Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories

Browse all Security Advisories for

Loading...
Critical
GSA_kwCzR0hTQS1tanZmLTRoODgtNnhtM84ABAUj
Improper Authentication vulnerability in Apache Solr
Ecosystems: maven
Packages: org.apache.solr:solr
Source: GitHub Advisory Database
Blast Radius: 23.7
Published: about 1 month ago
High
GSA_kwCzR0hTQS1oN3c5LWM1dngteDdqM84ABAUw
Insecure Default Initialization of Resource vulnerability in Apache Solr
Ecosystems: maven
Packages: org.apache.solr:solr
Source: GitHub Advisory Database
Blast Radius: 19.6
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS1oNDdoLW13cDktYzZxNs4ABATf
Possible ReDoS vulnerability in block_format in Action Mailer
Ecosystems: rubygems
Packages: actionmailer
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS13d2h2LXd4djktcnBnd84ABATc
Possible ReDoS vulnerability in plain_text_for_blockquote_node in Action Text
Ecosystems: rubygems
Packages: actiontext
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS12Zmc5LXIzZnEtanZ4NM4ABATd
Possible ReDoS vulnerability in HTTP Token authentication in Action Controller
Ecosystems: rubygems
Packages: actionpack
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS14NzZ3LTZ2anItOHhnas4ABATe
Possible ReDoS vulnerability in query parameter filtering in Action Dispatch
Ecosystems: rubygems
Packages: actionpack
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 month ago
High
GSA_kwCzR0hTQS1oZ2pwLTgzbTQtaDRmas4ABAS0
MySQL Connector/Python connector takeover vulnerability
Ecosystems: pypi
Packages: mysql-connector-python
Source: GitHub Advisory Database
Blast Radius: 31.3
Published: about 1 month ago
Critical
GSA_kwCzR0hTQS05MjI0LWdndnctd2g3ds4ABATP
VM images built with Image Builder and Proxmox provider use default credentials in github.com/kubernetes-sigs/image-builder
Ecosystems: go
Packages: github.com/kubernetes-sigs/image-builder
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS14aHIzLXdmN2otaDI1Nc4ABATH
Infinite loop in github.com/gomarkdown/markdown
Ecosystems: go
Packages: github.com/gomarkdown/markdown
Source: GitHub Advisory Database
Blast Radius: 15.3
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS04anBnLTYyamMtaHdocs4ABATC
VM images built with Image Builder with some providers use default credentials during builds in github.com/kubernetes-sigs/image-builder
Ecosystems: go
Packages: github.com/kubernetes-sigs/image-builder
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 month ago
Low
GSA_kwCzR0hTQS01ajRjLThwMmctdjRqeM4ABARn
ReDoS vulnerability in vue package that is exploitable through inefficient regex evaluation in the parseHTML function
Ecosystems: npm
Packages: vue
Source: GitHub Advisory Database
Blast Radius: 22.0
Published: about 1 month ago
High
GSA_kwCzR0hTQS1mOTZoLXBtZnItNjZ2d84ABARh
Starlette Denial of service (DoS) via multipart/form-data
Ecosystems: pypi
Packages: starlette
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 month ago
High
GSA_kwCzR0hTQS1xY3ZoLXA5anEtd3A4ds4ABARg
Malicious homeservers can steal message keys when the matrix-react-sdk user invites another user to a room
Ecosystems: npm
Packages: matrix-react-sdk
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 month ago
High
GSA_kwCzR0hTQS00amY4LWc4d3AtY3g3Y84ABARf
Matrix JavaScript SDK's key history sharing could share keys to malicious devices
Ecosystems: npm
Packages: matrix-js-sdk
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 month ago
Critical
GSA_kwCzR0hTQS00cjd2LXdocGctOHJ4M84ABARe
changedetection.io has a Server Side Template Injection using Jinja2 which allows Remote Command Execution
Ecosystems: pypi
Packages: changedetection.io
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 month ago
Critical
GSA_kwCzR0hTQS1yOW1xLTNjOXItZm1qcc4ABARd
Vendure asset server plugin has local file read vulnerability with AssetServerPlugin & LocalAssetStorageStrategy
Ecosystems: npm
Packages: @vendure/asset-server-plugin
Source: GitHub Advisory Database
Blast Radius: 16.4
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS0yMjM0LWZtdzctNDN3cs4ABARc
Hono allows bypass of CSRF Middleware by a request without Content-Type header.
Ecosystems: npm
Packages: hono
Source: GitHub Advisory Database
Blast Radius: 16.7
Published: about 1 month ago
High
GSA_kwCzR0hTQS1mbWo3LTdnZnctNjRwZ84ABARb
Agent Dart is missing certificate verification checks
Ecosystems: pub
Packages: agent_dart
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 month ago
Low
GSA_kwCzR0hTQS1mYzloLXdocTItdjc0N84ABARZ
Valid ECDSA signatures erroneously rejected in Elliptic
Ecosystems: npm
Packages: elliptic
Source: GitHub Advisory Database
Blast Radius: 28.0
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS02amd3LXJnbW0tN2N2Ns4ABARX
PyO3 has a risk of use-after-free in `borrowed` reads from Python weak references
Ecosystems: cargo
Packages: pyo3
Source: GitHub Advisory Database
Blast Radius: 17.9
Published: about 1 month ago
High
GSA_kwCzR0hTQS1jeDk1LXE2Z3gtdzRxcM4ABARQ
SAK-50571 Sakai Kernel users created with type roleview can login as a normal user
Ecosystems: maven
Packages: org.sakaiproject.kernel:sakai-kernel-impl
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS00d3gzLTU0Z2gtOWZyOc4ABAQx
Cross site scripting in markdown-to-jsx
Ecosystems: npm
Packages: markdown-to-jsx
Source: GitHub Advisory Database
Blast Radius: 29.0
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS1wZjV2LXBxZnYteDhqas4ABAQZ
OpenCanary Executes Commands From Potentially Writable Config File
Ecosystems: pypi
Packages: OpenCanary
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS1xaDhnLTU4cHAtMnd4aM4ABAQY
Eclipse Jetty URI parsing of invalid authority
Ecosystems: maven
Packages: org.eclipse.jetty:jetty-http
Source: GitHub Advisory Database
Blast Radius: 14.5
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS1nOG01LTcyMnItOHdocc4ABAQX
Eclipse Jetty's ThreadLimitHandler.getRemote() vulnerable to remote DoS attacks
Ecosystems: maven
Packages: org.eclipse.jetty:jetty-server
Source: GitHub Advisory Database
Blast Radius: 26.8
Published: about 1 month ago
Low
GSA_kwCzR0hTQS1yN200LWY5aDUtZ3I3Oc4ABAQW
Eclipse Jetty's PushSessionCacheFilter can cause remote DoS attacks
Ecosystems: maven
Packages: org.eclipse.jetty:jetty-servlets
Source: GitHub Advisory Database
Blast Radius: 12.2
Published: about 1 month ago
Low
GSA_kwCzR0hTQS0zYzMyLTRocTktNndnas4ABAQV
SpiceDB calls to LookupResources using LookupResources2 with caveats may return context is missing when it is not
Ecosystems: go
Packages: github.com/authzed/spicedb
Source: GitHub Advisory Database
Blast Radius: 2.5
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS14bW1tLWp3NzYtcTd2Z84ABAQU
One Time Passcode (OTP) is valid longer than expiration timeSeverity
Ecosystems: maven
Packages: org.keycloak:keycloak-core
Source: GitHub Advisory Database
Blast Radius: 14.7
Published: about 1 month ago
High
GSA_kwCzR0hTQS01cnhwLTJyaHItcXdxds4ABAQT
Session fixation in Elytron SAML adapters
Ecosystems: maven
Packages: org.keycloak:keycloak-services
Source: GitHub Advisory Database
Blast Radius: 19.5
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS13OGdyLXh3cDQtcjlmN84ABAQS
Vulnerable Redirect URI Validation Results in Open Redirect
Ecosystems: maven
Packages: org.keycloak:keycloak-services
Source: GitHub Advisory Database
Blast Radius: 16.8
Published: about 1 month ago
High
GSA_kwCzR0hTQS14Z2Z2LXhweDgtcWhjcs4ABAQR
Improper Verification of SAML Responses Leading to Privilege Escalation in Keycloak
Ecosystems: maven
Packages: org.keycloak:keycloak-saml-core
Source: GitHub Advisory Database
Blast Radius: 18.1
Published: about 1 month ago
Low
GSA_kwCzR0hTQS12djZjLTY5cjYtY2hnOc4ABAQQ
Go-Landlock in best-effort mode did not restrict TCP bind and connect operations correctly
Ecosystems: go
Packages: github.com/landlock-lsm/go-landlock
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS1tODV3LTNoOTUtaGNmOc4ABAQP
DOM Clobbering Gadget found in astro's client-side router that leads to XSS
Ecosystems: npm
Packages: astro
Source: GitHub Advisory Database
Blast Radius: 25.2
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS1nNzd4LTQ0eHgtNTMybc4ABAQO
Denial of Service condition in Next.js image optimization
Ecosystems: npm
Packages: next
Source: GitHub Advisory Database
Blast Radius: 32.7
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS1wMjZyLWdmZ2MtYzQ3aM4ABAQI
KubeSphere IDOR vulnerability
Ecosystems: go
Packages: github.com/kubesphere/kubesphere
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 month ago
High
GSA_kwCzR0hTQS00NDNqLWdyeHYtMnBnds4ABAPx
Apache ActiveMQ Artemis: Authenticated users could perform RCE via Jolokia MBeans
Ecosystems: maven
Packages: org.apache.activemq:artemis-cli
Source: GitHub Advisory Database
Blast Radius: 17.4
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS1qMjZ3LWY5cnEtbXIycc4ABAPv
Eclipse Jetty has a denial of service vulnerability on DosFilter
Ecosystems: maven
Packages: org.eclipse.jetty:jetty-servlets, org.eclipse.jetty.ee9:jetty-ee9-servlets, org.eclipse.jetty.ee8:jetty-ee8-servlets, org.eclipse.jetty.ee10:jetty-ee10-servlets
Source: GitHub Advisory Database
Blast Radius: 20.8
Published: about 1 month ago
Critical
GSA_kwCzR0hTQS03Nm13LTZwOTUteDl4Nc4ABAOn
pac4j-core affected by a Java deserialization vulnerability
Ecosystems: maven
Packages: org.pac4j:pac4j-core
Source: GitHub Advisory Database
Blast Radius: 25.1
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS02aDY0LWc3Y2otaGo1Ns4ABAOH
Lord of Large Language Models (LoLLMs) path traversal vulnerability in the api open_personality_folder endpoint
Ecosystems: pypi
Packages: lollms
Source: GitHub Advisory Database
Blast Radius: 2.6
Published: about 1 month ago
Critical
GSA_kwCzR0hTQS12Z3hxLTZyY2YtcXdyd84ABANd
angular-base64-upload vulnerable to unauthenticated remote code execution
Ecosystems: npm
Packages: angular-base64-upload
Source: GitHub Advisory Database
Blast Radius: 19.7
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS04cm0yLTkzbXEtanFoY84ABANU
Extract has insufficient checks allowing attacker to create symlinks outside the extraction directory.
Ecosystems: go
Packages: github.com/codeclysm/extract, github.com/codeclysm/extract/v4, github.com/codeclysm/extract/v3
Source: GitHub Advisory Database
Blast Radius: 10.8
Published: about 1 month ago
High
GSA_kwCzR0hTQS1neDltLXdoam0tODVqZs4ABANT
DOMpurify has a nesting-based mXSS
Ecosystems: npm
Packages: dompurify
Source: GitHub Advisory Database
Blast Radius: 47.5
Published: about 1 month ago
Critical
GSA_kwCzR0hTQS1qMmhyLXE5M3gtZ3h2aM4ABANS
SSOReady has an XML Signature Bypass via differential XML parsing
Ecosystems: go
Packages: github.com/ssoready/ssoready
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 month ago
Critical
GSA_kwCzR0hTQS1wcHBnLWNwZnEtaDd3cs4ABAM3
JSONPath Plus Remote Code Execution (RCE) Vulnerability
Ecosystems: maven, npm
Packages: org.webjars.npm:jsonpath-plus, jsonpath-plus
Source: GitHub Advisory Database
Blast Radius: 42.8
Published: about 1 month ago
Low
GSA_kwCzR0hTQS03cGdyLTMyZngtYzZ4Oc4ABAM8
Lord of Large Language Models (LoLLMs) Server path traversal vulnerability in lollms_file_system.py
Ecosystems: pypi
Packages: lollms
Source: GitHub Advisory Database
Blast Radius: 2.0
Published: about 1 month ago
High
GSA_kwCzR0hTQS01N3FoLXZtanItNWp4Z84ABAMx
Snipe-IT remote code execution
Ecosystems: packagist
Packages: snipe/snipe-it
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 month ago
Low
GSA_kwCzR0hTQS0yNmpoLXI4ZzItNmZwcs4ABAMK
Gradio's dropdown component pre-process step does not limit the values to those in the dropdown list
Ecosystems: pypi
Packages: gradio
Source: GitHub Advisory Database
Blast Radius: 21.6
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS1ndnY2LTMzajctODg0Z84ABAMJ
Gradio has an XSS on every Gradio server via upload of HTML files, JS files, or SVG files
Ecosystems: pypi
Packages: gradio
Source: GitHub Advisory Database
Blast Radius: 22.0
Published: about 1 month ago
High
GSA_kwCzR0hTQS0yNzlqLXg0Z3gtaGZyaM4ABAMI
Gradio uses insecure communication between the FRP client and server
Ecosystems: pypi
Packages: gradio
Source: GitHub Advisory Database
Blast Radius: 33.0
Published: about 1 month ago
High
GSA_kwCzR0hTQS14aDJ4LTNtcm0tZndxbc4ABAMH
Gradio has a race condition in update_root_in_config may redirect user traffic
Ecosystems: pypi
Packages: gradio
Source: GitHub Advisory Database
Blast Radius: 28.5
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS1qNzU3LXBmNTctZjhyNM4ABAMG
Gradio performs a non-constant-time comparison when comparing hashes
Ecosystems: pypi
Packages: gradio
Source: GitHub Advisory Database
Blast Radius: 15.1
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS00cTNjLWNqN2ctamN3Zs4ABAMF
Gradio has several components with post-process steps allow arbitrary file leaks
Ecosystems: pypi
Packages: gradio
Source: GitHub Advisory Database
Blast Radius: 21.6
Published: about 1 month ago
High
GSA_kwCzR0hTQS04Yzg3LWd2aGoteG04bc4ABAME
Gradio lacks integrity checking on the downloaded FRP client
Ecosystems: pypi
Packages: gradio
Source: GitHub Advisory Database
Blast Radius: 30.5
Published: about 1 month ago
Low
GSA_kwCzR0hTQS1obTNjLTkzcGctNGN4d84ABAMD
In Gradio, the `enable_monitoring` flag set to `False` does not disable monitoring
Ecosystems: pypi
Packages: gradio
Source: GitHub Advisory Database
Blast Radius: 17.5
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS01NzZjLTNqNTMtcjlqas4ABAMC
Gradio vulnerable to SSRF in the path parameter of /queue/join
Ecosystems: pypi
Packages: gradio
Source: GitHub Advisory Database
Blast Radius: 29.3
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS0zN3FjLXFneDYtOXhqds4ABAMB
Gradio has a one-level read path traversal in `/custom_component`
Ecosystems: pypi
Packages: gradio
Source: GitHub Advisory Database
Blast Radius: 21.6
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS04OXYyLXBxZnYtYzVyOc4ABAMA
Gradio's CORS origin validation accepts the null origin
Ecosystems: pypi
Packages: gradio
Source: GitHub Advisory Database
Blast Radius: 22.0
Published: about 1 month ago
High
GSA_kwCzR0hTQS1ycjhqLTd3MzQteHA1as4ABALz
Vault Community Edition privilege escalation vulnerability
Ecosystems: go
Packages: github.com/hashicorp/vault
Source: GitHub Advisory Database
Blast Radius: 24.2
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS03N3hxLTZnNzctaDI3NM4ABALi
Gradio's `is_in_or_equal` function may be bypassed
Ecosystems: pypi
Packages: gradio
Source: GitHub Advisory Database
Blast Radius: 26.5
Published: about 1 month ago
High
GSA_kwCzR0hTQS0zYzY3LTVod3gtZjZ3eM4ABALh
Gradios's CORS origin validation is not performed when the request has a cookie
Ecosystems: pypi
Packages: gradio
Source: GitHub Advisory Database
Blast Radius: 35.8
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS04cHBoLWdmaHAtdzIyNs4ABALg
Alist reflected Cross-Site Scripting vulnerability
Ecosystems: go
Packages: github.com/alist-org/alist/v3
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS00Z2Z3LXdmN2MtdzZnMs4ABALS
Authd allows attacker-controlled usernames to yield controllable UIDs
Ecosystems: go
Packages: github.com/ubuntu/authd
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 month ago
High
GSA_kwCzR0hTQS0yN3ZoLWg2bWMtcTZnOM4ABALR
btcd did not correctly re-implement Bitcoin Core's "FindAndDelete()" functionality
Ecosystems: go
Packages: github.com/btcsuite/btcd
Source: GitHub Advisory Database
Blast Radius: 29.8
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS14YzVwLTc3M3ctbTNwbc4ABAK_
Magento Open Source Improper Authorization vulnerability
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 5.8
Published: about 1 month ago
Low
GSA_kwCzR0hTQS13N3JnLTd3cTItcGpyd84ABAK6
Magento Open Source Improper Access Control vulnerability
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 2.9
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS04cHhnLWdjcDQtNTd3d84ABAK0
Magento Open Source Improper Access Control vulnerability
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 2.9
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS1qM21oLXd4NWYtMnZoZ84ABAK7
Magento Open Source Information Exposure vulnerability
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 2.9
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS00Zjg5LTVjd20tcm01Z84ABALD
Magento Open Source Information Exposure vulnerability
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 2.9
Published: about 1 month ago
High
GSA_kwCzR0hTQS01ZjY0LXBwbWctY3Z2bc4ABALB
Magento Open Source Improper Authorization vulnerability
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 7.0
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS1jODlnLWdxNXItMnh3Ms4ABAK5
Magento Open Source stored Cross-Site Scripting (XSS) vulnerability
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 5.2
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS0zZnIzLWdjcWgtM20yZ84ABAKn
Magento Open Source Improper Input Validation vulnerability
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 8.2
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS00N2pwLTQ2YzktMjV2Zs4ABAKp
Magento Open Source Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 4.6
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS1tNThoLTk5OHgtNjZmM84ABAKx
Magento Open Source Improper Access Control vulnerability
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 4.6
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS13M3AyLXBjM2gtNjl3ds4ABAKq
Magento Open Source Improper Access Control vulnerability
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 5.7
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS1nOWZtLXdjNmgtcHZnas4ABAKo
Magento Open Source Server-Side Request Forgery (SSRF) vulnerability
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 5.9
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS12M3Y2LWpmdnctbTU3Ns4ABAKv
Magento Open Source Improper Access Control vulnerability
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 4.6
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS04NzNtLTcyZzYtODUzZ84ABAKm
Magento Open Source Cross-Site Scripting (XSS) vulnerability
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 8.7
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS00NmZtLXg4Mm0tNWY3NM4ABAKu
Magento Open Source Improper Access Control vulnerability
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 4.6
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS14ZzM2LThjMnYtanB4aM4ABAKs
Magento Open Source Incorrect Authorization vulnerability
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 4.6
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS1xcHA3LTc0MnEtNThqM84ABAKr
Magento Open Source Improper Authorization vulnerability
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 5.8
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS0ycWhxLWZ3OTgtaDZ3Z84ABAKy
Magento Open Source Improper Access Control vulnerability
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 4.6
Published: about 1 month ago
High
GSA_kwCzR0hTQS1jZzUyLTY4ZnYtOTRxcc4ABAKw
Magento Open Source Improper Access Control vulnerability
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 7.0
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS04OHgyLWNxMzQtNWZ3Y84ABAK2
Magento Open Source reflected Cross-Site Scripting (XSS) vulnerability
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 6.6
Published: about 1 month ago
Low
GSA_kwCzR0hTQS00MzRnLTI2MzctcW1xcs4ABAJS
Elliptic's verify function omits uniqueness validation
Ecosystems: npm
Packages: elliptic
Source: GitHub Advisory Database
Blast Radius: 30.9
Published: about 1 month ago
Low
GSA_kwCzR0hTQS13N3FyLXE5ZmgtZmozNc4ABAJK
Dozzle uses unsafe hash for passwords
Ecosystems: go
Packages: github.com/amir20/dozzle
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS01NGY0LXY2djktOXE4Ms4ABAJI
open-webui allows writing and deleting arbitrary files
Ecosystems: pypi
Packages: open-webui
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS14Y3ZjLTVoZ3YtcGhxZ84ABAJF
open-webui Insecure Direct Object Reference (IDOR) vulnerability
Ecosystems: pypi
Packages: open-webui
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 month ago
Low
GSA_kwCzR0hTQS1tcTkyLWpyMzUtZmZwY84ABAJB
open-webui allows enumeration of file names and traversal of directories by observing the error messages
Ecosystems: pypi
Packages: open-webui
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 month ago
Low
GSA_kwCzR0hTQS03cW14LTNmcHgtcjQ1bc4ABAI_
Wasmtime race condition could lead to WebAssembly control-flow integrity and type safety violations
Ecosystems: cargo
Packages: wasmtime
Source: GitHub Advisory Database
Blast Radius: 9.8
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS1xOGh4LW1tOTItNHd2Z84ABAI-
wasmtime has a runtime crash when combining tail calls with trapping imports
Ecosystems: cargo
Packages: wasmtime
Source: GitHub Advisory Database
Blast Radius: 18.6
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS01ODZwLTc0OWotZmh3cM4ABAIr
Buildah allows arbitrary directory mount
Ecosystems: go
Packages: github.com/containers/buildah
Source: GitHub Advisory Database
Blast Radius: 11.0
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS1wZnI5LTJwOTItcXJocc4ABAH9
Databento Binary Encoding (DBN) has a heap buffer overflow using c_chars_to_str function
Ecosystems: cargo
Packages: dbn
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS1qcWZ2LWpydnEtOTVqbc4ABAH6
Apache XML Graphics FOP XML External Entity Reference ('XXE') vulnerability
Ecosystems: maven
Packages: org.apache.xmlgraphics:fop-core
Source: GitHub Advisory Database
Blast Radius: 7.9
Published: about 1 month ago
High
GSA_kwCzR0hTQS05NzIyLTlqNjctdmpjcs4ABAFl
Improper Authorization in Select Permissions
Ecosystems: cargo
Packages: surrealdb-core, surrealdb
Source: GitHub Advisory Database
Blast Radius: 14.3
Published: about 1 month ago
High
GSA_kwCzR0hTQS1xanJ2LXY2cXAteDk5eM4ABAFk
SurrealDB has an Uncaught Exception Handling Parsing Errors on Empty Strings
Ecosystems: cargo
Packages: surrealdb-core, surrealdb
Source: GitHub Advisory Database
Blast Radius: 14.3
Published: about 1 month ago
High
GSA_kwCzR0hTQS1mM2N4LTM5NmYtN2pxcM4ABAFj
Livewire Remote Code Execution on File Uploads
Ecosystems: packagist
Packages: livewire/livewire
Source: GitHub Advisory Database
Blast Radius: 31.9
Published: about 1 month ago
Low
GSA_kwCzR0hTQS1mZmN2LXY2cHctcWhycM4ABAFi
Denial of Service in TYPO3 Bookmark Toolbar
Ecosystems: packagist
Packages: typo3/cms-backend
Source: GitHub Advisory Database
Blast Radius: 6.8
Published: about 1 month ago
High
GSA_kwCzR0hTQS05Y3A5LThndzItOHY3bc4ABAFg
Adguard Home arbitrary file read vulnerability
Ecosystems: go
Packages: github.com/AdguardTeam/AdGuardHome
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 month ago
High
GSA_kwCzR0hTQS04ZzRxLXhnNjYtOWZwNM4ABAFe
Microsoft Security Advisory CVE-2024-43485 | .NET Denial of Service Vulnerability
Ecosystems: nuget
Packages: System.Text.Json
Source: GitHub Advisory Database
Blast Radius: 10.1
Published: about 1 month ago
High
GSA_kwCzR0hTQS1mMzJjLXc0NDQtOHBwds4ABAFd
Microsoft Security Advisory CVE-2024-43484 | .NET Denial of Service Vulnerability
Ecosystems: nuget
Packages: System.IO.Packaging
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 month ago
Statistics
Advisories: 20,668
Packages: 9,040
Repositories: 5,530
Ecosystems: 12
Filter by Severity
Moderate 8,836 High 7,269 Critical 3,070 Low 1,144
Filter by Ecosystem
maven 5,864 packagist 4,634 pypi 4,352 npm 3,812 go 2,295 nuget 1,552 cargo 882 rubygems 880 swift 33 hex 32 actions 20 pub 9
Filter by Package
tensorflow 433 tensorflow-gpu 427 tensorflow-cpu 423 moodle/moodle 367 Microsoft.ChakraCore 247 magento/community-edition 235 org.jenkins-ci.main:jenkins-core 193 typo3/cms 174 org.apache.tomcat:tomcat 132 pimcore/pimcore 118 dolibarr/dolibarr 113 typo3/cms-core 106 Django 100 microweber/microweber 94 phpmyadmin/phpmyadmin 92 drupal/core 92 silverstripe/framework 85 apache-airflow 85 drupal/drupal 78 librenms/librenms 74 Plone 72 thorsten/phpmyfaq 70 symfony/symfony 69 com.fasterxml.jackson.core:jackson-databind 69 github.com/usememos/memos 64 ansible 63 github.com/mattermost/mattermost/server/v8 61 concrete5/concrete5 60 actionpack 60 salt 56 org.apache.struts:struts2-core 55 shopware/platform 52 apache-superset 51 org.keycloak:keycloak-core 51 github.com/grafana/grafana 49 nova 47 baserproject/basercms 47 com.liferay.portal:release.portal.bom 46 mlflow 46 craftcms/cms 46 django 44 nokogiri 43 rdiffweb 42 plone 41 showdoc/showdoc 40 shopware/core 40 intelliants/subrion 39 froxlor/froxlor 38 vyper 38 org.apache.tomcat.embed:tomcat-embed-core 38 github.com/rancher/rancher 38 github.com/hashicorp/vault 37 mautic/core 37 nilsteampassnet/teampass 37 org.xwiki.platform:xwiki-platform-oldcore 37 com.thoughtworks.xstream:xstream 37 github.com/mattermost/mattermost-server/v6 37 org.keycloak:keycloak-services 36 com.jfinal:jfinal 36 org.elasticsearch:elasticsearch 36 snipe/snipe-it 35 moin 35 k8s.io/kubernetes 35 net.mingsoft:ms-mcms 35 matrix-synapse 35 io.undertow:undertow-core 34 gradio 34 github.com/answerdev/answer 34 zendframework/zendframework1 34 org.jenkins-ci.plugins:script-security 33 opencv-python 31 opencv-contrib-python 31 keystone 31 github.com/argoproj/argo-cd 31 Pillow 31 parse-server 31 shopware/shopware 30 getgrav/grav 29 github.com/hashicorp/consul 29 github.com/docker/docker 29 mediawiki/core 28 github.com/hashicorp/nomad 28 centreon/centreon 27 github.com/argoproj/argo-cd/v2 27 prestashop/prestashop 26 directus 26 electron 26 openssl-src 26 pillow 26 github.com/cilium/cilium 25 rubygems-update 25 org.apache.solr:solr-core 25 org.keycloak:keycloak-parent 25 gogs.io/gogs 25 contao/core-bundle 24 org.springframework.security:spring-security-core 24 magento/core 24 org.eclipse.jetty:jetty-server 24 pocketmine/pocketmine-mp 23 remdex/livehelperchat 23 rack 23 zendframework/zendframework 23 simplesamlphp/simplesamlphp 23 puppet 23 grumpydictator/firefly-iii 23 tribalsystems/zenario 22 getkirby/cms 22 ckb 22 org.bouncycastle:bcprov-jdk14 22 Microsoft.AspNetCore.App.Runtime.win-x86 21 Microsoft.AspNetCore.App.Runtime.win-x64 21 @openzeppelin/contracts-upgradeable 21 activerecord 21 org.apache.openmeetings:openmeetings-parent 21 org.apache.nifi:nifi 21 github.com/ethereum/go-ethereum 20 @openzeppelin/contracts 20 glance 20 org.cloudfoundry.identity:cloudfoundry-identity-server 20 Microsoft.AspNetCore.App.Runtime.win-arm 20 funadmin/funadmin 20 code.gitea.io/gitea 20 laravel/framework 20 langchain 20 DotNetNuke.Core 19 github.com/goharbor/harbor 19 wasmtime 19 org.xwiki.platform:xwiki-platform-web-templates 19 org.springframework:spring-core 19 contao/contao 19 mindsdb 18 Microsoft.AspNetCore.App.Runtime.win-arm64 18 Microsoft.AspNetCore.App.Runtime.osx-x64 18 Microsoft.AspNetCore.App.Runtime.linux-x64 18 next 18 Microsoft.AspNetCore.App.Runtime.linux-musl-x64 18 Microsoft.AspNetCore.App.Runtime.linux-arm64 18 Microsoft.AspNetCore.App.Runtime.linux-arm 18 cockpit-hq/cockpit 18 com.liferay.portal:release.dxp.bom 18 topthink/framework 18 golang.org/x/net 18 mercurial 18 forkcms/forkcms 18 com.vaadin:vaadin-bom 18 github.com/traefik/traefik/v2 18 cobbler 18 org.apache.geode:geode-core 17 cakephp/cakephp 17 opencart/opencart 17 genix/cms 17 francoisjacquet/rosariosis 17 ezsystems/ezpublish-kernel 17 helm.sh/helm/v3 17 notebook 17 symfony/security 17 Microsoft.AspNetCore.App.Runtime.linux-musl-arm64 17 phpbb/phpbb 16 tinymce 16 typo3/cms-backend 16 pyload-ng 16 org.apache.dubbo:dubbo 16 org.apache.jspwiki:jspwiki-main 16 neutron 16 rusqlite 16 org.apache.activemq:activemq-client 16 PaddlePaddle 16 paddlepaddle 16 cryptography 16 github.com/zitadel/zitadel 16 openmage/magento-lts 16 sequelize 16 yetiforce/yetiforce-crm 16 org.bouncycastle:bcprov-jdk15 16 ethyca-fides 15 symfony/security-http 15 ckeditor4 15 org.apache.struts.xwork:xwork-core 15 OctoPrint 15 ghost 15 calibreweb 15 october/system 15 smarty/smarty 15 ec-cube/ec-cube 15 lollms 14 feehi/cms 14 github.com/containerd/containerd 14 org.xwiki.platform:xwiki-platform-web 14 org.apache.inlong:manager-pojo 14 bolt/bolt 14 pyftpdlib 14 dompdf/dompdf 14 camaleon_cms 14 org.apache.tomcat:tomcat-coyote 14 activesupport 14 aiohttp 14 github.com/nats-io/nats-server/v2 14 silverstripe/cms 14 modoboa 14 joplin 14
Filter by Repository
https://github.com/tensorflow/tensorflow 433 https://github.com/moodle/moodle 218 https://github.com/chakra-core/ChakraCore 214 https://github.com/xwiki/xwiki-platform 183 https://github.com/jenkinsci/jenkins 150 https://github.com/pimcore/pimcore 113 https://github.com/django/django 113 https://github.com/apache/tomcat 101 https://github.com/apache/airflow 100 https://github.com/microweber/microweber 88 https://github.com/keycloak/keycloak 74 https://github.com/TYPO3/typo3 74 https://github.com/FasterXML/jackson-databind 70 https://github.com/thorsten/phpmyfaq 69 https://github.com/librenms/librenms 66 https://github.com/symfony/symfony 64 https://github.com/silverstripe/silverstripe-framework 64 https://github.com/usememos/memos 64 https://github.com/rails/rails 59 https://github.com/ansible/ansible 58 https://github.com/Dolibarr/dolibarr 56 https://github.com/python-pillow/Pillow 52 https://github.com/kubernetes/kubernetes 52 https://github.com/apache/struts 46 https://github.com/spring-projects/spring-framework 45 https://github.com/shopware/platform 43 https://github.com/ikus060/rdiffweb 42 https://github.com/argoproj/argo-cd 42 https://github.com/concretecms/concretecms 41 https://github.com/grafana/grafana 41 https://github.com/vyperlang/vyper 38 https://github.com/phpmyadmin/phpmyadmin 38 https://github.com/star7th/showdoc 38 https://github.com/magento/magento2 38 https://github.com/plone/Products.CMFPlone 37 https://github.com/x-stream/xstream 37 https://github.com/openstack/nova 37 https://github.com/octobercms/october 35 https://github.com/mautic/mautic 35 https://github.com/answerdev/answer 34 https://github.com/craftcms/cms 34 https://github.com/saltstack/salt 34 https://github.com/rancher/rancher 34 https://github.com/dotnet/runtime 33 https://github.com/apache/activemq 33 https://github.com/sparklemotion/nokogiri 32 https://github.com/go-gitea/gitea 32 https://github.com/opencv/opencv 32 https://github.com/matrix-org/synapse 32 https://github.com/PaddlePaddle/Paddle 31 https://github.com/gradio-app/gradio 31 https://github.com/parse-community/parse-server 31 https://github.com/mlflow/mlflow 30 https://github.com/snipe/snipe-it 30 https://github.com/CVEProject/cvelist 28 https://github.com/openstack/keystone 28 https://github.com/shopware/shopware 28 https://github.com/apache/inlong 27 https://github.com/froxlor/froxlor 26 https://github.com/baserproject/basercms 26 https://github.com/cilium/cilium 25 https://github.com/contao/contao 25 https://github.com/github/advisory-database 25 https://github.com/electron/electron 25 https://github.com/directus/directus 25 https://github.com/umbraco/Umbraco-CMS 25 https://github.com/TYPO3/TYPO3.CMS 24 https://github.com/strapi/strapi 24 https://github.com/gogs/gogs 24 https://github.com/getgrav/grav 24 https://github.com/firefly-iii/firefly-iii 23 https://github.com/apache/nifi 23 https://github.com/eclipse/jetty.project 23 https://github.com/livehelperchat/livehelperchat 23 https://github.com/pmmp/PocketMine-MP 23 https://github.com/langchain-ai/langchain 22 https://github.com/nervosnetwork/ckb 22 https://github.com/PrestaShop/PrestaShop 22 https://github.com/hashicorp/consul 22 https://github.com/jenkinsci/script-security-plugin 21 https://github.com/netty/netty 21 https://github.com/apache/cxf 21 https://github.com/funadmin/funadmin 20 https://github.com/simplesamlphp/simplesamlphp 20 https://github.com/bytecodealliance/wasmtime 20 https://github.com/jeecgboot/jeecg-boot 20 https://github.com/OpenNMS/opennms 20 https://github.com/undertow-io/undertow 20 https://github.com/OpenZeppelin/openzeppelin-contracts 20 https://github.com/bcgit/bc-java 19 https://github.com/nilsteampassnet/teampass 19 https://github.com/getkirby/kirby 19 https://github.com/zitadel/zitadel 19 https://github.com/cloudfoundry/uaa 19 https://github.com/goharbor/harbor 19 https://github.com/rack/rack 18 https://github.com/rubygems/rubygems 18 https://github.com/traefik/traefik 18 https://github.com/helm/helm 18 https://github.com/intelliants/subrion 18 https://github.com/nilsteampassnet/TeamPass 18 https://github.com/geoserver/geoserver 18 https://github.com/mindsdb/mindsdb 17 https://github.com/vaadin/platform 17 https://github.com/moby/moby 17 https://github.com/liufee/cms 17 https://github.com/opencast/opencast 17 https://github.com/hashicorp/vault 17 https://github.com/etcd-io/etcd 16 https://github.com/TYPO3-CMS/core 16 https://github.com/OpenMage/magento-lts 16 https://github.com/tinymce/tinymce 16 https://github.com/yetiforcecompany/yetiforcecrm 16 https://github.com/forkcms/forkcms 16 https://github.com/ethereum/go-ethereum 16 https://github.com/sequelize/sequelize 16 https://github.com/laravel/framework 16 https://github.com/mattermost/mattermost 16 https://github.com/pyload/pyload 16 https://github.com/rusqlite/rusqlite 16 https://github.com/backstage/backstage 16 https://github.com/apache/camel 15 https://github.com/centreon/centreon 15 https://github.com/decidim/decidim 15 https://github.com/denoland/deno 15 https://github.com/zendframework/zendframework 15 https://github.com/cobbler/cobbler 15 https://github.com/vantage6/vantage6 15 https://github.com/PHPMailer/PHPMailer 15 https://github.com/pyca/cryptography 15 https://github.com/puppetlabs/puppet 15 https://github.com/dompdf/dompdf 15 https://github.com/ethyca/fides 15 https://github.com/aio-libs/aiohttp 14 https://github.com/hashicorp/nomad 14 https://github.com/ckeditor/ckeditor4 14 https://github.com/containerd/containerd 14 https://github.com/vercel/next.js 14 https://github.com/dotnet/aspnetcore 14 https://github.com/janeczku/calibre-web 14 https://github.com/xuxueli/xxl-job 14 https://github.com/cockpit-hq/cockpit 14 https://github.com/twisted/twisted 14 https://github.com/OPCFoundation/UA-.NETStandard 13 https://github.com/publify/publify 13 https://github.com/golang/go 13 https://github.com/quarkusio/quarkus 13 https://github.com/ming-soft/MCMS 13 https://github.com/OpenRefine/OpenRefine 13 https://github.com/swagger-api/swagger-ui 13 https://github.com/TryGhost/Ghost 13 https://github.com/modoboa/modoboa 13 https://github.com/nodejs/undici 13 https://github.com/laurent22/joplin 13 https://github.com/dromara/hutool 13 https://github.com/apache/dolphinscheduler 13 https://github.com/pimcore/admin-ui-classic-bundle 12 https://github.com/PHPOffice/PhpSpreadsheet 12 https://github.com/opencontainers/runc 12 https://github.com/patriksimek/vm2 12 https://github.com/apache/kylin 12 https://github.com/centreon/centreon-archived 12 https://github.com/openfga/openfga 12 https://github.com/wagtail/wagtail 12 https://github.com/puma/puma 12 https://github.com/containers/podman 12 https://github.com/urllib3/urllib3 12 https://github.com/smarty-php/smarty 12 https://github.com/1Panel-dev/1Panel 12 https://github.com/surrealdb/surrealdb 12 https://github.com/dpgaspar/Flask-AppBuilder 11 https://github.com/dolibarr/dolibarr 11 https://github.com/onionshare/onionshare 11 https://github.com/thorsten/phpMyFAQ 11 https://github.com/cakephp/cakephp 11 https://github.com/nats-io/nats-server 11 https://github.com/WWBN/AVideo 11 https://github.com/igniterealtime/Openfire 11 https://github.com/Pylons/waitress 11 https://github.com/scrapy/scrapy 11 https://github.com/top-think/framework 11 https://github.com/Studio-42/elFinder 11 https://github.com/ezsystems/ezpublish-kernel 11 https://github.com/openstack/glance 11 https://github.com/yiisoft/yii2 11 https://github.com/zenml-io/zenml 11 https://github.com/vaadin/flow 11 https://github.com/pomerium/pomerium 11 https://github.com/NodeBB/NodeBB 11 https://github.com/cloudflare/cfrpki 11 https://github.com/owen2345/camaleon-cms 11 https://github.com/drupal/core 11 https://github.com/spring-projects/spring-security 11 https://github.com/Sylius/Sylius 11 https://github.com/matrix-org/matrix-js-sdk 11 https://github.com/nautobot/nautobot 10 https://github.com/jenkinsci/git-plugin 10 https://github.com/nocodb/nocodb 10 https://github.com/pgadmin-org/pgadmin4 10