Browse Security Advisories
Critical Security Advisories for github.com/cosmos/ibc-go/v7 Clear Filters
Critical
over 1 year ago
Liferay Portal stored cross-site scripting (XSS) vulnerability
maven
com.liferay.portal:release.dxp.bom, com.liferay.portal:release.portal.bom
Critical
over 1 year ago
Stimulsoft Dashboard.JS directory traversal vulnerability
npm
stimulsoft-dashboards-js
Critical
over 1 year ago
Nervos CKB Transaction which calls syscall load_cell_data_hash has nondeterministic result
cargo
ckb
Critical
over 1 year ago
Central Dogma Authentication Bypass Vulnerability via Session Leakage
maven
com.linecorp.centraldogma:centraldogma-server
Critical
over 1 year ago
Beetl Server-Side Template Injection vulnerability
maven
com.ibeetl:beetl-core
Critical
over 1 year ago
Vyper's bounds check on built-in `slice()` function can be overflowed
pypi
vyper
Critical
over 1 year ago
BuildKit vulnerable to possible host system access from mount stub cleaner
go
github.com/moby/buildkit
Critical
over 1 year ago
Buildkit's interactive containers API does not validate entitlements check
go
github.com/moby/buildkit
Critical
over 1 year ago
HashiCorp Vault Improper Privilege Management
go
github.com/hashicorp/vault
Critical
over 1 year ago
Nginx-UI vulnerable to arbitrary file write through the Import Certificate feature
go
github.com/0xJacky/Nginx-UI
Critical
over 1 year ago
Arbitrary file read vulnerability through the Jenkins CLI can lead to RCE
maven
org.jenkins-ci.main:jenkins-core
Critical
over 1 year ago
Remote Command Execution in SOFARPC
maven
com.alipay.sofa:rpc-sofa-boot-starter
Critical
over 1 year ago
Clojure classes can be used to craft a serialized object that runs arbitrary code on deserialization
maven
org.clojure:clojure
Critical
over 1 year ago
Hard-coded credentials in org.folio:mod-data-export-spring
maven
org.folio:mod-data-export-spring
Critical
over 1 year ago
Cross-Site Request Forgery on any API call in pyLoad may lead to admin privilege escalation
pypi
pyload-ng
Critical
over 1 year ago
EverShop at risk to unauthorized access via weak HMAC secret
npm
@evershop/evershop
Critical
over 1 year ago
@clerk/nextjs auth() and getAuth() methods vulnerable to insecure direct object reference (IDOR)
npm
@clerk/nextjs
Critical
over 1 year ago
Django Template Engine Vulnerable to XSS
go
github.com/gofiber/template/django/v3
Critical
over 1 year ago
Maliciously crafted Git server replies can lead to path traversal and RCE on go-git clients
go
github.com/go-git/go-git/v5
Critical
over 1 year ago
Hyperledger Aries Cloud Agent Python result of presentation verification not checked for LDP-VC
pypi
aries-cloudagent
Critical
over 1 year ago
XWiki Remote Code Execution Vulnerability via User Registration
maven
org.xwiki.platform:xwiki-platform-administration-ui
Critical
over 1 year ago
Arbitrary remote code execution within `wrangler dev` Workers sandbox
npm
wrangler
Critical
over 1 year ago
Apache InLong Manager Remote Code Execution vulnerability
maven
org.apache.inlong:manager-pojo
Critical
over 1 year ago
PaddlePaddle command injection in get_online_pass_interval
pypi
PaddlePaddle
Critical
over 1 year ago
plotly.js prototype pollution vulnerability
npm, packagist
plotly.js, plotly/plotly.js
Critical
almost 2 years ago
JeecgBoot server-side template injection
maven
org.jeecgframework.boot:jeecg-boot-common
Critical
almost 2 years ago
Jeecg Boot SQL Injection
maven
org.jeecgframework.boot:jeecg-boot-common
Critical
almost 2 years ago
Jeecg Boot SQL injection vulnerability
maven
org.jeecgframework.boot:jeecg-boot-common
Critical
almost 2 years ago
Apache IoTDB: Unsafe deserialize map in Sync Tool
maven
org.apache.iotdb:iotdb-parent
Critical
almost 2 years ago
transformers has a Deserialization of Untrusted Data vulnerability
pypi
transformers
Critical
almost 2 years ago
Remote code execution/programming rights with configuration section from any user account
maven
org.xwiki.platform:xwiki-platform-administration-ui
Critical
almost 2 years ago
XSS/CSRF Remote Code Execution in XWiki.ConfigurableClass
maven
org.xwiki.platform:xwiki-platform-administration-ui
Critical
almost 2 years ago
Remote code execution from account through SearchAdmin
maven
org.xwiki.platform:xwiki-platform-search-ui
Critical
almost 2 years ago
Apache StreamPark: Authenticated system users could trigger remote command execution
maven
org.apache.streampark:streampark
Critical
almost 2 years ago
Apache Dubbo: Bypass deny serialize list check in Apache Dubbo
maven
org.apache.dubbo:dubbo
Critical
almost 2 years ago
Gradio Exposure of Sensitive Information to an Unauthorized Actor vulnerability
pypi
gradio
Critical
almost 2 years ago
Improper Privilege Management in github.com/sap/cloud-security-client-go
go
github.com/sap/cloud-security-client-go
Critical
almost 2 years ago
Improper JWT Signature Validation in SAP Security Services Library
maven
com.sap.cloud.security.xsuaa:spring-xsuaa, com.sap.cloud.security:spring-security, com.sap.cloud.security:java-security
Critical
almost 2 years ago
memory overflow vulnerability in OpenEXR-viewer
actions
afichet/openexr-viewer
Critical
almost 2 years ago
Apache Struts vulnerable to path traversal
maven
org.apache.struts:struts2-core
Critical
almost 2 years ago
tj-actions/branch-names's Improper Sanitization of Branch Name Leads to Arbitrary Code Injection
actions
tj-actions/branch-names
Critical
almost 2 years ago
HtmlUnit vulnerable to Remote Code Execution (RCE) via XSTL
maven
org.htmlunit:htmlunit
Critical
almost 2 years ago
Solon is vulnerable to Deserialization of Untrusted Data
maven
org.noear:solon
Critical
almost 2 years ago
Microcks contains a Server-Side Request Forgery (SSRF) via the component /jobs and /artifact/download
maven
io.github.microcks:microcks
Critical
almost 2 years ago
Jupiter allows attackers to execute arbitrary commands via sending a crafted RPC request
maven
org.jupiter-rpc:jupiter-rpc
Critical
almost 2 years ago
PHPMemcachedAdmin Path Traversal vulnerability
packagist
elijaa/phpmemcacheadmin
Critical
almost 2 years ago
Apache Cocoon Improper Restriction of XML External Entity Reference vulnerability
maven
org.apache.cocoon:cocoon
Critical
almost 2 years ago
Apache Cocoon SQL Injection vulnerability
maven
org.apache.cocoon:cocoon
Critical
almost 2 years ago
October CMS safe mode bypass using Twig sandbox escape
packagist
october/system
Critical
almost 2 years ago
Capsule Proxy Authentication bypass using an empty token
go
github.com/clastix/capsule-proxy, github.com/projectcapsule/capsule-proxy
Critical
almost 2 years ago
Run Shell Command allows Cross-Site Request Forgery
maven
org.xwiki.contrib:xwiki-application-admintools
Critical
almost 2 years ago
Cookies are sent to external images in rendered diff (and server side request forgery)
maven
org.xwiki.platform:xwiki-platform-diff-xml
Critical
almost 2 years ago
Apache Derby: LDAP injection vulnerability in authenticator
maven
org.apache.derby:derby
Critical
almost 2 years ago
Deserialization of Untrusted Data in apache-submarine
pypi
apache-submarine
Critical
almost 2 years ago
Ibis PyArrow dependency allows arbitrary code execution when loading a malicious data file
pypi
ibis-framework
Critical
almost 2 years ago
Liferay Portal XSS with `p_l_back_url_title` on edit content page
maven
com.liferay.portal:release.portal.bom
Critical
almost 2 years ago
MLflow authentication requirement bypass can allow a user to arbitrarily create an account
pypi
mlflow
Critical
almost 2 years ago
Remote Code Execution due to Full Controled File Write in mlflow
pypi
mlflow
Critical
almost 2 years ago
Froxlor Improper Input Validation vulnerability
packagist
froxlor/froxlor
Filter by Severity
Filter by Ecosystem
npm
1,028
maven
933
packagist
565
pypi
518
go
323
cargo
168
rubygems
121
nuget
71
actions
9
hex
5
swift
2
Filter by Package
magento/community-edition
39
dolibarr/dolibarr
25
com.fasterxml.jackson.core:jackson-databind
24
com.liferay.portal:release.dxp.bom
24
org.jenkins-ci.main:jenkins-core
19
net.mingsoft:ms-mcms
19
salt
17
moodle/moodle
16
topthink/framework
15
mlflow
14
org.apache.dubbo:dubbo
13
langchain
12
drupal/core
12
org.apache.struts:struts2-core
12
Django
12
org.xwiki.platform:xwiki-platform-oldcore
12
gogs.io/gogs
11
com.liferay.portal:release.portal.bom
11
phpmyadmin/phpmyadmin
10
apache-airflow
10
magento/core
10
vm2
10
org.xwiki.platform:xwiki-platform-web-templates
10
ansible
9
funadmin/funadmin
9
drupal/drupal
9
flowise
9
shopware/platform
8
froxlor/froxlor
8
rdiffweb
8
org.xwiki.platform:xwiki-platform-administration-ui
8
github.com/argoproj/argo-cd/v2
8
vllm
7
github.com/argoproj/argo-cd
7
pyload-ng
7
studio-42/elfinder
7
parse-server
7
rusqlite
7
paddlepaddle
7
sequelize
7
github.com/rancher/rancher
7
zendframework/zendframework1
7
pillow
6
mautic/core
6
github.com/hashicorp/vault
6
ezsystems/ezpublish-kernel
6
org.jeecgframework.boot:jeecg-boot-common
6
zendframework/zendframework
6
nilsteampassnet/teampass
6
aaptjs
6
github.com/answerdev/answer
6
org.apache.inlong:manager-pojo
6
thorsten/phpmyfaq
6
mercurial
6
tensorflow
6
org.apache.shiro:shiro-core
6
typo3/cms
6
craftcms/cms
6
symfony/symfony
6
org.xwiki.platform:xwiki-platform-web
5
nodebb
5
github.com/mattermost/mattermost/server/v8
5
org.apache.openmeetings:openmeetings-parent
5
ckb
5
bentoml
5
executorch
5
dompdf/dompdf
5
librenms/librenms
5
safe-eval
5
code.gitea.io/gitea
5
github.com/grafana/grafana
5
org.jenkins-ci.plugins:script-security
5
centreon/centreon
5
tensorflow-cpu
5
tensorflow-gpu
5
prestashop/prestashop
5
org.jeecgframework.boot:jeecg-boot-parent
5
adodb/adodb-php
5
dbgpt
5
org.xwiki.commons:xwiki-commons-xml
5
shopware/core
5
steal
5
Microsoft.ChakraCore
5
org.xwiki.platform:xwiki-platform-search-ui
4
org.apache.kylin:kylin-server-base
4
showdoc/showdoc
4
hermes-engine
4
org.apache.tomcat.embed:tomcat-embed-core
4
org.cloudfoundry.identity:cloudfoundry-identity-server
4
simplesamlphp/simplesamlphp
4
nukeviet/nukeviet
4
tribalsystems/zenario
4
mongoose
4
nokogiri
4
github.com/usememos/memos
4
realms-shim
4
org.apache.inlong:manager-service
4
org.xwiki.platform:xwiki-platform-flamingo-skin-resources
4
contao/core-bundle
4
apache-airflow-providers-apache-hive
4
org.apache.tapestry:tapestry-core
4
baserproject/basercms
4
ait-core
4
swagger-ui
4
shopware/shopware
4
safer-eval
4
ray
4
Pillow
4
feehi/cms
4
net.opentsdb:opentsdb
4
org.apache.ignite:ignite-core
4
ai.h2o:h2o-core
4
calibreweb
4
org.apache.tomcat:tomcat-catalina
4
langchain-experimental
4
cobbler
4
messagepack-rs
4
org.xwiki.platform:xwiki-platform-appwithinminutes-ui
4
aim
4
ruby-saml
4
smallvec
4
org.eclipse.jetty:jetty-server
4
org.apache.activemq:activemq-client
4
openssl-src
4
h2o
4
org.jeecgframework.boot:jeecg-boot-base-core
4
gradio
4
contao/contao
4
org.jeecgframework.boot:jeecg-module-system
3
github.com/bnb-chain/tss-lib
3
org.springframework.security:spring-security-core
3
github.com/go-gitea/gitea
3
twisted
3
github.com/cosmos/ibc-go/v4
3
codeigniter4/framework
3
browserify-shim
3
github.com/cosmos/ibc-go/v7
3
torchserve
3
ro.pippo:pippo-core
3
github.com/beego/beego
3
strapi
3
org.apache.solr:solr-parent
3
edu.stanford.nlp:stanford-corenlp
3
ezsystems/ezplatform-kernel
3
org.apache.dolphinscheduler:dolphinscheduler
3
phpmailer/phpmailer
3
org.jenkins-ci.plugins.workflow:workflow-cps
3
io.undertow:undertow-core
3
nvflare
3
io.dataease:dataease-plugin-common
3
symfony/security
3
wwbn/avideo
3
org.apache.hadoop:hadoop-common
3
github.com/chaos-mesh/chaos-mesh
3
namada-apps
3
org.richfaces:richfaces-core
3
org.xwiki.platform:xwiki-platform-flamingo-theme-ui
3
pimcore/pimcore
3
codeigniter/framework
3
feathers-sequelize
3
org.apache.ozone:ozone-main
3
org.apache.ranger:ranger
3
github.com/pterodactyl/wings
3
pandasai
3
org.apache.storm:storm
3
org.jeecgframework.boot:jeecg-boot-base
3
github.com/cosmos/ibc-go/v3
3
github.com/dexidp/dex
3
org.jenkins-ci.plugins:active-directory
3
Plone
3
github.com/cosmos/ibc-go/v2
3
github.com/cosmos/ibc-go
3
org.apache.linkis:linkis
3
modoboa
3
vyper
3
mitmproxy
3
org.xwiki.platform:xwiki-platform-distribution-war
3
jsrsasign
3
rubygems-update
3
github.com/cosmos/ibc-go/v5
3
log4j:log4j
3
org.xwiki.platform:xwiki-platform-panels-ui
3
smarty/smarty
3
llama-index
3
org.zenframework.z8.dependencies.commons:log4j-1.2.17
3
pyyaml
3
ibexa/core
3
xml-crypto
3
github.com/IceWhaleTech/CasaOS
3
xcb
3
github.com/gofiber/fiber/v2
3
org.apache.inlong:manager-web
3
com.hazelcast:hazelcast
3
org.xwiki.platform:xwiki-platform-icon-ui
3
org.apache.any23:apache-any23
3
org.apache.jmeter:ApacheJMeter
3
lmdb
3
impresscms/impresscms
3
github.com/cosmos/ibc-go/v6
3
actix-web
3
Filter by Repository
https://github.com/xwiki/xwiki-platform
100
https://github.com/FasterXML/jackson-databind
24
https://github.com/jenkinsci/jenkins
18
https://github.com/apache/airflow
16
https://github.com/django/django
15
https://github.com/Dolibarr/dolibarr
15
https://github.com/mlflow/mlflow
14
https://github.com/saltstack/salt
13
https://github.com/langchain-ai/langchain
12
https://github.com/argoproj/argo-cd
11
https://github.com/gogs/gogs
11
https://github.com/apache/inlong
10
https://github.com/ming-soft/MCMS
10
https://github.com/patriksimek/vm2
10
https://github.com/magento/magento2
10
https://github.com/python-pillow/Pillow
9
https://github.com/funadmin/funadmin
9
https://github.com/jeecgboot/jeecg-boot
9
https://github.com/PaddlePaddle/Paddle
9
https://github.com/top-think/framework
9
https://github.com/go-gitea/gitea
8
https://github.com/apache/struts
8
https://github.com/ansible/ansible
8
https://github.com/ikus060/rdiffweb
8
https://github.com/Studio-42/elFinder
7
https://github.com/parse-community/parse-server
7
https://github.com/pyload/pyload
7
https://github.com/rusqlite/rusqlite
7
https://github.com/sequelize/sequelize
7
https://github.com/apache/tomcat
7
https://github.com/rancher/rancher
7
https://github.com/symfony/symfony
7
https://github.com/run-llama/llama_index
7
https://github.com/FlowiseAI/Flowise
7
https://github.com/xwiki/xwiki-commons
6
https://github.com/shenzhim/aaptjs
6
https://github.com/liferay/liferay-portal
6
https://github.com/shopware/platform
6
https://github.com/dompdf/dompdf
6
https://github.com/answerdev/answer
6
https://github.com/thorsten/phpmyfaq
6
https://github.com/tensorflow/tensorflow
6
https://github.com/NodeBB/NodeBB
5
https://github.com/craftcms/cms
5
https://github.com/auth0/auth0-PHP
5
https://github.com/nervosnetwork/ckb
5
https://github.com/apache/activemq
5
https://github.com/froxlor/froxlor
5
https://github.com/PrestaShop/PrestaShop
5
https://github.com/SAML-Toolkits/ruby-saml
5
https://github.com/hacksparrow/safe-eval
5
https://github.com/spring-projects/spring-framework
5
https://github.com/ADOdb/ADOdb
5
https://github.com/pytorch/executorch
5
https://github.com/twisted/twisted
5
https://github.com/stealjs/steal
5
https://github.com/moodle/moodle
5
https://github.com/dromara/hutool
5
https://github.com/grafana/grafana
5
https://github.com/vllm-project/vllm
5
https://github.com/keycloak/keycloak
5
https://github.com/OpenTSDB/opentsdb
4
https://github.com/janeczku/calibre-web
4
https://github.com/pippo-java/pippo
4
https://github.com/liufee/cms
4
https://github.com/cobbler/cobbler
4
https://github.com/xwiki/xwiki-rendering
4
https://github.com/cloudfoundry/uaa
4
https://github.com/otake84/messagepack-rs
4
https://github.com/gradio-app/gradio
4
https://github.com/ezsystems/ezpublish-kernel
4
https://github.com/ray-project/ray
4
https://github.com/phpmyadmin/phpmyadmin
4
https://github.com/swagger-api/swagger-ui
4
https://github.com/usememos/memos
4
https://github.com/star7th/showdoc
4
https://github.com/dataease/dataease
4
https://github.com/contao/contao
4
https://github.com/bentoml/BentoML
4
https://github.com/CVEProject/cvelist
4
https://github.com/servo/rust-smallvec
4
https://github.com/hwchase17/langchain
4
https://github.com/nilsteampassnet/TeamPass
4
https://github.com/kubernetes/kubernetes
4
https://github.com/mautic/mautic
4
https://github.com/shopware/shopware
3
https://github.com/facade/ignition
3
https://github.com/mitmproxy/mitmproxy
3
https://github.com/TeamSeri0us/pocs
3
https://github.com/pimcore/pimcore
3
https://github.com/actix/actix-web
3
https://github.com/smarty-php/smarty
3
https://github.com/mmaitre314/picklescan
3
https://github.com/simplesamlphp/simplesamlphp
3
https://github.com/dexidp/dex
3
https://github.com/beego/beego
3
https://github.com/opencast/opencast
3
https://github.com/publify/publify
3
https://github.com/cosmos/ibc-go
3
https://github.com/thlorenz/browserify-shim
3
https://github.com/ezsystems/ezplatform-kernel
3
https://github.com/gofiber/fiber
3
https://github.com/centreon/centreon-archived
3
https://github.com/ImpressCMS/impresscms
3
https://github.com/ibexa/core
3
https://github.com/rubygems/rubygems.org
3
https://github.com/denoland/deno
3
https://github.com/geoserver/geoserver
3
https://github.com/simpleledger/slpjs
3
https://github.com/apache/shiro
3
https://github.com/baserproject/basercms
3
https://github.com/Automattic/mongoose
3
https://github.com/pgadmin-org/pgadmin4
3
https://github.com/feathersjs-ecosystem/feathers-sequelize
3
https://github.com/shopware5/shopware
3
https://github.com/node-saml/xml-crypto
3
https://github.com/octobercms/october
3
https://github.com/vyperlang/vyper
3
https://github.com/chaos-mesh/chaos-mesh
3
https://github.com/anoma/namada
3
https://github.com/pterodactyl/wings
3
https://github.com/codeigniter4/CodeIgniter4
3
https://github.com/crewjam/saml
3
https://github.com/github/securitylab
3
https://github.com/TribalSystems/Zenario
3
https://github.com/dwisiswant0/advisory
3
https://github.com/facebook/hermes
3
https://github.com/apache/dolphinscheduler
3
https://github.com/LetianYuan/My-CVE-Public-References
3
https://github.com/h2oai/h2o-3
3
https://github.com/sparklemotion/nokogiri
3
https://github.com/yaml/pyyaml
3
https://github.com/NASA-AMMOS/AIT-Core
3
https://github.com/hazelcast/hazelcast
3
https://github.com/mbechler/marshalsec
3
https://github.com/neorazorx/facturascripts
3
https://github.com/strapi/strapi
3
https://github.com/kjur/jsrsasign
3
https://github.com/andrewhickman/id-map
3
https://github.com/apache/camel
3
https://github.com/nukeviet/nukeviet
3
https://github.com/NVIDIA/NVFlare
3
https://github.com/rubygems/rubygems
3
https://github.com/librenms/librenms
3
https://github.com/pytorch/serve
3
https://github.com/PHPMailer/PHPMailer
3
https://github.com/pytorch/pytorch
3
https://github.com/jflyfox/jfinal_cms
3
https://github.com/chakra-core/ChakraCore
3
https://github.com/jbroadway/elefant
3
https://github.com/sqlalchemy/sqlalchemy
3
https://github.com/rails/rails
3
https://github.com/eosphoros-ai/DB-GPT
3
https://github.com/modoboa/modoboa
3
https://github.com/better-auth/better-auth
2
https://github.com/mpdavis/python-jose
2
https://github.com/intelliants/subrion
2
https://github.com/apache/openmeetings
2
https://github.com/Microsoft/ChakraCore
2
https://github.com/http4s/http4s
2
https://github.com/javamelody/javamelody
2
https://github.com/NVIDIA/gpu-operator
2
https://github.com/graphite-project/graphite-web
2
https://github.com/lightning-ai/pytorch-lightning
2
https://github.com/BerriAI/litellm
2
https://github.com/evmos/evmos
2
https://github.com/frohoff/ysoserial
2
https://github.com/firebase/php-jwt
2
https://github.com/Islandora/Crayfish
2
https://github.com/rochacbruno/quokka
2
https://github.com/RaspAP/raspap-webgui
2
https://github.com/hashicorp/vault
2
https://github.com/HtmlUnit/htmlunit
2
https://github.com/Pylons/waitress
2
https://github.com/ionicabizau/parse-url
2
https://github.com/apache/pinot
2
https://github.com/libxmljs/libxmljs
2
https://github.com/qcubed/qcubed
2
https://github.com/apache/kylin
2
https://github.com/torrentpier/torrentpier
2
https://github.com/hashicorp/go-getter
2
https://github.com/rest-client/rest-client
2
https://github.com/cockpit-hq/cockpit
2
https://github.com/jenkinsci/script-security-plugin
2
https://github.com/node-saml/node-saml
2
https://github.com/apache/zeppelin
2
https://github.com/totaljs/framework
2
https://github.com/jfinal/jfinal
2
https://github.com/jmrozanec/cron-utils
2
https://github.com/getgrav/grav
2
https://github.com/nuxt/nuxt
2
https://github.com/nats-io/jwt
2
https://github.com/rubyzip/rubyzip
2
https://github.com/vufind-org/vufind
2
https://github.com/Admidio/admidio
2
https://github.com/simpleledger/slp-validate.js
2
https://github.com/nats-io/nats-server
2
https://github.com/OpenZeppelin/openzeppelin-contracts
2
https://github.com/ahdinosaur/set-in
2