Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories

Loading...
Moderate
GSA_kwCzR0hTQS1yNzVtLTI2Y3EtbWp4Y84AA6ax
Serverpod improved security for stored password hashes
Ecosystems: pub
Packages: serverpod_auth_server
Source: GitHub Advisory Database
Blast Radius: 3.2
Published: about 1 month ago
High
GSA_kwCzR0hTQS1oNng3LXI1cmcteDVmd84AA6aw
Serverpod client accepts any certificate
Ecosystems: pub
Packages: serverpod_client
Source: GitHub Advisory Database
Blast Radius: 9.3
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS1tcmozLWYyaDQtN3c0Nc4AA6av
Saleor: Customers' addresses leak when using Warehouse as a `Pickup: Local stock only` delivery method
Ecosystems: pypi
Packages: saleor
Source: GitHub Advisory Database
Blast Radius: 1.3
Published: about 1 month ago
High
GSA_kwCzR0hTQS1wd3FtLXg1eDYtNTU4Ns4AA6au
Cilium has insecure IPsec transport encryption
Ecosystems: go
Packages: github.com/cilium/cilium
Source: GitHub Advisory Database
Blast Radius: 16.1
Published: about 1 month ago
High
GSA_kwCzR0hTQS03cjNoLTRwaDgtdzM4Z84AA6at
Cross site scripting (XSS) in JupyterHub via Self-XSS leveraged by Cookie Tossing
Ecosystems: pypi
Packages: jupyterhub
Source: GitHub Advisory Database
Blast Radius: 23.5
Published: about 1 month ago
High
GSA_kwCzR0hTQS1ocjV3LWN3d3EtMnY0bc4AA6as
ZITADEL's Improper Content-Type Validation Leads to Account Takeover via Stored XSS + CSP Bypass
Ecosystems: go
Packages: github.com/zitadel/zitadel
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS1ncDhnLWY0MmYtOTVxMs4AA6ar
ZITADEL's actions can overload reserved claims
Ecosystems: go
Packages: github.com/zitadel/zitadel
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 month ago
High
GSA_kwCzR0hTQS0yZzRjLThmcG0tYzQ2ds4AA6YV
web3-utils Prototype Pollution vulnerability
Ecosystems: npm
Packages: web3-utils
Source: GitHub Advisory Database
Blast Radius: 36.9
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS1yM2h4LXFmaDUtcjltN84AA6YJ
Elasticsearch Incorrect Authorization vulnerability
Ecosystems: maven
Packages: org.elasticsearch:elasticsearch
Source: GitHub Advisory Database
Blast Radius: 18.8
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS13NWdnLTJxNTYtNmg0Zs4AA6Xy
Elasticsearch Uncontrolled Resource Consumption vulnerability
Ecosystems: maven
Packages: org.elasticsearch:elasticsearch
Source: GitHub Advisory Database
Blast Radius: 20.9
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS01NjY3LTN3Y2gtN3E3d84AA6V6
Eclipse Vert.x memory leak
Ecosystems: maven
Packages: io.vertx:vertx-core
Source: GitHub Advisory Database
Blast Radius: 25.7
Published: about 1 month ago
High
GSA_kwCzR0hTQS13djI4LTdmcHctZmo0Oc4AA6Vg
Lektor does not sanitize database path traversal
Ecosystems: pypi
Packages: Lektor
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 month ago
High
GSA_kwCzR0hTQS1yMzY0LW0yajktbWY0aM4AA6Un
gradio Server-Side Request Forgery vulnerability
Ecosystems: pypi
Packages: gradio
Source: GitHub Advisory Database
Blast Radius: 29.7
Published: about 1 month ago
High
GSA_kwCzR0hTQS02cHdnLWdnNmotNWNybc4AA6UB
Ignite Realtime Openfire privilege escalation vulnerability
Ecosystems: maven
Packages: org.igniterealtime.openfire:xmppserver
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 month ago
High
GSA_kwCzR0hTQS01eHZjLXJ3djgtODZwN84AA6T5
Ignite Realtime Openfire privilege escalation vulnerability
Ecosystems: maven
Packages: org.igniterealtime.openfire:xmppserver
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS00MzhjLTM5NzUtNXgzZs4AA6Te
TinyMCE Cross-Site Scripting (XSS) vulnerability in handling iframes
Ecosystems: packagist, nuget, npm
Packages: tinymce/tinymce, TinyMCE, tinymce
Source: GitHub Advisory Database
Blast Radius: 30.8
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS01MzU5LXB2ZjItcHc3OM4AA6Td
TinyMCE Cross-Site Scripting (XSS) vulnerability in handling external SVG files through Object or Embed elements
Ecosystems: nuget, npm, packagist
Packages: TinyMCE, tinymce, tinymce/tinymce
Source: GitHub Advisory Database
Blast Radius: 30.8
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS01NzM3LXJxdjQtdjQ0Nc4AA6Tc
Pimcore Preview Documents are not restricted to logged in users anymore
Ecosystems: packagist
Packages: pimcore/pimcore
Source: GitHub Advisory Database
Blast Radius: 16.2
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS1jZmYzLTVxcnAtaHF4N84AA6TU
Apache Airflow Improper Preservation of Permissions vulnerability
Ecosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Blast Radius: 16.9
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS1xODRtLXJtdzMtNDM4Ms4AA6Si
LangChain's XMLOutputParser vulnerable to XML Entity Expansion
Ecosystems: pypi
Packages: langchain-core
Source: GitHub Advisory Database
Blast Radius: 13.1
Published: about 1 month ago
Low
GSA_kwCzR0hTQS1tNzMyLXd2aDItN2NxNM4AA6R7
Unauthenticated views may expose information to anonymous users
Ecosystems: pypi
Packages: nautobot
Source: GitHub Advisory Database
Blast Radius: 6.2
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS1xN2c2LXhmaDItdmhweM4AA6Rq
phpMyFAQ stored Cross-site Scripting at user email
Ecosystems: packagist
Packages: phpmyfaq/phpmyfaq
Source: GitHub Advisory Database
Blast Radius: 3.3
Published: about 1 month ago
High
GSA_kwCzR0hTQS1wd2gyLWZwZnIteDVnZs4AA6Rp
phpMyFAQ's File Upload Bypass at Category Image Leads to RCE
Ecosystems: packagist
Packages: phpmyfaq/phpmyfaq
Source: GitHub Advisory Database
Blast Radius: 4.3
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS02cDY4LTM2bTYtMzkycs4AA6Ro
phpMyFAQ Stored Cross-site Scripting at FAQ News Content
Ecosystems: packagist
Packages: phpmyfaq/phpmyfaq
Source: GitHub Advisory Database
Blast Radius: 2.6
Published: about 1 month ago
High
GSA_kwCzR0hTQS0yZ3J3LW1jOXItODIycs4AA6Rn
phpMyFAQ SQL injections at insertentry & saveentry
Ecosystems: packagist
Packages: phpmyfaq/phpmyfaq
Source: GitHub Advisory Database
Blast Radius: 5.3
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS00OHZ3LWpwZjgtaHdxaM4AA6Rm
phpMyFAQ Stored HTML Injection at contentLink
Ecosystems: packagist
Packages: phpmyfaq/phpmyfaq
Source: GitHub Advisory Database
Blast Radius: 3.1
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS1obThyLTk1ZzMtNWhqOc4AA6Rl
phpMyFAQ Stored Cross-site Scripting at File Attachments
Ecosystems: packagist
Packages: phpmyfaq/phpmyfaq
Source: GitHub Advisory Database
Blast Radius: 2.6
Published: about 1 month ago
High
GSA_kwCzR0hTQS1xZ3h4LTR4djUtNmhjd84AA6Rk
phpMyFAQ SQL Injection at "Save News"
Ecosystems: packagist
Packages: phpmyfaq/phpmyfaq
Source: GitHub Advisory Database
Blast Radius: 5.3
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS12N3B4LTQ2djktNXF3cM4AA6Rj
Storefront user can access history and most viewed data from matching back-office user with the same ID
Ecosystems: packagist
Packages: oro/customer-portal
Source: GitHub Advisory Database
Blast Radius: 4.5
Published: about 1 month ago
High
GSA_kwCzR0hTQS1yZjM5LTNmOTgteHI3cs4AA6Ri
WiX based installers are vulnerable to binary hijack when run as SYSTEM
Ecosystems: nuget
Packages: WixToolset.Sdk, wix
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 month ago
High
GSA_kwCzR0hTQS1qeDRwLW00d20tdnZqZ84AA6Rh
Malicious directory junction can cause WiX RemoveFoldersEx to possibly delete elevated files
Ecosystems: nuget
Packages: WixToolset.Util.wixext, wix
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 month ago
High
GSA_kwCzR0hTQS05eHZmLWNqdmYtZmY1cc4AA6Rg
WP Crontrol vulnerable to possible RCE when combined with a pre-condition
Ecosystems: packagist
Packages: johnbillion/wp-crontrol
Source: GitHub Advisory Database
Blast Radius: 2.5
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS01anBtLXg1OHYtNjI0ds4AA6Rf
Netty's HttpPostRequestDecoder can OOM
Ecosystems: maven
Packages: io.netty:netty-codec-http
Source: GitHub Advisory Database
Blast Radius: 20.2
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS12Zm12LWpmYzUtcGpqd84AA6Re
CarrierWave content-Type allowlist bypass vulnerability which possibly leads to XSS remained
Ecosystems: rubygems
Packages: carrierwave
Source: GitHub Advisory Database
Blast Radius: 32.8
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS1ydjk1LTg5NmgtYzJ2Y84AA6Rd
Express.js Open Redirect in malformed URLs
Ecosystems: npm
Packages: express
Source: GitHub Advisory Database
Blast Radius: 38.2
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS12eHEyLXA5MzctM3B4M84AA6Rc
Pinned entity creation form shows wrong data
Ecosystems: packagist
Packages: oro/platform
Source: GitHub Advisory Database
Blast Radius: 9.4
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS0zd2M1LWZjdzItMjMyOc4AA6Rb
KaTeX missing normalization of the protocol in URLs allows bypassing forbidden protocols
Ecosystems: npm
Packages: katex
Source: GitHub Advisory Database
Blast Radius: 24.0
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS1mOTh3LTdjeHItZmYyaM4AA6Ra
KaTeX's `\includegraphics` does not escape filename
Ecosystems: npm
Packages: katex
Source: GitHub Advisory Database
Blast Radius: 27.5
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS1jdnI2LTM3Z3gtdjh3Y84AA6RZ
KaTeX's maxExpand bypassed by Unicode sub/superscripts
Ecosystems: npm
Packages: katex
Source: GitHub Advisory Database
Blast Radius: 28.4
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS02NGZtLThodzItdjcyd84AA6RY
KaTeX's maxExpand bypassed by `\edef`
Ecosystems: npm
Packages: katex
Source: GitHub Advisory Database
Blast Radius: 28.4
Published: about 1 month ago
High
GSA_kwCzR0hTQS0zOGpyLTI5Zmgtdzl2bc4AA6RX
ansys-geometry-core OS Command Injection vulnerability
Ecosystems: pypi
Packages: ansys-geometry-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 month ago
High
GSA_kwCzR0hTQS0yNDZwLXhtZzgtd21jcc4AA6RW
OneUptime Vulnerable to a Privilege Escalation via Local Storage Key Manipulation
Ecosystems: npm
Packages: @oneuptime/common-server, @oneuptime/model
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 month ago
High
GSA_kwCzR0hTQS01OTJqLTk5NWgtcDIzas4AA6RV
RDoc RCE vulnerability with .rdoc_options
Ecosystems: rubygems
Packages: rdoc
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 month ago
High
GSA_kwCzR0hTQS12NWg2LWMyaHYtaHYzcs4AA6RU
StringIO buffer overread vulnerability
Ecosystems: rubygems
Packages: stringio
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 month ago
High
GSA_kwCzR0hTQS1nNHY2LTY5cDYtcTNwNM4AA6RT
WiX Burn-based bundles are vulnerable to binary hijack when run as SYSTEM
Ecosystems: nuget
Packages: PanelSwWix4.Sdk
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 month ago
High
GSA_kwCzR0hTQS13cTg4LWZxNHgtaDJwbc4AA6RS
WiX Burn-based bundles are vulnerable to binary hijack when run as SYSTEM
Ecosystems: nuget
Packages: PanelSW.Custom.WiX
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 month ago
Low
GSA_kwCzR0hTQS1tbWg2LTVjcGYtMmM3Ms4AA6RR
phpMyFAQ Path Traversal in Attachments
Ecosystems: packagist
Packages: phpmyfaq/phpmyfaq
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: about 1 month ago
High
GSA_kwCzR0hTQS04cHByLXd3dzgtaGZqeM4AA6RK
@thi.ng/paths Prototype Pollution vulnerability
Ecosystems: npm
Packages: @thi.ng/paths
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 month ago
High
GSA_kwCzR0hTQS1qd3JjLTN2M2YtNWNxNc4AA6Ph
PaddlePaddle allows arbitrary file read via paddle.vision.ops.read_file
Ecosystems: pypi
Packages: paddlepaddle
Source: GitHub Advisory Database
Blast Radius: 27.4
Published: about 1 month ago
High
GSA_kwCzR0hTQS13ZmdqLXdyZ2gtaDNyM84AA6PP
SSRF Vulnerability on assetlinks_check(act_name, well_knowns)
Ecosystems: pypi
Packages: mobsfscan
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 month ago
High
GSA_kwCzR0hTQS03Zjg4LTVoaHgtNjdtMs4AA6PK
XNIO denial of service vulnerability
Ecosystems: maven
Packages: org.jboss.xnio:xnio-api
Source: GitHub Advisory Database
Blast Radius: 22.9
Published: about 1 month ago
High
GSA_kwCzR0hTQS00eHc4LTlmajctajU4as4AA6O_
Cross-Site Request Forgery in Anchor CMS
Ecosystems: packagist
Packages: anchorcms/anchor-cms
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 month ago
High
GSA_kwCzR0hTQS0yd2h4LWNjcjctZnhxbc4AA6O9
Cross-Site Request Forgery in Anchor CMS
Ecosystems: packagist
Packages: anchorcms/anchor-cms
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS1qNGhxLWY2M3gtZjM5cs4AA6O2
Slow String Operations via MultiPart Requests in Event-Driven Functions
Ecosystems: packagist
Packages: bref/bref
Source: GitHub Advisory Database
Blast Radius: 12.9
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS04ODJqLTR2ajUtN3Ztas4AA6O1
Cache Poisoning Vulnerability
Ecosystems: npm
Packages: translate
Source: GitHub Advisory Database
Blast Radius: 13.9
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS1mNXgzLTMyZzYteHEzNs4AA6O0
Denial of service while parsing a tar file due to lack of folders count validation
Ecosystems: npm
Packages: tar, node-tar
Source: GitHub Advisory Database
Blast Radius: 42.3
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS1wdjlqLWM1M3EtaDQzM84AA6Oz
Gadget chain in Symfony 1 due to uncontrolled unserialized input in sfNamespacedParameterHolder
Ecosystems: packagist
Packages: friendsofsymfony1/symfony1
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 month ago
High
GSA_kwCzR0hTQS0ybTd4LWM3cHgtaHA1OM4AA6Oy
Server Side Template Injection (SSTI) via Twig escape handler
Ecosystems: packagist
Packages: getgrav/grav
Source: GitHub Advisory Database
Blast Radius: 6.9
Published: about 1 month ago
High
GSA_kwCzR0hTQS1yNnZ3LTh2OHItcG1wNM4AA6Ox
Server Side Template Injection (SSTI)
Ecosystems: packagist
Packages: getgrav/grav
Source: GitHub Advisory Database
Blast Radius: 6.9
Published: about 1 month ago
High
GSA_kwCzR0hTQS1xZnY0LXE0NHItZzdyds4AA6Ow
Server Side Template Injection (SSTI)
Ecosystems: packagist
Packages: getgrav/grav
Source: GitHub Advisory Database
Blast Radius: 6.9
Published: about 1 month ago
High
GSA_kwCzR0hTQS1jOWdwLTY0YzQtMnJyaM4AA6Ov
Server-Side Template Injection (SSTI) with Grav CMS security sandbox bypass
Ecosystems: packagist
Packages: getgrav/grav
Source: GitHub Advisory Database
Blast Radius: 8.4
Published: about 1 month ago
High
GSA_kwCzR0hTQS1tN2h4LWh3NmgtbXFtY84AA6Ou
File Upload Path Traversal
Ecosystems: packagist
Packages: getgrav/grav
Source: GitHub Advisory Database
Blast Radius: 6.9
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS1mNm1oLTc5dmgtMmh2N84AA6Os
Cross-site Scripting in Moodle Chat
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS0zeDlnLXhmajUtZnE4NM4AA6Nf
Cross-Site Request Forgery in Gradio
Ecosystems: pypi
Packages: gradio
Source: GitHub Advisory Database
Blast Radius: 17.5
Published: about 1 month ago
High
GSA_kwCzR0hTQS13cjNqLXB3ajktaHFxNs4AA6Nc
Path traversal in webpack-dev-middleware
Ecosystems: npm
Packages: webpack-dev-middleware
Source: GitHub Advisory Database
Blast Radius: 48.0
Published: about 1 month ago
High
GSA_kwCzR0hTQS01OTI1LTg4eGgtNmg5Oc4AA6NN
ESPHome vulnerable to Authentication bypass via Cross site request forgery
Ecosystems: pypi
Packages: esphome
Source: GitHub Advisory Database
Blast Radius: 14.2
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS14anA0LWh3OTQtbXZwNc4AA6Ms
Apache Commons Configuration: StackOverflowError adding property in AbstractListDelimiterHandler.flattenIterator()
Ecosystems: maven
Packages: org.apache.commons:commons-configuration2
Source: GitHub Advisory Database
Blast Radius: 21.8
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS05dzM4LXA2NHYteHBtds4AA6Mr
Apache Commons Configuration: StackOverflowError calling ListDelimiterHandler.flatten(Object, int) with a cyclical object tree
Ecosystems: maven
Packages: org.apache.commons:commons-configuration2
Source: GitHub Advisory Database
Blast Radius: 21.8
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS14Z2o0LTJocmYtajR4Z84AA6Mj
Cross-site scripting in Survey Creator
Ecosystems: npm
Packages: survey-creator
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS00aDVoLXAyM2YtaGpxZs4AA6Lz
SQL injection in Folio Spring Module Core
Ecosystems: maven
Packages: org.folio:spring-module-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS05ajM5LTQ2ODYtbTNjNM4AA6LL
Ibexa Kernel's files with blacklisted extensions can be still saved to drafts
Ecosystems: packagist
Packages: ibexa/core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS1td3ZoLXAzaHgteDRnZ84AA6LK
Ibexa Kernel's files with blacklisted extensions can be still saved to drafts
Ecosystems: packagist
Packages: ezsystems/ezplatform-kernel
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 month ago
High
GSA_kwCzR0hTQS03OGh4LWdwNmctN21qNs4AA6LJ
Memory leaks in code encrypting and verifying RSA payloads
Ecosystems: go
Packages: github.com/microsoft/go-crypto-openssl/openssl, github.com/golang-fips/openssl/v2, github.com/microsoft/go-crypto-openssl, github.com/golang-fips/openssl/openssl, github.com/golang-fips/go
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 month ago
High
GSA_kwCzR0hTQS01NW0zLTQ0eGYtaGc0aM4AA6LI
GoogleOAuthenticator.hosted_domain incorrectly verifies membership of an Google organization/workspace
Ecosystems: pypi
Packages: oauthenticator
Source: GitHub Advisory Database
Blast Radius: 15.9
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS1tcTM5LTRndjQtbXZweM4AA6LH
Moby's external DNS requests from 'internal' networks could lead to data exfiltration
Ecosystems: go
Packages: github.com/docker/docker
Source: GitHub Advisory Database
Blast Radius: 27.2
Published: about 1 month ago
Low
GSA_kwCzR0hTQS01NTJmLTk3d2YtcG1wcc4AA6LG
Umbraco possible user enumeration
Ecosystems: nuget
Packages: UmbracoCMS
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS14NHg1LWp2M3gtOWM3bc4AA6LF
`qiskit_ibm_runtime.RuntimeDecoder` can execute arbitrary code
Ecosystems: pypi
Packages: qiskit-ibm-runtime
Source: GitHub Advisory Database
Blast Radius: 5.9
Published: about 1 month ago
Low
GSA_kwCzR0hTQS1jcTk2LTk5NzQtdjhobc4AA6LE
Dynamic Variable Evaluation in qiskit-ibm-runtime
Ecosystems: pypi
Packages: qiskit-ibm-runtime
Source: GitHub Advisory Database
Blast Radius: 3.1
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS14NjM3LXg4cDMtNXAyMs4AA6Jm
Improper Authentication in Spring Authorization Server
Ecosystems: maven
Packages: org.springframework.security:spring-security-oauth2-authorization-server
Source: GitHub Advisory Database
Blast Radius: 17.5
Published: about 1 month ago
Critical
GSA_kwCzR0hTQS13M3ZjLWZ4OXAtd3A0ds4AA6JP
Jupyter Server Proxy's Websocket Proxying does not require authentication
Ecosystems: pypi
Packages: jupyter-server-proxy
Source: GitHub Advisory Database
Blast Radius: 24.2
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS04OHdjLWZjajktcTNyOc4AA6JO
GeoServer's GWC Demos Page vulnerable to Stored Cross-Site Scripting (XSS)
Ecosystems: maven
Packages: org.geoserver:gs-gwc
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS03eDc2LTU3ZnItbTVyNc4AA6JN
GeoServer's MapML HTML Page vulnerable to Stored Cross-Site Scripting (XSS)
Ecosystems: maven
Packages: org.geoserver.extension:gs-mapml
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS1mY3BtLWhjaGotbWg3Ms4AA6JM
GeoServer's WMS OpenLayers Format vulnerable to Stored Cross-Site Scripting (XSS)
Ecosystems: maven
Packages: org.geoserver:gs-wms
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS01NnIzLWY1MzYtNWdmN84AA6JL
GeoServer's GWC Seed Form vulnerable to Stored Cross-Site Scripting (XSS)
Ecosystems: maven
Packages: org.geoserver:gs-gwc-rest
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS1mZzl2LTU2aHctZzUyNc4AA6JK
GeoServer's Simple SVG Renderer vulnerable to Stored Cross-Site Scripting (XSS)
Ecosystems: maven
Packages: org.geoserver:gs-wms
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS05cmZyLXBmMngtZzR4Zs4AA6JJ
GeoServer's Style Publisher vulnerable to Stored Cross-Site Scripting (XSS)
Ecosystems: maven
Packages: org.geoserver:gs-ows, org.geoserver:gs-main
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS03NW01LWhoNHItcTlneM4AA6JI
GeoServer Arbitrary file renaming vulnerability in REST Coverage/Data Store API
Ecosystems: maven
Packages: org.geoserver:gs-restconfig
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS1maDdwLTVmNmctdmoyd84AA6JH
Stored Cross-Site Scripting (XSS) vulnerability in GeoServer's REST Resources API
Ecosystems: maven
Packages: org.geoserver:gs-restconfig
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 month ago
High
GSA_kwCzR0hTQS05djVxLTJnd3EtcTlocc4AA6JG
Arbitrary file upload vulnerability in GeoServer's REST Coverage Store API
Ecosystems: maven
Packages: org.geoserver:gs-restconfig, org.geoserver:gs-platform
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 month ago
High
GSA_kwCzR0hTQS04Zzd2LXZqcmMteDRnNc4AA6JF
GeoServer log file path traversal vulnerability
Ecosystems: maven
Packages: org.geoserver:gs-main
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 month ago
Critical
GSA_kwCzR0hTQS02aGg3LTQ2cjItdmYyOc4AA6JD
Server crashes on invalid Cloud Function or Cloud Job name
Ecosystems: npm
Packages: parse-server
Source: GitHub Advisory Database
Blast Radius: 28.1
Published: about 1 month ago
High
GSA_kwCzR0hTQS1wbWYzLWMzNm0tZzVjZs4AA6JC
Container escape at build time
Ecosystems: go
Packages: github.com/containers/buildah
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS05bWc0LXYzOTItOGo2OM4AA6IR
erlang-jose vulnerable to denial of service via large p2c value
Ecosystems: hex
Packages: jose
Source: GitHub Advisory Database
Blast Radius: 16.5
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS04dnZwLTUyNWgtY3hmOc4AA6Hm
Cross-Site Request Forgery in Apache Wicket
Ecosystems: maven
Packages: org.apache.wicket:wicket
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS1mNmc2LXBqZ2MtNWNqNc4AA6Hl
Improper Input Validation vulnerability in Apache Hop Engine
Ecosystems: maven
Packages: org.apache.hop:hop
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 month ago
High
GSA_kwCzR0hTQS1jZzI0LWpqcjUtcnhtZs4AA6Hh
Path traversal in flaskcode Devan-Kerman ARRP
Ecosystems: maven
Packages: net.devtech:arrp
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS0zODljLWNmODctcW13as4AA6HZ
Cross-site Scripting in livewire/livewire
Ecosystems: packagist
Packages: livewire/livewire
Source: GitHub Advisory Database
Blast Radius: 26.0
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS1majd4LXE5ajctZzZxNs4AA6He
Black vulnerable to Regular Expression Denial of Service (ReDoS)
Ecosystems: pypi
Packages: black
Source: GitHub Advisory Database
Blast Radius: 26.6
Published: about 1 month ago
Low
GSA_kwCzR0hTQS1yajI5LWoyZzQtNzdxOM4AA6Gr
[TagAwareCipher] - Decryption Failure (Regex Match)
Ecosystems: packagist
Packages: ilicmiljan/secure-props
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS12Y2MzLXJ3NmYtanY5N84AA6Gq
Use-after-free in libxml2 via Nokogiri::XML::Reader
Ecosystems: rubygems
Packages: nokogiri
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 month ago
Statistics
Advisories: 18,303
Packages: 8,274
Repositories: 5,001
Ecosystems: 12
Filter by Severity
Moderate 7,900 High 6,336 Critical 2,800 Low 980
Filter by Ecosystem
maven 5,520 packagist 3,783 pypi 3,691 npm 3,534 go 1,889 nuget 1,390 rubygems 814 cargo 775 swift 31 hex 29 actions 16 pub 8
Filter by Package
tensorflow 432 tensorflow-cpu 387 tensorflow-gpu 384 moodle/moodle 318 Microsoft.ChakraCore 247 org.jenkins-ci.main:jenkins-core 189 magento/community-edition 182 org.apache.tomcat:tomcat 134 pimcore/pimcore 116 dolibarr/dolibarr 105 typo3/cms 102 phpmyadmin/phpmyadmin 91 microweber/microweber 91 django 80 apache-airflow 78 typo3/cms-core 73 thorsten/phpmyfaq 70 drupal/core 70 com.fasterxml.jackson.core:jackson-databind 69 ansible 63 github.com/usememos/memos 59 actionpack 57 drupal/drupal 56 org.apache.struts:struts2-core 55 librenms/librenms 54 symfony/symfony 53 concrete5/concrete5 52 apache-superset 48 shopware/platform 48 salt 47 org.keycloak:keycloak-core 47 com.liferay.portal:release.portal.bom 45 Plone 45 baserproject/basercms 43 rdiffweb 42 nokogiri 42 plone 42 Pillow 41 intelliants/subrion 40 craftcms/cms 40 showdoc/showdoc 40 github.com/mattermost/mattermost/server/v8 38 vyper 38 github.com/mattermost/mattermost-server/v6 37 nilsteampassnet/teampass 37 org.apache.tomcat.embed:tomcat-embed-core 37 com.jfinal:jfinal 36 com.thoughtworks.xstream:xstream 36 shopware/core 36 froxlor/froxlor 36 matrix-synapse 35 net.mingsoft:ms-mcms 35 github.com/answerdev/answer 34 org.xwiki.platform:xwiki-platform-oldcore 34 snipe/snipe-it 32 k8s.io/kubernetes 32 org.elasticsearch:elasticsearch 32 silverstripe/framework 32 mlflow 31 opencv-python 30 org.jenkins-ci.plugins:script-security 30 opencv-contrib-python 30 parse-server 29 github.com/argoproj/argo-cd 29 mautic/core 28 github.com/rancher/rancher 28 github.com/grafana/grafana 28 github.com/hashicorp/vault 28 shopware/shopware 27 io.undertow:undertow-core 27 getgrav/grav 27 org.keycloak:keycloak-services 27 Django 27 centreon/centreon 27 github.com/hashicorp/nomad 26 github.com/hashicorp/consul 26 openssl-src 26 electron 26 org.apache.solr:solr-core 25 org.keycloak:keycloak-parent 25 rubygems-update 25 gogs.io/gogs 24 magento/core 24 prestashop/prestashop 24 github.com/argoproj/argo-cd/v2 23 pocketmine/pocketmine-mp 23 remdex/livehelperchat 23 org.eclipse.jetty:jetty-server 23 puppet 23 moin 23 org.springframework.security:spring-security-core 23 ckb 22 rack 22 grumpydictator/firefly-iii 22 getkirby/cms 22 org.apache.nifi:nifi 22 activerecord 21 org.apache.openmeetings:openmeetings-parent 21 contao/core-bundle 21 @openzeppelin/contracts-upgradeable 21 org.cloudfoundry.identity:cloudfoundry-identity-server 20 github.com/cilium/cilium 20 @openzeppelin/contracts 20 github.com/ethereum/go-ethereum 19 code.gitea.io/gitea 19 DotNetNuke.Core 19 github.com/docker/docker 19 org.springframework:spring-core 19 contao/contao 18 tribalsystems/zenario 18 forkcms/forkcms 18 langchain 18 com.liferay.portal:release.dxp.bom 18 org.bouncycastle:bcprov-jdk14 18 com.vaadin:vaadin-bom 18 helm.sh/helm/v3 18 genix/cms 17 PaddlePaddle 17 org.xwiki.platform:xwiki-platform-web-templates 17 Microsoft.AspNetCore.App.Runtime.win-x64 17 Microsoft.AspNetCore.App.Runtime.win-x86 17 golang.org/x/net 17 francoisjacquet/rosariosis 17 org.apache.geode:geode-core 17 cobbler 17 cakephp/cakephp 17 symfony/security 17 cockpit-hq/cockpit 17 simplesamlphp/simplesamlphp 17 org.apache.activemq:activemq-client 16 org.apache.dubbo:dubbo 16 pillow 16 org.bouncycastle:bcprov-jdk15 16 Microsoft.AspNetCore.App.Runtime.win-arm 16 mercurial 16 sequelize 16 directus 16 yetiforce/yetiforce-crm 16 wasmtime 16 rusqlite 16 nova 15 cryptography 15 paddlepaddle 15 github.com/goharbor/harbor 15 topthink/framework 15 org.apache.struts.xwork:xwork-core 15 org.apache.jspwiki:jspwiki-main 15 Microsoft.AspNetCore.App.Runtime.linux-arm 15 notebook 15 Microsoft.AspNetCore.App.Runtime.linux-arm64 15 openmage/magento-lts 15 Microsoft.AspNetCore.App.Runtime.linux-musl-x64 15 Microsoft.AspNetCore.App.Runtime.linux-x64 15 Microsoft.AspNetCore.App.Runtime.osx-x64 15 activesupport 14 modoboa 14 zendframework/zendframework1 14 phpmailer/phpmailer 14 ezsystems/ezpublish-kernel 14 typo3/cms-backend 14 swagger-ui 14 org.xwiki.platform:xwiki-platform-web 14 pyftpdlib 14 smarty/smarty 14 gradio 14 symfony/security-http 14 pyload-ng 14 tinymce 14 publify_core 14 ghost 14 ec-cube/ec-cube 14 Microsoft.AspNetCore.App.Runtime.win-arm64 14 Microsoft.AspNetCore.App.Runtime.linux-musl-arm64 14 passenger 13 github.com/nats-io/nats-server/v2 13 org.apache.cxf:cxf 13 october/system 13 impresscms/impresscms 13 joplin 13 keystone 13 github.com/containerd/containerd 13 org.apache.inlong:manager-pojo 13 codeigniter4/framework 13 github.com/mattermost/mattermost-server 13 ckeditor4 13 next 13 elefant/cms 13 github.com/traefik/traefik/v2 13 lavalite/cms 13 strapi 13 org.apache.hadoop:hadoop-main 13 org.apache.dolphinscheduler:dolphinscheduler 12 bolt/bolt 12 vm2 12 undici 12 Microsoft.NETCore.App.Runtime.win-arm64 12 Microsoft.NETCore.App.Runtime.win-x64 12 Microsoft.NETCore.App.Runtime.win-x86 12 neutron 12 actionview 12
Filter by Repository
https://github.com/tensorflow/tensorflow 432 https://github.com/chakra-core/ChakraCore 214 https://github.com/moodle/moodle 210 https://github.com/xwiki/xwiki-platform 172 https://github.com/jenkinsci/jenkins 148 https://github.com/pimcore/pimcore 111 https://github.com/apache/tomcat 96 https://github.com/apache/airflow 90 https://github.com/microweber/microweber 85 https://github.com/django/django 73 https://github.com/FasterXML/jackson-databind 70 https://github.com/thorsten/phpmyfaq 69 https://github.com/keycloak/keycloak 59 https://github.com/usememos/memos 59 https://github.com/Dolibarr/dolibarr 54 https://github.com/ansible/ansible 53 https://github.com/rails/rails 53 https://github.com/python-pillow/Pillow 52 https://github.com/kubernetes/kubernetes 48 https://github.com/symfony/symfony 47 https://github.com/apache/struts 46 https://github.com/librenms/librenms 46 https://github.com/shopware/platform 43 https://github.com/ikus060/rdiffweb 42 https://github.com/TYPO3/typo3 42 https://github.com/spring-projects/spring-framework 41 https://github.com/star7th/showdoc 38 https://github.com/vyperlang/vyper 38 https://github.com/phpmyadmin/phpmyadmin 38 https://github.com/argoproj/argo-cd 37 https://github.com/plone/Products.CMFPlone 37 https://github.com/x-stream/xstream 36 https://github.com/answerdev/answer 34 https://github.com/concretecms/concretecms 34 https://github.com/octobercms/october 33 https://github.com/apache/activemq 32 https://github.com/matrix-org/synapse 32 https://github.com/magento/magento2 31 https://github.com/sparklemotion/nokogiri 31 https://github.com/PaddlePaddle/Paddle 31 https://github.com/go-gitea/gitea 31 https://github.com/parse-community/parse-server 29 https://github.com/saltstack/salt 29 https://github.com/craftcms/cms 29 https://github.com/snipe/snipe-it 28 https://github.com/CVEProject/cvelist 28 https://github.com/opencv/opencv 28 https://github.com/mautic/mautic 27 https://github.com/froxlor/froxlor 26 https://github.com/apache/inlong 25 https://github.com/electron/electron 25 https://github.com/mlflow/mlflow 25 https://github.com/rancher/rancher 25 https://github.com/shopware/shopware 24 https://github.com/TYPO3/TYPO3.CMS 24 https://github.com/livehelperchat/livehelperchat 23 https://github.com/eclipse/jetty.project 23 https://github.com/getgrav/grav 23 https://github.com/github/advisory-database 23 https://github.com/pmmp/PocketMine-MP 23 https://github.com/dotnet/runtime 23 https://github.com/grafana/grafana 22 https://github.com/nervosnetwork/ckb 22 https://github.com/baserproject/basercms 22 https://github.com/firefly-iii/firefly-iii 22 https://github.com/contao/contao 22 https://github.com/strapi/strapi 21 https://github.com/apache/nifi 21 https://github.com/OpenNMS/opennms 20 https://github.com/cilium/cilium 20 https://github.com/gogs/gogs 20 https://github.com/OpenZeppelin/openzeppelin-contracts 20 https://github.com/jenkinsci/script-security-plugin 20 https://github.com/netty/netty 20 https://github.com/jeecgboot/jeecg-boot 20 https://github.com/PrestaShop/PrestaShop 20 https://github.com/hashicorp/consul 19 https://github.com/helm/helm 19 https://github.com/apache/cxf 19 https://github.com/intelliants/subrion 19 https://github.com/cloudfoundry/uaa 19 https://github.com/nilsteampassnet/teampass 19 https://github.com/bcgit/bc-java 18 https://github.com/nilsteampassnet/TeamPass 18 https://github.com/getkirby/kirby 18 https://github.com/rubygems/rubygems 18 https://github.com/vaadin/platform 17 https://github.com/liufee/cms 17 https://github.com/bytecodealliance/wasmtime 17 https://github.com/rack/rack 17 https://github.com/hashicorp/vault 16 https://github.com/sequelize/sequelize 16 https://github.com/opencast/opencast 16 https://github.com/yetiforcecompany/yetiforcecrm 16 https://github.com/umbraco/Umbraco-CMS 16 https://github.com/rusqlite/rusqlite 16 https://github.com/forkcms/forkcms 16 https://github.com/etcd-io/etcd 16 https://github.com/centreon/centreon 15 https://github.com/OpenMage/magento-lts 15 https://github.com/directus/directus 15 https://github.com/ethereum/go-ethereum 15 https://github.com/apache/camel 15 https://github.com/geoserver/geoserver 15 https://github.com/puppetlabs/puppet 15 https://github.com/goharbor/harbor 15 https://github.com/langchain-ai/langchain 14 https://github.com/denoland/deno 14 https://github.com/tinymce/tinymce 14 https://github.com/pyload/pyload 14 https://github.com/pyca/cryptography 14 https://github.com/vantage6/vantage6 14 https://github.com/simplesamlphp/simplesamlphp 14 https://github.com/mattermost/mattermost 14 https://github.com/cockpit-hq/cockpit 14 https://github.com/moby/moby 14 https://github.com/cobbler/cobbler 14 https://github.com/PHPMailer/PHPMailer 14 https://github.com/dompdf/dompdf 13 https://github.com/containerd/containerd 13 https://github.com/modoboa/modoboa 13 https://github.com/publify/publify 13 https://github.com/gradio-app/gradio 13 https://github.com/golang/go 13 https://github.com/ming-soft/MCMS 13 https://github.com/undertow-io/undertow 13 https://github.com/hashicorp/nomad 13 https://github.com/xuxueli/xxl-job 13 https://github.com/traefik/traefik 13 https://github.com/silverstripe/silverstripe-framework 13 https://github.com/quarkusio/quarkus 13 https://github.com/swagger-api/swagger-ui 13 https://github.com/laurent22/joplin 12 https://github.com/TryGhost/Ghost 12 https://github.com/backstage/backstage 12 https://github.com/twisted/twisted 12 https://github.com/apache/dolphinscheduler 12 https://github.com/apache/kylin 12 https://github.com/patriksimek/vm2 12 https://github.com/centreon/centreon-archived 12 https://github.com/nodejs/undici 12 https://github.com/ckeditor/ckeditor4 12 https://github.com/dromara/hutool 12 https://github.com/urllib3/urllib3 11 https://github.com/smarty-php/smarty 11 https://github.com/igniterealtime/Openfire 11 https://github.com/zitadel/zitadel 11 https://github.com/cloudflare/cfrpki 11 https://github.com/thorsten/phpMyFAQ 11 https://github.com/drupal/core 11 https://github.com/onionshare/onionshare 11 https://github.com/jquery/jquery 11 https://github.com/cakephp/cakephp 11 https://github.com/containers/podman 11 https://github.com/puma/puma 11 https://github.com/opencontainers/runc 11 https://github.com/NodeBB/NodeBB 11 https://github.com/openfga/openfga 11 https://github.com/Studio-42/elFinder 11 https://github.com/vaadin/flow 11 https://github.com/openstack/keystone 11 https://github.com/janeczku/calibre-web 11 https://github.com/dpgaspar/Flask-AppBuilder 10 https://github.com/phusion/passenger 10 https://github.com/aio-libs/aiohttp 10 https://github.com/dolibarr/dolibarr 10 https://github.com/OPCFoundation/UA-.NETStandard 10 https://github.com/cosmos/cosmos-sdk 10 https://github.com/keystonejs/keystone 10 https://github.com/zopefoundation/Zope 10 https://github.com/greenpau/caddy-security 10 https://github.com/nats-io/nats-server 10 https://github.com/jenkinsci/git-plugin 10 https://github.com/WWBN/AVideo 10 https://github.com/ezsystems/ezpublish-kernel 10 https://github.com/jupyter/notebook 10 https://github.com/1Panel-dev/1Panel 10 https://github.com/pimcore/admin-ui-classic-bundle 10 https://github.com/dotnet/aspnetcore 10 https://github.com/codeigniter4/CodeIgniter4 10 https://github.com/wagtail/wagtail 10 https://github.com/nextauthjs/next-auth 10 https://github.com/top-think/framework 9 https://github.com/giampaolo/pyftpdlib 9 https://github.com/cui2shark/cms 9 https://github.com/apache/lucene-solr 9 https://github.com/DSpace/DSpace 9 https://github.com/rails/rails-html-sanitizer 9 https://github.com/bolt/bolt 9 https://github.com/cri-o/cri-o 9 https://github.com/spring-projects/spring-security 9 https://github.com/evershopcommerce/evershop 9 https://github.com/Graylog2/graylog2-server 9 https://github.com/kevinpapst/kimai2 9 https://github.com/semplon/GeniXCMS 9 https://github.com/LavaLite/cms 9 https://github.com/alextselegidis/easyappointments 9 https://github.com/fatfreecrm/fat_free_crm 9 https://github.com/Pylons/waitress 9