Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Low Security Advisories

Loading...
Low
GSA_kwCzR0hTQS03Zzk3LTdyM2MtNWNjNs4AA58e
In Quarkus, git credentials could be inadvertently published
Ecosystems: maven
Packages: io.quarkus:quarkus-kubernetes-deployment
Source: GitHub Advisory Database
Blast Radius: 7.3
Published: 2 months ago
Low
GSA_kwCzR0hTQS02ZzJ3LTI1N3YtM2M5Zs4AA0hB
Apache Camel information exposure vulnerability
Ecosystems: maven
Packages: org.apache.camel:camel-jira
Source: GitHub Advisory Database
Blast Radius: 7.2
Published: 10 months ago
Low
GSA_kwCzR0hTQS00MjMzLTdxNXEtbTdwNs4AA3Yl
google-translate-api-browser Server-Side Request Forgery (SSRF) Vulnerability
Ecosystems: npm
Packages: google-translate-api-browser
Source: GitHub Advisory Database
Blast Radius: 7.2
Published: 6 months ago
Low
GSA_kwCzR0hTQS0yNG01LXI2aHYtY2NncM4AA2C5
Specific Cilium configurations vulnerable to DoS via Kubernetes annotations
Ecosystems: go
Packages: github.com/cilium/cilium
Source: GitHub Advisory Database
Blast Radius: 7.0
Published: 8 months ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWZ4M3YtNTUzeC0zYzRx
Stored XSS by authenticated backend user with access to upload files
Ecosystems: packagist
Packages: october/backend
Source: GitHub Advisory Database
Blast Radius: 7.0
Published: over 3 years ago
Low
GSA_kwCzR0hTQS00eHI0LTg5bTUtNDZjN84AAy4z
eslint-detailed-reporter vulnerable to cross-site scripting
Ecosystems: npm
Packages: eslint-detailed-reporter
Source: GitHub Advisory Database
Blast Radius: 7.0
Published: about 1 year ago
Low
GSA_kwCzR0hTQS1mcnFjLWYyaDgtZmp2Zs4AA19h
Spring for GraphQL may be exposed to GraphQL context with values from a different session
Ecosystems: maven
Packages: org.springframework.graphql:spring-graphql
Source: GitHub Advisory Database
Blast Radius: 6.9
Published: 8 months ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTd3Z3ItNzY2Ni03cHdq
Path Traversal in openapi-python-client
Ecosystems: pypi
Packages: openapi-python-client
Source: GitHub Advisory Database
Blast Radius: 6.9
Published: over 3 years ago
Low
GSA_kwCzR0hTQS1nM3Y2LXI4cDktd3hnOc4AA1Pz
Mattermost fails to correctly delete attachments
Ecosystems: go
Packages: github.com/mattermost/mattermost-server/v6
Source: GitHub Advisory Database
Blast Radius: 6.9
Published: 9 months ago
Low
GSA_kwCzR0hTQS1qY2d2LTNwZnEtajRocs4AA3Xh
Mattermost Injection vulnerability
Ecosystems: go
Packages: github.com/mattermost/mattermost-server/v6, github.com/mattermost/mattermost/server/v8
Source: GitHub Advisory Database
Blast Radius: 6.9
Published: 6 months ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXYyd3gtamo2Ni0yaHA3
Cross-site Scripting in Wildfly
Ecosystems: maven
Packages: org.wildfly:wildfly-parent
Source: GitHub Advisory Database
Blast Radius: 6.9
Published: almost 3 years ago
Low
GSA_kwCzR0hTQS1xcWhxLThyMmMtYzNmNc4AA322
nvdApiKey is logged in debug mode
Ecosystems: maven
Packages: org.owasp:dependency-check-maven, org.owasp:dependency-check-cli, org.owasp:dependency-check-ant
Source: GitHub Advisory Database
Blast Radius: 6.9
Published: 5 months ago
Low
GSA_kwCzR0hTQS1qNXFnLXc5amctM3dnM80cpA
Inability to de-op players if listed in ops.txt with non-lowercase letters
Ecosystems: packagist
Packages: pocketmine/pocketmine-mp
Source: GitHub Advisory Database
Blast Radius: 6.9
Published: over 2 years ago
Low
GSA_kwCzR0hTQS1yN3dyLTR3NXEtNTVtNs4AAz51
Cilium vulnerable to information leakage via incorrect ReferenceGrant handling
Ecosystems: go
Packages: github.com/cilium/cilium
Source: GitHub Advisory Database
Blast Radius: 6.8
Published: 11 months ago
Low
GSA_kwCzR0hTQS1qNzVyLXZmNjQtNnJyaM4AAxzY
RestEasy Reactive implementation of Quarkus allows Creation of Temporary File With Insecure Permissions
Ecosystems: maven
Packages: io.quarkus.resteasy.reactive:resteasy-reactive-common
Source: GitHub Advisory Database
Blast Radius: 6.8
Published: about 1 year ago
Low
GSA_kwCzR0hTQS12NWY2LWhqbWYtOW1jNc4AA3lG
PyDrive2's unsafe YAML deserialization in LoadSettingsFile allows arbitrary code execution
Ecosystems: pypi
Packages: PyDrive2
Source: GitHub Advisory Database
Blast Radius: 6.8
Published: 5 months ago
Low
GSA_kwCzR0hTQS03Y3A3LWpmcDYtamg0Zs4AAxFz
Shopware's log module vulnerable to Improper Output Neutralization
Ecosystems: packagist
Packages: shopware/core, shopware/platform
Source: GitHub Advisory Database
Blast Radius: 6.7
Published: over 1 year ago
Low
GSA_kwCzR0hTQS13YzV2LXI0OHYtZzR2aM4AAtaF
Cilium host policy bypass in endpoint-routes mode with dual-stack
Ecosystems: go
Packages: github.com/cilium/cilium
Source: GitHub Advisory Database
Blast Radius: 6.6
Published: almost 2 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJqd3ctMng4di1tOXY5
Potential sensitive data exposure in applications using Vaadin 15
Ecosystems: maven
Packages: com.vaadin:flow-server
Source: GitHub Advisory Database
Blast Radius: 6.5
Published: about 3 years ago
Low
GSA_kwCzR0hTQS0ycTRwLWY2Z2YtbXFyNc4AA0Xn
Graylog server has partial path traversal vulnerability in Support Bundle feature
Ecosystems: maven
Packages: org.graylog2:graylog2-server
Source: GitHub Advisory Database
Blast Radius: 6.5
Published: 11 months ago
Low
GSA_kwCzR0hTQS1wMndxLTRnZ3AtNDVmM84AA7U_
Mattermost fails to limit the size of a request path
Ecosystems: go
Packages: github.com/mattermost/mattermost-server
Source: GitHub Advisory Database
Blast Radius: 6.5
Published: 21 days ago
Low
GSA_kwCzR0hTQS13MjY3LW05YzQtODU1Nc0xLw
Shopware user session is not logged out if the password is reset via password recovery
Ecosystems: packagist
Packages: shopware/core, shopware/platform
Source: GitHub Advisory Database
Blast Radius: 6.4
Published: about 2 years ago
Low
GSA_kwCzR0hTQS1tNzU1LWd4eGctcjVxaM4AA2Pw
Zope management interface vulnerable to stored cross site scripting via the title property
Ecosystems: pypi
Packages: Zope
Source: GitHub Advisory Database
Blast Radius: 6.4
Published: 8 months ago
Low
GSA_kwCzR0hTQS1ycHJnLTR2N3EtODd2N84AAwOX
Buildah (as part of Podman) vulnerable to Path Traversal
Ecosystems: go
Packages: github.com/containers/podman/v4
Source: GitHub Advisory Database
Blast Radius: 6.3
Published: over 1 year ago
Low
GSA_kwCzR0hTQS05N3doLTZobWotZzhqOc4AA0GL
Spina Cross-site Scripting vulnerability
Ecosystems: rubygems
Packages: spina
Source: GitHub Advisory Database
Blast Radius: 6.3
Published: 11 months ago
Low
GSA_kwCzR0hTQS05Zm1jLTVmcTQtNWp3aM4AAvx0
HashiCorp Nomad vulnerable to Insufficient Session Expiration
Ecosystems: go
Packages: github.com/hashicorp/nomad
Source: GitHub Advisory Database
Blast Radius: 6.3
Published: over 1 year ago
Low
GSA_kwCzR0hTQS03NW1jLTNwamMtNzI3cc4AA3uo
Unauthenticated db-file-storage views
Ecosystems: pypi
Packages: nautobot
Source: GitHub Advisory Database
Blast Radius: 6.2
Published: 5 months ago
Low
GSA_kwCzR0hTQS1tNzMyLXd2aDItN2NxNM4AA6R7
Unauthenticated views may expose information to anonymous users
Ecosystems: pypi
Packages: nautobot
Source: GitHub Advisory Database
Blast Radius: 6.2
Published: about 2 months ago
Low
GSA_kwCzR0hTQS04NjM5LXF4NTYtcjQyOM4AArTb
CSRF allows attacker to finalize/unfinalize order adjustments in solidus_backend
Ecosystems: rubygems
Packages: solidus_backend
Source: GitHub Advisory Database
Blast Radius: 6.2
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS00OWhoLWZwcngtbTY4Z84AA1rB
Default functions in VolatileMemory trait lack bounds checks, potentially leading to out-of-bounds memory accesses
Ecosystems: cargo
Packages: vm-memory
Source: GitHub Advisory Database
Blast Radius: 6.1
Published: 9 months ago
Low
GSA_kwCzR0hTQS1yamptLXgzMnAtbTNmN84AA3C1
gnark's range checker gadget allows wider inputs up to word alignment
Ecosystems: go
Packages: github.com/consensys/gnark
Source: GitHub Advisory Database
Blast Radius: 6.1
Published: 6 months ago
Low
GSA_kwCzR0hTQS1oOHdoLWY3Z3ctZndwcs4AA2I9
Mattermost Incorrect Authorization vulnerability
Ecosystems: go
Packages: github.com/mattermost/mattermost-server/v6, github.com/mattermost/mattermost/server/v8
Source: GitHub Advisory Database
Blast Radius: 6.0
Published: 8 months ago
Low
GSA_kwCzR0hTQS1ycDY1LWpwYzctOGg4cM4AA2I7
Mattermost Incorrect Authorization vulnerability
Ecosystems: go
Packages: github.com/mattermost/mattermost-server/v6, github.com/mattermost/mattermost/server/v8
Source: GitHub Advisory Database
Blast Radius: 6.0
Published: 8 months ago
Low
GSA_kwCzR0hTQS1oMnBoLXZobTctZzRocM4AAwNV
Traefik may display authorization header in the debug logs
Ecosystems: go
Packages: github.com/traefik/traefik/v2
Source: GitHub Advisory Database
Blast Radius: 6.0
Published: over 1 year ago
Low
GSA_kwCzR0hTQS0zcDRnLXJjdzUtODI5OM4AAzUC
etcd Key name can be accessed via LeaseTimeToLive API
Ecosystems: go
Packages: github.com/etcd-io/etcd
Source: GitHub Advisory Database
Blast Radius: 5.9
Published: about 1 year ago
Low
GSA_kwCzR0hTQS12ZjVtLXhyaG0tdjk5Oc4AA4AF
Nautobot missing object-level permissions enforcement when running Job Buttons
Ecosystems: pypi
Packages: nautobot
Source: GitHub Advisory Database
Blast Radius: 5.9
Published: 5 months ago
Low
GSA_kwCzR0hTQS1wNTIzLWpycGgtcWpjNs0hAA
Insufficient Session Expiration in shopware
Ecosystems: packagist
Packages: shopware/shopware
Source: GitHub Advisory Database
Blast Radius: 5.8
Published: over 2 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTc3cXYtZ2g2Zi1wZ2g0
Command Injection in Limdu
Ecosystems: npm
Packages: limdu
Source: GitHub Advisory Database
Blast Radius: 5.8
Published: almost 4 years ago
Low
GSA_kwCzR0hTQS02cTh2LTJodm0tZngzN84AAs_h
Apache Tika contains incomplete fix for regex DoS
Ecosystems: maven
Packages: org.apache.tika:tika
Source: GitHub Advisory Database
Blast Radius: 5.8
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS01Zmg3LTdtdzctbW14Nc4AA7VJ
Mattermost allows team admins to promote guests to team admins
Ecosystems: go
Packages: github.com/mattermost/mattermost-server
Source: GitHub Advisory Database
Blast Radius: 5.6
Published: 21 days ago
Low
GSA_kwCzR0hTQS01cXg5LTlmZmotNXI4Zs4AA7VE
Mattermost fails to fully validate role changes
Ecosystems: go
Packages: github.com/mattermost/mattermost-server
Source: GitHub Advisory Database
Blast Radius: 5.6
Published: 21 days ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZxbWYtZmo2bS02ODZj
Open Redirect in Flask-Security-Too
Ecosystems: pypi
Packages: Flask-Security-Too
Source: GitHub Advisory Database
Blast Radius: 5.6
Published: almost 3 years ago
Low
GSA_kwCzR0hTQS14NjdnLTQ3cDMtcmM3Zs4AAzg9
MindSpore vulnerable to memory corruption
Ecosystems: pypi
Packages: mindspore
Source: GitHub Advisory Database
Blast Radius: 5.5
Published: 12 months ago
Low
GSA_kwCzR0hTQS02cThtLTQycXEtNjRyN84AAx4s
Imperative CLI vulnerable to Command Injection
Ecosystems: npm
Packages: @zowe/imperative
Source: GitHub Advisory Database
Blast Radius: 5.5
Published: about 1 year ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWpteDgtMzU1bS04dndo
Unauthorized client-side property update in UIDL request handler in Vaadin 10 and 11
Ecosystems: maven
Packages: com.vaadin:flow-server
Source: GitHub Advisory Database
Blast Radius: 5.5
Published: about 3 years ago
Low
GSA_kwCzR0hTQS1wd2g4LTU4dnYtdnc0OM4AA15T
Jetty's OpenId Revoked authentication allows one request
Ecosystems: maven
Packages: org.eclipse.jetty:jetty-openid
Source: GitHub Advisory Database
Blast Radius: 5.4
Published: 8 months ago
Low
GSA_kwCzR0hTQS0ycTZqLWdxYzQtNGd3M84AA4gE
Breaking unlinkability in Identity Mixer using malicious keys
Ecosystems: cargo
Packages: ursa, anoncreds-clsignatures
Source: GitHub Advisory Database
Blast Radius: 5.4
Published: 4 months ago
Low
GSA_kwCzR0hTQS1tMnd3LTZ3djYtdnczY84AAs-f
Cross site scripting in Concrete CMS
Ecosystems: packagist
Packages: concrete5/core
Source: GitHub Advisory Database
Blast Radius: 5.4
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS1tNDM0LW01cHYtcDM1d80mbQ
Insufficient user authorization in Moodle
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 5.4
Published: over 2 years ago
Low
GSA_kwCzR0hTQS12NzI1LWM1ODgtaDkzNs4AAty1
OpenStack Nova Changing vnic_type breaks compute service restart
Ecosystems: pypi
Packages: nova
Source: GitHub Advisory Database
Blast Radius: 5.3
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS0yMmptLTRoeHctMzVqZs4AAjo7
OpenStack Nova can leak consoleauth token into log files
Ecosystems: pypi
Packages: Nova
Source: GitHub Advisory Database
Blast Radius: 5.3
Published: almost 2 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTh2ZnctdjJqdi05aHdj
Reflected cross-site scripting in development mode handler in Vaadin
Ecosystems: maven
Packages: com.vaadin:flow-server
Source: GitHub Advisory Database
Blast Radius: 5.3
Published: almost 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXgzNDUtMzJyYy04aDg1
Denial of service attack via push rule patterns in matrix-synapse
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 5.2
Published: about 3 years ago
Low
GSA_kwCzR0hTQS00Zjc0LTg0djMtajlxNc4AA2C1
matrix-synapse vulnerable to temporary storage of plaintext passwords during password changes
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 5.2
Published: 8 months ago
Low
GSA_kwCzR0hTQS00OGYyLW03amctODY2eM4AArZd
Failed payment recorded has completed in Silverstripe Omnipay
Ecosystems: packagist
Packages: silverstripe/silverstripe-omnipay
Source: GitHub Advisory Database
Blast Radius: 5.2
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS0zZnFtLWZyaGctN2M4Nc4AA0Xl
Graylog user session is still usable after logout
Ecosystems: maven
Packages: org.graylog2:graylog2-server
Source: GitHub Advisory Database
Blast Radius: 5.1
Published: 11 months ago
Low
GSA_kwCzR0hTQS05OHB4LTY0ODYtajdxY84AAzr1
Synapse has URL deny list bypass via oEmbed and image URLs when generating previews
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 5.0
Published: 12 months ago
Low
GSA_kwCzR0hTQS05cjI2LTV3ODgtcWhwOc4AA5X0
Authorization Bypass in moodle
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 5.0
Published: 3 months ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTUybXEtNmpjdi1qNzl4
User content sandbox can be confused into opening arbitrary documents
Ecosystems: npm
Packages: matrix-react-sdk
Source: GitHub Advisory Database
Blast Radius: 4.9
Published: about 3 years ago
Low
GSA_kwCzR0hTQS1tYzh2LW1ncmYtOGY0bc0XWA
Clarify Content-Type handling
Ecosystems: go
Packages: github.com/opencontainers/distribution-spec
Source: GitHub Advisory Database
Blast Radius: 4.9
Published: over 2 years ago
Low
GSA_kwCzR0hTQS0yY2NyLWcycnYtaDY3N84AA571
Session Token in URL in directus
Ecosystems: npm
Packages: directus
Source: GitHub Advisory Database
Blast Radius: 4.7
Published: 2 months ago
Low
GSA_kwCzR0hTQS1jZjZ2LTlqNTctdjZyNs4AA0Nx
code.gitea.io/gitea Open Redirect vulnerability
Ecosystems: go
Packages: code.gitea.io/gitea
Source: GitHub Advisory Database
Blast Radius: 4.7
Published: 11 months ago
Low
GSA_kwCzR0hTQS02OHA0LTk1eGYtN2d4OM4AA08P
Denial of service from large image
Ecosystems: go
Packages: github.com/crossplane/crossplane
Source: GitHub Advisory Database
Blast Radius: 4.7
Published: 10 months ago
Low
GSA_kwCzR0hTQS1qcjgzLTh4NjUteGNyNc4AA3Bu
Moodle Exposure of Sensitive Information to an Unauthorized Actor vulnerability
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 4.7
Published: 6 months ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWZ3NXEtajlwNC0zdnhn
Blog comment posting, Cross Site Scripting(XSS) Vulnerability in Latest Release 4.4.0
Ecosystems: packagist
Packages: baserproject/basercms
Source: GitHub Advisory Database
Blast Radius: 4.6
Published: over 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTY3M3gtZjV3eC1meHB3
Cross Site Scripting and RCE in baserCMS
Ecosystems: packagist
Packages: baserproject/basercms
Source: GitHub Advisory Database
Blast Radius: 4.6
Published: over 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTRyY3EtanYyZi04OThq
Incorrect Provision of Specified Functionality in qutebrowser
Ecosystems: pypi
Packages: qutebrowser
Source: GitHub Advisory Database
Blast Radius: 4.6
Published: about 4 years ago
Low
GSA_kwCzR0hTQS1tNTRoLTV4NWYtNW02cs4AA0IM
SpiceDB's LookupResources may return partial results
Ecosystems: go
Packages: github.com/authzed/spicedb
Source: GitHub Advisory Database
Blast Radius: 4.6
Published: 11 months ago
Low
GSA_kwCzR0hTQS0yeDdyLTkzd3ctY3hycc4AA4Je
Winter CMS Local File Inclusion through Server Side Template Injection
Ecosystems: packagist
Packages: winter/wn-backend-module
Source: GitHub Advisory Database
Blast Radius: 4.5
Published: 5 months ago
Low
GSA_kwCzR0hTQS0zZzdwLThxaHgtbWM4cs4AAz_2
Shescape potential environment variable exposure on Windows with CMD
Ecosystems: npm
Packages: shescape
Source: GitHub Advisory Database
Blast Radius: 4.5
Published: 11 months ago
Low
GSA_kwCzR0hTQS1ocWZ4LTR4NHctdm13cM0-2g
Openstack nova qcow format could expose host filesystem information
Ecosystems: pypi
Packages: nova
Source: GitHub Advisory Database
Blast Radius: 4.5
Published: about 2 years ago
Low
GSA_kwCzR0hTQS02ZjN2LTJyMmotMnJwcs4AA70x
Kimai information disclosure vulnerability
Ecosystems: packagist
Packages: kimai/kimai
Source: GitHub Advisory Database
Blast Radius: 4.5
Published: 10 days ago
Low
GSA_kwCzR0hTQS1nbTJnLTJ4cjktcHh4as4AA0J6
Temporal Server vulnerable to Incorrect Authorization and Insecure Default Initialization of Resource
Ecosystems: go
Packages: go.temporal.io/server
Source: GitHub Advisory Database
Blast Radius: 4.4
Published: 11 months ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTRyM20tajZ4NS00OG0z
Cross Site Scripting(XSS) Vulnerability in Latest Release 4.3.6 Site basic settings
Ecosystems: packagist
Packages: baserproject/basercms
Source: GitHub Advisory Database
Blast Radius: 4.4
Published: over 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWNweGMtNjdyYy1jNzc1
Cross Site Scripting in baserCMS
Ecosystems: packagist
Packages: baserproject/basercms
Source: GitHub Advisory Database
Blast Radius: 4.4
Published: over 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXdwd3ctNGpmNC00aHg4
Edit feed settings and others, Cross Site Scripting(XSS) Vulnerability in Latest Release 4.4.0
Ecosystems: packagist
Packages: baserproject/basercms
Source: GitHub Advisory Database
Blast Radius: 4.4
Published: over 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWpqNTMtOGZtdy1mMncy
Adding a private/unlisted room to a community exposes room metadata in an unauthorised manner.
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 4.4
Published: over 2 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTN4NGMtcHEzMy00dzNx
Improper authorisation of members discloses room membership to non-members
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 4.4
Published: over 2 years ago
Low
GSA_kwCzR0hTQS03NTY1LWNxMzItdngyeM4AA2C2
matrix-synapse vulnerable to improper validation of receipts allows forged read receipts
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 4.4
Published: 8 months ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXY5MzYtajhncC05cTNw
Open redirects on some federation and push requests
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 4.4
Published: about 3 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJ2ZmMtZzhqNS05Y2Nm
Generation of Error Message Containing Sensitive Information in Keycloak
Ecosystems: maven
Packages: org.keycloak:keycloak-parent
Source: GitHub Advisory Database
Blast Radius: 4.4
Published: over 2 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTU0bWctdmdycC1td3g5
Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in Ratpack
Ecosystems: maven
Packages: io.ratpack:ratpack-groovy, io.ratpack:ratpack-java, io.ratpack:ratpack-session
Source: GitHub Advisory Database
Blast Radius: 4.4
Published: about 5 years ago
Low
GSA_kwCzR0hTQS1majY5LXA4ZjYtcTk3aM3txQ
Cloud Foundry Runtime has Weak Password Recovery Mechanism for Forgotten Password
Ecosystems: maven
Packages: org.cloudfoundry.identity:cloudfoundry-identity-server
Source: GitHub Advisory Database
Blast Radius: 4.4
Published: about 2 years ago
Low
GSA_kwCzR0hTQS14cXc5LWZmeDctZzk5OM4AAbaV
phpMyAdmin cookie-attribute injection
Ecosystems: packagist
Packages: phpmyadmin/phpmyadmin
Source: GitHub Advisory Database
Blast Radius: 4.4
Published: about 2 years ago
Low
GSA_kwCzR0hTQS01MmgyLW0yY2YtOWpoNs4AAwRz
linux-loader reading beyond EOF could lead to infinite loop
Ecosystems: cargo
Packages: linux-loader
Source: GitHub Advisory Database
Blast Radius: 4.2
Published: over 1 year ago
Low
GSA_kwCzR0hTQS1odnA1LTV4NGYtMzNmcc4AA7PK
JADX file override vulnerability
Ecosystems: maven
Packages: io.github.skylot:jadx-core
Source: GitHub Advisory Database
Blast Radius: 4.1
Published: 25 days ago
Low
GSA_kwCzR0hTQS0zajZtLW01djUtOTc4Nc4AAm2e
OpenCart Cross-Site Request Forgery (CSRF)
Ecosystems: packagist
Packages: opencart/opencart
Source: GitHub Advisory Database
Blast Radius: 4.1
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS13OTQyLWZ3OTItbXFtMs4AApza
Magento Information Disclosure vulnerability
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 4.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS1tcjhxLTdmNWotd2M3Oc4AAmnC
Magento information disclosure vulnerability
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 4.0
Published: almost 2 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLThjM2YteDVmOS02aDYy
Command injection in @diez/generation
Ecosystems: npm
Packages: @diez/generation
Source: GitHub Advisory Database
Blast Radius: 3.9
Published: over 2 years ago
Low
GSA_kwCzR0hTQS1wbWpnLTUyaDktNzJxds4AAtUK
Argo CD SSO users vulnerable to Cross-site Scripting
Ecosystems: go
Packages: github.com/argoproj/argo-cd
Source: GitHub Advisory Database
Blast Radius: 3.9
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS1wNnJwLW14ODUtbTQ1Oc4AA49f
Spring Cloud Contract vulnerable to local information disclosure
Ecosystems: maven
Packages: org.springframework.cloud:spring-cloud-contract-shade
Source: GitHub Advisory Database
Blast Radius: 3.8
Published: 4 months ago
Low
GSA_kwCzR0hTQS1mN3F3LWpqOWMtcnBxOc4AAzkQ
In Lima, a malicious disk image could read a single file on the host filesystem as a qcow2/vmdk backing file
Ecosystems: go
Packages: github.com/lima-vm/lima
Source: GitHub Advisory Database
Blast Radius: 3.8
Published: 12 months ago
Low
GSA_kwCzR0hTQS04d2poLTU5Y3ctOXhoNM4AA8Ej
Grafana Forward OAuth Identity Token can allow users to access some data sources
Ecosystems: go
Packages: github.com/grafana/grafana
Source: GitHub Advisory Database
Blast Radius: 3.7
Published: 2 days ago
Low
GSA_kwCzR0hTQS0yNnFqLWNyMjctcjVjNM4AArmq
Octopoller gem published with world-writable files
Ecosystems: rubygems
Packages: octopoller
Source: GitHub Advisory Database
Blast Radius: 3.7
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS02Z2ptLTZ3ajYtNHB4Nc4AAt2Y
Byobu user preference to prevent private discussions being started are not respected
Ecosystems: packagist
Packages: fof/byobu
Source: GitHub Advisory Database
Blast Radius: 3.6
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS1yZjU0LTdxcnItOTZqNs4AA2ea
vantage6 does not properly delete linked resources when deleting a collaboration
Ecosystems: pypi
Packages: vantage6
Source: GitHub Advisory Database
Blast Radius: 3.5
Published: 7 months ago
Low
GSA_kwCzR0hTQS1jM2htLWh4d2YtZzVjNs4AA7v1
vodozemac has degraded secret zeroization capabilities
Ecosystems: cargo
Packages: vodozemac
Source: GitHub Advisory Database
Blast Radius: 3.5
Published: 14 days ago
Low
GSA_kwCzR0hTQS01NXh2LWY4NWMtMjQ4cc0c0w
Regular Expression Denial of Service (ReDoS) in jsx-slack
Ecosystems: npm
Packages: jsx-slack
Source: GitHub Advisory Database
Blast Radius: 3.3
Published: over 2 years ago
Low
GSA_kwCzR0hTQS1yam12LTUybXAtZ2pycs4AA480
vantage6 may create unencrypted tasks in encrypted collaboration
Ecosystems: pypi
Packages: vantage6
Source: GitHub Advisory Database
Blast Radius: 3.3
Published: 4 months ago
Statistics
Advisories: 18,752
Packages: 8,375
Repositories: 449
Ecosystems: 12
Filter by Severity
Moderate 8,149 High 6,447 Critical 2,848 Low 1,014
Filter by Ecosystem
pypi 458 maven 282 packagist 178 npm 129 go 125 rubygems 48 cargo 40 nuget 19 hex 3 pub 1 swift 1 actions 1
Filter by Package
tensorflow 109 tensorflow-gpu 93 tensorflow-cpu 93 moodle/moodle 17 concrete5/concrete5 13 shopware/platform 12 typo3/cms 11 phpmyadmin/phpmyadmin 10 shopware/core 10 github.com/mattermost/mattermost/server/v8 10 nova 9 org.jenkins-ci.main:jenkins-core 9 org.apache.tomcat:tomcat 9 vyper 7 matrix-synapse 7 Umbraco.CMS 6 puppet 6 ansible 5 sweetalert2 5 baserproject/basercms 5 october/backend 5 undici 5 k8s.io/kubernetes 5 typo3/cms-core 5 wasmtime 5 helm.sh/helm/v3 5 rack 5 org.keycloak:keycloak-services 4 electron 4 helm.sh/helm 4 github.com/cilium/cilium 4 github.com/mattermost/mattermost-server/v6 4 magento/community-edition 4 actionpack 4 simplesamlphp/simplesamlphp 4 shopware/shopware 4 com.vaadin:flow-server 4 plone 3 github.com/cosmos/cosmos-sdk 3 sylius/sylius 3 bin-links 3 @openzeppelin/contracts-upgradeable 3 nautobot 3 passenger 3 com.vaadin:vaadin-bom 3 ckb 3 httplib2 3 ethyca-fides 3 glance 3 node-forge 3 org.apache.hive:hive-exec 3 org.graylog2:graylog2-server 3 go.etcd.io/etcd 3 cryptography 3 org.apache.hive:hive 3 org.apache.hive:hive-service 3 github.com/mattermost/mattermost-server 3 symfony/symfony 3 wagtail 3 moin 2 org.jenkins-ci.plugins:azure-ad 2 tuf 2 ceph-deploy 2 github.com/opencontainers/runc 2 silverstripe/framework 2 pip 2 org.apache.activemq:activemq-parent 2 typo3/cms-frontend 2 craftcms/cms 2 @openzeppelin/contracts 2 @apollo/server 2 Pillow 2 github.com/answerdev/answer 2 github.com/authzed/spicedb 2 github.com/containerd/containerd 2 next-auth 2 node-ipc 2 org.jenkins-ci.plugins:ec2 2 Django 2 org.jenkins-ci.plugins:bigpanda-jenkins 2 django 2 braces 2 winter/wn-backend-module 2 github.com/sigstore/cosign 2 salt 2 Flask-Security-Too 2 com.inedo.proget:inedo-proget 2 tools.devnull:build-notifications 2 org.jenkins-ci.plugins:mercurial 2 org.eclipse.jetty:jetty-server 2 cargo 2 s2n-quic 2 vantage6 2 symfony/security-http 2 org.xwiki.platform:xwiki-platform-oldcore 2 horizon 2 october/cms 2 github.com/mattermost/mattermost-plugin-jira 2 com.ruoyi:ruoyi 2 Nova 2 parse-server 2 flarum/core 2 activesupport 2 org.jenkins-ci.plugins:artifactory 2 github.com/ntbosscher/gobase 2 langchain 2 org.jenkins-ci.plugins:wso2id-oauth 2 keystone 2 microweber/microweber 2 github.com/cometbft/cometbft 2 org.bouncycastle:bcprov-jdk14 2 gilacms/gila 2 github.com/hashicorp/nomad 2 OctoPrint 2 Zope 2 grumpydictator/firefly-iii 2 aiohttp 2 typo3/cms-install 2 github.com/mutagen-io/mutagen 2 go.etcd.io/etcd/client/v3 2 ezsystems/ezpublish-kernel 2 ezsystems/ezplatform-kernel 2 org.jenkins-ci.plugins:repository-connector 2 Flask-AppBuilder 2 es5-ext 1 fast-xml-parser 1 org.scala-sbt:sbt 1 rabbit_common 1 org.scala-sbt:io_2.12 1 org.scala-sbt:io_2.13 1 org.wiremock:wiremock 1 org.wiremock:wiremock-standalone 1 org.scala-sbt:io_3 1 ajenti 1 org.jenkins-ci.plugins:snsnotify 1 com.github.tomakehurst:wiremock-jre8 1 github.com/oauth2-proxy/oauth2-proxy 1 com.github.tomakehurst:wiremock-jre8-standalone 1 wiremock 1 github.com/nats-io/nats-server/v2 1 org.keycloak:keycloak-core 1 org.jenkins-ci.plugins:openshift-deployer 1 @liquity/contracts 1 org.xwiki.platform:xwiki-platform-security-authentication-script 1 @diez/generation 1 hyper 1 github.com/oauth2-proxy/oauth2-proxy/v7 1 github.com/Masterminds/goutils 1 qutebrowser 1 automad/automad 1 mindspore 1 go.elastic.co/apm 1 kafo 1 net.sf.mpxj:mpxj 1 net.sf.mpxj 1 net.sf.mpxj-for-csharp 1 net.sf.mpxj-for-vb 1 mpxj 1 keylime 1 kimai/kimai 1 zerocopy 1 francoisjacquet/rosariosis 1 RPLY 1 seneca 1 hooka-tools 1 github.com/canonical/lxd 1 org.bouncycastle:bcprov-jdk15to18 1 org.bouncycastle:bcprov-jdk13 1 org.bouncycastle:bcprov-jdk12 1 io.jenkins.plugins:gitlab-branch-source 1 org.springframework.batch:spring-batch-core 1 org.jenkins-ci.plugins:ghprb 1 com.xuxueli:xxl-job-core 1 virtualenv 1 com.typesafe.play:play 1 nokogiri 1 ember-source 1 @aedart/support 1 streamlit 1 org.jenkins-ci.plugins:reverse-proxy-auth-plugin 1 thelounge 1 flarum/framework 1 Werkzeug 1 markdown-link-extractor 1 github.com/flyteorg/flyteadmin 1 plone.restapi 1 datasette-graphql 1 org.keycloak:keycloak-server-spi-private 1 spina 1 admidio/admidio 1 phpmyfaq/phpmyfaq 1 solidus_backend 1 debug 1 org.keycloak:keycloak-parent 1 org.xmlunit:xmlunit-core 1 github.com/consensys/gnark-crypto 1 github.com/tendermint/tendermint 1 github.com/aws/aws-sdk-go 1 github.com/goharbor/harbor 1 croogo/croogo 1
Filter by Repository
https://github.com/tensorflow/tensorflow 109 https://github.com/moodle/moodle 17 https://github.com/concretecms/concretecms 13 https://github.com/shopware/platform 12 https://github.com/openstack/nova 11 https://github.com/etcd-io/etcd 8 https://github.com/umbraco/Umbraco-CMS 7 https://github.com/matrix-org/synapse 7 https://github.com/phpmyadmin/phpmyadmin 7 https://github.com/eclipse/jetty.project 7 https://github.com/vyperlang/vyper 7 https://github.com/octobercms/october 7 https://github.com/rails/rails 6 https://github.com/sweetalert2/sweetalert2 5 https://github.com/nodejs/undici 5 https://github.com/rack/rack 5 https://github.com/ansible/ansible 5 https://github.com/helm/helm 5 https://github.com/kubernetes/kubernetes 5 https://github.com/keycloak/keycloak 5 https://github.com/bytecodealliance/wasmtime 5 https://github.com/baserproject/basercms 5 https://github.com/TYPO3/typo3 5 https://github.com/xwiki/xwiki-platform 5 https://github.com/puppetlabs/puppet 5 https://github.com/jenkinsci/jenkins 5 https://github.com/simplesamlphp/simplesamlphp 4 https://github.com/apache/tomcat 4 https://github.com/cilium/cilium 4 https://github.com/wintercms/winter 4 https://github.com/shopware/shopware 4 https://github.com/electron/electron 4 https://github.com/mattermost/mattermost 4 https://github.com/vaadin/platform 4 https://github.com/Graylog2/graylog2-server 3 https://github.com/nautobot/nautobot 3 https://github.com/wagtail/wagtail 3 https://github.com/digitalbazaar/forge 3 https://github.com/CVEProject/cvelist 3 https://github.com/httplib2/httplib2 3 https://github.com/vaadin/flow 3 https://github.com/symfony/symfony 3 https://github.com/ethyca/fides 3 https://github.com/cosmos/cosmos-sdk 3 https://github.com/django/django 3 https://github.com/pyca/cryptography 3 https://github.com/Sylius/Sylius 3 https://github.com/vantage6/vantage6 3 https://github.com/nervosnetwork/ckb 3 https://github.com/phusion/passenger 3 https://github.com/openstack/keystone 3 https://github.com/jenkinsci/ec2-plugin 2 https://github.com/saltstack/salt 2 https://github.com/quarkusio/quarkus 2 https://github.com/ezsystems/ezplatform-kernel 2 https://github.com/openstack/glance 2 https://github.com/nats-io/nats-server 2 https://github.com/craftcms/cms 2 https://github.com/RIAEvangelist/node-ipc 2 https://github.com/containerd/containerd 2 https://github.com/zopefoundation/Zope 2 https://github.com/microweber/microweber 2 https://github.com/ceph/ceph-deploy 2 https://github.com/cometbft/cometbft 2 https://github.com/nextauthjs/next-auth 2 https://github.com/ntbosscher/gobase 2 https://github.com/aws/s2n-quic 2 https://github.com/apollographql/apollo-server 2 https://github.com/apache/activemq 2 https://github.com/aio-libs/aiohttp 2 https://github.com/octoprint/octoprint 2 https://gitlab.com/sequoia-pgp/sequoia 2 https://github.com/answerdev/answer 2 https://github.com/mutagen-io/mutagen 2 https://github.com/opencontainers/runc 2 https://github.com/GilaCMS/gila 2 https://github.com/micromatch/braces 2 https://github.com/pypa/pip 2 https://github.com/TYPO3/TYPO3.CMS 2 https://github.com/Flask-Middleware/flask-security 2 https://github.com/firefly-iii/firefly-iii 2 https://github.com/hashicorp/nomad 2 https://github.com/OpenZeppelin/openzeppelin-contracts 2 https://github.com/theupdateframework/python-tuf 2 https://github.com/mattermost/mattermost-plugin-jira 2 https://github.com/bcgit/bc-java 2 https://github.com/parse-community/parse-server 2 https://github.com/opencontainers/distribution-spec 2 https://github.com/dpgaspar/Flask-AppBuilder 2 https://github.com/flarum/framework 2 https://github.com/rust-lang/cargo 2 https://github.com/authzed/spicedb 2 https://github.com/openstack/horizon 2 https://github.com/sigstore/cosign 2 https://github.com/thelounge/thelounge 1 https://github.com/plone/Products.CMFPlone 1 https://github.com/dojo/dijit 1 https://github.com/jenkinsci/mercurial-plugin 1 https://github.com/Consensys/gnark-crypto 1 https://github.com/personnummer/csharp 1 https://github.com/joeferner/redis-commander 1 https://github.com/fastify/fastify-http-proxy 1 https://github.com/brefphp/bref 1 https://github.com/electron-userland/electron-packager 1 https://github.com/knative-extensions/eventing-github 1 https://github.com/swagger-api/swagger-codegen 1 https://github.com/Azure/setup-kubectl 1 https://github.com/httpie/httpie 1 https://github.com/canonical/lxd 1 https://github.com/jquery-validation/jquery-validation 1 https://github.com/yiisoft/yii2-authclient 1 https://github.com/vapor/postgres-nio 1 https://github.com/waysact/webpack-subresource-integrity 1 https://github.com/google/zerocopy 1 https://github.com/keystonejs/keystone 1 https://github.com/ezsystems/ezpublish-kernel 1 https://github.com/tinymce/tinymce 1 https://github.com/NVIDIA/NeMo 1 https://github.com/croogo/croogo 1 https://github.com/derbyjs/derby 1 https://github.com/puma/puma 1 https://github.com/endojs/endo 1 https://github.com/moq/moq 1 https://github.com/rails/globalid 1 https://github.com/medikoo/es5-ext 1 https://github.com/jenkinsci/email-ext-plugin 1 https://github.com/python-imaging/Pillow 1 https://github.com/jenkinsci/qmetry-for-jira-test-management-plugin 1 https://github.com/Cyber-Domain-Ontology/CDO-Utility-Local-UUID 1 https://github.com/simplegeo/python-oauth2 1 https://github.com/decidim/decidim 1 https://github.com/spinacms/spina 1 https://github.com/keylime/keylime 1 https://github.com/vega/vega 1 https://github.com/Masterminds/goutils 1 https://github.com/skylot/jadx 1 https://github.com/cloudfoundry/uaa 1 https://github.com/directus/directus 1 https://github.com/Twipped/ircdkit 1 https://github.com/spring-projects/spring-data-rest 1 https://github.com/ktorio/ktor 1 https://github.com/PrestaShop/productcomments 1 https://github.com/mlflow/mlflow 1 https://github.com/kopia/kopia 1 https://github.com/fluent/fluentd 1 https://github.com/jcubic/jquery.terminal 1 https://github.com/lexik/LexikJWTAuthenticationBundle 1 https://github.com/kitabisa/teler 1 https://github.com/firebase/firebase-tools 1 https://github.com/jeremylong/DependencyCheck 1 https://github.com/tauri-apps/tauri 1 https://github.com/node-red/node-red 1 https://github.com/ubernostrum/django-registration 1 https://github.com/personnummer/php 1 https://github.com/openjdk/jfx 1 https://github.com/livehelperchat/livehelperchat 1 https://github.com/CosmWasm/cosmwasm 1 https://github.com/cjvnjde/google-translate-api-browser 1 https://github.com/floriangaerber/Magnesium-PHP 1 https://github.com/zowe/imperative 1 https://github.com/jenkinsci/digitalocean-plugin 1 https://github.com/theupdateframework/go-tuf 1 https://github.com/admidio/admidio 1 https://github.com/jenkinsci/inedo-buildmaster-plugin 1 https://github.com/onionshare/onionshare 1 https://github.com/sparklemotion/sqlite3-ruby 1 https://github.com/memorysafety/sudo-rs 1 https://github.com/ericcornelissen/shescape 1 https://github.com/alphagov/tech-docs-gem 1 https://github.com/tailscale/tailscale 1 https://github.com/Nebulosus/shamir 1 https://github.com/ajenti/ajenti 1 https://github.com/xuxueli/xxl-job 1 https://github.com/yourls/yourls 1 https://github.com/bbatsov/rubocop 1 https://github.com/dan1hc/fgr 1 https://github.com/jenkinsci/github-plugin 1 https://github.com/kiwitcms/Kiwi 1 https://github.com/gradle/gradle 1 https://gitlab.com/edneville/please 1 https://github.com/xmlunit/xmlunit 1 https://github.com/octokit/octopoller.rb 1 https://github.com/disintegration/imaging 1 https://github.com/node-js-libs/cli 1 https://github.com/Brondahl/EnumStringValues 1 https://github.com/foxcpp/maddy 1 https://github.com/jenkinsci/git-client-plugin 1 https://github.com/personnummer/go 1 https://github.com/amundsen-io/amundsenfrontendlibrary 1 https://github.com/elastic/apm-agent-go 1 https://github.com/rust-vmm/linux-loader 1 https://github.com/jenkinsci/resource-disposer-plugin 1 https://github.com/zopefoundation/Products.GenericSetup 1 https://github.com/npm/npm 1 https://github.com/triaxtec/openapi-python-client 1 https://github.com/arguiot/EyeJS 1 https://github.com/dub-flow/vulnerability-research 1 https://github.com/jenkinsci/gitlab-plugin 1 https://github.com/impredicative/bitlyshortener 1