Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories

Loading...
Moderate
GSA_kwCzR0hTQS0zeHhtLTNnM2MtdzU3Oc4AA3B3
Moodle Code Injection vulnerability
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Published: 25 days ago
Moderate
GSA_kwCzR0hTQS05NzI0LWg4cDctcjNqds4AA3Bk
Moodle Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Published: 25 days ago
High
GSA_kwCzR0hTQS13OHgyLXc0cXItdjN4NM4AA3Bg
Moodle Code Injection vulnerability
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Published: 25 days ago
High
GSA_kwCzR0hTQS1jMzVxLWZmcGYtNXFwbc4AA3BV
AsyncSSH Rogue Session Attack
Ecosystems: pypi
Packages: asyncssh
Source: GitHub Advisory Database
Published: 25 days ago
Moderate
GSA_kwCzR0hTQS12OGZjLXF4dmotZjNtZ84AA3BP
NASA Open MCT Cross Site Scripting vulnerability
Ecosystems: npm
Packages: openmct
Source: GitHub Advisory Database
Published: 25 days ago
Moderate
GSA_kwCzR0hTQS00Zzg4LTRoZ20tbTk5eM4AA3BK
NASA Open MCT Cross Site Request Forgery (CSRF) vulnerability
Ecosystems: npm
Packages: openmct
Source: GitHub Advisory Database
Published: 25 days ago
High
GSA_kwCzR0hTQS0zZjM4LTk2cW0tcjNmd84AA3BJ
esptool allows attackers to view sensitive information via weak cryptographic algorithm
Ecosystems: pypi
Packages: esptool
Source: GitHub Advisory Database
Published: 25 days ago
Moderate
GSA_kwCzR0hTQS1jZmMyLXdyMnYtZ3htNc4AA3BH
AsyncSSH Rogue Extension Negotiation
Ecosystems: pypi
Packages: asyncssh
Source: GitHub Advisory Database
Published: 25 days ago
Low
GSA_kwCzR0hTQS03MmZwLXc0NGctNjI1cc4AA3BG
Signing DynamoDB Sets when using the AWS Database Encryption SDK.
Ecosystems: maven
Packages: software.amazon.cryptography:aws-database-encryption-sdk-dynamodb
Source: GitHub Advisory Database
Published: 25 days ago
Moderate
GSA_kwCzR0hTQS14Zm0zLWhqY2MtZ3Y3OM4AA3BF
Any value can be changed in the configuration table by an employee having access to block reassurance module
Ecosystems: packagist
Packages: prestashop/blockreassurance
Source: GitHub Advisory Database
Published: 25 days ago
Critical
GSA_kwCzR0hTQS1mNDc1LXg4M20tcng1bc4AA3Ax
Label Studio has Hardcoded Django `SECRET_KEY` that can be Abused to Forge Session Tokens
Ecosystems: pypi
Packages: label-studio
Source: GitHub Advisory Database
Published: 25 days ago
Critical
GSA_kwCzR0hTQS01d3ZwLTdmM2gtNndtbc4AA3Am
PyArrow: Arbitrary code execution when loading a malicious data file
Ecosystems: pypi
Packages: pyarrow
Source: GitHub Advisory Database
Published: 26 days ago
Moderate
GSA_kwCzR0hTQS1obTkyLXZnbXctcWZteM4AA3Ah
chromedriver Command Injection vulnerability
Ecosystems: npm
Packages: chromedriver
Source: GitHub Advisory Database
Published: 26 days ago
Moderate
GSA_kwCzR0hTQS13ZjVwLWc2dnctcmh4eM4AA2_y
Axios Cross-Site Request Forgery Vulnerability
Ecosystems: npm
Packages: axios
Source: GitHub Advisory Database
Published: 26 days ago
Low
GSA_kwCzR0hTQS1yMnh2LXZwcjItNDJtOc4AA2_p
slsa-verifier vulnerable to mproper validation of npm's publish attestations
Ecosystems: go
Packages: github.com/slsa-framework/slsa-verifier, github.com/slsa-framework/slsa-verifier/v2
Source: GitHub Advisory Database
Published: 26 days ago
Moderate
GSA_kwCzR0hTQS1qbXdtLXcycm0tcHJ2Oc4AA2_o
Microweber Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: microweber/microweber
Source: GitHub Advisory Database
Published: 26 days ago
Moderate
GSA_kwCzR0hTQS04M2oyLXFoeDItcDdqY84AA2_W
PrestaShop blockreassurance BO User can remove any file from server when adding a and deleting a block
Ecosystems: packagist
Packages: prestashop/blockreassurance
Source: GitHub Advisory Database
Published: 26 days ago
High
GSA_kwCzR0hTQS03aDhtLXZyeHgtdnI0bc4AA2_V
ZITADEL race condition in lockout policy execution
Ecosystems: go
Packages: github.com/zitadel/zitadel
Source: GitHub Advisory Database
Published: 26 days ago
Moderate
GSA_kwCzR0hTQS0zdnBmLW1jajctNWgzOM4AA2_U
Ethyca Fides HTML Injection Vulnerability in HTML-Formatted DSR Packages
Ecosystems: pypi
Packages: ethyca-fides
Source: GitHub Advisory Database
Published: 26 days ago
Low
GSA_kwCzR0hTQS00NzV2LXBxMmctZnA5Z84AA2_T
s2n-quic potential denial of service via crafted stream frames
Ecosystems: cargo
Packages: s2n-quic
Source: GitHub Advisory Database
Published: 26 days ago
Low
GSA_kwCzR0hTQS12ZnA2LWpydzItOTlnOc4AA2_S
Cosign vulnerable to possible endless data attack from attacker-controlled registry
Ecosystems: go
Packages: github.com/sigstore/cosign, github.com/sigstore/cosign/v2
Source: GitHub Advisory Database
Published: 26 days ago
Critical
GSA_kwCzR0hTQS1qOXJjLXczd3YtZnY2Ms4AA2_R
XWiki Platform vulnerable to reflected cross-site scripting through revision parameter in content menu
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-flamingo-skin-resources
Source: GitHub Advisory Database
Published: 26 days ago
Critical
GSA_kwCzR0hTQS02MnByLXFxZjctaGg4Oc4AA2_Q
XWiki Platform vulnerable to remote code execution through the section parameter in Administration as guest
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-administration, org.xwiki.platform:xwiki-platform-administration-ui
Source: GitHub Advisory Database
Published: 26 days ago
High
GSA_kwCzR0hTQS01cjhqLXFtY20tN2c3cc4AA2-w
Apache UIMA Java SDK Deserialization of Untrusted Data, Improper Input Validation vulnerability
Ecosystems: maven
Packages: org.apache.uima:uimaj
Source: GitHub Advisory Database
Published: 27 days ago
Moderate
GSA_kwCzR0hTQS0yNnF4LTRtNDktNmNmcs4AA2-p
wildfly-core Exposure of Sensitive Information to an Unauthorized Actor vulnerability
Ecosystems: maven
Packages: org.wildfly.core:wildfly-controller
Source: GitHub Advisory Database
Published: 27 days ago
Low
GSA_kwCzR0hTQS1qNTdyLTRxdzYtNThyM84AA2-Z
rusty_paseto vulnerable to private key extraction due to ed25519-dalek dependency
Ecosystems: cargo
Packages: rusty-paseto
Source: GitHub Advisory Database
Published: 27 days ago
Critical
GSA_kwCzR0hTQS1ybXh3LWM0OGgtMnZmNc4AA2-Y
XWiki Platform privilege escalation from script right to programming right through title displayer
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-display-api
Source: GitHub Advisory Database
Published: 27 days ago
High
GSA_kwCzR0hTQS1nMnFxLWM1ajktNXc1d84AA2-X
XWiki Platform vulnerable to privilege escalation and remote code execution via the edit action
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-oldcore
Source: GitHub Advisory Database
Published: 27 days ago
Critical
GSA_kwCzR0hTQS1oZ3B3LTZwNGgtajZoNc4AA2-W
XWiki Platform vulnerable to remote code execution via the edit action because it lacks CSRF token
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-oldcore
Source: GitHub Advisory Database
Published: 27 days ago
Moderate
GSA_kwCzR0hTQS02NzU4LTk3OWgtMjQ5eM4AA2-V
capsule-proxy service discloses Namespaces of colliding tenants to owners of different tenants with the same ServiceAccount name
Ecosystems: go
Packages: github.com/projectcapsule/capsule-proxy, github.com/projectcapsule/capsule
Source: GitHub Advisory Database
Published: 27 days ago
Moderate
GSA_kwCzR0hTQS14dnE2LWg4OTgtd2NqOM4AA29G
Mattermost denial of service vulnerability
Ecosystems: go
Packages: github.com/mattermost/mattermost/server/v8, github.com/mattermost/mattermost-server/v6
Source: GitHub Advisory Database
Published: 28 days ago
Moderate
GSA_kwCzR0hTQS13NDk2LWY1cXEtbTU4as4AA29F
Mattermost vulnerable to excessive memory consumption
Ecosystems: go
Packages: github.com/mattermost/mattermost/server/v8, github.com/mattermost/mattermost-server/v6
Source: GitHub Advisory Database
Published: 28 days ago
Moderate
GSA_kwCzR0hTQS1yNjdtLW1mN3YtcXA3as4AA29D
Mattermost password hash disclosure vulnerability
Ecosystems: go
Packages: github.com/mattermost/mattermost/server/v8, github.com/mattermost/mattermost-server/v6
Source: GitHub Advisory Database
Published: 28 days ago
High
GSA_kwCzR0hTQS01cjVoLXE5MzQtY2NjcM4AA29C
Calico Typha denial of service vulnerability
Ecosystems: go
Packages: github.com/projectcalico/calico
Source: GitHub Advisory Database
Published: 28 days ago
Low
GSA_kwCzR0hTQS04cHA2LTVxcHctODVnM84AA27H
Magnesium-PHP Injection vulnerability
Ecosystems: packagist
Packages: floriangaerber/magnesium
Source: GitHub Advisory Database
Published: 29 days ago
Low
GSA_kwCzR0hTQS1ndjJjLTVnNzktaDczY84AA26t
Ibexa ezplatform-kernel download route allows filename change
Ecosystems: packagist
Packages: ezsystems/ezplatform-kernel
Source: GitHub Advisory Database
Published: about 1 month ago
Low
GSA_kwCzR0hTQS1nOTVjLXhjODMtODM1M84AA26s
Ibexa DXP Download route allows filename change
Ecosystems: packagist
Packages: ibexa/core
Source: GitHub Advisory Database
Published: about 1 month ago
Critical
GSA_kwCzR0hTQS03Y3JjLXIzd2ctY2ZnZs4AA26r
Json response for search reveals Solr credentials
Ecosystems: packagist
Packages: ezsystems/ezplatform-solr-search-engine
Source: GitHub Advisory Database
Published: about 1 month ago
Critical
GSA_kwCzR0hTQS12NnhwLWNjdngtdzUybc4AA26q
Json response for search reveals Solr credentials
Ecosystems: packagist
Packages: ibexa/solr
Source: GitHub Advisory Database
Published: about 1 month ago
High
GSA_kwCzR0hTQS05dzVmLW13M3AtcGo0N84AA26p
Prototype Pollution(PP) vulnerability in setByPath
Ecosystems: npm
Packages: @clickbar/dot-diver
Source: GitHub Advisory Database
Published: about 1 month ago
High
GSA_kwCzR0hTQS1nYzdwLWo1eG0teHhoMs4AA26o
Unauthorized Access to Private Fields in User Registration API
Ecosystems: npm
Packages: @strapi/strapi, @strapi/plugin-users-permissions
Source: GitHub Advisory Database
Published: about 1 month ago
Low
GSA_kwCzR0hTQS05NDZjLWY5dzYtMmMyNc4AA26n
Download route allows filename change in eZpublish kernel
Ecosystems: packagist
Packages: ezsystems/ezpublish-kernel
Source: GitHub Advisory Database
Published: about 1 month ago
High
GSA_kwCzR0hTQS1yNmNjLTd3ajctZ2Z4Ms4AA26g
Kubernetes csi-proxy vulnerable to privilege escalation due to improper input validation
Ecosystems: go
Packages: github.com/kubernetes-csi/csi-proxy
Source: GitHub Advisory Database
Published: about 1 month ago
High
GSA_kwCzR0hTQS0yeDI4LWM3ajctMjNnds4AA26P
Subrion remote command execution vulnerability
Ecosystems: packagist
Packages: intelliants/subrion
Source: GitHub Advisory Database
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS1nOHA2LXAyN2MtNTJmeM4AA25_
Eclipse Parsson Denial of Service vulnerability
Ecosystems: maven
Packages: org.eclipse.parsson:project
Source: GitHub Advisory Database
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS0ybXc0LXdqOGMtN2Y5M84AA25-
Eclipse Glassfish remote code execution issue
Ecosystems: maven
Packages: org.glassfish.main.orb:orb-connector
Source: GitHub Advisory Database
Published: about 1 month ago
High
GSA_kwCzR0hTQS04Z2hqLXA0dmotbXIzNc4AA250
Pillow Denial of Service vulnerability
Ecosystems: pypi
Packages: pillow
Source: GitHub Advisory Database
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS1oOGdjLXBnajItdmptM84AA25m
Django Denial-of-service in django.utils.text.Truncator
Ecosystems: pypi
Packages: django
Source: GitHub Advisory Database
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS03aDRwLTI3bWgtaG1yd84AA25h
Django Denial of service vulnerability in django.utils.encoding.uri_to_iri
Ecosystems: pypi
Packages: django
Source: GitHub Advisory Database
Published: about 1 month ago
High
GSA_kwCzR0hTQS14cjhjLW1xNXgtNWY1Ns4AA25D
Dromara Lamp-Cloud Use of Hard-coded Cryptographic Key
Ecosystems: maven
Packages: top.tangyh.basic:lamp-util, top.tangyh.basic:lamp-core
Source: GitHub Advisory Database
Published: about 1 month ago
High
GSA_kwCzR0hTQS1qaHd3LWZ4MmotM3JmN84AA24t
FoodCoopShop Server-Side Request Forgery vulnerability
Ecosystems: packagist
Packages: foodcoopshop/foodcoopshop
Source: GitHub Advisory Database
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS03dmZ4LWhmdm0tcmhyOM4AA24s
cordova-plugin-fingerprint-aio DoS vulnerability
Ecosystems: npm
Packages: cordova-plugin-fingerprint-aio
Source: GitHub Advisory Database
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS05Y3c5LW03aGctdzhtZs4AA24o
Reportico Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: reportico-web/reportico
Source: GitHub Advisory Database
Published: about 1 month ago
High
GSA_kwCzR0hTQS1xbWY5LTZqcWYtajhmcc4AA23t
Django potential denial of service vulnerability in UsernameField on Windows
Ecosystems: pypi
Packages: django
Source: GitHub Advisory Database
Published: about 1 month ago
Critical
GSA_kwCzR0hTQS13OWNwLTN4NzktMnA4cM4AA23u
transmute-core unsafe YAML deserialization vulnerability
Ecosystems: pypi
Packages: transmute-core
Source: GitHub Advisory Database
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS1qZnh3LTZjNXYtYzQyZs4AA22R
Pimcore Admin Classic Bundle Cross-site Scripting (XSS) in PDF previews
Ecosystems: packagist
Packages: pimcore/admin-ui-classic-bundle
Source: GitHub Advisory Database
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS00OHYyLTU5NngtNGpyOc4AA21m
Dolibarr Improper Input Validation vulnerability
Ecosystems: packagist
Packages: dolibarr/dolibarr
Source: GitHub Advisory Database
Published: about 1 month ago
High
GSA_kwCzR0hTQS1yOWNtLXB3OWotM2ZweM4AA21l
Dolibarr Improper Input Validation vulnerability
Ecosystems: packagist
Packages: dolibarr/dolibarr
Source: GitHub Advisory Database
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS1qZzd3LWN4anYtOThjMs4AA21G
SpiceDB leaks information in log files when URI cannot be parsed
Ecosystems: go
Packages: github.com/authzed/spicedb
Source: GitHub Advisory Database
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS02ZjU4LWozMjMtNjQ3Ms4AA21F
pimcore/admin-ui-classic-bundle Unverified Password Change
Ecosystems: packagist
Packages: pimcore/admin-ui-classic-bundle
Source: GitHub Advisory Database
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS13amNjLWNxNzktcDYzZs4AA21E
Possible Infinite Loop when PdfWriter(clone_from) is used with a PDF
Ecosystems: pypi
Packages: pypdf
Source: GitHub Advisory Database
Published: about 1 month ago
High
GSA_kwCzR0hTQS03ZnhtLWY0NzQtaGY4d84AA209
Kubernetes privilege escalation vulnerability
Ecosystems: go
Packages: k8s.io/kubernetes
Source: GitHub Advisory Database
Published: about 1 month ago
High
GSA_kwCzR0hTQS1xNzhjLWd3cXctamNtY84AA20_
Kubernetes privilege escalation vulnerability
Ecosystems: go
Packages: k8s.io/kubernetes
Source: GitHub Advisory Database
Published: about 1 month ago
High
GSA_kwCzR0hTQS1tcjQ1LXJ4OHEtd2NtOc4AA207
xkeys seal encryption used fixed key for all encryption
Ecosystems: go
Packages: github.com/nats-io/nats-server/v2, github.com/nats-io/nkeys
Source: GitHub Advisory Database
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS1tcDkyLTNqZm0tMzU3Nc4AA206
Synapse vulnerable to leak of remote user device information
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS1qNTl2LWhoNHAtcTkybc4AA20D
Pimcore Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: pimcore/pimcore
Source: GitHub Advisory Database
Published: about 1 month ago
High
GSA_kwCzR0hTQS00Z3BtLXIyM2gtZ3Byd84AA2zp
generator-jhipster allows a timing attack against validateToken due to a string comparison that stops at the first character
Ecosystems: npm
Packages: generator-jhipster
Source: GitHub Advisory Database
Published: about 1 month ago
High
GSA_kwCzR0hTQS1nNWhwLTMyOGgtamo5OM4AA2zj
phpMyFAQ Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: thorsten/phpmyfaq
Source: GitHub Advisory Database
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS0zNHc0LXdycXAtajQ3Z84AA2zk
Sensitive cookie in HTTPS session without 'Secure' attribute in thorsten/phpmyfaq
Ecosystems: packagist
Packages: thorsten/phpmyfaq
Source: GitHub Advisory Database
Published: about 1 month ago
High
GSA_kwCzR0hTQS1mNzI4LXByaHctMmc2OM4AA2zm
Insufficient Session Expiration in thorsten/phpmyfaq
Ecosystems: packagist
Packages: thorsten/phpmyfaq
Source: GitHub Advisory Database
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS1wcnJ2LXI4NDMtNHA3Nc4AA2zo
Cross-site Scripting (XSS) in thorsten/phpmyfaq
Ecosystems: packagist
Packages: thorsten/phpmyfaq
Source: GitHub Advisory Database
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS1qNHZqLXc1cmotOGdyd84AA2zi
phpMyFAQ Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: thorsten/phpmyfaq
Source: GitHub Advisory Database
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS03cTVmLTI5Z3gtNTdmZs4AA2zg
Cross-site Scripting (XSS) in microweber/microweber
Ecosystems: packagist
Packages: microweber/microweber
Source: GitHub Advisory Database
Published: about 1 month ago
Critical
GSA_kwCzR0hTQS1xNzRmLXJmMjctOGh4Y84AA2zZ
OpenCRX allows a remote attacker to execute arbitrary code via a crafted request
Ecosystems: maven
Packages: org.opencrx:opencrx-client
Source: GitHub Advisory Database
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS1mcmdmLThqcjUtajJqds4AA2zW
memory leak flaw was found in ruby-magick
Ecosystems: rubygems
Packages: rmagick
Source: GitHub Advisory Database
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS00ZnJ2LTVmajYtNHAyNc4AA2yh
Duplicate Advisory: NATS.io: Adding accounts for just the system account adds auth bypass
Ecosystems: go
Packages: github.com/nats-io/nats-server/v2
Source: GitHub Advisory Database
Published: about 1 month ago
High
GSA_kwCzR0hTQS1mamhnLTk2Y3AtNmZjd84AA2xl
Kimai (Authenticated) SSTI to RCE by Uploading a Malicious Twig File
Ecosystems: packagist
Packages: kimai/kimai
Source: GitHub Advisory Database
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS1qcTM1LTg1Y2otZmo0cM4AA2xO
/sys/devices/virtual/powercap accessible by default to containers
Ecosystems: go
Packages: github.com/docker/docker
Source: GitHub Advisory Database
Published: about 1 month ago
High
GSA_kwCzR0hTQS1od3hmLXF4ajctN3Jmas4AA2xN
CodeIgniter4 vulnerable to information disclosure when detailed error report is displayed in production environment
Ecosystems: packagist
Packages: codeigniter4/framework
Source: GitHub Advisory Database
Published: about 1 month ago
High
GSA_kwCzR0hTQS0zcTZtLXY4NGYtNnA5aM4AA2xM
quic-go vulnerable to pointer dereference that can lead to panic
Ecosystems: go
Packages: github.com/quic-go/quic-go
Source: GitHub Advisory Database
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS05cGpmLWp3OXEtZng0Oc4AA2xF
Cross-site Scripting (XSS) in dolibarr/dolibarr
Ecosystems: packagist
Packages: dolibarr/dolibarr
Source: GitHub Advisory Database
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS0zNWM3LXczNWYteHdnaM4AA2xD
Kube-proxy may unintentionally forward traffic
Ecosystems: go
Packages: k8s.io/kubernetes
Source: GitHub Advisory Database
Published: about 1 month ago
High
GSA_kwCzR0hTQS02NjZnLXJmYzUtYzlqds4AA2wn
Apache Airflow Celery provider Insertion of Sensitive Information into Log File vulnerability
Ecosystems: pypi
Packages: apache-airflow, apache-airflow-providers-celery
Source: GitHub Advisory Database
Published: about 1 month ago
Low
GSA_kwCzR0hTQS00N3h3LXZ3Nm0tdzlmcc4AA2wh
HashiCorp Vagrant Insecure Operation on Windows Junction / Mount Point vulnerability
Ecosystems: go
Packages: github.com/hashicorp/vagrant
Source: GitHub Advisory Database
Published: about 1 month ago
High
GSA_kwCzR0hTQS03YzJxLTVxbXItdjc2cc4AA2we
DoS vulnerabilities persist in ESAPI file uploads despite remediation of CVE-2023-24998
Ecosystems: maven
Packages: org.owasp.esapi:esapi
Source: GitHub Advisory Database
Published: about 1 month ago
Low
GSA_kwCzR0hTQS1yODQ3LTZ3NmgtcjhnNM4AA2vp
Flyte Admin SQL Injection in List Filters
Ecosystems: go
Packages: github.com/flyteorg/flyteadmin
Source: GitHub Advisory Database
Published: about 1 month ago
Critical
GSA_kwCzR0hTQS1jcmc5LTQ0aDIteHczNc4AA2vl
Apache ActiveMQ is vulnerable to Remote Code Execution
Ecosystems: maven
Packages: org.apache.activemq:activemq-openwire-legacy, org.apache.activemq:activemq-client
Source: GitHub Advisory Database
Published: about 1 month ago
High
GSA_kwCzR0hTQS13NnJwLXZ4ajItZmpocs4AA2us
Cosmos packet-forward-middleware vulnerable to chain-halt
Ecosystems: go
Packages: github.com/cosmos/ibc-apps/middleware/packet-forward-middleware/v6, github.com/cosmos/ibc-apps/middleware/packet-forward-middleware/v5, github.com/cosmos/ibc-apps/middleware/packet-forward-middleware/v4
Source: GitHub Advisory Database
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS1xaGhqLTdocmMtZ3FqNc4AA2ur
Home Assistant vulnerable to account takeover via auth_callback login
Ecosystems: pypi
Packages: homeassistant
Source: GitHub Advisory Database
Published: about 1 month ago
High
GSA_kwCzR0hTQS14OXc1LXYzcTItM3Jod84AA2uZ
browserify-sign upper bound check issue in `dsaVerify` leads to a signature forgery attack
Ecosystems: npm
Packages: browserify-sign
Source: GitHub Advisory Database
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS12cm02LWM4NzgtZnBxNs4AA2uY
baserCMS Code Injection Vulnerability in Mail Form Feature
Ecosystems: packagist
Packages: baserproject/basercms
Source: GitHub Advisory Database
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS1mdzl4LWNxanEtN2p4Nc4AA2uX
baserCMS CSRF vulnerability in Content preview Feature
Ecosystems: packagist
Packages: baserproject/basercms
Source: GitHub Advisory Database
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS1obXFqLWd2Mm0taHE1Nc4AA2uW
baserCMS Directory Traversal vulnerability in Form submission data management Feature
Ecosystems: packagist
Packages: baserproject/basercms
Source: GitHub Advisory Database
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS1nZ2o0LTc4cm0tNnhnds4AA2uV
baserCMS Cross-site Scripting vulnerability in File upload Feature
Ecosystems: packagist
Packages: baserproject/basercms
Source: GitHub Advisory Database
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS04dnF4LXBycTQtcnFycc4AA2uU
baserCMS Cross-site Scripting Vulnerability in Favorites Feature
Ecosystems: packagist
Packages: baserproject/basercms
Source: GitHub Advisory Database
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS1xd3J4LTQ1eGYtampmN84AA2uL
Elasticsearch vulnerable to stack overflow in the search API
Ecosystems: maven
Packages: org.elasticsearch:elasticsearch
Source: GitHub Advisory Database
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS05OXBjLTY5cTktanhmMs4AA2uQ
Elasticsearch allows insertion of sensitive information into log files when using deprecated URIs
Ecosystems: maven
Packages: org.elasticsearch:elasticsearch
Source: GitHub Advisory Database
Published: about 1 month ago
High
GSA_kwCzR0hTQS0yY3FmLTZ4djktZjIyd84AA2uM
Elasticsearch vulnerable to Uncontrolled Resource Consumption
Ecosystems: maven
Packages: org.elasticsearch:elasticsearch
Source: GitHub Advisory Database
Published: about 1 month ago
High
GSA_kwCzR0hTQS01d2o0LXdmZnEtMzM3OM4AA2tO
Ingress nginx annotation injection causes arbitrary command execution
Ecosystems: go
Packages: k8s.io/ingress-nginx
Source: GitHub Advisory Database
Published: about 1 month ago
High
GSA_kwCzR0hTQS1ndnJtLXcyZjktZjc3cc4AA2sh
Ingress-nginx path sanitization can be bypassed
Ecosystems: go
Packages: k8s.io/ingress-nginx
Source: GitHub Advisory Database
Published: about 1 month ago
Filter by Package
tensorflow 433 tensorflow-cpu 387 tensorflow-gpu 384 Microsoft.ChakraCore 247 org.jenkins-ci.main:jenkins-core 170 pimcore/pimcore 118 moodle/moodle 116 magento/community-edition 113 org.apache.tomcat:tomcat 106 microweber/microweber 87 django 78 com.fasterxml.jackson.core:jackson-databind 70 thorsten/phpmyfaq 68 apache-airflow 65 actionpack 63 github.com/usememos/memos 59 dolibarr/dolibarr 53 ansible 53 typo3/cms-core 50 librenms/librenms 49 org.apache.struts:struts2-core 48 org.keycloak:keycloak-core 45 shopware/platform 43 phpmyadmin/phpmyadmin 43 rdiffweb 42 showdoc/showdoc 40 Pillow 40 nokogiri 40 baserproject/basercms 39 concrete5/concrete5 39 apache-superset 39 com.thoughtworks.xstream:xstream 37 symfony/symfony 37 plone 36 github.com/answerdev/answer 34 matrix-synapse 34 craftcms/cms 34 github.com/mattermost/mattermost-server/v6 33 typo3/cms 33 snipe/snipe-it 32 shopware/core 32 Plone 32 net.mingsoft:ms-mcms 32 opencv-python 30 opencv-contrib-python 30 k8s.io/kubernetes 30 org.elasticsearch:elasticsearch 29 org.xwiki.platform:xwiki-platform-oldcore 29 intelliants/subrion 29 com.liferay.portal:release.portal.bom 27 froxlor/froxlor 27 parse-server 27 electron 26 io.undertow:undertow-core 26 shopware/shopware 26 openssl-src 26 rubygems-update 25 org.keycloak:keycloak-parent 25 github.com/argoproj/argo-cd 25 gogs.io/gogs 25 activerecord 24 vyper 23 org.springframework:spring-core 23 github.com/hashicorp/nomad 22 prestashop/prestashop 22 org.jenkins-ci.plugins:script-security 22 github.com/hashicorp/consul 22 org.apache.nifi:nifi 22 org.eclipse.jetty:jetty-server 22 org.apache.tomcat.embed:tomcat-embed-core 22 silverstripe/framework 22 remdex/livehelperchat 22 nilsteampassnet/teampass 22 github.com/hashicorp/vault 21 org.apache.openmeetings:openmeetings-parent 21 org.apache.solr:solr-core 21 centreon/centreon 21 pocketmine/pocketmine-mp 21 org.springframework.security:spring-security-core 21 grumpydictator/firefly-iii 20 drupal/core 20 rack 20 @openzeppelin/contracts-upgradeable 19 DotNetNuke.Core 19 github.com/ethereum/go-ethereum 19 tribalsystems/zenario 18 getkirby/cms 18 mautic/core 18 @openzeppelin/contracts 18 github.com/rancher/rancher 18 org.apache.activemq:activemq-client 18 com.vaadin:vaadin-bom 18 github.com/mattermost/mattermost/server/v8 17 org.xwiki.platform:xwiki-platform-web-templates 17 org.bouncycastle:bcprov-jdk14 17 org.apache.geode:geode-core 17 sequelize 17 cakephp/cakephp 17 getgrav/grav 17 Django 16 marked 16 golang.org/x/net 16 Microsoft.AspNetCore.App.Runtime.win-x86 16 Microsoft.AspNetCore.App.Runtime.win-x64 16 yetiforce/yetiforce-crm 16 cockpit-hq/cockpit 16 francoisjacquet/rosariosis 16 puppet 16 github.com/grafana/grafana 16 rusqlite 16 github.com/argoproj/argo-cd/v2 15 langchain 15 org.bouncycastle:bcprov-jdk15 15 Microsoft.AspNetCore.App.Runtime.win-arm 15 org.apache.jspwiki:jspwiki-main 15 forkcms/forkcms 15 activesupport 15 github.com/goharbor/harbor 15 org.keycloak:keycloak-services 15 helm.sh/helm/v3 15 publify_core 14 wasmtime 14 github.com/docker/docker 14 github.com/cilium/cilium 14 Microsoft.AspNetCore.App.Runtime.linux-arm 14 Microsoft.AspNetCore.App.Runtime.linux-arm64 14 Microsoft.AspNetCore.App.Runtime.osx-x64 14 Microsoft.AspNetCore.App.Runtime.linux-x64 14 Microsoft.AspNetCore.App.Runtime.linux-musl-x64 14 modoboa 14 swagger-ui 14 org.xwiki.platform:xwiki-platform-web 14 actionview 14 org.apache.dubbo:dubbo 14 github.com/nats-io/nats-server/v2 14 ezsystems/ezpublish-kernel 13 org.apache.hadoop:hadoop-main 13 notebook 13 Microsoft.AspNetCore.App.Runtime.win-arm64 13 Microsoft.AspNetCore.App.Runtime.linux-musl-arm64 13 tinymce 13 passenger 13 handlebars 13 code.gitea.io/gitea 13 openmage/magento-lts 13 next 13 org.apache.cxf:cxf 13 pyftpdlib 13 october/system 13 cobbler 13 strapi 13 wallabag/wallabag 13 nova 13 pillow 13 lavalite/cms 12 onionshare-cli 12 rails-html-sanitizer 12 mlflow 12 phpmailer/phpmailer 12 com.vaadin:flow-server 12 cryptography 12 ckb 12 impresscms/impresscms 12 vm2 12 directus 12 github.com/containerd/containerd 11 feehi/feehicms 11 org.jenkins-ci.plugins:git 11 contao/core-bundle 11 feehi/cms 11 org.apache.hadoop:hadoop-common 11 ghost 11 github.com/opencontainers/runc 11 Microsoft.NETCore.App.Runtime.win-arm64 11 Microsoft.NETCore.App.Runtime.win-x86 11 Microsoft.NETCore.App.Runtime.win-x64 11 fat_free_crm 11 twisted 11 nodebb 11 topthink/framework 11 org.apache.inlong:manager-pojo 11 calibreweb 11 jquery-rails 11 org.jeecgframework.boot:jeecg-boot-parent 11 elefant/cms 11 ckeditor4 11 org.apache.jspwiki:jspwiki-war 11 org.apache.ranger:ranger 11 org.apache.tika:tika-core 11 keystone 11 urllib3 11 github.com/cloudflare/cfrpki 11 org.jenkins-ci.plugins.workflow:workflow-cps 10 github.com/go-gitea/gitea 10 org.apache.camel:camel-core 10 admidio/admidio 10 Microsoft.NETCore.App 10 Microsoft.AspNetCore.All 10 OctoPrint 10 org.apache.inlong:manager-service 10 laravel/framework 10 salt 10 angular 10 org.apache.cxf:cxf-core 10 jquery 10 rails 10 org.jenkins-ci.plugins.workflow:workflow-cps-global-lib 10 smarty/smarty 10 io.netty:netty 10 org.jboss.netty:netty 10 puma 10 silverstripe/cms 10 org.jenkins-ci.plugins:electricflow 9 com.xuxueli:xxl-job 9 github.com/sylabs/singularity 9 org.springframework:spring-webmvc 9 ssddanbrown/bookstack 9 org.opennms:opennms 9 ezsystems/ezplatform-kernel 9 kiwitcms 9 funadmin/funadmin 9 org.apache.commons:commons-compress 9 studio-42/elfinder 9 com.sonyericsson.jenkins.plugins.bfa:build-failure-analyzer 9 org.igniterealtime.openfire:parent 9 october/cms 9 org.apache.tapestry:tapestry-core 9 org.craftercms:crafter-studio 9 opencv-contrib-python-headless 9 opencv-python-headless 9 sylius/sylius 9 Microsoft.AspNetCore.App.Runtime.linux-musl-arm 9 org.apache.xmlgraphics:batik 9 alextselegidis/easyappointments 9 org.mortbay.jetty:jetty 9 io.jenkins:configuration-as-code 9 pyload-ng 9 next-auth 9 org.apache.hive:hive 9 org.opencrx:opencrx-core-models 9 Microsoft.NetCore.App.Runtime.win-arm 9 Microsoft.NetCore.App.Runtime.win-x64 9 Microsoft.NetCore.App.Runtime.win-x86 9 Microsoft.NetCore.App.Runtime.win-arm64 9 org.webjars.npm:jquery 9 org.apache.tomcat:tomcat-catalina 9 concrete5/core 9 istio.io/istio 9 kevinpapst/kimai2 9 waitress 9 glance 9 codeigniter4/framework 9 org.apache.james:james-server 9 validator 9 ethyca-fides 9 wagtail 9 serve 9 github.com/openfga/openfga 9 org.jenkins-ci.plugins:email-ext 8 Zope 8 org.apache.zeppelin:zeppelin 8 Flask-AppBuilder 8 github.com/traefik/traefik/v2 8 org.jeecgframework.boot:jeecg-boot-common 8 systeminformation 8 org.apache.santuario:xmlsec 8 io.jenkins.blueocean:blueocean 8 Microsoft.NETCore.App.Runtime.linux-arm 8 Microsoft.NETCore.App.Runtime.linux-musl-x64 8 Microsoft.NETCore.App.Runtime.linux-x64 8 Microsoft.NETCore.App.Runtime.linux-arm64 8 Microsoft.NETCore.App.Runtime.linux-musl-arm64 8 Microsoft.AspNetCore.App 8 dompdf/dompdf 8 aiohttp 8 node-forge 8 url-parse 8 matrix-js-sdk 8 steal 8 deno 8 urijs 8 joplin 8 numpy 8 org.apache.shiro:shiro-core 8 @strapi/strapi 8 github.com/kubeedge/kubeedge 8 npm 8 simplesamlphp/simplesamlphp 8 mysql:mysql-connector-java 8 wwbn/avideo 8 org.apache.pdfbox:pdfbox 8 jquery-ui 8 org.webjars.npm:jquery-ui 8 jQuery.UI.Combined 8 jquery-ui-rails 8 jQuery 8 facturascripts/facturascripts 8 october/october 8 org.apache.hive:hive-exec 8 org.yaml:snakeyaml 8