Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories

Browse all Security Advisories for

Loading...
High
GSA_kwCzR0hTQS1mOTZoLXBtZnItNjZ2d84ABARh
Starlette Denial of service (DoS) via multipart/form-data
Ecosystems: pypi
Packages: starlette
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 4 hours ago
High
GSA_kwCzR0hTQS1xY3ZoLXA5anEtd3A4ds4ABARg
Malicious homeservers can steal message keys when the matrix-react-sdk user invites another user to a room
Ecosystems: npm
Packages: matrix-react-sdk
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 4 hours ago
High
GSA_kwCzR0hTQS00amY4LWc4d3AtY3g3Y84ABARf
Matrix JavaScript SDK's key history sharing could share keys to malicious devices
Ecosystems: npm
Packages: matrix-js-sdk
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 4 hours ago
Critical
GSA_kwCzR0hTQS00cjd2LXdocGctOHJ4M84ABARe
changedetection.io has a Server Side Template Injection using Jinja2 which allows Remote Command Execution
Ecosystems: pypi
Packages: changedetection.io
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 4 hours ago
Critical
GSA_kwCzR0hTQS1yOW1xLTNjOXItZm1qcc4ABARd
Vendure asset server plugin has local file read vulnerability with AssetServerPlugin & LocalAssetStorageStrategy
Ecosystems: npm
Packages: @vendure/asset-server-plugin
Source: GitHub Advisory Database
Blast Radius: 16.4
Published: about 5 hours ago
Moderate
GSA_kwCzR0hTQS0yMjM0LWZtdzctNDN3cs4ABARc
Hano allows bypass of CSRF Middleware by a request without Content-Type header.
Ecosystems: npm
Packages: hono
Source: GitHub Advisory Database
Blast Radius: 16.7
Published: about 5 hours ago
High
GSA_kwCzR0hTQS1mbWo3LTdnZnctNjRwZ84ABARb
Agent Dart is missing certificate verification checks
Ecosystems: pub
Packages: agent_dart
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 5 hours ago
Moderate
GSA_kwCzR0hTQS02amd3LXJnbW0tN2N2Ns4ABARX
PyO3 has a risk of use-after-free in `borrowed` reads from Python weak references
Ecosystems: cargo
Packages: pyo3
Source: GitHub Advisory Database
Blast Radius: 17.9
Published: about 7 hours ago
High
GSA_kwCzR0hTQS1jeDk1LXE2Z3gtdzRxcM4ABARQ
SAK-50571 Sakai Kernel users created with type roleview can login as a normal user
Ecosystems: maven
Packages: org.sakaiproject.kernel:sakai-kernel-impl
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 8 hours ago
Moderate
GSA_kwCzR0hTQS00d3gzLTU0Z2gtOWZyOc4ABAQx
Cross site scripting in markdown-to-jsx
Ecosystems: npm
Packages: markdown-to-jsx
Source: GitHub Advisory Database
Blast Radius: 29.0
Published: about 16 hours ago
Moderate
GSA_kwCzR0hTQS1wZjV2LXBxZnYteDhqas4ABAQZ
OpenCanary Executes Commands From Potentially Writable Config File
Ecosystems: pypi
Packages: OpenCanary
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 1 day ago
Low
GSA_kwCzR0hTQS1xaDhnLTU4cHAtMnd4aM4ABAQY
Eclipse Jetty URI parsing of invalid authority
Ecosystems: maven
Packages: org.eclipse.jetty:jetty-http
Source: GitHub Advisory Database
Blast Radius: 14.5
Published: 1 day ago
Moderate
GSA_kwCzR0hTQS1nOG01LTcyMnItOHdocc4ABAQX
Eclipse Jetty's ThreadLimitHandler.getRemote() vulnerable to remote DoS attacks
Ecosystems: maven
Packages: org.eclipse.jetty:jetty-server
Source: GitHub Advisory Database
Blast Radius: 26.8
Published: 1 day ago
Low
GSA_kwCzR0hTQS1yN200LWY5aDUtZ3I3Oc4ABAQW
Eclipse Jetty's PushSessionCacheFilter can cause remote DoS attacks
Ecosystems: maven
Packages: org.eclipse.jetty:jetty-servlets
Source: GitHub Advisory Database
Blast Radius: 12.2
Published: 1 day ago
Low
GSA_kwCzR0hTQS0zYzMyLTRocTktNndnas4ABAQV
SpiceDB calls to LookupResources using LookupResources2 with caveats may return context is missing when it is not
Ecosystems: go
Packages: github.com/authzed/spicedb
Source: GitHub Advisory Database
Blast Radius: 2.5
Published: 1 day ago
Moderate
GSA_kwCzR0hTQS14bW1tLWp3NzYtcTd2Z84ABAQU
One Time Passcode (OTP) is valid longer than expiration timeSeverity
Ecosystems: maven
Packages: org.keycloak:keycloak-core
Source: GitHub Advisory Database
Blast Radius: 14.7
Published: 1 day ago
High
GSA_kwCzR0hTQS01cnhwLTJyaHItcXdxds4ABAQT
Session fixation in Elytron SAML adapters
Ecosystems: maven
Packages: org.keycloak:keycloak-services
Source: GitHub Advisory Database
Blast Radius: 19.5
Published: 1 day ago
Moderate
GSA_kwCzR0hTQS13OGdyLXh3cDQtcjlmN84ABAQS
Vulnerable Redirect URI Validation Results in Open Redirect
Ecosystems: maven
Packages: org.keycloak:keycloak-services
Source: GitHub Advisory Database
Blast Radius: 16.8
Published: 1 day ago
High
GSA_kwCzR0hTQS14Z2Z2LXhweDgtcWhjcs4ABAQR
Improper Verification of SAML Responses Leading to Privilege Escalation in Keycloak
Ecosystems: maven
Packages: org.keycloak:keycloak-saml-core
Source: GitHub Advisory Database
Blast Radius: 18.1
Published: 1 day ago
Low
GSA_kwCzR0hTQS12djZjLTY5cjYtY2hnOc4ABAQQ
Go-Landlock in best-effort mode did not restrict TCP bind and connect operations correctly
Ecosystems: go
Packages: github.com/landlock-lsm/go-landlock
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 1 day ago
Moderate
GSA_kwCzR0hTQS1tODV3LTNoOTUtaGNmOc4ABAQP
DOM Clobbering Gadget found in astro's client-side router that leads to XSS
Ecosystems: npm
Packages: astro
Source: GitHub Advisory Database
Blast Radius: 25.2
Published: 1 day ago
Moderate
GSA_kwCzR0hTQS1nNzd4LTQ0eHgtNTMybc4ABAQO
Denial of Service condition in Next.js image optimization
Ecosystems: npm
Packages: next
Source: GitHub Advisory Database
Blast Radius: 32.7
Published: 1 day ago
High
GSA_kwCzR0hTQS00NDNqLWdyeHYtMnBnds4ABAPx
Apache ActiveMQ Artemis: Authenticated users could perform RCE via Jolokia MBeans
Ecosystems: maven
Packages: org.apache.activemq:artemis-cli
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 1 day ago
Moderate
GSA_kwCzR0hTQS1qMjZ3LWY5cnEtbXIycc4ABAPv
Eclipse Jetty has a denial of service vulnerability on DosFilter
Ecosystems: maven
Packages: org.eclipse.jetty:jetty-servlets, org.eclipse.jetty.ee9:jetty-ee9-servlets, org.eclipse.jetty.ee8:jetty-ee8-servlets, org.eclipse.jetty.ee10:jetty-ee10-servlets
Source: GitHub Advisory Database
Blast Radius: 20.8
Published: 1 day ago
Critical
GSA_kwCzR0hTQS03Nm13LTZwOTUteDl4Nc4ABAOn
pac4j-core affected by a Java deserialization vulnerability
Ecosystems: maven
Packages: org.pac4j:pac4j-core
Source: GitHub Advisory Database
Blast Radius: 25.1
Published: 4 days ago
Moderate
GSA_kwCzR0hTQS02aDY0LWc3Y2otaGo1Ns4ABAOH
Lord of Large Language Models (LoLLMs) path traversal vulnerability in the api open_personality_folder endpoint
Ecosystems: pypi
Packages: lollms
Source: GitHub Advisory Database
Blast Radius: 2.6
Published: 4 days ago
Critical
GSA_kwCzR0hTQS12Z3hxLTZyY2YtcXdyd84ABANd
angular-base64-upload vulnerable to unauthenticated remote code execution
Ecosystems: npm
Packages: angular-base64-upload
Source: GitHub Advisory Database
Blast Radius: 19.7
Published: 4 days ago
Moderate
GSA_kwCzR0hTQS04cm0yLTkzbXEtanFoY84ABANU
Extract has insufficient checks allowing attacker to create symlinks outside the extraction directory.
Ecosystems: go
Packages: github.com/codeclysm/extract, github.com/codeclysm/extract/v4, github.com/codeclysm/extract/v3
Source: GitHub Advisory Database
Blast Radius: 10.8
Published: 4 days ago
High
GSA_kwCzR0hTQS1neDltLXdoam0tODVqZs4ABANT
DOMpurify has a nesting-based mXSS
Ecosystems: npm
Packages: dompurify
Source: GitHub Advisory Database
Blast Radius: 47.5
Published: 4 days ago
Critical
GSA_kwCzR0hTQS1qMmhyLXE5M3gtZ3h2aM4ABANS
SSOReady has an XML Signature Bypass via differential XML parsing
Ecosystems: go
Packages: github.com/ssoready/ssoready
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 4 days ago
Critical
GSA_kwCzR0hTQS1wcHBnLWNwZnEtaDd3cs4ABAM3
JSONPath Plus Remote Code Execution (RCE) Vulnerability
Ecosystems: npm
Packages: jsonpath-plus
Source: GitHub Advisory Database
Blast Radius: 42.8
Published: 4 days ago
Low
GSA_kwCzR0hTQS03cGdyLTMyZngtYzZ4Oc4ABAM8
Lord of Large Language Models (LoLLMs) Server path traversal vulnerability in lollms_file_system.py
Ecosystems: pypi
Packages: lollms
Source: GitHub Advisory Database
Blast Radius: 2.0
Published: 4 days ago
High
GSA_kwCzR0hTQS01N3FoLXZtanItNWp4Z84ABAMx
Snipe-IT remote code execution
Ecosystems: packagist
Packages: snipe/snipe-it
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 days ago
Low
GSA_kwCzR0hTQS0yNmpoLXI4ZzItNmZwcs4ABAMK
Gradio's dropdown component pre-process step does not limit the values to those in the dropdown list
Ecosystems: pypi
Packages: gradio
Source: GitHub Advisory Database
Blast Radius: 21.6
Published: 5 days ago
Moderate
GSA_kwCzR0hTQS1ndnY2LTMzajctODg0Z84ABAMJ
Gradio has an XSS on every Gradio server via upload of HTML files, JS files, or SVG files
Ecosystems: pypi
Packages: gradio
Source: GitHub Advisory Database
Blast Radius: 22.0
Published: 5 days ago
High
GSA_kwCzR0hTQS0yNzlqLXg0Z3gtaGZyaM4ABAMI
Gradio uses insecure communication between the FRP client and server
Ecosystems: pypi
Packages: gradio
Source: GitHub Advisory Database
Blast Radius: 33.0
Published: 5 days ago
High
GSA_kwCzR0hTQS14aDJ4LTNtcm0tZndxbc4ABAMH
Gradio has a race condition in update_root_in_config may redirect user traffic
Ecosystems: pypi
Packages: gradio
Source: GitHub Advisory Database
Blast Radius: 28.5
Published: 5 days ago
Moderate
GSA_kwCzR0hTQS1qNzU3LXBmNTctZjhyNM4ABAMG
Gradio performs a non-constant-time comparison when comparing hashes
Ecosystems: pypi
Packages: gradio
Source: GitHub Advisory Database
Blast Radius: 15.1
Published: 5 days ago
Moderate
GSA_kwCzR0hTQS00cTNjLWNqN2ctamN3Zs4ABAMF
Gradio has several components with post-process steps allow arbitrary file leaks
Ecosystems: pypi
Packages: gradio
Source: GitHub Advisory Database
Blast Radius: 21.6
Published: 5 days ago
High
GSA_kwCzR0hTQS04Yzg3LWd2aGoteG04bc4ABAME
Gradio lacks integrity checking on the downloaded FRP client
Ecosystems: pypi
Packages: gradio
Source: GitHub Advisory Database
Blast Radius: 30.5
Published: 5 days ago
Low
GSA_kwCzR0hTQS1obTNjLTkzcGctNGN4d84ABAMD
In Gradio, the `enable_monitoring` flag set to `False` does not disable monitoring
Ecosystems: pypi
Packages: gradio
Source: GitHub Advisory Database
Blast Radius: 17.5
Published: 5 days ago
Moderate
GSA_kwCzR0hTQS01NzZjLTNqNTMtcjlqas4ABAMC
Gradio vulnerable to SSRF in the path parameter of /queue/join
Ecosystems: pypi
Packages: gradio
Source: GitHub Advisory Database
Blast Radius: 29.3
Published: 5 days ago
Moderate
GSA_kwCzR0hTQS0zN3FjLXFneDYtOXhqds4ABAMB
Gradio has a one-level read path traversal in `/custom_component`
Ecosystems: pypi
Packages: gradio
Source: GitHub Advisory Database
Blast Radius: 21.6
Published: 5 days ago
Moderate
GSA_kwCzR0hTQS04OXYyLXBxZnYtYzVyOc4ABAMA
Gradio's CORS origin validation accepts the null origin
Ecosystems: pypi
Packages: gradio
Source: GitHub Advisory Database
Blast Radius: 22.0
Published: 5 days ago
High
GSA_kwCzR0hTQS1ycjhqLTd3MzQteHA1as4ABALz
Vault Community Edition privilege escalation vulnerability
Ecosystems: go
Packages: github.com/hashicorp/vault
Source: GitHub Advisory Database
Blast Radius: 24.2
Published: 5 days ago
Moderate
GSA_kwCzR0hTQS03N3hxLTZnNzctaDI3NM4ABALi
Gradio's `is_in_or_equal` function may be bypassed
Ecosystems: pypi
Packages: gradio
Source: GitHub Advisory Database
Blast Radius: 26.5
Published: 5 days ago
High
GSA_kwCzR0hTQS0zYzY3LTVod3gtZjZ3eM4ABALh
Gradios's CORS origin validation is not performed when the request has a cookie
Ecosystems: pypi
Packages: gradio
Source: GitHub Advisory Database
Blast Radius: 35.8
Published: 5 days ago
Moderate
GSA_kwCzR0hTQS04cHBoLWdmaHAtdzIyNs4ABALg
Alist reflected Cross-Site Scripting vulnerability
Ecosystems: go
Packages: github.com/alist-org/alist/v3
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 5 days ago
Moderate
GSA_kwCzR0hTQS00Z2Z3LXdmN2MtdzZnMs4ABALS
Authd allows attacker-controlled usernames to yield controllable UIDs
Ecosystems: go
Packages: github.com/ubuntu/authd
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 5 days ago
High
GSA_kwCzR0hTQS0yN3ZoLWg2bWMtcTZnOM4ABALR
btcd did not correctly re-implement Bitcoin Core's "FindAndDelete()" functionality
Ecosystems: go
Packages: github.com/btcsuite/btcd
Source: GitHub Advisory Database
Blast Radius: 29.8
Published: 5 days ago
Moderate
GSA_kwCzR0hTQS00Zjg5LTVjd20tcm01Z84ABALD
Magento Open Source Information Exposure vulnerability
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 2.9
Published: 5 days ago
Moderate
GSA_kwCzR0hTQS14YzVwLTc3M3ctbTNwbc4ABAK_
Magento Open Source Improper Authorization vulnerability
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 5.8
Published: 5 days ago
Moderate
GSA_kwCzR0hTQS1qM21oLXd4NWYtMnZoZ84ABAK7
Magento Open Source Information Exposure vulnerability
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 2.9
Published: 5 days ago
High
GSA_kwCzR0hTQS01ZjY0LXBwbWctY3Z2bc4ABALB
Magento Open Source Improper Authorization vulnerability
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 7.0
Published: 5 days ago
Low
GSA_kwCzR0hTQS13N3JnLTd3cTItcGpyd84ABAK6
Magento Open Source Improper Access Control vulnerability
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 2.9
Published: 5 days ago
Moderate
GSA_kwCzR0hTQS04cHhnLWdjcDQtNTd3d84ABAK0
Magento Open Source Improper Access Control vulnerability
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 2.9
Published: 5 days ago
Moderate
GSA_kwCzR0hTQS0ycWhxLWZ3OTgtaDZ3Z84ABAKy
Magento Open Source Improper Access Control vulnerability
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 4.6
Published: 5 days ago
Moderate
GSA_kwCzR0hTQS14ZzM2LThjMnYtanB4aM4ABAKs
Magento Open Source Incorrect Authorization vulnerability
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 4.6
Published: 5 days ago
Moderate
GSA_kwCzR0hTQS04OHgyLWNxMzQtNWZ3Y84ABAK2
Magento Open Source reflected Cross-Site Scripting (XSS) vulnerability
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 6.6
Published: 5 days ago
Moderate
GSA_kwCzR0hTQS1tNThoLTk5OHgtNjZmM84ABAKx
Magento Open Source Improper Access Control vulnerability
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 4.6
Published: 5 days ago
Moderate
GSA_kwCzR0hTQS00N2pwLTQ2YzktMjV2Zs4ABAKp
Magento Open Source Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 4.6
Published: 5 days ago
Moderate
GSA_kwCzR0hTQS00NmZtLXg4Mm0tNWY3NM4ABAKu
Magento Open Source Improper Access Control vulnerability
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 4.6
Published: 5 days ago
Moderate
GSA_kwCzR0hTQS1xcHA3LTc0MnEtNThqM84ABAKr
Magento Open Source Improper Authorization vulnerability
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 5.8
Published: 5 days ago
Moderate
GSA_kwCzR0hTQS04NzNtLTcyZzYtODUzZ84ABAKm
Magento Open Source Cross-Site Scripting (XSS) vulnerability
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 8.7
Published: 5 days ago
Moderate
GSA_kwCzR0hTQS12M3Y2LWpmdnctbTU3Ns4ABAKv
Magento Open Source Improper Access Control vulnerability
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 4.6
Published: 5 days ago
Moderate
GSA_kwCzR0hTQS13M3AyLXBjM2gtNjl3ds4ABAKq
Magento Open Source Improper Access Control vulnerability
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 5.7
Published: 5 days ago
Moderate
GSA_kwCzR0hTQS1jODlnLWdxNXItMnh3Ms4ABAK5
Magento Open Source stored Cross-Site Scripting (XSS) vulnerability
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 5.2
Published: 5 days ago
Moderate
GSA_kwCzR0hTQS1nOWZtLXdjNmgtcHZnas4ABAKo
Magento Open Source Server-Side Request Forgery (SSRF) vulnerability
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 5.9
Published: 5 days ago
High
GSA_kwCzR0hTQS1jZzUyLTY4ZnYtOTRxcc4ABAKw
Magento Open Source Improper Access Control vulnerability
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 7.0
Published: 5 days ago
Moderate
GSA_kwCzR0hTQS0zZnIzLWdjcWgtM20yZ84ABAKn
Magento Open Source Improper Input Validation vulnerability
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 8.2
Published: 5 days ago
Low
GSA_kwCzR0hTQS00MzRnLTI2MzctcW1xcs4ABAJS
Elliptic's verify function omits uniqueness validation
Ecosystems: npm
Packages: elliptic
Source: GitHub Advisory Database
Blast Radius: 30.9
Published: 6 days ago
Low
GSA_kwCzR0hTQS13N3FyLXE5ZmgtZmozNc4ABAJK
Dozzle uses unsafe hash for passwords
Ecosystems: go
Packages: github.com/amir20/dozzle
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 6 days ago
Moderate
GSA_kwCzR0hTQS14Y3ZjLTVoZ3YtcGhxZ84ABAJF
open-webui Insecure Direct Object Reference (IDOR) vulnerability
Ecosystems: pypi
Packages: open-webui
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 6 days ago
Moderate
GSA_kwCzR0hTQS01NGY0LXY2djktOXE4Ms4ABAJI
open-webui allows writing and deleting arbitrary files
Ecosystems: pypi
Packages: open-webui
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 6 days ago
Low
GSA_kwCzR0hTQS1tcTkyLWpyMzUtZmZwY84ABAJB
open-webui allows enumeration of file names and traversal of directories by observing the error messages
Ecosystems: pypi
Packages: open-webui
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 6 days ago
Low
GSA_kwCzR0hTQS03cW14LTNmcHgtcjQ1bc4ABAI_
Wasmtime race condition could lead to WebAssembly control-flow integrity and type safety violations
Ecosystems: cargo
Packages: wasmtime
Source: GitHub Advisory Database
Blast Radius: 9.8
Published: 6 days ago
Moderate
GSA_kwCzR0hTQS1xOGh4LW1tOTItNHd2Z84ABAI-
wasmtime has a runtime crash when combining tail calls with trapping imports
Ecosystems: cargo
Packages: wasmtime
Source: GitHub Advisory Database
Blast Radius: 18.6
Published: 6 days ago
Moderate
GSA_kwCzR0hTQS01ODZwLTc0OWotZmh3cM4ABAIr
Buildah allows arbitrary directory mount
Ecosystems: go
Packages: github.com/containers/buildah
Source: GitHub Advisory Database
Blast Radius: 11.0
Published: 6 days ago
Moderate
GSA_kwCzR0hTQS1wZnI5LTJwOTItcXJocc4ABAH9
Databento Binary Encoding (DBN) has a heap buffer overflow using c_chars_to_str function
Ecosystems: cargo
Packages: dbn
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 6 days ago
Moderate
GSA_kwCzR0hTQS1qcWZ2LWpydnEtOTVqbc4ABAH6
Apache XML Graphics FOP XML External Entity Reference ('XXE') vulnerability
Ecosystems: maven
Packages: org.apache.xmlgraphics:fop-core
Source: GitHub Advisory Database
Blast Radius: 7.9
Published: 6 days ago
High
GSA_kwCzR0hTQS05NzIyLTlqNjctdmpjcs4ABAFl
Improper Authorization in Select Permissions
Ecosystems: cargo
Packages: surrealdb-core, surrealdb
Source: GitHub Advisory Database
Blast Radius: 14.3
Published: 7 days ago
High
GSA_kwCzR0hTQS1xanJ2LXY2cXAteDk5eM4ABAFk
SurrealDB has an Uncaught Exception Handling Parsing Errors on Empty Strings
Ecosystems: cargo
Packages: surrealdb-core, surrealdb
Source: GitHub Advisory Database
Blast Radius: 14.3
Published: 7 days ago
High
GSA_kwCzR0hTQS1mM2N4LTM5NmYtN2pxcM4ABAFj
Livewire Remote Code Execution on File Uploads
Ecosystems: packagist
Packages: livewire/livewire
Source: GitHub Advisory Database
Blast Radius: 31.9
Published: 7 days ago
Low
GSA_kwCzR0hTQS1mZmN2LXY2cHctcWhycM4ABAFi
Denial of Service in TYPO3 Bookmark Toolbar
Ecosystems: packagist
Packages: typo3/cms-backend
Source: GitHub Advisory Database
Blast Radius: 6.8
Published: 7 days ago
High
GSA_kwCzR0hTQS05Y3A5LThndzItOHY3bc4ABAFg
Adguard Home arbitrary file read vulnerability
Ecosystems: go
Packages: github.com/AdguardTeam/AdGuardHome
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 7 days ago
High
GSA_kwCzR0hTQS04ZzRxLXhnNjYtOWZwNM4ABAFe
Microsoft Security Advisory CVE-2024-43485 | .NET Denial of Service Vulnerability
Ecosystems: nuget
Packages: System.Text.Json
Source: GitHub Advisory Database
Blast Radius: 10.1
Published: 7 days ago
High
GSA_kwCzR0hTQS1mMzJjLXc0NDQtOHBwds4ABAFd
Microsoft Security Advisory CVE-2024-43484 | .NET Denial of Service Vulnerability
Ecosystems: nuget
Packages: System.IO.Packaging
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 days ago
High
GSA_kwCzR0hTQS1xajY2LW04OGotaG1nas4ABAFc
Microsoft Security Advisory CVE-2024-43483 | .NET Denial of Service Vulnerability
Ecosystems: nuget
Packages: Microsoft.Extensions.Caching.Memory, System.IO.Packaging, System.Security.Cryptography.Cose
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 days ago
Moderate
GSA_kwCzR0hTQS01d3ByLWNqOXAtOTU5cs4ABADn
HTTP Request Smuggling Leading to Client Timeouts in resteasy-netty4
Ecosystems: maven
Packages: org.jboss.resteasy:resteasy-netty4-cdi
Source: GitHub Advisory Database
Blast Radius: 5.7
Published: 7 days ago
Moderate
GSA_kwCzR0hTQS1qcWgyLWNoN3AteHd4aM4ABADo
Quarkus CXF logs passwords and other secrets
Ecosystems: maven
Packages: io.quarkiverse.cxf:quarkus-cxf
Source: GitHub Advisory Database
Blast Radius: 7.5
Published: 7 days ago
Moderate
GSA_kwCzR0hTQS1qajVjLWhocmctdnY1aM4ABADv
xhtml2pdf Denial of Service via crafted string
Ecosystems: pypi
Packages: xhtml2pdf
Source: GitHub Advisory Database
Blast Radius: 17.8
Published: 7 days ago
Moderate
GSA_kwCzR0hTQS01aGdjLTJ2ZnAtbXF2Y84ABADU
Django vulnerable to denial-of-service attack via the urlize() and urlizetrunc() template filters
Ecosystems: pypi
Packages: Django
Source: GitHub Advisory Database
Blast Radius: 26.8
Published: 7 days ago
Moderate
GSA_kwCzR0hTQS1ycnFjLWMyangtNmpnds4ABADW
Django allows enumeration of user e-mail addresses
Ecosystems: pypi
Packages: Django
Source: GitHub Advisory Database
Blast Radius: 18.7
Published: 7 days ago
High
GSA_kwCzR0hTQS03dnc5LWNmd3gtOWd4Oc4ABADL
Microsoft Security Advisory CVE-2024-38229 | .NET Remote Code Execution Vulnerability
Ecosystems: nuget
Packages: Microsoft.AspNetCore.App.Runtime.win-x86, Microsoft.AspNetCore.App.Runtime.win-x64, Microsoft.AspNetCore.App.Runtime.win-arm64, Microsoft.AspNetCore.App.Runtime.win-arm, Microsoft.AspNetCore.App.Runtime.osx-x64, Microsoft.AspNetCore.App.Runtime.osx-arm64, Microsoft.AspNetCore.App.Runtime.linux-x64, Microsoft.AspNetCore.App.Runtime.linux-musl-x64, Microsoft.AspNetCore.App.Runtime.linux-musl-arm64, Microsoft.AspNetCore.App.Runtime.linux-musl-arm, Microsoft.AspNetCore.App.Runtime.linux-arm64, Microsoft.AspNetCore.App.Runtime.linux-arm
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 days ago
Low
GSA_kwCzR0hTQS1yZjVtLWg4cTktOXc2cc4ABADH
Information Disclosure in TYPO3 Page Tree
Ecosystems: packagist
Packages: typo3/cms-backend
Source: GitHub Advisory Database
Blast Radius: 8.4
Published: 7 days ago
Moderate
GSA_kwCzR0hTQS1wcjQ1LWNnNHgtZmY0bc4ABACN
ggit is vulnerable to Arbitrary Argument Injection via the clone() API
Ecosystems: npm
Packages: ggit
Source: GitHub Advisory Database
Blast Radius: 19.0
Published: 8 days ago
Moderate
GSA_kwCzR0hTQS02MmN4LTV4ajQtd2ZtNM4ABACL
ggit is vulnerable to Command Injection via the fetchTags(branch) API
Ecosystems: npm
Packages: ggit
Source: GitHub Advisory Database
Blast Radius: 21.4
Published: 8 days ago
Moderate
GSA_kwCzR0hTQS02MzM5LWd2N3ctZzVmNM4ABACE
SAP HANA Node.js client package vulnerable to Prototype Pollution
Ecosystems: npm
Packages: @sap/hana-client
Source: GitHub Advisory Database
Blast Radius: 10.9
Published: 8 days ago
Moderate
GSA_kwCzR0hTQS1jN3htLXJ3cWotcGdjas4ABABl
LimeSurvey Cross Site Scripting vulnerability
Ecosystems: packagist
Packages: limesurvey/limesurvey
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 8 days ago
Moderate
GSA_kwCzR0hTQS03NHEyLTZqcDQtM3Jxcc4ABABh
Krayin CRM vulnerable to Cross Site Scripting (XSS) via the organization name
Ecosystems: packagist
Packages: krayin/laravel-crm
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 8 days ago
Statistics
Advisories: 20,327
Packages: 8,921
Repositories: 5,438
Ecosystems: 12
Filter by Package
tensorflow 433 tensorflow-gpu 425 tensorflow-cpu 422 moodle/moodle 343 Microsoft.ChakraCore 247 magento/community-edition 235 org.jenkins-ci.main:jenkins-core 193 typo3/cms 174 org.apache.tomcat:tomcat 132 pimcore/pimcore 118 dolibarr/dolibarr 112 typo3/cms-core 106 Django 100 microweber/microweber 94 phpmyadmin/phpmyadmin 92 drupal/core 92 silverstripe/framework 85 apache-airflow 84 drupal/drupal 77 thorsten/phpmyfaq 70 com.fasterxml.jackson.core:jackson-databind 69 symfony/symfony 64 Plone 64 github.com/usememos/memos 63 ansible 63 concrete5/concrete5 60 librenms/librenms 60 actionpack 58 github.com/mattermost/mattermost/server/v8 56 salt 55 org.apache.struts:struts2-core 55 shopware/platform 52 org.keycloak:keycloak-core 51 apache-superset 51 nova 47 github.com/grafana/grafana 47 mlflow 46 com.liferay.portal:release.portal.bom 46 django 44 craftcms/cms 43 baserproject/basercms 43 nokogiri 43 plone 43 rdiffweb 42 showdoc/showdoc 40 shopware/core 40 intelliants/subrion 39 froxlor/froxlor 38 vyper 38 org.xwiki.platform:xwiki-platform-oldcore 37 nilsteampassnet/teampass 37 github.com/mattermost/mattermost-server/v6 37 org.apache.tomcat.embed:tomcat-embed-core 37 mautic/core 37 github.com/hashicorp/vault 36 org.keycloak:keycloak-services 36 org.elasticsearch:elasticsearch 36 com.thoughtworks.xstream:xstream 36 com.jfinal:jfinal 36 net.mingsoft:ms-mcms 35 moin 35 matrix-synapse 35 k8s.io/kubernetes 34 zendframework/zendframework1 34 github.com/answerdev/answer 34 github.com/rancher/rancher 34 snipe/snipe-it 34 org.jenkins-ci.plugins:script-security 32 io.undertow:undertow-core 32 gradio 32 github.com/argoproj/argo-cd 31 opencv-contrib-python 31 opencv-python 31 Pillow 31 parse-server 31 keystone 31 shopware/shopware 30 github.com/docker/docker 29 getgrav/grav 29 centreon/centreon 27 github.com/hashicorp/nomad 27 github.com/argoproj/argo-cd/v2 27 openssl-src 26 electron 26 prestashop/prestashop 26 pillow 26 directus 26 github.com/hashicorp/consul 26 org.apache.solr:solr-core 25 rubygems-update 25 org.keycloak:keycloak-parent 25 github.com/cilium/cilium 24 magento/core 24 org.springframework.security:spring-security-core 24 gogs.io/gogs 24 mediawiki/core 24 org.eclipse.jetty:jetty-server 24 contao/core-bundle 24 pocketmine/pocketmine-mp 23 rack 23 remdex/livehelperchat 23 zendframework/zendframework 23 puppet 23 grumpydictator/firefly-iii 23 simplesamlphp/simplesamlphp 23 org.bouncycastle:bcprov-jdk14 22 ckb 22 tribalsystems/zenario 22 getkirby/cms 22 org.apache.nifi:nifi 21 @openzeppelin/contracts-upgradeable 21 org.apache.openmeetings:openmeetings-parent 21 Microsoft.AspNetCore.App.Runtime.win-x64 21 Microsoft.AspNetCore.App.Runtime.win-x86 21 activerecord 21 code.gitea.io/gitea 20 glance 20 org.cloudfoundry.identity:cloudfoundry-identity-server 20 Microsoft.AspNetCore.App.Runtime.win-arm 20 @openzeppelin/contracts 20 github.com/ethereum/go-ethereum 20 DotNetNuke.Core 19 org.springframework:spring-core 19 contao/contao 19 laravel/framework 19 org.xwiki.platform:xwiki-platform-web-templates 19 github.com/traefik/traefik/v2 18 forkcms/forkcms 18 topthink/framework 18 mercurial 18 mindsdb 18 golang.org/x/net 18 langchain 18 Microsoft.AspNetCore.App.Runtime.win-arm64 18 Microsoft.AspNetCore.App.Runtime.osx-x64 18 Microsoft.AspNetCore.App.Runtime.linux-x64 18 Microsoft.AspNetCore.App.Runtime.linux-musl-x64 18 Microsoft.AspNetCore.App.Runtime.linux-arm64 18 Microsoft.AspNetCore.App.Runtime.linux-arm 18 wasmtime 18 next 18 cockpit-hq/cockpit 18 com.liferay.portal:release.dxp.bom 18 com.vaadin:vaadin-bom 18 github.com/goharbor/harbor 18 notebook 17 genix/cms 17 Microsoft.AspNetCore.App.Runtime.linux-musl-arm64 17 symfony/security 17 PaddlePaddle 17 helm.sh/helm/v3 17 opencart/opencart 17 org.apache.geode:geode-core 17 ezsystems/ezpublish-kernel 17 cakephp/cakephp 17 francoisjacquet/rosariosis 17 cobbler 17 rusqlite 16 sequelize 16 org.apache.activemq:activemq-client 16 org.apache.dubbo:dubbo 16 yetiforce/yetiforce-crm 16 org.apache.jspwiki:jspwiki-main 16 typo3/cms-backend 16 tinymce 16 cryptography 16 openmage/magento-lts 16 org.bouncycastle:bcprov-jdk15 16 neutron 16 ec-cube/ec-cube 15 ckeditor4 15 pyload-ng 15 october/system 15 smarty/smarty 15 ethyca-fides 15 ghost 15 org.apache.struts.xwork:xwork-core 15 paddlepaddle 15 swagger-ui 14 phpmailer/phpmailer 14 bolt/bolt 14 github.com/nats-io/nats-server/v2 14 activesupport 14 symfony/security-http 14 pyftpdlib 14 org.apache.inlong:manager-pojo 14 org.xwiki.platform:xwiki-platform-web 14 github.com/containerd/containerd 14 modoboa 14 silverstripe/cms 14 feehi/cms 14 github.com/zitadel/zitadel 14 publify_core 14 lavalite/cms 13 twisted 13 Microsoft.AspNetCore.App.Runtime.linux-musl-arm 13 joplin 13 lollms 13 studio-42/elfinder 13 OctoPrint 13
Filter by Repository
https://github.com/tensorflow/tensorflow 433 https://github.com/moodle/moodle 214 https://github.com/chakra-core/ChakraCore 214 https://github.com/xwiki/xwiki-platform 183 https://github.com/jenkinsci/jenkins 150 https://github.com/django/django 113 https://github.com/pimcore/pimcore 113 https://github.com/apache/airflow 98 https://github.com/apache/tomcat 97 https://github.com/microweber/microweber 88 https://github.com/keycloak/keycloak 74 https://github.com/TYPO3/typo3 74 https://github.com/FasterXML/jackson-databind 70 https://github.com/thorsten/phpmyfaq 69 https://github.com/silverstripe/silverstripe-framework 64 https://github.com/usememos/memos 63 https://github.com/symfony/symfony 57 https://github.com/ansible/ansible 56 https://github.com/Dolibarr/dolibarr 56 https://github.com/rails/rails 55 https://github.com/librenms/librenms 52 https://github.com/python-pillow/Pillow 52 https://github.com/kubernetes/kubernetes 50 https://github.com/apache/struts 46 https://github.com/spring-projects/spring-framework 44 https://github.com/shopware/platform 43 https://github.com/argoproj/argo-cd 42 https://github.com/ikus060/rdiffweb 42 https://github.com/concretecms/concretecms 41 https://github.com/grafana/grafana 40 https://github.com/phpmyadmin/phpmyadmin 38 https://github.com/vyperlang/vyper 38 https://github.com/magento/magento2 38 https://github.com/star7th/showdoc 38 https://github.com/plone/Products.CMFPlone 37 https://github.com/openstack/nova 37 https://github.com/x-stream/xstream 36 https://github.com/mautic/mautic 35 https://github.com/octobercms/october 35 https://github.com/answerdev/answer 34 https://github.com/saltstack/salt 34 https://github.com/apache/activemq 33 https://github.com/sparklemotion/nokogiri 32 https://github.com/matrix-org/synapse 32 https://github.com/go-gitea/gitea 32 https://github.com/opencv/opencv 32 https://github.com/PaddlePaddle/Paddle 31 https://github.com/craftcms/cms 31 https://github.com/dotnet/runtime 31 https://github.com/parse-community/parse-server 31 https://github.com/mlflow/mlflow 30 https://github.com/snipe/snipe-it 30 https://github.com/gradio-app/gradio 30 https://github.com/rancher/rancher 29 https://github.com/shopware/shopware 28 https://github.com/openstack/keystone 28 https://github.com/CVEProject/cvelist 28 https://github.com/apache/inlong 27 https://github.com/froxlor/froxlor 26 https://github.com/contao/contao 25 https://github.com/electron/electron 25 https://github.com/directus/directus 25 https://github.com/getgrav/grav 24 https://github.com/gogs/gogs 24 https://github.com/strapi/strapi 24 https://github.com/github/advisory-database 24 https://github.com/TYPO3/TYPO3.CMS 24 https://github.com/cilium/cilium 24 https://github.com/livehelperchat/livehelperchat 23 https://github.com/pmmp/PocketMine-MP 23 https://github.com/eclipse/jetty.project 23 https://github.com/firefly-iii/firefly-iii 23 https://github.com/apache/nifi 22 https://github.com/PrestaShop/PrestaShop 22 https://github.com/baserproject/basercms 22 https://github.com/nervosnetwork/ckb 22 https://github.com/apache/cxf 21 https://github.com/jenkinsci/script-security-plugin 21 https://github.com/OpenNMS/opennms 20 https://github.com/umbraco/Umbraco-CMS 20 https://github.com/netty/netty 20 https://github.com/langchain-ai/langchain 20 https://github.com/OpenZeppelin/openzeppelin-contracts 20 https://github.com/jeecgboot/jeecg-boot 20 https://github.com/simplesamlphp/simplesamlphp 20 https://github.com/hashicorp/consul 19 https://github.com/getkirby/kirby 19 https://github.com/cloudfoundry/uaa 19 https://github.com/bcgit/bc-java 19 https://github.com/bytecodealliance/wasmtime 19 https://github.com/nilsteampassnet/teampass 19 https://github.com/intelliants/subrion 18 https://github.com/goharbor/harbor 18 https://github.com/geoserver/geoserver 18 https://github.com/rack/rack 18 https://github.com/rubygems/rubygems 18 https://github.com/nilsteampassnet/TeamPass 18 https://github.com/helm/helm 18 https://github.com/traefik/traefik 18 https://github.com/zitadel/zitadel 17 https://github.com/liufee/cms 17 https://github.com/vaadin/platform 17 https://github.com/mindsdb/mindsdb 17 https://github.com/moby/moby 17 https://github.com/etcd-io/etcd 16 https://github.com/hashicorp/vault 16 https://github.com/OpenMage/magento-lts 16 https://github.com/TYPO3-CMS/core 16 https://github.com/backstage/backstage 16 https://github.com/opencast/opencast 16 https://github.com/sequelize/sequelize 16 https://github.com/yetiforcecompany/yetiforcecrm 16 https://github.com/rusqlite/rusqlite 16 https://github.com/tinymce/tinymce 16 https://github.com/undertow-io/undertow 16 https://github.com/ethereum/go-ethereum 16 https://github.com/forkcms/forkcms 16 https://github.com/PHPMailer/PHPMailer 15 https://github.com/pyload/pyload 15 https://github.com/vantage6/vantage6 15 https://github.com/apache/camel 15 https://github.com/zendframework/zendframework 15 https://github.com/laravel/framework 15 https://github.com/puppetlabs/puppet 15 https://github.com/ethyca/fides 15 https://github.com/denoland/deno 15 https://github.com/mattermost/mattermost 15 https://github.com/centreon/centreon 15 https://github.com/pyca/cryptography 15 https://github.com/containerd/containerd 14 https://github.com/xuxueli/xxl-job 14 https://github.com/twisted/twisted 14 https://github.com/vercel/next.js 14 https://github.com/decidim/decidim 14 https://github.com/cockpit-hq/cockpit 14 https://github.com/ckeditor/ckeditor4 14 https://github.com/cobbler/cobbler 14 https://github.com/dotnet/aspnetcore 14 https://github.com/apache/dolphinscheduler 13 https://github.com/dromara/hutool 13 https://github.com/publify/publify 13 https://github.com/swagger-api/swagger-ui 13 https://github.com/ming-soft/MCMS 13 https://github.com/TryGhost/Ghost 13 https://github.com/golang/go 13 https://github.com/hashicorp/nomad 13 https://github.com/quarkusio/quarkus 13 https://github.com/dompdf/dompdf 13 https://github.com/nodejs/undici 13 https://github.com/modoboa/modoboa 13 https://github.com/patriksimek/vm2 12 https://github.com/aio-libs/aiohttp 12 https://github.com/containers/podman 12 https://github.com/opencontainers/runc 12 https://github.com/surrealdb/surrealdb 12 https://github.com/pimcore/admin-ui-classic-bundle 12 https://github.com/wagtail/wagtail 12 https://github.com/1Panel-dev/1Panel 12 https://github.com/puma/puma 12 https://github.com/centreon/centreon-archived 12 https://github.com/urllib3/urllib3 12 https://github.com/laurent22/joplin 12 https://github.com/openfga/openfga 12 https://github.com/apache/kylin 12 https://github.com/smarty-php/smarty 12 https://github.com/drupal/core 11 https://github.com/pomerium/pomerium 11 https://github.com/janeczku/calibre-web 11 https://github.com/nats-io/nats-server 11 https://github.com/cloudflare/cfrpki 11 https://github.com/thorsten/phpMyFAQ 11 https://github.com/NodeBB/NodeBB 11 https://github.com/Studio-42/elFinder 11 https://github.com/vaadin/flow 11 https://github.com/OPCFoundation/UA-.NETStandard 11 https://github.com/openstack/glance 11 https://github.com/dpgaspar/Flask-AppBuilder 11 https://github.com/top-think/framework 11 https://github.com/onionshare/onionshare 11 https://github.com/scrapy/scrapy 11 https://github.com/cakephp/cakephp 11 https://github.com/yiisoft/yii2 11 https://github.com/igniterealtime/Openfire 11 https://github.com/owen2345/camaleon-cms 11 https://github.com/Sylius/Sylius 11 https://github.com/WWBN/AVideo 11 https://github.com/ezsystems/ezpublish-kernel 11 https://github.com/phusion/passenger 10 https://github.com/sulu/sulu 10 https://github.com/opencart/opencart 10 https://github.com/PHPOffice/PhpSpreadsheet 10 https://github.com/nocodb/nocodb 10 https://github.com/nautobot/nautobot 10 https://github.com/codeigniter4/CodeIgniter4 10 https://github.com/nextauthjs/next-auth 10 https://github.com/zenml-io/zenml 10 https://github.com/spring-projects/spring-security 10 https://github.com/jquery/jquery 10 https://github.com/greenpau/caddy-security 10