Browse Security Advisories
Low Security Advisories for @openzeppelin/contracts-upgradeable Clear Filters
Low
12 months ago
OpenTofu potential leaking of secret variable values when using static evaluation in v1.8
go
github.com/opentofu/opentofu
Low
12 months ago
October allows an admin account to upload PDF containing malicious JavaScript
packagist
october/october
Low
12 months ago
Zenario allows authenticated admin users to upload PDF files containing malicious code
packagist
tribalsystems/zenario
Low
about 1 year ago
LibreNMS vulnerable to Stored Cross-site Scripting via File Upload
packagist
librenms/librenms
Low
about 1 year ago
LibreNMS has Stored Cross-site Scripting vulnerability in "Alert Templates" feature
packagist
librenms/librenms
Low
about 1 year ago
Maven Archetype Plugin: Maven Archetype integration-test may package local settings into the published artifact, possibly containing credentials
maven
org.apache.maven.plugins:maven-archetype-plugin
Low
about 1 year ago
Apache Hadoop: Temporary File Local Information Disclosure
maven
org.apache.hadoop:hadoop-common
Low
about 1 year ago
Apache Druid: Users can provide MySQL JDBC properties not on allow list
maven
org.apache.druid:druid
Low
about 1 year ago
druid-pac4j, Apache Druid extension, has Padding Oracle vulnerability
maven
org.apache.druid.extensions:druid-pac4j
Low
about 1 year ago
Mattermost Desktop App fails to sufficiently configure Electron Fuses
npm
mattermost-desktop
Low
about 1 year ago
serve-static vulnerable to template injection that can lead to XSS
npm
serve-static
Low
about 1 year ago
AngularJS allows attackers to bypass common image source restrictions
npm
angular
Low
about 1 year ago
AngularJS allows attackers to bypass common image source restrictions
npm
angular
Low
about 1 year ago
sigstore-go has an unbounded loop over untrusted input can lead to endless data attack
go
github.com/sigstore/sigstore-go
Low
about 1 year ago
Timing-Based Username Enumeration Vulnerability in Fides Webserver Authentication
pypi
ethyca-fides
Low
about 1 year ago
gix-path uses local config across repos when it is the highest scope
cargo
gix-path
Low
about 1 year ago
CometBFT's state syncing validator from malicious node may lead to a chain split
go
github.com/cometbft/cometbft/light
Low
about 1 year ago
LTI 1.3 Grade Pass Back Implementation has Missing Authorization Vulnerability
pypi
lti-consumer-xblock
Low
about 1 year ago
gitoxide-core does not neutralize special characters for terminals
cargo
gitoxide, gitoxide-core
Low
about 1 year ago
Hono CSRF middleware can be bypassed using crafted Content-Type header
npm
hono
Low
about 1 year ago
Trufflehog vulnerable to Blind SSRF in some Detectors
go
github.com/trufflesecurity/trufflehog/v3
Low
about 1 year ago
Silverpeas vulnerable to password complexity rule bypass
maven
org.silverpeas.core:silverpeas-core
Low
about 1 year ago
Concrete CMS vulnerable to Stored Cross-site Scripting
packagist
concrete5/concrete5
Low
about 1 year ago
ipl/web's `ipl\Web\Common\CsrfCounterMeasure` is susceptible to CSRF
packagist
ipl/web
Low
about 1 year ago
Apache Airflow Providers FAB Insufficient Session Expiration vulnerability
pypi
apache-airflow-providers-fab
Low
about 1 year ago
Elliptic's ECDSA missing check for whether leading bit of r and s is zero
npm
elliptic
Low
about 1 year ago
Mattermost did not properly restrict channel creation
go
github.com/mattermost/mattermost/server/v8
Low
about 1 year ago
biscuit-auth vulnerable to public key confusion in third party block
cargo
biscuit-auth
Low
about 1 year ago
The fuels-ts typescript SDK has no awareness of to-be-spent transactions
npm
@fuel-ts/account
Low
about 1 year ago
XMP Toolkit's `XmpFile::close` can trigger undefined behavior
cargo
xmp_toolkit
Low
about 1 year ago
snapd failed to properly check the destination of symbolic links when extracting a snap
go
github.com/snapcore/snapd
Low
about 1 year ago
ProcessWire Cross Site Request Forgery vulnerability
packagist
processwire/processwire
Low
about 1 year ago
[PUNCIA] [CWE-319] Cleartext Transmission of Sensitive Information via HTTP urls in `API_URLS`
pypi
puncia
Low
about 1 year ago
Sentry's Python SDK unintentionally exposes environment variables to subprocesses
pypi
sentry-sdk
Low
about 1 year ago
Steeltoe Leaks Basic Auth Credentials to Logs After Fetch Registry Error
nuget
Steeltoe.Discovery.ClientAutofac, Steeltoe.Discovery.ClientCore, Steeltoe.Discovery.EurekaBase, Steeltoe.Discovery.Eureka
Low
about 1 year ago
dbt has an implicit override for built-in materializations from installed packages
pypi
dbt-core
Low
about 1 year ago
OpenSearch Observability does not properly restrict access to private tenant resources
maven
org.opensearch.plugin:opensearch-observability
Low
about 1 year ago
yt-dlp has dependency on potentially malicious third-party code in Douyu extractors
pypi
yt-dlp
Low
about 1 year ago
Private tokens could appear in logs if context containing gRPC metadata is logged in github.com/grpc/grpc-go
go
google.golang.org/grpc
Low
over 1 year ago
aimeos/ai-admin-graphql improper access control vulnerability allows editors to manage own services
packagist
aimeos/ai-admin-graphql
Low
over 1 year ago
Inclusion of Untrusted polyfill.io Code Vulnerability in fides.js
pypi
ethyca-fides
Low
over 1 year ago
Exposure of secrets through system log in Jenkins Structs Plugin
maven
org.jenkins-ci.plugins:structs
Low
over 1 year ago
October System module has an Open Redirect for Administrator Accounts
packagist
october/system
Low
over 1 year ago
October System module has a Reflected XSS via X-October-Request-Handler Header
packagist
october/system
Low
over 1 year ago
DSpace Cross Site Scripting (XSS) via a deposited HTML/XML document
maven
org.dspace:dspace-server-webapp
Low
over 1 year ago
Keycloak leaks configured LDAP bind credentials through the Keycloak admin console
maven
org.keycloak:keycloak-ldap-federation
Low
over 1 year ago
Apache Airflow does not return the "Cache-Control" header for dynamic content
pypi
apache-airflow
Low
over 1 year ago
Mattermost Desktop App allows for bypassing TCC restrictions on macOS
npm
mattermost-desktop
Low
over 1 year ago
HashiCorp Vault Incorrectly Validated JSON Web Tokens (JWT) Audience Claims
go
github.com/hashicorp/vault
Low
over 1 year ago
Keycloak Denial of Service via account lockout
maven
org.keycloak:keycloak-services
Low
over 1 year ago
Keycloak's improper input validation allows using email as username
maven
org.keycloak:keycloak-services
Low
over 1 year ago
@strapi/plugin-content-manager leaks data via relations via the Admin Panel
npm
@strapi/plugin-content-manager
Low
over 1 year ago
`docker cp` allows unexpected chmod of host files in Moby Docker Engine
go
github.com/docker/docker
Low
over 1 year ago
evmos allows transferring unvested tokens after delegations
go
github.com/evmos/evmos/v6, github.com/evmos/evmos/v7, github.com/evmos/evmos/v8, github.com/evmos/evmos/v9, github.com/evmos/evmos/v10, github.com/evmos/evmos/v11, github.com/evmos/evmos/v12, github.com/evmos/evmos/v13, github.com/evmos/evmos/v14, github.com/evmos/evmos/v15, github.com/evmos/evmos/v16, github.com/evmos/evmos/v17
Low
over 1 year ago
s2n-tls has a potentially observable differences in RSA premaster secret handling
cargo
s2n-tls
Low
over 1 year ago
Password hash exposed in CraftCMS two factor authentication plugin
packagist
born05/craft-twofactorauthentication
Low
over 1 year ago
Password confirmation stored in plain text via registration form in statamic/cms
packagist
statamic/cms
Low
over 1 year ago
Fides Webserver Logs Hosted Database Password Partial Exposure Vulnerability
pypi
ethyca-fides
Low
over 1 year ago
Umbraco Forms components vulnerable to Stored Cross-site Scripting
nuget
Umbraco.Forms
Low
over 1 year ago
silverstripe/framework sends passwords back to browsers under some circumstances
packagist
silverstripe/framework
Low
over 1 year ago
silverstripe/framework's pre-existing alc_enc cookies log users in if remember me is disabled
packagist
silverstripe/framework
Low
over 1 year ago
silverstripe/framework password encryption salt not updated
packagist
silverstripe/framework
Low
over 1 year ago
github.com/huandu/facebook may expose access_token in error message.
go
github.com/huandu/facebook/v2
Low
over 1 year ago
Jenkins Report Info Plugin Path Traversal vulnerability
maven
org.jenkins-ci.plugins:report-info
Low
over 1 year ago
Silverstripe admin XSS Vulnerability via WYSIWYG editor
packagist
silverstripe/admin
Low
over 1 year ago
vantage6 collaboration admins can extend their influence by expanding the collaboration
pypi
vantage6
Low
over 1 year ago
github.com/bincyber/go-sqlcrypter vulnerable to IV collision
go
github.com/bincyber/go-sqlcrypter
Filter by Severity
Filter by Ecosystem
pypi
513
maven
360
packagist
320
go
236
npm
232
nuget
116
cargo
108
rubygems
59
hex
6
actions
3
swift
2
pub
2
Filter by Package
tensorflow
105
tensorflow-cpu
100
tensorflow-gpu
96
moodle/moodle
34
github.com/mattermost/mattermost/server/v8
33
org.jenkins-ci.main:jenkins-core
19
concrete5/concrete5
16
magento/community-edition
14
shopware/platform
13
typo3/cms
13
phpmyadmin/phpmyadmin
13
vyper
12
org.opencms:opencms-core
11
shopware/core
11
github.com/mattermost/mattermost-server
10
magento/project-community-edition
10
org.apache.tomcat:tomcat
9
ethyca-fides
9
silverstripe/framework
8
nova
8
Umbraco.CMS
7
undici
7
wasmtime
7
typo3/cms-core
7
symfony/symfony
6
github.com/cilium/cilium
6
org.keycloak:keycloak-services
6
k8s.io/kubernetes
6
puppet
6
Magick.NET-Q16-HDRI-OpenMP-x64
5
Magick.NET-Q16-HDRI-x64
5
Magick.NET-Q16-OpenMP-arm64
5
Magick.NET-Q16-OpenMP-x64
5
Magick.NET-Q16-x64
5
actionpack
5
sweetalert2
5
Magick.NET-Q16-arm64
5
Magick.NET-Q16-HDRI-arm64
5
Magick.NET-Q16-HDRI-OpenMP-arm64
5
ansible
5
Magick.NET-Q8-OpenMP-arm64
5
Magick.NET-Q8-OpenMP-x64
5
rails-html-sanitizer
5
rack
5
october/backend
5
baserproject/basercms
5
next
5
elliptic
5
Magick.NET-Q8-x64
4
shopware/shopware
4
electron
4
Magick.NET-Q16-HDRI-x86
4
Magick.NET-Q16-AnyCPU
4
microweber/microweber
4
Magick.NET-Q16-HDRI-AnyCPU
4
helm.sh/helm/v3
4
cryptography
4
vantage6
4
github.com/mattermost/mattermost-server/v6
4
Magick.NET-Q16-x86
4
simplesamlphp/simplesamlphp
4
Magick.NET-Q8-AnyCPU
4
Magick.NET-Q8-arm64
4
github.com/hashicorp/vault
4
github.com/authzed/spicedb
4
helm.sh/helm
4
com.vaadin:flow-server
4
zenml
4
typo3/cms-install
3
github.com/cosmos/cosmos-sdk
3
org.graylog2:graylog2-server
3
twig/twig
3
typo3/cms-backend
3
aiohttp
3
apache-airflow
3
Magick.NET-Q8-x86
3
go.etcd.io/etcd/v3
3
mattermost-desktop
3
angular
3
django
3
node-forge
3
aws-cdk-lib
3
github.com/grafana/grafana
3
gradio
3
@openzeppelin/contracts-upgradeable
3
keystone
3
langchain
3
bin-links
3
github.com/docker/docker
3
matrix-synapse
3
nautobot
3
org.apache.hive:hive-exec
3
com.vaadin:vaadin-bom
3
directus
3
ckb
3
github.com/canonical/lxd
3
librenms/librenms
3
sudo-rs
3
october/system
3
surrealdb
3
nokogiri
3
passenger
3
risc0-zkvm
3
braces
2
org.jenkins-ci.plugins:repository-connector
2
MaterialX
2
org.eclipse.jetty:jetty-servlets
2
dolibarr/dolibarr
2
org.jenkins-ci.plugins:bigpanda-jenkins
2
drupal/core
2
org.apache.hadoop:hadoop-common
2
drupal/drupal
2
org.apache.hive:hive
2
@keystone-6/core
2
github.com/cometbft/cometbft
2
org.apache.hive:hive-service
2
admidio/admidio
2
org.jenkins-ci.plugins:artifactory
2
Nova
2
OctoPrint
2
s2n-quic
2
send
2
Umbraco.Forms
2
ezsystems/ezplatform-kernel
2
ezsystems/ezpublish-kernel
2
org.keycloak:keycloak-ldap-federation
2
plone
2
s2n-tls
2
org.jenkins-ci.plugins:mercurial
2
vite
2
hackney
2
@apollo/server
2
org.jenkins-ci.plugins:ec2
2
dbt-core
2
python-keystoneclient
2
com.xuxueli:xxl-job-core
2
gilacms/gila
2
next-auth
2
grumpydictator/firefly-iii
2
com.xuxueli:xxl-sso
2
cargo
2
@eslint/plugin-kit
2
salt
2
express
2
serve-static
2
github.com/answerdev/answer
2
shescape
2
agnai
2
org.jenkins-ci.plugins:ghprb
2
joomla/joomla-cms
2
org.apache.activemq:activemq-parent
2
tools.devnull:build-notifications
2
github.com/authelia/authelia/v4
2
juzaweb/cms
2
github.com/nats-io/nats-server/v2
2
transformers
2
tuf
2
upsonic
2
ceph-deploy
2
vantage6-server
2
vllm
2
sequoia-openpgp
2
leantime/leantime
2
github.com/goharbor/harbor
2
wagtail
2
weblate
2
Weblate
2
vaultwarden
2
github.com/apache/incubator-answer
2
tokio
2
matrix-appservice-irc
2
github.com/ntbosscher/gobase
2
apache-airflow-providers-fab
2
Zope
2
github.com/containerd/containerd
2
yeswiki/yeswiki
2
mautic/core
2
winter/wn-backend-module
2
github.com/1Panel-dev/1Panel
2
@sveltejs/kit
2
typo3/cms-frontend
2
tribalsystems/zenario
2
fiora
2
github.com/mattermost/mattermost-plugin-confluence
2
go.etcd.io/etcd/client/v3
2
october/cms
2
october/october
2
github.com/traefik/traefik/v2
2
github.com/Ackites/KillWxapkg
2
com.inedo.proget:inedo-proget
2
github.com/mutagen-io/mutagen
2
risc0-circuit-rv32im
2
@lodestar/reqresp
2
org.apache.tomcat:tomcat-catalina
2
Flask-Security-Too
2
freewvs
2
glance
2
org.xwiki.platform:xwiki-platform-oldcore
2
org.eclipse.jetty:jetty-server
2
com.ruoyi:ruoyi
2
Filter by Repository
https://github.com/tensorflow/tensorflow
105
https://github.com/moodle/moodle
19
https://github.com/concretecms/concretecms
14
https://github.com/vyperlang/vyper
12
https://github.com/TYPO3/typo3
12
https://github.com/shopware/platform
12
https://github.com/mattermost/mattermost
12
https://github.com/octobercms/october
10
https://github.com/openstack/nova
10
https://github.com/ethyca/fides
9
https://github.com/alkacon/opencms-core
9
https://github.com/etcd-io/etcd
8
https://github.com/umbraco/Umbraco-CMS
8
https://github.com/VulnSageAgent/PoCs
8
https://github.com/keycloak/keycloak
8
https://github.com/jenkinsci/jenkins
8
https://github.com/bytecodealliance/wasmtime
8
https://github.com/eclipse/jetty.project
7
https://github.com/xwiki/xwiki-platform
7
https://github.com/symfony/symfony
7
https://github.com/phpmyadmin/phpmyadmin
7
https://github.com/nodejs/undici
7
https://github.com/kubernetes/kubernetes
7
https://github.com/rails/rails
6
https://github.com/ansible/ansible
6
https://github.com/apache/airflow
6
https://github.com/apache/tomcat
6
https://github.com/cilium/cilium
6
https://github.com/vantage6/vantage6
6
https://github.com/liferay/liferay-portal
6
https://github.com/baserproject/basercms
5
https://github.com/silverstripe/silverstripe-framework
5
https://github.com/ImageMagick/ImageMagick
5
https://github.com/puppetlabs/puppet
5
https://github.com/vercel/next.js
5
https://github.com/helm/helm
5
https://github.com/rack/rack
5
https://github.com/rails/rails-html-sanitizer
5
https://github.com/sweetalert2/sweetalert2
5
https://github.com/indutny/elliptic
5
https://github.com/shopware/shopware
5
https://github.com/electron/electron
4
https://github.com/WeblateOrg/weblate
4
https://github.com/vaadin/platform
4
https://github.com/wintercms/winter
4
https://github.com/authzed/spicedb
4
https://github.com/simplesamlphp/simplesamlphp
4
https://github.com/pyca/cryptography
4
https://github.com/risc0/risc0
3
https://github.com/nautobot/nautobot
3
https://github.com/matrix-org/synapse
3
https://github.com/Graylog2/graylog2-server
3
https://github.com/surrealdb/surrealdb
3
https://github.com/cometbft/cometbft
3
https://github.com/openstack/keystone
3
https://gitlab.com/sequoia-pgp/sequoia
3
https://github.com/digitalbazaar/forge
3
https://github.com/aio-libs/aiohttp
3
https://github.com/cosmos/cosmos-sdk
3
https://github.com/aws/aws-cdk
3
https://github.com/zenml-io/zenml
3
https://github.com/bcgit/bc-java
3
https://github.com/twigphp/Twig
3
https://github.com/librenms/librenms
3
https://github.com/django/django
3
https://github.com/phusion/passenger
3
https://sourceforge.net/projects/phpmyadmin.sourceforge.net
3
https://github.com/canonical/lxd
3
https://github.com/directus/directus
3
https://github.com/sparklemotion/nokogiri
3
https://github.com/Byron/gitoxide
3
https://github.com/nervosnetwork/ckb
3
https://github.com/CVEProject/cvelist
3
https://github.com/moby/moby
3
https://github.com/vaadin/flow
3
https://github.com/sigstore/cosign
2
https://github.com/vitejs/vite
2
https://github.com/parse-community/parse-server
2
https://github.com/Cyber-Wo0dy/report
2
https://github.com/sveltejs/kit
2
https://github.com/ChainSafe/lodestar
2
https://github.com/xuxueli/xxl-job
2
https://github.com/theupdateframework/python-tuf
2
https://github.com/wagtail/wagtail
2
https://github.com/Leantime/leantime
2
https://github.com/jenkinsci/ec2-plugin
2
https://github.com/apache/kylin
2
https://github.com/OpenZeppelin/openzeppelin-contracts
2
https://github.com/Sylius/Sylius
2
https://github.com/hashicorp/nomad
2
https://github.com/huggingface/transformers
2
https://github.com/trifectatechfoundation/sudo-rs
2
https://github.com/craftcms/cms
2
https://github.com/Upsonic/Upsonic
2
https://github.com/micromatch/braces
2
https://github.com/aws/s2n-tls
2
https://github.com/umbraco/Umbraco.Forms.Issues
2
https://github.com/AcademySoftwareFoundation/MaterialX
2
https://github.com/benoitc/hackney
2
https://github.com/dpgaspar/Flask-AppBuilder
2
https://github.com/ezsystems/ezplatform-kernel
2
https://github.com/saltstack/salt
2
https://github.com/YesWiki/yeswiki
2
https://github.com/octoprint/octoprint
2
https://github.com/1Panel-dev/1Panel
2
https://github.com/quarkusio/quarkus
2
https://github.com/firefly-iii/firefly-iii
2
https://github.com/ShenxiuSec/cve-proofs
2
https://github.com/statamic/cms
2
https://github.com/expressjs/express
2
https://github.com/traefik/traefik
2
https://github.com/dbt-labs/dbt-core
2
https://github.com/schokokeksorg/freewvs
2
https://github.com/ceph/ceph-deploy
2
https://github.com/DataDog/guarddog
2
https://github.com/dfns/cggmp21
2
https://github.com/ntbosscher/gobase
2
https://github.com/gradio-app/gradio
2
https://github.com/opencontainers/runc
2
https://github.com/ericcornelissen/shescape
2
https://github.com/opencontainers/distribution-spec
2
https://github.com/rust-lang/cargo
2
https://github.com/zopefoundation/Zope
2
https://github.com/powsybl/powsybl-core
2
https://github.com/apache/activemq
2
https://github.com/nextauthjs/next-auth
2
https://github.com/Alexhuszagh/rust-lexical
2
https://github.com/langchain-ai/langchain
2
https://github.com/mutagen-io/mutagen
2
https://github.com/containers/podman
2
https://github.com/nats-io/nats-server
2
https://github.com/mautic/mautic
2
https://github.com/eslint/rewrite
2
https://github.com/Flask-Middleware/flask-security
2
https://github.com/containerd/containerd
2
https://github.com/keystonejs/keystone
2
https://github.com/openstack/horizon
2
https://github.com/expressjs/serve-static
2
https://github.com/opencast/opencast
2
https://github.com/RIAEvangelist/node-ipc
2
https://github.com/Exiv2/exiv2
2
https://github.com/agnaistic/agnai
2
https://github.com/Dolibarr/dolibarr
2
https://github.com/goharbor/harbor
2
https://github.com/apollographql/apollo-server
2
https://github.com/tokio-rs/tokio
2
https://github.com/microweber/microweber
2
https://github.com/aws/s2n-quic
2
https://github.com/vllm-project/vllm
2
https://github.com/apache/druid
2
https://github.com/GilaCMS/gila
2
https://github.com/matrix-org/matrix-appservice-irc
2
https://github.com/authelia/authelia
2
https://github.com/Ackites/KillWxapkg
2
https://github.com/answerdev/answer
2
https://github.com/dani-garcia/vaultwarden
2
https://github.com/dnnsoftware/Dnn.Platform
2
https://github.com/apache/ranger
1
https://github.com/moment/moment-timezone
1
https://github.com/topgrade-rs/topgrade
1
https://github.com/gsemac/Gsemac.Common
1
https://github.com/tendermint/tendermint
1
https://github.com/parallaxsecond/parsec
1
https://github.com/jenkinsci/ssh-agent-plugin
1
https://github.com/veraPDF/veraPDF-library
1
https://github.com/runatlantis/atlantis
1
https://github.com/personnummer/java
1
https://github.com/jenkinsci/parameterized-trigger-plugin
1
https://github.com/rust-ammonia/ammonia
1
https://github.com/bytecodealliance/cap-std
1
https://github.com/risc0/risc0-ethereum
1
https://github.com/step-security/harden-runner
1
https://github.com/petergoldstein/dalli
1
https://github.com/syncthing/syncthing
1
https://github.com/rust-x-bindings/rust-xcb
1
https://github.com/apache/incubator-seata
1
https://github.com/jenkinsci/aws-device-farm-plugin
1
https://github.com/apache/maven-archetype
1
https://github.com/C2FO/fast-csv
1
https://github.com/aws/aws-dynamodb-encryption-python
1
https://github.com/maboroshinokiseki/scsir
1
https://gitlab.com/gitlab-org/cves
1
https://github.com/personnummer/rust
1
https://github.com/FirebaseExtended/firepad
1
https://github.com/geyang/ml-logger
1
https://github.com/auth0/lock
1
https://github.com/ipython/ipython
1
https://github.com/Unitech/pm2
1
https://github.com/pterodactyl/panel
1
https://github.com/artifacthub/hub
1
https://github.com/sbt/sbt
1
https://github.com/Icinga/ipl-web
1
https://github.com/apache/nifi
1
https://github.com/alphagov/tech-docs-gem
1
https://github.com/erelsgl/limdu
1
https://github.com/cloudflare/tableflip
1
https://github.com/sjwall/mdx-mermaid
1
https://github.com/joomla/joomla-cms
1
https://github.com/personnummer/js
1