Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories

Browse all Security Advisories for

Loading...
Moderate
GSA_kwCzR0hTQS1tZzdoLTlxZngtNHI4M84AA8zk
ZendFramework Potential Proxy Injection Vulnerabilities
Ecosystems: packagist
Packages: zendframework/zendframework
Source: GitHub Advisory Database
Blast Radius: 23.0
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS0yZmhyLThyOHItcXA1Ns4AA8zj
ZendFramework Information Disclosure and Insufficient Entropy vulnerability
Ecosystems: packagist
Packages: zendframework/zendframework
Source: GitHub Advisory Database
Blast Radius: 20.7
Published: 6 months ago
High
GSA_kwCzR0hTQS14MmY0LTh3eGYtdzN2Zs4AA8zi
ZendFramework SQL injection due to execution of platform-specific SQL containing interpolations
Ecosystems: packagist
Packages: zendframework/zendframework
Source: GitHub Advisory Database
Blast Radius: 34.3
Published: 6 months ago
Critical
GSA_kwCzR0hTQS1xYzd3LTQ1NjctODR3ds4AA8zh
Zendframework vulnerable to XXE/XEE attacks
Ecosystems: packagist
Packages: zendframework/zendframework
Source: GitHub Advisory Database
Blast Radius: 38.2
Published: 6 months ago
High
GSA_kwCzR0hTQS14Zzl3LXI0NjktbTQ1Nc4AA8zg
ZendFramework Potential Information Disclosure and Insufficient Entropy vulnerabilities
Ecosystems: packagist
Packages: zendframework/zendframework
Source: GitHub Advisory Database
Blast Radius: 28.9
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS02MmY2LWg2OHItM2pwd84AA8zf
Zendframework session validation vulnerability
Ecosystems: packagist
Packages: zendframework/zendframework
Source: GitHub Advisory Database
Blast Radius: 25.4
Published: 6 months ago
High
GSA_kwCzR0hTQS1qcTg3LTJ3eHAtODM0Oc4AA8ze
ZendFramework Route Parameter Injection Via Query String in `Zend\Mvc`
Ecosystems: packagist
Packages: zendframework/zendframework
Source: GitHub Advisory Database
Blast Radius: 29.3
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS04cTc3LWN2NjItamozOM4AA8zd
Zendframework has potential Cross-site Scripting vector in multiple view helpers
Ecosystems: packagist
Packages: zendframework/zendframework
Source: GitHub Advisory Database
Blast Radius: 23.8
Published: 6 months ago
High
GSA_kwCzR0hTQS14ZmZwLTZ3NjgtNDc3Nc4AA8zc
Zendframework Remote Address Spoofing Vector in `Zend\Http\PhpEnvironment\RemoteAddress`
Ecosystems: packagist
Packages: zendframework/zendframework
Source: GitHub Advisory Database
Blast Radius: 29.3
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS1mM3dmLXE0ZmotM2d4Zs4AA8zb
TYPO3 Denial of Service in Online Media Asset Handling
Ecosystems: packagist
Packages: typo3/cms
Source: GitHub Advisory Database
Blast Radius: 17.0
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS02NDg3LTNxdmctOHB4Oc4AA8za
TYPO3 Information Disclosure in Install Tool
Ecosystems: packagist
Packages: typo3/cms
Source: GitHub Advisory Database
Blast Radius: 13.8
Published: 6 months ago
High
GSA_kwCzR0hTQS1mNzc3LWY3ODQtMzZnbc4AA8zZ
TYPO3 Security Misconfiguration in Install Tool Cookie
Ecosystems: packagist
Packages: typo3/cms
Source: GitHub Advisory Database
Blast Radius: 21.1
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS0ycmN3LTlocm0tOHE3cc4AA8zY
TYPO3 Cross-Site Scripting in Frontend User Login
Ecosystems: packagist
Packages: typo3/cms
Source: GitHub Advisory Database
Blast Radius: 14.1
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS03cTMzLWh4d2otN3A4ds4AA8zX
TYPO3 Cross-Site Scripting in Backend Modal Component
Ecosystems: packagist
Packages: typo3/cms
Source: GitHub Advisory Database
Blast Radius: 14.1
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS04bTZqLXA1anYtdjY5d84AA8zW
TYPO3 Cross-Site Scripting in Online Media Asset Rendering
Ecosystems: packagist
Packages: typo3/cms
Source: GitHub Advisory Database
Blast Radius: 14.1
Published: 6 months ago
Low
GSA_kwCzR0hTQS01NWYzLTNxdmctOHB2Nc4AA8zV
Symlink bypasses filesystem sandbox
Ecosystems: cargo
Packages: wasmer
Source: GitHub Advisory Database
Blast Radius: 8.3
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS01cHhyLTdtNGotampjNs4AA8zU
Cross-site scripting (XSS) vulnerability in Description metadata
Ecosystems: packagist
Packages: getformwork/formwork
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 6 months ago
High
GSA_kwCzR0hTQS04aDRtLXI0d20teGo3cs4AA8zT
TYPO3 Arbitrary Code Execution via File List Module
Ecosystems: packagist
Packages: typo3/cms
Source: GitHub Advisory Database
Blast Radius: 23.0
Published: 6 months ago
High
GSA_kwCzR0hTQS1nNTg1LWNyamYtdmh3cc4AA8zJ
TYPO3 Denial of Service in Frontend Record Registration
Ecosystems: packagist
Packages: typo3/cms
Source: GitHub Advisory Database
Blast Radius: 19.6
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS1mNjI0LThoZnEtNWZoM84AA8zI
TYPO3 Information Disclosure of Installed Extensions
Ecosystems: packagist
Packages: typo3/cms
Source: GitHub Advisory Database
Blast Radius: 13.8
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS12OG00LTN3MzctZ2h4eM4AA8zH
TYPO3 Cross-Site Scripting in Form Framework validation handling
Ecosystems: packagist
Packages: typo3/cms
Source: GitHub Advisory Database
Blast Radius: 15.9
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS00aDVjLTVnMjUtdjdmaM4AA8zG
TYPO3 Cross-Site Scripting in Form Framework
Ecosystems: packagist
Packages: typo3/cms
Source: GitHub Advisory Database
Blast Radius: 15.9
Published: 6 months ago
High
GSA_kwCzR0hTQS1jNW1qLTM5Y2YtM3BwNc4AA8zF
TYPO3 Security Misconfiguration for Backend User Accounts
Ecosystems: packagist
Packages: typo3/cms
Source: GitHub Advisory Database
Blast Radius: 19.1
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS14Z214LWozaHYtamg5eM4AA8zE
TYPO3 Cross-Site Scripting in Link Handling
Ecosystems: packagist
Packages: typo3/cms
Source: GitHub Advisory Database
Blast Radius: 15.9
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS03NzJtLTQzZjMtaG1mOM4AA8zD
TYPO3 Broken Access Control in Localization Handling
Ecosystems: packagist
Packages: typo3/cms
Source: GitHub Advisory Database
Blast Radius: 17.0
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS1nN2h3LWpoNHAtNzV3cs4AA8zC
TYPO3 Cross-Site Scripting in Filelist Module
Ecosystems: packagist
Packages: typo3/cms
Source: GitHub Advisory Database
Blast Radius: 15.9
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS04NWNoLTQ0dzctcmYzMs4AA8zB
TYPO3 Cross-Site Scripting in Fluid ViewHelpers
Ecosystems: packagist
Packages: typo3/cms
Source: GitHub Advisory Database
Blast Radius: 15.9
Published: 6 months ago
High
GSA_kwCzR0hTQS1oaDk1LTV4bTUtdjh2N84AA8zA
TYPO3 CMS Possible Insecure Deserialization in Extbase Request Handling
Ecosystems: packagist
Packages: typo3/cms
Source: GitHub Advisory Database
Blast Radius: 21.1
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS05MndwLWpnaHItaGg4N84AA8yL
Weak encryption in Ninja Core
Ecosystems: maven
Packages: org.ninjaframework:ninja-core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS13am1qLWgzeGMtaHhwOM4AA8x-
Generation of Error Message Containing Sensitive Information in zsa
Ecosystems: npm
Packages: zsa
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS13MjM1LTdwODQteHg1N84AA8x9
Tornado has a CRLF injection in CurlAsyncHTTPClient headers
Ecosystems: pypi
Packages: tornado
Source: GitHub Advisory Database
Blast Radius: 32.9
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS03NTNqLW1wbXgtcXE2Z84AA8x8
Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') in tornado
Ecosystems: pypi
Packages: tornado
Source: GitHub Advisory Database
Blast Radius: 26.8
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS1ycnZjLWM3eGctN2NmM84AA8x7
TokenController formName not sanitized in hidden input
Ecosystems: packagist
Packages: sulu/form-bundle
Source: GitHub Advisory Database
Blast Radius: 5.2
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS14MjM0LXI1ZmcteDUybc4AA8xY
Arbitrary system path lookup in h20
Ecosystems: pypi
Packages: h2o
Source: GitHub Advisory Database
Blast Radius: 13.8
Published: 6 months ago
High
GSA_kwCzR0hTQS02cnE5LTUzYzMtZjd2as4AA8xR
onnx allows Arbitrary File Overwrite in download_model_with_test_data
Ecosystems: pypi
Packages: onnx
Source: GitHub Advisory Database
Blast Radius: 34.7
Published: 6 months ago
High
GSA_kwCzR0hTQS12OXE2LWZtNDgtcng3NM4AA8xv
Authentication bypass in dtale
Ecosystems: pypi
Packages: dtale
Source: GitHub Advisory Database
Blast Radius: 19.0
Published: 6 months ago
High
GSA_kwCzR0hTQS0zeHI4LXFmdmotOXA5as4AA8xH
Arbitrary file deletion in litellm
Ecosystems: pypi
Packages: litellm
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
High
GSA_kwCzR0hTQS1ycHg4LWZnNnctcm02eM4AA8xQ
lunary-ai/lunary XSS in SAML metadata endpoint
Ecosystems: npm
Packages: lunary
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS1oNm02LWpqOHYtOTRqas4AA8xW
SQL injection in litellm
Ecosystems: pypi
Packages: litellm
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
High
GSA_kwCzR0hTQS0zeDQ3LXc0cngtNnBtN84AA8xw
LoLLMS Path Traversal vulnerability
Ecosystems: pypi
Packages: lollms
Source: GitHub Advisory Database
Blast Radius: 5.9
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS04ajQyLXBjZm0tMzQ2N84AA8xM
SQL injection in litellm
Ecosystems: pypi
Packages: litellm
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
High
GSA_kwCzR0hTQS1wOGg3LWM4Z3ctNng4Y84AA8xF
LoLLMS Path Traversal vulnerability
Ecosystems: pypi
Packages: lollms
Source: GitHub Advisory Database
Blast Radius: 4.5
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS1qdzh4LTY0OTUtMjMzds4AA8xU
scikit-learn sensitive data leakage vulnerability
Ecosystems: pypi
Packages: scikit-learn
Source: GitHub Advisory Database
Blast Radius: 27.3
Published: 6 months ago
High
GSA_kwCzR0hTQS1qNDZxLTVweHgtOHZtd84AA8xl
Local File Inclusion in mlflow
Ecosystems: pypi
Packages: mlflow
Source: GitHub Advisory Database
Blast Radius: 27.8
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS04ZjhxLXEyajctN2oybc4AA8w-
Undefined Behavior in mlflow
Ecosystems: pypi
Packages: mlflow
Source: GitHub Advisory Database
Blast Radius: 20.0
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS0zaGpoLWpoMmgtdnJnNs4AA8xc
Denial of service in langchain-community
Ecosystems: pypi
Packages: langchain, langchain-community
Source: GitHub Advisory Database
Blast Radius: 17.9
Published: 6 months ago
Low
GSA_kwCzR0hTQS12d2dmLTdmOWgtaDQ5Oc4AA8w7
Cross site scripting in zenml
Ecosystems: pypi
Packages: zenml
Source: GitHub Advisory Database
Blast Radius: 5.6
Published: 6 months ago
Low
GSA_kwCzR0hTQS1qNTI3LXY1NzktbTk4aM4AA8xd
Improper authentication in zenml
Ecosystems: pypi
Packages: zenml
Source: GitHub Advisory Database
Blast Radius: 5.4
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS1tcTczLWc0cXItZmdjcc4AA8xg
Clickjacking in zenml
Ecosystems: pypi
Packages: zenml
Source: GitHub Advisory Database
Blast Radius: 7.1
Published: 6 months ago
Low
GSA_kwCzR0hTQS1jNTQ2LThqbXEtaHByas4AA8w2
Race condition in zenml
Ecosystems: pypi
Packages: zenml
Source: GitHub Advisory Database
Blast Radius: 5.1
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS1xMjVjLWM5NzctNGNtaM4AA8xA
Server-Side Request Forgery in langchain-community.retrievers.web_research.WebResearchRetriever
Ecosystems: pypi
Packages: langchain-community
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS05eDg4LTRqZzgtNHZmN84AA8w1
Improper authorization in zenml
Ecosystems: pypi
Packages: zenml
Source: GitHub Advisory Database
Blast Radius: 10.7
Published: 6 months ago
Critical
GSA_kwCzR0hTQS01cTZjLWZmdmcteGNtOc4AA8xf
Remote code execution in mlflow
Ecosystems: pypi
Packages: mlflow
Source: GitHub Advisory Database
Blast Radius: 37.1
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS04N3A5LXg3NWgtcDRqMs4AA8wy
Unauthenticated Access to sensitive settings in Argo CD
Ecosystems: go
Packages: github.com/argoproj/argo-cd/v2/server
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 6 months ago
High
GSA_kwCzR0hTQS1ocnc2LXdnODItY202Ms4AA8wx
Jupyter server on Windows discloses Windows user password hash
Ecosystems: pypi
Packages: jupyter_server
Source: GitHub Advisory Database
Blast Radius: 29.0
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS03aHJoLXY2d3AtNTN2d84AA8ww
Evmos allows unvested token delegations
Ecosystems: go
Packages: github.com/evmos/evmos/v6, github.com/evmos/evmos/v7, github.com/evmos/evmos/v8, github.com/evmos/evmos/v9, github.com/evmos/evmos/v10, github.com/evmos/evmos/v11, github.com/evmos/evmos/v12, github.com/evmos/evmos/v13, github.com/evmos/evmos/v14, github.com/evmos/evmos/v15, github.com/evmos/evmos/v16, github.com/evmos/evmos/v17, github.com/evmos/evmos/v18
Source: GitHub Advisory Database
Blast Radius: 2.5
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS0zY3FmLTk1M3AtaDVjcM4AA8wv
Argo-cd authenticated users can enumerate clusters by name
Ecosystems: go
Packages: github.com/argoproj/argo-cd
Source: GitHub Advisory Database
Blast Radius: 6.4
Published: 6 months ago
High
GSA_kwCzR0hTQS14Z3I3LWpncTMtbWhtY84AA8wu
Contract balance not updating correctly after interchain transaction
Ecosystems: go
Packages: github.com/evmos/evmos/v6, github.com/evmos/evmos/v7, github.com/evmos/evmos/v8, github.com/evmos/evmos/v9, github.com/evmos/evmos/v10, github.com/evmos/evmos/v11, github.com/evmos/evmos/v12, github.com/evmos/evmos/v13, github.com/evmos/evmos/v14, github.com/evmos/evmos/v15, github.com/evmos/evmos/v16, github.com/evmos/evmos/v17, github.com/evmos/evmos/v18
Source: GitHub Advisory Database
Blast Radius: 3.6
Published: 6 months ago
High
GSA_kwCzR0hTQS05NzNnLTU1aHAtM2Zyd84AA8wY
Server-Side Request Forgery in gradio
Ecosystems: pypi
Packages: gradio
Source: GitHub Advisory Database
Blast Radius: 35.0
Published: 6 months ago
High
GSA_kwCzR0hTQS02djZnLWo1ZnEtaHB2d84AA8wb
Local file inclusion in gradio
Ecosystems: pypi
Packages: gradio
Source: GitHub Advisory Database
Blast Radius: 30.5
Published: 6 months ago
Critical
GSA_kwCzR0hTQS1jZ3djLXF2cngtcmY3Zs4AA8wc
Remote code execution in pytorch lightning
Ecosystems: pypi
Packages: lightning
Source: GitHub Advisory Database
Blast Radius: 29.0
Published: 6 months ago
Low
GSA_kwCzR0hTQS1weHY4LXFocmgtamM3ds4AA8wK
evmos allows transferring unvested tokens after delegations
Ecosystems: go
Packages: github.com/evmos/evmos/v6, github.com/evmos/evmos/v7, github.com/evmos/evmos/v8, github.com/evmos/evmos/v9, github.com/evmos/evmos/v10, github.com/evmos/evmos/v11, github.com/evmos/evmos/v12, github.com/evmos/evmos/v13, github.com/evmos/evmos/v14, github.com/evmos/evmos/v15, github.com/evmos/evmos/v16, github.com/evmos/evmos/v17
Source: GitHub Advisory Database
Blast Radius: 1.7
Published: 6 months ago
Low
GSA_kwCzR0hTQS01MnhmLTVwMm0tOXdyds4AA8wF
s2n-tls has a potentially observable differences in RSA premaster secret handling
Ecosystems: cargo
Packages: s2n-tls
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS05NnFtLWh3aHAtMnJtOM4AA8wB
Improper Authentication in CraftCMS two factor authentication plugin
Ecosystems: packagist
Packages: born05/craft-twofactorauthentication
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
Low
GSA_kwCzR0hTQS0zcDR4LWdycG0teHc1OM4AA8wD
Password hash exposed in CraftCMS two factor authentication plugin
Ecosystems: packagist
Packages: born05/craft-twofactorauthentication
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
High
GSA_kwCzR0hTQS14anczLTVyNWMtbTVwaM4AA8u6
typo3 Security fix for Flow Swift Mailer package
Ecosystems: packagist
Packages: typo3/swiftmailer
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS1tMmhwLTV4NzgtNzRtZ84AA8u5
Insecure Unserialize Vulnerability in FLOW3
Ecosystems: packagist
Packages: typo3/flow
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
High
GSA_kwCzR0hTQS1nNHh2LXIzcXctdjNxMs4AA8u4
typo3 Information Disclosure Security Note
Ecosystems: packagist
Packages: typo3/neos
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS0ycDRmLXZjOXEtcjV2cM4AA8uk
Typo3 Arbitrary file upload and XML External Entity processing
Ecosystems: packagist
Packages: typo3/flow
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS00djVnLThwcTItMzJtMs4AA8uj
By-passing Protection of PharStreamWrapper Interceptor
Ecosystems: packagist
Packages: typo3/phar-stream-wrapper
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS1yNm1tLXdtaGYtODQ5bc4AA8ui
Time-Based Information Disclosure Vulnerability in Flow
Ecosystems: packagist
Packages: typo3/flow
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS13cjNjLTZjMjItbTl2Ns4AA8uh
Privilege Escalation in TYPO3 Neos
Ecosystems: packagist
Packages: typo3/neos
Source: GitHub Advisory Database
Blast Radius: 10.8
Published: 6 months ago
High
GSA_kwCzR0hTQS12aDZqLXd2MjUtOHF4cs4AA8uf
Flow Bugfix Releases for Entity Security
Ecosystems: packagist
Packages: typo3/flow
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
High
GSA_kwCzR0hTQS00NTQyLXA1NmgtOHh3d84AA8ug
Cross-Site Scripting (XSS) vulnerabilities in Neos
Ecosystems: packagist
Packages: typo3/neos
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS0yNTl2LXhtMzQtcDdmcs4AA8ue
Typo3 Cross-Site Scripting in Language Pack Handling
Ecosystems: packagist
Packages: typo3/cms
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS1mNXJyLTlyODQtd3dxZs4AA8ud
Typo3 Broken Access Control in Import Module
Ecosystems: packagist
Packages: typo3/cms
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
Low
GSA_kwCzR0hTQS1oOTM0LWY0bTQtd2M4eM4AA8uc
Typo3 Information Disclosure in Page Tree
Ecosystems: packagist
Packages: typo3/cms
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS1od3c1LTZ4ODUtbWMyNM4AA8ub
Typo3 Arbitrary Code Execution and Cross-Site Scripting in Backend API
Ecosystems: packagist
Packages: typo3/cms
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS1xcjVmLTZmY3YtdzY5cc4AA8ua
Typo3 Security Misconfiguration in Frontend Session Handling
Ecosystems: packagist
Packages: typo3/cms
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS1nOXJ2LTZnNTYtNjVoOM4AA8uZ
Typo3 Security Misconfiguration in User Session Handling
Ecosystems: packagist
Packages: typo3/cms
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS1xOWM0LTl2NW0tNTk3cM4AA8uY
Typo3 Information Disclosure in Backend User Interface
Ecosystems: packagist
Packages: typo3/cms
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS1tOTZyLTd2cW0tajk1Z84AA8uX
Typo3 Information Disclosure in User Authentication
Ecosystems: packagist
Packages: typo3/cms
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS12NHFyLThoMnYtcXBqeM4AA8uW
Cross-Site Scripting in TYPO3 CMS Backend
Ecosystems: packagist
Packages: typo3/cms
Source: GitHub Advisory Database
Blast Radius: 14.1
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS01Z3I2LTk3ZnYtNTJjY84AA8uV
Cross-Site Scripting in TYPO3 CMS
Ecosystems: packagist
Packages: typo3/cms
Source: GitHub Advisory Database
Blast Radius: 17.0
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS1jN3JqLTkyeHItd3ByZ84AA8uU
Insecure Unserialize in TYPO3 Backend
Ecosystems: packagist
Packages: typo3/cms
Source: GitHub Advisory Database
Blast Radius: 13.0
Published: 6 months ago
High
GSA_kwCzR0hTQS1odmg0LTVxcjYtM3Y3cs4AA8uT
Observable Timing Discrepancy in pypqc
Ecosystems: pypi
Packages: pypqc
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 6 months ago
High
GSA_kwCzR0hTQS1jNzRmLTZtZnctbW00ds4AA8uS
Denial of Service via Zip/Decompression Bomb sent over HTTP or gRPC
Ecosystems: go
Packages: go.opentelemetry.io/collector/config/configgrpc, go.opentelemetry.io/collector/config/confighttp
Source: GitHub Advisory Database
Blast Radius: 18.5
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS1wdzJxLXF3dmotZ2g0M84AA8uR
Cache Flooding in TYPO3 Frontend
Ecosystems: packagist
Packages: typo3/cms
Source: GitHub Advisory Database
Blast Radius: 13.8
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS1taDNyLTZjcDUtaGMyas4AA8uQ
Authentication Bypass in TYPO3 Frontend
Ecosystems: packagist
Packages: typo3/cms
Source: GitHub Advisory Database
Blast Radius: 14.1
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS1nNzYyLWg4NnctODc0Oc4AA8uP
BoringSSLAEADContext in Netty Repeats Nonces
Ecosystems: maven
Packages: io.netty.incubator:netty-incubator-codec-ohttp
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS02ZjltLXY3bXAtN2pqcc4AA8uO
Authentication Bypass in TYPO3 CMS
Ecosystems: packagist
Packages: typo3/cms
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS1nNDZoLXYyY2MtNmM5NM4AA8uN
Information Disclosure in TYPO3 CMS
Ecosystems: packagist
Packages: typo3/cms
Source: GitHub Advisory Database
Blast Radius: 11.2
Published: 6 months ago
High
GSA_kwCzR0hTQS1wcGdmLTg3NDUtOHBneM4AA8uM
Insecure Deserialization & Arbitrary Code Execution in TYPO3 CMS
Ecosystems: packagist
Packages: typo3/cms
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS1tODdtLW1tdnAtdjlxbc4AA8uI
PyMongo Out-of-bounds Read in the bson module
Ecosystems: pypi
Packages: pymongo
Source: GitHub Advisory Database
Blast Radius: 22.7
Published: 6 months ago
Low
GSA_kwCzR0hTQS1jN3A2LTNjOWMtZjg4cc4AA8uE
Information Disclosure in TYPO3 CMS
Ecosystems: packagist
Packages: typo3/cms
Source: GitHub Advisory Database
Blast Radius: 9.7
Published: 6 months ago
High
GSA_kwCzR0hTQS03cXdnLWZjcHcteGc1Z84AA8uD
Privilege Escalation & SQL Injection in TYPO3 CMS
Ecosystems: packagist
Packages: typo3/cms
Source: GitHub Advisory Database
Blast Radius: 23.0
Published: 6 months ago
High
GSA_kwCzR0hTQS1nNHBmLTNqdnEtMmdjd84AA8uC
TYPO3 Remote Code Execution in third party library swiftmailer
Ecosystems: packagist
Packages: typo3/cms
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
Critical
GSA_kwCzR0hTQS02N3dnLTZqN3ItbXFoOM4AA8uB
Arbitrary Code Execution in TYPO3 CMS
Ecosystems: packagist
Packages: typo3/cms
Source: GitHub Advisory Database
Blast Radius: 26.1
Published: 6 months ago
High
GSA_kwCzR0hTQS04aDI4LWY0NmYtbTg3aM4AA8uA
Insecure Deserialization in TYPO3 CMS
Ecosystems: packagist
Packages: typo3/cms
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS1wNWM1LWdtajQtZzQ4Zs4AA8t_
Cross-Site Scripting (XSS) vulnerability in typolinks
Ecosystems: packagist
Packages: typo3/cms
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
Statistics
Advisories: 20,713
Packages: 9,066
Repositories: 5,542
Ecosystems: 12
Filter by Severity
Moderate 8,860 High 7,285 Critical 3,071 Low 1,148
Filter by Ecosystem
maven 5,870 packagist 4,634 pypi 4,392 npm 3,814 go 2,299 nuget 1,552 cargo 888 rubygems 880 swift 33 hex 32 actions 20 pub 9
Filter by Package
tensorflow 433 tensorflow-gpu 427 tensorflow-cpu 423 moodle/moodle 367 Microsoft.ChakraCore 247 magento/community-edition 235 org.jenkins-ci.main:jenkins-core 193 typo3/cms 174 org.apache.tomcat:tomcat 132 pimcore/pimcore 118 dolibarr/dolibarr 113 typo3/cms-core 106 Django 100 microweber/microweber 94 phpmyadmin/phpmyadmin 92 drupal/core 92 silverstripe/framework 85 apache-airflow 85 drupal/drupal 78 librenms/librenms 74 Plone 72 thorsten/phpmyfaq 70 symfony/symfony 69 com.fasterxml.jackson.core:jackson-databind 69 github.com/usememos/memos 64 ansible 63 github.com/mattermost/mattermost/server/v8 61 concrete5/concrete5 60 actionpack 60 salt 56 org.apache.struts:struts2-core 55 shopware/platform 52 apache-superset 51 org.keycloak:keycloak-core 51 github.com/grafana/grafana 49 baserproject/basercms 47 nova 47 com.liferay.portal:release.portal.bom 46 craftcms/cms 46 mlflow 46 django 44 nokogiri 43 rdiffweb 42 plone 41 shopware/core 40 showdoc/showdoc 40 intelliants/subrion 39 vyper 38 froxlor/froxlor 38 org.apache.tomcat.embed:tomcat-embed-core 38 github.com/rancher/rancher 38 nilsteampassnet/teampass 37 org.xwiki.platform:xwiki-platform-oldcore 37 mautic/core 37 github.com/hashicorp/vault 37 github.com/mattermost/mattermost-server/v6 37 com.thoughtworks.xstream:xstream 37 com.jfinal:jfinal 36 org.keycloak:keycloak-services 36 k8s.io/kubernetes 36 org.elasticsearch:elasticsearch 36 moin 35 snipe/snipe-it 35 net.mingsoft:ms-mcms 35 matrix-synapse 35 github.com/answerdev/answer 34 gradio 34 zendframework/zendframework1 34 io.undertow:undertow-core 34 org.jenkins-ci.plugins:script-security 33 keystone 32 opencv-python 31 opencv-contrib-python 31 github.com/argoproj/argo-cd 31 Pillow 31 parse-server 31 shopware/shopware 30 github.com/hashicorp/consul 29 github.com/docker/docker 29 getgrav/grav 29 mediawiki/core 28 github.com/hashicorp/nomad 28 github.com/argoproj/argo-cd/v2 27 centreon/centreon 27 directus 26 openssl-src 26 electron 26 pillow 26 prestashop/prestashop 26 org.apache.solr:solr-core 25 github.com/cilium/cilium 25 gogs.io/gogs 25 rubygems-update 25 org.keycloak:keycloak-parent 25 magento/core 24 org.springframework.security:spring-security-core 24 contao/core-bundle 24 org.eclipse.jetty:jetty-server 24 rack 23 grumpydictator/firefly-iii 23 pocketmine/pocketmine-mp 23 zendframework/zendframework 23 simplesamlphp/simplesamlphp 23 puppet 23 remdex/livehelperchat 23 getkirby/cms 22 ckb 22 tribalsystems/zenario 22 org.bouncycastle:bcprov-jdk14 22 glance 21 org.apache.nifi:nifi 21 Microsoft.AspNetCore.App.Runtime.win-x64 21 Microsoft.AspNetCore.App.Runtime.win-x86 21 activerecord 21 org.apache.openmeetings:openmeetings-parent 21 @openzeppelin/contracts-upgradeable 21 code.gitea.io/gitea 20 Microsoft.AspNetCore.App.Runtime.win-arm 20 @openzeppelin/contracts 20 github.com/ethereum/go-ethereum 20 laravel/framework 20 funadmin/funadmin 20 langchain 20 org.cloudfoundry.identity:cloudfoundry-identity-server 20 wasmtime 19 org.springframework:spring-core 19 DotNetNuke.Core 19 contao/contao 19 org.xwiki.platform:xwiki-platform-web-templates 19 github.com/goharbor/harbor 19 mindsdb 18 topthink/framework 18 next 18 com.liferay.portal:release.dxp.bom 18 cobbler 18 cockpit-hq/cockpit 18 Microsoft.AspNetCore.App.Runtime.linux-arm 18 Microsoft.AspNetCore.App.Runtime.linux-arm64 18 Microsoft.AspNetCore.App.Runtime.linux-musl-x64 18 Microsoft.AspNetCore.App.Runtime.linux-x64 18 Microsoft.AspNetCore.App.Runtime.osx-x64 18 Microsoft.AspNetCore.App.Runtime.win-arm64 18 com.vaadin:vaadin-bom 18 forkcms/forkcms 18 github.com/traefik/traefik/v2 18 golang.org/x/net 18 mercurial 18 symfony/security 17 notebook 17 cakephp/cakephp 17 org.apache.geode:geode-core 17 Microsoft.AspNetCore.App.Runtime.linux-musl-arm64 17 opencart/opencart 17 genix/cms 17 helm.sh/helm/v3 17 francoisjacquet/rosariosis 17 ezsystems/ezpublish-kernel 17 PaddlePaddle 16 typo3/cms-backend 16 paddlepaddle 16 org.apache.jspwiki:jspwiki-main 16 github.com/zitadel/zitadel 16 rusqlite 16 openmage/magento-lts 16 neutron 16 phpbb/phpbb 16 cryptography 16 yetiforce/yetiforce-crm 16 org.apache.activemq:activemq-client 16 pyload-ng 16 org.bouncycastle:bcprov-jdk15 16 sequelize 16 tinymce 16 org.apache.dubbo:dubbo 16 ec-cube/ec-cube 15 smarty/smarty 15 october/system 15 ckeditor4 15 OctoPrint 15 surrealdb 15 symfony/security-http 15 ethyca-fides 15 org.apache.struts.xwork:xwork-core 15 calibreweb 15 ghost 15 activesupport 14 org.apache.tomcat:tomcat-coyote 14 github.com/containerd/containerd 14 org.apache.inlong:manager-pojo 14 camaleon_cms 14 joplin 14 github.com/nats-io/nats-server/v2 14 phpmailer/phpmailer 14 modoboa 14 lollms 14 publify_core 14 pyftpdlib 14 aiohttp 14 feehi/cms 14 bolt/bolt 14
Filter by Repository
https://github.com/tensorflow/tensorflow 433 https://github.com/moodle/moodle 218 https://github.com/chakra-core/ChakraCore 214 https://github.com/xwiki/xwiki-platform 183 https://github.com/jenkinsci/jenkins 150 https://github.com/pimcore/pimcore 113 https://github.com/django/django 113 https://github.com/apache/tomcat 101 https://github.com/apache/airflow 100 https://github.com/microweber/microweber 88 https://github.com/TYPO3/typo3 74 https://github.com/keycloak/keycloak 74 https://github.com/FasterXML/jackson-databind 70 https://github.com/thorsten/phpmyfaq 69 https://github.com/librenms/librenms 66 https://github.com/silverstripe/silverstripe-framework 64 https://github.com/usememos/memos 64 https://github.com/symfony/symfony 64 https://github.com/rails/rails 59 https://github.com/ansible/ansible 58 https://github.com/Dolibarr/dolibarr 56 https://github.com/kubernetes/kubernetes 53 https://github.com/python-pillow/Pillow 52 https://github.com/apache/struts 46 https://github.com/spring-projects/spring-framework 45 https://github.com/shopware/platform 43 https://github.com/ikus060/rdiffweb 42 https://github.com/argoproj/argo-cd 42 https://github.com/concretecms/concretecms 41 https://github.com/grafana/grafana 41 https://github.com/vyperlang/vyper 38 https://github.com/star7th/showdoc 38 https://github.com/magento/magento2 38 https://github.com/phpmyadmin/phpmyadmin 38 https://github.com/plone/Products.CMFPlone 37 https://github.com/x-stream/xstream 37 https://github.com/openstack/nova 37 https://github.com/mautic/mautic 35 https://github.com/octobercms/october 35 https://github.com/saltstack/salt 34 https://github.com/craftcms/cms 34 https://github.com/answerdev/answer 34 https://github.com/rancher/rancher 34 https://github.com/dotnet/runtime 33 https://github.com/apache/activemq 33 https://github.com/go-gitea/gitea 32 https://github.com/sparklemotion/nokogiri 32 https://github.com/opencv/opencv 32 https://github.com/matrix-org/synapse 32 https://github.com/gradio-app/gradio 31 https://github.com/PaddlePaddle/Paddle 31 https://github.com/parse-community/parse-server 31 https://github.com/mlflow/mlflow 30 https://github.com/snipe/snipe-it 30 https://github.com/CVEProject/cvelist 28 https://github.com/shopware/shopware 28 https://github.com/openstack/keystone 28 https://github.com/apache/inlong 27 https://github.com/froxlor/froxlor 26 https://github.com/baserproject/basercms 26 https://github.com/github/advisory-database 25 https://github.com/cilium/cilium 25 https://github.com/umbraco/Umbraco-CMS 25 https://github.com/electron/electron 25 https://github.com/contao/contao 25 https://github.com/directus/directus 25 https://github.com/getgrav/grav 24 https://github.com/strapi/strapi 24 https://github.com/TYPO3/TYPO3.CMS 24 https://github.com/gogs/gogs 24 https://github.com/pmmp/PocketMine-MP 23 https://github.com/apache/nifi 23 https://github.com/firefly-iii/firefly-iii 23 https://github.com/eclipse/jetty.project 23 https://github.com/livehelperchat/livehelperchat 23 https://github.com/PrestaShop/PrestaShop 22 https://github.com/hashicorp/consul 22 https://github.com/nervosnetwork/ckb 22 https://github.com/langchain-ai/langchain 22 https://github.com/netty/netty 21 https://github.com/jenkinsci/script-security-plugin 21 https://github.com/apache/cxf 21 https://github.com/OpenNMS/opennms 20 https://github.com/jeecgboot/jeecg-boot 20 https://github.com/funadmin/funadmin 20 https://github.com/bytecodealliance/wasmtime 20 https://github.com/undertow-io/undertow 20 https://github.com/OpenZeppelin/openzeppelin-contracts 20 https://github.com/simplesamlphp/simplesamlphp 20 https://github.com/goharbor/harbor 19 https://github.com/getkirby/kirby 19 https://github.com/cloudfoundry/uaa 19 https://github.com/zitadel/zitadel 19 https://github.com/nilsteampassnet/teampass 19 https://github.com/bcgit/bc-java 19 https://github.com/rubygems/rubygems 18 https://github.com/geoserver/geoserver 18 https://github.com/rack/rack 18 https://github.com/helm/helm 18 https://github.com/traefik/traefik 18 https://github.com/intelliants/subrion 18 https://github.com/nilsteampassnet/TeamPass 18 https://github.com/vaadin/platform 17 https://github.com/opencast/opencast 17 https://github.com/liufee/cms 17 https://github.com/mindsdb/mindsdb 17 https://github.com/moby/moby 17 https://github.com/hashicorp/vault 17 https://github.com/OpenMage/magento-lts 16 https://github.com/mattermost/mattermost 16 https://github.com/rusqlite/rusqlite 16 https://github.com/tinymce/tinymce 16 https://github.com/ethereum/go-ethereum 16 https://github.com/pyload/pyload 16 https://github.com/yetiforcecompany/yetiforcecrm 16 https://github.com/TYPO3-CMS/core 16 https://github.com/forkcms/forkcms 16 https://github.com/backstage/backstage 16 https://github.com/etcd-io/etcd 16 https://github.com/laravel/framework 16 https://github.com/sequelize/sequelize 16 https://github.com/pyca/cryptography 15 https://github.com/cobbler/cobbler 15 https://github.com/zendframework/zendframework 15 https://github.com/centreon/centreon 15 https://github.com/puppetlabs/puppet 15 https://github.com/ethyca/fides 15 https://github.com/denoland/deno 15 https://github.com/surrealdb/surrealdb 15 https://github.com/dompdf/dompdf 15 https://github.com/decidim/decidim 15 https://github.com/PHPMailer/PHPMailer 15 https://github.com/vantage6/vantage6 15 https://github.com/apache/camel 15 https://github.com/janeczku/calibre-web 14 https://github.com/containerd/containerd 14 https://github.com/dotnet/aspnetcore 14 https://github.com/aio-libs/aiohttp 14 https://github.com/twisted/twisted 14 https://github.com/hashicorp/nomad 14 https://github.com/cockpit-hq/cockpit 14 https://github.com/vercel/next.js 14 https://github.com/xuxueli/xxl-job 14 https://github.com/ckeditor/ckeditor4 14 https://github.com/modoboa/modoboa 13 https://github.com/nodejs/undici 13 https://github.com/swagger-api/swagger-ui 13 https://github.com/OPCFoundation/UA-.NETStandard 13 https://github.com/TryGhost/Ghost 13 https://github.com/publify/publify 13 https://github.com/OpenRefine/OpenRefine 13 https://github.com/dromara/hutool 13 https://github.com/laurent22/joplin 13 https://github.com/apache/dolphinscheduler 13 https://github.com/quarkusio/quarkus 13 https://github.com/ming-soft/MCMS 13 https://github.com/golang/go 13 https://github.com/patriksimek/vm2 12 https://github.com/smarty-php/smarty 12 https://github.com/openfga/openfga 12 https://github.com/containers/podman 12 https://github.com/PHPOffice/PhpSpreadsheet 12 https://github.com/centreon/centreon-archived 12 https://github.com/pimcore/admin-ui-classic-bundle 12 https://github.com/urllib3/urllib3 12 https://github.com/puma/puma 12 https://github.com/wagtail/wagtail 12 https://github.com/openstack/glance 12 https://github.com/1Panel-dev/1Panel 12 https://github.com/opencontainers/runc 12 https://github.com/apache/kylin 12 https://github.com/Studio-42/elFinder 11 https://github.com/getsentry/sentry 11 https://github.com/drupal/core 11 https://github.com/igniterealtime/Openfire 11 https://github.com/cloudflare/cfrpki 11 https://github.com/Pylons/waitress 11 https://github.com/scrapy/scrapy 11 https://github.com/NodeBB/NodeBB 11 https://github.com/vaadin/flow 11 https://github.com/nats-io/nats-server 11 https://github.com/ezsystems/ezpublish-kernel 11 https://github.com/onionshare/onionshare 11 https://github.com/thorsten/phpMyFAQ 11 https://github.com/yiisoft/yii2 11 https://github.com/spring-projects/spring-security 11 https://github.com/dpgaspar/Flask-AppBuilder 11 https://github.com/cakephp/cakephp 11 https://github.com/WWBN/AVideo 11 https://github.com/Sylius/Sylius 11 https://github.com/zenml-io/zenml 11 https://github.com/matrix-org/matrix-js-sdk 11 https://github.com/dolibarr/dolibarr 11 https://github.com/pomerium/pomerium 11 https://github.com/top-think/framework 11 https://github.com/owen2345/camaleon-cms 11 https://github.com/opencart/opencart 10 https://github.com/jupyter/notebook 10 https://github.com/jquery/jquery 10