Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Moderate Security Advisories

Loading...
Moderate
GSA_kwCzR0hTQS00OHJoLXFnanIteGZqNs4AAQtS
Improper Neutralization of Input During Web Page Generation in Jsoup
Ecosystems: maven
Packages: org.jsoup:jsoup
Source: GitHub Advisory Database
Blast Radius: 29.4
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1wOXdqLXdycm0tODRtNc4AAQs7
Simditor XSS Vulnerability
Ecosystems: npm
Packages: simditor
Source: GitHub Advisory Database
Blast Radius: 14.2
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS14OWZ2LWM4N3ctNTV3Y84AAQge
Improper Control of Generation of Code in Apache Camel
Ecosystems: maven
Packages: org.apache.camel:camel-core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1maDVjLTdnbWcteG1wNs4AAQeh
Kallithea cross-site scripting (XSS) vulnerability
Ecosystems: pypi
Packages: Kallithea
Source: GitHub Advisory Database
Blast Radius: 4.2
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS12Zmc5LXBoanAtOWZyd84AAQeP
Kallithea CRLF injection vulnerability
Ecosystems: pypi
Packages: kallithea
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1oaHg5LTR2dzIteDU0cs4AAQeY
RhodeCode and Kallithea are vulnerable to sensitive information disclosure
Ecosystems: pypi
Packages: Kallithea, RhodeCode
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1qd3B3LXBwajUtN2g0d84AAQdw
OpenStack Keystone Logs Passwords
Ecosystems: pypi
Packages: keystone
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS03amN4LWo2Z3YtbTRoZs4AAQaT
Jenkins Fortify on Demand Uploader Plugin CSRF vulnerability
Ecosystems: maven
Packages: org.jenkins-ci.plugins:fortify-on-demand-uploader
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1qcDRyLXBmNXItNHdnOM4AAQaa
CSRF vulnerability in Jenkins OpenShift Deployer Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:openshift-deployer
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS13cWpqLWM5Y3gtcTdjZs4AAQav
Jenkins Lockable Resources Plugin XSS vulnerability
Ecosystems: maven
Packages: org.6wind.jenkins:lockable-resources
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1xcmgyLW1oOTctcHc4cM4AAQap
CSRF vulnerability in Jenkins Audit to Database Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:audit2db
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS02ajVqLXc2djQtcndxcs4AAQaW
Jenkins VMware Lab Manager Slaves Plugin vulnerable CSRF vulnerability
Ecosystems: maven
Packages: org.jenkins-ci.plugins:labmanager
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS13Zzd4LXZmNTQtOXFqd84AAQaV
CSRF vulnerability in Jenkins FTP publisher Plugin
Ecosystems: maven
Packages: org.jvnet.hudson.plugins:ftppublisher
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS02bWdxLXZoN3ItZ2NjY84AAQam
CSRF vulnerability in Jenkins sinatra-chef-builder Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:sinatra-chef-builder
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1xajhwLWM3MzMtdjQ5NM4AAQas
CSRF vulnerability in Zephyr Enterprise Test Management Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:zephyr-enterprise-test-management
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS00NDlwLTdjM3AtdmY3Z84AAQaq
CSRF vulnerability in Jenkins Gearman Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:gearman-plugin
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS01cTYzLWp2YzktcXBods4AAQaj
Cross-site request forgery vulnerability in Jenkins Nomad Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:nomad
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS04djI2LTNwODMtbWYyZ84AAQak
Jenkins OpenID Plugin CSRF vulnerability
Ecosystems: maven
Packages: org.jenkins-ci.plugins:openid
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS0yM3I3LWhmNmctcXFxZ84AAQan
CSRF vulnerability in Jenkins SOASTA CloudTest Plugin
Ecosystems: maven
Packages: com.soasta.jenkins:cloudtest
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS14d2Y0LTg4eHItaHgyas4AAQZ1
Cross site scripting in Apache Sling
Ecosystems: maven
Packages: org.apache.sling:org.apache.sling.xss.compat, org.apache.sling:org.apache.sling.xss
Source: GitHub Advisory Database
Blast Radius: 8.8
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS0yN3YyLTM5OHgtZjc0eM4AAQZm
MAGMI cross-site scripting (XSS)
Ecosystems: packagist
Packages: dweeves/magmi
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1jMjUyLXhjOHYtbXFtbc4AAQZi
MAGMI plugin for Magento Server Directory Traversal
Ecosystems: packagist
Packages: dweeves/magmi
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS14bTc4LTRtM2ctN3dtN84AAQYv
Improper Authentication in Apache Kafka
Ecosystems: maven
Packages: org.apache.kafka:kafka-clients
Source: GitHub Advisory Database
Blast Radius: 29.3
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS01NmZmLW02cHYtODU5NM4AAQZG
Missing permission check in Jenkins VMware Lab Manager Slaves Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:labmanager
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS00bXZjLTMzdjctY3FjM84AAQYY
Missing permission check in Jenkins sinatra-chef-builder Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:sinatra-chef-builder
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS02cGo5LTVxNmotajk3Y84AAQZJ
Missing permission check in Jenkins Gearman Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:gearman-plugin
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS0zZjNwLXFoZnYtN3A4aM4AAQZH
Jenkins openid Plugin missing permission check
Ecosystems: maven
Packages: org.jenkins-ci.plugins:openid
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1maGdnLWo5MmgtMjlyY84AAQYZ
Missing permission check in Jenkins SOASTA CloudTest Plugin
Ecosystems: maven
Packages: com.soasta.jenkins:cloudtest
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1yNWpyLTgyeDQtcjZqN84AAQYW
Jenkins Crowd Integration Plugin stores credentials in plain text
Ecosystems: maven
Packages: com.ds.tools.hudson:crowd
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1tNDZwLXJwOHgteDhjNM4AAQYa
CSRF vulnerability in Jenkins OpenShift Deployer Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:openshift-deployer
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS00cDVyLTJtNWMtaHZjY84AAQZF
Jenkins Zephyr Enterprise Test Management Plugin missing permission check
Ecosystems: maven
Packages: org.jenkins-ci.plugins:zephyr-enterprise-test-management
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1wMjc4LTJxaDktNm13as4AAQYX
Jenkins Nomad Plugin missing permission check
Ecosystems: maven
Packages: org.jenkins-ci.plugins:nomad
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1mZnY4LXg4MjItZng3M84AAQYV
Jenkins TestFairy Plugin stores credentials in plain text
Ecosystems: maven
Packages: org.jenkins-ci.plugins:TestFairy
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS0zcDZjLTl4aG0tOHg3aM4AAQVR
October CMS XSS
Ecosystems: packagist
Packages: october/october
Source: GitHub Advisory Database
Blast Radius: 5.2
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS05Nm1oLTd4cHItcWNnd84AAQVQ
October CMS - RainLab Blog Plugin XSS
Ecosystems: packagist
Packages: rainlab/blog-plugin
Source: GitHub Advisory Database
Blast Radius: 6.4
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1namZ4LTl3eDMtajZyN84AAQUt
Apache MyFaces Vulnerable to Path Traversal
Ecosystems: maven
Packages: org.apache.myfaces.core:myfaces-impl
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1qeDM0LXBwcG0tZ2p2cs4AAQNk
SaltStack Salt Directory Traversal vulnerability in salt-api
Ecosystems: pypi
Packages: salt
Source: GitHub Advisory Database
Blast Radius: 13.9
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1jOHdqLXEzNnEtM3dnNM4AAQK-
phpMyAdmin Arbitrary file read vulnerability
Ecosystems: packagist
Packages: phpmyadmin/phpmyadmin
Source: GitHub Advisory Database
Blast Radius: 6.9
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS12MnJoLTV2ODgtcmd2aM4AAQJX
Moodle context freezing
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 6.1
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1wajQ1LWhwOGgtMjg5cs4AAQI5
Moodle Secure layout contained an insecure link in Boost theme
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 6.1
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1wcHJxLTQ0ODgtd2dxeM4AAQF7
Insecure transport protocol in Gradle
Ecosystems: maven
Packages: org.gradle:gradle-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1xNHJyLTY0cjktZndnZs4AAQE8
Kubernetes DoS Vulnerability
Ecosystems: go
Packages: k8s.io/kubernetes
Source: GitHub Advisory Database
Blast Radius: 28.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1qOTlxLXJ3cDYtNDk4Z84AAQE6
Gitea Arbitrary File Delete Vulnerability
Ecosystems: go
Packages: code.gitea.io/gitea
Source: GitHub Advisory Database
Blast Radius: 10.3
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS13d2Z3LW01NGctZ3Y3Ms4AAQDD
ChakraCore information disclosure vulnerability
Ecosystems: nuget
Packages: Microsoft.ChakraCore
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS01NjMzLWYzM2otYzZmN83_9A
Tampering vulnerability in .NET Core
Ecosystems: nuget
Packages: Microsoft.NETCore.App
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1xOTl3LWo0bWotN2hqOM3-aw
Contao Information Disclosure via Access Control Flaws
Ecosystems: packagist
Packages: contao/contao
Source: GitHub Advisory Database
Blast Radius: 5.5
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS04aDdwLXFqdjgtOW1wNM39jw
Improper Access Control in Telerik Extensions
Ecosystems: nuget
Packages: TelerikMvcExtensions
Source: GitHub Advisory Database
Blast Radius: 11.6
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1oaDkyLXdnN3YtOHZmcs39UQ
Gleez CMS Vulnerability Allows Forced Browsing to Profile Page of Other Users
Ecosystems: packagist
Packages: gleez/cms
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1mcGc2LXhxajQtajd3Zs38gw
Jenkins Jira Plugin Incorrect Authorization vulnerability
Ecosystems: maven
Packages: org.jenkins-ci.plugins:jira
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS03OThwLTUzcjctbWd3Oc38bQ
Jenkins HipChat Plugin allows attackers with Overall/Read access to obtain credential IDs
Ecosystems: maven
Packages: org.jvnet.hudson.plugins:hipchat
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS0zMjJ4LWp2NWgtY3ZqaM38Xg
Jenkins Ansible Plugin man in the middle vulnerability
Ecosystems: maven
Packages: org.jenkins-ci.plugins:ansible
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS05cjdmLXJxaHctajhoOM38ag
Incorrect permission checks in Pipeline: Nodes and Processes plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins.workflow:workflow-durable-task-step
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS14Z2NjLXIyZjMtcnE2cM38Tw
ChakraCore information disclosure vulnerability
Ecosystems: nuget
Packages: Microsoft.ChakraCore
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1waGY4LTNxZ3Ytcmc1cc37zQ
Missing Authorization in Jenkins Blue Ocean Plugin
Ecosystems: maven
Packages: io.jenkins.blueocean:blueocean
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS0yNjh2LTJxcTctODRwZs37rQ
Missing permission check in Jenkins Favorite Plugin
Ecosystems: maven
Packages: org.jvnet.hudson.plugins:favorite
Source: GitHub Advisory Database
Blast Radius: 8.3
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1wOXIyLWdnaHEtaGM1N8370Q
Jenkins Multijob plugin did not check permissions in the Resume Build action
Ecosystems: maven
Packages: org.jenkins-ci.plugins:jenkins-multijob-plugin
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS12aGgzLW12YzQtaGhxNs37xw
Jenkins Dependency Graph Viewer plugin vulnerable to missing permission checks
Ecosystems: maven
Packages: org.jenkins-ci.plugins:depgraph-view
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1wOHg4LXA0NzMtbW1tds37rg
Missing Authorization in Jenkins
Ecosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS12OXhxLXZoNzItY2hyNM37Xg
Moodle Unauthenticated users can trigger custom messages to admin via paypal enrol script
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 7.5
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1ycWYyLTRnZ2MtYzc0d837EA
Jenkins WebSphere Deployer Plugin stores credentials in plain text
Ecosystems: maven
Packages: org.jenkins-ci.plugins:websphere-deployer
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1yY3J2LTZyN3ItcnI3bc367Q
Missing permission check in Jenkins FTP publisher Plugin
Ecosystems: maven
Packages: org.jvnet.hudson.plugins:ftppublisher
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS03aDk5LXZqbWYtNXBnOM37AA
Jenkins VMware vRealize Automation Plugin Missing Encryption of Sensitive Data
Ecosystems: maven
Packages: com.inkysea.vmware.vra:vmware-vrealize-automation-plugin
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS01Nzd3LTYyY3AtZjY3aM37Bg
Jenkins Trac Publisher Plugin stores credentials in plain text
Ecosystems: maven
Packages: org.jenkins-ci.plugins:trac-publisher-plugin
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS14anJyLTVqcHYtdjZtd8367A
Jenkins CloudFormation Plugin stores credentials in plain text
Ecosystems: maven
Packages: org.jenkins-ci.plugins:jenkins-cloudformation-plugin
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1wNnFyLTI4NmctNzlyds37Cg
Jenkins Jira Issue Updater Plugin stores credentials in plain text
Ecosystems: maven
Packages: info.bluefloyd.jenkins:jenkins-jira-issue-updater
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS13Y2hoLXd2cHgtcGY0N8360g
Jenkins Upload to pgyer Plugin stores credentials in plain text
Ecosystems: maven
Packages: ren.helloworld:upload-pgyer
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1jcTltLXJwbTUtMjdtOc36zA
Jenkins Perfecto Mobile Plugin stores credentials in plain text
Ecosystems: maven
Packages: org.jenkins-ci.plugins:perfectomobile
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS04ajYyLTI5amctNmhqNs37BA
Jenkins wildFly Deployer Plugin stores credentials in plain text
Ecosystems: maven
Packages: org.jenkins-ci.plugins:wildfly-deployer
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS00OTJ4LWdmcXgtd3BmM8360A
Missing permission check in Jenkins Audit to Database Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:audit2db
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1nMnJwLXF3cnEtcXFxcc36yw
Jenkins Open STF Plugin stores credentials in plain text
Ecosystems: maven
Packages: org.jenkins-ci.plugins:open-stf
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS0yOWdxLWgyN3ctNTRxZs36-w
Jenkins VS Team Services Continuous Deployment Plugin stores credentials in plain text
Ecosystems: maven
Packages: org.jenkins-ci.plugins:vsts-cd
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS12YzJ2LTM0YzQtdmc5Y836zQ
Jenkins Fabric-beta-publisher Plugin stores credentials in plain text
Ecosystems: maven
Packages: egor-n:fabric-beta-publisher
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS0zMjk3LTk0NHgtajd4N835TA
Incorrect Authorization in Jenkins Core
Ecosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS0yM2g5LW01NW0tYzVqcM33tA
Jenkins Token Macro Plugin's recursive token expansion results in information disclosure and DoS
Ecosystems: maven
Packages: org.jenkins-ci.plugins:token-macro
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS0ybWg5LXdwZ3YtN3hyOM33oA
Jenkins Cloud Foundry Plugin vulnerable to exposure of sensitive information
Ecosystems: maven
Packages: org.jenkins-ci.plugins:cloudfoundry
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1tbXF4LWc3OGMtaHZmas33fw
Jenkins AppDynamics Dashboard Plugin has insufficiently protected credentials
Ecosystems: maven
Packages: org.jenkins-ci.plugins:appdynamics-dashboard
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1oM3JnLTRoNWctOGZxZ833WQ
SSRF vulnerability due to missing permission check in Fortify on Demand Uploader Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:fortify-on-demand-uploader
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1mZmo4LXc0cmotdnI3ds33WA
ECS Publisher Plugin stored and displayed API token in plain text
Ecosystems: maven
Packages: de.eacg:ecs-publisher
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS0yMnhwLTdyY3gteHAzNM33Vw
Jenkins Slack Notification Plugin missing permission check
Ecosystems: maven
Packages: org.jenkins-ci.plugins:slack
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1tMzNjLWNqamotMm1nNM33hA
Missing permission check in Azure VM Agents Plugin allowed modifying VM configuration
Ecosystems: maven
Packages: org.jenkins-ci.plugins:azure-vm-agents
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS0zaGc2LWM3ZjgtMzM0OM33VA
Information disclosure in Azure VM Agents Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:azure-vm-agents
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1yMnZ3LXgzaHItOTY5ds33VQ
Unprivileged users with Overall/Read access are able to enumerate credential IDs in Azure VM Agents Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:azure-vm-agents
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS05bTNjLXhmaGYtNTNtaM33cg
Jenkins DeployHub Plugin stores credentials in plain text
Ecosystems: maven
Packages: com.openmake:deployhub
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1waDlmLWg0NjItajVqZ833ag
Jenkins Diawi Upload Plugin stores credentials in plain text
Ecosystems: maven
Packages: org.jenkins-ci.plugins:diawi-upload
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1xNXdtLXFneGotaDlwaM33cQ
Missing permission check in Jenkins Kmap Plugin allow SSRF
Ecosystems: maven
Packages: rg.jenkins-ci.plugins:kmap-jenkins
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1obWYyLXBybTUtcnZ4bc33aQ
Jenkins mabl Plugin stores credentials in plain text
Ecosystems: maven
Packages: com.mabl.integration.jenkins:mabl-integration
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS0ycjQ2LWN3Z20tdnZqeM33bw
Missing permission check in Jenkins jenkins-reviewbot Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:jenkins-reviewbot
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1weGdyLXJjOGctcGo3cs33LQ
Jenkins crittercism-dsym Plugin stores API key in plain text
Ecosystems: maven
Packages: org.jenkins-ci.plugins:crittercism-dsym
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS13aGNnLTIzNjQtNjcyZs33aw
Missing permission check in Jenkins Netsparker Cloud Scan Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:netsparker-cloud-scan
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1jcjk4LTY0aDktZzhjZ833TA
Jenkins Klaros-Testmanagement Plugin stores credentials in plain text
Ecosystems: maven
Packages: hudson.plugins.klaros:klaros-testmanagement
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS00N21wLXJxMngtd2pmMs32tg
Improper Neutralization of CRLF Sequences in HTTP Headers in Undertow
Ecosystems: maven
Packages: org.jboss.eap:wildfly-undertow
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS00cjJwLXdwdjUtNjgzd832fQ
Moodle XSS Vulnerability
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 7.6
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS14NWZjLXBncHgtNTlqNc32hw
Server side object manipulation in Apache Struts
Ecosystems: maven
Packages: org.apache.struts:struts2-core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1wbXFxLTd3ZnYtamZmZs32Uw
Apache POI's XLSX2CSV Example XML External Entity (XXE) Vulnerability
Ecosystems: maven
Packages: org.apache.poi:poi-examples
Source: GitHub Advisory Database
Blast Radius: 16.3
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS03OHZ2LXFqNzMtaDltNc32LQ
Improper Restriction of Recursive Entity References in DTDs in Apache POI
Ecosystems: maven
Packages: org.apache.poi:poi
Source: GitHub Advisory Database
Blast Radius: 26.8
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS13cndmLXBtbWotdzk4Oc32Ww
Observable Discrepancy in BouncyCastle
Ecosystems: maven
Packages: org.bouncycastle:bcprov-jdk15on
Source: GitHub Advisory Database
Blast Radius: 25.2
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS00YzV3LXFxZmctZ3JmM831xg
Symphony CMS XSS Vulnerabilities
Ecosystems: packagist
Packages: symphonycms/symphony-2
Source: GitHub Advisory Database
Blast Radius: 4.3
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1ndmM4LXhqZnAtNjU2Oc31yA
Silverstripe CMS XSS Vulnerability
Ecosystems: packagist
Packages: silverstripe/cms
Source: GitHub Advisory Database
Blast Radius: 20.7
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS14cDI2LXA1M2gtNmgycM309Q
Improper Neutralization of Input During Web Page Generation in LXML
Ecosystems: pypi
Packages: lxml
Source: GitHub Advisory Database
Blast Radius: 30.9
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS04dmpqLXdmNzMtdzg4Ms307g
Moodle Incorrect Default Settings
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Statistics
Advisories: 18,400
Packages: 8,303
Repositories: 2,461
Ecosystems: 12
Filter by Severity
Moderate 7,949 High 6,364 Critical 2,810 Low 986
Filter by Ecosystem
maven 2,553 packagist 2,152 pypi 1,747 npm 1,062 go 878 nuget 537 rubygems 373 cargo 261 hex 14 swift 12 pub 3 actions 3
Filter by Package
moodle/moodle 247 tensorflow 207 tensorflow-cpu 191 tensorflow-gpu 190 org.jenkins-ci.main:jenkins-core 114 magento/community-edition 96 org.apache.tomcat:tomcat 92 pimcore/pimcore 86 typo3/cms 66 microweber/microweber 62 django 54 dolibarr/dolibarr 53 apache-airflow 52 typo3/cms-core 51 phpmyadmin/phpmyadmin 50 thorsten/phpmyfaq 45 github.com/usememos/memos 42 actionpack 42 apache-superset 40 drupal/core 36 plone 35 showdoc/showdoc 34 concrete5/concrete5 34 librenms/librenms 32 org.keycloak:keycloak-core 31 ansible 31 github.com/mattermost/mattermost-server/v6 30 Plone 28 drupal/drupal 28 github.com/mattermost/mattermost/server/v8 27 intelliants/subrion 27 symfony/symfony 27 craftcms/cms 26 silverstripe/framework 25 com.liferay.portal:release.portal.bom 25 org.elasticsearch:elasticsearch 24 snipe/snipe-it 24 github.com/grafana/grafana 23 baserproject/basercms 22 github.com/answerdev/answer 21 org.apache.struts:struts2-core 20 k8s.io/kubernetes 20 grumpydictator/firefly-iii 19 nilsteampassnet/teampass 18 shopware/shopware 18 froxlor/froxlor 18 matrix-synapse 18 remdex/livehelperchat 18 rdiffweb 18 shopware/platform 18 getkirby/cms 17 org.apache.tomcat.embed:tomcat-embed-core 16 moin 16 vyper 15 github.com/argoproj/argo-cd/v2 15 prestashop/prestashop 14 tribalsystems/zenario 14 nokogiri 14 salt 14 puppet 14 yetiforce/yetiforce-crm 14 org.keycloak:keycloak-services 13 shopware/core 13 mautic/core 13 com.jfinal:jfinal 13 nova 13 org.xwiki.platform:xwiki-platform-oldcore 13 io.undertow:undertow-core 13 forkcms/forkcms 13 Pillow 13 com.thoughtworks.xstream:xstream 12 github.com/docker/docker 12 org.apache.jspwiki:jspwiki-main 12 github.com/goharbor/harbor 12 Django 12 tinymce 12 org.apache.solr:solr-core 12 github.com/hashicorp/vault 12 github.com/hashicorp/consul 12 feehi/feehicms 11 lavalite/cms 11 genix/cms 11 github.com/cilium/cilium 11 pyftpdlib 11 getgrav/grav 11 neutron 11 DotNetNuke.Core 11 github.com/hashicorp/nomad 11 org.keycloak:keycloak-parent 11 github.com/argoproj/argo-cd 11 typo3/cms-backend 10 org.springframework.security:spring-security-core 10 helm.sh/helm/v3 10 PaddlePaddle 10 francoisjacquet/rosariosis 10 activesupport 10 com.vaadin:vaadin-bom 10 github.com/containerd/containerd 10 joplin 10 github.com/greenpau/caddy-security 10 org.apache.jspwiki:jspwiki-war 10 org.springframework:spring-core 10 notebook 10 org.apache.nifi:nifi 10 github.com/mattermost/mattermost-server 10 contao/core-bundle 10 @openzeppelin/contracts-upgradeable 10 ec-cube/ec-cube 10 rack 10 wallabag/wallabag 10 @openzeppelin/contracts 10 org.eclipse.jetty:jetty-server 10 fat_free_crm 10 github.com/ethereum/go-ethereum 10 org.jenkins-ci.plugins:git 9 org.igniterealtime.openfire:parent 9 TinyMCE 9 gogs.io/gogs 9 cakephp/cakephp 9 ckeditor4 9 glance 9 swagger-ui 9 ghost 9 org.opencrx:opencrx-core-models 9 code.gitea.io/gitea 9 rubygems-update 9 directus 9 angular 9 org.jenkins-ci.plugins:script-security 9 publify_core 9 zendframework/zendframework1 9 tinymce/tinymce 9 org.mortbay.jetty:jetty 9 bolt/bolt 9 jquery-rails 9 github.com/kubeedge/kubeedge 8 rails 8 org.apache.archiva:archiva 8 org.opencms:opencms-core 8 opencv-contrib-python 8 org.webjars.npm:jquery 8 jquery 8 Microsoft.ChakraCore 8 electron 8 github.com/openfga/openfga 8 simplesamlphp/simplesamlphp 8 actionview 8 impresscms/impresscms 8 contao/contao 8 editor.md 8 rails-html-sanitizer 8 silverstripe/cms 8 org.apache.activemq:activemq-client 8 opencv-python 8 wasmtime 8 centreon/centreon 8 org.jenkins-ci.plugins:electricflow 8 org.bouncycastle:bcprov-jdk14 8 roundup 8 bootstrap 8 org.jenkins-ci.plugins:config-file-provider 7 phpmyfaq/phpmyfaq 7 org.owasp.antisamy:antisamy 7 next 7 kevinpapst/kimai2 7 sylius/sylius 7 io.jenkins:configuration-as-code 7 activerecord 7 modoboa 7 org.apache.cxf:cxf-core 7 validator 7 github.com/google/fscrypt 7 trytond 7 wagtail 7 org.opennms:opennms 7 jQuery.UI.Combined 7 jquery-ui-rails 7 pyload-ng 7 jQuery 7 pillow 7 org.webjars.npm:jquery-ui 7 com.vaadin:flow-server 7 org.jenkins-ci.plugins:subversion 7 admidio/admidio 7 org.apache.santuario:xmlsec 7 vantage6 7 org.bouncycastle:bcprov-jdk15on 7 org.bouncycastle:bcprov-jdk15 7 org.jenkins-ci.plugins:email-ext 7 keystone 7 github.com/moby/moby 7 aiohttp 7 phpbb/phpbb 7 org.apache.james:james-server 7 OctoPrint 7 io.jenkins.blueocean:blueocean 7 silverstripe/admin 7 jquery-ui 7 github.com/cubefs/cubefs 6 io.netty:netty 6
Filter by Repository
https://github.com/tensorflow/tensorflow 207 https://github.com/moodle/moodle 164 https://github.com/jenkinsci/jenkins 90 https://github.com/pimcore/pimcore 83 https://github.com/microweber/microweber 58 https://github.com/apache/tomcat 53 https://github.com/apache/airflow 51 https://github.com/django/django 50 https://github.com/thorsten/phpmyfaq 45 https://github.com/usememos/memos 42 https://github.com/xwiki/xwiki-platform 38 https://github.com/rails/rails 33 https://github.com/star7th/showdoc 32 https://github.com/kubernetes/kubernetes 32 https://github.com/TYPO3/typo3 32 https://github.com/librenms/librenms 30 https://github.com/plone/Products.CMFPlone 29 https://github.com/keycloak/keycloak 27 https://github.com/ansible/ansible 26 https://github.com/symfony/symfony 22 https://github.com/phpmyadmin/phpmyadmin 22 https://github.com/answerdev/answer 21 https://github.com/spring-projects/spring-framework 21 https://github.com/craftcms/cms 21 https://github.com/Dolibarr/dolibarr 21 https://github.com/snipe/snipe-it 20 https://github.com/argoproj/argo-cd 19 https://github.com/firefly-iii/firefly-iii 19 https://github.com/concretecms/concretecms 19 https://github.com/apache/activemq 19 https://github.com/ikus060/rdiffweb 18 https://github.com/livehelperchat/livehelperchat 18 https://github.com/python-pillow/Pillow 18 https://github.com/grafana/grafana 18 https://github.com/apache/struts 17 https://github.com/matrix-org/synapse 17 https://github.com/shopware/platform 17 https://github.com/magento/magento2 16 https://github.com/shopware/shopware 16 https://github.com/vyperlang/vyper 15 https://github.com/CVEProject/cvelist 15 https://github.com/TYPO3/TYPO3.CMS 14 https://github.com/yetiforcecompany/yetiforcecrm 14 https://github.com/OpenNMS/opennms 14 https://github.com/froxlor/froxlor 14 https://github.com/PaddlePaddle/Paddle 14 https://github.com/go-gitea/gitea 13 https://github.com/x-stream/xstream 13 https://github.com/mautic/mautic 13 https://github.com/getkirby/kirby 13 https://github.com/octobercms/october 13 https://github.com/apache/cxf 12 https://github.com/netty/netty 12 https://github.com/goharbor/harbor 12 https://github.com/tinymce/tinymce 12 https://github.com/silverstripe/silverstripe-framework 11 https://github.com/contao/contao 11 https://github.com/cilium/cilium 11 https://github.com/PrestaShop/PrestaShop 11 https://github.com/intelliants/subrion 11 https://github.com/forkcms/forkcms 11 https://github.com/moby/moby 10 https://github.com/saltstack/salt 10 https://github.com/laurent22/joplin 10 https://github.com/jquery/jquery 10 https://github.com/helm/helm 10 https://github.com/baserproject/basercms 10 https://github.com/vaadin/platform 10 https://github.com/OpenZeppelin/openzeppelin-contracts 10 https://github.com/greenpau/caddy-security 10 https://github.com/nilsteampassnet/TeamPass 10 https://github.com/mattermost/mattermost 10 https://github.com/containerd/containerd 10 https://github.com/liufee/cms 10 https://github.com/ethereum/go-ethereum 10 https://github.com/jenkinsci/git-plugin 9 https://github.com/sparklemotion/nokogiri 9 https://github.com/publify/publify 9 https://github.com/geoserver/geoserver 9 https://github.com/strapi/strapi 9 https://github.com/apache/nifi 9 https://github.com/electron/electron 9 https://github.com/puppetlabs/puppet 9 https://github.com/fatfreecrm/fat_free_crm 9 https://github.com/github/advisory-database 9 https://github.com/pandao/editor.md 8 https://github.com/ckeditor/ckeditor4 8 https://github.com/hashicorp/consul 8 https://github.com/jupyter/notebook 8 https://github.com/directus/directus 8 https://github.com/getgrav/grav 8 https://github.com/LavaLite/cms 8 https://github.com/nilsteampassnet/teampass 8 https://github.com/bcgit/bc-java 8 https://github.com/rubygems/rubygems 8 https://github.com/kubeedge/kubeedge 8 https://github.com/openfga/openfga 8 https://github.com/TryGhost/Ghost 8 https://github.com/eclipse/jetty.project 8 https://github.com/swagger-api/swagger-ui 8 https://github.com/bytecodealliance/wasmtime 8 https://github.com/rack/rack 8 https://github.com/rails/rails-html-sanitizer 8 https://github.com/wallabag/wallabag 8 https://github.com/opencv/opencv 7 https://github.com/nahsra/antisamy 7 https://github.com/hashicorp/vault 7 https://github.com/vantage6/vantage6 7 https://github.com/chakra-core/ChakraCore 7 https://github.com/google/fscrypt 7 https://github.com/pyload/pyload 7 https://github.com/dolibarr/dolibarr 7 https://github.com/jenkinsci/blueocean-plugin 7 https://github.com/aio-libs/aiohttp 7 https://github.com/traefik/traefik 7 https://github.com/vaadin/flow 7 https://github.com/wagtail/wagtail 7 https://github.com/modoboa/modoboa 7 https://github.com/jeecgboot/jeecg-boot 7 https://github.com/giampaolo/pyftpdlib 7 https://github.com/apache/zeppelin 7 https://github.com/twbs/bootstrap 7 https://github.com/kevinpapst/kimai2 7 https://github.com/thorsten/phpMyFAQ 7 https://github.com/gogs/gogs 7 https://github.com/jenkinsci/fortify-on-demand-uploader-plugin 6 https://github.com/cubefs/cubefs 6 https://github.com/panva/jose 6 https://github.com/croogo/croogo 6 https://github.com/d4wner/Vulnerabilities-Report 6 https://github.com/jenkinsci/config-file-provider-plugin 6 https://github.com/containers/podman 6 https://github.com/dompdf/dompdf 6 https://github.com/ipython/ipython 6 https://github.com/opensearch-project/security 6 https://github.com/1Panel-dev/1Panel 6 https://github.com/umbraco/Umbraco-CMS 6 https://github.com/faucetsdn/ryu 6 https://github.com/jenkinsci/script-security-plugin 6 https://github.com/jenkinsci/configuration-as-code-plugin 6 https://github.com/cui2shark/security 6 https://github.com/neorazorx/facturascripts 6 https://github.com/simplesamlphp/simplesamlphp 6 https://github.com/jquery/jquery-ui 6 https://github.com/cloudflare/cfrpki 6 https://github.com/opencast/opencast 6 https://github.com/oroinc/orocommerce 6 https://github.com/dotnet/runtime 6 https://github.com/igniterealtime/Openfire 6 https://github.com/backstage/backstage 6 https://github.com/urllib3/urllib3 6 https://github.com/pimcore/customer-data-framework 6 https://github.com/onionshare/onionshare 6 https://github.com/pimcore/admin-ui-classic-bundle 6 https://github.com/parse-community/parse-server 6 https://github.com/unshiftio/url-parse 5 https://github.com/lief-project/LIEF 5 https://github.com/apache/lucene-solr 5 https://github.com/apache/tika 5 https://github.com/Amanieu/parking_lot 5 https://github.com/openstack/keystone 5 https://github.com/hyperium/hyper 5 https://github.com/kivikakk/comrak 5 https://github.com/hashicorp/nomad 5 https://github.com/TribalSystems/Zenario 5 https://github.com/Sylius/Sylius 5 https://github.com/numpy/numpy 5 https://github.com/admidio/admidio 5 https://github.com/NodeBB/NodeBB 5 https://github.com/lxml/lxml 5 https://github.com/cloudfoundry/uaa 5 https://github.com/yiisoft/yii2 5 https://github.com/puma/puma 5 https://github.com/etcd-io/etcd 5 https://github.com/vercel/next.js 5 https://github.com/cri-o/cri-o 5 https://github.com/rancher/rancher 5 https://github.com/sulu/sulu 5 https://github.com/paritytech/frontier 5 https://github.com/cakephp/cakephp 5 https://github.com/undertow-io/undertow 5 https://github.com/evershopcommerce/evershop 5 https://github.com/cosmos/cosmos-sdk 5 https://github.com/OctoPrint/OctoPrint 5 https://github.com/apache/dolphinscheduler 5 https://github.com/apache/superset 5 https://bitbucket.org/snakeyaml/snakeyaml 5 https://github.com/alextselegidis/easyappointments 5 https://github.com/opencontainers/runc 5 https://github.com/nodejs/undici 5 https://github.com/jenkinsci/codedx-plugin 5 https://github.com/nervosnetwork/ckb 5 https://github.com/gradio-app/gradio 5 https://github.com/semplon/GeniXCMS 5 https://github.com/bolt/bolt 5 https://github.com/apache/kylin 5 https://github.com/quarkusio/quarkus 5 https://github.com/xuxueli/xxl-job 5 https://github.com/zitadel/zitadel 5