Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

High Security Advisories

Loading...
High
GSA_kwCzR0hTQS0zNDQ4LXZyZ2gtODV4cs0WRA
NULL Pointer Dereference in OpenCV.
Ecosystems: pypi
Packages: opencv-contrib-python-headless, opencv-contrib-python, opencv-python-headless, opencv-python
Source: GitHub Advisory Database
Blast Radius: 36.2
Published: over 2 years ago
High
GSA_kwCzR0hTQS1mdzk5LWY5MzMtcmdoOM0WRQ
Out-of-bounds Read and Out-of-bounds Write in OpenCV
Ecosystems: pypi
Packages: opencv-contrib-python-headless, opencv-contrib-python, opencv-python-headless, opencv-python
Source: GitHub Advisory Database
Blast Radius: 36.2
Published: over 2 years ago
High
GSA_kwCzR0hTQS1mbTM5LWN3OGgtM3A2M80WRg
Out-of-bounds Read in OpenCV
Ecosystems: pypi
Packages: opencv-contrib-python-headless, opencv-contrib-python, opencv-python-headless, opencv-python
Source: GitHub Advisory Database
Blast Radius: 39.6
Published: over 2 years ago
High
GSA_kwCzR0hTQS1tNDNjLTY0OW0tcG00OM0WTA
Integer Overflow or Wraparound in OpenCV.
Ecosystems: pypi
Packages: opencv-contrib-python, opencv-python
Source: GitHub Advisory Database
Blast Radius: 42.5
Published: over 2 years ago
High
GSA_kwCzR0hTQS04M3JoLWh4NXgtcTlwNc0WTQ
Out-of-bounds Read in OpenCV
Ecosystems: pypi
Packages: opencv-contrib-python, opencv-python
Source: GitHub Advisory Database
Blast Radius: 36.2
Published: over 2 years ago
High
GSA_kwCzR0hTQS0yNjd4LXc1aHgtOGhqcs0WUA
Integer Overflow or Wraparound in OpenCV
Ecosystems: pypi
Packages: opencv-contrib-python, opencv-python
Source: GitHub Advisory Database
Blast Radius: 42.5
Published: over 2 years ago
High
GSA_kwCzR0hTQS13cThmLXd2cXAteHZ2bc0WUQ
Integer Overflow or Wraparound in OpenCV
Ecosystems: pypi
Packages: opencv-contrib-python, opencv-python
Source: GitHub Advisory Database
Blast Radius: 42.5
Published: over 2 years ago
High
GSA_kwCzR0hTQS01cnBjLWd3aDktcTlmZ80WUg
Improper Restriction of Operations within the Bounds of a Memory Buffer in OpenCV
Ecosystems: pypi
Packages: opencv-contrib-python, opencv-python
Source: GitHub Advisory Database
Blast Radius: 42.5
Published: over 2 years ago
High
GSA_kwCzR0hTQS12YzI5LXJqOTItZ2M3as0WUw
Out-of-bounds Write in OpenCV
Ecosystems: pypi
Packages: opencv-contrib-python, opencv-python
Source: GitHub Advisory Database
Blast Radius: 42.5
Published: over 2 years ago
High
GSA_kwCzR0hTQS1ycXhnLXh2Y3EtM3YyZs0WVA
Out-of-bounds Write in OpenCV
Ecosystems: pypi
Packages: opencv-contrib-python, opencv-python
Source: GitHub Advisory Database
Blast Radius: 42.5
Published: over 2 years ago
High
GSA_kwCzR0hTQS1jN2dwLTJwY2gtcWgyds0WVQ
Out-of-bounds Write in OpenCV
Ecosystems: pypi
Packages: opencv-contrib-python, opencv-python
Source: GitHub Advisory Database
Blast Radius: 42.5
Published: over 2 years ago
High
GSA_kwCzR0hTQS02djZwLXA5N3YtZzJwN80WVg
Out-of-bounds Write in OpenCV
Ecosystems: pypi
Packages: opencv-contrib-python, opencv-python
Source: GitHub Advisory Database
Blast Radius: 42.5
Published: over 2 years ago
High
GSA_kwCzR0hTQS1wcWpqLTZmNXEtZ3FwaM0WVw
Denial of Service in OpenCV
Ecosystems: pypi
Packages: opencv-contrib-python, opencv-python
Source: GitHub Advisory Database
Blast Radius: 36.2
Published: over 2 years ago
High
GSA_kwCzR0hTQS13OTZnLTNwNjQtNjN3cs0WWA
Improper Restriction of Operations within the Bounds of a Memory Buffer in OpenCV
Ecosystems: pypi
Packages: opencv-contrib-python, opencv-python
Source: GitHub Advisory Database
Blast Radius: 42.5
Published: over 2 years ago
High
GSA_kwCzR0hTQS1mcjU4LTJ4aHYtcXAzd80WWQ
Denial of Service in OpenCV
Ecosystems: pypi
Packages: opencv-contrib-python, opencv-python
Source: GitHub Advisory Database
Blast Radius: 36.2
Published: over 2 years ago
High
GSA_kwCzR0hTQS1mdnE2LTM5MmgtNm1qas0WWg
Out-of-bounds Read in OpenCV
Ecosystems: pypi
Packages: opencv-contrib-python, opencv-python
Source: GitHub Advisory Database
Blast Radius: 42.5
Published: over 2 years ago
High
GSA_kwCzR0hTQS0zM2gyLTY5ajMtcjMzNs0WWw
Out-of-bounds Read in OpenCV
Ecosystems: pypi
Packages: opencv-contrib-python, opencv-python
Source: GitHub Advisory Database
Blast Radius: 42.5
Published: over 2 years ago
High
GSA_kwCzR0hTQS04dzN4LTQ1N3Itd2c1M80WXA
Out-of-bounds Write in OpenCV
Ecosystems: pypi
Packages: opencv-contrib-python, opencv-python
Source: GitHub Advisory Database
Blast Radius: 42.5
Published: over 2 years ago
High
GSA_kwCzR0hTQS1jdmh3LTI1OTMtNWoycc0WXg
Double Free in OpenCV
Ecosystems: pypi
Packages: opencv-contrib-python, opencv-python
Source: GitHub Advisory Database
Blast Radius: 42.5
Published: over 2 years ago
High
GSA_kwCzR0hTQS1xaDlxLTM0aDYtaGN2Oc0WYQ
Directory traversal in mkdocs
Ecosystems: pypi
Packages: mkdocs
Source: GitHub Advisory Database
Blast Radius: 31.9
Published: over 2 years ago
High
GSA_kwCzR0hTQS0yODRmLWYyaHctajJneM0WYw
Server-Side Request Forgery vulnerability in concrete5
Ecosystems: packagist
Packages: concrete5/concrete5
Source: GitHub Advisory Database
Blast Radius: 6.9
Published: over 2 years ago
High
GSA_kwCzR0hTQS0zNjJ2LXdnNXAtNjR3Ms0Wgw
Incorrect Privilege Assignment in HashiCorp Vault
Ecosystems: go
Packages: github.com/hashicorp/vault
Source: GitHub Advisory Database
Blast Radius: 27.3
Published: over 2 years ago
High
GSA_kwCzR0hTQS1yODM4LXE2anAtNTh4eM0WdA
Improper Restriction of Excessive Authentication Attempts in py-bcrypt
Ecosystems: pypi
Packages: py-bcrypt
Source: GitHub Advisory Database
Blast Radius: 23.1
Published: over 2 years ago
High
GSA_kwCzR0hTQS1xZjZxLXFmd3AtdnA0NM0Wcg
Origin Validation Error in Magento 2
Ecosystems: packagist
Packages: cardgate/magento2
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
High
GSA_kwCzR0hTQS01Nnd2LTJ3cjktM2g5cs0WcA
Improper Verification of Cryptographic Signature in fastecdsa
Ecosystems: pypi
Packages: fastecdsa
Source: GitHub Advisory Database
Blast Radius: 18.5
Published: over 2 years ago
High
GSA_kwCzR0hTQS02OGpjLXYyN2gtdmhtd80WbQ
Drupal core Unrestricted Upload of File with Dangerous Type
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 32.8
Published: over 2 years ago
High
GSA_kwCzR0hTQS0zcjNnLWc3M3gtZzU5M80Wgg
coreos-installer improperly verifies GPG signature when decompressing gzipped artifact
Ecosystems: cargo
Packages: coreos-installer
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
High
GSA_kwCzR0hTQS1wZ2g2LW02NXItMnJocc0Wew
DOS and Open Redirect with user input
Ecosystems: npm
Packages: fastify-static
Source: GitHub Advisory Database
Blast Radius: 31.7
Published: over 2 years ago
High
GSA_kwCzR0hTQS1wZ2pqLTg2NnctZmM1Y80WeQ
Risk of code injection
Ecosystems: npm
Packages: rsshub
Source: GitHub Advisory Database
Blast Radius: 10.4
Published: over 2 years ago
High
GSA_kwCzR0hTQS13cWdwLXZwaHctaHBoZs0Wbg
Security issues in AWS KMS and AWS Encryption SDKs: in-band protocol negotiation and robustness
Ecosystems: pypi, maven
Packages: aws-encryption-sdk, com.amazonaws:aws-encryption-sdk-java
Source: GitHub Advisory Database
Blast Radius: 29.3
Published: over 2 years ago
High
GSA_kwCzR0hTQS14djh4LXByNGgtNzNqds0WPA
Memory corruption when returning a literal struct with a private call inside of it
Ecosystems: pypi
Packages: vyper
Source: GitHub Advisory Database
Blast Radius: 17.8
Published: over 2 years ago
High
GSA_kwCzR0hTQS0zZjk5LWh2ZzQtcWp3as0Weg
Insecure random number generation in keypair
Ecosystems: npm
Packages: keypair
Source: GitHub Advisory Database
Blast Radius: 37.6
Published: over 2 years ago
High
GSA_kwCzR0hTQS04MjNmLWN3bTktNGc3NM0WLA
Splash authentication credentials potentially leaked to target websites
Ecosystems: pypi
Packages: scrapy-splash
Source: GitHub Advisory Database
Blast Radius: 19.5
Published: over 2 years ago
High
GSA_kwCzR0hTQS0yNWZ4LW14YzItNzZnN80WLQ
Sylius PayPal Plugin allows unauthorized access to Credit card form, exposing payer name and not requiring 3DS
Ecosystems: packagist
Packages: sylius/paypal-plugin
Source: GitHub Advisory Database
Blast Radius: 14.4
Published: over 2 years ago
High
GSA_kwCzR0hTQS0zN2h4LTRtY3Etd2MzaM0WMQ
Weak Password Recovery Mechanism for Forgotten Password in Strapi
Ecosystems: npm
Packages: strapi
Source: GitHub Advisory Database
Blast Radius: 29.3
Published: over 2 years ago
High
GSA_kwCzR0hTQS1tNm01LXBwNGctZmNjOM0WNA
S3 storage write is not aborted on errors leading to unbounded memory usage
Ecosystems: go
Packages: github.com/foxcpp/maddy
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: over 2 years ago
High
GSA_kwCzR0hTQS1tNmo0LThyN3Atd3BwM80WNw
BuddyPress privilege escalation via REST API
Ecosystems: packagist
Packages: buddypress/buddypress
Source: GitHub Advisory Database
Blast Radius: 6.8
Published: over 2 years ago
High
GSA_kwCzR0hTQS02Z2pmLTd3OTktajd4N80WOA
Deleted Admin Can Sign In to Admin Interface
Ecosystems: packagist
Packages: october/system, october/october
Source: GitHub Advisory Database
Blast Radius: 18.2
Published: over 2 years ago
High
GSA_kwCzR0hTQS02OWo2LTI5dnItcDNqOc0WKA
Authentication bypass for viewing and deletions of snapshots
Ecosystems: go
Packages: github.com/grafana/grafana
Source: GitHub Advisory Database
Blast Radius: 12.4
Published: over 2 years ago
High
GSA_kwCzR0hTQS02NTdtLXY1dm0tZjZyd80WJw
Cross-Site-Request-Forgery in Backend
Ecosystems: packagist
Packages: typo3/cms, typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 31.6
Published: over 2 years ago
High
GSA_kwCzR0hTQS1mcnFnLTdnMzgtNmdjZs0WJQ
Improper escaping of command arguments on Windows leading to command injection
Ecosystems: packagist
Packages: composer/composer
Source: GitHub Advisory Database
Blast Radius: 37.3
Published: over 2 years ago
High
GSA_kwCzR0hTQS1jcjNmLXIyNGotM2Nod80WIw
Cobbler before 3.3.0 allows authorization bypass for modification of settings.
Ecosystems: pypi
Packages: cobbler
Source: GitHub Advisory Database
Blast Radius: 7.8
Published: over 2 years ago
High
GSA_kwCzR0hTQS1jcHFmLTNjM3ItYzlnMs0WIg
Cobbler before 3.3.0 allows log poisoning
Ecosystems: pypi
Packages: cobbler
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
High
GSA_kwCzR0hTQS00Y2ZyLWdqZngtZmozeM0WIQ
Cobbler before 3.3.0 allows arbitrary file write operations via upload_log_data.
Ecosystems: pypi
Packages: cobbler
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
High
GSA_kwCzR0hTQS01dmZ4LTh3Nm0taDN2NM0WHA
Pterodactyl Panel vulnerable to authentication bypass due to improper user-provided security token verification
Ecosystems: packagist
Packages: pterodactyl/panel
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
High
GSA_kwCzR0hTQS02NjNqLXJqY3ItNzg5Zs0WFA
CSV injection in shuup
Ecosystems: pypi
Packages: shuup
Source: GitHub Advisory Database
Blast Radius: 12.3
Published: over 2 years ago
High
GSA_kwCzR0hTQS1od3FjLXBnanctdmpxcM0WDg
Cross-Site Request Forgery in GilaCMS
Ecosystems: packagist
Packages: gilacms/gila
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
High
GSA_kwCzR0hTQS1oZjY2LXI0NGctcDdqOc0WEQ
Inefficient Regular Expression Complexity in handsontable
Ecosystems: npm
Packages: handsontable
Source: GitHub Advisory Database
Blast Radius: 22.3
Published: over 2 years ago
High
GSA_kwCzR0hTQS03cHIzLXA1Zm0tOHI5eM0WDw
LiveQuery publishes user session tokens in parse-server
Ecosystems: npm
Packages: parse-server
Source: GitHub Advisory Database
Blast Radius: 23.1
Published: over 2 years ago
High
GSA_kwCzR0hTQS0yd3czLWZ4dnEtMjkzas0WBQ
NLTK Vulnerable to REDoS
Ecosystems: pypi
Packages: nltk
Source: GitHub Advisory Database
Blast Radius: 35.7
Published: over 2 years ago
High
GSA_kwCzR0hTQS14NTV3LXZqanAtMjIycs0WAg
inflect vulnerable to Inefficient Regular Expression Complexity
Ecosystems: npm
Packages: i
Source: GitHub Advisory Database
Blast Radius: 37.3
Published: over 2 years ago
High
GSA_kwCzR0hTQS0zNm1qLTZyN3ItbXFoZs0WCg
User can obtain JWT token even if account is disabled
Ecosystems: packagist
Packages: ezsystems/ezplatform-rest
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
High
GSA_kwCzR0hTQS00OG1qLXA3eDItNWpmbc0WCA
Basic auth bypass in esphome
Ecosystems: pypi
Packages: esphome
Source: GitHub Advisory Database
Blast Radius: 13.1
Published: over 2 years ago
High
GSA_kwCzR0hTQS1mMjYzLWM5NDktdzg1Z80WAA
Improper Authorization in Google OAuth Client
Ecosystems: maven
Packages: com.google.oauth-client:google-oauth-client
Source: GitHub Advisory Database
Blast Radius: 25.9
Published: over 2 years ago
High
GSA_kwCzR0hTQS0ycnI1LThxMzctMnc3aM0V_Q
Improper Restriction of XML External Entity Reference (XXE) in Nokogiri on JRuby
Ecosystems: rubygems
Packages: nokogiri
Source: GitHub Advisory Database
Blast Radius: 45.3
Published: over 2 years ago
High
GSA_kwCzR0hTQS1mcHY2LWY4anctcmMzcs0V-Q
Elvish vulnerable to remote code execution via the web UI backend
Ecosystems: go
Packages: github.com/elves/elvish
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
High
GSA_kwCzR0hTQS0ycGZoLXE3NngtZ3d2bc0V9w
Improper Input Validation and Command Injection in Ansible
Ecosystems: pypi
Packages: ansible
Source: GitHub Advisory Database
Blast Radius: 29.6
Published: over 2 years ago
High
GSA_kwCzR0hTQS14MzhxLXhnMmgtcnhneM0V9Q
Regular Expression Denial of Service in Leo Editor
Ecosystems: pypi
Packages: leo
Source: GitHub Advisory Database
Blast Radius: 3.6
Published: over 2 years ago
High
GSA_kwCzR0hTQS1xaDd4LWo0djgtcXc1d80V7Q
Clipboard-based XSS
Ecosystems: npm
Packages: jsuites
Source: GitHub Advisory Database
Blast Radius: 18.8
Published: over 2 years ago
High
GSA_kwCzR0hTQS01dmNtLTN4YzMtdzd4M80V6w
Response Splitting from unsanitized headers
Ecosystems: maven
Packages: org.http4s:http4s-client, org.http4s:http4s-server
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
High
GSA_kwCzR0hTQS02NTJoLXh3aGYtcTRoNs0V6A
OS Command Injection in ssh2
Ecosystems: npm
Packages: ssh2
Source: GitHub Advisory Database
Blast Radius: 32.6
Published: over 2 years ago
High
GSA_kwCzR0hTQS1qOHdjLWd4eDktODJoeM0V5Q
Exposure of Sensitive Information to an Unauthorized Actor in Apache Santuario
Ecosystems: maven
Packages: org.apache.santuario:xmlsec
Source: GitHub Advisory Database
Blast Radius: 25.6
Published: over 2 years ago
High
GSA_kwCzR0hTQS1xaG1wLWg1NHgtMzhxcs0V5w
CWE-730 Regex injection with IFTTT Plugin
Ecosystems: pypi
Packages: apprise
Source: GitHub Advisory Database
Blast Radius: 22.2
Published: over 2 years ago
High
GSA_kwCzR0hTQS1ycDY1LTljZjMtY2p4cs0V5A
Inefficient Regular Expression Complexity in nth-check
Ecosystems: npm
Packages: nth-check
Source: GitHub Advisory Database
Blast Radius: 48.6
Published: over 2 years ago
High
GSA_kwCzR0hTQS04djYzLWNxcWMtNnIyY80V4w
Prototype Pollution in object-path
Ecosystems: npm
Packages: object-path
Source: GitHub Advisory Database
Blast Radius: 44.8
Published: over 2 years ago
High
GSA_kwCzR0hTQS01OWc5LTdnZngtYzcycM0V1g
Infinite loop in Tomcat due to parsing error
Ecosystems: maven
Packages: org.apache.tomcat:tomcat
Source: GitHub Advisory Database
Blast Radius: 19.8
Published: over 2 years ago
High
GSA_kwCzR0hTQS1yZjN3LTI5aDMtcjYzNs0V1Q
Arbitrary Code Execution in feehi/cms
Ecosystems: packagist
Packages: feehi/cms
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
High
GSA_kwCzR0hTQS02cTNwLTM2ZjQtY3d4ds0V0A
Server-Side Request Forgery in UReport
Ecosystems: maven
Packages: com.bstek.ureport:ureport2-console
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
High
GSA_kwCzR0hTQS00NGM2LTR2MjItNG1oeM0VyQ
semver-regex Regular Expression Denial of Service (ReDOS)
Ecosystems: npm
Packages: semver-regex
Source: GitHub Advisory Database
Blast Radius: 41.8
Published: over 2 years ago
High
GSA_kwCzR0hTQS12dmYyLXBwajktcHA0Oc0VyA
Inefficient Regular Expression Complexity in vuelidate
Ecosystems: npm
Packages: @vuelidate/validators
Source: GitHub Advisory Database
Blast Radius: 23.7
Published: over 2 years ago
High
GSA_kwCzR0hTQS1qZ3J4LW1neHgtamY5ds0Vxg
tmpl vulnerable to Inefficient Regular Expression Complexity which may lead to resource exhaustion
Ecosystems: npm
Packages: tmpl
Source: GitHub Advisory Database
Blast Radius: 46.1
Published: over 2 years ago
High
GSA_kwCzR0hTQS03cnA2LXc3bWctaDhyd80V1w
XML External Entity Reference in Apache Jena
Ecosystems: maven
Packages: org.apache.jena:jena-core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
High
GSA_kwCzR0hTQS05M3E4LWdxNjktd3Ftd80V3g
Inefficient Regular Expression Complexity in chalk/ansi-regex
Ecosystems: npm
Packages: ansi-regex
Source: GitHub Advisory Database
Blast Radius: 45.7
Published: over 2 years ago
High
GSA_kwCzR0hTQS00OXgzLTgyMjgtM3czbc0V3w
Inefficient Regular Expression Complexity in code-server
Ecosystems: npm
Packages: code-server
Source: GitHub Advisory Database
Blast Radius: 3.6
Published: over 2 years ago
High
GSA_kwCzR0hTQS05MnY5LXhoMnEtZnE5Zs0V4Q
Prototype Pollution in cookiex/deep
Ecosystems: npm
Packages: @cookiex/deep
Source: GitHub Advisory Database
Blast Radius: 2.6
Published: over 2 years ago
High
GSA_kwCzR0hTQS00NjhxLXY0amotNDg1aM0V4g
Inefficient Regular Expression Complexity in taro
Ecosystems: npm
Packages: @tarojs/helper
Source: GitHub Advisory Database
Blast Radius: 21.8
Published: over 2 years ago
High
GSA_kwCzR0hTQS0yMmdoLTNyOXEteGYzOM0V2A
Lacking Protection against HTTP Request Smuggling in mitmproxy
Ecosystems: pypi
Packages: mitmproxy
Source: GitHub Advisory Database
Blast Radius: 22.7
Published: over 2 years ago
High
GSA_kwCzR0hTQS04NHA3LWZoOWMtNmc4aM0V0Q
Prototype Pollution in mixme
Ecosystems: npm
Packages: mixme
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
High
GSA_kwCzR0hTQS0yZ2hjLTZ2ODktcHc5as0Vwg
body-parser-xml vulnerable to Prototype Pollution
Ecosystems: npm
Packages: body-parser-xml
Source: GitHub Advisory Database
Blast Radius: 19.2
Published: over 2 years ago
High
GSA_kwCzR0hTQS0ycmg1LWp2Z3gtcGd3M80VwQ
Any storage file can be downloaded from p.sh if full server path is known
Ecosystems: packagist
Packages: ezsystems/ezplatform
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
High
GSA_kwCzR0hTQS1ncWNmLTgzcnEtZ3Bmcs0VwA
Any storage file can be downloaded from p.sh if full server path is known
Ecosystems: packagist
Packages: ibexa/post-install
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
High
GSA_kwCzR0hTQS00anFjLThtNXItOXJwcs0Vvg
Prototype Pollution in set-value
Ecosystems: npm, nuget
Packages: set-value, set-value-nuget
Source: GitHub Advisory Database
Blast Radius: 49.0
Published: over 2 years ago
High
GSA_kwCzR0hTQS1naDhqLTJwZ2YteDQ1OM0VuQ
Infinite Loop in rencode
Ecosystems: pypi
Packages: rencode
Source: GitHub Advisory Database
Blast Radius: 14.8
Published: over 2 years ago
High
GSA_kwCzR0hTQS1tODdmLTlmdnYtMm1nZ80VuA
Deserialization of Untrusted Data in parlai
Ecosystems: pypi
Packages: parlai
Source: GitHub Advisory Database
Blast Radius: 11.6
Published: over 2 years ago
High
GSA_kwCzR0hTQS00aHBxLXJqY3gtN3ZqOc0Vtw
Clearance Gem Open Redirect Vulnerability
Ecosystems: rubygems
Packages: clearance
Source: GitHub Advisory Database
Blast Radius: 22.7
Published: over 2 years ago
High
GSA_kwCzR0hTQS1wNXc4LXdxaGotOWhoZs0VtQ
StripComments filter contains a regular expression that is vulnerable to ReDOS (Regular Expression Denial of Service)
Ecosystems: pypi
Packages: sqlparse
Source: GitHub Advisory Database
Blast Radius: 39.8
Published: over 2 years ago
High
GSA_kwCzR0hTQS1jZmMyLXdqY20tYzhmbc0Vsg
Incorrect Authorization with specially crafted requests
Ecosystems: go
Packages: github.com/pomerium/pomerium
Source: GitHub Advisory Database
Blast Radius: 6.0
Published: over 2 years ago
High
GSA_kwCzR0hTQS01d2pmLTYyaHctcTc4cs0VsQ
Excessive CPU usage
Ecosystems: go
Packages: github.com/pomerium/pomerium
Source: GitHub Advisory Database
Blast Radius: 5.2
Published: over 2 years ago
High
GSA_kwCzR0hTQS1namNnLXZyeGcteG1nds0VsA
Incorrect handling of H2 GOAWAY + SETTINGS frames
Ecosystems: go
Packages: github.com/pomerium/pomerium
Source: GitHub Advisory Database
Blast Radius: 6.0
Published: over 2 years ago
High
GSA_kwCzR0hTQS05dmpwLXY3NmYtZzM2M80Vrw
SnappyFrameDecoder doesn't restrict chunk length any may buffer skippable chunks in an unnecessary way
Ecosystems: maven
Packages: io.netty:netty, org.jboss.netty:netty, io.netty:netty-codec
Source: GitHub Advisory Database
Blast Radius: 31.2
Published: over 2 years ago
High
GSA_kwCzR0hTQS1ncmc0LXdmMjktcjl2ds0Vrg
Bzip2Decoder doesn't allow setting size restrictions for decompressed data
Ecosystems: maven
Packages: io.netty:netty, org.jboss.netty:netty, io.netty:netty-codec
Source: GitHub Advisory Database
Blast Radius: 31.2
Published: over 2 years ago
High
GSA_kwCzR0hTQS0yajU4LXB3d3YteDY2Ns0VrA
Cross-Site Request Forgery in sqlite-web
Ecosystems: pypi
Packages: sqlite-web
Source: GitHub Advisory Database
Blast Radius: 11.9
Published: over 2 years ago
High
GSA_kwCzR0hTQS02MjRmLWNxdnItM3F3NM0VqQ
URL Redirection to Untrusted Site ('Open Redirect') in Flask-AppBuilder
Ecosystems: pypi
Packages: Flask-AppBuilder
Source: GitHub Advisory Database
Blast Radius: 19.9
Published: over 2 years ago
High
GSA_kwCzR0hTQS1jY3c4LTc2ODgtdnF4NM0Vpw
HashiCorp Consul Privilege Escalation Vulnerability
Ecosystems: go
Packages: github.com/hashicorp/consul
Source: GitHub Advisory Database
Blast Radius: 30.6
Published: over 2 years ago
High
GSA_kwCzR0hTQS1jOHgzLXJnNzItZnd3Z80Vpg
Privilege escalation in Hashicorp Nomad
Ecosystems: go
Packages: github.com/hashicorp/nomad
Source: GitHub Advisory Database
Blast Radius: 20.4
Published: over 2 years ago
High
GSA_kwCzR0hTQS1yNTc3LTRocTctNzNxaM0VpA
Remote Code Execution in Apache Dubbo
Ecosystems: maven
Packages: org.apache.dubbo:dubbo
Source: GitHub Advisory Database
Blast Radius: 30.9
Published: over 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZncjgtYzNtNS1tdnJn
Exposure of Sensitive Information to an Unauthorized Actor
Ecosystems: packagist
Packages: shopware/platform
Source: GitHub Advisory Database
Blast Radius: 11.8
Published: over 2 years ago
High
GSA_kwCzR0hTQS1mMzR4LThwZjYtcWM5Y80Vow
HTTP header injection in Sonatype Nexus Repository
Ecosystems: maven
Packages: org.sonatype.nexus:nexus-repository
Source: GitHub Advisory Database
Blast Radius: 14.4
Published: over 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTNjMzMtMzQ2NS1maHgy
Exposure of Resource to Wrong Sphere in LibreNMS
Ecosystems: packagist
Packages: librenms/librenms
Source: GitHub Advisory Database
Blast Radius: 2.6
Published: over 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTc0OGYtd3Y3Ni14OWhn
Arbitrary file upload in Fork CMS
Ecosystems: packagist
Packages: forkcms/forkcms
Source: GitHub Advisory Database
Blast Radius: 5.3
Published: over 2 years ago
Statistics
Advisories: 18,152
Packages: 8,242
Repositories: 2,416
Ecosystems: 12
Filter by Severity
Moderate 7,822 High 6,289 Critical 2,788 Low 969
Filter by Ecosystem
maven 1,873 npm 1,397 pypi 1,119 packagist 1,012 nuget 785 go 687 cargo 322 rubygems 283 swift 16 hex 8 actions 8 pub 4
Filter by Package
Microsoft.ChakraCore 234 tensorflow 107 tensorflow-cpu 95 tensorflow-gpu 93 magento/community-edition 55 org.jenkins-ci.main:jenkins-core 48 com.fasterxml.jackson.core:jackson-databind 43 moodle/moodle 43 org.apache.tomcat:tomcat 33 dolibarr/dolibarr 29 microweber/microweber 27 pimcore/pimcore 27 nokogiri 25 drupal/core 24 org.apache.struts:struts2-core 23 phpmyadmin/phpmyadmin 23 com.thoughtworks.xstream:xstream 22 typo3/cms 22 opencv-python 22 opencv-contrib-python 22 com.jfinal:jfinal 21 Pillow 21 drupal/drupal 20 ansible 20 github.com/rancher/rancher 19 thorsten/phpmyfaq 19 django 19 typo3/cms-core 18 librenms/librenms 18 pocketmine/pocketmine-mp 17 org.jenkins-ci.plugins:script-security 17 openssl-src 17 mlflow 17 org.apache.tomcat.embed:tomcat-embed-core 16 apache-airflow 16 symfony/symfony 16 nilsteampassnet/teampass 15 parse-server 15 rdiffweb 15 vyper 14 centreon/centreon 14 Microsoft.AspNetCore.App.Runtime.win-x64 14 net.mingsoft:ms-mcms 14 salt 14 getgrav/grav 14 github.com/hashicorp/consul 14 Microsoft.AspNetCore.App.Runtime.win-x86 14 golang.org/x/net 13 Microsoft.AspNetCore.App.Runtime.win-arm 13 rubygems-update 13 github.com/usememos/memos 13 baserproject/basercms 12 Microsoft.AspNetCore.App.Runtime.osx-x64 12 Microsoft.AspNetCore.App.Runtime.linux-x64 12 activerecord 12 electron 12 Microsoft.AspNetCore.App.Runtime.win-arm64 12 Microsoft.AspNetCore.App.Runtime.linux-arm64 12 Microsoft.AspNetCore.App.Runtime.linux-musl-arm64 12 org.keycloak:keycloak-core 12 Microsoft.AspNetCore.App.Runtime.linux-musl-x64 12 org.apache.openmeetings:openmeetings-parent 12 Microsoft.AspNetCore.App.Runtime.linux-arm 12 mautic/core 11 actionpack 11 Plone 11 github.com/hashicorp/vault 11 github.com/argoproj/argo-cd 11 org.keycloak:keycloak-parent 11 io.undertow:undertow-core 11 github.com/nats-io/nats-server/v2 11 intelliants/subrion 11 org.apache.nifi:nifi 10 openmage/magento-lts 10 matrix-synapse 10 org.springframework.security:spring-security-core 10 org.xwiki.platform:xwiki-platform-oldcore 10 shopware/platform 10 cobbler 10 cockpit-hq/cockpit 10 github.com/hashicorp/nomad 10 froxlor/froxlor 10 rusqlite 9 org.apache.struts.xwork:xwork-core 9 Microsoft.NetCore.App.Runtime.win-arm64 9 Microsoft.NetCore.App.Runtime.win-x86 9 org.apache.solr:solr-core 9 org.apache.geode:geode-core 9 org.cloudfoundry.identity:cloudfoundry-identity-server 9 Django 9 Microsoft.NetCore.App.Runtime.win-x64 9 Microsoft.NetCore.App.Runtime.win-arm 9 craftcms/cms 9 ckb 9 org.bouncycastle:bcprov-jdk14 9 org.apache.hadoop:hadoop-main 9 gradio 8 org.bouncycastle:bcprov-jdk15 8 github.com/sylabs/singularity 8 october/system 8 github.com/ethereum/go-ethereum 8 Microsoft.AspNetCore.App.Runtime.linux-musl-arm 8 Microsoft.NETCore.App.Runtime.win-x86 8 shopware/core 8 org.keycloak:keycloak-services 8 Microsoft.NETCore.App.Runtime.win-x64 8 Microsoft.NETCore.App.Runtime.win-arm64 8 magento/core 7 smarty/smarty 7 org.jenkins-ci.plugins.workflow:workflow-cps-global-lib 7 apache-superset 7 cakephp/cakephp 7 org.jenkins-ci.plugins.workflow:workflow-cps 7 com.liferay.portal:release.portal.bom 7 org.eclipse.jetty:jetty-server 7 github.com/docker/docker 7 snipe/snipe-it 7 DotNetNuke.Core 7 cn.hutool:hutool-core 7 codeigniter4/framework 7 com.xuxueli:xxl-job 7 strapi 7 org.elasticsearch:elasticsearch 7 org.apache.commons:commons-compress 7 phpmailer/phpmailer 7 gogs.io/gogs 7 org.craftercms:crafter-studio 7 symfony/security 7 tar 7 pillow 7 org.springframework:spring-core 7 org.apache.tomcat:tomcat-coyote 6 opencv-python-headless 6 github.com/gravitl/netmaker 6 contao/contao 6 handlebars 6 prestashop/prestashop 6 github.com/zitadel/zitadel 6 wwbn/avideo 6 @openzeppelin/contracts 6 golang.org/x/crypto 6 Microsoft.NETCore.App 6 sequelize 6 org.apache.inlong:manager-pojo 6 Microsoft.AspNetCore.All 6 kiwitcms 6 github.com/traefik/traefik/v2 6 github.com/hyperledger/fabric 6 contao/core-bundle 6 k8s.io/kubernetes 6 @strapi/strapi 6 de.tum.in.ase:artemis-java-test-sandbox 6 sized-chunks 6 express-cart 6 laravel/framework 6 composer/composer 6 npm 6 org.apache.camel:camel-core 6 org.apache.cxf:cxf 6 rack 6 deno 6 opencv-contrib-python-headless 6 org.apache.tika:tika-core 6 waitress 6 symfony/security-http 6 cryptography 6 Microsoft.AspNetCore.App.Runtime.osx-arm64 6 istio.io/istio 6 github.com/opencontainers/runc 6 guzzlehttp/guzzle 6 @openzeppelin/contracts-upgradeable 5 plone 5 Microsoft.WindowsDesktop.App.Runtime.win-x64 5 org.xwiki.platform:xwiki-platform-web 5 Microsoft.WindowsDesktop.App.Runtime.win-x86 5 zope 5 phpbb/phpbb 5 statamic/cms 5 directus 5 CefSharp.Common 5 code.gitea.io/gitea 5 github.com/tidwall/gjson 5 twisted 5 ua-parser-js 5 github.com/answerdev/answer 5 aubio 5 genix/cms 5 pear/archive_tar 5 com.vaadin:vaadin-bom 5 getkirby/cms 5 github.com/nats-io/jwt 5 OPCFoundation.NetStandard.Opc.Ua.Core 5 matrix-js-sdk 5 passenger 5 github.com/go-gitea/gitea 5 Microsoft.AspNetCore.App 5 org.apache.dolphinscheduler:dolphinscheduler 5 forkcms/forkcms 5 github.com/IBAX-io/go-ibax 5 org.apache.tomcat:tomcat-catalina 5
Filter by Repository
https://github.com/chakra-core/ChakraCore 204 https://github.com/tensorflow/tensorflow 107 https://github.com/xwiki/xwiki-platform 48 https://github.com/FasterXML/jackson-databind 44 https://github.com/jenkinsci/jenkins 36 https://github.com/apache/tomcat 34 https://github.com/python-pillow/Pillow 26 https://github.com/apache/airflow 25 https://github.com/pimcore/pimcore 25 https://github.com/microweber/microweber 25 https://github.com/moodle/moodle 24 https://github.com/keycloak/keycloak 22 https://github.com/x-stream/xstream 22 https://github.com/apache/struts 22 https://github.com/opencv/opencv 21 https://github.com/django/django 20 https://github.com/sparklemotion/nokogiri 20 https://github.com/Dolibarr/dolibarr 18 https://github.com/thorsten/phpmyfaq 18 https://github.com/dotnet/runtime 17 https://github.com/pmmp/PocketMine-MP 17 https://github.com/spring-projects/spring-framework 16 https://github.com/rancher/rancher 16 https://github.com/symfony/symfony 16 https://github.com/parse-community/parse-server 15 https://github.com/ansible/ansible 15 https://github.com/ikus060/rdiffweb 15 https://github.com/github/advisory-database 14 https://github.com/librenms/librenms 14 https://github.com/vyperlang/vyper 14 https://github.com/apache/inlong 13 https://github.com/getgrav/grav 13 https://github.com/usememos/memos 13 https://github.com/jenkinsci/script-security-plugin 12 https://github.com/rails/rails 12 https://github.com/mlflow/mlflow 12 https://github.com/hashicorp/consul 11 https://github.com/electron/electron 11 https://github.com/apache/nifi 11 https://github.com/mautic/mautic 11 https://github.com/octobercms/october 10 https://github.com/centreon/centreon 10 https://github.com/OpenMage/magento-lts 10 https://github.com/go-gitea/gitea 10 https://github.com/argoproj/argo-cd 10 https://github.com/golang/go 9 https://github.com/strapi/strapi 9 https://github.com/rusqlite/rusqlite 9 https://github.com/cui2shark/cms 9 https://github.com/apache/camel 9 https://github.com/cloudfoundry/uaa 9 https://github.com/nervosnetwork/ckb 9 https://github.com/nilsteampassnet/teampass 9 https://github.com/kubernetes/kubernetes 9 https://github.com/TYPO3/TYPO3.CMS 8 https://github.com/gradio-app/gradio 8 https://github.com/matrix-org/synapse 8 https://github.com/shopware/platform 8 https://github.com/bcgit/bc-java 8 https://github.com/cobbler/cobbler 8 https://github.com/cockpit-hq/cockpit 8 https://github.com/nats-io/nats-server 8 https://github.com/netty/netty 7 https://github.com/PHPMailer/PHPMailer 7 https://github.com/plone/Products.CMFPlone 7 https://github.com/dotnet/aspnetcore 7 https://github.com/hashicorp/vault 7 https://github.com/undertow-io/undertow 7 https://github.com/snipe/snipe-it 7 https://github.com/eclipse/jetty.project 7 https://github.com/DSpace/DSpace 7 https://github.com/rubygems/rubygems 7 https://github.com/denoland/deno 7 https://github.com/apache/cxf 7 https://github.com/spring-projects/spring-security 7 https://github.com/pyca/cryptography 6 https://github.com/OpenNMS/opennms 6 https://github.com/PaddlePaddle/Paddle 6 https://github.com/hyperledger/fabric 6 https://github.com/intelliants/subrion 6 https://github.com/DrunkenShells/Disclosures 6 https://github.com/smarty-php/smarty 6 https://github.com/istio/istio 6 https://github.com/backstage/backstage 6 https://github.com/CVEProject/cvelist 6 https://github.com/xuxueli/xxl-job 6 https://github.com/TYPO3/typo3 6 https://github.com/guzzle/guzzle 6 https://github.com/sequelize/sequelize 6 https://github.com/kiwitcms/Kiwi 6 https://github.com/contao/contao 6 https://github.com/bodil/sized-chunks 6 https://github.com/dnnsoftware/Dnn.Platform 6 https://github.com/npm/node-tar 6 https://github.com/phpmyadmin/phpmyadmin 6 https://github.com/dromara/hutool 6 https://github.com/gravitl/netmaker 6 https://github.com/zitadel/zitadel 6 https://github.com/OpenZeppelin/openzeppelin-contracts 6 https://github.com/Pylons/waitress 6 https://github.com/ls1intum/Ares 6 https://github.com/magento/magento2 6 https://github.com/OPCFoundation/UA-.NETStandard 6 https://github.com/nilsteampassnet/TeamPass 6 https://github.com/apache/activemq 6 https://github.com/WWBN/AVideo 6 https://github.com/froxlor/froxlor 6 https://github.com/opencast/opencast 6 https://github.com/PrestaShop/PrestaShop 5 https://github.com/faisalman/ua-parser-js 5 https://github.com/BlackFan/client-side-prototype-pollution 5 https://github.com/answerdev/answer 5 https://github.com/matrix-org/matrix-js-sdk 5 https://github.com/apache/xmlgraphics-batik 5 https://github.com/traefik/traefik 5 https://github.com/drupal/core 5 https://github.com/pear/Archive_Tar 5 https://github.com/saltstack/salt 5 https://github.com/hpcng/singularity 5 https://github.com/directus/directus 5 https://github.com/tidwall/gjson 5 https://github.com/docker/docker 5 https://github.com/forkcms/forkcms 5 https://github.com/composer/composer 5 https://github.com/laravel/framework 5 https://github.com/gogs/gogs 5 https://github.com/codeigniter4/CodeIgniter4 5 https://github.com/apache/dolphinscheduler 5 https://github.com/apache/kylin 5 https://github.com/protocolbuffers/protobuf 5 https://github.com/geoserver/geoserver 5 https://github.com/cakephp/cakephp 5 https://github.com/getkirby/kirby 5 https://github.com/IBAX-io/go-ibax 5 https://github.com/cefsharp/CefSharp 5 https://github.com/twisted/twisted 5 https://github.com/zopefoundation/Zope 5 https://github.com/aubio/aubio 5 https://github.com/cilium/cilium 5 https://github.com/apache/hadoop 5 https://github.com/cri-o/cri-o 4 https://github.com/ethereum/go-ethereum 4 https://github.com/nautobot/nautobot 4 https://github.com/libp2p/go-libp2p 4 https://github.com/fiveai/Cachet 4 https://github.com/apache/geode 4 https://github.com/ericcornelissen/shescape 4 https://github.com/phpseclib/phpseclib 4 https://github.com/playframework/playframework 4 https://github.com/totaljs/framework 4 https://github.com/jenkinsci/workflow-cps-global-lib-plugin 4 https://github.com/wixtoolset/issues 4 https://github.com/RaspAP/raspap-webgui 4 https://github.com/kubernetes/ingress-nginx 4 https://github.com/pimcore/admin-ui-classic-bundle 4 https://github.com/opencontainers/runc 4 https://github.com/livehelperchat/livehelperchat 4 https://github.com/free5gc/free5gc 4 https://github.com/yiisoft/yii2 4 https://github.com/Codiad/Codiad 4 https://github.com/quarkusio/quarkus 4 https://github.com/scrapy/scrapy 4 https://github.com/statamic/cms 4 https://github.com/surrealdb/surrealdb 4 https://github.com/restlet/restlet-framework-java 4 https://github.com/centreon/centreon-archived 4 https://github.com/0xJacky/nginx-ui 4 https://github.com/apple/swift-nio-http2 4 https://github.com/baserproject/basercms 4 https://github.com/igniterealtime/Openfire 4 https://github.com/ethyca/fides 4 https://github.com/jettison-json/jettison 4 https://github.com/vantage6/vantage6 4 https://github.com/PrismJS/prism 4 https://github.com/ckeditor/ckeditor4 4 https://github.com/npm/cli 4 https://github.com/Froxlor/Froxlor 4 https://github.com/nightcloudos/new_cms 4 https://github.com/jhipster/generator-jhipster 4 https://github.com/jnqnfe/pulse-binding-rust 4 https://github.com/cloudflare/cfrpki 4 https://github.com/jeecgboot/jeecg-boot 4 https://github.com/hashicorp/nomad 4 https://github.com/containers/buildah 4 https://github.com/bolt/bolt 4 https://github.com/containers/podman 4 https://github.com/fluxcd/flux2 3 https://github.com/RustCrypto/hashes 3 https://gitlab.com/edneville/please 3 https://github.com/vrana/adminer 3 https://github.com/vercel/next.js 3 https://github.com/faucetsdn/ryu 3 https://github.com/puma/puma 3 https://github.com/silverstripe/silverstripe-graphql 3 https://github.com/Ylianst/MeshCentral 3 https://github.com/minio/minio 3 https://github.com/bytecodealliance/wasmtime 3 https://github.com/jupyterhub/oauthenticator 3 https://github.com/containous/traefik 3