Browse Security Advisories
Low Security Advisories for org.apache.hive:hive-exec Clear Filters
Low
5 months ago
Mattermost Playbooks fails to properly validate permissions
go
github.com/mattermost/mattermost/server/v8, github.com/mattermost/mattermost-plugin-playbooks
Low
5 months ago
Nokogiri updates packaged libxml2 to v2.13.8 to resolve CVE-2025-32414 and CVE-2025-32415
rubygems
nokogiri
Low
6 months ago
Mattermost doesn't restrict domains LLM can request to contact upstream
go
github.com/mattermost/mattermost/server/v8
Low
6 months ago
Mattermost Missing Authentication for Critical Function
go
github.com/mattermost/mattermost/server/v8
Low
6 months ago
Mattermost Incorrect Authorization vulnerability
go
github.com/mattermost/mattermost/server/v8
Low
6 months ago
aws-cdk-lib's aspect order change causes different Permissions Boundary assigned to Role
npm
aws-cdk-lib
Low
6 months ago
VCS credentials included in URL parameters are potentially logged and saved into browser history as plaintext
pypi
weblate
Low
6 months ago
Mattermost Incorrect Authorization vulnerability
go
github.com/mattermost/mattermost/server/v8
Low
6 months ago
SurrealDB no JavaScript script function default timeout could facilitate DoS
cargo
surrealdb
Low
6 months ago
Mattermost Fails to Enforce Proper Access Controls on `/api/v4/audits` Endpoint
go
github.com/mattermost/mattermost/server/v8
Low
6 months ago
Shopware default newsletter opt-in settings allow for mass sign-up abuse
packagist
shopware/platform, shopware/core
Low
6 months ago
Pimcore's Admin Classic Bundle allows HTML Injection
packagist
pimcore/admin-ui-classic-bundle
Low
6 months ago
Tokio broadcast channel calls clone in parallel, but does not require `Sync`
cargo
tokio
Low
6 months ago
React Draft Wysiwyg Cross-Site Scripting (XSS) via the Embedded Button
npm
react-draft-wysiwyg
Low
6 months ago
Apache Answer User Using External Images Potentially Discloses User Information
go
github.com/apache/answer
Low
6 months ago
Apache ActiveMQ Artemis User Without Create Address Permissions can Modify Address Routing-Type
maven
org.apache.activemq:artemis-server
Low
6 months ago
Drupal Link field display mode formatter Cross-Site Scripting (XSS) vulnerability
packagist
drupal/link_field_display_mode_formatter
Low
6 months ago
Drupal RapiDoc OAS Field Formatter Cross-Site Scripting (XSS) vulnerability
packagist
drupal/rapidoc_elements_field_formatter
Low
6 months ago
Drupal Formatter Suite Vulnerable to Cross-Site Scripting (XSS) via Link Element Attributes
packagist
drupal/formatter_suite
Low
6 months ago
Drupal Configuration Split Cross-Site Request Forgery (CSRF) vulnerability
packagist
drupal/config_split
Low
6 months ago
Drupal OAuth2 Client Cross-Site Request Forgery (CSRF)
packagist
drupal/oauth2_client
Low
6 months ago
Drupal Matomo Analytics Cross-Site Request Forgery (CSRF) vulnerability
packagist
drupal/matomo
Low
6 months ago
array-init-cursor is unsound when used with types that implement `Drop`
cargo
array-init-cursor
Low
6 months ago
Publify Vulnerable To Cross-Site Scripting (XSS) Via Redirects Requiring User Interaction
rubygems
publify_core
Low
6 months ago
Apache Kylin Code Injection via JDBC Configuration Alteration
maven
org.apache.kylin:kylin
Low
6 months ago
Apache Kylin Server-Side Request Forgery (SSRF) via `/kylin/api/xxx/diag` Endpoint
maven
org.apache.kylin:kylin-common-server
Low
6 months ago
Django TomSelect incomplete escaping of dangerous characters in widget attributes
pypi
django-tomselect
Low
6 months ago
Suspended Directus user can continue to use session token to access API
npm
@directus/types, @directus/api, directus
Low
6 months ago
Shescape has potential environment variable exposure on Windows with CMD
npm
shescape
Low
6 months ago
Cilium node based network policies may incorrectly allow workload traffic
go
Ciliumgithub.com/cilium/cilium, github.com/cilium/cilium
Low
6 months ago
Cilium East-west traffic not subject to egress policy enforcement for requests via Gateway API load balancers
go
github.com/cilium/cilium
Low
7 months ago
Reflected XSS in go-httpbin due to unrestricted client control over Content-Type
go
github.com/mccutchen/go-httpbin/v2, github.com/mccutchen/go-httpbin
Low
7 months ago
Mattermost fail to prompt for explicit approval before adding a team admin to a private channel
go
github.com/mattermost/mattermost/server/v8
Low
7 months ago
go-redis allows potential out of order responses when `CLIENT SETINFO` times out during connection establishment
go
github.com/redis/go-redis/v9
Low
7 months ago
Kubernetes kube-apiserver Vulnerable to Race Condition
go
k8s.io/kubernetes/cmd/kube-apiserver
Low
7 months ago
Apache Seata Vulnerable to Deserialization of Untrusted Data
maven
org.apache.seata:seata-config-core
Low
7 months ago
Jenkins Zoho QEngine Plugin Displays Unmasked API Keys
maven
io.jenkins.plugins:zohoqengine
Low
7 months ago
Mattermost Desktop App allows the bypass of Transparency, Consent, and Control (TCC) via code injection
npm
mattermost-desktop
Low
7 months ago
Zincati allows unprivileged access to rpm-ostree D-Bus `Deploy()` and `FinalizeDeployment()` methods
cargo
zincati
Low
7 months ago
Snowflake JDBC Driver client-side encryption key in DEBUG logs
maven
net.snowflake:snowflake-jdbc
Low
7 months ago
Microweber vulnerable to XSS attack due to insure `group` component in its Settings handler
packagist
microweber/microweber
Low
7 months ago
Magento LTS vulnerable to stored XSS in theme config fields
packagist
openmage/magento-lts
Low
7 months ago
Apache Ranger Improper Neutralization of Formula Elements vulnerability
maven
org.apache.ranger:security-admin-web
Low
7 months ago
MongoDB Shell may be susceptible to control character Injection via shell output
npm
mongosh
Low
7 months ago
copyparty renders unsanitized filenames as HTML when user uploads empty files
pypi
copyparty
Low
7 months ago
Matrix IRC Bridge allows IRC command injection to own puppeted user
npm
matrix-appservice-irc
Low
7 months ago
Moodle has an IDOR in badges allows disabling of arbitrary badges
packagist
moodle/moodle
Low
7 months ago
Moodle allows teachers to evade trusttext config when restoring glossary entries
packagist
moodle/moodle
Low
7 months ago
Mattermost fails to invalidate all active sessions when converting a user to a bot
go
github.com/mattermost/mattermost/server/v8
Low
7 months ago
Leantime has Missing Authorization Check for Host Parameter
packagist
leantime/leantime
Low
8 months ago
Authelia applies regulation separately to Username-based logins to Email-based logins
go
github.com/authelia/authelia/v4
Low
8 months ago
Nokogiri updates packaged libxml2 to 2.13.6 to resolve CVE-2025-24928 and CVE-2024-56171
rubygems
nokogiri
Low
8 months ago
Magento Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability
packagist
magento/project-community-edition, magento/community-edition
Low
8 months ago
Magento Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability
packagist
magento/project-community-edition, magento/community-edition
Low
8 months ago
vLLM uses Python 3.12 built-in hash() which leads to predictable hash collisions in prefix cache
pypi
vllm
Low
8 months ago
Jenkins Zoom Plugin is Missing Password Field Masking
maven
io.jenkins.plugins:zoom
Low
8 months ago
Potential DoS when using ContextLines integration
npm
@sentry/sveltekit, @sentry/solidstart, @sentry/remix, @sentry/nuxt, @sentry/nextjs, @sentry/nestjs, @sentry/google-cloud-serverless, @sentry/bun, @sentry/aws-serverless, @sentry/astro, @sentry/node
Low
8 months ago
Apache Cocoon vulnerable to Incorrect Usage of Seeds in Pseudo-Random Number Generator
maven
org.apache.cocoon:cocoon-sitemap-impl, org.apache.cocoon:cocoon-forms-impl
Low
8 months ago
Directus has a DOM-Based cross-site scripting (XSS) via layout_options
npm
directus
Low
8 months ago
Reflected Cross Site Scripting (XSS) in error message
packagist
silverstripe/framework
Low
9 months ago
AWS Cloud Development Kit (AWS CDK) IAM OIDC custom resource allows connection to unauthorized OIDC provider
npm
aws-cdk-lib
Low
9 months ago
Silverstripe Framework has a Reflected Cross Site Scripting (XSS) in error message
packagist
silverstripe/framework
Low
9 months ago
CVE-2025-0343: Swift ASN.1 can crash when parsing maliciously formed BER/DER
swift
github.com/apple/swift-asn1
Low
9 months ago
TYPO3 Information Disclosure via Exception Handling/Logger
packagist
typo3/cms-install
Low
9 months ago
The Umbraco Heartcore headless client library uses a vulnerable Refit dependency package
nuget
Umbraco.Headless.Client.Net
Filter by Severity
Filter by Ecosystem
pypi
518
maven
361
packagist
319
go
236
npm
231
nuget
119
cargo
109
rubygems
59
hex
6
actions
3
swift
2
pub
2
Filter by Package
tensorflow
105
tensorflow-cpu
103
tensorflow-gpu
98
moodle/moodle
34
github.com/mattermost/mattermost/server/v8
33
org.jenkins-ci.main:jenkins-core
19
concrete5/concrete5
16
magento/community-edition
14
typo3/cms
13
shopware/platform
13
phpmyadmin/phpmyadmin
13
vyper
12
shopware/core
11
org.opencms:opencms-core
11
github.com/mattermost/mattermost-server
10
ethyca-fides
9
org.apache.tomcat:tomcat
9
silverstripe/framework
8
wasmtime
8
magento/project-community-edition
8
nova
8
Umbraco.CMS
7
typo3/cms-core
7
undici
7
puppet
6
k8s.io/kubernetes
6
github.com/cilium/cilium
6
next
5
Magick.NET-Q16-OpenMP-x64
5
Magick.NET-Q16-OpenMP-arm64
5
Magick.NET-Q8-OpenMP-arm64
5
ansible
5
Magick.NET-Q16-HDRI-x64
5
Magick.NET-Q8-x64
5
sweetalert2
5
elliptic
5
Magick.NET-Q16-HDRI-arm64
5
Magick.NET-Q16-HDRI-OpenMP-x64
5
rack
5
baserproject/basercms
5
Magick.NET-Q16-x64
5
actionpack
5
Magick.NET-Q16-arm64
5
rails-html-sanitizer
5
org.keycloak:keycloak-services
5
Magick.NET-Q16-HDRI-OpenMP-arm64
5
october/backend
5
Magick.NET-Q8-arm64
5
Magick.NET-Q8-OpenMP-x64
5
symfony/symfony
4
github.com/mattermost/mattermost-server/v6
4
github.com/hashicorp/vault
4
helm.sh/helm/v3
4
Magick.NET-Q8-AnyCPU
4
Magick.NET-Q16-x86
4
github.com/authzed/spicedb
4
Magick.NET-Q8-x86
4
cryptography
4
Magick.NET-Q16-AnyCPU
4
Magick.NET-Q16-HDRI-x86
4
com.vaadin:flow-server
4
helm.sh/helm
4
microweber/microweber
4
vantage6
4
Magick.NET-Q16-HDRI-AnyCPU
4
zenml
4
shopware/shopware
4
electron
4
simplesamlphp/simplesamlphp
4
@openzeppelin/contracts-upgradeable
3
github.com/canonical/lxd
3
org.graylog2:graylog2-server
3
go.etcd.io/etcd/v3
3
bin-links
3
keystone
3
ckb
3
librenms/librenms
3
github.com/cosmos/cosmos-sdk
3
october/system
3
risc0-zkvm
3
nokogiri
3
angular
3
aiohttp
3
aws-cdk-lib
3
langchain
3
apache-airflow
3
org.apache.hive:hive-service
3
sudo-rs
3
passenger
3
django
3
org.apache.hive:hive
3
mattermost-desktop
3
gradio
3
nautobot
3
matrix-synapse
3
surrealdb
3
github.com/docker/docker
3
directus
3
com.vaadin:vaadin-bom
3
twig/twig
3
github.com/grafana/grafana
3
typo3/cms-install
3
node-forge
3
typo3/cms-backend
3
typo3/cms-frontend
2
@openzeppelin/contracts
2
juzaweb/cms
2
Umbraco.Forms
2
parse-server
2
OctoPrint
2
weblate
2
github.com/nats-io/nats-server/v2
2
node-ipc
2
org.apache.tomcat:tomcat-catalina
2
joomla/joomla-cms
2
go.etcd.io/etcd/client/v3
2
org.apache.hive:hive-exec
2
drupal/drupal
2
github.com/ntbosscher/gobase
2
wagtail
2
tokio
2
drupal/core
2
express
2
s2n-quic
2
Zope
2
com.xuxueli:xxl-sso
2
org.jenkins-ci.plugins:ghprb
2
agnai
2
org.jenkins-ci.plugins:repository-connector
2
tribalsystems/zenario
2
org.apache.hadoop:hadoop-common
2
@keystone-6/core
2
freewvs
2
guarddog
2
@apollo/server
2
github.com/containerd/containerd
2
org.jenkins-ci.plugins:wso2id-oauth
2
sylius/sylius
2
october/cms
2
risc0-circuit-rv32im
2
grumpydictator/firefly-iii
2
vllm
2
github.com/hashicorp/nomad
2
gilacms/gila
2
braces
2
com.ruoyi:ruoyi
2
com.inedo.proget:inedo-proget
2
winter/wn-backend-module
2
horizon
2
symfony/security-http
2
org.jenkins-ci.plugins:artifactory
2
ezsystems/ezplatform-kernel
2
github.com/Ackites/KillWxapkg
2
mautic/core
2
org.bouncycastle:bc-fips
2
fiora
2
hackney
2
dolibarr/dolibarr
2
ceph-deploy
2
org.eclipse.jetty:jetty-server
2
glance
2
vaultwarden
2
Nova
2
org.keycloak:keycloak-ldap-federation
2
matrix-appservice-irc
2
vite
2
craftcms/cms
2
org.jenkins-ci.plugins:mercurial
2
com.xuxueli:xxl-job-core
2
sequoia-openpgp
2
yeswiki/yeswiki
2
github.com/answerdev/answer
2
Weblate
2
python-keystoneclient
2
s2n-tls
2
tuf
2
plone
2
org.jenkins-ci.plugins:azure-ad
2
github.com/mutagen-io/mutagen
2
org.apache.activemq:activemq-parent
2
vantage6-server
2
cargo
2
@lodestar/reqresp
2
@sveltejs/kit
2
github.com/cometbft/cometbft
2
github.com/apache/incubator-answer
2
Flask-Security-Too
2
tools.devnull:build-notifications
2
ezsystems/ezpublish-kernel
2
org.eclipse.jetty:jetty-servlets
2
serve-static
2
salt
2
statamic/cms
2
github.com/authelia/authelia/v4
2
github.com/opencontainers/runc
2
@eslint/plugin-kit
2
org.jenkins-ci.plugins:bigpanda-jenkins
2
shescape
2
github.com/goharbor/harbor
2
github.com/1Panel-dev/1Panel
2
Filter by Repository
https://github.com/tensorflow/tensorflow
105
https://github.com/moodle/moodle
19
https://github.com/concretecms/concretecms
14
https://github.com/vyperlang/vyper
12
https://github.com/TYPO3/typo3
12
https://github.com/shopware/platform
12
https://github.com/mattermost/mattermost
12
https://github.com/octobercms/october
10
https://github.com/openstack/nova
10
https://github.com/ethyca/fides
9
https://github.com/alkacon/opencms-core
9
https://github.com/etcd-io/etcd
8
https://github.com/umbraco/Umbraco-CMS
8
https://github.com/VulnSageAgent/PoCs
8
https://github.com/keycloak/keycloak
8
https://github.com/jenkinsci/jenkins
8
https://github.com/bytecodealliance/wasmtime
8
https://github.com/eclipse/jetty.project
7
https://github.com/xwiki/xwiki-platform
7
https://github.com/symfony/symfony
7
https://github.com/phpmyadmin/phpmyadmin
7
https://github.com/nodejs/undici
7
https://github.com/kubernetes/kubernetes
7
https://github.com/rails/rails
6
https://github.com/ansible/ansible
6
https://github.com/apache/airflow
6
https://github.com/apache/tomcat
6
https://github.com/cilium/cilium
6
https://github.com/vantage6/vantage6
6
https://github.com/liferay/liferay-portal
6
https://github.com/baserproject/basercms
5
https://github.com/silverstripe/silverstripe-framework
5
https://github.com/ImageMagick/ImageMagick
5
https://github.com/puppetlabs/puppet
5
https://github.com/vercel/next.js
5
https://github.com/helm/helm
5
https://github.com/rack/rack
5
https://github.com/rails/rails-html-sanitizer
5
https://github.com/sweetalert2/sweetalert2
5
https://github.com/indutny/elliptic
5
https://github.com/shopware/shopware
5
https://github.com/electron/electron
4
https://github.com/WeblateOrg/weblate
4
https://github.com/vaadin/platform
4
https://github.com/wintercms/winter
4
https://github.com/authzed/spicedb
4
https://github.com/simplesamlphp/simplesamlphp
4
https://github.com/pyca/cryptography
4
https://github.com/risc0/risc0
3
https://github.com/nautobot/nautobot
3
https://github.com/matrix-org/synapse
3
https://github.com/Graylog2/graylog2-server
3
https://github.com/surrealdb/surrealdb
3
https://github.com/cometbft/cometbft
3
https://github.com/openstack/keystone
3
https://gitlab.com/sequoia-pgp/sequoia
3
https://github.com/digitalbazaar/forge
3
https://github.com/aio-libs/aiohttp
3
https://github.com/cosmos/cosmos-sdk
3
https://github.com/aws/aws-cdk
3
https://github.com/zenml-io/zenml
3
https://github.com/bcgit/bc-java
3
https://github.com/twigphp/Twig
3
https://github.com/librenms/librenms
3
https://github.com/django/django
3
https://github.com/phusion/passenger
3
https://sourceforge.net/projects/phpmyadmin.sourceforge.net
3
https://github.com/canonical/lxd
3
https://github.com/directus/directus
3
https://github.com/sparklemotion/nokogiri
3
https://github.com/Byron/gitoxide
3
https://github.com/nervosnetwork/ckb
3
https://github.com/CVEProject/cvelist
3
https://github.com/vaadin/flow
3
https://github.com/moby/moby
3
https://github.com/sigstore/cosign
2
https://github.com/vitejs/vite
2
https://github.com/parse-community/parse-server
2
https://github.com/Cyber-Wo0dy/report
2
https://github.com/sveltejs/kit
2
https://github.com/ChainSafe/lodestar
2
https://github.com/xuxueli/xxl-job
2
https://github.com/theupdateframework/python-tuf
2
https://github.com/wagtail/wagtail
2
https://github.com/Leantime/leantime
2
https://github.com/jenkinsci/ec2-plugin
2
https://github.com/apache/kylin
2
https://github.com/OpenZeppelin/openzeppelin-contracts
2
https://github.com/Sylius/Sylius
2
https://github.com/hashicorp/nomad
2
https://github.com/huggingface/transformers
2
https://github.com/trifectatechfoundation/sudo-rs
2
https://github.com/craftcms/cms
2
https://github.com/Upsonic/Upsonic
2
https://github.com/micromatch/braces
2
https://github.com/aws/s2n-tls
2
https://github.com/umbraco/Umbraco.Forms.Issues
2
https://github.com/AcademySoftwareFoundation/MaterialX
2
https://github.com/benoitc/hackney
2
https://github.com/dpgaspar/Flask-AppBuilder
2
https://github.com/ezsystems/ezplatform-kernel
2
https://github.com/saltstack/salt
2
https://github.com/YesWiki/yeswiki
2
https://github.com/octoprint/octoprint
2
https://github.com/1Panel-dev/1Panel
2
https://github.com/quarkusio/quarkus
2
https://github.com/firefly-iii/firefly-iii
2
https://github.com/ShenxiuSec/cve-proofs
2
https://github.com/statamic/cms
2
https://github.com/expressjs/express
2
https://github.com/traefik/traefik
2
https://github.com/dbt-labs/dbt-core
2
https://github.com/schokokeksorg/freewvs
2
https://github.com/ceph/ceph-deploy
2
https://github.com/DataDog/guarddog
2
https://github.com/dfns/cggmp21
2
https://github.com/ntbosscher/gobase
2
https://github.com/gradio-app/gradio
2
https://github.com/opencontainers/runc
2
https://github.com/ericcornelissen/shescape
2
https://github.com/opencontainers/distribution-spec
2
https://github.com/rust-lang/cargo
2
https://github.com/zopefoundation/Zope
2
https://github.com/powsybl/powsybl-core
2
https://github.com/apache/activemq
2
https://github.com/nextauthjs/next-auth
2
https://github.com/Alexhuszagh/rust-lexical
2
https://github.com/langchain-ai/langchain
2
https://github.com/mutagen-io/mutagen
2
https://github.com/containers/podman
2
https://github.com/nats-io/nats-server
2
https://github.com/mautic/mautic
2
https://github.com/eslint/rewrite
2
https://github.com/Flask-Middleware/flask-security
2
https://github.com/containerd/containerd
2
https://github.com/keystonejs/keystone
2
https://github.com/openstack/horizon
2
https://github.com/expressjs/serve-static
2
https://github.com/opencast/opencast
2
https://github.com/RIAEvangelist/node-ipc
2
https://github.com/Exiv2/exiv2
2
https://github.com/agnaistic/agnai
2
https://github.com/Dolibarr/dolibarr
2
https://github.com/goharbor/harbor
2
https://github.com/apollographql/apollo-server
2
https://github.com/dnnsoftware/Dnn.Platform
2
https://github.com/tokio-rs/tokio
2
https://github.com/microweber/microweber
2
https://github.com/aws/s2n-quic
2
https://github.com/vllm-project/vllm
2
https://github.com/apache/druid
2
https://github.com/GilaCMS/gila
2
https://github.com/matrix-org/matrix-appservice-irc
2
https://github.com/authelia/authelia
2
https://github.com/Ackites/KillWxapkg
2
https://github.com/answerdev/answer
2
https://github.com/dani-garcia/vaultwarden
2
https://github.com/apache/ranger
1
https://github.com/moment/moment-timezone
1
https://github.com/topgrade-rs/topgrade
1
https://github.com/gsemac/Gsemac.Common
1
https://github.com/tendermint/tendermint
1
https://github.com/parallaxsecond/parsec
1
https://github.com/python-pillow/Pillow
1
https://github.com/veraPDF/veraPDF-library
1
https://github.com/runatlantis/atlantis
1
https://github.com/personnummer/java
1
https://github.com/jenkinsci/parameterized-trigger-plugin
1
https://github.com/rust-ammonia/ammonia
1
https://github.com/bytecodealliance/cap-std
1
https://github.com/risc0/risc0-ethereum
1
https://github.com/step-security/harden-runner
1
https://github.com/petergoldstein/dalli
1
https://github.com/syncthing/syncthing
1
https://github.com/rust-x-bindings/rust-xcb
1
https://github.com/apache/incubator-seata
1
https://github.com/jenkinsci/aws-device-farm-plugin
1
https://github.com/apache/maven-archetype
1
https://github.com/C2FO/fast-csv
1
https://github.com/aws/aws-dynamodb-encryption-python
1
https://github.com/maboroshinokiseki/scsir
1
https://gitlab.com/gitlab-org/cves
1
https://github.com/personnummer/rust
1
https://github.com/FirebaseExtended/firepad
1
https://github.com/geyang/ml-logger
1
https://github.com/auth0/lock
1
https://github.com/ipython/ipython
1
https://github.com/Unitech/pm2
1
https://github.com/pterodactyl/panel
1
https://github.com/artifacthub/hub
1
https://github.com/sbt/sbt
1
https://github.com/Icinga/ipl-web
1
https://github.com/apache/nifi
1
https://github.com/alphagov/tech-docs-gem
1
https://github.com/erelsgl/limdu
1
https://github.com/cloudflare/tableflip
1
https://github.com/sjwall/mdx-mermaid
1
https://github.com/joomla/joomla-cms
1
https://github.com/personnummer/js
1