Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Low Security Advisories

Browse all Security Advisories for Low

Loading...
Low
GSA_kwCzR0hTQS14djY4LXJybXctOXh3Zs4AA_rg
Mautic vulnerable to Cross-site Scripting (XSS) - stored (edit form HTML field)
Ecosystems: packagist
Packages: mautic/core-lib, mautic/core
Source: GitHub Advisory Database
Blast Radius: 5.6
Published: 2 days ago
Low
GSA_kwCzR0hTQS1oOTJxLWZncHAtcWhycc4AA_rV
CoreDNS Cache Poisoning via a birthday attack
Ecosystems: go
Packages: github.com/coredns/coredns
Source: GitHub Advisory Database
Blast Radius: 11.6
Published: 2 days ago
Low
GSA_kwCzR0hTQS1qaGc2LTZxcngtMzhtcs4AA_rH
SpiceDB having multiple caveats on resources of the same type may improperly result in no permission
Ecosystems: go
Packages: github.com/authzed/spicedb
Source: GitHub Advisory Database
Blast Radius: 4.6
Published: 2 days ago
Low
GSA_kwCzR0hTQS1wNzJ3LXI2ZnYtNmc1aM4AA_m_
druid-pac4j, Apache Druid extension, has Padding Oracle vulnerability
Ecosystems: maven
Packages: org.apache.druid.extensions:druid-pac4j
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 days ago
Low
GSA_kwCzR0hTQS1qaDY2LTM1NDUtdnBtN84AA_nI
Apache Druid: Users can provide MySQL JDBC properties not on allow list
Ecosystems: maven
Packages: org.apache.druid:druid
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 days ago
Low
GSA_kwCzR0hTQS0yMzI2LXBmcGotdngzaM4AA_kC
lexical-core has multiple soundness issues
Ecosystems: cargo
Packages: lexical-core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 days ago
Low
GSA_kwCzR0hTQS01Nzc3LXJjamotOXAyMs4AA_j9
Mattermost Desktop App fails to safeguard screen capture functionality
Ecosystems: npm
Packages: mattermost-desktop
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 days ago
Low
GSA_kwCzR0hTQS14Z3E5LTdndzYtanI1cs4AA_j6
Mattermost Desktop App fails to sufficiently configure Electron Fuses
Ecosystems: npm
Packages: mattermost-desktop
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 days ago
Low
GSA_kwCzR0hTQS1tcW05LWM5NWgteDJwNs4AA_YR
AngularJS allows attackers to bypass common image source restrictions
Ecosystems: npm
Packages: angular
Source: GitHub Advisory Database
Blast Radius: 22.8
Published: 11 days ago
Low
GSA_kwCzR0hTQS1tOWdmLTM5N3ItaHdwZ84AA_YN
AngularJS allows attackers to bypass common image source restrictions
Ecosystems: npm
Packages: angular
Source: GitHub Advisory Database
Blast Radius: 22.8
Published: 11 days ago
Low
GSA_kwCzR0hTQS1jcTM4LWpoNWYtMzdtcc4AA_TY
sigstore-go has an unbounded loop over untrusted input can lead to endless data attack
Ecosystems: go
Packages: github.com/sigstore/sigstore-go
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 16 days ago
Low
GSA_kwCzR0hTQS1mdzVyLTZtM3gtcmg3cM4AA_TB
Flask-AppBuilder's login form allows browser to cache sensitive fields
Ecosystems: pypi
Packages: flask-appbuilder
Source: GitHub Advisory Database
Blast Radius: 10.0
Published: 16 days ago
Low
GSA_kwCzR0hTQS0yaDQ2LThnZjUtZm14ds4AA_S_
Timing-Based Username Enumeration Vulnerability in Fides Webserver Authentication
Ecosystems: pypi
Packages: ethyca-fides
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 16 days ago
Low
GSA_kwCzR0hTQS12MjZyLTRjOWMtaDNqNs4AA_QH
gix-path uses local config across repos when it is the highest scope
Ecosystems: cargo
Packages: gix-path
Source: GitHub Advisory Database
Blast Radius: 7.3
Published: 17 days ago
Low
GSA_kwCzR0hTQS1qZnZwLTd4NnAtaDJwds4AA_QD
runc can be confused to create empty files/directories on the host
Ecosystems: go
Packages: github.com/opencontainers/runc
Source: GitHub Advisory Database
Blast Radius: 16.0
Published: 17 days ago
Low
GSA_kwCzR0hTQS03ajlwLTY3bW0tNWc4N84AA_D0
LTI 1.3 Grade Pass Back Implementation has Missing Authorization Vulnerability
Ecosystems: pypi
Packages: lti-consumer-xblock
Source: GitHub Advisory Database
Blast Radius: 6.3
Published: 21 days ago
Low
GSA_kwCzR0hTQS05Y2Z2LTk0NjMtOGdxds4AA_Dy
freewvs vulnerable to denial of service through large files
Ecosystems: pypi
Packages: freewvs
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 21 days ago
Low
GSA_kwCzR0hTQS03cG1oLXZyd3ctMjV4eM4AA_Dx
freewvs's nested directory structure can interrupt scan
Ecosystems: pypi
Packages: freewvs
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 21 days ago
Low
GSA_kwCzR0hTQS1tZ3dyLWg3bXYtZmgyOc4AA_B2
Hwameistor Potential Permission Leakage of Cluster Level
Ecosystems: go
Packages: github.com/hwameistor/hwameistor
Source: GitHub Advisory Database
Blast Radius: 0.7
Published: 22 days ago
Low
GSA_kwCzR0hTQS1tZzhqLXc5M3cteGpnY84AA_BD
Drupal Full Path Disclosure
Ecosystems: packagist
Packages: drupal/core, drupal/core-recommended, drupal/drupal
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 23 days ago
Low
GSA_kwCzR0hTQS0zajk1LThnNDctZnB3aM4AA-4h
Mattermost allows team admin user without "Add Team Members" permission to disable invite URL
Ecosystems: go
Packages: github.com/mattermost/mattermost/server/v8
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 29 days ago
Low
GSA_kwCzR0hTQS04OGcyLXI5cnctZzU1aM4AA-4b
gitoxide-core does not neutralize special characters for terminals
Ecosystems: cargo
Packages: gitoxide-core, gitoxide
Source: GitHub Advisory Database
Blast Radius: 0.8
Published: 29 days ago
Low
GSA_kwCzR0hTQS02djk2LW0yNHYtZjU4as4AA-1-
CKEditor4 low-risk cross-site scripting (XSS) vulnerability linked to potential domain takeover
Ecosystems: npm
Packages: ckeditor4
Source: GitHub Advisory Database
Blast Radius: 8.5
Published: about 1 month ago
Low
GSA_kwCzR0hTQS0zcjc0LXY4M3AtZjRmNM4AA-xT
Trufflehog vulnerable to Blind SSRF in some Detectors
Ecosystems: go
Packages: github.com/trufflesecurity/trufflehog/v3
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 month ago
Low
GSA_kwCzR0hTQS1oNmpxLXc0MzItajI2d84AA-ty
Silverpeas vulnerable to password complexity rule bypass
Ecosystems: maven
Packages: org.silverpeas.core:silverpeas-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 month ago
Low
GSA_kwCzR0hTQS1jNDd3LTltY2Ytdzk3Ms4AA-hx
Concrete CMS vulnerable to Stored Cross-site Scripting
Ecosystems: packagist
Packages: concrete5/concrete5
Source: GitHub Advisory Database
Blast Radius: 1.7
Published: about 1 month ago
Low
GSA_kwCzR0hTQS1xNXd4LW05NXItNGNnY84AA-iF
Concrete CMS Stored Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: concrete5/concrete5
Source: GitHub Advisory Database
Blast Radius: 2.5
Published: about 1 month ago
Low
GSA_kwCzR0hTQS13Nmo2LXc2angtdmYycs4AA-gS
Concrete CMS Stored XSS in getAttributeSetName
Ecosystems: packagist
Packages: concrete5/concrete5
Source: GitHub Advisory Database
Blast Radius: 1.7
Published: about 1 month ago
Low
GSA_kwCzR0hTQS1tM3JoLWN2cjUteDZxNM4AA-gF
CosmWasm wasmd has large address count in ValidateBasic
Ecosystems: go
Packages: github.com/CosmWasm/wasmd
Source: GitHub Advisory Database
Blast Radius: 8.9
Published: about 1 month ago
Low
GSA_kwCzR0hTQS05MzU1LTI3bTgtaDc0ds4AA-Yv
Owncast Path Traversal vulnerability
Ecosystems: go
Packages: github.com/owncast/owncast
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
Low
GSA_kwCzR0hTQS13OXBnLTdjM2gtZmM4as4AA-Xn
ipl/web's `ipl\Web\Common\CsrfCounterMeasure` is susceptible to CSRF
Ecosystems: packagist
Packages: ipl/web
Source: GitHub Advisory Database
Blast Radius: 2.4
Published: about 2 months ago
Low
GSA_kwCzR0hTQS05Nzd4LWc3aDUtN3Fnd84AA-Vv
Elliptic's ECDSA missing check for whether leading bit of r and s is zero
Ecosystems: npm
Packages: elliptic
Source: GitHub Advisory Database
Blast Radius: 30.9
Published: about 2 months ago
Low
GSA_kwCzR0hTQS1mN3E0LXB3YzYtdzI0cM4AA-Vu
Elliptic's EDDSA missing signature length check
Ecosystems: npm
Packages: elliptic
Source: GitHub Advisory Database
Blast Radius: 30.9
Published: about 2 months ago
Low
GSA_kwCzR0hTQS00OXE3LWM3ajQtM3A3bc4AA-Vw
Elliptic allows BER-encoded signatures
Ecosystems: npm
Packages: elliptic
Source: GitHub Advisory Database
Blast Radius: 30.9
Published: about 2 months ago
Low
GSA_kwCzR0hTQS0zY3BmLWptbWMtOGptM84AA-Us
Concrete CMS vulnerable to Stored Cross-site Scripting
Ecosystems: packagist
Packages: concrete5/concrete5
Source: GitHub Advisory Database
Blast Radius: 2.6
Published: about 2 months ago
Low
GSA_kwCzR0hTQS12dnBnLTU1cDctNWg4d84AA-UY
Mattermost did not properly restrict channel creation
Ecosystems: go
Packages: github.com/mattermost/mattermost/server/v8
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
Low
GSA_kwCzR0hTQS05ZnB3LWM5eDctY3Yzas4AA-Ua
Mattermost allows remote actor to set arbitrary RemoteId values for synced users
Ecosystems: go
Packages: github.com/mattermost/mattermost/server/v8
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
Low
GSA_kwCzR0hTQS1qcTNnLXhxcHgtMzd4M84AA-UR
Mattermost failed to properly validate synced reactions
Ecosystems: go
Packages: github.com/mattermost/mattermost/server/v8
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
Low
GSA_kwCzR0hTQS1wOXc0LTU4NWgtZzNjN84AA-TH
biscuit-auth vulnerable to public key confusion in third party block
Ecosystems: cargo
Packages: biscuit-auth
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: about 2 months ago
Low
GSA_kwCzR0hTQS01aGNqLXJ3bTYteG13NM4AA-TA
biscuit-java vulnerable to public key confusion in third party block
Ecosystems: maven
Packages: org.biscuitsec:biscuit
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 months ago
Low
GSA_kwCzR0hTQS0zamNnLXZ4N2YtajZxZs4AA-RP
The fuels-ts typescript SDK has no awareness of to-be-spent transactions
Ecosystems: npm
Packages: @fuel-ts/account
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 months ago
Low
GSA_kwCzR0hTQS02NmZ3LTQzaDgtZjhwM84AA-I3
XMP Toolkit's `XmpFile::close` can trigger undefined behavior
Ecosystems: cargo
Packages: xmp_toolkit
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
Low
GSA_kwCzR0hTQS1jeDdoLWg4N3ItanBncs4AA-Hz
The kstring integration in gix-attributes is unsound
Ecosystems: cargo
Packages: gix-attributes
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
Low
GSA_kwCzR0hTQS1xNDdwLXY1cnctdjU3NM4AA-FC
Ankitects Anki LaTeX Blocklist Bypass vulnerability
Ecosystems: pypi
Packages: anki
Source: GitHub Advisory Database
Blast Radius: 5.6
Published: 2 months ago
Low
GSA_kwCzR0hTQS1yd2NqLTdqanAtNHczOM4AA-A0
[PUNCIA] [CWE-319] Cleartext Transmission of Sensitive Information via HTTP urls in `API_URLS`
Ecosystems: pypi
Packages: puncia
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 2 months ago
Low
GSA_kwCzR0hTQS00bWdnLWZxZnEtNjRoZ84AA-AU
Apache CXF allows unrestricted memory consumption in CXF HTTP clients
Ecosystems: maven
Packages: org.apache.cxf:cxf-rt-transports-http
Source: GitHub Advisory Database
Blast Radius: 15.0
Published: 2 months ago
Low
GSA_kwCzR0hTQS1nOTJqLXFobWgtNjR2Ms4AA9_r
Sentry's Python SDK unintentionally exposes environment variables to subprocesses
Ecosystems: pypi
Packages: sentry-sdk
Source: GitHub Advisory Database
Blast Radius: 10.3
Published: 2 months ago
Low
GSA_kwCzR0hTQS1qOGNtLWc3cjYtaGZwcc4AA9-3
vodozemac's usage of non-constant time base64 decoder could lead to leakage of secret key material
Ecosystems: cargo
Packages: vodozemac
Source: GitHub Advisory Database
Blast Radius: 5.1
Published: 2 months ago
Low
GSA_kwCzR0hTQS12bWNwLTY2cjUtM3BjcM4AA9-0
Steeltoe Leaks Basic Auth Credentials to Logs After Fetch Registry Error
Ecosystems: nuget
Packages: Steeltoe.Discovery.ClientAutofac, Steeltoe.Discovery.ClientCore, Steeltoe.Discovery.EurekaBase, Steeltoe.Discovery.Eureka
Source: GitHub Advisory Database
Blast Radius: 0.8
Published: 2 months ago
Low
GSA_kwCzR0hTQS01eGdqLXBtamotZ3c0Oc4AA95u
RISC Zero zkVM notes on zero-knowledge
Ecosystems: cargo
Packages: risc0-zkvm
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 months ago
Low
GSA_kwCzR0hTQS0zNDJxLTJtYzItNWdtcM4AA95a
@jmondi/url-to-png enables capture screenshot of localhost web services (unauthenticated pages)
Ecosystems: npm
Packages: @jmondi/url-to-png
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 2 months ago
Low
GSA_kwCzR0hTQS0zZzkyLXc4YzUtNzNwcc4AA9rQ
Undici vulnerable to data leak when using response.arrayBuffer()
Ecosystems: npm
Packages: undici
Source: GitHub Advisory Database
Blast Radius: 10.0
Published: 2 months ago
Low
GSA_kwCzR0hTQS0zdjMzLTN3bXctMzc4Nc4AA9n3
yt-dlp has dependency on potentially malicious third-party code in Douyu extractors
Ecosystems: pypi
Packages: yt-dlp
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 months ago
Low
GSA_kwCzR0hTQS14cjdxLWp4NG0teDU1bc4AA9m4
Private tokens could appear in logs if context containing gRPC metadata is logged in github.com/grpc/grpc-go
Ecosystems: go
Packages: google.golang.org/grpc
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
Low
GSA_kwCzR0hTQS0yNDh2LTM0NnctOWN3Y84AA9m3
Certifi removes GLOBALTRUST root certificate
Ecosystems: pypi
Packages: certifi
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
Low
GSA_kwCzR0hTQS1qajY4LWNwNHYtOThxZs4AA9d2
aimeos/ai-admin-graphql improper access control vulnerability allows editors to manage own services
Ecosystems: packagist
Packages: aimeos/ai-admin-graphql
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: 3 months ago
Low
GSA_kwCzR0hTQS1jdnc0LWM2OWctN3Y3bc4AA9d0
Inclusion of Untrusted polyfill.io Code Vulnerability in fides.js
Ecosystems: pypi
Packages: ethyca-fides
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 months ago
Low
GSA_kwCzR0hTQS05MzQ0LXA4NDctcW01Y84AA9Xy
Low severity (DoS) vulnerability in sequoia-openpgp
Ecosystems: cargo
Packages: sequoia-openpgp
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
Low
GSA_kwCzR0hTQS14ZngzLWNyNzQteDNjds4AA9Xv
Exposure of secrets through system log in Jenkins Structs Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:structs
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 months ago
Low
GSA_kwCzR0hTQS12MnZmLWp2ODgtM2ZwNc4AA9Xp
October System module has an Open Redirect for Administrator Accounts
Ecosystems: packagist
Packages: october/system
Source: GitHub Advisory Database
Blast Radius: 8.9
Published: 3 months ago
Low
GSA_kwCzR0hTQS1yanc4LXY3cnItcjU2M84AA9Xl
October System module has a Reflected XSS via X-October-Request-Handler Header
Ecosystems: packagist
Packages: october/system
Source: GitHub Advisory Database
Blast Radius: 7.8
Published: 3 months ago
Low
GSA_kwCzR0hTQS05NGNjLXhqeHItcHd2Zs4AA9WR
DSpace Cross Site Scripting (XSS) via a deposited HTML/XML document
Ecosystems: maven
Packages: org.dspace:dspace-server-webapp
Source: GitHub Advisory Database
Blast Radius: 3.9
Published: 3 months ago
Low
GSA_kwCzR0hTQS1jMjVoLWMyN3EtNXFwds4AA9SS
Keycloak leaks configured LDAP bind credentials through the Keycloak admin console
Ecosystems: maven
Packages: org.keycloak:keycloak-ldap-federation
Source: GitHub Advisory Database
Blast Radius: 4.7
Published: 3 months ago
Low
GSA_kwCzR0hTQS1ncmp2LWdqZ3ItNjZnMs4AA9Px
SpiceDB exclusions can result in no permission returned when permission expected
Ecosystems: go
Packages: github.com/authzed/spicedb
Source: GitHub Advisory Database
Blast Radius: 4.6
Published: 3 months ago
Low
GSA_kwCzR0hTQS14Z3FtLXdwN3ctbWdnMs4AA9GA
Mattermost Desktop App allows for bypassing TCC restrictions on macOS
Ecosystems: npm
Packages: mattermost-desktop
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
Low
GSA_kwCzR0hTQS05eHBqLTYybW0tMjRoMs4AA9GF
Apache Airflow does not return the "Cache-Control" header for dynamic content
Ecosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
Low
GSA_kwCzR0hTQS0zMmNqLTV3eDQtZ3E4cM4AA8_N
HashiCorp Vault Incorrectly Validated JSON Web Tokens (JWT) Audience Claims
Ecosystems: go
Packages: github.com/hashicorp/vault
Source: GitHub Advisory Database
Blast Radius: 8.8
Published: 3 months ago
Low
GSA_kwCzR0hTQS1jcTQyLXZodjcteHI3cM4AA8_H
Keycloak Denial of Service via account lockout
Ecosystems: maven
Packages: org.keycloak:keycloak-services
Source: GitHub Advisory Database
Blast Radius: 10.2
Published: 3 months ago
Low
GSA_kwCzR0hTQS00dmM4LXBnNWMtdmc0eM4AA8_G
Keycloak's improper input validation allows using email as username
Ecosystems: maven
Packages: org.keycloak:keycloak-services
Source: GitHub Advisory Database
Blast Radius: 10.2
Published: 3 months ago
Low
GSA_kwCzR0hTQS02ajg5LWZyeGMtcTI2bc4AA8_C
@strapi/plugin-content-manager leaks data via relations via the Admin Panel
Ecosystems: npm
Packages: @strapi/plugin-content-manager
Source: GitHub Advisory Database
Blast Radius: 7.9
Published: 3 months ago
Low
GSA_kwCzR0hTQS12OTk0LWY4dnctZzdqNM4AA84U
`docker cp` allows unexpected chmod of host files in Moby Docker Engine
Ecosystems: go
Packages: github.com/docker/docker
Source: GitHub Advisory Database
Blast Radius: 12.9
Published: 3 months ago
Low
GSA_kwCzR0hTQS05OWhtLTg2aDctZ3IzZ84AA81n
zenml-io/zenml does not expire the session after password reset
Ecosystems: pypi
Packages: zenml
Source: GitHub Advisory Database
Blast Radius: 6.4
Published: 3 months ago
Low
GSA_kwCzR0hTQS01NWYzLTNxdmctOHB2Nc4AA8zV
Symlink bypasses filesystem sandbox
Ecosystems: cargo
Packages: wasmer
Source: GitHub Advisory Database
Blast Radius: 8.3
Published: 4 months ago
Low
GSA_kwCzR0hTQS12d2dmLTdmOWgtaDQ5Oc4AA8w7
Cross site scripting in zenml
Ecosystems: pypi
Packages: zenml
Source: GitHub Advisory Database
Blast Radius: 5.6
Published: 4 months ago
Low
GSA_kwCzR0hTQS1jNTQ2LThqbXEtaHByas4AA8w2
Race condition in zenml
Ecosystems: pypi
Packages: zenml
Source: GitHub Advisory Database
Blast Radius: 5.1
Published: 4 months ago
Low
GSA_kwCzR0hTQS1qNTI3LXY1NzktbTk4aM4AA8xd
Improper authentication in zenml
Ecosystems: pypi
Packages: zenml
Source: GitHub Advisory Database
Blast Radius: 5.4
Published: 4 months ago
Low
GSA_kwCzR0hTQS1weHY4LXFocmgtamM3ds4AA8wK
evmos allows transferring unvested tokens after delegations
Ecosystems: go
Packages: github.com/evmos/evmos/v6, github.com/evmos/evmos/v7, github.com/evmos/evmos/v8, github.com/evmos/evmos/v9, github.com/evmos/evmos/v10, github.com/evmos/evmos/v11, github.com/evmos/evmos/v12, github.com/evmos/evmos/v13, github.com/evmos/evmos/v14, github.com/evmos/evmos/v15, github.com/evmos/evmos/v16, github.com/evmos/evmos/v17
Source: GitHub Advisory Database
Blast Radius: 1.7
Published: 4 months ago
Low
GSA_kwCzR0hTQS01MnhmLTVwMm0tOXdyds4AA8wF
s2n-tls has a potentially observable differences in RSA premaster secret handling
Ecosystems: cargo
Packages: s2n-tls
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 months ago
Low
GSA_kwCzR0hTQS0zcDR4LWdycG0teHc1OM4AA8wD
Password hash exposed in CraftCMS two factor authentication plugin
Ecosystems: packagist
Packages: born05/craft-twofactorauthentication
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 months ago
Low
GSA_kwCzR0hTQS1oOTM0LWY0bTQtd2M4eM4AA8uc
Typo3 Information Disclosure in Page Tree
Ecosystems: packagist
Packages: typo3/cms
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 months ago
Low
GSA_kwCzR0hTQS1jN3A2LTNjOWMtZjg4cc4AA8uE
Information Disclosure in TYPO3 CMS
Ecosystems: packagist
Packages: typo3/cms
Source: GitHub Advisory Database
Blast Radius: 9.7
Published: 4 months ago
Low
GSA_kwCzR0hTQS00bTNnLTZyN2ctanY0Zs4AA8t0
Arbitrary JavaScript execution due to using outdated libraries
Ecosystems: pypi
Packages: gradio_pdf
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 months ago
Low
GSA_kwCzR0hTQS12dzYzLTgyNHYtcWYyas4AA8mZ
SQL Injection in Harbor scan log API
Ecosystems: go
Packages: github.com/goharbor/harbor
Source: GitHub Advisory Database
Blast Radius: 1.6
Published: 4 months ago
Low
GSA_kwCzR0hTQS1xdnBqLXc3eGotcjZ3Oc4AA8mW
Password confirmation stored in plain text via registration form in statamic/cms
Ecosystems: packagist
Packages: statamic/cms
Source: GitHub Advisory Database
Blast Radius: 4.7
Published: 4 months ago
Low
GSA_kwCzR0hTQS1jMmcyLWd4NGotcmozas4AA8mO
Slack integration leaks sensitive information in logs
Ecosystems: pypi
Packages: sentry
Source: GitHub Advisory Database
Blast Radius: 4.6
Published: 4 months ago
Low
GSA_kwCzR0hTQS04Y201LWpmajItMjZxN84AA8jP
Fides Webserver Logs Hosted Database Password Partial Exposure Vulnerability
Ecosystems: pypi
Packages: ethyca-fides
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 4 months ago
Low
GSA_kwCzR0hTQS1wNTcyLXAycmotcTVmNM4AA8jE
Umbraco Forms components vulnerable to Stored Cross-site Scripting
Ecosystems: nuget
Packages: Umbraco.Forms
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 4 months ago
Low
GSA_kwCzR0hTQS12aDdxLWo4cDUtMmg0aM4AA8ix
silverstripe/framework sends passwords back to browsers under some circumstances
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 12.7
Published: 4 months ago
Low
GSA_kwCzR0hTQS01cjh3LTY2aHEtcmMzOc4AA8ie
silverstripe/framework's pre-existing alc_enc cookies log users in if remember me is disabled
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 11.3
Published: 4 months ago
Low
GSA_kwCzR0hTQS1mM3dwLXhwdjItNnZtZ84AA8ib
silverstripe/framework password encryption salt not updated
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 months ago
Low
GSA_kwCzR0hTQS0zZjY1LW0yMzQtOW14cs4AA8iZ
github.com/huandu/facebook may expose access_token in error message.
Ecosystems: go
Packages: github.com/huandu/facebook/v2
Source: GitHub Advisory Database
Blast Radius: 3.9
Published: 4 months ago
Low
GSA_kwCzR0hTQS0ycWpwLWZnOGMtZzg3OM4AA8iS
vxe-table Cross-site Scripting vulnerability
Ecosystems: npm
Packages: vxe-table
Source: GitHub Advisory Database
Blast Radius: 9.5
Published: 4 months ago
Low
GSA_kwCzR0hTQS03NzljLTd3NHAtMmM0Z84AA8ft
Silverstripe admin XSS Vulnerability via WYSIWYG editor
Ecosystems: packagist
Packages: silverstripe/admin
Source: GitHub Advisory Database
Blast Radius: 10.4
Published: 4 months ago
Low
GSA_kwCzR0hTQS05OXI0LWNqcDQtM2hteM4AA8fs
vantage6 collaboration admins can extend their influence by expanding the collaboration
Ecosystems: pypi
Packages: vantage6
Source: GitHub Advisory Database
Blast Radius: 2.6
Published: 4 months ago
Low
GSA_kwCzR0hTQS0yajZyLTl2djQtNmdmNc4AA8WS
github.com/bincyber/go-sqlcrypter vulnerable to IV collision
Ecosystems: go
Packages: github.com/bincyber/go-sqlcrypter
Source: GitHub Advisory Database
Blast Radius: 1.1
Published: 4 months ago
Low
GSA_kwCzR0hTQS1mNXBwLXBtcTgtZ3A0Ns4AA8Vu
Passbolt Api Retrieval of HTTP-only cookies
Ecosystems: packagist
Packages: passbolt/passbolt_api
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 4 months ago
Low
GSA_kwCzR0hTQS0zZm1xLXg5cTYtd20zOc4AA8Rz
random_compat Uses insecure CSPRNG
Ecosystems: packagist
Packages: paragonie/random_compat
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 months ago
Low
GSA_kwCzR0hTQS05d3J3LXA5cm0tcjc4Ms4AA8Rx
onelogin/php-saml Improper signature validation on LogoutRequest/LogoutResponse.
Ecosystems: packagist
Packages: onelogin/php-saml
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 months ago
Low
GSA_kwCzR0hTQS03aDc0LTd2Y3ctNG13cM4AA8Ro
Insecure deserialize Vulnerability in FLOW3
Ecosystems: packagist
Packages: neos/flow
Source: GitHub Advisory Database
Blast Radius: 10.1
Published: 4 months ago
Low
GSA_kwCzR0hTQS1mNTd2LXE5NjYtN2ZoNs4AA8I3
Monolog Header injection in NativeMailerHandler
Ecosystems: packagist
Packages: monolog/monolog
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 months ago
Statistics
Advisories: 20,108
Packages: 8,840
Repositories: 495
Ecosystems: 12
Filter by Severity
Moderate 8,758 High 6,920 Critical 2,995 Low 1,110
Filter by Ecosystem
pypi 506 maven 298 packagist 202 go 156 npm 143 cargo 53 rubygems 48 nuget 24 hex 3 pub 1 swift 1 actions 1
Filter by Package
tensorflow-gpu 109 tensorflow-cpu 109 tensorflow 109 moodle/moodle 17 concrete5/concrete5 17 github.com/mattermost/mattermost/server/v8 14 typo3/cms 13 shopware/platform 12 phpmyadmin/phpmyadmin 10 shopware/core 10 org.jenkins-ci.main:jenkins-core 9 nova 9 org.apache.tomcat:tomcat 9 vyper 7 matrix-synapse 7 ethyca-fides 6 org.keycloak:keycloak-services 6 undici 6 puppet 6 Umbraco.CMS 6 typo3/cms-core 5 october/backend 5 rack 5 sweetalert2 5 baserproject/basercms 5 silverstripe/framework 5 k8s.io/kubernetes 5 helm.sh/helm/v3 5 wasmtime 5 magento/community-edition 4 helm.sh/helm 4 simplesamlphp/simplesamlphp 4 github.com/cilium/cilium 4 zenml 4 com.vaadin:flow-server 4 github.com/mattermost/mattermost-server/v6 4 shopware/shopware 4 github.com/authzed/spicedb 4 actionpack 4 electron 4 bin-links 3 plone 3 go.etcd.io/etcd/v3 3 nautobot 3 ansible 3 github.com/cosmos/cosmos-sdk 3 @openzeppelin/contracts-upgradeable 3 org.apache.hive:hive 3 org.apache.hive:hive-service 3 org.apache.hive:hive-exec 3 ckb 3 glance 3 passenger 3 node-forge 3 symfony/symfony 3 github.com/opencontainers/runc 3 github.com/mattermost/mattermost-server 3 mattermost-desktop 3 org.graylog2:graylog2-server 3 com.vaadin:vaadin-bom 3 wagtail 3 cryptography 3 vantage6 3 elliptic 3 tools.devnull:build-notifications 2 org.eclipse.jetty:jetty-server 2 Nova 2 apache-airflow 2 tuf 2 flarum/core 2 braces 2 mautic/core 2 Flask-Security-Too 2 org.bouncycastle:bcprov-jdk14 2 node-ipc 2 vodozemac 2 Pillow 2 github.com/containerd/containerd 2 winter/wn-backend-module 2 org.jenkins-ci.plugins:wso2id-oauth 2 github.com/hashicorp/nomad 2 activesupport 2 org.jenkins-ci.plugins:ec2 2 github.com/sigstore/cosign 2 craftcms/cms 2 com.inedo.proget:inedo-proget 2 org.apache.activemq:activemq-parent 2 sylius/sylius 2 org.keycloak:keycloak-ldap-federation 2 org.jenkins-ci.plugins:mercurial 2 gilacms/gila 2 next-auth 2 org.jenkins-ci.plugins:artifactory 2 grumpydictator/firefly-iii 2 github.com/docker/docker 2 aiohttp 2 typo3/cms-install 2 github.com/mutagen-io/mutagen 2 s2n-quic 2 freewvs 2 moin 2 keystone 2 ezsystems/ezplatform-kernel 2 ezsystems/ezpublish-kernel 2 go.etcd.io/etcd/client/v3 2 github.com/cometbft/cometbft 2 github.com/nats-io/nats-server/v2 2 Zope 2 OctoPrint 2 angular 2 drupal/drupal 2 @apollo/server 2 github.com/answerdev/answer 2 symfony/security-http 2 com.ruoyi:ruoyi 2 langchain 2 github.com/ntbosscher/gobase 2 horizon 2 salt 2 github.com/mattermost/mattermost-plugin-jira 2 pip 2 typo3/cms-frontend 2 github.com/goharbor/harbor 2 statamic/cms 2 october/system 2 sequoia-openpgp 2 httplib2 2 cargo 2 org.jenkins-ci.plugins:azure-ad 2 org.xwiki.platform:xwiki-platform-oldcore 2 parse-server 2 october/cms 2 @openzeppelin/contracts 2 Flask-AppBuilder 2 ceph-deploy 2 org.jenkins-ci.plugins:bigpanda-jenkins 2 github.com/hashicorp/vault 2 org.jenkins-ci.plugins:repository-connector 2 microweber/microweber 2 github.com/flyteorg/flyteadmin 1 plone.restapi 1 github.com/Masterminds/goutils 1 @liquity/contracts 1 rabbit_common 1 markdown-link-extractor 1 github.com/tendermint/tendermint 1 github.com/aws/aws-sdk-go 1 github.com/consensys/gnark-crypto 1 go.etcd.io/etcd 1 org.xmlunit:xmlunit-core 1 org.keycloak:keycloak-parent 1 croogo/croogo 1 debug 1 @floffah/build 1 solidus_backend 1 phpmyfaq/phpmyfaq 1 admidio/admidio 1 fast-xml-parser 1 org.silverpeas.core:silverpeas-core 1 spina 1 es5-ext 1 automad/automad 1 org.keycloak:keycloak-server-spi-private 1 datasette-graphql 1 org.xwiki.platform:xwiki-platform-security-authentication-script 1 hyper 1 xmpp-http-upload 1 org.jenkins-ci.plugins:labmanager 1 transformers 1 @node-red/runtime 1 org.springframework.cloud:spring-cloud-contract-shade 1 io.jenkins.plugins:frugal-testing 1 fastify-http-proxy 1 org.jenkins-ci.plugins:synopsys-coverity 1 cinder 1 contao/core-bundle 1 basti-cdk 1 neutron 1 io.jenkins.plugins:gitlab-branch-source 1 org.springframework.batch:spring-batch-core 1 org.jenkins-ci.plugins:ghprb 1 com.xuxueli:xxl-job-core 1 virtualenv 1 com.typesafe.play:play 1 nokogiri 1 ember-source 1 @aedart/support 1 @vendure/core 1 google-translate-api-browser 1 org.jenkins-ci.plugins:Parameterized-Remote-Trigger 1 puma 1 @hapi/hoek 1 node-fetch 1 serve-static 1 @actions/core 1 datadog/dd-trace 1 org.apache.solr:solr-core 1 github.com/crossplane/crossplane 1 org.jenkins-ci.plugins:skytap 1 org.apache.struts:struts2-core 1
Filter by Repository
https://github.com/tensorflow/tensorflow 109 https://github.com/moodle/moodle 17 https://github.com/concretecms/concretecms 16 https://github.com/shopware/platform 12 https://github.com/openstack/nova 11 https://github.com/octobercms/october 9 https://github.com/keycloak/keycloak 9 https://github.com/etcd-io/etcd 8 https://github.com/umbraco/Umbraco-CMS 7 https://github.com/matrix-org/synapse 7 https://github.com/vyperlang/vyper 7 https://github.com/phpmyadmin/phpmyadmin 7 https://github.com/eclipse/jetty.project 7 https://github.com/rails/rails 6 https://github.com/ethyca/fides 6 https://github.com/nodejs/undici 6 https://github.com/sweetalert2/sweetalert2 5 https://github.com/puppetlabs/puppet 5 https://github.com/baserproject/basercms 5 https://github.com/bytecodealliance/wasmtime 5 https://github.com/helm/helm 5 https://github.com/xwiki/xwiki-platform 5 https://github.com/rack/rack 5 https://github.com/kubernetes/kubernetes 5 https://github.com/TYPO3/typo3 5 https://github.com/jenkinsci/jenkins 5 https://github.com/shopware/shopware 4 https://github.com/authzed/spicedb 4 https://github.com/vantage6/vantage6 4 https://github.com/electron/electron 4 https://github.com/cilium/cilium 4 https://github.com/simplesamlphp/simplesamlphp 4 https://github.com/wintercms/winter 4 https://github.com/apache/tomcat 4 https://github.com/silverstripe/silverstripe-framework 4 https://github.com/mattermost/mattermost 4 https://github.com/vaadin/platform 4 https://github.com/wagtail/wagtail 3 https://github.com/indutny/elliptic 3 https://github.com/symfony/symfony 3 https://github.com/cosmos/cosmos-sdk 3 https://github.com/Graylog2/graylog2-server 3 https://github.com/phusion/passenger 3 https://github.com/nervosnetwork/ckb 3 https://github.com/dpgaspar/Flask-AppBuilder 3 https://github.com/zenml-io/zenml 3 https://github.com/vaadin/flow 3 https://github.com/digitalbazaar/forge 3 https://github.com/openstack/keystone 3 https://gitlab.com/sequoia-pgp/sequoia 3 https://github.com/ansible/ansible 3 https://github.com/opencontainers/runc 3 https://github.com/Byron/gitoxide 3 https://github.com/nautobot/nautobot 3 https://github.com/pyca/cryptography 3 https://github.com/apache/airflow 3 https://github.com/CVEProject/cvelist 3 https://github.com/OpenZeppelin/openzeppelin-contracts 2 https://github.com/theupdateframework/python-tuf 2 https://github.com/sigstore/cosign 2 https://github.com/openstack/horizon 2 https://github.com/parse-community/parse-server 2 https://github.com/octoprint/octoprint 2 https://github.com/hashicorp/nomad 2 https://github.com/RIAEvangelist/node-ipc 2 https://github.com/mattermost/mattermost-plugin-jira 2 https://github.com/openstack/glance 2 https://github.com/quarkusio/quarkus 2 https://github.com/httplib2/httplib2 2 https://github.com/cometbft/cometbft 2 https://github.com/firefly-iii/firefly-iii 2 https://github.com/statamic/cms 2 https://github.com/schokokeksorg/freewvs 2 https://github.com/ceph/ceph-deploy 2 https://github.com/ntbosscher/gobase 2 https://github.com/apache/activemq 2 https://github.com/nextauthjs/next-auth 2 https://github.com/opencontainers/distribution-spec 2 https://github.com/rust-lang/cargo 2 https://github.com/nats-io/nats-server 2 https://github.com/zopefoundation/Zope 2 https://github.com/moby/moby 2 https://github.com/mautic/mautic 2 https://github.com/Flask-Middleware/flask-security 2 https://github.com/aio-libs/aiohttp 2 https://github.com/Alexhuszagh/rust-lexical 2 https://github.com/containerd/containerd 2 https://github.com/mutagen-io/mutagen 2 https://github.com/matrix-org/vodozemac 2 https://github.com/bcgit/bc-java 2 https://github.com/jenkinsci/ec2-plugin 2 https://github.com/Sylius/Sylius 2 https://github.com/TYPO3/TYPO3.CMS 2 https://github.com/goharbor/harbor 2 https://github.com/saltstack/salt 2 https://github.com/ezsystems/ezplatform-kernel 2 https://github.com/aws/s2n-quic 2 https://github.com/craftcms/cms 2 https://github.com/flarum/framework 2 https://github.com/answerdev/answer 2 https://github.com/pypa/pip 2 https://github.com/microweber/microweber 2 https://github.com/apache/druid 2 https://github.com/GilaCMS/gila 2 https://github.com/micromatch/braces 2 https://github.com/apollographql/apollo-server 2 https://github.com/artifacthub/hub 1 https://github.com/jenkinsci/github-plugin 1 https://github.com/octokit/octokit.rb 1 https://github.com/encode/starlette 1 https://github.com/langchain-ai/langchain 1 https://github.com/bbatsov/rubocop 1 https://github.com/IdentityPython/pysaml2 1 https://github.com/yourls/yourls 1 https://github.com/Icinga/ipl-web 1 https://github.com/xuxueli/xxl-job 1 https://github.com/cloudflare/tableflip 1 https://github.com/sjwall/mdx-mermaid 1 https://github.com/paragonie/random_compat 1 https://github.com/DataDog/dd-trace-php 1 https://github.com/tailscale/tailscale 1 https://github.com/alphagov/tech-docs-gem 1 https://github.com/redis/redis-py 1 https://github.com/visionmedia/debug 1 https://github.com/plone/plone.restapi 1 https://github.com/seattlerb/ruby_parser 1 https://github.com/crossplane/crossplane 1 https://github.com/Seldaek/monolog 1 https://github.com/node-js-libs/cli 1 https://github.com/x-extends/vxe-table 1 https://github.com/fog/fog 1 https://github.com/octokit/octopoller.rb 1 https://github.com/mganss/HtmlSanitizer 1 https://github.com/joniles/mpxj 1 https://github.com/onelogin/php-saml 1 https://github.com/plone/plone.namedfile 1 https://github.com/sigstore/sigstore-go 1 https://github.com/biscuit-auth/biscuit-rust 1 https://github.com/C2FO/fast-csv 1 https://github.com/kiwitcms/Kiwi 1 https://github.com/aws/aws-dynamodb-encryption-python 1 https://gitlab.com/gitlab-org/cves 1 https://github.com/pterodactyl/panel 1 https://github.com/auth0/lock 1 https://github.com/apache/lucene-solr 1 https://github.com/silverstripe/silverstripe-omnipay 1 https://github.com/jenkinsci/gitlab-plugin 1 https://github.com/sparklemotion/nokogiri 1 https://github.com/IncludeSecurity/safeurl-python 1 https://github.com/gayanhewa/sailsjs-cacheman 1 https://github.com/ethereum/web3.js 1 https://github.com/tektoncd/pipeline 1 https://github.com/DataDog/datadog-api-client-java 1 https://github.com/fluture-js/fluture-node 1 https://github.com/wasmerio/wasmer 1 https://github.com/zopefoundation/Products.GenericSetup 1 https://github.com/louislam/uptime-kuma 1 https://github.com/npm/npm-user-validate 1 https://github.com/jenkinsci/coverity-plugin 1 https://github.com/wiremock/wiremock 1 https://github.com/kimai/kimai 1 https://github.com/actions/toolkit 1 https://github.com/SteeltoeOSS/security-advisories 1 https://github.com/aws/aws-encryption-sdk-cli 1 https://github.com/personnummer/python 1 https://github.com/jenkinsci/gitlab-branch-source-plugin 1 https://github.com/risc0/risc0 1 https://github.com/onionshare/onionshare 1 https://github.com/jupyterhub/jupyterhub 1 https://github.com/oauth2-proxy/oauth2-proxy 1 https://github.com/ory/oathkeeper 1 https://github.com/MicrochipTech/cryptoauthlib 1 https://github.com/topgrade-rs/topgrade 1 https://github.com/moment/moment-timezone 1 https://github.com/jenkinsci/ssh-agent-plugin 1 https://github.com/jenkinsci/parameterized-trigger-plugin 1 https://github.com/tendermint/tendermint 1 https://github.com/petergoldstein/dalli 1 https://github.com/syncthing/syncthing 1 https://github.com/mportuga/eslint-detailed-reporter 1 https://github.com/evmos/evmos 1 https://github.com/screetsec/VDD 1 https://github.com/jenkinsci/parameterized-remote-trigger-plugin 1 https://github.com/zopefoundation/Products.PluggableAuthService 1 https://github.com/visionmedia/send 1 https://github.com/DSpace/DSpace 1 https://github.com/Katello/katello 1 https://github.com/urllib3/urllib3 1 https://github.com/isaacs/chownr 1 https://github.com/aedart/ion 1 https://github.com/snipe/snipe-it 1 https://github.com/jenkinsci/mercurial-plugin 1 https://github.com/google/zerocopy 1 https://github.com/jquery-validation/jquery-validation 1 https://github.com/octo-sts/app 1 https://github.com/Azure/setup-kubectl 1 https://github.com/knative-extensions/eventing-github 1 https://github.com/dojo/dijit 1 https://github.com/ktorio/ktor 1