Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories

Browse all Security Advisories for

Loading...
Critical
GSA_kwCzR0hTQS03Nm13LTZwOTUteDl4Nc4ABAOn
pac4j-core affected by a Java deserialization vulnerability
Ecosystems: maven
Packages: org.pac4j:pac4j-core
Source: GitHub Advisory Database
Blast Radius: 25.1
Published: 1 day ago
Moderate
GSA_kwCzR0hTQS02aDY0LWc3Y2otaGo1Ns4ABAOH
Lord of Large Language Models (LoLLMs) path traversal vulnerability in the api open_personality_folder endpoint
Ecosystems: pypi
Packages: lollms
Source: GitHub Advisory Database
Blast Radius: 2.6
Published: 2 days ago
Critical
GSA_kwCzR0hTQS12Z3hxLTZyY2YtcXdyd84ABANd
angular-base64-upload vulnerable to unauthenticated remote code execution
Ecosystems: npm
Packages: angular-base64-upload
Source: GitHub Advisory Database
Blast Radius: 19.7
Published: 2 days ago
Moderate
GSA_kwCzR0hTQS04cm0yLTkzbXEtanFoY84ABANU
Extract has insufficient checks allowing attacker to create symlinks outside the extraction directory.
Ecosystems: go
Packages: github.com/codeclysm/extract, github.com/codeclysm/extract/v4, github.com/codeclysm/extract/v3
Source: GitHub Advisory Database
Blast Radius: 10.8
Published: 2 days ago
High
GSA_kwCzR0hTQS1neDltLXdoam0tODVqZs4ABANT
DOMpurify has a nesting-based mXSS
Ecosystems: npm
Packages: dompurify
Source: GitHub Advisory Database
Blast Radius: 47.5
Published: 2 days ago
Critical
GSA_kwCzR0hTQS1qMmhyLXE5M3gtZ3h2aM4ABANS
SSOReady has an XML Signature Bypass via differential XML parsing
Ecosystems: go
Packages: github.com/ssoready/ssoready
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 2 days ago
High
GSA_kwCzR0hTQS01N3FoLXZtanItNWp4Z84ABAMx
Snipe-IT remote code execution
Ecosystems: packagist
Packages: snipe/snipe-it
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 days ago
Low
GSA_kwCzR0hTQS03cGdyLTMyZngtYzZ4Oc4ABAM8
Lord of Large Language Models (LoLLMs) Server path traversal vulnerability in lollms_file_system.py
Ecosystems: pypi
Packages: lollms
Source: GitHub Advisory Database
Blast Radius: 2.0
Published: 2 days ago
Low
GSA_kwCzR0hTQS0yNmpoLXI4ZzItNmZwcs4ABAMK
Gradio's dropdown component pre-process step does not limit the values to those in the dropdown list
Ecosystems: pypi
Packages: gradio
Source: GitHub Advisory Database
Blast Radius: 21.6
Published: 3 days ago
Moderate
GSA_kwCzR0hTQS1ndnY2LTMzajctODg0Z84ABAMJ
Gradio has an XSS on every Gradio server via upload of HTML files, JS files, or SVG files
Ecosystems: pypi
Packages: gradio
Source: GitHub Advisory Database
Blast Radius: 22.0
Published: 3 days ago
High
GSA_kwCzR0hTQS0yNzlqLXg0Z3gtaGZyaM4ABAMI
Gradio uses insecure communication between the FRP client and server
Ecosystems: pypi
Packages: gradio
Source: GitHub Advisory Database
Blast Radius: 33.0
Published: 3 days ago
High
GSA_kwCzR0hTQS14aDJ4LTNtcm0tZndxbc4ABAMH
Gradio has a race condition in update_root_in_config may redirect user traffic
Ecosystems: pypi
Packages: gradio
Source: GitHub Advisory Database
Blast Radius: 28.5
Published: 3 days ago
Moderate
GSA_kwCzR0hTQS1qNzU3LXBmNTctZjhyNM4ABAMG
Gradio performs a non-constant-time comparison when comparing hashes
Ecosystems: pypi
Packages: gradio
Source: GitHub Advisory Database
Blast Radius: 15.1
Published: 3 days ago
Moderate
GSA_kwCzR0hTQS00cTNjLWNqN2ctamN3Zs4ABAMF
Gradio has several components with post-process steps allow arbitrary file leaks
Ecosystems: pypi
Packages: gradio
Source: GitHub Advisory Database
Blast Radius: 21.6
Published: 3 days ago
High
GSA_kwCzR0hTQS04Yzg3LWd2aGoteG04bc4ABAME
Gradio lacks integrity checking on the downloaded FRP client
Ecosystems: pypi
Packages: gradio
Source: GitHub Advisory Database
Blast Radius: 30.5
Published: 3 days ago
Low
GSA_kwCzR0hTQS1obTNjLTkzcGctNGN4d84ABAMD
In Gradio, the `enable_monitoring` flag set to `False` does not disable monitoring
Ecosystems: pypi
Packages: gradio
Source: GitHub Advisory Database
Blast Radius: 17.5
Published: 3 days ago
Moderate
GSA_kwCzR0hTQS01NzZjLTNqNTMtcjlqas4ABAMC
Gradio vulnerable to SSRF in the path parameter of /queue/join
Ecosystems: pypi
Packages: gradio
Source: GitHub Advisory Database
Blast Radius: 29.3
Published: 3 days ago
Moderate
GSA_kwCzR0hTQS0zN3FjLXFneDYtOXhqds4ABAMB
Gradio has a one-level read path traversal in `/custom_component`
Ecosystems: pypi
Packages: gradio
Source: GitHub Advisory Database
Blast Radius: 21.6
Published: 3 days ago
Moderate
GSA_kwCzR0hTQS04OXYyLXBxZnYtYzVyOc4ABAMA
Gradio's CORS origin validation accepts the null origin
Ecosystems: pypi
Packages: gradio
Source: GitHub Advisory Database
Blast Radius: 22.0
Published: 3 days ago
High
GSA_kwCzR0hTQS1ycjhqLTd3MzQteHA1as4ABALz
Vault Community Edition privilege escalation vulnerability
Ecosystems: go
Packages: github.com/hashicorp/vault
Source: GitHub Advisory Database
Blast Radius: 24.2
Published: 3 days ago
Moderate
GSA_kwCzR0hTQS03N3hxLTZnNzctaDI3NM4ABALi
Gradio's `is_in_or_equal` function may be bypassed
Ecosystems: pypi
Packages: gradio
Source: GitHub Advisory Database
Blast Radius: 26.5
Published: 3 days ago
High
GSA_kwCzR0hTQS0zYzY3LTVod3gtZjZ3eM4ABALh
Gradios's CORS origin validation is not performed when the request has a cookie
Ecosystems: pypi
Packages: gradio
Source: GitHub Advisory Database
Blast Radius: 35.8
Published: 3 days ago
Moderate
GSA_kwCzR0hTQS04cHBoLWdmaHAtdzIyNs4ABALg
Alist reflected Cross-Site Scripting vulnerability
Ecosystems: go
Packages: github.com/alist-org/alist/v3
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 days ago
Moderate
GSA_kwCzR0hTQS00Z2Z3LXdmN2MtdzZnMs4ABALS
Authd allows attacker-controlled usernames to yield controllable UIDs
Ecosystems: go
Packages: github.com/ubuntu/authd
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 days ago
High
GSA_kwCzR0hTQS0yN3ZoLWg2bWMtcTZnOM4ABALR
btcd did not correctly re-implement Bitcoin Core's "FindAndDelete()" functionality
Ecosystems: go
Packages: github.com/btcsuite/btcd
Source: GitHub Advisory Database
Blast Radius: 29.8
Published: 3 days ago
Moderate
GSA_kwCzR0hTQS14YzVwLTc3M3ctbTNwbc4ABAK_
Magento Open Source Improper Authorization vulnerability
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 5.8
Published: 3 days ago
Moderate
GSA_kwCzR0hTQS00Zjg5LTVjd20tcm01Z84ABALD
Magento Open Source Information Exposure vulnerability
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 2.9
Published: 3 days ago
Low
GSA_kwCzR0hTQS13N3JnLTd3cTItcGpyd84ABAK6
Magento Open Source Improper Access Control vulnerability
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 2.9
Published: 3 days ago
Moderate
GSA_kwCzR0hTQS04cHhnLWdjcDQtNTd3d84ABAK0
Magento Open Source Improper Access Control vulnerability
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 2.9
Published: 3 days ago
High
GSA_kwCzR0hTQS01ZjY0LXBwbWctY3Z2bc4ABALB
Magento Open Source Improper Authorization vulnerability
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 7.0
Published: 3 days ago
Moderate
GSA_kwCzR0hTQS1qM21oLXd4NWYtMnZoZ84ABAK7
Magento Open Source Information Exposure vulnerability
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 2.9
Published: 3 days ago
Moderate
GSA_kwCzR0hTQS1xcHA3LTc0MnEtNThqM84ABAKr
Magento Open Source Improper Authorization vulnerability
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 5.8
Published: 3 days ago
Moderate
GSA_kwCzR0hTQS00NmZtLXg4Mm0tNWY3NM4ABAKu
Magento Open Source Improper Access Control vulnerability
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 4.6
Published: 3 days ago
Moderate
GSA_kwCzR0hTQS0zZnIzLWdjcWgtM20yZ84ABAKn
Magento Open Source Improper Input Validation vulnerability
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 8.2
Published: 3 days ago
Moderate
GSA_kwCzR0hTQS04OHgyLWNxMzQtNWZ3Y84ABAK2
Magento Open Source reflected Cross-Site Scripting (XSS) vulnerability
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 6.6
Published: 3 days ago
Moderate
GSA_kwCzR0hTQS1nOWZtLXdjNmgtcHZnas4ABAKo
Magento Open Source Server-Side Request Forgery (SSRF) vulnerability
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 5.9
Published: 3 days ago
Moderate
GSA_kwCzR0hTQS13M3AyLXBjM2gtNjl3ds4ABAKq
Magento Open Source Improper Access Control vulnerability
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 5.7
Published: 3 days ago
High
GSA_kwCzR0hTQS1jZzUyLTY4ZnYtOTRxcc4ABAKw
Magento Open Source Improper Access Control vulnerability
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 7.0
Published: 3 days ago
Moderate
GSA_kwCzR0hTQS0ycWhxLWZ3OTgtaDZ3Z84ABAKy
Magento Open Source Improper Access Control vulnerability
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 4.6
Published: 3 days ago
Moderate
GSA_kwCzR0hTQS14ZzM2LThjMnYtanB4aM4ABAKs
Magento Open Source Incorrect Authorization vulnerability
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 4.6
Published: 3 days ago
Moderate
GSA_kwCzR0hTQS04NzNtLTcyZzYtODUzZ84ABAKm
Magento Open Source Cross-Site Scripting (XSS) vulnerability
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 8.7
Published: 3 days ago
Moderate
GSA_kwCzR0hTQS1jODlnLWdxNXItMnh3Ms4ABAK5
Magento Open Source stored Cross-Site Scripting (XSS) vulnerability
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 5.2
Published: 3 days ago
Moderate
GSA_kwCzR0hTQS1tNThoLTk5OHgtNjZmM84ABAKx
Magento Open Source Improper Access Control vulnerability
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 4.6
Published: 3 days ago
Moderate
GSA_kwCzR0hTQS00N2pwLTQ2YzktMjV2Zs4ABAKp
Magento Open Source Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 4.6
Published: 3 days ago
Moderate
GSA_kwCzR0hTQS12M3Y2LWpmdnctbTU3Ns4ABAKv
Magento Open Source Improper Access Control vulnerability
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 4.6
Published: 3 days ago
Low
GSA_kwCzR0hTQS00MzRnLTI2MzctcW1xcs4ABAJS
Elliptic's verify function omits validation
Ecosystems: npm
Packages: elliptic
Source: GitHub Advisory Database
Blast Radius: 30.9
Published: 3 days ago
Low
GSA_kwCzR0hTQS13N3FyLXE5ZmgtZmozNc4ABAJK
Dozzle uses unsafe hash for passwords
Ecosystems: go
Packages: github.com/amir20/dozzle
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 4 days ago
Moderate
GSA_kwCzR0hTQS14Y3ZjLTVoZ3YtcGhxZ84ABAJF
open-webui Insecure Direct Object Reference (IDOR) vulnerability
Ecosystems: pypi
Packages: open-webui
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 4 days ago
Moderate
GSA_kwCzR0hTQS01NGY0LXY2djktOXE4Ms4ABAJI
open-webui allows writing and deleting arbitrary files
Ecosystems: pypi
Packages: open-webui
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 4 days ago
Low
GSA_kwCzR0hTQS1tcTkyLWpyMzUtZmZwY84ABAJB
open-webui allows enumeration of file names and traversal of directories by observing the error messages
Ecosystems: pypi
Packages: open-webui
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 4 days ago
Low
GSA_kwCzR0hTQS03cW14LTNmcHgtcjQ1bc4ABAI_
Wasmtime race condition could lead to WebAssembly control-flow integrity and type safety violations
Ecosystems: cargo
Packages: wasmtime
Source: GitHub Advisory Database
Blast Radius: 9.8
Published: 4 days ago
Moderate
GSA_kwCzR0hTQS1xOGh4LW1tOTItNHd2Z84ABAI-
wasmtime has a runtime crash when combining tail calls with trapping imports
Ecosystems: cargo
Packages: wasmtime
Source: GitHub Advisory Database
Blast Radius: 18.6
Published: 4 days ago
Moderate
GSA_kwCzR0hTQS01ODZwLTc0OWotZmh3cM4ABAIr
Buildah allows arbitrary directory mount
Ecosystems: go
Packages: github.com/containers/buildah
Source: GitHub Advisory Database
Blast Radius: 11.0
Published: 4 days ago
Moderate
GSA_kwCzR0hTQS1wZnI5LTJwOTItcXJocc4ABAH9
Databento Binary Encoding (DBN) has a heap buffer overflow using c_chars_to_str function
Ecosystems: cargo
Packages: dbn
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 4 days ago
Moderate
GSA_kwCzR0hTQS1qcWZ2LWpydnEtOTVqbc4ABAH6
Apache XML Graphics FOP XML External Entity Reference ('XXE') vulnerability
Ecosystems: maven
Packages: org.apache.xmlgraphics:fop-core
Source: GitHub Advisory Database
Blast Radius: 7.9
Published: 4 days ago
High
GSA_kwCzR0hTQS05NzIyLTlqNjctdmpjcs4ABAFl
Improper Authorization in Select Permissions
Ecosystems: cargo
Packages: surrealdb-core, surrealdb
Source: GitHub Advisory Database
Blast Radius: 14.3
Published: 5 days ago
High
GSA_kwCzR0hTQS1xanJ2LXY2cXAteDk5eM4ABAFk
SurrealDB has an Uncaught Exception Handling Parsing Errors on Empty Strings
Ecosystems: cargo
Packages: surrealdb-core, surrealdb
Source: GitHub Advisory Database
Blast Radius: 14.3
Published: 5 days ago
High
GSA_kwCzR0hTQS1mM2N4LTM5NmYtN2pxcM4ABAFj
Livewire Remote Code Execution on File Uploads
Ecosystems: packagist
Packages: livewire/livewire
Source: GitHub Advisory Database
Blast Radius: 31.9
Published: 5 days ago
Low
GSA_kwCzR0hTQS1mZmN2LXY2cHctcWhycM4ABAFi
Denial of Service in TYPO3 Bookmark Toolbar
Ecosystems: packagist
Packages: typo3/cms-backend
Source: GitHub Advisory Database
Blast Radius: 6.8
Published: 5 days ago
High
GSA_kwCzR0hTQS05Y3A5LThndzItOHY3bc4ABAFg
Adguard Home arbitrary file read vulnerability
Ecosystems: go
Packages: github.com/AdguardTeam/AdGuardHome
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 5 days ago
High
GSA_kwCzR0hTQS04ZzRxLXhnNjYtOWZwNM4ABAFe
Microsoft Security Advisory CVE-2024-43485 | .NET Denial of Service Vulnerability
Ecosystems: nuget
Packages: System.Text.Json
Source: GitHub Advisory Database
Blast Radius: 10.1
Published: 5 days ago
High
GSA_kwCzR0hTQS1mMzJjLXc0NDQtOHBwds4ABAFd
Microsoft Security Advisory CVE-2024-43484 | .NET Denial of Service Vulnerability
Ecosystems: nuget
Packages: System.IO.Packaging
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 5 days ago
High
GSA_kwCzR0hTQS1xajY2LW04OGotaG1nas4ABAFc
Microsoft Security Advisory CVE-2024-43483 | .NET Denial of Service Vulnerability
Ecosystems: nuget
Packages: System.IO.Packaging, System.Runtime.Caching, System.Security.Cryptography.Cose
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 5 days ago
Moderate
GSA_kwCzR0hTQS1qcWgyLWNoN3AteHd4aM4ABADo
Quarkus CXF logs passwords and other secrets
Ecosystems: maven
Packages: io.quarkiverse.cxf:quarkus-cxf
Source: GitHub Advisory Database
Blast Radius: 7.5
Published: 5 days ago
Moderate
GSA_kwCzR0hTQS01d3ByLWNqOXAtOTU5cs4ABADn
HTTP Request Smuggling Leading to Client Timeouts in resteasy-netty4
Ecosystems: maven
Packages: org.jboss.resteasy:resteasy-netty4-cdi
Source: GitHub Advisory Database
Blast Radius: 5.7
Published: 5 days ago
Moderate
GSA_kwCzR0hTQS1qajVjLWhocmctdnY1aM4ABADv
xhtml2pdf Denial of Service via crafted string
Ecosystems: pypi
Packages: xhtml2pdf
Source: GitHub Advisory Database
Blast Radius: 17.8
Published: 5 days ago
Moderate
GSA_kwCzR0hTQS1ycnFjLWMyangtNmpnds4ABADW
Django allows enumeration of user e-mail addresses
Ecosystems: pypi
Packages: Django
Source: GitHub Advisory Database
Blast Radius: 18.7
Published: 5 days ago
Moderate
GSA_kwCzR0hTQS01aGdjLTJ2ZnAtbXF2Y84ABADU
Django vulnerable to denial-of-service attack via the urlize() and urlizetrunc() template filters
Ecosystems: pypi
Packages: Django
Source: GitHub Advisory Database
Blast Radius: 26.8
Published: 5 days ago
High
GSA_kwCzR0hTQS03dnc5LWNmd3gtOWd4Oc4ABADL
Microsoft Security Advisory CVE-2024-38229 | .NET Remote Code Execution Vulnerability
Ecosystems: nuget
Packages: Microsoft.AspNetCore.App.Runtime.win-x86, Microsoft.AspNetCore.App.Runtime.win-x64, Microsoft.AspNetCore.App.Runtime.win-arm64, Microsoft.AspNetCore.App.Runtime.win-arm, Microsoft.AspNetCore.App.Runtime.osx-x64, Microsoft.AspNetCore.App.Runtime.osx-arm64, Microsoft.AspNetCore.App.Runtime.linux-x64, Microsoft.AspNetCore.App.Runtime.linux-musl-x64, Microsoft.AspNetCore.App.Runtime.linux-musl-arm64, Microsoft.AspNetCore.App.Runtime.linux-musl-arm, Microsoft.AspNetCore.App.Runtime.linux-arm64, Microsoft.AspNetCore.App.Runtime.linux-arm
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 5 days ago
Low
GSA_kwCzR0hTQS1yZjVtLWg4cTktOXc2cc4ABADH
Information Disclosure in TYPO3 Page Tree
Ecosystems: packagist
Packages: typo3/cms-backend
Source: GitHub Advisory Database
Blast Radius: 8.4
Published: 5 days ago
Moderate
GSA_kwCzR0hTQS1wcjQ1LWNnNHgtZmY0bc4ABACN
ggit is vulnerable to Arbitrary Argument Injection via the clone() API
Ecosystems: npm
Packages: ggit
Source: GitHub Advisory Database
Blast Radius: 19.0
Published: 5 days ago
Moderate
GSA_kwCzR0hTQS02MzM5LWd2N3ctZzVmNM4ABACE
SAP HANA Node.js client package vulnerable to Prototype Pollution
Ecosystems: npm
Packages: @sap/hana-client
Source: GitHub Advisory Database
Blast Radius: 10.9
Published: 5 days ago
Moderate
GSA_kwCzR0hTQS02MmN4LTV4ajQtd2ZtNM4ABACL
ggit is vulnerable to Command Injection via the fetchTags(branch) API
Ecosystems: npm
Packages: ggit
Source: GitHub Advisory Database
Blast Radius: 21.4
Published: 5 days ago
Moderate
GSA_kwCzR0hTQS1jN3htLXJ3cWotcGdjas4ABABl
LimeSurvey Cross Site Scripting vulnerability
Ecosystems: packagist
Packages: limesurvey/limesurvey
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 days ago
Moderate
GSA_kwCzR0hTQS02MzJxLTc3cWotYzg5cc4ABABg
LimeSurvey Cross Site Scripting vulnerability
Ecosystems: packagist
Packages: limesurvey/limesurvey
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 days ago
Moderate
GSA_kwCzR0hTQS03NHEyLTZqcDQtM3Jxcc4ABABh
Krayin CRM vulnerable to Cross Site Scripting (XSS) via the organization name
Ecosystems: packagist
Packages: krayin/laravel-crm
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 days ago
High
GSA_kwCzR0hTQS02aHdyLTZ2MmYtM204OM4ABABf
XXE in PHPSpreadsheet's XLSX reader
Ecosystems: packagist
Packages: phpoffice/phpspreadsheet
Source: GitHub Advisory Database
Blast Radius: 32.3
Published: 6 days ago
Moderate
GSA_kwCzR0hTQS1yOHc4LTc0d3ctajR3aM4ABABe
PhpSpreadsheet HTML writer is vulnerable to Cross-Site Scripting via JavaScript hyperlinks
Ecosystems: packagist
Packages: phpoffice/phpspreadsheet
Source: GitHub Advisory Database
Blast Radius: 23.2
Published: 6 days ago
Moderate
GSA_kwCzR0hTQS13OXh2LXFmOTgtY2NxNM4ABABd
PhpSpreadsheet allows absolute path traversal and Server-Side Request Forgery in HTML writer when embedding images is enabled
Ecosystems: packagist
Packages: phpoffice/phpspreadsheet
Source: GitHub Advisory Database
Blast Radius: 27.1
Published: 6 days ago
High
GSA_kwCzR0hTQS01Z3ByLXcycDUtNm0zN84ABABc
PhpSpreadsheet allows absolute path traversal and Server-Side Request Forgery when opening XLSX file
Ecosystems: packagist
Packages: phpoffice/phpspreadsheet
Source: GitHub Advisory Database
Blast Radius: 33.1
Published: 6 days ago
Moderate
GSA_kwCzR0hTQS1wZjU2LWg5cWYtcnhxNM4ABAA4
Saltcorn Server Stored Cross-Site Scripting (XSS) in event logs page
Ecosystems: npm
Packages: @saltcorn/server
Source: GitHub Advisory Database
Blast Radius: 6.8
Published: 6 days ago
High
GSA_kwCzR0hTQS00M2YzLWg2M3ctcDZmNs4ABAA3
Saltcorn Server allows logged-in users to delete arbitrary files because of a path traversal vulnerability
Ecosystems: npm
Packages: @saltcorn/server
Source: GitHub Advisory Database
Blast Radius: 7.2
Published: 6 days ago
Moderate
GSA_kwCzR0hTQS1jNmN3LWc3ZmMtNGd3Y84ABAA2
Lara-zeus Dynamic Dashboard and Artemis do not validate paragraph widget values which can be used for XSS
Ecosystems: packagist
Packages: lara-zeus/artemis, lara-zeus/dynamic-dashboard
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 days ago
Moderate
GSA_kwCzR0hTQS12NjZnLXA5eDYtdjk4cM4ABAA1
PhpSpreadsheet has an Unauthenticated Cross-Site-Scripting (XSS) in sample file
Ecosystems: packagist
Packages: phpoffice/phpspreadsheet
Source: GitHub Advisory Database
Blast Radius: 26.2
Published: 6 days ago
Moderate
GSA_kwCzR0hTQS1qcXZtLTl4bTItZ2MzOM4AA_9-
Mediawiki Cargo extension vulnerable to Cross-site Scripting
Ecosystems: packagist
Packages: mediawiki/cargo
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 8 days ago
Low
GSA_kwCzR0hTQS1weGc2LXBmNTIteGg4eM4AA_9q
cookie accepts cookie name, path, and domain with out of bounds characters
Ecosystems: npm
Packages: cookie
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 9 days ago
Moderate
GSA_kwCzR0hTQS1xODk4LWZyd3EtZjNxcM4AA_9p
Minecraft MOTD Parser's HtmlGenerator vulnerable to XSS
Ecosystems: packagist
Packages: dev-lancer/minecraft-motd-parser
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 9 days ago
High
GSA_kwCzR0hTQS04eHE5LWc3Y2gtMzVoZ84AA_9o
Parse Server's custom object ID allows to acquire role privileges
Ecosystems: npm
Packages: parse-server
Source: GitHub Advisory Database
Blast Radius: 25.0
Published: 9 days ago
Moderate
GSA_kwCzR0hTQS04aDIyLTZxd3gtcTR3Oc4AA_9g
OpenStack Ironic fails to verify checksums of supplied image_source URLs
Ecosystems: pypi
Packages: ironic
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 9 days ago
Moderate
GSA_kwCzR0hTQS13d2NwLTI2d2MtM2Z4bc4AA_86
JSON-lib mishandles an unbalanced comment string
Ecosystems: maven
Packages: org.kordamp.json:json-lib-core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 9 days ago
High
GSA_kwCzR0hTQS1mbTc2LXc4ancteGY4bc4AA_8h
@saltcorn/plugins-loader unsanitized plugin name leads to a remote code execution (RCE) vulnerability when creating plugins using git source
Ecosystems: npm
Packages: @saltcorn/plugins-loader
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 10 days ago
Low
GSA_kwCzR0hTQS1qajc4LTVmbXYtbXYyOM4AA_8a
Express Open Redirect vulnerability
Ecosystems: npm
Packages: express
Source: GitHub Advisory Database
Blast Radius: 29.5
Published: 10 days ago
High
GSA_kwCzR0hTQS03OHAzLWZ3Y3EtNjJjMs4AA_8Q
@saltcorn/server Remote Code Execution (RCE) / SQL injection via prototype pollution by manipulating `lang` and `defstring` parameters when setting localizer strings
Ecosystems: npm
Packages: @saltcorn/server
Source: GitHub Advisory Database
Blast Radius: 8.0
Published: 10 days ago
Moderate
GSA_kwCzR0hTQS1jZnF4LWY0M20tdmZoN84AA_8P
@saltcorn/server arbitrary file and directory listing when accessing build mobile app results
Ecosystems: npm
Packages: @saltcorn/server
Source: GitHub Advisory Database
Blast Radius: 5.5
Published: 10 days ago
Moderate
GSA_kwCzR0hTQS0yNzdoLXB4NG0tNjJxOM4AA_8O
@saltcorn/server arbitrary file zip read and download when downloading auto backups
Ecosystems: npm
Packages: @saltcorn/server
Source: GitHub Advisory Database
Blast Radius: 4.9
Published: 10 days ago
High
GSA_kwCzR0hTQS01Z2MyLTdjNjUtOGZxOM4AA_75
async-graphql Directive Overload
Ecosystems: cargo
Packages: async-graphql
Source: GitHub Advisory Database
Blast Radius: 19.9
Published: 10 days ago
Moderate
GSA_kwCzR0hTQS01OTNtLTU1aGgtajhnds4AA_74
Sentry SDK Prototype Pollution gadget in JavaScript SDKs
Ecosystems: npm
Packages: @sentry/browser
Source: GitHub Advisory Database
Blast Radius: 24.4
Published: 10 days ago
Moderate
GSA_kwCzR0hTQS02Nzg0LTljODItdnI4Nc4AA_73
Injection of arbitrary HTML/JavaScript code through the media download URL
Ecosystems: packagist
Packages: sulu/sulu
Source: GitHub Advisory Database
Blast Radius: 12.8
Published: 10 days ago
Moderate
GSA_kwCzR0hTQS0yNTV3LTg3cmgtcmc0NM4AA_72
Cross-site Scripting via uploaded SVG
Ecosystems: packagist
Packages: sulu/sulu
Source: GitHub Advisory Database
Blast Radius: 12.8
Published: 10 days ago
Moderate
GSA_kwCzR0hTQS14d2dqLXZwbTktcTJycc4AA_71
Vulnerable juju introspection abstract UNIX domain socket
Ecosystems: go
Packages: github.com/juju/juju
Source: GitHub Advisory Database
Blast Radius: 8.8
Published: 10 days ago
Statistics
Advisories: 20,301
Packages: 8,913
Repositories: 5,432
Ecosystems: 12
Filter by Package
tensorflow 433 tensorflow-gpu 425 tensorflow-cpu 422 moodle/moodle 343 Microsoft.ChakraCore 247 magento/community-edition 235 org.jenkins-ci.main:jenkins-core 193 typo3/cms 174 org.apache.tomcat:tomcat 132 pimcore/pimcore 118 dolibarr/dolibarr 112 typo3/cms-core 106 Django 100 microweber/microweber 94 phpmyadmin/phpmyadmin 92 drupal/core 92 silverstripe/framework 85 apache-airflow 84 drupal/drupal 77 thorsten/phpmyfaq 70 com.fasterxml.jackson.core:jackson-databind 69 symfony/symfony 64 ansible 63 github.com/usememos/memos 63 Plone 62 librenms/librenms 60 concrete5/concrete5 60 actionpack 58 github.com/mattermost/mattermost/server/v8 56 salt 55 org.apache.struts:struts2-core 55 shopware/platform 52 apache-superset 51 org.keycloak:keycloak-core 50 github.com/grafana/grafana 47 nova 47 mlflow 46 com.liferay.portal:release.portal.bom 46 django 44 plone 43 baserproject/basercms 43 nokogiri 43 craftcms/cms 43 rdiffweb 42 shopware/core 40 showdoc/showdoc 40 intelliants/subrion 39 froxlor/froxlor 38 vyper 38 github.com/mattermost/mattermost-server/v6 37 org.xwiki.platform:xwiki-platform-oldcore 37 mautic/core 37 org.apache.tomcat.embed:tomcat-embed-core 37 nilsteampassnet/teampass 37 github.com/hashicorp/vault 36 com.thoughtworks.xstream:xstream 36 org.elasticsearch:elasticsearch 36 com.jfinal:jfinal 36 net.mingsoft:ms-mcms 35 matrix-synapse 35 moin 35 zendframework/zendframework1 34 github.com/rancher/rancher 34 snipe/snipe-it 34 k8s.io/kubernetes 34 github.com/answerdev/answer 34 org.keycloak:keycloak-services 34 gradio 32 io.undertow:undertow-core 32 org.jenkins-ci.plugins:script-security 32 opencv-contrib-python 31 parse-server 31 github.com/argoproj/argo-cd 31 opencv-python 31 Pillow 31 keystone 31 shopware/shopware 30 getgrav/grav 29 github.com/docker/docker 29 github.com/argoproj/argo-cd/v2 27 github.com/hashicorp/nomad 27 centreon/centreon 27 pillow 26 openssl-src 26 prestashop/prestashop 26 electron 26 directus 26 github.com/hashicorp/consul 26 rubygems-update 25 org.apache.solr:solr-core 25 org.keycloak:keycloak-parent 25 magento/core 24 mediawiki/core 24 org.springframework.security:spring-security-core 24 github.com/cilium/cilium 24 gogs.io/gogs 24 contao/core-bundle 24 rack 23 org.eclipse.jetty:jetty-server 23 grumpydictator/firefly-iii 23 pocketmine/pocketmine-mp 23 remdex/livehelperchat 23 simplesamlphp/simplesamlphp 23 zendframework/zendframework 23 puppet 23 ckb 22 tribalsystems/zenario 22 getkirby/cms 22 org.apache.nifi:nifi 22 org.bouncycastle:bcprov-jdk14 22 Microsoft.AspNetCore.App.Runtime.win-x64 21 Microsoft.AspNetCore.App.Runtime.win-x86 21 @openzeppelin/contracts-upgradeable 21 org.apache.openmeetings:openmeetings-parent 21 activerecord 21 @openzeppelin/contracts 20 glance 20 org.cloudfoundry.identity:cloudfoundry-identity-server 20 Microsoft.AspNetCore.App.Runtime.win-arm 20 github.com/ethereum/go-ethereum 20 code.gitea.io/gitea 20 DotNetNuke.Core 19 contao/contao 19 org.springframework:spring-core 19 laravel/framework 19 org.xwiki.platform:xwiki-platform-web-templates 19 wasmtime 18 github.com/traefik/traefik/v2 18 mercurial 18 langchain 18 com.liferay.portal:release.dxp.bom 18 topthink/framework 18 forkcms/forkcms 18 Microsoft.AspNetCore.App.Runtime.win-arm64 18 Microsoft.AspNetCore.App.Runtime.osx-x64 18 Microsoft.AspNetCore.App.Runtime.linux-x64 18 com.vaadin:vaadin-bom 18 Microsoft.AspNetCore.App.Runtime.linux-musl-x64 18 cockpit-hq/cockpit 18 Microsoft.AspNetCore.App.Runtime.linux-arm64 18 github.com/goharbor/harbor 18 golang.org/x/net 18 Microsoft.AspNetCore.App.Runtime.linux-arm 18 mindsdb 18 PaddlePaddle 17 org.apache.geode:geode-core 17 next 17 opencart/opencart 17 cobbler 17 helm.sh/helm/v3 17 genix/cms 17 francoisjacquet/rosariosis 17 cakephp/cakephp 17 notebook 17 Microsoft.AspNetCore.App.Runtime.linux-musl-arm64 17 ezsystems/ezpublish-kernel 17 symfony/security 17 org.apache.dubbo:dubbo 16 sequelize 16 org.apache.jspwiki:jspwiki-main 16 org.bouncycastle:bcprov-jdk15 16 org.apache.activemq:activemq-client 16 typo3/cms-backend 16 tinymce 16 neutron 16 yetiforce/yetiforce-crm 16 cryptography 16 rusqlite 16 openmage/magento-lts 16 october/system 15 ec-cube/ec-cube 15 smarty/smarty 15 ckeditor4 15 ghost 15 paddlepaddle 15 pyload-ng 15 org.apache.struts.xwork:xwork-core 15 ethyca-fides 15 publify_core 14 feehi/cms 14 phpmailer/phpmailer 14 modoboa 14 github.com/nats-io/nats-server/v2 14 activesupport 14 symfony/security-http 14 org.xwiki.platform:xwiki-platform-web 14 pyftpdlib 14 swagger-ui 14 bolt/bolt 14 github.com/zitadel/zitadel 14 silverstripe/cms 14 github.com/containerd/containerd 14 org.apache.inlong:manager-pojo 14 org.apache.cxf:cxf 13 github.com/mattermost/mattermost-server 13 github.com/opencontainers/runc 13 undici 13 elefant/cms 13 joplin 13 OctoPrint 13
Filter by Repository
https://github.com/tensorflow/tensorflow 433 https://github.com/chakra-core/ChakraCore 214 https://github.com/moodle/moodle 214 https://github.com/xwiki/xwiki-platform 183 https://github.com/jenkinsci/jenkins 150 https://github.com/pimcore/pimcore 113 https://github.com/django/django 113 https://github.com/apache/airflow 98 https://github.com/apache/tomcat 97 https://github.com/microweber/microweber 88 https://github.com/TYPO3/typo3 74 https://github.com/keycloak/keycloak 70 https://github.com/FasterXML/jackson-databind 70 https://github.com/thorsten/phpmyfaq 69 https://github.com/silverstripe/silverstripe-framework 64 https://github.com/usememos/memos 63 https://github.com/symfony/symfony 57 https://github.com/Dolibarr/dolibarr 56 https://github.com/ansible/ansible 56 https://github.com/rails/rails 55 https://github.com/python-pillow/Pillow 52 https://github.com/librenms/librenms 52 https://github.com/kubernetes/kubernetes 50 https://github.com/apache/struts 46 https://github.com/spring-projects/spring-framework 44 https://github.com/shopware/platform 43 https://github.com/ikus060/rdiffweb 42 https://github.com/argoproj/argo-cd 42 https://github.com/concretecms/concretecms 41 https://github.com/grafana/grafana 40 https://github.com/magento/magento2 38 https://github.com/vyperlang/vyper 38 https://github.com/phpmyadmin/phpmyadmin 38 https://github.com/star7th/showdoc 38 https://github.com/openstack/nova 37 https://github.com/plone/Products.CMFPlone 37 https://github.com/x-stream/xstream 36 https://github.com/mautic/mautic 35 https://github.com/octobercms/october 35 https://github.com/answerdev/answer 34 https://github.com/saltstack/salt 34 https://github.com/apache/activemq 33 https://github.com/matrix-org/synapse 32 https://github.com/opencv/opencv 32 https://github.com/go-gitea/gitea 32 https://github.com/sparklemotion/nokogiri 32 https://github.com/parse-community/parse-server 31 https://github.com/PaddlePaddle/Paddle 31 https://github.com/craftcms/cms 31 https://github.com/dotnet/runtime 31 https://github.com/mlflow/mlflow 30 https://github.com/snipe/snipe-it 30 https://github.com/gradio-app/gradio 30 https://github.com/rancher/rancher 29 https://github.com/shopware/shopware 28 https://github.com/CVEProject/cvelist 28 https://github.com/openstack/keystone 28 https://github.com/apache/inlong 27 https://github.com/froxlor/froxlor 26 https://github.com/directus/directus 25 https://github.com/contao/contao 25 https://github.com/electron/electron 25 https://github.com/gogs/gogs 24 https://github.com/github/advisory-database 24 https://github.com/TYPO3/TYPO3.CMS 24 https://github.com/strapi/strapi 24 https://github.com/getgrav/grav 24 https://github.com/cilium/cilium 24 https://github.com/firefly-iii/firefly-iii 23 https://github.com/livehelperchat/livehelperchat 23 https://github.com/eclipse/jetty.project 23 https://github.com/pmmp/PocketMine-MP 23 https://github.com/PrestaShop/PrestaShop 22 https://github.com/baserproject/basercms 22 https://github.com/apache/nifi 22 https://github.com/nervosnetwork/ckb 22 https://github.com/apache/cxf 21 https://github.com/jenkinsci/script-security-plugin 21 https://github.com/OpenZeppelin/openzeppelin-contracts 20 https://github.com/simplesamlphp/simplesamlphp 20 https://github.com/umbraco/Umbraco-CMS 20 https://github.com/netty/netty 20 https://github.com/OpenNMS/opennms 20 https://github.com/jeecgboot/jeecg-boot 20 https://github.com/langchain-ai/langchain 20 https://github.com/bytecodealliance/wasmtime 19 https://github.com/nilsteampassnet/teampass 19 https://github.com/cloudfoundry/uaa 19 https://github.com/getkirby/kirby 19 https://github.com/bcgit/bc-java 19 https://github.com/hashicorp/consul 19 https://github.com/helm/helm 18 https://github.com/intelliants/subrion 18 https://github.com/rack/rack 18 https://github.com/rubygems/rubygems 18 https://github.com/traefik/traefik 18 https://github.com/goharbor/harbor 18 https://github.com/nilsteampassnet/TeamPass 18 https://github.com/geoserver/geoserver 18 https://github.com/zitadel/zitadel 17 https://github.com/liufee/cms 17 https://github.com/vaadin/platform 17 https://github.com/mindsdb/mindsdb 17 https://github.com/moby/moby 17 https://github.com/ethereum/go-ethereum 16 https://github.com/backstage/backstage 16 https://github.com/rusqlite/rusqlite 16 https://github.com/TYPO3-CMS/core 16 https://github.com/hashicorp/vault 16 https://github.com/tinymce/tinymce 16 https://github.com/etcd-io/etcd 16 https://github.com/OpenMage/magento-lts 16 https://github.com/opencast/opencast 16 https://github.com/yetiforcecompany/yetiforcecrm 16 https://github.com/sequelize/sequelize 16 https://github.com/undertow-io/undertow 16 https://github.com/forkcms/forkcms 16 https://github.com/mattermost/mattermost 15 https://github.com/denoland/deno 15 https://github.com/vantage6/vantage6 15 https://github.com/centreon/centreon 15 https://github.com/PHPMailer/PHPMailer 15 https://github.com/zendframework/zendframework 15 https://github.com/pyload/pyload 15 https://github.com/puppetlabs/puppet 15 https://github.com/pyca/cryptography 15 https://github.com/laravel/framework 15 https://github.com/ethyca/fides 15 https://github.com/apache/camel 15 https://github.com/cobbler/cobbler 14 https://github.com/dotnet/aspnetcore 14 https://github.com/xuxueli/xxl-job 14 https://github.com/cockpit-hq/cockpit 14 https://github.com/containerd/containerd 14 https://github.com/twisted/twisted 14 https://github.com/decidim/decidim 14 https://github.com/ckeditor/ckeditor4 14 https://github.com/modoboa/modoboa 13 https://github.com/vercel/next.js 13 https://github.com/nodejs/undici 13 https://github.com/hashicorp/nomad 13 https://github.com/dromara/hutool 13 https://github.com/dompdf/dompdf 13 https://github.com/apache/dolphinscheduler 13 https://github.com/TryGhost/Ghost 13 https://github.com/swagger-api/swagger-ui 13 https://github.com/ming-soft/MCMS 13 https://github.com/quarkusio/quarkus 13 https://github.com/publify/publify 13 https://github.com/golang/go 13 https://github.com/centreon/centreon-archived 12 https://github.com/smarty-php/smarty 12 https://github.com/opencontainers/runc 12 https://github.com/1Panel-dev/1Panel 12 https://github.com/laurent22/joplin 12 https://github.com/puma/puma 12 https://github.com/surrealdb/surrealdb 12 https://github.com/containers/podman 12 https://github.com/pimcore/admin-ui-classic-bundle 12 https://github.com/openfga/openfga 12 https://github.com/urllib3/urllib3 12 https://github.com/patriksimek/vm2 12 https://github.com/aio-libs/aiohttp 12 https://github.com/wagtail/wagtail 12 https://github.com/apache/kylin 12 https://github.com/thorsten/phpMyFAQ 11 https://github.com/cloudflare/cfrpki 11 https://github.com/dpgaspar/Flask-AppBuilder 11 https://github.com/drupal/core 11 https://github.com/openstack/glance 11 https://github.com/janeczku/calibre-web 11 https://github.com/WWBN/AVideo 11 https://github.com/onionshare/onionshare 11 https://github.com/cakephp/cakephp 11 https://github.com/OPCFoundation/UA-.NETStandard 11 https://github.com/Sylius/Sylius 11 https://github.com/top-think/framework 11 https://github.com/owen2345/camaleon-cms 11 https://github.com/Studio-42/elFinder 11 https://github.com/yiisoft/yii2 11 https://github.com/scrapy/scrapy 11 https://github.com/nats-io/nats-server 11 https://github.com/vaadin/flow 11 https://github.com/igniterealtime/Openfire 11 https://github.com/ezsystems/ezpublish-kernel 11 https://github.com/NodeBB/NodeBB 11 https://github.com/pomerium/pomerium 11 https://github.com/apache/superset 10 https://github.com/cri-o/cri-o 10 https://github.com/getsentry/sentry 10 https://github.com/nocodb/nocodb 10 https://github.com/nautobot/nautobot 10 https://github.com/keystonejs/keystone 10 https://github.com/dolibarr/dolibarr 10 https://github.com/sulu/sulu 10 https://github.com/jquery/jquery 10 https://github.com/PHPOffice/PhpSpreadsheet 10 https://github.com/greenpau/caddy-security 10 https://github.com/jenkinsci/git-plugin 10