Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Advisories

Loading...
Low
GSA_kwCzR0hTQS1qZ2g4LXZjaHctcTNnN84AAxOa
Permissive regex leads to domain filter bypass
Ecosystems: pypi
Packages: safeurl-python
Source: GitHub Advisory Database
Published: 2 days ago
Low
GSA_kwCzR0hTQS1nMjl2LTVwd2gtd3h4NM4AAxKJ
Plaintext Storage of a Password in Jenkins JIRA Pipeline Steps Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:jira-steps
Source: GitHub Advisory Database
Published: 2 days ago
Low
GSA_kwCzR0hTQS05OHFjLXY4dmctbWN4NM4AAxJQ
Plaintext Storage of a Password in Jenkins TestQuality Updater Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:testquality-updater
Source: GitHub Advisory Database
Published: 2 days ago
Low
GSA_kwCzR0hTQS00eDY1LTRmangtcjdtNs4AAxJ4
Plaintext storage of Access Token in Jenkins GitHub Pull Request Coverage Status Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:github-pr-coverage-status
Source: GitHub Advisory Database
Published: 2 days ago
Low
GSA_kwCzR0hTQS01OXFnLTkzamctMjM2Zs4AAxG7
Shopware has Insufficient Session Expiration in Administration
Ecosystems: packagist
Packages: shopware/core, shopware/platform
Source: GitHub Advisory Database
Published: 8 days ago
Low
GSA_kwCzR0hTQS03Y3A3LWpmcDYtamg0Zs4AAxFz
Shopware's log module vulnerable to Improper Output Neutralization
Ecosystems: packagist
Packages: shopware/core, shopware/platform
Source: GitHub Advisory Database
Published: 9 days ago
Low
GSA_kwCzR0hTQS05M3BtLTVwNWYtM2doeM4AAxD0
Denial of Service Vulnerability in Rack Content-Disposition parsing
Ecosystems: rubygems
Packages: rack
Source: GitHub Advisory Database
Published: 11 days ago
Low
GSA_kwCzR0hTQS1wODR2LTQ1eGotd3dxas4AAxDz
ReDoS based DoS vulnerability in Action Dispatch
Ecosystems: rubygems
Packages: actionpack
Source: GitHub Advisory Database
Published: 11 days ago
Low
GSA_kwCzR0hTQS1qNmdjLTc5Mm0tcWdtMs4AAxDy
ReDoS based DoS vulnerability in Active Support’s underscore
Ecosystems: rubygems
Packages: activesupport
Source: GitHub Advisory Database
Published: 11 days ago
Low
GSA_kwCzR0hTQS01Nzl3LTIyajQtNDc0Oc4AAxDw
Denial of Service Vulnerability in ActiveRecord’s PostgreSQL adapter
Ecosystems: rubygems
Packages: activerecord
Source: GitHub Advisory Database
Published: 11 days ago
Low
GSA_kwCzR0hTQS04eHd3LXgzZzMtNmpjds4AAxDv
ReDoS based DoS vulnerability in Action Dispatch
Ecosystems: rubygems
Packages: actionpack
Source: GitHub Advisory Database
Published: 11 days ago
Low
GSA_kwCzR0hTQS02NWY1LW1mcGYtdmZoas4AAxDt
Denial of service via header parsing in Rack
Ecosystems: rubygems
Packages: rack
Source: GitHub Advisory Database
Published: 11 days ago
Low
GSA_kwCzR0hTQS1ycXYyLTI3NXgtMmpxNc4AAxDs
Denial of service via multipart parsing in Rack
Ecosystems: rubygems
Packages: rack
Source: GitHub Advisory Database
Published: 11 days ago
Low
GSA_kwCzR0hTQS0yM2MyLWd3cDUtcHh3Oc4AAxDr
ReDoS based DoS vulnerability in GlobalID
Ecosystems: rubygems
Packages: globalid
Source: GitHub Advisory Database
Published: 11 days ago
Low
GSA_kwCzR0hTQS05ZjJjLXh4Zm0tMzJtas4AAw5d
Duplicate of GHSA-4xh4-v2pq-jvhm
Ecosystems: pub
Packages: personnummer
Source: GitHub Advisory Database
Published: 18 days ago
Low
GSA_kwCzR0hTQS1ocGgzLWh2M2MtNzcyNc4AAw3b
Any Flarum user including unactivated can reply in public discussions whose first post was permanently deleted
Ecosystems: packagist
Packages: flarum/core
Source: GitHub Advisory Database
Published: 18 days ago
Low
GSA_kwCzR0hTQS1ycTJ3LTM3aDktdmc5NM4AAwuy
Apache Tomcat improperly escapes input from JsonErrorReportValve
Ecosystems: maven
Packages: org.apache.tomcat:tomcat
Source: GitHub Advisory Database
Published: 25 days ago
Low
GSA_kwCzR0hTQS00MzQ4LXgyOTItaDQzN84AAwoe
GoBase Race Condition vulnerability
Ecosystems: go
Packages: github.com/ntbosscher/gobase
Source: GitHub Advisory Database
Published: about 1 month ago
Low
GSA_kwCzR0hTQS12cTIzLWh3ZzctaHhyaM4AAwfq
EnumStringValues vulnerable to Uncontrolled Resource Consumption
Ecosystems: nuget
Packages: EnumStringValues
Source: GitHub Advisory Database
Published: about 1 month ago
Low
GSA_kwCzR0hTQS1meHJjLWhnNmotNnYzeM4AAwSH
hutool-json vulnerable to memory exhaustion
Ecosystems: maven
Packages: cn.hutool:hutool-json
Source: GitHub Advisory Database
Published: about 2 months ago
Low
GSA_kwCzR0hTQS01MmgyLW0yY2YtOWpoNs4AAwRz
linux-loader reading beyond EOF could lead to infinite loop
Ecosystems: cargo
Packages: linux-loader
Source: GitHub Advisory Database
Published: about 2 months ago
Low
GSA_kwCzR0hTQS1ycHJnLTR2N3EtODd2N84AAwOX
Buildah (as part of Podman) vulnerable to Path Traversal
Ecosystems: go
Packages: github.com/containers/podman/v4
Source: GitHub Advisory Database
Published: about 2 months ago
Low
GSA_kwCzR0hTQS1oMnBoLXZobTctZzRocM4AAwNV
Traefik may display authorization header in the debug logs
Ecosystems: go
Packages: github.com/traefik/traefik/v2
Source: GitHub Advisory Database
Published: about 2 months ago
Low
GSA_kwCzR0hTQS14cjdwLThxODItODc4cc4AAwLZ
teler dashboard vulnerable to DOM-based cross-site scripting (XSS)
Ecosystems: go
Packages: teler.app
Source: GitHub Advisory Database
Published: about 2 months ago
Low
GSA_kwCzR0hTQS1nZ3JoLWdyajMtdmZ2d84AAwEF
Package discontinued because Bitly lowered the free quota
Ecosystems: pypi
Packages: bitlyshortener
Source: GitHub Advisory Database
Published: 2 months ago
Low
GSA_kwCzR0hTQS1qZjJwLTRncWotODQ5Z84AAwED
Temporary File Information Disclosure vulnerability in MPXJ
Ecosystems: pypi, nuget, maven
Packages: mpxj, net.sf.mpxj-for-vb, net.sf.mpxj-for-csharp, net.sf.mpxj, net.sf.mpxj:mpxj
Source: GitHub Advisory Database
Published: 2 months ago
Low
GSA_kwCzR0hTQS13NTczLTRoZzctN3dncc4AAwD1
decode-uri-component vulnerable to Denial of Service (DoS)
Ecosystems: npm
Packages: decode-uri-component
Source: GitHub Advisory Database
Published: 2 months ago
Low
GSA_kwCzR0hTQS04amg5LXdxcGYtcTUyY84AAwBV
sweetalert2 v8.19.1 and above contains hidden functionality
Ecosystems: npm
Packages: sweetalert2
Source: GitHub Advisory Database
Published: 2 months ago
Low
GSA_kwCzR0hTQS1wZzk4LTZ2N2YtMnhmds4AAwBU
sweetalert2 v9.17.4 and above contains hidden functionality
Ecosystems: npm
Packages: sweetalert2
Source: GitHub Advisory Database
Published: 2 months ago
Low
GSA_kwCzR0hTQS00NTdyLWNxYzgtOXZqOc4AAwBT
sweetalert2 v10.16.10 and above contains hidden functionality
Ecosystems: npm
Packages: sweetalert2
Source: GitHub Advisory Database
Published: 2 months ago
Low
GSA_kwCzR0hTQS1xcTZoLTVnNmotcTNjbc4AAwBN
sweetalert2 v11.4.9 and above contains hidden functionality
Ecosystems: npm
Packages: sweetalert2
Source: GitHub Advisory Database
Published: 2 months ago
Low
GSA_kwCzR0hTQS1jcXZxLWZ2aHItdjZoY84AAv_Z
`CHECK` failure in `SobolSample` via missing validation
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Published: 2 months ago
Low
GSA_kwCzR0hTQS14ZjgzLXE3NjUteG02bc4AAv_Y
`CHECK` fail in `TensorListScatter` and `TensorListScatterV2` in eager mode
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Published: 2 months ago
Low
GSA_kwCzR0hTQS1xY2NtLXdtY3EtcHdyNs4AAv_M
Tailscale daemon is vulnerable to information disclosure via CSRF
Ecosystems: go
Packages: tailscale.com/cmd
Source: GitHub Advisory Database
Published: 2 months ago
Low
GSA_kwCzR0hTQS0zeGc4LWNjOGYtOXd2Ms4AAv9V
Unsanitized input leading to code injection in Dalli
Ecosystems: rubygems
Packages: dalli
Source: GitHub Advisory Database
Published: 2 months ago
Low
GSA_kwCzR0hTQS12cDM1LTg1cTUtOWYyNc4AAv0i
Container build can leak any path on the host into the container
Ecosystems: go
Packages: github.com/moby/moby
Source: GitHub Advisory Database
Published: 3 months ago
Low
GSA_kwCzR0hTQS05Zm1jLTVmcTQtNWp3aM4AAvx0
HashiCorp Nomad vulnerable to Insufficient Session Expiration
Ecosystems: go
Packages: github.com/hashicorp/nomad
Source: GitHub Advisory Database
Published: 3 months ago
Low
GSA_kwCzR0hTQS1xOXd2LTIybTktdmhxaM4AAvvi
Tauri Filesystem Scope can be Partially Bypassed
Ecosystems: cargo
Packages: Tauri
Source: GitHub Advisory Database
Published: 3 months ago
Low
GSA_kwCzR0hTQS1mcHBxLW1qNzYtZnBqMs4AAvrA
fluentd vulnerable to remote code execution due to insecure deserialization (in non-default configuration)
Ecosystems: rubygems
Packages: fluentd
Source: GitHub Advisory Database
Published: 3 months ago
Low
GSA_kwCzR0hTQS05Y2hyLTRmamgtNXJnd84AAvjh
Cross-site Scripting in actionpack
Ecosystems: rubygems
Packages: actionpack
Source: GitHub Advisory Database
Published: 3 months ago
Low
GSA_kwCzR0hTQS13aHB4LXEzcnEtdzhqY84AAve6
Hardening of TypedArrays with non-canonical numeric property names in SES
Ecosystems: npm
Packages: ses
Source: GitHub Advisory Database
Published: 3 months ago
Low
GSA_kwCzR0hTQS1mOWY5LTRyNjMtNHFjY84AAvda
Non-constant time webhook token comparison in Jenkins GitLab Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:gitlab-plugin
Source: GitHub Advisory Database
Published: 3 months ago
Low
GSA_kwCzR0hTQS0yanh4LTJ4OTMtMnEyZs4AAvdu
Non-constant time webhook token comparison in Jenkins Generic Webhook Trigger Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:generic-webhook-trigger
Source: GitHub Advisory Database
Published: 3 months ago
Low
GSA_kwCzR0hTQS1tZjRwLXdqcm0tY21qcM4AAvdJ
AWS secrets displayed without masking by Jenkins S3 Explorer Plugin
Ecosystems: maven
Packages: io.jenkins.plugins:s3explorer
Source: GitHub Advisory Database
Published: 3 months ago
Low
GSA_kwCzR0hTQS1qam1nLXg0NTYtdzk3Ns4AAvOC
Incorrect default cookie name and recommendation
Ecosystems: npm
Packages: csrf-csrf
Source: GitHub Advisory Database
Published: 4 months ago
Low
GSA_kwCzR0hTQS05Z3A3LTY4MzMtd3Y4Oc4AAvLw
etcd having a negative value for cluster node size results in an index out-of-bound panic during service discovery
Ecosystems: go
Packages: go.etcd.io/etcd/client/v3
Source: GitHub Advisory Database
Published: 4 months ago
Low
GSA_kwCzR0hTQS01MjhqLTlyNzgtd2ZmeM4AAvLv
etcd user credentials are stored in WAL logs in plaintext
Ecosystems: go
Packages: go.etcd.io/etcd/client/v3
Source: GitHub Advisory Database
Published: 4 months ago
Low
GSA_kwCzR0hTQS1oOGc5LTZndmgtNW1yY84AAvLt
etcd vulnerable to TOCTOU of gateway endpoint authentication
Ecosystems: go
Packages: go.etcd.io/etcd/v3
Source: GitHub Advisory Database
Published: 4 months ago
Low
GSA_kwCzR0hTQS03NDVwLXI2MzctN3Z2cM4AAvLo
Codeigniter4's Secure or HttpOnly flag set in Config\Cookie is not reflected in Cookies issued
Ecosystems: packagist
Packages: codeigniter4/framework
Source: GitHub Advisory Database
Published: 4 months ago
Low
GSA_kwCzR0hTQS1tZ3Z2LTVteHAteHE2N84AAvJx
SQLite3 addresses vulnerability in packaged version of libsqlite
Ecosystems: rubygems
Packages: sqlite3
Source: GitHub Advisory Database
Published: 4 months ago
Low
GSA_kwCzR0hTQS1qeDdjLTdtajUtOTQzOM4AAvGq
Apache Tomcat Race Condition vulnerability
Ecosystems: maven
Packages: org.apache.tomcat:tomcat
Source: GitHub Advisory Database
Published: 4 months ago
Low
GSA_kwCzR0hTQS1xcTI5LTV2amgtdnh3cs4AAvFY
rdiffweb vulnerable to Improper Cleanup on Thrown Exception
Ecosystems: pypi
Packages: rdiffweb
Source: GitHub Advisory Database
Published: 4 months ago
Low
GSA_kwCzR0hTQS00OXdtLTRmcDYtaDU5Y84AAu_E
OctoPrint vulnerable to Unrestricted Upload of File with Dangerous Type
Ecosystems: pypi
Packages: OctoPrint
Source: GitHub Advisory Database
Published: 4 months ago
Low
GSA_kwCzR0hTQS1qN3h2LWZjNDYtaGdwZ84AAu-q
Jenkins BigPanda Notifier Plugin stores BigPanda API key unencrypted
Ecosystems: maven
Packages: org.jenkins-ci.plugins:bigpanda-jenkins
Source: GitHub Advisory Database
Published: 4 months ago
Low
GSA_kwCzR0hTQS1mbXE5LXI0cDItODI3Ms4AAu-R
API token stored in plain text by Jenkins CONS3RT Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:cons3rt
Source: GitHub Advisory Database
Published: 4 months ago
Low
GSA_kwCzR0hTQS1jcG01LWNxcjktN3A3Oc4AAu-U
Jenkins BigPanda Notifier Plugin Missing Password Field Masking
Ecosystems: maven
Packages: org.jenkins-ci.plugins:bigpanda-jenkins
Source: GitHub Advisory Database
Published: 4 months ago
Low
GSA_kwCzR0hTQS1mdjd4LXY2N3ctY3Zxds4AAu-J
Spring Data REST can expose hidden entity attributes
Ecosystems: maven
Packages: org.springframework.data:spring-data-rest-core
Source: GitHub Advisory Database
Published: 4 months ago
Low
GSA_kwCzR0hTQS1yNjU3LTMzdnAtZ3AyMs4AAu9-
parse-server auth adapter app ID validation can be circumvented
Ecosystems: npm
Packages: parse-server
Source: GitHub Advisory Database
Published: 4 months ago
Low
GSA_kwCzR0hTQS0yOHI5LXBxNGMtd3AzY84AAu94
personnummer/rust vulnerable to Improper Input Validation
Ecosystems: cargo
Packages: personnummer
Source: GitHub Advisory Database
Published: 4 months ago
Low
GSA_kwCzR0hTQS1jcmY4LWgyd3EtMmg5eM4AAu9N
WASM3 Improper Input Validation vulnerability
Ecosystems: cargo, pypi
Packages: wasm3, pywasm3
Source: GitHub Advisory Database
Published: 4 months ago
Low
GSA_kwCzR0hTQS00eGg0LXYycHEtanZobc4AAu6V
personnummer/dart vulnerable to Improper Input Validation
Ecosystems: pub
Packages: personnummer
Source: GitHub Advisory Database
Published: 4 months ago
Low
GSA_kwCzR0hTQS05ZndmLTQ2ZzktNDVyeM4AAu5V
Denial of Service via stack overflow
Ecosystems: maven
Packages: com.fasterxml.woodstox:woodstox-core
Source: GitHub Advisory Database
Published: 4 months ago
Low
GSA_kwCzR0hTQS0zbXE1LWZxOWgtZ2o3as4AAu55
Denial of Service due to parser crash
Ecosystems: maven
Packages: com.thoughtworks.xstream:xstream
Source: GitHub Advisory Database
Published: 4 months ago
Low
GSA_kwCzR0hTQS01aGM1LWMzbTktOHZjas4AAu53
Denial of Service via stack overflow
Ecosystems: maven
Packages: com.fasterxml.woodstox:woodstox-core
Source: GitHub Advisory Database
Published: 4 months ago
Low
GSA_kwCzR0hTQS00cnY3LXdqNm0tNmM2cs4AAu54
Denial of Service due to parser crash
Ecosystems: maven
Packages: com.fasterxml.woodstox:woodstox-core
Source: GitHub Advisory Database
Published: 4 months ago
Low
GSA_kwCzR0hTQS0zZjdoLW1mNHEtdnJtNM4AAu5w
Denial of Service due to parser crash
Ecosystems: maven
Packages: com.fasterxml.woodstox:woodstox-core
Source: GitHub Advisory Database
Published: 4 months ago
Low
GSA_kwCzR0hTQS1nNDY4LXFqOGctdmNqY84AAu2P
TensorFlow vulnerable to `CHECK`-fail in `tensorflow::full_type::SubstituteFromAttrs`
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Published: 4 months ago
Low
GSA_kwCzR0hTQS1yaDg3LXE0dmctbTQ1as4AAu2M
TensorFlow vulnerable to integer overflow in math ops
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Published: 4 months ago
Low
GSA_kwCzR0hTQS03NHczLXA4OXgtZmZnaM4AAu19
ansi_term is Unmaintained
Ecosystems: cargo
Packages: ansi_term
Source: GitHub Advisory Database
Published: 4 months ago
Low
GSA_kwCzR0hTQS0zNjMzLTVoODItMzlwcc4AAu1W
Improper handling of different key IDs for the same public keys in attacker-controlled metadata
Ecosystems: go
Packages: github.com/theupdateframework/go-tuf
Source: GitHub Advisory Database
Published: 4 months ago
Low
GSA_kwCzR0hTQS1yZmoyLXEzaDMtaG01as4AAu1O
Cargo extracting malicious crates can corrupt arbitrary files
Ecosystems: cargo
Packages: cargo
Source: GitHub Advisory Database
Published: 4 months ago
Low
GSA_kwCzR0hTQS03ZjN4LTJ3Y3gtaHd3OM4AAuz9
steal vulnerable to Regular Expression Denial of Service via input variable in main.js
Ecosystems: npm
Packages: steal
Source: GitHub Advisory Database
Published: 5 months ago
Low
GSA_kwCzR0hTQS1yN3ZxLTY0MjUtajk0d84AAuz1
Python-TUF vulnerable to incorrect threshold signature computation for new root metadata
Ecosystems: pypi
Packages: tuf
Source: GitHub Advisory Database
Published: 5 months ago
Low
GSA_kwCzR0hTQS1ydmdtLTM1anctcTYyOM4AAujy
Improper Control of Generation of Code ('Code Injection') in mdx-mermaid
Ecosystems: npm
Packages: mdx-mermaid
Source: GitHub Advisory Database
Published: 5 months ago
Low
GSA_kwCzR0hTQS01Nng0LWo3cDktZmNmOc4AAui0
Command Injection in moment-timezone
Ecosystems: npm
Packages: moment-timezone
Source: GitHub Advisory Database
Published: 5 months ago
Low
GSA_kwCzR0hTQS13ODhtLTI5MzYtcm14cs4AAuf5
wildfly-core allows user with access to management interface to access vault expression, retrieve item from vault
Ecosystems: maven
Packages: org.wildfly.core:wildfly-server
Source: GitHub Advisory Database
Published: 5 months ago
Low
GSA_kwCzR0hTQS1xaDg3LTJxdmgtNWpmOM4AAuZa
RabbitMQ password stored in plain text by Jenkins CollabNet Plugins Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:collabnet
Source: GitHub Advisory Database
Published: 5 months ago
Low
GSA_kwCzR0hTQS01dzV4LXE5cDUtOXFnM84AAuBj
OctoPrint 1.7.3 does not have rate limiting on the login page
Ecosystems: pypi
Packages: OctoPrint
Source: GitHub Advisory Database
Published: 6 months ago
Low
GSA_kwCzR0hTQS1wNm1tLTI3Z3EtOXYzcM4AAt2a
next-auth before v4.10.2 and v3.29.9 leaks excessive information into log
Ecosystems: npm
Packages: next-auth
Source: GitHub Advisory Database
Published: 6 months ago
Low
GSA_kwCzR0hTQS02Z2ptLTZ3ajYtNHB4Nc4AAt2Y
Byobu user preference to prevent private discussions being started are not respected
Ecosystems: packagist
Packages: fof/byobu
Source: GitHub Advisory Database
Published: 6 months ago
Low
GSA_kwCzR0hTQS0zMmZmLTRnNzktdmdmY84AAtvO
Flask-AppBuilder before v4.1.3 allows inference of sensitive information through query strings
Ecosystems: pypi
Packages: Flask-AppBuilder
Source: GitHub Advisory Database
Published: 6 months ago
Low
GSA_kwCzR0hTQS1teGNjLTdoNW0teDU3cs4AAtsO
Jenkins GitHub plugin 1.34.4 uses weak webhook signature function
Ecosystems: maven
Packages: com.coravy.hudson.plugins.github:github
Source: GitHub Advisory Database
Published: 6 months ago
Low
GSA_kwCzR0hTQS0ycWg2LWhodnYtbTJ3d84AAts9
Jenkins HTTP Request Plugin stores HTTP Request passwords unencrypted
Ecosystems: maven
Packages: org.jenkins-ci.plugins:http_request
Source: GitHub Advisory Database
Published: 6 months ago
Low
GSA_kwCzR0hTQS1xNzY4LXg5bTYtbTlxcM4AAtkI
undici before v5.8.0 vulnerable to uncleared cookies on cross-host / cross-origin redirect
Ecosystems: npm
Packages: undici
Source: GitHub Advisory Database
Published: 6 months ago
Low
GSA_kwCzR0hTQS13YzV2LXI0OHYtZzR2aM4AAtaF
Cilium host policy bypass in endpoint-routes mode with dual-stack
Ecosystems: go
Packages: github.com/cilium/cilium
Source: GitHub Advisory Database
Published: 7 months ago
Low
GSA_kwCzR0hTQS1wbWpnLTUyaDktNzJxds4AAtUK
Argo CD SSO users vulnerable to Cross-site Scripting
Ecosystems: go
Packages: github.com/argoproj/argo-cd
Source: GitHub Advisory Database
Published: 7 months ago
Low
GSA_kwCzR0hTQS1jajd2LTI3cGctd2Y3cc4AAtJM
Jetty invalid URI parsing may produce invalid HttpURI.authority
Ecosystems: maven
Packages: org.eclipse.jetty:jetty-http
Source: GitHub Advisory Database
Published: 7 months ago
Low
GSA_kwCzR0hTQS1ndm1yLW1wNXEtOXd2d84AAtDz
Plaintext Storage of a Password in Jenkins Skype notifier Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:skype-notifier
Source: GitHub Advisory Database
Published: 7 months ago
Low
GSA_kwCzR0hTQS13cHBwLXhxZnYtNmNtN84AAtDW
Token stored in plain text by Jenkins Cisco Spark Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:cisco-spark
Source: GitHub Advisory Database
Published: 7 months ago
Low
GSA_kwCzR0hTQS0zNmo4LWYzM2otdmp3cc4AAtDk
Passwords stored in plain text by Jenkins hpe-network-virtualization plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:hpe-network-virtualization
Source: GitHub Advisory Database
Published: 7 months ago
Low
GSA_kwCzR0hTQS1oNWczLXY3MngtaGM2Zs4AAtEE
Plaintext Storage of a Password in Jenkins Jigomerge Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:jigomerge
Source: GitHub Advisory Database
Published: 7 months ago
Low
GSA_kwCzR0hTQS1tNTlxLXZncTktNzVjcs4AAtD2
Password stored in plain text by Jenkins RQM Plugin
Ecosystems: maven
Packages: net.praqma:rqm-plugin
Source: GitHub Advisory Database
Published: 7 months ago
Low
GSA_kwCzR0hTQS1oNWg1LW0ybWMtajJwds4AAtDK
Plaintext Storage of a Password in Jenkins Elasticsearch Query Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:elasticsearch-query
Source: GitHub Advisory Database
Published: 7 months ago
Low
GSA_kwCzR0hTQS01NmhjLXdmNDktMmg5Ns4AAtDx
Plaintext Storage of a Password in Jenkins Deployment Dashboard Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:ec2-deployment-dashboard
Source: GitHub Advisory Database
Published: 7 months ago
Low
GSA_kwCzR0hTQS12M3I4LTZ2ZmotcHBwZs4AAtDC
Plaintext Storage of a Password in Jenkins Build Notifications Plugin
Ecosystems: maven
Packages: tools.devnull:build-notifications
Source: GitHub Advisory Database
Published: 7 months ago
Low
GSA_kwCzR0hTQS03Mjk4LXc1NGotcTd3bc4AAtEC
Cleartext Storage of Sensitive Information in Jenkins Build Notifications Plugin
Ecosystems: maven
Packages: tools.devnull:build-notifications
Source: GitHub Advisory Database
Published: 7 months ago
Low
GSA_kwCzR0hTQS1wZ3A5LXg4M2ctdjh4OM4AAtDV
Plaintext Storage of a Password in Jenkins RocketChat Notifier Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:rocketchatnotifier
Source: GitHub Advisory Database
Published: 7 months ago
Low
GSA_kwCzR0hTQS02cTh2LTJodm0tZngzN84AAs_h
Apache Tika contains incomplete fix for regex DoS
Ecosystems: maven
Packages: org.apache.tika:tika
Source: GitHub Advisory Database
Published: 7 months ago
Low
GSA_kwCzR0hTQS1tMnd3LTZ3djYtdnczY84AAs-f
Cross site scripting in Concrete CMS
Ecosystems: packagist
Packages: concrete5/core
Source: GitHub Advisory Database
Published: 7 months ago
Low
GSA_kwCzR0hTQS05aDc5LTVtMmYtbXFqMs4AAs7y
Squash TM Publisher (Squash4Jenkins) Plugin stores passwords stored in plain text
Ecosystems: maven
Packages: org.jenkins-ci.plugins:squashtm-publisher
Source: GitHub Advisory Database
Published: 7 months ago
Filter by Package
tensorflow 109 tensorflow-cpu 93 tensorflow-gpu 93 shopware/platform 12 shopware/core 10 org.jenkins-ci.main:jenkins-core 5 baserproject/basercms 5 org.apache.tomcat:tomcat 5 october/backend 5 ansible 5 simplesamlphp/simplesamlphp 4 puppet 4 matrix-synapse 4 sweetalert2 4 com.fasterxml.woodstox:woodstox-core 4 electron 4 actionpack 4 shopware/shopware 4 helm.sh/helm 4 helm.sh/helm/v3 4 passenger 3 bin-links 3 rack 3 node-forge 3 org.apache.hive:hive-service 3 org.apache.hive:hive-exec 3 org.apache.hive:hive 3 com.vaadin:vaadin-bom 3 com.vaadin:flow-server 3 github.com/nats-io/nats-server/v2 3 Flask-Security-Too 3 mautic/core 3 @openzeppelin/contracts-upgradeable 2 vyper 2 public 2 go.etcd.io/etcd/client/v3 2 org.jenkins-ci.plugins:artifactory 2 phpmailer/phpmailer 2 sylius/sylius 2 typo3/cms-backend 2 org.jenkins-ci.plugins:ec2 2 october/cms 2 typo3/cms-core 2 org.xwiki.platform:xwiki-platform-oldcore 2 org.jenkins-ci.plugins:bigpanda-jenkins 2 hekto 2 next-auth 2 github.com/cilium/cilium 2 tools.devnull:build-notifications 2 org.mapfish.print:print-lib 2 org.mapfish.print:print-servlet 2 org.mapfish.print:print-standalone 2 personnummer 2 node-ipc 2 parse-server 2 OctoPrint 2 grumpydictator/firefly-iii 2 k8s.io/kubernetes 2 helm.sh/helm/v3/pkg/plugin 2 braces 2 httplib2 2 org.jenkins-ci.plugins:quality-gates 1 puma 1 suds 1 Flask-AppBuilder 1 rdiffweb 1 org.jenkins-ci.plugins:support-core 1 com.hoiio.jenkins:sms 1 org.jenkins-ci.plugins:skytap 1 org.jenkins-ci.plugins:elastest 1 com.openmake:deployhub 1 org.jenkins-ci.plugins:build-with-parameters 1 com.thoughtworks.xstream:xstream 1 org.jenkins-ci.plugins:hp-quality-center 1 org.jenkins-ci.plugins:StashBranchParameter 1 io.jenkins.plugins:s3explorer 1 org.jenkins-ci.plugins:gitlab-plugin 1 github.com/hashicorp/vault 1 org.jenkins-ci.plugins:labmanager 1 org.jenkins-ci.plugins:couchdb-statistics 1 com.rapid7:jenkinsci-appspider-plugin 1 flarum/core 1 send 1 rest-client 1 paratrooper-pingdom 1 hyper 1 org.jenkins-ci.plugins:zephyr-for-jira-test-management 1 io.ratpack:ratpack-groovy 1 paratrooper-newrelic 1 sensu 1 Plone 1 egg-scripts 1 randomatic 1 merge 1 http-signature 1 org.postgresql:postgresql 1 nemo_toolkit 1 clean-css 1 superagent 1 lodash 1 assign-deep 1 react-dom 1 org.springframework.batch:spring-batch-core 1 github.com/kubernetes/kubernetes/pkg/volume/storageos 1 merge-deep 1 github.com/traefik/traefik/v2 1 wagtail 1 opencv 1 sequelize-cli 1 express-basic-auth 1 moodle/moodle 1 loguru 1 io.ratpack:ratpack-java 1 sqlite3 1 com.linecorp.armeria:armeria 1 django-user-sessions 1 io.ktor:ktor-client-cio 1 io.ktor:ktor-server-cio 1 org.opencastproject:opencast-common-jpa-impl 1 eye.js 1 EnumStringValues 1 dojox 1 symfony/http-foundation 1 github.com/docker/distribution 1 com.convertigo.jenkins.plugins:convertigo-mobile-platform 1 django-basic-auth-ip-whitelist 1 com.mtvi.plateng.hudson:ldapemail 1 org.apache.logging.log4j:log4j 1 rubocop 1 org.apache.logging.log4j:log4j-core 1 openapi-python-client 1 auth0-lock 1 npm 1 qutebrowser 1 gitbook 1 m-server 1 timespan 1 hooka-tools 1 njwt 1 ascii-art 1 merge-objects 1 bigint-money 1 put 1 marked 1 graphql-shield 1 apostrophe 1 express-fileupload 1 type-graphql 1 personnummer 1 personnummer/personnummer 1 node-fetch 1 personnummer 1 solidus_backend 1 org.jenkins-ci.plugins:s3 1 org.jenkins-ci.plugins:sonar-quality-gates 1 com.inflectra.spiratest.plugins:inflectra-spira-integration 1 mixin-deep 1 npm-user-validate 1 markdown-link-extractor 1 silverstripe/silverstripe-omnipay 1 dependabot-omnibus 1 dependabot-common 1 org.http4s:http4s-async-http-client_2.12 1 amundsen-frontend 1 fast-csv 1 @fast-csv/parse 1 datasette-graphql 1 vega 1 tlslite-ng 1 tinymce 1 HtmlSanitizer 1 github.com/moby/moby 1 ws 1 com.amazonaws:aws-dynamodb-encryption-java 1 carrierwave 1 october/rain 1 mcstatic 1 matrix-react-sdk 1 fastify-http-proxy 1 Products.PluggableAuthService 1 Products.GenericSetup 1 com.google.crypto.tink:tink 1 org.http4s:http4s-async-http-client_2.13 1 tech.pegasys.discovery:discovery 1 twig/twig 1 django-registration 1 org.eclipse.jetty:jetty-deploy 1 prestashop/productcomments 1 com.typesafe.play:play 1 pwweb/laravel-core 1 Simple-Wayland-HotKey-Daemon 1 io.swagger:swagger-codegen 1 github.com/jaegertracing/jaeger/pkg/kafka/auth 1 opencart/opencart 1 lexik/jwt-authentication-bundle 1 chownr 1 cargo 1 org.keycloak:keycloak-services 1 debug 1 octokit 1 org.wildfly:wildfly-parent 1 github.com/oauth2-proxy/oauth2-proxy/v7 1 org.bouncycastle:bcprov-jdk14 1 github.com/moov-io/customers 1 rabbit_common 1 github.com/oauth2-proxy/oauth2-proxy 1 github.com/cloudflare/tableflip 1 sqlite3-ruby 1 github.com/aws/aws-sdk-go/service/s3/s3crypto 1 github.com/opencontainers/runc 1 helm.sh/helm/v3/pkg/plugin/installer 1 lazysizes 1 croogo/croogo 1 @redocly/openapi-cli 1 swift 1 github.com/tendermint/tendermint/p2p 1 org.eclipse.jetty:jetty-server 1 helm.sh/helm/v3/pkg/chartutil 1 pleaser 1 github.com/goharbor/harbor 1 org.xwiki.platform:xwiki-platform-security-authentication-script 1 com.datadoghq:datadog-api-client 1 cli 1 is-my-json-valid 1 org.jenkins-ci.plugins:credentials-binding 1 web3 1 github.com/opencontainers/image-spec 1 show_in_browser 1 org.jboss.fuse:jboss-fuse 1 github.com/nats-io/jwt 1 github.com/argoproj/argo-workflows/v3 1 sailsjs-cacheman 1 cryptoauthlib 1 pydantic 1 symfony/security-http 1 symfony/symfony 1 github.com/foxcpp/maddy 1 org.jenkins-ci.plugins:ec2-deployment-dashboard 1 org.bouncycastle:bcprov-jdk15 1 github.com/Masterminds/goutils 1 org.jenkins-ci.plugins:jigomerge 1 tuf 1 jupyterhub 1 snipe/snipe-it 1 org.elasticsearch:elasticsearch 1 github.com/opencontainers/distribution-spec 1 github.com/containerd/containerd 1 tusdotnet 1 @liquity/contracts 1 org.apache.activemq:activemq-parent 1 ssddanbrown/bookstack 1 org.jenkins-ci.plugins:parameterized-trigger 1 remdex/livehelperchat 1 org.opencastproject:opencast-common 1 org.jenkins-ci.plugins:elasticsearch-query 1 pocketmine/pocketmine-mp 1 com.google.guava:guava 1 jsx-slack 1 org.apache.activemq:activemq-openwire-generator 1 github.com/cloudflare/cfrpki/cmd/octorpki 1 github.com/sigstore/cosign 1 microweber/microweber 1 by.dev.madhead.doktor:doktor 1 steal 1 pywasm3 1 undici 1 personnummer 1 jquery.terminal 1 wasm3 1 Pillow 1 redis-commander 1 httpie 1 markdown 1 fluentd 1 statamic/cms 1 RPD:bmc-rpd 1 net.sf.mpxj 1 net.sf.mpxj-for-csharp 1 net.sf.mpxj-for-vb 1 mpxj 1 craftcms/cms 1 net.sf.mpxj:mpxj 1 yourls/yourls 1 decode-uri-component 1 github.com/rancher/rancher 1 org.keycloak:keycloak-oidc-client-adapter-pom 1 github.com/personnummer/go 1 org.springframework.integration:spring-integration-xml 1 org.springframework.integration:spring-integration-ws 1 electron-packager 1 helm.sh/helm/v3/pkg/repo 1 org.jenkins-ci.plugins:git-client 1 gogs.io/gogs 1 jquery-validation 1 semver-regex 1 org.jenkins-ci.plugins:jira-steps 1 struts:struts 1 org.jenkins-ci.plugins:github-pr-coverage-status 1 safeurl-python 1 octopoller 1