CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - www/resource.py in Buildbot before 1.8.1 allows CRLF injection in the Location header of /auth/login and /auth/logout via the redirect parameter. This affects...

6.1CVSS6.1AI score0.00224EPSS

Exploits1References2

Tenable Nessus•added 2025/08/25 12:0 a.m.•1 views

Linux Distros Unpatched Vulnerability : CVE-2019-12300

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Buildbot before 1.8.2 and 2.x before 2.3.1 accepts a user-submitted authorization token from OAuth and uses it to authenticate a user. If an attacker has a toke...

9.8CVSS8.1AI score0.00471EPSS

Exploits0References2

RedhatCVE•added 2025/05/21 8:21 p.m.•2 views

CVE-2009-2959

Cross-site scripting XSS vulnerability in the waterfall web status view status/web/waterfall.py in Buildbot 0.7.6 through 0.7.11p1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

4.3CVSS5.8AI score0.00467EPSS

Exploits0References1

Veracode•added 2024/05/09 5:45 p.m.•13 views

Cross-site Scripting (XSS)

Buildbot is vulnerable to a cross-site scripting XSS. The vulnerability is due to improper santization within the waterfall web status view status/web/waterfall.py, enabling remote attackers to inject arbitrary web script or HTML...

4.3CVSS6AI score0.00467EPSS

Exploits0References10Affected Software1

Veracode•added 2024/05/09 5:12 p.m.•15 views

Cross-site Scripting (XSS)

Buildbot is vulnerable to Cross-Site Scripting XSS vulnerabilities. The vulnerability is due to improper sanitization, allowing remote attackers to inject arbitrary web script or HTML...

4.3CVSS5.9AI score0.00604EPSS

Exploits0References11Affected Software1

vulnersOsv•added 2023/03/20 9:27 p.m.•1 views

buildbot-badges (>=1.7.0 <=1.8.2), cico (>=0.1.0 <=0.1.8) +18 more potentially affected by CVE-2023-27586 via cairosvg (>=0.5.0 <=2.6.0)

cairosvg PYPI version =0.5.0, =1.7.0, =0.1.0, =1.0.0b1, =0.0.2, =0.1.0, =0.1.0, =2.11.0, =4.3.0, =0.0.1, =9.0.5, =1.0.0, =0.1.0, =0.2.7 and more Source cves: CVE-2023-27586 Source advisory: OSV:GHSA-RWMF-W63J-P7GV...

9.9CVSS7.1AI score0.00086EPSS

Exploits0

vulnersOsv•added 2022/10/26 10:8 p.m.•6 views

ayugespidertools (>=3.4.1 <=3.9.5), baotool (=1.0.1) +129 more potentially affected by CVE-2022-39348 via twisted (>=16.0.0 <=22.10.0)

twisted PYPI version =16.0.0, =3.4.1, =1.5.0, =0.2.0, =0.0.2, =3.9.2, =0.1.0.dev2, =0.3.4, =0.1.0, =18.4.0, =1.1.2.post3, =1.2.0.post1 and more Source cves: CVE-2022-39348 Source advisory: OSV:GHSA-VG46-2RRJ-3647...

5.4CVSS6.4AI score0.01199EPSS

Exploits1

RedhatCVE•added 2022/05/20 11:30 p.m.•14 views

CVE-2019-7313

www/resource.py in Buildbot before 1.8.1 allows CRLF injection in the Location header of /auth/login and /auth/logout via the redirect parameter. This affects other web sites in the same domain...

6.1CVSS3.6AI score0.00224EPSS

Exploits1References1

Github Security Blog•added 2022/05/14 1:36 a.m.•10 views

Buildbot CRLF Injection

www/resource.py in Buildbot before 1.8.1 allows CRLF injection in the Location header of /auth/login and /auth/logout via the redirect parameter. This affects other web sites in the same domain...

6.1CVSS7.3AI score0.00224EPSS

Exploits1References6Affected Software1

vulnersOsv•added 2022/05/14 1:36 a.m.•0 views

buildbot-legacy-slack-adapter (>=1.0.0 <=1.0.1) potentially affected by CVE-2019-7313 via buildbot (=1.3.0)

buildbot PYPI version =1.3.0 is affected by a known vulnerability. The following packages have a transitive dependency on buildbot and may be impacted: - buildbot-legacy-slack-adapter =1.0.0, =1.0.1 Source cves: CVE-2019-7313 Source advisory: OSV:GHSA-66X7-2R56-FJ77...

6.1CVSS6.3AI score0.00224EPSS

Exploits1

OSV•added 2022/05/14 1:36 a.m.•10 views

GHSA-66X7-2R56-FJ77 Buildbot CRLF Injection

www/resource.py in Buildbot before 1.8.1 allows CRLF injection in the Location header of /auth/login and /auth/logout via the redirect parameter. This affects other web sites in the same domain...

6.1CVSS6.2AI score0.00224EPSS

Exploits1References6

Github Security Blog•added 2022/05/02 3:40 a.m.•15 views

Buildbot vulnerable to cross-site scripting

Multiple cross-site scripting XSS vulnerabilities in Buildbot 0.7.6 through 0.7.11p2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, different vulnerabilities than CVE-2009-2959...

4.3CVSS5.4AI score0.00604EPSS

Exploits0References13Affected Software1

OSV•added 2022/05/02 3:40 a.m.•12 views

GHSA-MJ3X-WPRP-MVJ9 Buildbot vulnerable to cross-site scripting

6.1CVSS5.4AI score0.00604EPSS

Exploits0References13

Github Security Blog•added 2022/05/02 3:40 a.m.•13 views

Buildbot Cross-site scripting (XSS) vulnerability

4.3CVSS5.6AI score0.00467EPSS

Exploits0References12Affected Software1

OSV•added 2022/05/02 3:40 a.m.•18 views

GHSA-JQQH-999X-W26W Buildbot Cross-site scripting (XSS) vulnerability

6.1CVSS5.2AI score0.00467EPSS

Exploits0References12

vulnersOsv•added 2022/02/07 10:36 p.m.•3 views

ayugespidertools (>=3.4.1 <=3.9.5), baotool (=1.0.1) +129 more potentially affected by CVE-2022-21712 via twisted (>=16.0.0 <=22.10.0)

twisted PYPI version =16.0.0, =3.4.1, =1.5.0, =0.2.0, =0.0.2, =3.9.2, =0.1.0.dev2, =0.3.4, =0.1.0, =18.4.0, =1.1.2.post3, =1.2.0.post1 and more Source cves: CVE-2022-21712 Source advisory: OSV:GHSA-92X2-JW7W-XVVX...

7.5CVSS7AI score0.00241EPSS

Exploits0

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by