Browse Security Advisories
Security Advisories
High
2 days ago
File Browser has a Command Execution Allowlist Bypass via Shell Metacharacter Injection
go
github.com/filebrowser/filebrowser/v2
High
2 days ago
File Browser has incorrect access control for public directory shares via rule path rebasing
go
github.com/filebrowser/filebrowser, github.com/filebrowser/filebrowser/v2
Moderate
2 days ago
File Browser: FilePath traversal in download-as-zip/tar via Windows-style backslash separators in stored filenames
go
github.com/filebrowser/filebrowser, github.com/filebrowser/filebrowser/v2
Moderate
2 days ago
File Browser: Symlink following lets scoped users read, overwrite, and share files outside their filebrowser scope
go
github.com/filebrowser/filebrowser, github.com/filebrowser/filebrowser/v2
High
2 days ago
File Browser has a DoS Vulnerability via Public Login API
go
github.com/filebrowser/filebrowser, github.com/filebrowser/filebrowser/v2
High
2 days ago
File Browser: Improper Access Control Occurs via Pre-Created Public Share for a Non-existent Path
go
github.com/filebrowser/filebrowser, github.com/filebrowser/filebrowser/v2
Moderate
2 days ago
ConnectBot SSH Client Library: Excessive allocation and integer overflow in DER private-key parsing
maven
org.connectbot.sshlib:sshlib
Moderate
2 days ago
ConnectBot SSH Client Library: Unbounded SSH field lengths can cause excessive memory allocation
maven
org.connectbot.sshlib:sshlib
High
2 days ago
File Browser: Cross-user unauthorized share-link deletion via unbounded prefix match in DeleteWithPathPrefix
go
github.com/filebrowser/filebrowser/v2, github.com/filebrowser/filebrowser
Moderate
2 days ago
Fleet: Observer-level enrollment secret extraction via ORDER BY oracle on Apple MDM commands endpoint
go
github.com/fleetdm/fleet/v4
Moderate
2 days ago
Fleet has observer-level enrollment secret extraction via ORDER BY oracle on labels host-listing endpoint
go
github.com/fleetdm/fleet/v4
Moderate
2 days ago
Fabric.js improper escaping in fabric.Gradient colorStops leads to XSS in SVG serialization
npm
fabric
Moderate
2 days ago
PyO3 has a missing `Sync` bound on `PyCFunction::new_closure` closures
cargo
pyo3
Low
2 days ago
esbuild allows arbitrary file read when running the development server on Windows
npm
esbuild
High
2 days ago
Radius Controller May Delete a Container Resource via an Injected Deployment Annotation (Multi-Tenant Installs)
go
github.com/radius-project/radius
High
2 days ago
TYPO3 CMS has Broken Access Control in its Form Framework
packagist
typo3/cms-form, typo3/cms-core
Moderate
2 days ago
TYPO3 CMS has Broken Access Control in the Recycler Module
packagist
typo3/cms-recycler, typo3/cms-core
Moderate
2 days ago
TYPO3 CMS has an Open Redirect Vulnerability via Core Utilities
packagist
typo3/cms-core
High
2 days ago
PyO3 has an Out-of-bounds Read in `nth` / `nth_back` for `PyList` and `PyTuple` iterators
cargo
pyo3
High
2 days ago
TYPO3 CMS has Privilege Escalation & SQL Injection in its Form Framework
packagist
typo3/cms-form, typo3/cms-core
High
2 days ago
TYPO3 CMS has Broken Access Control in its Form Framework
packagist
typo3/cms-form, typo3/cms-core
High
2 days ago
TYPO3 CMS has Broken Access Control in its Media Module
packagist
typo3/cms-filelist, typo3/cms-core
Low
2 days ago
TYPO3 CMS has Broken Access Control in its File Abstraction Layer
packagist
typo3/cms-core
Moderate
2 days ago
TYPO3 CMS has Broken Access Control in Backend API
packagist
typo3/cms-backend, typo3/cms-core
Moderate
2 days ago
TYPO3 CMS: Broken Access Control in Media Module
packagist
typo3/cms-backend, typo3/cms-core
Moderate
2 days ago
TYPO3 CMS has Cross-Site Scripting in Indexed Search
packagist
typo3/cms-indexed-search, typo3/cms-core
Low
2 days ago
nebula-mesh: POST /api/v1/hosts/{id}/mobile-bundle response lacks Cache-Control: no-store
go
github.com/juev/nebula-mesh
Moderate
2 days ago
pypdf: Possible large memory usage for large offsets for layout mode text
pypi
pypdf
Moderate
2 days ago
gorest InMemorySecret2FA race condition allows process crash via concurrent map access (CWE-362)
go
github.com/pilinux/gorest
High
2 days ago
Appsmith: Configuration-dependent origin validation bypass in password reset and email verification link generation
maven
com.appsmith:server
High
2 days ago
Budibase: Basic app users can exfiltrate stored REST datasource auth by rewriting datasource base URL
npm
@budibase/server
High
2 days ago
Budibase: Webhook schema endpoint authorization bypass allows unauthenticated mutation of webhook and automation schema
npm
@budibase/server
Critical
2 days ago
Budibase: Workspace-scoped builder escalates to global admin via /api/public/v1/roles/assign
npm
@budibase/server
High
2 days ago
Appsmith Super User Creation Race Condition Allows Multiple Instance Administrators
maven
com.appsmith:server
Moderate
2 days ago
Budibase: Unanchored Regex in `matchers.ts` Allows CSRF Bypass via Query String Injection in Budibase Worker
npm
@budibase/backend-core
Moderate
2 days ago
GeoServer has a Server-Side Request Forgery (SSRF) Vulnerability in its XML Entity Resolution
maven
org.geoserver.web:gs-web-app, org.geoserver:gs-main
High
2 days ago
GeoServer has an arbitrary file write vulnerability in its Master Password Dump Page
maven
org.geoserver.web:gs-web-app, org.geoserver.web:gs-web-sec-core
High
2 days ago
Budibase: SSRF via OAuth2 Config Validation — Missing fetchWithBlacklist Protection
npm
@budibase/server
Moderate
2 days ago
Budibase: SSRF via User-Controlled queryId in Automation Execute Query Step
npm
budibase
Low
2 days ago
SwiftNIO HTTP/2: HTTP/2-to-HTTP/1 Request Smuggling via unvalidated :path pseudo-header in HTTP2ToHTTP1Codec
swift
github.com/apple/swift-nio-http2
Moderate
2 days ago
NIOExtras: NIOHTTPRequestDecompressor ratio limit bypass via inflated Content-Length
swift
github.com/apple/swift-nio-extras
High
2 days ago
SwiftNIO NIOHTTP1: HTTPDecoder accepts unbounded HTTP/1 header blocks, enabling remote DoS
swift
github.com/apple/swift-nio
High
2 days ago
SwiftNIO: Out-of-bounds write via ByteBuffer index and length UInt32 overflow
swift
github.com/apple/swift-nio
Moderate
2 days ago
SwiftNIO: CRLF Injection in outbound HTTP request URI via NIOHTTPRequestHeadersValidator
swift
github.com/apple/swift-nio
Moderate
2 days ago
LangGraph has NoSQL parameter injection in MongoDBSaver, allowing cross-tenant state access
npm
@langchain/langgraph-checkpoint-mongodb
Moderate
2 days ago
Firefly II has Stored XSS in Audit Log Entry view via piggy bank name (ale.twig)
packagist
grumpydictator/firefly-iii
Moderate
2 days ago
Go-Attestation: Hash injection into trusted measurement list via unskipped SignatureHeaderSize vendor bytes in parseEfiSignatureList()
go
github.com/google/go-attestation
High
2 days ago
Chisel has an ACL Bypass via Post-Handshake SSH Channel ExtraData Injection
go
github.com/jpillora/chisel
High
3 days ago
MessagePack's LZ4 decompression may fail with AccessViolationException after dereferencing memory from bad input
nuget
MessagePack
High
3 days ago
GeoServer DB2 DataStore Extension has a JNDI Vulnerability via Store Connection
maven
org.geoserver.extension:gs-db2
High
3 days ago
Russh SSH message fields were decoded through allocation-first parsers before field-specific bounds
cargo
russh
High
3 days ago
AWS Advanced Go Wrapper has Privilege Escalation in Aurora PostgreSQL instance
go
github.com/aws/aws-advanced-go-wrapper/auth-helpers, github.com/aws/aws-advanced-go-wrapper/otlp, github.com/aws/aws-advanced-go-wrapper/pgx-driver, github.com/aws/aws-advanced-go-wrapper/okta, github.com/aws/aws-advanced-go-wrapper/mysql-driver, github.com/aws/aws-advanced-go-wrapper/iam, github.com/aws/aws-advanced-go-wrapper/federated-auth, github.com/aws/aws-advanced-go-wrapper/custom-endpoint, github.com/aws/aws-advanced-go-wrapper/aws-secrets-manager, github.com/aws/aws-advanced-go-wrapper/xray, github.com/aws/aws-advanced-go-wrapper/awssql/v2
Moderate
3 days ago
Russh: SSH identification parsing accepted non-canonical client banners and did not bound pre-banner input
cargo
russh
Moderate
3 days ago
Russh: Unchecked keyboard-interactive prompt count in client auth path
cargo
russh
Moderate
3 days ago
OpenFGA has cache-key delimiter injection in shared-iterator and v2 iterator that caches enables intra-store authorization-decision poisoning
go
github.com/openfga/openfga
High
3 days ago
DevGuard has improper authorization on public assets
go
github.com/l3montree-dev/devguard
Moderate
3 days ago
Filament has inconsistent scope enforcement for its AttachAction and AssociateAction Select fields
packagist
filament/tables
High
3 days ago
Netty HAProxy: Unbalanced Reference Count in Nested PP2_TYPE_SSL TLV Parsing Leads to Memory Exhaustion
maven
io.netty:netty-codec-haproxy
Critical
3 days ago
CodeIgniter4 has a validation bypass when uploading file extensions via `ext_in` rule
packagist
codeigniter4/framework
Moderate
3 days ago
Kolibri has Unauthenticated Server-Side Request Forgery (SSRF) in RemoteFacilityUserViewset
pypi
kolibri
High
3 days ago
Arc: Unauthenticated access to Go debug pprof endpoints leaks runtime state and enables CPU-burn DoS
go
github.com/basekick-labs/arc
Moderate
3 days ago
@hapi/inert has a static-file confinement bypass via sibling-prefix path
npm
@hapi/inert
Moderate
3 days ago
python-zeroconf: Unbounded TC-deferred queue allows LAN-local memory exhaustion via spoofed-source flood
pypi
zeroconf
Moderate
3 days ago
netty-codec-http2: ByteBuf Reference-Count Leak in DelegatingDecompressorFrameListener Leads to Memory Exhaustion
maven
io.netty:netty-codec-http2
Moderate
3 days ago
netty-incubator-codec-ohttp's Incorrect Native Pointer Derivation in Pooled Direct ByteBuf Fallback Leads to Out-of-Bounds Native Memory Access
maven
io.netty.incubator:netty-incubator-codec-ohttp-hpke-native-boringssl
Critical
3 days ago
Meta Ads MCP: Unauthenticated HTTP MCP Tool Execution Leaks Operator Meta Access Token
pypi
meta-ads-mcp
High
3 days ago
@grpc/grpc-js: An incoming malformed compressed message can cause a client or server crash
npm
@grpc/grpc-js
Moderate
3 days ago
joi has an uncaught RangeError on deeply nested input through recursive `link()` schemas
npm
joi
High
3 days ago
OpenZeppelin Contracts Wizard has Code Injection in Generated Hardhat and Foundry Tests via Unsanitized opts.name / opts.uri
npm
@openzeppelin/wizard
Moderate
3 days ago
@hapi/wreck: Sensitive credential headers leak across cross-port and cross-scheme redirects
npm
@hapi/wreck
High
3 days ago
Traefik has a StripPrefix Route-Level Auth Bypass via Path Normalization
go
github.com/traefik/traefik/v3, github.com/traefik/traefik/v2
High
3 days ago
Element Call reports full URLs of visited pages to analytics server
npm
@element-hq/element-call-embedded
High
3 days ago
Netty's Lack of Lifecycle Cleanup Leads to Pooled ByteBuf Leak in RedisArrayAggregator
maven
io.netty:netty-codec-redis
Moderate
3 days ago
free5GC UDR has improper `ueId` validation in EE subscription handlers that allows arbitrary identifier persistence
go
github.com/free5gc/udr
Moderate
3 days ago
guzzlehttp/guzzle-services' XML Request Serialization Vulnerable to XML Injection via CDATA Terminator
packagist
guzzlehttp/guzzle-services
Moderate
3 days ago
guzzlehttp/psr7 has Host Confusion via Authority Reinterpretation
packagist
guzzlehttp/psr7
Moderate
3 days ago
guzzlehttp/psr7 has CRLF Injection via URI Host Component
packagist
guzzlehttp/psr7
Medium
3 days ago
Unauthenticated denial-of-service via BEAM atom table exhaustion in membrane_mp4_plugin
hex
membrane_mp4_plugin
Moderate
4 days ago
nebula-mesh: Newly-minted operator API key exposed in redirect URL (Referer, history, proxy logs)
go
github.com/juev/nebula-mesh
Moderate
4 days ago
Incus has a Nil-Pointer Dereference Panic via Instance Backup Import (volume omitted)
go
github.com/lxc/incus/v7
Moderate
4 days ago
Claude Code Action: Malicious MCP Server Configuration in PRs Enables Remote Code Execution and Secret Exfiltration
actions
anthropics/claude-code-action
Critical
4 days ago
Baileys has message upsert / hist sync spoofing and app state corruption when using maliciously crafted protocolMessage payload
npm
@whiskeysockets/baileys, baileys
Moderate
4 days ago
Litestar: AllowedHostsMiddleware bypasses host validation via client-controlled X-Forwarded-Host header
pypi
litestar
Moderate
4 days ago
nebula-mesh: Session and OIDC state cookies lack the Secure attribute
go
github.com/juev/nebula-mesh
Filter by Severity
Filter by Source
Filter by Ecosystem
maven
7,623
npm
6,581
packagist
6,451
pypi
6,131
go
4,527
nuget
3,553
cargo
1,522
rubygems
1,019
cpan
889
hex
132
actions
56
swift
51
pub
11
Filter by Package
openclaw
524
moodle/moodle
437
tensorflow
433
tensorflow-cpu
400
tensorflow-gpu
390
magento/community-edition
361
org.jenkins-ci.main:jenkins-core
251
Microsoft.ChakraCore
247
github.com/mattermost/mattermost/server/v8
196
github.com/mattermost/mattermost-server
166
typo3/cms
165
org.apache.tomcat:tomcat
153
com.liferay.portal:release.portal.bom
151
wwbn/avideo
139
pimcore/pimcore
131
dolibarr/dolibarr
124
com.liferay.portal:release.dxp.bom
124
typo3/cms-core
121
magento/project-community-edition
120
Magick.NET-Q16-AnyCPU
119
Magick.NET-Q16-HDRI-AnyCPU
118
Magick.NET-Q16-HDRI-x86
113
Magick.NET-Q16-HDRI-OpenMP-arm64
113
Magick.NET-Q16-HDRI-x64
112
Magick.NET-Q16-HDRI-arm64
112
apache-airflow
111
Magick.NET-Q16-OpenMP-arm64
110
Magick.NET-Q16-OpenMP-x64
110
parse-server
109
Magick.NET-Q8-AnyCPU
109
Magick.NET-Q16-arm64
108
Magick.NET-Q16-x86
108
Django
107
phpmyadmin/phpmyadmin
107
drupal/core
106
Magick.NET-Q8-OpenMP-arm64
106
microweber/microweber
105
Magick.NET-Q16-x64
104
Magick.NET-Q8-arm64
103
Magick.NET-Q8-x86
103
thorsten/phpmyfaq
102
craftcms/cms
102
librenms/librenms
100
Magick.NET-Q8-OpenMP-x64
100
Magick.NET-Q8-x64
95
open-webui
91
silverstripe/framework
90
Magick.NET-Q16-HDRI-OpenMP-x64
89
flowise
86
symfony/symfony
84
org.keycloak:keycloak-services
84
n8n
80
concrete5/concrete5
75
github.com/usememos/memos
75
shopware/platform
74
mlflow
74
drupal/drupal
73
com.fasterxml.jackson.core:jackson-databind
69
salt
67
getgrav/grav
67
apache-superset
66
ansible
65
mantisbt/mantisbt
65
shopware/core
64
Magick.NET-Q16-OpenMP-x86
62
github.com/grafana/grafana
60
picklescan
59
actionpack
59
org.apache.tomcat.embed:tomcat-embed-core
59
github.com/rancher/rancher
58
org.apache.struts:struts2-core
58
baserproject/basercms
56
directus
56
next
55
github.com/hashicorp/vault
55
Plone
54
froxlor/froxlor
53
gogs.io/gogs
51
github.com/siyuan-note/siyuan/kernel
51
mautic/core
50
rack
50
org.keycloak:keycloak-core
50
nocodb
49
admidio/admidio
49
nova
48
django
48
nokogiri
48
gradio
47
electron
46
pyload-ng
46
vllm
46
snipe/snipe-it
46
perl
45
org.xwiki.platform:xwiki-platform-oldcore
45
matrix-synapse
45
github.com/traefik/traefik/v2
44
coreutils
44
vyper
44
org.elasticsearch:elasticsearch
44
rdiffweb
43
vm2
43
DBD-SQLite
42
showdoc/showdoc
42
k8s.io/kubernetes
42
nilsteampassnet/teampass
42
intelliants/subrion
41
plone
41
getkirby/cms
40
io.undertow:undertow-core
39
wasmtime
39
net.mingsoft:ms-mcms
39
phpmyfaq/phpmyfaq
38
github.com/mattermost/mattermost-server/v6
38
github.com/traefik/traefik/v3
38
MT
37
github.com/argoproj/argo-cd/v2
37
PraisonAI
37
com.thoughtworks.xstream:xstream
37
com.jfinal:jfinal
36
ci4-cms-erp/ci4ms
36
DotNetNuke.Core
36
github.com/cilium/cilium
35
aiohttp
35
moin
35
keystone
35
hono
35
github.com/answerdev/answer
34
org.apache.tomcat:tomcat-catalina
34
pillow
34
shopware/shopware
34
github.com/hashicorp/nomad
34
github.com/filebrowser/filebrowser/v2
34
org.jenkins-ci.plugins:script-security
34
code.gitea.io/gitea
33
axios
33
github.com/docker/docker
33
code.vikunja.io/api
33
github.com/zitadel/zitadel
33
github.com/hashicorp/consul
32
statamic/cms
32
zendframework/zendframework1
32
prestashop/prestashop
31
github.com/argoproj/argo-cd
31
opencv-contrib-python
31
contao/core-bundle
31
org.springframework.security:spring-security-core
31
org.opencms:opencms-core
31
opencv-python
31
pocketmine/pocketmine-mp
30
org.apache.solr:solr-core
29
mediawiki/core
28
phpoffice/phpspreadsheet
28
Pillow
28
centreon/centreon
27
deno
27
github.com/nats-io/nats-server/v2
27
openmage/magento-lts
26
pypdf
26
funadmin/funadmin
26
cockpit-hq/cockpit
26
github.com/ethereum/go-ethereum
26
org.eclipse.jetty:jetty-server
26
org.keycloak:keycloak-parent
26
github.com/fleetdm/fleet/v4
26
pgadmin4
26
surrealdb
26
openssl-src
25
grumpydictator/firefly-iii
25
rubygems-update
25
org.apache.openmeetings:openmeetings-parent
25
@anthropic-ai/claude-code
25
github.com/openfga/openfga
24
typo3/cms-backend
24
magento/core
24
ghost
24
activerecord
23
langflow
23
org.bouncycastle:bcprov-jdk15on
23
github.com/goharbor/harbor
23
remdex/livehelperchat
23
puppet
23
org.xwiki.platform:xwiki-platform-web-templates
23
laravel/framework
23
undici
22
praisonaiagents
22
simplesamlphp/simplesamlphp
22
zendframework/zendframework
22
litellm
22
october/system
22
Microsoft.AspNetCore.App.Runtime.win-x64
22
glance
22
ethyca-fides
22
github.com/openbao/openbao
22
Microsoft.AspNetCore.App.Runtime.win-x86
22
weblate
22
ckb
22
tribalsystems/zenario
22
github.com/kyverno/kyverno
21
fuxa-server
21
org.cloudfoundry.identity:cloudfoundry-identity-server
21
Filter by Repository
https://github.com/tensorflow/tensorflow
433
https://github.com/moodle/moodle
250
https://github.com/xwiki/xwiki-platform
222
https://github.com/chakra-core/ChakraCore
214
https://github.com/jenkinsci/jenkins
178
https://github.com/liferay/liferay-portal
170
https://github.com/django/django
121
https://github.com/apache/tomcat
118
https://github.com/jquery/jquery
118
https://github.com/pimcore/pimcore
116
https://github.com/apache/airflow
105
https://github.com/TYPO3/typo3
93
https://github.com/microweber/microweber
90
https://github.com/keycloak/keycloak
90
https://github.com/librenms/librenms
77
https://github.com/FasterXML/jackson-databind
70
https://github.com/rails/rails
70
https://github.com/thorsten/phpmyfaq
69
https://github.com/usememos/memos
68
https://github.com/silverstripe/silverstripe-framework
68
https://github.com/kubernetes/kubernetes
66
https://github.com/symfony/symfony
64
https://github.com/Dolibarr/dolibarr
60
https://github.com/mattermost/mattermost
59
https://github.com/ansible/ansible
59
https://github.com/python-pillow/Pillow
52
https://github.com/spring-projects/spring-framework
51
https://github.com/argoproj/argo-cd
50
https://github.com/grafana/grafana
47
https://github.com/apache/struts
47
https://github.com/mautic/mautic
46
https://github.com/rancher/rancher
46
https://github.com/phpmyadmin/phpmyadmin
45
https://github.com/vyperlang/vyper
44
https://github.com/concretecms/concretecms
44
https://github.com/saltstack/salt
42
https://github.com/ikus060/rdiffweb
42
https://github.com/shopware/platform
42
https://github.com/mantisbt/mantisbt
42
https://github.com/directus/directus
41
https://github.com/craftcms/cms
41
https://github.com/shopware/shopware
40
https://github.com/mmaitre314/picklescan
39
https://github.com/star7th/showdoc
39
https://github.com/openstack/nova
38
https://github.com/gradio-app/gradio
38
https://github.com/magento/magento2
38
https://github.com/dotnet/runtime
38
https://github.com/x-stream/xstream
37
https://github.com/plone/Products.CMFPlone
37
https://github.com/mlflow/mlflow
36
https://github.com/octobercms/october
36
https://github.com/umbraco/Umbraco-CMS
35
https://github.com/sparklemotion/nokogiri
35
https://github.com/apache/activemq
34
https://github.com/parse-community/parse-server
34
https://github.com/answerdev/answer
34
https://github.com/opencv/opencv
32
https://github.com/go-gitea/gitea
32
https://github.com/matrix-org/synapse
32
https://github.com/PaddlePaddle/Paddle
31
https://github.com/cilium/cilium
31
https://github.com/apache/inlong
31
https://github.com/snipe/snipe-it
30
https://github.com/contao/contao
30
https://github.com/rack/rack
29
https://github.com/strapi/strapi
28
https://github.com/gogs/gogs
28
https://github.com/CVEProject/cvelist
28
https://github.com/openstack/keystone
28
https://github.com/FlowiseAI/Flowise
28
https://github.com/electron/electron
28
https://github.com/netty/netty
27
https://github.com/zitadel/zitadel
26
https://github.com/github/advisory-database
26
https://github.com/apache/nifi
26
https://github.com/baserproject/basercms
26
https://github.com/froxlor/froxlor
26
https://github.com/geoserver/geoserver
26
https://github.com/bcgit/bc-java
25
https://github.com/vllm-project/vllm
25
https://github.com/traefik/traefik
25
https://github.com/denoland/deno
25
https://github.com/surrealdb/surrealdb
25
https://github.com/langchain-ai/langchain
25
https://github.com/vercel/next.js
25
https://github.com/pmmp/PocketMine-MP
25
https://github.com/getgrav/grav
24
https://github.com/hashicorp/consul
24
https://github.com/pyload/pyload
24
https://github.com/apache/cxf
24
https://github.com/run-llama/llama_index
24
https://github.com/TYPO3/TYPO3.CMS
23
https://github.com/livehelperchat/livehelperchat
23
https://github.com/moby/moby
23
https://github.com/dnnsoftware/Dnn.Platform
23
https://github.com/eclipse/jetty.project
23
https://github.com/PrestaShop/PrestaShop
23
https://github.com/nilsteampassnet/TeamPass
23
https://github.com/bytecodealliance/wasmtime
23
https://github.com/erlang/otp
23
https://github.com/firefly-iii/firefly-iii
23
https://github.com/PHPOffice/PhpSpreadsheet
22
https://github.com/helm/helm
22
https://github.com/Perl/perl5
22
https://github.com/jenkinsci/script-security-plugin
22
https://github.com/getkirby/kirby
22
https://github.com/nervosnetwork/ckb
22
https://github.com/goharbor/harbor
21
https://github.com/undertow-io/undertow
21
https://github.com/laravel/framework
21
https://github.com/OpenZeppelin/openzeppelin-contracts
21
https://github.com/hashicorp/vault
21
https://github.com/ethyca/fides
20
https://github.com/funadmin/funadmin
20
https://github.com/opencast/opencast
20
https://github.com/jeecgboot/jeecg-boot
20
https://github.com/OpenNMS/opennms
20
https://github.com/intelliants/subrion
19
https://github.com/cloudfoundry/uaa
19
https://github.com/containerd/containerd
19
https://github.com/nilsteampassnet/teampass
19
https://github.com/TYPO3-CMS/core
19
https://github.com/alkacon/opencms-core
19
https://github.com/simplesamlphp/simplesamlphp
19
https://github.com/backstage/backstage
19
https://github.com/huggingface/transformers
19
https://github.com/opencontainers/runc
18
https://github.com/vaadin/platform
18
https://github.com/OpenMage/magento-lts
18
https://github.com/apache/camel
18
https://github.com/rubygems/rubygems
18
https://github.com/liufee/cms
17
https://github.com/ethereum/go-ethereum
17
https://github.com/vantage6/vantage6
17
https://github.com/apache/kylin
17
https://github.com/openfga/openfga
17
https://github.com/mindsdb/mindsdb
17
https://github.com/tinymce/tinymce
16
https://github.com/yetiforcecompany/yetiforcecrm
16
https://github.com/twbs/bootstrap
16
https://github.com/hashicorp/nomad
16
https://github.com/forkcms/forkcms
16
https://github.com/dotnet/aspnetcore
16
https://github.com/quarkusio/quarkus
16
https://github.com/etcd-io/etcd
16
https://github.com/vitejs/vite
16
https://github.com/rusqlite/rusqlite
16
https://github.com/sequelize/sequelize
16
https://github.com/pyca/cryptography
16
https://github.com/nodejs/undici
15
https://github.com/drupal/core
15
https://github.com/zendframework/zendframework
15
https://github.com/spring-projects/spring-security
15
https://github.com/MobSF/Mobile-Security-Framework-MobSF
15
https://github.com/thorsten/phpMyFAQ
15
https://github.com/centreon/centreon
15
https://github.com/OPCFoundation/UA-.NETStandard
15
https://github.com/dompdf/dompdf
15
https://github.com/decidim/decidim
15
https://github.com/xuxueli/xxl-job
15
https://github.com/cobbler/cobbler
15
https://github.com/ckeditor/ckeditor4
15
https://github.com/PHPMailer/PHPMailer
15
https://github.com/sqlite/sqlite
15
https://github.com/puppetlabs/puppet
15
https://github.com/containers/podman
15
https://github.com/aio-libs/aiohttp
15
https://github.com/ming-soft/MCMS
14
https://github.com/twisted/twisted
14
https://github.com/publify/publify
14
https://github.com/apache/superset
14
https://github.com/rails/rails-html-sanitizer
14
https://github.com/pgadmin-org/pgadmin4
14
https://github.com/urllib3/urllib3
14
https://github.com/Graylog2/graylog2-server
14
https://github.com/apache/zeppelin
14
https://github.com/cosmos/cosmos-sdk
14
https://github.com/golang/go
14
https://github.com/janeczku/calibre-web
14
https://github.com/TryGhost/Ghost
14
https://github.com/dpgaspar/Flask-AppBuilder
14
https://github.com/pimcore/admin-ui-classic-bundle
14
https://github.com/ImageMagick/ImageMagick
14
https://github.com/cockpit-hq/cockpit
14
https://github.com/h2oai/h2o-3
13
https://sourceforge.net/projects/sourceforge.net
13
https://github.com/zenml-io/zenml
13
https://github.com/OctoPrint/OctoPrint
13
https://github.com/OpenRefine/OpenRefine
13
https://github.com/laurent22/joplin
13
https://github.com/1Panel-dev/1Panel
13
https://github.com/dromara/hutool
13
https://github.com/swagger-api/swagger-ui
13
https://github.com/modoboa/modoboa
13
https://github.com/apache/dolphinscheduler
13
https://github.com/openbao/openbao
13
https://github.com/DSpace/DSpace
12
https://github.com/nautobot/nautobot
12