Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories

Loading...
High
GSA_kwCzR0hTQS13ajg1LXc0ZjQteGg4aM4AA6Gp
Denial of service via regular expression
Ecosystems: pypi
Packages: wiki
Source: GitHub Advisory Database
Published: 11 days ago
Moderate
GSA_kwCzR0hTQS13anY4LXB4cjYtNWY0cs4AA6Go
Gadget chain in Symfony 1 due to vulnerable Swift Mailer dependency
Ecosystems: packagist
Packages: friendsofsymfony1/symfony1
Source: GitHub Advisory Database
Published: 11 days ago
High
GSA_kwCzR0hTQS1oZnJnLTRqd3ItamZwas4AA6Gn
Improper HTML sanitization in ZITADEL
Ecosystems: go
Packages: github.com/zitadel/zitadel
Source: GitHub Advisory Database
Published: 11 days ago
Moderate
GSA_kwCzR0hTQS12NnEyLTRxcjMtNWN3Ns4AA6Gm
Unencrypted traffic between nodes when using WireGuard and L7 policies
Ecosystems: go
Packages: github.com/cilium/cilium
Source: GitHub Advisory Database
Published: 11 days ago
Moderate
GSA_kwCzR0hTQS1qODloLXFydnIteGMzNs4AA6Gl
Unencrypted traffic between nodes when using IPsec and L7 policies
Ecosystems: go
Packages: github.com/cilium/cilium
Source: GitHub Advisory Database
Published: 11 days ago
High
GSA_kwCzR0hTQS02OG1qLTlwanEtbWM4Nc4AA6Gk
Intermittent HTTP policy bypass
Ecosystems: go
Packages: github.com/cilium/cilium
Source: GitHub Advisory Database
Published: 11 days ago
Moderate
GSA_kwCzR0hTQS14N21mLXdyaDktcjc2Y84AA6Gj
XSS via the "Snapshot Test" feature in Classic Webcam plugin settings
Ecosystems: pypi
Packages: OctoPrint
Source: GitHub Advisory Database
Published: 11 days ago
Moderate
GSA_kwCzR0hTQS0ydmdnLTloNnctbTQ1NM4AA6Gi
Bypassing Rate Limit and Brute Force Protection Using Cache Overflow
Ecosystems: go
Packages: github.com/argoproj/argo-cd/v2
Source: GitHub Advisory Database
Published: 11 days ago
High
GSA_kwCzR0hTQS02djg1LXdyOTItcTRwN84AA6Gh
Denial of Service (DoS) Vulnerability Due to Unsafe Array Modification in Multi-threaded Environment
Ecosystems: go
Packages: github.com/argoproj/argo-cd
Source: GitHub Advisory Database
Published: 11 days ago
High
GSA_kwCzR0hTQS1oMng2LTVqeDUtNDZoZs4AA6Gg
RCE in TranformGraph().to_dot_graph function
Ecosystems: pypi
Packages: astropy
Source: GitHub Advisory Database
Published: 11 days ago
Moderate
GSA_kwCzR0hTQS14Mmg4LXFtajQtZzYyZs4AA6Fh
ROTP 6.2.2 and 6.2.1 has 0666 permissions for the .rb files.
Ecosystems: rubygems
Packages: rotp
Source: GitHub Advisory Database
Published: 11 days ago
Moderate
GSA_kwCzR0hTQS14MzJtLW12ZmotNTJ4ds4AA6Fg
Bypassing Brute Force Protection via Application Crash and In-Memory Data Loss
Ecosystems: go
Packages: github.com/argoproj/argo-cd/v2
Source: GitHub Advisory Database
Published: 11 days ago
High
GSA_kwCzR0hTQS1mM2poLXF2bTQtbWczOc4AA6FU
Erroneous authentication pass in Spring Security
Ecosystems: maven
Packages: org.springframework.security:spring-security-core
Source: GitHub Advisory Database
Published: 11 days ago
Moderate
GSA_kwCzR0hTQS1tdmY2LWh3eGgtN3Y3Ns4AA6Eg
Information leakage in YAQL
Ecosystems: pypi
Packages: yaql
Source: GitHub Advisory Database
Published: 11 days ago
Moderate
GSA_kwCzR0hTQS01dmNjLTg2d20tNTQ3cc4AA6DQ
Improper Privilege Management in djangorestframework-simplejwt
Ecosystems: pypi
Packages: djangorestframework-simplejwt
Source: GitHub Advisory Database
Published: 13 days ago
High
GSA_kwCzR0hTQS1oZ2poLTlyajItZzY3as4AA6DE
Spring Framework URL Parsing with Host Validation Vulnerability
Ecosystems: maven
Packages: org.springframework:spring-web
Source: GitHub Advisory Database
Published: 13 days ago
Low
GSA_kwCzR0hTQS12bThxLW01N2ctcGZmM84AA6CU
Regular expression denial-of-service in Django
Ecosystems: pypi
Packages: django
Source: GitHub Advisory Database
Published: 14 days ago
High
GSA_kwCzR0hTQS00amhqLTNndjMtYzNncs4AA6CS
CLI for Vela Insecure Variable Substitution
Ecosystems: go
Packages: github.com/go-vela/cli
Source: GitHub Advisory Database
Published: 14 days ago
High
GSA_kwCzR0hTQS12OG14LWhwMnEtZ3c4Nc4AA6CR
Golang SDK for Vela Insecure Variable Substitution
Ecosystems: go
Packages: github.com/go-vela/sdk-go
Source: GitHub Advisory Database
Published: 14 days ago
High
GSA_kwCzR0hTQS02OXA0LWo1djUteDIzNM4AA6CQ
Server/API for Vela Insecure Variable Substitution
Ecosystems: go
Packages: github.com/go-vela/server
Source: GitHub Advisory Database
Published: 14 days ago
High
GSA_kwCzR0hTQS03djM4LXczMm0td3g0bc4AA6CP
Types for Vela Insecure Variable Substitution
Ecosystems: go
Packages: github.com/go-vela/types
Source: GitHub Advisory Database
Published: 14 days ago
High
GSA_kwCzR0hTQS0ycXBoLXFwdm0tMnFmN84AA6CO
tls-listener affected by the slow loris vulnerability with default configuration
Ecosystems: cargo
Packages: tls-listener
Source: GitHub Advisory Database
Published: 14 days ago
High
GSA_kwCzR0hTQS1tcDc2LTd3NXYtcHI3Nc4AA6CN
TurboBoost Commands vulnerable to arbitrary method invocation
Ecosystems: npm, rubygems
Packages: @turbo-boost/commands, turbo_boost-commands
Source: GitHub Advisory Database
Published: 14 days ago
Critical
GSA_kwCzR0hTQS1qd3Y1LThtcXYtZzM4N84AA6CM
Cross-site scripting on application summary component
Ecosystems: go
Packages: github.com/argoproj/argo-cd/v2, github.com/argoproj/argo-cd
Source: GitHub Advisory Database
Published: 14 days ago
High
GSA_kwCzR0hTQS0zMmpxLW12ODktNXJ4N84AA6CL
CoreWCF NetFraming based services can leave connections open when they should be closed
Ecosystems: nuget
Packages: CoreWCF.NetFramingBase
Source: GitHub Advisory Database
Published: 14 days ago
Low
GSA_kwCzR0hTQS04NzlwLThndzQtbWNwd84AA6CK
fgr Vulnerable to Insecure Default Variable Initialization
Ecosystems: pypi
Packages: fgr
Source: GitHub Advisory Database
Published: 14 days ago
High
GSA_kwCzR0hTQS13NXd4LTZnMnItcjc4cc4AA6CJ
Nuclei allows unsigned code template execution through workflows
Ecosystems: go
Packages: github.com/projectdiscovery/nuclei/v3
Source: GitHub Advisory Database
Published: 14 days ago
Critical
GSA_kwCzR0hTQS00OTRoLTk5MjQteHd3Oc4AA6B3
Pterodactyl Wings vulnerable to improper isolation of server file access
Ecosystems: go
Packages: github.com/pterodactyl/wings
Source: GitHub Advisory Database
Published: 14 days ago
Moderate
GSA_kwCzR0hTQS01aDN4LTZnd2YtNzNqbc4AA6B2
vantage6 vulnerable to a username timing attack on recover password/MFA token
Ecosystems: pypi
Packages: vantage6
Source: GitHub Advisory Database
Published: 14 days ago
Moderate
GSA_kwCzR0hTQS00OTQ2LTg1cHItZnZ4aM4AA6B1
vantage6's CORS settings overly permissive
Ecosystems: pypi
Packages: vantage6
Source: GitHub Advisory Database
Published: 14 days ago
Moderate
GSA_kwCzR0hTQS13eDhxLTRnbTktcmoyZ84AA6B0
Fluid vulnerable to OS Command Injection for Fluid Users with JuicefsRuntime
Ecosystems: go
Packages: github.com/fluid-cloudnative/fluid
Source: GitHub Advisory Database
Published: 14 days ago
Moderate
GSA_kwCzR0hTQS1nNjIzLWpjZ2ctbWhtbc4AA6Bz
Users with `create` but not `override` privileges can perform local sync
Ecosystems: go
Packages: github.com/argoproj/argo-cd/v2, github.com/argoproj/argo-cd
Source: GitHub Advisory Database
Published: 14 days ago
Moderate
GSA_kwCzR0hTQS1yOTc4LTltNm0tNmdtNs4AA6BT
Apache ZooKeeper vulnerable to information disclosure in persistent watchers handling
Ecosystems: maven
Packages: org.apache.zookeeper:zookeeper
Source: GitHub Advisory Database
Published: 14 days ago
Moderate
GSA_kwCzR0hTQS1xbWd4LWo5NmctNDQyOM4AA6BU
SSRF vulnerability using the Aegis DataBinding in Apache CXF
Ecosystems: maven
Packages: org.apache.cxf:cxf-core
Source: GitHub Advisory Database
Published: 14 days ago
High
GSA_kwCzR0hTQS1wd3g1LTZ3eGctcHg1aM4AA6Ac
Insecure Variable Substitution in Vela
Ecosystems: go
Packages: github.com/go-vela/worker
Source: GitHub Advisory Database
Published: 15 days ago
Critical
GSA_kwCzR0hTQS04ODMyLTRtbTUteDJyNs4AA6Aa
discordrb OS Command Injection vulnerability
Ecosystems: rubygems
Packages: discordrb
Source: GitHub Advisory Database
Published: 15 days ago
Critical
GSA_kwCzR0hTQS1xOTdnLWMyOWgteDJwN84AA6Ab
Whoogle Search Path Traversal vulnerability
Ecosystems: pypi
Packages: whoogle-search
Source: GitHub Advisory Database
Published: 15 days ago
Moderate
GSA_kwCzR0hTQS1oaDJxLXF2NjYtamNxZ84AA6AZ
Whoogle Search Path Traversal vulnerability
Ecosystems: pypi
Packages: whoogle-search
Source: GitHub Advisory Database
Published: 15 days ago
Moderate
GSA_kwCzR0hTQS1waGc2LTQ0bTctaHgzaM4AA6AX
Whoogle Search Cross-site Scripting vulnerability
Ecosystems: pypi
Packages: whoogle-search
Source: GitHub Advisory Database
Published: 15 days ago
Critical
GSA_kwCzR0hTQS0zcTZnLXFtcHgtcnF3NM4AA6AY
Whoogle Search Server-Side Request Forgery vulnerability
Ecosystems: pypi
Packages: whoogle-search
Source: GitHub Advisory Database
Published: 15 days ago
Moderate
GSA_kwCzR0hTQS1jeGpoLXBxd3AtOG1mcM4AA6AJ
follow-redirects' Proxy-Authorization header kept across hosts
Ecosystems: npm
Packages: follow-redirects
Source: GitHub Advisory Database
Published: 15 days ago
Moderate
GSA_kwCzR0hTQS1oNTc0LTY2NDYtdmZ4eM4AA6AB
Apache Airflow: Ignored Airflow Permission
Ecosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Published: 15 days ago
Moderate
GSA_kwCzR0hTQS1wbWM3LWhtbXctZzk2cc4AA5_Z
Bagisto vulnerable to Insecure Direct Object Reference (IDOR)
Ecosystems: packagist
Packages: bagisto/bagisto
Source: GitHub Advisory Database
Published: 16 days ago
Moderate
GSA_kwCzR0hTQS12NjgyLTh2djgtdnB3cs4AA5-j
Denial of Service via incomplete cleanup vulnerability in Apache Tomcat
Ecosystems: maven
Packages: org.apache.tomcat:tomcat
Source: GitHub Advisory Database
Published: 16 days ago
Moderate
GSA_kwCzR0hTQS03dzc1LTMyY2ctcjZnMs4AA5-Y
Apache Tomcat Denial of Service due to improper input validation vulnerability for HTTP/2 requests
Ecosystems: maven
Packages: org.apache.tomcat.embed:tomcat-embed-core, org.apache.tomcat:tomcat
Source: GitHub Advisory Database
Published: 16 days ago
High
GSA_kwCzR0hTQS0yeDdtLWdmODUtMzc0Nc4AA587
Remote Denial of Service Vulnerability in Microsoft QUIC
Ecosystems: nuget
Packages: Microsoft.Native.Quic.MsQuic.OpenSSL, Microsoft.Native.Quic.MsQuic.Schannel
Source: GitHub Advisory Database
Published: 16 days ago
Moderate
GSA_kwCzR0hTQS03OHd4LWpnNGotNWo2Z84AA586
quiche vulnerable to unlimited resource allocation by QUIC CRYPTO frames flooding
Ecosystems: cargo
Packages: quiche
Source: GitHub Advisory Database
Published: 16 days ago
Low
GSA_kwCzR0hTQS14aGc5LXh3Y2gtdnI3eM4AA585
quiche vulnerable to unbounded storage of information related to connection ID retirement
Ecosystems: cargo
Packages: quiche
Source: GitHub Advisory Database
Published: 16 days ago
Moderate
GSA_kwCzR0hTQS1wcjJtLXB4N2oteGc2Nc4AA584
aiosmtpd vulnerable to SMTP smuggling
Ecosystems: pypi
Packages: aiosmtpd
Source: GitHub Advisory Database
Published: 16 days ago
Moderate
GSA_kwCzR0hTQS04ZzM4LTNtNnYtMjMyas4AA58k
Potential log injection in reset user endpoint in CKAN
Ecosystems: pypi
Packages: ckan
Source: GitHub Advisory Database
Published: 16 days ago
Low
GSA_kwCzR0hTQS03Zzk3LTdyM2MtNWNjNs4AA58e
In Quarkus, git credentials could be inadvertently published
Ecosystems: maven
Packages: io.quarkus:quarkus-kubernetes-deployment
Source: GitHub Advisory Database
Published: 16 days ago
High
GSA_kwCzR0hTQS1qZzJnLTRyamctY21xaM4AA57-
Apache Pulsar: Pulsar Functions Worker's Archive Extraction Vulnerability Allows Unauthorized File Modification
Ecosystems: maven
Packages: org.apache.pulsar:pulsar-functions-worker
Source: GitHub Advisory Database
Published: 17 days ago
Moderate
GSA_kwCzR0hTQS1nNjI3LXI1NzktcnczNc4AA573
Apache Pulsar: Improper Authorization For Topic-Level Policy Management
Ecosystems: maven
Packages: org.apache.pulsar:pulsar-broker
Source: GitHub Advisory Database
Published: 17 days ago
High
GSA_kwCzR0hTQS1jMzVoLXc4aGotbW01Nc4AA574
Apache Pulsar: Improper Authentication for Pulsar Proxy Statistics Endpoint
Ecosystems: maven
Packages: org.apache.pulsar:pulsar-proxy
Source: GitHub Advisory Database
Published: 17 days ago
High
GSA_kwCzR0hTQS14cDJyLWc4cXEtNDRoaM4AA577
Apache Pulsar: Improper Input Validation in Pulsar Function Worker allows Remote Code Execution
Ecosystems: maven
Packages: org.apache.pulsar:pulsar-functions-worker
Source: GitHub Advisory Database
Published: 17 days ago
High
GSA_kwCzR0hTQS1jMng5LXZ3NWgtMzl2Y84AA57_
Apache Pulsar: Pulsar Functions Worker Allows Unauthorized File Access and Unauthorized HTTP/HTTPS Proxying
Ecosystems: maven
Packages: org.apache.pulsar:pulsar-functions-worker
Source: GitHub Advisory Database
Published: 17 days ago
Moderate
GSA_kwCzR0hTQS1mcjN3LTJwMjItNnc3cM4AA572
URL Redirection to Untrusted Site in OAuth2/OpenID in directus
Ecosystems: npm
Packages: directus
Source: GitHub Advisory Database
Published: 17 days ago
Low
GSA_kwCzR0hTQS0yY2NyLWcycnYtaDY3N84AA571
Session Token in URL in directus
Ecosystems: npm
Packages: directus
Source: GitHub Advisory Database
Published: 17 days ago
High
GSA_kwCzR0hTQS01ZnhqLXdoY3YtY3JyY84AA570
Microsoft Security Advisory CVE-2024-21392: .NET Denial of Service Vulnerability
Ecosystems: nuget
Packages: Microsoft.NETCore.App.Runtime.win-x64, Microsoft.NETCore.App.Runtime.win-x86, Microsoft.NETCore.App.Runtime.win-arm64, Microsoft.NETCore.App.Runtime.win-arm, Microsoft.NETCore.App.Runtime.osx-x64, Microsoft.NETCore.App.Runtime.osx-arm64, Microsoft.NETCore.App.Runtime.linux-x64, Microsoft.NETCore.App.Runtime.linux-musl-x64, Microsoft.NETCore.App.Runtime.linux-musl-arm64, Microsoft.NETCore.App.Runtime.linux-musl-arm, Microsoft.NETCore.App.Runtime.linux-arm64, Microsoft.NETCore.App.Runtime.linux-arm
Source: GitHub Advisory Database
Published: 17 days ago
High
GSA_kwCzR0hTQS12bXF2LTQ3ajgtZ3d2OM4AA57r
Remote Code Execution Vulnerability in Microsoft Django Backend for SQL Server
Ecosystems: pypi
Packages: mssql-django
Source: GitHub Advisory Database
Published: 17 days ago
High
GSA_kwCzR0hTQS05NXJ4LW05bTUtbTk0ds4AA56u
ASA-2024-006: ValidateVoteExtensions helper function in Cosmos SDK may allow incorrect voting power assumptions
Ecosystems: go
Packages: github.com/cosmos/cosmos-sdk
Source: GitHub Advisory Database
Published: 17 days ago
High
GSA_kwCzR0hTQS1mNzhqLTR3M2ctNHE2Nc4AA56t
StimulusReflex arbitrary method call
Ecosystems: npm, rubygems
Packages: stimulus_reflex
Source: GitHub Advisory Database
Published: 17 days ago
High
GSA_kwCzR0hTQS0yNDJwLTR2MzktMnY4Z84AA56s
Cross-site Scripting (XSS) possible with maliciously formed HTML attribute names and values in Phlex
Ecosystems: rubygems
Packages: phlex
Source: GitHub Advisory Database
Published: 17 days ago
High
GSA_kwCzR0hTQS1tcTR4LXIydzMtajdtcs4AA54b
Account Takeover via Session Fixation in Zitadel [Bypassing MFA]
Ecosystems: go
Packages: github.com/zitadel/zitadel
Source: GitHub Advisory Database
Published: 18 days ago
Moderate
GSA_kwCzR0hTQS14MnZnLTV3cmYtdmo2ds4AA53Z
1Panel is vulnerable to command injection
Ecosystems: go
Packages: github.com/1Panel-dev/1Panel
Source: GitHub Advisory Database
Published: 19 days ago
High
GSA_kwCzR0hTQS0zNWpqLXd4NDctNHc4cs4AA52-
WeasyPrint allows the attachment of arbitrary files and URLs to a PDF
Ecosystems: pypi
Packages: weasyprint
Source: GitHub Advisory Database
Published: 21 days ago
Moderate
GSA_kwCzR0hTQS14aGp3LTd2aDUtcXhxbc4AA522
LibOSDP RMAC revert to the beginning of the session
Ecosystems: pypi
Packages: libosdp
Source: GitHub Advisory Database
Published: 21 days ago
Moderate
GSA_kwCzR0hTQS03OTQ1LTVtY3YtZjJwcM4AA521
LibOSDP vulnerable to a null pointer deref in osdp_reply_name
Ecosystems: pypi
Packages: libosdp
Source: GitHub Advisory Database
Published: 21 days ago
Moderate
GSA_kwCzR0hTQS1mdng4LTc5aHgteDgyZs4AA520
Django MarkdownX Cross-Site Scripting (XSS) vulnerability
Ecosystems: pypi
Packages: django-markdownx
Source: GitHub Advisory Database
Published: 21 days ago
Moderate
GSA_kwCzR0hTQS1oajN2LW02ODQtdjI1Oc4AA52y
JWX vulnerable to a denial of service attack using compressed JWE message
Ecosystems: go
Packages: github.com/lestrrat-go/jwx, github.com/lestrrat-go/jwx/v2
Source: GitHub Advisory Database
Published: 21 days ago
Moderate
GSA_kwCzR0hTQS1jNXEyLTdyNGMtbXY2Z84AA51M
Go JOSE vulnerable to Improper Handling of Highly Compressed Data (Data Amplification)
Ecosystems: go
Packages: gopkg.in/go-jose/go-jose.v2, github.com/go-jose/go-jose/v3, github.com/go-jose/go-jose/v4
Source: GitHub Advisory Database
Published: 22 days ago
Critical
GSA_kwCzR0hTQS1yajk4LWNyZjQtZzY5d84AA51E
pgAdmin 4 vulnerable to Unsafe Deserialization and Remote Code Execution by an Authenticated user
Ecosystems: pypi
Packages: pgAdmin4
Source: GitHub Advisory Database
Published: 22 days ago
Moderate
GSA_kwCzR0hTQS01bXhmLTQyZjUtajc4Ms4AA503
Grafana's users with permissions to create a data source can CRUD all data sources
Ecosystems: go
Packages: github.com/grafana/grafana
Source: GitHub Advisory Database
Published: 22 days ago
Moderate
GSA_kwCzR0hTQS1oaGh2LXE1N2ctODgycc4AA502
jose vulnerable to resource exhaustion via specifically crafted JWE with compressed plaintext
Ecosystems: npm
Packages: jose, jose-node-esm-runtime, jose-node-cjs-runtime
Source: GitHub Advisory Database
Published: 22 days ago
Critical
GSA_kwCzR0hTQS03NWpwLXZxOHgtaDRjcc4AA501
Wasmi Out-of-bounds Write for host to Wasm calls with more than 128 Parameters
Ecosystems: cargo
Packages: wasmi
Source: GitHub Advisory Database
Published: 22 days ago
Critical
GSA_kwCzR0hTQS0ycnA4LWhmZjktYzV3cs4AA50x
PaddlePaddle Path Traversal vulnerability
Ecosystems: pypi
Packages: paddlepaddle
Source: GitHub Advisory Database
Published: 22 days ago
Critical
GSA_kwCzR0hTQS1tcm1tLXFtcmoteGdwNs4AA50i
PaddlePaddle vulnerable to remote code execution
Ecosystems: pypi
Packages: paddlepaddle
Source: GitHub Advisory Database
Published: 22 days ago
High
GSA_kwCzR0hTQS1qN2ptLThnZjUtZnJjbc4AA50O
nGrinder vulnerable to unsafe Java objects deserialization
Ecosystems: maven
Packages: org.ngrinder:ngrinder-core
Source: GitHub Advisory Database
Published: 22 days ago
Critical
GSA_kwCzR0hTQS1xcXYyLTM1cTgtcDJnMs4AA50P
PaddlePaddle command injection in paddle.utils.download._wget_download
Ecosystems: pypi
Packages: paddlepaddle
Source: GitHub Advisory Database
Published: 22 days ago
Critical
GSA_kwCzR0hTQS1maDU0LTN2aGctbXBjMs4AA5z7
PaddlePaddle command injection vulnerability
Ecosystems: pypi
Packages: paddlepaddle
Source: GitHub Advisory Database
Published: 22 days ago
Moderate
GSA_kwCzR0hTQS01cGY2LTJxd3gtcHhtMs4AA5zw
Go SDK for CloudEvents's use of WithRoundTripper to create a Client leaks credentials
Ecosystems: go
Packages: github.com/cloudevents/sdk-go/v2
Source: GitHub Advisory Database
Published: 23 days ago
Moderate
GSA_kwCzR0hTQS1qODU3LTdydnYtdmo5N84AA5zv
JWCrypto vulnerable to JWT bomb Attack in `deserialize` function
Ecosystems: pypi
Packages: jwcrypto
Source: GitHub Advisory Database
Published: 23 days ago
High
GSA_kwCzR0hTQS0ycGMyLWg5N2gtMm1td84AA5zd
Jenkins iceScrum Plugin vulnerable to stored Cross-site Scripting
Ecosystems: maven
Packages: org.jenkins-ci.plugins:icescrum
Source: GitHub Advisory Database
Published: 23 days ago
Moderate
GSA_kwCzR0hTQS14ajM2LTZ4YzYtOHA5eM4AA5ze
Jenkins Delphix Plugin has SSL/TLS certificate validation disabled by default
Ecosystems: maven
Packages: org.jenkins-ci.plugins:delphix
Source: GitHub Advisory Database
Published: 23 days ago
Moderate
GSA_kwCzR0hTQS1wZmgzLWo3OXItdnFyas4AA5zt
Jenkins Delphix Plugin has improper SSL/TLS certificate validation
Ecosystems: maven
Packages: org.jenkins-ci.plugins:delphix
Source: GitHub Advisory Database
Published: 23 days ago
Moderate
GSA_kwCzR0hTQS1tcjlqLXFxamgtNjdmMs4AA5zp
Jenkins Subversion Partial Release Manager Plugin missing permission check
Ecosystems: maven
Packages: org.jenkins-ci.plugins:svn-partial-release-mgr
Source: GitHub Advisory Database
Published: 23 days ago
Moderate
GSA_kwCzR0hTQS04aDJtLTU0d2gtZ3dqM84AA5zu
Jenkins docker-build-step Plugin missing permission check
Ecosystems: maven
Packages: org.jenkins-ci.plugins:docker-build-step
Source: GitHub Advisory Database
Published: 23 days ago
Moderate
GSA_kwCzR0hTQS02NGM1LXIyaDUtYzJmZ84AA5zf
Jenkins docker-build-step Plugin Cross-Site Request Forgery vulnerability
Ecosystems: maven
Packages: org.jenkins-ci.plugins:docker-build-step
Source: GitHub Advisory Database
Published: 23 days ago
Moderate
GSA_kwCzR0hTQS1tNHJtLXgycnItMzU3d84AA5zW
Jenkins Bitbucket Branch Source Plugin has incorrect trust policy behavior for pull requests
Ecosystems: maven
Packages: org.jenkins-ci.plugins:cloudbees-bitbucket-branch-source
Source: GitHub Advisory Database
Published: 23 days ago
High
GSA_kwCzR0hTQS14cnJ3LTlqNzgtaHBmM84AA5zs
Jenkins HTML Publisher Plugin Stored XSS vulnerability
Ecosystems: maven
Packages: org.jenkins-ci.plugins:htmlpublisher
Source: GitHub Advisory Database
Published: 23 days ago
Moderate
GSA_kwCzR0hTQS1ydjM1LTY5ZmYtZzlnds4AA5zb
Jenkins Subversion Partial Release Manager Plugin vulnerable to Cross-Site Request Forgery
Ecosystems: maven
Packages: org.jenkins-ci.plugins:svn-partial-release-mgr
Source: GitHub Advisory Database
Published: 23 days ago
High
GSA_kwCzR0hTQS05cHA0LW14NngteGgzNs4AA5zX
Jenkins OWASP Dependency-Check Plugin has stored XSS vulnerability
Ecosystems: maven
Packages: org.jenkins-ci.plugins:dependency-check-jenkins-plugin
Source: GitHub Advisory Database
Published: 23 days ago
Moderate
GSA_kwCzR0hTQS04Zm00LXIyM3AtdjY4ds4AA5zr
Jenkins MQ Notifier Plugin exposes sensitive information in build logs
Ecosystems: maven
Packages: com.sonymobile.jenkins.plugins.mq:mq-notifier
Source: GitHub Advisory Database
Published: 23 days ago
High
GSA_kwCzR0hTQS04dmNnLXY3ZzQtM3ZyN84AA5zn
Jenkins HTML Publisher Plugin does not properly sanitize input
Ecosystems: maven
Packages: org.jenkins-ci.plugins:htmlpublisher
Source: GitHub Advisory Database
Published: 23 days ago
Moderate
GSA_kwCzR0hTQS00Nzh4LW0zbXgtN2ozZs4AA5zm
Jenkins HTML Publisher Plugin Path traversal vulnerability
Ecosystems: maven
Packages: org.jenkins-ci.plugins:htmlpublisher
Source: GitHub Advisory Database
Published: 23 days ago
High
GSA_kwCzR0hTQS01ajc0LWczYzUtd3F3d84AA5za
Jenkins GitBucket Plugin vulnerable to stored Cross-site Scripting
Ecosystems: maven
Packages: org.jenkins-ci.plugins:gitbucket
Source: GitHub Advisory Database
Published: 23 days ago
High
GSA_kwCzR0hTQS01ajVyLTZtdjktbTI1Nc4AA5zY
Jenkins Build Monitor View Plugin vulnerable to stored Cross-site Scripting
Ecosystems: maven
Packages: org.jenkins-ci.plugins:build-monitor-plugin
Source: GitHub Advisory Database
Published: 23 days ago
Moderate
GSA_kwCzR0hTQS14eHY5LXc1aG0tMzI4as4AA5zZ
Jenkins AppSpider Plugin missing permission checks
Ecosystems: maven
Packages: com.rapid7:jenkinsci-appspider-plugin
Source: GitHub Advisory Database
Published: 23 days ago
Moderate
GSA_kwCzR0hTQS1jZ3FmLTNjcTUtd3Zjas4AA5zT
Apollo Router's Compressed Payloads do not respect HTTP Payload Limits
Ecosystems: cargo
Packages: apollo-router
Source: GitHub Advisory Database
Published: 23 days ago
High
GSA_kwCzR0hTQS1oNWNnLTUzZzctZ3Fqd84AA5zS
RPyC's missing security check results in code execution when using numpy.array on the server-side.
Ecosystems: pypi
Packages: rpyc
Source: GitHub Advisory Database
Published: 23 days ago
Statistics
Advisories: 17,222
Packages: 7,996
Repositories: 4,799
Ecosystems: 12
Filter by Package
tensorflow 432 tensorflow-cpu 387 tensorflow-gpu 384 moodle/moodle 249 Microsoft.ChakraCore 247 org.jenkins-ci.main:jenkins-core 189 magento/community-edition 181 org.apache.tomcat:tomcat 146 pimcore/pimcore 111 typo3/cms 94 microweber/microweber 91 django 81 apache-airflow 77 thorsten/phpmyfaq 70 typo3/cms-core 70 com.fasterxml.jackson.core:jackson-databind 69 github.com/usememos/memos 59 actionpack 57 ansible 57 org.apache.struts:struts2-core 55 dolibarr/dolibarr 53 phpmyadmin/phpmyadmin 53 librenms/librenms 49 apache-superset 48 concrete5/concrete5 47 symfony/symfony 47 shopware/platform 46 com.liferay.portal:release.portal.bom 45 org.keycloak:keycloak-core 43 baserproject/basercms 43 rdiffweb 42 nokogiri 42 Pillow 41 showdoc/showdoc 40 plone 38 github.com/mattermost/mattermost-server/v6 37 Plone 36 craftcms/cms 36 com.thoughtworks.xstream:xstream 36 com.jfinal:jfinal 36 net.mingsoft:ms-mcms 35 github.com/mattermost/mattermost/server/v8 34 shopware/core 34 matrix-synapse 34 github.com/answerdev/answer 34 snipe/snipe-it 32 vyper 32 org.xwiki.platform:xwiki-platform-oldcore 31 org.elasticsearch:elasticsearch 31 intelliants/subrion 31 k8s.io/kubernetes 30 opencv-python 30 org.jenkins-ci.plugins:script-security 30 opencv-contrib-python 30 drupal/core 30 parse-server 29 github.com/argoproj/argo-cd 29 org.apache.tomcat.embed:tomcat-embed-core 28 froxlor/froxlor 28 github.com/grafana/grafana 28 silverstripe/framework 27 github.com/hashicorp/vault 27 org.keycloak:keycloak-parent 26 shopware/shopware 26 electron 26 io.undertow:undertow-core 26 openssl-src 26 org.apache.solr:solr-core 25 mlflow 25 rubygems-update 25 magento/core 24 gogs.io/gogs 24 getgrav/grav 24 github.com/hashicorp/consul 24 puppet 23 pocketmine/pocketmine-mp 23 org.springframework.security:spring-security-core 23 github.com/hashicorp/nomad 23 org.eclipse.jetty:jetty-server 23 remdex/livehelperchat 23 prestashop/prestashop 23 nilsteampassnet/teampass 22 grumpydictator/firefly-iii 22 ckb 22 getkirby/cms 22 rack 22 org.apache.nifi:nifi 22 @openzeppelin/contracts-upgradeable 21 activerecord 21 centreon/centreon 21 org.apache.openmeetings:openmeetings-parent 21 org.cloudfoundry.identity:cloudfoundry-identity-server 20 github.com/cilium/cilium 20 @openzeppelin/contracts 20 github.com/argoproj/argo-cd/v2 20 github.com/rancher/rancher 20 org.springframework:spring-core 19 github.com/ethereum/go-ethereum 19 DotNetNuke.Core 19 drupal/drupal 19 Django 19 helm.sh/helm/v3 18 com.vaadin:vaadin-bom 18 com.liferay.portal:release.dxp.bom 18 org.bouncycastle:bcprov-jdk14 18 Microsoft.AspNetCore.App.Runtime.win-x64 18 mautic/core 18 Microsoft.AspNetCore.App.Runtime.win-x86 18 tribalsystems/zenario 18 forkcms/forkcms 18 cockpit-hq/cockpit 17 cakephp/cakephp 17 org.apache.geode:geode-core 17 Microsoft.AspNetCore.App.Runtime.win-arm 17 org.xwiki.platform:xwiki-platform-web-templates 17 PaddlePaddle 17 langchain 17 org.keycloak:keycloak-services 17 github.com/docker/docker 16 directus 16 yetiforce/yetiforce-crm 16 Microsoft.AspNetCore.App.Runtime.linux-arm 16 Microsoft.AspNetCore.App.Runtime.linux-arm64 16 Microsoft.AspNetCore.App.Runtime.linux-musl-x64 16 rusqlite 16 sequelize 16 golang.org/x/net 16 cobbler 16 org.bouncycastle:bcprov-jdk15 16 francoisjacquet/rosariosis 16 org.apache.activemq:activemq-client 16 Microsoft.AspNetCore.App.Runtime.osx-x64 16 Microsoft.AspNetCore.App.Runtime.linux-x64 16 org.apache.dubbo:dubbo 16 wasmtime 15 paddlepaddle 15 cryptography 15 notebook 15 org.apache.struts.xwork:xwork-core 15 Microsoft.AspNetCore.App.Runtime.linux-musl-arm64 15 github.com/goharbor/harbor 15 openmage/magento-lts 15 Microsoft.AspNetCore.App.Runtime.win-arm64 15 org.apache.jspwiki:jspwiki-main 15 tinymce 14 activesupport 14 org.xwiki.platform:xwiki-platform-web 14 phpmailer/phpmailer 14 publify_core 14 swagger-ui 14 typo3/cms-backend 14 modoboa 14 october/system 13 org.apache.inlong:manager-pojo 13 impresscms/impresscms 13 symfony/security 13 ezsystems/ezpublish-kernel 13 code.gitea.io/gitea 13 github.com/containerd/containerd 13 pyload-ng 13 pillow 13 nova 13 ckeditor4 13 pyftpdlib 13 strapi 13 org.apache.cxf:cxf 13 passenger 13 ghost 13 github.com/nats-io/nats-server/v2 13 next 13 org.apache.hadoop:hadoop-main 13 com.vaadin:flow-server 12 Microsoft.NETCore.App.Runtime.win-x64 12 smarty/smarty 12 Microsoft.NETCore.App.Runtime.win-x86 12 Microsoft.NETCore.App.Runtime.win-arm64 12 github.com/opencontainers/runc 12 lavalite/cms 12 elefant/cms 12 org.apache.dolphinscheduler:dolphinscheduler 12 OctoPrint 12 vantage6 12 vm2 12 org.jenkins-ci.plugins.workflow:workflow-cps 12 phpmyfaq/phpmyfaq 12 org.jenkins-ci.plugins:git 12 actionview 12 studio-42/elfinder 12 symfony/security-http 12 org.igniterealtime.openfire:parent 11 calibreweb 11 gradio 11 github.com/traefik/traefik/v2 11 silverstripe/cms 11 deno 11 zendframework/zendframework1 11 keystone 11 contao/contao 11 org.mortbay.jetty:jetty 11 contao/core-bundle 11
Filter by Repository
https://github.com/tensorflow/tensorflow 432 https://github.com/chakra-core/ChakraCore 214 https://github.com/moodle/moodle 210 https://github.com/xwiki/xwiki-platform 161 https://github.com/jenkinsci/jenkins 148 https://github.com/pimcore/pimcore 106 https://github.com/apache/tomcat 92 https://github.com/microweber/microweber 85 https://github.com/apache/airflow 85 https://github.com/FasterXML/jackson-databind 70 https://github.com/django/django 69 https://github.com/thorsten/phpmyfaq 69 https://github.com/usememos/memos 59 https://github.com/rails/rails 53 https://github.com/ansible/ansible 47 https://github.com/apache/struts 46 https://github.com/keycloak/keycloak 46 https://github.com/python-pillow/Pillow 44 https://github.com/shopware/platform 43 https://github.com/TYPO3/typo3 42 https://github.com/librenms/librenms 42 https://github.com/kubernetes/kubernetes 42 https://github.com/ikus060/rdiffweb 42 https://github.com/symfony/symfony 40 https://github.com/spring-projects/spring-framework 40 https://github.com/star7th/showdoc 38 https://github.com/x-stream/xstream 36 https://github.com/argoproj/argo-cd 34 https://github.com/plone/Products.CMFPlone 34 https://github.com/answerdev/answer 34 https://github.com/octobercms/october 33 https://github.com/apache/activemq 32 https://github.com/matrix-org/synapse 32 https://github.com/vyperlang/vyper 32 https://github.com/PaddlePaddle/Paddle 31 https://github.com/sparklemotion/nokogiri 31 https://github.com/magento/magento2 31 https://github.com/concretecms/concretecms 29 https://github.com/parse-community/parse-server 29 https://github.com/snipe/snipe-it 28 https://github.com/opencv/opencv 28 https://github.com/craftcms/cms 28 https://github.com/CVEProject/cvelist 28 https://github.com/froxlor/froxlor 26 https://github.com/Dolibarr/dolibarr 25 https://github.com/apache/inlong 25 https://github.com/electron/electron 25 https://github.com/phpmyadmin/phpmyadmin 24 https://github.com/TYPO3/TYPO3.CMS 24 https://github.com/go-gitea/gitea 23 https://github.com/shopware/shopware 23 https://github.com/getgrav/grav 23 https://github.com/mlflow/mlflow 23 https://github.com/github/advisory-database 23 https://github.com/livehelperchat/livehelperchat 23 https://github.com/eclipse/jetty.project 23 https://github.com/pmmp/PocketMine-MP 23 https://github.com/dotnet/runtime 23 https://github.com/grafana/grafana 22 https://github.com/baserproject/basercms 22 https://github.com/nervosnetwork/ckb 22 https://github.com/firefly-iii/firefly-iii 22 https://github.com/strapi/strapi 21 https://github.com/rancher/rancher 21 https://github.com/apache/nifi 21 https://github.com/OpenZeppelin/openzeppelin-contracts 20 https://github.com/PrestaShop/PrestaShop 20 https://github.com/jenkinsci/script-security-plugin 20 https://github.com/gogs/gogs 20 https://github.com/jeecgboot/jeecg-boot 20 https://github.com/netty/netty 20 https://github.com/cilium/cilium 20 https://github.com/OpenNMS/opennms 20 https://github.com/helm/helm 19 https://github.com/apache/cxf 19 https://github.com/nilsteampassnet/teampass 19 https://github.com/cloudfoundry/uaa 19 https://github.com/hashicorp/consul 18 https://github.com/mautic/mautic 18 https://github.com/rubygems/rubygems 18 https://github.com/getkirby/kirby 18 https://github.com/bcgit/bc-java 18 https://github.com/vaadin/platform 17 https://github.com/liufee/cms 17 https://github.com/rack/rack 17 https://github.com/sequelize/sequelize 16 https://github.com/bytecodealliance/wasmtime 16 https://github.com/etcd-io/etcd 16 https://github.com/hashicorp/vault 16 https://github.com/forkcms/forkcms 16 https://github.com/yetiforcecompany/yetiforcecrm 16 https://github.com/opencast/opencast 16 https://github.com/rusqlite/rusqlite 16 https://github.com/geoserver/geoserver 15 https://github.com/intelliants/subrion 15 https://github.com/ethereum/go-ethereum 15 https://github.com/goharbor/harbor 15 https://github.com/OpenMage/magento-lts 15 https://github.com/umbraco/Umbraco-CMS 15 https://github.com/directus/directus 15 https://github.com/apache/camel 15 https://github.com/puppetlabs/puppet 15 https://github.com/vantage6/vantage6 14 https://github.com/tinymce/tinymce 14 https://github.com/denoland/deno 14 https://github.com/PHPMailer/PHPMailer 14 https://github.com/pyca/cryptography 14 https://github.com/cockpit-hq/cockpit 14 https://github.com/pyload/pyload 13 https://github.com/modoboa/modoboa 13 https://github.com/ming-soft/MCMS 13 https://github.com/cobbler/cobbler 13 https://github.com/golang/go 13 https://github.com/swagger-api/swagger-ui 13 https://github.com/containerd/containerd 13 https://github.com/publify/publify 13 https://github.com/langchain-ai/langchain 13 https://github.com/moby/moby 12 https://github.com/apache/dolphinscheduler 12 https://github.com/patriksimek/vm2 12 https://github.com/xuxueli/xxl-job 12 https://github.com/dromara/hutool 12 https://github.com/silverstripe/silverstripe-framework 12 https://github.com/centreon/centreon-archived 12 https://github.com/backstage/backstage 12 https://github.com/undertow-io/undertow 12 https://github.com/apache/kylin 12 https://github.com/twisted/twisted 12 https://github.com/igniterealtime/Openfire 11 https://github.com/cloudflare/cfrpki 11 https://github.com/ckeditor/ckeditor4 11 https://github.com/Studio-42/elFinder 11 https://github.com/drupal/core 11 https://github.com/traefik/traefik 11 https://github.com/dotnet/aspnetcore 11 https://github.com/opencontainers/runc 11 https://github.com/NodeBB/NodeBB 11 https://github.com/jquery/jquery 11 https://github.com/puma/puma 11 https://github.com/contao/contao 11 https://github.com/hashicorp/nomad 11 https://github.com/thorsten/phpMyFAQ 11 https://github.com/onionshare/onionshare 11 https://github.com/vaadin/flow 11 https://github.com/TryGhost/Ghost 11 https://github.com/janeczku/calibre-web 11 https://github.com/urllib3/urllib3 11 https://github.com/cakephp/cakephp 11 https://github.com/dompdf/dompdf 11 https://github.com/WWBN/AVideo 10 https://github.com/nats-io/nats-server 10 https://github.com/jenkinsci/git-plugin 10 https://github.com/quarkusio/quarkus 10 https://github.com/zopefoundation/Zope 10 https://github.com/greenpau/caddy-security 10 https://github.com/dpgaspar/Flask-AppBuilder 10 https://github.com/keystonejs/keystone 10 https://github.com/containers/podman 10 https://github.com/phusion/passenger 10 https://github.com/nextauthjs/next-auth 10 https://github.com/nodejs/undici 10 https://github.com/jupyter/notebook 10 https://github.com/dolibarr/dolibarr 10 https://github.com/pimcore/admin-ui-classic-bundle 10 https://github.com/smarty-php/smarty 10 https://github.com/cosmos/cosmos-sdk 10 https://github.com/gradio-app/gradio 10 https://github.com/OPCFoundation/UA-.NETStandard 10 https://github.com/openfga/openfga 10 https://github.com/ezsystems/ezpublish-kernel 10 https://github.com/aio-libs/aiohttp 9 https://github.com/wagtail/wagtail 9 https://github.com/openstack/keystone 9 https://github.com/evershopcommerce/evershop 9 https://github.com/cui2shark/cms 9 https://github.com/neorazorx/facturascripts 9 https://github.com/vercel/next.js 9 https://github.com/codeigniter4/CodeIgniter4 9 https://github.com/spring-projects/spring-security 9 https://github.com/Pylons/waitress 9 https://github.com/kevinpapst/kimai2 9 https://github.com/DSpace/DSpace 9 https://github.com/1Panel-dev/1Panel 9 https://github.com/rails/rails-html-sanitizer 9 https://github.com/zitadel/zitadel 9 https://github.com/funadmin/funadmin 9 https://github.com/apache/superset 9 https://github.com/ethyca/fides 9 https://github.com/alextselegidis/easyappointments 9 https://github.com/LavaLite/cms 9 https://github.com/centreon/centreon 9 https://github.com/fatfreecrm/fat_free_crm 9 https://github.com/Graylog2/graylog2-server 9 https://github.com/stealjs/steal 8 https://github.com/scrapy/scrapy 8 https://github.com/surrealdb/surrealdb 8 https://github.com/giampaolo/pyftpdlib 8 https://github.com/hazelcast/hazelcast 8 https://github.com/top-think/framework 8