Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories

Loading...
Moderate
GSA_kwCzR0hTQS1yOTdyLTY0dnAtZmdobc4AA8gL
Silverstripe XSS vulnerability via VirtualPage
Ecosystems: packagist
Packages: silverstripe/cms
Source: GitHub Advisory Database
Blast Radius: 20.7
Published: 7 days ago
Moderate
GSA_kwCzR0hTQS0yODRjLXg4bTctOXc1aM4AA8gK
Dapr API Token Exposure
Ecosystems: go
Packages: github.com/dapr/dapr
Source: GitHub Advisory Database
Blast Radius: 12.2
Published: 7 days ago
High
GSA_kwCzR0hTQS14Z3doLWNndjktNzgzds4AA8f0
Ghost allows CSV Injection during member CSV export
Ecosystems: npm
Packages: @tryghost/members-csv
Source: GitHub Advisory Database
Blast Radius: 21.4
Published: 7 days ago
Moderate
GSA_kwCzR0hTQS05cnJ3LTgycjItNjIzcM4AA8f1
Silverpeas Core vulnerable to Cross Site Scripting
Ecosystems: maven
Packages: org.silverpeas:silverpeas-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 days ago
Moderate
GSA_kwCzR0hTQS02aGg2LTU5ajItcXJ4d84AA8fu
Silverstripe History XSS Vulnerability
Ecosystems: packagist
Packages: silverstripe/cms
Source: GitHub Advisory Database
Blast Radius: 20.7
Published: 7 days ago
Low
GSA_kwCzR0hTQS03NzljLTd3NHAtMmM0Z84AA8ft
Silverstripe admin XSS Vulnerability via WYSIWYG editor
Ecosystems: packagist
Packages: silverstripe/admin
Source: GitHub Advisory Database
Blast Radius: 10.4
Published: 7 days ago
Low
GSA_kwCzR0hTQS05OXI0LWNqcDQtM2hteM4AA8fs
vantage6 collaboration admins can extend their influence by expanding the collaboration
Ecosystems: pypi
Packages: vantage6
Source: GitHub Advisory Database
Blast Radius: 2.6
Published: 7 days ago
Moderate
GSA_kwCzR0hTQS00OWpjLXI3ODgtM2ZjOc4AA8fX
gix refs and paths with reserved Windows device names access the devices
Ecosystems: cargo
Packages: gix-index, gix-ref, gix-fs, gix, gitoxide-core, gix-worktree, gitoxide, gix-worktree-state
Source: GitHub Advisory Database
Blast Radius: 15.4
Published: 7 days ago
High
GSA_kwCzR0hTQS03dzQ3LTN3ZzgtNTQ3Y84AA8fW
gix traversal outside working tree enables arbitrary code execution
Ecosystems: cargo
Packages: gix-index, gitoxide-core, gix, gix-worktree, gix-fs, gitoxide, gix-worktree-state
Source: GitHub Advisory Database
Blast Radius: 24.8
Published: 7 days ago
Critical
GSA_kwCzR0hTQS1qcWZmLThnMnYtNjQyaM4AA8db
NASA AIT-Core vulnerable to remote code execution
Ecosystems: pypi
Packages: ait-core
Source: GitHub Advisory Database
Blast Radius: 6.8
Published: 8 days ago
High
GSA_kwCzR0hTQS1xdjZ4LTUzamotdnc1Oc4AA8df
NASA AIT-Core uses unencrypted channels to exchange data over the network
Ecosystems: pypi
Packages: ait-core
Source: GitHub Advisory Database
Blast Radius: 5.1
Published: 8 days ago
Critical
GSA_kwCzR0hTQS04M2p2LTRwcm0tMzRnN84AA8da
Shopware Remote Code Execution Vulnerability
Ecosystems: packagist
Packages: shopware/shopware
Source: GitHub Advisory Database
Blast Radius: 16.2
Published: 8 days ago
Critical
GSA_kwCzR0hTQS03MzM2LWdoaHAtZjJxas4AA8dZ
Shopware Remote Code Execution Vulnerability
Ecosystems: packagist
Packages: shopware/shopware
Source: GitHub Advisory Database
Blast Radius: 16.2
Published: 8 days ago
Moderate
GSA_kwCzR0hTQS1qcXI3LTVoN3ItY2g4cM4AA8dY
Shopware Non-Persistent XSS in the Frontend
Ecosystems: packagist
Packages: shopware/shopware
Source: GitHub Advisory Database
Blast Radius: 10.1
Published: 8 days ago
Critical
GSA_kwCzR0hTQS1xM2c0LTJ2dzkteHYyN84AA8dX
Shopware Remote Code Execution Vulnerability
Ecosystems: packagist
Packages: shopware/shopware
Source: GitHub Advisory Database
Blast Radius: 16.2
Published: 8 days ago
Critical
GSA_kwCzR0hTQS12OWhmLTVqODMtNnhwcM4AA8dB
PyMySQL SQL Injection vulnerability
Ecosystems: pypi
Packages: pymysql
Source: GitHub Advisory Database
Blast Radius: 40.6
Published: 8 days ago
Moderate
GSA_kwCzR0hTQS02d3FwLTdnOTQtZjY5as4AA8ac
sensiolabs/connect has a Cross-Site Request Forgery Vulnerability
Ecosystems: packagist
Packages: sensiolabs/connect
Source: GitHub Advisory Database
Blast Radius: 7.7
Published: 8 days ago
High
GSA_kwCzR0hTQS05cGh3LTdoOTYtcTNyds4AA8ab
scheb/two-factor-bundle bypass two-factor authentication with remember-me option
Ecosystems: packagist
Packages: scheb/two-factor-bundle
Source: GitHub Advisory Database
Blast Radius: 15.4
Published: 8 days ago
High
GSA_kwCzR0hTQS1oNm1wLW1jN2ctbWc0Oc4AA8aa
scheb/two-factor-bundle bypass two-factor authentication with unverified JWT trusted device token
Ecosystems: packagist
Packages: scheb/two-factor-bundle
Source: GitHub Advisory Database
Blast Radius: 15.4
Published: 8 days ago
High
GSA_kwCzR0hTQS1wajI3LTJ4dnAtNHF4Z84AA8aZ
@fastify/session reuses destroyed session cookie
Ecosystems: npm
Packages: @fastify/session
Source: GitHub Advisory Database
Blast Radius: 16.5
Published: 8 days ago
Critical
GSA_kwCzR0hTQS05NzY2LTUyNzctajVocs4AA8aY
ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache
Ecosystems: go
Packages: github.com/argoproj/argo-cd, github.com/argoproj/argo-cd/v2
Source: GitHub Advisory Database
Blast Radius: 19.7
Published: 8 days ago
Moderate
GSA_kwCzR0hTQS0zcmNxLTM5eHAtN3hqcM4AA8W3
ic-stable-structures vulnerable to BTreeMap memory leak when deallocating nodes with overflows
Ecosystems: cargo
Packages: ic-stable-structures
Source: GitHub Advisory Database
Blast Radius: 5.9
Published: 8 days ago
Moderate
GSA_kwCzR0hTQS1ndnBjLTNwajYtNG05d84AA8W2
Umbraco CMS Vulnerable to Stored XSS on Content Page Through Markdown Editor Preview Pane
Ecosystems: nuget
Packages: UmbracoCms.Core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 8 days ago
Moderate
GSA_kwCzR0hTQS00OGNxLTc5cXEtNmY3eM4AA8W1
Gradio applications running locally vulnerable to 3rd party websites accessing routes and uploading files
Ecosystems: pypi
Packages: gradio
Source: GitHub Advisory Database
Blast Radius: 17.5
Published: 8 days ago
Moderate
GSA_kwCzR0hTQS12cjg1LTVwd3gtYzZncc4AA8W0
OMERO.web must check that the JSONP callback is a valid function
Ecosystems: pypi
Packages: omero-web
Source: GitHub Advisory Database
Blast Radius: 8.4
Published: 8 days ago
Moderate
GSA_kwCzR0hTQS1qNzRxLW12MmMtcnhtcM4AA8Wz
Umbraco CMS Open Redirect Bypass Protection
Ecosystems: nuget
Packages: Umbraco.Cms.Web.BackOffice, UmbracoCms.Core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 8 days ago
Low
GSA_kwCzR0hTQS0yajZyLTl2djQtNmdmNc4AA8WS
github.com/bincyber/go-sqlcrypter vulnerable to IV collision
Ecosystems: go
Packages: github.com/bincyber/go-sqlcrypter
Source: GitHub Advisory Database
Blast Radius: 1.1
Published: 9 days ago
Moderate
GSA_kwCzR0hTQS1xamN2LXJ4M3YtN212as4AA8WR
github.com/cosmos/ibc-go affected by IBC protocol "Huckleberry" vulnerability
Ecosystems: go
Packages: github.com/cosmos/ibc-go, github.com/cosmos/ibc-go/v2, github.com/cosmos/ibc-go/v3, github.com/cosmos/ibc-go/v4, github.com/cosmos/ibc-go/v5, github.com/cosmos/ibc-go/v6, github.com/cosmos/ibc-go/v7
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 9 days ago
Moderate
GSA_kwCzR0hTQS1jcmdjLTI1ODMtcncyN84AA8WN
Stacklok Minder vulnerable to denial of service from maliciously crafted templates
Ecosystems: go
Packages: github.com/stacklok/minder
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 9 days ago
Moderate
GSA_kwCzR0hTQS14Y3E0LW0ycjMtY21yas4AA8WM
Trivy possibly leaks registry credential when scanning images from malicious registries
Ecosystems: go
Packages: github.com/aquasecurity/trivy
Source: GitHub Advisory Database
Blast Radius: 11.7
Published: 9 days ago
Moderate
GSA_kwCzR0hTQS12NDVtLWh4cXAtZndmNc4AA8WL
verbb/formie Server-Side Template Injection for variable-enabled settings
Ecosystems: packagist
Packages: verbb/formie
Source: GitHub Advisory Database
Blast Radius: 4.9
Published: 9 days ago
Moderate
GSA_kwCzR0hTQS05d3g0LWg3OHYtdm01Ns4AA8WK
Requests `Session` object does not verify requests after making first request with verify=False
Ecosystems: pypi
Packages: requests
Source: GitHub Advisory Database
Blast Radius: 32.7
Published: 9 days ago
Moderate
GSA_kwCzR0hTQS1mOThwLTJoYzUtZm03ds4AA8WJ
AVideo cross-site scripting vulnerability in the view/about.php page
Ecosystems: packagist
Packages: wwbn/avideo
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 9 days ago
High
GSA_kwCzR0hTQS01Zjk3LWgyYzItODI2cc4AA8WE
json-schema-ref-parser Prototype Pollution issue
Ecosystems: npm
Packages: @apidevtools/json-schema-ref-parser
Source: GitHub Advisory Database
Blast Radius: 36.1
Published: 9 days ago
Moderate
GSA_kwCzR0hTQS04dnI0LWg0cnItOHBoNs4AA8WB
MiguelCastillo @bit/loader Prototype Pollution issue
Ecosystems: npm
Packages: @bit/loader
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 9 days ago
Moderate
GSA_kwCzR0hTQS1nM3EyLXZjanEtcmdyY84AA8V-
Blackprint @blackprint/engine Prototype Pollution issue
Ecosystems: npm
Packages: @blackprint/engine
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 9 days ago
High
GSA_kwCzR0hTQS0yZzk4LWY5anYtdzhjNc4AA8V2
robrichards/xmlseclibs XPath injection
Ecosystems: packagist
Packages: robrichards/xmlseclibs
Source: GitHub Advisory Database
Blast Radius: 22.5
Published: 9 days ago
Moderate
GSA_kwCzR0hTQS03djdtLXBjdzUtaDNjZ84AA8V1
Pusher Service Channel Authentication Bypass
Ecosystems: packagist
Packages: pusher/pusher-php-server
Source: GitHub Advisory Database
Blast Radius: 25.5
Published: 9 days ago
Critical
GSA_kwCzR0hTQS03ZzdjLXFoZjMteDU5cM4AA8V0
propel/propel1 SQL injection possible with limit() on MySQL
Ecosystems: packagist
Packages: propel/propel1
Source: GitHub Advisory Database
Blast Radius: 28.1
Published: 9 days ago
Critical
GSA_kwCzR0hTQS03dnc3LXF4MzgtMzd2cs4AA8Vz
Propel2 SQL injection possible with limit() on MySQL
Ecosystems: packagist
Packages: propel/propel
Source: GitHub Advisory Database
Blast Radius: 27.1
Published: 9 days ago
Moderate
GSA_kwCzR0hTQS13dzZwLXEyNnctZnI2bc4AA8Vy
phpxmlrpc/extra XSS in class documenting_xmlrpc_server
Ecosystems: packagist
Packages: phpxmlrpc/extras
Source: GitHub Advisory Database
Blast Radius: 3.7
Published: 9 days ago
Moderate
GSA_kwCzR0hTQS1xbTV2LXBqNjQtODUyas4AA8Vx
Passbolt Api Tabnabbing when opening URI with menu "Open URI in a new tab"
Ecosystems: packagist
Packages: passbolt/passbolt_api
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 9 days ago
High
GSA_kwCzR0hTQS0yZjQ2LTR4am0tNzN4Nc4AA8Vw
Passbolt API Stored XSS on first/last name during setup
Ecosystems: packagist
Packages: passbolt/passbolt_api
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 9 days ago
High
GSA_kwCzR0hTQS1jdjVjLTJxdjUtdzJtMs4AA8Vv
Passbolt Api Remote code execution
Ecosystems: packagist
Packages: passbolt/passbolt_api
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 9 days ago
Low
GSA_kwCzR0hTQS1mNXBwLXBtcTgtZ3A0Ns4AA8Vu
Passbolt Api Retrieval of HTTP-only cookies
Ecosystems: packagist
Packages: passbolt/passbolt_api
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 9 days ago
Moderate
GSA_kwCzR0hTQS12ODZtLWo1ZjctY2N3aM4AA8Vt
Passbolt Api E-mail HTML injection
Ecosystems: packagist
Packages: passbolt/passbolt_api
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 9 days ago
Moderate
GSA_kwCzR0hTQS13Z2p2LTlqM3EtamhnOM4AA8Vk
aiosmtpd STARTTLS unencrypted commands injection
Ecosystems: pypi
Packages: aiosmtpd
Source: GitHub Advisory Database
Blast Radius: 13.5
Published: 9 days ago
High
GSA_kwCzR0hTQS1xeHFmLTJtZngteDhqd84AA8Vj
veraPDF has potential XSLT injection vulnerability when using policy files
Ecosystems: maven
Packages: org.verapdf:library-jakarta, org.verapdf:library, org.verapdf:library-arlington, org.verapdf:core-arlington, org.verapdf:core-jakarta, org.verapdf:core
Source: GitHub Advisory Database
Blast Radius: 7.7
Published: 9 days ago
Moderate
GSA_kwCzR0hTQS0zdmhtLXE0dzMtcnc4cc4AA8Vi
OroPlatform Forced Redirect to External Website
Ecosystems: packagist
Packages: oro/platform
Source: GitHub Advisory Database
Blast Radius: 13.3
Published: 9 days ago
Moderate
GSA_kwCzR0hTQS12OGhwLTIzOXYtOTM2N84AA8Vh
OroCRM Forced Redirect to External Website
Ecosystems: packagist
Packages: oro/crm
Source: GitHub Advisory Database
Blast Radius: 10.8
Published: 9 days ago
High
GSA_kwCzR0hTQS03Z2dtLTRyamctNTk0d84AA8R2
litellm passes untrusted data to `eval` function without sanitization
Ecosystems: pypi
Packages: litellm
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 12 days ago
Moderate
GSA_kwCzR0hTQS1jOTZoLWN4eDYtcm1nOc4AA8R4
Tor path lengths too short when "full Vanguards" configured
Ecosystems: cargo
Packages: arti, tor-circmgr
Source: GitHub Advisory Database
Blast Radius: 6.1
Published: 12 days ago
High
GSA_kwCzR0hTQS05MzI4LWdjZnEtcDI2Oc4AA8R0
Tor Arti's STUB circuits incorrectly have a length of 2
Ecosystems: cargo
Packages: tor-circmgr, arti
Source: GitHub Advisory Database
Blast Radius: 7.8
Published: 12 days ago
Low
GSA_kwCzR0hTQS0zZm1xLXg5cTYtd20zOc4AA8Rz
random_compat Uses insecure CSPRNG
Ecosystems: packagist
Packages: paragonie/random_compat
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 12 days ago
Moderate
GSA_kwCzR0hTQS1nNDhmLXBnd2gtd3d4eM4AA8Ry
onelogin/php-saml signature wrapping attacks
Ecosystems: packagist
Packages: onelogin/php-saml
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 12 days ago
Low
GSA_kwCzR0hTQS05d3J3LXA5cm0tcjc4Ms4AA8Rx
onelogin/php-saml Improper signature validation on LogoutRequest/LogoutResponse.
Ecosystems: packagist
Packages: onelogin/php-saml
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 12 days ago
High
GSA_kwCzR0hTQS1yMnI4LTM2cHEtMjdjbc4AA8Rw
nzo/url-encryptor-bundle Insecure default secret key and IV allowing anyone to decrypt values
Ecosystems: packagist
Packages: nzo/url-encryptor-bundle
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 12 days ago
Critical
GSA_kwCzR0hTQS1ycTZxLWhqdmgtNW13aM4AA8Rv
Flow Swift Mailer package Remote code execution
Ecosystems: packagist
Packages: neos/swiftmailer
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 12 days ago
High
GSA_kwCzR0hTQS02Y2ozLXJjNHAtZjM4Zs4AA8Ru
Cross-site Scripting vulnerabilities in Neos
Ecosystems: packagist
Packages: neos/neos
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 12 days ago
Moderate
GSA_kwCzR0hTQS00M2NmLTdmM2gtMzhyZ84AA8Rt
Privilege Escalation in TYPO3 Neos
Ecosystems: packagist
Packages: neos/neos
Source: GitHub Advisory Database
Blast Radius: 11.7
Published: 12 days ago
Moderate
GSA_kwCzR0hTQS02cHE4LTY3cHctajZod84AA8Rs
Time-Based Information Disclosure Vulnerability in Flow
Ecosystems: packagist
Packages: neos/flow
Source: GitHub Advisory Database
Blast Radius: 14.4
Published: 12 days ago
High
GSA_kwCzR0hTQS0zYzVnLTczZjctZ3J2bc4AA8Rr
Neos Information Disclosure Security Note
Ecosystems: packagist
Packages: neos/neos
Source: GitHub Advisory Database
Blast Radius: 21.0
Published: 12 days ago
Moderate
GSA_kwCzR0hTQS05Y3czLWo3d2ctandqOM4AA8Rq
Neos Flow Information disclosure in entity security
Ecosystems: packagist
Packages: neos/flow
Source: GitHub Advisory Database
Blast Radius: 11.7
Published: 12 days ago
Moderate
GSA_kwCzR0hTQS01dnY3LWo1OTMtbWdqY84AA8Rp
Neos Flow Arbitrary file upload and XML External Entity processing
Ecosystems: packagist
Packages: neos/flow
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 12 days ago
Low
GSA_kwCzR0hTQS03aDc0LTd2Y3ctNG13cM4AA8Ro
Insecure deserialize Vulnerability in FLOW3
Ecosystems: packagist
Packages: neos/flow
Source: GitHub Advisory Database
Blast Radius: 10.1
Published: 12 days ago
Critical
GSA_kwCzR0hTQS00cnI2LWdmNTktZ2d3Nc4AA8Rn
namshi/jose - Verification bypass
Ecosystems: packagist
Packages: namshi/jose
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 12 days ago
High
GSA_kwCzR0hTQS1oeGhjLXdtZzgteHJxZs4AA8Rm
namshi/jose insecure JSON Web Signatures (JWS)
Ecosystems: packagist
Packages: namshi/jose
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 12 days ago
Moderate
GSA_kwCzR0hTQS0ycmh4LXFoeHAtNWpwd84AA8Qi
Submariner Operator sets unnecessary RBAC permissions in helm charts
Ecosystems: go
Packages: github.com/submariner-io/submariner-operator
Source: GitHub Advisory Database
Blast Radius: 8.6
Published: 12 days ago
Critical
GSA_kwCzR0hTQS0zNzgzLTYydmMtanI3eM4AA8K_
ConsoleMe has an Arbitrary File Read Vulnerability via Limited Git command
Ecosystems: pypi
Packages: consoleme
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 13 days ago
Moderate
GSA_kwCzR0hTQS1manc4LTNncDgtNGN2eM4AA8Kw
Denial of service of Minder Server with attacker-controlled REST endpoint
Ecosystems: go
Packages: github.com/stacklok/minder
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 13 days ago
Moderate
GSA_kwCzR0hTQS12ZzNyLXJtN3ctMnhnaM4AA8Kv
REXML contains a denial of service vulnerability
Ecosystems: rubygems
Packages: rexml
Source: GitHub Advisory Database
Blast Radius: 28.8
Published: 13 days ago
High
GSA_kwCzR0hTQS1yZnFxLXdxNnctNzJqbc4AA8J7
MLflow has a Local File Read/Path Traversal bypass
Ecosystems: pypi
Packages: mlflow
Source: GitHub Advisory Database
Blast Radius: 27.8
Published: 14 days ago
High
GSA_kwCzR0hTQS1wdzM4LXh2OXgtaDhjaM4AA8Jv
RunGptLLM class in LlamaIndex has a command injection
Ecosystems: pypi
Packages: llama-index-llms-rungpt, llama-index
Source: GitHub Advisory Database
Blast Radius: 27.9
Published: 14 days ago
Moderate
GSA_kwCzR0hTQS1wNGp4LXE2MnAteDVqcs4AA8J5
MLflow allows low privilege users to delete any artifact
Ecosystems: pypi
Packages: mlflow
Source: GitHub Advisory Database
Blast Radius: 20.0
Published: 14 days ago
Low
GSA_kwCzR0hTQS1mNTd2LXE5NjYtN2ZoNs4AA8I3
Monolog Header injection in NativeMailerHandler
Ecosystems: packagist
Packages: monolog/monolog
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 14 days ago
Critical
GSA_kwCzR0hTQS04ajdjLTY4MngtcjlmMs4AA8I2
Magento RCE,XSS and other vulnerabilities
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 14 days ago
Moderate
GSA_kwCzR0hTQS1tY2ZjLTY3dm0tajU2OM4AA8I1
Magento Cross-Site Scripting (XSS) vulnerability
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 14 days ago
Critical
GSA_kwCzR0hTQS01Z21oLTg1eDgtNWN4N84AA8I0
Magento remote code execution (RCE), Cross-Site Scripting (XSS) and other vulnerabilities
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 14 days ago
Critical
GSA_kwCzR0hTQS1jdjI1LTNweHItNHE3eM4AA8Iz
Magento Open Source Security Advisory: Patch SUPEE-10975
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 14 days ago
Critical
GSA_kwCzR0hTQS0yNmhxLTcyODYtbWc4Zs4AA8Iy
Magento Patch SUPEE-9652 - Remote Code Execution using mail vulnerability
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 14 days ago
Critical
GSA_kwCzR0hTQS02d200LTNyamotYzh4eM4AA8Ix
Magento Security enhancements that help close RCE,XSS,CSRF and other vulnerabilities
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 14 days ago
Critical
GSA_kwCzR0hTQS1wcnBmLWNqODctaHd2cs4AA8Iw
Magento Patch SUPEE-10752 - Multiple security enhancements vulnerabilities
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 14 days ago
Moderate
GSA_kwCzR0hTQS1xd3ZwLTI2OGctamptOM4AA8Iv
Data Leakage Vulnerability in livewire/livewire
Ecosystems: packagist
Packages: livewire/livewire
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 14 days ago
Moderate
GSA_kwCzR0hTQS1oOTdjLXFwMjQtNDM5ds4AA8Iu
Insecure State Generation in laravel/socialite
Ecosystems: packagist
Packages: laravel/socialite
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 14 days ago
Moderate
GSA_kwCzR0hTQS03Zmp2LTI1cTktMnc4OM4AA8It
State Guessing Vulnerability in laravel/socialite
Ecosystems: packagist
Packages: laravel/socialite
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 14 days ago
High
GSA_kwCzR0hTQS13cThwLW1xdmctMnA1aM4AA8Is
laravel framework SQL Injection via limit and offset functions
Ecosystems: packagist
Packages: laravel/framework
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 14 days ago
High
GSA_kwCzR0hTQS1qd3ZqLXB3d3ctM21qNc4AA8Ir
laravel framework Unexpected database bindings via requests
Ecosystems: packagist
Packages: laravel/framework
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 14 days ago
Moderate
GSA_kwCzR0hTQS00NHBnLWMyOXYtaHA2cs4AA8Iq
Laravel Guard bypass in Eloquent models
Ecosystems: packagist
Packages: laravel/framework
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 14 days ago
Critical
GSA_kwCzR0hTQS1xbTVjLW03NnItMmhmcs4AA8Ip
Laravel RCE vulnerability in "cookie" session driver
Ecosystems: packagist
Packages: laravel/framework
Source: GitHub Advisory Database
Blast Radius: 56.8
Published: 14 days ago
Moderate
GSA_kwCzR0hTQS12cjk1LXA3cTYtOG05cc4AA8Io
Laravel Cross-site Scripting (XSS) vulnerability in blade templating
Ecosystems: packagist
Packages: laravel/framework
Source: GitHub Advisory Database
Blast Radius: 24.4
Published: 14 days ago
High
GSA_kwCzR0hTQS02anZ4LThjaDktajJqcs4AA8In
Laravel Cookie serialization vulnerability
Ecosystems: packagist
Packages: laravel/framework
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 14 days ago
Moderate
GSA_kwCzR0hTQS03ODUyLXczNngtNm1mNs4AA8Im
Laravel Encrypter Component Potential Decryption Failure Leading to Unintended Behavior
Ecosystems: packagist
Packages: laravel/framework
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 14 days ago
Moderate
GSA_kwCzR0hTQS1wNjJyLTc2MzctM3d3Y84AA8Il
Laravel Hijacked authentication cookies vulnerability
Ecosystems: packagist
Packages: laravel/framework
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 14 days ago
Moderate
GSA_kwCzR0hTQS1yajN3LTk5Z2MtOGo1OM4AA8Ik
Laravel Risk of mass-assignment vulnerabilities
Ecosystems: packagist
Packages: laravel/framework
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 14 days ago
Moderate
GSA_kwCzR0hTQS1odmd3LWdnM3AtMjk1as4AA8Ij
Read private customer data reclaiming carts in Klaviyo Magento
Ecosystems: packagist
Packages: klaviyo/magento2-extension
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 14 days ago
Low
GSA_kwCzR0hTQS02d2p3LXFmODctZnY1ds4AA8Ii
Laravel Encrypter Failure to decryption vulnerability
Ecosystems: packagist
Packages: illuminate/encryption
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 14 days ago
High
GSA_kwCzR0hTQS0yODY3LTZycm0tMzhncs4AA8Ih
Laravel Cookie serialization vulnerability
Ecosystems: packagist
Packages: illuminate/cookie
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 14 days ago
Moderate
GSA_kwCzR0hTQS0yOTdnLXhnNGgtN3c0Y84AA8Ig
Laravel Cross-site Scripting vulnerability in blade templating
Ecosystems: packagist
Packages: illuminate/view
Source: GitHub Advisory Database
Blast Radius: 19.9
Published: 14 days ago
Moderate
GSA_kwCzR0hTQS1jYzJ3LWdoYzUtbTVxcs4AA8If
Laravel Risk of mass-assignment vulnerabilities
Ecosystems: packagist
Packages: illuminate/database
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 14 days ago
Critical
GSA_kwCzR0hTQS0yZmZ2LXI0cjktcjh4cs4AA8Ie
Laravel RCE vulnerability in "cookie" session driver
Ecosystems: packagist
Packages: illuminate/cookie
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 14 days ago
Statistics
Advisories: 18,946
Packages: 8,441
Repositories: 5,118
Ecosystems: 12
Filter by Package
tensorflow 432 tensorflow-cpu 387 tensorflow-gpu 384 moodle/moodle 323 Microsoft.ChakraCore 247 magento/community-edition 203 org.jenkins-ci.main:jenkins-core 189 org.apache.tomcat:tomcat 134 pimcore/pimcore 116 dolibarr/dolibarr 109 typo3/cms 102 phpmyadmin/phpmyadmin 92 microweber/microweber 91 drupal/core 91 silverstripe/framework 83 django 80 apache-airflow 79 typo3/cms-core 77 drupal/drupal 76 thorsten/phpmyfaq 70 com.fasterxml.jackson.core:jackson-databind 69 ansible 63 github.com/usememos/memos 59 actionpack 57 org.apache.struts:struts2-core 55 librenms/librenms 54 symfony/symfony 53 salt 53 Plone 52 concrete5/concrete5 52 apache-superset 49 shopware/platform 48 org.keycloak:keycloak-core 47 nova 46 github.com/grafana/grafana 45 com.liferay.portal:release.portal.bom 45 plone 43 nokogiri 43 baserproject/basercms 43 rdiffweb 42 Pillow 41 intelliants/subrion 40 showdoc/showdoc 40 craftcms/cms 40 github.com/mattermost/mattermost/server/v8 38 vyper 38 nilsteampassnet/teampass 37 github.com/mattermost/mattermost-server/v6 37 froxlor/froxlor 37 shopware/core 36 org.apache.tomcat.embed:tomcat-embed-core 36 com.jfinal:jfinal 36 com.thoughtworks.xstream:xstream 36 moin 35 matrix-synapse 35 net.mingsoft:ms-mcms 35 github.com/answerdev/answer 34 org.xwiki.platform:xwiki-platform-oldcore 34 k8s.io/kubernetes 33 mlflow 33 Django 32 snipe/snipe-it 32 org.elasticsearch:elasticsearch 32 org.jenkins-ci.plugins:script-security 32 shopware/shopware 31 keystone 31 opencv-python 30 opencv-contrib-python 30 github.com/argoproj/argo-cd 30 mautic/core 30 parse-server 29 getgrav/grav 29 github.com/hashicorp/vault 28 github.com/rancher/rancher 28 io.undertow:undertow-core 27 centreon/centreon 27 org.keycloak:keycloak-services 27 github.com/hashicorp/consul 26 electron 26 github.com/hashicorp/nomad 26 openssl-src 26 prestashop/prestashop 26 rubygems-update 25 org.keycloak:keycloak-parent 25 org.apache.solr:solr-core 25 github.com/argoproj/argo-cd/v2 25 mediawiki/core 24 gogs.io/gogs 24 magento/core 24 puppet 23 org.springframework.security:spring-security-core 23 remdex/livehelperchat 23 pocketmine/pocketmine-mp 23 org.eclipse.jetty:jetty-server 23 simplesamlphp/simplesamlphp 23 ckb 22 getkirby/cms 22 grumpydictator/firefly-iii 22 org.bouncycastle:bcprov-jdk14 22 rack 22 org.apache.nifi:nifi 22 @openzeppelin/contracts-upgradeable 21 contao/core-bundle 21 org.apache.openmeetings:openmeetings-parent 21 activerecord 21 @openzeppelin/contracts 20 org.cloudfoundry.identity:cloudfoundry-identity-server 20 github.com/ethereum/go-ethereum 20 tribalsystems/zenario 20 github.com/cilium/cilium 20 github.com/docker/docker 20 DotNetNuke.Core 19 org.springframework:spring-core 19 code.gitea.io/gitea 19 laravel/framework 19 glance 19 forkcms/forkcms 18 Microsoft.AspNetCore.App.Runtime.win-x86 18 langchain 18 Microsoft.AspNetCore.App.Runtime.win-x64 18 com.vaadin:vaadin-bom 18 golang.org/x/net 18 cockpit-hq/cockpit 18 contao/contao 18 com.liferay.portal:release.dxp.bom 18 directus 18 symfony/security 17 org.xwiki.platform:xwiki-platform-web-templates 17 cobbler 17 topthink/framework 17 PaddlePaddle 17 org.apache.geode:geode-core 17 genix/cms 17 francoisjacquet/rosariosis 17 Microsoft.AspNetCore.App.Runtime.win-arm 17 mercurial 17 helm.sh/helm/v3 17 cakephp/cakephp 17 ezsystems/ezpublish-kernel 17 Microsoft.AspNetCore.App.Runtime.linux-musl-x64 16 org.apache.activemq:activemq-client 16 wasmtime 16 Microsoft.AspNetCore.App.Runtime.linux-arm64 16 sequelize 16 Microsoft.AspNetCore.App.Runtime.linux-arm 16 pillow 16 rusqlite 16 neutron 16 Microsoft.AspNetCore.App.Runtime.linux-x64 16 Microsoft.AspNetCore.App.Runtime.osx-x64 16 yetiforce/yetiforce-crm 16 org.bouncycastle:bcprov-jdk15 16 org.apache.dubbo:dubbo 16 github.com/goharbor/harbor 15 gradio 15 org.apache.struts.xwork:xwork-core 15 org.apache.jspwiki:jspwiki-main 15 smarty/smarty 15 Microsoft.AspNetCore.App.Runtime.linux-musl-arm64 15 notebook 15 next 15 cryptography 15 Microsoft.AspNetCore.App.Runtime.win-arm64 15 paddlepaddle 15 openmage/magento-lts 15 silverstripe/cms 14 ghost 14 pyftpdlib 14 publify_core 14 typo3/cms-backend 14 activesupport 14 org.xwiki.platform:xwiki-platform-web 14 zendframework/zendframework1 14 ec-cube/ec-cube 14 phpmailer/phpmailer 14 org.apache.inlong:manager-pojo 14 swagger-ui 14 pyload-ng 14 symfony/security-http 14 github.com/traefik/traefik/v2 14 modoboa 14 tinymce 14 github.com/containerd/containerd 14 codeigniter4/framework 13 github.com/mattermost/mattermost-server 13 OctoPrint 13 org.apache.cxf:cxf 13 joplin 13 impresscms/impresscms 13 strapi 13 bolt/bolt 13 org.apache.hadoop:hadoop-main 13 october/system 13 vantage6 13 ckeditor4 13 passenger 13 elefant/cms 13 github.com/nats-io/nats-server/v2 13 lavalite/cms 13 org.jenkins-ci.plugins.workflow:workflow-cps 12
Filter by Repository
https://github.com/tensorflow/tensorflow 432 https://github.com/chakra-core/ChakraCore 214 https://github.com/moodle/moodle 210 https://github.com/xwiki/xwiki-platform 172 https://github.com/jenkinsci/jenkins 148 https://github.com/pimcore/pimcore 111 https://github.com/django/django 103 https://github.com/apache/tomcat 96 https://github.com/apache/airflow 91 https://github.com/microweber/microweber 85 https://github.com/FasterXML/jackson-databind 70 https://github.com/thorsten/phpmyfaq 69 https://github.com/silverstripe/silverstripe-framework 62 https://github.com/keycloak/keycloak 59 https://github.com/usememos/memos 59 https://github.com/Dolibarr/dolibarr 55 https://github.com/ansible/ansible 53 https://github.com/rails/rails 53 https://github.com/python-pillow/Pillow 52 https://github.com/kubernetes/kubernetes 49 https://github.com/symfony/symfony 47 https://github.com/apache/struts 46 https://github.com/librenms/librenms 46 https://github.com/TYPO3/typo3 46 https://github.com/shopware/platform 43 https://github.com/ikus060/rdiffweb 42 https://github.com/spring-projects/spring-framework 41 https://github.com/grafana/grafana 39 https://github.com/vyperlang/vyper 38 https://github.com/star7th/showdoc 38 https://github.com/phpmyadmin/phpmyadmin 38 https://github.com/argoproj/argo-cd 38 https://github.com/plone/Products.CMFPlone 37 https://github.com/openstack/nova 37 https://github.com/x-stream/xstream 36 https://github.com/concretecms/concretecms 34 https://github.com/answerdev/answer 34 https://github.com/apache/activemq 33 https://github.com/octobercms/october 33 https://github.com/saltstack/salt 32 https://github.com/matrix-org/synapse 32 https://github.com/sparklemotion/nokogiri 32 https://github.com/magento/magento2 31 https://github.com/PaddlePaddle/Paddle 31 https://github.com/go-gitea/gitea 31 https://github.com/parse-community/parse-server 29 https://github.com/craftcms/cms 29 https://github.com/opencv/opencv 28 https://github.com/CVEProject/cvelist 28 https://github.com/mautic/mautic 28 https://github.com/openstack/keystone 28 https://github.com/snipe/snipe-it 28 https://github.com/mlflow/mlflow 27 https://github.com/froxlor/froxlor 26 https://github.com/apache/inlong 26 https://github.com/rancher/rancher 25 https://github.com/electron/electron 25 https://github.com/TYPO3/TYPO3.CMS 24 https://github.com/getgrav/grav 24 https://github.com/shopware/shopware 24 https://github.com/dotnet/runtime 24 https://github.com/github/advisory-database 23 https://github.com/pmmp/PocketMine-MP 23 https://github.com/livehelperchat/livehelperchat 23 https://github.com/eclipse/jetty.project 23 https://github.com/nervosnetwork/ckb 22 https://github.com/baserproject/basercms 22 https://github.com/PrestaShop/PrestaShop 22 https://github.com/firefly-iii/firefly-iii 22 https://github.com/contao/contao 22 https://github.com/apache/nifi 21 https://github.com/jenkinsci/script-security-plugin 21 https://github.com/strapi/strapi 21 https://github.com/netty/netty 20 https://github.com/simplesamlphp/simplesamlphp 20 https://github.com/jeecgboot/jeecg-boot 20 https://github.com/OpenZeppelin/openzeppelin-contracts 20 https://github.com/cilium/cilium 20 https://github.com/gogs/gogs 20 https://github.com/OpenNMS/opennms 20 https://github.com/bcgit/bc-java 19 https://github.com/nilsteampassnet/teampass 19 https://github.com/intelliants/subrion 19 https://github.com/cloudfoundry/uaa 19 https://github.com/hashicorp/consul 19 https://github.com/apache/cxf 19 https://github.com/helm/helm 18 https://github.com/umbraco/Umbraco-CMS 18 https://github.com/nilsteampassnet/TeamPass 18 https://github.com/rubygems/rubygems 18 https://github.com/getkirby/kirby 18 https://github.com/bytecodealliance/wasmtime 17 https://github.com/vaadin/platform 17 https://github.com/directus/directus 17 https://github.com/liufee/cms 17 https://github.com/rack/rack 17 https://github.com/rusqlite/rusqlite 16 https://github.com/hashicorp/vault 16 https://github.com/opencast/opencast 16 https://github.com/yetiforcecompany/yetiforcecrm 16 https://github.com/forkcms/forkcms 16 https://github.com/etcd-io/etcd 16 https://github.com/sequelize/sequelize 16 https://github.com/ethereum/go-ethereum 16 https://github.com/goharbor/harbor 15 https://github.com/denoland/deno 15 https://github.com/vantage6/vantage6 15 https://github.com/PHPMailer/PHPMailer 15 https://github.com/puppetlabs/puppet 15 https://github.com/geoserver/geoserver 15 https://github.com/centreon/centreon 15 https://github.com/OpenMage/magento-lts 15 https://github.com/laravel/framework 15 https://github.com/apache/camel 15 https://github.com/containerd/containerd 14 https://github.com/langchain-ai/langchain 14 https://github.com/gradio-app/gradio 14 https://github.com/cockpit-hq/cockpit 14 https://github.com/pyca/cryptography 14 https://github.com/cobbler/cobbler 14 https://github.com/tinymce/tinymce 14 https://github.com/traefik/traefik 14 https://github.com/mattermost/mattermost 14 https://github.com/pyload/pyload 14 https://github.com/moby/moby 14 https://github.com/hashicorp/nomad 13 https://github.com/modoboa/modoboa 13 https://github.com/swagger-api/swagger-ui 13 https://github.com/dromara/hutool 13 https://github.com/xuxueli/xxl-job 13 https://github.com/golang/go 13 https://github.com/quarkusio/quarkus 13 https://github.com/publify/publify 13 https://github.com/undertow-io/undertow 13 https://github.com/dompdf/dompdf 13 https://github.com/ming-soft/MCMS 13 https://github.com/apache/kylin 12 https://github.com/twisted/twisted 12 https://github.com/TryGhost/Ghost 12 https://github.com/centreon/centreon-archived 12 https://github.com/smarty-php/smarty 12 https://github.com/ckeditor/ckeditor4 12 https://github.com/apache/dolphinscheduler 12 https://github.com/nodejs/undici 12 https://github.com/backstage/backstage 12 https://github.com/laurent22/joplin 12 https://github.com/patriksimek/vm2 12 https://github.com/top-think/framework 11 https://github.com/containers/podman 11 https://github.com/puma/puma 11 https://github.com/NodeBB/NodeBB 11 https://github.com/aio-libs/aiohttp 11 https://github.com/cakephp/cakephp 11 https://github.com/thorsten/phpMyFAQ 11 https://github.com/dotnet/aspnetcore 11 https://github.com/WWBN/AVideo 11 https://github.com/opencontainers/runc 11 https://github.com/openfga/openfga 11 https://github.com/vaadin/flow 11 https://github.com/urllib3/urllib3 11 https://github.com/openstack/glance 11 https://github.com/scrapy/scrapy 11 https://github.com/zitadel/zitadel 11 https://github.com/janeczku/calibre-web 11 https://github.com/1Panel-dev/1Panel 11 https://github.com/onionshare/onionshare 11 https://github.com/vercel/next.js 11 https://github.com/drupal/core 11 https://github.com/cloudflare/cfrpki 11 https://github.com/Studio-42/elFinder 11 https://github.com/nats-io/nats-server 11 https://github.com/igniterealtime/Openfire 11 https://github.com/ezsystems/ezpublish-kernel 11 https://github.com/phusion/passenger 10 https://github.com/dpgaspar/Flask-AppBuilder 10 https://github.com/nocodb/nocodb 10 https://github.com/nextauthjs/next-auth 10 https://github.com/dolibarr/dolibarr 10 https://github.com/wagtail/wagtail 10 https://github.com/keystonejs/keystone 10 https://github.com/zopefoundation/Zope 10 https://github.com/greenpau/caddy-security 10 https://github.com/jupyter/notebook 10 https://github.com/apache/zeppelin 10 https://github.com/Sylius/Sylius 10 https://github.com/jquery/jquery 10 https://github.com/OPCFoundation/UA-.NETStandard 10 https://github.com/ethyca/fides 10 https://github.com/jenkinsci/git-plugin 10 https://github.com/codeigniter4/CodeIgniter4 10 https://github.com/pimcore/admin-ui-classic-bundle 10 https://github.com/nautobot/nautobot 10 https://github.com/faucetsdn/ryu 9 https://github.com/giampaolo/pyftpdlib 9 https://github.com/alextselegidis/easyappointments 9 https://github.com/cosmos/cosmos-sdk 9 https://github.com/LavaLite/cms 9 https://github.com/funadmin/funadmin 9 https://github.com/cui2shark/cms 9