Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Low Security Advisories

Loading...
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXc0cGotN3A2OC0zdmd2
Stored XSS in October
Ecosystems: packagist
Packages: october/backend
Source: GitHub Advisory Database
Blast Radius: 8.8
Published: over 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXc1MzQtcTR4Zi1oNXYy
XSS in Mapfish Print relating to JSONP support
Ecosystems: maven
Packages: org.mapfish.print:print-standalone, org.mapfish.print:print-servlet, org.mapfish.print:print-lib
Source: GitHub Advisory Database
Blast Radius: 17.7
Published: almost 4 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZ2cnYtOTRqdi1jcnJn
Context isolation bypass via Promise in Electron
Ecosystems: npm
Packages: electron
Source: GitHub Advisory Database
Blast Radius: 33.8
Published: almost 4 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTNwYzItZm03cC1xMnZn
Cross-site Scripting in October
Ecosystems: packagist
Packages: october/backend
Source: GitHub Advisory Database
Blast Radius: 9.3
Published: almost 4 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW0zOGotcG1nMy12NXg1
Timing attack on django-basic-auth-ip-whitelist
Ecosystems: pypi
Packages: django-basic-auth-ip-whitelist
Source: GitHub Advisory Database
Blast Radius: 3.3
Published: almost 4 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTc3cXYtZ2g2Zi1wZ2g0
Command Injection in Limdu
Ecosystems: npm
Packages: limdu
Source: GitHub Advisory Database
Blast Radius: 5.8
Published: almost 4 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWN4amMtcjJmcC03bXE2
Cross-site Scripting in dijit editor's LinkDialog plugin
Ecosystems: npm
Packages: dijit
Source: GitHub Advisory Database
Blast Radius: 11.2
Published: almost 4 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZ3cXEtNXZyYy14dzlo
Improper validation of certificate with host mismatch in Apache Log4j SMTP appender
Ecosystems: maven
Packages: org.apache.logging.log4j:log4j-core, org.apache.logging.log4j:log4j
Source: GitHub Advisory Database
Blast Radius: 18.2
Published: almost 4 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTk3MjItcnI2OC1yZnBn
Upload whitelisted files to any directory in OctoberCMS
Ecosystems: packagist
Packages: october/cms
Source: GitHub Advisory Database
Blast Radius: 8.5
Published: almost 4 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWdnODQtcWd2OS13NHBx
CRLF injection in httplib2
Ecosystems: pypi
Packages: httplib2
Source: GitHub Advisory Database
Blast Radius: 31.9
Published: almost 4 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXI4NTQtOTZncS1yZmcz
Pillow Temporary file name leakage
Ecosystems: pypi
Packages: Pillow
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 4 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTM0N3gtODc3cC1oY3d4
Information Disclosure in Password Reset
Ecosystems: packagist
Packages: typo3/cms, typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 13.3
Published: almost 4 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTRyY3EtanYyZi04OThq
Incorrect Provision of Specified Functionality in qutebrowser
Ecosystems: pypi
Packages: qutebrowser
Source: GitHub Advisory Database
Blast Radius: 4.6
Published: almost 4 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTI0bTMtdzhnOS1qd3Bx
Information disclosure of source code in SimpleSAMLphp
Ecosystems: packagist
Packages: simplesamlphp/simplesamlphp
Source: GitHub Advisory Database
Blast Radius: 7.5
Published: about 4 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW1jeDQtZjVmNS00ODU5
Prevent cache poisoning via a Response Content-Type header in Symfony
Ecosystems: packagist
Packages: symfony/symfony, symfony/http-foundation
Source: GitHub Advisory Database
Blast Radius: 14.9
Published: about 4 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW1yNnItbXZ3NC03MzZn
Vyper interfaces returning integer types less than 256 bits can be manipulated if uint256 is used
Ecosystems: pypi
Packages: vyper
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 4 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTNodzUtcTg1NS1nNmN3
Prototype Pollution in Dojox
Ecosystems: npm
Packages: dojox
Source: GitHub Advisory Database
Blast Radius: 22.2
Published: about 4 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTczOG0tZjMzdi1xYzJy
SMTP Injection in PHPMailer
Ecosystems: packagist
Packages: phpmailer/phpmailer
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 4 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXByZzUtaGcyNS04Z3Jx
Ability to switch channels via GET parameter enabled in production environments
Ecosystems: packagist
Packages: sylius/sylius
Source: GitHub Advisory Database
Blast Radius: 12.6
Published: about 4 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWgzNjItbThmMi01eDdj
Password Hashing: Do not use MD5
Ecosystems: maven
Packages: org.opencastproject:opencast-common-jpa-impl
Source: GitHub Advisory Database
Blast Radius: 11.9
Published: about 4 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXhycjktcmg4cC00MzN2
Request smuggling is possible when both chunked TE and content length specified
Ecosystems: maven
Packages: io.ktor:ktor-server-cio, io.ktor:ktor-client-cio
Source: GitHub Advisory Database
Blast Radius: 16.6
Published: over 4 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJyM3YtcTl4My03ZzQ2
Link injection in SimpleSAMLphp
Ecosystems: packagist
Packages: simplesamlphp/simplesamlphp
Source: GitHub Advisory Database
Blast Radius: 9.3
Published: over 4 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW1qOXAtdjJyOC13Zjh3
Cross-site scripting in SimpleSAMLphp
Ecosystems: packagist
Packages: simplesamlphp/simplesamlphp
Source: GitHub Advisory Database
Blast Radius: 11.0
Published: over 4 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZnYzYtbTM2NC04NXd3
Log injection in SimpleSAMLphp
Ecosystems: packagist
Packages: simplesamlphp/simplesamlphp
Source: GitHub Advisory Database
Blast Radius: 11.0
Published: over 4 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTVmcTgtM3EyZi00bTVn
Session key exposure through session list in Django User Sessions
Ecosystems: pypi
Packages: django-user-sessions
Source: GitHub Advisory Database
Blast Radius: 13.6
Published: over 4 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTg0NHctajg2ci00eDJq
Heap buffer overflow in `UnsortedSegmentSum` in TensorFlow
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 12.7
Published: over 4 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTNmanEtOTN4ai0zZjNm
Cross-Site Scripting in serialize-to-js
Ecosystems: npm
Packages: serialize-to-js
Source: GitHub Advisory Database
Blast Radius: 14.8
Published: over 4 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTNyOGotcG1jaC01ajJo
Internal exception message exposure for login action in Sylius
Ecosystems: packagist
Packages: sylius/sylius
Source: GitHub Advisory Database
Blast Radius: 10.1
Published: over 4 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTI0cjgtZm05ci1jcGoy
Low severity vulnerability that affects com.linecorp.armeria:armeria
Ecosystems: maven
Packages: com.linecorp.armeria:armeria
Source: GitHub Advisory Database
Blast Radius: 11.5
Published: over 4 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZyNTgtNHhnci1nbTZt
SilverStripe Priviledge escalation through cache pollution
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 9.8
Published: over 4 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW1ndjItNTd2ai05OXhj
Low severity vulnerability that affects eye.js
Ecosystems: npm
Packages: eye.js
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 4 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTg1cmYteGg1NC13aHAz
Malicious URL drafting attack against iodines static file server may allow path traversal
Ecosystems: rubygems
Packages: iodine
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 4 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTltcnEtY2pnaC0zMmcy
Low severity vulnerability that affects smartbanner.js
Ecosystems: npm
Packages: smartbanner.js
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 4 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJ4d3YtM2NjOS1mcDdj
Sensitive Data Exposure in seneca
Ecosystems: npm
Packages: seneca
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 4 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTV3NjUtNjg3NS1yaHE4
Undefined Behavior in sailsjs-cacheman
Ecosystems: npm
Packages: sailsjs-cacheman
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 4 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTR2cjMtOXY3aC01Zjh2
Low severity vulnerability that affects Gw2Sharp
Ecosystems: nuget
Packages: Gw2Sharp
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 5 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWMzNXYtcXdxZy04N2pj
express-basic-auth Timing Attack due to native string comparison instead of constant time string comparison
Ecosystems: npm
Packages: express-basic-auth
Source: GitHub Advisory Database
Blast Radius: 11.2
Published: almost 5 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWc5NWYtcDI5cS05eHc0
Regular Expression Denial of Service in braces
Ecosystems: npm
Packages: braces
Source: GitHub Advisory Database
Blast Radius: 22.5
Published: almost 5 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXd4aHEtcG04di1jdzc1
Regular Expression Denial of Service in clean-css
Ecosystems: npm
Packages: clean-css
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 5 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTN4YzcteGc2Ny1wdzk5
Sensitive Data Exposure in sequelize-cli
Ecosystems: npm
Packages: sequelize-cli
Source: GitHub Advisory Database
Blast Radius: 16.5
Published: almost 5 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWY2OTgtbTJ2OS01Zmgz
Command Injection in opencv
Ecosystems: npm
Packages: opencv
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 5 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWY3cjMtcDg2Ni1xOXFy
ircdkit vulnerable to Denial of Service due to unhandled connection end event
Ecosystems: npm
Packages: ircdkit
Source: GitHub Advisory Database
Blast Radius: 1.8
Published: almost 5 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTdqZmgtMnhjOS1jY3Y3
Cross-Site Scripting in public
Ecosystems: npm
Packages: public
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 5 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTI3djctcWhmdi1ycXE4
Insecure Credential Storage in web3
Ecosystems: npm
Packages: web3
Source: GitHub Advisory Database
Blast Radius: 16.3
Published: almost 5 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTU0bWctdmdycC1td3g5
Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in Ratpack
Ecosystems: maven
Packages: io.ratpack:ratpack-groovy, io.ratpack:ratpack-java, io.ratpack:ratpack-session
Source: GitHub Advisory Database
Blast Radius: 4.4
Published: almost 5 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXE0M20tZmZ3ci1ycGNj
SSL Validation Defaults to False in electron-packager
Ecosystems: npm
Packages: electron-packager
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 5 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJtaGgtdzZxOC01aHh3
Remote Memory Disclosure in ws
Ecosystems: npm
Packages: ws
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 5 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJyNWgtZ2g0eC04aHA5
Resources Downloaded over Insecure Protocol in igniteui
Ecosystems: npm
Packages: igniteui
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 5 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZjcGMtbWo1Yy1tOXJx
Arbitrary File Write in cli
Ecosystems: npm
Packages: cli
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 5 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTYzNTQtNm1odi1tdnY1
Regular Expression Denial of Service in jadedown
Ecosystems: npm
Packages: jadedown
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 5 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTN3YzgtNjU5Zy1yODhx
Low severity vulnerability that affects org.springframework.batch:spring-batch-core
Ecosystems: maven
Packages: org.springframework.batch:spring-batch-core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 5 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXdyNXItbThwYy04NWo5
Improper Restriction of XML External Entity Reference in org.springframework.integration:spring-integration-ws and org.springframework.integration:spring-integration-xml
Ecosystems: maven
Packages: org.springframework.integration:spring-integration-ws, org.springframework.integration:spring-integration-xml
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 5 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJ4bXItYzlqbS03bW04
Exposure of Sensitive Information to an Unauthorized Actor in Apache hive
Ecosystems: maven
Packages: org.apache.hive:hive-service, org.apache.hive:hive-exec, org.apache.hive:hive
Source: GitHub Advisory Database
Blast Radius: 12.9
Published: over 5 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXA2MzkteHh2NS1qMzgz
Incorrect Permission Assignment for Critical Resource in Apache hive
Ecosystems: maven
Packages: org.apache.hive:hive-service, org.apache.hive:hive-exec, org.apache.hive:hive
Source: GitHub Advisory Database
Blast Radius: 12.9
Published: over 5 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXc0eDktNGY1eC04amo4
Low severity vulnerability that affects org.apache.hive:hive-exec, org.apache.hive:hive, and org.apache.hive:hive-service
Ecosystems: maven
Packages: org.apache.hive:hive-exec, org.apache.hive:hive-service, org.apache.hive:hive
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 5 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWZqcW0tMjQ2Yy1td3Fn
In Bouncy Castle JCE Provider the other party DH public key is not fully validated
Ecosystems: maven
Packages: org.bouncycastle:bcprov-jdk15, org.bouncycastle:bcprov-jdk14
Source: GitHub Advisory Database
Blast Radius: 11.1
Published: over 5 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXF3OHctMnhjcC14ZzU5
Insecure use of temporary files in Phusion passenger
Ecosystems: rubygems
Packages: passenger
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 5 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWM3ajctcDVqcS0yNmZm
Insecure use of temporary files in passenger
Ecosystems: rubygems
Packages: passenger
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 5 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWZ4d3YtOTUzcC03cXBm
Phusion Passenger allows remote attackers to spoof headers
Ecosystems: rubygems
Packages: passenger
Source: GitHub Advisory Database
Blast Radius: 13.0
Published: over 5 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTRxNTMtZnFoYy1jcjQ2
ember-source Cross-site Scripting vulnerability
Ecosystems: rubygems
Packages: ember-source
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 5 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWd4cGotY3g3Zy04NThj
Regular Expression Denial of Service in debug
Ecosystems: npm
Packages: debug
Source: GitHub Advisory Database
Blast Radius: 22.8
Published: over 5 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWg2aHEtYzg5Ni13ODgy
Low severity vulnerability that affects Plone
Ecosystems: pypi
Packages: Plone
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 6 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXdtamYtanBqai05ZjNq
RuboCop gem Insecure use of /tmp
Ecosystems: rubygems
Packages: rubocop
Source: GitHub Advisory Database
Blast Radius: 16.7
Published: over 6 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWM1cXEtZzY3My01cDQ5
Puppet allows local users to overwrite arbitrary files via a symlink attack
Ecosystems: rubygems
Packages: puppet
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 6 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZ4ZjYtdzltcC05NWht
Puppet supports use of IP addresses in certnames without warning of potential risks
Ecosystems: rubygems
Packages: puppet
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 6 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZ4NDYtN3Jydi1tNGg4
sqlite3-ruby uses weak permissions for unspecified files, which allows local users to gain privileges
Ecosystems: rubygems
Packages: sqlite3-ruby
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 6 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLThqeGotOXI1Zi13M20y
Puppet allows local users to obtain sensitive configuration information
Ecosystems: rubygems
Packages: puppet
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 6 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWc4OW0tM3dqdy1oODU3
Puppet vulnerable to Path Traversal
Ecosystems: rubygems
Packages: puppet
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 6 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW14OWYtdzhxcS1xNWpm
rest-client allows local users to obtain sensitive information by reading the log
Ecosystems: rubygems
Packages: rest-client
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 6 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXh3ZzQtOTNjNi0zaDQy
Directory Traversal in send
Ecosystems: npm
Packages: send
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 6 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXA2OTItN21tMy0zZnhn
actionpack is vulnerable to remote bypass authentication
Ecosystems: rubygems
Packages: actionpack
Source: GitHub Advisory Database
Blast Radius: 22.0
Published: over 6 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTk1OWotNWc5di0zZnBx
Paratrooper-newrelic Exposes of Sensitive Information to an Unauthorized Actor
Ecosystems: rubygems
Packages: paratrooper-newrelic
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 6 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWZxcnItcnJ3Zy02OXB2
Local API Login Credentials Disclosure in paratrooper-pingdom
Ecosystems: rubygems
Packages: paratrooper-pingdom
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 6 years ago
Statistics
Advisories: 18,210
Packages: 8,253
Repositories: 431
Ecosystems: 12
Filter by Severity
Moderate 7,851 High 6,311 Critical 2,790 Low 973
Filter by Ecosystem
pypi 433 maven 276 packagist 172 npm 127 go 120 rubygems 48 cargo 39 nuget 19 hex 3 pub 1 swift 1 actions 1
Filter by Package
tensorflow 109 tensorflow-gpu 93 tensorflow-cpu 93 moodle/moodle 17 concrete5/concrete5 13 shopware/platform 12 typo3/cms 11 github.com/mattermost/mattermost/server/v8 10 shopware/core 10 phpmyadmin/phpmyadmin 10 org.jenkins-ci.main:jenkins-core 9 org.apache.tomcat:tomcat 9 matrix-synapse 7 vyper 7 Umbraco.CMS 6 puppet 6 rack 6 sweetalert2 5 wasmtime 5 ansible 5 helm.sh/helm/v3 5 k8s.io/kubernetes 5 october/backend 5 undici 5 baserproject/basercms 5 actionpack 4 org.keycloak:keycloak-services 4 com.vaadin:flow-server 4 helm.sh/helm 4 github.com/mattermost/mattermost-server/v6 4 magento/community-edition 4 typo3/cms-core 4 electron 4 github.com/cilium/cilium 4 shopware/shopware 4 simplesamlphp/simplesamlphp 4 go.etcd.io/etcd 3 com.vaadin:vaadin-bom 3 plone 3 @openzeppelin/contracts-upgradeable 3 github.com/cosmos/cosmos-sdk 3 org.graylog2:graylog2-server 3 ethyca-fides 3 passenger 3 nautobot 3 bin-links 3 ckb 3 httplib2 3 org.apache.hive:hive-exec 3 node-forge 3 cryptography 3 symfony/symfony 3 org.apache.hive:hive-service 3 org.apache.hive:hive 3 github.com/mattermost/mattermost-server 3 Pillow 2 s2n-quic 2 Zope 2 org.jenkins-ci.plugins:artifactory 2 gilacms/gila 2 flarum/core 2 cargo 2 @openzeppelin/contracts 2 org.jenkins-ci.plugins:mercurial 2 typo3/cms-frontend 2 github.com/ntbosscher/gobase 2 pip 2 org.jenkins-ci.plugins:azure-ad 2 microweber/microweber 2 silverstripe/framework 2 parse-server 2 org.jenkins-ci.plugins:bigpanda-jenkins 2 next-auth 2 winter/wn-backend-module 2 braces 2 github.com/authzed/spicedb 2 github.com/cometbft/cometbft 2 Flask-Security-Too 2 com.ruoyi:ruoyi 2 tuf 2 node-ipc 2 tools.devnull:build-notifications 2 github.com/opencontainers/runc 2 langchain 2 org.xwiki.platform:xwiki-platform-oldcore 2 Django 2 org.jenkins-ci.plugins:wso2id-oauth 2 symfony/security-http 2 OctoPrint 2 Flask-AppBuilder 2 october/cms 2 org.eclipse.jetty:jetty-server 2 activesupport 2 grumpydictator/firefly-iii 2 ezsystems/ezpublish-kernel 2 ezsystems/ezplatform-kernel 2 aiohttp 2 org.apache.activemq:activemq-parent 2 typo3/cms-install 2 org.jenkins-ci.plugins:ec2 2 github.com/sigstore/cosign 2 github.com/hashicorp/nomad 2 com.inedo.proget:inedo-proget 2 org.jenkins-ci.plugins:repository-connector 2 go.etcd.io/etcd/client/v3 2 vantage6 2 craftcms/cms 2 sylius/sylius 2 django 2 github.com/mutagen-io/mutagen 2 wagtail 2 @apollo/server 2 github.com/mattermost/mattermost-plugin-jira 2 github.com/answerdev/answer 2 moin 1 @liquity/contracts 1 github.com/Masterminds/goutils 1 rabbit_common 1 shescape 1 org.jenkins-ci.plugins:qmetry-for-jira-test-management 1 hyper 1 org.scala-sbt:io_2.12 1 org.scala-sbt:sbt 1 org.keycloak:keycloak-core 1 org.jenkins-ci.plugins:openshift-deployer 1 @diez/generation 1 horizon 1 org.scala-sbt:io_2.13 1 github.com/oauth2-proxy/oauth2-proxy 1 org.scala-sbt:io_3 1 github.com/oauth2-proxy/oauth2-proxy/v7 1 org.jenkins-ci.plugins:snsnotify 1 github.com/nats-io/nats-server/v2 1 io.swagger:swagger-codegen 1 io.quarkus.resteasy.reactive:resteasy-reactive-common 1 wiremock 1 io.jenkins.plugins:tuleap-oauth 1 zod 1 com.github.tomakehurst:wiremock-jre8-standalone 1 com.github.tomakehurst:wiremock-jre8 1 org.wiremock:wiremock 1 Werkzeug 1 django-basic-auth-ip-whitelist 1 qutebrowser 1 automad/automad 1 mindspore 1 go.elastic.co/apm 1 kafo 1 net.sf.mpxj:mpxj 1 net.sf.mpxj 1 net.sf.mpxj-for-csharp 1 net.sf.mpxj-for-vb 1 mpxj 1 keylime 1 zerocopy 1 francoisjacquet/rosariosis 1 RPLY 1 seneca 1 io.jenkins.plugins:frugal-testing 1 fastify-http-proxy 1 org.jenkins-ci.plugins:synopsys-coverity 1 contao/core-bundle 1 basti-cdk 1 io.jenkins.plugins:gitlab-branch-source 1 keystone 1 org.springframework.batch:spring-batch-core 1 org.jenkins-ci.plugins:ghprb 1 com.xuxueli:xxl-job-core 1 virtualenv 1 com.typesafe.play:play 1 ember-source 1 @aedart/support 1 streamlit 1 org.jenkins-ci.plugins:reverse-proxy-auth-plugin 1 flarum/framework 1 hooka-tools 1 datasette-graphql 1 org.keycloak:keycloak-server-spi-private 1 spina 1 admidio/admidio 1 phpmyfaq/phpmyfaq 1 solidus_backend 1 debug 1 org.keycloak:keycloak-parent 1 github.com/consensys/gnark-crypto 1 github.com/tendermint/tendermint 1 github.com/aws/aws-sdk-go 1 github.com/goharbor/harbor 1 croogo/croogo 1 @floffah/build 1 fast-xml-parser 1 es5-ext 1 org.xwiki.platform:xwiki-platform-security-authentication-script 1 github.com/canonical/lxd 1 njwt 1 ascii-art 1 merge-objects 1 bigint-money 1 put 1 apostrophe 1
Filter by Repository
https://github.com/tensorflow/tensorflow 109 https://github.com/moodle/moodle 17 https://github.com/concretecms/concretecms 13 https://github.com/shopware/platform 12 https://github.com/etcd-io/etcd 8 https://github.com/umbraco/Umbraco-CMS 7 https://github.com/matrix-org/synapse 7 https://github.com/vyperlang/vyper 7 https://github.com/phpmyadmin/phpmyadmin 7 https://github.com/eclipse/jetty.project 7 https://github.com/octobercms/october 7 https://github.com/rack/rack 6 https://github.com/rails/rails 6 https://github.com/ansible/ansible 5 https://github.com/sweetalert2/sweetalert2 5 https://github.com/helm/helm 5 https://github.com/nodejs/undici 5 https://github.com/kubernetes/kubernetes 5 https://github.com/keycloak/keycloak 5 https://github.com/bytecodealliance/wasmtime 5 https://github.com/baserproject/basercms 5 https://github.com/xwiki/xwiki-platform 5 https://github.com/puppetlabs/puppet 5 https://github.com/jenkinsci/jenkins 5 https://github.com/simplesamlphp/simplesamlphp 4 https://github.com/apache/tomcat 4 https://github.com/TYPO3/typo3 4 https://github.com/shopware/shopware 4 https://github.com/cilium/cilium 4 https://github.com/wintercms/winter 4 https://github.com/mattermost/mattermost 4 https://github.com/vaadin/platform 4 https://github.com/electron/electron 4 https://github.com/pyca/cryptography 3 https://github.com/httplib2/httplib2 3 https://github.com/digitalbazaar/forge 3 https://github.com/vaadin/flow 3 https://github.com/symfony/symfony 3 https://github.com/phusion/passenger 3 https://github.com/vantage6/vantage6 3 https://github.com/CVEProject/cvelist 3 https://github.com/Graylog2/graylog2-server 3 https://github.com/nervosnetwork/ckb 3 https://github.com/nautobot/nautobot 3 https://github.com/cosmos/cosmos-sdk 3 https://github.com/ethyca/fides 3 https://github.com/rust-lang/cargo 2 https://github.com/flarum/framework 2 https://github.com/jenkinsci/ec2-plugin 2 https://github.com/django/django 2 https://github.com/ezsystems/ezplatform-kernel 2 https://github.com/craftcms/cms 2 https://github.com/opencontainers/distribution-spec 2 https://github.com/microweber/microweber 2 https://github.com/zopefoundation/Zope 2 https://github.com/nextauthjs/next-auth 2 https://github.com/ntbosscher/gobase 2 https://github.com/apollographql/apollo-server 2 https://github.com/aws/s2n-quic 2 https://github.com/apache/activemq 2 https://github.com/wagtail/wagtail 2 https://github.com/aio-libs/aiohttp 2 https://github.com/quarkusio/quarkus 2 https://gitlab.com/sequoia-pgp/sequoia 2 https://github.com/opencontainers/runc 2 https://github.com/answerdev/answer 2 https://github.com/mutagen-io/mutagen 2 https://github.com/octoprint/octoprint 2 https://github.com/RIAEvangelist/node-ipc 2 https://github.com/cometbft/cometbft 2 https://github.com/theupdateframework/python-tuf 2 https://github.com/sigstore/cosign 2 https://github.com/parse-community/parse-server 2 https://github.com/firefly-iii/firefly-iii 2 https://github.com/Flask-Middleware/flask-security 2 https://github.com/openstack/keystone 2 https://github.com/Sylius/Sylius 2 https://github.com/TYPO3/TYPO3.CMS 2 https://github.com/dpgaspar/Flask-AppBuilder 2 https://github.com/micromatch/braces 2 https://github.com/pypa/pip 2 https://github.com/mattermost/mattermost-plugin-jira 2 https://github.com/hashicorp/nomad 2 https://github.com/GilaCMS/gila 2 https://github.com/authzed/spicedb 2 https://github.com/OpenZeppelin/openzeppelin-contracts 2 https://github.com/brefphp/bref 1 https://github.com/jenkinsci/backlog-plugin 1 https://github.com/fastify/fastify-http-proxy 1 https://github.com/joeferner/redis-commander 1 https://github.com/PHPMailer/PHPMailer 1 https://github.com/floriangaerber/Magnesium-PHP 1 https://github.com/personnummer/csharp 1 https://github.com/Consensys/gnark-crypto 1 https://github.com/google/zerocopy 1 https://github.com/httpie/httpie 1 https://github.com/waysact/webpack-subresource-integrity 1 https://github.com/dojo/dijit 1 https://github.com/jcubic/jquery.terminal 1 https://github.com/knative-extensions/eventing-github 1 https://github.com/ezsystems/ezpublish-kernel 1 https://github.com/canonical/lxd 1 https://github.com/swagger-api/swagger-codegen 1 https://github.com/Azure/setup-kubectl 1 https://github.com/keystonejs/keystone 1 https://github.com/jenkinsci/mercurial-plugin 1 https://github.com/plone/Products.CMFPlone 1 https://github.com/tinymce/tinymce 1 https://github.com/jquery-validation/jquery-validation 1 https://github.com/NVIDIA/NeMo 1 https://github.com/croogo/croogo 1 https://github.com/derbyjs/derby 1 https://github.com/puma/puma 1 https://github.com/endojs/endo 1 https://github.com/moq/moq 1 https://github.com/rails/globalid 1 https://github.com/medikoo/es5-ext 1 https://github.com/jenkinsci/email-ext-plugin 1 https://github.com/python-imaging/Pillow 1 https://github.com/jenkinsci/qmetry-for-jira-test-management-plugin 1 https://github.com/Cyber-Domain-Ontology/CDO-Utility-Local-UUID 1 https://github.com/simplegeo/python-oauth2 1 https://github.com/decidim/decidim 1 https://github.com/spinacms/spina 1 https://github.com/keylime/keylime 1 https://github.com/vega/vega 1 https://github.com/Masterminds/goutils 1 https://github.com/skylot/jadx 1 https://github.com/cloudfoundry/uaa 1 https://github.com/directus/directus 1 https://github.com/Twipped/ircdkit 1 https://github.com/spring-projects/spring-data-rest 1 https://github.com/vapor/postgres-nio 1 https://github.com/electron-userland/electron-packager 1 https://github.com/ktorio/ktor 1 https://github.com/PrestaShop/productcomments 1 https://github.com/mlflow/mlflow 1 https://github.com/kopia/kopia 1 https://github.com/lexik/LexikJWTAuthenticationBundle 1 https://github.com/kitabisa/teler 1 https://github.com/jeremylong/DependencyCheck 1 https://github.com/tauri-apps/tauri 1 https://github.com/node-red/node-red 1 https://github.com/ubernostrum/django-registration 1 https://github.com/personnummer/php 1 https://github.com/openjdk/jfx 1 https://github.com/livehelperchat/livehelperchat 1 https://github.com/CosmWasm/cosmwasm 1 https://github.com/cjvnjde/google-translate-api-browser 1 https://github.com/ESAPI/esapi-java-legacy 1 https://github.com/zowe/imperative 1 https://github.com/traefik/traefik 1 https://github.com/jenkinsci/digitalocean-plugin 1 https://github.com/theupdateframework/go-tuf 1 https://github.com/octokit/octokit.rb 1 https://github.com/jenkinsci/inedo-buildmaster-plugin 1 https://github.com/onionshare/onionshare 1 https://github.com/sparklemotion/sqlite3-ruby 1 https://github.com/memorysafety/sudo-rs 1 https://github.com/ericcornelissen/shescape 1 https://github.com/alphagov/tech-docs-gem 1 https://github.com/tailscale/tailscale 1 https://github.com/Nebulosus/shamir 1 https://github.com/xuxueli/xxl-job 1 https://github.com/yourls/yourls 1 https://github.com/bbatsov/rubocop 1 https://github.com/dan1hc/fgr 1 https://github.com/jenkinsci/github-plugin 1 https://github.com/kiwitcms/Kiwi 1 https://github.com/gradle/gradle 1 https://gitlab.com/edneville/please 1 https://github.com/octokit/octopoller.rb 1 https://github.com/disintegration/imaging 1 https://github.com/node-js-libs/cli 1 https://github.com/Brondahl/EnumStringValues 1 https://github.com/zopefoundation/Products.PluggableAuthService 1 https://github.com/jenkinsci/git-client-plugin 1 https://github.com/personnummer/go 1 https://github.com/amundsen-io/amundsenfrontendlibrary 1 https://github.com/elastic/apm-agent-go 1 https://github.com/jenkinsci/resource-disposer-plugin 1 https://github.com/zopefoundation/Products.GenericSetup 1 https://github.com/rust-vmm/linux-loader 1 https://github.com/npm/npm 1 https://github.com/triaxtec/openapi-python-client 1 https://github.com/arguiot/EyeJS 1 https://github.com/openstack/nova 1 https://github.com/jenkinsci/gitlab-plugin 1 https://github.com/impredicative/bitlyshortener 1 https://github.com/aedart/ion 1 https://github.com/dub-flow/vulnerability-research 1 https://github.com/jenkinsci/parameterized-remote-trigger-plugin 1 https://github.com/elastic/apm-agent-dotnet 1 https://github.com/tendermint/tendermint 1 https://github.com/go-gitea/gitea 1 https://github.com/jenkinsci/ssh-agent-plugin 1 https://github.com/MicrochipTech/cryptoauthlib 1 https://github.com/oauth2-proxy/oauth2-proxy 1 https://github.com/visionmedia/debug 1