Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

High Security Advisories

Loading...
High
GSA_kwCzR0hTQS00NGNjLTQzcnAtNTk0N84AA4lA
JupyterLab vulnerable to potential authentication and CSRF tokens leak
Ecosystems: pypi
Packages: notebook, jupyterlab
Source: GitHub Advisory Database
Blast Radius: 36.3
Published: 4 months ago
High
GSA_kwCzR0hTQS0ycTh2LTNncXEtNGY4cM4AA4kr
concat built-in can corrupt memory in vyper
Ecosystems: pypi
Packages: vyper
Source: GitHub Advisory Database
Blast Radius: 17.3
Published: 4 months ago
High
GSA_kwCzR0hTQS1xcjhyLW00OTUtN2hjNM4AA4kV
Validation of `VoteExtensionsEnableHeight` can cause chain halt in Go package github.com/cometbft/cometbft
Ecosystems: go
Packages: github.com/cometbft/cometbft
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 months ago
High
GSA_kwCzR0hTQS1yaDYzLTlxY2YtODNnZs4AA4kS
Marvin Attack of RSA and RSAOAEP decryption in jsrsasign
Ecosystems: npm
Packages: jsrsasign
Source: GitHub Advisory Database
Blast Radius: 29.3
Published: 4 months ago
High
GSA_kwCzR0hTQS00cWhwLTY1MnctYzIyeM4AA4jl
Unsecured endpoints in the jupyter-lsp server extension
Ecosystems: pypi
Packages: jupyter-lsp
Source: GitHub Advisory Database
Blast Radius: 24.3
Published: 4 months ago
High
GSA_kwCzR0hTQS1tMjR4LXI2cTMtMnZwOc4AA4jj
Uncaught Exception processing HTTP Headers in SurrealDB
Ecosystems: cargo
Packages: surrealdb
Source: GitHub Advisory Database
Blast Radius: 16.5
Published: 4 months ago
High
GSA_kwCzR0hTQS01eGZ4LTU1eDQtajIyM84AA4jV
Cross-Frame Scripting vulnerability has been found on Plone CMS
Ecosystems: pypi
Packages: Plone
Source: GitHub Advisory Database
Blast Radius: 6.0
Published: 4 months ago
High
GSA_kwCzR0hTQS1mNmpoLWh2ZzItOTUyNc4AA4iq
crystals-go vulnerable to KyberSlash (timing side-channel attack for Kyber)
Ecosystems: go
Packages: github.com/kudelskisecurity/crystals-go
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 months ago
High
GSA_kwCzR0hTQS1naGp2LW1oNngtN3E2aM4AA4eR
avo vulnerable to stored cross-site scripting (XSS) in key_value field
Ecosystems: rubygems
Packages: avo
Source: GitHub Advisory Database
Blast Radius: 10.7
Published: 4 months ago
High
GSA_kwCzR0hTQS1oNTd3LXZoMzQtZjhjd84AA4dr
Code injection in mingSoft MCMS
Ecosystems: maven
Packages: net.mingsoft:ms-mcms
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: 4 months ago
High
GSA_kwCzR0hTQS02aDRxLTYzYzUtcWZxZs4AA4bt
Path traversal in flaskcode
Ecosystems: pypi
Packages: flaskcode
Source: GitHub Advisory Database
Blast Radius: 5.2
Published: 4 months ago
High
GSA_kwCzR0hTQS12M3JnLXFtNDYteHJnOc4AA4bu
Path traversal in flaskcode
Ecosystems: pypi
Packages: flaskcode
Source: GitHub Advisory Database
Blast Radius: 5.2
Published: 4 months ago
High
GSA_kwCzR0hTQS0zMnIzLTU3aHAtY2dmd84AA4bm
EverShop at risk to unauthorized access via weak HMAC secret
Ecosystems: npm
Packages: @evershop/evershop
Source: GitHub Advisory Database
Blast Radius: 7.7
Published: 4 months ago
High
GSA_kwCzR0hTQS1nZ3BtLTlxZngtbWh3Z84AA4bk
EverShop vulnerable to improper authorization in GraphQL endpoints
Ecosystems: npm
Packages: @evershop/evershop
Source: GitHub Advisory Database
Blast Radius: 7.5
Published: 4 months ago
High
GSA_kwCzR0hTQS04cjI1LTY4d20tanczNc4AA4Y5
Authenticated (user role) arbitrary command execution by modifying `start_cmd` setting (GHSL-2023-268)
Ecosystems: go
Packages: github.com/0xJacky/Nginx-UI
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 4 months ago
High
GSA_kwCzR0hTQS1weG1yLXEyeDMtOXg5bc4AA4Y4
Authenticated (user role) remote command execution by modifying `nginx` settings (GHSL-2023-269)
Ecosystems: go
Packages: github.com/0xJacky/Nginx-UI
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 4 months ago
High
GSA_kwCzR0hTQS1oMzc0LW1tNTctODc5Y84AA4Y3
Authenticated (user role) SQL injection in `OrderAndPaginate` (GHSL-2023-270)
Ecosystems: go
Packages: github.com/0xJacky/Nginx-UI
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 4 months ago
High
GSA_kwCzR0hTQS12OTc3LWg0aG0tcnJmZs4AA4Vu
WWBN AVideo Improper Restriction of Excessive Authentication Attempts vulnerability
Ecosystems: packagist
Packages: wwbn/avideo
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 4 months ago
High
GSA_kwCzR0hTQS0ybXFqLW02NXctamdoeM4AA4Vh
Untrusted search path under some conditions on Windows allows arbitrary code execution
Ecosystems: pypi
Packages: GitPython
Source: GitHub Advisory Database
Blast Radius: 34.7
Published: 4 months ago
High
GSA_kwCzR0hTQS05OGc2LXhoMzYteDJwN84AA4Sw
Microsoft.Data.SqlClient and System.Data.SqlClient vulnerable to SQL Data Provider Security Feature Bypass
Ecosystems: nuget
Packages: Microsoft.Data.SqlClient, System.Data.SqlClient
Source: GitHub Advisory Database
Blast Radius: 15.0
Published: 4 months ago
High
GSA_kwCzR0hTQS1ydjlqLWM4NjYtZ3A1aM4AA4Sp
Microsoft.IdentityModel.Protocols.SignedHttpRequest remote code execution vulnerability
Ecosystems: nuget
Packages: Microsoft.IdentityModel.Protocols.SignedHttpRequest
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 4 months ago
High
GSA_kwCzR0hTQS02NjczLTQ5ODMtMnZ4Nc4AA4Sn
fonttools XML External Entity Injection (XXE) Vulnerability
Ecosystems: pypi
Packages: fonttools
Source: GitHub Advisory Database
Blast Radius: 34.0
Published: 4 months ago
High
GSA_kwCzR0hTQS1janFmLTg3N3AtN20zZs4AA4Qp
snapd Race Condition vulnerability
Ecosystems: go
Packages: github.com/snapcore/snapd
Source: GitHub Advisory Database
Blast Radius: 13.2
Published: 4 months ago
High
GSA_kwCzR0hTQS05NzYzLTRmOTQtZ2ZjaM4AA4Ql
CIRCL's Kyber: timing side-channel (kyberslash2)
Ecosystems: go
Packages: github.com/cloudflare/circl
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 months ago
High
GSA_kwCzR0hTQS04OTU5LXJmeGgtcjRqNM4AA4Qk
XWiki vulnerable to Denial of Service attack through attachments
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-distribution-war
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 4 months ago
High
GSA_kwCzR0hTQS14aDM1LXc3d2ctOTV2M84AA4Qi
XWiki has no right protection on rollback action
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform, org.xwiki.platform:xwiki-platform-oldcore
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 4 months ago
High
GSA_kwCzR0hTQS1tcXBxLTJwNjgtNDZmds4AA4Qg
pyload Unauthenticated Flask Configuration Leakage vulnerability
Ecosystems: pypi
Packages: pyload-ng
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 months ago
High
GSA_kwCzR0hTQS1ocjJjLXA4cmgtMjM4aM4AA4OB
Apache Axis Improper Input Validation vulnerability
Ecosystems: maven
Packages: axis:axis, org.apache.axis:axis
Source: GitHub Advisory Database
Blast Radius: 24.4
Published: 4 months ago
High
GSA_kwCzR0hTQS03aGZ4LWgzajMtcndxNM4AA4N6
D-Tale server-side request forgery through Web uploads
Ecosystems: pypi
Packages: dtale
Source: GitHub Advisory Database
Blast Radius: 14.5
Published: 4 months ago
High
GSA_kwCzR0hTQS02MjVnLWZtNXctdzd3NM4AA4Mn
Froxlor username/surname AND company field Bypass
Ecosystems: packagist
Packages: froxlor/froxlor
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 4 months ago
High
GSA_kwCzR0hTQS04NnJnLXBmNGMtNWdyZ84AA4MQ
@backstage/backend-app-api leaks GitLab access tokens
Ecosystems: npm
Packages: @backstage/backend-app-api
Source: GitHub Advisory Database
Blast Radius: 18.1
Published: 4 months ago
High
GSA_kwCzR0hTQS0yNjRwLTk5d3EtZjRqNs4AA4L1
Ion Java StackOverflow vulnerability
Ecosystems: maven
Packages: software.amazon.ion:ion-java, com.amazon.ion:ion-java
Source: GitHub Advisory Database
Blast Radius: 14.9
Published: 5 months ago
High
GSA_kwCzR0hTQS01ZzY2LTYyOGYtN2N2as4AA4Lx
Omniauth::MicrosoftGraph Account takeover (nOAuth)
Ecosystems: rubygems
Packages: omniauth-microsoft_graph
Source: GitHub Advisory Database
Blast Radius: 9.0
Published: 5 months ago
High
GSA_kwCzR0hTQS14Z3BtLXEzbXEtNDZycc4AA4Lv
PrestaShop some attribute not escaped in Validate::isCleanHTML method
Ecosystems: packagist
Packages: prestashop/prestashop
Source: GitHub Advisory Database
Blast Radius: 2.4
Published: 5 months ago
High
GSA_kwCzR0hTQS1wNHY4LWpnY3YtOWc3Nc4AA4Lu
safe_pqc_kyber leaks parts of secret keys
Ecosystems: cargo
Packages: safe_pqc_kyber
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 5 months ago
High
GSA_kwCzR0hTQS1mcWg2LTZoNmMtMzY2bc4AA4LR
CouchAuth host header injection vulnerability leaks the password reset token
Ecosystems: npm
Packages: @perfood/couch-auth
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 5 months ago
High
GSA_kwCzR0hTQS1jcndqLTJyM2MtZ3gyZ84AA4LK
Apache InLong Manager Arbitrary File Read Vulnerability
Ecosystems: maven
Packages: org.apache.inlong:manager-pojo
Source: GitHub Advisory Database
Blast Radius: 11.1
Published: 5 months ago
High
GSA_kwCzR0hTQS00cnJ2LThnY3AtMjR2OM4AA4K4
PaddlePaddle stack overflow in paddle.searchsorted
Ecosystems: pypi
Packages: PaddlePaddle
Source: GitHub Advisory Database
Blast Radius: 27.4
Published: 5 months ago
High
GSA_kwCzR0hTQS04ZnA3LWp3djItNDl4Oc4AA4LA
PaddlePaddle heap buffer overflow in paddle.repeat_interleave
Ecosystems: pypi
Packages: PaddlePaddle
Source: GitHub Advisory Database
Blast Radius: 27.4
Published: 5 months ago
High
GSA_kwCzR0hTQS1nNTd2LTI2ODctangzM84AA4K8
PaddlePaddle stack overflow in paddle.linalg.lu_unpack
Ecosystems: pypi
Packages: PaddlePaddle
Source: GitHub Advisory Database
Blast Radius: 27.4
Published: 5 months ago
High
GSA_kwCzR0hTQS1naG0yLXJxOHEtd3JoY84AA4Jn
Potential Actions command injection in output filenames (GHSL-2023-275)
Ecosystems: actions
Packages: tj-actions/verify-changed-files
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 5 months ago
High
GSA_kwCzR0hTQS1tY3BoLW0yNWotOGo2M84AA4Jm
tj-actions/changed-files has Potential Actions command injection in output filenames (GHSL-2023-271)
Ecosystems: actions
Packages: tj-actions/changed-files
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 5 months ago
High
GSA_kwCzR0hTQS12N2hnLTc3djktMjQ0Nc4AA4HT
Apache DolphinScheduler: Arbitrary js execute as root for authenticated users
Ecosystems: maven
Packages: org.apache.dolphinscheduler:dolphinscheduler-master
Source: GitHub Advisory Database
Blast Radius: 15.8
Published: 5 months ago
High
GSA_kwCzR0hTQS0zdnZoLThjNjUtMzJqNM4AA4HN
Mingsoft MCMS SQL injection
Ecosystems: maven
Packages: net.mingsoft:ms-mcms
Source: GitHub Advisory Database
Blast Radius: 2.6
Published: 5 months ago
High
GSA_kwCzR0hTQS1md3ZnLTI3MzktMjJ2N84AA4Gz
Miniflare vulnerable to Server-Side Request Forgery (SSRF)
Ecosystems: npm
Packages: miniflare
Source: GitHub Advisory Database
Blast Radius: 25.8
Published: 5 months ago
High
GSA_kwCzR0hTQS1mZ3djLTNqNnctY2gyMs4AA4Gu
easy-rules-mvel vulnerable to remote code execution
Ecosystems: maven
Packages: org.jeasy:easy-rules-mvel
Source: GitHub Advisory Database
Blast Radius: 16.9
Published: 5 months ago
High
GSA_kwCzR0hTQS03aHBqLTdoaHgtMmZneM4AA4D7
msgpackr's conversion of property names to strings can trigger infinite recursion
Ecosystems: npm
Packages: msgpackr
Source: GitHub Advisory Database
Blast Radius: 40.0
Published: 5 months ago
High
GSA_kwCzR0hTQS03bTdoLXJndnAtM3Y0cs4AA4C6
hutool-core discovered to contain an infinite loop in the StrSplitter.splitByRegex function
Ecosystems: maven
Packages: cn.hutool:hutool-core
Source: GitHub Advisory Database
Blast Radius: 23.6
Published: 5 months ago
High
GSA_kwCzR0hTQS1tNWhmLW0zcjIteHE1M84AA4C9
hutool-core was discovered to contain a stack overflow via NumberUtil.toBigDecimal method
Ecosystems: maven
Packages: cn.hutool:hutool-core
Source: GitHub Advisory Database
Blast Radius: 23.6
Published: 5 months ago
High
GSA_kwCzR0hTQS1tdzk5LTljaGMteHc3cs4AA4Cr
Maliciously crafted Git server replies can cause DoS on go-git clients
Ecosystems: go
Packages: gopkg.in/src-d/go-git.v4, github.com/go-git/go-git/v5
Source: GitHub Advisory Database
Blast Radius: 31.0
Published: 5 months ago
High
GSA_kwCzR0hTQS1qY3JyLXJyNnctOGM4M84AA3_v
free5GC AMF denial of service vulnerability
Ecosystems: go
Packages: github.com/free5gc/amf
Source: GitHub Advisory Database
Blast Radius: 7.2
Published: 5 months ago
High
GSA_kwCzR0hTQS03YzQ0LTdqN3YtdzU1NM4AA3_x
Buildkite Elastic CI for AWS symbolic link following vulnerability
Ecosystems: go
Packages: github.com/buildkite/elastic-ci-stack-for-aws/v6
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 5 months ago
High
GSA_kwCzR0hTQS1yNWhnLTM0OXEtbWcycc4AA3_u
Buildkite Elastic CI for AWS time-of-check-time-of-use race condition vulnerability
Ecosystems: go
Packages: github.com/buildkite/elastic-ci-stack-for-aws/v6
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 5 months ago
High
GSA_kwCzR0hTQS02Z2dyLWN3djQtZzdxZ84AA3_E
Remotely exploitable denial of service in Rosenpass
Ecosystems: cargo
Packages: rosenpass
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 5 months ago
High
GSA_kwCzR0hTQS1tcHdxLWozeGYtN201d84AA39_
The redirect_uri validation logic allows for bypassing explicitly allowed hosts that would otherwise be restricted
Ecosystems: maven
Packages: org.keycloak:keycloak-services
Source: GitHub Advisory Database
Blast Radius: 19.5
Published: 5 months ago
High
GSA_kwCzR0hTQS02cW0yLXdweHEtN3FoMs4AA39-
Gradio makes the `/file` secure against file traversal and server-side request forgery attacks
Ecosystems: pypi
Packages: gradio
Source: GitHub Advisory Database
Blast Radius: 35.0
Published: 5 months ago
High
GSA_kwCzR0hTQS1mMjNoLTUyaGotOTlwNs4AA39b
Apache IoTDB: Unsafe deserialize map in Sync Tool
Ecosystems: maven
Packages: org.apache.iotdb:iotdb-parent
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 5 months ago
High
GSA_kwCzR0hTQS12NjhnLXdtOGMtNng3as4AA38Z
transformers has a Deserialization of Untrusted Data vulnerability
Ecosystems: pypi
Packages: transformers
Source: GitHub Advisory Database
Blast Radius: 35.1
Published: 5 months ago
High
GSA_kwCzR0hTQS04N2ZnLTl4NXctajNybc4AA371
MainWP Dashboard SQL Command Injection vulnerability
Ecosystems: packagist
Packages: mainwp/mainwp
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 5 months ago
High
GSA_kwCzR0hTQS04M3E1LXdocXAtcjhqcs4AA37j
Apache Pulsar WebSocket Proxy contains an Improper Authentication vulnerability
Ecosystems: maven
Packages: org.apache.pulsar:pulsar-websocket
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 5 months ago
High
GSA_kwCzR0hTQS13djhxLTRmODUtMnA4cM4AA37f
MLflow Path Traversal Vulnerability
Ecosystems: pypi
Packages: mlflow
Source: GitHub Advisory Database
Blast Radius: 32.6
Published: 5 months ago
High
GSA_kwCzR0hTQS01cjNxLTkzcTMtZjk3OM4AA37c
MLflow Path Traversal Vulnerability
Ecosystems: pypi
Packages: mlflow
Source: GitHub Advisory Database
Blast Radius: 27.8
Published: 5 months ago
High
GSA_kwCzR0hTQS1xZzhwLTMyZ3ItZ2g2eM4AA37h
MLflow Local File Disclosure Vulnerability
Ecosystems: pypi
Packages: mlflow
Source: GitHub Advisory Database
Blast Radius: 27.8
Published: 5 months ago
High
GSA_kwCzR0hTQS13cTU5LTRxNnItNjM1cs4AA360
Authentication bypass vulnerability in navidrome's subsonic endpoint
Ecosystems: go
Packages: github.com/navidrome/navidrome
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 5 months ago
High
GSA_kwCzR0hTQS05d2dnLW05OXEtaGhmY84AA36z
Expired tokens can be renewed without validating the account password
Ecosystems: pypi
Packages: emailproxy
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 5 months ago
High
GSA_kwCzR0hTQS1wNWY4LXFmMjQtMjRjas4AA36y
Velocity execution without script right through tree macro
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-index-tree-macro
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 5 months ago
High
GSA_kwCzR0hTQS1nNDlqLWo0ODktM3hwZs4AA35g
Apache Superset incorrect write permissions vulnerability
Ecosystems: pypi
Packages: apache-superset
Source: GitHub Advisory Database
Blast Radius: 10.3
Published: 5 months ago
High
GSA_kwCzR0hTQS1odmM2LTQydmYtamhmOM4AA35I
mlflow Command Injection vulnerability
Ecosystems: pypi
Packages: mlflow
Source: GitHub Advisory Database
Blast Radius: 32.6
Published: 5 months ago
High
GSA_kwCzR0hTQS1nNTZ4LTdqNnctZzhyOM4AA34j
Grackle has StackOverflowError in GraphQL query processing
Ecosystems: maven
Packages: edu.gemini:gsp-graphql-core_native0.4_3, edu.gemini:gsp-graphql-core_native0.4_2.13, edu.gemini:gsp-graphql-core_sjs1_3, edu.gemini:gsp-graphql-core_sjs1_2.13, edu.gemini:gsp-graphql-core_3, edu.gemini:gsp-graphql-core_2.13, org.typelevel:grackle-core_native0.4_3, org.typelevel:grackle-core_native0.4_2.13, org.typelevel:grackle-core_sjs1_3, org.typelevel:grackle-core_sjs1_2.13, org.typelevel:grackle-core_3, org.typelevel:grackle-core_2.13
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 5 months ago
High
GSA_kwCzR0hTQS14M3YzLTh4ZzgtOHY3Ms4AA34P
Sentry's Astro SDK vulnerable to ReDoS
Ecosystems: npm
Packages: @sentry/astro
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 5 months ago
High
GSA_kwCzR0hTQS1wd2ZyLThwcTcteDlxds4AA32_
Unauthenticated Denial of Service in the octokit/webhooks library
Ecosystems: npm
Packages: probot, octokit, @octokit/app, @octokit/webhooks
Source: GitHub Advisory Database
Blast Radius: 32.3
Published: 5 months ago
High
GSA_kwCzR0hTQS1wNmNwLTZyMzUtMzJtaM4AA324
Solr search discloses password hashes of all users
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-search-solr-api
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 5 months ago
High
GSA_kwCzR0hTQS0zNTZqLWhnNDUteDUyNc4AA323
Potential CSV export data leak
Ecosystems: rubygems
Packages: activeadmin
Source: GitHub Advisory Database
Blast Radius: 35.8
Published: 5 months ago
High
GSA_kwCzR0hTQS1mNmptLTlwcjgtOWMzd84AA3zA
Multiple WSO2 products vulnerable to perform user impersonatoin using JIT provisioning
Ecosystems: maven
Packages: org.wso2.identity.apps:authentication-portal, org.wso2.carbon.identity.framework:org.wso2.carbon.identity.application.authentication.framework
Source: GitHub Advisory Database
Blast Radius: 13.5
Published: 5 months ago
High
GSA_kwCzR0hTQS02eDQ5LXczNWgtd3Fyas4AA3yv
Bypass serialize checks in Apache Dubbo
Ecosystems: maven
Packages: org.apache.dubbo:dubbo
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 5 months ago
High
GSA_kwCzR0hTQS14NWZyLTdoaGotMzRqM84AA3yk
Full Table Permissions by Default
Ecosystems: cargo
Packages: surrealdb
Source: GitHub Advisory Database
Blast Radius: 19.3
Published: 5 months ago
High
GSA_kwCzR0hTQS01NGYzLWM2aGctODY1aM4AA3xn
Allocation of Resources Without Limits in Keycloak
Ecosystems: maven
Packages: org.keycloak:keycloak-model-jpa
Source: GitHub Advisory Database
Blast Radius: 16.8
Published: 5 months ago
High
GSA_kwCzR0hTQS1wNnh4LWZoZnctN21qN84AA3v7
Configuration Injection in extension "Direct Mail" (direct_mail)
Ecosystems: packagist
Packages: directmailteam/direct-mail
Source: GitHub Advisory Database
Blast Radius: 4.2
Published: 5 months ago
High
GSA_kwCzR0hTQS03Y2NnLWptN2otNGY4ds4AA3vT
Cross-site request forgery vulnerability in Jenkins HTMLResource Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:htmlresource
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 5 months ago
High
GSA_kwCzR0hTQS14Y3JyLXg5M2gtcnY0ds4AA3vR
Arbitrary file deletion vulnerability in Jenkins Scriptler Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:scriptler
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 5 months ago
High
GSA_kwCzR0hTQS00Z2ZjLTcyZ3ctdjM4Nc4AA3vX
Jenkins Nexus Platform Plugin Cross-Site Request Forgery vulnerability
Ecosystems: maven
Packages: org.sonatype.nexus.ci:nexus-jenkins-plugin
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 5 months ago
High
GSA_kwCzR0hTQS05dnJtLTc0N3ItNjY4ds4AA3vP
Jenkins Nexus Platform Plugin missing permission check
Ecosystems: maven
Packages: org.sonatype.nexus.ci:nexus-jenkins-plugin
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 5 months ago
High
GSA_kwCzR0hTQS1jd2g2LWhtNTMtNncybc4AA3u1
Missing access control in Silverpeas
Ecosystems: maven
Packages: org.silverpeas.core:silverpeas-core-web, org.silverpeas.core:silverpeas-core-api
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 5 months ago
High
GSA_kwCzR0hTQS1ncWd2LTd3cGotdm02cc4AA3u2
Cross Site Request Forgery in Silverpeas
Ecosystems: maven
Packages: org.silverpeas.core:silverpeas-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 5 months ago
High
GSA_kwCzR0hTQS1nMjdjLXcydjctODh4cM4AA3ux
Cross Site Request Forgery in Silverpeas
Ecosystems: maven
Packages: org.silverpeas.core:silverpeas-core-web
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 5 months ago
High
GSA_kwCzR0hTQS02eDRoLTk2MjItZnFyNs4AA3un
Improper validation in meraki
Ecosystems: pypi
Packages: meraki
Source: GitHub Advisory Database
Blast Radius: 13.8
Published: 5 months ago
High
GSA_kwCzR0hTQS00bXE0LTdydzMtdm01as4AA3ui
Wasmer filesystem sandbox not enforced
Ecosystems: cargo
Packages: wasmer-cli
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 5 months ago
High
GSA_kwCzR0hTQS02bTk3LTc1MjctbWg3NM4AA3uZ
incorrect storage layout for contracts containing large arrays
Ecosystems: pypi
Packages: vyper
Source: GitHub Advisory Database
Blast Radius: 17.8
Published: 5 months ago
High
GSA_kwCzR0hTQS12OTQ1LXIzcmMtNmZqbc4AA3ti
Path traversal in MLflow
Ecosystems: pypi
Packages: mlflow
Source: GitHub Advisory Database
Blast Radius: 32.6
Published: 5 months ago
High
GSA_kwCzR0hTQS1jeGZyLTVxM3ItMnJjMs4AA3r7
Jinja2 template injection in mlflow
Ecosystems: pypi
Packages: mlflow
Source: GitHub Advisory Database
Blast Radius: 32.6
Published: 5 months ago
High
GSA_kwCzR0hTQS00cmdjLTVnNnItMnJqZs4AA3q-
lakeFS logs S3 credentials in plain text
Ecosystems: go
Packages: github.com/treeverse/lakefs
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 5 months ago
High
GSA_kwCzR0hTQS0zd2ZwLTI1M2otNWp4ds4AA3q8
SSRF & Credentials Leak
Ecosystems: npm
Packages: nuxt-api-party
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: 5 months ago
High
GSA_kwCzR0hTQS1xeHJqLWh4MjMteHA4Ms4AA3qz
Overly permissive origin policy
Ecosystems: npm
Packages: @koa/cors
Source: GitHub Advisory Database
Blast Radius: 37.7
Published: 5 months ago
High
GSA_kwCzR0hTQS1xNmh4LTNtNHAtNzQ5aM4AA3qn
DOS by abusing `fetchOptions.retry`.
Ecosystems: npm
Packages: nuxt-api-party
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: 5 months ago
High
GSA_kwCzR0hTQS03eDJnLTRqdmMtNHg2cM4AA3qE
Directory Traversal in JFinalCMS
Ecosystems: maven
Packages: com.jfinal:jfinal
Source: GitHub Advisory Database
Blast Radius: 22.0
Published: 5 months ago
High
GSA_kwCzR0hTQS1tdmM4LTZmZnAtanJ4Nc4AA3pp
Authorization bypass in Quarkus
Ecosystems: maven
Packages: io.quarkus:quarkus-smallrye-graphql-client
Source: GitHub Advisory Database
Blast Radius: 14.9
Published: 5 months ago
High
GSA_kwCzR0hTQS05dzJwLXJoOGMtdjlnNc4AA3pj
Local Privilege Escalation in Windows
Ecosystems: pypi
Packages: pyinstaller
Source: GitHub Advisory Database
Blast Radius: 34.2
Published: 5 months ago
High
GSA_kwCzR0hTQS02cDYyLTZjZzktZjVmNc4AA3ph
Memory exhaustion in HashiCorp Vault
Ecosystems: go
Packages: github.com/hashicorp/vault
Source: GitHub Advisory Database
Blast Radius: 25.2
Published: 5 months ago
High
GSA_kwCzR0hTQS1yd2YzLXc0anEtZjRjbc4AA3pe
Directory Traversal in evershop
Ecosystems: npm
Packages: @evershop/evershop
Source: GitHub Advisory Database
Blast Radius: 8.3
Published: 5 months ago
High
GSA_kwCzR0hTQS03Nzg3LXA3eDYtZnEzas4AA3oi
Candid infinite decoding loop through specially crafted payload
Ecosystems: cargo
Packages: candid
Source: GitHub Advisory Database
Blast Radius: 16.7
Published: 5 months ago
Statistics
Advisories: 18,774
Packages: 8,381
Repositories: 2,465
Ecosystems: 12
Filter by Severity
Moderate 8,161 High 6,452 Critical 2,849 Low 1,017
Filter by Ecosystem
maven 1,876 npm 1,408 pypi 1,200 packagist 1,073 nuget 786 go 696 cargo 324 rubygems 284 swift 16 hex 9 actions 8 pub 4
Filter by Package
Microsoft.ChakraCore 234 tensorflow 107 tensorflow-cpu 95 tensorflow-gpu 93 magento/community-edition 59 org.jenkins-ci.main:jenkins-core 48 moodle/moodle 44 com.fasterxml.jackson.core:jackson-databind 43 org.apache.tomcat:tomcat 33 dolibarr/dolibarr 31 drupal/core 30 microweber/microweber 27 pimcore/pimcore 27 drupal/drupal 26 nokogiri 25 org.apache.struts:struts2-core 23 phpmyadmin/phpmyadmin 23 com.thoughtworks.xstream:xstream 22 opencv-contrib-python 22 opencv-python 22 typo3/cms 22 Pillow 21 com.jfinal:jfinal 21 ansible 20 salt 20 django 19 github.com/rancher/rancher 19 thorsten/phpmyfaq 19 typo3/cms-core 18 org.jenkins-ci.plugins:script-security 18 librenms/librenms 18 mlflow 18 Plone 17 openssl-src 17 pocketmine/pocketmine-mp 17 getgrav/grav 16 symfony/symfony 16 org.apache.tomcat.embed:tomcat-embed-core 16 apache-airflow 16 parse-server 15 rdiffweb 15 nilsteampassnet/teampass 15 Microsoft.AspNetCore.App.Runtime.win-x86 14 Microsoft.AspNetCore.App.Runtime.win-x64 14 github.com/hashicorp/consul 14 net.mingsoft:ms-mcms 14 vyper 14 centreon/centreon 14 Microsoft.AspNetCore.App.Runtime.win-arm 13 github.com/usememos/memos 13 rubygems-update 13 golang.org/x/net 13 Microsoft.AspNetCore.App.Runtime.osx-x64 12 Microsoft.AspNetCore.App.Runtime.linux-x64 12 Microsoft.AspNetCore.App.Runtime.linux-musl-x64 12 Microsoft.AspNetCore.App.Runtime.linux-arm 12 org.keycloak:keycloak-core 12 baserproject/basercms 12 Microsoft.AspNetCore.App.Runtime.linux-musl-arm64 12 org.apache.openmeetings:openmeetings-parent 12 electron 12 Microsoft.AspNetCore.App.Runtime.linux-arm64 12 activerecord 12 Microsoft.AspNetCore.App.Runtime.win-arm64 12 intelliants/subrion 11 github.com/argoproj/argo-cd 11 mautic/core 11 github.com/hashicorp/vault 11 github.com/nats-io/nats-server/v2 11 actionpack 11 org.keycloak:keycloak-parent 11 io.undertow:undertow-core 11 keystone 10 shopware/platform 10 org.springframework.security:spring-security-core 10 cobbler 10 Django 10 org.apache.nifi:nifi 10 org.xwiki.platform:xwiki-platform-oldcore 10 cockpit-hq/cockpit 10 froxlor/froxlor 10 openmage/magento-lts 10 github.com/hashicorp/nomad 10 matrix-synapse 10 org.bouncycastle:bcprov-jdk14 9 craftcms/cms 9 ckb 9 github.com/ethereum/go-ethereum 9 Microsoft.NetCore.App.Runtime.win-arm 9 org.apache.hadoop:hadoop-main 9 mercurial 9 Microsoft.NetCore.App.Runtime.win-arm64 9 org.apache.struts.xwork:xwork-core 9 org.cloudfoundry.identity:cloudfoundry-identity-server 9 Microsoft.NetCore.App.Runtime.win-x64 9 rusqlite 9 Microsoft.NetCore.App.Runtime.win-x86 9 org.apache.geode:geode-core 9 org.apache.solr:solr-core 9 laravel/framework 9 Microsoft.NETCore.App.Runtime.win-arm64 8 Microsoft.NETCore.App.Runtime.win-x64 8 gradio 8 Microsoft.NETCore.App.Runtime.win-x86 8 shopware/core 8 Microsoft.AspNetCore.App.Runtime.linux-musl-arm 8 org.bouncycastle:bcprov-jdk15 8 org.keycloak:keycloak-services 8 github.com/sylabs/singularity 8 october/system 8 cn.hutool:hutool-core 7 DotNetNuke.Core 7 tar 7 com.liferay.portal:release.portal.bom 7 snipe/snipe-it 7 apache-superset 7 com.xuxueli:xxl-job 7 strapi 7 org.elasticsearch:elasticsearch 7 deno 7 cakephp/cakephp 7 org.eclipse.jetty:jetty-server 7 symfony/security 7 phpmailer/phpmailer 7 pillow 7 org.apache.commons:commons-compress 7 magento/core 7 next 7 gogs.io/gogs 7 codeigniter4/framework 7 org.craftercms:crafter-studio 7 org.jenkins-ci.plugins.workflow:workflow-cps-global-lib 7 smarty/smarty 7 org.springframework:spring-core 7 org.jenkins-ci.plugins.workflow:workflow-cps 7 org.apache.inlong:manager-pojo 7 github.com/docker/docker 7 cryptography 6 Microsoft.NETCore.App 6 waitress 6 contao/core-bundle 6 contao/contao 6 Microsoft.AspNetCore.All 6 rack 6 sequelize 6 guzzlehttp/guzzle 6 ezsystems/ezpublish-kernel 6 github.com/hyperledger/fabric 6 @strapi/strapi 6 @openzeppelin/contracts 6 org.apache.camel:camel-core 6 opencv-python-headless 6 Microsoft.AspNetCore.App.Runtime.osx-arm64 6 opencv-contrib-python-headless 6 github.com/gravitl/netmaker 6 github.com/grafana/grafana 6 org.apache.tomcat:tomcat-coyote 6 nautobot 6 sized-chunks 6 kiwitcms 6 golang.org/x/crypto 6 org.apache.tika:tika-core 6 symfony/security-http 6 wwbn/avideo 6 prestashop/prestashop 6 npm 6 composer/composer 6 k8s.io/kubernetes 6 de.tum.in.ase:artemis-java-test-sandbox 6 express-cart 6 github.com/traefik/traefik/v2 6 github.com/zitadel/zitadel 6 istio.io/istio 6 org.apache.cxf:cxf 6 handlebars 6 org.xwiki.platform:xwiki-platform-web 5 pear/archive_tar 5 directus 5 org.apache.xmlgraphics:batik 5 phpbb/phpbb 5 zope 5 Microsoft.WindowsDesktop.App.Runtime.win-x86 5 Microsoft.WindowsDesktop.App.Runtime.win-x64 5 OPCFoundation.NetStandard.Opc.Ua.Core 5 getkirby/cms 5 org.apache.mesos:mesos 5 com.vaadin:vaadin-bom 5 ezsystems/ezpublish-legacy 5 @openzeppelin/contracts-upgradeable 5 plone 5 genix/cms 5 github.com/nats-io/jwt 5 CefSharp.Common 5 org.apache.tomcat:tomcat-catalina 5 github.com/cilium/cilium 5 forkcms/forkcms 5 serve 5 github.com/go-gitea/gitea 5 github.com/answerdev/answer 5 aubio 5
Filter by Repository
https://github.com/chakra-core/ChakraCore 204 https://github.com/tensorflow/tensorflow 107 https://github.com/xwiki/xwiki-platform 48 https://github.com/FasterXML/jackson-databind 44 https://github.com/jenkinsci/jenkins 36 https://github.com/apache/tomcat 34 https://github.com/django/django 26 https://github.com/python-pillow/Pillow 26 https://github.com/apache/airflow 25 https://github.com/pimcore/pimcore 25 https://github.com/microweber/microweber 25 https://github.com/moodle/moodle 24 https://github.com/keycloak/keycloak 22 https://github.com/apache/struts 22 https://github.com/x-stream/xstream 22 https://github.com/opencv/opencv 21 https://github.com/sparklemotion/nokogiri 20 https://github.com/Dolibarr/dolibarr 19 https://github.com/thorsten/phpmyfaq 18 https://github.com/pmmp/PocketMine-MP 17 https://github.com/dotnet/runtime 17 https://github.com/rancher/rancher 16 https://github.com/spring-projects/spring-framework 16 https://github.com/symfony/symfony 16 https://github.com/ansible/ansible 15 https://github.com/ikus060/rdiffweb 15 https://github.com/parse-community/parse-server 15 https://github.com/github/advisory-database 14 https://github.com/apache/inlong 14 https://github.com/librenms/librenms 14 https://github.com/vyperlang/vyper 14 https://github.com/getgrav/grav 14 https://github.com/mlflow/mlflow 13 https://github.com/usememos/memos 13 https://github.com/jenkinsci/script-security-plugin 13 https://github.com/rails/rails 12 https://github.com/hashicorp/consul 11 https://github.com/mautic/mautic 11 https://github.com/electron/electron 11 https://github.com/apache/nifi 11 https://github.com/centreon/centreon 10 https://github.com/OpenMage/magento-lts 10 https://github.com/go-gitea/gitea 10 https://github.com/argoproj/argo-cd 10 https://github.com/octobercms/october 10 https://github.com/strapi/strapi 9 https://github.com/golang/go 9 https://github.com/cui2shark/cms 9 https://github.com/openstack/keystone 9 https://github.com/rusqlite/rusqlite 9 https://github.com/apache/camel 9 https://github.com/cloudfoundry/uaa 9 https://github.com/nilsteampassnet/teampass 9 https://github.com/kubernetes/kubernetes 9 https://github.com/nervosnetwork/ckb 9 https://github.com/TYPO3/TYPO3.CMS 8 https://github.com/cobbler/cobbler 8 https://github.com/gradio-app/gradio 8 https://github.com/cockpit-hq/cockpit 8 https://github.com/nats-io/nats-server 8 https://github.com/denoland/deno 8 https://github.com/bcgit/bc-java 8 https://github.com/matrix-org/synapse 8 https://github.com/shopware/platform 8 https://github.com/netty/netty 7 https://github.com/dotnet/aspnetcore 7 https://github.com/PHPMailer/PHPMailer 7 https://github.com/eclipse/jetty.project 7 https://github.com/spring-projects/spring-security 7 https://github.com/undertow-io/undertow 7 https://github.com/snipe/snipe-it 7 https://github.com/hashicorp/vault 7 https://github.com/laravel/framework 7 https://github.com/rubygems/rubygems 7 https://github.com/DSpace/DSpace 7 https://github.com/apache/activemq 7 https://github.com/plone/Products.CMFPlone 7 https://github.com/apache/cxf 7 https://github.com/nautobot/nautobot 6 https://github.com/DrunkenShells/Disclosures 6 https://github.com/istio/istio 6 https://github.com/PaddlePaddle/Paddle 6 https://github.com/hyperledger/fabric 6 https://github.com/OpenNMS/opennms 6 https://github.com/intelliants/subrion 6 https://github.com/smarty-php/smarty 6 https://github.com/pyca/cryptography 6 https://github.com/CVEProject/cvelist 6 https://github.com/xuxueli/xxl-job 6 https://github.com/saltstack/salt 6 https://github.com/TYPO3/typo3 6 https://github.com/guzzle/guzzle 6 https://github.com/sequelize/sequelize 6 https://github.com/kiwitcms/Kiwi 6 https://github.com/contao/contao 6 https://github.com/bodil/sized-chunks 6 https://github.com/dnnsoftware/Dnn.Platform 6 https://github.com/phpmyadmin/phpmyadmin 6 https://github.com/dromara/hutool 6 https://github.com/gravitl/netmaker 6 https://github.com/zitadel/zitadel 6 https://github.com/OpenZeppelin/openzeppelin-contracts 6 https://github.com/Pylons/waitress 6 https://github.com/ls1intum/Ares 6 https://github.com/magento/magento2 6 https://github.com/npm/node-tar 6 https://github.com/OPCFoundation/UA-.NETStandard 6 https://github.com/nilsteampassnet/TeamPass 6 https://github.com/WWBN/AVideo 6 https://github.com/backstage/backstage 6 https://github.com/opencast/opencast 6 https://github.com/froxlor/froxlor 6 https://github.com/ethereum/go-ethereum 5 https://github.com/hpcng/singularity 5 https://github.com/cilium/cilium 5 https://github.com/apache/hadoop 5 https://github.com/drupal/core 5 https://github.com/getkirby/kirby 5 https://github.com/PrestaShop/PrestaShop 5 https://github.com/directus/directus 5 https://github.com/forkcms/forkcms 5 https://github.com/composer/composer 5 https://github.com/pear/Archive_Tar 5 https://github.com/zopefoundation/Zope 5 https://github.com/geoserver/geoserver 5 https://github.com/vercel/next.js 5 https://github.com/aubio/aubio 5 https://github.com/BlackFan/client-side-prototype-pollution 5 https://github.com/gogs/gogs 5 https://github.com/answerdev/answer 5 https://github.com/docker/docker 5 https://github.com/apache/xmlgraphics-batik 5 https://github.com/traefik/traefik 5 https://github.com/codeigniter4/CodeIgniter4 5 https://github.com/cakephp/cakephp 5 https://github.com/matrix-org/matrix-js-sdk 5 https://github.com/twisted/twisted 5 https://github.com/apache/kylin 5 https://github.com/apache/dolphinscheduler 5 https://github.com/protocolbuffers/protobuf 5 https://github.com/cefsharp/CefSharp 5 https://github.com/grafana/grafana 5 https://github.com/IBAX-io/go-ibax 5 https://github.com/faisalman/ua-parser-js 5 https://github.com/ericcornelissen/shescape 4 https://github.com/jenkinsci/workflow-cps-global-lib-plugin 4 https://github.com/playframework/playframework 4 https://github.com/containers/podman 4 https://github.com/tidwall/gjson 4 https://github.com/jettison-json/jettison 4 https://github.com/vantage6/vantage6 4 https://github.com/fiveai/Cachet 4 https://github.com/kubernetes/ingress-nginx 4 https://github.com/apache/geode 4 https://github.com/yiisoft/yii2 4 https://github.com/totaljs/framework 4 https://github.com/bolt/bolt 4 https://github.com/phpseclib/phpseclib 4 https://github.com/opencontainers/runc 4 https://github.com/apple/swift-nio-http2 4 https://github.com/scrapy/scrapy 4 https://github.com/PrismJS/prism 4 https://github.com/free5gc/free5gc 4 https://github.com/Codiad/Codiad 4 https://github.com/0xJacky/nginx-ui 4 https://github.com/hashicorp/nomad 4 https://github.com/nocodb/nocodb 4 https://github.com/containers/buildah 4 https://github.com/quarkusio/quarkus 4 https://github.com/livehelperchat/livehelperchat 4 https://github.com/baserproject/basercms 4 https://github.com/ethyca/fides 4 https://github.com/pgadmin-org/pgadmin4 4 https://github.com/wixtoolset/issues 4 https://github.com/pimcore/admin-ui-classic-bundle 4 https://github.com/cri-o/cri-o 4 https://github.com/igniterealtime/Openfire 4 https://github.com/RaspAP/raspap-webgui 4 https://github.com/ckeditor/ckeditor4 4 https://github.com/npm/cli 4 https://github.com/cloudflare/cfrpki 4 https://github.com/libp2p/go-libp2p 4 https://github.com/statamic/cms 4 https://github.com/centreon/centreon-archived 4 https://github.com/surrealdb/surrealdb 4 https://github.com/restlet/restlet-framework-java 4 https://github.com/jnqnfe/pulse-binding-rust 4 https://github.com/Froxlor/Froxlor 4 https://github.com/nightcloudos/new_cms 4 https://github.com/jhipster/generator-jhipster 4 https://github.com/ezsystems/ezpublish-legacy 4 https://github.com/jeecgboot/jeecg-boot 4 https://github.com/jfhbrook/node-ecstatic 3 https://github.com/dpgaspar/Flask-AppBuilder 3 https://github.com/phusion/passenger 3 https://github.com/grpc/grpc 3 https://github.com/jupyterhub/oauthenticator 3 https://gitlab.com/edneville/please 3 https://github.com/edgelesssys/constellation 3