Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Critical Security Advisories

Loading...
Critical
GSA_kwCzR0hTQS1yYzZoLXF3ajktMmM1M84AA5em
Apache DolphinScheduler vulnerable to arbitrary JavaScript execution as root for authenticated users
Ecosystems: maven
Packages: org.apache.dolphinscheduler:dolphinscheduler
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 months ago
Critical
GSA_kwCzR0hTQS1mbWc0LXg4cHctaGpoZ84AA5dK
Fiber has Insecure CORS Configuration, Allowing Wildcard Origin with Credentials
Ecosystems: go
Packages: github.com/gofiber/fiber/v2
Source: GitHub Advisory Database
Blast Radius: 34.9
Published: 3 months ago
Critical
GSA_kwCzR0hTQS05N20zLTUyd3IteHZ2Ms4AA5dJ
Dompdf's usage of vulnerable version of phenx/php-svg-lib leads to restriction bypass and potential RCE
Ecosystems: packagist
Packages: phenx/php-svg-lib
Source: GitHub Advisory Database
Blast Radius: 43.2
Published: 3 months ago
Critical
GSA_kwCzR0hTQS0yNHJwLXEzdzYtdmM1Ns4AA5cA
org.postgresql:postgresql vulnerable to SQL Injection via line comment generation
Ecosystems: maven
Packages: org.postgresql:postgresql
Source: GitHub Advisory Database
Blast Radius: 52.5
Published: 3 months ago
Critical
GSA_kwCzR0hTQS12Z3Y4LTVjcGotcWoyZs4AA5bL
pymatgen vulnerable to arbitrary code execution when parsing a maliciously crafted JonesFaithfulTransformation transformation_string
Ecosystems: pypi
Packages: pymatgen
Source: GitHub Advisory Database
Blast Radius: 25.0
Published: 3 months ago
Critical
GSA_kwCzR0hTQS1xMmN2LTdqNTgtcmZtas4AA5bF
Liferay Portal Document and Media widget and Liferay DXP vulnerable to stored Cross-site Scripting
Ecosystems: maven
Packages: com.liferay.portal:release.dxp.bom, com.liferay.portal:release.portal.bom
Source: GitHub Advisory Database
Blast Radius: 13.8
Published: 3 months ago
Critical
GSA_kwCzR0hTQS1yd3hjLTRjbXctN3g3Nc4AA5aL
Liferay Portal and Liferay DXP vulnerable to stored Cross-site Scripting
Ecosystems: maven
Packages: com.liferay.portal:release.dxp.bom, com.liferay.portal:release.portal.bom
Source: GitHub Advisory Database
Blast Radius: 13.8
Published: 3 months ago
Critical
GSA_kwCzR0hTQS00NGpnLWpnangtM3hnNc4AA5aM
Liferay Portal's Dynamic Data Mapping module's DDMForm and Liferay DXP vulnerable to stored Cross-site Scripting
Ecosystems: maven
Packages: com.liferay.portal:release.dxp.bom, com.liferay.portal:release.portal.bom
Source: GitHub Advisory Database
Blast Radius: 13.8
Published: 3 months ago
Critical
GSA_kwCzR0hTQS1yd2h2LWh2ajItcXJxbc4AA5aN
Liferay Portal Frontend JS module's portlet.js and Liferay DXP vulnerable to Cross-site Scripting
Ecosystems: maven
Packages: com.liferay.portal:release.dxp.bom, com.liferay.portal:release.portal.bom
Source: GitHub Advisory Database
Blast Radius: 14.7
Published: 3 months ago
Critical
GSA_kwCzR0hTQS03M3gzLThtcmctNXI5M84AA5aE
Liferay Portal Language Override edit screen and Liferay DXP vulnerable to reflected Cross-site Scripting
Ecosystems: maven
Packages: com.liferay.portal:release.dxp.bom, com.liferay.portal:release.portal.bom
Source: GitHub Advisory Database
Blast Radius: 14.7
Published: 3 months ago
Critical
GSA_kwCzR0hTQS00Njh4LWZyY20tZ2h4Ns4AA5aB
Liferay Portal and Liferay DXP vulnerable to reflected Cross-site Scripting
Ecosystems: maven
Packages: com.liferay.portal:release.dxp.bom, com.liferay.portal:release.portal.bom
Source: GitHub Advisory Database
Blast Radius: 13.8
Published: 3 months ago
Critical
GSA_kwCzR0hTQS01NHB2LXI2MmotOXFxY84AA5aC
Liferay Portal and Liferay DXP vulnerable to reflected Cross-site Scripting
Ecosystems: maven
Packages: com.liferay.portal:release.dxp.bom, com.liferay.portal:release.portal.bom
Source: GitHub Advisory Database
Blast Radius: 14.7
Published: 3 months ago
Critical
GSA_kwCzR0hTQS14cGpnLTdoeDctd2djeM4AA5aI
Liferay Portal and Liferay DXP vulnerable to Cross-site Scripting
Ecosystems: maven
Packages: com.liferay.portal:release.dxp.bom, com.liferay.portal:release.portal.bom
Source: GitHub Advisory Database
Blast Radius: 14.7
Published: 3 months ago
Critical
GSA_kwCzR0hTQS12MnhxLW0yMnctam1wcs4AA5aH
Liferay Portal and Liferay DXP's Users Admin module vulnerable to stored Cross-site Scripting
Ecosystems: maven
Packages: com.liferay.portal:release.dxp.bom, com.liferay.portal:release.portal.bom
Source: GitHub Advisory Database
Blast Radius: 13.8
Published: 3 months ago
Critical
GSA_kwCzR0hTQS1wMjh4LTRyNWgtcGg2as4AA5aJ
Liferay Portal Message Board widget and Liferay DXP vulnerable to stored Cross-site Scripting
Ecosystems: maven
Packages: com.liferay.portal:release.dxp.bom, com.liferay.portal:release.portal.bom
Source: GitHub Advisory Database
Blast Radius: 13.8
Published: 3 months ago
Critical
GSA_kwCzR0hTQS1jcjM2LTN2cWYteDV3Nc4AA5aK
Liferay Portal Expando module and Liferay DXP vulnerable to stored Cross-site Scripting
Ecosystems: maven
Packages: com.liferay.portal:release.dxp.bom, com.liferay.portal:release.portal.bom
Source: GitHub Advisory Database
Blast Radius: 13.8
Published: 3 months ago
Critical
GSA_kwCzR0hTQS1jOXZ2LWZoZ3YtY2pjM84AA5aA
agent-js: Insecure Key Generation in `Ed25519KeyIdentity.generate`
Ecosystems: npm
Packages: @dfinity/auth-client, @dfinity/identity
Source: GitHub Advisory Database
Blast Radius: 22.9
Published: 3 months ago
Critical
GSA_kwCzR0hTQS01cndtLTJ4dzgtaGg5cM4AA5X7
Deserialization of Untrusted Data in Torrentpier
Ecosystems: packagist
Packages: torrentpier/torrentpier
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 months ago
Critical
GSA_kwCzR0hTQS02OHc3LTcyamctNnFwcM4AA5RM
NuGet Client Security Feature Bypass Vulnerability
Ecosystems: nuget
Packages: NuGet.Packaging, NuGet.CommandLine
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 months ago
Critical
GSA_kwCzR0hTQS1nNzRxLTV4dzMtajdxOc4AA5RK
Microsoft Security Advisory CVE-2024-21386: .NET Denial of Service Vulnerability
Ecosystems: nuget
Packages: Microsoft.AspNetCore.App.Runtime.win-x86, Microsoft.AspNetCore.App.Runtime.win-x64, Microsoft.AspNetCore.App.Runtime.win-arm64, Microsoft.AspNetCore.App.Runtime.win-arm, Microsoft.AspNetCore.App.Runtime.osx-x64, Microsoft.AspNetCore.App.Runtime.osx-arm64, Microsoft.AspNetCore.App.Runtime.linux-x64, Microsoft.AspNetCore.App.Runtime.linux-musl-x64, Microsoft.AspNetCore.App.Runtime.linux-musl-arm64, Microsoft.AspNetCore.App.Runtime.linux-musl-arm, Microsoft.AspNetCore.App.Runtime.linux-arm64, Microsoft.AspNetCore.App.Runtime.linux-arm
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 months ago
Critical
GSA_kwCzR0hTQS1nY2NxLWgzeGotamd2Zs4AA5N1
Pixelfed doesn't check OAuth Scopes in API routes, giving elevated permissions
Ecosystems: packagist
Packages: pixelfed/pixelfed
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 months ago
Critical
GSA_kwCzR0hTQS01OXFqLWpjanYtNjYyas4AA5Kb
DIRAC's TokenManager does not check permissions on cached tokens
Ecosystems: pypi
Packages: DIRAC
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
Critical
GSA_kwCzR0hTQS1yM2pjLTNxbW0tdzNwd84AA5JJ
SQLAlchemyDA unauthenticated arbitrary SQL query execution
Ecosystems: pypi
Packages: Products.SQLAlchemyDA
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
Critical
GSA_kwCzR0hTQS01MnhxLWo3djktdjR2Ms4AA5JI
Vyper array negative index vulnerability
Ecosystems: pypi
Packages: vyper
Source: GitHub Advisory Database
Blast Radius: 23.3
Published: 3 months ago
Critical
GSA_kwCzR0hTQS05dmdxLXc1cHYtdjc3cc4AA5JF
Liferay Portal stored cross-site scripting (XSS) vulnerability
Ecosystems: maven
Packages: com.liferay.portal:release.dxp.bom, com.liferay.portal:release.portal.bom
Source: GitHub Advisory Database
Blast Radius: 14.7
Published: 3 months ago
Critical
GSA_kwCzR0hTQS1nZnFmLTl3OTgtN2pteM4AA5GB
Stimulsoft Dashboard.JS directory traversal vulnerability
Ecosystems: npm
Packages: stimulsoft-dashboards-js
Source: GitHub Advisory Database
Blast Radius: 2.7
Published: 3 months ago
Critical
GSA_kwCzR0hTQS1xNzNmLXczaDctN3djY84AA5Cr
Nervos CKB Transaction which calls syscall load_cell_data_hash has nondeterministic result
Ecosystems: cargo
Packages: ckb
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 4 months ago
Critical
GSA_kwCzR0hTQS04NHgyLTJxdjYtcWc1Ns4AA5Ch
Nervos CKB P2P DoS Attacks
Ecosystems: cargo
Packages: ckb
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 4 months ago
Critical
GSA_kwCzR0hTQS0zNHEzLXAzNTItYzdxOM4AA5Bm
Central Dogma Authentication Bypass Vulnerability via Session Leakage
Ecosystems: maven
Packages: com.linecorp.centraldogma:centraldogma-server
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 months ago
Critical
GSA_kwCzR0hTQS05Z2g4LTg3N3ItZzQ3N84AA5Ap
Beetl Server-Side Template Injection vulnerability
Ecosystems: maven
Packages: com.ibeetl:beetl-core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 months ago
Critical
GSA_kwCzR0hTQS05eDdmLWd3eHEtNmYyY84AA4_y
Vyper's bounds check on built-in `slice()` function can be overflowed
Ecosystems: pypi
Packages: vyper
Source: GitHub Advisory Database
Blast Radius: 23.3
Published: 4 months ago
Critical
GSA_kwCzR0hTQS00djk4LTdxbXctcnFyOM4AA4-r
BuildKit vulnerable to possible host system access from mount stub cleaner
Ecosystems: go
Packages: github.com/moby/buildkit
Source: GitHub Advisory Database
Blast Radius: 30.7
Published: 4 months ago
Critical
GSA_kwCzR0hTQS13cjZ2LTlmNzUtdmgyZ84AA4-q
Buildkit's interactive containers API does not validate entitlements check
Ecosystems: go
Packages: github.com/moby/buildkit
Source: GitHub Advisory Database
Blast Radius: 30.0
Published: 4 months ago
Critical
GSA_kwCzR0hTQS1qNnZ2LXZ2MjYtcmg3Y84AA488
HashiCorp Vault Improper Privilege Management
Ecosystems: go
Packages: github.com/hashicorp/vault/vault
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 4 months ago
Critical
GSA_kwCzR0hTQS04eHc2LTloNzgtYzg5as4AA470
Ylianst MeshCentral Missing SSL Certificate Validation
Ecosystems: npm
Packages: meshcentral
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 months ago
Critical
GSA_kwCzR0hTQS14dnE5LTR2cHYtMjI3bc4AA47r
Nginx-UI vulnerable to arbitrary file write through the Import Certificate feature
Ecosystems: go
Packages: github.com/0xJacky/Nginx-UI
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 4 months ago
Critical
GSA_kwCzR0hTQS03eG04LXdqcTctODhyNc4AA47X
DeviceFarmer stf uses DES-ECB
Ecosystems: npm
Packages: @devicefarmer/stf
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 4 months ago
Critical
GSA_kwCzR0hTQS00OTU3LTd2aHAtN3Y1Oc4AA45N
Deserialization of untrusted data in synthcity
Ecosystems: pypi
Packages: synthcity
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 months ago
Critical
GSA_kwCzR0hTQS02ZjlnLWN4d3ItcTVqcs4AA4qu
Arbitrary file read vulnerability through the Jenkins CLI can lead to RCE
Ecosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 4 months ago
Critical
GSA_kwCzR0hTQS03cThwLTk5NTMtcHh2cs4AA4ov
Remote Command Execution in SOFARPC
Ecosystems: maven
Packages: com.alipay.sofa:rpc-sofa-boot-starter
Source: GitHub Advisory Database
Blast Radius: 21.8
Published: 4 months ago
Critical
GSA_kwCzR0hTQS1yd2hoLTZ4ODMtODR2Ns4AA4od
Cross-site Scripting in Apache superset
Ecosystems: pypi
Packages: apache-superset
Source: GitHub Advisory Database
Blast Radius: 12.9
Published: 4 months ago
Critical
GSA_kwCzR0hTQS1qZ3hjLThtd3EtOXhxd84AA4mo
Clojure classes can be used to craft a serialized object that runs arbitrary code on deserialization
Ecosystems: maven
Packages: org.clojure:clojure
Source: GitHub Advisory Database
Blast Radius: 36.5
Published: 4 months ago
Critical
GSA_kwCzR0hTQS01ZzczLTY5cDQtN2d2eM4AA4mi
Code execution in pandasai
Ecosystems: pypi
Packages: pandasai
Source: GitHub Advisory Database
Blast Radius: 16.1
Published: 4 months ago
Critical
GSA_kwCzR0hTQS0yanh3LTRobTQtNnc4N84AA4mj
SQL injection in llama-index
Ecosystems: pypi
Packages: llama-index
Source: GitHub Advisory Database
Blast Radius: 31.0
Published: 4 months ago
Critical
GSA_kwCzR0hTQS0yOTd4LTJxZjMtanJqM84AA4mL
Unsafe yaml deserialization in llama-hub
Ecosystems: pypi
Packages: llama-hub
Source: GitHub Advisory Database
Blast Radius: 5.9
Published: 4 months ago
Critical
GSA_kwCzR0hTQS1yaGhqLTU0MzYtOTV2Zs4AA4mM
Code execution in Embedchain
Ecosystems: pypi
Packages: embedchain
Source: GitHub Advisory Database
Blast Radius: 8.3
Published: 4 months ago
Critical
GSA_kwCzR0hTQS1jaGo3LXczZjYtY3Zmas4AA4mF
Code Injection in paddlepaddle
Ecosystems: pypi
Packages: paddlepaddle
Source: GitHub Advisory Database
Blast Radius: 31.1
Published: 4 months ago
Critical
GSA_kwCzR0hTQS05cmhxLTg2Zm0tcXhxY84AA4l0
Hard-coded credentials in org.folio:mod-data-export-spring
Ecosystems: maven
Packages: org.folio:mod-data-export-spring
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 4 months ago
Critical
GSA_kwCzR0hTQS00aHJwLW0zZjItNjQzas4AA4lt
Session fixation in Enonic XP
Ecosystems: maven
Packages: com.enonic.xp:lib-auth
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 4 months ago
Critical
GSA_kwCzR0hTQS1wZ3BqLXY4NXEtaDVmbc4AA4kU
Cross-Site Request Forgery on any API call in pyLoad may lead to admin privilege escalation
Ecosystems: pypi
Packages: pyload-ng
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 months ago
Critical
GSA_kwCzR0hTQS1xbXA5LTJ4d2otbTZtOc4AA4ie
Blind SQL injection in shopware
Ecosystems: packagist
Packages: shopware/platform, shopware/core
Source: GitHub Advisory Database
Blast Radius: 23.0
Published: 4 months ago
Critical
GSA_kwCzR0hTQS1yeGdnLTI3M3ctcmZ3N84AA4c9
Remote Code Execution vulnerability in Apache IoTDB via UDF
Ecosystems: pypi, maven
Packages: apache-iotdb, org.apache.iotdb:iotdb-core
Source: GitHub Advisory Database
Blast Radius: 5.7
Published: 4 months ago
Critical
GSA_kwCzR0hTQS1xNnc1LWpnNXEtNDd2Z84AA4bF
@clerk/nextjs auth() and getAuth() methods vulnerable to insecure direct object reference (IDOR)
Ecosystems: npm
Packages: @clerk/nextjs
Source: GitHub Advisory Database
Blast Radius: 32.8
Published: 4 months ago
Critical
GSA_kwCzR0hTQS00bXEyLWdjNGotY213Ns4AA4Y6
Django Template Engine Vulnerable to XSS
Ecosystems: go
Packages: github.com/gofiber/template/django/v3
Source: GitHub Advisory Database
Blast Radius: 6.5
Published: 4 months ago
Critical
GSA_kwCzR0hTQS14cTYyLTYyYzktMjJtZ84AA4Y2
Drupal Improper Access Control
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 36.5
Published: 4 months ago
Critical
GSA_kwCzR0hTQS13cWNjLXFmNjMtYzJ4NM4AA4Vv
WWBN AVideo Insufficient Entropy vulnerbaility
Ecosystems: packagist
Packages: wwbn/avideo
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 4 months ago
Critical
GSA_kwCzR0hTQS00NDlwLTNoODktcHc4OM4AA4Vg
Maliciously crafted Git server replies can lead to path traversal and RCE on go-git clients
Ecosystems: go
Packages: gopkg.in/src-d/go-git.v4, github.com/go-git/go-git/v5, github.com/go-git/go-git/v4
Source: GitHub Advisory Database
Blast Radius: 40.5
Published: 4 months ago
Critical
GSA_kwCzR0hTQS05N3g5LTU5cnYtcTVwbc4AA4Tl
Hyperledger Aries Cloud Agent Python result of presentation verification not checked for LDP-VC
Ecosystems: pypi
Packages: aries-cloudagent
Source: GitHub Advisory Database
Blast Radius: 14.3
Published: 4 months ago
Critical
GSA_kwCzR0hTQS1yajdwLXhqdjctNzIyOc4AA4Qj
XWiki Remote Code Execution Vulnerability via User Registration
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-administration-ui
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 4 months ago
Critical
GSA_kwCzR0hTQS1mOG1wLXg0MzMtNXdwZs4AA4Lh
Arbitrary remote code execution within `wrangler dev` Workers sandbox
Ecosystems: npm
Packages: wrangler
Source: GitHub Advisory Database
Blast Radius: 33.0
Published: 5 months ago
Critical
GSA_kwCzR0hTQS05eGc5LWhoNDUteGNtNs4AA4LL
Apache InLong Manager Remote Code Execution vulnerability
Ecosystems: maven
Packages: org.apache.inlong:manager-pojo
Source: GitHub Advisory Database
Blast Radius: 14.5
Published: 5 months ago
Critical
GSA_kwCzR0hTQS1qNWg5LTlyMzktNDNxNc4AA4K-
PaddlePaddle command injection in get_online_pass_interval
Ecosystems: pypi
Packages: PaddlePaddle
Source: GitHub Advisory Database
Blast Radius: 32.4
Published: 5 months ago
Critical
GSA_kwCzR0hTQS0zY3I1LTI0NDYtOHBnM84AA4Kt
PaddlePaddle command injection in convert_shape_compare
Ecosystems: pypi
Packages: PaddlePaddle
Source: GitHub Advisory Database
Blast Radius: 32.4
Published: 5 months ago
Critical
GSA_kwCzR0hTQS1yZjdwLTc5eHEtOHh3bc4AA4LC
PaddlePaddle command injection in _wget_download
Ecosystems: pypi
Packages: PaddlePaddle
Source: GitHub Advisory Database
Blast Radius: 32.4
Published: 5 months ago
Critical
GSA_kwCzR0hTQS13amM0LTczcTYtZ3Yzbc4AA4Ki
plotly.js prototype pollution vulnerability
Ecosystems: npm, packagist
Packages: plotly.js, plotly/plotly.js
Source: GitHub Advisory Database
Blast Radius: 47.8
Published: 5 months ago
Critical
GSA_kwCzR0hTQS00OWpwLWNnaGMtcDVwas4AA4HF
JeecgBoot server-side template injection
Ecosystems: maven
Packages: org.jeecgframework.boot:jeecg-boot-common
Source: GitHub Advisory Database
Blast Radius: 18.6
Published: 5 months ago
Critical
GSA_kwCzR0hTQS01djlyLTc4OGMtd2M4cM4AA4G-
Jeecg Boot SQL injection vulnerability
Ecosystems: maven
Packages: org.jeecgframework.boot:jeecg-boot-common
Source: GitHub Advisory Database
Blast Radius: 20.1
Published: 5 months ago
Critical
GSA_kwCzR0hTQS1mcjI5LXc2ajQtNTI1Zs4AA4HB
Jeecg Boot SQL Injection
Ecosystems: maven
Packages: org.jeecgframework.boot:jeecg-boot-common
Source: GitHub Advisory Database
Blast Radius: 20.1
Published: 5 months ago
Critical
GSA_kwCzR0hTQS14aGd4LTc5NzQtYzh2Ns4AA4C7
hyavijava stack overflow vulnerability
Ecosystems: maven
Packages: com.github:hyavijava
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 5 months ago
Critical
GSA_kwCzR0hTQS1qajkzLTM5cGYtN21jZs4AA39a
bsock uses weak hashing algorithms
Ecosystems: npm
Packages: bsock
Source: GitHub Advisory Database
Blast Radius: 20.4
Published: 5 months ago
Critical
GSA_kwCzR0hTQS01OXYzLTg5OHItcXdoas4AA37g
MLflow Server-Side Request Forgery (SSRF)
Ecosystems: pypi
Packages: mlflow
Source: GitHub Advisory Database
Blast Radius: 36.3
Published: 5 months ago
Critical
GSA_kwCzR0hTQS1oaDhwLXA4bXAtZ3Fobc4AA37i
MLFlow Path Traversal Vulnerability
Ecosystems: pypi
Packages: mlflow
Source: GitHub Advisory Database
Blast Radius: 36.3
Published: 5 months ago
Critical
GSA_kwCzR0hTQS0zODYzLTI0NDctNjY5cM4AA35m
transformers has a Deserialization of Untrusted Data vulnerability
Ecosystems: pypi
Packages: transformers
Source: GitHub Advisory Database
Blast Radius: 40.5
Published: 5 months ago
Critical
GSA_kwCzR0hTQS1qeDZxLWZxOWgtNmc3cc4AA35v
Pedroetb TTS-API OS Command Injection
Ecosystems: npm
Packages: tts-api
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 5 months ago
Critical
GSA_kwCzR0hTQS1xajg2LXA3NHItN3dwNc4AA32-
Remote code execution/programming rights with configuration section from any user account
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-administration-ui
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 5 months ago
Critical
GSA_kwCzR0hTQS1jcDNqLTI3M3gtM2p4Y84AA329
XSS/CSRF Remote Code Execution in XWiki.ConfigurableClass
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-administration-ui
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 5 months ago
Critical
GSA_kwCzR0hTQS03NjU0LXZmaDYtcnc2eM4AA328
Remote code execution from account through SearchAdmin
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-search-ui
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 5 months ago
Critical
GSA_kwCzR0hTQS1xZzQ0LXhxd2otd2MyOM4AA32H
Apache StreamPark: Authenticated system users could trigger remote command execution
Ecosystems: maven
Packages: org.apache.streampark:streampark
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 5 months ago
Critical
GSA_kwCzR0hTQS05N3J2LTg4Z2YtcGh2cs4AA3yx
Apache Dubbo: Bypass deny serialize list check in Apache Dubbo
Ecosystems: maven
Packages: org.apache.dubbo:dubbo
Source: GitHub Advisory Database
Blast Radius: 34.4
Published: 5 months ago
Critical
GSA_kwCzR0hTQS01NTR3LXhoNGotOHc2NM4AA3yh
Path traversal in MLflow
Ecosystems: pypi
Packages: mlflow
Source: GitHub Advisory Database
Blast Radius: 37.1
Published: 5 months ago
Critical
GSA_kwCzR0hTQS1jZnhoLWZyeDQtOWdqZ84AA3yd
Cross-site Scripting in @spscommerce/ds-react
Ecosystems: npm
Packages: @spscommerce/ds-react
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 5 months ago
Critical
GSA_kwCzR0hTQS1ncXZmLTNoZ3AtNWh4ds4AA3xA
Gradio Exposure of Sensitive Information to an Unauthorized Actor vulnerability
Ecosystems: pypi
Packages: gradio
Source: GitHub Advisory Database
Blast Radius: 39.1
Published: 5 months ago
Critical
GSA_kwCzR0hTQS1ncXJxLWo2cG0tOThjMs4AA3w5
External Control of File Name or Path in h2oai/h2o-3
Ecosystems: pypi
Packages: h2o
Source: GitHub Advisory Database
Blast Radius: 24.1
Published: 5 months ago
Critical
GSA_kwCzR0hTQS02bWpnLTM3Y3AtNDJ4Nc4AA3ul
Improper Privilege Management in sap-xssec
Ecosystems: pypi
Packages: sap-xssec
Source: GitHub Advisory Database
Blast Radius: 2.7
Published: 5 months ago
Critical
GSA_kwCzR0hTQS1tOHJ3LXJjcHEtMnZwMs4AA3uk
Improper Privilege Management in github.com/sap/cloud-security-client-go
Ecosystems: go
Packages: github.com/sap/cloud-security-client-go
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 5 months ago
Critical
GSA_kwCzR0hTQS01OWM5LXB4cTgtOWM3M84AA3uj
Improper JWT Signature Validation in SAP Security Services Library
Ecosystems: maven
Packages: com.sap.cloud.security.xsuaa:spring-xsuaa, com.sap.cloud.security:spring-security, com.sap.cloud.security:java-security
Source: GitHub Advisory Database
Blast Radius: 9.5
Published: 5 months ago
Critical
GSA_kwCzR0hTQS05OWpnLXIzZjQtcnB4as4AA3ss
memory overflow vulnerability in OpenEXR-viewer
Ecosystems: actions
Packages: afichet/openexr-viewer
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 5 months ago
Critical
GSA_kwCzR0hTQS1wOTloLXBmZzYtcXJmZ84AA3r0
Privilege escalation in sap-xssec
Ecosystems: pypi
Packages: sap-xssec
Source: GitHub Advisory Database
Blast Radius: 2.7
Published: 5 months ago
Critical
GSA_kwCzR0hTQS1wMnZ4LXFqNjYtODhxM84AA3rz
Escalation of privileges in @sap/xssec
Ecosystems: npm
Packages: @sap/xssec
Source: GitHub Advisory Database
Blast Radius: 26.6
Published: 5 months ago
Critical
GSA_kwCzR0hTQS05MmNnLWdocTYtOTU4N84AA3r1
Privilege escalation in sap/cloud-security-client-go
Ecosystems: go
Packages: github.com/sap/cloud-security-client-go
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 5 months ago
Critical
GSA_kwCzR0hTQS1nY2d3LXE0N20tcHJ2as4AA3r5
Improper JWT Signature Validation in SAP Security Services Library
Ecosystems: maven
Packages: com.sap.cloud.security:spring-security, com.sap.cloud.security.xsuaa:spring-xsuaa, com.sap.cloud.security:java-security
Source: GitHub Advisory Database
Blast Radius: 9.5
Published: 5 months ago
Critical
GSA_kwCzR0hTQS01bW1yLTlxeDMtM3BmOc4AA3pb
Code execution in evershop
Ecosystems: npm
Packages: @evershop/evershop
Source: GitHub Advisory Database
Blast Radius: 9.8
Published: 5 months ago
Critical
GSA_kwCzR0hTQS0yajM5LXFjam0tNDI4d84AA3mt
Apache Struts vulnerable to path traversal
Ecosystems: maven
Packages: org.apache.struts:struts2-core
Source: GitHub Advisory Database
Blast Radius: 37.2
Published: 5 months ago
Critical
GSA_kwCzR0hTQS04djh3LXY4eGctNzlyZs4AA3lB
tj-actions/branch-names's Improper Sanitization of Branch Name Leads to Arbitrary Code Injection
Ecosystems: actions
Packages: tj-actions/branch-names
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 6 months ago
Critical
GSA_kwCzR0hTQS0zN3ZxLWhyMmYtZzdoN84AA3hx
HtmlUnit vulnerable to Remote Code Execution (RCE) via XSTL
Ecosystems: maven
Packages: org.htmlunit:htmlunit
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 6 months ago
Critical
GSA_kwCzR0hTQS1ncWoyLTMyNHAtdng3M84AA3hv
Microcks contains a Server-Side Request Forgery (SSRF) via the component /jobs and /artifact/download
Ecosystems: maven
Packages: io.github.microcks:microcks
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 6 months ago
Critical
GSA_kwCzR0hTQS12d2dnLTJxODItMzhjNc4AA3hw
Solon is vulnerable to Deserialization of Untrusted Data
Ecosystems: maven
Packages: org.noear:solon
Source: GitHub Advisory Database
Blast Radius: 18.7
Published: 6 months ago
Critical
GSA_kwCzR0hTQS02cHF4LXY5ZzQtNWhjOM4AA3fC
Jupiter allows attackers to execute arbitrary commands via sending a crafted RPC request
Ecosystems: maven
Packages: org.jupiter-rpc:jupiter-rpc
Source: GitHub Advisory Database
Blast Radius: 4.7
Published: 6 months ago
Critical
GSA_kwCzR0hTQS1mZzI5LTM3cHgtYzd3bc4AA3et
RuoYi vulnerable to SQL injection vulnerability
Ecosystems: maven
Packages: com.ruoyi:ruoyi
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 6 months ago
Critical
GSA_kwCzR0hTQS04cWZtLWg4cmgtaDNyN84AA3b4
PHPMemcachedAdmin Path Traversal vulnerability
Ecosystems: packagist
Packages: elijaa/phpmemcacheadmin
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 6 months ago
Statistics
Advisories: 18,774
Packages: 8,381
Repositories: 1,300
Ecosystems: 12
Filter by Severity
Moderate 8,161 High 6,452 Critical 2,849 Low 1,017
Filter by Ecosystem
npm 953 maven 826 packagist 493 pypi 370 go 215 cargo 154 rubygems 110 nuget 49 actions 4 hex 4 swift 2
Filter by Package
magento/community-edition 34 com.fasterxml.jackson.core:jackson-databind 24 dolibarr/dolibarr 23 org.jenkins-ci.main:jenkins-core 18 net.mingsoft:ms-mcms 18 salt 17 moodle/moodle 15 drupal/core 14 topthink/framework 13 com.liferay.portal:release.portal.bom 13 com.liferay.portal:release.dxp.bom 12 org.apache.dubbo:dubbo 12 langchain 12 mlflow 12 magento/core 11 org.apache.struts:struts2-core 11 apache-airflow 10 vm2 10 drupal/drupal 10 tensorflow 9 phpmyadmin/phpmyadmin 9 org.xwiki.platform:xwiki-platform-oldcore 9 funadmin/funadmin 9 tensorflow-gpu 8 tensorflow-cpu 8 paddlepaddle 8 froxlor/froxlor 8 org.jeecgframework.boot:jeecg-boot-common 8 shopware/platform 8 rdiffweb 8 org.xwiki.platform:xwiki-platform-web-templates 8 rusqlite 7 studio-42/elfinder 7 org.xwiki.platform:xwiki-platform-administration-ui 7 sequelize 7 gogs.io/gogs 7 ansible 7 symfony/symfony 7 thorsten/phpmyfaq 6 github.com/answerdev/answer 6 github.com/argoproj/argo-cd 6 parse-server 6 aaptjs 6 ezsystems/ezpublish-kernel 6 mautic/core 5 Microsoft.ChakraCore 5 django 5 org.jenkins-ci.plugins:script-security 5 org.xwiki.platform:xwiki-platform-web 5 safe-eval 5 org.jeecgframework.boot:jeecg-boot-parent 5 org.apache.inlong:manager-pojo 5 mercurial 5 org.apache.shiro:shiro-core 5 centreon/centreon 5 zendframework/zendframework 5 org.apache.activemq:activemq-client 5 shopware/core 5 prestashop/prestashop 5 ckb 5 steal 5 org.xwiki.commons:xwiki-commons-xml 5 Pillow 5 nodebb 5 org.cloudfoundry.identity:cloudfoundry-identity-server 4 github.com/grafana/grafana 4 nukeviet/nukeviet 4 github.com/argoproj/argo-cd/v2 4 org.apache.kylin:kylin-server-base 4 openssl-src 4 org.apache.tapestry:tapestry-core 4 baserproject/basercms 4 org.xwiki.platform:xwiki-platform-appwithinminutes-ui 4 librenms/librenms 4 pyload-ng 4 apache-airflow-providers-apache-hive 4 PaddlePaddle 4 net.opentsdb:opentsdb 4 feehi/cms 4 calibreweb 4 contao/core-bundle 4 spree_auth_devise 4 org.xwiki.platform:xwiki-platform-flamingo-skin-resources 4 swagger-ui 4 org.apache.tomcat.embed:tomcat-embed-core 4 safer-eval 4 github.com/hashicorp/vault 4 org.eclipse.jetty:jetty-server 4 github.com/usememos/memos 4 code.gitea.io/gitea 4 org.jeecgframework.boot:jeecg-boot-base-core 4 smallvec 4 hermes-engine 4 org.apache.openmeetings:openmeetings-parent 4 messagepack-rs 4 org.apache.inlong:manager-service 4 contao/contao 4 Django 4 realms-shim 4 nilsteampassnet/teampass 4 codeigniter4/framework 3 org.apache.logging.log4j:log4j-core 3 showdoc/showdoc 3 lmdb 3 org.jenkins-ci.plugins:active-directory 3 github.com/dexidp/dex 3 org.xwiki.platform:xwiki-platform-icon-ui 3 zendframework/zendframework1 3 org.apache.storm:storm 3 github.com/rancher/rancher 3 org.xwiki.platform:xwiki-platform-search-ui 3 org.apache.dolphinscheduler:dolphinscheduler 3 typo3/cms 3 org.apache.ignite:ignite-core 3 org.apache.inlong:manager-web 3 com.hazelcast:hazelcast 3 modoboa 3 log4j:log4j 3 org.zenframework.z8.dependencies.commons:log4j-1.2.17 3 id-map 3 tribalsystems/zenario 3 @openzeppelin/contracts-upgradeable 3 pimcore/pimcore 3 org.xwiki.platform:xwiki-platform-panels-ui 3 nvflare 3 org.xwiki.platform:xwiki-platform-flamingo-theme-ui 3 org.jeecgframework.boot:jeecg-boot-base 3 slp-validate 3 org.keycloak:keycloak-core 3 ro.pippo:pippo-core 3 facade/ignition 3 symfony/security 3 edu.stanford.nlp:stanford-corenlp 3 com.jflyfox:jflyfox_jfinal 3 symfony/security-core 3 com.alibaba:dubbo 3 ezsystems/ezplatform-kernel 3 org.apache.hadoop:hadoop-common 3 jsrsasign 3 codeigniter/framework 3 impresscms/impresscms 3 github.com/go-gitea/gitea 3 simplesamlphp/simplesamlphp 3 nokogiri 3 org.apache.any23:apache-any23 3 org.apache.linkis:linkis 3 craftcms/cms 3 handlebars 3 smarty/smarty 3 rubygems-update 3 io.dataease:dataease-plugin-common 3 org.jenkins-ci.plugins.workflow:workflow-cps 3 github.com/pterodactyl/wings 3 org.apache.ozone:ozone-main 3 adodb/adodb-php 3 slpjs 3 strapi 3 cobbler 3 dompdf/dompdf 3 org.springframework.security:spring-security-core 3 browserify-shim 3 org.apache.jmeter:ApacheJMeter 3 actix-web 3 ibexa/core 3 mongoose 3 io.undertow:undertow-core 3 org.apache.solr:solr-parent 3 xcb 3 phpmailer/phpmailer 3 org.apache.solr:solr-core 3 elefant/cms 3 org.richfaces:richfaces-core 3 francoisjacquet/rosariosis 3 ray 3 github.com/hashicorp/nomad 3 publify_core 3 feathers-sequelize 3 codiad/codiad 3 alextselegidis/easyappointments 2 eslint-config-eslint 2 github.com/beego/beego 2 github.com/beego/beego/v2 2 mysql2 2 org.xwiki.platform:xwiki-platform-attachment-ui 2 org.apache.flume.flume-ng-sources:flume-jms-source 2 llama-index 2 Radicale 2 github.com/russellhaering/gosaml2 2 laravel/framework 2 org.keycloak:keycloak-services 2 com.hazelcast.jet:hazelcast-jet 2 org.apache.derby:derby 2 cn.hutool:hutool-all 2 org.apache.inlong:manager-dao 2 @keystone-6/core 2 joplin 2 ctx 2 org.xwiki.platform:xwiki-platform-administration 2 org.xwiki.platform:xwiki-platform-distribution-war 2 org.jenkins-ci.plugins:semantic-versioning-plugin 2
Filter by Repository
https://github.com/xwiki/xwiki-platform 81 https://github.com/FasterXML/jackson-databind 24 https://github.com/jenkinsci/jenkins 17 https://github.com/Dolibarr/dolibarr 15 https://github.com/apache/airflow 14 https://github.com/saltstack/salt 14 https://github.com/mlflow/mlflow 11 https://github.com/PaddlePaddle/Paddle 11 https://github.com/ming-soft/MCMS 10 https://github.com/patriksimek/vm2 10 https://github.com/funadmin/funadmin 9 https://github.com/jeecgboot/jeecg-boot 9 https://github.com/tensorflow/tensorflow 9 https://github.com/django/django 9 https://github.com/top-think/framework 9 https://github.com/langchain-ai/langchain 8 https://github.com/magento/magento2 8 https://github.com/ikus060/rdiffweb 8 https://github.com/apache/inlong 8 https://github.com/argoproj/argo-cd 7 https://github.com/Studio-42/elFinder 7 https://github.com/python-pillow/Pillow 7 https://github.com/gogs/gogs 7 https://github.com/go-gitea/gitea 7 https://github.com/ansible/ansible 7 https://github.com/sequelize/sequelize 7 https://github.com/rusqlite/rusqlite 7 https://github.com/apache/struts 7 https://github.com/thorsten/phpmyfaq 6 https://github.com/shopware/platform 6 https://github.com/shenzhim/aaptjs 6 https://github.com/parse-community/parse-server 6 https://github.com/symfony/symfony 6 https://github.com/xwiki/xwiki-commons 6 https://github.com/answerdev/answer 6 https://github.com/apache/tomcat 5 https://github.com/solidusio/solidus_auth_devise 5 https://github.com/PrestaShop/PrestaShop 5 https://github.com/nervosnetwork/ckb 5 https://github.com/froxlor/froxlor 5 https://github.com/NodeBB/NodeBB 5 https://github.com/apache/activemq 5 https://github.com/dromara/hutool 5 https://github.com/keycloak/keycloak 5 https://github.com/hacksparrow/safe-eval 5 https://github.com/moodle/moodle 5 https://github.com/stealjs/steal 5 https://github.com/swagger-api/swagger-ui 4 https://github.com/hwchase17/langchain 4 https://github.com/OpenTSDB/opentsdb 4 https://github.com/janeczku/calibre-web 4 https://github.com/otake84/messagepack-rs 4 https://github.com/cloudfoundry/uaa 4 https://github.com/pippo-java/pippo 4 https://github.com/usememos/memos 4 https://github.com/contao/contao 4 https://github.com/dompdf/dompdf 4 https://github.com/spring-projects/spring-framework 4 https://github.com/ezsystems/ezpublish-kernel 4 https://github.com/servo/rust-smallvec 4 https://github.com/grafana/grafana 4 https://github.com/liufee/cms 4 https://github.com/pyload/pyload 4 https://github.com/CVEProject/cvelist 4 https://github.com/centreon/centreon-archived 3 https://github.com/shopware/shopware 3 https://github.com/modoboa/modoboa 3 https://github.com/PHPMailer/PHPMailer 3 https://github.com/publify/publify 3 https://github.com/facade/ignition 3 https://github.com/feathersjs-ecosystem/feathers-sequelize 3 https://github.com/ImpressCMS/impresscms 3 https://github.com/star7th/showdoc 3 https://github.com/thlorenz/browserify-shim 3 https://github.com/cobbler/cobbler 3 https://github.com/opencast/opencast 3 https://github.com/pimcore/pimcore 3 https://github.com/smarty-php/smarty 3 https://github.com/rancher/rancher 3 https://github.com/facebook/hermes 3 https://github.com/craftcms/cms 3 https://github.com/nukeviet/nukeviet 3 https://github.com/ezsystems/ezplatform-kernel 3 https://github.com/hazelcast/hazelcast 3 https://github.com/jflyfox/jfinal_cms 3 https://github.com/simpleledger/slpjs 3 https://github.com/phpmyadmin/phpmyadmin 3 https://github.com/crewjam/saml 3 https://github.com/chakra-core/ChakraCore 3 https://github.com/dataease/dataease 3 https://github.com/NVIDIA/NVFlare 3 https://github.com/ibexa/core 3 https://github.com/ADOdb/ADOdb 3 https://github.com/rubygems/rubygems.org 3 https://github.com/andrewhickman/id-map 3 https://github.com/rubygems/rubygems 3 https://github.com/twisted/twisted 3 https://github.com/apache/camel 3 https://github.com/actix/actix-web 3 https://github.com/pterodactyl/wings 3 https://github.com/dwisiswant0/advisory 3 https://github.com/run-llama/llama_index 3 https://github.com/jbroadway/elefant 3 https://github.com/strapi/strapi 3 https://github.com/octobercms/october 3 https://github.com/denoland/deno 3 https://github.com/mautic/mautic 3 https://github.com/TeamSeri0us/pocs 3 https://github.com/github/securitylab 3 https://github.com/baserproject/basercms 3 https://github.com/dexidp/dex 3 https://github.com/LetianYuan/My-CVE-Public-References 3 https://github.com/neorazorx/facturascripts 3 https://github.com/apache/shiro 3 https://github.com/kjur/jsrsasign 3 https://github.com/mbechler/marshalsec 3 https://github.com/jmrozanec/cron-utils 2 https://github.com/sjep/array 2 https://github.com/pytorch/serve 2 https://github.com/OpenAPITools/openapi-generator 2 https://github.com/jfinal/jfinal 2 https://github.com/simpleledger/slp-validate.js 2 https://github.com/top-think/thinkphp 2 https://github.com/SAP/cloud-pysec 2 https://github.com/apache/kylin 2 https://github.com/TribalSystems/Zenario 2 https://github.com/totaljs/framework 2 https://github.com/stanfordnlp/corenlp 2 https://github.com/HtmlUnit/htmlunit 2 https://github.com/ahdinosaur/set-in 2 https://github.com/kubernetes/kubernetes 2 https://github.com/Microsoft/ChakraCore 2 https://github.com/MrSwitch/hello.js 2 https://github.com/ibexa/admin-ui 2 https://github.com/evmos/evmos 2 https://github.com/beego/beego 2 https://github.com/dominictarr/libnested 2 https://github.com/fluxcd/flux2 2 https://github.com/moby/buildkit 2 https://github.com/unshiftio/url-parse 2 https://github.com/sidorares/node-mysql2 2 https://github.com/noear/solon 2 https://github.com/h2database/h2database 2 https://github.com/firebase/php-jwt 2 https://github.com/netvl/acc_reader 2 https://github.com/rubyzip/rubyzip 2 https://github.com/russellhaering/gosaml2 2 https://github.com/jenkinsci/semantic-versioning-plugin 2 https://github.com/rest-client/rest-client 2 https://github.com/hashicorp/go-getter 2 https://github.com/qcubed/qcubed 2 https://github.com/nats-io/jwt 2 https://github.com/getgrav/grav 2 https://github.com/rochacbruno/quokka 2 https://github.com/graphite-project/graphite-web 2 https://github.com/rails/rails 2 https://github.com/uasoft-indonesia/badaso 2 https://github.com/apache/flume 2 https://github.com/Froxlor/Froxlor 2 https://github.com/TogaTech/tEnvoy 2 https://github.com/PowerJob/PowerJob 2 https://github.com/Gerapy/Gerapy 2 https://github.com/rust-random/rand 2 https://github.com/hashicorp/nomad 2 https://github.com/vert-x3/vertx-web 2 https://github.com/apache/karaf 2 https://github.com/simplesamlphp/simplesamlphp 2 https://github.com/nilsteampassnet/teampass 2 https://github.com/sparklemotion/nokogiri 2 https://github.com/laurent22/joplin 2 https://gitlab.com/francoisjacquet/rosariosis 2 https://github.com/dominictarr/event-stream 2 https://github.com/KnpLabs/snappy 2 https://github.com/apache/incubator-streampark 2 https://github.com/SAP/cloud-security-services-integration-library 2 https://github.com/skoranga/node-dns-sync 2 https://github.com/commenthol/safer-eval 2 https://github.com/SAP/cloud-security-client-go 2 https://github.com/dfinity/agent-js 2 https://github.com/jaw187/node-traceroute 2 https://github.com/WWBN/AVideo 2 https://github.com/markevans/dragonfly 2 https://github.com/soketi/soketi 2 https://github.com/nilsteampassnet/TeamPass 2 https://github.com/line/armeria 2 https://github.com/gofiber/fiber 2 https://github.com/joomla/joomla-cms 2 https://github.com/OpenZeppelin/openzeppelin-contracts-upgradeable 2 https://github.com/benbusby/whoogle-search 2 https://github.com/google/flatbuffers 2 https://github.com/gventuri/pandas-ai 2 https://github.com/nodejs/llhttp 2 https://github.com/zoujingli/ThinkAdmin 2 https://github.com/Automattic/mongoose 2 https://github.com/handlebars-lang/handlebars.js 2 https://github.com/hashicorp/vault 2 https://github.com/ionicabizau/parse-url 2 https://github.com/cockpit-hq/cockpit 2 https://github.com/keystonejs/keystone 2