Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories

Loading...
Low
GSA_kwCzR0hTQS0zZm1xLXg5cTYtd20zOc4AA8Rz
random_compat Uses insecure CSPRNG
Ecosystems: packagist
Packages: paragonie/random_compat
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 days ago
Moderate
GSA_kwCzR0hTQS1nNDhmLXBnd2gtd3d4eM4AA8Ry
onelogin/php-saml signature wrapping attacks
Ecosystems: packagist
Packages: onelogin/php-saml
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 days ago
Low
GSA_kwCzR0hTQS05d3J3LXA5cm0tcjc4Ms4AA8Rx
onelogin/php-saml Improper signature validation on LogoutRequest/LogoutResponse.
Ecosystems: packagist
Packages: onelogin/php-saml
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 days ago
High
GSA_kwCzR0hTQS1yMnI4LTM2cHEtMjdjbc4AA8Rw
nzo/url-encryptor-bundle Insecure default secret key and IV allowing anyone to decrypt values
Ecosystems: packagist
Packages: nzo/url-encryptor-bundle
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 days ago
Critical
GSA_kwCzR0hTQS1ycTZxLWhqdmgtNW13aM4AA8Rv
Flow Swift Mailer package Remote code execution
Ecosystems: packagist
Packages: neos/swiftmailer
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 days ago
High
GSA_kwCzR0hTQS02Y2ozLXJjNHAtZjM4Zs4AA8Ru
Cross-site Scripting vulnerabilities in Neos
Ecosystems: packagist
Packages: neos/neos
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 days ago
Moderate
GSA_kwCzR0hTQS00M2NmLTdmM2gtMzhyZ84AA8Rt
Privilege Escalation in TYPO3 Neos
Ecosystems: packagist
Packages: neos/neos
Source: GitHub Advisory Database
Blast Radius: 11.7
Published: 2 days ago
Moderate
GSA_kwCzR0hTQS02cHE4LTY3cHctajZod84AA8Rs
Time-Based Information Disclosure Vulnerability in Flow
Ecosystems: packagist
Packages: neos/flow
Source: GitHub Advisory Database
Blast Radius: 14.4
Published: 2 days ago
High
GSA_kwCzR0hTQS0zYzVnLTczZjctZ3J2bc4AA8Rr
Neos Information Disclosure Security Note
Ecosystems: packagist
Packages: neos/neos
Source: GitHub Advisory Database
Blast Radius: 21.0
Published: 2 days ago
Moderate
GSA_kwCzR0hTQS05Y3czLWo3d2ctandqOM4AA8Rq
Neos Flow Information disclosure in entity security
Ecosystems: packagist
Packages: neos/flow
Source: GitHub Advisory Database
Blast Radius: 11.7
Published: 2 days ago
Moderate
GSA_kwCzR0hTQS01dnY3LWo1OTMtbWdqY84AA8Rp
Neos Flow Arbitrary file upload and XML External Entity processing
Ecosystems: packagist
Packages: neos/flow
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 days ago
Low
GSA_kwCzR0hTQS03aDc0LTd2Y3ctNG13cM4AA8Ro
Insecure deserialize Vulnerability in FLOW3
Ecosystems: packagist
Packages: neos/flow
Source: GitHub Advisory Database
Blast Radius: 10.1
Published: 2 days ago
Critical
GSA_kwCzR0hTQS00cnI2LWdmNTktZ2d3Nc4AA8Rn
namshi/jose - Verification bypass
Ecosystems: packagist
Packages: namshi/jose
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 days ago
High
GSA_kwCzR0hTQS1oeGhjLXdtZzgteHJxZs4AA8Rm
namshi/jose insecure JSON Web Signatures (JWS)
Ecosystems: packagist
Packages: namshi/jose
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 days ago
Moderate
GSA_kwCzR0hTQS0ycmh4LXFoeHAtNWpwd84AA8Qi
Submariner Operator sets unnecessary RBAC permissions in helm charts
Ecosystems: go
Packages: github.com/submariner-io/submariner-operator
Source: GitHub Advisory Database
Blast Radius: 8.6
Published: 3 days ago
Critical
GSA_kwCzR0hTQS0zNzgzLTYydmMtanI3eM4AA8K_
ConsoleMe has an Arbitrary File Read Vulnerability via Limited Git command
Ecosystems: pypi
Packages: consoleme
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 days ago
Moderate
GSA_kwCzR0hTQS1manc4LTNncDgtNGN2eM4AA8Kw
Denial of service of Minder Server with attacker-controlled REST endpoint
Ecosystems: go
Packages: github.com/stacklok/minder
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 4 days ago
Moderate
GSA_kwCzR0hTQS12ZzNyLXJtN3ctMnhnaM4AA8Kv
REXML contains a denial of service vulnerability
Ecosystems: rubygems
Packages: rexml
Source: GitHub Advisory Database
Blast Radius: 28.8
Published: 4 days ago
High
GSA_kwCzR0hTQS1jcWg5LWpmcXItaDlqas4AA8KA
Weights and Biases (wandb) has a Server-Side Request Forgery (SSRF) vulnerability
Ecosystems: pypi
Packages: wandb
Source: GitHub Advisory Database
Blast Radius: 30.6
Published: 4 days ago
High
GSA_kwCzR0hTQS1yZnFxLXdxNnctNzJqbc4AA8J7
MLflow has a Local File Read/Path Traversal bypass
Ecosystems: pypi
Packages: mlflow
Source: GitHub Advisory Database
Blast Radius: 27.8
Published: 4 days ago
Moderate
GSA_kwCzR0hTQS1wNGp4LXE2MnAteDVqcs4AA8J5
MLflow allows low privilege users to delete any artifact
Ecosystems: pypi
Packages: mlflow
Source: GitHub Advisory Database
Blast Radius: 20.0
Published: 4 days ago
Low
GSA_kwCzR0hTQS1mNTd2LXE5NjYtN2ZoNs4AA8I3
Monolog Header injection in NativeMailerHandler
Ecosystems: packagist
Packages: monolog/monolog
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 days ago
Critical
GSA_kwCzR0hTQS04ajdjLTY4MngtcjlmMs4AA8I2
Magento RCE,XSS and other vulnerabilities
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 days ago
Moderate
GSA_kwCzR0hTQS1tY2ZjLTY3dm0tajU2OM4AA8I1
Magento Cross-Site Scripting (XSS) vulnerability
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 days ago
Critical
GSA_kwCzR0hTQS01Z21oLTg1eDgtNWN4N84AA8I0
Magento remote code execution (RCE), Cross-Site Scripting (XSS) and other vulnerabilities
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 days ago
Critical
GSA_kwCzR0hTQS1jdjI1LTNweHItNHE3eM4AA8Iz
Magento Open Source Security Advisory: Patch SUPEE-10975
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 days ago
Critical
GSA_kwCzR0hTQS0yNmhxLTcyODYtbWc4Zs4AA8Iy
Magento Patch SUPEE-9652 - Remote Code Execution using mail vulnerability
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 days ago
Critical
GSA_kwCzR0hTQS02d200LTNyamotYzh4eM4AA8Ix
Magento Security enhancements that help close RCE,XSS,CSRF and other vulnerabilities
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 days ago
Critical
GSA_kwCzR0hTQS1wcnBmLWNqODctaHd2cs4AA8Iw
Magento Patch SUPEE-10752 - Multiple security enhancements vulnerabilities
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 days ago
Moderate
GSA_kwCzR0hTQS1xd3ZwLTI2OGctamptOM4AA8Iv
Data Leakage Vulnerability in livewire/livewire
Ecosystems: packagist
Packages: livewire/livewire
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 days ago
Moderate
GSA_kwCzR0hTQS1oOTdjLXFwMjQtNDM5ds4AA8Iu
Insecure State Generation in laravel/socialite
Ecosystems: packagist
Packages: laravel/socialite
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 days ago
Moderate
GSA_kwCzR0hTQS03Zmp2LTI1cTktMnc4OM4AA8It
State Guessing Vulnerability in laravel/socialite
Ecosystems: packagist
Packages: laravel/socialite
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 days ago
High
GSA_kwCzR0hTQS13cThwLW1xdmctMnA1aM4AA8Is
laravel framework SQL Injection via limit and offset functions
Ecosystems: packagist
Packages: laravel/framework
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 days ago
High
GSA_kwCzR0hTQS1qd3ZqLXB3d3ctM21qNc4AA8Ir
laravel framework Unexpected database bindings via requests
Ecosystems: packagist
Packages: laravel/framework
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 days ago
Moderate
GSA_kwCzR0hTQS00NHBnLWMyOXYtaHA2cs4AA8Iq
Laravel Guard bypass in Eloquent models
Ecosystems: packagist
Packages: laravel/framework
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 days ago
Critical
GSA_kwCzR0hTQS1xbTVjLW03NnItMmhmcs4AA8Ip
Laravel RCE vulnerability in "cookie" session driver
Ecosystems: packagist
Packages: laravel/framework
Source: GitHub Advisory Database
Blast Radius: 56.8
Published: 4 days ago
Moderate
GSA_kwCzR0hTQS12cjk1LXA3cTYtOG05cc4AA8Io
Laravel Cross-site Scripting (XSS) vulnerability in blade templating
Ecosystems: packagist
Packages: laravel/framework
Source: GitHub Advisory Database
Blast Radius: 24.4
Published: 4 days ago
High
GSA_kwCzR0hTQS02anZ4LThjaDktajJqcs4AA8In
Laravel Cookie serialization vulnerability
Ecosystems: packagist
Packages: laravel/framework
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 days ago
Moderate
GSA_kwCzR0hTQS03ODUyLXczNngtNm1mNs4AA8Im
Laravel Encrypter Component Potential Decryption Failure Leading to Unintended Behavior
Ecosystems: packagist
Packages: laravel/framework
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 days ago
Moderate
GSA_kwCzR0hTQS1wNjJyLTc2MzctM3d3Y84AA8Il
Laravel Hijacked authentication cookies vulnerability
Ecosystems: packagist
Packages: laravel/framework
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 days ago
Moderate
GSA_kwCzR0hTQS1yajN3LTk5Z2MtOGo1OM4AA8Ik
Laravel Risk of mass-assignment vulnerabilities
Ecosystems: packagist
Packages: laravel/framework
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 days ago
Moderate
GSA_kwCzR0hTQS1odmd3LWdnM3AtMjk1as4AA8Ij
Read private customer data reclaiming carts in Klaviyo Magento
Ecosystems: packagist
Packages: klaviyo/magento2-extension
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 days ago
Low
GSA_kwCzR0hTQS02d2p3LXFmODctZnY1ds4AA8Ii
Laravel Encrypter Failure to decryption vulnerability
Ecosystems: packagist
Packages: illuminate/encryption
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 days ago
High
GSA_kwCzR0hTQS0yODY3LTZycm0tMzhncs4AA8Ih
Laravel Cookie serialization vulnerability
Ecosystems: packagist
Packages: illuminate/cookie
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 days ago
Moderate
GSA_kwCzR0hTQS0yOTdnLXhnNGgtN3c0Y84AA8Ig
Laravel Cross-site Scripting vulnerability in blade templating
Ecosystems: packagist
Packages: illuminate/view
Source: GitHub Advisory Database
Blast Radius: 19.9
Published: 4 days ago
Moderate
GSA_kwCzR0hTQS1jYzJ3LWdoYzUtbTVxcs4AA8If
Laravel Risk of mass-assignment vulnerabilities
Ecosystems: packagist
Packages: illuminate/database
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 days ago
Critical
GSA_kwCzR0hTQS0yZmZ2LXI0cjktcjh4cs4AA8Ie
Laravel RCE vulnerability in "cookie" session driver
Ecosystems: packagist
Packages: illuminate/cookie
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 days ago
Moderate
GSA_kwCzR0hTQS1xNHhmLTdmdzUtNHg4ds4AA8Id
Laravel Hijacked authentication cookies vulnerability
Ecosystems: packagist
Packages: illuminate/auth
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 days ago
High
GSA_kwCzR0hTQS0yZ3EyLW02MjgtMzN4cM4AA8Ic
gregwar/rst Local File Inclusion Vulnerability
Ecosystems: packagist
Packages: gregwar/rst
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 days ago
Critical
GSA_kwCzR0hTQS05Z3h2LXg3cnAtcjJoY84AA8Ib
gree/jose - "None" Algorithm treated as valid in tokens
Ecosystems: packagist
Packages: gree/jose
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 days ago
Moderate
GSA_kwCzR0hTQS1mZ3J4LTQ2MzctZmNmNc4AA8Ia
fuel/core Crypt encryption compromised.
Ecosystems: packagist
Packages: fuel/core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 days ago
High
GSA_kwCzR0hTQS0yNmhwLWNnamotbTJqM84AA8IZ
fuel/core ImageMagick driver does not escape all shell arguments.
Ecosystems: packagist
Packages: fuel/core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 days ago
Moderate
GSA_kwCzR0hTQS04d3gzLThtNHgtZzVoNM4AA8IY
FOSUserBundle User Identity Validation Vulnerability
Ecosystems: packagist
Packages: friendsofsymfony/user-bundle
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 days ago
High
GSA_kwCzR0hTQS02bWpxLTl4NHctbTN3Oc4AA8IX
FOSUserBundle Session Hijacking Vulnerability
Ecosystems: packagist
Packages: friendsofsymfony/user-bundle
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 days ago
Moderate
GSA_kwCzR0hTQS1wang4LTk4NHAtN3AzeM4AA8IW
FOSUserBundle Entropy is lost in the TokenGenerator
Ecosystems: packagist
Packages: friendsofsymfony/user-bundle
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 days ago
Moderate
GSA_kwCzR0hTQS1wOWZnLWo2d3ctOTUzbc4AA8IV
FOSRestBundle issue with broken validation of JSONP callbacks
Ecosystems: packagist
Packages: friendsofsymfony/rest-bundle
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 days ago
Moderate
GSA_kwCzR0hTQS14bTN4LTRwaDMtM3g5Y84AA8IU
friendsofsymfony/oauth2-php open redirection in oauth
Ecosystems: packagist
Packages: friendsofsymfony/oauth2-php
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 days ago
Critical
GSA_kwCzR0hTQS1oNTMzLTV2MjItOHZjcM4AA8IT
firebase/php-jwt: "None" Algorithm treated as valid on tokens
Ecosystems: packagist
Packages: firebase/php-jwt
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 days ago
High
GSA_kwCzR0hTQS0zZzQzLXhmcnctcHY1bc4AA8IS
eZ Platform User data disclosure
Ecosystems: packagist
Packages: ezsystems/repository-forms
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 days ago
Moderate
GSA_kwCzR0hTQS13OXAzLTI2ZngtNW1wM84AA8IR
eZ Platform Admin UI is vulnerable to Cross-site Scripting (XSS)
Ecosystems: packagist
Packages: ezsystems/platform-ui-assets-bundle
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 days ago
Moderate
GSA_kwCzR0hTQS0zOWoyLTRwOWotNXc0as4AA8IQ
Ez Platform Object Injection in legacy shop module
Ecosystems: packagist
Packages: ezsystems/ezpublish-legacy
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 days ago
High
GSA_kwCzR0hTQS05ODk1LTI2d3ItNGZnds4AA8IP
EZsystems Remote code execution in file uploads
Ecosystems: packagist
Packages: ezsystems/ezpublish-legacy
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 days ago
High
GSA_kwCzR0hTQS14OHhtLXdyanEtNWc1NM4AA8H3
Stakater Forecastle has a directory traversal vulnerability
Ecosystems: go
Packages: github.com/stakater/Forecastle
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 4 days ago
Moderate
GSA_kwCzR0hTQS1wcWptLXhjcDgtd2dtbc4AA8Hw
Ez Platform and Legacy are prone to an insecure interpretation of PHP/PHAR uploads
Ecosystems: packagist
Packages: ezsystems/ezpublish-legacy
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 days ago
High
GSA_kwCzR0hTQS1wOW1wLXZxNHYtdjVtNc4AA8Hv
eZ Publish Legacy Passwordless login for LDAP users
Ecosystems: packagist
Packages: ezsystems/ezpublish-legacy
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 days ago
Moderate
GSA_kwCzR0hTQS0ydmgzLWNqOWotbWNqNc4AA8Hu
eZ Publish Legacy Cross-site Scripting (XSS) in 'disabled module' error template
Ecosystems: packagist
Packages: ezsystems/ezpublish-legacy
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 days ago
High
GSA_kwCzR0hTQS02NHZqLTkzM2YtNnBtM84AA8Ht
eZ Platform Object Injection in SiteAccessMatchListener
Ecosystems: packagist
Packages: ezsystems/ezpublish-kernel
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 days ago
High
GSA_kwCzR0hTQS04MnJ2LTQ1cGMtdjI4d84AA8Hs
eZ Publish Legacy Patch EZSA-2018-001 for Several vulnerabilities
Ecosystems: packagist
Packages: ezsystems/ezpublish-legacy
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 days ago
High
GSA_kwCzR0hTQS1jYzJqLTkyanEtd2dqZ84AA8Hr
eZ Publish Information disclosure in backend content tree menu
Ecosystems: packagist
Packages: ezsystems/ezpublish-legacy
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 days ago
High
GSA_kwCzR0hTQS0zdndyLWpqNGYtaDk4eM4AA8Hq
eZ Publish Remote code execution in file uploads
Ecosystems: packagist
Packages: ezsystems/ezpublish-kernel
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 days ago
Moderate
GSA_kwCzR0hTQS1xaGpjLWhnOTQtMjQ1ds4AA8Hp
eZ Platform Prevent accepting app.php in URL in Platform.sh
Ecosystems: packagist
Packages: ezsystems/ezplatform
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 days ago
Moderate
GSA_kwCzR0hTQS05d3d4LWM3MjMtdm04eM4AA8Ho
eZ Platform REST API returns list of all SiteAccesses
Ecosystems: packagist
Packages: ezsystems/ezpublish-kernel
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 days ago
Moderate
GSA_kwCzR0hTQS02eGNoLTJ2eHgtNXB2cs4AA8Hn
eZ Platform Rules to disable executable access are ignored on Platform.sh (eZ Cloud)
Ecosystems: packagist
Packages: ezsystems/ezplatform
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 days ago
High
GSA_kwCzR0hTQS00NXFtLWo0bTktd2h2Oc4AA8Hm
eZ Platform CSRF token in login form is disabled by default
Ecosystems: packagist
Packages: ezsystems/ezplatform
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 days ago
High
GSA_kwCzR0hTQS1oZnBwLTJ2aHctcXE0M84AA8Hl
eZ Platform Admin UI Password reset vulnerability
Ecosystems: packagist
Packages: ezsystems/ezplatform-user
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 days ago
High
GSA_kwCzR0hTQS0ydzlwLXh4cXItaDI1M84AA8Hk
eZ Platform Object Injection in SiteAccessMatchListener
Ecosystems: packagist
Packages: ezsystems/ezplatform-kernel
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 days ago
High
GSA_kwCzR0hTQS1xNzN2LTc5eDMtanYyd84AA8Hj
eZ Platform Admin UI Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: ezsystems/ezplatform-admin-ui
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 days ago
High
GSA_kwCzR0hTQS1jZzg0LTU1angtNDIzN84AA8Hi
eZ Platform Password reset vulnerability
Ecosystems: packagist
Packages: ezsystems/ezplatform-admin-ui
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 days ago
Moderate
GSA_kwCzR0hTQS00YzJ3LXY1cnEtNW14N84AA8Hh
eZ Platform Editor Cross-site Scripting (XSS)
Ecosystems: packagist
Packages: ezsystems/ezplatform-admin-ui-assets
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 days ago
Moderate
GSA_kwCzR0hTQS1qcnB3LTg4ODQtMjc0N84AA8Hg
eZ Platform Bundled jQuery affected by CVE-2019-11358
Ecosystems: packagist
Packages: ezsystems/ezplatform-admin-ui-assets
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 days ago
High
GSA_kwCzR0hTQS05Y3EyLXBjZ3ItOGg2Ms4AA8Hf
Cross-site Scripting in eZFind spellcheck
Ecosystems: packagist
Packages: ezsystems/ezfind-ls
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 days ago
Moderate
GSA_kwCzR0hTQS14bXAzLTc3NDUtZzR2as4AA8He
ezsystems/ez-support-tools Failing access control in system info view
Ecosystems: packagist
Packages: ezsystems/ez-support-tools
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 days ago
High
GSA_kwCzR0hTQS1qcTlxLTZwNDItcXByN84AA8Hc
Cross-site Scripting (XSS) in DemoBundle/ezdemo bundled VideoJS
Ecosystems: packagist
Packages: ezsystems/ezdemo-ls-extension
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 days ago
High
GSA_kwCzR0hTQS04Yzg1LTRycjUtY2hyNM4AA8Hd
Cross-site Scripting (XSS) in DemoBundle/ezdemo bundled VideoJS
Ecosystems: packagist
Packages: ezsystems/demobundle
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 days ago
Moderate
GSA_kwCzR0hTQS1tdmY2LTNmMmcteGZ4Zs4AA8Hb
endroid/qr-code-bundle File Disclosure via logo_path query parameter
Ecosystems: packagist
Packages: endroid/qr-code-bundle
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 days ago
Moderate
GSA_kwCzR0hTQS1xZjY1LWhwaDktNDUzcs4AA8Ha
Drupal Cross-Site Scripting (XSS) affecting CKEditor Third-party library
Ecosystems: packagist
Packages: drupal/drupal
Source: GitHub Advisory Database
Blast Radius: 10.1
Published: 4 days ago
High
GSA_kwCzR0hTQS1qNjZwLWZ2cDItZnhoas4AA8HZ
Drupal core Arbitrary PHP code execution
Ecosystems: packagist
Packages: drupal/drupal
Source: GitHub Advisory Database
Blast Radius: 17.1
Published: 4 days ago
Moderate
GSA_kwCzR0hTQS0zMzd3LWZ4cHEtNW0zNM4AA8HY
Drupal core uses a vulnerable Third-party library CKEditor
Ecosystems: packagist
Packages: drupal/drupal
Source: GitHub Advisory Database
Blast Radius: 9.2
Published: 4 days ago
Moderate
GSA_kwCzR0hTQS13eGZnLTI1M2ctbTdyNM4AA8HX
Drupal core Open Redirect vulnerability
Ecosystems: packagist
Packages: drupal/drupal
Source: GitHub Advisory Database
Blast Radius: 9.5
Published: 4 days ago
High
GSA_kwCzR0hTQS1tOWZ2LXdocTItNndtY84AA8HW
Drupal core Multiple vulnerabilities due to the use of the third-party library Archive_Tar
Ecosystems: packagist
Packages: drupal/drupal
Source: GitHub Advisory Database
Blast Radius: 17.8
Published: 4 days ago
Moderate
GSA_kwCzR0hTQS01eDI4LTNmMzIteDUyM84AA8HV
Drupal core Access control bypass
Ecosystems: packagist
Packages: drupal/drupal
Source: GitHub Advisory Database
Blast Radius: 9.5
Published: 4 days ago
Moderate
GSA_kwCzR0hTQS13MzMzLTVmOTYtbWpycs4AA8HU
Drupal core Denial of Service
Ecosystems: packagist
Packages: drupal/drupal
Source: GitHub Advisory Database
Blast Radius: 11.7
Published: 4 days ago
Critical
GSA_kwCzR0hTQS1qZjhjLTM2dnctOTh4NM4AA8HT
Drupal core Remote Code Execution
Ecosystems: packagist
Packages: drupal/drupal
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 days ago
Critical
GSA_kwCzR0hTQS1qang3LTg0NjItdzRtNM4AA8HS
Drupal Core Insufficient Contextual Links validation leads to Remote Code Execution
Ecosystems: packagist
Packages: drupal/drupal
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 days ago
Moderate
GSA_kwCzR0hTQS01OHh2LTdoOXItbXgzY84AA8HR
Drupal Malicious file upload with filenames stating with dot
Ecosystems: packagist
Packages: drupal/drupal
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 days ago
Moderate
GSA_kwCzR0hTQS14NnYyLXhtcnEtNTc0as4AA8HQ
Drupal Anonymous Open Redirect
Ecosystems: packagist
Packages: drupal/drupal
Source: GitHub Advisory Database
Blast Radius: 12.8
Published: 4 days ago
Moderate
GSA_kwCzR0hTQS04Nnh3LXZtY3gtOW1qNM4AA8HP
Drupal Content moderation Access bypass
Ecosystems: packagist
Packages: drupal/drupal
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 days ago
Moderate
GSA_kwCzR0hTQS1yNjdyLTQyd3gtYzhyN84AA8HO
Drupal External URL injection through URL aliases leading to Open Redirect
Ecosystems: packagist
Packages: drupal/drupal
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 days ago
Moderate
GSA_kwCzR0hTQS12ZmdjLWM3NmgtbXdoNM4AA8HN
Drupal core Cross-Site Scripting (XSS) vulnerabilities
Ecosystems: packagist
Packages: drupal/core
Source: GitHub Advisory Database
Blast Radius: 19.7
Published: 4 days ago
High
GSA_kwCzR0hTQS1neHhqLWc5djgtdzI4cM4AA8HM
Drupal core Arbitrary PHP code execution
Ecosystems: packagist
Packages: drupal/core
Source: GitHub Advisory Database
Blast Radius: 29.0
Published: 4 days ago
Statistics
Advisories: 18,774
Packages: 8,381
Repositories: 5,079
Ecosystems: 12
Filter by Severity
Moderate 8,160 High 6,452 Critical 2,849 Low 1,017
Filter by Ecosystem
maven 5,573 packagist 4,002 pypi 3,848 npm 3,557 go 1,935 nuget 1,421 rubygems 815 cargo 780 swift 31 hex 30 actions 16 pub 8
Filter by Package
tensorflow 432 tensorflow-cpu 387 tensorflow-gpu 384 moodle/moodle 323 Microsoft.ChakraCore 247 magento/community-edition 203 org.jenkins-ci.main:jenkins-core 189 org.apache.tomcat:tomcat 134 pimcore/pimcore 116 dolibarr/dolibarr 107 typo3/cms 102 phpmyadmin/phpmyadmin 92 microweber/microweber 91 drupal/core 90 django 80 apache-airflow 78 typo3/cms-core 77 drupal/drupal 75 thorsten/phpmyfaq 70 com.fasterxml.jackson.core:jackson-databind 69 ansible 63 github.com/usememos/memos 59 actionpack 57 org.apache.struts:struts2-core 55 librenms/librenms 54 salt 53 symfony/symfony 53 concrete5/concrete5 52 Plone 52 apache-superset 49 shopware/platform 48 org.keycloak:keycloak-core 47 com.liferay.portal:release.portal.bom 45 nova 45 github.com/grafana/grafana 44 plone 43 nokogiri 43 baserproject/basercms 43 rdiffweb 42 Pillow 41 intelliants/subrion 40 showdoc/showdoc 40 craftcms/cms 40 github.com/mattermost/mattermost/server/v8 38 vyper 38 github.com/mattermost/mattermost-server/v6 37 nilsteampassnet/teampass 37 froxlor/froxlor 37 org.apache.tomcat.embed:tomcat-embed-core 36 shopware/core 36 com.jfinal:jfinal 36 com.thoughtworks.xstream:xstream 36 net.mingsoft:ms-mcms 35 matrix-synapse 35 org.xwiki.platform:xwiki-platform-oldcore 34 moin 34 github.com/answerdev/answer 34 mlflow 33 org.elasticsearch:elasticsearch 32 org.jenkins-ci.plugins:script-security 32 snipe/snipe-it 32 silverstripe/framework 32 k8s.io/kubernetes 32 keystone 30 opencv-contrib-python 30 opencv-python 30 mautic/core 30 Django 30 github.com/argoproj/argo-cd 29 getgrav/grav 29 parse-server 29 github.com/rancher/rancher 28 github.com/hashicorp/vault 28 centreon/centreon 27 io.undertow:undertow-core 27 org.keycloak:keycloak-services 27 shopware/shopware 27 github.com/hashicorp/nomad 26 prestashop/prestashop 26 github.com/hashicorp/consul 26 openssl-src 26 electron 26 rubygems-update 25 org.keycloak:keycloak-parent 25 org.apache.solr:solr-core 25 gogs.io/gogs 24 magento/core 24 pocketmine/pocketmine-mp 23 puppet 23 org.springframework.security:spring-security-core 23 github.com/argoproj/argo-cd/v2 23 remdex/livehelperchat 23 mediawiki/core 23 org.eclipse.jetty:jetty-server 23 ckb 22 grumpydictator/firefly-iii 22 getkirby/cms 22 org.bouncycastle:bcprov-jdk14 22 org.apache.nifi:nifi 22 rack 22 org.apache.openmeetings:openmeetings-parent 21 @openzeppelin/contracts-upgradeable 21 contao/core-bundle 21 activerecord 21 github.com/ethereum/go-ethereum 20 org.cloudfoundry.identity:cloudfoundry-identity-server 20 @openzeppelin/contracts 20 github.com/docker/docker 20 tribalsystems/zenario 20 github.com/cilium/cilium 20 org.springframework:spring-core 19 laravel/framework 19 code.gitea.io/gitea 19 DotNetNuke.Core 19 contao/contao 18 langchain 18 Microsoft.AspNetCore.App.Runtime.win-x86 18 forkcms/forkcms 18 com.vaadin:vaadin-bom 18 glance 18 directus 18 Microsoft.AspNetCore.App.Runtime.win-x64 18 com.liferay.portal:release.dxp.bom 18 cockpit-hq/cockpit 18 helm.sh/helm/v3 18 simplesamlphp/simplesamlphp 18 topthink/framework 17 org.xwiki.platform:xwiki-platform-web-templates 17 golang.org/x/net 17 genix/cms 17 francoisjacquet/rosariosis 17 cobbler 17 Microsoft.AspNetCore.App.Runtime.win-arm 17 org.apache.geode:geode-core 17 symfony/security 17 ezsystems/ezpublish-kernel 17 PaddlePaddle 17 mercurial 17 cakephp/cakephp 17 Microsoft.AspNetCore.App.Runtime.linux-arm64 16 Microsoft.AspNetCore.App.Runtime.osx-x64 16 org.apache.dubbo:dubbo 16 neutron 16 org.bouncycastle:bcprov-jdk15 16 yetiforce/yetiforce-crm 16 sequelize 16 Microsoft.AspNetCore.App.Runtime.linux-x64 16 Microsoft.AspNetCore.App.Runtime.linux-musl-x64 16 pillow 16 org.apache.activemq:activemq-client 16 wasmtime 16 rusqlite 16 Microsoft.AspNetCore.App.Runtime.linux-arm 16 notebook 15 org.apache.jspwiki:jspwiki-main 15 openmage/magento-lts 15 paddlepaddle 15 next 15 github.com/goharbor/harbor 15 Microsoft.AspNetCore.App.Runtime.win-arm64 15 gradio 15 Microsoft.AspNetCore.App.Runtime.linux-musl-arm64 15 cryptography 15 org.apache.struts.xwork:xwork-core 15 org.xwiki.platform:xwiki-platform-web 14 activesupport 14 zendframework/zendframework1 14 ghost 14 ec-cube/ec-cube 14 symfony/security-http 14 smarty/smarty 14 phpmailer/phpmailer 14 tinymce 14 pyload-ng 14 github.com/containerd/containerd 14 publify_core 14 swagger-ui 14 modoboa 14 org.apache.inlong:manager-pojo 14 typo3/cms-backend 14 pyftpdlib 14 codeigniter4/framework 13 github.com/mattermost/mattermost-server 13 lavalite/cms 13 github.com/traefik/traefik/v2 13 joplin 13 elefant/cms 13 october/system 13 strapi 13 bolt/bolt 13 ckeditor4 13 passenger 13 OctoPrint 13 impresscms/impresscms 13 github.com/nats-io/nats-server/v2 13 org.apache.cxf:cxf 13 org.apache.hadoop:hadoop-main 13 actionview 12 deno 12 undici 12
Filter by Repository
https://github.com/tensorflow/tensorflow 432 https://github.com/chakra-core/ChakraCore 214 https://github.com/moodle/moodle 210 https://github.com/xwiki/xwiki-platform 172 https://github.com/jenkinsci/jenkins 148 https://github.com/pimcore/pimcore 111 https://github.com/apache/tomcat 96 https://github.com/django/django 95 https://github.com/apache/airflow 90 https://github.com/microweber/microweber 85 https://github.com/FasterXML/jackson-databind 70 https://github.com/thorsten/phpmyfaq 69 https://github.com/usememos/memos 59 https://github.com/keycloak/keycloak 59 https://github.com/Dolibarr/dolibarr 55 https://github.com/ansible/ansible 53 https://github.com/rails/rails 53 https://github.com/python-pillow/Pillow 52 https://github.com/kubernetes/kubernetes 49 https://github.com/symfony/symfony 47 https://github.com/apache/struts 46 https://github.com/librenms/librenms 46 https://github.com/TYPO3/typo3 46 https://github.com/shopware/platform 43 https://github.com/ikus060/rdiffweb 42 https://github.com/spring-projects/spring-framework 41 https://github.com/grafana/grafana 39 https://github.com/vyperlang/vyper 38 https://github.com/phpmyadmin/phpmyadmin 38 https://github.com/star7th/showdoc 38 https://github.com/argoproj/argo-cd 37 https://github.com/plone/Products.CMFPlone 37 https://github.com/openstack/nova 36 https://github.com/x-stream/xstream 36 https://github.com/answerdev/answer 34 https://github.com/concretecms/concretecms 34 https://github.com/apache/activemq 33 https://github.com/octobercms/october 33 https://github.com/sparklemotion/nokogiri 32 https://github.com/saltstack/salt 32 https://github.com/matrix-org/synapse 32 https://github.com/magento/magento2 31 https://github.com/go-gitea/gitea 31 https://github.com/PaddlePaddle/Paddle 31 https://github.com/parse-community/parse-server 29 https://github.com/craftcms/cms 29 https://github.com/mautic/mautic 28 https://github.com/opencv/opencv 28 https://github.com/snipe/snipe-it 28 https://github.com/CVEProject/cvelist 28 https://github.com/openstack/keystone 27 https://github.com/mlflow/mlflow 27 https://github.com/froxlor/froxlor 26 https://github.com/apache/inlong 26 https://github.com/electron/electron 25 https://github.com/rancher/rancher 25 https://github.com/TYPO3/TYPO3.CMS 24 https://github.com/dotnet/runtime 24 https://github.com/getgrav/grav 24 https://github.com/shopware/shopware 24 https://github.com/livehelperchat/livehelperchat 23 https://github.com/eclipse/jetty.project 23 https://github.com/github/advisory-database 23 https://github.com/pmmp/PocketMine-MP 23 https://github.com/contao/contao 22 https://github.com/firefly-iii/firefly-iii 22 https://github.com/baserproject/basercms 22 https://github.com/nervosnetwork/ckb 22 https://github.com/PrestaShop/PrestaShop 22 https://github.com/strapi/strapi 21 https://github.com/jenkinsci/script-security-plugin 21 https://github.com/apache/nifi 21 https://github.com/netty/netty 20 https://github.com/jeecgboot/jeecg-boot 20 https://github.com/OpenZeppelin/openzeppelin-contracts 20 https://github.com/OpenNMS/opennms 20 https://github.com/cilium/cilium 20 https://github.com/gogs/gogs 20 https://github.com/nilsteampassnet/teampass 19 https://github.com/cloudfoundry/uaa 19 https://github.com/apache/cxf 19 https://github.com/bcgit/bc-java 19 https://github.com/hashicorp/consul 19 https://github.com/intelliants/subrion 19 https://github.com/helm/helm 19 https://github.com/nilsteampassnet/TeamPass 18 https://github.com/rubygems/rubygems 18 https://github.com/getkirby/kirby 18 https://github.com/liufee/cms 17 https://github.com/vaadin/platform 17 https://github.com/directus/directus 17 https://github.com/rack/rack 17 https://github.com/bytecodealliance/wasmtime 17 https://github.com/yetiforcecompany/yetiforcecrm 16 https://github.com/opencast/opencast 16 https://github.com/rusqlite/rusqlite 16 https://github.com/umbraco/Umbraco-CMS 16 https://github.com/forkcms/forkcms 16 https://github.com/ethereum/go-ethereum 16 https://github.com/sequelize/sequelize 16 https://github.com/etcd-io/etcd 16 https://github.com/hashicorp/vault 16 https://github.com/OpenMage/magento-lts 15 https://github.com/laravel/framework 15 https://github.com/goharbor/harbor 15 https://github.com/apache/camel 15 https://github.com/simplesamlphp/simplesamlphp 15 https://github.com/denoland/deno 15 https://github.com/centreon/centreon 15 https://github.com/puppetlabs/puppet 15 https://github.com/geoserver/geoserver 15 https://github.com/pyca/cryptography 14 https://github.com/langchain-ai/langchain 14 https://github.com/mattermost/mattermost 14 https://github.com/moby/moby 14 https://github.com/vantage6/vantage6 14 https://github.com/containerd/containerd 14 https://github.com/cockpit-hq/cockpit 14 https://github.com/PHPMailer/PHPMailer 14 https://github.com/gradio-app/gradio 14 https://github.com/pyload/pyload 14 https://github.com/cobbler/cobbler 14 https://github.com/tinymce/tinymce 14 https://github.com/silverstripe/silverstripe-framework 13 https://github.com/undertow-io/undertow 13 https://github.com/ming-soft/MCMS 13 https://github.com/traefik/traefik 13 https://github.com/modoboa/modoboa 13 https://github.com/publify/publify 13 https://github.com/hashicorp/nomad 13 https://github.com/dromara/hutool 13 https://github.com/dompdf/dompdf 13 https://github.com/xuxueli/xxl-job 13 https://github.com/swagger-api/swagger-ui 13 https://github.com/quarkusio/quarkus 13 https://github.com/golang/go 13 https://github.com/patriksimek/vm2 12 https://github.com/laurent22/joplin 12 https://github.com/apache/dolphinscheduler 12 https://github.com/TryGhost/Ghost 12 https://github.com/ckeditor/ckeditor4 12 https://github.com/apache/kylin 12 https://github.com/centreon/centreon-archived 12 https://github.com/nodejs/undici 12 https://github.com/twisted/twisted 12 https://github.com/backstage/backstage 12 https://github.com/puma/puma 11 https://github.com/dotnet/aspnetcore 11 https://github.com/onionshare/onionshare 11 https://github.com/opencontainers/runc 11 https://github.com/top-think/framework 11 https://github.com/containers/podman 11 https://github.com/Studio-42/elFinder 11 https://github.com/urllib3/urllib3 11 https://github.com/scrapy/scrapy 11 https://github.com/NodeBB/NodeBB 11 https://github.com/aio-libs/aiohttp 11 https://github.com/janeczku/calibre-web 11 https://github.com/1Panel-dev/1Panel 11 https://github.com/nats-io/nats-server 11 https://github.com/openfga/openfga 11 https://github.com/zitadel/zitadel 11 https://github.com/smarty-php/smarty 11 https://github.com/thorsten/phpMyFAQ 11 https://github.com/vercel/next.js 11 https://github.com/ezsystems/ezpublish-kernel 11 https://github.com/cloudflare/cfrpki 11 https://github.com/igniterealtime/Openfire 11 https://github.com/drupal/core 11 https://github.com/cakephp/cakephp 11 https://github.com/vaadin/flow 11 https://github.com/zopefoundation/Zope 10 https://github.com/jenkinsci/git-plugin 10 https://github.com/keystonejs/keystone 10 https://github.com/pimcore/admin-ui-classic-bundle 10 https://github.com/WWBN/AVideo 10 https://github.com/wagtail/wagtail 10 https://github.com/jquery/jquery 10 https://github.com/nextauthjs/next-auth 10 https://github.com/dolibarr/dolibarr 10 https://github.com/phusion/passenger 10 https://github.com/jupyter/notebook 10 https://github.com/codeigniter4/CodeIgniter4 10 https://github.com/OPCFoundation/UA-.NETStandard 10 https://github.com/Sylius/Sylius 10 https://github.com/greenpau/caddy-security 10 https://github.com/openstack/glance 10 https://github.com/nocodb/nocodb 10 https://github.com/dpgaspar/Flask-AppBuilder 10 https://github.com/neorazorx/facturascripts 9 https://github.com/semplon/GeniXCMS 9 https://github.com/evershopcommerce/evershop 9 https://github.com/rails/rails-html-sanitizer 9 https://github.com/alextselegidis/easyappointments 9 https://github.com/kevinpapst/kimai2 9 https://github.com/bolt/bolt 9 https://github.com/fatfreecrm/fat_free_crm 9 https://github.com/openstack/horizon 9 https://github.com/LavaLite/cms 9