An open API service providing security vulnerability metadata for many open source software ecosystems.

Browse Security Advisories

Low Security Advisories for @openzeppelin/contracts-upgradeable Clear Filters

Low
13 days ago

Mattermost boards plugin fails to restrict download access to files GSA_kwCzR0hTQS1mNzJnLTUydjctbWczcM4ABMZr

go github.com/mattermost/mattermost-server, github.com/mattermost/mattermost/server/v8, github.com/mattermost/mattermost-plugin-boards
Low
17 days ago

Liferay DXP Missing Critical Step in Authentication GSA_kwCzR0hTQS00cDVyLTNqbW0tNjUycc4ABMI3

maven com.liferay:com.liferay.multi.factor.authentication.timebased.otp.web
Low
17 days ago

Mattermost Open Redirect vulnerability GSA_kwCzR0hTQS1obTk1LWp4NjYtZzJnaM4ABMER

go github.com/mattermost/mattermost-server, github.com/mattermost/mattermost/server/v8
Low
27 days ago

ImageMagick BlobStream Forward-Seek Under-Allocation GSA_kwCzR0hTQS0yM2hnLTUzcTYtaHFmZ84ABLxJ

nuget Magick.NET-Q16-HDRI-arm64, Magick.NET-Q16-HDRI-OpenMP-arm64, Magick.NET-Q8-OpenMP-arm64, Magick.NET-Q16-OpenMP-arm64, Magick.NET-Q16-arm64, Magick.NET-Q8-arm64, Magick.NET-Q16-OpenMP-x64, Magick.NET-Q16-HDRI-OpenMP-x64, Magick.NET-Q8-OpenMP-x64, Magick.NET-Q16-HDRI-x64, Magick.NET-Q8-x64, Magick.NET-Q16-x64
Low
about 1 month ago

Opencast has a partial path traversal vulnerability in UI config GSA_kwCzR0hTQS1ocThtLXY2OGctOGNmOM4ABLjn

maven org.opencastproject:opencast-user-interface-configuration
Low
about 1 month ago

ImageMagick affected by divide-by-zero in ThumbnailImage via montage -geometry ":" leads to crash GSA_kwCzR0hTQS1maDU1LXE1cGotcHhnd84ABLbk

nuget Magick.NET-Q8-x86, Magick.NET-Q8-x64, Magick.NET-Q8-arm64, Magick.NET-Q8-OpenMP-x64, Magick.NET-Q8-OpenMP-arm64, Magick.NET-Q8-AnyCPU, Magick.NET-Q16-x86, Magick.NET-Q16-x64, Magick.NET-Q16-arm64, Magick.NET-Q16-OpenMP-x64, Magick.NET-Q16-OpenMP-arm64, Magick.NET-Q16-HDRI-x86, Magick.NET-Q16-HDRI-x64, Magick.NET-Q16-HDRI-arm64, Magick.NET-Q16-HDRI-OpenMP-x64, Magick.NET-Q16-HDRI-OpenMP-arm64, Magick.NET-Q16-HDRI-AnyCPU, Magick.NET-Q16-AnyCPU
Low
about 1 month ago

ImageMagick has a heap-buffer-overflow GSA_kwCzR0hTQS1mZmYzLTRycDctcHg5N84ABLZ5

nuget Magick.NET-Q8-x86, Magick.NET-Q8-x64, Magick.NET-Q8-arm64, Magick.NET-Q8-OpenMP-x64, Magick.NET-Q8-OpenMP-arm64, Magick.NET-Q8-AnyCPU, Magick.NET-Q16-x86, Magick.NET-Q16-x64, Magick.NET-Q16-arm64, Magick.NET-Q16-OpenMP-x64, Magick.NET-Q16-OpenMP-arm64, Magick.NET-Q16-HDRI-x86, Magick.NET-Q16-HDRI-x64, Magick.NET-Q16-HDRI-arm64, Magick.NET-Q16-HDRI-OpenMP-x64, Magick.NET-Q16-HDRI-OpenMP-arm64, Magick.NET-Q16-HDRI-AnyCPU, Magick.NET-Q16-AnyCPU
Low
about 1 month ago

ImageMagick has a Memory Leak in magick stream GSA_kwCzR0hTQS1jZmg0LTlmN3YtZmhyY84ABLZ4

nuget Magick.NET-Q8-x86, Magick.NET-Q8-x64, Magick.NET-Q8-arm64, Magick.NET-Q8-OpenMP-x64, Magick.NET-Q8-OpenMP-arm64, Magick.NET-Q8-AnyCPU, Magick.NET-Q16-x86, Magick.NET-Q16-x64, Magick.NET-Q16-arm64, Magick.NET-Q16-OpenMP-x64, Magick.NET-Q16-OpenMP-arm64, Magick.NET-Q16-HDRI-x86, Magick.NET-Q16-HDRI-x64, Magick.NET-Q16-HDRI-arm64, Magick.NET-Q16-HDRI-OpenMP-x64, Magick.NET-Q16-HDRI-OpenMP-arm64, Magick.NET-Q16-HDRI-AnyCPU, Magick.NET-Q16-AnyCPU
Low
about 1 month ago

ImageMagick has a Heap Buffer Overflow in InterpretImageFilename GSA_kwCzR0hTQS1obTR4LXI1aGMtNzk0Zs4ABLZ3

nuget Magick.NET-Q8-OpenMP-arm64, Magick.NET-Q8-AnyCPU, Magick.NET-Q16-x86, Magick.NET-Q16-x64, Magick.NET-Q16-arm64, Magick.NET-Q16-OpenMP-x64, Magick.NET-Q16-OpenMP-arm64, Magick.NET-Q16-HDRI-x86, Magick.NET-Q16-HDRI-x64, Magick.NET-Q16-HDRI-arm64, Magick.NET-Q16-HDRI-OpenMP-x64, Magick.NET-Q16-HDRI-OpenMP-arm64, Magick.NET-Q16-HDRI-AnyCPU, Magick.NET-Q16-AnyCPU
Low
about 1 month ago

Mattermost Server SSRF Vulnerability via the Agents Plugin GSA_kwCzR0hTQS12cXdoLTVqaGgtdmM5cM4ABLTk

go github.com/mattermost/mattermost/server/v8, github.com/mattermost/mattermost-server
Low
about 1 month ago

Mattermost Fails to Properly Validate Team Role Modification GSA_kwCzR0hTQS00Mjc2LWNtOGMtNzg4aM4ABLTj

go github.com/mattermost/mattermost/server/v8, github.com/mattermost/mattermost-server
Low
about 1 month ago

Mattermost Lack of Access Control Validation GSA_kwCzR0hTQS1wd3ZyLWdycWctN3ZwMs4ABLTo

go github.com/mattermost/mattermost/server/v8, github.com/mattermost/mattermost-server
Low
about 1 month ago

Liferay Portal Login Bypass Vulnerability GSA_kwCzR0hTQS1nNHdnLW1wZmcteDJxNs4ABLLj

maven com.liferay.portal:release.portal.bom
Low
about 1 month ago

Liferay Portal Vulnerable to Cross-Site Scripting GSA_kwCzR0hTQS12aGNyLWhnYzgtMjlxcs4ABLLc

maven com.liferay:com.liferay.layout.taglib
Low
about 2 months ago

Mattermost Confluence Plugin has Missing Authorization vulnerability GSA_kwCzR0hTQS00Mm02LTV2bTctZmp2Ms4ABK7J

go github.com/mattermost/mattermost-plugin-confluence
Low
about 2 months ago

Mattermost Confluence Plugin has Missing Authorization vulnerability GSA_kwCzR0hTQS1yZmc0LTJtNjMtZncycc4ABK7C

go github.com/mattermost/mattermost-plugin-confluence
Low
about 2 months ago

github.com/go-acme/lego/v4/acme/api does not enforce HTTPS GSA_kwCzR0hTQS1xODJyLTJqN20tOXJ2NM4ABK1r

go github.com/go-acme/lego/v4, github.com/go-acme/lego/v3, github.com/go-acme/lego
Low
about 2 months ago

RISC Zero Underconstrained Vulnerability: Division GSA_kwCzR0hTQS1mNnJjLTI0eDQtcHB4cM4ABKyE

cargo risc0-circuit-rv32im-sys, risc0-circuit-rv32im, risc0-zkvm
Low
3 months ago

Mattermost has Insufficiently Protected Credentials GSA_kwCzR0hTQS00ZndqLTg1OTUtd3AyNc4ABKRo

go github.com/mattermost/mattermost/server/v8, github.com/mattermost/mattermost-server

Filter by Severity

Filter by Ecosystem

Filter by Package

tensorflow 105 tensorflow-cpu 100 tensorflow-gpu 94 moodle/moodle 34 github.com/mattermost/mattermost/server/v8 33 org.jenkins-ci.main:jenkins-core 19 concrete5/concrete5 16 magento/community-edition 14 shopware/platform 13 phpmyadmin/phpmyadmin 13 typo3/cms 13 vyper 12 github.com/mattermost/mattermost-server 11 org.opencms:opencms-core 11 shopware/core 11 magento/project-community-edition 10 org.apache.tomcat:tomcat 9 ethyca-fides 9 silverstripe/framework 8 nova 8 undici 7 typo3/cms-core 7 wasmtime 7 Umbraco.CMS 7 github.com/cilium/cilium 6 k8s.io/kubernetes 6 org.keycloak:keycloak-services 6 puppet 6 Magick.NET-Q16-HDRI-x64 5 sweetalert2 5 Magick.NET-Q16-OpenMP-arm64 5 Magick.NET-Q16-OpenMP-x64 5 Magick.NET-Q16-x64 5 Magick.NET-Q16-arm64 5 Magick.NET-Q16-HDRI-arm64 5 Magick.NET-Q16-HDRI-OpenMP-arm64 5 Magick.NET-Q16-HDRI-OpenMP-x64 5 symfony/symfony 5 Magick.NET-Q8-OpenMP-arm64 5 ansible 5 actionpack 5 rails-html-sanitizer 5 rack 5 baserproject/basercms 5 github.com/mattermost/mattermost-server/v6 5 next 5 elliptic 5 october/backend 5 microweber/microweber 4 simplesamlphp/simplesamlphp 4 zenml 4 Magick.NET-Q16-AnyCPU 4 Magick.NET-Q16-HDRI-x86 4 shopware/shopware 4 Magick.NET-Q16-HDRI-AnyCPU 4 helm.sh/helm/v3 4 helm.sh/helm 4 Magick.NET-Q16-x86 4 Magick.NET-Q8-AnyCPU 4 github.com/authzed/spicedb 4 Magick.NET-Q8-arm64 4 vantage6 4 github.com/hashicorp/vault 4 Magick.NET-Q8-OpenMP-x64 4 Magick.NET-Q8-x64 4 electron 4 cryptography 4 com.vaadin:flow-server 4 mattermost-desktop 3 org.graylog2:graylog2-server 3 twig/twig 3 typo3/cms-backend 3 typo3/cms-install 3 aiohttp 3 apache-airflow 3 Magick.NET-Q8-x86 3 go.etcd.io/etcd/v3 3 github.com/cosmos/cosmos-sdk 3 github.com/grafana/grafana 3 django 3 angular 3 node-forge 3 aws-cdk-lib 3 gradio 3 @openzeppelin/contracts-upgradeable 3 langchain 3 github.com/docker/docker 3 bin-links 3 matrix-synapse 3 org.apache.hive:hive 3 nautobot 3 org.apache.hive:hive-service 3 ckb 3 com.vaadin:vaadin-bom 3 directus 3 github.com/canonical/lxd 3 librenms/librenms 3 sudo-rs 3 october/system 3 surrealdb 3 nokogiri 3 passenger 3 risc0-zkvm 3 dolibarr/dolibarr 2 MaterialX 2 github.com/answerdev/answer 2 node-ipc 2 drupal/core 2 org.jenkins-ci.plugins:bigpanda-jenkins 2 drupal/drupal 2 org.apache.hadoop:hadoop-common 2 org.jenkins-ci.plugins:repository-connector 2 statamic/cms 2 org.apache.hive:hive-exec 2 vite 2 s2n-quic 2 Exiv2 2 Nova 2 OctoPrint 2 send 2 s2n-tls 2 ezsystems/ezplatform-kernel 2 ezsystems/ezpublish-kernel 2 admidio/admidio 2 org.keycloak:keycloak-ldap-federation 2 plone 2 org.jenkins-ci.plugins:mercurial 2 github.com/mutagen-io/mutagen 2 github.com/apache/incubator-answer 2 hackney 2 org.jenkins-ci.plugins:artifactory 2 org.jenkins-ci.plugins:ec2 2 @apollo/server 2 gilacms/gila 2 python-keystoneclient 2 com.xuxueli:xxl-job-core 2 grumpydictator/firefly-iii 2 Umbraco.Forms 2 com.xuxueli:xxl-sso 2 cargo 2 @eslint/plugin-kit 2 serve-static 2 salt 2 express 2 shescape 2 github.com/containerd/containerd 2 dbt-core 2 joomla/joomla-cms 2 juzaweb/cms 2 org.jenkins-ci.plugins:ghprb 2 next-auth 2 agnai 2 org.apache.activemq:activemq-parent 2 sequoia-openpgp 2 leantime/leantime 2 transformers 2 tuf 2 upsonic 2 tools.devnull:build-notifications 2 vantage6-server 2 vllm 2 vaultwarden 2 org.eclipse.jetty:jetty-servlets 2 ceph-deploy 2 wagtail 2 weblate 2 Weblate 2 github.com/authelia/authelia/v4 2 github.com/goharbor/harbor 2 github.com/ntbosscher/gobase 2 github.com/traefik/traefik/v2 2 mautic/core 2 matrix-appservice-irc 2 Zope 2 go.etcd.io/etcd/client/v3 2 apache-airflow-providers-fab 2 github.com/1Panel-dev/1Panel 2 @sveltejs/kit 2 yeswiki/yeswiki 2 winter/wn-backend-module 2 github.com/mattermost/mattermost-plugin-confluence 2 fiora 2 typo3/cms-frontend 2 october/cms 2 october/october 2 com.inedo.proget:inedo-proget 2 github.com/Ackites/KillWxapkg 2 org.eclipse.jetty:jetty-server 2 tribalsystems/zenario 2 github.com/cometbft/cometbft 2 @keystone-6/core 2 tokio 2 org.apache.tomcat:tomcat-catalina 2 risc0-circuit-rv32im 2 glance 2 @lodestar/reqresp 2 github.com/nats-io/nats-server/v2 2 github.com/hashicorp/nomad 2 guarddog 2 horizon 2

Filter by Repository

https://github.com/tensorflow/tensorflow 105 https://github.com/moodle/moodle 19 https://github.com/concretecms/concretecms 14 https://github.com/vyperlang/vyper 12 https://github.com/TYPO3/typo3 12 https://github.com/shopware/platform 12 https://github.com/mattermost/mattermost 12 https://github.com/octobercms/october 10 https://github.com/openstack/nova 10 https://github.com/alkacon/opencms-core 9 https://github.com/ethyca/fides 9 https://github.com/umbraco/Umbraco-CMS 8 https://github.com/bytecodealliance/wasmtime 8 https://github.com/jenkinsci/jenkins 8 https://github.com/VulnSageAgent/PoCs 8 https://github.com/etcd-io/etcd 8 https://github.com/keycloak/keycloak 8 https://github.com/phpmyadmin/phpmyadmin 7 https://github.com/eclipse/jetty.project 7 https://github.com/xwiki/xwiki-platform 7 https://github.com/symfony/symfony 7 https://github.com/nodejs/undici 7 https://github.com/kubernetes/kubernetes 7 https://github.com/vantage6/vantage6 6 https://github.com/liferay/liferay-portal 6 https://github.com/cilium/cilium 6 https://github.com/ansible/ansible 6 https://github.com/rails/rails 6 https://github.com/apache/tomcat 6 https://github.com/apache/airflow 6 https://github.com/silverstripe/silverstripe-framework 5 https://github.com/helm/helm 5 https://github.com/baserproject/basercms 5 https://github.com/ImageMagick/ImageMagick 5 https://github.com/puppetlabs/puppet 5 https://github.com/vercel/next.js 5 https://github.com/indutny/elliptic 5 https://github.com/shopware/shopware 5 https://github.com/rails/rails-html-sanitizer 5 https://github.com/rack/rack 5 https://github.com/sweetalert2/sweetalert2 5 https://github.com/authzed/spicedb 4 https://github.com/WeblateOrg/weblate 4 https://github.com/electron/electron 4 https://github.com/vaadin/platform 4 https://github.com/simplesamlphp/simplesamlphp 4 https://github.com/pyca/cryptography 4 https://github.com/wintercms/winter 4 https://github.com/moby/moby 3 https://gitlab.com/sequoia-pgp/sequoia 3 https://github.com/zenml-io/zenml 3 https://github.com/vaadin/flow 3 https://github.com/Graylog2/graylog2-server 3 https://github.com/sparklemotion/nokogiri 3 https://github.com/nervosnetwork/ckb 3 https://github.com/digitalbazaar/forge 3 https://github.com/canonical/lxd 3 https://github.com/surrealdb/surrealdb 3 https://github.com/phusion/passenger 3 https://github.com/openstack/keystone 3 https://github.com/matrix-org/synapse 3 https://github.com/cometbft/cometbft 3 https://github.com/nautobot/nautobot 3 https://github.com/Byron/gitoxide 3 https://github.com/aws/aws-cdk 3 https://github.com/CVEProject/cvelist 3 https://github.com/cosmos/cosmos-sdk 3 https://github.com/risc0/risc0 3 https://github.com/django/django 3 https://github.com/bcgit/bc-java 3 https://github.com/librenms/librenms 3 https://github.com/directus/directus 3 https://github.com/aio-libs/aiohttp 3 https://github.com/twigphp/Twig 3 https://sourceforge.net/projects/phpmyadmin.sourceforge.net 3 https://github.com/authelia/authelia 2 https://github.com/parse-community/parse-server 2 https://github.com/opencontainers/runc 2 https://github.com/RIAEvangelist/node-ipc 2 https://github.com/theupdateframework/python-tuf 2 https://github.com/octoprint/octoprint 2 https://github.com/apache/activemq 2 https://github.com/openstack/horizon 2 https://github.com/Exiv2/exiv2 2 https://github.com/hashicorp/nomad 2 https://github.com/apache/druid 2 https://github.com/tokio-rs/tokio 2 https://github.com/vllm-project/vllm 2 https://github.com/mutagen-io/mutagen 2 https://github.com/containers/podman 2 https://github.com/1Panel-dev/1Panel 2 https://github.com/containerd/containerd 2 https://github.com/Alexhuszagh/rust-lexical 2 https://github.com/aws/s2n-tls 2 https://github.com/umbraco/Umbraco.Forms.Issues 2 https://github.com/Flask-Middleware/flask-security 2 https://github.com/dpgaspar/Flask-AppBuilder 2 https://github.com/Upsonic/Upsonic 2 https://github.com/benoitc/hackney 2 https://github.com/AcademySoftwareFoundation/MaterialX 2 https://github.com/mautic/mautic 2 https://github.com/trifectatechfoundation/sudo-rs 2 https://github.com/powsybl/powsybl-core 2 https://github.com/nats-io/nats-server 2 https://github.com/zopefoundation/Zope 2 https://github.com/langchain-ai/langchain 2 https://github.com/eslint/rewrite 2 https://github.com/nextauthjs/next-auth 2 https://github.com/rust-lang/cargo 2 https://github.com/opencontainers/distribution-spec 2 https://github.com/dani-garcia/vaultwarden 2 https://github.com/huggingface/transformers 2 https://github.com/ericcornelissen/shescape 2 https://github.com/ChainSafe/lodestar 2 https://github.com/keystonejs/keystone 2 https://github.com/answerdev/answer 2 https://github.com/goharbor/harbor 2 https://github.com/ceph/ceph-deploy 2 https://github.com/expressjs/serve-static 2 https://github.com/Cyber-Wo0dy/report 2 https://github.com/jenkinsci/ec2-plugin 2 https://github.com/microweber/microweber 2 https://github.com/sveltejs/kit 2 https://github.com/Sylius/Sylius 2 https://github.com/dfns/cggmp21 2 https://github.com/aws/s2n-quic 2 https://github.com/dbt-labs/dbt-core 2 https://github.com/expressjs/express 2 https://github.com/dnnsoftware/Dnn.Platform 2 https://github.com/quarkusio/quarkus 2 https://github.com/DataDog/guarddog 2 https://github.com/schokokeksorg/freewvs 2 https://github.com/Leantime/leantime 2 https://github.com/saltstack/salt 2 https://github.com/craftcms/cms 2 https://github.com/sigstore/cosign 2 https://github.com/Ackites/KillWxapkg 2 https://github.com/opencast/opencast 2 https://github.com/ShenxiuSec/cve-proofs 2 https://github.com/YesWiki/yeswiki 2 https://github.com/statamic/cms 2 https://github.com/traefik/traefik 2 https://github.com/matrix-org/matrix-appservice-irc 2 https://github.com/gradio-app/gradio 2 https://github.com/apollographql/apollo-server 2 https://github.com/apache/kylin 2 https://github.com/Dolibarr/dolibarr 2 https://github.com/firefly-iii/firefly-iii 2 https://github.com/vitejs/vite 2 https://github.com/micromatch/braces 2 https://github.com/agnaistic/agnai 2 https://github.com/ntbosscher/gobase 2 https://github.com/OpenZeppelin/openzeppelin-contracts 2 https://github.com/GilaCMS/gila 2 https://github.com/wagtail/wagtail 2 https://github.com/xuxueli/xxl-job 2 https://github.com/ezsystems/ezplatform-kernel 2 https://github.com/auth0/lock 1 https://github.com/crossplane/crossplane 1 https://github.com/ipython/ipython 1 https://github.com/Unitech/pm2 1 https://github.com/seattlerb/ruby_parser 1 https://github.com/strawberry-graphql/strawberry 1 https://github.com/plone/plone.restapi 1 https://github.com/apache/camel 1 https://github.com/jenkinsci/publish-over-ssh-plugin 1 https://github.com/peterbraden/node-opencv 1 https://github.com/cheqd/cheqd-node 1 https://github.com/pterodactyl/panel 1 https://github.com/aws/jsii-compiler 1 https://github.com/octo-sts/app 1 https://github.com/snapcore/snapd 1 https://github.com/qos-ch/logback 1 https://github.com/plone/plone.namedfile 1 https://github.com/mattermost/mattermost-plugin-boards 1 https://github.com/biscuit-auth/biscuit-rust 1 https://github.com/jshttp/cookie 1 https://github.com/gp247net/core 1 https://github.com/devrafalko/string-math 1 https://github.com/C2FO/fast-csv 1 https://github.com/mganss/HtmlSanitizer 1 https://github.com/aws/aws-dynamodb-encryption-python 1 https://github.com/fog/fog 1 https://gitlab.com/gitlab-org/cves 1 https://github.com/snowflakedb/snowflake-connector-net 1 https://github.com/open-webui/open-webui 1 https://github.com/FirebaseExtended/firepad 1 https://github.com/x-extends/vxe-table 1 https://github.com/geyang/ml-logger 1 https://github.com/ruby/uri 1 https://github.com/temporalio/temporal 1 https://github.com/Katello/katello 1 https://github.com/koajs/koa 1 https://github.com/isaacs/chownr 1 https://github.com/apache/superset 1 https://github.com/apache/lucene-solr 1 https://github.com/silverstripe/silverstripe-omnipay 1 https://github.com/google/guava 1 https://github.com/IncludeSecurity/safeurl-python 1