Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Moderate Security Advisories

Loading...
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZodjMtN2MzNC00aHg4
Hashicorp Nomad Information Exposure Through Environmental Variables
Ecosystems: go
Packages: github.com/hashicorp/nomad
Source: GitHub Advisory Database
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS02Z2NnLWhwMngtcTU0aM4AAgdM
Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server
Ecosystems: go
Packages: github.com/argoproj/argo-cd/v2
Source: GitHub Advisory Database
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS05cnZ3LTdteDctaDUzeM4AAlx0
CSRF vulnerability in Jenkins Database Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:database
Source: GitHub Advisory Database
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1xMzk3LXcyOGYtang5N84AAk1a
Stored XSS vulnerability in Jenkins ECharts API Plugin
Ecosystems: maven
Packages: io.jenkins.plugins:echarts-api
Source: GitHub Advisory Database
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS14OXJxLTloNDQtZjg0ds4AAk1J
Stored XSS vulnerability in Jenkins ECharts API Plugin
Ecosystems: maven
Packages: io.jenkins.plugins:echarts-api
Source: GitHub Advisory Database
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS02OHZyLThmNDYtdmM5Zs0kfA
Username spoofing in OnionShare
Ecosystems: pypi
Packages: onionshare-cli
Source: GitHub Advisory Database
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS14Njh4LXd2bTItaHFjOM4AAk06
Stored XSS vulnerability in Jenkins Compact Columns Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:compact-columns
Source: GitHub Advisory Database
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS05cDhqLWhyZ2YtamMyZ84AAwdQ
Apache Zeppelin Cross-site Scripting vulnerability
Ecosystems: maven
Packages: org.apache.zeppelin:zeppelin
Source: GitHub Advisory Database
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS1oajM2LXY3MngtY2M2as4AAlyB
Missing permission checks in Jenkins Database Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:database
Source: GitHub Advisory Database
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS05ajJwLThxcWYtaDU1Y84AAxl7
Cross-site Scripting in UDX Stateless Media Plugin
Ecosystems: packagist
Packages: wpcloud/wp-stateless
Source: GitHub Advisory Database
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS12amY4LXh3NmMtd2pocc4AAllA
CSRF vulnerability in Jenkins Flaky Test Handler Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:flaky-test-handler
Source: GitHub Advisory Database
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1xNHFxLThxMnItZzJmMs4AAlx5
Passwords transmitted in plain text by Jenkins ReadyAPI Functional Testing Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:soapui-pro-functional-testing
Source: GitHub Advisory Database
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1jY3dwLTYzM2otZzI5ds4AAlyH
Passwords stored in plain text by Jenkins ReadyAPI Functional Testing Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:soapui-pro-functional-testing
Source: GitHub Advisory Database
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1qODUyLW1wODItd3YyZ84AAk1A
Improper permission checks in Jenkins Swarm Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:swarm
Source: GitHub Advisory Database
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS0zMnhwLW02dmctZ3dwas4AAlk-
Missing permission check in Jenkins Pipeline Maven Integration Plugin allows enumerating credentials IDs
Ecosystems: maven
Packages: org.jenkins-ci.plugins:pipeline-maven
Source: GitHub Advisory Database
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1odjUzLXFqZzYtNXBtOc4AAkKl
XSS vulnerability in Jenkins Gatling Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:gatling
Source: GitHub Advisory Database
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1mODJ2LXBnNzQtNjY4Ns4AAkLi
Reflected XSS vulnerability in Jenkins AWSEB Deployment Plugin
Ecosystems: maven
Packages: br.com.ingenieux.jenkins.plugins:awseb-deployment-plugin
Source: GitHub Advisory Database
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS01eDg5LTc1cjctOHJqaM4AAkK2
XSS vulnerability in Jenkins useMango Runner Plugin
Ecosystems: maven
Packages: it.infuse.jenkins:usemango-runner
Source: GitHub Advisory Database
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS05OThtLWYyeDMtampxNM4AAoNt
CSRF vulnerability in Jenkins Config File Provider Plugin allows deleting configuration files
Ecosystems: maven
Packages: org.jenkins-ci.plugins:config-file-provider
Source: GitHub Advisory Database
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS0zbTNmLTIzMjMtNjRtN84AAoNh
Incorrect permission checks in Jenkins Config File Provider Plugin allow enumerating credentials IDs
Ecosystems: maven
Packages: org.jenkins-ci.plugins:config-file-provider
Source: GitHub Advisory Database
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS00NGNtLXA5cTctcnIzcM4AAmCw
Missing permission check in Jenkins Liquibase Runner Plugin allows enumerating credentials IDs
Ecosystems: maven
Packages: org.jenkins-ci.plugins:liquibase-runner
Source: GitHub Advisory Database
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS02ODN3LTg0bTctcDhwd84AAePK
User account enumeration via crafted URL
Ecosystems: pypi
Packages: plone
Source: GitHub Advisory Database
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS14cjM3LXBqZmgtcXd3Y84AAjcY
Fortify Plugin stored credentials in plain text
Ecosystems: maven
Packages: org.jenkins-ci.plugins:fortify
Source: GitHub Advisory Database
Published: about 1 year ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTQzNGgtcDRneC1qbTg5
Observable Response Discrepancy in Flask-AppBuilder
Ecosystems: pypi
Packages: Flask-AppBuilder
Source: GitHub Advisory Database
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1majZmLTY5MzMtODM5as4AAjcN
Non-constant time HMAC comparison
Ecosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1td2cyLTN4cHYtNXYyOM4AAoGG
CSRF vulnerability in Jenkins Micro Focus Application Automation Tools Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:hp-application-automation-tools-plugin
Source: GitHub Advisory Database
Published: about 1 year ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW1wcDUtMng1NS00OXh3
XSS in svg2png (NPM package)
Ecosystems: npm
Packages: svg2png
Source: GitHub Advisory Database
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS00d3g1LWM3MjMteHZ3ds4AAkZv
Credentials stored in plain text by Jenkins Copr Plugin
Ecosystems: maven
Packages: org.fedoraproject.jenkins.plugins:copr
Source: GitHub Advisory Database
Published: about 1 year ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTNwOTQtdmo5Ny1mbTRx
OS Command Injection in fsa
Ecosystems: npm
Packages: fsa
Source: GitHub Advisory Database
Published: over 1 year ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWM2YzQtam1xeC0zcjMz
Open Redirect in xdLocalStorage
Ecosystems: npm
Packages: xdLocalStorage
Source: GitHub Advisory Database
Published: over 1 year ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTRwOWctcWd4OS0zOTdw
Denial of Service in Page Error Handling
Ecosystems: packagist
Packages: typo3/cms-core
Source: GitHub Advisory Database
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1jaGdnLXJybXYtNXE3eM4AAuAh
Withdrawn
Ecosystems: npm
Packages: jwt-simple
Source: GitHub Advisory Database
Published: almost 3 years ago
Moderate
GSA_kwCzR0hTQS00M2oyLXI0djMtbThqcM4AAknk
Secrets are not masked by Jenkins Credentials Binding Plugin in builds without build steps
Ecosystems: maven
Packages: org.jenkins-ci.plugins:credentials-binding
Source: GitHub Advisory Database
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS00ajJwLXg3OW0tamNqOM4AAyo8
XXL-JOB vulnerable to Cross-site Scripting
Ecosystems: maven
Packages: com.xuxueli:xxl-job
Source: GitHub Advisory Database
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS1qOGM3LWZtODUtNmpqNs4AAiIo
Jenkins Call Remote Job Plugin has Insufficiently Protected Credentials
Ecosystems: maven
Packages: org.ukiuni.callOtherJenkins:call-remote-job-plugin
Source: GitHub Advisory Database
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1xZjM0LWY0M3ItZ3Y5cM4AAyZ8
Apache Archiva vulnerable to privilege escalation via stored cross-site scripting (XSS)
Ecosystems: maven
Packages: org.apache.archiva:archiva
Source: GitHub Advisory Database
Published: 2 months ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWhyY3AtOGYzcS00dzJj
XStream is vulnerable to an Arbitrary Code Execution attack
Ecosystems: maven
Packages: com.thoughtworks.xstream:xstream
Source: GitHub Advisory Database
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1nZjM0LWhoNXItZjc0aM4AAxkK
Cross-site Scripting in thorsten/phpmyfaq
Ecosystems: packagist
Packages: thorsten/phpmyfaq
Source: GitHub Advisory Database
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS13M2dtLXZ2NTgtd3I1Nc4AAo_l
Missing permission check in Jenkins requests-plugin Plugin allows sending emails
Ecosystems: maven
Packages: org.jenkins-ci.plugins:requests
Source: GitHub Advisory Database
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS13ZzJmLTlyZjctNDhnbc4AAv6P
Missing permission check in Jenkins loader.io Plugin allows enumerating credentials IDs
Ecosystems: maven
Packages: io.loader:loaderio-jenkins-plugin
Source: GitHub Advisory Database
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS1qODc0LTQ3eHgtOXhmZ84AAv6K
Missing permission check in Jenkins Delete log Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:delete-log-plugin
Source: GitHub Advisory Database
Published: 7 months ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWY2aG0tODh4My1tZmp2
A Server-Side Forgery Request can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host
Ecosystems: maven
Packages: com.thoughtworks.xstream:xstream
Source: GitHub Advisory Database
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1teDJxLTM1bTIteDJyaM4AAy0V
OpenZeppelin Contracts TransparentUpgradeableProxy clashing selector calls may not be delegated
Ecosystems: npm
Packages: @openzeppelin/contracts-upgradeable, @openzeppelin/contracts
Source: GitHub Advisory Database
Published: about 2 months ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXFwZnEtcGg3ci1xdjZm
XStream is vulnerable to an Arbitrary Code Execution attack
Ecosystems: maven
Packages: com.thoughtworks.xstream:xstream
Source: GitHub Advisory Database
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS02dmg2LTcyZzYteHF4Ms4AAwXg
FeehiCMS Cross Site Scripting vulnerability
Ecosystems: packagist
Packages: feehi/feehicms
Source: GitHub Advisory Database
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS1nd3B4LXEyaDktd3hneM0YzA
elgg is vulnerable to Authorization Bypass Through User-Controlled Key
Ecosystems: packagist
Packages: elgg/elgg
Source: GitHub Advisory Database
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1ncWdxLTc4NHEtdjl4cM4AAwXc
FeehiCMS Cross Site Scripting vulnerability
Ecosystems: packagist
Packages: feehi/feehicms
Source: GitHub Advisory Database
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS04dmpwLWhmZ2gtNjhyas4AAwXa
FeehiCMS Cross Site Scripting vulnerability
Ecosystems: packagist
Packages: feehi/feehicms
Source: GitHub Advisory Database
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS02cHFtLXh2ZmMtdzdwNM0Yzg
showdoc is vulnerable to Cross-Site Request Forgery (CSRF)
Ecosystems: packagist
Packages: showdoc/showdoc
Source: GitHub Advisory Database
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS0yNTJoLTJjbXEtcG1yNs4AAwXI
easywebpack-cli Path Traversal vulnerability
Ecosystems: npm
Packages: @easy-team/easywebpack-cli
Source: GitHub Advisory Database
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS12cmdoLTV3M2MtZ2dmOM0Y3g
showdoc is vulnerable to Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
Ecosystems: packagist
Packages: showdoc/showdoc
Source: GitHub Advisory Database
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS02dzlwLTg4cWctcDNnM80YyA
Cross-site Scripting in CKAN
Ecosystems: pypi
Packages: ckan
Source: GitHub Advisory Database
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS00Z3doLTJwcXgtZjVjY80Ywg
Cross-site Scripting in LibreNMS
Ecosystems: packagist
Packages: librenms/librenms
Source: GitHub Advisory Database
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1wd2gzLTNwY20tNnZqaM4AAwXN
FeehiCMS vulnerable to Cross Site Scripting
Ecosystems: packagist
Packages: feehi/feehicms
Source: GitHub Advisory Database
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS1qdzZ4LTRoOGgtNTY5eM4AAwXU
Roots Soil plugin vulnerable to Cross-site Scripting
Ecosystems: packagist
Packages: roots/soil
Source: GitHub Advisory Database
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS04cGYzLTZmZ3ItM2czZ84AAy3P
`chainId` may be outdated if user changes chains as part of connection in @web3-react
Ecosystems: npm
Packages: @web3-react/walletconnect, @web3-react/metamask, @web3-react/eip1193, @web3-react/coinbase-wallet
Source: GitHub Advisory Database
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS0zdndtLWZjODctbXE2aM4AAv6W
SSL/TLS certificate validation globally and unconditionally disabled by Jenkins NS-ND Integration Performance Publisher Plugin
Ecosystems: maven
Packages: io.jenkins.plugins:cavisson-ns-nd-integration
Source: GitHub Advisory Database
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS13MmozLXBxNjMtMzM5d84AAv6T
Incorrect permission checks in Jenkins Support Core Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:support-core
Source: GitHub Advisory Database
Published: 7 months ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWg2cXYtZjVnZi04Z2Nm
Missing Authorization in Jenkins P4 plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:p4
Source: GitHub Advisory Database
Published: almost 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXE1NDctZ21mOC04anI3
Signature Validation Bypass in goxmldsig
Ecosystems: go
Packages: github.com/russellhaering/goxmldsig
Source: GitHub Advisory Database
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1xMnFqLTYyOGctdmhmd84AAy3N
Insecure header validation in slim/psr7
Ecosystems: packagist
Packages: slim/psr7
Source: GitHub Advisory Database
Published: about 2 months ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTVnbTYtcjc5cS1oZmd3
Denial of service in direct_mail
Ecosystems: packagist
Packages: directmailteam/direct-mail
Source: GitHub Advisory Database
Published: about 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTk1Mm0tbTgzYy0zeG02
Open redirect in direct_mail
Ecosystems: packagist
Packages: directmailteam/direct-mail
Source: GitHub Advisory Database
Published: about 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWdyZnAtcTJtbS1oZnA2
Redirect URL matching ignores character casing
Ecosystems: go
Packages: github.com/ory/fosite
Source: GitHub Advisory Database
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS0zM3BnLW02amgtNTIzN84AAyiu
Docker Swarm encrypted overlay network traffic may be unencrypted
Ecosystems: go
Packages: github.com/docker/docker
Source: GitHub Advisory Database
Published: 2 months ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJmcTMtdzU0Yy1mOXE1
OAuth2 Redirect URL validity does not respect query parameters and character casing for loopback addresses
Ecosystems: go
Packages: github.com/ory/fosite
Source: GitHub Advisory Database
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS12N3hoLWg0OGMteHc1Zs4AAn-O
CSRF vulnerability and in Jenkins OWASP Dependency-Track Plugin allow capturing credentials
Ecosystems: maven
Packages: org.jenkins-ci.plugins:dependency-track
Source: GitHub Advisory Database
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS02d3JmLW14ZmotcGY1cM4AAyit
Docker Swarm encrypted overlay network with a single endpoint is unauthenticated
Ecosystems: go
Packages: github.com/docker/docker
Source: GitHub Advisory Database
Published: 2 months ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTM2eHctZng3OC1jNXI0
containerd-shim API Exposed to Host Network Containers
Ecosystems: go
Packages: github.com/containerd/containerd/cmd, github.com/containerd/containerd
Source: GitHub Advisory Database
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS01dnI2LWhtNjgtNWo5cM0YwQ
Cross-site Scripting in LibreNMS
Ecosystems: packagist
Packages: librenms/librenms
Source: GitHub Advisory Database
Published: over 1 year ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJmNmctdzVnai1jOTNo
Prototype Pollution in iniparserjs
Ecosystems: npm
Packages: iniparserjs
Source: GitHub Advisory Database
Published: about 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWpoajYtNW1oNi00cHZm
Denial-of-Service within Docker container
Ecosystems: go
Packages: ktbs.dev/teler/pkg/errors
Source: GitHub Advisory Database
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1yeHZ4LTl3ZzUtcXB3d84AAiYz
Jenkins iceScrum Plugin vulnerable to Cross-site Request Forgery
Ecosystems: maven
Packages: org.jenkins-ci.plugins:icescrum
Source: GitHub Advisory Database
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS12ZjdoLTYyNDYtaG00M80XYQ
The disqualify lead action may be executed without CSRF token check
Ecosystems: packagist
Packages: oro/crm
Source: GitHub Advisory Database
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS01M2M0LWhobWgtdnc1cc4AAwWx
Helm vulnerable to denial of service through through repository index file
Ecosystems: go
Packages: helm.sh/helm/v3
Source: GitHub Advisory Database
Published: 6 months ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTg2d2YtNDM2bS1oNDI0
Resource Exhaustion Denial of Service in http-proxy-agent
Ecosystems: npm
Packages: http-proxy-agent
Source: GitHub Advisory Database
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1qOWg0LXA2cDctODY1Ms4AAygL
Jenkins OctoPerf Load Testing Plugin vulnerable to credential capture
Ecosystems: maven
Packages: org.jenkinsci.plugins:octoperf
Source: GitHub Advisory Database
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS1oMjQ2LWczOXgtN3ZteM4AArAu
Missing permission check in Jenkins XebiaLabs XL Deploy Plugin allows enumerating credentials IDs
Ecosystems: maven
Packages: com.xebialabs.deployit.ci:deployit-plugin
Source: GitHub Advisory Database
Published: about 1 year ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTloeDItaGdxMi0yZzRm
Regular Expression Denial of Service (ReDoS) in Pillow
Ecosystems: pypi
Packages: Pillow
Source: GitHub Advisory Database
Published: about 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZnODgtOTl3ai04bWdn
Command injection in Apache Flink
Ecosystems: maven
Packages: org.apache.flink:flink-core
Source: GitHub Advisory Database
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS04OTRxLXdwZzUtbWYyaM4AAwO_
pyRdfa3 Cross-site Scripting vulnerability
Ecosystems: pypi
Packages: pyRdfa3
Source: GitHub Advisory Database
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS05N2c4LXhmdnctcTRoZ84AAwUZ
Keycloak vulnerable to session takeover with OIDC offline refreshtokens
Ecosystems: maven
Packages: org.keycloak:keycloak-parent
Source: GitHub Advisory Database
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS03cng2LTR2d3YtNDMyZ84AAoNz
Missing permission check in CloudBees CD Plugin allows scheduling builds
Ecosystems: maven
Packages: org.jenkins-ci.plugins:electricflow
Source: GitHub Advisory Database
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS14eGZ4LXcycnctZ2g2M84AAwVh
csaf-poc/csaf_distribution Cross-site Scripting vulnerability
Ecosystems: go
Packages: github.com/csaf-poc/csaf_distribution
Source: GitHub Advisory Database
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS0zdzM3LTVwM3AtanY5Ms4AAwSK
Apache CXF vulnerable to Exposure of Sensitive Information
Ecosystems: maven
Packages: org.apache.cxf:cxf-core
Source: GitHub Advisory Database
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS13aGdoLWcyNGMtM2o1cc4AAwSQ
hutool-json stack overflow vulnerability
Ecosystems: maven
Packages: cn.hutool:hutool-json
Source: GitHub Advisory Database
Published: 6 months ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWptdjQtNzN2Mi1wdmdj
Cross-site Scripting in OpenNMS Horizon
Ecosystems: maven
Packages: org.opennms:opennms
Source: GitHub Advisory Database
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS01Y3h3LTh2NjUtNzZ2Zs4AAoE1
CSRF vulnerability in Jenkins promoted builds Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:promoted-builds
Source: GitHub Advisory Database
Published: about 1 year ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTNjcnItOXZtZy04NjR2
Improper Input Validation in Active Record
Ecosystems: rubygems
Packages: activerecord
Source: GitHub Advisory Database
Published: over 5 years ago
Moderate
GSA_kwCzR0hTQS1tZ2oyLXE4d3AtMjlycs4AAwSY
TYPO3 CMS vulnerable to Insufficient Session Expiration after Password Reset
Ecosystems: packagist
Packages: typo3/cms, typo3/cms-core
Source: GitHub Advisory Database
Published: 6 months ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW00NWctZjQ1eC12djIy
Improper input validation in CNCF Cortex
Ecosystems: go
Packages: github.com/cortexproject/cortex
Source: GitHub Advisory Database
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1ycmZjLTdnOHAtOTlxOM4AAwSi
Possible XSS vulnerability with certain configurations of rails-html-sanitizer
Ecosystems: rubygems
Packages: rails-html-sanitizer
Source: GitHub Advisory Database
Published: 6 months ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTN4eHYtcDc4ci00ZmM2
Cross-site Scripting in apache-airflow
Ecosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS05aDlnLTkzZ2MtNjIzaM4AAwSh
Possible XSS vulnerability with certain configurations of rails-html-sanitizer
Ecosystems: rubygems
Packages: rails-html-sanitizer
Source: GitHub Advisory Database
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS02NXY4LTZwdnctand2cc4AAyq3
Answer vulnerable to Insertion of Sensitive Information Into Sent Data
Ecosystems: go
Packages: github.com/answerdev/answer
Source: GitHub Advisory Database
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS0yMjhnLTk0OHItODNneM4AAwSd
Improper neutralization of data URIs may allow XSS in Loofah
Ecosystems: rubygems
Packages: loofah
Source: GitHub Advisory Database
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS1xMmN2LTk0eG0tcXZnNM0XNA
firefly-iii is vulnerable to Cross-Site Request Forgery (CSRF)
Ecosystems: packagist
Packages: grumpydictator/firefly-iii
Source: GitHub Advisory Database
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS0ycXY1LTdtdzUtajNjZ84AAyhH
spin-rs initialisation failure in `Once::try_call_once` can lead to undefined behaviour for other initialisers
Ecosystems: cargo
Packages: spin
Source: GitHub Advisory Database
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS12Yzl4LWdtbXItcDdqas4AAwP1
Duplicate advisory: @claviska/jquery-minicolors vulnerable to Cross-site Scripting
Ecosystems: npm
Packages: @claviska/jquery-minicolors
Source: GitHub Advisory Database
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS05NTdtLWc2cmYtNGMybc4AAwQc
Alist Cross-site Scripting vulnerability
Ecosystems: go
Packages: github.com/alist-org/alist/v3
Source: GitHub Advisory Database
Published: 6 months ago
Filter by Package
tensorflow 207 tensorflow-cpu 191 tensorflow-gpu 190 org.jenkins-ci.main:jenkins-core 95 pimcore/pimcore 81 microweber/microweber 51 org.apache.tomcat:tomcat 49 github.com/usememos/memos 42 actionpack 42 thorsten/phpmyfaq 37 moodle/moodle 35 showdoc/showdoc 30 typo3/cms-core 29 org.keycloak:keycloak-core 27 apache-airflow 24 django 24 ansible 23 snipe/snipe-it 22 github.com/answerdev/answer 19 concrete5/concrete5 19 librenms/librenms 18 com.liferay.portal:release.portal.bom 18 rdiffweb 17 apache-superset 17 remdex/livehelperchat 17 typo3/cms 16 org.elasticsearch:elasticsearch 16 silverstripe/framework 16 Plone 16 matrix-synapse 15 shopware/platform 15 org.apache.struts:struts2-core 15 craftcms/cms 15 yetiforce/yetiforce-crm 14 org.springframework:spring-core 14 grumpydictator/firefly-iii 13 shopware/shopware 13 com.thoughtworks.xstream:xstream 12 Pillow 12 org.keycloak:keycloak-parent 12 io.undertow:undertow-core 12 froxlor/froxlor 12 org.apache.jspwiki:jspwiki-main 12 nova 12 feehi/feehicms 11 rails-html-sanitizer 11 rack 11 shopware/core 11 org.apache.nifi:nifi 11 fat_free_crm 11 dolibarr/dolibarr 11 com.vaadin:vaadin-bom 11 marked 10 cakephp/cakephp 10 github.com/ethereum/go-ethereum 10 org.apache.tomcat.embed:tomcat-embed-core 10 pyftpdlib 10 org.apache.jspwiki:jspwiki-war 10 github.com/goharbor/harbor 10 activerecord 9 tribalsystems/zenario 9 org.apache.solr:solr-core 9 notebook 9 intelliants/subrion 9 rubygems-update 9 getkirby/cms 9 swagger-ui 9 francoisjacquet/rosariosis 9 org.springframework.security:spring-security-core 9 publify_core 9 angular 9 rails 9 activesupport 9 org.apache.activemq:activemq-client 9 github.com/mattermost/mattermost-server/v6 9 org.xwiki.platform:xwiki-platform-oldcore 9 org.eclipse.jetty:jetty-server 9 github.com/hashicorp/nomad 8 helm.sh/helm/v3 8 github.com/containerd/containerd 8 org.apache.cxf:cxf-core 8 org.jenkins-ci.plugins:git 8 mautic/core 8 nokogiri 8 wasmtime 8 github.com/kubeedge/kubeedge 8 actionview 8 tinymce 8 opencv-python 8 opencv-contrib-python 8 gogs.io/gogs 8 getgrav/grav 8 drupal/core 8 validator 8 k8s.io/kubernetes 8 editor.md 8 github.com/argoproj/argo-cd/v2 7 github.com/mattermost/mattermost-server 7 puppet 7 io.jenkins:configuration-as-code 7 forkcms/forkcms 7 jquery-ui 7 github.com/argoproj/argo-cd 7 org.apache.poi:poi 7 contao/core-bundle 7 next 7 bootstrap 7 org.apache.tika:tika 7 jquery 7 wallabag/wallabag 7 nilsteampassnet/teampass 7 github.com/google/fscrypt 7 wagtail 7 github.com/grafana/grafana 7 onionshare-cli 6 org.apache.archiva:archiva 6 @openzeppelin/contracts 6 @openzeppelin/contracts-upgradeable 6 github.com/docker/docker 6 org.opennms:opennms 6 org.apache.cxf:cxf 6 org.igniterealtime.openfire:parent 6 org.bouncycastle:bcprov-jdk15 6 ghost 6 org.bouncycastle:bcprov-jdk14 6 com.vaadin:flow-server 6 org.apache.santuario:xmlsec 6 org.apache.geode:geode-core 6 io.jenkins.blueocean:blueocean 6 modoboa 6 url-parse 6 ember-source 6 github.com/hashicorp/consul 6 urijs 6 snyk-broker 6 org.apache.pdfbox:pdfbox 6 org.jboss.resteasy:resteasy-client 6 directus 6 facturascripts/facturascripts 6 ckeditor4 6 org.owasp.antisamy:antisamy 6 org.apache.ranger:ranger 6 glance 6 org.apache.kylin:kylin 6 kevinpapst/kimai2 6 org.opencms:opencms-core 6 org.apache.openmeetings:openmeetings-parent 5 org.jenkinsci.plugins:octoperf 5 Django 5 org.jenkins-ci.plugins:subversion 5 baserproject/basercms 5 backdrop/backdrop 5 electron 5 org.apache.atlas:atlas-common 5 org.csanchez.jenkins.plugins:kubernetes 5 pocketmine/pocketmine-mp 5 commons-jxpath:commons-jxpath 5 lief 5 joplin 5 github.com/cilium/cilium 5 numpy 5 sylius/sylius 5 pyload-ng 5 org.apache.httpcomponents:httpclient 5 org.apache.druid:druid 5 mysql:mysql-connector-java 5 feedparser 5 elefant/cms 5 parse-server 5 jQuery 5 org.apache.tika:tika-core 5 github.com/mattermost/mattermost-server/v5 5 comrak 5 ssddanbrown/bookstack 5 org.yaml:snakeyaml 5 github.com/opencontainers/runc 5 concrete5/core 5 github.com/hashicorp/vault 5 lock_api 5 github.com/kubernetes/kubernetes 5 Zope2 5 openssl-src 5 org.jenkins-ci.plugins:email-ext 5 org.jenkins-ci.plugins:codedx 5 sanitize-html 5 software.amazon.awssdk.iotdevicesdk:aws-iot-device-sdk 4 magento/community-edition 4 org.jenkins-ci.plugins:ec2 4 github.com/openfga/openfga 4 bottlerocket/update-operator 4 org.jenkins-ci.plugins:requests 4 directmailteam/direct-mail 4 org.jenkins-ci.plugins:p4 4 io.jenkins.plugins:cavisson-ns-nd-integration 4 loofah 4 org.jenkins-ci.plugins:google-login 4 org.jenkins-ci.plugins:google-compute-engine 4 org.jenkins-ci.plugins:ansible 4 glance 4 phpxmlrpc/phpxmlrpc 4 com.datapipe.jenkins.plugins:hashicorp-vault-plugin 4 github.com/cri-o/cri-o 4 com.synopsys.jenkinsci:ownership 4 devise 4 systeminformation 4 org.jenkins-ci.plugins:reportportal 4 com.sonyericsson.hudson.plugins.gerrit:gerrit-trigger 4 Microsoft.NETCore.App 4 Microsoft.AspNetCore.All 4 org.jenkins-ci.plugins:openshift-deployer 4 alextselegidis/easyappointments 4 twisted 4 calibreweb 4 camaleon_cms 4 github.com/pion/dtls/v2 4 github.com/pion/dtls 4 keystone 4 hapi 4 ipython 4 org.bouncycastle:bcprov-jdk15on 4 org.springframework:spring-webmvc 4 org.opensaml:opensaml 4 org.apache.karaf:apache-karaf 4 neutron 4 passenger 4 spree 4 org.jenkins-ci.plugins:jira-steps 4 org.jenkins-ci.plugins:ghprb 4 org.keycloak:keycloak-services 4 vditor 4 org.apache.spark:spark-core_2.11 4 org.apache.spark:spark-core_2.10 4 io.netty:netty-codec-http 4 materialize-css 4 october/cms 4 TinyMCE 4 tinymce/tinymce 4 aws-iot-device-sdk-v2 4 code.gitea.io/gitea 4 frontier 4 DotNetNuke.Core 4 undici 4 org.apache.james:james-server 4 awsiotsdk 4 handlebars 4 strapi 4 hyper 4 serve 4 lavalite/cms 4 symfony/symfony 4 github.com/dhowden/tag 4 keystone 4 puma 4 io.jenkins.plugins:miniorange-saml-sp 4 org.xwiki.platform:xwiki-platform-web 4 org.jenkins-ci.plugins:fortify-on-demand-uploader 3 github.com/kyverno/kyverno 3 jquery-rails 3 sequelize 3 io.vertx:vertx-core 3 pip 3 mayan-edms 3 org.jenkins-ci.plugins:cloudbees-jenkins-advisor 3 hudson.plugins:project-inheritance 3 jsonwebtoken 3 org.apache.zeppelin:zeppelin 3 Flask-AppBuilder 3 plone 3 org.jenkins-ci.plugins:config-file-provider 3 org.jenkins-ci.plugins:hp-application-automation-tools-plugin 3 com.xuxueli:xxl-job 3 com.xebialabs.ci:xlrelease-plugin 3 org.jenkins-ci.plugins:github-branch-source 3 github.com/traefik/traefik/v2 3 prestashop/prestashop 3 org.jenkins-ci.plugins:rapiddeploy-jenkins 3 org.jenkins-ci.plugins:libvirt-slave 3 xerces:xercesImpl 3 org.jenkins-ci.plugins:cons3rt 3 org.apache.camel:camel-core 3 SSCMS 3 bleach 3 org.jenkins-ci.plugins:ci-with-toad-edge 3 org.jenkins-ci.plugins:extended-choice-parameter 3 org.apache.ozone:ozone-main 3 org.jenkins-ci.plugins:active-directory 3 org.jenkins-ci.plugins:publish-over-ssh 3 org.conjur.jenkins:conjur-credentials 3 org.xwiki.platform:xwiki-platform-web-templates 3 silverstripe/admin 3 org.apache.xmlgraphics:batik 3 org.bouncycastle:bc-fips 3 io.goobi.viewer:viewer-core 3 feehi/cms 3 com.sonyericsson.jenkins.plugins.bfa:build-failure-analyzer 3 org.graylog2:graylog2-server 3 Microsoft.NETCore.App.Runtime.win-arm64 3 org.glassfish:javax.faces 3 Microsoft.NETCore.App.Runtime.win-x64 3 Microsoft.NETCore.App.Runtime.Mono.LLVM.linux-arm64 3