Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Low Security Advisories

Browse all Security Advisories for Low

Loading...
Low
GSA_kwCzR0hTQS1nODV2LXdmMjctNjd4Y84ABBec
Harden-Runner has a command injection weaknesses in `setup.ts` and `arc-runner.ts`
Ecosystems: actions
Packages: step-security/harden-runner
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 days ago
Low
GSA_kwCzR0hTQS03cTdnLTR4bTgtODljcc4ABBaa
Regular Expression Denial of Service (ReDoS) in @eslint/plugin-kit
Ecosystems: npm
Packages: @eslint/plugin-kit
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 6 days ago
Low
GSA_kwCzR0hTQS1ycDloLXJmN2ctaHdncs4ABBWz
s2n-tls has undefined behavior at process exit
Ecosystems: cargo
Packages: s2n-tls
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 7 days ago
Low
GSA_kwCzR0hTQS02eDM2LXF4bWotcnY0cM4ABBRU
.NET Denial of Service Vulnerability
Ecosystems: nuget
Packages: System.Formats.Nrbf
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 9 days ago
Low
GSA_kwCzR0hTQS1mcHI1LWpwMmotNHEyZs4ABBP8
paillier-zk has ambiguous challenge derivation
Ecosystems: cargo
Packages: paillier-zk
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 9 days ago
Low
GSA_kwCzR0hTQS1ybTY2LTlnaDQtNGdwOM4ABBP7
cggmp21 vulnerable to ambiguous challenge derivation
Ecosystems: cargo
Packages: cggmp21
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 9 days ago
Low
GSA_kwCzR0hTQS03amp4LTNxdzktajZoNs4ABBP5
cggmp21-keygen has ambiguous challenge derivation
Ecosystems: cargo
Packages: cggmp21-keygen
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 9 days ago
Low
GSA_kwCzR0hTQS14OGpoLXhqM3gtZ3gzY84ABBP4
`fast-float` has multiple soundness issues
Ecosystems: cargo
Packages: fast-float
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 9 days ago
Low
GSA_kwCzR0hTQS05OXc2LTN4cGgtY3g3OM4ABBL2
Ansible-Core vulnerable to content protections bypass
Ecosystems: pypi
Packages: ansible-core
Source: GitHub Advisory Database
Blast Radius: 18.3
Published: 10 days ago
Low
GSA_kwCzR0hTQS00aGpmLTZweHItNTQ5aM4ABBK9
Moodle Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 7.6
Published: 10 days ago
Low
GSA_kwCzR0hTQS1xOTl4LW1qbWgtdjh3N84ABBLL
Moodle's user/power level management inconsistent with suspended users
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 7.5
Published: 10 days ago
Low
GSA_kwCzR0hTQS03d21wLTJ4bXgtZzZoOM4ABBLI
Moodle authorization headers preserved between "emulated redirects"
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 7.5
Published: 10 days ago
Low
GSA_kwCzR0hTQS12cHE1LTU2amotdmYybc4ABBLH
Moodle admin presets export tool includes some secrets that should not be exported
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 5.2
Published: 10 days ago
Low
GSA_kwCzR0hTQS00Z3EyLXg1dzQtN2hwOM4ABBK8
Moodle has insufficient capability checks
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 7.5
Published: 10 days ago
Low
GSA_kwCzR0hTQS1qcGYyLTlwcHAtMmM0Oc4ABBLG
Moodle has insufficient access control
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 7.5
Published: 10 days ago
Low
GSA_kwCzR0hTQS1jNzY3LTR3aGgtdjdyd84ABBLJ
Moodle has user information visibility control issues in gradebook reports
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 7.5
Published: 10 days ago
Low
GSA_kwCzR0hTQS04bTI0LTNjZngtOWZqd84ABBGA
sp1 has insufficient observation of cumulative sum
Ecosystems: cargo
Packages: sp1-recursion-circuit
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 13 days ago
Low
GSA_kwCzR0hTQS1qODU3LTJwd20tamptbc4ABBF-
Apache Airflow vulnerable to Insertion of Sensitive Information Into Sent Data
Ecosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Blast Radius: 20.7
Published: 13 days ago
Low
GSA_kwCzR0hTQS00aHh3LWdjMnEtZjZmM84ABBDy
Filament has exported files stored in default (`public`) filesystem if not reconfigured
Ecosystems: packagist
Packages: filament/actions
Source: GitHub Advisory Database
Blast Radius: 2.4
Published: 14 days ago
Low
GSA_kwCzR0hTQS1qanhxLWZmMmctOTV2aM4ABBCN
Twig has unguarded calls to `__isset()` and to array-accesses when the sandbox is enabled
Ecosystems: packagist
Packages: twig/twig
Source: GitHub Advisory Database
Blast Radius: 11.3
Published: 15 days ago
Low
GSA_kwCzR0hTQS02Mzc3LWhmdjktaHFmNs4ABBCM
Twig has unguarded calls to `__toString()` when nesting an object into an array
Ecosystems: packagist
Packages: twig/twig
Source: GitHub Advisory Database
Blast Radius: 11.3
Published: 15 days ago
Low
GSA_kwCzR0hTQS1tcnF4LXJwM3ctanBqcM4ABBBf
Symfony vulnerable to open redirect via browser-sanitized URLs
Ecosystems: packagist
Packages: symfony/http-foundation
Source: GitHub Advisory Database
Blast Radius: 17.8
Published: 15 days ago
Low
GSA_kwCzR0hTQS1nM3JoLXJyaHAtamhoOc4ABBBe
Symfony has an incorrect response from Validator when input ends with `\n`
Ecosystems: packagist
Packages: symfony/validator, symfony/symfony
Source: GitHub Advisory Database
Blast Radius: 14.8
Published: 15 days ago
Low
GSA_kwCzR0hTQS05YzN4LXIzd3AtbWd4bc4ABBBd
Symfony allows internal address and port enumeration by NoPrivateNetworkHttpClient
Ecosystems: packagist
Packages: symfony/symfony, symfony/http-client
Source: GitHub Advisory Database
Blast Radius: 14.1
Published: 15 days ago
Low
GSA_kwCzR0hTQS1qeGdyLTN2N3EtM3c5ds4ABBBc
Symfony's `Security::login` does not take into account custom `user_checker`
Ecosystems: packagist
Packages: symfony/symfony, symfony/security-bundle
Source: GitHub Advisory Database
Blast Radius: 14.2
Published: 15 days ago
Low
GSA_kwCzR0hTQS1oeGY1LTk5eGctODZod84ABBAb
cap-std doesn't fully sandbox all the Windows device filenames
Ecosystems: cargo
Packages: cap-primitives, cap-async-std, cap-std
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 16 days ago
Low
GSA_kwCzR0hTQS1jMmY1LWp4anYtMmhoOM4ABBAa
Wasmtime doesn't fully sandbox all the Windows device filenames
Ecosystems: cargo
Packages: wasmtime
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 16 days ago
Low
GSA_kwCzR0hTQS12MnFoLWY1ODQtNmhqOM4ABA_S
@workos-inc/authkit-remix refresh tokens are logged when the debug flag is enabled
Ecosystems: npm
Packages: @workos-inc/authkit-remix
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 16 days ago
Low
GSA_kwCzR0hTQS01d21nLTljdmgtcXcyNc4ABA_R
@workos-inc/authkit-nextjs refresh tokens are logged when the debug flag is enabled
Ecosystems: npm
Packages: @workos-inc/authkit-nextjs
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 16 days ago
Low
GSA_kwCzR0hTQS04cG1wLTY3OHctYzh4eM4ABA-V
gitsign may use incorrect Rekor entries during verification
Ecosystems: go
Packages: github.com/sigstore/gitsign
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 16 days ago
Low
GSA_kwCzR0hTQS1naHg0LWNneHctN2g5cM4ABA9J
LocalAI Cross-site Scripting vulnerability
Ecosystems: go
Packages: github.com/mudler/LocalAI
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 17 days ago
Low
GSA_kwCzR0hTQS0yOXd4LXZoMzMtN3g3cs4ABA9C
Bad documentation of error handling in ParseWithClaims can lead to potentially dangerous situations
Ecosystems: go
Packages: github.com/golang-jwt/jwt/v4
Source: GitHub Advisory Database
Blast Radius: 13.5
Published: 17 days ago
Low
GSA_kwCzR0hTQS00Z21xLW05dnAtanJ3Z84ABA7d
Umbraco CMS Cross-site Scripting vulnerability
Ecosystems: nuget
Packages: Umbraco.Cms.Core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 17 days ago
Low
GSA_kwCzR0hTQS02NmM0LTJnMnYtNTRxd84ABAyx
Grafana org admin can delete pending invites in different org
Ecosystems: go
Packages: github.com/grafana/grafana
Source: GitHub Advisory Database
Blast Radius: 3.7
Published: 23 days ago
Low
GSA_kwCzR0hTQS00NXBnLTM2cDYtODN2Oc4ABAya
Langchain SQL Injection vulnerability
Ecosystems: pypi
Packages: langchain-community, langchain
Source: GitHub Advisory Database
Blast Radius: 20.9
Published: 23 days ago
Low
GSA_kwCzR0hTQS02bTU5LThmbXYtbTVmOc4ABAyK
@langchain/community SQL Injection vulnerability
Ecosystems: npm
Packages: @langchain/community
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 23 days ago
Low
GSA_kwCzR0hTQS12OXhxLTJtdm0teDh4Y84ABAuY
Duende IdentityServer has insufficient validation of DPoP cnf claim in Local APIs
Ecosystems: nuget
Packages: Duende.IdentityServer
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 24 days ago
Low
GSA_kwCzR0hTQS1obTU3LWgyN3gtNTk5Y84ABAtz
Mattermost incorrectly issues two sessions when using desktop SSO
Ecosystems: go
Packages: github.com/mattermost/mattermost/server/v8
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 24 days ago
Low
GSA_kwCzR0hTQS1qOXdwLXg1cTUteGgyZs4ABAra
Funadmin Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: funadmin/funadmin
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 27 days ago
Low
GSA_kwCzR0hTQS1yamZ2LXBqdngtbWpnds4ABAoo
AWS Load Balancer Controller automatically detaches externally associated web ACL from Application Load Balancers
Ecosystems: go
Packages: sigs.k8s.io/aws-load-balancer-controller
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 28 days ago
Low
GSA_kwCzR0hTQS00Z3A5LWZmOTktajZ2as4ABAkg
Umbraco CMS Improper Access Control Vulnerability Allows Low-Privilege Users to Access Webhook API
Ecosystems: nuget
Packages: Umbraco.CMS
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 30 days ago
Low
GSA_kwCzR0hTQS03YzRjLTc0OWotcGZwMs4ABAWE
Admidio Vulnerable to HTML Injection In The Messages Section
Ecosystems: packagist
Packages: admidio/admidio
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 month ago
Low
GSA_kwCzR0hTQS01ajRjLThwMmctdjRqeM4ABARn
ReDoS vulnerability in vue package that is exploitable through inefficient regex evaluation in the parseHTML function
Ecosystems: npm
Packages: vue
Source: GitHub Advisory Database
Blast Radius: 22.0
Published: about 1 month ago
Low
GSA_kwCzR0hTQS1mYzloLXdocTItdjc0N84ABARZ
Valid ECDSA signatures erroneously rejected in Elliptic
Ecosystems: npm
Packages: elliptic
Source: GitHub Advisory Database
Blast Radius: 28.0
Published: about 1 month ago
Low
GSA_kwCzR0hTQS1yN200LWY5aDUtZ3I3Oc4ABAQW
Eclipse Jetty's PushSessionCacheFilter can cause remote DoS attacks
Ecosystems: maven
Packages: org.eclipse.jetty:jetty-servlets
Source: GitHub Advisory Database
Blast Radius: 12.2
Published: about 1 month ago
Low
GSA_kwCzR0hTQS0zYzMyLTRocTktNndnas4ABAQV
SpiceDB calls to LookupResources using LookupResources2 with caveats may return context is missing when it is not
Ecosystems: go
Packages: github.com/authzed/spicedb
Source: GitHub Advisory Database
Blast Radius: 2.5
Published: about 1 month ago
Low
GSA_kwCzR0hTQS12djZjLTY5cjYtY2hnOc4ABAQQ
Go-Landlock in best-effort mode did not restrict TCP bind and connect operations correctly
Ecosystems: go
Packages: github.com/landlock-lsm/go-landlock
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 month ago
Low
GSA_kwCzR0hTQS03cGdyLTMyZngtYzZ4Oc4ABAM8
Lord of Large Language Models (LoLLMs) Server path traversal vulnerability in lollms_file_system.py
Ecosystems: pypi
Packages: lollms
Source: GitHub Advisory Database
Blast Radius: 2.0
Published: about 1 month ago
Low
GSA_kwCzR0hTQS0yNmpoLXI4ZzItNmZwcs4ABAMK
Gradio's dropdown component pre-process step does not limit the values to those in the dropdown list
Ecosystems: pypi
Packages: gradio
Source: GitHub Advisory Database
Blast Radius: 21.6
Published: about 1 month ago
Low
GSA_kwCzR0hTQS1obTNjLTkzcGctNGN4d84ABAMD
In Gradio, the `enable_monitoring` flag set to `False` does not disable monitoring
Ecosystems: pypi
Packages: gradio
Source: GitHub Advisory Database
Blast Radius: 17.5
Published: about 1 month ago
Low
GSA_kwCzR0hTQS13N3JnLTd3cTItcGpyd84ABAK6
Magento Open Source Improper Access Control vulnerability
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 2.9
Published: about 1 month ago
Low
GSA_kwCzR0hTQS00MzRnLTI2MzctcW1xcs4ABAJS
Elliptic's verify function omits uniqueness validation
Ecosystems: npm
Packages: elliptic
Source: GitHub Advisory Database
Blast Radius: 30.9
Published: about 1 month ago
Low
GSA_kwCzR0hTQS13N3FyLXE5ZmgtZmozNc4ABAJK
Dozzle uses unsafe hash for passwords
Ecosystems: go
Packages: github.com/amir20/dozzle
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 month ago
Low
GSA_kwCzR0hTQS1tcTkyLWpyMzUtZmZwY84ABAJB
open-webui allows enumeration of file names and traversal of directories by observing the error messages
Ecosystems: pypi
Packages: open-webui
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 month ago
Low
GSA_kwCzR0hTQS03cW14LTNmcHgtcjQ1bc4ABAI_
Wasmtime race condition could lead to WebAssembly control-flow integrity and type safety violations
Ecosystems: cargo
Packages: wasmtime
Source: GitHub Advisory Database
Blast Radius: 9.8
Published: about 1 month ago
Low
GSA_kwCzR0hTQS1mZmN2LXY2cHctcWhycM4ABAFi
Denial of Service in TYPO3 Bookmark Toolbar
Ecosystems: packagist
Packages: typo3/cms-backend
Source: GitHub Advisory Database
Blast Radius: 6.8
Published: about 1 month ago
Low
GSA_kwCzR0hTQS1yZjVtLWg4cTktOXc2cc4ABADH
Information Disclosure in TYPO3 Page Tree
Ecosystems: packagist
Packages: typo3/cms-backend
Source: GitHub Advisory Database
Blast Radius: 8.4
Published: about 1 month ago
Low
GSA_kwCzR0hTQS1weGc2LXBmNTIteGg4eM4AA_9q
cookie accepts cookie name, path, and domain with out of bounds characters
Ecosystems: npm
Packages: cookie
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
Low
GSA_kwCzR0hTQS1qajc4LTVmbXYtbXYyOM4AA_8a
Express Open Redirect vulnerability
Ecosystems: npm
Packages: express
Source: GitHub Advisory Database
Blast Radius: 29.5
Published: about 2 months ago
Low
GSA_kwCzR0hTQS13cHIyLWo2Z3ItcGp3Oc4AA_7y
OpenTofu potential leaking of secret variable values when using static evaluation in v1.8
Ecosystems: go
Packages: github.com/opentofu/opentofu
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 months ago
Low
GSA_kwCzR0hTQS1tcnc4LTUzNjgtcGhtM84AA_7c
Contao allows admin an account to upload SVG file containing malicious JavaScript
Ecosystems: packagist
Packages: contao/contao
Source: GitHub Advisory Database
Blast Radius: 4.1
Published: about 2 months ago
Low
GSA_kwCzR0hTQS1oeHBwLWc3Nm0tcWh2Z84AA_7a
October allows an admin account to upload PDF containing malicious JavaScript
Ecosystems: packagist
Packages: october/october
Source: GitHub Advisory Database
Blast Radius: 4.1
Published: about 2 months ago
Low
GSA_kwCzR0hTQS0zNjM2LWh4NjItcHYyNs4AA_7Z
Zenario allows authenticated admin users to upload PDF files containing malicious code
Ecosystems: packagist
Packages: tribalsystems/zenario
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
Low
GSA_kwCzR0hTQS0yY2M1LTQyOXgtcDM4N84AA_7b
Zenario Cross Site Scripting in the Image library
Ecosystems: packagist
Packages: tribalsystems/zenario
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
Low
GSA_kwCzR0hTQS14OGdtLWozNnAtZnBwZs4AA_6E
LibreNMS vulnerable to Stored Cross-site Scripting via File Upload
Ecosystems: packagist
Packages: librenms/librenms
Source: GitHub Advisory Database
Blast Radius: 1.8
Published: about 2 months ago
Low
GSA_kwCzR0hTQS1nY2dwLXEyanEtZnc1Ms4AA_5z
LibreNMS has Stored Cross-site Scripting vulnerability in "Alert Templates" feature
Ecosystems: packagist
Packages: librenms/librenms
Source: GitHub Advisory Database
Blast Radius: 1.1
Published: about 2 months ago
Low
GSA_kwCzR0hTQS1najNwLWo3NHYtM3g1N84AA_14
ReLaXed Cross-site Scripting vulnerability
Ecosystems: npm
Packages: relaxedjs
Source: GitHub Advisory Database
Blast Radius: 3.7
Published: about 2 months ago
Low
GSA_kwCzR0hTQS1nNTRmLTY2bXctaHY2Ns4AA_zF
Agnai vulnerable to Relative Path Traversal in Image Upload
Ecosystems: npm
Packages: agnai
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 months ago
Low
GSA_kwCzR0hTQS1oMzU1LWhtNWgtY204aM4AA_zE
Agnai File Disclosure Vulnerability: JSON via Path Traversal
Ecosystems: npm
Packages: agnai
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 months ago
Low
GSA_kwCzR0hTQS0ycXE3LWZjaDItcGhxZs4AA_yk
Maven Archetype Plugin: Maven Archetype integration-test may package local settings into the published artifact, possibly containing credentials
Ecosystems: maven
Packages: org.apache.maven.plugins:maven-archetype-plugin
Source: GitHub Advisory Database
Blast Radius: 5.4
Published: about 2 months ago
Low
GSA_kwCzR0hTQS1mNWZ3LTI1Z3ctNW05Ms4AA_xF
Apache Hadoop: Temporary File Local Information Disclosure
Ecosystems: maven
Packages: org.apache.hadoop:hadoop-common
Source: GitHub Advisory Database
Blast Radius: 14.3
Published: about 2 months ago
Low
GSA_kwCzR0hTQS14OGgyLTI1NXEtamc0eM4AA_v1
Cross site scripting in Concrete CMS
Ecosystems: packagist
Packages: concrete5/concrete5
Source: GitHub Advisory Database
Blast Radius: 4.6
Published: about 2 months ago
Low
GSA_kwCzR0hTQS1xN3FyLTIycXctcHFneM4AA_wK
Cross site scripting in Concrete CMS
Ecosystems: packagist
Packages: concrete5/concrete5
Source: GitHub Advisory Database
Blast Radius: 4.1
Published: about 2 months ago
Low
GSA_kwCzR0hTQS1qaDY2LTM1NDUtdnBtN84AA_nI
Apache Druid: Users can provide MySQL JDBC properties not on allow list
Ecosystems: maven
Packages: org.apache.druid:druid
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 months ago
Low
GSA_kwCzR0hTQS1wNzJ3LXI2ZnYtNmc1aM4AA_m_
druid-pac4j, Apache Druid extension, has Padding Oracle vulnerability
Ecosystems: maven
Packages: org.apache.druid.extensions:druid-pac4j
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 2 months ago
Low
GSA_kwCzR0hTQS0yMzI2LXBmcGotdngzaM4AA_kC
lexical-core has multiple soundness issues
Ecosystems: cargo
Packages: lexical-core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 months ago
Low
GSA_kwCzR0hTQS14Z3E5LTdndzYtanI1cs4AA_j6
Mattermost Desktop App fails to sufficiently configure Electron Fuses
Ecosystems: npm
Packages: mattermost-desktop
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 months ago
Low
GSA_kwCzR0hTQS1tNmZ2LWptY2ctNGpmZ84AA_cZ
send vulnerable to template injection that can lead to XSS
Ecosystems: npm
Packages: send
Source: GitHub Advisory Database
Blast Radius: 33.5
Published: 2 months ago
Low
GSA_kwCzR0hTQS1jbTIyLTRnN3ctMzQ4cM4AA_cY
serve-static vulnerable to template injection that can lead to XSS
Ecosystems: npm
Packages: serve-static
Source: GitHub Advisory Database
Blast Radius: 33.5
Published: 2 months ago
Low
GSA_kwCzR0hTQS1xdzZoLXZnaDktajZ3eM4AA_cW
express vulnerable to XSS via response.redirect()
Ecosystems: npm
Packages: express
Source: GitHub Advisory Database
Blast Radius: 31.3
Published: 2 months ago
Low
GSA_kwCzR0hTQS1tOWdmLTM5N3ItaHdwZ84AA_YN
AngularJS allows attackers to bypass common image source restrictions
Ecosystems: npm
Packages: angular
Source: GitHub Advisory Database
Blast Radius: 22.8
Published: 2 months ago
Low
GSA_kwCzR0hTQS1tcW05LWM5NWgteDJwNs4AA_YR
AngularJS allows attackers to bypass common image source restrictions
Ecosystems: npm
Packages: angular
Source: GitHub Advisory Database
Blast Radius: 22.8
Published: 2 months ago
Low
GSA_kwCzR0hTQS1mdjRnLWd3cGotNzRncs4AA_VP
Path traversal vulnerability in stripe-cli
Ecosystems: go
Packages: github.com/stripe/stripe-cli
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 months ago
Low
GSA_kwCzR0hTQS1jcTM4LWpoNWYtMzdtcc4AA_TY
sigstore-go has an unbounded loop over untrusted input can lead to endless data attack
Ecosystems: go
Packages: github.com/sigstore/sigstore-go
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 months ago
Low
GSA_kwCzR0hTQS0yaDQ2LThnZjUtZm14ds4AA_S_
Timing-Based Username Enumeration Vulnerability in Fides Webserver Authentication
Ecosystems: pypi
Packages: ethyca-fides
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 months ago
Low
GSA_kwCzR0hTQS12MjZyLTRjOWMtaDNqNs4AA_QH
gix-path uses local config across repos when it is the highest scope
Ecosystems: cargo
Packages: gix-path
Source: GitHub Advisory Database
Blast Radius: 7.3
Published: 3 months ago
Low
GSA_kwCzR0hTQS1nNXh4LWM0aHYtOWNjY84AA_QE
CometBFT's state syncing validator from malicious node may lead to a chain split
Ecosystems: go
Packages: github.com/cometbft/cometbft, github.com/cometbft/cometbft/light
Source: GitHub Advisory Database
Blast Radius: 9.8
Published: 3 months ago
Low
GSA_kwCzR0hTQS03ajlwLTY3bW0tNWc4N84AA_D0
LTI 1.3 Grade Pass Back Implementation has Missing Authorization Vulnerability
Ecosystems: pypi
Packages: lti-consumer-xblock
Source: GitHub Advisory Database
Blast Radius: 6.3
Published: 3 months ago
Low
GSA_kwCzR0hTQS05Y2Z2LTk0NjMtOGdxds4AA_Dy
freewvs vulnerable to denial of service through large files
Ecosystems: pypi
Packages: freewvs
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
Low
GSA_kwCzR0hTQS03cG1oLXZyd3ctMjV4eM4AA_Dx
freewvs's nested directory structure can interrupt scan
Ecosystems: pypi
Packages: freewvs
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
Low
GSA_kwCzR0hTQS04OGcyLXI5cnctZzU1aM4AA-4b
gitoxide-core does not neutralize special characters for terminals
Ecosystems: cargo
Packages: gitoxide, gitoxide-core
Source: GitHub Advisory Database
Blast Radius: 0.8
Published: 3 months ago
Low
GSA_kwCzR0hTQS1ycGZyLTNtMzUtNXZ4Nc4AA-4a
Hono CSRF middleware can be bypassed using crafted Content-Type header
Ecosystems: npm
Packages: hono
Source: GitHub Advisory Database
Blast Radius: 14.1
Published: 3 months ago
Low
GSA_kwCzR0hTQS0zcjc0LXY4M3AtZjRmNM4AA-xT
Trufflehog vulnerable to Blind SSRF in some Detectors
Ecosystems: go
Packages: github.com/trufflesecurity/trufflehog/v3
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
Low
GSA_kwCzR0hTQS1oNmpxLXc0MzItajI2d84AA-ty
Silverpeas vulnerable to password complexity rule bypass
Ecosystems: maven
Packages: org.silverpeas.core:silverpeas-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 months ago
Low
GSA_kwCzR0hTQS1jNDd3LTltY2Ytdzk3Ms4AA-hx
Concrete CMS vulnerable to Stored Cross-site Scripting
Ecosystems: packagist
Packages: concrete5/concrete5
Source: GitHub Advisory Database
Blast Radius: 1.7
Published: 3 months ago
Low
GSA_kwCzR0hTQS1xNXd4LW05NXItNGNnY84AA-iF
Concrete CMS Stored Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: concrete5/concrete5
Source: GitHub Advisory Database
Blast Radius: 2.5
Published: 3 months ago
Low
GSA_kwCzR0hTQS13Nmo2LXc2angtdmYycs4AA-gS
Concrete CMS Stored XSS in getAttributeSetName
Ecosystems: packagist
Packages: concrete5/concrete5
Source: GitHub Advisory Database
Blast Radius: 1.7
Published: 3 months ago
Low
GSA_kwCzR0hTQS13OXBnLTdjM2gtZmM4as4AA-Xn
ipl/web's `ipl\Web\Common\CsrfCounterMeasure` is susceptible to CSRF
Ecosystems: packagist
Packages: ipl/web
Source: GitHub Advisory Database
Blast Radius: 2.4
Published: 4 months ago
Low
GSA_kwCzR0hTQS02MnFmLXFtM2ctZnZjd84AA-Xi
Apache Airflow Providers FAB Insufficient Session Expiration vulnerability
Ecosystems: pypi
Packages: apache-airflow-providers-fab
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 4 months ago
Low
GSA_kwCzR0hTQS00OXE3LWM3ajQtM3A3bc4AA-Vw
Elliptic allows BER-encoded signatures
Ecosystems: npm
Packages: elliptic
Source: GitHub Advisory Database
Blast Radius: 30.9
Published: 4 months ago
Statistics
Advisories: 20,668
Packages: 9,040
Repositories: 508
Ecosystems: 12
Filter by Severity
Moderate 8,836 High 7,269 Critical 3,070 Low 1,144
Filter by Ecosystem
pypi 476 maven 294 packagist 228 go 161 npm 156 cargo 63 rubygems 48 nuget 27 hex 3 actions 2 pub 1 swift 1
Filter by Package
tensorflow 105 tensorflow-cpu 105 tensorflow-gpu 105 moodle/moodle 24 concrete5/concrete5 19 typo3/cms 13 shopware/platform 12 github.com/mattermost/mattermost/server/v8 11 shopware/core 10 phpmyadmin/phpmyadmin 10 org.apache.tomcat:tomcat 9 org.jenkins-ci.main:jenkins-core 9 nova 9 wasmtime 7 Umbraco.CMS 7 puppet 6 vyper 6 ethyca-fides 6 undici 6 symfony/symfony 6 org.keycloak:keycloak-services 6 k8s.io/kubernetes 5 helm.sh/helm/v3 5 rack 5 magento/community-edition 5 sweetalert2 5 silverstripe/framework 5 october/backend 5 ansible 5 typo3/cms-core 5 baserproject/basercms 5 elliptic 5 zenml 4 shopware/shopware 4 com.vaadin:flow-server 4 github.com/cilium/cilium 4 simplesamlphp/simplesamlphp 4 actionpack 4 helm.sh/helm 4 github.com/mattermost/mattermost-server/v6 4 electron 4 com.vaadin:vaadin-bom 3 github.com/cosmos/cosmos-sdk 3 glance 3 org.graylog2:graylog2-server 3 matrix-synapse 3 github.com/mattermost/mattermost-server 3 langchain 3 bin-links 3 org.apache.hive:hive-exec 3 github.com/cometbft/cometbft 3 org.apache.hive:hive-service 3 org.apache.hive:hive 3 @openzeppelin/contracts-upgradeable 3 twig/twig 3 ckb 3 vantage6 3 cryptography 3 apache-airflow 3 typo3/cms-backend 3 nautobot 3 passenger 3 github.com/authzed/spicedb 3 go.etcd.io/etcd/v3 3 node-forge 3 salt 2 sylius/sylius 2 django 2 plone 2 symfony/http-foundation 2 keystone 2 com.inedo.proget:inedo-proget 2 angular 2 github.com/hashicorp/nomad 2 github.com/goharbor/harbor 2 github.com/opencontainers/runc 2 s2n-tls 2 github.com/sigstore/cosign 2 @openzeppelin/contracts 2 github.com/containerd/containerd 2 org.jenkins-ci.plugins:ec2 2 gilacms/gila 2 @apollo/server 2 ceph-deploy 2 winter/wn-backend-module 2 mattermost-desktop 2 microweber/microweber 2 serve-static 2 python-keystoneclient 2 github.com/hashicorp/vault 2 typo3/cms-frontend 2 tools.devnull:build-notifications 2 org.jenkins-ci.plugins:azure-ad 2 cargo 2 tribalsystems/zenario 2 next-auth 2 admidio/admidio 2 guarddog 2 Flask-Security-Too 2 org.jenkins-ci.plugins:artifactory 2 agnai 2 librenms/librenms 2 org.jenkins-ci.plugins:repository-connector 2 express 2 node-ipc 2 gradio 2 org.bouncycastle:bcprov-jdk14 2 go.etcd.io/etcd/client/v3 2 craftcms/cms 2 org.keycloak:keycloak-ldap-federation 2 Nova 2 freewvs 2 tuf 2 grumpydictator/firefly-iii 2 ezsystems/ezpublish-kernel 2 org.eclipse.jetty:jetty-servlets 2 github.com/docker/docker 2 aiohttp 2 typo3/cms-install 2 github.com/mutagen-io/mutagen 2 github.com/grafana/grafana 2 s2n-quic 2 github.com/ntbosscher/gobase 2 statamic/cms 2 send 2 ezsystems/ezplatform-kernel 2 OctoPrint 2 parse-server 2 org.jenkins-ci.plugins:wso2id-oauth 2 symfony/security-http 2 org.jenkins-ci.plugins:bigpanda-jenkins 2 org.xwiki.platform:xwiki-platform-oldcore 2 braces 2 org.apache.hadoop:hadoop-common 2 flarum/core 2 com.ruoyi:ruoyi 2 github.com/answerdev/answer 2 sequoia-openpgp 2 dbt-core 2 october/system 2 github.com/nats-io/nats-server/v2 2 Zope 2 october/cms 2 org.jenkins-ci.plugins:mercurial 2 org.apache.activemq:activemq-parent 2 org.eclipse.jetty:jetty-server 2 wagtail 2 horizon 2 activesupport 2 github.com/theupdateframework/go-tuf 1 com.programmingresearch:prqa-plugin 1 io.jenkins:configuration-as-code 1 org.jenkins-ci.plugins:cloudshare-docker 1 org.jenkins-ci.plugins:parameterized-trigger 1 connect 1 org.jvnet.hudson.plugins:ftppublisher 1 com.datapipe.jenkins.plugins:hashicorp-vault-plugin 1 org.jvnet.hudson.plugins:bugzilla 1 org.jenkins-ci.plugins:publish-over-ssh 1 @hapi/hoek 1 puma 1 org.jenkins-ci.plugins:Parameterized-Remote-Trigger 1 google-translate-api-browser 1 @vendure/core 1 graphql-shield 1 grpc-ts-health-check 1 org.apache.camel:camel-jira 1 apache-libcloud 1 github.com/docker/distribution 1 express-cart 1 pypop-genomics 1 org.jenkins-ci.plugins:weibo 1 org.jenkins-ci.plugins:support-core 1 public 1 go.temporal.io/server 1 @sentry/react-native 1 igniteui 1 com.vaadin:vaadin 1 org.apache.logging.log4j:log4j-core 1 org.apache.logging.log4j:log4j 1 org.jenkins-ci.plugins:coverity 1 hudson.plugins.octopusdeploy:octopusdeploy 1 teler.app 1 org.jvnet.hudson.plugins:ircbot 1 vxe-table 1 github.com/argoproj/argo-cd 1 @workos-inc/authkit-nextjs 1 pterodactyl/panel 1 io.jenkins.plugins:cavisson-ns-nd-integration 1 org.jenkins-ci.plugins:gitlab-plugin 1 mysql:mysql-connector-java 1 @workos-inc/authkit-remix 1 github.com/etcd-io/etcd 1 dalli 1 silverstripe/admin 1 org.eclipse.jetty:jetty-http 1 org.jenkins-ci.plugins:repo 1 org.jenkins-ci.plugins:git 1 remdex/livehelperchat 1 commons-fileupload:commons-fileupload 1
Filter by Repository
https://github.com/tensorflow/tensorflow 105 https://github.com/concretecms/concretecms 18 https://github.com/moodle/moodle 17 https://github.com/shopware/platform 12 https://github.com/openstack/nova 11 https://github.com/octobercms/october 9 https://github.com/keycloak/keycloak 9 https://github.com/etcd-io/etcd 8 https://github.com/umbraco/Umbraco-CMS 8 https://github.com/TYPO3/typo3 7 https://github.com/bytecodealliance/wasmtime 7 https://github.com/phpmyadmin/phpmyadmin 7 https://github.com/eclipse/jetty.project 7 https://github.com/symfony/symfony 7 https://github.com/vyperlang/vyper 6 https://github.com/ansible/ansible 6 https://github.com/nodejs/undici 6 https://github.com/rails/rails 6 https://github.com/ethyca/fides 6 https://github.com/xwiki/xwiki-platform 5 https://github.com/rack/rack 5 https://github.com/puppetlabs/puppet 5 https://github.com/baserproject/basercms 5 https://github.com/kubernetes/kubernetes 5 https://github.com/indutny/elliptic 5 https://github.com/helm/helm 5 https://github.com/apache/airflow 5 https://github.com/jenkinsci/jenkins 5 https://github.com/mattermost/mattermost 5 https://github.com/sweetalert2/sweetalert2 5 https://github.com/shopware/shopware 4 https://github.com/electron/electron 4 https://github.com/vaadin/platform 4 https://github.com/apache/tomcat 4 https://github.com/vantage6/vantage6 4 https://github.com/wintercms/winter 4 https://github.com/silverstripe/silverstripe-framework 4 https://github.com/cilium/cilium 4 https://github.com/simplesamlphp/simplesamlphp 4 https://github.com/nervosnetwork/ckb 3 https://github.com/matrix-org/synapse 3 https://github.com/Graylog2/graylog2-server 3 https://github.com/CVEProject/cvelist 3 https://github.com/cometbft/cometbft 3 https://github.com/nautobot/nautobot 3 https://github.com/openstack/keystone 3 https://github.com/pyca/cryptography 3 https://github.com/digitalbazaar/forge 3 https://gitlab.com/sequoia-pgp/sequoia 3 https://github.com/twigphp/Twig 3 https://github.com/zenml-io/zenml 3 https://github.com/phusion/passenger 3 https://github.com/authzed/spicedb 3 https://github.com/cosmos/cosmos-sdk 3 https://github.com/Byron/gitoxide 3 https://github.com/vaadin/flow 3 https://github.com/containerd/containerd 2 https://github.com/micromatch/braces 2 https://github.com/zopefoundation/Zope 2 https://github.com/opencontainers/runc 2 https://github.com/hashicorp/nomad 2 https://github.com/openstack/horizon 2 https://github.com/sigstore/cosign 2 https://github.com/firefly-iii/firefly-iii 2 https://github.com/Sylius/Sylius 2 https://github.com/TYPO3/TYPO3.CMS 2 https://github.com/rust-lang/cargo 2 https://github.com/RIAEvangelist/node-ipc 2 https://github.com/opencontainers/distribution-spec 2 https://github.com/OpenZeppelin/openzeppelin-contracts 2 https://github.com/apache/druid 2 https://github.com/gradio-app/gradio 2 https://github.com/ntbosscher/gobase 2 https://github.com/moby/moby 2 https://github.com/openstack/glance 2 https://github.com/nats-io/nats-server 2 https://github.com/librenms/librenms 2 https://github.com/langchain-ai/langchain 2 https://github.com/nextauthjs/next-auth 2 https://github.com/django/django 2 https://github.com/apache/activemq 2 https://github.com/bcgit/bc-java 2 https://github.com/aws/s2n-tls 2 https://github.com/octoprint/octoprint 2 https://github.com/mutagen-io/mutagen 2 https://github.com/dbt-labs/dbt-core 2 https://github.com/quarkusio/quarkus 2 https://github.com/Alexhuszagh/rust-lexical 2 https://github.com/aio-libs/aiohttp 2 https://github.com/Flask-Middleware/flask-security 2 https://github.com/schokokeksorg/freewvs 2 https://github.com/wagtail/wagtail 2 https://github.com/goharbor/harbor 2 https://github.com/theupdateframework/python-tuf 2 https://github.com/aws/s2n-quic 2 https://github.com/saltstack/salt 2 https://github.com/statamic/cms 2 https://github.com/jenkinsci/ec2-plugin 2 https://github.com/agnaistic/agnai 2 https://github.com/expressjs/express 2 https://github.com/DataDog/guarddog 2 https://github.com/expressjs/serve-static 2 https://github.com/apollographql/apollo-server 2 https://github.com/ceph/ceph-deploy 2 https://github.com/answerdev/answer 2 https://github.com/craftcms/cms 2 https://github.com/dfns/cggmp21 2 https://github.com/GilaCMS/gila 2 https://github.com/parse-community/parse-server 2 https://github.com/ezsystems/ezplatform-kernel 2 https://github.com/flarum/framework 2 https://github.com/microweber/microweber 2 https://github.com/mganss/HtmlSanitizer 1 https://github.com/knative-extensions/eventing-gitlab 1 https://github.com/paragonie/random_compat 1 https://github.com/mautic/mautic 1 https://github.com/fog/fog 1 https://github.com/x-extends/vxe-table 1 https://github.com/open-webui/open-webui 1 https://github.com/crossplane/crossplane 1 https://github.com/aldanor/fast-float-rust 1 https://github.com/aws/aws-dynamodb-encryption-python 1 https://gitlab.com/gitlab-org/cves 1 https://github.com/ipython/ipython 1 https://github.com/C2FO/fast-csv 1 https://github.com/jshttp/cookie 1 https://github.com/pterodactyl/panel 1 https://github.com/biscuit-auth/biscuit-rust 1 https://github.com/auth0/lock 1 https://github.com/plone/plone.namedfile 1 https://github.com/jenkinsci/support-core-plugin 1 https://github.com/artifacthub/hub 1 https://github.com/slsa-framework/slsa-verifier 1 https://github.com/Icinga/ipl-web 1 https://github.com/onelogin/php-saml 1 https://github.com/cloudflare/tableflip 1 https://github.com/joniles/mpxj 1 https://github.com/risc0/risc0 1 https://github.com/isaacs/chownr 1 https://github.com/apache/lucene-solr 1 https://github.com/silverstripe/silverstripe-omnipay 1 https://github.com/IncludeSecurity/safeurl-python 1 https://github.com/gayanhewa/sailsjs-cacheman 1 https://github.com/ethereum/web3.js 1 https://github.com/jenkinsci/gitlab-branch-source-plugin 1 https://github.com/tektoncd/pipeline 1 https://github.com/personnummer/python 1 https://github.com/DataDog/datadog-api-client-java 1 https://github.com/fluture-js/fluture-node 1 https://github.com/sparklemotion/nokogiri 1 https://github.com/louislam/uptime-kuma 1 https://github.com/npm/npm-user-validate 1 https://github.com/jenkinsci/coverity-plugin 1 https://github.com/wiremock/wiremock 1 https://github.com/kimai/kimai 1 https://github.com/actions/toolkit 1 https://github.com/dfns/paillier-zk 1 https://github.com/SteeltoeOSS/security-advisories 1 https://github.com/aws/aws-encryption-sdk-cli 1 https://github.com/sjwall/mdx-mermaid 1 https://github.com/grpc/grpc-go 1 https://github.com/DataDog/dd-trace-php 1 https://github.com/ory/oathkeeper 1 https://github.com/topgrade-rs/topgrade 1 https://github.com/moment/moment-timezone 1 https://github.com/jenkinsci/parameterized-trigger-plugin 1 https://github.com/Qiskit/qiskit-ibm-runtime 1 https://github.com/step-security/harden-runner 1 https://github.com/petergoldstein/dalli 1 https://github.com/syncthing/syncthing 1 https://github.com/apache/maven-archetype 1 https://github.com/mportuga/eslint-detailed-reporter 1 https://github.com/evmos/evmos 1 https://github.com/screetsec/VDD 1 https://github.com/huandu/facebook 1 https://github.com/sigstore/gitsign 1 https://github.com/jenkinsci/meliora-testlab-plugin 1 https://github.com/ruby/rdoc 1 https://github.com/visionmedia/send 1 https://github.com/DSpace/DSpace 1 https://github.com/Katello/katello 1 https://github.com/mapfish/mapfish-print 1 https://github.com/snapcore/snapd 1 https://github.com/snipe/snipe-it 1 https://github.com/matrix-org/matrix-appservice-irc 1 https://github.com/plannigan/hyper-bump-it 1 https://github.com/zestedesavoir/zmarkdown 1 https://github.com/jenkinsci/aws-device-farm-plugin 1 https://github.com/bytecodealliance/cap-std 1 https://github.com/personnummer/java 1 https://github.com/gsemac/Gsemac.Common 1 https://github.com/parallaxsecond/parsec 1 https://github.com/python-pillow/Pillow 1 https://github.com/tokio-rs/tokio 1 https://github.com/personnummer/js 1 https://github.com/erelsgl/limdu 1 https://github.com/sbt/sbt 1 https://github.com/personnummer/rust 1 https://github.com/jenkinsci/snsnotify-plugin 1