Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories

Loading...
Low
GSA_kwCzR0hTQS00dmM4LXBnNWMtdmc0eM4AA8_G
Keycloak's improper input validation allows using email as username
Ecosystems: maven
Packages: org.keycloak:keycloak-services
Source: GitHub Advisory Database
Blast Radius: 10.2
Published: 30 days ago
Moderate
GSA_kwCzR0hTQS1jdjIzLXE2Z2gteGZyZs4AA8_F
WooCommerce has a Cross-Site Scripting Vulnerability in checkout & registration forms
Ecosystems: packagist
Packages: woocommerce/woocommerce
Source: GitHub Advisory Database
Blast Radius: 11.8
Published: 30 days ago
High
GSA_kwCzR0hTQS13cnZoLXJjbXItOXFmY84AA8_E
@strapi/plugin-users-permissions leaks 3rd party authentication tokens and authentication bypass
Ecosystems: npm
Packages: @strapi/plugin-users-permissions
Source: GitHub Advisory Database
Blast Radius: 24.6
Published: 30 days ago
Moderate
GSA_kwCzR0hTQS1wbTlxLXhqOXAtOTZwbc4AA8_D
@strapi/plugin-upload has a Denial-of-Service via Improper Exception Handling
Ecosystems: npm
Packages: @strapi/plugin-upload
Source: GitHub Advisory Database
Blast Radius: 18.3
Published: 30 days ago
Low
GSA_kwCzR0hTQS02ajg5LWZyeGMtcTI2bc4AA8_C
@strapi/plugin-content-manager leaks data via relations via the Admin Panel
Ecosystems: npm
Packages: @strapi/plugin-content-manager
Source: GitHub Advisory Database
Blast Radius: 7.9
Published: 30 days ago
Moderate
GSA_kwCzR0hTQS1jYzU1LW12cWMtZzltZ84AA8-u
SummerNote Cross Site Scripting Vulnerability
Ecosystems: npm
Packages: summernote
Source: GitHub Advisory Database
Blast Radius: 25.2
Published: 30 days ago
High
GSA_kwCzR0hTQS1ncHJqLTNwNzUtZjk5Ns4AA8-l
Globus `identity_provider` restriction ignored when used with `allow_all` in JupyterHub 5.0
Ecosystems: pypi
Packages: oauthenticator
Source: GitHub Advisory Database
Blast Radius: 17.2
Published: 30 days ago
High
GSA_kwCzR0hTQS12NzRjLXFjNDYtOWdnOc4AA8-d
Apache Submarine Server Core has a SQL Injection Vulnerability
Ecosystems: maven
Packages: org.apache.submarine:submarine-server-core
Source: GitHub Advisory Database
Blast Radius: 7.7
Published: 30 days ago
Critical
GSA_kwCzR0hTQS02cTk3LTh2M2ctcnB4d84AA8-X
Apache Submarine Server Core Incorrect Authorization vulnerability
Ecosystems: maven
Packages: org.apache.submarine:submarine-server-core
Source: GitHub Advisory Database
Blast Radius: 8.7
Published: 30 days ago
Moderate
GSA_kwCzR0hTQS00YzdxLW03aGMtcGM5Ms4AA8-U
Elasticsearch Remote Cluster Search Cross Cluster API Key insufficient restrictions
Ecosystems: maven
Packages: org.elasticsearch:elasticsearch
Source: GitHub Advisory Database
Blast Radius: 27.7
Published: 30 days ago
Moderate
GSA_kwCzR0hTQS1qd2NnLXd2NXgtdmczZ84AA8-T
Apache Submarine Commons Utils has a hard-coded secret
Ecosystems: maven
Packages: org.apache.submarine:submarine-commons-utils
Source: GitHub Advisory Database
Blast Radius: 6.2
Published: 30 days ago
Critical
GSA_kwCzR0hTQS12cXdyLXE2Y2MtYzI0Ms4AA89T
parisneo/lollms Local File Inclusion (LFI) attack
Ecosystems: pypi
Packages: lollms
Source: GitHub Advisory Database
Blast Radius: 5.5
Published: about 1 month ago
Critical
GSA_kwCzR0hTQS1mdmNxLTR4NjQtaHF4cs4AA880
Jupyter Server Proxy has a reflected XSS issue in host parameter
Ecosystems: pypi
Packages: jupyter-server-proxy
Source: GitHub Advisory Database
Blast Radius: 25.8
Published: about 1 month ago
Critical
GSA_kwCzR0hTQS12NWdmLXI3OGgtNTVxNs4AA88z
document-merge-service vulnerable to Remote Code Execution via Server-Side Template Injection
Ecosystems: pypi
Packages: document-merge-service
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 month ago
High
GSA_kwCzR0hTQS0yY3d3LWZnbWctNGpxY84AA88y
Keycloak's admin API allows low privilege users to use administrative functions
Ecosystems: maven
Packages: org.keycloak:keycloak-services
Source: GitHub Advisory Database
Blast Radius: 22.3
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS03am13LTgyNTktcTlqeM4AA88x
Traefik has unexpected behavior with IPv4-mapped IPv6 addresses
Ecosystems: go
Packages: github.com/traefik/traefik, github.com/traefik/traefik/v2, github.com/traefik/traefik/v3
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS1tNXZ2LTZyNGgtM3ZqOc4AA88w
Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability
Ecosystems: nuget, maven, npm, go, pypi
Packages: Microsoft.Identity.Client, com.microsoft.azure:msal4j, @azure/msal-node, Azure.Identity, github.com/Azure/azure-sdk-for-go/sdk/azidentity, com.azure:azure-identity, @azure/identity, azure-identity
Source: GitHub Advisory Database
Blast Radius: 78.6
Published: about 1 month ago
High
GSA_kwCzR0hTQS0zMmY4LWhtcjMtN3Z4Z84AA88T
Azure Storage Movement Client Library Denial of Service Vulnerability
Ecosystems: nuget
Packages: Microsoft.Azure.Storage.DataMovement
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS03djV2LTloNjMtY2o4Ns4AA85H
@grpc/grpc-js can allocate memory for incoming messages well above configured limits
Ecosystems: npm
Packages: @grpc/grpc-js
Source: GitHub Advisory Database
Blast Radius: 28.5
Published: about 1 month ago
High
GSA_kwCzR0hTQS12dmhqLXY4OGYtNWd4cs4AA85G
ghtml Cross-Site Scripting (XSS) vulnerability
Ecosystems: npm
Packages: ghtml
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 month ago
High
GSA_kwCzR0hTQS00N2Y2LTVncTMtdng5Y84AA85F
Composer has a command injection via malicious git branch name
Ecosystems: packagist
Packages: composer/composer
Source: GitHub Advisory Database
Blast Radius: 40.0
Published: about 1 month ago
High
GSA_kwCzR0hTQS12OXF2LWM3d20td2dtZs4AA85E
Composer has multiple command injections via malicious git/hg branch names
Ecosystems: packagist
Packages: composer/composer
Source: GitHub Advisory Database
Blast Radius: 40.0
Published: about 1 month ago
High
GSA_kwCzR0hTQS1xZzMzLXgyYzUtNnA0NM4AA84o
Langflow remote code execution vulnerability
Ecosystems: pypi
Packages: langflow
Source: GitHub Advisory Database
Blast Radius: 9.2
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS14bW14LTdqcGYtZng0Ms4AA84W
Moby (Docker Engine) is vulnerable to Ambiguous OCI manifest parsing
Ecosystems: go
Packages: github.com/moby/moby, github.com/docker/docker
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS05OXBnLWdybTUtcXEzds4AA84V
Docker CLI leaks private registry credentials to registry-1.docker.io
Ecosystems: go
Packages: github.com/docker/cli
Source: GitHub Advisory Database
Blast Radius: 22.8
Published: about 1 month ago
Low
GSA_kwCzR0hTQS12OTk0LWY4dnctZzdqNM4AA84U
`docker cp` allows unexpected chmod of host files in Moby Docker Engine
Ecosystems: go
Packages: github.com/docker/docker
Source: GitHub Advisory Database
Blast Radius: 12.9
Published: about 1 month ago
High
GSA_kwCzR0hTQS02OWZwLTdjOHAtY3Jqcs4AA84T
Keycloak exposes sensitive information in Pushed Authorization Requests (PAR)
Ecosystems: maven
Packages: org.keycloak:keycloak-services
Source: GitHub Advisory Database
Blast Radius: 20.6
Published: about 1 month ago
High
GSA_kwCzR0hTQS04N205LXJ2OHAtcmdtZ84AA84S
go-grpc-compression has a zstd decompression bombing vulnerability
Ecosystems: go
Packages: github.com/mostynb/go-grpc-compression
Source: GitHub Advisory Database
Blast Radius: 20.3
Published: about 1 month ago
Critical
GSA_kwCzR0hTQS0zbXdjLTJjajctZ3g4Y84AA83Q
lunary-ai/lunary Access Control Vulnerability in Prompt Variation Management
Ecosystems: pypi
Packages: lunary
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 month ago
High
GSA_kwCzR0hTQS01MzU3LWMyangtdjdxaM4AA83F
Authlib has algorithm confusion with asymmetric public keys
Ecosystems: pypi
Packages: authlib
Source: GitHub Advisory Database
Blast Radius: 24.7
Published: about 1 month ago
Critical
GSA_kwCzR0hTQS13NXhtLW14NDctdjdjOM4AA81m
lunary-ai/lunary allows users unauthorized access to projects
Ecosystems: npm
Packages: lunary
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 month ago
Low
GSA_kwCzR0hTQS05OWhtLTg2aDctZ3IzZ84AA81n
zenml-io/zenml does not expire the session after password reset
Ecosystems: pypi
Packages: zenml
Source: GitHub Advisory Database
Blast Radius: 6.4
Published: about 1 month ago
High
GSA_kwCzR0hTQS1yY200LWp2NWctd2Njbc4AA80Y
zfr authentication adapter did not verify validity of tokens
Ecosystems: packagist
Packages: zfr/zfr-oauth2-server-module
Source: GitHub Advisory Database
Blast Radius: 7.2
Published: about 1 month ago
High
GSA_kwCzR0hTQS0zeDU3LW01cDQtcmdoNM4AA80X
ZendOpenID potential security issue in login mechanism
Ecosystems: packagist
Packages: zendframework/zendopenid
Source: GitHub Advisory Database
Blast Radius: 7.2
Published: about 1 month ago
Critical
GSA_kwCzR0hTQS02ZnF3LWozdm0tN2Y2Ns4AA80W
Zendframework1 Potential SQL injection in ORDER and GROUP functions
Ecosystems: packagist
Packages: zendframework/zendframework1
Source: GitHub Advisory Database
Blast Radius: 28.7
Published: about 1 month ago
High
GSA_kwCzR0hTQS04NDhmLW1waDUtOXBtOc4AA80V
Zendframework Potential Information Disclosure and Insufficient Entropy vulnerability
Ecosystems: packagist
Packages: zendframework/zendframework1
Source: GitHub Advisory Database
Blast Radius: 21.9
Published: about 1 month ago
High
GSA_kwCzR0hTQS04eGh2LWdxbTQtM3c5Oc4AA80U
ZendFramework1 Potential Insufficient Entropy Vulnerability
Ecosystems: packagist
Packages: zendframework/zendframework1
Source: GitHub Advisory Database
Blast Radius: 21.9
Published: about 1 month ago
Critical
GSA_kwCzR0hTQS12NDJnLTdxMngtY3czMs4AA80T
Zendframework1 potential SQL injection vector using null byte for PDO (MsSql, SQLite)
Ecosystems: packagist
Packages: zendframework/zendframework1
Source: GitHub Advisory Database
Blast Radius: 28.7
Published: about 1 month ago
High
GSA_kwCzR0hTQS1tZzR4LXByaDctZzRteM4AA80S
Zend-Captcha Information Disclosure and Insufficient Entropy vulnerability
Ecosystems: packagist
Packages: zendframework/zend-captcha
Source: GitHub Advisory Database
Blast Radius: 25.2
Published: about 1 month ago
Critical
GSA_kwCzR0hTQS0yeDM2LXFoeDMtN201Zs4AA80R
ZendFramework1 Potential SQL injection in the ORDER implementation of Zend_Db_Select
Ecosystems: packagist
Packages: zendframework/zendframework1
Source: GitHub Advisory Database
Blast Radius: 28.7
Published: about 1 month ago
High
GSA_kwCzR0hTQS05djc4LWgyMjYtMnJtcc4AA80Q
Zendframework potential security issue in login mechanism
Ecosystems: packagist
Packages: zendframework/zendframework1
Source: GitHub Advisory Database
Blast Radius: 21.9
Published: about 1 month ago
Critical
GSA_kwCzR0hTQS14ODZ4LXFoZjgtZjM3d84AA80P
willdurand/js-translation-bundle potential path traversal attack and remote code injection
Ecosystems: packagist
Packages: willdurand/js-translation-bundle
Source: GitHub Advisory Database
Blast Radius: 24.1
Published: about 1 month ago
High
GSA_kwCzR0hTQS05N2g3LW1mMzgtZzltZs4AA80O
Adminer file disclosure vulnerability
Ecosystems: packagist
Packages: vrana/adminer
Source: GitHub Advisory Database
Blast Radius: 14.8
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS03OGhtLTVoanctNThtaM4AA80N
ua-parser/uap-php ReDoS vulnerability
Ecosystems: packagist
Packages: ua-parser/uap-php
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS1xZzdtLW13eG0tajNoN84AA80M
Zend-developer-tools information disclosure vulnerability
Ecosystems: packagist
Packages: zendframework/zend-developer-tools
Source: GitHub Advisory Database
Blast Radius: 16.5
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS00dmY2LW1xN3ctM2hwNs4AA80L
Zend_Filter_StripTags vulnerable to Cross-site Scripting when comments allowed
Ecosystems: packagist
Packages: zendframework/zendframework1
Source: GitHub Advisory Database
Blast Radius: 17.8
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS1mcTRwLTg2aGgtNDJ2Oc4AA80K
Zend-Diactoros URL Rewrite vulnerability
Ecosystems: packagist
Packages: zendframework/zend-diactoros
Source: GitHub Advisory Database
Blast Radius: 21.5
Published: about 1 month ago
High
GSA_kwCzR0hTQS02djdwLTVxY3EtMjY4Y84AA80J
Zend-Navigation vulnerable to Cross-site Scripting
Ecosystems: packagist
Packages: zendframework/zend-navigation
Source: GitHub Advisory Database
Blast Radius: 23.7
Published: about 1 month ago
High
GSA_kwCzR0hTQS1qbW1wLXZoOTYtNzhybc4AA80I
Zend-Feed URL Rewrite vulnerability
Ecosystems: packagist
Packages: zendframework/zend-feed
Source: GitHub Advisory Database
Blast Radius: 29.0
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS00djU3LXB3dmYteDM1as4AA80H
Zendframework potential Cross-site Scripting vector in `Zend_Service_ReCaptcha_MailHide`
Ecosystems: packagist
Packages: zendframework/zendframework1
Source: GitHub Advisory Database
Blast Radius: 17.8
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS1ndnBwLTZqcmotNXBxY84AA80G
Zend-Form vulnerable to Cross-site Scripting
Ecosystems: packagist
Packages: zendframework/zend-form
Source: GitHub Advisory Database
Blast Radius: 22.0
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS12dm0zLXJ2NDgtajNnNc4AA80F
Zendframework Potential XSS or HTML Injection vector in Zend_Json
Ecosystems: packagist
Packages: zendframework/zendframework1
Source: GitHub Advisory Database
Blast Radius: 17.8
Published: about 1 month ago
High
GSA_kwCzR0hTQS1jZzh3LTVqcmMtNjc1Z84AA80E
Zend-HTTP URL Rewrite vulnerability
Ecosystems: packagist
Packages: zendframework/zend-http
Source: GitHub Advisory Database
Blast Radius: 28.8
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS13NW1qLWo0NXEtbTYzOM4AA80D
ZendFramework1 Potential Security Issues in Bundled Dojo Library
Ecosystems: packagist
Packages: zendframework/zendframework1
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 month ago
Critical
GSA_kwCzR0hTQS04eDJ2LXBjZzctOTRmNM4AA80C
Zend-JSON vulnerable to XXE/XEE attacks
Ecosystems: packagist
Packages: zendframework/zend-json
Source: GitHub Advisory Database
Blast Radius: 40.0
Published: about 1 month ago
High
GSA_kwCzR0hTQS0yMjl4LTIyeGMtMmYyd84AA80B
Zendframework Local file disclosure via XXE injection in Zend_XmlRpc
Ecosystems: packagist
Packages: zendframework/zendframework1
Source: GitHub Advisory Database
Blast Radius: 25.2
Published: about 1 month ago
High
GSA_kwCzR0hTQS0yang3LXhnODMtajJtN84AA80A
Zendframework Denial of Service vector via XEE injection
Ecosystems: packagist
Packages: zendframework/zendframework1
Source: GitHub Advisory Database
Blast Radius: 21.9
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS1nd3BtLXBtNngtaDdyas4AA8z_
ZendFramework Cross-site Scripting vector in `Zend_Filter_StripTags`
Ecosystems: packagist
Packages: zendframework/zendframework1
Source: GitHub Advisory Database
Blast Radius: 17.8
Published: about 1 month ago
Critical
GSA_kwCzR0hTQS1oeDU0LXBmMjgtN3hjaM4AA8z8
ebookmeta XML External Entity vulnerability
Ecosystems: pypi
Packages: ebookmeta
Source: GitHub Advisory Database
Blast Radius: 2.7
Published: about 1 month ago
High
GSA_kwCzR0hTQS13aGY0LWZwajgtcGdnOM4AA8z1
ebookmeta XML External Entity vulnerability
Ecosystems: pypi
Packages: ebookmeta
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS05NmM2LW05OHgtaHhqeM4AA8zy
Zend-Session session validation vulnerability
Ecosystems: packagist
Packages: zendframework/zend-session
Source: GitHub Advisory Database
Blast Radius: 22.9
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS1nNTJwLTg2ajUteHI4cc4AA8zx
ZendFramework Potential Cross-site Scripting in Development Environment Error View Script
Ecosystems: packagist
Packages: zendframework/zendframework1
Source: GitHub Advisory Database
Blast Radius: 17.8
Published: about 1 month ago
High
GSA_kwCzR0hTQS1jeGY3LW01ZzItdjU5NM4AA8zw
Zend-Mail remote code execution in zend-mail via Sendmail adapter
Ecosystems: packagist
Packages: zendframework/zend-mail
Source: GitHub Advisory Database
Blast Radius: 30.3
Published: about 1 month ago
Critical
GSA_kwCzR0hTQS1taHB4LTNydjgtd3Jqbc4AA8zv
ZendFramework potential XML eXternal Entity injection vectors
Ecosystems: packagist
Packages: zendframework/zendframework1
Source: GitHub Advisory Database
Blast Radius: 28.7
Published: about 1 month ago
High
GSA_kwCzR0hTQS00ajl4LWc0eDgtdmNtZs4AA8zu
ZendFramework potential XML eXternal Entity injection vectors
Ecosystems: packagist
Packages: zendframework/zendframework1
Source: GitHub Advisory Database
Blast Radius: 21.9
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS1oZzM1LXZxcDMtZnYzOc4AA8zt
ZendFramework potential Cross-site Scripting vectors due to inconsistent encodings
Ecosystems: packagist
Packages: zendframework/zendframework1
Source: GitHub Advisory Database
Blast Radius: 17.8
Published: about 1 month ago
Critical
GSA_kwCzR0hTQS1xZjM2LWZ4OWYtMjMyeM4AA8zs
ZendFramework potential SQL Injection Vector When Using PDO_MySql
Ecosystems: packagist
Packages: zendframework/zendframework1
Source: GitHub Advisory Database
Blast Radius: 28.7
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS1qNTQzLXZnMzMtZzZ2as4AA8zr
ZendFramework potential Cross-site Scripting vector in `Zend_Dojo_View_Helper_Editor`
Ecosystems: packagist
Packages: zendframework/zendframework1
Source: GitHub Advisory Database
Blast Radius: 17.8
Published: about 1 month ago
Critical
GSA_kwCzR0hTQS1mNGZqLXE2bTQtY2M1Ms4AA8zq
ZendFramework vulnerable to XXE/XEE attacks
Ecosystems: packagist
Packages: zendframework/zend-xmlrpc
Source: GitHub Advisory Database
Blast Radius: 29.9
Published: about 1 month ago
High
GSA_kwCzR0hTQS1oeDNtLTk1OWYtdjg0Oc4AA8zp
ZendFramework local file inclusion vector in `Zend_View::setScriptPath()` and `render()`
Ecosystems: packagist
Packages: zendframework/zendframework1
Source: GitHub Advisory Database
Blast Radius: 21.9
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS1tN2hyLWo4NjctM2YzNM4AA8zo
ZendFramework has potential Cross-site Scripting vector in multiple view helpers
Ecosystems: packagist
Packages: zendframework/zend-view
Source: GitHub Advisory Database
Blast Radius: 22.6
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS1maDdyLTU4cTQtNjM4N84AA8zn
Zendframework URL Rewrite vulnerability
Ecosystems: packagist
Packages: zendframework/zendframework
Source: GitHub Advisory Database
Blast Radius: 18.3
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS01Z21mLTNjNDMtcTczds4AA8zm
ZendFramework vulnerable to Cross-site Scripting
Ecosystems: packagist
Packages: zendframework/zendframework
Source: GitHub Advisory Database
Blast Radius: 23.8
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS1nZmYyLXA2dm0tM3A4Z84AA8zl
ZendFramework potential remote code execution in zend-mail via Sendmail adapter
Ecosystems: packagist
Packages: zendframework/zendframework
Source: GitHub Advisory Database
Blast Radius: 25.4
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS1tZzdoLTlxZngtNHI4M84AA8zk
ZendFramework Potential Proxy Injection Vulnerabilities
Ecosystems: packagist
Packages: zendframework/zendframework
Source: GitHub Advisory Database
Blast Radius: 23.0
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS0yZmhyLThyOHItcXA1Ns4AA8zj
ZendFramework Information Disclosure and Insufficient Entropy vulnerability
Ecosystems: packagist
Packages: zendframework/zendframework
Source: GitHub Advisory Database
Blast Radius: 20.7
Published: about 1 month ago
High
GSA_kwCzR0hTQS14MmY0LTh3eGYtdzN2Zs4AA8zi
ZendFramework SQL injection due to execution of platform-specific SQL containing interpolations
Ecosystems: packagist
Packages: zendframework/zendframework
Source: GitHub Advisory Database
Blast Radius: 34.3
Published: about 1 month ago
Critical
GSA_kwCzR0hTQS1xYzd3LTQ1NjctODR3ds4AA8zh
Zendframework vulnerable to XXE/XEE attacks
Ecosystems: packagist
Packages: zendframework/zendframework
Source: GitHub Advisory Database
Blast Radius: 38.2
Published: about 1 month ago
High
GSA_kwCzR0hTQS14Zzl3LXI0NjktbTQ1Nc4AA8zg
ZendFramework Potential Information Disclosure and Insufficient Entropy vulnerabilities
Ecosystems: packagist
Packages: zendframework/zendframework
Source: GitHub Advisory Database
Blast Radius: 28.9
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS02MmY2LWg2OHItM2pwd84AA8zf
Zendframework session validation vulnerability
Ecosystems: packagist
Packages: zendframework/zendframework
Source: GitHub Advisory Database
Blast Radius: 25.4
Published: about 1 month ago
High
GSA_kwCzR0hTQS1qcTg3LTJ3eHAtODM0Oc4AA8ze
ZendFramework Route Parameter Injection Via Query String in `Zend\Mvc`
Ecosystems: packagist
Packages: zendframework/zendframework
Source: GitHub Advisory Database
Blast Radius: 29.3
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS04cTc3LWN2NjItamozOM4AA8zd
Zendframework has potential Cross-site Scripting vector in multiple view helpers
Ecosystems: packagist
Packages: zendframework/zendframework
Source: GitHub Advisory Database
Blast Radius: 23.8
Published: about 1 month ago
High
GSA_kwCzR0hTQS14ZmZwLTZ3NjgtNDc3Nc4AA8zc
Zendframework Remote Address Spoofing Vector in `Zend\Http\PhpEnvironment\RemoteAddress`
Ecosystems: packagist
Packages: zendframework/zendframework
Source: GitHub Advisory Database
Blast Radius: 29.3
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS1mM3dmLXE0ZmotM2d4Zs4AA8zb
TYPO3 Denial of Service in Online Media Asset Handling
Ecosystems: packagist
Packages: typo3/cms
Source: GitHub Advisory Database
Blast Radius: 17.0
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS02NDg3LTNxdmctOHB4Oc4AA8za
TYPO3 Information Disclosure in Install Tool
Ecosystems: packagist
Packages: typo3/cms
Source: GitHub Advisory Database
Blast Radius: 13.8
Published: about 1 month ago
High
GSA_kwCzR0hTQS1mNzc3LWY3ODQtMzZnbc4AA8zZ
TYPO3 Security Misconfiguration in Install Tool Cookie
Ecosystems: packagist
Packages: typo3/cms
Source: GitHub Advisory Database
Blast Radius: 21.1
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS0ycmN3LTlocm0tOHE3cc4AA8zY
TYPO3 Cross-Site Scripting in Frontend User Login
Ecosystems: packagist
Packages: typo3/cms
Source: GitHub Advisory Database
Blast Radius: 14.1
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS03cTMzLWh4d2otN3A4ds4AA8zX
TYPO3 Cross-Site Scripting in Backend Modal Component
Ecosystems: packagist
Packages: typo3/cms
Source: GitHub Advisory Database
Blast Radius: 14.1
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS04bTZqLXA1anYtdjY5d84AA8zW
TYPO3 Cross-Site Scripting in Online Media Asset Rendering
Ecosystems: packagist
Packages: typo3/cms
Source: GitHub Advisory Database
Blast Radius: 14.1
Published: about 1 month ago
Low
GSA_kwCzR0hTQS01NWYzLTNxdmctOHB2Nc4AA8zV
Symlink bypasses filesystem sandbox
Ecosystems: cargo
Packages: wasmer
Source: GitHub Advisory Database
Blast Radius: 8.3
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS01cHhyLTdtNGotampjNs4AA8zU
Cross-site scripting (XSS) vulnerability in Description metadata
Ecosystems: packagist
Packages: getformwork/formwork
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 month ago
High
GSA_kwCzR0hTQS04aDRtLXI0d20teGo3cs4AA8zT
TYPO3 Arbitrary Code Execution via File List Module
Ecosystems: packagist
Packages: typo3/cms
Source: GitHub Advisory Database
Blast Radius: 23.0
Published: about 1 month ago
High
GSA_kwCzR0hTQS1nNTg1LWNyamYtdmh3cc4AA8zJ
TYPO3 Denial of Service in Frontend Record Registration
Ecosystems: packagist
Packages: typo3/cms
Source: GitHub Advisory Database
Blast Radius: 19.6
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS1mNjI0LThoZnEtNWZoM84AA8zI
TYPO3 Information Disclosure of Installed Extensions
Ecosystems: packagist
Packages: typo3/cms
Source: GitHub Advisory Database
Blast Radius: 13.8
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS12OG00LTN3MzctZ2h4eM4AA8zH
TYPO3 Cross-Site Scripting in Form Framework validation handling
Ecosystems: packagist
Packages: typo3/cms
Source: GitHub Advisory Database
Blast Radius: 15.9
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS00aDVjLTVnMjUtdjdmaM4AA8zG
TYPO3 Cross-Site Scripting in Form Framework
Ecosystems: packagist
Packages: typo3/cms
Source: GitHub Advisory Database
Blast Radius: 15.9
Published: about 1 month ago
High
GSA_kwCzR0hTQS1jNW1qLTM5Y2YtM3BwNc4AA8zF
TYPO3 Security Misconfiguration for Backend User Accounts
Ecosystems: packagist
Packages: typo3/cms
Source: GitHub Advisory Database
Blast Radius: 19.1
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS14Z214LWozaHYtamg5eM4AA8zE
TYPO3 Cross-Site Scripting in Link Handling
Ecosystems: packagist
Packages: typo3/cms
Source: GitHub Advisory Database
Blast Radius: 15.9
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS03NzJtLTQzZjMtaG1mOM4AA8zD
TYPO3 Broken Access Control in Localization Handling
Ecosystems: packagist
Packages: typo3/cms
Source: GitHub Advisory Database
Blast Radius: 17.0
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS1nN2h3LWpoNHAtNzV3cs4AA8zC
TYPO3 Cross-Site Scripting in Filelist Module
Ecosystems: packagist
Packages: typo3/cms
Source: GitHub Advisory Database
Blast Radius: 15.9
Published: about 1 month ago
Statistics
Advisories: 19,479
Packages: 8,596
Repositories: 5,224
Ecosystems: 12
Filter by Package
tensorflow 432 tensorflow-cpu 387 tensorflow-gpu 384 moodle/moodle 342 Microsoft.ChakraCore 247 magento/community-edition 204 org.jenkins-ci.main:jenkins-core 189 typo3/cms 174 org.apache.tomcat:tomcat 133 pimcore/pimcore 117 dolibarr/dolibarr 111 typo3/cms-core 106 phpmyadmin/phpmyadmin 92 microweber/microweber 91 drupal/core 91 silverstripe/framework 83 django 80 apache-airflow 80 drupal/drupal 76 thorsten/phpmyfaq 70 com.fasterxml.jackson.core:jackson-databind 69 symfony/symfony 64 ansible 63 github.com/usememos/memos 59 actionpack 58 salt 55 org.apache.struts:struts2-core 55 librenms/librenms 54 Plone 52 concrete5/concrete5 52 apache-superset 50 shopware/platform 48 org.keycloak:keycloak-core 47 nova 47 mlflow 46 github.com/grafana/grafana 45 com.liferay.portal:release.portal.bom 45 plone 43 baserproject/basercms 43 nokogiri 43 rdiffweb 42 Pillow 41 showdoc/showdoc 40 craftcms/cms 40 intelliants/subrion 39 github.com/mattermost/mattermost/server/v8 38 vyper 38 github.com/mattermost/mattermost-server/v6 37 org.apache.tomcat.embed:tomcat-embed-core 37 nilsteampassnet/teampass 37 froxlor/froxlor 37 com.jfinal:jfinal 36 shopware/core 36 Django 36 com.thoughtworks.xstream:xstream 36 org.xwiki.platform:xwiki-platform-oldcore 35 moin 35 matrix-synapse 35 net.mingsoft:ms-mcms 35 org.elasticsearch:elasticsearch 34 zendframework/zendframework1 34 github.com/answerdev/answer 34 snipe/snipe-it 33 k8s.io/kubernetes 33 org.jenkins-ci.plugins:script-security 32 keystone 31 github.com/rancher/rancher 31 org.keycloak:keycloak-services 31 github.com/argoproj/argo-cd 31 opencv-python 30 opencv-contrib-python 30 mautic/core 30 shopware/shopware 30 io.undertow:undertow-core 30 parse-server 30 getgrav/grav 29 github.com/hashicorp/vault 29 github.com/docker/docker 28 centreon/centreon 27 prestashop/prestashop 26 github.com/hashicorp/consul 26 github.com/hashicorp/nomad 26 electron 26 openssl-src 26 org.keycloak:keycloak-parent 25 github.com/argoproj/argo-cd/v2 25 rubygems-update 25 org.apache.solr:solr-core 25 magento/core 24 mediawiki/core 24 gogs.io/gogs 24 rack 23 remdex/livehelperchat 23 puppet 23 zendframework/zendframework 23 pocketmine/pocketmine-mp 23 grumpydictator/firefly-iii 23 simplesamlphp/simplesamlphp 23 org.springframework.security:spring-security-core 23 org.eclipse.jetty:jetty-server 23 getkirby/cms 22 ckb 22 org.bouncycastle:bcprov-jdk14 22 org.apache.nifi:nifi 22 directus 21 github.com/cilium/cilium 21 org.apache.openmeetings:openmeetings-parent 21 activerecord 21 @openzeppelin/contracts-upgradeable 21 contao/core-bundle 21 glance 20 tribalsystems/zenario 20 @openzeppelin/contracts 20 org.cloudfoundry.identity:cloudfoundry-identity-server 20 github.com/ethereum/go-ethereum 20 DotNetNuke.Core 19 laravel/framework 19 Microsoft.AspNetCore.App.Runtime.win-x86 19 org.springframework:spring-core 19 Microsoft.AspNetCore.App.Runtime.win-x64 19 langchain 19 code.gitea.io/gitea 19 cockpit-hq/cockpit 18 forkcms/forkcms 18 com.liferay.portal:release.dxp.bom 18 gradio 18 golang.org/x/net 18 Microsoft.AspNetCore.App.Runtime.win-arm 18 contao/contao 18 com.vaadin:vaadin-bom 18 cobbler 17 francoisjacquet/rosariosis 17 cakephp/cakephp 17 Microsoft.AspNetCore.App.Runtime.osx-x64 17 symfony/security 17 mercurial 17 github.com/goharbor/harbor 17 helm.sh/helm/v3 17 genix/cms 17 PaddlePaddle 17 Microsoft.AspNetCore.App.Runtime.linux-arm 17 topthink/framework 17 org.xwiki.platform:xwiki-platform-web-templates 17 Microsoft.AspNetCore.App.Runtime.linux-arm64 17 org.apache.geode:geode-core 17 github.com/traefik/traefik/v2 17 Microsoft.AspNetCore.App.Runtime.linux-musl-x64 17 Microsoft.AspNetCore.App.Runtime.linux-x64 17 ezsystems/ezpublish-kernel 17 wasmtime 16 org.apache.activemq:activemq-client 16 org.apache.dubbo:dubbo 16 tinymce 16 neutron 16 yetiforce/yetiforce-crm 16 Microsoft.AspNetCore.App.Runtime.win-arm64 16 rusqlite 16 org.apache.jspwiki:jspwiki-main 16 opencart/opencart 16 org.bouncycastle:bcprov-jdk15 16 pillow 16 sequelize 16 next 16 Microsoft.AspNetCore.App.Runtime.linux-musl-arm64 16 smarty/smarty 15 notebook 15 paddlepaddle 15 cryptography 15 october/system 15 ec-cube/ec-cube 15 openmage/magento-lts 15 org.apache.struts.xwork:xwork-core 15 swagger-ui 14 pyload-ng 14 symfony/security-http 14 activesupport 14 silverstripe/cms 14 modoboa 14 typo3/cms-backend 14 github.com/containerd/containerd 14 org.apache.inlong:manager-pojo 14 pyftpdlib 14 org.xwiki.platform:xwiki-platform-web 14 publify_core 14 phpmailer/phpmailer 14 ghost 14 lavalite/cms 13 org.apache.cxf:cxf 13 ethyca-fides 13 passenger 13 codeigniter4/framework 13 ckeditor4 13 github.com/nats-io/nats-server/v2 13 vantage6 13 strapi 13 org.apache.hadoop:hadoop-main 13 deno 13 bolt/bolt 13 github.com/mattermost/mattermost-server 13 elefant/cms 13
Filter by Repository
https://github.com/tensorflow/tensorflow 432 https://github.com/chakra-core/ChakraCore 214 https://github.com/moodle/moodle 214 https://github.com/xwiki/xwiki-platform 174 https://github.com/jenkinsci/jenkins 148 https://github.com/pimcore/pimcore 112 https://github.com/django/django 107 https://github.com/apache/tomcat 97 https://github.com/apache/airflow 92 https://github.com/microweber/microweber 85 https://github.com/TYPO3/typo3 72 https://github.com/FasterXML/jackson-databind 70 https://github.com/thorsten/phpmyfaq 69 https://github.com/keycloak/keycloak 65 https://github.com/silverstripe/silverstripe-framework 62 https://github.com/usememos/memos 59 https://github.com/symfony/symfony 57 https://github.com/Dolibarr/dolibarr 56 https://github.com/rails/rails 55 https://github.com/ansible/ansible 53 https://github.com/python-pillow/Pillow 52 https://github.com/kubernetes/kubernetes 49 https://github.com/librenms/librenms 46 https://github.com/apache/struts 46 https://github.com/shopware/platform 43 https://github.com/ikus060/rdiffweb 42 https://github.com/spring-projects/spring-framework 41 https://github.com/argoproj/argo-cd 40 https://github.com/grafana/grafana 39 https://github.com/phpmyadmin/phpmyadmin 38 https://github.com/star7th/showdoc 38 https://github.com/vyperlang/vyper 38 https://github.com/openstack/nova 37 https://github.com/plone/Products.CMFPlone 37 https://github.com/x-stream/xstream 36 https://github.com/octobercms/october 35 https://github.com/saltstack/salt 34 https://github.com/answerdev/answer 34 https://github.com/concretecms/concretecms 34 https://github.com/apache/activemq 33 https://github.com/magento/magento2 32 https://github.com/sparklemotion/nokogiri 32 https://github.com/matrix-org/synapse 32 https://github.com/go-gitea/gitea 31 https://github.com/PaddlePaddle/Paddle 31 https://github.com/parse-community/parse-server 30 https://github.com/snipe/snipe-it 29 https://github.com/craftcms/cms 29 https://github.com/mlflow/mlflow 29 https://github.com/mautic/mautic 28 https://github.com/openstack/keystone 28 https://github.com/rancher/rancher 28 https://github.com/CVEProject/cvelist 28 https://github.com/opencv/opencv 28 https://github.com/dotnet/runtime 27 https://github.com/apache/inlong 26 https://github.com/froxlor/froxlor 26 https://github.com/electron/electron 25 https://github.com/TYPO3/TYPO3.CMS 24 https://github.com/strapi/strapi 24 https://github.com/getgrav/grav 24 https://github.com/shopware/shopware 24 https://github.com/livehelperchat/livehelperchat 23 https://github.com/pmmp/PocketMine-MP 23 https://github.com/eclipse/jetty.project 23 https://github.com/gogs/gogs 23 https://github.com/firefly-iii/firefly-iii 23 https://github.com/github/advisory-database 23 https://github.com/contao/contao 22 https://github.com/baserproject/basercms 22 https://github.com/PrestaShop/PrestaShop 22 https://github.com/nervosnetwork/ckb 22 https://github.com/apache/nifi 22 https://github.com/directus/directus 22 https://github.com/cilium/cilium 21 https://github.com/jenkinsci/script-security-plugin 21 https://github.com/netty/netty 20 https://github.com/OpenZeppelin/openzeppelin-contracts 20 https://github.com/OpenNMS/opennms 20 https://github.com/jeecgboot/jeecg-boot 20 https://github.com/simplesamlphp/simplesamlphp 20 https://github.com/cloudfoundry/uaa 19 https://github.com/nilsteampassnet/teampass 19 https://github.com/hashicorp/consul 19 https://github.com/bcgit/bc-java 19 https://github.com/apache/cxf 19 https://github.com/getkirby/kirby 18 https://github.com/intelliants/subrion 18 https://github.com/rack/rack 18 https://github.com/helm/helm 18 https://github.com/rubygems/rubygems 18 https://github.com/nilsteampassnet/TeamPass 18 https://github.com/geoserver/geoserver 18 https://github.com/umbraco/Umbraco-CMS 18 https://github.com/goharbor/harbor 17 https://github.com/bytecodealliance/wasmtime 17 https://github.com/vaadin/platform 17 https://github.com/traefik/traefik 17 https://github.com/liufee/cms 17 https://github.com/rusqlite/rusqlite 16 https://github.com/TYPO3-CMS/core 16 https://github.com/tinymce/tinymce 16 https://github.com/langchain-ai/langchain 16 https://github.com/yetiforcecompany/yetiforcecrm 16 https://github.com/opencast/opencast 16 https://github.com/hashicorp/vault 16 https://github.com/forkcms/forkcms 16 https://github.com/gradio-app/gradio 16 https://github.com/sequelize/sequelize 16 https://github.com/ethereum/go-ethereum 16 https://github.com/moby/moby 16 https://github.com/etcd-io/etcd 16 https://github.com/laravel/framework 15 https://github.com/apache/camel 15 https://github.com/centreon/centreon 15 https://github.com/zendframework/zendframework 15 https://github.com/PHPMailer/PHPMailer 15 https://github.com/OpenMage/magento-lts 15 https://github.com/denoland/deno 15 https://github.com/vantage6/vantage6 15 https://github.com/puppetlabs/puppet 15 https://github.com/cockpit-hq/cockpit 14 https://github.com/cobbler/cobbler 14 https://github.com/containerd/containerd 14 https://github.com/pyca/cryptography 14 https://github.com/mattermost/mattermost 14 https://github.com/pyload/pyload 14 https://github.com/nodejs/undici 13 https://github.com/swagger-api/swagger-ui 13 https://github.com/publify/publify 13 https://github.com/golang/go 13 https://github.com/undertow-io/undertow 13 https://github.com/ethyca/fides 13 https://github.com/hashicorp/nomad 13 https://github.com/ming-soft/MCMS 13 https://github.com/dromara/hutool 13 https://github.com/quarkusio/quarkus 13 https://github.com/modoboa/modoboa 13 https://github.com/xuxueli/xxl-job 13 https://github.com/dompdf/dompdf 13 https://github.com/patriksimek/vm2 12 https://github.com/smarty-php/smarty 12 https://github.com/apache/kylin 12 https://github.com/urllib3/urllib3 12 https://github.com/zitadel/zitadel 12 https://github.com/twisted/twisted 12 https://github.com/ckeditor/ckeditor4 12 https://github.com/dotnet/aspnetcore 12 https://github.com/apache/dolphinscheduler 12 https://github.com/centreon/centreon-archived 12 https://github.com/backstage/backstage 12 https://github.com/laurent22/joplin 12 https://github.com/TryGhost/Ghost 12 https://github.com/wagtail/wagtail 12 https://github.com/vercel/next.js 12 https://github.com/containers/podman 11 https://github.com/nats-io/nats-server 11 https://github.com/top-think/framework 11 https://github.com/Studio-42/elFinder 11 https://github.com/opencontainers/runc 11 https://github.com/cloudflare/cfrpki 11 https://github.com/cakephp/cakephp 11 https://github.com/1Panel-dev/1Panel 11 https://github.com/NodeBB/NodeBB 11 https://github.com/onionshare/onionshare 11 https://github.com/thorsten/phpMyFAQ 11 https://github.com/openfga/openfga 11 https://github.com/vaadin/flow 11 https://github.com/WWBN/AVideo 11 https://github.com/igniterealtime/Openfire 11 https://github.com/pimcore/admin-ui-classic-bundle 11 https://github.com/OPCFoundation/UA-.NETStandard 11 https://github.com/aio-libs/aiohttp 11 https://github.com/decidim/decidim 11 https://github.com/puma/puma 11 https://github.com/yiisoft/yii2 11 https://github.com/openstack/glance 11 https://github.com/scrapy/scrapy 11 https://github.com/drupal/core 11 https://github.com/ezsystems/ezpublish-kernel 11 https://github.com/janeczku/calibre-web 11 https://github.com/apache/zeppelin 10 https://github.com/opencart/opencart 10 https://github.com/spring-projects/spring-security 10 https://github.com/nextauthjs/next-auth 10 https://github.com/dpgaspar/Flask-AppBuilder 10 https://github.com/nocodb/nocodb 10 https://github.com/jquery/jquery 10 https://github.com/cri-o/cri-o 10 https://github.com/phusion/passenger 10 https://github.com/dolibarr/dolibarr 10 https://github.com/jenkinsci/git-plugin 10 https://github.com/Sylius/Sylius 10 https://github.com/codeigniter4/CodeIgniter4 10 https://github.com/zopefoundation/Zope 10 https://github.com/jupyter/notebook 10 https://github.com/nautobot/nautobot 10 https://github.com/DSpace/DSpace 10 https://github.com/greenpau/caddy-security 10