Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Low Security Advisories

Loading...
Low
GSA_kwCzR0hTQS04djcyLXFyM2gtYzZyds4AAnOU
Credentials stored in plain text by Jenkins Bumblebee HP ALM Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:bumblebee
Source: GitHub Advisory Database
Published: about 1 year ago
Low
GSA_kwCzR0hTQS13cGhxLWo3OHAtZmhncM4AAlxz
Secret stored in plain text by Jenkins Parameterized Remote Trigger Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:Parameterized-Remote-Trigger
Source: GitHub Advisory Database
Published: about 1 year ago
Low
GSA_kwCzR0hTQS13NmMyLWpyaGgtanJ4Z84AAlx_
Credentials stored in plain text by Jenkins tfs Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:tfs
Source: GitHub Advisory Database
Published: about 1 year ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZxajgtYzI3dy1ycDMz
Cross-site scripting in Apache Syncome EndUser
Ecosystems: maven
Packages: org.apache.syncope.client:syncope-client-enduser
Source: GitHub Advisory Database
Published: over 1 year ago
Low
GSA_kwCzR0hTQS01YzR2LXZoOTUtYzY3Y84AAllH
Jenkins Email Extension Plugin SMTP password transmitted and displayed in plain text
Ecosystems: maven
Packages: org.jenkins-ci.plugins:email-ext
Source: GitHub Advisory Database
Published: about 1 year ago
Low
GSA_kwCzR0hTQS1tOWoyLWdycWYtZmcyNs4AAW5D
Jenkins Reverse Proxy Auth Plugin allows attackers with local file system access to obtain a list of authorities for logged in users
Ecosystems: maven
Packages: org.jenkins-ci.plugins:reverse-proxy-auth-plugin
Source: GitHub Advisory Database
Published: about 1 year ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWhnMnAtMmN2cS00cHB2
Cross-site scripting in lazysizes
Ecosystems: npm
Packages: lazysizes
Source: GitHub Advisory Database
Published: over 1 year ago
Low
GSA_kwCzR0hTQS13Nmh3LTU3anEtaDdmNc4AAknq
CSRF vulnerability in Amazon EC2 Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:ec2
Source: GitHub Advisory Database
Published: about 1 year ago
Low
GSA_kwCzR0hTQS1qdjYyLTZ4dmMtY2N3aM4AAiIf
Jenkins elOyente Plugin has Insufficiently Protected Credentials
Ecosystems: maven
Packages: com.technicolor:elOyente
Source: GitHub Advisory Database
Published: about 1 year ago
Low
GSA_kwCzR0hTQS01YzJjLWN2ZzYtZ2hqbc4AApuC
Password stored in plain text by Jenkins Nomad Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:nomad
Source: GitHub Advisory Database
Published: about 1 year ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW01NHItdnJtdi1odzMz
Improper Sanitizing of plugin names in helm
Ecosystems: go
Packages: helm.sh/helm/v3/pkg/plugin, helm.sh/helm, helm.sh/helm/v3
Source: GitHub Advisory Database
Published: about 2 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWM1MmYtcHE0Ny0ycjlq
plugin.yaml file allows for duplicate entries in helm
Ecosystems: go
Packages: helm.sh/helm/v3/pkg/plugin, helm.sh/helm, helm.sh/helm/v3
Source: GitHub Advisory Database
Published: about 2 years ago
Low
GSA_kwCzR0hTQS03OXI1LXJocnctN3B2aM4AAn-C
Passwords stored in plain text by Jenkins Jabber (XMPP) notifier and control Plugin
Ecosystems: maven
Packages: org.jvnet.hudson.plugins:jabber
Source: GitHub Advisory Database
Published: about 1 year ago
Low
GSA_kwCzR0hTQS1mbXE5LXI0cDItODI3Ms4AAu-R
API token stored in plain text by Jenkins CONS3RT Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:cons3rt
Source: GitHub Advisory Database
Published: 9 months ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXYyd3gtamo2Ni0yaHA3
Cross-site Scripting in Wildfly
Ecosystems: maven
Packages: org.wildfly:wildfly-parent
Source: GitHub Advisory Database
Published: about 2 years ago
Low
GSA_kwCzR0hTQS1meHJjLWhnNmotNnYzeM4AAwSH
hutool-json vulnerable to memory exhaustion
Ecosystems: maven
Packages: cn.hutool:hutool-json
Source: GitHub Advisory Database
Published: 6 months ago
Low
GSA_kwCzR0hTQS1xdmpyLXg4ZnctaGdods4AAnOn
Credentials stored in plain text by Jenkins TraceTronic ECU-TEST Plugin
Ecosystems: maven
Packages: de.tracetronic.jenkins.plugins:ecutest
Source: GitHub Advisory Database
Published: about 1 year ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXg0NjItODlwZi02cjVo
Crash due to malformed relay protocol message
Ecosystems: go
Packages: github.com/syncthing/syncthing
Source: GitHub Advisory Database
Published: about 2 years ago
Low
GSA_kwCzR0hTQS01MmgyLW0yY2YtOWpoNs4AAwRz
linux-loader reading beyond EOF could lead to infinite loop
Ecosystems: cargo
Packages: linux-loader
Source: GitHub Advisory Database
Published: 6 months ago
Low
GSA_kwCzR0hTQS1tNTlxLXZncTktNzVjcs4AAtD2
Password stored in plain text by Jenkins RQM Plugin
Ecosystems: maven
Packages: net.praqma:rqm-plugin
Source: GitHub Advisory Database
Published: 11 months ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWhjNmMtNzVwNC1obXE0
Reference binding to null pointer in `MatrixDiag*` ops
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Published: about 2 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTR2ZjItNHhjZy02NWN4
Division by 0 in `Conv2D`
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Published: about 2 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWc0aDItZ3FtMy1jOXdx
Segfault in tf.raw_ops.ImmutableConst
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Published: about 2 years ago
Low
GSA_kwCzR0hTQS04NzZqLTRxNzMtN2Y1Ns4AAW5C
Jenkins GitHub Pull Request Builder Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:ghprb
Source: GitHub Advisory Database
Published: about 1 year ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWZwaHEtZ3c5bS1naHJ2
CHECK-fail in `CTCGreedyDecoder`
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Published: about 2 years ago
Low
GSA_kwCzR0hTQS13d2d4LTk0djYtZmMycM4AASyU
Jenkins SSH Agent Plugin exposes SSH private key password to users with permission to read the build log
Ecosystems: maven
Packages: org.jenkins-ci.plugins:ssh-agent
Source: GitHub Advisory Database
Published: about 1 year ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXFnNDgtODVoZy1tcWM1
Division by 0 in `DenseCountSparseOutput`
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Published: about 2 years ago
Low
GSA_kwCzR0hTQS02M2pnLTV3djYtN2dods4AAV9P
Jenkins Resource Disposer Plugin allows attacker to stop tracking specified resource
Ecosystems: maven
Packages: org.jenkins-ci.plugins:resource-disposer
Source: GitHub Advisory Database
Published: about 1 year ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWZ4cWgtY2ZqbS1mcDkz
Division by 0 in `Reverse`
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Published: about 2 years ago
Low
GSA_kwCzR0hTQS0zaHc2LWdjOGgtOTI0M84AAWQT
Jenkins meliora-testlab Plugin allows attackers with file system access to Jenkins master to obtain API key
Ecosystems: maven
Packages: org.jenkins-ci.plugins:meliora-testlab
Source: GitHub Advisory Database
Published: about 1 year ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTU5cTIteDJxYy00Yzk3
Heap OOB access in unicode ops
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Published: about 2 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTRwNHAtd3d3OC04ZnY5
Reference binding to null in `ParameterizedTruncatedNormal`
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Published: about 2 years ago
Low
GSA_kwCzR0hTQS0ycWg2LWhodnYtbTJ3d84AAts9
Jenkins HTTP Request Plugin stores HTTP Request passwords unencrypted
Ecosystems: maven
Packages: org.jenkins-ci.plugins:http_request
Source: GitHub Advisory Database
Published: 10 months ago
Low
GSA_kwCzR0hTQS0zNmo4LWYzM2otdmp3cc4AAtDk
Passwords stored in plain text by Jenkins hpe-network-virtualization plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:hpe-network-virtualization
Source: GitHub Advisory Database
Published: 11 months ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZxMnItNXh2bS0zaGMz
Segfault in `CTCBeamSearchDecoder`
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Published: about 2 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW12NzgtZzd3cS1taHA0
Division by zero in padding computation in TFLite
Ecosystems: pypi
Packages: tensorflow
Source: GitHub Advisory Database
Published: about 2 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWo3cm0tOHd3NC14eDJn
Division by zero in TFLite's implementation of `SpaceToDepth`
Ecosystems: pypi
Packages: tensorflow
Source: GitHub Advisory Database
Published: about 2 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTI0eDYtOGM3bS1odjNm
Heap OOB read in TFLite's implementation of `Minimum` or `Maximum`
Ecosystems: pypi
Packages: tensorflow
Source: GitHub Advisory Database
Published: about 2 years ago
Low
GSA_kwCzR0hTQS1odzdjLTNyZmctcDQ2as4AAyHf
Panic leading to denial of service
Ecosystems: go
Packages: google.golang.org/protobuf
Source: GitHub Advisory Database
Published: 3 months ago
Low
GSA_kwCzR0hTQS1jZ2hnLWpjdjYtNHY1bc4AASj5
Jenkins Coverity Plugin has Insufficiently Protected Credentials
Ecosystems: maven
Packages: org.jenkins-ci.plugins:coverity
Source: GitHub Advisory Database
Published: about 1 year ago
Low
GSA_kwCzR0hTQS01ZnE5LXg5ZjQteDJyMs4AASkM
Jenkins z/OS Connector Plugin allows local attacker to retrieve configured password
Ecosystems: maven
Packages: org.jenkins-ci.plugins:zos-connector
Source: GitHub Advisory Database
Published: about 1 year ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTk3d2YtcDc3Ny04Nmpx
Division by zero in TFLite's implementation of Split
Ecosystems: pypi
Packages: tensorflow
Source: GitHub Advisory Database
Published: about 2 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWNyY2gtajM4OS01Zjg0
Heap OOB write in TFLite
Ecosystems: pypi
Packages: tensorflow
Source: GitHub Advisory Database
Published: about 2 years ago
Low
GSA_kwCzR0hTQS1weDhoLTZxeHYtbTIycc4AAxpo
Incorrect parsing of nameless cookies leads to __Host- cookies bypass
Ecosystems: pypi
Packages: Werkzeug
Source: GitHub Advisory Database
Published: 4 months ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZmOTQtMzZnNS02OXY4
Division by zero in TFLite's implementation of `DepthToSpace`
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Published: about 2 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXF3NWgtN2Y1My14cnA2
Stack overflow in `ParseAttrValue` with nested tensors
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Published: about 2 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW0zM3YtMzM4aC00djlm
Path traversal in Node-Red
Ecosystems: npm
Packages: @node-red/runtime
Source: GitHub Advisory Database
Published: over 2 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTRodnYtN3g5NC03dnE4
Null dereference in Grappler's `TrySimplify`
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Published: about 2 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXhxZmotY3I2cS1wYzh3
Crash in `tf.transpose` with complex inputs
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Published: about 2 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXg2bWotdzRqZi1qbWd3
Server Side Request Forgery (SSRF) in Kubernetes
Ecosystems: go
Packages: github.com/kubernetes/kubernetes/pkg/volume/storageos
Source: GitHub Advisory Database
Published: over 1 year ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWYzZmctNWo5cC12Y2hj
File exposure in pleaser
Ecosystems: cargo
Packages: pleaser
Source: GitHub Advisory Database
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS00NjI1LXE1MnctMzljeM4AAnOJ
Missing permission check for paths with specific prefix in Jenkins
Ecosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Published: about 1 year ago
Low
GSA_kwCzR0hTQS1mbTZxLTk3Z3ctYzR3aM0sPg
Agent-to-controller security bypass in Jenkins HashiCorp Vault Plugin
Ecosystems: maven
Packages: com.datapipe.jenkins.plugins:hashicorp-vault-plugin
Source: GitHub Advisory Database
Published: over 1 year ago
Low
GSA_kwCzR0hTQS00MzQ4LXgyOTItaDQzN84AAwoe
GoBase Race Condition vulnerability
Ecosystems: go
Packages: github.com/ntbosscher/gobase
Source: GitHub Advisory Database
Published: 5 months ago
Low
GSA_kwCzR0hTQS1oeDNyLXF3eHYtNWp3Oc0zGw
Client Secret stored in plain text by Jenkins GitLab Authentication Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:gitlab-oauth
Source: GitHub Advisory Database
Published: about 1 year ago
Low
GSA_kwCzR0hTQS14NzVyLWc2M20tODJ3as0zFw
Passwords stored in plain text by Jenkins dbCharts Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:dbCharts
Source: GitHub Advisory Database
Published: about 1 year ago
Low
GSA_kwCzR0hTQS13OTd4LWo2cmctNTV2Nc022A
Password stored in plain text by Jenkins Proxmox Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:proxmox
Source: GitHub Advisory Database
Published: about 1 year ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXgzNDUtMzJyYy04aDg1
Denial of service attack via push rule patterns in matrix-synapse
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Published: about 2 years ago
Low
GSA_kwCzR0hTQS1ocG05LWZ4OHYtdzQ1ds02oQ
Plaintext storage in Jenkins instant-messaging Plugin
Ecosystems: maven
Packages: org.jvnet.hudson.plugins:instant-messaging
Source: GitHub Advisory Database
Published: about 1 year ago
Low
GSA_kwCzR0hTQS1yM3JyLXdwaDYtOTYzOM0ihg
Password stored in plain text by Jenkins Publish Over SSH Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:publish-over-ssh
Source: GitHub Advisory Database
Published: over 1 year ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWM2cnEtcmpjMi04NnYy
Time-of-check Time-of-use (TOCTOU) Race Condition in chownr
Ecosystems: npm
Packages: chownr
Source: GitHub Advisory Database
Published: over 1 year ago
Low
GSA_kwCzR0hTQS1nZ3JoLWdyajMtdmZ2d84AAwEF
Package discontinued because Bitly lowered the free quota
Ecosystems: pypi
Packages: bitlyshortener
Source: GitHub Advisory Database
Published: 6 months ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTRwaDItODMzNy1obTYy
Key Caching behavior in the DynamoDB Encryption Client.
Ecosystems: pypi
Packages: dynamodb-encryption-sdk
Source: GitHub Advisory Database
Published: over 2 years ago
Low
GSA_kwCzR0hTQS00eHI0LTg5bTUtNDZjN84AAy4z
eslint-detailed-reporter vulnerable to cross-site scripting
Ecosystems: npm
Packages: eslint-detailed-reporter
Source: GitHub Advisory Database
Published: about 2 months ago
Low
GSA_kwCzR0hTQS04amg5LXdxcGYtcTUyY84AAwBV
sweetalert2 v8.19.1 and above contains hidden functionality
Ecosystems: npm
Packages: sweetalert2
Source: GitHub Advisory Database
Published: 7 months ago
Low
GSA_kwCzR0hTQS1wZzk4LTZ2N2YtMnhmds4AAwBU
sweetalert2 v9.17.4 and above contains hidden functionality
Ecosystems: npm
Packages: sweetalert2
Source: GitHub Advisory Database
Published: 7 months ago
Low
GSA_kwCzR0hTQS1xcTZoLTVnNmotcTNjbc4AAwBN
sweetalert2 v11.4.9 and above contains hidden functionality
Ecosystems: npm
Packages: sweetalert2
Source: GitHub Advisory Database
Published: 7 months ago
Low
GSA_kwCzR0hTQS14ZjgzLXE3NjUteG02bc4AAv_Y
`CHECK` fail in `TensorListScatter` and `TensorListScatterV2` in eager mode
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Published: 7 months ago
Low
GSA_kwCzR0hTQS1xY2NtLXdtY3EtcHdyNs4AAv_M
Tailscale daemon is vulnerable to information disclosure via CSRF
Ecosystems: go
Packages: tailscale.com/cmd
Source: GitHub Advisory Database
Published: 7 months ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWNxNmgtdzNtYy01N2Y0
Information exposure via query strings in URL
Ecosystems: packagist
Packages: shopware/core, shopware/platform
Source: GitHub Advisory Database
Published: over 2 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW02NDgtMzNxZi12M2dw
CHECK-fail in LSTM with zero-length input in TensorFlow
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Published: over 2 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXFoeHgtajczci1xcG0y
Uninitialized memory access in TensorFlow
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Published: over 2 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWpteDgtMzU1bS04dndo
Unauthorized client-side property update in UIDL request handler in Vaadin 10 and 11
Ecosystems: maven
Packages: com.vaadin:flow-server
Source: GitHub Advisory Database
Published: about 2 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWY1Z2MtcDVtMy12MzQ3
XXE in petl
Ecosystems: pypi
Packages: petl
Source: GitHub Advisory Database
Published: over 2 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXE5Y3AtbWM5Ni1tNHcy
XML External Entity in Dashboard Widget
Ecosystems: packagist
Packages: typo3/cms-core
Source: GitHub Advisory Database
Published: over 2 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXI4OXYtY2d2Ny0zamh4
Bypass of fix for CVE-2020-15247, Twig sandbox escape
Ecosystems: packagist
Packages: october/cms
Source: GitHub Advisory Database
Published: over 2 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTU4YzctcHg1di04Mmho
Potential sensitive information disclosed in error reports
Ecosystems: pypi
Packages: django-registration
Source: GitHub Advisory Database
Published: about 2 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXdwd3ctNGpmNC00aHg4
Edit feed settings and others, Cross Site Scripting(XSS) Vulnerability in Latest Release 4.4.0
Ecosystems: packagist
Packages: baserproject/basercms
Source: GitHub Advisory Database
Published: over 2 years ago
Low
GSA_kwCzR0hTQS1qZm1xLTRnNG0tOTlyaM4AASBR
Nimbus JOSE+JWT vulnerable to padding oracle attack
Ecosystems: maven
Packages: com.nimbusds:nimbus-jose-jwt
Source: GitHub Advisory Database
Published: about 1 year ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJ4d3AtbTdtcS03cTNy
CLI does not correctly implement strict mode
Ecosystems: pypi
Packages: aws-encryption-sdk-cli
Source: GitHub Advisory Database
Published: over 2 years ago
Low
GSA_kwCzR0hTQS1yajRwLTdtbTYtZ205as4AARto
JBossWS vulnerable to uncontrolled recursion
Ecosystems: maven
Packages: org.jboss.ws:jbossws-common
Source: GitHub Advisory Database
Published: about 1 year ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTU2cGMtNmpxcC14cWo4
Context isolation bypass in Electron
Ecosystems: npm
Packages: electron
Source: GitHub Advisory Database
Published: over 2 years ago
Low
GSA_kwCzR0hTQS04bXZ3LTIycjctdzZmcc3iEg
ruby_parser allows local users to overwrite arbitrary files via symlink attack on temporary file with predictable name
Ecosystems: rubygems
Packages: ruby_parser
Source: GitHub Advisory Database
Published: about 1 year ago
Low
GSA_kwCzR0hTQS0zNzJxLTMzdmgtOG1wY84AAToA
Inconsistent documentation in Apache Tomcat
Ecosystems: maven
Packages: org.apache.tomcat:tomcat
Source: GitHub Advisory Database
Published: about 1 year ago
Low
GSA_kwCzR0hTQS1yOXhjLTU0Y3EtOTlyN84AAiY4
Cleartext Storage of Sensitive Information in Jenkins ElasticBox CI Plugin
Ecosystems: maven
Packages: com.elasticbox.jenkins-ci.plugins:elasticbox
Source: GitHub Advisory Database
Published: about 1 year ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTc3ZzMtM2o1dy02NHc0
Exposure of Resource to Wrong Sphere and Insecure Temporary File in Ansible
Ecosystems: pypi
Packages: ansible
Source: GitHub Advisory Database
Published: about 2 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWo2cWotajg4OC12dmdx
Directory exposure in jetty
Ecosystems: maven
Packages: org.eclipse.jetty:jetty-deploy
Source: GitHub Advisory Database
Published: about 2 years ago
Low
GSA_kwCzR0hTQS1oZjd3LWY0aDQtOXhwOM4AAYZt
Exposure of Sensitive Information in Jenkins Datadog plugin
Ecosystems: maven
Packages: org.datadog.jenkins.plugins:datadog
Source: GitHub Advisory Database
Published: about 1 year ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWN3ZnctNGdxNS1tcnF4
Regular Expression Denial of Service (ReDoS) in braces
Ecosystems: npm
Packages: braces
Source: GitHub Advisory Database
Published: over 1 year ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTIyaDctN3d3Zy1xbWdn
Prototype Pollution in @hapi/hoek
Ecosystems: npm
Packages: @hapi/hoek
Source: GitHub Advisory Database
Published: almost 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWdxZjYtNzV2OC12cjI2
Arbitrary File Write in bin-links
Ecosystems: npm
Packages: bin-links
Source: GitHub Advisory Database
Published: almost 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXc3cmMtcnd2Zi04cTVy
The `size` option isn't honored after following a redirect in node-fetch
Ecosystems: npm
Packages: node-fetch
Source: GitHub Advisory Database
Published: over 2 years ago
Low
GSA_kwCzR0hTQS1oMjljLXdjbTgtODgzaM0keg
Incorrect Permission Assignment for Critical Resource in OnionShare
Ecosystems: pypi
Packages: onionshare-cli
Source: GitHub Advisory Database
Published: over 1 year ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWg2bXEtM2NqNi1oNzM4
Reverse Tabnabbing in showdown
Ecosystems: npm
Packages: showdown
Source: GitHub Advisory Database
Published: almost 3 years ago
Low
GSA_kwCzR0hTQS1teGNjLTdoNW0teDU3cs4AAtsO
Jenkins GitHub plugin 1.34.4 uses weak webhook signature function
Ecosystems: maven
Packages: com.coravy.hudson.plugins.github:github
Source: GitHub Advisory Database
Published: 10 months ago
Low
GSA_kwCzR0hTQS13aHB4LXEzcnEtdzhqY84AAve6
Hardening of TypedArrays with non-canonical numeric property names in SES
Ecosystems: npm
Packages: ses
Source: GitHub Advisory Database
Published: 8 months ago
Low
GSA_kwCzR0hTQS0yanh4LTJ4OTMtMnEyZs4AAvdu
Non-constant time webhook token comparison in Jenkins Generic Webhook Trigger Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:generic-webhook-trigger
Source: GitHub Advisory Database
Published: 8 months ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXY2NjIteHBjYy05eGY2
It's possible to execute anything with the rights of the author of a macro which uses the {{wikimacrocontent}} macro
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-rendering-wikimacro-store
Source: GitHub Advisory Database
Published: about 2 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXg3aGMteDdmbS1mN3Fo
Cross-Site Scripting in Content Preview (CType menu)
Ecosystems: packagist
Packages: typo3/cms-backend
Source: GitHub Advisory Database
Published: about 2 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW04Nm0tNW00NC1wYzkz
Denial of Service in grpc-ts-health-check
Ecosystems: npm
Packages: grpc-ts-health-check
Source: GitHub Advisory Database
Published: almost 3 years ago
Filter by Package
tensorflow 109 tensorflow-cpu 93 tensorflow-gpu 93 shopware/platform 12 shopware/core 10 org.jenkins-ci.main:jenkins-core 7 matrix-synapse 5 baserproject/basercms 5 ansible 5 october/backend 5 helm.sh/helm 4 helm.sh/helm/v3 4 org.apache.tomcat:tomcat 4 sweetalert2 4 electron 4 simplesamlphp/simplesamlphp 4 actionpack 4 shopware/shopware 4 puppet 4 rack 4 com.fasterxml.woodstox:woodstox-core 4 com.vaadin:flow-server 3 vyper 3 passenger 3 bin-links 3 mautic/core 3 node-forge 3 org.apache.hive:hive-service 3 org.apache.hive:hive-exec 3 org.apache.hive:hive 3 Flask-Security-Too 3 com.vaadin:vaadin-bom 3 org.jenkins-ci.plugins:wso2id-oauth 2 @openzeppelin/contracts-upgradeable 2 go.etcd.io/etcd/client/v3 2 public 2 org.jenkins-ci.plugins:artifactory 2 sylius/sylius 2 org.jenkins-ci.plugins:ec2 2 helm.sh/helm/v3/pkg/plugin 2 typo3/cms-core 2 october/cms 2 braces 2 typo3/cms-backend 2 org.jenkins-ci.plugins:bigpanda-jenkins 2 parse-server 2 next-auth 2 org.xwiki.platform:xwiki-platform-oldcore 2 tools.devnull:build-notifications 2 github.com/cilium/cilium 2 craftcms/cms 2 org.mapfish.print:print-lib 2 org.mapfish.print:print-standalone 2 org.mapfish.print:print-servlet 2 personnummer 2 concrete5/concrete5 2 httplib2 2 OctoPrint 2 node-ipc 2 github.com/mutagen-io/mutagen 2 grumpydictator/firefly-iii 2 k8s.io/kubernetes 2 org.eclipse.jetty:jetty-server 2 phpmailer/phpmailer 2 github.com/opencontainers/runc 2 github.com/nats-io/nats-server/v2 2 github.com/answerdev/answer 2 wasmtime 2 ckb 2 com.inflectra.spiratest.plugins:inflectra-spira-integration 1 github.com/moby/moby 1 go.etcd.io/etcd 1 org.keycloak:keycloak-services 1 org.jenkins-ci.plugins:sonar-quality-gates 1 org.jenkins-ci.plugins:zephyr-for-jira-test-management 1 go.elastic.co/apm 1 github.com/hashicorp/vault 1 puma 1 debug 1 http-signature 1 ws 1 suds 1 connect 1 serve-static 1 jadedown 1 rdiffweb 1 org.jenkins-ci.plugins:support-core 1 com.hoiio.jenkins:sms 1 org.jenkins-ci.plugins:skytap 1 org.jenkins-ci.plugins:elastest 1 github.com/etcd-io/etcd/wal 1 com.inedo.proget:inedo-proget 1 go.mozilla.org/sops/v3 1 org.jenkins-ci.plugins:hp-quality-center 1 io.jenkins.plugins:s3explorer 1 org.jenkins-ci.plugins:StashBranchParameter 1 facter 1 org.jenkins-ci.plugins:labmanager 1 org.jenkins-ci.plugins:couchdb-statistics 1 com.rapid7:jenkinsci-appspider-plugin 1 rest-client 1 github.com/notaryproject/notation 1 paratrooper-pingdom 1 com.google.guava:guava 1 randomatic 1 hyper 1 rubocop 1 com.villagechief.codescan.jenkins:codescan 1 paratrooper-newrelic 1 sensu 1 mindspore 1 Plone 1 com.datadoghq:datadog-api-client 1 sequoia-openpgp 1 buffered-reader 1 io.jenkins.plugins:cavisson-ns-nd-integration 1 github.com/cheqd/cheqd-node 1 undici 1 merge 1 org.postgresql:postgresql 1 nemo_toolkit 1 merge-deep 1 superagent 1 flarum/core 1 github.com/cosmos/cosmos-sdk 1 cryptography 1 react-dom 1 com.geteasyqa:easyqa 1 lodash 1 org.springframework.batch:spring-batch-core 1 gitbook 1 github.com/traefik/traefik/v2 1 octokit 1 github.com/lima-vm/lima 1 opencv 1 sequelize-cli 1 express-basic-auth 1 github.com/pydio/cells 1 moodle/moodle 1 loguru 1 org.wildfly.core:wildfly-server 1 eye.js 1 EnumStringValues 1 com.linecorp.armeria:armeria 1 django-user-sessions 1 io.ktor:ktor-client-cio 1 io.ktor:ktor-server-cio 1 org.opencastproject:opencast-common-jpa-impl 1 dojox 1 symfony/http-foundation 1 org.springframework.boot:spring-boot-autoconfigure 1 org.springframework.data:spring-data-rest-core 1 django-basic-auth-ip-whitelist 1 com.mtvi.plateng.hudson:ldapemail 1 org.apache.logging.log4j:log4j 1 org.apache.logging.log4j:log4j-core 1 qutebrowser 1 openapi-python-client 1 org.jenkins-ci.plugins:assembla 1 org.jenkins-ci.plugins:quality-gates 1 npm 1 com.liferay.portal:release.portal.bom 1 m-server 1 org.jenkins-ci.plugins:metrics 1 org.jenkins-ci.plugins:credentials 1 Flask-AppBuilder 1 io.jenkins:configuration-as-code 1 timespan 1 hooka-tools 1 njwt 1 ascii-art 1 merge-objects 1 bigint-money 1 put 1 com.openmake:deployhub 1 graphql-shield 1 apostrophe 1 express-fileupload 1 io.ratpack:ratpack-session 1 io.ratpack:ratpack-java 1 io.ratpack:ratpack-groovy 1 type-graphql 1 personnummer 1 personnummer/personnummer 1 auth0-lock 1 solidus_backend 1 xmpp-http-upload 1 com.google.crypto.tink:tink 1 org.http4s:http4s-async-http-client_2.13 1 org.http4s:http4s-async-http-client_2.12 1 personnummer 1 npm-user-validate 1 markdown-link-extractor 1 silverstripe/silverstripe-omnipay 1 datasette-graphql 1 amundsen-frontend 1 tlslite-ng 1 vega 1 tinymce 1 cargo 1 send 1 pywasm3 1 wasm3 1 matrix-react-sdk 1 io.swagger:swagger-codegen 1 twig/twig 1 tech.pegasys.discovery:discovery 1 is-my-json-valid 1 personnummer 1 starlette 1 pwweb/laravel-core 1 com.typesafe.play:play 1 mcstatic 1 Simple-Wayland-HotKey-Daemon 1 activesupport 1 opencart/opencart 1 github.com/mutagen-io/mutagen-compose 1 personnummer 1 steal 1 github.com/etcd-io/etcd 1 lexik/jwt-authentication-bundle 1 sqlite3-ruby 1 helm.sh/helm/v3/pkg/repo 1 org.jenkins-ci.plugins:jira-ext 1 github.com/jaegertracing/jaeger/pkg/kafka/auth 1 github.com/Masterminds/goutils 1 rabbit_common 1 dev.personnummer:personnummer 1 remdex/livehelperchat 1 github.com/oauth2-proxy/oauth2-proxy/v7 1 github.com/oauth2-proxy/oauth2-proxy 1 github.com/moov-io/customers 1 helm.sh/helm/v3/pkg/chartutil 1 github.com/cloudflare/tableflip 1 helm.sh/helm/v3/pkg/plugin/installer 1 croogo/croogo 1 swift 1 org.jenkins-ci.plugins:zephyr-enterprise-test-management 1 org.jenkins-ci.plugins:repository-connector 1 org.jenkins-ci.plugins:openshift-deployer 1 org.jenkins-ci.plugins:azure-ad 1 github.com/tendermint/tendermint/p2p 1 github.com/containers/podman/v4/pkg/bindings/images 1 @zowe/imperative 1 github.com/docker/distribution 1 org.xwiki.platform:xwiki-platform-security-authentication-script 1 @liquity/contracts 1 github.com/argoproj/argo-workflows/v3 1 github.com/goharbor/harbor 1 show_in_browser 1 wagtail 1 org.jboss.fuse:jboss-fuse 1 web3 1 aiohttp 1 katello 1 sailsjs-cacheman 1 cryptoauthlib 1 pydantic 1 symfony/security-http 1 igniteui 1 personnummer 1 org.jenkins-ci.plugins:beaker-builder 1 github.com/foxcpp/maddy 1 saleor 1 org.jenkins-ci.plugins:ec2-deployment-dashboard 1 symfony/symfony 1 org.jenkins-ci.plugins:jigomerge 1 org.jenkins-ci.plugins:elasticsearch-query 1 glance 1 tuf 1 com.convertigo.jenkins.plugins:convertigo-mobile-platform 1 by.dev.madhead.doktor:doktor 1 snipe/snipe-it 1 org.elasticsearch:elasticsearch 1 github.com/opencontainers/distribution-spec 1 jupyterhub 1 org.apache.activemq:activemq-openwire-generator 1 org.apache.activemq:activemq-parent 1 ssddanbrown/bookstack 1 tusdotnet 1 org.opencastproject:opencast-common 1 @diez/generation 1 jsx-slack 1 pocketmine/pocketmine-mp 1 org.jenkins-ci.plugins:application-director-plugin 1 lemur 1 org.jenkins-ci.plugins:cloud-stats 1 kitchen-terraform 1 github.com/cloudflare/cfrpki/cmd/octorpki 1 github.com/sigstore/cosign 1 microweber/microweber 1 fluture-node 1 com.dubture.jenkins:digitalocean-plugin 1 org.jenkins-ci.plugins:git-client 1 @floffah/build 1 tokio 1 Pillow 1 redis-commander 1 httpie 1 markdown 1