Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories

Browse all Security Advisories for

Loading...
High
GSA_kwCzR0hTQS1xajY2LW04OGotaG1nas4ABAFc
Microsoft Security Advisory CVE-2024-43483 | .NET Denial of Service Vulnerability
Ecosystems: nuget
Packages: Microsoft.Extensions.Caching.Memory, System.IO.Packaging, System.Security.Cryptography.Cose
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 month ago
High
GSA_kwCzR0hTQS04Y3A1LTNyZjgtOGdmaM4ABAEB
DeepSpeed Remote Code Execution Vulnerability
Ecosystems: pypi
Packages: deepspeed
Source: GitHub Advisory Database
Blast Radius: 30.0
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS01d3ByLWNqOXAtOTU5cs4ABADn
HTTP Request Smuggling Leading to Client Timeouts in resteasy-netty4
Ecosystems: maven
Packages: org.jboss.resteasy:resteasy-netty4-cdi
Source: GitHub Advisory Database
Blast Radius: 5.7
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS1qcWgyLWNoN3AteHd4aM4ABADo
Quarkus CXF logs passwords and other secrets
Ecosystems: maven
Packages: io.quarkiverse.cxf:quarkus-cxf
Source: GitHub Advisory Database
Blast Radius: 7.5
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS1qajVjLWhocmctdnY1aM4ABADv
xhtml2pdf Denial of Service via crafted string
Ecosystems: pypi
Packages: xhtml2pdf
Source: GitHub Advisory Database
Blast Radius: 17.8
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS01aGdjLTJ2ZnAtbXF2Y84ABADU
Django vulnerable to denial-of-service attack via the urlize() and urlizetrunc() template filters
Ecosystems: pypi
Packages: Django
Source: GitHub Advisory Database
Blast Radius: 26.8
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS1ycnFjLWMyangtNmpnds4ABADW
Django allows enumeration of user e-mail addresses
Ecosystems: pypi
Packages: Django
Source: GitHub Advisory Database
Blast Radius: 18.7
Published: about 1 month ago
High
GSA_kwCzR0hTQS03dnc5LWNmd3gtOWd4Oc4ABADL
Microsoft Security Advisory CVE-2024-38229 | .NET Remote Code Execution Vulnerability
Ecosystems: nuget
Packages: Microsoft.AspNetCore.App.Runtime.win-x86, Microsoft.AspNetCore.App.Runtime.win-x64, Microsoft.AspNetCore.App.Runtime.win-arm64, Microsoft.AspNetCore.App.Runtime.win-arm, Microsoft.AspNetCore.App.Runtime.osx-x64, Microsoft.AspNetCore.App.Runtime.osx-arm64, Microsoft.AspNetCore.App.Runtime.linux-x64, Microsoft.AspNetCore.App.Runtime.linux-musl-x64, Microsoft.AspNetCore.App.Runtime.linux-musl-arm64, Microsoft.AspNetCore.App.Runtime.linux-musl-arm, Microsoft.AspNetCore.App.Runtime.linux-arm64, Microsoft.AspNetCore.App.Runtime.linux-arm
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 month ago
Low
GSA_kwCzR0hTQS1yZjVtLWg4cTktOXc2cc4ABADH
Information Disclosure in TYPO3 Page Tree
Ecosystems: packagist
Packages: typo3/cms-backend
Source: GitHub Advisory Database
Blast Radius: 8.4
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS1wcjQ1LWNnNHgtZmY0bc4ABACN
ggit is vulnerable to Arbitrary Argument Injection via the clone() API
Ecosystems: npm
Packages: ggit
Source: GitHub Advisory Database
Blast Radius: 19.0
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS02MmN4LTV4ajQtd2ZtNM4ABACL
ggit is vulnerable to Command Injection via the fetchTags(branch) API
Ecosystems: npm
Packages: ggit
Source: GitHub Advisory Database
Blast Radius: 21.4
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS02MzM5LWd2N3ctZzVmNM4ABACE
SAP HANA Node.js client package vulnerable to Prototype Pollution
Ecosystems: npm
Packages: @sap/hana-client
Source: GitHub Advisory Database
Blast Radius: 10.9
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS1jN3htLXJ3cWotcGdjas4ABABl
LimeSurvey Cross Site Scripting vulnerability
Ecosystems: packagist
Packages: limesurvey/limesurvey
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS02MzJxLTc3cWotYzg5cc4ABABg
LimeSurvey Cross Site Scripting vulnerability
Ecosystems: packagist
Packages: limesurvey/limesurvey
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS03NHEyLTZqcDQtM3Jxcc4ABABh
Krayin CRM vulnerable to Cross Site Scripting (XSS) via the organization name
Ecosystems: packagist
Packages: krayin/laravel-crm
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 month ago
High
GSA_kwCzR0hTQS02aHdyLTZ2MmYtM204OM4ABABf
XXE in PHPSpreadsheet's XLSX reader
Ecosystems: packagist
Packages: phpoffice/phpspreadsheet
Source: GitHub Advisory Database
Blast Radius: 32.3
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS1yOHc4LTc0d3ctajR3aM4ABABe
PhpSpreadsheet HTML writer is vulnerable to Cross-Site Scripting via JavaScript hyperlinks
Ecosystems: packagist
Packages: phpoffice/phpspreadsheet
Source: GitHub Advisory Database
Blast Radius: 23.2
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS13OXh2LXFmOTgtY2NxNM4ABABd
PhpSpreadsheet allows absolute path traversal and Server-Side Request Forgery in HTML writer when embedding images is enabled
Ecosystems: packagist
Packages: phpoffice/phpspreadsheet
Source: GitHub Advisory Database
Blast Radius: 27.1
Published: about 1 month ago
High
GSA_kwCzR0hTQS01Z3ByLXcycDUtNm0zN84ABABc
PhpSpreadsheet allows absolute path traversal and Server-Side Request Forgery when opening XLSX file
Ecosystems: packagist
Packages: phpoffice/phpspreadsheet
Source: GitHub Advisory Database
Blast Radius: 33.1
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS1wZjU2LWg5cWYtcnhxNM4ABAA4
Saltcorn Server Stored Cross-Site Scripting (XSS) in event logs page
Ecosystems: npm
Packages: @saltcorn/server
Source: GitHub Advisory Database
Blast Radius: 6.8
Published: about 1 month ago
High
GSA_kwCzR0hTQS00M2YzLWg2M3ctcDZmNs4ABAA3
Saltcorn Server allows logged-in users to delete arbitrary files because of a path traversal vulnerability
Ecosystems: npm
Packages: @saltcorn/server
Source: GitHub Advisory Database
Blast Radius: 7.2
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS1jNmN3LWc3ZmMtNGd3Y84ABAA2
Lara-zeus Dynamic Dashboard and Artemis do not validate paragraph widget values which can be used for XSS
Ecosystems: packagist
Packages: lara-zeus/artemis, lara-zeus/dynamic-dashboard
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS12NjZnLXA5eDYtdjk4cM4ABAA1
PhpSpreadsheet has an Unauthenticated Cross-Site-Scripting (XSS) in sample file
Ecosystems: packagist
Packages: phpoffice/phpspreadsheet
Source: GitHub Advisory Database
Blast Radius: 26.2
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS1qcXZtLTl4bTItZ2MzOM4AA_9-
Mediawiki Cargo extension vulnerable to Cross-site Scripting
Ecosystems: packagist
Packages: mediawiki/cargo
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 months ago
Low
GSA_kwCzR0hTQS1weGc2LXBmNTIteGg4eM4AA_9q
cookie accepts cookie name, path, and domain with out of bounds characters
Ecosystems: npm
Packages: cookie
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS1xODk4LWZyd3EtZjNxcM4AA_9p
Minecraft MOTD Parser's HtmlGenerator vulnerable to XSS
Ecosystems: packagist
Packages: dev-lancer/minecraft-motd-parser
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 months ago
High
GSA_kwCzR0hTQS04eHE5LWc3Y2gtMzVoZ84AA_9o
Parse Server's custom object ID allows to acquire role privileges
Ecosystems: npm
Packages: parse-server
Source: GitHub Advisory Database
Blast Radius: 25.0
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS04aDIyLTZxd3gtcTR3Oc4AA_9g
OpenStack Ironic fails to verify checksums of supplied image_source URLs
Ecosystems: pypi
Packages: ironic
Source: GitHub Advisory Database
Blast Radius: 4.5
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS13d2NwLTI2d2MtM2Z4bc4AA_86
JSON-lib mishandles an unbalanced comment string
Ecosystems: maven
Packages: org.kordamp.json:json-lib-core
Source: GitHub Advisory Database
Blast Radius: 2.5
Published: about 2 months ago
High
GSA_kwCzR0hTQS1mbTc2LXc4ancteGY4bc4AA_8h
@saltcorn/plugins-loader unsanitized plugin name leads to a remote code execution (RCE) vulnerability when creating plugins using git source
Ecosystems: npm
Packages: @saltcorn/plugins-loader
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 months ago
Low
GSA_kwCzR0hTQS1qajc4LTVmbXYtbXYyOM4AA_8a
Express Open Redirect vulnerability
Ecosystems: npm
Packages: express
Source: GitHub Advisory Database
Blast Radius: 29.5
Published: about 2 months ago
High
GSA_kwCzR0hTQS03OHAzLWZ3Y3EtNjJjMs4AA_8Q
@saltcorn/server Remote Code Execution (RCE) / SQL injection via prototype pollution by manipulating `lang` and `defstring` parameters when setting localizer strings
Ecosystems: npm
Packages: @saltcorn/server
Source: GitHub Advisory Database
Blast Radius: 8.0
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS1jZnF4LWY0M20tdmZoN84AA_8P
@saltcorn/server arbitrary file and directory listing when accessing build mobile app results
Ecosystems: npm
Packages: @saltcorn/server
Source: GitHub Advisory Database
Blast Radius: 5.5
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS0yNzdoLXB4NG0tNjJxOM4AA_8O
@saltcorn/server arbitrary file zip read and download when downloading auto backups
Ecosystems: npm
Packages: @saltcorn/server
Source: GitHub Advisory Database
Blast Radius: 4.9
Published: about 2 months ago
High
GSA_kwCzR0hTQS01Z2MyLTdjNjUtOGZxOM4AA_75
async-graphql Directive Overload
Ecosystems: cargo
Packages: async-graphql
Source: GitHub Advisory Database
Blast Radius: 19.9
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS01OTNtLTU1aGgtajhnds4AA_74
Sentry SDK Prototype Pollution gadget in JavaScript SDKs
Ecosystems: npm
Packages: @sentry/browser
Source: GitHub Advisory Database
Blast Radius: 24.4
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS02Nzg0LTljODItdnI4Nc4AA_73
Injection of arbitrary HTML/JavaScript code through the media download URL
Ecosystems: packagist
Packages: sulu/sulu
Source: GitHub Advisory Database
Blast Radius: 12.8
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS0yNTV3LTg3cmgtcmc0NM4AA_72
Cross-site Scripting via uploaded SVG
Ecosystems: packagist
Packages: sulu/sulu
Source: GitHub Advisory Database
Blast Radius: 12.8
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS14d2dqLXZwbTktcTJycc4AA_71
Vulnerable juju introspection abstract UNIX domain socket
Ecosystems: go
Packages: github.com/juju/juju
Source: GitHub Advisory Database
Blast Radius: 8.8
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS04djR3LWY0cjktN2g2eM4AA_70
Vulnerable juju hook tool abstract UNIX domain socket
Ecosystems: go
Packages: github.com/juju/juju
Source: GitHub Advisory Database
Blast Radius: 7.2
Published: about 2 months ago
High
GSA_kwCzR0hTQS14NXEzLWM4cm0tdzc4N84AA_7z
PAM module may allow accessing with the credentials of another user
Ecosystems: go
Packages: github.com/ubuntu/authd
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 months ago
Low
GSA_kwCzR0hTQS13cHIyLWo2Z3ItcGp3Oc4AA_7y
OpenTofu potential leaking of secret variable values when using static evaluation in v1.8
Ecosystems: go
Packages: github.com/opentofu/opentofu
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS1xYzR2LXhxMm0tNjV3Y84AA_7x
Unexpected visibility of environment variable configurations in @backstage/plugin-app-backend
Ecosystems: npm
Packages: @backstage/plugin-app-backend
Source: GitHub Advisory Database
Blast Radius: 15.1
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS1taDk4LTc2M2gtbTl2NM4AA_7w
JUJU_CONTEXT_ID is a predictable authentication secret
Ecosystems: go
Packages: github.com/juju/juju
Source: GitHub Advisory Database
Blast Radius: 9.7
Published: about 2 months ago
Critical
GSA_kwCzR0hTQS1yN3BnLXYyYzgtbWZnM84AA_7r
Apache Avro Java SDK: Arbitrary Code Execution when reading Avro Data (Java SDK)
Ecosystems: maven
Packages: org.apache.avro:avro
Source: GitHub Advisory Database
Blast Radius: 41.2
Published: about 2 months ago
High
GSA_kwCzR0hTQS03OHdyLTJwNjQtaHB3as4AA_7s
Apache Commons IO: Possible denial of service attack on untrusted input to XmlStreamReader
Ecosystems: maven
Packages: commons-io:commons-io
Source: GitHub Advisory Database
Blast Radius: 40.4
Published: about 2 months ago
High
GSA_kwCzR0hTQS1yN3JoLWp3dzUtNWZqcs4AA_7j
Pomerium service account access token may grant unintended access to databroker API
Ecosystems: go
Packages: github.com/pomerium/pomerium
Source: GitHub Advisory Database
Blast Radius: 4.8
Published: about 2 months ago
Low
GSA_kwCzR0hTQS1tcnc4LTUzNjgtcGhtM84AA_7c
Contao allows admin an account to upload SVG file containing malicious JavaScript
Ecosystems: packagist
Packages: contao/contao
Source: GitHub Advisory Database
Blast Radius: 4.1
Published: about 2 months ago
Low
GSA_kwCzR0hTQS0zNjM2LWh4NjItcHYyNs4AA_7Z
Zenario allows authenticated admin users to upload PDF files containing malicious code
Ecosystems: packagist
Packages: tribalsystems/zenario
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
Low
GSA_kwCzR0hTQS0yY2M1LTQyOXgtcDM4N84AA_7b
Zenario Cross Site Scripting in the Image library
Ecosystems: packagist
Packages: tribalsystems/zenario
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
Low
GSA_kwCzR0hTQS1oeHBwLWc3Nm0tcWh2Z84AA_7a
October allows an admin account to upload PDF containing malicious JavaScript
Ecosystems: packagist
Packages: october/october
Source: GitHub Advisory Database
Blast Radius: 4.1
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS1xdnF2LW1jeHIteDhxd84AA_7h
Slim Select has potential Cross-site Scripting issue
Ecosystems: npm
Packages: slim-select
Source: GitHub Advisory Database
Blast Radius: 13.2
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS00eHF2LTQ3cm0tMzdtbc4AA_7R
OpenC3 stores passwords in clear text (`GHSL-2024-129`)
Ecosystems: pypi, npm, rubygems
Packages: openc3, @openc3/tool-common
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 months ago
High
GSA_kwCzR0hTQS04anhyLW1jY2MtbXdnOM4AA_7Q
OpenC3 Path Traversal via screen controller (`GHSL-2024-127`)
Ecosystems: pypi, rubygems
Packages: openc3
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS12Zmo4LTVwajctMmY5Z84AA_7P
OpenC3 Cross-site Scripting in Login functionality (`GHSL-2024-128`)
Ecosystems: pypi, npm, rubygems
Packages: openc3, @openc3/tool-common
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 months ago
Critical
GSA_kwCzR0hTQS00OWh4LTltbTItNzY3Nc4AA_6x
Jenkins OpenId Connect Authentication Plugin lacks audience claim validation
Ecosystems: maven
Packages: org.jenkins-ci.plugins:oic-auth
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 months ago
Critical
GSA_kwCzR0hTQS04cGp3LWZmZjYtM21qds4AA_62
Jenkins OpenId Connect Authentication Plugin lacks issuer claim validation
Ecosystems: maven
Packages: org.jenkins-ci.plugins:oic-auth
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS02Mmp2LWo0dzctNWhoOM4AA_6s
Jenkins Credentials plugin reveals encrypted values of credentials to users with Extended Read permission
Ecosystems: maven
Packages: org.jenkins-ci.plugins:credentials
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS1wajk1LXBoNHEtNHFtNM4AA_6u
Jenkins exposes multi-line secrets through error messages
Ecosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS1mOXFqLTc3cTItaDVjNc4AA_6r
Jenkins item creation restriction bypass vulnerability
Ecosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS12eDNoLXF3cXctcjJ3cc4AA_6p
Inventree Server-Side Request Forgery vulnerability exposes server port/internal IP
Ecosystems: pypi
Packages: inventree
Source: GitHub Advisory Database
Blast Radius: 3.0
Published: about 2 months ago
High
GSA_kwCzR0hTQS05bWp3LTc5cjYtYzltOM4AA_6G
Portainer improperly uses an encryption algorithm in the AesEncrypt function
Ecosystems: go
Packages: github.com/portainer/portainer
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS1yMmp3LWM5NXEtcmoyOc4AA_6I
cocoon Reuses a Nonce, Key Pair in Encryption
Ecosystems: cargo
Packages: cocoon
Source: GitHub Advisory Database
Blast Radius: 3.8
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS00andjLXcyaGMtNzhxds4AA_6F
Tonic has remotely exploitable denial of service vulnerability
Ecosystems: cargo
Packages: tonic
Source: GitHub Advisory Database
Blast Radius: 19.0
Published: about 2 months ago
Low
GSA_kwCzR0hTQS14OGdtLWozNnAtZnBwZs4AA_6E
LibreNMS vulnerable to Stored Cross-site Scripting via File Upload
Ecosystems: packagist
Packages: librenms/librenms
Source: GitHub Advisory Database
Blast Radius: 1.8
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS1maHFxLThmNjUtNXhmY84AA_6C
Improper Input Validation in Buildah and Podman
Ecosystems: go
Packages: github.com/containers/podman/v4, github.com/containers/podman/v3, github.com/containers/podman/v2, github.com/containers/podman, github.com/containers/podman/v5, github.com/containers/buildah
Source: GitHub Advisory Database
Blast Radius: 11.8
Published: about 2 months ago
High
GSA_kwCzR0hTQS0zaDN4LTJod3YtaHI1Ms4AA_6A
Golang FIPS OpenSSL has a Use of Uninitialized Variable vulnerability
Ecosystems: go
Packages: github.com/golang-fips/openssl
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS1tYzc2LTU5MjUtYzVwNs4AA_5_
Link Following in github.com/containers/common
Ecosystems: go
Packages: github.com/containers/common
Source: GitHub Advisory Database
Blast Radius: 14.4
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS03Zjg0LTI4cWgtOTQ4Ns4AA_52
LibreNMS has Stored Cross-site Scripting vulnerability in "Alert Transports" feature
Ecosystems: packagist
Packages: librenms/librenms
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: about 2 months ago
High
GSA_kwCzR0hTQS1mYzM4LTIyNTQtNDhnN84AA_51
LibreNMS has Stored Cross-site Scripting vulnerability in "Device Group" Name
Ecosystems: packagist
Packages: librenms/librenms
Source: GitHub Advisory Database
Blast Radius: 2.2
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS1qMmo5LTdwcjYteHF3ds4AA_50
LibreNMS has Stored Cross-site Scripting vulnerability in "Alert Rules" feature
Ecosystems: packagist
Packages: librenms/librenms
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: about 2 months ago
Low
GSA_kwCzR0hTQS1nY2dwLXEyanEtZnc1Ms4AA_5z
LibreNMS has Stored Cross-site Scripting vulnerability in "Alert Templates" feature
Ecosystems: packagist
Packages: librenms/librenms
Source: GitHub Advisory Database
Blast Radius: 1.1
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS1yd3djLTJ2OHEtZ2M5ds4AA_5y
LibreNMS has Stored Cross-site Scripting vulnerability in "Device Dependencies" feature
Ecosystems: packagist
Packages: librenms/librenms
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: about 2 months ago
High
GSA_kwCzR0hTQS1jYzRnLW0zZzcteG13OM4AA_5i
Decidim has a cross-site scripting vulnerability in the version control page
Ecosystems: rubygems
Packages: decidim
Source: GitHub Advisory Database
Blast Radius: 17.7
Published: about 2 months ago
High
GSA_kwCzR0hTQS00ZjhyLXFxcjktZnE4as4AA_5h
Incorrect delegation lookups can make go-tuf download the wrong artifact
Ecosystems: go
Packages: github.com/theupdateframework/go-tuf/v2
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS14dzMyLTY0MjItZnJxbc4AA_5f
Pagekit Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: pagekit/pagekit
Source: GitHub Advisory Database
Blast Radius: 3.7
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS1xd3JxLXZ4dnctNTM3cs4AA_4l
git-shallow-clone Argument Injection vulnerability
Ecosystems: npm
Packages: git-shallow-clone
Source: GitHub Advisory Database
Blast Radius: 3.2
Published: about 2 months ago
High
GSA_kwCzR0hTQS0zNHE4LWpjcTYtbWMzN84AA_4i
uPlot Prototype Pollution vulnerability
Ecosystems: npm
Packages: uplot
Source: GitHub Advisory Database
Blast Radius: 30.0
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS02MnIyLWdjeHItNDI2eM4AA_31
starcitizentools/citizen-skin vulnerable to stored, self-XSS in the "real name" field
Ecosystems: packagist
Packages: starcitizentools/citizen-skin
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 months ago
High
GSA_kwCzR0hTQS03cDg5LXA2aHgtcTRmd84AA_30
basic-auth-connect's callback uses time unsafe string comparison
Ecosystems: npm
Packages: basic-auth-connect
Source: GitHub Advisory Database
Blast Radius: 36.4
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS1oNXEzLWZqcDQtMng3cs4AA_3z
MantisBT vulnerable to information disclosure with user profiles
Ecosystems: packagist
Packages: mantisbt/mantisbt
Source: GitHub Advisory Database
Blast Radius: 2.6
Published: about 2 months ago
High
GSA_kwCzR0hTQS01cmZ2LTY2ZzQtanI4aM4AA_3y
RestrictedPython information leakage via `AttributeError.obj` and the `string` module
Ecosystems: pypi
Packages: RestrictedPython
Source: GitHub Advisory Database
Blast Radius: 21.4
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS1qcTNmLW1mbWctNzQ3eM4AA_3r
Eclipse Glassfish improperly handles http parameters
Ecosystems: maven
Packages: org.glassfish.main.admin:rest-service
Source: GitHub Advisory Database
Blast Radius: 3.7
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS1nNjQzLXhxNnctcjY3Y84AA_3q
Deserialization of Untrusted Data vulnerability in Apache Lucene Replicator.
Ecosystems: maven
Packages: org.apache.lucene:lucene-replicator
Source: GitHub Advisory Database
Blast Radius: 6.0
Published: about 2 months ago
Critical
GSA_kwCzR0hTQS05aDlxLXFoeGctODl4cs4AA_2Z
Filament has unvalidated ColorColumn and ColorEntry values that can be used for Cross-site Scripting
Ecosystems: packagist
Packages: filament/infolists, filament/tables
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
Low
GSA_kwCzR0hTQS1najNwLWo3NHYtM3g1N84AA_14
ReLaXed Cross-site Scripting vulnerability
Ecosystems: npm
Packages: relaxedjs
Source: GitHub Advisory Database
Blast Radius: 3.7
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS0zNTV2LTJyangtZnB4N84AA_0k
Inefficient Regular Expression Complexity in langflow
Ecosystems: pypi
Packages: langflow
Source: GitHub Advisory Database
Blast Radius: 3.6
Published: about 2 months ago
High
GSA_kwCzR0hTQS1qZzc0LW13Z3ctdjZ4M84AA_zy
Vault SSH Secrets Engine Configuration Did Not Restrict Valid Principals By Default
Ecosystems: go
Packages: github.com/hashicorp/vault
Source: GitHub Advisory Database
Blast Radius: 25.2
Published: about 2 months ago
High
GSA_kwCzR0hTQS1oNGg1LTk4MzMtdjJwNM4AA_zt
Rancher agents can be hijacked by taking over the Rancher Server URL
Ecosystems: go
Packages: github.com/rancher/rancher
Source: GitHub Advisory Database
Blast Radius: 13.0
Published: about 2 months ago
Low
GSA_kwCzR0hTQS1nNTRmLTY2bXctaHY2Ns4AA_zF
Agnai vulnerable to Relative Path Traversal in Image Upload
Ecosystems: npm
Packages: agnai
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 months ago
Low
GSA_kwCzR0hTQS1oMzU1LWhtNWgtY204aM4AA_zE
Agnai File Disclosure Vulnerability: JSON via Path Traversal
Ecosystems: npm
Packages: agnai
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 months ago
Critical
GSA_kwCzR0hTQS1tcGNoLTg5Z20taG04M84AA_zD
Agnai vulnerable to Remote Code Execution via JS Upload using Directory Traversal
Ecosystems: npm
Packages: agnai
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS1qODI3LTZyZ2YtOTYyOc4AA_zC
Layui has DOM Clobbering gadgets that leads to Cross-site Scripting
Ecosystems: npm
Packages: layui
Source: GitHub Advisory Database
Blast Radius: 9.8
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS13YzQzLTczdzcteDJmNc4AA_zB
Ory Kratos's setting required_aal `highest_available` does not properly respect code + mfa credentials
Ecosystems: go
Packages: github.com/ory/kratos
Source: GitHub Advisory Database
Blast Radius: 4.2
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS1ydzNqLTU3NGgtbXJjcc4AA_zA
IDOR vulnerability in account profile page
Ecosystems: packagist
Packages: aimeos/ai-controller-frontend
Source: GitHub Advisory Database
Blast Radius: 9.6
Published: about 2 months ago
Low
GSA_kwCzR0hTQS0ycXE3LWZjaDItcGhxZs4AA_yk
Maven Archetype Plugin: Maven Archetype integration-test may package local settings into the published artifact, possibly containing credentials
Ecosystems: maven
Packages: org.apache.maven.plugins:maven-archetype-plugin
Source: GitHub Advisory Database
Blast Radius: 5.4
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS01OWhmLW1wZjgtcHFqaM4AA_yl
Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events
Ecosystems: go
Packages: github.com/mattermost/mattermost/server/v8
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS03NWoyLTlnbWMtbTg1Nc4AA_yE
Camaleon CMS vulnerable to stored XSS through user file upload (GHSL-2024-184)
Ecosystems: rubygems
Packages: camaleon_cms
Source: GitHub Advisory Database
Blast Radius: 6.9
Published: about 2 months ago
Critical
GSA_kwCzR0hTQS1tODQyLTRxbTgtN2dwcc4AA_yD
Gradio allows users to access arbitrary files
Ecosystems: pypi
Packages: gradio
Source: GitHub Advisory Database
Blast Radius: 33.0
Published: about 2 months ago
High
GSA_kwCzR0hTQS12cmN4LWd4M2ctajNoOM4AA_xx
Heap-based Buffer Overflow in sqlite-vec
Ecosystems: cargo, rubygems, npm, pypi
Packages: sqlite-vec
Source: GitHub Advisory Database
Blast Radius: 4.0
Published: about 2 months ago
Statistics
Advisories: 20,668
Packages: 9,040
Repositories: 5,530
Ecosystems: 12
Filter by Severity
Moderate 8,836 High 7,269 Critical 3,070 Low 1,144
Filter by Ecosystem
maven 5,864 packagist 4,634 pypi 4,352 npm 3,812 go 2,295 nuget 1,552 cargo 882 rubygems 880 swift 33 hex 32 actions 20 pub 9
Filter by Package
tensorflow 433 tensorflow-gpu 427 tensorflow-cpu 423 moodle/moodle 367 Microsoft.ChakraCore 247 magento/community-edition 235 org.jenkins-ci.main:jenkins-core 193 typo3/cms 174 org.apache.tomcat:tomcat 132 pimcore/pimcore 118 dolibarr/dolibarr 113 typo3/cms-core 106 Django 100 microweber/microweber 94 drupal/core 92 phpmyadmin/phpmyadmin 92 apache-airflow 85 silverstripe/framework 85 drupal/drupal 78 librenms/librenms 74 Plone 72 thorsten/phpmyfaq 70 com.fasterxml.jackson.core:jackson-databind 69 symfony/symfony 69 github.com/usememos/memos 64 ansible 63 github.com/mattermost/mattermost/server/v8 61 actionpack 60 concrete5/concrete5 60 salt 56 org.apache.struts:struts2-core 55 shopware/platform 52 apache-superset 51 org.keycloak:keycloak-core 51 github.com/grafana/grafana 49 nova 47 baserproject/basercms 47 craftcms/cms 46 com.liferay.portal:release.portal.bom 46 mlflow 46 django 44 nokogiri 43 rdiffweb 42 plone 41 showdoc/showdoc 40 shopware/core 40 intelliants/subrion 39 froxlor/froxlor 38 org.apache.tomcat.embed:tomcat-embed-core 38 github.com/rancher/rancher 38 vyper 38 com.thoughtworks.xstream:xstream 37 nilsteampassnet/teampass 37 github.com/hashicorp/vault 37 mautic/core 37 org.xwiki.platform:xwiki-platform-oldcore 37 github.com/mattermost/mattermost-server/v6 37 org.keycloak:keycloak-services 36 org.elasticsearch:elasticsearch 36 com.jfinal:jfinal 36 matrix-synapse 35 snipe/snipe-it 35 net.mingsoft:ms-mcms 35 k8s.io/kubernetes 35 moin 35 io.undertow:undertow-core 34 gradio 34 zendframework/zendframework1 34 github.com/answerdev/answer 34 org.jenkins-ci.plugins:script-security 33 Pillow 31 parse-server 31 opencv-contrib-python 31 keystone 31 opencv-python 31 github.com/argoproj/argo-cd 31 shopware/shopware 30 github.com/docker/docker 29 github.com/hashicorp/consul 29 getgrav/grav 29 mediawiki/core 28 github.com/hashicorp/nomad 28 github.com/argoproj/argo-cd/v2 27 centreon/centreon 27 electron 26 openssl-src 26 prestashop/prestashop 26 pillow 26 directus 26 github.com/cilium/cilium 25 org.keycloak:keycloak-parent 25 org.apache.solr:solr-core 25 gogs.io/gogs 25 rubygems-update 25 contao/core-bundle 24 org.springframework.security:spring-security-core 24 magento/core 24 org.eclipse.jetty:jetty-server 24 rack 23 puppet 23 grumpydictator/firefly-iii 23 zendframework/zendframework 23 remdex/livehelperchat 23 pocketmine/pocketmine-mp 23 simplesamlphp/simplesamlphp 23 ckb 22 getkirby/cms 22 org.bouncycastle:bcprov-jdk14 22 tribalsystems/zenario 22 Microsoft.AspNetCore.App.Runtime.win-x64 21 Microsoft.AspNetCore.App.Runtime.win-x86 21 org.apache.openmeetings:openmeetings-parent 21 @openzeppelin/contracts-upgradeable 21 org.apache.nifi:nifi 21 activerecord 21 funadmin/funadmin 20 code.gitea.io/gitea 20 Microsoft.AspNetCore.App.Runtime.win-arm 20 glance 20 langchain 20 laravel/framework 20 github.com/ethereum/go-ethereum 20 org.cloudfoundry.identity:cloudfoundry-identity-server 20 @openzeppelin/contracts 20 wasmtime 19 org.springframework:spring-core 19 DotNetNuke.Core 19 github.com/goharbor/harbor 19 contao/contao 19 org.xwiki.platform:xwiki-platform-web-templates 19 Microsoft.AspNetCore.App.Runtime.linux-arm64 18 mercurial 18 Microsoft.AspNetCore.App.Runtime.linux-musl-x64 18 golang.org/x/net 18 topthink/framework 18 Microsoft.AspNetCore.App.Runtime.win-arm64 18 github.com/traefik/traefik/v2 18 com.vaadin:vaadin-bom 18 cobbler 18 cockpit-hq/cockpit 18 Microsoft.AspNetCore.App.Runtime.osx-x64 18 Microsoft.AspNetCore.App.Runtime.linux-arm 18 com.liferay.portal:release.dxp.bom 18 Microsoft.AspNetCore.App.Runtime.linux-x64 18 next 18 mindsdb 18 forkcms/forkcms 18 helm.sh/helm/v3 17 org.apache.geode:geode-core 17 genix/cms 17 cakephp/cakephp 17 ezsystems/ezpublish-kernel 17 Microsoft.AspNetCore.App.Runtime.linux-musl-arm64 17 opencart/opencart 17 symfony/security 17 francoisjacquet/rosariosis 17 notebook 17 org.bouncycastle:bcprov-jdk15 16 PaddlePaddle 16 neutron 16 pyload-ng 16 cryptography 16 org.apache.activemq:activemq-client 16 tinymce 16 org.apache.dubbo:dubbo 16 phpbb/phpbb 16 yetiforce/yetiforce-crm 16 typo3/cms-backend 16 paddlepaddle 16 org.apache.jspwiki:jspwiki-main 16 rusqlite 16 sequelize 16 openmage/magento-lts 16 github.com/zitadel/zitadel 16 ckeditor4 15 OctoPrint 15 ethyca-fides 15 ec-cube/ec-cube 15 ghost 15 smarty/smarty 15 calibreweb 15 symfony/security-http 15 org.apache.struts.xwork:xwork-core 15 october/system 15 bolt/bolt 14 camaleon_cms 14 org.xwiki.platform:xwiki-platform-web 14 phpmailer/phpmailer 14 publify_core 14 dompdf/dompdf 14 github.com/nats-io/nats-server/v2 14 org.apache.inlong:manager-pojo 14 activesupport 14 swagger-ui 14 silverstripe/cms 14 pyftpdlib 14 joplin 14 org.apache.tomcat:tomcat-coyote 14 feehi/cms 14 aiohttp 14
Filter by Repository
https://github.com/tensorflow/tensorflow 433 https://github.com/moodle/moodle 218 https://github.com/chakra-core/ChakraCore 214 https://github.com/xwiki/xwiki-platform 183 https://github.com/jenkinsci/jenkins 150 https://github.com/pimcore/pimcore 113 https://github.com/django/django 113 https://github.com/apache/tomcat 101 https://github.com/apache/airflow 100 https://github.com/microweber/microweber 88 https://github.com/keycloak/keycloak 74 https://github.com/TYPO3/typo3 74 https://github.com/FasterXML/jackson-databind 70 https://github.com/thorsten/phpmyfaq 69 https://github.com/librenms/librenms 66 https://github.com/symfony/symfony 64 https://github.com/silverstripe/silverstripe-framework 64 https://github.com/usememos/memos 64 https://github.com/rails/rails 59 https://github.com/ansible/ansible 58 https://github.com/Dolibarr/dolibarr 56 https://github.com/python-pillow/Pillow 52 https://github.com/kubernetes/kubernetes 52 https://github.com/apache/struts 46 https://github.com/spring-projects/spring-framework 45 https://github.com/shopware/platform 43 https://github.com/ikus060/rdiffweb 42 https://github.com/argoproj/argo-cd 42 https://github.com/concretecms/concretecms 41 https://github.com/grafana/grafana 41 https://github.com/vyperlang/vyper 38 https://github.com/phpmyadmin/phpmyadmin 38 https://github.com/star7th/showdoc 38 https://github.com/magento/magento2 38 https://github.com/plone/Products.CMFPlone 37 https://github.com/openstack/nova 37 https://github.com/x-stream/xstream 37 https://github.com/octobercms/october 35 https://github.com/mautic/mautic 35 https://github.com/answerdev/answer 34 https://github.com/craftcms/cms 34 https://github.com/saltstack/salt 34 https://github.com/rancher/rancher 34 https://github.com/dotnet/runtime 33 https://github.com/apache/activemq 33 https://github.com/sparklemotion/nokogiri 32 https://github.com/go-gitea/gitea 32 https://github.com/opencv/opencv 32 https://github.com/matrix-org/synapse 32 https://github.com/PaddlePaddle/Paddle 31 https://github.com/gradio-app/gradio 31 https://github.com/parse-community/parse-server 31 https://github.com/mlflow/mlflow 30 https://github.com/snipe/snipe-it 30 https://github.com/CVEProject/cvelist 28 https://github.com/openstack/keystone 28 https://github.com/shopware/shopware 28 https://github.com/apache/inlong 27 https://github.com/baserproject/basercms 26 https://github.com/froxlor/froxlor 26 https://github.com/contao/contao 25 https://github.com/directus/directus 25 https://github.com/umbraco/Umbraco-CMS 25 https://github.com/electron/electron 25 https://github.com/github/advisory-database 25 https://github.com/cilium/cilium 25 https://github.com/gogs/gogs 24 https://github.com/strapi/strapi 24 https://github.com/TYPO3/TYPO3.CMS 24 https://github.com/getgrav/grav 24 https://github.com/eclipse/jetty.project 23 https://github.com/livehelperchat/livehelperchat 23 https://github.com/apache/nifi 23 https://github.com/pmmp/PocketMine-MP 23 https://github.com/firefly-iii/firefly-iii 23 https://github.com/nervosnetwork/ckb 22 https://github.com/hashicorp/consul 22 https://github.com/langchain-ai/langchain 22 https://github.com/PrestaShop/PrestaShop 22 https://github.com/netty/netty 21 https://github.com/apache/cxf 21 https://github.com/jenkinsci/script-security-plugin 21 https://github.com/funadmin/funadmin 20 https://github.com/simplesamlphp/simplesamlphp 20 https://github.com/OpenZeppelin/openzeppelin-contracts 20 https://github.com/undertow-io/undertow 20 https://github.com/jeecgboot/jeecg-boot 20 https://github.com/OpenNMS/opennms 20 https://github.com/bytecodealliance/wasmtime 20 https://github.com/nilsteampassnet/teampass 19 https://github.com/bcgit/bc-java 19 https://github.com/cloudfoundry/uaa 19 https://github.com/getkirby/kirby 19 https://github.com/zitadel/zitadel 19 https://github.com/goharbor/harbor 19 https://github.com/geoserver/geoserver 18 https://github.com/helm/helm 18 https://github.com/traefik/traefik 18 https://github.com/rack/rack 18 https://github.com/rubygems/rubygems 18 https://github.com/intelliants/subrion 18 https://github.com/nilsteampassnet/TeamPass 18 https://github.com/liufee/cms 17 https://github.com/vaadin/platform 17 https://github.com/mindsdb/mindsdb 17 https://github.com/opencast/opencast 17 https://github.com/hashicorp/vault 17 https://github.com/moby/moby 17 https://github.com/OpenMage/magento-lts 16 https://github.com/etcd-io/etcd 16 https://github.com/forkcms/forkcms 16 https://github.com/ethereum/go-ethereum 16 https://github.com/sequelize/sequelize 16 https://github.com/TYPO3-CMS/core 16 https://github.com/mattermost/mattermost 16 https://github.com/pyload/pyload 16 https://github.com/backstage/backstage 16 https://github.com/tinymce/tinymce 16 https://github.com/yetiforcecompany/yetiforcecrm 16 https://github.com/laravel/framework 16 https://github.com/rusqlite/rusqlite 16 https://github.com/apache/camel 15 https://github.com/PHPMailer/PHPMailer 15 https://github.com/puppetlabs/puppet 15 https://github.com/cobbler/cobbler 15 https://github.com/vantage6/vantage6 15 https://github.com/zendframework/zendframework 15 https://github.com/centreon/centreon 15 https://github.com/decidim/decidim 15 https://github.com/pyca/cryptography 15 https://github.com/denoland/deno 15 https://github.com/dompdf/dompdf 15 https://github.com/ethyca/fides 15 https://github.com/ckeditor/ckeditor4 14 https://github.com/containerd/containerd 14 https://github.com/aio-libs/aiohttp 14 https://github.com/hashicorp/nomad 14 https://github.com/vercel/next.js 14 https://github.com/dotnet/aspnetcore 14 https://github.com/xuxueli/xxl-job 14 https://github.com/janeczku/calibre-web 14 https://github.com/twisted/twisted 14 https://github.com/cockpit-hq/cockpit 14 https://github.com/OPCFoundation/UA-.NETStandard 13 https://github.com/quarkusio/quarkus 13 https://github.com/publify/publify 13 https://github.com/golang/go 13 https://github.com/ming-soft/MCMS 13 https://github.com/OpenRefine/OpenRefine 13 https://github.com/swagger-api/swagger-ui 13 https://github.com/TryGhost/Ghost 13 https://github.com/modoboa/modoboa 13 https://github.com/nodejs/undici 13 https://github.com/dromara/hutool 13 https://github.com/laurent22/joplin 13 https://github.com/apache/dolphinscheduler 13 https://github.com/pimcore/admin-ui-classic-bundle 12 https://github.com/PHPOffice/PhpSpreadsheet 12 https://github.com/opencontainers/runc 12 https://github.com/patriksimek/vm2 12 https://github.com/apache/kylin 12 https://github.com/centreon/centreon-archived 12 https://github.com/wagtail/wagtail 12 https://github.com/puma/puma 12 https://github.com/containers/podman 12 https://github.com/smarty-php/smarty 12 https://github.com/urllib3/urllib3 12 https://github.com/openfga/openfga 12 https://github.com/1Panel-dev/1Panel 12 https://github.com/surrealdb/surrealdb 12 https://github.com/dpgaspar/Flask-AppBuilder 11 https://github.com/thorsten/phpMyFAQ 11 https://github.com/WWBN/AVideo 11 https://github.com/cakephp/cakephp 11 https://github.com/nats-io/nats-server 11 https://github.com/onionshare/onionshare 11 https://github.com/dolibarr/dolibarr 11 https://github.com/Studio-42/elFinder 11 https://github.com/top-think/framework 11 https://github.com/yiisoft/yii2 11 https://github.com/igniterealtime/Openfire 11 https://github.com/ezsystems/ezpublish-kernel 11 https://github.com/Pylons/waitress 11 https://github.com/openstack/glance 11 https://github.com/pomerium/pomerium 11 https://github.com/zenml-io/zenml 11 https://github.com/vaadin/flow 11 https://github.com/scrapy/scrapy 11 https://github.com/NodeBB/NodeBB 11 https://github.com/drupal/core 11 https://github.com/Sylius/Sylius 11 https://github.com/owen2345/camaleon-cms 11 https://github.com/matrix-org/matrix-js-sdk 11 https://github.com/spring-projects/spring-security 11 https://github.com/cloudflare/cfrpki 11 https://github.com/greenpau/caddy-security 10 https://github.com/apache/superset 10 https://github.com/Graylog2/graylog2-server 10 https://github.com/nextauthjs/next-auth 10