Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

High Security Advisories

Loading...
High
GSA_kwCzR0hTQS1nNGgyLTR3dmgtZ3JjNc0fhA
Uncontrolled Resource Consumption in simple_asn1
Ecosystems: cargo
Packages: simple_asn1
Source: GitHub Advisory Database
Blast Radius: 26.3
Published: over 2 years ago
High
GSA_kwCzR0hTQS1mZzdyLTJnNGotNWNncs0fhg
Race Condition in tokio
Ecosystems: cargo
Packages: tokio
Source: GitHub Advisory Database
Blast Radius: 38.3
Published: over 2 years ago
High
GSA_kwCzR0hTQS14cmczLWhtZjMtcnZnd80ehg
Path Traversal in rust-embed
Ecosystems: cargo
Packages: rust-embed
Source: GitHub Advisory Database
Blast Radius: 24.0
Published: over 2 years ago
High
GSA_kwCzR0hTQS1jbThnLTU0NGYtcDl4Oc0ehw
Use After Free in rusqlite
Ecosystems: cargo
Packages: rusqlite
Source: GitHub Advisory Database
Blast Radius: 25.9
Published: over 2 years ago
High
GSA_kwCzR0hTQS05MmN4LTR4bTctanI5bc0eiQ
Use After Free in rusqlite
Ecosystems: cargo
Packages: rusqlite
Source: GitHub Advisory Database
Blast Radius: 25.9
Published: over 2 years ago
High
GSA_kwCzR0hTQS1mNmYyLTN3MzMtNTRyOc0eig
Use After Free in rusqlite
Ecosystems: cargo
Packages: rusqlite
Source: GitHub Advisory Database
Blast Radius: 25.9
Published: over 2 years ago
High
GSA_kwCzR0hTQS1nNGc0LTNwcXctOG03Zs0egw
Use After Free in rusqlite
Ecosystems: cargo
Packages: rusqlite
Source: GitHub Advisory Database
Blast Radius: 25.9
Published: over 2 years ago
High
GSA_kwCzR0hTQS00cXIzLW03d3ctaGg5Z80ehA
Use After Free in rusqlite
Ecosystems: cargo
Packages: rusqlite
Source: GitHub Advisory Database
Blast Radius: 25.9
Published: over 2 years ago
High
GSA_kwCzR0hTQS04N3hoLTlxNmgtcjVjY80ehQ
Use After Free in rusqlite
Ecosystems: cargo
Packages: rusqlite
Source: GitHub Advisory Database
Blast Radius: 25.9
Published: over 2 years ago
High
GSA_kwCzR0hTQS1nODdyLTIzdnctN2Y4N80egg
Use After Free in rusqlite
Ecosystems: cargo
Packages: rusqlite
Source: GitHub Advisory Database
Blast Radius: 25.9
Published: over 2 years ago
High
GSA_kwCzR0hTQS1xNjc0LXhtM3gtMjkyNs0eag
Uncontrolled Resource Consumption in parse-link-header
Ecosystems: npm
Packages: parse-link-header
Source: GitHub Advisory Database
Blast Radius: 31.4
Published: over 2 years ago
High
GSA_kwCzR0hTQS1qY3hjLXJoNnctd2Y0Oc0eaw
Link Following in Iris
Ecosystems: go
Packages: github.com/kataras/iris, github.com/kataras/iris/v12
Source: GitHub Advisory Database
Blast Radius: 27.1
Published: over 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJmbXAtanZyNy1oeDc4
Inadequate Encryption Strength in Apache NiFi
Ecosystems: maven
Packages: org.apache.nifi:nifi
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTNwcDMtNzdqNi04cGg2
Missing Authentication for Critical Function in Apache NiFi
Ecosystems: maven
Packages: org.apache.nifi:nifi
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWc2NDQtcHI1di12cHBm
Insertion of Sensitive Information into Log File in Apache NiFi Stateless
Ecosystems: maven
Packages: org.apache.nifi:nifi-stateless
Source: GitHub Advisory Database
Blast Radius: 7.8
Published: over 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTdxOGctZ3BmcC12OGd4
Insertion of Sensitive Information into Log File in Apache NiFi
Ecosystems: maven
Packages: org.apache.nifi:nifi-security-utils, org.apache.nifi:nifi-framework-core
Source: GitHub Advisory Database
Blast Radius: 14.8
Published: over 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJoNjMtcXA2OS1md3Z3
Server-side request forgery (SSRF) in Apache Batik
Ecosystems: maven
Packages: org.apache.xmlgraphics:batik-svgbrowser
Source: GitHub Advisory Database
Blast Radius: 4.9
Published: over 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTg5N20tcmpmNS1qcDM5
Prototype Pollution in copy-props
Ecosystems: npm
Packages: copy-props
Source: GitHub Advisory Database
Blast Radius: 38.3
Published: over 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTU5ajQtd2p3cC1tdzlt
Sandbox Bypass in Apache Velocity Engine
Ecosystems: maven
Packages: org.apache.velocity:velocity, org.apache.velocity:velocity-engine-parent
Source: GitHub Advisory Database
Blast Radius: 38.8
Published: over 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTRqZjUtamdncC1nNTZq
Cross-Site Request Forgery in com.softwaremill.akka-http-session:core_2.12
Ecosystems: maven
Packages: com.softwaremill.akka-http-session:core_2.12
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
High
GSA_kwCzR0hTQS1wM3JwLXZtajktZ3Y2ds0g-Q
Incorrect sanitisation function leads to `XSS` in mermaid
Ecosystems: npm
Packages: mermaid
Source: GitHub Advisory Database
Blast Radius: 29.7
Published: over 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXdjNmYtY2pjcC1jYzMz
Improper Certificate Validation in Apache IoTDB
Ecosystems: maven
Packages: org.apache.iotdb:iotdb-parent
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWhqZ20tZjd2eC1tNWc3
Deserialization of Untrusted Data in Apache Heron
Ecosystems: maven
Packages: org.apache.heron:heron-simulator
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTl4OWotODM2dy04ZjU1
Incorrect Calculation in the MSR JavaScript Cryptography Library
Ecosystems: npm
Packages: msrcrypto
Source: GitHub Advisory Database
Blast Radius: 28.1
Published: over 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWM3ZmgtY2hmNy1qcjV4
ReDOS in Vfsjfilechooser2
Ecosystems: maven
Packages: com.github.fracpete:vfsjfilechooser2
Source: GitHub Advisory Database
Blast Radius: 7.5
Published: over 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWcyM3YtcDVqcS1qdmg0
Infinite loop in Apache CFX
Ecosystems: maven
Packages: org.apache.cxf:cxf, org.apache.cxf:apache-cxf
Source: GitHub Advisory Database
Blast Radius: 15.5
Published: over 2 years ago
High
GSA_kwCzR0hTQS04M3g0LTljd3ItNTQ4N80gtA
Improper Authorization in Keycloak
Ecosystems: maven
Packages: org.keycloak:keycloak-services
Source: GitHub Advisory Database
Blast Radius: 24.2
Published: over 2 years ago
High
GSA_kwCzR0hTQS01cTdxLXFxdzItaGpxN80gtQ
AjaxNetProfessional deserializes arbitrary JavaScript objects
Ecosystems: nuget
Packages: AjaxNetProfessional
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
High
GSA_kwCzR0hTQS1mODU0LWhweHYtY3c5cs0gtw
Drainage of FeeCollector's Block Transaction Fees in cronos
Ecosystems: go
Packages: github.com/tharsis/ethermint, github.com/tharsis/evmos, github.com/crypto-org-chain/cronos
Source: GitHub Advisory Database
Blast Radius: 12.5
Published: over 2 years ago
High
GSA_kwCzR0hTQS1mOG02LWgyYzctOGg5eM0g4Q
Inefficient Regular Expression Complexity in nltk (word_tokenize, sent_tokenize)
Ecosystems: pypi
Packages: nltk
Source: GitHub Advisory Database
Blast Radius: 35.7
Published: over 2 years ago
High
GSA_kwCzR0hTQS1tdmZmLWgzY2otd2o5Y80g4w
Unprivileged pod using `hostPath` can side-step active LSM when it is SELinux
Ecosystems: go
Packages: github.com/containerd/containerd
Source: GitHub Advisory Database
Blast Radius: 35.8
Published: over 2 years ago
High
GSA_kwCzR0hTQS1oeDc3LTVwODgtZjkycs0dFA
livehelperchat is vulnerable to Cross-Site Request Forgery (CSRF)
Ecosystems: packagist
Packages: remdex/livehelperchat
Source: GitHub Advisory Database
Blast Radius: 6.2
Published: over 2 years ago
High
GSA_kwCzR0hTQS00dzIzLWM5N2ctZnE1ds0dFQ
snipe-it is vulnerable to Cross-Site Request Forgery (CSRF)
Ecosystems: packagist
Packages: snipe/snipe-it
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
High
GSA_kwCzR0hTQS1oajNtLXY3NTgtand4Nc0c2w
Path Traversal in http-server-node
Ecosystems: npm
Packages: http-server-node
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
High
GSA_kwCzR0hTQS1tOGd3LWhqcHItcmp2N80c4A
Prototype Pollution in dojo
Ecosystems: npm
Packages: dojo
Source: GitHub Advisory Database
Blast Radius: 24.7
Published: over 2 years ago
High
GSA_kwCzR0hTQS12YzNwLTI5aDItZ3BjcM0gJw
golang.org/x/net/http2 allows uncontrolled memory consumption
Ecosystems: go
Packages: golang.org/x/net/http2
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXc2djItcWNobS1ncmo3
Insecure permissions on user namespace / fakeroot temporary rootfs in Singularity
Ecosystems: go
Packages: github.com/sylabs/singularity
Source: GitHub Advisory Database
Blast Radius: 7.3
Published: over 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTU1N2ctcjIydy05d3Z4
Incorrect Permission Assignment for Critical Resource in Singularity
Ecosystems: go
Packages: github.com/sylabs/singularity
Source: GitHub Advisory Database
Blast Radius: 7.9
Published: over 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZ3N2ctcDRqaC1yZjky
"Verify All" Returns Success Despite Validation Failures in Singularity
Ecosystems: go
Packages: github.com/sylabs/singularity
Source: GitHub Advisory Database
Blast Radius: 6.8
Published: over 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXBtZnItNjNjMi1qcjVj
Execution Control List (ECL) Is Insecure in Singularity
Ecosystems: go
Packages: github.com/sylabs/singularity
Source: GitHub Advisory Database
Blast Radius: 6.8
Published: over 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXEzajUtMzJtNS01OGMy
Privilege Elevation in runc
Ecosystems: go
Packages: github.com/opencontainers/runc
Source: GitHub Advisory Database
Blast Radius: 34.6
Published: over 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJybTgtMzJnNC13OG0z
Cross-site Request Forgery (CSRF)
Ecosystems: go
Packages: github.com/bitly/oauth2_proxy
Source: GitHub Advisory Database
Blast Radius: 2.6
Published: over 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWo3cHgtNmh3ai1ocGpn
Open Redirect in OAuth2 Proxy
Ecosystems: go
Packages: github.com/oauth2-proxy/oauth2-proxy
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
High
GSA_kwCzR0hTQS1wNnhjLXhyNjItNnIyZ80dEw
Apache Log4j2 vulnerable to Improper Input Validation and Uncontrolled Recursion
Ecosystems: maven
Packages: org.apache.logging.log4j:log4j-core
Source: GitHub Advisory Database
Blast Radius: 42.3
Published: over 2 years ago
High
GSA_kwCzR0hTQS1xajI3LTMyd3AtZ2hyZ80c2Q
Pyo Buffer Overflow Vulnerability
Ecosystems: pypi
Packages: pyo
Source: GitHub Advisory Database
Blast Radius: 13.7
Published: over 2 years ago
High
GSA_kwCzR0hTQS0zdzZwLThmODItZ3c4cs0c1Q
Using JMSAppender in log4j configuration may lead to deserialization of untrusted data
Ecosystems: maven
Packages: ru.yandex.clickhouse:clickhouse-jdbc-bridge
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
High
GSA_kwCzR0hTQS03ZnIyLTk0aDctY2NnMs0crQ
An issue in Atomix v3.1.5 allows unauthorized Atomix nodes to join a target cluster via providing configuration information.
Ecosystems: maven
Packages: io.atomix:atomix
Source: GitHub Advisory Database
Blast Radius: 14.4
Published: over 2 years ago
High
GSA_kwCzR0hTQS1tNGgzLTdtYzItdjI5Nc0crw
An issue in Atomix v3.1.5 allows a malicious Atomix node to remove states of ONOS storage via abuse of primitive operations.
Ecosystems: maven
Packages: io.atomix:atomix
Source: GitHub Advisory Database
Blast Radius: 15.5
Published: over 2 years ago
High
GSA_kwCzR0hTQS0yZnF3LTY4NGMtcHZwN80csg
An issue in Atomix v3.1.5 allows attackers to cause a denial of service (DoS) via false link event messages sent to a master ONOS node.
Ecosystems: maven
Packages: io.atomix:atomix
Source: GitHub Advisory Database
Blast Radius: 15.5
Published: over 2 years ago
High
GSA_kwCzR0hTQS00amhjLXdqcjMtcHdoMs0cqw
An issue in Atomix v3.1.5 allows unauthorized Atomix nodes to become the lead node.
Ecosystems: maven
Packages: io.atomix:atomix
Source: GitHub Advisory Database
Blast Radius: 14.4
Published: over 2 years ago
High
GSA_kwCzR0hTQS1xMzRoLTk3d2YtOHI4as0cqA
vault-cli contains possible RCE when reading user-defined data
Ecosystems: pypi
Packages: vault-cli
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
High
GSA_kwCzR0hTQS03djd3LWY3YzYtZjgyOc0cow
YetiForceCRM is vulnerable to Business Logic Errors because product amount can be a negative number
Ecosystems: packagist
Packages: yetiforce/yetiforce-crm
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXE2Z3EtOTk3dy1mNTVn
Infinite loop in xz
Ecosystems: go
Packages: github.com/ulikunitz/xz
Source: GitHub Advisory Database
Blast Radius: 31.7
Published: over 2 years ago
High
GSA_kwCzR0hTQS1oeDZnLXE5djIteGg3ds0ZFw
Information exposure in elgg
Ecosystems: packagist
Packages: elgg/elgg
Source: GitHub Advisory Database
Blast Radius: 10.1
Published: over 2 years ago
High
GSA_kwCzR0hTQS14cTU4LTY5aDItNzY1bc0ZAQ
Cross Site Request Forgery in mailman
Ecosystems: pypi
Packages: mailman
Source: GitHub Advisory Database
Blast Radius: 10.6
Published: over 2 years ago
High
GSA_kwCzR0hTQS03cnBqLWhnNDctY3g2Ms0auA
Improper Restriction of XML External Entity Reference in com.h2database:h2.
Ecosystems: maven
Packages: com.h2database:h2
Source: GitHub Advisory Database
Blast Radius: 44.0
Published: over 2 years ago
High
GSA_kwCzR0hTQS1jNjl3LWpqNTYtODM0d80bUg
Improper Certificate Validation and Improper Validation of Certificate with Host Mismatch in Apache Sling Commons Messaging Mail
Ecosystems: maven
Packages: org.apache.sling:org.apache.sling.commons.messaging.mail
Source: GitHub Advisory Database
Blast Radius: 5.2
Published: over 2 years ago
High
GSA_kwCzR0hTQS04NHB4LXE2OHItMmZjOc0bsw
Privilege escalation in the Sulu Admin panel
Ecosystems: packagist
Packages: sulu/sulu
Source: GitHub Advisory Database
Blast Radius: 15.1
Published: over 2 years ago
High
GSA_kwCzR0hTQS12eDZqLXBqcmgtdmdqaM0bsg
PHP file inclusion in the Sulu admin panel
Ecosystems: packagist
Packages: sulu/sulu
Source: GitHub Advisory Database
Blast Radius: 18.1
Published: over 2 years ago
High
GSA_kwCzR0hTQS1nanJqLTlyajQtcGd3eM0bsQ
DoS Vulnerability from Upstream Actix Web Issues
Ecosystems: cargo
Packages: perseus-actix-web
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
High
GSA_kwCzR0hTQS1tbWpmLWY1anctdzcycc0bZA
Invalid handling of `X509_verify_cert()` internal errors in libssl
Ecosystems: cargo
Packages: openssl-src
Source: GitHub Advisory Database
Blast Radius: 26.7
Published: over 2 years ago
High
GSA_kwCzR0hTQS0yaGZqLWN4dzctZzQ1cM0bRg
Unsafe inline XSS in pasting DOM element into chat
Ecosystems: go
Packages: github.com/owncast/owncast
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
High
GSA_kwCzR0hTQS1oY3h4LW1wNmctNmdyOc0bPw
Opencast publishes global system account credentials
Ecosystems: maven
Packages: org.opencastproject:opencast-common
Source: GitHub Advisory Database
Blast Radius: 11.8
Published: over 2 years ago
High
GSA_kwCzR0hTQS1qNG1tLTdwajMtamY3ds0bQQ
HTTP Method Spoofing
Ecosystems: maven
Packages: org.opencastproject:opencast-common
Source: GitHub Advisory Database
Blast Radius: 11.8
Published: over 2 years ago
High
GSA_kwCzR0hTQS1waDk4LXY3OGYtanFybc0bPg
SQL injection in jackalope/jackalope-doctrine-dbal
Ecosystems: packagist
Packages: jackalope/jackalope-doctrine-dbal
Source: GitHub Advisory Database
Blast Radius: 23.2
Published: over 2 years ago
High
GSA_kwCzR0hTQS1mcDVyLXYzdzktNDMzM80bRA
JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data
Ecosystems: maven
Packages: org.zenframework.z8.dependencies.commons:log4j-1.2.17, log4j:log4j
Source: GitHub Advisory Database
Blast Radius: 40.3
Published: over 2 years ago
High
GSA_kwCzR0hTQS0yNzNyLXJtOGctN2YzeM0a1w
Uncaught Exception in mercurius
Ecosystems: npm
Packages: mercurius
Source: GitHub Advisory Database
Blast Radius: 19.0
Published: over 2 years ago
High
GSA_kwCzR0hTQS01NXg1LWZqNmMtaDZtOM0a1g
lxml's HTML Cleaner allows crafted and SVG embedded scripts to pass through
Ecosystems: pypi
Packages: lxml
Source: GitHub Advisory Database
Blast Radius: 41.5
Published: over 2 years ago
High
GSA_kwCzR0hTQS0zeHBoLWNwOGYtMjIyOc0aLw
Prototype Pollution in @fabiocaccamo/utils.js
Ecosystems: npm
Packages: @fabiocaccamo/utils.js
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
High
GSA_kwCzR0hTQS01NTNxLWhwdnAtcThwY80ZWw
Server-Side Request Forgery in snipe/snipe-it
Ecosystems: packagist
Packages: snipe/snipe-it
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
High
GSA_kwCzR0hTQS0yamhoLTV4bTItajRnZs0ZJw
Improper Authentication in HashiCorp Nomad
Ecosystems: go
Packages: github.com/hashicorp/nomad
Source: GitHub Advisory Database
Blast Radius: 20.4
Published: over 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXAzM20tN3c3Zi1nbWo4
Uncontrolled Resource Consumption in fun-map
Ecosystems: npm
Packages: fun-map
Source: GitHub Advisory Database
Blast Radius: 13.1
Published: over 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZtNWotdnFyNi12N3Y4
OS Command Injection in pixl-class
Ecosystems: npm
Packages: pixl-class
Source: GitHub Advisory Database
Blast Radius: 16.3
Published: over 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTdwcmYtdnc0cC1xcjU5
Prototype pollution in supermixer
Ecosystems: npm
Packages: supermixer
Source: GitHub Advisory Database
Blast Radius: 10.7
Published: over 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXI4ajUtaDVjeC02NWdn
ReDOS in IS-SVG
Ecosystems: npm
Packages: is-svg
Source: GitHub Advisory Database
Blast Radius: 47.0
Published: over 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTdxbTYtOXY0OS0zOG05
Prototype Pollution in record-like-deep-assign
Ecosystems: npm
Packages: record-like-deep-assign
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTV4angtNHhjbS1ocGNt
Prototype Pollution in ts-nodash
Ecosystems: npm
Packages: ts-nodash
Source: GitHub Advisory Database
Blast Radius: 3.5
Published: over 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWozNzctMng3Ni01NTho
Improper Input Validation in is-email
Ecosystems: npm
Packages: is-email
Source: GitHub Advisory Database
Blast Radius: 18.3
Published: over 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXE1d3ItZnZwcS1wNjdn
Integer Overflow in png-img
Ecosystems: npm
Packages: png-img
Source: GitHub Advisory Database
Blast Radius: 17.6
Published: over 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTQ5dnYtNnE3cS13NWNm
OS Command Injection in Strapi
Ecosystems: npm
Packages: strapi
Source: GitHub Advisory Database
Blast Radius: 26.1
Published: over 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTNoNjgtd3Z2Ni04cjVo
Improper Removal of Sensitive Information Before Storage or Transfer in Apache Jackrabbit Oak
Ecosystems: maven
Packages: org.apache.jackrabbit:oak-core
Source: GitHub Advisory Database
Blast Radius: 14.4
Published: over 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXY1MjUtYzNnNS1jZzlw
Unsafe Deserialization that can Result in Code Execution
Ecosystems: maven
Packages: com.rabbitmq.jms:rabbitmq-jms
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTc2cW0tNGY5My1mZzZm
Improper Input Validation in xdLocalStorage
Ecosystems: npm
Packages: xdLocalStorage
Source: GitHub Advisory Database
Blast Radius: 5.0
Published: over 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZyYzctNmc4dy1qaDU2
Improper Input Validation in xdLocalStorage
Ecosystems: npm
Packages: xdLocalStorage
Source: GitHub Advisory Database
Blast Radius: 5.0
Published: over 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXhtYzgtMjZxNC1xamh4
Denial of Service (DoS) in Jackson Dataformat CBOR
Ecosystems: maven
Packages: com.fasterxml.jackson.dataformat:jackson-dataformat-cbor
Source: GitHub Advisory Database
Blast Radius: 27.1
Published: over 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZmcXgtMzNxbS1nODY5
Unsafe Deserialization in jackson-databind
Ecosystems: maven
Packages: com.fasterxml.jackson.core:jackson-databind
Source: GitHub Advisory Database
Blast Radius: 43.6
Published: over 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXI2OTUtN3ZyOS1qZ2My
Unsafe Deserialization in jackson-databind
Ecosystems: maven
Packages: com.fasterxml.jackson.core:jackson-databind
Source: GitHub Advisory Database
Blast Radius: 43.6
Published: over 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWY5eGgtMnFncC1jcTU3
Unsafe Deserialization in jackson-databind
Ecosystems: maven
Packages: com.fasterxml.jackson.core:jackson-databind
Source: GitHub Advisory Database
Blast Radius: 43.6
Published: over 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTltNmYtN3hjcS04dmY4
Unsafe Deserialization in jackson-databind
Ecosystems: maven
Packages: com.fasterxml.jackson.core:jackson-databind
Source: GitHub Advisory Database
Blast Radius: 43.6
Published: over 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW02eDQtOTd3eC00cTI3
Unsafe Deserialization in jackson-databind
Ecosystems: maven
Packages: com.fasterxml.jackson.core:jackson-databind
Source: GitHub Advisory Database
Blast Radius: 43.6
Published: over 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLThjNGotMzRyNC14cjhn
Unsafe Deserialization in jackson-databind
Ecosystems: maven
Packages: com.fasterxml.jackson.core:jackson-databind
Source: GitHub Advisory Database
Blast Radius: 43.6
Published: over 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWN2bTktZmptOS0zNTcy
Unsafe Deserialization in jackson-databind
Ecosystems: maven
Packages: com.fasterxml.jackson.core:jackson-databind
Source: GitHub Advisory Database
Blast Radius: 43.6
Published: over 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTh3MjYtNmYyNS1jbTl4
Unsafe Deserialization in jackson-databind
Ecosystems: maven
Packages: com.fasterxml.jackson.core:jackson-databind
Source: GitHub Advisory Database
Blast Radius: 43.6
Published: over 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTlncGgtMjJ4aC04eDk4
Unsafe Deserialization in jackson-databind
Ecosystems: maven
Packages: com.fasterxml.jackson.core:jackson-databind
Source: GitHub Advisory Database
Blast Radius: 43.6
Published: over 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTg5cXItMzY5Zi01bTV4
Unsafe Deserialization in jackson-databind
Ecosystems: maven
Packages: com.fasterxml.jackson.core:jackson-databind
Source: GitHub Advisory Database
Blast Radius: 43.6
Published: over 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXFqdzItaHI5OC1xZ2Zo
Unsafe Deserialization in jackson-databind
Ecosystems: maven
Packages: com.fasterxml.jackson.core:jackson-databind
Source: GitHub Advisory Database
Blast Radius: 43.6
Published: over 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTVyNXItNmhwai04Z2c5
Serialization gadget exploit in jackson-databind
Ecosystems: maven
Packages: com.fasterxml.jackson.core:jackson-databind
Source: GitHub Advisory Database
Blast Radius: 43.6
Published: over 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXIzZ3ItY3hyZi1oZzI1
Serialization gadgets exploit in jackson-databind
Ecosystems: maven
Packages: com.fasterxml.jackson.core:jackson-databind
Source: GitHub Advisory Database
Blast Radius: 43.6
Published: over 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXdoOGctM2oyYy1ycWo1
Serialization gadgets exploit in jackson-databind
Ecosystems: maven
Packages: com.fasterxml.jackson.core:jackson-databind
Source: GitHub Advisory Database
Blast Radius: 43.6
Published: over 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWgzY3ctZzRtcS1jNXgy
Code Injection in jackson-databind
Ecosystems: maven
Packages: com.fasterxml.jackson.core:jackson-databind
Source: GitHub Advisory Database
Blast Radius: 43.6
Published: over 2 years ago
Statistics
Advisories: 18,152
Packages: 8,242
Repositories: 2,416
Ecosystems: 12
Filter by Severity
Moderate 7,822 High 6,289 Critical 2,788 Low 969
Filter by Ecosystem
maven 1,873 npm 1,397 pypi 1,119 packagist 1,012 nuget 785 go 687 cargo 322 rubygems 283 swift 16 hex 8 actions 8 pub 4
Filter by Package
Microsoft.ChakraCore 234 tensorflow 107 tensorflow-cpu 95 tensorflow-gpu 93 magento/community-edition 55 org.jenkins-ci.main:jenkins-core 48 com.fasterxml.jackson.core:jackson-databind 43 moodle/moodle 43 org.apache.tomcat:tomcat 33 dolibarr/dolibarr 29 microweber/microweber 27 pimcore/pimcore 27 nokogiri 25 drupal/core 24 org.apache.struts:struts2-core 23 phpmyadmin/phpmyadmin 23 com.thoughtworks.xstream:xstream 22 typo3/cms 22 opencv-python 22 opencv-contrib-python 22 com.jfinal:jfinal 21 Pillow 21 drupal/drupal 20 ansible 20 github.com/rancher/rancher 19 thorsten/phpmyfaq 19 django 19 typo3/cms-core 18 librenms/librenms 18 pocketmine/pocketmine-mp 17 org.jenkins-ci.plugins:script-security 17 openssl-src 17 mlflow 17 org.apache.tomcat.embed:tomcat-embed-core 16 apache-airflow 16 symfony/symfony 16 nilsteampassnet/teampass 15 parse-server 15 rdiffweb 15 vyper 14 centreon/centreon 14 Microsoft.AspNetCore.App.Runtime.win-x64 14 net.mingsoft:ms-mcms 14 salt 14 getgrav/grav 14 github.com/hashicorp/consul 14 Microsoft.AspNetCore.App.Runtime.win-x86 14 golang.org/x/net 13 Microsoft.AspNetCore.App.Runtime.win-arm 13 rubygems-update 13 github.com/usememos/memos 13 baserproject/basercms 12 Microsoft.AspNetCore.App.Runtime.osx-x64 12 Microsoft.AspNetCore.App.Runtime.linux-x64 12 activerecord 12 electron 12 Microsoft.AspNetCore.App.Runtime.win-arm64 12 Microsoft.AspNetCore.App.Runtime.linux-arm64 12 Microsoft.AspNetCore.App.Runtime.linux-musl-arm64 12 org.keycloak:keycloak-core 12 Microsoft.AspNetCore.App.Runtime.linux-musl-x64 12 org.apache.openmeetings:openmeetings-parent 12 Microsoft.AspNetCore.App.Runtime.linux-arm 12 mautic/core 11 actionpack 11 Plone 11 github.com/hashicorp/vault 11 github.com/argoproj/argo-cd 11 org.keycloak:keycloak-parent 11 io.undertow:undertow-core 11 github.com/nats-io/nats-server/v2 11 intelliants/subrion 11 org.apache.nifi:nifi 10 openmage/magento-lts 10 matrix-synapse 10 org.springframework.security:spring-security-core 10 org.xwiki.platform:xwiki-platform-oldcore 10 shopware/platform 10 cobbler 10 cockpit-hq/cockpit 10 github.com/hashicorp/nomad 10 froxlor/froxlor 10 rusqlite 9 org.apache.struts.xwork:xwork-core 9 Microsoft.NetCore.App.Runtime.win-arm64 9 Microsoft.NetCore.App.Runtime.win-x86 9 org.apache.solr:solr-core 9 org.apache.geode:geode-core 9 org.cloudfoundry.identity:cloudfoundry-identity-server 9 Django 9 Microsoft.NetCore.App.Runtime.win-x64 9 Microsoft.NetCore.App.Runtime.win-arm 9 craftcms/cms 9 ckb 9 org.bouncycastle:bcprov-jdk14 9 org.apache.hadoop:hadoop-main 9 gradio 8 org.bouncycastle:bcprov-jdk15 8 github.com/sylabs/singularity 8 october/system 8 github.com/ethereum/go-ethereum 8 Microsoft.AspNetCore.App.Runtime.linux-musl-arm 8 Microsoft.NETCore.App.Runtime.win-x86 8 shopware/core 8 org.keycloak:keycloak-services 8 Microsoft.NETCore.App.Runtime.win-x64 8 Microsoft.NETCore.App.Runtime.win-arm64 8 magento/core 7 smarty/smarty 7 org.jenkins-ci.plugins.workflow:workflow-cps-global-lib 7 apache-superset 7 cakephp/cakephp 7 org.jenkins-ci.plugins.workflow:workflow-cps 7 com.liferay.portal:release.portal.bom 7 org.eclipse.jetty:jetty-server 7 github.com/docker/docker 7 snipe/snipe-it 7 DotNetNuke.Core 7 cn.hutool:hutool-core 7 codeigniter4/framework 7 com.xuxueli:xxl-job 7 strapi 7 org.elasticsearch:elasticsearch 7 org.apache.commons:commons-compress 7 phpmailer/phpmailer 7 gogs.io/gogs 7 org.craftercms:crafter-studio 7 symfony/security 7 tar 7 pillow 7 org.springframework:spring-core 7 org.apache.tomcat:tomcat-coyote 6 opencv-python-headless 6 github.com/gravitl/netmaker 6 contao/contao 6 handlebars 6 prestashop/prestashop 6 github.com/zitadel/zitadel 6 wwbn/avideo 6 @openzeppelin/contracts 6 golang.org/x/crypto 6 Microsoft.NETCore.App 6 sequelize 6 org.apache.inlong:manager-pojo 6 Microsoft.AspNetCore.All 6 kiwitcms 6 github.com/traefik/traefik/v2 6 github.com/hyperledger/fabric 6 contao/core-bundle 6 k8s.io/kubernetes 6 @strapi/strapi 6 de.tum.in.ase:artemis-java-test-sandbox 6 sized-chunks 6 express-cart 6 laravel/framework 6 composer/composer 6 npm 6 org.apache.camel:camel-core 6 org.apache.cxf:cxf 6 rack 6 deno 6 opencv-contrib-python-headless 6 org.apache.tika:tika-core 6 waitress 6 symfony/security-http 6 cryptography 6 Microsoft.AspNetCore.App.Runtime.osx-arm64 6 istio.io/istio 6 github.com/opencontainers/runc 6 guzzlehttp/guzzle 6 @openzeppelin/contracts-upgradeable 5 plone 5 Microsoft.WindowsDesktop.App.Runtime.win-x64 5 org.xwiki.platform:xwiki-platform-web 5 Microsoft.WindowsDesktop.App.Runtime.win-x86 5 zope 5 phpbb/phpbb 5 statamic/cms 5 directus 5 CefSharp.Common 5 code.gitea.io/gitea 5 github.com/tidwall/gjson 5 twisted 5 ua-parser-js 5 github.com/answerdev/answer 5 aubio 5 genix/cms 5 pear/archive_tar 5 com.vaadin:vaadin-bom 5 getkirby/cms 5 github.com/nats-io/jwt 5 OPCFoundation.NetStandard.Opc.Ua.Core 5 matrix-js-sdk 5 passenger 5 github.com/go-gitea/gitea 5 Microsoft.AspNetCore.App 5 org.apache.dolphinscheduler:dolphinscheduler 5 forkcms/forkcms 5 github.com/IBAX-io/go-ibax 5 org.apache.tomcat:tomcat-catalina 5
Filter by Repository
https://github.com/chakra-core/ChakraCore 204 https://github.com/tensorflow/tensorflow 107 https://github.com/xwiki/xwiki-platform 48 https://github.com/FasterXML/jackson-databind 44 https://github.com/jenkinsci/jenkins 36 https://github.com/apache/tomcat 34 https://github.com/python-pillow/Pillow 26 https://github.com/apache/airflow 25 https://github.com/pimcore/pimcore 25 https://github.com/microweber/microweber 25 https://github.com/moodle/moodle 24 https://github.com/keycloak/keycloak 22 https://github.com/x-stream/xstream 22 https://github.com/apache/struts 22 https://github.com/opencv/opencv 21 https://github.com/django/django 20 https://github.com/sparklemotion/nokogiri 20 https://github.com/Dolibarr/dolibarr 18 https://github.com/thorsten/phpmyfaq 18 https://github.com/dotnet/runtime 17 https://github.com/pmmp/PocketMine-MP 17 https://github.com/spring-projects/spring-framework 16 https://github.com/rancher/rancher 16 https://github.com/symfony/symfony 16 https://github.com/parse-community/parse-server 15 https://github.com/ansible/ansible 15 https://github.com/ikus060/rdiffweb 15 https://github.com/github/advisory-database 14 https://github.com/librenms/librenms 14 https://github.com/vyperlang/vyper 14 https://github.com/apache/inlong 13 https://github.com/getgrav/grav 13 https://github.com/usememos/memos 13 https://github.com/jenkinsci/script-security-plugin 12 https://github.com/rails/rails 12 https://github.com/mlflow/mlflow 12 https://github.com/hashicorp/consul 11 https://github.com/electron/electron 11 https://github.com/apache/nifi 11 https://github.com/mautic/mautic 11 https://github.com/octobercms/october 10 https://github.com/centreon/centreon 10 https://github.com/OpenMage/magento-lts 10 https://github.com/go-gitea/gitea 10 https://github.com/argoproj/argo-cd 10 https://github.com/golang/go 9 https://github.com/strapi/strapi 9 https://github.com/rusqlite/rusqlite 9 https://github.com/cui2shark/cms 9 https://github.com/apache/camel 9 https://github.com/cloudfoundry/uaa 9 https://github.com/nervosnetwork/ckb 9 https://github.com/nilsteampassnet/teampass 9 https://github.com/kubernetes/kubernetes 9 https://github.com/TYPO3/TYPO3.CMS 8 https://github.com/gradio-app/gradio 8 https://github.com/matrix-org/synapse 8 https://github.com/shopware/platform 8 https://github.com/bcgit/bc-java 8 https://github.com/cobbler/cobbler 8 https://github.com/cockpit-hq/cockpit 8 https://github.com/nats-io/nats-server 8 https://github.com/netty/netty 7 https://github.com/PHPMailer/PHPMailer 7 https://github.com/plone/Products.CMFPlone 7 https://github.com/dotnet/aspnetcore 7 https://github.com/hashicorp/vault 7 https://github.com/undertow-io/undertow 7 https://github.com/snipe/snipe-it 7 https://github.com/eclipse/jetty.project 7 https://github.com/DSpace/DSpace 7 https://github.com/rubygems/rubygems 7 https://github.com/denoland/deno 7 https://github.com/apache/cxf 7 https://github.com/spring-projects/spring-security 7 https://github.com/pyca/cryptography 6 https://github.com/OpenNMS/opennms 6 https://github.com/PaddlePaddle/Paddle 6 https://github.com/hyperledger/fabric 6 https://github.com/intelliants/subrion 6 https://github.com/DrunkenShells/Disclosures 6 https://github.com/smarty-php/smarty 6 https://github.com/istio/istio 6 https://github.com/backstage/backstage 6 https://github.com/CVEProject/cvelist 6 https://github.com/xuxueli/xxl-job 6 https://github.com/TYPO3/typo3 6 https://github.com/guzzle/guzzle 6 https://github.com/sequelize/sequelize 6 https://github.com/kiwitcms/Kiwi 6 https://github.com/contao/contao 6 https://github.com/bodil/sized-chunks 6 https://github.com/dnnsoftware/Dnn.Platform 6 https://github.com/npm/node-tar 6 https://github.com/phpmyadmin/phpmyadmin 6 https://github.com/dromara/hutool 6 https://github.com/gravitl/netmaker 6 https://github.com/zitadel/zitadel 6 https://github.com/OpenZeppelin/openzeppelin-contracts 6 https://github.com/Pylons/waitress 6 https://github.com/ls1intum/Ares 6 https://github.com/magento/magento2 6 https://github.com/OPCFoundation/UA-.NETStandard 6 https://github.com/nilsteampassnet/TeamPass 6 https://github.com/apache/activemq 6 https://github.com/WWBN/AVideo 6 https://github.com/froxlor/froxlor 6 https://github.com/opencast/opencast 6 https://github.com/PrestaShop/PrestaShop 5 https://github.com/faisalman/ua-parser-js 5 https://github.com/BlackFan/client-side-prototype-pollution 5 https://github.com/answerdev/answer 5 https://github.com/matrix-org/matrix-js-sdk 5 https://github.com/apache/xmlgraphics-batik 5 https://github.com/traefik/traefik 5 https://github.com/drupal/core 5 https://github.com/pear/Archive_Tar 5 https://github.com/saltstack/salt 5 https://github.com/hpcng/singularity 5 https://github.com/directus/directus 5 https://github.com/tidwall/gjson 5 https://github.com/docker/docker 5 https://github.com/forkcms/forkcms 5 https://github.com/composer/composer 5 https://github.com/laravel/framework 5 https://github.com/gogs/gogs 5 https://github.com/codeigniter4/CodeIgniter4 5 https://github.com/apache/dolphinscheduler 5 https://github.com/apache/kylin 5 https://github.com/protocolbuffers/protobuf 5 https://github.com/geoserver/geoserver 5 https://github.com/cakephp/cakephp 5 https://github.com/getkirby/kirby 5 https://github.com/IBAX-io/go-ibax 5 https://github.com/cefsharp/CefSharp 5 https://github.com/twisted/twisted 5 https://github.com/zopefoundation/Zope 5 https://github.com/aubio/aubio 5 https://github.com/cilium/cilium 5 https://github.com/apache/hadoop 5 https://github.com/cri-o/cri-o 4 https://github.com/ethereum/go-ethereum 4 https://github.com/nautobot/nautobot 4 https://github.com/libp2p/go-libp2p 4 https://github.com/fiveai/Cachet 4 https://github.com/apache/geode 4 https://github.com/ericcornelissen/shescape 4 https://github.com/phpseclib/phpseclib 4 https://github.com/playframework/playframework 4 https://github.com/totaljs/framework 4 https://github.com/jenkinsci/workflow-cps-global-lib-plugin 4 https://github.com/wixtoolset/issues 4 https://github.com/RaspAP/raspap-webgui 4 https://github.com/kubernetes/ingress-nginx 4 https://github.com/pimcore/admin-ui-classic-bundle 4 https://github.com/opencontainers/runc 4 https://github.com/livehelperchat/livehelperchat 4 https://github.com/free5gc/free5gc 4 https://github.com/yiisoft/yii2 4 https://github.com/Codiad/Codiad 4 https://github.com/quarkusio/quarkus 4 https://github.com/scrapy/scrapy 4 https://github.com/statamic/cms 4 https://github.com/surrealdb/surrealdb 4 https://github.com/restlet/restlet-framework-java 4 https://github.com/centreon/centreon-archived 4 https://github.com/0xJacky/nginx-ui 4 https://github.com/apple/swift-nio-http2 4 https://github.com/baserproject/basercms 4 https://github.com/igniterealtime/Openfire 4 https://github.com/ethyca/fides 4 https://github.com/jettison-json/jettison 4 https://github.com/vantage6/vantage6 4 https://github.com/PrismJS/prism 4 https://github.com/ckeditor/ckeditor4 4 https://github.com/npm/cli 4 https://github.com/Froxlor/Froxlor 4 https://github.com/nightcloudos/new_cms 4 https://github.com/jhipster/generator-jhipster 4 https://github.com/jnqnfe/pulse-binding-rust 4 https://github.com/cloudflare/cfrpki 4 https://github.com/jeecgboot/jeecg-boot 4 https://github.com/hashicorp/nomad 4 https://github.com/containers/buildah 4 https://github.com/bolt/bolt 4 https://github.com/containers/podman 4 https://github.com/fluxcd/flux2 3 https://github.com/RustCrypto/hashes 3 https://gitlab.com/edneville/please 3 https://github.com/vrana/adminer 3 https://github.com/vercel/next.js 3 https://github.com/faucetsdn/ryu 3 https://github.com/puma/puma 3 https://github.com/silverstripe/silverstripe-graphql 3 https://github.com/Ylianst/MeshCentral 3 https://github.com/minio/minio 3 https://github.com/bytecodealliance/wasmtime 3 https://github.com/jupyterhub/oauthenticator 3 https://github.com/containous/traefik 3