Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories

Browse all Security Advisories for

Loading...
Moderate
GSA_kwCzR0hTQS1qNTl2LXZnY3ItaHh2Zs4AA9cp
GeoServer's Server Status shows sensitive environmental variables and Java properties
Ecosystems: maven
Packages: org.geoserver:gs-main, org.geoserver.web:gs-web-app
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 5 months ago
Critical
GSA_kwCzR0hTQS1jMmhyLWNxZzYtOGo2cs4AA9co
ZDI-CAN-23894: Parse Server literalizeRegexPart SQL Injection Authentication Bypass Vulnerability
Ecosystems: npm
Packages: parse-server
Source: GitHub Advisory Database
Blast Radius: 30.2
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS13aHB4LWc1NDItN2M3ds4AA9b8
@cat5th/key-serializer Prototype Pollution vulnerability
Ecosystems: npm
Packages: @cat5th/key-serializer
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 5 months ago
High
GSA_kwCzR0hTQS0zcTU2LTljYzItNDZqNM4AA9bz
robinweser fast-loops vulnerable to prototype pollution
Ecosystems: npm
Packages: fast-loops
Source: GitHub Advisory Database
Blast Radius: 31.9
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS0zMjhwLTM2MmctcjQ4as4AA9b3
ag-grid packages vulnerable to Prototype Pollution
Ecosystems: npm
Packages: ag-grid-enterprise, ag-grid-community, @ag-grid-enterprise/charts
Source: GitHub Advisory Database
Blast Radius: 23.4
Published: 5 months ago
High
GSA_kwCzR0hTQS14M20zLTR3cHYtNXZnY84AA9bx
jrburke requirejs vulnerable to prototype pollution
Ecosystems: npm
Packages: requirejs
Source: GitHub Advisory Database
Blast Radius: 51.6
Published: 5 months ago
High
GSA_kwCzR0hTQS04NzZwLWM3N20teDJoY84AA9bu
Prototype pollution in ag-grid-community via the _.mergeDeep function
Ecosystems: npm
Packages: ag-grid-community, ag-grid-enterprise
Source: GitHub Advisory Database
Blast Radius: 36.4
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS04OHZyLWhqcXgtNTdxaM4AA9bv
adolph_dudu ratio-swiper was discovered to contain a prototype pollution via the function extendDefaults
Ecosystems: npm
Packages: @adolph_dudu/ratio-swiper
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 5 months ago
High
GSA_kwCzR0hTQS13NTh2LXIzY3AtcXI5M84AA9bt
@amoy/common v was discovered to contain a prototype pollution via the function extend
Ecosystems: npm
Packages: @amoy/common
Source: GitHub Advisory Database
Blast Radius: 4.4
Published: 5 months ago
High
GSA_kwCzR0hTQS1nYzdtLTU5NmgteDU3cs4AA9br
frappejs was discovered to contain a prototype pollution via the function registerView
Ecosystems: npm
Packages: @airvertco/frappejs
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 5 months ago
High
GSA_kwCzR0hTQS1naDR4LXF2M3AtbTlwbc4AA9bq
akbr patch-into was discovered to contain a prototype pollution via the function patchInto
Ecosystems: npm
Packages: @akbr/patch-into
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS12ZzZ2LWpjZzMtNW1wN84AA9bm
@aofl/cli-lib Prototype Pollution vulnerability
Ecosystems: npm
Packages: @aofl/cli-lib
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS0zNDM0LWhjM20tOG1tbc4AA9bD
Reflected Cross-Site Scripting (XSS) in zenml
Ecosystems: pypi
Packages: zenml
Source: GitHub Advisory Database
Blast Radius: 10.0
Published: 5 months ago
Critical
GSA_kwCzR0hTQS04NjljLWo3d2MtOGpxds4AA9as
Gin mishandles a wildcard at the end of an origin string
Ecosystems: go
Packages: github.com/gin-contrib/cors, github.com/gin-gonic/gin
Source: GitHub Advisory Database
Blast Radius: 43.1
Published: 5 months ago
High
GSA_kwCzR0hTQS0yeHB4LXZjbXEtNWY3Ms4AA9aa
Unlimited number of NTS-KE connections can crash ntpd-rs server
Ecosystems: cargo
Packages: ntpd
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS1oZzU4LXJmMmgtNnJyN84AA9aS
CometBFT is unstability during blocksync when syncing from malicious peer
Ecosystems: go
Packages: github.com/cometbft/cometbft
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 5 months ago
High
GSA_kwCzR0hTQS1jZ3Z4LTk0NDctdmNjaM4AA9aK
ntlk unsafe deserialization vulnerability
Ecosystems: pypi
Packages: nltk
Source: GitHub Advisory Database
Blast Radius: 35.7
Published: 5 months ago
High
GSA_kwCzR0hTQS1mZjdxLTZ2d2gtdjltNM4AA9aG
Name confusion in x509 Subject Alternative Name fields
Ecosystems: packagist
Packages: phpseclib/phpseclib
Source: GitHub Advisory Database
Blast Radius: 35.2
Published: 5 months ago
Critical
GSA_kwCzR0hTQS1tcjdoLXcycWMtZmZjMs4AA9ZU
pytorch-lightning vulnerable to Arbitrary File Write via /v1/runs API endpoint
Ecosystems: pypi
Packages: lightning
Source: GitHub Advisory Database
Blast Radius: 26.9
Published: 5 months ago
Critical
GSA_kwCzR0hTQS1ycnFxLWZ2Nm0tNjkybc4AA9Zq
vanna vulnerable to remote code execution caused by prompt injection
Ecosystems: pypi
Packages: vanna
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS1xcWN2LXZnOWYtNXJyM84AA9Z6
litellm vulnerable to improper access control in team management
Ecosystems: pypi
Packages: litellm
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 5 months ago
High
GSA_kwCzR0hTQS13OXFmLTgzamctMng2Y84AA9Zx
lollms vulnerable to dot-dot-slash path traversal in XTTS server
Ecosystems: pypi
Packages: lollms
Source: GitHub Advisory Database
Blast Radius: 4.4
Published: 5 months ago
High
GSA_kwCzR0hTQS01OG0zLXJjdnAtZjl3d84AA9ZT
h2o vulnerable to unexpected POST request shutting down server
Ecosystems: pypi
Packages: h2o
Source: GitHub Advisory Database
Blast Radius: 19.5
Published: 5 months ago
High
GSA_kwCzR0hTQS05Y2htLW02eDItNmZ2Y84AA9Zw
lollms vulnerable to path traversal due to unauthenticated root folder settings change
Ecosystems: pypi
Packages: lollms
Source: GitHub Advisory Database
Blast Radius: 5.2
Published: 5 months ago
High
GSA_kwCzR0hTQS1tNDVjLXY0NmgtYzc4OM4AA9Z4
lollms path traversal vulnerability allows overriding of config.yaml file, leading to RCE
Ecosystems: pypi
Packages: lollms
Source: GitHub Advisory Database
Blast Radius: 4.5
Published: 5 months ago
Critical
GSA_kwCzR0hTQS1ncHBnLWdxdzgtd2g5Z84AA9Z3
litellm vulnerable to remote code execution based on using eval unsafely
Ecosystems: pypi
Packages: litellm
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS1xMjdjLWo2ajktNTN3M84AA9Yo
Directory creation by malicious user in saltstack
Ecosystems: pypi
Packages: salt
Source: GitHub Advisory Database
Blast Radius: 13.2
Published: 5 months ago
High
GSA_kwCzR0hTQS0ycXczLTJ3djYtcDY0eM4AA9Yp
Path traversal in saltstack
Ecosystems: pypi
Packages: salt
Source: GitHub Advisory Database
Blast Radius: 20.3
Published: 5 months ago
High
GSA_kwCzR0hTQS05cGhtLWZtNTctcmhnOM4AA9X0
Panic when parsing invalid palette-color images in golang.org/x/image
Ecosystems: go
Packages: golang.org/x/image
Source: GitHub Advisory Database
Blast Radius: 38.0
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS1tcDNnLXZwbTktOXZxds4AA9Xz
@fastly/js-compute has a use-after-free in some host call implementations
Ecosystems: npm
Packages: @fastly/js-compute
Source: GitHub Advisory Database
Blast Radius: 9.6
Published: 5 months ago
Low
GSA_kwCzR0hTQS05MzQ0LXA4NDctcW01Y84AA9Xy
Low severity (DoS) vulnerability in sequoia-openpgp
Ecosystems: cargo
Packages: sequoia-openpgp
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS1xNnh2LWptNHYtMzQ5aM4AA9Xx
Cross-site Scripting in ZenUML
Ecosystems: npm
Packages: @zenuml/core
Source: GitHub Advisory Database
Blast Radius: 5.4
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS0zY3BxLXJ3MzYtY3Bwds4AA9Xt
Secret file credentials stored unencrypted in rare cases by Plain Credentials Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:plain-credentials
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS14OG1mLWpjbWYtcjc5Zs4AA9Xs
Bitbucket OAuth access token exposed in the build log by Bitbucket Branch Source Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:cloudbees-bitbucket-branch-source
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 5 months ago
Low
GSA_kwCzR0hTQS14ZngzLWNyNzQteDNjds4AA9Xv
Exposure of secrets through system log in Jenkins Structs Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:structs
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 5 months ago
Low
GSA_kwCzR0hTQS12MnZmLWp2ODgtM2ZwNc4AA9Xp
October System module has an Open Redirect for Administrator Accounts
Ecosystems: packagist
Packages: october/system
Source: GitHub Advisory Database
Blast Radius: 8.9
Published: 5 months ago
Low
GSA_kwCzR0hTQS1yanc4LXY3cnItcjU2M84AA9Xl
October System module has a Reflected XSS via X-October-Request-Handler Header
Ecosystems: packagist
Packages: october/system
Source: GitHub Advisory Database
Blast Radius: 7.8
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS1ndzg0LTg0cGMteHA4Ms4AA9XO
Cross-site Scripting in djangorestframework
Ecosystems: pypi
Packages: djangorestframework
Source: GitHub Advisory Database
Blast Radius: 31.4
Published: 5 months ago
High
GSA_kwCzR0hTQS01dmdqLWdnbTQtZmc2Ms4AA9W1
pdoc embeds link to malicious CDN if math mode is enabled
Ecosystems: pypi
Packages: pdoc
Source: GitHub Advisory Database
Blast Radius: 18.6
Published: 5 months ago
Critical
GSA_kwCzR0hTQS1ocTRmLW12M3EtOHdjds4AA9We
Craft CMS SQL injection vulnerability via the GraphQL API endpoint
Ecosystems: packagist
Packages: craftcms/cms
Source: GitHub Advisory Database
Blast Radius: 33.7
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS05ZzZnLXhxdjUtOGc1d84AA9Wb
PingCAP TiDB nil pointer dereference
Ecosystems: go
Packages: github.com/pingcap/tidb
Source: GitHub Advisory Database
Blast Radius: 14.6
Published: 5 months ago
High
GSA_kwCzR0hTQS14ZmhwLWpmOHAtbWg1d84AA9WW
HashiCorp go-getter Vulnerable to Code Execution On Git Update Via Git Config Manipulation
Ecosystems: go
Packages: github.com/hashicorp/go-getter
Source: GitHub Advisory Database
Blast Radius: 32.6
Published: 5 months ago
High
GSA_kwCzR0hTQS1wcG01LWp2ODQtMnhnMs4AA9WS
Aimeos HTML client may potentially reveal sensitive information in error log
Ecosystems: packagist
Packages: aimeos/ai-client-html
Source: GitHub Advisory Database
Blast Radius: 16.0
Published: 5 months ago
Low
GSA_kwCzR0hTQS05NGNjLXhqeHItcHd2Zs4AA9WR
DSpace Cross Site Scripting (XSS) via a deposited HTML/XML document
Ecosystems: maven
Packages: org.dspace:dspace-server-webapp
Source: GitHub Advisory Database
Blast Radius: 3.9
Published: 5 months ago
High
GSA_kwCzR0hTQS02ODN4LTQ0NDQtanhoOM4AA9UM
Improper Restriction of XML External Entity Reference in org.cyclonedx:cyclonedx-core-java
Ecosystems: maven
Packages: org.cyclonedx:cyclonedx-core-java
Source: GitHub Advisory Database
Blast Radius: 13.5
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS12NnY4LXhqNm0teHdxaM4AA9UK
go-retryablehttp can leak basic auth credentials to log files
Ecosystems: go
Packages: github.com/hashicorp/go-retryablehttp
Source: GitHub Advisory Database
Blast Radius: 27.2
Published: 5 months ago
Critical
GSA_kwCzR0hTQS1xY2ozLXdwZ20tcXB4aM4AA9UF
XWiki programming rights may be inherited by inclusion
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-rendering-macro-include
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS1oMjZ3LXI0bTUtOHJyZs4AA9UE
CodeChecker has a Path traversal in `CodeChecker server` in the endpoint of `CodeChecker store`
Ecosystems: pypi
Packages: codechecker
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 5 months ago
Critical
GSA_kwCzR0hTQS1jZjNxLXZnOHctbXc4NM4AA9Tl
Apache StreamPipes: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in Recovery Token Generation
Ecosystems: maven
Packages: org.apache.streampipes:streampipes-resource-management
Source: GitHub Advisory Database
Blast Radius: 7.1
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS0zNmdmLXZwajItajQyd84AA9Tg
Cross site scripting in Apache JSPWiki
Ecosystems: maven
Packages: org.apache.jspwiki:jspwiki-main
Source: GitHub Advisory Database
Blast Radius: 8.2
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS03Z2pyLWhjYzMteGZyNM4AA9Ta
Improper line feed handling in zenml
Ecosystems: pypi
Packages: zenml
Source: GitHub Advisory Database
Blast Radius: 7.1
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS03OWg4LWd4aHEtcTNqZ84AA9TI
Remote Code Execution in create_conda_env function in lollms
Ecosystems: pypi
Packages: lollms
Source: GitHub Advisory Database
Blast Radius: 4.1
Published: 5 months ago
Critical
GSA_kwCzR0hTQS1tdnJtLWZoOHEtNndyMs4AA9S_
Remote Code Execution via path traversal bypass in lollms
Ecosystems: pypi
Packages: lollms
Source: GitHub Advisory Database
Blast Radius: 5.9
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS1nNmM5LWY0eG0tOWo0eM4AA9S3
Open redirect in gradio
Ecosystems: pypi
Packages: gradio
Source: GitHub Advisory Database
Blast Radius: 22.0
Published: 5 months ago
High
GSA_kwCzR0hTQS1tN3I4LTJyOTgtdnBwas4AA9Sw
Zip slip in opencart
Ecosystems: packagist
Packages: opencart/opencart
Source: GitHub Advisory Database
Blast Radius: 8.5
Published: 5 months ago
High
GSA_kwCzR0hTQS03cTNoLWo5NXEtM3ZqaM4AA9Sy
Arbitrary File Creation in opencart
Ecosystems: packagist
Packages: opencart/opencart
Source: GitHub Advisory Database
Blast Radius: 7.8
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS1xeDQ0LTg4NWgtN3A1Ns4AA9S0
Cross site scripting in opencart
Ecosystems: packagist
Packages: opencart/opencart
Source: GitHub Advisory Database
Blast Radius: 4.9
Published: 5 months ago
High
GSA_kwCzR0hTQS03Y3JqLTI0ZzMtZzdoN84AA9S2
SQL injection in opencart
Ecosystems: packagist
Packages: opencart/opencart
Source: GitHub Advisory Database
Blast Radius: 8.7
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS1wcWhxLTc3cHctNzYzY84AA9Sv
Cross site scripting in opencart
Ecosystems: packagist
Packages: opencart/opencart
Source: GitHub Advisory Database
Blast Radius: 4.9
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS1xYzNxLThycjgtOHA1ds4AA9S4
Cross site scripting in opencart
Ecosystems: packagist
Packages: opencart/opencart
Source: GitHub Advisory Database
Blast Radius: 4.9
Published: 5 months ago
Low
GSA_kwCzR0hTQS1jMjVoLWMyN3EtNXFwds4AA9SS
Keycloak leaks configured LDAP bind credentials through the Keycloak admin console
Ecosystems: maven
Packages: org.keycloak:keycloak-ldap-federation
Source: GitHub Advisory Database
Blast Radius: 4.7
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS1jY2hwLTNycTYtNjl3as4AA9RD
events2 TYPO3 extension insecure direct object reference (IDOR) vulnerability
Ecosystems: packagist
Packages: jweiland/events2
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS1qZzYyLWg3cHYtaHhnds4AA9RB
FriendlyCaptcha Plugin for TYPO3 Captcha Check Bypass
Ecosystems: packagist
Packages: studiomitte/friendlycaptcha
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS12MnhtLTc2cHEtcGhjZs4AA9Qy
ClassGraph XML External Entity Reference
Ecosystems: maven
Packages: io.github.classgraph:classgraph
Source: GitHub Advisory Database
Blast Radius: 20.9
Published: 5 months ago
High
GSA_kwCzR0hTQS1wOWZmLWo5OHYtcDQzNc4AA9QL
Strapi Server-Side Request Forgery (SSRF)
Ecosystems: npm
Packages: @strapi/strapi
Source: GitHub Advisory Database
Blast Radius: 29.9
Published: 5 months ago
High
GSA_kwCzR0hTQS05Z3h4LTU4cTYtNDJwN84AA9QI
Lightning Network Daemon (LND)'s onion processing logic leads to a denial of service
Ecosystems: go
Packages: github.com/lightningnetwork/lnd
Source: GitHub Advisory Database
Blast Radius: 14.0
Published: 5 months ago
High
GSA_kwCzR0hTQS1oOTV4LTI2ZjMtODhocs4AA9P0
js2py allows remote code execution
Ecosystems: pypi
Packages: js2py
Source: GitHub Advisory Database
Blast Radius: 24.4
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS1ncmp2LWdqZ3ItNjZnMs4AA9Px
SpiceDB exclusions can result in no permission returned when permission expected
Ecosystems: go
Packages: github.com/authzed/spicedb
Source: GitHub Advisory Database
Blast Radius: 4.6
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS1ydmo0LXE4cTUtOGdyZs4AA9Pw
ACME DNS: Azure Identity Libraries Elevation of Privilege Vulnerability
Ecosystems: go
Packages: github.com/traefik/traefik/v2, github.com/traefik/traefik/v3
Source: GitHub Advisory Database
Blast Radius: 9.4
Published: 5 months ago
Critical
GSA_kwCzR0hTQS1qNTg0LWoydmotM2Y5M84AA9Pv
XWiki Platform allows remote code execution from user account
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-oldcore
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS1odzVmLTZ3dnYteGNyaM4AA9Pu
SFTPGo has insufficient access control for password reset
Ecosystems: go
Packages: github.com/drakkan/sftpgo/v2
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 5 months ago
High
GSA_kwCzR0hTQS05NDQyLWdtNHYtcjIyMs4AA9Ps
Undertow's url-encoded request path information can be broken on ajp-listener
Ecosystems: maven
Packages: io.undertow:undertow-core
Source: GitHub Advisory Database
Blast Radius: 27.9
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS1oY3I3LWNxd2MtcTVncc4AA9OR
Apache Superset server arbitrary file read
Ecosystems: pypi
Packages: apache-superset
Source: GitHub Advisory Database
Blast Radius: 9.1
Published: 5 months ago
High
GSA_kwCzR0hTQS1jcGN4LXIyZ3EteDg5M84AA9Nu
LocalAI path traversal vulnerability
Ecosystems: go
Packages: github.com/go-skynet/LocalAI
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS05aGN2LWo5cHYtcW1waM4AA9LE
TinyMCE Cross-Site Scripting (XSS) vulnerability using noneditable_regexp option
Ecosystems: pypi, packagist, nuget, npm
Packages: django-tinymce, tinymce/tinymce, TinyMCE, tinymce
Source: GitHub Advisory Database
Blast Radius: 64.7
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS13OWp4LTRnNmctcnA3eM4AA9LD
TinyMCE Cross-Site Scripting (XSS) vulnerability using noscript elements
Ecosystems: pypi, packagist, nuget, npm
Packages: django-tinymce, tinymce/tinymce, TinyMCE, tinymce
Source: GitHub Advisory Database
Blast Radius: 64.7
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS0yNWhjLXFjZzYtMzh3as4AA9LC
socket.io has an unhandled 'error' event
Ecosystems: npm
Packages: socket.io
Source: GitHub Advisory Database
Blast Radius: 44.8
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS14NGdwLXBxcGotZjQzcc4AA9KH
curve25519-dalek has timing variability in `curve25519-dalek`'s `Scalar29::sub`/`Scalar52::sub`
Ecosystems: cargo
Packages: curve25519-dalek
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS0zNTZnLTd4MzYtN20zNM4AA9J-
Moodle CSRF risks due to misuse of confirm_sesskey
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 7.6
Published: 5 months ago
High
GSA_kwCzR0hTQS1wN3I4LTd3ODctOGc0Ns4AA9J9
Dolibarr arbitrary file upload vulnerability
Ecosystems: packagist
Packages: dolibarr/dolibarr
Source: GitHub Advisory Database
Blast Radius: 6.8
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS1wMmNqLTg2djQtNzc4Ms4AA9KA
Moodle HTTP authorization header is preserved between "emulated redirects"
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 10.6
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS1wNWNnLTZyZnItNm14OM4AA9KE
Moodle stored XSS via calendar's event title when deleting the event
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 8.6
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS14Mjl4LXF3dngtZnhyMs4AA9KB
Moodle BigBlueButton web service leaks meeting joining information
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 6.1
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS1yODJ3LTNwaGctcXZyNM4AA9KF
Moodle uses the same key for QR login and auto-login
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 9.2
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS1tOTN3LTRmeHYtcjM1ds4AA9J3
PocketBase performs password auth and OAuth2 unverified email linking
Ecosystems: go
Packages: github.com/pocketbase/pocketbase
Source: GitHub Advisory Database
Blast Radius: 9.2
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS1ocGNnLXhqcTUtZzY2Ns4AA9Jv
Minder affected by denial of service from maliciously configured Git repository
Ecosystems: go
Packages: github.com/stacklok/minder
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 5 months ago
High
GSA_kwCzR0hTQS1xNmM3LTU2Y3EtZzJ3bc4AA9I6
Rancher's RKE1 Encryption Config kept in plain-text within cluster AppliedSpec
Ecosystems: go
Packages: github.com/rancher/rancher
Source: GitHub Advisory Database
Blast Radius: 10.4
Published: 5 months ago
High
GSA_kwCzR0hTQS02NGpxLW03cnEtNzY4aM4AA9I7
Rancher's External RoleTemplates can lead to privilege escalation
Ecosystems: go
Packages: github.com/rancher/rancher
Source: GitHub Advisory Database
Blast Radius: 10.6
Published: 5 months ago
Critical
GSA_kwCzR0hTQS02Z3I0LTUydzYtdm1xeM4AA9I5
rke's credentials are stored in the RKE1 Cluster state ConfigMap
Ecosystems: go
Packages: github.com/rancher/rke
Source: GitHub Advisory Database
Blast Radius: 21.2
Published: 5 months ago
High
GSA_kwCzR0hTQS05Z2hoLW1tY3EtOHBoY84AA9I4
Rancher does not automatically clean up a user deleted or disabled from the configured Authentication Provider
Ecosystems: go
Packages: github.com/rancher/rancher
Source: GitHub Advisory Database
Blast Radius: 14.1
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS1wMzZyLXF4Z3gtanEyds4AA9I3
Lobe Chat API Key Leak
Ecosystems: npm
Packages: @lobehub/chat
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS00Z200LWM0bWgtNHA3d84AA9I2
Firefly III has a MFA bypass in oauth flow
Ecosystems: packagist
Packages: grumpydictator/firefly-iii
Source: GitHub Advisory Database
Blast Radius: 4.1
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS0zNGpoLXA5N2YtbXB4Zs4AA9I1
urllib3's Proxy-Authorization request header isn't stripped during cross-origin redirects
Ecosystems: pypi
Packages: urllib3
Source: GitHub Advisory Database
Blast Radius: 24.8
Published: 5 months ago
High
GSA_kwCzR0hTQS1xMnh4LWY4cjMtOW1nNc4AA9It
STRIMZI incorrect access control
Ecosystems: maven
Packages: io.strimzi:strimzi
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 5 months ago
High
GSA_kwCzR0hTQS0zajRoLWgzZnAtdnd3d84AA9Il
LNbits improperly handles potential network and payment failures when using Eclair backend
Ecosystems: pypi
Packages: lnbits
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 5 months ago
Critical
GSA_kwCzR0hTQS13ODc3LWpmdzctNDZyas4AA9Ik
DeepJavaLibrary API absolute path traversal
Ecosystems: maven
Packages: ai.djl:api
Source: GitHub Advisory Database
Blast Radius: 20.7
Published: 5 months ago
High
GSA_kwCzR0hTQS0zaDV2LXE5M2MtNmg2cc4AA9Ij
ws affected by a DoS when handling a request with many HTTP headers
Ecosystems: npm
Packages: ws
Source: GitHub Advisory Database
Blast Radius: 44.7
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS1tajRwLWdtaHItOTJnM84AA9IS
@akbr/update Prototype Pollution
Ecosystems: npm
Packages: @akbr/update
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 5 months ago
High
GSA_kwCzR0hTQS1xajg2LXY2bTctNHF2Ms4AA9Ii
Object Resolver Prototype Pollution
Ecosystems: npm
Packages: @apphp/object-resolver
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS1qOHB4LXBqbXAtMzI1Zs4AA9IZ
flatten-json Prototype Pollution
Ecosystems: npm
Packages: @allanlancioni/flatten-json
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 5 months ago
Statistics
Advisories: 20,713
Packages: 9,066
Repositories: 5,542
Ecosystems: 12
Filter by Severity
Moderate 8,860 High 7,285 Critical 3,071 Low 1,148
Filter by Ecosystem
maven 5,870 packagist 4,634 pypi 4,392 npm 3,814 go 2,299 nuget 1,552 cargo 888 rubygems 880 swift 33 hex 32 actions 20 pub 9
Filter by Package
tensorflow 433 tensorflow-gpu 427 tensorflow-cpu 423 moodle/moodle 367 Microsoft.ChakraCore 247 magento/community-edition 235 org.jenkins-ci.main:jenkins-core 193 typo3/cms 174 org.apache.tomcat:tomcat 132 pimcore/pimcore 118 dolibarr/dolibarr 113 typo3/cms-core 106 Django 100 microweber/microweber 94 drupal/core 92 phpmyadmin/phpmyadmin 92 apache-airflow 85 silverstripe/framework 85 drupal/drupal 78 librenms/librenms 74 Plone 72 thorsten/phpmyfaq 70 com.fasterxml.jackson.core:jackson-databind 69 symfony/symfony 69 github.com/usememos/memos 64 ansible 63 github.com/mattermost/mattermost/server/v8 61 actionpack 60 concrete5/concrete5 60 salt 56 org.apache.struts:struts2-core 55 shopware/platform 52 apache-superset 51 org.keycloak:keycloak-core 51 github.com/grafana/grafana 49 baserproject/basercms 47 nova 47 mlflow 46 craftcms/cms 46 com.liferay.portal:release.portal.bom 46 django 44 nokogiri 43 rdiffweb 42 plone 41 shopware/core 40 showdoc/showdoc 40 intelliants/subrion 39 org.apache.tomcat.embed:tomcat-embed-core 38 vyper 38 github.com/rancher/rancher 38 froxlor/froxlor 38 github.com/mattermost/mattermost-server/v6 37 com.thoughtworks.xstream:xstream 37 mautic/core 37 org.xwiki.platform:xwiki-platform-oldcore 37 github.com/hashicorp/vault 37 nilsteampassnet/teampass 37 org.keycloak:keycloak-services 36 org.elasticsearch:elasticsearch 36 k8s.io/kubernetes 36 com.jfinal:jfinal 36 net.mingsoft:ms-mcms 35 matrix-synapse 35 snipe/snipe-it 35 moin 35 io.undertow:undertow-core 34 gradio 34 zendframework/zendframework1 34 github.com/answerdev/answer 34 org.jenkins-ci.plugins:script-security 33 keystone 32 opencv-contrib-python 31 parse-server 31 github.com/argoproj/argo-cd 31 opencv-python 31 Pillow 31 shopware/shopware 30 getgrav/grav 29 github.com/docker/docker 29 github.com/hashicorp/consul 29 github.com/hashicorp/nomad 28 mediawiki/core 28 centreon/centreon 27 github.com/argoproj/argo-cd/v2 27 electron 26 openssl-src 26 directus 26 prestashop/prestashop 26 pillow 26 github.com/cilium/cilium 25 rubygems-update 25 org.keycloak:keycloak-parent 25 org.apache.solr:solr-core 25 gogs.io/gogs 25 org.springframework.security:spring-security-core 24 contao/core-bundle 24 magento/core 24 org.eclipse.jetty:jetty-server 24 puppet 23 zendframework/zendframework 23 grumpydictator/firefly-iii 23 rack 23 remdex/livehelperchat 23 simplesamlphp/simplesamlphp 23 pocketmine/pocketmine-mp 23 tribalsystems/zenario 22 org.bouncycastle:bcprov-jdk14 22 ckb 22 getkirby/cms 22 Microsoft.AspNetCore.App.Runtime.win-x86 21 org.apache.openmeetings:openmeetings-parent 21 Microsoft.AspNetCore.App.Runtime.win-x64 21 org.apache.nifi:nifi 21 @openzeppelin/contracts-upgradeable 21 glance 21 activerecord 21 langchain 20 github.com/ethereum/go-ethereum 20 Microsoft.AspNetCore.App.Runtime.win-arm 20 laravel/framework 20 org.cloudfoundry.identity:cloudfoundry-identity-server 20 funadmin/funadmin 20 code.gitea.io/gitea 20 @openzeppelin/contracts 20 org.springframework:spring-core 19 wasmtime 19 org.xwiki.platform:xwiki-platform-web-templates 19 contao/contao 19 DotNetNuke.Core 19 github.com/goharbor/harbor 19 Microsoft.AspNetCore.App.Runtime.linux-arm 18 Microsoft.AspNetCore.App.Runtime.linux-arm64 18 golang.org/x/net 18 Microsoft.AspNetCore.App.Runtime.linux-musl-x64 18 Microsoft.AspNetCore.App.Runtime.linux-x64 18 next 18 Microsoft.AspNetCore.App.Runtime.osx-x64 18 github.com/traefik/traefik/v2 18 mercurial 18 topthink/framework 18 mindsdb 18 cobbler 18 cockpit-hq/cockpit 18 forkcms/forkcms 18 Microsoft.AspNetCore.App.Runtime.win-arm64 18 com.vaadin:vaadin-bom 18 com.liferay.portal:release.dxp.bom 18 notebook 17 cakephp/cakephp 17 symfony/security 17 genix/cms 17 opencart/opencart 17 Microsoft.AspNetCore.App.Runtime.linux-musl-arm64 17 francoisjacquet/rosariosis 17 ezsystems/ezpublish-kernel 17 org.apache.geode:geode-core 17 helm.sh/helm/v3 17 org.apache.activemq:activemq-client 16 phpbb/phpbb 16 openmage/magento-lts 16 typo3/cms-backend 16 org.apache.dubbo:dubbo 16 cryptography 16 org.bouncycastle:bcprov-jdk15 16 tinymce 16 neutron 16 PaddlePaddle 16 paddlepaddle 16 pyload-ng 16 yetiforce/yetiforce-crm 16 rusqlite 16 sequelize 16 org.apache.jspwiki:jspwiki-main 16 github.com/zitadel/zitadel 16 surrealdb 15 ckeditor4 15 OctoPrint 15 ghost 15 org.apache.struts.xwork:xwork-core 15 smarty/smarty 15 symfony/security-http 15 ec-cube/ec-cube 15 october/system 15 ethyca-fides 15 calibreweb 15 aiohttp 14 dompdf/dompdf 14 bolt/bolt 14 github.com/containerd/containerd 14 feehi/cms 14 github.com/nats-io/nats-server/v2 14 silverstripe/cms 14 activesupport 14 org.xwiki.platform:xwiki-platform-web 14 camaleon_cms 14 pyftpdlib 14 publify_core 14 swagger-ui 14 joplin 14 phpmailer/phpmailer 14
Filter by Repository
https://github.com/tensorflow/tensorflow 433 https://github.com/moodle/moodle 218 https://github.com/chakra-core/ChakraCore 214 https://github.com/xwiki/xwiki-platform 183 https://github.com/jenkinsci/jenkins 150 https://github.com/pimcore/pimcore 113 https://github.com/django/django 113 https://github.com/apache/tomcat 101 https://github.com/apache/airflow 100 https://github.com/microweber/microweber 88 https://github.com/keycloak/keycloak 74 https://github.com/TYPO3/typo3 74 https://github.com/FasterXML/jackson-databind 70 https://github.com/thorsten/phpmyfaq 69 https://github.com/librenms/librenms 66 https://github.com/usememos/memos 64 https://github.com/symfony/symfony 64 https://github.com/silverstripe/silverstripe-framework 64 https://github.com/rails/rails 59 https://github.com/ansible/ansible 58 https://github.com/Dolibarr/dolibarr 56 https://github.com/kubernetes/kubernetes 53 https://github.com/python-pillow/Pillow 52 https://github.com/apache/struts 46 https://github.com/spring-projects/spring-framework 45 https://github.com/shopware/platform 43 https://github.com/argoproj/argo-cd 42 https://github.com/ikus060/rdiffweb 42 https://github.com/grafana/grafana 41 https://github.com/concretecms/concretecms 41 https://github.com/phpmyadmin/phpmyadmin 38 https://github.com/vyperlang/vyper 38 https://github.com/star7th/showdoc 38 https://github.com/magento/magento2 38 https://github.com/plone/Products.CMFPlone 37 https://github.com/openstack/nova 37 https://github.com/x-stream/xstream 37 https://github.com/octobercms/october 35 https://github.com/mautic/mautic 35 https://github.com/craftcms/cms 34 https://github.com/rancher/rancher 34 https://github.com/answerdev/answer 34 https://github.com/saltstack/salt 34 https://github.com/apache/activemq 33 https://github.com/dotnet/runtime 33 https://github.com/opencv/opencv 32 https://github.com/go-gitea/gitea 32 https://github.com/sparklemotion/nokogiri 32 https://github.com/matrix-org/synapse 32 https://github.com/parse-community/parse-server 31 https://github.com/gradio-app/gradio 31 https://github.com/PaddlePaddle/Paddle 31 https://github.com/mlflow/mlflow 30 https://github.com/snipe/snipe-it 30 https://github.com/openstack/keystone 28 https://github.com/shopware/shopware 28 https://github.com/CVEProject/cvelist 28 https://github.com/apache/inlong 27 https://github.com/baserproject/basercms 26 https://github.com/froxlor/froxlor 26 https://github.com/github/advisory-database 25 https://github.com/contao/contao 25 https://github.com/cilium/cilium 25 https://github.com/directus/directus 25 https://github.com/umbraco/Umbraco-CMS 25 https://github.com/electron/electron 25 https://github.com/strapi/strapi 24 https://github.com/gogs/gogs 24 https://github.com/TYPO3/TYPO3.CMS 24 https://github.com/getgrav/grav 24 https://github.com/apache/nifi 23 https://github.com/livehelperchat/livehelperchat 23 https://github.com/firefly-iii/firefly-iii 23 https://github.com/pmmp/PocketMine-MP 23 https://github.com/eclipse/jetty.project 23 https://github.com/PrestaShop/PrestaShop 22 https://github.com/langchain-ai/langchain 22 https://github.com/hashicorp/consul 22 https://github.com/nervosnetwork/ckb 22 https://github.com/jenkinsci/script-security-plugin 21 https://github.com/apache/cxf 21 https://github.com/netty/netty 21 https://github.com/OpenNMS/opennms 20 https://github.com/undertow-io/undertow 20 https://github.com/jeecgboot/jeecg-boot 20 https://github.com/funadmin/funadmin 20 https://github.com/simplesamlphp/simplesamlphp 20 https://github.com/bytecodealliance/wasmtime 20 https://github.com/OpenZeppelin/openzeppelin-contracts 20 https://github.com/getkirby/kirby 19 https://github.com/bcgit/bc-java 19 https://github.com/nilsteampassnet/teampass 19 https://github.com/cloudfoundry/uaa 19 https://github.com/zitadel/zitadel 19 https://github.com/goharbor/harbor 19 https://github.com/nilsteampassnet/TeamPass 18 https://github.com/intelliants/subrion 18 https://github.com/rubygems/rubygems 18 https://github.com/traefik/traefik 18 https://github.com/helm/helm 18 https://github.com/rack/rack 18 https://github.com/geoserver/geoserver 18 https://github.com/hashicorp/vault 17 https://github.com/liufee/cms 17 https://github.com/opencast/opencast 17 https://github.com/moby/moby 17 https://github.com/vaadin/platform 17 https://github.com/mindsdb/mindsdb 17 https://github.com/pyload/pyload 16 https://github.com/OpenMage/magento-lts 16 https://github.com/TYPO3-CMS/core 16 https://github.com/tinymce/tinymce 16 https://github.com/yetiforcecompany/yetiforcecrm 16 https://github.com/rusqlite/rusqlite 16 https://github.com/etcd-io/etcd 16 https://github.com/mattermost/mattermost 16 https://github.com/ethereum/go-ethereum 16 https://github.com/sequelize/sequelize 16 https://github.com/laravel/framework 16 https://github.com/backstage/backstage 16 https://github.com/forkcms/forkcms 16 https://github.com/puppetlabs/puppet 15 https://github.com/denoland/deno 15 https://github.com/apache/camel 15 https://github.com/cobbler/cobbler 15 https://github.com/PHPMailer/PHPMailer 15 https://github.com/pyca/cryptography 15 https://github.com/decidim/decidim 15 https://github.com/zendframework/zendframework 15 https://github.com/dompdf/dompdf 15 https://github.com/surrealdb/surrealdb 15 https://github.com/centreon/centreon 15 https://github.com/vantage6/vantage6 15 https://github.com/ethyca/fides 15 https://github.com/ckeditor/ckeditor4 14 https://github.com/aio-libs/aiohttp 14 https://github.com/containerd/containerd 14 https://github.com/hashicorp/nomad 14 https://github.com/dotnet/aspnetcore 14 https://github.com/cockpit-hq/cockpit 14 https://github.com/janeczku/calibre-web 14 https://github.com/xuxueli/xxl-job 14 https://github.com/vercel/next.js 14 https://github.com/twisted/twisted 14 https://github.com/OPCFoundation/UA-.NETStandard 13 https://github.com/nodejs/undici 13 https://github.com/publify/publify 13 https://github.com/quarkusio/quarkus 13 https://github.com/ming-soft/MCMS 13 https://github.com/OpenRefine/OpenRefine 13 https://github.com/laurent22/joplin 13 https://github.com/modoboa/modoboa 13 https://github.com/dromara/hutool 13 https://github.com/swagger-api/swagger-ui 13 https://github.com/golang/go 13 https://github.com/TryGhost/Ghost 13 https://github.com/apache/dolphinscheduler 13 https://github.com/urllib3/urllib3 12 https://github.com/smarty-php/smarty 12 https://github.com/pimcore/admin-ui-classic-bundle 12 https://github.com/openfga/openfga 12 https://github.com/1Panel-dev/1Panel 12 https://github.com/PHPOffice/PhpSpreadsheet 12 https://github.com/opencontainers/runc 12 https://github.com/wagtail/wagtail 12 https://github.com/centreon/centreon-archived 12 https://github.com/apache/kylin 12 https://github.com/patriksimek/vm2 12 https://github.com/openstack/glance 12 https://github.com/containers/podman 12 https://github.com/puma/puma 12 https://github.com/yiisoft/yii2 11 https://github.com/scrapy/scrapy 11 https://github.com/Studio-42/elFinder 11 https://github.com/nats-io/nats-server 11 https://github.com/top-think/framework 11 https://github.com/igniterealtime/Openfire 11 https://github.com/zenml-io/zenml 11 https://github.com/drupal/core 11 https://github.com/matrix-org/matrix-js-sdk 11 https://github.com/thorsten/phpMyFAQ 11 https://github.com/dolibarr/dolibarr 11 https://github.com/cloudflare/cfrpki 11 https://github.com/pomerium/pomerium 11 https://github.com/spring-projects/spring-security 11 https://github.com/dpgaspar/Flask-AppBuilder 11 https://github.com/vaadin/flow 11 https://github.com/owen2345/camaleon-cms 11 https://github.com/onionshare/onionshare 11 https://github.com/Pylons/waitress 11 https://github.com/cakephp/cakephp 11 https://github.com/NodeBB/NodeBB 11 https://github.com/getsentry/sentry 11 https://github.com/ezsystems/ezpublish-kernel 11 https://github.com/Sylius/Sylius 11 https://github.com/WWBN/AVideo 11 https://github.com/codeigniter4/CodeIgniter4 10 https://github.com/phusion/passenger 10 https://github.com/cri-o/cri-o 10