Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories

Browse all Security Advisories for

Loading...
High
GSA_kwCzR0hTQS1mOTZoLXBtZnItNjZ2d84ABARh
Starlette Denial of service (DoS) via multipart/form-data
Ecosystems: pypi
Packages: starlette
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 4 hours ago
High
GSA_kwCzR0hTQS1xY3ZoLXA5anEtd3A4ds4ABARg
Malicious homeservers can steal message keys when the matrix-react-sdk user invites another user to a room
Ecosystems: npm
Packages: matrix-react-sdk
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 4 hours ago
High
GSA_kwCzR0hTQS00amY4LWc4d3AtY3g3Y84ABARf
Matrix JavaScript SDK's key history sharing could share keys to malicious devices
Ecosystems: npm
Packages: matrix-js-sdk
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 4 hours ago
Critical
GSA_kwCzR0hTQS00cjd2LXdocGctOHJ4M84ABARe
changedetection.io has a Server Side Template Injection using Jinja2 which allows Remote Command Execution
Ecosystems: pypi
Packages: changedetection.io
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 4 hours ago
Critical
GSA_kwCzR0hTQS1yOW1xLTNjOXItZm1qcc4ABARd
Vendure asset server plugin has local file read vulnerability with AssetServerPlugin & LocalAssetStorageStrategy
Ecosystems: npm
Packages: @vendure/asset-server-plugin
Source: GitHub Advisory Database
Blast Radius: 16.4
Published: about 5 hours ago
Moderate
GSA_kwCzR0hTQS0yMjM0LWZtdzctNDN3cs4ABARc
Hano allows bypass of CSRF Middleware by a request without Content-Type header.
Ecosystems: npm
Packages: hono
Source: GitHub Advisory Database
Blast Radius: 16.7
Published: about 5 hours ago
High
GSA_kwCzR0hTQS1mbWo3LTdnZnctNjRwZ84ABARb
Agent Dart is missing certificate verification checks
Ecosystems: pub
Packages: agent_dart
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 5 hours ago
Moderate
GSA_kwCzR0hTQS02amd3LXJnbW0tN2N2Ns4ABARX
PyO3 has a risk of use-after-free in `borrowed` reads from Python weak references
Ecosystems: cargo
Packages: pyo3
Source: GitHub Advisory Database
Blast Radius: 17.9
Published: about 7 hours ago
High
GSA_kwCzR0hTQS1jeDk1LXE2Z3gtdzRxcM4ABARQ
SAK-50571 Sakai Kernel users created with type roleview can login as a normal user
Ecosystems: maven
Packages: org.sakaiproject.kernel:sakai-kernel-impl
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 8 hours ago
Moderate
GSA_kwCzR0hTQS00d3gzLTU0Z2gtOWZyOc4ABAQx
Cross site scripting in markdown-to-jsx
Ecosystems: npm
Packages: markdown-to-jsx
Source: GitHub Advisory Database
Blast Radius: 29.0
Published: about 16 hours ago
Moderate
GSA_kwCzR0hTQS1wZjV2LXBxZnYteDhqas4ABAQZ
OpenCanary Executes Commands From Potentially Writable Config File
Ecosystems: pypi
Packages: OpenCanary
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 1 day ago
Low
GSA_kwCzR0hTQS1xaDhnLTU4cHAtMnd4aM4ABAQY
Eclipse Jetty URI parsing of invalid authority
Ecosystems: maven
Packages: org.eclipse.jetty:jetty-http
Source: GitHub Advisory Database
Blast Radius: 14.5
Published: 1 day ago
Moderate
GSA_kwCzR0hTQS1nOG01LTcyMnItOHdocc4ABAQX
Eclipse Jetty's ThreadLimitHandler.getRemote() vulnerable to remote DoS attacks
Ecosystems: maven
Packages: org.eclipse.jetty:jetty-server
Source: GitHub Advisory Database
Blast Radius: 26.8
Published: 1 day ago
Low
GSA_kwCzR0hTQS1yN200LWY5aDUtZ3I3Oc4ABAQW
Eclipse Jetty's PushSessionCacheFilter can cause remote DoS attacks
Ecosystems: maven
Packages: org.eclipse.jetty:jetty-servlets
Source: GitHub Advisory Database
Blast Radius: 12.2
Published: 1 day ago
Low
GSA_kwCzR0hTQS0zYzMyLTRocTktNndnas4ABAQV
SpiceDB calls to LookupResources using LookupResources2 with caveats may return context is missing when it is not
Ecosystems: go
Packages: github.com/authzed/spicedb
Source: GitHub Advisory Database
Blast Radius: 2.5
Published: 1 day ago
Moderate
GSA_kwCzR0hTQS14bW1tLWp3NzYtcTd2Z84ABAQU
One Time Passcode (OTP) is valid longer than expiration timeSeverity
Ecosystems: maven
Packages: org.keycloak:keycloak-core
Source: GitHub Advisory Database
Blast Radius: 14.7
Published: 1 day ago
High
GSA_kwCzR0hTQS01cnhwLTJyaHItcXdxds4ABAQT
Session fixation in Elytron SAML adapters
Ecosystems: maven
Packages: org.keycloak:keycloak-services
Source: GitHub Advisory Database
Blast Radius: 19.5
Published: 1 day ago
Moderate
GSA_kwCzR0hTQS13OGdyLXh3cDQtcjlmN84ABAQS
Vulnerable Redirect URI Validation Results in Open Redirect
Ecosystems: maven
Packages: org.keycloak:keycloak-services
Source: GitHub Advisory Database
Blast Radius: 16.8
Published: 1 day ago
High
GSA_kwCzR0hTQS14Z2Z2LXhweDgtcWhjcs4ABAQR
Improper Verification of SAML Responses Leading to Privilege Escalation in Keycloak
Ecosystems: maven
Packages: org.keycloak:keycloak-saml-core
Source: GitHub Advisory Database
Blast Radius: 18.1
Published: 1 day ago
Low
GSA_kwCzR0hTQS12djZjLTY5cjYtY2hnOc4ABAQQ
Go-Landlock in best-effort mode did not restrict TCP bind and connect operations correctly
Ecosystems: go
Packages: github.com/landlock-lsm/go-landlock
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 1 day ago
Moderate
GSA_kwCzR0hTQS1tODV3LTNoOTUtaGNmOc4ABAQP
DOM Clobbering Gadget found in astro's client-side router that leads to XSS
Ecosystems: npm
Packages: astro
Source: GitHub Advisory Database
Blast Radius: 25.2
Published: 1 day ago
Moderate
GSA_kwCzR0hTQS1nNzd4LTQ0eHgtNTMybc4ABAQO
Denial of Service condition in Next.js image optimization
Ecosystems: npm
Packages: next
Source: GitHub Advisory Database
Blast Radius: 32.7
Published: 1 day ago
High
GSA_kwCzR0hTQS00NDNqLWdyeHYtMnBnds4ABAPx
Apache ActiveMQ Artemis: Authenticated users could perform RCE via Jolokia MBeans
Ecosystems: maven
Packages: org.apache.activemq:artemis-cli
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 1 day ago
Moderate
GSA_kwCzR0hTQS1qMjZ3LWY5cnEtbXIycc4ABAPv
Eclipse Jetty has a denial of service vulnerability on DosFilter
Ecosystems: maven
Packages: org.eclipse.jetty:jetty-servlets, org.eclipse.jetty.ee9:jetty-ee9-servlets, org.eclipse.jetty.ee8:jetty-ee8-servlets, org.eclipse.jetty.ee10:jetty-ee10-servlets
Source: GitHub Advisory Database
Blast Radius: 20.8
Published: 1 day ago
Critical
GSA_kwCzR0hTQS03Nm13LTZwOTUteDl4Nc4ABAOn
pac4j-core affected by a Java deserialization vulnerability
Ecosystems: maven
Packages: org.pac4j:pac4j-core
Source: GitHub Advisory Database
Blast Radius: 25.1
Published: 4 days ago
Moderate
GSA_kwCzR0hTQS02aDY0LWc3Y2otaGo1Ns4ABAOH
Lord of Large Language Models (LoLLMs) path traversal vulnerability in the api open_personality_folder endpoint
Ecosystems: pypi
Packages: lollms
Source: GitHub Advisory Database
Blast Radius: 2.6
Published: 4 days ago
Critical
GSA_kwCzR0hTQS12Z3hxLTZyY2YtcXdyd84ABANd
angular-base64-upload vulnerable to unauthenticated remote code execution
Ecosystems: npm
Packages: angular-base64-upload
Source: GitHub Advisory Database
Blast Radius: 19.7
Published: 4 days ago
Moderate
GSA_kwCzR0hTQS04cm0yLTkzbXEtanFoY84ABANU
Extract has insufficient checks allowing attacker to create symlinks outside the extraction directory.
Ecosystems: go
Packages: github.com/codeclysm/extract, github.com/codeclysm/extract/v4, github.com/codeclysm/extract/v3
Source: GitHub Advisory Database
Blast Radius: 10.8
Published: 4 days ago
High
GSA_kwCzR0hTQS1neDltLXdoam0tODVqZs4ABANT
DOMpurify has a nesting-based mXSS
Ecosystems: npm
Packages: dompurify
Source: GitHub Advisory Database
Blast Radius: 47.5
Published: 4 days ago
Critical
GSA_kwCzR0hTQS1qMmhyLXE5M3gtZ3h2aM4ABANS
SSOReady has an XML Signature Bypass via differential XML parsing
Ecosystems: go
Packages: github.com/ssoready/ssoready
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 4 days ago
Critical
GSA_kwCzR0hTQS1wcHBnLWNwZnEtaDd3cs4ABAM3
JSONPath Plus Remote Code Execution (RCE) Vulnerability
Ecosystems: npm
Packages: jsonpath-plus
Source: GitHub Advisory Database
Blast Radius: 42.8
Published: 4 days ago
Low
GSA_kwCzR0hTQS03cGdyLTMyZngtYzZ4Oc4ABAM8
Lord of Large Language Models (LoLLMs) Server path traversal vulnerability in lollms_file_system.py
Ecosystems: pypi
Packages: lollms
Source: GitHub Advisory Database
Blast Radius: 2.0
Published: 4 days ago
High
GSA_kwCzR0hTQS01N3FoLXZtanItNWp4Z84ABAMx
Snipe-IT remote code execution
Ecosystems: packagist
Packages: snipe/snipe-it
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 days ago
Low
GSA_kwCzR0hTQS0yNmpoLXI4ZzItNmZwcs4ABAMK
Gradio's dropdown component pre-process step does not limit the values to those in the dropdown list
Ecosystems: pypi
Packages: gradio
Source: GitHub Advisory Database
Blast Radius: 21.6
Published: 5 days ago
Moderate
GSA_kwCzR0hTQS1ndnY2LTMzajctODg0Z84ABAMJ
Gradio has an XSS on every Gradio server via upload of HTML files, JS files, or SVG files
Ecosystems: pypi
Packages: gradio
Source: GitHub Advisory Database
Blast Radius: 22.0
Published: 5 days ago
High
GSA_kwCzR0hTQS0yNzlqLXg0Z3gtaGZyaM4ABAMI
Gradio uses insecure communication between the FRP client and server
Ecosystems: pypi
Packages: gradio
Source: GitHub Advisory Database
Blast Radius: 33.0
Published: 5 days ago
High
GSA_kwCzR0hTQS14aDJ4LTNtcm0tZndxbc4ABAMH
Gradio has a race condition in update_root_in_config may redirect user traffic
Ecosystems: pypi
Packages: gradio
Source: GitHub Advisory Database
Blast Radius: 28.5
Published: 5 days ago
Moderate
GSA_kwCzR0hTQS1qNzU3LXBmNTctZjhyNM4ABAMG
Gradio performs a non-constant-time comparison when comparing hashes
Ecosystems: pypi
Packages: gradio
Source: GitHub Advisory Database
Blast Radius: 15.1
Published: 5 days ago
Moderate
GSA_kwCzR0hTQS00cTNjLWNqN2ctamN3Zs4ABAMF
Gradio has several components with post-process steps allow arbitrary file leaks
Ecosystems: pypi
Packages: gradio
Source: GitHub Advisory Database
Blast Radius: 21.6
Published: 5 days ago
High
GSA_kwCzR0hTQS04Yzg3LWd2aGoteG04bc4ABAME
Gradio lacks integrity checking on the downloaded FRP client
Ecosystems: pypi
Packages: gradio
Source: GitHub Advisory Database
Blast Radius: 30.5
Published: 5 days ago
Low
GSA_kwCzR0hTQS1obTNjLTkzcGctNGN4d84ABAMD
In Gradio, the `enable_monitoring` flag set to `False` does not disable monitoring
Ecosystems: pypi
Packages: gradio
Source: GitHub Advisory Database
Blast Radius: 17.5
Published: 5 days ago
Moderate
GSA_kwCzR0hTQS01NzZjLTNqNTMtcjlqas4ABAMC
Gradio vulnerable to SSRF in the path parameter of /queue/join
Ecosystems: pypi
Packages: gradio
Source: GitHub Advisory Database
Blast Radius: 29.3
Published: 5 days ago
Moderate
GSA_kwCzR0hTQS0zN3FjLXFneDYtOXhqds4ABAMB
Gradio has a one-level read path traversal in `/custom_component`
Ecosystems: pypi
Packages: gradio
Source: GitHub Advisory Database
Blast Radius: 21.6
Published: 5 days ago
Moderate
GSA_kwCzR0hTQS04OXYyLXBxZnYtYzVyOc4ABAMA
Gradio's CORS origin validation accepts the null origin
Ecosystems: pypi
Packages: gradio
Source: GitHub Advisory Database
Blast Radius: 22.0
Published: 5 days ago
High
GSA_kwCzR0hTQS1ycjhqLTd3MzQteHA1as4ABALz
Vault Community Edition privilege escalation vulnerability
Ecosystems: go
Packages: github.com/hashicorp/vault
Source: GitHub Advisory Database
Blast Radius: 24.2
Published: 5 days ago
Moderate
GSA_kwCzR0hTQS03N3hxLTZnNzctaDI3NM4ABALi
Gradio's `is_in_or_equal` function may be bypassed
Ecosystems: pypi
Packages: gradio
Source: GitHub Advisory Database
Blast Radius: 26.5
Published: 5 days ago
High
GSA_kwCzR0hTQS0zYzY3LTVod3gtZjZ3eM4ABALh
Gradios's CORS origin validation is not performed when the request has a cookie
Ecosystems: pypi
Packages: gradio
Source: GitHub Advisory Database
Blast Radius: 35.8
Published: 5 days ago
Moderate
GSA_kwCzR0hTQS04cHBoLWdmaHAtdzIyNs4ABALg
Alist reflected Cross-Site Scripting vulnerability
Ecosystems: go
Packages: github.com/alist-org/alist/v3
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 5 days ago
Moderate
GSA_kwCzR0hTQS00Z2Z3LXdmN2MtdzZnMs4ABALS
Authd allows attacker-controlled usernames to yield controllable UIDs
Ecosystems: go
Packages: github.com/ubuntu/authd
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 5 days ago
High
GSA_kwCzR0hTQS0yN3ZoLWg2bWMtcTZnOM4ABALR
btcd did not correctly re-implement Bitcoin Core's "FindAndDelete()" functionality
Ecosystems: go
Packages: github.com/btcsuite/btcd
Source: GitHub Advisory Database
Blast Radius: 29.8
Published: 5 days ago
Moderate
GSA_kwCzR0hTQS00Zjg5LTVjd20tcm01Z84ABALD
Magento Open Source Information Exposure vulnerability
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 2.9
Published: 5 days ago
Moderate
GSA_kwCzR0hTQS14YzVwLTc3M3ctbTNwbc4ABAK_
Magento Open Source Improper Authorization vulnerability
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 5.8
Published: 5 days ago
Moderate
GSA_kwCzR0hTQS1qM21oLXd4NWYtMnZoZ84ABAK7
Magento Open Source Information Exposure vulnerability
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 2.9
Published: 5 days ago
High
GSA_kwCzR0hTQS01ZjY0LXBwbWctY3Z2bc4ABALB
Magento Open Source Improper Authorization vulnerability
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 7.0
Published: 5 days ago
Low
GSA_kwCzR0hTQS13N3JnLTd3cTItcGpyd84ABAK6
Magento Open Source Improper Access Control vulnerability
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 2.9
Published: 5 days ago
Moderate
GSA_kwCzR0hTQS04cHhnLWdjcDQtNTd3d84ABAK0
Magento Open Source Improper Access Control vulnerability
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 2.9
Published: 5 days ago
Moderate
GSA_kwCzR0hTQS0ycWhxLWZ3OTgtaDZ3Z84ABAKy
Magento Open Source Improper Access Control vulnerability
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 4.6
Published: 5 days ago
Moderate
GSA_kwCzR0hTQS14ZzM2LThjMnYtanB4aM4ABAKs
Magento Open Source Incorrect Authorization vulnerability
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 4.6
Published: 5 days ago
Moderate
GSA_kwCzR0hTQS04OHgyLWNxMzQtNWZ3Y84ABAK2
Magento Open Source reflected Cross-Site Scripting (XSS) vulnerability
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 6.6
Published: 5 days ago
Moderate
GSA_kwCzR0hTQS1tNThoLTk5OHgtNjZmM84ABAKx
Magento Open Source Improper Access Control vulnerability
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 4.6
Published: 5 days ago
Moderate
GSA_kwCzR0hTQS00N2pwLTQ2YzktMjV2Zs4ABAKp
Magento Open Source Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 4.6
Published: 5 days ago
Moderate
GSA_kwCzR0hTQS00NmZtLXg4Mm0tNWY3NM4ABAKu
Magento Open Source Improper Access Control vulnerability
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 4.6
Published: 5 days ago
Moderate
GSA_kwCzR0hTQS1xcHA3LTc0MnEtNThqM84ABAKr
Magento Open Source Improper Authorization vulnerability
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 5.8
Published: 5 days ago
Moderate
GSA_kwCzR0hTQS04NzNtLTcyZzYtODUzZ84ABAKm
Magento Open Source Cross-Site Scripting (XSS) vulnerability
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 8.7
Published: 5 days ago
Moderate
GSA_kwCzR0hTQS12M3Y2LWpmdnctbTU3Ns4ABAKv
Magento Open Source Improper Access Control vulnerability
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 4.6
Published: 5 days ago
Moderate
GSA_kwCzR0hTQS13M3AyLXBjM2gtNjl3ds4ABAKq
Magento Open Source Improper Access Control vulnerability
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 5.7
Published: 5 days ago
Moderate
GSA_kwCzR0hTQS1jODlnLWdxNXItMnh3Ms4ABAK5
Magento Open Source stored Cross-Site Scripting (XSS) vulnerability
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 5.2
Published: 5 days ago
Moderate
GSA_kwCzR0hTQS1nOWZtLXdjNmgtcHZnas4ABAKo
Magento Open Source Server-Side Request Forgery (SSRF) vulnerability
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 5.9
Published: 5 days ago
High
GSA_kwCzR0hTQS1jZzUyLTY4ZnYtOTRxcc4ABAKw
Magento Open Source Improper Access Control vulnerability
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 7.0
Published: 5 days ago
Moderate
GSA_kwCzR0hTQS0zZnIzLWdjcWgtM20yZ84ABAKn
Magento Open Source Improper Input Validation vulnerability
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 8.2
Published: 5 days ago
Low
GSA_kwCzR0hTQS00MzRnLTI2MzctcW1xcs4ABAJS
Elliptic's verify function omits uniqueness validation
Ecosystems: npm
Packages: elliptic
Source: GitHub Advisory Database
Blast Radius: 30.9
Published: 6 days ago
Low
GSA_kwCzR0hTQS13N3FyLXE5ZmgtZmozNc4ABAJK
Dozzle uses unsafe hash for passwords
Ecosystems: go
Packages: github.com/amir20/dozzle
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 6 days ago
Moderate
GSA_kwCzR0hTQS14Y3ZjLTVoZ3YtcGhxZ84ABAJF
open-webui Insecure Direct Object Reference (IDOR) vulnerability
Ecosystems: pypi
Packages: open-webui
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 6 days ago
Moderate
GSA_kwCzR0hTQS01NGY0LXY2djktOXE4Ms4ABAJI
open-webui allows writing and deleting arbitrary files
Ecosystems: pypi
Packages: open-webui
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 6 days ago
Low
GSA_kwCzR0hTQS1tcTkyLWpyMzUtZmZwY84ABAJB
open-webui allows enumeration of file names and traversal of directories by observing the error messages
Ecosystems: pypi
Packages: open-webui
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 6 days ago
Low
GSA_kwCzR0hTQS03cW14LTNmcHgtcjQ1bc4ABAI_
Wasmtime race condition could lead to WebAssembly control-flow integrity and type safety violations
Ecosystems: cargo
Packages: wasmtime
Source: GitHub Advisory Database
Blast Radius: 9.8
Published: 6 days ago
Moderate
GSA_kwCzR0hTQS1xOGh4LW1tOTItNHd2Z84ABAI-
wasmtime has a runtime crash when combining tail calls with trapping imports
Ecosystems: cargo
Packages: wasmtime
Source: GitHub Advisory Database
Blast Radius: 18.6
Published: 6 days ago
Moderate
GSA_kwCzR0hTQS01ODZwLTc0OWotZmh3cM4ABAIr
Buildah allows arbitrary directory mount
Ecosystems: go
Packages: github.com/containers/buildah
Source: GitHub Advisory Database
Blast Radius: 11.0
Published: 6 days ago
Moderate
GSA_kwCzR0hTQS1wZnI5LTJwOTItcXJocc4ABAH9
Databento Binary Encoding (DBN) has a heap buffer overflow using c_chars_to_str function
Ecosystems: cargo
Packages: dbn
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 6 days ago
Moderate
GSA_kwCzR0hTQS1qcWZ2LWpydnEtOTVqbc4ABAH6
Apache XML Graphics FOP XML External Entity Reference ('XXE') vulnerability
Ecosystems: maven
Packages: org.apache.xmlgraphics:fop-core
Source: GitHub Advisory Database
Blast Radius: 7.9
Published: 6 days ago
High
GSA_kwCzR0hTQS05NzIyLTlqNjctdmpjcs4ABAFl
Improper Authorization in Select Permissions
Ecosystems: cargo
Packages: surrealdb-core, surrealdb
Source: GitHub Advisory Database
Blast Radius: 14.3
Published: 7 days ago
High
GSA_kwCzR0hTQS1xanJ2LXY2cXAteDk5eM4ABAFk
SurrealDB has an Uncaught Exception Handling Parsing Errors on Empty Strings
Ecosystems: cargo
Packages: surrealdb-core, surrealdb
Source: GitHub Advisory Database
Blast Radius: 14.3
Published: 7 days ago
High
GSA_kwCzR0hTQS1mM2N4LTM5NmYtN2pxcM4ABAFj
Livewire Remote Code Execution on File Uploads
Ecosystems: packagist
Packages: livewire/livewire
Source: GitHub Advisory Database
Blast Radius: 31.9
Published: 7 days ago
Low
GSA_kwCzR0hTQS1mZmN2LXY2cHctcWhycM4ABAFi
Denial of Service in TYPO3 Bookmark Toolbar
Ecosystems: packagist
Packages: typo3/cms-backend
Source: GitHub Advisory Database
Blast Radius: 6.8
Published: 7 days ago
High
GSA_kwCzR0hTQS05Y3A5LThndzItOHY3bc4ABAFg
Adguard Home arbitrary file read vulnerability
Ecosystems: go
Packages: github.com/AdguardTeam/AdGuardHome
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 7 days ago
High
GSA_kwCzR0hTQS04ZzRxLXhnNjYtOWZwNM4ABAFe
Microsoft Security Advisory CVE-2024-43485 | .NET Denial of Service Vulnerability
Ecosystems: nuget
Packages: System.Text.Json
Source: GitHub Advisory Database
Blast Radius: 10.1
Published: 7 days ago
High
GSA_kwCzR0hTQS1mMzJjLXc0NDQtOHBwds4ABAFd
Microsoft Security Advisory CVE-2024-43484 | .NET Denial of Service Vulnerability
Ecosystems: nuget
Packages: System.IO.Packaging
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 days ago
High
GSA_kwCzR0hTQS1xajY2LW04OGotaG1nas4ABAFc
Microsoft Security Advisory CVE-2024-43483 | .NET Denial of Service Vulnerability
Ecosystems: nuget
Packages: Microsoft.Extensions.Caching.Memory, System.IO.Packaging, System.Security.Cryptography.Cose
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 days ago
Moderate
GSA_kwCzR0hTQS01d3ByLWNqOXAtOTU5cs4ABADn
HTTP Request Smuggling Leading to Client Timeouts in resteasy-netty4
Ecosystems: maven
Packages: org.jboss.resteasy:resteasy-netty4-cdi
Source: GitHub Advisory Database
Blast Radius: 5.7
Published: 7 days ago
Moderate
GSA_kwCzR0hTQS1qcWgyLWNoN3AteHd4aM4ABADo
Quarkus CXF logs passwords and other secrets
Ecosystems: maven
Packages: io.quarkiverse.cxf:quarkus-cxf
Source: GitHub Advisory Database
Blast Radius: 7.5
Published: 7 days ago
Moderate
GSA_kwCzR0hTQS1qajVjLWhocmctdnY1aM4ABADv
xhtml2pdf Denial of Service via crafted string
Ecosystems: pypi
Packages: xhtml2pdf
Source: GitHub Advisory Database
Blast Radius: 17.8
Published: 7 days ago
Moderate
GSA_kwCzR0hTQS01aGdjLTJ2ZnAtbXF2Y84ABADU
Django vulnerable to denial-of-service attack via the urlize() and urlizetrunc() template filters
Ecosystems: pypi
Packages: Django
Source: GitHub Advisory Database
Blast Radius: 26.8
Published: 7 days ago
Moderate
GSA_kwCzR0hTQS1ycnFjLWMyangtNmpnds4ABADW
Django allows enumeration of user e-mail addresses
Ecosystems: pypi
Packages: Django
Source: GitHub Advisory Database
Blast Radius: 18.7
Published: 7 days ago
High
GSA_kwCzR0hTQS03dnc5LWNmd3gtOWd4Oc4ABADL
Microsoft Security Advisory CVE-2024-38229 | .NET Remote Code Execution Vulnerability
Ecosystems: nuget
Packages: Microsoft.AspNetCore.App.Runtime.win-x86, Microsoft.AspNetCore.App.Runtime.win-x64, Microsoft.AspNetCore.App.Runtime.win-arm64, Microsoft.AspNetCore.App.Runtime.win-arm, Microsoft.AspNetCore.App.Runtime.osx-x64, Microsoft.AspNetCore.App.Runtime.osx-arm64, Microsoft.AspNetCore.App.Runtime.linux-x64, Microsoft.AspNetCore.App.Runtime.linux-musl-x64, Microsoft.AspNetCore.App.Runtime.linux-musl-arm64, Microsoft.AspNetCore.App.Runtime.linux-musl-arm, Microsoft.AspNetCore.App.Runtime.linux-arm64, Microsoft.AspNetCore.App.Runtime.linux-arm
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 days ago
Low
GSA_kwCzR0hTQS1yZjVtLWg4cTktOXc2cc4ABADH
Information Disclosure in TYPO3 Page Tree
Ecosystems: packagist
Packages: typo3/cms-backend
Source: GitHub Advisory Database
Blast Radius: 8.4
Published: 7 days ago
Moderate
GSA_kwCzR0hTQS1wcjQ1LWNnNHgtZmY0bc4ABACN
ggit is vulnerable to Arbitrary Argument Injection via the clone() API
Ecosystems: npm
Packages: ggit
Source: GitHub Advisory Database
Blast Radius: 19.0
Published: 8 days ago
Moderate
GSA_kwCzR0hTQS02MmN4LTV4ajQtd2ZtNM4ABACL
ggit is vulnerable to Command Injection via the fetchTags(branch) API
Ecosystems: npm
Packages: ggit
Source: GitHub Advisory Database
Blast Radius: 21.4
Published: 8 days ago
Moderate
GSA_kwCzR0hTQS02MzM5LWd2N3ctZzVmNM4ABACE
SAP HANA Node.js client package vulnerable to Prototype Pollution
Ecosystems: npm
Packages: @sap/hana-client
Source: GitHub Advisory Database
Blast Radius: 10.9
Published: 8 days ago
Moderate
GSA_kwCzR0hTQS1jN3htLXJ3cWotcGdjas4ABABl
LimeSurvey Cross Site Scripting vulnerability
Ecosystems: packagist
Packages: limesurvey/limesurvey
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 8 days ago
Moderate
GSA_kwCzR0hTQS03NHEyLTZqcDQtM3Jxcc4ABABh
Krayin CRM vulnerable to Cross Site Scripting (XSS) via the organization name
Ecosystems: packagist
Packages: krayin/laravel-crm
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 8 days ago
Statistics
Advisories: 20,327
Packages: 8,921
Repositories: 5,438
Ecosystems: 12
Filter by Severity
Moderate 8,822 High 7,037 Critical 3,014 Low 1,118
Filter by Ecosystem
maven 5,794 packagist 4,523 pypi 4,285 npm 3,781 go 2,240 nuget 1,526 rubygems 868 cargo 862 swift 32 hex 30 actions 19 pub 9
Filter by Package
tensorflow 433 tensorflow-gpu 425 tensorflow-cpu 422 moodle/moodle 343 Microsoft.ChakraCore 247 magento/community-edition 235 org.jenkins-ci.main:jenkins-core 193 typo3/cms 174 org.apache.tomcat:tomcat 132 pimcore/pimcore 118 dolibarr/dolibarr 112 typo3/cms-core 106 Django 100 microweber/microweber 94 phpmyadmin/phpmyadmin 92 drupal/core 92 silverstripe/framework 85 apache-airflow 84 drupal/drupal 77 thorsten/phpmyfaq 70 com.fasterxml.jackson.core:jackson-databind 69 symfony/symfony 64 Plone 64 github.com/usememos/memos 63 ansible 63 concrete5/concrete5 60 librenms/librenms 60 actionpack 58 github.com/mattermost/mattermost/server/v8 56 salt 55 org.apache.struts:struts2-core 55 shopware/platform 52 org.keycloak:keycloak-core 51 apache-superset 51 nova 47 github.com/grafana/grafana 47 mlflow 46 com.liferay.portal:release.portal.bom 46 django 44 craftcms/cms 43 baserproject/basercms 43 nokogiri 43 plone 43 rdiffweb 42 showdoc/showdoc 40 shopware/core 40 intelliants/subrion 39 froxlor/froxlor 38 vyper 38 org.xwiki.platform:xwiki-platform-oldcore 37 nilsteampassnet/teampass 37 github.com/mattermost/mattermost-server/v6 37 org.apache.tomcat.embed:tomcat-embed-core 37 mautic/core 37 github.com/hashicorp/vault 36 org.keycloak:keycloak-services 36 org.elasticsearch:elasticsearch 36 com.thoughtworks.xstream:xstream 36 com.jfinal:jfinal 36 net.mingsoft:ms-mcms 35 moin 35 matrix-synapse 35 k8s.io/kubernetes 34 zendframework/zendframework1 34 github.com/answerdev/answer 34 github.com/rancher/rancher 34 snipe/snipe-it 34 org.jenkins-ci.plugins:script-security 32 io.undertow:undertow-core 32 gradio 32 github.com/argoproj/argo-cd 31 opencv-contrib-python 31 opencv-python 31 Pillow 31 parse-server 31 keystone 31 shopware/shopware 30 github.com/docker/docker 29 getgrav/grav 29 centreon/centreon 27 github.com/hashicorp/nomad 27 github.com/argoproj/argo-cd/v2 27 openssl-src 26 electron 26 prestashop/prestashop 26 pillow 26 directus 26 github.com/hashicorp/consul 26 org.apache.solr:solr-core 25 rubygems-update 25 org.keycloak:keycloak-parent 25 github.com/cilium/cilium 24 magento/core 24 org.springframework.security:spring-security-core 24 gogs.io/gogs 24 mediawiki/core 24 org.eclipse.jetty:jetty-server 24 contao/core-bundle 24 pocketmine/pocketmine-mp 23 rack 23 remdex/livehelperchat 23 zendframework/zendframework 23 puppet 23 grumpydictator/firefly-iii 23 simplesamlphp/simplesamlphp 23 org.bouncycastle:bcprov-jdk14 22 ckb 22 tribalsystems/zenario 22 getkirby/cms 22 org.apache.nifi:nifi 21 @openzeppelin/contracts-upgradeable 21 org.apache.openmeetings:openmeetings-parent 21 Microsoft.AspNetCore.App.Runtime.win-x64 21 Microsoft.AspNetCore.App.Runtime.win-x86 21 activerecord 21 code.gitea.io/gitea 20 glance 20 org.cloudfoundry.identity:cloudfoundry-identity-server 20 Microsoft.AspNetCore.App.Runtime.win-arm 20 @openzeppelin/contracts 20 github.com/ethereum/go-ethereum 20 DotNetNuke.Core 19 org.springframework:spring-core 19 contao/contao 19 laravel/framework 19 org.xwiki.platform:xwiki-platform-web-templates 19 github.com/traefik/traefik/v2 18 forkcms/forkcms 18 topthink/framework 18 mercurial 18 mindsdb 18 golang.org/x/net 18 langchain 18 Microsoft.AspNetCore.App.Runtime.win-arm64 18 Microsoft.AspNetCore.App.Runtime.osx-x64 18 Microsoft.AspNetCore.App.Runtime.linux-x64 18 Microsoft.AspNetCore.App.Runtime.linux-musl-x64 18 Microsoft.AspNetCore.App.Runtime.linux-arm64 18 Microsoft.AspNetCore.App.Runtime.linux-arm 18 wasmtime 18 next 18 cockpit-hq/cockpit 18 com.liferay.portal:release.dxp.bom 18 com.vaadin:vaadin-bom 18 github.com/goharbor/harbor 18 notebook 17 genix/cms 17 Microsoft.AspNetCore.App.Runtime.linux-musl-arm64 17 symfony/security 17 PaddlePaddle 17 helm.sh/helm/v3 17 opencart/opencart 17 org.apache.geode:geode-core 17 ezsystems/ezpublish-kernel 17 cakephp/cakephp 17 francoisjacquet/rosariosis 17 cobbler 17 rusqlite 16 sequelize 16 org.apache.activemq:activemq-client 16 org.apache.dubbo:dubbo 16 yetiforce/yetiforce-crm 16 org.apache.jspwiki:jspwiki-main 16 typo3/cms-backend 16 tinymce 16 cryptography 16 openmage/magento-lts 16 org.bouncycastle:bcprov-jdk15 16 neutron 16 ec-cube/ec-cube 15 ckeditor4 15 pyload-ng 15 october/system 15 smarty/smarty 15 ethyca-fides 15 ghost 15 org.apache.struts.xwork:xwork-core 15 paddlepaddle 15 swagger-ui 14 phpmailer/phpmailer 14 bolt/bolt 14 github.com/nats-io/nats-server/v2 14 activesupport 14 symfony/security-http 14 pyftpdlib 14 org.apache.inlong:manager-pojo 14 org.xwiki.platform:xwiki-platform-web 14 github.com/containerd/containerd 14 modoboa 14 silverstripe/cms 14 feehi/cms 14 github.com/zitadel/zitadel 14 publify_core 14 lavalite/cms 13 twisted 13 Microsoft.AspNetCore.App.Runtime.linux-musl-arm 13 joplin 13 lollms 13 studio-42/elfinder 13 OctoPrint 13
Filter by Repository
https://github.com/tensorflow/tensorflow 433 https://github.com/moodle/moodle 214 https://github.com/chakra-core/ChakraCore 214 https://github.com/xwiki/xwiki-platform 183 https://github.com/jenkinsci/jenkins 150 https://github.com/django/django 113 https://github.com/pimcore/pimcore 113 https://github.com/apache/airflow 98 https://github.com/apache/tomcat 97 https://github.com/microweber/microweber 88 https://github.com/keycloak/keycloak 74 https://github.com/TYPO3/typo3 74 https://github.com/FasterXML/jackson-databind 70 https://github.com/thorsten/phpmyfaq 69 https://github.com/silverstripe/silverstripe-framework 64 https://github.com/usememos/memos 63 https://github.com/symfony/symfony 57 https://github.com/ansible/ansible 56 https://github.com/Dolibarr/dolibarr 56 https://github.com/rails/rails 55 https://github.com/librenms/librenms 52 https://github.com/python-pillow/Pillow 52 https://github.com/kubernetes/kubernetes 50 https://github.com/apache/struts 46 https://github.com/spring-projects/spring-framework 44 https://github.com/shopware/platform 43 https://github.com/argoproj/argo-cd 42 https://github.com/ikus060/rdiffweb 42 https://github.com/concretecms/concretecms 41 https://github.com/grafana/grafana 40 https://github.com/phpmyadmin/phpmyadmin 38 https://github.com/vyperlang/vyper 38 https://github.com/magento/magento2 38 https://github.com/star7th/showdoc 38 https://github.com/plone/Products.CMFPlone 37 https://github.com/openstack/nova 37 https://github.com/x-stream/xstream 36 https://github.com/mautic/mautic 35 https://github.com/octobercms/october 35 https://github.com/answerdev/answer 34 https://github.com/saltstack/salt 34 https://github.com/apache/activemq 33 https://github.com/sparklemotion/nokogiri 32 https://github.com/matrix-org/synapse 32 https://github.com/go-gitea/gitea 32 https://github.com/opencv/opencv 32 https://github.com/PaddlePaddle/Paddle 31 https://github.com/craftcms/cms 31 https://github.com/dotnet/runtime 31 https://github.com/parse-community/parse-server 31 https://github.com/mlflow/mlflow 30 https://github.com/snipe/snipe-it 30 https://github.com/gradio-app/gradio 30 https://github.com/rancher/rancher 29 https://github.com/shopware/shopware 28 https://github.com/openstack/keystone 28 https://github.com/CVEProject/cvelist 28 https://github.com/apache/inlong 27 https://github.com/froxlor/froxlor 26 https://github.com/contao/contao 25 https://github.com/electron/electron 25 https://github.com/directus/directus 25 https://github.com/getgrav/grav 24 https://github.com/gogs/gogs 24 https://github.com/strapi/strapi 24 https://github.com/github/advisory-database 24 https://github.com/TYPO3/TYPO3.CMS 24 https://github.com/cilium/cilium 24 https://github.com/livehelperchat/livehelperchat 23 https://github.com/pmmp/PocketMine-MP 23 https://github.com/eclipse/jetty.project 23 https://github.com/firefly-iii/firefly-iii 23 https://github.com/apache/nifi 22 https://github.com/PrestaShop/PrestaShop 22 https://github.com/baserproject/basercms 22 https://github.com/nervosnetwork/ckb 22 https://github.com/apache/cxf 21 https://github.com/jenkinsci/script-security-plugin 21 https://github.com/OpenNMS/opennms 20 https://github.com/umbraco/Umbraco-CMS 20 https://github.com/netty/netty 20 https://github.com/langchain-ai/langchain 20 https://github.com/OpenZeppelin/openzeppelin-contracts 20 https://github.com/jeecgboot/jeecg-boot 20 https://github.com/simplesamlphp/simplesamlphp 20 https://github.com/hashicorp/consul 19 https://github.com/getkirby/kirby 19 https://github.com/cloudfoundry/uaa 19 https://github.com/bcgit/bc-java 19 https://github.com/bytecodealliance/wasmtime 19 https://github.com/nilsteampassnet/teampass 19 https://github.com/intelliants/subrion 18 https://github.com/goharbor/harbor 18 https://github.com/geoserver/geoserver 18 https://github.com/rack/rack 18 https://github.com/rubygems/rubygems 18 https://github.com/nilsteampassnet/TeamPass 18 https://github.com/helm/helm 18 https://github.com/traefik/traefik 18 https://github.com/zitadel/zitadel 17 https://github.com/liufee/cms 17 https://github.com/vaadin/platform 17 https://github.com/mindsdb/mindsdb 17 https://github.com/moby/moby 17 https://github.com/etcd-io/etcd 16 https://github.com/hashicorp/vault 16 https://github.com/OpenMage/magento-lts 16 https://github.com/TYPO3-CMS/core 16 https://github.com/backstage/backstage 16 https://github.com/opencast/opencast 16 https://github.com/sequelize/sequelize 16 https://github.com/yetiforcecompany/yetiforcecrm 16 https://github.com/rusqlite/rusqlite 16 https://github.com/tinymce/tinymce 16 https://github.com/undertow-io/undertow 16 https://github.com/ethereum/go-ethereum 16 https://github.com/forkcms/forkcms 16 https://github.com/PHPMailer/PHPMailer 15 https://github.com/pyload/pyload 15 https://github.com/vantage6/vantage6 15 https://github.com/apache/camel 15 https://github.com/zendframework/zendframework 15 https://github.com/laravel/framework 15 https://github.com/puppetlabs/puppet 15 https://github.com/ethyca/fides 15 https://github.com/denoland/deno 15 https://github.com/mattermost/mattermost 15 https://github.com/centreon/centreon 15 https://github.com/pyca/cryptography 15 https://github.com/containerd/containerd 14 https://github.com/xuxueli/xxl-job 14 https://github.com/twisted/twisted 14 https://github.com/vercel/next.js 14 https://github.com/decidim/decidim 14 https://github.com/cockpit-hq/cockpit 14 https://github.com/ckeditor/ckeditor4 14 https://github.com/cobbler/cobbler 14 https://github.com/dotnet/aspnetcore 14 https://github.com/apache/dolphinscheduler 13 https://github.com/dromara/hutool 13 https://github.com/publify/publify 13 https://github.com/swagger-api/swagger-ui 13 https://github.com/ming-soft/MCMS 13 https://github.com/TryGhost/Ghost 13 https://github.com/golang/go 13 https://github.com/hashicorp/nomad 13 https://github.com/quarkusio/quarkus 13 https://github.com/dompdf/dompdf 13 https://github.com/nodejs/undici 13 https://github.com/modoboa/modoboa 13 https://github.com/patriksimek/vm2 12 https://github.com/aio-libs/aiohttp 12 https://github.com/containers/podman 12 https://github.com/opencontainers/runc 12 https://github.com/surrealdb/surrealdb 12 https://github.com/pimcore/admin-ui-classic-bundle 12 https://github.com/wagtail/wagtail 12 https://github.com/1Panel-dev/1Panel 12 https://github.com/puma/puma 12 https://github.com/centreon/centreon-archived 12 https://github.com/urllib3/urllib3 12 https://github.com/laurent22/joplin 12 https://github.com/openfga/openfga 12 https://github.com/apache/kylin 12 https://github.com/smarty-php/smarty 12 https://github.com/drupal/core 11 https://github.com/pomerium/pomerium 11 https://github.com/janeczku/calibre-web 11 https://github.com/nats-io/nats-server 11 https://github.com/cloudflare/cfrpki 11 https://github.com/thorsten/phpMyFAQ 11 https://github.com/NodeBB/NodeBB 11 https://github.com/Studio-42/elFinder 11 https://github.com/vaadin/flow 11 https://github.com/OPCFoundation/UA-.NETStandard 11 https://github.com/openstack/glance 11 https://github.com/dpgaspar/Flask-AppBuilder 11 https://github.com/top-think/framework 11 https://github.com/onionshare/onionshare 11 https://github.com/scrapy/scrapy 11 https://github.com/cakephp/cakephp 11 https://github.com/yiisoft/yii2 11 https://github.com/igniterealtime/Openfire 11 https://github.com/owen2345/camaleon-cms 11 https://github.com/Sylius/Sylius 11 https://github.com/WWBN/AVideo 11 https://github.com/ezsystems/ezpublish-kernel 11 https://github.com/phusion/passenger 10 https://github.com/sulu/sulu 10 https://github.com/opencart/opencart 10 https://github.com/PHPOffice/PhpSpreadsheet 10 https://github.com/nocodb/nocodb 10 https://github.com/nautobot/nautobot 10 https://github.com/codeigniter4/CodeIgniter4 10 https://github.com/nextauthjs/next-auth 10 https://github.com/zenml-io/zenml 10 https://github.com/spring-projects/spring-security 10 https://github.com/jquery/jquery 10 https://github.com/greenpau/caddy-security 10