Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Low Security Advisories

Loading...
Low
GSA_kwCzR0hTQS00MzQ4LXgyOTItaDQzN84AAwoe
GoBase Race Condition vulnerability
Ecosystems: go
Packages: github.com/ntbosscher/gobase
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Low
GSA_kwCzR0hTQS12cTIzLWh3ZzctaHhyaM4AAwfq
EnumStringValues vulnerable to Uncontrolled Resource Consumption
Ecosystems: nuget
Packages: EnumStringValues
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Low
GSA_kwCzR0hTQS1meHJjLWhnNmotNnYzeM4AAwSH
hutool-json vulnerable to memory exhaustion
Ecosystems: maven
Packages: cn.hutool:hutool-json
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Low
GSA_kwCzR0hTQS01MmgyLW0yY2YtOWpoNs4AAwRz
linux-loader reading beyond EOF could lead to infinite loop
Ecosystems: cargo
Packages: linux-loader
Source: GitHub Advisory Database
Blast Radius: 4.2
Published: over 1 year ago
Low
GSA_kwCzR0hTQS1ycHJnLTR2N3EtODd2N84AAwOX
Buildah (as part of Podman) vulnerable to Path Traversal
Ecosystems: go
Packages: github.com/containers/podman/v4
Source: GitHub Advisory Database
Blast Radius: 6.3
Published: over 1 year ago
Low
GSA_kwCzR0hTQS1oMnBoLXZobTctZzRocM4AAwNV
Traefik may display authorization header in the debug logs
Ecosystems: go
Packages: github.com/traefik/traefik/v2
Source: GitHub Advisory Database
Blast Radius: 6.0
Published: over 1 year ago
Low
GSA_kwCzR0hTQS14cjdwLThxODItODc4cc4AAwLZ
teler dashboard vulnerable to DOM-based cross-site scripting (XSS)
Ecosystems: go
Packages: teler.app
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Low
GSA_kwCzR0hTQS1nZ3JoLWdyajMtdmZ2d84AAwEF
Package discontinued because Bitly lowered the free quota
Ecosystems: pypi
Packages: bitlyshortener
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Low
GSA_kwCzR0hTQS1qZjJwLTRncWotODQ5Z84AAwED
Temporary File Information Disclosure vulnerability in MPXJ
Ecosystems: pypi, nuget, maven
Packages: mpxj, net.sf.mpxj-for-vb, net.sf.mpxj-for-csharp, net.sf.mpxj, net.sf.mpxj:mpxj
Source: GitHub Advisory Database
Blast Radius: 8.1
Published: over 1 year ago
Low
GSA_kwCzR0hTQS04amg5LXdxcGYtcTUyY84AAwBV
sweetalert2 v8.19.1 and above contains hidden functionality
Ecosystems: npm
Packages: sweetalert2
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Low
GSA_kwCzR0hTQS1wZzk4LTZ2N2YtMnhmds4AAwBU
sweetalert2 v9.17.4 and above contains hidden functionality
Ecosystems: npm
Packages: sweetalert2
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Low
GSA_kwCzR0hTQS00NTdyLWNxYzgtOXZqOc4AAwBT
sweetalert2 v10.16.10 and above contains hidden functionality
Ecosystems: npm
Packages: sweetalert2
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Low
GSA_kwCzR0hTQS1xcTZoLTVnNmotcTNjbc4AAwBN
sweetalert2 v11.4.9 and above contains hidden functionality
Ecosystems: npm
Packages: sweetalert2
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Low
GSA_kwCzR0hTQS1jcXZxLWZ2aHItdjZoY84AAv_Z
`CHECK` failure in `SobolSample` via missing validation
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Low
GSA_kwCzR0hTQS14ZjgzLXE3NjUteG02bc4AAv_Y
`CHECK` fail in `TensorListScatter` and `TensorListScatterV2` in eager mode
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Low
GSA_kwCzR0hTQS1xY2NtLXdtY3EtcHdyNs4AAv_M
Tailscale daemon is vulnerable to information disclosure via CSRF
Ecosystems: go
Packages: tailscale.com/cmd
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Low
GSA_kwCzR0hTQS0zeGc4LWNjOGYtOXd2Ms4AAv9V
Unsanitized input leading to code injection in Dalli
Ecosystems: rubygems
Packages: dalli
Source: GitHub Advisory Database
Blast Radius: 15.0
Published: over 1 year ago
Low
GSA_kwCzR0hTQS12cDM1LTg1cTUtOWYyNc4AAv0i
Container build can leak any path on the host into the container
Ecosystems: go
Packages: github.com/moby/moby
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Low
GSA_kwCzR0hTQS05Zm1jLTVmcTQtNWp3aM4AAvx0
HashiCorp Nomad vulnerable to Insufficient Session Expiration
Ecosystems: go
Packages: github.com/hashicorp/nomad
Source: GitHub Advisory Database
Blast Radius: 6.3
Published: over 1 year ago
Low
GSA_kwCzR0hTQS1xOXd2LTIybTktdmhxaM4AAvvi
Tauri Filesystem Scope can be Partially Bypassed
Ecosystems: cargo
Packages: Tauri
Source: GitHub Advisory Database
Blast Radius: 8.4
Published: over 1 year ago
Low
GSA_kwCzR0hTQS1mcHBxLW1qNzYtZnBqMs4AAvrA
fluentd vulnerable to remote code execution due to insecure deserialization (in non-default configuration)
Ecosystems: rubygems
Packages: fluentd
Source: GitHub Advisory Database
Blast Radius: 10.8
Published: over 1 year ago
Low
GSA_kwCzR0hTQS13aHB4LXEzcnEtdzhqY84AAve6
Hardening of TypedArrays with non-canonical numeric property names in SES
Ecosystems: npm
Packages: ses
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Low
GSA_kwCzR0hTQS0yanh4LTJ4OTMtMnEyZs4AAvdu
Non-constant time webhook token comparison in Jenkins Generic Webhook Trigger Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:generic-webhook-trigger
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Low
GSA_kwCzR0hTQS1mOWY5LTRyNjMtNHFjY84AAvda
Non-constant time webhook token comparison in Jenkins GitLab Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:gitlab-plugin
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Low
GSA_kwCzR0hTQS1tZjRwLXdqcm0tY21qcM4AAvdJ
AWS secrets displayed without masking by Jenkins S3 Explorer Plugin
Ecosystems: maven
Packages: io.jenkins.plugins:s3explorer
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Low
GSA_kwCzR0hTQS1qam1nLXg0NTYtdzk3Ns4AAvOC
Incorrect default cookie name and recommendation
Ecosystems: npm
Packages: csrf-csrf
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Low
GSA_kwCzR0hTQS05Z3A3LTY4MzMtd3Y4Oc4AAvLw
etcd having a negative value for cluster node size results in an index out-of-bound panic during service discovery
Ecosystems: go
Packages: go.etcd.io/etcd/client/v3
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Low
GSA_kwCzR0hTQS01MjhqLTlyNzgtd2ZmeM4AAvLv
etcd user credentials are stored in WAL logs in plaintext
Ecosystems: go
Packages: go.etcd.io/etcd/client/v3
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Low
GSA_kwCzR0hTQS1oOGc5LTZndmgtNW1yY84AAvLt
etcd vulnerable to TOCTOU of gateway endpoint authentication
Ecosystems: go
Packages: go.etcd.io/etcd/v3
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Low
GSA_kwCzR0hTQS03NDVwLXI2MzctN3Z2cM4AAvLo
Codeigniter4's Secure or HttpOnly flag set in Config\Cookie is not reflected in Cookies issued
Ecosystems: packagist
Packages: codeigniter4/framework
Source: GitHub Advisory Database
Blast Radius: 8.7
Published: over 1 year ago
Low
GSA_kwCzR0hTQS1tZ3Z2LTVteHAteHE2N84AAvJx
SQLite3 addresses vulnerability in packaged version of libsqlite
Ecosystems: rubygems
Packages: sqlite3
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Low
GSA_kwCzR0hTQS1qeDdjLTdtajUtOTQzOM4AAvGq
Apache Tomcat Race Condition vulnerability
Ecosystems: maven
Packages: org.apache.tomcat:tomcat
Source: GitHub Advisory Database
Blast Radius: 9.8
Published: over 1 year ago
Low
GSA_kwCzR0hTQS13anB2LWZyZjItM3I1OM4AAvFz
EC-CUBE Directory traversal vulnerability
Ecosystems: packagist
Packages: ec-cube/ec-cube
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Low
GSA_kwCzR0hTQS1xcTI5LTV2amgtdnh3cs4AAvFY
rdiffweb vulnerable to Improper Cleanup on Thrown Exception
Ecosystems: pypi
Packages: rdiffweb
Source: GitHub Advisory Database
Blast Radius: 1.1
Published: over 1 year ago
Low
GSA_kwCzR0hTQS00OXdtLTRmcDYtaDU5Y84AAu_E
OctoPrint vulnerable to Unrestricted Upload of File with Dangerous Type
Ecosystems: pypi
Packages: OctoPrint
Source: GitHub Advisory Database
Blast Radius: 2.9
Published: over 1 year ago
Low
GSA_kwCzR0hTQS1qN3h2LWZjNDYtaGdwZ84AAu-q
Jenkins BigPanda Notifier Plugin stores BigPanda API key unencrypted
Ecosystems: maven
Packages: org.jenkins-ci.plugins:bigpanda-jenkins
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Low
GSA_kwCzR0hTQS1mbXE5LXI0cDItODI3Ms4AAu-R
API token stored in plain text by Jenkins CONS3RT Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:cons3rt
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Low
GSA_kwCzR0hTQS1jcG01LWNxcjktN3A3Oc4AAu-U
Jenkins BigPanda Notifier Plugin Missing Password Field Masking
Ecosystems: maven
Packages: org.jenkins-ci.plugins:bigpanda-jenkins
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Low
GSA_kwCzR0hTQS1mdjd4LXY2N3ctY3Zxds4AAu-J
Spring Data REST can expose hidden entity attributes
Ecosystems: maven
Packages: org.springframework.data:spring-data-rest-core
Source: GitHub Advisory Database
Blast Radius: 12.4
Published: over 1 year ago
Low
GSA_kwCzR0hTQS1yNjU3LTMzdnAtZ3AyMs4AAu9-
parse-server auth adapter app ID validation can be circumvented
Ecosystems: npm
Packages: parse-server
Source: GitHub Advisory Database
Blast Radius: 11.4
Published: over 1 year ago
Low
GSA_kwCzR0hTQS0yOHI5LXBxNGMtd3AzY84AAu94
personnummer/rust vulnerable to Improper Input Validation
Ecosystems: cargo
Packages: personnummer
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Low
GSA_kwCzR0hTQS00eGg0LXYycHEtanZobc4AAu6V
personnummer/dart vulnerable to Improper Input Validation
Ecosystems: pub
Packages: personnummer
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Low
GSA_kwCzR0hTQS1nNDY4LXFqOGctdmNqY84AAu2P
TensorFlow vulnerable to `CHECK`-fail in `tensorflow::full_type::SubstituteFromAttrs`
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Low
GSA_kwCzR0hTQS1yaDg3LXE0dmctbTQ1as4AAu2M
TensorFlow vulnerable to integer overflow in math ops
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Low
GSA_kwCzR0hTQS0zNjMzLTVoODItMzlwcc4AAu1W
Go-tuf Improperly handles multiple key IDs for the same public keys in attacker-controlled metadata
Ecosystems: go
Packages: github.com/theupdateframework/go-tuf
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Low
GSA_kwCzR0hTQS1yZmoyLXEzaDMtaG01as4AAu1O
Cargo extracting malicious crates can corrupt arbitrary files
Ecosystems: cargo
Packages: cargo
Source: GitHub Advisory Database
Blast Radius: 9.5
Published: over 1 year ago
Low
GSA_kwCzR0hTQS1yN3ZxLTY0MjUtajk0d84AAuz1
Python-TUF vulnerable to incorrect threshold signature computation for new root metadata
Ecosystems: pypi
Packages: tuf
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Low
GSA_kwCzR0hTQS1ydmdtLTM1anctcTYyOM4AAujy
Improper Control of Generation of Code ('Code Injection') in mdx-mermaid
Ecosystems: npm
Packages: mdx-mermaid
Source: GitHub Advisory Database
Blast Radius: 9.7
Published: over 1 year ago
Low
GSA_kwCzR0hTQS01Nng0LWo3cDktZmNmOc4AAui0
Command Injection in moment-timezone
Ecosystems: npm
Packages: moment-timezone
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Low
GSA_kwCzR0hTQS13ODhtLTI5MzYtcm14cs4AAuf5
wildfly-core allows user with access to management interface to access vault expression, retrieve item from vault
Ecosystems: maven
Packages: org.wildfly.core:wildfly-server
Source: GitHub Advisory Database
Blast Radius: 7.7
Published: over 1 year ago
Low
GSA_kwCzR0hTQS1xaDg3LTJxdmgtNWpmOM4AAuZa
RabbitMQ password stored in plain text by Jenkins CollabNet Plugins Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:collabnet
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Low
GSA_kwCzR0hTQS01dzV4LXE5cDUtOXFnM84AAuBj
OctoPrint does not have rate limiting on the login page
Ecosystems: pypi
Packages: OctoPrint
Source: GitHub Advisory Database
Blast Radius: 2.9
Published: over 1 year ago
Low
GSA_kwCzR0hTQS1wNm1tLTI3Z3EtOXYzcM4AAt2a
next-auth before v4.10.2 and v3.29.9 leaks excessive information into log
Ecosystems: npm
Packages: next-auth
Source: GitHub Advisory Database
Blast Radius: 14.1
Published: over 1 year ago
Low
GSA_kwCzR0hTQS02Z2ptLTZ3ajYtNHB4Nc4AAt2Y
Byobu user preference to prevent private discussions being started are not respected
Ecosystems: packagist
Packages: fof/byobu
Source: GitHub Advisory Database
Blast Radius: 3.6
Published: over 1 year ago
Low
GSA_kwCzR0hTQS0zMmZmLTRnNzktdmdmY84AAtvO
Flask-AppBuilder before v4.1.3 allows inference of sensitive information through query strings
Ecosystems: pypi
Packages: Flask-AppBuilder
Source: GitHub Advisory Database
Blast Radius: 7.5
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS1teGNjLTdoNW0teDU3cs4AAtsO
Jenkins GitHub plugin uses weak webhook signature function
Ecosystems: maven
Packages: com.coravy.hudson.plugins.github:github
Source: GitHub Advisory Database
Blast Radius: 7.6
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS0ycWg2LWhodnYtbTJ3d84AAts9
Jenkins HTTP Request Plugin stores HTTP Request passwords unencrypted
Ecosystems: maven
Packages: org.jenkins-ci.plugins:http_request
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS1xNzY4LXg5bTYtbTlxcM4AAtkI
undici before v5.8.0 vulnerable to uncleared cookies on cross-host / cross-origin redirect
Ecosystems: npm
Packages: undici
Source: GitHub Advisory Database
Blast Radius: 18.5
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS13YzV2LXI0OHYtZzR2aM4AAtaF
Cilium host policy bypass in endpoint-routes mode with dual-stack
Ecosystems: go
Packages: github.com/cilium/cilium
Source: GitHub Advisory Database
Blast Radius: 6.6
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS1wbWpnLTUyaDktNzJxds4AAtUK
Argo CD SSO users vulnerable to Cross-site Scripting
Ecosystems: go
Packages: github.com/argoproj/argo-cd
Source: GitHub Advisory Database
Blast Radius: 3.9
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS1jajd2LTI3cGctd2Y3cc4AAtJM
Jetty invalid URI parsing may produce invalid HttpURI.authority
Ecosystems: maven
Packages: org.eclipse.jetty:jetty-http
Source: GitHub Advisory Database
Blast Radius: 10.5
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS1tNTlxLXZncTktNzVjcs4AAtD2
Password stored in plain text by Jenkins RQM Plugin
Ecosystems: maven
Packages: net.praqma:rqm-plugin
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS1ndm1yLW1wNXEtOXd2d84AAtDz
Plaintext Storage of a Password in Jenkins Skype notifier Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:skype-notifier
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS1oNWg1LW0ybWMtajJwds4AAtDK
Plaintext Storage of a Password in Jenkins Elasticsearch Query Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:elasticsearch-query
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS13cHBwLXhxZnYtNmNtN84AAtDW
Token stored in plain text by Jenkins Cisco Spark Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:cisco-spark
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS1oNWczLXY3MngtaGM2Zs4AAtEE
Plaintext Storage of a Password in Jenkins Jigomerge Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:jigomerge
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS0zNmo4LWYzM2otdmp3cc4AAtDk
Passwords stored in plain text by Jenkins hpe-network-virtualization plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:hpe-network-virtualization
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS03Mjk4LXc1NGotcTd3bc4AAtEC
Cleartext Storage of Sensitive Information in Jenkins Build Notifications Plugin
Ecosystems: maven
Packages: tools.devnull:build-notifications
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS01NmhjLXdmNDktMmg5Ns4AAtDx
Plaintext Storage of a Password in Jenkins Deployment Dashboard Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:ec2-deployment-dashboard
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS12M3I4LTZ2ZmotcHBwZs4AAtDC
Plaintext Storage of a Password in Jenkins Build Notifications Plugin
Ecosystems: maven
Packages: tools.devnull:build-notifications
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS1wZ3A5LXg4M2ctdjh4OM4AAtDV
Plaintext Storage of a Password in Jenkins RocketChat Notifier Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:rocketchatnotifier
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS02cTh2LTJodm0tZngzN84AAs_h
Apache Tika contains incomplete fix for regex DoS
Ecosystems: maven
Packages: org.apache.tika:tika
Source: GitHub Advisory Database
Blast Radius: 5.8
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS1tMnd3LTZ3djYtdnczY84AAs-f
Cross site scripting in Concrete CMS
Ecosystems: packagist
Packages: concrete5/core
Source: GitHub Advisory Database
Blast Radius: 5.4
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS05aDc5LTVtMmYtbXFqMs4AAs7y
Squash TM Publisher (Squash4Jenkins) Plugin stores passwords stored in plain text
Ecosystems: maven
Packages: org.jenkins-ci.plugins:squashtm-publisher
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS14Y3A1LWo1ZmotM3hwNs4AAs8v
User passwords stored in plain text by Jenkins EasyQA Plugin
Ecosystems: maven
Packages: com.geteasyqa:easyqa
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS05NzhqLTg4ZjMtcDVqM84AArs3
Threshold value is ignored (all shares are n=3)
Ecosystems: cargo
Packages: shamir
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS1tcThqLTNoN2gtcDhnN84AArqs
Compromised child renderer processes could obtain IPC access without nodeIntegrationInSubFrames being enabled
Ecosystems: npm
Packages: electron
Source: GitHub Advisory Database
Blast Radius: 10.9
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS1nMjh4LXBncjMtcXF4Ns4AArmr
Octokit gem published with world-writable files
Ecosystems: rubygems
Packages: octokit
Source: GitHub Advisory Database
Blast Radius: 13.9
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS0yNnFqLWNyMjctcjVjNM4AArmq
Octopoller gem published with world-writable files
Ecosystems: rubygems
Packages: octopoller
Source: GitHub Advisory Database
Blast Radius: 3.7
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS00OGYyLW03amctODY2eM4AArZd
Failed payment recorded has completed in Silverstripe Omnipay
Ecosystems: packagist
Packages: silverstripe/silverstripe-omnipay
Source: GitHub Advisory Database
Blast Radius: 5.2
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS1tbWg2LW03djktNTk1Ns4AArVk
Regular expression denial of service in markdown-link-extractor
Ecosystems: npm
Packages: markdown-link-extractor
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS00eDV2LWdtcTgtMjVjaM4AArVj
Regular expression denial of service in semver-regex
Ecosystems: npm
Packages: semver-regex
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS1qOW0yLWgycHYtd3ZwaM4AArVh
Regular expression denial of service in jquery-validation
Ecosystems: nuget, npm
Packages: jQuery.Validation, jquery-validation
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS1wajk2LTRqaHYtdjc5Ms4AArT9
Cross site scripting via cookies in gogs
Ecosystems: go
Packages: gogs.io/gogs
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS04NjM5LXF4NTYtcjQyOM4AArTb
CSRF allows attacker to finalize/unfinalize order adjustments in solidus_backend
Ecosystems: rubygems
Packages: solidus_backend
Source: GitHub Advisory Database
Blast Radius: 6.2
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS05cXJwLWg3ZnctNDJoZ84AArTY
Path Traversal in XWiki Platform
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-oldcore
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS13OTQyLWZ3OTItbXFtMs4AApza
Magento Information Disclosure vulnerability
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 4.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS05MnBnLThnNTctaHFweM4AAnqH
Support bundles can include user session IDs in Jenkins Support Core Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:support-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS0zajZtLW01djUtOTc4Nc4AAm2e
OpenCart Cross-Site Request Forgery (CSRF)
Ecosystems: packagist
Packages: opencart/opencart
Source: GitHub Advisory Database
Blast Radius: 4.1
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS1nNXEyLWN4Z3EtaDJyd84AAm1i
Information leak in Gerrit
Ecosystems: maven
Packages: com.google.gerrit:gerrit-plugin-api
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS1tbW1tLWNoamYtam12d84AAmp5
Gitaly Insufficient Session Expiration vulnerability
Ecosystems: rubygems
Packages: gitaly
Source: GitHub Advisory Database
Blast Radius: 9.2
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS1tcjhxLTdmNWotd2M3Oc4AAmnC
Magento information disclosure vulnerability
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 4.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS0zOXJ3LTRtNjYtODJnZs4AAmmH
Magento incorrect user permissions vulnerability within the Inventory component
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 2.9
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS1yd2Y3LTY1MmYtNzZtds4AAml3
Magento 2 Community Edition vulnerable to Improper Authorization
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 2.9
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS1jZzRoLWNmanAtaDN4Ms4AAmgS
Password stored in plain text by Jenkins VMware Lab Manager Slaves Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:labmanager
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS1ybTdyLXh2NTMteHdjM84AAmgP
Password stored in plain text by Jenkins AppSpider Plugin
Ecosystems: maven
Packages: com.rapid7:jenkinsci-appspider-plugin
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS12d2Z2LXFwdzgtODNjN84AAmK3
Access token stored in plain text by Jenkins SMS Notification Plugin
Ecosystems: maven
Packages: com.hoiio.jenkins:sms
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS1qcmpyLTdyZjQtM3dxaM4AAmKu
Password stored in plain text by Jenkins couchdb-statistics Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:couchdb-statistics
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS13cGhxLWo3OHAtZmhncM4AAlxz
Secret stored in plain text by Jenkins Parameterized Remote Trigger Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:Parameterized-Remote-Trigger
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS13NmMyLWpyaGgtanJ4Z84AAlx_
Credentials stored in plain text by Jenkins tfs Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:tfs
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Statistics
Advisories: 18,317
Packages: 8,278
Repositories: 435
Ecosystems: 12
Filter by Severity
Moderate 7,906 High 6,339 Critical 2,804 Low 981
Filter by Ecosystem
pypi 440 maven 277 packagist 172 npm 127 go 120 rubygems 48 cargo 39 nuget 19 hex 3 pub 1 swift 1 actions 1
Filter by Package
tensorflow 109 tensorflow-gpu 93 tensorflow-cpu 93 moodle/moodle 17 concrete5/concrete5 13 shopware/platform 12 typo3/cms 11 github.com/mattermost/mattermost/server/v8 10 phpmyadmin/phpmyadmin 10 shopware/core 10 org.apache.tomcat:tomcat 9 org.jenkins-ci.main:jenkins-core 9 vyper 7 matrix-synapse 7 puppet 6 Umbraco.CMS 6 rack 6 ansible 5 helm.sh/helm/v3 5 wasmtime 5 october/backend 5 undici 5 sweetalert2 5 baserproject/basercms 5 k8s.io/kubernetes 5 typo3/cms-core 4 electron 4 simplesamlphp/simplesamlphp 4 shopware/shopware 4 magento/community-edition 4 actionpack 4 github.com/cilium/cilium 4 org.keycloak:keycloak-services 4 com.vaadin:flow-server 4 github.com/mattermost/mattermost-server/v6 4 helm.sh/helm 4 plone 3 bin-links 3 org.apache.hive:hive-exec 3 org.graylog2:graylog2-server 3 @openzeppelin/contracts-upgradeable 3 passenger 3 org.apache.hive:hive-service 3 org.apache.hive:hive 3 go.etcd.io/etcd 3 github.com/mattermost/mattermost-server 3 node-forge 3 nautobot 3 com.vaadin:vaadin-bom 3 httplib2 3 cryptography 3 github.com/cosmos/cosmos-sdk 3 ethyca-fides 3 ckb 3 wagtail 3 symfony/symfony 3 org.jenkins-ci.plugins:ec2 2 typo3/cms-frontend 2 org.jenkins-ci.plugins:mercurial 2 gilacms/gila 2 Pillow 2 github.com/sigstore/cosign 2 org.apache.activemq:activemq-parent 2 salt 2 ceph-deploy 2 Django 2 craftcms/cms 2 @apollo/server 2 github.com/answerdev/answer 2 tools.devnull:build-notifications 2 @openzeppelin/contracts 2 github.com/opencontainers/runc 2 silverstripe/framework 2 moin 2 org.jenkins-ci.plugins:azure-ad 2 org.jenkins-ci.plugins:bigpanda-jenkins 2 winter/wn-backend-module 2 braces 2 node-ipc 2 next-auth 2 Flask-Security-Too 2 github.com/authzed/spicedb 2 tuf 2 Flask-AppBuilder 2 org.jenkins-ci.plugins:wso2id-oauth 2 grumpydictator/firefly-iii 2 org.xwiki.platform:xwiki-platform-oldcore 2 symfony/security-http 2 october/cms 2 aiohttp 2 typo3/cms-install 2 github.com/mutagen-io/mutagen 2 go.etcd.io/etcd/client/v3 2 org.jenkins-ci.plugins:repository-connector 2 s2n-quic 2 cargo 2 flarum/core 2 github.com/ntbosscher/gobase 2 langchain 2 com.ruoyi:ruoyi 2 github.com/cometbft/cometbft 2 parse-server 2 microweber/microweber 2 org.jenkins-ci.plugins:artifactory 2 django 2 activesupport 2 pip 2 com.inedo.proget:inedo-proget 2 OctoPrint 2 org.eclipse.jetty:jetty-server 2 ezsystems/ezpublish-kernel 2 ezsystems/ezplatform-kernel 2 Zope 2 vantage6 2 github.com/hashicorp/nomad 2 sylius/sylius 2 github.com/mattermost/mattermost-plugin-jira 2 github.com/oauth2-proxy/oauth2-proxy 1 org.jenkins-ci.plugins:snsnotify 1 github.com/Masterminds/goutils 1 github.com/oauth2-proxy/oauth2-proxy/v7 1 io.swagger:swagger-codegen 1 io.quarkus.resteasy.reactive:resteasy-reactive-common 1 hyper 1 io.jenkins.plugins:tuleap-oauth 1 zod 1 org.jenkins-ci.plugins:qmetry-for-jira-test-management 1 @liquity/contracts 1 org.scala-sbt:io_3 1 rabbit_common 1 horizon 1 org.scala-sbt:io_2.13 1 org.wiremock:wiremock-standalone 1 org.scala-sbt:io_2.12 1 org.wiremock:wiremock 1 github.com/nats-io/nats-server/v2 1 com.github.tomakehurst:wiremock-jre8 1 org.scala-sbt:sbt 1 @diez/generation 1 wiremock 1 com.github.tomakehurst:wiremock-jre8-standalone 1 org.jenkins-ci.plugins:openshift-deployer 1 org.keycloak:keycloak-core 1 qutebrowser 1 automad/automad 1 mindspore 1 go.elastic.co/apm 1 kafo 1 net.sf.mpxj:mpxj 1 net.sf.mpxj 1 net.sf.mpxj-for-csharp 1 net.sf.mpxj-for-vb 1 mpxj 1 keylime 1 zerocopy 1 francoisjacquet/rosariosis 1 RPLY 1 seneca 1 hooka-tools 1 github.com/canonical/lxd 1 org.jenkins-ci.plugins:synopsys-coverity 1 contao/core-bundle 1 basti-cdk 1 io.jenkins.plugins:gitlab-branch-source 1 keystone 1 org.springframework.batch:spring-batch-core 1 org.jenkins-ci.plugins:ghprb 1 com.xuxueli:xxl-job-core 1 virtualenv 1 com.typesafe.play:play 1 ember-source 1 @aedart/support 1 streamlit 1 org.jenkins-ci.plugins:reverse-proxy-auth-plugin 1 flarum/framework 1 Werkzeug 1 django-basic-auth-ip-whitelist 1 org.keycloak:keycloak-server-spi-private 1 spina 1 admidio/admidio 1 phpmyfaq/phpmyfaq 1 solidus_backend 1 debug 1 org.keycloak:keycloak-parent 1 org.xmlunit:xmlunit-core 1 github.com/consensys/gnark-crypto 1 github.com/tendermint/tendermint 1 github.com/aws/aws-sdk-go 1 github.com/goharbor/harbor 1 croogo/croogo 1 @floffah/build 1 ajenti 1 fast-xml-parser 1 es5-ext 1 njwt 1 ascii-art 1 merge-objects 1 bigint-money 1 put 1 apostrophe 1
Filter by Repository
https://github.com/tensorflow/tensorflow 109 https://github.com/moodle/moodle 17 https://github.com/concretecms/concretecms 13 https://github.com/shopware/platform 12 https://github.com/etcd-io/etcd 8 https://github.com/umbraco/Umbraco-CMS 7 https://github.com/matrix-org/synapse 7 https://github.com/phpmyadmin/phpmyadmin 7 https://github.com/eclipse/jetty.project 7 https://github.com/vyperlang/vyper 7 https://github.com/octobercms/october 7 https://github.com/rack/rack 6 https://github.com/rails/rails 6 https://github.com/helm/helm 5 https://github.com/nodejs/undici 5 https://github.com/kubernetes/kubernetes 5 https://github.com/keycloak/keycloak 5 https://github.com/bytecodealliance/wasmtime 5 https://github.com/baserproject/basercms 5 https://github.com/ansible/ansible 5 https://github.com/sweetalert2/sweetalert2 5 https://github.com/xwiki/xwiki-platform 5 https://github.com/puppetlabs/puppet 5 https://github.com/jenkinsci/jenkins 5 https://github.com/cilium/cilium 4 https://github.com/electron/electron 4 https://github.com/simplesamlphp/simplesamlphp 4 https://github.com/TYPO3/typo3 4 https://github.com/apache/tomcat 4 https://github.com/wintercms/winter 4 https://github.com/mattermost/mattermost 4 https://github.com/vaadin/platform 4 https://github.com/shopware/shopware 4 https://github.com/ethyca/fides 3 https://github.com/pyca/cryptography 3 https://github.com/nautobot/nautobot 3 https://github.com/digitalbazaar/forge 3 https://github.com/Graylog2/graylog2-server 3 https://github.com/wagtail/wagtail 3 https://github.com/httplib2/httplib2 3 https://github.com/vantage6/vantage6 3 https://github.com/cosmos/cosmos-sdk 3 https://github.com/symfony/symfony 3 https://github.com/CVEProject/cvelist 3 https://github.com/nervosnetwork/ckb 3 https://github.com/vaadin/flow 3 https://github.com/phusion/passenger 3 https://gitlab.com/sequoia-pgp/sequoia 2 https://github.com/apache/activemq 2 https://github.com/apollographql/apollo-server 2 https://github.com/GilaCMS/gila 2 https://github.com/ceph/ceph-deploy 2 https://github.com/mutagen-io/mutagen 2 https://github.com/answerdev/answer 2 https://github.com/opencontainers/runc 2 https://github.com/aio-libs/aiohttp 2 https://github.com/aws/s2n-quic 2 https://github.com/zopefoundation/Zope 2 https://github.com/ntbosscher/gobase 2 https://github.com/craftcms/cms 2 https://github.com/microweber/microweber 2 https://github.com/octoprint/octoprint 2 https://github.com/parse-community/parse-server 2 https://github.com/sigstore/cosign 2 https://github.com/dpgaspar/Flask-AppBuilder 2 https://github.com/mattermost/mattermost-plugin-jira 2 https://github.com/authzed/spicedb 2 https://github.com/django/django 2 https://github.com/quarkusio/quarkus 2 https://github.com/jenkinsci/ec2-plugin 2 https://github.com/OpenZeppelin/openzeppelin-contracts 2 https://github.com/TYPO3/TYPO3.CMS 2 https://github.com/Sylius/Sylius 2 https://github.com/hashicorp/nomad 2 https://github.com/openstack/keystone 2 https://github.com/cometbft/cometbft 2 https://github.com/RIAEvangelist/node-ipc 2 https://github.com/Flask-Middleware/flask-security 2 https://github.com/nextauthjs/next-auth 2 https://github.com/ezsystems/ezplatform-kernel 2 https://github.com/saltstack/salt 2 https://github.com/flarum/framework 2 https://github.com/rust-lang/cargo 2 https://github.com/micromatch/braces 2 https://github.com/firefly-iii/firefly-iii 2 https://github.com/opencontainers/distribution-spec 2 https://github.com/pypa/pip 2 https://github.com/theupdateframework/python-tuf 2 https://github.com/dojo/dijit 1 https://github.com/jcubic/jquery.terminal 1 https://github.com/joeferner/redis-commander 1 https://github.com/fastify/fastify-http-proxy 1 https://github.com/brefphp/bref 1 https://github.com/electron-userland/electron-packager 1 https://github.com/ktorio/ktor 1 https://github.com/PrestaShop/productcomments 1 https://github.com/mlflow/mlflow 1 https://github.com/kopia/kopia 1 https://github.com/floriangaerber/Magnesium-PHP 1 https://github.com/lexik/LexikJWTAuthenticationBundle 1 https://github.com/openstack/nova 1 https://github.com/kitabisa/teler 1 https://github.com/jeremylong/DependencyCheck 1 https://github.com/tauri-apps/tauri 1 https://github.com/node-red/node-red 1 https://github.com/tendermint/tendermint 1 https://github.com/elastic/apm-agent-dotnet 1 https://github.com/jenkinsci/parameterized-remote-trigger-plugin 1 https://github.com/dub-flow/vulnerability-research 1 https://github.com/plone/Products.CMFPlone 1 https://github.com/jenkinsci/mercurial-plugin 1 https://github.com/canonical/lxd 1 https://github.com/fluent/fluentd 1 https://github.com/aedart/ion 1 https://github.com/impredicative/bitlyshortener 1 https://github.com/google/zerocopy 1 https://github.com/ezsystems/ezpublish-kernel 1 https://github.com/tinymce/tinymce 1 https://github.com/NVIDIA/NeMo 1 https://github.com/vapor/postgres-nio 1 https://github.com/jquery-validation/jquery-validation 1 https://github.com/jenkinsci/gitlab-plugin 1 https://github.com/Azure/setup-kubectl 1 https://github.com/swagger-api/swagger-codegen 1 https://github.com/knative-extensions/eventing-github 1 https://github.com/rails/globalid 1 https://github.com/medikoo/es5-ext 1 https://github.com/jenkinsci/resource-disposer-plugin 1 https://github.com/jenkinsci/email-ext-plugin 1 https://github.com/python-imaging/Pillow 1 https://github.com/jenkinsci/qmetry-for-jira-test-management-plugin 1 https://github.com/Cyber-Domain-Ontology/CDO-Utility-Local-UUID 1 https://github.com/simplegeo/python-oauth2 1 https://github.com/decidim/decidim 1 https://github.com/elastic/apm-agent-go 1 https://github.com/spinacms/spina 1 https://github.com/amundsen-io/amundsenfrontendlibrary 1 https://github.com/personnummer/go 1 https://github.com/keylime/keylime 1 https://github.com/vega/vega 1 https://github.com/Masterminds/goutils 1 https://github.com/skylot/jadx 1 https://github.com/cloudfoundry/uaa 1 https://github.com/directus/directus 1 https://github.com/Twipped/ircdkit 1 https://github.com/ubernostrum/django-registration 1 https://github.com/personnummer/php 1 https://github.com/arguiot/EyeJS 1 https://github.com/openjdk/jfx 1 https://github.com/livehelperchat/livehelperchat 1 https://github.com/CosmWasm/cosmwasm 1 https://github.com/cjvnjde/google-translate-api-browser 1 https://github.com/triaxtec/openapi-python-client 1 https://github.com/zowe/imperative 1 https://github.com/ESAPI/esapi-java-legacy 1 https://github.com/jenkinsci/digitalocean-plugin 1 https://github.com/theupdateframework/go-tuf 1 https://github.com/croogo/croogo 1 https://github.com/npm/npm 1 https://github.com/rust-vmm/linux-loader 1 https://github.com/derbyjs/derby 1 https://github.com/puma/puma 1 https://github.com/endojs/endo 1 https://github.com/moq/moq 1 https://github.com/zopefoundation/Products.GenericSetup 1 https://github.com/jenkinsci/git-client-plugin 1 https://github.com/waycrate/swhkd 1 https://github.com/Nebulosus/shamir 1 https://github.com/ConsenSys/discovery 1 https://github.com/personnummer/dart 1 https://github.com/magento/magento2 1 https://github.com/rust-vmm/vm-memory 1 https://github.com/tailscale/tailscale 1 https://github.com/argoproj/argo-workflows 1 https://github.com/containers/podman 1 https://github.com/alphagov/tech-docs-gem 1 https://github.com/mapfish/mapfish-print 1 https://github.com/ericcornelissen/shescape 1 https://github.com/memorysafety/sudo-rs 1 https://github.com/OpenZeppelin/openzeppelin-contracts-upgradeable 1 https://github.com/jenkinsci/m2release-plugin 1 https://github.com/sparklemotion/sqlite3-ruby 1 https://github.com/tlsfuzzer/tlslite-ng 1 https://github.com/tm-kn/django-basic-auth-ip-whitelist 1 https://github.com/onionshare/onionshare 1 https://github.com/jenkinsci/inedo-buildmaster-plugin 1 https://github.com/jenkinsci/github-plugin 1 https://github.com/kiwitcms/Kiwi 1 https://github.com/gradle/gradle 1 https://github.com/dan1hc/fgr 1 https://github.com/bbatsov/rubocop 1 https://gitlab.com/edneville/please 1 https://github.com/xmlunit/xmlunit 1 https://github.com/octokit/octopoller.rb 1 https://github.com/yourls/yourls 1 https://github.com/xuxueli/xxl-job 1 https://github.com/disintegration/imaging 1 https://github.com/node-js-libs/cli 1 https://github.com/Brondahl/EnumStringValues 1