Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Critical Security Advisories

Loading...
Critical
GSA_kwCzR0hTQS03N2pnLWNwdzktNzN2Z84AA3bl
Apache Cocoon Improper Restriction of XML External Entity Reference vulnerability
Ecosystems: maven
Packages: org.apache.cocoon:cocoon
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 6 months ago
Critical
GSA_kwCzR0hTQS04djR3LWpyMzMtNHJoM84AA3bY
Apache Cocoon SQL Injection vulnerability
Ecosystems: maven
Packages: org.apache.cocoon:cocoon
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 6 months ago
Critical
GSA_kwCzR0hTQS1wOHEzLWg2NTItNjV2eM4AA3a2
October CMS safe mode bypass using Twig sandbox escape
Ecosystems: packagist
Packages: october/system
Source: GitHub Advisory Database
Blast Radius: 23.0
Published: 6 months ago
Critical
GSA_kwCzR0hTQS1mcHZ3LTZtNXYtaHFmcM4AA3W4
Capsule Proxy Authentication bypass using an empty token
Ecosystems: go
Packages: github.com/clastix/capsule-proxy, github.com/projectcapsule/capsule-proxy
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 6 months ago
Critical
GSA_kwCzR0hTQS05ampjLWdyZzUtNjdnas4AA3W2
SQL injection vulnerability in Meshery
Ecosystems: go
Packages: github.com/layer5io/meshery
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 6 months ago
Critical
GSA_kwCzR0hTQS03NXcyLXF2NTUteDdmds4AA3We
openssl npm package vulnerable to command execution
Ecosystems: npm
Packages: openssl
Source: GitHub Advisory Database
Blast Radius: 24.3
Published: 6 months ago
Critical
GSA_kwCzR0hTQS12NWdqLWZ4M2ctaGNwd84AA3TT
SQL injection in Apache Submarine
Ecosystems: pypi
Packages: apache-submarine
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
Critical
GSA_kwCzR0hTQS04anByLWZmOTItaHBmOc4AA3RO
Run Shell Command allows Cross-Site Request Forgery
Ecosystems: maven
Packages: org.xwiki.contrib:xwiki-application-admintools
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 6 months ago
Critical
GSA_kwCzR0hTQS03cmZnLTYyNzMtZjV3cM4AA3RM
Cookies are sent to external images in rendered diff (and server side request forgery)
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-diff-xml
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 6 months ago
Critical
GSA_kwCzR0hTQS1yY2pjLWM0cGoteHhycM4AA3Qr
Apache Derby: LDAP injection vulnerability in authenticator
Ecosystems: maven
Packages: org.apache.derby:derby
Source: GitHub Advisory Database
Blast Radius: 42.6
Published: 6 months ago
Critical
GSA_kwCzR0hTQS04aGNyLTV4MmctOWY3as4AA3Qs
Deserialization of Untrusted Data in apache-submarine
Ecosystems: pypi
Packages: apache-submarine
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
Critical
GSA_kwCzR0hTQS14NTYzLTZocXYtMjZtcs4AA3P0
Ibis PyArrow dependency allows arbitrary code execution when loading a malicious data file
Ecosystems: pypi
Packages: ibis-framework
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
Critical
GSA_kwCzR0hTQS12MzJtLXBmOXEtcDN4Z84AA3PR
Liferay Portal XSS with `p_l_back_url_title` on edit content page
Ecosystems: maven
Packages: com.liferay.portal:release.portal.bom
Source: GitHub Advisory Database
Blast Radius: 14.7
Published: 6 months ago
Critical
GSA_kwCzR0hTQS00cXE1LW14eHgtbTZnZ84AA3Oh
MLflow authentication requirement bypass can allow a user to arbitrarily create an account
Ecosystems: pypi
Packages: mlflow
Source: GitHub Advisory Database
Blast Radius: 33.7
Published: 6 months ago
Critical
GSA_kwCzR0hTQS02Y3hyLThxM20tandycs4AA3Oe
Ray Missing Authorization vulnerability
Ecosystems: pypi
Packages: ray
Source: GitHub Advisory Database
Blast Radius: 33.1
Published: 6 months ago
Critical
GSA_kwCzR0hTQS01cDNoLTdmd2gtOTJyY84AA3OR
Remote Code Execution due to Full Controled File Write in mlflow
Ecosystems: pypi
Packages: mlflow
Source: GitHub Advisory Database
Blast Radius: 37.1
Published: 6 months ago
Critical
GSA_kwCzR0hTQS1mNzk4LXFtNHItMjNyNc4AA3ON
MLflow allowed arbitrary files to be PUT onto the server
Ecosystems: pypi
Packages: mlflow
Source: GitHub Advisory Database
Blast Radius: 37.1
Published: 6 months ago
Critical
GSA_kwCzR0hTQS02bXY4LTk1eDUteGNxOc4AA3OV
H2O local file inclusion vulnerability
Ecosystems: maven
Packages: ai.h2o:h2o-core
Source: GitHub Advisory Database
Blast Radius: 14.9
Published: 6 months ago
Critical
GSA_kwCzR0hTQS0zcHd3LXF2cjgtNm1ocM4AA3N9
Ray Path Traversal vulnerability
Ecosystems: pypi
Packages: ray
Source: GitHub Advisory Database
Blast Radius: 33.1
Published: 6 months ago
Critical
GSA_kwCzR0hTQS1oM3hnLXd2NTgtNXA0M84AA3OI
Ray OS Command Injection vulnerability
Ecosystems: pypi
Packages: ray
Source: GitHub Advisory Database
Blast Radius: 34.9
Published: 6 months ago
Critical
GSA_kwCzR0hTQS14cTU5LTdqZjMtcmpjNs4AA3C2
piccolo SQL Injection via named transaction savepoints
Ecosystems: pypi
Packages: piccolo
Source: GitHub Advisory Database
Blast Radius: 16.6
Published: 6 months ago
Critical
GSA_kwCzR0hTQS00amNoLThxcTUtaHFnNs4AA3CO
Froxlor Improper Input Validation vulnerability
Ecosystems: packagist
Packages: froxlor/froxlor
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 6 months ago
Critical
GSA_kwCzR0hTQS1mNDc1LXg4M20tcng1bc4AA3Ax
Label Studio has Hardcoded Django `SECRET_KEY` that can be Abused to Forge Session Tokens
Ecosystems: pypi
Packages: label-studio
Source: GitHub Advisory Database
Blast Radius: 15.6
Published: 6 months ago
Critical
GSA_kwCzR0hTQS01d3ZwLTdmM2gtNndtbc4AA3Am
PyArrow: Arbitrary code execution when loading a malicious data file
Ecosystems: pypi
Packages: pyarrow
Source: GitHub Advisory Database
Blast Radius: 42.9
Published: 6 months ago
Critical
GSA_kwCzR0hTQS1qOXJjLXczd3YtZnY2Ms4AA2_R
XWiki Platform vulnerable to reflected cross-site scripting through revision parameter in content menu
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-flamingo-skin-resources
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 6 months ago
Critical
GSA_kwCzR0hTQS02MnByLXFxZjctaGg4Oc4AA2_Q
XWiki Platform vulnerable to remote code execution through the section parameter in Administration as guest
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-administration, org.xwiki.platform:xwiki-platform-administration-ui
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 6 months ago
Critical
GSA_kwCzR0hTQS1ybXh3LWM0OGgtMnZmNc4AA2-Y
XWiki Platform privilege escalation from script right to programming right through title displayer
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-display-api
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 6 months ago
Critical
GSA_kwCzR0hTQS1oZ3B3LTZwNGgtajZoNc4AA2-W
XWiki Platform vulnerable to remote code execution via the edit action because it lacks CSRF token
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-oldcore
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 6 months ago
Critical
GSA_kwCzR0hTQS03Y3JjLXIzd2ctY2ZnZs4AA26r
Json response for search reveals Solr credentials
Ecosystems: packagist
Packages: ezsystems/ezplatform-solr-search-engine
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 7 months ago
Critical
GSA_kwCzR0hTQS12NnhwLWNjdngtdzUybc4AA26q
Json response for search reveals Solr credentials
Ecosystems: packagist
Packages: ibexa/solr
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 7 months ago
Critical
GSA_kwCzR0hTQS13OWNwLTN4NzktMnA4cM4AA23u
transmute-core unsafe YAML deserialization vulnerability
Ecosystems: pypi
Packages: transmute-core
Source: GitHub Advisory Database
Blast Radius: 8.9
Published: 7 months ago
Critical
GSA_kwCzR0hTQS1xNzRmLXJmMjctOGh4Y84AA2zZ
OpenCRX allows a remote attacker to execute arbitrary code via a crafted request
Ecosystems: maven
Packages: org.opencrx:opencrx-client
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 months ago
Critical
GSA_kwCzR0hTQS1jcmc5LTQ0aDIteHczNc4AA2vl
Apache ActiveMQ is vulnerable to Remote Code Execution
Ecosystems: maven
Packages: org.apache.activemq:activemq-openwire-legacy, org.apache.activemq:activemq-client
Source: GitHub Advisory Database
Blast Radius: 38.1
Published: 7 months ago
Critical
GSA_kwCzR0hTQS14d2NxLXBtOG0tYzR2Zs4AA2sP
crypto-js PBKDF2 1,000 times weaker than specified in 1993 and 1.3M times weaker than current standard
Ecosystems: npm
Packages: crypto-js
Source: GitHub Advisory Database
Blast Radius: 47.5
Published: 7 months ago
Critical
GSA_kwCzR0hTQS1tcGo4LXEzOXgtd3E1aM4AA2sN
crypto-es PBKDF2 1,000 times weaker than specified in 1993 and 1.3M times weaker than current standard
Ecosystems: npm
Packages: crypto-es
Source: GitHub Advisory Database
Blast Radius: 28.8
Published: 7 months ago
Critical
GSA_kwCzR0hTQS05M2doLWpnamotcjkyOc4AA2sM
XWiki Platform vulnerable to XSS with edit right in the create document form for existing pages
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-web, org.xwiki.platform:xwiki-platform-web-templates
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 months ago
Critical
GSA_kwCzR0hTQS1xY2o5LWdjcGctNHcyd84AA2sL
XWiki Platform web templates vulnerable to reflected XSS in the create document form if name validation is enabled
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-web-templates
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 months ago
Critical
GSA_kwCzR0hTQS1naGY2LTJmNDItbWpoOc4AA2sK
XWiki users can be tricked to execute scripts as the create page action doesn't display the page's title
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-web, org.xwiki.platform:xwiki-platform-web-templates
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 months ago
Critical
GSA_kwCzR0hTQS1ncjgyLThmajItZ2djM84AA2sJ
XWiki Platform XSS vulnerability from account in the create page form via template provider
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-web, org.xwiki.platform:xwiki-web-standard, org.xwiki.platform:xwiki-platform-web-templates
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 months ago
Critical
GSA_kwCzR0hTQS12Y3ZyLXY0MjYtM20zbc4AA2sI
org.xwiki.platform:xwiki-platform-office-importer vulnerable to arbitrary server side file writing from account through office converter
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-office-importer
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 months ago
Critical
GSA_kwCzR0hTQS02NjN3LTJ4cDMtNTczOc4AA2sD
org.xwiki.rendering:xwiki-rendering-xml Improper Neutralization of Invalid Characters in Identifiers in Web Pages vulnerability
Ecosystems: maven
Packages: org.xwiki.rendering:xwiki-rendering-xml
Source: GitHub Advisory Database
Blast Radius: 6.8
Published: 7 months ago
Critical
GSA_kwCzR0hTQS01NGY2LTlteDktODZmN84AA2pn
SaToken privilege escalation vulnerability
Ecosystems: maven
Packages: cn.dev33:sa-token-core
Source: GitHub Advisory Database
Blast Radius: 19.9
Published: 7 months ago
Critical
GSA_kwCzR0hTQS0zajJmLTU4cnEtZzZwN84AA2o5
Sureness uses hardcoded key
Ecosystems: maven
Packages: com.usthe.sureness:sureness-core
Source: GitHub Advisory Database
Blast Radius: 10.9
Published: 7 months ago
Critical
GSA_kwCzR0hTQS04aDV3LWY2cTktd2czNc4AA2mm
Langchain SQL Injection vulnerability
Ecosystems: pypi
Packages: langchain
Source: GitHub Advisory Database
Blast Radius: 41.9
Published: 7 months ago
Critical
GSA_kwCzR0hTQS1wcWdtLTlnODItd2NtN84AA2mf
modoboa Cross-site Scripting vulnerability
Ecosystems: pypi
Packages: modoboa
Source: GitHub Advisory Database
Blast Radius: 11.8
Published: 7 months ago
Critical
GSA_kwCzR0hTQS00M2Z3LTUzNmotdzM3as4AA2kO
Yamcs API Directory Traversal vulnerability
Ecosystems: maven
Packages: org.yamcs:yamcs
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 months ago
Critical
GSA_kwCzR0hTQS03cDkyLXg0MjMtdndqNs4AA2gZ
Plonk verifier KZG multi point verification
Ecosystems: go
Packages: github.com/consensys/gnark
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 7 months ago
Critical
GSA_kwCzR0hTQS1yYzR2LTk5Y3ItcGpjbc4AA2gY
Prototype Pollution in ali-security/mongoose
Ecosystems: npm
Packages: @seal-security/mongoose-fixed
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 months ago
Critical
GSA_kwCzR0hTQS1oMnJtLTI5Y2gtd2ZtaM4AA2gS
XWiki Identity Oauth Privilege escalation (PR)/remote code execution from login screen through unescaped URL parameter
Ecosystems: maven
Packages: com.xwiki.identity-oauth:identity-oauth-ui
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 months ago
Critical
GSA_kwCzR0hTQS05NHc5LTk3cDMtcDM2OM4AA2gP
CSRF Token Reuse Vulnerability
Ecosystems: go
Packages: github.com/gofiber/fiber/v2
Source: GitHub Advisory Database
Blast Radius: 35.7
Published: 7 months ago
Critical
GSA_kwCzR0hTQS1mNzc2LXc5djItN3Zmas4AA2fh
XWiki Change Request Application UI XSS and remote code execution through change request title
Ecosystems: maven
Packages: org.xwiki.contrib.changerequest:application-changerequest-ui
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 months ago
Critical
GSA_kwCzR0hTQS1odjc5LXA2MnItd2czcM4AA2eZ
Cachet vulnerable to Authenticated Remote Code Execution
Ecosystems: packagist
Packages: cachethq/cachet
Source: GitHub Advisory Database
Blast Radius: 7.7
Published: 7 months ago
Critical
GSA_kwCzR0hTQS02N2h4LTZ4NTMtanc5Ms4AA2eW
Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code
Ecosystems: npm
Packages: babel-traverse, @babel/traverse
Source: GitHub Advisory Database
Blast Radius: 62.6
Published: 7 months ago
Critical
GSA_kwCzR0hTQS1ycDZ4LWdndzYtOGc1Ns4AA2do
Authorization Bypass in Apache InLong
Ecosystems: maven
Packages: org.apache.inlong:manager-pojo
Source: GitHub Advisory Database
Blast Radius: 14.5
Published: 7 months ago
Critical
GSA_kwCzR0hTQS1tcTI5LWo1eGYtY2p3cs4AA2cZ
pyminizip affected by zlib's integer overflow/heap based buffer overflow vulnerability due to vulnerable dependency
Ecosystems: pypi
Packages: pyminizip
Source: GitHub Advisory Database
Blast Radius: 21.2
Published: 7 months ago
Critical
GSA_kwCzR0hTQS13MzVwLXd4d2otcmNtOc4AA2bq
Server-Side Request Forgery (SSRF) in vriteio/vrite
Ecosystems: npm
Packages: @vrite/sdk
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 7 months ago
Critical
GSA_kwCzR0hTQS03Mjg2LXBnZnYtdnh2aM4AA2YZ
Authorization Bypass Through User-Controlled Key vulnerability in Apache ZooKeeper
Ecosystems: maven
Packages: org.apache.zookeeper:zookeeper
Source: GitHub Advisory Database
Blast Radius: 41.3
Published: 7 months ago
Critical
GSA_kwCzR0hTQS1nampyLTYzeDQtdjhjcc4AA2Tu
langchain_experimental vulnerable to arbitrary code execution via PALChain in the python exec method
Ecosystems: pypi
Packages: langchain-experimental
Source: GitHub Advisory Database
Blast Radius: 22.7
Published: 7 months ago
Critical
GSA_kwCzR0hTQS04cjZqLXY4cG0tZnF3M84AA2SB
Code injection in fsevents
Ecosystems: npm
Packages: fsevents
Source: GitHub Advisory Database
Blast Radius: 65.9
Published: 8 months ago
Critical
GSA_kwCzR0hTQS02MjJoLWgycDgtNzQzeM4AA2R2
JWT token compromise can allow malicious actions including Remote Code Execution (RCE)
Ecosystems: go
Packages: github.com/neuvector/neuvector
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 8 months ago
Critical
GSA_kwCzR0hTQS0yODltLTI5NjQtZjhxNc4AA2Rv
Puppet Bolt privilege escalation vulnerability
Ecosystems: rubygems
Packages: bolt
Source: GitHub Advisory Database
Blast Radius: 27.3
Published: 8 months ago
Critical
GSA_kwCzR0hTQS03eHZjLXY0NGotNDZmaM4AA2RG
geokit-rails Command Injection vulnerability
Ecosystems: rubygems
Packages: geokit-rails
Source: GitHub Advisory Database
Blast Radius: 29.8
Published: 8 months ago
Critical
GSA_kwCzR0hTQS04ZnhyLXFmcjktcDM0d84AA2Lz
TorchServe Server-Side Request Forgery vulnerability
Ecosystems: pypi
Packages: torchserve
Source: GitHub Advisory Database
Blast Radius: 20.3
Published: 8 months ago
Critical
GSA_kwCzR0hTQS00bXFnLWg1amYtajltN84AA2Ly
TorchServe Pre-Auth Remote Code Execution
Ecosystems: pypi
Packages: torchserve
Source: GitHub Advisory Database
Blast Radius: 20.8
Published: 8 months ago
Critical
GSA_kwCzR0hTQS01OHY3LTU4YzItcXdtOc4AA2Jv
phpMyFAQ Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: thorsten/phpmyfaq
Source: GitHub Advisory Database
Blast Radius: 5.5
Published: 8 months ago
Critical
GSA_kwCzR0hTQS1wcDR3LWc1cDQtODVwMs4AA2Jz
phpMyFAQ Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: thorsten/phpmyfaq
Source: GitHub Advisory Database
Blast Radius: 5.4
Published: 8 months ago
Critical
GSA_kwCzR0hTQS1yanFnLTNoOW0tZng1eM4AA2IQ
Cache poisoning in drupal/core
Ecosystems: packagist
Packages: drupal/core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 8 months ago
Critical
GSA_kwCzR0hTQS05eGZxLThqM3IteHA1Z84AA2Hb
Consensys gnark-crypto allows Signature Malleability
Ecosystems: go
Packages: github.com/Consensys/gnark-crypto
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 8 months ago
Critical
GSA_kwCzR0hTQS1yNWhtLW1wM2otMjg1Z84AA2C4
sing-box vulnerable to improper authentication in the SOCKS inbound
Ecosystems: go
Packages: github.com/sagernet/sing, github.com/sagernet/sing-box
Source: GitHub Advisory Database
Blast Radius: 23.7
Published: 8 months ago
Critical
GSA_kwCzR0hTQS02Nm0yLTQ5M20tY3JoMs4AA2CV
Searchor CLI's Search vulnerable to Arbitrary Code using Eval
Ecosystems: pypi
Packages: searchor
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 8 months ago
Critical
GSA_kwCzR0hTQS14N20zLWpwcmctd2M1Z84AA2Bl
Gevent allows remote attacker to escalate privileges
Ecosystems: pypi
Packages: gevent
Source: GitHub Advisory Database
Blast Radius: 44.7
Published: 8 months ago
Critical
GSA_kwCzR0hTQS1yd2h4LTZoeDctcHFjOM4AA2As
SQL injection in jeecgboot
Ecosystems: maven
Packages: org.jeecgframework.boot:jeecg-boot-common
Source: GitHub Advisory Database
Blast Radius: 20.1
Published: 8 months ago
Critical
GSA_kwCzR0hTQS1wNDZnLThjM3EtODlwMs4AA2AM
FUXA SQL Injection vulnerability
Ecosystems: npm
Packages: fuxa-server
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 8 months ago
Critical
GSA_kwCzR0hTQS1neDZyLXFjMnYtM3Azds4AA1_3
systeminformation SSID Command Injection Vulnerability
Ecosystems: npm
Packages: systeminformation
Source: GitHub Advisory Database
Blast Radius: 41.2
Published: 8 months ago
Critical
GSA_kwCzR0hTQS1qNjQ2LWdqNXAtcDQ1Z84AA1_1
CefSharp affected by heap buffer overflow in WebP
Ecosystems: nuget
Packages: CefSharp.Common.NETCore, CefSharp.Common
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 8 months ago
Critical
GSA_kwCzR0hTQS12NXdmLWpnMzctcjltNc4AA1_y
SQLpage vulnerable to public exposure of database credentials
Ecosystems: cargo
Packages: sqlpage
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 8 months ago
Critical
GSA_kwCzR0hTQS03Y2ZxLTcydzItMjRxNM4AA1_W
Yii2 allows attackers to execute any local .php file via a relative path in the view parameter
Ecosystems: packagist
Packages: yiisoft/yii2
Source: GitHub Advisory Database
Blast Radius: 44.4
Published: 8 months ago
Critical
GSA_kwCzR0hTQS1wajk4LTJ4ZjYtY2ZmNc4AA19n
ReportLab vulnerable to remote code execution via paraparser
Ecosystems: pypi
Packages: reportlab
Source: GitHub Advisory Database
Blast Radius: 40.5
Published: 8 months ago
Critical
GSA_kwCzR0hTQS02MndmLWgyNnYtNW01N84AA19I
Cross Site Scripting vulnerability in Dolibarr ERP CRM
Ecosystems: packagist
Packages: dolibarr/dolibarr
Source: GitHub Advisory Database
Blast Radius: 7.5
Published: 8 months ago
Critical
GSA_kwCzR0hTQS12OTJmLWp4NnAtNzNyeM4AA18p
Improper Control of Generation of Code ('Code Injection') in jai-ext
Ecosystems: maven
Packages: it.geosolutions.jaiext.jiffle:jt-jiffle-language, it.geosolutions.jaiext.jiffle:jt-jiffle
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 8 months ago
Critical
GSA_kwCzR0hTQS12cGpjLTRqY3YtamMyOc4AA17t
NATS nats-server allows directory traversal via unintended path to a management action
Ecosystems: go
Packages: github.com/nats-io/nats-server
Source: GitHub Advisory Database
Blast Radius: 22.6
Published: 8 months ago
Critical
GSA_kwCzR0hTQS1yODdxLWZxMzctcHZyNs4AA17X
A remote command execution (RCE) vulnerability in the /api/runscript endpoint of FUXA
Ecosystems: npm
Packages: @frangoteam/fuxa
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 8 months ago
Critical
GSA_kwCzR0hTQS00dzhyLTN4cnctdjI1Z84AA12q
Craft CMS Remote Code Execution vulnerability
Ecosystems: packagist
Packages: craftcms/cms
Source: GitHub Advisory Database
Blast Radius: 34.4
Published: 8 months ago
Critical
GSA_kwCzR0hTQS1wM3I1LXgzaHItZ3BnNc4AA10e
OpenRefine Remote Code execution in project import with mysql jdbc url attack
Ecosystems: maven
Packages: org.openrefine:database
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 8 months ago
Critical
GSA_kwCzR0hTQS1md3IyLTY0dnIteHY5bc4AA1yv
Argo CD cluster secret might leak in cluster details page
Ecosystems: go
Packages: github.com/argoproj/argo-cd/v2
Source: GitHub Advisory Database
Blast Radius: 21.5
Published: 8 months ago
Critical
GSA_kwCzR0hTQS03cDhjLWNyZnItcTkzcM4AA1xg
hutool Buffer Overflow vulnerability
Ecosystems: maven
Packages: cn.hutool:hutool-json, cn.hutool:hutool-core
Source: GitHub Advisory Database
Blast Radius: 30.8
Published: 8 months ago
Critical
GSA_kwCzR0hTQS1yeGdmLXI4NDMtZzUzaM4AA1xh
hutool Buffer Overflow vulnerability
Ecosystems: maven
Packages: cn.hutool:hutool-json, cn.hutool:hutool-core
Source: GitHub Advisory Database
Blast Radius: 30.8
Published: 8 months ago
Critical
GSA_kwCzR0hTQS1tN3ZoLXBnZnEtdjRycc4AA1xW
Jeecg boot SQL Injection vulnerability
Ecosystems: maven
Packages: org.jeecgframework.boot:jeecg-boot-parent
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 8 months ago
Critical
GSA_kwCzR0hTQS05MnJ2LTRqMmgtOG1qas4AA1xE
Snappy PHAR deserialization vulnerability
Ecosystems: packagist
Packages: knplabs/knp-snappy
Source: GitHub Advisory Database
Blast Radius: 32.6
Published: 8 months ago
Critical
GSA_kwCzR0hTQS1ybXFwLTl3NGMtZ2M3d84AA1sf
Apache Axis 1.x (EOL) may allow RCE when untrusted input is passed to getService
Ecosystems: maven
Packages: axis:axis, org.apache.axis:axis
Source: GitHub Advisory Database
Blast Radius: 33.3
Published: 9 months ago
Critical
GSA_kwCzR0hTQS1oMjRjLTZwNnAtbTN2eM4AA1oF
tss-lib leaks secret keys in response to incorrectly constructed Paillier moduli
Ecosystems: go
Packages: github.com/bnb-chain/tss-lib
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 9 months ago
Critical
GSA_kwCzR0hTQS1mNzN3LTRtN2ctY2g5eM4AA1n1
Langchain vulnerable to arbitrary code execution via the evaluate function in the numexpr library
Ecosystems: pypi
Packages: langchain
Source: GitHub Advisory Database
Blast Radius: 41.9
Published: 9 months ago
Critical
GSA_kwCzR0hTQS1qMmdqLWczcDktN21ycs4AA1nC
Account TakeOver Due to Improper Handling of JWT Tokens in usememos/memos
Ecosystems: go
Packages: github.com/usememos/memos
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 9 months ago
Critical
GSA_kwCzR0hTQS05NXJwLTZncXAtNjYyMs4AA1lI
Command Injection Vulnerability in find-exec
Ecosystems: npm
Packages: find-exec
Source: GitHub Advisory Database
Blast Radius: 27.4
Published: 9 months ago
Critical
GSA_kwCzR0hTQS1taHA2LWp2cHgtMnA0bc4AA1jD
Heap-based buffer overflow in ZBar
Ecosystems: pypi
Packages: zbar
Source: GitHub Advisory Database
Blast Radius: 16.4
Published: 9 months ago
Critical
GSA_kwCzR0hTQS04eGhyLXgzdjgtcmdoas4AA1eR
XWiki Platform's Groovy jobs check the wrong author, allowing remote code execution
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-scheduler-api, com.xpn.xwiki.platform.plugins:xwiki-plugin-scheduler
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 9 months ago
Critical
GSA_kwCzR0hTQS03Z2ZxLWY5NmYtZzg1as4AA1dI
langchain vulnerable to arbitrary code execution
Ecosystems: pypi
Packages: langchain
Source: GitHub Advisory Database
Blast Radius: 41.9
Published: 9 months ago
Critical
GSA_kwCzR0hTQS01bWY4LXY0M3ctbWZ4cM4AA1aV
XWiki Platform privilege escalation (PR) from account through AWM content fields
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-appwithinminutes-ui
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 9 months ago
Critical
GSA_kwCzR0hTQS03OTU0LTZtOXEtZ3B2Zs4AA1Yx
XWiki Platform privilege escalation (PR)/RCE from account through Invitation subject/message
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-invitation-ui
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 9 months ago
Critical
GSA_kwCzR0hTQS02OHhnLWdxcW0tdmdqOM4AA1Yw
Puma HTTP Request/Response Smuggling vulnerability
Ecosystems: rubygems
Packages: puma
Source: GitHub Advisory Database
Blast Radius: 54.9
Published: 9 months ago
Statistics
Advisories: 18,774
Packages: 8,381
Repositories: 1,300
Ecosystems: 12
Filter by Severity
Moderate 8,161 High 6,452 Critical 2,849 Low 1,017
Filter by Ecosystem
npm 953 maven 826 packagist 493 pypi 370 go 215 cargo 154 rubygems 110 nuget 49 actions 4 hex 4 swift 2
Filter by Package
magento/community-edition 34 com.fasterxml.jackson.core:jackson-databind 24 dolibarr/dolibarr 23 org.jenkins-ci.main:jenkins-core 18 net.mingsoft:ms-mcms 18 salt 17 moodle/moodle 15 drupal/core 14 topthink/framework 13 com.liferay.portal:release.portal.bom 13 com.liferay.portal:release.dxp.bom 12 org.apache.dubbo:dubbo 12 langchain 12 mlflow 12 magento/core 11 org.apache.struts:struts2-core 11 apache-airflow 10 vm2 10 drupal/drupal 10 tensorflow 9 phpmyadmin/phpmyadmin 9 org.xwiki.platform:xwiki-platform-oldcore 9 funadmin/funadmin 9 tensorflow-gpu 8 tensorflow-cpu 8 paddlepaddle 8 froxlor/froxlor 8 org.jeecgframework.boot:jeecg-boot-common 8 shopware/platform 8 rdiffweb 8 org.xwiki.platform:xwiki-platform-web-templates 8 rusqlite 7 studio-42/elfinder 7 org.xwiki.platform:xwiki-platform-administration-ui 7 sequelize 7 gogs.io/gogs 7 ansible 7 symfony/symfony 7 thorsten/phpmyfaq 6 github.com/answerdev/answer 6 github.com/argoproj/argo-cd 6 parse-server 6 aaptjs 6 ezsystems/ezpublish-kernel 6 mautic/core 5 Microsoft.ChakraCore 5 django 5 org.jenkins-ci.plugins:script-security 5 org.xwiki.platform:xwiki-platform-web 5 safe-eval 5 org.jeecgframework.boot:jeecg-boot-parent 5 org.apache.inlong:manager-pojo 5 mercurial 5 org.apache.shiro:shiro-core 5 centreon/centreon 5 zendframework/zendframework 5 org.apache.activemq:activemq-client 5 shopware/core 5 prestashop/prestashop 5 ckb 5 steal 5 org.xwiki.commons:xwiki-commons-xml 5 Pillow 5 nodebb 5 org.cloudfoundry.identity:cloudfoundry-identity-server 4 github.com/grafana/grafana 4 nukeviet/nukeviet 4 github.com/argoproj/argo-cd/v2 4 org.apache.kylin:kylin-server-base 4 openssl-src 4 org.apache.tapestry:tapestry-core 4 baserproject/basercms 4 org.xwiki.platform:xwiki-platform-appwithinminutes-ui 4 librenms/librenms 4 pyload-ng 4 apache-airflow-providers-apache-hive 4 PaddlePaddle 4 net.opentsdb:opentsdb 4 feehi/cms 4 calibreweb 4 contao/core-bundle 4 spree_auth_devise 4 org.xwiki.platform:xwiki-platform-flamingo-skin-resources 4 swagger-ui 4 org.apache.tomcat.embed:tomcat-embed-core 4 safer-eval 4 github.com/hashicorp/vault 4 org.eclipse.jetty:jetty-server 4 github.com/usememos/memos 4 code.gitea.io/gitea 4 org.jeecgframework.boot:jeecg-boot-base-core 4 smallvec 4 hermes-engine 4 org.apache.openmeetings:openmeetings-parent 4 messagepack-rs 4 org.apache.inlong:manager-service 4 contao/contao 4 Django 4 realms-shim 4 nilsteampassnet/teampass 4 codeigniter4/framework 3 org.apache.logging.log4j:log4j-core 3 showdoc/showdoc 3 lmdb 3 org.jenkins-ci.plugins:active-directory 3 github.com/dexidp/dex 3 org.xwiki.platform:xwiki-platform-icon-ui 3 zendframework/zendframework1 3 org.apache.storm:storm 3 github.com/rancher/rancher 3 org.xwiki.platform:xwiki-platform-search-ui 3 org.apache.dolphinscheduler:dolphinscheduler 3 typo3/cms 3 org.apache.ignite:ignite-core 3 org.apache.inlong:manager-web 3 com.hazelcast:hazelcast 3 modoboa 3 log4j:log4j 3 org.zenframework.z8.dependencies.commons:log4j-1.2.17 3 id-map 3 tribalsystems/zenario 3 @openzeppelin/contracts-upgradeable 3 pimcore/pimcore 3 org.xwiki.platform:xwiki-platform-panels-ui 3 nvflare 3 org.xwiki.platform:xwiki-platform-flamingo-theme-ui 3 org.jeecgframework.boot:jeecg-boot-base 3 slp-validate 3 org.keycloak:keycloak-core 3 ro.pippo:pippo-core 3 facade/ignition 3 symfony/security 3 edu.stanford.nlp:stanford-corenlp 3 com.jflyfox:jflyfox_jfinal 3 symfony/security-core 3 com.alibaba:dubbo 3 ezsystems/ezplatform-kernel 3 org.apache.hadoop:hadoop-common 3 jsrsasign 3 codeigniter/framework 3 impresscms/impresscms 3 github.com/go-gitea/gitea 3 simplesamlphp/simplesamlphp 3 nokogiri 3 org.apache.any23:apache-any23 3 org.apache.linkis:linkis 3 craftcms/cms 3 handlebars 3 smarty/smarty 3 rubygems-update 3 io.dataease:dataease-plugin-common 3 org.jenkins-ci.plugins.workflow:workflow-cps 3 github.com/pterodactyl/wings 3 org.apache.ozone:ozone-main 3 adodb/adodb-php 3 slpjs 3 strapi 3 cobbler 3 dompdf/dompdf 3 org.springframework.security:spring-security-core 3 browserify-shim 3 org.apache.jmeter:ApacheJMeter 3 actix-web 3 ibexa/core 3 mongoose 3 io.undertow:undertow-core 3 org.apache.solr:solr-parent 3 xcb 3 phpmailer/phpmailer 3 org.apache.solr:solr-core 3 elefant/cms 3 org.richfaces:richfaces-core 3 francoisjacquet/rosariosis 3 ray 3 github.com/hashicorp/nomad 3 publify_core 3 feathers-sequelize 3 codiad/codiad 3 alextselegidis/easyappointments 2 eslint-config-eslint 2 github.com/beego/beego 2 github.com/beego/beego/v2 2 mysql2 2 org.xwiki.platform:xwiki-platform-attachment-ui 2 org.apache.flume.flume-ng-sources:flume-jms-source 2 llama-index 2 Radicale 2 github.com/russellhaering/gosaml2 2 laravel/framework 2 org.keycloak:keycloak-services 2 com.hazelcast.jet:hazelcast-jet 2 org.apache.derby:derby 2 cn.hutool:hutool-all 2 org.apache.inlong:manager-dao 2 @keystone-6/core 2 joplin 2 ctx 2 org.xwiki.platform:xwiki-platform-administration 2 org.xwiki.platform:xwiki-platform-distribution-war 2 org.jenkins-ci.plugins:semantic-versioning-plugin 2
Filter by Repository
https://github.com/xwiki/xwiki-platform 81 https://github.com/FasterXML/jackson-databind 24 https://github.com/jenkinsci/jenkins 17 https://github.com/Dolibarr/dolibarr 15 https://github.com/apache/airflow 14 https://github.com/saltstack/salt 14 https://github.com/mlflow/mlflow 11 https://github.com/PaddlePaddle/Paddle 11 https://github.com/ming-soft/MCMS 10 https://github.com/patriksimek/vm2 10 https://github.com/funadmin/funadmin 9 https://github.com/jeecgboot/jeecg-boot 9 https://github.com/tensorflow/tensorflow 9 https://github.com/django/django 9 https://github.com/top-think/framework 9 https://github.com/langchain-ai/langchain 8 https://github.com/magento/magento2 8 https://github.com/ikus060/rdiffweb 8 https://github.com/apache/inlong 8 https://github.com/argoproj/argo-cd 7 https://github.com/Studio-42/elFinder 7 https://github.com/python-pillow/Pillow 7 https://github.com/gogs/gogs 7 https://github.com/go-gitea/gitea 7 https://github.com/ansible/ansible 7 https://github.com/sequelize/sequelize 7 https://github.com/rusqlite/rusqlite 7 https://github.com/apache/struts 7 https://github.com/thorsten/phpmyfaq 6 https://github.com/shopware/platform 6 https://github.com/shenzhim/aaptjs 6 https://github.com/parse-community/parse-server 6 https://github.com/symfony/symfony 6 https://github.com/xwiki/xwiki-commons 6 https://github.com/answerdev/answer 6 https://github.com/apache/tomcat 5 https://github.com/solidusio/solidus_auth_devise 5 https://github.com/PrestaShop/PrestaShop 5 https://github.com/nervosnetwork/ckb 5 https://github.com/froxlor/froxlor 5 https://github.com/NodeBB/NodeBB 5 https://github.com/apache/activemq 5 https://github.com/dromara/hutool 5 https://github.com/keycloak/keycloak 5 https://github.com/hacksparrow/safe-eval 5 https://github.com/moodle/moodle 5 https://github.com/stealjs/steal 5 https://github.com/swagger-api/swagger-ui 4 https://github.com/hwchase17/langchain 4 https://github.com/OpenTSDB/opentsdb 4 https://github.com/janeczku/calibre-web 4 https://github.com/otake84/messagepack-rs 4 https://github.com/cloudfoundry/uaa 4 https://github.com/pippo-java/pippo 4 https://github.com/usememos/memos 4 https://github.com/contao/contao 4 https://github.com/dompdf/dompdf 4 https://github.com/spring-projects/spring-framework 4 https://github.com/ezsystems/ezpublish-kernel 4 https://github.com/servo/rust-smallvec 4 https://github.com/grafana/grafana 4 https://github.com/liufee/cms 4 https://github.com/pyload/pyload 4 https://github.com/CVEProject/cvelist 4 https://github.com/centreon/centreon-archived 3 https://github.com/shopware/shopware 3 https://github.com/modoboa/modoboa 3 https://github.com/PHPMailer/PHPMailer 3 https://github.com/publify/publify 3 https://github.com/facade/ignition 3 https://github.com/feathersjs-ecosystem/feathers-sequelize 3 https://github.com/ImpressCMS/impresscms 3 https://github.com/star7th/showdoc 3 https://github.com/thlorenz/browserify-shim 3 https://github.com/cobbler/cobbler 3 https://github.com/opencast/opencast 3 https://github.com/pimcore/pimcore 3 https://github.com/smarty-php/smarty 3 https://github.com/rancher/rancher 3 https://github.com/facebook/hermes 3 https://github.com/craftcms/cms 3 https://github.com/nukeviet/nukeviet 3 https://github.com/ezsystems/ezplatform-kernel 3 https://github.com/hazelcast/hazelcast 3 https://github.com/jflyfox/jfinal_cms 3 https://github.com/simpleledger/slpjs 3 https://github.com/phpmyadmin/phpmyadmin 3 https://github.com/crewjam/saml 3 https://github.com/chakra-core/ChakraCore 3 https://github.com/dataease/dataease 3 https://github.com/NVIDIA/NVFlare 3 https://github.com/ibexa/core 3 https://github.com/ADOdb/ADOdb 3 https://github.com/rubygems/rubygems.org 3 https://github.com/andrewhickman/id-map 3 https://github.com/rubygems/rubygems 3 https://github.com/twisted/twisted 3 https://github.com/apache/camel 3 https://github.com/actix/actix-web 3 https://github.com/pterodactyl/wings 3 https://github.com/dwisiswant0/advisory 3 https://github.com/run-llama/llama_index 3 https://github.com/jbroadway/elefant 3 https://github.com/strapi/strapi 3 https://github.com/octobercms/october 3 https://github.com/denoland/deno 3 https://github.com/mautic/mautic 3 https://github.com/TeamSeri0us/pocs 3 https://github.com/github/securitylab 3 https://github.com/baserproject/basercms 3 https://github.com/dexidp/dex 3 https://github.com/LetianYuan/My-CVE-Public-References 3 https://github.com/neorazorx/facturascripts 3 https://github.com/apache/shiro 3 https://github.com/kjur/jsrsasign 3 https://github.com/mbechler/marshalsec 3 https://github.com/jmrozanec/cron-utils 2 https://github.com/sjep/array 2 https://github.com/pytorch/serve 2 https://github.com/OpenAPITools/openapi-generator 2 https://github.com/jfinal/jfinal 2 https://github.com/simpleledger/slp-validate.js 2 https://github.com/top-think/thinkphp 2 https://github.com/SAP/cloud-pysec 2 https://github.com/apache/kylin 2 https://github.com/TribalSystems/Zenario 2 https://github.com/totaljs/framework 2 https://github.com/stanfordnlp/corenlp 2 https://github.com/HtmlUnit/htmlunit 2 https://github.com/ahdinosaur/set-in 2 https://github.com/kubernetes/kubernetes 2 https://github.com/Microsoft/ChakraCore 2 https://github.com/MrSwitch/hello.js 2 https://github.com/ibexa/admin-ui 2 https://github.com/evmos/evmos 2 https://github.com/beego/beego 2 https://github.com/dominictarr/libnested 2 https://github.com/fluxcd/flux2 2 https://github.com/moby/buildkit 2 https://github.com/unshiftio/url-parse 2 https://github.com/sidorares/node-mysql2 2 https://github.com/noear/solon 2 https://github.com/h2database/h2database 2 https://github.com/firebase/php-jwt 2 https://github.com/netvl/acc_reader 2 https://github.com/rubyzip/rubyzip 2 https://github.com/russellhaering/gosaml2 2 https://github.com/jenkinsci/semantic-versioning-plugin 2 https://github.com/rest-client/rest-client 2 https://github.com/hashicorp/go-getter 2 https://github.com/qcubed/qcubed 2 https://github.com/nats-io/jwt 2 https://github.com/getgrav/grav 2 https://github.com/rochacbruno/quokka 2 https://github.com/graphite-project/graphite-web 2 https://github.com/rails/rails 2 https://github.com/uasoft-indonesia/badaso 2 https://github.com/apache/flume 2 https://github.com/Froxlor/Froxlor 2 https://github.com/TogaTech/tEnvoy 2 https://github.com/PowerJob/PowerJob 2 https://github.com/Gerapy/Gerapy 2 https://github.com/rust-random/rand 2 https://github.com/hashicorp/nomad 2 https://github.com/vert-x3/vertx-web 2 https://github.com/apache/karaf 2 https://github.com/simplesamlphp/simplesamlphp 2 https://github.com/nilsteampassnet/teampass 2 https://github.com/sparklemotion/nokogiri 2 https://github.com/laurent22/joplin 2 https://gitlab.com/francoisjacquet/rosariosis 2 https://github.com/dominictarr/event-stream 2 https://github.com/KnpLabs/snappy 2 https://github.com/apache/incubator-streampark 2 https://github.com/SAP/cloud-security-services-integration-library 2 https://github.com/skoranga/node-dns-sync 2 https://github.com/commenthol/safer-eval 2 https://github.com/SAP/cloud-security-client-go 2 https://github.com/dfinity/agent-js 2 https://github.com/jaw187/node-traceroute 2 https://github.com/WWBN/AVideo 2 https://github.com/markevans/dragonfly 2 https://github.com/soketi/soketi 2 https://github.com/nilsteampassnet/TeamPass 2 https://github.com/line/armeria 2 https://github.com/gofiber/fiber 2 https://github.com/joomla/joomla-cms 2 https://github.com/OpenZeppelin/openzeppelin-contracts-upgradeable 2 https://github.com/benbusby/whoogle-search 2 https://github.com/google/flatbuffers 2 https://github.com/gventuri/pandas-ai 2 https://github.com/nodejs/llhttp 2 https://github.com/zoujingli/ThinkAdmin 2 https://github.com/Automattic/mongoose 2 https://github.com/handlebars-lang/handlebars.js 2 https://github.com/hashicorp/vault 2 https://github.com/ionicabizau/parse-url 2 https://github.com/cockpit-hq/cockpit 2 https://github.com/keystonejs/keystone 2