Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories

Loading...
Moderate
GSA_kwCzR0hTQS13ajdmLTQ2OG0tNm12OM4AA3e_
Environment variables still accessible through /proc
Ecosystems: cargo
Packages: birdcage
Source: GitHub Advisory Database
Published: 3 days ago
Moderate
GSA_kwCzR0hTQS03bTQ4LXdjOTMtOWc4Nc4AA3e-
ASAR Integrity bypass via filetype confusion in electron
Ecosystems: npm
Packages: electron
Source: GitHub Advisory Database
Published: 3 days ago
High
GSA_kwCzR0hTQS03dndyLWc2cG0tOWhjOM4AA3e0
Cookie leakage between different users in fastapi-proxy-lib
Ecosystems: pypi
Packages: fastapi-proxy-lib
Source: GitHub Advisory Database
Published: 3 days ago
Moderate
GSA_kwCzR0hTQS02ZzNqLXA1ZzYtOTkyZs4AA3ez
OpenSearch StackOverflow vulnerability
Ecosystems: maven
Packages: org.opensearch:opensearch
Source: GitHub Advisory Database
Published: 3 days ago
High
GSA_kwCzR0hTQS1yOGo5LTVjajctY3YzOc4AA3ey
Reflected XSS Vulnerability in dpaste
Ecosystems: pypi
Packages: Dpaste
Source: GitHub Advisory Database
Published: 3 days ago
High
GSA_kwCzR0hTQS1mZzI5LTM3cHgtYzd3bc4AA3et
RuoYi vulnerable to SQL injection vulnerability
Ecosystems: maven
Packages: com.ruoyi:ruoyi
Source: GitHub Advisory Database
Published: 3 days ago
Moderate
GSA_kwCzR0hTQS1qMjRoLXhjcGMtOWp3OM4AA3d2
Eclipse IDE XXE in eclipse.platform
Ecosystems: maven
Packages: org.eclipse.platform:org.eclipse.update.configurator, org.eclipse.platform:org.eclipse.ui.intro, org.eclipse.platform:org.eclipse.ui.intro.universal, org.eclipse.platform:org.eclipse.ui.cheatsheets, org.eclipse.platform:org.eclipse.tips.ide, org.eclipse.platform:org.eclipse.help, org.eclipse.platform:org.eclipse.help.webapp, org.eclipse.platform:org.eclipse.help.ui, org.eclipse.platform:org.eclipse.help.base, org.eclipse.platform:org.eclipse.compare.examples.xml, org.eclipse.platform:org.eclipse.team.ui, org.eclipse.platform:org.eclipse.ant.launching, org.eclipse.platform:org.eclipse.ant.core, org.eclipse.core:org.eclipse.core.runtime, org.eclipse.platform:org.eclipse.core.resources, org.eclipse.platform:org.eclipse.debug.ui, org.eclipse.platform:org.eclipse.debug.core, org.eclipse.platform:org.eclipse.core.variables, org.eclipse.platform:org.eclipse.ant.ui
Source: GitHub Advisory Database
Published: 4 days ago
Moderate
GSA_kwCzR0hTQS1wcnIzLWMzbTUtcDdxMs4AA3d1
@adobe/css-tools Improper Input Validation and Inefficient Regular Expression Complexity
Ecosystems: npm
Packages: @adobe/css-tools
Source: GitHub Advisory Database
Published: 4 days ago
Moderate
GSA_kwCzR0hTQS03N2pnLWNwdzktNzN2Z84AA3bl
Apache Cocoon Improper Restriction of XML External Entity Reference vulnerability
Ecosystems: maven
Packages: org.apache.cocoon:cocoon
Source: GitHub Advisory Database
Published: 4 days ago
Moderate
GSA_kwCzR0hTQS1yNDRxLTk4Z3gtcG1oMs4AA3bb
Apache DolphinScheduler Missing Authorization vulnerability
Ecosystems: maven
Packages: org.apache.dolphinscheduler:dolphinscheduler-service, org.apache.dolphinscheduler:dolphinscheduler-dao, org.apache.dolphinscheduler:dolphinscheduler-common, org.apache.dolphinscheduler:dolphinscheduler-api
Source: GitHub Advisory Database
Published: 5 days ago
Moderate
GSA_kwCzR0hTQS04djR3LWpyMzMtNHJoM84AA3bY
Apache Cocoon SQL Injection vulnerability
Ecosystems: maven
Packages: org.apache.cocoon:cocoon
Source: GitHub Advisory Database
Published: 5 days ago
Moderate
GSA_kwCzR0hTQS0yYzd4LXczbXgtaDdwNs4AA3ba
Microweber file upload vulnerability
Ecosystems: packagist
Packages: microweber/microweber
Source: GitHub Advisory Database
Published: 5 days ago
Moderate
GSA_kwCzR0hTQS1ydng4LXAzeHAtZmozcM4AA3a4
October CMS stored XSS by authenticated backend user with improper configuration
Ecosystems: packagist
Packages: october/system
Source: GitHub Advisory Database
Published: 5 days ago
Moderate
GSA_kwCzR0hTQS1neGh4LWc0ZnEtNDloas4AA3a3
CarrierWave Content-Type allowlist bypass vulnerability, possibly leading to XSS
Ecosystems: rubygems
Packages: carrierwave
Source: GitHub Advisory Database
Published: 5 days ago
Critical
GSA_kwCzR0hTQS1wOHEzLWg2NTItNjV2eM4AA3a2
October CMS safe mode bypass using Twig sandbox escape
Ecosystems: packagist
Packages: october/system
Source: GitHub Advisory Database
Published: 5 days ago
Moderate
GSA_kwCzR0hTQS1xMjJqLTVyM2ctOWhtaM4AA3a1
October CMS safe mode bypass using Page template injection
Ecosystems: packagist
Packages: october/system
Source: GitHub Advisory Database
Published: 5 days ago
Low
GSA_kwCzR0hTQS04aGM1LXJtZ2YtcXg2cM4AA3a0
Keycloak vulnerable to LDAP Injection on UsernameForm Login
Ecosystems: maven
Packages: org.keycloak:keycloak-services, org.keycloak:keycloak-ldap-federation
Source: GitHub Advisory Database
Published: 5 days ago
High
GSA_kwCzR0hTQS0yd21qLTQ2cmotcW0yd84AA3az
ZITADEL Account Takeover via Malicious Host Header Injection
Ecosystems: go
Packages: github.com/zitadel/zitadel
Source: GitHub Advisory Database
Published: 5 days ago
Moderate
GSA_kwCzR0hTQS13cGZjLXI1cXEtN3I3cM4AA3af
Jenkins NeuVector Vulnerability Scanner Plugin Cross-Site Request Forgery vulnerability
Ecosystems: maven
Packages: o.jenkins.plugins:neuvector-vulnerability-scanner
Source: GitHub Advisory Database
Published: 5 days ago
High
GSA_kwCzR0hTQS05ZjVnLXJnY3ItOGdyd84AA3aj
Jenkins MATLAB Plugin cross-site request forgery vulnerability
Ecosystems: maven
Packages: org.jenkins-ci.plugins:matlab
Source: GitHub Advisory Database
Published: 5 days ago
Moderate
GSA_kwCzR0hTQS1xbWhxLTg3NmYtY3I2Nc4AA3ag
Jenkins Jira Plugin vulnerable to exposure of system-scoped credentials
Ecosystems: maven
Packages: org.jenkins-ci.plugins:jira
Source: GitHub Advisory Database
Published: 5 days ago
Moderate
GSA_kwCzR0hTQS1wZ3BqLTgzZzMtbWZyMs4AA3ah
Jenkins Google Compute Engine Plugin has incorrect permission checks
Ecosystems: maven
Packages: org.jenkins-ci.plugins:google-compute-engine
Source: GitHub Advisory Database
Published: 5 days ago
Moderate
GSA_kwCzR0hTQS04MnE5LTg4bTItNHY2OM4AA3ai
Jenkins MATLAB Plugin XML External Entity vulnerability
Ecosystems: maven
Packages: org.jenkins-ci.plugins:matlab
Source: GitHub Advisory Database
Published: 5 days ago
High
GSA_kwCzR0hTQS1jdjR4LTlmMzQtOHJwOc4AA3ae
Jenkins MATLAB Plugin missing permission checks
Ecosystems: maven
Packages: org.jenkins-ci.plugins:matlab
Source: GitHub Advisory Database
Published: 5 days ago
Moderate
GSA_kwCzR0hTQS1waDg3LTR4MmctNmhwNM4AA3al
Jenkins NeuVector Vulnerability Scanner Plugin missing permission check
Ecosystems: maven
Packages: o.jenkins.plugins:neuvector-vulnerability-scanner
Source: GitHub Advisory Database
Published: 5 days ago
High
GSA_kwCzR0hTQS12bXE2LTVtNjgtZjUzbc4AA3ab
logback serialization vulnerability
Ecosystems: maven
Packages: ch.qos.logback:logback-core, ch.qos.logback:logback-classic
Source: GitHub Advisory Database
Published: 5 days ago
High
GSA_kwCzR0hTQS1jMzh3LTc0cGctMzZocs4AA3Z_
Marvin Attack: potential key recovery through timing sidechannels
Ecosystems: cargo
Packages: rsa
Source: GitHub Advisory Database
Published: 6 days ago
High
GSA_kwCzR0hTQS00Z3J4LTJ4OXctNTk2Y84AA3Z-
Marvin Attack: potential key recovery through timing sidechannels
Ecosystems: cargo
Packages: rsa
Source: GitHub Advisory Database
Published: 6 days ago
Moderate
GSA_kwCzR0hTQS14cGhmLWN4OGgtN3E5Z84AA3Zx
`openssl` `X509StoreRef::objects` is unsound
Ecosystems: cargo
Packages: openssl
Source: GitHub Advisory Database
Published: 6 days ago
Critical
GSA_kwCzR0hTQS1qZmhtLTVnaGgtMmY5N84AA3Zw
cryptography vulnerable to NULL-dereference when loading PKCS7 certificates
Ecosystems: pypi
Packages: cryptography
Source: GitHub Advisory Database
Published: 6 days ago
High
GSA_kwCzR0hTQS1mNjc4LWo1NzktNHhmNc4AA3Zv
Apache Superset - Elevation of Privilege
Ecosystems: pypi
Packages: apache-superset
Source: GitHub Advisory Database
Published: 6 days ago
Moderate
GSA_kwCzR0hTQS13dzd4LTNneGgtcW02cs4AA3Zu
Validation of SignedInfo
Ecosystems: packagist
Packages: simplesamlphp/saml2, simplesamlphp/xml-security
Source: GitHub Advisory Database
Published: 6 days ago
Moderate
GSA_kwCzR0hTQS01M3Y0LTQyZmctZzI4N84AA3Zo
Apache ActiveMQ Deserialization of Untrusted Data vulnerability
Ecosystems: maven
Packages: org.apache.activemq:apache-activemq
Source: GitHub Advisory Database
Published: 6 days ago
Moderate
GSA_kwCzR0hTQS1mY2N2LWptbXAtcWc3Ns4AA3Zq
Apache Tomcat Improper Input Validation vulnerability
Ecosystems: maven
Packages: org.apache.tomcat:tomcat-catalina
Source: GitHub Advisory Database
Published: 6 days ago
Moderate
GSA_kwCzR0hTQS1oYzc0LTl2am0tYzl4ds4AA3Zp
Apache Superset Open Redirect vulnerability
Ecosystems: pypi
Packages: apache-superset
Source: GitHub Advisory Database
Published: 6 days ago
Moderate
GSA_kwCzR0hTQS05dmZjLXF4Yzgtd3Jwcc4AA3Zm
ureport arbitrary file read vulnerability
Ecosystems: maven
Packages: com.bstek.ureport:ureport2-core
Source: GitHub Advisory Database
Published: 6 days ago
Moderate
GSA_kwCzR0hTQS0zaHA3LTRxcTQtdjVjNs4AA3Zt
Apache Superset Allocation of Resources Without Limits or Throttling vulnerability
Ecosystems: pypi
Packages: apache-superset
Source: GitHub Advisory Database
Published: 6 days ago
Moderate
GSA_kwCzR0hTQS1mZ3B3LTR3NjktajI1Ns4AA3Zs
Apache Superset Exposure of Sensitive Information to an Unauthorized Actor vulnerability
Ecosystems: pypi
Packages: apache-superset
Source: GitHub Advisory Database
Published: 6 days ago
Moderate
GSA_kwCzR0hTQS14d2g5LWdjMzktNTI5OM4AA3Zk
github.com/go-resty/resty/v2 HTTP request body disclosure
Ecosystems: go
Packages: github.com/go-resty/resty/v2
Source: GitHub Advisory Database
Published: 6 days ago
Moderate
GSA_kwCzR0hTQS1qamZoLTU4OWctM2hqeM4AA3ZY
Spring Boot denial of service vulnerability
Ecosystems: maven
Packages: org.springframework.boot:spring-boot
Source: GitHub Advisory Database
Published: 7 days ago
Moderate
GSA_kwCzR0hTQS12OTRoLWh2aGctbWY5aM4AA3ZR
Spring Framework vulnerable to denial of service
Ecosystems: maven
Packages: org.springframework:spring-webmvc
Source: GitHub Advisory Database
Published: 7 days ago
Moderate
GSA_kwCzR0hTQS1xMjR2LWhwZzMtdjNqcM4AA3ZQ
Reactor Netty HTTP Server denial of service vulnerability
Ecosystems: maven
Packages: io.projectreactor.netty:reactor-netty-http
Source: GitHub Advisory Database
Published: 7 days ago
High
GSA_kwCzR0hTQS02OHByLTZmamMtd21nbc4AA3Yo
Improper Neutralization of Input in Advanced User Interface for Jolt
Ecosystems: maven
Packages: org.apache.nifi:nifi-jolt-transform-json-ui
Source: GitHub Advisory Database
Published: 7 days ago
Low
GSA_kwCzR0hTQS00MjMzLTdxNXEtbTdwNs4AA3Yl
google-translate-api-browser Server-Side Request Forgery (SSRF) Vulnerability
Ecosystems: npm
Packages: google-translate-api-browser
Source: GitHub Advisory Database
Published: 7 days ago
Moderate
GSA_kwCzR0hTQS04OGcyLXhnaDktNHBoMs4AA3Yk
OroCommerce get-totals-for-checkout API endpoint returns unwanted data
Ecosystems: packagist
Packages: oro/commerce
Source: GitHub Advisory Database
Published: 7 days ago
Moderate
GSA_kwCzR0hTQS04Z3dqLTY4dzYtN3Y2Y84AA3Yj
OroCommerce Customer Portal Incorrect Customer and Customer Group Frontend Menus pages visibility
Ecosystems: packagist
Packages: oro/customer-portal
Source: GitHub Advisory Database
Published: 7 days ago
Moderate
GSA_kwCzR0hTQS04OTd3LWp2N2otNnI3Z84AA3Yi
OroCRMCallBundle has incorrect call view page visibility
Ecosystems: packagist
Packages: oro/crm-call-bundle
Source: GitHub Advisory Database
Published: 7 days ago
Moderate
GSA_kwCzR0hTQS14MnhtLXA2dnEtNDgyZ84AA3Yh
OroCalendarBundle has incorrect system calendar events visibility
Ecosystems: packagist
Packages: oro/calendar-bundle
Source: GitHub Advisory Database
Published: 7 days ago
High
GSA_kwCzR0hTQS05djNqLTRqNjQtcDkzN84AA3Yg
OroPlatform vulnerable to path traversal during temporary file manipulations
Ecosystems: packagist
Packages: oro/platform
Source: GitHub Advisory Database
Published: 7 days ago
Moderate
GSA_kwCzR0hTQS1xbXZqLTRxcjktdjU0N84AA3Yf
Knative Serving vulnerable to attacker-controlled pod causing denial of service of autoscaler
Ecosystems: go
Packages: knative.dev/serving
Source: GitHub Advisory Database
Published: 7 days ago
High
GSA_kwCzR0hTQS05d3dnLXIzYzctNHZmZ84AA3Ye
Pimcore Admin UI has Two Factor Authentication disabled for non admin security firewalls
Ecosystems: packagist
Packages: pimcore/admin-ui-classic-bundle
Source: GitHub Advisory Database
Published: 7 days ago
High
GSA_kwCzR0hTQS1xM3F4LWM2ZzItN3B3Ms4AA3Yd
aiohttp's ClientSession is vulnerable to CRLF injection via version
Ecosystems: pypi
Packages: aiohttp
Source: GitHub Advisory Database
Published: 7 days ago
Moderate
GSA_kwCzR0hTQS1xdnJ3LXY5cnYtNXJqeM4AA3Yc
aiohttp's ClientSession is vulnerable to CRLF injection via method
Ecosystems: pypi
Packages: aiohttp
Source: GitHub Advisory Database
Published: 7 days ago
Moderate
GSA_kwCzR0hTQS1wamp3LXFoZzgtcDJwOc4AA3Yb
aiohttp has vulnerable dependency that is vulnerable to request smuggling
Ecosystems: pypi
Packages: aiohttp
Source: GitHub Advisory Database
Published: 7 days ago
Moderate
GSA_kwCzR0hTQS1qcHI3LXE1MjMtaHgyNc4AA3X2
phpseclib vulnerable to denial of service
Ecosystems: packagist
Packages: phpseclib/phpseclib
Source: GitHub Advisory Database
Published: 7 days ago
High
GSA_kwCzR0hTQS1yNjhoLWpoaGotOWp2bc4AA3Xs
Validator.isValidSafeHTML is being deprecated and will be deleted from org.owasp.esapi:esapi in 1 year
Ecosystems: maven
Packages: org.owasp.esapi:esapi
Source: GitHub Advisory Database
Published: 7 days ago
Moderate
GSA_kwCzR0hTQS1oZnhoLXJqdjctMjM2Oc4AA3Xr
Uptime Kuma Authenticated remote code execution via TailscalePing
Ecosystems: npm
Packages: uptime-kuma
Source: GitHub Advisory Database
Published: 7 days ago
Moderate
GSA_kwCzR0hTQS1jNmNnLTczcDMtOTczaM4AA3Xa
Apache DolphinScheduler Exposure of Sensitive Information to an Unauthorized Actor vulnerability
Ecosystems: maven
Packages: org.apache.dolphinscheduler:dolphinscheduler-api
Source: GitHub Advisory Database
Published: 7 days ago
Moderate
GSA_kwCzR0hTQS0zOTJjLXZqZnYtaDd3cs4AA3Xd
Apache Superset - Elevation of Privilege
Ecosystems: pypi
Packages: apache-superset
Source: GitHub Advisory Database
Published: 7 days ago
Moderate
GSA_kwCzR0hTQS13cThxLTk5cDUteGZyd84AA3Xf
Apache Superset Cross-site Scripting vulnerability
Ecosystems: pypi
Packages: apache-superset
Source: GitHub Advisory Database
Published: 7 days ago
Moderate
GSA_kwCzR0hTQS12djY1LWZqZmotNDczNs4AA3Xl
Apache Superset has Incorrect Default Permissions
Ecosystems: pypi
Packages: apache-superset
Source: GitHub Advisory Database
Published: 7 days ago
Moderate
GSA_kwCzR0hTQS04NWpqLWM5anItOWpoeM4AA3Xb
Mattermost Improper Access Control vulnerability
Ecosystems: go
Packages: github.com/mattermost/mattermost-server/v6, github.com/mattermost/mattermost/server/v8
Source: GitHub Advisory Database
Published: 7 days ago
Moderate
GSA_kwCzR0hTQS0zNDg3LTNqN2MtN2d3as4AA3XX
Mattermost Uncontrolled Resource Consumption vulnerability
Ecosystems: go
Packages: github.com/mattermost/mattermost-server/v6, github.com/mattermost/mattermost/server/v8
Source: GitHub Advisory Database
Published: 7 days ago
Low
GSA_kwCzR0hTQS1qY2d2LTNwZnEtajRocs4AA3Xh
Mattermost Injection vulnerability
Ecosystems: go
Packages: github.com/mattermost/mattermost-server/v6, github.com/mattermost/mattermost/server/v8
Source: GitHub Advisory Database
Published: 7 days ago
Moderate
GSA_kwCzR0hTQS1qanI3LTM3MnItY3g3eM4AA3XY
Mattermost Exposure of Sensitive Information to an Unauthorized Actor vulnerability
Ecosystems: go
Packages: github.com/mattermost/mattermost-server/v6, github.com/mattermost/mattermost/server/v8
Source: GitHub Advisory Database
Published: 7 days ago
Moderate
GSA_kwCzR0hTQS1qajQ2LTljZ2gtcW1meM4AA3Xc
Mattermost Improper Access Control vulnerability
Ecosystems: go
Packages: github.com/mattermost/mattermost-server/v6, github.com/mattermost/mattermost/server/v8
Source: GitHub Advisory Database
Published: 7 days ago
Moderate
GSA_kwCzR0hTQS1jMzdyLXY4angtN2N2Ms4AA3Xi
Mattermost Uncontrolled Resource Consumption vulnerability
Ecosystems: go
Packages: github.com/mattermost/mattermost-server/v6, github.com/mattermost/mattermost/server/v8
Source: GitHub Advisory Database
Published: 7 days ago
Moderate
GSA_kwCzR0hTQS00Z2h4LThqdzgtcDc2cc4AA3XZ
Mattermost Open Redirect vulnerability
Ecosystems: go
Packages: github.com/mattermost/mattermost-server/v6, github.com/mattermost/mattermost/server/v8
Source: GitHub Advisory Database
Published: 7 days ago
Moderate
GSA_kwCzR0hTQS1qNGMzLTNoNzMtNzRtOc4AA3Xj
Mattermost Uncontrolled Resource Consumption vulnerability
Ecosystems: go
Packages: github.com/mattermost/mattermost-server/v6, github.com/mattermost/mattermost/server/v8
Source: GitHub Advisory Database
Published: 7 days ago
Moderate
GSA_kwCzR0hTQS1wNXByLXZtM2otanh4Zs4AA3Xm
Mattermost Exposure of Sensitive Information to an Unauthorized Actor vulnerability
Ecosystems: go
Packages: github.com/mattermost/mattermost-server/v6, github.com/mattermost/mattermost/server/v8
Source: GitHub Advisory Database
Published: 7 days ago
High
GSA_kwCzR0hTQS03cHZ4LTQ1ODUtaHF3d84AA3W_
sequelize-typescript Prototype Pollution vulnerability
Ecosystems: npm
Packages: sequelize-typescript
Source: GitHub Advisory Database
Published: 10 days ago
Moderate
GSA_kwCzR0hTQS12NHYyLThoODgtNjVxas4AA3W6
Attribute Injection leading to XSS(Cross-Site-Scripting)
Ecosystems: npm
Packages: uptime-kuma
Source: GitHub Advisory Database
Published: 10 days ago
Moderate
GSA_kwCzR0hTQS1ycXI4LXB4aDctY3EzZ84AA3W5
Ethereum ABI decoder DoS when parsing ZST
Ecosystems: pypi
Packages: eth-abi
Source: GitHub Advisory Database
Published: 10 days ago
Critical
GSA_kwCzR0hTQS1mcHZ3LTZtNXYtaHFmcM4AA3W4
Capsule Proxy Authentication bypass using an empty token
Ecosystems: go
Packages: github.com/clastix/capsule-proxy, github.com/projectcapsule/capsule-proxy
Source: GitHub Advisory Database
Published: 10 days ago
Critical
GSA_kwCzR0hTQS05ampjLWdyZzUtNjdnas4AA3W2
SQL injection vulnerability in Meshery
Ecosystems: go
Packages: github.com/layer5io/meshery
Source: GitHub Advisory Database
Published: 10 days ago
High
GSA_kwCzR0hTQS00dnZjLXI0cDQtcWdycs4AA3Wo
Apache DolphinScheduler sensitive information disclosure
Ecosystems: maven
Packages: org.apache.dolphinscheduler:dolphinscheduler
Source: GitHub Advisory Database
Published: 11 days ago
Critical
GSA_kwCzR0hTQS03NXcyLXF2NTUteDdmds4AA3We
openssl npm package vulnerable to command execution
Ecosystems: npm
Packages: openssl
Source: GitHub Advisory Database
Published: 11 days ago
High
GSA_kwCzR0hTQS13anhqLTVtN2ctbWc3cc4AA3WZ
Bouncy Castle Denial of Service (DoS)
Ecosystems: maven
Packages: org.bouncycastle:bcprov-jdk18on
Source: GitHub Advisory Database
Published: 11 days ago
Low
GSA_kwCzR0hTQS04NXA0LXEzNTctNzJoOc4AA3WE
Apache Storm Local Information Disclosure Vulnerability in Storm-core on Unix-Like systems due temporary files
Ecosystems: maven
Packages: org.apache.storm:storm-core
Source: GitHub Advisory Database
Published: 11 days ago
Moderate
GSA_kwCzR0hTQS0yZ2htLXI3NWotcGp4Ms4AA3VQ
Cross-site Scripting in DOMSanitizer
Ecosystems: packagist
Packages: rhukster/dom-sanitizer
Source: GitHub Advisory Database
Published: 12 days ago
Moderate
GSA_kwCzR0hTQS12NDI3LWM0OWotOHc2eM4AA3VI
Cleartext Storage of Sensitive Information in HMAC SHA256 Authentication
Ecosystems: packagist
Packages: codeigniter4/shield
Source: GitHub Advisory Database
Published: 12 days ago
Moderate
GSA_kwCzR0hTQS1qNzJmLWg3NTItbXg0d84AA3VH
Insertion of Sensitive Information into Log
Ecosystems: packagist
Packages: codeigniter4/shield
Source: GitHub Advisory Database
Published: 12 days ago
High
GSA_kwCzR0hTQS1jZjlmLXdtaHAtdjRwcs4AA3U3
Cross-site Scripting potential in custom links, job buttons, and computed fields
Ecosystems: pypi
Packages: nautobot
Source: GitHub Advisory Database
Published: 12 days ago
High
GSA_kwCzR0hTQS04ampoLWozYzItY2pjds4AA3U2
Cross-site Scripting via uploaded assets
Ecosystems: packagist
Packages: statamic/cms
Source: GitHub Advisory Database
Published: 12 days ago
Moderate
GSA_kwCzR0hTQS1yZ2c5LTI2NGgtM2hmd84AA3Ul
Directory Traversal in jeecg-boot
Ecosystems: maven
Packages: org.jeecgframework.boot:jeecg-boot-common
Source: GitHub Advisory Database
Published: 12 days ago
High
GSA_kwCzR0hTQS0yNDkyLXh4cWYtNmg3OM4AA3T0
Cross Site Request Forgery in SwiftyEdit
Ecosystems: packagist
Packages: swiftyedit/swiftyedit
Source: GitHub Advisory Database
Published: 12 days ago
Moderate
GSA_kwCzR0hTQS12bTRwLWdoODIteHE5Ns4AA3Ti
Cross-site Scripting in Admidio
Ecosystems: packagist
Packages: admidio/admidio
Source: GitHub Advisory Database
Published: 12 days ago
Moderate
GSA_kwCzR0hTQS0yODVtLXZoZnEteHg0aM4AA3TU
Elasticsearch Improper Handling of Exceptional Conditions
Ecosystems: maven
Packages: org.elasticsearch:elasticsearch
Source: GitHub Advisory Database
Published: 12 days ago
Critical
GSA_kwCzR0hTQS12NWdqLWZ4M2ctaGNwd84AA3TT
SQL injection in Apache Submarine
Ecosystems: pypi
Packages: apache-submarine
Source: GitHub Advisory Database
Published: 12 days ago
Low
GSA_kwCzR0hTQS1oeDkzLWdjNzMtNXJwcs4AA3TE
Exposure of Sensitive Information in Elastic APM .NET Agent
Ecosystems: nuget
Packages: Elastic.Apm
Source: GitHub Advisory Database
Published: 13 days ago
High
GSA_kwCzR0hTQS01eHFtLWhjNDUtZjJnMs4AA3TF
APM Java Agent Local Privilege Escalation issue
Ecosystems: maven
Packages: co.elastic.apm:apm-agent-parent
Source: GitHub Advisory Database
Published: 13 days ago
Moderate
GSA_kwCzR0hTQS1xZjNjLXJ3OWYtamg3ds4AA3S4
Clear Text Credentials Exposed via Onboarding Task
Ecosystems: pypi
Packages: nautobot-device-onboarding
Source: GitHub Advisory Database
Published: 13 days ago
High
GSA_kwCzR0hTQS1oNzNtLXBjZnctMjVoMs4AA3S3
Download to arbitrary folder can lead to RCE
Ecosystems: pypi
Packages: pyload-ng
Source: GitHub Advisory Database
Published: 13 days ago
High
GSA_kwCzR0hTQS12Y2NnLWY0Z3AtNDV4Oc4AA3S2
Eval Injection in fastbots
Ecosystems: pypi
Packages: fastbots
Source: GitHub Advisory Database
Published: 13 days ago
Moderate
GSA_kwCzR0hTQS0yYzdjLTNtajktOGZxaM4AA3S1
Decryption of malicious PBES2 JWE objects can consume unbounded system resources
Ecosystems: go
Packages: github.com/square/go-jose, github.com/go-jose/go-jose/v3
Source: GitHub Advisory Database
Published: 13 days ago
Moderate
GSA_kwCzR0hTQS1tMm1qLXByNGYtaDlqcM4AA3R9
TorchServe ZipSlip
Ecosystems: pypi
Packages: torchserve
Source: GitHub Advisory Database
Published: 14 days ago
High
GSA_kwCzR0hTQS1xYzRqLWhyajYtY3BwZs4AA3R3
upydev has weak encryption padding
Ecosystems: pypi
Packages: upydev
Source: GitHub Advisory Database
Published: 14 days ago
Moderate
GSA_kwCzR0hTQS12NjR3LTQ5eHctcXE4Oc4AA3R1
Possible user mocking that bypasses basic authentication
Ecosystems: npm
Packages: next-auth
Source: GitHub Advisory Database
Published: 14 days ago
Moderate
GSA_kwCzR0hTQS02aDY3LTkzNHItODJnN84AA3RQ
Bypass of field access control in strapi-plugin-protected-populate
Ecosystems: npm
Packages: strapi-plugin-protected-populate
Source: GitHub Advisory Database
Published: 14 days ago
High
GSA_kwCzR0hTQS00ZjRjLXJoanYtNHdnds4AA3RP
Cross-Site Request Forgery with QueryOnXWiki allows arbitrary database queries
Ecosystems: maven
Packages: org.xwiki.contrib:xwiki-application-admintools
Source: GitHub Advisory Database
Published: 14 days ago
Filter by Package
tensorflow 433 tensorflow-cpu 387 tensorflow-gpu 384 Microsoft.ChakraCore 247 org.jenkins-ci.main:jenkins-core 170 pimcore/pimcore 118 moodle/moodle 116 magento/community-edition 113 org.apache.tomcat:tomcat 106 microweber/microweber 87 django 78 com.fasterxml.jackson.core:jackson-databind 70 thorsten/phpmyfaq 68 apache-airflow 65 actionpack 63 github.com/usememos/memos 59 dolibarr/dolibarr 53 ansible 53 typo3/cms-core 50 librenms/librenms 49 org.apache.struts:struts2-core 48 org.keycloak:keycloak-core 45 shopware/platform 43 phpmyadmin/phpmyadmin 43 rdiffweb 42 showdoc/showdoc 40 Pillow 40 nokogiri 40 baserproject/basercms 39 concrete5/concrete5 39 apache-superset 39 com.thoughtworks.xstream:xstream 37 symfony/symfony 37 plone 36 github.com/answerdev/answer 34 matrix-synapse 34 craftcms/cms 34 github.com/mattermost/mattermost-server/v6 33 typo3/cms 33 snipe/snipe-it 32 shopware/core 32 Plone 32 net.mingsoft:ms-mcms 32 opencv-python 30 opencv-contrib-python 30 k8s.io/kubernetes 30 org.elasticsearch:elasticsearch 29 org.xwiki.platform:xwiki-platform-oldcore 29 intelliants/subrion 29 com.liferay.portal:release.portal.bom 27 froxlor/froxlor 27 parse-server 27 electron 26 io.undertow:undertow-core 26 shopware/shopware 26 openssl-src 26 rubygems-update 25 org.keycloak:keycloak-parent 25 github.com/argoproj/argo-cd 25 gogs.io/gogs 25 activerecord 24 vyper 23 org.springframework:spring-core 23 github.com/hashicorp/nomad 22 prestashop/prestashop 22 org.jenkins-ci.plugins:script-security 22 github.com/hashicorp/consul 22 org.apache.nifi:nifi 22 org.eclipse.jetty:jetty-server 22 org.apache.tomcat.embed:tomcat-embed-core 22 silverstripe/framework 22 remdex/livehelperchat 22 nilsteampassnet/teampass 22 github.com/hashicorp/vault 21 org.apache.openmeetings:openmeetings-parent 21 org.apache.solr:solr-core 21 centreon/centreon 21 pocketmine/pocketmine-mp 21 org.springframework.security:spring-security-core 21 grumpydictator/firefly-iii 20 drupal/core 20 rack 20 @openzeppelin/contracts-upgradeable 19 DotNetNuke.Core 19 github.com/ethereum/go-ethereum 19 tribalsystems/zenario 18 getkirby/cms 18 mautic/core 18 @openzeppelin/contracts 18 github.com/rancher/rancher 18 org.apache.activemq:activemq-client 18 com.vaadin:vaadin-bom 18 github.com/mattermost/mattermost/server/v8 17 org.xwiki.platform:xwiki-platform-web-templates 17 org.bouncycastle:bcprov-jdk14 17 org.apache.geode:geode-core 17 sequelize 17 cakephp/cakephp 17 getgrav/grav 17 Django 16 marked 16 golang.org/x/net 16 Microsoft.AspNetCore.App.Runtime.win-x86 16 Microsoft.AspNetCore.App.Runtime.win-x64 16 yetiforce/yetiforce-crm 16 cockpit-hq/cockpit 16 francoisjacquet/rosariosis 16 puppet 16 github.com/grafana/grafana 16 rusqlite 16 github.com/argoproj/argo-cd/v2 15 langchain 15 org.bouncycastle:bcprov-jdk15 15 Microsoft.AspNetCore.App.Runtime.win-arm 15 org.apache.jspwiki:jspwiki-main 15 forkcms/forkcms 15 activesupport 15 github.com/goharbor/harbor 15 org.keycloak:keycloak-services 15 helm.sh/helm/v3 15 publify_core 14 wasmtime 14 github.com/docker/docker 14 github.com/cilium/cilium 14 Microsoft.AspNetCore.App.Runtime.linux-arm 14 Microsoft.AspNetCore.App.Runtime.linux-arm64 14 Microsoft.AspNetCore.App.Runtime.osx-x64 14 Microsoft.AspNetCore.App.Runtime.linux-x64 14 Microsoft.AspNetCore.App.Runtime.linux-musl-x64 14 modoboa 14 swagger-ui 14 org.xwiki.platform:xwiki-platform-web 14 actionview 14 org.apache.dubbo:dubbo 14 github.com/nats-io/nats-server/v2 14 ezsystems/ezpublish-kernel 13 org.apache.hadoop:hadoop-main 13 notebook 13 Microsoft.AspNetCore.App.Runtime.win-arm64 13 Microsoft.AspNetCore.App.Runtime.linux-musl-arm64 13 tinymce 13 passenger 13 handlebars 13 code.gitea.io/gitea 13 openmage/magento-lts 13 next 13 org.apache.cxf:cxf 13 pyftpdlib 13 october/system 13 cobbler 13 strapi 13 wallabag/wallabag 13 nova 13 pillow 13 lavalite/cms 12 onionshare-cli 12 rails-html-sanitizer 12 mlflow 12 phpmailer/phpmailer 12 com.vaadin:flow-server 12 cryptography 12 ckb 12 impresscms/impresscms 12 vm2 12 directus 12 github.com/containerd/containerd 11 feehi/feehicms 11 org.jenkins-ci.plugins:git 11 contao/core-bundle 11 feehi/cms 11 org.apache.hadoop:hadoop-common 11 ghost 11 github.com/opencontainers/runc 11 Microsoft.NETCore.App.Runtime.win-arm64 11 Microsoft.NETCore.App.Runtime.win-x86 11 Microsoft.NETCore.App.Runtime.win-x64 11 fat_free_crm 11 twisted 11 nodebb 11 topthink/framework 11 org.apache.inlong:manager-pojo 11 calibreweb 11 jquery-rails 11 org.jeecgframework.boot:jeecg-boot-parent 11 elefant/cms 11 ckeditor4 11 org.apache.jspwiki:jspwiki-war 11 org.apache.ranger:ranger 11 org.apache.tika:tika-core 11 keystone 11 urllib3 11 github.com/cloudflare/cfrpki 11 org.jenkins-ci.plugins.workflow:workflow-cps 10 github.com/go-gitea/gitea 10 org.apache.camel:camel-core 10 admidio/admidio 10 Microsoft.NETCore.App 10 Microsoft.AspNetCore.All 10 OctoPrint 10 org.apache.inlong:manager-service 10 laravel/framework 10 salt 10 angular 10 org.apache.cxf:cxf-core 10 jquery 10 rails 10 org.jenkins-ci.plugins.workflow:workflow-cps-global-lib 10 smarty/smarty 10 io.netty:netty 10 org.jboss.netty:netty 10 puma 10 silverstripe/cms 10 org.jenkins-ci.plugins:electricflow 9 com.xuxueli:xxl-job 9 github.com/sylabs/singularity 9 org.springframework:spring-webmvc 9 ssddanbrown/bookstack 9 org.opennms:opennms 9 ezsystems/ezplatform-kernel 9 kiwitcms 9 funadmin/funadmin 9 org.apache.commons:commons-compress 9 studio-42/elfinder 9 com.sonyericsson.jenkins.plugins.bfa:build-failure-analyzer 9 org.igniterealtime.openfire:parent 9 october/cms 9 org.apache.tapestry:tapestry-core 9 org.craftercms:crafter-studio 9 opencv-contrib-python-headless 9 opencv-python-headless 9 sylius/sylius 9 Microsoft.AspNetCore.App.Runtime.linux-musl-arm 9 org.apache.xmlgraphics:batik 9 alextselegidis/easyappointments 9 org.mortbay.jetty:jetty 9 io.jenkins:configuration-as-code 9 pyload-ng 9 next-auth 9 org.apache.hive:hive 9 org.opencrx:opencrx-core-models 9 Microsoft.NetCore.App.Runtime.win-arm 9 Microsoft.NetCore.App.Runtime.win-x64 9 Microsoft.NetCore.App.Runtime.win-x86 9 Microsoft.NetCore.App.Runtime.win-arm64 9 org.webjars.npm:jquery 9 org.apache.tomcat:tomcat-catalina 9 concrete5/core 9 istio.io/istio 9 kevinpapst/kimai2 9 waitress 9 glance 9 codeigniter4/framework 9 org.apache.james:james-server 9 validator 9 ethyca-fides 9 wagtail 9 serve 9 github.com/openfga/openfga 9 org.jenkins-ci.plugins:email-ext 8 Zope 8 org.apache.zeppelin:zeppelin 8 Flask-AppBuilder 8 github.com/traefik/traefik/v2 8 org.jeecgframework.boot:jeecg-boot-common 8 systeminformation 8 org.apache.santuario:xmlsec 8 io.jenkins.blueocean:blueocean 8 Microsoft.NETCore.App.Runtime.linux-arm 8 Microsoft.NETCore.App.Runtime.linux-musl-x64 8 Microsoft.NETCore.App.Runtime.linux-x64 8 Microsoft.NETCore.App.Runtime.linux-arm64 8 Microsoft.NETCore.App.Runtime.linux-musl-arm64 8 Microsoft.AspNetCore.App 8 dompdf/dompdf 8 aiohttp 8 node-forge 8 url-parse 8 matrix-js-sdk 8 steal 8 deno 8 urijs 8 joplin 8 numpy 8 org.apache.shiro:shiro-core 8 @strapi/strapi 8 github.com/kubeedge/kubeedge 8 npm 8 simplesamlphp/simplesamlphp 8 mysql:mysql-connector-java 8 wwbn/avideo 8 org.apache.pdfbox:pdfbox 8 jquery-ui 8 org.webjars.npm:jquery-ui 8 jQuery.UI.Combined 8 jquery-ui-rails 8 jQuery 8 facturascripts/facturascripts 8 october/october 8 org.apache.hive:hive-exec 8 org.yaml:snakeyaml 8