Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Low Security Advisories

Loading...
Low
GSA_kwCzR0hTQS0zZjgyLXYzcXctNTNxN84AAlOU
Passwords transmitted in plain text by Jenkins Stash Branch Parameter Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:StashBranchParameter
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS03ZmY4LXFmd3gtOGd4Nc4AAknO
Improper masking of some secrets in Jenkins Credentials Binding Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:credentials-binding
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS13Nmh3LTU3anEtaDdmNc4AAknq
CSRF vulnerability in Amazon EC2 Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:ec2
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS14cWY2LTVncmgtNjIyM84AAkDL
Passwords transmitted in plain text by Jenkins Artifactory Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:artifactory
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS00cTQ3LXBoODctZnE0Zs4AAkDS
Passwords stored in plain text by Jenkins Artifactory Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:artifactory
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS1xMnd2LW0zcHEteHB2Oc4AAjx7
Credentials transmitted in plain text by Skytap Cloud CI Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:skytap
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS1obTU3LTRxcHgtZjczNM4AAjx2
Credentials transmitted in plain text by Jenkins DeployHub Plugin
Ecosystems: maven
Packages: com.openmake:deployhub
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS0ycnJ4LXE2NWYtODk0Nc4AAjxp
Credentials transmitted in plain text by OpenShift Deployer Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:openshift-deployer
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS1wNjhjLXhnODktMmc1cs4AAjx4
Credentials transmitted in plain text by Backlog Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:backlog
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS1tMzY1LTk4ajgtdzk2d84AAjx3
Jenkins Zephyr for JIRA Test Management Plugin stores credentials in plain text
Ecosystems: maven
Packages: org.jenkins-ci.plugins:zephyr-for-jira-test-management
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS14djU4LWdwNDMtNm03Ns4AAjxo
Credentials stored in plain text by Zephyr Enterprise Test Management Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:zephyr-enterprise-test-management
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS1ndmNqLTcyaDQtOHhtOc4AAjx0
Jenkins Quality Gates Plugin transmits credentials in plain text during configuration
Ecosystems: maven
Packages: org.jenkins-ci.plugins:quality-gates
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS01cGc4LWY4OXgtd2pjeM4AAjxy
Credentials transmitted in plain text by Jenkins Logstash Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:logstash
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS00ZmpjLWZ3ajItN3hmZ84AAjxi
Credentials transmitted in plain text by Repository Connector Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:repository-connector
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS02ZmgzLXhod2ctN2hmaM4AAjx1
Jenkins Sonar Quality Gates Plugin transmits credentials in plain text during configuration
Ecosystems: maven
Packages: org.jenkins-ci.plugins:sonar-quality-gates
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS0yajNyLXg2eGMtcXFxas4AAjkO
Credential stored in plain text by BMC Release Package and Deployment Plugin
Ecosystems: maven
Packages: RPD:bmc-rpd
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS02NGpyLWdndzgtaDlqY84AAjks
Credentials stored in plain text by debian-package-builder Plugin
Ecosystems: maven
Packages: ru.yandex.jenkins.plugins.debuilder:debian-package-builder
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS04ZzZ2LWc4cWMtNXc3as4AAjkp
Token stored in plain text by DigitalOcean Plugin
Ecosystems: maven
Packages: com.dubture.jenkins:digitalocean-plugin
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS12dmcyLWhnM2MtbXFqM84AAjkh
Client secret transmitted in plain text by Azure AD Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:azure-ad
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS1mZnI2LThjdjUtajYzN84AAjkV
Jenkins S3 Publisher Plugin transmits credentials in plain text during configuration
Ecosystems: maven
Packages: org.jenkins-ci.plugins:s3
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS03eHA4LTd3cXgtNWhxeM4AAjcV
Jenkins REST APIs vulnerable to clickjacking
Ecosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS05aHZmLXBmcTMtN3BwNs4AAjR5
CSRF vulnerability in Jenkins Amazon EC2 Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:ec2
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS01Yzk3LWd4cjMtcjM2OM4AAi-l
Jenkins Weibo Plugin stores credentials unencrypted in its global configuration file
Ecosystems: maven
Packages: org.jenkins-ci.plugins:weibo
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS1tNHdoLTg0OGotOXcycs4AAixg
Katello cleartext password storage issue
Ecosystems: rubygems
Packages: katello
Source: GitHub Advisory Database
Blast Radius: 2.7
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS05cGY3LWY0N3EtbXdwcc4AAiwc
Cross-site Scripting in RabbitMQ
Ecosystems: hex
Packages: rabbit_common
Source: GitHub Advisory Database
Blast Radius: 8.6
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS03OTN3LXEyaDUtOGg1as4AAivX
Jenkins QMetry for JIRA Plugin shows plain text password in configuration form
Ecosystems: maven
Packages: org.jenkins-ci.plugins:qmetry-for-jira-test-management
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS1wd2c3LTRoeHYtdjRjd84AAivO
Plaintext Storage in Jenkins Spira Importer Plugin
Ecosystems: maven
Packages: com.inflectra.spiratest.plugins:inflectra-spira-integration
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS1yOXhjLTU0Y3EtOTlyN84AAiY4
Cleartext Storage of Sensitive Information in Jenkins ElasticBox CI Plugin
Ecosystems: maven
Packages: com.elasticbox.jenkins-ci.plugins:elasticbox
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS01M2p3LTRnd2gtbThjbc4AAiOF
Jenkins LDAP Email Plugin shows plain text password in configuration form
Ecosystems: maven
Packages: com.mtvi.plateng.hudson:ldapemail
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS14ZzhwLWNwN2YtY3BoeM4AAiOC
DingTalk Plugin stores credentials in plain text
Ecosystems: maven
Packages: io.jenkins.plugins:dingding-notifications
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS1qdjYyLTZ4dmMtY2N3aM4AAiIf
Jenkins elOyente Plugin has Insufficiently Protected Credentials
Ecosystems: maven
Packages: com.technicolor:elOyente
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS1qcDhyLWpoNWotY2d3Zs4AAiId
Jenkins CodeScan Plugin has Insufficiently Protected Credentials
Ecosystems: maven
Packages: com.villagechief.codescan.jenkins:codescan
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS1taHE2LWg5bTctd3E4Y84AAiIk
Jenkins Assembla Plugin has Insufficiently Protected Credentials
Ecosystems: maven
Packages: org.jenkins-ci.plugins:assembla
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS1oeDgyLTJnZ3YtdndtNc4AAiIY
Jenkins vFabric Application Director Plugin Insufficiently Protected Credentials
Ecosystems: maven
Packages: org.jenkins-ci.plugins:application-director-plugin
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS1mNmc4LXB4dnAtOTMyOM4AAiIK
Jenkins Inedo ProGet Plugin Plugin has Cleartext Transmission of Sensitive Information
Ecosystems: maven
Packages: com.inedo.proget:inedo-proget
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS1weHYyLW1mcTctdmhwNs4AAiIj
Jenkins Inedo BuildMaster Plugin showed plain text password in configuration form
Ecosystems: maven
Packages: com.inedo.proget:inedo-proget
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS1oaHIyLWY2NjgtZmYyd84AAiEl
Use of a weak cryptographic algorithm in Gradle
Ecosystems: maven
Packages: org.gradle:gradle-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS01NmdqLTkyN3AtbWZwaM4AAiB_
Jenkins Aqua Security Serverless Scanner Plugin showed plain text password in job configuration form fields
Ecosystems: maven
Packages: org.jenkins-ci.plugins:aqua-serverless
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS05Njc4LTVmNmYtd3AzZs4AAiCL
Jenkins Beaker Builder Plugin has Insufficiently Protected Credentials
Ecosystems: maven
Packages: org.jenkins-ci.plugins:beaker-builder
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS1xY2ZyLTY1aGYtZjk4eM4AAhn4
Jenkins TestLink Plugin stores credentials in plain text
Ecosystems: maven
Packages: org.jenkins-ci.plugins:testlink
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS12d3g4LXFwcWgtcXdtOc4AAhfm
Jenkins Maven Release Plug-in Plugin stored credentials in plain text
Ecosystems: maven
Packages: org.jenkins-ci.plugins.m2release:m2release
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS1qY3dqLWo1NzQtOGoyY84AAgmI
Jenkins Azure AD Plugin stored the client secret unencrypted
Ecosystems: maven
Packages: org.jenkins-ci.plugins:azure-ad
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS1nZzhyLTI0cW0tcWZjaM4AAgmS
Jenkins Aqua MicroScanner Plugin stored credentials in plain text
Ecosystems: maven
Packages: org.jenkins-ci.plugins:aqua-microscanner
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS14MmN4LWg3dzQtcTZ4N84AAgmC
Jenkins Twitter Plugin stores credentials in plain text
Ecosystems: maven
Packages: org.jenkins-ci.plugins:twitter
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS1yZmM4LXdycmYtd3Azd84AAgeE
Jenkins Azure PublisherSettings Credentials Plugin stored credentials in plain text
Ecosystems: maven
Packages: org.jenkins-ci.plugins:azure-publishersettings-credentials
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS04dmZjLWZjcjItNDdwas4AAgZA
Path traversal in Jenkins REPO Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:git, org.jenkins-ci.plugins:mercurial, org.jenkins-ci.plugins:repo
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS01Nzg2LTNxamctbXI4OM4AAgY-
Path traversal in Jenkins Mercurial Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:mercurial
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS1wam14LTRnYzYtaHd2OM4AAgJb
Drupal cross-site scripting vulnerability via actions feature and trigger module
Ecosystems: packagist
Packages: drupal/drupal
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS1wY205LWZwNTUtNTYzds4AAf23
OWASP HTML Sanitizer allows redirecting to an arbitrary URL when JavaScript is disabled
Ecosystems: maven
Packages: com.googlecode.owasp-java-html-sanitizer:owasp-java-html-sanitizer
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS01NmY4LWc2OHItajY5Oc4AAf1H
Cross-site Scripting in Apache Struts
Ecosystems: maven
Packages: org.apache.struts:struts2-core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS0zamhjLXdqcWYtNWYyY84AAf0J
Virtualenv Allows Symlink Attack on /tmp/
Ecosystems: pypi
Packages: virtualenv
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS1xN3YyLXczOHItcHY3ds4AAfkT
phpMyAdmin Multiple XSS Vulnerabilities
Ecosystems: packagist
Packages: phpmyadmin/phpmyadmin
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS14eGdtLXFwajUtNDg4Ns4AAfko
OpenStack Nova Scheduler denial of service through scheduler_hints
Ecosystems: pypi
Packages: Nova
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS03d3dyLXA4NHEtcXIzcc4AAfiu
Typo3 Backend XSS Vulnerabilities
Ecosystems: packagist
Packages: typo3/cms
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS1wM2g3LTNjNDUtcWo0ds4AAfZ-
Python Keyring does not securely initialize encryption cipher
Ecosystems: pypi
Packages: keyring
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS1yZnBnLTJmcDgtMmZwaM4AAfWz
phpMyAdmin multiple cross-site scripting vulnerabilities
Ecosystems: packagist
Packages: phpmyadmin/phpmyadmin
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS1yM3BxLW1wOHYtY3AzM84AAfQa
phpMyAdmin Multiple Cross-site Scripting Vulnerabilities in the Database Structure page
Ecosystems: packagist
Packages: phpmyadmin/phpmyadmin
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS1mODg5LXdmd20tNnA3bc4AAeuL
OpenStack Identity Keystone Privilege Escalation vulnerability
Ecosystems: pypi
Packages: keystone
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS14ZmpxLTlyeHEtcGg2bc4AAesN
Plone Denial of Service vulnerability via decompressing large zip archives
Ecosystems: pypi
Packages: plone
Source: GitHub Advisory Database
Blast Radius: 2.6
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS1tbTMyLWp3NzMtOTIyN84AAesM
Plone is vulnerable to File System Path Exposure
Ecosystems: pypi
Packages: plone
Source: GitHub Advisory Database
Blast Radius: 3.1
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS1oeHZwLTY1NXgteHhxds4AAekI
Kafo allows local users to obtain passwords and other sensitive information by reading default_values.yaml
Ecosystems: rubygems
Packages: kafo
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS1ocjU5LTM1Y3ItcWY0M84AAeQ8
Plone Cross-site scripting Vulnerability
Ecosystems: pypi
Packages: plone
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS0zcDg3LXczYzUtMjdnZs4AAd7r
phpMyAdmin Multiple XSS Vulnerabilities After Inline Editing and Save
Ecosystems: packagist
Packages: phpmyadmin/phpmyadmin
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS01cDY5LXJteDgtN2d3N84AAd7q
phpMyAdmin Multiple XSS Vulnerabilities
Ecosystems: packagist
Packages: phpmyadmin/phpmyadmin
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS13djhnLWZ4OWotcTJqZ84AAdaE
phpMyAdmin cross-site scripting Vulnerability via ENUM value
Ecosystems: packagist
Packages: phpmyadmin/phpmyadmin
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS1qY3A5LTc5NmctcHY5cM4AAdXJ
Missing Cryptographic Step in OWASP Enterprise Security API for Java
Ecosystems: maven
Packages: org.owasp.esapi:esapi
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS1wdjg4LWo2cmctcjU2cM4AAdTd
Jenkins allows attackers to obtain sensitive information
Ecosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS1ydjhoLXA0M3ItNHg1cs4AAdHu
SimpleGeo python-oauth2 vulnerable to the use of Insufficiently Random Values to generate nonces
Ecosystems: pypi
Packages: oauth2
Source: GitHub Advisory Database
Blast Radius: 14.2
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS1qcW1yLXdxZ3AtOG1oMs4AAcfP
phpMyAdmin cross-site scripting Vulnerability in Table or Column Names
Ecosystems: packagist
Packages: phpmyadmin/phpmyadmin
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS1wNjMyLTV3NzQteDh4eM4AAcSd
phpMyAdmin Cross-site scripting (XSS) vulnerability via pageNumber value
Ecosystems: packagist
Packages: phpmyadmin/phpmyadmin
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS12NHc1LXAyaGctOGZoNs4AAcGU
Urllib3 Incorrect Certificate Validation
Ecosystems: pypi
Packages: urllib3
Source: GitHub Advisory Database
Blast Radius: 20.8
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS1weHY1LTV2bXAtM2pqNM4AAb0u
Improper Authentication in Apache Hadoop
Ecosystems: maven
Packages: org.apache.hadoop:hadoop-common
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS0zcDVyLTdjdzMtMm02N84AAbli
Exposure of Sensitive Information to an Unauthorized Actor in Apache Tomcat
Ecosystems: maven
Packages: org.apache.tomcat:tomcat
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS14cXc5LWZmeDctZzk5OM4AAbaV
phpMyAdmin cookie-attribute injection
Ecosystems: packagist
Packages: phpmyadmin/phpmyadmin
Source: GitHub Advisory Database
Blast Radius: 4.4
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS1xam1nLTc3eGgtN21qd84AAah4
Loggerhead XSS via filename
Ecosystems: pypi
Packages: loggerhead
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS05aHczLTRndnAtOG12Nc4AAaYZ
TYPO3 Cross-site scripting (XSS) vulnerability in the click enlarge functionality
Ecosystems: packagist
Packages: typo3/cms-frontend
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS0zbXFmLWZ3YzYtdndxd84AAaYX
TYPO3 Cross-site scripting (XSS) vulnerability in the FORM content object
Ecosystems: packagist
Packages: typo3/cms-frontend
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS05aGgyLThjdzYtaGZ2N84AAaYV
TYPO3 Cross-Site Scripting vulnerability in the Install Tool
Ecosystems: packagist
Packages: typo3/cms-install
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS03dzZjLTVwcjQtN3F2cM4AAaFi
Typo3 Backend XSS Vulnerability
Ecosystems: packagist
Packages: typo3/cms
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS03Z2c4LTNyNmotNWc1Nc4AAaFh
Typo3 Backend Configuration XSS Vulnerability
Ecosystems: packagist
Packages: typo3/cms
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS1xdnByLXFtNnctNnJjY84AAZ-c
OpenStack Keystone intended authorization restrictions bypass
Ecosystems: pypi
Packages: Keystone
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS13NTYzLXJxMzctY3ZxNc4AAZ8H
Typo3 Backend History Module Vulnerable to XSS
Ecosystems: packagist
Packages: typo3/cms
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS1yZ2Y2LTlxN2ctNTVxZ84AAZ8K
Typo3 Function Menu API XSS Vulnerability
Ecosystems: packagist
Packages: typo3/cms
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS1xbW13LWNoMnEtajZ4eM4AAZ8F
Typo3 Backend API XSS Vulnerability
Ecosystems: packagist
Packages: typo3/cms
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS1xajY5LWNoanAtZzRmNc4AAZvc
TYPO3 Cross-site scripting (XSS) vulnerability in the Extbase Framework
Ecosystems: packagist
Packages: typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS1yOG03LTc5MmotNWp2cc4AAZvd
TYPO3 Cross-Site Scripting (XSS) vulnerabilities in Content Editing Wizards component
Ecosystems: packagist
Packages: typo3/cms
Source: GitHub Advisory Database
Blast Radius: 7.8
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS05Z2NmLXBxOTktcmp3M84AAZrR
RPLY Predictable Tmpfile Names Allows Cache Spoofing
Ecosystems: pypi
Packages: RPLY
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS03MzcyLXE0NTktanhocs4AAZrH
pyxdg Arbitrary File Overwrite via Race Condition
Ecosystems: pypi
Packages: pyxdg
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS1mcDZwLTV4dnctbTc0Zs4AAZQc
Django User Enumeration Vulnerability
Ecosystems: pypi
Packages: django
Source: GitHub Advisory Database
Blast Radius: 15.7
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS04cTJtLXB3eGYtamM3Z84AAY6T
python-keystoneclient unsecure user password update
Ecosystems: pypi
Packages: python-keystoneclient
Source: GitHub Advisory Database
Blast Radius: 10.1
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS1oZjd3LWY0aDQtOXhwOM4AAYZt
Exposure of Sensitive Information in Jenkins Datadog plugin
Ecosystems: maven
Packages: org.datadog.jenkins.plugins:datadog
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS1mY3h3LWhoeHEtNDh3eM4AAYKI
Insecure temporary file usage in Jenkins Git Client Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:git-client
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS04NnFqLTRoNTUtZnZwd84AAX1a
OpenStack Heat template URL information leakage
Ecosystems: pypi
Packages: openstack-heat
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS1xcWgyLWg2Z3ctNng4eM4AAX1Z
Typo3 XSS Vulnerabilities
Ecosystems: packagist
Packages: typo3/cms
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS1tOWoyLWdycWYtZmcyNs4AAW5D
Jenkins Reverse Proxy Auth Plugin allows attackers with local file system access to obtain a list of authorities for logged in users
Ecosystems: maven
Packages: org.jenkins-ci.plugins:reverse-proxy-auth-plugin
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS04NzZqLTRxNzMtN2Y1Ns4AAW5C
Jenkins GitHub Pull Request Builder Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:ghprb
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS0zaHc2LWdjOGgtOTI0M84AAWQT
Jenkins meliora-testlab Plugin allows attackers with file system access to Jenkins master to obtain API key
Ecosystems: maven
Packages: org.jenkins-ci.plugins:meliora-testlab
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS1nODkyLTloOG0tcjY5cs4AAWKU
Libcloud does not properly scrub data when destroying a DigitalOcean node
Ecosystems: pypi
Packages: apache-libcloud
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS05ODloLXd2OHgtOTMzcM4AAWA8
TYPO3 cross-site scripting (XSS)
Ecosystems: packagist
Packages: typo3/cms
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS1qNWpoLWhwcjQtaDMzMs4AAV_7
Symfony Session Fixation Vulnerability
Ecosystems: packagist
Packages: symfony/security, symfony/security-http, symfony/symfony
Source: GitHub Advisory Database
Blast Radius: 13.6
Published: almost 2 years ago
Statistics
Advisories: 18,152
Packages: 8,242
Repositories: 430
Ecosystems: 12
Filter by Severity
Moderate 7,822 High 6,289 Critical 2,788 Low 969
Filter by Ecosystem
pypi 429 maven 276 packagist 172 npm 127 go 120 rubygems 48 cargo 39 nuget 19 hex 3 pub 1 swift 1 actions 1
Filter by Package
tensorflow 109 tensorflow-gpu 93 tensorflow-cpu 93 moodle/moodle 17 concrete5/concrete5 13 shopware/platform 12 typo3/cms 11 github.com/mattermost/mattermost/server/v8 10 phpmyadmin/phpmyadmin 10 shopware/core 10 org.apache.tomcat:tomcat 9 org.jenkins-ci.main:jenkins-core 9 vyper 7 matrix-synapse 7 Umbraco.CMS 6 rack 6 puppet 6 ansible 5 helm.sh/helm/v3 5 k8s.io/kubernetes 5 wasmtime 5 baserproject/basercms 5 october/backend 5 undici 5 sweetalert2 5 simplesamlphp/simplesamlphp 4 com.vaadin:flow-server 4 org.keycloak:keycloak-services 4 actionpack 4 helm.sh/helm 4 github.com/mattermost/mattermost-server/v6 4 github.com/cilium/cilium 4 typo3/cms-core 4 magento/community-edition 4 electron 4 shopware/shopware 4 @openzeppelin/contracts-upgradeable 3 github.com/cosmos/cosmos-sdk 3 go.etcd.io/etcd 3 org.graylog2:graylog2-server 3 ethyca-fides 3 nautobot 3 passenger 3 plone 3 bin-links 3 ckb 3 com.vaadin:vaadin-bom 3 org.apache.hive:hive-service 3 node-forge 3 symfony/symfony 3 github.com/mattermost/mattermost-server 3 org.apache.hive:hive-exec 3 org.apache.hive:hive 3 cryptography 3 pip 2 typo3/cms-frontend 2 Zope 2 github.com/ntbosscher/gobase 2 github.com/answerdev/answer 2 cargo 2 gilacms/gila 2 craftcms/cms 2 Pillow 2 s2n-quic 2 github.com/opencontainers/runc 2 github.com/hashicorp/nomad 2 org.jenkins-ci.plugins:repository-connector 2 org.jenkins-ci.plugins:azure-ad 2 parse-server 2 next-auth 2 github.com/authzed/spicedb 2 silverstripe/framework 2 org.jenkins-ci.plugins:bigpanda-jenkins 2 winter/wn-backend-module 2 braces 2 microweber/microweber 2 Flask-Security-Too 2 com.ruoyi:ruoyi 2 tuf 2 node-ipc 2 tools.devnull:build-notifications 2 github.com/cometbft/cometbft 2 org.jenkins-ci.plugins:mercurial 2 org.xwiki.platform:xwiki-platform-oldcore 2 symfony/security-http 2 @apollo/server 2 OctoPrint 2 org.jenkins-ci.plugins:wso2id-oauth 2 october/cms 2 grumpydictator/firefly-iii 2 org.apache.activemq:activemq-parent 2 org.eclipse.jetty:jetty-server 2 Flask-AppBuilder 2 aiohttp 2 ezsystems/ezpublish-kernel 2 ezsystems/ezplatform-kernel 2 typo3/cms-install 2 activesupport 2 github.com/mutagen-io/mutagen 2 @openzeppelin/contracts 2 langchain 2 github.com/mattermost/mattermost-plugin-jira 2 org.jenkins-ci.plugins:artifactory 2 httplib2 2 django 2 org.jenkins-ci.plugins:ec2 2 sylius/sylius 2 wagtail 2 vantage6 2 go.etcd.io/etcd/client/v3 2 flarum/core 2 com.inedo.proget:inedo-proget 2 github.com/sigstore/cosign 2 org.xwiki.platform:xwiki-platform-security-authentication-script 1 org.wiremock:wiremock 1 org.wiremock:wiremock-standalone 1 rabbit_common 1 @liquity/contracts 1 github.com/Masterminds/goutils 1 hyper 1 org.scala-sbt:io_2.13 1 org.scala-sbt:io_2.12 1 org.scala-sbt:sbt 1 org.keycloak:keycloak-core 1 org.jenkins-ci.plugins:openshift-deployer 1 @diez/generation 1 horizon 1 org.scala-sbt:io_3 1 github.com/oauth2-proxy/oauth2-proxy 1 org.jenkins-ci.plugins:snsnotify 1 github.com/oauth2-proxy/oauth2-proxy/v7 1 io.swagger:swagger-codegen 1 io.quarkus.resteasy.reactive:resteasy-reactive-common 1 io.jenkins.plugins:tuleap-oauth 1 github.com/nats-io/nats-server/v2 1 zod 1 wiremock 1 com.github.tomakehurst:wiremock-jre8-standalone 1 org.jenkins-ci.plugins:qmetry-for-jira-test-management 1 shescape 1 com.github.tomakehurst:wiremock-jre8 1 flarum/framework 1 Werkzeug 1 django-basic-auth-ip-whitelist 1 qutebrowser 1 automad/automad 1 mindspore 1 go.elastic.co/apm 1 kafo 1 net.sf.mpxj:mpxj 1 net.sf.mpxj 1 net.sf.mpxj-for-csharp 1 net.sf.mpxj-for-vb 1 mpxj 1 keylime 1 zerocopy 1 francoisjacquet/rosariosis 1 RPLY 1 org.springframework.cloud:spring-cloud-contract-shade 1 io.jenkins.plugins:frugal-testing 1 fastify-http-proxy 1 org.jenkins-ci.plugins:synopsys-coverity 1 contao/core-bundle 1 basti-cdk 1 io.jenkins.plugins:gitlab-branch-source 1 keystone 1 org.springframework.batch:spring-batch-core 1 org.jenkins-ci.plugins:ghprb 1 com.xuxueli:xxl-job-core 1 virtualenv 1 com.typesafe.play:play 1 ember-source 1 @aedart/support 1 streamlit 1 org.jenkins-ci.plugins:reverse-proxy-auth-plugin 1 github.com/flyteorg/flyteadmin 1 plone.restapi 1 datasette-graphql 1 org.keycloak:keycloak-server-spi-private 1 spina 1 admidio/admidio 1 phpmyfaq/phpmyfaq 1 solidus_backend 1 debug 1 org.keycloak:keycloak-parent 1 github.com/consensys/gnark-crypto 1 github.com/tendermint/tendermint 1 github.com/aws/aws-sdk-go 1 github.com/goharbor/harbor 1 croogo/croogo 1 @floffah/build 1 fast-xml-parser 1 seneca 1 hooka-tools 1 github.com/canonical/lxd 1 njwt 1 ascii-art 1 merge-objects 1 bigint-money 1 put 1
Filter by Repository
https://github.com/tensorflow/tensorflow 109 https://github.com/moodle/moodle 17 https://github.com/concretecms/concretecms 13 https://github.com/shopware/platform 12 https://github.com/etcd-io/etcd 8 https://github.com/umbraco/Umbraco-CMS 7 https://github.com/matrix-org/synapse 7 https://github.com/vyperlang/vyper 7 https://github.com/phpmyadmin/phpmyadmin 7 https://github.com/eclipse/jetty.project 7 https://github.com/octobercms/october 7 https://github.com/rack/rack 6 https://github.com/rails/rails 6 https://github.com/ansible/ansible 5 https://github.com/sweetalert2/sweetalert2 5 https://github.com/helm/helm 5 https://github.com/nodejs/undici 5 https://github.com/kubernetes/kubernetes 5 https://github.com/keycloak/keycloak 5 https://github.com/bytecodealliance/wasmtime 5 https://github.com/baserproject/basercms 5 https://github.com/xwiki/xwiki-platform 5 https://github.com/puppetlabs/puppet 5 https://github.com/jenkinsci/jenkins 5 https://github.com/simplesamlphp/simplesamlphp 4 https://github.com/apache/tomcat 4 https://github.com/TYPO3/typo3 4 https://github.com/shopware/shopware 4 https://github.com/cilium/cilium 4 https://github.com/wintercms/winter 4 https://github.com/mattermost/mattermost 4 https://github.com/electron/electron 4 https://github.com/vaadin/platform 4 https://github.com/ethyca/fides 3 https://github.com/cosmos/cosmos-sdk 3 https://github.com/CVEProject/cvelist 3 https://github.com/symfony/symfony 3 https://github.com/vaadin/flow 3 https://github.com/pyca/cryptography 3 https://github.com/digitalbazaar/forge 3 https://github.com/phusion/passenger 3 https://github.com/vantage6/vantage6 3 https://github.com/nautobot/nautobot 3 https://github.com/nervosnetwork/ckb 3 https://github.com/Graylog2/graylog2-server 3 https://github.com/GilaCMS/gila 2 https://github.com/opencontainers/distribution-spec 2 https://github.com/mutagen-io/mutagen 2 https://github.com/flarum/framework 2 https://github.com/rust-lang/cargo 2 https://github.com/answerdev/answer 2 https://github.com/opencontainers/runc 2 https://github.com/jenkinsci/ec2-plugin 2 https://github.com/ezsystems/ezplatform-kernel 2 https://github.com/httplib2/httplib2 2 https://github.com/craftcms/cms 2 https://github.com/microweber/microweber 2 https://github.com/nextauthjs/next-auth 2 https://github.com/zopefoundation/Zope 2 https://github.com/quarkusio/quarkus 2 https://github.com/apollographql/apollo-server 2 https://github.com/aio-libs/aiohttp 2 https://github.com/ntbosscher/gobase 2 https://github.com/apache/activemq 2 https://github.com/aws/s2n-quic 2 https://github.com/wagtail/wagtail 2 https://gitlab.com/sequoia-pgp/sequoia 2 https://github.com/octoprint/octoprint 2 https://github.com/RIAEvangelist/node-ipc 2 https://github.com/cometbft/cometbft 2 https://github.com/theupdateframework/python-tuf 2 https://github.com/sigstore/cosign 2 https://github.com/firefly-iii/firefly-iii 2 https://github.com/parse-community/parse-server 2 https://github.com/Flask-Middleware/flask-security 2 https://github.com/openstack/keystone 2 https://github.com/Sylius/Sylius 2 https://github.com/TYPO3/TYPO3.CMS 2 https://github.com/mattermost/mattermost-plugin-jira 2 https://github.com/micromatch/braces 2 https://github.com/OpenZeppelin/openzeppelin-contracts 2 https://github.com/pypa/pip 2 https://github.com/dpgaspar/Flask-AppBuilder 2 https://github.com/hashicorp/nomad 2 https://github.com/authzed/spicedb 2 https://github.com/waysact/webpack-subresource-integrity 1 https://github.com/httpie/httpie 1 https://github.com/ezsystems/ezpublish-kernel 1 https://github.com/google/zerocopy 1 https://github.com/floriangaerber/Magnesium-PHP 1 https://github.com/Consensys/gnark-crypto 1 https://github.com/personnummer/csharp 1 https://github.com/joeferner/redis-commander 1 https://github.com/PHPMailer/PHPMailer 1 https://github.com/fastify/fastify-http-proxy 1 https://github.com/brefphp/bref 1 https://github.com/jenkinsci/backlog-plugin 1 https://github.com/jcubic/jquery.terminal 1 https://github.com/dojo/dijit 1 https://github.com/knative-extensions/eventing-github 1 https://github.com/keystonejs/keystone 1 https://github.com/canonical/lxd 1 https://github.com/swagger-api/swagger-codegen 1 https://github.com/Azure/setup-kubectl 1 https://github.com/tinymce/tinymce 1 https://github.com/jenkinsci/mercurial-plugin 1 https://github.com/NVIDIA/NeMo 1 https://github.com/plone/Products.CMFPlone 1 https://github.com/jquery-validation/jquery-validation 1 https://github.com/vapor/postgres-nio 1 https://github.com/derbyjs/derby 1 https://github.com/puma/puma 1 https://github.com/endojs/endo 1 https://github.com/moq/moq 1 https://github.com/rails/globalid 1 https://github.com/medikoo/es5-ext 1 https://github.com/jenkinsci/email-ext-plugin 1 https://github.com/python-imaging/Pillow 1 https://github.com/jenkinsci/qmetry-for-jira-test-management-plugin 1 https://github.com/Cyber-Domain-Ontology/CDO-Utility-Local-UUID 1 https://github.com/simplegeo/python-oauth2 1 https://github.com/decidim/decidim 1 https://github.com/spinacms/spina 1 https://github.com/keylime/keylime 1 https://github.com/vega/vega 1 https://github.com/Masterminds/goutils 1 https://github.com/skylot/jadx 1 https://github.com/cloudfoundry/uaa 1 https://github.com/directus/directus 1 https://github.com/Twipped/ircdkit 1 https://github.com/spring-projects/spring-data-rest 1 https://github.com/admidio/admidio 1 https://github.com/electron-userland/electron-packager 1 https://github.com/ktorio/ktor 1 https://github.com/PrestaShop/productcomments 1 https://github.com/mlflow/mlflow 1 https://github.com/kopia/kopia 1 https://github.com/lexik/LexikJWTAuthenticationBundle 1 https://github.com/kitabisa/teler 1 https://github.com/jeremylong/DependencyCheck 1 https://github.com/tauri-apps/tauri 1 https://github.com/node-red/node-red 1 https://github.com/ubernostrum/django-registration 1 https://github.com/personnummer/php 1 https://github.com/openjdk/jfx 1 https://github.com/livehelperchat/livehelperchat 1 https://github.com/CosmWasm/cosmwasm 1 https://github.com/cjvnjde/google-translate-api-browser 1 https://github.com/ESAPI/esapi-java-legacy 1 https://github.com/zowe/imperative 1 https://github.com/traefik/traefik 1 https://github.com/jenkinsci/digitalocean-plugin 1 https://github.com/theupdateframework/go-tuf 1 https://github.com/octokit/octokit.rb 1 https://github.com/jenkinsci/inedo-buildmaster-plugin 1 https://github.com/onionshare/onionshare 1 https://github.com/sparklemotion/sqlite3-ruby 1 https://github.com/memorysafety/sudo-rs 1 https://github.com/ericcornelissen/shescape 1 https://github.com/alphagov/tech-docs-gem 1 https://github.com/tailscale/tailscale 1 https://github.com/Nebulosus/shamir 1 https://github.com/xuxueli/xxl-job 1 https://github.com/yourls/yourls 1 https://github.com/bbatsov/rubocop 1 https://github.com/dan1hc/fgr 1 https://github.com/jenkinsci/github-plugin 1 https://github.com/kiwitcms/Kiwi 1 https://github.com/gradle/gradle 1 https://gitlab.com/edneville/please 1 https://github.com/octokit/octopoller.rb 1 https://github.com/disintegration/imaging 1 https://github.com/node-js-libs/cli 1 https://github.com/Brondahl/EnumStringValues 1 https://github.com/zopefoundation/Products.PluggableAuthService 1 https://github.com/jenkinsci/git-client-plugin 1 https://github.com/personnummer/go 1 https://github.com/amundsen-io/amundsenfrontendlibrary 1 https://github.com/elastic/apm-agent-go 1 https://github.com/jenkinsci/resource-disposer-plugin 1 https://github.com/zopefoundation/Products.GenericSetup 1 https://github.com/rust-vmm/linux-loader 1 https://github.com/npm/npm 1 https://github.com/triaxtec/openapi-python-client 1 https://github.com/arguiot/EyeJS 1 https://github.com/openstack/nova 1 https://github.com/jenkinsci/gitlab-plugin 1 https://github.com/impredicative/bitlyshortener 1 https://github.com/aedart/ion 1 https://github.com/dub-flow/vulnerability-research 1 https://github.com/jenkinsci/parameterized-remote-trigger-plugin 1 https://github.com/elastic/apm-agent-dotnet 1 https://github.com/tendermint/tendermint 1 https://github.com/go-gitea/gitea 1 https://github.com/jenkinsci/ssh-agent-plugin 1 https://github.com/MicrochipTech/cryptoauthlib 1 https://github.com/oauth2-proxy/oauth2-proxy 1 https://github.com/visionmedia/debug 1 https://github.com/plannigan/hyper-bump-it 1