Browse Security Advisories
Critical Security Advisories for github.com/cosmos/ibc-go/v7 Clear Filters
Critical
over 1 year ago
Apache Submarine Server Core Incorrect Authorization vulnerability
pypi, maven
apache-submarine, org.apache.submarine:submarine-server-core
Critical
over 1 year ago
Jupyter Server Proxy has a reflected XSS issue in host parameter
pypi
jupyter-server-proxy
Critical
over 1 year ago
document-merge-service vulnerable to Remote Code Execution via Server-Side Template Injection
pypi
document-merge-service
Critical
over 1 year ago
Zendframework1 Potential SQL injection in ORDER and GROUP functions
packagist
zendframework/zendframework1
Critical
over 1 year ago
Zendframework1 potential SQL injection vector using null byte for PDO (MsSql, SQLite)
packagist
zendframework/zendframework1
Critical
over 1 year ago
ZendFramework1 Potential SQL injection in the ORDER implementation of Zend_Db_Select
packagist
zendframework/zendframework1
Critical
over 1 year ago
willdurand/js-translation-bundle potential path traversal attack and remote code injection
packagist
willdurand/js-translation-bundle
Critical
over 1 year ago
ZendFramework potential XML eXternal Entity injection vectors
packagist
zendframework/zendframework1
Critical
over 1 year ago
ZendFramework potential SQL Injection Vector When Using PDO_MySql
packagist
zendframework/zendframework1
Critical
over 1 year ago
ZendFramework vulnerable to XXE/XEE attacks
packagist
zendframework/zend-xmlrpc
Critical
over 1 year ago
Zendframework vulnerable to XXE/XEE attacks
packagist
zendframework/zendframework
Critical
over 1 year ago
Files or Directories Accessible to External Parties in ProjectDiscovery
go
github.com/projectdiscovery/interactsh
Critical
over 1 year ago
nano-id reduced entropy due to inadequate character set usage
cargo
nano-id
Critical
over 1 year ago
qdrant is vulnerable to path traversal due to improper input validation in the `/collections/{name}/snapshots/upload` endpoint
cargo
qdrant
Critical
over 1 year ago
TYPO3 CMS Insecure Deserialization & Arbitrary Code Execution
packagist
typo3/cms-core
Critical
over 1 year ago
titon/framework vulnerable to Remote Code Execution via Chosen-Ciphertext Attack
packagist
titon/framework
Critical
over 1 year ago
terminal42/contao-tablelookupwizard possible SQL injection in widget field value
packagist
terminal42/contao-tablelookupwizard
Critical
over 1 year ago
Symfony XML decoding attack vector through external entities
packagist
symfony/symfony
Critical
over 1 year ago
Symfony XML decoding attack vector through external entities
packagist
symfony/serializer
Critical
over 1 year ago
Swiftmailer Sendmail transport arbitrary shell execution
packagist
swiftmailer/swiftmailer
Critical
over 1 year ago
SimpleSAMLphp signature validation bypass
packagist
simplesamlphp/simplesamlphp
Critical
over 1 year ago
Silverstripe Brute force bypass on default admin
packagist
silverstripe/framework
Critical
over 1 year ago
VuFind Server-Side Request Forgery (SSRF) vulnerability
packagist
vufind/vufind
Critical
over 1 year ago
VuFind Server-Side Request Forgery (SSRF) vulnerability
packagist
vufind/vufind
Critical
over 1 year ago
ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache
go
github.com/argoproj/argo-cd, github.com/argoproj/argo-cd/v2
Critical
over 1 year ago
Blackprint @blackprint/engine Prototype Pollution issue
npm
@blackprint/engine
Critical
over 1 year ago
propel/propel1 SQL injection possible with limit() on MySQL
packagist
propel/propel1
Critical
over 1 year ago
Propel2 SQL injection possible with limit() on MySQL
packagist
propel/propel
Critical
over 1 year ago
ConsoleMe has an Arbitrary File Read Vulnerability via Limited Git command
pypi
consoleme
Critical
over 1 year ago
Magento RCE,XSS and other vulnerabilities
packagist
magento/community-edition
Critical
over 1 year ago
Magento remote code execution (RCE), Cross-Site Scripting (XSS) and other vulnerabilities
packagist
magento/community-edition
Critical
over 1 year ago
Magento Open Source Security Advisory: Patch SUPEE-10975
packagist
magento/community-edition
Critical
over 1 year ago
Magento Patch SUPEE-9652 - Remote Code Execution using mail vulnerability
packagist
magento/community-edition
Critical
over 1 year ago
Magento Security enhancements that help close RCE,XSS,CSRF and other vulnerabilities
packagist
magento/community-edition
Critical
over 1 year ago
Magento Patch SUPEE-10752 - Multiple security enhancements vulnerabilities
packagist
magento/community-edition
Critical
over 1 year ago
Laravel RCE vulnerability in "cookie" session driver
packagist
laravel/framework
Critical
over 1 year ago
Laravel RCE vulnerability in "cookie" session driver
packagist
illuminate/cookie
Critical
over 1 year ago
gree/jose - "None" Algorithm treated as valid in tokens
packagist
gree/jose
Critical
over 1 year ago
firebase/php-jwt: "None" Algorithm treated as valid on tokens
packagist
firebase/php-jwt
Critical
over 1 year ago
Drupal Core Insufficient Contextual Links validation leads to Remote Code Execution
packagist
drupal/drupal
Critical
over 1 year ago
Drupal Core Insufficient Contextual Links validation leads to Remote Code Execution
packagist
drupal/core
Critical
over 1 year ago
contao/core Insufficient input validation allows for code injection and remote execution
packagist
contao/core
Critical
over 1 year ago
codeigniter/framework SQL injection in ODBC database driver
packagist
codeigniter/framework
Critical
over 1 year ago
Amazon JDBC Driver for Redshift SQL Injection via line comment generation
maven
com.amazon.redshift:redshift-jdbc42
Critical
over 1 year ago
Grafana Race condition allowing privilege escalation
go
github.com/grafana/grafana
Critical
over 1 year ago
Grafana Fine-grained access control vulnerability
go
github.com/grafana/grafana
Critical
over 1 year ago
PrestaShop cross-site scripting via customer contact form in FO, through file upload
packagist
prestashop/prestashop
Critical
over 1 year ago
Cockpit CMS contains an arbitrary file upload vulenrability
packagist
cockpit-hq/cockpit
Critical
over 1 year ago
Apache Karaf Cave: Cave SSRF and arbitrary file access
maven
org.apache.karaf:cave
Critical
over 1 year ago
@valtimo/components exposes access token to form.io
npm
@valtimo/components
Critical
over 1 year ago
llama-cpp-python vulnerable to Remote Code Execution by Server-Side Template Injection in Model Metadata
pypi
llama-cpp-python
Critical
over 1 year ago
Blind XSS Leading to Froxlor Application Compromise
packagist
froxlor/froxlor
Critical
over 1 year ago
lobe-chat `/api/proxy` endpoint Server-Side Request Forgery vulnerability
npm
@lobehub/chat
Critical
over 1 year ago
Genie Path Traversal vulnerability via File Uploads
maven
com.netflix.genie:genie-web
Critical
over 1 year ago
Malicious Long Unicode filenames may cause a Multiple Application-level Denial of Service
pypi
frigate
Critical
over 1 year ago
Spin applications with specific configuration vulnerable to potential network sandbox escape
cargo
spin-sdk
Critical
over 1 year ago
Apache Inlong Deserialization of Untrusted Data vulnerability
maven
org.apache.inlong:manager-pojo
Critical
over 1 year ago
tiagorlampert CHAOS vulnerable to arbitrary code execution
go
github.com/tiagorlampert/CHAOS
Critical
over 1 year ago
Zenario uses Twig filters insecurely in the Twig Snippet plugin
packagist
tribalsystems/zenario
Critical
over 1 year ago
libxmljs vulnerable to type confusion when parsing specially crafted XML
npm
libxmljs
Critical
over 1 year ago
libxmljs2 vulnerable to type confusion when parsing specially crafted XML
npm
libxmljs2
Critical
over 1 year ago
libxmljs vulnerable to type confusion when parsing specially crafted XML
npm
libxmljs
Critical
over 1 year ago
libxmljs2 type confusion vulnerability when parsing specially crafted XML
npm
libxmljs2
Critical
over 1 year ago
Apollo Router vulnerable to Critical Regression In Query Plan Cache
cargo
apollo-router
Critical
over 1 year ago
xml-crypto vulnerable to XML signature verification bypass due improper verification of signature/signature spoofing
npm
xml-crypto
Critical
over 1 year ago
PHPECC vulnerable to multiple cryptographic side-channel attacks
packagist
mdanter/ecc
Filter by Severity
Filter by Ecosystem
npm
1,027
maven
932
packagist
569
pypi
519
go
325
cargo
168
rubygems
121
nuget
71
actions
9
hex
5
swift
2
Filter by Package
magento/community-edition
39
dolibarr/dolibarr
25
com.fasterxml.jackson.core:jackson-databind
24
com.liferay.portal:release.dxp.bom
24
net.mingsoft:ms-mcms
19
org.jenkins-ci.main:jenkins-core
19
salt
17
moodle/moodle
16
topthink/framework
15
Django
14
drupal/core
14
mlflow
14
org.apache.dubbo:dubbo
13
org.apache.struts:struts2-core
12
langchain
12
org.xwiki.platform:xwiki-platform-oldcore
12
gogs.io/gogs
11
magento/core
11
com.liferay.portal:release.portal.bom
11
phpmyadmin/phpmyadmin
10
org.xwiki.platform:xwiki-platform-web-templates
10
apache-airflow
10
vm2
10
drupal/drupal
9
flowise
9
ansible
9
funadmin/funadmin
9
github.com/argoproj/argo-cd/v2
8
org.xwiki.platform:xwiki-platform-administration-ui
8
froxlor/froxlor
8
rdiffweb
8
shopware/platform
8
pyload-ng
7
parse-server
7
rusqlite
7
zendframework/zendframework1
7
symfony/symfony
7
github.com/rancher/rancher
7
sequelize
7
paddlepaddle
7
vllm
7
studio-42/elfinder
7
github.com/argoproj/argo-cd
7
typo3/cms
6
pillow
6
thorsten/phpmyfaq
6
craftcms/cms
6
github.com/answerdev/answer
6
nilsteampassnet/teampass
6
zendframework/zendframework
6
org.apache.shiro:shiro-core
6
org.jeecgframework.boot:jeecg-boot-common
6
mautic/core
6
org.apache.inlong:manager-pojo
6
tensorflow
6
mercurial
6
github.com/hashicorp/vault
6
aaptjs
6
ezsystems/ezpublish-kernel
6
github.com/grafana/grafana
5
steal
5
tensorflow-cpu
5
org.jeecgframework.boot:jeecg-boot-parent
5
bentoml
5
dbgpt
5
dompdf/dompdf
5
librenms/librenms
5
executorch
5
shopware/core
5
safe-eval
5
centreon/centreon
5
Microsoft.ChakraCore
5
org.xwiki.commons:xwiki-commons-xml
5
nodebb
5
prestashop/prestashop
5
org.apache.openmeetings:openmeetings-parent
5
code.gitea.io/gitea
5
ckb
5
github.com/mattermost/mattermost/server/v8
5
org.jenkins-ci.plugins:script-security
5
org.xwiki.platform:xwiki-platform-web
5
adodb/adodb-php
5
tensorflow-gpu
5
Pillow
4
contao/core-bundle
4
org.apache.inlong:manager-service
4
showdoc/showdoc
4
calibreweb
4
hermes-engine
4
feehi/cms
4
ait-core
4
h2o
4
contao/contao
4
nukeviet/nukeviet
4
org.eclipse.jetty:jetty-server
4
cobbler
4
openssl-src
4
langchain-experimental
4
gradio
4
org.apache.ignite:ignite-core
4
org.xwiki.platform:xwiki-platform-search-ui
4
safer-eval
4
org.apache.activemq:activemq-client
4
simplesamlphp/simplesamlphp
4
nokogiri
4
ai.h2o:h2o-core
4
ray
4
realms-shim
4
mongoose
4
apache-airflow-providers-apache-hive
4
org.jeecgframework.boot:jeecg-boot-base-core
4
org.xwiki.platform:xwiki-platform-appwithinminutes-ui
4
org.apache.solr:solr-core
4
baserproject/basercms
4
tribalsystems/zenario
4
org.cloudfoundry.identity:cloudfoundry-identity-server
4
org.xwiki.platform:xwiki-platform-flamingo-skin-resources
4
org.apache.tapestry:tapestry-core
4
org.apache.tomcat.embed:tomcat-embed-core
4
org.apache.kylin:kylin-server-base
4
swagger-ui
4
net.opentsdb:opentsdb
4
shopware/shopware
4
ruby-saml
4
org.apache.tomcat:tomcat-catalina
4
messagepack-rs
4
smallvec
4
github.com/usememos/memos
4
aim
4
org.jenkins-ci.plugins:active-directory
3
browserify-shim
3
impresscms/impresscms
3
nvflare
3
pyyaml
3
francoisjacquet/rosariosis
3
lmdb
3
org.jeecgframework.boot:jeecg-module-system
3
org.springframework.security:spring-security-core
3
org.apache.any23:apache-any23
3
github.com/bnb-chain/tss-lib
3
namada-apps
3
picklescan
3
com.jflyfox:jflyfox_jfinal
3
github.com/beego/beego
3
github.com/cosmos/ibc-go/v4
3
github.com/beego/beego/v2
3
mitmproxy
3
org.apache.ozone:ozone-main
3
publify_core
3
llama-index
3
strapi
3
xcb
3
github.com/cosmos/ibc-go/v7
3
log4j:log4j
3
io.dataease:dataease-plugin-common
3
jsrsasign
3
org.apache.hadoop:hadoop-common
3
com.alibaba:dubbo
3
github.com/dexidp/dex
3
wwbn/avideo
3
org.xwiki.platform:xwiki-platform-distribution-war
3
org.apache.linkis:linkis
3
org.xwiki.platform:xwiki-platform-flamingo-theme-ui
3
actix-web
3
PaddlePaddle
3
github.com/pterodactyl/wings
3
symfony/security
3
vyper
3
com.hazelcast:hazelcast
3
phpmailer/phpmailer
3
org.jenkins-ci.plugins.workflow:workflow-cps
3
io.undertow:undertow-core
3
pimcore/pimcore
3
github.com/IceWhaleTech/CasaOS
3
github.com/gofiber/fiber/v2
3
feathers-sequelize
3
github.com/cosmos/ibc-go/v6
3
org.apache.jmeter:ApacheJMeter
3
org.zenframework.z8.dependencies.commons:log4j-1.2.17
3
org.apache.storm:storm
3
id-map
3
org.apache.ranger:ranger
3
llama-index-core
3
org.xwiki.platform:xwiki-platform-icon-ui
3
xml-crypto
3
torchserve
3
pandasai
3
github.com/cosmos/ibc-go
3
org.jeecgframework.boot:jeecg-boot-base
3
ezsystems/ezplatform-kernel
3
SQLAlchemy
3
rubygems-update
3
github.com/cosmos/ibc-go/v2
3
org.richfaces:richfaces-core
3
org.apache.dolphinscheduler:dolphinscheduler
3
org.keycloak:keycloak-core
3
org.apache.inlong:manager-web
3
github.com/hashicorp/nomad
3
apache-submarine
3
org.xwiki.platform:xwiki-platform-panels-ui
3
Filter by Repository
https://github.com/xwiki/xwiki-platform
100
https://github.com/FasterXML/jackson-databind
24
https://github.com/jenkinsci/jenkins
18
https://github.com/apache/airflow
16
https://github.com/django/django
15
https://github.com/Dolibarr/dolibarr
15
https://github.com/mlflow/mlflow
14
https://github.com/saltstack/salt
13
https://github.com/langchain-ai/langchain
12
https://github.com/argoproj/argo-cd
11
https://github.com/gogs/gogs
11
https://github.com/apache/inlong
10
https://github.com/ming-soft/MCMS
10
https://github.com/patriksimek/vm2
10
https://github.com/magento/magento2
10
https://github.com/python-pillow/Pillow
9
https://github.com/funadmin/funadmin
9
https://github.com/jeecgboot/jeecg-boot
9
https://github.com/PaddlePaddle/Paddle
9
https://github.com/top-think/framework
9
https://github.com/go-gitea/gitea
8
https://github.com/apache/struts
8
https://github.com/ansible/ansible
8
https://github.com/ikus060/rdiffweb
8
https://github.com/Studio-42/elFinder
7
https://github.com/parse-community/parse-server
7
https://github.com/pyload/pyload
7
https://github.com/rusqlite/rusqlite
7
https://github.com/sequelize/sequelize
7
https://github.com/apache/tomcat
7
https://github.com/rancher/rancher
7
https://github.com/symfony/symfony
7
https://github.com/run-llama/llama_index
7
https://github.com/FlowiseAI/Flowise
7
https://github.com/xwiki/xwiki-commons
6
https://github.com/shenzhim/aaptjs
6
https://github.com/liferay/liferay-portal
6
https://github.com/shopware/platform
6
https://github.com/dompdf/dompdf
6
https://github.com/answerdev/answer
6
https://github.com/thorsten/phpmyfaq
6
https://github.com/tensorflow/tensorflow
6
https://github.com/NodeBB/NodeBB
5
https://github.com/craftcms/cms
5
https://github.com/auth0/auth0-PHP
5
https://github.com/nervosnetwork/ckb
5
https://github.com/apache/activemq
5
https://github.com/froxlor/froxlor
5
https://github.com/PrestaShop/PrestaShop
5
https://github.com/SAML-Toolkits/ruby-saml
5
https://github.com/hacksparrow/safe-eval
5
https://github.com/spring-projects/spring-framework
5
https://github.com/ADOdb/ADOdb
5
https://github.com/pytorch/executorch
5
https://github.com/twisted/twisted
5
https://github.com/stealjs/steal
5
https://github.com/moodle/moodle
5
https://github.com/dromara/hutool
5
https://github.com/grafana/grafana
5
https://github.com/keycloak/keycloak
5
https://github.com/vllm-project/vllm
5
https://github.com/OpenTSDB/opentsdb
4
https://github.com/janeczku/calibre-web
4
https://github.com/pippo-java/pippo
4
https://github.com/liufee/cms
4
https://github.com/cobbler/cobbler
4
https://github.com/xwiki/xwiki-rendering
4
https://github.com/cloudfoundry/uaa
4
https://github.com/otake84/messagepack-rs
4
https://github.com/gradio-app/gradio
4
https://github.com/ezsystems/ezpublish-kernel
4
https://github.com/ray-project/ray
4
https://github.com/phpmyadmin/phpmyadmin
4
https://github.com/swagger-api/swagger-ui
4
https://github.com/usememos/memos
4
https://github.com/star7th/showdoc
4
https://github.com/dataease/dataease
4
https://github.com/contao/contao
4
https://github.com/bentoml/BentoML
4
https://github.com/CVEProject/cvelist
4
https://github.com/servo/rust-smallvec
4
https://github.com/hwchase17/langchain
4
https://github.com/nilsteampassnet/TeamPass
4
https://github.com/kubernetes/kubernetes
4
https://github.com/mautic/mautic
4
https://github.com/shopware/shopware
3
https://github.com/facade/ignition
3
https://github.com/mitmproxy/mitmproxy
3
https://github.com/TeamSeri0us/pocs
3
https://github.com/pimcore/pimcore
3
https://github.com/actix/actix-web
3
https://github.com/smarty-php/smarty
3
https://github.com/mmaitre314/picklescan
3
https://github.com/simplesamlphp/simplesamlphp
3
https://github.com/dexidp/dex
3
https://github.com/beego/beego
3
https://github.com/opencast/opencast
3
https://github.com/publify/publify
3
https://github.com/cosmos/ibc-go
3
https://github.com/thlorenz/browserify-shim
3
https://github.com/ezsystems/ezplatform-kernel
3
https://github.com/gofiber/fiber
3
https://github.com/centreon/centreon-archived
3
https://github.com/ImpressCMS/impresscms
3
https://github.com/ibexa/core
3
https://github.com/rubygems/rubygems.org
3
https://github.com/denoland/deno
3
https://github.com/geoserver/geoserver
3
https://github.com/simpleledger/slpjs
3
https://github.com/apache/shiro
3
https://github.com/baserproject/basercms
3
https://github.com/Automattic/mongoose
3
https://github.com/pgadmin-org/pgadmin4
3
https://github.com/feathersjs-ecosystem/feathers-sequelize
3
https://github.com/shopware5/shopware
3
https://github.com/node-saml/xml-crypto
3
https://github.com/octobercms/october
3
https://github.com/vyperlang/vyper
3
https://github.com/chaos-mesh/chaos-mesh
3
https://github.com/anoma/namada
3
https://github.com/pterodactyl/wings
3
https://github.com/codeigniter4/CodeIgniter4
3
https://github.com/rails/rails
3
https://github.com/github/securitylab
3
https://github.com/TribalSystems/Zenario
3
https://github.com/dwisiswant0/advisory
3
https://github.com/facebook/hermes
3
https://github.com/apache/dolphinscheduler
3
https://github.com/LetianYuan/My-CVE-Public-References
3
https://github.com/h2oai/h2o-3
3
https://github.com/sparklemotion/nokogiri
3
https://github.com/yaml/pyyaml
3
https://github.com/NASA-AMMOS/AIT-Core
3
https://github.com/hazelcast/hazelcast
3
https://github.com/mbechler/marshalsec
3
https://github.com/neorazorx/facturascripts
3
https://github.com/strapi/strapi
3
https://github.com/kjur/jsrsasign
3
https://github.com/andrewhickman/id-map
3
https://github.com/apache/camel
3
https://github.com/nukeviet/nukeviet
3
https://github.com/NVIDIA/NVFlare
3
https://github.com/rubygems/rubygems
3
https://github.com/librenms/librenms
3
https://github.com/pytorch/serve
3
https://github.com/PHPMailer/PHPMailer
3
https://github.com/pytorch/pytorch
3
https://github.com/jflyfox/jfinal_cms
3
https://github.com/chakra-core/ChakraCore
3
https://github.com/jbroadway/elefant
3
https://github.com/sqlalchemy/sqlalchemy
3
https://github.com/crewjam/saml
3
https://github.com/eosphoros-ai/DB-GPT
3
https://github.com/modoboa/modoboa
3
https://github.com/better-auth/better-auth
2
https://github.com/mpdavis/python-jose
2
https://github.com/intelliants/subrion
2
https://github.com/apache/openmeetings
2
https://github.com/Microsoft/ChakraCore
2
https://github.com/http4s/http4s
2
https://github.com/javamelody/javamelody
2
https://github.com/NVIDIA/gpu-operator
2
https://github.com/graphite-project/graphite-web
2
https://github.com/lightning-ai/pytorch-lightning
2
https://github.com/BerriAI/litellm
2
https://github.com/evmos/evmos
2
https://github.com/frohoff/ysoserial
2
https://github.com/firebase/php-jwt
2
https://github.com/Islandora/Crayfish
2
https://github.com/rochacbruno/quokka
2
https://github.com/RaspAP/raspap-webgui
2
https://github.com/hashicorp/vault
2
https://github.com/HtmlUnit/htmlunit
2
https://github.com/Pylons/waitress
2
https://github.com/ionicabizau/parse-url
2
https://github.com/apache/pinot
2
https://github.com/libxmljs/libxmljs
2
https://github.com/qcubed/qcubed
2
https://github.com/apache/kylin
2
https://github.com/torrentpier/torrentpier
2
https://github.com/hashicorp/go-getter
2
https://github.com/rest-client/rest-client
2
https://github.com/cockpit-hq/cockpit
2
https://github.com/jenkinsci/script-security-plugin
2
https://github.com/node-saml/node-saml
2
https://github.com/apache/zeppelin
2
https://github.com/totaljs/framework
2
https://github.com/jfinal/jfinal
2
https://github.com/jmrozanec/cron-utils
2
https://github.com/getgrav/grav
2
https://github.com/nuxt/nuxt
2
https://github.com/nats-io/jwt
2
https://github.com/rubyzip/rubyzip
2
https://github.com/vufind-org/vufind
2
https://github.com/Admidio/admidio
2
https://github.com/simpleledger/slp-validate.js
2
https://github.com/nats-io/nats-server
2
https://github.com/h2database/h2database
2
https://github.com/ahdinosaur/set-in
2