Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories

Loading...
Moderate
GSA_kwCzR0hTQS14anA0LWh3OTQtbXZwNc4AA6Ms
Apache Commons Configuration: StackOverflowError adding property in AbstractListDelimiterHandler.flattenIterator()
Ecosystems: maven
Packages: org.apache.commons:commons-configuration2
Source: GitHub Advisory Database
Blast Radius: 21.8
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS05dzM4LXA2NHYteHBtds4AA6Mr
Apache Commons Configuration: StackOverflowError calling ListDelimiterHandler.flatten(Object, int) with a cyclical object tree
Ecosystems: maven
Packages: org.apache.commons:commons-configuration2
Source: GitHub Advisory Database
Blast Radius: 21.8
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS14Z2o0LTJocmYtajR4Z84AA6Mj
Cross-site scripting in Survey Creator
Ecosystems: npm
Packages: survey-creator
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS00aDVoLXAyM2YtaGpxZs4AA6Lz
SQL injection in Folio Spring Module Core
Ecosystems: maven
Packages: org.folio:spring-module-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS05ajM5LTQ2ODYtbTNjNM4AA6LL
Ibexa Kernel's files with blacklisted extensions can be still saved to drafts
Ecosystems: packagist
Packages: ibexa/core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS1td3ZoLXAzaHgteDRnZ84AA6LK
Ibexa Kernel's files with blacklisted extensions can be still saved to drafts
Ecosystems: packagist
Packages: ezsystems/ezplatform-kernel
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
High
GSA_kwCzR0hTQS03OGh4LWdwNmctN21qNs4AA6LJ
Memory leaks in code encrypting and verifying RSA payloads
Ecosystems: go
Packages: github.com/microsoft/go-crypto-openssl/openssl, github.com/golang-fips/openssl/v2, github.com/microsoft/go-crypto-openssl, github.com/golang-fips/openssl/openssl, github.com/golang-fips/go
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
High
GSA_kwCzR0hTQS01NW0zLTQ0eGYtaGc0aM4AA6LI
GoogleOAuthenticator.hosted_domain incorrectly verifies membership of an Google organization/workspace
Ecosystems: pypi
Packages: oauthenticator
Source: GitHub Advisory Database
Blast Radius: 15.9
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS1tcTM5LTRndjQtbXZweM4AA6LH
Moby's external DNS requests from 'internal' networks could lead to data exfiltration
Ecosystems: go
Packages: github.com/docker/docker
Source: GitHub Advisory Database
Blast Radius: 27.2
Published: about 2 months ago
Low
GSA_kwCzR0hTQS01NTJmLTk3d2YtcG1wcc4AA6LG
Umbraco possible user enumeration
Ecosystems: nuget
Packages: UmbracoCMS
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS14NHg1LWp2M3gtOWM3bc4AA6LF
`qiskit_ibm_runtime.RuntimeDecoder` can execute arbitrary code
Ecosystems: pypi
Packages: qiskit-ibm-runtime
Source: GitHub Advisory Database
Blast Radius: 5.9
Published: about 2 months ago
Low
GSA_kwCzR0hTQS1jcTk2LTk5NzQtdjhobc4AA6LE
Dynamic Variable Evaluation in qiskit-ibm-runtime
Ecosystems: pypi
Packages: qiskit-ibm-runtime
Source: GitHub Advisory Database
Blast Radius: 3.1
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS14NjM3LXg4cDMtNXAyMs4AA6Jm
Improper Authentication in Spring Authorization Server
Ecosystems: maven
Packages: org.springframework.security:spring-security-oauth2-authorization-server
Source: GitHub Advisory Database
Blast Radius: 17.5
Published: about 2 months ago
Critical
GSA_kwCzR0hTQS13M3ZjLWZ4OXAtd3A0ds4AA6JP
Jupyter Server Proxy's Websocket Proxying does not require authentication
Ecosystems: pypi
Packages: jupyter-server-proxy
Source: GitHub Advisory Database
Blast Radius: 24.2
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS04OHdjLWZjajktcTNyOc4AA6JO
GeoServer's GWC Demos Page vulnerable to Stored Cross-Site Scripting (XSS)
Ecosystems: maven
Packages: org.geoserver:gs-gwc
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS03eDc2LTU3ZnItbTVyNc4AA6JN
GeoServer's MapML HTML Page vulnerable to Stored Cross-Site Scripting (XSS)
Ecosystems: maven
Packages: org.geoserver.extension:gs-mapml
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS1mY3BtLWhjaGotbWg3Ms4AA6JM
GeoServer's WMS OpenLayers Format vulnerable to Stored Cross-Site Scripting (XSS)
Ecosystems: maven
Packages: org.geoserver:gs-wms
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS01NnIzLWY1MzYtNWdmN84AA6JL
GeoServer's GWC Seed Form vulnerable to Stored Cross-Site Scripting (XSS)
Ecosystems: maven
Packages: org.geoserver:gs-gwc-rest
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS1mZzl2LTU2aHctZzUyNc4AA6JK
GeoServer's Simple SVG Renderer vulnerable to Stored Cross-Site Scripting (XSS)
Ecosystems: maven
Packages: org.geoserver:gs-wms
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS05cmZyLXBmMngtZzR4Zs4AA6JJ
GeoServer's Style Publisher vulnerable to Stored Cross-Site Scripting (XSS)
Ecosystems: maven
Packages: org.geoserver:gs-ows, org.geoserver:gs-main
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS03NW01LWhoNHItcTlneM4AA6JI
GeoServer Arbitrary file renaming vulnerability in REST Coverage/Data Store API
Ecosystems: maven
Packages: org.geoserver:gs-restconfig
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS1maDdwLTVmNmctdmoyd84AA6JH
Stored Cross-Site Scripting (XSS) vulnerability in GeoServer's REST Resources API
Ecosystems: maven
Packages: org.geoserver:gs-restconfig
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 months ago
High
GSA_kwCzR0hTQS05djVxLTJnd3EtcTlocc4AA6JG
Arbitrary file upload vulnerability in GeoServer's REST Coverage Store API
Ecosystems: maven
Packages: org.geoserver:gs-restconfig, org.geoserver:gs-platform
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 months ago
High
GSA_kwCzR0hTQS04Zzd2LXZqcmMteDRnNc4AA6JF
GeoServer log file path traversal vulnerability
Ecosystems: maven
Packages: org.geoserver:gs-main
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 months ago
Critical
GSA_kwCzR0hTQS02aGg3LTQ2cjItdmYyOc4AA6JD
Server crashes on invalid Cloud Function or Cloud Job name
Ecosystems: npm
Packages: parse-server
Source: GitHub Advisory Database
Blast Radius: 28.1
Published: about 2 months ago
High
GSA_kwCzR0hTQS1wbWYzLWMzNm0tZzVjZs4AA6JC
Container escape at build time
Ecosystems: go
Packages: github.com/containers/buildah
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS05bWc0LXYzOTItOGo2OM4AA6IR
erlang-jose vulnerable to denial of service via large p2c value
Ecosystems: hex
Packages: jose
Source: GitHub Advisory Database
Blast Radius: 16.5
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS04dnZwLTUyNWgtY3hmOc4AA6Hm
Cross-Site Request Forgery in Apache Wicket
Ecosystems: maven
Packages: org.apache.wicket:wicket
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS1mNmc2LXBqZ2MtNWNqNc4AA6Hl
Improper Input Validation vulnerability in Apache Hop Engine
Ecosystems: maven
Packages: org.apache.hop:hop
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 months ago
High
GSA_kwCzR0hTQS1jZzI0LWpqcjUtcnhtZs4AA6Hh
Path traversal in flaskcode Devan-Kerman ARRP
Ecosystems: maven
Packages: net.devtech:arrp
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS0zODljLWNmODctcW13as4AA6HZ
Cross-site Scripting in livewire/livewire
Ecosystems: packagist
Packages: livewire/livewire
Source: GitHub Advisory Database
Blast Radius: 26.0
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS1majd4LXE5ajctZzZxNs4AA6He
Black vulnerable to Regular Expression Denial of Service (ReDoS)
Ecosystems: pypi
Packages: black
Source: GitHub Advisory Database
Blast Radius: 26.6
Published: about 2 months ago
Low
GSA_kwCzR0hTQS1yajI5LWoyZzQtNzdxOM4AA6Gr
[TagAwareCipher] - Decryption Failure (Regex Match)
Ecosystems: packagist
Packages: ilicmiljan/secure-props
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS12Y2MzLXJ3NmYtanY5N84AA6Gq
Use-after-free in libxml2 via Nokogiri::XML::Reader
Ecosystems: rubygems
Packages: nokogiri
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
High
GSA_kwCzR0hTQS13ajg1LXc0ZjQteGg4aM4AA6Gp
Denial of service via regular expression
Ecosystems: pypi
Packages: wiki
Source: GitHub Advisory Database
Blast Radius: 15.0
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS13anY4LXB4cjYtNWY0cs4AA6Go
Gadget chain in Symfony 1 due to vulnerable Swift Mailer dependency
Ecosystems: packagist
Packages: swiftmailer/swiftmailer, friendsofsymfony1/swiftmailer, friendsofsymfony1/symfony1
Source: GitHub Advisory Database
Blast Radius: 28.3
Published: about 2 months ago
High
GSA_kwCzR0hTQS1oZnJnLTRqd3ItamZwas4AA6Gn
Improper HTML sanitization in ZITADEL
Ecosystems: go
Packages: github.com/zitadel/zitadel
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS12NnEyLTRxcjMtNWN3Ns4AA6Gm
Unencrypted traffic between nodes when using WireGuard and L7 policies
Ecosystems: go
Packages: github.com/cilium/cilium
Source: GitHub Advisory Database
Blast Radius: 12.3
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS1qODloLXFydnIteGMzNs4AA6Gl
Unencrypted traffic between nodes when using IPsec and L7 policies
Ecosystems: go
Packages: github.com/cilium/cilium
Source: GitHub Advisory Database
Blast Radius: 12.3
Published: about 2 months ago
High
GSA_kwCzR0hTQS02OG1qLTlwanEtbWM4Nc4AA6Gk
Intermittent HTTP policy bypass
Ecosystems: go
Packages: github.com/cilium/cilium
Source: GitHub Advisory Database
Blast Radius: 14.5
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS14N21mLXdyaDktcjc2Y84AA6Gj
XSS via the "Snapshot Test" feature in Classic Webcam plugin settings
Ecosystems: pypi
Packages: OctoPrint
Source: GitHub Advisory Database
Blast Radius: 3.1
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS0ydmdnLTloNnctbTQ1NM4AA6Gi
Bypassing Rate Limit and Brute Force Protection Using Cache Overflow
Ecosystems: go
Packages: github.com/argoproj/argo-cd/v2
Source: GitHub Advisory Database
Blast Radius: 11.7
Published: about 2 months ago
High
GSA_kwCzR0hTQS02djg1LXdyOTItcTRwN84AA6Gh
Denial of Service (DoS) Vulnerability Due to Unsafe Array Modification in Multi-threaded Environment
Ecosystems: go
Packages: github.com/argoproj/argo-cd
Source: GitHub Advisory Database
Blast Radius: 11.2
Published: about 2 months ago
High
GSA_kwCzR0hTQS1oMng2LTVqeDUtNDZoZs4AA6Gg
RCE in TranformGraph().to_dot_graph function
Ecosystems: pypi
Packages: astropy
Source: GitHub Advisory Database
Blast Radius: 34.0
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS14Mmg4LXFtajQtZzYyZs4AA6Fh
ROTP 6.2.2 and 6.2.1 has 0666 permissions for the .rb files.
Ecosystems: rubygems
Packages: rotp
Source: GitHub Advisory Database
Blast Radius: 18.5
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS14MzJtLW12ZmotNTJ4ds4AA6Fg
Bypassing Brute Force Protection via Application Crash and In-Memory Data Loss
Ecosystems: go
Packages: github.com/argoproj/argo-cd/v2
Source: GitHub Advisory Database
Blast Radius: 11.7
Published: about 2 months ago
High
GSA_kwCzR0hTQS1mM2poLXF2bTQtbWczOc4AA6FU
Erroneous authentication pass in Spring Security
Ecosystems: maven
Packages: org.springframework.security:spring-security-core
Source: GitHub Advisory Database
Blast Radius: 38.1
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS1tdmY2LWh3eGgtN3Y3Ns4AA6Eg
Information leakage in YAQL
Ecosystems: pypi
Packages: yaql
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS01dmNjLTg2d20tNTQ3cc4AA6DQ
Improper Privilege Management in djangorestframework-simplejwt
Ecosystems: pypi
Packages: djangorestframework-simplejwt
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
High
GSA_kwCzR0hTQS1oZ2poLTlyajItZzY3as4AA6DE
Spring Framework URL Parsing with Host Validation Vulnerability
Ecosystems: maven
Packages: org.springframework:spring-web
Source: GitHub Advisory Database
Blast Radius: 42.0
Published: about 2 months ago
Low
GSA_kwCzR0hTQS12bThxLW01N2ctcGZmM84AA6CU
Regular expression denial-of-service in Django
Ecosystems: pypi
Packages: django
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
High
GSA_kwCzR0hTQS00amhqLTNndjMtYzNncs4AA6CS
CLI for Vela Insecure Variable Substitution
Ecosystems: go
Packages: github.com/go-vela/cli
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 months ago
High
GSA_kwCzR0hTQS12OG14LWhwMnEtZ3c4Nc4AA6CR
Golang SDK for Vela Insecure Variable Substitution
Ecosystems: go
Packages: github.com/go-vela/sdk-go
Source: GitHub Advisory Database
Blast Radius: 6.5
Published: about 2 months ago
High
GSA_kwCzR0hTQS02OXA0LWo1djUteDIzNM4AA6CQ
Server/API for Vela Insecure Variable Substitution
Ecosystems: go
Packages: github.com/go-vela/server
Source: GitHub Advisory Database
Blast Radius: 6.0
Published: about 2 months ago
High
GSA_kwCzR0hTQS03djM4LXczMm0td3g0bc4AA6CP
Types for Vela Insecure Variable Substitution
Ecosystems: go
Packages: github.com/go-vela/types
Source: GitHub Advisory Database
Blast Radius: 10.9
Published: about 2 months ago
High
GSA_kwCzR0hTQS0ycXBoLXFwdm0tMnFmN84AA6CO
tls-listener affected by the slow loris vulnerability with default configuration
Ecosystems: cargo
Packages: tls-listener
Source: GitHub Advisory Database
Blast Radius: 14.5
Published: about 2 months ago
High
GSA_kwCzR0hTQS1tcDc2LTd3NXYtcHI3Nc4AA6CN
TurboBoost Commands vulnerable to arbitrary method invocation
Ecosystems: npm, rubygems
Packages: @turbo-boost/commands, turbo_boost-commands
Source: GitHub Advisory Database
Blast Radius: 2.0
Published: about 2 months ago
Critical
GSA_kwCzR0hTQS1qd3Y1LThtcXYtZzM4N84AA6CM
Cross-site scripting on application summary component
Ecosystems: go
Packages: github.com/argoproj/argo-cd/v2, github.com/argoproj/argo-cd
Source: GitHub Advisory Database
Blast Radius: 19.7
Published: about 2 months ago
High
GSA_kwCzR0hTQS0zMmpxLW12ODktNXJ4N84AA6CL
CoreWCF NetFraming based services can leave connections open when they should be closed
Ecosystems: nuget
Packages: CoreWCF.NetFramingBase
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 months ago
Low
GSA_kwCzR0hTQS04NzlwLThndzQtbWNwd84AA6CK
fgr Vulnerable to Insecure Default Variable Initialization
Ecosystems: pypi
Packages: fgr
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 months ago
High
GSA_kwCzR0hTQS13NXd4LTZnMnItcjc4cc4AA6CJ
Nuclei allows unsigned code template execution through workflows
Ecosystems: go
Packages: github.com/projectdiscovery/nuclei/v3
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
Critical
GSA_kwCzR0hTQS00OTRoLTk5MjQteHd3Oc4AA6B3
Pterodactyl Wings vulnerable to improper isolation of server file access
Ecosystems: go
Packages: github.com/pterodactyl/wings
Source: GitHub Advisory Database
Blast Radius: 3.0
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS01aDN4LTZnd2YtNzNqbc4AA6B2
vantage6 vulnerable to a username timing attack on recover password/MFA token
Ecosystems: pypi
Packages: vantage6
Source: GitHub Advisory Database
Blast Radius: 5.1
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS00OTQ2LTg1cHItZnZ4aM4AA6B1
vantage6's CORS settings overly permissive
Ecosystems: pypi
Packages: vantage6
Source: GitHub Advisory Database
Blast Radius: 4.0
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS13eDhxLTRnbTktcmoyZ84AA6B0
Fluid vulnerable to OS Command Injection for Fluid Users with JuicefsRuntime
Ecosystems: go
Packages: github.com/fluid-cloudnative/fluid
Source: GitHub Advisory Database
Blast Radius: 1.9
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS1nNjIzLWpjZ2ctbWhtbc4AA6Bz
Users with `create` but not `override` privileges can perform local sync
Ecosystems: go
Packages: github.com/argoproj/argo-cd/v2, github.com/argoproj/argo-cd
Source: GitHub Advisory Database
Blast Radius: 13.9
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS1yOTc4LTltNm0tNmdtNs4AA6BT
Apache ZooKeeper vulnerable to information disclosure in persistent watchers handling
Ecosystems: maven
Packages: org.apache.zookeeper:zookeeper
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS1xbWd4LWo5NmctNDQyOM4AA6BU
SSRF vulnerability using the Aegis DataBinding in Apache CXF
Ecosystems: maven
Packages: org.apache.cxf:cxf-core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
High
GSA_kwCzR0hTQS1wd3g1LTZ3eGctcHg1aM4AA6Ac
Insecure Variable Substitution in Vela
Ecosystems: go
Packages: github.com/go-vela/worker
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
Critical
GSA_kwCzR0hTQS04ODMyLTRtbTUteDJyNs4AA6Aa
discordrb OS Command Injection vulnerability
Ecosystems: rubygems
Packages: discordrb
Source: GitHub Advisory Database
Blast Radius: 24.7
Published: about 2 months ago
Critical
GSA_kwCzR0hTQS1xOTdnLWMyOWgteDJwN84AA6Ab
Whoogle Search Path Traversal vulnerability
Ecosystems: pypi
Packages: whoogle-search
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
Critical
GSA_kwCzR0hTQS0zcTZnLXFtcHgtcnF3NM4AA6AY
Whoogle Search Server-Side Request Forgery vulnerability
Ecosystems: pypi
Packages: whoogle-search
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS1oaDJxLXF2NjYtamNxZ84AA6AZ
Whoogle Search Path Traversal vulnerability
Ecosystems: pypi
Packages: whoogle-search
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS1waGc2LTQ0bTctaHgzaM4AA6AX
Whoogle Search Cross-site Scripting vulnerability
Ecosystems: pypi
Packages: whoogle-search
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS1jeGpoLXBxd3AtOG1mcM4AA6AJ
follow-redirects' Proxy-Authorization header kept across hosts
Ecosystems: npm
Packages: follow-redirects
Source: GitHub Advisory Database
Blast Radius: 41.0
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS1oNTc0LTY2NDYtdmZ4eM4AA6AB
Apache Airflow: Ignored Airflow Permission
Ecosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS1wbWM3LWhtbXctZzk2cc4AA5_Z
Bagisto vulnerable to Insecure Direct Object Reference (IDOR)
Ecosystems: packagist
Packages: bagisto/bagisto
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS12NjgyLTh2djgtdnB3cs4AA5-j
Denial of Service via incomplete cleanup vulnerability in Apache Tomcat
Ecosystems: maven
Packages: org.apache.tomcat.embed:tomcat-embed-websocket, org.apache.tomcat:tomcat-websocket
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS03dzc1LTMyY2ctcjZnMs4AA5-Y
Apache Tomcat Denial of Service due to improper input validation vulnerability for HTTP/2 requests
Ecosystems: maven
Packages: org.apache.tomcat:tomcat-coyote, org.apache.tomcat.embed:tomcat-embed-core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
High
GSA_kwCzR0hTQS0yeDdtLWdmODUtMzc0Nc4AA587
Remote Denial of Service Vulnerability in Microsoft QUIC
Ecosystems: nuget
Packages: Microsoft.Native.Quic.MsQuic.OpenSSL, Microsoft.Native.Quic.MsQuic.Schannel
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS03OHd4LWpnNGotNWo2Z84AA586
quiche vulnerable to unlimited resource allocation by QUIC CRYPTO frames flooding
Ecosystems: cargo
Packages: quiche
Source: GitHub Advisory Database
Blast Radius: 4.6
Published: about 2 months ago
Low
GSA_kwCzR0hTQS14aGc5LXh3Y2gtdnI3eM4AA585
quiche vulnerable to unbounded storage of information related to connection ID retirement
Ecosystems: cargo
Packages: quiche
Source: GitHub Advisory Database
Blast Radius: 2.9
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS1wcjJtLXB4N2oteGc2Nc4AA584
aiosmtpd vulnerable to SMTP smuggling
Ecosystems: pypi
Packages: aiosmtpd
Source: GitHub Advisory Database
Blast Radius: 13.2
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS04ZzM4LTNtNnYtMjMyas4AA58k
Potential log injection in reset user endpoint in CKAN
Ecosystems: pypi
Packages: ckan
Source: GitHub Advisory Database
Blast Radius: 5.9
Published: about 2 months ago
Low
GSA_kwCzR0hTQS03Zzk3LTdyM2MtNWNjNs4AA58e
In Quarkus, git credentials could be inadvertently published
Ecosystems: maven
Packages: io.quarkus:quarkus-kubernetes-deployment
Source: GitHub Advisory Database
Blast Radius: 7.3
Published: about 2 months ago
High
GSA_kwCzR0hTQS1qZzJnLTRyamctY21xaM4AA57-
Apache Pulsar: Pulsar Functions Worker's Archive Extraction Vulnerability Allows Unauthorized File Modification
Ecosystems: maven
Packages: org.apache.pulsar:pulsar-functions-worker
Source: GitHub Advisory Database
Blast Radius: 7.6
Published: about 2 months ago
High
GSA_kwCzR0hTQS1jMzVoLXc4aGotbW01Nc4AA574
Apache Pulsar: Improper Authentication for Pulsar Proxy Statistics Endpoint
Ecosystems: maven
Packages: org.apache.pulsar:pulsar-proxy
Source: GitHub Advisory Database
Blast Radius: 8.2
Published: about 2 months ago
High
GSA_kwCzR0hTQS1jMng5LXZ3NWgtMzl2Y84AA57_
Apache Pulsar: Pulsar Functions Worker Allows Unauthorized File Access and Unauthorized HTTP/HTTPS Proxying
Ecosystems: maven
Packages: org.apache.pulsar:pulsar-functions-worker
Source: GitHub Advisory Database
Blast Radius: 7.8
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS1nNjI3LXI1NzktcnczNc4AA573
Apache Pulsar: Improper Authorization For Topic-Level Policy Management
Ecosystems: maven
Packages: org.apache.pulsar:pulsar-broker
Source: GitHub Advisory Database
Blast Radius: 15.3
Published: about 2 months ago
High
GSA_kwCzR0hTQS14cDJyLWc4cXEtNDRoaM4AA577
Apache Pulsar: Improper Input Validation in Pulsar Function Worker allows Remote Code Execution
Ecosystems: maven
Packages: org.apache.pulsar:pulsar-functions-worker
Source: GitHub Advisory Database
Blast Radius: 7.8
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS1mcjN3LTJwMjItNnc3cM4AA572
URL Redirection to Untrusted Site in OAuth2/OpenID in directus
Ecosystems: npm
Packages: directus
Source: GitHub Advisory Database
Blast Radius: 11.1
Published: about 2 months ago
Low
GSA_kwCzR0hTQS0yY2NyLWcycnYtaDY3N84AA571
Session Token in URL in directus
Ecosystems: npm
Packages: directus
Source: GitHub Advisory Database
Blast Radius: 4.7
Published: about 2 months ago
High
GSA_kwCzR0hTQS01ZnhqLXdoY3YtY3JyY84AA570
Microsoft Security Advisory CVE-2024-21392: .NET Denial of Service Vulnerability
Ecosystems: nuget
Packages: Microsoft.NETCore.App.Runtime.win-x64, Microsoft.NETCore.App.Runtime.win-x86, Microsoft.NETCore.App.Runtime.win-arm64, Microsoft.NETCore.App.Runtime.win-arm, Microsoft.NETCore.App.Runtime.osx-x64, Microsoft.NETCore.App.Runtime.osx-arm64, Microsoft.NETCore.App.Runtime.linux-x64, Microsoft.NETCore.App.Runtime.linux-musl-x64, Microsoft.NETCore.App.Runtime.linux-musl-arm64, Microsoft.NETCore.App.Runtime.linux-musl-arm, Microsoft.NETCore.App.Runtime.linux-arm64, Microsoft.NETCore.App.Runtime.linux-arm
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 months ago
High
GSA_kwCzR0hTQS12bXF2LTQ3ajgtZ3d2OM4AA57r
Remote Code Execution Vulnerability in Microsoft Django Backend for SQL Server
Ecosystems: pypi
Packages: mssql-django
Source: GitHub Advisory Database
Blast Radius: 18.2
Published: about 2 months ago
High
GSA_kwCzR0hTQS05NXJ4LW05bTUtbTk0ds4AA56u
ASA-2024-006: ValidateVoteExtensions helper function in Cosmos SDK may allow incorrect voting power assumptions
Ecosystems: go
Packages: github.com/cosmos/cosmos-sdk
Source: GitHub Advisory Database
Blast Radius: 23.9
Published: about 2 months ago
High
GSA_kwCzR0hTQS1mNzhqLTR3M2ctNHE2Nc4AA56t
StimulusReflex arbitrary method call
Ecosystems: npm, rubygems
Packages: stimulus_reflex
Source: GitHub Advisory Database
Blast Radius: 43.9
Published: about 2 months ago
High
GSA_kwCzR0hTQS0yNDJwLTR2MzktMnY4Z84AA56s
Cross-site Scripting (XSS) possible with maliciously formed HTML attribute names and values in Phlex
Ecosystems: rubygems
Packages: phlex
Source: GitHub Advisory Database
Blast Radius: 8.7
Published: about 2 months ago
High
GSA_kwCzR0hTQS1tcTR4LXIydzMtajdtcs4AA54b
Account Takeover via Session Fixation in Zitadel [Bypassing MFA]
Ecosystems: go
Packages: github.com/zitadel/zitadel
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS14MnZnLTV3cmYtdmo2ds4AA53Z
1Panel is vulnerable to command injection
Ecosystems: go
Packages: github.com/1Panel-dev/1Panel
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 months ago
High
GSA_kwCzR0hTQS0zNWpqLXd4NDctNHc4cs4AA52-
WeasyPrint allows the attachment of arbitrary files and URLs to a PDF
Ecosystems: pypi
Packages: weasyprint
Source: GitHub Advisory Database
Blast Radius: 23.2
Published: about 2 months ago
Statistics
Advisories: 18,369
Packages: 8,294
Repositories: 5,017
Ecosystems: 12
Filter by Severity
Moderate 7,928 High 6,358 Critical 2,809 Low 985
Filter by Ecosystem
maven 5,531 packagist 3,809 pypi 3,712 npm 3,543 go 1,895 nuget 1,390 rubygems 814 cargo 777 swift 31 hex 30 actions 16 pub 8
Filter by Package
tensorflow 432 tensorflow-cpu 387 tensorflow-gpu 384 moodle/moodle 323 Microsoft.ChakraCore 247 org.jenkins-ci.main:jenkins-core 189 magento/community-edition 182 org.apache.tomcat:tomcat 134 pimcore/pimcore 116 dolibarr/dolibarr 107 typo3/cms 102 phpmyadmin/phpmyadmin 92 microweber/microweber 91 django 80 apache-airflow 78 drupal/core 76 typo3/cms-core 73 thorsten/phpmyfaq 70 com.fasterxml.jackson.core:jackson-databind 69 ansible 63 drupal/drupal 61 github.com/usememos/memos 59 actionpack 57 org.apache.struts:struts2-core 55 librenms/librenms 54 symfony/symfony 53 concrete5/concrete5 52 salt 50 shopware/platform 48 apache-superset 48 org.keycloak:keycloak-core 47 Plone 45 com.liferay.portal:release.portal.bom 45 plone 43 baserproject/basercms 43 nokogiri 42 rdiffweb 42 Pillow 41 craftcms/cms 40 intelliants/subrion 40 showdoc/showdoc 40 github.com/mattermost/mattermost/server/v8 38 vyper 38 github.com/mattermost/mattermost-server/v6 37 org.apache.tomcat.embed:tomcat-embed-core 37 nilsteampassnet/teampass 37 com.thoughtworks.xstream:xstream 36 shopware/core 36 froxlor/froxlor 36 com.jfinal:jfinal 36 matrix-synapse 35 net.mingsoft:ms-mcms 35 org.xwiki.platform:xwiki-platform-oldcore 34 github.com/answerdev/answer 34 silverstripe/framework 32 snipe/snipe-it 32 org.jenkins-ci.plugins:script-security 32 org.elasticsearch:elasticsearch 32 k8s.io/kubernetes 32 mlflow 31 opencv-python 30 opencv-contrib-python 30 parse-server 29 github.com/argoproj/argo-cd 29 mautic/core 29 github.com/grafana/grafana 28 github.com/hashicorp/vault 28 github.com/rancher/rancher 28 getgrav/grav 28 centreon/centreon 27 Django 27 io.undertow:undertow-core 27 org.keycloak:keycloak-services 27 shopware/shopware 27 electron 26 github.com/hashicorp/nomad 26 openssl-src 26 github.com/hashicorp/consul 26 org.apache.solr:solr-core 25 org.keycloak:keycloak-parent 25 rubygems-update 25 magento/core 24 prestashop/prestashop 24 gogs.io/gogs 24 github.com/argoproj/argo-cd/v2 23 puppet 23 org.springframework.security:spring-security-core 23 remdex/livehelperchat 23 moin 23 pocketmine/pocketmine-mp 23 org.eclipse.jetty:jetty-server 23 grumpydictator/firefly-iii 22 org.apache.nifi:nifi 22 rack 22 ckb 22 getkirby/cms 22 contao/core-bundle 21 activerecord 21 org.apache.openmeetings:openmeetings-parent 21 @openzeppelin/contracts-upgradeable 21 @openzeppelin/contracts 20 org.cloudfoundry.identity:cloudfoundry-identity-server 20 github.com/cilium/cilium 20 github.com/docker/docker 19 org.bouncycastle:bcprov-jdk14 19 github.com/ethereum/go-ethereum 19 code.gitea.io/gitea 19 org.springframework:spring-core 19 DotNetNuke.Core 19 langchain 18 contao/contao 18 com.liferay.portal:release.dxp.bom 18 forkcms/forkcms 18 tribalsystems/zenario 18 com.vaadin:vaadin-bom 18 helm.sh/helm/v3 18 mercurial 17 org.apache.geode:geode-core 17 PaddlePaddle 17 symfony/security 17 cakephp/cakephp 17 golang.org/x/net 17 org.xwiki.platform:xwiki-platform-web-templates 17 francoisjacquet/rosariosis 17 Microsoft.AspNetCore.App.Runtime.win-x86 17 cobbler 17 Microsoft.AspNetCore.App.Runtime.win-x64 17 cockpit-hq/cockpit 17 simplesamlphp/simplesamlphp 17 genix/cms 17 Microsoft.AspNetCore.App.Runtime.win-arm 16 org.apache.activemq:activemq-client 16 directus 16 pillow 16 wasmtime 16 sequelize 16 topthink/framework 16 org.apache.dubbo:dubbo 16 yetiforce/yetiforce-crm 16 rusqlite 16 org.bouncycastle:bcprov-jdk15 16 Microsoft.AspNetCore.App.Runtime.linux-musl-x64 15 nova 15 Microsoft.AspNetCore.App.Runtime.linux-arm64 15 github.com/goharbor/harbor 15 Microsoft.AspNetCore.App.Runtime.linux-arm 15 Microsoft.AspNetCore.App.Runtime.linux-x64 15 org.apache.struts.xwork:xwork-core 15 Microsoft.AspNetCore.App.Runtime.osx-x64 15 openmage/magento-lts 15 cryptography 15 notebook 15 paddlepaddle 15 org.apache.jspwiki:jspwiki-main 15 ghost 14 pyftpdlib 14 ezsystems/ezpublish-kernel 14 gradio 14 zendframework/zendframework1 14 publify_core 14 activesupport 14 modoboa 14 org.xwiki.platform:xwiki-platform-web 14 phpmailer/phpmailer 14 keystone 14 smarty/smarty 14 ec-cube/ec-cube 14 tinymce 14 symfony/security-http 14 typo3/cms-backend 14 Microsoft.AspNetCore.App.Runtime.linux-musl-arm64 14 pyload-ng 14 Microsoft.AspNetCore.App.Runtime.win-arm64 14 swagger-ui 14 neutron 13 codeigniter4/framework 13 lavalite/cms 13 org.apache.hadoop:hadoop-main 13 github.com/containerd/containerd 13 github.com/mattermost/mattermost-server 13 ckeditor4 13 bolt/bolt 13 strapi 13 passenger 13 org.apache.inlong:manager-pojo 13 impresscms/impresscms 13 github.com/traefik/traefik/v2 13 github.com/nats-io/nats-server/v2 13 october/system 13 joplin 13 next 13 elefant/cms 13 org.apache.cxf:cxf 13 com.vaadin:flow-server 12 github.com/go-gitea/gitea 12 org.jenkins-ci.plugins.workflow:workflow-cps 12 dompdf/dompdf 12 vm2 12 Microsoft.NETCore.App.Runtime.win-x86 12 org.jenkins-ci.plugins:git 12
Filter by Repository
https://github.com/tensorflow/tensorflow 432 https://github.com/chakra-core/ChakraCore 214 https://github.com/moodle/moodle 210 https://github.com/xwiki/xwiki-platform 172 https://github.com/jenkinsci/jenkins 148 https://github.com/pimcore/pimcore 111 https://github.com/apache/tomcat 96 https://github.com/apache/airflow 90 https://github.com/microweber/microweber 85 https://github.com/django/django 74 https://github.com/FasterXML/jackson-databind 70 https://github.com/thorsten/phpmyfaq 69 https://github.com/keycloak/keycloak 59 https://github.com/usememos/memos 59 https://github.com/Dolibarr/dolibarr 55 https://github.com/ansible/ansible 53 https://github.com/rails/rails 53 https://github.com/python-pillow/Pillow 52 https://github.com/kubernetes/kubernetes 48 https://github.com/symfony/symfony 47 https://github.com/librenms/librenms 46 https://github.com/apache/struts 46 https://github.com/shopware/platform 43 https://github.com/ikus060/rdiffweb 42 https://github.com/TYPO3/typo3 42 https://github.com/spring-projects/spring-framework 41 https://github.com/vyperlang/vyper 38 https://github.com/star7th/showdoc 38 https://github.com/phpmyadmin/phpmyadmin 38 https://github.com/plone/Products.CMFPlone 37 https://github.com/argoproj/argo-cd 37 https://github.com/x-stream/xstream 36 https://github.com/answerdev/answer 34 https://github.com/concretecms/concretecms 34 https://github.com/octobercms/october 33 https://github.com/apache/activemq 33 https://github.com/matrix-org/synapse 32 https://github.com/saltstack/salt 32 https://github.com/go-gitea/gitea 31 https://github.com/PaddlePaddle/Paddle 31 https://github.com/magento/magento2 31 https://github.com/sparklemotion/nokogiri 31 https://github.com/craftcms/cms 29 https://github.com/parse-community/parse-server 29 https://github.com/opencv/opencv 28 https://github.com/CVEProject/cvelist 28 https://github.com/snipe/snipe-it 28 https://github.com/mautic/mautic 27 https://github.com/froxlor/froxlor 26 https://github.com/apache/inlong 25 https://github.com/electron/electron 25 https://github.com/rancher/rancher 25 https://github.com/mlflow/mlflow 25 https://github.com/TYPO3/TYPO3.CMS 24 https://github.com/shopware/shopware 24 https://github.com/github/advisory-database 23 https://github.com/eclipse/jetty.project 23 https://github.com/livehelperchat/livehelperchat 23 https://github.com/getgrav/grav 23 https://github.com/dotnet/runtime 23 https://github.com/pmmp/PocketMine-MP 23 https://github.com/nervosnetwork/ckb 22 https://github.com/firefly-iii/firefly-iii 22 https://github.com/baserproject/basercms 22 https://github.com/grafana/grafana 22 https://github.com/contao/contao 22 https://github.com/apache/nifi 21 https://github.com/jenkinsci/script-security-plugin 21 https://github.com/strapi/strapi 21 https://github.com/jeecgboot/jeecg-boot 20 https://github.com/cilium/cilium 20 https://github.com/netty/netty 20 https://github.com/PrestaShop/PrestaShop 20 https://github.com/OpenNMS/opennms 20 https://github.com/gogs/gogs 20 https://github.com/OpenZeppelin/openzeppelin-contracts 20 https://github.com/nilsteampassnet/teampass 19 https://github.com/helm/helm 19 https://github.com/apache/cxf 19 https://github.com/hashicorp/consul 19 https://github.com/intelliants/subrion 19 https://github.com/cloudfoundry/uaa 19 https://github.com/nilsteampassnet/TeamPass 18 https://github.com/rubygems/rubygems 18 https://github.com/bcgit/bc-java 18 https://github.com/getkirby/kirby 18 https://github.com/bytecodealliance/wasmtime 17 https://github.com/vaadin/platform 17 https://github.com/liufee/cms 17 https://github.com/rack/rack 17 https://github.com/opencast/opencast 16 https://github.com/rusqlite/rusqlite 16 https://github.com/forkcms/forkcms 16 https://github.com/hashicorp/vault 16 https://github.com/umbraco/Umbraco-CMS 16 https://github.com/etcd-io/etcd 16 https://github.com/sequelize/sequelize 16 https://github.com/yetiforcecompany/yetiforcecrm 16 https://github.com/geoserver/geoserver 15 https://github.com/goharbor/harbor 15 https://github.com/puppetlabs/puppet 15 https://github.com/directus/directus 15 https://github.com/centreon/centreon 15 https://github.com/ethereum/go-ethereum 15 https://github.com/OpenMage/magento-lts 15 https://github.com/apache/camel 15 https://github.com/vantage6/vantage6 14 https://github.com/pyload/pyload 14 https://github.com/cobbler/cobbler 14 https://github.com/PHPMailer/PHPMailer 14 https://github.com/cockpit-hq/cockpit 14 https://github.com/tinymce/tinymce 14 https://github.com/langchain-ai/langchain 14 https://github.com/mattermost/mattermost 14 https://github.com/moby/moby 14 https://github.com/simplesamlphp/simplesamlphp 14 https://github.com/denoland/deno 14 https://github.com/pyca/cryptography 14 https://github.com/xuxueli/xxl-job 13 https://github.com/swagger-api/swagger-ui 13 https://github.com/modoboa/modoboa 13 https://github.com/publify/publify 13 https://github.com/quarkusio/quarkus 13 https://github.com/containerd/containerd 13 https://github.com/undertow-io/undertow 13 https://github.com/gradio-app/gradio 13 https://github.com/hashicorp/nomad 13 https://github.com/golang/go 13 https://github.com/silverstripe/silverstripe-framework 13 https://github.com/dompdf/dompdf 13 https://github.com/ming-soft/MCMS 13 https://github.com/traefik/traefik 13 https://github.com/dromara/hutool 12 https://github.com/patriksimek/vm2 12 https://github.com/backstage/backstage 12 https://github.com/TryGhost/Ghost 12 https://github.com/twisted/twisted 12 https://github.com/apache/kylin 12 https://github.com/nodejs/undici 12 https://github.com/laurent22/joplin 12 https://github.com/ckeditor/ckeditor4 12 https://github.com/apache/dolphinscheduler 12 https://github.com/centreon/centreon-archived 12 https://github.com/janeczku/calibre-web 11 https://github.com/urllib3/urllib3 11 https://github.com/cakephp/cakephp 11 https://github.com/vaadin/flow 11 https://github.com/opencontainers/runc 11 https://github.com/onionshare/onionshare 11 https://github.com/Studio-42/elFinder 11 https://github.com/jquery/jquery 11 https://github.com/zitadel/zitadel 11 https://github.com/openstack/keystone 11 https://github.com/drupal/core 11 https://github.com/thorsten/phpMyFAQ 11 https://github.com/cloudflare/cfrpki 11 https://github.com/igniterealtime/Openfire 11 https://github.com/openfga/openfga 11 https://github.com/containers/podman 11 https://github.com/puma/puma 11 https://github.com/NodeBB/NodeBB 11 https://github.com/aio-libs/aiohttp 11 https://github.com/smarty-php/smarty 11 https://github.com/greenpau/caddy-security 10 https://github.com/jupyter/notebook 10 https://github.com/dotnet/aspnetcore 10 https://github.com/1Panel-dev/1Panel 10 https://github.com/nextauthjs/next-auth 10 https://github.com/phusion/passenger 10 https://github.com/cosmos/cosmos-sdk 10 https://github.com/dpgaspar/Flask-AppBuilder 10 https://github.com/nats-io/nats-server 10 https://github.com/codeigniter4/CodeIgniter4 10 https://github.com/wagtail/wagtail 10 https://github.com/dolibarr/dolibarr 10 https://github.com/ezsystems/ezpublish-kernel 10 https://github.com/pimcore/admin-ui-classic-bundle 10 https://github.com/keystonejs/keystone 10 https://github.com/WWBN/AVideo 10 https://github.com/OPCFoundation/UA-.NETStandard 10 https://github.com/zopefoundation/Zope 10 https://github.com/top-think/framework 10 https://github.com/jenkinsci/git-plugin 10 https://github.com/rails/rails-html-sanitizer 9 https://github.com/ethyca/fides 9 https://github.com/LavaLite/cms 9 https://github.com/apache/lucene-solr 9 https://github.com/DSpace/DSpace 9 https://github.com/cri-o/cri-o 9 https://github.com/cui2shark/cms 9 https://github.com/Graylog2/graylog2-server 9 https://github.com/bolt/bolt 9 https://github.com/alextselegidis/easyappointments 9 https://github.com/giampaolo/pyftpdlib 9 https://github.com/semplon/GeniXCMS 9 https://github.com/funadmin/funadmin 9 https://github.com/evershopcommerce/evershop 9 https://github.com/fatfreecrm/fat_free_crm 9 https://github.com/vercel/next.js 9