Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Moderate Security Advisories

Loading...
Moderate
GSA_kwCzR0hTQS03ZzNjLWhyYzYtNXY0as4AATSp
Centreon XSS Vulnerability
Ecosystems: packagist
Packages: centreon/centreon
Source: GitHub Advisory Database
Blast Radius: 2.9
Published: almost 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXYyZjMtZjh4NC1tM3c4
Cross Site Scripting in LavaLite CMS
Ecosystems: packagist
Packages: lavalite/cms
Source: GitHub Advisory Database
Blast Radius: 2.9
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS12eHdmLTc5Y2gtZjdmN84AAwMM
baserCMS vulnerable to stored Cross-site Scripting
Ecosystems: packagist
Packages: baserproject/basercms
Source: GitHub Advisory Database
Blast Radius: 2.9
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS05Y3c5LW03aGctdzhtZs4AA24o
Reportico Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: reportico-web/reportico
Source: GitHub Advisory Database
Blast Radius: 2.9
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS1qZnBnLWpnZ2YtcnBwaM4AAxkN
Cross-site Scripting in thorsten/phpmyfaq
Ecosystems: packagist
Packages: thorsten/phpmyfaq
Source: GitHub Advisory Database
Blast Radius: 2.9
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1xNHF2LTN4NTgtcnhtaM4AAt-C
ForkCMS XSS via `publish_on_time` parameter
Ecosystems: packagist
Packages: forkcms/forkcms
Source: GitHub Advisory Database
Blast Radius: 2.9
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS00d2ZjLWdodjUtMnY3as4AAyeo
phpMyFAQ Stored Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: thorsten/phpmyfaq
Source: GitHub Advisory Database
Blast Radius: 2.9
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1meDJtLTVtOXYtamhncM4AAUnn
XSS in baserCMS before 4.1.4
Ecosystems: packagist
Packages: baserproject/basercms
Source: GitHub Advisory Database
Blast Radius: 2.9
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS03cTljLWYydjgtajhnd84AAyen
phpMyFAQ Stored Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: thorsten/phpmyfaq
Source: GitHub Advisory Database
Blast Radius: 2.9
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS00NzhqLW1jcnItMzg3N84AAW1H
GeniXCMS Cross-site scripting (XSS) vulnerability
Ecosystems: packagist
Packages: genix/cms
Source: GitHub Advisory Database
Blast Radius: 2.9
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1qdjY0LTJtM3gtNnY0cc1RHw
Subrion CMS Cross-site Scripting (XSS) vulnerability in the `contact us` plugin
Ecosystems: packagist
Packages: intelliants/subrion
Source: GitHub Advisory Database
Blast Radius: 2.9
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS01aGYyLTd4ZjQtdzNqNs4AAbn0
GeniXCMS Cross-site Scripting
Ecosystems: packagist
Packages: genix/cms
Source: GitHub Advisory Database
Blast Radius: 2.9
Published: almost 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTU5MnYtN2ZybS1oNDRx
Cross-site scripting in LavaLite-CMS
Ecosystems: packagist
Packages: lavalite/cms
Source: GitHub Advisory Database
Blast Radius: 2.9
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS0zcndqLXY3anAtdzU0Ms4AAWq-
Pagekit Stored Cross-site Scripting
Ecosystems: packagist
Packages: pagekit/pagekit
Source: GitHub Advisory Database
Blast Radius: 2.9
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS03dzJ2LTM1ajMteHJtOc4AAwMO
baserCMS vulnerable to stored Cross-site Scripting
Ecosystems: packagist
Packages: baserproject/basercms
Source: GitHub Advisory Database
Blast Radius: 2.9
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1wdzRqLXI2OW0tcnJyNc4AAt-D
ForkCMS XSS via `end_date` parameter
Ecosystems: packagist
Packages: forkcms/forkcms
Source: GitHub Advisory Database
Blast Radius: 2.9
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS02NXdmLXFtOTUtNm1obc4AAt-O
ForkCMS XSS via `publish_on_date` parameter
Ecosystems: packagist
Packages: forkcms/forkcms
Source: GitHub Advisory Database
Blast Radius: 2.9
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1teHYzLXFjbWYtcjZ3as4AAUJA
Subrion CMS XSS
Ecosystems: packagist
Packages: intelliants/subrion
Source: GitHub Advisory Database
Blast Radius: 2.9
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS05aG1jLTg3aDQtdzg2Oc4AAt-A
ForkCMS stored XSS via `start_date` parameter
Ecosystems: packagist
Packages: forkcms/forkcms
Source: GitHub Advisory Database
Blast Radius: 2.9
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS05NzM4LWM0OXEtNHJnY84AAU3Z
Subrion Cross-site Scripting (XSS)
Ecosystems: packagist
Packages: intelliants/subrion
Source: GitHub Advisory Database
Blast Radius: 2.9
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1yaDRyLTk2ODktNnh3NM4AAuhl
Subrion CMS 4.2.1 vulnerable to cross-site scripting in admin panel
Ecosystems: packagist
Packages: intelliants/subrion
Source: GitHub Advisory Database
Blast Radius: 2.9
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS02cng5LWMycmgtM3F2NM4AA2A7
OpenStack Barbican information disclosure vulnerability
Ecosystems: pypi
Packages: barbican
Source: GitHub Advisory Database
Blast Radius: 2.9
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS1tOXFtLW01dzUtOXBnas4AAyjy
thorsten/phpmyfaq vulnerable to stored cross-site scripting (XSS) via updatecategory parameter
Ecosystems: packagist
Packages: thorsten/phpmyfaq
Source: GitHub Advisory Database
Blast Radius: 2.8
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1ndmc4LXI4dzItOWdmas4AAyeq
phpMyFAQ vulnerable to improper input validation
Ecosystems: packagist
Packages: thorsten/phpmyfaq
Source: GitHub Advisory Database
Blast Radius: 2.8
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1nbWpqLWcycm0teHdtN84AAyj3
thorsten/phpmyfaq vulnerable to cross-site scripting (XSS) via stopword parameter
Ecosystems: packagist
Packages: thorsten/phpmyfaq
Source: GitHub Advisory Database
Blast Radius: 2.8
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1mdzl4LWNxanEtN2p4Nc4AA2uX
baserCMS CSRF vulnerability in Content preview Feature
Ecosystems: packagist
Packages: baserproject/basercms
Source: GitHub Advisory Database
Blast Radius: 2.8
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS04cDQ4LWdodjUtN3FxN84AAyjw
thorsten/phpmyfaq vulnerable to stored cross-site scripting (XSS) via HTML export
Ecosystems: packagist
Packages: thorsten/phpmyfaq
Source: GitHub Advisory Database
Blast Radius: 2.8
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1ncGN2LXAyOHAtZnYycM4AA1CL
odoh-rs's Invalid Slice Split Results in Server Panic
Ecosystems: cargo
Packages: odoh-rs
Source: GitHub Advisory Database
Blast Radius: 2.8
Published: 9 months ago
Moderate
GSA_kwCzR0hTQS1jZ2dtLTUycXAtd3Z3N84AAa-o
txAWS AWSServiceEndpoint defaults to not verifying server certificates
Ecosystems: pypi
Packages: txaws
Source: GitHub Advisory Database
Blast Radius: 2.8
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS01N3d4LW02MzYtZzNnOM4AA4lw
Go package github.com/notaryproject/notation configured with permissive trust policies potentially susceptible to rollback attack from compromised registry
Ecosystems: go
Packages: github.com/notaryproject/notation
Source: GitHub Advisory Database
Blast Radius: 2.8
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS0yOXc2LWM1MmctbThqY84AA49-
C5 Firefly III CSV Injection.
Ecosystems: packagist
Packages: grumpydictator/firefly-iii
Source: GitHub Advisory Database
Blast Radius: 2.8
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS1ndmN3LXg2NG0tcGZjas4AAU23
Wallabag cross-site scripting (XSS) vulnerability
Ecosystems: packagist
Packages: wallabag/wallabag
Source: GitHub Advisory Database
Blast Radius: 2.8
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1wN3htLWc0MjctanhmY84AAzxk
Teampass Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: nilsteampassnet/teampass
Source: GitHub Advisory Database
Blast Radius: 2.8
Published: 11 months ago
Moderate
GSA_kwCzR0hTQS0zOTV4LXd2MzItNDR2Nc4AAwEE
baserproject/basercms vulnerable to cross-site scripting (XSS) vulnerability
Ecosystems: packagist
Packages: baserproject/basercms
Source: GitHub Advisory Database
Blast Radius: 2.8
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1ocTh3LTl3OHctcG14N84AA1vi
WireMock Controlled Server Side Request Forgery vulnerability through URL
Ecosystems: maven
Packages: org.wiremock:wiremock-webhooks-extension
Source: GitHub Advisory Database
Blast Radius: 2.8
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS1yOHhwLTUybXEtcm1tOM4AA49h
Apache ServiceComb Service-Center Exposure of Sensitive Information to an Unauthorized Actor vulnerability
Ecosystems: go
Packages: github.com/apache/servicecomb-service-center
Source: GitHub Advisory Database
Blast Radius: 2.8
Published: 3 months ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTRoanEtNDIycS00dnB4
Mautic vulnerable to secret data exfiltration via symfony parameters
Ecosystems: packagist
Packages: mautic/core
Source: GitHub Advisory Database
Blast Radius: 2.8
Published: about 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTI3N3YtZ3dmci1obXBq
Missing Authentication for Critical Function in LibreNMS
Ecosystems: packagist
Packages: librenms/librenms
Source: GitHub Advisory Database
Blast Radius: 2.7
Published: over 4 years ago
Moderate
GSA_kwCzR0hTQS0yd3B3LWNtOXctdjR4bc4AAwnq
rdiffweb vulnerable to Business Logic Errors
Ecosystems: pypi
Packages: rdiffweb
Source: GitHub Advisory Database
Blast Radius: 2.7
Published: over 1 year ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWc5ODItOXI4Zy02cXh3
Ciborg gem for Ruby allows local users to write files and gain privileges via Symlink
Ecosystems: rubygems
Packages: ciborg
Source: GitHub Advisory Database
Blast Radius: 2.6
Published: almost 6 years ago
Moderate
GSA_kwCzR0hTQS1qamdoLW0zMjItZmp4Ns4AAg4R
Openstack Octavia Access Control Vulnerability
Ecosystems: pypi
Packages: octavia
Source: GitHub Advisory Database
Blast Radius: 2.6
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1nY2c2LXh2NGYtZjc0Oc4AAzk8
janino vulnerable to denial of service due to stack overflow
Ecosystems: maven
Packages: org.codehaus.janino:janino-parent
Source: GitHub Advisory Database
Blast Radius: 2.6
Published: 11 months ago
Moderate
GSA_kwCzR0hTQS1obThyLTk1ZzMtNWhqOc4AA6Rl
phpMyFAQ Stored Cross-site Scripting at File Attachments
Ecosystems: packagist
Packages: phpmyfaq/phpmyfaq
Source: GitHub Advisory Database
Blast Radius: 2.6
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS12NjQyLW1oMjctOGo2bc4AA2gW
MantisBT may disclose project names to unauthorized users
Ecosystems: packagist
Packages: mantisbt/mantisbt
Source: GitHub Advisory Database
Blast Radius: 2.6
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS05MjM2LTh3N3Etcm1yds0edQ
archivy is vulnerable to Cross-Site Request Forgery (CSRF)
Ecosystems: pypi
Packages: archivy
Source: GitHub Advisory Database
Blast Radius: 2.6
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1tdjd4LTI3cGMtOGM5Ns4AAzhW
Go package pydio/cells vulnerable to authorization bypass
Ecosystems: go
Packages: github.com/pydio/cells
Source: GitHub Advisory Database
Blast Radius: 2.6
Published: 11 months ago
Moderate
GSA_kwCzR0hTQS02cDY4LTM2bTYtMzkycs4AA6Ro
phpMyFAQ Stored Cross-site Scripting at FAQ News Content
Ecosystems: packagist
Packages: phpmyfaq/phpmyfaq
Source: GitHub Advisory Database
Blast Radius: 2.6
Published: about 1 month ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXE5cDgtMzN3Yy1oNDMy
Authenticated users can exploit an enumeration vulnerability in Harbor
Ecosystems: go
Packages: github.com/goharbor/harbor
Source: GitHub Advisory Database
Blast Radius: 2.6
Published: almost 3 years ago
Moderate
GSA_kwCzR0hTQS1oZjR4LTZoODctaG03Oc4AAxyU
MantisBT may expose private issues' summaries to unauthorized users
Ecosystems: packagist
Packages: mantisbt/mantisbt
Source: GitHub Advisory Database
Blast Radius: 2.6
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS0zbWNwLTZydjYtYzY5Z84AAWdF
baserCMS arbitrary file upload vulnerability
Ecosystems: packagist
Packages: baserproject/basercms
Source: GitHub Advisory Database
Blast Radius: 2.6
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1mOWM2LTRqOWgtNmM1cs4AAxtA
Misinterpretation of Input in thorsten/phpmyfaq
Ecosystems: packagist
Packages: thorsten/phpmyfaq
Source: GitHub Advisory Database
Blast Radius: 2.6
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS04dmg1LWo2eGotNTk1M84AATSn
Centreon XSS Vulnerability
Ecosystems: packagist
Packages: centreon/centreon
Source: GitHub Advisory Database
Blast Radius: 2.6
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS04d3hmLWM0NXctZzY2Z84AAvIb
rdiffweb vulnerable to password complexity bypass leading to weak passwords
Ecosystems: pypi
Packages: rdiffweb
Source: GitHub Advisory Database
Blast Radius: 2.6
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS04dzNmLTIzNnEtNTNtNM4AATSs
Centreon Cross-site Scripting Vulnerability
Ecosystems: packagist
Packages: centreon/centreon
Source: GitHub Advisory Database
Blast Radius: 2.6
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1ydjVxLTcycDItMnEyNM4AAvEW
Centreon contains cross-site scripting vulnerability via esc_name parameter
Ecosystems: packagist
Packages: centreon/centreon
Source: GitHub Advisory Database
Blast Radius: 2.6
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS04M3BtLTd2NDgtNWpwNM4AAwnu
rdiffweb vulnerable to Special Element Injection
Ecosystems: pypi
Packages: rdiffweb
Source: GitHub Advisory Database
Blast Radius: 2.6
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS04aHAzLXJtcjcteGg4OM4AA5Wv
Open Redirect in github.com/greenpau/caddy-security
Ecosystems: go
Packages: github.com/greenpau/caddy-security
Source: GitHub Advisory Database
Blast Radius: 2.6
Published: 3 months ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJtcDctZjJ2cC0zcnE0
Cross-site scripting in SiCKRAGE
Ecosystems: pypi
Packages: sickrage
Source: GitHub Advisory Database
Blast Radius: 2.6
Published: about 3 years ago
Moderate
GSA_kwCzR0hTQS12ajM2LTNjY3ItNjU2M84AA5Wr
Authentication Bypass by Spoofing in github.com/greenpau/caddy-security
Ecosystems: go
Packages: github.com/greenpau/caddy-security
Source: GitHub Advisory Database
Blast Radius: 2.6
Published: 3 months ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXI1bWYtcTc2cS1mMnhx
Cross-site scripting in Centreon
Ecosystems: packagist
Packages: centreon/centreon
Source: GitHub Advisory Database
Blast Radius: 2.6
Published: almost 3 years ago
Moderate
GSA_kwCzR0hTQS1oaHg4LWNyNTUtcWN4eM4AATot
Improper Neutralization of Input During Web Page Generation in Jupyter Notebook
Ecosystems: pypi
Packages: jupyter-notebook
Source: GitHub Advisory Database
Blast Radius: 2.6
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1tNzQ4LWhqcWctcnBwOM4AAu-1
rdiffweb has insecure HTTP cookies
Ecosystems: pypi
Packages: rdiffweb
Source: GitHub Advisory Database
Blast Radius: 2.5
Published: over 1 year ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTVnbTYtcjc5cS1oZmd3
Denial of service in direct_mail
Ecosystems: packagist
Packages: directmailteam/direct-mail
Source: GitHub Advisory Database
Blast Radius: 2.5
Published: almost 3 years ago
Moderate
GSA_kwCzR0hTQS04aDk1LWpjcDUtcGpwcs4AA5Wt
Improper Validation of Array Index in github.com/greenpau/caddy-security
Ecosystems: go
Packages: github.com/greenpau/caddy-security
Source: GitHub Advisory Database
Blast Radius: 2.5
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS03d3I2LWZqNHgtODkzds4AAvLP
rdiffweb allows a new password to be the same as the previous password
Ecosystems: pypi
Packages: rdiffweb
Source: GitHub Advisory Database
Blast Radius: 2.5
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS05M3g4LTY2ajItd3dyNc4AA5Wo
Server-Side Request Forgery in github.com/greenpau/caddy-security
Ecosystems: go
Packages: github.com/greenpau/caddy-security
Source: GitHub Advisory Database
Blast Radius: 2.5
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS1qMjhyLWo1NG0tZ3BjNM0WJA
Code Injection in SLO Generator
Ecosystems: pypi
Packages: slo-generator
Source: GitHub Advisory Database
Blast Radius: 2.5
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS00ODl4LWNjanctcTdjNM4AASsP
Paymorrow Improper Input Validation vulnerability
Ecosystems: packagist
Packages: oxid-esales/paymorrow-module
Source: GitHub Advisory Database
Blast Radius: 2.5
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1obXFnLXA4ZjgtM3Fyd84AArtt
Out-of-bounds Read in fast-string-search
Ecosystems: npm
Packages: fast-string-search
Source: GitHub Advisory Database
Blast Radius: 2.5
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1ocDU2LXh2ZjQtZzZ3cs4AA19U
Cros secrets may be disclosed to untrusted relay
Ecosystems: go
Packages: github.com/schollz/croc/v9
Source: GitHub Advisory Database
Blast Radius: 2.5
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS1mcWZnLWM1NzctMnZjM84AAvHR
rdiffweb's unlimited length Fullname field can lead to DoS
Ecosystems: pypi
Packages: rdiffweb
Source: GitHub Advisory Database
Blast Radius: 2.5
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS12NHZtLWdqMngtNnFobc4AAgWB
DCE extension for Typo3 Discloses Environment Information
Ecosystems: packagist
Packages: t3/dce
Source: GitHub Advisory Database
Blast Radius: 2.5
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS03bXA2LTkyOXAtcHFoas4AA19V
Croc requires senders to provide local IP addresses in cleartext
Ecosystems: go
Packages: github.com/schollz/croc/v9
Source: GitHub Advisory Database
Blast Radius: 2.5
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS1jaDRjLTI3OHEtNTY1NM4AAuyc
rdiffweb 2.4.1 Missing Custom Error Page
Ecosystems: pypi
Packages: rdiffweb
Source: GitHub Advisory Database
Blast Radius: 2.5
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1wZmo3LTJxZnctdndnbc0Ydg
NodeBB vulnerable to path traversal in translator module
Ecosystems: npm
Packages: nodebb
Source: GitHub Advisory Database
Blast Radius: 2.4
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS12ZnBoLWhqZnYtY3B2Ms4AA5Wx
Improper Restriction of Excessive Authentication Attempts in github.com/greenpau/caddy-security
Ecosystems: go
Packages: github.com/greenpau/caddy-security
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS12cDY2LWdmN3ctOW00eM4AA5Wu
Insufficient Session Expiration in github.com/greenpau/caddy-security
Ecosystems: go
Packages: github.com/greenpau/caddy-security
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS1maGN4LWY3amctangzZs4AA68T
Mautic vulnerable to cross-site scripting in notifications via saving Dashboards
Ecosystems: packagist
Packages: mautic/core
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: 23 days ago
Moderate
GSA_kwCzR0hTQS04cTJoLTRtcTYtMzk2as4AAmxN
Cabot Cross Site Scripting (XSS) vulnerability via Address column
Ecosystems: pypi
Packages: cabot
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: almost 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTk2NTItNzhocC13NThj
Stored cross-site scripting in PressBooks
Ecosystems: packagist
Packages: pressbooks/pressbooks
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: about 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW1qOXItd3dtOC03cTUy
Open Redirect in github.com/AndrewBurian/powermux
Ecosystems: go
Packages: github.com/AndrewBurian/powermux
Source: GitHub Advisory Database
Blast Radius: 2.2
Published: almost 3 years ago
Moderate
GSA_kwCzR0hTQS03ZzN2LTRnZ3IteHZqZs4AA19a
Croc may expose secret to local users
Ecosystems: go
Packages: github.com/schollz/croc/v9
Source: GitHub Advisory Database
Blast Radius: 2.2
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS00cWN2LXFmMzgtNWozas4AA04i
Unintentional leakage of private information via cross-origin websocket session hijacking
Ecosystems: npm
Packages: nodebb
Source: GitHub Advisory Database
Blast Radius: 2.2
Published: 9 months ago
Moderate
GSA_kwCzR0hTQS14djZ4LTQ1NnYtMjR4aM4AAwqM
gotify/server vulnerable to Cross-site Scripting in the application image file upload
Ecosystems: go
Packages: github.com/gotify/server
Source: GitHub Advisory Database
Blast Radius: 2.2
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS05dnhmLW1jbTYtNW00Ms4AAu-C
rdiffweb CSRF could lead to disabling notifications in user profile
Ecosystems: pypi
Packages: rdiffweb
Source: GitHub Advisory Database
Blast Radius: 2.1
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS00NTc2LXBnaDItZzM0as4AA5P1
derhansen/sf_event_mgt vulnerable to Broken Access Control in Backend Module
Ecosystems: packagist
Packages: derhansen/sf_event_mgt
Source: GitHub Advisory Database
Blast Radius: 2.1
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS1qNTU2LXEzNjctMmd3Ns4AAdYM
Roundup sensitive data disclosure vulnerability
Ecosystems: pypi
Packages: roundup
Source: GitHub Advisory Database
Blast Radius: 2.1
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS03amY1LWZ2Z2YtNDhjNs4AAxEf
Velociraptor subject to Path Traversal
Ecosystems: go
Packages: www.velocidex.com/golang/velociraptor
Source: GitHub Advisory Database
Blast Radius: 2.1
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS00d3BoLTl2cm0tNnYzd84AAv6l
Rdiffweb vulnerable to Missing Authentication for Critical Function
Ecosystems: pypi
Packages: rdiffweb
Source: GitHub Advisory Database
Blast Radius: 2.1
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1qMnc0LTQ1cW0tcjY3NM4AAiZq
direct_mail for Typo3 sensitive data exposure
Ecosystems: packagist
Packages: directmailteam/direct-mail
Source: GitHub Advisory Database
Blast Radius: 2.1
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1jdzJ2LXd2NGctdzRwNs4AAu6H
rdiffweb CSRF vulnerability in admin area can lead to deletion of repositories and users
Ecosystems: pypi
Packages: rdiffweb
Source: GitHub Advisory Database
Blast Radius: 2.1
Published: over 1 year ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWc4cmctN3Jwci1jd3Iy
Information Disclosure in TYPO3 extension sf_event_mgt
Ecosystems: packagist
Packages: derhansen/sf_event_mgt
Source: GitHub Advisory Database
Blast Radius: 2.1
Published: over 3 years ago
Moderate
GSA_kwCzR0hTQS1yOTY5LTc4M2YtNmpxcs4AA5Wp
Improper Neutralization of HTTP Headers in github.com/greenpau/caddy-security
Ecosystems: go
Packages: github.com/greenpau/caddy-security
Source: GitHub Advisory Database
Blast Radius: 2.1
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS1oNXF2LXAzNzgtM2hocs4AAkyV
Centreon Sensitive Data Exposure vulnerability
Ecosystems: packagist
Packages: centreon/centreon
Source: GitHub Advisory Database
Blast Radius: 2.1
Published: almost 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTlwbTgteGNqNi0ybTMz
Missing Authorization in TYPO3 extension
Ecosystems: packagist
Packages: directmailteam/direct-mail
Source: GitHub Advisory Database
Blast Radius: 2.1
Published: almost 3 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXF3bWotNzJtcC1xM20y
Missing Authorization in TYPO3 extension
Ecosystems: packagist
Packages: directmailteam/direct-mail
Source: GitHub Advisory Database
Blast Radius: 2.1
Published: almost 3 years ago
Moderate
GSA_kwCzR0hTQS03NGo2LTNoaDQtdzNmNc4AAu_i
rdiffweb Cross-Site Request Forgery vulnerability
Ecosystems: pypi
Packages: rdiffweb
Source: GitHub Advisory Database
Blast Radius: 2.1
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS01Z3d4LXdmOWctcjVteM4AAv2W
NodeBB vulnerable to Cross-Site Request Forgery
Ecosystems: npm
Packages: nodebb
Source: GitHub Advisory Database
Blast Radius: 2.1
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1ocGY0LXY3djItOTVwMs4AA1LY
PrestaShop file access through path traversal
Ecosystems: packagist
Packages: prestashop/prestashop
Source: GitHub Advisory Database
Blast Radius: 2.0
Published: 9 months ago
Moderate
GSA_kwCzR0hTQS02OTR2LTYzZnEtZm1yNM3dYw
Path Traversal in scout-browser
Ecosystems: pypi
Packages: scout-browser
Source: GitHub Advisory Database
Blast Radius: 2.0
Published: about 2 years ago
Statistics
Advisories: 18,372
Packages: 8,294
Repositories: 2,453
Ecosystems: 12
Filter by Severity
Moderate 7,930 High 6,358 Critical 2,810 Low 985
Filter by Ecosystem
maven 2,550 packagist 2,149 pypi 1,736 npm 1,061 go 876 nuget 537 rubygems 373 cargo 261 hex 14 swift 12 pub 3 actions 3
Filter by Package
moodle/moodle 247 tensorflow 207 tensorflow-cpu 191 tensorflow-gpu 190 org.jenkins-ci.main:jenkins-core 114 magento/community-edition 96 org.apache.tomcat:tomcat 92 pimcore/pimcore 86 typo3/cms 66 microweber/microweber 62 django 54 dolibarr/dolibarr 53 apache-airflow 52 typo3/cms-core 51 phpmyadmin/phpmyadmin 50 thorsten/phpmyfaq 45 actionpack 42 github.com/usememos/memos 42 apache-superset 39 drupal/core 36 plone 35 concrete5/concrete5 34 showdoc/showdoc 34 librenms/librenms 32 org.keycloak:keycloak-core 31 ansible 31 github.com/mattermost/mattermost-server/v6 30 drupal/drupal 28 Plone 28 symfony/symfony 27 github.com/mattermost/mattermost/server/v8 27 intelliants/subrion 27 craftcms/cms 26 com.liferay.portal:release.portal.bom 25 silverstripe/framework 25 snipe/snipe-it 24 org.elasticsearch:elasticsearch 24 github.com/grafana/grafana 23 baserproject/basercms 22 github.com/answerdev/answer 21 org.apache.struts:struts2-core 20 k8s.io/kubernetes 20 grumpydictator/firefly-iii 19 froxlor/froxlor 18 shopware/shopware 18 shopware/platform 18 remdex/livehelperchat 18 matrix-synapse 18 nilsteampassnet/teampass 18 rdiffweb 18 getkirby/cms 17 org.apache.tomcat.embed:tomcat-embed-core 16 moin 16 vyper 15 github.com/argoproj/argo-cd/v2 15 yetiforce/yetiforce-crm 14 salt 14 nokogiri 14 prestashop/prestashop 14 puppet 14 nova 13 org.keycloak:keycloak-services 13 shopware/core 13 org.xwiki.platform:xwiki-platform-oldcore 13 forkcms/forkcms 13 io.undertow:undertow-core 13 Pillow 13 com.jfinal:jfinal 13 mautic/core 13 github.com/goharbor/harbor 12 Django 12 org.apache.solr:solr-core 12 tribalsystems/zenario 12 github.com/hashicorp/vault 12 com.thoughtworks.xstream:xstream 12 github.com/hashicorp/consul 12 github.com/docker/docker 12 tinymce 12 org.apache.jspwiki:jspwiki-main 12 lavalite/cms 11 github.com/argoproj/argo-cd 11 pyftpdlib 11 github.com/cilium/cilium 11 github.com/hashicorp/nomad 11 getgrav/grav 11 DotNetNuke.Core 11 feehi/feehicms 11 genix/cms 11 neutron 11 org.keycloak:keycloak-parent 11 joplin 10 com.vaadin:vaadin-bom 10 github.com/mattermost/mattermost-server 10 francoisjacquet/rosariosis 10 typo3/cms-backend 10 helm.sh/helm/v3 10 notebook 10 org.apache.jspwiki:jspwiki-war 10 PaddlePaddle 10 ec-cube/ec-cube 10 activesupport 10 org.apache.nifi:nifi 10 fat_free_crm 10 org.springframework:spring-core 10 org.springframework.security:spring-security-core 10 contao/core-bundle 10 rack 10 @openzeppelin/contracts-upgradeable 10 wallabag/wallabag 10 org.eclipse.jetty:jetty-server 10 github.com/containerd/containerd 10 github.com/greenpau/caddy-security 10 @openzeppelin/contracts 10 github.com/ethereum/go-ethereum 10 publify_core 9 cakephp/cakephp 9 directus 9 TinyMCE 9 tinymce/tinymce 9 bolt/bolt 9 org.jenkins-ci.plugins:git 9 ghost 9 org.jenkins-ci.plugins:script-security 9 org.igniterealtime.openfire:parent 9 glance 9 jquery-rails 9 zendframework/zendframework1 9 gogs.io/gogs 9 swagger-ui 9 org.mortbay.jetty:jetty 9 org.opencrx:opencrx-core-models 9 code.gitea.io/gitea 9 rubygems-update 9 ckeditor4 9 angular 9 org.apache.archiva:archiva 8 Microsoft.ChakraCore 8 contao/contao 8 roundup 8 bootstrap 8 rails-html-sanitizer 8 github.com/openfga/openfga 8 opencv-python 8 impresscms/impresscms 8 actionview 8 simplesamlphp/simplesamlphp 8 opencv-contrib-python 8 editor.md 8 silverstripe/cms 8 rails 8 electron 8 centreon/centreon 8 org.opencms:opencms-core 8 github.com/kubeedge/kubeedge 8 org.webjars.npm:jquery 8 jquery 8 wasmtime 8 org.bouncycastle:bcprov-jdk14 8 org.jenkins-ci.plugins:electricflow 8 org.apache.activemq:activemq-client 8 vantage6 7 silverstripe/admin 7 pyload-ng 7 trytond 7 validator 7 org.apache.james:james-server 7 phpbb/phpbb 7 OctoPrint 7 wagtail 7 kevinpapst/kimai2 7 next 7 github.com/moby/moby 7 org.bouncycastle:bcprov-jdk15on 7 org.jenkins-ci.plugins:config-file-provider 7 org.jenkins-ci.plugins:subversion 7 modoboa 7 org.jenkins-ci.plugins:email-ext 7 org.bouncycastle:bcprov-jdk15 7 org.apache.santuario:xmlsec 7 admidio/admidio 7 aiohttp 7 io.jenkins.blueocean:blueocean 7 io.jenkins:configuration-as-code 7 phpmyfaq/phpmyfaq 7 org.apache.cxf:cxf-core 7 org.owasp.antisamy:antisamy 7 com.vaadin:flow-server 7 keystone 7 jquery-ui 7 jQuery 7 github.com/google/fscrypt 7 org.opennms:opennms 7 jquery-ui-rails 7 sylius/sylius 7 activerecord 7 jQuery.UI.Combined 7 pillow 7 org.webjars.npm:jquery-ui 7 url-parse 6 sanitize-html 6
Filter by Repository
https://github.com/tensorflow/tensorflow 207 https://github.com/moodle/moodle 164 https://github.com/jenkinsci/jenkins 90 https://github.com/pimcore/pimcore 83 https://github.com/microweber/microweber 58 https://github.com/apache/tomcat 53 https://github.com/apache/airflow 51 https://github.com/thorsten/phpmyfaq 45 https://github.com/django/django 43 https://github.com/usememos/memos 42 https://github.com/xwiki/xwiki-platform 38 https://github.com/rails/rails 33 https://github.com/TYPO3/typo3 32 https://github.com/kubernetes/kubernetes 32 https://github.com/star7th/showdoc 32 https://github.com/librenms/librenms 30 https://github.com/plone/Products.CMFPlone 29 https://github.com/keycloak/keycloak 27 https://github.com/ansible/ansible 26 https://github.com/symfony/symfony 22 https://github.com/phpmyadmin/phpmyadmin 22 https://github.com/Dolibarr/dolibarr 21 https://github.com/answerdev/answer 21 https://github.com/craftcms/cms 21 https://github.com/spring-projects/spring-framework 21 https://github.com/snipe/snipe-it 20 https://github.com/firefly-iii/firefly-iii 19 https://github.com/apache/activemq 19 https://github.com/concretecms/concretecms 19 https://github.com/argoproj/argo-cd 19 https://github.com/grafana/grafana 18 https://github.com/python-pillow/Pillow 18 https://github.com/livehelperchat/livehelperchat 18 https://github.com/ikus060/rdiffweb 18 https://github.com/apache/struts 17 https://github.com/matrix-org/synapse 17 https://github.com/shopware/platform 17 https://github.com/shopware/shopware 16 https://github.com/magento/magento2 16 https://github.com/CVEProject/cvelist 15 https://github.com/vyperlang/vyper 15 https://github.com/OpenNMS/opennms 14 https://github.com/TYPO3/TYPO3.CMS 14 https://github.com/froxlor/froxlor 14 https://github.com/PaddlePaddle/Paddle 14 https://github.com/yetiforcecompany/yetiforcecrm 14 https://github.com/x-stream/xstream 13 https://github.com/octobercms/october 13 https://github.com/mautic/mautic 13 https://github.com/go-gitea/gitea 13 https://github.com/getkirby/kirby 13 https://github.com/netty/netty 12 https://github.com/tinymce/tinymce 12 https://github.com/apache/cxf 12 https://github.com/goharbor/harbor 12 https://github.com/PrestaShop/PrestaShop 11 https://github.com/cilium/cilium 11 https://github.com/silverstripe/silverstripe-framework 11 https://github.com/contao/contao 11 https://github.com/intelliants/subrion 11 https://github.com/forkcms/forkcms 11 https://github.com/vaadin/platform 10 https://github.com/greenpau/caddy-security 10 https://github.com/ethereum/go-ethereum 10 https://github.com/laurent22/joplin 10 https://github.com/OpenZeppelin/openzeppelin-contracts 10 https://github.com/helm/helm 10 https://github.com/saltstack/salt 10 https://github.com/baserproject/basercms 10 https://github.com/mattermost/mattermost 10 https://github.com/liufee/cms 10 https://github.com/nilsteampassnet/TeamPass 10 https://github.com/containerd/containerd 10 https://github.com/jquery/jquery 10 https://github.com/moby/moby 10 https://github.com/strapi/strapi 9 https://github.com/geoserver/geoserver 9 https://github.com/sparklemotion/nokogiri 9 https://github.com/fatfreecrm/fat_free_crm 9 https://github.com/puppetlabs/puppet 9 https://github.com/github/advisory-database 9 https://github.com/apache/nifi 9 https://github.com/jenkinsci/git-plugin 9 https://github.com/electron/electron 9 https://github.com/publify/publify 9 https://github.com/eclipse/jetty.project 8 https://github.com/openfga/openfga 8 https://github.com/nilsteampassnet/teampass 8 https://github.com/wallabag/wallabag 8 https://github.com/kubeedge/kubeedge 8 https://github.com/jupyter/notebook 8 https://github.com/hashicorp/consul 8 https://github.com/ckeditor/ckeditor4 8 https://github.com/pandao/editor.md 8 https://github.com/bcgit/bc-java 8 https://github.com/rails/rails-html-sanitizer 8 https://github.com/rack/rack 8 https://github.com/bytecodealliance/wasmtime 8 https://github.com/swagger-api/swagger-ui 8 https://github.com/getgrav/grav 8 https://github.com/directus/directus 8 https://github.com/LavaLite/cms 8 https://github.com/rubygems/rubygems 8 https://github.com/TryGhost/Ghost 8 https://github.com/opencv/opencv 7 https://github.com/giampaolo/pyftpdlib 7 https://github.com/vaadin/flow 7 https://github.com/wagtail/wagtail 7 https://github.com/apache/zeppelin 7 https://github.com/kevinpapst/kimai2 7 https://github.com/jeecgboot/jeecg-boot 7 https://github.com/nahsra/antisamy 7 https://github.com/thorsten/phpMyFAQ 7 https://github.com/pyload/pyload 7 https://github.com/google/fscrypt 7 https://github.com/chakra-core/ChakraCore 7 https://github.com/gogs/gogs 7 https://github.com/twbs/bootstrap 7 https://github.com/aio-libs/aiohttp 7 https://github.com/jenkinsci/blueocean-plugin 7 https://github.com/dolibarr/dolibarr 7 https://github.com/hashicorp/vault 7 https://github.com/traefik/traefik 7 https://github.com/vantage6/vantage6 7 https://github.com/modoboa/modoboa 7 https://github.com/ipython/ipython 6 https://github.com/jenkinsci/fortify-on-demand-uploader-plugin 6 https://github.com/cloudflare/cfrpki 6 https://github.com/pimcore/admin-ui-classic-bundle 6 https://github.com/dompdf/dompdf 6 https://github.com/opencast/opencast 6 https://github.com/panva/jose 6 https://github.com/backstage/backstage 6 https://github.com/cui2shark/security 6 https://github.com/jenkinsci/script-security-plugin 6 https://github.com/parse-community/parse-server 6 https://github.com/simplesamlphp/simplesamlphp 6 https://github.com/pimcore/customer-data-framework 6 https://github.com/jenkinsci/config-file-provider-plugin 6 https://github.com/urllib3/urllib3 6 https://github.com/croogo/croogo 6 https://github.com/onionshare/onionshare 6 https://github.com/containers/podman 6 https://github.com/dotnet/runtime 6 https://github.com/opensearch-project/security 6 https://github.com/d4wner/Vulnerabilities-Report 6 https://github.com/oroinc/orocommerce 6 https://github.com/neorazorx/facturascripts 6 https://github.com/cosmos/cosmos-sdk 6 https://github.com/cubefs/cubefs 6 https://github.com/1Panel-dev/1Panel 6 https://github.com/jquery/jquery-ui 6 https://github.com/igniterealtime/Openfire 6 https://github.com/jenkinsci/configuration-as-code-plugin 6 https://github.com/umbraco/Umbraco-CMS 6 https://github.com/admidio/admidio 5 https://github.com/jenkinsci/electricflow-plugin 5 https://github.com/kivikakk/comrak 5 https://github.com/puma/puma 5 https://github.com/apache/tika 5 https://github.com/vapor/vapor 5 https://github.com/cloudfoundry/uaa 5 https://github.com/vercel/next.js 5 https://github.com/NodeBB/NodeBB 5 https://github.com/numpy/numpy 5 https://github.com/lief-project/LIEF 5 https://github.com/Sylius/Sylius 5 https://github.com/hashicorp/nomad 5 https://github.com/etcd-io/etcd 5 https://github.com/openstack/keystone 5 https://github.com/paritytech/frontier 5 https://github.com/lxml/lxml 5 https://github.com/hyperium/hyper 5 https://github.com/evershopcommerce/evershop 5 https://github.com/undertow-io/undertow 5 https://github.com/sulu/sulu 5 https://github.com/rancher/rancher 5 https://github.com/cri-o/cri-o 5 https://github.com/yiisoft/yii2 5 https://github.com/opencontainers/runc 5 https://github.com/pmmp/PocketMine-MP 5 https://github.com/jenkinsci/subversion-plugin 5 https://github.com/apache/dolphinscheduler 5 https://github.com/apache/superset 5 https://github.com/bolt/bolt 5 https://github.com/OctoPrint/OctoPrint 5 https://bitbucket.org/snakeyaml/snakeyaml 5 https://github.com/nodejs/undici 5 https://github.com/zitadel/zitadel 5 https://github.com/apache/kylin 5 https://github.com/quarkusio/quarkus 5 https://github.com/unshiftio/url-parse 5 https://github.com/nervosnetwork/ckb 5 https://github.com/xuxueli/xxl-job 5 https://github.com/centreon/centreon-archived 5 https://github.com/semplon/GeniXCMS 5 https://github.com/apache/lucene-solr 5 https://github.com/alextselegidis/easyappointments 5 https://github.com/Amanieu/parking_lot 5