Ecosyste.ms: OpenCollective
An open API service for software projects hosted on Open Collective.
High
Ecosystems: pypi
Packages: omero-web
Source: github
Published: over 3 years ago
omero-web: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWdmcDItdzVqbS05NTVx
OMERO.web exposes some unnecessary session information in the pageEcosystems: pypi
Packages: omero-web
Source: github
Published: over 3 years ago
High
Ecosystems: npm
Packages: is-svg
Source: github
Published: almost 4 years ago
is-svg: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTdyMjgtM20zZi1yMnBy
Regular Expression Denial of Service (ReDoS)Ecosystems: npm
Packages: is-svg
Source: github
Published: almost 4 years ago
Moderate
Ecosystems: pypi
Packages: urllib3
Source: github
Published: almost 4 years ago
urllib3: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTVwaGYtcHA3cC12YzJy
Using default SSLContext for HTTPS requests in an HTTPS proxy doesn't verify certificate hostname for proxy connectionEcosystems: pypi
Packages: urllib3
Source: github
Published: almost 4 years ago
High
Ecosystems: npm
Packages: madge
Source: github
Published: almost 4 years ago
madge: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTc1M2MtcGhoZy1jajI5
Madge vulnerable to command injectionEcosystems: npm
Packages: madge
Source: github
Published: almost 4 years ago
Moderate
Ecosystems: npm
Packages: react-dev-utils
Source: github
Published: almost 4 years ago
create-react-app: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTVxNm0tM2g2NS13NTN4
react-dev-utils OS Command Injection in function `getProcessForPort`Ecosystems: npm
Packages: react-dev-utils
Source: github
Published: almost 4 years ago
Low
Ecosystems: packagist
Packages: october/backend
Source: github
Published: almost 4 years ago
october: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXhoZngtaGdtZi12NnZw
Potential Host Header Poisoning on misconfigured serversEcosystems: packagist
Packages: october/backend
Source: github
Published: almost 4 years ago
High
Ecosystems: npm
Packages: pug-code-gen, pug
Source: github
Published: almost 4 years ago
pug: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXA0OTMtNjM1cS1yNmdy
Remote code execution via the `pretty` option.Ecosystems: npm
Packages: pug-code-gen, pug
Source: github
Published: almost 4 years ago
Moderate
Ecosystems: npm
Packages: docsify
Source: github
Published: almost 4 years ago
docsify: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJtbTktYzJmeC1jN200
Docsify XSS VulnerabilityEcosystems: npm
Packages: docsify
Source: github
Published: almost 4 years ago
Moderate
Ecosystems: npm
Packages: eslint
Source: github
Published: almost 4 years ago
eslint: GSA_kwCzR0hTQS1qY2dxLXhoMmYtMmhmbc4AAuAl
Regular Expression Denial of ServiceEcosystems: npm
Packages: eslint
Source: github
Published: almost 4 years ago
Low
Ecosystems: npm
Packages: next-auth
Source: github
Published: almost 4 years ago
next-auth: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXBnNTMtNTZjZy00bThx
Token verification bug in next-authEcosystems: npm
Packages: next-auth
Source: github
Published: almost 4 years ago
Critical
Ecosystems: packagist
Packages: october/rain
Source: github
Published: almost 4 years ago
october: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTdnZ3ctaDhwcC1yOTVy
October CMS Session ID not invalidated after logoutEcosystems: packagist
Packages: october/rain
Source: github
Published: almost 4 years ago
High
Ecosystems: npm
Packages: dynamoose
Source: github
Published: almost 4 years ago
dynamoose: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJycW0tcDIyMi04cGgy
Prototype Pollution in DynamooseEcosystems: npm
Packages: dynamoose
Source: github
Published: almost 4 years ago
Moderate
Ecosystems: pypi
Packages: bleach
Source: github
Published: almost 4 years ago
bleach: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZ2MngtdnJwai1xcXBx
Cross-site scripting in BleachEcosystems: pypi
Packages: bleach
Source: github
Published: almost 4 years ago
High
Ecosystems: npm
Packages: uap-core
Source: github
Published: almost 4 years ago
uap-core: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXA0cGotbWc0ci14NnY0
Denial of Service in uap-coreEcosystems: npm
Packages: uap-core
Source: github
Published: almost 4 years ago
High
Ecosystems: packagist
Packages: mautic/core
Source: github
Published: almost 4 years ago
mautic: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXA3djQtZ202ai1jdzlt
XSS in MauticEcosystems: packagist
Packages: mautic/core
Source: github
Published: almost 4 years ago
Moderate
Ecosystems: packagist
Packages: flarum/sticky
Source: github
Published: almost 4 years ago
sticky: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWgzZ2ctN3d4Mi1jcTNo
XSS in Flarum Sticky extensionEcosystems: packagist
Packages: flarum/sticky
Source: github
Published: almost 4 years ago
Moderate
Ecosystems: packagist
Packages: flarum/tags
Source: github
Published: almost 4 years ago
tags: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTMyd3gtNGd4eC1oNDhm
Users can edit the tags of any discussionEcosystems: packagist
Packages: flarum/tags
Source: github
Published: almost 4 years ago
Moderate
Ecosystems: npm
Packages: electron
Source: github
Published: almost 4 years ago
electron: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWh2ZjgtaDJxaC0zN205
IPC messages delivered to the wrong frame in ElectronEcosystems: npm
Packages: electron
Source: github
Published: almost 4 years ago
High
Ecosystems: npm
Packages: immer
Source: github
Published: almost 4 years ago
immer: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTlxbWgtMjc2Zy14NXBq
Prototype Pollution in immerEcosystems: npm
Packages: immer
Source: github
Published: almost 4 years ago
Moderate
Ecosystems: npm
Packages: socket.io
Source: github
Published: almost 4 years ago
socket.io: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWZ4d2YtNHJxaC12OGcz
CORS misconfiguration in socket.ioEcosystems: npm
Packages: socket.io
Source: github
Published: almost 4 years ago
Moderate
Ecosystems: packagist
Packages: mautic/core
Source: github
Published: almost 4 years ago
mautic: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTI5djktMmZweC1qNWc5
CSV Injection vulnerability with exported contact lists in MauticEcosystems: packagist
Packages: mautic/core
Source: github
Published: almost 4 years ago
Moderate
Ecosystems: packagist
Packages: mautic/core
Source: github
Published: almost 4 years ago
mautic: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTloeDctcmc3dy14bTc5
XSS vulnerability in company name field in MauticEcosystems: packagist
Packages: mautic/core
Source: github
Published: almost 4 years ago
Moderate
Ecosystems: packagist
Packages: mautic/core
Source: github
Published: almost 4 years ago
mautic: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXFqaHItYzIzZi13NzZx
Inline JS XSS vulnerability in MauticEcosystems: packagist
Packages: mautic/core
Source: github
Published: almost 4 years ago
High
Ecosystems: packagist
Packages: mautic/core
Source: github
Published: almost 4 years ago
mautic: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZmeGotcWc5My03d3dj
Mautic Sessions could be hijacked due to tracking contacts by an auto-incremented IDEcosystems: packagist
Packages: mautic/core
Source: github
Published: almost 4 years ago
High
Ecosystems: packagist
Packages: mautic/core
Source: github
Published: almost 4 years ago
mautic: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZ4OTgtZng5ai03Yzc4
Disabled users able to log in with third party SSO pluginEcosystems: packagist
Packages: mautic/core
Source: github
Published: almost 4 years ago
Moderate
Ecosystems: packagist
Packages: mautic/core
Source: github
Published: almost 4 years ago
mautic: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTV3NzQtang3bS14Nmh2
XSS vulnerability in theme config file in MauticEcosystems: packagist
Packages: mautic/core
Source: github
Published: almost 4 years ago
Moderate
Ecosystems: packagist
Packages: mautic/core
Source: github
Published: almost 4 years ago
mautic: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXhjZjctY2o4cS1wY2pt
XSS vulnerability in Author URL of themes in MauticEcosystems: packagist
Packages: mautic/core
Source: github
Published: almost 4 years ago
Moderate
Ecosystems: packagist
Packages: mautic/core
Source: github
Published: almost 4 years ago
mautic: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXFwZ3ctMmM3Mi00Yzg5
Mautic users able to download any files from server using filemanagerEcosystems: packagist
Packages: mautic/core
Source: github
Published: almost 4 years ago
Critical
Ecosystems: packagist
Packages: mautic/core
Source: github
Published: almost 4 years ago
mautic: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTM5d2otajNqYy04NTht
XSS vulnerability leveraged through referrers could allow un-authorized admin access in MauticEcosystems: packagist
Packages: mautic/core
Source: github
Published: almost 4 years ago
Moderate
Ecosystems: npm
Packages: axios
Source: github
Published: almost 4 years ago
axios: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTR3MnYtcTIzNS12cDk5
Axios vulnerable to Server-Side Request ForgeryEcosystems: npm
Packages: axios
Source: github
Published: almost 4 years ago
Low
Ecosystems: npm
Packages: parse-server
Source: github
Published: almost 4 years ago
parse-server: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTR3NDYtdzQ0bS0zanEz
Parse Server stores password in plain textEcosystems: npm
Packages: parse-server
Source: github
Published: almost 4 years ago
Moderate
Ecosystems: packagist
Packages: getgrav/grav
Source: github
Published: about 4 years ago
grav: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWN2bXItNjQyOC04N3c5
Cross-Site Scripting in GravEcosystems: packagist
Packages: getgrav/grav
Source: github
Published: about 4 years ago
Moderate
Ecosystems: maven
Packages: org.codehaus.groovy:groovy-all, org.codehaus.groovy:groovy
Source: github
Published: about 4 years ago
groovy: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJjamotaDZnaC1qZjNy
Information Disclosure in Apache GroovyEcosystems: maven
Packages: org.codehaus.groovy:groovy-all, org.codehaus.groovy:groovy
Source: github
Published: about 4 years ago
Moderate
Ecosystems: npm
Packages: @highlightjs/cdn-assets, highlight.js
Source: github
Published: about 4 years ago
highlight.js: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTd3d3Ytdmgzdi04OWNx
ReDOS vulnerabities: multiple grammarsEcosystems: npm
Packages: @highlightjs/cdn-assets, highlight.js
Source: github
Published: about 4 years ago
Moderate
Ecosystems: npm
Packages: highlight.js
Source: github
Published: about 4 years ago
highlight.js: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZmcmMtN3I3Yy13OW14
Prototype Pollution in highlight.jsEcosystems: npm
Packages: highlight.js
Source: github
Published: about 4 years ago
Low
Ecosystems: packagist
Packages: october/cms
Source: github
Published: about 4 years ago
october: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXI4OXYtY2d2Ny0zamh4
Bypass of fix for CVE-2020-15247, Twig sandbox escapeEcosystems: packagist
Packages: october/cms
Source: github
Published: about 4 years ago
Moderate
Ecosystems: packagist
Packages: october/cms
Source: github
Published: about 4 years ago
october: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTk0dnAtcm1xdi01ODc1
Twig Sandbox Escape by authenticated users with access to editing CMS templates when safemode is enabled.Ecosystems: packagist
Packages: october/cms
Source: github
Published: about 4 years ago
High
Ecosystems: packagist
Packages: october/cms
Source: github
Published: about 4 years ago
october: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXh3anItNmZqNy1mYzZo
Local File Inclusion by unauthenticated usersEcosystems: packagist
Packages: october/cms
Source: github
Published: about 4 years ago
Low
Ecosystems: packagist
Packages: october/backend
Source: github
Published: about 4 years ago
october: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWZ4M3YtNTUzeC0zYzRx
Stored XSS by authenticated backend user with access to upload filesEcosystems: packagist
Packages: october/backend
Source: github
Published: about 4 years ago
Low
Ecosystems: packagist
Packages: october/backend
Source: github
Published: about 4 years ago
october: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJmamMteHJtZi01dnZ3
Privilege escalation by backend users assigned to the default "Publisher" system roleEcosystems: packagist
Packages: october/backend
Source: github
Published: about 4 years ago
High
Ecosystems: npm
Packages: semantic-release
Source: github
Published: about 4 years ago
semantic-release: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXIyajYtcDY3aC1xNjM5
Secret disclosure when containing characters that become URI encodedEcosystems: npm
Packages: semantic-release
Source: github
Published: about 4 years ago
High
Ecosystems: packagist
Packages: openmage/magento-lts
Source: github
Published: about 4 years ago
magento-lts: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWpyZ2YtdmZ3Mi1oajI2
RCE via PHP Object injection via SOAP RequestsEcosystems: packagist
Packages: openmage/magento-lts
Source: github
Published: about 4 years ago
Moderate
Ecosystems: npm
Packages: strapi-plugin-content-manager
Source: github
Published: about 4 years ago
strapi: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXF2cDUtbW03di00ZjM2
Cross-site Scripting in StrapiEcosystems: npm
Packages: strapi-plugin-content-manager
Source: github
Published: about 4 years ago
High
Ecosystems: npm
Packages: strapi-plugin-content-type-builder
Source: github
Published: about 4 years ago
strapi: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTRwNTUteGozNy1meDdn
Improper Authorization in StrapiEcosystems: npm
Packages: strapi-plugin-content-type-builder
Source: github
Published: about 4 years ago
Moderate
Ecosystems: npm
Packages: parse-server
Source: github
Published: about 4 years ago
parse-server: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJ4bTIteGoycS1xZ3Bq
receiving subscription objects with deleted sessionEcosystems: npm
Packages: parse-server
Source: github
Published: about 4 years ago
High
Ecosystems: packagist
Packages: orchid/platform
Source: github
Published: about 4 years ago
platform: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTU4OXctaGNjbS0yNjV4
Inline attribute values were not processed.Ecosystems: packagist
Packages: orchid/platform
Source: github
Published: about 4 years ago
Low
Ecosystems: npm
Packages: electron
Source: github
Published: about 4 years ago
electron: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTU2cGMtNmpxcC14cWo4
Context isolation bypass in ElectronEcosystems: npm
Packages: electron
Source: github
Published: about 4 years ago
High
Ecosystems: npm
Packages: electron
Source: github
Published: about 4 years ago
electron: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJxNGctdzQ3Yy00Njc0
Unpreventable top-level navigationEcosystems: npm
Packages: electron
Source: github
Published: about 4 years ago
Moderate
Ecosystems: rubygems
Packages: shrine
Source: github
Published: about 4 years ago
shrine: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTVqanYteDRmcS1xandw
Possible timing attack in derivation_endpointEcosystems: rubygems
Packages: shrine
Source: github
Published: about 4 years ago
High
Ecosystems: packagist
Packages: yiisoft/yii2
Source: github
Published: over 4 years ago
yii2: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTY5OXEtd2NmZi1nOW1q
Unsafe deserialization in Yii 2Ecosystems: packagist
Packages: yiisoft/yii2
Source: github
Published: over 4 years ago
Moderate
Ecosystems: npm
Packages: node-sass
Source: github
Published: over 4 years ago
node-sass: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTl2NjItMjRjci01OGN4
Denial of Service in node-sassEcosystems: npm
Packages: node-sass
Source: github
Published: over 4 years ago
Low
Ecosystems: npm
Packages: node-fetch
Source: github
Published: over 4 years ago
node-fetch: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXc3cmMtcnd2Zi04cTVy
The `size` option isn't honored after following a redirect in node-fetchEcosystems: npm
Packages: node-fetch
Source: github
Published: over 4 years ago
Moderate
Ecosystems: npm
Packages: @hapi/boom
Source: github
Published: over 4 years ago
boom: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJnZ3EtdmZjcC1nd2hq
Cross-Site Scripting in @hapi/boomEcosystems: npm
Packages: @hapi/boom
Source: github
Published: over 4 years ago
Low
Ecosystems: npm
Packages: type-graphql
Source: github
Published: over 4 years ago
type-graphql: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXhmNjQtMmY5cC02cHFx
Information Exposure in type-graphqlEcosystems: npm
Packages: type-graphql
Source: github
Published: over 4 years ago
Critical
Ecosystems: npm
Packages: babel-laoder
Source: github
Published: over 4 years ago
babel-loader: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXFwNm0tanFmci0yZjd2
Malicious Package in babel-laoderEcosystems: npm
Packages: babel-laoder
Source: github
Published: over 4 years ago
High
Ecosystems: npm
Packages: subtext
Source: github
Published: over 4 years ago
subtext: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJtdnEteHA0OC00Yzc3
Denial of Service in subtextEcosystems: npm
Packages: subtext
Source: github
Published: over 4 years ago
High
Ecosystems: npm
Packages: @commercial/subtext
Source: github
Published: over 4 years ago
subtext: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWZ2d3ItaDl4aC1tNndj
Denial of Service in @commercial/subtextEcosystems: npm
Packages: @commercial/subtext
Source: github
Published: over 4 years ago
High
Ecosystems: npm
Packages: @hapi/subtext
Source: github
Published: over 4 years ago
subtext: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTRyZ2otOG1xMy1oZ2dq
Denial of Service in @hapi/subtextEcosystems: npm
Packages: @hapi/subtext
Source: github
Published: over 4 years ago
Moderate
Ecosystems: npm
Packages: sequelize
Source: github
Published: over 4 years ago
sequelize: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWZ3NHAtMzZqOS1ycmoz
Denial of Service in sequelizeEcosystems: npm
Packages: sequelize
Source: github
Published: over 4 years ago
High
Ecosystems: npm
Packages: bootstrap-select
Source: github
Published: over 4 years ago
ngx-md: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTlyN2gtNjYzOS12NW13
Cross-Site Scripting in bootstrap-selectEcosystems: npm
Packages: bootstrap-select
Source: github
Published: over 4 years ago
High
Ecosystems: npm
Packages: ngx-md
Source: github
Published: over 4 years ago
ngx-md: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXhyNTMtbTkzNy1qcjlj
Cross-Site Scripting in ngx-mdEcosystems: npm
Packages: ngx-md
Source: github
Published: over 4 years ago
High
Ecosystems: npm
Packages: bootstrap-vue
Source: github
Published: over 4 years ago
bootstrap-vue: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWM3cHAteDczaC00bTJ2
Cross-Site Scripting in bootstrap-vueEcosystems: npm
Packages: bootstrap-vue
Source: github
Published: over 4 years ago
Critical
Ecosystems: npm
Packages: windows-cpu
Source: github
Published: over 4 years ago
windows-cpu: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTYzbTQtZmhmMi1jbWY3
Command Execution in windows-cpuEcosystems: npm
Packages: windows-cpu
Source: github
Published: over 4 years ago
Critical
Ecosystems: npm
Packages: sequelize
Source: github
Published: over 4 years ago
sequelize: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTV2OWgtcTNnai1jMzJ4
SQL Injection via GeoJSON in sequelizeEcosystems: npm
Packages: sequelize
Source: github
Published: over 4 years ago
Moderate
Ecosystems: npm
Packages: hapi
Source: github
Published: over 4 years ago
hapi: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWozZzItbTVqai02MzM2
Unsafe Merging of CORS Configuration Conflict in hapiEcosystems: npm
Packages: hapi
Source: github
Published: over 4 years ago
Moderate
Ecosystems: npm
Packages: inert
Source: github
Published: over 4 years ago
inert: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWc0eHAtMzZjMy1mN21y
Hidden Directories Always Served in inertEcosystems: npm
Packages: inert
Source: github
Published: over 4 years ago
High
Ecosystems: packagist
Packages: openmage/magento-lts
Source: github
Published: over 4 years ago
magento-lts: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWNyZjIteG02eC00NnA2
Observable Timing Discrepancy in OpenMage LTSEcosystems: packagist
Packages: openmage/magento-lts
Source: github
Published: over 4 years ago
Moderate
Ecosystems: maven
Packages: com.typesafe.play:play_2.12
Source: github
Published: over 4 years ago
playframework: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWNmOGotNjRoOS02cTU4
CSRF in Play FrameworkEcosystems: maven
Packages: com.typesafe.play:play_2.12
Source: github
Published: over 4 years ago
Moderate
Ecosystems: npm
Packages: fastify
Source: github
Published: over 4 years ago
fastify: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXh3NXAtaHc2ci0yajk4
Denial of service in fastifyEcosystems: npm
Packages: fastify
Source: github
Published: over 4 years ago
Moderate
Ecosystems: packagist
Packages: october/rain
Source: github
Published: over 4 years ago
october: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTU1bW0tNTM5OS03cjYz
Reliance on Cookies without validation in OctoberCMSEcosystems: packagist
Packages: october/rain
Source: github
Published: over 4 years ago
Low
Ecosystems: packagist
Packages: october/backend
Source: github
Published: over 4 years ago
october: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXc0cGotN3A2OC0zdmd2
Stored XSS in OctoberEcosystems: packagist
Packages: october/backend
Source: github
Published: over 4 years ago
Moderate
Ecosystems: rubygems
Packages: solidus_api, solidus_frontend
Source: github
Published: over 4 years ago
solidus: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTNtdmctcnJydy1tN3Bo
Ability to change order address without triggering address validations in solidusEcosystems: rubygems
Packages: solidus_api, solidus_frontend
Source: github
Published: over 4 years ago
High
Ecosystems: npm
Packages: dot-prop
Source: github
Published: over 4 years ago
dot-prop: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWZmN3gtcXJnNy1xZ2dt
dot-prop Prototype Pollution vulnerabilityEcosystems: npm
Packages: dot-prop
Source: github
Published: over 4 years ago
Moderate
Ecosystems: npm
Packages: parse
Source: github
Published: over 4 years ago
Parse-SDK-JS: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXd2aDctNXAzOC0ycWZj
Storing Password in Local StorageEcosystems: npm
Packages: parse
Source: github
Published: over 4 years ago
Moderate
Ecosystems: npm
Packages: parse-server
Source: github
Published: over 4 years ago
parse-server: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTIzNmgtcnF2OC04cTcz
GraphQL: Security breach on Viewer queryEcosystems: npm
Packages: parse-server
Source: github
Published: over 4 years ago
High
Ecosystems: pypi
Packages: wagtail
Source: github
Published: over 4 years ago
wagtail: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTI0NzMtOWhncS1qN3h3
Cross-Site Scripting in WagtailEcosystems: pypi
Packages: wagtail
Source: github
Published: over 4 years ago
Moderate
Ecosystems: npm
Packages: electron
Source: github
Published: over 4 years ago
electron: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWY5bXEtanBoNi05bWht
Arbitrary file read via window-open IPC in ElectronEcosystems: npm
Packages: electron
Source: github
Published: over 4 years ago
High
Ecosystems: npm
Packages: electron
Source: github
Published: over 4 years ago
electron: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWg5amMtMjg0aC01MzNn
Context isolation bypass via contextBridge in ElectronEcosystems: npm
Packages: electron
Source: github
Published: over 4 years ago
High
Ecosystems: npm
Packages: electron
Source: github
Published: over 4 years ago
electron: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW05M3YtOXFqYy0zZzc5
Context isolation bypass via leaked cross-context objects in ElectronEcosystems: npm
Packages: electron
Source: github
Published: over 4 years ago
Low
Ecosystems: npm
Packages: electron
Source: github
Published: over 4 years ago
electron: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZ2cnYtOTRqdi1jcnJn
Context isolation bypass via Promise in ElectronEcosystems: npm
Packages: electron
Source: github
Published: over 4 years ago
Low
Ecosystems: packagist
Packages: october/backend
Source: github
Published: over 4 years ago
october: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTNwYzItZm03cC1xMnZn
Cross-site Scripting in OctoberEcosystems: packagist
Packages: october/backend
Source: github
Published: over 4 years ago
Critical
Ecosystems: npm
Packages: generator-jhipster-kotlin
Source: github
Published: over 4 years ago
jhipster-kotlin: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWozcmgtOHZ3cS13aDg0
JHipster Kotlin using insecure source of randomness `RandomStringUtils` before v1.2.0Ecosystems: npm
Packages: generator-jhipster-kotlin
Source: github
Published: over 4 years ago
Moderate
Ecosystems: npm
Packages: generator-jhipster-kotlin
Source: github
Published: over 4 years ago
jhipster-kotlin: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXBmeGYtd2g5Ni1mdmpj
Log Forging in generator-jhipster-kotlinEcosystems: npm
Packages: generator-jhipster-kotlin
Source: github
Published: over 4 years ago
High
Ecosystems: npm
Packages: ssb-db
Source: github
Published: over 4 years ago
ssb-db: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW1wZ3ItMmN4OS0zMjdo
Information disclosure in SSB-DBEcosystems: npm
Packages: ssb-db
Source: github
Published: over 4 years ago
Moderate
Ecosystems: packagist
Packages: october/system, october/october
Source: github
Published: over 4 years ago
october: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXY3M3ctcjl4Zy03Y3I5
Use of insecure jQuery version in OctoberCMSEcosystems: packagist
Packages: october/system, october/october
Source: github
Published: over 4 years ago
Moderate
Ecosystems: packagist
Packages: october/backend
Source: github
Published: over 4 years ago
october: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTRyaG0tbTJmcC1oeDdx
Potential CSV Injection vector in OctoberCMSEcosystems: packagist
Packages: october/backend
Source: github
Published: over 4 years ago
Moderate
Ecosystems: packagist
Packages: october/backend
Source: github
Published: over 4 years ago
october: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWdnNngteHg3OC00NDhj
Reflected XSS when importing CSV in OctoberCMSEcosystems: packagist
Packages: october/backend
Source: github
Published: over 4 years ago
Low
Ecosystems: packagist
Packages: october/cms
Source: github
Published: over 4 years ago
october: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTk3MjItcnI2OC1yZnBn
Upload whitelisted files to any directory in OctoberCMSEcosystems: packagist
Packages: october/cms
Source: github
Published: over 4 years ago
Moderate
Ecosystems: packagist
Packages: october/cms
Source: github
Published: over 4 years ago
october: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWp2NnYtZnZ2eC00OTMy
Arbitrary File Deletion vulnerability in OctoberCMSEcosystems: packagist
Packages: october/cms
Source: github
Published: over 4 years ago
Moderate
Ecosystems: packagist
Packages: october/cms
Source: github
Published: over 4 years ago
october: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXIyM2YtYzJqNS1yeDJm
Local File read vulnerability in OctoberCMSEcosystems: packagist
Packages: october/cms
Source: github
Published: over 4 years ago
Moderate
Ecosystems: packagist
Packages: dolibarr/dolibarr
Source: github
Published: over 4 years ago
dolibarr: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWN4dnItcjkybS1xOWh3
XSS in DolibarrEcosystems: packagist
Packages: dolibarr/dolibarr
Source: github
Published: over 4 years ago
High
Ecosystems: rubygems
Packages: doorkeeper
Source: github
Published: over 4 years ago
doorkeeper: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWo3dngtOG1xai1jcXA5
Exposure of Sensitive Information to an Unauthorized Actor in DoorkeeperEcosystems: rubygems
Packages: doorkeeper
Source: github
Published: over 4 years ago
Moderate
Ecosystems: pypi
Packages: wagtail
Source: github
Published: over 4 years ago
wagtail: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWpqanItM2pjdy1mOHY2
Potential Observable Timing Discrepancy in WagtailEcosystems: pypi
Packages: wagtail
Source: github
Published: over 4 years ago
Moderate
Ecosystems: pypi
Packages: wagtail
Source: github
Published: over 4 years ago
wagtail: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXYyd2MtcGZxMi01Y202
Possible XSS attack in WagtailEcosystems: pypi
Packages: wagtail
Source: github
Published: over 4 years ago
High
Ecosystems: pypi
Packages: bleach
Source: github
Published: over 4 years ago
bleach: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZxaHAtY3hnYy02d21t
regular expression denial-of-service (ReDoS) in BleachEcosystems: pypi
Packages: bleach
Source: github
Published: over 4 years ago
Moderate
Ecosystems: pypi
Packages: bleach
Source: github
Published: over 4 years ago
bleach: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW02eGYtZnE3cS04NzQz
Bleach vulnerable to mutation XSS via whitelisted math or svg and raw tagEcosystems: pypi
Packages: bleach
Source: github
Published: over 4 years ago
High
Ecosystems: pypi
Packages: psutil
Source: github
Published: almost 5 years ago
psutil: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXFmYzUtbWN3cS0yNnE4
Double Free in psutilEcosystems: pypi
Packages: psutil
Source: github
Published: almost 5 years ago
High
Ecosystems: rubygems
Packages: user_agent_parser
Source: github
Published: almost 5 years ago
uap-ruby: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXBjcXEtNTk2Mi1odmN3
Denial of Service in uap-core when processing crafted User-Agent stringsEcosystems: rubygems
Packages: user_agent_parser
Source: github
Published: almost 5 years ago
High
Ecosystems: npm
Packages: parse-server
Source: github
Published: almost 5 years ago
parse-server: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWg0bWYtNzVoZi02N3c0
Information disclosure in parse-serverEcosystems: npm
Packages: parse-server
Source: github
Published: almost 5 years ago
Moderate
Ecosystems: pypi
Packages: bleach
Source: github
Published: almost 5 years ago
bleach: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXE2NW0tcHYzZi13cjVy
XSS in Bleach when noscript and raw tag whitelistedEcosystems: pypi
Packages: bleach
Source: github
Published: almost 5 years ago