Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Low Security Advisories

Loading...
Low
GSA_kwCzR0hTQS02M2pnLTV3djYtN2dods4AAV9P
Jenkins Resource Disposer Plugin allows attacker to stop tracking specified resource
Ecosystems: maven
Packages: org.jenkins-ci.plugins:resource-disposer
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS1oMjU5LTNyamctNXFwM84AAVUs
Exposure of Sensitive Information to an Unauthorized Actor in JBoss Fuse
Ecosystems: maven
Packages: org.jboss.fuse:jboss-fuse
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS1ydzc1LW03Z3AtOTJtM84AAVFB
Django data leakage via querystring manipulation in admin
Ecosystems: pypi
Packages: Django
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS1xNTg2LXhwd3ItamMzas4AAU_C
phpMyAdmin cross-site scripting vulnerability in crafted view name
Ecosystems: packagist
Packages: phpmyadmin/phpmyadmin
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS1wY3F2LWM0NnYtMnA0ds4AAU8C
Ansible Arbitrary File Overwrite Vulnerability
Ecosystems: pypi
Packages: ansible
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS1majI0LWdocDktMzl2M84AAU8E
Ansible uses a socket with predictable filename in /tmp
Ecosystems: pypi
Packages: Ansible
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS1xNDhxLTc3cXYtY2Y5cM4AAUp3
httplib2 incorrectly checks SSL certificate
Ecosystems: pypi
Packages: httplib2
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS1qZjJ3LW1xNnItNTZ2OM4AAUTk
Caddy allows enumeration of Certificates and Hostnames
Ecosystems: go
Packages: github.com/caddyserver/caddy
Source: GitHub Advisory Database
Blast Radius: 12.3
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS1majZjLXByZ2otZ3Izcs4AATys
Improper Limitation of a Pathname to a Restricted Directory in Apache Tomcat
Ecosystems: maven
Packages: org.apache.tomcat:tomcat
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS12cHFwLWh4NjgtcDJ3eM4AATkx
Improper Link Resolution Before File Access in Suds
Ecosystems: pypi
Packages: suds
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS1oOGM1LWM5MmctanE2eM4AATfr
Improper Input Validation in Jenkins
Ecosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS1qNDM2LWg3aG0tcng0Ns4AATVN
Puppet Labs Facter allows local users to obtain sensitive Amazon EC2 IAM instance metadata
Ecosystems: rubygems
Packages: facter
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS1oM2doLTk3OHItNzQ3d84AATUz
puppetlabs-rabbitmq allows local users to obtain sensitive information
Ecosystems: hex
Packages: puppetlabs-rabbitmq
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS12NTh3LTZ4YzItdzc5Oc4AATUx
Puppet Denial of Service and Arbitrary File Write
Ecosystems: rubygems
Packages: puppet
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS13d2d4LTk0djYtZmMycM4AASyU
Jenkins SSH Agent Plugin exposes SSH private key password to users with permission to read the build log
Ecosystems: maven
Packages: org.jenkins-ci.plugins:ssh-agent
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS01ZnE5LXg5ZjQteDJyMs4AASkM
Jenkins z/OS Connector Plugin allows local attacker to retrieve configured password
Ecosystems: maven
Packages: org.jenkins-ci.plugins:zos-connector
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS1jZ2hnLWpjdjYtNHY1bc4AASj5
Jenkins Coverity Plugin has Insufficiently Protected Credentials
Ecosystems: maven
Packages: org.jenkins-ci.plugins:coverity
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS0yY2YzLWcyNDMtaGhmeM4AASTB
MySQL Connectors Privilege Escalation
Ecosystems: pypi
Packages: mysql-connector-python
Source: GitHub Advisory Database
Blast Radius: 13.8
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS1jamNmLXdtMnAtNTloNc4AASTJ
Exposure of Sensitive Information to an Unauthorized Actor in Oracle MySQL Connectors Java
Ecosystems: maven
Packages: mysql:mysql-connector-java
Source: GitHub Advisory Database
Blast Radius: 19.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS1qZm1xLTRnNG0tOTlyaM4AASBR
Nimbus JOSE+JWT vulnerable to padding oracle attack
Ecosystems: maven
Packages: com.nimbusds:nimbus-jose-jwt
Source: GitHub Advisory Database
Blast Radius: 11.8
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS1yajRwLTdtbTYtZ205as4AARto
JBossWS vulnerable to uncontrolled recursion
Ecosystems: maven
Packages: org.jboss.ws:jbossws-common
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS14NTVwLTY1MjYteG1tcM4AARct
Exposure of Sensitive Information to an Unauthorized Actor in Jenkins
Ecosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS05djcyLXA1cDMtOXc2Nc4AARb4
Exposure of Sensitive Information to an Unauthorized Actor in Jenkins-mailer-plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:mailer
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS12anI2LWNxMjItbTRxNc37Mw
Jenkins AWS Elastic Beanstalk Publisher Plugin stores credentials in plain text
Ecosystems: maven
Packages: org.jenkins-ci.plugins:aws-beanstalk-publisher-plugin
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS12cnY5LWNjajMtZzI4NM37Ew
Jenkins IRC Plugin stores credentials in plain text
Ecosystems: maven
Packages: org.jvnet.hudson.plugins:ircbot
Source: GitHub Advisory Database
Blast Radius: 2.6
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS00Y3hyLTR2d2MtNnBnN837Cw
Jenkins Bitbucket Approve Plugin stores credentials in plain text
Ecosystems: maven
Packages: org.jenkins-ci.plugins:bitbucket-approve
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS03ang4LTI0NGctamZweM367g
Jenkins OWASP ZAP Plugin stores unencrypted credentials
Ecosystems: maven
Packages: org.jenkins-ci.plugins:zap
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS1waHdyLXBtaDMtbThnMs37Dg
Jenkins aws-device-farm Plugin stores credentials in plain text
Ecosystems: maven
Packages: org.jenkins-ci.plugins:aws-device-farm
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS1jd3F2LTRjZjItNXZmas366w
Jenkins FTP publisher Plugin stores credentials in plain text
Ecosystems: maven
Packages: org.jvnet.hudson.plugins:ftppublisher
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS04NHA0LTdteGMtN3Boas37CA
Jenkins Amazon SNS Build Notifier Plugin stores credentials in plain text
Ecosystems: maven
Packages: org.jenkins-ci.plugins:snsnotify
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS01NzIyLXY1d2MteDdoOM37DQ
Jenkins veracode-scanner Plugin stores credentials in plain text
Ecosystems: maven
Packages: org.jenkins-ci.plugins:veracode-scanner
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS0zajN2LTdmOGYtdjJ4cM36_w
Jenkins Aqua Security Scanner Plugin stores credentials in plain text
Ecosystems: maven
Packages: org.jenkins-ci.plugins:aqua-security-scanner
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS1ycHg2LWhwMmgtZ3d3NM36_A
Jenkins Bugzilla Plugin stores credentials in plain text
Ecosystems: maven
Packages: org.jvnet.hudson.plugins:bugzilla
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS1tMzRyLWY3aDYtYzNqMs37CQ
Jenkins AWS CloudWatch Logs Publisher Plugin stores credentials in plain text
Ecosystems: maven
Packages: org.jenkins-ci.plugins:aws-cloudwatch-logs-publisher
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS13cmd3LXY5ODctNXFtd837DA
Jenkins CloudShare Docker-Machine Plugin stores credentials in plain text
Ecosystems: maven
Packages: org.jenkins-ci.plugins:cloudshare-docker
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS1yNzk4LXF4N3ItdjNnd836-A
Jenkins Octopus Deploy Plugin stores credentials in plain text
Ecosystems: maven
Packages: hudson.plugins.octopusdeploy:octopusdeploy
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS12djZwLTYzZzgtbThmd837BQ
Jenkins Audit to Database Plugin stores credentials in plain text
Ecosystems: maven
Packages: org.jenkins-ci.plugins:audit2db
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS03bWZwLTkzOHItZmNmas36-Q
Jenkins hyper.sh Commons Plugin stores credentials in plain text
Ecosystems: maven
Packages: sh.hyper.plugins:hyper-commons
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS1teG13LTZxZ2otaDY3eM33gg
Jenkins PRQA Plugin stored password in plain text
Ecosystems: maven
Packages: com.programmingresearch:prqa-plugin
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS05OWpjLXY4cHEtNnFtNM33Vg
Jenkins Repository Connector Plugin has insufficiently protected credentials
Ecosystems: maven
Packages: org.jenkins-ci.plugins:repository-connector
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS1jN3A2LXgycDMtM3dwaM33UQ
Jenkins youtrack-plugin Plugin stored credentials in plain text
Ecosystems: maven
Packages: org.jenkins-ci.plugins:youtrack-plugin
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS1jYzdqLXh4N3EtZnIzNM33Tw
Jenkins Jabber Server Plugin stores credentials in plain text
Ecosystems: maven
Packages: de.e-nexus:jabber-server-plugin
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS01NWY4LW04dzUtZm1xOM33Rw
Jenkins Minio Storage Plugin stores credentials in plain text
Ecosystems: maven
Packages: org.jenkins-ci.plugins:minio-storage
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS14NDY0LXI3ZjQtZ2ozbc33Yw
Jenkins Koji Plugin stores credentials in plain text
Ecosystems: maven
Packages: org.jenkins-ci.plugins:koji
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS1tN3E4LThnNTYtbTc4d833aA
Jenkins Netsparker Enterprise Scan Plugin stored credentials in plain text
Ecosystems: maven
Packages: org.jenkins-ci.plugins:netsparker-cloud-scan
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS1qdnI1LXI2NjMtcXhnd833YQ
Jenkins Sametime Plugin stores credentials in plain text
Ecosystems: maven
Packages: org.jenkins-ci.plugins:sametime
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS03aGY2LWhnZ3AtdnZwOc33Zw
Jenkins CloudCoreo DeployTime Plugin stores credentials in plain text
Ecosystems: maven
Packages: com.cloudcoreo.plugins:cloudcoreo-deploytime
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS1yd3J4LWhyZjItdjU3N833XQ
Jenkins Serena SRA Deploy Plugin stores credentials in plain text
Ecosystems: maven
Packages: com.urbancode.ds.jenkins.plugins:sra-deploy
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS05ZnBxLXYycDMtdzYzas33Xg
Jenkins Relution Enterprise Appstore Publisher Plugin stores credentials in plain text
Ecosystems: maven
Packages: org.jenkins-ci.plugins:relution-publisher
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS04OWYzLTc0bTYtZzI3Z830lg
Moodle Multiple cross-site scripting (XSS) vulnerabilities in the File Picker module
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS1jYzk0LWh3ajMtcmY2Nc30lw
Moodle's login_as feature leaks information from external repositories
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS03NWM2LXhxd3ItdjJyOc30bQ
Moodle cross-site scripting (XSS) vulnerability
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS0yamN3LXI3OXgtNHI1ds30ZA
Moodle does not set the RISK_XSS bit for graders
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS05Zm13LW00cXgtNmNxOM30TA
Moodle cross-site scripting (XSS) vulnerability
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS13Nzd2LXhweHItYzZwds30LQ
Moodle cross-site scripting (XSS) vulnerability
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS02cjd4LTZxOTgtcWNxcM30Lg
Moodle does not set the RISK_XSS bit for graders
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS1jcDM5LTQzeHItMndycM30Lw
Moodle XSS Vulnerability
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS00cHBnLTJteDYtZnF4Oc30Sg
Moodle allows attackers to bypass intended login restrictions
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS12cmY2LXE3cWotNjl2Nc30JA
Moodle allows attackers to upload files containing JavaScript
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS1qajNqLW1oZ2MtZzRtNM30NQ
Moodle cross-site scripting (XSS) vulnerability
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS1tOGY1LTl3ZzgtMmMzaM30HA
Moodle multiple cross-site scripting (XSS) vulnerabilities
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS1qNG1yLXZjNTQtaDVwY830Gw
Moodle cross-site scripting (XSS) vulnerability
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS1jOWpwLTI0NGotdmg3OM30Cw
Moodle cross-site scripting (XSS) vulnerability
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS03cW00LXAzNzctZnIycs3ypg
ActiveMQ's OpenWire protocol exposes certain system details as plain text
Ecosystems: maven
Packages: org.apache.activemq:activemq-parent, org.apache.activemq:activemq-openwire-generator
Source: GitHub Advisory Database
Blast Radius: 11.9
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS1qNTdwLWczM3ctOTVjNc3ydg
OpenStack Horizon Cross-site scripting (XSS) vulnerability
Ecosystems: pypi
Packages: horizon
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS01M21yLTQ0cHAtY3JmNM3yaQ
pip lack of randomness in build directory
Ecosystems: pypi
Packages: pip
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS00Z3Y1LXFodnItMzZ2ds3yag
Improper Link Resolution Before File Access in pip
Ecosystems: pypi
Packages: pip
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS0yaDljLTM0djYtM3Ftcs3wvw
Kubernetes in OpenShift3 Access Control Misconfiguration
Ecosystems: go
Packages: k8s.io/kubernetes
Source: GitHub Advisory Database
Blast Radius: 13.4
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS1majY5LXA4ZjYtcTk3aM3txQ
Cloud Foundry Runtime has Weak Password Recovery Mechanism for Forgotten Password
Ecosystems: maven
Packages: org.cloudfoundry.identity:cloudfoundry-identity-server
Source: GitHub Advisory Database
Blast Radius: 4.4
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS12bTY5LTQ3NHYtN3Eyd83iMA
Incorrect Default Permissions in Apache Commons FileUpload
Ecosystems: maven
Packages: commons-fileupload:commons-fileupload
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS1qd2ZyLWg2anAtOXAyZ83iFw
Jenkins allows attackers to obtain the master cryptographic key
Ecosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS04bXZ3LTIycjctdzZmcc3iEg
ruby_parser allows local users to overwrite arbitrary files via symlink attack on temporary file with predictable name
Ecosystems: rubygems
Packages: ruby_parser
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS1mYzcyLXY1NGMteDlqZ83VLw
MoinMoin Cross-site Scripting (XSS) vulnerability
Ecosystems: pypi
Packages: moin
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS1teGY3LXB2OHEtMjk0aM3UqA
Cross-site scripting in Apache ActiveMQ
Ecosystems: maven
Packages: org.apache.activemq:activemq-parent
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS12cmg3LTk5amgtM2Ztbc3StQ
Puppet arbitrary files overwrite via a symlink attack
Ecosystems: rubygems
Packages: puppet
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS1nODU3LXA5OTctd3g3d83Mrw
TYPO3 Backend vulnerable to Cross-site Scripting
Ecosystems: packagist
Packages: typo3/cms-backend
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS03ZzU5LWhtOHYtY3dtY82-SA
Apache Tomcat information disclosure vulnerability
Ecosystems: maven
Packages: org.apache.tomcat:tomcat
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS05djhoLTU3Z3YtcWNoNs2qog
Django vulnerable to Denial of Service via i18n middleware component
Ecosystems: pypi
Packages: Django
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS12NXAyLXZnM2MtcG1ycs2psg
Apache Tomcat Path Traversal Vulnerability
Ecosystems: maven
Packages: org.apache.tomcat:tomcat
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS01YzVwLWp4dngteDdqMs2eqw
Apache Tomcat vulnerable to Cross-site Scripting
Ecosystems: maven
Packages: org.apache.tomcat:tomcat
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS14bWM5LTZwNTYtM2M0ds2ajQ
Apache Tomcat XSS In Accept-Language Headers
Ecosystems: maven
Packages: org.apache.tomcat:tomcat
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS1wM3Z3LWZ2d3gtcWN2Nc2A-g
Cross-site scripting in Apache Struts
Ecosystems: maven
Packages: struts:struts
Source: GitHub Advisory Database
Blast Radius: 10.1
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS1xaHF2LXE0eGctZjZnN811Cg
Apache Tomcat AJP Connector Information Leak
Ecosystems: maven
Packages: org.apache.tomcat:tomcat
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS04ZzRmLWZoN2YtNGZ3aM1oEQ
Apache Tomcat Default Installation Reveals Sensitive Information
Ecosystems: maven
Packages: org.apache.tomcat:tomcat
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS1td200LTVxd3ItZzlwZs1Bjw
Keycloak is vulnerable to IDN homograph attack
Ecosystems: maven
Packages: org.keycloak:keycloak-services
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Low
GSA_kwCzR0hTQS1ydmpnLWd4d3gtajVnZs1Big
OIDC Logout redirect in keycloak
Ecosystems: maven
Packages: org.keycloak:keycloak-oidc-client-adapter-pom
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Low
GSA_kwCzR0hTQS13bTJyLXJwOTgtOHBtaM1BTA
Exposure of SSH credentials in Rancher/Fleet
Ecosystems: go
Packages: github.com/rancher/rancher
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Low
GSA_kwCzR0hTQS14NDQ2LTN4aHEtNXhmcM07mA
Exposure of Resource to Wrong Sphere in Simple-Wayland-HotKey-Daemon
Ecosystems: cargo
Packages: Simple-Wayland-HotKey-Daemon
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Low
GSA_kwCzR0hTQS13Zjk4LXZ4djktanFmds04kA
XSS Injection Vulnerability
Ecosystems: packagist
Packages: craftcms/cms
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Low
GSA_kwCzR0hTQS1neDdnLXdqeGctand3as04GQ
Cross-Site Request Forgery in YOURLS
Ecosystems: packagist
Packages: yourls/yourls
Source: GitHub Advisory Database
Blast Radius: 2.4
Published: about 2 years ago
Low
GSA_kwCzR0hTQS1xY2d4LTdwNWYtaHh2cs02gQ
Discoverability of user password hash in Statamic CMS
Ecosystems: packagist
Packages: statamic/cms
Source: GitHub Advisory Database
Blast Radius: 9.6
Published: about 2 years ago
Low
GSA_kwCzR0hTQS12eHJjLTY4eHgteDQ4Z802BQ
Twig Sandbox Information Disclosure
Ecosystems: packagist
Packages: twig/twig
Source: GitHub Advisory Database
Blast Radius: 18.9
Published: about 2 years ago
Low
GSA_kwCzR0hTQS0zcDIyLWdocTgtdjc0Oc01Ew
Renderers can obtain access to random bluetooth device without permission in Electron
Ecosystems: npm
Packages: electron
Source: GitHub Advisory Database
Blast Radius: 16.9
Published: about 2 years ago
Low
GSA_kwCzR0hTQS0zbXBwLXhmdmgtcWgzN80zOQ
node-ipc behavior change
Ecosystems: npm
Packages: node-ipc
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Low
GSA_kwCzR0hTQS04Z3IzLTJnanctamo3Z80zOA
Hidden functionality in node-ipc
Ecosystems: npm
Packages: node-ipc
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Low
GSA_kwCzR0hTQS02cGM5LXhxcmctd2Zxd80zHw
Exposure of Sensitive information in httpie
Ecosystems: pypi
Packages: httpie
Source: GitHub Advisory Database
Blast Radius: 8.6
Published: about 2 years ago
Low
GSA_kwCzR0hTQS01bXBmLWh3OGYtODZ3Oc0y-g
Sensitive parameter values captured in build metadata files by Jenkins Parameterized Trigger Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:parameterized-trigger
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Low
GSA_kwCzR0hTQS1oeDNyLXF3eHYtNWp3Oc0zGw
Client Secret stored in plain text by Jenkins GitLab Authentication Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:gitlab-oauth
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Low
GSA_kwCzR0hTQS03ajUyLTZmanAtNThncs0ynA
Inconsistent storage layout for ERC2771ContextUpgradeable
Ecosystems: npm
Packages: @openzeppelin/contracts-upgradeable
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Low
GSA_kwCzR0hTQS00Zng5LXZjODgtcTJ4Y80yIw
Infinite loop in Pillow
Ecosystems: pypi
Packages: Pillow
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Statistics
Advisories: 18,210
Packages: 8,253
Repositories: 431
Ecosystems: 12
Filter by Severity
Moderate 7,851 High 6,311 Critical 2,790 Low 973
Filter by Ecosystem
pypi 433 maven 276 packagist 172 npm 127 go 120 rubygems 48 cargo 39 nuget 19 hex 3 pub 1 swift 1 actions 1
Filter by Package
tensorflow 109 tensorflow-gpu 93 tensorflow-cpu 93 moodle/moodle 17 concrete5/concrete5 13 shopware/platform 12 typo3/cms 11 github.com/mattermost/mattermost/server/v8 10 shopware/core 10 phpmyadmin/phpmyadmin 10 org.jenkins-ci.main:jenkins-core 9 org.apache.tomcat:tomcat 9 matrix-synapse 7 vyper 7 Umbraco.CMS 6 puppet 6 rack 6 sweetalert2 5 wasmtime 5 ansible 5 helm.sh/helm/v3 5 k8s.io/kubernetes 5 october/backend 5 undici 5 baserproject/basercms 5 actionpack 4 org.keycloak:keycloak-services 4 com.vaadin:flow-server 4 helm.sh/helm 4 github.com/mattermost/mattermost-server/v6 4 magento/community-edition 4 typo3/cms-core 4 electron 4 github.com/cilium/cilium 4 shopware/shopware 4 simplesamlphp/simplesamlphp 4 go.etcd.io/etcd 3 com.vaadin:vaadin-bom 3 plone 3 @openzeppelin/contracts-upgradeable 3 github.com/cosmos/cosmos-sdk 3 org.graylog2:graylog2-server 3 ethyca-fides 3 passenger 3 nautobot 3 bin-links 3 ckb 3 httplib2 3 org.apache.hive:hive-exec 3 node-forge 3 cryptography 3 symfony/symfony 3 org.apache.hive:hive-service 3 org.apache.hive:hive 3 github.com/mattermost/mattermost-server 3 Pillow 2 s2n-quic 2 Zope 2 org.jenkins-ci.plugins:artifactory 2 gilacms/gila 2 flarum/core 2 cargo 2 @openzeppelin/contracts 2 org.jenkins-ci.plugins:mercurial 2 typo3/cms-frontend 2 github.com/ntbosscher/gobase 2 pip 2 org.jenkins-ci.plugins:azure-ad 2 microweber/microweber 2 silverstripe/framework 2 parse-server 2 org.jenkins-ci.plugins:bigpanda-jenkins 2 next-auth 2 winter/wn-backend-module 2 braces 2 github.com/authzed/spicedb 2 github.com/cometbft/cometbft 2 Flask-Security-Too 2 com.ruoyi:ruoyi 2 tuf 2 node-ipc 2 tools.devnull:build-notifications 2 github.com/opencontainers/runc 2 langchain 2 org.xwiki.platform:xwiki-platform-oldcore 2 Django 2 org.jenkins-ci.plugins:wso2id-oauth 2 symfony/security-http 2 OctoPrint 2 Flask-AppBuilder 2 october/cms 2 org.eclipse.jetty:jetty-server 2 activesupport 2 grumpydictator/firefly-iii 2 ezsystems/ezpublish-kernel 2 ezsystems/ezplatform-kernel 2 aiohttp 2 org.apache.activemq:activemq-parent 2 typo3/cms-install 2 org.jenkins-ci.plugins:ec2 2 github.com/sigstore/cosign 2 github.com/hashicorp/nomad 2 com.inedo.proget:inedo-proget 2 org.jenkins-ci.plugins:repository-connector 2 go.etcd.io/etcd/client/v3 2 vantage6 2 craftcms/cms 2 sylius/sylius 2 django 2 github.com/mutagen-io/mutagen 2 wagtail 2 @apollo/server 2 github.com/mattermost/mattermost-plugin-jira 2 github.com/answerdev/answer 2 moin 1 @liquity/contracts 1 github.com/Masterminds/goutils 1 rabbit_common 1 shescape 1 org.jenkins-ci.plugins:qmetry-for-jira-test-management 1 hyper 1 org.scala-sbt:io_2.12 1 org.scala-sbt:sbt 1 org.keycloak:keycloak-core 1 org.jenkins-ci.plugins:openshift-deployer 1 @diez/generation 1 horizon 1 org.scala-sbt:io_2.13 1 github.com/oauth2-proxy/oauth2-proxy 1 org.scala-sbt:io_3 1 github.com/oauth2-proxy/oauth2-proxy/v7 1 org.jenkins-ci.plugins:snsnotify 1 github.com/nats-io/nats-server/v2 1 io.swagger:swagger-codegen 1 io.quarkus.resteasy.reactive:resteasy-reactive-common 1 wiremock 1 io.jenkins.plugins:tuleap-oauth 1 zod 1 com.github.tomakehurst:wiremock-jre8-standalone 1 com.github.tomakehurst:wiremock-jre8 1 org.wiremock:wiremock 1 Werkzeug 1 django-basic-auth-ip-whitelist 1 qutebrowser 1 automad/automad 1 mindspore 1 go.elastic.co/apm 1 kafo 1 net.sf.mpxj:mpxj 1 net.sf.mpxj 1 net.sf.mpxj-for-csharp 1 net.sf.mpxj-for-vb 1 mpxj 1 keylime 1 zerocopy 1 francoisjacquet/rosariosis 1 RPLY 1 seneca 1 io.jenkins.plugins:frugal-testing 1 fastify-http-proxy 1 org.jenkins-ci.plugins:synopsys-coverity 1 contao/core-bundle 1 basti-cdk 1 io.jenkins.plugins:gitlab-branch-source 1 keystone 1 org.springframework.batch:spring-batch-core 1 org.jenkins-ci.plugins:ghprb 1 com.xuxueli:xxl-job-core 1 virtualenv 1 com.typesafe.play:play 1 ember-source 1 @aedart/support 1 streamlit 1 org.jenkins-ci.plugins:reverse-proxy-auth-plugin 1 flarum/framework 1 hooka-tools 1 datasette-graphql 1 org.keycloak:keycloak-server-spi-private 1 spina 1 admidio/admidio 1 phpmyfaq/phpmyfaq 1 solidus_backend 1 debug 1 org.keycloak:keycloak-parent 1 github.com/consensys/gnark-crypto 1 github.com/tendermint/tendermint 1 github.com/aws/aws-sdk-go 1 github.com/goharbor/harbor 1 croogo/croogo 1 @floffah/build 1 fast-xml-parser 1 es5-ext 1 org.xwiki.platform:xwiki-platform-security-authentication-script 1 github.com/canonical/lxd 1 njwt 1 ascii-art 1 merge-objects 1 bigint-money 1 put 1 apostrophe 1
Filter by Repository
https://github.com/tensorflow/tensorflow 109 https://github.com/moodle/moodle 17 https://github.com/concretecms/concretecms 13 https://github.com/shopware/platform 12 https://github.com/etcd-io/etcd 8 https://github.com/umbraco/Umbraco-CMS 7 https://github.com/matrix-org/synapse 7 https://github.com/vyperlang/vyper 7 https://github.com/phpmyadmin/phpmyadmin 7 https://github.com/eclipse/jetty.project 7 https://github.com/octobercms/october 7 https://github.com/rack/rack 6 https://github.com/rails/rails 6 https://github.com/ansible/ansible 5 https://github.com/sweetalert2/sweetalert2 5 https://github.com/helm/helm 5 https://github.com/nodejs/undici 5 https://github.com/kubernetes/kubernetes 5 https://github.com/keycloak/keycloak 5 https://github.com/bytecodealliance/wasmtime 5 https://github.com/baserproject/basercms 5 https://github.com/xwiki/xwiki-platform 5 https://github.com/puppetlabs/puppet 5 https://github.com/jenkinsci/jenkins 5 https://github.com/simplesamlphp/simplesamlphp 4 https://github.com/apache/tomcat 4 https://github.com/TYPO3/typo3 4 https://github.com/shopware/shopware 4 https://github.com/cilium/cilium 4 https://github.com/wintercms/winter 4 https://github.com/mattermost/mattermost 4 https://github.com/vaadin/platform 4 https://github.com/electron/electron 4 https://github.com/pyca/cryptography 3 https://github.com/httplib2/httplib2 3 https://github.com/digitalbazaar/forge 3 https://github.com/vaadin/flow 3 https://github.com/symfony/symfony 3 https://github.com/phusion/passenger 3 https://github.com/vantage6/vantage6 3 https://github.com/CVEProject/cvelist 3 https://github.com/Graylog2/graylog2-server 3 https://github.com/nervosnetwork/ckb 3 https://github.com/nautobot/nautobot 3 https://github.com/cosmos/cosmos-sdk 3 https://github.com/ethyca/fides 3 https://github.com/rust-lang/cargo 2 https://github.com/flarum/framework 2 https://github.com/jenkinsci/ec2-plugin 2 https://github.com/django/django 2 https://github.com/ezsystems/ezplatform-kernel 2 https://github.com/craftcms/cms 2 https://github.com/opencontainers/distribution-spec 2 https://github.com/microweber/microweber 2 https://github.com/zopefoundation/Zope 2 https://github.com/nextauthjs/next-auth 2 https://github.com/ntbosscher/gobase 2 https://github.com/apollographql/apollo-server 2 https://github.com/aws/s2n-quic 2 https://github.com/apache/activemq 2 https://github.com/wagtail/wagtail 2 https://github.com/aio-libs/aiohttp 2 https://github.com/quarkusio/quarkus 2 https://gitlab.com/sequoia-pgp/sequoia 2 https://github.com/opencontainers/runc 2 https://github.com/answerdev/answer 2 https://github.com/mutagen-io/mutagen 2 https://github.com/octoprint/octoprint 2 https://github.com/RIAEvangelist/node-ipc 2 https://github.com/cometbft/cometbft 2 https://github.com/theupdateframework/python-tuf 2 https://github.com/sigstore/cosign 2 https://github.com/parse-community/parse-server 2 https://github.com/firefly-iii/firefly-iii 2 https://github.com/Flask-Middleware/flask-security 2 https://github.com/openstack/keystone 2 https://github.com/Sylius/Sylius 2 https://github.com/TYPO3/TYPO3.CMS 2 https://github.com/dpgaspar/Flask-AppBuilder 2 https://github.com/micromatch/braces 2 https://github.com/pypa/pip 2 https://github.com/mattermost/mattermost-plugin-jira 2 https://github.com/hashicorp/nomad 2 https://github.com/GilaCMS/gila 2 https://github.com/authzed/spicedb 2 https://github.com/OpenZeppelin/openzeppelin-contracts 2 https://github.com/brefphp/bref 1 https://github.com/jenkinsci/backlog-plugin 1 https://github.com/fastify/fastify-http-proxy 1 https://github.com/joeferner/redis-commander 1 https://github.com/PHPMailer/PHPMailer 1 https://github.com/floriangaerber/Magnesium-PHP 1 https://github.com/personnummer/csharp 1 https://github.com/Consensys/gnark-crypto 1 https://github.com/google/zerocopy 1 https://github.com/httpie/httpie 1 https://github.com/waysact/webpack-subresource-integrity 1 https://github.com/dojo/dijit 1 https://github.com/jcubic/jquery.terminal 1 https://github.com/knative-extensions/eventing-github 1 https://github.com/ezsystems/ezpublish-kernel 1 https://github.com/canonical/lxd 1 https://github.com/swagger-api/swagger-codegen 1 https://github.com/Azure/setup-kubectl 1 https://github.com/keystonejs/keystone 1 https://github.com/jenkinsci/mercurial-plugin 1 https://github.com/plone/Products.CMFPlone 1 https://github.com/tinymce/tinymce 1 https://github.com/jquery-validation/jquery-validation 1 https://github.com/NVIDIA/NeMo 1 https://github.com/croogo/croogo 1 https://github.com/derbyjs/derby 1 https://github.com/puma/puma 1 https://github.com/endojs/endo 1 https://github.com/moq/moq 1 https://github.com/rails/globalid 1 https://github.com/medikoo/es5-ext 1 https://github.com/jenkinsci/email-ext-plugin 1 https://github.com/python-imaging/Pillow 1 https://github.com/jenkinsci/qmetry-for-jira-test-management-plugin 1 https://github.com/Cyber-Domain-Ontology/CDO-Utility-Local-UUID 1 https://github.com/simplegeo/python-oauth2 1 https://github.com/decidim/decidim 1 https://github.com/spinacms/spina 1 https://github.com/keylime/keylime 1 https://github.com/vega/vega 1 https://github.com/Masterminds/goutils 1 https://github.com/skylot/jadx 1 https://github.com/cloudfoundry/uaa 1 https://github.com/directus/directus 1 https://github.com/Twipped/ircdkit 1 https://github.com/spring-projects/spring-data-rest 1 https://github.com/vapor/postgres-nio 1 https://github.com/electron-userland/electron-packager 1 https://github.com/ktorio/ktor 1 https://github.com/PrestaShop/productcomments 1 https://github.com/mlflow/mlflow 1 https://github.com/kopia/kopia 1 https://github.com/lexik/LexikJWTAuthenticationBundle 1 https://github.com/kitabisa/teler 1 https://github.com/jeremylong/DependencyCheck 1 https://github.com/tauri-apps/tauri 1 https://github.com/node-red/node-red 1 https://github.com/ubernostrum/django-registration 1 https://github.com/personnummer/php 1 https://github.com/openjdk/jfx 1 https://github.com/livehelperchat/livehelperchat 1 https://github.com/CosmWasm/cosmwasm 1 https://github.com/cjvnjde/google-translate-api-browser 1 https://github.com/ESAPI/esapi-java-legacy 1 https://github.com/zowe/imperative 1 https://github.com/traefik/traefik 1 https://github.com/jenkinsci/digitalocean-plugin 1 https://github.com/theupdateframework/go-tuf 1 https://github.com/octokit/octokit.rb 1 https://github.com/jenkinsci/inedo-buildmaster-plugin 1 https://github.com/onionshare/onionshare 1 https://github.com/sparklemotion/sqlite3-ruby 1 https://github.com/memorysafety/sudo-rs 1 https://github.com/ericcornelissen/shescape 1 https://github.com/alphagov/tech-docs-gem 1 https://github.com/tailscale/tailscale 1 https://github.com/Nebulosus/shamir 1 https://github.com/xuxueli/xxl-job 1 https://github.com/yourls/yourls 1 https://github.com/bbatsov/rubocop 1 https://github.com/dan1hc/fgr 1 https://github.com/jenkinsci/github-plugin 1 https://github.com/kiwitcms/Kiwi 1 https://github.com/gradle/gradle 1 https://gitlab.com/edneville/please 1 https://github.com/octokit/octopoller.rb 1 https://github.com/disintegration/imaging 1 https://github.com/node-js-libs/cli 1 https://github.com/Brondahl/EnumStringValues 1 https://github.com/zopefoundation/Products.PluggableAuthService 1 https://github.com/jenkinsci/git-client-plugin 1 https://github.com/personnummer/go 1 https://github.com/amundsen-io/amundsenfrontendlibrary 1 https://github.com/elastic/apm-agent-go 1 https://github.com/jenkinsci/resource-disposer-plugin 1 https://github.com/zopefoundation/Products.GenericSetup 1 https://github.com/rust-vmm/linux-loader 1 https://github.com/npm/npm 1 https://github.com/triaxtec/openapi-python-client 1 https://github.com/arguiot/EyeJS 1 https://github.com/openstack/nova 1 https://github.com/jenkinsci/gitlab-plugin 1 https://github.com/impredicative/bitlyshortener 1 https://github.com/aedart/ion 1 https://github.com/dub-flow/vulnerability-research 1 https://github.com/jenkinsci/parameterized-remote-trigger-plugin 1 https://github.com/elastic/apm-agent-dotnet 1 https://github.com/tendermint/tendermint 1 https://github.com/go-gitea/gitea 1 https://github.com/jenkinsci/ssh-agent-plugin 1 https://github.com/MicrochipTech/cryptoauthlib 1 https://github.com/oauth2-proxy/oauth2-proxy 1 https://github.com/visionmedia/debug 1