Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Advisories

Loading...
Critical
GSA_kwCzR0hTQS1nOTJyLTlyeHctY21neM4AAw_S
phpMyFAQ Improper Authentication vulnerability
Ecosystems: packagist
Packages: thorsten/phpmyfaq
Source: GitHub Advisory Database
Published: 20 days ago
Moderate
GSA_kwCzR0hTQS1tOXhyLThjeDctNTNwas4AAw_R
phpMyFAQ Reflected Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: thorsten/phpmyfaq
Source: GitHub Advisory Database
Published: 20 days ago
Moderate
GSA_kwCzR0hTQS02NDQ5LXZmNnAtOWhmcM4AAw_T
thorsten/phpmyfaq is vulnerable to cross-site scripting (XSS)
Ecosystems: packagist
Packages: thorsten/phpmyfaq
Source: GitHub Advisory Database
Published: 20 days ago
Moderate
GSA_kwCzR0hTQS14Mmg4LTRtaGgtNWh3aM4AAw_W
phpMyFAQ Stored Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: thorsten/phpmyfaq
Source: GitHub Advisory Database
Published: 20 days ago
Critical
GSA_kwCzR0hTQS1yYzQyLWpnaGYtdnI4Zs4AAw-0
Integer overflow in publify_core
Ecosystems: rubygems
Packages: publify_core
Source: GitHub Advisory Database
Published: 22 days ago
Critical
GSA_kwCzR0hTQS1xM3JtLWY1MjctZ2h4as4AAw-1
Publify Improper Input Validation vulnerability
Ecosystems: rubygems
Packages: publify_core
Source: GitHub Advisory Database
Published: 22 days ago
Moderate
GSA_kwCzR0hTQS03OXdxLWc0djktZ2ZqNM4AAw-2
Publify Core does not strip metadata from images
Ecosystems: rubygems
Packages: publify_core
Source: GitHub Advisory Database
Published: 22 days ago
High
GSA_kwCzR0hTQS03Y3hyLWg4d20tZmc0Y84AAw-y
Apache Shiro Interpretation Conflict vulnerability
Ecosystems: maven
Packages: org.apache.shiro:shiro-root
Source: GitHub Advisory Database
Published: 22 days ago
Moderate
GSA_kwCzR0hTQS03bWM0LWpwNGYtdjJqMs4AAw-x
Improper Authorization in grumpydictator/firefly-iii
Ecosystems: packagist
Packages: grumpydictator/firefly-iii
Source: GitHub Advisory Database
Published: 22 days ago
Critical
GSA_kwCzR0hTQS1wZjM4LTVwMjIteDZoNs4AAw-v
Code Injection in pyload-ng
Ecosystems: pypi
Packages: pyload-ng
Source: GitHub Advisory Database
Published: 22 days ago
High
GSA_kwCzR0hTQS1meGc1LXdxNngtdnI0d84AAw-p
golang.org/x/net/http2/h2c vulnerable to request smuggling attack
Ecosystems: go
Packages: golang.org/x/net/http2/h2c
Source: GitHub Advisory Database
Published: 22 days ago
Moderate
GSA_kwCzR0hTQS1jcmhnLXhncmctdnZjY84AAw-o
a12nserver vulnerable to potential SQL Injections via Knex dependency
Ecosystems: npm
Packages: @curveball/a12n-server
Source: GitHub Advisory Database
Published: 22 days ago
Critical
GSA_kwCzR0hTQS1tNTg5LW12NHEtcDdyas4AAw-I
webbrowser-rs allows attackers to access arbitrary files via supplying a crafted URL
Ecosystems: cargo
Packages: webbrowser
Source: GitHub Advisory Database
Published: 22 days ago
High
GSA_kwCzR0hTQS01djh2LWd3bXctcXc5N84AAw-H
org.neo4j.procedure:apoc Path Traversal Vulnerability
Ecosystems: maven
Packages: org.neo4j.procedure:apoc
Source: GitHub Advisory Database
Published: 22 days ago
Moderate
GSA_kwCzR0hTQS12aHZxLWpoMzQtM2ZjOM4AAw9x
Keycloak allows impersonation and lockout due to email trust not being handled correctly
Ecosystems: maven
Packages: org.keycloak:keycloak-core
Source: GitHub Advisory Database
Published: 23 days ago
Critical
GSA_kwCzR0hTQS12dmozLTg1dmYtZmdtd84AAw93
global-modules-path Command Injection vulnerability
Ecosystems: npm
Packages: global-modules-path
Source: GitHub Advisory Database
Published: 23 days ago
High
GSA_kwCzR0hTQS1qbWo2LXAyajktNjhjcM4AAw90
Wildfly-elytron possibly vulnerable to timing attacks via use of unsafe comparator
Ecosystems: maven
Packages: org.wildfly.security:wildfly-elytron
Source: GitHub Advisory Database
Published: 23 days ago
Moderate
GSA_kwCzR0hTQS12NDM2LXEzNjgtaHZnZ84AAw8k
Keycloak has lack of validation of access token on client registrations endpoint
Ecosystems: maven
Packages: org.keycloak:keycloak-core
Source: GitHub Advisory Database
Published: 23 days ago
High
GSA_kwCzR0hTQS1mZ3dwLXB3cXEtZzN3NM4AAw8S
Bloom Uncontrolled Search Path Element vulnerability
Ecosystems: go
Packages: github.com/bits-and-blooms/bloom
Source: GitHub Advisory Database
Published: 24 days ago
Moderate
GSA_kwCzR0hTQS1xeHhjLTdtcTQtbWY3Oc4AAw7_
Java Merge-sort Insecure Temporary File vulnerability
Ecosystems: maven
Packages: com.fasterxml.util:java-merge-sort
Source: GitHub Advisory Database
Published: 24 days ago
Moderate
GSA_kwCzR0hTQS1ydjl4LXdtdzQtNDRxas4AAw74
Pyload Insufficient Session Expiration vulnerability
Ecosystems: pypi
Packages: pyload-ng
Source: GitHub Advisory Database
Published: 24 days ago
Moderate
GSA_kwCzR0hTQS1tOTV4LW0yNWMtdzltcM4AAw6k
XML-RPC for PHP allows access to local files via malicious argument to the Client::send method
Ecosystems: packagist
Packages: phpxmlrpc/phpxmlrpc
Source: GitHub Advisory Database
Published: 24 days ago
Moderate
GSA_kwCzR0hTQS03dmN4LXY2NXEtOXdwZ84AAw6j
XML-RPC for PHP's `Wrapper::buildClientWrapperCode` method allows code injection via malicious `$client` argument
Ecosystems: packagist
Packages: phpxmlrpc/phpxmlrpc
Source: GitHub Advisory Database
Published: 24 days ago
Moderate
GSA_kwCzR0hTQS1weHFqLXhydjUtcXZqZs4AAw6i
XML-RPC for PHP's debugger vulnerable to possible XSS attack
Ecosystems: packagist
Packages: phpxmlrpc/phpxmlrpc
Source: GitHub Advisory Database
Published: 24 days ago
Moderate
GSA_kwCzR0hTQS1oNnAzLXA0dngtd3I4cc4AAw6h
dompurify vulnerable to Cross-site Scripting
Ecosystems: pypi
Packages: dompurify
Source: GitHub Advisory Database
Published: 24 days ago
Moderate
GSA_kwCzR0hTQS1wZ2p2LWpyZzItZ3Ezds4AAw6g
dompurify vulnerable to Cross-site Scripting
Ecosystems: pypi
Packages: dompurify
Source: GitHub Advisory Database
Published: 24 days ago
High
GSA_kwCzR0hTQS02NHdwLWpoOXAtNWNnMs4AAw6f
RSSHub SSRF vulnerability
Ecosystems: npm
Packages: rsshub
Source: GitHub Advisory Database
Published: 24 days ago
High
GSA_kwCzR0hTQS13NW13LWYyaHEtNWZ3OM4AAw6U
gry vulnerable to Command Injection
Ecosystems: npm
Packages: gry
Source: GitHub Advisory Database
Published: 25 days ago
Moderate
GSA_kwCzR0hTQS02cnJyLTc4eHAtNWpwOM4AAw6R
Zitadel RefreshToken invalidation vulnerability
Ecosystems: go
Packages: github.com/zitadel/zitadel
Source: GitHub Advisory Database
Published: 25 days ago
High
GSA_kwCzR0hTQS03Y2g0LXJyOTktY3Fjd84AAw6Q
gatsby-transformer-remark has possible unsanitized JavaScript code injection
Ecosystems: npm
Packages: gatsby-transformer-remark
Source: GitHub Advisory Database
Published: 25 days ago
High
GSA_kwCzR0hTQS1xdjY2LWY4NzYtdmp2cs4AAw6F
skeemas Inefficient Regular Expression Complexity vulnerability
Ecosystems: npm
Packages: skeemas
Source: GitHub Advisory Database
Published: 25 days ago
High
GSA_kwCzR0hTQS03OThoLWc0ajUtNTUzN84AAw6E
PapaParse Inefficient Regular Expression Complexity vulnerability
Ecosystems: npm
Packages: papaparse
Source: GitHub Advisory Database
Published: 25 days ago
Low
GSA_kwCzR0hTQS05ZjJjLXh4Zm0tMzJtas4AAw5d
Duplicate of GHSA-4xh4-v2pq-jvhm
Ecosystems: pub
Packages: personnummer
Source: GitHub Advisory Database
Published: 25 days ago
Moderate
GSA_kwCzR0hTQS0zMjQ0LThtZmYtdzM5OM4AAw3d
Reflected XSS in Gotify's /docs via import of outdated Swagger UI
Ecosystems: go
Packages: github.com/gotify/server
Source: GitHub Advisory Database
Published: 25 days ago
High
GSA_kwCzR0hTQS04ZjdmLXZxZzUtanJ2Oc4AAw3c
.NET Denial of Service Vulnerability
Ecosystems: nuget
Packages: Microsoft.NetCore.App.Runtime.win-x86, Microsoft.NetCore.App.Runtime.win-x64, Microsoft.NetCore.App.Runtime.win-arm64, Microsoft.NetCore.App.Runtime.win-arm, Microsoft.NetCore.App.Runtime.osx-x64, Microsoft.NetCore.App.Runtime.osx-arm64, Microsoft.NetCore.App.Runtime.linux-x64, Microsoft.NetCore.App.Runtime.linux-musl-x64, Microsoft.NetCore.App.Runtime.linux-musl-arm64, Microsoft.NetCore.App.Runtime.linux-musl-arm, Microsoft.NetCore.App.Runtime.linux-arm64, Microsoft.NetCore.App.Runtime.linux-arm
Source: GitHub Advisory Database
Published: 25 days ago
Low
GSA_kwCzR0hTQS1ocGgzLWh2M2MtNzcyNc4AAw3b
Any Flarum user including unactivated can reply in public discussions whose first post was permanently deleted
Ecosystems: packagist
Packages: flarum/core
Source: GitHub Advisory Database
Published: 25 days ago
Moderate
GSA_kwCzR0hTQS04Z2NnLXZ3bXctcnhqNM4AAw3a
Flarum notifications can leak restricted content
Ecosystems: packagist
Packages: flarum/core
Source: GitHub Advisory Database
Published: 25 days ago
High
GSA_kwCzR0hTQS0yMm05LW0zd3ctNTNoM84AAw3Z
Flarum post mentions can be used to read any post on the forum without access control
Ecosystems: packagist
Packages: flarum/mentions
Source: GitHub Advisory Database
Published: 25 days ago
High
GSA_kwCzR0hTQS00anJtLWMzMngtdzRqZs4AAw3Y
convict vulnerable to Prototype Pollution
Ecosystems: npm
Packages: convict
Source: GitHub Advisory Database
Published: 25 days ago
Moderate
GSA_kwCzR0hTQS1yNXczLXhtNTgtanY2as4AAw22
Cargo did not verify SSH host keys
Ecosystems: cargo
Packages: cargo
Source: GitHub Advisory Database
Published: 25 days ago
Critical
GSA_kwCzR0hTQS00cjJmLTZmbTktMnFnaM4AAw1-
Ecto lacks a protection mechanism
Ecosystems: hex
Packages: ecto
Source: GitHub Advisory Database
Published: 26 days ago
Moderate
GSA_kwCzR0hTQS01ZzJoLTl4NXYtNWgzeM4AAw18
phoenix_html allows Cross-site Scripting in HEEx class attributes
Ecosystems: hex, npm
Packages: phoenix_html
Source: GitHub Advisory Database
Published: 26 days ago
Moderate
GSA_kwCzR0hTQS0ycGoyLWdjaGYtd213N84AAw1k
Zip4j Origin Validation Error
Ecosystems: maven
Packages: net.lingala.zip4j:zip4j
Source: GitHub Advisory Database
Published: 26 days ago
High
GSA_kwCzR0hTQS05Nmp2LXI0ODgtYzJyas4AAw1m
bzip2 allows attackers to cause a denial of service via a large file that triggers an integer overflow
Ecosystems: cargo
Packages: bzip2
Source: GitHub Advisory Database
Published: 26 days ago
Moderate
GSA_kwCzR0hTQS03bTlyLXJxOWotd21taM4AAw1h
PocketMine-MP vulnerable to denial-of-service by sending large modal form responses
Ecosystems: packagist
Packages: pocketmine/pocketmine-mp
Source: GitHub Advisory Database
Published: 26 days ago
High
GSA_kwCzR0hTQS1qeGdwLWpnaDMtOGpjOM4AAw1G
KubeOperator allows unauthorized access to system API
Ecosystems: go
Packages: github.com/KubeOperator/KubeOperator
Source: GitHub Advisory Database
Published: 26 days ago
High
GSA_kwCzR0hTQS12NHc1LXIyeGMtN2Y4aM4AAw1F
KubePi session fixation attack allows an attacker to hijack a legitimate user session.
Ecosystems: go
Packages: github.com/KubeOperator/kubepi
Source: GitHub Advisory Database
Published: 26 days ago
High
GSA_kwCzR0hTQS1ncXg4LWh4bXYtYzR2NM4AAw1E
KubePi may allow unauthorized access to system API
Ecosystems: go
Packages: github.com/KubeOperator/kubepi
Source: GitHub Advisory Database
Published: 26 days ago
Moderate
GSA_kwCzR0hTQS1jbThoLXE5MnYteGNmY84AAw1D
mercurius has Uncaught Exception when using subscriptions
Ecosystems: npm
Packages: mercurius
Source: GitHub Advisory Database
Published: 26 days ago
High
GSA_kwCzR0hTQS1wZnByLTM0NjMtYzZqaM4AAw1C
ruby-git has potential remote code execution vulnerability
Ecosystems: rubygems
Packages: git
Source: GitHub Advisory Database
Published: 26 days ago
High
GSA_kwCzR0hTQS13cXF2LWpjZnItOWY1Z84AAw0x
PocketMine-MP has improperly handled dye colour IDs in banner NBT, leading to server crash
Ecosystems: packagist
Packages: pocketmine/pocketmine-mp
Source: GitHub Advisory Database
Published: 26 days ago
Moderate
GSA_kwCzR0hTQS01OGg0LTltN20tajltNM4AAw0w
@okta/oidc-middlewareOpen Redirect vulnerability
Ecosystems: npm
Packages: @okta/oidc-middleware
Source: GitHub Advisory Database
Published: 26 days ago
Moderate
GSA_kwCzR0hTQS1xOTVqLTQ4OHEtNXEzcM4AAw0v
Apiman Manager API affected by Jackson denial of service vulnerability
Ecosystems: maven
Packages: io.apiman:apiman-manager-api-impl
Source: GitHub Advisory Database
Published: 26 days ago
High
GSA_kwCzR0hTQS04OXFtLXdjbXctM21nZ84AAw0u
Gitops Run insecure communication
Ecosystems: go
Packages: github.com/weaveworks/weave-gitops
Source: GitHub Advisory Database
Published: 26 days ago
High
GSA_kwCzR0hTQS13cjNjLWczMjYtNDg2Y84AAw0t
GitOps Run allows for Kubernetes workload injection
Ecosystems: go
Packages: github.com/weaveworks/weave-gitops
Source: GitHub Advisory Database
Published: 26 days ago
High
GSA_kwCzR0hTQS0zeHE1LXdqZmgtcHBqY84AAw0p
Luxon Inefficient Regular Expression Complexity vulnerability
Ecosystems: npm
Packages: luxon
Source: GitHub Advisory Database
Published: 27 days ago
High
GSA_kwCzR0hTQS05dnZ3LWNjOXctZjI3aM4AAw0l
debug Inefficient Regular Expression Complexity vulnerability
Ecosystems: npm
Packages: debug
Source: GitHub Advisory Database
Published: 27 days ago
Moderate
GSA_kwCzR0hTQS0zOG0yLXZyNmctOGM5NM4AAw0n
Apache Sling App CMS vulnerable to reflected Cross-site Scripting
Ecosystems: maven
Packages: org.apache.sling:org.apache.sling.cms
Source: GitHub Advisory Database
Published: 27 days ago
Moderate
GSA_kwCzR0hTQS0ycGh3LXJncjctNXB2aM4AAw0N
Information Cards Module vulnerable to Cross-site Scripting
Ecosystems: packagist
Packages: simplesamlphp/simplesamlphp-module-infocard
Source: GitHub Advisory Database
Published: 27 days ago
Critical
GSA_kwCzR0hTQS14ajl2LTZxMmYtdnFoeM4AAw0A
wifey vulnerable to Command Injection due to improper input sanitization
Ecosystems: npm
Packages: wifey
Source: GitHub Advisory Database
Published: 27 days ago
Moderate
GSA_kwCzR0hTQS12ZzV4LTZxNjYtcnZneM4AAwzt
Barzahlen Payment Module PHP SDK vulnerable to Observable Timing Discrepancy
Ecosystems: packagist
Packages: barzahlen/barzahlen-php
Source: GitHub Advisory Database
Published: 28 days ago
Moderate
GSA_kwCzR0hTQS1jOXB3LWY0d3AtMjJqcs4AAwzo
SUKOHI Surpass Path Traversal vulnerability
Ecosystems: packagist
Packages: sukohi/surpass
Source: GitHub Advisory Database
Published: 28 days ago
Critical
GSA_kwCzR0hTQS1tamd3LWYyYzQtZjhxas4AAwzj
WebPA SQL Injection vulnerability
Ecosystems: packagist
Packages: webpa/webpa
Source: GitHub Advisory Database
Published: 28 days ago
Critical
GSA_kwCzR0hTQS13dzQzLW1jdmgtMzVwNM4AAwzd
PaginationServiceProvider SQL Injection vulnerability
Ecosystems: packagist
Packages: ttskch/pagination-service-provider
Source: GitHub Advisory Database
Published: 28 days ago
Critical
GSA_kwCzR0hTQS0zaGM3LTJ4Y2MtN3A4Zs4AAwzZ
Squalor SQL Injection vulnerability
Ecosystems: go
Packages: github.com/square/squalor
Source: GitHub Advisory Database
Published: 28 days ago
Critical
GSA_kwCzR0hTQS1nN213LTlwZjktcDJwbc4AAwzR
gosqljson SQL Injection vulnerability
Ecosystems: go
Packages: github.com/elgs/gosqljson
Source: GitHub Advisory Database
Published: 28 days ago
Moderate
GSA_kwCzR0hTQS13bTMyLTNyNG0tanZjY84AAwzP
Symbiote Seed Open Redirect vulnerability
Ecosystems: packagist
Packages: symbiote/silverstripe-seed
Source: GitHub Advisory Database
Published: 28 days ago
Critical
GSA_kwCzR0hTQS13dnIyLXE4Nm0tNndocM4AAwzO
Baobab vulnerable to Prototype Pollution
Ecosystems: npm
Packages: baobab
Source: GitHub Advisory Database
Published: 28 days ago
Critical
GSA_kwCzR0hTQS1yaDNtLXByMzYteGgyZs4AAwzQ
kelvinmo simplexrd vulnerable to Improper Restriction of XML External Entity Reference
Ecosystems: packagist
Packages: kelvinmo/simplexrd
Source: GitHub Advisory Database
Published: 28 days ago
High
GSA_kwCzR0hTQS13eGdoLThnbXItM3FoM84AAwzL
terminal-kit Inefficient Regular Expression Complexity vulnerability
Ecosystems: npm
Packages: terminal-kit
Source: GitHub Advisory Database
Published: 29 days ago
Moderate
GSA_kwCzR0hTQS1wMzNxLTRoNG0tajk5NM4AAwy7
Inline SVG vulnerable to Cross-site Scripting
Ecosystems: rubygems
Packages: inline_svg
Source: GitHub Advisory Database
Published: 29 days ago
Moderate
GSA_kwCzR0hTQS1yODk0LTVyN3YtN3J4M84AAwy5
easy-scrypt Observable Timing Discrepancy vulnerability
Ecosystems: go
Packages: github.com/agnivade/easy-scrypt
Source: GitHub Advisory Database
Published: 29 days ago
Moderate
GSA_kwCzR0hTQS1wY3ZoLXB4MnAtdm14d84AAwyz
usememos/memos vulnerable to stored Cross-site Scripting
Ecosystems: go
Packages: github.com/usememos/memos
Source: GitHub Advisory Database
Published: 29 days ago
Moderate
GSA_kwCzR0hTQS04Njg2LTRjcjMtNzZ3as4AAwyw
usememos/memos vulnerable to stored Cross-site Scripting
Ecosystems: go
Packages: github.com/usememos/memos
Source: GitHub Advisory Database
Published: 29 days ago
Moderate
GSA_kwCzR0hTQS14MjJ2LXFnbTItN3FjN84AAwyx
usememos/memos vulnerable to stored Cross-site Scripting
Ecosystems: go
Packages: github.com/usememos/memos
Source: GitHub Advisory Database
Published: 29 days ago
Moderate
GSA_kwCzR0hTQS05aDd4LTlwbWgtN2dnOM4AAwyu
usememos/memos vulnerable to stored Cross-site Scripting
Ecosystems: go
Packages: github.com/usememos/memos
Source: GitHub Advisory Database
Published: 29 days ago
Moderate
GSA_kwCzR0hTQS1oMnBoLTlyNzYtMzd2Nc4AAwyv
usememos/memos vulnerable to stored Cross-site Scripting
Ecosystems: go
Packages: github.com/usememos/memos
Source: GitHub Advisory Database
Published: 29 days ago
Moderate
GSA_kwCzR0hTQS1mcGpjLWN4cjYtdzZoOM4AAwyy
usememos/memos vulnerable to stored Cross-site Scripting
Ecosystems: go
Packages: github.com/usememos/memos
Source: GitHub Advisory Database
Published: 29 days ago
Moderate
GSA_kwCzR0hTQS03cnJqLXhyNTMtODJwN84AAwyk
Tokio reject_remote_clients configuration may get dropped when creating a Windows named pipe
Ecosystems: cargo
Packages: tokio
Source: GitHub Advisory Database
Published: 29 days ago
Critical
GSA_kwCzR0hTQS1qanZwLXdmcDgtcnY2Oc4AAwyg
globalpom-utils has Insecure Temporary File
Ecosystems: maven
Packages: com.anrisoftware.globalpom:globalpomutils
Source: GitHub Advisory Database
Published: 29 days ago
High
GSA_kwCzR0hTQS01NHc2LXZ4ZmgtZnc3Zs4AAwyX
Http4s improperly parses User-Agent and Server headers
Ecosystems: maven
Packages: org.http4s:http4s-core
Source: GitHub Advisory Database
Published: 29 days ago
Critical
GSA_kwCzR0hTQS03bWc1LXJ3MzktcTY3Zs4AAwyN
himiklab yii2-jqgrid-widget vulnerable to SQL Injection
Ecosystems: packagist
Packages: himiklab/yii2-jqgrid-widget
Source: GitHub Advisory Database
Published: 30 days ago
Critical
GSA_kwCzR0hTQS12amhmLTh2cXgtdnFwcc4AAwyJ
KubePi allows malicious actor to login with a forged JWT token via Hardcoded Jwtsigkeys
Ecosystems: go
Packages: github.com/KubeOperator/kubepi
Source: GitHub Advisory Database
Published: 30 days ago
Critical
GSA_kwCzR0hTQS02bWpwLTJybTYtOWc4Nc4AAwyI
XWiki CKEditor.HTMLConverter vulnerable to Remote Code Execution via Cross-Site Request Forgery
Ecosystems: maven
Packages: org.xwiki.contrib:application-ckeditor-ui
Source: GitHub Advisory Database
Published: 30 days ago
Critical
GSA_kwCzR0hTQS02OGh2LTg5MjYtajM0Y84AAwyF
DBRisinajumi d2files SQL Injection vulnerability
Ecosystems: packagist
Packages: dbrisinajumi/d2files
Source: GitHub Advisory Database
Published: 30 days ago
Moderate
GSA_kwCzR0hTQS12NnZwLTYydmMtODRxd84AAwyC
Apache James server allows an attacker with local access to access private user data in transit
Ecosystems: maven
Packages: org.apache.james:james-server
Source: GitHub Advisory Database
Published: 30 days ago
Critical
GSA_kwCzR0hTQS03N2NjLXczd20tNndocM4AAwyB
dssp vulnerable to Improper Restriction of XML External Entity Reference
Ecosystems: maven
Packages: be.e_contract.dssp:dssp-client
Source: GitHub Advisory Database
Published: 30 days ago
Moderate
GSA_kwCzR0hTQS1xODR4LTM0NzYtOGZmMs4AAwx_
Apache James MIME4J vulnerable to information disclosure to local users
Ecosystems: maven
Packages: org.apache.james:apache-mime4j
Source: GitHub Advisory Database
Published: 30 days ago
Critical
GSA_kwCzR0hTQS04cGg4LTlxMmotYzNycc4AAwx-
nodebatis SQL Injection vulnerability
Ecosystems: npm
Packages: nodebatis
Source: GitHub Advisory Database
Published: 30 days ago
Critical
GSA_kwCzR0hTQS1mMjU5LWg2bTgtaG04bc4AAwx2
exec-local-bin vulnerable to Command Injection
Ecosystems: npm
Packages: exec-local-bin
Source: GitHub Advisory Database
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS14MzQ3LWZjOXctdzdjM84AAwxu
Nuxeo vulnerable to Reflected Cross-Site Scripting leading to Remote Code Execution
Ecosystems: maven
Packages: org.nuxeo.ecm.platform:nuxeo-platform-oauth
Source: GitHub Advisory Database
Published: about 1 month ago
Critical
GSA_kwCzR0hTQS13Zzk5LTV2cngtajJnZ84AAwwt
bonita-connector-webservice XML External Entity vulnerability
Ecosystems: maven
Packages: org.bonitasoft.connectors:bonita-connector-webservice
Source: GitHub Advisory Database
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS13OW1yLTRtZnItNDk5Zs4AAwww
Vercel ms Inefficient Regular Expression Complexity vulnerability
Ecosystems: npm
Packages: ms
Source: GitHub Advisory Database
Published: about 1 month ago
High
GSA_kwCzR0hTQS02ZzMzLTh3MnEtNGh4ds4AAwwq
robots-txt-guard Inefficient Regular Expression Complexity vulnerability
Ecosystems: npm
Packages: robots-txt-guard
Source: GitHub Advisory Database
Published: about 1 month ago
Critical
GSA_kwCzR0hTQS1nNHI4LTI4ZnAtZjI1Nc4AAwwx
aXMLRPC XML External Entity vulnerability
Ecosystems: maven
Packages: fr.turri:aXMLRPC
Source: GitHub Advisory Database
Published: about 1 month ago
High
GSA_kwCzR0hTQS1oODU3LTJnNTYtNDY4Z84AAwwo
@mattkrick/sanitize-svg vulnerable to Cross-Site Scripting (XSS)
Ecosystems: npm
Packages: @mattkrick/sanitize-svg
Source: GitHub Advisory Database
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS1jNjUzLTZoaGctOXg5Ms4AAwwn
go-ipld-prime/codec/json may panic if asked to encode bytes
Ecosystems: go
Packages: github.com/ipld/go-ipld-prime/codec/json
Source: GitHub Advisory Database
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS12cTh3LXg4djctZjg4bc4AAwwG
LdapCherry Cross-site Scripting vulnerbaility
Ecosystems: pypi
Packages: ldapcherry
Source: GitHub Advisory Database
Published: about 1 month ago
High
GSA_kwCzR0hTQS12Zjk5LXh3MjYtODZnNc4AAwwE
PgHero Allows Information Disclosure Through EXPLAIN Feature
Ecosystems: rubygems
Packages: pghero
Source: GitHub Advisory Database
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS1wang0LTNmM3AtMjl2M84AAwwC
django-ucamlookup Cross-site Scripting vulnerability
Ecosystems: pypi
Packages: django-ucamlookup
Source: GitHub Advisory Database
Published: about 1 month ago
Filter by Package
tensorflow 403 tensorflow-cpu 366 tensorflow-gpu 366 org.jenkins-ci.main:jenkins-core 146 org.apache.tomcat:tomcat 73 microweber/microweber 68 com.fasterxml.jackson.core:jackson-databind 68 Microsoft.ChakraCore 67 github.com/usememos/memos 54 actionpack 51 pimcore/pimcore 44 apache-airflow 43 org.apache.struts:struts2-core 43 ansible 42 django 42 rdiffweb 40 shopware/platform 40 Pillow 39 typo3/cms-core 38 org.keycloak:keycloak-core 38 com.thoughtworks.xstream:xstream 37 showdoc/showdoc 36 shopware/core 31 librenms/librenms 30 opencv-contrib-python 30 opencv-python 30 snipe/snipe-it 28 org.apache.nifi:nifi 27 moodle/moodle 25 io.undertow:undertow-core 25 org.springframework:spring-core 25 nokogiri 24 org.elasticsearch:elasticsearch 23 parse-server 23 net.mingsoft:ms-mcms 23 activerecord 22 org.apache.tomcat.embed:tomcat-embed-core 22 remdex/livehelperchat 22 org.jenkins-ci.plugins:script-security 21 org.apache.solr:solr-core 21 dolibarr/dolibarr 21 gogs.io/gogs 21 matrix-synapse 20 Plone 20 rails 20 apache-superset 20 org.springframework.security:spring-security-core 20 electron 19 org.eclipse.jetty:jetty-server 19 com.vaadin:vaadin-bom 19 typo3/cms 18 mautic/core 18 org.keycloak:keycloak-parent 17 concrete5/concrete5 17 org.apache.openmeetings:openmeetings-parent 17 org.bouncycastle:bcprov-jdk14 17 cakephp/cakephp 17 shopware/shopware 17 org.apache.activemq:activemq-client 17 openssl-src 17 marked 16 thorsten/phpmyfaq 16 org.bouncycastle:bcprov-jdk15 16 yetiforce/yetiforce-crm 16 rack 16 github.com/argoproj/argo-cd 16 silverstripe/framework 16 rusqlite 16 baserproject/basercms 15 org.apache.geode:geode-core 15 pocketmine/pocketmine-mp 15 craftcms/cms 14 org.apache.cxf:cxf 14 github.com/hashicorp/nomad 14 swagger-ui 14 org.xwiki.platform:xwiki-platform-oldcore 14 org.apache.jspwiki:jspwiki-main 14 github.com/ethereum/go-ethereum 14 symfony/symfony 14 strapi 14 puppet 13 grumpydictator/firefly-iii 13 handlebars 13 tribalsystems/zenario 13 notebook 13 froxlor/froxlor 13 Microsoft.AspNetCore.App.Runtime.osx-x64 13 Microsoft.AspNetCore.App.Runtime.win-x86 13 Microsoft.AspNetCore.App.Runtime.win-arm 13 Microsoft.AspNetCore.App.Runtime.win-x64 13 Microsoft.AspNetCore.App.Runtime.linux-arm 13 Microsoft.AspNetCore.App.Runtime.linux-x64 13 Microsoft.AspNetCore.App.Runtime.linux-musl-x64 13 Microsoft.AspNetCore.App.Runtime.linux-arm64 13 @openzeppelin/contracts-upgradeable 13 publify_core 13 github.com/goharbor/harbor 13 pyftpdlib 13 org.apache.tika:tika-core 13 org.apache.dubbo:dubbo 13 helm.sh/helm/v3 12 rails-html-sanitizer 12 phpmailer/phpmailer 12 Microsoft.AspNetCore.App.Runtime.linux-musl-arm64 12 actionview 12 sequelize 12 getkirby/cms 12 @openzeppelin/contracts 12 github.com/rancher/rancher 12 forkcms/forkcms 12 openmage/magento-lts 12 next 12 onionshare-cli 11 org.jenkins-ci.plugins.workflow:workflow-cps 11 feehi/feehicms 11 org.jenkins-ci.plugins:git 11 org.apache.cxf:cxf-core 11 Django 11 org.apache.hadoop:hadoop-common 11 com.liferay.portal:release.portal.bom 11 org.apache.hadoop:hadoop-main 11 intelliants/subrion 11 fat_free_crm 11 getgrav/grav 11 francoisjacquet/rosariosis 11 drupal/core 11 DotNetNuke.Core 11 wasmtime 10 github.com/hashicorp/consul 10 com.vaadin:flow-server 10 Microsoft.AspNetCore.App.Runtime.win-arm64 10 ckb 10 Microsoft.NETCore.App 10 Microsoft.AspNetCore.All 10 twisted 10 github.com/hashicorp/vault 10 activesupport 10 github.com/argoproj/argo-cd/v2 10 contao/core-bundle 10 ckeditor4 10 org.apache.jspwiki:jspwiki-war 10 october/system 10 tinymce 10 vyper 10 org.apache.ranger:ranger 10 github.com/containerd/containerd 9 org.apache.camel:camel-core 9 io.jenkins:configuration-as-code 9 centreon/centreon 9 org.apache.xmlgraphics:batik 9 jquery 9 code.gitea.io/gitea 9 k8s.io/kubernetes 9 calibreweb 9 org.apache.hive:hive 9 puma 9 concrete5/core 9 org.jenkins-ci.plugins.workflow:workflow-cps-global-lib 9 waitress 9 kevinpapst/kimai2 9 opencv-python-headless 9 github.com/docker/docker 9 org.apache.kylin:kylin 9 validator 9 serve 9 ssddanbrown/bookstack 8 ghost 8 org.apache.tapestry:tapestry-core 8 Microsoft.AspNetCore.App.Runtime.linux-musl-arm 8 Microsoft.AspNetCore.App 8 OctoPrint 8 url-parse 8 nodebb 8 urijs 8 steal 8 topthink/framework 8 org.yaml:snakeyaml 8 org.xwiki.platform:xwiki-platform-web 8 jquery-ui 8 sylius/sylius 8 org.apache.tika:tika 8 org.apache.shiro:shiro-core 8 org.apache.poi:poi 8 pyload-ng 8 org.apache.commons:commons-compress 8 github.com/kubeedge/kubeedge 8 npm 8 org.apache.karaf:apache-karaf 8 mysql:mysql-connector-java 8 org.jboss.resteasy:resteasy-client 8 org.apache.pdfbox:pdfbox 8 elefant/cms 8 facturascripts/facturascripts 8 passenger 8 impresscms/impresscms 8 org.apache.hive:hive-exec 8 node-forge 8 opencv-contrib-python-headless 8 github.com/nats-io/nats-server/v2 8 org.apache.ozone:ozone-main 8 org.apache.zeppelin:zeppelin 7 urllib3 7 org.springframework:spring-webmvc 7 github.com/opencontainers/runc 7 ezsystems/ezpublish-kernel 7 org.jenkins-ci.plugins:subversion 7 github.com/traefik/traefik/v2 7 tar 7 github.com/cri-o/cri-o 7 total.js 7 github.com/cloudflare/cfrpki/cmd/octorpki 7 org.igniterealtime.openfire:parent 7 pillow 7 systeminformation 7 october/cms 7 feehi/cms 7 org.apache.santuario:xmlsec 7 org.apache.atlas:atlas-common 7 jsrsasign 7 org.craftercms:crafter-studio 7 io.jenkins.blueocean:blueocean 7 Microsoft.NETCore.App.Runtime.win-x86 7 Microsoft.NETCore.App.Runtime.win-arm 7 Microsoft.NETCore.App.Runtime.win-x64 7 Microsoft.NETCore.App.Runtime.win-arm64 7 Microsoft.NETCore.App.Runtime.linux-musl-x64 7 Microsoft.NETCore.App.Runtime.osx-x64 7 Microsoft.NETCore.App.Runtime.linux-x64 7 Microsoft.NETCore.App.Runtime.linux-musl-arm64 7 Microsoft.NETCore.App.Runtime.linux-arm64 7 Microsoft.NETCore.App.Runtime.linux-arm 7 github.com/go-gitea/gitea 7 codeigniter4/framework 7 pysaml2 7 laravel/framework 7 october/backend 7 numpy 7 keystone 7 snyk-broker 7 next-auth 7 angular 7 hapi 7 org.apache.httpcomponents:httpclient 7 org.apache.druid:druid 7 hermes-engine 7 hyper 7 org.apache.spark:spark-core_2.11 7 github.com/pomerium/pomerium 7 org.apache.cxf:apache-cxf 7 lodash 7 org.apache.james:james-server 7 io.atomix:atomix 7 org.apache.hive:hive-service 7 tensorflow-lite 7 magento/community-edition 7 org.apache.syncope:syncope-core 6 Flask-AppBuilder 6 org.jenkins-ci.plugins:ec2 6 github.com/sylabs/singularity 6 io.jenkins.plugins:cavisson-ns-nd-integration 6 loofah 6 Simple-Wayland-HotKey-Daemon 6 org.apache.archiva:archiva 6 org.jenkins-ci.plugins:active-directory 6 Microsoft.AspNetCore.Mvc.Core 6 org.apache.solr:solr-parent 6 org.apache.dolphinscheduler:dolphinscheduler 6 org.apache.mesos:mesos 6 com.sonyericsson.hudson.plugins.gerrit:gerrit-trigger 6 github.com/fluxcd/flux2 6 commons-jxpath:commons-jxpath 6 org.postgresql:postgresql 6 lief 6 express-cart 6 org.opencastproject:opencast-kernel 6 org.apache.logging.log4j:log4j-core 6 parse-url 6 OPCFoundation.NetStandard.Opc.Ua.Core 6 doorkeeper 6 github.com/beego/beego 6 ipython 6 bootstrap 6 simplesamlphp/simplesamlphp 6 org.springframework.amqp:spring-amqp 6 io.netty:netty-handler 6 guzzlehttp/guzzle 6 ember-source 6 inventree 6 libpulse-binding 6 org.apache.spark:spark-core_2.10 6 smarty/smarty 6 python-gnupg 6 org.owasp.antisamy:antisamy 6 cobbler 6 github.com/google/fscrypt 6 org.jeecgframework.boot:jeecg-boot-base 6 smallvec 6 pterodactyl/panel 6 aaptjs 6 wagtail 6