Published: 11 months ago
GSA_kwCzR0hTQS1qMjQ1LXYybWgtNWg2Zs4AAznw
TeamPass vulnerable to stored Cross-site ScriptingEcosystems: packagist
Packages: nilsteampassnet/teampass
Source: GitHub Advisory Database
Blast Radius: 5.5
Published: 11 months ago
Critical
Ecosystems: go
Packages: github.com/moov-io/signedxml
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 11 months ago
GSA_kwCzR0hTQS1qcXZyLWoydmctZ2pyds4AAzg5
Signature validation bypass in github.com/moov-io/signedxmlEcosystems: go
Packages: github.com/moov-io/signedxml
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 11 months ago
Critical
Ecosystems: rubygems
Packages: ruby-saml
Source: GitHub Advisory Database
Blast Radius: 32.9
Published: 11 months ago
GSA_kwCzR0hTQS1yMzY0LTJwajQtcGY3Zs4AAzf1
ruby-saml vulnerable to XPath injectionEcosystems: rubygems
Packages: ruby-saml
Source: GitHub Advisory Database
Blast Radius: 32.9
Published: 11 months ago
Critical
Ecosystems: go
Packages: github.com/pomerium/pomerium
Source: GitHub Advisory Database
Blast Radius: 7.0
Published: 11 months ago
GSA_kwCzR0hTQS1wdnJjLXd2ajItZjU5cM4AAzfl
Pomerium vulnerable to Incorrect Authorization with specially crafted requestsEcosystems: go
Packages: github.com/pomerium/pomerium
Source: GitHub Advisory Database
Blast Radius: 7.0
Published: 11 months ago
Critical
Ecosystems: rubygems
Packages: camaleon_cms
Source: GitHub Advisory Database
Blast Radius: 12.5
Published: 11 months ago
GSA_kwCzR0hTQS14NDg3LTg2Nm0tcDhocs4AAze4
Server-Side Template Injection in Camaleon CMSEcosystems: rubygems
Packages: camaleon_cms
Source: GitHub Advisory Database
Blast Radius: 12.5
Published: 11 months ago
Critical
Ecosystems: pypi
Packages: toui
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 12 months ago
GSA_kwCzR0hTQS1oaDdqLXBnMzktcTU2M84AAzdO
toui allows user-specific variables to be shared between usersEcosystems: pypi
Packages: toui
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 12 months ago
Critical
Ecosystems: pypi
Packages: ckan
Source: GitHub Advisory Database
Blast Radius: 13.5
Published: 12 months ago
GSA_kwCzR0hTQS00NDZtLWhtbW0taG04bc4AAzdL
Ckan remote code execution and private information access via crafted resource idsEcosystems: pypi
Packages: ckan
Source: GitHub Advisory Database
Blast Radius: 13.5
Published: 12 months ago
Critical
Ecosystems: npm
Packages: bignum
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 12 months ago
GSA_kwCzR0hTQS03Y2djLWZqdjQtNTJ4Ns4AAzdI
Malware in pre-build binaries of bignumEcosystems: npm
Packages: bignum
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 12 months ago
Critical
Ecosystems: packagist
Packages: codeigniter4/framework
Source: GitHub Advisory Database
Blast Radius: 32.7
Published: 12 months ago
GSA_kwCzR0hTQS1tNm04LTZncTgtYzlmas4AAzbB
Remote Code Execution Vulnerability in Validation Placeholders in CodeIgniter4Ecosystems: packagist
Packages: codeigniter4/framework
Source: GitHub Advisory Database
Blast Radius: 32.7
Published: 12 months ago
Critical
Ecosystems: swift
Packages: github.com/apple/swift-nio
Source: GitHub Advisory Database
Blast Radius: 29.2
Published: 12 months ago
GSA_kwCzR0hTQS1tZ2M0LXdxdjctNHB4bc4AAzZP
SwiftNIO vulnerable to HTTP request smuggling using malformed Transfer-Encoding headerEcosystems: swift
Packages: github.com/apple/swift-nio
Source: GitHub Advisory Database
Blast Radius: 29.2
Published: 12 months ago
Critical
Ecosystems: pypi
Packages: mlflow
Source: GitHub Advisory Database
Blast Radius: 36.3
Published: 12 months ago
GSA_kwCzR0hTQS13anEzLTdqeHgtd2hqOc4AAzYV
mlflow Path Traversal vulnerabilityEcosystems: pypi
Packages: mlflow
Source: GitHub Advisory Database
Blast Radius: 36.3
Published: 12 months ago
Critical
Ecosystems: maven
Packages: com.glazedlists:glazedlists
Source: GitHub Advisory Database
Blast Radius: 14.8
Published: 12 months ago
GSA_kwCzR0hTQS1wNm02LTlqMzYtdmZqeM4AAzWx
glazedlists XML Deserialization vulnerabilityEcosystems: maven
Packages: com.glazedlists:glazedlists
Source: GitHub Advisory Database
Blast Radius: 14.8
Published: 12 months ago
Critical
Ecosystems: npm
Packages: vm2
Source: GitHub Advisory Database
Blast Radius: 46.2
Published: 12 months ago
GSA_kwCzR0hTQS13aHBqLThmM3ctNjdwNc4AAzV1
vm2 Sandbox Escape vulnerabilityEcosystems: npm
Packages: vm2
Source: GitHub Advisory Database
Blast Radius: 46.2
Published: 12 months ago
Critical
Ecosystems: maven
Packages: org.apache.sling:org.apache.sling.commons.json
Source: GitHub Advisory Database
Blast Radius: 28.6
Published: 12 months ago
GSA_kwCzR0hTQS04ajI4LTM0cXEtZ21jaM4AAzU2
Apache Sling Commons JSON bundle vulnerable to Improper Input ValidationEcosystems: maven
Packages: org.apache.sling:org.apache.sling.commons.json
Source: GitHub Advisory Database
Blast Radius: 28.6
Published: 12 months ago
Critical
Ecosystems: packagist
Packages: lavalite/cms
Source: GitHub Advisory Database
Blast Radius: 5.9
Published: 12 months ago
GSA_kwCzR0hTQS02dmNmLWNmanAtcXhjd84AAzTg
LavaLite vulnerable to web cache poisoningEcosystems: packagist
Packages: lavalite/cms
Source: GitHub Advisory Database
Blast Radius: 5.9
Published: 12 months ago
Critical
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-annotation-core, org.xwiki.rendering:xwiki-rendering-syntax-annotatedhtml5, org.xwiki.rendering:xwiki-rendering-syntax-annotatedxhtml, org.xwiki.rendering:xwiki-rendering-syntax-html5, org.xwiki.rendering:xwiki-rendering-syntax-html, org.xwiki.platform:xwiki-core-rendering-api, org.xwiki.rendering:xwiki-rendering-syntax-xhtml
Source: GitHub Advisory Database
Blast Radius: 18.6
Published: 12 months ago
GSA_kwCzR0hTQS02Z2Y1LWM4OTgtN3J4cM4AAzSf
Improper Neutralization of Script in Attributes in XWiki (X)HTML renderersEcosystems: maven
Packages: org.xwiki.platform:xwiki-platform-annotation-core, org.xwiki.rendering:xwiki-rendering-syntax-annotatedhtml5, org.xwiki.rendering:xwiki-rendering-syntax-annotatedxhtml, org.xwiki.rendering:xwiki-rendering-syntax-html5, org.xwiki.rendering:xwiki-rendering-syntax-html, org.xwiki.platform:xwiki-core-rendering-api, org.xwiki.rendering:xwiki-rendering-syntax-xhtml
Source: GitHub Advisory Database
Blast Radius: 18.6
Published: 12 months ago
Critical
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-test-ui
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 12 months ago
GSA_kwCzR0hTQS0zNmZtLWozM3ctYzI1Zs4AAzSe
Privilege escalation (PR)/RCE from account through class sheetEcosystems: maven
Packages: org.xwiki.platform:xwiki-platform-test-ui
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 12 months ago
Critical
Ecosystems: go
Packages: github.com/pterodactyl/wings
Source: GitHub Advisory Database
Blast Radius: 2.7
Published: 12 months ago
GSA_kwCzR0hTQS1wNzQ0LTRxNnAtaHZjMs4AAzSb
Wings vulnerable to escape to host from installation containerEcosystems: go
Packages: github.com/pterodactyl/wings
Source: GitHub Advisory Database
Blast Radius: 2.7
Published: 12 months ago
Critical
Ecosystems: maven
Packages: org.xwiki.commons:xwiki-commons-xml
Source: GitHub Advisory Database
Blast Radius: 17.2
Published: 12 months ago
GSA_kwCzR0hTQS1wdjd2LXBoNmctM2d4ds4AAzM5
Improper Neutralization of Invalid Characters in Data Attribute Names in org.xwiki.commons:xwiki-commons-xmlEcosystems: maven
Packages: org.xwiki.commons:xwiki-commons-xml
Source: GitHub Advisory Database
Blast Radius: 17.2
Published: 12 months ago
Critical
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-distribution-war
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 12 months ago
GSA_kwCzR0hTQS1qOWg1LXZjZ3YtMmpmbc4AAzL4
XWiki Platform vulnerable to RXSS via editor parameter - importinline templateEcosystems: maven
Packages: org.xwiki.platform:xwiki-platform-distribution-war
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 12 months ago
Critical
Ecosystems: npm
Packages: jsreport
Source: GitHub Advisory Database
Blast Radius: 20.8
Published: 12 months ago
GSA_kwCzR0hTQS1nN3JqLXE3MjItMjQ1Z84AAzH0
jsreport vulnerable to code injectionEcosystems: npm
Packages: jsreport
Source: GitHub Advisory Database
Blast Radius: 20.8
Published: 12 months ago
Statistics
Advisories: 18,337
Packages: 8,283
Repositories: 1,289
Ecosystems: 12
Packages: 8,283
Repositories: 1,289
Ecosystems: 12
Filter by Severity
Filter by Ecosystem
Filter by Package
magento/community-edition
27
com.fasterxml.jackson.core:jackson-databind
24
dolibarr/dolibarr
23
net.mingsoft:ms-mcms
18
org.jenkins-ci.main:jenkins-core
18
salt
16
moodle/moodle
15
com.liferay.portal:release.portal.bom
13
langchain
12
drupal/core
12
com.liferay.portal:release.dxp.bom
12
org.apache.dubbo:dubbo
12
topthink/framework
12
mlflow
12
magento/core
11
org.apache.struts:struts2-core
11
apache-airflow
10
vm2
10
tensorflow
9
org.xwiki.platform:xwiki-platform-oldcore
9
phpmyadmin/phpmyadmin
9
funadmin/funadmin
9
tensorflow-gpu
8
tensorflow-cpu
8
drupal/drupal
8
org.jeecgframework.boot:jeecg-boot-common
8
shopware/platform
8
rdiffweb
8
paddlepaddle
8
org.xwiki.platform:xwiki-platform-web-templates
8
froxlor/froxlor
7
rusqlite
7
org.xwiki.platform:xwiki-platform-administration-ui
7
ansible
7
sequelize
7
symfony/symfony
7
gogs.io/gogs
7
studio-42/elfinder
7
github.com/argoproj/argo-cd
6
thorsten/phpmyfaq
6
github.com/answerdev/answer
6
ezsystems/ezpublish-kernel
6
aaptjs
6
parse-server
6
centreon/centreon
5
org.apache.shiro:shiro-core
5
org.xwiki.platform:xwiki-platform-web
5
org.apache.tomcat.embed:tomcat-embed-core
5
nodebb
5
ckb
5
org.jeecgframework.boot:jeecg-boot-parent
5
steal
5
org.jenkins-ci.plugins:script-security
5
org.apache.activemq:activemq-client
5
org.xwiki.commons:xwiki-commons-xml
5
zendframework/zendframework
5
Microsoft.ChakraCore
5
shopware/core
5
org.apache.inlong:manager-pojo
5
mercurial
5
django
5
Pillow
5
safe-eval
5
smallvec
4
org.cloudfoundry.identity:cloudfoundry-identity-server
4
pyload-ng
4
contao/contao
4
spree_auth_devise
4
org.xwiki.platform:xwiki-platform-flamingo-skin-resources
4
librenms/librenms
4
contao/core-bundle
4
org.apache.inlong:manager-service
4
hermes-engine
4
org.apache.tapestry:tapestry-core
4
org.eclipse.jetty:jetty-server
4
org.apache.openmeetings:openmeetings-parent
4
PaddlePaddle
4
org.apache.kylin:kylin-server-base
4
code.gitea.io/gitea
4
safer-eval
4
mautic/core
4
swagger-ui
4
calibreweb
4
realms-shim
4
nukeviet/nukeviet
4
Django
4
github.com/hashicorp/vault
4
org.xwiki.platform:xwiki-platform-appwithinminutes-ui
4
prestashop/prestashop
4
github.com/usememos/memos
4
net.opentsdb:opentsdb
4
messagepack-rs
4
openssl-src
4
github.com/argoproj/argo-cd/v2
4
apache-airflow-providers-apache-hive
4
feehi/cms
4
baserproject/basercms
4
nilsteampassnet/teampass
4
org.jeecgframework.boot:jeecg-boot-base-core
4
rubygems-update
3
org.apache.any23:apache-any23
3
org.apache.linkis:linkis
3
github.com/hashicorp/nomad
3
nokogiri
3
@openzeppelin/contracts-upgradeable
3
github.com/dexidp/dex
3
feathers-sequelize
3
org.springframework.security:spring-security-core
3
jsrsasign
3
pimcore/pimcore
3
codeigniter4/framework
3
nvflare
3
zendframework/zendframework1
3
io.dataease:dataease-plugin-common
3
smarty/smarty
3
org.apache.ignite:ignite-core
3
cobbler
3
mongoose
3
github.com/rancher/rancher
3
com.hazelcast:hazelcast
3
edu.stanford.nlp:stanford-corenlp
3
org.jenkins-ci.plugins:active-directory
3
org.apache.logging.log4j:log4j-core
3
org.apache.hadoop:hadoop-common
3
org.apache.inlong:manager-web
3
org.apache.jmeter:ApacheJMeter
3
org.keycloak:keycloak-core
3
craftcms/cms
3
org.xwiki.platform:xwiki-platform-icon-ui
3
io.undertow:undertow-core
3
modoboa
3
ro.pippo:pippo-core
3
com.jflyfox:jflyfox_jfinal
3
showdoc/showdoc
3
symfony/security
3
symfony/security-core
3
com.alibaba:dubbo
3
github.com/pterodactyl/wings
3
publify_core
3
id-map
3
actix-web
3
log4j:log4j
3
slpjs
3
elefant/cms
3
org.apache.ozone:ozone-main
3
codiad/codiad
3
org.xwiki.platform:xwiki-platform-panels-ui
3
phpmailer/phpmailer
3
tribalsystems/zenario
3
org.apache.dolphinscheduler:dolphinscheduler
3
slp-validate
3
francoisjacquet/rosariosis
3
typo3/cms
3
org.xwiki.platform:xwiki-platform-flamingo-theme-ui
3
ray
3
strapi
3
facade/ignition
3
ezsystems/ezplatform-kernel
3
org.jenkins-ci.plugins.workflow:workflow-cps
3
org.xwiki.platform:xwiki-platform-search-ui
3
github.com/go-gitea/gitea
3
handlebars
3
org.apache.storm:storm
3
org.apache.solr:solr-parent
3
browserify-shim
3
impresscms/impresscms
3
org.richfaces:richfaces-core
3
dompdf/dompdf
3
ibexa/core
3
lmdb
3
org.apache.solr:solr-core
3
org.zenframework.z8.dependencies.commons:log4j-1.2.17
3
xcb
3
org.jeecgframework.boot:jeecg-boot-base
3
github.com/sap/cloud-security-client-go
2
org.apache.shiro:shiro-web
2
apache-superset
2
nadesiko3
2
tenvoy
2
org.apache.inlong:manager-dao
2
ghost
2
github.com/crewjam/saml
2
org.springframework.amqp:spring-amqp
2
alextselegidis/easyappointments
2
mathjs
2
org.apache.flume.flume-ng-sources:flume-jms-source
2
llama-index
2
eslint-config-eslint
2
github.com/russellhaering/gosaml2
2
locutus
2
org.apache.derby:derby
2
org.apache.commons:commons-configuration2
2
@sequelize/core
2
graphite-web
2
torchserve
2
traceroute
2
com.hazelcast.jet:hazelcast-jet
2
org.xwiki.platform:xwiki-platform-attachment-ui
2
pidusage
2
llhttp
2
Filter by Repository
https://github.com/xwiki/xwiki-platform
81
https://github.com/FasterXML/jackson-databind
24
https://github.com/jenkinsci/jenkins
17
https://github.com/Dolibarr/dolibarr
15
https://github.com/saltstack/salt
14
https://github.com/apache/airflow
14
https://github.com/mlflow/mlflow
11
https://github.com/PaddlePaddle/Paddle
11
https://github.com/ming-soft/MCMS
10
https://github.com/patriksimek/vm2
10
https://github.com/jeecgboot/jeecg-boot
9
https://github.com/funadmin/funadmin
9
https://github.com/tensorflow/tensorflow
9
https://github.com/apache/inlong
8
https://github.com/top-think/framework
8
https://github.com/django/django
8
https://github.com/magento/magento2
8
https://github.com/ikus060/rdiffweb
8
https://github.com/langchain-ai/langchain
8
https://github.com/ansible/ansible
7
https://github.com/gogs/gogs
7
https://github.com/apache/struts
7
https://github.com/Studio-42/elFinder
7
https://github.com/argoproj/argo-cd
7
https://github.com/rusqlite/rusqlite
7
https://github.com/python-pillow/Pillow
7
https://github.com/sequelize/sequelize
7
https://github.com/go-gitea/gitea
7
https://github.com/parse-community/parse-server
6
https://github.com/answerdev/answer
6
https://github.com/thorsten/phpmyfaq
6
https://github.com/xwiki/xwiki-commons
6
https://github.com/shenzhim/aaptjs
6
https://github.com/shopware/platform
6
https://github.com/symfony/symfony
6
https://github.com/apache/tomcat
5
https://github.com/stealjs/steal
5
https://github.com/apache/activemq
5
https://github.com/nervosnetwork/ckb
5
https://github.com/NodeBB/NodeBB
5
https://github.com/moodle/moodle
5
https://github.com/hacksparrow/safe-eval
5
https://github.com/froxlor/froxlor
5
https://github.com/solidusio/solidus_auth_devise
5
https://github.com/keycloak/keycloak
5
https://github.com/dromara/hutool
4
https://github.com/dompdf/dompdf
4
https://github.com/ezsystems/ezpublish-kernel
4
https://github.com/pippo-java/pippo
4
https://github.com/janeczku/calibre-web
4
https://github.com/otake84/messagepack-rs
4
https://github.com/swagger-api/swagger-ui
4
https://github.com/contao/contao
4
https://github.com/OpenTSDB/opentsdb
4
https://github.com/PrestaShop/PrestaShop
4
https://github.com/CVEProject/cvelist
4
https://github.com/usememos/memos
4
https://github.com/liufee/cms
4
https://github.com/pyload/pyload
4
https://github.com/spring-projects/spring-framework
4
https://github.com/hwchase17/langchain
4
https://github.com/servo/rust-smallvec
4
https://github.com/cloudfoundry/uaa
4
https://github.com/neorazorx/facturascripts
3
https://github.com/github/securitylab
3
https://github.com/dexidp/dex
3
https://github.com/apache/shiro
3
https://github.com/feathersjs-ecosystem/feathers-sequelize
3
https://github.com/baserproject/basercms
3
https://github.com/pterodactyl/wings
3
https://github.com/simpleledger/slpjs
3
https://github.com/phpmyadmin/phpmyadmin
3
https://github.com/smarty-php/smarty
3
https://github.com/cobbler/cobbler
3
https://github.com/opencast/opencast
3
https://github.com/thlorenz/browserify-shim
3
https://github.com/facade/ignition
3
https://github.com/TeamSeri0us/pocs
3
https://github.com/rubygems/rubygems.org
3
https://github.com/facebook/hermes
3
https://github.com/mbechler/marshalsec
3
https://github.com/hazelcast/hazelcast
3
https://github.com/jflyfox/jfinal_cms
3
https://github.com/pimcore/pimcore
3
https://github.com/star7th/showdoc
3
https://github.com/rancher/rancher
3
https://github.com/ImpressCMS/impresscms
3
https://github.com/publify/publify
3
https://github.com/dwisiswant0/advisory
3
https://github.com/centreon/centreon-archived
3
https://github.com/shopware/shopware
3
https://github.com/LetianYuan/My-CVE-Public-References
3
https://github.com/kjur/jsrsasign
3
https://github.com/chakra-core/ChakraCore
3
https://github.com/dataease/dataease
3
https://github.com/run-llama/llama_index
3
https://github.com/jbroadway/elefant
3
https://github.com/strapi/strapi
3
https://github.com/apache/camel
3
https://github.com/octobercms/october
3
https://github.com/ibexa/core
3
https://github.com/denoland/deno
3
https://github.com/NVIDIA/NVFlare
3
https://github.com/crewjam/saml
3
https://github.com/modoboa/modoboa
3
https://github.com/actix/actix-web
3
https://github.com/PHPMailer/PHPMailer
3
https://github.com/ezsystems/ezplatform-kernel
3
https://github.com/rubygems/rubygems
3
https://github.com/nukeviet/nukeviet
3
https://github.com/twisted/twisted
3
https://github.com/craftcms/cms
3
https://github.com/andrewhickman/id-map
3
https://github.com/pytorch/serve
2
https://github.com/sidorares/node-mysql2
2
https://github.com/javamelody/javamelody
2
https://github.com/Netflix/security-bulletins
2
https://github.com/neo4j-contrib/neo4j-apoc-procedures
2
https://github.com/kubernetes/kubernetes
2
https://github.com/simpleledger/slp-validate.js
2
https://github.com/nodejs/llhttp
2
https://github.com/sjep/array
2
https://github.com/apache/submarine
2
https://github.com/OpenAPITools/openapi-generator
2
https://github.com/drupal/core
2
https://github.com/folio-org/mod-data-export-spring
2
https://github.com/apache/jmeter
2
https://github.com/google/flatbuffers
2
https://github.com/scalyr/scalyr-agent-2
2
https://github.com/IceWhaleTech/CasaOS
2
https://github.com/SAP/cloud-security-client-go
2
https://github.com/intelliants/subrion
2
https://github.com/benbusby/whoogle-search
2
https://github.com/laurent22/joplin
2
https://github.com/js-data/js-data
2
https://github.com/graphite-project/graphite-web
2
https://github.com/quarkusio/quarkus
2
https://github.com/gventuri/pandas-ai
2
https://github.com/dominictarr/event-stream
2
https://github.com/rochacbruno/quokka
2
https://github.com/Microsoft/ChakraCore
2
https://github.com/KnpLabs/snappy
2
https://github.com/gnzlbg/slice_deque
2
https://github.com/ADOdb/ADOdb
2
https://github.com/keystonejs/keystone
2
https://github.com/jfinal/jfinal
2
https://github.com/TribalSystems/Zenario
2
https://github.com/cockpit-hq/cockpit
2
https://github.com/stanfordnlp/corenlp
2
https://github.com/codeigniter4/CodeIgniter4
2
https://github.com/Automattic/mongoose
2
https://github.com/rest-client/rest-client
2
https://github.com/netvl/acc_reader
2
https://github.com/michaelschwarz/Ajax.NET-Professional
2
https://github.com/h2database/h2database
2
https://github.com/handlebars-lang/handlebars.js
2
https://github.com/jenkinsci/semantic-versioning-plugin
2
https://github.com/HtmlUnit/htmlunit
2
https://github.com/hashicorp/vault
2
https://github.com/totaljs/framework
2
https://github.com/noear/solon
2
https://github.com/top-think/thinkphp
2
https://github.com/getgrav/grav
2
https://github.com/web2py/web2py
2
https://github.com/SAP/cloud-pysec
2
https://github.com/nats-io/jwt
2
https://github.com/zoujingli/ThinkAdmin
2
https://github.com/jenkinsci/script-security-plugin
2
https://github.com/qcubed/qcubed
2
https://github.com/nystudio107/craft-seomatic
2
https://github.com/mautic/mautic
2
https://github.com/russellhaering/gosaml2
2
https://github.com/jmrozanec/cron-utils
2
https://github.com/hashicorp/go-getter
2
https://github.com/rubyzip/rubyzip
2
https://github.com/apache/kylin
2
https://github.com/ahdinosaur/set-in
2
https://github.com/waycrate/swhkd
2
https://github.com/ionicabizau/parse-url
2
https://github.com/reem/rust-traitobject
2
https://github.com/actix/actix-net
2
https://github.com/Agoric/realms-shim
2
https://github.com/gofiber/fiber
2
https://github.com/apache/incubator-streampark
2
https://github.com/git-lfs/git-lfs
2
https://github.com/puma/puma
2
https://github.com/skoranga/node-dns-sync
2
https://github.com/nilsteampassnet/teampass
2
https://github.com/evmos/evmos
2
https://github.com/rust-random/rand
2
https://github.com/MrSwitch/hello.js
2
https://github.com/OpenMage/magento-lts
2
https://github.com/ezsystems/ezplatform-admin-ui
2
https://github.com/xwiki/xwiki-rendering
2
https://github.com/grafana/grafana
2
https://github.com/Gerapy/Gerapy
2
https://github.com/Codiad/Codiad
2
https://github.com/moby/buildkit
2
https://github.com/soketi/soketi
2