Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

High Security Advisories

Loading...
High
GSA_kwCzR0hTQS05d2dnLW05OXEtaGhmY84AA36z
Expired tokens can be renewed without validating the account password
Ecosystems: pypi
Packages: emailproxy
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 5 months ago
High
GSA_kwCzR0hTQS1wNWY4LXFmMjQtMjRjas4AA36y
Velocity execution without script right through tree macro
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-index-tree-macro
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 5 months ago
High
GSA_kwCzR0hTQS1nNDlqLWo0ODktM3hwZs4AA35g
Apache Superset incorrect write permissions vulnerability
Ecosystems: pypi
Packages: apache-superset
Source: GitHub Advisory Database
Blast Radius: 10.3
Published: 5 months ago
High
GSA_kwCzR0hTQS1odmM2LTQydmYtamhmOM4AA35I
mlflow Command Injection vulnerability
Ecosystems: pypi
Packages: mlflow
Source: GitHub Advisory Database
Blast Radius: 32.6
Published: 5 months ago
High
GSA_kwCzR0hTQS1nNTZ4LTdqNnctZzhyOM4AA34j
Grackle has StackOverflowError in GraphQL query processing
Ecosystems: maven
Packages: edu.gemini:gsp-graphql-core_native0.4_3, edu.gemini:gsp-graphql-core_native0.4_2.13, edu.gemini:gsp-graphql-core_sjs1_3, edu.gemini:gsp-graphql-core_sjs1_2.13, edu.gemini:gsp-graphql-core_3, edu.gemini:gsp-graphql-core_2.13, org.typelevel:grackle-core_native0.4_3, org.typelevel:grackle-core_native0.4_2.13, org.typelevel:grackle-core_sjs1_3, org.typelevel:grackle-core_sjs1_2.13, org.typelevel:grackle-core_3, org.typelevel:grackle-core_2.13
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 5 months ago
High
GSA_kwCzR0hTQS14M3YzLTh4ZzgtOHY3Ms4AA34P
Sentry's Astro SDK vulnerable to ReDoS
Ecosystems: npm
Packages: @sentry/astro
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 5 months ago
High
GSA_kwCzR0hTQS1wd2ZyLThwcTcteDlxds4AA32_
Unauthenticated Denial of Service in the octokit/webhooks library
Ecosystems: npm
Packages: probot, octokit, @octokit/app, @octokit/webhooks
Source: GitHub Advisory Database
Blast Radius: 32.3
Published: 5 months ago
High
GSA_kwCzR0hTQS1wNmNwLTZyMzUtMzJtaM4AA324
Solr search discloses password hashes of all users
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-search-solr-api
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 5 months ago
High
GSA_kwCzR0hTQS0zNTZqLWhnNDUteDUyNc4AA323
Potential CSV export data leak
Ecosystems: rubygems
Packages: activeadmin
Source: GitHub Advisory Database
Blast Radius: 35.8
Published: 5 months ago
High
GSA_kwCzR0hTQS1mNmptLTlwcjgtOWMzd84AA3zA
Multiple WSO2 products vulnerable to perform user impersonatoin using JIT provisioning
Ecosystems: maven
Packages: org.wso2.identity.apps:authentication-portal, org.wso2.carbon.identity.framework:org.wso2.carbon.identity.application.authentication.framework
Source: GitHub Advisory Database
Blast Radius: 13.5
Published: 5 months ago
High
GSA_kwCzR0hTQS02eDQ5LXczNWgtd3Fyas4AA3yv
Bypass serialize checks in Apache Dubbo
Ecosystems: maven
Packages: org.apache.dubbo:dubbo
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 5 months ago
High
GSA_kwCzR0hTQS14NWZyLTdoaGotMzRqM84AA3yk
Full Table Permissions by Default
Ecosystems: cargo
Packages: surrealdb
Source: GitHub Advisory Database
Blast Radius: 19.3
Published: 5 months ago
High
GSA_kwCzR0hTQS01NGYzLWM2aGctODY1aM4AA3xn
Allocation of Resources Without Limits in Keycloak
Ecosystems: maven
Packages: org.keycloak:keycloak-model-jpa
Source: GitHub Advisory Database
Blast Radius: 16.8
Published: 5 months ago
High
GSA_kwCzR0hTQS1wNnh4LWZoZnctN21qN84AA3v7
Configuration Injection in extension "Direct Mail" (direct_mail)
Ecosystems: packagist
Packages: directmailteam/direct-mail
Source: GitHub Advisory Database
Blast Radius: 4.2
Published: 5 months ago
High
GSA_kwCzR0hTQS05dnJtLTc0N3ItNjY4ds4AA3vP
Jenkins Nexus Platform Plugin missing permission check
Ecosystems: maven
Packages: org.sonatype.nexus.ci:nexus-jenkins-plugin
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 5 months ago
High
GSA_kwCzR0hTQS00Z2ZjLTcyZ3ctdjM4Nc4AA3vX
Jenkins Nexus Platform Plugin Cross-Site Request Forgery vulnerability
Ecosystems: maven
Packages: org.sonatype.nexus.ci:nexus-jenkins-plugin
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 5 months ago
High
GSA_kwCzR0hTQS14Y3JyLXg5M2gtcnY0ds4AA3vR
Arbitrary file deletion vulnerability in Jenkins Scriptler Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:scriptler
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 5 months ago
High
GSA_kwCzR0hTQS03Y2NnLWptN2otNGY4ds4AA3vT
Cross-site request forgery vulnerability in Jenkins HTMLResource Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:htmlresource
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 5 months ago
High
GSA_kwCzR0hTQS1ncWd2LTd3cGotdm02cc4AA3u2
Cross Site Request Forgery in Silverpeas
Ecosystems: maven
Packages: org.silverpeas.core:silverpeas-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 5 months ago
High
GSA_kwCzR0hTQS1jd2g2LWhtNTMtNncybc4AA3u1
Missing access control in Silverpeas
Ecosystems: maven
Packages: org.silverpeas.core:silverpeas-core-web, org.silverpeas.core:silverpeas-core-api
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 5 months ago
High
GSA_kwCzR0hTQS1nMjdjLXcydjctODh4cM4AA3ux
Cross Site Request Forgery in Silverpeas
Ecosystems: maven
Packages: org.silverpeas.core:silverpeas-core-web
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 5 months ago
High
GSA_kwCzR0hTQS02eDRoLTk2MjItZnFyNs4AA3un
Improper validation in meraki
Ecosystems: pypi
Packages: meraki
Source: GitHub Advisory Database
Blast Radius: 13.8
Published: 5 months ago
High
GSA_kwCzR0hTQS00bXE0LTdydzMtdm01as4AA3ui
Wasmer filesystem sandbox not enforced
Ecosystems: cargo
Packages: wasmer-cli
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 5 months ago
High
GSA_kwCzR0hTQS02bTk3LTc1MjctbWg3NM4AA3uZ
incorrect storage layout for contracts containing large arrays
Ecosystems: pypi
Packages: vyper
Source: GitHub Advisory Database
Blast Radius: 17.8
Published: 5 months ago
High
GSA_kwCzR0hTQS12OTQ1LXIzcmMtNmZqbc4AA3ti
Path traversal in MLflow
Ecosystems: pypi
Packages: mlflow
Source: GitHub Advisory Database
Blast Radius: 32.6
Published: 5 months ago
High
GSA_kwCzR0hTQS1jeGZyLTVxM3ItMnJjMs4AA3r7
Jinja2 template injection in mlflow
Ecosystems: pypi
Packages: mlflow
Source: GitHub Advisory Database
Blast Radius: 32.6
Published: 5 months ago
High
GSA_kwCzR0hTQS00cmdjLTVnNnItMnJqZs4AA3q-
lakeFS logs S3 credentials in plain text
Ecosystems: go
Packages: github.com/treeverse/lakefs
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 5 months ago
High
GSA_kwCzR0hTQS0zd2ZwLTI1M2otNWp4ds4AA3q8
SSRF & Credentials Leak
Ecosystems: npm
Packages: nuxt-api-party
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: 5 months ago
High
GSA_kwCzR0hTQS1xeHJqLWh4MjMteHA4Ms4AA3qz
Overly permissive origin policy
Ecosystems: npm
Packages: @koa/cors
Source: GitHub Advisory Database
Blast Radius: 37.7
Published: 5 months ago
High
GSA_kwCzR0hTQS1xNmh4LTNtNHAtNzQ5aM4AA3qn
DOS by abusing `fetchOptions.retry`.
Ecosystems: npm
Packages: nuxt-api-party
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: 5 months ago
High
GSA_kwCzR0hTQS03eDJnLTRqdmMtNHg2cM4AA3qE
Directory Traversal in JFinalCMS
Ecosystems: maven
Packages: com.jfinal:jfinal
Source: GitHub Advisory Database
Blast Radius: 22.0
Published: 5 months ago
High
GSA_kwCzR0hTQS1tdmM4LTZmZnAtanJ4Nc4AA3pp
Authorization bypass in Quarkus
Ecosystems: maven
Packages: io.quarkus:quarkus-smallrye-graphql-client
Source: GitHub Advisory Database
Blast Radius: 14.9
Published: 5 months ago
High
GSA_kwCzR0hTQS05dzJwLXJoOGMtdjlnNc4AA3pj
Local Privilege Escalation in Windows
Ecosystems: pypi
Packages: pyinstaller
Source: GitHub Advisory Database
Blast Radius: 34.2
Published: 5 months ago
High
GSA_kwCzR0hTQS02cDYyLTZjZzktZjVmNc4AA3ph
Memory exhaustion in HashiCorp Vault
Ecosystems: go
Packages: github.com/hashicorp/vault
Source: GitHub Advisory Database
Blast Radius: 25.2
Published: 5 months ago
High
GSA_kwCzR0hTQS1yd2YzLXc0anEtZjRjbc4AA3pe
Directory Traversal in evershop
Ecosystems: npm
Packages: @evershop/evershop
Source: GitHub Advisory Database
Blast Radius: 8.3
Published: 5 months ago
High
GSA_kwCzR0hTQS03Nzg3LXA3eDYtZnEzas4AA3oi
Candid infinite decoding loop through specially crafted payload
Ecosystems: cargo
Packages: candid
Source: GitHub Advisory Database
Blast Radius: 16.7
Published: 5 months ago
High
GSA_kwCzR0hTQS05ajV3LTJjcWMtY3dqOc4AA3oh
Magento LTS vulnerable to Stored XSS via TinyMCE WYSIWYG Editor
Ecosystems: packagist
Packages: openmage/magento-lts
Source: GitHub Advisory Database
Blast Radius: 11.2
Published: 5 months ago
High
GSA_kwCzR0hTQS1taDhqLTlqdmgtZ2pmNs4AA3oc
mockjs vulnerable to Prototype Pollution via the Util.extend function
Ecosystems: npm
Packages: mockjs
Source: GitHub Advisory Database
Blast Radius: 35.9
Published: 5 months ago
High
GSA_kwCzR0hTQS1wOHE2LXFyZ2otN2d4Ms4AA3oa
Microweber allows a remote attacker to obtain sensitive information via the HTTP GET method
Ecosystems: packagist
Packages: microweber/microweber
Source: GitHub Advisory Database
Blast Radius: 5.2
Published: 5 months ago
High
GSA_kwCzR0hTQS03NjY0LWhjcDctZjQ5N84AA3lu
Mattermost Injection vulnerability
Ecosystems: go
Packages: github.com/mattermost/mattermost/server, github.com/mattermost/mattermost/server/v8, github.com/mattermost/mattermost-server/v6
Source: GitHub Advisory Database
Blast Radius: 15.8
Published: 5 months ago
High
GSA_kwCzR0hTQS04ajk4LWNqZnItcXgzaM4AA3lC
github.com/ecies/go vulnerable to possible private key restoration
Ecosystems: go
Packages: github.com/ecies/go/v2
Source: GitHub Advisory Database
Blast Radius: 8.1
Published: 5 months ago
High
GSA_kwCzR0hTQS0yZnI3LWNjN3AtcDQ1cc4AA3k6
Data leak of password hash through change requests
Ecosystems: maven
Packages: org.xwiki.contrib.changerequest:application-changerequest-default
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 5 months ago
High
GSA_kwCzR0hTQS02ZndnLWpyZnctZmY3cM4AA3kw
Traefik docker container using 100% CPU
Ecosystems: go
Packages: github.com/traefik/traefik/v3, github.com/traefik/traefik/v2
Source: GitHub Advisory Database
Blast Radius: 12.9
Published: 5 months ago
High
GSA_kwCzR0hTQS04ODJnLWdqcXAtOXZqcM4AA3kf
Cross-Site Request Forgery in JFinalCMS via /admin/category/save
Ecosystems: maven
Packages: com.jfinal:jfinal
Source: GitHub Advisory Database
Blast Radius: 25.8
Published: 5 months ago
High
GSA_kwCzR0hTQS1ycTJxLWhjNmgtMnB4Ms4AA3kl
Cross-Site Request Forgery in JFinalCMS via /admin/tag/save
Ecosystems: maven
Packages: com.jfinal:jfinal
Source: GitHub Advisory Database
Blast Radius: 25.8
Published: 5 months ago
High
GSA_kwCzR0hTQS1wdjNnLXZjM3EtOGM5Z84AA3kt
Cross-Site Request Forgery in JFinalCMS via admin/nav/delete
Ecosystems: maven
Packages: com.jfinal:jfinal
Source: GitHub Advisory Database
Blast Radius: 25.8
Published: 5 months ago
High
GSA_kwCzR0hTQS1odjRjLXY4ajgtNTRjd84AA3ki
Cross-Site Request Forgery in JFinalCMS via /admin/nav/save
Ecosystems: maven
Packages: com.jfinal:jfinal
Source: GitHub Advisory Database
Blast Radius: 25.8
Published: 5 months ago
High
GSA_kwCzR0hTQS0zMmoyLWM3bXgtdjRqas4AA3kp
Cross-Site Request Forgery in JFinalCMS via /admin/nav/update
Ecosystems: maven
Packages: com.jfinal:jfinal
Source: GitHub Advisory Database
Blast Radius: 25.8
Published: 5 months ago
High
GSA_kwCzR0hTQS1td3ZxLWdjNXctbTc4Zs4AA3kh
Cross-Site Request Forgery in JFinalCMS via /admin/category/delete
Ecosystems: maven
Packages: com.jfinal:jfinal
Source: GitHub Advisory Database
Blast Radius: 25.8
Published: 5 months ago
High
GSA_kwCzR0hTQS04aGNoLXE4NmctajM4d84AA3kc
Cross-Site Request Forgery in JFinalCMS via /admin/category/update
Ecosystems: maven
Packages: com.jfinal:jfinal
Source: GitHub Advisory Database
Blast Radius: 25.8
Published: 5 months ago
High
GSA_kwCzR0hTQS01ZjU2LWg2ZmctcmNyaM4AA3kg
Cross-Site Request Forgery in JFinalCMS via /admin/category/updateStatus
Ecosystems: maven
Packages: com.jfinal:jfinal
Source: GitHub Advisory Database
Blast Radius: 25.8
Published: 5 months ago
High
GSA_kwCzR0hTQS1yMjIyLW1jZmYtMjdmZs4AA3ke
Cross-Site Request Forgery in JFinalCMS via /admin/div/update
Ecosystems: maven
Packages: com.jfinal:jfinal
Source: GitHub Advisory Database
Blast Radius: 25.8
Published: 5 months ago
High
GSA_kwCzR0hTQS02djU1LWg2bTUtMjM1Ms4AA3kq
Cross-Site Request Forgery in JFinalCMS via /admin/div/delete
Ecosystems: maven
Packages: com.jfinal:jfinal
Source: GitHub Advisory Database
Blast Radius: 25.8
Published: 5 months ago
High
GSA_kwCzR0hTQS1nZmh2LXh4cWotaDMyM84AA3kn
Cross-Site Request Forgery in JFinalCMS via /admin/friend_link/update
Ecosystems: maven
Packages: com.jfinal:jfinal
Source: GitHub Advisory Database
Blast Radius: 25.8
Published: 5 months ago
High
GSA_kwCzR0hTQS1yNm1nLWZxODctZ3czNM4AA3kb
Cross-Site Request Forgery in JFinalCMS via /admin/tag/update
Ecosystems: maven
Packages: com.jfinal:jfinal
Source: GitHub Advisory Database
Blast Radius: 25.8
Published: 5 months ago
High
GSA_kwCzR0hTQS03NjVmLTNtZ3gtMjRwd84AA3kd
Cross-Site Request Forgery in JFinalCMS via /admin/friend_link/delete
Ecosystems: maven
Packages: com.jfinal:jfinal
Source: GitHub Advisory Database
Blast Radius: 25.8
Published: 5 months ago
High
GSA_kwCzR0hTQS13NDkyLTdnOW0tajJ3d84AA3ka
Cross-Site Request Forgery in JFinalCMS
Ecosystems: maven
Packages: com.jfinal:jfinal
Source: GitHub Advisory Database
Blast Radius: 25.8
Published: 5 months ago
High
GSA_kwCzR0hTQS05d3ZqLXdyMmYtNm14Ns4AA3km
Cross-Site Request Forgery in JFinalCMS
Ecosystems: maven
Packages: com.jfinal:jfinal
Source: GitHub Advisory Database
Blast Radius: 25.8
Published: 5 months ago
High
GSA_kwCzR0hTQS1jajdqLTIzd2YtbWhyeM4AA3kk
Cross-Site Request Forgery in JFinalCMS
Ecosystems: maven
Packages: com.jfinal:jfinal
Source: GitHub Advisory Database
Blast Radius: 25.8
Published: 5 months ago
High
GSA_kwCzR0hTQS1ndzI2LWNjaGMtOGYyZs4AA3kr
Cross-Site Request Forgery in JFinalCMS via /admin/form/save
Ecosystems: maven
Packages: com.jfinal:jfinal
Source: GitHub Advisory Database
Blast Radius: 25.8
Published: 5 months ago
High
GSA_kwCzR0hTQS1yMndqLW14dmgtd3FmaM4AA3kj
Cross-Site Request Forgery in JFinalCMS via the component /admin/friend_link/save
Ecosystems: maven
Packages: com.jfinal:jfinal
Source: GitHub Advisory Database
Blast Radius: 25.8
Published: 5 months ago
High
GSA_kwCzR0hTQS1yN3cyLWo5NnYtdnc4bc4AA3ko
Cross-Site Request Forgery in JFinalCMS via /admin/slide/update
Ecosystems: maven
Packages: com.jfinal:jfinal
Source: GitHub Advisory Database
Blast Radius: 25.8
Published: 5 months ago
High
GSA_kwCzR0hTQS03MjlxLWZjZ3AtcjV4aM4AA3kR
Apache Struts Improper Control of Dynamically-Managed Code Resources vulnerability
Ecosystems: maven
Packages: org.apache.struts:struts2-core
Source: GitHub Advisory Database
Blast Radius: 28.4
Published: 5 months ago
High
GSA_kwCzR0hTQS13cXhmLTQ0N20tNmY1Zs4AA3kN
Information exposure in MLflow
Ecosystems: pypi
Packages: mlflow
Source: GitHub Advisory Database
Blast Radius: 27.8
Published: 5 months ago
High
GSA_kwCzR0hTQS1qM3JxLTR4ancteGc2M84AA3hy
Go package github.com/edgelesssys/marblerun CLI commands susceptible to MITM attacks
Ecosystems: go
Packages: github.com/edgelesssys/marblerun
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 5 months ago
High
GSA_kwCzR0hTQS03Z3E5LXA5NGYtZzV2Oc4AA3hu
ThinkAdmin arbitrary file upload vulnerability
Ecosystems: packagist
Packages: zoujingli/thinkadmin
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 5 months ago
High
GSA_kwCzR0hTQS1nbTYyLXJ3NGctdnJjNM4AA3hi
Logback is vulnerable to an attacker mounting a Denial-Of-Service attack by sending poisoned data
Ecosystems: maven
Packages: ch.qos.logback:logback-core
Source: GitHub Advisory Database
Blast Radius: 32.9
Published: 5 months ago
High
GSA_kwCzR0hTQS03dndyLWc2cG0tOWhjOM4AA3e0
Cookie leakage between different users in fastapi-proxy-lib
Ecosystems: pypi
Packages: fastapi-proxy-lib
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 5 months ago
High
GSA_kwCzR0hTQS1xdzRoLTN4amotODRjY84AA3d-
Apache Tiles: Unvalidated input may lead to path traversal and XXE
Ecosystems: maven
Packages: org.apache.tiles:tiles-core
Source: GitHub Advisory Database
Blast Radius: 29.2
Published: 5 months ago
High
GSA_kwCzR0hTQS0yYzd4LXczbXgtaDdwNs4AA3ba
Microweber file upload vulnerability
Ecosystems: packagist
Packages: microweber/microweber
Source: GitHub Advisory Database
Blast Radius: 6.2
Published: 5 months ago
High
GSA_kwCzR0hTQS0yd21qLTQ2cmotcW0yd84AA3az
ZITADEL Account Takeover via Malicious Host Header Injection
Ecosystems: go
Packages: github.com/zitadel/zitadel
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 5 months ago
High
GSA_kwCzR0hTQS05ZjVnLXJnY3ItOGdyd84AA3aj
Jenkins MATLAB Plugin cross-site request forgery vulnerability
Ecosystems: maven
Packages: org.jenkins-ci.plugins:matlab
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 5 months ago
High
GSA_kwCzR0hTQS1jdjR4LTlmMzQtOHJwOc4AA3ae
Jenkins MATLAB Plugin missing permission checks
Ecosystems: maven
Packages: org.jenkins-ci.plugins:matlab
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 5 months ago
High
GSA_kwCzR0hTQS04MnE5LTg4bTItNHY2OM4AA3ai
Jenkins MATLAB Plugin XML External Entity vulnerability
Ecosystems: maven
Packages: org.jenkins-ci.plugins:matlab
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 5 months ago
High
GSA_kwCzR0hTQS12bXE2LTVtNjgtZjUzbc4AA3ab
logback serialization vulnerability
Ecosystems: maven
Packages: ch.qos.logback:logback-classic, ch.qos.logback:logback-core
Source: GitHub Advisory Database
Blast Radius: 36.6
Published: 5 months ago
High
GSA_kwCzR0hTQS1mNjc4LWo1NzktNHhmNc4AA3Zv
Apache Superset - Elevation of Privilege
Ecosystems: pypi
Packages: apache-superset
Source: GitHub Advisory Database
Blast Radius: 9.8
Published: 5 months ago
High
GSA_kwCzR0hTQS13dzd4LTNneGgtcW02cs4AA3Zu
Validation of SignedInfo
Ecosystems: packagist
Packages: simplesamlphp/saml2, simplesamlphp/xml-security
Source: GitHub Advisory Database
Blast Radius: 18.5
Published: 5 months ago
High
GSA_kwCzR0hTQS1mY2N2LWptbXAtcWc3Ns4AA3Zq
Apache Tomcat Improper Input Validation vulnerability
Ecosystems: maven
Packages: org.apache.tomcat.embed:tomcat-embed-core, org.apache.tomcat:tomcat-catalina
Source: GitHub Advisory Database
Blast Radius: 31.1
Published: 5 months ago
High
GSA_kwCzR0hTQS01M3Y0LTQyZmctZzI4N84AA3Zo
Apache ActiveMQ Deserialization of Untrusted Data vulnerability
Ecosystems: maven
Packages: org.apache.activemq:apache-activemq
Source: GitHub Advisory Database
Blast Radius: 12.5
Published: 5 months ago
High
GSA_kwCzR0hTQS05dmZjLXF4Yzgtd3Jwcc4AA3Zm
ureport arbitrary file read vulnerability
Ecosystems: maven
Packages: com.bstek.ureport:ureport2-core
Source: GitHub Advisory Database
Blast Radius: 8.4
Published: 5 months ago
High
GSA_kwCzR0hTQS1xMjR2LWhwZzMtdjNqcM4AA3ZQ
Reactor Netty HTTP Server denial of service vulnerability
Ecosystems: maven
Packages: io.projectreactor.netty:reactor-netty-http
Source: GitHub Advisory Database
Blast Radius: 22.2
Published: 5 months ago
High
GSA_kwCzR0hTQS12OTRoLWh2aGctbWY5aM4AA3ZR
Spring Framework vulnerable to denial of service
Ecosystems: maven
Packages: org.springframework:spring-webmvc
Source: GitHub Advisory Database
Blast Radius: 40.2
Published: 5 months ago
High
GSA_kwCzR0hTQS02OHByLTZmamMtd21nbc4AA3Yo
Improper Neutralization of Input in Advanced User Interface for Jolt
Ecosystems: maven
Packages: org.apache.nifi:nifi-jolt-transform-json-ui
Source: GitHub Advisory Database
Blast Radius: 14.4
Published: 5 months ago
High
GSA_kwCzR0hTQS05djNqLTRqNjQtcDkzN84AA3Yg
OroPlatform vulnerable to path traversal during temporary file manipulations
Ecosystems: packagist
Packages: oro/platform
Source: GitHub Advisory Database
Blast Radius: 18.7
Published: 5 months ago
High
GSA_kwCzR0hTQS05d3dnLXIzYzctNHZmZ84AA3Ye
Pimcore Admin UI has Two Factor Authentication disabled for non admin security firewalls
Ecosystems: packagist
Packages: pimcore/admin-ui-classic-bundle
Source: GitHub Advisory Database
Blast Radius: 7.2
Published: 5 months ago
High
GSA_kwCzR0hTQS1xM3F4LWM2ZzItN3B3Ms4AA3Yd
aiohttp's ClientSession is vulnerable to CRLF injection via version
Ecosystems: pypi
Packages: aiohttp
Source: GitHub Advisory Database
Blast Radius: 34.7
Published: 5 months ago
High
GSA_kwCzR0hTQS1qcHI3LXE1MjMtaHgyNc4AA3X2
phpseclib vulnerable to denial of service
Ecosystems: packagist
Packages: phpseclib/phpseclib
Source: GitHub Advisory Database
Blast Radius: 35.2
Published: 5 months ago
High
GSA_kwCzR0hTQS1yNjhoLWpoaGotOWp2bc4AA3Xs
Validator.isValidSafeHTML is being deprecated and will be deleted from org.owasp.esapi:esapi in 1 year
Ecosystems: maven
Packages: org.owasp.esapi:esapi
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 5 months ago
High
GSA_kwCzR0hTQS03cHZ4LTQ1ODUtaHF3d84AA3W_
sequelize-typescript Prototype Pollution vulnerability
Ecosystems: npm
Packages: sequelize-typescript
Source: GitHub Advisory Database
Blast Radius: 28.4
Published: 5 months ago
High
GSA_kwCzR0hTQS00dnZjLXI0cDQtcWdycs4AA3Wo
Apache DolphinScheduler sensitive information disclosure
Ecosystems: maven
Packages: org.apache.dolphinscheduler:dolphinscheduler
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 5 months ago
High
GSA_kwCzR0hTQS1jZjlmLXdtaHAtdjRwcs4AA3U3
Cross-site Scripting potential in custom links, job buttons, and computed fields
Ecosystems: pypi
Packages: nautobot
Source: GitHub Advisory Database
Blast Radius: 11.9
Published: 5 months ago
High
GSA_kwCzR0hTQS04ampoLWozYzItY2pjds4AA3U2
Cross-site Scripting via uploaded assets
Ecosystems: packagist
Packages: statamic/cms
Source: GitHub Advisory Database
Blast Radius: 19.4
Published: 5 months ago
High
GSA_kwCzR0hTQS0yNDkyLXh4cWYtNmg3OM4AA3T0
Cross Site Request Forgery in SwiftyEdit
Ecosystems: packagist
Packages: swiftyedit/swiftyedit
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 5 months ago
High
GSA_kwCzR0hTQS01eHFtLWhjNDUtZjJnMs4AA3TF
APM Java Agent Local Privilege Escalation issue
Ecosystems: maven
Packages: co.elastic.apm:apm-agent-parent
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 5 months ago
High
GSA_kwCzR0hTQS1oNzNtLXBjZnctMjVoMs4AA3S3
Download to arbitrary folder can lead to RCE
Ecosystems: pypi
Packages: pyload-ng
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 5 months ago
High
GSA_kwCzR0hTQS12Y2NnLWY0Z3AtNDV4Oc4AA3S2
Eval Injection in fastbots
Ecosystems: pypi
Packages: fastbots
Source: GitHub Advisory Database
Blast Radius: 2.5
Published: 5 months ago
High
GSA_kwCzR0hTQS1xYzRqLWhyajYtY3BwZs4AA3R3
upydev has weak encryption padding
Ecosystems: pypi
Packages: upydev
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
High
GSA_kwCzR0hTQS00ZjRjLXJoanYtNHdnds4AA3RP
Cross-Site Request Forgery with QueryOnXWiki allows arbitrary database queries
Ecosystems: maven
Packages: org.xwiki.contrib:xwiki-application-admintools
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 6 months ago
High
GSA_kwCzR0hTQS03ZnFyLTk3ajctamdmNM4AA3RN
Whole content of all documents of all wikis exposed to anybody with view right on Solr suggest service
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-search-solr-query
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 6 months ago
High
GSA_kwCzR0hTQS0zZjJxLTYyOTQtZm1xNc4AA3P8
Inefficient Regular Expression Complexity in git-urls
Ecosystems: go
Packages: github.com/whilp/git-urls
Source: GitHub Advisory Database
Blast Radius: 20.8
Published: 6 months ago
Statistics
Advisories: 18,369
Packages: 8,294
Repositories: 2,439
Ecosystems: 12
Filter by Severity
Moderate 7,928 High 6,358 Critical 2,809 Low 985
Filter by Ecosystem
maven 1,875 npm 1,402 pypi 1,170 packagist 1,024 nuget 785 go 687 cargo 323 rubygems 284 swift 16 hex 9 actions 8 pub 4
Filter by Package
Microsoft.ChakraCore 234 tensorflow 107 tensorflow-cpu 95 tensorflow-gpu 93 magento/community-edition 55 org.jenkins-ci.main:jenkins-core 48 moodle/moodle 44 com.fasterxml.jackson.core:jackson-databind 43 org.apache.tomcat:tomcat 33 dolibarr/dolibarr 31 drupal/core 28 microweber/microweber 27 pimcore/pimcore 27 nokogiri 25 drupal/drupal 24 org.apache.struts:struts2-core 23 phpmyadmin/phpmyadmin 23 typo3/cms 22 opencv-python 22 opencv-contrib-python 22 com.thoughtworks.xstream:xstream 22 Pillow 21 com.jfinal:jfinal 21 ansible 20 thorsten/phpmyfaq 19 github.com/rancher/rancher 19 django 19 typo3/cms-core 18 org.jenkins-ci.plugins:script-security 18 librenms/librenms 18 salt 18 openssl-src 17 pocketmine/pocketmine-mp 17 mlflow 17 org.apache.tomcat.embed:tomcat-embed-core 16 apache-airflow 16 symfony/symfony 16 rdiffweb 15 getgrav/grav 15 nilsteampassnet/teampass 15 parse-server 15 net.mingsoft:ms-mcms 14 Plone 14 centreon/centreon 14 vyper 14 github.com/hashicorp/consul 14 Microsoft.AspNetCore.App.Runtime.win-x86 14 Microsoft.AspNetCore.App.Runtime.win-x64 14 golang.org/x/net 13 rubygems-update 13 Microsoft.AspNetCore.App.Runtime.win-arm 13 github.com/usememos/memos 13 Microsoft.AspNetCore.App.Runtime.osx-x64 12 Microsoft.AspNetCore.App.Runtime.win-arm64 12 org.keycloak:keycloak-core 12 Microsoft.AspNetCore.App.Runtime.linux-x64 12 Microsoft.AspNetCore.App.Runtime.linux-musl-x64 12 Microsoft.AspNetCore.App.Runtime.linux-musl-arm64 12 Microsoft.AspNetCore.App.Runtime.linux-arm64 12 baserproject/basercms 12 electron 12 activerecord 12 org.apache.openmeetings:openmeetings-parent 12 Microsoft.AspNetCore.App.Runtime.linux-arm 12 org.keycloak:keycloak-parent 11 mautic/core 11 github.com/argoproj/argo-cd 11 intelliants/subrion 11 actionpack 11 io.undertow:undertow-core 11 github.com/nats-io/nats-server/v2 11 github.com/hashicorp/vault 11 cobbler 10 cockpit-hq/cockpit 10 org.springframework.security:spring-security-core 10 org.apache.nifi:nifi 10 github.com/hashicorp/nomad 10 shopware/platform 10 froxlor/froxlor 10 org.xwiki.platform:xwiki-platform-oldcore 10 matrix-synapse 10 openmage/magento-lts 10 craftcms/cms 9 org.cloudfoundry.identity:cloudfoundry-identity-server 9 Django 9 org.apache.geode:geode-core 9 org.apache.solr:solr-core 9 rusqlite 9 org.apache.struts.xwork:xwork-core 9 org.apache.hadoop:hadoop-main 9 org.bouncycastle:bcprov-jdk14 9 Microsoft.NetCore.App.Runtime.win-x86 9 Microsoft.NetCore.App.Runtime.win-arm 9 ckb 9 Microsoft.NetCore.App.Runtime.win-x64 9 Microsoft.NetCore.App.Runtime.win-arm64 9 mercurial 9 Microsoft.AspNetCore.App.Runtime.linux-musl-arm 8 Microsoft.NETCore.App.Runtime.win-arm64 8 october/system 8 github.com/ethereum/go-ethereum 8 shopware/core 8 gradio 8 org.keycloak:keycloak-services 8 Microsoft.NETCore.App.Runtime.win-x86 8 github.com/sylabs/singularity 8 org.bouncycastle:bcprov-jdk15 8 Microsoft.NETCore.App.Runtime.win-x64 8 com.liferay.portal:release.portal.bom 7 apache-superset 7 gogs.io/gogs 7 DotNetNuke.Core 7 org.craftercms:crafter-studio 7 smarty/smarty 7 snipe/snipe-it 7 symfony/security 7 phpmailer/phpmailer 7 pillow 7 org.eclipse.jetty:jetty-server 7 org.jenkins-ci.plugins.workflow:workflow-cps-global-lib 7 codeigniter4/framework 7 cakephp/cakephp 7 com.xuxueli:xxl-job 7 strapi 7 org.elasticsearch:elasticsearch 7 cn.hutool:hutool-core 7 magento/core 7 org.jenkins-ci.plugins.workflow:workflow-cps 7 org.springframework:spring-core 7 org.apache.commons:commons-compress 7 tar 7 github.com/docker/docker 7 handlebars 6 github.com/zitadel/zitadel 6 waitress 6 de.tum.in.ase:artemis-java-test-sandbox 6 npm 6 symfony/security-http 6 prestashop/prestashop 6 composer/composer 6 Microsoft.AspNetCore.App.Runtime.osx-arm64 6 @openzeppelin/contracts 6 github.com/traefik/traefik/v2 6 Microsoft.AspNetCore.All 6 guzzlehttp/guzzle 6 opencv-contrib-python-headless 6 org.apache.tomcat:tomcat-coyote 6 opencv-python-headless 6 github.com/gravitl/netmaker 6 contao/contao 6 Microsoft.NETCore.App 6 contao/core-bundle 6 deno 6 org.apache.camel:camel-core 6 @strapi/strapi 6 sized-chunks 6 k8s.io/kubernetes 6 org.apache.inlong:manager-pojo 6 golang.org/x/crypto 6 github.com/hyperledger/fabric 6 sequelize 6 kiwitcms 6 org.apache.cxf:cxf 6 cryptography 6 istio.io/istio 6 org.apache.tika:tika-core 6 wwbn/avideo 6 laravel/framework 6 rack 6 express-cart 6 github.com/cilium/cilium 5 keystone 5 zope 5 directus 5 pear/archive_tar 5 Microsoft.WindowsDesktop.App.Runtime.win-x64 5 github.com/go-gitea/gitea 5 next 5 org.apache.tomcat:tomcat-catalina 5 CefSharp.Common 5 Microsoft.WindowsDesktop.App.Runtime.win-x86 5 passenger 5 org.xwiki.platform:xwiki-platform-web 5 forkcms/forkcms 5 org.apache.xmlgraphics:batik 5 serve 5 statamic/cms 5 getkirby/cms 5 github.com/nats-io/jwt 5 OPCFoundation.NetStandard.Opc.Ua.Core 5 org.apache.mesos:mesos 5 github.com/answerdev/answer 5 @openzeppelin/contracts-upgradeable 5 plone 5 aubio 5 code.gitea.io/gitea 5 org.apache.dolphinscheduler:dolphinscheduler 5 genix/cms 5 matrix-js-sdk 5 com.vaadin:vaadin-bom 5
Filter by Repository
https://github.com/chakra-core/ChakraCore 204 https://github.com/tensorflow/tensorflow 107 https://github.com/xwiki/xwiki-platform 48 https://github.com/FasterXML/jackson-databind 44 https://github.com/jenkinsci/jenkins 36 https://github.com/apache/tomcat 34 https://github.com/python-pillow/Pillow 26 https://github.com/apache/airflow 25 https://github.com/microweber/microweber 25 https://github.com/pimcore/pimcore 25 https://github.com/moodle/moodle 24 https://github.com/keycloak/keycloak 22 https://github.com/x-stream/xstream 22 https://github.com/apache/struts 22 https://github.com/opencv/opencv 21 https://github.com/sparklemotion/nokogiri 20 https://github.com/django/django 20 https://github.com/Dolibarr/dolibarr 19 https://github.com/thorsten/phpmyfaq 18 https://github.com/dotnet/runtime 17 https://github.com/pmmp/PocketMine-MP 17 https://github.com/symfony/symfony 16 https://github.com/spring-projects/spring-framework 16 https://github.com/rancher/rancher 16 https://github.com/ansible/ansible 15 https://github.com/parse-community/parse-server 15 https://github.com/ikus060/rdiffweb 15 https://github.com/vyperlang/vyper 14 https://github.com/github/advisory-database 14 https://github.com/librenms/librenms 14 https://github.com/apache/inlong 13 https://github.com/usememos/memos 13 https://github.com/jenkinsci/script-security-plugin 13 https://github.com/getgrav/grav 13 https://github.com/rails/rails 12 https://github.com/mlflow/mlflow 12 https://github.com/hashicorp/consul 11 https://github.com/mautic/mautic 11 https://github.com/electron/electron 11 https://github.com/apache/nifi 11 https://github.com/argoproj/argo-cd 10 https://github.com/go-gitea/gitea 10 https://github.com/OpenMage/magento-lts 10 https://github.com/octobercms/october 10 https://github.com/centreon/centreon 10 https://github.com/apache/camel 9 https://github.com/cui2shark/cms 9 https://github.com/rusqlite/rusqlite 9 https://github.com/strapi/strapi 9 https://github.com/kubernetes/kubernetes 9 https://github.com/cloudfoundry/uaa 9 https://github.com/golang/go 9 https://github.com/nervosnetwork/ckb 9 https://github.com/nilsteampassnet/teampass 9 https://github.com/shopware/platform 8 https://github.com/gradio-app/gradio 8 https://github.com/matrix-org/synapse 8 https://github.com/bcgit/bc-java 8 https://github.com/TYPO3/TYPO3.CMS 8 https://github.com/cockpit-hq/cockpit 8 https://github.com/cobbler/cobbler 8 https://github.com/nats-io/nats-server 8 https://github.com/netty/netty 7 https://github.com/DSpace/DSpace 7 https://github.com/dotnet/aspnetcore 7 https://github.com/plone/Products.CMFPlone 7 https://github.com/eclipse/jetty.project 7 https://github.com/snipe/snipe-it 7 https://github.com/rubygems/rubygems 7 https://github.com/hashicorp/vault 7 https://github.com/spring-projects/spring-security 7 https://github.com/undertow-io/undertow 7 https://github.com/apache/cxf 7 https://github.com/denoland/deno 7 https://github.com/PHPMailer/PHPMailer 7 https://github.com/apache/activemq 7 https://github.com/zitadel/zitadel 6 https://github.com/dnnsoftware/Dnn.Platform 6 https://github.com/dromara/hutool 6 https://github.com/opencast/opencast 6 https://github.com/contao/contao 6 https://github.com/CVEProject/cvelist 6 https://github.com/OpenNMS/opennms 6 https://github.com/intelliants/subrion 6 https://github.com/npm/node-tar 6 https://github.com/sequelize/sequelize 6 https://github.com/pyca/cryptography 6 https://github.com/backstage/backstage 6 https://github.com/gravitl/netmaker 6 https://github.com/guzzle/guzzle 6 https://github.com/smarty-php/smarty 6 https://github.com/nilsteampassnet/TeamPass 6 https://github.com/WWBN/AVideo 6 https://github.com/magento/magento2 6 https://github.com/ls1intum/Ares 6 https://github.com/Pylons/waitress 6 https://github.com/istio/istio 6 https://github.com/saltstack/salt 6 https://github.com/xuxueli/xxl-job 6 https://github.com/DrunkenShells/Disclosures 6 https://github.com/OPCFoundation/UA-.NETStandard 6 https://github.com/bodil/sized-chunks 6 https://github.com/OpenZeppelin/openzeppelin-contracts 6 https://github.com/phpmyadmin/phpmyadmin 6 https://github.com/PaddlePaddle/Paddle 6 https://github.com/hyperledger/fabric 6 https://github.com/kiwitcms/Kiwi 6 https://github.com/froxlor/froxlor 6 https://github.com/TYPO3/typo3 6 https://github.com/twisted/twisted 5 https://github.com/forkcms/forkcms 5 https://github.com/cefsharp/CefSharp 5 https://github.com/aubio/aubio 5 https://github.com/apache/hadoop 5 https://github.com/gogs/gogs 5 https://github.com/directus/directus 5 https://github.com/cakephp/cakephp 5 https://github.com/matrix-org/matrix-js-sdk 5 https://github.com/traefik/traefik 5 https://github.com/docker/docker 5 https://github.com/hpcng/singularity 5 https://github.com/apache/xmlgraphics-batik 5 https://github.com/getkirby/kirby 5 https://github.com/nautobot/nautobot 5 https://github.com/cilium/cilium 5 https://github.com/faisalman/ua-parser-js 5 https://github.com/PrestaShop/PrestaShop 5 https://github.com/pear/Archive_Tar 5 https://github.com/BlackFan/client-side-prototype-pollution 5 https://github.com/laravel/framework 5 https://github.com/composer/composer 5 https://github.com/drupal/core 5 https://github.com/answerdev/answer 5 https://github.com/zopefoundation/Zope 5 https://github.com/codeigniter4/CodeIgniter4 5 https://github.com/geoserver/geoserver 5 https://github.com/apache/kylin 5 https://github.com/apache/dolphinscheduler 5 https://github.com/IBAX-io/go-ibax 5 https://github.com/protocolbuffers/protobuf 5 https://github.com/vantage6/vantage6 4 https://github.com/jeecgboot/jeecg-boot 4 https://github.com/cloudflare/cfrpki 4 https://github.com/npm/cli 4 https://github.com/containers/buildah 4 https://github.com/containers/podman 4 https://github.com/openstack/keystone 4 https://github.com/centreon/centreon-archived 4 https://github.com/statamic/cms 4 https://github.com/restlet/restlet-framework-java 4 https://github.com/ckeditor/ckeditor4 4 https://github.com/fiveai/Cachet 4 https://github.com/ethereum/go-ethereum 4 https://github.com/surrealdb/surrealdb 4 https://github.com/scrapy/scrapy 4 https://github.com/0xJacky/nginx-ui 4 https://github.com/libp2p/go-libp2p 4 https://github.com/playframework/playframework 4 https://github.com/PrismJS/prism 4 https://github.com/tidwall/gjson 4 https://github.com/Froxlor/Froxlor 4 https://github.com/ericcornelissen/shescape 4 https://github.com/pimcore/admin-ui-classic-bundle 4 https://github.com/yiisoft/yii2 4 https://github.com/jenkinsci/workflow-cps-global-lib-plugin 4 https://github.com/free5gc/free5gc 4 https://github.com/opencontainers/runc 4 https://github.com/Codiad/Codiad 4 https://github.com/bolt/bolt 4 https://github.com/livehelperchat/livehelperchat 4 https://github.com/jhipster/generator-jhipster 4 https://github.com/phpseclib/phpseclib 4 https://github.com/apache/geode 4 https://github.com/cri-o/cri-o 4 https://github.com/quarkusio/quarkus 4 https://github.com/baserproject/basercms 4 https://github.com/kubernetes/ingress-nginx 4 https://github.com/wixtoolset/issues 4 https://github.com/hashicorp/nomad 4 https://github.com/RaspAP/raspap-webgui 4 https://github.com/jettison-json/jettison 4 https://github.com/jnqnfe/pulse-binding-rust 4 https://github.com/ethyca/fides 4 https://github.com/nightcloudos/new_cms 4 https://github.com/igniterealtime/Openfire 4 https://github.com/apple/swift-nio-http2 4 https://github.com/pgadmin-org/pgadmin4 4 https://github.com/totaljs/framework 4 https://github.com/microsoft/msquic 3 https://github.com/authzed/spicedb 3 https://github.com/digitalbazaar/forge 3 https://github.com/siderolabs/talos 3 https://gitlab.com/edneville/please 3 https://github.com/jenkinsci/gitlab-plugin 3 https://github.com/rack/rack 3 https://github.com/TryGhost/Ghost 3 https://github.com/dub-flow/vulnerability-research 3 https://github.com/steveukx/git-js 3 https://github.com/npm/npm 3