Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories

Loading...
High
GSA_kwCzR0hTQS1oZ3h3LTV4ZzMtNjlqeM4AA7Nw
@hono/node-server has Denial of Service risk when receiving Host header that cannot be parsed
Ecosystems: npm
Packages: @hono/node-server
Source: GitHub Advisory Database
Blast Radius: 11.5
Published: about 9 hours ago
High
GSA_kwCzR0hTQS02Zzd3LTh3cHAtZnJoas4AA7Nv
Infinite loop in rustls::conn::ConnectionCommon::complete_io() with proper client input
Ecosystems: cargo
Packages: rustls
Source: GitHub Advisory Database
Blast Radius: 32.0
Published: about 9 hours ago
Moderate
GSA_kwCzR0hTQS1teDNwLWZocHcteDZyds4AA7NP
TCPDF vulnerable to Regular Expression Denial of Service
Ecosystems: packagist
Packages: tecnickcom/tcpdf
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 10 hours ago
Low
GSA_kwCzR0hTQS0yM3EyLTVnZjgtZ2pwcM4AA7NN
Enabling Authentication does not close all logged in socket connections immediately
Ecosystems: npm
Packages: uptime-kuma
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 11 hours ago
Moderate
GSA_kwCzR0hTQS14ODRjLXAyZzktcnF2Oc4AA7ME
IPv6 enabled on IPv4-only network interfaces
Ecosystems: go
Packages: github.com/docker/docker
Source: GitHub Advisory Database
Blast Radius: 21.6
Published: 1 day ago
High
GSA_kwCzR0hTQS02Y2ptLTRweHctN3hwOc4AA7Lx
Sentry vulnerable to leaking superuser cleartext password in logs
Ecosystems: pypi
Packages: sentry
Source: GitHub Advisory Database
Blast Radius: 16.9
Published: 1 day ago
Low
GSA_kwCzR0hTQS02bTloLTJwcjItOWo4Zs4AA7Lw
1Panel's password verification is suspected to have a timing attack vulnerability
Ecosystems: go
Packages: github.com/1Panel-dev/1Panel
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 1 day ago
High
GSA_kwCzR0hTQS03OTQ3LTQ4cTctY3A1bc4AA7Lv
Dolibarr Application Home Page has HTML injection vulnerability
Ecosystems: packagist
Packages: dolibarr/dolibarr
Source: GitHub Advisory Database
Blast Radius: 5.5
Published: 1 day ago
High
GSA_kwCzR0hTQS1qamZmLXEzcTQtNWhoOM4AA7Lu
@andrei-tatar/nora-firebase-common Prototype Pollution vulnerability
Ecosystems: npm
Packages: @andrei-tatar/nora-firebase-common
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 1 day ago
Moderate
GSA_kwCzR0hTQS03Z3B3LTh3bWMtcG04Z84AA7Ls
aiohttp Cross-site Scripting vulnerability on index pages for static file handling
Ecosystems: pypi
Packages: aiohttp
Source: GitHub Advisory Database
Blast Radius: 29.4
Published: 1 day ago
Moderate
GSA_kwCzR0hTQS0yNTIyLW1yamMtbTY4OM4AA7Kq
Apache Airflow: Sensitive configuration for providers displayed when "non-sensitive-only" config used
Ecosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 days ago
Low
GSA_kwCzR0hTQS04Mmp2LTl3anctcHFoNs4AA7KU
Prototype pollution in emit function
Ecosystems: npm
Packages: derby
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 days ago
Moderate
GSA_kwCzR0hTQS1tNjRxLTRqcWgtZjcyZs4AA7KT
Stored Cross-site Scripting (XSS) in excalidraw's web embed component
Ecosystems: npm
Packages: @excalidraw/excalidraw
Source: GitHub Advisory Database
Blast Radius: 16.6
Published: 2 days ago
Low
GSA_kwCzR0hTQS03ZnBqLTlocjgtMjh2aM4AA7JC
Keycloak vulnerable to impersonation via logout token exchange
Ecosystems: maven
Packages: org.keycloak:keycloak-services
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 days ago
Moderate
GSA_kwCzR0hTQS1jOWg2LXY3OHctNTJ3as4AA7JB
Keycloak vulnerable to session hijacking via re-authentication
Ecosystems: maven
Packages: org.keycloak:keycloak-services
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 days ago
High
GSA_kwCzR0hTQS03MnZwLXhmcmMtNDJ4bc4AA7JA
Keycloak path transversal vulnerability in redirection validation
Ecosystems: maven
Packages: org.keycloak:keycloak-services
Source: GitHub Advisory Database
Blast Radius: 22.3
Published: 2 days ago
High
GSA_kwCzR0hTQS1tNnE5LXAzNzMtZzVxOM4AA7I_
Keycloak's unvalidated cross-origin messages in checkLoginIframe leads to DDoS
Ecosystems: maven
Packages: org.keycloak:keycloak-services
Source: GitHub Advisory Database
Blast Radius: 20.3
Published: 2 days ago
Low
GSA_kwCzR0hTQS1qNjI4LXE4ODUtOGdyNc4AA7I-
Keycloak vulnerable to log Injection during WebAuthn authentication or registration
Ecosystems: maven
Packages: org.keycloak:keycloak-services
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 days ago
High
GSA_kwCzR0hTQS02cW14LTQyaDItajhoNs4AA7I9
.NET Elevation of Privilege Vulnerability
Ecosystems: nuget
Packages: Microsoft.WindowsDesktop.App.Runtime.win-x86, Microsoft.WindowsDesktop.App.Runtime.win-x64, Microsoft.WindowsDesktop.App.Runtime.win-arm64
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 2 days ago
High
GSA_kwCzR0hTQS04bTQ1LTJyam0tajM0N84AA7I8
Handling untrusted input can result in a crash, leading to loss of availability / denial of service
Ecosystems: npm
Packages: @solana/web3.js
Source: GitHub Advisory Database
Blast Radius: 31.3
Published: 2 days ago
Moderate
GSA_kwCzR0hTQS03NHA2LTM5ZjItMjN2M84AA7I7
Blind SSRF Leads to Port Scan by using Webhooks
Ecosystems: nuget
Packages: Umbraco.Cms.Web.BackOffice, Umbraco.Cms.Core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 2 days ago
Moderate
GSA_kwCzR0hTQS1tOTljLXEyNnItbTdtN84AA7I6
Evmos vulnerable to unauthorized account creation with vesting module
Ecosystems: go
Packages: github.com/evmos/evmos/v13, github.com/evmos/evmos/v13/x/vesting
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 2 days ago
Critical
GSA_kwCzR0hTQS12NnJ3LWhoZ2ctd2M0eM4AA7I5
Evmos vulnerable to DOS and transaction fee expropiation through Authz exploit
Ecosystems: go
Packages: github.com/evmos/evmos/v11
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 2 days ago
Moderate
GSA_kwCzR0hTQS00NmM4LTYzNXYtNjhyMs4AA7I4
Keycloak Authorization Bypass vulnerability
Ecosystems: maven
Packages: org.keycloak:keycloak-services
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 days ago
High
GSA_kwCzR0hTQS04cm1tLWdtMjgtcGo4cc4AA7I3
Keycloak Cross-site Scripting (XSS) via assertion consumer service URL in SAML POST-binding flow
Ecosystems: maven
Packages: org.keycloak:keycloak-services
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 days ago
Moderate
GSA_kwCzR0hTQS00ZjUzLXhoM3YtZzh4NM4AA7I2
Keycloak secondary factor bypass in step-up authentication
Ecosystems: maven
Packages: org.keycloak:keycloak-services
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 days ago
High
GSA_kwCzR0hTQS1tcnY4LXBxZmotN2dwNc4AA7I1
Keycloak path traversal vulnerability in the redirect validation
Ecosystems: maven
Packages: org.keycloak:keycloak-services
Source: GitHub Advisory Database
Blast Radius: 19.5
Published: 2 days ago
Moderate
GSA_kwCzR0hTQS1yNTJoLWZqbTctOTNqOM4AA7I0
BlazeMeter Jenkins plugin vulnerable to Cross-Site Request Forgery
Ecosystems: maven
Packages: com.blazemeter.plugins:BlazeMeterJenkinsPlugin
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 days ago
High
GSA_kwCzR0hTQS02cHBnLXJncmctZjU3M84AA7ET
Dolibarr vulnerable to Cross-Site Request Forgery
Ecosystems: packagist
Packages: dolibarr/dolibarr
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 days ago
High
GSA_kwCzR0hTQS1nN3hxLXh2OGMtaDk4Y84AA7Da
Cross-site Scripting (XSS) possible due to improper sanitisation of `href` attributes on `<a>` tags
Ecosystems: rubygems
Packages: phlex
Source: GitHub Advisory Database
Blast Radius: 8.7
Published: 3 days ago
High
GSA_kwCzR0hTQS04Y3BoLW02ODUtNnY2cs4AA7DZ
OpenFGA Authorization Bypass
Ecosystems: go
Packages: github.com/openfga/openfga
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 days ago
Low
GSA_kwCzR0hTQS14Njc0LXY0NWotZnd4d84AA7DY
MSAL.NET applications targeting Xamarin Android and .NET Android (MAUI) susceptible to local denial of service
Ecosystems: nuget
Packages: Microsoft.Identity.Client
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 days ago
Moderate
GSA_kwCzR0hTQS05M2M1LXJqMnAtdzUyeM4AA7CX
Cross-site Scripting (XSS) in mindsdb/mindsdb
Ecosystems: pypi
Packages: mindsdb
Source: GitHub Advisory Database
Blast Radius: 10.9
Published: 4 days ago
Critical
GSA_kwCzR0hTQS1yNmdwLXJmZjItcDNoZs4AA7Ca
llama-index-core Command Injection vulnerability
Ecosystems: pypi
Packages: llama-index-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 4 days ago
Moderate
GSA_kwCzR0hTQS1yZ3A4LXBtMjgtMzc1Oc4AA7CB
langchain vulnerable to path traversal
Ecosystems: pypi
Packages: langchain
Source: GitHub Advisory Database
Blast Radius: 27.8
Published: 4 days ago
Critical
GSA_kwCzR0hTQS1ocTg4LXdnN3EtZ3A0Z84AA7CC
mlflow vulnerable to Path Traversal
Ecosystems: pypi
Packages: mlflow
Source: GitHub Advisory Database
Blast Radius: 34.5
Published: 4 days ago
Critical
GSA_kwCzR0hTQS02aDNmLTQzdnEtNTNoas4AA7CV
Directory traversal in zenml
Ecosystems: pypi
Packages: zenml
Source: GitHub Advisory Database
Blast Radius: 16.3
Published: 4 days ago
High
GSA_kwCzR0hTQS1nOWNqLWNmcHAtNGcyeM4AA7B5
gradio vulnerable to Path Traversal
Ecosystems: pypi
Packages: gradio
Source: GitHub Advisory Database
Blast Radius: 30.5
Published: 4 days ago
High
GSA_kwCzR0hTQS1mNDJtLW12ZnYtY2d3Nc4AA7B7
mlflow vulnerable to Path Traversal
Ecosystems: pypi
Packages: mlflow
Source: GitHub Advisory Database
Blast Radius: 27.8
Published: 4 days ago
High
GSA_kwCzR0hTQS01bXZqLXdtZ2otN3E4Y84AA7CR
mlflow vulnerable to Path Traversal
Ecosystems: pypi
Packages: mlflow
Source: GitHub Advisory Database
Blast Radius: 30.0
Published: 4 days ago
High
GSA_kwCzR0hTQS1tNDljLTVjNTItNjY5Ns4AA7B8
mlflow vulnerable to Path Traversal
Ecosystems: pypi
Packages: mlflow
Source: GitHub Advisory Database
Blast Radius: 27.8
Published: 4 days ago
Critical
GSA_kwCzR0hTQS1odmo1LW12dzktOTNqM84AA7CZ
Insecure deserialization in BentoML
Ecosystems: pypi
Packages: bentoml
Source: GitHub Advisory Database
Blast Radius: 26.4
Published: 4 days ago
Moderate
GSA_kwCzR0hTQS1nM3I1LTcyaGYtcDdwMs4AA7CW
zenml Session Fixation vulnerability
Ecosystems: pypi
Packages: zenml
Source: GitHub Advisory Database
Blast Radius: 6.9
Published: 4 days ago
High
GSA_kwCzR0hTQS13M2gzLTRyajctNHBoNM4AA7B3
Request smuggling leading to endpoint restriction bypass in Gunicorn
Ecosystems: pypi
Packages: gunicorn
Source: GitHub Advisory Database
Blast Radius: 44.6
Published: 4 days ago
Moderate
GSA_kwCzR0hTQS1xaDZ4LWo4MmgtdnBmOc4AA7CK
gradio Server-Side Request Forgery vulnerability
Ecosystems: pypi
Packages: gradio
Source: GitHub Advisory Database
Blast Radius: 26.5
Published: 4 days ago
High
GSA_kwCzR0hTQS1mODJyLWpqNXItNmc5N84AA7CM
mlflow Path Traversal vulnerability
Ecosystems: pypi
Packages: mlflow
Source: GitHub Advisory Database
Blast Radius: 27.8
Published: 4 days ago
Moderate
GSA_kwCzR0hTQS01eDdtLTY3MzctMjZjcs4AA7Bg
SixLabors.ImageSharp vulnerable to data leakage
Ecosystems: nuget
Packages: SixLabors.ImageSharp
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 4 days ago
Moderate
GSA_kwCzR0hTQS1nODVyLTZ4MnEtNDV3N84AA7Bf
SixLabors.ImageSharp vulnerable to Memory Allocation with Excessive Size Value
Ecosystems: nuget
Packages: SixLabors.ImageSharp
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 4 days ago
High
GSA_kwCzR0hTQS0ybTU3LWhmMjUtcGhnZ84AA7Be
sqlparse parsing heavily nested list leads to Denial of Service
Ecosystems: pypi
Packages: sqlparse
Source: GitHub Advisory Database
Blast Radius: 39.8
Published: 4 days ago
Moderate
GSA_kwCzR0hTQS0yZ3Z3LXc2ZmotN20zY84AA7Bd
Argo CD's API server does not enforce project sourceNamespaces
Ecosystems: go
Packages: github.com/argoproj/argo-cd/v2
Source: GitHub Advisory Database
Blast Radius: 10.4
Published: 4 days ago
Moderate
GSA_kwCzR0hTQS05OHA0LXhqbW0tOG1maM4AA7Bc
gix-transport indirect code execution via malicious username
Ecosystems: cargo
Packages: gitoxide, gix, gix-transport
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 days ago
High
GSA_kwCzR0hTQS04NDZnLXA3aG0tZjU0cs4AA7Ba
AWS Amplify CLI has incorrect trust policy management
Ecosystems: npm
Packages: @aws-amplify/cli
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 days ago
Moderate
GSA_kwCzR0hTQS03ZjRqLTY0cDYtNWg1ds4AA7BQ
Traefik affected by HTTP/2 CONTINUATION flood in net/http
Ecosystems: go
Packages: github.com/traefik/traefik/v3, github.com/traefik/traefik/v2
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 days ago
High
GSA_kwCzR0hTQS1nOGZjLXZyY2ctOHZqZ84AA7BP
Constallation has pods exposed to peers in VPC
Ecosystems: go
Packages: github.com/edgelesssys/constellation/v2
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 days ago
Moderate
GSA_kwCzR0hTQS1nOXdnLTk4YzItcXYzds4AA6-z
TCPDF Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: tecnickcom/tcpdf
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 5 days ago
Moderate
GSA_kwCzR0hTQS12aDJtLTIyeHgtcTk0Zs4AA6-B
Sensitive query parameters logged by default in OpenTelemetry.Instrumentation http and AspNetCore
Ecosystems: nuget
Packages: OpenTelemetry.Instrumentation.AspNetCore, OpenTelemetry.Instrumentation.Http
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 days ago
High
GSA_kwCzR0hTQS1jaGNwLWc5ajUtM3h4eM4AA6-A
Dusk plugin may allow unfettered user authentication in misconfigured installs
Ecosystems: packagist
Packages: winter/wn-dusk-plugin
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 days ago
Moderate
GSA_kwCzR0hTQS1tZ3Y4LXc0OWYtODIyd84AA69_
Mautic: MST-48 Server-Side Request Forgery in Asset section
Ecosystems: packagist
Packages: mautic/core
Source: GitHub Advisory Database
Blast Radius: 3.1
Published: 7 days ago
High
GSA_kwCzR0hTQS1td2M3LTY0d2ctcGd2as4AA69-
NiceGUI allows potential access to local file system
Ecosystems: pypi
Packages: nicegui
Source: GitHub Advisory Database
Blast Radius: 11.3
Published: 7 days ago
High
GSA_kwCzR0hTQS1xangzLTJnMzUtNmh2OM4AA69Z
Mautic Sensitive Data Exposure due to inadequate user permission settings
Ecosystems: packagist
Packages: mautic/core
Source: GitHub Advisory Database
Blast Radius: 4.0
Published: 7 days ago
Moderate
GSA_kwCzR0hTQS1qajZ3LTJjcWctN3A5NM4AA69Y
Mautic SQL Injection in dynamic Reports
Ecosystems: packagist
Packages: mautic/core
Source: GitHub Advisory Database
Blast Radius: 3.1
Published: 7 days ago
High
GSA_kwCzR0hTQS05ZmN4LWN2NTYtdzU4cM4AA69X
Mautic vulnerable to Relative Path Traversal / Arbitrary File Deletion due to GrapesJS builder
Ecosystems: packagist
Packages: mautic/core
Source: GitHub Advisory Database
Blast Radius: 3.9
Published: 7 days ago
High
GSA_kwCzR0hTQS00dnd4LTU0bXctdnFmd84AA69W
Traefik vulnerable to denial of service with Content-length header
Ecosystems: go
Packages: github.com/traefik/traefik, github.com/traefik/traefik/v2, github.com/traefik/traefik/v3
Source: GitHub Advisory Database
Blast Radius: 12.9
Published: 7 days ago
Moderate
GSA_kwCzR0hTQS1nOXF4LTI1dmotcmY1M84AA69T
Apache Solr Operator liveness and readiness probes may leak basic auth credentials
Ecosystems: go
Packages: github.com/apache/solr-operator
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 8 days ago
Moderate
GSA_kwCzR0hTQS1jNXJ2LWhqamMtanY3bc4AA68X
tiagorlampert CHAOS vulnerable to Cross Site Scripting
Ecosystems: go
Packages: github.com/tiagorlampert/CHAOS
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 8 days ago
Moderate
GSA_kwCzR0hTQS1qeDd4LTlyOTgtaDV4cs4AA68u
OpenStack magnum vulnerable to time-of-check to time-of-use (TOCTOU) attack
Ecosystems: pypi
Packages: magnum
Source: GitHub Advisory Database
Blast Radius: 8.2
Published: 8 days ago
High
GSA_kwCzR0hTQS02MzYzLXY1bTQtZnZxM84AA68U
timber/timber vulnerable to Deserialization of Untrusted Data
Ecosystems: packagist
Packages: timber/timber
Source: GitHub Advisory Database
Blast Radius: 21.6
Published: 8 days ago
Moderate
GSA_kwCzR0hTQS1maGN4LWY3amctangzZs4AA68T
Mautic vulnerable to cross-site scripting in notifications via saving Dashboards
Ecosystems: packagist
Packages: mautic/core
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: 8 days ago
Moderate
GSA_kwCzR0hTQS03OXZ2LXZwMzItZ3BwN84AA68L
Apache Kafka: Potential incorrect access control during migration from ZK mode to KRaft mode
Ecosystems: maven
Packages: org.apache.kafka:kafka-metadata
Source: GitHub Advisory Database
Blast Radius: 11.2
Published: 8 days ago
High
GSA_kwCzR0hTQS1wM2o2LWY0NWgtaHc1Zs4AA68J
tiagorlampert CHAOS vulnerable to command injections
Ecosystems: go
Packages: github.com/tiagorlampert/CHAOS
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 8 days ago
Moderate
GSA_kwCzR0hTQS1wd3czLXgyZzcteDhxMs4AA672
Reportico affected by Incorrect Access Control
Ecosystems: packagist
Packages: reportico-web/reportico
Source: GitHub Advisory Database
Blast Radius: 3.9
Published: 8 days ago
High
GSA_kwCzR0hTQS0ycmM1LTI3NTUtdjQyMs4AA671
Mautic vulnerable to stored cross-site scripting in description field
Ecosystems: packagist
Packages: mautic/core
Source: GitHub Advisory Database
Blast Radius: 3.6
Published: 8 days ago
Moderate
GSA_kwCzR0hTQS1qamc3LTJ2NHYteDM4aM4AA670
Internationalized Domain Names in Applications (IDNA) vulnerable to denial of service from specially crafted inputs to idna.encode
Ecosystems: pypi
Packages: idna
Source: GitHub Advisory Database
Blast Radius: 34.8
Published: 8 days ago
Moderate
GSA_kwCzR0hTQS14NTY1LTMycXAtbTN2Zs4AA67m
phin may include sensitive headers in subsequent requests after redirect
Ecosystems: npm
Packages: phin
Source: GitHub Advisory Database
Blast Radius: 22.1
Published: 8 days ago
Moderate
GSA_kwCzR0hTQS13bTR3LTdoMnEtM3BmN84AA67l
Matrix IRC Bridge truncated content of messages can be leaked
Ecosystems: npm
Packages: matrix-appservice-irc
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 8 days ago
Moderate
GSA_kwCzR0hTQS05NXByLWZ4ZjUtODZnds4AA67e
Cosign malicious artifacts can cause machine-wide DoS
Ecosystems: go
Packages: github.com/sigstore/cosign/v2, github.com/sigstore/cosign
Source: GitHub Advisory Database
Blast Radius: 11.8
Published: 8 days ago
Moderate
GSA_kwCzR0hTQS04OGp4LTM4M3EtdzRxY84AA67d
Cosign malicious attachments can cause system-wide denial of service
Ecosystems: go
Packages: github.com/sigstore/cosign/v2, github.com/sigstore/cosign
Source: GitHub Advisory Database
Blast Radius: 11.8
Published: 8 days ago
Moderate
GSA_kwCzR0hTQS0zcnE1LTJnOGgtNTloY84AA67c
Potential DoS via the Tudoor mechanism in eventlet and dnspython
Ecosystems: pypi
Packages: dnspython, eventlet
Source: GitHub Advisory Database
Blast Radius: 27.5
Published: 9 days ago
Critical
GSA_kwCzR0hTQS1mcHc3LWoyaGctNjl2Nc4AA66u
mysql2 Remote Code Execution (RCE) via the readCodeFor function
Ecosystems: npm
Packages: mysql2
Source: GitHub Advisory Database
Blast Radius: 50.0
Published: 9 days ago
Moderate
GSA_kwCzR0hTQS00d2gzLTN3ZjItMzltOc4AA66A
Summernote vulnerable to cross-site scripting
Ecosystems: npm
Packages: summernote
Source: GitHub Advisory Database
Blast Radius: 25.2
Published: 9 days ago
Low
GSA_kwCzR0hTQS1qODVxLTQ2aGctMzZwMs4AA658
SpiceDB: LookupSubjects may return partial results if a specific kind of relation is used
Ecosystems: go
Packages: github.com/authzed/spicedb
Source: GitHub Advisory Database
Blast Radius: 2.7
Published: 9 days ago
Critical
GSA_kwCzR0hTQS0zZnA1LTJ4d2gtZnhtNs4AA657
Evmos transaction execution not accounting for all state transition after interaction with precompiles
Ecosystems: go
Packages: github.com/tharsis/evmos/v5, github.com/tharsis/evmos/v4, github.com/tharsis/evmos/v3, github.com/tharsis/evmos/v2, github.com/tharsis/evmos, github.com/evmos/evmos/v5, github.com/evmos/evmos/v6, github.com/evmos/evmos/v7, github.com/evmos/evmos/v16
Source: GitHub Advisory Database
Blast Radius: 5.5
Published: 9 days ago
Critical
GSA_kwCzR0hTQS13dnB4LWc0MjctcTl3Y84AA64y
llama-index-core Prompt Injection vulnerability leading to Arbitrary Code Execution
Ecosystems: pypi
Packages: llama-index-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 9 days ago
High
GSA_kwCzR0hTQS05OXcyLTY3aDgtNTk0OM4AA64t
Aim Cross-Site Request Forgery vulnerability allows user to delete runs and perform other operations
Ecosystems: pypi
Packages: aim
Source: GitHub Advisory Database
Blast Radius: 18.8
Published: 9 days ago
Critical
GSA_kwCzR0hTQS1teHZ3LWNqMzctOGcyaM4AA64v
Aim Web API vulnerable to Remote Code Execution
Ecosystems: pypi
Packages: aim
Source: GitHub Advisory Database
Blast Radius: 20.9
Published: 9 days ago
Low
GSA_kwCzR0hTQS0zN3E1LXY1cW0tYzl2OM4AA649
Transformers Deserialization of Untrusted Data vulnerability
Ecosystems: pypi
Packages: transformers
Source: GitHub Advisory Database
Blast Radius: 15.3
Published: 9 days ago
High
GSA_kwCzR0hTQS0zZjk1LW14cTItMmY2M84AA64H
Gradio Local File Inclusion vulnerability
Ecosystems: pypi
Packages: gradio
Source: GitHub Advisory Database
Blast Radius: 30.5
Published: 9 days ago
Critical
GSA_kwCzR0hTQS13eDQzLWc1NWctMmpmNM4AA64K
LocalAI Command Injection in audioToWav
Ecosystems: go
Packages: github.com/go-skynet/LocalAI
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 9 days ago
Critical
GSA_kwCzR0hTQS00NmNtLXBmd3YtY2dmOM4AA64p
LiteLLM has Server-Side Template Injection vulnerability in /completions endpoint
Ecosystems: pypi
Packages: litellm
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 9 days ago
Critical
GSA_kwCzR0hTQS1jMmdnLTRncTQtanY1as4AA630
XWiki Platform remote code execution from account through UIExtension parameters
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-uiextension-api
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 9 days ago
Critical
GSA_kwCzR0hTQS1oZjQzLTQ3cTQtZmhxNc4AA63z
XWiki Commons missing escaping of `{` in Velocity escapetool allows remote code execution
Ecosystems: maven
Packages: org.xwiki.commons:xwiki-commons-velocity
Source: GitHub Advisory Database
Blast Radius: 18.1
Published: 9 days ago
Moderate
GSA_kwCzR0hTQS1ocDhoLTd4NjktNHdtds4AA63y
zcap has incomplete expiration checks in capability chains.
Ecosystems: npm
Packages: @digitalbazaar/zcap
Source: GitHub Advisory Database
Blast Radius: 4.3
Published: 9 days ago
High
GSA_kwCzR0hTQS05d3dwLXE3d3EtangzNc4AA63x
@fastify/secure-session: Reuse of destroyed secure session cookie
Ecosystems: npm
Packages: @fastify/secure-session
Source: GitHub Advisory Database
Blast Radius: 13.7
Published: 9 days ago
Low
GSA_kwCzR0hTQS1qNXZtLTdxY2MtMnd3Z84AA63w
Kopia: Storage connection credentials written to console on "repository status" CLI command with JSON output
Ecosystems: go
Packages: github.com/kopia/kopia
Source: GitHub Advisory Database
Blast Radius: 3.2
Published: 9 days ago
Critical
GSA_kwCzR0hTQS1yNXZoLWdjM3ItcjI0d84AA63v
XWiki Platform CSRF remote code execution through the realtime HTML Converter API
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-realtime-ui
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 9 days ago
Critical
GSA_kwCzR0hTQS1jdjU1LXY2cnctN3I1ds4AA63u
XWiki Platform remote code execution from account via custom skins support
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-oldcore
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 9 days ago
Critical
GSA_kwCzR0hTQS0zN200LWhxeHYtdzI2Z84AA63t
XWiki Platform CSRF remote code execution through scheduler job's document reference
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-scheduler-ui
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 9 days ago
Moderate
GSA_kwCzR0hTQS1qMnI2LXI5MjktdjZnZs4AA63s
XWiki Platform CSRF in the job scheduler
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-scheduler-ui
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 9 days ago
Critical
GSA_kwCzR0hTQS14bTRoLTNqeHItbTNjNs4AA63r
XWiki Platform: Remote code execution through space title and Solr space facet
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-search-solr-ui
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 9 days ago
Critical
GSA_kwCzR0hTQS14eHAyLTljOWctN3dtas4AA63q
XWiki Platform: Remote code execution from edit in multilingual wikis via translations
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-localization-source-wiki
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 9 days ago
Statistics
Advisories: 17,470
Packages: 8,115
Repositories: 4,867
Ecosystems: 12
Filter by Severity
Moderate 7,470 High 6,100 Critical 2,660 Low 958
Filter by Ecosystem
maven 5,492 npm 3,496 pypi 3,463 packagist 3,213 go 1,828 nuget 1,388 rubygems 812 cargo 772 swift 31 hex 29 actions 16 pub 8
Filter by Package
tensorflow 432 tensorflow-cpu 387 tensorflow-gpu 384 moodle/moodle 249 Microsoft.ChakraCore 247 org.jenkins-ci.main:jenkins-core 189 magento/community-edition 181 org.apache.tomcat:tomcat 139 pimcore/pimcore 111 typo3/cms 94 microweber/microweber 91 django 79 apache-airflow 78 typo3/cms-core 70 thorsten/phpmyfaq 70 com.fasterxml.jackson.core:jackson-databind 69 github.com/usememos/memos 59 ansible 57 actionpack 57 dolibarr/dolibarr 56 org.apache.struts:struts2-core 55 phpmyadmin/phpmyadmin 53 concrete5/concrete5 52 librenms/librenms 49 apache-superset 48 shopware/platform 47 symfony/symfony 47 com.liferay.portal:release.portal.bom 45 baserproject/basercms 43 org.keycloak:keycloak-core 43 rdiffweb 42 nokogiri 42 Pillow 41 showdoc/showdoc 40 github.com/mattermost/mattermost/server/v8 38 plone 38 github.com/mattermost/mattermost-server/v6 37 craftcms/cms 36 com.jfinal:jfinal 36 com.thoughtworks.xstream:xstream 36 Plone 36 net.mingsoft:ms-mcms 35 shopware/core 35 matrix-synapse 34 github.com/answerdev/answer 34 org.xwiki.platform:xwiki-platform-oldcore 34 org.apache.tomcat.embed:tomcat-embed-core 32 vyper 32 org.elasticsearch:elasticsearch 32 snipe/snipe-it 32 intelliants/subrion 31 k8s.io/kubernetes 30 drupal/core 30 org.jenkins-ci.plugins:script-security 30 opencv-contrib-python 30 mlflow 30 opencv-python 30 github.com/argoproj/argo-cd 29 parse-server 29 github.com/hashicorp/vault 28 froxlor/froxlor 28 github.com/grafana/grafana 28 io.undertow:undertow-core 27 silverstripe/framework 27 centreon/centreon 27 electron 26 shopware/shopware 26 openssl-src 26 github.com/hashicorp/consul 26 org.keycloak:keycloak-parent 26 org.keycloak:keycloak-services 26 github.com/hashicorp/nomad 26 org.apache.solr:solr-core 25 rubygems-update 25 gogs.io/gogs 24 magento/core 24 mautic/core 24 getgrav/grav 24 prestashop/prestashop 23 org.springframework.security:spring-security-core 23 remdex/livehelperchat 23 org.eclipse.jetty:jetty-server 23 puppet 23 pocketmine/pocketmine-mp 23 nilsteampassnet/teampass 22 rack 22 grumpydictator/firefly-iii 22 ckb 22 getkirby/cms 22 github.com/argoproj/argo-cd/v2 22 org.apache.nifi:nifi 22 org.apache.openmeetings:openmeetings-parent 21 @openzeppelin/contracts-upgradeable 21 activerecord 21 Django 21 github.com/cilium/cilium 20 org.cloudfoundry.identity:cloudfoundry-identity-server 20 @openzeppelin/contracts 20 github.com/rancher/rancher 20 DotNetNuke.Core 19 org.springframework:spring-core 19 drupal/drupal 19 github.com/ethereum/go-ethereum 19 forkcms/forkcms 18 com.liferay.portal:release.dxp.bom 18 langchain 18 helm.sh/helm/v3 18 tribalsystems/zenario 18 org.bouncycastle:bcprov-jdk14 18 com.vaadin:vaadin-bom 18 github.com/docker/docker 17 Microsoft.AspNetCore.App.Runtime.win-x86 17 francoisjacquet/rosariosis 17 Microsoft.AspNetCore.App.Runtime.win-x64 17 cakephp/cakephp 17 cobbler 17 org.xwiki.platform:xwiki-platform-web-templates 17 org.apache.geode:geode-core 17 PaddlePaddle 17 cockpit-hq/cockpit 17 golang.org/x/net 17 yetiforce/yetiforce-crm 16 org.bouncycastle:bcprov-jdk15 16 org.apache.dubbo:dubbo 16 directus 16 org.apache.activemq:activemq-client 16 wasmtime 16 sequelize 16 rusqlite 16 Microsoft.AspNetCore.App.Runtime.win-arm 16 Microsoft.AspNetCore.App.Runtime.linux-x64 15 Microsoft.AspNetCore.App.Runtime.linux-musl-x64 15 Microsoft.AspNetCore.App.Runtime.osx-x64 15 Microsoft.AspNetCore.App.Runtime.linux-arm64 15 openmage/magento-lts 15 Microsoft.AspNetCore.App.Runtime.linux-arm 15 contao/core-bundle 15 notebook 15 github.com/goharbor/harbor 15 org.apache.jspwiki:jspwiki-main 15 paddlepaddle 15 org.apache.struts.xwork:xwork-core 15 cryptography 15 phpmailer/phpmailer 14 org.xwiki.platform:xwiki-platform-web 14 typo3/cms-backend 14 publify_core 14 tinymce 14 gradio 14 Microsoft.AspNetCore.App.Runtime.linux-musl-arm64 14 swagger-ui 14 pillow 14 activesupport 14 modoboa 14 Microsoft.AspNetCore.App.Runtime.win-arm64 14 github.com/traefik/traefik/v2 13 ckeditor4 13 strapi 13 org.apache.inlong:manager-pojo 13 october/system 13 impresscms/impresscms 13 pyload-ng 13 github.com/nats-io/nats-server/v2 13 nova 13 passenger 13 ezsystems/ezpublish-kernel 13 org.apache.cxf:cxf 13 ghost 13 symfony/security 13 code.gitea.io/gitea 13 pyftpdlib 13 next 13 github.com/containerd/containerd 13 org.apache.hadoop:hadoop-main 13 undici 12 org.apache.dolphinscheduler:dolphinscheduler 12 symfony/security-http 12 neutron 12 org.jenkins-ci.plugins.workflow:workflow-cps 12 github.com/opencontainers/runc 12 lavalite/cms 12 com.vaadin:flow-server 12 keystone 12 org.jenkins-ci.plugins:git 12 Microsoft.NETCore.App.Runtime.win-x86 12 Microsoft.NETCore.App.Runtime.win-x64 12 Microsoft.NETCore.App.Runtime.win-arm64 12 OctoPrint 12 vm2 12 vantage6 12 phpmyfaq/phpmyfaq 12 actionview 12 elefant/cms 12 smarty/smarty 12 studio-42/elfinder 12 feehi/cms 11 org.apache.tika:tika-core 11 org.jenkins-ci.plugins:email-ext 11 rails 11 org.mortbay.jetty:jetty 11
Filter by Repository
https://github.com/tensorflow/tensorflow 432 https://github.com/chakra-core/ChakraCore 214 https://github.com/moodle/moodle 210 https://github.com/xwiki/xwiki-platform 172 https://github.com/jenkinsci/jenkins 148 https://github.com/pimcore/pimcore 106 https://github.com/apache/tomcat 93 https://github.com/apache/airflow 89 https://github.com/microweber/microweber 85 https://github.com/django/django 72 https://github.com/FasterXML/jackson-databind 70 https://github.com/thorsten/phpmyfaq 69 https://github.com/usememos/memos 59 https://github.com/keycloak/keycloak 55 https://github.com/rails/rails 53 https://github.com/python-pillow/Pillow 50 https://github.com/ansible/ansible 47 https://github.com/apache/struts 46 https://github.com/shopware/platform 43 https://github.com/TYPO3/typo3 42 https://github.com/kubernetes/kubernetes 42 https://github.com/librenms/librenms 42 https://github.com/ikus060/rdiffweb 42 https://github.com/symfony/symfony 40 https://github.com/spring-projects/spring-framework 40 https://github.com/star7th/showdoc 38 https://github.com/x-stream/xstream 36 https://github.com/argoproj/argo-cd 36 https://github.com/answerdev/answer 34 https://github.com/plone/Products.CMFPlone 34 https://github.com/concretecms/concretecms 34 https://github.com/octobercms/october 33 https://github.com/apache/activemq 32 https://github.com/vyperlang/vyper 32 https://github.com/matrix-org/synapse 32 https://github.com/sparklemotion/nokogiri 31 https://github.com/PaddlePaddle/Paddle 31 https://github.com/magento/magento2 31 https://github.com/parse-community/parse-server 29 https://github.com/craftcms/cms 28 https://github.com/opencv/opencv 28 https://github.com/CVEProject/cvelist 28 https://github.com/snipe/snipe-it 28 https://github.com/froxlor/froxlor 26 https://github.com/Dolibarr/dolibarr 26 https://github.com/apache/inlong 25 https://github.com/mlflow/mlflow 25 https://github.com/electron/electron 25 https://github.com/phpmyadmin/phpmyadmin 24 https://github.com/TYPO3/TYPO3.CMS 24 https://github.com/shopware/shopware 24 https://github.com/mautic/mautic 24 https://github.com/getgrav/grav 23 https://github.com/dotnet/runtime 23 https://github.com/eclipse/jetty.project 23 https://github.com/go-gitea/gitea 23 https://github.com/github/advisory-database 23 https://github.com/pmmp/PocketMine-MP 23 https://github.com/livehelperchat/livehelperchat 23 https://github.com/baserproject/basercms 22 https://github.com/firefly-iii/firefly-iii 22 https://github.com/grafana/grafana 22 https://github.com/nervosnetwork/ckb 22 https://github.com/rancher/rancher 21 https://github.com/strapi/strapi 21 https://github.com/apache/nifi 21 https://github.com/netty/netty 20 https://github.com/cilium/cilium 20 https://github.com/PrestaShop/PrestaShop 20 https://github.com/jenkinsci/script-security-plugin 20 https://github.com/OpenZeppelin/openzeppelin-contracts 20 https://github.com/gogs/gogs 20 https://github.com/jeecgboot/jeecg-boot 20 https://github.com/OpenNMS/opennms 20 https://github.com/nilsteampassnet/teampass 19 https://github.com/apache/cxf 19 https://github.com/helm/helm 19 https://github.com/cloudfoundry/uaa 19 https://github.com/rubygems/rubygems 18 https://github.com/bcgit/bc-java 18 https://github.com/hashicorp/consul 18 https://github.com/getkirby/kirby 18 https://github.com/bytecodealliance/wasmtime 17 https://github.com/vaadin/platform 17 https://github.com/rack/rack 17 https://github.com/liufee/cms 17 https://github.com/sequelize/sequelize 16 https://github.com/opencast/opencast 16 https://github.com/rusqlite/rusqlite 16 https://github.com/forkcms/forkcms 16 https://github.com/etcd-io/etcd 16 https://github.com/contao/contao 16 https://github.com/yetiforcecompany/yetiforcecrm 16 https://github.com/umbraco/Umbraco-CMS 16 https://github.com/hashicorp/vault 16 https://github.com/ethereum/go-ethereum 15 https://github.com/puppetlabs/puppet 15 https://github.com/directus/directus 15 https://github.com/centreon/centreon 15 https://github.com/apache/camel 15 https://github.com/intelliants/subrion 15 https://github.com/OpenMage/magento-lts 15 https://github.com/goharbor/harbor 15 https://github.com/geoserver/geoserver 15 https://github.com/vantage6/vantage6 14 https://github.com/cobbler/cobbler 14 https://github.com/PHPMailer/PHPMailer 14 https://github.com/denoland/deno 14 https://github.com/langchain-ai/langchain 14 https://github.com/cockpit-hq/cockpit 14 https://github.com/pyca/cryptography 14 https://github.com/tinymce/tinymce 14 https://github.com/gradio-app/gradio 13 https://github.com/publify/publify 13 https://github.com/modoboa/modoboa 13 https://github.com/swagger-api/swagger-ui 13 https://github.com/hashicorp/nomad 13 https://github.com/containerd/containerd 13 https://github.com/moby/moby 13 https://github.com/ming-soft/MCMS 13 https://github.com/undertow-io/undertow 13 https://github.com/traefik/traefik 13 https://github.com/golang/go 13 https://github.com/pyload/pyload 13 https://github.com/xuxueli/xxl-job 13 https://github.com/apache/kylin 12 https://github.com/patriksimek/vm2 12 https://github.com/nodejs/undici 12 https://github.com/dromara/hutool 12 https://github.com/backstage/backstage 12 https://github.com/apache/dolphinscheduler 12 https://github.com/silverstripe/silverstripe-framework 12 https://github.com/centreon/centreon-archived 12 https://github.com/twisted/twisted 12 https://github.com/onionshare/onionshare 11 https://github.com/dompdf/dompdf 11 https://github.com/Studio-42/elFinder 11 https://github.com/quarkusio/quarkus 11 https://github.com/NodeBB/NodeBB 11 https://github.com/openfga/openfga 11 https://github.com/igniterealtime/Openfire 11 https://github.com/jquery/jquery 11 https://github.com/janeczku/calibre-web 11 https://github.com/opencontainers/runc 11 https://github.com/cakephp/cakephp 11 https://github.com/puma/puma 11 https://github.com/drupal/core 11 https://github.com/vaadin/flow 11 https://github.com/ckeditor/ckeditor4 11 https://github.com/thorsten/phpMyFAQ 11 https://github.com/TryGhost/Ghost 11 https://github.com/urllib3/urllib3 11 https://github.com/cloudflare/cfrpki 11 https://github.com/phusion/passenger 10 https://github.com/jenkinsci/git-plugin 10 https://github.com/keystonejs/keystone 10 https://github.com/dotnet/aspnetcore 10 https://github.com/jupyter/notebook 10 https://github.com/codeigniter4/CodeIgniter4 10 https://github.com/WWBN/AVideo 10 https://github.com/containers/podman 10 https://github.com/pimcore/admin-ui-classic-bundle 10 https://github.com/cosmos/cosmos-sdk 10 https://github.com/1Panel-dev/1Panel 10 https://github.com/ezsystems/ezpublish-kernel 10 https://github.com/zopefoundation/Zope 10 https://github.com/greenpau/caddy-security 10 https://github.com/openstack/keystone 10 https://github.com/aio-libs/aiohttp 10 https://github.com/smarty-php/smarty 10 https://github.com/dolibarr/dolibarr 10 https://github.com/nextauthjs/next-auth 10 https://github.com/nats-io/nats-server 10 https://github.com/OPCFoundation/UA-.NETStandard 10 https://github.com/dpgaspar/Flask-AppBuilder 10 https://github.com/Pylons/waitress 9 https://github.com/funadmin/funadmin 9 https://github.com/cui2shark/cms 9 https://github.com/rails/rails-html-sanitizer 9 https://github.com/apache/lucene-solr 9 https://github.com/apache/superset 9 https://github.com/DSpace/DSpace 9 https://github.com/evershopcommerce/evershop 9 https://github.com/spring-projects/spring-security 9 https://github.com/neorazorx/facturascripts 9 https://github.com/alextselegidis/easyappointments 9 https://github.com/kevinpapst/kimai2 9 https://github.com/fatfreecrm/fat_free_crm 9 https://github.com/vercel/next.js 9 https://github.com/ethyca/fides 9 https://github.com/Graylog2/graylog2-server 9 https://github.com/zitadel/zitadel 9 https://github.com/wagtail/wagtail 9 https://github.com/LavaLite/cms 9 https://github.com/wallabag/wallabag 8 https://github.com/simplesamlphp/simplesamlphp 8 https://github.com/hazelcast/hazelcast 8 https://github.com/scrapy/scrapy 8 https://github.com/xwiki/xwiki-commons 8