Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories

Browse all Security Advisories for

Loading...
Moderate
GSA_kwCzR0hTQS12dm12LXdydnAtOWdqcs4AA95Z
@jmondi/url-to-png contains a Path Traversal vulnerability
Ecosystems: npm
Packages: @jmondi/url-to-png
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS04NzV4LWc4cDctNXcyN84AA95Y
The FIDO2/Webauthn Support for PHP library allows enumeration of valid usernames
Ecosystems: packagist
Packages: web-auth/webauthn-framework, web-auth/webauthn-lib
Source: GitHub Advisory Database
Blast Radius: 12.7
Published: 4 months ago
High
GSA_kwCzR0hTQS03cXBjLTR4eDkteDVxd84AA94-
Apache Linkis DataSource's JDBC Datasource Module with DB2 has JNDI Injection vulnerability
Ecosystems: maven
Packages: org.apache.linkis:linkis-datasource
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 4 months ago
High
GSA_kwCzR0hTQS1qanZjLXY4Z3ctNTI1Nc4AA949
Apache Linkis DataSource remote code execution vulnerability
Ecosystems: maven
Packages: org.apache.linkis:linkis-datasource
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 4 months ago
High
GSA_kwCzR0hTQS1mMjJqLTlqNTktMzNqNM4AA948
Apache Linkis DataSource allows arbitrary file reading
Ecosystems: maven
Packages: org.apache.linkis:linkis-datasource
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 4 months ago
Critical
GSA_kwCzR0hTQS1jZ2NnLXA2OHEtM3c3ds4AA94z
langchain-experimental vulnerable to Arbitrary Code Execution
Ecosystems: pypi
Packages: langchain-experimental
Source: GitHub Advisory Database
Blast Radius: 19.9
Published: 4 months ago
High
GSA_kwCzR0hTQS1jeDYzLTJtdzYtOGh3Nc4AA94q
setuptools vulnerable to Command Injection via package URL
Ecosystems: pypi
Packages: setuptools
Source: GitHub Advisory Database
Blast Radius: 43.9
Published: 4 months ago
High
GSA_kwCzR0hTQS01Z3JyLTcyZjktNjc4ds4AA93Y
Malware package cipherbcrypt
Ecosystems: pypi
Packages: cipherbcrypt
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 4 months ago
High
GSA_kwCzR0hTQS05Nzk0LXBjNHItNDM4d84AA93X
Local File Inclusion in Solara
Ecosystems: pypi
Packages: solara
Source: GitHub Advisory Database
Blast Radius: 13.6
Published: 4 months ago
High
GSA_kwCzR0hTQS1oaHdjLWdoOGgtOXJycM4AA90p
Apache Wicket: Remote code execution via XSLT injection
Ecosystems: maven
Packages: org.apache.wicket:wicket-util
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 months ago
High
GSA_kwCzR0hTQS01MjQ4LWg0NXAtOXBnd84AA90n
SQL Injection in the KubeClarity REST API
Ecosystems: go
Packages: github.com/openclarity/kubeclarity/backend
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 4 months ago
High
GSA_kwCzR0hTQS0ycW13LXB2ZjctNG13Ns4AA90R
Hashicorp Vault vulnerable to Improper Check or Handling of Exceptional Conditions
Ecosystems: go
Packages: github.com/hashicorp/vault
Source: GitHub Advisory Database
Blast Radius: 25.2
Published: 5 months ago
High
GSA_kwCzR0hTQS0yaDJ4LThoaDItbWZxOM4AA90Q
NATS Server and Streaming Server fails to enforce negative user permissions, may allow denied subjects
Ecosystems: go
Packages: github.com/nats-io/nats-streaming-server, github.com/nats-io/nats-server/v2
Source: GitHub Advisory Database
Blast Radius: 28.6
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS14NnA3LTQ0cmgtbTNycs4AA90O
Login by Auth0 plugin for WordPress vulnerable to Reflected Cross-Site Scripting
Ecosystems: packagist
Packages: auth0/wordpress
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS12eG1jLTV4MjktaDY0ds4AA9zy
Bootstrap Cross-Site Scripting (XSS) vulnerability for data-* attributes
Ecosystems: npm
Packages: bootstrap
Source: GitHub Advisory Database
Blast Radius: 38.0
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS12Yzh3LWpyOXYtdmo3Zs4AA90M
Bootstrap Cross-Site Scripting (XSS) vulnerability
Ecosystems: maven, packagist, nuget, rubygems, npm
Packages: org.webjars.npm:bootstrap, org.webjars:bootstrap, twbs/bootstrap, bootstrap.sass, bootstrap
Source: GitHub Advisory Database
Blast Radius: 153.3
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS05bXZqLWY3dzgtcHZoMs4AA9zw
Bootstrap Cross-Site Scripting (XSS) vulnerability
Ecosystems: maven, packagist, nuget, rubygems, npm
Packages: org.webjars.npm:bootstrap, org.webjars:bootstrap, twbs/bootstrap, bootstrap.sass, bootstrap-sass, bootstrap
Source: GitHub Advisory Database
Blast Radius: 157.7
Published: 5 months ago
High
GSA_kwCzR0hTQS1nbWM2LWZ3ZzMtNzVtNc4AA9zq
Mimekit has vulnerable dependency that can lead to denial of service
Ecosystems: nuget
Packages: MimeKit
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS01anE4LXE2cmotOWdxNM4AA9zp
Red-DiscordBot vulnerable to Incorrect Authorization in commands API
Ecosystems: pypi
Packages: Red-DiscordBot
Source: GitHub Advisory Database
Blast Radius: 7.1
Published: 5 months ago
High
GSA_kwCzR0hTQS1qbXAzLTM5dnAtZndnOM4AA9zm
Wagtail regular expression denial-of-service via search query parsing
Ecosystems: pypi
Packages: wagtail
Source: GitHub Advisory Database
Blast Radius: 21.4
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS1naDlmLTZ4bTItYzRqMs4AA9zl
SurrealDB vulnerable to Improper Authentication when Changing Databases as Scope User
Ecosystems: cargo
Packages: surrealdb-core, surrealdb
Source: GitHub Advisory Database
Blast Radius: 13.9
Published: 5 months ago
Low
GSA_kwCzR0hTQS03N3ZjLXJqMzItMnIzM84AA9w7
OpenSearch Observability does not properly restrict access to private tenant resources
Ecosystems: maven
Packages: org.opensearch.plugin:opensearch-observability
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 5 months ago
High
GSA_kwCzR0hTQS1mcTU0LTJqNTItamM0Ms4AA9w6
Next.js Denial of Service (DoS) condition
Ecosystems: npm
Packages: next
Source: GitHub Advisory Database
Blast Radius: 41.5
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS01MjlwLWpqNDctdzNtM84AA9w5
Decidim cross-site scripting (XSS) in the admin panel
Ecosystems: rubygems
Packages: decidim-admin
Source: GitHub Advisory Database
Blast Radius: 13.5
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS03Y3g4LTQ0cGMteHYzcc4AA9w4
Decidim cross-site scripting (XSS) in the pagination
Ecosystems: rubygems
Packages: decidim
Source: GitHub Advisory Database
Blast Radius: 17.7
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS1xY2o2LXZ4d3gtNHJxds4AA9wt
Decidim vulnerable to data disclosure through the embed feature
Ecosystems: rubygems
Packages: decidim
Source: GitHub Advisory Database
Blast Radius: 13.2
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS1tcXFqLWZ4OGgtNDM3as4AA9ws
PrivateBin allows shortening of URLs for other domains
Ecosystems: packagist
Packages: privatebin/privatebin
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 5 months ago
High
GSA_kwCzR0hTQS1xNmhnLTZtOXgtNWc5Y84AA9wr
Evmos vulnerable to exploit of smart contract account and vesting
Ecosystems: go
Packages: github.com/evmos/evmos/v18
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS14N3EyLXdyN2cteHFtZs4AA9wR
Django vulnerable to user enumeration attack
Ecosystems: pypi
Packages: Django
Source: GitHub Advisory Database
Blast Radius: 26.8
Published: 5 months ago
High
GSA_kwCzR0hTQS13NWZjLWdqM2gtMjZyeM4AA9wS
speaker vulnerable to Denial of Service
Ecosystems: npm
Packages: speaker
Source: GitHub Advisory Database
Blast Radius: 21.8
Published: 5 months ago
High
GSA_kwCzR0hTQS1nNTMzLXhxNXctam1mM84AA9wP
node-stringbuilder vulnerable to Out-of-bounds Read
Ecosystems: npm
Packages: node-stringbuilder
Source: GitHub Advisory Database
Blast Radius: 9.1
Published: 5 months ago
High
GSA_kwCzR0hTQS1xZzJwLTlqd3ItbW1xZs4AA9wQ
Django vulnerable to Denial of Service
Ecosystems: pypi
Packages: Django
Source: GitHub Advisory Database
Blast Radius: 38.0
Published: 5 months ago
High
GSA_kwCzR0hTQS13eHIzLTJoZ3YtcW04Zs4AA9wU
node-twain vulnerable to Improper Check or Handling of Exceptional Conditions
Ecosystems: npm
Packages: node-twain
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 5 months ago
High
GSA_kwCzR0hTQS1mNmY4LTlteDYtOW14Ms4AA9wW
Django vulnerable to Denial of Service
Ecosystems: pypi
Packages: Django
Source: GitHub Advisory Database
Blast Radius: 38.0
Published: 5 months ago
High
GSA_kwCzR0hTQS12anB2LXg4cDktN3A4Nc4AA9wM
images vulnerable to Denial of Service
Ecosystems: npm
Packages: images
Source: GitHub Advisory Database
Blast Radius: 20.4
Published: 5 months ago
High
GSA_kwCzR0hTQS05am1mLTIzN2ctcWY0Ns4AA9wT
Django Path Traversal vulnerability
Ecosystems: pypi
Packages: Django
Source: GitHub Advisory Database
Blast Radius: 38.0
Published: 5 months ago
High
GSA_kwCzR0hTQS00M3dxLXhyY20tM3Zncs4AA9wO
@discordjs/opus vulnerable to Denial of Service
Ecosystems: npm
Packages: @discordjs/opus
Source: GitHub Advisory Database
Blast Radius: 27.5
Published: 5 months ago
High
GSA_kwCzR0hTQS03dmhtLWZtcGgtN3d4d84AA9wN
audify vulnerable to Improper Validation of Array Index
Ecosystems: npm
Packages: audify
Source: GitHub Advisory Database
Blast Radius: 6.3
Published: 5 months ago
High
GSA_kwCzR0hTQS1wajM2LWZjcmctMzI3as4AA9vz
BookStack Incorrect Access Control vulnerability
Ecosystems: packagist
Packages: ssddanbrown/bookstack
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS12ZndoLWd2ZjYtbWZmOM4AA9vd
Silverpeas Core Cross-site Scripting vulnerability
Ecosystems: maven
Packages: org.silverpeas.core:silverpeas-core-seb, org.silverpeas.core:silverpeas-core-rs
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 5 months ago
High
GSA_kwCzR0hTQS00NDdyLXdwaDMtOTJwbc4AA9up
Microsoft Security Advisory CVE-2024-38095 | .NET Denial of Service Vulnerability
Ecosystems: nuget
Packages: System.Formats.Asn1, Microsoft.NetCore.App.Runtime.win-x86, Microsoft.NetCore.App.Runtime.win-x64, Microsoft.NetCore.App.Runtime.win-arm64, Microsoft.NetCore.App.Runtime.win-arm, Microsoft.NetCore.App.Runtime.osx-x64, Microsoft.NetCore.App.Runtime.osx-arm64, Microsoft.NetCore.App.Runtime.linux-x64, Microsoft.NetCore.App.Runtime.linux-musl-x64, Microsoft.NetCore.App.Runtime.linux-musl-arm64, Microsoft.NetCore.App.Runtime.linux-musl-arm, Microsoft.NetCore.App.Runtime.linux-arm64, Microsoft.NetCore.App.Runtime.linux-arm
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 5 months ago
High
GSA_kwCzR0hTQS1ocTd3LXh2NXgtZzM0as4AA9uo
Microsoft Security Advisory CVE-2024-38081 | .NET Denial of Service Vulnerability
Ecosystems: nuget
Packages: Microsoft.IO.Redist
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 5 months ago
Critical
GSA_kwCzR0hTQS1jaGZjLTl3Nm0tNzVyZs4AA9un
Microsoft Security Advisory CVE-2024-35264 | .NET Remote Code Execution Vulnerability
Ecosystems: nuget
Packages: Microsoft.AspNetCore.App.Runtime.win-x86, Microsoft.AspNetCore.App.Runtime.win-x64, Microsoft.AspNetCore.App.Runtime.win-arm64, Microsoft.AspNetCore.App.Runtime.win-arm, Microsoft.AspNetCore.App.Runtime.osx-x64, Microsoft.AspNetCore.App.Runtime.osx-arm64, Microsoft.AspNetCore.App.Runtime.linux-x64, Microsoft.AspNetCore.App.Runtime.linux-musl-x64, Microsoft.AspNetCore.App.Runtime.linux-musl-arm64, Microsoft.AspNetCore.App.Runtime.linux-musl-arm, Microsoft.AspNetCore.App.Runtime.linux-arm64, Microsoft.AspNetCore.App.Runtime.linux-arm
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 5 months ago
High
GSA_kwCzR0hTQS1oaDJ3LXA2cnYtNGc3d84AA9um
Microsoft Security Advisory CVE-2024-30105 | .NET Denial of Service Vulnerability
Ecosystems: nuget
Packages: System.Text.Json
Source: GitHub Advisory Database
Blast Radius: 10.1
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS01NXI5LTVteDktcXE3cs4AA9ul
Cache driver GetBlob() allows read access to any blob without access control check
Ecosystems: go
Packages: zotregistry.dev/zot, zotregistry.io/zot
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 5 months ago
High
GSA_kwCzR0hTQS05anhjLXFqcjktdmp4cc4AA9rr
electron-updater Code Signing Bypass on Windows
Ecosystems: npm
Packages: electron-updater
Source: GitHub Advisory Database
Blast Radius: 30.1
Published: 5 months ago
High
GSA_kwCzR0hTQS1qNHI3LXA5ZnAtdzNmM84AA9rZ
Spring Cloud Function Framework vulnerable to Denial of Service
Ecosystems: maven
Packages: org.springframework.cloud:spring-cloud-function-context
Source: GitHub Advisory Database
Blast Radius: 18.7
Published: 5 months ago
Critical
GSA_kwCzR0hTQS1tanc0LWpqODgtdjY4N84AA9rR
panic on parsing crafted phonenumber inputs
Ecosystems: cargo
Packages: phonenumber
Source: GitHub Advisory Database
Blast Radius: 14.4
Published: 5 months ago
Low
GSA_kwCzR0hTQS0zZzkyLXc4YzUtNzNwcc4AA9rQ
Undici vulnerable to data leak when using response.arrayBuffer()
Ecosystems: npm
Packages: undici
Source: GitHub Advisory Database
Blast Radius: 10.0
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS1qZm1qLTV2NGctNzYzN84AA9oo
zipp Denial of Service vulnerability
Ecosystems: pypi
Packages: zipp
Source: GitHub Advisory Database
Blast Radius: 31.7
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS1jaDdxLWdwZmYtaDlocM4AA9on
Undertow Missing Release of Memory after Effective Lifetime vulnerability
Ecosystems: maven
Packages: io.undertow:undertow-core
Source: GitHub Advisory Database
Blast Radius: 19.7
Published: 5 months ago
High
GSA_kwCzR0hTQS14cHA2LThyM2otd3c0M84AA9oi
Undertow Denial of Service vulnerability
Ecosystems: maven
Packages: io.undertow:undertow-core
Source: GitHub Advisory Database
Blast Radius: 27.9
Published: 5 months ago
High
GSA_kwCzR0hTQS0zNmgyLWc0YzgtOXhjbc4AA9ok
Aim denial of service vulnerability
Ecosystems: pypi
Packages: aim
Source: GitHub Advisory Database
Blast Radius: 16.0
Published: 5 months ago
High
GSA_kwCzR0hTQS1qZ2Y0LXZ3YzMtcjQ2ds4AA9oh
Directus Allows Single Sign-On User Enumeration
Ecosystems: npm
Packages: directus
Source: GitHub Advisory Database
Blast Radius: 15.5
Published: 5 months ago
High
GSA_kwCzR0hTQS03aG1oLXBmcnAtdmN4NM4AA9og
Directus GraphQL Field Duplication Denial of Service (DoS)
Ecosystems: npm
Packages: @directus/env
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS03NHI1LWc3dmMtajJ2Ms4AA9of
zerovec-derive incorrectly uses `#[repr(packed)]`
Ecosystems: cargo
Packages: zerovec-derive
Source: GitHub Advisory Database
Blast Radius: 16.3
Published: 5 months ago
High
GSA_kwCzR0hTQS1oeGdtLWdobXYteGpqbc4AA9oe
Directus incorrectly handles `_in` filter
Ecosystems: npm
Packages: directus
Source: GitHub Advisory Database
Blast Radius: 13.0
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS14cnYzLWptY3AtMzc0as4AA9od
zerovec incorrectly uses `#[repr(packed)]`
Ecosystems: cargo
Packages: zerovec
Source: GitHub Advisory Database
Blast Radius: 16.4
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS04cDcyLXJjcTQtaDZwd84AA9n5
Directus Blind SSRF On File Import
Ecosystems: npm
Packages: @directus/api
Source: GitHub Advisory Database
Blast Radius: 9.9
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS01NjRqLXYyOXctcnFyNs4AA9n4
Khoj Open Redirect Vulnerability in Login Page
Ecosystems: pypi
Packages: khoj-assistant
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 5 months ago
Low
GSA_kwCzR0hTQS0zdjMzLTN3bXctMzc4Nc4AA9n3
yt-dlp has dependency on potentially malicious third-party code in Douyu extractors
Ecosystems: pypi
Packages: yt-dlp
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 5 months ago
High
GSA_kwCzR0hTQS1mZzRxLWNjcTgtM3I1cc4AA9n2
NHibernate SQL injection vulnerability in discriminator mappings, static fields referenced in HQL, and some utilities
Ecosystems: nuget
Packages: NHibernate
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS04cWdtLWcydnYtdnd2Y84AA9n1
RailsAdmin Cross-site Scripting vulnerability in the list view
Ecosystems: rubygems
Packages: rails_admin
Source: GitHub Advisory Database
Blast Radius: 27.0
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS1oNjU4LXFxdjktcXd2OM4AA9nw
Apache NiFi vulnerable to Cross-site Scripting
Ecosystems: maven
Packages: org.apache.nifi:nifi-web-ui
Source: GitHub Advisory Database
Blast Radius: 10.0
Published: 5 months ago
High
GSA_kwCzR0hTQS1waGc3LThtbTktZ2o4OM4AA9ne
EGroupware mishandles an ORDER BY clause
Ecosystems: packagist
Packages: egroupware/egroupware
Source: GitHub Advisory Database
Blast Radius: 5.9
Published: 5 months ago
High
GSA_kwCzR0hTQS00cTJwLWh3bXItcWN4Y84AA9nF
OPCFoundation.NetStandard.Opc.Ua.Core buffer-management vulnerability
Ecosystems: nuget
Packages: OPCFoundation.NetStandard.Opc.Ua.Core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 5 months ago
High
GSA_kwCzR0hTQS1td3htLTM1ZjgtNnZnMs4AA9nD
Vanna vulnerable to SQL Injection
Ecosystems: pypi
Packages: vanna
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS01M3E3LTQ4NzQtMjRxZ84AA9m9
Information Disclosure Vulnerability in Privacy Center of SERVER_SIDE_FIDES_API_URL
Ecosystems: pypi
Packages: ethyca-fides
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 5 months ago
High
GSA_kwCzR0hTQS1neHJ2LXdmMzUtNjJ3Oc4AA9m8
Bypassing IP allow-lists in traefik via HTTP/3 early data requests in QUIC 0-RTT handshakes
Ecosystems: go
Packages: github.com/traefik/traefik/v3, github.com/traefik/traefik/v2
Source: GitHub Advisory Database
Blast Radius: 12.9
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS1tOWd2LTZwMjItcWdtas4AA9m7
ai-controller-frontend payment status in basket isn't reset
Ecosystems: packagist
Packages: aimeos/ai-controller-frontend
Source: GitHub Advisory Database
Blast Radius: 9.6
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS1mcXBnLXJxNzYtOTlwcc4AA9m6
Panic in Pipeline when PgConn is busy or closed in github.com/jackc/pgx
Ecosystems: go
Packages: github.com/jackc/pgx/v5
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS1wOWNnLXZxY2MtZ3JjeM4AA9m5
Server Side Request Forgery (SSRF) attack in Fedify
Ecosystems: npm
Packages: @fedify/fedify
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 5 months ago
Low
GSA_kwCzR0hTQS14cjdxLWp4NG0teDU1bc4AA9m4
Private tokens could appear in logs if context containing gRPC metadata is logged in github.com/grpc/grpc-go
Ecosystems: go
Packages: google.golang.org/grpc
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 5 months ago
Low
GSA_kwCzR0hTQS0yNDh2LTM0NnctOWN3Y84AA9m3
Certifi removes GLOBALTRUST root certificate
Ecosystems: pypi
Packages: certifi
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS13OW1oLTV4OGotOTc1NM4AA9m2
Malicious Matrix homeserver can leak truncated message content of messages it shouldn't have access to
Ecosystems: npm
Packages: matrix-appservice-irc
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS1jdnc5LWM1N2gtMzM5N84AA9m1
ZITADEL Vulnerable to Session Information Leakage
Ecosystems: go
Packages: github.com/zitadel/zitadel
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS1taDU1LWdxdmYteGZ3bc4AA9m0
Denial of service via malicious preflight requests in github.com/rs/cors
Ecosystems: go
Packages: github.com/rs/cors
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS1ycnFyLTd3NTktNjM3ds4AA9mz
Pomerium exposed OAuth2 access and ID tokens in user info endpoint response
Ecosystems: go
Packages: github.com/pomerium/pomerium
Source: GitHub Advisory Database
Blast Radius: 4.0
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS1jOTZyLTM4Z3YtZ3JwNM4AA9mX
ShopXO Server-Side Request Forgery Vulnerability
Ecosystems: packagist
Packages: shopxo/shopxo
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 5 months ago
High
GSA_kwCzR0hTQS1yNHY0LXc5cHYtNmZwaM4AA9mC
OpenStack Cinder, Glance, and Nova vulnerable to arbitrary file access
Ecosystems: pypi
Packages: nova, glance, cinder
Source: GitHub Advisory Database
Blast Radius: 10.4
Published: 5 months ago
High
GSA_kwCzR0hTQS01ZjR4LWh3djItdzl3Ms4AA9l_
rejetto HFS vulnerable to OS Command Execution by remote authenticated users
Ecosystems: npm
Packages: hfs
Source: GitHub Advisory Database
Blast Radius: 3.0
Published: 5 months ago
High
GSA_kwCzR0hTQS04bW02LXdtcHAtbW1tM84AA9ly
Gogs allows argument injection during the tagging of a new release
Ecosystems: go
Packages: github.com/gogs/gogs
Source: GitHub Advisory Database
Blast Radius: 13.4
Published: 5 months ago
Critical
GSA_kwCzR0hTQS1oZjI5LTloZmgtdzYzas4AA9lz
Gogs allows argument injection during the previewing of changes
Ecosystems: go
Packages: github.com/gogs/gogs
Source: GitHub Advisory Database
Blast Radius: 17.4
Published: 5 months ago
Critical
GSA_kwCzR0hTQS1wNjlyLXYzaDQtcmo0Zs4AA9l1
github.com/gogs/gogs affected by CVE-2024-39930
Ecosystems: go
Packages: github.com/gogs/gogs
Source: GitHub Advisory Database
Blast Radius: 17.4
Published: 5 months ago
Critical
GSA_kwCzR0hTQS0ydmdqLTNwdmcteGg0d84AA9lx
Gogs allows deletion of internal files
Ecosystems: go
Packages: github.com/gogs/gogs
Source: GitHub Advisory Database
Blast Radius: 17.4
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS1xanZmLTg3NDgtOXc3aM4AA9gc
github.com/google/nftable IP addresses were encoded in the wrong byte order
Ecosystems: go
Packages: github.com/google/nftables
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 5 months ago
High
GSA_kwCzR0hTQS13bTl3LXJqajMtajM1Ns4AA9gV
Apache Tomcat - Denial of Service
Ecosystems: maven
Packages: org.apache.tomcat:tomcat-coyote, org.apache.tomcat.embed:tomcat-embed-core
Source: GitHub Advisory Database
Blast Radius: 31.1
Published: 5 months ago
Critical
GSA_kwCzR0hTQS04d3h4LTM1cWMtdnA2cs4AA9f9
Missing key verification in gost
Ecosystems: go
Packages: github.com/ginuerzh/gost
Source: GitHub Advisory Database
Blast Radius: 7.6
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS1jajgzLTJ3dzctbXZxN84AA9fb
Rack ReDoS Vulnerability in HTTP Accept Headers Parsing
Ecosystems: rubygems
Packages: rack
Source: GitHub Advisory Database
Blast Radius: 39.1
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS04ZmoyLTU4N3ctNXdocs4AA9d3
aimeos/ai-admin-jsonadm improper access control vulnerability allows editors to remove required records
Ecosystems: packagist
Packages: aimeos/ai-admin-jsonadm
Source: GitHub Advisory Database
Blast Radius: 10.0
Published: 5 months ago
Low
GSA_kwCzR0hTQS1qajY4LWNwNHYtOThxZs4AA9d2
aimeos/ai-admin-graphql improper access control vulnerability allows editors to manage own services
Ecosystems: packagist
Packages: aimeos/ai-admin-graphql
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: 5 months ago
High
GSA_kwCzR0hTQS12YzdqLTk5anctanJxbc4AA9d1
aimeos/ai-admin-graphql improper access control vulnerability allows an editor to modify admin account
Ecosystems: packagist
Packages: aimeos/ai-admin-graphql
Source: GitHub Advisory Database
Blast Radius: 4.9
Published: 5 months ago
Low
GSA_kwCzR0hTQS1jdnc0LWM2OWctN3Y3bc4AA9d0
Inclusion of Untrusted polyfill.io Code Vulnerability in fides.js
Ecosystems: pypi
Packages: ethyca-fides
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 5 months ago
High
GSA_kwCzR0hTQS03OXc3LXZoM2gtOGc0as4AA9dz
yt-dlp File system modification and RCE through improper file-extension sanitization
Ecosystems: pypi
Packages: yt-dlp
Source: GitHub Advisory Database
Blast Radius: 27.7
Published: 5 months ago
Critical
GSA_kwCzR0hTQS05djJmLTZ2Y2ctM2hnds4AA9cz
Gradio was discovered to contain a code injection vulnerability via the component /gradio/component_meta.py
Ecosystems: pypi
Packages: Gradio
Source: GitHub Advisory Database
Blast Radius: 39.9
Published: 5 months ago
Low
GSA_kwCzR0hTQS1qZmdwLTY3NHgtNnE0cM4AA9cu
Weblate vulnerable to improper sanitization of project backups
Ecosystems: pypi
Packages: Weblate
Source: GitHub Advisory Database
Blast Radius: 1.3
Published: 5 months ago
High
GSA_kwCzR0hTQS0zNjY5LTcyeDktcjlwM84AA9ct
Potential memory exhaustion attack due to sparse slice deserialization
Ecosystems: go
Packages: github.com/gorilla/schema
Source: GitHub Advisory Database
Blast Radius: 27.3
Published: 5 months ago
Critical
GSA_kwCzR0hTQS05OGoyLTNqM3AtZncyds4AA9cs
Session Middleware Token Injection Vulnerability
Ecosystems: go
Packages: github.com/gofiber/fiber/v2/middleware/session, github.com/gofiber/fiber/v2, github.com/gofiber/fiber
Source: GitHub Advisory Database
Blast Radius: 37.2
Published: 5 months ago
Critical
GSA_kwCzR0hTQS02amo2LWdtN3AtZmN2ds4AA9cr
Remote Code Execution (RCE) vulnerability in geoserver
Ecosystems: maven
Packages: org.geoserver:gs-wms, org.geoserver:gs-wfs, org.geoserver.web:gs-web-app
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 5 months ago
High
GSA_kwCzR0hTQS1qaHF4LTV2NWctbXBmM84AA9cq
Classpath resource disclosure in GWC Web Resource API on Windows / Tomcat
Ecosystems: maven
Packages: org.geoserver:gs-gwc, org.geoserver.web:gs-web-app
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 5 months ago
Statistics
Advisories: 20,713
Packages: 9,066
Repositories: 5,542
Ecosystems: 12
Filter by Severity
Moderate 8,860 High 7,285 Critical 3,071 Low 1,148
Filter by Ecosystem
maven 5,870 packagist 4,634 pypi 4,392 npm 3,814 go 2,299 nuget 1,552 cargo 888 rubygems 880 swift 33 hex 32 actions 20 pub 9
Filter by Package
tensorflow 433 tensorflow-gpu 427 tensorflow-cpu 423 moodle/moodle 367 Microsoft.ChakraCore 247 magento/community-edition 235 org.jenkins-ci.main:jenkins-core 193 typo3/cms 174 org.apache.tomcat:tomcat 132 pimcore/pimcore 118 dolibarr/dolibarr 113 typo3/cms-core 106 Django 100 microweber/microweber 94 drupal/core 92 phpmyadmin/phpmyadmin 92 silverstripe/framework 85 apache-airflow 85 drupal/drupal 78 librenms/librenms 74 Plone 72 thorsten/phpmyfaq 70 symfony/symfony 69 com.fasterxml.jackson.core:jackson-databind 69 github.com/usememos/memos 64 ansible 63 github.com/mattermost/mattermost/server/v8 61 concrete5/concrete5 60 actionpack 60 salt 56 org.apache.struts:struts2-core 55 shopware/platform 52 apache-superset 51 org.keycloak:keycloak-core 51 github.com/grafana/grafana 49 nova 47 baserproject/basercms 47 craftcms/cms 46 com.liferay.portal:release.portal.bom 46 mlflow 46 django 44 nokogiri 43 rdiffweb 42 plone 41 showdoc/showdoc 40 shopware/core 40 intelliants/subrion 39 vyper 38 github.com/rancher/rancher 38 org.apache.tomcat.embed:tomcat-embed-core 38 froxlor/froxlor 38 github.com/hashicorp/vault 37 mautic/core 37 nilsteampassnet/teampass 37 com.thoughtworks.xstream:xstream 37 org.xwiki.platform:xwiki-platform-oldcore 37 github.com/mattermost/mattermost-server/v6 37 org.keycloak:keycloak-services 36 org.elasticsearch:elasticsearch 36 k8s.io/kubernetes 36 com.jfinal:jfinal 36 moin 35 snipe/snipe-it 35 net.mingsoft:ms-mcms 35 matrix-synapse 35 github.com/answerdev/answer 34 gradio 34 io.undertow:undertow-core 34 zendframework/zendframework1 34 org.jenkins-ci.plugins:script-security 33 keystone 32 opencv-python 31 opencv-contrib-python 31 parse-server 31 github.com/argoproj/argo-cd 31 Pillow 31 shopware/shopware 30 getgrav/grav 29 github.com/hashicorp/consul 29 github.com/docker/docker 29 mediawiki/core 28 github.com/hashicorp/nomad 28 github.com/argoproj/argo-cd/v2 27 centreon/centreon 27 pillow 26 electron 26 directus 26 prestashop/prestashop 26 openssl-src 26 github.com/cilium/cilium 25 org.apache.solr:solr-core 25 gogs.io/gogs 25 org.keycloak:keycloak-parent 25 rubygems-update 25 org.springframework.security:spring-security-core 24 org.eclipse.jetty:jetty-server 24 contao/core-bundle 24 magento/core 24 puppet 23 rack 23 grumpydictator/firefly-iii 23 remdex/livehelperchat 23 simplesamlphp/simplesamlphp 23 zendframework/zendframework 23 pocketmine/pocketmine-mp 23 org.bouncycastle:bcprov-jdk14 22 getkirby/cms 22 tribalsystems/zenario 22 ckb 22 activerecord 21 org.apache.openmeetings:openmeetings-parent 21 @openzeppelin/contracts-upgradeable 21 Microsoft.AspNetCore.App.Runtime.win-x86 21 Microsoft.AspNetCore.App.Runtime.win-x64 21 org.apache.nifi:nifi 21 glance 21 laravel/framework 20 Microsoft.AspNetCore.App.Runtime.win-arm 20 github.com/ethereum/go-ethereum 20 @openzeppelin/contracts 20 code.gitea.io/gitea 20 org.cloudfoundry.identity:cloudfoundry-identity-server 20 funadmin/funadmin 20 langchain 20 org.springframework:spring-core 19 wasmtime 19 DotNetNuke.Core 19 github.com/goharbor/harbor 19 org.xwiki.platform:xwiki-platform-web-templates 19 contao/contao 19 golang.org/x/net 18 github.com/traefik/traefik/v2 18 Microsoft.AspNetCore.App.Runtime.osx-x64 18 Microsoft.AspNetCore.App.Runtime.linux-x64 18 Microsoft.AspNetCore.App.Runtime.linux-musl-x64 18 Microsoft.AspNetCore.App.Runtime.linux-arm 18 Microsoft.AspNetCore.App.Runtime.linux-arm64 18 cockpit-hq/cockpit 18 mindsdb 18 cobbler 18 next 18 topthink/framework 18 com.vaadin:vaadin-bom 18 forkcms/forkcms 18 mercurial 18 Microsoft.AspNetCore.App.Runtime.win-arm64 18 com.liferay.portal:release.dxp.bom 18 cakephp/cakephp 17 ezsystems/ezpublish-kernel 17 symfony/security 17 notebook 17 opencart/opencart 17 genix/cms 17 Microsoft.AspNetCore.App.Runtime.linux-musl-arm64 17 org.apache.geode:geode-core 17 helm.sh/helm/v3 17 francoisjacquet/rosariosis 17 typo3/cms-backend 16 org.apache.dubbo:dubbo 16 phpbb/phpbb 16 cryptography 16 paddlepaddle 16 tinymce 16 yetiforce/yetiforce-crm 16 github.com/zitadel/zitadel 16 org.apache.activemq:activemq-client 16 PaddlePaddle 16 neutron 16 pyload-ng 16 sequelize 16 org.apache.jspwiki:jspwiki-main 16 rusqlite 16 openmage/magento-lts 16 org.bouncycastle:bcprov-jdk15 16 surrealdb 15 ckeditor4 15 smarty/smarty 15 symfony/security-http 15 calibreweb 15 OctoPrint 15 ghost 15 org.apache.struts.xwork:xwork-core 15 ec-cube/ec-cube 15 ethyca-fides 15 october/system 15 lollms 14 activesupport 14 silverstripe/cms 14 github.com/containerd/containerd 14 swagger-ui 14 publify_core 14 aiohttp 14 joplin 14 pyftpdlib 14 feehi/cms 14 modoboa 14 phpmailer/phpmailer 14 org.apache.tomcat:tomcat-coyote 14 camaleon_cms 14 github.com/nats-io/nats-server/v2 14
Filter by Repository
https://github.com/tensorflow/tensorflow 433 https://github.com/moodle/moodle 218 https://github.com/chakra-core/ChakraCore 214 https://github.com/xwiki/xwiki-platform 183 https://github.com/jenkinsci/jenkins 150 https://github.com/django/django 113 https://github.com/pimcore/pimcore 113 https://github.com/apache/tomcat 101 https://github.com/apache/airflow 100 https://github.com/microweber/microweber 88 https://github.com/TYPO3/typo3 74 https://github.com/keycloak/keycloak 74 https://github.com/FasterXML/jackson-databind 70 https://github.com/thorsten/phpmyfaq 69 https://github.com/librenms/librenms 66 https://github.com/silverstripe/silverstripe-framework 64 https://github.com/symfony/symfony 64 https://github.com/usememos/memos 64 https://github.com/rails/rails 59 https://github.com/ansible/ansible 58 https://github.com/Dolibarr/dolibarr 56 https://github.com/kubernetes/kubernetes 53 https://github.com/python-pillow/Pillow 52 https://github.com/apache/struts 46 https://github.com/spring-projects/spring-framework 45 https://github.com/shopware/platform 43 https://github.com/argoproj/argo-cd 42 https://github.com/ikus060/rdiffweb 42 https://github.com/grafana/grafana 41 https://github.com/concretecms/concretecms 41 https://github.com/star7th/showdoc 38 https://github.com/phpmyadmin/phpmyadmin 38 https://github.com/magento/magento2 38 https://github.com/vyperlang/vyper 38 https://github.com/plone/Products.CMFPlone 37 https://github.com/openstack/nova 37 https://github.com/x-stream/xstream 37 https://github.com/octobercms/october 35 https://github.com/mautic/mautic 35 https://github.com/answerdev/answer 34 https://github.com/craftcms/cms 34 https://github.com/saltstack/salt 34 https://github.com/rancher/rancher 34 https://github.com/apache/activemq 33 https://github.com/dotnet/runtime 33 https://github.com/go-gitea/gitea 32 https://github.com/sparklemotion/nokogiri 32 https://github.com/matrix-org/synapse 32 https://github.com/opencv/opencv 32 https://github.com/parse-community/parse-server 31 https://github.com/PaddlePaddle/Paddle 31 https://github.com/gradio-app/gradio 31 https://github.com/mlflow/mlflow 30 https://github.com/snipe/snipe-it 30 https://github.com/openstack/keystone 28 https://github.com/shopware/shopware 28 https://github.com/CVEProject/cvelist 28 https://github.com/apache/inlong 27 https://github.com/baserproject/basercms 26 https://github.com/froxlor/froxlor 26 https://github.com/cilium/cilium 25 https://github.com/directus/directus 25 https://github.com/umbraco/Umbraco-CMS 25 https://github.com/electron/electron 25 https://github.com/contao/contao 25 https://github.com/github/advisory-database 25 https://github.com/TYPO3/TYPO3.CMS 24 https://github.com/strapi/strapi 24 https://github.com/getgrav/grav 24 https://github.com/gogs/gogs 24 https://github.com/eclipse/jetty.project 23 https://github.com/firefly-iii/firefly-iii 23 https://github.com/apache/nifi 23 https://github.com/livehelperchat/livehelperchat 23 https://github.com/pmmp/PocketMine-MP 23 https://github.com/nervosnetwork/ckb 22 https://github.com/PrestaShop/PrestaShop 22 https://github.com/hashicorp/consul 22 https://github.com/langchain-ai/langchain 22 https://github.com/netty/netty 21 https://github.com/apache/cxf 21 https://github.com/jenkinsci/script-security-plugin 21 https://github.com/OpenZeppelin/openzeppelin-contracts 20 https://github.com/simplesamlphp/simplesamlphp 20 https://github.com/undertow-io/undertow 20 https://github.com/OpenNMS/opennms 20 https://github.com/jeecgboot/jeecg-boot 20 https://github.com/funadmin/funadmin 20 https://github.com/bytecodealliance/wasmtime 20 https://github.com/getkirby/kirby 19 https://github.com/goharbor/harbor 19 https://github.com/zitadel/zitadel 19 https://github.com/cloudfoundry/uaa 19 https://github.com/nilsteampassnet/teampass 19 https://github.com/bcgit/bc-java 19 https://github.com/intelliants/subrion 18 https://github.com/rubygems/rubygems 18 https://github.com/traefik/traefik 18 https://github.com/helm/helm 18 https://github.com/nilsteampassnet/TeamPass 18 https://github.com/rack/rack 18 https://github.com/geoserver/geoserver 18 https://github.com/opencast/opencast 17 https://github.com/moby/moby 17 https://github.com/liufee/cms 17 https://github.com/vaadin/platform 17 https://github.com/mindsdb/mindsdb 17 https://github.com/hashicorp/vault 17 https://github.com/forkcms/forkcms 16 https://github.com/tinymce/tinymce 16 https://github.com/laravel/framework 16 https://github.com/ethereum/go-ethereum 16 https://github.com/etcd-io/etcd 16 https://github.com/pyload/pyload 16 https://github.com/backstage/backstage 16 https://github.com/TYPO3-CMS/core 16 https://github.com/OpenMage/magento-lts 16 https://github.com/mattermost/mattermost 16 https://github.com/rusqlite/rusqlite 16 https://github.com/yetiforcecompany/yetiforcecrm 16 https://github.com/sequelize/sequelize 16 https://github.com/PHPMailer/PHPMailer 15 https://github.com/centreon/centreon 15 https://github.com/puppetlabs/puppet 15 https://github.com/dompdf/dompdf 15 https://github.com/vantage6/vantage6 15 https://github.com/pyca/cryptography 15 https://github.com/ethyca/fides 15 https://github.com/surrealdb/surrealdb 15 https://github.com/denoland/deno 15 https://github.com/apache/camel 15 https://github.com/zendframework/zendframework 15 https://github.com/cobbler/cobbler 15 https://github.com/decidim/decidim 15 https://github.com/aio-libs/aiohttp 14 https://github.com/hashicorp/nomad 14 https://github.com/cockpit-hq/cockpit 14 https://github.com/twisted/twisted 14 https://github.com/containerd/containerd 14 https://github.com/ckeditor/ckeditor4 14 https://github.com/xuxueli/xxl-job 14 https://github.com/janeczku/calibre-web 14 https://github.com/vercel/next.js 14 https://github.com/dotnet/aspnetcore 14 https://github.com/OpenRefine/OpenRefine 13 https://github.com/swagger-api/swagger-ui 13 https://github.com/OPCFoundation/UA-.NETStandard 13 https://github.com/publify/publify 13 https://github.com/TryGhost/Ghost 13 https://github.com/nodejs/undici 13 https://github.com/laurent22/joplin 13 https://github.com/quarkusio/quarkus 13 https://github.com/dromara/hutool 13 https://github.com/golang/go 13 https://github.com/ming-soft/MCMS 13 https://github.com/apache/dolphinscheduler 13 https://github.com/modoboa/modoboa 13 https://github.com/wagtail/wagtail 12 https://github.com/1Panel-dev/1Panel 12 https://github.com/urllib3/urllib3 12 https://github.com/pimcore/admin-ui-classic-bundle 12 https://github.com/centreon/centreon-archived 12 https://github.com/apache/kylin 12 https://github.com/PHPOffice/PhpSpreadsheet 12 https://github.com/puma/puma 12 https://github.com/patriksimek/vm2 12 https://github.com/opencontainers/runc 12 https://github.com/openstack/glance 12 https://github.com/smarty-php/smarty 12 https://github.com/openfga/openfga 12 https://github.com/containers/podman 12 https://github.com/zenml-io/zenml 11 https://github.com/ezsystems/ezpublish-kernel 11 https://github.com/NodeBB/NodeBB 11 https://github.com/igniterealtime/Openfire 11 https://github.com/owen2345/camaleon-cms 11 https://github.com/getsentry/sentry 11 https://github.com/Studio-42/elFinder 11 https://github.com/thorsten/phpMyFAQ 11 https://github.com/drupal/core 11 https://github.com/vaadin/flow 11 https://github.com/cakephp/cakephp 11 https://github.com/dolibarr/dolibarr 11 https://github.com/scrapy/scrapy 11 https://github.com/Pylons/waitress 11 https://github.com/nats-io/nats-server 11 https://github.com/pomerium/pomerium 11 https://github.com/yiisoft/yii2 11 https://github.com/dpgaspar/Flask-AppBuilder 11 https://github.com/matrix-org/matrix-js-sdk 11 https://github.com/onionshare/onionshare 11 https://github.com/WWBN/AVideo 11 https://github.com/Sylius/Sylius 11 https://github.com/top-think/framework 11 https://github.com/spring-projects/spring-security 11 https://github.com/cloudflare/cfrpki 11 https://github.com/keystonejs/keystone 10 https://github.com/apache/zeppelin 10 https://github.com/pgadmin-org/pgadmin4 10