Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Advisories

Loading...
Critical
GSA_kwCzR0hTQS1nNW1qLWMyNmctdm1wbc4AAxJx
XML Entity Expansion in Jenkins TestComplete support Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:TestComplete
Source: GitHub Advisory Database
Published: 9 days ago
High
GSA_kwCzR0hTQS05Nmp2LWM3bTYtcTQzZ84AAxJs
Cross-site request forgery vulnerability in Jenkins OpenID Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:openid
Source: GitHub Advisory Database
Published: 9 days ago
Moderate
GSA_kwCzR0hTQS1oY3ZmLXBmcm0tanhnZs4AAxJt
Cisco Spark Notifier Jenkins Plugin contains Missing Authorization
Ecosystems: maven
Packages: org.jenkins-ci.plugins:cisco-spark-notifier-plugin
Source: GitHub Advisory Database
Published: 9 days ago
Moderate
GSA_kwCzR0hTQS1tNnE4LW13ZjYtNm1tY84AAxJU
CSRF vulnerability in Jenkins GitHub Pull Request Builder Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:ghprb
Source: GitHub Advisory Database
Published: 9 days ago
High
GSA_kwCzR0hTQS05OTYzLWdtaDgtdnZtNs4AAxJN
Session fixation vulnerability in Jenkins Keycloak Authentication Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:keycloak
Source: GitHub Advisory Database
Published: 9 days ago
High
GSA_kwCzR0hTQS1weDJmLWNxcmYtZjJxZ84AAxJO
CSRF vulnerability in Jenkins TestQuality Updater Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:testquality-updater
Source: GitHub Advisory Database
Published: 9 days ago
Moderate
GSA_kwCzR0hTQS1jY2Y0LTloamMteHhjNM4AAxJz
Missing permission check in Jenkins GitHub Pull Request Builder Plugin allows enumerating credentials IDs
Ecosystems: maven
Packages: org.jenkins-ci.plugins:ghprb
Source: GitHub Advisory Database
Published: 9 days ago
Moderate
GSA_kwCzR0hTQS05d3JyLTRyOXYtMjZ4Y84AAxJe
CSRF vulnerability in Jenkins Keycloak Authentication Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:keycloak
Source: GitHub Advisory Database
Published: 9 days ago
Moderate
GSA_kwCzR0hTQS02N3c0LXc4NzctanYyOc4AAxJq
Missing permission check in Jenkins BearyChat Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:bearychat
Source: GitHub Advisory Database
Published: 9 days ago
High
GSA_kwCzR0hTQS01eGhoLTZ4ZnYtN3E0Ms4AAxJi
Cross-site request forgery vulnerability in Jenkins BearyChat Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:bearychat
Source: GitHub Advisory Database
Published: 9 days ago
High
GSA_kwCzR0hTQS1nM2o1LW1wcDItMmZxbc4AAxJJ
symfont/process typosquatting malware spoofs symfony/process
Ecosystems: packagist
Packages: symfont/process
Source: GitHub Advisory Database
Published: 10 days ago
Moderate
GSA_kwCzR0hTQS0zdzl3LTk4MzMtZ2Nwds4AAxJI
Security bug in ConvertToSinglePlane when used with untrusted content from the DDS loader
Ecosystems: nuget
Packages: directxtex_uwp, directxtex_desktop_win10, directxtex_desktop_2019, directxtex_desktop_2017
Source: GitHub Advisory Database
Published: 10 days ago
Moderate
GSA_kwCzR0hTQS1yM2M5LTlqNXEtcHd2NM4AAxJH
magento-lts Reset Password not protected against well-timed CSRF
Ecosystems: packagist
Packages: openmage/magento-lts
Source: GitHub Advisory Database
Published: 10 days ago
Critical
GSA_kwCzR0hTQS1xOWhyLWo0cmYtOGZqY84AAxJD
JWT audience claim is not verified
Ecosystems: go
Packages: github.com/argoproj/argo-cd
Source: GitHub Advisory Database
Published: 10 days ago
High
GSA_kwCzR0hTQS1xcmc3LWhmeDctOTVjNc4AAxJC
Command injection in Git package in Wrangler
Ecosystems: go
Packages: github.com/rancher/wrangler, rancher/github.com/rancher/wrangler
Source: GitHub Advisory Database
Published: 11 days ago
Moderate
GSA_kwCzR0hTQS04ZmNqLWdmNzctNDdtZ84AAxJB
Denial of service (DoS) when processing Git credentials
Ecosystems: go
Packages: github.com/rancher/wrangler
Source: GitHub Advisory Database
Published: 11 days ago
High
GSA_kwCzR0hTQS02cDRtLWh3MmgtNmdtd84AAxJA
Controller reconciles apps outside configured namespaces when sharding is enabled
Ecosystems: go
Packages: github.com/argoproj/argo-cd
Source: GitHub Advisory Database
Published: 11 days ago
High
GSA_kwCzR0hTQS1jNDVjLTM5ZjYtNmd3Oc4AAxI_
Rancher generated tokens not revoked after modifications made to authentication provider
Ecosystems: go
Packages: github.com/rancher/rancher
Source: GitHub Advisory Database
Published: 11 days ago
Critical
GSA_kwCzR0hTQS1jcTRwLXZwNXEtNDUyMs4AAxI-
Plaintext storage of sensitive data in Rancher API and cluster.management.cattle.io objects
Ecosystems: go
Packages: github.com/rancher/rancher
Source: GitHub Advisory Database
Published: 11 days ago
High
GSA_kwCzR0hTQS0zNHA1LWpwNzctZmNyY84AAxI9
Command injection in Rancher Git package
Ecosystems: go
Packages: github.com/rancher/rancher
Source: GitHub Advisory Database
Published: 11 days ago
High
GSA_kwCzR0hTQS1nMjVyLWd2cTMtd3JxN84AAxI8
Authenticated user can gain unauthorized shell pod and kubectl access in the local cluster
Ecosystems: go
Packages: github.com/rancher/rancher
Source: GitHub Advisory Database
Published: 11 days ago
High
GSA_kwCzR0hTQS03bTcyLW1oNXItNmozcs4AAxI7
Privilege escalation in project role template binding (PRTB) and -promoted roles
Ecosystems: go
Packages: github.com/rancher/rancher
Source: GitHub Advisory Database
Published: 11 days ago
High
GSA_kwCzR0hTQS04YzY5LXIzOGotcnBmas4AAxI6
Rancher cattle-token is predictable
Ecosystems: go
Packages: github.com/rancher/rancher
Source: GitHub Advisory Database
Published: 11 days ago
Moderate
GSA_kwCzR0hTQS12M2NnLTdyOWgtcjJnNs4AAxIz
Field-level security issue with .keyword fields in OpenSearch
Ecosystems: maven
Packages: org.opensearch:opensearch
Source: GitHub Advisory Database
Published: 11 days ago
Moderate
GSA_kwCzR0hTQS04NjR2LTZxajctNjJxas4AAxIy
Issue with whitespace in JWT roles in OpenSearch
Ecosystems: maven
Packages: org.opensearch:opensearch
Source: GitHub Advisory Database
Published: 11 days ago
Moderate
GSA_kwCzR0hTQS02MzZmLXhtNWotcGo5bc4AAxIx
Several quadratic complexity bugs may lead to denial of service in Commonmarker
Ecosystems: rubygems
Packages: commonmarker
Source: GitHub Advisory Database
Published: 12 days ago
High
GSA_kwCzR0hTQS1maGc3LW04OXEtMjVyM84AAxIw
ReDoS Vulnerability in ua-parser-js version
Ecosystems: npm
Packages: ua-parser-js
Source: GitHub Advisory Database
Published: 12 days ago
Critical
GSA_kwCzR0hTQS1qcWg2LTk1NzQtNXgyMs4AAxIl
MITM based Zip Slip in `ca.uhn.hapi.fhir:org.hl7.fhir.core`
Ecosystems: maven
Packages: ca.uhn.hapi.fhir:org.hl7.fhir.core
Source: GitHub Advisory Database
Published: 12 days ago
Moderate
GSA_kwCzR0hTQS1xNzY0LWc2Zm0tNTU1ds4AAxIk
Path traversal in spotipy
Ecosystems: pypi
Packages: spotipy
Source: GitHub Advisory Database
Published: 12 days ago
Critical
GSA_kwCzR0hTQS14cjh4LXB4bTYtcHJqZ84AAxIj
MITM based Zip Slip in `org.hl7.fhir.publisher:org.hl7.fhir.publisher`
Ecosystems: maven
Packages: org.hl7.fhir.publisher:org.hl7.fhir.publisher
Source: GitHub Advisory Database
Published: 12 days ago
Moderate
GSA_kwCzR0hTQS05YzY0LXgzY3gtdmdtbc4AAxIH
Cross-Site Request Forgery in modoboa
Ecosystems: pypi
Packages: modoboa
Source: GitHub Advisory Database
Published: 13 days ago
Moderate
GSA_kwCzR0hTQS0yeDQ4LXA2Y3EtNXhjd84AAxHY
Path Traversal in github.com/go-sonic/sonic
Ecosystems: go
Packages: github.com/go-sonic/sonic
Source: GitHub Advisory Database
Published: 13 days ago
Moderate
GSA_kwCzR0hTQS02am14LXB2Nzctd201d84AAxHU
Excessive Attack Surface in pyload-ng
Ecosystems: pypi
Packages: pyload-ng
Source: GitHub Advisory Database
Published: 13 days ago
Moderate
GSA_kwCzR0hTQS14OXZjLTVxNzctbTd4NM4AAxHP
Improper Input Validation in pyload-ng
Ecosystems: pypi
Packages: pyload-ng
Source: GitHub Advisory Database
Published: 14 days ago
Critical
GSA_kwCzR0hTQS1jNzMyLXh2djgtZzk0Y84AAxHL
Command Injection in Apache Airflow and Apache Airflow MySQL Provider
Ecosystems: pypi
Packages: apache-airflow-providers-mysql, apache-airflow
Source: GitHub Advisory Database
Published: 15 days ago
High
GSA_kwCzR0hTQS0zbXBnLXEyNmotODNqNc4AAxHH
Command injection in yiisoft/yii2-gii
Ecosystems: packagist
Packages: yiisoft/yii2-gii
Source: GitHub Advisory Database
Published: 15 days ago
Moderate
GSA_kwCzR0hTQS1tNGNoLXJmdjUteDVnM84AAxHC
git2-rs fails to verify SSH keys by default
Ecosystems: cargo
Packages: git2, libgit2-sys
Source: GitHub Advisory Database
Published: 15 days ago
Moderate
GSA_kwCzR0hTQS14d2hqLXBxY2ctOHJjcs4AAxHB
CakePHP vulnerable to Cross-site Scripting in some development error pages
Ecosystems: packagist
Packages: cakephp/cakephp
Source: GitHub Advisory Database
Published: 15 days ago
Moderate
GSA_kwCzR0hTQS1wNzZmLXdyMjItNHJ2Ns4AAxHA
CakePHP vulnerable to Remote File Inclusion through View template name manipulation
Ecosystems: packagist
Packages: cakephp/cakephp
Source: GitHub Advisory Database
Published: 15 days ago
Moderate
GSA_kwCzR0hTQS02aGc0LXZwNXEtNDdtd84AAxG_
CakePHP allows direct access of prefixed controller actions
Ecosystems: packagist
Packages: cakephp/cakephp
Source: GitHub Advisory Database
Published: 15 days ago
High
GSA_kwCzR0hTQS1xNzltLWM1NDYtMmc2M84AAxG-
CakePHP vulnerable to Denial of Service attack through XML payloads
Ecosystems: packagist
Packages: cakephp/cakephp
Source: GitHub Advisory Database
Published: 15 days ago
Moderate
GSA_kwCzR0hTQS1qOXEyLWY5cTctamhncc4AAxG9
CakePHP SecurityComponent cross form submission issue
Ecosystems: packagist
Packages: cakephp/cakephp
Source: GitHub Advisory Database
Published: 15 days ago
Moderate
GSA_kwCzR0hTQS00Nmg3LXZqN3gtZnhnMs4AAxG8
Shopware has Improper Input Validation issue in newsletter subscription
Ecosystems: packagist
Packages: shopware/core, shopware/platform
Source: GitHub Advisory Database
Published: 15 days ago
Low
GSA_kwCzR0hTQS01OXFnLTkzamctMjM2Zs4AAxG7
Shopware has Insufficient Session Expiration in Administration
Ecosystems: packagist
Packages: shopware/core, shopware/platform
Source: GitHub Advisory Database
Published: 15 days ago
Moderate
GSA_kwCzR0hTQS04MjlxLXY1ZzgtaGh4Y84AAxG6
CakePHP has incorrect Cross-Site Request Forgery validation
Ecosystems: packagist
Packages: cakephp/cakephp
Source: GitHub Advisory Database
Published: 15 days ago
Moderate
GSA_kwCzR0hTQS1nNnB3LTk5OXctajc1bc4AAxG5
ELF header parsing library doesn't check for valid offset
Ecosystems: cargo
Packages: elf_rs
Source: GitHub Advisory Database
Published: 15 days ago
Moderate
GSA_kwCzR0hTQS03cDhtLTIyaDQtOXBqN84AAxG4
scs-library-client may leak user credentials to third-party service via HTTP redirect
Ecosystems: go
Packages: github.com/sylabs/scs-library-client
Source: GitHub Advisory Database
Published: 15 days ago
Moderate
GSA_kwCzR0hTQS1mODV3LXd2YzctY3J3Y84AAxG3
bumpalo has use-after-free due to a lifetime error in `Vec::into_iter()`
Ecosystems: cargo
Packages: bumpalo
Source: GitHub Advisory Database
Published: 15 days ago
Critical
GSA_kwCzR0hTQS14NzN3LWc4aHgtdjdycM4AAxGk
Code injection in electerm
Ecosystems: npm
Packages: electerm
Source: GitHub Advisory Database
Published: 15 days ago
High
GSA_kwCzR0hTQS1xOTVoLWNxcnYtOGp2Nc4AAxGB
ExifTool vulnerable to arbitrary code execution
Ecosystems: rubygems
Packages: exiftool_vendored
Source: GitHub Advisory Database
Published: 16 days ago
High
GSA_kwCzR0hTQS1oajRnLTR3MzYteDhocM4AAxF7
Kraken has arbitrary file read vulnerability via component testfs
Ecosystems: go
Packages: github.com/uber/kraken
Source: GitHub Advisory Database
Published: 16 days ago
Low
GSA_kwCzR0hTQS03Y3A3LWpmcDYtamg0Zs4AAxFz
Shopware's log module vulnerable to Improper Output Neutralization
Ecosystems: packagist
Packages: shopware/core, shopware/platform
Source: GitHub Advisory Database
Published: 16 days ago
Critical
GSA_kwCzR0hTQS02ZzhxLXFmcHYtNTd3cM4AAxFy
CakePHP Database\\Query::offset() and limit() methods are vulnerable to SQL injection
Ecosystems: packagist
Packages: cakephp/database, cakephp/cakephp
Source: GitHub Advisory Database
Published: 16 days ago
High
GSA_kwCzR0hTQS1tYzUyLWpwbTItY3FoNs4AAxFx
Deno is vulnerable to race condition via interactive permission prompt spoofing
Ecosystems: cargo
Packages: deno
Source: GitHub Advisory Database
Published: 16 days ago
Moderate
GSA_kwCzR0hTQS02dmY2LWczcHItajgzaM4AAxFw
pimcore is vulnerable to cross-site scripting via "title field " in data objects
Ecosystems: packagist
Packages: pimcore/pimcore
Source: GitHub Advisory Database
Published: 16 days ago
High
GSA_kwCzR0hTQS1wYzk5LXFtZzQtcmNmZs4AAxFv
act vulnerable to arbitrary file upload in artifact server
Ecosystems: go
Packages: github.com/nektos/act
Source: GitHub Advisory Database
Published: 16 days ago
Moderate
GSA_kwCzR0hTQS1obTdmLXJxN3Etajl4cM4AAxFC
@builder.io/qwik vulnerable to Cross-site Scripting
Ecosystems: npm
Packages: @builder.io/qwik
Source: GitHub Advisory Database
Published: 16 days ago
Critical
GSA_kwCzR0hTQS02dzg5LWM2NXctangyY84AAxE2
Jeecg-boot is vulnerable to SQL injection
Ecosystems: maven
Packages: org.jeecgframework.boot:jeecg-module-system, org.jeecgframework.boot:jeecg-boot-base-core
Source: GitHub Advisory Database
Published: 17 days ago
Moderate
GSA_kwCzR0hTQS1nMjk4LTU5cGctOTNoN84AAxEv
Cross-Site Request Forgery in modoboa
Ecosystems: pypi
Packages: modoboa
Source: GitHub Advisory Database
Published: 17 days ago
Moderate
GSA_kwCzR0hTQS14Z3Y3LXBxcWgtaDJ3Oc4AAxEu
jruby-openssl gem for JRuby fails to do proper certificate validation
Ecosystems: rubygems
Packages: jruby-openssl
Source: GitHub Advisory Database
Published: 17 days ago
Moderate
GSA_kwCzR0hTQS12OWdqLTVyZ3AtdzMzcs4AAxEi
Modoboa is vulnerable to Cross-Site Request Forgery
Ecosystems: pypi
Packages: modoboa
Source: GitHub Advisory Database
Published: 17 days ago
Moderate
GSA_kwCzR0hTQS03amY1LWZ2Z2YtNDhjNs4AAxEf
Velociraptor subject to Path Traversal
Ecosystems: go
Packages: www.velocidex.com/golang/velociraptor
Source: GitHub Advisory Database
Published: 17 days ago
High
GSA_kwCzR0hTQS1nNXZtLTUyNXEtcjY2Y84AAxET
Velociraptor vulnerable to Missing Authorization
Ecosystems: go
Packages: www.velocidex.com/golang/velociraptor
Source: GitHub Advisory Database
Published: 17 days ago
Low
GSA_kwCzR0hTQS05M3BtLTVwNWYtM2doeM4AAxD0
Denial of Service Vulnerability in Rack Content-Disposition parsing
Ecosystems: rubygems
Packages: rack
Source: GitHub Advisory Database
Published: 18 days ago
Low
GSA_kwCzR0hTQS1wODR2LTQ1eGotd3dxas4AAxDz
ReDoS based DoS vulnerability in Action Dispatch
Ecosystems: rubygems
Packages: actionpack
Source: GitHub Advisory Database
Published: 18 days ago
Low
GSA_kwCzR0hTQS1qNmdjLTc5Mm0tcWdtMs4AAxDy
ReDoS based DoS vulnerability in Active Support’s underscore
Ecosystems: rubygems
Packages: activesupport
Source: GitHub Advisory Database
Published: 18 days ago
Moderate
GSA_kwCzR0hTQS05NDQ1LTRjcjYtMzM2cs4AAxDx
Open Redirect Vulnerability in Action Pack
Ecosystems: rubygems
Packages: actionpack
Source: GitHub Advisory Database
Published: 18 days ago
Low
GSA_kwCzR0hTQS01Nzl3LTIyajQtNDc0Oc4AAxDw
Denial of Service Vulnerability in ActiveRecord’s PostgreSQL adapter
Ecosystems: rubygems
Packages: activerecord
Source: GitHub Advisory Database
Published: 18 days ago
Low
GSA_kwCzR0hTQS04eHd3LXgzZzMtNmpjds4AAxDv
ReDoS based DoS vulnerability in Action Dispatch
Ecosystems: rubygems
Packages: actionpack
Source: GitHub Advisory Database
Published: 18 days ago
High
GSA_kwCzR0hTQS1ocTdwLWozNzctNnY2M84AAxDu
SQL Injection Vulnerability via ActiveRecord comments
Ecosystems: rubygems
Packages: activerecord
Source: GitHub Advisory Database
Published: 18 days ago
Low
GSA_kwCzR0hTQS02NWY1LW1mcGYtdmZoas4AAxDt
Denial of service via header parsing in Rack
Ecosystems: rubygems
Packages: rack
Source: GitHub Advisory Database
Published: 18 days ago
Low
GSA_kwCzR0hTQS1ycXYyLTI3NXgtMmpxNc4AAxDs
Denial of service via multipart parsing in Rack
Ecosystems: rubygems
Packages: rack
Source: GitHub Advisory Database
Published: 18 days ago
Low
GSA_kwCzR0hTQS0yM2MyLWd3cDUtcHh3Oc4AAxDr
ReDoS based DoS vulnerability in GlobalID
Ecosystems: rubygems
Packages: globalid
Source: GitHub Advisory Database
Published: 18 days ago
Moderate
GSA_kwCzR0hTQS1oNDUyLTc5OTYtaDQ1aM4AAxDY
cookiejar Regular Expression Denial of Service via Cookie.parse function
Ecosystems: maven, npm
Packages: org.webjars.npm:cookiejar, cookiejar
Source: GitHub Advisory Database
Published: 18 days ago
High
GSA_kwCzR0hTQS0zZndxLXF2NXYtMnd4Zs4AAxDR
Path Traversal in web-node-server
Ecosystems: npm
Packages: web-node-server
Source: GitHub Advisory Database
Published: 18 days ago
Moderate
GSA_kwCzR0hTQS1xam03LTU1dnYtM2M1Zs4AAxDO
mel-spintax has Inefficient Regular Expression Complexity
Ecosystems: npm
Packages: mel-spintax
Source: GitHub Advisory Database
Published: 18 days ago
High
GSA_kwCzR0hTQS1tNGY4LXA1OGctajhtas4AAxCR
Observable timing discrepancy in JOpenId
Ecosystems: maven
Packages: org.expressme:JOpenId
Source: GitHub Advisory Database
Published: 18 days ago
High
GSA_kwCzR0hTQS1nM3B2LXBqNWYtM2hmcc4AAxCV
mechanize Regular Expression Denial of Service vulnerability
Ecosystems: pypi
Packages: mechanize
Source: GitHub Advisory Database
Published: 18 days ago
Critical
GSA_kwCzR0hTQS05M2N3LWY1amoteDg1d84AAxBk
Shopware vulnerable to Improper Control of Generation of Code in Twig rendered views
Ecosystems: packagist
Packages: shopware/core, shopware/platform
Source: GitHub Advisory Database
Published: 18 days ago
Moderate
GSA_kwCzR0hTQS04cjZoLW03MnYtMzhmZ84AAxBj
Shopware vulnerable to Improper Input Validation of Clearance sale in cart
Ecosystems: packagist
Packages: shopware/core, shopware/platform
Source: GitHub Advisory Database
Published: 18 days ago
Moderate
GSA_kwCzR0hTQS12bTc0LWo0d3EtODJ4as4AAxBY
Sisimai Inefficient Regular Expression Complexity vulnerability
Ecosystems: rubygems
Packages: sisimai
Source: GitHub Advisory Database
Published: 18 days ago
Moderate
GSA_kwCzR0hTQS04OTRjLXJnN2YtM2M2Ms4AAxAt
pgAdmin 4 Open Redirect vulnerability
Ecosystems: pypi
Packages: pgadmin4
Source: GitHub Advisory Database
Published: 19 days ago
High
GSA_kwCzR0hTQS1wcGhmLWdmcm0tdjMycs4AAxAx
Code injection in ruby git
Ecosystems: rubygems
Packages: git
Source: GitHub Advisory Database
Published: 19 days ago
Moderate
GSA_kwCzR0hTQS1jaGdjLXJxanItNDZnZ84AAxAo
Cross Site Scripting in simplesamlphp-module-openidprovider
Ecosystems: packagist
Packages: simplesamlphp/simplesamlphp-module-openidprovider
Source: GitHub Advisory Database
Published: 19 days ago
Moderate
GSA_kwCzR0hTQS05Zjg4LXdnNXItOTQ3as4AAw_i
Apache Superset vulnerable to Cross-site Scripting
Ecosystems: pypi
Packages: apache-superset
Source: GitHub Advisory Database
Published: 20 days ago
Moderate
GSA_kwCzR0hTQS1jeHZwLTNmcm0tMzg3Ns4AAw_h
Apache Superset's SQL Alchemy connector vulnerable to SQL Injection
Ecosystems: pypi
Packages: apache-superset
Source: GitHub Advisory Database
Published: 20 days ago
High
GSA_kwCzR0hTQS03MjIyLXIzN3gtOHEzbc4AAw_j
Apache Superset vulnerable to Cross-Site Request Forgery via legacy REST API endpoints
Ecosystems: pypi
Packages: apache-superset
Source: GitHub Advisory Database
Published: 20 days ago
Moderate
GSA_kwCzR0hTQS03OXg1LWN2NzktNDlyas4AAw_k
Apache Superset is vulnerable to Cross-Site Scripting (XSS)
Ecosystems: pypi
Packages: apache-superset
Source: GitHub Advisory Database
Published: 20 days ago
Critical
GSA_kwCzR0hTQS04aGNmLTJtNHYtZjJycc4AAw_o
SQL Injection in liftkit/database
Ecosystems: packagist
Packages: liftkit/database
Source: GitHub Advisory Database
Published: 20 days ago
Moderate
GSA_kwCzR0hTQS1mcG1yLXFtZ2gtNDJ4Ms4AAw_p
Apache Superset vulnerable to Injection
Ecosystems: pypi
Packages: apache-superset
Source: GitHub Advisory Database
Published: 20 days ago
Moderate
GSA_kwCzR0hTQS04ZjVqLW1neDktNWhtNc4AAw_n
Apache Superset has Improper Access Control
Ecosystems: pypi
Packages: apache-superset
Source: GitHub Advisory Database
Published: 20 days ago
Critical
GSA_kwCzR0hTQS04NWdmLXdyNjctZjgzd84AAw_f
curupira is vulnerable to SQL injection
Ecosystems: rubygems
Packages: curupira
Source: GitHub Advisory Database
Published: 20 days ago
Moderate
GSA_kwCzR0hTQS1mY2c0LXBtNmgtOXh4Ms4AAw_q
Apache Superset Open Redirect vulnerability
Ecosystems: pypi
Packages: apache-superset
Source: GitHub Advisory Database
Published: 20 days ago
Moderate
GSA_kwCzR0hTQS14cDNnLTI3MjktcnhtM84AAw_b
Froxlor is vulnerable to path traversal
Ecosystems: packagist
Packages: froxlor/froxlor
Source: GitHub Advisory Database
Published: 20 days ago
High
GSA_kwCzR0hTQS1jcDY4LTQycGYtNjYyN84AAw_a
Froxlor vulnerable to Command Injection
Ecosystems: packagist
Packages: froxlor/froxlor
Source: GitHub Advisory Database
Published: 20 days ago
Moderate
GSA_kwCzR0hTQS13NDc1LTc0OWgtYzc3bc4AAw_U
phpMyFAQ Stored Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: thorsten/phpmyfaq
Source: GitHub Advisory Database
Published: 20 days ago
Moderate
GSA_kwCzR0hTQS00cDg4LWNmaHEtZjN2Z84AAw_X
phpMyFAQ has Weak Password Requirements
Ecosystems: packagist
Packages: thorsten/phpmyfaq
Source: GitHub Advisory Database
Published: 20 days ago
Moderate
GSA_kwCzR0hTQS05Nng2LWpmNXctODRjNc4AAw_V
phpMyFAQ Stored Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: thorsten/phpmyfaq
Source: GitHub Advisory Database
Published: 20 days ago
Moderate
GSA_kwCzR0hTQS1tOXhyLThjeDctNTNwas4AAw_R
phpMyFAQ Reflected Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: thorsten/phpmyfaq
Source: GitHub Advisory Database
Published: 20 days ago
Moderate
GSA_kwCzR0hTQS0yNWMzLTdmdmotdjQ1as4AAw_Z
phpMyFAQ Stored Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: thorsten/phpmyfaq
Source: GitHub Advisory Database
Published: 20 days ago
Filter by Package
tensorflow 403 tensorflow-cpu 366 tensorflow-gpu 366 org.jenkins-ci.main:jenkins-core 146 org.apache.tomcat:tomcat 73 microweber/microweber 68 com.fasterxml.jackson.core:jackson-databind 68 Microsoft.ChakraCore 67 github.com/usememos/memos 54 actionpack 51 pimcore/pimcore 44 apache-airflow 43 org.apache.struts:struts2-core 43 ansible 42 django 42 rdiffweb 40 shopware/platform 40 Pillow 39 typo3/cms-core 38 org.keycloak:keycloak-core 38 com.thoughtworks.xstream:xstream 37 showdoc/showdoc 36 shopware/core 31 librenms/librenms 30 opencv-contrib-python 30 opencv-python 30 snipe/snipe-it 28 org.apache.nifi:nifi 27 moodle/moodle 25 io.undertow:undertow-core 25 org.springframework:spring-core 25 nokogiri 24 org.elasticsearch:elasticsearch 23 parse-server 23 net.mingsoft:ms-mcms 23 activerecord 22 org.apache.tomcat.embed:tomcat-embed-core 22 remdex/livehelperchat 22 org.jenkins-ci.plugins:script-security 21 org.apache.solr:solr-core 21 dolibarr/dolibarr 21 gogs.io/gogs 21 matrix-synapse 20 Plone 20 rails 20 apache-superset 20 org.springframework.security:spring-security-core 20 electron 19 org.eclipse.jetty:jetty-server 19 com.vaadin:vaadin-bom 19 typo3/cms 18 mautic/core 18 org.keycloak:keycloak-parent 17 concrete5/concrete5 17 org.apache.openmeetings:openmeetings-parent 17 org.bouncycastle:bcprov-jdk14 17 cakephp/cakephp 17 shopware/shopware 17 org.apache.activemq:activemq-client 17 openssl-src 17 marked 16 thorsten/phpmyfaq 16 org.bouncycastle:bcprov-jdk15 16 yetiforce/yetiforce-crm 16 rack 16 github.com/argoproj/argo-cd 16 silverstripe/framework 16 rusqlite 16 baserproject/basercms 15 org.apache.geode:geode-core 15 pocketmine/pocketmine-mp 15 craftcms/cms 14 org.apache.cxf:cxf 14 github.com/hashicorp/nomad 14 swagger-ui 14 org.xwiki.platform:xwiki-platform-oldcore 14 org.apache.jspwiki:jspwiki-main 14 github.com/ethereum/go-ethereum 14 symfony/symfony 14 strapi 14 puppet 13 grumpydictator/firefly-iii 13 handlebars 13 tribalsystems/zenario 13 notebook 13 froxlor/froxlor 13 Microsoft.AspNetCore.App.Runtime.osx-x64 13 Microsoft.AspNetCore.App.Runtime.win-x86 13 Microsoft.AspNetCore.App.Runtime.win-arm 13 Microsoft.AspNetCore.App.Runtime.win-x64 13 Microsoft.AspNetCore.App.Runtime.linux-arm 13 Microsoft.AspNetCore.App.Runtime.linux-x64 13 Microsoft.AspNetCore.App.Runtime.linux-musl-x64 13 Microsoft.AspNetCore.App.Runtime.linux-arm64 13 @openzeppelin/contracts-upgradeable 13 publify_core 13 github.com/goharbor/harbor 13 pyftpdlib 13 org.apache.tika:tika-core 13 org.apache.dubbo:dubbo 13 helm.sh/helm/v3 12 rails-html-sanitizer 12 phpmailer/phpmailer 12 Microsoft.AspNetCore.App.Runtime.linux-musl-arm64 12 actionview 12 sequelize 12 getkirby/cms 12 @openzeppelin/contracts 12 github.com/rancher/rancher 12 forkcms/forkcms 12 openmage/magento-lts 12 next 12 onionshare-cli 11 org.jenkins-ci.plugins.workflow:workflow-cps 11 feehi/feehicms 11 org.jenkins-ci.plugins:git 11 org.apache.cxf:cxf-core 11 Django 11 org.apache.hadoop:hadoop-common 11 com.liferay.portal:release.portal.bom 11 org.apache.hadoop:hadoop-main 11 intelliants/subrion 11 fat_free_crm 11 getgrav/grav 11 francoisjacquet/rosariosis 11 drupal/core 11 DotNetNuke.Core 11 wasmtime 10 github.com/hashicorp/consul 10 com.vaadin:flow-server 10 Microsoft.AspNetCore.App.Runtime.win-arm64 10 ckb 10 Microsoft.NETCore.App 10 Microsoft.AspNetCore.All 10 twisted 10 github.com/hashicorp/vault 10 activesupport 10 github.com/argoproj/argo-cd/v2 10 contao/core-bundle 10 ckeditor4 10 org.apache.jspwiki:jspwiki-war 10 october/system 10 tinymce 10 vyper 10 org.apache.ranger:ranger 10 github.com/containerd/containerd 9 org.apache.camel:camel-core 9 io.jenkins:configuration-as-code 9 centreon/centreon 9 org.apache.xmlgraphics:batik 9 jquery 9 code.gitea.io/gitea 9 k8s.io/kubernetes 9 calibreweb 9 org.apache.hive:hive 9 puma 9 concrete5/core 9 org.jenkins-ci.plugins.workflow:workflow-cps-global-lib 9 waitress 9 kevinpapst/kimai2 9 opencv-python-headless 9 github.com/docker/docker 9 org.apache.kylin:kylin 9 validator 9 serve 9 ssddanbrown/bookstack 8 ghost 8 org.apache.tapestry:tapestry-core 8 Microsoft.AspNetCore.App.Runtime.linux-musl-arm 8 Microsoft.AspNetCore.App 8 OctoPrint 8 url-parse 8 nodebb 8 urijs 8 steal 8 topthink/framework 8 org.yaml:snakeyaml 8 org.xwiki.platform:xwiki-platform-web 8 jquery-ui 8 sylius/sylius 8 org.apache.tika:tika 8 org.apache.shiro:shiro-core 8 org.apache.poi:poi 8 pyload-ng 8 org.apache.commons:commons-compress 8 github.com/kubeedge/kubeedge 8 npm 8 org.apache.karaf:apache-karaf 8 mysql:mysql-connector-java 8 org.jboss.resteasy:resteasy-client 8 org.apache.pdfbox:pdfbox 8 elefant/cms 8 facturascripts/facturascripts 8 passenger 8 impresscms/impresscms 8 org.apache.hive:hive-exec 8 node-forge 8 opencv-contrib-python-headless 8 github.com/nats-io/nats-server/v2 8 org.apache.ozone:ozone-main 8 org.apache.zeppelin:zeppelin 7 urllib3 7 org.springframework:spring-webmvc 7 github.com/opencontainers/runc 7 ezsystems/ezpublish-kernel 7 org.jenkins-ci.plugins:subversion 7 github.com/traefik/traefik/v2 7 tar 7 github.com/cri-o/cri-o 7 total.js 7 github.com/cloudflare/cfrpki/cmd/octorpki 7 org.igniterealtime.openfire:parent 7 pillow 7 systeminformation 7 october/cms 7 feehi/cms 7 org.apache.santuario:xmlsec 7 org.apache.atlas:atlas-common 7 jsrsasign 7 org.craftercms:crafter-studio 7 io.jenkins.blueocean:blueocean 7 Microsoft.NETCore.App.Runtime.win-x86 7 Microsoft.NETCore.App.Runtime.win-arm 7 Microsoft.NETCore.App.Runtime.win-x64 7 Microsoft.NETCore.App.Runtime.win-arm64 7 Microsoft.NETCore.App.Runtime.linux-musl-x64 7 Microsoft.NETCore.App.Runtime.osx-x64 7 Microsoft.NETCore.App.Runtime.linux-x64 7 Microsoft.NETCore.App.Runtime.linux-musl-arm64 7 Microsoft.NETCore.App.Runtime.linux-arm64 7 Microsoft.NETCore.App.Runtime.linux-arm 7 github.com/go-gitea/gitea 7 codeigniter4/framework 7 pysaml2 7 laravel/framework 7 october/backend 7 numpy 7 keystone 7 snyk-broker 7 next-auth 7 angular 7 hapi 7 org.apache.httpcomponents:httpclient 7 org.apache.druid:druid 7 hermes-engine 7 hyper 7 org.apache.spark:spark-core_2.11 7 github.com/pomerium/pomerium 7 org.apache.cxf:apache-cxf 7 lodash 7 org.apache.james:james-server 7 io.atomix:atomix 7 org.apache.hive:hive-service 7 tensorflow-lite 7 magento/community-edition 7 org.apache.syncope:syncope-core 6 Flask-AppBuilder 6 org.jenkins-ci.plugins:ec2 6 github.com/sylabs/singularity 6 io.jenkins.plugins:cavisson-ns-nd-integration 6 loofah 6 Simple-Wayland-HotKey-Daemon 6 org.apache.archiva:archiva 6 org.jenkins-ci.plugins:active-directory 6 Microsoft.AspNetCore.Mvc.Core 6 org.apache.solr:solr-parent 6 org.apache.dolphinscheduler:dolphinscheduler 6 org.apache.mesos:mesos 6 com.sonyericsson.hudson.plugins.gerrit:gerrit-trigger 6 github.com/fluxcd/flux2 6 commons-jxpath:commons-jxpath 6 org.postgresql:postgresql 6 lief 6 express-cart 6 org.opencastproject:opencast-kernel 6 org.apache.logging.log4j:log4j-core 6 parse-url 6 OPCFoundation.NetStandard.Opc.Ua.Core 6 doorkeeper 6 github.com/beego/beego 6 ipython 6 bootstrap 6 simplesamlphp/simplesamlphp 6 org.springframework.amqp:spring-amqp 6 io.netty:netty-handler 6 guzzlehttp/guzzle 6 ember-source 6 inventree 6 libpulse-binding 6 org.apache.spark:spark-core_2.10 6 smarty/smarty 6 python-gnupg 6 org.owasp.antisamy:antisamy 6 cobbler 6 github.com/google/fscrypt 6 org.jeecgframework.boot:jeecg-boot-base 6 smallvec 6 pterodactyl/panel 6 aaptjs 6 wagtail 6