Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories

Browse all Security Advisories for

Loading...
Moderate
GSA_kwCzR0hTQS1qaDZ4LTd4ZmctOWNxMs4ABBmw
Searching Opencast may cause a denial of service
Ecosystems: maven
Packages: org.opencastproject:opencast-elasticsearch-impl
Source: GitHub Advisory Database
Blast Radius: 9.7
Published: about 7 hours ago
High
GSA_kwCzR0hTQS1namNjLWp2Z3ctd3Z3as4ABBmv
Litestar allows unbounded resource consumption (DoS vulnerability)
Ecosystems: pypi
Packages: litestar
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 8 hours ago
Moderate
GSA_kwCzR0hTQS1yNHBnLXZnNTQtd3h4NM4ABBmY
cert-manager ha a potential slowdown / DoS when parsing specially crafted PEM inputs
Ecosystems: go
Packages: github.com/cert-manager/cert-manager
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 9 hours ago
Moderate
GSA_kwCzR0hTQS05YzVwLTM1Z2otanFwNM4ABBlz
Rancher Helm Applications may have sensitive values leaked
Ecosystems: go
Packages: github.com/rancher/rancher
Source: GitHub Advisory Database
Blast Radius: 9.9
Published: about 11 hours ago
Moderate
GSA_kwCzR0hTQS1mZnAyLThwMmgtNG01as4ABBly
Password Pusher rate limiter can be bypassed by forging proxy headers
Ecosystems: rubygems
Packages: pwpush
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 11 hours ago
High
GSA_kwCzR0hTQS03MjI1LW05NTQtMjN2N84ABBlx
ASA-2024-010: cosmossdk.io/math: Mismatched bit-length validation in sdk.Int and sdk.Dec can lead to panic
Ecosystems: go
Packages: cosmossdk.io/math
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 11 hours ago
High
GSA_kwCzR0hTQS1qNWhxLTVqY3IteHd4N84ABBlw
github.com/rancher/steve's users can issue watch commands for arbitrary resources
Ecosystems: go
Packages: github.com/rancher/steve
Source: GitHub Advisory Database
Blast Radius: 15.5
Published: about 11 hours ago
Moderate
GSA_kwCzR0hTQS1qNHYzLXd3d3gtNWdxds4ABBli
django Filer Unrestricted Upload of File with Dangerous Type
Ecosystems: pypi
Packages: django-filer
Source: GitHub Advisory Database
Blast Radius: 16.7
Published: about 17 hours ago
Moderate
GSA_kwCzR0hTQS1yNHhyLW0zOTMtNzc4bc4ABBlP
Moodle IDOR when accessing list of course badges
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 6.1
Published: about 17 hours ago
Moderate
GSA_kwCzR0hTQS12eGN2LTR4dmYtcGMyMs4ABBle
django CMS Attributes Field Cross-site Scripting
Ecosystems: pypi
Packages: djangocms-attributes-field
Source: GitHub Advisory Database
Blast Radius: 17.3
Published: about 17 hours ago
Moderate
GSA_kwCzR0hTQS1qODIyLXg1Z2ctNXI1Ns4ABBlQ
Moodle allows users to retrieve information they did not have permission to access
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 17 hours ago
Moderate
GSA_kwCzR0hTQS14ZnY3LWgycWctcmptN84ABBlL
Moodle Lesson activity password bypass through PHP loose comparison
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 7.6
Published: about 17 hours ago
Moderate
GSA_kwCzR0hTQS1maGcyLXIyaDktaDdxOM4ABBlV
Moodle IDOR when deleting OAuth2 linked accounts
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 17 hours ago
High
GSA_kwCzR0hTQS01amZ3LWdxNjQtcTQ1Zs4ABBj9
HTML Cleaner allows crafted scripts in special contexts like svg or math to pass through
Ecosystems: pypi
Packages: lxml-html-clean
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 1 day ago
Moderate
GSA_kwCzR0hTQS1ocnhoLTl3NjctZzRjds4ABBj8
Rclone has Improper Permission and Ownership Handling on Symlink Targets with --links and --metadata
Ecosystems: go
Packages: github.com/rclone/rclone
Source: GitHub Advisory Database
Blast Radius: 9.0
Published: 1 day ago
Moderate
GSA_kwCzR0hTQS1tNXZ2LTdqeGMtOHA2eM4ABBgP
Redaxo Core CMS Cross Site Scripting (XSS)
Ecosystems: packagist
Packages: redaxo/source
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 1 day ago
Moderate
GSA_kwCzR0hTQS1wN2Y2LThtY20tZnd2M84ABBfv
Statamic CMS has a Path Traversal in Asset Upload
Ecosystems: packagist
Packages: statamic/cms
Source: GitHub Advisory Database
Blast Radius: 13.7
Published: 1 day ago
Moderate
GSA_kwCzR0hTQS0yeDJnLTMycjctcDR4OM4ABBff
Apache Kafka Clients: Privilege escalation to filesystem read-access via automatic ConfigProvider
Ecosystems: maven
Packages: org.apache.kafka:kafka-clients
Source: GitHub Advisory Database
Blast Radius: 28.0
Published: 2 days ago
Low
GSA_kwCzR0hTQS1nODV2LXdmMjctNjd4Y84ABBec
Harden-Runner has a command injection weaknesses in `setup.ts` and `arc-runner.ts`
Ecosystems: actions
Packages: step-security/harden-runner
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 2 days ago
Moderate
GSA_kwCzR0hTQS04NDk1LTRnM2cteDdwcs4ABBeU
aiohttp allows request smuggling due to incorrect parsing of chunk extensions
Ecosystems: pypi
Packages: aiohttp
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 days ago
Moderate
GSA_kwCzR0hTQS0yN21mLWdocW0tajNqOM4ABBeT
aiohttp has a memory leak when middleware is enabled when requesting a resource with a non-allowed method
Ecosystems: pypi
Packages: aiohttp
Source: GitHub Advisory Database
Blast Radius: 36.2
Published: 2 days ago
Moderate
GSA_kwCzR0hTQS1qcDM3LTVxaHctbWZmd84ABBeS
Sharks has a Bias of Polynomial Coefficients in Secret Sharing
Ecosystems: cargo
Packages: sharks
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 days ago
High
GSA_kwCzR0hTQS12Z2dtLTM0Nzgtdm01bc4ABBeR
Graylog concurrent PDF report rendering can leak other users' reports
Ecosystems: maven
Packages: org.graylog:graylog-parent
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 2 days ago
High
GSA_kwCzR0hTQS03Y2M5LWo0bXYtdmNqcM4ABBeQ
XXE in PHPSpreadsheet's XLSX reader
Ecosystems: packagist
Packages: phpoffice/phpspreadsheet
Source: GitHub Advisory Database
Blast Radius: 32.3
Published: 2 days ago
High
GSA_kwCzR0hTQS1qdzR4LXY2OWYtaGg1d84ABBeP
XmlScanner bypass leads to XXE
Ecosystems: packagist
Packages: phpoffice/phpspreadsheet
Source: GitHub Advisory Database
Blast Radius: 32.3
Published: 2 days ago
Critical
GSA_kwCzR0hTQS1tMjZjLWZjZ2gtY3A2aM4ABBeO
cobbler allows anyone to connect to cobbler XML-RPC server with known password and make changes
Ecosystems: pypi
Packages: cobbler
Source: GitHub Advisory Database
Blast Radius: 10.2
Published: 2 days ago
Moderate
GSA_kwCzR0hTQS1mNjMyLTk0NDktM2o0d84ABBdK
Apache Tomcat - XSS in generated JSPs
Ecosystems: maven
Packages: org.apache.tomcat:tomcat-jasper
Source: GitHub Advisory Database
Blast Radius: 23.2
Published: 3 days ago
Critical
GSA_kwCzR0hTQS14Y3ByLTdtcjQtaDR4cc4ABBdD
Apache Tomcat - Authentication Bypass
Ecosystems: maven
Packages: org.apache.tomcat:tomcat-catalina
Source: GitHub Advisory Database
Blast Radius: 36.7
Published: 3 days ago
Moderate
GSA_kwCzR0hTQS1jcTVmLXd2N3AtNWdmY84ABBdI
Moodle leaks user names
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 6.1
Published: 3 days ago
Moderate
GSA_kwCzR0hTQS1ndjVoLTU2NTUtaDRtds4ABBc_
django CMS Cross-Site Scripting (XSS)
Ecosystems: pypi
Packages: django-cms
Source: GitHub Advisory Database
Blast Radius: 11.9
Published: 3 days ago
Moderate
GSA_kwCzR0hTQS1xdmY1LWh2angtd20yN84ABBdF
Apache Tomcat Request and/or response mix-up
Ecosystems: maven
Packages: org.apache.tomcat:tomcat-coyote, org.apache.tomcat.embed:tomcat-embed-core
Source: GitHub Advisory Database
Blast Radius: 27.0
Published: 3 days ago
Moderate
GSA_kwCzR0hTQS14M3g5LTM0OXgtMjQ4Nc4ABBdA
moodle: IDOR in edit/delete RSS feed
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 9.2
Published: 3 days ago
Moderate
GSA_kwCzR0hTQS1manE5LTQ1Mmctamczcc4ABBdJ
moodle: Some users can delete audiences of other reports
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 9.2
Published: 3 days ago
Moderate
GSA_kwCzR0hTQS1tZzU0LXAyd2otNXBoN84ABBdH
moodle: IDOR when fetching report schedules
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 6.1
Published: 3 days ago
Moderate
GSA_kwCzR0hTQS0zd2Y0LTY4Z3gtbXBoOM4ABBdB
Firebase JavaScript SDK allows attackers to manipulate the "_authTokenSyncURL" to point to their own server
Ecosystems: npm
Packages: firebase
Source: GitHub Advisory Database
Blast Radius: 29.0
Published: 3 days ago
Moderate
GSA_kwCzR0hTQS13M2M4LTdyOGYtOWpwOM4ABBcJ
Spring MVC controller vulnerable to a DoS attack
Ecosystems: maven
Packages: org.springframework:spring-webmvc
Source: GitHub Advisory Database
Blast Radius: 28.4
Published: 3 days ago
Moderate
GSA_kwCzR0hTQS0ycHBmLTJtNmYtNnY2Zs4ABBb9
OpenStack improperly deletes access rules
Ecosystems: pypi
Packages: python-openstackclient
Source: GitHub Advisory Database
Blast Radius: 15.0
Published: 4 days ago
High
GSA_kwCzR0hTQS0zanJ2LWpncDgtNDV2M84ABBcA
Undertow incorrectly parses cookies
Ecosystems: maven
Packages: io.undertow:undertow-core
Source: GitHub Advisory Database
Blast Radius: 27.5
Published: 4 days ago
Moderate
GSA_kwCzR0hTQS1odnc1LTNtZ3ctN3JjZs4ABBb_
Debezium database connector has a script injection vulnerability
Ecosystems: maven
Packages: io.debezium:debezium-core, io.debezium:debezium-connector-sqlserver, io.debezium:debezium-connector-mysql
Source: GitHub Advisory Database
Blast Radius: 16.4
Published: 4 days ago
High
GSA_kwCzR0hTQS1oN3dxLWpqOHItcW03cM4ABBb-
Kubernetes Nil pointer dereference in KCM after v1 HPA patch request
Ecosystems: go
Packages: k8s.io/kubernetes
Source: GitHub Advisory Database
Blast Radius: 33.2
Published: 4 days ago
High
GSA_kwCzR0hTQS04Zmg0LTk0MnItamYyZ84ABBab
LibreNMS has a Stored XSS ('Cross-site Scripting') in librenms/includes/html/pages/device/services.inc.php
Ecosystems: packagist
Packages: librenms/librenms
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: 5 days ago
Low
GSA_kwCzR0hTQS03cTdnLTR4bTgtODljcc4ABBaa
Regular Expression Denial of Service (ReDoS) in @eslint/plugin-kit
Ecosystems: npm
Packages: @eslint/plugin-kit
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 5 days ago
High
GSA_kwCzR0hTQS1waG00LXdmM2gtcGMzcs4ABBaC
Unpatched Remote Code Execution in Gogs
Ecosystems: go
Packages: gogs.io/gogs
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 5 days ago
Critical
GSA_kwCzR0hTQS14NjQ1LTZwZjkteHd4d84ABBZK
LibreNMS has an Authenticated OS Command Injection
Ecosystems: packagist
Packages: librenms/librenms
Source: GitHub Advisory Database
Blast Radius: 2.7
Published: 6 days ago
High
GSA_kwCzR0hTQS1ndjRtLWY2ZngtODU5eM4ABBZJ
LibreNMS has a Stored XSS ('Cross-site Scripting') in librenms/includes/html/print-customoid.php
Ecosystems: packagist
Packages: librenms/librenms
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: 6 days ago
High
GSA_kwCzR0hTQS0yOHA3LWY2aDYtM2poM84ABBZI
LibreNMS has a Reflected XSS ('Cross-site Scripting') in librenms/includes/html/pages/wireless.inc.php
Ecosystems: packagist
Packages: librenms/librenms
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: 6 days ago
High
GSA_kwCzR0hTQS1wNjZxLXBwd3ItcTVqOM4ABBZH
LibreNMS has a Stored XSS ('Cross-site Scripting') in librenms/includes/html/dev-overview-data.inc.php
Ecosystems: packagist
Packages: librenms/librenms
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: 6 days ago
High
GSA_kwCzR0hTQS03NjYzLTM3cmctYzM3N84ABBZG
LibreNMS has a Stored XSS ('Cross-site Scripting') in librenms/app/Http/Controllers/Table/EditPortsController.php
Ecosystems: packagist
Packages: librenms/librenms
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: 6 days ago
High
GSA_kwCzR0hTQS00bTVyLXcycnEtcTU0cc4ABBZF
LibreNMS has a Persistent XSS from Insecure Input Sanitization Affects Multiple Endpoints
Ecosystems: packagist
Packages: librenms/librenms
Source: GitHub Advisory Database
Blast Radius: 2.2
Published: 6 days ago
High
GSA_kwCzR0hTQS1xcjhmLTVxcWctajN3Z84ABBZE
LibreNMS has a Stored XSS ('Cross-site Scripting') in librenms/includes/html/pages/device/overview/services.inc.php
Ecosystems: packagist
Packages: librenms/librenms
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: 6 days ago
High
GSA_kwCzR0hTQS12N3c5LTYzeGgtNnIzd84ABBZD
LibreNMS has a Reflected XSS ('Cross-site Scripting') in librenms/includes/functions.php
Ecosystems: packagist
Packages: librenms/librenms
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: 6 days ago
High
GSA_kwCzR0hTQS14aDRnLWM5cDYtNWp4Z84ABBY1
LibreNMS has a Stored XSS ('Cross-site Scripting') in librenms/app/Http/Controllers/Table/EditPortsController.php
Ecosystems: packagist
Packages: librenms/librenms
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: 6 days ago
High
GSA_kwCzR0hTQS1ybXI0LXg2YzktamM2OM4ABBY0
LibreNMS has a Stored XSS ('Cross-site Scripting') in librenms/includes/html/pages/device/capture.inc.php
Ecosystems: packagist
Packages: librenms/librenms
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: 6 days ago
High
GSA_kwCzR0hTQS04ODhqLXBqcWgtZng1OM4ABBYz
Stored XSS ('Cross-site Scripting') in librenms/includes/html/pages/edituser.inc.php
Ecosystems: packagist
Packages: librenms/librenms
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: 6 days ago
Moderate
GSA_kwCzR0hTQS1jODZxLXJqMzctOGY4Nc4ABBYy
LibreNMS has a stored XSS in ExamplePlugin with Device's Notes
Ecosystems: packagist
Packages: librenms/librenms
Source: GitHub Advisory Database
Blast Radius: 2.0
Published: 6 days ago
High
GSA_kwCzR0hTQS1nZndyLXhxbWotajI3ds4ABBYx
LibreNMS has a stored XSS ('Cross-site Scripting') in librenms/includes/html/pages/api-access.inc.php
Ecosystems: packagist
Packages: librenms/librenms
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: 6 days ago
Moderate
GSA_kwCzR0hTQS05OXc4LWM1ZjYtOTZwcM4ABBYh
CSRF leading to delete account in wallabag/wallabag
Ecosystems: packagist
Packages: wallabag/wallabag
Source: GitHub Advisory Database
Blast Radius: 4.5
Published: 6 days ago
Moderate
GSA_kwCzR0hTQS01cjJnLTU5cHgtM3E5d84ABBYl
Stored XSS using two files in usememos/memos
Ecosystems: go
Packages: github.com/usememos/memos
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 6 days ago
Moderate
GSA_kwCzR0hTQS13cHByLWo1N2MtOGpwbc4ABBYo
Improper Authorization in dolibarr/dolibarr
Ecosystems: packagist
Packages: dolibarr/dolibarr
Source: GitHub Advisory Database
Blast Radius: 3.3
Published: 6 days ago
Critical
GSA_kwCzR0hTQS01NzdwLTdqN2gtMmpnZs4ABBYY
Deserialization of Untrusted Data in dompdf/dompdf
Ecosystems: packagist
Packages: dompdf/dompdf
Source: GitHub Advisory Database
Blast Radius: 42.6
Published: 6 days ago
Moderate
GSA_kwCzR0hTQS1tOTgyLWg0ZjgtZzRoZs4ABBYf
Generation of Error Message Containing Sensitive Information in janeczku/calibre-web
Ecosystems: pypi
Packages: calibreweb
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 days ago
Moderate
GSA_kwCzR0hTQS1yNzM1LTlnYzYtMmh2cc4ABBYj
Cross-site Scripting (XSS) - DOM in janeczku/calibre-web
Ecosystems: pypi
Packages: calibreweb
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 days ago
Moderate
GSA_kwCzR0hTQS1oaHZyLTJxNjktNDU2M84ABBYe
Cross site scripting in sylius/sylius
Ecosystems: packagist
Packages: sylius/sylius
Source: GitHub Advisory Database
Blast Radius: 11.8
Published: 6 days ago
Critical
GSA_kwCzR0hTQS0zdmpoLXhyaGYtdjl4aM4ABBYa
Improper Restriction of XML External Entity Reference in dompdf/dompdf
Ecosystems: packagist
Packages: dompdf/dompdf
Source: GitHub Advisory Database
Blast Radius: 42.6
Published: 6 days ago
Moderate
GSA_kwCzR0hTQS1majV2LXcyanAtd3F2as4ABBYg
Improper Access Control in janeczku/calibre-web
Ecosystems: pypi
Packages: calibreweb
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 days ago
High
GSA_kwCzR0hTQS00NmMzLTV4YzUtd3dods4ABBYW
Apache Airflow: Sensitive configuration values are not masked in the logs by default
Ecosystems: pypi
Packages: airflow
Source: GitHub Advisory Database
Blast Radius: 14.1
Published: 6 days ago
Moderate
GSA_kwCzR0hTQS1wZzgyLTl3MzUtM3czcs4ABBYR
FitNesse Cross-site scripting
Ecosystems: maven
Packages: org.fitnesse:fitnesse
Source: GitHub Advisory Database
Blast Radius: 16.7
Published: 6 days ago
Moderate
GSA_kwCzR0hTQS1xMjk3LTVmZjgtaGM5Ms4ABBYN
FitNesse Path Traversal
Ecosystems: maven
Packages: org.fitnesse:fitnesse
Source: GitHub Advisory Database
Blast Radius: 14.5
Published: 6 days ago
Moderate
GSA_kwCzR0hTQS1wandtLWNyMzYtbXd2M84ABBXw
ReDoS in giskard's transformation.py (GHSL-2024-324)
Ecosystems: pypi
Packages: giskard
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 days ago
Moderate
GSA_kwCzR0hTQS1qM3ZxLXBtcDUtcjV4as4ABBXQ
Missing ratelimit on passwrod resets in zenml
Ecosystems: pypi
Packages: zenml
Source: GitHub Advisory Database
Blast Radius: 8.9
Published: 6 days ago
Moderate
GSA_kwCzR0hTQS1qM3B4LXE5NWMtOTY4M84ABBW2
zlib-rs stack overflow during decompression with malicious input
Ecosystems: cargo
Packages: libz-rs-sys-cdylib, libz-rs-sys, zlib-rs
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 6 days ago
High
GSA_kwCzR0hTQS1wMmgyLTN2ZzktNHA4N84ABBW1
Connecting to a malicious Codespaces via GH CLI could allow command execution on the user's computer
Ecosystems: go
Packages: github.com/cli/cli, github.com/cli/cli/v2
Source: GitHub Advisory Database
Blast Radius: 12.6
Published: 6 days ago
High
GSA_kwCzR0hTQS1oZmY4LWhqd3YtajlxN84ABBW0
Remote Code Execution on click of <a> Link in markdown preview
Ecosystems: npm
Packages: joplin
Source: GitHub Advisory Database
Blast Radius: 11.0
Published: 6 days ago
Low
GSA_kwCzR0hTQS1ycDloLXJmN2ctaHdncs4ABBWz
s2n-tls has undefined behavior at process exit
Ecosystems: cargo
Packages: s2n-tls
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 7 days ago
High
GSA_kwCzR0hTQS1yODY0LTI4cHctODY4Ms4ABBWV
Harbor fails to validate the user permissions when updating p2p preheat policies
Ecosystems: go
Packages: github.com/goharbor/harbor/src, github.com/goharbor/harbor
Source: GitHub Advisory Database
Blast Radius: 11.0
Published: 7 days ago
Moderate
GSA_kwCzR0hTQS00Mjc3LW0zNXEtN2M5d84ABBVW
Salt preflight script could be attacker controlled
Ecosystems: pypi
Packages: salt
Source: GitHub Advisory Database
Blast Radius: 17.6
Published: 7 days ago
High
GSA_kwCzR0hTQS1tcnByLXZyODIteDg4cs4ABBVF
Rebuilding a run with revoked script approval allowed by Jenkins Pipeline: Groovy Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins.workflow:workflow-cps
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 days ago
Moderate
GSA_kwCzR0hTQS1qdjgyLTc1ZmgtMjNyN84ABBVE
Missing permission check in Jenkins Script Security Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:script-security
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 days ago
High
GSA_kwCzR0hTQS1wMnFxLWM2OTMtcTUzd84ABBVH
Restarting a run with revoked script approval allowed by Jenkins Pipeline: Declarative Plugin
Ecosystems: maven
Packages: org.jenkinsci.plugins:pipeline-model-parent
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 days ago
High
GSA_kwCzR0hTQS03ODQ1LWNyZmotcGhjNM4ABBVL
Script security bypass vulnerability in Jenkins Shared Library Version Override Plugin
Ecosystems: maven
Packages: io.jenkins.plugins:shared-library-version-override
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 days ago
High
GSA_kwCzR0hTQS1oMjNqLTczd3ctNzU5NM4ABBU_
Session fixation vulnerability in Jenkins OpenId Connect Authentication Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:oic-auth
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 days ago
High
GSA_kwCzR0hTQS04ODg2LTh2MjctODVqOM4ABBVK
Stored XSS vulnerability in Jenkins Authorize Project Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:authorize-project
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 days ago
High
GSA_kwCzR0hTQS04MjM3LTk1N2gtaDJjMs4ABBTt
FileManager Deserialization of Untrusted Data vulnerability
Ecosystems: packagist
Packages: backpack/filemanager
Source: GitHub Advisory Database
Blast Radius: 15.2
Published: 7 days ago
Moderate
GSA_kwCzR0hTQS1jZ3I0LWMyMzMtaDczM84ABBTs
UnoPim Stored XSS : Cookie hijacking through Create User function
Ecosystems: packagist
Packages: unopim/unopim
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 days ago
High
GSA_kwCzR0hTQS1jZzIzLXFmOGYtNjJycs4ABBTJ
Symfony has an Authentication Bypass via RememberMe
Ecosystems: packagist
Packages: symfony/security-http
Source: GitHub Advisory Database
Blast Radius: 32.9
Published: 7 days ago
Moderate
GSA_kwCzR0hTQS1qNGg2LWdjajctN3Y5ds4ABBTI
decidim-meetings Cross-site scripting vulnerability in the online or hybrid meeting embeds
Ecosystems: rubygems
Packages: decidim-meetings
Source: GitHub Advisory Database
Blast Radius: 19.2
Published: 7 days ago
Moderate
GSA_kwCzR0hTQS1nOHIzLTJ2ODktajZyNc4ABBS_
Moodle IDOR when accessing list of badge recipients
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 8 days ago
High
GSA_kwCzR0hTQS14aGc2LTlqNWotdzR2Zs4ABBTC
DotNetZip Directory Traversal vulnerability
Ecosystems: nuget
Packages: ProDotNetZip, DotNetZip
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 8 days ago
High
GSA_kwCzR0hTQS1mM2N3LWhnNnItY2hmds4ABBS7
Craft CMS vulnerable to Potential Remote Code Execution via missing path normalization & Twig SSTI
Ecosystems: packagist
Packages: craftcms/cms
Source: GitHub Advisory Database
Blast Radius: 24.8
Published: 8 days ago
High
GSA_kwCzR0hTQS1jdzZnLXFtanEtNncyd84ABBS6
Craft CMS Arbitrary System File Read
Ecosystems: packagist
Packages: craftcms/cms
Source: GitHub Advisory Database
Blast Radius: 26.5
Published: 8 days ago
High
GSA_kwCzR0hTQS1qcmg1LXZocjktcWg3cc4ABBS5
Local File System Validation Bypass Leading to File Overwrite, Sensitive File Access, and Potential Code Execution
Ecosystems: packagist
Packages: craftcms/cms
Source: GitHub Advisory Database
Blast Radius: 29.2
Published: 8 days ago
Moderate
GSA_kwCzR0hTQS1qcnZtLW1jeGMtbWY2bc4ABBSa
dom-iterator code execution vulnerability
Ecosystems: npm
Packages: dom-iterator
Source: GitHub Advisory Database
Blast Radius: 28.2
Published: 8 days ago
Critical
GSA_kwCzR0hTQS12N3ZmLWY1cTYtbTg5Oc4ABBRV
.NET Remote Code Execution Vulnerability
Ecosystems: nuget
Packages: System.Formats.Nrbf
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 8 days ago
Low
GSA_kwCzR0hTQS02eDM2LXF4bWotcnY0cM4ABBRU
.NET Denial of Service Vulnerability
Ecosystems: nuget
Packages: System.Formats.Nrbf
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 8 days ago
High
GSA_kwCzR0hTQS1ndjd2LXJnZzYtNTQ4aM4ABBRT
Laravel environment manipulation via query string
Ecosystems: packagist
Packages: laravel/framework
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 8 days ago
High
GSA_kwCzR0hTQS1odzl4LThtNzUtNHZqcc4ABBRL
Cross Site Scripting vulnerability in Snipe-IT
Ecosystems: packagist
Packages: snipe/snipe-it
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 8 days ago
High
GSA_kwCzR0hTQS03aHBmLWc0OHYtaHczas4ABBP-
Zoraxy has an authenticated command injection in the Web SSH feature
Ecosystems: go
Packages: github.com/tobychui/zoraxy
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 8 days ago
Moderate
GSA_kwCzR0hTQS1nMjNoLTd2ZjkteGMyNc4ABBP9
Mimalloc Can Allocate Memory with Bad Alignment
Ecosystems: cargo
Packages: mimalloc
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 8 days ago
Low
GSA_kwCzR0hTQS1mcHI1LWpwMmotNHEyZs4ABBP8
paillier-zk has ambiguous challenge derivation
Ecosystems: cargo
Packages: paillier-zk
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 8 days ago
Low
GSA_kwCzR0hTQS1ybTY2LTlnaDQtNGdwOM4ABBP7
cggmp21 vulnerable to ambiguous challenge derivation
Ecosystems: cargo
Packages: cggmp21
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 8 days ago
Statistics
Advisories: 20,668
Packages: 9,040
Repositories: 5,530
Ecosystems: 12
Filter by Severity
Moderate 8,836 High 7,269 Critical 3,070 Low 1,144
Filter by Ecosystem
maven 5,864 packagist 4,634 pypi 4,352 npm 3,812 go 2,295 nuget 1,552 cargo 882 rubygems 880 swift 33 hex 32 actions 20 pub 9
Filter by Package
tensorflow 433 tensorflow-gpu 427 tensorflow-cpu 423 moodle/moodle 367 Microsoft.ChakraCore 247 magento/community-edition 235 org.jenkins-ci.main:jenkins-core 193 typo3/cms 174 org.apache.tomcat:tomcat 132 pimcore/pimcore 118 dolibarr/dolibarr 113 typo3/cms-core 106 Django 100 microweber/microweber 94 phpmyadmin/phpmyadmin 92 drupal/core 92 apache-airflow 85 silverstripe/framework 85 drupal/drupal 78 librenms/librenms 74 Plone 72 thorsten/phpmyfaq 70 symfony/symfony 69 com.fasterxml.jackson.core:jackson-databind 69 github.com/usememos/memos 64 ansible 63 github.com/mattermost/mattermost/server/v8 61 actionpack 60 concrete5/concrete5 60 salt 56 org.apache.struts:struts2-core 55 shopware/platform 52 org.keycloak:keycloak-core 51 apache-superset 51 github.com/grafana/grafana 49 nova 47 baserproject/basercms 47 mlflow 46 com.liferay.portal:release.portal.bom 46 craftcms/cms 46 django 44 nokogiri 43 rdiffweb 42 plone 41 showdoc/showdoc 40 shopware/core 40 intelliants/subrion 39 github.com/rancher/rancher 38 org.apache.tomcat.embed:tomcat-embed-core 38 froxlor/froxlor 38 vyper 38 github.com/mattermost/mattermost-server/v6 37 nilsteampassnet/teampass 37 mautic/core 37 com.thoughtworks.xstream:xstream 37 org.xwiki.platform:xwiki-platform-oldcore 37 github.com/hashicorp/vault 37 com.jfinal:jfinal 36 org.keycloak:keycloak-services 36 org.elasticsearch:elasticsearch 36 k8s.io/kubernetes 35 snipe/snipe-it 35 matrix-synapse 35 moin 35 net.mingsoft:ms-mcms 35 github.com/answerdev/answer 34 io.undertow:undertow-core 34 zendframework/zendframework1 34 gradio 34 org.jenkins-ci.plugins:script-security 33 keystone 31 opencv-python 31 opencv-contrib-python 31 parse-server 31 Pillow 31 github.com/argoproj/argo-cd 31 shopware/shopware 30 github.com/docker/docker 29 getgrav/grav 29 github.com/hashicorp/consul 29 mediawiki/core 28 github.com/hashicorp/nomad 28 github.com/argoproj/argo-cd/v2 27 centreon/centreon 27 electron 26 openssl-src 26 prestashop/prestashop 26 directus 26 pillow 26 org.apache.solr:solr-core 25 github.com/cilium/cilium 25 rubygems-update 25 gogs.io/gogs 25 org.keycloak:keycloak-parent 25 magento/core 24 org.eclipse.jetty:jetty-server 24 org.springframework.security:spring-security-core 24 contao/core-bundle 24 simplesamlphp/simplesamlphp 23 grumpydictator/firefly-iii 23 rack 23 pocketmine/pocketmine-mp 23 zendframework/zendframework 23 remdex/livehelperchat 23 puppet 23 org.bouncycastle:bcprov-jdk14 22 tribalsystems/zenario 22 ckb 22 getkirby/cms 22 activerecord 21 @openzeppelin/contracts-upgradeable 21 org.apache.openmeetings:openmeetings-parent 21 org.apache.nifi:nifi 21 Microsoft.AspNetCore.App.Runtime.win-x86 21 Microsoft.AspNetCore.App.Runtime.win-x64 21 laravel/framework 20 @openzeppelin/contracts 20 Microsoft.AspNetCore.App.Runtime.win-arm 20 glance 20 langchain 20 code.gitea.io/gitea 20 github.com/ethereum/go-ethereum 20 funadmin/funadmin 20 org.cloudfoundry.identity:cloudfoundry-identity-server 20 github.com/goharbor/harbor 19 wasmtime 19 org.xwiki.platform:xwiki-platform-web-templates 19 org.springframework:spring-core 19 DotNetNuke.Core 19 contao/contao 19 mercurial 18 github.com/traefik/traefik/v2 18 com.liferay.portal:release.dxp.bom 18 next 18 golang.org/x/net 18 mindsdb 18 Microsoft.AspNetCore.App.Runtime.win-arm64 18 com.vaadin:vaadin-bom 18 Microsoft.AspNetCore.App.Runtime.osx-x64 18 Microsoft.AspNetCore.App.Runtime.linux-x64 18 Microsoft.AspNetCore.App.Runtime.linux-musl-x64 18 topthink/framework 18 forkcms/forkcms 18 Microsoft.AspNetCore.App.Runtime.linux-arm64 18 Microsoft.AspNetCore.App.Runtime.linux-arm 18 cobbler 18 cockpit-hq/cockpit 18 org.apache.geode:geode-core 17 helm.sh/helm/v3 17 francoisjacquet/rosariosis 17 symfony/security 17 genix/cms 17 opencart/opencart 17 notebook 17 ezsystems/ezpublish-kernel 17 Microsoft.AspNetCore.App.Runtime.linux-musl-arm64 17 cakephp/cakephp 17 org.apache.activemq:activemq-client 16 neutron 16 org.apache.jspwiki:jspwiki-main 16 yetiforce/yetiforce-crm 16 phpbb/phpbb 16 rusqlite 16 sequelize 16 pyload-ng 16 org.apache.dubbo:dubbo 16 cryptography 16 tinymce 16 openmage/magento-lts 16 github.com/zitadel/zitadel 16 PaddlePaddle 16 org.bouncycastle:bcprov-jdk15 16 typo3/cms-backend 16 paddlepaddle 16 org.apache.struts.xwork:xwork-core 15 ghost 15 october/system 15 calibreweb 15 smarty/smarty 15 ethyca-fides 15 ec-cube/ec-cube 15 OctoPrint 15 symfony/security-http 15 ckeditor4 15 lollms 14 org.apache.tomcat:tomcat-coyote 14 aiohttp 14 publify_core 14 org.apache.inlong:manager-pojo 14 dompdf/dompdf 14 pyftpdlib 14 silverstripe/cms 14 camaleon_cms 14 joplin 14 github.com/containerd/containerd 14 activesupport 14 phpmailer/phpmailer 14 feehi/cms 14 org.xwiki.platform:xwiki-platform-web 14 modoboa 14
Filter by Repository
https://github.com/tensorflow/tensorflow 433 https://github.com/moodle/moodle 218 https://github.com/chakra-core/ChakraCore 214 https://github.com/xwiki/xwiki-platform 183 https://github.com/jenkinsci/jenkins 150 https://github.com/django/django 113 https://github.com/pimcore/pimcore 113 https://github.com/apache/tomcat 101 https://github.com/apache/airflow 100 https://github.com/microweber/microweber 88 https://github.com/keycloak/keycloak 74 https://github.com/TYPO3/typo3 74 https://github.com/FasterXML/jackson-databind 70 https://github.com/thorsten/phpmyfaq 69 https://github.com/librenms/librenms 66 https://github.com/symfony/symfony 64 https://github.com/silverstripe/silverstripe-framework 64 https://github.com/usememos/memos 64 https://github.com/rails/rails 59 https://github.com/ansible/ansible 58 https://github.com/Dolibarr/dolibarr 56 https://github.com/python-pillow/Pillow 52 https://github.com/kubernetes/kubernetes 52 https://github.com/apache/struts 46 https://github.com/spring-projects/spring-framework 45 https://github.com/shopware/platform 43 https://github.com/ikus060/rdiffweb 42 https://github.com/argoproj/argo-cd 42 https://github.com/concretecms/concretecms 41 https://github.com/grafana/grafana 41 https://github.com/vyperlang/vyper 38 https://github.com/phpmyadmin/phpmyadmin 38 https://github.com/star7th/showdoc 38 https://github.com/magento/magento2 38 https://github.com/plone/Products.CMFPlone 37 https://github.com/x-stream/xstream 37 https://github.com/openstack/nova 37 https://github.com/octobercms/october 35 https://github.com/mautic/mautic 35 https://github.com/answerdev/answer 34 https://github.com/craftcms/cms 34 https://github.com/saltstack/salt 34 https://github.com/rancher/rancher 34 https://github.com/dotnet/runtime 33 https://github.com/apache/activemq 33 https://github.com/sparklemotion/nokogiri 32 https://github.com/go-gitea/gitea 32 https://github.com/opencv/opencv 32 https://github.com/matrix-org/synapse 32 https://github.com/PaddlePaddle/Paddle 31 https://github.com/gradio-app/gradio 31 https://github.com/parse-community/parse-server 31 https://github.com/mlflow/mlflow 30 https://github.com/snipe/snipe-it 30 https://github.com/CVEProject/cvelist 28 https://github.com/openstack/keystone 28 https://github.com/shopware/shopware 28 https://github.com/apache/inlong 27 https://github.com/froxlor/froxlor 26 https://github.com/baserproject/basercms 26 https://github.com/contao/contao 25 https://github.com/cilium/cilium 25 https://github.com/github/advisory-database 25 https://github.com/electron/electron 25 https://github.com/umbraco/Umbraco-CMS 25 https://github.com/directus/directus 25 https://github.com/getgrav/grav 24 https://github.com/TYPO3/TYPO3.CMS 24 https://github.com/strapi/strapi 24 https://github.com/gogs/gogs 24 https://github.com/firefly-iii/firefly-iii 23 https://github.com/apache/nifi 23 https://github.com/eclipse/jetty.project 23 https://github.com/livehelperchat/livehelperchat 23 https://github.com/pmmp/PocketMine-MP 23 https://github.com/hashicorp/consul 22 https://github.com/nervosnetwork/ckb 22 https://github.com/langchain-ai/langchain 22 https://github.com/PrestaShop/PrestaShop 22 https://github.com/apache/cxf 21 https://github.com/netty/netty 21 https://github.com/jenkinsci/script-security-plugin 21 https://github.com/OpenNMS/opennms 20 https://github.com/funadmin/funadmin 20 https://github.com/simplesamlphp/simplesamlphp 20 https://github.com/bytecodealliance/wasmtime 20 https://github.com/undertow-io/undertow 20 https://github.com/jeecgboot/jeecg-boot 20 https://github.com/OpenZeppelin/openzeppelin-contracts 20 https://github.com/zitadel/zitadel 19 https://github.com/bcgit/bc-java 19 https://github.com/cloudfoundry/uaa 19 https://github.com/goharbor/harbor 19 https://github.com/nilsteampassnet/teampass 19 https://github.com/getkirby/kirby 19 https://github.com/rack/rack 18 https://github.com/geoserver/geoserver 18 https://github.com/traefik/traefik 18 https://github.com/rubygems/rubygems 18 https://github.com/helm/helm 18 https://github.com/intelliants/subrion 18 https://github.com/nilsteampassnet/TeamPass 18 https://github.com/hashicorp/vault 17 https://github.com/liufee/cms 17 https://github.com/vaadin/platform 17 https://github.com/opencast/opencast 17 https://github.com/mindsdb/mindsdb 17 https://github.com/moby/moby 17 https://github.com/OpenMage/magento-lts 16 https://github.com/rusqlite/rusqlite 16 https://github.com/yetiforcecompany/yetiforcecrm 16 https://github.com/etcd-io/etcd 16 https://github.com/forkcms/forkcms 16 https://github.com/TYPO3-CMS/core 16 https://github.com/ethereum/go-ethereum 16 https://github.com/sequelize/sequelize 16 https://github.com/mattermost/mattermost 16 https://github.com/tinymce/tinymce 16 https://github.com/pyload/pyload 16 https://github.com/backstage/backstage 16 https://github.com/laravel/framework 16 https://github.com/cobbler/cobbler 15 https://github.com/zendframework/zendframework 15 https://github.com/PHPMailer/PHPMailer 15 https://github.com/apache/camel 15 https://github.com/vantage6/vantage6 15 https://github.com/centreon/centreon 15 https://github.com/pyca/cryptography 15 https://github.com/dompdf/dompdf 15 https://github.com/ethyca/fides 15 https://github.com/decidim/decidim 15 https://github.com/denoland/deno 15 https://github.com/puppetlabs/puppet 15 https://github.com/containerd/containerd 14 https://github.com/aio-libs/aiohttp 14 https://github.com/hashicorp/nomad 14 https://github.com/ckeditor/ckeditor4 14 https://github.com/vercel/next.js 14 https://github.com/dotnet/aspnetcore 14 https://github.com/xuxueli/xxl-job 14 https://github.com/janeczku/calibre-web 14 https://github.com/twisted/twisted 14 https://github.com/cockpit-hq/cockpit 14 https://github.com/OPCFoundation/UA-.NETStandard 13 https://github.com/publify/publify 13 https://github.com/golang/go 13 https://github.com/ming-soft/MCMS 13 https://github.com/quarkusio/quarkus 13 https://github.com/OpenRefine/OpenRefine 13 https://github.com/swagger-api/swagger-ui 13 https://github.com/TryGhost/Ghost 13 https://github.com/modoboa/modoboa 13 https://github.com/nodejs/undici 13 https://github.com/dromara/hutool 13 https://github.com/laurent22/joplin 13 https://github.com/apache/dolphinscheduler 13 https://github.com/PHPOffice/PhpSpreadsheet 12 https://github.com/pimcore/admin-ui-classic-bundle 12 https://github.com/opencontainers/runc 12 https://github.com/patriksimek/vm2 12 https://github.com/apache/kylin 12 https://github.com/centreon/centreon-archived 12 https://github.com/wagtail/wagtail 12 https://github.com/puma/puma 12 https://github.com/containers/podman 12 https://github.com/smarty-php/smarty 12 https://github.com/urllib3/urllib3 12 https://github.com/openfga/openfga 12 https://github.com/1Panel-dev/1Panel 12 https://github.com/surrealdb/surrealdb 12 https://github.com/dpgaspar/Flask-AppBuilder 11 https://github.com/thorsten/phpMyFAQ 11 https://github.com/WWBN/AVideo 11 https://github.com/cakephp/cakephp 11 https://github.com/dolibarr/dolibarr 11 https://github.com/nats-io/nats-server 11 https://github.com/onionshare/onionshare 11 https://github.com/Studio-42/elFinder 11 https://github.com/top-think/framework 11 https://github.com/yiisoft/yii2 11 https://github.com/igniterealtime/Openfire 11 https://github.com/ezsystems/ezpublish-kernel 11 https://github.com/Pylons/waitress 11 https://github.com/openstack/glance 11 https://github.com/pomerium/pomerium 11 https://github.com/zenml-io/zenml 11 https://github.com/vaadin/flow 11 https://github.com/scrapy/scrapy 11 https://github.com/NodeBB/NodeBB 11 https://github.com/spring-projects/spring-security 11 https://github.com/Sylius/Sylius 11 https://github.com/owen2345/camaleon-cms 11 https://github.com/matrix-org/matrix-js-sdk 11 https://github.com/drupal/core 11 https://github.com/cloudflare/cfrpki 11 https://github.com/greenpau/caddy-security 10 https://github.com/apache/superset 10 https://github.com/Graylog2/graylog2-server 10 https://github.com/nextauthjs/next-auth 10