Ecosyste.ms: OpenCollective
An open API service for software projects hosted on Open Collective.
Moderate
Ecosystems: rubygems, npm
Packages: user_agent_parser, uap-core
Source: github
Published: almost 5 years ago
uap-core: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWNtY3gteGhyOC0zdzlw
Denial of Service in uap-core when processing crafted User-Agent stringsEcosystems: rubygems, npm
Packages: user_agent_parser, uap-core
Source: github
Published: almost 5 years ago
High
Ecosystems: npm
Packages: yarn
Source: github
Published: almost 5 years ago
yarn: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTV4ZjQtZjJmcS1mNjlq
Yarn Improper link resolution before file access (Link Following)Ecosystems: npm
Packages: yarn
Source: github
Published: almost 5 years ago
Moderate
Ecosystems: packagist
Packages: dolibarr/dolibarr
Source: github
Published: almost 5 years ago
dolibarr: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXYzODQtanFtcS1mYzc0
XSS in Dolibarr ERP & CRMEcosystems: packagist
Packages: dolibarr/dolibarr
Source: github
Published: almost 5 years ago
Critical
Ecosystems: npm
Packages: strapi
Source: github
Published: about 5 years ago
strapi: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZ4YzItbWozOS1xNTk5
Strapi allows unauthenticated attacker to reset admin password without valid reset tokenEcosystems: npm
Packages: strapi
Source: github
Published: about 5 years ago
High
Ecosystems: pypi
Packages: typed-ast
Source: github
Published: about 5 years ago
cpython: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTd4eHYtd3B4ai1teDV2
typed-ast Out-of-bounds ReadEcosystems: pypi
Packages: typed-ast
Source: github
Published: about 5 years ago
High
Ecosystems: pypi
Packages: typed-ast
Source: github
Published: about 5 years ago
cpython: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW0zanctNjJtNy1qamNt
typed-ast Out-of-bounds ReadEcosystems: pypi
Packages: typed-ast
Source: github
Published: about 5 years ago
Moderate
Ecosystems: packagist
Packages: bagisto/bagisto
Source: github
Published: about 5 years ago
bagisto: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXB3cmYtcTdoOC1qanI3
Authorization Bypass Through User-Controlled Key in BagistoEcosystems: packagist
Packages: bagisto/bagisto
Source: github
Published: about 5 years ago
Moderate
Ecosystems: packagist
Packages: getgrav/grav
Source: github
Published: about 5 years ago
grav: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTYyNjgtdjQzNC00NW01
Cross-site Scripting in GravEcosystems: packagist
Packages: getgrav/grav
Source: github
Published: about 5 years ago
Moderate
Ecosystems: packagist
Packages: dolibarr/dolibarr
Source: github
Published: about 5 years ago
dolibarr: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW01NTMtOXdteC01MzNo
Cross-site scripting in DolibarrEcosystems: packagist
Packages: dolibarr/dolibarr
Source: github
Published: about 5 years ago
Critical
Ecosystems: npm
Packages: sequelize
Source: github
Published: about 5 years ago
sequelize: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTI1OTgtMmY1OS1ybWhx
SQL Injection in sequelizeEcosystems: npm
Packages: sequelize
Source: github
Published: about 5 years ago
Critical
Ecosystems: npm
Packages: sequelize
Source: github
Published: about 5 years ago
sequelize: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWo5eHAtOTJ2Yy01NTlq
SQL Injection in sequelizeEcosystems: npm
Packages: sequelize
Source: github
Published: about 5 years ago
Moderate
Ecosystems: rubygems
Packages: loofah
Source: github
Published: about 5 years ago
loofah: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWMzZ3YtOWN4Zi02ZjU3
Loofah Allows Cross-site ScriptingEcosystems: rubygems
Packages: loofah
Source: github
Published: about 5 years ago
Critical
Ecosystems: npm
Packages: sequelize
Source: github
Published: about 5 years ago
sequelize: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW05anctMjM3ci1ndmZ2
SQL Injection in sequelizeEcosystems: npm
Packages: sequelize
Source: github
Published: about 5 years ago
Critical
Ecosystems: packagist
Packages: yourls/yourls
Source: github
Published: about 5 years ago
YOURLS: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZmMjMtZjI2Zi1tamo5
Access of Resource Using Incompatible Type ('Type Confusion') in yourls/yourlsEcosystems: packagist
Packages: yourls/yourls
Source: github
Published: about 5 years ago
High
Ecosystems: npm
Packages: generator-jhipster
Source: github
Published: about 5 years ago
generator-jhipster: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW1jODQteHI5cC05Mzhy
High severity vulnerability that affects generator-jhipsterEcosystems: npm
Packages: generator-jhipster
Source: github
Published: about 5 years ago
High
Ecosystems: npm
Packages: bower
Source: github
Published: over 5 years ago
bower: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXA2bXItcHhnNC02OGh4
Symlink Arbitrary File Overwrite in bowerEcosystems: npm
Packages: bower
Source: github
Published: over 5 years ago
Critical
Ecosystems: npm
Packages: generator-jhipster
Source: github
Published: over 5 years ago
generator-jhipster: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW13cDYtajl3Zi05Njhj
Critical severity vulnerability that affects generator-jhipsterEcosystems: npm
Packages: generator-jhipster
Source: github
Published: over 5 years ago
Moderate
Ecosystems: npm
Packages: parse-server
Source: github
Published: over 5 years ago
parse-server: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTh3M2otZzk4My04amg1
Sensitive Data Exposure in parse-serverEcosystems: npm
Packages: parse-server
Source: github
Published: over 5 years ago
High
Ecosystems: npm
Packages: parse-server
Source: github
Published: over 5 years ago
parse-server: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTI0NzktcXZ2Ny00N3Fx
Parse Server before v3.4.1 vulnerable to Denial of ServiceEcosystems: npm
Packages: parse-server
Source: github
Published: over 5 years ago
Moderate
Ecosystems: npm
Packages: servey
Source: github
Published: over 5 years ago
typeorm: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJ2NDktNTRxcC1mdzQy
Path Traversal in serveyEcosystems: npm
Packages: servey
Source: github
Published: over 5 years ago
High
Ecosystems: npm
Packages: typeorm
Source: github
Published: over 5 years ago
typeorm: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXc3cTctdmpwOC03anY0
SQL Injection in typeormEcosystems: npm
Packages: typeorm
Source: github
Published: over 5 years ago
Moderate
Ecosystems: npm
Packages: tesseract.js
Source: github
Published: over 5 years ago
tesseract.js: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTgzcngtYzhjci02ajhx
Insecure Default Configuration in tesseract.jsEcosystems: npm
Packages: tesseract.js
Source: github
Published: over 5 years ago
Moderate
Ecosystems: npm
Packages: js-yaml
Source: github
Published: over 5 years ago
js-yaml: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJwcjYtNzZ2Zi03NTQ2
Denial of Service in js-yamlEcosystems: npm
Packages: js-yaml
Source: github
Published: over 5 years ago
High
Ecosystems: npm
Packages: gun
Source: github
Published: over 5 years ago
gun: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTg4NnYtbW02cC00bTY2
High severity vulnerability that affects gunEcosystems: npm
Packages: gun
Source: github
Published: over 5 years ago
High
Ecosystems: npm
Packages: js-yaml
Source: github
Published: over 5 years ago
js-yaml: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLThqOGMtN2pmaC1oNmh4
Code Injection in js-yamlEcosystems: npm
Packages: js-yaml
Source: github
Published: over 5 years ago
High
Ecosystems: npm
Packages: sequelize
Source: github
Published: over 5 years ago
sequelize: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXdmcDktdnI0ai1mNDlq
NoSQL Injection in sequelizeEcosystems: npm
Packages: sequelize
Source: github
Published: over 5 years ago
High
Ecosystems: npm
Packages: cloudcmd
Source: github
Published: over 5 years ago
cloudcmd: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW04ZnctNTM0di14bTg1
Cross-Site Scripting (XSS) in cloudcmdEcosystems: npm
Packages: cloudcmd
Source: github
Published: over 5 years ago
High
Ecosystems: npm
Packages: axios
Source: github
Published: over 5 years ago
axios: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTQyeHctMnh2Yy1xeDht
Denial of Service in axiosEcosystems: npm
Packages: axios
Source: github
Published: over 5 years ago
Moderate
Ecosystems: npm
Packages: verdaccio
Source: github
Published: over 5 years ago
verdaccio: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTc4ajUtZ2NtZi12cWM4
Cross-Site Scripting (XSS) in VerdaccioEcosystems: npm
Packages: verdaccio
Source: github
Published: over 5 years ago
High
Ecosystems: pypi
Packages: urllib3
Source: github
Published: over 5 years ago
urllib3: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW1oMzMtN3JycS02NjJ3
Improper Certificate Validation in urllib3Ecosystems: pypi
Packages: urllib3
Source: github
Published: over 5 years ago
High
Ecosystems: npm
Packages: sequelize
Source: github
Published: over 5 years ago
sequelize: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTI3NzctMnZxOC1jNHY0
SQL Injection in sequelizeEcosystems: npm
Packages: sequelize
Source: github
Published: over 5 years ago
Moderate
Ecosystems: pypi
Packages: roundup
Source: github
Published: over 5 years ago
bugs.python.org: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTkyNnEtd3hyNi0zY3Jx
Moderate severity vulnerability that affects roundupEcosystems: pypi
Packages: roundup
Source: github
Published: over 5 years ago
Critical
Ecosystems: rubygems
Packages: bootstrap-sass
Source: github
Published: over 5 years ago
bootstrap-sass: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZxcXYtdjltMi00OHAy
Bootstrap-sass contains code execution backdoorEcosystems: rubygems
Packages: bootstrap-sass
Source: github
Published: over 5 years ago
High
Ecosystems: pypi
Packages: webargs
Source: github
Published: almost 6 years ago
webargs: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTg1NTQtanhjdy00NTRx
Webargs mishandles concurrent JSON parsingEcosystems: pypi
Packages: webargs
Source: github
Published: almost 6 years ago
Moderate
Ecosystems: npm
Packages: uap-core
Source: github
Published: almost 6 years ago
uap-core: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWZ4N20tajcyOC1tancz
uap-core Regular Expression Denial of Service issueEcosystems: npm
Packages: uap-core
Source: github
Published: almost 6 years ago
Moderate
Ecosystems: packagist, maven, rubygems, npm, nuget
Packages: twbs/bootstrap, org.webjars:bootstrap, twitter-bootstrap-rails, bootstrap-sass, bootstrap, bootstrap.sass, Bootstrap.Less
Source: github
Published: almost 6 years ago
bootstrap: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTl2M20tOGZwOC1tajk5
Bootstrap Vulnerable to Cross-Site ScriptingEcosystems: packagist, maven, rubygems, npm, nuget
Packages: twbs/bootstrap, org.webjars:bootstrap, twitter-bootstrap-rails, bootstrap-sass, bootstrap, bootstrap.sass, Bootstrap.Less
Source: github
Published: almost 6 years ago
High
Ecosystems: npm
Packages: ws
Source: github
Published: almost 6 years ago
node: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTY2NjMtYzk2My0yZ3Fn
DoS due to excessively large websocket message in wsEcosystems: npm
Packages: ws
Source: github
Published: almost 6 years ago
High
Ecosystems: npm
Packages: sequelize
Source: github
Published: almost 6 years ago
sequelize: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTk4cHEtcG13OS00Z3Bt
SQL Injection in sequelizeEcosystems: npm
Packages: sequelize
Source: github
Published: almost 6 years ago
High
Ecosystems: npm
Packages: sequelize
Source: github
Published: almost 6 years ago
sequelize: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJ2N3EtMnhxeC1mNHE1
Potential SQL Injection in sequelizeEcosystems: npm
Packages: sequelize
Source: github
Published: almost 6 years ago
Moderate
Ecosystems: npm
Packages: sequelize
Source: github
Published: almost 6 years ago
sequelize: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXgyamMtcHdmai1oOXAz
SQL Injection in sequelizeEcosystems: npm
Packages: sequelize
Source: github
Published: almost 6 years ago
High
Ecosystems: npm
Packages: sequelize
Source: github
Published: almost 6 years ago
sequelize: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTljMnAtanc4cC1mODR2
SQL Injection in sequelizeEcosystems: npm
Packages: sequelize
Source: github
Published: almost 6 years ago
Moderate
Ecosystems: npm
Packages: call
Source: github
Published: almost 6 years ago
hapi: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTg0ZnYtcHJyYy01Z2dy
Route Validation Bypass in callEcosystems: npm
Packages: call
Source: github
Published: almost 6 years ago
Moderate
Ecosystems: nuget, rubygems, maven, packagist, npm
Packages: bootstrap, bootstrap-sass, org.webjars:bootstrap, twbs/bootstrap
Source: github
Published: almost 6 years ago
bootstrap: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXBoNTgtNHZyai13Nmhy
bootstrap Cross-site Scripting vulnerabilityEcosystems: nuget, rubygems, maven, packagist, npm
Packages: bootstrap, bootstrap-sass, org.webjars:bootstrap, twbs/bootstrap
Source: github
Published: almost 6 years ago
Moderate
Ecosystems: nuget, rubygems, maven, packagist, npm
Packages: bootstrap, bootstrap-sass, org.webjars:bootstrap, twbs/bootstrap
Source: github
Published: almost 6 years ago
bootstrap: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTNtZ3AtZng5My05eHY1
XSS vulnerability that affects bootstrapEcosystems: nuget, rubygems, maven, packagist, npm
Packages: bootstrap, bootstrap-sass, org.webjars:bootstrap, twbs/bootstrap
Source: github
Published: almost 6 years ago
Moderate
Ecosystems: nuget, rubygems, npm, packagist, maven
Packages: bootstrap.sass, bootstrap-sass, bootstrap, twbs/bootstrap, org.webjars:bootstrap
Source: github
Published: almost 6 years ago
bootstrap: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTRwMjQtdm1jci00Z3Fq
Bootstrap Cross-site Scripting vulnerabilityEcosystems: nuget, rubygems, npm, packagist, maven
Packages: bootstrap.sass, bootstrap-sass, bootstrap, twbs/bootstrap, org.webjars:bootstrap
Source: github
Published: almost 6 years ago
Critical
Ecosystems: pypi
Packages: bleach
Source: github
Published: almost 6 years ago
bleach: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW05bXEtcDJmOS1jZnF2
Bleach URI Scheme Restriction BypassEcosystems: pypi
Packages: bleach
Source: github
Published: almost 6 years ago
Critical
Ecosystems: pypi
Packages: pyyaml
Source: github
Published: almost 6 years ago
apispec: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJwcnctaDYydi1jMnc3
PyYAML insecurely deserializes YAML strings leading to arbitrary code executionEcosystems: pypi
Packages: pyyaml
Source: github
Published: almost 6 years ago
High
Ecosystems: npm
Packages: react-dev-utils
Source: github
Published: almost 6 years ago
create-react-app: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTI5Z3AtOTJ3cC05NHE4
react-dev-utils on Windows vulnerable to Remote Code ExecutionEcosystems: npm
Packages: react-dev-utils
Source: github
Published: almost 6 years ago
High
Ecosystems: npm
Packages: webpack-dev-server
Source: github
Published: almost 6 years ago
webpack-dev-server: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWNmNjYteHdmcC1ndmM0
Missing Origin Validation in webpack-dev-serverEcosystems: npm
Packages: webpack-dev-server
Source: github
Published: almost 6 years ago
Critical
Ecosystems: maven
Packages: org.exist-db:exist-core
Source: github
Published: about 6 years ago
exist: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWp4bTUtNXhjdy1oNTdx
exist-db:exist-core XML External Entity (XXE) vulnerabilityEcosystems: maven
Packages: org.exist-db:exist-core
Source: github
Published: about 6 years ago
Critical
Ecosystems: pypi
Packages: urllib3
Source: github
Published: about 6 years ago
urllib3: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXd3dzItdjd4ai14cmM2
Exposure of Sensitive Information to an Unauthorized Actor in urllib3Ecosystems: pypi
Packages: urllib3
Source: github
Published: about 6 years ago
High
Ecosystems: npm
Packages: socket.io
Source: github
Published: about 6 years ago
socket.io: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXF2MnYtbTU5Zi12NWZ3
Insecure randomness in socket.ioEcosystems: npm
Packages: socket.io
Source: github
Published: about 6 years ago
Moderate
Ecosystems: npm
Packages: nunjucks
Source: github
Published: about 6 years ago
nunjucks: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWY3cGgtcDVydi1waHcy
Cross-Site Scripting in nunjucksEcosystems: npm
Packages: nunjucks
Source: github
Published: about 6 years ago
Moderate
Ecosystems: rubygems
Packages: loofah
Source: github
Published: about 6 years ago
loofah: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWc0eHEtang0dy00Y2p2
Loofah Cross-site Scripting vulnerabilityEcosystems: rubygems
Packages: loofah
Source: github
Published: about 6 years ago
Moderate
Ecosystems: maven
Packages: org.bouncycastle:bcprov-jdk15, org.bouncycastle:bcprov-jdk14
Source: github
Published: about 6 years ago
bc-java: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTlncDQtcXJmZi1jNjQ4
Moderate severity vulnerability that affects org.bouncycastle:bcprov-jdk14 and org.bouncycastle:bcprov-jdk15Ecosystems: maven
Packages: org.bouncycastle:bcprov-jdk15, org.bouncycastle:bcprov-jdk14
Source: github
Published: about 6 years ago
High
Ecosystems: maven
Packages: org.bouncycastle:bcprov-jdk15, org.bouncycastle:bcprov-jdk14
Source: github
Published: about 6 years ago
bc-java: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJqMngtaHg0Zy0yZ2Y0
In Bouncy Castle JCE Provider the DHIES implementation allowed the use of ECB modeEcosystems: maven
Packages: org.bouncycastle:bcprov-jdk15, org.bouncycastle:bcprov-jdk14
Source: github
Published: about 6 years ago
High
Ecosystems: maven
Packages: org.bouncycastle:bcprov-jdk15, org.bouncycastle:bcprov-jdk14
Source: github
Published: about 6 years ago
bc-java: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXcyODUtd2Y5cS01dzY5
In Bouncy Castle JCE Provider the ECIES implementation allowed the use of ECB modeEcosystems: maven
Packages: org.bouncycastle:bcprov-jdk15, org.bouncycastle:bcprov-jdk14
Source: github
Published: about 6 years ago
Low
Ecosystems: maven
Packages: org.bouncycastle:bcprov-jdk15, org.bouncycastle:bcprov-jdk14
Source: github
Published: about 6 years ago
bc-java: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWZqcW0tMjQ2Yy1td3Fn
In Bouncy Castle JCE Provider the other party DH public key is not fully validatedEcosystems: maven
Packages: org.bouncycastle:bcprov-jdk15, org.bouncycastle:bcprov-jdk14
Source: github
Published: about 6 years ago
High
Ecosystems: maven
Packages: org.bouncycastle:bcprov-jdk15, org.bouncycastle:bcprov-jdk14
Source: github
Published: about 6 years ago
bc-java: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJydngtcHdmOC1wNTlw
In Bouncy Castle JCE Provider the DSA key pair generator generates a weak private key if used with default valuesEcosystems: maven
Packages: org.bouncycastle:bcprov-jdk15, org.bouncycastle:bcprov-jdk14
Source: github
Published: about 6 years ago
High
Ecosystems: maven
Packages: org.bouncycastle:bcprov-jdk15, org.bouncycastle:bcprov-jdk14
Source: github
Published: about 6 years ago
bc-java: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXFjajctZzJqNS1nN3Iz
In Bouncy Castle JCE Provider ECDSA does not fully validate ASN.1 encoding of signature on verificationEcosystems: maven
Packages: org.bouncycastle:bcprov-jdk15, org.bouncycastle:bcprov-jdk14
Source: github
Published: about 6 years ago
Moderate
Ecosystems: maven
Packages: org.bouncycastle:bcprov-jdk15, org.bouncycastle:bcprov-jdk14
Source: github
Published: about 6 years ago
bc-java: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXI5Y2gtbTRmaC1mYzdx
Moderate severity vulnerability that affects org.bouncycastle:bcprov-jdk14 and org.bouncycastle:bcprov-jdk15Ecosystems: maven
Packages: org.bouncycastle:bcprov-jdk15, org.bouncycastle:bcprov-jdk14
Source: github
Published: about 6 years ago
High
Ecosystems: maven
Packages: org.bouncycastle:bcprov-jdk15, org.bouncycastle:bcprov-jdk14
Source: github
Published: about 6 years ago
bc-java: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXI5N3gtM2c4Zi1neDNt
The Bouncy Castle JCE Provider carry a propagation bugEcosystems: maven
Packages: org.bouncycastle:bcprov-jdk15, org.bouncycastle:bcprov-jdk14
Source: github
Published: about 6 years ago
Moderate
Ecosystems: maven
Packages: org.bouncycastle:bcprov-jdk15, org.bouncycastle:bcprov-jdk14
Source: github
Published: about 6 years ago
bc-java: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWM4eGYtbTRmZi1qY3hq
Moderate severity vulnerability that affects org.bouncycastle:bcprov-jdk14 and org.bouncycastle:bcprov-jdk15Ecosystems: maven
Packages: org.bouncycastle:bcprov-jdk15, org.bouncycastle:bcprov-jdk14
Source: github
Published: about 6 years ago
High
Ecosystems: maven
Packages: org.bouncycastle:bcprov-jdk15, org.bouncycastle:bcprov-jdk14
Source: github
Published: about 6 years ago
bc-java: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTR2aGotOThyNi00MjRo
In Bouncy Castle JCE Provider it is possible to inject extra elements in the sequence making up the signature and still have it validateEcosystems: maven
Packages: org.bouncycastle:bcprov-jdk15, org.bouncycastle:bcprov-jdk14
Source: github
Published: about 6 years ago
Critical
Ecosystems: maven
Packages: org.bouncycastle:bcprov-jdk15on
Source: github
Published: about 6 years ago
bc-java: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTQ0NDYtNjU2cC1mNTRn
Deserialization of Untrusted Data in Bouncy castleEcosystems: maven
Packages: org.bouncycastle:bcprov-jdk15on
Source: github
Published: about 6 years ago
High
Ecosystems: maven
Packages: org.bouncycastle:bcprov-jdk15, org.bouncycastle:bcprov-jdk14
Source: github
Published: about 6 years ago
bc-java: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXhxajctajhqNS1mMnhy
Bouncy Castle has a flaw in the Low-level interface to RSA key pair generatorEcosystems: maven
Packages: org.bouncycastle:bcprov-jdk15, org.bouncycastle:bcprov-jdk14
Source: github
Published: about 6 years ago
Moderate
Ecosystems: pypi
Packages: marshmallow
Source: github
Published: about 6 years ago
marshmallow: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTlxMnAtZmo0OS12cHhq
In marshmallow library the schema "only" option treats an empty list as implying no "only" optionEcosystems: pypi
Packages: marshmallow
Source: github
Published: about 6 years ago
High
Ecosystems: npm
Packages: hapi
Source: github
Published: about 6 years ago
hapi: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWNxamctd2htbS04Z3Y2
Denial of Service via malformed accept-encoding header in hapiEcosystems: npm
Packages: hapi
Source: github
Published: about 6 years ago
High
Ecosystems: rubygems
Packages: jekyll
Source: github
Published: about 6 years ago
jekyll: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTR4amgtbTNxeC00OXdj
Jekyll allows attackers to access arbitrary files by specifying a symlinkEcosystems: rubygems
Packages: jekyll
Source: github
Published: about 6 years ago
Moderate
Ecosystems: rubygems
Packages: doorkeeper
Source: github
Published: over 6 years ago
doorkeeper: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTY4NXctdmM4NC13eGN4
Doorkeeper contains Cross-site Request ForgeryEcosystems: rubygems
Packages: doorkeeper
Source: github
Published: over 6 years ago
Critical
Ecosystems: npm
Packages: egg-scripts
Source: github
Published: over 6 years ago
egg-scripts: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWM5ajMtd3FwaC01eHg5
Command Injection in egg-scriptsEcosystems: npm
Packages: egg-scripts
Source: github
Published: over 6 years ago
Moderate
Ecosystems: nuget, npm, rubygems, packagist, maven
Packages: bootstrap.sass, bootstrap-sass, bootstrap, twbs/bootstrap, org.webjars:bootstrap
Source: github
Published: over 6 years ago
bootstrap: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTdtdnItNXgyZy13ZmM4
Bootstrap Cross-site Scripting vulnerabilityEcosystems: nuget, npm, rubygems, packagist, maven
Packages: bootstrap.sass, bootstrap-sass, bootstrap, twbs/bootstrap, org.webjars:bootstrap
Source: github
Published: over 6 years ago
Moderate
Ecosystems: maven, nuget, packagist, rubygems, npm
Packages: org.webjars:bootstrap, bootstrap.sass, bootstrap, twbs/bootstrap, typo3/cms, typo3/cms-core
Source: github
Published: over 6 years ago
bootstrap: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXBqN20tZzUzbS03NjM4
Bootstrap Cross-site Scripting vulnerabilityEcosystems: maven, nuget, packagist, rubygems, npm
Packages: org.webjars:bootstrap, bootstrap.sass, bootstrap, twbs/bootstrap, typo3/cms, typo3/cms-core
Source: github
Published: over 6 years ago
Critical
Ecosystems: npm
Packages: cryptiles
Source: github
Published: over 6 years ago
cryptiles: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJxOGctNXBjNS13cmhy
Insufficient Entropy in cryptilesEcosystems: npm
Packages: cryptiles
Source: github
Published: over 6 years ago
Low
Ecosystems: rubygems
Packages: ember-source
Source: github
Published: over 6 years ago
ember.js: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTRxNTMtZnFoYy1jcjQ2
ember-source Cross-site Scripting vulnerabilityEcosystems: rubygems
Packages: ember-source
Source: github
Published: over 6 years ago
High
Ecosystems: npm
Packages: electron
Source: github
Published: over 6 years ago
electron: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWh2OWMtcXdxZy1xajN2
Electron webPreferences vulnerability can be used to perform remote code executionEcosystems: npm
Packages: electron
Source: github
Published: over 6 years ago
Moderate
Ecosystems: npm
Packages: aedes
Source: github
Published: over 6 years ago
aedes: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTRjbXgtaHJxOS1jMjNw
Improper Authorization in aedesEcosystems: npm
Packages: aedes
Source: github
Published: over 6 years ago
High
Ecosystems: rubygems
Packages: doorkeeper
Source: github
Published: over 6 years ago
doorkeeper: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTY5NG0tamhyOS1wZjc3
Doorkeeper subject to Incorrect Permission AssignmentEcosystems: rubygems
Packages: doorkeeper
Source: github
Published: over 6 years ago
High
Ecosystems: rubygems
Packages: rails_admin
Source: github
Published: over 6 years ago
rails_admin: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXB4cXItOHY1NC1tMmhq
Cross-site request forgery in rails_adminEcosystems: rubygems
Packages: rails_admin
Source: github
Published: over 6 years ago
High
Ecosystems: npm
Packages: nes
Source: github
Published: over 6 years ago
nes: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTNwd2gtNW1tYy1td3J4
Denial of Service in nesEcosystems: npm
Packages: nes
Source: github
Published: over 6 years ago
High
Ecosystems: npm
Packages: decamelize
Source: github
Published: over 6 years ago
decamelize: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXE1YzQtMzlmNS1tNjhq
Regular Expression Denial of Service in decamelizeEcosystems: npm
Packages: decamelize
Source: github
Published: over 6 years ago
High
Ecosystems: npm
Packages: fastify
Source: github
Published: over 6 years ago
fastify: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW1xNmMtZmg5Ny00Z3d2
Denial of Service vulnerability with large JSON payloads in fastifyEcosystems: npm
Packages: fastify
Source: github
Published: over 6 years ago
Critical
Ecosystems: npm
Packages: eslint-scope, eslint-config-eslint
Source: github
Published: over 6 years ago
eslint-scope: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWh4eGYtcTN3OS00eGd3
Malicious Package in eslint-scopeEcosystems: npm
Packages: eslint-scope, eslint-config-eslint
Source: github
Published: over 6 years ago
Moderate
Ecosystems: npm
Packages: hapi
Source: github
Published: over 6 years ago
hapi: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZ3cmYtcjVyNC03Nzc1
Incorrect handling of CORS preflight request headers in hapiEcosystems: npm
Packages: hapi
Source: github
Published: over 6 years ago
High
Ecosystems: npm
Packages: hoek
Source: github
Published: over 6 years ago
hoek: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWpwNHgtdzYzbS03d2dt
Prototype Pollution in hoekEcosystems: npm
Packages: hoek
Source: github
Published: over 6 years ago
High
Ecosystems: npm
Packages: electron
Source: github
Published: over 6 years ago
electron: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWZqcXItZngzZi1nNHJ2
Electron protocol handler browser vulnerable to Command InjectionEcosystems: npm
Packages: electron
Source: github
Published: over 6 years ago
High
Ecosystems: npm
Packages: electron
Source: github
Published: over 6 years ago
electron: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTh4d2ctd3Y3di00dnFw
Electron Vulnerable to Code Execution by Re-Enabling Node.js IntegrationEcosystems: npm
Packages: electron
Source: github
Published: over 6 years ago
Moderate
Ecosystems: rubygems
Packages: nokogiri, loofah
Source: github
Published: almost 7 years ago
loofah: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXg3cnYtY3I2di00dm00
Cross-site Scripting in loofahEcosystems: rubygems
Packages: nokogiri, loofah
Source: github
Published: almost 7 years ago
Moderate
Ecosystems: rubygems
Packages: doorkeeper
Source: github
Published: almost 7 years ago
doorkeeper: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWh3aGgtMmZ3bS1jZmd3
Doorkeeper is vulnerable to stored XSS and code executionEcosystems: rubygems
Packages: doorkeeper
Source: github
Published: almost 7 years ago
High
Ecosystems: npm
Packages: electron
Source: github
Published: almost 7 years ago
electron: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXcyMjItNTNjNi1jODZw
Remote Code Execution in electronEcosystems: npm
Packages: electron
Source: github
Published: almost 7 years ago
High
Ecosystems: npm
Packages: sequelize
Source: github
Published: about 7 years ago
sequelize: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXhxZzgtY3YzaC14cHB2
SQL Injection in sequelizeEcosystems: npm
Packages: sequelize
Source: github
Published: about 7 years ago
Critical
Ecosystems: rubygems
Packages: doorkeeper
Source: github
Published: about 7 years ago
doorkeeper: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTNtNnItMzlwMy1qcTI1
Doorkeeper is vulnerable to replay attacksEcosystems: rubygems
Packages: doorkeeper
Source: github
Published: about 7 years ago
High
Ecosystems: npm
Packages: electron
Source: github
Published: about 7 years ago
electron: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWd2Y2otcGZxMi13eGo3
High severity vulnerability that affects electronEcosystems: npm
Packages: electron
Source: github
Published: about 7 years ago