Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories

Browse all Security Advisories for

Loading...
High
GSA_kwCzR0hTQS0yN3dmLTU5NjctOThneM4ABBo7
Kubernetes kubelet arbitrary command execution
Ecosystems: go
Packages: k8s.io/kubernetes
Source: GitHub Advisory Database
Blast Radius: 34.9
Published: about 12 hours ago
Low
GSA_kwCzR0hTQS1tcjk1LXZmY2YtZng5cM4ABBnu
Apache Answer: Predictable Authorization Token Using UUIDv1
Ecosystems: go
Packages: github.com/apache/incubator-answer
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 12 hours ago
Moderate
GSA_kwCzR0hTQS1wcWhwLTI1ajQtNmhxOc4ABBnm
smol-toml has a Denial of Service via malicious TOML document using deeply nested inline tables
Ecosystems: npm
Packages: smol-toml
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 13 hours ago
Moderate
GSA_kwCzR0hTQS12NWgyLXEydzQtZ3BjeM4ABBnl
Sentry improper error handling leaks Application Integration Client Secret
Ecosystems: pypi
Packages: sentry
Source: GitHub Advisory Database
Blast Radius: 12.3
Published: about 13 hours ago
High
GSA_kwCzR0hTQS04dzQ5LWg3ODUtbWozY84ABBnk
Tornado has an HTTP cookie parsing DoS vulnerability
Ecosystems: pypi
Packages: tornado
Source: GitHub Advisory Database
Blast Radius: 37.9
Published: about 13 hours ago
Moderate
GSA_kwCzR0hTQS1tNTJ2LTI0cDgtNjU0Zs4ABBnj
SurrealDB has an Uncaught Exception Sorting Tables by Random Order
Ecosystems: cargo
Packages: surrealdb-core, surrealdb
Source: GitHub Advisory Database
Blast Radius: 14.3
Published: about 13 hours ago
Moderate
GSA_kwCzR0hTQS1qYzU1LTI0NmMtcjg4Zs4ABBni
SurrealDB has an Uncaught Exception Handling Nonexistent Role
Ecosystems: cargo
Packages: surrealdb-core, surrealdb
Source: GitHub Advisory Database
Blast Radius: 10.8
Published: about 13 hours ago
Moderate
GSA_kwCzR0hTQS1oNGY1LWg4MnYtNXc0cs4ABBnh
SurrealDB has an Uncaught Exception in Function Generating Random Time
Ecosystems: cargo
Packages: surrealdb-core, surrealdb
Source: GitHub Advisory Database
Blast Radius: 14.3
Published: about 13 hours ago
Moderate
GSA_kwCzR0hTQS00OWNjLXhyamYtOXFmN84ABBnE
SFTPGo allows administrators to restrict command execution from the EventManager
Ecosystems: go
Packages: github.com/drakkan/sftpgo/v2
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 1 day ago
High
GSA_kwCzR0hTQS1ybXhnLTZxcWYteDhtcs4ABBnD
GeoNode Server Side Request forgery
Ecosystems: pypi
Packages: geonode
Source: GitHub Advisory Database
Blast Radius: 10.4
Published: 1 day ago
High
GSA_kwCzR0hTQS01Y3BoLXd2bTktNDVnas4ABBnC
Flowise OverrideConfig security vulnerability
Ecosystems: npm
Packages: flowise
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 1 day ago
High
GSA_kwCzR0hTQS1oajN3LXdyaDQtNDR2cM4ABBnB
LLama Factory Remote OS Command Injection Vulnerability
Ecosystems: pypi
Packages: llamafactory
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 1 day ago
Moderate
GSA_kwCzR0hTQS1qaDZ4LTd4ZmctOWNxMs4ABBmw
Searching Opencast may cause a denial of service
Ecosystems: maven
Packages: org.opencastproject:opencast-elasticsearch-impl
Source: GitHub Advisory Database
Blast Radius: 9.7
Published: 2 days ago
High
GSA_kwCzR0hTQS1namNjLWp2Z3ctd3Z3as4ABBmv
Litestar allows unbounded resource consumption (DoS vulnerability)
Ecosystems: pypi
Packages: litestar
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 days ago
High
GSA_kwCzR0hTQS13cHZmLTVtYzMtaHY2bc4ABBmm
Querydsl SQL/HQL injection
Ecosystems: maven
Packages: io.github.openfeign.querydsl:querydsl-apt, io.github.openfeign.querydsl:querydsl-jpa, com.querydsl:querydsl-apt, com.querydsl:querydsl-jpa
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 days ago
Moderate
GSA_kwCzR0hTQS1yNHBnLXZnNTQtd3h4NM4ABBmY
cert-manager ha a potential slowdown / DoS when parsing specially crafted PEM inputs
Ecosystems: go
Packages: github.com/cert-manager/cert-manager
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 days ago
Moderate
GSA_kwCzR0hTQS05YzVwLTM1Z2otanFwNM4ABBlz
Rancher Helm Applications may have sensitive values leaked
Ecosystems: go
Packages: github.com/rancher/rancher
Source: GitHub Advisory Database
Blast Radius: 9.9
Published: 3 days ago
Moderate
GSA_kwCzR0hTQS1mZnAyLThwMmgtNG01as4ABBly
Password Pusher rate limiter can be bypassed by forging proxy headers
Ecosystems: rubygems
Packages: pwpush
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 days ago
High
GSA_kwCzR0hTQS03MjI1LW05NTQtMjN2N84ABBlx
ASA-2024-010: cosmossdk.io/math: Mismatched bit-length validation in sdk.Int and sdk.Dec can lead to panic
Ecosystems: go
Packages: cosmossdk.io/math
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 days ago
High
GSA_kwCzR0hTQS1qNWhxLTVqY3IteHd4N84ABBlw
github.com/rancher/steve's users can issue watch commands for arbitrary resources
Ecosystems: go
Packages: github.com/rancher/steve
Source: GitHub Advisory Database
Blast Radius: 15.5
Published: 3 days ago
Moderate
GSA_kwCzR0hTQS14ZnY3LWgycWctcmptN84ABBlL
Moodle Lesson activity password bypass through PHP loose comparison
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 7.6
Published: 3 days ago
Moderate
GSA_kwCzR0hTQS1yNHhyLW0zOTMtNzc4bc4ABBlP
Moodle IDOR when accessing list of course badges
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 6.1
Published: 3 days ago
Moderate
GSA_kwCzR0hTQS1maGcyLXIyaDktaDdxOM4ABBlV
Moodle IDOR when deleting OAuth2 linked accounts
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 days ago
Moderate
GSA_kwCzR0hTQS1qNHYzLXd3d3gtNWdxds4ABBli
django Filer Unrestricted Upload of File with Dangerous Type
Ecosystems: pypi
Packages: django-filer
Source: GitHub Advisory Database
Blast Radius: 16.7
Published: 3 days ago
Moderate
GSA_kwCzR0hTQS1qODIyLXg1Z2ctNXI1Ns4ABBlQ
Moodle allows users to retrieve information they did not have permission to access
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 days ago
Moderate
GSA_kwCzR0hTQS12eGN2LTR4dmYtcGMyMs4ABBle
django CMS Attributes Field Cross-site Scripting
Ecosystems: pypi
Packages: djangocms-attributes-field
Source: GitHub Advisory Database
Blast Radius: 17.3
Published: 3 days ago
High
GSA_kwCzR0hTQS01amZ3LWdxNjQtcTQ1Zs4ABBj9
HTML Cleaner allows crafted scripts in special contexts like svg or math to pass through
Ecosystems: pypi
Packages: lxml-html-clean
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 4 days ago
Moderate
GSA_kwCzR0hTQS1ocnhoLTl3NjctZzRjds4ABBj8
Rclone has Improper Permission and Ownership Handling on Symlink Targets with --links and --metadata
Ecosystems: go
Packages: github.com/rclone/rclone
Source: GitHub Advisory Database
Blast Radius: 9.0
Published: 4 days ago
Moderate
GSA_kwCzR0hTQS1tNXZ2LTdqeGMtOHA2eM4ABBgP
Redaxo Core CMS Cross Site Scripting (XSS)
Ecosystems: packagist
Packages: redaxo/source
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 days ago
Moderate
GSA_kwCzR0hTQS1wN2Y2LThtY20tZnd2M84ABBfv
Statamic CMS has a Path Traversal in Asset Upload
Ecosystems: packagist
Packages: statamic/cms
Source: GitHub Advisory Database
Blast Radius: 13.7
Published: 4 days ago
Moderate
GSA_kwCzR0hTQS0yeDJnLTMycjctcDR4OM4ABBff
Apache Kafka Clients: Privilege escalation to filesystem read-access via automatic ConfigProvider
Ecosystems: maven
Packages: org.apache.kafka:kafka-clients
Source: GitHub Advisory Database
Blast Radius: 28.0
Published: 4 days ago
Low
GSA_kwCzR0hTQS1nODV2LXdmMjctNjd4Y84ABBec
Harden-Runner has a command injection weaknesses in `setup.ts` and `arc-runner.ts`
Ecosystems: actions
Packages: step-security/harden-runner
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 4 days ago
Moderate
GSA_kwCzR0hTQS04NDk1LTRnM2cteDdwcs4ABBeU
aiohttp allows request smuggling due to incorrect parsing of chunk extensions
Ecosystems: pypi
Packages: aiohttp
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 5 days ago
Moderate
GSA_kwCzR0hTQS0yN21mLWdocW0tajNqOM4ABBeT
aiohttp has a memory leak when middleware is enabled when requesting a resource with a non-allowed method
Ecosystems: pypi
Packages: aiohttp
Source: GitHub Advisory Database
Blast Radius: 36.2
Published: 5 days ago
Moderate
GSA_kwCzR0hTQS1qcDM3LTVxaHctbWZmd84ABBeS
Sharks has a Bias of Polynomial Coefficients in Secret Sharing
Ecosystems: cargo
Packages: sharks
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 5 days ago
High
GSA_kwCzR0hTQS12Z2dtLTM0Nzgtdm01bc4ABBeR
Graylog concurrent PDF report rendering can leak other users' reports
Ecosystems: maven
Packages: org.graylog:graylog-parent
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 5 days ago
High
GSA_kwCzR0hTQS03Y2M5LWo0bXYtdmNqcM4ABBeQ
XXE in PHPSpreadsheet's XLSX reader
Ecosystems: packagist
Packages: phpoffice/phpspreadsheet
Source: GitHub Advisory Database
Blast Radius: 32.3
Published: 5 days ago
High
GSA_kwCzR0hTQS1qdzR4LXY2OWYtaGg1d84ABBeP
XmlScanner bypass leads to XXE
Ecosystems: packagist
Packages: phpoffice/phpspreadsheet
Source: GitHub Advisory Database
Blast Radius: 32.3
Published: 5 days ago
Critical
GSA_kwCzR0hTQS1tMjZjLWZjZ2gtY3A2aM4ABBeO
cobbler allows anyone to connect to cobbler XML-RPC server with known password and make changes
Ecosystems: pypi
Packages: cobbler
Source: GitHub Advisory Database
Blast Radius: 10.2
Published: 5 days ago
Moderate
GSA_kwCzR0hTQS1mNjMyLTk0NDktM2o0d84ABBdK
Apache Tomcat - XSS in generated JSPs
Ecosystems: maven
Packages: org.apache.tomcat:tomcat-jasper
Source: GitHub Advisory Database
Blast Radius: 23.2
Published: 5 days ago
Moderate
GSA_kwCzR0hTQS1jcTVmLXd2N3AtNWdmY84ABBdI
Moodle leaks user names
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 6.1
Published: 5 days ago
Moderate
GSA_kwCzR0hTQS14M3g5LTM0OXgtMjQ4Nc4ABBdA
moodle: IDOR in edit/delete RSS feed
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 9.2
Published: 5 days ago
Moderate
GSA_kwCzR0hTQS1manE5LTQ1Mmctamczcc4ABBdJ
moodle: Some users can delete audiences of other reports
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 9.2
Published: 5 days ago
Moderate
GSA_kwCzR0hTQS1xdmY1LWh2angtd20yN84ABBdF
Apache Tomcat Request and/or response mix-up
Ecosystems: maven
Packages: org.apache.tomcat:tomcat-coyote, org.apache.tomcat.embed:tomcat-embed-core
Source: GitHub Advisory Database
Blast Radius: 27.0
Published: 5 days ago
Moderate
GSA_kwCzR0hTQS1ndjVoLTU2NTUtaDRtds4ABBc_
django CMS Cross-Site Scripting (XSS)
Ecosystems: pypi
Packages: django-cms
Source: GitHub Advisory Database
Blast Radius: 11.9
Published: 5 days ago
Critical
GSA_kwCzR0hTQS14Y3ByLTdtcjQtaDR4cc4ABBdD
Apache Tomcat - Authentication Bypass
Ecosystems: maven
Packages: org.apache.tomcat:tomcat-catalina
Source: GitHub Advisory Database
Blast Radius: 36.7
Published: 5 days ago
Moderate
GSA_kwCzR0hTQS1tZzU0LXAyd2otNXBoN84ABBdH
moodle: IDOR when fetching report schedules
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 6.1
Published: 5 days ago
Moderate
GSA_kwCzR0hTQS0zd2Y0LTY4Z3gtbXBoOM4ABBdB
Firebase JavaScript SDK allows attackers to manipulate the "_authTokenSyncURL" to point to their own server
Ecosystems: npm
Packages: firebase
Source: GitHub Advisory Database
Blast Radius: 29.0
Published: 5 days ago
Moderate
GSA_kwCzR0hTQS13M2M4LTdyOGYtOWpwOM4ABBcJ
Spring MVC controller vulnerable to a DoS attack
Ecosystems: maven
Packages: org.springframework:spring-webmvc
Source: GitHub Advisory Database
Blast Radius: 28.4
Published: 5 days ago
High
GSA_kwCzR0hTQS1oN3dxLWpqOHItcW03cM4ABBb-
Kubernetes Nil pointer dereference in KCM after v1 HPA patch request
Ecosystems: go
Packages: k8s.io/kubernetes
Source: GitHub Advisory Database
Blast Radius: 33.2
Published: 6 days ago
High
GSA_kwCzR0hTQS0zanJ2LWpncDgtNDV2M84ABBcA
Undertow incorrectly parses cookies
Ecosystems: maven
Packages: io.undertow:undertow-core
Source: GitHub Advisory Database
Blast Radius: 27.5
Published: 6 days ago
Moderate
GSA_kwCzR0hTQS1odnc1LTNtZ3ctN3JjZs4ABBb_
Debezium database connector has a script injection vulnerability
Ecosystems: maven
Packages: io.debezium:debezium-core, io.debezium:debezium-connector-sqlserver, io.debezium:debezium-connector-mysql
Source: GitHub Advisory Database
Blast Radius: 16.4
Published: 6 days ago
Moderate
GSA_kwCzR0hTQS0ycHBmLTJtNmYtNnY2Zs4ABBb9
OpenStack improperly deletes access rules
Ecosystems: pypi
Packages: python-openstackclient
Source: GitHub Advisory Database
Blast Radius: 15.0
Published: 6 days ago
High
GSA_kwCzR0hTQS04Zmg0LTk0MnItamYyZ84ABBab
LibreNMS has a Stored XSS ('Cross-site Scripting') in librenms/includes/html/pages/device/services.inc.php
Ecosystems: packagist
Packages: librenms/librenms
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: 8 days ago
Low
GSA_kwCzR0hTQS03cTdnLTR4bTgtODljcc4ABBaa
Regular Expression Denial of Service (ReDoS) in @eslint/plugin-kit
Ecosystems: npm
Packages: @eslint/plugin-kit
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 8 days ago
High
GSA_kwCzR0hTQS1waG00LXdmM2gtcGMzcs4ABBaC
Unpatched Remote Code Execution in Gogs
Ecosystems: go
Packages: gogs.io/gogs
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 8 days ago
Critical
GSA_kwCzR0hTQS14NjQ1LTZwZjkteHd4d84ABBZK
LibreNMS has an Authenticated OS Command Injection
Ecosystems: packagist
Packages: librenms/librenms
Source: GitHub Advisory Database
Blast Radius: 2.7
Published: 8 days ago
High
GSA_kwCzR0hTQS1ndjRtLWY2ZngtODU5eM4ABBZJ
LibreNMS has a Stored XSS ('Cross-site Scripting') in librenms/includes/html/print-customoid.php
Ecosystems: packagist
Packages: librenms/librenms
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: 8 days ago
High
GSA_kwCzR0hTQS0yOHA3LWY2aDYtM2poM84ABBZI
LibreNMS has a Reflected XSS ('Cross-site Scripting') in librenms/includes/html/pages/wireless.inc.php
Ecosystems: packagist
Packages: librenms/librenms
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: 8 days ago
High
GSA_kwCzR0hTQS1wNjZxLXBwd3ItcTVqOM4ABBZH
LibreNMS has a Stored XSS ('Cross-site Scripting') in librenms/includes/html/dev-overview-data.inc.php
Ecosystems: packagist
Packages: librenms/librenms
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: 8 days ago
High
GSA_kwCzR0hTQS03NjYzLTM3cmctYzM3N84ABBZG
LibreNMS has a Stored XSS ('Cross-site Scripting') in librenms/app/Http/Controllers/Table/EditPortsController.php
Ecosystems: packagist
Packages: librenms/librenms
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: 8 days ago
High
GSA_kwCzR0hTQS00bTVyLXcycnEtcTU0cc4ABBZF
LibreNMS has a Persistent XSS from Insecure Input Sanitization Affects Multiple Endpoints
Ecosystems: packagist
Packages: librenms/librenms
Source: GitHub Advisory Database
Blast Radius: 2.2
Published: 8 days ago
High
GSA_kwCzR0hTQS1xcjhmLTVxcWctajN3Z84ABBZE
LibreNMS has a Stored XSS ('Cross-site Scripting') in librenms/includes/html/pages/device/overview/services.inc.php
Ecosystems: packagist
Packages: librenms/librenms
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: 8 days ago
High
GSA_kwCzR0hTQS12N3c5LTYzeGgtNnIzd84ABBZD
LibreNMS has a Reflected XSS ('Cross-site Scripting') in librenms/includes/functions.php
Ecosystems: packagist
Packages: librenms/librenms
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: 8 days ago
High
GSA_kwCzR0hTQS14aDRnLWM5cDYtNWp4Z84ABBY1
LibreNMS has a Stored XSS ('Cross-site Scripting') in librenms/app/Http/Controllers/Table/EditPortsController.php
Ecosystems: packagist
Packages: librenms/librenms
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: 8 days ago
High
GSA_kwCzR0hTQS1ybXI0LXg2YzktamM2OM4ABBY0
LibreNMS has a Stored XSS ('Cross-site Scripting') in librenms/includes/html/pages/device/capture.inc.php
Ecosystems: packagist
Packages: librenms/librenms
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: 8 days ago
High
GSA_kwCzR0hTQS04ODhqLXBqcWgtZng1OM4ABBYz
Stored XSS ('Cross-site Scripting') in librenms/includes/html/pages/edituser.inc.php
Ecosystems: packagist
Packages: librenms/librenms
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: 8 days ago
Moderate
GSA_kwCzR0hTQS1jODZxLXJqMzctOGY4Nc4ABBYy
LibreNMS has a stored XSS in ExamplePlugin with Device's Notes
Ecosystems: packagist
Packages: librenms/librenms
Source: GitHub Advisory Database
Blast Radius: 2.0
Published: 8 days ago
High
GSA_kwCzR0hTQS1nZndyLXhxbWotajI3ds4ABBYx
LibreNMS has a stored XSS ('Cross-site Scripting') in librenms/includes/html/pages/api-access.inc.php
Ecosystems: packagist
Packages: librenms/librenms
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: 8 days ago
Moderate
GSA_kwCzR0hTQS05OXc4LWM1ZjYtOTZwcM4ABBYh
CSRF leading to delete account in wallabag/wallabag
Ecosystems: packagist
Packages: wallabag/wallabag
Source: GitHub Advisory Database
Blast Radius: 4.5
Published: 8 days ago
Moderate
GSA_kwCzR0hTQS01cjJnLTU5cHgtM3E5d84ABBYl
Stored XSS using two files in usememos/memos
Ecosystems: go
Packages: github.com/usememos/memos
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 8 days ago
Critical
GSA_kwCzR0hTQS0zdmpoLXhyaGYtdjl4aM4ABBYa
Improper Restriction of XML External Entity Reference in dompdf/dompdf
Ecosystems: packagist
Packages: dompdf/dompdf
Source: GitHub Advisory Database
Blast Radius: 42.6
Published: 8 days ago
Moderate
GSA_kwCzR0hTQS1yNzM1LTlnYzYtMmh2cc4ABBYj
Cross-site Scripting (XSS) - DOM in janeczku/calibre-web
Ecosystems: pypi
Packages: calibreweb
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 8 days ago
Critical
GSA_kwCzR0hTQS01NzdwLTdqN2gtMmpnZs4ABBYY
Deserialization of Untrusted Data in dompdf/dompdf
Ecosystems: packagist
Packages: dompdf/dompdf
Source: GitHub Advisory Database
Blast Radius: 42.6
Published: 8 days ago
Moderate
GSA_kwCzR0hTQS1tOTgyLWg0ZjgtZzRoZs4ABBYf
Generation of Error Message Containing Sensitive Information in janeczku/calibre-web
Ecosystems: pypi
Packages: calibreweb
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 8 days ago
Moderate
GSA_kwCzR0hTQS1majV2LXcyanAtd3F2as4ABBYg
Improper Access Control in janeczku/calibre-web
Ecosystems: pypi
Packages: calibreweb
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 8 days ago
Moderate
GSA_kwCzR0hTQS13cHByLWo1N2MtOGpwbc4ABBYo
Improper Authorization in dolibarr/dolibarr
Ecosystems: packagist
Packages: dolibarr/dolibarr
Source: GitHub Advisory Database
Blast Radius: 3.3
Published: 8 days ago
Moderate
GSA_kwCzR0hTQS1oaHZyLTJxNjktNDU2M84ABBYe
Cross site scripting in sylius/sylius
Ecosystems: packagist
Packages: sylius/sylius
Source: GitHub Advisory Database
Blast Radius: 11.8
Published: 8 days ago
High
GSA_kwCzR0hTQS00NmMzLTV4YzUtd3dods4ABBYW
Apache Airflow: Sensitive configuration values are not masked in the logs by default
Ecosystems: pypi
Packages: airflow
Source: GitHub Advisory Database
Blast Radius: 14.1
Published: 8 days ago
Moderate
GSA_kwCzR0hTQS1xMjk3LTVmZjgtaGM5Ms4ABBYN
FitNesse Path Traversal
Ecosystems: maven
Packages: org.fitnesse:fitnesse
Source: GitHub Advisory Database
Blast Radius: 14.5
Published: 8 days ago
Moderate
GSA_kwCzR0hTQS1wZzgyLTl3MzUtM3czcs4ABBYR
FitNesse Cross-site scripting
Ecosystems: maven
Packages: org.fitnesse:fitnesse
Source: GitHub Advisory Database
Blast Radius: 16.7
Published: 8 days ago
Moderate
GSA_kwCzR0hTQS1wandtLWNyMzYtbXd2M84ABBXw
ReDoS in giskard's transformation.py (GHSL-2024-324)
Ecosystems: pypi
Packages: giskard
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 8 days ago
Moderate
GSA_kwCzR0hTQS1qM3ZxLXBtcDUtcjV4as4ABBXQ
Missing ratelimit on passwrod resets in zenml
Ecosystems: pypi
Packages: zenml
Source: GitHub Advisory Database
Blast Radius: 8.9
Published: 9 days ago
Moderate
GSA_kwCzR0hTQS1qM3B4LXE5NWMtOTY4M84ABBW2
zlib-rs stack overflow during decompression with malicious input
Ecosystems: cargo
Packages: libz-rs-sys-cdylib, libz-rs-sys, zlib-rs
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 9 days ago
High
GSA_kwCzR0hTQS1wMmgyLTN2ZzktNHA4N84ABBW1
Connecting to a malicious Codespaces via GH CLI could allow command execution on the user's computer
Ecosystems: go
Packages: github.com/cli/cli, github.com/cli/cli/v2
Source: GitHub Advisory Database
Blast Radius: 12.6
Published: 9 days ago
High
GSA_kwCzR0hTQS1oZmY4LWhqd3YtajlxN84ABBW0
Remote Code Execution on click of <a> Link in markdown preview
Ecosystems: npm
Packages: joplin
Source: GitHub Advisory Database
Blast Radius: 11.0
Published: 9 days ago
Low
GSA_kwCzR0hTQS1ycDloLXJmN2ctaHdncs4ABBWz
s2n-tls has undefined behavior at process exit
Ecosystems: cargo
Packages: s2n-tls
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 9 days ago
High
GSA_kwCzR0hTQS1yODY0LTI4cHctODY4Ms4ABBWV
Harbor fails to validate the user permissions when updating p2p preheat policies
Ecosystems: go
Packages: github.com/goharbor/harbor/src, github.com/goharbor/harbor
Source: GitHub Advisory Database
Blast Radius: 11.0
Published: 9 days ago
Moderate
GSA_kwCzR0hTQS00Mjc3LW0zNXEtN2M5d84ABBVW
Salt preflight script could be attacker controlled
Ecosystems: pypi
Packages: salt
Source: GitHub Advisory Database
Blast Radius: 17.6
Published: 9 days ago
High
GSA_kwCzR0hTQS1wMnFxLWM2OTMtcTUzd84ABBVH
Restarting a run with revoked script approval allowed by Jenkins Pipeline: Declarative Plugin
Ecosystems: maven
Packages: org.jenkinsci.plugins:pipeline-model-parent
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 9 days ago
Moderate
GSA_kwCzR0hTQS1qdjgyLTc1ZmgtMjNyN84ABBVE
Missing permission check in Jenkins Script Security Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:script-security
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 9 days ago
High
GSA_kwCzR0hTQS04ODg2LTh2MjctODVqOM4ABBVK
Stored XSS vulnerability in Jenkins Authorize Project Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:authorize-project
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 9 days ago
High
GSA_kwCzR0hTQS1oMjNqLTczd3ctNzU5NM4ABBU_
Session fixation vulnerability in Jenkins OpenId Connect Authentication Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:oic-auth
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 9 days ago
High
GSA_kwCzR0hTQS1tcnByLXZyODIteDg4cs4ABBVF
Rebuilding a run with revoked script approval allowed by Jenkins Pipeline: Groovy Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins.workflow:workflow-cps
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 9 days ago
High
GSA_kwCzR0hTQS03ODQ1LWNyZmotcGhjNM4ABBVL
Script security bypass vulnerability in Jenkins Shared Library Version Override Plugin
Ecosystems: maven
Packages: io.jenkins.plugins:shared-library-version-override
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 9 days ago
High
GSA_kwCzR0hTQS04MjM3LTk1N2gtaDJjMs4ABBTt
FileManager Deserialization of Untrusted Data vulnerability
Ecosystems: packagist
Packages: backpack/filemanager
Source: GitHub Advisory Database
Blast Radius: 15.2
Published: 10 days ago
Moderate
GSA_kwCzR0hTQS1jZ3I0LWMyMzMtaDczM84ABBTs
UnoPim Stored XSS : Cookie hijacking through Create User function
Ecosystems: packagist
Packages: unopim/unopim
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 10 days ago
High
GSA_kwCzR0hTQS1jZzIzLXFmOGYtNjJycs4ABBTJ
Symfony has an Authentication Bypass via RememberMe
Ecosystems: packagist
Packages: symfony/security-http
Source: GitHub Advisory Database
Blast Radius: 32.9
Published: 10 days ago
Moderate
GSA_kwCzR0hTQS1qNGg2LWdjajctN3Y5ds4ABBTI
decidim-meetings Cross-site scripting vulnerability in the online or hybrid meeting embeds
Ecosystems: rubygems
Packages: decidim-meetings
Source: GitHub Advisory Database
Blast Radius: 19.2
Published: 10 days ago
High
GSA_kwCzR0hTQS14aGc2LTlqNWotdzR2Zs4ABBTC
DotNetZip Directory Traversal vulnerability
Ecosystems: nuget
Packages: ProDotNetZip, DotNetZip
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 10 days ago
Statistics
Advisories: 20,713
Packages: 9,066
Repositories: 5,542
Ecosystems: 12
Filter by Package
tensorflow 433 tensorflow-gpu 427 tensorflow-cpu 423 moodle/moodle 367 Microsoft.ChakraCore 247 magento/community-edition 235 org.jenkins-ci.main:jenkins-core 193 typo3/cms 174 org.apache.tomcat:tomcat 132 pimcore/pimcore 118 dolibarr/dolibarr 113 typo3/cms-core 106 Django 100 microweber/microweber 94 phpmyadmin/phpmyadmin 92 drupal/core 92 apache-airflow 85 silverstripe/framework 85 drupal/drupal 78 librenms/librenms 74 Plone 72 thorsten/phpmyfaq 70 com.fasterxml.jackson.core:jackson-databind 69 symfony/symfony 69 github.com/usememos/memos 64 ansible 63 github.com/mattermost/mattermost/server/v8 61 actionpack 60 concrete5/concrete5 60 salt 56 org.apache.struts:struts2-core 55 shopware/platform 52 apache-superset 51 org.keycloak:keycloak-core 51 github.com/grafana/grafana 49 nova 47 baserproject/basercms 47 craftcms/cms 46 com.liferay.portal:release.portal.bom 46 mlflow 46 django 44 nokogiri 43 rdiffweb 42 plone 41 showdoc/showdoc 40 shopware/core 40 intelliants/subrion 39 org.apache.tomcat.embed:tomcat-embed-core 38 froxlor/froxlor 38 vyper 38 github.com/rancher/rancher 38 mautic/core 37 github.com/mattermost/mattermost-server/v6 37 nilsteampassnet/teampass 37 org.xwiki.platform:xwiki-platform-oldcore 37 github.com/hashicorp/vault 37 com.thoughtworks.xstream:xstream 37 k8s.io/kubernetes 36 org.elasticsearch:elasticsearch 36 org.keycloak:keycloak-services 36 com.jfinal:jfinal 36 snipe/snipe-it 35 net.mingsoft:ms-mcms 35 moin 35 matrix-synapse 35 io.undertow:undertow-core 34 zendframework/zendframework1 34 github.com/answerdev/answer 34 gradio 34 org.jenkins-ci.plugins:script-security 33 keystone 32 github.com/argoproj/argo-cd 31 Pillow 31 opencv-contrib-python 31 parse-server 31 opencv-python 31 shopware/shopware 30 getgrav/grav 29 github.com/docker/docker 29 github.com/hashicorp/consul 29 mediawiki/core 28 github.com/hashicorp/nomad 28 github.com/argoproj/argo-cd/v2 27 centreon/centreon 27 openssl-src 26 electron 26 pillow 26 prestashop/prestashop 26 directus 26 org.keycloak:keycloak-parent 25 rubygems-update 25 gogs.io/gogs 25 org.apache.solr:solr-core 25 github.com/cilium/cilium 25 org.eclipse.jetty:jetty-server 24 magento/core 24 org.springframework.security:spring-security-core 24 contao/core-bundle 24 simplesamlphp/simplesamlphp 23 pocketmine/pocketmine-mp 23 puppet 23 zendframework/zendframework 23 remdex/livehelperchat 23 rack 23 grumpydictator/firefly-iii 23 org.bouncycastle:bcprov-jdk14 22 ckb 22 tribalsystems/zenario 22 getkirby/cms 22 Microsoft.AspNetCore.App.Runtime.win-x86 21 Microsoft.AspNetCore.App.Runtime.win-x64 21 org.apache.nifi:nifi 21 activerecord 21 @openzeppelin/contracts-upgradeable 21 org.apache.openmeetings:openmeetings-parent 21 glance 21 @openzeppelin/contracts 20 funadmin/funadmin 20 github.com/ethereum/go-ethereum 20 Microsoft.AspNetCore.App.Runtime.win-arm 20 org.cloudfoundry.identity:cloudfoundry-identity-server 20 laravel/framework 20 langchain 20 code.gitea.io/gitea 20 org.springframework:spring-core 19 github.com/goharbor/harbor 19 DotNetNuke.Core 19 org.xwiki.platform:xwiki-platform-web-templates 19 contao/contao 19 wasmtime 19 golang.org/x/net 18 Microsoft.AspNetCore.App.Runtime.win-arm64 18 Microsoft.AspNetCore.App.Runtime.osx-x64 18 Microsoft.AspNetCore.App.Runtime.linux-x64 18 Microsoft.AspNetCore.App.Runtime.linux-musl-x64 18 Microsoft.AspNetCore.App.Runtime.linux-arm64 18 Microsoft.AspNetCore.App.Runtime.linux-arm 18 com.vaadin:vaadin-bom 18 mercurial 18 cockpit-hq/cockpit 18 mindsdb 18 topthink/framework 18 github.com/traefik/traefik/v2 18 forkcms/forkcms 18 next 18 cobbler 18 com.liferay.portal:release.dxp.bom 18 notebook 17 helm.sh/helm/v3 17 cakephp/cakephp 17 symfony/security 17 Microsoft.AspNetCore.App.Runtime.linux-musl-arm64 17 ezsystems/ezpublish-kernel 17 francoisjacquet/rosariosis 17 org.apache.geode:geode-core 17 opencart/opencart 17 genix/cms 17 typo3/cms-backend 16 openmage/magento-lts 16 org.apache.jspwiki:jspwiki-main 16 github.com/zitadel/zitadel 16 tinymce 16 org.apache.dubbo:dubbo 16 PaddlePaddle 16 sequelize 16 yetiforce/yetiforce-crm 16 paddlepaddle 16 org.apache.activemq:activemq-client 16 phpbb/phpbb 16 pyload-ng 16 rusqlite 16 neutron 16 cryptography 16 org.bouncycastle:bcprov-jdk15 16 OctoPrint 15 ethyca-fides 15 smarty/smarty 15 calibreweb 15 symfony/security-http 15 ckeditor4 15 ghost 15 ec-cube/ec-cube 15 october/system 15 surrealdb 15 org.apache.struts.xwork:xwork-core 15 github.com/nats-io/nats-server/v2 14 lollms 14 camaleon_cms 14 org.apache.tomcat:tomcat-coyote 14 pyftpdlib 14 swagger-ui 14 activesupport 14 dompdf/dompdf 14 org.xwiki.platform:xwiki-platform-web 14 modoboa 14 github.com/containerd/containerd 14 feehi/cms 14 publify_core 14 silverstripe/cms 14 bolt/bolt 14
Filter by Repository
https://github.com/tensorflow/tensorflow 433 https://github.com/moodle/moodle 218 https://github.com/chakra-core/ChakraCore 214 https://github.com/xwiki/xwiki-platform 183 https://github.com/jenkinsci/jenkins 150 https://github.com/django/django 113 https://github.com/pimcore/pimcore 113 https://github.com/apache/tomcat 101 https://github.com/apache/airflow 100 https://github.com/microweber/microweber 88 https://github.com/keycloak/keycloak 74 https://github.com/TYPO3/typo3 74 https://github.com/FasterXML/jackson-databind 70 https://github.com/thorsten/phpmyfaq 69 https://github.com/librenms/librenms 66 https://github.com/symfony/symfony 64 https://github.com/usememos/memos 64 https://github.com/silverstripe/silverstripe-framework 64 https://github.com/rails/rails 59 https://github.com/ansible/ansible 58 https://github.com/Dolibarr/dolibarr 56 https://github.com/kubernetes/kubernetes 53 https://github.com/python-pillow/Pillow 52 https://github.com/apache/struts 46 https://github.com/spring-projects/spring-framework 45 https://github.com/shopware/platform 43 https://github.com/ikus060/rdiffweb 42 https://github.com/argoproj/argo-cd 42 https://github.com/concretecms/concretecms 41 https://github.com/grafana/grafana 41 https://github.com/vyperlang/vyper 38 https://github.com/star7th/showdoc 38 https://github.com/phpmyadmin/phpmyadmin 38 https://github.com/magento/magento2 38 https://github.com/plone/Products.CMFPlone 37 https://github.com/openstack/nova 37 https://github.com/x-stream/xstream 37 https://github.com/mautic/mautic 35 https://github.com/octobercms/october 35 https://github.com/craftcms/cms 34 https://github.com/saltstack/salt 34 https://github.com/rancher/rancher 34 https://github.com/answerdev/answer 34 https://github.com/dotnet/runtime 33 https://github.com/apache/activemq 33 https://github.com/opencv/opencv 32 https://github.com/matrix-org/synapse 32 https://github.com/sparklemotion/nokogiri 32 https://github.com/go-gitea/gitea 32 https://github.com/parse-community/parse-server 31 https://github.com/gradio-app/gradio 31 https://github.com/PaddlePaddle/Paddle 31 https://github.com/mlflow/mlflow 30 https://github.com/snipe/snipe-it 30 https://github.com/CVEProject/cvelist 28 https://github.com/openstack/keystone 28 https://github.com/shopware/shopware 28 https://github.com/apache/inlong 27 https://github.com/froxlor/froxlor 26 https://github.com/baserproject/basercms 26 https://github.com/github/advisory-database 25 https://github.com/directus/directus 25 https://github.com/cilium/cilium 25 https://github.com/umbraco/Umbraco-CMS 25 https://github.com/electron/electron 25 https://github.com/contao/contao 25 https://github.com/getgrav/grav 24 https://github.com/strapi/strapi 24 https://github.com/gogs/gogs 24 https://github.com/TYPO3/TYPO3.CMS 24 https://github.com/apache/nifi 23 https://github.com/eclipse/jetty.project 23 https://github.com/livehelperchat/livehelperchat 23 https://github.com/firefly-iii/firefly-iii 23 https://github.com/pmmp/PocketMine-MP 23 https://github.com/PrestaShop/PrestaShop 22 https://github.com/hashicorp/consul 22 https://github.com/langchain-ai/langchain 22 https://github.com/nervosnetwork/ckb 22 https://github.com/jenkinsci/script-security-plugin 21 https://github.com/netty/netty 21 https://github.com/apache/cxf 21 https://github.com/undertow-io/undertow 20 https://github.com/simplesamlphp/simplesamlphp 20 https://github.com/jeecgboot/jeecg-boot 20 https://github.com/funadmin/funadmin 20 https://github.com/bytecodealliance/wasmtime 20 https://github.com/OpenNMS/opennms 20 https://github.com/OpenZeppelin/openzeppelin-contracts 20 https://github.com/cloudfoundry/uaa 19 https://github.com/getkirby/kirby 19 https://github.com/goharbor/harbor 19 https://github.com/nilsteampassnet/teampass 19 https://github.com/zitadel/zitadel 19 https://github.com/bcgit/bc-java 19 https://github.com/nilsteampassnet/TeamPass 18 https://github.com/geoserver/geoserver 18 https://github.com/intelliants/subrion 18 https://github.com/rubygems/rubygems 18 https://github.com/traefik/traefik 18 https://github.com/rack/rack 18 https://github.com/helm/helm 18 https://github.com/hashicorp/vault 17 https://github.com/moby/moby 17 https://github.com/liufee/cms 17 https://github.com/mindsdb/mindsdb 17 https://github.com/vaadin/platform 17 https://github.com/opencast/opencast 17 https://github.com/pyload/pyload 16 https://github.com/tinymce/tinymce 16 https://github.com/sequelize/sequelize 16 https://github.com/OpenMage/magento-lts 16 https://github.com/TYPO3-CMS/core 16 https://github.com/etcd-io/etcd 16 https://github.com/yetiforcecompany/yetiforcecrm 16 https://github.com/ethereum/go-ethereum 16 https://github.com/rusqlite/rusqlite 16 https://github.com/mattermost/mattermost 16 https://github.com/forkcms/forkcms 16 https://github.com/laravel/framework 16 https://github.com/backstage/backstage 16 https://github.com/zendframework/zendframework 15 https://github.com/apache/camel 15 https://github.com/decidim/decidim 15 https://github.com/puppetlabs/puppet 15 https://github.com/cobbler/cobbler 15 https://github.com/vantage6/vantage6 15 https://github.com/PHPMailer/PHPMailer 15 https://github.com/dompdf/dompdf 15 https://github.com/ethyca/fides 15 https://github.com/surrealdb/surrealdb 15 https://github.com/denoland/deno 15 https://github.com/pyca/cryptography 15 https://github.com/centreon/centreon 15 https://github.com/aio-libs/aiohttp 14 https://github.com/cockpit-hq/cockpit 14 https://github.com/hashicorp/nomad 14 https://github.com/vercel/next.js 14 https://github.com/ckeditor/ckeditor4 14 https://github.com/twisted/twisted 14 https://github.com/containerd/containerd 14 https://github.com/xuxueli/xxl-job 14 https://github.com/janeczku/calibre-web 14 https://github.com/dotnet/aspnetcore 14 https://github.com/laurent22/joplin 13 https://github.com/ming-soft/MCMS 13 https://github.com/publify/publify 13 https://github.com/OPCFoundation/UA-.NETStandard 13 https://github.com/swagger-api/swagger-ui 13 https://github.com/dromara/hutool 13 https://github.com/OpenRefine/OpenRefine 13 https://github.com/apache/dolphinscheduler 13 https://github.com/TryGhost/Ghost 13 https://github.com/golang/go 13 https://github.com/quarkusio/quarkus 13 https://github.com/modoboa/modoboa 13 https://github.com/nodejs/undici 13 https://github.com/pimcore/admin-ui-classic-bundle 12 https://github.com/containers/podman 12 https://github.com/openfga/openfga 12 https://github.com/puma/puma 12 https://github.com/patriksimek/vm2 12 https://github.com/PHPOffice/PhpSpreadsheet 12 https://github.com/1Panel-dev/1Panel 12 https://github.com/apache/kylin 12 https://github.com/centreon/centreon-archived 12 https://github.com/openstack/glance 12 https://github.com/opencontainers/runc 12 https://github.com/wagtail/wagtail 12 https://github.com/smarty-php/smarty 12 https://github.com/urllib3/urllib3 12 https://github.com/zenml-io/zenml 11 https://github.com/igniterealtime/Openfire 11 https://github.com/cakephp/cakephp 11 https://github.com/cloudflare/cfrpki 11 https://github.com/nats-io/nats-server 11 https://github.com/drupal/core 11 https://github.com/matrix-org/matrix-js-sdk 11 https://github.com/ezsystems/ezpublish-kernel 11 https://github.com/thorsten/phpMyFAQ 11 https://github.com/scrapy/scrapy 11 https://github.com/Studio-42/elFinder 11 https://github.com/yiisoft/yii2 11 https://github.com/pomerium/pomerium 11 https://github.com/owen2345/camaleon-cms 11 https://github.com/spring-projects/spring-security 11 https://github.com/NodeBB/NodeBB 11 https://github.com/dolibarr/dolibarr 11 https://github.com/getsentry/sentry 11 https://github.com/vaadin/flow 11 https://github.com/dpgaspar/Flask-AppBuilder 11 https://github.com/onionshare/onionshare 11 https://github.com/Sylius/Sylius 11 https://github.com/WWBN/AVideo 11 https://github.com/top-think/framework 11 https://github.com/Pylons/waitress 11 https://github.com/apache/zeppelin 10 https://github.com/pgadmin-org/pgadmin4 10 https://github.com/greenpau/caddy-security 10