Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Advisories

Loading...
Moderate
GSA_kwCzR0hTQS1mdzNnLTJoM2otcW1tN84AAxPa
Improper neutralization of `noscript` element content may allow XSS in Sanitize
Ecosystems: rubygems
Packages: sanitize
Source: GitHub Advisory Database
Published: 1 day ago
Moderate
GSA_kwCzR0hTQS0zZzV3LTZwdzctNmhycM4AAxOj
Path Traversal In Eclipse GlassFish
Ecosystems: maven
Packages: org.glassfish.main.web:web
Source: GitHub Advisory Database
Published: 2 days ago
Low
GSA_kwCzR0hTQS1qZ2g4LXZjaHctcTNnN84AAxOa
Permissive regex leads to domain filter bypass
Ecosystems: pypi
Packages: safeurl-python
Source: GitHub Advisory Database
Published: 2 days ago
High
GSA_kwCzR0hTQS1oNjMyLXA3NjQtcGpxbc4AAxOZ
DataFlow upload remote code execution vulnerability
Ecosystems: packagist
Packages: openmage/magento-lts
Source: GitHub Advisory Database
Published: 2 days ago
High
GSA_kwCzR0hTQS01ajJnLTNwaDQtcmd2bc4AAxOY
Fix for authenticated remote code execution through layout update
Ecosystems: packagist
Packages: openmage/magento-lts
Source: GitHub Advisory Database
Published: 2 days ago
Moderate
GSA_kwCzR0hTQS14NDc3LWZxMzctcTV3cs4AAxOX
Initial debug-host handler implementation could leak information and facilitate denial of service
Ecosystems: go
Packages: fortio.org/proxy
Source: GitHub Advisory Database
Published: 2 days ago
Moderate
GSA_kwCzR0hTQS0zcDczLW1tN3YtNGY2bc4AAxOW
DoS vulnerability in MaliciousCode filter
Ecosystems: packagist
Packages: openmage/magento-lts
Source: GitHub Advisory Database
Published: 2 days ago
High
GSA_kwCzR0hTQS01dnB2LXhtY2otOXE4Nc4AAxOV
Fix for arbitrary file deletion in customer media allows for remote code execution
Ecosystems: packagist
Packages: openmage/magento-lts
Source: GitHub Advisory Database
Published: 2 days ago
High
GSA_kwCzR0hTQS1jOXEzLXI0cnYtbWptN84AAxOU
Fix for arbitrary command execution in custom layout update through blocks
Ecosystems: packagist
Packages: openmage/magento-lts
Source: GitHub Advisory Database
Published: 2 days ago
High
GSA_kwCzR0hTQS1qbTNtLXdyM3AtaGpycc4AAxNK
Cross-site Scripting in modoboa
Ecosystems: pypi
Packages: modoboa
Source: GitHub Advisory Database
Published: 2 days ago
High
GSA_kwCzR0hTQS04djUzLTIzbXgtaGNmOc4AAxNf
Improper Certificate Validation in pyload-ng
Ecosystems: pypi
Packages: pyload-ng
Source: GitHub Advisory Database
Published: 2 days ago
High
GSA_kwCzR0hTQS1jNDY3LTVjMmctanA4Ns4AAxNO
Cross-site Scripting in modoboa
Ecosystems: pypi
Packages: modoboa
Source: GitHub Advisory Database
Published: 2 days ago
Moderate
GSA_kwCzR0hTQS13Y202LXd2OTUtN2p3Ns4AAxNP
Cross-site Scripting in pyload-ng
Ecosystems: pypi
Packages: pyload-ng
Source: GitHub Advisory Database
Published: 2 days ago
High
GSA_kwCzR0hTQS02MzI1LTZnMzItN3AzNc4AAxNI
flash_tool Gem for Ruby File Download Handling Arbitrary Command Execution
Ecosystems: rubygems
Packages: flash_tool
Source: GitHub Advisory Database
Published: 2 days ago
Moderate
GSA_kwCzR0hTQS03NDZnLTNnZnAtaGZod84AAxNH
Devise Gem for Ruby Unauthorized Access Using Remember Me Cookie
Ecosystems: rubygems
Packages: devise
Source: GitHub Advisory Database
Published: 2 days ago
Moderate
GSA_kwCzR0hTQS04OHA4LTR2djUtODJqN84AAxNG
xaviershay-dm-rails Gem for Ruby exposes sensitive information via the process table
Ecosystems: rubygems
Packages: xaviershay-dm-rails
Source: GitHub Advisory Database
Published: 2 days ago
Moderate
GSA_kwCzR0hTQS00anF3LXZmbWotOXJtaM4AAxMd
Cross-site Scripting in yapi-vendor
Ecosystems: npm
Packages: yapi-vendor
Source: GitHub Advisory Database
Published: 2 days ago
Moderate
GSA_kwCzR0hTQS02OWYyLTQzNzUtcXY5aM4AAxMO
Command injection in smartctl
Ecosystems: npm
Packages: smartctl
Source: GitHub Advisory Database
Published: 2 days ago
High
GSA_kwCzR0hTQS1mZnhqLTU0N3gtNWo3Y84AAxM0
Directory Traversal in onnx
Ecosystems: pypi
Packages: onnx
Source: GitHub Advisory Database
Published: 2 days ago
Moderate
GSA_kwCzR0hTQS1nNXFyLXhnZzctOHEyd84AAxND
Command Injection in puppet-facter
Ecosystems: npm
Packages: puppet-facter
Source: GitHub Advisory Database
Published: 2 days ago
High
GSA_kwCzR0hTQS05dzVqLTRtd3YtMndqOM4AAxNC
Remote code execution in simple-git
Ecosystems: npm
Packages: simple-git
Source: GitHub Advisory Database
Published: 2 days ago
High
GSA_kwCzR0hTQS1qOHdyLWZ3ZjItdnZyOc4AAxM9
Command Injection in create-choo-electron
Ecosystems: npm
Packages: create-choo-electron
Source: GitHub Advisory Database
Published: 2 days ago
High
GSA_kwCzR0hTQS01NGp3LWpxcjktNmNqOc4AAxM2
Command injection in vagrant.js
Ecosystems: npm
Packages: vagrant.js
Source: GitHub Advisory Database
Published: 2 days ago
Critical
GSA_kwCzR0hTQS04bTlmLWM1cDktd3FjaM4AAxM-
Remote Code Execution in com.bstek.uflo:uflo-core
Ecosystems: maven
Packages: com.bstek.uflo:uflo-core
Source: GitHub Advisory Database
Published: 2 days ago
High
GSA_kwCzR0hTQS02NXY2LTNjOW0taG1ycM4AAxK2
Arbitrary file write in net.mingsoft:ms-mcms
Ecosystems: maven
Packages: net.mingsoft:ms-mcms
Source: GitHub Advisory Database
Published: 2 days ago
High
GSA_kwCzR0hTQS03NnFqLTlnd2gtcHZ2M84AAxJ8
Sandbox bypass in Jenkins Script Security Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:script-security
Source: GitHub Advisory Database
Published: 2 days ago
High
GSA_kwCzR0hTQS05OTYzLWdtaDgtdnZtNs4AAxJN
Session fixation vulnerability in Jenkins Keycloak Authentication Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:keycloak
Source: GitHub Advisory Database
Published: 2 days ago
High
GSA_kwCzR0hTQS14OXE0LXF3ZmgtOWdqcc4AAxJ-
Session fixation vulnerability in Jenkins Bitbucket OAuth Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:bitbucket-oauth
Source: GitHub Advisory Database
Published: 2 days ago
Moderate
GSA_kwCzR0hTQS1wY2MyLXc2bTgteDV3NM4AAxJ6
Agent-to-controller security bypass in Jenkins Semantic Versioning Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:semantic-versioning-plugin
Source: GitHub Advisory Database
Published: 2 days ago
Moderate
GSA_kwCzR0hTQS01eHBjLWM0eHYtN3c2Ms4AAxJS
Path traversal vulnerability in Jenkins PWauth Security Realm Plugin
Ecosystems: maven
Packages: org.jvnet.hudson.plugins:pwauth
Source: GitHub Advisory Database
Published: 2 days ago
Low
GSA_kwCzR0hTQS1nMjl2LTVwd2gtd3h4NM4AAxKJ
Plaintext Storage of a Password in Jenkins JIRA Pipeline Steps Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:jira-steps
Source: GitHub Advisory Database
Published: 2 days ago
Moderate
GSA_kwCzR0hTQS02aHc3LXg4NnYtd3JnZs4AAxJp
Passwords stored in plain text by Jenkins view-cloner Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:view-cloner
Source: GitHub Advisory Database
Published: 2 days ago
Moderate
GSA_kwCzR0hTQS1yM2dtLWp3ZjQteGd2Ms4AAxJ7
Cross-site request forgery vulnerability in Jenkins JIRA Pipeline Steps Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:jira-steps
Source: GitHub Advisory Database
Published: 2 days ago
High
GSA_kwCzR0hTQS12eG1oLXA1MmotaDMzbc4AAxJ5
Session fixation vulnerability in Jenkins OpenId Connect Authentication Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:oic-auth
Source: GitHub Advisory Database
Published: 2 days ago
Moderate
GSA_kwCzR0hTQS14cjhoLXdqNHYtcng3Zs4AAxJR
Missing permission check in Jenkins TestQuality Updater Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:testquality-updater
Source: GitHub Advisory Database
Published: 2 days ago
Moderate
GSA_kwCzR0hTQS02ODVqLTM2cXgtM3ZwMs4AAxJ2
Cross-site request forgery vulnerability in Jenkins Bitbucket OAuth Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:bitbucket-oauth
Source: GitHub Advisory Database
Published: 2 days ago
High
GSA_kwCzR0hTQS1nNW1qLWMyNmctdm1wbc4AAxJx
XML Entity Expansion in Jenkins TestComplete support Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:TestComplete
Source: GitHub Advisory Database
Published: 2 days ago
High
GSA_kwCzR0hTQS0zZzJnLXJjbTYtcnJxMs4AAxJv
Cleartext Transmission of Sensitive Information in Jenkins JIRA Pipeline Steps Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:jira-steps
Source: GitHub Advisory Database
Published: 2 days ago
Moderate
GSA_kwCzR0hTQS04bW1oLWg0amgtMmczNM4AAxJP
Path Traversal in Jenkins visualexpert Plugin
Ecosystems: maven
Packages: io.jenkins.plugins:visualexpert
Source: GitHub Advisory Database
Published: 2 days ago
Moderate
GSA_kwCzR0hTQS0yanB4LWg4ajItZzhtNM4AAxJW
Exposure of system-scoped Kubernetes credentials in Jenkins Kubernetes Credentials Provider Plugin
Ecosystems: maven
Packages: com.cloudbees.jenkins.plugins:kubernetes-credentials-provider
Source: GitHub Advisory Database
Published: 2 days ago
Moderate
GSA_kwCzR0hTQS0zcHByLTcyeDUteDY3cc4AAxKF
XML external entity vulnerability on agents in Jenkins MSTest Plugin
Ecosystems: maven
Packages: org.jvnet.hudson.plugins:mstest
Source: GitHub Advisory Database
Published: 2 days ago
Moderate
GSA_kwCzR0hTQS05andoLXF2ZzctZ3I1Oc4AAxJ0
CSRF vulnerability in Jenkins Orka Plugin allow capturing credentials
Ecosystems: maven
Packages: io.jenkins.plugins:macstadium-orka
Source: GitHub Advisory Database
Published: 2 days ago
Moderate
GSA_kwCzR0hTQS1jY2Y0LTloamMteHhjNM4AAxJz
Missing permission check in Jenkins GitHub Pull Request Builder Plugin allows enumerating credentials IDs
Ecosystems: maven
Packages: org.jenkins-ci.plugins:ghprb
Source: GitHub Advisory Database
Published: 2 days ago
Moderate
GSA_kwCzR0hTQS1tajYyLW02M3gtbWg4NM4AAxJy
Open redirect vulnerability in Jenkins OpenID Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:openid
Source: GitHub Advisory Database
Published: 2 days ago
Moderate
GSA_kwCzR0hTQS13ajc5LTlmeGotajg2cM4AAxJu
Cross-site request forgery vulnerability in Jenkins RabbitMQ Consumer Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:rabbitmq-consumer
Source: GitHub Advisory Database
Published: 2 days ago
Low
GSA_kwCzR0hTQS00eDY1LTRmangtcjdtNs4AAxJ4
Plaintext storage of Access Token in Jenkins GitHub Pull Request Coverage Status Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:github-pr-coverage-status
Source: GitHub Advisory Database
Published: 2 days ago
High
GSA_kwCzR0hTQS1mOTc2LTI0aGMtbWp2cs4AAxJw
Session fixation vulnerability in Jenkins OpenID Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:openid
Source: GitHub Advisory Database
Published: 2 days ago
Moderate
GSA_kwCzR0hTQS1weDJmLWNxcmYtZjJxZ84AAxJO
CSRF vulnerability in Jenkins TestQuality Updater Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:testquality-updater
Source: GitHub Advisory Database
Published: 2 days ago
Moderate
GSA_kwCzR0hTQS1nbWhmLTM3ZngtYzRxOM4AAxJT
Missing permission checks in Jenkins Orka Plugin allow capturing credentials
Ecosystems: maven
Packages: io.jenkins.plugins:macstadium-orka
Source: GitHub Advisory Database
Published: 2 days ago
Low
GSA_kwCzR0hTQS05OHFjLXY4dmctbWN4NM4AAxJQ
Plaintext Storage of a Password in Jenkins TestQuality Updater Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:testquality-updater
Source: GitHub Advisory Database
Published: 2 days ago
Moderate
GSA_kwCzR0hTQS13NHY1LTU0cDgtbTRqNc4AAxJ3
Missing permission checks in Jenkins GitHub Pull Request Builder Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:ghprb
Source: GitHub Advisory Database
Published: 2 days ago
Moderate
GSA_kwCzR0hTQS1tNnE4LW13ZjYtNm1tY84AAxJU
CSRF vulnerability in Jenkins GitHub Pull Request Builder Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:ghprb
Source: GitHub Advisory Database
Published: 2 days ago
Moderate
GSA_kwCzR0hTQS04N3JoLXdjODUteHF2Y84AAxJ9
Missing permission checks in Jenkins Orka Plugin allow enumerating credentials IDs
Ecosystems: maven
Packages: io.jenkins.plugins:macstadium-orka
Source: GitHub Advisory Database
Published: 2 days ago
Moderate
GSA_kwCzR0hTQS05Nmp2LWM3bTYtcTQzZ84AAxJs
Cross-site request forgery vulnerability in Jenkins OpenID Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:openid
Source: GitHub Advisory Database
Published: 2 days ago
Moderate
GSA_kwCzR0hTQS1xZ2pxLWhyaGctZjI0aM4AAxJr
Missing permission check in Jenkins RabbitMQ Consumer Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:rabbitmq-consumer
Source: GitHub Advisory Database
Published: 2 days ago
Moderate
GSA_kwCzR0hTQS05NWpxLTI0Y3ItcGdycc4AAxJV
Cross-site request forgery in Jenkins Gerrit Trigger Plugin
Ecosystems: maven
Packages: com.sonyericsson.hudson.plugins.gerrit:gerrit-trigger
Source: GitHub Advisory Database
Published: 2 days ago
High
GSA_kwCzR0hTQS1oOHA4LTYzNzgtNjQ5cM4AAxJ1
XML external entity reference vulnerability on agents in Jenkins Semantic Versioning Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:semantic-versioning-plugin
Source: GitHub Advisory Database
Published: 2 days ago
Moderate
GSA_kwCzR0hTQS02N3c0LXc4NzctanYyOc4AAxJq
Missing permission check in Jenkins BearyChat Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:bearychat
Source: GitHub Advisory Database
Published: 2 days ago
Moderate
GSA_kwCzR0hTQS01eGhoLTZ4ZnYtN3E0Ms4AAxJi
Cross-site request forgery vulnerability in Jenkins BearyChat Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:bearychat
Source: GitHub Advisory Database
Published: 2 days ago
Moderate
GSA_kwCzR0hTQS05d3JyLTRyOXYtMjZ4Y84AAxJe
CSRF vulnerability in Jenkins Keycloak Authentication Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:keycloak
Source: GitHub Advisory Database
Published: 2 days ago
High
GSA_kwCzR0hTQS1nM2o1LW1wcDItMmZxbc4AAxJJ
symfont/process typosquatting malware spoofs symfony/process
Ecosystems: packagist
Packages: symfont/process
Source: GitHub Advisory Database
Published: 3 days ago
Moderate
GSA_kwCzR0hTQS0zdzl3LTk4MzMtZ2Nwds4AAxJI
Security bug in ConvertToSinglePlane when used with untrusted content from the DDS loader
Ecosystems: nuget
Packages: directxtex_desktop_2017, directxtex_uwp, directxtex_desktop_win10, directxtex_desktop_2019
Source: GitHub Advisory Database
Published: 3 days ago
Moderate
GSA_kwCzR0hTQS1yM2M5LTlqNXEtcHd2NM4AAxJH
magento-lts Reset Password not protected against well-timed CSRF
Ecosystems: packagist
Packages: openmage/magento-lts
Source: GitHub Advisory Database
Published: 3 days ago
Critical
GSA_kwCzR0hTQS1xOWhyLWo0cmYtOGZqY84AAxJD
JWT audience claim is not verified
Ecosystems: go
Packages: github.com/argoproj/argo-cd
Source: GitHub Advisory Database
Published: 3 days ago
High
GSA_kwCzR0hTQS1xcmc3LWhmeDctOTVjNc4AAxJC
Command injection in Git package in Wrangler
Ecosystems: go
Packages: github.com/rancher/wrangler, rancher/github.com/rancher/wrangler
Source: GitHub Advisory Database
Published: 4 days ago
Moderate
GSA_kwCzR0hTQS04ZmNqLWdmNzctNDdtZ84AAxJB
Denial of service (DoS) when processing Git credentials
Ecosystems: go
Packages: github.com/rancher/wrangler
Source: GitHub Advisory Database
Published: 4 days ago
High
GSA_kwCzR0hTQS02cDRtLWh3MmgtNmdtd84AAxJA
Controller reconciles apps outside configured namespaces when sharding is enabled
Ecosystems: go
Packages: github.com/argoproj/argo-cd
Source: GitHub Advisory Database
Published: 4 days ago
High
GSA_kwCzR0hTQS1jNDVjLTM5ZjYtNmd3Oc4AAxI_
Rancher generated tokens not revoked after modifications made to authentication provider
Ecosystems: go
Packages: github.com/rancher/rancher
Source: GitHub Advisory Database
Published: 4 days ago
Critical
GSA_kwCzR0hTQS1jcTRwLXZwNXEtNDUyMs4AAxI-
Plaintext storage of sensitive data in Rancher API and cluster.management.cattle.io objects
Ecosystems: go
Packages: github.com/rancher/rancher
Source: GitHub Advisory Database
Published: 4 days ago
High
GSA_kwCzR0hTQS0zNHA1LWpwNzctZmNyY84AAxI9
Command injection in Rancher Git package
Ecosystems: go
Packages: github.com/rancher/rancher
Source: GitHub Advisory Database
Published: 4 days ago
High
GSA_kwCzR0hTQS1nMjVyLWd2cTMtd3JxN84AAxI8
Authenticated user can gain unauthorized shell pod and kubectl access in the local cluster
Ecosystems: go
Packages: github.com/rancher/rancher
Source: GitHub Advisory Database
Published: 4 days ago
High
GSA_kwCzR0hTQS03bTcyLW1oNXItNmozcs4AAxI7
Privilege escalation in project role template binding (PRTB) and -promoted roles
Ecosystems: go
Packages: github.com/rancher/rancher
Source: GitHub Advisory Database
Published: 4 days ago
High
GSA_kwCzR0hTQS04YzY5LXIzOGotcnBmas4AAxI6
Rancher cattle-token is predictable
Ecosystems: go
Packages: github.com/rancher/rancher
Source: GitHub Advisory Database
Published: 4 days ago
Moderate
GSA_kwCzR0hTQS12M2NnLTdyOWgtcjJnNs4AAxIz
Field-level security issue with .keyword fields in OpenSearch
Ecosystems: maven
Packages: org.opensearch:opensearch
Source: GitHub Advisory Database
Published: 5 days ago
Moderate
GSA_kwCzR0hTQS04NjR2LTZxajctNjJxas4AAxIy
Issue with whitespace in JWT roles in OpenSearch
Ecosystems: maven
Packages: org.opensearch:opensearch
Source: GitHub Advisory Database
Published: 5 days ago
Moderate
GSA_kwCzR0hTQS02MzZmLXhtNWotcGo5bc4AAxIx
Several quadratic complexity bugs may lead to denial of service in Commonmarker
Ecosystems: rubygems
Packages: commonmarker
Source: GitHub Advisory Database
Published: 5 days ago
High
GSA_kwCzR0hTQS1maGc3LW04OXEtMjVyM84AAxIw
ReDoS Vulnerability in ua-parser-js version
Ecosystems: npm
Packages: ua-parser-js
Source: GitHub Advisory Database
Published: 5 days ago
Critical
GSA_kwCzR0hTQS1qcWg2LTk1NzQtNXgyMs4AAxIl
MITM based Zip Slip in `ca.uhn.hapi.fhir:org.hl7.fhir.core`
Ecosystems: maven
Packages: ca.uhn.hapi.fhir:org.hl7.fhir.core
Source: GitHub Advisory Database
Published: 5 days ago
Moderate
GSA_kwCzR0hTQS1xNzY0LWc2Zm0tNTU1ds4AAxIk
Path traversal in spotipy
Ecosystems: pypi
Packages: spotipy
Source: GitHub Advisory Database
Published: 5 days ago
Critical
GSA_kwCzR0hTQS14cjh4LXB4bTYtcHJqZ84AAxIj
MITM based Zip Slip in `org.hl7.fhir.publisher:org.hl7.fhir.publisher`
Ecosystems: maven
Packages: org.hl7.fhir.publisher:org.hl7.fhir.publisher
Source: GitHub Advisory Database
Published: 5 days ago
Moderate
GSA_kwCzR0hTQS05YzY0LXgzY3gtdmdtbc4AAxIH
Cross-Site Request Forgery in modoboa
Ecosystems: pypi
Packages: modoboa
Source: GitHub Advisory Database
Published: 6 days ago
Moderate
GSA_kwCzR0hTQS0yeDQ4LXA2Y3EtNXhjd84AAxHY
Path Traversal in github.com/go-sonic/sonic
Ecosystems: go
Packages: github.com/go-sonic/sonic
Source: GitHub Advisory Database
Published: 6 days ago
Moderate
GSA_kwCzR0hTQS02am14LXB2Nzctd201d84AAxHU
Excessive Attack Surface in pyload-ng
Ecosystems: pypi
Packages: pyload-ng
Source: GitHub Advisory Database
Published: 6 days ago
Moderate
GSA_kwCzR0hTQS14OXZjLTVxNzctbTd4NM4AAxHP
Improper Input Validation in pyload-ng
Ecosystems: pypi
Packages: pyload-ng
Source: GitHub Advisory Database
Published: 7 days ago
Moderate
GSA_kwCzR0hTQS1tNGNoLXJmdjUteDVnM84AAxHC
git2-rs fails to verify SSH keys by default
Ecosystems: cargo
Packages: git2, libgit2-sys
Source: GitHub Advisory Database
Published: 8 days ago
Moderate
GSA_kwCzR0hTQS14d2hqLXBxY2ctOHJjcs4AAxHB
CakePHP vulnerable to Cross-site Scripting in some development error pages
Ecosystems: packagist
Packages: cakephp/cakephp
Source: GitHub Advisory Database
Published: 8 days ago
Moderate
GSA_kwCzR0hTQS1wNzZmLXdyMjItNHJ2Ns4AAxHA
CakePHP vulnerable to Remote File Inclusion through View template name manipulation
Ecosystems: packagist
Packages: cakephp/cakephp
Source: GitHub Advisory Database
Published: 8 days ago
Moderate
GSA_kwCzR0hTQS02aGc0LXZwNXEtNDdtd84AAxG_
CakePHP allows direct access of prefixed controller actions
Ecosystems: packagist
Packages: cakephp/cakephp
Source: GitHub Advisory Database
Published: 8 days ago
High
GSA_kwCzR0hTQS1xNzltLWM1NDYtMmc2M84AAxG-
CakePHP vulnerable to Denial of Service attack through XML payloads
Ecosystems: packagist
Packages: cakephp/cakephp
Source: GitHub Advisory Database
Published: 8 days ago
Moderate
GSA_kwCzR0hTQS1qOXEyLWY5cTctamhncc4AAxG9
CakePHP SecurityComponent cross form submission issue
Ecosystems: packagist
Packages: cakephp/cakephp
Source: GitHub Advisory Database
Published: 8 days ago
Moderate
GSA_kwCzR0hTQS00Nmg3LXZqN3gtZnhnMs4AAxG8
Shopware has Improper Input Validation issue in newsletter subscription
Ecosystems: packagist
Packages: shopware/core, shopware/platform
Source: GitHub Advisory Database
Published: 8 days ago
Low
GSA_kwCzR0hTQS01OXFnLTkzamctMjM2Zs4AAxG7
Shopware has Insufficient Session Expiration in Administration
Ecosystems: packagist
Packages: shopware/core, shopware/platform
Source: GitHub Advisory Database
Published: 8 days ago
Moderate
GSA_kwCzR0hTQS04MjlxLXY1ZzgtaGh4Y84AAxG6
CakePHP has incorrect Cross-Site Request Forgery validation
Ecosystems: packagist
Packages: cakephp/cakephp
Source: GitHub Advisory Database
Published: 8 days ago
Moderate
GSA_kwCzR0hTQS1nNnB3LTk5OXctajc1bc4AAxG5
ELF header parsing library doesn't check for valid offset
Ecosystems: cargo
Packages: elf_rs
Source: GitHub Advisory Database
Published: 8 days ago
Moderate
GSA_kwCzR0hTQS03cDhtLTIyaDQtOXBqN84AAxG4
scs-library-client may leak user credentials to third-party service via HTTP redirect
Ecosystems: go
Packages: github.com/sylabs/scs-library-client
Source: GitHub Advisory Database
Published: 8 days ago
Moderate
GSA_kwCzR0hTQS1mODV3LXd2YzctY3J3Y84AAxG3
bumpalo has use-after-free due to a lifetime error in `Vec::into_iter()`
Ecosystems: cargo
Packages: bumpalo
Source: GitHub Advisory Database
Published: 8 days ago
Critical
GSA_kwCzR0hTQS14NzN3LWc4aHgtdjdycM4AAxGk
Code injection in electerm
Ecosystems: npm
Packages: electerm
Source: GitHub Advisory Database
Published: 8 days ago
High
GSA_kwCzR0hTQS1xOTVoLWNxcnYtOGp2Nc4AAxGB
ExifTool vulnerable to arbitrary code execution
Ecosystems: rubygems
Packages: exiftool_vendored
Source: GitHub Advisory Database
Published: 9 days ago
Moderate
GSA_kwCzR0hTQS1oajRnLTR3MzYteDhocM4AAxF7
Kraken has arbitrary file read vulnerability via component testfs
Ecosystems: go
Packages: github.com/uber/kraken
Source: GitHub Advisory Database
Published: 9 days ago
Low
GSA_kwCzR0hTQS03Y3A3LWpmcDYtamg0Zs4AAxFz
Shopware's log module vulnerable to Improper Output Neutralization
Ecosystems: packagist
Packages: shopware/core, shopware/platform
Source: GitHub Advisory Database
Published: 9 days ago
Filter by Severity
Moderate 4,436 High 4,135 Critical 1,883 Low 622
Filter by Ecosystem
maven 3,447 npm 2,945 pypi 2,359 packagist 1,374 go 940 nuget 899 rubygems 638 cargo 573 hex 21 actions 6 pub 4
Filter by Package
tensorflow 403 tensorflow-cpu 366 tensorflow-gpu 366 org.jenkins-ci.main:jenkins-core 144 org.apache.tomcat:tomcat 73 com.fasterxml.jackson.core:jackson-databind 68 Microsoft.ChakraCore 67 microweber/microweber 67 github.com/usememos/memos 54 actionpack 51 org.apache.struts:struts2-core 43 pimcore/pimcore 43 apache-airflow 42 ansible 42 django 41 rdiffweb 40 shopware/platform 40 Pillow 39 typo3/cms-core 38 org.keycloak:keycloak-core 38 com.thoughtworks.xstream:xstream 37 showdoc/showdoc 36 shopware/core 31 librenms/librenms 30 opencv-contrib-python 30 opencv-python 30 snipe/snipe-it 28 org.apache.nifi:nifi 27 io.undertow:undertow-core 25 org.springframework:spring-core 25 moodle/moodle 25 nokogiri 24 net.mingsoft:ms-mcms 23 org.elasticsearch:elasticsearch 23 parse-server 22 activerecord 22 remdex/livehelperchat 22 org.apache.tomcat.embed:tomcat-embed-core 22 org.jenkins-ci.plugins:script-security 21 org.apache.solr:solr-core 21 dolibarr/dolibarr 21 gogs.io/gogs 21 matrix-synapse 20 org.springframework.security:spring-security-core 20 rails 20 apache-superset 20 Plone 20 electron 19 org.eclipse.jetty:jetty-server 19 com.vaadin:vaadin-bom 19 typo3/cms 18 mautic/core 18 org.keycloak:keycloak-parent 17 concrete5/concrete5 17 org.apache.openmeetings:openmeetings-parent 17 cakephp/cakephp 17 openssl-src 17 shopware/shopware 17 org.apache.activemq:activemq-client 17 org.bouncycastle:bcprov-jdk14 17 marked 16 silverstripe/framework 16 thorsten/phpmyfaq 16 yetiforce/yetiforce-crm 16 rack 16 github.com/argoproj/argo-cd 16 org.bouncycastle:bcprov-jdk15 16 rusqlite 16 baserproject/basercms 15 org.apache.geode:geode-core 15 pocketmine/pocketmine-mp 15 craftcms/cms 14 github.com/hashicorp/nomad 14 org.apache.jspwiki:jspwiki-main 14 org.xwiki.platform:xwiki-platform-oldcore 14 swagger-ui 14 github.com/ethereum/go-ethereum 14 org.apache.cxf:cxf 14 strapi 14 tribalsystems/zenario 13 notebook 13 Microsoft.AspNetCore.App.Runtime.win-x64 13 Microsoft.AspNetCore.App.Runtime.win-x86 13 Microsoft.AspNetCore.App.Runtime.linux-musl-x64 13 Microsoft.AspNetCore.App.Runtime.osx-x64 13 Microsoft.AspNetCore.App.Runtime.win-arm 13 Microsoft.AspNetCore.App.Runtime.linux-x64 13 Microsoft.AspNetCore.App.Runtime.linux-arm 13 Microsoft.AspNetCore.App.Runtime.linux-arm64 13 handlebars 13 org.apache.dubbo:dubbo 13 @openzeppelin/contracts-upgradeable 13 puppet 13 github.com/goharbor/harbor 13 pyftpdlib 13 grumpydictator/firefly-iii 13 org.apache.tika:tika-core 13 helm.sh/helm/v3 12 rails-html-sanitizer 12 Microsoft.AspNetCore.App.Runtime.linux-musl-arm64 12 actionview 12 sequelize 12 getkirby/cms 12 @openzeppelin/contracts 12 phpmailer/phpmailer 12 github.com/rancher/rancher 12 forkcms/forkcms 12 next 12 publify_core 12 symfony/symfony 12 openmage/magento-lts 12 onionshare-cli 11 org.jenkins-ci.plugins.workflow:workflow-cps 11 feehi/feehicms 11 org.jenkins-ci.plugins:git 11 org.apache.cxf:cxf-core 11 org.apache.hadoop:hadoop-common 11 com.liferay.portal:release.portal.bom 11 intelliants/subrion 11 fat_free_crm 11 francoisjacquet/rosariosis 11 Django 11 getgrav/grav 11 org.apache.hadoop:hadoop-main 11 DotNetNuke.Core 11 drupal/core 11 wasmtime 10 github.com/hashicorp/consul 10 tinymce 10 Microsoft.NETCore.App 10 org.apache.jspwiki:jspwiki-war 10 Microsoft.AspNetCore.App.Runtime.win-arm64 10 contao/core-bundle 10 ckb 10 Microsoft.AspNetCore.All 10 twisted 10 github.com/hashicorp/vault 10 activesupport 10 github.com/argoproj/argo-cd/v2 10 ckeditor4 10 october/system 10 vyper 10 org.apache.ranger:ranger 10 com.vaadin:flow-server 10 github.com/containerd/containerd 9 org.apache.camel:camel-core 9 io.jenkins:configuration-as-code 9 froxlor/froxlor 9 centreon/centreon 9 org.apache.xmlgraphics:batik 9 jquery 9 code.gitea.io/gitea 9 k8s.io/kubernetes 9 calibreweb 9 org.apache.hive:hive 9 concrete5/core 9 org.jenkins-ci.plugins.workflow:workflow-cps-global-lib 9 waitress 9 kevinpapst/kimai2 9 github.com/docker/docker 9 puma 9 org.apache.kylin:kylin 9 validator 9 opencv-python-headless 9 serve 9 url-parse 8 urijs 8 org.apache.tapestry:tapestry-core 8 Microsoft.AspNetCore.App.Runtime.linux-musl-arm 8 Microsoft.AspNetCore.App 8 OctoPrint 8 nodebb 8 steal 8 topthink/framework 8 org.yaml:snakeyaml 8 org.xwiki.platform:xwiki-platform-web 8 jquery-ui 8 pyload-ng 8 org.apache.shiro:shiro-core 8 org.apache.poi:poi 8 org.apache.tika:tika 8 ghost 8 org.apache.commons:commons-compress 8 github.com/kubeedge/kubeedge 8 org.apache.karaf:apache-karaf 8 org.jboss.resteasy:resteasy-client 8 mysql:mysql-connector-java 8 elefant/cms 8 npm 8 facturascripts/facturascripts 8 passenger 8 impresscms/impresscms 8 org.apache.pdfbox:pdfbox 8 org.apache.hive:hive-exec 8 node-forge 8 sylius/sylius 8 ssddanbrown/bookstack 8 github.com/nats-io/nats-server/v2 8 org.apache.ozone:ozone-main 8 opencv-contrib-python-headless 8 tar 7 org.apache.zeppelin:zeppelin 7 org.jenkins-ci.plugins:subversion 7 org.springframework:spring-webmvc 7 ezsystems/ezpublish-kernel 7 github.com/traefik/traefik/v2 7 github.com/cri-o/cri-o 7 total.js 7 org.igniterealtime.openfire:parent 7 pysaml2 7 pillow 7 feehi/cms 7 systeminformation 7 october/cms 7 org.apache.santuario:xmlsec 7 org.apache.atlas:atlas-common 7 io.jenkins.blueocean:blueocean 7 Microsoft.NETCore.App.Runtime.win-x64 7 Microsoft.NETCore.App.Runtime.win-x86 7 Microsoft.NETCore.App.Runtime.osx-x64 7 Microsoft.NETCore.App.Runtime.win-arm64 7 Microsoft.NETCore.App.Runtime.win-arm 7 Microsoft.NETCore.App.Runtime.linux-musl-arm64 7 Microsoft.NETCore.App.Runtime.linux-x64 7 Microsoft.NETCore.App.Runtime.linux-musl-x64 7 Microsoft.NETCore.App.Runtime.linux-arm64 7 Microsoft.NETCore.App.Runtime.linux-arm 7 github.com/cloudflare/cfrpki/cmd/octorpki 7 github.com/go-gitea/gitea 7 codeigniter4/framework 7 numpy 7 keystone 7 snyk-broker 7 next-auth 7 angular 7 hapi 7 org.apache.httpcomponents:httpclient 7 org.apache.druid:druid 7 urllib3 7 october/backend 7 hermes-engine 7 jsrsasign 7 hyper 7 org.apache.spark:spark-core_2.11 7 github.com/opencontainers/runc 7 org.apache.cxf:apache-cxf 7 lodash 7 org.apache.james:james-server 7 laravel/framework 7 io.atomix:atomix 7 github.com/pomerium/pomerium 7 org.apache.hive:hive-service 7 org.craftercms:crafter-studio 7 tensorflow-lite 7 magento/community-edition 7 org.jenkins-ci.plugins:ec2 6 io.jenkins.plugins:cavisson-ns-nd-integration 6 loofah 6 Simple-Wayland-HotKey-Daemon 6 org.jenkins-ci.plugins:active-directory 6 org.apache.archiva:archiva 6 org.apache.mesos:mesos 6 com.sonyericsson.hudson.plugins.gerrit:gerrit-trigger 6 org.apache.dolphinscheduler:dolphinscheduler 6 github.com/fluxcd/flux2 6 commons-jxpath:commons-jxpath 6 org.postgresql:postgresql 6 lief 6 express-cart 6 org.opencastproject:opencast-kernel 6 parse-url 6 OPCFoundation.NetStandard.Opc.Ua.Core 6 github.com/sylabs/singularity 6 doorkeeper 6 github.com/beego/beego 6 ipython 6 bootstrap 6 org.springframework.amqp:spring-amqp 6 guzzlehttp/guzzle 6 ember-source 6 inventree 6 libpulse-binding 6 org.apache.spark:spark-core_2.10 6 smarty/smarty 6 python-gnupg 6 org.owasp.antisamy:antisamy 6 Flask-AppBuilder 6 org.apache.logging.log4j:log4j-core 6 cobbler 6 github.com/google/fscrypt 6 smallvec 6 Microsoft.AspNetCore.Mvc.Core 6 pterodactyl/panel 6 aaptjs 6 sized-chunks 6 wagtail 6 Zope2 6 org.apache.syncope:syncope-core 6 org.apache.solr:solr-parent 6 io.netty:netty-handler 6