Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories

Browse all Security Advisories for

Loading...
Moderate
GSA_kwCzR0hTQS00cW00LThoZzItZzJ4bc4ABAZj
MessagePack allows untrusted data to lead to DoS attack due to hash collisions and stack overflow
Ecosystems: nuget
Packages: MessagePack
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 6 hours ago
Moderate
GSA_kwCzR0hTQS1jcm1qLXFoNzQtMnIzNs4ABAYy
Exiv2 has a denial of service due to unbounded recursion in QuickTimeVideo::multipleEntriesDecoder
Ecosystems: pypi
Packages: exiv2
Source: GitHub Advisory Database
Blast Radius: 3.8
Published: about 9 hours ago
Moderate
GSA_kwCzR0hTQS1nOXhtLTc1MzgtbXE4d84ABAYx
Exiv2 has an out-of-bounds read in QuickTimeVideo::NikonTagsDecoder
Ecosystems: pypi
Packages: exiv2
Source: GitHub Advisory Database
Blast Radius: 3.8
Published: about 9 hours ago
Moderate
GSA_kwCzR0hTQS0zN2dtLWg1d3ItcGYyNc4ABAWF
Path traversal in redaxo
Ecosystems: packagist
Packages: redaxo/source
Source: GitHub Advisory Database
Blast Radius: 4.9
Published: 1 day ago
Low
GSA_kwCzR0hTQS03YzRjLTc0OWotcGZwMs4ABAWE
Admidio Vulnerable to HTML Injection In The Messages Section
Ecosystems: packagist
Packages: admidio/admidio
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 1 day ago
High
GSA_kwCzR0hTQS1oN3c5LWM1dngteDdqM84ABAUw
Insecure Default Initialization of Resource vulnerability in Apache Solr
Ecosystems: maven
Packages: org.apache.solr:solr
Source: GitHub Advisory Database
Blast Radius: 19.6
Published: 1 day ago
Critical
GSA_kwCzR0hTQS1tanZmLTRoODgtNnhtM84ABAUj
Improper Authentication vulnerability in Apache Solr
Ecosystems: maven
Packages: org.apache.solr:solr
Source: GitHub Advisory Database
Blast Radius: 23.7
Published: 1 day ago
Low
GSA_kwCzR0hTQS1oNDdoLW13cDktYzZxNs4ABATf
Possible ReDoS vulnerability in block_format in Action Mailer
Ecosystems: rubygems
Packages: actionmailer
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 days ago
Low
GSA_kwCzR0hTQS13d2h2LXd4djktcnBnd84ABATc
Possible ReDoS vulnerability in plain_text_for_blockquote_node in Action Text
Ecosystems: rubygems
Packages: actiontext
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 days ago
Low
GSA_kwCzR0hTQS12Zmc5LXIzZnEtanZ4NM4ABATd
Possible ReDoS vulnerability in HTTP Token authentication in Action Controller
Ecosystems: rubygems
Packages: actionpack
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 days ago
Moderate
GSA_kwCzR0hTQS14NzZ3LTZ2anItOHhnas4ABATe
Possible ReDoS vulnerability in query parameter filtering in Action Dispatch
Ecosystems: rubygems
Packages: actionpack
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 days ago
Moderate
GSA_kwCzR0hTQS04anBnLTYyamMtaHdocs4ABATC
VM images built with Image Builder with some providers use default credentials during builds in github.com/kubernetes-sigs/image-builder
Ecosystems: go
Packages: github.com/kubernetes-sigs/image-builder
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 2 days ago
Critical
GSA_kwCzR0hTQS05MjI0LWdndnctd2g3ds4ABATP
VM images built with Image Builder and Proxmox provider use default credentials in github.com/kubernetes-sigs/image-builder
Ecosystems: go
Packages: github.com/kubernetes-sigs/image-builder
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 2 days ago
Moderate
GSA_kwCzR0hTQS14aHIzLXdmN2otaDI1Nc4ABATH
Infinite loop in github.com/gomarkdown/markdown
Ecosystems: go
Packages: github.com/gomarkdown/markdown
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 days ago
High
GSA_kwCzR0hTQS1mOTZoLXBtZnItNjZ2d84ABARh
Starlette Denial of service (DoS) via multipart/form-data
Ecosystems: pypi
Packages: starlette
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 days ago
High
GSA_kwCzR0hTQS1xY3ZoLXA5anEtd3A4ds4ABARg
Malicious homeservers can steal message keys when the matrix-react-sdk user invites another user to a room
Ecosystems: npm
Packages: matrix-react-sdk
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 days ago
High
GSA_kwCzR0hTQS00amY4LWc4d3AtY3g3Y84ABARf
Matrix JavaScript SDK's key history sharing could share keys to malicious devices
Ecosystems: npm
Packages: matrix-js-sdk
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 days ago
Critical
GSA_kwCzR0hTQS00cjd2LXdocGctOHJ4M84ABARe
changedetection.io has a Server Side Template Injection using Jinja2 which allows Remote Command Execution
Ecosystems: pypi
Packages: changedetection.io
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 2 days ago
Critical
GSA_kwCzR0hTQS1yOW1xLTNjOXItZm1qcc4ABARd
Vendure asset server plugin has local file read vulnerability with AssetServerPlugin & LocalAssetStorageStrategy
Ecosystems: npm
Packages: @vendure/asset-server-plugin
Source: GitHub Advisory Database
Blast Radius: 16.4
Published: 2 days ago
Moderate
GSA_kwCzR0hTQS0yMjM0LWZtdzctNDN3cs4ABARc
Hano allows bypass of CSRF Middleware by a request without Content-Type header.
Ecosystems: npm
Packages: hono
Source: GitHub Advisory Database
Blast Radius: 16.7
Published: 2 days ago
High
GSA_kwCzR0hTQS1mbWo3LTdnZnctNjRwZ84ABARb
Agent Dart is missing certificate verification checks
Ecosystems: pub
Packages: agent_dart
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 days ago
Low
GSA_kwCzR0hTQS1mYzloLXdocTItdjc0N84ABARZ
Valid ECDSA signatures erroneously rejected in Elliptic
Ecosystems: npm
Packages: elliptic
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 days ago
Moderate
GSA_kwCzR0hTQS02amd3LXJnbW0tN2N2Ns4ABARX
PyO3 has a risk of use-after-free in `borrowed` reads from Python weak references
Ecosystems: cargo
Packages: pyo3
Source: GitHub Advisory Database
Blast Radius: 17.9
Published: 2 days ago
High
GSA_kwCzR0hTQS1jeDk1LXE2Z3gtdzRxcM4ABARQ
SAK-50571 Sakai Kernel users created with type roleview can login as a normal user
Ecosystems: maven
Packages: org.sakaiproject.kernel:sakai-kernel-impl
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 days ago
Moderate
GSA_kwCzR0hTQS00d3gzLTU0Z2gtOWZyOc4ABAQx
Cross site scripting in markdown-to-jsx
Ecosystems: npm
Packages: markdown-to-jsx
Source: GitHub Advisory Database
Blast Radius: 29.0
Published: 3 days ago
Moderate
GSA_kwCzR0hTQS1wZjV2LXBxZnYteDhqas4ABAQZ
OpenCanary Executes Commands From Potentially Writable Config File
Ecosystems: pypi
Packages: OpenCanary
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: 3 days ago
Low
GSA_kwCzR0hTQS1xaDhnLTU4cHAtMnd4aM4ABAQY
Eclipse Jetty URI parsing of invalid authority
Ecosystems: maven
Packages: org.eclipse.jetty:jetty-http
Source: GitHub Advisory Database
Blast Radius: 14.5
Published: 3 days ago
Moderate
GSA_kwCzR0hTQS1nOG01LTcyMnItOHdocc4ABAQX
Eclipse Jetty's ThreadLimitHandler.getRemote() vulnerable to remote DoS attacks
Ecosystems: maven
Packages: org.eclipse.jetty:jetty-server
Source: GitHub Advisory Database
Blast Radius: 26.8
Published: 3 days ago
Low
GSA_kwCzR0hTQS1yN200LWY5aDUtZ3I3Oc4ABAQW
Eclipse Jetty's PushSessionCacheFilter can cause remote DoS attacks
Ecosystems: maven
Packages: org.eclipse.jetty:jetty-servlets
Source: GitHub Advisory Database
Blast Radius: 12.2
Published: 3 days ago
Low
GSA_kwCzR0hTQS0zYzMyLTRocTktNndnas4ABAQV
SpiceDB calls to LookupResources using LookupResources2 with caveats may return context is missing when it is not
Ecosystems: go
Packages: github.com/authzed/spicedb
Source: GitHub Advisory Database
Blast Radius: 2.5
Published: 3 days ago
Moderate
GSA_kwCzR0hTQS14bW1tLWp3NzYtcTd2Z84ABAQU
One Time Passcode (OTP) is valid longer than expiration timeSeverity
Ecosystems: maven
Packages: org.keycloak:keycloak-core
Source: GitHub Advisory Database
Blast Radius: 14.7
Published: 3 days ago
High
GSA_kwCzR0hTQS01cnhwLTJyaHItcXdxds4ABAQT
Session fixation in Elytron SAML adapters
Ecosystems: maven
Packages: org.keycloak:keycloak-services
Source: GitHub Advisory Database
Blast Radius: 19.5
Published: 3 days ago
Moderate
GSA_kwCzR0hTQS13OGdyLXh3cDQtcjlmN84ABAQS
Vulnerable Redirect URI Validation Results in Open Redirect
Ecosystems: maven
Packages: org.keycloak:keycloak-services
Source: GitHub Advisory Database
Blast Radius: 16.8
Published: 3 days ago
High
GSA_kwCzR0hTQS14Z2Z2LXhweDgtcWhjcs4ABAQR
Improper Verification of SAML Responses Leading to Privilege Escalation in Keycloak
Ecosystems: maven
Packages: org.keycloak:keycloak-saml-core
Source: GitHub Advisory Database
Blast Radius: 18.1
Published: 3 days ago
Low
GSA_kwCzR0hTQS12djZjLTY5cjYtY2hnOc4ABAQQ
Go-Landlock in best-effort mode did not restrict TCP bind and connect operations correctly
Ecosystems: go
Packages: github.com/landlock-lsm/go-landlock
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 days ago
Moderate
GSA_kwCzR0hTQS1tODV3LTNoOTUtaGNmOc4ABAQP
DOM Clobbering Gadget found in astro's client-side router that leads to XSS
Ecosystems: npm
Packages: astro
Source: GitHub Advisory Database
Blast Radius: 25.2
Published: 3 days ago
Moderate
GSA_kwCzR0hTQS1nNzd4LTQ0eHgtNTMybc4ABAQO
Denial of Service condition in Next.js image optimization
Ecosystems: npm
Packages: next
Source: GitHub Advisory Database
Blast Radius: 32.7
Published: 3 days ago
High
GSA_kwCzR0hTQS00NDNqLWdyeHYtMnBnds4ABAPx
Apache ActiveMQ Artemis: Authenticated users could perform RCE via Jolokia MBeans
Ecosystems: maven
Packages: org.apache.activemq:artemis-cli
Source: GitHub Advisory Database
Blast Radius: 17.4
Published: 3 days ago
Moderate
GSA_kwCzR0hTQS1qMjZ3LWY5cnEtbXIycc4ABAPv
Eclipse Jetty has a denial of service vulnerability on DosFilter
Ecosystems: maven
Packages: org.eclipse.jetty:jetty-servlets, org.eclipse.jetty.ee9:jetty-ee9-servlets, org.eclipse.jetty.ee8:jetty-ee8-servlets, org.eclipse.jetty.ee10:jetty-ee10-servlets
Source: GitHub Advisory Database
Blast Radius: 20.8
Published: 3 days ago
Critical
GSA_kwCzR0hTQS03Nm13LTZwOTUteDl4Nc4ABAOn
pac4j-core affected by a Java deserialization vulnerability
Ecosystems: maven
Packages: org.pac4j:pac4j-core
Source: GitHub Advisory Database
Blast Radius: 25.1
Published: 6 days ago
Moderate
GSA_kwCzR0hTQS02aDY0LWc3Y2otaGo1Ns4ABAOH
Lord of Large Language Models (LoLLMs) path traversal vulnerability in the api open_personality_folder endpoint
Ecosystems: pypi
Packages: lollms
Source: GitHub Advisory Database
Blast Radius: 2.6
Published: 6 days ago
Critical
GSA_kwCzR0hTQS12Z3hxLTZyY2YtcXdyd84ABANd
angular-base64-upload vulnerable to unauthenticated remote code execution
Ecosystems: npm
Packages: angular-base64-upload
Source: GitHub Advisory Database
Blast Radius: 19.7
Published: 6 days ago
Moderate
GSA_kwCzR0hTQS04cm0yLTkzbXEtanFoY84ABANU
Extract has insufficient checks allowing attacker to create symlinks outside the extraction directory.
Ecosystems: go
Packages: github.com/codeclysm/extract, github.com/codeclysm/extract/v4, github.com/codeclysm/extract/v3
Source: GitHub Advisory Database
Blast Radius: 10.8
Published: 6 days ago
High
GSA_kwCzR0hTQS1neDltLXdoam0tODVqZs4ABANT
DOMpurify has a nesting-based mXSS
Ecosystems: npm
Packages: dompurify
Source: GitHub Advisory Database
Blast Radius: 47.5
Published: 6 days ago
Critical
GSA_kwCzR0hTQS1qMmhyLXE5M3gtZ3h2aM4ABANS
SSOReady has an XML Signature Bypass via differential XML parsing
Ecosystems: go
Packages: github.com/ssoready/ssoready
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 6 days ago
High
GSA_kwCzR0hTQS01N3FoLXZtanItNWp4Z84ABAMx
Snipe-IT remote code execution
Ecosystems: packagist
Packages: snipe/snipe-it
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 days ago
Low
GSA_kwCzR0hTQS03cGdyLTMyZngtYzZ4Oc4ABAM8
Lord of Large Language Models (LoLLMs) Server path traversal vulnerability in lollms_file_system.py
Ecosystems: pypi
Packages: lollms
Source: GitHub Advisory Database
Blast Radius: 2.0
Published: 6 days ago
Critical
GSA_kwCzR0hTQS1wcHBnLWNwZnEtaDd3cs4ABAM3
JSONPath Plus Remote Code Execution (RCE) Vulnerability
Ecosystems: npm
Packages: jsonpath-plus
Source: GitHub Advisory Database
Blast Radius: 42.8
Published: 6 days ago
Low
GSA_kwCzR0hTQS0yNmpoLXI4ZzItNmZwcs4ABAMK
Gradio's dropdown component pre-process step does not limit the values to those in the dropdown list
Ecosystems: pypi
Packages: gradio
Source: GitHub Advisory Database
Blast Radius: 21.6
Published: 7 days ago
Moderate
GSA_kwCzR0hTQS1ndnY2LTMzajctODg0Z84ABAMJ
Gradio has an XSS on every Gradio server via upload of HTML files, JS files, or SVG files
Ecosystems: pypi
Packages: gradio
Source: GitHub Advisory Database
Blast Radius: 22.0
Published: 7 days ago
High
GSA_kwCzR0hTQS0yNzlqLXg0Z3gtaGZyaM4ABAMI
Gradio uses insecure communication between the FRP client and server
Ecosystems: pypi
Packages: gradio
Source: GitHub Advisory Database
Blast Radius: 33.0
Published: 7 days ago
High
GSA_kwCzR0hTQS14aDJ4LTNtcm0tZndxbc4ABAMH
Gradio has a race condition in update_root_in_config may redirect user traffic
Ecosystems: pypi
Packages: gradio
Source: GitHub Advisory Database
Blast Radius: 28.5
Published: 7 days ago
Moderate
GSA_kwCzR0hTQS1qNzU3LXBmNTctZjhyNM4ABAMG
Gradio performs a non-constant-time comparison when comparing hashes
Ecosystems: pypi
Packages: gradio
Source: GitHub Advisory Database
Blast Radius: 15.1
Published: 7 days ago
Moderate
GSA_kwCzR0hTQS00cTNjLWNqN2ctamN3Zs4ABAMF
Gradio has several components with post-process steps allow arbitrary file leaks
Ecosystems: pypi
Packages: gradio
Source: GitHub Advisory Database
Blast Radius: 21.6
Published: 7 days ago
High
GSA_kwCzR0hTQS04Yzg3LWd2aGoteG04bc4ABAME
Gradio lacks integrity checking on the downloaded FRP client
Ecosystems: pypi
Packages: gradio
Source: GitHub Advisory Database
Blast Radius: 30.5
Published: 7 days ago
Low
GSA_kwCzR0hTQS1obTNjLTkzcGctNGN4d84ABAMD
In Gradio, the `enable_monitoring` flag set to `False` does not disable monitoring
Ecosystems: pypi
Packages: gradio
Source: GitHub Advisory Database
Blast Radius: 17.5
Published: 7 days ago
Moderate
GSA_kwCzR0hTQS01NzZjLTNqNTMtcjlqas4ABAMC
Gradio vulnerable to SSRF in the path parameter of /queue/join
Ecosystems: pypi
Packages: gradio
Source: GitHub Advisory Database
Blast Radius: 29.3
Published: 7 days ago
Moderate
GSA_kwCzR0hTQS0zN3FjLXFneDYtOXhqds4ABAMB
Gradio has a one-level read path traversal in `/custom_component`
Ecosystems: pypi
Packages: gradio
Source: GitHub Advisory Database
Blast Radius: 21.6
Published: 7 days ago
Moderate
GSA_kwCzR0hTQS04OXYyLXBxZnYtYzVyOc4ABAMA
Gradio's CORS origin validation accepts the null origin
Ecosystems: pypi
Packages: gradio
Source: GitHub Advisory Database
Blast Radius: 22.0
Published: 7 days ago
High
GSA_kwCzR0hTQS1ycjhqLTd3MzQteHA1as4ABALz
Vault Community Edition privilege escalation vulnerability
Ecosystems: go
Packages: github.com/hashicorp/vault
Source: GitHub Advisory Database
Blast Radius: 24.2
Published: 7 days ago
Moderate
GSA_kwCzR0hTQS03N3hxLTZnNzctaDI3NM4ABALi
Gradio's `is_in_or_equal` function may be bypassed
Ecosystems: pypi
Packages: gradio
Source: GitHub Advisory Database
Blast Radius: 26.5
Published: 7 days ago
High
GSA_kwCzR0hTQS0zYzY3LTVod3gtZjZ3eM4ABALh
Gradios's CORS origin validation is not performed when the request has a cookie
Ecosystems: pypi
Packages: gradio
Source: GitHub Advisory Database
Blast Radius: 35.8
Published: 7 days ago
Moderate
GSA_kwCzR0hTQS04cHBoLWdmaHAtdzIyNs4ABALg
Alist reflected Cross-Site Scripting vulnerability
Ecosystems: go
Packages: github.com/alist-org/alist/v3
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 7 days ago
Moderate
GSA_kwCzR0hTQS00Z2Z3LXdmN2MtdzZnMs4ABALS
Authd allows attacker-controlled usernames to yield controllable UIDs
Ecosystems: go
Packages: github.com/ubuntu/authd
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 days ago
High
GSA_kwCzR0hTQS0yN3ZoLWg2bWMtcTZnOM4ABALR
btcd did not correctly re-implement Bitcoin Core's "FindAndDelete()" functionality
Ecosystems: go
Packages: github.com/btcsuite/btcd
Source: GitHub Advisory Database
Blast Radius: 29.8
Published: 7 days ago
Moderate
GSA_kwCzR0hTQS04cHhnLWdjcDQtNTd3d84ABAK0
Magento Open Source Improper Access Control vulnerability
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 2.9
Published: 8 days ago
High
GSA_kwCzR0hTQS01ZjY0LXBwbWctY3Z2bc4ABALB
Magento Open Source Improper Authorization vulnerability
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 7.0
Published: 8 days ago
Moderate
GSA_kwCzR0hTQS1qM21oLXd4NWYtMnZoZ84ABAK7
Magento Open Source Information Exposure vulnerability
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 2.9
Published: 8 days ago
Moderate
GSA_kwCzR0hTQS14YzVwLTc3M3ctbTNwbc4ABAK_
Magento Open Source Improper Authorization vulnerability
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 5.8
Published: 8 days ago
Moderate
GSA_kwCzR0hTQS00Zjg5LTVjd20tcm01Z84ABALD
Magento Open Source Information Exposure vulnerability
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 2.9
Published: 8 days ago
Low
GSA_kwCzR0hTQS13N3JnLTd3cTItcGpyd84ABAK6
Magento Open Source Improper Access Control vulnerability
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 2.9
Published: 8 days ago
Moderate
GSA_kwCzR0hTQS14ZzM2LThjMnYtanB4aM4ABAKs
Magento Open Source Incorrect Authorization vulnerability
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 4.6
Published: 8 days ago
Moderate
GSA_kwCzR0hTQS0zZnIzLWdjcWgtM20yZ84ABAKn
Magento Open Source Improper Input Validation vulnerability
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 8.2
Published: 8 days ago
Moderate
GSA_kwCzR0hTQS00NmZtLXg4Mm0tNWY3NM4ABAKu
Magento Open Source Improper Access Control vulnerability
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 4.6
Published: 8 days ago
Moderate
GSA_kwCzR0hTQS12M3Y2LWpmdnctbTU3Ns4ABAKv
Magento Open Source Improper Access Control vulnerability
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 4.6
Published: 8 days ago
Moderate
GSA_kwCzR0hTQS13M3AyLXBjM2gtNjl3ds4ABAKq
Magento Open Source Improper Access Control vulnerability
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 5.7
Published: 8 days ago
Moderate
GSA_kwCzR0hTQS1nOWZtLXdjNmgtcHZnas4ABAKo
Magento Open Source Server-Side Request Forgery (SSRF) vulnerability
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 5.9
Published: 8 days ago
Moderate
GSA_kwCzR0hTQS04OHgyLWNxMzQtNWZ3Y84ABAK2
Magento Open Source reflected Cross-Site Scripting (XSS) vulnerability
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 6.6
Published: 8 days ago
Moderate
GSA_kwCzR0hTQS1jODlnLWdxNXItMnh3Ms4ABAK5
Magento Open Source stored Cross-Site Scripting (XSS) vulnerability
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 5.2
Published: 8 days ago
High
GSA_kwCzR0hTQS1jZzUyLTY4ZnYtOTRxcc4ABAKw
Magento Open Source Improper Access Control vulnerability
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 7.0
Published: 8 days ago
Moderate
GSA_kwCzR0hTQS0ycWhxLWZ3OTgtaDZ3Z84ABAKy
Magento Open Source Improper Access Control vulnerability
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 4.6
Published: 8 days ago
Moderate
GSA_kwCzR0hTQS1tNThoLTk5OHgtNjZmM84ABAKx
Magento Open Source Improper Access Control vulnerability
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 4.6
Published: 8 days ago
Moderate
GSA_kwCzR0hTQS04NzNtLTcyZzYtODUzZ84ABAKm
Magento Open Source Cross-Site Scripting (XSS) vulnerability
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 8.7
Published: 8 days ago
Moderate
GSA_kwCzR0hTQS00N2pwLTQ2YzktMjV2Zs4ABAKp
Magento Open Source Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 4.6
Published: 8 days ago
Moderate
GSA_kwCzR0hTQS1xcHA3LTc0MnEtNThqM84ABAKr
Magento Open Source Improper Authorization vulnerability
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 5.8
Published: 8 days ago
Low
GSA_kwCzR0hTQS00MzRnLTI2MzctcW1xcs4ABAJS
Elliptic's verify function omits uniqueness validation
Ecosystems: npm
Packages: elliptic
Source: GitHub Advisory Database
Blast Radius: 30.9
Published: 8 days ago
Low
GSA_kwCzR0hTQS13N3FyLXE5ZmgtZmozNc4ABAJK
Dozzle uses unsafe hash for passwords
Ecosystems: go
Packages: github.com/amir20/dozzle
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 8 days ago
Moderate
GSA_kwCzR0hTQS14Y3ZjLTVoZ3YtcGhxZ84ABAJF
open-webui Insecure Direct Object Reference (IDOR) vulnerability
Ecosystems: pypi
Packages: open-webui
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 8 days ago
Low
GSA_kwCzR0hTQS1tcTkyLWpyMzUtZmZwY84ABAJB
open-webui allows enumeration of file names and traversal of directories by observing the error messages
Ecosystems: pypi
Packages: open-webui
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 8 days ago
Moderate
GSA_kwCzR0hTQS01NGY0LXY2djktOXE4Ms4ABAJI
open-webui allows writing and deleting arbitrary files
Ecosystems: pypi
Packages: open-webui
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 8 days ago
Low
GSA_kwCzR0hTQS03cW14LTNmcHgtcjQ1bc4ABAI_
Wasmtime race condition could lead to WebAssembly control-flow integrity and type safety violations
Ecosystems: cargo
Packages: wasmtime
Source: GitHub Advisory Database
Blast Radius: 9.8
Published: 8 days ago
Moderate
GSA_kwCzR0hTQS1xOGh4LW1tOTItNHd2Z84ABAI-
wasmtime has a runtime crash when combining tail calls with trapping imports
Ecosystems: cargo
Packages: wasmtime
Source: GitHub Advisory Database
Blast Radius: 18.6
Published: 8 days ago
Moderate
GSA_kwCzR0hTQS01ODZwLTc0OWotZmh3cM4ABAIr
Buildah allows arbitrary directory mount
Ecosystems: go
Packages: github.com/containers/buildah
Source: GitHub Advisory Database
Blast Radius: 11.0
Published: 8 days ago
Moderate
GSA_kwCzR0hTQS1wZnI5LTJwOTItcXJocc4ABAH9
Databento Binary Encoding (DBN) has a heap buffer overflow using c_chars_to_str function
Ecosystems: cargo
Packages: dbn
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 8 days ago
Moderate
GSA_kwCzR0hTQS1qcWZ2LWpydnEtOTVqbc4ABAH6
Apache XML Graphics FOP XML External Entity Reference ('XXE') vulnerability
Ecosystems: maven
Packages: org.apache.xmlgraphics:fop-core
Source: GitHub Advisory Database
Blast Radius: 7.9
Published: 9 days ago
High
GSA_kwCzR0hTQS05NzIyLTlqNjctdmpjcs4ABAFl
Improper Authorization in Select Permissions
Ecosystems: cargo
Packages: surrealdb-core, surrealdb
Source: GitHub Advisory Database
Blast Radius: 14.3
Published: 9 days ago
High
GSA_kwCzR0hTQS1xanJ2LXY2cXAteDk5eM4ABAFk
SurrealDB has an Uncaught Exception Handling Parsing Errors on Empty Strings
Ecosystems: cargo
Packages: surrealdb-core, surrealdb
Source: GitHub Advisory Database
Blast Radius: 14.3
Published: 9 days ago
High
GSA_kwCzR0hTQS1mM2N4LTM5NmYtN2pxcM4ABAFj
Livewire Remote Code Execution on File Uploads
Ecosystems: packagist
Packages: livewire/livewire
Source: GitHub Advisory Database
Blast Radius: 31.9
Published: 9 days ago
Low
GSA_kwCzR0hTQS1mZmN2LXY2cHctcWhycM4ABAFi
Denial of Service in TYPO3 Bookmark Toolbar
Ecosystems: packagist
Packages: typo3/cms-backend
Source: GitHub Advisory Database
Blast Radius: 6.8
Published: 9 days ago
High
GSA_kwCzR0hTQS05Y3A5LThndzItOHY3bc4ABAFg
Adguard Home arbitrary file read vulnerability
Ecosystems: go
Packages: github.com/AdguardTeam/AdGuardHome
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 9 days ago
Statistics
Advisories: 20,344
Packages: 8,928
Repositories: 5,444
Ecosystems: 12
Filter by Severity
Moderate 8,824 High 7,045 Critical 3,016 Low 1,123
Filter by Ecosystem
maven 5,801 packagist 4,525 pypi 4,289 npm 3,782 go 2,243 nuget 1,528 rubygems 872 cargo 862 swift 32 hex 30 actions 19 pub 9
Filter by Package
tensorflow 433 tensorflow-gpu 425 tensorflow-cpu 422 moodle/moodle 343 Microsoft.ChakraCore 247 magento/community-edition 235 org.jenkins-ci.main:jenkins-core 193 typo3/cms 174 org.apache.tomcat:tomcat 132 pimcore/pimcore 118 dolibarr/dolibarr 112 typo3/cms-core 106 Django 100 microweber/microweber 94 phpmyadmin/phpmyadmin 92 drupal/core 92 silverstripe/framework 85 apache-airflow 84 drupal/drupal 77 thorsten/phpmyfaq 70 com.fasterxml.jackson.core:jackson-databind 69 Plone 65 symfony/symfony 64 ansible 63 github.com/usememos/memos 63 librenms/librenms 60 actionpack 60 concrete5/concrete5 60 github.com/mattermost/mattermost/server/v8 56 org.apache.struts:struts2-core 55 salt 55 shopware/platform 52 org.keycloak:keycloak-core 51 apache-superset 51 nova 47 github.com/grafana/grafana 47 mlflow 46 com.liferay.portal:release.portal.bom 46 django 44 plone 43 baserproject/basercms 43 nokogiri 43 craftcms/cms 43 rdiffweb 42 shopware/core 40 showdoc/showdoc 40 intelliants/subrion 39 vyper 38 froxlor/froxlor 38 nilsteampassnet/teampass 37 org.xwiki.platform:xwiki-platform-oldcore 37 mautic/core 37 github.com/mattermost/mattermost-server/v6 37 org.apache.tomcat.embed:tomcat-embed-core 37 org.elasticsearch:elasticsearch 36 org.keycloak:keycloak-services 36 com.thoughtworks.xstream:xstream 36 com.jfinal:jfinal 36 github.com/hashicorp/vault 36 net.mingsoft:ms-mcms 35 moin 35 matrix-synapse 35 zendframework/zendframework1 34 github.com/answerdev/answer 34 snipe/snipe-it 34 k8s.io/kubernetes 34 github.com/rancher/rancher 34 org.jenkins-ci.plugins:script-security 32 gradio 32 io.undertow:undertow-core 32 parse-server 31 keystone 31 Pillow 31 opencv-python 31 opencv-contrib-python 31 github.com/argoproj/argo-cd 31 shopware/shopware 30 getgrav/grav 29 github.com/docker/docker 29 github.com/argoproj/argo-cd/v2 27 github.com/hashicorp/nomad 27 centreon/centreon 27 electron 26 github.com/hashicorp/consul 26 directus 26 prestashop/prestashop 26 openssl-src 26 pillow 26 rubygems-update 25 org.keycloak:keycloak-parent 25 org.apache.solr:solr-core 25 gogs.io/gogs 24 magento/core 24 contao/core-bundle 24 mediawiki/core 24 org.eclipse.jetty:jetty-server 24 org.springframework.security:spring-security-core 24 github.com/cilium/cilium 24 grumpydictator/firefly-iii 23 zendframework/zendframework 23 simplesamlphp/simplesamlphp 23 rack 23 puppet 23 remdex/livehelperchat 23 pocketmine/pocketmine-mp 23 getkirby/cms 22 tribalsystems/zenario 22 org.bouncycastle:bcprov-jdk14 22 ckb 22 Microsoft.AspNetCore.App.Runtime.win-x64 21 Microsoft.AspNetCore.App.Runtime.win-x86 21 org.apache.openmeetings:openmeetings-parent 21 @openzeppelin/contracts-upgradeable 21 org.apache.nifi:nifi 21 activerecord 21 github.com/ethereum/go-ethereum 20 @openzeppelin/contracts 20 Microsoft.AspNetCore.App.Runtime.win-arm 20 org.cloudfoundry.identity:cloudfoundry-identity-server 20 glance 20 code.gitea.io/gitea 20 org.springframework:spring-core 19 DotNetNuke.Core 19 contao/contao 19 org.xwiki.platform:xwiki-platform-web-templates 19 laravel/framework 19 golang.org/x/net 18 Microsoft.AspNetCore.App.Runtime.linux-x64 18 langchain 18 wasmtime 18 cockpit-hq/cockpit 18 next 18 github.com/goharbor/harbor 18 Microsoft.AspNetCore.App.Runtime.linux-arm 18 mercurial 18 Microsoft.AspNetCore.App.Runtime.linux-arm64 18 com.liferay.portal:release.dxp.bom 18 topthink/framework 18 Microsoft.AspNetCore.App.Runtime.osx-x64 18 com.vaadin:vaadin-bom 18 forkcms/forkcms 18 Microsoft.AspNetCore.App.Runtime.win-arm64 18 github.com/traefik/traefik/v2 18 mindsdb 18 Microsoft.AspNetCore.App.Runtime.linux-musl-x64 18 helm.sh/helm/v3 17 Microsoft.AspNetCore.App.Runtime.linux-musl-arm64 17 francoisjacquet/rosariosis 17 symfony/security 17 cobbler 17 org.apache.geode:geode-core 17 opencart/opencart 17 notebook 17 genix/cms 17 ezsystems/ezpublish-kernel 17 cakephp/cakephp 17 PaddlePaddle 17 neutron 16 cryptography 16 rusqlite 16 sequelize 16 typo3/cms-backend 16 yetiforce/yetiforce-crm 16 org.apache.jspwiki:jspwiki-main 16 openmage/magento-lts 16 tinymce 16 org.bouncycastle:bcprov-jdk15 16 org.apache.activemq:activemq-client 16 org.apache.dubbo:dubbo 16 ghost 15 pyload-ng 15 october/system 15 paddlepaddle 15 org.apache.struts.xwork:xwork-core 15 ec-cube/ec-cube 15 ethyca-fides 15 smarty/smarty 15 ckeditor4 15 feehi/cms 14 org.apache.inlong:manager-pojo 14 symfony/security-http 14 modoboa 14 silverstripe/cms 14 activesupport 14 phpmailer/phpmailer 14 org.xwiki.platform:xwiki-platform-web 14 github.com/containerd/containerd 14 publify_core 14 pyftpdlib 14 github.com/nats-io/nats-server/v2 14 github.com/zitadel/zitadel 14 bolt/bolt 14 swagger-ui 14 github.com/opencontainers/runc 13 camaleon_cms 13 Microsoft.AspNetCore.App.Runtime.linux-musl-arm 13 elefant/cms 13 lollms 13 org.apache.hadoop:hadoop-main 13 twisted 13
Filter by Repository
https://github.com/tensorflow/tensorflow 433 https://github.com/moodle/moodle 214 https://github.com/chakra-core/ChakraCore 214 https://github.com/xwiki/xwiki-platform 183 https://github.com/jenkinsci/jenkins 150 https://github.com/pimcore/pimcore 113 https://github.com/django/django 113 https://github.com/apache/airflow 98 https://github.com/apache/tomcat 97 https://github.com/microweber/microweber 88 https://github.com/keycloak/keycloak 74 https://github.com/TYPO3/typo3 74 https://github.com/FasterXML/jackson-databind 70 https://github.com/thorsten/phpmyfaq 69 https://github.com/silverstripe/silverstripe-framework 64 https://github.com/usememos/memos 63 https://github.com/rails/rails 59 https://github.com/symfony/symfony 57 https://github.com/Dolibarr/dolibarr 56 https://github.com/ansible/ansible 56 https://github.com/kubernetes/kubernetes 52 https://github.com/librenms/librenms 52 https://github.com/python-pillow/Pillow 52 https://github.com/apache/struts 46 https://github.com/spring-projects/spring-framework 44 https://github.com/shopware/platform 43 https://github.com/argoproj/argo-cd 42 https://github.com/ikus060/rdiffweb 42 https://github.com/concretecms/concretecms 41 https://github.com/grafana/grafana 40 https://github.com/magento/magento2 38 https://github.com/vyperlang/vyper 38 https://github.com/phpmyadmin/phpmyadmin 38 https://github.com/star7th/showdoc 38 https://github.com/plone/Products.CMFPlone 37 https://github.com/openstack/nova 37 https://github.com/x-stream/xstream 36 https://github.com/octobercms/october 35 https://github.com/mautic/mautic 35 https://github.com/answerdev/answer 34 https://github.com/saltstack/salt 34 https://github.com/apache/activemq 33 https://github.com/sparklemotion/nokogiri 32 https://github.com/opencv/opencv 32 https://github.com/matrix-org/synapse 32 https://github.com/go-gitea/gitea 32 https://github.com/PaddlePaddle/Paddle 31 https://github.com/parse-community/parse-server 31 https://github.com/dotnet/runtime 31 https://github.com/craftcms/cms 31 https://github.com/mlflow/mlflow 30 https://github.com/gradio-app/gradio 30 https://github.com/snipe/snipe-it 30 https://github.com/rancher/rancher 29 https://github.com/shopware/shopware 28 https://github.com/openstack/keystone 28 https://github.com/CVEProject/cvelist 28 https://github.com/apache/inlong 27 https://github.com/froxlor/froxlor 26 https://github.com/directus/directus 25 https://github.com/electron/electron 25 https://github.com/contao/contao 25 https://github.com/TYPO3/TYPO3.CMS 24 https://github.com/cilium/cilium 24 https://github.com/getgrav/grav 24 https://github.com/gogs/gogs 24 https://github.com/github/advisory-database 24 https://github.com/strapi/strapi 24 https://github.com/firefly-iii/firefly-iii 23 https://github.com/livehelperchat/livehelperchat 23 https://github.com/eclipse/jetty.project 23 https://github.com/pmmp/PocketMine-MP 23 https://github.com/nervosnetwork/ckb 22 https://github.com/apache/nifi 22 https://github.com/PrestaShop/PrestaShop 22 https://github.com/baserproject/basercms 22 https://github.com/jenkinsci/script-security-plugin 21 https://github.com/apache/cxf 21 https://github.com/umbraco/Umbraco-CMS 20 https://github.com/netty/netty 20 https://github.com/OpenNMS/opennms 20 https://github.com/simplesamlphp/simplesamlphp 20 https://github.com/jeecgboot/jeecg-boot 20 https://github.com/OpenZeppelin/openzeppelin-contracts 20 https://github.com/langchain-ai/langchain 20 https://github.com/hashicorp/consul 19 https://github.com/nilsteampassnet/teampass 19 https://github.com/getkirby/kirby 19 https://github.com/bytecodealliance/wasmtime 19 https://github.com/cloudfoundry/uaa 19 https://github.com/bcgit/bc-java 19 https://github.com/helm/helm 18 https://github.com/nilsteampassnet/TeamPass 18 https://github.com/geoserver/geoserver 18 https://github.com/traefik/traefik 18 https://github.com/rack/rack 18 https://github.com/goharbor/harbor 18 https://github.com/intelliants/subrion 18 https://github.com/rubygems/rubygems 18 https://github.com/moby/moby 17 https://github.com/liufee/cms 17 https://github.com/mindsdb/mindsdb 17 https://github.com/vaadin/platform 17 https://github.com/zitadel/zitadel 17 https://github.com/undertow-io/undertow 17 https://github.com/ethereum/go-ethereum 16 https://github.com/sequelize/sequelize 16 https://github.com/etcd-io/etcd 16 https://github.com/yetiforcecompany/yetiforcecrm 16 https://github.com/tinymce/tinymce 16 https://github.com/hashicorp/vault 16 https://github.com/rusqlite/rusqlite 16 https://github.com/opencast/opencast 16 https://github.com/forkcms/forkcms 16 https://github.com/backstage/backstage 16 https://github.com/TYPO3-CMS/core 16 https://github.com/OpenMage/magento-lts 16 https://github.com/zendframework/zendframework 15 https://github.com/mattermost/mattermost 15 https://github.com/vantage6/vantage6 15 https://github.com/puppetlabs/puppet 15 https://github.com/denoland/deno 15 https://github.com/laravel/framework 15 https://github.com/pyload/pyload 15 https://github.com/centreon/centreon 15 https://github.com/apache/camel 15 https://github.com/pyca/cryptography 15 https://github.com/ethyca/fides 15 https://github.com/PHPMailer/PHPMailer 15 https://github.com/cockpit-hq/cockpit 14 https://github.com/twisted/twisted 14 https://github.com/vercel/next.js 14 https://github.com/xuxueli/xxl-job 14 https://github.com/ckeditor/ckeditor4 14 https://github.com/containerd/containerd 14 https://github.com/cobbler/cobbler 14 https://github.com/dotnet/aspnetcore 14 https://github.com/decidim/decidim 14 https://github.com/TryGhost/Ghost 13 https://github.com/dromara/hutool 13 https://github.com/dompdf/dompdf 13 https://github.com/apache/dolphinscheduler 13 https://github.com/hashicorp/nomad 13 https://github.com/golang/go 13 https://github.com/nodejs/undici 13 https://github.com/publify/publify 13 https://github.com/quarkusio/quarkus 13 https://github.com/ming-soft/MCMS 13 https://github.com/modoboa/modoboa 13 https://github.com/swagger-api/swagger-ui 13 https://github.com/1Panel-dev/1Panel 12 https://github.com/surrealdb/surrealdb 12 https://github.com/pimcore/admin-ui-classic-bundle 12 https://github.com/urllib3/urllib3 12 https://github.com/opencontainers/runc 12 https://github.com/containers/podman 12 https://github.com/laurent22/joplin 12 https://github.com/patriksimek/vm2 12 https://github.com/smarty-php/smarty 12 https://github.com/aio-libs/aiohttp 12 https://github.com/openfga/openfga 12 https://github.com/puma/puma 12 https://github.com/wagtail/wagtail 12 https://github.com/apache/kylin 12 https://github.com/centreon/centreon-archived 12 https://github.com/scrapy/scrapy 11 https://github.com/Studio-42/elFinder 11 https://github.com/yiisoft/yii2 11 https://github.com/igniterealtime/Openfire 11 https://github.com/dpgaspar/Flask-AppBuilder 11 https://github.com/NodeBB/NodeBB 11 https://github.com/cakephp/cakephp 11 https://github.com/vaadin/flow 11 https://github.com/onionshare/onionshare 11 https://github.com/owen2345/camaleon-cms 11 https://github.com/pomerium/pomerium 11 https://github.com/Sylius/Sylius 11 https://github.com/janeczku/calibre-web 11 https://github.com/drupal/core 11 https://github.com/cloudflare/cfrpki 11 https://github.com/top-think/framework 11 https://github.com/thorsten/phpMyFAQ 11 https://github.com/nats-io/nats-server 11 https://github.com/openstack/glance 11 https://github.com/ezsystems/ezpublish-kernel 11 https://github.com/WWBN/AVideo 11 https://github.com/OPCFoundation/UA-.NETStandard 11 https://github.com/sulu/sulu 10 https://github.com/cri-o/cri-o 10 https://github.com/nautobot/nautobot 10 https://github.com/dolibarr/dolibarr 10 https://github.com/DSpace/DSpace 10 https://github.com/apache/zeppelin 10 https://github.com/nextauthjs/next-auth 10 https://github.com/zenml-io/zenml 10 https://github.com/spring-projects/spring-security 10 https://github.com/keystonejs/keystone 10 https://github.com/phusion/passenger 10 https://github.com/greenpau/caddy-security 10