Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories

Browse all Security Advisories for

Loading...
High
GSA_kwCzR0hTQS05NW0yLWNobTQtbXE3bc4ABDCx
PHP-Textile has persistent XSS vulnerability in image link handling
Ecosystems: packagist
Packages: netcarver/textile
Source: GitHub Advisory Database
Blast Radius: 16.9
Published: about 15 hours ago
High
GSA_kwCzR0hTQS0ycjJ2LTlwZjgtNjM0Ms4ABDCw
WireGuard Portal v2 Vulnerable to OAuth Insecure Redirect URI / Account Takeover
Ecosystems: go
Packages: github.com/h44z/wg-portal
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 17 hours ago
Moderate
GSA_kwCzR0hTQS1yNXZmLXdmNGgtODJnZ84ABDCl
matrix-sdk-crypto missing facility to signal rotation of a verified cryptographic identity
Ecosystems: cargo
Packages: matrix-sdk-crypto
Source: GitHub Advisory Database
Blast Radius: 6.8
Published: about 17 hours ago
High
GSA_kwCzR0hTQS1mMjdwLWNtdjgteGhtNs4ABC_L
fetch: Authorization headers not dropped when redirecting cross-origin
Ecosystems: cargo
Packages: deno, deno_fetch
Source: GitHub Advisory Database
Blast Radius: 12.3
Published: 1 day ago
Low
GSA_kwCzR0hTQS0ycDk1LTh4dm0tMnBqeM4ABC_I
REDAXO CMS Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: redaxo/source
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 1 day ago
Low
GSA_kwCzR0hTQS1tNzhjLXF4OTktbXZ3Oc4ABC_K
Grav Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: getgrav/grav
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 1 day ago
Moderate
GSA_kwCzR0hTQS0yMzdyLXI4bTQtNHE4OM4ABC_D
Guzzle OAuth Subscriber has insufficient nonce entropy
Ecosystems: packagist
Packages: guzzlehttp/oauth-subscriber
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 1 day ago
High
GSA_kwCzR0hTQS12Nmp2LXA2cjgtajc4d84ABC-m
NiceGUI On Air authentication issue
Ecosystems: pypi
Packages: nicegui
Source: GitHub Advisory Database
Blast Radius: 10.4
Published: 1 day ago
High
GSA_kwCzR0hTQS1yOXB4LW05NTktY3hmNM4ABC-l
go-git clients vulnerable to DoS via maliciously crafted Git server replies
Ecosystems: go
Packages: github.com/go-git/go-git, github.com/go-git/go-git/v5, gopkg.in/src-d/go-git.v4
Source: GitHub Advisory Database
Blast Radius: 31.0
Published: 1 day ago
Critical
GSA_kwCzR0hTQS12NzI1LTk1NDYtN3E3bc4ABC-k
go-git has an Argument Injection via the URL field
Ecosystems: go
Packages: github.com/go-git/go-git/v5, gopkg.in/src-d/go-git.v4
Source: GitHub Advisory Database
Blast Radius: 40.5
Published: 1 day ago
High
GSA_kwCzR0hTQS00eDZ4LThybTgtYzM3as4ABC-j
Extension:TabberNeue vulnerable to Cross-site Scripting
Ecosystems: packagist
Packages: starcitizentools/tabber-neue
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 1 day ago
Moderate
GSA_kwCzR0hTQS03bTI3LTdnaGMtNDR3Oc4ABC8r
Next.js Allows a Denial of Service (DoS) with Server Actions
Ecosystems: npm
Packages: next
Source: GitHub Advisory Database
Blast Radius: 29.4
Published: 5 days ago
Moderate
GSA_kwCzR0hTQS1xOWp2LW1tM3ItajQ3cs4ABC8m
PhpSpreadsheet allows bypass XSS sanitizer using the javascript protocol and special characters
Ecosystems: packagist
Packages: phpoffice/phpspreadsheet
Source: GitHub Advisory Database
Blast Radius: 23.2
Published: 5 days ago
Moderate
GSA_kwCzR0hTQS1od2NwLTJoMzUtcDY2d84ABC8l
PhpSpreadsheet has a Cross-Site Scripting (XSS) vulnerability of the hyperlink base in the HTML page header
Ecosystems: packagist
Packages: phpoffice/phpspreadsheet
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 5 days ago
Moderate
GSA_kwCzR0hTQS13djIzLTk5NnYtcTIyOc4ABC8k
PhpSpreadsheet has a Cross-Site Scripting (XSS) vulnerability in custom properties
Ecosystems: packagist
Packages: phpoffice/phpspreadsheet
Source: GitHub Advisory Database
Blast Radius: 23.2
Published: 5 days ago
High
GSA_kwCzR0hTQS1qMnhnLWNqY3gtNDY3N84ABC8j
PhpSpreadsheet allows unauthorized Reflected XSS in Currency.php file
Ecosystems: packagist
Packages: phpoffice/phpspreadsheet
Source: GitHub Advisory Database
Blast Radius: 30.6
Published: 5 days ago
High
GSA_kwCzR0hTQS1jNmZ2LTd2aDgtMnJocs4ABC8i
PhpSpreadsheet allows unauthorized Reflected XSS in the Accounting.php file
Ecosystems: packagist
Packages: phpoffice/phpspreadsheet
Source: GitHub Advisory Database
Blast Radius: 30.6
Published: 5 days ago
High
GSA_kwCzR0hTQS1qbXB4LTY4NnYtYzN3eM4ABC8h
PhpSpreadsheet allows unauthorized Reflected XSS in the constructor of the Downloader class
Ecosystems: packagist
Packages: phpoffice/phpspreadsheet
Source: GitHub Advisory Database
Blast Radius: 30.6
Published: 5 days ago
Moderate
GSA_kwCzR0hTQS1qMzg2LTM0NDQtcWd3Z84ABC8g
Trix allows Cross-site Scripting via `javascript:` url in a link
Ecosystems: npm
Packages: trix
Source: GitHub Advisory Database
Blast Radius: 16.4
Published: 5 days ago
High
GSA_kwCzR0hTQS04Zng4LXBmZnctdzQ5OM4ABC8f
SiYuan has an arbitrary file deletion vulnerability
Ecosystems: go
Packages: github.com/siyuan-note/siyuan/kernel
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 5 days ago
Moderate
GSA_kwCzR0hTQS1jd3JoLTU3NWotOHZyM84ABC8e
Karmada Tar Slips in CRDs archive extraction
Ecosystems: go
Packages: github.com/karmada-io/karmada
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 5 days ago
High
GSA_kwCzR0hTQS1tZzd3LWM5eDIteGg3cs4ABC8d
Karmada PULL Mode Cluster Privilege Escalation
Ecosystems: go
Packages: github.com/karmada-io/karmada
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 5 days ago
High
GSA_kwCzR0hTQS14ODhnLWg5NTYtbTV4Z84ABC8c
PhpSpreadsheet allows unauthorized Reflected XSS in `Convert-Online.php` file
Ecosystems: packagist
Packages: phpoffice/phpspreadsheet
Source: GitHub Advisory Database
Blast Radius: 30.6
Published: 5 days ago
Moderate
GSA_kwCzR0hTQS13dzMzLWpwcHEtcWZycM4ABC79
phpMyFAQ Vulnerable to Stored HTML Injection at FAQ
Ecosystems: packagist
Packages: thorsten/phpmyfaq, phpmyfaq/phpmyfaq
Source: GitHub Advisory Database
Blast Radius: 3.1
Published: 5 days ago
Moderate
GSA_kwCzR0hTQS1xcTlmLXE0MzktMjU3NM4ABC78
Narayana deadlock via multiple join requests sent to LRA Coordinator
Ecosystems: maven
Packages: org.jboss.narayana.rts:lra-coordinator-jar
Source: GitHub Advisory Database
Blast Radius: 11.9
Published: 5 days ago
Critical
GSA_kwCzR0hTQS05NHA1LXI3Y2MtM3Jwcs4ABC7I
path-sanitizer allows bypassing the existing filters to achieve path-traversal vulnerability
Ecosystems: npm
Packages: path-sanitizer
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 6 days ago
High
GSA_kwCzR0hTQS13Z3FxLTlxaDgtd3Zxds4ABC2l
OpenShift Hive RCE through AWS/Kubernetes client configuration leads to privilege escalation
Ecosystems: go
Packages: github.com/openshift/hive
Source: GitHub Advisory Database
Blast Radius: 17.0
Published: 8 days ago
Low
GSA_kwCzR0hTQS1nbXg3LWdyNXEtODV3Nc4ABC1C
magic-crypt uses insecure cryptographic algorithms
Ecosystems: cargo
Packages: magic-crypt
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 9 days ago
Low
GSA_kwCzR0hTQS1ndjdmLTVxcWgtdnhmeM4ABC1B
xous has unsound usages of `core::slice::from_raw_parts`
Ecosystems: cargo
Packages: xous
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 9 days ago
Moderate
GSA_kwCzR0hTQS1nZ3dxLXhjNzItMzNyM84ABC1A
LGSL has a reflected XSS at /lgsl_files/lgsl_list.php
Ecosystems: packagist
Packages: tltneon/lgsl
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 9 days ago
High
GSA_kwCzR0hTQS04amh3LTZwamotODcyM84ABC0_
Better Auth has an Open Redirect Vulnerability in Verify Email Endpoint
Ecosystems: npm
Packages: better-auth
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 9 days ago
Moderate
GSA_kwCzR0hTQS00ZndqLW02MnEtcHA0N84ABC0-
Password Pusher Allows Session Token Interception Leading to Potential Hijacking
Ecosystems: rubygems
Packages: pwpush
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 9 days ago
Moderate
GSA_kwCzR0hTQS1ocTRoLXc5MzMtam02Y84ABC09
khoj has an IDOR in subscription management allows unauthorized subscription modifications
Ecosystems: pypi
Packages: khoj
Source: GitHub Advisory Database
Blast Radius: 1.3
Published: 9 days ago
Moderate
GSA_kwCzR0hTQS03cm0zLTR3NmotOHh4NM4ABC07
TeamPass mail_me operation authorization issue
Ecosystems: packagist
Packages: nilsteampassnet/teampass
Source: GitHub Advisory Database
Blast Radius: 3.3
Published: 9 days ago
Critical
GSA_kwCzR0hTQS05d21jLTk4OGgtMm12Ms4ABC08
TeamPass privileges issue
Ecosystems: packagist
Packages: nilsteampassnet/teampass
Source: GitHub Advisory Database
Blast Radius: 3.3
Published: 9 days ago
Moderate
GSA_kwCzR0hTQS0yNjk3LTk2bXYtM2dmbc4ABC05
TeamPass does not properly check whether a folder is in a user's allowed folders list
Ecosystems: packagist
Packages: nilsteampassnet/teampass
Source: GitHub Advisory Database
Blast Radius: 2.6
Published: 9 days ago
Low
GSA_kwCzR0hTQS1tcGo3LTdtZzcteDk1as4ABCza
Apache NiFi: Missing Complete Authorization for Parameter and Service References
Ecosystems: maven
Packages: org.apache.nifi:nifi-web-api
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 11 days ago
Moderate
GSA_kwCzR0hTQS05cTM0LTdoZnItaDhqbc4ABCyo
Dcat Admin Cross-site Scripting (XSS) vulnerability
Ecosystems: packagist
Packages: dcat/laravel-admin
Source: GitHub Advisory Database
Blast Radius: 11.6
Published: 11 days ago
Moderate
GSA_kwCzR0hTQS0zN3gzLWo5anEtdnJqeM4ABCyn
Dcat-Admin Cross-Site Scripting (XSS) vulnerability
Ecosystems: packagist
Packages: dcat/laravel-admin
Source: GitHub Advisory Database
Blast Radius: 11.6
Published: 11 days ago
High
GSA_kwCzR0hTQS03cDJnLTJ2eGMtNWc1Nc4ABCyb
Letta (previously MemGPT) incorrect access control vulnerability
Ecosystems: pypi
Packages: letta
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 11 days ago
Moderate
GSA_kwCzR0hTQS1ocW1wLWc3cGgteDU0M84ABCyR
TunnelVision - decloaking VPNs using DHCP
Ecosystems: cargo
Packages: quincy
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 12 days ago
High
GSA_kwCzR0hTQS1qNXZ2LTZ3amctY2ZyOM4ABCyQ
changedetection.io Vulnerable to Improper Input Validation Leading to LFR/Path Traversal
Ecosystems: pypi
Packages: changedetection.io
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 12 days ago
High
GSA_kwCzR0hTQS13OTVjLTc5OTQtZ2hwcs4ABCuF
TCPDF has incorrect comparison
Ecosystems: packagist
Packages: tecnickcom/tcpdf
Source: GitHub Advisory Database
Blast Radius: 28.2
Published: 12 days ago
Moderate
GSA_kwCzR0hTQS1xeDk1LWN3aDYtOW12cc4ABCt9
TCPDF missing character escape on error messages
Ecosystems: packagist
Packages: tecnickcom/tcpdf
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 12 days ago
High
GSA_kwCzR0hTQS05bWd4LTU1MmYtNTlwNs4ABCuC
TCPDF missing certificate validation
Ecosystems: packagist
Packages: tecnickcom/tcpdf
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 12 days ago
Moderate
GSA_kwCzR0hTQS1ncmhoLXI0amotOGpoN84ABCt-
tecnickcom/tc-lib-pdf-font mishandles fonts
Ecosystems: packagist
Packages: tecnickcom/tc-lib-pdf-font
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 12 days ago
Moderate
GSA_kwCzR0hTQS00cDhqLXZoam0tNnB2d84ABCt6
TCPDF lacks SVG sanitization
Ecosystems: packagist
Packages: tecnickcom/tcpdf
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 12 days ago
Moderate
GSA_kwCzR0hTQS1wcTlwLXBjM3AtOWhtNM4ABCt3
python-sql SQL injection vulnerability
Ecosystems: pypi
Packages: python-sql
Source: GitHub Advisory Database
Blast Radius: 13.3
Published: 12 days ago
High
GSA_kwCzR0hTQS04Z2MyLXZxNm0tcndqd84ABCtr
Amazon Redshift Python Connector vulnerable to SQL Injection
Ecosystems: pypi
Packages: redshift_connector
Source: GitHub Advisory Database
Blast Radius: 17.5
Published: 13 days ago
High
GSA_kwCzR0hTQS04NTk2LTJqZ3ItcHBqN84ABCtq
Amazon Redshift JDBC Driver vulnerable to SQL Injection
Ecosystems: maven
Packages: com.amazon.redshift:redshift-jdbc42
Source: GitHub Advisory Database
Blast Radius: 22.8
Published: 13 days ago
High
GSA_kwCzR0hTQS14eDk1LTYyaDYtaDd2M84ABCtp
lgsl Stored Cross-Site Scripting vulnerability
Ecosystems: packagist
Packages: tltneon/lgsl
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 13 days ago
Moderate
GSA_kwCzR0hTQS14NTJmLWg1ZzQtOHF2Nc4ABCti
Marp Core allows XSS by improper neutralization of HTML sanitization
Ecosystems: npm
Packages: @marp-team/marp-core
Source: GitHub Advisory Database
Blast Radius: 13.9
Published: 13 days ago
Critical
GSA_kwCzR0hTQS03Nmg5LTJ2d2gtdzI3OM4ABCsk
Apache MINA Deserialization RCE Vulnerability
Ecosystems: maven
Packages: org.apache.mina:mina-core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 14 days ago
Critical
GSA_kwCzR0hTQS1mNjk3LWdtM2gteHJmOc4ABCr5
Apache HugeGraph-Server: Fixed JWT Token (Secret)
Ecosystems: maven
Packages: org.apache.hugegraph:hugegraph-server
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 15 days ago
Moderate
GSA_kwCzR0hTQS1nMnZnLThoZmctNzl2as4ABCrg
Koji Cross-site Scripting
Ecosystems: pypi
Packages: koji
Source: GitHub Advisory Database
Blast Radius: 10.7
Published: 15 days ago
Critical
GSA_kwCzR0hTQS12bTYyLTlqdzMtYzh3M84ABCrd
Gogs has an argument Injection in the built-in SSH server
Ecosystems: go
Packages: gogs.io/gogs
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 15 days ago
Critical
GSA_kwCzR0hTQS05cHA2LXdxOGMtM3cyY84ABCrc
Gogs allows argument injection during the previewing of changes
Ecosystems: go
Packages: gogs.io/gogs
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 15 days ago
Critical
GSA_kwCzR0hTQS1jY3F2LTQzdm0tNGYzd84ABCrb
Gogs allows deletion of internal files
Ecosystems: go
Packages: gogs.io/gogs
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 15 days ago
High
GSA_kwCzR0hTQS1tMjdtLWg1Z2otd3dtZ84ABCra
Gogs allows argument Injection when tagging new releases
Ecosystems: go
Packages: gogs.io/gogs
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 15 days ago
Moderate
GSA_kwCzR0hTQS13cnc3LTg5anAtOHE4Z84ABCrZ
Unsoundness in `Iterator` and `DoubleEndedIterator` impls for `glib::VariantStrIter`
Ecosystems: cargo
Packages: glib
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 16 days ago
High
GSA_kwCzR0hTQS14d3g3LXA2M3ItMnJqOM4ABCrY
Navidrome Stores JWT Secret in Plaintext in navidrome.db
Ecosystems: go
Packages: github.com/navidrome/navidrome
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 16 days ago
Moderate
GSA_kwCzR0hTQS02NGdwLXI3NTgtOHBmbc4ABCrX
Cross Site Scripting (XSS) vulnerability while uploading content to a new deployment
Ecosystems: maven
Packages: org.jboss.hal:hal-console
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 16 days ago
Moderate
GSA_kwCzR0hTQS1oNnhtLWM2cjQtdm13Zs4ABCrW
Unsound usages of `u8` type casting in spl-token-swap
Ecosystems: cargo
Packages: spl-token-swap
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 16 days ago
Moderate
GSA_kwCzR0hTQS1mN3FqLXYzdnAtNDg1Ns4ABCrV
libafl has unsound usages of `core::slice::from_raw_parts_mut`
Ecosystems: cargo
Packages: libafl
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 16 days ago
Moderate
GSA_kwCzR0hTQS0zcXg4LXJ2MjctajZncM4ABCrU
Undefined behaviour in `kvm_ioctls::ioctls::vm::VmFd::create_device`
Ecosystems: cargo
Packages: kvm-ioctls
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 16 days ago
High
GSA_kwCzR0hTQS03N3BtLXczaHgtZjhtas4ABCrS
Apache Hive and Spark: CookieSigner exposes the correct signature when message verification fails
Ecosystems: maven
Packages: org.apache.spark:spark-hive-thriftserver_2.12, org.apache.spark:spark-hive-thriftserver_2.11, org.apache.hive:hive-service
Source: GitHub Advisory Database
Blast Radius: 17.6
Published: 16 days ago
Critical
GSA_kwCzR0hTQS12cTk0LTlwZnYtY2Nxcs4ABCrR
SQL injection in Apache Traffic Control
Ecosystems: go
Packages: github.com/apache/trafficcontrol/v8
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 16 days ago
Moderate
GSA_kwCzR0hTQS1yODdxLWZqMjUtZjhqZs4ABCrQ
Cross-site Scripting vulnerability in SimpleXLSXEx::readThemeColors, SimpleXLSXEx::getColorValue and SimpleXLSX::toHTMLEx
Ecosystems: packagist
Packages: shuchkin/simplexlsx
Source: GitHub Advisory Database
Blast Radius: 13.7
Published: 16 days ago
Moderate
GSA_kwCzR0hTQS1xMng3LThydjYtNnE3aM4ABCrP
Jinja has a sandbox breakout through indirect reference to format method
Ecosystems: pypi
Packages: jinja2
Source: GitHub Advisory Database
Blast Radius: 40.0
Published: 16 days ago
Moderate
GSA_kwCzR0hTQS1nbWo2LTZmOGYtNjY5Oc4ABCrO
Jinja has a sandbox breakout through malicious filenames
Ecosystems: pypi
Packages: jinja2
Source: GitHub Advisory Database
Blast Radius: 45.1
Published: 16 days ago
High
GSA_kwCzR0hTQS1xZjV2LXJwNDctNTVnZ84ABCrN
Path Traversal in file update API in gogs
Ecosystems: go
Packages: gogs.io/gogs
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 16 days ago
High
GSA_kwCzR0hTQS1yN2o4LTVoOWMtZjZmeM4ABCrM
Remote Command Execution in file editing in gogs
Ecosystems: go
Packages: gogs.io/gogs
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 16 days ago
Moderate
GSA_kwCzR0hTQS1jbXdwLTQ0MngtM3Jjds4ABCqF
Piranha CMS Cross-site Scripting vulnerability
Ecosystems: nuget
Packages: Piranha
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 18 days ago
Moderate
GSA_kwCzR0hTQS1tbXg4LXZyZmctaGZtcc4ABCqI
Piranha CMS Cross-site Scripting vulnerability
Ecosystems: nuget
Packages: Piranha
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 18 days ago
High
GSA_kwCzR0hTQS1jdnY1LTloOXctcXAybc4ABCqA
Systeminformation has command injection vulnerability in getWindowsIEEE8021x (SSID)
Ecosystems: npm
Packages: systeminformation
Source: GitHub Advisory Database
Blast Radius: 32.8
Published: 19 days ago
Moderate
GSA_kwCzR0hTQS1oaGN3LXd3eHYtZzk1Y84ABCp7
Oqtane Framework Insecure Direct Object Reference vulnerability
Ecosystems: nuget
Packages: Oqtane.Server, Oqtane.Framework
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 19 days ago
High
GSA_kwCzR0hTQS05OTVjLXF3dzgtNjRmas4ABCp6
Oqtane Framework Incorrect Access Control vulnerability
Ecosystems: nuget
Packages: Oqtane.Server, Oqtane.Framework
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 19 days ago
High
GSA_kwCzR0hTQS0yN2hwLXhod3Itd3Iybc4ABCp3
Apache Tomcat Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability
Ecosystems: maven
Packages: org.apache.tomcat:tomcat-catalina
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 19 days ago
Low
GSA_kwCzR0hTQS0yaHI1LWN2d3AtanI1d84ABCp-
Oqtane Framework Insecure Direct Object Reference vulnerability
Ecosystems: nuget
Packages: Oqtane.Shared, Oqtane.Server, Oqtane.Client, Oqtane.Framework
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 19 days ago
Critical
GSA_kwCzR0hTQS01cXd3LTU2Z2MtZjY2Y84ABCp5
GoCast OS Command Injection vulnerability
Ecosystems: go
Packages: github.com/mayuresh82/gocast
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 19 days ago
Moderate
GSA_kwCzR0hTQS0ycWdtLW0yOW0tY2oyaM4ABCpp
uptime-kuma vulnerable to Local File Inclusion (LFI) via Improper URL Handling in `Real-Browser` monitor
Ecosystems: npm
Packages: uptime-kuma
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 19 days ago
High
GSA_kwCzR0hTQS0zcTk3LXZqcHAtYzhycM4ABCpo
Socialstream has a Potential Account Takeover Vulnerability in Social Account Linking Due to Missing User Consent After OAuth Callback
Ecosystems: packagist
Packages: joelbutcher/socialstream
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 19 days ago
High
GSA_kwCzR0hTQS1jOWY1LTI5ZjYtYzM1d84ABCpX
Browsershot Improper Input Validation vulnerability
Ecosystems: packagist
Packages: spatie/browsershot
Source: GitHub Advisory Database
Blast Radius: 22.7
Published: 19 days ago
Moderate
GSA_kwCzR0hTQS1ocjY4LWh2Z3YteHhxZs4ABCpF
Hashicorp Nomad Incorrect Privilege Assignment vulnerability
Ecosystems: go
Packages: github.com/hashicorp/nomad
Source: GitHub Advisory Database
Blast Radius: 15.1
Published: 19 days ago
High
GSA_kwCzR0hTQS1ydjgzLWg2OHEtYzR3cc4ABCoq
GoPhish sends cleartext passwords
Ecosystems: go
Packages: github.com/gophish/gophish
Source: GitHub Advisory Database
Blast Radius: 9.0
Published: 19 days ago
High
GSA_kwCzR0hTQS1nNXZyLXJncW0tdmY3OM4ABCoa
Spring Framework Path Traversal vulnerability
Ecosystems: maven
Packages: org.springframework:spring-webmvc, org.springframework:spring-webflux
Source: GitHub Advisory Database
Blast Radius: 40.2
Published: 20 days ago
Moderate
GSA_kwCzR0hTQS1wcjk4LTIzZjgtand4ds4ABCog
QOS.CH logback-core Expression Language Injection vulnerability
Ecosystems: maven
Packages: ch.qos.logback:logback-core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 20 days ago
Low
GSA_kwCzR0hTQS02djY3LTJ3cjUtZ3ZmNM4ABCoZ
QOS.CH logback-core Server-Side Request Forgery vulnerability
Ecosystems: maven
Packages: ch.qos.logback:logback-core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 20 days ago
High
GSA_kwCzR0hTQS03N2MyLWMzNXEtMjU0d84ABCoR
OpenShift Must Gather Operator Improper Input Validation vulnerability
Ecosystems: go
Packages: github.com/openshift/must-gather
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 20 days ago
High
GSA_kwCzR0hTQS01cGY2LWNxMnYtMjN3d84ABCoH
WhoDB Allows Unbounded Memory Consumption in Authentication Middleware Can Lead to Denial of Service
Ecosystems: go
Packages: github.com/clidey/whodb/core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 20 days ago
High
GSA_kwCzR0hTQS00N2g4LWptcDMtOWYyOM4ABCoG
pyrage vulnerable to malicious plugin names, recipients, or identities causing arbitrary binary execution
Ecosystems: pypi
Packages: pyrage
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 20 days ago
High
GSA_kwCzR0hTQS00OXc2LTczY3ctY2hqcs4ABCoF
Astro's server source code is exposed to the public if sourcemaps are enabled
Ecosystems: npm
Packages: astro
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 20 days ago
High
GSA_kwCzR0hTQS13MzJtLTk3ODYtanA2M84ABCj1
Non-linear parsing of case-insensitive content in golang.org/x/net/html
Ecosystems: go
Packages: golang.org/x/net
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 20 days ago
Critical
GSA_kwCzR0hTQS0ycDZwLTlyYzktNjJqOc4ABCjf
Craft CMS has potential RCE when PHP `register_argc_argv` config setting is enabled
Ecosystems: packagist
Packages: craftcms/cms
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 21 days ago
Moderate
GSA_kwCzR0hTQS0zMmdxLXg1NmgtMjk5Y84ABCjP
age vulnerable to malicious plugin names, recipients, or identities causing arbitrary binary execution
Ecosystems: go
Packages: filippo.io/age
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 21 days ago
Moderate
GSA_kwCzR0hTQS00Zmc3LXZ4YzgtcXg1d84ABCjO
rage vulnerable to malicious plugin names, recipients, or identities causing arbitrary binary execution
Ecosystems: cargo
Packages: rage, age
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 21 days ago
High
GSA_kwCzR0hTQS1odm05LXdjOGotbWdyY84ABCjN
TShock Security Escalation Exploit
Ecosystems: nuget
Packages: TShock
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 21 days ago
Moderate
GSA_kwCzR0hTQS0yZmY0LXhmcHItbTMycs4ABCjM
`Slip10Like` derivation method instantiated with certain curves may allow attacker to find derivation path which results into very long derivation (possible DoS)
Ecosystems: cargo
Packages: slip-10, hd-wallet
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 21 days ago
Low
GSA_kwCzR0hTQS1tNTZoLTV4eDMtMmpjMs4ABCjL
Prototype pollution in jsii.configureCategories
Ecosystems: npm
Packages: jsii
Source: GitHub Advisory Database
Blast Radius: 11.5
Published: 21 days ago
Low
GSA_kwCzR0hTQS1wN2M5LTh4eDgtaDc0Zs4ABCjH
Apache Kafka's SCRAM implementation Incorrectly Implements Authentication Algorithm
Ecosystems: maven
Packages: org.apache.kafka:kafka
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 21 days ago
Statistics
Advisories: 21,012
Packages: 9,186
Repositories: 5,622
Ecosystems: 12
Filter by Severity
Moderate 8,966 High 7,400 Critical 3,092 Low 1,181
Filter by Ecosystem
maven 5,936 packagist 4,703 pypi 4,433 npm 3,855 go 2,371 nuget 1,564 cargo 920 rubygems 887 swift 33 hex 32 actions 21 pub 10
Filter by Package
tensorflow 433 tensorflow-gpu 427 tensorflow-cpu 423 moodle/moodle 367 Microsoft.ChakraCore 247 magento/community-edition 235 org.jenkins-ci.main:jenkins-core 193 typo3/cms 174 org.apache.tomcat:tomcat 132 pimcore/pimcore 118 dolibarr/dolibarr 113 typo3/cms-core 106 Django 102 drupal/core 99 microweber/microweber 94 phpmyadmin/phpmyadmin 92 silverstripe/framework 85 apache-airflow 85 drupal/drupal 83 librenms/librenms 75 thorsten/phpmyfaq 73 Plone 72 com.fasterxml.jackson.core:jackson-databind 69 symfony/symfony 69 github.com/mattermost/mattermost/server/v8 65 github.com/usememos/memos 64 ansible 63 actionpack 61 concrete5/concrete5 60 salt 56 org.apache.struts:struts2-core 56 apache-superset 55 shopware/platform 52 com.liferay.portal:release.portal.bom 51 github.com/grafana/grafana 49 org.keycloak:keycloak-core 49 mlflow 47 baserproject/basercms 47 nova 47 craftcms/cms 47 django 44 nokogiri 43 rdiffweb 42 matrix-synapse 41 plone 41 showdoc/showdoc 40 shopware/core 40 nilsteampassnet/teampass 40 org.apache.tomcat.embed:tomcat-embed-core 39 intelliants/subrion 39 vyper 38 github.com/rancher/rancher 38 froxlor/froxlor 38 github.com/mattermost/mattermost-server/v6 38 org.elasticsearch:elasticsearch 38 mautic/core 37 github.com/hashicorp/vault 37 com.thoughtworks.xstream:xstream 37 org.xwiki.platform:xwiki-platform-oldcore 37 k8s.io/kubernetes 36 com.jfinal:jfinal 36 snipe/snipe-it 35 net.mingsoft:ms-mcms 35 moin 35 io.undertow:undertow-core 35 org.keycloak:keycloak-services 35 github.com/answerdev/answer 34 gradio 34 zendframework/zendframework1 34 org.jenkins-ci.plugins:script-security 33 keystone 32 github.com/argoproj/argo-cd 31 Pillow 31 gogs.io/gogs 31 opencv-python 31 opencv-contrib-python 31 parse-server 31 shopware/shopware 30 getgrav/grav 30 github.com/hashicorp/nomad 29 github.com/docker/docker 29 github.com/hashicorp/consul 29 directus 28 mediawiki/core 28 github.com/argoproj/argo-cd/v2 27 centreon/centreon 27 pillow 26 github.com/cilium/cilium 26 prestashop/prestashop 26 openssl-src 26 electron 26 rubygems-update 25 org.apache.solr:solr-core 25 org.eclipse.jetty:jetty-server 24 org.keycloak:keycloak-parent 24 magento/core 24 contao/core-bundle 24 org.springframework.security:spring-security-core 24 pocketmine/pocketmine-mp 23 grumpydictator/firefly-iii 23 puppet 23 zendframework/zendframework 23 rack 23 remdex/livehelperchat 23 com.liferay.portal:release.dxp.bom 23 simplesamlphp/simplesamlphp 23 tribalsystems/zenario 22 org.bouncycastle:bcprov-jdk14 22 getkirby/cms 22 ckb 22 @openzeppelin/contracts-upgradeable 21 Microsoft.AspNetCore.App.Runtime.win-x86 21 activerecord 21 org.apache.openmeetings:openmeetings-parent 21 org.apache.nifi:nifi 21 glance 21 Microsoft.AspNetCore.App.Runtime.win-x64 21 next 20 funadmin/funadmin 20 org.springframework:spring-core 20 laravel/framework 20 github.com/traefik/traefik/v2 20 Microsoft.AspNetCore.App.Runtime.win-arm 20 github.com/ethereum/go-ethereum 20 org.cloudfoundry.identity:cloudfoundry-identity-server 20 langchain 20 @openzeppelin/contracts 20 code.gitea.io/gitea 20 DotNetNuke.Core 19 wasmtime 19 contao/contao 19 golang.org/x/net 19 github.com/goharbor/harbor 19 org.xwiki.platform:xwiki-platform-web-templates 19 phpoffice/phpspreadsheet 19 Microsoft.AspNetCore.App.Runtime.win-arm64 18 Microsoft.AspNetCore.App.Runtime.osx-x64 18 Microsoft.AspNetCore.App.Runtime.linux-arm 18 cobbler 18 mercurial 18 com.vaadin:vaadin-bom 18 forkcms/forkcms 18 Microsoft.AspNetCore.App.Runtime.linux-musl-x64 18 cockpit-hq/cockpit 18 mindsdb 18 Microsoft.AspNetCore.App.Runtime.linux-x64 18 topthink/framework 18 Microsoft.AspNetCore.App.Runtime.linux-arm64 18 cakephp/cakephp 17 francoisjacquet/rosariosis 17 notebook 17 org.apache.geode:geode-core 17 Microsoft.AspNetCore.App.Runtime.linux-musl-arm64 17 symfony/security 17 yetiforce/yetiforce-crm 17 genix/cms 17 opencart/opencart 17 helm.sh/helm/v3 17 ezsystems/ezpublish-kernel 17 neutron 17 org.apache.dubbo:dubbo 16 github.com/zitadel/zitadel 16 paddlepaddle 16 cryptography 16 rusqlite 16 tinymce 16 pyload-ng 16 ethyca-fides 16 openmage/magento-lts 16 PaddlePaddle 16 typo3/cms-backend 16 sequelize 16 org.apache.activemq:activemq-client 16 surrealdb 16 org.bouncycastle:bcprov-jdk15 16 org.apache.jspwiki:jspwiki-main 16 phpbb/phpbb 16 ckeditor4 15 org.apache.struts.xwork:xwork-core 15 ghost 15 october/system 15 OctoPrint 15 calibreweb 15 ec-cube/ec-cube 15 smarty/smarty 15 symfony/security-http 15 deno 14 camaleon_cms 14 activesupport 14 org.apache.tomcat:tomcat-coyote 14 pyftpdlib 14 github.com/containerd/containerd 14 aiohttp 14 org.apache.inlong:manager-pojo 14 phpmailer/phpmailer 14 silverstripe/cms 14 github.com/nats-io/nats-server/v2 14 github.com/mattermost/mattermost-server 14 modoboa 14 joplin 14
Filter by Repository
https://github.com/tensorflow/tensorflow 433 https://github.com/moodle/moodle 218 https://github.com/chakra-core/ChakraCore 214 https://github.com/xwiki/xwiki-platform 188 https://github.com/jenkinsci/jenkins 150 https://github.com/django/django 113 https://github.com/pimcore/pimcore 113 https://github.com/apache/tomcat 103 https://github.com/apache/airflow 100 https://github.com/microweber/microweber 88 https://github.com/keycloak/keycloak 76 https://github.com/TYPO3/typo3 75 https://github.com/FasterXML/jackson-databind 70 https://github.com/thorsten/phpmyfaq 69 https://github.com/librenms/librenms 66 https://github.com/symfony/symfony 64 https://github.com/usememos/memos 64 https://github.com/silverstripe/silverstripe-framework 64 https://github.com/rails/rails 60 https://github.com/ansible/ansible 58 https://github.com/Dolibarr/dolibarr 56 https://github.com/kubernetes/kubernetes 53 https://github.com/python-pillow/Pillow 52 https://github.com/spring-projects/spring-framework 47 https://github.com/apache/struts 46 https://github.com/shopware/platform 43 https://github.com/ikus060/rdiffweb 42 https://github.com/argoproj/argo-cd 42 https://github.com/concretecms/concretecms 41 https://github.com/grafana/grafana 41 https://github.com/star7th/showdoc 38 https://github.com/vyperlang/vyper 38 https://github.com/phpmyadmin/phpmyadmin 38 https://github.com/magento/magento2 38 https://github.com/plone/Products.CMFPlone 37 https://github.com/openstack/nova 37 https://github.com/x-stream/xstream 37 https://github.com/octobercms/october 35 https://github.com/craftcms/cms 35 https://github.com/mautic/mautic 35 https://github.com/rancher/rancher 34 https://github.com/answerdev/answer 34 https://github.com/saltstack/salt 34 https://github.com/dotnet/runtime 33 https://github.com/apache/activemq 33 https://github.com/opencv/opencv 32 https://github.com/matrix-org/synapse 32 https://github.com/sparklemotion/nokogiri 32 https://github.com/go-gitea/gitea 32 https://github.com/mlflow/mlflow 31 https://github.com/parse-community/parse-server 31 https://github.com/gradio-app/gradio 31 https://github.com/PaddlePaddle/Paddle 31 https://github.com/snipe/snipe-it 30 https://github.com/openstack/keystone 28 https://github.com/shopware/shopware 28 https://github.com/CVEProject/cvelist 28 https://github.com/apache/inlong 27 https://github.com/directus/directus 27 https://github.com/cilium/cilium 26 https://github.com/gogs/gogs 26 https://github.com/froxlor/froxlor 26 https://github.com/baserproject/basercms 26 https://github.com/electron/electron 25 https://github.com/github/advisory-database 25 https://github.com/contao/contao 25 https://github.com/umbraco/Umbraco-CMS 25 https://github.com/apache/nifi 24 https://github.com/getgrav/grav 24 https://github.com/strapi/strapi 24 https://github.com/pmmp/PocketMine-MP 23 https://github.com/livehelperchat/livehelperchat 23 https://github.com/firefly-iii/firefly-iii 23 https://github.com/eclipse/jetty.project 23 https://github.com/TYPO3/TYPO3.CMS 23 https://github.com/netty/netty 22 https://github.com/nervosnetwork/ckb 22 https://github.com/PrestaShop/PrestaShop 22 https://github.com/hashicorp/consul 22 https://github.com/langchain-ai/langchain 22 https://github.com/nilsteampassnet/TeamPass 21 https://github.com/apache/cxf 21 https://github.com/undertow-io/undertow 21 https://github.com/jenkinsci/script-security-plugin 21 https://github.com/traefik/traefik 20 https://github.com/simplesamlphp/simplesamlphp 20 https://github.com/funadmin/funadmin 20 https://github.com/jeecgboot/jeecg-boot 20 https://github.com/moby/moby 20 https://github.com/OpenZeppelin/openzeppelin-contracts 20 https://github.com/bytecodealliance/wasmtime 20 https://github.com/OpenNMS/opennms 20 https://github.com/nilsteampassnet/teampass 19 https://github.com/geoserver/geoserver 19 https://github.com/bcgit/bc-java 19 https://github.com/goharbor/harbor 19 https://github.com/getkirby/kirby 19 https://github.com/PHPOffice/PhpSpreadsheet 19 https://github.com/cloudfoundry/uaa 19 https://github.com/zitadel/zitadel 19 https://github.com/intelliants/subrion 18 https://github.com/rack/rack 18 https://github.com/helm/helm 18 https://github.com/rubygems/rubygems 18 https://github.com/denoland/deno 17 https://github.com/backstage/backstage 17 https://github.com/hashicorp/vault 17 https://github.com/vaadin/platform 17 https://github.com/mindsdb/mindsdb 17 https://github.com/opencast/opencast 17 https://github.com/liufee/cms 17 https://github.com/mattermost/mattermost 16 https://github.com/yetiforcecompany/yetiforcecrm 16 https://github.com/vercel/next.js 16 https://github.com/sequelize/sequelize 16 https://github.com/ethereum/go-ethereum 16 https://github.com/ethyca/fides 16 https://github.com/tinymce/tinymce 16 https://github.com/etcd-io/etcd 16 https://github.com/surrealdb/surrealdb 16 https://github.com/TYPO3-CMS/core 16 https://github.com/pyload/pyload 16 https://github.com/rusqlite/rusqlite 16 https://github.com/OpenMage/magento-lts 16 https://github.com/laravel/framework 16 https://github.com/forkcms/forkcms 16 https://github.com/drupal/core 15 https://github.com/dompdf/dompdf 15 https://github.com/centreon/centreon 15 https://github.com/hashicorp/nomad 15 https://github.com/pyca/cryptography 15 https://github.com/PHPMailer/PHPMailer 15 https://github.com/cobbler/cobbler 15 https://github.com/apache/camel 15 https://github.com/decidim/decidim 15 https://github.com/vantage6/vantage6 15 https://github.com/zendframework/zendframework 15 https://github.com/puppetlabs/puppet 15 https://github.com/containerd/containerd 14 https://github.com/ckeditor/ckeditor4 14 https://github.com/cockpit-hq/cockpit 14 https://github.com/janeczku/calibre-web 14 https://github.com/twisted/twisted 14 https://github.com/thorsten/phpMyFAQ 14 https://github.com/xuxueli/xxl-job 14 https://github.com/rails/rails-html-sanitizer 14 https://github.com/dotnet/aspnetcore 14 https://github.com/aio-libs/aiohttp 14 https://github.com/golang/go 14 https://github.com/apache/dolphinscheduler 13 https://github.com/ming-soft/MCMS 13 https://github.com/nodejs/undici 13 https://github.com/dromara/hutool 13 https://github.com/OPCFoundation/UA-.NETStandard 13 https://github.com/TryGhost/Ghost 13 https://github.com/laurent22/joplin 13 https://github.com/swagger-api/swagger-ui 13 https://github.com/OpenRefine/OpenRefine 13 https://github.com/publify/publify 13 https://github.com/modoboa/modoboa 13 https://github.com/quarkusio/quarkus 13 https://github.com/apache/superset 13 https://github.com/apache/kylin 12 https://github.com/containers/podman 12 https://github.com/urllib3/urllib3 12 https://github.com/openfga/openfga 12 https://github.com/wagtail/wagtail 12 https://github.com/1Panel-dev/1Panel 12 https://github.com/smarty-php/smarty 12 https://github.com/centreon/centreon-archived 12 https://github.com/pimcore/admin-ui-classic-bundle 12 https://github.com/patriksimek/vm2 12 https://github.com/opencontainers/runc 12 https://github.com/openstack/glance 12 https://github.com/puma/puma 12 https://github.com/spring-projects/spring-security 11 https://github.com/NodeBB/NodeBB 11 https://github.com/igniterealtime/Openfire 11 https://github.com/dpgaspar/Flask-AppBuilder 11 https://github.com/Pylons/waitress 11 https://github.com/ezsystems/ezpublish-kernel 11 https://github.com/yiisoft/yii2 11 https://github.com/nats-io/nats-server 11 https://github.com/pomerium/pomerium 11 https://github.com/getsentry/sentry 11 https://github.com/cosmos/cosmos-sdk 11 https://github.com/zenml-io/zenml 11 https://github.com/owen2345/camaleon-cms 11 https://github.com/cakephp/cakephp 11 https://github.com/matrix-org/matrix-js-sdk 11 https://github.com/cri-o/cri-o 11 https://github.com/cloudflare/cfrpki 11 https://github.com/Studio-42/elFinder 11 https://github.com/WWBN/AVideo 11 https://github.com/vaadin/flow 11 https://github.com/Sylius/Sylius 11 https://github.com/scrapy/scrapy 11 https://github.com/top-think/framework 11 https://github.com/onionshare/onionshare 11