Browse Security Advisories
Low Security Advisories for github.com/cosmos/ibc-go/v7 Clear Filters
Low
12 months ago
OpenTofu potential leaking of secret variable values when using static evaluation in v1.8
go
github.com/opentofu/opentofu
Low
12 months ago
Zenario allows authenticated admin users to upload PDF files containing malicious code
packagist
tribalsystems/zenario
Low
12 months ago
October allows an admin account to upload PDF containing malicious JavaScript
packagist
october/october
Low
about 1 year ago
LibreNMS vulnerable to Stored Cross-site Scripting via File Upload
packagist
librenms/librenms
Low
about 1 year ago
LibreNMS has Stored Cross-site Scripting vulnerability in "Alert Templates" feature
packagist
librenms/librenms
Low
about 1 year ago
Maven Archetype Plugin: Maven Archetype integration-test may package local settings into the published artifact, possibly containing credentials
maven
org.apache.maven.plugins:maven-archetype-plugin
Low
about 1 year ago
Apache Hadoop: Temporary File Local Information Disclosure
maven
org.apache.hadoop:hadoop-common
Low
about 1 year ago
druid-pac4j, Apache Druid extension, has Padding Oracle vulnerability
maven
org.apache.druid.extensions:druid-pac4j
Low
about 1 year ago
Apache Druid: Users can provide MySQL JDBC properties not on allow list
maven
org.apache.druid:druid
Low
about 1 year ago
Mattermost Desktop App fails to sufficiently configure Electron Fuses
npm
mattermost-desktop
Low
about 1 year ago
serve-static vulnerable to template injection that can lead to XSS
npm
serve-static
Low
about 1 year ago
AngularJS allows attackers to bypass common image source restrictions
npm
angular
Low
about 1 year ago
AngularJS allows attackers to bypass common image source restrictions
npm
angular
Low
about 1 year ago
sigstore-go has an unbounded loop over untrusted input can lead to endless data attack
go
github.com/sigstore/sigstore-go
Low
about 1 year ago
Timing-Based Username Enumeration Vulnerability in Fides Webserver Authentication
pypi
ethyca-fides
Low
about 1 year ago
gix-path uses local config across repos when it is the highest scope
cargo
gix-path
Low
about 1 year ago
CometBFT's state syncing validator from malicious node may lead to a chain split
go
github.com/cometbft/cometbft/light
Low
about 1 year ago
LTI 1.3 Grade Pass Back Implementation has Missing Authorization Vulnerability
pypi
lti-consumer-xblock
Low
about 1 year ago
gitoxide-core does not neutralize special characters for terminals
cargo
gitoxide, gitoxide-core
Low
about 1 year ago
Hono CSRF middleware can be bypassed using crafted Content-Type header
npm
hono
Low
about 1 year ago
Trufflehog vulnerable to Blind SSRF in some Detectors
go
github.com/trufflesecurity/trufflehog/v3
Low
about 1 year ago
Silverpeas vulnerable to password complexity rule bypass
maven
org.silverpeas.core:silverpeas-core
Low
about 1 year ago
Concrete CMS vulnerable to Stored Cross-site Scripting
packagist
concrete5/concrete5
Low
about 1 year ago
ipl/web's `ipl\Web\Common\CsrfCounterMeasure` is susceptible to CSRF
packagist
ipl/web
Low
about 1 year ago
Apache Airflow Providers FAB Insufficient Session Expiration vulnerability
pypi
apache-airflow-providers-fab
Low
about 1 year ago
Elliptic's ECDSA missing check for whether leading bit of r and s is zero
npm
elliptic
Low
about 1 year ago
Mattermost did not properly restrict channel creation
go
github.com/mattermost/mattermost/server/v8
Low
about 1 year ago
biscuit-auth vulnerable to public key confusion in third party block
cargo
biscuit-auth
Low
about 1 year ago
The fuels-ts typescript SDK has no awareness of to-be-spent transactions
npm
@fuel-ts/account
Low
about 1 year ago
XMP Toolkit's `XmpFile::close` can trigger undefined behavior
cargo
xmp_toolkit
Low
about 1 year ago
snapd failed to properly check the destination of symbolic links when extracting a snap
go
github.com/snapcore/snapd
Low
about 1 year ago
ProcessWire Cross Site Request Forgery vulnerability
packagist
processwire/processwire
Low
about 1 year ago
[PUNCIA] [CWE-319] Cleartext Transmission of Sensitive Information via HTTP urls in `API_URLS`
pypi
puncia
Low
about 1 year ago
Sentry's Python SDK unintentionally exposes environment variables to subprocesses
pypi
sentry-sdk
Low
about 1 year ago
Steeltoe Leaks Basic Auth Credentials to Logs After Fetch Registry Error
nuget
Steeltoe.Discovery.ClientAutofac, Steeltoe.Discovery.ClientCore, Steeltoe.Discovery.EurekaBase, Steeltoe.Discovery.Eureka
Low
about 1 year ago
dbt has an implicit override for built-in materializations from installed packages
pypi
dbt-core
Low
about 1 year ago
OpenSearch Observability does not properly restrict access to private tenant resources
maven
org.opensearch.plugin:opensearch-observability
Low
about 1 year ago
yt-dlp has dependency on potentially malicious third-party code in Douyu extractors
pypi
yt-dlp
Low
about 1 year ago
Private tokens could appear in logs if context containing gRPC metadata is logged in github.com/grpc/grpc-go
go
google.golang.org/grpc
Low
about 1 year ago
aimeos/ai-admin-graphql improper access control vulnerability allows editors to manage own services
packagist
aimeos/ai-admin-graphql
Low
about 1 year ago
Inclusion of Untrusted polyfill.io Code Vulnerability in fides.js
pypi
ethyca-fides
Low
over 1 year ago
Exposure of secrets through system log in Jenkins Structs Plugin
maven
org.jenkins-ci.plugins:structs
Low
over 1 year ago
October System module has an Open Redirect for Administrator Accounts
packagist
october/system
Low
over 1 year ago
October System module has a Reflected XSS via X-October-Request-Handler Header
packagist
october/system
Low
over 1 year ago
DSpace Cross Site Scripting (XSS) via a deposited HTML/XML document
maven
org.dspace:dspace-server-webapp
Low
over 1 year ago
Keycloak leaks configured LDAP bind credentials through the Keycloak admin console
maven
org.keycloak:keycloak-ldap-federation
Low
over 1 year ago
Mattermost Desktop App allows for bypassing TCC restrictions on macOS
npm
mattermost-desktop
Low
over 1 year ago
Apache Airflow does not return the "Cache-Control" header for dynamic content
pypi
apache-airflow
Low
over 1 year ago
HashiCorp Vault Incorrectly Validated JSON Web Tokens (JWT) Audience Claims
go
github.com/hashicorp/vault
Low
over 1 year ago
Keycloak Denial of Service via account lockout
maven
org.keycloak:keycloak-services
Low
over 1 year ago
Keycloak's improper input validation allows using email as username
maven
org.keycloak:keycloak-services
Low
over 1 year ago
@strapi/plugin-content-manager leaks data via relations via the Admin Panel
npm
@strapi/plugin-content-manager
Low
over 1 year ago
`docker cp` allows unexpected chmod of host files in Moby Docker Engine
go
github.com/docker/docker
Low
over 1 year ago
evmos allows transferring unvested tokens after delegations
go
github.com/evmos/evmos/v6, github.com/evmos/evmos/v7, github.com/evmos/evmos/v8, github.com/evmos/evmos/v9, github.com/evmos/evmos/v10, github.com/evmos/evmos/v11, github.com/evmos/evmos/v12, github.com/evmos/evmos/v13, github.com/evmos/evmos/v14, github.com/evmos/evmos/v15, github.com/evmos/evmos/v16, github.com/evmos/evmos/v17
Low
over 1 year ago
s2n-tls has a potentially observable differences in RSA premaster secret handling
cargo
s2n-tls
Low
over 1 year ago
Password hash exposed in CraftCMS two factor authentication plugin
packagist
born05/craft-twofactorauthentication
Low
over 1 year ago
Password confirmation stored in plain text via registration form in statamic/cms
packagist
statamic/cms
Low
over 1 year ago
Fides Webserver Logs Hosted Database Password Partial Exposure Vulnerability
pypi
ethyca-fides
Low
over 1 year ago
Umbraco Forms components vulnerable to Stored Cross-site Scripting
nuget
Umbraco.Forms
Low
over 1 year ago
silverstripe/framework sends passwords back to browsers under some circumstances
packagist
silverstripe/framework
Low
over 1 year ago
silverstripe/framework's pre-existing alc_enc cookies log users in if remember me is disabled
packagist
silverstripe/framework
Low
over 1 year ago
silverstripe/framework password encryption salt not updated
packagist
silverstripe/framework
Low
over 1 year ago
github.com/huandu/facebook may expose access_token in error message.
go
github.com/huandu/facebook/v2
Low
over 1 year ago
Jenkins Report Info Plugin Path Traversal vulnerability
maven
org.jenkins-ci.plugins:report-info
Low
over 1 year ago
Silverstripe admin XSS Vulnerability via WYSIWYG editor
packagist
silverstripe/admin
Low
over 1 year ago
vantage6 collaboration admins can extend their influence by expanding the collaboration
pypi
vantage6
Low
over 1 year ago
github.com/bincyber/go-sqlcrypter vulnerable to IV collision
go
github.com/bincyber/go-sqlcrypter
Filter by Severity
Filter by Ecosystem
pypi
514
maven
362
packagist
321
go
236
npm
232
nuget
115
cargo
109
rubygems
59
hex
6
actions
3
swift
2
pub
2
Filter by Package
tensorflow
105
tensorflow-cpu
101
tensorflow-gpu
97
moodle/moodle
34
github.com/mattermost/mattermost/server/v8
33
org.jenkins-ci.main:jenkins-core
19
concrete5/concrete5
16
magento/community-edition
15
phpmyadmin/phpmyadmin
13
shopware/platform
13
typo3/cms
13
vyper
12
org.opencms:opencms-core
11
shopware/core
11
github.com/mattermost/mattermost-server
10
org.apache.tomcat:tomcat
9
ethyca-fides
9
magento/project-community-edition
9
silverstripe/framework
8
nova
8
wasmtime
7
Umbraco.CMS
7
undici
7
typo3/cms-core
7
puppet
6
org.keycloak:keycloak-services
6
k8s.io/kubernetes
6
github.com/cilium/cilium
6
rails-html-sanitizer
5
elliptic
5
helm.sh/helm/v3
5
baserproject/basercms
5
Magick.NET-Q16-arm64
5
october/backend
5
Magick.NET-Q16-HDRI-arm64
5
Magick.NET-Q16-HDRI-OpenMP-arm64
5
Magick.NET-Q16-HDRI-OpenMP-x64
5
Magick.NET-Q16-HDRI-x64
5
sweetalert2
5
Magick.NET-Q16-OpenMP-arm64
5
Magick.NET-Q16-OpenMP-x64
5
Magick.NET-Q16-x64
5
Magick.NET-Q8-OpenMP-arm64
5
ansible
5
rack
5
actionpack
5
next
5
cryptography
4
microweber/microweber
4
shopware/shopware
4
electron
4
zenml
4
Magick.NET-Q8-AnyCPU
4
Magick.NET-Q16-x86
4
Magick.NET-Q16-HDRI-x86
4
Magick.NET-Q16-HDRI-AnyCPU
4
simplesamlphp/simplesamlphp
4
github.com/authzed/spicedb
4
vantage6
4
Magick.NET-Q16-AnyCPU
4
symfony/symfony
4
github.com/mattermost/mattermost-server/v6
4
Magick.NET-Q8-arm64
4
github.com/hashicorp/vault
4
com.vaadin:flow-server
4
Magick.NET-Q8-OpenMP-x64
4
Magick.NET-Q8-x64
4
mattermost-desktop
3
github.com/cosmos/cosmos-sdk
3
org.graylog2:graylog2-server
3
go.etcd.io/etcd/v3
3
twig/twig
3
typo3/cms-backend
3
typo3/cms-install
3
aiohttp
3
apache-airflow
3
Magick.NET-Q8-x86
3
helm.sh/helm
3
angular
3
django
3
node-forge
3
github.com/grafana/grafana
3
aws-cdk-lib
3
gradio
3
@openzeppelin/contracts-upgradeable
3
langchain
3
bin-links
3
github.com/docker/docker
3
matrix-synapse
3
org.apache.hive:hive
3
org.apache.hive:hive-service
3
nautobot
3
com.vaadin:vaadin-bom
3
directus
3
ckb
3
github.com/canonical/lxd
3
librenms/librenms
3
sudo-rs
3
october/system
3
surrealdb
3
nokogiri
3
passenger
3
risc0-zkvm
3
braces
2
org.apache.hadoop:hadoop-common
2
dolibarr/dolibarr
2
MaterialX
2
github.com/answerdev/answer
2
org.jenkins-ci.plugins:bigpanda-jenkins
2
drupal/core
2
statamic/cms
2
drupal/drupal
2
org.apache.hive:hive-exec
2
org.jenkins-ci.plugins:repository-connector
2
org.jenkins-ci.plugins:mercurial
2
Exiv2
2
s2n-quic
2
admidio/admidio
2
org.jenkins-ci.plugins:artifactory
2
Nova
2
OctoPrint
2
send
2
s2n-tls
2
ezsystems/ezplatform-kernel
2
ezsystems/ezpublish-kernel
2
org.keycloak:keycloak-ldap-federation
2
vite
2
plone
2
hackney
2
com.liferay:com.liferay.layout.taglib
2
com.xuxueli:xxl-job-core
2
Umbraco.Forms
2
org.jenkins-ci.plugins:ec2
2
@apollo/server
2
com.xuxueli:xxl-sso
2
python-keystoneclient
2
gilacms/gila
2
dbt-core
2
grumpydictator/firefly-iii
2
github.com/apache/incubator-answer
2
cargo
2
@eslint/plugin-kit
2
express
2
salt
2
serve-static
2
github.com/containerd/containerd
2
shescape
2
next-auth
2
org.jenkins-ci.plugins:ghprb
2
joomla/joomla-cms
2
juzaweb/cms
2
agnai
2
org.apache.activemq:activemq-parent
2
tools.devnull:build-notifications
2
sequoia-openpgp
2
vaultwarden
2
transformers
2
tuf
2
upsonic
2
ceph-deploy
2
vantage6-server
2
vllm
2
leantime/leantime
2
github.com/authelia/authelia/v4
2
github.com/nats-io/nats-server/v2
2
wagtail
2
weblate
2
Weblate
2
github.com/traefik/traefik/v2
2
github.com/goharbor/harbor
2
matrix-appservice-irc
2
com.inedo.proget:inedo-proget
2
github.com/1Panel-dev/1Panel
2
tokio
2
Zope
2
mautic/core
2
github.com/ntbosscher/gobase
2
apache-airflow-providers-fab
2
github.com/mattermost/mattermost-plugin-confluence
2
@sveltejs/kit
2
yeswiki/yeswiki
2
winter/wn-backend-module
2
fiora
2
github.com/Ackites/KillWxapkg
2
typo3/cms-frontend
2
october/cms
2
october/october
2
github.com/mutagen-io/mutagen
2
org.eclipse.jetty:jetty-servlets
2
tribalsystems/zenario
2
symfony/security-http
2
@keystone-6/core
2
org.apache.tomcat:tomcat-catalina
2
go.etcd.io/etcd/client/v3
2
org.bouncycastle:bc-fips
2
@lodestar/reqresp
2
freewvs
2
glance
2
com.ruoyi:ruoyi
2
org.eclipse.jetty:jetty-server
2
Filter by Repository
https://github.com/tensorflow/tensorflow
105
https://github.com/moodle/moodle
19
https://github.com/concretecms/concretecms
14
https://github.com/vyperlang/vyper
12
https://github.com/TYPO3/typo3
12
https://github.com/shopware/platform
12
https://github.com/mattermost/mattermost
12
https://github.com/octobercms/october
10
https://github.com/openstack/nova
10
https://github.com/alkacon/opencms-core
9
https://github.com/ethyca/fides
9
https://github.com/umbraco/Umbraco-CMS
8
https://github.com/bytecodealliance/wasmtime
8
https://github.com/jenkinsci/jenkins
8
https://github.com/VulnSageAgent/PoCs
8
https://github.com/etcd-io/etcd
8
https://github.com/keycloak/keycloak
8
https://github.com/phpmyadmin/phpmyadmin
7
https://github.com/eclipse/jetty.project
7
https://github.com/xwiki/xwiki-platform
7
https://github.com/symfony/symfony
7
https://github.com/nodejs/undici
7
https://github.com/kubernetes/kubernetes
7
https://github.com/vantage6/vantage6
6
https://github.com/liferay/liferay-portal
6
https://github.com/cilium/cilium
6
https://github.com/ansible/ansible
6
https://github.com/rails/rails
6
https://github.com/apache/tomcat
6
https://github.com/apache/airflow
6
https://github.com/silverstripe/silverstripe-framework
5
https://github.com/helm/helm
5
https://github.com/baserproject/basercms
5
https://github.com/ImageMagick/ImageMagick
5
https://github.com/puppetlabs/puppet
5
https://github.com/vercel/next.js
5
https://github.com/indutny/elliptic
5
https://github.com/shopware/shopware
5
https://github.com/rails/rails-html-sanitizer
5
https://github.com/rack/rack
5
https://github.com/sweetalert2/sweetalert2
5
https://github.com/authzed/spicedb
4
https://github.com/WeblateOrg/weblate
4
https://github.com/electron/electron
4
https://github.com/pyca/cryptography
4
https://github.com/simplesamlphp/simplesamlphp
4
https://github.com/vaadin/platform
4
https://github.com/wintercms/winter
4
https://github.com/moby/moby
3
https://gitlab.com/sequoia-pgp/sequoia
3
https://github.com/zenml-io/zenml
3
https://github.com/vaadin/flow
3
https://github.com/Graylog2/graylog2-server
3
https://github.com/CVEProject/cvelist
3
https://github.com/digitalbazaar/forge
3
https://github.com/canonical/lxd
3
https://github.com/surrealdb/surrealdb
3
https://github.com/phusion/passenger
3
https://github.com/openstack/keystone
3
https://github.com/cometbft/cometbft
3
https://github.com/matrix-org/synapse
3
https://github.com/nervosnetwork/ckb
3
https://github.com/nautobot/nautobot
3
https://github.com/Byron/gitoxide
3
https://github.com/aws/aws-cdk
3
https://github.com/sparklemotion/nokogiri
3
https://github.com/cosmos/cosmos-sdk
3
https://github.com/risc0/risc0
3
https://github.com/django/django
3
https://github.com/bcgit/bc-java
3
https://github.com/librenms/librenms
3
https://github.com/directus/directus
3
https://sourceforge.net/projects/phpmyadmin.sourceforge.net
3
https://github.com/twigphp/Twig
3
https://github.com/aio-libs/aiohttp
3
https://github.com/tokio-rs/tokio
2
https://github.com/hashicorp/nomad
2
https://github.com/apache/druid
2
https://github.com/openstack/horizon
2
https://github.com/apache/activemq
2
https://github.com/Exiv2/exiv2
2
https://github.com/octoprint/octoprint
2
https://github.com/RIAEvangelist/node-ipc
2
https://github.com/theupdateframework/python-tuf
2
https://github.com/opencontainers/runc
2
https://github.com/vllm-project/vllm
2
https://github.com/parse-community/parse-server
2
https://github.com/authelia/authelia
2
https://github.com/mutagen-io/mutagen
2
https://github.com/containers/podman
2
https://github.com/1Panel-dev/1Panel
2
https://github.com/containerd/containerd
2
https://github.com/Alexhuszagh/rust-lexical
2
https://github.com/aws/s2n-tls
2
https://github.com/umbraco/Umbraco.Forms.Issues
2
https://github.com/Flask-Middleware/flask-security
2
https://github.com/dpgaspar/Flask-AppBuilder
2
https://github.com/Upsonic/Upsonic
2
https://github.com/benoitc/hackney
2
https://github.com/AcademySoftwareFoundation/MaterialX
2
https://github.com/mautic/mautic
2
https://github.com/trifectatechfoundation/sudo-rs
2
https://github.com/powsybl/powsybl-core
2
https://github.com/nats-io/nats-server
2
https://github.com/zopefoundation/Zope
2
https://github.com/langchain-ai/langchain
2
https://github.com/eslint/rewrite
2
https://github.com/nextauthjs/next-auth
2
https://github.com/rust-lang/cargo
2
https://github.com/opencontainers/distribution-spec
2
https://github.com/dani-garcia/vaultwarden
2
https://github.com/huggingface/transformers
2
https://github.com/ericcornelissen/shescape
2
https://github.com/expressjs/express
2
https://github.com/keystonejs/keystone
2
https://github.com/answerdev/answer
2
https://github.com/goharbor/harbor
2
https://github.com/ceph/ceph-deploy
2
https://github.com/expressjs/serve-static
2
https://github.com/Cyber-Wo0dy/report
2
https://github.com/jenkinsci/ec2-plugin
2
https://github.com/microweber/microweber
2
https://github.com/sveltejs/kit
2
https://github.com/dfns/cggmp21
2
https://github.com/aws/s2n-quic
2
https://github.com/Sylius/Sylius
2
https://github.com/dnnsoftware/Dnn.Platform
2
https://github.com/ChainSafe/lodestar
2
https://github.com/quarkusio/quarkus
2
https://github.com/DataDog/guarddog
2
https://github.com/dbt-labs/dbt-core
2
https://github.com/craftcms/cms
2
https://github.com/Leantime/leantime
2
https://github.com/schokokeksorg/freewvs
2
https://github.com/ezsystems/ezplatform-kernel
2
https://github.com/sigstore/cosign
2
https://github.com/Ackites/KillWxapkg
2
https://github.com/opencast/opencast
2
https://github.com/ShenxiuSec/cve-proofs
2
https://github.com/YesWiki/yeswiki
2
https://github.com/statamic/cms
2
https://github.com/traefik/traefik
2
https://github.com/gradio-app/gradio
2
https://github.com/matrix-org/matrix-appservice-irc
2
https://github.com/apollographql/apollo-server
2
https://github.com/firefly-iii/firefly-iii
2
https://github.com/Dolibarr/dolibarr
2
https://github.com/apache/kylin
2
https://github.com/vitejs/vite
2
https://github.com/micromatch/braces
2
https://github.com/agnaistic/agnai
2
https://github.com/ntbosscher/gobase
2
https://github.com/OpenZeppelin/openzeppelin-contracts
2
https://github.com/GilaCMS/gila
2
https://github.com/wagtail/wagtail
2
https://github.com/xuxueli/xxl-job
2
https://github.com/saltstack/salt
2
https://github.com/crossplane/crossplane
1
https://github.com/auth0/lock
1
https://github.com/ipython/ipython
1
https://github.com/Unitech/pm2
1
https://github.com/seattlerb/ruby_parser
1
https://github.com/strawberry-graphql/strawberry
1
https://github.com/plone/plone.restapi
1
https://github.com/apache/camel
1
https://github.com/jenkinsci/publish-over-ssh-plugin
1
https://github.com/peterbraden/node-opencv
1
https://github.com/cheqd/cheqd-node
1
https://github.com/pterodactyl/panel
1
https://github.com/aws/jsii-compiler
1
https://github.com/octo-sts/app
1
https://github.com/snapcore/snapd
1
https://github.com/qos-ch/logback
1
https://github.com/plone/plone.namedfile
1
https://github.com/mattermost/mattermost-plugin-boards
1
https://github.com/biscuit-auth/biscuit-rust
1
https://github.com/jshttp/cookie
1
https://github.com/gp247net/core
1
https://github.com/devrafalko/string-math
1
https://github.com/C2FO/fast-csv
1
https://github.com/mganss/HtmlSanitizer
1
https://github.com/aws/aws-dynamodb-encryption-python
1
https://gitlab.com/gitlab-org/cves
1
https://github.com/fog/fog
1
https://github.com/snowflakedb/snowflake-connector-net
1
https://github.com/FirebaseExtended/firepad
1
https://github.com/open-webui/open-webui
1
https://github.com/geyang/ml-logger
1
https://github.com/x-extends/vxe-table
1
https://github.com/ruby/uri
1
https://github.com/temporalio/temporal
1
https://github.com/Katello/katello
1
https://github.com/koajs/koa
1
https://github.com/isaacs/chownr
1
https://github.com/apache/superset
1
https://github.com/apache/lucene-solr
1
https://github.com/silverstripe/silverstripe-omnipay
1
https://github.com/IncludeSecurity/safeurl-python
1
https://github.com/sigstore/sigstore-java
1