Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories

Loading...
Moderate
GSA_kwCzR0hTQS0zajI3LTU2M3YtMjh3Zs4AA5zR
*const c_void / ExternalPointer unsoundness leading to use-after-free
Ecosystems: cargo
Packages: Deno
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
High
GSA_kwCzR0hTQS02cTR3LTl4NTYtcm13cc4AA5zQ
Deno arbitrary file descriptor close via `op_node_ipc_pipe()` leading to permission prompt bypass
Ecosystems: cargo
Packages: deno
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS01ZnJ3LTRyd3EteGhjcs4AA5zP
Deno's improper suffix match testing for DENO_AUTH_TOKENS
Ecosystems: cargo
Packages: deno
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS0zcDNwLWNnajctdmd3M84AA5zO
RSSHub vulnerable to Server-Side Request Forgery
Ecosystems: npm
Packages: rsshub
Source: GitHub Advisory Database
Blast Radius: 7.8
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS0yd3F3LWhyNGYteHJoaM4AA5zN
RSSHub Cross-site Scripting vulnerability caused by internal media proxy
Ecosystems: npm
Packages: rsshub
Source: GitHub Advisory Database
Blast Radius: 7.3
Published: about 2 months ago
High
GSA_kwCzR0hTQS1oNmozLWozNWYtdjJ4N84AA5zM
PocketMine-MP server crash with certain invalid JSON payloads in `LoginPacket` due to dependency vulnerability (3rd time)
Ecosystems: packagist
Packages: pocketmine/pocketmine-mp
Source: GitHub Advisory Database
Blast Radius: 15.6
Published: about 2 months ago
High
GSA_kwCzR0hTQS14YzdqLXdqMzYtcWpmcs4AA5zL
PocketMine-MP BookEditPacket crash when inventory slot in the packet is invalid
Ecosystems: packagist
Packages: pocketmine/pocketmine-mp
Source: GitHub Advisory Database
Blast Radius: 15.6
Published: about 2 months ago
Critical
GSA_kwCzR0hTQS1mNmcyLWg3cXYtM201ds4AA5zK
Remote Code Execution by uploading a phar file using frontmatter
Ecosystems: packagist
Packages: getgrav/grav
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS1tNzU3LXA4cnYtNHE5M84AA5zJ
Apache Linkis DataSource: DataSource module Oracle SQL Database Password Logged
Ecosystems: maven
Packages: org.apache.linkis:linkis
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS0yNnczLXE0ajgtNHhqcM4AA5zI
1Panel open source panel project has an unauthorized vulnerability.
Ecosystems: go
Packages: github.com/1Panel-dev/1Panel
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS05cDQzLWhqNWotOTZoNc4AA5zH
esphome vulnerable to stored Cross-site Scripting in edit configuration file API
Ecosystems: pypi
Packages: esphome
Source: GitHub Advisory Database
Blast Radius: 11.4
Published: about 2 months ago
High
GSA_kwCzR0hTQS1jNjl4LTV4bXctdjQ0eM4AA5zG
CasaOS Improper Restriction of Excessive Authentication Attempts vulnerability
Ecosystems: go
Packages: github.com/IceWhaleTech/CasaOS-UserService
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS1jOTY3LTI2NTItZ2Zqbc4AA5zF
CasaOS Username Enumeration
Ecosystems: go
Packages: github.com/IceWhaleTech/CasaOS-UserService
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 months ago
High
GSA_kwCzR0hTQS1oNWdmLWNtbTgtY2c3Y84AA5zE
CasaOS-UserService allows unauthorized access to any file
Ecosystems: go
Packages: github.com/IceWhaleTech/CasaOS-UserService
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 months ago
Critical
GSA_kwCzR0hTQS1jMmY5LTRqbW0tdjQ1bc4AA5zD
Shopware's session is persistent in Cache for 404 pages
Ecosystems: packagist
Packages: shopware/platform, shopware/storefront
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
High
GSA_kwCzR0hTQS1wMmd4LTQ0MzQtcGY2Z84AA5y_
Apache InLong: Logged-in user could exploit an arbitrary file read vulnerability
Ecosystems: maven
Packages: org.apache.inlong:manager-common
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS14ZzVwLTh3ZzUtcmh4bc4AA5yI
Phone information disclosure vulnerability
Ecosystems: pypi
Packages: Plone
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS04cjNmLTg0NGMtbWMzN84AA5yO
Golang protojson.Unmarshal function infinite loop when unmarshaling certain forms of invalid JSON
Ecosystems: go
Packages: google.golang.org/protobuf/internal/encoding/json, google.golang.org/protobuf/encoding/protojson, google.golang.org/protobuf
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
Low
GSA_kwCzR0hTQS00bTdoLTM0eG0tNHdqds4AA5xy
Concrete CMS Stored Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: concrete5/concrete5
Source: GitHub Advisory Database
Blast Radius: 1.9
Published: about 2 months ago
High
GSA_kwCzR0hTQS1tNHBxLWZ2MnctNmhyd84AA5xp
Deno's deno_runtime vulnerable to interactive permission prompt spoofing via improper ANSI stripping
Ecosystems: cargo
Packages: deno_runtime
Source: GitHub Advisory Database
Blast Radius: 13.7
Published: about 2 months ago
High
GSA_kwCzR0hTQS13cnF2LXBmNmotbXFqcM4AA5xo
Deno's Node.js Compatibility Runtime has Cross-Session Data Contamination
Ecosystems: cargo
Packages: deno
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
High
GSA_kwCzR0hTQS02NXg3LWMyNzItN2c3cs4AA5xd
Use After Free in SixLabors.ImageSharp
Ecosystems: nuget
Packages: SixLabors.ImageSharp
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 months ago
Critical
GSA_kwCzR0hTQS04NmZjLWY5Z3ItdjUzM84AA5xc
HTTP Handling Vulnerability in the Bare server
Ecosystems: npm
Packages: @tomphttp/bare-server-node
Source: GitHub Advisory Database
Blast Radius: 26.2
Published: about 2 months ago
High
GSA_kwCzR0hTQS12NjI3LTY5djIteHgzN84AA5xb
`GetRepositoryByName`, `DeleteRepositoryByName` and `GetArtifactByName` allow access of arbitrary repositories in Minder by any authenticated user
Ecosystems: go
Packages: github.com/stacklok/minder
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS1ocnFyLWp2OHctdjlqaM4AA5xa
Insufficient permission checking in `Deno.makeTemp*` APIs
Ecosystems: cargo
Packages: deno
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS0zcXdjLTQ3amYtNXJmN84AA5xT
eth-abi is vulnerable to recursive DoS
Ecosystems: pypi
Packages: eth-abi
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
High
GSA_kwCzR0hTQS1yM3c3LW1mcG0tYzJ2d84AA5wI
Incorrect TLS certificate auth method in Vault
Ecosystems: go
Packages: github.com/hashicorp/vault
Source: GitHub Advisory Database
Blast Radius: 27.3
Published: about 2 months ago
High
GSA_kwCzR0hTQS03Y2MyLXI2NTgtN3hwZs4AA5wH
Coder's OIDC authentication allows email with partially matching domain to register
Ecosystems: go
Packages: github.com/coder/coder, github.com/coder/coder/v2
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS03andoLTN2cnEtcTNtOM4AA5wG
pgproto3 SQL Injection via Protocol Message Size Overflow
Ecosystems: go
Packages: github.com/jackc/pgx/v5, github.com/jackc/pgx/v4, github.com/jackc/pgproto3/v2, github.com/jackc/pgproto3
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS1qcjgzLW0yMzMtZ2c2cM4AA5wF
Sulu grants access to pages regardless of role permissions
Ecosystems: packagist
Packages: sulu/sulu
Source: GitHub Advisory Database
Blast Radius: 14.3
Published: about 2 months ago
High
GSA_kwCzR0hTQS1yOHc5LTV3Y2ctdmZqN84AA5wE
Mio's tokens for named pipes may be delivered after deregistration
Ecosystems: cargo
Packages: mio
Source: GitHub Advisory Database
Blast Radius: 35.5
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS1tcnd3LTI3dmMtZ2dods4AA5wA
pgx SQL Injection via Protocol Message Size Overflow
Ecosystems: go
Packages: github.com/jackc/pgx/v5, github.com/jackc/pgx/v4, github.com/jackc/pgproto3/v2, github.com/jackc/pgproto3, github.com/jackc/pgx
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
Critical
GSA_kwCzR0hTQS1mcWc4LXZmdjctOGZqOM4AA5wD
JSONata expression can pollute the "Object" prototype
Ecosystems: npm
Packages: jsonata
Source: GitHub Advisory Database
Blast Radius: 35.8
Published: about 2 months ago
High
GSA_kwCzR0hTQS1yNHBmLTN2N3ItaGg1Nc4AA5wC
electron-builder's NSIS installer - execute arbitrary code on the target machine (Windows only)
Ecosystems: npm
Packages: app-builder-lib
Source: GitHub Advisory Database
Blast Radius: 32.7
Published: about 2 months ago
Critical
GSA_kwCzR0hTQS1mZ3h2LWd3NTUtcjVmcc4AA5wB
Authorization Bypass Through User-Controlled Key in go-zero
Ecosystems: go
Packages: github.com/zeromicro/go-zero
Source: GitHub Advisory Database
Blast Radius: 25.2
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS1tN3dyLTJ4ZjctY205cM4AA5v_
pgx SQL Injection via Line Comment Creation
Ecosystems: go
Packages: github.com/jackc/pgx/v4, github.com/jackc/pgx
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
Low
GSA_kwCzR0hTQS1oNTl4LXA3MzktOTgyY84AA5ue
LangChain directory traversal vulnerability
Ecosystems: pypi
Packages: langchain-core, langchain
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS1qdzQ0LTRmM2otcTM5Ns4AA5uc
Helm shows secrets in clear text
Ecosystems: go
Packages: helm.sh/helm/v3
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS04MmpmLThmMjQteHE5bc4AA5t8
hexo-theme-anzhiyu Cross-site Scripting vulnerability
Ecosystems: npm
Packages: hexo-theme-anzhiyu
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 months ago
High
GSA_kwCzR0hTQS1qcjIyLThxZ20tNHE4N84AA5s3
phpseclib does not properly limit the ASN1 OID length
Ecosystems: packagist
Packages: phpseclib/phpseclib
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 months ago
High
GSA_kwCzR0hTQS1oZzM1LW1wMjUtcWY2aM4AA5sw
phpseclib a large prime can cause a denial of service
Ecosystems: packagist
Packages: phpseclib/phpseclib
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 months ago
High
GSA_kwCzR0hTQS1oM203LXJxYzQtN2g5cM4AA5sZ
Integer overflow in chunking helper causes dispatching to miss elements or panic
Ecosystems: go
Packages: github.com/authzed/spicedb
Source: GitHub Advisory Database
Blast Radius: 9.0
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS01bWhnLXd2OHctcDU5as4AA5sN
Directus version number disclosure
Ecosystems: npm
Packages: directus
Source: GitHub Advisory Database
Blast Radius: 10.9
Published: 2 months ago
High
GSA_kwCzR0hTQS04cDI1LTNxNDYtOHEycM4AA5sM
ESPHome vulnerable to remote code execution via arbitrary file write
Ecosystems: pypi
Packages: esphome
Source: GitHub Advisory Database
Blast Radius: 12.6
Published: 2 months ago
Critical
GSA_kwCzR0hTQS00ZzJ4LXZxNXAtNXZqNs4AA5sL
Budibase affected by VM2 Constructor Escape Vulnerability
Ecosystems: npm
Packages: @budibase/server
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 months ago
Critical
GSA_kwCzR0hTQS02OTI3LTN2cjktZnhmMs4AA5sK
ZDI-CAN-19105: Parse Server literalizeRegexPart SQL Injection
Ecosystems: npm
Packages: parse-server
Source: GitHub Advisory Database
Blast Radius: 30.8
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS1oNTk1LXZ3aGMtM3h3eM4AA5r-
Apache Archiva Incorrect Authorization vulnerability
Ecosystems: maven
Packages: org.apache.archiva:archiva
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS13NW14LTMzNGotNmZ3ds4AA5r1
Bagist Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: bagisto/bagisto
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS1ocDJ4LTZ2cm0tN2o3ds4AA5sA
Apache Archiva Reflected Cross-site Scripting vulnerability
Ecosystems: maven
Packages: org.apache.archiva:archiva-common
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS1ydjRoLW00d2Mtdjk5d84AA5r9
Apache Archiva Incorrect Authorization vulnerability
Ecosystems: maven
Packages: org.apache.archiva:archiva
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 2 months ago
High
GSA_kwCzR0hTQS1xdzlnLTc1NDktN3dnNc4AA5r0
Directus has MySQL accent insensitive email matching
Ecosystems: npm
Packages: directus
Source: GitHub Advisory Database
Blast Radius: 16.9
Published: 2 months ago
Low
GSA_kwCzR0hTQS02OGMyLTRtcHgtcWg5Nc4AA5rz
Potential leakage of Sentry auth tokens by React Native SDK with Expo plugin
Ecosystems: npm
Packages: @sentry/react-native
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS05cTZ2LXJ4bXctZzNnaM4AA5ry
Apache Ambari: Various Cross site scripting problems
Ecosystems: maven
Packages: org.apache.ambari:ambari
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS02eHdmLXh2ZjMtdjQ1Oc4AA5rU
Apache Airflow: Incorrect Default Permissions in audit logs for Ops and Viewers users
Ecosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS1mZmZnLWN3YzkteHZqN84AA5rI
mongo-express Cross-site Request Forgery vulnerability
Ecosystems: npm
Packages: mongo-express
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS02anZnLWhwMjUtNDJmNs4AA5rD
Nteract Remote Code Execution vulnerability
Ecosystems: npm
Packages: nteract
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS1wY2Z4LWcyajItZjZmNs4AA5qg
Docassemble HTML and javascript injection
Ecosystems: pypi
Packages: docassemble.webapp
Source: GitHub Advisory Database
Blast Radius: 4.3
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS03d3hmLXIycXYtOXh3cs4AA5qf
Docassemble open redirect
Ecosystems: pypi
Packages: docassemble.webapp
Source: GitHub Advisory Database
Blast Radius: 4.3
Published: 2 months ago
High
GSA_kwCzR0hTQS1qcTU3LTN3N3Atdnd2ds4AA5qh
Docassemble unauthorized access through URL manipulation
Ecosystems: pypi
Packages: docassemble.base, docassemble.webapp
Source: GitHub Advisory Database
Blast Radius: 7.5
Published: 2 months ago
Low
GSA_kwCzR0hTQS05dng2LTd4eGYteDk2N84AA5qR
OpenZeppelin Contracts base64 encoding may read from potentially dirty memory
Ecosystems: npm
Packages: @openzeppelin/contracts-upgradeable, @openzeppelin/contracts
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS1xNzZyLTdwNHEtbXFwd84AA5qL
Cockpit CMS Cross-Site Scripting vulnerability
Ecosystems: packagist
Packages: cockpit-hq/cockpit
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 2 months ago
Low
GSA_kwCzR0hTQS1yNGZtLWc2NWgtY3I1NM4AA5qG
Mattermost incorrectly allows access individual posts
Ecosystems: go
Packages: github.com/mattermost/mattermost/server/v8
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS1od2pmLTQ2NjctZ3F3eM4AA5qF
Mattermost allows attackers access to posts in channels they are not a member of
Ecosystems: go
Packages: github.com/mattermost/mattermost/server/v8
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 months ago
Low
GSA_kwCzR0hTQS0zZzM1LXY1M3ItZ3B4Y84AA5qJ
Mattermost race condition
Ecosystems: go
Packages: github.com/mattermost/mattermost/server/v8
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS12bTltLTU3anItNHB4aM4AA5qH
Mattermost fails to limit the number of role names
Ecosystems: go
Packages: github.com/mattermost/mattermost/server/v8
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS02djZ3LWg4bTYtN212Ms4AA5qK
Apache Airflow: DAG Code and Import Error Permissions Ignored
Ecosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS1meDQ4LXh2NnEtNmdwM84AA5p9
Mattermost post fetching without auditing in compliance export
Ecosystems: go
Packages: github.com/mattermost/mattermost/server/v8
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 months ago
Low
GSA_kwCzR0hTQS14Z3hqLWo5OGMtNTlyds4AA5p6
Mattermost fails to properly restrict the access of files attached to posts
Ecosystems: go
Packages: github.com/mattermost/mattermost/server/v8
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS1wZnc2LTVyeDMteGgzY84AA5p-
Mattermost fails to check the "invite_guest" permission
Ecosystems: go
Packages: github.com/mattermost/mattermost/server/v8
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS02bXgzLTlxZmgtNzdnas4AA5qA
Mattermost denial of service through long emoji value
Ecosystems: go
Packages: github.com/mattermost/mattermost/server/v8
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS03djN2LTk4NHYtaDc0cs4AA5p_
Mattermost leaks details of AD/LDAP groups of a teams
Ecosystems: go
Packages: github.com/mattermost/mattermost/server/v8
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS00OXc3LTVyMzMtam05bc4AA5ok
http-swagger XSS via PUT requests
Ecosystems: go
Packages: github.com/swaggo/http-swagger
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS12NGNwLTJxN3YtaGc5cc4AA5pT
livehelperchat Server-Side Template Injection
Ecosystems: packagist
Packages: remdex/livehelperchat
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS12cjY0LXI5cWotaDI3Zs4AA5o_
Reading specially crafted serializable objects from an untrusted source may cause an infinite loop and denial of service
Ecosystems: maven
Packages: org.clojure:clojure
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS03NXgyLTZoNG0taDZteM4AA5oj
FullStackHero's WebAPI Boilerplate host header injection vulnerability
Ecosystems: nuget
Packages: FullStackHero.WebAPI.Boilerplate
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 2 months ago
Low
GSA_kwCzR0hTQS0zaHJyLXh3dmctaHh2cs4AA5pB
Keycloak DoS via account lockout
Ecosystems: maven
Packages: org.keycloak:keycloak-core
Source: GitHub Advisory Database
Blast Radius: 11.3
Published: 2 months ago
Low
GSA_kwCzR0hTQS05eHh2LXE2cHAtOTZ3cc4AA5mo
Concrete CMS Stored XSS
Ecosystems: packagist
Packages: concrete5/concrete5
Source: GitHub Advisory Database
Blast Radius: 2.0
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS0zcnh4LThmMzMtN3A2cM4AA5nJ
Concrete CMS Cross Site Request Forgery (CSRF) vulnerability
Ecosystems: packagist
Packages: concrete5/concrete5
Source: GitHub Advisory Database
Blast Radius: 3.6
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS00NW0yLThxN2YtOTN3ds4AA5nI
Concrete CMS Cross Site Request Forgery (CSRF) vulnerability
Ecosystems: packagist
Packages: concrete5/concrete5
Source: GitHub Advisory Database
Blast Radius: 3.6
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS02Mjk0LTZyZ3AtZnI3cs4AA5mt
jose2go vulnerable to denial of service via large p2c value
Ecosystems: go
Packages: github.com/dvsekhvalnov/jose2go
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS1jOHY2LTc4Nmctdmp4Ns4AA5mu
json-jwt allows bypass of identity checks via a sign/encryption confusion attack
Ecosystems: rubygems
Packages: json-jwt
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS02cXZ3LTI0OWotaDQ0Y84AA5mp
jose4j denial of service via specifically crafted JWE
Ecosystems: maven
Packages: org.bitbucket.b_c:jose4j
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS14NTc3LWdjYzktOXhqas4AA5mn
Concrete CMS Stored XSS in Layout Preset Name
Ecosystems: packagist
Packages: concrete5/concrete5
Source: GitHub Advisory Database
Blast Radius: 4.1
Published: 2 months ago
Low
GSA_kwCzR0hTQS0yMmYyLXY1N2MtajljeM4AA5mE
Rack vulnerable to ReDoS in content type parsing (2nd degree polynomial)
Ecosystems: rubygems
Packages: rack
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 months ago
Low
GSA_kwCzR0hTQS14ajV2LTZ2NGctamZ3Ns4AA5mD
Rack has possible DoS Vulnerability with Range Header
Ecosystems: rubygems
Packages: rack
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 months ago
Low
GSA_kwCzR0hTQS01NHJyLTdmdnctNng4Zs4AA5mC
Rack Header Parsing leads to Possible Denial of Service Vulnerability
Ecosystems: rubygems
Packages: rack
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS1xcDU2LTgydnAteHFnds4AA5l8
Mezzanine allows attackers to bypass access control mechanisms
Ecosystems: pypi
Packages: Mezzanine
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS0yMmNjLXc3eG0tcmZoeM4AA5l7
Mezzanine allows attackers to bypass access controls via manipulating the Host header
Ecosystems: pypi
Packages: Mezzanine
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS04bXE0LTlqamgtOXhyY84AA5l2
YARD's default template vulnerable to Cross-site Scripting in generated frames.html
Ecosystems: rubygems
Packages: yard
Source: GitHub Advisory Database
Blast Radius: 25.6
Published: 2 months ago
Critical
GSA_kwCzR0hTQS1qMnB3LXZwNTUtZnFxas4AA5l1
Flask-AppBuilder vulnerable to incorrect authentication when using auth type OpenID
Ecosystems: pypi
Packages: Flask-AppBuilder
Source: GitHub Advisory Database
Blast Radius: 25.2
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS1mcXhqLTQ2d2ctOXY4NM4AA5l0
Flask-AppBuilder's OAuth login page subject to Cross Site Scripting (XSS)
Ecosystems: pypi
Packages: Flask-AppBuilder
Source: GitHub Advisory Database
Blast Radius: 11.9
Published: 2 months ago
Low
GSA_kwCzR0hTQS01NTVwLW00djYtY3F4ds4AA5lr
ASA-2024-004: Default configuration param for Evidence may limit window of validity
Ecosystems: go
Packages: github.com/cometbft/cometbft
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS0zdjlyLTg4NWotNzYyZ84AA5lb
Apache Superset: Improper authorization validation on dashboards and charts import
Ecosystems: pypi
Packages: apache-superset
Source: GitHub Advisory Database
Blast Radius: 5.8
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS13cjZnLTl3Y3ItY21xas4AA5le
Apache Superset: Improper data authorization when creating a new dataset
Ecosystems: pypi
Packages: apache-superset
Source: GitHub Advisory Database
Blast Radius: 6.7
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS01NDc0LWY3ZzUtMjczcc4AA5ld
Apache Superset: Improper validation of SQL statements allows for unauthorized access to data
Ecosystems: pypi
Packages: apache-superset
Source: GitHub Advisory Database
Blast Radius: 6.6
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS1tNmptLTN2MzgtNzZqNM4AA5la
Apache Superset: Improper Neutralization of custom SQL on embedded context
Ecosystems: pypi
Packages: apache-superset
Source: GitHub Advisory Database
Blast Radius: 5.8
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS1oN3I2LThxbW0taGo1cs4AA5lZ
Apache Superset: Improper error handling on alerts
Ecosystems: pypi
Packages: apache-superset
Source: GitHub Advisory Database
Blast Radius: 5.8
Published: 2 months ago
Low
GSA_kwCzR0hTQS04Nmg1LXhjcHgtY2ZxY84AA5jS
ASA-2024-005: Potential slashing evasion during re-delegation
Ecosystems: go
Packages: github.com/cosmos/cosmos-sdk
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 months ago
High
GSA_kwCzR0hTQS14aDZtLTdjcjcteHg2Ns4AA5jR
Missing permission checks on Hazelcast client protocol
Ecosystems: maven
Packages: com.hazelcast:hazelcast
Source: GitHub Advisory Database
Blast Radius: 30.5
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS1ncDZtLWZxNmgtY2pjeM4AA5jQ
Magento LTS vulnerable to stored XSS in admin file form
Ecosystems: packagist
Packages: openmage/magento-lts
Source: GitHub Advisory Database
Blast Radius: 8.1
Published: 2 months ago
Statistics
Advisories: 18,303
Packages: 8,274
Repositories: 5,001
Ecosystems: 12
Filter by Severity
Moderate 7,900 High 6,336 Critical 2,800 Low 980
Filter by Ecosystem
maven 5,520 packagist 3,783 pypi 3,691 npm 3,534 go 1,889 nuget 1,390 rubygems 814 cargo 775 swift 31 hex 29 actions 16 pub 8
Filter by Package
tensorflow 432 tensorflow-cpu 387 tensorflow-gpu 384 moodle/moodle 318 Microsoft.ChakraCore 247 org.jenkins-ci.main:jenkins-core 189 magento/community-edition 182 org.apache.tomcat:tomcat 134 pimcore/pimcore 116 dolibarr/dolibarr 105 typo3/cms 102 phpmyadmin/phpmyadmin 91 microweber/microweber 91 django 80 apache-airflow 78 typo3/cms-core 73 thorsten/phpmyfaq 70 drupal/core 70 com.fasterxml.jackson.core:jackson-databind 69 ansible 63 github.com/usememos/memos 59 actionpack 57 drupal/drupal 56 org.apache.struts:struts2-core 55 librenms/librenms 54 symfony/symfony 53 concrete5/concrete5 52 apache-superset 48 shopware/platform 48 salt 47 org.keycloak:keycloak-core 47 com.liferay.portal:release.portal.bom 45 Plone 45 baserproject/basercms 43 rdiffweb 42 nokogiri 42 plone 42 Pillow 41 intelliants/subrion 40 craftcms/cms 40 showdoc/showdoc 40 github.com/mattermost/mattermost/server/v8 38 vyper 38 github.com/mattermost/mattermost-server/v6 37 nilsteampassnet/teampass 37 org.apache.tomcat.embed:tomcat-embed-core 37 com.jfinal:jfinal 36 com.thoughtworks.xstream:xstream 36 shopware/core 36 froxlor/froxlor 36 matrix-synapse 35 net.mingsoft:ms-mcms 35 github.com/answerdev/answer 34 org.xwiki.platform:xwiki-platform-oldcore 34 snipe/snipe-it 32 k8s.io/kubernetes 32 org.elasticsearch:elasticsearch 32 silverstripe/framework 32 mlflow 31 opencv-python 30 org.jenkins-ci.plugins:script-security 30 opencv-contrib-python 30 parse-server 29 github.com/argoproj/argo-cd 29 mautic/core 28 github.com/rancher/rancher 28 github.com/grafana/grafana 28 github.com/hashicorp/vault 28 shopware/shopware 27 io.undertow:undertow-core 27 getgrav/grav 27 org.keycloak:keycloak-services 27 Django 27 centreon/centreon 27 github.com/hashicorp/nomad 26 github.com/hashicorp/consul 26 openssl-src 26 electron 26 org.apache.solr:solr-core 25 org.keycloak:keycloak-parent 25 rubygems-update 25 gogs.io/gogs 24 magento/core 24 prestashop/prestashop 24 github.com/argoproj/argo-cd/v2 23 pocketmine/pocketmine-mp 23 remdex/livehelperchat 23 org.eclipse.jetty:jetty-server 23 puppet 23 moin 23 org.springframework.security:spring-security-core 23 ckb 22 rack 22 grumpydictator/firefly-iii 22 getkirby/cms 22 org.apache.nifi:nifi 22 activerecord 21 org.apache.openmeetings:openmeetings-parent 21 contao/core-bundle 21 @openzeppelin/contracts-upgradeable 21 org.cloudfoundry.identity:cloudfoundry-identity-server 20 github.com/cilium/cilium 20 @openzeppelin/contracts 20 github.com/ethereum/go-ethereum 19 code.gitea.io/gitea 19 DotNetNuke.Core 19 github.com/docker/docker 19 org.springframework:spring-core 19 contao/contao 18 tribalsystems/zenario 18 forkcms/forkcms 18 langchain 18 com.liferay.portal:release.dxp.bom 18 org.bouncycastle:bcprov-jdk14 18 com.vaadin:vaadin-bom 18 helm.sh/helm/v3 18 genix/cms 17 PaddlePaddle 17 org.xwiki.platform:xwiki-platform-web-templates 17 Microsoft.AspNetCore.App.Runtime.win-x64 17 Microsoft.AspNetCore.App.Runtime.win-x86 17 golang.org/x/net 17 francoisjacquet/rosariosis 17 org.apache.geode:geode-core 17 cobbler 17 cakephp/cakephp 17 symfony/security 17 cockpit-hq/cockpit 17 simplesamlphp/simplesamlphp 17 org.apache.activemq:activemq-client 16 org.apache.dubbo:dubbo 16 pillow 16 org.bouncycastle:bcprov-jdk15 16 Microsoft.AspNetCore.App.Runtime.win-arm 16 mercurial 16 sequelize 16 directus 16 yetiforce/yetiforce-crm 16 wasmtime 16 rusqlite 16 nova 15 cryptography 15 paddlepaddle 15 github.com/goharbor/harbor 15 topthink/framework 15 org.apache.struts.xwork:xwork-core 15 org.apache.jspwiki:jspwiki-main 15 Microsoft.AspNetCore.App.Runtime.linux-arm 15 notebook 15 Microsoft.AspNetCore.App.Runtime.linux-arm64 15 openmage/magento-lts 15 Microsoft.AspNetCore.App.Runtime.linux-musl-x64 15 Microsoft.AspNetCore.App.Runtime.linux-x64 15 Microsoft.AspNetCore.App.Runtime.osx-x64 15 activesupport 14 modoboa 14 zendframework/zendframework1 14 phpmailer/phpmailer 14 ezsystems/ezpublish-kernel 14 typo3/cms-backend 14 swagger-ui 14 org.xwiki.platform:xwiki-platform-web 14 pyftpdlib 14 smarty/smarty 14 gradio 14 symfony/security-http 14 pyload-ng 14 tinymce 14 publify_core 14 ghost 14 ec-cube/ec-cube 14 Microsoft.AspNetCore.App.Runtime.win-arm64 14 Microsoft.AspNetCore.App.Runtime.linux-musl-arm64 14 passenger 13 github.com/nats-io/nats-server/v2 13 org.apache.cxf:cxf 13 october/system 13 impresscms/impresscms 13 joplin 13 keystone 13 github.com/containerd/containerd 13 org.apache.inlong:manager-pojo 13 codeigniter4/framework 13 github.com/mattermost/mattermost-server 13 ckeditor4 13 next 13 elefant/cms 13 github.com/traefik/traefik/v2 13 lavalite/cms 13 strapi 13 org.apache.hadoop:hadoop-main 13 org.apache.dolphinscheduler:dolphinscheduler 12 bolt/bolt 12 vm2 12 undici 12 Microsoft.NETCore.App.Runtime.win-arm64 12 Microsoft.NETCore.App.Runtime.win-x64 12 Microsoft.NETCore.App.Runtime.win-x86 12 neutron 12 actionview 12
Filter by Repository
https://github.com/tensorflow/tensorflow 432 https://github.com/chakra-core/ChakraCore 214 https://github.com/moodle/moodle 210 https://github.com/xwiki/xwiki-platform 172 https://github.com/jenkinsci/jenkins 148 https://github.com/pimcore/pimcore 111 https://github.com/apache/tomcat 96 https://github.com/apache/airflow 90 https://github.com/microweber/microweber 85 https://github.com/django/django 73 https://github.com/FasterXML/jackson-databind 70 https://github.com/thorsten/phpmyfaq 69 https://github.com/keycloak/keycloak 59 https://github.com/usememos/memos 59 https://github.com/Dolibarr/dolibarr 54 https://github.com/ansible/ansible 53 https://github.com/rails/rails 53 https://github.com/python-pillow/Pillow 52 https://github.com/kubernetes/kubernetes 48 https://github.com/symfony/symfony 47 https://github.com/apache/struts 46 https://github.com/librenms/librenms 46 https://github.com/shopware/platform 43 https://github.com/ikus060/rdiffweb 42 https://github.com/TYPO3/typo3 42 https://github.com/spring-projects/spring-framework 41 https://github.com/star7th/showdoc 38 https://github.com/vyperlang/vyper 38 https://github.com/phpmyadmin/phpmyadmin 38 https://github.com/argoproj/argo-cd 37 https://github.com/plone/Products.CMFPlone 37 https://github.com/x-stream/xstream 36 https://github.com/answerdev/answer 34 https://github.com/concretecms/concretecms 34 https://github.com/octobercms/october 33 https://github.com/apache/activemq 32 https://github.com/matrix-org/synapse 32 https://github.com/magento/magento2 31 https://github.com/sparklemotion/nokogiri 31 https://github.com/PaddlePaddle/Paddle 31 https://github.com/go-gitea/gitea 31 https://github.com/parse-community/parse-server 29 https://github.com/saltstack/salt 29 https://github.com/craftcms/cms 29 https://github.com/snipe/snipe-it 28 https://github.com/CVEProject/cvelist 28 https://github.com/opencv/opencv 28 https://github.com/mautic/mautic 27 https://github.com/froxlor/froxlor 26 https://github.com/apache/inlong 25 https://github.com/electron/electron 25 https://github.com/mlflow/mlflow 25 https://github.com/rancher/rancher 25 https://github.com/shopware/shopware 24 https://github.com/TYPO3/TYPO3.CMS 24 https://github.com/livehelperchat/livehelperchat 23 https://github.com/eclipse/jetty.project 23 https://github.com/getgrav/grav 23 https://github.com/github/advisory-database 23 https://github.com/pmmp/PocketMine-MP 23 https://github.com/dotnet/runtime 23 https://github.com/grafana/grafana 22 https://github.com/nervosnetwork/ckb 22 https://github.com/baserproject/basercms 22 https://github.com/firefly-iii/firefly-iii 22 https://github.com/contao/contao 22 https://github.com/strapi/strapi 21 https://github.com/apache/nifi 21 https://github.com/OpenNMS/opennms 20 https://github.com/cilium/cilium 20 https://github.com/gogs/gogs 20 https://github.com/OpenZeppelin/openzeppelin-contracts 20 https://github.com/jenkinsci/script-security-plugin 20 https://github.com/netty/netty 20 https://github.com/jeecgboot/jeecg-boot 20 https://github.com/PrestaShop/PrestaShop 20 https://github.com/hashicorp/consul 19 https://github.com/helm/helm 19 https://github.com/apache/cxf 19 https://github.com/intelliants/subrion 19 https://github.com/cloudfoundry/uaa 19 https://github.com/nilsteampassnet/teampass 19 https://github.com/bcgit/bc-java 18 https://github.com/nilsteampassnet/TeamPass 18 https://github.com/getkirby/kirby 18 https://github.com/rubygems/rubygems 18 https://github.com/vaadin/platform 17 https://github.com/liufee/cms 17 https://github.com/bytecodealliance/wasmtime 17 https://github.com/rack/rack 17 https://github.com/hashicorp/vault 16 https://github.com/sequelize/sequelize 16 https://github.com/opencast/opencast 16 https://github.com/yetiforcecompany/yetiforcecrm 16 https://github.com/umbraco/Umbraco-CMS 16 https://github.com/rusqlite/rusqlite 16 https://github.com/forkcms/forkcms 16 https://github.com/etcd-io/etcd 16 https://github.com/centreon/centreon 15 https://github.com/OpenMage/magento-lts 15 https://github.com/directus/directus 15 https://github.com/ethereum/go-ethereum 15 https://github.com/apache/camel 15 https://github.com/geoserver/geoserver 15 https://github.com/puppetlabs/puppet 15 https://github.com/goharbor/harbor 15 https://github.com/langchain-ai/langchain 14 https://github.com/denoland/deno 14 https://github.com/tinymce/tinymce 14 https://github.com/pyload/pyload 14 https://github.com/pyca/cryptography 14 https://github.com/vantage6/vantage6 14 https://github.com/simplesamlphp/simplesamlphp 14 https://github.com/mattermost/mattermost 14 https://github.com/cockpit-hq/cockpit 14 https://github.com/moby/moby 14 https://github.com/cobbler/cobbler 14 https://github.com/PHPMailer/PHPMailer 14 https://github.com/dompdf/dompdf 13 https://github.com/containerd/containerd 13 https://github.com/modoboa/modoboa 13 https://github.com/publify/publify 13 https://github.com/gradio-app/gradio 13 https://github.com/golang/go 13 https://github.com/ming-soft/MCMS 13 https://github.com/undertow-io/undertow 13 https://github.com/hashicorp/nomad 13 https://github.com/xuxueli/xxl-job 13 https://github.com/traefik/traefik 13 https://github.com/silverstripe/silverstripe-framework 13 https://github.com/quarkusio/quarkus 13 https://github.com/swagger-api/swagger-ui 13 https://github.com/laurent22/joplin 12 https://github.com/TryGhost/Ghost 12 https://github.com/backstage/backstage 12 https://github.com/twisted/twisted 12 https://github.com/apache/dolphinscheduler 12 https://github.com/apache/kylin 12 https://github.com/patriksimek/vm2 12 https://github.com/centreon/centreon-archived 12 https://github.com/nodejs/undici 12 https://github.com/ckeditor/ckeditor4 12 https://github.com/dromara/hutool 12 https://github.com/urllib3/urllib3 11 https://github.com/smarty-php/smarty 11 https://github.com/igniterealtime/Openfire 11 https://github.com/zitadel/zitadel 11 https://github.com/cloudflare/cfrpki 11 https://github.com/thorsten/phpMyFAQ 11 https://github.com/drupal/core 11 https://github.com/onionshare/onionshare 11 https://github.com/jquery/jquery 11 https://github.com/cakephp/cakephp 11 https://github.com/containers/podman 11 https://github.com/puma/puma 11 https://github.com/opencontainers/runc 11 https://github.com/NodeBB/NodeBB 11 https://github.com/openfga/openfga 11 https://github.com/Studio-42/elFinder 11 https://github.com/vaadin/flow 11 https://github.com/openstack/keystone 11 https://github.com/janeczku/calibre-web 11 https://github.com/dpgaspar/Flask-AppBuilder 10 https://github.com/phusion/passenger 10 https://github.com/aio-libs/aiohttp 10 https://github.com/dolibarr/dolibarr 10 https://github.com/OPCFoundation/UA-.NETStandard 10 https://github.com/cosmos/cosmos-sdk 10 https://github.com/keystonejs/keystone 10 https://github.com/zopefoundation/Zope 10 https://github.com/greenpau/caddy-security 10 https://github.com/nats-io/nats-server 10 https://github.com/jenkinsci/git-plugin 10 https://github.com/WWBN/AVideo 10 https://github.com/ezsystems/ezpublish-kernel 10 https://github.com/jupyter/notebook 10 https://github.com/1Panel-dev/1Panel 10 https://github.com/pimcore/admin-ui-classic-bundle 10 https://github.com/dotnet/aspnetcore 10 https://github.com/codeigniter4/CodeIgniter4 10 https://github.com/wagtail/wagtail 10 https://github.com/nextauthjs/next-auth 10 https://github.com/top-think/framework 9 https://github.com/giampaolo/pyftpdlib 9 https://github.com/cui2shark/cms 9 https://github.com/apache/lucene-solr 9 https://github.com/DSpace/DSpace 9 https://github.com/rails/rails-html-sanitizer 9 https://github.com/bolt/bolt 9 https://github.com/cri-o/cri-o 9 https://github.com/spring-projects/spring-security 9 https://github.com/evershopcommerce/evershop 9 https://github.com/Graylog2/graylog2-server 9 https://github.com/kevinpapst/kimai2 9 https://github.com/semplon/GeniXCMS 9 https://github.com/LavaLite/cms 9 https://github.com/alextselegidis/easyappointments 9 https://github.com/fatfreecrm/fat_free_crm 9 https://github.com/Pylons/waitress 9