Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Low Security Advisories

Loading...
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTVtZzgtdzIzdy03NGgz
Information Disclosure in Guava
Ecosystems: maven
Packages: com.google.guava:guava
Source: GitHub Advisory Database
Blast Radius: 17.6
Published: about 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXY2NjIteHBjYy05eGY2
It's possible to execute anything with the rights of the author of a macro which uses the {{wikimacrocontent}} macro
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-rendering-wikimacro-store
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWc5ZnctOXg4Ny1ybXJq
Privilege Context Switching Error in Elasticsearch
Ecosystems: maven
Packages: org.elasticsearch:elasticsearch
Source: GitHub Advisory Database
Blast Radius: 13.2
Published: about 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWg5cTgtNWd2Mi12Nm1n
Potential Session Hijacking
Ecosystems: packagist
Packages: shopware/platform
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXBjMjItM2c3Ni1nbTZq
Generator Web Application: Local Privilege Escalation Vulnerability via System Temp Directory
Ecosystems: maven
Packages: io.swagger:swagger-codegen
Source: GitHub Advisory Database
Blast Radius: 22.0
Published: about 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXhoZngtaGdtZi12NnZw
Potential Host Header Poisoning on misconfigured servers
Ecosystems: packagist
Packages: october/backend
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWpmZjMtbXdwMy1mOGN3
Exposure of Sensitive Information to an Unauthorized Actor in Products.GenericSetup
Ecosystems: pypi
Packages: Products.GenericSetup
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXA0NGoteHJxZy00eHJy
URL Redirection to Untrusted Site ('Open Redirect') in Products.PluggableAuthService
Ecosystems: pypi
Packages: Products.PluggableAuthService
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJjeGYtNjU2Ny03cHA2
Local Information Disclosure Vulnerability
Ecosystems: maven
Packages: com.datadoghq:datadog-api-client
Source: GitHub Advisory Database
Blast Radius: 2.9
Published: about 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTUybXEtNmpjdi1qNzl4
User content sandbox can be confused into opening arbitrary documents
Ecosystems: npm
Packages: matrix-react-sdk
Source: GitHub Advisory Database
Blast Radius: 4.9
Published: about 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWM0cXItZ21yOS12MjN3
Prefix escape
Ecosystems: npm
Packages: fastify-http-proxy
Source: GitHub Advisory Database
Blast Radius: 22.9
Published: about 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXY5MzYtajhncC05cTNw
Open redirects on some federation and push requests
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 4.4
Published: about 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW0zM3YtMzM4aC00djlm
Path traversal in Node-Red
Ecosystems: npm
Packages: @node-red/runtime
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXY2d3AtNG02Zi1nY2pn
`aiohttp` Open Redirect vulnerability (`normalize_path_middleware` middleware)
Ecosystems: pypi
Packages: aiohttp
Source: GitHub Advisory Database
Blast Radius: 14.9
Published: about 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXBnNTMtNTZjZy00bThx
Token verification bug in next-auth
Ecosystems: npm
Packages: next-auth
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWp2ZzQtOXJjMi13dmNy
Generation of fake documents via public GET-call
Ecosystems: packagist
Packages: shopware/platform
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTkzeGotOG1ydi00NDRt
Regular Expression Denial of Service (REDoS) in httplib2
Ecosystems: pypi
Packages: httplib2
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTRwaDItODMzNy1obTYy
Key Caching behavior in the DynamoDB Encryption Client.
Ecosystems: pypi
Packages: dynamodb-encryption-sdk
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXc3MzYtaGY5cC1xcWgz
Key Caching behavior in the DynamoDB Encryption Client.
Ecosystems: maven
Packages: com.amazonaws:aws-dynamodb-encryption-java
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWY0ZzktaDg5aC1qZ3Y5
SAML XML Signature wrapping in PySAML2
Ecosystems: pypi
Packages: pysaml2
Source: GitHub Advisory Database
Blast Radius: 16.8
Published: over 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTV2NDQtNzY0Ny14Znc5
Blind SQL injection in PrestaShop productcomments module
Ecosystems: packagist
Packages: prestashop/productcomments
Source: GitHub Advisory Database
Blast Radius: 16.4
Published: over 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWg5NmYtZmM3Yy05cjU1
Regex denial of service vulnerability in codesample plugin
Ecosystems: npm
Packages: tinymce
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLThqOXYtaDJ2cC0yaGh2
XSS in HtmlSanitizer
Ecosystems: nuget
Packages: HtmlSanitizer
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXIycWMtdzY0eC02ajU0
XSS in Vega
Ecosystems: npm
Packages: vega
Source: GitHub Advisory Database
Blast Radius: 29.7
Published: over 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTR3NDYtdzQ0bS0zanEz
Parse Server stores password in plain text
Ecosystems: npm
Packages: parse-server
Source: GitHub Advisory Database
Blast Radius: 23.7
Published: over 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLThwZmgtbW0yZy1obWMz
Authenticated Server Side Request Forgery
Ecosystems: packagist
Packages: shopware/core, shopware/platform
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWNxNmgtdzNtYy01N2Y0
Information exposure via query strings in URL
Ecosystems: packagist
Packages: shopware/core, shopware/platform
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTVxNTgteDVoMi12NXJ4
Authenticated Privilege Escalation
Ecosystems: packagist
Packages: shopware/core, shopware/platform
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXd2Y3YtODMycS1mamc3
RSA weakness in tslite-ng
Ecosystems: pypi
Packages: tlslite-ng
Source: GitHub Advisory Database
Blast Radius: 15.5
Published: over 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXEyNjMtZnZ4bS1tNW13
Heap out of bounds access in MakeEdge in TensorFlow
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 21.4
Published: over 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW02NDgtMzNxZi12M2dw
CHECK-fail in LSTM with zero-length input in TensorFlow
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 21.4
Published: over 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWhodmMtZzVodi00OGM2
Write to immutable memory region in TensorFlow
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 21.4
Published: over 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWM5ZjMtOXdmci13Z2g3
Lack of validation in data format attributes in TensorFlow
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 21.4
Published: over 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXFoeHgtajczci1xcG0y
Uninitialized memory access in TensorFlow
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 21.4
Published: over 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLThjdjUtcDkzNC0zaHdw
Denial of service in fast-csv
Ecosystems: npm
Packages: @fast-csv/parse, fast-csv
Source: GitHub Advisory Database
Blast Radius: 23.1
Published: over 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWY1Z2MtcDVtMy12MzQ3
XXE in petl
Ecosystems: pypi
Packages: petl
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTQ3cWctcTU4di03dnJw
UNEDITABLE_SCHEMAS and UNEDITABLE_TABLE_DESCRIPTION_MATCH_RULES not respected by frontend service backend
Ecosystems: pypi
Packages: amundsen-frontend
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTc0aHYtcWpqcS1oN2c1
datasette-graphql leaks details of the schema of private database files
Ecosystems: pypi
Packages: datasette-graphql
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXE5Y3AtbWM5Ni1tNHcy
XML External Entity in Dashboard Widget
Ecosystems: packagist
Packages: typo3/cms, typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 13.3
Published: over 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXI4OXYtY2d2Ny0zamh4
Bypass of fix for CVE-2020-15247, Twig sandbox escape
Ecosystems: packagist
Packages: october/cms
Source: GitHub Advisory Database
Blast Radius: 13.0
Published: over 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWZ4M3YtNTUzeC0zYzRx
Stored XSS by authenticated backend user with access to upload files
Ecosystems: packagist
Packages: october/backend
Source: GitHub Advisory Database
Blast Radius: 7.0
Published: over 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJmamMteHJtZi01dnZ3
Privilege escalation by backend users assigned to the default "Publisher" system role
Ecosystems: packagist
Packages: october/backend
Source: GitHub Advisory Database
Blast Radius: 10.0
Published: over 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWhyZmgtZnA0eC1jcnJx
Persistent XSS in newsletter module in Shopware
Ecosystems: packagist
Packages: shopware/shopware
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTI4ZnctODhocS02am1t
Persistent XSS in shopping worlds
Ecosystems: packagist
Packages: shopware/shopware
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXh3aGYtZzZqNS1qNWdj
Float cast overflow undefined behavior
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 18.0
Published: over 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJyZnAtajJtcC1ocTlj
Segfault in `tf.quantization.quantize_and_dequantize`
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 28.7
Published: over 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZndjktN3E0Zy1wbXZt
Persistent XSS in customer module in Shopware
Ecosystems: packagist
Packages: shopware/shopware
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXdwd3ctNGpmNC00aHg4
Edit feed settings and others, Cross Site Scripting(XSS) Vulnerability in Latest Release 4.4.0
Ecosystems: packagist
Packages: baserproject/basercms
Source: GitHub Advisory Database
Blast Radius: 4.4
Published: over 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWZ3NXEtajlwNC0zdnhn
Blog comment posting, Cross Site Scripting(XSS) Vulnerability in Latest Release 4.4.0
Ecosystems: packagist
Packages: baserproject/basercms
Source: GitHub Advisory Database
Blast Radius: 4.6
Published: over 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJ4d3AtbTdtcS03cTNy
CLI does not correctly implement strict mode
Ecosystems: pypi
Packages: aws-encryption-sdk-cli
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXA2OHYtZnJneC00cmpw
Denial of Service via Cache Flooding
Ecosystems: packagist
Packages: shopware/core, shopware/platform
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTRmYzQtY2hnNy1oOGdo
Unprotected dynamically loaded chunks
Ecosystems: npm
Packages: webpack-subresource-integrity
Source: GitHub Advisory Database
Blast Radius: 21.5
Published: over 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXhnaDYtODV4aC00Nzlw
Regular Expression Denial of Service in npm-user-validate
Ecosystems: npm
Packages: npm-user-validate
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLThoeGgtcjZmNy1qZjQ1
Memory exhaustion in http4s-async-http-client with large or malicious compressed responses
Ecosystems: maven
Packages: org.http4s:http4s-async-http-client_2.12, org.http4s:http4s-async-http-client_2.13
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWc1dmYtdjZ3Zi03dzJy
Ciphertext Malleability Issue in Tink Java
Ecosystems: maven
Packages: com.google.crypto.tink:tink
Source: GitHub Advisory Database
Blast Radius: 14.3
Published: over 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWh3djUtdzhnbS1mcTlm
Directory Traversal vulnerability in GET/PUT allows attackers to Disclose Information or Write Files via a crafted GET/PUT request
Ecosystems: pypi
Packages: xmpp-http-upload
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTU2cGMtNmpxcC14cWo4
Context isolation bypass in Electron
Ecosystems: npm
Packages: electron
Source: GitHub Advisory Database
Blast Radius: 27.8
Published: over 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWYzNjYtNHJ2di05NXgy
Buffer overflow in deprecated USB HALs and stack overflow in USB enumeration
Ecosystems: pypi
Packages: cryptoauthlib
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW1md2gtNW0yMy1qNDZ3
Environment Variable Injection in GitHub Actions
Ecosystems: npm
Packages: @actions/core
Source: GitHub Advisory Database
Blast Radius: 18.1
Published: over 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXF2aHItNTVoZy0zcXd2
Non-persistent XSS in the Storefront in Shopware
Ecosystems: packagist
Packages: shopware/core, shopware/platform
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXF2YzUtY2Zyci0zODR2
RCE in Third Party Library in Shopware
Ecosystems: packagist
Packages: shopware/core, shopware/platform
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXEzdnctNGp4My1ycnIy
personnummer/java vulnerable to Improper Input Validation
Ecosystems: maven
Packages: dev.personnummer:personnummer
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZwOWMtZnB4eC03NDR2
personnummer/ruby vulnerable to Improper Input Validation
Ecosystems: rubygems
Packages: personnummer
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTlyM20tbWhmbS0zOWNt
Incorrect Calculation in bigint-money
Ecosystems: npm
Packages: bigint-money
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTdxdzUtcHFoYy14bTRn
Users with SCRIPT right can execute arbitrary code in XWiki
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-oldcore
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXc3cmMtcnd2Zi04cTVy
The `size` option isn't honored after following a redirect in node-fetch
Ecosystems: npm
Packages: node-fetch
Source: GitHub Advisory Database
Blast Radius: 16.3
Published: over 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJ4cTMtNTI0OS04aGdn
personnummer/python vulnerable to Improper Input Validation
Ecosystems: pypi
Packages: personnummer
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXF2OHEtdjk5NS03Mmdy
personnummer/csharp vulnerable to Improper Input Validation
Ecosystems: nuget
Packages: personnummer
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJwNmctZ2pwOC1nZ2c5
personnummer/php vulnerable to Improper Input Validation
Ecosystems: packagist
Packages: personnummer/personnummer
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZwZ2MtN2g3OC1neDhm
personnummer/js vulnerable to Improper Input Validation
Ecosystems: npm
Packages: personnummer
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTIyaDctN3d3Zy1xbWdn
Prototype Pollution in @hapi/hoek
Ecosystems: npm
Packages: @hapi/hoek
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXhmNjQtMmY5cC02cHFx
Information Exposure in type-graphql
Ecosystems: npm
Packages: type-graphql
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXY0NW0tMndjcC1nZzk4
Global node_modules Binary Overwrite in bin-links
Ecosystems: npm
Packages: bin-links
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJtajgtcGozai1oMzYy
Symlink reference outside of node_modules in bin-links
Ecosystems: npm
Packages: bin-links
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWdxZjYtNzV2OC12cjI2
Arbitrary File Write in bin-links
Ecosystems: npm
Packages: bin-links
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXd4NzctcnAzOS1jNnZn
Regular Expression Denial of Service in markdown
Ecosystems: npm
Packages: markdown
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWg2bXEtM2NqNi1oNzM4
Reverse Tabnabbing in showdown
Ecosystems: npm
Packages: showdown
Source: GitHub Advisory Database
Blast Radius: 13.6
Published: over 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXEzdzktZzc0cS12cDVm
Denial of Service in express-fileupload
Ecosystems: npm
Packages: express-fileupload
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXB2NnItdmNoaC1jeGc5
Denial of Service in apostrophe
Ecosystems: npm
Packages: apostrophe
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWh4NzgtMjcycC1tcXFo
Authorization Bypass in graphql-shield
Ecosystems: npm
Packages: graphql-shield
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW04Nm0tNW00NC1wYzkz
Denial of Service in grpc-ts-health-check
Ecosystems: npm
Packages: grpc-ts-health-check
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWNoNTItdmdxMi05NDNm
Regular Expression Denial of Service in marked
Ecosystems: npm
Packages: marked
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXY2Z3YtZmc0Ni1oODlq
Sensitive Data Exposure in put
Ecosystems: npm
Packages: put
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTcyNGMtNnZyZi05OXJx
Sensitive Data Exposure in loopback
Ecosystems: npm
Packages: loopback
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTlwcjMtNzQ0OS05Nzdy
Cross-Site Scripting in express-cart
Ecosystems: npm
Packages: express-cart
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTlocWotMzhqMi01amdt
Command Injection in ascii-art
Ecosystems: npm
Packages: ascii-art
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTk5MmYtd2Y0dy14MzZ2
Prototype Pollution in merge-objects
Ecosystems: npm
Packages: merge-objects
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWczcXctOXBncC14cGo0
Out-of-bounds Read in njwt
Ecosystems: npm
Packages: njwt
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLThjOGMtNHZmai1ycnBj
Reflected Cross-Site Scripting in redis-commander
Ecosystems: npm
Packages: redis-commander
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW0zNm0teDRjNS1yanhq
Silently Runs Cryptocoin Miner in hooka-tools
Ecosystems: npm
Packages: hooka-tools
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXYzanYtd3JmNC01ODQ1
Local Privilege Escalation in npm
Ecosystems: npm
Packages: npm
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWMzeDctZ2pteC1yMmZm
Open Redirect in serve-static
Ecosystems: npm
Packages: serve-static
Source: GitHub Advisory Database
Blast Radius: 20.8
Published: over 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTNmdzgtNjZ3Zi1wcjdt
methodOverride Middleware Reflected Cross-Site Scripting in connect
Ecosystems: npm
Packages: connect
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTY3M3gtZjV3eC1meHB3
Cross Site Scripting and RCE in baserCMS
Ecosystems: packagist
Packages: baserproject/basercms
Source: GitHub Advisory Database
Blast Radius: 4.6
Published: over 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTRyM20tajZ4NS00OG0z
Cross Site Scripting(XSS) Vulnerability in Latest Release 4.3.6 Site basic settings
Ecosystems: packagist
Packages: baserproject/basercms
Source: GitHub Advisory Database
Blast Radius: 4.4
Published: over 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWNweGMtNjdyYy1jNzc1
Cross Site Scripting in baserCMS
Ecosystems: packagist
Packages: baserproject/basercms
Source: GitHub Advisory Database
Blast Radius: 4.4
Published: over 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTd3Z3ItNzY2Ni03cHdq
Path Traversal in openapi-python-client
Ecosystems: pypi
Packages: openapi-python-client
Source: GitHub Advisory Database
Blast Radius: 6.9
Published: over 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZnZzMtcG1tNy05N3hj
DOM-based XSS in auth0-lock
Ecosystems: npm
Packages: auth0-lock
Source: GitHub Advisory Database
Blast Radius: 19.5
Published: over 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXc0cGotN3A2OC0zdmd2
Stored XSS in October
Ecosystems: packagist
Packages: october/backend
Source: GitHub Advisory Database
Blast Radius: 8.8
Published: over 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXc1MzQtcTR4Zi1oNXYy
XSS in Mapfish Print relating to JSONP support
Ecosystems: maven
Packages: org.mapfish.print:print-standalone, org.mapfish.print:print-servlet, org.mapfish.print:print-lib
Source: GitHub Advisory Database
Blast Radius: 17.7
Published: almost 4 years ago
Statistics
Advisories: 18,189
Packages: 8,250
Repositories: 430
Ecosystems: 12
Filter by Package
tensorflow 109 tensorflow-gpu 93 tensorflow-cpu 93 moodle/moodle 17 concrete5/concrete5 13 shopware/platform 12 typo3/cms 11 github.com/mattermost/mattermost/server/v8 10 shopware/core 10 phpmyadmin/phpmyadmin 10 org.jenkins-ci.main:jenkins-core 9 org.apache.tomcat:tomcat 9 matrix-synapse 7 vyper 7 Umbraco.CMS 6 rack 6 puppet 6 sweetalert2 5 wasmtime 5 ansible 5 helm.sh/helm/v3 5 k8s.io/kubernetes 5 october/backend 5 undici 5 baserproject/basercms 5 actionpack 4 org.keycloak:keycloak-services 4 helm.sh/helm 4 com.vaadin:flow-server 4 github.com/mattermost/mattermost-server/v6 4 simplesamlphp/simplesamlphp 4 shopware/shopware 4 github.com/cilium/cilium 4 magento/community-edition 4 typo3/cms-core 4 electron 4 httplib2 3 ckb 3 bin-links 3 passenger 3 ethyca-fides 3 github.com/cosmos/cosmos-sdk 3 org.graylog2:graylog2-server 3 @openzeppelin/contracts-upgradeable 3 plone 3 go.etcd.io/etcd 3 nautobot 3 com.vaadin:vaadin-bom 3 node-forge 3 org.apache.hive:hive-service 3 cryptography 3 org.apache.hive:hive-exec 3 symfony/symfony 3 org.apache.hive:hive 3 github.com/mattermost/mattermost-server 3 Pillow 2 @openzeppelin/contracts 2 flarum/core 2 org.jenkins-ci.plugins:repository-connector 2 Zope 2 gilacms/gila 2 s2n-quic 2 cargo 2 org.jenkins-ci.plugins:mercurial 2 typo3/cms-frontend 2 github.com/ntbosscher/gobase 2 pip 2 org.jenkins-ci.plugins:azure-ad 2 parse-server 2 silverstripe/framework 2 microweber/microweber 2 next-auth 2 org.jenkins-ci.plugins:bigpanda-jenkins 2 winter/wn-backend-module 2 braces 2 github.com/authzed/spicedb 2 com.ruoyi:ruoyi 2 Flask-Security-Too 2 tools.devnull:build-notifications 2 tuf 2 github.com/cometbft/cometbft 2 node-ipc 2 langchain 2 github.com/opencontainers/runc 2 org.xwiki.platform:xwiki-platform-oldcore 2 github.com/answerdev/answer 2 org.jenkins-ci.plugins:wso2id-oauth 2 OctoPrint 2 symfony/security-http 2 october/cms 2 Flask-AppBuilder 2 org.eclipse.jetty:jetty-server 2 activesupport 2 org.apache.activemq:activemq-parent 2 ezsystems/ezpublish-kernel 2 ezsystems/ezplatform-kernel 2 grumpydictator/firefly-iii 2 @apollo/server 2 aiohttp 2 github.com/mattermost/mattermost-plugin-jira 2 craftcms/cms 2 sylius/sylius 2 typo3/cms-install 2 org.jenkins-ci.plugins:ec2 2 django 2 wagtail 2 github.com/hashicorp/nomad 2 github.com/mutagen-io/mutagen 2 vantage6 2 org.jenkins-ci.plugins:artifactory 2 go.etcd.io/etcd/client/v3 2 github.com/sigstore/cosign 2 com.inedo.proget:inedo-proget 2 hyper 1 org.wiremock:wiremock-standalone 1 shescape 1 rabbit_common 1 moin 1 @liquity/contracts 1 github.com/Masterminds/goutils 1 org.scala-sbt:io_2.12 1 org.scala-sbt:sbt 1 org.keycloak:keycloak-core 1 org.scala-sbt:io_2.13 1 org.jenkins-ci.plugins:openshift-deployer 1 @diez/generation 1 horizon 1 github.com/oauth2-proxy/oauth2-proxy 1 org.scala-sbt:io_3 1 org.jenkins-ci.plugins:snsnotify 1 github.com/oauth2-proxy/oauth2-proxy/v7 1 io.swagger:swagger-codegen 1 io.quarkus.resteasy.reactive:resteasy-reactive-common 1 github.com/nats-io/nats-server/v2 1 wiremock 1 io.jenkins.plugins:tuleap-oauth 1 zod 1 com.github.tomakehurst:wiremock-jre8-standalone 1 org.jenkins-ci.plugins:qmetry-for-jira-test-management 1 com.github.tomakehurst:wiremock-jre8 1 Werkzeug 1 django-basic-auth-ip-whitelist 1 qutebrowser 1 automad/automad 1 mindspore 1 go.elastic.co/apm 1 kafo 1 net.sf.mpxj:mpxj 1 net.sf.mpxj 1 net.sf.mpxj-for-csharp 1 net.sf.mpxj-for-vb 1 mpxj 1 keylime 1 zerocopy 1 francoisjacquet/rosariosis 1 RPLY 1 seneca 1 io.jenkins.plugins:frugal-testing 1 fastify-http-proxy 1 org.jenkins-ci.plugins:synopsys-coverity 1 contao/core-bundle 1 basti-cdk 1 io.jenkins.plugins:gitlab-branch-source 1 keystone 1 org.springframework.batch:spring-batch-core 1 org.jenkins-ci.plugins:ghprb 1 com.xuxueli:xxl-job-core 1 virtualenv 1 com.typesafe.play:play 1 ember-source 1 @aedart/support 1 streamlit 1 org.jenkins-ci.plugins:reverse-proxy-auth-plugin 1 flarum/framework 1 hooka-tools 1 datasette-graphql 1 org.keycloak:keycloak-server-spi-private 1 spina 1 admidio/admidio 1 phpmyfaq/phpmyfaq 1 solidus_backend 1 debug 1 org.keycloak:keycloak-parent 1 github.com/consensys/gnark-crypto 1 github.com/tendermint/tendermint 1 github.com/aws/aws-sdk-go 1 github.com/goharbor/harbor 1 croogo/croogo 1 @floffah/build 1 fast-xml-parser 1 es5-ext 1 org.xwiki.platform:xwiki-platform-security-authentication-script 1 github.com/canonical/lxd 1 njwt 1 ascii-art 1 merge-objects 1 bigint-money 1 put 1 apostrophe 1 org.eclipse.jetty:jetty-openid 1
Filter by Repository
https://github.com/tensorflow/tensorflow 109 https://github.com/moodle/moodle 17 https://github.com/concretecms/concretecms 13 https://github.com/shopware/platform 12 https://github.com/etcd-io/etcd 8 https://github.com/umbraco/Umbraco-CMS 7 https://github.com/matrix-org/synapse 7 https://github.com/vyperlang/vyper 7 https://github.com/phpmyadmin/phpmyadmin 7 https://github.com/eclipse/jetty.project 7 https://github.com/octobercms/october 7 https://github.com/rack/rack 6 https://github.com/rails/rails 6 https://github.com/ansible/ansible 5 https://github.com/sweetalert2/sweetalert2 5 https://github.com/helm/helm 5 https://github.com/nodejs/undici 5 https://github.com/kubernetes/kubernetes 5 https://github.com/keycloak/keycloak 5 https://github.com/bytecodealliance/wasmtime 5 https://github.com/baserproject/basercms 5 https://github.com/xwiki/xwiki-platform 5 https://github.com/puppetlabs/puppet 5 https://github.com/jenkinsci/jenkins 5 https://github.com/simplesamlphp/simplesamlphp 4 https://github.com/apache/tomcat 4 https://github.com/TYPO3/typo3 4 https://github.com/shopware/shopware 4 https://github.com/cilium/cilium 4 https://github.com/wintercms/winter 4 https://github.com/mattermost/mattermost 4 https://github.com/electron/electron 4 https://github.com/vaadin/platform 4 https://github.com/ethyca/fides 3 https://github.com/cosmos/cosmos-sdk 3 https://github.com/CVEProject/cvelist 3 https://github.com/symfony/symfony 3 https://github.com/vaadin/flow 3 https://github.com/pyca/cryptography 3 https://github.com/httplib2/httplib2 3 https://github.com/digitalbazaar/forge 3 https://github.com/phusion/passenger 3 https://github.com/vantage6/vantage6 3 https://github.com/nautobot/nautobot 3 https://github.com/nervosnetwork/ckb 3 https://github.com/Graylog2/graylog2-server 3 https://github.com/GilaCMS/gila 2 https://github.com/opencontainers/distribution-spec 2 https://github.com/mutagen-io/mutagen 2 https://github.com/flarum/framework 2 https://github.com/rust-lang/cargo 2 https://github.com/answerdev/answer 2 https://github.com/opencontainers/runc 2 https://github.com/jenkinsci/ec2-plugin 2 https://github.com/ezsystems/ezplatform-kernel 2 https://github.com/quarkusio/quarkus 2 https://github.com/craftcms/cms 2 https://github.com/microweber/microweber 2 https://github.com/nextauthjs/next-auth 2 https://github.com/zopefoundation/Zope 2 https://github.com/aio-libs/aiohttp 2 https://github.com/apollographql/apollo-server 2 https://github.com/ntbosscher/gobase 2 https://github.com/apache/activemq 2 https://gitlab.com/sequoia-pgp/sequoia 2 https://github.com/aws/s2n-quic 2 https://github.com/wagtail/wagtail 2 https://github.com/octoprint/octoprint 2 https://github.com/RIAEvangelist/node-ipc 2 https://github.com/cometbft/cometbft 2 https://github.com/theupdateframework/python-tuf 2 https://github.com/sigstore/cosign 2 https://github.com/firefly-iii/firefly-iii 2 https://github.com/parse-community/parse-server 2 https://github.com/Flask-Middleware/flask-security 2 https://github.com/openstack/keystone 2 https://github.com/Sylius/Sylius 2 https://github.com/TYPO3/TYPO3.CMS 2 https://github.com/mattermost/mattermost-plugin-jira 2 https://github.com/micromatch/braces 2 https://github.com/OpenZeppelin/openzeppelin-contracts 2 https://github.com/pypa/pip 2 https://github.com/dpgaspar/Flask-AppBuilder 2 https://github.com/hashicorp/nomad 2 https://github.com/authzed/spicedb 2 https://github.com/waysact/webpack-subresource-integrity 1 https://github.com/httpie/httpie 1 https://github.com/ezsystems/ezpublish-kernel 1 https://github.com/google/zerocopy 1 https://github.com/floriangaerber/Magnesium-PHP 1 https://github.com/Consensys/gnark-crypto 1 https://github.com/personnummer/csharp 1 https://github.com/joeferner/redis-commander 1 https://github.com/PHPMailer/PHPMailer 1 https://github.com/fastify/fastify-http-proxy 1 https://github.com/brefphp/bref 1 https://github.com/jenkinsci/backlog-plugin 1 https://github.com/jcubic/jquery.terminal 1 https://github.com/dojo/dijit 1 https://github.com/knative-extensions/eventing-github 1 https://github.com/keystonejs/keystone 1 https://github.com/canonical/lxd 1 https://github.com/swagger-api/swagger-codegen 1 https://github.com/Azure/setup-kubectl 1 https://github.com/tinymce/tinymce 1 https://github.com/jenkinsci/mercurial-plugin 1 https://github.com/NVIDIA/NeMo 1 https://github.com/plone/Products.CMFPlone 1 https://github.com/jquery-validation/jquery-validation 1 https://github.com/vapor/postgres-nio 1 https://github.com/derbyjs/derby 1 https://github.com/puma/puma 1 https://github.com/endojs/endo 1 https://github.com/moq/moq 1 https://github.com/rails/globalid 1 https://github.com/medikoo/es5-ext 1 https://github.com/jenkinsci/email-ext-plugin 1 https://github.com/python-imaging/Pillow 1 https://github.com/jenkinsci/qmetry-for-jira-test-management-plugin 1 https://github.com/Cyber-Domain-Ontology/CDO-Utility-Local-UUID 1 https://github.com/simplegeo/python-oauth2 1 https://github.com/decidim/decidim 1 https://github.com/spinacms/spina 1 https://github.com/keylime/keylime 1 https://github.com/vega/vega 1 https://github.com/Masterminds/goutils 1 https://github.com/skylot/jadx 1 https://github.com/cloudfoundry/uaa 1 https://github.com/directus/directus 1 https://github.com/Twipped/ircdkit 1 https://github.com/spring-projects/spring-data-rest 1 https://github.com/admidio/admidio 1 https://github.com/electron-userland/electron-packager 1 https://github.com/ktorio/ktor 1 https://github.com/PrestaShop/productcomments 1 https://github.com/mlflow/mlflow 1 https://github.com/kopia/kopia 1 https://github.com/lexik/LexikJWTAuthenticationBundle 1 https://github.com/kitabisa/teler 1 https://github.com/jeremylong/DependencyCheck 1 https://github.com/tauri-apps/tauri 1 https://github.com/node-red/node-red 1 https://github.com/ubernostrum/django-registration 1 https://github.com/personnummer/php 1 https://github.com/openjdk/jfx 1 https://github.com/livehelperchat/livehelperchat 1 https://github.com/CosmWasm/cosmwasm 1 https://github.com/cjvnjde/google-translate-api-browser 1 https://github.com/ESAPI/esapi-java-legacy 1 https://github.com/zowe/imperative 1 https://github.com/traefik/traefik 1 https://github.com/jenkinsci/digitalocean-plugin 1 https://github.com/theupdateframework/go-tuf 1 https://github.com/octokit/octokit.rb 1 https://github.com/jenkinsci/inedo-buildmaster-plugin 1 https://github.com/onionshare/onionshare 1 https://github.com/sparklemotion/sqlite3-ruby 1 https://github.com/memorysafety/sudo-rs 1 https://github.com/ericcornelissen/shescape 1 https://github.com/alphagov/tech-docs-gem 1 https://github.com/tailscale/tailscale 1 https://github.com/Nebulosus/shamir 1 https://github.com/xuxueli/xxl-job 1 https://github.com/yourls/yourls 1 https://github.com/bbatsov/rubocop 1 https://github.com/dan1hc/fgr 1 https://github.com/jenkinsci/github-plugin 1 https://github.com/kiwitcms/Kiwi 1 https://github.com/gradle/gradle 1 https://gitlab.com/edneville/please 1 https://github.com/octokit/octopoller.rb 1 https://github.com/disintegration/imaging 1 https://github.com/node-js-libs/cli 1 https://github.com/Brondahl/EnumStringValues 1 https://github.com/zopefoundation/Products.PluggableAuthService 1 https://github.com/jenkinsci/git-client-plugin 1 https://github.com/personnummer/go 1 https://github.com/amundsen-io/amundsenfrontendlibrary 1 https://github.com/elastic/apm-agent-go 1 https://github.com/jenkinsci/resource-disposer-plugin 1 https://github.com/zopefoundation/Products.GenericSetup 1 https://github.com/rust-vmm/linux-loader 1 https://github.com/npm/npm 1 https://github.com/triaxtec/openapi-python-client 1 https://github.com/arguiot/EyeJS 1 https://github.com/openstack/nova 1 https://github.com/jenkinsci/gitlab-plugin 1 https://github.com/impredicative/bitlyshortener 1 https://github.com/aedart/ion 1 https://github.com/dub-flow/vulnerability-research 1 https://github.com/jenkinsci/parameterized-remote-trigger-plugin 1 https://github.com/elastic/apm-agent-dotnet 1 https://github.com/tendermint/tendermint 1 https://github.com/go-gitea/gitea 1 https://github.com/jenkinsci/ssh-agent-plugin 1 https://github.com/MicrochipTech/cryptoauthlib 1 https://github.com/oauth2-proxy/oauth2-proxy 1 https://github.com/visionmedia/debug 1 https://github.com/plannigan/hyper-bump-it 1