Browse Security Advisories
Security Advisories
Moderate
about 6 hours ago
Signal K Server: Server-Side Request Forgery via Remote Connection Endpoints
npm
signalk-server
Moderate
about 6 hours ago
PHP JWT Library: RSA1_5 (RSAES-PKCS1-v1_5) decryption lacks implicit rejection, exposing a Bleichenbacher/Marvin padding oracle
packagist
web-token/jwt-library, web-token/jwt-framework
High
about 6 hours ago
PHP JWT Framework: JWSVerifier uses algorithm from unprotected header, enabling algorithm confusion attacks
packagist
web-token/jwt-library, web-token/jwt-framework
High
about 6 hours ago
PHP JWT Library: PBES2-HS*+A*KW unwrap accepts an unbounded p2c iteration count, enabling CPU-amplification denial of service
packagist
web-token/jwt-library, web-token/jwt-framework
Moderate
about 6 hours ago
PHP JWT Framework: Chacha20Poly1305 key-encryption algorithm discards the Poly1305 authentication tag, performing no authentication on decryption
packagist
web-token/jwt-library, web-token/jwt-experimental
Moderate
about 6 hours ago
spomky-labs/otphp: Mass-assignment in Factory::loadFromProvisioningUri lets a hostile provisioning URI corrupt OTP state or leak an uncaught TypeError
packagist
spomky-labs/otphp
High
about 7 hours ago
spomky-labs/otphp: Unbounded digits parameter in a provisioning URI triggers an uncaught DivisionByZeroError in OTP generation
packagist
spomky-labs/otphp
Critical
about 7 hours ago
gemini-mcp-tool vulnerable to OS command injection and @file exfiltration via prompt quoting (CVE-2026-0755)
npm
gemini-mcp-tool
Moderate
about 7 hours ago
OpenClaw: Internal/webchat command auth could inherit ownerAllowFrom wildcard state
npm
openclaw
Low
about 7 hours ago
OpenClaw: Empty-scope device re-pairing could confuse caller scope containment
npm
openclaw
High
about 7 hours ago
OpenClaw: Workspace-derived service PATH could influence trash command selection
npm
openclaw
High
about 7 hours ago
OpenClaw: Workspace .env STATE_DIRECTORY could influence bundled runtime dependency roots
npm
openclaw
High
about 7 hours ago
OpenClaw: Workspace .env npm_execpath could influence bundled runtime dependency install
npm
openclaw
High
about 7 hours ago
OpenClaw: Linux and macOS exec allowlists skipped configured argument patterns
npm
openclaw
Low
about 7 hours ago
OpenClaw: BlueBubbles sender policy could match mutable conversation identifiers
npm
openclaw
Moderate
about 7 hours ago
OpenClaw: memory-wiki shared search could miss session visibility checks
npm
openclaw
Moderate
about 7 hours ago
OpenClaw: Config recovery could restore openclaw.json with broad file permissions
npm
openclaw
Low
about 7 hours ago
OpenClaw: Skill-command dispatch could skip before-tool-call hooks
npm
openclaw
Moderate
about 7 hours ago
OpenClaw: Active Memory write scope could mutate global config
npm
openclaw
Moderate
about 7 hours ago
OpenClaw: Exported session HTML could keep unsafe markdown links
npm
openclaw
Moderate
about 7 hours ago
OpenClaw: Slack reaction events could ignore reaction notification settings
npm
openclaw
Low
about 7 hours ago
OpenClaw: Bootstrap token replay could widen pending pairing scopes
npm
openclaw
High
about 7 hours ago
OpenClaw: Shell positional parameters could weaken strict inline-eval checks
npm
openclaw
Moderate
about 7 hours ago
OpenClaw: Hostname checks could treat trailing-dot hosts inconsistently
npm
openclaw
Low
about 7 hours ago
OpenClaw: Exec allowlist could miss side effects from transparent command wrappers
npm
openclaw
High
about 10 hours ago
Crawl4AI: Unauthenticated SSRF on the Docker server streaming crawl path (/crawl/stream)
pypi
crawl4ai
Critical
about 10 hours ago
Crawl4AI: Unauthenticated RCE via Chromium launch-argument injection in browser_config.extra_args
pypi
crawl4ai
Critical
about 10 hours ago
Crawl4AI: Arbitrary file write (path traversal) in crawler downloads can lead to RCE
pypi
crawl4ai
High
about 10 hours ago
budibase: Database Connector SQL Injections in PostgreSQL, MS SQL, and MySQL
npm
budibase
Critical
about 10 hours ago
@acastellon/auth: Authentication bypass via spoofable headers in validateToken()
npm
@acastellon/auth
Moderate
about 10 hours ago
Armeria: External Control of File Name or Path in xDS SDS DataSource
maven
com.linecorp.armeria:armeria-xds
Critical
about 10 hours ago
netlicensing-mcp: REST Path Traversal Bypasses Token Redaction
pypi
netlicensing-mcp
High
about 10 hours ago
AgenticMail: Unauthenticated inbound mail triggers bypassPermissions resume of the operator's Claude Code session (bridge-wake)
npm
@agenticmail/openclaw, @agenticmail/codex, @agenticmail/claudecode, @agenticmail/core
High
about 10 hours ago
AgenticMail: Cross-agent task authorization bypass in AgenticMail API
npm
@agenticmail/api
Moderate
about 10 hours ago
NL Portal Backend Libraries: Document contents remained downloadable by any logged-in user (incomplete fix of CVE-2026-49463)
maven
nl.nl-portal:documenten-api
Moderate
about 10 hours ago
Daytona: Path traversal in sandbox volume id mounts arbitrary host paths into the sandbox — cross-tenant data access and host escape
go
github.com/daytonaio/daytona
Moderate
about 12 hours ago
tract-nnef: integer overflow in NNEF `.dat` tensor parser yields an out-of-bounds read on model load
cargo
tract-nnef
High
about 12 hours ago
Pipecat: Telephony WebSocket `/ws` Unauthenticated Call-Control Abuse via Attacker-Supplied Call SID
pypi
pipecat-ai
Moderate
about 12 hours ago
opentelemetry-collector-contrib: githubreceiver silently ignores configured required_headers authentication
go
github.com/open-telemetry/opentelemetry-collector-contrib/receiver/githubreceiver
High
about 12 hours ago
Kirby: `pages.access` permission is not checked in the `site/find` REST API route
packagist
getkirby/cms
Moderate
about 12 hours ago
Kirby: Access to files of top-level drafts is not protected by permissions
packagist
getkirby/cms
Critical
about 12 hours ago
Kirby: External Initialization of the Panel on reverse proxy setups with the `Forwarded` header
packagist
getkirby/cms
High
about 12 hours ago
Kirby: Cross-site scripting (XSS) from incomplete HTML/XML sanitization in `Dom::sanitize()`
packagist
getkirby/cms
High
about 12 hours ago
Kirby: Self cross-site scripting (self-XSS) in the writer field
packagist
getkirby/cms
Moderate
about 12 hours ago
Kirby: `pages.access` permission is not checked in the pages picker for parent pages
packagist
getkirby/cms
Moderate
about 12 hours ago
opentelemetry-collector-contrib sentryexporter: Path traversal in Sentry exporter via attacker-controlled service.name reaches privileged Sentry API endpoints with operator bearer token
go
github.com/open-telemetry/opentelemetry-collector-contrib/exporter/sentryexporter
Critical
about 12 hours ago
Jupyter Server: Stored XSS in `NbconvertFileHandler` / `NbconvertPostHandler` via missing `sandbox` CSP
pypi
jupyter-server
Low
about 12 hours ago
BBOT: Symlink-Following Arbitrary Write via github_workflows Module
pypi
bbot
Low
about 12 hours ago
BBOT: Server-Side Request Forgery (SSRF) in docker_pull module via WWW-Authenticate realm parsing
pypi
bbot
Moderate
about 12 hours ago
BBOT: Path traversal (Zip-Slip) in unarchive module - incomplete fix for CVE-2025-10284
pypi
bbot
Moderate
about 12 hours ago
OpenClaw: macOS Swift exec allowlist missed combined POSIX inline flags
npm
openclaw
Moderate
about 13 hours ago
Grav: Stored CSS injection via Markdown image ?style=… reaches MediaObjectTrait::style() — incomplete patch of GHSA-r7fx-8g49-7hhr
packagist
getgrav/grav
Moderate
about 13 hours ago
praisonai-platform: Authorization Bypass Through User-Controlled Key
pypi
praisonai-platform
Moderate
about 13 hours ago
Grav: Admin Backup Zip File Exposes Account Credentials and Configuration Secrets
packagist
getgrav/grav
Moderate
about 13 hours ago
MCPVault: PathFilter restricted-directory deny-list bypass via case and trailing dot/space equivalence
npm
@bitbonsai/mcpvault
Moderate
about 13 hours ago
Podman: WORKDIR symlink traversal vulnerability
go
github.com/containers/podman/v3, github.com/containers/podman/v4, github.com/containers/podman/v5
High
about 13 hours ago
undici vulnerable to TLS certificate validation bypass via dropped requestTls in SOCKS5 ProxyAgent
npm
undici
Moderate
about 13 hours ago
undici vulnerable to cross-user information disclosure via shared cache whitespace bypass
npm
undici
High
about 13 hours ago
undici WebSocket client vulnerable to denial of service via cumulative fragment bypass
npm
undici
Critical
about 13 hours ago
python-statemachine SCXML <data expr> Eval Injection
pypi
python-statemachine
Moderate
about 13 hours ago
DOMPurify: Permanent `ALLOWED_ATTR` pollution via `setConfig()` bypassing the hook clone-guard (incomplete fix of the 3.4.7 hook-pollution patch)
npm
dompurify
Critical
about 13 hours ago
praisonai-platform: default JWT signing secret 'dev-secret-change-me' enables token forgery
pypi
praisonai-platform
High
about 13 hours ago
PraisonAI SandlockSandbox falls back to unrestricted subprocess execution when Landlock is unavailable
pypi
praisonai
High
about 13 hours ago
PraisonAI: PRAISONAI_CALL_AUTH=disabled environment variable unconditionally disables authentication
pypi
praisonai
High
about 13 hours ago
PraisonAI: Server-Side Request Forgery (SSRF) in SearxNG / search_web tools via attacker-controlled searxng_url parameter
pypi
praisonaiagents
Critical
about 13 hours ago
praisonai-platform 0.1.4 still boots on the hardcoded JWT secret dev-secret-change-me (default-open production guard)
pypi
praisonai-platform
Critical
about 13 hours ago
PraisonAI: Arbitrary File Read/Write via `multiedit` Tool Without Path Validation
pypi
praisonai
High
about 13 hours ago
PraisonAI A2U incomplete authentication fix leaves current serve command unauthenticated by default
pypi
praisonai
High
about 13 hours ago
PraisonAI recipe workflow policy can be bypassed by declaring and YAML-approving dangerous tools outside TEMPLATE.yaml
pypi
praisonai
High
about 13 hours ago
npm PraisonAI utility shell safe-command wrapper allowlist bypass via shell chaining
npm
praisonai
High
about 13 hours ago
npm PraisonAI AgentLoop onToolCall approval runs after tool execution
npm
praisonai
Critical
about 13 hours ago
npm PraisonAI MCPServer exposes unauthenticated HTTP tools/call
npm
praisonai
Critical
about 13 hours ago
npm PraisonAI AgentOS exposes unauthenticated agent listing and invocation
npm
praisonai
Critical
about 13 hours ago
PraisonAI: Remote Code Execution via Sandbox Escape in `codeMode` Tool
npm
praisonai
High
about 13 hours ago
npm PraisonAI SandboxExecutor allowedCommands bypass via shell chaining
npm
praisonai
Critical
about 13 hours ago
npm PraisonAI codeMode sandbox escape via Function constructor
npm
praisonai
High
about 13 hours ago
npm PraisonAI SandboxExecutor network-isolated mode does not block non-proxy-aware network clients
npm
praisonai
High
about 13 hours ago
npm PraisonAI MCPSecurity Basic/OAuth authentication policies accept invalid credentials without validation
npm
praisonai
High
about 13 hours ago
PraisonAI: IMAP Command Injection via Unsanitized Email Search Parameters
pypi
praisonaiagents
High
about 13 hours ago
PraisonAI GitHub template cache path traversal allows outside-cache file write and directory deletion
pypi
praisonai
High
about 13 hours ago
Heimdall: Forwarded Header Injection via Unsanitized Host Header in Proxy Mode
go
github.com/dadrus/heimdall
High
about 13 hours ago
Heimdall: IP Spoofing via Unvalidated Forwarding Headers
go
https://github.com/dadrus/heimdall
High
about 13 hours ago
PraisonAI Code agent tools fail open without a workspace boundary
pypi
praisonai
Critical
about 13 hours ago
PraisonAI: Missing Authentication for Critical Function and Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in praisonai
pypi
praisonai
High
about 13 hours ago
PraisonAI: Webhook signature verification skipped (fail-open) when secret unset, allowing forged inbound webhooks (WhatsApp & Linear bots)
pypi
praisonai
High
about 13 hours ago
PraisonAI: Missing ownership check on DELETE endpoints allows members to delete others' content in Platform API
pypi
praisonai-platform
Critical
about 13 hours ago
PraisonAI: AgentOS remains unauthenticated after incomplete fix version and allows remote agent invocation
pypi
praisonai
Critical
about 13 hours ago
PraisonAI AgentTeam.launch exposes unauthenticated remote agent listing and invocation endpoints
pypi
praisonaiagents
High
about 13 hours ago
PraisonAI: Jobs webhook SSRF protection bypass via DNS rebinding
pypi
praisonai
Critical
about 13 hours ago
PraisonAI: Jobs API exposes agent-execution endpoints with no authentication
pypi
praisonai
Filter by Severity
Filter by Source
Filter by Ecosystem
maven
7,632
npm
6,739
packagist
6,490
pypi
6,284
go
4,567
nuget
3,545
cargo
1,533
rubygems
1,024
cpan
889
hex
139
actions
56
swift
51
pub
11
Filter by Package
openclaw
551
moodle/moodle
437
tensorflow
433
tensorflow-cpu
406
tensorflow-gpu
397
magento/community-edition
359
org.jenkins-ci.main:jenkins-core
252
Microsoft.ChakraCore
247
github.com/mattermost/mattermost/server/v8
196
typo3/cms
180
github.com/mattermost/mattermost-server
166
org.apache.tomcat:tomcat
156
com.liferay.portal:release.portal.bom
150
wwbn/avideo
139
pimcore/pimcore
131
dolibarr/dolibarr
124
com.liferay.portal:release.dxp.bom
123
magento/project-community-edition
120
Magick.NET-Q16-AnyCPU
119
Magick.NET-Q16-HDRI-AnyCPU
117
typo3/cms-core
116
Magick.NET-Q16-HDRI-OpenMP-arm64
114
Magick.NET-Q16-HDRI-arm64
112
Magick.NET-Q16-HDRI-x86
112
apache-airflow
111
Magick.NET-Q16-HDRI-x64
111
parse-server
109
Magick.NET-Q16-OpenMP-arm64
108
Magick.NET-Q16-OpenMP-x64
108
Django
107
phpmyadmin/phpmyadmin
107
drupal/core
107
Magick.NET-Q16-arm64
107
Magick.NET-Q8-AnyCPU
107
Magick.NET-Q16-x86
106
open-webui
106
microweber/microweber
105
Magick.NET-Q8-OpenMP-arm64
103
craftcms/cms
102
thorsten/phpmyfaq
102
Magick.NET-Q8-arm64
102
Magick.NET-Q16-x64
102
Magick.NET-Q8-x86
101
librenms/librenms
100
n8n
100
Magick.NET-Q8-OpenMP-x64
99
symfony/symfony
94
Magick.NET-Q8-x64
94
Magick.NET-Q16-HDRI-OpenMP-x64
91
silverstripe/framework
89
flowise
86
org.keycloak:keycloak-services
84
github.com/usememos/memos
75
concrete5/concrete5
75
drupal/drupal
75
shopware/platform
74
mlflow
74
getgrav/grav
69
com.fasterxml.jackson.core:jackson-databind
69
salt
67
apache-superset
66
shopware/core
65
ansible
65
mantisbt/mantisbt
65
github.com/grafana/grafana
62
actionpack
62
Magick.NET-Q16-OpenMP-x86
60
org.apache.struts:struts2-core
59
picklescan
59
github.com/rancher/rancher
58
baserproject/basercms
56
github.com/hashicorp/vault
55
next
55
org.apache.tomcat.embed:tomcat-embed-core
55
directus
55
nocodb
54
Plone
54
vllm
53
froxlor/froxlor
53
gogs.io/gogs
52
github.com/siyuan-note/siyuan/kernel
51
org.keycloak:keycloak-core
50
rack
50
mautic/core
50
nova
49
nokogiri
49
admidio/admidio
49
django
48
electron
47
gradio
47
getkirby/cms
47
snipe/snipe-it
46
pyload-ng
46
github.com/traefik/traefik/v2
45
matrix-synapse
45
perl
45
org.xwiki.platform:xwiki-platform-oldcore
45
aiohttp
44
org.elasticsearch:elasticsearch
44
coreutils
44
vyper
44
vm2
43
rdiffweb
43
DBD-SQLite
42
nilsteampassnet/teampass
42
code.gitea.io/gitea
42
k8s.io/kubernetes
42
showdoc/showdoc
42
plone
41
intelliants/subrion
41
hono
40
github.com/traefik/traefik/v3
40
io.undertow:undertow-core
39
net.mingsoft:ms-mcms
39
github.com/mattermost/mattermost-server/v6
39
praisonai
39
wasmtime
39
github.com/zitadel/zitadel
38
phpmyfaq/phpmyfaq
38
MT
37
PraisonAI
37
com.thoughtworks.xstream:xstream
37
github.com/argoproj/argo-cd/v2
37
DotNetNuke.Core
36
com.jfinal:jfinal
36
ci4-cms-erp/ci4ms
36
deno
36
moin
35
github.com/cilium/cilium
35
keystone
35
org.apache.tomcat:tomcat-catalina
35
github.com/filebrowser/filebrowser/v2
34
github.com/answerdev/answer
34
org.jenkins-ci.plugins:script-security
34
github.com/hashicorp/nomad
34
pillow
34
shopware/shopware
34
praisonaiagents
33
axios
33
github.com/docker/docker
33
code.vikunja.io/api
33
pypdf
32
github.com/hashicorp/consul
32
zendframework/zendframework1
32
github.com/argoproj/argo-cd
32
statamic/cms
32
contao/core-bundle
31
opencv-python
31
prestashop/prestashop
31
org.opencms:opencms-core
31
opencv-contrib-python
30
org.apache.solr:solr-core
30
org.springframework.security:spring-security-core
30
pocketmine/pocketmine-mp
30
langflow
28
mediawiki/core
28
phpoffice/phpspreadsheet
28
Pillow
28
centreon/centreon
27
github.com/nats-io/nats-server/v2
27
pgadmin4
26
org.eclipse.jetty:jetty-server
26
github.com/fleetdm/fleet/v4
26
funadmin/funadmin
26
github.com/ethereum/go-ethereum
26
cockpit-hq/cockpit
26
org.keycloak:keycloak-parent
26
openmage/magento-lts
26
surrealdb
26
dompurify
26
@anthropic-ai/claude-code
26
github.com/openfga/openfga
25
rubygems-update
25
openssl-src
25
undici
25
grumpydictator/firefly-iii
25
org.apache.openmeetings:openmeetings-parent
25
typo3/cms-backend
24
magento/core
24
Microsoft.AspNetCore.App.Runtime.win-x64
24
ghost
24
github.com/traefik/traefik
24
laravel/framework
24
github.com/goharbor/harbor
23
remdex/livehelperchat
23
puppet
23
org.xwiki.platform:xwiki-platform-web-templates
23
activerecord
23
Microsoft.AspNetCore.App.Runtime.win-x86
23
litellm
23
simplesamlphp/simplesamlphp
22
glance
22
tribalsystems/zenario
22
ethyca-fides
22
ckb
22
zendframework/zendframework
22
october/system
22
vite
22
weblate
22
github.com/openbao/openbao
22
Filter by Repository
https://github.com/tensorflow/tensorflow
433
https://github.com/moodle/moodle
250
https://github.com/xwiki/xwiki-platform
222
https://github.com/chakra-core/ChakraCore
214
https://github.com/jenkinsci/jenkins
178
https://github.com/liferay/liferay-portal
170
https://github.com/django/django
121
https://github.com/jquery/jquery
118
https://github.com/apache/tomcat
118
https://github.com/pimcore/pimcore
116
https://github.com/apache/airflow
105
https://github.com/TYPO3/typo3
93
https://github.com/microweber/microweber
90
https://github.com/keycloak/keycloak
90
https://github.com/librenms/librenms
77
https://github.com/rails/rails
70
https://github.com/FasterXML/jackson-databind
70
https://github.com/thorsten/phpmyfaq
69
https://github.com/usememos/memos
68
https://github.com/silverstripe/silverstripe-framework
68
https://github.com/kubernetes/kubernetes
66
https://github.com/symfony/symfony
64
https://github.com/Dolibarr/dolibarr
60
https://github.com/ansible/ansible
59
https://github.com/mattermost/mattermost
59
https://github.com/python-pillow/Pillow
52
https://github.com/spring-projects/spring-framework
51
https://github.com/argoproj/argo-cd
50
https://github.com/apache/struts
47
https://github.com/grafana/grafana
47
https://github.com/mautic/mautic
46
https://github.com/rancher/rancher
46
https://github.com/phpmyadmin/phpmyadmin
45
https://github.com/concretecms/concretecms
44
https://github.com/vyperlang/vyper
44
https://github.com/saltstack/salt
42
https://github.com/ikus060/rdiffweb
42
https://github.com/shopware/platform
42
https://github.com/mantisbt/mantisbt
42
https://github.com/directus/directus
41
https://github.com/craftcms/cms
41
https://github.com/shopware/shopware
40
https://github.com/mmaitre314/picklescan
39
https://github.com/star7th/showdoc
39
https://github.com/dotnet/runtime
38
https://github.com/magento/magento2
38
https://github.com/gradio-app/gradio
38
https://github.com/openstack/nova
38
https://github.com/plone/Products.CMFPlone
37
https://github.com/x-stream/xstream
37
https://github.com/mlflow/mlflow
36
https://github.com/octobercms/october
36
https://github.com/umbraco/Umbraco-CMS
35
https://github.com/sparklemotion/nokogiri
35
https://github.com/parse-community/parse-server
34
https://github.com/answerdev/answer
34
https://github.com/apache/activemq
34
https://github.com/go-gitea/gitea
32
https://github.com/opencv/opencv
32
https://github.com/matrix-org/synapse
32
https://github.com/cilium/cilium
31
https://github.com/apache/inlong
31
https://github.com/PaddlePaddle/Paddle
31
https://github.com/snipe/snipe-it
30
https://github.com/contao/contao
30
https://github.com/rack/rack
29
https://github.com/electron/electron
28
https://github.com/openstack/keystone
28
https://github.com/gogs/gogs
28
https://github.com/strapi/strapi
28
https://github.com/CVEProject/cvelist
28
https://github.com/FlowiseAI/Flowise
28
https://github.com/netty/netty
27
https://github.com/zitadel/zitadel
26
https://github.com/froxlor/froxlor
26
https://github.com/geoserver/geoserver
26
https://github.com/baserproject/basercms
26
https://github.com/apache/nifi
26
https://github.com/github/advisory-database
26
https://github.com/pmmp/PocketMine-MP
25
https://github.com/vercel/next.js
25
https://github.com/bcgit/bc-java
25
https://github.com/surrealdb/surrealdb
25
https://github.com/vllm-project/vllm
25
https://github.com/denoland/deno
25
https://github.com/traefik/traefik
25
https://github.com/langchain-ai/langchain
25
https://github.com/apache/cxf
24
https://github.com/getgrav/grav
24
https://github.com/run-llama/llama_index
24
https://github.com/hashicorp/consul
24
https://github.com/pyload/pyload
24
https://github.com/moby/moby
23
https://github.com/TYPO3/TYPO3.CMS
23
https://github.com/dnnsoftware/Dnn.Platform
23
https://github.com/eclipse/jetty.project
23
https://github.com/bytecodealliance/wasmtime
23
https://github.com/firefly-iii/firefly-iii
23
https://github.com/erlang/otp
23
https://github.com/livehelperchat/livehelperchat
23
https://github.com/nilsteampassnet/TeamPass
23
https://github.com/PrestaShop/PrestaShop
23
https://github.com/Perl/perl5
22
https://github.com/helm/helm
22
https://github.com/PHPOffice/PhpSpreadsheet
22
https://github.com/getkirby/kirby
22
https://github.com/jenkinsci/script-security-plugin
22
https://github.com/nervosnetwork/ckb
22
https://github.com/laravel/framework
21
https://github.com/hashicorp/vault
21
https://github.com/goharbor/harbor
21
https://github.com/OpenZeppelin/openzeppelin-contracts
21
https://github.com/undertow-io/undertow
21
https://github.com/funadmin/funadmin
20
https://github.com/jeecgboot/jeecg-boot
20
https://github.com/opencast/opencast
20
https://github.com/ethyca/fides
20
https://github.com/OpenNMS/opennms
20
https://github.com/TYPO3-CMS/core
19
https://github.com/containerd/containerd
19
https://github.com/huggingface/transformers
19
https://github.com/simplesamlphp/simplesamlphp
19
https://github.com/alkacon/opencms-core
19
https://github.com/backstage/backstage
19
https://github.com/intelliants/subrion
19
https://github.com/cloudfoundry/uaa
19
https://github.com/nilsteampassnet/teampass
19
https://github.com/vaadin/platform
18
https://github.com/rubygems/rubygems
18
https://github.com/OpenMage/magento-lts
18
https://github.com/apache/camel
18
https://github.com/opencontainers/runc
18
https://github.com/ethereum/go-ethereum
17
https://github.com/mindsdb/mindsdb
17
https://github.com/liufee/cms
17
https://github.com/openfga/openfga
17
https://github.com/vantage6/vantage6
17
https://github.com/apache/kylin
17
https://github.com/dotnet/aspnetcore
16
https://github.com/rusqlite/rusqlite
16
https://github.com/twbs/bootstrap
16
https://github.com/vitejs/vite
16
https://github.com/hashicorp/nomad
16
https://github.com/tinymce/tinymce
16
https://github.com/pyca/cryptography
16
https://github.com/quarkusio/quarkus
16
https://github.com/etcd-io/etcd
16
https://github.com/yetiforcecompany/yetiforcecrm
16
https://github.com/forkcms/forkcms
16
https://github.com/sequelize/sequelize
16
https://github.com/xuxueli/xxl-job
15
https://github.com/nodejs/undici
15
https://github.com/cobbler/cobbler
15
https://github.com/puppetlabs/puppet
15
https://github.com/ckeditor/ckeditor4
15
https://github.com/aio-libs/aiohttp
15
https://github.com/zendframework/zendframework
15
https://github.com/decidim/decidim
15
https://github.com/OPCFoundation/UA-.NETStandard
15
https://github.com/drupal/core
15
https://github.com/centreon/centreon
15
https://github.com/dompdf/dompdf
15
https://github.com/sqlite/sqlite
15
https://github.com/containers/podman
15
https://github.com/PHPMailer/PHPMailer
15
https://github.com/thorsten/phpMyFAQ
15
https://github.com/MobSF/Mobile-Security-Framework-MobSF
15
https://github.com/spring-projects/spring-security
15
https://github.com/ImageMagick/ImageMagick
14
https://github.com/apache/zeppelin
14
https://github.com/ming-soft/MCMS
14
https://github.com/TryGhost/Ghost
14
https://github.com/pgadmin-org/pgadmin4
14
https://github.com/rails/rails-html-sanitizer
14
https://github.com/janeczku/calibre-web
14
https://github.com/urllib3/urllib3
14
https://github.com/apache/superset
14
https://github.com/Graylog2/graylog2-server
14
https://github.com/golang/go
14
https://github.com/twisted/twisted
14
https://github.com/publify/publify
14
https://github.com/pimcore/admin-ui-classic-bundle
14
https://github.com/dpgaspar/Flask-AppBuilder
14
https://github.com/cosmos/cosmos-sdk
14
https://github.com/cockpit-hq/cockpit
14
https://github.com/h2oai/h2o-3
13
https://github.com/dromara/hutool
13
https://github.com/OpenRefine/OpenRefine
13
https://github.com/1Panel-dev/1Panel
13
https://github.com/openbao/openbao
13
https://github.com/modoboa/modoboa
13
https://sourceforge.net/projects/sourceforge.net
13
https://github.com/laurent22/joplin
13
https://github.com/zenml-io/zenml
13
https://github.com/OctoPrint/OctoPrint
13
https://github.com/swagger-api/swagger-ui
13
https://github.com/apache/dolphinscheduler
13
https://github.com/centreon/centreon-archived
12
https://github.com/getsentry/sentry
12