Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

High Security Advisories

Loading...
High
GSA_kwCzR0hTQS1yMnI4LTM2cHEtMjdjbc4AA8Rw
nzo/url-encryptor-bundle Insecure default secret key and IV allowing anyone to decrypt values
Ecosystems: packagist
Packages: nzo/url-encryptor-bundle
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 13 hours ago
High
GSA_kwCzR0hTQS02Y2ozLXJjNHAtZjM4Zs4AA8Ru
Cross-site Scripting vulnerabilities in Neos
Ecosystems: packagist
Packages: neos/neos
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 13 hours ago
High
GSA_kwCzR0hTQS0zYzVnLTczZjctZ3J2bc4AA8Rr
Neos Information Disclosure Security Note
Ecosystems: packagist
Packages: neos/neos
Source: GitHub Advisory Database
Blast Radius: 21.0
Published: about 13 hours ago
High
GSA_kwCzR0hTQS1oeGhjLXdtZzgteHJxZs4AA8Rm
namshi/jose insecure JSON Web Signatures (JWS)
Ecosystems: packagist
Packages: namshi/jose
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 14 hours ago
High
GSA_kwCzR0hTQS1jcWg5LWpmcXItaDlqas4AA8KA
Weights and Biases (wandb) has a Server-Side Request Forgery (SSRF) vulnerability
Ecosystems: pypi
Packages: wandb
Source: GitHub Advisory Database
Blast Radius: 30.6
Published: 2 days ago
High
GSA_kwCzR0hTQS1yZnFxLXdxNnctNzJqbc4AA8J7
MLflow has a Local File Read/Path Traversal bypass
Ecosystems: pypi
Packages: mlflow
Source: GitHub Advisory Database
Blast Radius: 27.8
Published: 2 days ago
High
GSA_kwCzR0hTQS13cThwLW1xdmctMnA1aM4AA8Is
laravel framework SQL Injection via limit and offset functions
Ecosystems: packagist
Packages: laravel/framework
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 days ago
High
GSA_kwCzR0hTQS1qd3ZqLXB3d3ctM21qNc4AA8Ir
laravel framework Unexpected database bindings via requests
Ecosystems: packagist
Packages: laravel/framework
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 days ago
High
GSA_kwCzR0hTQS02anZ4LThjaDktajJqcs4AA8In
Laravel Cookie serialization vulnerability
Ecosystems: packagist
Packages: laravel/framework
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 days ago
High
GSA_kwCzR0hTQS0yODY3LTZycm0tMzhncs4AA8Ih
Laravel Cookie serialization vulnerability
Ecosystems: packagist
Packages: illuminate/cookie
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 days ago
High
GSA_kwCzR0hTQS0yZ3EyLW02MjgtMzN4cM4AA8Ic
gregwar/rst Local File Inclusion Vulnerability
Ecosystems: packagist
Packages: gregwar/rst
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 days ago
High
GSA_kwCzR0hTQS0yNmhwLWNnamotbTJqM84AA8IZ
fuel/core ImageMagick driver does not escape all shell arguments.
Ecosystems: packagist
Packages: fuel/core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 days ago
High
GSA_kwCzR0hTQS02bWpxLTl4NHctbTN3Oc4AA8IX
FOSUserBundle Session Hijacking Vulnerability
Ecosystems: packagist
Packages: friendsofsymfony/user-bundle
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 days ago
High
GSA_kwCzR0hTQS0zZzQzLXhmcnctcHY1bc4AA8IS
eZ Platform User data disclosure
Ecosystems: packagist
Packages: ezsystems/repository-forms
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 days ago
High
GSA_kwCzR0hTQS05ODk1LTI2d3ItNGZnds4AA8IP
EZsystems Remote code execution in file uploads
Ecosystems: packagist
Packages: ezsystems/ezpublish-legacy
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 days ago
High
GSA_kwCzR0hTQS14OHhtLXdyanEtNWc1NM4AA8H3
Stakater Forecastle has a directory traversal vulnerability
Ecosystems: go
Packages: github.com/stakater/Forecastle
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 days ago
High
GSA_kwCzR0hTQS1wOW1wLXZxNHYtdjVtNc4AA8Hv
eZ Publish Legacy Passwordless login for LDAP users
Ecosystems: packagist
Packages: ezsystems/ezpublish-legacy
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 days ago
High
GSA_kwCzR0hTQS02NHZqLTkzM2YtNnBtM84AA8Ht
eZ Platform Object Injection in SiteAccessMatchListener
Ecosystems: packagist
Packages: ezsystems/ezpublish-kernel
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 days ago
High
GSA_kwCzR0hTQS04MnJ2LTQ1cGMtdjI4d84AA8Hs
eZ Publish Legacy Patch EZSA-2018-001 for Several vulnerabilities
Ecosystems: packagist
Packages: ezsystems/ezpublish-legacy
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 days ago
High
GSA_kwCzR0hTQS1jYzJqLTkyanEtd2dqZ84AA8Hr
eZ Publish Information disclosure in backend content tree menu
Ecosystems: packagist
Packages: ezsystems/ezpublish-legacy
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 days ago
High
GSA_kwCzR0hTQS0zdndyLWpqNGYtaDk4eM4AA8Hq
eZ Publish Remote code execution in file uploads
Ecosystems: packagist
Packages: ezsystems/ezpublish-kernel
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 days ago
High
GSA_kwCzR0hTQS00NXFtLWo0bTktd2h2Oc4AA8Hm
eZ Platform CSRF token in login form is disabled by default
Ecosystems: packagist
Packages: ezsystems/ezplatform
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 days ago
High
GSA_kwCzR0hTQS1oZnBwLTJ2aHctcXE0M84AA8Hl
eZ Platform Admin UI Password reset vulnerability
Ecosystems: packagist
Packages: ezsystems/ezplatform-user
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 days ago
High
GSA_kwCzR0hTQS0ydzlwLXh4cXItaDI1M84AA8Hk
eZ Platform Object Injection in SiteAccessMatchListener
Ecosystems: packagist
Packages: ezsystems/ezplatform-kernel
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 days ago
High
GSA_kwCzR0hTQS1xNzN2LTc5eDMtanYyd84AA8Hj
eZ Platform Admin UI Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: ezsystems/ezplatform-admin-ui
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 days ago
High
GSA_kwCzR0hTQS1jZzg0LTU1angtNDIzN84AA8Hi
eZ Platform Password reset vulnerability
Ecosystems: packagist
Packages: ezsystems/ezplatform-admin-ui
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 days ago
High
GSA_kwCzR0hTQS05Y3EyLXBjZ3ItOGg2Ms4AA8Hf
Cross-site Scripting in eZFind spellcheck
Ecosystems: packagist
Packages: ezsystems/ezfind-ls
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 days ago
High
GSA_kwCzR0hTQS1qcTlxLTZwNDItcXByN84AA8Hc
Cross-site Scripting (XSS) in DemoBundle/ezdemo bundled VideoJS
Ecosystems: packagist
Packages: ezsystems/ezdemo-ls-extension
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 days ago
High
GSA_kwCzR0hTQS04Yzg1LTRycjUtY2hyNM4AA8Hd
Cross-site Scripting (XSS) in DemoBundle/ezdemo bundled VideoJS
Ecosystems: packagist
Packages: ezsystems/demobundle
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 days ago
High
GSA_kwCzR0hTQS1qNjZwLWZ2cDItZnhoas4AA8HZ
Drupal core Arbitrary PHP code execution
Ecosystems: packagist
Packages: drupal/drupal
Source: GitHub Advisory Database
Blast Radius: 17.1
Published: 3 days ago
High
GSA_kwCzR0hTQS1tOWZ2LXdocTItNndtY84AA8HW
Drupal core Multiple vulnerabilities due to the use of the third-party library Archive_Tar
Ecosystems: packagist
Packages: drupal/drupal
Source: GitHub Advisory Database
Blast Radius: 17.8
Published: 3 days ago
High
GSA_kwCzR0hTQS1neHhqLWc5djgtdzI4cM4AA8HM
Drupal core Arbitrary PHP code execution
Ecosystems: packagist
Packages: drupal/core
Source: GitHub Advisory Database
Blast Radius: 29.0
Published: 3 days ago
High
GSA_kwCzR0hTQS05OGg5LTcyN20tNDRxds4AA8HJ
Drupal core Multiple vulnerabilities due to the use of the third-party library Archive_Tar
Ecosystems: packagist
Packages: drupal/core
Source: GitHub Advisory Database
Blast Radius: 30.2
Published: 3 days ago
High
GSA_kwCzR0hTQS12anJnLXdwbTgtcmhyd84AA8HA
doctrine/orm Regression in Query Parenthesis can have Security Implications
Ecosystems: packagist
Packages: doctrine/orm
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 days ago
High
GSA_kwCzR0hTQS03Nnc4LW1xeDQtd2pyZs4AA8G8
Doctrine DBAL SQL injection possibility
Ecosystems: packagist
Packages: doctrine/dbal
Source: GitHub Advisory Database
Blast Radius: 41.7
Published: 3 days ago
High
GSA_kwCzR0hTQS13cTQzLThyNXAtdzNtY84AA8G6
contao/core PHP object injection vulnerability allows for arbitrary code execution
Ecosystems: packagist
Packages: contao/core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 days ago
High
GSA_kwCzR0hTQS0ybTVnLTh4cHctNDJ2cM4AA8GP
OpenCFP Framework (Sentry) Account takeover via null password reset codes
Ecosystems: packagist
Packages: cartalyst/sentry
Source: GitHub Advisory Database
Blast Radius: 27.2
Published: 3 days ago
High
GSA_kwCzR0hTQS1wZ2o0LWc1ajQtY21meM4AA8GO
cart2quote/module-quotation-encoded Remote Code Execution via downloadCustomOptionAction
Ecosystems: packagist
Packages: cart2quote/module-quotation-encoded
Source: GitHub Advisory Database
Blast Radius: 2.1
Published: 3 days ago
High
GSA_kwCzR0hTQS0zMnJ4LXh2dnItNHh2Oc4AA8GH
easyadmin-extension-bundle action case insensitivity
Ecosystems: packagist
Packages: alterphp/easyadmin-extension-bundle
Source: GitHub Advisory Database
Blast Radius: 10.8
Published: 3 days ago
High
GSA_kwCzR0hTQS03N212LW1wMmotZ3h4aM4AA8GF
pygmentize Remote Code Execution
Ecosystems: packagist
Packages: 3f/pygmentize
Source: GitHub Advisory Database
Blast Radius: 6.3
Published: 3 days ago
High
GSA_kwCzR0hTQS1mOHY1LWptZmgtcHI2Oc4AA8GC
Grav Vulnerable to Arbitrary File Read to Account Takeover
Ecosystems: packagist
Packages: getgrav/grav
Source: GitHub Advisory Database
Blast Radius: 8.1
Published: 3 days ago
High
GSA_kwCzR0hTQS1wOTc4LTU2aHEtcjQ5Ms4AA8Ex
Grafana folders admin only permission privilege escalation
Ecosystems: go
Packages: github.com/grafana/grafana
Source: GitHub Advisory Database
Blast Radius: 12.9
Published: 4 days ago
High
GSA_kwCzR0hTQS1teDQ3LTY0OTctM2Z2Ms4AA8En
Grafana account takeover via OAuth vulnerability
Ecosystems: go
Packages: github.com/grafana/grafana
Source: GitHub Advisory Database
Blast Radius: 12.1
Published: 4 days ago
High
GSA_kwCzR0hTQS12dzdxLXAycWctNG01Zs4AA8El
Grafana Stored Cross-site Scripting in Unified Alerting
Ecosystems: go
Packages: github.com/grafana/grafana
Source: GitHub Advisory Database
Blast Radius: 12.4
Published: 4 days ago
High
GSA_kwCzR0hTQS1oZjU0LWZxMm0tcDl2Ns4AA8Eb
dotmesh arbitrary file read and/or write
Ecosystems: go
Packages: github.com/dotmesh-io/dotmesh
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 4 days ago
High
GSA_kwCzR0hTQS0ydmpxLWhnNXctNWdtN84AA8EL
OctoPrint has an Authentication Bypass via X-Forwarded-For Header when autologinLocal is enabled
Ecosystems: pypi
Packages: OctoPrint
Source: GitHub Advisory Database
Blast Radius: 5.5
Published: 4 days ago
High
GSA_kwCzR0hTQS02d3ZmLWYydnctMzQyNc4AA78t
github.com/containers/image allows unexpected authenticated registry accesses
Ecosystems: go
Packages: github.com/containers/image
Source: GitHub Advisory Database
Blast Radius: 21.2
Published: 4 days ago
High
GSA_kwCzR0hTQS1yMmhyLTR2NDgtZmp2M84AA74u
Nautobot's BANNER_* configuration can be used to inject arbitrary HTML content into Nautobot pages
Ecosystems: pypi
Packages: nautobot
Source: GitHub Advisory Database
Blast Radius: 12.5
Published: 5 days ago
High
GSA_kwCzR0hTQS1oNnI0LXh2dzYtamM1aM4AA74t
NocoDB Vulnerable to Stored Cross-Site Scripting in Formula.vue
Ecosystems: npm
Packages: nocodb
Source: GitHub Advisory Database
Blast Radius: 12.3
Published: 5 days ago
High
GSA_kwCzR0hTQS05M3gzLW03cHctcHBxbc4AA74k
Mantis Bug Tracker (MantisBT) allows user account takeover in the signup/reset password process
Ecosystems: packagist
Packages: mantisbt/mantisbt
Source: GitHub Advisory Database
Blast Radius: 4.4
Published: 5 days ago
High
GSA_kwCzR0hTQS1qY3FxLWc2NHYtZ2NtN84AA74Z
Previous ATX is not checked to be the newest valid ATX by Smesher when validating incoming ATX
Ecosystems: go
Packages: github.com/spacemeshos/api, github.com/spacemeshos/go-spacemesh
Source: GitHub Advisory Database
Blast Radius: 5.7
Published: 8 days ago
High
GSA_kwCzR0hTQS1mcjVoLXJxcDgtbWo2Z84AA74P
Next.js Server-Side Request Forgery in Server Actions
Ecosystems: npm
Packages: next
Source: GitHub Advisory Database
Blast Radius: 41.5
Published: 9 days ago
High
GSA_kwCzR0hTQS03N3I1LWd3M2otMm1wZs4AA74O
Next.js Vulnerable to HTTP Request Smuggling
Ecosystems: npm
Packages: next
Source: GitHub Advisory Database
Blast Radius: 41.5
Published: 9 days ago
High
GSA_kwCzR0hTQS14OXZjLTZoZnYtaGc4Y84AA74L
Npgsql vulnerable to SQL Injection via Protocol Message Size Overflow
Ecosystems: nuget
Packages: Npgsql
Source: GitHub Advisory Database
Blast Radius: 18.3
Published: 9 days ago
High
GSA_kwCzR0hTQS0zOGdmLXJoMnctZ21qN84AA74H
@cyclonedx/cyclonedx-library Improper Restriction of XML External Entity Reference vulnerability
Ecosystems: npm
Packages: @cyclonedx/cyclonedx-library
Source: GitHub Advisory Database
Blast Radius: 7.7
Published: 10 days ago
High
GSA_kwCzR0hTQS1mZ2gzLXB3bXAtM3F3M84AA73r
Apache Inlong Deserialization of Untrusted Data vulnerability
Ecosystems: maven
Packages: org.apache.inlong:manager-pojo
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 10 days ago
High
GSA_kwCzR0hTQS0yM3J4LWMzZzUtaHY5d84AA73I
Deno permission escalation vulnerability via open of privileged files with missing `--deny` flag
Ecosystems: cargo
Packages: deno
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 10 days ago
High
GSA_kwCzR0hTQS04N2hxLXE0Z3AtOXdyNM4AA70i
react-pdf vulnerable to arbitrary JavaScript execution upon opening a malicious PDF with PDF.js
Ecosystems: npm
Packages: react-pdf
Source: GitHub Advisory Database
Blast Radius: 27.6
Published: 11 days ago
High
GSA_kwCzR0hTQS05YzV3LTlxM2YtM2h2N84AA70G
Minder's GitHub Webhook Handler vulnerable to DoS from un-validated requests
Ecosystems: go
Packages: github.com/stacklok/minder
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 11 days ago
High
GSA_kwCzR0hTQS13Z3JtLTY3eGYtaGhwcc4AA7z7
PDF.js vulnerable to arbitrary JavaScript execution upon opening a malicious PDF
Ecosystems: npm
Packages: pdfjs-dist
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 11 days ago
High
GSA_kwCzR0hTQS13dmh4LXE0MjctZmdoM84AA7xy
Arbitrary HTML present after sanitization because of unicode normalization
Ecosystems: pypi
Packages: html-sanitizer
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 12 days ago
High
GSA_kwCzR0hTQS0yZzY4LWMzcWMtODk4Nc4AA7xx
Werkzeug debugger vulnerable to remote execution when interacting with attacker controlled domain
Ecosystems: pypi
Packages: Werkzeug
Source: GitHub Advisory Database
Blast Radius: 36.0
Published: 12 days ago
High
GSA_kwCzR0hTQS04M3B2LXFyMzMtMnZjZs4AA7xv
Litestar and Starlite vulnerable to Path Traversal
Ecosystems: pypi
Packages: litestar, starlite
Source: GitHub Advisory Database
Blast Radius: 16.3
Published: 12 days ago
High
GSA_kwCzR0hTQS00eGM5LThobXEtajY1Ms4AA7xu
go-ethereum vulnerable to DoS via malicious p2p message
Ecosystems: go
Packages: github.com/ethereum/go-ethereum
Source: GitHub Advisory Database
Blast Radius: 28.8
Published: 12 days ago
High
GSA_kwCzR0hTQS1ncW1mLWpxZ3Ytdjhmd84AA7v4
Pterodactyl Wings vulnerable to Arbitrary File Write/Read
Ecosystems: go
Packages: github.com/pterodactyl/wings
Source: GitHub Advisory Database
Blast Radius: 2.6
Published: 15 days ago
High
GSA_kwCzR0hTQS03cGMzLXByM3EtNTh2Z84AA7v3
sagemaker-python-sdk Command Injection vulnerability
Ecosystems: pypi
Packages: sagemaker
Source: GitHub Advisory Database
Blast Radius: 22.1
Published: 15 days ago
High
GSA_kwCzR0hTQS13anZ4LWpocGotcjU0cs4AA7v2
sagemaker-python-sdk vulnerable to Deserialization of Untrusted Data
Ecosystems: pypi
Packages: sagemaker
Source: GitHub Advisory Database
Blast Radius: 22.1
Published: 15 days ago
High
GSA_kwCzR0hTQS01bTk4LXFnZzktd2g4NM4AA7vP
aiohttp vulnerable to Denial of Service when trying to parse malformed POST requests
Ecosystems: pypi
Packages: aiohttp
Source: GitHub Advisory Database
Blast Radius: 36.2
Published: 15 days ago
High
GSA_kwCzR0hTQS03OGgzLXBnNHgtajhjds4AA7ij
libxmljs vulnerable to type confusion when parsing specially crafted XML
Ecosystems: npm
Packages: libxmljs2
Source: GitHub Advisory Database
Blast Radius: 24.9
Published: 16 days ago
High
GSA_kwCzR0hTQS02NDMzLXg1cDQtOGpjN84AA7ih
libxmljs vulnerable to type confusion when parsing specially crafted XML
Ecosystems: npm
Packages: libxmljs
Source: GitHub Advisory Database
Blast Radius: 26.7
Published: 16 days ago
High
GSA_kwCzR0hTQS1tZzQ5LWpxZ3ctZ2NqNs4AA7ii
libxmljs vulnerable to type confusion when parsing specially crafted XML
Ecosystems: npm
Packages: libxmljs
Source: GitHub Advisory Database
Blast Radius: 26.7
Published: 16 days ago
High
GSA_kwCzR0hTQS1tanI0LTd4ZzUtcGZ2aM4AA7ir
libxmljs2 type confusion vulnerability when parsing specially crafted XML
Ecosystems: npm
Packages: libxmljs2
Source: GitHub Advisory Database
Blast Radius: 24.9
Published: 16 days ago
High
GSA_kwCzR0hTQS0ybXZjLTU1N2ctNTYzOM4AA7ig
pgAdmin is affected by a multi-factor authentication bypass vulnerability
Ecosystems: pypi
Packages: pgadmin4
Source: GitHub Advisory Database
Blast Radius: 12.6
Published: 16 days ago
High
GSA_kwCzR0hTQS14djY0LThwNHItOTRncc4AA7h_
pgAdmin Cross-site Scripting vulnerability in /settings/store API response json payload
Ecosystems: pypi
Packages: pgAdmin4
Source: GitHub Advisory Database
Blast Radius: 12.6
Published: 16 days ago
High
GSA_kwCzR0hTQS12NjNnLXYzMzktMjY3M84AA7fm
Jenkins Script Security Plugin has sandbox bypass vulnerability involving crafted constructor bodies
Ecosystems: maven
Packages: org.jenkins-ci.plugins:script-security
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 16 days ago
High
GSA_kwCzR0hTQS1najVtLW04OGotdjdjM84AA7fS
Apache ActiveMQ's default configuration doesn't secure the API web context
Ecosystems: maven
Packages: org.apache.activemq:apache-activemq
Source: GitHub Advisory Database
Blast Radius: 12.0
Published: 16 days ago
High
GSA_kwCzR0hTQS0zOTk5LTVmZnYtd3Aycs4AA7eJ
Yamux Memory Exhaustion Vulnerability via Active::pending_frames property
Ecosystems: cargo
Packages: yamux
Source: GitHub Advisory Database
Blast Radius: 24.4
Published: 17 days ago
High
GSA_kwCzR0hTQS05cDU3LWg5ODctNHZneM4AA7eG
Phlex vulnerable to Cross-site Scripting (XSS) via maliciously formed HTML attribute names and values
Ecosystems: rubygems
Packages: phlex
Source: GitHub Advisory Database
Blast Radius: 8.7
Published: 17 days ago
High
GSA_kwCzR0hTQS03Z3J4LWY5NDUtbWo5Ns4AA7cr
Uptime Kuma vulnerable to authenticated remote code execution via malicious plugin installation
Ecosystems: npm
Packages: uptime-kuma
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 17 days ago
High
GSA_kwCzR0hTQS1qeGdyLWdjajUtY3FxZ84AA7cp
nautobot has reflected Cross-site Scripting potential in all object list views
Ecosystems: pypi
Packages: nautobot
Source: GitHub Advisory Database
Blast Radius: 12.5
Published: 17 days ago
High
GSA_kwCzR0hTQS0yY2dxLWg4eHctMnY1as4AA7Z-
CRI-O vulnerable to an arbitrary systemd property injection
Ecosystems: go
Packages: github.com/cri-o/cri-o
Source: GitHub Advisory Database
Blast Radius: 12.9
Published: 18 days ago
High
GSA_kwCzR0hTQS02YzVwLWo4dnEtcHFoas4AA7UT
python-jose algorithm confusion with OpenSSH ECDSA keys
Ecosystems: pypi
Packages: python-jose
Source: GitHub Advisory Database
Blast Radius: 29.1
Published: 22 days ago
High
GSA_kwCzR0hTQS14NW03LTYzYzYtZng3Oc4AA7T3
Cluster Monitoring Operator contains a credentials leak
Ecosystems: go
Packages: github.com/openshift/cluster-monitoring-operator
Source: GitHub Advisory Database
Blast Radius: 10.5
Published: 23 days ago
High
GSA_kwCzR0hTQS02ZzU2LXY5cWctanA5Ms4AA7S7
Heketi Arbitrary Code Execution
Ecosystems: go
Packages: github.com/heketi/heketi
Source: GitHub Advisory Database
Blast Radius: 30.8
Published: 24 days ago
High
GSA_kwCzR0hTQS1mOXhmLWpxNGotdnF3NM4AA7Sr
Rancher does not properly specify ApiGroup when creating Kubernetes RBAC resources
Ecosystems: go
Packages: github.com/rancher/rancher
Source: GitHub Advisory Database
Blast Radius: 14.1
Published: 24 days ago
High
GSA_kwCzR0hTQS1wdnhqLTI1bTYtN3Zxcs4AA7Sq
Rancher Privilege escalation vulnerability via malicious "Connection" header
Ecosystems: go
Packages: github.com/rancher/rancher
Source: GitHub Advisory Database
Blast Radius: 14.1
Published: 24 days ago
High
GSA_kwCzR0hTQS1ndmg5LXhncnEtcjhod84AA7Sp
Rancher's Steve API Component Improper authorization check allows privilege escalation
Ecosystems: go
Packages: github.com/rancher/rancher
Source: GitHub Advisory Database
Blast Radius: 14.1
Published: 24 days ago
High
GSA_kwCzR0hTQS0yOGc3LTg5NmgtNjk1ds4AA7So
Rancher's Failure to delete orphaned role bindings does not revoke project level access from group based authentication
Ecosystems: go
Packages: github.com/rancher/rancher
Source: GitHub Advisory Database
Blast Radius: 12.8
Published: 24 days ago
High
GSA_kwCzR0hTQS05ZjhjLXBmdnYtcDRnbc4AA7Sm
Buffer Overflow in gitea
Ecosystems: go
Packages: github.com/go-gitea/gitea
Source: GitHub Advisory Database
Blast Radius: 11.3
Published: 24 days ago
High
GSA_kwCzR0hTQS1yMjNoLTNqbXctcTdocs4AA7Sh
Access Restriction Bypass in go-ipfs
Ecosystems: go
Packages: github.com/ipfs/go-ipfs
Source: GitHub Advisory Database
Blast Radius: 20.1
Published: 24 days ago
High
GSA_kwCzR0hTQS1tcTM1LXg5OXItNTRmY84AA7Se
github.com/u-root/u-root/pkg/cpio Arbitrary File Write via Archive Extraction (Zip Slip)
Ecosystems: go
Packages: github.com/u-root/u-root/pkg/cpio
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 24 days ago
High
GSA_kwCzR0hTQS01eHYzLWZtN2ctODY1cs4AA7R-
OpenMetadata vulnerable to a SpEL Injection in `GET /api/v1/policies/validation/condition/<expr>` (`GHSL-2023-236`)
Ecosystems: maven
Packages: org.open-metadata:openmetadata-service
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 24 days ago
High
GSA_kwCzR0hTQS04cDVyLTZtdnYtMjQzNc4AA7R9
OpenMetadata vulnerable to a SpEL Injection in `PUT /api/v1/events/subscriptions` (`GHSL-2023-251`)
Ecosystems: maven
Packages: org.open-metadata:openmetadata-service
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 24 days ago
High
GSA_kwCzR0hTQS02MjRnLThxamctOHF4Zs4AA7QR
Conform contains a Prototype Pollution Vulnerability in `parseWith...` function
Ecosystems: npm
Packages: @conform-to/yup, @conform-to/zod, @conform-to/dom
Source: GitHub Advisory Database
Blast Radius: 13.4
Published: 25 days ago
High
GSA_kwCzR0hTQS1wNzJxLWgzN2otM2hxN84AA7Pf
dbt uses a SQLparse version with a high vulnerability
Ecosystems: pypi
Packages: dbt-core
Source: GitHub Advisory Database
Blast Radius: 20.6
Published: 26 days ago
High
GSA_kwCzR0hTQS0zaDZjLWM0NzUtam03ds4AA7PT
Arbitrary Code Execution in Gitea
Ecosystems: go
Packages: code.gitea.io/gitea
Source: GitHub Advisory Database
Blast Radius: 11.4
Published: 26 days ago
High
GSA_kwCzR0hTQS1xbW1tLTczcjItZjh4cs4AA7PR
@hoppscotch/cli affected by Sandbox Escape in @hoppscotch/js-sandbox leads to RCE
Ecosystems: npm
Packages: @hoppscotch/cli
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 26 days ago
High
GSA_kwCzR0hTQS1qaDU3LWozdnEtaDQzOM4AA7PQ
LibreNMS vulnerable to a Time-Based Blind SQL injection leads to database extraction
Ecosystems: packagist
Packages: librenms/librenms
Source: GitHub Advisory Database
Blast Radius: 2.2
Published: 26 days ago
High
GSA_kwCzR0hTQS03Mm05LTdjOHgtcG1td84AA7PP
LibreNMS uses Improper Sanitization on Service template name leads to Stored XSS
Ecosystems: packagist
Packages: librenms/librenms
Source: GitHub Advisory Database
Blast Radius: 2.1
Published: 26 days ago
High
GSA_kwCzR0hTQS1jd3g2LWN4N3gtNHEzNM4AA7PO
LibreNMS vulnerable to SQL injection time-based leads to database extraction
Ecosystems: packagist
Packages: librenms/librenms
Source: GitHub Advisory Database
Blast Radius: 2.6
Published: 26 days ago
Statistics
Advisories: 18,774
Packages: 8,381
Repositories: 2,465
Ecosystems: 12
Filter by Severity
Moderate 8,161 High 6,452 Critical 2,849 Low 1,017
Filter by Ecosystem
maven 1,876 npm 1,408 pypi 1,200 packagist 1,073 nuget 786 go 696 cargo 324 rubygems 284 swift 16 hex 9 actions 8 pub 4
Filter by Package
Microsoft.ChakraCore 234 tensorflow 107 tensorflow-cpu 95 tensorflow-gpu 93 magento/community-edition 59 org.jenkins-ci.main:jenkins-core 48 moodle/moodle 44 com.fasterxml.jackson.core:jackson-databind 43 org.apache.tomcat:tomcat 33 dolibarr/dolibarr 31 drupal/core 30 microweber/microweber 27 pimcore/pimcore 27 drupal/drupal 26 nokogiri 25 org.apache.struts:struts2-core 23 phpmyadmin/phpmyadmin 23 com.thoughtworks.xstream:xstream 22 opencv-contrib-python 22 opencv-python 22 typo3/cms 22 Pillow 21 com.jfinal:jfinal 21 ansible 20 salt 20 django 19 github.com/rancher/rancher 19 thorsten/phpmyfaq 19 typo3/cms-core 18 org.jenkins-ci.plugins:script-security 18 librenms/librenms 18 mlflow 18 Plone 17 openssl-src 17 pocketmine/pocketmine-mp 17 getgrav/grav 16 symfony/symfony 16 org.apache.tomcat.embed:tomcat-embed-core 16 apache-airflow 16 parse-server 15 rdiffweb 15 nilsteampassnet/teampass 15 Microsoft.AspNetCore.App.Runtime.win-x86 14 Microsoft.AspNetCore.App.Runtime.win-x64 14 github.com/hashicorp/consul 14 net.mingsoft:ms-mcms 14 vyper 14 centreon/centreon 14 Microsoft.AspNetCore.App.Runtime.win-arm 13 github.com/usememos/memos 13 rubygems-update 13 golang.org/x/net 13 Microsoft.AspNetCore.App.Runtime.osx-x64 12 Microsoft.AspNetCore.App.Runtime.linux-x64 12 Microsoft.AspNetCore.App.Runtime.linux-musl-x64 12 Microsoft.AspNetCore.App.Runtime.linux-arm 12 org.keycloak:keycloak-core 12 baserproject/basercms 12 Microsoft.AspNetCore.App.Runtime.linux-musl-arm64 12 org.apache.openmeetings:openmeetings-parent 12 electron 12 Microsoft.AspNetCore.App.Runtime.linux-arm64 12 activerecord 12 Microsoft.AspNetCore.App.Runtime.win-arm64 12 intelliants/subrion 11 github.com/argoproj/argo-cd 11 mautic/core 11 github.com/hashicorp/vault 11 github.com/nats-io/nats-server/v2 11 actionpack 11 org.keycloak:keycloak-parent 11 io.undertow:undertow-core 11 keystone 10 shopware/platform 10 org.springframework.security:spring-security-core 10 cobbler 10 Django 10 org.apache.nifi:nifi 10 org.xwiki.platform:xwiki-platform-oldcore 10 cockpit-hq/cockpit 10 froxlor/froxlor 10 openmage/magento-lts 10 github.com/hashicorp/nomad 10 matrix-synapse 10 org.bouncycastle:bcprov-jdk14 9 craftcms/cms 9 ckb 9 github.com/ethereum/go-ethereum 9 Microsoft.NetCore.App.Runtime.win-arm 9 org.apache.hadoop:hadoop-main 9 mercurial 9 Microsoft.NetCore.App.Runtime.win-arm64 9 org.apache.struts.xwork:xwork-core 9 org.cloudfoundry.identity:cloudfoundry-identity-server 9 Microsoft.NetCore.App.Runtime.win-x64 9 rusqlite 9 Microsoft.NetCore.App.Runtime.win-x86 9 org.apache.geode:geode-core 9 org.apache.solr:solr-core 9 laravel/framework 9 Microsoft.NETCore.App.Runtime.win-arm64 8 Microsoft.NETCore.App.Runtime.win-x64 8 gradio 8 Microsoft.NETCore.App.Runtime.win-x86 8 shopware/core 8 Microsoft.AspNetCore.App.Runtime.linux-musl-arm 8 org.bouncycastle:bcprov-jdk15 8 org.keycloak:keycloak-services 8 github.com/sylabs/singularity 8 october/system 8 cn.hutool:hutool-core 7 DotNetNuke.Core 7 tar 7 com.liferay.portal:release.portal.bom 7 snipe/snipe-it 7 apache-superset 7 com.xuxueli:xxl-job 7 strapi 7 org.elasticsearch:elasticsearch 7 deno 7 cakephp/cakephp 7 org.eclipse.jetty:jetty-server 7 symfony/security 7 phpmailer/phpmailer 7 pillow 7 org.apache.commons:commons-compress 7 magento/core 7 next 7 gogs.io/gogs 7 codeigniter4/framework 7 org.craftercms:crafter-studio 7 org.jenkins-ci.plugins.workflow:workflow-cps-global-lib 7 smarty/smarty 7 org.springframework:spring-core 7 org.jenkins-ci.plugins.workflow:workflow-cps 7 org.apache.inlong:manager-pojo 7 github.com/docker/docker 7 cryptography 6 Microsoft.NETCore.App 6 waitress 6 contao/core-bundle 6 contao/contao 6 Microsoft.AspNetCore.All 6 rack 6 sequelize 6 guzzlehttp/guzzle 6 ezsystems/ezpublish-kernel 6 github.com/hyperledger/fabric 6 @strapi/strapi 6 @openzeppelin/contracts 6 org.apache.camel:camel-core 6 opencv-python-headless 6 Microsoft.AspNetCore.App.Runtime.osx-arm64 6 opencv-contrib-python-headless 6 github.com/gravitl/netmaker 6 github.com/grafana/grafana 6 org.apache.tomcat:tomcat-coyote 6 nautobot 6 sized-chunks 6 kiwitcms 6 golang.org/x/crypto 6 org.apache.tika:tika-core 6 symfony/security-http 6 wwbn/avideo 6 prestashop/prestashop 6 npm 6 composer/composer 6 k8s.io/kubernetes 6 de.tum.in.ase:artemis-java-test-sandbox 6 express-cart 6 github.com/traefik/traefik/v2 6 github.com/zitadel/zitadel 6 istio.io/istio 6 org.apache.cxf:cxf 6 handlebars 6 org.xwiki.platform:xwiki-platform-web 5 pear/archive_tar 5 directus 5 org.apache.xmlgraphics:batik 5 phpbb/phpbb 5 zope 5 Microsoft.WindowsDesktop.App.Runtime.win-x86 5 Microsoft.WindowsDesktop.App.Runtime.win-x64 5 OPCFoundation.NetStandard.Opc.Ua.Core 5 getkirby/cms 5 org.apache.mesos:mesos 5 com.vaadin:vaadin-bom 5 ezsystems/ezpublish-legacy 5 @openzeppelin/contracts-upgradeable 5 plone 5 genix/cms 5 github.com/nats-io/jwt 5 CefSharp.Common 5 org.apache.tomcat:tomcat-catalina 5 github.com/cilium/cilium 5 forkcms/forkcms 5 serve 5 github.com/go-gitea/gitea 5 github.com/answerdev/answer 5 aubio 5
Filter by Repository
https://github.com/chakra-core/ChakraCore 204 https://github.com/tensorflow/tensorflow 107 https://github.com/xwiki/xwiki-platform 48 https://github.com/FasterXML/jackson-databind 44 https://github.com/jenkinsci/jenkins 36 https://github.com/apache/tomcat 34 https://github.com/django/django 26 https://github.com/python-pillow/Pillow 26 https://github.com/apache/airflow 25 https://github.com/pimcore/pimcore 25 https://github.com/microweber/microweber 25 https://github.com/moodle/moodle 24 https://github.com/keycloak/keycloak 22 https://github.com/apache/struts 22 https://github.com/x-stream/xstream 22 https://github.com/opencv/opencv 21 https://github.com/sparklemotion/nokogiri 20 https://github.com/Dolibarr/dolibarr 19 https://github.com/thorsten/phpmyfaq 18 https://github.com/pmmp/PocketMine-MP 17 https://github.com/dotnet/runtime 17 https://github.com/rancher/rancher 16 https://github.com/spring-projects/spring-framework 16 https://github.com/symfony/symfony 16 https://github.com/ansible/ansible 15 https://github.com/ikus060/rdiffweb 15 https://github.com/parse-community/parse-server 15 https://github.com/github/advisory-database 14 https://github.com/apache/inlong 14 https://github.com/librenms/librenms 14 https://github.com/vyperlang/vyper 14 https://github.com/getgrav/grav 14 https://github.com/mlflow/mlflow 13 https://github.com/usememos/memos 13 https://github.com/jenkinsci/script-security-plugin 13 https://github.com/rails/rails 12 https://github.com/hashicorp/consul 11 https://github.com/mautic/mautic 11 https://github.com/electron/electron 11 https://github.com/apache/nifi 11 https://github.com/centreon/centreon 10 https://github.com/OpenMage/magento-lts 10 https://github.com/go-gitea/gitea 10 https://github.com/argoproj/argo-cd 10 https://github.com/octobercms/october 10 https://github.com/strapi/strapi 9 https://github.com/golang/go 9 https://github.com/cui2shark/cms 9 https://github.com/openstack/keystone 9 https://github.com/rusqlite/rusqlite 9 https://github.com/apache/camel 9 https://github.com/cloudfoundry/uaa 9 https://github.com/nilsteampassnet/teampass 9 https://github.com/kubernetes/kubernetes 9 https://github.com/nervosnetwork/ckb 9 https://github.com/TYPO3/TYPO3.CMS 8 https://github.com/cobbler/cobbler 8 https://github.com/gradio-app/gradio 8 https://github.com/cockpit-hq/cockpit 8 https://github.com/nats-io/nats-server 8 https://github.com/denoland/deno 8 https://github.com/bcgit/bc-java 8 https://github.com/matrix-org/synapse 8 https://github.com/shopware/platform 8 https://github.com/netty/netty 7 https://github.com/dotnet/aspnetcore 7 https://github.com/PHPMailer/PHPMailer 7 https://github.com/eclipse/jetty.project 7 https://github.com/spring-projects/spring-security 7 https://github.com/undertow-io/undertow 7 https://github.com/snipe/snipe-it 7 https://github.com/hashicorp/vault 7 https://github.com/laravel/framework 7 https://github.com/rubygems/rubygems 7 https://github.com/DSpace/DSpace 7 https://github.com/apache/activemq 7 https://github.com/plone/Products.CMFPlone 7 https://github.com/apache/cxf 7 https://github.com/nautobot/nautobot 6 https://github.com/DrunkenShells/Disclosures 6 https://github.com/istio/istio 6 https://github.com/PaddlePaddle/Paddle 6 https://github.com/hyperledger/fabric 6 https://github.com/OpenNMS/opennms 6 https://github.com/intelliants/subrion 6 https://github.com/smarty-php/smarty 6 https://github.com/pyca/cryptography 6 https://github.com/CVEProject/cvelist 6 https://github.com/xuxueli/xxl-job 6 https://github.com/saltstack/salt 6 https://github.com/TYPO3/typo3 6 https://github.com/guzzle/guzzle 6 https://github.com/sequelize/sequelize 6 https://github.com/kiwitcms/Kiwi 6 https://github.com/contao/contao 6 https://github.com/bodil/sized-chunks 6 https://github.com/dnnsoftware/Dnn.Platform 6 https://github.com/phpmyadmin/phpmyadmin 6 https://github.com/dromara/hutool 6 https://github.com/gravitl/netmaker 6 https://github.com/zitadel/zitadel 6 https://github.com/OpenZeppelin/openzeppelin-contracts 6 https://github.com/Pylons/waitress 6 https://github.com/ls1intum/Ares 6 https://github.com/magento/magento2 6 https://github.com/npm/node-tar 6 https://github.com/OPCFoundation/UA-.NETStandard 6 https://github.com/nilsteampassnet/TeamPass 6 https://github.com/WWBN/AVideo 6 https://github.com/backstage/backstage 6 https://github.com/opencast/opencast 6 https://github.com/froxlor/froxlor 6 https://github.com/ethereum/go-ethereum 5 https://github.com/hpcng/singularity 5 https://github.com/cilium/cilium 5 https://github.com/apache/hadoop 5 https://github.com/drupal/core 5 https://github.com/getkirby/kirby 5 https://github.com/PrestaShop/PrestaShop 5 https://github.com/directus/directus 5 https://github.com/forkcms/forkcms 5 https://github.com/composer/composer 5 https://github.com/pear/Archive_Tar 5 https://github.com/zopefoundation/Zope 5 https://github.com/geoserver/geoserver 5 https://github.com/vercel/next.js 5 https://github.com/aubio/aubio 5 https://github.com/BlackFan/client-side-prototype-pollution 5 https://github.com/gogs/gogs 5 https://github.com/answerdev/answer 5 https://github.com/docker/docker 5 https://github.com/apache/xmlgraphics-batik 5 https://github.com/traefik/traefik 5 https://github.com/codeigniter4/CodeIgniter4 5 https://github.com/cakephp/cakephp 5 https://github.com/matrix-org/matrix-js-sdk 5 https://github.com/twisted/twisted 5 https://github.com/apache/kylin 5 https://github.com/apache/dolphinscheduler 5 https://github.com/protocolbuffers/protobuf 5 https://github.com/cefsharp/CefSharp 5 https://github.com/grafana/grafana 5 https://github.com/IBAX-io/go-ibax 5 https://github.com/faisalman/ua-parser-js 5 https://github.com/ericcornelissen/shescape 4 https://github.com/jenkinsci/workflow-cps-global-lib-plugin 4 https://github.com/playframework/playframework 4 https://github.com/containers/podman 4 https://github.com/tidwall/gjson 4 https://github.com/jettison-json/jettison 4 https://github.com/vantage6/vantage6 4 https://github.com/fiveai/Cachet 4 https://github.com/kubernetes/ingress-nginx 4 https://github.com/apache/geode 4 https://github.com/yiisoft/yii2 4 https://github.com/totaljs/framework 4 https://github.com/bolt/bolt 4 https://github.com/phpseclib/phpseclib 4 https://github.com/opencontainers/runc 4 https://github.com/apple/swift-nio-http2 4 https://github.com/scrapy/scrapy 4 https://github.com/PrismJS/prism 4 https://github.com/free5gc/free5gc 4 https://github.com/Codiad/Codiad 4 https://github.com/0xJacky/nginx-ui 4 https://github.com/hashicorp/nomad 4 https://github.com/nocodb/nocodb 4 https://github.com/containers/buildah 4 https://github.com/quarkusio/quarkus 4 https://github.com/livehelperchat/livehelperchat 4 https://github.com/baserproject/basercms 4 https://github.com/ethyca/fides 4 https://github.com/pgadmin-org/pgadmin4 4 https://github.com/wixtoolset/issues 4 https://github.com/pimcore/admin-ui-classic-bundle 4 https://github.com/cri-o/cri-o 4 https://github.com/igniterealtime/Openfire 4 https://github.com/RaspAP/raspap-webgui 4 https://github.com/ckeditor/ckeditor4 4 https://github.com/npm/cli 4 https://github.com/cloudflare/cfrpki 4 https://github.com/libp2p/go-libp2p 4 https://github.com/statamic/cms 4 https://github.com/centreon/centreon-archived 4 https://github.com/surrealdb/surrealdb 4 https://github.com/restlet/restlet-framework-java 4 https://github.com/jnqnfe/pulse-binding-rust 4 https://github.com/Froxlor/Froxlor 4 https://github.com/nightcloudos/new_cms 4 https://github.com/jhipster/generator-jhipster 4 https://github.com/ezsystems/ezpublish-legacy 4 https://github.com/jeecgboot/jeecg-boot 4 https://github.com/jfhbrook/node-ecstatic 3 https://github.com/dpgaspar/Flask-AppBuilder 3 https://github.com/phusion/passenger 3 https://github.com/grpc/grpc 3 https://github.com/jupyterhub/oauthenticator 3 https://gitlab.com/edneville/please 3 https://github.com/edgelesssys/constellation 3