Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

High Security Advisories

Loading...
High
GSA_kwCzR0hTQS1taGZ2LThyYzktdzM4Y801_g
Arbitrary shell execution
Ecosystems: packagist
Packages: squizlabs/php_codesniffer
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS1qYzM2LTQyY2YtdnF3as018g
Nokogiri affected by zlib's Out-of-bounds Write vulnerability
Ecosystems: rubygems
Packages: nokogiri
Source: GitHub Advisory Database
Blast Radius: 45.3
Published: about 2 years ago
High
GSA_kwCzR0hTQS14Z3gyLTMzMmgtOXg2cc011w
SQL Injection in Yeswiki
Ecosystems: packagist
Packages: yeswiki/yeswiki
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS1ycjhtLTI5ZzgtOGNnY8017g
SQL Injection in Fork CMS
Ecosystems: packagist
Packages: forkcms/forkcms
Source: GitHub Advisory Database
Blast Radius: 5.3
Published: about 2 years ago
High
GSA_kwCzR0hTQS1oMmZ3LTkzcXgtdnJjcc01vg
SQL Injection in Moodle
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 12.5
Published: about 2 years ago
High
GSA_kwCzR0hTQS02OXAzLXhwMzctZjY5Ms015g
Improper Certificate Validation in kubeclient
Ecosystems: rubygems
Packages: kubeclient
Source: GitHub Advisory Database
Blast Radius: 25.2
Published: about 2 years ago
High
GSA_kwCzR0hTQS1wNzM3LXA1N2ctNGNwcs01tA
Insertion of Sensitive Information into Log File in Jupyter notebook
Ecosystems: pypi
Packages: jupyter-server
Source: GitHub Advisory Database
Blast Radius: 29.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS1xODYzLWNjaG0tYzZjNs01ig
SQL Injection in Fork CMS
Ecosystems: packagist
Packages: forkcms/forkcms
Source: GitHub Advisory Database
Blast Radius: 4.5
Published: about 2 years ago
High
GSA_kwCzR0hTQS1yOWNyLWh2amotNDk2ds01gg
Path traversal and improper access control allows leaking out-of-bound files from Argo CD repo-server
Ecosystems: go
Packages: github.com/argoproj/argo-cd
Source: GitHub Advisory Database
Blast Radius: 11.5
Published: about 2 years ago
High
GSA_kwCzR0hTQS12dmZmLTZ3cnItNGc3cc01ZQ
Missing Authentication for Critical Function in Foreman Ansible
Ecosystems: rubygems
Packages: foreman_ansible
Source: GitHub Advisory Database
Blast Radius: 4.9
Published: about 2 years ago
High
GSA_kwCzR0hTQS05bTg3LTZmajMtYzV4aM01Lg
Untrusted Search Path in PNPM
Ecosystems: npm
Packages: pnpm
Source: GitHub Advisory Database
Blast Radius: 30.5
Published: about 2 years ago
High
GSA_kwCzR0hTQS0zcXI2LXFycW0tOHY4Ns01Kw
Integer Overflow or Wraparound in Microweber
Ecosystems: packagist
Packages: microweber/microweber
Source: GitHub Advisory Database
Blast Radius: 5.2
Published: about 2 years ago
High
GSA_kwCzR0hTQS14cDgyLWptdzgtbWp4cM01LQ
Unrestricted Upload of File with Dangerous Type in ShowDoc
Ecosystems: packagist
Packages: showdoc/showdoc
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS01dzljLXJ2OTYtZnI3Z801FQ
Removal of functional code in faker.js
Ecosystems: npm
Packages: faker
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS02OXdwLXh3bTctNjl3bc01DA
Exposure of Resource to Wrong Sphere in ThinkPHP Framework
Ecosystems: packagist
Packages: topthink/framework
Source: GitHub Advisory Database
Blast Radius: 26.3
Published: about 2 years ago
High
GSA_kwCzR0hTQS1oZjhjLXhyODktdmZtNc00_w
Command Injection in ungit
Ecosystems: npm
Packages: ungit
Source: GitHub Advisory Database
Blast Radius: 12.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS1tZjc5LWY2NTctNDd3d800zA
Insufficient Session Expiration in Admidio
Ecosystems: packagist
Packages: admidio/admidio
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS04YzI2LXdtaDUtNmc5ds00tw
golang.org/x/crypto/ssh Denial of service via crafted Signer
Ecosystems: go
Packages: golang.org/x/crypto
Source: GitHub Advisory Database
Blast Radius: 40.7
Published: about 2 years ago
High
GSA_kwCzR0hTQS1qeDhmLWNweDctZnY0N800LQ
Allocation of Resources Without Limits or Throttling in nvflare
Ecosystems: pypi
Packages: nvflare
Source: GitHub Advisory Database
Blast Radius: 12.3
Published: about 2 years ago
High
GSA_kwCzR0hTQS1mOHhxLXE3cHgtd2c4Y800Kw
Improper Neutralization of Formula Elements in a CSV File in Gradio Flagging
Ecosystems: pypi
Packages: gradio
Source: GitHub Advisory Database
Blast Radius: 35.8
Published: about 2 years ago
High
GSA_kwCzR0hTQS14NGpnLW1qcngtNDM0Z800KQ
Improper Verification of Cryptographic Signature in node-forge
Ecosystems: npm
Packages: node-forge
Source: GitHub Advisory Database
Blast Radius: 48.6
Published: about 2 years ago
High
GSA_kwCzR0hTQS1jZm00LXFqaDItNDc2Nc00KA
Improper Verification of Cryptographic Signature in node-forge
Ecosystems: npm
Packages: node-forge
Source: GitHub Advisory Database
Blast Radius: 48.6
Published: about 2 years ago
High
GSA_kwCzR0hTQS00NmM1LXBmajgtZnY2Nc00Jw
Improperly checked metadata on tools/armour itemstacks received from the client
Ecosystems: packagist
Packages: pocketmine/pocketmine-mp
Source: GitHub Advisory Database
Blast Radius: 15.6
Published: about 2 years ago
High
GSA_kwCzR0hTQS00ZjdwLTI3amMtM2MzNs00Jg
HTTP Request Smuggling in waitress
Ecosystems: pypi
Packages: waitress
Source: GitHub Advisory Database
Blast Radius: 33.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS1qM2ZmLXhwNmMtNmdjY800JQ
Failure to validate signature during handshake
Ecosystems: npm
Packages: @chainsafe/libp2p-noise
Source: GitHub Advisory Database
Blast Radius: 23.5
Published: about 2 years ago
High
GSA_kwCzR0hTQS0zN2c3LTh2amotcGpwas00JA
RESTEasy 4.5.5.Final in hash flooding
Ecosystems: maven
Packages: org.jboss.resteasy:resteasy-bom
Source: GitHub Advisory Database
Blast Radius: 18.8
Published: about 2 years ago
High
GSA_kwCzR0hTQS1wNmo4LWhndjUtbTM1Z800Iw
Uncontrolled Resource Consumption in jboss-remoting
Ecosystems: maven
Packages: org.jboss.remoting:jboss-remoting
Source: GitHub Advisory Database
Blast Radius: 20.7
Published: about 2 years ago
High
GSA_kwCzR0hTQS1tOWNqLXY1NWYtOHgyNs00HA
Authentication Bypass in keycloak
Ecosystems: maven
Packages: org.keycloak:keycloak-core
Source: GitHub Advisory Database
Blast Radius: 26.9
Published: about 2 years ago
High
GSA_kwCzR0hTQS1mbTM1LWpnZzMtM2dyeM00Gg
NaN/INF in serverbound movement packets can crash clients and servers
Ecosystems: packagist
Packages: pocketmine/pocketmine-mp
Source: GitHub Advisory Database
Blast Radius: 15.6
Published: about 2 years ago
High
GSA_kwCzR0hTQS1naG04LW1teDcteHZnMs00GQ
Information Exposure in Apache Tapestry
Ecosystems: maven
Packages: org.apache.tapestry:tapestry-core
Source: GitHub Advisory Database
Blast Radius: 21.6
Published: about 2 years ago
High
GSA_kwCzR0hTQS0zcmozLXFwMmotNGZqMs00Fw
Cross-Site Request Forgery in Jenkins P4 Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:p4
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS13ZnhwLTRxZ3ctcXAzY800Fg
XML external entity (XXE) attacks in Jenkins Xcode integration Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:xcode-plugin
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS02eHA2LWZtYzgtcG1tcs00FA
Temporary Directory Hijacking Vulnerability in Keycloak
Ecosystems: maven
Packages: org.keycloak:keycloak-core
Source: GitHub Advisory Database
Blast Radius: 22.4
Published: about 2 years ago
High
GSA_kwCzR0hTQS0ydjgyLTU3NDYtdndxY800Ew
XSS in doc_link
Ecosystems: packagist
Packages: vrana/adminer
Source: GitHub Advisory Database
Blast Radius: 14.8
Published: about 2 years ago
High
GSA_kwCzR0hTQS12cmNjLWc2dmotbWg1d800DQ
Denial of service in go-ethereum
Ecosystems: go
Packages: github.com/ethereum/go-ethereum
Source: GitHub Advisory Database
Blast Radius: 28.8
Published: about 2 years ago
High
GSA_kwCzR0hTQS1meDk1LTg4M3YtNHE0aM0z9A
Path traversal in github.com/valyala/fasthttp
Ecosystems: go
Packages: github.com/valyala/fasthttp
Source: GitHub Advisory Database
Blast Radius: 33.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS04bTJmLTc0cjIteDNmMs0z7Q
Code injection in accesslog
Ecosystems: npm
Packages: accesslog
Source: GitHub Advisory Database
Blast Radius: 7.4
Published: about 2 years ago
High
GSA_kwCzR0hTQS05dnAzLTdxd3EtODNyOc0zpw
Server-Side Request Forgery in FUXA
Ecosystems: npm
Packages: @frangoteam/fuxa
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS0zMmo5LTZxcW0tbXE5Z80zSA
Unhandled case in node-lmdb
Ecosystems: npm
Packages: node-lmdb
Source: GitHub Advisory Database
Blast Radius: 16.2
Published: about 2 years ago
High
GSA_kwCzR0hTQS1ocmY0LWhjcGMtMzM0Nc0zLg
Denial of service in microweber
Ecosystems: packagist
Packages: microweber/microweber
Source: GitHub Advisory Database
Blast Radius: 5.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS01Znh2LXh4NXAtZzJmds0zEA
Integer Overflow in microweber
Ecosystems: packagist
Packages: microweber/microweber
Source: GitHub Advisory Database
Blast Radius: 5.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS14M21oLWp2anctM3h3eM0zKw
openssl-src's infinite loop in `BN_mod_sqrt()` reachable when parsing certificates
Ecosystems: cargo
Packages: openssl-src
Source: GitHub Advisory Database
Blast Radius: 26.7
Published: about 2 years ago
High
GSA_kwCzR0hTQS14M20zLWc4dzYtbWYyOM0y-w
Agent-to-controller security bypass in Jenkins Semantic Versioning Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:semantic-versioning-plugin
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS1yNmhoLTVnM3Etd3dnY80zGg
Stored Cross-site Scripting in grav
Ecosystems: packagist
Packages: getgrav/grav
Source: GitHub Advisory Database
Blast Radius: 6.8
Published: about 2 years ago
High
GSA_kwCzR0hTQS1oMnY1LTNocGMtODVqNc0zIg
Stored Cross-site Scripting vulnerability in Jenkins Extended Choice Parameter Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:extended-choice-parameter
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS1wdjRtLTdjNjgtZjRjNc0y_A
CSRF vulnerability in Jenkins CloudBees AWS Credentials Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:aws-credentials
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS12cTZjLWZ2eHctcDQ1ds0zFg
CSRF vulnerability in Jenkins kubernetes-cd Plugin allow capturing credentials
Ecosystems: maven
Packages: org.jenkins-ci.plugins:kubernetes-cd
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS03OTRqLWh4OTYtNHczbc0zCg
CSRF vulnerability and missing permission checks in Jenkins kubernetes-cd Plugin allow capturing credentials
Ecosystems: maven
Packages: org.jenkins-ci.plugins:kubernetes-cd
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS0zNWg5LWg0MzktdnZtcs0zBg
Stored Cross-site Scripting vulnerability in Jenkins Environment Dashboard Plugin
Ecosystems: maven
Packages: io.jenkins.plugins:environment-dashboard
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS1wNHYyLXI5OXYtd2pjMs0y8w
Nicotine+ DoS on Null Character in Download Request
Ecosystems: pypi
Packages: nicotine-plus
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS02eDJtLXc0NDktcXd4N80y7g
Code Injection in CRI-O
Ecosystems: go
Packages: github.com/cri-o/cri-o
Source: GitHub Advisory Database
Blast Radius: 15.7
Published: about 2 years ago
High
GSA_kwCzR0hTQS1yam1xLTZ2NTUtNHJqds0y6w
Improper Authorization in org.cometd.oort
Ecosystems: maven
Packages: org.cometd.java:cometd-java-oort
Source: GitHub Advisory Database
Blast Radius: 11.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS1tdjJ3LTRqcWMtNmZnNM0yoA
Command injection in libvcs and vcspull
Ecosystems: pypi
Packages: vcspull, libvcs
Source: GitHub Advisory Database
Blast Radius: 5.7
Published: about 2 years ago
High
GSA_kwCzR0hTQS1ndzVoLWg2aGotZjU2Z80ymw
Gogs vulnerable to improper PAM authorization handling
Ecosystems: go
Packages: gogs.io/gogs
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS1tZjN2LWYycXEtcGY5Z80ylg
Insufficient Session Expiration in Sylius
Ecosystems: packagist
Packages: sylius/sylius
Source: GitHub Advisory Database
Blast Radius: 20.4
Published: about 2 years ago
High
GSA_kwCzR0hTQS0yY3Y2LTY0MzctMzlwMs0yfQ
Cross-site Scripting in microweber
Ecosystems: packagist
Packages: microweber/microweber
Source: GitHub Advisory Database
Blast Radius: 3.4
Published: about 2 years ago
High
GSA_kwCzR0hTQS1oZ2d2LW1jcDQtdnhjNc0ydA
Improper Authentication in FreeTAKServer
Ecosystems: pypi
Packages: FreeTAKServer
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: about 2 years ago
High
GSA_kwCzR0hTQS05OTg4LWY4OG0tbXI0Ms0ycg
Exposure of Sensitive Information to an Unauthorized Actor in FreeTAKServer-UI
Ecosystems: pypi
Packages: FreeTAKServer-UI
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS1mODk3LTg3NXAtMjN4N80ycA
Hard coded credentials in FreeTAKServer
Ecosystems: pypi
Packages: FreeTAKServer
Source: GitHub Advisory Database
Blast Radius: 2.6
Published: about 2 years ago
High
GSA_kwCzR0hTQS01N2oyLXc0Y3gtNjJoMs0ybA
Deeply nested json in jackson-databind
Ecosystems: maven
Packages: com.fasterxml.jackson.core:jackson-databind
Source: GitHub Advisory Database
Blast Radius: 40.4
Published: about 2 years ago
High
GSA_kwCzR0hTQS1jMzgzLXE1dmYtaHg1Nc0yaw
Integer Overflow or Wraparound in Microweber
Ecosystems: packagist
Packages: microweber/microweber
Source: GitHub Advisory Database
Blast Radius: 5.2
Published: about 2 years ago
High
GSA_kwCzR0hTQS1tM3h2LXgzcGgtbXEyMs0yUg
Server-side Template Injection in nystudio107/craft-seomatic
Ecosystems: packagist
Packages: nystudio107/craft-seomatic
Source: GitHub Advisory Database
Blast Radius: 20.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS00cXhjLXF4cnAtMzNjd80yRA
Moodle denial-of-service risk in the draft files area
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 10.6
Published: about 2 years ago
High
GSA_kwCzR0hTQS0zZjk1LXI0NHYtOG1yZ80ySg
Command injection in simple-git
Ecosystems: npm
Packages: simple-git
Source: GitHub Advisory Database
Blast Radius: 40.3
Published: about 2 years ago
High
GSA_kwCzR0hTQS1ydm1jLThnbWctZ2dxcs0yYw
Moodle Blind SQL injection possible via MNet authentication
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 10.2
Published: about 2 years ago
High
GSA_kwCzR0hTQS1tY2c2LWgzNjItY21xNc0yIQ
Improper Authorization in cobbler
Ecosystems: pypi
Packages: cobbler
Source: GitHub Advisory Database
Blast Radius: 8.5
Published: about 2 years ago
High
GSA_kwCzR0hTQS05cnI2LWpwZzctOWpnNs0yFQ
Authentication Bypass by Capture-replay in Apache Spark
Ecosystems: pypi, maven
Packages: pyspark, org.apache.spark:spark-core
Source: GitHub Advisory Database
Blast Radius: 29.5
Published: about 2 years ago
High
GSA_kwCzR0hTQS1qcjljLWg3NGYtMnYyOM0yEw
Gitea Missing Authorization vulnerability
Ecosystems: go
Packages: code.gitea.io/gitea
Source: GitHub Advisory Database
Blast Radius: 11.2
Published: about 2 years ago
High
GSA_kwCzR0hTQS14Mjh3LWh2d2MtbXA3Nc0yEQ
Static Code Injection in Microweber
Ecosystems: packagist
Packages: microweber/microweber
Source: GitHub Advisory Database
Blast Radius: 5.4
Published: about 2 years ago
High
GSA_kwCzR0hTQS12eDhxLWo3aDktdmY2cc0xuQ
Exposure of Sensitive Information to an Unauthorized Actor in PhpMyAdmin
Ecosystems: packagist
Packages: phpmyadmin/phpmyadmin
Source: GitHub Advisory Database
Blast Radius: 8.8
Published: about 2 years ago
High
GSA_kwCzR0hTQS1wbTNoLW1tNjItcHdtOM0xYw
XML Entity Expansion in trytond and proteus
Ecosystems: pypi
Packages: proteus, trytond
Source: GitHub Advisory Database
Blast Radius: 17.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS00cHd3LWZxZ2gtMzZoas0xVA
Unrestricted Upload of File with Dangerous Type in Croogo
Ecosystems: packagist
Packages: croogo/croogo
Source: GitHub Advisory Database
Blast Radius: 14.5
Published: about 2 years ago
High
GSA_kwCzR0hTQS02aDNtLTM2dzgtaHY2OM0xNA
Arbitrary file write in nats-server
Ecosystems: go
Packages: github.com/nats-io/nats-streaming-server, github.com/nats-io/nats-server/v2
Source: GitHub Advisory Database
Blast Radius: 28.6
Published: about 2 years ago
High
GSA_kwCzR0hTQS00Y3g2LWZqN2otcGp4Oc0xMw
Code injection in Stripe CLI on windows
Ecosystems: go
Packages: github.com/stripe/stripe-cli
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS1xOXFjLXBwNXgtbWM4Y80xKg
Improper Neutralization of Special Elements Used in a Template Engine in microweber
Ecosystems: packagist
Packages: microweber/microweber
Source: GitHub Advisory Database
Blast Radius: 6.2
Published: about 2 years ago
High
GSA_kwCzR0hTQS03NXA3LTUyN3Atdzh3cM0w2w
Server-Side Request Forgery and Open Redirect in AllTube Download
Ecosystems: packagist
Packages: rudloff/alltube
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS1tNXBxLWd2ajktOXZyOM0wwA
Rust's regex crate vulnerable to regular expression denial of service
Ecosystems: cargo
Packages: regex
Source: GitHub Advisory Database
Blast Radius: 36.6
Published: about 2 years ago
High
GSA_kwCzR0hTQS01amdxLXg4NTctcDh4d80wjQ
Account compromise in Evmos
Ecosystems: go
Packages: github.com/tharsis/evmos
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS1wdngzLWdtM2MtZ21wcs0wcQ
Denial of Service in Go-Ethereum
Ecosystems: go
Packages: github.com/ethereum/go-ethereum
Source: GitHub Advisory Database
Blast Radius: 28.8
Published: about 2 years ago
High
GSA_kwCzR0hTQS12bWY3LWhtaDYtdnY1N80wbw
Denial of Service in Go-Ethereum
Ecosystems: go
Packages: github.com/ethereum/go-ethereum
Source: GitHub Advisory Database
Blast Radius: 28.8
Published: about 2 years ago
High
GSA_kwCzR0hTQS05Y2MzLTV3ODUtcHh2eM0wVQ
Cross Site Request Forgery in intelliants/subrion
Ecosystems: packagist
Packages: intelliants/subrion
Source: GitHub Advisory Database
Blast Radius: 5.3
Published: about 2 years ago
High
GSA_kwCzR0hTQS1oMmc1LTJyaHgtZmZnas0wSw
Command injection in Weblate
Ecosystems: pypi
Packages: Weblate
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS0zODcyLWY0OHAtcHhxas0wPw
Improper Neutralization of Special Elements used in a Command ('Command Injection') in Weblate
Ecosystems: pypi
Packages: Weblate
Source: GitHub Advisory Database
Blast Radius: 2.6
Published: about 2 years ago
High
GSA_kwCzR0hTQS1xMjRoLTVycTMtNjNqOc0wAw
Incorrect Authorization in @uppy/companion
Ecosystems: npm
Packages: @uppy/companion
Source: GitHub Advisory Database
Blast Radius: 14.4
Published: about 2 years ago
High
GSA_kwCzR0hTQS1tcTQ3LTZ3d3Ytdjc5d80wHQ
Path traversal in claircore
Ecosystems: go
Packages: github.com/quay/claircore
Source: GitHub Advisory Database
Blast Radius: 10.6
Published: about 2 years ago
High
GSA_kwCzR0hTQS1mbXg0LTI2cjMtd3hwZs0v8A
Integer overflow in cmark-gfm table parsing extension leads to heap memory corruption
Ecosystems: rubygems
Packages: commonmarker
Source: GitHub Advisory Database
Blast Radius: 48.4
Published: about 2 years ago
High
GSA_kwCzR0hTQS12M3dyLTY3cHgtNDR4Z80v7Q
Execution with Unnecessary Privileges in arc-electron
Ecosystems: npm
Packages: @advanced-rest-client/base
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS1ydjZyLTNmNXEtOXJneM0v7A
Twisted SSH client and server deny of service during SSH handshake.
Ecosystems: pypi
Packages: twisted
Source: GitHub Advisory Database
Blast Radius: 29.5
Published: about 2 years ago
High
GSA_kwCzR0hTQS00MnFtLWMzY2YtOXd2Ms0vxw
Code injection in dolibarr/dolibarr
Ecosystems: packagist
Packages: dolibarr/dolibarr
Source: GitHub Advisory Database
Blast Radius: 6.8
Published: about 2 years ago
High
GSA_kwCzR0hTQS1jbTl3LWM0cmotcjJjZs0vug
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in view_component
Ecosystems: rubygems
Packages: view_component
Source: GitHub Advisory Database
Blast Radius: 26.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS1jcnAyLXFycjUtOHBxN80vuQ
containerd CRI plugin: Insecure handling of image volumes
Ecosystems: go
Packages: github.com/containerd/containerd
Source: GitHub Advisory Database
Blast Radius: 33.2
Published: about 2 years ago
High
GSA_kwCzR0hTQS03cjc5LW1ycDYtOG1occ0vkw
Rate limit missing in microweber
Ecosystems: packagist
Packages: microweber/microweber
Source: GitHub Advisory Database
Blast Radius: 5.2
Published: about 2 years ago
High
GSA_kwCzR0hTQS13NmN4LXFnMnEtcnZxOM0vhg
Path Traversal in @finastra/ssr-pages
Ecosystems: npm
Packages: @finastra/ssr-pages
Source: GitHub Advisory Database
Blast Radius: 5.9
Published: about 2 years ago
High
GSA_kwCzR0hTQS0yajZ2LXhwZjMteHZyds0vfA
Use of Externally-Controlled Format String in wire-avs
Ecosystems: maven
Packages: com.wire:avs
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS0zMzgyLXI5cTgtNGhmZ80vag
HashiCorp Nomad vulnerable to Allocation of Resources Without Limits or Throttling
Ecosystems: go
Packages: github.com/hashicorp/nomad
Source: GitHub Advisory Database
Blast Radius: 17.4
Published: about 2 years ago
High
GSA_kwCzR0hTQS1qOGpwLTl4NDItNHBqNc0vKQ
Unrestricted Upload of File with Dangerous Type in MODX Revolution
Ecosystems: packagist
Packages: modx/revolution
Source: GitHub Advisory Database
Blast Radius: 5.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS0zdjdnLTRwZzMtN3I2as0vDg
OS Command injection in Apache Airflow
Ecosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Blast Radius: 28.1
Published: about 2 years ago
High
GSA_kwCzR0hTQS00Mjg0LXgyNnItNGhoY80vIw
Cross Site Request Forgery in Apache JSPWiki
Ecosystems: maven
Packages: org.apache.jspwiki:jspwiki-main
Source: GitHub Advisory Database
Blast Radius: 11.4
Published: about 2 years ago
High
GSA_kwCzR0hTQS1mcTQyLWM1cmctOTJjMs0u1A
Vulnerable dependencies in Nokogiri
Ecosystems: rubygems
Packages: nokogiri
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS1tZjIyLTkycG0tbThwOM0u0w
Cross site scripting in @awsui/components-react
Ecosystems: npm
Packages: @awsui/components-react
Source: GitHub Advisory Database
Blast Radius: 16.2
Published: about 2 years ago
Statistics
Advisories: 18,592
Packages: 8,342
Repositories: 2,453
Ecosystems: 12
Filter by Severity
Moderate 8,063 High 6,401 Critical 2,824 Low 1,012
Filter by Ecosystem
maven 1,876 npm 1,408 pypi 1,198 packagist 1,025 nuget 786 go 695 cargo 324 rubygems 284 swift 16 hex 9 actions 8 pub 4
Filter by Package
Microsoft.ChakraCore 234 tensorflow 107 tensorflow-cpu 95 tensorflow-gpu 93 magento/community-edition 55 org.jenkins-ci.main:jenkins-core 48 moodle/moodle 44 com.fasterxml.jackson.core:jackson-databind 43 org.apache.tomcat:tomcat 33 dolibarr/dolibarr 31 drupal/core 28 microweber/microweber 27 pimcore/pimcore 27 nokogiri 25 drupal/drupal 24 phpmyadmin/phpmyadmin 23 org.apache.struts:struts2-core 23 opencv-python 22 opencv-contrib-python 22 com.thoughtworks.xstream:xstream 22 typo3/cms 22 Pillow 21 com.jfinal:jfinal 21 ansible 20 salt 20 django 19 thorsten/phpmyfaq 19 github.com/rancher/rancher 19 org.jenkins-ci.plugins:script-security 18 librenms/librenms 18 typo3/cms-core 18 Plone 17 openssl-src 17 pocketmine/pocketmine-mp 17 mlflow 17 org.apache.tomcat.embed:tomcat-embed-core 16 apache-airflow 16 symfony/symfony 16 rdiffweb 15 getgrav/grav 15 nilsteampassnet/teampass 15 parse-server 15 centreon/centreon 14 vyper 14 net.mingsoft:ms-mcms 14 Microsoft.AspNetCore.App.Runtime.win-x64 14 Microsoft.AspNetCore.App.Runtime.win-x86 14 github.com/hashicorp/consul 14 rubygems-update 13 github.com/usememos/memos 13 golang.org/x/net 13 Microsoft.AspNetCore.App.Runtime.win-arm 13 Microsoft.AspNetCore.App.Runtime.win-arm64 12 baserproject/basercms 12 Microsoft.AspNetCore.App.Runtime.osx-x64 12 Microsoft.AspNetCore.App.Runtime.linux-x64 12 Microsoft.AspNetCore.App.Runtime.linux-musl-x64 12 activerecord 12 Microsoft.AspNetCore.App.Runtime.linux-musl-arm64 12 Microsoft.AspNetCore.App.Runtime.linux-arm64 12 electron 12 Microsoft.AspNetCore.App.Runtime.linux-arm 12 org.keycloak:keycloak-core 12 org.apache.openmeetings:openmeetings-parent 12 actionpack 11 github.com/nats-io/nats-server/v2 11 mautic/core 11 intelliants/subrion 11 github.com/hashicorp/vault 11 io.undertow:undertow-core 11 github.com/argoproj/argo-cd 11 org.keycloak:keycloak-parent 11 Django 10 cockpit-hq/cockpit 10 github.com/hashicorp/nomad 10 openmage/magento-lts 10 shopware/platform 10 matrix-synapse 10 org.xwiki.platform:xwiki-platform-oldcore 10 org.apache.nifi:nifi 10 keystone 10 cobbler 10 org.springframework.security:spring-security-core 10 froxlor/froxlor 10 org.apache.geode:geode-core 9 ckb 9 Microsoft.NetCore.App.Runtime.win-x86 9 github.com/ethereum/go-ethereum 9 org.apache.struts.xwork:xwork-core 9 org.apache.solr:solr-core 9 org.cloudfoundry.identity:cloudfoundry-identity-server 9 org.bouncycastle:bcprov-jdk14 9 mercurial 9 Microsoft.NetCore.App.Runtime.win-arm64 9 Microsoft.NetCore.App.Runtime.win-arm 9 rusqlite 9 Microsoft.NetCore.App.Runtime.win-x64 9 craftcms/cms 9 org.apache.hadoop:hadoop-main 9 Microsoft.NETCore.App.Runtime.win-x86 8 org.keycloak:keycloak-services 8 shopware/core 8 github.com/sylabs/singularity 8 gradio 8 Microsoft.AspNetCore.App.Runtime.linux-musl-arm 8 october/system 8 Microsoft.NETCore.App.Runtime.win-arm64 8 Microsoft.NETCore.App.Runtime.win-x64 8 org.bouncycastle:bcprov-jdk15 8 cakephp/cakephp 7 org.elasticsearch:elasticsearch 7 magento/core 7 org.eclipse.jetty:jetty-server 7 github.com/docker/docker 7 pillow 7 phpmailer/phpmailer 7 DotNetNuke.Core 7 com.xuxueli:xxl-job 7 apache-superset 7 smarty/smarty 7 symfony/security 7 cn.hutool:hutool-core 7 next 7 strapi 7 deno 7 codeigniter4/framework 7 snipe/snipe-it 7 org.apache.inlong:manager-pojo 7 com.liferay.portal:release.portal.bom 7 org.jenkins-ci.plugins.workflow:workflow-cps-global-lib 7 tar 7 org.craftercms:crafter-studio 7 org.apache.commons:commons-compress 7 org.springframework:spring-core 7 gogs.io/gogs 7 org.jenkins-ci.plugins.workflow:workflow-cps 7 handlebars 6 sequelize 6 rack 6 org.apache.cxf:cxf 6 kiwitcms 6 Microsoft.AspNetCore.App.Runtime.osx-arm64 6 laravel/framework 6 github.com/grafana/grafana 6 k8s.io/kubernetes 6 cryptography 6 org.apache.tomcat:tomcat-coyote 6 express-cart 6 sized-chunks 6 github.com/hyperledger/fabric 6 contao/core-bundle 6 contao/contao 6 @openzeppelin/contracts 6 waitress 6 Microsoft.NETCore.App 6 guzzlehttp/guzzle 6 de.tum.in.ase:artemis-java-test-sandbox 6 github.com/zitadel/zitadel 6 org.apache.tika:tika-core 6 github.com/traefik/traefik/v2 6 org.apache.camel:camel-core 6 github.com/gravitl/netmaker 6 composer/composer 6 prestashop/prestashop 6 @strapi/strapi 6 symfony/security-http 6 nautobot 6 wwbn/avideo 6 opencv-contrib-python-headless 6 npm 6 istio.io/istio 6 Microsoft.AspNetCore.All 6 opencv-python-headless 6 golang.org/x/crypto 6 directus 5 org.apache.mesos:mesos 5 github.com/IBAX-io/go-ibax 5 org.apache.tomcat:tomcat-catalina 5 github.com/cilium/cilium 5 plone 5 Microsoft.AspNetCore.App 5 matrix-js-sdk 5 org.xwiki.platform:xwiki-platform-web 5 github.com/nats-io/jwt 5 zope 5 ua-parser-js 5 github.com/go-gitea/gitea 5 CefSharp.Common 5 Microsoft.WindowsDesktop.App.Runtime.win-x86 5 Microsoft.WindowsDesktop.App.Runtime.win-x64 5 getkirby/cms 5 statamic/cms 5 github.com/opencontainers/runc 5 github.com/answerdev/answer 5 twisted 5 code.gitea.io/gitea 5 org.apache.dolphinscheduler:dolphinscheduler 5 serve 5 forkcms/forkcms 5 passenger 5
Filter by Repository
https://github.com/chakra-core/ChakraCore 204 https://github.com/tensorflow/tensorflow 107 https://github.com/xwiki/xwiki-platform 48 https://github.com/FasterXML/jackson-databind 44 https://github.com/jenkinsci/jenkins 36 https://github.com/apache/tomcat 34 https://github.com/python-pillow/Pillow 26 https://github.com/pimcore/pimcore 25 https://github.com/microweber/microweber 25 https://github.com/apache/airflow 25 https://github.com/moodle/moodle 24 https://github.com/django/django 24 https://github.com/keycloak/keycloak 22 https://github.com/x-stream/xstream 22 https://github.com/apache/struts 22 https://github.com/opencv/opencv 21 https://github.com/sparklemotion/nokogiri 20 https://github.com/Dolibarr/dolibarr 19 https://github.com/thorsten/phpmyfaq 18 https://github.com/dotnet/runtime 17 https://github.com/pmmp/PocketMine-MP 17 https://github.com/symfony/symfony 16 https://github.com/spring-projects/spring-framework 16 https://github.com/rancher/rancher 16 https://github.com/parse-community/parse-server 15 https://github.com/ikus060/rdiffweb 15 https://github.com/ansible/ansible 15 https://github.com/vyperlang/vyper 14 https://github.com/librenms/librenms 14 https://github.com/apache/inlong 14 https://github.com/github/advisory-database 14 https://github.com/usememos/memos 13 https://github.com/jenkinsci/script-security-plugin 13 https://github.com/getgrav/grav 13 https://github.com/rails/rails 12 https://github.com/mlflow/mlflow 12 https://github.com/hashicorp/consul 11 https://github.com/apache/nifi 11 https://github.com/electron/electron 11 https://github.com/mautic/mautic 11 https://github.com/argoproj/argo-cd 10 https://github.com/centreon/centreon 10 https://github.com/octobercms/october 10 https://github.com/OpenMage/magento-lts 10 https://github.com/go-gitea/gitea 10 https://github.com/openstack/keystone 9 https://github.com/kubernetes/kubernetes 9 https://github.com/strapi/strapi 9 https://github.com/rusqlite/rusqlite 9 https://github.com/golang/go 9 https://github.com/apache/camel 9 https://github.com/cui2shark/cms 9 https://github.com/cloudfoundry/uaa 9 https://github.com/nilsteampassnet/teampass 9 https://github.com/nervosnetwork/ckb 9 https://github.com/cockpit-hq/cockpit 8 https://github.com/shopware/platform 8 https://github.com/matrix-org/synapse 8 https://github.com/gradio-app/gradio 8 https://github.com/TYPO3/TYPO3.CMS 8 https://github.com/bcgit/bc-java 8 https://github.com/cobbler/cobbler 8 https://github.com/denoland/deno 8 https://github.com/nats-io/nats-server 8 https://github.com/DSpace/DSpace 7 https://github.com/netty/netty 7 https://github.com/apache/cxf 7 https://github.com/plone/Products.CMFPlone 7 https://github.com/rubygems/rubygems 7 https://github.com/dotnet/aspnetcore 7 https://github.com/hashicorp/vault 7 https://github.com/snipe/snipe-it 7 https://github.com/eclipse/jetty.project 7 https://github.com/spring-projects/spring-security 7 https://github.com/apache/activemq 7 https://github.com/undertow-io/undertow 7 https://github.com/PHPMailer/PHPMailer 7 https://github.com/DrunkenShells/Disclosures 6 https://github.com/nilsteampassnet/TeamPass 6 https://github.com/istio/istio 6 https://github.com/WWBN/AVideo 6 https://github.com/TYPO3/typo3 6 https://github.com/kiwitcms/Kiwi 6 https://github.com/sequelize/sequelize 6 https://github.com/guzzle/guzzle 6 https://github.com/phpmyadmin/phpmyadmin 6 https://github.com/gravitl/netmaker 6 https://github.com/intelliants/subrion 6 https://github.com/saltstack/salt 6 https://github.com/xuxueli/xxl-job 6 https://github.com/zitadel/zitadel 6 https://github.com/CVEProject/cvelist 6 https://github.com/dnnsoftware/Dnn.Platform 6 https://github.com/OPCFoundation/UA-.NETStandard 6 https://github.com/Pylons/waitress 6 https://github.com/backstage/backstage 6 https://github.com/ls1intum/Ares 6 https://github.com/npm/node-tar 6 https://github.com/PaddlePaddle/Paddle 6 https://github.com/pyca/cryptography 6 https://github.com/opencast/opencast 6 https://github.com/OpenNMS/opennms 6 https://github.com/magento/magento2 6 https://github.com/hyperledger/fabric 6 https://github.com/bodil/sized-chunks 6 https://github.com/dromara/hutool 6 https://github.com/contao/contao 6 https://github.com/nautobot/nautobot 6 https://github.com/OpenZeppelin/openzeppelin-contracts 6 https://github.com/smarty-php/smarty 6 https://github.com/froxlor/froxlor 6 https://github.com/directus/directus 5 https://github.com/cilium/cilium 5 https://github.com/PrestaShop/PrestaShop 5 https://github.com/gogs/gogs 5 https://github.com/codeigniter4/CodeIgniter4 5 https://github.com/aubio/aubio 5 https://github.com/cakephp/cakephp 5 https://github.com/drupal/core 5 https://github.com/apache/kylin 5 https://github.com/getkirby/kirby 5 https://github.com/pear/Archive_Tar 5 https://github.com/protocolbuffers/protobuf 5 https://github.com/apache/hadoop 5 https://github.com/ethereum/go-ethereum 5 https://github.com/zopefoundation/Zope 5 https://github.com/geoserver/geoserver 5 https://github.com/laravel/framework 5 https://github.com/faisalman/ua-parser-js 5 https://github.com/docker/docker 5 https://github.com/IBAX-io/go-ibax 5 https://github.com/answerdev/answer 5 https://github.com/apache/dolphinscheduler 5 https://github.com/composer/composer 5 https://github.com/twisted/twisted 5 https://github.com/matrix-org/matrix-js-sdk 5 https://github.com/vercel/next.js 5 https://github.com/cefsharp/CefSharp 5 https://github.com/grafana/grafana 5 https://github.com/forkcms/forkcms 5 https://github.com/BlackFan/client-side-prototype-pollution 5 https://github.com/traefik/traefik 5 https://github.com/apache/xmlgraphics-batik 5 https://github.com/hpcng/singularity 5 https://github.com/jenkinsci/workflow-cps-global-lib-plugin 4 https://github.com/pimcore/admin-ui-classic-bundle 4 https://github.com/free5gc/free5gc 4 https://github.com/yiisoft/yii2 4 https://github.com/ericcornelissen/shescape 4 https://github.com/0xJacky/nginx-ui 4 https://github.com/livehelperchat/livehelperchat 4 https://github.com/scrapy/scrapy 4 https://github.com/tidwall/gjson 4 https://github.com/playframework/playframework 4 https://github.com/wixtoolset/issues 4 https://github.com/cri-o/cri-o 4 https://github.com/surrealdb/surrealdb 4 https://github.com/igniterealtime/Openfire 4 https://github.com/npm/cli 4 https://github.com/quarkusio/quarkus 4 https://github.com/ckeditor/ckeditor4 4 https://github.com/nightcloudos/new_cms 4 https://github.com/nocodb/nocodb 4 https://github.com/totaljs/framework 4 https://github.com/apple/swift-nio-http2 4 https://github.com/RaspAP/raspap-webgui 4 https://github.com/kubernetes/ingress-nginx 4 https://github.com/jettison-json/jettison 4 https://github.com/Froxlor/Froxlor 4 https://github.com/PrismJS/prism 4 https://github.com/ethyca/fides 4 https://github.com/restlet/restlet-framework-java 4 https://github.com/statamic/cms 4 https://github.com/vantage6/vantage6 4 https://github.com/containers/podman 4 https://github.com/bolt/bolt 4 https://github.com/containers/buildah 4 https://github.com/opencontainers/runc 4 https://github.com/phpseclib/phpseclib 4 https://github.com/centreon/centreon-archived 4 https://github.com/hashicorp/nomad 4 https://github.com/fiveai/Cachet 4 https://github.com/baserproject/basercms 4 https://github.com/jhipster/generator-jhipster 4 https://github.com/cloudflare/cfrpki 4 https://github.com/apache/geode 4 https://github.com/libp2p/go-libp2p 4 https://github.com/jnqnfe/pulse-binding-rust 4 https://github.com/pgadmin-org/pgadmin4 4 https://github.com/jeecgboot/jeecg-boot 4 https://github.com/Codiad/Codiad 4 https://github.com/nextauthjs/next-auth 3 https://github.com/pf4j/pf4j 3 https://github.com/dotnet/sdk 3 https://github.com/infor-design/enterprise-ng 3 https://github.com/ming-soft/MCMS 3 https://github.com/openfga/openfga 3 https://github.com/microsoft/msquic 3 https://github.com/edgelesssys/constellation 3