Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Low Security Advisories
Loading...
Low
Ecosystems: go
Packages: go.etcd.io/etcd/client/pkg/v3
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 months ago
GSA_kwCzR0hTQS01eDRnLXE1cmMtMzZqcM4AA5Cl
Etcd pkg Insecure ciphers are allowed by defaultEcosystems: go
Packages: go.etcd.io/etcd/client/pkg/v3
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 months ago
Low
Ecosystems: cargo
Packages: ckb
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 4 months ago
GSA_kwCzR0hTQS1wcjM5LTgyNTctZnhjMs4AA5Ci
Nervos CKB DoS: Process exists when p2p discovery protocol receives unsupported peer IPEcosystems: cargo
Packages: ckb
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 4 months ago
Low
Ecosystems: pypi
Packages: vyper
Source: GitHub Advisory Database
Blast Radius: 8.8
Published: 4 months ago
GSA_kwCzR0hTQS1ncDN3LTJ2Mm0tcDY4Ns4AA5Bo
Vyper's external calls can overflow return data to return input bufferEcosystems: pypi
Packages: vyper
Source: GitHub Advisory Database
Blast Radius: 8.8
Published: 4 months ago
Low
Ecosystems: packagist
Packages: bref/bref
Source: GitHub Advisory Database
Blast Radius: 9.0
Published: 4 months ago
GSA_kwCzR0hTQS04MnZ4LW1tNnItZ2c4d84AA4_5
Bref vulnerable to Body Parsing Inconsistency in Event-Driven FunctionsEcosystems: packagist
Packages: bref/bref
Source: GitHub Advisory Database
Blast Radius: 9.0
Published: 4 months ago
Low
Ecosystems: cargo
Packages: wasmtime
Source: GitHub Advisory Database
Blast Radius: 12.9
Published: 4 months ago
GSA_kwCzR0hTQS1oODRxLW04cnItM3Y5cc4AA4-6
wasmtime_trap_code C API function has out of bounds write vulnerabilityEcosystems: cargo
Packages: wasmtime
Source: GitHub Advisory Database
Blast Radius: 12.9
Published: 4 months ago
Low
Ecosystems: maven
Packages: org.springframework.cloud:spring-cloud-contract-shade
Source: GitHub Advisory Database
Blast Radius: 3.8
Published: 4 months ago
GSA_kwCzR0hTQS1wNnJwLW14ODUtbTQ1Oc4AA49f
Spring Cloud Contract vulnerable to local information disclosureEcosystems: maven
Packages: org.springframework.cloud:spring-cloud-contract-shade
Source: GitHub Advisory Database
Blast Radius: 3.8
Published: 4 months ago
Low
Ecosystems: pypi
Packages: vantage6
Source: GitHub Advisory Database
Blast Radius: 3.3
Published: 4 months ago
GSA_kwCzR0hTQS1yam12LTUybXAtZ2pycs4AA480
vantage6 may create unencrypted tasks in encrypted collaborationEcosystems: pypi
Packages: vantage6
Source: GitHub Advisory Database
Blast Radius: 3.3
Published: 4 months ago
Low
Ecosystems: pypi
Packages: vantage6-server
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 months ago
GSA_kwCzR0hTQS00NWdxLXE0eGgtY3A1M84AA48y
vantage6 vulnerable to username timing attackEcosystems: pypi
Packages: vantage6-server
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 months ago
Low
Ecosystems: maven
Packages: io.jenkins.plugins:gitlab-branch-source
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 4 months ago
GSA_kwCzR0hTQS1mNjdmLTJqNnItbTRjOc4AA4q0
Non-constant time webhook token comparison in Jenkins GitLab Branch Source PluginEcosystems: maven
Packages: io.jenkins.plugins:gitlab-branch-source
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 4 months ago
Low
Ecosystems: pypi
Packages: changedetection-io, changedetection.io
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 4 months ago
GSA_kwCzR0hTQS1oY3ZwLTJjYzctanJ3cs4AA4oO
changedetection.io API endpoint is not secured with API tokenEcosystems: pypi
Packages: changedetection-io, changedetection.io
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 4 months ago
Low
Ecosystems: cargo
Packages: ferris-says
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 months ago
GSA_kwCzR0hTQS12MzYzLXJyZjItNWZtas4AA4ig
ferris-says has undefined behavior when not using UTF-8Ecosystems: cargo
Packages: ferris-says
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 months ago
Low
Ecosystems: cargo
Packages: ursa, anoncreds-clsignatures
Source: GitHub Advisory Database
Blast Radius: 5.4
Published: 4 months ago
GSA_kwCzR0hTQS0ycTZqLWdxYzQtNGd3M84AA4gE
Breaking unlinkability in Identity Mixer using malicious keysEcosystems: cargo
Packages: ursa, anoncreds-clsignatures
Source: GitHub Advisory Database
Blast Radius: 5.4
Published: 4 months ago
Low
Ecosystems: pypi
Packages: streamlit
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 months ago
GSA_kwCzR0hTQS04cXc5LWdmN3ctNDJ4Nc4AA4a1
Minor fix to previous patch for CVE-2022-35918Ecosystems: pypi
Packages: streamlit
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 months ago
Low
Ecosystems: pypi
Packages: case-utils, cdo-local-uuid
Source: GitHub Advisory Database
Blast Radius: 0.7
Published: 4 months ago
GSA_kwCzR0hTQS1yZ3JmLTZtZjUtbTg4Ms4AA4Yr
cdo-local-uuid vulnerable to insertion of artifact derived from developer's Present Working Directory into demonstration codeEcosystems: pypi
Packages: case-utils, cdo-local-uuid
Source: GitHub Advisory Database
Blast Radius: 0.7
Published: 4 months ago
Low
Ecosystems: go
Packages: github.com/apache/incubator-answer
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 4 months ago
GSA_kwCzR0hTQS1mODk5LTRtcjQtZnFwds4AA4Uf
Apache Answer Race Condition vulnerabilityEcosystems: go
Packages: github.com/apache/incubator-answer
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 4 months ago
Low
Ecosystems: packagist
Packages: flarum/framework, flarum/core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 months ago
GSA_kwCzR0hTQS03MzNyLTh4Y3Atdzltcs4AA4N5
Flarum's logout Route allows open redirectsEcosystems: packagist
Packages: flarum/framework, flarum/core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 months ago
Low
Ecosystems: go
Packages: github.com/karmada-io/karmada
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 5 months ago
GSA_kwCzR0hTQS03eGcyLTgzZjgtMzltcs4AA4Lf
The DES/3DES cipher was used as part of the TLS protocol by installation toolsEcosystems: go
Packages: github.com/karmada-io/karmada
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 5 months ago
Low
Ecosystems: packagist
Packages: gilacms/gila
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 5 months ago
GSA_kwCzR0hTQS0zcGZqLWc0d3ItcWozas4AA4J-
Gila CMS SQL Injection vulnerabilityEcosystems: packagist
Packages: gilacms/gila
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 5 months ago
Low
Ecosystems: packagist
Packages: gilacms/gila
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 5 months ago
GSA_kwCzR0hTQS00dmY2LTJybXgtZmdxeM4AA4KC
Gila CMS SQL Injection vulnerabilityEcosystems: packagist
Packages: gilacms/gila
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 5 months ago
Low
Ecosystems: packagist
Packages: winter/wn-backend-module
Source: GitHub Advisory Database
Blast Radius: 4.5
Published: 5 months ago
GSA_kwCzR0hTQS0yeDdyLTkzd3ctY3hycc4AA4Je
Winter CMS Local File Inclusion through Server Side Template InjectionEcosystems: packagist
Packages: winter/wn-backend-module
Source: GitHub Advisory Database
Blast Radius: 4.5
Published: 5 months ago
Low
Ecosystems: go
Packages: github.com/mattermost/mattermost/server/v8
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 5 months ago
GSA_kwCzR0hTQS05dzk3LTlycXgtOHY0as4AA4Jd
Mattermost allows demoted guests to change group namesEcosystems: go
Packages: github.com/mattermost/mattermost/server/v8
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 5 months ago
Low
Ecosystems: go
Packages: github.com/mattermost/mattermost/server/v8
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 5 months ago
GSA_kwCzR0hTQS1oM2dxLWo3cDkteDNwNM4AA4Gf
Mattermost Cross-site Scripting vulnerabilityEcosystems: go
Packages: github.com/mattermost/mattermost/server/v8
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 5 months ago
Low
Ecosystems: packagist
Packages: winter/wn-backend-module
Source: GitHub Advisory Database
Blast Radius: 2.7
Published: 5 months ago
GSA_kwCzR0hTQS00M3c0LTRqM2MtangyOc4AA4EN
Winter CMS Stored XSS through Backend ColorPicker FormWidgetEcosystems: packagist
Packages: winter/wn-backend-module
Source: GitHub Advisory Database
Blast Radius: 2.7
Published: 5 months ago
Low
Ecosystems: packagist
Packages: winter/wn-system-module
Source: GitHub Advisory Database
Blast Radius: 2.7
Published: 5 months ago
GSA_kwCzR0hTQS00d3Z3LTc1cWgtZnFqcM4AA4EM
Winter CMS Stored XSS through privileged upload of Media Manager file followed by renamingEcosystems: packagist
Packages: winter/wn-system-module
Source: GitHub Advisory Database
Blast Radius: 2.7
Published: 5 months ago
Low
Ecosystems: pypi
Packages: nautobot
Source: GitHub Advisory Database
Blast Radius: 5.9
Published: 5 months ago
GSA_kwCzR0hTQS12ZjVtLXhyaG0tdjk5Oc4AA4AF
Nautobot missing object-level permissions enforcement when running Job ButtonsEcosystems: pypi
Packages: nautobot
Source: GitHub Advisory Database
Blast Radius: 5.9
Published: 5 months ago
Low
Ecosystems: packagist
Packages: automad/automad
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 5 months ago
GSA_kwCzR0hTQS03ajloLWNoMzgtNDc0cs4AA398
Stored Cross-site scripting affecting automad/automadEcosystems: packagist
Packages: automad/automad
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 5 months ago
Low
Ecosystems: packagist
Packages: yiisoft/yii2-authclient
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 5 months ago
GSA_kwCzR0hTQS13OHZoLXA3NGoteDl4cM4AA34Q
yii2-authclient vulnerable to possible timing attack on string comparison in OAuth1, OAuth2 and OpenID Connect implementationEcosystems: packagist
Packages: yiisoft/yii2-authclient
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 5 months ago
Low
Ecosystems: maven
Packages: org.owasp:dependency-check-maven, org.owasp:dependency-check-cli, org.owasp:dependency-check-ant
Source: GitHub Advisory Database
Blast Radius: 6.9
Published: 5 months ago
GSA_kwCzR0hTQS1xcWhxLThyMmMtYzNmNc4AA322
nvdApiKey is logged in debug modeEcosystems: maven
Packages: org.owasp:dependency-check-maven, org.owasp:dependency-check-cli, org.owasp:dependency-check-ant
Source: GitHub Advisory Database
Blast Radius: 6.9
Published: 5 months ago
Low
Ecosystems: cargo
Packages: zerocopy
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 5 months ago
GSA_kwCzR0hTQS0zbXY1LTM0M2MtdzJxZ84AA3yl
Ref methods into_ref, into_mut, into_slice, and into_slice_mut are unsound when used with cell::Ref or cell::RefMutEcosystems: cargo
Packages: zerocopy
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 5 months ago
Low
Ecosystems: maven
Packages: org.silverpeas.core:silverpeas-core-web, org.silverpeas.core:silverpeas-core-war
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 5 months ago
GSA_kwCzR0hTQS13aGd2LTZqNzgtNXJoMs4AA3vI
Broken access control in SilverpeasEcosystems: maven
Packages: org.silverpeas.core:silverpeas-core-web, org.silverpeas.core:silverpeas-core-war
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 5 months ago
Low
Ecosystems: pypi
Packages: nautobot
Source: GitHub Advisory Database
Blast Radius: 6.2
Published: 5 months ago
GSA_kwCzR0hTQS03NW1jLTNwamMtNzI3cc4AA3uo
Unauthenticated db-file-storage viewsEcosystems: pypi
Packages: nautobot
Source: GitHub Advisory Database
Blast Radius: 6.2
Published: 5 months ago
Low
Ecosystems: nuget
Packages: Umbraco.CMS
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 5 months ago
GSA_kwCzR0hTQS02eG14LTg1eDMtNGN2Ms4AA3ug
Stored XSS via SVG File UploadEcosystems: nuget
Packages: Umbraco.CMS
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 5 months ago
Low
Ecosystems: nuget
Packages: Umbraco.CMS
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 5 months ago
GSA_kwCzR0hTQS03eDc0LWg4Y3ctcWh4cc4AA3uf
Brute force exploit can be used to collect valid usernamesEcosystems: nuget
Packages: Umbraco.CMS
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 5 months ago
Low
Ecosystems: nuget
Packages: Umbraco.CMS
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 5 months ago
GSA_kwCzR0hTQS04cXA4LTlycHctajQ2Y84AA3ue
SMTP misconfiguration leading to "Forgot Password" exploit that leaks registered user email.Ecosystems: nuget
Packages: Umbraco.CMS
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 5 months ago
Low
Ecosystems: nuget
Packages: Umbraco.CMS
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 5 months ago
GSA_kwCzR0hTQS02MzI0LTUycHItaDRwNc4AA3uc
Using the directory back payload (“/../”) in a package name allows placement of package in other folders.Ecosystems: nuget
Packages: Umbraco.CMS
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 5 months ago
Low
Ecosystems: nuget
Packages: Umbraco.CMS
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 5 months ago
GSA_kwCzR0hTQS0zMzV4LTV3Y20tOGp2Ms4AA3ua
Backoffice User can bypass "Publish" restrictionEcosystems: nuget
Packages: Umbraco.CMS
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 5 months ago
Low
Ecosystems: nuget
Packages: Umbraco.CMS
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 5 months ago
GSA_kwCzR0hTQS14eGM2LTM1cjctNzk2d84AA3uY
Possible injection of HTML into user invite mailsEcosystems: nuget
Packages: Umbraco.CMS
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 5 months ago
Low
Ecosystems: nuget
Packages: Gsemac.Net
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 5 months ago
GSA_kwCzR0hTQS13NHg2LWhoM3gtd2pyeM4AA3q0
Stale copy of the public suffix listEcosystems: nuget
Packages: Gsemac.Net
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 5 months ago
Low
Ecosystems: go
Packages: knative.dev/eventing-gitlab
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 5 months ago
GSA_kwCzR0hTQS05OWp2LTgyOTItMmhwbc4AA3pg
eventing-gitlab vulnerable to denial of service, caused by improper enforcement of the timeout on individual read operationsEcosystems: go
Packages: knative.dev/eventing-gitlab
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 5 months ago
Low
Ecosystems: pypi
Packages: dbt-core
Source: GitHub Advisory Database
Blast Radius: 8.8
Published: 5 months ago
GSA_kwCzR0hTQS1qNGczLTNxOHgtanhxcM4AA3ow
dbt-core's secret env vars written to package-lock.json in plaintextEcosystems: pypi
Packages: dbt-core
Source: GitHub Advisory Database
Blast Radius: 8.8
Published: 5 months ago
Low
Ecosystems: packagist
Packages: microweber/microweber
Source: GitHub Advisory Database
Blast Radius: 2.2
Published: 5 months ago
GSA_kwCzR0hTQS05cjZwLWhnNGctNWd4cM4AA3oU
Microweber missing standardized error handling mechanismEcosystems: packagist
Packages: microweber/microweber
Source: GitHub Advisory Database
Blast Radius: 2.2
Published: 5 months ago
Low
Ecosystems: go
Packages: knative.dev/eventing-github
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 5 months ago
GSA_kwCzR0hTQS12N2hjLTg3amMtcXJycs4AA3l6
eventing-github vulnerable to denial of service caused by improper enforcement of the timeout on individual read operationsEcosystems: go
Packages: knative.dev/eventing-github
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 5 months ago
Low
Ecosystems: pypi
Packages: PyDrive2
Source: GitHub Advisory Database
Blast Radius: 6.8
Published: 6 months ago
GSA_kwCzR0hTQS12NWY2LWhqbWYtOW1jNc4AA3lG
PyDrive2's unsafe YAML deserialization in LoadSettingsFile allows arbitrary code executionEcosystems: pypi
Packages: PyDrive2
Source: GitHub Advisory Database
Blast Radius: 6.8
Published: 6 months ago
Low
Ecosystems: go
Packages: github.com/canonical/lxd
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
GSA_kwCzR0hTQS14OXFxLTIzNmotZ2o5N84AA3lE
Canonical LXD documentation improvement to make clear restricted.devices.disk=allow without restricted.devices.disk.paths also allows shift=trueEcosystems: go
Packages: github.com/canonical/lxd
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
Low
Ecosystems: maven
Packages: org.keycloak:keycloak-services, org.keycloak:keycloak-ldap-federation
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
GSA_kwCzR0hTQS04aGM1LXJtZ2YtcXg2cM4AA3a0
Keycloak vulnerable to LDAP Injection on UsernameForm LoginEcosystems: maven
Packages: org.keycloak:keycloak-services, org.keycloak:keycloak-ldap-federation
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
Low
Ecosystems: npm
Packages: google-translate-api-browser
Source: GitHub Advisory Database
Blast Radius: 7.2
Published: 6 months ago
GSA_kwCzR0hTQS00MjMzLTdxNXEtbTdwNs4AA3Yl
google-translate-api-browser Server-Side Request Forgery (SSRF) VulnerabilityEcosystems: npm
Packages: google-translate-api-browser
Source: GitHub Advisory Database
Blast Radius: 7.2
Published: 6 months ago
Low
Ecosystems: go
Packages: github.com/mattermost/mattermost-server/v6, github.com/mattermost/mattermost/server/v8
Source: GitHub Advisory Database
Blast Radius: 6.9
Published: 6 months ago
GSA_kwCzR0hTQS1qY2d2LTNwZnEtajRocs4AA3Xh
Mattermost Injection vulnerabilityEcosystems: go
Packages: github.com/mattermost/mattermost-server/v6, github.com/mattermost/mattermost/server/v8
Source: GitHub Advisory Database
Blast Radius: 6.9
Published: 6 months ago
Low
Ecosystems: maven
Packages: org.apache.storm:storm-core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
GSA_kwCzR0hTQS04NXA0LXEzNTctNzJoOc4AA3WE
Apache Storm Local Information Disclosure Vulnerability in Storm-core on Unix-Like systems due temporary filesEcosystems: maven
Packages: org.apache.storm:storm-core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
Low
Ecosystems: nuget
Packages: Elastic.Apm
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 6 months ago
GSA_kwCzR0hTQS1oeDkzLWdjNzMtNXJwcs4AA3TE
Exposure of Sensitive Information in Elastic APM .NET AgentEcosystems: nuget
Packages: Elastic.Apm
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 6 months ago
Low
Ecosystems: packagist
Packages: concrete5/concrete5
Source: GitHub Advisory Database
Blast Radius: 3.0
Published: 6 months ago
GSA_kwCzR0hTQS0zNmZyLTN3ZzgtcTV2OM4AA3O6
Concrete CMS Cross-site Scripting vulnerabilityEcosystems: packagist
Packages: concrete5/concrete5
Source: GitHub Advisory Database
Blast Radius: 3.0
Published: 6 months ago
Low
Ecosystems: pypi
Packages: aiohttp
Source: GitHub Advisory Database
Blast Radius: 16.4
Published: 6 months ago
GSA_kwCzR0hTQS14eDlwLXh4dmgtN2c4as4AA3Hw
Aiohttp has inconsistent interpretation of `Content-Length` vs. `Transfer-Encoding` differing in C and Python fallbacksEcosystems: pypi
Packages: aiohttp
Source: GitHub Advisory Database
Blast Radius: 16.4
Published: 6 months ago
Low
Ecosystems: packagist
Packages: typo3/cms-install
Source: GitHub Advisory Database
Blast Radius: 9.3
Published: 6 months ago
GSA_kwCzR0hTQS1wMmpoLTk1amctMnc1Nc4AA3Hv
Information Disclosure in typo3/cms-install toolEcosystems: packagist
Packages: typo3/cms-install
Source: GitHub Advisory Database
Blast Radius: 9.3
Published: 6 months ago
Low
Ecosystems: go
Packages: github.com/consensys/gnark
Source: GitHub Advisory Database
Blast Radius: 6.1
Published: 6 months ago
GSA_kwCzR0hTQS1yamptLXgzMnAtbTNmN84AA3C1
gnark's range checker gadget allows wider inputs up to word alignmentEcosystems: go
Packages: github.com/consensys/gnark
Source: GitHub Advisory Database
Blast Radius: 6.1
Published: 6 months ago
Low
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 4.7
Published: 6 months ago
GSA_kwCzR0hTQS1qcjgzLTh4NjUteGNyNc4AA3Bu
Moodle Exposure of Sensitive Information to an Unauthorized Actor vulnerabilityEcosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 4.7
Published: 6 months ago
Low
Ecosystems: maven
Packages: software.amazon.cryptography:aws-database-encryption-sdk-dynamodb
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 6 months ago
GSA_kwCzR0hTQS03MmZwLXc0NGctNjI1cc4AA3BG
Signing DynamoDB Sets when using the AWS Database Encryption SDK.Ecosystems: maven
Packages: software.amazon.cryptography:aws-database-encryption-sdk-dynamodb
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 6 months ago
Low
Ecosystems: go
Packages: github.com/slsa-framework/slsa-verifier, github.com/slsa-framework/slsa-verifier/v2
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
GSA_kwCzR0hTQS1yMnh2LXZwcjItNDJtOc4AA2_p
slsa-verifier vulnerable to mproper validation of npm's publish attestationsEcosystems: go
Packages: github.com/slsa-framework/slsa-verifier, github.com/slsa-framework/slsa-verifier/v2
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
Low
Ecosystems: cargo
Packages: s2n-quic
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
GSA_kwCzR0hTQS00NzV2LXBxMmctZnA5Z84AA2_T
s2n-quic potential denial of service via crafted stream framesEcosystems: cargo
Packages: s2n-quic
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
Low
Ecosystems: go
Packages: github.com/sigstore/cosign, github.com/sigstore/cosign/v2
Source: GitHub Advisory Database
Blast Radius: 8.7
Published: 6 months ago
GSA_kwCzR0hTQS12ZnA2LWpydzItOTlnOc4AA2_S
Cosign vulnerable to possible endless data attack from attacker-controlled registryEcosystems: go
Packages: github.com/sigstore/cosign, github.com/sigstore/cosign/v2
Source: GitHub Advisory Database
Blast Radius: 8.7
Published: 6 months ago
Low
Ecosystems: cargo
Packages: rusty-paseto
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 6 months ago
GSA_kwCzR0hTQS1qNTdyLTRxdzYtNThyM84AA2-Z
rusty_paseto vulnerable to private key extraction due to ed25519-dalek dependencyEcosystems: cargo
Packages: rusty-paseto
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 6 months ago
Low
Ecosystems: packagist
Packages: floriangaerber/magnesium
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 months ago
GSA_kwCzR0hTQS04cHA2LTVxcHctODVnM84AA27H
Magnesium-PHP Injection vulnerabilityEcosystems: packagist
Packages: floriangaerber/magnesium
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 months ago
Low
Ecosystems: packagist
Packages: ezsystems/ezplatform-kernel
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 7 months ago
GSA_kwCzR0hTQS1ndjJjLTVnNzktaDczY84AA26t
Ibexa ezplatform-kernel download route allows filename changeEcosystems: packagist
Packages: ezsystems/ezplatform-kernel
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 7 months ago
Low
Ecosystems: packagist
Packages: ibexa/core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 7 months ago
GSA_kwCzR0hTQS1nOTVjLXhjODMtODM1M84AA26s
Ibexa DXP Download route allows filename changeEcosystems: packagist
Packages: ibexa/core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 7 months ago
Low
Ecosystems: packagist
Packages: ezsystems/ezpublish-kernel
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 7 months ago
GSA_kwCzR0hTQS05NDZjLWY5dzYtMmMyNc4AA26n
Download route allows filename change in eZpublish kernelEcosystems: packagist
Packages: ezsystems/ezpublish-kernel
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 7 months ago
Low
Ecosystems: go
Packages: github.com/hashicorp/vagrant
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 months ago
GSA_kwCzR0hTQS00N3h3LXZ3Nm0tdzlmcc4AA2wh
HashiCorp Vagrant Insecure Operation on Windows Junction / Mount Point vulnerabilityEcosystems: go
Packages: github.com/hashicorp/vagrant
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 months ago
Low
Ecosystems: go
Packages: github.com/flyteorg/flyteadmin
Source: GitHub Advisory Database
Blast Radius: 2.4
Published: 7 months ago
GSA_kwCzR0hTQS1yODQ3LTZ3NmgtcjhnNM4AA2vp
Flyte Admin SQL Injection in List FiltersEcosystems: go
Packages: github.com/flyteorg/flyteadmin
Source: GitHub Advisory Database
Blast Radius: 2.4
Published: 7 months ago
Low
Ecosystems: maven
Packages: org.jenkins-ci.plugins:gogs-webhook
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 months ago
GSA_kwCzR0hTQS04ODVyLWhocHItY2M5cM4AA2rO
Jenkins Gogs Plugin uses non-constant time webhook token comparisonEcosystems: maven
Packages: org.jenkins-ci.plugins:gogs-webhook
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 months ago
Low
Ecosystems: maven
Packages: org.jenkins-ci.plugins:lambdatest-automation
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 months ago
GSA_kwCzR0hTQS1ocHYzLWY1cDctcHhqOc4AA2rA
Jenkins lambdatest-automation Plugin may expose Credentials access tokenEcosystems: maven
Packages: org.jenkins-ci.plugins:lambdatest-automation
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 months ago
Low
Ecosystems: maven
Packages: org.jenkins-ci.plugins:zanata
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 months ago
GSA_kwCzR0hTQS04Nmo5LTI1bTItOXc5N84AA2rS
Non-constant time webhook token hash comparison in Jenkins Zanata PluginEcosystems: maven
Packages: org.jenkins-ci.plugins:zanata
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 months ago
Low
Ecosystems: maven
Packages: igalg.jenkins.plugins:multibranch-scan-webhook-trigger
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 months ago
GSA_kwCzR0hTQS04ODU5LXY5anAtY3BoZs4AA2rz
Jenkins Multibranch Scan Webhook Trigger Plugin uses non-constant time webhook token comparisonEcosystems: maven
Packages: igalg.jenkins.plugins:multibranch-scan-webhook-trigger
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 months ago
Low
Ecosystems: maven
Packages: io.jenkins.plugins:teams-webhook-trigger
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 months ago
GSA_kwCzR0hTQS0yeHBxLTU5NTItMzh3M84AA2rM
Jenkins MSTeams Webhook Trigger Plugin uses non-constant time webhook token comparisonEcosystems: maven
Packages: io.jenkins.plugins:teams-webhook-trigger
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 months ago
Low
Ecosystems: pypi
Packages: ethyca-fides
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 months ago
GSA_kwCzR0hTQS1mZ2pqLTVqbXItZ2g4M84AA2oR
Fides JavaScript Injection Vulnerability in Privacy Center URLEcosystems: pypi
Packages: ethyca-fides
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 months ago
Low
Ecosystems: maven
Packages: org.scala-sbt:io_3, org.scala-sbt:io_2.13, org.scala-sbt:io_2.12, org.scala-sbt:sbt
Source: GitHub Advisory Database
Blast Radius: 13.0
Published: 7 months ago
GSA_kwCzR0hTQS1oOW13LWdyZ3gtMmZoZs4AA2oM
sbt vulnerable to arbitrary file write via archive extraction (Zip Slip)Ecosystems: maven
Packages: org.scala-sbt:io_3, org.scala-sbt:io_2.13, org.scala-sbt:io_2.12, org.scala-sbt:sbt
Source: GitHub Advisory Database
Blast Radius: 13.0
Published: 7 months ago
Low
Ecosystems: npm
Packages: next
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 7 months ago
GSA_kwCzR0hTQS1jNTloLXI2cDgtcTl3Y84AA2m9
Next.js missing cache-control header may lead to CDN caching empty replyEcosystems: npm
Packages: next
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 7 months ago
Low
Ecosystems: go
Packages: github.com/artifacthub/hub
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 months ago
GSA_kwCzR0hTQS05cGM4LW00dnAtZ2d2Zs4AA2kI
Artifact Hub allows unsafe rego built-inEcosystems: go
Packages: github.com/artifacthub/hub
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 months ago
Low
Ecosystems: pypi
Packages: wagtail
Source: GitHub Advisory Database
Blast Radius: 8.9
Published: 7 months ago
GSA_kwCzR0hTQS1mYzc1LTU4cjgtcm0zaM4AA2kA
Wagtail vulnerable to disclosure of user names via admin bulk action viewsEcosystems: pypi
Packages: wagtail
Source: GitHub Advisory Database
Blast Radius: 8.9
Published: 7 months ago
Low
Ecosystems: pypi
Packages: vantage6
Source: GitHub Advisory Database
Blast Radius: 3.5
Published: 7 months ago
GSA_kwCzR0hTQS1yZjU0LTdxcnItOTZqNs4AA2ea
vantage6 does not properly delete linked resources when deleting a collaborationEcosystems: pypi
Packages: vantage6
Source: GitHub Advisory Database
Blast Radius: 3.5
Published: 7 months ago
Low
Ecosystems: npm
Packages: undici
Source: GitHub Advisory Database
Blast Radius: 19.5
Published: 7 months ago
GSA_kwCzR0hTQS13cXE0LTV3cHYtbXgyZ84AA2eY
Undici's cookie header not cleared on cross-origin redirect in fetchEcosystems: npm
Packages: undici
Source: GitHub Advisory Database
Blast Radius: 19.5
Published: 7 months ago
Low
Ecosystems: hex
Packages: pleroma
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 7 months ago
GSA_kwCzR0hTQS0yYzI4LW0ybTctbWY1Nc4AA2c9
Pleroma Path Traversal vulnerabilityEcosystems: hex
Packages: pleroma
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 7 months ago
Low
Ecosystems: go
Packages: github.com/consensys/gnark-crypto
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 8 months ago
GSA_kwCzR0hTQS1wZmZnLTkyY2cteGY1Y84AA2Qs
gnark-crypto's exponentiation in the pairing target group GT using GLV can give incorrect resultsEcosystems: go
Packages: github.com/consensys/gnark-crypto
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 8 months ago
Low
Ecosystems: pypi
Packages: Zope
Source: GitHub Advisory Database
Blast Radius: 6.4
Published: 8 months ago
GSA_kwCzR0hTQS1tNzU1LWd4eGctcjVxaM4AA2Pw
Zope management interface vulnerable to stored cross site scripting via the title propertyEcosystems: pypi
Packages: Zope
Source: GitHub Advisory Database
Blast Radius: 6.4
Published: 8 months ago
Low
Ecosystems: go
Packages: github.com/cometbft/cometbft
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 8 months ago
GSA_kwCzR0hTQS1ocTU4LXA5bXYtMzM4Y84AA2Jf
CometBFT's default for `BlockParams.MaxBytes` consensus parameter may increase block times and affect consensus participationEcosystems: go
Packages: github.com/cometbft/cometbft
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 8 months ago
Low
Ecosystems: go
Packages: github.com/mattermost/mattermost-server/v6, github.com/mattermost/mattermost/server/v8
Source: GitHub Advisory Database
Blast Radius: 6.0
Published: 8 months ago
GSA_kwCzR0hTQS1ycDY1LWpwYzctOGg4cM4AA2I7
Mattermost Incorrect Authorization vulnerabilityEcosystems: go
Packages: github.com/mattermost/mattermost-server/v6, github.com/mattermost/mattermost/server/v8
Source: GitHub Advisory Database
Blast Radius: 6.0
Published: 8 months ago
Low
Ecosystems: go
Packages: github.com/mattermost/mattermost-server/v6, github.com/mattermost/mattermost/server/v8
Source: GitHub Advisory Database
Blast Radius: 6.0
Published: 8 months ago
GSA_kwCzR0hTQS1oOHdoLWY3Z3ctZndwcs4AA2I9
Mattermost Incorrect Authorization vulnerabilityEcosystems: go
Packages: github.com/mattermost/mattermost-server/v6, github.com/mattermost/mattermost/server/v8
Source: GitHub Advisory Database
Blast Radius: 6.0
Published: 8 months ago
Low
Ecosystems: npm
Packages: zod
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 8 months ago
GSA_kwCzR0hTQS1tOTVxLTdxcDMteHY0Ms4AA2IO
Zod denial of service vulnerabilityEcosystems: npm
Packages: zod
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 8 months ago
Low
Ecosystems: packagist
Packages: gugoan/economizzer
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 8 months ago
GSA_kwCzR0hTQS04OTZ2LXBoNXctMzc5aM4AA2Hj
Economizzer Insecure Direct Object Reference vulnerabilityEcosystems: packagist
Packages: gugoan/economizzer
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 8 months ago
Low
Ecosystems: go
Packages: github.com/cilium/cilium
Source: GitHub Advisory Database
Blast Radius: 7.0
Published: 8 months ago
GSA_kwCzR0hTQS0yNG01LXI2aHYtY2NncM4AA2C5
Specific Cilium configurations vulnerable to DoS via Kubernetes annotationsEcosystems: go
Packages: github.com/cilium/cilium
Source: GitHub Advisory Database
Blast Radius: 7.0
Published: 8 months ago
Low
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 4.4
Published: 8 months ago
GSA_kwCzR0hTQS03NTY1LWNxMzItdngyeM4AA2C2
matrix-synapse vulnerable to improper validation of receipts allows forged read receiptsEcosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 4.4
Published: 8 months ago
Low
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 5.2
Published: 8 months ago
GSA_kwCzR0hTQS00Zjc0LTg0djMtajlxNc4AA2C1
matrix-synapse vulnerable to temporary storage of plaintext passwords during password changesEcosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 5.2
Published: 8 months ago
Low
Ecosystems: pypi
Packages: plone.restapi
Source: GitHub Advisory Database
Blast Radius: 8.0
Published: 8 months ago
GSA_kwCzR0hTQS1oYzVjLXI4bTUtMmdmaM4AA1_4
plone.restapi vulnerable to Stored Cross Site Scripting with SVG image in user portraitEcosystems: pypi
Packages: plone.restapi
Source: GitHub Advisory Database
Blast Radius: 8.0
Published: 8 months ago
Low
Ecosystems: pypi
Packages: plone.namedfile
Source: GitHub Advisory Database
Blast Radius: 9.0
Published: 8 months ago
GSA_kwCzR0hTQS1qajdjLWpydjQtYzY1eM4AA1_2
plone.namedfile vulnerable to Stored Cross Site Scripting with SVG imagesEcosystems: pypi
Packages: plone.namedfile
Source: GitHub Advisory Database
Blast Radius: 9.0
Published: 8 months ago
Low
Ecosystems: cargo
Packages: sudo-rs
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 8 months ago
GSA_kwCzR0hTQS0ycjNjLW02djctOTM1NM4AA1_x
sudo-rs Session File Relative Path Traversal vulnerabilityEcosystems: cargo
Packages: sudo-rs
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 8 months ago
Low
Ecosystems: pypi
Packages: cryptography
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 8 months ago
GSA_kwCzR0hTQS12OGdyLW01MzMtZ2hqOc4AA1_w
Vulnerable OpenSSL included in cryptography wheelsEcosystems: pypi
Packages: cryptography
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 8 months ago
Low
Ecosystems: pypi
Packages: Zope
Source: GitHub Advisory Database
Blast Radius: 7.6
Published: 8 months ago
GSA_kwCzR0hTQS13bThxLTk5NzUteGg1ds4AA1_u
Zope vulnerable to Stored Cross Site Scripting with SVG imagesEcosystems: pypi
Packages: Zope
Source: GitHub Advisory Database
Blast Radius: 7.6
Published: 8 months ago
Low
Ecosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 8 months ago
GSA_kwCzR0hTQS1xdjY0LXc5OWMtcWNyOc4AA1-K
Jenkins temporary uploaded file created with insecure permissionsEcosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 8 months ago
Low
Ecosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 8 months ago
GSA_kwCzR0hTQS1ocTg3LWg0amctdnhmd84AA1-C
Jenkins temporary uploaded file created with insecure permissionsEcosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 8 months ago
Low
Ecosystems: maven
Packages: org.springframework.graphql:spring-graphql
Source: GitHub Advisory Database
Blast Radius: 6.9
Published: 8 months ago
GSA_kwCzR0hTQS1mcnFjLWYyaDgtZmp2Zs4AA19h
Spring for GraphQL may be exposed to GraphQL context with values from a different sessionEcosystems: maven
Packages: org.springframework.graphql:spring-graphql
Source: GitHub Advisory Database
Blast Radius: 6.9
Published: 8 months ago
Low
Ecosystems: maven
Packages: org.eclipse.jetty:jetty-openid
Source: GitHub Advisory Database
Blast Radius: 5.4
Published: 8 months ago
GSA_kwCzR0hTQS1wd2g4LTU4dnYtdnc0OM4AA15T
Jetty's OpenId Revoked authentication allows one requestEcosystems: maven
Packages: org.eclipse.jetty:jetty-openid
Source: GitHub Advisory Database
Blast Radius: 5.4
Published: 8 months ago
Low
Ecosystems: cargo
Packages: wasmtime
Source: GitHub Advisory Database
Blast Radius: 7.5
Published: 8 months ago
GSA_kwCzR0hTQS1ndzVwLXE4bWotcDdnaM4AA14F
Miscompilation of wasm `i64x2.shr_s` instruction with constant input on x86_64Ecosystems: cargo
Packages: wasmtime
Source: GitHub Advisory Database
Blast Radius: 7.5
Published: 8 months ago
Low
Ecosystems: maven
Packages: org.eclipse.jetty.ee8:jetty-ee8-servlets, org.eclipse.jetty.ee9:jetty-ee9-servlets, org.eclipse.jetty.ee10:jetty-ee10-servlets, org.eclipse.jetty:jetty-servlets
Source: GitHub Advisory Database
Blast Radius: 13.7
Published: 8 months ago
GSA_kwCzR0hTQS0zZ2g2LXY1djktNnY5as4AA13n
Jetty vulnerable to errant command quoting in CGI ServletEcosystems: maven
Packages: org.eclipse.jetty.ee8:jetty-ee8-servlets, org.eclipse.jetty.ee9:jetty-ee9-servlets, org.eclipse.jetty.ee10:jetty-ee10-servlets, org.eclipse.jetty:jetty-servlets
Source: GitHub Advisory Database
Blast Radius: 13.7
Published: 8 months ago
Low
Ecosystems: pypi, maven
Packages: wiremock, com.github.tomakehurst:wiremock-jre8-standalone, com.github.tomakehurst:wiremock-jre8, org.wiremock:wiremock, org.wiremock:wiremock-standalone
Source: GitHub Advisory Database
Blast Radius: 16.4
Published: 8 months ago
GSA_kwCzR0hTQS1wbXhxLXBqNDctajhqNM4AA1xF
Domain restrictions bypass via DNS Rebinding in WireMock and WireMock Studio webhooks, proxy and recorder modesEcosystems: pypi, maven
Packages: wiremock, com.github.tomakehurst:wiremock-jre8-standalone, com.github.tomakehurst:wiremock-jre8, org.wiremock:wiremock, org.wiremock:wiremock-standalone
Source: GitHub Advisory Database
Blast Radius: 16.4
Published: 8 months ago
Statistics
Advisories: 18,774
Packages: 8,381
Repositories: 451
Ecosystems: 12
Packages: 8,381
Repositories: 451
Ecosystems: 12
Filter by Severity
Filter by Ecosystem
Filter by Package
tensorflow
109
tensorflow-gpu
93
tensorflow-cpu
93
moodle/moodle
17
concrete5/concrete5
13
shopware/platform
12
typo3/cms
11
github.com/mattermost/mattermost/server/v8
10
phpmyadmin/phpmyadmin
10
shopware/core
10
nova
9
org.apache.tomcat:tomcat
9
org.jenkins-ci.main:jenkins-core
9
matrix-synapse
7
vyper
7
Umbraco.CMS
6
puppet
6
undici
5
k8s.io/kubernetes
5
wasmtime
5
sweetalert2
5
rack
5
helm.sh/helm/v3
5
typo3/cms-core
5
october/backend
5
baserproject/basercms
5
ansible
5
shopware/shopware
4
github.com/cilium/cilium
4
helm.sh/helm
4
electron
4
org.keycloak:keycloak-services
4
simplesamlphp/simplesamlphp
4
magento/community-edition
4
github.com/mattermost/mattermost-server/v6
4
com.vaadin:flow-server
4
actionpack
4
github.com/cosmos/cosmos-sdk
3
bin-links
3
go.etcd.io/etcd
3
nautobot
3
ethyca-fides
3
plone
3
org.graylog2:graylog2-server
3
@openzeppelin/contracts-upgradeable
3
wagtail
3
org.apache.hive:hive-exec
3
com.vaadin:vaadin-bom
3
org.apache.hive:hive-service
3
ckb
3
org.apache.hive:hive
3
node-forge
3
glance
3
passenger
3
cryptography
3
httplib2
3
sylius/sylius
3
symfony/symfony
3
github.com/mattermost/mattermost-server
3
craftcms/cms
2
silverstripe/framework
2
Flask-Security-Too
2
winter/wn-backend-module
2
org.apache.activemq:activemq-parent
2
braces
2
django
2
github.com/opencontainers/runc
2
github.com/authzed/spicedb
2
org.jenkins-ci.plugins:azure-ad
2
next-auth
2
org.jenkins-ci.plugins:bigpanda-jenkins
2
github.com/cometbft/cometbft
2
org.jenkins-ci.plugins:wso2id-oauth
2
activesupport
2
org.jenkins-ci.plugins:artifactory
2
github.com/mattermost/mattermost-plugin-jira
2
horizon
2
vantage6
2
s2n-quic
2
cargo
2
org.jenkins-ci.plugins:mercurial
2
org.jenkins-ci.plugins:repository-connector
2
Zope
2
go.etcd.io/etcd/client/v3
2
github.com/mutagen-io/mutagen
2
typo3/cms-install
2
aiohttp
2
grumpydictator/firefly-iii
2
moin
2
github.com/answerdev/answer
2
com.inedo.proget:inedo-proget
2
github.com/sigstore/cosign
2
org.jenkins-ci.plugins:ec2
2
github.com/containerd/containerd
2
Pillow
2
Django
2
node-ipc
2
salt
2
ceph-deploy
2
@apollo/server
2
tools.devnull:build-notifications
2
@openzeppelin/contracts
2
OctoPrint
2
flarum/core
2
parse-server
2
com.ruoyi:ruoyi
2
github.com/ntbosscher/gobase
2
langchain
2
Nova
2
github.com/hashicorp/nomad
2
gilacms/gila
2
october/cms
2
Flask-AppBuilder
2
ezsystems/ezplatform-kernel
2
keystone
2
ezsystems/ezpublish-kernel
2
microweber/microweber
2
typo3/cms-frontend
2
org.xwiki.platform:xwiki-platform-oldcore
2
pip
2
tuf
2
org.bouncycastle:bcprov-jdk14
2
symfony/security-http
2
org.eclipse.jetty:jetty-server
2
kafo
1
go.elastic.co/apm
1
Werkzeug
1
mindspore
1
github.com/nats-io/nats-server/v2
1
wiremock
1
com.github.tomakehurst:wiremock-jre8-standalone
1
com.github.tomakehurst:wiremock-jre8
1
org.wiremock:wiremock
1
org.wiremock:wiremock-standalone
1
django-basic-auth-ip-whitelist
1
qutebrowser
1
rabbit_common
1
automad/automad
1
github.com/Masterminds/goutils
1
@liquity/contracts
1
org.bouncycastle:bcprov-jdk18on
1
org.scala-sbt:io_3
1
org.scala-sbt:io_2.13
1
org.bouncycastle:bcprov-jdk15to18
1
org.scala-sbt:io_2.12
1
org.bouncycastle:bcprov-jdk13
1
org.scala-sbt:sbt
1
org.bouncycastle:bcprov-jdk12
1
io.jenkins.plugins:gitlab-branch-source
1
org.springframework.batch:spring-batch-core
1
org.jenkins-ci.plugins:ghprb
1
com.xuxueli:xxl-job-core
1
org.keycloak:keycloak-core
1
org.jenkins-ci.plugins:openshift-deployer
1
@diez/generation
1
virtualenv
1
com.typesafe.play:play
1
nokogiri
1
ember-source
1
github.com/oauth2-proxy/oauth2-proxy
1
@aedart/support
1
streamlit
1
github.com/oauth2-proxy/oauth2-proxy/v7
1
org.jenkins-ci.plugins:reverse-proxy-auth-plugin
1
thelounge
1
org.xmlunit:xmlunit-core
1
org.keycloak:keycloak-parent
1
merge-objects
1
bigint-money
1
put
1
firebase-tools
1
debug
1
solidus_backend
1
phpmyfaq/phpmyfaq
1
apostrophe
1
admidio/admidio
1
org.eclipse.jetty:jetty-openid
1
spina
1
org.keycloak:keycloak-server-spi-private
1
datasette-graphql
1
plone.restapi
1
github.com/flyteorg/flyteadmin
1
markdown-link-extractor
1
type-graphql
1
github.com/containers/podman/v4
1
xmpp-http-upload
1
tqdm
1
github.com/slsa-framework/slsa-verifier/v2
1
personnummer
1
github.com/slsa-framework/slsa-verifier
1
org.jenkins-ci.plugins:telegrambot
1
vodozemac
1
flarum/framework
1
net.sf.mpxj:mpxj
1
net.sf.mpxj
1
net.sf.mpxj-for-csharp
1
hyper
1
org.xwiki.platform:xwiki-platform-security-authentication-script
1
net.sf.mpxj-for-vb
1
mpxj
1
Filter by Repository
https://github.com/tensorflow/tensorflow
109
https://github.com/moodle/moodle
17
https://github.com/concretecms/concretecms
13
https://github.com/shopware/platform
12
https://github.com/openstack/nova
11
https://github.com/etcd-io/etcd
8
https://github.com/umbraco/Umbraco-CMS
7
https://github.com/matrix-org/synapse
7
https://github.com/phpmyadmin/phpmyadmin
7
https://github.com/eclipse/jetty.project
7
https://github.com/vyperlang/vyper
7
https://github.com/octobercms/october
7
https://github.com/rails/rails
6
https://github.com/sweetalert2/sweetalert2
5
https://github.com/nodejs/undici
5
https://github.com/rack/rack
5
https://github.com/ansible/ansible
5
https://github.com/helm/helm
5
https://github.com/kubernetes/kubernetes
5
https://github.com/keycloak/keycloak
5
https://github.com/bytecodealliance/wasmtime
5
https://github.com/baserproject/basercms
5
https://github.com/TYPO3/typo3
5
https://github.com/xwiki/xwiki-platform
5
https://github.com/puppetlabs/puppet
5
https://github.com/jenkinsci/jenkins
5
https://github.com/simplesamlphp/simplesamlphp
4
https://github.com/apache/tomcat
4
https://github.com/cilium/cilium
4
https://github.com/wintercms/winter
4
https://github.com/electron/electron
4
https://github.com/shopware/shopware
4
https://github.com/mattermost/mattermost
4
https://github.com/vaadin/platform
4
https://github.com/wagtail/wagtail
3
https://github.com/nautobot/nautobot
3
https://github.com/Graylog2/graylog2-server
3
https://github.com/django/django
3
https://github.com/digitalbazaar/forge
3
https://github.com/phusion/passenger
3
https://github.com/vaadin/flow
3
https://github.com/vantage6/vantage6
3
https://github.com/symfony/symfony
3
https://github.com/httplib2/httplib2
3
https://github.com/nervosnetwork/ckb
3
https://github.com/cosmos/cosmos-sdk
3
https://github.com/pyca/cryptography
3
https://github.com/ethyca/fides
3
https://github.com/Sylius/Sylius
3
https://github.com/CVEProject/cvelist
3
https://github.com/openstack/keystone
3
https://github.com/answerdev/answer
2
https://github.com/saltstack/salt
2
https://github.com/openstack/glance
2
https://github.com/aio-libs/aiohttp
2
https://github.com/aws/s2n-quic
2
https://github.com/ezsystems/ezplatform-kernel
2
https://github.com/ntbosscher/gobase
2
https://github.com/microweber/microweber
2
https://github.com/zopefoundation/Zope
2
https://github.com/quarkusio/quarkus
2
https://github.com/cometbft/cometbft
2
https://github.com/containerd/containerd
2
https://github.com/RIAEvangelist/node-ipc
2
https://github.com/Flask-Middleware/flask-security
2
https://github.com/TYPO3/TYPO3.CMS
2
https://github.com/bcgit/bc-java
2
https://github.com/hashicorp/nomad
2
https://github.com/OpenZeppelin/openzeppelin-contracts
2
https://github.com/nats-io/nats-server
2
https://github.com/jenkinsci/ec2-plugin
2
https://github.com/nextauthjs/next-auth
2
https://github.com/ceph/ceph-deploy
2
https://github.com/apollographql/apollo-server
2
https://github.com/apache/activemq
2
https://gitlab.com/sequoia-pgp/sequoia
2
https://github.com/GilaCMS/gila
2
https://github.com/opencontainers/runc
2
https://github.com/mutagen-io/mutagen
2
https://github.com/theupdateframework/python-tuf
2
https://github.com/parse-community/parse-server
2
https://github.com/openstack/horizon
2
https://github.com/octoprint/octoprint
2
https://github.com/dpgaspar/Flask-AppBuilder
2
https://github.com/opencontainers/distribution-spec
2
https://github.com/firefly-iii/firefly-iii
2
https://github.com/pypa/pip
2
https://github.com/sigstore/cosign
2
https://github.com/flarum/framework
2
https://github.com/rust-lang/cargo
2
https://github.com/authzed/spicedb
2
https://github.com/mattermost/mattermost-plugin-jira
2
https://github.com/micromatch/braces
2
https://github.com/craftcms/cms
2
https://github.com/tinymce/tinymce
1
https://github.com/ezsystems/ezpublish-kernel
1
https://github.com/NVIDIA/NeMo
1
https://github.com/vapor/postgres-nio
1
https://github.com/vega/vega
1
https://github.com/jquery-validation/jquery-validation
1
https://github.com/keylime/keylime
1
https://github.com/Azure/setup-kubectl
1
https://github.com/spinacms/spina
1
https://github.com/decidim/decidim
1
https://github.com/swagger-api/swagger-codegen
1
https://github.com/knative-extensions/eventing-github
1
https://github.com/simplegeo/python-oauth2
1
https://github.com/personnummer/csharp
1
https://github.com/Consensys/gnark-crypto
1
https://github.com/http4s/http4s
1
https://github.com/admidio/admidio
1
https://github.com/httpie/httpie
1
https://github.com/waysact/webpack-subresource-integrity
1
https://github.com/keystonejs/keystone
1
https://github.com/spring-projects/spring-data-rest
1
https://github.com/Twipped/ircdkit
1
https://github.com/directus/directus
1
https://github.com/cloudfoundry/uaa
1
https://github.com/plone/Products.CMFPlone
1
https://github.com/jenkinsci/mercurial-plugin
1
https://github.com/canonical/lxd
1
https://github.com/yiisoft/yii2-authclient
1
https://github.com/skylot/jadx
1
https://github.com/Masterminds/goutils
1
https://github.com/google/zerocopy
1
https://github.com/dojo/dijit
1
https://github.com/jeremylong/DependencyCheck
1
https://github.com/tauri-apps/tauri
1
https://github.com/node-red/node-red
1
https://github.com/ubernostrum/django-registration
1
https://github.com/rails/globalid
1
https://github.com/moq/moq
1
https://github.com/personnummer/php
1
https://github.com/openjdk/jfx
1
https://github.com/livehelperchat/livehelperchat
1
https://github.com/CosmWasm/cosmwasm
1
https://github.com/endojs/endo
1
https://github.com/cjvnjde/google-translate-api-browser
1
https://github.com/puma/puma
1
https://github.com/floriangaerber/Magnesium-PHP
1
https://github.com/zowe/imperative
1
https://github.com/derbyjs/derby
1
https://github.com/jenkinsci/digitalocean-plugin
1
https://github.com/croogo/croogo
1
https://github.com/theupdateframework/go-tuf
1
https://github.com/thelounge/thelounge
1
https://github.com/Cyber-Domain-Ontology/CDO-Utility-Local-UUID
1
https://github.com/joeferner/redis-commander
1
https://github.com/fastify/fastify-http-proxy
1
https://github.com/brefphp/bref
1
https://github.com/electron-userland/electron-packager
1
https://github.com/ktorio/ktor
1
https://github.com/PrestaShop/productcomments
1
https://github.com/mlflow/mlflow
1
https://github.com/kopia/kopia
1
https://github.com/jenkinsci/qmetry-for-jira-test-management-plugin
1
https://github.com/fluent/fluentd
1
https://github.com/python-imaging/Pillow
1
https://github.com/jenkinsci/email-ext-plugin
1
https://github.com/jcubic/jquery.terminal
1
https://github.com/medikoo/es5-ext
1
https://github.com/lexik/LexikJWTAuthenticationBundle
1
https://github.com/kitabisa/teler
1
https://github.com/jenkinsci/inedo-buildmaster-plugin
1
https://github.com/onionshare/onionshare
1
https://github.com/sparklemotion/sqlite3-ruby
1
https://github.com/memorysafety/sudo-rs
1
https://github.com/ericcornelissen/shescape
1
https://github.com/alphagov/tech-docs-gem
1
https://github.com/tailscale/tailscale
1
https://github.com/Nebulosus/shamir
1
https://github.com/ajenti/ajenti
1
https://github.com/xuxueli/xxl-job
1
https://github.com/yourls/yourls
1
https://github.com/bbatsov/rubocop
1
https://github.com/dan1hc/fgr
1
https://github.com/jenkinsci/github-plugin
1
https://github.com/kiwitcms/Kiwi
1
https://github.com/gradle/gradle
1
https://gitlab.com/edneville/please
1
https://github.com/xmlunit/xmlunit
1
https://github.com/octokit/octopoller.rb
1
https://github.com/disintegration/imaging
1
https://github.com/node-js-libs/cli
1
https://github.com/Brondahl/EnumStringValues
1
https://github.com/foxcpp/maddy
1
https://github.com/jenkinsci/git-client-plugin
1
https://github.com/personnummer/go
1
https://github.com/amundsen-io/amundsenfrontendlibrary
1
https://github.com/elastic/apm-agent-go
1
https://github.com/rust-vmm/linux-loader
1
https://github.com/jenkinsci/resource-disposer-plugin
1
https://github.com/zopefoundation/Products.GenericSetup
1
https://github.com/npm/npm
1
https://github.com/triaxtec/openapi-python-client
1
https://github.com/arguiot/EyeJS
1
https://github.com/dub-flow/vulnerability-research
1
https://github.com/jenkinsci/gitlab-plugin
1
https://github.com/impredicative/bitlyshortener
1