Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories

Browse all Security Advisories for

Loading...
Moderate
GSA_kwCzR0hTQS1wcXB3LTg5dzUtODJ2Nc4ABBP6
`simd-json-derive` vulnerable to `MaybeUninit` misuse
Ecosystems: cargo
Packages: simd-json-derive
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 8 days ago
Low
GSA_kwCzR0hTQS03amp4LTNxdzktajZoNs4ABBP5
cggmp21-keygen has ambiguous challenge derivation
Ecosystems: cargo
Packages: cggmp21-keygen
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 8 days ago
Low
GSA_kwCzR0hTQS14OGpoLXhqM3gtZ3gzY84ABBP4
`fast-float` has multiple soundness issues
Ecosystems: cargo
Packages: fast-float
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 8 days ago
Moderate
GSA_kwCzR0hTQS1jbTQ2LWdxZjQtbXY0Zs4ABBP3
Orchid Platform has Method Exposure Vulnerability in Modals
Ecosystems: packagist
Packages: orchid/platform
Source: GitHub Advisory Database
Blast Radius: 9.3
Published: 8 days ago
Moderate
GSA_kwCzR0hTQS14dmc4LW00eDMtdzZ4cs4ABBP2
matrix-js-sdk has insufficient MXC URI validation which allows client-side path traversal
Ecosystems: npm
Packages: matrix-js-sdk
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 8 days ago
High
GSA_kwCzR0hTQS14cTN3LXY1MjgtNDZyds4ABBP1
Denial of Service attack on windows app using netty
Ecosystems: maven
Packages: io.netty:netty-common
Source: GitHub Advisory Database
Blast Radius: 20.4
Published: 8 days ago
High
GSA_kwCzR0hTQS1jeHdmLXFjMzItMzc1Zs4ABBP0
Decidim-Awesome has SQL injection in AdminAccountability
Ecosystems: rubygems
Packages: decidim-decidim_awesome
Source: GitHub Advisory Database
Blast Radius: 17.8
Published: 8 days ago
Low
GSA_kwCzR0hTQS05OXc2LTN4cGgtY3g3OM4ABBL2
Ansible-Core vulnerable to content protections bypass
Ecosystems: pypi
Packages: ansible-core
Source: GitHub Advisory Database
Blast Radius: 18.3
Published: 9 days ago
High
GSA_kwCzR0hTQS1wZ3JjLTh3cDUtNW12cc4ABBLa
powertac-server XML External Entity vulnerability
Ecosystems: maven
Packages: org.powertac:server-interface
Source: GitHub Advisory Database
Blast Radius: 8.9
Published: 9 days ago
Low
GSA_kwCzR0hTQS00aGpmLTZweHItNTQ5aM4ABBK9
Moodle Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 7.6
Published: 10 days ago
Low
GSA_kwCzR0hTQS1xOTl4LW1qbWgtdjh3N84ABBLL
Moodle's user/power level management inconsistent with suspended users
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 7.5
Published: 10 days ago
Low
GSA_kwCzR0hTQS12cHE1LTU2amotdmYybc4ABBLH
Moodle admin presets export tool includes some secrets that should not be exported
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 5.2
Published: 10 days ago
Low
GSA_kwCzR0hTQS03d21wLTJ4bXgtZzZoOM4ABBLI
Moodle authorization headers preserved between "emulated redirects"
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 7.5
Published: 10 days ago
Low
GSA_kwCzR0hTQS00Z3EyLXg1dzQtN2hwOM4ABBK8
Moodle has insufficient capability checks
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 7.5
Published: 10 days ago
Low
GSA_kwCzR0hTQS1qcGYyLTlwcHAtMmM0Oc4ABBLG
Moodle has insufficient access control
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 7.5
Published: 10 days ago
Low
GSA_kwCzR0hTQS1jNzY3LTR3aGgtdjdyd84ABBLJ
Moodle has user information visibility control issues in gradebook reports
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 7.5
Published: 10 days ago
Moderate
GSA_kwCzR0hTQS1mbXE2LTR3NTctMnczds4ABBGc
wasm3 uncontrolled memory allocation vulnerability
Ecosystems: cargo, pypi, swift
Packages: wasm3, pywasm3, github.com/shareup/wasm-interpreter-apple
Source: GitHub Advisory Database
Blast Radius: 8.6
Published: 12 days ago
High
GSA_kwCzR0hTQS1ncHBtLWhxM3AtaDRycM4ABBGS
Git credentials are exposed in Atlantis logs
Ecosystems: go
Packages: github.com/runatlantis/atlantis
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 12 days ago
High
GSA_kwCzR0hTQS1ncjNjLXE3eGYtNDd2aM4ABBGR
XXE vulnerability in XSLT parsing in `org.hl7.fhir.core`
Ecosystems: maven
Packages: ca.uhn.hapi.fhir:org.hl7.fhir.dstu2016may, ca.uhn.hapi.fhir:org.hl7.fhir.utilities, ca.uhn.hapi.fhir:org.hl7.fhir.r5, ca.uhn.hapi.fhir:org.hl7.fhir.r4b, ca.uhn.hapi.fhir:org.hl7.fhir.r4, ca.uhn.hapi.fhir:org.hl7.fhir.dstu3
Source: GitHub Advisory Database
Blast Radius: 16.8
Published: 12 days ago
Low
GSA_kwCzR0hTQS04bTI0LTNjZngtOWZqd84ABBGA
sp1 has insufficient observation of cumulative sum
Ecosystems: cargo
Packages: sp1-recursion-circuit
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 13 days ago
Low
GSA_kwCzR0hTQS1qODU3LTJwd20tamptbc4ABBF-
Apache Airflow vulnerable to Insertion of Sensitive Information Into Sent Data
Ecosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Blast Radius: 20.7
Published: 13 days ago
High
GSA_kwCzR0hTQS0zeGdxLTQ1amotdjI3Nc4ABBFi
Regular Expression Denial of Service (ReDoS) in cross-spawn
Ecosystems: npm
Packages: cross-spawn
Source: GitHub Advisory Database
Blast Radius: 47.1
Published: 13 days ago
High
GSA_kwCzR0hTQS02anJmLXJjamYtMjQ1cs4ABBEb
changedetection.io path traversal using file URI scheme without supplying hostname
Ecosystems: pypi
Packages: changedetection.io
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 13 days ago
Moderate
GSA_kwCzR0hTQS03bXI3LTRmNTQtdmN4Nc4ABBEa
HTTP Client uses incorrect token after refresh
Ecosystems: nuget
Packages: Duende.AccessTokenManagement.OpenIdConnect
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 13 days ago
High
GSA_kwCzR0hTQS1oZnE5LWhnZ20tYzU2cc4ABBEZ
XStream is vulnerable to a Denial of Service attack due to stack overflow from a manipulated binary input stream
Ecosystems: maven
Packages: com.thoughtworks.xstream:xstream
Source: GitHub Advisory Database
Blast Radius: 33.0
Published: 13 days ago
Moderate
GSA_kwCzR0hTQS0ydzV2LXgyOWctanc3as4ABBEY
Hashicorp Nomad Incorrect Authorization vulnerability
Ecosystems: go
Packages: github.com/hashicorp/nomad
Source: GitHub Advisory Database
Blast Radius: 17.8
Published: 13 days ago
High
GSA_kwCzR0hTQS0zbTl4LTJxZmoteHZxNM4ABBD1
PHPExcel XXE Vulnerability
Ecosystems: packagist
Packages: phpoffice/phpexcel
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 14 days ago
High
GSA_kwCzR0hTQS1xNzh2LWN2MzYtOGZ4as4ABBD0
Devtron has SQL Injection in CreateUser API
Ecosystems: go
Packages: github.com/devtron-labs/devtron
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 14 days ago
Critical
GSA_kwCzR0hTQS04OGg1LTZ3N20tNXc1Ns4ABBDz
jj vulnerable to path traversal via crafted Git repositories
Ecosystems: cargo
Packages: jj-lib
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 14 days ago
Low
GSA_kwCzR0hTQS00aHh3LWdjMnEtZjZmM84ABBDy
Filament has exported files stored in default (`public`) filesystem if not reconfigured
Ecosystems: packagist
Packages: filament/actions
Source: GitHub Advisory Database
Blast Radius: 2.4
Published: 14 days ago
High
GSA_kwCzR0hTQS12NmY0LXY4aDgtM2M4N84ABBDq
Moodle Remote Code Execution vulnerability
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 11.5
Published: 14 days ago
Moderate
GSA_kwCzR0hTQS1xcnF2LTI2Z2YteGd3aM4ABBDs
Moodle LFI vulnerability when restoring malformed block backups
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 10.6
Published: 14 days ago
Moderate
GSA_kwCzR0hTQS1wOWN4LWY1OTUtaDc5aM4ABBDu
Moodle's IDOR in Feedback non-respondents report allows messaging arbitrary site users
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 10.6
Published: 14 days ago
Moderate
GSA_kwCzR0hTQS12am1tLXI5Z2ctNDI1bc4ABBDo
Moodle has arbitrary file read risk through pdfTeX
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 10.6
Published: 14 days ago
Moderate
GSA_kwCzR0hTQS1teDI2LTYyeG0tMnA4M84ABBDv
Moodle vulnerable to site administration SQL injection via XMLDB editor
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 10.2
Published: 14 days ago
Moderate
GSA_kwCzR0hTQS13d2pmLWd3cnYtd2g0Nc4ABBDw
Moodle's IDOR in badges allows deletion of arbitrary badges
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 10.6
Published: 14 days ago
High
GSA_kwCzR0hTQS14ODdyLTM3cTUtbW1yOM4ABBDt
Moodle has CSRF risk in Feedback non-respondents report
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 11.5
Published: 14 days ago
Moderate
GSA_kwCzR0hTQS0ycjltLXdnMzUtcmZ2Y84ABBDp
Moodle vulnerable to cache poisoning via injection into storage
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 10.9
Published: 14 days ago
Moderate
GSA_kwCzR0hTQS14ODNtLXBmNmYtcGY5Z84ABBDG
hibernate-validator Cross-site Scripting vulnerability
Ecosystems: maven
Packages: org.hibernate.validator:hibernate-validator
Source: GitHub Advisory Database
Blast Radius: 27.5
Published: 14 days ago
Moderate
GSA_kwCzR0hTQS05N2NxLWY0am0tbXY4aM4ABBDL
Undertow Denial of Service vulnerability
Ecosystems: maven
Packages: io.undertow:undertow-core
Source: GitHub Advisory Database
Blast Radius: 27.9
Published: 14 days ago
High
GSA_kwCzR0hTQS03anFmLXYzNTgtcDhnN84ABBC1
Apache Tomcat Allocation of Resources Without Limits or Throttling vulnerability
Ecosystems: maven
Packages: org.apache.tomcat:tomcat-util
Source: GitHub Advisory Database
Blast Radius: 25.6
Published: 14 days ago
High
GSA_kwCzR0hTQS1wajMzLTc1eDUtMzJqNM4ABBCO
RabbitMQ HTTP API's queue deletion endpoint does not verify that the user has a required permission
Ecosystems: hex
Packages: rabbit_common
Source: GitHub Advisory Database
Blast Radius: 15.9
Published: 14 days ago
Low
GSA_kwCzR0hTQS1qanhxLWZmMmctOTV2aM4ABBCN
Twig has unguarded calls to `__isset()` and to array-accesses when the sandbox is enabled
Ecosystems: packagist
Packages: twig/twig
Source: GitHub Advisory Database
Blast Radius: 11.3
Published: 14 days ago
Low
GSA_kwCzR0hTQS02Mzc3LWhmdjktaHFmNs4ABBCM
Twig has unguarded calls to `__toString()` when nesting an object into an array
Ecosystems: packagist
Packages: twig/twig
Source: GitHub Advisory Database
Blast Radius: 11.3
Published: 14 days ago
Moderate
GSA_kwCzR0hTQS1odjZtLXFqNjUtMjZxM84ABBCA
UnoPim Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: unopim/unopim
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 15 days ago
Moderate
GSA_kwCzR0hTQS1yaG05LWdwNXAtNTI0OM4ABBBs
Gradio vulnerable to arbitrary file read with File and UploadButton components
Ecosystems: pypi
Packages: gradio
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 15 days ago
Critical
GSA_kwCzR0hTQS1mcG01LTJ3Y2otdmZyN84ABBBr
codechecker authentication method confusion vulnerability allows logging in as the built-in root user from an external service
Ecosystems: pypi
Packages: codechecker
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 15 days ago
Critical
GSA_kwCzR0hTQS1mM2Y4LXZ4M3ctaHA1cc4ABBBq
codechecker vulnerable to authentication bypass when using specifically crafted URLs
Ecosystems: pypi
Packages: codechecker
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 15 days ago
High
GSA_kwCzR0hTQS1wN212LTUzZjItNGN3as4ABBBp
CometBFT Vote Extensions: Panic when receiving a Pre-commit with an invalid data
Ecosystems: go
Packages: github.com/cometbft/cometbft
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 15 days ago
Critical
GSA_kwCzR0hTQS05Nmc3LWc3Zzktanh3OM4ABBBh
happy-dom allows for server side code to be executed by a <script> tag
Ecosystems: npm
Packages: happy-dom
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 15 days ago
High
GSA_kwCzR0hTQS1xcTVjLTY3N3AtNzM3cc4ABBBg
Symfony vulnerable to command execution hijack on Windows with Process class
Ecosystems: packagist
Packages: symfony/symfony, symfony/process
Source: GitHub Advisory Database
Blast Radius: 48.2
Published: 15 days ago
Low
GSA_kwCzR0hTQS1tcnF4LXJwM3ctanBqcM4ABBBf
Symfony vulnerable to open redirect via browser-sanitized URLs
Ecosystems: packagist
Packages: symfony/http-foundation
Source: GitHub Advisory Database
Blast Radius: 17.8
Published: 15 days ago
Low
GSA_kwCzR0hTQS1nM3JoLXJyaHAtamhoOc4ABBBe
Symfony has an incorrect response from Validator when input ends with `\n`
Ecosystems: packagist
Packages: symfony/validator, symfony/symfony
Source: GitHub Advisory Database
Blast Radius: 14.8
Published: 15 days ago
Low
GSA_kwCzR0hTQS05YzN4LXIzd3AtbWd4bc4ABBBd
Symfony allows internal address and port enumeration by NoPrivateNetworkHttpClient
Ecosystems: packagist
Packages: symfony/symfony, symfony/http-client
Source: GitHub Advisory Database
Blast Radius: 14.1
Published: 15 days ago
Low
GSA_kwCzR0hTQS1qeGdyLTN2N3EtM3c5ds4ABBBc
Symfony's `Security::login` does not take into account custom `user_checker`
Ecosystems: packagist
Packages: symfony/symfony, symfony/security-bundle
Source: GitHub Advisory Database
Blast Radius: 14.2
Published: 15 days ago
Moderate
GSA_kwCzR0hTQS14OHZwLWdmNHEtbXc1as4ABBBb
Symfony allows changing the environment through a query
Ecosystems: packagist
Packages: symfony/symfony, symfony/runtime
Source: GitHub Advisory Database
Blast Radius: 31.8
Published: 15 days ago
Moderate
GSA_kwCzR0hTQS0zMnA0LWdtMmMtd21jaM4ABBBX
ansible-core Incorrect Authorization vulnerability
Ecosystems: pypi
Packages: ansible-core
Source: GitHub Advisory Database
Blast Radius: 21.0
Published: 15 days ago
Low
GSA_kwCzR0hTQS1oeGY1LTk5eGctODZod84ABBAb
cap-std doesn't fully sandbox all the Windows device filenames
Ecosystems: cargo
Packages: cap-primitives, cap-async-std, cap-std
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 15 days ago
Low
GSA_kwCzR0hTQS1jMmY1LWp4anYtMmhoOM4ABBAa
Wasmtime doesn't fully sandbox all the Windows device filenames
Ecosystems: cargo
Packages: wasmtime
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 15 days ago
High
GSA_kwCzR0hTQS00Y2YyLWN4cDMtcmpyN84ABA_w
HAPI FHIR XML External Entity (XXE) vulnerability
Ecosystems: maven
Packages: ca.uhn.hapi.fhir:org.hl7.fhir.validation, ca.uhn.hapi.fhir:org.hl7.fhir.utilities, ca.uhn.hapi.fhir:org.hl7.fhir.r5, ca.uhn.hapi.fhir:org.hl7.fhir.r4b, ca.uhn.hapi.fhir:org.hl7.fhir.r4, ca.uhn.hapi.fhir:org.hl7.fhir.dstu3, ca.uhn.hapi.fhir:org.hl7.fhir.dstu2016may, ca.uhn.hapi.fhir:org.hl7.fhir.dstu2, ca.uhn.hapi.fhir:org.hl7.fhir.convertors
Source: GitHub Advisory Database
Blast Radius: 19.1
Published: 16 days ago
Low
GSA_kwCzR0hTQS12MnFoLWY1ODQtNmhqOM4ABA_S
@workos-inc/authkit-remix refresh tokens are logged when the debug flag is enabled
Ecosystems: npm
Packages: @workos-inc/authkit-remix
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 16 days ago
Low
GSA_kwCzR0hTQS01d21nLTljdmgtcXcyNc4ABA_R
@workos-inc/authkit-nextjs refresh tokens are logged when the debug flag is enabled
Ecosystems: npm
Packages: @workos-inc/authkit-nextjs
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 16 days ago
Low
GSA_kwCzR0hTQS04cG1wLTY3OHctYzh4eM4ABA-V
gitsign may use incorrect Rekor entries during verification
Ecosystems: go
Packages: github.com/sigstore/gitsign
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 16 days ago
Critical
GSA_kwCzR0hTQS13dnY3LXdtNXYtdzJnds4ABA-U
Osmedeus Web Server Vulnerable to Stored XSS, Leading to RCE
Ecosystems: go
Packages: github.com/j3ssie/osmedeus
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 16 days ago
Moderate
GSA_kwCzR0hTQS1jYzZ4LThjYzctOTk1M84ABA-T
OctoPrint has API key access in settings without reauthentication
Ecosystems: pypi
Packages: OctoPrint
Source: GitHub Advisory Database
Blast Radius: 4.1
Published: 16 days ago
Moderate
GSA_kwCzR0hTQS14dnhxLWc4aHctZng0Z84ABA-S
OctoPrint Vulnerable to Reflected XSS in Jinja2 Templates
Ecosystems: pypi
Packages: OctoPrint
Source: GitHub Advisory Database
Blast Radius: 4.3
Published: 16 days ago
Moderate
GSA_kwCzR0hTQS0zZ2Y5LXd2NjUtZ3doOc4ABA9G
gradio Server Side Request Forgery vulnerability
Ecosystems: pypi
Packages: gradio
Source: GitHub Advisory Database
Blast Radius: 26.5
Published: 16 days ago
Moderate
GSA_kwCzR0hTQS01cDVyLTU3ZngtcG1mcs4ABA9K
Langflow vulnerable to remote code execution
Ecosystems: pypi
Packages: langflow
Source: GitHub Advisory Database
Blast Radius: 10.2
Published: 16 days ago
Low
GSA_kwCzR0hTQS1naHg0LWNneHctN2g5cM4ABA9J
LocalAI Cross-site Scripting vulnerability
Ecosystems: go
Packages: github.com/mudler/LocalAI
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 16 days ago
High
GSA_kwCzR0hTQS02cDU1LXFyM2otbXBncc4ABA9H
AgentScope uses `eval`
Ecosystems: pypi
Packages: agentscope
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 16 days ago
Moderate
GSA_kwCzR0hTQS1nNXZ3LTNoNjUtMnEzds4ABA9F
Access control vulnerable to user data deletion by anonynmous users
Ecosystems: pypi
Packages: Zope, AccessControl
Source: GitHub Advisory Database
Blast Radius: 18.7
Published: 16 days ago
Critical
GSA_kwCzR0hTQS0zaHhnLWZ4d20tOGdmN84ABA9E
CRLF injection in Refit's [Header], [HeaderCollection] and [Authorize] attributes
Ecosystems: nuget
Packages: Refit
Source: GitHub Advisory Database
Blast Radius: 23.7
Published: 16 days ago
High
GSA_kwCzR0hTQS04MmozLWhmNzItN3g5M84ABA9D
Reposilite vulnerable to path traversal while serving javadoc expanded files (arbitrary file read) (`GHSL-2024-074`)
Ecosystems: maven
Packages: com.reposilite:reposilite-backend
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 16 days ago
Low
GSA_kwCzR0hTQS0yOXd4LXZoMzMtN3g3cs4ABA9C
Bad documentation of error handling in ParseWithClaims can lead to potentially dangerous situations
Ecosystems: go
Packages: github.com/golang-jwt/jwt/v4
Source: GitHub Advisory Database
Blast Radius: 13.5
Published: 16 days ago
Moderate
GSA_kwCzR0hTQS03dm02LXF3aDUtOXg0NM4ABA9B
loona-hpack Panic Vulnerability
Ecosystems: cargo
Packages: loona-hpack
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 16 days ago
High
GSA_kwCzR0hTQS1yN212LW12N20tcGp3M84ABA8y
hornetq vulnerable to file overwrite, sensitive information disclosure
Ecosystems: maven
Packages: org.hornetq:hornetq-core-client
Source: GitHub Advisory Database
Blast Radius: 22.5
Published: 17 days ago
High
GSA_kwCzR0hTQS03NTJxLTcycWMtcmM2Ns4ABA7n
Apache Kylin Session Fixation vulnerability
Ecosystems: maven
Packages: org.apache.kylin:kylin
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 17 days ago
Moderate
GSA_kwCzR0hTQS1xM3JwLXZ2bTctajhqZ84ABA7y
Safearchive Path Traversal vulnerability
Ecosystems: go
Packages: github.com/google/safearchive
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 17 days ago
Low
GSA_kwCzR0hTQS00Z21xLW05dnAtanJ3Z84ABA7d
Umbraco CMS Cross-site Scripting vulnerability
Ecosystems: nuget
Packages: Umbraco.Cms.Core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 17 days ago
Moderate
GSA_kwCzR0hTQS1jd2dnLTU3eGotZzc3cs4ABA6Q
changedetection.io Path Traversal
Ecosystems: pypi
Packages: changedetection.io
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 19 days ago
High
GSA_kwCzR0hTQS1xbTkyLTkzZnYtdmg3bc4ABA6P
Path traversal in oak allows transfer of hidden files within the served root directory
Ecosystems: npm
Packages: @oakserver/oak
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 19 days ago
Moderate
GSA_kwCzR0hTQS1oeHgyLTd2Y3ctbXFyM84ABA2z
Sinatra vulnerable to Reliance on Untrusted Inputs in a Security Decision
Ecosystems: rubygems
Packages: sinatra
Source: GitHub Advisory Database
Blast Radius: 27.9
Published: 20 days ago
High
GSA_kwCzR0hTQS02aDh3LWhyZnAtcGZmeM4ABA2e
Plenti arbitrary file deletion vulnerability
Ecosystems: go
Packages: github.com/plentico/plenti
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 20 days ago
High
GSA_kwCzR0hTQS0ycDk2LXA3cWgtNHJncs4ABA2d
Plenti arbitrary file write vulnerability
Ecosystems: go
Packages: github.com/plentico/plenti
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 20 days ago
High
GSA_kwCzR0hTQS05NWoyLXc4eDctaG04OM4ABA2Z
Ollama Out-of-bounds Read
Ecosystems: go
Packages: github.com/ollama/ollama
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 20 days ago
Moderate
GSA_kwCzR0hTQS1oaGh2LWdnangtcTlqMs4ABA2O
Glossarizer Cross-site Scripting vulnerability
Ecosystems: npm
Packages: glossarizer
Source: GitHub Advisory Database
Blast Radius: 3.7
Published: 20 days ago
Moderate
GSA_kwCzR0hTQS1jcGg1LTNwZ3ItYzgyZ84ABA2F
Gnark out-of-memory during deserialization with crafted inputs
Ecosystems: go
Packages: github.com/consensys/gnark
Source: GitHub Advisory Database
Blast Radius: 10.4
Published: 20 days ago
High
GSA_kwCzR0hTQS1nMjMzLTJwNHItM3E3ds4ABA2E
Hashicorp Vault vulnerable to denial of service through memory exhaustion
Ecosystems: go
Packages: github.com/hashicorp/vault
Source: GitHub Advisory Database
Blast Radius: 25.2
Published: 21 days ago
High
GSA_kwCzR0hTQS1wZnJyLXh2cmYtcHhqeM4ABA1_
Laravel Reverb Missing API Signature Verification
Ecosystems: packagist
Packages: laravel/reverb
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 21 days ago
High
GSA_kwCzR0hTQS00ZnZ4LWg4MjMtMzh2M84ABA1-
YesWiki Uses a Broken or Risky Cryptographic Algorithm
Ecosystems: packagist
Packages: yeswiki/yeswiki
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 21 days ago
High
GSA_kwCzR0hTQS01Nm02LTRtaHctaDNnNc4ABA19
langflow has vulnerability in PythonCodeTool component
Ecosystems: pypi
Packages: langflow
Source: GitHub Advisory Database
Blast Radius: 10.2
Published: 21 days ago
Critical
GSA_kwCzR0hTQS1wM3ZmLXY4cWMtY3djcs4ABA13
DOMPurify vulnerable to tampering by prototype polution
Ecosystems: npm
Packages: dompurify
Source: GitHub Advisory Database
Blast Radius: 43.3
Published: 21 days ago
High
GSA_kwCzR0hTQS0ycXc4LXBwcjUtbTk2Y84ABA1x
Apache Lucene.Net.Replicator Deserialization of Untrusted Data vulnerability
Ecosystems: nuget
Packages: Lucene.Net.Replicator
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 21 days ago
High
GSA_kwCzR0hTQS1mcTltLXYyNnYtMm00Zs4ABA1p
lilconfig Code Injection vulnerability
Ecosystems: npm
Packages: lilconfig
Source: GitHub Advisory Database
Blast Radius: 53.6
Published: 21 days ago
High
GSA_kwCzR0hTQS1tY3czLWg1eGctcjk1bc4ABA1i
JeecgBoot SQL Injection vulnerability
Ecosystems: maven
Packages: org.jeecgframework.boot:jeecg-boot-parent
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 21 days ago
Moderate
GSA_kwCzR0hTQS01YzR3LThoaGgtM2MzaM4ABA1Z
Hashicorp Consul Improper Neutralization of HTTP Headers for Scripting Syntax vulnerability
Ecosystems: go
Packages: github.com/hashicorp/consul
Source: GitHub Advisory Database
Blast Radius: 28.9
Published: 21 days ago
Moderate
GSA_kwCzR0hTQS05OXdyLWMycHgtZ3JtaM4ABA1X
Hashicorp Consul Cross-site Scripting vulnerability
Ecosystems: go
Packages: github.com/hashicorp/consul
Source: GitHub Advisory Database
Blast Radius: 21.2
Published: 21 days ago
High
GSA_kwCzR0hTQS1jaGdtLTdyNTItd2hqas4ABA1Y
Hashicorp Consul Path Traversal vulnerability
Ecosystems: go
Packages: github.com/hashicorp/consul
Source: GitHub Advisory Database
Blast Radius: 28.2
Published: 21 days ago
High
GSA_kwCzR0hTQS1wamh4LWo1M3AtYzVmNc4ABA1L
ThinkPHP deserialization vulnerability
Ecosystems: packagist
Packages: topthink/thinkphp
Source: GitHub Advisory Database
Blast Radius: 10.2
Published: 21 days ago
Moderate
GSA_kwCzR0hTQS0yNG1jLWdjNTItNDdqds4ABA0e
ICG.AspNetCore.Utilities.CloudStorage's Secure Token Durations Different Than Expected
Ecosystems: nuget
Packages: ICG.AspNetCore.Utilities.CloudStorage
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 22 days ago
Statistics
Advisories: 20,668
Packages: 9,040
Repositories: 5,530
Ecosystems: 12
Filter by Severity
Moderate 8,836 High 7,269 Critical 3,070 Low 1,144
Filter by Ecosystem
maven 5,864 packagist 4,634 pypi 4,352 npm 3,812 go 2,295 nuget 1,552 cargo 882 rubygems 880 swift 33 hex 32 actions 20 pub 9
Filter by Package
tensorflow 433 tensorflow-gpu 427 tensorflow-cpu 423 moodle/moodle 367 Microsoft.ChakraCore 247 magento/community-edition 235 org.jenkins-ci.main:jenkins-core 193 typo3/cms 174 org.apache.tomcat:tomcat 132 pimcore/pimcore 118 dolibarr/dolibarr 113 typo3/cms-core 106 Django 100 microweber/microweber 94 phpmyadmin/phpmyadmin 92 drupal/core 92 silverstripe/framework 85 apache-airflow 85 drupal/drupal 78 librenms/librenms 74 Plone 72 thorsten/phpmyfaq 70 symfony/symfony 69 com.fasterxml.jackson.core:jackson-databind 69 github.com/usememos/memos 64 ansible 63 github.com/mattermost/mattermost/server/v8 61 actionpack 60 concrete5/concrete5 60 salt 56 org.apache.struts:struts2-core 55 shopware/platform 52 org.keycloak:keycloak-core 51 apache-superset 51 github.com/grafana/grafana 49 nova 47 baserproject/basercms 47 craftcms/cms 46 mlflow 46 com.liferay.portal:release.portal.bom 46 django 44 nokogiri 43 rdiffweb 42 plone 41 shopware/core 40 showdoc/showdoc 40 intelliants/subrion 39 org.apache.tomcat.embed:tomcat-embed-core 38 github.com/rancher/rancher 38 froxlor/froxlor 38 vyper 38 github.com/mattermost/mattermost-server/v6 37 nilsteampassnet/teampass 37 mautic/core 37 com.thoughtworks.xstream:xstream 37 github.com/hashicorp/vault 37 org.xwiki.platform:xwiki-platform-oldcore 37 org.keycloak:keycloak-services 36 com.jfinal:jfinal 36 org.elasticsearch:elasticsearch 36 moin 35 net.mingsoft:ms-mcms 35 matrix-synapse 35 snipe/snipe-it 35 k8s.io/kubernetes 35 github.com/answerdev/answer 34 zendframework/zendframework1 34 gradio 34 io.undertow:undertow-core 34 org.jenkins-ci.plugins:script-security 33 parse-server 31 opencv-python 31 opencv-contrib-python 31 Pillow 31 github.com/argoproj/argo-cd 31 keystone 31 shopware/shopware 30 github.com/docker/docker 29 github.com/hashicorp/consul 29 getgrav/grav 29 github.com/hashicorp/nomad 28 mediawiki/core 28 github.com/argoproj/argo-cd/v2 27 centreon/centreon 27 openssl-src 26 pillow 26 electron 26 prestashop/prestashop 26 directus 26 org.keycloak:keycloak-parent 25 rubygems-update 25 github.com/cilium/cilium 25 gogs.io/gogs 25 org.apache.solr:solr-core 25 magento/core 24 contao/core-bundle 24 org.springframework.security:spring-security-core 24 org.eclipse.jetty:jetty-server 24 puppet 23 remdex/livehelperchat 23 grumpydictator/firefly-iii 23 rack 23 pocketmine/pocketmine-mp 23 zendframework/zendframework 23 simplesamlphp/simplesamlphp 23 ckb 22 getkirby/cms 22 org.bouncycastle:bcprov-jdk14 22 tribalsystems/zenario 22 @openzeppelin/contracts-upgradeable 21 org.apache.openmeetings:openmeetings-parent 21 activerecord 21 Microsoft.AspNetCore.App.Runtime.win-x86 21 Microsoft.AspNetCore.App.Runtime.win-x64 21 org.apache.nifi:nifi 21 code.gitea.io/gitea 20 github.com/ethereum/go-ethereum 20 laravel/framework 20 Microsoft.AspNetCore.App.Runtime.win-arm 20 funadmin/funadmin 20 glance 20 org.cloudfoundry.identity:cloudfoundry-identity-server 20 @openzeppelin/contracts 20 langchain 20 github.com/goharbor/harbor 19 contao/contao 19 wasmtime 19 DotNetNuke.Core 19 org.springframework:spring-core 19 org.xwiki.platform:xwiki-platform-web-templates 19 Microsoft.AspNetCore.App.Runtime.linux-musl-x64 18 Microsoft.AspNetCore.App.Runtime.linux-arm 18 com.vaadin:vaadin-bom 18 cockpit-hq/cockpit 18 Microsoft.AspNetCore.App.Runtime.linux-arm64 18 mercurial 18 topthink/framework 18 forkcms/forkcms 18 com.liferay.portal:release.dxp.bom 18 next 18 golang.org/x/net 18 mindsdb 18 Microsoft.AspNetCore.App.Runtime.osx-x64 18 Microsoft.AspNetCore.App.Runtime.linux-x64 18 cobbler 18 Microsoft.AspNetCore.App.Runtime.win-arm64 18 github.com/traefik/traefik/v2 18 cakephp/cakephp 17 ezsystems/ezpublish-kernel 17 notebook 17 org.apache.geode:geode-core 17 helm.sh/helm/v3 17 genix/cms 17 symfony/security 17 opencart/opencart 17 francoisjacquet/rosariosis 17 Microsoft.AspNetCore.App.Runtime.linux-musl-arm64 17 typo3/cms-backend 16 PaddlePaddle 16 cryptography 16 sequelize 16 org.apache.jspwiki:jspwiki-main 16 openmage/magento-lts 16 tinymce 16 org.bouncycastle:bcprov-jdk15 16 paddlepaddle 16 yetiforce/yetiforce-crm 16 neutron 16 github.com/zitadel/zitadel 16 org.apache.activemq:activemq-client 16 rusqlite 16 org.apache.dubbo:dubbo 16 pyload-ng 16 phpbb/phpbb 16 october/system 15 ckeditor4 15 ethyca-fides 15 symfony/security-http 15 smarty/smarty 15 ec-cube/ec-cube 15 calibreweb 15 ghost 15 OctoPrint 15 org.apache.struts.xwork:xwork-core 15 github.com/containerd/containerd 14 bolt/bolt 14 silverstripe/cms 14 pyftpdlib 14 phpmailer/phpmailer 14 dompdf/dompdf 14 org.xwiki.platform:xwiki-platform-web 14 feehi/cms 14 swagger-ui 14 camaleon_cms 14 org.apache.inlong:manager-pojo 14 org.apache.tomcat:tomcat-coyote 14 activesupport 14 lollms 14 publify_core 14 modoboa 14
Filter by Repository
https://github.com/tensorflow/tensorflow 433 https://github.com/moodle/moodle 218 https://github.com/chakra-core/ChakraCore 214 https://github.com/xwiki/xwiki-platform 183 https://github.com/jenkinsci/jenkins 150 https://github.com/pimcore/pimcore 113 https://github.com/django/django 113 https://github.com/apache/tomcat 101 https://github.com/apache/airflow 100 https://github.com/microweber/microweber 88 https://github.com/keycloak/keycloak 74 https://github.com/TYPO3/typo3 74 https://github.com/FasterXML/jackson-databind 70 https://github.com/thorsten/phpmyfaq 69 https://github.com/librenms/librenms 66 https://github.com/silverstripe/silverstripe-framework 64 https://github.com/symfony/symfony 64 https://github.com/usememos/memos 64 https://github.com/rails/rails 59 https://github.com/ansible/ansible 58 https://github.com/Dolibarr/dolibarr 56 https://github.com/kubernetes/kubernetes 52 https://github.com/python-pillow/Pillow 52 https://github.com/apache/struts 46 https://github.com/spring-projects/spring-framework 45 https://github.com/shopware/platform 43 https://github.com/ikus060/rdiffweb 42 https://github.com/argoproj/argo-cd 42 https://github.com/grafana/grafana 41 https://github.com/concretecms/concretecms 41 https://github.com/phpmyadmin/phpmyadmin 38 https://github.com/star7th/showdoc 38 https://github.com/magento/magento2 38 https://github.com/vyperlang/vyper 38 https://github.com/x-stream/xstream 37 https://github.com/openstack/nova 37 https://github.com/plone/Products.CMFPlone 37 https://github.com/mautic/mautic 35 https://github.com/octobercms/october 35 https://github.com/answerdev/answer 34 https://github.com/saltstack/salt 34 https://github.com/rancher/rancher 34 https://github.com/craftcms/cms 34 https://github.com/apache/activemq 33 https://github.com/dotnet/runtime 33 https://github.com/go-gitea/gitea 32 https://github.com/matrix-org/synapse 32 https://github.com/opencv/opencv 32 https://github.com/sparklemotion/nokogiri 32 https://github.com/parse-community/parse-server 31 https://github.com/PaddlePaddle/Paddle 31 https://github.com/gradio-app/gradio 31 https://github.com/snipe/snipe-it 30 https://github.com/mlflow/mlflow 30 https://github.com/openstack/keystone 28 https://github.com/CVEProject/cvelist 28 https://github.com/shopware/shopware 28 https://github.com/apache/inlong 27 https://github.com/froxlor/froxlor 26 https://github.com/baserproject/basercms 26 https://github.com/directus/directus 25 https://github.com/github/advisory-database 25 https://github.com/contao/contao 25 https://github.com/cilium/cilium 25 https://github.com/umbraco/Umbraco-CMS 25 https://github.com/electron/electron 25 https://github.com/TYPO3/TYPO3.CMS 24 https://github.com/getgrav/grav 24 https://github.com/gogs/gogs 24 https://github.com/strapi/strapi 24 https://github.com/eclipse/jetty.project 23 https://github.com/firefly-iii/firefly-iii 23 https://github.com/livehelperchat/livehelperchat 23 https://github.com/apache/nifi 23 https://github.com/pmmp/PocketMine-MP 23 https://github.com/langchain-ai/langchain 22 https://github.com/nervosnetwork/ckb 22 https://github.com/PrestaShop/PrestaShop 22 https://github.com/hashicorp/consul 22 https://github.com/apache/cxf 21 https://github.com/jenkinsci/script-security-plugin 21 https://github.com/netty/netty 21 https://github.com/OpenNMS/opennms 20 https://github.com/jeecgboot/jeecg-boot 20 https://github.com/funadmin/funadmin 20 https://github.com/simplesamlphp/simplesamlphp 20 https://github.com/bytecodealliance/wasmtime 20 https://github.com/OpenZeppelin/openzeppelin-contracts 20 https://github.com/undertow-io/undertow 20 https://github.com/zitadel/zitadel 19 https://github.com/getkirby/kirby 19 https://github.com/cloudfoundry/uaa 19 https://github.com/goharbor/harbor 19 https://github.com/nilsteampassnet/teampass 19 https://github.com/bcgit/bc-java 19 https://github.com/rack/rack 18 https://github.com/helm/helm 18 https://github.com/nilsteampassnet/TeamPass 18 https://github.com/geoserver/geoserver 18 https://github.com/traefik/traefik 18 https://github.com/rubygems/rubygems 18 https://github.com/intelliants/subrion 18 https://github.com/vaadin/platform 17 https://github.com/mindsdb/mindsdb 17 https://github.com/opencast/opencast 17 https://github.com/liufee/cms 17 https://github.com/moby/moby 17 https://github.com/hashicorp/vault 17 https://github.com/rusqlite/rusqlite 16 https://github.com/TYPO3-CMS/core 16 https://github.com/forkcms/forkcms 16 https://github.com/laravel/framework 16 https://github.com/mattermost/mattermost 16 https://github.com/yetiforcecompany/yetiforcecrm 16 https://github.com/ethereum/go-ethereum 16 https://github.com/OpenMage/magento-lts 16 https://github.com/backstage/backstage 16 https://github.com/etcd-io/etcd 16 https://github.com/pyload/pyload 16 https://github.com/tinymce/tinymce 16 https://github.com/sequelize/sequelize 16 https://github.com/centreon/centreon 15 https://github.com/PHPMailer/PHPMailer 15 https://github.com/vantage6/vantage6 15 https://github.com/pyca/cryptography 15 https://github.com/puppetlabs/puppet 15 https://github.com/apache/camel 15 https://github.com/denoland/deno 15 https://github.com/ethyca/fides 15 https://github.com/zendframework/zendframework 15 https://github.com/cobbler/cobbler 15 https://github.com/decidim/decidim 15 https://github.com/dompdf/dompdf 15 https://github.com/ckeditor/ckeditor4 14 https://github.com/dotnet/aspnetcore 14 https://github.com/vercel/next.js 14 https://github.com/hashicorp/nomad 14 https://github.com/aio-libs/aiohttp 14 https://github.com/janeczku/calibre-web 14 https://github.com/xuxueli/xxl-job 14 https://github.com/twisted/twisted 14 https://github.com/cockpit-hq/cockpit 14 https://github.com/containerd/containerd 14 https://github.com/OPCFoundation/UA-.NETStandard 13 https://github.com/dromara/hutool 13 https://github.com/OpenRefine/OpenRefine 13 https://github.com/TryGhost/Ghost 13 https://github.com/ming-soft/MCMS 13 https://github.com/quarkusio/quarkus 13 https://github.com/golang/go 13 https://github.com/modoboa/modoboa 13 https://github.com/nodejs/undici 13 https://github.com/swagger-api/swagger-ui 13 https://github.com/apache/dolphinscheduler 13 https://github.com/publify/publify 13 https://github.com/laurent22/joplin 13 https://github.com/PHPOffice/PhpSpreadsheet 12 https://github.com/containers/podman 12 https://github.com/wagtail/wagtail 12 https://github.com/1Panel-dev/1Panel 12 https://github.com/urllib3/urllib3 12 https://github.com/surrealdb/surrealdb 12 https://github.com/centreon/centreon-archived 12 https://github.com/smarty-php/smarty 12 https://github.com/pimcore/admin-ui-classic-bundle 12 https://github.com/openfga/openfga 12 https://github.com/apache/kylin 12 https://github.com/patriksimek/vm2 12 https://github.com/opencontainers/runc 12 https://github.com/puma/puma 12 https://github.com/dpgaspar/Flask-AppBuilder 11 https://github.com/thorsten/phpMyFAQ 11 https://github.com/pomerium/pomerium 11 https://github.com/nats-io/nats-server 11 https://github.com/drupal/core 11 https://github.com/openstack/glance 11 https://github.com/cakephp/cakephp 11 https://github.com/dolibarr/dolibarr 11 https://github.com/NodeBB/NodeBB 11 https://github.com/vaadin/flow 11 https://github.com/zenml-io/zenml 11 https://github.com/WWBN/AVideo 11 https://github.com/spring-projects/spring-security 11 https://github.com/ezsystems/ezpublish-kernel 11 https://github.com/cloudflare/cfrpki 11 https://github.com/Studio-42/elFinder 11 https://github.com/top-think/framework 11 https://github.com/Pylons/waitress 11 https://github.com/onionshare/onionshare 11 https://github.com/Sylius/Sylius 11 https://github.com/owen2345/camaleon-cms 11 https://github.com/matrix-org/matrix-js-sdk 11 https://github.com/igniterealtime/Openfire 11 https://github.com/yiisoft/yii2 11 https://github.com/scrapy/scrapy 11 https://github.com/nextauthjs/next-auth 10 https://github.com/jquery/jquery 10 https://github.com/getsentry/sentry 10 https://github.com/DSpace/DSpace 10