Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories

Browse all Security Advisories for

Loading...
High
GSA_kwCzR0hTQS1xajg2LXY2bTctNHF2Ms4AA9Ii
Object Resolver Prototype Pollution
Ecosystems: npm
Packages: @apphp/object-resolver
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 5 months ago
High
GSA_kwCzR0hTQS02OXIyLTJmZzctN2hmOc4AA9IR
Badger Database Prototype Pollution
Ecosystems: npm
Packages: @abw/badger-database
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS00eGczLTd3N3EtODU2cc4AA9IO
object-deep-assign Prototype Pollution
Ecosystems: npm
Packages: @alexbinary/object-deep-assign
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS1mZzUyLTVqamotMjhoN84AA9IK
@cdr0/sg Prototype Pollution
Ecosystems: npm
Packages: @cdr0/sg
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS1odzJjLTh4Z3ctbWY1N84AA9He
SonarQube logs sensitive information
Ecosystems: maven
Packages: org.sonarsource.sonarqube:sonar-web
Source: GitHub Advisory Database
Blast Radius: 1.5
Published: 5 months ago
High
GSA_kwCzR0hTQS13bXZtLTl2cXYtNXFwcM4AA9HZ
langchain_experimental Code Execution via Python REPL access
Ecosystems: pypi
Packages: langchain-experimental
Source: GitHub Advisory Database
Blast Radius: 18.1
Published: 5 months ago
High
GSA_kwCzR0hTQS01NDRyLWZjNjUtdjgzMs4AA9GM
Snipe-IT allows users to promote or demote themselves or other users
Ecosystems: packagist
Packages: snipe/snipe-it
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 5 months ago
Low
GSA_kwCzR0hTQS14Z3FtLXdwN3ctbWdnMs4AA9GA
Mattermost Desktop App allows for bypassing TCC restrictions on macOS
Ecosystems: npm
Packages: mattermost-desktop
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS1odnhnLTc3bWctdnJ2cM4AA9GC
Mattermost Desktop App Remote Code Execution
Ecosystems: npm
Packages: mattermost-desktop
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 5 months ago
Low
GSA_kwCzR0hTQS05eHBqLTYybW0tMjRoMs4AA9GF
Apache Airflow does not return the "Cache-Control" header for dynamic content
Ecosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 5 months ago
High
GSA_kwCzR0hTQS03anA5LXZnbXEtYzhyNc4AA9DO
AdGuardHome privilege escalation vulnerability
Ecosystems: go
Packages: github.com/AdguardTeam/AdGuardHome
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 5 months ago
High
GSA_kwCzR0hTQS04NXJnLThtNmgtODI1cM4AA9DN
Vulnerabilities with the k8sGPT
Ecosystems: go
Packages: github.com/k8sgpt-ai/k8sgpt
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS14MjY4LXFwZzYtdzlnMs4AA9DM
CrateDB has a Client initialized Session-Renegotiation DoS
Ecosystems: maven
Packages: io.crate:crate
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 5 months ago
High
GSA_kwCzR0hTQS13aDc4LTc5NDgtMzU4as4AA9DL
Cilium leaks sensitive information in cilium-bugtool
Ecosystems: go
Packages: github.com/cilium/cilium
Source: GitHub Advisory Database
Blast Radius: 15.9
Published: 5 months ago
High
GSA_kwCzR0hTQS02N2Z2LTlyN2ctNDMyaM4AA9DD
Rhai stack overflow vulenrability
Ecosystems: cargo
Packages: rhai
Source: GitHub Advisory Database
Blast Radius: 17.5
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS00cTIyLTQyMmctbTRwas4AA9C9
Elasticsearch StackOverflow vulnerability
Ecosystems: maven
Packages: org.elasticsearch:elasticsearch
Source: GitHub Advisory Database
Blast Radius: 20.9
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS1qbXFwLXIzZ2ctNmpoM84AA9CS
Magento Open Source Server-Side Request Forgery (SSRF) vulnerability
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 7.0
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS1yN2NtLWc0Njktd200Z84AA9Bo
Magento Open Source Improper Access Control vulnerability
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 5.7
Published: 5 months ago
Critical
GSA_kwCzR0hTQS1tOGNqLTN2NjgtM2N4as4AA9CN
Magento Open Source affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 10.6
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS1wNmg5LWd4NWctd2c2NM4AA9Bf
Magento Open Source Incorrect Authorization vulnerability
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 5.7
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS01NjMyLXdxN20tZ2ZxOc4AA9CL
Magento Open Source Cross-Site Scripting (XSS) vulnerability
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 5.2
Published: 5 months ago
High
GSA_kwCzR0hTQS13d2ozLTU3M2otcnZ2bc4AA9Ba
Magento Open Source Improper Authorization vulnerability
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 8.8
Published: 5 months ago
Critical
GSA_kwCzR0hTQS1mN3E0LTlnd3YtNjc3NM4AA9Bb
Magento Open Source Improper Authentication vulnerability
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 8.7
Published: 5 months ago
Low
GSA_kwCzR0hTQS0zMmNqLTV3eDQtZ3E4cM4AA8_N
HashiCorp Vault Incorrectly Validated JSON Web Tokens (JWT) Audience Claims
Ecosystems: go
Packages: github.com/hashicorp/vault
Source: GitHub Advisory Database
Blast Radius: 8.8
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS0yaG1mLTQ2djctdjZmeM4AA8_L
gqlparser denial of service vulnerability via the parserDirectives function
Ecosystems: go
Packages: github.com/vektah/gqlparser, github.com/vektah/gqlparser/v2
Source: GitHub Advisory Database
Blast Radius: 21.9
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS1oang2LWY2NDctbXZmOc4AA8_I
Invenio-Communities has a Cross-Site Scripting (XSS) vulnerability in React components
Ecosystems: pypi
Packages: invenio-communities
Source: GitHub Advisory Database
Blast Radius: 9.3
Published: 5 months ago
Low
GSA_kwCzR0hTQS1jcTQyLXZodjcteHI3cM4AA8_H
Keycloak Denial of Service via account lockout
Ecosystems: maven
Packages: org.keycloak:keycloak-services
Source: GitHub Advisory Database
Blast Radius: 10.2
Published: 5 months ago
Low
GSA_kwCzR0hTQS00dmM4LXBnNWMtdmc0eM4AA8_G
Keycloak's improper input validation allows using email as username
Ecosystems: maven
Packages: org.keycloak:keycloak-services
Source: GitHub Advisory Database
Blast Radius: 10.2
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS1jdjIzLXE2Z2gteGZyZs4AA8_F
WooCommerce has a Cross-Site Scripting (XSS) Vulnerability in checkout & registration forms
Ecosystems: packagist
Packages: woocommerce/woocommerce
Source: GitHub Advisory Database
Blast Radius: 11.8
Published: 5 months ago
High
GSA_kwCzR0hTQS13cnZoLXJjbXItOXFmY84AA8_E
@strapi/plugin-users-permissions leaks 3rd party authentication tokens and authentication bypass
Ecosystems: npm
Packages: @strapi/plugin-users-permissions
Source: GitHub Advisory Database
Blast Radius: 24.6
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS1wbTlxLXhqOXAtOTZwbc4AA8_D
@strapi/plugin-upload has a Denial-of-Service via Improper Exception Handling
Ecosystems: npm
Packages: @strapi/plugin-upload
Source: GitHub Advisory Database
Blast Radius: 18.3
Published: 5 months ago
Low
GSA_kwCzR0hTQS02ajg5LWZyeGMtcTI2bc4AA8_C
@strapi/plugin-content-manager leaks data via relations via the Admin Panel
Ecosystems: npm
Packages: @strapi/plugin-content-manager
Source: GitHub Advisory Database
Blast Radius: 7.9
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS1jYzU1LW12cWMtZzltZ84AA8-u
SummerNote Cross Site Scripting Vulnerability
Ecosystems: npm
Packages: summernote
Source: GitHub Advisory Database
Blast Radius: 25.2
Published: 5 months ago
High
GSA_kwCzR0hTQS1ncHJqLTNwNzUtZjk5Ns4AA8-l
Globus `identity_provider` restriction ignored when used with `allow_all` in JupyterHub 5.0
Ecosystems: pypi
Packages: oauthenticator
Source: GitHub Advisory Database
Blast Radius: 17.2
Published: 5 months ago
High
GSA_kwCzR0hTQS12NzRjLXFjNDYtOWdnOc4AA8-d
Apache Submarine Server Core has a SQL Injection Vulnerability
Ecosystems: maven
Packages: org.apache.submarine:submarine-server-core
Source: GitHub Advisory Database
Blast Radius: 7.7
Published: 5 months ago
Critical
GSA_kwCzR0hTQS02cTk3LTh2M2ctcnB4d84AA8-X
Apache Submarine Server Core Incorrect Authorization vulnerability
Ecosystems: pypi, maven
Packages: apache-submarine, org.apache.submarine:submarine-server-core
Source: GitHub Advisory Database
Blast Radius: 8.7
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS00YzdxLW03aGMtcGM5Ms4AA8-U
Elasticsearch Remote Cluster Search Cross Cluster API Key insufficient restrictions
Ecosystems: maven
Packages: org.elasticsearch:elasticsearch
Source: GitHub Advisory Database
Blast Radius: 27.7
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS1qd2NnLXd2NXgtdmczZ84AA8-T
Apache Submarine Commons Utils has a hard-coded secret
Ecosystems: pypi, maven
Packages: apache-submarine, org.apache.submarine:submarine-commons-utils
Source: GitHub Advisory Database
Blast Radius: 6.2
Published: 5 months ago
Critical
GSA_kwCzR0hTQS12cXdyLXE2Y2MtYzI0Ms4AA89T
parisneo/lollms Local File Inclusion (LFI) attack
Ecosystems: pypi
Packages: lollms
Source: GitHub Advisory Database
Blast Radius: 5.5
Published: 6 months ago
Critical
GSA_kwCzR0hTQS1mdmNxLTR4NjQtaHF4cs4AA880
Jupyter Server Proxy has a reflected XSS issue in host parameter
Ecosystems: pypi
Packages: jupyter-server-proxy
Source: GitHub Advisory Database
Blast Radius: 25.8
Published: 6 months ago
Critical
GSA_kwCzR0hTQS12NWdmLXI3OGgtNTVxNs4AA88z
document-merge-service vulnerable to Remote Code Execution via Server-Side Template Injection
Ecosystems: pypi
Packages: document-merge-service
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 6 months ago
High
GSA_kwCzR0hTQS0yY3d3LWZnbWctNGpxY84AA88y
Keycloak's admin API allows low privilege users to use administrative functions
Ecosystems: maven
Packages: org.keycloak:keycloak-services
Source: GitHub Advisory Database
Blast Radius: 22.3
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS03am13LTgyNTktcTlqeM4AA88x
Traefik has unexpected behavior with IPv4-mapped IPv6 addresses
Ecosystems: go
Packages: github.com/traefik/traefik, github.com/traefik/traefik/v2, github.com/traefik/traefik/v3
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
High
GSA_kwCzR0hTQS0zMmY4LWhtcjMtN3Z4Z84AA88T
Azure Storage Movement Client Library Denial of Service Vulnerability
Ecosystems: nuget
Packages: Microsoft.Azure.Storage.DataMovement
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS1tNXZ2LTZyNGgtM3ZqOc4AA88w
Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability
Ecosystems: nuget, maven, npm, go, pypi
Packages: Microsoft.Identity.Client, com.microsoft.azure:msal4j, @azure/msal-node, Azure.Identity, github.com/Azure/azure-sdk-for-go/sdk/azidentity, com.azure:azure-identity, @azure/identity, azure-identity
Source: GitHub Advisory Database
Blast Radius: 78.6
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS03djV2LTloNjMtY2o4Ns4AA85H
@grpc/grpc-js can allocate memory for incoming messages well above configured limits
Ecosystems: npm
Packages: @grpc/grpc-js
Source: GitHub Advisory Database
Blast Radius: 28.5
Published: 6 months ago
High
GSA_kwCzR0hTQS12dmhqLXY4OGYtNWd4cs4AA85G
ghtml Cross-Site Scripting (XSS) vulnerability
Ecosystems: npm
Packages: ghtml
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 6 months ago
High
GSA_kwCzR0hTQS00N2Y2LTVncTMtdng5Y84AA85F
Composer has a command injection via malicious git branch name
Ecosystems: packagist
Packages: composer/composer
Source: GitHub Advisory Database
Blast Radius: 40.0
Published: 6 months ago
High
GSA_kwCzR0hTQS12OXF2LWM3d20td2dtZs4AA85E
Composer has multiple command injections via malicious git/hg branch names
Ecosystems: packagist
Packages: composer/composer
Source: GitHub Advisory Database
Blast Radius: 40.0
Published: 6 months ago
High
GSA_kwCzR0hTQS1xZzMzLXgyYzUtNnA0NM4AA84o
Langflow remote code execution vulnerability
Ecosystems: pypi
Packages: langflow
Source: GitHub Advisory Database
Blast Radius: 9.2
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS14bW14LTdqcGYtZng0Ms4AA84W
Moby (Docker Engine) is vulnerable to Ambiguous OCI manifest parsing
Ecosystems: go
Packages: github.com/moby/moby, github.com/docker/docker
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS05OXBnLWdybTUtcXEzds4AA84V
Docker CLI leaks private registry credentials to registry-1.docker.io
Ecosystems: go
Packages: github.com/docker/cli
Source: GitHub Advisory Database
Blast Radius: 22.8
Published: 6 months ago
Low
GSA_kwCzR0hTQS12OTk0LWY4dnctZzdqNM4AA84U
`docker cp` allows unexpected chmod of host files in Moby Docker Engine
Ecosystems: go
Packages: github.com/docker/docker
Source: GitHub Advisory Database
Blast Radius: 12.9
Published: 6 months ago
High
GSA_kwCzR0hTQS02OWZwLTdjOHAtY3Jqcs4AA84T
Keycloak exposes sensitive information in Pushed Authorization Requests (PAR)
Ecosystems: maven
Packages: org.keycloak:keycloak-services
Source: GitHub Advisory Database
Blast Radius: 20.6
Published: 6 months ago
High
GSA_kwCzR0hTQS04N205LXJ2OHAtcmdtZ84AA84S
go-grpc-compression has a zstd decompression bombing vulnerability
Ecosystems: go
Packages: github.com/mostynb/go-grpc-compression
Source: GitHub Advisory Database
Blast Radius: 20.3
Published: 6 months ago
High
GSA_kwCzR0hTQS1taGo0LXZyY3YteDR4Y84AA83t
nukeviet Deserialization of Untrusted Data vulnerability
Ecosystems: packagist
Packages: nukeviet/nukeviet
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 6 months ago
High
GSA_kwCzR0hTQS01MzU3LWMyangtdjdxaM4AA83F
Authlib has algorithm confusion with asymmetric public keys
Ecosystems: pypi
Packages: authlib
Source: GitHub Advisory Database
Blast Radius: 24.7
Published: 6 months ago
Low
GSA_kwCzR0hTQS05OWhtLTg2aDctZ3IzZ84AA81n
zenml-io/zenml does not expire the session after password reset
Ecosystems: pypi
Packages: zenml
Source: GitHub Advisory Database
Blast Radius: 6.4
Published: 6 months ago
High
GSA_kwCzR0hTQS1yY200LWp2NWctd2Njbc4AA80Y
zfr authentication adapter did not verify validity of tokens
Ecosystems: packagist
Packages: zfr/zfr-oauth2-server-module
Source: GitHub Advisory Database
Blast Radius: 7.2
Published: 6 months ago
High
GSA_kwCzR0hTQS0zeDU3LW01cDQtcmdoNM4AA80X
ZendOpenID potential security issue in login mechanism
Ecosystems: packagist
Packages: zendframework/zendopenid
Source: GitHub Advisory Database
Blast Radius: 7.2
Published: 6 months ago
Critical
GSA_kwCzR0hTQS02ZnF3LWozdm0tN2Y2Ns4AA80W
Zendframework1 Potential SQL injection in ORDER and GROUP functions
Ecosystems: packagist
Packages: zendframework/zendframework1
Source: GitHub Advisory Database
Blast Radius: 28.7
Published: 6 months ago
High
GSA_kwCzR0hTQS04NDhmLW1waDUtOXBtOc4AA80V
Zendframework Potential Information Disclosure and Insufficient Entropy vulnerability
Ecosystems: packagist
Packages: zendframework/zendframework1
Source: GitHub Advisory Database
Blast Radius: 21.9
Published: 6 months ago
High
GSA_kwCzR0hTQS04eGh2LWdxbTQtM3c5Oc4AA80U
ZendFramework1 Potential Insufficient Entropy Vulnerability
Ecosystems: packagist
Packages: zendframework/zendframework1
Source: GitHub Advisory Database
Blast Radius: 21.9
Published: 6 months ago
Critical
GSA_kwCzR0hTQS12NDJnLTdxMngtY3czMs4AA80T
Zendframework1 potential SQL injection vector using null byte for PDO (MsSql, SQLite)
Ecosystems: packagist
Packages: zendframework/zendframework1
Source: GitHub Advisory Database
Blast Radius: 28.7
Published: 6 months ago
High
GSA_kwCzR0hTQS1tZzR4LXByaDctZzRteM4AA80S
Zend-Captcha Information Disclosure and Insufficient Entropy vulnerability
Ecosystems: packagist
Packages: zendframework/zend-captcha
Source: GitHub Advisory Database
Blast Radius: 25.2
Published: 6 months ago
Critical
GSA_kwCzR0hTQS0yeDM2LXFoeDMtN201Zs4AA80R
ZendFramework1 Potential SQL injection in the ORDER implementation of Zend_Db_Select
Ecosystems: packagist
Packages: zendframework/zendframework1
Source: GitHub Advisory Database
Blast Radius: 28.7
Published: 6 months ago
High
GSA_kwCzR0hTQS05djc4LWgyMjYtMnJtcc4AA80Q
Zendframework potential security issue in login mechanism
Ecosystems: packagist
Packages: zendframework/zendframework1
Source: GitHub Advisory Database
Blast Radius: 21.9
Published: 6 months ago
Critical
GSA_kwCzR0hTQS14ODZ4LXFoZjgtZjM3d84AA80P
willdurand/js-translation-bundle potential path traversal attack and remote code injection
Ecosystems: packagist
Packages: willdurand/js-translation-bundle
Source: GitHub Advisory Database
Blast Radius: 24.1
Published: 6 months ago
High
GSA_kwCzR0hTQS05N2g3LW1mMzgtZzltZs4AA80O
Adminer file disclosure vulnerability
Ecosystems: packagist
Packages: vrana/adminer
Source: GitHub Advisory Database
Blast Radius: 14.8
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS03OGhtLTVoanctNThtaM4AA80N
ua-parser/uap-php ReDoS vulnerability
Ecosystems: packagist
Packages: ua-parser/uap-php
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS1xZzdtLW13eG0tajNoN84AA80M
Zend-developer-tools information disclosure vulnerability
Ecosystems: packagist
Packages: zendframework/zend-developer-tools
Source: GitHub Advisory Database
Blast Radius: 16.5
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS00dmY2LW1xN3ctM2hwNs4AA80L
Zend_Filter_StripTags vulnerable to Cross-site Scripting when comments allowed
Ecosystems: packagist
Packages: zendframework/zendframework1
Source: GitHub Advisory Database
Blast Radius: 17.8
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS1mcTRwLTg2aGgtNDJ2Oc4AA80K
Zend-Diactoros URL Rewrite vulnerability
Ecosystems: packagist
Packages: zendframework/zend-diactoros
Source: GitHub Advisory Database
Blast Radius: 21.5
Published: 6 months ago
High
GSA_kwCzR0hTQS02djdwLTVxY3EtMjY4Y84AA80J
Zend-Navigation vulnerable to Cross-site Scripting
Ecosystems: packagist
Packages: zendframework/zend-navigation
Source: GitHub Advisory Database
Blast Radius: 23.7
Published: 6 months ago
High
GSA_kwCzR0hTQS1qbW1wLXZoOTYtNzhybc4AA80I
Zend-Feed URL Rewrite vulnerability
Ecosystems: packagist
Packages: zendframework/zend-feed
Source: GitHub Advisory Database
Blast Radius: 29.0
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS00djU3LXB3dmYteDM1as4AA80H
Zendframework potential Cross-site Scripting vector in `Zend_Service_ReCaptcha_MailHide`
Ecosystems: packagist
Packages: zendframework/zendframework1
Source: GitHub Advisory Database
Blast Radius: 17.8
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS1ndnBwLTZqcmotNXBxY84AA80G
Zend-Form vulnerable to Cross-site Scripting
Ecosystems: packagist
Packages: zendframework/zend-form
Source: GitHub Advisory Database
Blast Radius: 22.0
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS12dm0zLXJ2NDgtajNnNc4AA80F
Zendframework Potential XSS or HTML Injection vector in Zend_Json
Ecosystems: packagist
Packages: zendframework/zendframework1
Source: GitHub Advisory Database
Blast Radius: 17.8
Published: 6 months ago
High
GSA_kwCzR0hTQS1jZzh3LTVqcmMtNjc1Z84AA80E
Zend-HTTP URL Rewrite vulnerability
Ecosystems: packagist
Packages: zendframework/zend-http
Source: GitHub Advisory Database
Blast Radius: 28.8
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS13NW1qLWo0NXEtbTYzOM4AA80D
ZendFramework1 Potential Security Issues in Bundled Dojo Library
Ecosystems: packagist
Packages: zendframework/zendframework1
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
Critical
GSA_kwCzR0hTQS04eDJ2LXBjZzctOTRmNM4AA80C
Zend-JSON vulnerable to XXE/XEE attacks
Ecosystems: packagist
Packages: zendframework/zend-json
Source: GitHub Advisory Database
Blast Radius: 40.0
Published: 6 months ago
High
GSA_kwCzR0hTQS0yMjl4LTIyeGMtMmYyd84AA80B
Zendframework Local file disclosure via XXE injection in Zend_XmlRpc
Ecosystems: packagist
Packages: zendframework/zendframework1
Source: GitHub Advisory Database
Blast Radius: 25.2
Published: 6 months ago
High
GSA_kwCzR0hTQS0yang3LXhnODMtajJtN84AA80A
Zendframework Denial of Service vector via XEE injection
Ecosystems: packagist
Packages: zendframework/zendframework1
Source: GitHub Advisory Database
Blast Radius: 21.9
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS1nd3BtLXBtNngtaDdyas4AA8z_
ZendFramework Cross-site Scripting vector in `Zend_Filter_StripTags`
Ecosystems: packagist
Packages: zendframework/zendframework1
Source: GitHub Advisory Database
Blast Radius: 17.8
Published: 6 months ago
High
GSA_kwCzR0hTQS13aGY0LWZwajgtcGdnOM4AA8z1
ebookmeta XML External Entity vulnerability
Ecosystems: pypi
Packages: ebookmeta
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: 6 months ago
High
GSA_kwCzR0hTQS1oeDU0LXBmMjgtN3hjaM4AA8z8
ebookmeta XML External Entity vulnerability
Ecosystems: pypi
Packages: ebookmeta
Source: GitHub Advisory Database
Blast Radius: 2.7
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS05NmM2LW05OHgtaHhqeM4AA8zy
Zend-Session session validation vulnerability
Ecosystems: packagist
Packages: zendframework/zend-session
Source: GitHub Advisory Database
Blast Radius: 22.9
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS1nNTJwLTg2ajUteHI4cc4AA8zx
ZendFramework Potential Cross-site Scripting in Development Environment Error View Script
Ecosystems: packagist
Packages: zendframework/zendframework1
Source: GitHub Advisory Database
Blast Radius: 17.8
Published: 6 months ago
High
GSA_kwCzR0hTQS1jeGY3LW01ZzItdjU5NM4AA8zw
Zend-Mail remote code execution in zend-mail via Sendmail adapter
Ecosystems: packagist
Packages: zendframework/zend-mail
Source: GitHub Advisory Database
Blast Radius: 30.3
Published: 6 months ago
Critical
GSA_kwCzR0hTQS1taHB4LTNydjgtd3Jqbc4AA8zv
ZendFramework potential XML eXternal Entity injection vectors
Ecosystems: packagist
Packages: zendframework/zendframework1
Source: GitHub Advisory Database
Blast Radius: 28.7
Published: 6 months ago
High
GSA_kwCzR0hTQS00ajl4LWc0eDgtdmNtZs4AA8zu
ZendFramework potential XML eXternal Entity injection vectors
Ecosystems: packagist
Packages: zendframework/zendframework1
Source: GitHub Advisory Database
Blast Radius: 21.9
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS1oZzM1LXZxcDMtZnYzOc4AA8zt
ZendFramework potential Cross-site Scripting vectors due to inconsistent encodings
Ecosystems: packagist
Packages: zendframework/zendframework1
Source: GitHub Advisory Database
Blast Radius: 17.8
Published: 6 months ago
Critical
GSA_kwCzR0hTQS1xZjM2LWZ4OWYtMjMyeM4AA8zs
ZendFramework potential SQL Injection Vector When Using PDO_MySql
Ecosystems: packagist
Packages: zendframework/zendframework1
Source: GitHub Advisory Database
Blast Radius: 28.7
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS1qNTQzLXZnMzMtZzZ2as4AA8zr
ZendFramework potential Cross-site Scripting vector in `Zend_Dojo_View_Helper_Editor`
Ecosystems: packagist
Packages: zendframework/zendframework1
Source: GitHub Advisory Database
Blast Radius: 17.8
Published: 6 months ago
Critical
GSA_kwCzR0hTQS1mNGZqLXE2bTQtY2M1Ms4AA8zq
ZendFramework vulnerable to XXE/XEE attacks
Ecosystems: packagist
Packages: zendframework/zend-xmlrpc
Source: GitHub Advisory Database
Blast Radius: 29.9
Published: 6 months ago
High
GSA_kwCzR0hTQS1oeDNtLTk1OWYtdjg0Oc4AA8zp
ZendFramework local file inclusion vector in `Zend_View::setScriptPath()` and `render()`
Ecosystems: packagist
Packages: zendframework/zendframework1
Source: GitHub Advisory Database
Blast Radius: 21.9
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS1tN2hyLWo4NjctM2YzNM4AA8zo
ZendFramework has potential Cross-site Scripting vector in multiple view helpers
Ecosystems: packagist
Packages: zendframework/zend-view
Source: GitHub Advisory Database
Blast Radius: 22.6
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS1maDdyLTU4cTQtNjM4N84AA8zn
Zendframework URL Rewrite vulnerability
Ecosystems: packagist
Packages: zendframework/zendframework
Source: GitHub Advisory Database
Blast Radius: 18.3
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS01Z21mLTNjNDMtcTczds4AA8zm
ZendFramework vulnerable to Cross-site Scripting
Ecosystems: packagist
Packages: zendframework/zendframework
Source: GitHub Advisory Database
Blast Radius: 23.8
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS1nZmYyLXA2dm0tM3A4Z84AA8zl
ZendFramework potential remote code execution in zend-mail via Sendmail adapter
Ecosystems: packagist
Packages: zendframework/zendframework
Source: GitHub Advisory Database
Blast Radius: 25.4
Published: 6 months ago
Statistics
Advisories: 20,713
Packages: 9,066
Repositories: 5,542
Ecosystems: 12
Filter by Severity
Moderate 8,860 High 7,285 Critical 3,071 Low 1,148
Filter by Ecosystem
maven 5,870 packagist 4,634 pypi 4,392 npm 3,814 go 2,299 nuget 1,552 cargo 888 rubygems 880 swift 33 hex 32 actions 20 pub 9
Filter by Package
tensorflow 433 tensorflow-gpu 427 tensorflow-cpu 423 moodle/moodle 367 Microsoft.ChakraCore 247 magento/community-edition 235 org.jenkins-ci.main:jenkins-core 193 typo3/cms 174 org.apache.tomcat:tomcat 132 pimcore/pimcore 118 dolibarr/dolibarr 113 typo3/cms-core 106 Django 100 microweber/microweber 94 drupal/core 92 phpmyadmin/phpmyadmin 92 apache-airflow 85 silverstripe/framework 85 drupal/drupal 78 librenms/librenms 74 Plone 72 thorsten/phpmyfaq 70 symfony/symfony 69 com.fasterxml.jackson.core:jackson-databind 69 github.com/usememos/memos 64 ansible 63 github.com/mattermost/mattermost/server/v8 61 concrete5/concrete5 60 actionpack 60 salt 56 org.apache.struts:struts2-core 55 shopware/platform 52 org.keycloak:keycloak-core 51 apache-superset 51 github.com/grafana/grafana 49 baserproject/basercms 47 nova 47 mlflow 46 com.liferay.portal:release.portal.bom 46 craftcms/cms 46 django 44 nokogiri 43 rdiffweb 42 plone 41 showdoc/showdoc 40 shopware/core 40 intelliants/subrion 39 org.apache.tomcat.embed:tomcat-embed-core 38 froxlor/froxlor 38 vyper 38 github.com/rancher/rancher 38 org.xwiki.platform:xwiki-platform-oldcore 37 github.com/mattermost/mattermost-server/v6 37 github.com/hashicorp/vault 37 nilsteampassnet/teampass 37 com.thoughtworks.xstream:xstream 37 mautic/core 37 k8s.io/kubernetes 36 org.keycloak:keycloak-services 36 org.elasticsearch:elasticsearch 36 com.jfinal:jfinal 36 matrix-synapse 35 net.mingsoft:ms-mcms 35 moin 35 snipe/snipe-it 35 gradio 34 zendframework/zendframework1 34 io.undertow:undertow-core 34 github.com/answerdev/answer 34 org.jenkins-ci.plugins:script-security 33 keystone 32 github.com/argoproj/argo-cd 31 opencv-contrib-python 31 Pillow 31 parse-server 31 opencv-python 31 shopware/shopware 30 github.com/docker/docker 29 github.com/hashicorp/consul 29 getgrav/grav 29 github.com/hashicorp/nomad 28 mediawiki/core 28 centreon/centreon 27 github.com/argoproj/argo-cd/v2 27 pillow 26 directus 26 prestashop/prestashop 26 electron 26 openssl-src 26 rubygems-update 25 org.apache.solr:solr-core 25 github.com/cilium/cilium 25 org.keycloak:keycloak-parent 25 gogs.io/gogs 25 contao/core-bundle 24 magento/core 24 org.eclipse.jetty:jetty-server 24 org.springframework.security:spring-security-core 24 simplesamlphp/simplesamlphp 23 rack 23 grumpydictator/firefly-iii 23 puppet 23 pocketmine/pocketmine-mp 23 remdex/livehelperchat 23 zendframework/zendframework 23 org.bouncycastle:bcprov-jdk14 22 ckb 22 getkirby/cms 22 tribalsystems/zenario 22 Microsoft.AspNetCore.App.Runtime.win-x64 21 org.apache.openmeetings:openmeetings-parent 21 @openzeppelin/contracts-upgradeable 21 Microsoft.AspNetCore.App.Runtime.win-x86 21 activerecord 21 glance 21 org.apache.nifi:nifi 21 langchain 20 @openzeppelin/contracts 20 org.cloudfoundry.identity:cloudfoundry-identity-server 20 funadmin/funadmin 20 Microsoft.AspNetCore.App.Runtime.win-arm 20 laravel/framework 20 github.com/ethereum/go-ethereum 20 code.gitea.io/gitea 20 contao/contao 19 DotNetNuke.Core 19 org.xwiki.platform:xwiki-platform-web-templates 19 wasmtime 19 org.springframework:spring-core 19 github.com/goharbor/harbor 19 cockpit-hq/cockpit 18 topthink/framework 18 com.liferay.portal:release.dxp.bom 18 golang.org/x/net 18 github.com/traefik/traefik/v2 18 com.vaadin:vaadin-bom 18 mindsdb 18 cobbler 18 mercurial 18 next 18 Microsoft.AspNetCore.App.Runtime.osx-x64 18 Microsoft.AspNetCore.App.Runtime.linux-x64 18 Microsoft.AspNetCore.App.Runtime.linux-musl-x64 18 Microsoft.AspNetCore.App.Runtime.win-arm64 18 Microsoft.AspNetCore.App.Runtime.linux-arm 18 forkcms/forkcms 18 Microsoft.AspNetCore.App.Runtime.linux-arm64 18 org.apache.geode:geode-core 17 francoisjacquet/rosariosis 17 opencart/opencart 17 ezsystems/ezpublish-kernel 17 Microsoft.AspNetCore.App.Runtime.linux-musl-arm64 17 cakephp/cakephp 17 notebook 17 genix/cms 17 symfony/security 17 helm.sh/helm/v3 17 PaddlePaddle 16 yetiforce/yetiforce-crm 16 typo3/cms-backend 16 neutron 16 org.apache.jspwiki:jspwiki-main 16 org.apache.dubbo:dubbo 16 paddlepaddle 16 openmage/magento-lts 16 rusqlite 16 cryptography 16 pyload-ng 16 org.bouncycastle:bcprov-jdk15 16 tinymce 16 github.com/zitadel/zitadel 16 sequelize 16 phpbb/phpbb 16 org.apache.activemq:activemq-client 16 symfony/security-http 15 org.apache.struts.xwork:xwork-core 15 surrealdb 15 ghost 15 ec-cube/ec-cube 15 OctoPrint 15 ckeditor4 15 calibreweb 15 ethyca-fides 15 october/system 15 smarty/smarty 15 publify_core 14 org.xwiki.platform:xwiki-platform-web 14 phpmailer/phpmailer 14 bolt/bolt 14 org.apache.inlong:manager-pojo 14 camaleon_cms 14 github.com/nats-io/nats-server/v2 14 silverstripe/cms 14 modoboa 14 activesupport 14 feehi/cms 14 dompdf/dompdf 14 org.apache.tomcat:tomcat-coyote 14 aiohttp 14 github.com/containerd/containerd 14
Filter by Repository
https://github.com/tensorflow/tensorflow 433 https://github.com/moodle/moodle 218 https://github.com/chakra-core/ChakraCore 214 https://github.com/xwiki/xwiki-platform 183 https://github.com/jenkinsci/jenkins 150 https://github.com/pimcore/pimcore 113 https://github.com/django/django 113 https://github.com/apache/tomcat 101 https://github.com/apache/airflow 100 https://github.com/microweber/microweber 88 https://github.com/TYPO3/typo3 74 https://github.com/keycloak/keycloak 74 https://github.com/FasterXML/jackson-databind 70 https://github.com/thorsten/phpmyfaq 69 https://github.com/librenms/librenms 66 https://github.com/silverstripe/silverstripe-framework 64 https://github.com/usememos/memos 64 https://github.com/symfony/symfony 64 https://github.com/rails/rails 59 https://github.com/ansible/ansible 58 https://github.com/Dolibarr/dolibarr 56 https://github.com/kubernetes/kubernetes 53 https://github.com/python-pillow/Pillow 52 https://github.com/apache/struts 46 https://github.com/spring-projects/spring-framework 45 https://github.com/shopware/platform 43 https://github.com/ikus060/rdiffweb 42 https://github.com/argoproj/argo-cd 42 https://github.com/concretecms/concretecms 41 https://github.com/grafana/grafana 41 https://github.com/vyperlang/vyper 38 https://github.com/magento/magento2 38 https://github.com/star7th/showdoc 38 https://github.com/phpmyadmin/phpmyadmin 38 https://github.com/plone/Products.CMFPlone 37 https://github.com/x-stream/xstream 37 https://github.com/openstack/nova 37 https://github.com/mautic/mautic 35 https://github.com/octobercms/october 35 https://github.com/saltstack/salt 34 https://github.com/craftcms/cms 34 https://github.com/answerdev/answer 34 https://github.com/rancher/rancher 34 https://github.com/dotnet/runtime 33 https://github.com/apache/activemq 33 https://github.com/sparklemotion/nokogiri 32 https://github.com/matrix-org/synapse 32 https://github.com/opencv/opencv 32 https://github.com/go-gitea/gitea 32 https://github.com/gradio-app/gradio 31 https://github.com/PaddlePaddle/Paddle 31 https://github.com/parse-community/parse-server 31 https://github.com/mlflow/mlflow 30 https://github.com/snipe/snipe-it 30 https://github.com/CVEProject/cvelist 28 https://github.com/shopware/shopware 28 https://github.com/openstack/keystone 28 https://github.com/apache/inlong 27 https://github.com/baserproject/basercms 26 https://github.com/froxlor/froxlor 26 https://github.com/directus/directus 25 https://github.com/contao/contao 25 https://github.com/electron/electron 25 https://github.com/umbraco/Umbraco-CMS 25 https://github.com/cilium/cilium 25 https://github.com/github/advisory-database 25 https://github.com/strapi/strapi 24 https://github.com/gogs/gogs 24 https://github.com/TYPO3/TYPO3.CMS 24 https://github.com/getgrav/grav 24 https://github.com/apache/nifi 23 https://github.com/firefly-iii/firefly-iii 23 https://github.com/livehelperchat/livehelperchat 23 https://github.com/eclipse/jetty.project 23 https://github.com/pmmp/PocketMine-MP 23 https://github.com/hashicorp/consul 22 https://github.com/PrestaShop/PrestaShop 22 https://github.com/nervosnetwork/ckb 22 https://github.com/langchain-ai/langchain 22 https://github.com/jenkinsci/script-security-plugin 21 https://github.com/netty/netty 21 https://github.com/apache/cxf 21 https://github.com/simplesamlphp/simplesamlphp 20 https://github.com/undertow-io/undertow 20 https://github.com/OpenNMS/opennms 20 https://github.com/jeecgboot/jeecg-boot 20 https://github.com/OpenZeppelin/openzeppelin-contracts 20 https://github.com/bytecodealliance/wasmtime 20 https://github.com/funadmin/funadmin 20 https://github.com/getkirby/kirby 19 https://github.com/goharbor/harbor 19 https://github.com/zitadel/zitadel 19 https://github.com/cloudfoundry/uaa 19 https://github.com/nilsteampassnet/teampass 19 https://github.com/bcgit/bc-java 19 https://github.com/nilsteampassnet/TeamPass 18 https://github.com/intelliants/subrion 18 https://github.com/traefik/traefik 18 https://github.com/rubygems/rubygems 18 https://github.com/geoserver/geoserver 18 https://github.com/rack/rack 18 https://github.com/helm/helm 18 https://github.com/hashicorp/vault 17 https://github.com/moby/moby 17 https://github.com/liufee/cms 17 https://github.com/mindsdb/mindsdb 17 https://github.com/opencast/opencast 17 https://github.com/vaadin/platform 17 https://github.com/yetiforcecompany/yetiforcecrm 16 https://github.com/rusqlite/rusqlite 16 https://github.com/pyload/pyload 16 https://github.com/OpenMage/magento-lts 16 https://github.com/forkcms/forkcms 16 https://github.com/etcd-io/etcd 16 https://github.com/laravel/framework 16 https://github.com/mattermost/mattermost 16 https://github.com/tinymce/tinymce 16 https://github.com/ethereum/go-ethereum 16 https://github.com/sequelize/sequelize 16 https://github.com/backstage/backstage 16 https://github.com/TYPO3-CMS/core 16 https://github.com/dompdf/dompdf 15 https://github.com/cobbler/cobbler 15 https://github.com/vantage6/vantage6 15 https://github.com/PHPMailer/PHPMailer 15 https://github.com/puppetlabs/puppet 15 https://github.com/decidim/decidim 15 https://github.com/zendframework/zendframework 15 https://github.com/pyca/cryptography 15 https://github.com/denoland/deno 15 https://github.com/surrealdb/surrealdb 15 https://github.com/ethyca/fides 15 https://github.com/centreon/centreon 15 https://github.com/apache/camel 15 https://github.com/dotnet/aspnetcore 14 https://github.com/containerd/containerd 14 https://github.com/twisted/twisted 14 https://github.com/janeczku/calibre-web 14 https://github.com/aio-libs/aiohttp 14 https://github.com/ckeditor/ckeditor4 14 https://github.com/cockpit-hq/cockpit 14 https://github.com/vercel/next.js 14 https://github.com/hashicorp/nomad 14 https://github.com/xuxueli/xxl-job 14 https://github.com/TryGhost/Ghost 13 https://github.com/swagger-api/swagger-ui 13 https://github.com/laurent22/joplin 13 https://github.com/OPCFoundation/UA-.NETStandard 13 https://github.com/publify/publify 13 https://github.com/ming-soft/MCMS 13 https://github.com/dromara/hutool 13 https://github.com/modoboa/modoboa 13 https://github.com/apache/dolphinscheduler 13 https://github.com/quarkusio/quarkus 13 https://github.com/nodejs/undici 13 https://github.com/OpenRefine/OpenRefine 13 https://github.com/golang/go 13 https://github.com/pimcore/admin-ui-classic-bundle 12 https://github.com/containers/podman 12 https://github.com/wagtail/wagtail 12 https://github.com/puma/puma 12 https://github.com/openfga/openfga 12 https://github.com/apache/kylin 12 https://github.com/PHPOffice/PhpSpreadsheet 12 https://github.com/opencontainers/runc 12 https://github.com/centreon/centreon-archived 12 https://github.com/urllib3/urllib3 12 https://github.com/openstack/glance 12 https://github.com/patriksimek/vm2 12 https://github.com/smarty-php/smarty 12 https://github.com/1Panel-dev/1Panel 12 https://github.com/zenml-io/zenml 11 https://github.com/NodeBB/NodeBB 11 https://github.com/scrapy/scrapy 11 https://github.com/Studio-42/elFinder 11 https://github.com/spring-projects/spring-security 11 https://github.com/owen2345/camaleon-cms 11 https://github.com/ezsystems/ezpublish-kernel 11 https://github.com/cloudflare/cfrpki 11 https://github.com/igniterealtime/Openfire 11 https://github.com/yiisoft/yii2 11 https://github.com/pomerium/pomerium 11 https://github.com/vaadin/flow 11 https://github.com/onionshare/onionshare 11 https://github.com/Sylius/Sylius 11 https://github.com/WWBN/AVideo 11 https://github.com/nats-io/nats-server 11 https://github.com/drupal/core 11 https://github.com/dpgaspar/Flask-AppBuilder 11 https://github.com/thorsten/phpMyFAQ 11 https://github.com/getsentry/sentry 11 https://github.com/Pylons/waitress 11 https://github.com/top-think/framework 11 https://github.com/cakephp/cakephp 11 https://github.com/dolibarr/dolibarr 11 https://github.com/matrix-org/matrix-js-sdk 11 https://github.com/nextauthjs/next-auth 10 https://github.com/pgadmin-org/pgadmin4 10 https://github.com/greenpau/caddy-security 10