Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories

Browse all Security Advisories for

Loading...
Moderate
GSA_kwCzR0hTQS1jOG04LWo0NDgteGp4N84AA-MX
twisted.web has disordered HTTP pipeline response
Ecosystems: pypi
Packages: twisted
Source: GitHub Advisory Database
Blast Radius: 32.6
Published: 4 months ago
Critical
GSA_kwCzR0hTQS1nODcyLWp3d3Itdmdnbc4AA-MW
Admidio Vulnerable to RCE via Arbitrary File Upload in Message Attachment
Ecosystems: packagist
Packages: admidio/admidio
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 months ago
Critical
GSA_kwCzR0hTQS02OXd4LXhjNmotMjh2M84AA-MV
Admidio has Blind SQL Injection in ecard_send.php
Ecosystems: packagist
Packages: admidio/admidio
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 months ago
Critical
GSA_kwCzR0hTQS1xNjIzLTJqMmotMjNqas4AA-Kn
RaspAP allows an attacker to escalate privileges
Ecosystems: packagist
Packages: billz/raspap-webgui
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 4 months ago
High
GSA_kwCzR0hTQS12eDI0LXg0bXYtdndyNc4AA-I4
Starship vulnerable to shell injection via undocumented, unpredictable shell expansion in custom commands
Ecosystems: cargo
Packages: starship
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 months ago
Low
GSA_kwCzR0hTQS02NmZ3LTQzaDgtZjhwM84AA-I3
XMP Toolkit's `XmpFile::close` can trigger undefined behavior
Ecosystems: cargo
Packages: xmp_toolkit
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS14MzhjLXY3NzgtdzU2bc4AA-Iq
ICEcoder Path Traversal vulnerability
Ecosystems: packagist
Packages: icecoder/icecoder
Source: GitHub Advisory Database
Blast Radius: 1.9
Published: 4 months ago
High
GSA_kwCzR0hTQS01ajQ3LTNtNjItN3ZyM84AA-I0
ICEcoder vulnerable to Cross Site Scripting
Ecosystems: packagist
Packages: icecoder/icecoder
Source: GitHub Advisory Database
Blast Radius: 1.8
Published: 4 months ago
High
GSA_kwCzR0hTQS14Y3I5LXBtNXctZ3ZoMs4AA-Ir
ICEcoder vulnerable to Cross Site Scripting
Ecosystems: packagist
Packages: icecoder/icecoder
Source: GitHub Advisory Database
Blast Radius: 1.8
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS0yOTZxLXJqODMtZzlycc4AA-Ii
Reflected Cross Site-Scripting (XSS) in Oveleon Cookiebar
Ecosystems: packagist
Packages: oveleon/contao-cookiebar
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS0yaGpyLXZtZjMteHd2cM4AA-IR
Elasticsearch Insertion of Sensitive Information into Log File
Ecosystems: maven
Packages: org.elasticsearch:elasticsearch
Source: GitHub Advisory Database
Blast Radius: 22.2
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS13cXczLXA4M2ctcjI0ds4AA-ID
Cross-Site Request Forgery in Spina
Ecosystems: rubygems
Packages: spina
Source: GitHub Advisory Database
Blast Radius: 7.7
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS00bWg4LTk2ODktMzh2cs4AA-H8
snapd failed to restrict writes to the $HOME/bin path
Ecosystems: go
Packages: github.com/snapcore/snapd
Source: GitHub Advisory Database
Blast Radius: 10.5
Published: 4 months ago
Low
GSA_kwCzR0hTQS02OXA2LWdwNXgtajI2Oc4AA-IA
snapd failed to properly check the destination of symbolic links when extracting a snap
Ecosystems: go
Packages: github.com/snapcore/snapd
Source: GitHub Advisory Database
Blast Radius: 8.0
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS02NGpoLWNqd2MtdzhxNs4AA-H-
snapd failed to properly check the file type when extracting a snap
Ecosystems: go
Packages: github.com/snapcore/snapd
Source: GitHub Advisory Database
Blast Radius: 9.7
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS13bXg3LXB3NDktODhqeM4AA-H0
Craft CMS Allows TOTP Token To Stay Valid After Use
Ecosystems: packagist
Packages: craftcms/cms
Source: GitHub Advisory Database
Blast Radius: 16.5
Published: 4 months ago
Low
GSA_kwCzR0hTQS1jeDdoLWg4N3ItanBncs4AA-Hz
The kstring integration in gix-attributes is unsound
Ecosystems: cargo
Packages: gix-attributes
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 months ago
High
GSA_kwCzR0hTQS03NzI2LTQzaGctbTIzds4AA-Hy
OpenAM FreeMarker template injection
Ecosystems: maven
Packages: org.openidentityplatform.openam:openam-oauth2
Source: GitHub Advisory Database
Blast Radius: 2.6
Published: 4 months ago
Critical
GSA_kwCzR0hTQS1wNTI4LTNtdmYtZ3I4N84AA-Hu
Remote code execution in Spring Cloud Data Flow
Ecosystems: maven
Packages: org.springframework.cloud:spring-cloud-skipper
Source: GitHub Advisory Database
Blast Radius: 11.5
Published: 4 months ago
High
GSA_kwCzR0hTQS12cHJwLTk0cDktNWpwOM4AA-HD
Dolibarr ERP CRM vulnerable to remote code execution (RCE)
Ecosystems: packagist
Packages: dolibarr/dolibarr
Source: GitHub Advisory Database
Blast Radius: 4.3
Published: 4 months ago
Critical
GSA_kwCzR0hTQS1jOWNtLTVqODItbTZwas4AA-HP
fabedge has insecure permissions
Ecosystems: go
Packages: github.com/fabedge/fabedge
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 months ago
Critical
GSA_kwCzR0hTQS01ZzN4LThnMnYtcjh4OM4AA-HK
Volcano has insecure permissions
Ecosystems: go
Packages: volcano.sh/volcano, github.com/volcano-sh/volcano
Source: GitHub Advisory Database
Blast Radius: 18.3
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS12OHd4LXY1anEtcWhod84AA-HA
The Argo CD web terminal session does not handle the revocation of user permissions properly
Ecosystems: go
Packages: github.com/argoproj/argo-cd/v2
Source: GitHub Advisory Database
Blast Radius: 10.2
Published: 4 months ago
High
GSA_kwCzR0hTQS04Z2o5LXI0aHYtM2pqd84AA-Gi
Apache Pinot: Unauthorized endpoint exposed sensitive information
Ecosystems: maven
Packages: org.apache.pinot:pinot-controller
Source: GitHub Advisory Database
Blast Radius: 13.1
Published: 4 months ago
High
GSA_kwCzR0hTQS12NjJnLWp3ajktcmZ2eM4AA-Gd
XML External Entity Reference (XXE) in the XML Format Plugin in Apache Drill
Ecosystems: maven
Packages: org.apache.drill.exec:drill-java-exec
Source: GitHub Advisory Database
Blast Radius: 13.1
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS1ybTg2LWg0NGMtMnIybc4AA-GX
OpenStack Nova vulnerable to unauthorized access to potentially sensitive data
Ecosystems: pypi
Packages: Nova
Source: GitHub Advisory Database
Blast Radius: 10.4
Published: 4 months ago
High
GSA_kwCzR0hTQS1mbTg4LWhjM3YtM3d3d84AA-GG
Sentry vulnerable to stored Cross-Site Scripting (XSS)
Ecosystems: pypi
Packages: sentry
Source: GitHub Advisory Database
Blast Radius: 16.5
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS1jMmhmLXZjbXItcWpyZs4AA-GD
Apache Arrow Rust Object Store: AWS WebIdentityToken exposure in log files
Ecosystems: cargo
Packages: object_store
Source: GitHub Advisory Database
Blast Radius: 10.3
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS1nM2NoLXJ4NzYtMzVmeM4AA-GA
vue-template-compiler vulnerable to client-side Cross-Site Scripting (XSS)
Ecosystems: npm
Packages: vue-template-compiler
Source: GitHub Advisory Database
Blast Radius: 24.6
Published: 4 months ago
High
GSA_kwCzR0hTQS04aDU1LXE1cXEtcDY4Nc4AA-F1
(ReDoS) Regular Expression Denial of Service in tf2-item-format
Ecosystems: npm
Packages: tf2-item-format
Source: GitHub Advisory Database
Blast Radius: 5.8
Published: 4 months ago
Critical
GSA_kwCzR0hTQS05eGhoLTNtNzgtZ3Znas4AA-FS
CLSA Directory Traversal vulnerability
Ecosystems: nuget
Packages: Csla
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS1xeHJ2LWdwNngtcmMyM84AA-FP
SixLabors ImageSharp has Excessive Memory Allocation in Gif Decoder
Ecosystems: nuget
Packages: SixLabors.ImageSharp
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 4 months ago
High
GSA_kwCzR0hTQS02M3A4LWM0d3ctOWNnN84AA-FO
SixLabors ImageSharp Out-of-bounds Write
Ecosystems: nuget
Packages: SixLabors.ImageSharp
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS1oY212LWptcWgtZmpnbc4AA-FN
ops leaking secrets if `subprocess.CalledProcessError` happens with a `secret-*` CLI command
Ecosystems: pypi
Packages: ops
Source: GitHub Advisory Database
Blast Radius: 11.8
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS1xNDQ1LTdtMjMtcXJtd84AA-FM
openssl's `MemBio::get_buf` has undefined behavior with empty buffers
Ecosystems: cargo
Packages: openssl
Source: GitHub Advisory Database
Blast Radius: 28.9
Published: 4 months ago
High
GSA_kwCzR0hTQS1jcmpnLXc1N20tcnFxZs4AA-FL
DNSJava vulnerable to KeyTrap - Denial-of-Service Algorithmic Complexity Attacks
Ecosystems: maven
Packages: org.jitsi:dnssecjava, dnsjava:dnsjava
Source: GitHub Advisory Database
Blast Radius: 22.2
Published: 4 months ago
High
GSA_kwCzR0hTQS1qbXZwLTY5OGMtNHgzd84AA-FK
Argo CD Unauthenticated Denial of Service (DoS) Vulnerability via /api/webhook Endpoint
Ecosystems: go
Packages: github.com/argoproj/argo-cd/v2, github.com/argoproj/argo-cd
Source: GitHub Advisory Database
Blast Radius: 16.3
Published: 4 months ago
High
GSA_kwCzR0hTQS05Z3E3LXA1dzktdzg5Oc4AA-FD
Ankitects Anki arbitrary script execution vulnerability
Ecosystems: pypi
Packages: anki
Source: GitHub Advisory Database
Blast Radius: 17.4
Published: 4 months ago
Low
GSA_kwCzR0hTQS1xNDdwLXY1cnctdjU3NM4AA-FC
Ankitects Anki LaTeX Blocklist Bypass vulnerability
Ecosystems: pypi
Packages: anki
Source: GitHub Advisory Database
Blast Radius: 5.6
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS14M3I2LWNjdnEtY2Y1ds4AA-FB
Anki Latex Incomplete Blocklist Vulnerability
Ecosystems: pypi
Packages: anki
Source: GitHub Advisory Database
Blast Radius: 9.5
Published: 4 months ago
High
GSA_kwCzR0hTQS1tbXd4LXJqODctdmZncs4AA-E2
DNSJava affected by KeyTrap - NSEC3 closest encloser proof can exhaust CPU resources
Ecosystems: maven
Packages: org.jitsi:dnssecjava, dnsjava:dnsjava
Source: GitHub Advisory Database
Blast Radius: 22.2
Published: 4 months ago
High
GSA_kwCzR0hTQS1jZnh3LTRoNzgtaDdmd84AA-E1
DNSJava DNSSEC Bypass
Ecosystems: maven
Packages: dnsjava:dnsjava
Source: GitHub Advisory Database
Blast Radius: 30.3
Published: 4 months ago
High
GSA_kwCzR0hTQS04cHh2LXg2anEtNXZ3Oc4AA-Ev
Apache Syncope Improper Input Validation vulnerability
Ecosystems: maven
Packages: org.apache.syncope.client.idrepo:syncope-client-idrepo-console, org.apache.syncope.client.idrepo:syncope-client-idrepo-common-ui
Source: GitHub Advisory Database
Blast Radius: 6.2
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS1xOXcyLWg0Y3ctOGdocM4AA-EP
Apache RocketMQ Vulnerable to Unauthorized Exposure of Sensitive Data
Ecosystems: maven
Packages: org.apache.rocketmq:rocketmq-all
Source: GitHub Advisory Database
Blast Radius: 7.1
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS0zd214LTQ4ZzMteDY2Z84AA-Ds
Backdrop CMS does not sufficiently sanitize field labels before they are displayed in certain places
Ecosystems: packagist
Packages: backdrop/backdrop
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 4 months ago
High
GSA_kwCzR0hTQS1mOGh4LWY0eHctYzY0Ns4AA-C8
Guardrails AI vulnerable to Improper Restriction of XML External Entity Reference
Ecosystems: pypi
Packages: guardrails-ai
Source: GitHub Advisory Database
Blast Radius: 3.6
Published: 4 months ago
High
GSA_kwCzR0hTQS13MzZ3LTk0OGoteGhmd84AA-DC
H2O vulnerable to Deserialization of Untrusted Data
Ecosystems: maven
Packages: ai.h2o:h2o-core
Source: GitHub Advisory Database
Blast Radius: 12.0
Published: 4 months ago
High
GSA_kwCzR0hTQS04bXJtLXI3aDMtYzNoas4AA-BA
LoLLMS vulnerable to Expected Behavior Violation
Ecosystems: pypi
Packages: lollms
Source: GitHub Advisory Database
Blast Radius: 4.4
Published: 4 months ago
High
GSA_kwCzR0hTQS00N21jLXFtaDItbXFqNM4AA-A4
Automad arbitrary file upload vulnerability
Ecosystems: packagist
Packages: automad/automad
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 4 months ago
Low
GSA_kwCzR0hTQS1yOXZ3LWNqZjkteGg0eM4AA-A3
ProcessWire Cross Site Request Forgery vulnerability
Ecosystems: packagist
Packages: processwire/processwire
Source: GitHub Advisory Database
Blast Radius: 6.1
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS1qMjJyLTNyZjMtY3YyNc4AA-A1
Calibre-Web Cross Site Scripting (XSS)
Ecosystems: pypi
Packages: calibreweb
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 months ago
Low
GSA_kwCzR0hTQS1yd2NqLTdqanAtNHczOM4AA-A0
[PUNCIA] [CWE-319] Cleartext Transmission of Sensitive Information via HTTP urls in `API_URLS`
Ecosystems: pypi
Packages: puncia
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 4 months ago
High
GSA_kwCzR0hTQS14dzM1LXJyY3AtZzd4bc4AA-Az
Woodpecker's custom workspace allow to overwrite plugin entrypoint executable
Ecosystems: go
Packages: go.woodpecker-ci.org/woodpecker, go.woodpecker-ci.org/woodpecker/v2
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS0zd2YyLTJwcTQtNHJ2Y84AA-Ay
Woodpecker's custom environment variables allow to alter execution flow of plugins
Ecosystems: go
Packages: go.woodpecker-ci.org/woodpecker, go.woodpecker-ci.org/woodpecker/v2
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 4 months ago
Low
GSA_kwCzR0hTQS01bTNqLXB4aDctNDU1cM4AA-Ab
Apache CXF: SSRF vulnerability via WADL stylesheet parameter
Ecosystems: maven
Packages: org.apache.cxf:cxf-rt-rs-service-description
Source: GitHub Advisory Database
Blast Radius: 16.7
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS00bWdnLWZxZnEtNjRoZ84AA-AU
Apache CXF allows unrestricted memory consumption in CXF HTTP clients
Ecosystems: maven
Packages: org.apache.cxf:cxf-rt-transports-http
Source: GitHub Advisory Database
Blast Radius: 15.0
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS02cGZmLWZtaDItNG1tZs4AA-AS
Apache CXF Denial of Service vulnerability in JOSE
Ecosystems: maven
Packages: org.apache.cxf:cxf-rt-rs-security-jose
Source: GitHub Advisory Database
Blast Radius: 9.7
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS04cGdjLTY1bWotNTNoNc4AA-AN
github.com/gitpod-io/gitpod vulnerable to Cookie Tossing
Ecosystems: go
Packages: github.com/gitpod-io/gitpod
Source: GitHub Advisory Database
Blast Radius: 2.5
Published: 4 months ago
High
GSA_kwCzR0hTQS1xOGYyLWh4cTUtY3A0aM4AA-AD
Absent Input Validation in BinaryHttpParser
Ecosystems: maven
Packages: io.netty.incubator:netty-incubator-codec-bhttp
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 4 months ago
High
GSA_kwCzR0hTQS1oaHBnLXY2M3Atd3A3d84AA-AC
TorchServe gRPC Port Exposure
Ecosystems: pypi
Packages: torchserve
Source: GitHub Advisory Database
Blast Radius: 17.0
Published: 4 months ago
Critical
GSA_kwCzR0hTQS13eGN4LWdnOWMtZndwMs4AA-AB
TorchServe vulnerable to bypass of allowed_urls configuration
Ecosystems: pypi
Packages: torchserve
Source: GitHub Advisory Database
Blast Radius: 20.3
Published: 4 months ago
High
GSA_kwCzR0hTQS04Mm0yLWN2N3AtNG03Nc4AA9__
Kubernetes sets incorrect permissions on Windows containers logs
Ecosystems: go
Packages: k8s.io/kubernetes
Source: GitHub Advisory Database
Blast Radius: 26.3
Published: 4 months ago
High
GSA_kwCzR0hTQS1oYzV3LWd4eHItdzh4OM4AA9_5
Sliver Allows Authenticated Operator-to-Server Remote Code Execution
Ecosystems: go
Packages: github.com/bishopfox/sliver
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 months ago
Low
GSA_kwCzR0hTQS1nOTJqLXFobWgtNjR2Ms4AA9_r
Sentry's Python SDK unintentionally exposes environment variables to subprocesses
Ecosystems: pypi
Packages: sentry-sdk
Source: GitHub Advisory Database
Blast Radius: 10.3
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS00cWc0LWN2aDItY3JnZ84AA9_o
matrix-sdk-crypto's `UserIdentity::is_verified` not checking verification status of own user identity while performing the check
Ecosystems: cargo
Packages: matrix-sdk-crypto
Source: GitHub Advisory Database
Blast Radius: 7.6
Published: 4 months ago
High
GSA_kwCzR0hTQS1tZ3Z2LTlwOWctM2p2NM4AA9_n
gix-path can use a fake program files location
Ecosystems: cargo
Packages: gix-path
Source: GitHub Advisory Database
Blast Radius: 19.7
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS14bXZnLTMzNWcteDQ0cc4AA9_m
The OpenSearch reporting plugin improperly controls tenancy access to reporting resources
Ecosystems: maven
Packages: org.opensearch.plugin:opensearch-reports-scheduler
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 4 months ago
Critical
GSA_kwCzR0hTQS01Z3J4LXY3MjctcW1xNs4AA9_l
1Panel has an SQL injection issue related to the orderBy clause
Ecosystems: go
Packages: github.com/1Panel-dev/1Panel
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS14amd3LWdocngtd2ZmZs4AA9_P
Roundup Cross-site Scripting Vulnerability
Ecosystems: pypi
Packages: roundup
Source: GitHub Advisory Database
Blast Radius: 2.9
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS13OHZjLWN3djktd3g2N84AA9_K
Roundup Cross-site Scripting Vulnerability
Ecosystems: pypi
Packages: roundup
Source: GitHub Advisory Database
Blast Radius: 2.9
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS14cmg3LTJnZnEtNHJjcc4AA9_L
openCart Server-Side Template Injection (SSTI) vulnerability
Ecosystems: packagist
Packages: opencart/opencart
Source: GitHub Advisory Database
Blast Radius: 9.5
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS14Mzd4LXFmNHYtZjU0Zs4AA9_Q
Roundup Cross-site Scripting Vulnerability
Ecosystems: pypi
Packages: roundup
Source: GitHub Advisory Database
Blast Radius: 2.9
Published: 4 months ago
High
GSA_kwCzR0hTQS1jM3E5LWMyN3AtY3c5aM4AA9_J
projectdiscovery/nuclei allows unsigned code template execution through workflows
Ecosystems: go
Packages: github.com/projectdiscovery/nuclei/v3
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS1qOGNtLWc3cjYtaGZwcc4AA9-3
vodozemac's usage of non-constant time base64 decoder could lead to leakage of secret key material
Ecosystems: cargo
Packages: vodozemac
Source: GitHub Advisory Database
Blast Radius: 5.1
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS12aG1qLTVxOXItbW05Z84AA9-2
BlastRADIUS also affects eduMFA
Ecosystems: pypi
Packages: edumfa
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS01MmN3LXB2cTktOW01ds4AA9-1
Silverstripe uses TinyMCE which allows svg files linked in object tags
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 19.6
Published: 4 months ago
Low
GSA_kwCzR0hTQS12bWNwLTY2cjUtM3BjcM4AA9-0
Steeltoe Leaks Basic Auth Credentials to Logs After Fetch Registry Error
Ecosystems: nuget
Packages: Steeltoe.Discovery.ClientAutofac, Steeltoe.Discovery.ClientCore, Steeltoe.Discovery.EurekaBase, Steeltoe.Discovery.Eureka
Source: GitHub Advisory Database
Blast Radius: 0.8
Published: 4 months ago
Low
GSA_kwCzR0hTQS1wM2YzLTVjY2ctODN4cc4AA9-z
dbt has an implicit override for built-in materializations from installed packages
Ecosystems: pypi
Packages: dbt-core
Source: GitHub Advisory Database
Blast Radius: 11.5
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS1naGdxLXg2d2MtNmpyNc4AA9-w
Zowe CLI allows storage of previously entered secure credentials in a plaintext file
Ecosystems: npm
Packages: @zowe/cli
Source: GitHub Advisory Database
Blast Radius: 9.3
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS1oY2Y4LTVqNzgtODg3ds4AA9-u
Apache StreamPark: Information leakage vulnerability
Ecosystems: maven
Packages: org.apache.streampark:streampark
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 4 months ago
Critical
GSA_kwCzR0hTQS0ycndtLXh2NWotNzc3cM4AA9-i
Eclipse Parsson stack overflow when parsing deeply nested input
Ecosystems: maven
Packages: org.eclipse.parsson:parsson
Source: GitHub Advisory Database
Blast Radius: 19.0
Published: 4 months ago
High
GSA_kwCzR0hTQS01NXJmLThxMjktNGc0M84AA9-g
Sylius has a security vulnerability via adjustments API endpoint
Ecosystems: packagist
Packages: sylius/sylius
Source: GitHub Advisory Database
Blast Radius: 21.6
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS1jaHg3LTl4OGgtcjVtZ84AA9-f
Silverstripe Framework has a Cross-site Scripting vulnerability with encoded payload
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 19.6
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS04OXE2LTk4eHgtNGZmd84AA9-e
Silverstripe Reports are still accessible even when `canView()` returns false
Ecosystems: packagist
Packages: silverstripe/reports
Source: GitHub Advisory Database
Blast Radius: 10.8
Published: 4 months ago
High
GSA_kwCzR0hTQS02NTIzLWpmNHItYzk2Ms4AA9-c
Apache StreamPipes has potential remote code execution (RCE) via file upload
Ecosystems: maven
Packages: org.apache.streampipes:streampipes-parent
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 4 months ago
High
GSA_kwCzR0hTQS1nNWh2LXI3NDMtdjhwbc4AA9-F
Apache Airflow has DAG Author Code Execution possibility in airflow-scheduler
Ecosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Blast Radius: 28.1
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS05Z3I3LWdoNzQtcWc5eM4AA9-K
Apache StreamPipes has possibility of SSRF in pipeline element installation process
Ecosystems: maven
Packages: org.apache.streampipes:streampipes-parent
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS0ycXBoLXY5cDItcTJnds4AA9-J
Apache StreamPipes potentially allows creation of multiple identical accounts
Ecosystems: maven
Packages: org.apache.streampipes:streampipes-parent
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS1qNDgyLTQ3eGYtcDI1Y84AA9-G
Apache Airflow Potential Cross-site Scripting Vulnerability
Ecosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Blast Radius: 17.2
Published: 4 months ago
High
GSA_kwCzR0hTQS13Nzk5LXY4NWotODhwZ84AA997
Skupper uses a static cookie secret for the openshift oauth-proxy
Ecosystems: go
Packages: github.com/skupperproject/skupper
Source: GitHub Advisory Database
Blast Radius: 3.6
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS00eHFxLW0yaHgtMjV2OM4AA98F
REXML denial of service vulnerability
Ecosystems: rubygems
Packages: rexml
Source: GitHub Advisory Database
Blast Radius: 23.3
Published: 4 months ago
Critical
GSA_kwCzR0hTQS1xNWZtLTU1YzItdjZqOc4AA98E
Fiona affected by CVE-2023-45853 related to MiniZip madler-zlib
Ecosystems: pypi
Packages: fiona
Source: GitHub Advisory Database
Blast Radius: 32.1
Published: 4 months ago
High
GSA_kwCzR0hTQS1nNG00LTlxNGMtbWZ3Ns4AA98D
Fiona affected by CVE-2020-14152 related to madler-zlib
Ecosystems: pypi
Packages: fiona
Source: GitHub Advisory Database
Blast Radius: 23.3
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS0ycTZqLXZwdnItNnB2as4AA96P
Apache Superset vulnerable to improper SQL authorization
Ecosystems: pypi
Packages: apache-superset
Source: GitHub Advisory Database
Blast Radius: 5.8
Published: 4 months ago
High
GSA_kwCzR0hTQS1oM3BxLTY2N3gtcjc4Oc4AA95v
Plate media plugins has a XSS in media embed element when using custom URL parsers
Ecosystems: npm
Packages: @udecode/plate-media
Source: GitHub Advisory Database
Blast Radius: 18.1
Published: 4 months ago
Low
GSA_kwCzR0hTQS01eGdqLXBtamotZ3c0Oc4AA95u
RISC Zero zkVM notes on zero-knowledge
Ecosystems: cargo
Packages: risc0-zkvm
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS1xYzZ2LTVnNW0tOGN3Ms4AA95d
ZITADEL Go's GRPC example code vulnerability - GO-2024-2687 HTTP/2 CONTINUATION flood in net/http
Ecosystems: go
Packages: github.com/zitadel/zitadel-go/v3
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS01ZjVjLThydmMtajh3Zs4AA95c
OpaMiddleware does not filter HTTP OPTIONS requests
Ecosystems: pypi
Packages: fastapi-opa
Source: GitHub Advisory Database
Blast Radius: 4.1
Published: 4 months ago
Critical
GSA_kwCzR0hTQS1mZzg2LTRjMnItN3d4d84AA95b
TorrentPier Deserialization of Untrusted Data vulnerability
Ecosystems: packagist
Packages: torrentpier/torrentpier
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS0zNDJxLTJtYzItNWdtcM4AA95a
@jmondi/url-to-png enables capture screenshot of localhost web services (unauthenticated pages)
Ecosystems: npm
Packages: @jmondi/url-to-png
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 4 months ago
Statistics
Advisories: 20,713
Packages: 9,066
Repositories: 5,542
Ecosystems: 12
Filter by Severity
Moderate 8,860 High 7,285 Critical 3,071 Low 1,148
Filter by Ecosystem
maven 5,870 packagist 4,634 pypi 4,392 npm 3,814 go 2,299 nuget 1,552 cargo 888 rubygems 880 swift 33 hex 32 actions 20 pub 9
Filter by Package
tensorflow 433 tensorflow-gpu 427 tensorflow-cpu 423 moodle/moodle 367 Microsoft.ChakraCore 247 magento/community-edition 235 org.jenkins-ci.main:jenkins-core 193 typo3/cms 174 org.apache.tomcat:tomcat 132 pimcore/pimcore 118 dolibarr/dolibarr 113 typo3/cms-core 106 Django 100 microweber/microweber 94 phpmyadmin/phpmyadmin 92 drupal/core 92 silverstripe/framework 85 apache-airflow 85 drupal/drupal 78 librenms/librenms 74 Plone 72 thorsten/phpmyfaq 70 com.fasterxml.jackson.core:jackson-databind 69 symfony/symfony 69 github.com/usememos/memos 64 ansible 63 github.com/mattermost/mattermost/server/v8 61 concrete5/concrete5 60 actionpack 60 salt 56 org.apache.struts:struts2-core 55 shopware/platform 52 org.keycloak:keycloak-core 51 apache-superset 51 github.com/grafana/grafana 49 baserproject/basercms 47 nova 47 com.liferay.portal:release.portal.bom 46 mlflow 46 craftcms/cms 46 django 44 nokogiri 43 rdiffweb 42 plone 41 showdoc/showdoc 40 shopware/core 40 intelliants/subrion 39 github.com/rancher/rancher 38 org.apache.tomcat.embed:tomcat-embed-core 38 froxlor/froxlor 38 vyper 38 org.xwiki.platform:xwiki-platform-oldcore 37 com.thoughtworks.xstream:xstream 37 nilsteampassnet/teampass 37 github.com/hashicorp/vault 37 github.com/mattermost/mattermost-server/v6 37 mautic/core 37 k8s.io/kubernetes 36 com.jfinal:jfinal 36 org.elasticsearch:elasticsearch 36 org.keycloak:keycloak-services 36 moin 35 snipe/snipe-it 35 matrix-synapse 35 net.mingsoft:ms-mcms 35 github.com/answerdev/answer 34 zendframework/zendframework1 34 gradio 34 io.undertow:undertow-core 34 org.jenkins-ci.plugins:script-security 33 keystone 32 Pillow 31 github.com/argoproj/argo-cd 31 parse-server 31 opencv-python 31 opencv-contrib-python 31 shopware/shopware 30 github.com/docker/docker 29 getgrav/grav 29 github.com/hashicorp/consul 29 github.com/hashicorp/nomad 28 mediawiki/core 28 centreon/centreon 27 github.com/argoproj/argo-cd/v2 27 prestashop/prestashop 26 directus 26 electron 26 openssl-src 26 pillow 26 rubygems-update 25 github.com/cilium/cilium 25 org.keycloak:keycloak-parent 25 gogs.io/gogs 25 org.apache.solr:solr-core 25 org.springframework.security:spring-security-core 24 contao/core-bundle 24 magento/core 24 org.eclipse.jetty:jetty-server 24 puppet 23 simplesamlphp/simplesamlphp 23 zendframework/zendframework 23 pocketmine/pocketmine-mp 23 rack 23 remdex/livehelperchat 23 grumpydictator/firefly-iii 23 ckb 22 getkirby/cms 22 org.bouncycastle:bcprov-jdk14 22 tribalsystems/zenario 22 Microsoft.AspNetCore.App.Runtime.win-x86 21 Microsoft.AspNetCore.App.Runtime.win-x64 21 activerecord 21 org.apache.openmeetings:openmeetings-parent 21 @openzeppelin/contracts-upgradeable 21 org.apache.nifi:nifi 21 glance 21 @openzeppelin/contracts 20 Microsoft.AspNetCore.App.Runtime.win-arm 20 funadmin/funadmin 20 code.gitea.io/gitea 20 laravel/framework 20 org.cloudfoundry.identity:cloudfoundry-identity-server 20 langchain 20 github.com/ethereum/go-ethereum 20 wasmtime 19 contao/contao 19 org.springframework:spring-core 19 github.com/goharbor/harbor 19 org.xwiki.platform:xwiki-platform-web-templates 19 DotNetNuke.Core 19 mercurial 18 github.com/traefik/traefik/v2 18 mindsdb 18 cobbler 18 golang.org/x/net 18 next 18 forkcms/forkcms 18 com.vaadin:vaadin-bom 18 com.liferay.portal:release.dxp.bom 18 Microsoft.AspNetCore.App.Runtime.osx-x64 18 cockpit-hq/cockpit 18 topthink/framework 18 Microsoft.AspNetCore.App.Runtime.linux-x64 18 Microsoft.AspNetCore.App.Runtime.linux-musl-x64 18 Microsoft.AspNetCore.App.Runtime.linux-arm64 18 Microsoft.AspNetCore.App.Runtime.win-arm64 18 Microsoft.AspNetCore.App.Runtime.linux-arm 18 ezsystems/ezpublish-kernel 17 Microsoft.AspNetCore.App.Runtime.linux-musl-arm64 17 francoisjacquet/rosariosis 17 symfony/security 17 genix/cms 17 helm.sh/helm/v3 17 cakephp/cakephp 17 org.apache.geode:geode-core 17 opencart/opencart 17 notebook 17 PaddlePaddle 16 typo3/cms-backend 16 sequelize 16 paddlepaddle 16 rusqlite 16 org.apache.dubbo:dubbo 16 org.apache.jspwiki:jspwiki-main 16 org.bouncycastle:bcprov-jdk15 16 pyload-ng 16 cryptography 16 tinymce 16 github.com/zitadel/zitadel 16 phpbb/phpbb 16 openmage/magento-lts 16 yetiforce/yetiforce-crm 16 neutron 16 org.apache.activemq:activemq-client 16 org.apache.struts.xwork:xwork-core 15 ghost 15 october/system 15 ckeditor4 15 ec-cube/ec-cube 15 smarty/smarty 15 surrealdb 15 OctoPrint 15 calibreweb 15 ethyca-fides 15 symfony/security-http 15 bolt/bolt 14 camaleon_cms 14 joplin 14 publify_core 14 swagger-ui 14 silverstripe/cms 14 org.apache.tomcat:tomcat-coyote 14 dompdf/dompdf 14 lollms 14 aiohttp 14 modoboa 14 activesupport 14 github.com/nats-io/nats-server/v2 14 pyftpdlib 14 github.com/containerd/containerd 14
Filter by Repository
https://github.com/tensorflow/tensorflow 433 https://github.com/moodle/moodle 218 https://github.com/chakra-core/ChakraCore 214 https://github.com/xwiki/xwiki-platform 183 https://github.com/jenkinsci/jenkins 150 https://github.com/django/django 113 https://github.com/pimcore/pimcore 113 https://github.com/apache/tomcat 101 https://github.com/apache/airflow 100 https://github.com/microweber/microweber 88 https://github.com/TYPO3/typo3 74 https://github.com/keycloak/keycloak 74 https://github.com/FasterXML/jackson-databind 70 https://github.com/thorsten/phpmyfaq 69 https://github.com/librenms/librenms 66 https://github.com/silverstripe/silverstripe-framework 64 https://github.com/usememos/memos 64 https://github.com/symfony/symfony 64 https://github.com/rails/rails 59 https://github.com/ansible/ansible 58 https://github.com/Dolibarr/dolibarr 56 https://github.com/kubernetes/kubernetes 53 https://github.com/python-pillow/Pillow 52 https://github.com/apache/struts 46 https://github.com/spring-projects/spring-framework 45 https://github.com/shopware/platform 43 https://github.com/ikus060/rdiffweb 42 https://github.com/argoproj/argo-cd 42 https://github.com/concretecms/concretecms 41 https://github.com/grafana/grafana 41 https://github.com/magento/magento2 38 https://github.com/vyperlang/vyper 38 https://github.com/star7th/showdoc 38 https://github.com/phpmyadmin/phpmyadmin 38 https://github.com/x-stream/xstream 37 https://github.com/plone/Products.CMFPlone 37 https://github.com/openstack/nova 37 https://github.com/mautic/mautic 35 https://github.com/octobercms/october 35 https://github.com/rancher/rancher 34 https://github.com/answerdev/answer 34 https://github.com/craftcms/cms 34 https://github.com/saltstack/salt 34 https://github.com/apache/activemq 33 https://github.com/dotnet/runtime 33 https://github.com/matrix-org/synapse 32 https://github.com/sparklemotion/nokogiri 32 https://github.com/opencv/opencv 32 https://github.com/go-gitea/gitea 32 https://github.com/gradio-app/gradio 31 https://github.com/PaddlePaddle/Paddle 31 https://github.com/parse-community/parse-server 31 https://github.com/mlflow/mlflow 30 https://github.com/snipe/snipe-it 30 https://github.com/openstack/keystone 28 https://github.com/CVEProject/cvelist 28 https://github.com/shopware/shopware 28 https://github.com/apache/inlong 27 https://github.com/baserproject/basercms 26 https://github.com/froxlor/froxlor 26 https://github.com/contao/contao 25 https://github.com/electron/electron 25 https://github.com/directus/directus 25 https://github.com/umbraco/Umbraco-CMS 25 https://github.com/cilium/cilium 25 https://github.com/github/advisory-database 25 https://github.com/strapi/strapi 24 https://github.com/gogs/gogs 24 https://github.com/TYPO3/TYPO3.CMS 24 https://github.com/getgrav/grav 24 https://github.com/apache/nifi 23 https://github.com/firefly-iii/firefly-iii 23 https://github.com/livehelperchat/livehelperchat 23 https://github.com/eclipse/jetty.project 23 https://github.com/pmmp/PocketMine-MP 23 https://github.com/PrestaShop/PrestaShop 22 https://github.com/hashicorp/consul 22 https://github.com/langchain-ai/langchain 22 https://github.com/nervosnetwork/ckb 22 https://github.com/jenkinsci/script-security-plugin 21 https://github.com/apache/cxf 21 https://github.com/netty/netty 21 https://github.com/OpenZeppelin/openzeppelin-contracts 20 https://github.com/bytecodealliance/wasmtime 20 https://github.com/undertow-io/undertow 20 https://github.com/OpenNMS/opennms 20 https://github.com/simplesamlphp/simplesamlphp 20 https://github.com/jeecgboot/jeecg-boot 20 https://github.com/funadmin/funadmin 20 https://github.com/goharbor/harbor 19 https://github.com/getkirby/kirby 19 https://github.com/zitadel/zitadel 19 https://github.com/cloudfoundry/uaa 19 https://github.com/bcgit/bc-java 19 https://github.com/nilsteampassnet/teampass 19 https://github.com/geoserver/geoserver 18 https://github.com/helm/helm 18 https://github.com/rack/rack 18 https://github.com/rubygems/rubygems 18 https://github.com/traefik/traefik 18 https://github.com/nilsteampassnet/TeamPass 18 https://github.com/intelliants/subrion 18 https://github.com/opencast/opencast 17 https://github.com/liufee/cms 17 https://github.com/vaadin/platform 17 https://github.com/mindsdb/mindsdb 17 https://github.com/moby/moby 17 https://github.com/hashicorp/vault 17 https://github.com/TYPO3-CMS/core 16 https://github.com/mattermost/mattermost 16 https://github.com/ethereum/go-ethereum 16 https://github.com/tinymce/tinymce 16 https://github.com/OpenMage/magento-lts 16 https://github.com/rusqlite/rusqlite 16 https://github.com/pyload/pyload 16 https://github.com/yetiforcecompany/yetiforcecrm 16 https://github.com/forkcms/forkcms 16 https://github.com/etcd-io/etcd 16 https://github.com/laravel/framework 16 https://github.com/sequelize/sequelize 16 https://github.com/backstage/backstage 16 https://github.com/PHPMailer/PHPMailer 15 https://github.com/puppetlabs/puppet 15 https://github.com/pyca/cryptography 15 https://github.com/denoland/deno 15 https://github.com/apache/camel 15 https://github.com/centreon/centreon 15 https://github.com/cobbler/cobbler 15 https://github.com/vantage6/vantage6 15 https://github.com/surrealdb/surrealdb 15 https://github.com/ethyca/fides 15 https://github.com/zendframework/zendframework 15 https://github.com/dompdf/dompdf 15 https://github.com/decidim/decidim 15 https://github.com/janeczku/calibre-web 14 https://github.com/dotnet/aspnetcore 14 https://github.com/ckeditor/ckeditor4 14 https://github.com/twisted/twisted 14 https://github.com/hashicorp/nomad 14 https://github.com/vercel/next.js 14 https://github.com/containerd/containerd 14 https://github.com/aio-libs/aiohttp 14 https://github.com/cockpit-hq/cockpit 14 https://github.com/xuxueli/xxl-job 14 https://github.com/ming-soft/MCMS 13 https://github.com/TryGhost/Ghost 13 https://github.com/nodejs/undici 13 https://github.com/laurent22/joplin 13 https://github.com/apache/dolphinscheduler 13 https://github.com/dromara/hutool 13 https://github.com/quarkusio/quarkus 13 https://github.com/golang/go 13 https://github.com/OPCFoundation/UA-.NETStandard 13 https://github.com/swagger-api/swagger-ui 13 https://github.com/publify/publify 13 https://github.com/modoboa/modoboa 13 https://github.com/OpenRefine/OpenRefine 13 https://github.com/smarty-php/smarty 12 https://github.com/urllib3/urllib3 12 https://github.com/PHPOffice/PhpSpreadsheet 12 https://github.com/containers/podman 12 https://github.com/pimcore/admin-ui-classic-bundle 12 https://github.com/openfga/openfga 12 https://github.com/openstack/glance 12 https://github.com/apache/kylin 12 https://github.com/1Panel-dev/1Panel 12 https://github.com/centreon/centreon-archived 12 https://github.com/puma/puma 12 https://github.com/patriksimek/vm2 12 https://github.com/wagtail/wagtail 12 https://github.com/opencontainers/runc 12 https://github.com/getsentry/sentry 11 https://github.com/ezsystems/ezpublish-kernel 11 https://github.com/Studio-42/elFinder 11 https://github.com/scrapy/scrapy 11 https://github.com/owen2345/camaleon-cms 11 https://github.com/vaadin/flow 11 https://github.com/cloudflare/cfrpki 11 https://github.com/NodeBB/NodeBB 11 https://github.com/igniterealtime/Openfire 11 https://github.com/drupal/core 11 https://github.com/onionshare/onionshare 11 https://github.com/nats-io/nats-server 11 https://github.com/Pylons/waitress 11 https://github.com/top-think/framework 11 https://github.com/dolibarr/dolibarr 11 https://github.com/matrix-org/matrix-js-sdk 11 https://github.com/yiisoft/yii2 11 https://github.com/cakephp/cakephp 11 https://github.com/dpgaspar/Flask-AppBuilder 11 https://github.com/spring-projects/spring-security 11 https://github.com/thorsten/phpMyFAQ 11 https://github.com/zenml-io/zenml 11 https://github.com/WWBN/AVideo 11 https://github.com/Sylius/Sylius 11 https://github.com/pomerium/pomerium 11 https://github.com/DSpace/DSpace 10 https://github.com/opencart/opencart 10 https://github.com/pgadmin-org/pgadmin4 10