Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories

Loading...
Moderate
GSA_kwCzR0hTQS1oNTc0LTY2NDYtdmZ4eM4AA6AB
Apache Airflow: Ignored Airflow Permission
Ecosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS1wbWM3LWhtbXctZzk2cc4AA5_Z
Bagisto vulnerable to Insecure Direct Object Reference (IDOR)
Ecosystems: packagist
Packages: bagisto/bagisto
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS03dzc1LTMyY2ctcjZnMs4AA5-Y
Apache Tomcat Denial of Service due to improper input validation vulnerability for HTTP/2 requests
Ecosystems: maven
Packages: org.apache.tomcat:tomcat-coyote, org.apache.tomcat.embed:tomcat-embed-core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS12NjgyLTh2djgtdnB3cs4AA5-j
Denial of Service via incomplete cleanup vulnerability in Apache Tomcat
Ecosystems: maven
Packages: org.apache.tomcat.embed:tomcat-embed-websocket, org.apache.tomcat:tomcat-websocket
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 month ago
High
GSA_kwCzR0hTQS0yeDdtLWdmODUtMzc0Nc4AA587
Remote Denial of Service Vulnerability in Microsoft QUIC
Ecosystems: nuget
Packages: Microsoft.Native.Quic.MsQuic.OpenSSL, Microsoft.Native.Quic.MsQuic.Schannel
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS03OHd4LWpnNGotNWo2Z84AA586
quiche vulnerable to unlimited resource allocation by QUIC CRYPTO frames flooding
Ecosystems: cargo
Packages: quiche
Source: GitHub Advisory Database
Blast Radius: 4.6
Published: about 1 month ago
Low
GSA_kwCzR0hTQS14aGc5LXh3Y2gtdnI3eM4AA585
quiche vulnerable to unbounded storage of information related to connection ID retirement
Ecosystems: cargo
Packages: quiche
Source: GitHub Advisory Database
Blast Radius: 2.9
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS1wcjJtLXB4N2oteGc2Nc4AA584
aiosmtpd vulnerable to SMTP smuggling
Ecosystems: pypi
Packages: aiosmtpd
Source: GitHub Advisory Database
Blast Radius: 13.2
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS04ZzM4LTNtNnYtMjMyas4AA58k
Potential log injection in reset user endpoint in CKAN
Ecosystems: pypi
Packages: ckan
Source: GitHub Advisory Database
Blast Radius: 5.9
Published: about 1 month ago
Low
GSA_kwCzR0hTQS03Zzk3LTdyM2MtNWNjNs4AA58e
In Quarkus, git credentials could be inadvertently published
Ecosystems: maven
Packages: io.quarkus:quarkus-kubernetes-deployment
Source: GitHub Advisory Database
Blast Radius: 7.3
Published: about 1 month ago
High
GSA_kwCzR0hTQS1qZzJnLTRyamctY21xaM4AA57-
Apache Pulsar: Pulsar Functions Worker's Archive Extraction Vulnerability Allows Unauthorized File Modification
Ecosystems: maven
Packages: org.apache.pulsar:pulsar-functions-worker
Source: GitHub Advisory Database
Blast Radius: 7.6
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS1nNjI3LXI1NzktcnczNc4AA573
Apache Pulsar: Improper Authorization For Topic-Level Policy Management
Ecosystems: maven
Packages: org.apache.pulsar:pulsar-broker
Source: GitHub Advisory Database
Blast Radius: 15.3
Published: about 1 month ago
High
GSA_kwCzR0hTQS1jMng5LXZ3NWgtMzl2Y84AA57_
Apache Pulsar: Pulsar Functions Worker Allows Unauthorized File Access and Unauthorized HTTP/HTTPS Proxying
Ecosystems: maven
Packages: org.apache.pulsar:pulsar-functions-worker
Source: GitHub Advisory Database
Blast Radius: 7.8
Published: about 1 month ago
High
GSA_kwCzR0hTQS1jMzVoLXc4aGotbW01Nc4AA574
Apache Pulsar: Improper Authentication for Pulsar Proxy Statistics Endpoint
Ecosystems: maven
Packages: org.apache.pulsar:pulsar-proxy
Source: GitHub Advisory Database
Blast Radius: 8.2
Published: about 1 month ago
High
GSA_kwCzR0hTQS14cDJyLWc4cXEtNDRoaM4AA577
Apache Pulsar: Improper Input Validation in Pulsar Function Worker allows Remote Code Execution
Ecosystems: maven
Packages: org.apache.pulsar:pulsar-functions-worker
Source: GitHub Advisory Database
Blast Radius: 7.8
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS1mcjN3LTJwMjItNnc3cM4AA572
URL Redirection to Untrusted Site in OAuth2/OpenID in directus
Ecosystems: npm
Packages: directus
Source: GitHub Advisory Database
Blast Radius: 11.1
Published: about 1 month ago
Low
GSA_kwCzR0hTQS0yY2NyLWcycnYtaDY3N84AA571
Session Token in URL in directus
Ecosystems: npm
Packages: directus
Source: GitHub Advisory Database
Blast Radius: 4.7
Published: about 1 month ago
High
GSA_kwCzR0hTQS01ZnhqLXdoY3YtY3JyY84AA570
Microsoft Security Advisory CVE-2024-21392: .NET Denial of Service Vulnerability
Ecosystems: nuget
Packages: Microsoft.NETCore.App.Runtime.win-x64, Microsoft.NETCore.App.Runtime.win-x86, Microsoft.NETCore.App.Runtime.win-arm64, Microsoft.NETCore.App.Runtime.win-arm, Microsoft.NETCore.App.Runtime.osx-x64, Microsoft.NETCore.App.Runtime.osx-arm64, Microsoft.NETCore.App.Runtime.linux-x64, Microsoft.NETCore.App.Runtime.linux-musl-x64, Microsoft.NETCore.App.Runtime.linux-musl-arm64, Microsoft.NETCore.App.Runtime.linux-musl-arm, Microsoft.NETCore.App.Runtime.linux-arm64, Microsoft.NETCore.App.Runtime.linux-arm
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 month ago
High
GSA_kwCzR0hTQS12bXF2LTQ3ajgtZ3d2OM4AA57r
Remote Code Execution Vulnerability in Microsoft Django Backend for SQL Server
Ecosystems: pypi
Packages: mssql-django
Source: GitHub Advisory Database
Blast Radius: 18.2
Published: about 1 month ago
High
GSA_kwCzR0hTQS05NXJ4LW05bTUtbTk0ds4AA56u
ASA-2024-006: ValidateVoteExtensions helper function in Cosmos SDK may allow incorrect voting power assumptions
Ecosystems: go
Packages: github.com/cosmos/cosmos-sdk
Source: GitHub Advisory Database
Blast Radius: 23.9
Published: about 1 month ago
High
GSA_kwCzR0hTQS1mNzhqLTR3M2ctNHE2Nc4AA56t
StimulusReflex arbitrary method call
Ecosystems: npm, rubygems
Packages: stimulus_reflex
Source: GitHub Advisory Database
Blast Radius: 43.9
Published: about 1 month ago
High
GSA_kwCzR0hTQS0yNDJwLTR2MzktMnY4Z84AA56s
Cross-site Scripting (XSS) possible with maliciously formed HTML attribute names and values in Phlex
Ecosystems: rubygems
Packages: phlex
Source: GitHub Advisory Database
Blast Radius: 8.7
Published: about 1 month ago
High
GSA_kwCzR0hTQS1tcTR4LXIydzMtajdtcs4AA54b
Account Takeover via Session Fixation in Zitadel [Bypassing MFA]
Ecosystems: go
Packages: github.com/zitadel/zitadel
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS14MnZnLTV3cmYtdmo2ds4AA53Z
1Panel is vulnerable to command injection
Ecosystems: go
Packages: github.com/1Panel-dev/1Panel
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 months ago
High
GSA_kwCzR0hTQS0zNWpqLXd4NDctNHc4cs4AA52-
WeasyPrint allows the attachment of arbitrary files and URLs to a PDF
Ecosystems: pypi
Packages: weasyprint
Source: GitHub Advisory Database
Blast Radius: 23.2
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS14aGp3LTd2aDUtcXhxbc4AA522
LibOSDP RMAC revert to the beginning of the session
Ecosystems: pypi
Packages: libosdp
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS03OTQ1LTVtY3YtZjJwcM4AA521
LibOSDP vulnerable to a null pointer deref in osdp_reply_name
Ecosystems: pypi
Packages: libosdp
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS1mdng4LTc5aHgteDgyZs4AA520
Django MarkdownX Cross-Site Scripting (XSS) vulnerability
Ecosystems: pypi
Packages: django-markdownx
Source: GitHub Advisory Database
Blast Radius: 14.9
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS1oajN2LW02ODQtdjI1Oc4AA52y
JWX vulnerable to a denial of service attack using compressed JWE message
Ecosystems: go
Packages: github.com/lestrrat-go/jwx, github.com/lestrrat-go/jwx/v2
Source: GitHub Advisory Database
Blast Radius: 23.5
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS1jNXEyLTdyNGMtbXY2Z84AA51M
Go JOSE vulnerable to Improper Handling of Highly Compressed Data (Data Amplification)
Ecosystems: go
Packages: gopkg.in/go-jose/go-jose.v2, github.com/go-jose/go-jose/v3, github.com/go-jose/go-jose/v4
Source: GitHub Advisory Database
Blast Radius: 14.4
Published: about 2 months ago
Critical
GSA_kwCzR0hTQS1yajk4LWNyZjQtZzY5d84AA51E
pgAdmin 4 vulnerable to Unsafe Deserialization and Remote Code Execution by an Authenticated user
Ecosystems: pypi
Packages: pgAdmin4
Source: GitHub Advisory Database
Blast Radius: 17.1
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS01bXhmLTQyZjUtajc4Ms4AA503
Grafana's users with permissions to create a data source can CRUD all data sources
Ecosystems: go
Packages: github.com/grafana/grafana
Source: GitHub Advisory Database
Blast Radius: 10.2
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS1oaGh2LXE1N2ctODgycc4AA502
jose vulnerable to resource exhaustion via specifically crafted JWE with compressed plaintext
Ecosystems: npm
Packages: jose, jose-node-esm-runtime, jose-node-cjs-runtime
Source: GitHub Advisory Database
Blast Radius: 25.1
Published: about 2 months ago
Critical
GSA_kwCzR0hTQS03NWpwLXZxOHgtaDRjcc4AA501
Wasmi Out-of-bounds Write for host to Wasm calls with more than 128 Parameters
Ecosystems: cargo
Packages: wasmi
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
Critical
GSA_kwCzR0hTQS0ycnA4LWhmZjktYzV3cs4AA50x
PaddlePaddle Path Traversal vulnerability
Ecosystems: pypi
Packages: paddlepaddle
Source: GitHub Advisory Database
Blast Radius: 30.4
Published: about 2 months ago
Critical
GSA_kwCzR0hTQS1tcm1tLXFtcmoteGdwNs4AA50i
PaddlePaddle vulnerable to remote code execution
Ecosystems: pypi
Packages: paddlepaddle
Source: GitHub Advisory Database
Blast Radius: 31.4
Published: about 2 months ago
High
GSA_kwCzR0hTQS1qN2ptLThnZjUtZnJjbc4AA50O
nGrinder vulnerable to unsafe Java objects deserialization
Ecosystems: maven
Packages: org.ngrinder:ngrinder-core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
Critical
GSA_kwCzR0hTQS1xcXYyLTM1cTgtcDJnMs4AA50P
PaddlePaddle command injection in paddle.utils.download._wget_download
Ecosystems: pypi
Packages: paddlepaddle
Source: GitHub Advisory Database
Blast Radius: 31.1
Published: about 2 months ago
Critical
GSA_kwCzR0hTQS1maDU0LTN2aGctbXBjMs4AA5z7
PaddlePaddle command injection vulnerability
Ecosystems: pypi
Packages: paddlepaddle
Source: GitHub Advisory Database
Blast Radius: 31.1
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS01cGY2LTJxd3gtcHhtMs4AA5zw
Go SDK for CloudEvents's use of WithRoundTripper to create a Client leaks credentials
Ecosystems: go
Packages: github.com/cloudevents/sdk-go/v2
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS1qODU3LTdydnYtdmo5N84AA5zv
JWCrypto vulnerable to JWT bomb Attack in `deserialize` function
Ecosystems: pypi
Packages: jwcrypto
Source: GitHub Advisory Database
Blast Radius: 22.4
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS1wZmgzLWo3OXItdnFyas4AA5zt
Jenkins Delphix Plugin has improper SSL/TLS certificate validation
Ecosystems: maven
Packages: org.jenkins-ci.plugins:delphix
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS02NGM1LXIyaDUtYzJmZ84AA5zf
Jenkins docker-build-step Plugin Cross-Site Request Forgery vulnerability
Ecosystems: maven
Packages: org.jenkins-ci.plugins:docker-build-step
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS04aDJtLTU0d2gtZ3dqM84AA5zu
Jenkins docker-build-step Plugin missing permission check
Ecosystems: maven
Packages: org.jenkins-ci.plugins:docker-build-step
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS1tcjlqLXFxamgtNjdmMs4AA5zp
Jenkins Subversion Partial Release Manager Plugin missing permission check
Ecosystems: maven
Packages: org.jenkins-ci.plugins:svn-partial-release-mgr
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS14ajM2LTZ4YzYtOHA5eM4AA5ze
Jenkins Delphix Plugin has SSL/TLS certificate validation disabled by default
Ecosystems: maven
Packages: org.jenkins-ci.plugins:delphix
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 months ago
High
GSA_kwCzR0hTQS0ycGMyLWg5N2gtMm1td84AA5zd
Jenkins iceScrum Plugin vulnerable to stored Cross-site Scripting
Ecosystems: maven
Packages: org.jenkins-ci.plugins:icescrum
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS14eHY5LXc1aG0tMzI4as4AA5zZ
Jenkins AppSpider Plugin missing permission checks
Ecosystems: maven
Packages: com.rapid7:jenkinsci-appspider-plugin
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS04Zm00LXIyM3AtdjY4ds4AA5zr
Jenkins MQ Notifier Plugin exposes sensitive information in build logs
Ecosystems: maven
Packages: com.sonymobile.jenkins.plugins.mq:mq-notifier
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 months ago
High
GSA_kwCzR0hTQS01ajc0LWczYzUtd3F3d84AA5za
Jenkins GitBucket Plugin vulnerable to stored Cross-site Scripting
Ecosystems: maven
Packages: org.jenkins-ci.plugins:gitbucket
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS00Nzh4LW0zbXgtN2ozZs4AA5zm
Jenkins HTML Publisher Plugin Path traversal vulnerability
Ecosystems: maven
Packages: org.jenkins-ci.plugins:htmlpublisher
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS1tNHJtLXgycnItMzU3d84AA5zW
Jenkins Bitbucket Branch Source Plugin has incorrect trust policy behavior for pull requests
Ecosystems: maven
Packages: org.jenkins-ci.plugins:cloudbees-bitbucket-branch-source
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 months ago
High
GSA_kwCzR0hTQS01ajVyLTZtdjktbTI1Nc4AA5zY
Jenkins Build Monitor View Plugin vulnerable to stored Cross-site Scripting
Ecosystems: maven
Packages: org.jenkins-ci.plugins:build-monitor-plugin
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 months ago
High
GSA_kwCzR0hTQS05cHA0LW14NngteGgzNs4AA5zX
Jenkins OWASP Dependency-Check Plugin has stored XSS vulnerability
Ecosystems: maven
Packages: org.jenkins-ci.plugins:dependency-check-jenkins-plugin
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS1ydjM1LTY5ZmYtZzlnds4AA5zb
Jenkins Subversion Partial Release Manager Plugin vulnerable to Cross-Site Request Forgery
Ecosystems: maven
Packages: org.jenkins-ci.plugins:svn-partial-release-mgr
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 months ago
High
GSA_kwCzR0hTQS04dmNnLXY3ZzQtM3ZyN84AA5zn
Jenkins HTML Publisher Plugin does not properly sanitize input
Ecosystems: maven
Packages: org.jenkins-ci.plugins:htmlpublisher
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 months ago
High
GSA_kwCzR0hTQS14cnJ3LTlqNzgtaHBmM84AA5zs
Jenkins HTML Publisher Plugin Stored XSS vulnerability
Ecosystems: maven
Packages: org.jenkins-ci.plugins:htmlpublisher
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS1jZ3FmLTNjcTUtd3Zjas4AA5zT
Apollo Router's Compressed Payloads do not respect HTTP Payload Limits
Ecosystems: cargo
Packages: apollo-router
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
High
GSA_kwCzR0hTQS1oNWNnLTUzZzctZ3Fqd84AA5zS
RPyC's missing security check results in code execution when using numpy.array on the server-side.
Ecosystems: pypi
Packages: rpyc
Source: GitHub Advisory Database
Blast Radius: 23.3
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS0zajI3LTU2M3YtMjh3Zs4AA5zR
*const c_void / ExternalPointer unsoundness leading to use-after-free
Ecosystems: cargo
Packages: Deno
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
High
GSA_kwCzR0hTQS02cTR3LTl4NTYtcm13cc4AA5zQ
Deno arbitrary file descriptor close via `op_node_ipc_pipe()` leading to permission prompt bypass
Ecosystems: cargo
Packages: deno
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS01ZnJ3LTRyd3EteGhjcs4AA5zP
Deno's improper suffix match testing for DENO_AUTH_TOKENS
Ecosystems: cargo
Packages: deno
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS0zcDNwLWNnajctdmd3M84AA5zO
RSSHub vulnerable to Server-Side Request Forgery
Ecosystems: npm
Packages: rsshub
Source: GitHub Advisory Database
Blast Radius: 7.8
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS0yd3F3LWhyNGYteHJoaM4AA5zN
RSSHub Cross-site Scripting vulnerability caused by internal media proxy
Ecosystems: npm
Packages: rsshub
Source: GitHub Advisory Database
Blast Radius: 7.3
Published: about 2 months ago
High
GSA_kwCzR0hTQS1oNmozLWozNWYtdjJ4N84AA5zM
PocketMine-MP server crash with certain invalid JSON payloads in `LoginPacket` due to dependency vulnerability (3rd time)
Ecosystems: packagist
Packages: pocketmine/pocketmine-mp
Source: GitHub Advisory Database
Blast Radius: 15.6
Published: about 2 months ago
High
GSA_kwCzR0hTQS14YzdqLXdqMzYtcWpmcs4AA5zL
PocketMine-MP BookEditPacket crash when inventory slot in the packet is invalid
Ecosystems: packagist
Packages: pocketmine/pocketmine-mp
Source: GitHub Advisory Database
Blast Radius: 15.6
Published: about 2 months ago
Critical
GSA_kwCzR0hTQS1mNmcyLWg3cXYtM201ds4AA5zK
Remote Code Execution by uploading a phar file using frontmatter
Ecosystems: packagist
Packages: getgrav/grav
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS1tNzU3LXA4cnYtNHE5M84AA5zJ
Apache Linkis DataSource: DataSource module Oracle SQL Database Password Logged
Ecosystems: maven
Packages: org.apache.linkis:linkis
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS0yNnczLXE0ajgtNHhqcM4AA5zI
1Panel open source panel project has an unauthorized vulnerability.
Ecosystems: go
Packages: github.com/1Panel-dev/1Panel
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS05cDQzLWhqNWotOTZoNc4AA5zH
esphome vulnerable to stored Cross-site Scripting in edit configuration file API
Ecosystems: pypi
Packages: esphome
Source: GitHub Advisory Database
Blast Radius: 11.4
Published: about 2 months ago
High
GSA_kwCzR0hTQS1jNjl4LTV4bXctdjQ0eM4AA5zG
CasaOS Improper Restriction of Excessive Authentication Attempts vulnerability
Ecosystems: go
Packages: github.com/IceWhaleTech/CasaOS-UserService
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS1jOTY3LTI2NTItZ2Zqbc4AA5zF
CasaOS Username Enumeration
Ecosystems: go
Packages: github.com/IceWhaleTech/CasaOS-UserService
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 months ago
High
GSA_kwCzR0hTQS1oNWdmLWNtbTgtY2c3Y84AA5zE
CasaOS-UserService allows unauthorized access to any file
Ecosystems: go
Packages: github.com/IceWhaleTech/CasaOS-UserService
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 months ago
Critical
GSA_kwCzR0hTQS1jMmY5LTRqbW0tdjQ1bc4AA5zD
Shopware's session is persistent in Cache for 404 pages
Ecosystems: packagist
Packages: shopware/platform, shopware/storefront
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
High
GSA_kwCzR0hTQS1wMmd4LTQ0MzQtcGY2Z84AA5y_
Apache InLong: Logged-in user could exploit an arbitrary file read vulnerability
Ecosystems: maven
Packages: org.apache.inlong:manager-common
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS14ZzVwLTh3ZzUtcmh4bc4AA5yI
Phone information disclosure vulnerability
Ecosystems: pypi
Packages: Plone
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS04cjNmLTg0NGMtbWMzN84AA5yO
Golang protojson.Unmarshal function infinite loop when unmarshaling certain forms of invalid JSON
Ecosystems: go
Packages: google.golang.org/protobuf/internal/encoding/json, google.golang.org/protobuf/encoding/protojson, google.golang.org/protobuf
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
Low
GSA_kwCzR0hTQS00bTdoLTM0eG0tNHdqds4AA5xy
Concrete CMS Stored Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: concrete5/concrete5
Source: GitHub Advisory Database
Blast Radius: 1.9
Published: about 2 months ago
High
GSA_kwCzR0hTQS1tNHBxLWZ2MnctNmhyd84AA5xp
Deno's deno_runtime vulnerable to interactive permission prompt spoofing via improper ANSI stripping
Ecosystems: cargo
Packages: deno_runtime
Source: GitHub Advisory Database
Blast Radius: 13.7
Published: about 2 months ago
High
GSA_kwCzR0hTQS13cnF2LXBmNmotbXFqcM4AA5xo
Deno's Node.js Compatibility Runtime has Cross-Session Data Contamination
Ecosystems: cargo
Packages: deno
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
High
GSA_kwCzR0hTQS02NXg3LWMyNzItN2c3cs4AA5xd
Use After Free in SixLabors.ImageSharp
Ecosystems: nuget
Packages: SixLabors.ImageSharp
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 months ago
Critical
GSA_kwCzR0hTQS04NmZjLWY5Z3ItdjUzM84AA5xc
HTTP Handling Vulnerability in the Bare server
Ecosystems: npm
Packages: @tomphttp/bare-server-node
Source: GitHub Advisory Database
Blast Radius: 26.2
Published: about 2 months ago
High
GSA_kwCzR0hTQS12NjI3LTY5djIteHgzN84AA5xb
`GetRepositoryByName`, `DeleteRepositoryByName` and `GetArtifactByName` allow access of arbitrary repositories in Minder by any authenticated user
Ecosystems: go
Packages: github.com/stacklok/minder
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS1ocnFyLWp2OHctdjlqaM4AA5xa
Insufficient permission checking in `Deno.makeTemp*` APIs
Ecosystems: cargo
Packages: deno
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS0zcXdjLTQ3amYtNXJmN84AA5xT
eth-abi is vulnerable to recursive DoS
Ecosystems: pypi
Packages: eth-abi
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
High
GSA_kwCzR0hTQS1yM3c3LW1mcG0tYzJ2d84AA5wI
Incorrect TLS certificate auth method in Vault
Ecosystems: go
Packages: github.com/hashicorp/vault
Source: GitHub Advisory Database
Blast Radius: 27.3
Published: about 2 months ago
High
GSA_kwCzR0hTQS03Y2MyLXI2NTgtN3hwZs4AA5wH
Coder's OIDC authentication allows email with partially matching domain to register
Ecosystems: go
Packages: github.com/coder/coder, github.com/coder/coder/v2
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS03andoLTN2cnEtcTNtOM4AA5wG
pgproto3 SQL Injection via Protocol Message Size Overflow
Ecosystems: go
Packages: github.com/jackc/pgx/v5, github.com/jackc/pgx/v4, github.com/jackc/pgproto3/v2, github.com/jackc/pgproto3
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS1qcjgzLW0yMzMtZ2c2cM4AA5wF
Sulu grants access to pages regardless of role permissions
Ecosystems: packagist
Packages: sulu/sulu
Source: GitHub Advisory Database
Blast Radius: 14.3
Published: about 2 months ago
High
GSA_kwCzR0hTQS1yOHc5LTV3Y2ctdmZqN84AA5wE
Mio's tokens for named pipes may be delivered after deregistration
Ecosystems: cargo
Packages: mio
Source: GitHub Advisory Database
Blast Radius: 35.5
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS1tcnd3LTI3dmMtZ2dods4AA5wA
pgx SQL Injection via Protocol Message Size Overflow
Ecosystems: go
Packages: github.com/jackc/pgx/v5, github.com/jackc/pgx/v4, github.com/jackc/pgproto3/v2, github.com/jackc/pgproto3, github.com/jackc/pgx
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
Critical
GSA_kwCzR0hTQS1mcWc4LXZmdjctOGZqOM4AA5wD
JSONata expression can pollute the "Object" prototype
Ecosystems: npm
Packages: jsonata
Source: GitHub Advisory Database
Blast Radius: 35.8
Published: about 2 months ago
High
GSA_kwCzR0hTQS1yNHBmLTN2N3ItaGg1Nc4AA5wC
electron-builder's NSIS installer - execute arbitrary code on the target machine (Windows only)
Ecosystems: npm
Packages: app-builder-lib
Source: GitHub Advisory Database
Blast Radius: 32.7
Published: about 2 months ago
Critical
GSA_kwCzR0hTQS1mZ3h2LWd3NTUtcjVmcc4AA5wB
Authorization Bypass Through User-Controlled Key in go-zero
Ecosystems: go
Packages: github.com/zeromicro/go-zero
Source: GitHub Advisory Database
Blast Radius: 25.2
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS1tN3dyLTJ4ZjctY205cM4AA5v_
pgx SQL Injection via Line Comment Creation
Ecosystems: go
Packages: github.com/jackc/pgx/v4, github.com/jackc/pgx
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
Low
GSA_kwCzR0hTQS1oNTl4LXA3MzktOTgyY84AA5ue
LangChain directory traversal vulnerability
Ecosystems: pypi
Packages: langchain-core, langchain
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS1qdzQ0LTRmM2otcTM5Ns4AA5uc
Helm shows secrets in clear text
Ecosystems: go
Packages: helm.sh/helm/v3
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS04MmpmLThmMjQteHE5bc4AA5t8
hexo-theme-anzhiyu Cross-site Scripting vulnerability
Ecosystems: npm
Packages: hexo-theme-anzhiyu
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
High
GSA_kwCzR0hTQS1oZzM1LW1wMjUtcWY2aM4AA5sw
phpseclib a large prime can cause a denial of service
Ecosystems: packagist
Packages: phpseclib/phpseclib
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
High
GSA_kwCzR0hTQS1qcjIyLThxZ20tNHE4N84AA5s3
phpseclib does not properly limit the ASN1 OID length
Ecosystems: packagist
Packages: phpseclib/phpseclib
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
Statistics
Advisories: 17,985
Packages: 8,213
Repositories: 4,941
Ecosystems: 12
Filter by Severity
Moderate 7,726 High 6,244 Critical 2,768 Low 965
Filter by Ecosystem
maven 5,513 packagist 3,612 pypi 3,542 npm 3,530 go 1,876 nuget 1,390 rubygems 812 cargo 773 swift 31 hex 29 actions 16 pub 8
Filter by Package
tensorflow 432 tensorflow-cpu 387 tensorflow-gpu 384 moodle/moodle 318 Microsoft.ChakraCore 247 org.jenkins-ci.main:jenkins-core 189 magento/community-edition 182 org.apache.tomcat:tomcat 134 pimcore/pimcore 116 dolibarr/dolibarr 105 typo3/cms 94 microweber/microweber 91 phpmyadmin/phpmyadmin 91 django 80 apache-airflow 78 typo3/cms-core 70 drupal/core 70 thorsten/phpmyfaq 70 com.fasterxml.jackson.core:jackson-databind 69 ansible 63 github.com/usememos/memos 59 actionpack 57 drupal/drupal 56 org.apache.struts:struts2-core 55 librenms/librenms 54 concrete5/concrete5 52 shopware/platform 48 apache-superset 48 org.keycloak:keycloak-core 47 symfony/symfony 46 com.liferay.portal:release.portal.bom 45 baserproject/basercms 43 plone 42 rdiffweb 42 nokogiri 42 Pillow 41 showdoc/showdoc 40 salt 38 github.com/mattermost/mattermost/server/v8 38 nilsteampassnet/teampass 37 github.com/mattermost/mattermost-server/v6 37 org.apache.tomcat.embed:tomcat-embed-core 37 craftcms/cms 36 com.thoughtworks.xstream:xstream 36 shopware/core 36 com.jfinal:jfinal 36 Plone 36 net.mingsoft:ms-mcms 35 matrix-synapse 35 github.com/answerdev/answer 34 org.xwiki.platform:xwiki-platform-oldcore 34 snipe/snipe-it 32 vyper 32 org.elasticsearch:elasticsearch 32 k8s.io/kubernetes 31 intelliants/subrion 31 opencv-contrib-python 30 opencv-python 30 org.jenkins-ci.plugins:script-security 30 mlflow 30 parse-server 29 github.com/argoproj/argo-cd 29 github.com/rancher/rancher 28 mautic/core 28 github.com/grafana/grafana 28 github.com/hashicorp/vault 28 froxlor/froxlor 28 shopware/shopware 27 io.undertow:undertow-core 27 centreon/centreon 27 org.keycloak:keycloak-services 27 silverstripe/framework 27 getgrav/grav 27 openssl-src 26 github.com/hashicorp/nomad 26 github.com/hashicorp/consul 26 electron 26 org.apache.solr:solr-core 25 org.keycloak:keycloak-parent 25 rubygems-update 25 prestashop/prestashop 24 gogs.io/gogs 24 magento/core 24 pocketmine/pocketmine-mp 23 puppet 23 org.eclipse.jetty:jetty-server 23 org.springframework.security:spring-security-core 23 remdex/livehelperchat 23 rack 22 org.apache.nifi:nifi 22 grumpydictator/firefly-iii 22 getkirby/cms 22 github.com/argoproj/argo-cd/v2 22 ckb 22 activerecord 21 org.apache.openmeetings:openmeetings-parent 21 @openzeppelin/contracts-upgradeable 21 Django 21 github.com/cilium/cilium 20 org.cloudfoundry.identity:cloudfoundry-identity-server 20 @openzeppelin/contracts 20 DotNetNuke.Core 19 code.gitea.io/gitea 19 org.springframework:spring-core 19 github.com/docker/docker 19 github.com/ethereum/go-ethereum 19 langchain 18 tribalsystems/zenario 18 com.liferay.portal:release.dxp.bom 18 com.vaadin:vaadin-bom 18 org.bouncycastle:bcprov-jdk14 18 forkcms/forkcms 18 helm.sh/helm/v3 18 cockpit-hq/cockpit 17 PaddlePaddle 17 Microsoft.AspNetCore.App.Runtime.win-x64 17 Microsoft.AspNetCore.App.Runtime.win-x86 17 francoisjacquet/rosariosis 17 org.apache.geode:geode-core 17 cakephp/cakephp 17 golang.org/x/net 17 org.xwiki.platform:xwiki-platform-web-templates 17 cobbler 17 org.apache.dubbo:dubbo 16 org.apache.activemq:activemq-client 16 org.bouncycastle:bcprov-jdk15 16 rusqlite 16 sequelize 16 Microsoft.AspNetCore.App.Runtime.win-arm 16 wasmtime 16 yetiforce/yetiforce-crm 16 directus 16 contao/core-bundle 15 org.apache.struts.xwork:xwork-core 15 Microsoft.AspNetCore.App.Runtime.linux-arm 15 pillow 15 github.com/goharbor/harbor 15 org.apache.jspwiki:jspwiki-main 15 Microsoft.AspNetCore.App.Runtime.linux-arm64 15 notebook 15 Microsoft.AspNetCore.App.Runtime.linux-musl-x64 15 paddlepaddle 15 openmage/magento-lts 15 Microsoft.AspNetCore.App.Runtime.linux-x64 15 cryptography 15 Microsoft.AspNetCore.App.Runtime.osx-x64 15 topthink/framework 15 zendframework/zendframework1 14 phpmailer/phpmailer 14 gradio 14 pyload-ng 14 tinymce 14 publify_core 14 smarty/smarty 14 org.xwiki.platform:xwiki-platform-web 14 typo3/cms-backend 14 modoboa 14 ghost 14 Microsoft.AspNetCore.App.Runtime.linux-musl-arm64 14 swagger-ui 14 Microsoft.AspNetCore.App.Runtime.win-arm64 14 activesupport 14 symfony/security 13 nova 13 pyftpdlib 13 elefant/cms 13 joplin 13 october/system 13 passenger 13 codeigniter4/framework 13 github.com/containerd/containerd 13 strapi 13 ezsystems/ezpublish-kernel 13 ckeditor4 13 org.apache.cxf:cxf 13 next 13 org.apache.inlong:manager-pojo 13 github.com/traefik/traefik/v2 13 github.com/nats-io/nats-server/v2 13 impresscms/impresscms 13 org.apache.hadoop:hadoop-main 13 Microsoft.NETCore.App.Runtime.win-x86 12 neutron 12 actionview 12 undici 12 OctoPrint 12 phpmyfaq/phpmyfaq 12 lavalite/cms 12 org.jenkins-ci.plugins.workflow:workflow-cps 12 github.com/moby/moby 12 com.vaadin:flow-server 12 org.jenkins-ci.plugins:git 12 Microsoft.NETCore.App.Runtime.win-x64 12 Microsoft.NETCore.App.Runtime.win-arm64 12 keystone 12 symfony/security-http 12 github.com/go-gitea/gitea 12 org.apache.dolphinscheduler:dolphinscheduler 12 studio-42/elfinder 12 github.com/opencontainers/runc 12
Filter by Repository
https://github.com/tensorflow/tensorflow 432 https://github.com/chakra-core/ChakraCore 214 https://github.com/moodle/moodle 210 https://github.com/xwiki/xwiki-platform 172 https://github.com/jenkinsci/jenkins 148 https://github.com/pimcore/pimcore 111 https://github.com/apache/tomcat 95 https://github.com/apache/airflow 90 https://github.com/microweber/microweber 85 https://github.com/django/django 72 https://github.com/FasterXML/jackson-databind 70 https://github.com/thorsten/phpmyfaq 69 https://github.com/keycloak/keycloak 59 https://github.com/usememos/memos 59 https://github.com/Dolibarr/dolibarr 54 https://github.com/rails/rails 53 https://github.com/ansible/ansible 53 https://github.com/python-pillow/Pillow 51 https://github.com/kubernetes/kubernetes 48 https://github.com/apache/struts 46 https://github.com/librenms/librenms 46 https://github.com/shopware/platform 43 https://github.com/TYPO3/typo3 42 https://github.com/ikus060/rdiffweb 42 https://github.com/spring-projects/spring-framework 40 https://github.com/symfony/symfony 40 https://github.com/star7th/showdoc 38 https://github.com/phpmyadmin/phpmyadmin 38 https://github.com/x-stream/xstream 36 https://github.com/argoproj/argo-cd 36 https://github.com/plone/Products.CMFPlone 36 https://github.com/concretecms/concretecms 34 https://github.com/answerdev/answer 34 https://github.com/octobercms/october 33 https://github.com/matrix-org/synapse 32 https://github.com/vyperlang/vyper 32 https://github.com/apache/activemq 32 https://github.com/magento/magento2 31 https://github.com/PaddlePaddle/Paddle 31 https://github.com/go-gitea/gitea 31 https://github.com/sparklemotion/nokogiri 31 https://github.com/parse-community/parse-server 29 https://github.com/CVEProject/cvelist 28 https://github.com/snipe/snipe-it 28 https://github.com/craftcms/cms 28 https://github.com/opencv/opencv 28 https://github.com/mautic/mautic 27 https://github.com/froxlor/froxlor 26 https://github.com/rancher/rancher 25 https://github.com/apache/inlong 25 https://github.com/electron/electron 25 https://github.com/saltstack/salt 25 https://github.com/mlflow/mlflow 25 https://github.com/shopware/shopware 24 https://github.com/TYPO3/TYPO3.CMS 24 https://github.com/github/advisory-database 23 https://github.com/dotnet/runtime 23 https://github.com/livehelperchat/livehelperchat 23 https://github.com/pmmp/PocketMine-MP 23 https://github.com/getgrav/grav 23 https://github.com/eclipse/jetty.project 23 https://github.com/baserproject/basercms 22 https://github.com/nervosnetwork/ckb 22 https://github.com/grafana/grafana 22 https://github.com/firefly-iii/firefly-iii 22 https://github.com/strapi/strapi 21 https://github.com/apache/nifi 21 https://github.com/OpenNMS/opennms 20 https://github.com/gogs/gogs 20 https://github.com/jeecgboot/jeecg-boot 20 https://github.com/OpenZeppelin/openzeppelin-contracts 20 https://github.com/cilium/cilium 20 https://github.com/PrestaShop/PrestaShop 20 https://github.com/netty/netty 20 https://github.com/jenkinsci/script-security-plugin 20 https://github.com/hashicorp/consul 19 https://github.com/cloudfoundry/uaa 19 https://github.com/helm/helm 19 https://github.com/apache/cxf 19 https://github.com/nilsteampassnet/teampass 19 https://github.com/bcgit/bc-java 18 https://github.com/nilsteampassnet/TeamPass 18 https://github.com/getkirby/kirby 18 https://github.com/rubygems/rubygems 18 https://github.com/bytecodealliance/wasmtime 17 https://github.com/vaadin/platform 17 https://github.com/rack/rack 17 https://github.com/liufee/cms 17 https://github.com/sequelize/sequelize 16 https://github.com/hashicorp/vault 16 https://github.com/contao/contao 16 https://github.com/rusqlite/rusqlite 16 https://github.com/umbraco/Umbraco-CMS 16 https://github.com/etcd-io/etcd 16 https://github.com/forkcms/forkcms 16 https://github.com/opencast/opencast 16 https://github.com/yetiforcecompany/yetiforcecrm 16 https://github.com/centreon/centreon 15 https://github.com/OpenMage/magento-lts 15 https://github.com/directus/directus 15 https://github.com/intelliants/subrion 15 https://github.com/apache/camel 15 https://github.com/puppetlabs/puppet 15 https://github.com/geoserver/geoserver 15 https://github.com/ethereum/go-ethereum 15 https://github.com/goharbor/harbor 15 https://github.com/vantage6/vantage6 14 https://github.com/pyca/cryptography 14 https://github.com/moby/moby 14 https://github.com/pyload/pyload 14 https://github.com/langchain-ai/langchain 14 https://github.com/cockpit-hq/cockpit 14 https://github.com/tinymce/tinymce 14 https://github.com/cobbler/cobbler 14 https://github.com/denoland/deno 14 https://github.com/PHPMailer/PHPMailer 14 https://github.com/undertow-io/undertow 13 https://github.com/gradio-app/gradio 13 https://github.com/modoboa/modoboa 13 https://github.com/containerd/containerd 13 https://github.com/swagger-api/swagger-ui 13 https://github.com/xuxueli/xxl-job 13 https://github.com/traefik/traefik 13 https://github.com/publify/publify 13 https://github.com/hashicorp/nomad 13 https://github.com/golang/go 13 https://github.com/ming-soft/MCMS 13 https://github.com/dromara/hutool 12 https://github.com/patriksimek/vm2 12 https://github.com/centreon/centreon-archived 12 https://github.com/apache/dolphinscheduler 12 https://github.com/nodejs/undici 12 https://github.com/TryGhost/Ghost 12 https://github.com/twisted/twisted 12 https://github.com/laurent22/joplin 12 https://github.com/apache/kylin 12 https://github.com/backstage/backstage 12 https://github.com/silverstripe/silverstripe-framework 12 https://github.com/ckeditor/ckeditor4 12 https://github.com/cloudflare/cfrpki 11 https://github.com/jquery/jquery 11 https://github.com/janeczku/calibre-web 11 https://github.com/containers/podman 11 https://github.com/dompdf/dompdf 11 https://github.com/drupal/core 11 https://github.com/urllib3/urllib3 11 https://github.com/quarkusio/quarkus 11 https://github.com/cakephp/cakephp 11 https://github.com/puma/puma 11 https://github.com/thorsten/phpMyFAQ 11 https://github.com/opencontainers/runc 11 https://github.com/NodeBB/NodeBB 11 https://github.com/smarty-php/smarty 11 https://github.com/vaadin/flow 11 https://github.com/igniterealtime/Openfire 11 https://github.com/Studio-42/elFinder 11 https://github.com/openfga/openfga 11 https://github.com/onionshare/onionshare 11 https://github.com/keystonejs/keystone 10 https://github.com/ezsystems/ezpublish-kernel 10 https://github.com/dpgaspar/Flask-AppBuilder 10 https://github.com/1Panel-dev/1Panel 10 https://github.com/pimcore/admin-ui-classic-bundle 10 https://github.com/phusion/passenger 10 https://github.com/OPCFoundation/UA-.NETStandard 10 https://github.com/greenpau/caddy-security 10 https://github.com/cosmos/cosmos-sdk 10 https://github.com/aio-libs/aiohttp 10 https://github.com/openstack/keystone 10 https://github.com/codeigniter4/CodeIgniter4 10 https://github.com/jenkinsci/git-plugin 10 https://github.com/nats-io/nats-server 10 https://github.com/dotnet/aspnetcore 10 https://github.com/dolibarr/dolibarr 10 https://github.com/zopefoundation/Zope 10 https://github.com/nextauthjs/next-auth 10 https://github.com/WWBN/AVideo 10 https://github.com/jupyter/notebook 10 https://github.com/ethyca/fides 9 https://github.com/LavaLite/cms 9 https://github.com/kevinpapst/kimai2 9 https://github.com/fatfreecrm/fat_free_crm 9 https://github.com/apache/superset 9 https://github.com/alextselegidis/easyappointments 9 https://github.com/vercel/next.js 9 https://github.com/funadmin/funadmin 9 https://github.com/Pylons/waitress 9 https://github.com/rails/rails-html-sanitizer 9 https://github.com/apache/lucene-solr 9 https://github.com/top-think/framework 9 https://github.com/spring-projects/spring-security 9 https://github.com/Graylog2/graylog2-server 9 https://github.com/yiisoft/yii2 9 https://github.com/cui2shark/cms 9 https://github.com/DSpace/DSpace 9 https://github.com/evershopcommerce/evershop 9 https://github.com/wagtail/wagtail 9 https://github.com/neorazorx/facturascripts 9 https://github.com/zitadel/zitadel 9