Browse Security Advisories
Low Security Advisories for github.com/cosmos/ibc-go/v7 Clear Filters
Low
9 months ago
Vaultwarden authenticated reflected cross-site scripting (XSS) vulnerability
cargo
vaultwarden
Low
9 months ago
Strawberry GraphQL has type resolution vulnerability in node interface that allows potential data leakage through incorrect type resolution
pypi
strawberry-graphql
Low
9 months ago
JWK Set's HTTP client only overwrites and appends JWK to local cache during refresh
go
github.com/MicahParks/jwkset
Low
9 months ago
Mattermost has Improper Check for Unusual or Exceptional Conditions
go
github.com/mattermost/mattermost/server/v8
Low
9 months ago
Mattermost Incorrect Authorization vulnerability
go
github.com/mattermost/mattermost/server/v8
Low
9 months ago
Apache Airflow Fab Provider Insufficient Session Expiration vulnerability
pypi
apache-airflow-providers-fab
Low
9 months ago
Apache NiFi: Missing Complete Authorization for Parameter and Service References
maven
org.apache.nifi:nifi-web-api
Low
10 months ago
Oqtane Framework Insecure Direct Object Reference vulnerability
nuget
Oqtane.Shared, Oqtane.Server, Oqtane.Client, Oqtane.Framework
Low
10 months ago
QOS.CH logback-core Server-Side Request Forgery vulnerability
maven
ch.qos.logback:logback-core
Low
10 months ago
Apache Kafka's SCRAM implementation Incorrectly Implements Authentication Algorithm
maven
org.apache.kafka:kafka_2.10, org.apache.kafka:kafka_2.11, org.apache.kafka:kafka_2.12, org.apache.kafka:kafka_2.13
Low
10 months ago
SurrealDB has Silent Failure to Overwrite Table Definition of Relation Type
cargo
surrealdb-core, surrealdb
Low
10 months ago
sigstore has insufficient validation of integration timestamp during verification
pypi
sigstore
Low
10 months ago
Drupal core contains a potential PHP Object Injection vulnerability
packagist
drupal/drupal, drupal/core-recommended, drupal/core
Low
10 months ago
lxd has a restricted TLS certificate privilege escalation when in PKI mode
go
github.com/canonical/lxd
Low
10 months ago
Apache Superset: Improper SQL authorisation, parse not checking for specific postgres functions
pypi
apache-superset
Low
10 months ago
sigstore-java has a vulnerability with bundle verification
maven
dev.sigstore:sigstore-java
Low
10 months ago
linkme fails to ensure slice elements match the slice's declared type
cargo
linkme
Low
10 months ago
rails-html-sanitizer has XSS vulnerability with certain configurations
rubygems
rails-html-sanitizer
Low
10 months ago
rails-html-sanitizer has XSS vulnerability with certain configurations
rubygems
rails-html-sanitizer
Low
10 months ago
rails-html-sanitizer has XSS vulnerability with certain configurations
rubygems
rails-html-sanitizer
Low
10 months ago
rails-html-sanitizer has XSS vulnerability with certain configurations
rubygems
rails-html-sanitizer
Low
10 months ago
rails-html-sanitize has XSS vulnerability with certain configurations
rubygems
rails-html-sanitizer
Low
10 months ago
veraPDF CLI has potential XXE (XML External Entity Injection) vulnerability
maven
org.verapdf:verapdf-library-arlington, org.verapdf:verapdf-library-jakarta, org.verapdf:core-arlington, org.verapdf:core-jakarta, org.verapdf:core
Low
10 months ago
Password Policy Bypass Vulnerability in Fides Webserver User Accept Invite API
pypi
ethyca-fides
Low
10 months ago
@sveltejs/kit has unescaped error message included on error page
npm
@sveltejs/kit
Low
10 months ago
Apache Answer: Predictable Authorization Token Using UUIDv1
go
github.com/apache/incubator-answer
Low
11 months ago
Password Pusher rate limiter can be bypassed by forging proxy headers
rubygems
pwpush
Low
11 months ago
Harden-Runner has a command injection weaknesses in `setup.ts` and `arc-runner.ts`
actions
step-security/harden-runner
Low
11 months ago
Regular Expression Denial of Service (ReDoS) in @eslint/plugin-kit
npm
@eslint/plugin-kit
Low
11 months ago
Moodle authorization headers preserved between "emulated redirects"
packagist
moodle/moodle
Low
11 months ago
Moodle has user information visibility control issues in gradebook reports
packagist
moodle/moodle
Low
11 months ago
Moodle admin presets export tool includes some secrets that should not be exported
packagist
moodle/moodle
Low
11 months ago
Moodle's user/power level management inconsistent with suspended users
packagist
moodle/moodle
Low
11 months ago
Apache Airflow vulnerable to Insertion of Sensitive Information Into Sent Data
pypi
apache-airflow
Low
11 months ago
Filament has exported files stored in default (`public`) filesystem if not reconfigured
packagist
filament/actions
Low
11 months ago
Twig has unguarded calls to `__isset()` and to array-accesses when the sandbox is enabled
packagist
twig/twig
Low
11 months ago
Twig has unguarded calls to `__toString()` when nesting an object into an array
packagist
twig/twig
Low
11 months ago
Symfony vulnerable to open redirect via browser-sanitized URLs
packagist
symfony/http-foundation
Low
11 months ago
Symfony has an incorrect response from Validator when input ends with `\n`
packagist
symfony/validator, symfony/symfony
Low
11 months ago
Symfony allows internal address and port enumeration by NoPrivateNetworkHttpClient
packagist
symfony/symfony, symfony/http-client
Low
11 months ago
Symfony's `Security::login` does not take into account custom `user_checker`
packagist
symfony/symfony, symfony/security-bundle
Low
11 months ago
cap-std doesn't fully sandbox all the Windows device filenames
cargo
cap-primitives, cap-async-std, cap-std
Low
11 months ago
@workos-inc/authkit-remix refresh tokens are logged when the debug flag is enabled
npm
@workos-inc/authkit-remix
Low
11 months ago
@workos-inc/authkit-nextjs refresh tokens are logged when the debug flag is enabled
npm
@workos-inc/authkit-nextjs
Low
11 months ago
gitsign may use incorrect Rekor entries during verification
go
github.com/sigstore/gitsign
Low
11 months ago
Bad documentation of error handling in ParseWithClaims can lead to potentially dangerous situations
go
github.com/golang-jwt/jwt/v4
Low
11 months ago
Grafana org admin can delete pending invites in different org
go
github.com/grafana/grafana
Low
11 months ago
Duende IdentityServer has insufficient validation of DPoP cnf claim in Local APIs
nuget
Duende.IdentityServer
Low
11 months ago
Mattermost incorrectly issues two sessions when using desktop SSO
go
github.com/mattermost/mattermost/server/v8
Low
11 months ago
AWS Load Balancer Controller automatically detaches externally associated web ACL from Application Load Balancers
go
sigs.k8s.io/aws-load-balancer-controller
Low
11 months ago
Umbraco CMS Improper Access Control Vulnerability Allows Low-Privilege Users to Access Webhook API
nuget
Umbraco.CMS
Low
12 months ago
Admidio Vulnerable to HTML Injection In The Messages Section
packagist
admidio/admidio
Low
12 months ago
Eclipse Jetty's PushSessionCacheFilter can cause remote DoS attacks
maven
org.eclipse.jetty:jetty-servlets
Low
12 months ago
SpiceDB calls to LookupResources using LookupResources2 with caveats may return context is missing when it is not
go
github.com/authzed/spicedb
Low
12 months ago
Go-Landlock in best-effort mode did not restrict TCP bind and connect operations correctly
go
github.com/landlock-lsm/go-landlock
Low
12 months ago
Lord of Large Language Models (LoLLMs) Server path traversal vulnerability in lollms_file_system.py
pypi
lollms
Low
12 months ago
Gradio's dropdown component pre-process step does not limit the values to those in the dropdown list
pypi
gradio
Low
12 months ago
In Gradio, the `enable_monitoring` flag set to `False` does not disable monitoring
pypi
gradio
Low
12 months ago
Magento Open Source Improper Access Control vulnerability
packagist
magento/community-edition
Low
12 months ago
open-webui allows enumeration of file names and traversal of directories by observing the error messages
pypi
open-webui
Low
12 months ago
Wasmtime race condition could lead to WebAssembly control-flow integrity and type safety violations
cargo
wasmtime
Low
12 months ago
cookie accepts cookie name, path, and domain with out of bounds characters
npm
cookie
Filter by Severity
Filter by Ecosystem
pypi
511
maven
361
packagist
321
go
236
npm
231
nuget
115
cargo
109
rubygems
59
hex
6
actions
3
swift
2
pub
2
Filter by Package
tensorflow
105
tensorflow-cpu
100
tensorflow-gpu
94
moodle/moodle
34
github.com/mattermost/mattermost/server/v8
33
org.jenkins-ci.main:jenkins-core
19
concrete5/concrete5
16
magento/community-edition
14
shopware/platform
13
phpmyadmin/phpmyadmin
13
typo3/cms
13
vyper
12
shopware/core
11
org.opencms:opencms-core
11
magento/project-community-edition
10
github.com/mattermost/mattermost-server
10
ethyca-fides
9
org.apache.tomcat:tomcat
9
nova
8
silverstripe/framework
8
typo3/cms-core
7
undici
7
Umbraco.CMS
7
wasmtime
7
org.keycloak:keycloak-services
6
puppet
6
k8s.io/kubernetes
6
github.com/cilium/cilium
6
sweetalert2
5
Magick.NET-Q16-HDRI-arm64
5
Magick.NET-Q16-HDRI-OpenMP-arm64
5
Magick.NET-Q16-HDRI-OpenMP-x64
5
Magick.NET-Q16-HDRI-x64
5
Magick.NET-Q16-arm64
5
Magick.NET-Q16-OpenMP-arm64
5
Magick.NET-Q16-OpenMP-x64
5
Magick.NET-Q16-x64
5
Magick.NET-Q8-OpenMP-arm64
5
ansible
5
rails-html-sanitizer
5
actionpack
5
rack
5
october/backend
5
baserproject/basercms
5
elliptic
5
next
5
Magick.NET-Q8-x64
4
github.com/authzed/spicedb
4
github.com/hashicorp/vault
4
cryptography
4
zenml
4
shopware/shopware
4
com.vaadin:flow-server
4
Magick.NET-Q16-HDRI-AnyCPU
4
Magick.NET-Q16-AnyCPU
4
symfony/symfony
4
Magick.NET-Q16-HDRI-x86
4
microweber/microweber
4
github.com/mattermost/mattermost-server/v6
4
vantage6
4
helm.sh/helm/v3
4
Magick.NET-Q16-x86
4
Magick.NET-Q8-AnyCPU
4
simplesamlphp/simplesamlphp
4
Magick.NET-Q8-arm64
4
helm.sh/helm
4
electron
4
Magick.NET-Q8-OpenMP-x64
4
mattermost-desktop
3
github.com/cosmos/cosmos-sdk
3
org.graylog2:graylog2-server
3
twig/twig
3
typo3/cms-backend
3
typo3/cms-install
3
aiohttp
3
apache-airflow
3
Magick.NET-Q8-x86
3
go.etcd.io/etcd/v3
3
django
3
angular
3
node-forge
3
aws-cdk-lib
3
gradio
3
github.com/grafana/grafana
3
@openzeppelin/contracts-upgradeable
3
keystone
3
langchain
3
bin-links
3
matrix-synapse
3
github.com/docker/docker
3
nautobot
3
org.apache.hive:hive
3
org.apache.hive:hive-service
3
com.vaadin:vaadin-bom
3
directus
3
ckb
3
github.com/canonical/lxd
3
librenms/librenms
3
sudo-rs
3
october/system
3
surrealdb
3
nokogiri
3
passenger
3
risc0-zkvm
3
braces
2
MaterialX
2
sylius/sylius
2
dolibarr/dolibarr
2
org.jenkins-ci.plugins:repository-connector
2
drupal/core
2
org.jenkins-ci.plugins:bigpanda-jenkins
2
drupal/drupal
2
org.apache.hadoop:hadoop-common
2
statamic/cms
2
org.eclipse.jetty:jetty-servlets
2
org.apache.hive:hive-exec
2
github.com/cometbft/cometbft
2
org.jenkins-ci.plugins:artifactory
2
Nova
2
OctoPrint
2
@apollo/server
2
send
2
s2n-quic
2
ezsystems/ezplatform-kernel
2
ezsystems/ezpublish-kernel
2
Umbraco.Forms
2
plone
2
org.keycloak:keycloak-ldap-federation
2
s2n-tls
2
vite
2
org.jenkins-ci.plugins:mercurial
2
hackney
2
dbt-core
2
org.jenkins-ci.plugins:ec2
2
next-auth
2
python-keystoneclient
2
gilacms/gila
2
com.xuxueli:xxl-job-core
2
grumpydictator/firefly-iii
2
agnai
2
com.xuxueli:xxl-sso
2
github.com/answerdev/answer
2
@eslint/plugin-kit
2
salt
2
serve-static
2
express
2
shescape
2
cargo
2
org.apache.activemq:activemq-parent
2
joomla/joomla-cms
2
juzaweb/cms
2
tools.devnull:build-notifications
2
github.com/authelia/authelia/v4
2
ceph-deploy
2
org.jenkins-ci.plugins:ghprb
2
github.com/nats-io/nats-server/v2
2
transformers
2
tuf
2
upsonic
2
github.com/goharbor/harbor
2
vantage6-server
2
vllm
2
leantime/leantime
2
sequoia-openpgp
2
tokio
2
wagtail
2
weblate
2
Weblate
2
github.com/apache/incubator-answer
2
github.com/mutagen-io/mutagen
2
github.com/ntbosscher/gobase
2
vaultwarden
2
matrix-appservice-irc
2
go.etcd.io/etcd/client/v3
2
Zope
2
mautic/core
2
apache-airflow-providers-fab
2
yeswiki/yeswiki
2
github.com/containerd/containerd
2
@sveltejs/kit
2
winter/wn-backend-module
2
typo3/cms-frontend
2
github.com/1Panel-dev/1Panel
2
fiora
2
tribalsystems/zenario
2
october/cms
2
october/october
2
github.com/traefik/traefik/v2
2
github.com/mattermost/mattermost-plugin-confluence
2
github.com/Ackites/KillWxapkg
2
com.inedo.proget:inedo-proget
2
org.eclipse.jetty:jetty-server
2
risc0-circuit-rv32im
2
node-ipc
2
Flask-Security-Too
2
freewvs
2
glance
2
symfony/security-http
2
org.apache.tomcat:tomcat-catalina
2
@lodestar/reqresp
2
Filter by Repository
https://github.com/tensorflow/tensorflow
105
https://github.com/moodle/moodle
19
https://github.com/concretecms/concretecms
14
https://github.com/vyperlang/vyper
12
https://github.com/TYPO3/typo3
12
https://github.com/shopware/platform
12
https://github.com/mattermost/mattermost
12
https://github.com/octobercms/october
10
https://github.com/openstack/nova
10
https://github.com/ethyca/fides
9
https://github.com/alkacon/opencms-core
9
https://github.com/etcd-io/etcd
8
https://github.com/umbraco/Umbraco-CMS
8
https://github.com/VulnSageAgent/PoCs
8
https://github.com/keycloak/keycloak
8
https://github.com/jenkinsci/jenkins
8
https://github.com/bytecodealliance/wasmtime
8
https://github.com/eclipse/jetty.project
7
https://github.com/xwiki/xwiki-platform
7
https://github.com/symfony/symfony
7
https://github.com/phpmyadmin/phpmyadmin
7
https://github.com/nodejs/undici
7
https://github.com/kubernetes/kubernetes
7
https://github.com/rails/rails
6
https://github.com/ansible/ansible
6
https://github.com/apache/airflow
6
https://github.com/apache/tomcat
6
https://github.com/cilium/cilium
6
https://github.com/vantage6/vantage6
6
https://github.com/liferay/liferay-portal
6
https://github.com/baserproject/basercms
5
https://github.com/silverstripe/silverstripe-framework
5
https://github.com/ImageMagick/ImageMagick
5
https://github.com/puppetlabs/puppet
5
https://github.com/vercel/next.js
5
https://github.com/helm/helm
5
https://github.com/rack/rack
5
https://github.com/rails/rails-html-sanitizer
5
https://github.com/sweetalert2/sweetalert2
5
https://github.com/indutny/elliptic
5
https://github.com/shopware/shopware
5
https://github.com/electron/electron
4
https://github.com/WeblateOrg/weblate
4
https://github.com/vaadin/platform
4
https://github.com/wintercms/winter
4
https://github.com/authzed/spicedb
4
https://github.com/simplesamlphp/simplesamlphp
4
https://github.com/pyca/cryptography
4
https://github.com/risc0/risc0
3
https://github.com/nautobot/nautobot
3
https://github.com/matrix-org/synapse
3
https://github.com/Graylog2/graylog2-server
3
https://github.com/surrealdb/surrealdb
3
https://github.com/cometbft/cometbft
3
https://github.com/openstack/keystone
3
https://gitlab.com/sequoia-pgp/sequoia
3
https://github.com/digitalbazaar/forge
3
https://github.com/aio-libs/aiohttp
3
https://github.com/cosmos/cosmos-sdk
3
https://github.com/aws/aws-cdk
3
https://github.com/zenml-io/zenml
3
https://github.com/bcgit/bc-java
3
https://github.com/twigphp/Twig
3
https://github.com/librenms/librenms
3
https://github.com/django/django
3
https://github.com/phusion/passenger
3
https://github.com/canonical/lxd
3
https://github.com/directus/directus
3
https://sourceforge.net/projects/phpmyadmin.sourceforge.net
3
https://github.com/moby/moby
3
https://github.com/sparklemotion/nokogiri
3
https://github.com/vaadin/flow
3
https://github.com/nervosnetwork/ckb
3
https://github.com/CVEProject/cvelist
3
https://github.com/Byron/gitoxide
3
https://github.com/ericcornelissen/shescape
2
https://github.com/micromatch/braces
2
https://github.com/parse-community/parse-server
2
https://github.com/Cyber-Wo0dy/report
2
https://github.com/Upsonic/Upsonic
2
https://github.com/craftcms/cms
2
https://github.com/opencontainers/runc
2
https://github.com/trifectatechfoundation/sudo-rs
2
https://github.com/sveltejs/kit
2
https://github.com/huggingface/transformers
2
https://github.com/eslint/rewrite
2
https://github.com/Flask-Middleware/flask-security
2
https://github.com/gradio-app/gradio
2
https://github.com/ntbosscher/gobase
2
https://github.com/hashicorp/nomad
2
https://github.com/vllm-project/vllm
2
https://github.com/ChainSafe/lodestar
2
https://github.com/xuxueli/xxl-job
2
https://github.com/containerd/containerd
2
https://github.com/Exiv2/exiv2
2
https://github.com/dfns/cggmp21
2
https://github.com/aws/s2n-quic
2
https://github.com/theupdateframework/python-tuf
2
https://github.com/nextauthjs/next-auth
2
https://github.com/octoprint/octoprint
2
https://github.com/1Panel-dev/1Panel
2
https://github.com/Alexhuszagh/rust-lexical
2
https://github.com/YesWiki/yeswiki
2
https://github.com/langchain-ai/langchain
2
https://github.com/apache/activemq
2
https://github.com/saltstack/salt
2
https://github.com/powsybl/powsybl-core
2
https://github.com/ezsystems/ezplatform-kernel
2
https://github.com/zopefoundation/Zope
2
https://github.com/dpgaspar/Flask-AppBuilder
2
https://github.com/umbraco/Umbraco.Forms.Issues
2
https://github.com/benoitc/hackney
2
https://github.com/AcademySoftwareFoundation/MaterialX
2
https://github.com/nats-io/nats-server
2
https://github.com/openstack/horizon
2
https://github.com/mutagen-io/mutagen
2
https://github.com/sigstore/cosign
2
https://github.com/rust-lang/cargo
2
https://github.com/containers/podman
2
https://github.com/opencontainers/distribution-spec
2
https://github.com/vitejs/vite
2
https://github.com/aws/s2n-tls
2
https://github.com/mautic/mautic
2
https://github.com/Sylius/Sylius
2
https://github.com/apollographql/apollo-server
2
https://github.com/wagtail/wagtail
2
https://github.com/Leantime/leantime
2
https://github.com/dbt-labs/dbt-core
2
https://github.com/tokio-rs/tokio
2
https://github.com/OpenZeppelin/openzeppelin-contracts
2
https://github.com/goharbor/harbor
2
https://github.com/expressjs/serve-static
2
https://github.com/traefik/traefik
2
https://github.com/expressjs/express
2
https://github.com/Ackites/KillWxapkg
2
https://github.com/statamic/cms
2
https://github.com/dnnsoftware/Dnn.Platform
2
https://github.com/answerdev/answer
2
https://github.com/matrix-org/matrix-appservice-irc
2
https://github.com/ShenxiuSec/cve-proofs
2
https://github.com/jenkinsci/ec2-plugin
2
https://github.com/agnaistic/agnai
2
https://github.com/microweber/microweber
2
https://github.com/apache/kylin
2
https://github.com/GilaCMS/gila
2
https://github.com/firefly-iii/firefly-iii
2
https://github.com/quarkusio/quarkus
2
https://github.com/dani-garcia/vaultwarden
2
https://github.com/DataDog/guarddog
2
https://github.com/apache/druid
2
https://github.com/ceph/ceph-deploy
2
https://github.com/authelia/authelia
2
https://github.com/RIAEvangelist/node-ipc
2
https://github.com/schokokeksorg/freewvs
2
https://github.com/keystonejs/keystone
2
https://github.com/Dolibarr/dolibarr
2
https://github.com/opencast/opencast
2
https://github.com/joomla/joomla-cms
1
https://github.com/qos-ch/logback
1
https://github.com/MicrochipTech/cryptoauthlib
1
https://github.com/Icinga/ipl-web
1
https://github.com/DataDog/dd-trace-php
1
https://github.com/FirebaseExtended/firepad
1
https://github.com/geyang/ml-logger
1
https://github.com/artifacthub/hub
1
https://github.com/pterodactyl/panel
1
https://github.com/auth0/lock
1
https://github.com/gp247net/core
1
https://github.com/jenkinsci/ssh-agent-plugin
1
https://github.com/tendermint/tendermint
1
https://github.com/Unitech/pm2
1
https://github.com/C2FO/fast-csv
1
https://github.com/Forestryks/process-sync-rs
1
https://github.com/ipython/ipython
1
https://github.com/aws/aws-dynamodb-encryption-python
1
https://github.com/octokit/octokit.rb
1
https://github.com/tailscale/tailscale
1
https://github.com/sjwall/mdx-mermaid
1
https://github.com/cloudflare/tableflip
1
https://github.com/paragonie/random_compat
1
https://github.com/biscuit-auth/biscuit-rust
1
https://github.com/oauth2-proxy/oauth2-proxy
1
https://github.com/jenkinsci/ghprb-plugin
1
https://github.com/mattermost/mattermost-plugin-boards
1
https://github.com/apache/nifi
1
https://github.com/plone/plone.namedfile
1
https://gitlab.com/gitlab-org/cves
1
https://github.com/snapcore/snapd
1
https://github.com/jshttp/cookie
1
https://github.com/alphagov/tech-docs-gem
1
https://github.com/octo-sts/app
1
https://github.com/aws/jsii-compiler
1
https://github.com/IncludeSecurity/safeurl-python
1
https://github.com/sigstore/sigstore-java
1
https://github.com/aedart/ion
1
https://github.com/gayanhewa/sailsjs-cacheman
1
https://github.com/edgelesssys/contrast
1
https://github.com/ethereum/web3.js
1
https://github.com/tektoncd/pipeline
1