Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories

Browse all Security Advisories for

Loading...
Moderate
GSA_kwCzR0hTQS0yNTU3LXg5bWctNzZ3OM4AA5Zz
ASA-2024-002: Default `PrepareProposalHandler` may produce invalid proposals when used with default `SenderNonceMempool`
Ecosystems: go
Packages: github.com/cosmos/cosmos-sdk
Source: GitHub Advisory Database
Blast Radius: 17.8
Published: 11 months ago
Moderate
GSA_kwCzR0hTQS05N2ptLWczM2gtZjQ2Z84AA8iQ
silverstripe/framework ReadOnly transformation for formfields exploitable
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 22.2
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS1xcDI5LXdjYzItdm1wY84AA8hz
Silverstripe HtmlEditor embed url sanitisation
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 15.6
Published: 8 months ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXg5Z20tcXhoaC1yZjc1
Malicious Package in cordova-plugin-china-picker
Ecosystems: npm
Packages: cordova-plugin-china-picker
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 4 years ago
Moderate
GSA_kwCzR0hTQS1xamN2LXJ4M3YtN212as4AA8WR
github.com/cosmos/ibc-go affected by IBC protocol "Huckleberry" vulnerability
Ecosystems: go
Packages: github.com/cosmos/ibc-go, github.com/cosmos/ibc-go/v2, github.com/cosmos/ibc-go/v3, github.com/cosmos/ibc-go/v4, github.com/cosmos/ibc-go/v5, github.com/cosmos/ibc-go/v6, github.com/cosmos/ibc-go/v7
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS1ocTRwLTVtcHItamo5bc4AA8hv
Silverstripe XSS in dev/build returnURL Parameter
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 17.1
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS1nNGhwLXBmdmYtdm01d84AA8hw
SilverStripe Vulnerability on 'isDev', 'isTest' and 'flush' $_GET validation
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 23.6
Published: 8 months ago
High
GSA_kwCzR0hTQS05d3g3LWpydmMtMjhtbc0W9Q
Signature verification vulnerability in Stark Bank ecdsa libraries
Ecosystems: npm, nuget, maven, pypi
Packages: starkbank-ecdsa, com.starkbank:ecdsa-java
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 3 years ago
Moderate
GSA_kwCzR0hTQS03cDdjLXB2dngtMnZ4M84AAwJ3
hyper-staticfile's improper validation of Windows paths could lead to directory traversal attack
Ecosystems: cargo
Packages: hyper-staticfile
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1qOTgyLTVqdjctdjQzcs4AA8hy
Silverstripe Form field validation message XSS vulnerability
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 22.2
Published: 8 months ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWZ3NHAtMzZqOS1ycmoz
Denial of Service in sequelize
Ecosystems: npm
Packages: sequelize
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 4 years ago
Moderate
GSA_kwCzR0hTQS1mN2NxLTV2NDMtOHB3cM4AA8hk
Traefik vulnerable to GO issue allowing malformed DNS message to cause infinite loop
Ecosystems: go
Packages: github.com/traefik/traefik, github.com/traefik/traefik/v3, github.com/traefik/traefik/v2
Source: GitHub Advisory Database
Blast Radius: 9.1
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS00aDU0LXZ3eDktM3ZyM84AA8hm
Silverstripe XSS In FormAction
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 22.2
Published: 8 months ago
Critical
GSA_kwCzR0hTQS05NGc3LWhwdjgtaDlxbc0bRQ
Remote code injection in Log4j
Ecosystems: maven
Packages: com.splunk.logging:splunk-library-javalogging
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 3 years ago
Moderate
GSA_kwCzR0hTQS1qcXA4LXY3NHAtZzhweM4AA8hs
Silverstripe XSS in Director::force_redirect()
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 22.2
Published: 8 months ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXFwNm0tanFmci0yZjd2
Malicious Package in babel-laoder
Ecosystems: npm
Packages: babel-laoder
Source: GitHub Advisory Database
Blast Radius: 10.7
Published: over 4 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTNtMnItcTh4My14bWY3
Moderate severity vulnerability that affects Microsoft.AspNetCore.All, Microsoft.AspNetCore.Server.Kestrel.Core, Microsoft.AspNetCore.Server.Kestrel.Transport.Abstractions, and Microsoft.AspNetCore.Server.Kestrel.Transport.Libuv
Ecosystems: nuget
Packages: Microsoft.AspNetCore.All, Microsoft.AspNetCore.Server.Kestrel.Transport.Libuv, Microsoft.AspNetCore.Server.Kestrel.Transport.Abstractions, Microsoft.AspNetCore.Server.Kestrel.Core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 6 years ago
High
GSA_kwCzR0hTQS0yNWdxLWp2eDItdmc5eM4AA8ht
Silverstripe X-Forwarded-Host request hostname injection
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 26.2
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS01ZjV2LTVjM3YtZ3c1ds4AA8hg
Silverstripe IE requests not properly behaving with rewritehashlinks
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 22.2
Published: 8 months ago
Critical
GSA_kwCzR0hTQS02cjdjLTZ3OTYtOHB2d80ZPw
Remote Code Execution in AjaxNetProfessional
Ecosystems: nuget
Packages: AjaxNetProfessional
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 3 years ago
Moderate
GSA_kwCzR0hTQS12cDhwLWM2eGoteHBqN84AA8hu
Silverstripe External redirection risk in Security?ReturnURL
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 21.1
Published: 8 months ago
Critical
GSA_kwCzR0hTQS0zamNoLTlxZ3AtNDg0NM4AArrG
Generated code can read and write out of bounds in safe code
Ecosystems: cargo
Packages: flatbuffers
Source: GitHub Advisory Database
Blast Radius: 28.9
Published: over 2 years ago
High
GSA_kwCzR0hTQS02aGNmLWc2Z3ItaGhjcs4AAyUJ
`openssl` `X509Extension::new` and `X509Extension::new_nid` null pointer dereference
Ecosystems: cargo
Packages: openssl
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS04OGpwLTlqcnYtNjM2OM4AA8hj
Silverstripe XSS In GridField print
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 22.2
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS0zOWhjLXY4N2otNzQ3eM4AAvq8
Vulnerable OpenSSL included in cryptography wheels
Ecosystems: pypi
Packages: cryptography
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS02aGg2LTU5ajItcXJ4d84AA8fu
Silverstripe History XSS Vulnerability
Ecosystems: packagist
Packages: silverstripe/cms
Source: GitHub Advisory Database
Blast Radius: 20.7
Published: 8 months ago
Critical
GSA_kwCzR0hTQS03MzM2LWdoaHAtZjJxas4AA8dZ
Shopware Remote Code Execution Vulnerability
Ecosystems: packagist
Packages: shopware/shopware
Source: GitHub Advisory Database
Blast Radius: 16.2
Published: 8 months ago
High
GSA_kwCzR0hTQS1obXg5LWptM3YtMzNods4AArq7
InputStream::read_exact : `Read` on uninitialized buffer causes UB
Ecosystems: cargo
Packages: buffoon
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
High
GSA_kwCzR0hTQS0ydjJ3LTh2OGMtd2NtOc4ABDXl
Rancher UI has Stored Cross-site Scripting vulnerability
Ecosystems: go
Packages: github.com/rancher/rancher
Source: GitHub Advisory Database
Blast Radius: 14.3
Published: 7 days ago
Moderate
GSA_kwCzR0hTQS1nOHBoLTc0bTYtOG03cs4AAzUA
ClickHouse vulnerable to client certificate password exposure in client exception
Ecosystems: maven
Packages: com.clickhouse:clickhouse-r2dbc, com.clickhouse:clickhouse-jdbc, com.clickhouse:clickhouse-client
Source: GitHub Advisory Database
Blast Radius: 11.8
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1yOTdyLTY0dnAtZmdobc4AA8gL
Silverstripe XSS vulnerability via VirtualPage
Ecosystems: packagist
Packages: silverstripe/cms
Source: GitHub Advisory Database
Blast Radius: 20.7
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS1yMzJqLW1yOHAtaGZwOM4AA8hi
Silverstripe XSS in TreeDropdownField and TreeMultiSelectField
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 22.2
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS13Zmc0LTMyMmctOXZxds4AAz-b
memoffset allows reading uninitialized memory
Ecosystems: cargo
Packages: memoffset
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS13eDI0LXZxcmctbTZtNc4AA8gT
VuFind Server-Side Request Forgery (SSRF) vulnerability
Ecosystems: packagist
Packages: vufind/vufind
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 8 months ago
Low
GSA_kwCzR0hTQS01M3J2LWhjdm0tcnBwOc4ABDXm
Lodestar snappy decompression issue
Ecosystems: npm
Packages: @lodestar/reqresp
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 7 days ago
Low
GSA_kwCzR0hTQS1tOWM5LW1jMmgtOXdqd84ABDXn
Lodestar snappy checksum issue
Ecosystems: npm
Packages: @lodestar/reqresp
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 7 days ago
Moderate
GSA_kwCzR0hTQS04Zng4LTNyZzItNzl4d84AA_uz
Camaleon CMS vulnerable to stored XSS through user file upload (GHSL-2024-184)
Ecosystems: rubygems
Packages: camaleon_cms
Source: GitHub Advisory Database
Blast Radius: 6.9
Published: 4 months ago
High
GSA_kwCzR0hTQS1jcG1yLW13NGotOTlyN84AAyUM
Nginx alias path traversal allows unauthenticated attackers to read all files on /label_studio/core/
Ecosystems: pypi
Packages: label-studio
Source: GitHub Advisory Database
Blast Radius: 11.9
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS0yd3E1LWc5NmYtbXYzds4AA_un
Ouch! allows a segmentation fault due to use of uninitialized memory
Ecosystems: cargo
Packages: ouch
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS00N3hoLXF4cXYtbWd2Z84AAwIN
kube-httpcache is vulnerable to Cross-Site Request Forgery (CSRF)
Ecosystems: go
Packages: github.com/mittwald/kube-httpcache
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS05cGh3LTdoOTYtcTNyds4AA8ab
scheb/two-factor-bundle bypass two-factor authentication with remember-me option
Ecosystems: packagist
Packages: scheb/two-factor-bundle
Source: GitHub Advisory Database
Blast Radius: 15.4
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS03djN4LWg3cjItMzRqds0lXg
Insufficient Session Expiration in Pterodactyl API
Ecosystems: packagist
Packages: pterodactyl/panel
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 3 years ago
Moderate
GSA_kwCzR0hTQS1tcWY1LTI3NWgtZ2Y2cs4AA8hx
Silverstripe framework is vulnerable to XSS in install.php
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 22.2
Published: 8 months ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW1nNjktNmozbS1qdmd3
HTML Injection in marky-markdown
Ecosystems: npm
Packages: marky-markdown
Source: GitHub Advisory Database
Blast Radius: 16.9
Published: over 4 years ago
High
GSA_kwCzR0hTQS0zdzZwLThmODItZ3c4cs0c1Q
Using JMSAppender in log4j configuration may lead to deserialization of untrusted data
Ecosystems: maven
Packages: ru.yandex.clickhouse:clickhouse-jdbc-bridge
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 3 years ago
Low
GSA_kwCzR0hTQS0yajZyLTl2djQtNmdmNc4AA8WS
github.com/bincyber/go-sqlcrypter vulnerable to IV collision
Ecosystems: go
Packages: github.com/bincyber/go-sqlcrypter
Source: GitHub Advisory Database
Blast Radius: 1.1
Published: 8 months ago
Low
GSA_kwCzR0hTQS03NzljLTd3NHAtMmM0Z84AA8ft
Silverstripe admin XSS Vulnerability via WYSIWYG editor
Ecosystems: packagist
Packages: silverstripe/admin
Source: GitHub Advisory Database
Blast Radius: 10.4
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS0zNHE2LXhxeGgtZ3EzOc4AA8hl
Silverstripe XSS In rewritten hash links
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 22.2
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS02d3FwLTdnOTQtZjY5as4AA8ac
sensiolabs/connect has a Cross-Site Request Forgery Vulnerability
Ecosystems: packagist
Packages: sensiolabs/connect
Source: GitHub Advisory Database
Blast Radius: 7.7
Published: 8 months ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXA3MnAtcmpyMi1yNDM5
Server-Side Request Forgery in terriajs-server
Ecosystems: npm
Packages: terriajs-server
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 5 years ago
Moderate
GSA_kwCzR0hTQS1ybTh2LW14ajMtNXJtcc4AAz3K
github.com/lestrrat-go/jwx vulnerable to Potential Padding Oracle Attack
Ecosystems: go
Packages: github.com/lestrrat-go/jwx, github.com/lestrrat-go/jwx/v2
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
High
GSA_kwCzR0hTQS1oNm1wLW1jN2ctbWc0Oc4AA8aa
scheb/two-factor-bundle bypass two-factor authentication with unverified JWT trusted device token
Ecosystems: packagist
Packages: scheb/two-factor-bundle
Source: GitHub Advisory Database
Blast Radius: 15.4
Published: 8 months ago
High
GSA_kwCzR0hTQS01Zjk3LWgyYzItODI2cc4AA8WE
json-schema-ref-parser Prototype Pollution issue
Ecosystems: npm
Packages: @apidevtools/json-schema-ref-parser
Source: GitHub Advisory Database
Blast Radius: 36.1
Published: 8 months ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXE0MnAtcGc4bS1jcWg2
Prototype Pollution in handlebars
Ecosystems: npm
Packages: handlebars
Source: GitHub Advisory Database
Blast Radius: 44.5
Published: over 5 years ago
Moderate
GSA_kwCzR0hTQS13dzN2LTZ4amYtanYyOM4AAtA_
Uncontrolled Resource Consumption in Spray JSON
Ecosystems: maven
Packages: io.spray:spray-json
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Low
GSA_kwCzR0hTQS01Y3BxLTh3ajctaGYyds4AAzmB
Vulnerable OpenSSL included in cryptography wheels
Ecosystems: pypi
Packages: cryptography
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTI4aHAtZmdjci0ycjRo
Cross-Site Scripting via JSONP
Ecosystems: npm
Packages: angular
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXdoNzctM3g0bS00cTln
Moderate severity vulnerability that affects bootstrap and bootstrap-sass
Ecosystems: npm
Packages: bootstrap-sass, bootstrap
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 6 years ago
Moderate
GSA_kwCzR0hTQS12eDJ4LTljZmYtZmhqd84AAwLo
DSInternals Credential Roaming Elevation of Privilege Vulnerability
Ecosystems: nuget
Packages: DSInternals.Common
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS05eDRoLTh3Z20tOHhmZ84AAtHx
Malformed CAR panics and excessive memory usage
Ecosystems: go
Packages: github.com/ipld/go-car/v2, github.com/ipld/go-car
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS05bWZjLWNod2YtN3doZs4AAvq9
ckb: Large dep group requires a lot of resources to process but the cost to commit the transaction is very low.
Ecosystems: cargo
Packages: ckb
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1qcXI3LTVoN3ItY2g4cM4AA8dY
Shopware Non-Persistent XSS in the Frontend
Ecosystems: packagist
Packages: shopware/shopware
Source: GitHub Advisory Database
Blast Radius: 10.1
Published: 8 months ago
Low
GSA_kwCzR0hTQS00NTdyLWNxYzgtOXZqOc4AAwBT
sweetalert2 v10.16.10 and above contains hidden functionality
Ecosystems: npm
Packages: sweetalert2
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS01cGhjLTg0OWgtdmN4Z84AArq6
`Read` on uninitialized buffer can cause UB (impl of `ReadKVExt`)
Ecosystems: cargo
Packages: bronzedb-protocol
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS00MnFtLTh2OG0tbTc4Y84AAzlJ
PocketMine MP vulnerable to uncontrolled resource consumption via mismatched type of 'InventoryTransactionPacket'
Ecosystems: packagist
Packages: pocketmine/pocketmine-mp
Source: GitHub Advisory Database
Blast Radius: 11.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS14Mjc5LTY4cnItanA0cM4AAvME
Blst vulnerable to incorrect results for some inputs in blst_fp_eucl_inverse function
Ecosystems: go
Packages: github.com/supranational/blst
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS04M2p2LTRwcm0tMzRnN84AA8da
Shopware Remote Code Execution Vulnerability
Ecosystems: packagist
Packages: shopware/shopware
Source: GitHub Advisory Database
Blast Radius: 16.2
Published: 8 months ago
High
GSA_kwCzR0hTQS04dnI0LWg0cnItOHBoNs4AA8WB
MiguelCastillo @bit/loader Prototype Pollution issue
Ecosystems: npm
Packages: @bit/loader
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 8 months ago
Low
GSA_kwCzR0hTQS1qajU0LTVxMm0tcTdwas4AA8Ef
NATS server TLS missing ciphersuite settings when CLI flags used
Ecosystems: go
Packages: github.com/nats-io/nats-server/v2
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS14Y2Y3LXJ2bWgtZzZxNM4AAz-d
`openssl` `X509VerifyParamRef::set_host` buffer over-read
Ecosystems: cargo
Packages: openssl
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTY4Z3ItY21jcC1nM21q
Directory Traversal in lactate
Ecosystems: npm
Packages: lactate
Source: GitHub Advisory Database
Blast Radius: 11.9
Published: over 5 years ago
Critical
GSA_kwCzR0hTQS1xM2c0LTJ2dzkteHYyN84AA8dX
Shopware Remote Code Execution Vulnerability
Ecosystems: packagist
Packages: shopware/shopware
Source: GitHub Advisory Database
Blast Radius: 16.2
Published: 8 months ago
High
GSA_kwCzR0hTQS0zbW05LTJwNDQtcnczOc4AA8gM
Silverstripe SiteTree Creation Permission Vulnerability
Ecosystems: packagist
Packages: silverstripe/cms
Source: GitHub Advisory Database
Blast Radius: 25.5
Published: 8 months ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTR2bW0tbWhjcS00eDlq
Sandbox Bypass Leading to Arbitrary Code Execution in constantinople
Ecosystems: npm
Packages: constantinople
Source: GitHub Advisory Database
Blast Radius: 53.3
Published: over 5 years ago
Low
GSA_kwCzR0hTQS0yOW1mLTYyeHgtMjhqcc4AAzpN
buffered-reader vulnerable to out-of-bounds array access leading to panic
Ecosystems: cargo
Packages: buffered-reader
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWo0bXItOXh3My1jOWp4
Out-of-bounds Read in base64-url
Ecosystems: npm
Packages: base64-url
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 5 years ago
Low
GSA_kwCzR0hTQS1tcWYzLXFwYzMtZzI2cc4ABDXq
Silverstripe Framework has a Reflected Cross Site Scripting (XSS) in error message
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 7 days ago
Critical
GSA_kwCzR0hTQS1nM3EyLXZjanEtcmdyY84AA8V-
Blackprint @blackprint/engine Prototype Pollution issue
Ecosystems: npm
Packages: @blackprint/engine
Source: GitHub Advisory Database
Blast Radius: 10.2
Published: 8 months ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTQ5cjMtM2g5Ni1yd2o2
Cross-Site Scripting in ids-enterprise
Ecosystems: npm
Packages: ids-enterprise
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 5 years ago
Critical
GSA_kwCzR0hTQS12ODRoLTY1M3YtNHBxOc4AA7vR
Some CORS middleware allow untrusted origins
Ecosystems: go
Packages: github.com/jub0bs/fcors
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 9 months ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWhwZnEtOHd4OC1jZ3F3
Cross-Site Scripting in ids-enterprise
Ecosystems: npm
Packages: ids-enterprise
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 5 years ago
High
GSA_kwCzR0hTQS1xbTlmLWMzdjktd3Bods4ABAbi
Security Update for the OPC UA .NET Standard Stack
Ecosystems: nuget
Packages: OPCFoundation.NetStandard.Opc.Ua, OPCFoundation.NetStandard.Opc.Ua.Core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS03dmg3LWZ3ODgtd2o4N84AA1Il
Several quadratic complexity bugs may lead to denial of service in Commonmarker
Ecosystems: rubygems
Packages: commonmarker
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
High
GSA_kwCzR0hTQS05NzYzLTRmOTQtZ2ZjaM4AA4Ql
CIRCL's Kyber: timing side-channel (kyberslash2)
Ecosystems: go
Packages: github.com/cloudflare/circl
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS1md2hjLW1tOXEtbXFxOM4AA8gN
VuFind Server-Side Request Forgery (SSRF) vulnerability
Ecosystems: packagist
Packages: vufind/vufind
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 8 months ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTgzcjgtcDh2Ni02Z2Zt
Slock<T> allows sending non-Send types across thread boundaries
Ecosystems: cargo
Packages: slock
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 3 years ago
High
GSA_kwCzR0hTQS1xM2o2LTIyd2YtM2poOc4AAzSh
github.com/ipfs/go-bitswap vulnerable to DOS unbounded persistent memory leak
Ecosystems: go
Packages: github.com/ipfs/go-bitswap
Source: GitHub Advisory Database
Blast Radius: 22.9
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS13OGZxLXhndmgtY3hjMs4AA8hf
Silverstripe Forum Module CSRF Vulnerability
Ecosystems: packagist
Packages: silverstripe/forum
Source: GitHub Advisory Database
Blast Radius: 4.8
Published: 8 months ago
Low
GSA_kwCzR0hTQS1oM2doLTk3OHItNzQ3d84AATUz
puppetlabs-rabbitmq allows local users to obtain sensitive information
Ecosystems: hex
Packages: puppetlabs-rabbitmq
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
High
GSA_kwCzR0hTQS14Z3doLWNndjktNzgzds4AA8f0
Ghost allows CSV Injection during member CSV export
Ecosystems: npm
Packages: @tryghost/members-csv
Source: GitHub Advisory Database
Blast Radius: 21.4
Published: 8 months ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWMzNXYtcXdxZy04N2pj
express-basic-auth Timing Attack due to native string comparison instead of constant time string comparison
Ecosystems: npm
Packages: express-basic-auth
Source: GitHub Advisory Database
Blast Radius: 11.2
Published: over 5 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWc3NHItZmZ2ci01cTlm
Memory Exposure in concat-stream
Ecosystems: npm
Packages: concat-stream
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 5 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTh2NWYtaHA3OC1qZ3hx
Signature Verification Bypass in jwt-simple
Ecosystems: npm
Packages: jwt-simple
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 5 years ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTN4YzcteGc2Ny1wdzk5
Sensitive Data Exposure in sequelize-cli
Ecosystems: npm
Packages: sequelize-cli
Source: GitHub Advisory Database
Blast Radius: 16.5
Published: over 5 years ago
Low
GSA_kwCzR0hTQS03Yzk0LWd2dmotcjNtZ84AAzot
cheqd-node affected by Inter-blockchain Communication (IBC) protocol "Huckleberry" vulnerability
Ecosystems: go
Packages: github.com/cheqd/cheqd-node
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
High
GSA_kwCzR0hTQS0zaHA4LTZqMjQtbTVnbc4AA_uy
Camaleon CMS vulnerable to remote code execution through code injection (GHSL-2024-185)
Ecosystems: rubygems
Packages: camaleon_cms
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 months ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTNmYzUtOXg5bS12cWM0
Privilege Escalation in express-cart
Ecosystems: npm
Packages: express-cart
Source: GitHub Advisory Database
Blast Radius: 3.0
Published: over 5 years ago
Moderate
GSA_kwCzR0hTQS1nNDN3LTk4d3AtbTY5NM4AA8hh
SilverStripe framework XML Quadratic Blowup Attack
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 19.3
Published: 8 months ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTg4NnYtbW02cC00bTY2
High severity vulnerability that affects gun
Ecosystems: npm
Packages: gun
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 5 years ago
Moderate
GSA_kwCzR0hTQS1tcHFqLWY0djMtMzM0aM4AA8iP
Silverstripe Cross-site scripting vulnerability in VersionedRequestFilter
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 22.2
Published: 8 months ago
Statistics
Advisories: 21,126
Packages: 9,213
Repositories: 5,650
Ecosystems: 12
Filter by Package
tensorflow 433 tensorflow-gpu 427 tensorflow-cpu 423 moodle/moodle 367 Microsoft.ChakraCore 247 magento/community-edition 235 org.jenkins-ci.main:jenkins-core 193 typo3/cms 174 org.apache.tomcat:tomcat 132 pimcore/pimcore 118 dolibarr/dolibarr 113 typo3/cms-core 107 Django 103 drupal/core 99 microweber/microweber 97 phpmyadmin/phpmyadmin 92 silverstripe/framework 88 apache-airflow 85 drupal/drupal 83 librenms/librenms 80 thorsten/phpmyfaq 73 github.com/mattermost/mattermost/server/v8 72 Plone 72 com.fasterxml.jackson.core:jackson-databind 69 symfony/symfony 69 github.com/usememos/memos 64 ansible 63 actionpack 61 concrete5/concrete5 60 org.apache.struts:struts2-core 56 salt 56 apache-superset 55 shopware/platform 52 com.liferay.portal:release.portal.bom 51 github.com/grafana/grafana 49 org.keycloak:keycloak-core 49 craftcms/cms 48 baserproject/basercms 47 mlflow 47 nova 47 django 46 nokogiri 43 rdiffweb 42 plone 41 matrix-synapse 41 nilsteampassnet/teampass 40 org.apache.tomcat.embed:tomcat-embed-core 40 showdoc/showdoc 40 shopware/core 40 intelliants/subrion 39 vyper 39 org.elasticsearch:elasticsearch 39 github.com/rancher/rancher 39 github.com/mattermost/mattermost-server/v6 38 froxlor/froxlor 38 mautic/core 37 org.xwiki.platform:xwiki-platform-oldcore 37 github.com/hashicorp/vault 37 com.thoughtworks.xstream:xstream 37 com.jfinal:jfinal 36 k8s.io/kubernetes 36 moin 35 net.mingsoft:ms-mcms 35 org.keycloak:keycloak-services 35 snipe/snipe-it 35 gradio 35 zendframework/zendframework1 34 io.undertow:undertow-core 34 github.com/answerdev/answer 34 org.jenkins-ci.plugins:script-security 33 keystone 32 opencv-contrib-python 31 parse-server 31 Pillow 31 opencv-python 31 github.com/argoproj/argo-cd 31 gogs.io/gogs 31 getgrav/grav 30 shopware/shopware 30 github.com/docker/docker 29 github.com/hashicorp/consul 29 github.com/hashicorp/nomad 29 mediawiki/core 28 directus 28 github.com/argoproj/argo-cd/v2 27 centreon/centreon 27 prestashop/prestashop 26 pillow 26 github.com/cilium/cilium 26 electron 26 openssl-src 26 org.springframework.security:spring-security-core 25 rubygems-update 25 org.apache.solr:solr-core 25 magento/core 24 org.eclipse.jetty:jetty-server 24 org.keycloak:keycloak-parent 24 contao/core-bundle 24 zendframework/zendframework 23 com.liferay.portal:release.dxp.bom 23 simplesamlphp/simplesamlphp 23 grumpydictator/firefly-iii 23 remdex/livehelperchat 23 rack 23 pocketmine/pocketmine-mp 23 puppet 23 org.apache.openmeetings:openmeetings-parent 22 tribalsystems/zenario 22 org.bouncycastle:bcprov-jdk14 22 getkirby/cms 22 ckb 22 org.apache.nifi:nifi 21 glance 21 @openzeppelin/contracts-upgradeable 21 Microsoft.AspNetCore.App.Runtime.win-x64 21 Microsoft.AspNetCore.App.Runtime.win-x86 21 activerecord 21 code.gitea.io/gitea 20 langchain 20 next 20 github.com/ethereum/go-ethereum 20 laravel/framework 20 Microsoft.AspNetCore.App.Runtime.win-arm 20 @openzeppelin/contracts 20 github.com/traefik/traefik/v2 20 org.cloudfoundry.identity:cloudfoundry-identity-server 20 phpoffice/phpspreadsheet 20 funadmin/funadmin 20 github.com/goharbor/harbor 19 DotNetNuke.Core 19 contao/contao 19 org.springframework:spring-core 19 wasmtime 19 org.xwiki.platform:xwiki-platform-web-templates 19 golang.org/x/net 19 Microsoft.AspNetCore.App.Runtime.linux-musl-x64 18 cockpit-hq/cockpit 18 Microsoft.AspNetCore.App.Runtime.linux-arm 18 topthink/framework 18 Microsoft.AspNetCore.App.Runtime.osx-x64 18 mercurial 18 Microsoft.AspNetCore.App.Runtime.linux-x64 18 cobbler 18 mindsdb 18 forkcms/forkcms 18 com.vaadin:vaadin-bom 18 Microsoft.AspNetCore.App.Runtime.win-arm64 18 Microsoft.AspNetCore.App.Runtime.linux-arm64 18 helm.sh/helm/v3 17 genix/cms 17 francoisjacquet/rosariosis 17 neutron 17 symfony/security 17 ezsystems/ezpublish-kernel 17 opencart/opencart 17 notebook 17 Microsoft.AspNetCore.App.Runtime.linux-musl-arm64 17 org.apache.geode:geode-core 17 cakephp/cakephp 17 yetiforce/yetiforce-crm 17 tinymce 16 ethyca-fides 16 typo3/cms-backend 16 openmage/magento-lts 16 paddlepaddle 16 org.apache.activemq:activemq-client 16 github.com/zitadel/zitadel 16 surrealdb 16 rusqlite 16 cryptography 16 PaddlePaddle 16 pyload-ng 16 org.bouncycastle:bcprov-jdk15 16 org.apache.jspwiki:jspwiki-main 16 phpbb/phpbb 16 sequelize 16 org.apache.dubbo:dubbo 16 smarty/smarty 15 ec-cube/ec-cube 15 OctoPrint 15 calibreweb 15 org.apache.struts.xwork:xwork-core 15 Microsoft.NetCore.App.Runtime.win-arm 15 Microsoft.NetCore.App.Runtime.win-arm64 15 Microsoft.NetCore.App.Runtime.win-x64 15 Microsoft.NetCore.App.Runtime.win-x86 15 october/system 15 symfony/security-http 15 ghost 15 ckeditor4 15 dompdf/dompdf 14 lollms 14 github.com/mattermost/mattermost-server 14 rails-html-sanitizer 14 activesupport 14 modoboa 14 pyftpdlib 14 deno 14 org.apache.tomcat:tomcat-coyote 14 org.xwiki.platform:xwiki-platform-web 14
Filter by Repository
https://github.com/tensorflow/tensorflow 433 https://github.com/moodle/moodle 218 https://github.com/chakra-core/ChakraCore 214 https://github.com/xwiki/xwiki-platform 189 https://github.com/jenkinsci/jenkins 150 https://github.com/django/django 114 https://github.com/pimcore/pimcore 113 https://github.com/apache/tomcat 103 https://github.com/apache/airflow 101 https://github.com/microweber/microweber 88 https://github.com/TYPO3/typo3 85 https://github.com/keycloak/keycloak 78 https://github.com/librenms/librenms 71 https://github.com/FasterXML/jackson-databind 70 https://github.com/thorsten/phpmyfaq 69 https://github.com/silverstripe/silverstripe-framework 66 https://github.com/rails/rails 64 https://github.com/symfony/symfony 64 https://github.com/usememos/memos 64 https://github.com/ansible/ansible 58 https://github.com/Dolibarr/dolibarr 57 https://github.com/kubernetes/kubernetes 53 https://github.com/python-pillow/Pillow 52 https://github.com/spring-projects/spring-framework 47 https://github.com/apache/struts 46 https://github.com/shopware/platform 43 https://github.com/ikus060/rdiffweb 42 https://github.com/argoproj/argo-cd 42 https://github.com/concretecms/concretecms 41 https://github.com/grafana/grafana 41 https://github.com/vyperlang/vyper 39 https://github.com/star7th/showdoc 38 https://github.com/magento/magento2 38 https://github.com/phpmyadmin/phpmyadmin 38 https://github.com/openstack/nova 37 https://github.com/plone/Products.CMFPlone 37 https://github.com/x-stream/xstream 37 https://github.com/craftcms/cms 36 https://github.com/dotnet/runtime 36 https://github.com/mautic/mautic 35 https://github.com/rancher/rancher 35 https://github.com/octobercms/october 35 https://github.com/answerdev/answer 34 https://github.com/saltstack/salt 34 https://github.com/apache/activemq 33 https://github.com/gradio-app/gradio 32 https://github.com/opencv/opencv 32 https://github.com/matrix-org/synapse 32 https://github.com/go-gitea/gitea 32 https://github.com/sparklemotion/nokogiri 32 https://github.com/mlflow/mlflow 31 https://github.com/parse-community/parse-server 31 https://github.com/PaddlePaddle/Paddle 31 https://github.com/snipe/snipe-it 30 https://github.com/openstack/keystone 28 https://github.com/umbraco/Umbraco-CMS 28 https://github.com/shopware/shopware 28 https://github.com/CVEProject/cvelist 28 https://github.com/apache/inlong 27 https://github.com/directus/directus 27 https://github.com/cilium/cilium 26 https://github.com/baserproject/basercms 26 https://github.com/froxlor/froxlor 26 https://github.com/gogs/gogs 26 https://github.com/github/advisory-database 25 https://github.com/contao/contao 25 https://github.com/electron/electron 25 https://github.com/getgrav/grav 24 https://github.com/strapi/strapi 24 https://github.com/apache/nifi 24 https://github.com/firefly-iii/firefly-iii 23 https://github.com/pmmp/PocketMine-MP 23 https://github.com/TYPO3/TYPO3.CMS 23 https://github.com/livehelperchat/livehelperchat 23 https://github.com/eclipse/jetty.project 23 https://github.com/langchain-ai/langchain 22 https://github.com/apache/cxf 22 https://github.com/nervosnetwork/ckb 22 https://github.com/hashicorp/consul 22 https://github.com/PrestaShop/PrestaShop 22 https://github.com/jenkinsci/script-security-plugin 21 https://github.com/netty/netty 21 https://github.com/nilsteampassnet/TeamPass 21 https://github.com/jeecgboot/jeecg-boot 20 https://github.com/OpenZeppelin/openzeppelin-contracts 20 https://github.com/bytecodealliance/wasmtime 20 https://github.com/PHPOffice/PhpSpreadsheet 20 https://github.com/undertow-io/undertow 20 https://github.com/simplesamlphp/simplesamlphp 20 https://github.com/traefik/traefik 20 https://github.com/OpenNMS/opennms 20 https://github.com/moby/moby 20 https://github.com/funadmin/funadmin 20 https://github.com/getkirby/kirby 19 https://github.com/cloudfoundry/uaa 19 https://github.com/zitadel/zitadel 19 https://github.com/bcgit/bc-java 19 https://github.com/goharbor/harbor 19 https://github.com/geoserver/geoserver 19 https://github.com/nilsteampassnet/teampass 19 https://github.com/intelliants/subrion 18 https://github.com/rack/rack 18 https://github.com/helm/helm 18 https://github.com/rubygems/rubygems 18 https://github.com/backstage/backstage 17 https://github.com/vaadin/platform 17 https://github.com/hashicorp/vault 17 https://github.com/mindsdb/mindsdb 17 https://github.com/denoland/deno 17 https://github.com/opencast/opencast 17 https://github.com/laravel/framework 17 https://github.com/liufee/cms 17 https://github.com/yetiforcecompany/yetiforcecrm 16 https://github.com/ethereum/go-ethereum 16 https://github.com/tinymce/tinymce 16 https://github.com/sequelize/sequelize 16 https://github.com/OpenMage/magento-lts 16 https://github.com/etcd-io/etcd 16 https://github.com/surrealdb/surrealdb 16 https://github.com/pyload/pyload 16 https://github.com/TYPO3-CMS/core 16 https://github.com/rusqlite/rusqlite 16 https://github.com/forkcms/forkcms 16 https://github.com/mattermost/mattermost 16 https://github.com/ethyca/fides 16 https://github.com/vercel/next.js 16 https://github.com/decidim/decidim 15 https://github.com/hashicorp/nomad 15 https://github.com/drupal/core 15 https://github.com/dompdf/dompdf 15 https://github.com/apache/camel 15 https://github.com/puppetlabs/puppet 15 https://github.com/vantage6/vantage6 15 https://github.com/PHPMailer/PHPMailer 15 https://github.com/cobbler/cobbler 15 https://github.com/zendframework/zendframework 15 https://github.com/centreon/centreon 15 https://github.com/pyca/cryptography 15 https://github.com/thorsten/phpMyFAQ 14 https://github.com/dotnet/aspnetcore 14 https://github.com/ckeditor/ckeditor4 14 https://github.com/containerd/containerd 14 https://github.com/nodejs/undici 14 https://github.com/twisted/twisted 14 https://github.com/aio-libs/aiohttp 14 https://github.com/xuxueli/xxl-job 14 https://github.com/golang/go 14 https://github.com/janeczku/calibre-web 14 https://github.com/cockpit-hq/cockpit 14 https://github.com/rails/rails-html-sanitizer 14 https://github.com/ming-soft/MCMS 13 https://github.com/apache/superset 13 https://github.com/TryGhost/Ghost 13 https://github.com/dromara/hutool 13 https://github.com/OPCFoundation/UA-.NETStandard 13 https://github.com/openfga/openfga 13 https://github.com/modoboa/modoboa 13 https://github.com/laurent22/joplin 13 https://github.com/swagger-api/swagger-ui 13 https://github.com/OpenRefine/OpenRefine 13 https://github.com/quarkusio/quarkus 13 https://github.com/apache/dolphinscheduler 13 https://github.com/publify/publify 13 https://github.com/apache/kylin 12 https://github.com/urllib3/urllib3 12 https://github.com/smarty-php/smarty 12 https://github.com/openstack/glance 12 https://github.com/centreon/centreon-archived 12 https://github.com/1Panel-dev/1Panel 12 https://github.com/puma/puma 12 https://github.com/wagtail/wagtail 12 https://github.com/patriksimek/vm2 12 https://github.com/pimcore/admin-ui-classic-bundle 12 https://github.com/opencontainers/runc 12 https://github.com/containers/podman 12 https://github.com/getsentry/sentry 12 https://github.com/cloudflare/cfrpki 11 https://github.com/pomerium/pomerium 11 https://github.com/NodeBB/NodeBB 11 https://github.com/Pylons/waitress 11 https://github.com/igniterealtime/Openfire 11 https://github.com/Studio-42/elFinder 11 https://github.com/nats-io/nats-server 11 https://github.com/WWBN/AVideo 11 https://github.com/cri-o/cri-o 11 https://github.com/codeigniter4/CodeIgniter4 11 https://github.com/cosmos/cosmos-sdk 11 https://github.com/vaadin/flow 11 https://github.com/spring-projects/spring-security 11 https://github.com/pgadmin-org/pgadmin4 11 https://github.com/dpgaspar/Flask-AppBuilder 11 https://github.com/cakephp/cakephp 11 https://github.com/top-think/framework 11 https://github.com/Sylius/Sylius 11 https://github.com/yiisoft/yii2 11 https://github.com/dolibarr/dolibarr 11 https://github.com/ezsystems/ezpublish-kernel 11 https://github.com/matrix-org/matrix-js-sdk 11 https://github.com/zenml-io/zenml 11