Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories

Loading...
Low
GSA_kwCzR0hTQS00MjMzLTdxNXEtbTdwNs4AA3Yl
google-translate-api-browser Server-Side Request Forgery (SSRF) Vulnerability
Ecosystems: npm
Packages: google-translate-api-browser
Source: GitHub Advisory Database
Published: about 15 hours ago
Moderate
GSA_kwCzR0hTQS04OGcyLXhnaDktNHBoMs4AA3Yk
OroCommerce get-totals-for-checkout API endpoint returns unwanted data
Ecosystems: packagist
Packages: oro/commerce
Source: GitHub Advisory Database
Published: about 15 hours ago
Moderate
GSA_kwCzR0hTQS04Z3dqLTY4dzYtN3Y2Y84AA3Yj
OroCommerce Customer Portal Incorrect Customer and Customer Group Frontend Menus pages visibility
Ecosystems: packagist
Packages: oro/customer-portal
Source: GitHub Advisory Database
Published: about 15 hours ago
Moderate
GSA_kwCzR0hTQS04OTd3LWp2N2otNnI3Z84AA3Yi
OroCRMCallBundle has incorrect call view page visibility
Ecosystems: packagist
Packages: oro/crm-call-bundle
Source: GitHub Advisory Database
Published: about 15 hours ago
Moderate
GSA_kwCzR0hTQS14MnhtLXA2dnEtNDgyZ84AA3Yh
OroCalendarBundle has incorrect system calendar events visibility
Ecosystems: packagist
Packages: oro/calendar-bundle
Source: GitHub Advisory Database
Published: about 15 hours ago
High
GSA_kwCzR0hTQS05djNqLTRqNjQtcDkzN84AA3Yg
OroPlatform vulnerable to path traversal during temporary file manipulations
Ecosystems: packagist
Packages: oro/platform
Source: GitHub Advisory Database
Published: about 15 hours ago
Moderate
GSA_kwCzR0hTQS1xbXZqLTRxcjktdjU0N84AA3Yf
Knative Serving vulnerable to attacker-controlled pod causing denial of service of autoscaler
Ecosystems: go
Packages: knative.dev/serving
Source: GitHub Advisory Database
Published: about 15 hours ago
High
GSA_kwCzR0hTQS05d3dnLXIzYzctNHZmZ84AA3Ye
Pimcore Admin UI has Two Factor Authentication disabled for non admin security firewalls
Ecosystems: packagist
Packages: pimcore/admin-ui-classic-bundle
Source: GitHub Advisory Database
Published: about 15 hours ago
Low
GSA_kwCzR0hTQS1xM3F4LWM2ZzItN3B3Ms4AA3Yd
aiohttp's ClientSession is vulnerable to CRLF injection via version
Ecosystems: pypi
Packages: aiohttp
Source: GitHub Advisory Database
Published: about 15 hours ago
Low
GSA_kwCzR0hTQS1xdnJ3LXY5cnYtNXJqeM4AA3Yc
aiohttp's ClientSession is vulnerable to CRLF injection via method
Ecosystems: pypi
Packages: aiohttp
Source: GitHub Advisory Database
Published: about 15 hours ago
Moderate
GSA_kwCzR0hTQS1wamp3LXFoZzgtcDJwOc4AA3Yb
aiohttp has vulnerable dependency that is vulnerable to request smuggling
Ecosystems: pypi
Packages: aiohttp
Source: GitHub Advisory Database
Published: about 15 hours ago
High
GSA_kwCzR0hTQS1yNjhoLWpoaGotOWp2bc4AA3Xs
Validator.isValidSafeHTML is being deprecated and will be deleted from org.owasp.esapi:esapi in 1 year
Ecosystems: maven
Packages: org.owasp.esapi:esapi
Source: GitHub Advisory Database
Published: about 21 hours ago
Moderate
GSA_kwCzR0hTQS1oZnhoLXJqdjctMjM2Oc4AA3Xr
Uptime Kuma Authenticated remote code execution via TailscalePing
Ecosystems: npm
Packages: uptime-kuma
Source: GitHub Advisory Database
Published: about 21 hours ago
Moderate
GSA_kwCzR0hTQS12NHYyLThoODgtNjVxas4AA3W6
Attribute Injection leading to XSS(Cross-Site-Scripting)
Ecosystems: npm
Packages: uptime-kuma
Source: GitHub Advisory Database
Published: 4 days ago
Moderate
GSA_kwCzR0hTQS1ycXI4LXB4aDctY3EzZ84AA3W5
Ethereum ABI decoder DoS when parsing ZST
Ecosystems: pypi
Packages: eth-abi
Source: GitHub Advisory Database
Published: 4 days ago
Critical
GSA_kwCzR0hTQS1mcHZ3LTZtNXYtaHFmcM4AA3W4
Capsule Proxy Authentication bypass using an empty token
Ecosystems: go
Packages: github.com/clastix/capsule-proxy, github.com/projectcapsule/capsule-proxy
Source: GitHub Advisory Database
Published: 4 days ago
Critical
GSA_kwCzR0hTQS05ampjLWdyZzUtNjdnas4AA3W2
SQL injection vulnerability in Meshery
Ecosystems: go
Packages: github.com/layer5io/meshery
Source: GitHub Advisory Database
Published: 4 days ago
Moderate
GSA_kwCzR0hTQS00dnZjLXI0cDQtcWdycs4AA3Wo
Apache DolphinScheduler sensitive information disclosure
Ecosystems: maven
Packages: org.apache.dolphinscheduler:dolphinscheduler
Source: GitHub Advisory Database
Published: 4 days ago
Moderate
GSA_kwCzR0hTQS03NXcyLXF2NTUteDdmds4AA3We
openssl npm package vulnerable to command execution
Ecosystems: npm
Packages: openssl
Source: GitHub Advisory Database
Published: 5 days ago
High
GSA_kwCzR0hTQS13anhqLTVtN2ctbWc3cc4AA3WZ
Bouncy Castle Denial of Service (DoS)
Ecosystems: maven
Packages: org.bouncycastle:bcprov-jdk18on
Source: GitHub Advisory Database
Published: 5 days ago
Low
GSA_kwCzR0hTQS04NXA0LXEzNTctNzJoOc4AA3WE
Apache Storm Local Information Disclosure Vulnerability in Storm-core on Unix-Like systems due temporary files
Ecosystems: maven
Packages: org.apache.storm:storm-core
Source: GitHub Advisory Database
Published: 5 days ago
Moderate
GSA_kwCzR0hTQS0yZ2htLXI3NWotcGp4Ms4AA3VQ
Cross-site Scripting in DOMSanitizer
Ecosystems: packagist
Packages: rhukster/dom-sanitizer
Source: GitHub Advisory Database
Published: 6 days ago
Moderate
GSA_kwCzR0hTQS12NDI3LWM0OWotOHc2eM4AA3VI
Cleartext Storage of Sensitive Information in HMAC SHA256 Authentication
Ecosystems: packagist
Packages: codeigniter4/shield
Source: GitHub Advisory Database
Published: 6 days ago
Moderate
GSA_kwCzR0hTQS1qNzJmLWg3NTItbXg0d84AA3VH
Insertion of Sensitive Information into Log
Ecosystems: packagist
Packages: codeigniter4/shield
Source: GitHub Advisory Database
Published: 6 days ago
High
GSA_kwCzR0hTQS1jZjlmLXdtaHAtdjRwcs4AA3U3
Cross-site Scripting potential in custom links, job buttons, and computed fields
Ecosystems: pypi
Packages: nautobot
Source: GitHub Advisory Database
Published: 6 days ago
High
GSA_kwCzR0hTQS04ampoLWozYzItY2pjds4AA3U2
Cross-site Scripting via uploaded assets
Ecosystems: packagist
Packages: statamic/cms
Source: GitHub Advisory Database
Published: 6 days ago
Moderate
GSA_kwCzR0hTQS1yZ2c5LTI2NGgtM2hmd84AA3Ul
Directory Traversal in jeecg-boot
Ecosystems: maven
Packages: org.jeecgframework.boot:jeecg-boot-common
Source: GitHub Advisory Database
Published: 6 days ago
Moderate
GSA_kwCzR0hTQS0yNDkyLXh4cWYtNmg3OM4AA3T0
Cross Site Request Forgery in SwiftyEdit
Ecosystems: packagist
Packages: swiftyedit/swiftyedit
Source: GitHub Advisory Database
Published: 6 days ago
Moderate
GSA_kwCzR0hTQS12bTRwLWdoODIteHE5Ns4AA3Ti
Cross-site Scripting in Admidio
Ecosystems: packagist
Packages: admidio/admidio
Source: GitHub Advisory Database
Published: 6 days ago
High
GSA_kwCzR0hTQS12NWdqLWZ4M2ctaGNwd84AA3TT
SQL injection in Apache Submarine
Ecosystems: pypi
Packages: apache-submarine
Source: GitHub Advisory Database
Published: 6 days ago
Moderate
GSA_kwCzR0hTQS0yODVtLXZoZnEteHg0aM4AA3TU
Elasticsearch Improper Handling of Exceptional Conditions
Ecosystems: maven
Packages: org.elasticsearch:elasticsearch
Source: GitHub Advisory Database
Published: 6 days ago
Low
GSA_kwCzR0hTQS1oeDkzLWdjNzMtNXJwcs4AA3TE
Exposure of Sensitive Information in Elastic APM .NET Agent
Ecosystems: nuget
Packages: Elastic.Apm
Source: GitHub Advisory Database
Published: 6 days ago
High
GSA_kwCzR0hTQS01eHFtLWhjNDUtZjJnMs4AA3TF
APM Java Agent Local Privilege Escalation issue
Ecosystems: maven
Packages: co.elastic.apm:apm-agent-parent
Source: GitHub Advisory Database
Published: 6 days ago
High
GSA_kwCzR0hTQS1xZjNjLXJ3OWYtamg3ds4AA3S4
Clear Text Credentials Exposed via Onboarding Task
Ecosystems: pypi
Packages: nautobot-device-onboarding
Source: GitHub Advisory Database
Published: 7 days ago
High
GSA_kwCzR0hTQS1oNzNtLXBjZnctMjVoMs4AA3S3
Download to arbitrary folder can lead to RCE
Ecosystems: pypi
Packages: pyload-ng
Source: GitHub Advisory Database
Published: 7 days ago
High
GSA_kwCzR0hTQS12Y2NnLWY0Z3AtNDV4Oc4AA3S2
Eval Injection in fastbots
Ecosystems: pypi
Packages: fastbots
Source: GitHub Advisory Database
Published: 7 days ago
Moderate
GSA_kwCzR0hTQS0yYzdjLTNtajktOGZxaM4AA3S1
Decryption of malicious PBES2 JWE objects can consume unbounded system resources
Ecosystems: go
Packages: github.com/square/go-jose, github.com/go-jose/go-jose/v3
Source: GitHub Advisory Database
Published: 7 days ago
Moderate
GSA_kwCzR0hTQS1tMm1qLXByNGYtaDlqcM4AA3R9
TorchServe ZipSlip
Ecosystems: pypi
Packages: torchserve
Source: GitHub Advisory Database
Published: 8 days ago
Moderate
GSA_kwCzR0hTQS12NjR3LTQ5eHctcXE4Oc4AA3R1
Possible user mocking that bypasses basic authentication
Ecosystems: npm
Packages: next-auth
Source: GitHub Advisory Database
Published: 8 days ago
Moderate
GSA_kwCzR0hTQS02aDY3LTkzNHItODJnN84AA3RQ
Bypass of field access control in strapi-plugin-protected-populate
Ecosystems: npm
Packages: strapi-plugin-protected-populate
Source: GitHub Advisory Database
Published: 8 days ago
High
GSA_kwCzR0hTQS00ZjRjLXJoanYtNHdnds4AA3RP
Cross-Site Request Forgery with QueryOnXWiki allows arbitrary database queries
Ecosystems: maven
Packages: org.xwiki.contrib:xwiki-application-admintools
Source: GitHub Advisory Database
Published: 8 days ago
Critical
GSA_kwCzR0hTQS04anByLWZmOTItaHBmOc4AA3RO
Run Shell Command allows Cross-Site Request Forgery
Ecosystems: maven
Packages: org.xwiki.contrib:xwiki-application-admintools
Source: GitHub Advisory Database
Published: 8 days ago
High
GSA_kwCzR0hTQS03ZnFyLTk3ajctamdmNM4AA3RN
Whole content of all documents of all wikis exposed to anybody with view right on Solr suggest service
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-search-solr-query
Source: GitHub Advisory Database
Published: 8 days ago
Critical
GSA_kwCzR0hTQS03cmZnLTYyNzMtZjV3cM4AA3RM
Cookies are sent to external images in rendered diff (and server side request forgery)
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-diff-xml
Source: GitHub Advisory Database
Published: 8 days ago
Moderate
GSA_kwCzR0hTQS1jMmZmLTg4eDIteDlwZ84AA3RL
JWT Algorithm Confusion
Ecosystems: npm
Packages: fast-jwt
Source: GitHub Advisory Database
Published: 8 days ago
High
GSA_kwCzR0hTQS1yY2pjLWM0cGoteHhycM4AA3Qr
Apache Derby: LDAP injection vulnerability in authenticator
Ecosystems: maven
Packages: org.apache.derby:derby
Source: GitHub Advisory Database
Published: 8 days ago
High
GSA_kwCzR0hTQS04aGNyLTV4MmctOWY3as4AA3Qs
Deserialization of Untrusted Data in apache-submarine
Ecosystems: pypi
Packages: apache-submarine
Source: GitHub Advisory Database
Published: 8 days ago
Moderate
GSA_kwCzR0hTQS1oaGNmLTc5cG0tcjhyOc4AA3QE
Cross-site Scripting in OpenCRX
Ecosystems: maven
Packages: org.opencrx:opencrx-core-models
Source: GitHub Advisory Database
Published: 10 days ago
Moderate
GSA_kwCzR0hTQS1jaGo1LTh3eGotcnhnOM4AA3QF
Cross-site Scripting in OpenCRX
Ecosystems: maven
Packages: org.opencrx:opencrx-core-models
Source: GitHub Advisory Database
Published: 10 days ago
Moderate
GSA_kwCzR0hTQS05NnE0LTdmd3ItZ214aM4AA3QG
Cross-site Scripting in OpenCRX
Ecosystems: maven
Packages: org.opencrx:opencrx-core-models
Source: GitHub Advisory Database
Published: 10 days ago
Moderate
GSA_kwCzR0hTQS1xam14LXE1bTQteHFmNc4AA3QH
Cross-site Scripting in OpenCRX
Ecosystems: maven
Packages: org.opencrx:opencrx-core-models
Source: GitHub Advisory Database
Published: 10 days ago
Moderate
GSA_kwCzR0hTQS01cGh3LTZnM3ItNTV4eM4AA3QA
Cross-site Scripting in OpenCRX
Ecosystems: maven
Packages: org.opencrx:opencrx-core-models
Source: GitHub Advisory Database
Published: 10 days ago
Moderate
GSA_kwCzR0hTQS0zZzc5LWo4aHEtcjR4ds4AA3QD
Cross-site Scripting in OpenCRX
Ecosystems: maven
Packages: org.opencrx:opencrx-core-models
Source: GitHub Advisory Database
Published: 10 days ago
Moderate
GSA_kwCzR0hTQS1neDgyLWptNXEtZ2Z3Ms4AA3QC
Cross-site Scripting in OpenCRX
Ecosystems: maven
Packages: org.opencrx:opencrx-core-models
Source: GitHub Advisory Database
Published: 10 days ago
Moderate
GSA_kwCzR0hTQS1tZnA1LXZoNTgtM2ozcs4AA3QB
Cross-site Scripting in OpenCRX
Ecosystems: maven
Packages: org.opencrx:opencrx-core-models
Source: GitHub Advisory Database
Published: 10 days ago
High
GSA_kwCzR0hTQS0zZjJxLTYyOTQtZm1xNc4AA3P8
Inefficient Regular Expression Complexity in git-urls
Ecosystems: go
Packages: github.com/whilp/git-urls
Source: GitHub Advisory Database
Published: 11 days ago
High
GSA_kwCzR0hTQS00eHc5LWN4MzktcjM1Nc4AA3P4
json-web-token library is vulnerable to a JWT algorithm confusion attack
Ecosystems: npm
Packages: json-web-token
Source: GitHub Advisory Database
Published: 11 days ago
Moderate
GSA_kwCzR0hTQS1mcHE1LTR2d20tNzh4NM4AA3P3
LibreNMS has Broken Access control on Graphs Feature
Ecosystems: packagist
Packages: librenms/librenms
Source: GitHub Advisory Database
Published: 11 days ago
Moderate
GSA_kwCzR0hTQS04cGhyLTYzN2ctcHhyZ84AA3P2
LibreNMS Cross-site Scripting at Device groups Deletion feature
Ecosystems: packagist
Packages: librenms/librenms
Source: GitHub Advisory Database
Published: 11 days ago
Moderate
GSA_kwCzR0hTQS13bTYzLTc2MjctY2gzM84AA3P1
@vendure/core's insecure currencyCode handling allows wrong payment amounts
Ecosystems: npm
Packages: @vendure/core
Source: GitHub Advisory Database
Published: 11 days ago
Critical
GSA_kwCzR0hTQS14NTYzLTZocXYtMjZtcs4AA3P0
Ibis PyArrow dependency allows arbitrary code execution when loading a malicious data file
Ecosystems: pypi
Packages: ibis-framework
Source: GitHub Advisory Database
Published: 11 days ago
Moderate
GSA_kwCzR0hTQS1ycTQyLTU4cWYtdjNxeM4AA3Pz
LibreNMS vulnerable to rate limiting bypass on login page
Ecosystems: packagist
Packages: librenms/librenms
Source: GitHub Advisory Database
Published: 11 days ago
Critical
GSA_kwCzR0hTQS12MzJtLXBmOXEtcDN4Z84AA3PR
Liferay Portal XSS with `p_l_back_url_title` on edit content page
Ecosystems: maven
Packages: com.liferay.portal:release.portal.bom
Source: GitHub Advisory Database
Published: 11 days ago
Low
GSA_kwCzR0hTQS0zNmZyLTN3ZzgtcTV2OM4AA3O6
Concrete CMS Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: concrete5/concrete5
Source: GitHub Advisory Database
Published: 11 days ago
Moderate
GSA_kwCzR0hTQS1tODdoLWp4cjYtZjgyd84AA3O-
Concrete CMS allows unauthorized access because directories can be created with insecure permissions
Ecosystems: packagist
Packages: concrete5/concrete5
Source: GitHub Advisory Database
Published: 11 days ago
High
GSA_kwCzR0hTQS1xMjdoLWh3MnYteDVqbc4AA3Ov
Free5gc allows a local attacker to cause a denial of service via the free5gc-compose component
Ecosystems: go
Packages: github.com/free5gc/free5gc
Source: GitHub Advisory Database
Published: 12 days ago
Moderate
GSA_kwCzR0hTQS1jNnh3LWhnOXEtM2M5Zs4AA3Ow
OpenNMS Cross-site Scripting vulnerability
Ecosystems: maven
Packages: org.opennms:opennms-webapp
Source: GitHub Advisory Database
Published: 12 days ago
Critical
GSA_kwCzR0hTQS02Y3hyLThxM20tandycs4AA3Oe
Ray Missing Authorization vulnerability
Ecosystems: pypi
Packages: ray
Source: GitHub Advisory Database
Published: 12 days ago
Critical
GSA_kwCzR0hTQS00cXE1LW14eHgtbTZnZ84AA3Oh
MLflow authentication requirement bypass can allow a user to arbitrarily create an account
Ecosystems: pypi
Packages: mlflow
Source: GitHub Advisory Database
Published: 12 days ago
High
GSA_kwCzR0hTQS1waG13LWp4ODYteDY2Ns4AA3Oa
Authenticated Rundeck users can view or delete jobs they do not have authorization for.
Ecosystems: maven
Packages: org.rundeck:rundeck
Source: GitHub Advisory Database
Published: 12 days ago
Moderate
GSA_kwCzR0hTQS14dm12LTRyeDYteDZqeM4AA3OZ
Authenticated users can view job names and groups they do not have authorization to view
Ecosystems: maven
Packages: org.rundeck:rundeckapp
Source: GitHub Advisory Database
Published: 12 days ago
Critical
GSA_kwCzR0hTQS1mNzk4LXFtNHItMjNyNc4AA3ON
MLflow allowed arbitrary files to be PUT onto the server
Ecosystems: pypi
Packages: mlflow
Source: GitHub Advisory Database
Published: 12 days ago
High
GSA_kwCzR0hTQS04cjk2LTg4ODktcWcyeM4AA3OE
HTTPie allows attackers to eavesdrop on communications between the host and server via a man-in-the-middle attack
Ecosystems: pypi
Packages: httpie
Source: GitHub Advisory Database
Published: 12 days ago
Critical
GSA_kwCzR0hTQS1oM3hnLXd2NTgtNXA0M84AA3OI
Ray OS Command Injection vulnerability
Ecosystems: pypi
Packages: ray
Source: GitHub Advisory Database
Published: 12 days ago
High
GSA_kwCzR0hTQS1meGZmLXd4eHYtYzJqY84AA3OX
PyPinkSign uses a non-random or static IV for Cipher Block Chaining (CBC) mode in AES encryption
Ecosystems: pypi
Packages: pypinksign
Source: GitHub Advisory Database
Published: 12 days ago
High
GSA_kwCzR0hTQS00aGg1LTI2NzgtODNmeM4AA3N-
Cross-Site Request Forgery vulnerability in Prefect
Ecosystems: pypi
Packages: prefect
Source: GitHub Advisory Database
Published: 12 days ago
Critical
GSA_kwCzR0hTQS0zcHd3LXF2cjgtNm1ocM4AA3N9
Ray Path Traversal vulnerability
Ecosystems: pypi
Packages: ray
Source: GitHub Advisory Database
Published: 12 days ago
High
GSA_kwCzR0hTQS01NHhxLWNncXItcnBtM84AA3N1
sharp vulnerability in libwebp dependency CVE-2023-4863
Ecosystems: npm
Packages: sharp
Source: GitHub Advisory Database
Published: 12 days ago
Moderate
GSA_kwCzR0hTQS1oeGpjLTlqOHYtdjlwcs4AA3Nu
CKEditor Cross-site Scripting vulnerability
Ecosystems: npm
Packages: ckeditor4
Source: GitHub Advisory Database
Published: 12 days ago
High
GSA_kwCzR0hTQS04MnZyLTU3NjktNjM1OM4AA3Nk
Ethyca Fides Cryptographically Weak Generation of One-Time Codes for Identity Verification
Ecosystems: pypi
Packages: ethyca-fides
Source: GitHub Advisory Database
Published: 12 days ago
Moderate
GSA_kwCzR0hTQS05NGpoLWozNzQtOXIzas4AA3NK
Apache Hadoop allows local user to gain root privileges
Ecosystems: maven
Packages: org.apache.hadoop:hadoop-yarn-project
Source: GitHub Advisory Database
Published: 12 days ago
High
GSA_kwCzR0hTQS02OTQ0LTZwbXYtNm1wMs4AA3M9
free5gc Buffer Overflow vulnerability
Ecosystems: go
Packages: github.com/free5gc/free5gc
Source: GitHub Advisory Database
Published: 13 days ago
Moderate
GSA_kwCzR0hTQS13OThnLTVmbXgtd200eM4AA3Mk
pocketmine/raklib reliable-ordered queue size is unlimited, allowing a session to hog server memory
Ecosystems: packagist
Packages: pocketmine/raklib
Source: GitHub Advisory Database
Published: 13 days ago
Moderate
GSA_kwCzR0hTQS12NjI2LXI3NzQtajdmOM4AA3Mj
TinyMCE vulnerable to mutation Cross-site Scripting via special characters in unescaped text nodes
Ecosystems: nuget, packagist, npm
Packages: TinyMCE, tinymce/tinymce, tinymce
Source: GitHub Advisory Database
Published: 13 days ago
High
GSA_kwCzR0hTQS04OTd4LXh2ajgtNDJycc4AA3Mc
Zip slip in mleap
Ecosystems: maven
Packages: ml.combust.mleap:mleap-runtime_2.12
Source: GitHub Advisory Database
Published: 13 days ago
High
GSA_kwCzR0hTQS14OThmLTJyZ2YtcXdxaM4AA3Md
xxl-job-admin vulnerable to Remote Code Execution
Ecosystems: maven
Packages: com.xuxueli:xxl-job-admin
Source: GitHub Advisory Database
Published: 13 days ago
Moderate
GSA_kwCzR0hTQS02NzMzLTdycDctdmYzbc4AA3Mb
xxl-job-admin vulnerable to Cross Site Scripting
Ecosystems: maven
Packages: com.xuxueli:xxl-job-admin
Source: GitHub Advisory Database
Published: 13 days ago
High
GSA_kwCzR0hTQS1wNjJxLTU0ODMtaDU3ds4AA3MZ
Quarkus does not properly sanitize artifacts created from its use of the Gradle plugin, allowing certain build system information to remain
Ecosystems: maven
Packages: io.quarkus:quarkus-project
Source: GitHub Advisory Database
Published: 13 days ago
Moderate
GSA_kwCzR0hTQS0zdzhyLTNqaDktODl2Oc4AA3MV
xxl-job-admin vulnerable to Insecure Permissions
Ecosystems: maven
Packages: com.xuxueli:xxl-job-admin
Source: GitHub Advisory Database
Published: 13 days ago
High
GSA_kwCzR0hTQS03MmhoLXhmNzktNDI5cM4AA3ML
Pimcore SQL Injection in Admin Grid Filter API through Multiselect::getFilterConditionExt()
Ecosystems: packagist
Packages: pimcore/pimcore
Source: GitHub Advisory Database
Published: 13 days ago
Moderate
GSA_kwCzR0hTQS1jOGhqLXcyMzktNWd2Zs4AA3MK
pimcore/admin-ui-classic-bundle Full Path Disclosure via re-export document
Ecosystems: packagist
Packages: pimcore/admin-ui-classic-bundle
Source: GitHub Advisory Database
Published: 13 days ago
Moderate
GSA_kwCzR0hTQS0zY2gzLWpoYzYtNXI4eM4AA3MJ
yt-dlp Generic Extractor MITM Vulnerability via Arbitrary Proxy Injection
Ecosystems: pypi
Packages: yt-dlp
Source: GitHub Advisory Database
Published: 13 days ago
High
GSA_kwCzR0hTQS14amh2LXAzZnYteDI0cs4AA3MH
In Reactor Netty HTTP Server a malicious user can send a request using a specially crafted URL that can lead to a directory traversal attack
Ecosystems: maven
Packages: io.projectreactor.netty:reactor-netty-http
Source: GitHub Advisory Database
Published: 13 days ago
Moderate
GSA_kwCzR0hTQS01NWcyLXZtM3EtN3c1Ms4AA3Lb
Ansible galaxy-importer Path Traversal vulnerability
Ecosystems: pypi
Packages: galaxy-importer
Source: GitHub Advisory Database
Published: 14 days ago
High
GSA_kwCzR0hTQS0ycjUzLTkyOTUtM204Ns4AA3K4
Statamic CMS vulnerable to remote code execution via form uploads
Ecosystems: packagist
Packages: statamic/cms
Source: GitHub Advisory Database
Published: 14 days ago
High
GSA_kwCzR0hTQS00anE5LTJ4aHctanB4N84AA3K3
Java: DoS Vulnerability in JSON-JAVA
Ecosystems: maven
Packages: org.json:json
Source: GitHub Advisory Database
Published: 14 days ago
High
GSA_kwCzR0hTQS12YzN2LXBwYzctdjQ4Ns4AA3K2
vantage6-server node accepts non-whitelisted algorithms from malicious server
Ecosystems: pypi
Packages: vantage6-server
Source: GitHub Advisory Database
Published: 14 days ago
Moderate
GSA_kwCzR0hTQS1nZncyLTRqdmgtd2dmZ84AA3K1
AIOHTTP has problems in HTTP parser (the python one, not llhttp)
Ecosystems: pypi
Packages: aiohttp
Source: GitHub Advisory Database
Published: 14 days ago
High
GSA_kwCzR0hTQS0zaGZxLWN4OWotOTIzd84AA3K0
Attacker can cause Kyverno user to unintentionally consume insecure image
Ecosystems: go
Packages: github.com/kyverno/kyverno
Source: GitHub Advisory Database
Published: 14 days ago
High
GSA_kwCzR0hTQS1tdzJ3LTJoajItZmc4cc4AA3Kz
yiisoft/yii deserializing untrusted user input can lead to remote code execution
Ecosystems: packagist
Packages: yiisoft/yii
Source: GitHub Advisory Database
Published: 14 days ago
Filter by Package
tensorflow 433 tensorflow-cpu 387 tensorflow-gpu 384 Microsoft.ChakraCore 247 org.jenkins-ci.main:jenkins-core 170 pimcore/pimcore 118 moodle/moodle 116 magento/community-edition 113 org.apache.tomcat:tomcat 106 microweber/microweber 86 django 78 com.fasterxml.jackson.core:jackson-databind 70 thorsten/phpmyfaq 68 apache-airflow 65 actionpack 63 github.com/usememos/memos 59 dolibarr/dolibarr 53 ansible 53 typo3/cms-core 50 librenms/librenms 48 org.apache.struts:struts2-core 48 org.keycloak:keycloak-core 45 shopware/platform 43 phpmyadmin/phpmyadmin 43 rdiffweb 42 showdoc/showdoc 40 Pillow 40 nokogiri 40 baserproject/basercms 39 concrete5/concrete5 39 com.thoughtworks.xstream:xstream 37 symfony/symfony 37 plone 36 github.com/answerdev/answer 34 matrix-synapse 34 craftcms/cms 34 typo3/cms 33 snipe/snipe-it 32 shopware/core 32 Plone 32 net.mingsoft:ms-mcms 32 apache-superset 32 opencv-contrib-python 30 opencv-python 30 k8s.io/kubernetes 30 org.elasticsearch:elasticsearch 29 org.xwiki.platform:xwiki-platform-oldcore 29 intelliants/subrion 29 com.liferay.portal:release.portal.bom 27 froxlor/froxlor 27 parse-server 27 io.undertow:undertow-core 26 shopware/shopware 26 openssl-src 26 electron 25 rubygems-update 25 org.keycloak:keycloak-parent 25 github.com/argoproj/argo-cd 25 gogs.io/gogs 25 github.com/mattermost/mattermost-server/v6 24 activerecord 24 vyper 23 org.springframework:spring-core 23 github.com/hashicorp/nomad 22 prestashop/prestashop 22 org.jenkins-ci.plugins:script-security 22 github.com/hashicorp/consul 22 org.apache.nifi:nifi 22 org.eclipse.jetty:jetty-server 22 org.apache.tomcat.embed:tomcat-embed-core 22 silverstripe/framework 22 remdex/livehelperchat 22 nilsteampassnet/teampass 22 github.com/hashicorp/vault 21 org.apache.openmeetings:openmeetings-parent 21 org.apache.solr:solr-core 21 centreon/centreon 21 pocketmine/pocketmine-mp 21 org.springframework.security:spring-security-core 21 grumpydictator/firefly-iii 20 drupal/core 20 rack 20 @openzeppelin/contracts-upgradeable 19 DotNetNuke.Core 19 github.com/ethereum/go-ethereum 19 tribalsystems/zenario 18 mautic/core 18 getkirby/cms 18 @openzeppelin/contracts 18 github.com/rancher/rancher 18 org.apache.activemq:activemq-client 18 com.vaadin:vaadin-bom 18 org.xwiki.platform:xwiki-platform-web-templates 17 org.bouncycastle:bcprov-jdk14 17 org.apache.geode:geode-core 17 sequelize 17 cakephp/cakephp 17 getgrav/grav 17 marked 16 Django 16 golang.org/x/net 16 Microsoft.AspNetCore.App.Runtime.win-x64 16 Microsoft.AspNetCore.App.Runtime.win-x86 16 yetiforce/yetiforce-crm 16 cockpit-hq/cockpit 16 francoisjacquet/rosariosis 16 puppet 16 github.com/grafana/grafana 16 rusqlite 16 github.com/argoproj/argo-cd/v2 15 langchain 15 org.bouncycastle:bcprov-jdk15 15 Microsoft.AspNetCore.App.Runtime.win-arm 15 org.apache.jspwiki:jspwiki-main 15 forkcms/forkcms 15 activesupport 15 github.com/goharbor/harbor 15 helm.sh/helm/v3 15 publify_core 14 wasmtime 14 github.com/docker/docker 14 github.com/cilium/cilium 14 Microsoft.AspNetCore.App.Runtime.linux-musl-x64 14 Microsoft.AspNetCore.App.Runtime.linux-x64 14 Microsoft.AspNetCore.App.Runtime.osx-x64 14 Microsoft.AspNetCore.App.Runtime.linux-arm 14 Microsoft.AspNetCore.App.Runtime.linux-arm64 14 modoboa 14 swagger-ui 14 org.xwiki.platform:xwiki-platform-web 14 actionview 14 org.keycloak:keycloak-services 14 org.apache.dubbo:dubbo 14 github.com/nats-io/nats-server/v2 14 ezsystems/ezpublish-kernel 13 org.apache.hadoop:hadoop-main 13 notebook 13 Microsoft.AspNetCore.App.Runtime.win-arm64 13 Microsoft.AspNetCore.App.Runtime.linux-musl-arm64 13 tinymce 13 passenger 13 handlebars 13 code.gitea.io/gitea 13 openmage/magento-lts 13 next 13 org.apache.cxf:cxf 13 pyftpdlib 13 strapi 13 wallabag/wallabag 13 cobbler 13 nova 13 pillow 13 lavalite/cms 12 onionshare-cli 12 rails-html-sanitizer 12 phpmailer/phpmailer 12 com.vaadin:flow-server 12 ckb 12 impresscms/impresscms 12 vm2 12 directus 12 github.com/containerd/containerd 11 feehi/feehicms 11 contao/core-bundle 11 org.jenkins-ci.plugins:git 11 jquery-rails 11 mlflow 11 feehi/cms 11 org.apache.hadoop:hadoop-common 11 ghost 11 github.com/opencontainers/runc 11 cryptography 11 Microsoft.NETCore.App.Runtime.win-x86 11 Microsoft.NETCore.App.Runtime.win-x64 11 Microsoft.NETCore.App.Runtime.win-arm64 11 fat_free_crm 11 twisted 11 nodebb 11 topthink/framework 11 org.apache.inlong:manager-pojo 11 calibreweb 11 org.jeecgframework.boot:jeecg-boot-parent 11 elefant/cms 11 ckeditor4 11 org.apache.jspwiki:jspwiki-war 11 org.apache.tika:tika-core 11 org.apache.ranger:ranger 11 keystone 11 urllib3 11 github.com/cloudflare/cfrpki 11 org.jenkins-ci.plugins.workflow:workflow-cps 10 github.com/go-gitea/gitea 10 jquery 10 org.apache.camel:camel-core 10 Microsoft.NETCore.App 10 admidio/admidio 10 Microsoft.AspNetCore.All 10 OctoPrint 10 org.apache.inlong:manager-service 10 laravel/framework 10 angular 10 salt 10 org.apache.cxf:cxf-core 10 rails 10 org.jenkins-ci.plugins.workflow:workflow-cps-global-lib 10 october/system 10 smarty/smarty 10 io.netty:netty 10 org.jboss.netty:netty 10 puma 10 silverstripe/cms 10 org.jenkins-ci.plugins:electricflow 9 com.xuxueli:xxl-job 9 github.com/sylabs/singularity 9 org.opennms:opennms 9 ssddanbrown/bookstack 9 ezsystems/ezplatform-kernel 9 funadmin/funadmin 9 org.apache.commons:commons-compress 9 studio-42/elfinder 9 com.sonyericsson.jenkins.plugins.bfa:build-failure-analyzer 9 org.igniterealtime.openfire:parent 9 kiwitcms 9 october/cms 9 org.apache.tapestry:tapestry-core 9 opencv-python-headless 9 org.craftercms:crafter-studio 9 opencv-contrib-python-headless 9 sylius/sylius 9 Microsoft.AspNetCore.App.Runtime.linux-musl-arm 9 alextselegidis/easyappointments 9 org.apache.xmlgraphics:batik 9 org.mortbay.jetty:jetty 9 io.jenkins:configuration-as-code 9 pyload-ng 9 next-auth 9 org.opencrx:opencrx-core-models 9 org.apache.hive:hive 9 Microsoft.NetCore.App.Runtime.win-arm64 9 Microsoft.NetCore.App.Runtime.win-x64 9 Microsoft.NetCore.App.Runtime.win-x86 9 Microsoft.NetCore.App.Runtime.win-arm 9 org.webjars.npm:jquery 9 concrete5/core 9 istio.io/istio 9 kevinpapst/kimai2 9 org.apache.james:james-server 9 waitress 9 glance 9 codeigniter4/framework 9 validator 9 ethyca-fides 9 wagtail 9 serve 9 github.com/openfga/openfga 9 org.jenkins-ci.plugins:email-ext 8 Zope 8 org.apache.zeppelin:zeppelin 8 Flask-AppBuilder 8 github.com/mattermost/mattermost/server/v8 8 org.springframework:spring-webmvc 8 github.com/traefik/traefik/v2 8 jQuery 8 org.jeecgframework.boot:jeecg-boot-common 8 systeminformation 8 org.apache.santuario:xmlsec 8 io.jenkins.blueocean:blueocean 8 Microsoft.NETCore.App.Runtime.linux-musl-arm64 8 Microsoft.NETCore.App.Runtime.linux-musl-x64 8 Microsoft.NETCore.App.Runtime.linux-x64 8 Microsoft.NETCore.App.Runtime.linux-arm64 8 Microsoft.NETCore.App.Runtime.linux-arm 8 Microsoft.AspNetCore.App 8 dompdf/dompdf 8 aiohttp 8 url-parse 8 matrix-js-sdk 8 steal 8 deno 8 urijs 8 joplin 8 numpy 8 org.apache.shiro:shiro-core 8 @strapi/strapi 8 github.com/kubeedge/kubeedge 8 npm 8 mysql:mysql-connector-java 8 simplesamlphp/simplesamlphp 8 wwbn/avideo 8 org.apache.tomcat:tomcat-catalina 8 org.apache.pdfbox:pdfbox 8 jquery-ui-rails 8 jQuery.UI.Combined 8 org.webjars.npm:jquery-ui 8 jquery-ui 8 facturascripts/facturascripts 8 october/october 8 org.apache.hive:hive-exec 8 org.yaml:snakeyaml 8 golang.org/x/crypto 8