Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories

Loading...
Low
GSA_kwCzR0hTQS12NWY2LWhqbWYtOW1jNc4AA3lG
PyDrive2's unsafe YAML deserialization in LoadSettingsFile allows arbitrary code execution
Ecosystems: pypi
Packages: PyDrive2
Source: GitHub Advisory Database
Published: about 1 hour ago
Moderate
GSA_kwCzR0hTQS1wanJqLWg0ZmctNmdtNM4AA3lF
tokio-boring vulnerable to resource exhaustion via memory leak
Ecosystems: cargo
Packages: tokio-boring
Source: GitHub Advisory Database
Published: about 1 hour ago
Low
GSA_kwCzR0hTQS14OXFxLTIzNmotZ2o5N84AA3lE
Canonical LXD documentation improvement to make clear restricted.devices.disk=allow without restricted.devices.disk.paths also allows shift=true
Ecosystems: go
Packages: github.com/canonical/lxd
Source: GitHub Advisory Database
Published: about 2 hours ago
Moderate
GSA_kwCzR0hTQS05MnIzLW0ybWctcGo5N84AA3lD
Vite XSS vulnerability in `server.transformIndexHtml` via URL payload
Ecosystems: npm
Packages: vite
Source: GitHub Advisory Database
Published: about 2 hours ago
High
GSA_kwCzR0hTQS04ajk4LWNqZnItcXgzaM4AA3lC
github.com/ecies/go vulnerable to possible private key restoration
Ecosystems: go
Packages: github.com/ecies/go/v2
Source: GitHub Advisory Database
Published: about 2 hours ago
Critical
GSA_kwCzR0hTQS04djh3LXY4eGctNzlyZs4AA3lB
tj-actions/branch-names's Improper Sanitization of Branch Name Leads to Arbitrary Code Injection
Ecosystems: actions
Packages: tj-actions/branch-names
Source: GitHub Advisory Database
Published: about 2 hours ago
Moderate
GSA_kwCzR0hTQS03Zjl4LWd3ODUtOGdyZs4AA3lA
lestrrat-go/jwx's malicious parameters in JWE can cause a DOS
Ecosystems: go
Packages: github.com/lestrrat-go/jwx/jwe, github.com/lestrrat-go/jwx/v2/jwe
Source: GitHub Advisory Database
Published: about 2 hours ago
Moderate
GSA_kwCzR0hTQS03bWM2LXg5MjUtN3F2eM4AA3k_
Test code in published microsoft-graph-beta package exposes phpinfo()
Ecosystems: packagist
Packages: microsoft/microsoft-graph-beta
Source: GitHub Advisory Database
Published: about 2 hours ago
Moderate
GSA_kwCzR0hTQS1taGhwLWMzY20tMnI4Ns4AA3k-
Test code in published microsoft-graph-core package exposes phpinfo()
Ecosystems: packagist
Packages: microsoft/microsoft-graph-core
Source: GitHub Advisory Database
Published: about 2 hours ago
Moderate
GSA_kwCzR0hTQS1jZ3dxLTZwcnEtOGg5cc4AA3k9
Test code in published microsoft-graph package exposes phpinfo()
Ecosystems: packagist
Packages: microsoft/microsoft-graph
Source: GitHub Advisory Database
Published: about 2 hours ago
High
GSA_kwCzR0hTQS0yZnI3LWNjN3AtcDQ1cc4AA3k6
Data leak of password hash through change requests
Ecosystems: maven
Packages: org.xwiki.contrib.changerequest:application-changerequest-default
Source: GitHub Advisory Database
Published: about 5 hours ago
Low
GSA_kwCzR0hTQS1oNTZnLWdxOXYtdmM4cs4AA3kx
jupyter-server errors include tracebacks with path information
Ecosystems: pypi
Packages: jupyter-server
Source: GitHub Advisory Database
Published: about 7 hours ago
High
GSA_kwCzR0hTQS02ZndnLWpyZnctZmY3cM4AA3kw
Traefik docker container using 100% CPU
Ecosystems: go
Packages: github.com/traefik/traefik/v3, github.com/traefik/traefik/v2
Source: GitHub Advisory Database
Published: about 7 hours ago
Moderate
GSA_kwCzR0hTQS04Zzg1LXdocWgtY3IyZs4AA3kv
Traefik vulnerable to potential DDoS via ACME HTTPChallenge
Ecosystems: go
Packages: github.com/traefik/traefik/v3, github.com/traefik/traefik/v2
Source: GitHub Advisory Database
Published: about 7 hours ago
Moderate
GSA_kwCzR0hTQS1mdmhqLTRxZmgtcTJobc4AA3ku
Traefik incorrectly processes fragment in the URL, leads to Authorization Bypass
Ecosystems: go
Packages: github.com/traefik/traefik/v3, github.com/traefik/traefik/v2
Source: GitHub Advisory Database
Published: about 7 hours ago
Moderate
GSA_kwCzR0hTQS03MjlxLWZjZ3AtcjV4aM4AA3kR
Apache Struts Improper Control of Dynamically-Managed Code Resources vulnerability
Ecosystems: maven
Packages: org.apache.struts:struts2-core
Source: GitHub Advisory Database
Published: about 16 hours ago
Moderate
GSA_kwCzR0hTQS04djZqLWdjNzQtZm1wcM4AA3hz
Ajax Pro Cross-site Scripting
Ecosystems: nuget
Packages: AjaxNetProfessional
Source: GitHub Advisory Database
Published: 1 day ago
High
GSA_kwCzR0hTQS1qM3JxLTR4ancteGc2M84AA3hy
Go package github.com/edgelesssys/marblerun CLI commands susceptible to MITM attacks
Ecosystems: go
Packages: github.com/edgelesssys/marblerun
Source: GitHub Advisory Database
Published: 1 day ago
Critical
GSA_kwCzR0hTQS0zN3ZxLWhyMmYtZzdoN84AA3hx
HtmlUnit vulnerable to Remote Code Execution (RCE) via XSTL
Ecosystems: maven
Packages: org.htmlunit:htmlunit
Source: GitHub Advisory Database
Published: 1 day ago
Moderate
GSA_kwCzR0hTQS1ncWoyLTMyNHAtdng3M84AA3hv
Microcks contains a Server-Side Request Forgery (SSRF) via the component /jobs and /artifact/download
Ecosystems: maven
Packages: io.github.microcks:microcks
Source: GitHub Advisory Database
Published: 1 day ago
Moderate
GSA_kwCzR0hTQS00ZzZxLTc3ajctdnZqY84AA3hm
Logging of the firestore key within nodejs-firestore
Ecosystems: npm
Packages: @google-cloud/firestore
Source: GitHub Advisory Database
Published: 1 day ago
Moderate
GSA_kwCzR0hTQS13ajdmLTQ2OG0tNm12OM4AA3e_
Environment variables still accessible through /proc
Ecosystems: cargo
Packages: birdcage
Source: GitHub Advisory Database
Published: 4 days ago
Moderate
GSA_kwCzR0hTQS03bTQ4LXdjOTMtOWc4Nc4AA3e-
ASAR Integrity bypass via filetype confusion in electron
Ecosystems: npm
Packages: electron
Source: GitHub Advisory Database
Published: 4 days ago
High
GSA_kwCzR0hTQS03dndyLWc2cG0tOWhjOM4AA3e0
Cookie leakage between different users in fastapi-proxy-lib
Ecosystems: pypi
Packages: fastapi-proxy-lib
Source: GitHub Advisory Database
Published: 4 days ago
Moderate
GSA_kwCzR0hTQS02ZzNqLXA1ZzYtOTkyZs4AA3ez
OpenSearch StackOverflow vulnerability
Ecosystems: maven
Packages: org.opensearch:opensearch
Source: GitHub Advisory Database
Published: 4 days ago
High
GSA_kwCzR0hTQS1yOGo5LTVjajctY3YzOc4AA3ey
Reflected XSS Vulnerability in dpaste
Ecosystems: pypi
Packages: Dpaste
Source: GitHub Advisory Database
Published: 4 days ago
High
GSA_kwCzR0hTQS1mZzI5LTM3cHgtYzd3bc4AA3et
RuoYi vulnerable to SQL injection vulnerability
Ecosystems: maven
Packages: com.ruoyi:ruoyi
Source: GitHub Advisory Database
Published: 4 days ago
Moderate
GSA_kwCzR0hTQS1qMjRoLXhjcGMtOWp3OM4AA3d2
Eclipse IDE XXE in eclipse.platform
Ecosystems: maven
Packages: org.eclipse.platform:org.eclipse.update.configurator, org.eclipse.platform:org.eclipse.ui.intro, org.eclipse.platform:org.eclipse.ui.intro.universal, org.eclipse.platform:org.eclipse.ui.cheatsheets, org.eclipse.platform:org.eclipse.tips.ide, org.eclipse.platform:org.eclipse.help, org.eclipse.platform:org.eclipse.help.webapp, org.eclipse.platform:org.eclipse.help.ui, org.eclipse.platform:org.eclipse.help.base, org.eclipse.platform:org.eclipse.compare.examples.xml, org.eclipse.platform:org.eclipse.team.ui, org.eclipse.platform:org.eclipse.ant.launching, org.eclipse.platform:org.eclipse.ant.core, org.eclipse.core:org.eclipse.core.runtime, org.eclipse.platform:org.eclipse.core.resources, org.eclipse.platform:org.eclipse.debug.ui, org.eclipse.platform:org.eclipse.debug.core, org.eclipse.platform:org.eclipse.core.variables, org.eclipse.platform:org.eclipse.ant.ui
Source: GitHub Advisory Database
Published: 5 days ago
Moderate
GSA_kwCzR0hTQS1wcnIzLWMzbTUtcDdxMs4AA3d1
@adobe/css-tools Improper Input Validation and Inefficient Regular Expression Complexity
Ecosystems: npm
Packages: @adobe/css-tools
Source: GitHub Advisory Database
Published: 5 days ago
Critical
GSA_kwCzR0hTQS03N2pnLWNwdzktNzN2Z84AA3bl
Apache Cocoon Improper Restriction of XML External Entity Reference vulnerability
Ecosystems: maven
Packages: org.apache.cocoon:cocoon
Source: GitHub Advisory Database
Published: 6 days ago
Moderate
GSA_kwCzR0hTQS1yNDRxLTk4Z3gtcG1oMs4AA3bb
Apache DolphinScheduler Missing Authorization vulnerability
Ecosystems: maven
Packages: org.apache.dolphinscheduler:dolphinscheduler-service, org.apache.dolphinscheduler:dolphinscheduler-dao, org.apache.dolphinscheduler:dolphinscheduler-common, org.apache.dolphinscheduler:dolphinscheduler-api
Source: GitHub Advisory Database
Published: 6 days ago
Critical
GSA_kwCzR0hTQS04djR3LWpyMzMtNHJoM84AA3bY
Apache Cocoon SQL Injection vulnerability
Ecosystems: maven
Packages: org.apache.cocoon:cocoon
Source: GitHub Advisory Database
Published: 6 days ago
High
GSA_kwCzR0hTQS0yYzd4LXczbXgtaDdwNs4AA3ba
Microweber file upload vulnerability
Ecosystems: packagist
Packages: microweber/microweber
Source: GitHub Advisory Database
Published: 6 days ago
Moderate
GSA_kwCzR0hTQS1ydng4LXAzeHAtZmozcM4AA3a4
October CMS stored XSS by authenticated backend user with improper configuration
Ecosystems: packagist
Packages: october/system
Source: GitHub Advisory Database
Published: 6 days ago
Moderate
GSA_kwCzR0hTQS1neGh4LWc0ZnEtNDloas4AA3a3
CarrierWave Content-Type allowlist bypass vulnerability, possibly leading to XSS
Ecosystems: rubygems
Packages: carrierwave
Source: GitHub Advisory Database
Published: 6 days ago
Critical
GSA_kwCzR0hTQS1wOHEzLWg2NTItNjV2eM4AA3a2
October CMS safe mode bypass using Twig sandbox escape
Ecosystems: packagist
Packages: october/system
Source: GitHub Advisory Database
Published: 6 days ago
Moderate
GSA_kwCzR0hTQS1xMjJqLTVyM2ctOWhtaM4AA3a1
October CMS safe mode bypass using Page template injection
Ecosystems: packagist
Packages: october/system
Source: GitHub Advisory Database
Published: 6 days ago
Low
GSA_kwCzR0hTQS04aGM1LXJtZ2YtcXg2cM4AA3a0
Keycloak vulnerable to LDAP Injection on UsernameForm Login
Ecosystems: maven
Packages: org.keycloak:keycloak-services, org.keycloak:keycloak-ldap-federation
Source: GitHub Advisory Database
Published: 6 days ago
High
GSA_kwCzR0hTQS0yd21qLTQ2cmotcW0yd84AA3az
ZITADEL Account Takeover via Malicious Host Header Injection
Ecosystems: go
Packages: github.com/zitadel/zitadel
Source: GitHub Advisory Database
Published: 6 days ago
High
GSA_kwCzR0hTQS05ZjVnLXJnY3ItOGdyd84AA3aj
Jenkins MATLAB Plugin cross-site request forgery vulnerability
Ecosystems: maven
Packages: org.jenkins-ci.plugins:matlab
Source: GitHub Advisory Database
Published: 6 days ago
Moderate
GSA_kwCzR0hTQS1xbWhxLTg3NmYtY3I2Nc4AA3ag
Jenkins Jira Plugin vulnerable to exposure of system-scoped credentials
Ecosystems: maven
Packages: org.jenkins-ci.plugins:jira
Source: GitHub Advisory Database
Published: 6 days ago
Moderate
GSA_kwCzR0hTQS1waDg3LTR4MmctNmhwNM4AA3al
Jenkins NeuVector Vulnerability Scanner Plugin missing permission check
Ecosystems: maven
Packages: o.jenkins.plugins:neuvector-vulnerability-scanner
Source: GitHub Advisory Database
Published: 6 days ago
Moderate
GSA_kwCzR0hTQS13cGZjLXI1cXEtN3I3cM4AA3af
Jenkins NeuVector Vulnerability Scanner Plugin Cross-Site Request Forgery vulnerability
Ecosystems: maven
Packages: o.jenkins.plugins:neuvector-vulnerability-scanner
Source: GitHub Advisory Database
Published: 6 days ago
High
GSA_kwCzR0hTQS1jdjR4LTlmMzQtOHJwOc4AA3ae
Jenkins MATLAB Plugin missing permission checks
Ecosystems: maven
Packages: org.jenkins-ci.plugins:matlab
Source: GitHub Advisory Database
Published: 6 days ago
High
GSA_kwCzR0hTQS04MnE5LTg4bTItNHY2OM4AA3ai
Jenkins MATLAB Plugin XML External Entity vulnerability
Ecosystems: maven
Packages: org.jenkins-ci.plugins:matlab
Source: GitHub Advisory Database
Published: 6 days ago
Moderate
GSA_kwCzR0hTQS1wZ3BqLTgzZzMtbWZyMs4AA3ah
Jenkins Google Compute Engine Plugin has incorrect permission checks
Ecosystems: maven
Packages: org.jenkins-ci.plugins:google-compute-engine
Source: GitHub Advisory Database
Published: 6 days ago
High
GSA_kwCzR0hTQS12bXE2LTVtNjgtZjUzbc4AA3ab
logback serialization vulnerability
Ecosystems: maven
Packages: ch.qos.logback:logback-classic, ch.qos.logback:logback-core
Source: GitHub Advisory Database
Published: 7 days ago
High
GSA_kwCzR0hTQS1jMzh3LTc0cGctMzZocs4AA3Z_
Marvin Attack: potential key recovery through timing sidechannels
Ecosystems: cargo
Packages: rsa
Source: GitHub Advisory Database
Published: 7 days ago
High
GSA_kwCzR0hTQS00Z3J4LTJ4OXctNTk2Y84AA3Z-
Marvin Attack: potential key recovery through timing sidechannels
Ecosystems: cargo
Packages: rsa
Source: GitHub Advisory Database
Published: 7 days ago
Moderate
GSA_kwCzR0hTQS14cGhmLWN4OGgtN3E5Z84AA3Zx
`openssl` `X509StoreRef::objects` is unsound
Ecosystems: cargo
Packages: openssl
Source: GitHub Advisory Database
Published: 7 days ago
Moderate
GSA_kwCzR0hTQS1qZmhtLTVnaGgtMmY5N84AA3Zw
cryptography vulnerable to NULL-dereference when loading PKCS7 certificates
Ecosystems: pypi
Packages: cryptography
Source: GitHub Advisory Database
Published: 7 days ago
High
GSA_kwCzR0hTQS1mNjc4LWo1NzktNHhmNc4AA3Zv
Apache Superset - Elevation of Privilege
Ecosystems: pypi
Packages: apache-superset
Source: GitHub Advisory Database
Published: 7 days ago
Moderate
GSA_kwCzR0hTQS13dzd4LTNneGgtcW02cs4AA3Zu
Validation of SignedInfo
Ecosystems: packagist
Packages: simplesamlphp/saml2, simplesamlphp/xml-security
Source: GitHub Advisory Database
Published: 7 days ago
High
GSA_kwCzR0hTQS05dmZjLXF4Yzgtd3Jwcc4AA3Zm
ureport arbitrary file read vulnerability
Ecosystems: maven
Packages: com.bstek.ureport:ureport2-core
Source: GitHub Advisory Database
Published: 7 days ago
Moderate
GSA_kwCzR0hTQS1mZ3B3LTR3NjktajI1Ns4AA3Zs
Apache Superset Exposure of Sensitive Information to an Unauthorized Actor vulnerability
Ecosystems: pypi
Packages: apache-superset
Source: GitHub Advisory Database
Published: 7 days ago
High
GSA_kwCzR0hTQS1mY2N2LWptbXAtcWc3Ns4AA3Zq
Apache Tomcat Improper Input Validation vulnerability
Ecosystems: maven
Packages: org.apache.tomcat:tomcat-catalina
Source: GitHub Advisory Database
Published: 7 days ago
High
GSA_kwCzR0hTQS01M3Y0LTQyZmctZzI4N84AA3Zo
Apache ActiveMQ Deserialization of Untrusted Data vulnerability
Ecosystems: maven
Packages: org.apache.activemq:apache-activemq
Source: GitHub Advisory Database
Published: 7 days ago
Moderate
GSA_kwCzR0hTQS1oYzc0LTl2am0tYzl4ds4AA3Zp
Apache Superset Open Redirect vulnerability
Ecosystems: pypi
Packages: apache-superset
Source: GitHub Advisory Database
Published: 7 days ago
Moderate
GSA_kwCzR0hTQS0zaHA3LTRxcTQtdjVjNs4AA3Zt
Apache Superset Allocation of Resources Without Limits or Throttling vulnerability
Ecosystems: pypi
Packages: apache-superset
Source: GitHub Advisory Database
Published: 7 days ago
Moderate
GSA_kwCzR0hTQS14d2g5LWdjMzktNTI5OM4AA3Zk
github.com/go-resty/resty/v2 HTTP request body disclosure
Ecosystems: go
Packages: github.com/go-resty/resty/v2
Source: GitHub Advisory Database
Published: 7 days ago
High
GSA_kwCzR0hTQS1xMjR2LWhwZzMtdjNqcM4AA3ZQ
Reactor Netty HTTP Server denial of service vulnerability
Ecosystems: maven
Packages: io.projectreactor.netty:reactor-netty-http
Source: GitHub Advisory Database
Published: 8 days ago
High
GSA_kwCzR0hTQS12OTRoLWh2aGctbWY5aM4AA3ZR
Spring Framework vulnerable to denial of service
Ecosystems: maven
Packages: org.springframework:spring-webmvc
Source: GitHub Advisory Database
Published: 8 days ago
Moderate
GSA_kwCzR0hTQS1qamZoLTU4OWctM2hqeM4AA3ZY
Spring Boot denial of service vulnerability
Ecosystems: maven
Packages: org.springframework.boot:spring-boot
Source: GitHub Advisory Database
Published: 8 days ago
High
GSA_kwCzR0hTQS02OHByLTZmamMtd21nbc4AA3Yo
Improper Neutralization of Input in Advanced User Interface for Jolt
Ecosystems: maven
Packages: org.apache.nifi:nifi-jolt-transform-json-ui
Source: GitHub Advisory Database
Published: 8 days ago
Low
GSA_kwCzR0hTQS00MjMzLTdxNXEtbTdwNs4AA3Yl
google-translate-api-browser Server-Side Request Forgery (SSRF) Vulnerability
Ecosystems: npm
Packages: google-translate-api-browser
Source: GitHub Advisory Database
Published: 8 days ago
Moderate
GSA_kwCzR0hTQS04OGcyLXhnaDktNHBoMs4AA3Yk
OroCommerce get-totals-for-checkout API endpoint returns unwanted data
Ecosystems: packagist
Packages: oro/commerce
Source: GitHub Advisory Database
Published: 8 days ago
Moderate
GSA_kwCzR0hTQS04Z3dqLTY4dzYtN3Y2Y84AA3Yj
OroCommerce Customer Portal Incorrect Customer and Customer Group Frontend Menus pages visibility
Ecosystems: packagist
Packages: oro/customer-portal
Source: GitHub Advisory Database
Published: 8 days ago
Moderate
GSA_kwCzR0hTQS04OTd3LWp2N2otNnI3Z84AA3Yi
OroCRMCallBundle has incorrect call view page visibility
Ecosystems: packagist
Packages: oro/crm-call-bundle
Source: GitHub Advisory Database
Published: 8 days ago
Moderate
GSA_kwCzR0hTQS14MnhtLXA2dnEtNDgyZ84AA3Yh
OroCalendarBundle has incorrect system calendar events visibility
Ecosystems: packagist
Packages: oro/calendar-bundle
Source: GitHub Advisory Database
Published: 8 days ago
High
GSA_kwCzR0hTQS05djNqLTRqNjQtcDkzN84AA3Yg
OroPlatform vulnerable to path traversal during temporary file manipulations
Ecosystems: packagist
Packages: oro/platform
Source: GitHub Advisory Database
Published: 8 days ago
Moderate
GSA_kwCzR0hTQS1xbXZqLTRxcjktdjU0N84AA3Yf
Knative Serving vulnerable to attacker-controlled pod causing denial of service of autoscaler
Ecosystems: go
Packages: knative.dev/serving
Source: GitHub Advisory Database
Published: 8 days ago
High
GSA_kwCzR0hTQS05d3dnLXIzYzctNHZmZ84AA3Ye
Pimcore Admin UI has Two Factor Authentication disabled for non admin security firewalls
Ecosystems: packagist
Packages: pimcore/admin-ui-classic-bundle
Source: GitHub Advisory Database
Published: 8 days ago
High
GSA_kwCzR0hTQS1xM3F4LWM2ZzItN3B3Ms4AA3Yd
aiohttp's ClientSession is vulnerable to CRLF injection via version
Ecosystems: pypi
Packages: aiohttp
Source: GitHub Advisory Database
Published: 8 days ago
Moderate
GSA_kwCzR0hTQS1xdnJ3LXY5cnYtNXJqeM4AA3Yc
aiohttp's ClientSession is vulnerable to CRLF injection via method
Ecosystems: pypi
Packages: aiohttp
Source: GitHub Advisory Database
Published: 8 days ago
Moderate
GSA_kwCzR0hTQS1wamp3LXFoZzgtcDJwOc4AA3Yb
aiohttp has vulnerable dependency that is vulnerable to request smuggling
Ecosystems: pypi
Packages: aiohttp
Source: GitHub Advisory Database
Published: 8 days ago
High
GSA_kwCzR0hTQS1qcHI3LXE1MjMtaHgyNc4AA3X2
phpseclib vulnerable to denial of service
Ecosystems: packagist
Packages: phpseclib/phpseclib
Source: GitHub Advisory Database
Published: 8 days ago
High
GSA_kwCzR0hTQS1yNjhoLWpoaGotOWp2bc4AA3Xs
Validator.isValidSafeHTML is being deprecated and will be deleted from org.owasp.esapi:esapi in 1 year
Ecosystems: maven
Packages: org.owasp.esapi:esapi
Source: GitHub Advisory Database
Published: 8 days ago
Moderate
GSA_kwCzR0hTQS1oZnhoLXJqdjctMjM2Oc4AA3Xr
Uptime Kuma Authenticated remote code execution via TailscalePing
Ecosystems: npm
Packages: uptime-kuma
Source: GitHub Advisory Database
Published: 8 days ago
Moderate
GSA_kwCzR0hTQS13cThxLTk5cDUteGZyd84AA3Xf
Apache Superset Cross-site Scripting vulnerability
Ecosystems: pypi
Packages: apache-superset
Source: GitHub Advisory Database
Published: 9 days ago
Moderate
GSA_kwCzR0hTQS0zNDg3LTNqN2MtN2d3as4AA3XX
Mattermost Uncontrolled Resource Consumption vulnerability
Ecosystems: go
Packages: github.com/mattermost/mattermost-server/v6, github.com/mattermost/mattermost/server/v8
Source: GitHub Advisory Database
Published: 9 days ago
Moderate
GSA_kwCzR0hTQS12djY1LWZqZmotNDczNs4AA3Xl
Apache Superset has Incorrect Default Permissions
Ecosystems: pypi
Packages: apache-superset
Source: GitHub Advisory Database
Published: 9 days ago
Moderate
GSA_kwCzR0hTQS0zOTJjLXZqZnYtaDd3cs4AA3Xd
Apache Superset - Elevation of Privilege
Ecosystems: pypi
Packages: apache-superset
Source: GitHub Advisory Database
Published: 9 days ago
Moderate
GSA_kwCzR0hTQS1jNmNnLTczcDMtOTczaM4AA3Xa
Apache DolphinScheduler Exposure of Sensitive Information to an Unauthorized Actor vulnerability
Ecosystems: maven
Packages: org.apache.dolphinscheduler:dolphinscheduler-api
Source: GitHub Advisory Database
Published: 9 days ago
Moderate
GSA_kwCzR0hTQS04NWpqLWM5anItOWpoeM4AA3Xb
Mattermost Improper Access Control vulnerability
Ecosystems: go
Packages: github.com/mattermost/mattermost-server/v6, github.com/mattermost/mattermost/server/v8
Source: GitHub Advisory Database
Published: 9 days ago
Moderate
GSA_kwCzR0hTQS1qanI3LTM3MnItY3g3eM4AA3XY
Mattermost Exposure of Sensitive Information to an Unauthorized Actor vulnerability
Ecosystems: go
Packages: github.com/mattermost/mattermost-server/v6, github.com/mattermost/mattermost/server/v8
Source: GitHub Advisory Database
Published: 9 days ago
Low
GSA_kwCzR0hTQS1qY2d2LTNwZnEtajRocs4AA3Xh
Mattermost Injection vulnerability
Ecosystems: go
Packages: github.com/mattermost/mattermost-server/v6, github.com/mattermost/mattermost/server/v8
Source: GitHub Advisory Database
Published: 9 days ago
Moderate
GSA_kwCzR0hTQS1wNXByLXZtM2otanh4Zs4AA3Xm
Mattermost Exposure of Sensitive Information to an Unauthorized Actor vulnerability
Ecosystems: go
Packages: github.com/mattermost/mattermost-server/v6, github.com/mattermost/mattermost/server/v8
Source: GitHub Advisory Database
Published: 9 days ago
Moderate
GSA_kwCzR0hTQS1qajQ2LTljZ2gtcW1meM4AA3Xc
Mattermost Improper Access Control vulnerability
Ecosystems: go
Packages: github.com/mattermost/mattermost-server/v6, github.com/mattermost/mattermost/server/v8
Source: GitHub Advisory Database
Published: 9 days ago
Moderate
GSA_kwCzR0hTQS1jMzdyLXY4angtN2N2Ms4AA3Xi
Mattermost Uncontrolled Resource Consumption vulnerability
Ecosystems: go
Packages: github.com/mattermost/mattermost-server/v6, github.com/mattermost/mattermost/server/v8
Source: GitHub Advisory Database
Published: 9 days ago
Moderate
GSA_kwCzR0hTQS1qNGMzLTNoNzMtNzRtOc4AA3Xj
Mattermost Uncontrolled Resource Consumption vulnerability
Ecosystems: go
Packages: github.com/mattermost/mattermost-server/v6, github.com/mattermost/mattermost/server/v8
Source: GitHub Advisory Database
Published: 9 days ago
Moderate
GSA_kwCzR0hTQS00Z2h4LThqdzgtcDc2cc4AA3XZ
Mattermost Open Redirect vulnerability
Ecosystems: go
Packages: github.com/mattermost/mattermost-server/v6, github.com/mattermost/mattermost/server/v8
Source: GitHub Advisory Database
Published: 9 days ago
High
GSA_kwCzR0hTQS03cHZ4LTQ1ODUtaHF3d84AA3W_
sequelize-typescript Prototype Pollution vulnerability
Ecosystems: npm
Packages: sequelize-typescript
Source: GitHub Advisory Database
Published: 11 days ago
Moderate
GSA_kwCzR0hTQS12NHYyLThoODgtNjVxas4AA3W6
Attribute Injection leading to XSS(Cross-Site-Scripting)
Ecosystems: npm
Packages: uptime-kuma
Source: GitHub Advisory Database
Published: 11 days ago
Moderate
GSA_kwCzR0hTQS1ycXI4LXB4aDctY3EzZ84AA3W5
Ethereum ABI decoder DoS when parsing ZST
Ecosystems: pypi
Packages: eth-abi
Source: GitHub Advisory Database
Published: 11 days ago
Critical
GSA_kwCzR0hTQS1mcHZ3LTZtNXYtaHFmcM4AA3W4
Capsule Proxy Authentication bypass using an empty token
Ecosystems: go
Packages: github.com/clastix/capsule-proxy, github.com/projectcapsule/capsule-proxy
Source: GitHub Advisory Database
Published: 11 days ago
Critical
GSA_kwCzR0hTQS05ampjLWdyZzUtNjdnas4AA3W2
SQL injection vulnerability in Meshery
Ecosystems: go
Packages: github.com/layer5io/meshery
Source: GitHub Advisory Database
Published: 11 days ago
High
GSA_kwCzR0hTQS00dnZjLXI0cDQtcWdycs4AA3Wo
Apache DolphinScheduler sensitive information disclosure
Ecosystems: maven
Packages: org.apache.dolphinscheduler:dolphinscheduler
Source: GitHub Advisory Database
Published: 12 days ago
Critical
GSA_kwCzR0hTQS03NXcyLXF2NTUteDdmds4AA3We
openssl npm package vulnerable to command execution
Ecosystems: npm
Packages: openssl
Source: GitHub Advisory Database
Published: 12 days ago
Moderate
GSA_kwCzR0hTQS13anhqLTVtN2ctbWc3cc4AA3WZ
Bouncy Castle Denial of Service (DoS)
Ecosystems: maven
Packages: org.bouncycastle:bcprov-jdk18on
Source: GitHub Advisory Database
Published: 12 days ago
Low
GSA_kwCzR0hTQS04NXA0LXEzNTctNzJoOc4AA3WE
Apache Storm Local Information Disclosure Vulnerability in Storm-core on Unix-Like systems due temporary files
Ecosystems: maven
Packages: org.apache.storm:storm-core
Source: GitHub Advisory Database
Published: 13 days ago
Filter by Package
tensorflow 433 tensorflow-cpu 387 tensorflow-gpu 384 Microsoft.ChakraCore 247 org.jenkins-ci.main:jenkins-core 170 pimcore/pimcore 118 moodle/moodle 116 magento/community-edition 113 org.apache.tomcat:tomcat 106 microweber/microweber 87 django 78 com.fasterxml.jackson.core:jackson-databind 70 thorsten/phpmyfaq 68 apache-airflow 65 actionpack 63 github.com/usememos/memos 59 dolibarr/dolibarr 53 ansible 53 typo3/cms-core 50 librenms/librenms 49 org.apache.struts:struts2-core 49 org.keycloak:keycloak-core 45 shopware/platform 43 phpmyadmin/phpmyadmin 43 rdiffweb 42 showdoc/showdoc 40 Pillow 40 nokogiri 40 baserproject/basercms 39 concrete5/concrete5 39 apache-superset 39 com.thoughtworks.xstream:xstream 37 symfony/symfony 37 plone 36 github.com/answerdev/answer 34 matrix-synapse 34 craftcms/cms 34 github.com/mattermost/mattermost-server/v6 33 typo3/cms 33 snipe/snipe-it 32 shopware/core 32 Plone 32 net.mingsoft:ms-mcms 32 opencv-python 30 opencv-contrib-python 30 k8s.io/kubernetes 30 org.elasticsearch:elasticsearch 29 org.xwiki.platform:xwiki-platform-oldcore 29 intelliants/subrion 29 com.liferay.portal:release.portal.bom 27 froxlor/froxlor 27 parse-server 27 electron 26 io.undertow:undertow-core 26 shopware/shopware 26 openssl-src 26 rubygems-update 25 org.keycloak:keycloak-parent 25 github.com/argoproj/argo-cd 25 gogs.io/gogs 25 activerecord 24 vyper 23 org.springframework:spring-core 23 github.com/hashicorp/nomad 22 prestashop/prestashop 22 org.jenkins-ci.plugins:script-security 22 github.com/hashicorp/consul 22 org.apache.nifi:nifi 22 org.eclipse.jetty:jetty-server 22 org.apache.tomcat.embed:tomcat-embed-core 22 silverstripe/framework 22 remdex/livehelperchat 22 nilsteampassnet/teampass 22 github.com/hashicorp/vault 21 org.apache.openmeetings:openmeetings-parent 21 org.apache.solr:solr-core 21 centreon/centreon 21 pocketmine/pocketmine-mp 21 org.springframework.security:spring-security-core 21 grumpydictator/firefly-iii 20 drupal/core 20 rack 20 @openzeppelin/contracts-upgradeable 19 DotNetNuke.Core 19 github.com/ethereum/go-ethereum 19 tribalsystems/zenario 18 getkirby/cms 18 mautic/core 18 @openzeppelin/contracts 18 github.com/rancher/rancher 18 org.apache.activemq:activemq-client 18 com.vaadin:vaadin-bom 18 github.com/mattermost/mattermost/server/v8 17 org.xwiki.platform:xwiki-platform-web-templates 17 org.bouncycastle:bcprov-jdk14 17 org.apache.geode:geode-core 17 sequelize 17 cakephp/cakephp 17 getgrav/grav 17 Django 16 marked 16 golang.org/x/net 16 Microsoft.AspNetCore.App.Runtime.win-x86 16 Microsoft.AspNetCore.App.Runtime.win-x64 16 yetiforce/yetiforce-crm 16 cockpit-hq/cockpit 16 francoisjacquet/rosariosis 16 puppet 16 github.com/grafana/grafana 16 rusqlite 16 github.com/argoproj/argo-cd/v2 15 langchain 15 org.bouncycastle:bcprov-jdk15 15 Microsoft.AspNetCore.App.Runtime.win-arm 15 org.apache.jspwiki:jspwiki-main 15 forkcms/forkcms 15 activesupport 15 github.com/goharbor/harbor 15 org.keycloak:keycloak-services 15 helm.sh/helm/v3 15 publify_core 14 wasmtime 14 github.com/docker/docker 14 github.com/cilium/cilium 14 Microsoft.AspNetCore.App.Runtime.linux-arm 14 Microsoft.AspNetCore.App.Runtime.linux-arm64 14 Microsoft.AspNetCore.App.Runtime.osx-x64 14 Microsoft.AspNetCore.App.Runtime.linux-x64 14 Microsoft.AspNetCore.App.Runtime.linux-musl-x64 14 modoboa 14 swagger-ui 14 org.xwiki.platform:xwiki-platform-web 14 actionview 14 org.apache.dubbo:dubbo 14 github.com/nats-io/nats-server/v2 14 ezsystems/ezpublish-kernel 13 org.apache.hadoop:hadoop-main 13 notebook 13 Microsoft.AspNetCore.App.Runtime.win-arm64 13 Microsoft.AspNetCore.App.Runtime.linux-musl-arm64 13 tinymce 13 passenger 13 handlebars 13 code.gitea.io/gitea 13 openmage/magento-lts 13 next 13 org.apache.cxf:cxf 13 pyftpdlib 13 october/system 13 strapi 13 wallabag/wallabag 13 cobbler 13 nova 13 pillow 13 lavalite/cms 12 onionshare-cli 12 rails-html-sanitizer 12 mlflow 12 phpmailer/phpmailer 12 com.vaadin:flow-server 12 cryptography 12 ckb 12 impresscms/impresscms 12 vm2 12 directus 12 github.com/containerd/containerd 11 feehi/feehicms 11 org.jenkins-ci.plugins:git 11 contao/core-bundle 11 github.com/traefik/traefik/v2 11 feehi/cms 11 org.apache.hadoop:hadoop-common 11 ghost 11 github.com/opencontainers/runc 11 Microsoft.NETCore.App.Runtime.win-arm64 11 Microsoft.NETCore.App.Runtime.win-x86 11 Microsoft.NETCore.App.Runtime.win-x64 11 fat_free_crm 11 twisted 11 nodebb 11 org.apache.inlong:manager-pojo 11 topthink/framework 11 calibreweb 11 jquery-rails 11 org.jeecgframework.boot:jeecg-boot-parent 11 elefant/cms 11 ckeditor4 11 org.apache.jspwiki:jspwiki-war 11 org.apache.ranger:ranger 11 org.apache.tika:tika-core 11 keystone 11 urllib3 11 github.com/cloudflare/cfrpki 11 org.jenkins-ci.plugins.workflow:workflow-cps 10 github.com/go-gitea/gitea 10 org.apache.camel:camel-core 10 admidio/admidio 10 Microsoft.NETCore.App 10 Microsoft.AspNetCore.All 10 OctoPrint 10 org.apache.inlong:manager-service 10 laravel/framework 10 angular 10 salt 10 org.apache.cxf:cxf-core 10 jquery 10 org.jenkins-ci.plugins.workflow:workflow-cps-global-lib 10 rails 10 smarty/smarty 10 org.jboss.netty:netty 10 io.netty:netty 10 puma 10 silverstripe/cms 10 org.jenkins-ci.plugins:electricflow 9 com.xuxueli:xxl-job 9 github.com/sylabs/singularity 9 org.springframework:spring-webmvc 9 ssddanbrown/bookstack 9 org.opennms:opennms 9 ezsystems/ezplatform-kernel 9 kiwitcms 9 funadmin/funadmin 9 org.apache.commons:commons-compress 9 studio-42/elfinder 9 com.sonyericsson.jenkins.plugins.bfa:build-failure-analyzer 9 org.igniterealtime.openfire:parent 9 october/cms 9 org.apache.tapestry:tapestry-core 9 org.craftercms:crafter-studio 9 opencv-contrib-python-headless 9 opencv-python-headless 9 sylius/sylius 9 Microsoft.AspNetCore.App.Runtime.linux-musl-arm 9 org.apache.xmlgraphics:batik 9 alextselegidis/easyappointments 9 org.mortbay.jetty:jetty 9 io.jenkins:configuration-as-code 9 pyload-ng 9 next-auth 9 org.opencrx:opencrx-core-models 9 org.apache.hive:hive 9 Microsoft.NetCore.App.Runtime.win-arm64 9 Microsoft.NetCore.App.Runtime.win-x86 9 Microsoft.NetCore.App.Runtime.win-x64 9 Microsoft.NetCore.App.Runtime.win-arm 9 org.webjars.npm:jquery 9 org.apache.tomcat:tomcat-catalina 9 concrete5/core 9 istio.io/istio 9 kevinpapst/kimai2 9 waitress 9 glance 9 org.apache.james:james-server 9 codeigniter4/framework 9 validator 9 ethyca-fides 9 wagtail 9 serve 9 github.com/openfga/openfga 9 org.jenkins-ci.plugins:email-ext 8 Zope 8 org.apache.zeppelin:zeppelin 8 Flask-AppBuilder 8 org.jeecgframework.boot:jeecg-boot-common 8 systeminformation 8 org.apache.santuario:xmlsec 8 io.jenkins.blueocean:blueocean 8 Microsoft.NETCore.App.Runtime.linux-arm 8 Microsoft.NETCore.App.Runtime.linux-musl-x64 8 Microsoft.NETCore.App.Runtime.linux-x64 8 Microsoft.NETCore.App.Runtime.linux-arm64 8 Microsoft.NETCore.App.Runtime.linux-musl-arm64 8 Microsoft.AspNetCore.App 8 dompdf/dompdf 8 aiohttp 8 node-forge 8 url-parse 8 matrix-js-sdk 8 steal 8 urijs 8 deno 8 joplin 8 numpy 8 org.apache.shiro:shiro-core 8 @strapi/strapi 8 github.com/kubeedge/kubeedge 8 npm 8 simplesamlphp/simplesamlphp 8 mysql:mysql-connector-java 8 wwbn/avideo 8 org.apache.pdfbox:pdfbox 8 jquery-ui-rails 8 org.webjars.npm:jquery-ui 8 jQuery.UI.Combined 8 jquery-ui 8 jQuery 8 facturascripts/facturascripts 8 october/october 8 org.apache.hive:hive-exec 8 org.yaml:snakeyaml 8