Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories

Browse all Security Advisories for

Loading...
Moderate
GSA_kwCzR0hTQS05ZjI0LWpydjQtZjhnNc4AA-Y1
Meshery SQL Injection vulnerability
Ecosystems: go
Packages: github.com/layer5io/meshery
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS1oN2NtLWp2cHAtNjl4Zs4AA-Y3
Meshery SQL Injection vulnerability
Ecosystems: go
Packages: github.com/layer5io/meshery
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 4 months ago
High
GSA_kwCzR0hTQS1xZ2o4LWc5cTQtN2YycM4AA-Yz
gotortc vulnerable to Cross-Site Request Forgery
Ecosystems: go
Packages: github.com/AlexxIT/go2rtc
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS13djh4LTN3NnItNmg3ds4AA-Yw
gotortc Cross-site Scripting vulnerability
Ecosystems: go
Packages: github.com/AlexxIT/go2rtc
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS1yaDRyLWY3Zjctcjk5bc4AA-Yy
gotortc Cross-site Scripting vulnerability
Ecosystems: go
Packages: github.com/AlexxIT/go2rtc
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS05Y3FtLW1ndjktdnY5as4AA-Yt
memos vulnerable to Server-Side Request Forgery and Cross-site Scripting
Ecosystems: go
Packages: github.com/usememos/memos
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS02NWZtLTJqZ3Itajdxcc4AA-Yu
memos vulnerable to Server-Side Request Forgery in /api/resource
Ecosystems: go
Packages: github.com/usememos/memos
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 4 months ago
High
GSA_kwCzR0hTQS02NTJyLXEyOXAtbTI1aM4AA-Yx
Meshery SQL Injection vulnerability
Ecosystems: go
Packages: github.com/layer5io/meshery
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS02ZmNmLWczbXAteGoyeM4AA-Yq
memos vulnerable to Server-Side Request Forgery in /o/get/httpmeta
Ecosystems: go
Packages: github.com/usememos/memos
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 4 months ago
Critical
GSA_kwCzR0hTQS1xZjNxLTlmM2gtY2pwOc4AA-Ys
NextChat has full-read SSRF and XSS vulnerability in /api/cors endpoint
Ecosystems: npm
Packages: nextchat
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 4 months ago
High
GSA_kwCzR0hTQS12OTl3LXI1NmgtZzIzds4AA-Yr
Owncast Cross-Site Request Forgery vulnerability
Ecosystems: go
Packages: github.com/owncast/owncast
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 months ago
High
GSA_kwCzR0hTQS02aDUzLXE5NGotMzQ4d84AA-Yo
RobotsAndPencils go-saml authentication bypass vulnerability
Ecosystems: go
Packages: github.com/RobotsAndPencils/go-saml
Source: GitHub Advisory Database
Blast Radius: 11.8
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS13dzdwLThnZmctdjgycs4AA-Ym
Scrypted Cross-site Scripting vulnerability
Ecosystems: npm
Packages: @scrypted/core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 months ago
Critical
GSA_kwCzR0hTQS00aHZjLXF3cjItZjhyds4AA-Yl
Redisson vulnerable to Deserialization of Untrusted Data
Ecosystems: maven
Packages: org.redisson:redisson
Source: GitHub Advisory Database
Blast Radius: 35.9
Published: 4 months ago
Critical
GSA_kwCzR0hTQS1mOTg0LTN3eDgtZ3JwOc4AA-Yn
XXL-RPC Deserialization of Untrusted Data vulnerability
Ecosystems: maven
Packages: com.xuxueli:xxl-rpc-core
Source: GitHub Advisory Database
Blast Radius: 20.3
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS14bWhoLXhyY2MtbXgzNs4AA-Yp
Scrypted Cross-site Scripting vulnerability
Ecosystems: npm
Packages: @scrypted/server
Source: GitHub Advisory Database
Blast Radius: 3.7
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS1wNzhoLW04cHYtZzlnbc4AA-Yj
Apereo CAS vulnerable to credential leaks for LDAP authentication
Ecosystems: maven
Packages: org.apereo.cas:cas-server-support-x509-core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS13aHIyLTl4NWYtNWM3Oc4AA-Yk
Alpine allows Authentication Filter bypass
Ecosystems: maven
Packages: us.springett:alpine
Source: GitHub Advisory Database
Blast Radius: 4.9
Published: 4 months ago
High
GSA_kwCzR0hTQS0ydzRwLTJoZjctZ2g4eM4AA-Yh
Alpine allows URL access filter bypass
Ecosystems: maven
Packages: us.springett:alpine
Source: GitHub Advisory Database
Blast Radius: 6.8
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS01ZndxLTl4N2otMnFwZ84AA-Yg
lorawan-stack Open Redirect vulnerability
Ecosystems: go
Packages: go.thethings.network/lorawan-stack/v3
Source: GitHub Advisory Database
Blast Radius: 6.1
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS02bXZqLTI1NjktM21jbc4AA-Yi
Editor.js vulnerable to Code Injection
Ecosystems: npm
Packages: @editorjs/editorjs
Source: GitHub Advisory Database
Blast Radius: 18.9
Published: 4 months ago
High
GSA_kwCzR0hTQS1jeGd2LXB4MzctNG1wMs4AA-Yf
Nuxt Icon affected by a Server-Side Request Forgery (SSRF)
Ecosystems: npm
Packages: @nuxt/icon
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 4 months ago
Critical
GSA_kwCzR0hTQS12Nzg0LWZqamgtZjhyNM4AA-Ye
Nuxt vulnerable to remote code execution via the browser when running the test locally
Ecosystems: npm
Packages: nuxt
Source: GitHub Advisory Database
Blast Radius: 42.7
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS12ZjZyLTg3cTQtMnZqZs4AA-Yd
nuxt vulnerable to Cross-site Scripting in navigateTo if used after SSR
Ecosystems: npm
Packages: nuxt
Source: GitHub Advisory Database
Blast Radius: 30.6
Published: 4 months ago
High
GSA_kwCzR0hTQS1yY3ZnLXJnZjctcHBwds4AA-Yc
Nuxt Devtools has a Path Traversal: '../filedir'
Ecosystems: npm
Packages: @nuxt/devtools
Source: GitHub Advisory Database
Blast Radius: 31.4
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS1oNHhmLXd4OTktam12NM4AA-Yb
Microweber Cross Site Scripting (XSS) vulnerability
Ecosystems: packagist
Packages: microweber/microweber
Source: GitHub Advisory Database
Blast Radius: 4.3
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS1oZjY2LXhmZ2otNDJnOM4AA-YZ
Microweber Cross Site Scripting (XSS) vulnerability
Ecosystems: packagist
Packages: microweber/microweber
Source: GitHub Advisory Database
Blast Radius: 4.3
Published: 4 months ago
High
GSA_kwCzR0hTQS02dmptLTU0dnAtbXhoeM4AA-YR
Juju's unprivileged user running on charm node can leak any secret or relation data accessible to the local charm
Ecosystems: go
Packages: github.com/juju/juju
Source: GitHub Advisory Database
Blast Radius: 9.8
Published: 4 months ago
High
GSA_kwCzR0hTQS0zd2ZqLTN4OHEtaHJwZ84AA-YQ
Kubean vulnerable to cluster-level privilege escalation
Ecosystems: go
Packages: github.com/kubean-io/kubean
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS1xdjM1LTNndzYtOHE0as4AA-Xo
In regclient, pinned manifest digests may be ignored
Ecosystems: go
Packages: github.com/regclient/regclient
Source: GitHub Advisory Database
Blast Radius: 6.3
Published: 4 months ago
Low
GSA_kwCzR0hTQS13OXBnLTdjM2gtZmM4as4AA-Xn
ipl/web's `ipl\Web\Common\CsrfCounterMeasure` is susceptible to CSRF
Ecosystems: packagist
Packages: ipl/web
Source: GitHub Advisory Database
Blast Radius: 2.4
Published: 4 months ago
Low
GSA_kwCzR0hTQS02MnFmLXFtM2ctZnZjd84AA-Xi
Apache Airflow Providers FAB Insufficient Session Expiration vulnerability
Ecosystems: pypi
Packages: apache-airflow-providers-fab
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 4 months ago
High
GSA_kwCzR0hTQS1mZnhnLTVmOG0taDcyas4AA-XU
Rocket.Chat Server-Side Request Forgery (SSRF) vulnerability
Ecosystems: npm
Packages: rocket.chat
Source: GitHub Advisory Database
Blast Radius: 19.1
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS1mNmNqLTRoM2ctaHdxNM4AA-Wv
APM Server vulnerable to Insertion of Sensitive Information into Log File
Ecosystems: go
Packages: github.com/elastic/apm-server
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS0yZnFyLWN4N3EtM3BoOM4AA-Wi
openstack-heat may disclose sensitive information
Ecosystems: pypi
Packages: openstack-heat
Source: GitHub Advisory Database
Blast Radius: 5.2
Published: 4 months ago
High
GSA_kwCzR0hTQS1ycGNjLXA4eG0tcmM2cM4AA-Wh
Podman vulnerable to memory-based denial of service
Ecosystems: go
Packages: github.com/containers/podman/v4, github.com/containers/podman/v3, github.com/containers/podman/v2, github.com/containers/podman, github.com/containers/podman/v5
Source: GitHub Advisory Database
Blast Radius: 9.1
Published: 4 months ago
High
GSA_kwCzR0hTQS1mcnZqLWNmcTQtMzIyOM4AA-Wa
Path traversal in Reposilite javadoc file expansion (arbitrary file creation/overwrite) (`GHSL-2024-073`)
Ecosystems: maven
Packages: com.reposilite:reposilite-backend
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 4 months ago
High
GSA_kwCzR0hTQS05dzh3LTM0dnItNjVqMs4AA-WZ
Reposilite artifacts vulnerable to Stored Cross-site Scripting
Ecosystems: maven
Packages: com.reposilite:reposilite-backend
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 4 months ago
High
GSA_kwCzR0hTQS1tNDQ1LXczeHItdnAyZs4AA-WG
soft-serve vulnerable to arbitrary code execution by crafting git-lfs requests
Ecosystems: go
Packages: github.com/charmbracelet/soft-serve
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS01ODY2LTQ5Z3ItMjJ2NM4AA-WF
REXML DoS vulnerability
Ecosystems: rubygems
Packages: rexml
Source: GitHub Advisory Database
Blast Radius: 40.7
Published: 4 months ago
High
GSA_kwCzR0hTQS1xZmYyLThxdzctaGN2d84AA-V1
Apache Inlong Code Injection vulnerability
Ecosystems: maven
Packages: org.apache.inlong:tubemq-core
Source: GitHub Advisory Database
Blast Radius: 11.7
Published: 4 months ago
High
GSA_kwCzR0hTQS12MzUyLXJnMzctNXE1bc4AA-V7
Apache Linkis vulnerable to privilege escalation
Ecosystems: maven
Packages: org.apache.linkis:linkis
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 4 months ago
High
GSA_kwCzR0hTQS1qNnZ4LXI3N2gtNDR3Y84AA-V6
Apache Linkis arbitrary file deletion vulnerability
Ecosystems: maven
Packages: org.apache.linkis:linkis
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 4 months ago
Low
GSA_kwCzR0hTQS1mN3E0LXB3YzYtdzI0cM4AA-Vu
Elliptic's EDDSA missing signature length check
Ecosystems: npm
Packages: elliptic
Source: GitHub Advisory Database
Blast Radius: 30.9
Published: 4 months ago
Low
GSA_kwCzR0hTQS05Nzd4LWc3aDUtN3Fnd84AA-Vv
Elliptic's ECDSA missing check for whether leading bit of r and s is zero
Ecosystems: npm
Packages: elliptic
Source: GitHub Advisory Database
Blast Radius: 30.9
Published: 4 months ago
Low
GSA_kwCzR0hTQS00OXE3LWM3ajQtM3A3bc4AA-Vw
Elliptic allows BER-encoded signatures
Ecosystems: npm
Packages: elliptic
Source: GitHub Advisory Database
Blast Radius: 30.9
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS01Y2Y3LWN4cmYtbXE3M84AA-Vi
Bostr Improper Authorization vulnerability
Ecosystems: npm
Packages: bostr
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS1yNTVjLTU5cW0tdmp3Ns4AA-U_
REXML DoS vulnerability
Ecosystems: rubygems
Packages: rexml
Source: GitHub Advisory Database
Blast Radius: 40.7
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS1ocm14LThqanYtZzc1OM4AA-U4
Navidrome uses MD5 hashing algorithm
Ecosystems: go
Packages: github.com/navidrome/navidrome
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 months ago
Low
GSA_kwCzR0hTQS0zY3BmLWptbWMtOGptM84AA-Us
Concrete CMS vulnerable to Stored Cross-site Scripting
Ecosystems: packagist
Packages: concrete5/concrete5
Source: GitHub Advisory Database
Blast Radius: 2.6
Published: 4 months ago
High
GSA_kwCzR0hTQS12dzdnLTNjYzctN3JtaM4AA-Uh
cortex establishes TLS connections with `InsecureSkipVerify` set to `true`
Ecosystems: go
Packages: github.com/cortexproject/cortex
Source: GitHub Advisory Database
Blast Radius: 20.8
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS02N2Z3LXc4ZjItODh3cM4AA-Ub
casdoor's use of`ssh.InsecureIgnoreHostKey()` disables host key verification
Ecosystems: go
Packages: github.com/casdoor/casdoor
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 months ago
High
GSA_kwCzR0hTQS05djM1LTR4Y3ItdzlwaM4AA-Ud
NetBird uses a static initialization vector (IV)
Ecosystems: go
Packages: github.com/netbirdio/netbird
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS12ZzZxLTg0cDgtcXZxaM4AA-UW
Mattermost allows a user on a remote to set their remote username prop to an arbitrary string
Ecosystems: go
Packages: github.com/mattermost/mattermost/server/v8
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS12dnBnLTU1cDctNWg4d84AA-UY
Mattermost did not properly restrict channel creation
Ecosystems: go
Packages: github.com/mattermost/mattermost/server/v8
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 months ago
High
GSA_kwCzR0hTQS12ZzY3LWNobTctOG0zas4AA-UZ
Mattermost allows remote actor to create/update/delete posts in arbitrary channels
Ecosystems: go
Packages: github.com/mattermost/mattermost/server/v8
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS1qcjl4LTN4N20tNGo3Nc4AA-UT
Mattermost allows a remote actor to make an arbitrary local channel read-only
Ecosystems: go
Packages: github.com/mattermost/mattermost/server/v8
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 months ago
Critical
GSA_kwCzR0hTQS1xMjJxLTJycmYtbTI3cM4AA-UU
Mattermost allows unsolicited invites to expose access to local channels
Ecosystems: go
Packages: github.com/mattermost/mattermost/server/v8
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS03NjJtLTRjeDYtNm1mNM4AA-UV
Mattermost allows a remote actor to permanently delete local data by abusing dangerous error handling
Ecosystems: go
Packages: github.com/mattermost/mattermost/server/v8
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS05ZnB3LWM5eDctY3Yzas4AA-Ua
Mattermost allows remote actor to set arbitrary RemoteId values for synced users
Ecosystems: go
Packages: github.com/mattermost/mattermost/server/v8
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS01Nm1jLWY5dzctMnd4cc4AA-UQ
Mattermost failed to disallow the modification of local users when syncing users in shared channels
Ecosystems: go
Packages: github.com/mattermost/mattermost/server/v8
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS1qcTNnLXhxcHgtMzd4M84AA-UR
Mattermost failed to properly validate synced reactions
Ecosystems: go
Packages: github.com/mattermost/mattermost/server/v8
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 months ago
Critical
GSA_kwCzR0hTQS1jbWM4LTIyMmMtdnFwOc4AA-US
Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel
Ecosystems: go
Packages: github.com/mattermost/mattermost/server/v8
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 months ago
High
GSA_kwCzR0hTQS1tcHZ4LXdocHAtOTl4as4AA-TO
Filestash skips TLS certificate verification process when sending out email verification codes
Ecosystems: go
Packages: github.com/mickael-kerjean/filestash
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 months ago
High
GSA_kwCzR0hTQS13cjNwLXI1Zmotd2Y5N84AA-TI
Beego privilege escalation vulnerability
Ecosystems: go
Packages: github.com/beego/beego/v2
Source: GitHub Advisory Database
Blast Radius: 22.9
Published: 4 months ago
High
GSA_kwCzR0hTQS00am1tLWM2anctZzc5Ns4AA-TP
Filestash configured to skip TLS certificate verification when using the FTPS protocol
Ecosystems: go
Packages: github.com/mickael-kerjean/filestash
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 months ago
High
GSA_kwCzR0hTQS1yNnFoLWo0MmotcHc2NM4AA-TJ
Beego privilege escalation vulnerability
Ecosystems: go
Packages: github.com/beego/beego/v2
Source: GitHub Advisory Database
Blast Radius: 22.9
Published: 4 months ago
Low
GSA_kwCzR0hTQS1wOXc0LTU4NWgtZzNjN84AA-TH
biscuit-auth vulnerable to public key confusion in third party block
Ecosystems: cargo
Packages: biscuit-auth
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS0yNThoLWY2ODctNDIyNs4AA-TG
PheonixAppAPI has visible Encoding Maps
Ecosystems: pypi
Packages: PheonixAppAPI
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS01Njd2LTZobWctNnFnN84AA-TF
ZITADEL "ignoring unknown usernames" vulnerability
Ecosystems: go
Packages: github.com/zitadel/zitadel
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS12MzMzLTdoMnAtNWZods4AA-TE
ZITADEL has improper HTML sanitization in emails and Console UI
Ecosystems: go
Packages: github.com/zitadel/zitadel
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS04bTlqLTJmMzItMnZ4NM4AA-TD
MobSF vulnerable to Open Redirect in Login Redirect
Ecosystems: pypi
Packages: mobsf
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS01NXA3LXYyMjMteDM2Ns4AA-TC
IdentityServer Open Redirect vulnerability
Ecosystems: nuget
Packages: IdentityServer4
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 4 months ago
High
GSA_kwCzR0hTQS1oeDl2LTZyOWYtdzY3N84AA-TB
Insecure Jinja2 templates rendered in Haystack Components can lead to RCE
Ecosystems: pypi
Packages: haystack-ai
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS01aGNqLXJ3bTYteG13NM4AA-TA
biscuit-java vulnerable to public key confusion in third party block
Ecosystems: maven
Packages: org.biscuitsec:biscuit
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS01djhmLXh4OW0td2o0NM4AA-S-
Elasticsearch stores private key on disk unencrypted
Ecosystems: maven
Packages: org.elasticsearch:elasticsearch
Source: GitHub Advisory Database
Blast Radius: 20.9
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS1nYzVoLTZqeDktcTJxaM4AA-S4
eZ Platform Admin UI vulnerable to DOM-based Cross-site Scripting in file upload widget
Ecosystems: packagist
Packages: ezsystems/ezplatform-admin-ui
Source: GitHub Advisory Database
Blast Radius: 11.3
Published: 4 months ago
Critical
GSA_kwCzR0hTQS02OTJ2LTc4M2YtbWc4eM4AA-S3
XWiki Platform vulnerable to Cross-Site Scripting (XSS) through conflict resolution
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-web-templates
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 4 months ago
High
GSA_kwCzR0hTQS1odzI4LTMzM3ctcXhwM84AA-S2
Harbor fails to validate the user permissions when updating project configurations
Ecosystems: go
Packages: github.com/goharbor/harbor
Source: GitHub Advisory Database
Blast Radius: 3.3
Published: 4 months ago
High
GSA_kwCzR0hTQS1yNDloLTZxeHEtNjI0Zs4AA-S1
Weave server API vulnerable to arbitrary file leak
Ecosystems: pypi
Packages: weave
Source: GitHub Advisory Database
Blast Radius: 10.1
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS1mZjRxLTY0amMtZ3g5OM4AA-Sq
IdentityServer Open Redirect vulnerability
Ecosystems: nuget
Packages: IdentityServer4, Duende.IdentityServer
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS1xbTQ0LXdqbTItcHI1Oc4AA-Sp
Ibexa Admin UI vulnerable to DOM-based Cross-site Scripting in file upload widget
Ecosystems: packagist
Packages: ibexa/admin-ui
Source: GitHub Advisory Database
Blast Radius: 6.0
Published: 4 months ago
Critical
GSA_kwCzR0hTQS1oNjNoLTVjNzctNzdwNc4AA-So
XWiki Platform vulnerable to remote code execution from account via SearchSuggestConfigSheet
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-search-ui
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 4 months ago
High
GSA_kwCzR0hTQS13ZjN4LWpjY2YtNWc1Z84AA-Sn
XWiki Platform vulnerable to Cross-site Scripting through attachment filename in uploader
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-web-war
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS0zM2dwLWdtZzMtaGZwcc4AA-Sm
XWiki Platform vulnerable to document deletion and overwrite from edit
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-oldcore
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS14aHF3LTRoY3EtZmN2cs4AA-SU
Bolt CMS Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: bolt/bolt
Source: GitHub Advisory Database
Blast Radius: 8.3
Published: 4 months ago
High
GSA_kwCzR0hTQS0yOG1jLWc1NTctOTJtN84AA-RZ
@75lb/deep-merge Prototype Pollution vulnerability
Ecosystems: npm
Packages: @75lb/deep-merge
Source: GitHub Advisory Database
Blast Radius: 18.1
Published: 4 months ago
Low
GSA_kwCzR0hTQS0zamNnLXZ4N2YtajZxZs4AA-RP
The fuels-ts typescript SDK has no awareness of to-be-spent transactions
Ecosystems: npm
Packages: @fuel-ts/account
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 4 months ago
High
GSA_kwCzR0hTQS1namg3LXh4NHIteDM0Nc4AA-RO
TensorFlow has segfault in array_ops.upper_bound
Ecosystems: pypi
Packages: tensorflow-gpu, tensorflow-cpu, tensorflow
Source: GitHub Advisory Database
Blast Radius: 36.5
Published: 4 months ago
High
GSA_kwCzR0hTQS0zaDlmLW1tMngtNGo1OM4AA-Q_
Studio 42 elFinder vulnerable to Incorrect Access Control
Ecosystems: packagist
Packages: studio-42/elfinder
Source: GitHub Advisory Database
Blast Radius: 30.7
Published: 4 months ago
Critical
GSA_kwCzR0hTQS13bTI1LWo0Z3ctNnZyM84AA-Q9
pREST vulnerable to jwt bypass + sql injection
Ecosystems: go
Packages: github.com/prest/prest
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS1meDZqLTlwcDYtcGgzNs4AA-Q8
Pimcore vulnerable to disclosure of system and database information behind /admin firewall
Ecosystems: packagist
Packages: pimcore/admin-ui-classic-bundle
Source: GitHub Advisory Database
Blast Radius: 5.3
Published: 4 months ago
Critical
GSA_kwCzR0hTQS12MjN2LTZqdzItOThmcc4AA-Q4
Authz zero length regression
Ecosystems: go
Packages: github.com/docker/docker
Source: GitHub Advisory Database
Blast Radius: 46.0
Published: 4 months ago
High
GSA_kwCzR0hTQS1jcDJjLXgycGMtZnBoN84AA-QI
Apache SeaTunnel Web Authentication vulnerability
Ecosystems: maven
Packages: org.apache.seatunnel:seatunnel-web
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 4 months ago
High
GSA_kwCzR0hTQS1oOW1xLWY2cTUtNmM4bc4AA-Pa
GraphQL Java does not properly consider ExecutableNormalizedFields (ENFs) as part of preventing denial of service
Ecosystems: maven
Packages: com.graphql-java:graphql-java
Source: GitHub Advisory Database
Blast Radius: 24.2
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS1wOWYyLWpnOXctY3g2Oc4AA-Nf
Aim Stored Cross-site Scripting Vulnerability
Ecosystems: pypi
Packages: aim
Source: GitHub Advisory Database
Blast Radius: 13.0
Published: 4 months ago
High
GSA_kwCzR0hTQS1tcGc0LXJjOTItdng4ds4AA-Mb
fast-xml-parser vulnerable to ReDOS at currency parsing
Ecosystems: npm
Packages: fast-xml-parser
Source: GitHub Advisory Database
Blast Radius: 39.0
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS1jZjU2LWc2dzYtcHFxMs4AA-Ma
Twisted vulnerable to HTML injection in HTTP redirect body
Ecosystems: pypi
Packages: twisted
Source: GitHub Advisory Database
Blast Radius: 24.0
Published: 4 months ago
High
GSA_kwCzR0hTQS1jM2g0LTlnYzItZjdoNM4AA-MZ
tgstation-server's DreamMaker environment files outside the deployment directory can be compiled and ran by insufficiently permissioned users
Ecosystems: nuget
Packages: Tgstation.Server.Host, Tgstation.Server.Api
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS01dnJwLTYzOHctcDhtMs4AA-MY
Magento LTS vulnerable to stored Cross-site Scripting (XSS) in admin system configs
Ecosystems: packagist
Packages: openmage/magento-lts
Source: GitHub Advisory Database
Blast Radius: 6.1
Published: 4 months ago
Statistics
Advisories: 20,713
Packages: 9,066
Repositories: 5,542
Ecosystems: 12
Filter by Severity
Moderate 8,860 High 7,285 Critical 3,071 Low 1,148
Filter by Ecosystem
maven 5,870 packagist 4,634 pypi 4,392 npm 3,814 go 2,299 nuget 1,552 cargo 888 rubygems 880 swift 33 hex 32 actions 20 pub 9
Filter by Package
tensorflow 433 tensorflow-gpu 427 tensorflow-cpu 423 moodle/moodle 367 Microsoft.ChakraCore 247 magento/community-edition 235 org.jenkins-ci.main:jenkins-core 193 typo3/cms 174 org.apache.tomcat:tomcat 132 pimcore/pimcore 118 dolibarr/dolibarr 113 typo3/cms-core 106 Django 100 microweber/microweber 94 phpmyadmin/phpmyadmin 92 drupal/core 92 apache-airflow 85 silverstripe/framework 85 drupal/drupal 78 librenms/librenms 74 Plone 72 thorsten/phpmyfaq 70 symfony/symfony 69 com.fasterxml.jackson.core:jackson-databind 69 github.com/usememos/memos 64 ansible 63 github.com/mattermost/mattermost/server/v8 61 actionpack 60 concrete5/concrete5 60 salt 56 org.apache.struts:struts2-core 55 shopware/platform 52 apache-superset 51 org.keycloak:keycloak-core 51 github.com/grafana/grafana 49 baserproject/basercms 47 nova 47 com.liferay.portal:release.portal.bom 46 craftcms/cms 46 mlflow 46 django 44 nokogiri 43 rdiffweb 42 plone 41 showdoc/showdoc 40 shopware/core 40 intelliants/subrion 39 froxlor/froxlor 38 github.com/rancher/rancher 38 org.apache.tomcat.embed:tomcat-embed-core 38 vyper 38 nilsteampassnet/teampass 37 github.com/hashicorp/vault 37 org.xwiki.platform:xwiki-platform-oldcore 37 mautic/core 37 com.thoughtworks.xstream:xstream 37 github.com/mattermost/mattermost-server/v6 37 com.jfinal:jfinal 36 k8s.io/kubernetes 36 org.keycloak:keycloak-services 36 org.elasticsearch:elasticsearch 36 matrix-synapse 35 moin 35 net.mingsoft:ms-mcms 35 snipe/snipe-it 35 io.undertow:undertow-core 34 gradio 34 zendframework/zendframework1 34 github.com/answerdev/answer 34 org.jenkins-ci.plugins:script-security 33 keystone 32 parse-server 31 Pillow 31 github.com/argoproj/argo-cd 31 opencv-contrib-python 31 opencv-python 31 shopware/shopware 30 github.com/hashicorp/consul 29 github.com/docker/docker 29 getgrav/grav 29 mediawiki/core 28 github.com/hashicorp/nomad 28 centreon/centreon 27 github.com/argoproj/argo-cd/v2 27 prestashop/prestashop 26 electron 26 openssl-src 26 directus 26 pillow 26 rubygems-update 25 org.apache.solr:solr-core 25 github.com/cilium/cilium 25 org.keycloak:keycloak-parent 25 gogs.io/gogs 25 org.eclipse.jetty:jetty-server 24 contao/core-bundle 24 org.springframework.security:spring-security-core 24 magento/core 24 zendframework/zendframework 23 grumpydictator/firefly-iii 23 pocketmine/pocketmine-mp 23 rack 23 simplesamlphp/simplesamlphp 23 remdex/livehelperchat 23 puppet 23 getkirby/cms 22 org.bouncycastle:bcprov-jdk14 22 tribalsystems/zenario 22 ckb 22 org.apache.openmeetings:openmeetings-parent 21 glance 21 @openzeppelin/contracts-upgradeable 21 activerecord 21 org.apache.nifi:nifi 21 Microsoft.AspNetCore.App.Runtime.win-x86 21 Microsoft.AspNetCore.App.Runtime.win-x64 21 laravel/framework 20 funadmin/funadmin 20 org.cloudfoundry.identity:cloudfoundry-identity-server 20 langchain 20 Microsoft.AspNetCore.App.Runtime.win-arm 20 code.gitea.io/gitea 20 @openzeppelin/contracts 20 github.com/ethereum/go-ethereum 20 org.xwiki.platform:xwiki-platform-web-templates 19 wasmtime 19 contao/contao 19 DotNetNuke.Core 19 org.springframework:spring-core 19 github.com/goharbor/harbor 19 topthink/framework 18 mercurial 18 com.liferay.portal:release.dxp.bom 18 golang.org/x/net 18 com.vaadin:vaadin-bom 18 forkcms/forkcms 18 cockpit-hq/cockpit 18 next 18 Microsoft.AspNetCore.App.Runtime.linux-arm64 18 cobbler 18 Microsoft.AspNetCore.App.Runtime.win-arm64 18 Microsoft.AspNetCore.App.Runtime.osx-x64 18 Microsoft.AspNetCore.App.Runtime.linux-x64 18 mindsdb 18 Microsoft.AspNetCore.App.Runtime.linux-musl-x64 18 Microsoft.AspNetCore.App.Runtime.linux-arm 18 github.com/traefik/traefik/v2 18 symfony/security 17 genix/cms 17 org.apache.geode:geode-core 17 ezsystems/ezpublish-kernel 17 helm.sh/helm/v3 17 notebook 17 cakephp/cakephp 17 opencart/opencart 17 francoisjacquet/rosariosis 17 Microsoft.AspNetCore.App.Runtime.linux-musl-arm64 17 neutron 16 pyload-ng 16 org.bouncycastle:bcprov-jdk15 16 tinymce 16 org.apache.jspwiki:jspwiki-main 16 org.apache.activemq:activemq-client 16 sequelize 16 cryptography 16 yetiforce/yetiforce-crm 16 rusqlite 16 github.com/zitadel/zitadel 16 paddlepaddle 16 openmage/magento-lts 16 typo3/cms-backend 16 org.apache.dubbo:dubbo 16 PaddlePaddle 16 phpbb/phpbb 16 smarty/smarty 15 org.apache.struts.xwork:xwork-core 15 calibreweb 15 ghost 15 surrealdb 15 ethyca-fides 15 october/system 15 symfony/security-http 15 ec-cube/ec-cube 15 OctoPrint 15 ckeditor4 15 pyftpdlib 14 lollms 14 github.com/containerd/containerd 14 bolt/bolt 14 publify_core 14 phpmailer/phpmailer 14 org.xwiki.platform:xwiki-platform-web 14 aiohttp 14 swagger-ui 14 dompdf/dompdf 14 modoboa 14 camaleon_cms 14 silverstripe/cms 14 activesupport 14 feehi/cms 14
Filter by Repository
https://github.com/tensorflow/tensorflow 433 https://github.com/moodle/moodle 218 https://github.com/chakra-core/ChakraCore 214 https://github.com/xwiki/xwiki-platform 183 https://github.com/jenkinsci/jenkins 150 https://github.com/django/django 113 https://github.com/pimcore/pimcore 113 https://github.com/apache/tomcat 101 https://github.com/apache/airflow 100 https://github.com/microweber/microweber 88 https://github.com/TYPO3/typo3 74 https://github.com/keycloak/keycloak 74 https://github.com/FasterXML/jackson-databind 70 https://github.com/thorsten/phpmyfaq 69 https://github.com/librenms/librenms 66 https://github.com/usememos/memos 64 https://github.com/silverstripe/silverstripe-framework 64 https://github.com/symfony/symfony 64 https://github.com/rails/rails 59 https://github.com/ansible/ansible 58 https://github.com/Dolibarr/dolibarr 56 https://github.com/kubernetes/kubernetes 53 https://github.com/python-pillow/Pillow 52 https://github.com/apache/struts 46 https://github.com/spring-projects/spring-framework 45 https://github.com/shopware/platform 43 https://github.com/ikus060/rdiffweb 42 https://github.com/argoproj/argo-cd 42 https://github.com/concretecms/concretecms 41 https://github.com/grafana/grafana 41 https://github.com/vyperlang/vyper 38 https://github.com/magento/magento2 38 https://github.com/star7th/showdoc 38 https://github.com/phpmyadmin/phpmyadmin 38 https://github.com/x-stream/xstream 37 https://github.com/plone/Products.CMFPlone 37 https://github.com/openstack/nova 37 https://github.com/mautic/mautic 35 https://github.com/octobercms/october 35 https://github.com/saltstack/salt 34 https://github.com/answerdev/answer 34 https://github.com/craftcms/cms 34 https://github.com/rancher/rancher 34 https://github.com/apache/activemq 33 https://github.com/dotnet/runtime 33 https://github.com/go-gitea/gitea 32 https://github.com/matrix-org/synapse 32 https://github.com/sparklemotion/nokogiri 32 https://github.com/opencv/opencv 32 https://github.com/gradio-app/gradio 31 https://github.com/PaddlePaddle/Paddle 31 https://github.com/parse-community/parse-server 31 https://github.com/mlflow/mlflow 30 https://github.com/snipe/snipe-it 30 https://github.com/shopware/shopware 28 https://github.com/openstack/keystone 28 https://github.com/CVEProject/cvelist 28 https://github.com/apache/inlong 27 https://github.com/baserproject/basercms 26 https://github.com/froxlor/froxlor 26 https://github.com/directus/directus 25 https://github.com/contao/contao 25 https://github.com/electron/electron 25 https://github.com/umbraco/Umbraco-CMS 25 https://github.com/cilium/cilium 25 https://github.com/github/advisory-database 25 https://github.com/strapi/strapi 24 https://github.com/gogs/gogs 24 https://github.com/TYPO3/TYPO3.CMS 24 https://github.com/getgrav/grav 24 https://github.com/firefly-iii/firefly-iii 23 https://github.com/apache/nifi 23 https://github.com/pmmp/PocketMine-MP 23 https://github.com/livehelperchat/livehelperchat 23 https://github.com/eclipse/jetty.project 23 https://github.com/PrestaShop/PrestaShop 22 https://github.com/hashicorp/consul 22 https://github.com/nervosnetwork/ckb 22 https://github.com/langchain-ai/langchain 22 https://github.com/jenkinsci/script-security-plugin 21 https://github.com/netty/netty 21 https://github.com/apache/cxf 21 https://github.com/OpenZeppelin/openzeppelin-contracts 20 https://github.com/OpenNMS/opennms 20 https://github.com/jeecgboot/jeecg-boot 20 https://github.com/funadmin/funadmin 20 https://github.com/undertow-io/undertow 20 https://github.com/bytecodealliance/wasmtime 20 https://github.com/simplesamlphp/simplesamlphp 20 https://github.com/getkirby/kirby 19 https://github.com/goharbor/harbor 19 https://github.com/zitadel/zitadel 19 https://github.com/cloudfoundry/uaa 19 https://github.com/nilsteampassnet/teampass 19 https://github.com/bcgit/bc-java 19 https://github.com/geoserver/geoserver 18 https://github.com/rubygems/rubygems 18 https://github.com/traefik/traefik 18 https://github.com/nilsteampassnet/TeamPass 18 https://github.com/intelliants/subrion 18 https://github.com/helm/helm 18 https://github.com/rack/rack 18 https://github.com/hashicorp/vault 17 https://github.com/moby/moby 17 https://github.com/mindsdb/mindsdb 17 https://github.com/liufee/cms 17 https://github.com/opencast/opencast 17 https://github.com/vaadin/platform 17 https://github.com/yetiforcecompany/yetiforcecrm 16 https://github.com/rusqlite/rusqlite 16 https://github.com/pyload/pyload 16 https://github.com/OpenMage/magento-lts 16 https://github.com/backstage/backstage 16 https://github.com/ethereum/go-ethereum 16 https://github.com/mattermost/mattermost 16 https://github.com/tinymce/tinymce 16 https://github.com/laravel/framework 16 https://github.com/TYPO3-CMS/core 16 https://github.com/etcd-io/etcd 16 https://github.com/sequelize/sequelize 16 https://github.com/forkcms/forkcms 16 https://github.com/pyca/cryptography 15 https://github.com/cobbler/cobbler 15 https://github.com/puppetlabs/puppet 15 https://github.com/zendframework/zendframework 15 https://github.com/ethyca/fides 15 https://github.com/surrealdb/surrealdb 15 https://github.com/centreon/centreon 15 https://github.com/denoland/deno 15 https://github.com/vantage6/vantage6 15 https://github.com/PHPMailer/PHPMailer 15 https://github.com/apache/camel 15 https://github.com/decidim/decidim 15 https://github.com/dompdf/dompdf 15 https://github.com/twisted/twisted 14 https://github.com/containerd/containerd 14 https://github.com/aio-libs/aiohttp 14 https://github.com/ckeditor/ckeditor4 14 https://github.com/hashicorp/nomad 14 https://github.com/vercel/next.js 14 https://github.com/janeczku/calibre-web 14 https://github.com/xuxueli/xxl-job 14 https://github.com/dotnet/aspnetcore 14 https://github.com/cockpit-hq/cockpit 14 https://github.com/TryGhost/Ghost 13 https://github.com/ming-soft/MCMS 13 https://github.com/golang/go 13 https://github.com/swagger-api/swagger-ui 13 https://github.com/OPCFoundation/UA-.NETStandard 13 https://github.com/nodejs/undici 13 https://github.com/publify/publify 13 https://github.com/modoboa/modoboa 13 https://github.com/quarkusio/quarkus 13 https://github.com/dromara/hutool 13 https://github.com/OpenRefine/OpenRefine 13 https://github.com/laurent22/joplin 13 https://github.com/apache/dolphinscheduler 13 https://github.com/containers/podman 12 https://github.com/smarty-php/smarty 12 https://github.com/PHPOffice/PhpSpreadsheet 12 https://github.com/patriksimek/vm2 12 https://github.com/openfga/openfga 12 https://github.com/pimcore/admin-ui-classic-bundle 12 https://github.com/openstack/glance 12 https://github.com/apache/kylin 12 https://github.com/centreon/centreon-archived 12 https://github.com/puma/puma 12 https://github.com/1Panel-dev/1Panel 12 https://github.com/opencontainers/runc 12 https://github.com/wagtail/wagtail 12 https://github.com/urllib3/urllib3 12 https://github.com/scrapy/scrapy 11 https://github.com/yiisoft/yii2 11 https://github.com/zenml-io/zenml 11 https://github.com/ezsystems/ezpublish-kernel 11 https://github.com/spring-projects/spring-security 11 https://github.com/NodeBB/NodeBB 11 https://github.com/drupal/core 11 https://github.com/cloudflare/cfrpki 11 https://github.com/nats-io/nats-server 11 https://github.com/Pylons/waitress 11 https://github.com/matrix-org/matrix-js-sdk 11 https://github.com/igniterealtime/Openfire 11 https://github.com/cakephp/cakephp 11 https://github.com/thorsten/phpMyFAQ 11 https://github.com/Studio-42/elFinder 11 https://github.com/vaadin/flow 11 https://github.com/pomerium/pomerium 11 https://github.com/getsentry/sentry 11 https://github.com/dolibarr/dolibarr 11 https://github.com/dpgaspar/Flask-AppBuilder 11 https://github.com/owen2345/camaleon-cms 11 https://github.com/top-think/framework 11 https://github.com/WWBN/AVideo 11 https://github.com/Sylius/Sylius 11 https://github.com/onionshare/onionshare 11 https://github.com/nautobot/nautobot 10 https://github.com/Graylog2/graylog2-server 10 https://github.com/opencart/opencart 10