Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Critical Security Advisories

Loading...
Critical
GSA_kwCzR0hTQS1oOHA4LTYzNzgtNjQ5cM4AAxJ1
XML external entity reference vulnerability on agents in Jenkins Semantic Versioning Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:semantic-versioning-plugin
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS0zcHByLTcyeDUteDY3cc4AAxKF
XML external entity vulnerability on agents in Jenkins MSTest Plugin
Ecosystems: maven
Packages: org.jvnet.hudson.plugins:mstest
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS05OTYzLWdtaDgtdnZtNs4AAxJN
Session fixation vulnerability in Jenkins Keycloak Authentication Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:keycloak
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS1wY2MyLXc2bTgteDV3NM4AAxJ6
Agent-to-controller security bypass in Jenkins Semantic Versioning Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:semantic-versioning-plugin
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS1nNW1qLWMyNmctdm1wbc4AAxJx
XML Entity Expansion in Jenkins TestComplete support Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:TestComplete
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS1xOWhyLWo0cmYtOGZqY84AAxJD
JWT audience claim is not verified
Ecosystems: go
Packages: github.com/argoproj/argo-cd
Source: GitHub Advisory Database
Blast Radius: 13.6
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS1qcWg2LTk1NzQtNXgyMs4AAxIl
MITM based Zip Slip in `ca.uhn.hapi.fhir:org.hl7.fhir.core`
Ecosystems: maven
Packages: ca.uhn.hapi.fhir:org.hl7.fhir.validation, ca.uhn.hapi.fhir:org.hl7.fhir.utilities, ca.uhn.hapi.fhir:org.hl7.fhir.r5, ca.uhn.hapi.fhir:org.hl7.fhir.r4b, ca.uhn.hapi.fhir:org.hl7.fhir.convertors, ca.uhn.hapi.fhir:org.hl7.fhir.core
Source: GitHub Advisory Database
Blast Radius: 17.3
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS14cjh4LXB4bTYtcHJqZ84AAxIj
MITM based Zip Slip in `org.hl7.fhir.publisher:org.hl7.fhir.publisher`
Ecosystems: maven
Packages: org.hl7.fhir.publisher:org.hl7.fhir.publisher
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS02am14LXB2Nzctd201d84AAxHU
Excessive Attack Surface in pyload-ng
Ecosystems: pypi
Packages: pyload-ng
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS1jNzMyLXh2djgtZzk0Y84AAxHL
Command Injection in Apache Airflow and Apache Airflow MySQL Provider
Ecosystems: pypi
Packages: apache-airflow-providers-mysql, apache-airflow
Source: GitHub Advisory Database
Blast Radius: 31.3
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS14NzN3LWc4aHgtdjdycM4AAxGk
Code injection in electerm
Ecosystems: npm
Packages: electerm
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS04cjVqLTIyajUtdzRjbc4AAxF5
XpressEngine vulnerable to Unrestricted Upload of File with Dangerous Type
Ecosystems: packagist
Packages: xpressengine/xpressengine
Source: GitHub Advisory Database
Blast Radius: 9.8
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS02ZzhxLXFmcHYtNTd3cM4AAxFy
CakePHP Database\\Query::offset() and limit() methods are vulnerable to SQL injection
Ecosystems: packagist
Packages: cakephp/database, cakephp/cakephp
Source: GitHub Advisory Database
Blast Radius: 36.7
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS02dzg5LWM2NXctangyY84AAxE2
Jeecg-boot is vulnerable to SQL injection
Ecosystems: maven
Packages: org.jeecgframework.boot:jeecg-module-system, org.jeecgframework.boot:jeecg-boot-base-core
Source: GitHub Advisory Database
Blast Radius: 23.2
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS05M2N3LWY1amoteDg1d84AAxBk
Shopware vulnerable to Improper Control of Generation of Code in Twig rendered views
Ecosystems: packagist
Packages: shopware/core, shopware/platform
Source: GitHub Advisory Database
Blast Radius: 24.2
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS04aGNmLTJtNHYtZjJycc4AAw_o
SQL Injection in liftkit/database
Ecosystems: packagist
Packages: liftkit/database
Source: GitHub Advisory Database
Blast Radius: 7.6
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS04NWdmLXdyNjctZjgzd84AAw_f
curupira is vulnerable to SQL injection
Ecosystems: rubygems
Packages: curupira
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS1nOTJyLTlyeHctY21neM4AAw_S
phpMyFAQ Improper Authentication vulnerability
Ecosystems: packagist
Packages: thorsten/phpmyfaq
Source: GitHub Advisory Database
Blast Radius: 5.9
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS1yYzQyLWpnaGYtdnI4Zs4AAw-0
Integer overflow in publify_core
Ecosystems: rubygems
Packages: publify_core
Source: GitHub Advisory Database
Blast Radius: 8.9
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS1xM3JtLWY1MjctZ2h4as4AAw-1
Publify Improper Input Validation vulnerability
Ecosystems: rubygems
Packages: publify_core
Source: GitHub Advisory Database
Blast Radius: 8.9
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS1wZjM4LTVwMjIteDZoNs4AAw-v
Code Injection in pyload-ng
Ecosystems: pypi
Packages: pyload-ng
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS1tNTg5LW12NHEtcDdyas4AAw-I
webbrowser-rs allows attackers to access arbitrary files via supplying a crafted URL
Ecosystems: cargo
Packages: webbrowser
Source: GitHub Advisory Database
Blast Radius: 33.8
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS12dmozLTg1dmYtZmdtd84AAw93
global-modules-path Command Injection vulnerability
Ecosystems: npm
Packages: global-modules-path
Source: GitHub Advisory Database
Blast Radius: 46.5
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS00cjJmLTZmbTktMnFnaM4AAw1-
Ecto lacks a protection mechanism
Ecosystems: hex
Packages: ecto
Source: GitHub Advisory Database
Blast Radius: 40.1
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS14ajl2LTZxMmYtdnFoeM4AAw0A
wifey vulnerable to Command Injection due to improper input sanitization
Ecosystems: npm
Packages: wifey
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS1tamd3LWYyYzQtZjhxas4AAwzj
WebPA SQL Injection vulnerability
Ecosystems: packagist
Packages: webpa/webpa
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS13dzQzLW1jdmgtMzVwNM4AAwzd
PaginationServiceProvider SQL Injection vulnerability
Ecosystems: packagist
Packages: ttskch/pagination-service-provider
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS0zaGM3LTJ4Y2MtN3A4Zs4AAwzZ
Squalor SQL Injection vulnerability
Ecosystems: go
Packages: github.com/square/squalor
Source: GitHub Advisory Database
Blast Radius: 4.7
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS1nN213LTlwZjktcDJwbc4AAwzR
gosqljson SQL Injection vulnerability
Ecosystems: go
Packages: github.com/elgs/gosqljson
Source: GitHub Advisory Database
Blast Radius: 8.3
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS13dnIyLXE4Nm0tNndocM4AAwzO
Baobab vulnerable to Prototype Pollution
Ecosystems: npm
Packages: baobab
Source: GitHub Advisory Database
Blast Radius: 22.5
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS1yaDNtLXByMzYteGgyZs4AAwzQ
kelvinmo simplexrd vulnerable to Improper Restriction of XML External Entity Reference
Ecosystems: packagist
Packages: kelvinmo/simplexrd
Source: GitHub Advisory Database
Blast Radius: 7.6
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS1qanZwLXdmcDgtcnY2Oc4AAwyg
globalpom-utils has Insecure Temporary File
Ecosystems: maven
Packages: com.anrisoftware.globalpom:globalpomutils
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS03bWc1LXJ3MzktcTY3Zs4AAwyN
himiklab yii2-jqgrid-widget vulnerable to SQL Injection
Ecosystems: packagist
Packages: himiklab/yii2-jqgrid-widget
Source: GitHub Advisory Database
Blast Radius: 11.2
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS12amhmLTh2cXgtdnFwcc4AAwyJ
KubePi allows malicious actor to login with a forged JWT token via Hardcoded Jwtsigkeys
Ecosystems: go
Packages: github.com/KubeOperator/kubepi
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS02bWpwLTJybTYtOWc4Nc4AAwyI
XWiki CKEditor.HTMLConverter vulnerable to Remote Code Execution via Cross-Site Request Forgery
Ecosystems: maven
Packages: org.xwiki.contrib:application-ckeditor-ui
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS02OGh2LTg5MjYtajM0Y84AAwyF
DBRisinajumi d2files SQL Injection vulnerability
Ecosystems: packagist
Packages: dbrisinajumi/d2files
Source: GitHub Advisory Database
Blast Radius: 8.9
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS04cGg4LTlxMmotYzNycc4AAwx-
nodebatis SQL Injection vulnerability
Ecosystems: npm
Packages: nodebatis
Source: GitHub Advisory Database
Blast Radius: 3.0
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS03N2NjLXczd20tNndocM4AAwyB
dssp vulnerable to Improper Restriction of XML External Entity Reference
Ecosystems: maven
Packages: be.e_contract.dssp:dssp-client
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS1mMjU5LWg2bTgtaG04bc4AAwx2
exec-local-bin vulnerable to Command Injection
Ecosystems: npm
Packages: exec-local-bin
Source: GitHub Advisory Database
Blast Radius: 5.9
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS13Zzk5LTV2cngtajJnZ84AAwwt
bonita-connector-webservice XML External Entity vulnerability
Ecosystems: maven
Packages: org.bonitasoft.connectors:bonita-connector-webservice
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS1nNHI4LTI4ZnAtZjI1Nc4AAwwx
aXMLRPC XML External Entity vulnerability
Ecosystems: maven
Packages: fr.turri:aXMLRPC
Source: GitHub Advisory Database
Blast Radius: 14.6
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS0zeGg1LThodnEtcmM4eM4AAwvm
Apache DolphinScheduler vulnerable to Improper Input Validation
Ecosystems: maven
Packages: org.apache.dolphinscheduler:dolphinscheduler
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS1mcHJyLXJybTgtNDUzNM4AAwuU
Apache Dubbo vulnerable to remote code execution via Telnet Handler
Ecosystems: maven
Packages: org.apache.dubbo:dubbo-parent
Source: GitHub Advisory Database
Blast Radius: 4.7
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS1jcDJwLTZ4aDQtam1jcM4AAws8
nterchange Code Injection vulnerability
Ecosystems: packagist
Packages: nonfiction/nterchange
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS1mcjU0LTcyd3ItY3F2cc4AAwri
express-param vulnerable to Improper Handling of Extra Parameters
Ecosystems: npm
Packages: express-param
Source: GitHub Advisory Database
Blast Radius: 9.8
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS1xcjk3LXY4N3AteDk2Nc4AAwrf
Ariadne Component Library vulnerable to Server-Side Request Forgery
Ecosystems: packagist
Packages: arc/web
Source: GitHub Advisory Database
Blast Radius: 9.8
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS04dzVxLTVmcHEtdjRwbc4AAwrb
usememos/memos Cross-site Scripting vulnerability
Ecosystems: go
Packages: github.com/usememos/memos
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS14OXA5LXYzeDYtNjhtcc4AAwra
usememos/memos vulnerable to Cross-site Scripting
Ecosystems: go
Packages: github.com/usememos/memos
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS1ndmZqLWZ4eDMtajMyM84AAwrY
mellium.im/sasl authentication failure due to insufficient nonce randomness
Ecosystems: go
Packages: mellium.im/sasl
Source: GitHub Advisory Database
Blast Radius: 30.8
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS1qNjlmLWZnaDUtZjdtY84AAwqU
iText RUPS XML External Entity vulnerability
Ecosystems: maven
Packages: com.itextpdf:itext-rups
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS13OXJ2LXhtZjcteDNnaM4AAwqa
Apache Kylin vulnerable to Command injection by Diagnosis Controller
Ecosystems: maven
Packages: org.apache.kylin:kylin-server-base
Source: GitHub Advisory Database
Blast Radius: 16.8
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS1mNWM1LWhtdzktdjhoeM4AAwoX
Unzip vulnerable to path traversal
Ecosystems: go
Packages: github.com/yi-ge/unzip
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS1qcGdnLWNwMngtcXJ3M84AAwoP
ecnepsnai/web vulnerable to Uncontrolled Resource Consumption
Ecosystems: go
Packages: github.com/ecnepsnai/web
Source: GitHub Advisory Database
Blast Radius: 3.0
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS1qY3I2LW1tamotcGNod84AAwoZ
gorilla/handlers may allow requester to bypass expected behavior of the Same Origin Policy
Ecosystems: go
Packages: github.com/gorilla/handlers
Source: GitHub Advisory Database
Blast Radius: 44.0
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS0zMnFoLTh2ZzYtOWc0M84AAwop
Cloud Foundry Archiver vulnerable to path traversal
Ecosystems: go
Packages: code.cloudfoundry.org/archiver, github.com/cloudfoundry/archiver
Source: GitHub Advisory Database
Blast Radius: 13.6
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS0zODM5LTZyNjktbTQ5N84AAwoN
GoUtils's randomly-generated alphanumeric strings contain significantly less entropy than expected
Ecosystems: go
Packages: github.com/Masterminds/goutils
Source: GitHub Advisory Database
Blast Radius: 39.0
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS1qcGY4LWg3aDctM3Bwbc4AAwoR
tar-utils Path Traversal vulnerability
Ecosystems: go
Packages: github.com/whyrusleeping/tar-utils
Source: GitHub Advisory Database
Blast Radius: 25.4
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS00d3AyLThybTItamdtaM4AAwoa
LZ4 vulnerable to Out-of-bounds Write
Ecosystems: go
Packages: github.com/cloudflare/golz4
Source: GitHub Advisory Database
Blast Radius: 37.1
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS1ybWo5LXE1OGctOXFnZ84AAwoW
go-unzip vulnerable to Path Traversal
Ecosystems: go
Packages: github.com/artdarek/go-unzip
Source: GitHub Advisory Database
Blast Radius: 16.0
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS1ocm0zLTN4bTYteDMzaM4AAwoO
golang-nanoauth authentication bypass vulnerability
Ecosystems: go
Packages: github.com/nanobox-io/golang-nanoauth
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS1tOHI5LXF4eDgtbXJ4cM4AAwnn
rdiffweb Improper Access Control vulnerability
Ecosystems: pypi
Packages: rdiffweb
Source: GitHub Advisory Database
Blast Radius: 4.7
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS1mNWg5LXF4MzgtMmhncM4AAwnj
AWS SDK is vulnerable to server-side request forgery (SSRF)
Ecosystems: maven
Packages: com.amazonaws:aws-android-sdk-mobile-client
Source: GitHub Advisory Database
Blast Radius: 20.1
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS1jNWhnLW1yOHItZjZqcM4AAwnc
Hazelcast connection caching
Ecosystems: maven
Packages: com.hazelcast:hazelcast-enterprise, com.hazelcast.jet:hazelcast-jet-enterprise, com.hazelcast.jet:hazelcast-jet, com.hazelcast:hazelcast
Source: GitHub Advisory Database
Blast Radius: 36.6
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS02eHJmLXE5NzctNXZnY84AAwmb
json-pointer vulnerable to Prototype Pollution
Ecosystems: npm
Packages: json-pointer
Source: GitHub Advisory Database
Blast Radius: 39.4
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS0yajJ4LTJncHctZzhmbc4AAwl4
flat vulnerable to Prototype Pollution
Ecosystems: npm
Packages: flat
Source: GitHub Advisory Database
Blast Radius: 55.3
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS1wNHFyLXZxMmctMjJ3cM4AAwkn
ThinkPHP Framework vulnerable to remote code execution
Ecosystems: packagist
Packages: topthink/framework
Source: GitHub Advisory Database
Blast Radius: 34.4
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS02OGd3LXIyeDUtN3I1cs4AAwkY
usememos/memos Authorization Bypass Through User-Controlled Key vulnerability
Ecosystems: go
Packages: github.com/usememos/memos
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS13bXhtLTZ3eGMtM3hxZs4AAwgk
Apache ShardingSphere-Proxy Incomplete Cleanup vulnerability
Ecosystems: maven
Packages: org.apache.shardingsphere:shardingsphere-proxy
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS02bTRoLWhmcHAteDhjeM4AAwgV
docconv OS Command Injection vulnerability
Ecosystems: go
Packages: code.sajari.com/docconv, github.com/sajari/docconv
Source: GitHub Advisory Database
Blast Radius: 24.6
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS1jMnA0LThtdnYtcndtds4AAwel
Apache Karaf vulnerable to potential code injection
Ecosystems: maven
Packages: org.apache.karaf:apache-karaf
Source: GitHub Advisory Database
Blast Radius: 30.4
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS00dzJqLTJyZzQtNW1qd84AAweA
vm2 vulnerable to Arbitrary Code Execution
Ecosystems: npm
Packages: vm2
Source: GitHub Advisory Database
Blast Radius: 46.2
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS1yYzU4LXFyOWotY3Bnd84AAwbo
Apache Airflow Hive Provider vulnerable to Command Injection
Ecosystems: pypi
Packages: apache-airflow-providers-apache-hive
Source: GitHub Advisory Database
Blast Radius: 12.5
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS0zM3ZoLTd4OHEtbWczNc4AAwbl
safe-eval vulnerable to Prototype Pollution
Ecosystems: npm
Packages: safe-eval
Source: GitHub Advisory Database
Blast Radius: 33.7
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS0zZmhqLXdwdmoteDV3OM4AAwaM
laravel-jqgrid vulnerable to SQL Injection
Ecosystems: packagist
Packages: mgallegos/laravel-jqgrid
Source: GitHub Advisory Database
Blast Radius: 14.0
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS05N2p2LWMzNDItNXhoY84AAwaR
FurqanSoftware/node-whois vulnerable to Prototype Pollution
Ecosystems: npm
Packages: whois
Source: GitHub Advisory Database
Blast Radius: 23.5
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS1nM3djLXh2OTMtNDQ1cc4AAwZM
DNS NuGet package uses insufficiently random values
Ecosystems: nuget
Packages: DNS
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS1wbWcyLXJwaDgtcDhyNs4AAwYe
Alist vulnerable to Path Traversal
Ecosystems: go
Packages: github.com/alist-org/alist/v3
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS1odzQ2LXZnNnctODhmas4AAwXM
replicator vulnerable to Deserialization of Untrusted Data
Ecosystems: npm
Packages: replicator
Source: GitHub Advisory Database
Blast Radius: 34.4
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS1wNDk1LWp4aDItd3JmZ84AAwYT
npm package rfc6902 vulnerable to Prototype Pollution
Ecosystems: npm
Packages: rfc6902
Source: GitHub Advisory Database
Blast Radius: 33.4
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS1mNjgzLTM1dzktMjhnNc4AAwWi
Multiple vulnerabilities in extension "Newsletter subscriber management" (fp_newsletter)
Ecosystems: packagist
Packages: fixpunkt/fp-newsletter
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS01M21tLWh4MzItNjQ3Nc4AAwWZ
TYPO3 vulnerable to Insufficient Session Expiration
Ecosystems: packagist
Packages: derhansen/fe_change_pwd, typo3/cms
Source: GitHub Advisory Database
Blast Radius: 25.6
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS1jbXdtLTQ1bWotbXBnM84AAwV0
SCIFIO vulnerable to Path Traversal
Ecosystems: maven
Packages: io.scif:scifio
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS05OTV4LTMzd3EtOGdjOc4AAwVt
cycle-import-check vulnerable to Command Injection
Ecosystems: npm
Packages: cycle-import-check
Source: GitHub Advisory Database
Blast Radius: 4.7
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS1nOHE4LWZnZ3gtOXIzcc4AAwUa
Keycloak vulnerable to path traversal via double URL encoding
Ecosystems: maven
Packages: org.keycloak:keycloak-parent
Source: GitHub Advisory Database
Blast Radius: 14.7
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS14M3gzLXF3anEtOGdqNM4AAwSr
Apache CXF Server-Side Request Forgery vulnerability
Ecosystems: maven
Packages: org.apache.cxf:cxf-core
Source: GitHub Advisory Database
Blast Radius: 31.7
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS1nNTk0LTU1bXAtZjZxOM4AAwRe
Improper Privilege Management in rdiffweb
Ecosystems: pypi
Packages: rdiffweb
Source: GitHub Advisory Database
Blast Radius: 4.7
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS1oYzVnLXhmNjQtajQ5as4AAwOq
Mingsoft MCMS vulnerable to SQL Injection
Ecosystems: maven
Packages: net.mingsoft:ms-mcms
Source: GitHub Advisory Database
Blast Radius: 3.0
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS0yaHZjLWh3ZzMtaHB2d84AAwMf
PaddlePaddle Out-of-bounds Read vulnerability
Ecosystems: pypi
Packages: paddlepaddle
Source: GitHub Advisory Database
Blast Radius: 30.4
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS1nY2pmLTI5bTktODg4cc4AAwMe
PaddlePaddle vulnerable to Code Injection
Ecosystems: pypi
Packages: PaddlePaddle
Source: GitHub Advisory Database
Blast Radius: 32.8
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS1tOHh3LTl4NXgtNnZoM84AAwLr
py7zr directory traversal vulnerability
Ecosystems: pypi
Packages: py7zr
Source: GitHub Advisory Database
Blast Radius: 29.2
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS1yZjNnLXY4cDUtcDY3Nc4AAwJ4
NodeBB vulnerable to account takeover via prototype vulnerability
Ecosystems: npm
Packages: nodebb
Source: GitHub Advisory Database
Blast Radius: 4.5
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS13NjZqLXhjN3ItbTJqds4AAwJR
camel-ldap component allows LDAP Injection when using the filter option
Ecosystems: maven
Packages: org.apache.camel:camel-ldap
Source: GitHub Advisory Database
Blast Radius: 22.5
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS1tOHI1LTd3ZjQtNjNtd84AAwI7
Nadesiko3 OS Command Injection vulnerability
Ecosystems: npm
Packages: nadesiko3
Source: GitHub Advisory Database
Blast Radius: 9.8
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS03MjQ5LTh4MjItNHJnNM4AAwI3
nadesiko3 vulnerable to OS Command Injection
Ecosystems: npm
Packages: nadesiko3
Source: GitHub Advisory Database
Blast Radius: 9.8
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS12YzM5LXg3dzYtNnZqN84AAwG6
Apache Tapestry allows deserialization of untrusted data
Ecosystems: maven
Packages: org.apache.tapestry:tapestry-core
Source: GitHub Advisory Database
Blast Radius: 28.3
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS02NWhqLTlwcHctNzd4Y84AAwGQ
ff4j is vulnerable to Remote Code Execution (RCE)
Ecosystems: maven
Packages: org.ff4j:ff4j-core
Source: GitHub Advisory Database
Blast Radius: 20.9
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS00cDM4LXJjOTgtY3IzOc4AAwF7
Zenario CMS is vulnerable to Remote Code Execution (RCE).
Ecosystems: packagist
Packages: tribalsystems/zenario
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS1qMmpwLXd2cWctd2MyZ84AAwFN
crewjam/saml vulnerable to signature bypass via multiple Assertion elements due to improper authentication
Ecosystems: go
Packages: github.com/crewjam/saml
Source: GitHub Advisory Database
Blast Radius: 26.0
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS1jdmg0LWNqYzktODRxbc4AAwFH
owncast is vulnerable to SQL Injection
Ecosystems: go
Packages: github.com/owncast/owncast
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS0yMnZjLTVwZ3ctNjQ0cc4AAwDN
KubeView vulnerable to full cluster takeover due to improper authentication
Ecosystems: go
Packages: github.com/benc-uk/kubeview
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Statistics
Advisories: 18,774
Packages: 8,381
Repositories: 1,300
Ecosystems: 12
Filter by Severity
Moderate 8,161 High 6,452 Critical 2,849 Low 1,017
Filter by Ecosystem
npm 953 maven 826 packagist 493 pypi 370 go 215 cargo 154 rubygems 110 nuget 49 actions 4 hex 4 swift 2
Filter by Package
magento/community-edition 34 com.fasterxml.jackson.core:jackson-databind 24 dolibarr/dolibarr 23 org.jenkins-ci.main:jenkins-core 18 net.mingsoft:ms-mcms 18 salt 17 moodle/moodle 15 drupal/core 14 topthink/framework 13 com.liferay.portal:release.portal.bom 13 com.liferay.portal:release.dxp.bom 12 org.apache.dubbo:dubbo 12 langchain 12 mlflow 12 magento/core 11 org.apache.struts:struts2-core 11 apache-airflow 10 vm2 10 drupal/drupal 10 tensorflow 9 phpmyadmin/phpmyadmin 9 org.xwiki.platform:xwiki-platform-oldcore 9 funadmin/funadmin 9 tensorflow-gpu 8 tensorflow-cpu 8 paddlepaddle 8 froxlor/froxlor 8 org.jeecgframework.boot:jeecg-boot-common 8 shopware/platform 8 rdiffweb 8 org.xwiki.platform:xwiki-platform-web-templates 8 rusqlite 7 studio-42/elfinder 7 org.xwiki.platform:xwiki-platform-administration-ui 7 sequelize 7 gogs.io/gogs 7 ansible 7 symfony/symfony 7 thorsten/phpmyfaq 6 github.com/answerdev/answer 6 github.com/argoproj/argo-cd 6 parse-server 6 aaptjs 6 ezsystems/ezpublish-kernel 6 mautic/core 5 Microsoft.ChakraCore 5 django 5 org.jenkins-ci.plugins:script-security 5 org.xwiki.platform:xwiki-platform-web 5 safe-eval 5 org.jeecgframework.boot:jeecg-boot-parent 5 org.apache.inlong:manager-pojo 5 mercurial 5 org.apache.shiro:shiro-core 5 centreon/centreon 5 zendframework/zendframework 5 org.apache.activemq:activemq-client 5 shopware/core 5 prestashop/prestashop 5 ckb 5 steal 5 org.xwiki.commons:xwiki-commons-xml 5 Pillow 5 nodebb 5 org.cloudfoundry.identity:cloudfoundry-identity-server 4 github.com/grafana/grafana 4 nukeviet/nukeviet 4 github.com/argoproj/argo-cd/v2 4 org.apache.kylin:kylin-server-base 4 openssl-src 4 org.apache.tapestry:tapestry-core 4 baserproject/basercms 4 org.xwiki.platform:xwiki-platform-appwithinminutes-ui 4 librenms/librenms 4 pyload-ng 4 apache-airflow-providers-apache-hive 4 PaddlePaddle 4 net.opentsdb:opentsdb 4 feehi/cms 4 calibreweb 4 contao/core-bundle 4 spree_auth_devise 4 org.xwiki.platform:xwiki-platform-flamingo-skin-resources 4 swagger-ui 4 org.apache.tomcat.embed:tomcat-embed-core 4 safer-eval 4 github.com/hashicorp/vault 4 org.eclipse.jetty:jetty-server 4 github.com/usememos/memos 4 code.gitea.io/gitea 4 org.jeecgframework.boot:jeecg-boot-base-core 4 smallvec 4 hermes-engine 4 org.apache.openmeetings:openmeetings-parent 4 messagepack-rs 4 org.apache.inlong:manager-service 4 contao/contao 4 Django 4 realms-shim 4 nilsteampassnet/teampass 4 codeigniter4/framework 3 org.apache.logging.log4j:log4j-core 3 showdoc/showdoc 3 lmdb 3 org.jenkins-ci.plugins:active-directory 3 github.com/dexidp/dex 3 org.xwiki.platform:xwiki-platform-icon-ui 3 zendframework/zendframework1 3 org.apache.storm:storm 3 github.com/rancher/rancher 3 org.xwiki.platform:xwiki-platform-search-ui 3 org.apache.dolphinscheduler:dolphinscheduler 3 typo3/cms 3 org.apache.ignite:ignite-core 3 org.apache.inlong:manager-web 3 com.hazelcast:hazelcast 3 modoboa 3 log4j:log4j 3 org.zenframework.z8.dependencies.commons:log4j-1.2.17 3 id-map 3 tribalsystems/zenario 3 @openzeppelin/contracts-upgradeable 3 pimcore/pimcore 3 org.xwiki.platform:xwiki-platform-panels-ui 3 nvflare 3 org.xwiki.platform:xwiki-platform-flamingo-theme-ui 3 org.jeecgframework.boot:jeecg-boot-base 3 slp-validate 3 org.keycloak:keycloak-core 3 ro.pippo:pippo-core 3 facade/ignition 3 symfony/security 3 edu.stanford.nlp:stanford-corenlp 3 com.jflyfox:jflyfox_jfinal 3 symfony/security-core 3 com.alibaba:dubbo 3 ezsystems/ezplatform-kernel 3 org.apache.hadoop:hadoop-common 3 jsrsasign 3 codeigniter/framework 3 impresscms/impresscms 3 github.com/go-gitea/gitea 3 simplesamlphp/simplesamlphp 3 nokogiri 3 org.apache.any23:apache-any23 3 org.apache.linkis:linkis 3 craftcms/cms 3 handlebars 3 smarty/smarty 3 rubygems-update 3 io.dataease:dataease-plugin-common 3 org.jenkins-ci.plugins.workflow:workflow-cps 3 github.com/pterodactyl/wings 3 org.apache.ozone:ozone-main 3 adodb/adodb-php 3 slpjs 3 strapi 3 cobbler 3 dompdf/dompdf 3 org.springframework.security:spring-security-core 3 browserify-shim 3 org.apache.jmeter:ApacheJMeter 3 actix-web 3 ibexa/core 3 mongoose 3 io.undertow:undertow-core 3 org.apache.solr:solr-parent 3 xcb 3 phpmailer/phpmailer 3 org.apache.solr:solr-core 3 elefant/cms 3 org.richfaces:richfaces-core 3 francoisjacquet/rosariosis 3 ray 3 github.com/hashicorp/nomad 3 publify_core 3 feathers-sequelize 3 codiad/codiad 3 alextselegidis/easyappointments 2 eslint-config-eslint 2 github.com/beego/beego 2 github.com/beego/beego/v2 2 mysql2 2 org.xwiki.platform:xwiki-platform-attachment-ui 2 org.apache.flume.flume-ng-sources:flume-jms-source 2 llama-index 2 Radicale 2 github.com/russellhaering/gosaml2 2 laravel/framework 2 org.keycloak:keycloak-services 2 com.hazelcast.jet:hazelcast-jet 2 org.apache.derby:derby 2 cn.hutool:hutool-all 2 org.apache.inlong:manager-dao 2 @keystone-6/core 2 joplin 2 ctx 2 org.xwiki.platform:xwiki-platform-administration 2 org.xwiki.platform:xwiki-platform-distribution-war 2 org.jenkins-ci.plugins:semantic-versioning-plugin 2
Filter by Repository
https://github.com/xwiki/xwiki-platform 81 https://github.com/FasterXML/jackson-databind 24 https://github.com/jenkinsci/jenkins 17 https://github.com/Dolibarr/dolibarr 15 https://github.com/apache/airflow 14 https://github.com/saltstack/salt 14 https://github.com/mlflow/mlflow 11 https://github.com/PaddlePaddle/Paddle 11 https://github.com/ming-soft/MCMS 10 https://github.com/patriksimek/vm2 10 https://github.com/funadmin/funadmin 9 https://github.com/jeecgboot/jeecg-boot 9 https://github.com/tensorflow/tensorflow 9 https://github.com/django/django 9 https://github.com/top-think/framework 9 https://github.com/langchain-ai/langchain 8 https://github.com/magento/magento2 8 https://github.com/ikus060/rdiffweb 8 https://github.com/apache/inlong 8 https://github.com/argoproj/argo-cd 7 https://github.com/Studio-42/elFinder 7 https://github.com/python-pillow/Pillow 7 https://github.com/gogs/gogs 7 https://github.com/go-gitea/gitea 7 https://github.com/ansible/ansible 7 https://github.com/sequelize/sequelize 7 https://github.com/rusqlite/rusqlite 7 https://github.com/apache/struts 7 https://github.com/thorsten/phpmyfaq 6 https://github.com/shopware/platform 6 https://github.com/shenzhim/aaptjs 6 https://github.com/parse-community/parse-server 6 https://github.com/symfony/symfony 6 https://github.com/xwiki/xwiki-commons 6 https://github.com/answerdev/answer 6 https://github.com/apache/tomcat 5 https://github.com/solidusio/solidus_auth_devise 5 https://github.com/PrestaShop/PrestaShop 5 https://github.com/nervosnetwork/ckb 5 https://github.com/froxlor/froxlor 5 https://github.com/NodeBB/NodeBB 5 https://github.com/apache/activemq 5 https://github.com/dromara/hutool 5 https://github.com/keycloak/keycloak 5 https://github.com/hacksparrow/safe-eval 5 https://github.com/moodle/moodle 5 https://github.com/stealjs/steal 5 https://github.com/swagger-api/swagger-ui 4 https://github.com/hwchase17/langchain 4 https://github.com/OpenTSDB/opentsdb 4 https://github.com/janeczku/calibre-web 4 https://github.com/otake84/messagepack-rs 4 https://github.com/cloudfoundry/uaa 4 https://github.com/pippo-java/pippo 4 https://github.com/usememos/memos 4 https://github.com/contao/contao 4 https://github.com/dompdf/dompdf 4 https://github.com/spring-projects/spring-framework 4 https://github.com/ezsystems/ezpublish-kernel 4 https://github.com/servo/rust-smallvec 4 https://github.com/grafana/grafana 4 https://github.com/liufee/cms 4 https://github.com/pyload/pyload 4 https://github.com/CVEProject/cvelist 4 https://github.com/centreon/centreon-archived 3 https://github.com/shopware/shopware 3 https://github.com/modoboa/modoboa 3 https://github.com/PHPMailer/PHPMailer 3 https://github.com/publify/publify 3 https://github.com/facade/ignition 3 https://github.com/feathersjs-ecosystem/feathers-sequelize 3 https://github.com/ImpressCMS/impresscms 3 https://github.com/star7th/showdoc 3 https://github.com/thlorenz/browserify-shim 3 https://github.com/cobbler/cobbler 3 https://github.com/opencast/opencast 3 https://github.com/pimcore/pimcore 3 https://github.com/smarty-php/smarty 3 https://github.com/rancher/rancher 3 https://github.com/facebook/hermes 3 https://github.com/craftcms/cms 3 https://github.com/nukeviet/nukeviet 3 https://github.com/ezsystems/ezplatform-kernel 3 https://github.com/hazelcast/hazelcast 3 https://github.com/jflyfox/jfinal_cms 3 https://github.com/simpleledger/slpjs 3 https://github.com/phpmyadmin/phpmyadmin 3 https://github.com/crewjam/saml 3 https://github.com/chakra-core/ChakraCore 3 https://github.com/dataease/dataease 3 https://github.com/NVIDIA/NVFlare 3 https://github.com/ibexa/core 3 https://github.com/ADOdb/ADOdb 3 https://github.com/rubygems/rubygems.org 3 https://github.com/andrewhickman/id-map 3 https://github.com/rubygems/rubygems 3 https://github.com/twisted/twisted 3 https://github.com/apache/camel 3 https://github.com/actix/actix-web 3 https://github.com/pterodactyl/wings 3 https://github.com/dwisiswant0/advisory 3 https://github.com/run-llama/llama_index 3 https://github.com/jbroadway/elefant 3 https://github.com/strapi/strapi 3 https://github.com/octobercms/october 3 https://github.com/denoland/deno 3 https://github.com/mautic/mautic 3 https://github.com/TeamSeri0us/pocs 3 https://github.com/github/securitylab 3 https://github.com/baserproject/basercms 3 https://github.com/dexidp/dex 3 https://github.com/LetianYuan/My-CVE-Public-References 3 https://github.com/neorazorx/facturascripts 3 https://github.com/apache/shiro 3 https://github.com/kjur/jsrsasign 3 https://github.com/mbechler/marshalsec 3 https://github.com/jmrozanec/cron-utils 2 https://github.com/sjep/array 2 https://github.com/pytorch/serve 2 https://github.com/OpenAPITools/openapi-generator 2 https://github.com/jfinal/jfinal 2 https://github.com/simpleledger/slp-validate.js 2 https://github.com/top-think/thinkphp 2 https://github.com/SAP/cloud-pysec 2 https://github.com/apache/kylin 2 https://github.com/TribalSystems/Zenario 2 https://github.com/totaljs/framework 2 https://github.com/stanfordnlp/corenlp 2 https://github.com/HtmlUnit/htmlunit 2 https://github.com/ahdinosaur/set-in 2 https://github.com/kubernetes/kubernetes 2 https://github.com/Microsoft/ChakraCore 2 https://github.com/MrSwitch/hello.js 2 https://github.com/ibexa/admin-ui 2 https://github.com/evmos/evmos 2 https://github.com/beego/beego 2 https://github.com/dominictarr/libnested 2 https://github.com/fluxcd/flux2 2 https://github.com/moby/buildkit 2 https://github.com/unshiftio/url-parse 2 https://github.com/sidorares/node-mysql2 2 https://github.com/noear/solon 2 https://github.com/h2database/h2database 2 https://github.com/firebase/php-jwt 2 https://github.com/netvl/acc_reader 2 https://github.com/rubyzip/rubyzip 2 https://github.com/russellhaering/gosaml2 2 https://github.com/jenkinsci/semantic-versioning-plugin 2 https://github.com/rest-client/rest-client 2 https://github.com/hashicorp/go-getter 2 https://github.com/qcubed/qcubed 2 https://github.com/nats-io/jwt 2 https://github.com/getgrav/grav 2 https://github.com/rochacbruno/quokka 2 https://github.com/graphite-project/graphite-web 2 https://github.com/rails/rails 2 https://github.com/uasoft-indonesia/badaso 2 https://github.com/apache/flume 2 https://github.com/Froxlor/Froxlor 2 https://github.com/TogaTech/tEnvoy 2 https://github.com/PowerJob/PowerJob 2 https://github.com/Gerapy/Gerapy 2 https://github.com/rust-random/rand 2 https://github.com/hashicorp/nomad 2 https://github.com/vert-x3/vertx-web 2 https://github.com/apache/karaf 2 https://github.com/simplesamlphp/simplesamlphp 2 https://github.com/nilsteampassnet/teampass 2 https://github.com/sparklemotion/nokogiri 2 https://github.com/laurent22/joplin 2 https://gitlab.com/francoisjacquet/rosariosis 2 https://github.com/dominictarr/event-stream 2 https://github.com/KnpLabs/snappy 2 https://github.com/apache/incubator-streampark 2 https://github.com/SAP/cloud-security-services-integration-library 2 https://github.com/skoranga/node-dns-sync 2 https://github.com/commenthol/safer-eval 2 https://github.com/SAP/cloud-security-client-go 2 https://github.com/dfinity/agent-js 2 https://github.com/jaw187/node-traceroute 2 https://github.com/WWBN/AVideo 2 https://github.com/markevans/dragonfly 2 https://github.com/soketi/soketi 2 https://github.com/nilsteampassnet/TeamPass 2 https://github.com/line/armeria 2 https://github.com/gofiber/fiber 2 https://github.com/joomla/joomla-cms 2 https://github.com/OpenZeppelin/openzeppelin-contracts-upgradeable 2 https://github.com/benbusby/whoogle-search 2 https://github.com/google/flatbuffers 2 https://github.com/gventuri/pandas-ai 2 https://github.com/nodejs/llhttp 2 https://github.com/zoujingli/ThinkAdmin 2 https://github.com/Automattic/mongoose 2 https://github.com/handlebars-lang/handlebars.js 2 https://github.com/hashicorp/vault 2 https://github.com/ionicabizau/parse-url 2 https://github.com/cockpit-hq/cockpit 2 https://github.com/keystonejs/keystone 2