Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories

Browse all Security Advisories for

Loading...
High
GSA_kwCzR0hTQS00NXhnLTR3NXgtajQyOc4AA8kK
TYPO3 Arbitrary Shell Execution in Swiftmailer library
Ecosystems: packagist
Packages: typo3/cms
Source: GitHub Advisory Database
Blast Radius: 21.1
Published: 6 months ago
High
GSA_kwCzR0hTQS01aDV2LW01OTYtcjZyZs4AA8kJ
TYPO3 Possible Insecure Deserialization in Extbase Request Handling
Ecosystems: packagist
Packages: typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 29.0
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS02eHdmLTdyZm0tNGd3Y84AA8kI
TYPO3 Cross-Site Scripting in Filelist Module
Ecosystems: packagist
Packages: typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 21.9
Published: 6 months ago
High
GSA_kwCzR0hTQS1wbWgyLXdwam0tZmo0Nc4AA8kH
mysql2 vulnerable to Prototype Pollution
Ecosystems: npm
Packages: mysql2
Source: GitHub Advisory Database
Blast Radius: 41.8
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS00cHByLWp3NDctOXFtNc4AA8kG
TYPO3 Cross-Site Scripting in Link Handling
Ecosystems: packagist
Packages: typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 21.9
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS05NXFtLTN4cDctdmZqNc4AA8kF
TYPO3 Cross-Site Scripting in Form Framework validation handling
Ecosystems: packagist
Packages: typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 21.9
Published: 6 months ago
High
GSA_kwCzR0hTQS14NDI4LTU2NWYtOHhqMs4AA8kE
TYPO3 Arbitrary Code Execution and Cross-Site Scripting in Backend API
Ecosystems: packagist
Packages: typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 31.6
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS1nNzc2LTc1OXItcGY2eM4AA8kD
TYPO3 Broken Access Control in Import Module
Ecosystems: packagist
Packages: typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 15.4
Published: 6 months ago
High
GSA_kwCzR0hTQS04MnZwLWpyMzktNGoyas4AA8kC
TYPO3 Security Misconfiguration in Frontend Session Handling
Ecosystems: packagist
Packages: typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 29.4
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS1ydjhyLThtaDUtNTM3Ns4AA8kB
TYPO3 Information Disclosure in Backend User Interface
Ecosystems: packagist
Packages: typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 19.4
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS13ajg1LXJnNWctdjhqbc4AA8kA
TYPO3 Information Disclosure in User Authentication
Ecosystems: packagist
Packages: typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 19.0
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS1wMmg0LTdmcDMtY21oOM4AA8j_
TYPO3 Disclosure of Information about Installed Extensions
Ecosystems: packagist
Packages: typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 19.0
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS13dnZwLWp3ZjUtcWNwY84AA8j-
TYPO3 Information Disclosure in Page Tree
Ecosystems: packagist
Packages: typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 15.4
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS14bWdyLWpmZjMtZmNmds4AA8j9
TYPO3 Security Misconfiguration in User Session Handling
Ecosystems: packagist
Packages: typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 23.3
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS00NDU5LXFyY2MtdmZjZs4AA8j8
TYPO3 Cross-Site Scripting in Form Framework
Ecosystems: packagist
Packages: typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 21.9
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS03NnIzLW02MzUtcDN2Y84AA8j7
TYPO3 Cross-Site Scripting in Language Pack Handling
Ecosystems: packagist
Packages: typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 21.9
Published: 6 months ago
High
GSA_kwCzR0hTQS1mOWhyLTdjZnEtbWpnMs4AA8j6
TYPO3 Arbitrary Code Execution via File List Module
Ecosystems: packagist
Packages: typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 31.6
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS05cng5LTdmbWgtZ2ozZ84AA8j5
TYPO3 Broken Access Control in Localization Handling
Ecosystems: packagist
Packages: typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 23.3
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS0yMnE3LWNnNHItcDlteM4AA8j4
TYPO3 Cross-Site Scripting in Fluid ViewHelpers
Ecosystems: packagist
Packages: typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 21.9
Published: 6 months ago
High
GSA_kwCzR0hTQS1yeGM5LWYyeDYtcWg0d84AA8j3
TYPO3 Security Misconfiguration for Backend User Accounts
Ecosystems: packagist
Packages: typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 26.9
Published: 6 months ago
High
GSA_kwCzR0hTQS1oang1LXY5eGctN2gyNc4AA8j2
TYPO3 Denial of Service in Frontend Record Registration
Ecosystems: packagist
Packages: typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 26.9
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS0yOW00LW14ODktM21qZ84AA8j1
TYPO3 Denial of Service in Online Media Asset Handling
Ecosystems: packagist
Packages: typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 19.0
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS02NmMyLTdnNHAtd3g0cM4AA8j0
TYPO3 Information Disclosure in Install Tool
Ecosystems: packagist
Packages: typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 19.0
Published: 6 months ago
High
GSA_kwCzR0hTQS1wcHZnLWh3NjItNnBoOc4AA8jz
TYPO3 Security Misconfiguration in Install Tool Cookie
Ecosystems: packagist
Packages: typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 26.9
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS04YzI1LXZqMnctcDcyas4AA8jy
TYPO3 Cross-Site Scripting in Frontend User Login
Ecosystems: packagist
Packages: typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 21.9
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS1nNGM5LXFmdnctZm1yNM4AA8jx
TYPO3 Cross-Site Scripting in Backend Modal Component
Ecosystems: packagist
Packages: typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 21.9
Published: 6 months ago
High
GSA_kwCzR0hTQS05NmpnLXBtYzQtY3gzOc4AA8jw
TYPO3 CMS Insecure Deserialization
Ecosystems: packagist
Packages: typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 26.9
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS13ZzhoLWd4ZjQtZzRnaM4AA8jv
TYPO3 Cross-Site Scripting in Online Media Asset Rendering
Ecosystems: packagist
Packages: typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 21.9
Published: 6 months ago
High
GSA_kwCzR0hTQS00NXdqLWp2MmgtandyZs4AA8ju
TYPO3 CMS Privilege Escalation and SQL Injection
Ecosystems: packagist
Packages: typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 26.9
Published: 6 months ago
Critical
GSA_kwCzR0hTQS1jYzk3LWc5Mnctam02Nc4AA8jt
TYPO3 CMS Insecure Deserialization & Arbitrary Code Execution
Ecosystems: packagist
Packages: typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 35.1
Published: 6 months ago
High
GSA_kwCzR0hTQS14NHJqLWY3bTYtNDJjM84AA8js
TYPO3 CMS Authentication Bypass vulnerability
Ecosystems: packagist
Packages: typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 26.9
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS03Y3ZyLXhobTUteDk5OM4AA8jr
Twig Path Traversal vulnerability in the filesystem loader
Ecosystems: packagist
Packages: twig/twig
Source: GitHub Advisory Database
Blast Radius: 27.1
Published: 6 months ago
Critical
GSA_kwCzR0hTQS1xM2ptLXYyN3EtamZ3d84AA8jq
titon/framework vulnerable to Remote Code Execution via Chosen-Ciphertext Attack
Ecosystems: packagist
Packages: titon/framework
Source: GitHub Advisory Database
Blast Radius: 5.9
Published: 6 months ago
High
GSA_kwCzR0hTQS1nOHBnLTMzdjQtOXI5Ns4AA8jp
Thelia authentication bypass vulnerability
Ecosystems: packagist
Packages: thelia/thelia
Source: GitHub Advisory Database
Blast Radius: 4.5
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS1wcDd2LXd4eDktaG02cs4AA8jo
Thelia BackOffice default template vulnerable to Cross-site Scripting
Ecosystems: packagist
Packages: thelia/backoffice-default-template
Source: GitHub Advisory Database
Blast Radius: 5.2
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS12cTRqLXFjeDctcHBjNs4AA8jn
Thelia Cross-site Scripting vulnerability in BackOffice
Ecosystems: packagist
Packages: thelia/thelia
Source: GitHub Advisory Database
Blast Radius: 3.7
Published: 6 months ago
Critical
GSA_kwCzR0hTQS03ZnBqLXdjOHYtOWNnY84AA8jm
terminal42/contao-tablelookupwizard possible SQL injection in widget field value
Ecosystems: packagist
Packages: terminal42/contao-tablelookupwizard
Source: GitHub Advisory Database
Blast Radius: 9.4
Published: 6 months ago
High
GSA_kwCzR0hTQS00dmYyLXFmZzMtNzU5OM4AA8jl
symfony/validator XML Entity Expansion vulnerability
Ecosystems: packagist
Packages: symfony/validator
Source: GitHub Advisory Database
Blast Radius: 35.9
Published: 6 months ago
High
GSA_kwCzR0hTQS1mNzVwLXg1dm0tODNxcM4AA8jk
symfony/translation XML Entity Expansion vulnerability
Ecosystems: packagist
Packages: symfony/translation
Source: GitHub Advisory Database
Blast Radius: 42.9
Published: 6 months ago
High
GSA_kwCzR0hTQS12MzVnLTRycnctaDRmd84AA8jj
Symfony Cross-Site Request Forgery vulnerability in the Web Profiler
Ecosystems: packagist
Packages: symfony/web-profiler-bundle, symfony/symfony
Source: GitHub Advisory Database
Blast Radius: 37.0
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS1oeDUzLWpjaHgtY3I1Ms4AA8ji
Symfony2 improper IP based access control
Ecosystems: packagist
Packages: symfony/symfony
Source: GitHub Advisory Database
Blast Radius: 25.7
Published: 6 months ago
High
GSA_kwCzR0hTQS1xMmdjLWdnM3gtNzk0Ms4AA8jh
Symfony XML Entity Expansion security vulnerability
Ecosystems: packagist
Packages: symfony/symfony
Source: GitHub Advisory Database
Blast Radius: 32.7
Published: 6 months ago
Critical
GSA_kwCzR0hTQS1tbWN2LWZ2cTgtcjl4M84AA8jg
Symfony XML decoding attack vector through external entities
Ecosystems: packagist
Packages: symfony/symfony
Source: GitHub Advisory Database
Blast Radius: 42.7
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS03bXgyLTdxOHAtcGdtd84AA8jf
Symfony may allow a user to switch to using another user's identity
Ecosystems: packagist
Packages: symfony/symfony
Source: GitHub Advisory Database
Blast Radius: 28.3
Published: 6 months ago
Critical
GSA_kwCzR0hTQS1qNjh3LXBnNDktZjZ2eM4AA8je
Symfony XML decoding attack vector through external entities
Ecosystems: packagist
Packages: symfony/serializer
Source: GitHub Advisory Database
Blast Radius: 46.0
Published: 6 months ago
High
GSA_kwCzR0hTQS1yanBtLXFtcTctcTg1d84AA8jd
Symfony XXE security vulnerability
Ecosystems: packagist
Packages: symfony/routing
Source: GitHub Advisory Database
Blast Radius: 42.8
Published: 6 months ago
High
GSA_kwCzR0hTQS13dmp2LXA1cnItbW1xbc4AA8jc
Symfony allows direct access of ESI URLs behind a trusted proxy
Ecosystems: packagist
Packages: symfony/symfony, symfony/http-kernel
Source: GitHub Advisory Database
Blast Radius: 43.0
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS1wNjg0LWY3ZmgtanYyas4AA8jb
Symfony has unsafe methods in the Request class
Ecosystems: packagist
Packages: symfony/symfony, symfony/http-foundation
Source: GitHub Advisory Database
Blast Radius: 30.4
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS1oN3YyLTJxd2ctaDgyOc4AA8ja
Symfony has a security issue when parsing the Authorization header
Ecosystems: packagist
Packages: symfony/symfony, symfony/http-foundation
Source: GitHub Advisory Database
Blast Radius: 30.4
Published: 6 months ago
High
GSA_kwCzR0hTQS12Nzd2LXg2MzQtOW01Ns4AA8jZ
Symfony vulnerable to denial of service via a malicious HTTP Host header
Ecosystems: packagist
Packages: symfony/symfony, symfony/http-foundation
Source: GitHub Advisory Database
Blast Radius: 43.0
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS12Zm02LXIyZ2MtcHd3d84AA8jY
Symfony2 security issue when the trust proxy mode is enabled
Ecosystems: packagist
Packages: symfony/symfony, symfony/http-foundation
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
High
GSA_kwCzR0hTQS13ZnY3LTV4MzMtdjIyaM4AA8jX
Code injection in the way Symfony implements translation caching in FrameworkBundle
Ecosystems: packagist
Packages: symfony/symfony, symfony/framework-bundle
Source: GitHub Advisory Database
Blast Radius: 35.9
Published: 6 months ago
High
GSA_kwCzR0hTQS1jNjM2LWNnNXItMjQ5OM4AA8jW
Symfony XML Entity Expansion security vulnerability
Ecosystems: packagist
Packages: symfony/dependency-injection
Source: GitHub Advisory Database
Blast Radius: 37.1
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS1nNXZqLXdqOXgtNGpnOc4AA8jV
symbiote/silverstripe-multivaluefield Possible PHP Object Injection via Multi-Value Field Extension
Ecosystems: packagist
Packages: symbiote/silverstripe-multivaluefield
Source: GitHub Advisory Database
Blast Radius: 10.4
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS05NDVoLTZ2Y3YtcGM4aM4AA8jU
Sylius Admin Bundle Cross-Site Request Forgery vulnerability
Ecosystems: packagist
Packages: sylius/admin-bundle
Source: GitHub Advisory Database
Blast Radius: 3.1
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS02NXY3LXdnMzUtMnFwbc4AA8jT
Sylius Resource Bundle Cross-Site Request Forgery vulnerability
Ecosystems: packagist
Packages: sylius/resource-bundle
Source: GitHub Advisory Database
Blast Radius: 17.5
Published: 6 months ago
High
GSA_kwCzR0hTQS00cm1nLTI5Mm0td2czd84AA8jS
Smarty vulnerable to PHP Code Injection by malicious attribute in extends-tag
Ecosystems: packagist
Packages: smarty/smarty
Source: GitHub Advisory Database
Blast Radius: 24.6
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS1xbWpmLXdjMmgtNngzcc4AA8jR
Nautobot dynamic-group-members doesn't enforce permission restrictions on member objects
Ecosystems: pypi
Packages: nautobot
Source: GitHub Advisory Database
Blast Radius: 10.5
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS05NWZyLWNtNG0tcTVwOc4AA8jQ
MinIO information disclosure vulnerability
Ecosystems: go
Packages: github.com/minio/minio
Source: GitHub Advisory Database
Blast Radius: 11.7
Published: 6 months ago
Low
GSA_kwCzR0hTQS04Y201LWpmajItMjZxN84AA8jP
Fides Webserver Logs Hosted Database Password Partial Exposure Vulnerability
Ecosystems: pypi
Packages: ethyca-fides
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS14am02LWpmbWctcWM2cM4AA8jO
Aimeos denial of service vulnerability in SaaS and marketplace setups
Ecosystems: packagist
Packages: aimeos/aimeos-core
Source: GitHub Advisory Database
Blast Radius: 12.4
Published: 6 months ago
Critical
GSA_kwCzR0hTQS00cXBqLWd4eGctanFnNM4AA8jN
Swiftmailer Sendmail transport arbitrary shell execution
Ecosystems: packagist
Packages: swiftmailer/swiftmailer
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS1xOGZjLXY4NWYtNzhwd84AA8jM
stormpath/sdk uses Insecure Random Number Generator
Ecosystems: packagist
Packages: stormpath/sdk
Source: GitHub Advisory Database
Blast Radius: 6.4
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS1nNmY1LTR3NDMtMng2M84AA8jL
ScnSocialAuth Cross-site Scripting vulnerability in login redirect param
Ecosystems: packagist
Packages: socalnick/scn-social-auth
Source: GitHub Advisory Database
Blast Radius: 12.0
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS1wcG00LXIydmMtcGc3NM4AA8jK
SimpleSAMLphp Information Disclosure vulnerability
Ecosystems: packagist
Packages: simplesamlphp/simplesamlphp
Source: GitHub Advisory Database
Blast Radius: 14.8
Published: 6 months ago
High
GSA_kwCzR0hTQS05MjdwLXhyYzIteDJnas4AA8jJ
ansibleguy-webui Cross-site Scripting vulnerability
Ecosystems: pypi
Packages: ansibleguy-webui
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS00cjRjLTY2Z2YtZzlnNc4AA8jI
rockhopper Buffer Overflow vulnerability
Ecosystems: pypi
Packages: rockhopper
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS1wbXJ4LTY5NXItNDM0Oc4AA8jH
dbt allows Binding to an Unrestricted IP Address via socketsocket
Ecosystems: pypi
Packages: dbt-core
Source: GitHub Advisory Database
Blast Radius: 14.5
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS1ycGo5LXhqd20td3I2d84AA8jG
Umbraco Commerce vulnerable to Stored Cross-site Scripting on Print Functionality
Ecosystems: nuget
Packages: Umbraco.Commerce
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS12cHIzLWN3M2gtcHJ3OM4AA8jF
SimpleSAMLphp Reflected Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: simplesamlphp/simplesamlphp
Source: GitHub Advisory Database
Blast Radius: 15.3
Published: 6 months ago
Low
GSA_kwCzR0hTQS1wNTcyLXAycmotcTVmNM4AA8jE
Umbraco Forms components vulnerable to Stored Cross-site Scripting
Ecosystems: nuget
Packages: Umbraco.Forms
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 6 months ago
Critical
GSA_kwCzR0hTQS1qNmN2LTk4angtbXJ3cs4AA8jD
Mocodo vulnerable to SQL injection in `/web/generate.php`
Ecosystems: pypi
Packages: mocodo
Source: GitHub Advisory Database
Blast Radius: 7.6
Published: 6 months ago
Critical
GSA_kwCzR0hTQS1manIyLXIybXAtNDg0cM4AA8jC
SimpleSAMLphp signature validation bypass
Ecosystems: packagist
Packages: simplesamlphp/simplesamlphp
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS03d2g4LWpycTctcDI3Zs4AA8jB
SimpleSAMLphp exposes credentials in session storage
Ecosystems: packagist
Packages: simplesamlphp/simplesamlphp
Source: GitHub Advisory Database
Blast Radius: 13.3
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS12ODU4LTkyMmYtZmo5ds4AA8jA
SimpleSAMLphp Link Injection vulnerability
Ecosystems: packagist
Packages: simplesamlphp/simplesamlphp
Source: GitHub Advisory Database
Blast Radius: 13.5
Published: 6 months ago
High
GSA_kwCzR0hTQS14YzY5LXA4ZmMtbTZtNc4AA8i_
silverstripe/subsites Unsafe SQL Query Construction (Safe Data Source)
Ecosystems: packagist
Packages: silverstripe/subsites
Source: GitHub Advisory Database
Blast Radius: 12.7
Published: 6 months ago
High
GSA_kwCzR0hTQS1wMnY1LXhjcW0tNGZ2Ns4AA8i-
silverstripe/taxonomy SQL Injection vulnerability
Ecosystems: packagist
Packages: silverstripe/taxonomy
Source: GitHub Advisory Database
Blast Radius: 11.6
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS01NXBwLTI5M2YtMzM2Nc4AA8i9
silverstripe/userforms file upload exposure on UserForms module
Ecosystems: packagist
Packages: silverstripe/userforms
Source: GitHub Advisory Database
Blast Radius: 9.7
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS04Zm1qLTMzZ3ctZzdwd84AA8i8
Denial of service of Minder Server from maliciously crafted GitHub attestations
Ecosystems: go
Packages: github.com/stacklok/minder
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS1neDhtLWYzbXAtZmc5Oc4AA8i7
formwork Cross-site scripting vulnerability in Markdown fields
Ecosystems: packagist
Packages: getformwork/formwork
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 6 months ago
High
GSA_kwCzR0hTQS04YzhxLTJ4dzMtajg2Oc4AA8i6
rack-contrib vulnerable to Denial of Service due to the unconstrained value of the incoming "profiler_runs" parameter
Ecosystems: rubygems
Packages: rack-contrib
Source: GitHub Advisory Database
Blast Radius: 35.6
Published: 6 months ago
High
GSA_kwCzR0hTQS1nM2hyLXA4NnAtNTkzaM4AA8i5
OpenAPI Generator Online - Arbitrary File Read/Delete
Ecosystems: maven
Packages: org.openapitools:openapi-generator-online
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS03cjNqLXFtcjQtamZwas4AA8i4
Kaminari Insecure File Permissions Vulnerability
Ecosystems: rubygems
Packages: kaminari
Source: GitHub Advisory Database
Blast Radius: 32.3
Published: 6 months ago
High
GSA_kwCzR0hTQS13amc5LXY4Y2YtZjVxMs4AA8i3
silverstripe/graphql Cross-Site Request Forgery vulnerability
Ecosystems: packagist
Packages: silverstripe/graphql
Source: GitHub Advisory Database
Blast Radius: 17.4
Published: 6 months ago
High
GSA_kwCzR0hTQS0yNjVxLTIyMngtNTJtNs4AA8i2
silverstripe/framework has potential SQL Injection vulnerability in PostgreSQL database connector
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 32.0
Published: 6 months ago
High
GSA_kwCzR0hTQS1jd2dxLTgzdzUtOGpmcc4AA8i1
silverstripe/framework has possible denial of service attack vector when flushing
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 27.2
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS1tMmhoLTJtNDYteDZqNc4AA8i0
silverstripe/framework may disclose database credentials during connection failure
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 23.6
Published: 6 months ago
High
GSA_kwCzR0hTQS12Y2c2LThmeGMteDVjcc4AA8iz
silverstripe/framework allows upload of dangerous file types
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 32.0
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS1jcnIzLWg0bTgtN2Y1Ns4AA8iy
silverstripe/framework vulnerable to member disclosure in login form
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 19.3
Published: 6 months ago
Low
GSA_kwCzR0hTQS12aDdxLWo4cDUtMmg0aM4AA8ix
silverstripe/framework sends passwords back to browsers under some circumstances
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 12.7
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS1mNDNqLThocTQtMnhqOc4AA8iw
silverstripe/framework uploaded PHP script execution in assets
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
High
GSA_kwCzR0hTQS12Z3hoLXg4anYtaG1mZs4AA8iv
silverstripe/framework code execution vulnerability
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 27.2
Published: 6 months ago
High
GSA_kwCzR0hTQS1tNXEzLW12Y3ItZ2M1bc4AA8iu
silverstripe/framework BackURL validation bypass with malformed URLs
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 27.2
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS1yM3ByLWZoMjUtd3JmY84AA8it
silverstripe/framework's install.php script discloses sensitive data by pre-populating DB credential forms
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 23.6
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS14cGZmLWMzNWctajNjcs4AA8is
silverstripe/framework Privilege Escalation Risk in Member Edit form
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 23.6
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS01NXFnLTZjNG0tbXc2Z84AA8ir
silverstripe/framework's URL parameters `isDev` and `isTest` unguarded
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 23.6
Published: 6 months ago
High
GSA_kwCzR0hTQS14eDRyLTUyNjUtNDhqNs4AA8iq
silverstripe/framework SQL injection in full text search
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 32.0
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS1waDYyLWZ2NTktdmY5aM4AA8ip
silverstripe/framework users inadvertently passing sensitive data to LoginAttempt
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 23.6
Published: 6 months ago
High
GSA_kwCzR0hTQS1tcWpjLXg1NjMtYzlxOM4AA8io
silverstripe/framework CSV Excel Macro Injection
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 29.1
Published: 6 months ago
High
GSA_kwCzR0hTQS03bTJ2LXg3cmctNWhtNc4AA8in
silverstripe/framework vulnerable to user enumeration via timing attack on login and password reset forms
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
Statistics
Advisories: 20,713
Packages: 9,066
Repositories: 5,542
Ecosystems: 12
Filter by Severity
Moderate 8,860 High 7,285 Critical 3,071 Low 1,148
Filter by Ecosystem
maven 5,870 packagist 4,634 pypi 4,392 npm 3,814 go 2,299 nuget 1,552 cargo 888 rubygems 880 swift 33 hex 32 actions 20 pub 9
Filter by Package
tensorflow 433 tensorflow-gpu 427 tensorflow-cpu 423 moodle/moodle 367 Microsoft.ChakraCore 247 magento/community-edition 235 org.jenkins-ci.main:jenkins-core 193 typo3/cms 174 org.apache.tomcat:tomcat 132 pimcore/pimcore 118 dolibarr/dolibarr 113 typo3/cms-core 106 Django 100 microweber/microweber 94 drupal/core 92 phpmyadmin/phpmyadmin 92 silverstripe/framework 85 apache-airflow 85 drupal/drupal 78 librenms/librenms 74 Plone 72 thorsten/phpmyfaq 70 com.fasterxml.jackson.core:jackson-databind 69 symfony/symfony 69 github.com/usememos/memos 64 ansible 63 github.com/mattermost/mattermost/server/v8 61 concrete5/concrete5 60 actionpack 60 salt 56 org.apache.struts:struts2-core 55 shopware/platform 52 apache-superset 51 org.keycloak:keycloak-core 51 github.com/grafana/grafana 49 baserproject/basercms 47 nova 47 craftcms/cms 46 com.liferay.portal:release.portal.bom 46 mlflow 46 django 44 nokogiri 43 rdiffweb 42 plone 41 showdoc/showdoc 40 shopware/core 40 intelliants/subrion 39 froxlor/froxlor 38 vyper 38 org.apache.tomcat.embed:tomcat-embed-core 38 github.com/rancher/rancher 38 nilsteampassnet/teampass 37 github.com/hashicorp/vault 37 github.com/mattermost/mattermost-server/v6 37 mautic/core 37 com.thoughtworks.xstream:xstream 37 org.xwiki.platform:xwiki-platform-oldcore 37 com.jfinal:jfinal 36 org.keycloak:keycloak-services 36 org.elasticsearch:elasticsearch 36 k8s.io/kubernetes 36 net.mingsoft:ms-mcms 35 moin 35 snipe/snipe-it 35 matrix-synapse 35 io.undertow:undertow-core 34 github.com/answerdev/answer 34 zendframework/zendframework1 34 gradio 34 org.jenkins-ci.plugins:script-security 33 keystone 32 Pillow 31 github.com/argoproj/argo-cd 31 opencv-python 31 opencv-contrib-python 31 parse-server 31 shopware/shopware 30 github.com/hashicorp/consul 29 github.com/docker/docker 29 getgrav/grav 29 github.com/hashicorp/nomad 28 mediawiki/core 28 centreon/centreon 27 github.com/argoproj/argo-cd/v2 27 directus 26 openssl-src 26 pillow 26 electron 26 prestashop/prestashop 26 gogs.io/gogs 25 github.com/cilium/cilium 25 org.keycloak:keycloak-parent 25 org.apache.solr:solr-core 25 rubygems-update 25 org.springframework.security:spring-security-core 24 org.eclipse.jetty:jetty-server 24 magento/core 24 contao/core-bundle 24 simplesamlphp/simplesamlphp 23 pocketmine/pocketmine-mp 23 rack 23 zendframework/zendframework 23 grumpydictator/firefly-iii 23 puppet 23 remdex/livehelperchat 23 tribalsystems/zenario 22 getkirby/cms 22 org.bouncycastle:bcprov-jdk14 22 ckb 22 org.apache.nifi:nifi 21 org.apache.openmeetings:openmeetings-parent 21 activerecord 21 Microsoft.AspNetCore.App.Runtime.win-x86 21 Microsoft.AspNetCore.App.Runtime.win-x64 21 @openzeppelin/contracts-upgradeable 21 glance 21 Microsoft.AspNetCore.App.Runtime.win-arm 20 github.com/ethereum/go-ethereum 20 funadmin/funadmin 20 org.cloudfoundry.identity:cloudfoundry-identity-server 20 laravel/framework 20 @openzeppelin/contracts 20 code.gitea.io/gitea 20 langchain 20 contao/contao 19 org.xwiki.platform:xwiki-platform-web-templates 19 DotNetNuke.Core 19 org.springframework:spring-core 19 wasmtime 19 github.com/goharbor/harbor 19 cockpit-hq/cockpit 18 next 18 topthink/framework 18 com.vaadin:vaadin-bom 18 Microsoft.AspNetCore.App.Runtime.linux-musl-x64 18 mindsdb 18 Microsoft.AspNetCore.App.Runtime.linux-x64 18 com.liferay.portal:release.dxp.bom 18 forkcms/forkcms 18 github.com/traefik/traefik/v2 18 Microsoft.AspNetCore.App.Runtime.osx-x64 18 mercurial 18 golang.org/x/net 18 Microsoft.AspNetCore.App.Runtime.win-arm64 18 cobbler 18 Microsoft.AspNetCore.App.Runtime.linux-arm64 18 Microsoft.AspNetCore.App.Runtime.linux-arm 18 francoisjacquet/rosariosis 17 opencart/opencart 17 helm.sh/helm/v3 17 notebook 17 org.apache.geode:geode-core 17 Microsoft.AspNetCore.App.Runtime.linux-musl-arm64 17 ezsystems/ezpublish-kernel 17 genix/cms 17 cakephp/cakephp 17 symfony/security 17 openmage/magento-lts 16 org.bouncycastle:bcprov-jdk15 16 org.apache.activemq:activemq-client 16 typo3/cms-backend 16 org.apache.jspwiki:jspwiki-main 16 yetiforce/yetiforce-crm 16 neutron 16 cryptography 16 github.com/zitadel/zitadel 16 sequelize 16 phpbb/phpbb 16 org.apache.dubbo:dubbo 16 PaddlePaddle 16 paddlepaddle 16 tinymce 16 pyload-ng 16 rusqlite 16 october/system 15 surrealdb 15 ghost 15 org.apache.struts.xwork:xwork-core 15 ec-cube/ec-cube 15 symfony/security-http 15 ckeditor4 15 calibreweb 15 ethyca-fides 15 OctoPrint 15 smarty/smarty 15 activesupport 14 github.com/nats-io/nats-server/v2 14 github.com/containerd/containerd 14 swagger-ui 14 feehi/cms 14 pyftpdlib 14 phpmailer/phpmailer 14 bolt/bolt 14 org.apache.tomcat:tomcat-coyote 14 lollms 14 joplin 14 silverstripe/cms 14 dompdf/dompdf 14 camaleon_cms 14 modoboa 14
Filter by Repository
https://github.com/tensorflow/tensorflow 433 https://github.com/moodle/moodle 218 https://github.com/chakra-core/ChakraCore 214 https://github.com/xwiki/xwiki-platform 183 https://github.com/jenkinsci/jenkins 150 https://github.com/pimcore/pimcore 113 https://github.com/django/django 113 https://github.com/apache/tomcat 101 https://github.com/apache/airflow 100 https://github.com/microweber/microweber 88 https://github.com/TYPO3/typo3 74 https://github.com/keycloak/keycloak 74 https://github.com/FasterXML/jackson-databind 70 https://github.com/thorsten/phpmyfaq 69 https://github.com/librenms/librenms 66 https://github.com/silverstripe/silverstripe-framework 64 https://github.com/usememos/memos 64 https://github.com/symfony/symfony 64 https://github.com/rails/rails 59 https://github.com/ansible/ansible 58 https://github.com/Dolibarr/dolibarr 56 https://github.com/kubernetes/kubernetes 53 https://github.com/python-pillow/Pillow 52 https://github.com/apache/struts 46 https://github.com/spring-projects/spring-framework 45 https://github.com/shopware/platform 43 https://github.com/ikus060/rdiffweb 42 https://github.com/argoproj/argo-cd 42 https://github.com/concretecms/concretecms 41 https://github.com/grafana/grafana 41 https://github.com/vyperlang/vyper 38 https://github.com/star7th/showdoc 38 https://github.com/magento/magento2 38 https://github.com/phpmyadmin/phpmyadmin 38 https://github.com/plone/Products.CMFPlone 37 https://github.com/x-stream/xstream 37 https://github.com/openstack/nova 37 https://github.com/mautic/mautic 35 https://github.com/octobercms/october 35 https://github.com/saltstack/salt 34 https://github.com/craftcms/cms 34 https://github.com/answerdev/answer 34 https://github.com/rancher/rancher 34 https://github.com/dotnet/runtime 33 https://github.com/apache/activemq 33 https://github.com/go-gitea/gitea 32 https://github.com/sparklemotion/nokogiri 32 https://github.com/opencv/opencv 32 https://github.com/matrix-org/synapse 32 https://github.com/gradio-app/gradio 31 https://github.com/PaddlePaddle/Paddle 31 https://github.com/parse-community/parse-server 31 https://github.com/mlflow/mlflow 30 https://github.com/snipe/snipe-it 30 https://github.com/CVEProject/cvelist 28 https://github.com/shopware/shopware 28 https://github.com/openstack/keystone 28 https://github.com/apache/inlong 27 https://github.com/froxlor/froxlor 26 https://github.com/baserproject/basercms 26 https://github.com/github/advisory-database 25 https://github.com/cilium/cilium 25 https://github.com/umbraco/Umbraco-CMS 25 https://github.com/electron/electron 25 https://github.com/contao/contao 25 https://github.com/directus/directus 25 https://github.com/getgrav/grav 24 https://github.com/strapi/strapi 24 https://github.com/TYPO3/TYPO3.CMS 24 https://github.com/gogs/gogs 24 https://github.com/pmmp/PocketMine-MP 23 https://github.com/apache/nifi 23 https://github.com/firefly-iii/firefly-iii 23 https://github.com/eclipse/jetty.project 23 https://github.com/livehelperchat/livehelperchat 23 https://github.com/PrestaShop/PrestaShop 22 https://github.com/hashicorp/consul 22 https://github.com/nervosnetwork/ckb 22 https://github.com/langchain-ai/langchain 22 https://github.com/netty/netty 21 https://github.com/jenkinsci/script-security-plugin 21 https://github.com/apache/cxf 21 https://github.com/OpenNMS/opennms 20 https://github.com/jeecgboot/jeecg-boot 20 https://github.com/funadmin/funadmin 20 https://github.com/bytecodealliance/wasmtime 20 https://github.com/undertow-io/undertow 20 https://github.com/OpenZeppelin/openzeppelin-contracts 20 https://github.com/simplesamlphp/simplesamlphp 20 https://github.com/goharbor/harbor 19 https://github.com/getkirby/kirby 19 https://github.com/cloudfoundry/uaa 19 https://github.com/zitadel/zitadel 19 https://github.com/nilsteampassnet/teampass 19 https://github.com/bcgit/bc-java 19 https://github.com/rubygems/rubygems 18 https://github.com/geoserver/geoserver 18 https://github.com/rack/rack 18 https://github.com/helm/helm 18 https://github.com/traefik/traefik 18 https://github.com/intelliants/subrion 18 https://github.com/nilsteampassnet/TeamPass 18 https://github.com/vaadin/platform 17 https://github.com/opencast/opencast 17 https://github.com/liufee/cms 17 https://github.com/mindsdb/mindsdb 17 https://github.com/moby/moby 17 https://github.com/hashicorp/vault 17 https://github.com/OpenMage/magento-lts 16 https://github.com/mattermost/mattermost 16 https://github.com/rusqlite/rusqlite 16 https://github.com/tinymce/tinymce 16 https://github.com/ethereum/go-ethereum 16 https://github.com/pyload/pyload 16 https://github.com/yetiforcecompany/yetiforcecrm 16 https://github.com/TYPO3-CMS/core 16 https://github.com/forkcms/forkcms 16 https://github.com/backstage/backstage 16 https://github.com/etcd-io/etcd 16 https://github.com/laravel/framework 16 https://github.com/sequelize/sequelize 16 https://github.com/pyca/cryptography 15 https://github.com/cobbler/cobbler 15 https://github.com/zendframework/zendframework 15 https://github.com/centreon/centreon 15 https://github.com/puppetlabs/puppet 15 https://github.com/ethyca/fides 15 https://github.com/denoland/deno 15 https://github.com/surrealdb/surrealdb 15 https://github.com/dompdf/dompdf 15 https://github.com/decidim/decidim 15 https://github.com/PHPMailer/PHPMailer 15 https://github.com/vantage6/vantage6 15 https://github.com/apache/camel 15 https://github.com/janeczku/calibre-web 14 https://github.com/containerd/containerd 14 https://github.com/dotnet/aspnetcore 14 https://github.com/aio-libs/aiohttp 14 https://github.com/twisted/twisted 14 https://github.com/hashicorp/nomad 14 https://github.com/cockpit-hq/cockpit 14 https://github.com/vercel/next.js 14 https://github.com/xuxueli/xxl-job 14 https://github.com/ckeditor/ckeditor4 14 https://github.com/modoboa/modoboa 13 https://github.com/nodejs/undici 13 https://github.com/swagger-api/swagger-ui 13 https://github.com/OPCFoundation/UA-.NETStandard 13 https://github.com/TryGhost/Ghost 13 https://github.com/publify/publify 13 https://github.com/OpenRefine/OpenRefine 13 https://github.com/dromara/hutool 13 https://github.com/laurent22/joplin 13 https://github.com/apache/dolphinscheduler 13 https://github.com/quarkusio/quarkus 13 https://github.com/ming-soft/MCMS 13 https://github.com/golang/go 13 https://github.com/patriksimek/vm2 12 https://github.com/smarty-php/smarty 12 https://github.com/openfga/openfga 12 https://github.com/containers/podman 12 https://github.com/PHPOffice/PhpSpreadsheet 12 https://github.com/centreon/centreon-archived 12 https://github.com/pimcore/admin-ui-classic-bundle 12 https://github.com/urllib3/urllib3 12 https://github.com/puma/puma 12 https://github.com/wagtail/wagtail 12 https://github.com/openstack/glance 12 https://github.com/1Panel-dev/1Panel 12 https://github.com/opencontainers/runc 12 https://github.com/apache/kylin 12 https://github.com/Studio-42/elFinder 11 https://github.com/getsentry/sentry 11 https://github.com/drupal/core 11 https://github.com/igniterealtime/Openfire 11 https://github.com/cloudflare/cfrpki 11 https://github.com/Pylons/waitress 11 https://github.com/scrapy/scrapy 11 https://github.com/NodeBB/NodeBB 11 https://github.com/vaadin/flow 11 https://github.com/nats-io/nats-server 11 https://github.com/ezsystems/ezpublish-kernel 11 https://github.com/onionshare/onionshare 11 https://github.com/thorsten/phpMyFAQ 11 https://github.com/yiisoft/yii2 11 https://github.com/spring-projects/spring-security 11 https://github.com/dpgaspar/Flask-AppBuilder 11 https://github.com/cakephp/cakephp 11 https://github.com/WWBN/AVideo 11 https://github.com/Sylius/Sylius 11 https://github.com/zenml-io/zenml 11 https://github.com/matrix-org/matrix-js-sdk 11 https://github.com/dolibarr/dolibarr 11 https://github.com/pomerium/pomerium 11 https://github.com/top-think/framework 11 https://github.com/owen2345/camaleon-cms 11 https://github.com/opencart/opencart 10 https://github.com/jupyter/notebook 10 https://github.com/jquery/jquery 10