Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

High Security Advisories

Loading...
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTk2Mm0tbThqdy04d3Jy
Path Traversal in Zope
Ecosystems: pypi
Packages: Zope
Source: GitHub Advisory Database
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1wNnFjLTM3aHEtd3FyNs4AAoNm
Remote code execution vulnerability in Jenkins Templating Engine Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:templating-engine
Source: GitHub Advisory Database
Published: about 1 year ago
High
GSA_kwCzR0hTQS00OGhyLWpnNHAtdzRwNM4AAnp9
XSS vulnerability in Jenkins Claim Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:claim
Source: GitHub Advisory Database
Published: about 1 year ago
High
GSA_kwCzR0hTQS1qZjlqLWh4MmotbTl4aM4AAlx7
CSRF vulnerability in Jenkins Database Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:database
Source: GitHub Advisory Database
Published: about 1 year ago
High
GSA_kwCzR0hTQS1qN3EyLWM2cjQteDJqd84AAlxw
Stored XSS vulnerability in Jenkins Git Parameter Plugin
Ecosystems: maven
Packages: org.jenkins-ci.tools:git-parameter
Source: GitHub Advisory Database
Published: about 1 year ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTR3NHAteHdyci05Y3Jo
Injection in Apache Syncope
Ecosystems: maven
Packages: org.apache.syncope:syncope-core
Source: GitHub Advisory Database
Published: almost 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZtNWotdnFyNi12N3Y4
OS Command Injection in pixl-class
Ecosystems: npm
Packages: pixl-class
Source: GitHub Advisory Database
Published: over 1 year ago
High
GSA_kwCzR0hTQS14cTJxLThoeGMtN2pyMs4AAlyG
XXE vulnerability in Jenkins Valgrind Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:valgrind
Source: GitHub Advisory Database
Published: about 1 year ago
High
GSA_kwCzR0hTQS12NDZxLXhqcDUtN3A2cs4AAlyU
Stored XSS vulnerability in Jenkins Cadence vManager Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:vmanager-plugin
Source: GitHub Advisory Database
Published: about 1 year ago
High
GSA_kwCzR0hTQS0zbXdqLTd2bXEtdzQzcM4AAllB
Stored XSS vulnerability in Jenkins Yet Another Build Visualizer Plugin
Ecosystems: maven
Packages: com.axis.system.jenkins.plugins.downstream:yet-another-build-visualizer
Source: GitHub Advisory Database
Published: about 1 year ago
High
GSA_kwCzR0hTQS1tcnI4LWZjZzctcDJ3Z84AAllJ
Missing permission check in Jenkins Pipeline Maven Integration Plugin allow capturing credentials
Ecosystems: maven
Packages: org.jenkins-ci.plugins:pipeline-maven
Source: GitHub Advisory Database
Published: about 1 year ago
High
GSA_kwCzR0hTQS1xOXIyLWYzdmMtcmpnOM4AAuAj
Command Injection in macaddress
Ecosystems: npm
Packages: macaddress
Source: GitHub Advisory Database
Published: almost 3 years ago
High
GSA_kwCzR0hTQS1jMmhnLTJqajYtaDh2aM4AAllD
CSRF vulnerability in Jenkins Pipeline Maven Integration Plugin allow capturing credentials
Ecosystems: maven
Packages: org.jenkins-ci.plugins:pipeline-maven
Source: GitHub Advisory Database
Published: about 1 year ago
High
GSA_kwCzR0hTQS12dzI3LWZ3amYtNXF4bc0Wqg
Arbitrary command execution on Windows via qutebrowserurl: URL handler
Ecosystems: pypi
Packages: qutebrowser
Source: GitHub Advisory Database
Published: over 1 year ago
High
GSA_kwCzR0hTQS1nYzJyLWNjZmgtNjJ2Oc4AAoGF
Reflected XSS vulnerability in Jenkins Micro Focus Application Automation Tools Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:hp-application-automation-tools-plugin
Source: GitHub Advisory Database
Published: about 1 year ago
High
GSA_kwCzR0hTQS0zaDU3LWhtajMtZ2ozcM4AAyAE
Rack has possible DoS Vulnerability in Multipart MIME parsing
Ecosystems: rubygems
Packages: rack
Source: GitHub Advisory Database
Published: 3 months ago
High
GSA_kwCzR0hTQS1jbWdtLXE4aGYtcDdqY84AAkKs
XXE vulnerability in Jenkins Code Coverage API Plugin
Ecosystems: maven
Packages: io.jenkins.plugins:code-coverage-api
Source: GitHub Advisory Database
Published: about 1 year ago
High
GSA_kwCzR0hTQS14eDdnLWYyODctZjlmcc4AAmCb
XXE vulnerability in Jenkins Liquibase Runner Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:liquibase-runner
Source: GitHub Advisory Database
Published: about 1 year ago
High
GSA_kwCzR0hTQS1xNTY0LXZ2eDgtOTM4OM4AAmCg
CSRF vulnerability in Jenkins warnings Plugin allows remote code execution
Ecosystems: maven
Packages: org.jvnet.hudson.plugins:warnings
Source: GitHub Advisory Database
Published: about 1 year ago
High
GSA_kwCzR0hTQS01NTNxLWhwdnAtcThwY80ZWw
Server-Side Request Forgery in snipe/snipe-it
Ecosystems: packagist
Packages: snipe/snipe-it
Source: GitHub Advisory Database
Published: over 1 year ago
High
GSA_kwCzR0hTQS00Z2c1LXZ4M2oteHdjN84AAwQz
Protobuf Java vulnerable to Uncontrolled Resource Consumption
Ecosystems: maven
Packages: com.google.protobuf:protobuf-javalite, com.google.protobuf:protobuf-java
Source: GitHub Advisory Database
Published: 6 months ago
High
GSA_kwCzR0hTQS1mNXd4LXcyZjktODJnaM4AAjcW
XXE vulnerability in Jenkins WebSphere Deployer Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:websphere-deployer
Source: GitHub Advisory Database
Published: about 1 year ago
High
GSA_kwCzR0hTQS02eHhqLWdjanEtd2dmNM0ZdA
SQL injection in prestashop/prestashop
Ecosystems: packagist
Packages: prestashop/prestashop
Source: GitHub Advisory Database
Published: over 1 year ago
High
GSA_kwCzR0hTQS04ZnA0LXJwNmMtNWdjds0Y7g
Path Traversal in com.linecorp.armeria:armeria
Ecosystems: maven
Packages: com.linecorp.armeria:armeria
Source: GitHub Advisory Database
Published: over 1 year ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTI3Zzgtcjl2dy03NjV4
Private Field data leak
Ecosystems: npm
Packages: @keystonejs/keystone
Source: GitHub Advisory Database
Published: about 2 years ago
High
GSA_kwCzR0hTQS03d3E0LTg5eHgtZzYyas0mjw
Password exposure in ShenYu
Ecosystems: maven
Packages: org.apache.shenyu:shenyu-common
Source: GitHub Advisory Database
Published: over 1 year ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZ3MmctNTgyNy1tOWZw
Out-of-bounds write
Ecosystems: nuget
Packages: Microsoft.ChakraCore
Source: GitHub Advisory Database
Published: about 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTI0NTItM3J3di14ODlj
Out-of-bounds write
Ecosystems: nuget
Packages: Microsoft.ChakraCore
Source: GitHub Advisory Database
Published: about 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXBjZ2YtcWp4Mi1xdjRx
Out-of-bounds write
Ecosystems: nuget
Packages: Microsoft.ChakraCore
Source: GitHub Advisory Database
Published: about 2 years ago
High
GSA_kwCzR0hTQS1tZzQ2LWY5aDUtZzI3eM4AAywe
Apache Sling Engine vulnerable to cross-site scripting (XSS) that can lead to privilege escalation
Ecosystems: maven
Packages: org.apache.sling:org.apache.sling.engine
Source: GitHub Advisory Database
Published: about 2 months ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZyYzctNmc4dy1qaDU2
Improper Input Validation in xdLocalStorage
Ecosystems: npm
Packages: xdLocalStorage
Source: GitHub Advisory Database
Published: over 1 year ago
High
GSA_kwCzR0hTQS00aGhxLWozeHctd2o4Oc4AAknR
RCE vulnerability in SCM Filter Jervis Plugin
Ecosystems: maven
Packages: io.jenkins.plugins:scm-filter-jervis
Source: GitHub Advisory Database
Published: about 1 year ago
High
GSA_kwCzR0hTQS05ZjM3LWdneG0taDZ3eM4AAmvW
CSRF vulnerability in Jenkins Shelve Project Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:shelve-project-plugin
Source: GitHub Advisory Database
Published: about 1 year ago
High
GSA_kwCzR0hTQS13aDZ3LTM4MjgtZzlxZs4AAv0W
Wasmtime may have data leakage between instances in the pooling allocator
Ecosystems: cargo
Packages: wasmtime
Source: GitHub Advisory Database
Published: 7 months ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXc2djItcWNobS1ncmo3
Insecure permissions on user namespace / fakeroot temporary rootfs in Singularity
Ecosystems: go
Packages: github.com/sylabs/singularity
Source: GitHub Advisory Database
Published: over 1 year ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJyNmotODYyYy1tMnYy
Unrestricted File Upload in Form Framework
Ecosystems: packagist
Packages: typo3/cms-form
Source: GitHub Advisory Database
Published: about 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWp2OWMtdzc0cS02NzYy
Insecure permissions on build temporary rootfs in Singularity
Ecosystems: go
Packages: github.com/sylabs/singularity
Source: GitHub Advisory Database
Published: about 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTc1YzUtZjRndy0zOHI5
Multiple vulnerabilities through filename manipulation in Archive_Tar
Ecosystems: packagist
Packages: pear/archive_tar
Source: GitHub Advisory Database
Published: about 2 years ago
High
GSA_kwCzR0hTQS1xNWo5LWY5NXctZjRwcs4AAwIx
TERASOLUNA Server Framework vulnerable to ClassLoader manipulation
Ecosystems: maven
Packages: org.terasoluna.gfw:terasoluna-gfw-common
Source: GitHub Advisory Database
Published: 6 months ago
High
GSA_kwCzR0hTQS03dnI1LTcydzctcTZqY84AAvdg
Sandbox bypass vulnerabilities in Jenkins Script Security Plugin and in Pipeline: Groovy Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins.workflow:workflow-cps, org.jenkins-ci.plugins:script-security
Source: GitHub Advisory Database
Published: 8 months ago
High
GSA_kwCzR0hTQS0yN3JmLThtanAtcjM2M84AAvdY
Sandbox bypass vulnerabilities in Jenkins Script Security Plugin and in Pipeline: Groovy Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins.workflow:workflow-cps, org.jenkins-ci.plugins:script-security
Source: GitHub Advisory Database
Published: 8 months ago
High
GSA_kwCzR0hTQS03N3JtLTl4OWgteGozZ80mxQ
NULL Pointer Dereference in Protocol Buffers
Ecosystems: pypi, go, maven, packagist, nuget
Packages: protobuf, github.com/protocolbuffers/protobuf, com.google.protobuf:protobuf-parent, google/protobuf, Google.Protobuf
Source: GitHub Advisory Database
Published: over 1 year ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTh3eDItOXE0OC12bTly
RFD attack via Content-Disposition header sourced from request input by Spring MVC or Spring WebFlux Application
Ecosystems: maven
Packages: org.springframework:spring-webflux, org.springframework:spring-webmvc
Source: GitHub Advisory Database
Published: over 3 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJwM3gtcXc5Yy0yNWho
XStream can cause a Denial of Service.
Ecosystems: maven
Packages: com.thoughtworks.xstream:xstream
Source: GitHub Advisory Database
Published: about 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXB3cHItdnAydi05OXh3
Out-of-bounds write
Ecosystems: nuget
Packages: Microsoft.ChakraCore
Source: GitHub Advisory Database
Published: about 2 years ago
High
GSA_kwCzR0hTQS1nZ2hjLWc4Y2otNHZmds4AAqOV
Stored XSS vulnerability in Jenkins Git Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:git
Source: GitHub Advisory Database
Published: about 1 year ago
High
GSA_kwCzR0hTQS0zNGo1LWM0Y3YtbW1nNc4AAolr
XXE vulnerability in Jenkins URLTrigger Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:urltrigger
Source: GitHub Advisory Database
Published: about 1 year ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTRqZjUtamdncC1nNTZq
Cross-Site Request Forgery in com.softwaremill.akka-http-session:core_2.12
Ecosystems: maven
Packages: com.softwaremill.akka-http-session:core_2.12
Source: GitHub Advisory Database
Published: over 1 year ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXBweGMtcG14OS1xanY5
Out-of-bounds write
Ecosystems: nuget
Packages: Microsoft.ChakraCore
Source: GitHub Advisory Database
Published: about 2 years ago
High
GSA_kwCzR0hTQS1ycDR4LWg1NzctY2h2cc4AAqqb
Stored XSS vulnerability in Jenkins Active Choices Plugin
Ecosystems: maven
Packages: org.biouno:uno-choice
Source: GitHub Advisory Database
Published: about 1 year ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWN3cDktOTU2Zi12Y3do
Out-of-bounds write
Ecosystems: nuget
Packages: Microsoft.ChakraCore
Source: GitHub Advisory Database
Published: about 2 years ago
High
GSA_kwCzR0hTQS1oNjQ4LWdqMzQtNXg0cs4AAqqG
Agent-to-controller security bypass in Jenkins Squash TM Publisher (Squash4Jenkins) Plugin allows writing arbitrary files
Ecosystems: maven
Packages: org.jenkins-ci.plugins:squashtm-publisher-plugin
Source: GitHub Advisory Database
Published: about 1 year ago
High
GSA_kwCzR0hTQS01OHByLWhwcngtN2hnNs4AApuG
RCE vulnerability in Jenkins Code Coverage API Plugin
Ecosystems: maven
Packages: io.jenkins.plugins:code-coverage-api
Source: GitHub Advisory Database
Published: about 1 year ago
High
GSA_kwCzR0hTQS14ajI5LWdmd3ctajY3Z84AAygB
Jenkins JaCoCo Plugin vulnerable to Stored Cross-site Scripting
Ecosystems: maven
Packages: org.jenkins-ci.plugins:jacoco
Source: GitHub Advisory Database
Published: 2 months ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZwNzctZnFxcC03OWo4
Prototype Pollution in decal
Ecosystems: npm
Packages: decal
Source: GitHub Advisory Database
Published: about 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWczd2ctNm1jZi04amo2
Local Temp Directory Hijacking Vulnerability
Ecosystems: maven
Packages: org.mortbay.jetty:jetty-webapp, org.eclipse.jetty:jetty-webapp
Source: GitHub Advisory Database
Published: over 2 years ago
High
GSA_kwCzR0hTQS02NG1qLTNwOTItNTg5ds4AAs7p
Cross-site Scripting in Jenkins JUnit Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:junit
Source: GitHub Advisory Database
Published: 12 months ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW04OTgtaDRwbS1wcWZy
Arbitrary code execution due to an uncontrolled search path for the git binary
Ecosystems: go
Packages: github.com/MichaelMure/git-bug/repository, github.com/MichaelMure/git-bug
Source: GitHub Advisory Database
Published: about 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJyZmotMm13cC03ODd2
Out-of-bounds write
Ecosystems: nuget
Packages: Microsoft.ChakraCore
Source: GitHub Advisory Database
Published: about 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTc1OGMtZzJmZi05NDQ0
Out-of-bounds write
Ecosystems: nuget
Packages: Microsoft.ChakraCore
Source: GitHub Advisory Database
Published: about 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWozMngtajhwai1wZzJo
Prototype Pollution in decal
Ecosystems: npm
Packages: decal
Source: GitHub Advisory Database
Published: about 2 years ago
High
GSA_kwCzR0hTQS05cWNtLWZxajktOTNtNM4AAwU2
.NET Framework Remote Code Execution Vulnerability.
Ecosystems: nuget
Packages: Microsoft.WindowsDesktop.App.Runtime.win-x64
Source: GitHub Advisory Database
Published: 6 months ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXA0M3ctZzNjNS1nNW1x
Out of bounds read in Pillow
Ecosystems: pypi
Packages: Pillow
Source: GitHub Advisory Database
Published: about 2 years ago
High
GSA_kwCzR0hTQS14djNxLWpybW0tNGZ4ds4AAy3O
Authentication Bypass in @strapi/plugin-users-permissions
Ecosystems: npm
Packages: @strapi/plugin-users-permissions
Source: GitHub Advisory Database
Published: about 2 months ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTh4anEtOGZjZy1nNWh3
Out-of-bounds Write in Pillow
Ecosystems: pypi
Packages: Pillow
Source: GitHub Advisory Database
Published: about 2 years ago
High
GSA_kwCzR0hTQS02bXBwLWNtM3YtMjN2ds4AAoy5
Missing permission check in Jenkins XebiaLabs XL Deploy Plugin allows capturing credentials
Ecosystems: maven
Packages: com.xebialabs.deployit.ci:deployit-plugin
Source: GitHub Advisory Database
Published: about 1 year ago
High
GSA_kwCzR0hTQS1xcTNqLTQ0Z3ctY2Y2cs4AAtvo
Eclipse Californium denial of service (DoS) via Datagram Transport Layer Security (DTLS) handshake on parameter mismatch
Ecosystems: maven
Packages: org.eclipse.californium:californium-core
Source: GitHub Advisory Database
Published: 10 months ago
High
GSA_kwCzR0hTQS1xN3hnLWhoM3EtaGM2OM4AAoNx
XML External Entity Reference vulnerability in Jenkins Config File Provider Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:config-file-provider
Source: GitHub Advisory Database
Published: about 1 year ago
High
GSA_kwCzR0hTQS13N3I2LXY0ajctaDk0d84AAygm
Apache James server's JMX management service vulnerable to privilege escalation by local user
Ecosystems: maven
Packages: org.apache.james:javax-mail-extension
Source: GitHub Advisory Database
Published: 2 months ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTI1NDgtcTc0Ni14NXg2
Code injection in port-killer
Ecosystems: npm
Packages: port-killer
Source: GitHub Advisory Database
Published: about 2 years ago
High
GSA_kwCzR0hTQS1nYzg3LXF3bXYtN3g5eM4AAnqT
Stored XSS vulnerability in Jenkins Artifact Repository Parameter Plugin
Ecosystems: maven
Packages: io.jenkins.plugins:artifact-repository-parameter
Source: GitHub Advisory Database
Published: about 1 year ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJycTUtNjhobS1oNGo4
Cross-Site Request Forgery in OpenNMS Horizon
Ecosystems: maven
Packages: org.opennms:opennms
Source: GitHub Advisory Database
Published: about 2 years ago
High
GSA_kwCzR0hTQS00ZjZ4LWc1dmgtOGptNc4AAnpw
Stored XSS vulnerability in Jenkins Active Choices Plugin
Ecosystems: maven
Packages: org.biouno:uno-choice
Source: GitHub Advisory Database
Published: about 1 year ago
High
GSA_kwCzR0hTQS14bXc1LTQ1djktcHhxeM4AAnOd
XSS vulnerability in Jenkins TICS Plugin
Ecosystems: maven
Packages: io.jenkins.plugins:tics
Source: GitHub Advisory Database
Published: about 1 year ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTdmcWotY2c3OS1mMnB2
Thumbshooter vulnerable to Code Injection
Ecosystems: rubygems
Packages: thumbshooter
Source: GitHub Advisory Database
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTV2OTUtdjhjOC0zcmg2
Privilege escalation in rbac
Ecosystems: go
Packages: github.com/google/exposure-notifications-verification-server
Source: GitHub Advisory Database
Published: about 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZxNHctM3dwNC1xNXdm
Denial of Service in get-ip-range
Ecosystems: npm
Packages: get-ip-range
Source: GitHub Advisory Database
Published: about 2 years ago
High
GSA_kwCzR0hTQS1oZzJ3LTNjNGotamp3bc4AAnps
Stored XSS vulnerability in Jenkins Repository Connector Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:repository-connector
Source: GitHub Advisory Database
Published: about 1 year ago
High
GSA_kwCzR0hTQS1tcGN4LThxcXctcm1jcc4AAuAg
SQL Injection in waterline-sequel
Ecosystems: npm
Packages: waterline-sequel
Source: GitHub Advisory Database
Published: almost 3 years ago
High
GSA_kwCzR0hTQS1wcHE3LTg4YzctcTg3Oc0XVw
Cross-Site Request Forgery in PiranhaCMS
Ecosystems: nuget
Packages: Piranha
Source: GitHub Advisory Database
Published: over 1 year ago
High
GSA_kwCzR0hTQS05aGNyLTloY3YteDZwds4AAypf
Flask-AppBuilder Has No Rate Limiting on Login AUTH DB
Ecosystems: pypi
Packages: Flask-AppBuilder
Source: GitHub Advisory Database
Published: about 2 months ago
High
GSA_kwCzR0hTQS1tajdxLWNtZjMtbWc3aM4AAnOV
Stored XSS vulnerability in Jenkins on new item page
Ecosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Published: about 1 year ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXY2NDgtcDkyZi05OTk2
Out-of-bounds write
Ecosystems: nuget
Packages: Microsoft.ChakraCore
Source: GitHub Advisory Database
Published: about 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW1ydmotN3E0Zi01cDQy
Cross-site scripting in eZ Platform Kernel
Ecosystems: packagist
Packages: ezsystems/ezplatform-kernel, ezsystems/ezpublish-kernel
Source: GitHub Advisory Database
Published: about 2 years ago
High
GSA_kwCzR0hTQS1xdjZmLXJjdjYtNnEzeM4AAnOP
Improper handling of REST API XML deserialization errors in Jenkins
Ecosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Published: about 1 year ago
High
GSA_kwCzR0hTQS13MmY0LWh4cG0tbXE5OM0XMw
bookstack is vulnerable to Unrestricted Upload of File with Dangerous Type
Ecosystems: packagist
Packages: ssddanbrown/bookstack
Source: GitHub Advisory Database
Published: over 1 year ago
High
GSA_kwCzR0hTQS00OTk5LTY1OXctbXEzNs0XMg
Authentication bypass issue in the Operator Console
Ecosystems: go
Packages: github.com/minio/console
Source: GitHub Advisory Database
Published: over 1 year ago
High
GSA_kwCzR0hTQS00Z2pyLXZnZngtOXF2d84AAwP5
AList vulnerable to Improper Preservation of Permissions
Ecosystems: go
Packages: github.com/alist-org/alist/v3
Source: GitHub Advisory Database
Published: 6 months ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJ4N3YtdzJtdi1mM3J4
Improper Authentication in Atlassian Connect Spring Boot
Ecosystems: maven
Packages: com.atlassian.connect:atlassian-connect-spring-boot
Source: GitHub Advisory Database
Published: almost 2 years ago
High
GSA_kwCzR0hTQS0zcnJ4LTM2NHItNndmNs4AAwPg
Cross-site Scripting in Jenkins Spring Config Plugin
Ecosystems: maven
Packages: io.jenkins.plugins:spring-config
Source: GitHub Advisory Database
Published: 6 months ago
High
GSA_kwCzR0hTQS04cjc2LWZyNzItajMyd84AAwRx
Creator Verification Error when Bubblegum Activate
Ecosystems: cargo
Packages: mpl-token-metadata, mpl-bubblegum
Source: GitHub Advisory Database
Published: 6 months ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTlyZjUtam02Zi0yZm1t
Active Record subject to strong parameters protection bypass
Ecosystems: rubygems
Packages: activerecord
Source: GitHub Advisory Database
Published: over 5 years ago
High
GSA_kwCzR0hTQS0yZzMyLTJqOHctMnFnZs4AAW48
Jenkins vSphere Plugin Cross-Site Request Forgery vulnerability
Ecosystems: maven
Packages: org.jenkins-ci.plugins:vsphere-cloud
Source: GitHub Advisory Database
Published: about 1 year ago
High
GSA_kwCzR0hTQS02NHdwLWpoOXAtNWNnMs4AAw6f
RSSHub SSRF vulnerability
Ecosystems: npm
Packages: rsshub
Source: GitHub Advisory Database
Published: 5 months ago
High
GSA_kwCzR0hTQS1oeHB3LTd4OTUtcTM4bc4AAYTu
Jenkins Pipeline: Input Step Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:pipeline-input-step
Source: GitHub Advisory Database
Published: about 1 year ago
High
GSA_kwCzR0hTQS00cjc4LWh4NzUtampqMs39zQ
golang.org/x/net/html has Improper Restriction of Operations within the Bounds of a Memory Buffer
Ecosystems: go
Packages: golang.org/x/net, golang.org/x/net/html
Source: GitHub Advisory Database
Published: about 1 year ago
High
GSA_kwCzR0hTQS1mdjNjLTZjdzctMnFjcc4AAYaF
Jenkins Poll SCM Plugin vulnerable to Cross-Site Request Forgery
Ecosystems: maven
Packages: org.jenkins-ci.plugins:pollscm
Source: GitHub Advisory Database
Published: about 1 year ago
High
GSA_kwCzR0hTQS1mY2Y5LTZmdjItZmM1ds39nQ
golang.org/x/net/html has Improper Restriction of Operations within the Bounds of a Memory Buffer
Ecosystems: go
Packages: golang.org/x/net, golang.org/x/net/html
Source: GitHub Advisory Database
Published: about 1 year ago
High
GSA_kwCzR0hTQS04Mjk0LW12OWMtN201aM4AAts5
Stored XSS vulnerability in Jenkins Maven Metadata Plugin for Jenkins CI server plugin
Ecosystems: maven
Packages: eu.markov.jenkins.plugin.mvnmeta:maven-metadata-plugin
Source: GitHub Advisory Database
Published: 10 months ago
High
GSA_kwCzR0hTQS1wZzVwLXd3cDgtOTdnOM4AAy3v
Debug mode leaks confidential data in Cilium
Ecosystems: go
Packages: github.com/cilium/cilium
Source: GitHub Advisory Database
Published: about 2 months ago
Filter by Package
tensorflow 109 tensorflow-cpu 96 tensorflow-gpu 94 Microsoft.ChakraCore 66 org.jenkins-ci.main:jenkins-core 45 com.fasterxml.jackson.core:jackson-databind 43 microweber/microweber 23 org.apache.tomcat:tomcat 23 com.thoughtworks.xstream:xstream 22 opencv-python 22 opencv-contrib-python 22 Pillow 20 org.apache.struts:struts2-core 18 pimcore/pimcore 18 nokogiri 17 openssl-src 17 org.jenkins-ci.plugins:script-security 14 parse-server 14 org.apache.nifi:nifi 14 rdiffweb 14 django 14 activerecord 13 thorsten/phpmyfaq 13 ansible 13 rubygems-update 13 org.apache.openmeetings:openmeetings-parent 12 pocketmine/pocketmine-mp 12 golang.org/x/net 11 librenms/librenms 11 apache-airflow 11 io.undertow:undertow-core 11 Microsoft.AspNetCore.App.Runtime.osx-x64 11 Microsoft.AspNetCore.App.Runtime.win-arm 11 Microsoft.AspNetCore.App.Runtime.win-x64 11 Microsoft.AspNetCore.App.Runtime.win-x86 11 Microsoft.AspNetCore.App.Runtime.linux-arm 11 Microsoft.AspNetCore.App.Runtime.linux-musl-arm64 11 Microsoft.AspNetCore.App.Runtime.linux-x64 11 Microsoft.AspNetCore.App.Runtime.linux-musl-x64 11 Microsoft.AspNetCore.App.Runtime.linux-arm64 11 moodle/moodle 11 vyper 11 actionpack 11 org.springframework:spring-core 11 org.apache.tomcat.embed:tomcat-embed-core 10 github.com/usememos/memos 10 org.keycloak:keycloak-core 10 org.apache.solr:solr-core 9 Microsoft.AspNetCore.App.Runtime.win-arm64 9 electron 9 org.bouncycastle:bcprov-jdk14 9 rusqlite 9 org.apache.hadoop:hadoop-main 8 org.apache.geode:geode-core 8 github.com/hashicorp/nomad 8 Plone 8 openmage/magento-lts 8 org.springframework.security:spring-security-core 8 github.com/rancher/rancher 8 org.bouncycastle:bcprov-jdk15 8 net.mingsoft:ms-mcms 8 shopware/platform 8 october/system 8 typo3/cms-core 8 tar 7 Microsoft.AspNetCore.App.Runtime.linux-musl-arm 7 org.jenkins-ci.plugins.workflow:workflow-cps-global-lib 7 shopware/core 7 dolibarr/dolibarr 7 cobbler 7 strapi 7 nilsteampassnet/teampass 7 snipe/snipe-it 6 golang.org/x/net/html 6 craftcms/cms 6 github.com/hashicorp/consul 6 com.liferay.portal:release.portal.bom 6 opencv-contrib-python-headless 6 opencv-python-headless 6 ckb 6 Microsoft.NETCore.App 6 handlebars 6 cakephp/cakephp 6 golang.org/x/crypto 6 org.xwiki.platform:xwiki-platform-oldcore 6 sequelize 6 org.apache.cxf:cxf 6 Microsoft.AspNetCore.All 6 org.eclipse.jetty:jetty-server 6 npm 6 org.elasticsearch:elasticsearch 6 drupal/core 6 @openzeppelin/contracts 6 github.com/argoproj/argo-cd 6 guzzlehttp/guzzle 6 gogs.io/gogs 6 Django 6 waitress 6 org.apache.tika:tika-core 6 org.apache.camel:camel-core 6 github.com/docker/docker 6 sized-chunks 6 DotNetNuke.Core 6 github.com/sylabs/singularity 5 org.jenkins-ci.plugins.workflow:workflow-cps 5 concrete5/concrete5 5 org.craftercms:crafter-studio 5 org.apache.mesos:mesos 5 org.apache.xmlgraphics:batik 5 Microsoft.AspNetCore.App.Runtime.osx-arm64 5 phpmailer/phpmailer 5 matrix-js-sdk 5 org.keycloak:keycloak-parent 5 froxlor/froxlor 5 matrix-synapse 5 mautic/core 5 laravel/framework 5 org.xwiki.platform:xwiki-platform-web 5 OPCFoundation.NetStandard.Opc.Ua.Core 5 kiwitcms 5 Microsoft.AspNetCore.App 5 org.apache.commons:commons-compress 5 wwbn/avideo 5 symfony/symfony 5 @openzeppelin/contracts-upgradeable 5 qs 5 smarty/smarty 5 forkcms/forkcms 5 marked 5 next 5 github.com/tidwall/gjson 5 @strapi/strapi 5 com.vaadin:vaadin-bom 5 deno 5 github.com/pomerium/pomerium 5 twisted 5 serve 5 rack 4 Zope 4 org.jenkins-ci.plugins:pipeline-maven 4 pear/archive_tar 4 org.biouno:uno-choice 4 ezsystems/ezpublish-kernel 4 Microsoft.AspNetCore.Mvc.Core 4 total.js 4 github.com/ethereum/go-ethereum 4 org.apache.hadoop:hadoop-common 4 pillow 4 github.com/opencontainers/runc 4 baserproject/basercms 4 hummus 4 muhammara 4 Microsoft.NETCore.App.Runtime.linux-x64 4 Microsoft.NETCore.App.Runtime.linux-musl-x64 4 Microsoft.NETCore.App.Runtime.linux-arm64 4 Microsoft.NETCore.App.Runtime.linux-arm 4 Microsoft.NETCore.App.Runtime.linux-musl-arm64 4 Microsoft.NETCore.App.Runtime.win-x86 4 Microsoft.NETCore.App.Runtime.win-x64 4 Microsoft.NETCore.App.Runtime.win-arm 4 Microsoft.NETCore.App.Runtime.osx-x64 4 Microsoft.NETCore.App.Runtime.win-arm64 4 ua-parser-js 4 org.postgresql:postgresql 4 github.com/hyperledger/fabric 4 org.xwiki.platform:xwiki-platform-web-templates 4 CefSharp.Wpf 4 CefSharp.Wpf.HwndHost 4 CefSharp.WinForms 4 CefSharp.Common 4 com.xuxueli:xxl-job 4 org.dspace:dspace-jspui 4 org.apache.hive:hive 4 getgrav/grav 4 org.apache.tomcat:tomcat-catalina 4 apache-superset 4 info.magnolia:magnolia-core 4 auth0-js 4 libpulse-binding 4 remdex/livehelperchat 4 org.apache.cxf:apache-cxf 4 org.apache.hive:hive-exec 4 nltk 4 showdoc/showdoc 4 github.com/traefik/traefik/v2 4 inventree 4 commons-fileupload:commons-fileupload 4 io.atomix:atomix 4 centreon/centreon 4 ckeditor4 4 github.com/beego/beego/v2 4 org.codehaus.jettison:jettison 4 org.apache.zeppelin:zeppelin 4 org.apache.activemq:activemq-client 4 prismjs 4 cachethq/cachet 4 express-cart 4 highcharts 3 actionview 3 symfony/security-http 3 org.apache.struts:struts2-rest-plugin 3 ids-enterprise 3 localhost-now 3 org.apache.hive:hive-service 3 rendertron 3 org.jenkins-ci.plugins:autocomplete-parameter 3 openssl 3 ecstatic 3 flask 3 github.com/hashicorp/go-getter/gcs/v2 3 github.com/hashicorp/go-getter 3 github.com/hashicorp/go-getter/s3/v2 3 github.com/hashicorp/go-getter/v2 3 org.jeecgframework.boot:jeecg-boot-base 3 org.apache.syncope:syncope-core 3 prestashop/prestashop 3 com.google.protobuf:protobuf-java 3 org.apache.shenyu:shenyu-common 3 swift 3 protobuf 3 org.jenkins-ci.plugins:junit 3 Microsoft.WindowsDesktop.App.Runtime.win-x64 3 com.xebialabs.deployit.ci:deployit-plugin 3 Flask-AppBuilder 3 org.jenkins-ci.plugins:pipeline-input-step 3 github.com/cilium/cilium 3 shescape 3 simple-git 3 de.tum.in.ase:artemis-java-test-sandbox 3 org.jenkins-ci.plugins:sinatra-chef-builder 3 Microsoft.AspNetCore.Mvc.Cors 3 System.Net.Http 3 github.com/beego/beego 3 github.com/russellhaering/gosaml2 3 plone.app.event 3 yarn 3 @hapi/subtext 3 plone.app.theming 3 plone.app.dexterity 3 Microsoft.AspNetCore.Server.Kestrel.Core 3 plone.supermodel 3 subtext 3 Microsoft.NETCore.App.Runtime.rhel.6-x64 3 com.compuware.jenkins:compuware-topaz-for-total-test 3 generator-jhipster 3 OctoPrint 3 org.craftercms:craftercms 3 org.apache.iotdb:iotdb-parent 3 github.com/cri-o/cri-o 3 node-opcua 3 github.com/fluxcd/flux2 3 illuminate/database 3 org.yaml:snakeyaml 3 notrinos/notrinos-erp 3 getkirby/cms 3 apache-avro 3 org.apache.shiro:shiro-core 3 contao/core-bundle 3 systeminformation 3 matrix-sydent 3 org.apache.tapestry:tapestry-core 3 org.jenkins-ci.plugins:recipe 3 Microsoft.NetCore.App.Runtime.win-arm 3 Microsoft.NetCore.App.Runtime.win-x64 3 Microsoft.NetCore.App.Runtime.win-x86 3 Microsoft.NetCore.App.Runtime.win-arm64 3 elefant/cms 3 calibreweb 3 io.netty:netty-handler 3 next-auth 3 org.apache.thrift:libthrift 3 org.apache.cxf.fediz:fediz-spring2 3 salt 3 lodash 3 pyftpdlib 3 onionshare-cli 3 org.wildfly.security:wildfly-elytron 3 pysaml2 3 hermes-engine 3 org.jenkins-ci.plugins:matrix-project 3 moment 3 github.com/argoproj/argo-cd/v2 3 convert-svg-core 3 arrow 3 modoboa 3 org.apache.karaf:apache-karaf 3 istio.io/istio 3 francoisjacquet/rosariosis 3 python-gnupg 3 notebook 3 kevinpapst/kimai2 3 org.apache.storm:storm-core 3 github.com/nats-io/nats-server/v2 3 composer/composer 3 github.com/gravitl/netmaker 3 org.jenkins-ci.plugins:scriptler 3 puma 3 github.com/crypto-org-chain/cronos 3 django-helpdesk 3 org.jboss.resteasy:resteasy-bom 3