Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories

Loading...
Moderate
GSA_kwCzR0hTQS14NnA3LTQ0cmgtbTNycs4AA90O
Login by Auth0 plugin for WordPress vulnerable to Reflected Cross-Site Scripting
Ecosystems: packagist
Packages: auth0/wordpress
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 15 days ago
High
GSA_kwCzR0hTQS1nbWM2LWZ3ZzMtNzVtNc4AA9zq
Mimekit has vulnerable dependency that can lead to denial of service
Ecosystems: nuget
Packages: MimeKit
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 15 days ago
Moderate
GSA_kwCzR0hTQS01anE4LXE2cmotOWdxNM4AA9zp
Red-DiscordBot vulnerable to Incorrect Authorization in commands API
Ecosystems: pypi
Packages: Red-DiscordBot
Source: GitHub Advisory Database
Blast Radius: 7.1
Published: 15 days ago
Moderate
GSA_kwCzR0hTQS1qbXAzLTM5dnAtZndnOM4AA9zm
Wagtail regular expression denial-of-service via search query parsing
Ecosystems: pypi
Packages: wagtail
Source: GitHub Advisory Database
Blast Radius: 21.4
Published: 15 days ago
Moderate
GSA_kwCzR0hTQS1naDlmLTZ4bTItYzRqMs4AA9zl
SurrealDB vulnerable to Improper Authentication when Changing Databases as Scope User
Ecosystems: cargo
Packages: surrealdb-core, surrealdb
Source: GitHub Advisory Database
Blast Radius: 13.9
Published: 15 days ago
Moderate
GSA_kwCzR0hTQS03N3ZjLXJqMzItMnIzM84AA9w7
OpenSearch Observability does not properly restrict access to private tenant resources
Ecosystems: maven
Packages: org.opensearch.plugin:opensearch-observability
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 16 days ago
High
GSA_kwCzR0hTQS1mcTU0LTJqNTItamM0Ms4AA9w6
Next.js Denial of Service (DoS) condition
Ecosystems: npm
Packages: next
Source: GitHub Advisory Database
Blast Radius: 41.5
Published: 16 days ago
Moderate
GSA_kwCzR0hTQS01MjlwLWpqNDctdzNtM84AA9w5
Decidim cross-site scripting (XSS) in the admin panel
Ecosystems: rubygems
Packages: decidim-admin
Source: GitHub Advisory Database
Blast Radius: 13.5
Published: 16 days ago
High
GSA_kwCzR0hTQS03Y3g4LTQ0cGMteHYzcc4AA9w4
Decidim cross-site scripting (XSS) in the pagination
Ecosystems: rubygems
Packages: decidim
Source: GitHub Advisory Database
Blast Radius: 17.7
Published: 16 days ago
Moderate
GSA_kwCzR0hTQS1xY2o2LXZ4d3gtNHJxds4AA9wt
Decidim vulnerable to data disclosure through the embed feature
Ecosystems: rubygems
Packages: decidim
Source: GitHub Advisory Database
Blast Radius: 13.2
Published: 16 days ago
Moderate
GSA_kwCzR0hTQS1tcXFqLWZ4OGgtNDM3as4AA9ws
PrivateBin allows shortening of URLs for other domains
Ecosystems: packagist
Packages: privatebin/privatebin
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 16 days ago
High
GSA_kwCzR0hTQS1xNmhnLTZtOXgtNWc5Y84AA9wr
Evmos vulnerable to exploit of smart contract account and vesting
Ecosystems: go
Packages: github.com/evmos/evmos/v18
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 16 days ago
High
GSA_kwCzR0hTQS1mNmY4LTlteDYtOW14Ms4AA9wW
Django vulnerable to Denial of Service
Ecosystems: pypi
Packages: Django
Source: GitHub Advisory Database
Blast Radius: 38.0
Published: 17 days ago
High
GSA_kwCzR0hTQS13NWZjLWdqM2gtMjZyeM4AA9wS
speaker vulnerable to Denial of Service
Ecosystems: npm
Packages: speaker
Source: GitHub Advisory Database
Blast Radius: 21.8
Published: 17 days ago
Moderate
GSA_kwCzR0hTQS14N3EyLXdyN2cteHFtZs4AA9wR
Django vulnerable to user enumeration attack
Ecosystems: pypi
Packages: Django
Source: GitHub Advisory Database
Blast Radius: 26.8
Published: 17 days ago
High
GSA_kwCzR0hTQS13eHIzLTJoZ3YtcW04Zs4AA9wU
node-twain vulnerable to Improper Check or Handling of Exceptional Conditions
Ecosystems: npm
Packages: node-twain
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 17 days ago
High
GSA_kwCzR0hTQS1nNTMzLXhxNXctam1mM84AA9wP
node-stringbuilder vulnerable to Out-of-bounds Read
Ecosystems: npm
Packages: node-stringbuilder
Source: GitHub Advisory Database
Blast Radius: 9.1
Published: 17 days ago
High
GSA_kwCzR0hTQS1xZzJwLTlqd3ItbW1xZs4AA9wQ
Django vulnerable to Denial of Service
Ecosystems: pypi
Packages: Django
Source: GitHub Advisory Database
Blast Radius: 38.0
Published: 17 days ago
High
GSA_kwCzR0hTQS12anB2LXg4cDktN3A4Nc4AA9wM
images vulnerable to Denial of Service
Ecosystems: npm
Packages: images
Source: GitHub Advisory Database
Blast Radius: 20.4
Published: 17 days ago
High
GSA_kwCzR0hTQS05am1mLTIzN2ctcWY0Ns4AA9wT
Django Path Traversal vulnerability
Ecosystems: pypi
Packages: Django
Source: GitHub Advisory Database
Blast Radius: 38.0
Published: 17 days ago
High
GSA_kwCzR0hTQS03dmhtLWZtcGgtN3d4d84AA9wN
audify vulnerable to Improper Validation of Array Index
Ecosystems: npm
Packages: audify
Source: GitHub Advisory Database
Blast Radius: 6.3
Published: 17 days ago
High
GSA_kwCzR0hTQS00M3dxLXhyY20tM3Zncs4AA9wO
@discordjs/opus vulnerable to Denial of Service
Ecosystems: npm
Packages: @discordjs/opus
Source: GitHub Advisory Database
Blast Radius: 27.5
Published: 17 days ago
High
GSA_kwCzR0hTQS1wajM2LWZjcmctMzI3as4AA9vz
BookStack Incorrect Access Control vulnerability
Ecosystems: packagist
Packages: ssddanbrown/bookstack
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 17 days ago
Moderate
GSA_kwCzR0hTQS12ZndoLWd2ZjYtbWZmOM4AA9vd
Silverpeas Core Cross-site Scripting vulnerability
Ecosystems: maven
Packages: org.silverpeas.core:silverpeas-core-seb, org.silverpeas.core:silverpeas-core-rs
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 17 days ago
High
GSA_kwCzR0hTQS00NDdyLXdwaDMtOTJwbc4AA9up
Microsoft Security Advisory CVE-2024-38095 | .NET Denial of Service Vulnerability
Ecosystems: nuget
Packages: System.Formats.Asn1, Microsoft.NetCore.App.Runtime.win-x86, Microsoft.NetCore.App.Runtime.win-x64, Microsoft.NetCore.App.Runtime.win-arm64, Microsoft.NetCore.App.Runtime.win-arm, Microsoft.NetCore.App.Runtime.osx-x64, Microsoft.NetCore.App.Runtime.osx-arm64, Microsoft.NetCore.App.Runtime.linux-x64, Microsoft.NetCore.App.Runtime.linux-musl-x64, Microsoft.NetCore.App.Runtime.linux-musl-arm64, Microsoft.NetCore.App.Runtime.linux-musl-arm, Microsoft.NetCore.App.Runtime.linux-arm64, Microsoft.NetCore.App.Runtime.linux-arm
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 17 days ago
High
GSA_kwCzR0hTQS1ocTd3LXh2NXgtZzM0as4AA9uo
Microsoft Security Advisory CVE-2024-38081 | .NET Denial of Service Vulnerability
Ecosystems: nuget
Packages: Microsoft.IO.Redist
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 17 days ago
High
GSA_kwCzR0hTQS1jaGZjLTl3Nm0tNzVyZs4AA9un
Microsoft Security Advisory CVE-2024-35264 | .NET Remote Code Execution Vulnerability
Ecosystems: nuget
Packages: Microsoft.AspNetCore.App.Runtime.win-x86, Microsoft.AspNetCore.App.Runtime.win-x64, Microsoft.AspNetCore.App.Runtime.win-arm64, Microsoft.AspNetCore.App.Runtime.win-arm, Microsoft.AspNetCore.App.Runtime.osx-x64, Microsoft.AspNetCore.App.Runtime.osx-arm64, Microsoft.AspNetCore.App.Runtime.linux-x64, Microsoft.AspNetCore.App.Runtime.linux-musl-x64, Microsoft.AspNetCore.App.Runtime.linux-musl-arm64, Microsoft.AspNetCore.App.Runtime.linux-musl-arm, Microsoft.AspNetCore.App.Runtime.linux-arm64, Microsoft.AspNetCore.App.Runtime.linux-arm
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 17 days ago
High
GSA_kwCzR0hTQS1oaDJ3LXA2cnYtNGc3d84AA9um
Microsoft Security Advisory CVE-2024-30105 | .NET Denial of Service Vulnerability
Ecosystems: nuget
Packages: System.Text.Json
Source: GitHub Advisory Database
Blast Radius: 10.1
Published: 17 days ago
Moderate
GSA_kwCzR0hTQS01NXI5LTVteDktcXE3cs4AA9ul
Cache driver GetBlob() allows read access to any blob without access control check
Ecosystems: go
Packages: zotregistry.dev/zot, zotregistry.io/zot
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 17 days ago
High
GSA_kwCzR0hTQS05anhjLXFqcjktdmp4cc4AA9rr
electron-updater Code Signing Bypass on Windows
Ecosystems: npm
Packages: electron-updater
Source: GitHub Advisory Database
Blast Radius: 30.1
Published: 17 days ago
High
GSA_kwCzR0hTQS1qNHI3LXA5ZnAtdzNmM84AA9rZ
Spring Cloud Function Framework vulnerable to Denial of Service
Ecosystems: maven
Packages: org.springframework.cloud:spring-cloud-function-context
Source: GitHub Advisory Database
Blast Radius: 18.7
Published: 17 days ago
High
GSA_kwCzR0hTQS1tanc0LWpqODgtdjY4N84AA9rR
panic on parsing crafted phonenumber inputs
Ecosystems: cargo
Packages: phonenumber
Source: GitHub Advisory Database
Blast Radius: 14.4
Published: 17 days ago
Low
GSA_kwCzR0hTQS0zZzkyLXc4YzUtNzNwcc4AA9rQ
Undici vulnerable to data leak when using response.arrayBuffer()
Ecosystems: npm
Packages: undici
Source: GitHub Advisory Database
Blast Radius: 10.0
Published: 17 days ago
Moderate
GSA_kwCzR0hTQS1qZm1qLTV2NGctNzYzN84AA9oo
zipp Denial of Service vulnerability
Ecosystems: pypi
Packages: zipp
Source: GitHub Advisory Database
Blast Radius: 31.7
Published: 18 days ago
Moderate
GSA_kwCzR0hTQS1jaDdxLWdwZmYtaDlocM4AA9on
Undertow Missing Release of Memory after Effective Lifetime vulnerability
Ecosystems: maven
Packages: io.undertow:undertow-core
Source: GitHub Advisory Database
Blast Radius: 19.7
Published: 18 days ago
High
GSA_kwCzR0hTQS14cHA2LThyM2otd3c0M84AA9oi
Undertow Denial of Service vulnerability
Ecosystems: maven
Packages: io.undertow:undertow-core
Source: GitHub Advisory Database
Blast Radius: 27.9
Published: 18 days ago
High
GSA_kwCzR0hTQS1qZ2Y0LXZ3YzMtcjQ2ds4AA9oh
Directus Allows Single Sign-On User Enumeration
Ecosystems: npm
Packages: directus
Source: GitHub Advisory Database
Blast Radius: 15.5
Published: 18 days ago
Moderate
GSA_kwCzR0hTQS03aG1oLXBmcnAtdmN4NM4AA9og
Directus GraphQL Field Duplication Denial of Service (DoS)
Ecosystems: npm
Packages: @directus/env
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 18 days ago
Moderate
GSA_kwCzR0hTQS03NHI1LWc3dmMtajJ2Ms4AA9of
zerovec-derive incorrectly uses `#[repr(packed)]`
Ecosystems: cargo
Packages: zerovec-derive
Source: GitHub Advisory Database
Blast Radius: 16.3
Published: 18 days ago
Moderate
GSA_kwCzR0hTQS1oeGdtLWdobXYteGpqbc4AA9oe
Directus incorrectly handles `_in` filter
Ecosystems: npm
Packages: directus
Source: GitHub Advisory Database
Blast Radius: 13.0
Published: 18 days ago
Moderate
GSA_kwCzR0hTQS14cnYzLWptY3AtMzc0as4AA9od
zerovec incorrectly uses `#[repr(packed)]`
Ecosystems: cargo
Packages: zerovec
Source: GitHub Advisory Database
Blast Radius: 16.4
Published: 18 days ago
Moderate
GSA_kwCzR0hTQS04cDcyLXJjcTQtaDZwd84AA9n5
Directus Blind SSRF On File Import
Ecosystems: npm
Packages: @directus/api
Source: GitHub Advisory Database
Blast Radius: 9.9
Published: 18 days ago
Moderate
GSA_kwCzR0hTQS01NjRqLXYyOXctcnFyNs4AA9n4
Khoj Open Redirect Vulnerability in Login Page
Ecosystems: pypi
Packages: khoj-assistant
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 18 days ago
Low
GSA_kwCzR0hTQS0zdjMzLTN3bXctMzc4Nc4AA9n3
yt-dlp has dependency on potentially malicious third-party code in Douyu extractors
Ecosystems: pypi
Packages: yt-dlp
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 18 days ago
Moderate
GSA_kwCzR0hTQS1mZzRxLWNjcTgtM3I1cc4AA9n2
NHibernate SQL injection vulnerability in discriminator mappings, static fields referenced in HQL, and some utilities
Ecosystems: nuget
Packages: NHibernate
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 18 days ago
Moderate
GSA_kwCzR0hTQS04cWdtLWcydnYtdnd2Y84AA9n1
RailsAdmin Cross-site Scripting vulnerability in the list view
Ecosystems: rubygems
Packages: rails_admin
Source: GitHub Advisory Database
Blast Radius: 27.0
Published: 18 days ago
Moderate
GSA_kwCzR0hTQS1oNjU4LXFxdjktcXd2OM4AA9nw
Apache NiFi vulnerable to Cross-site Scripting
Ecosystems: maven
Packages: org.apache.nifi:nifi-web-ui
Source: GitHub Advisory Database
Blast Radius: 10.0
Published: 19 days ago
Moderate
GSA_kwCzR0hTQS1waGc3LThtbTktZ2o4OM4AA9ne
EGroupware mishandles an ORDER BY clause
Ecosystems: packagist
Packages: egroupware/egroupware
Source: GitHub Advisory Database
Blast Radius: 5.9
Published: 19 days ago
High
GSA_kwCzR0hTQS00cTJwLWh3bXItcWN4Y84AA9nF
OPCFoundation.NetStandard.Opc.Ua.Core buffer-management vulnerability
Ecosystems: nuget
Packages: OPCFoundation.NetStandard.Opc.Ua.Core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 21 days ago
High
GSA_kwCzR0hTQS1td3htLTM1ZjgtNnZnMs4AA9nD
Vanna vulnerable to SQL Injection
Ecosystems: pypi
Packages: vanna
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 21 days ago
Moderate
GSA_kwCzR0hTQS01M3E3LTQ4NzQtMjRxZ84AA9m9
Information Disclosure Vulnerability in Privacy Center of SERVER_SIDE_FIDES_API_URL
Ecosystems: pypi
Packages: ethyca-fides
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 21 days ago
High
GSA_kwCzR0hTQS1neHJ2LXdmMzUtNjJ3Oc4AA9m8
Bypassing IP allow-lists in traefik via HTTP/3 early data requests in QUIC 0-RTT handshakes
Ecosystems: go
Packages: github.com/traefik/traefik/v3, github.com/traefik/traefik/v2
Source: GitHub Advisory Database
Blast Radius: 12.9
Published: 21 days ago
Moderate
GSA_kwCzR0hTQS1tOWd2LTZwMjItcWdtas4AA9m7
ai-controller-frontend payment status in basket isn't reset
Ecosystems: packagist
Packages: aimeos/ai-controller-frontend
Source: GitHub Advisory Database
Blast Radius: 9.6
Published: 21 days ago
Moderate
GSA_kwCzR0hTQS1mcXBnLXJxNzYtOTlwcc4AA9m6
Panic in Pipeline when PgConn is busy or closed in github.com/jackc/pgx
Ecosystems: go
Packages: github.com/jackc/pgx/v5
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 21 days ago
High
GSA_kwCzR0hTQS1wOWNnLXZxY2MtZ3JjeM4AA9m5
Server Side Request Forgery (SSRF) attack in Fedify
Ecosystems: npm
Packages: @fedify/fedify
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 21 days ago
Low
GSA_kwCzR0hTQS14cjdxLWp4NG0teDU1bc4AA9m4
Private tokens could appear in logs if context containing gRPC metadata is logged in github.com/grpc/grpc-go
Ecosystems: go
Packages: google.golang.org/grpc
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 21 days ago
Low
GSA_kwCzR0hTQS0yNDh2LTM0NnctOWN3Y84AA9m3
Certifi removes GLOBALTRUST root certificate
Ecosystems: pypi
Packages: certifi
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 21 days ago
Moderate
GSA_kwCzR0hTQS13OW1oLTV4OGotOTc1NM4AA9m2
Malicious Matrix homeserver can leak truncated message content of messages it shouldn't have access to
Ecosystems: npm
Packages: matrix-appservice-irc
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 21 days ago
Moderate
GSA_kwCzR0hTQS1jdnc5LWM1N2gtMzM5N84AA9m1
ZITADEL Vulnerable to Session Information Leakage
Ecosystems: go
Packages: github.com/zitadel/zitadel
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 21 days ago
Moderate
GSA_kwCzR0hTQS1taDU1LWdxdmYteGZ3bc4AA9m0
Denial of service via malicious preflight requests in github.com/rs/cors
Ecosystems: go
Packages: github.com/rs/cors
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 21 days ago
Moderate
GSA_kwCzR0hTQS1ycnFyLTd3NTktNjM3ds4AA9mz
Pomerium exposed OAuth2 access and ID tokens in user info endpoint response
Ecosystems: go
Packages: github.com/pomerium/pomerium
Source: GitHub Advisory Database
Blast Radius: 4.0
Published: 21 days ago
Moderate
GSA_kwCzR0hTQS1jOTZyLTM4Z3YtZ3JwNM4AA9mX
ShopXO Server-Side Request Forgery Vulnerability
Ecosystems: packagist
Packages: shopxo/shopxo
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 21 days ago
Moderate
GSA_kwCzR0hTQS1yNHY0LXc5cHYtNmZwaM4AA9mC
OpenStack Cinder, Glance, and Nova vulnerable to arbitrary file access
Ecosystems: pypi
Packages: nova, glance, cinder
Source: GitHub Advisory Database
Blast Radius: 10.4
Published: 22 days ago
Critical
GSA_kwCzR0hTQS01ZjR4LWh3djItdzl3Ms4AA9l_
rejetto HFS vulnerable to OS Command Execution by remote authenticated users
Ecosystems: npm
Packages: hfs
Source: GitHub Advisory Database
Blast Radius: 3.0
Published: 22 days ago
Critical
GSA_kwCzR0hTQS1oZjI5LTloZmgtdzYzas4AA9lz
Gogs allows argument injection during the previewing of changes
Ecosystems: go
Packages: github.com/gogs/gogs
Source: GitHub Advisory Database
Blast Radius: 17.4
Published: 22 days ago
High
GSA_kwCzR0hTQS04bW02LXdtcHAtbW1tM84AA9ly
Gogs allows argument injection during the tagging of a new release
Ecosystems: go
Packages: github.com/gogs/gogs
Source: GitHub Advisory Database
Blast Radius: 13.4
Published: 22 days ago
Critical
GSA_kwCzR0hTQS0ydmdqLTNwdmcteGg0d84AA9lx
Gogs allows deletion of internal files
Ecosystems: go
Packages: github.com/gogs/gogs
Source: GitHub Advisory Database
Blast Radius: 17.4
Published: 22 days ago
Critical
GSA_kwCzR0hTQS1wNjlyLXYzaDQtcmo0Zs4AA9l1
github.com/gogs/gogs affected by CVE-2024-39930
Ecosystems: go
Packages: github.com/gogs/gogs
Source: GitHub Advisory Database
Blast Radius: 17.4
Published: 22 days ago
Moderate
GSA_kwCzR0hTQS1xanZmLTg3NDgtOXc3aM4AA9gc
github.com/google/nftable IP addresses were encoded in the wrong byte order
Ecosystems: go
Packages: github.com/google/nftables
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 23 days ago
High
GSA_kwCzR0hTQS13bTl3LXJqajMtajM1Ns4AA9gV
Apache Tomcat - Denial of Service
Ecosystems: maven
Packages: org.apache.tomcat:tomcat-coyote, org.apache.tomcat.embed:tomcat-embed-core
Source: GitHub Advisory Database
Blast Radius: 31.1
Published: 23 days ago
Moderate
GSA_kwCzR0hTQS1jajgzLTJ3dzctbXZxN84AA9fb
Rack ReDoS Vulnerability in HTTP Accept Headers Parsing
Ecosystems: rubygems
Packages: rack
Source: GitHub Advisory Database
Blast Radius: 39.1
Published: 23 days ago
Moderate
GSA_kwCzR0hTQS04ZmoyLTU4N3ctNXdocs4AA9d3
aimeos/ai-admin-jsonadm improper access control vulnerability allows editors to remove required records
Ecosystems: packagist
Packages: aimeos/ai-admin-jsonadm
Source: GitHub Advisory Database
Blast Radius: 10.0
Published: 24 days ago
Low
GSA_kwCzR0hTQS1qajY4LWNwNHYtOThxZs4AA9d2
aimeos/ai-admin-graphql improper access control vulnerability allows editors to manage own services
Ecosystems: packagist
Packages: aimeos/ai-admin-graphql
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: 24 days ago
High
GSA_kwCzR0hTQS12YzdqLTk5anctanJxbc4AA9d1
aimeos/ai-admin-graphql improper access control vulnerability allows an editor to modify admin account
Ecosystems: packagist
Packages: aimeos/ai-admin-graphql
Source: GitHub Advisory Database
Blast Radius: 4.9
Published: 24 days ago
Low
GSA_kwCzR0hTQS1jdnc0LWM2OWctN3Y3bc4AA9d0
Inclusion of Untrusted polyfill.io Code Vulnerability in fides.js
Ecosystems: pypi
Packages: ethyca-fides
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 24 days ago
High
GSA_kwCzR0hTQS03OXc3LXZoM2gtOGc0as4AA9dz
yt-dlp File system modification and RCE through improper file-extension sanitization
Ecosystems: pypi
Packages: yt-dlp
Source: GitHub Advisory Database
Blast Radius: 27.7
Published: 24 days ago
Critical
GSA_kwCzR0hTQS05djJmLTZ2Y2ctM2hnds4AA9cz
Gradio was discovered to contain a code injection vulnerability via the component /gradio/component_meta.py
Ecosystems: pypi
Packages: Gradio
Source: GitHub Advisory Database
Blast Radius: 39.9
Published: 25 days ago
Moderate
GSA_kwCzR0hTQS1qZmdwLTY3NHgtNnE0cM4AA9cu
Weblate vulnerable to improper sanitization of project backups
Ecosystems: pypi
Packages: Weblate
Source: GitHub Advisory Database
Blast Radius: 1.3
Published: 25 days ago
High
GSA_kwCzR0hTQS0zNjY5LTcyeDktcjlwM84AA9ct
Potential memory exhaustion attack due to sparse slice deserialization
Ecosystems: go
Packages: github.com/gorilla/schema
Source: GitHub Advisory Database
Blast Radius: 27.3
Published: 25 days ago
Critical
GSA_kwCzR0hTQS05OGoyLTNqM3AtZncyds4AA9cs
Session Middleware Token Injection Vulnerability
Ecosystems: go
Packages: github.com/gofiber/fiber/v2/middleware/session, github.com/gofiber/fiber/v2, github.com/gofiber/fiber
Source: GitHub Advisory Database
Blast Radius: 37.2
Published: 25 days ago
Critical
GSA_kwCzR0hTQS02amo2LWdtN3AtZmN2ds4AA9cr
Remote Code Execution (RCE) vulnerability in geoserver
Ecosystems: maven
Packages: org.geoserver:gs-wms, org.geoserver:gs-wfs, org.geoserver.web:gs-web-app
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 25 days ago
High
GSA_kwCzR0hTQS1qaHF4LTV2NWctbXBmM84AA9cq
Classpath resource disclosure in GWC Web Resource API on Windows / Tomcat
Ecosystems: maven
Packages: org.geoserver:gs-gwc, org.geoserver.web:gs-web-app
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 25 days ago
Moderate
GSA_kwCzR0hTQS1qNTl2LXZnY3ItaHh2Zs4AA9cp
GeoServer's Server Status shows sensitive environmental variables and Java properties
Ecosystems: maven
Packages: org.geoserver:gs-main, org.geoserver.web:gs-web-app
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 25 days ago
Critical
GSA_kwCzR0hTQS1jMmhyLWNxZzYtOGo2cs4AA9co
ZDI-CAN-23894: Parse Server literalizeRegexPart SQL Injection Authentication Bypass Vulnerability
Ecosystems: npm
Packages: parse-server
Source: GitHub Advisory Database
Blast Radius: 30.2
Published: 25 days ago
Moderate
GSA_kwCzR0hTQS13aHB4LWc1NDItN2M3ds4AA9b8
@cat5th/key-serializer Prototype Pollution vulnerability
Ecosystems: npm
Packages: @cat5th/key-serializer
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 25 days ago
High
GSA_kwCzR0hTQS0zcTU2LTljYzItNDZqNM4AA9bz
robinweser fast-loops vulnerable to prototype pollution
Ecosystems: npm
Packages: fast-loops
Source: GitHub Advisory Database
Blast Radius: 31.9
Published: 25 days ago
Moderate
GSA_kwCzR0hTQS0zMjhwLTM2MmctcjQ4as4AA9b3
ag-grid packages vulnerable to Prototype Pollution
Ecosystems: npm
Packages: ag-grid-enterprise, ag-grid-community, @ag-grid-enterprise/charts
Source: GitHub Advisory Database
Blast Radius: 23.4
Published: 25 days ago
High
GSA_kwCzR0hTQS14M20zLTR3cHYtNXZnY84AA9bx
jrburke requirejs vulnerable to prototype pollution
Ecosystems: npm
Packages: requirejs
Source: GitHub Advisory Database
Blast Radius: 51.6
Published: 25 days ago
Moderate
GSA_kwCzR0hTQS04OHZyLWhqcXgtNTdxaM4AA9bv
adolph_dudu ratio-swiper was discovered to contain a prototype pollution via the function extendDefaults
Ecosystems: npm
Packages: @adolph_dudu/ratio-swiper
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 25 days ago
Critical
GSA_kwCzR0hTQS04NzZwLWM3N20teDJoY84AA9bu
Prototype pollution in ag-grid-community via the _.mergeDeep function
Ecosystems: npm
Packages: ag-grid-community, ag-grid-enterprise
Source: GitHub Advisory Database
Blast Radius: 36.4
Published: 25 days ago
High
GSA_kwCzR0hTQS13NTh2LXIzY3AtcXI5M84AA9bt
@amoy/common v was discovered to contain a prototype pollution via the function extend
Ecosystems: npm
Packages: @amoy/common
Source: GitHub Advisory Database
Blast Radius: 4.4
Published: 25 days ago
High
GSA_kwCzR0hTQS1naDR4LXF2M3AtbTlwbc4AA9bq
akbr patch-into was discovered to contain a prototype pollution via the function patchInto
Ecosystems: npm
Packages: @akbr/patch-into
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 25 days ago
High
GSA_kwCzR0hTQS1nYzdtLTU5NmgteDU3cs4AA9br
frappejs was discovered to contain a prototype pollution via the function registerView
Ecosystems: npm
Packages: @airvertco/frappejs
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 25 days ago
Moderate
GSA_kwCzR0hTQS12ZzZ2LWpjZzMtNW1wN84AA9bm
@aofl/cli-lib Prototype Pollution vulnerability
Ecosystems: npm
Packages: @aofl/cli-lib
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 25 days ago
Moderate
GSA_kwCzR0hTQS0zNDM0LWhjM20tOG1tbc4AA9bD
Reflected Cross-Site Scripting (XSS) in zenml
Ecosystems: pypi
Packages: zenml
Source: GitHub Advisory Database
Blast Radius: 8.7
Published: 26 days ago
Moderate
GSA_kwCzR0hTQS04NjljLWo3d2MtOGpxds4AA9as
Gin mishandles a wildcard at the end of an origin string
Ecosystems: go
Packages: github.com/gin-contrib/cors, github.com/gin-gonic/gin
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 28 days ago
High
GSA_kwCzR0hTQS0yeHB4LXZjbXEtNWY3Ms4AA9aa
Unlimited number of NTS-KE connections can crash ntpd-rs server
Ecosystems: cargo
Packages: ntpd
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 28 days ago
Moderate
GSA_kwCzR0hTQS1oZzU4LXJmMmgtNnJyN84AA9aS
CometBFT is unstability during blocksync when syncing from malicious peer
Ecosystems: go
Packages: github.com/cometbft/cometbft
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 28 days ago
High
GSA_kwCzR0hTQS1mZjdxLTZ2d2gtdjltNM4AA9aG
Name confusion in x509 Subject Alternative Name fields
Ecosystems: packagist
Packages: phpseclib/phpseclib
Source: GitHub Advisory Database
Blast Radius: 35.2
Published: 29 days ago
High
GSA_kwCzR0hTQS1jZ3Z4LTk0NDctdmNjaM4AA9aK
ntlk unsafe deserialization vulnerability
Ecosystems: pypi
Packages: nltk
Source: GitHub Advisory Database
Blast Radius: 35.7
Published: 29 days ago
Statistics
Advisories: 19,584
Packages: 8,642
Repositories: 5,251
Ecosystems: 12
Filter by Severity
Moderate 8,559 High 6,707 Critical 2,930 Low 1,073
Filter by Ecosystem
maven 5,662 packagist 4,372 pypi 4,006 npm 3,637 go 2,075 nuget 1,467 rubygems 827 cargo 824 swift 31 hex 30 actions 16 pub 8
Filter by Package
tensorflow 432 tensorflow-cpu 387 tensorflow-gpu 384 moodle/moodle 342 Microsoft.ChakraCore 247 magento/community-edition 204 org.jenkins-ci.main:jenkins-core 189 typo3/cms 174 org.apache.tomcat:tomcat 133 pimcore/pimcore 117 dolibarr/dolibarr 112 typo3/cms-core 106 phpmyadmin/phpmyadmin 92 microweber/microweber 91 drupal/core 91 silverstripe/framework 85 apache-airflow 82 django 80 drupal/drupal 76 thorsten/phpmyfaq 70 com.fasterxml.jackson.core:jackson-databind 69 symfony/symfony 64 ansible 63 github.com/usememos/memos 59 actionpack 58 org.apache.struts:struts2-core 55 salt 55 librenms/librenms 54 concrete5/concrete5 52 Plone 52 apache-superset 51 shopware/platform 48 nova 47 org.keycloak:keycloak-core 47 mlflow 46 com.liferay.portal:release.portal.bom 45 github.com/grafana/grafana 45 plone 43 nokogiri 43 baserproject/basercms 43 rdiffweb 42 craftcms/cms 42 Pillow 41 showdoc/showdoc 40 intelliants/subrion 39 github.com/mattermost/mattermost/server/v8 38 vyper 38 froxlor/froxlor 37 org.apache.tomcat.embed:tomcat-embed-core 37 github.com/mattermost/mattermost-server/v6 37 nilsteampassnet/teampass 37 Django 36 shopware/core 36 com.thoughtworks.xstream:xstream 36 com.jfinal:jfinal 36 org.elasticsearch:elasticsearch 35 net.mingsoft:ms-mcms 35 matrix-synapse 35 moin 35 org.xwiki.platform:xwiki-platform-oldcore 35 zendframework/zendframework1 34 github.com/answerdev/answer 34 k8s.io/kubernetes 34 snipe/snipe-it 33 github.com/argoproj/argo-cd 33 org.jenkins-ci.plugins:script-security 32 github.com/rancher/rancher 31 org.keycloak:keycloak-services 31 keystone 31 opencv-contrib-python 30 parse-server 30 mautic/core 30 opencv-python 30 shopware/shopware 30 github.com/hashicorp/vault 30 io.undertow:undertow-core 30 getgrav/grav 29 github.com/docker/docker 28 centreon/centreon 27 github.com/hashicorp/consul 26 openssl-src 26 github.com/hashicorp/nomad 26 github.com/argoproj/argo-cd/v2 26 prestashop/prestashop 26 electron 26 org.apache.solr:solr-core 25 rubygems-update 25 org.keycloak:keycloak-parent 25 gogs.io/gogs 24 mediawiki/core 24 magento/core 24 rack 23 org.springframework.security:spring-security-core 23 zendframework/zendframework 23 puppet 23 remdex/livehelperchat 23 simplesamlphp/simplesamlphp 23 org.eclipse.jetty:jetty-server 23 pocketmine/pocketmine-mp 23 grumpydictator/firefly-iii 23 ckb 22 org.bouncycastle:bcprov-jdk14 22 getkirby/cms 22 org.apache.nifi:nifi 22 @openzeppelin/contracts-upgradeable 21 org.apache.openmeetings:openmeetings-parent 21 contao/core-bundle 21 github.com/cilium/cilium 21 activerecord 21 directus 21 org.cloudfoundry.identity:cloudfoundry-identity-server 20 tribalsystems/zenario 20 github.com/ethereum/go-ethereum 20 glance 20 @openzeppelin/contracts 20 Microsoft.AspNetCore.App.Runtime.win-x86 19 org.springframework:spring-core 19 code.gitea.io/gitea 19 Microsoft.AspNetCore.App.Runtime.win-x64 19 DotNetNuke.Core 19 laravel/framework 19 gradio 18 com.liferay.portal:release.dxp.bom 18 Microsoft.AspNetCore.App.Runtime.win-arm 18 golang.org/x/net 18 com.vaadin:vaadin-bom 18 contao/contao 18 forkcms/forkcms 18 langchain 18 cockpit-hq/cockpit 18 PaddlePaddle 17 Microsoft.AspNetCore.App.Runtime.linux-arm64 17 Microsoft.AspNetCore.App.Runtime.linux-arm 17 Microsoft.AspNetCore.App.Runtime.linux-musl-x64 17 cakephp/cakephp 17 ezsystems/ezpublish-kernel 17 cobbler 17 Microsoft.AspNetCore.App.Runtime.linux-x64 17 helm.sh/helm/v3 17 topthink/framework 17 org.apache.geode:geode-core 17 Microsoft.AspNetCore.App.Runtime.osx-x64 17 org.xwiki.platform:xwiki-platform-web-templates 17 mercurial 17 francoisjacquet/rosariosis 17 opencart/opencart 17 github.com/goharbor/harbor 17 github.com/traefik/traefik/v2 17 genix/cms 17 symfony/security 17 yetiforce/yetiforce-crm 16 rusqlite 16 sequelize 16 neutron 16 org.bouncycastle:bcprov-jdk15 16 next 16 wasmtime 16 pillow 16 org.apache.activemq:activemq-client 16 org.apache.jspwiki:jspwiki-main 16 Microsoft.AspNetCore.App.Runtime.linux-musl-arm64 16 Microsoft.AspNetCore.App.Runtime.win-arm64 16 tinymce 16 org.apache.dubbo:dubbo 16 cryptography 15 smarty/smarty 15 october/system 15 paddlepaddle 15 openmage/magento-lts 15 org.apache.struts.xwork:xwork-core 15 ec-cube/ec-cube 15 notebook 15 org.apache.inlong:manager-pojo 14 typo3/cms-backend 14 silverstripe/cms 14 org.xwiki.platform:xwiki-platform-web 14 symfony/security-http 14 pyload-ng 14 activesupport 14 publify_core 14 ghost 14 phpmailer/phpmailer 14 swagger-ui 14 modoboa 14 github.com/containerd/containerd 14 github.com/nats-io/nats-server/v2 14 pyftpdlib 14 github.com/mattermost/mattermost-server 13 codeigniter4/framework 13 vantage6 13 org.apache.hadoop:hadoop-main 13 ckeditor4 13 lavalite/cms 13 deno 13 OctoPrint 13 passenger 13 strapi 13 bolt/bolt 13 org.apache.cxf:cxf 13 joplin 13
Filter by Repository
https://github.com/tensorflow/tensorflow 432 https://github.com/moodle/moodle 214 https://github.com/chakra-core/ChakraCore 214 https://github.com/xwiki/xwiki-platform 174 https://github.com/jenkinsci/jenkins 148 https://github.com/pimcore/pimcore 112 https://github.com/django/django 107 https://github.com/apache/tomcat 97 https://github.com/apache/airflow 94 https://github.com/microweber/microweber 85 https://github.com/TYPO3/typo3 72 https://github.com/FasterXML/jackson-databind 70 https://github.com/thorsten/phpmyfaq 69 https://github.com/keycloak/keycloak 65 https://github.com/silverstripe/silverstripe-framework 64 https://github.com/usememos/memos 59 https://github.com/symfony/symfony 57 https://github.com/Dolibarr/dolibarr 56 https://github.com/rails/rails 55 https://github.com/ansible/ansible 53 https://github.com/python-pillow/Pillow 52 https://github.com/kubernetes/kubernetes 50 https://github.com/librenms/librenms 46 https://github.com/apache/struts 46 https://github.com/shopware/platform 43 https://github.com/ikus060/rdiffweb 42 https://github.com/argoproj/argo-cd 42 https://github.com/spring-projects/spring-framework 41 https://github.com/grafana/grafana 39 https://github.com/star7th/showdoc 38 https://github.com/vyperlang/vyper 38 https://github.com/phpmyadmin/phpmyadmin 38 https://github.com/openstack/nova 37 https://github.com/plone/Products.CMFPlone 37 https://github.com/x-stream/xstream 36 https://github.com/octobercms/october 35 https://github.com/concretecms/concretecms 34 https://github.com/saltstack/salt 34 https://github.com/answerdev/answer 34 https://github.com/apache/activemq 33 https://github.com/magento/magento2 32 https://github.com/matrix-org/synapse 32 https://github.com/sparklemotion/nokogiri 32 https://github.com/PaddlePaddle/Paddle 31 https://github.com/go-gitea/gitea 31 https://github.com/craftcms/cms 30 https://github.com/parse-community/parse-server 30 https://github.com/mlflow/mlflow 29 https://github.com/snipe/snipe-it 29 https://github.com/mautic/mautic 28 https://github.com/opencv/opencv 28 https://github.com/CVEProject/cvelist 28 https://github.com/openstack/keystone 28 https://github.com/rancher/rancher 28 https://github.com/dotnet/runtime 27 https://github.com/froxlor/froxlor 26 https://github.com/apache/inlong 26 https://github.com/electron/electron 25 https://github.com/getgrav/grav 24 https://github.com/gogs/gogs 24 https://github.com/TYPO3/TYPO3.CMS 24 https://github.com/strapi/strapi 24 https://github.com/shopware/shopware 24 https://github.com/pmmp/PocketMine-MP 23 https://github.com/livehelperchat/livehelperchat 23 https://github.com/github/advisory-database 23 https://github.com/firefly-iii/firefly-iii 23 https://github.com/eclipse/jetty.project 23 https://github.com/PrestaShop/PrestaShop 22 https://github.com/directus/directus 22 https://github.com/apache/nifi 22 https://github.com/nervosnetwork/ckb 22 https://github.com/contao/contao 22 https://github.com/baserproject/basercms 22 https://github.com/jenkinsci/script-security-plugin 21 https://github.com/cilium/cilium 21 https://github.com/apache/cxf 21 https://github.com/OpenNMS/opennms 20 https://github.com/simplesamlphp/simplesamlphp 20 https://github.com/jeecgboot/jeecg-boot 20 https://github.com/OpenZeppelin/openzeppelin-contracts 20 https://github.com/netty/netty 20 https://github.com/hashicorp/consul 19 https://github.com/cloudfoundry/uaa 19 https://github.com/bcgit/bc-java 19 https://github.com/nilsteampassnet/teampass 19 https://github.com/helm/helm 18 https://github.com/intelliants/subrion 18 https://github.com/getkirby/kirby 18 https://github.com/umbraco/Umbraco-CMS 18 https://github.com/langchain-ai/langchain 18 https://github.com/nilsteampassnet/TeamPass 18 https://github.com/geoserver/geoserver 18 https://github.com/rack/rack 18 https://github.com/rubygems/rubygems 18 https://github.com/vaadin/platform 17 https://github.com/liufee/cms 17 https://github.com/goharbor/harbor 17 https://github.com/traefik/traefik 17 https://github.com/bytecodealliance/wasmtime 17 https://github.com/etcd-io/etcd 16 https://github.com/ethereum/go-ethereum 16 https://github.com/yetiforcecompany/yetiforcecrm 16 https://github.com/opencast/opencast 16 https://github.com/TYPO3-CMS/core 16 https://github.com/sequelize/sequelize 16 https://github.com/rusqlite/rusqlite 16 https://github.com/hashicorp/vault 16 https://github.com/moby/moby 16 https://github.com/gradio-app/gradio 16 https://github.com/tinymce/tinymce 16 https://github.com/forkcms/forkcms 16 https://github.com/denoland/deno 15 https://github.com/centreon/centreon 15 https://github.com/OpenMage/magento-lts 15 https://github.com/apache/camel 15 https://github.com/zendframework/zendframework 15 https://github.com/laravel/framework 15 https://github.com/vantage6/vantage6 15 https://github.com/PHPMailer/PHPMailer 15 https://github.com/puppetlabs/puppet 15 https://github.com/containerd/containerd 14 https://github.com/pyca/cryptography 14 https://github.com/cobbler/cobbler 14 https://github.com/cockpit-hq/cockpit 14 https://github.com/pyload/pyload 14 https://github.com/mattermost/mattermost 14 https://github.com/dromara/hutool 13 https://github.com/ethyca/fides 13 https://github.com/golang/go 13 https://github.com/nodejs/undici 13 https://github.com/modoboa/modoboa 13 https://github.com/hashicorp/nomad 13 https://github.com/dompdf/dompdf 13 https://github.com/publify/publify 13 https://github.com/swagger-api/swagger-ui 13 https://github.com/undertow-io/undertow 13 https://github.com/ming-soft/MCMS 13 https://github.com/xuxueli/xxl-job 13 https://github.com/quarkusio/quarkus 13 https://github.com/dotnet/aspnetcore 12 https://github.com/wagtail/wagtail 12 https://github.com/vercel/next.js 12 https://github.com/urllib3/urllib3 12 https://github.com/TryGhost/Ghost 12 https://github.com/apache/kylin 12 https://github.com/patriksimek/vm2 12 https://github.com/ckeditor/ckeditor4 12 https://github.com/zitadel/zitadel 12 https://github.com/twisted/twisted 12 https://github.com/laurent22/joplin 12 https://github.com/backstage/backstage 12 https://github.com/apache/dolphinscheduler 12 https://github.com/1Panel-dev/1Panel 12 https://github.com/centreon/centreon-archived 12 https://github.com/smarty-php/smarty 12 https://github.com/Sylius/Sylius 11 https://github.com/thorsten/phpMyFAQ 11 https://github.com/aio-libs/aiohttp 11 https://github.com/cloudflare/cfrpki 11 https://github.com/nats-io/nats-server 11 https://github.com/cakephp/cakephp 11 https://github.com/onionshare/onionshare 11 https://github.com/top-think/framework 11 https://github.com/openfga/openfga 11 https://github.com/openstack/glance 11 https://github.com/igniterealtime/Openfire 11 https://github.com/decidim/decidim 11 https://github.com/pimcore/admin-ui-classic-bundle 11 https://github.com/scrapy/scrapy 11 https://github.com/vaadin/flow 11 https://github.com/Studio-42/elFinder 11 https://github.com/drupal/core 11 https://github.com/yiisoft/yii2 11 https://github.com/janeczku/calibre-web 11 https://github.com/puma/puma 11 https://github.com/WWBN/AVideo 11 https://github.com/ezsystems/ezpublish-kernel 11 https://github.com/NodeBB/NodeBB 11 https://github.com/OPCFoundation/UA-.NETStandard 11 https://github.com/opencontainers/runc 11 https://github.com/containers/podman 11 https://github.com/nocodb/nocodb 10 https://github.com/dolibarr/dolibarr 10 https://github.com/phusion/passenger 10 https://github.com/keystonejs/keystone 10 https://github.com/jquery/jquery 10 https://github.com/jenkinsci/git-plugin 10 https://github.com/apache/superset 10 https://github.com/greenpau/caddy-security 10 https://github.com/apache/zeppelin 10 https://github.com/codeigniter4/CodeIgniter4 10 https://github.com/spring-projects/spring-security 10 https://github.com/jupyter/notebook 10 https://github.com/zopefoundation/Zope 10 https://github.com/zenml-io/zenml 10 https://github.com/nautobot/nautobot 10 https://github.com/dpgaspar/Flask-AppBuilder 10 https://github.com/opencart/opencart 10