Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories

Browse all Security Advisories for

Loading...
High
GSA_kwCzR0hTQS00cXg4LWo5dmgtMjYyOM4AA8im
silverstripe/framework's User-Agent header not correctly invalidating user session
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 27.2
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS1jNGMzLWo3M3YtNjM0cs4AA8il
silverstripe/framework has Cross-site Scripting vulnerability in page history comparison
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS1wcDdxLTZqM2YtNzR2as4AA8ik
silverstripe/framework has Cross-site Scripting vulnerability in RedirectorPage
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 22.2
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS1yODVnLTdqcHYtOHhyeM4AA8ij
silverstripe/framework has Cross-site Scripting vulnerability in CMSSecurity BackURL
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 22.2
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS1oaHZqLW1jcngtM3ZjZs4AA8ii
silverstripe/framework has Cross-site Scripting vulnerability in page name
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 22.2
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS1nODRxLWNxNTUteHdncM4AA8ih
silverstripe/framework member disclosure in login form
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 19.3
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS00NjhqLTZqcmMtMnJqeM4AA8ig
silverstripe/framework vulnerable to Cross-site Scripting In `OptionsetField` and `CheckboxSetField`
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 22.2
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS1yOXZwLWZwNzIteGdmN84AA8if
silverstripe/framework's `Member.Name` is not escaped
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 19.6
Published: 6 months ago
Low
GSA_kwCzR0hTQS01cjh3LTY2aHEtcmMzOc4AA8ie
silverstripe/framework's pre-existing alc_enc cookies log users in if remember me is disabled
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 11.3
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS01MmN4LWhwYzUtY3h3Y84AA8id
silverstripe/framework missing ACL on reports
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 15.6
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS1wNWgyLXZyOTkteG05Oc4AA8ic
silverstripe/framework ChangePasswordForm does not check `Member::canLogIn()`
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 15.6
Published: 6 months ago
Low
GSA_kwCzR0hTQS1mM3dwLXhwdjItNnZtZ84AA8ib
silverstripe/framework password encryption salt not updated
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS1mcm05LTdwbTktNXJnY84AA8ia
SilverStripe comments module includes version of jQuery vulnerable to Cross-site Scripting
Ecosystems: packagist
Packages: silverstripe/comments
Source: GitHub Advisory Database
Blast Radius: 6.9
Published: 6 months ago
Low
GSA_kwCzR0hTQS0zZjY1LW0yMzQtOW14cs4AA8iZ
github.com/huandu/facebook may expose access_token in error message.
Ecosystems: go
Packages: github.com/huandu/facebook/v2
Source: GitHub Advisory Database
Blast Radius: 3.9
Published: 6 months ago
High
GSA_kwCzR0hTQS1oZmc3LWo4MmMtZnIzd84AA8iY
Soot Infinite Loop vulnerability
Ecosystems: maven
Packages: org.soot-oss:soot
Source: GitHub Advisory Database
Blast Radius: 13.1
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS13OGNwLWZyeGMtNTVwas4AA8iX
Kwik does not discard unused encryption keys
Ecosystems: maven
Packages: tech.kwik:kwik
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 6 months ago
Low
GSA_kwCzR0hTQS1jdzVyLWp4OHItOWY3eM4AA8iW
Jenkins Report Info Plugin Path Traversal vulnerability
Ecosystems: maven
Packages: org.jenkins-ci.plugins:report-info
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS1ycTdmLWo2OGYtbXFoM84AA8iV
PHP Server Monitor vulnerable to Cross-site Scripting
Ecosystems: packagist
Packages: phpservermon/phpservermon
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 6 months ago
Critical
GSA_kwCzR0hTQS1xOHg3LWpjM2gtcDh4Y84AA8iU
Dolibarr vulnerable to SQL Injection
Ecosystems: packagist
Packages: dolibarr/dolibarr
Source: GitHub Advisory Database
Blast Radius: 7.1
Published: 6 months ago
Critical
GSA_kwCzR0hTQS1jM2g5LXEzangtdzdmY84AA8iT
Dolibarr vulnerable to SQL Injection
Ecosystems: packagist
Packages: dolibarr/dolibarr
Source: GitHub Advisory Database
Blast Radius: 7.1
Published: 6 months ago
Low
GSA_kwCzR0hTQS0ycWpwLWZnOGMtZzg3OM4AA8iS
vxe-table Cross-site Scripting vulnerability
Ecosystems: npm
Packages: vxe-table
Source: GitHub Advisory Database
Blast Radius: 9.5
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS0zOTY1LWhweDItcTU5N84AA8iR
Pug allows JavaScript code execution if an application accepts untrusted input
Ecosystems: npm
Packages: pug, pug-code-gen
Source: GitHub Advisory Database
Blast Radius: 36.5
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS05N2ptLWczM2gtZjQ2Z84AA8iQ
silverstripe/framework ReadOnly transformation for formfields exploitable
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 22.2
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS1tcHFqLWY0djMtMzM0aM4AA8iP
Silverstripe Cross-site scripting vulnerability in VersionedRequestFilter
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 22.2
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS12ajJqLTZnM3ctNDY2Ms4AA8iO
Silverstripe Missing CSRF protection in login form
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 19.6
Published: 6 months ago
Critical
GSA_kwCzR0hTQS04djZtLTdmNXYtaGh4Ns4AA8iN
Silverstripe Brute force bypass on default admin
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 33.1
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS1tOHY3LXgzOTgtcHhyZs4AA8iM
Silverstripe XSS in CMS Edit Page
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 22.2
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS04N3BmLTd4OTktNXhjNM4AA8iL
Silverstripe Hostname, IP and Protocol Spoofing through HTTP Headers
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 23.6
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS0yaHBjLW1mNHEtajg4Nc4AA8iK
Silverstripe CSRF vulnerability in GridFieldAddExistingAutocompleter
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 15.6
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS14NXcyLXdjcjgtOXE0Nc4AA8iJ
Silverstripe Missing security check on dev/build/defaults
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 23.6
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS1xcDI5LXdjYzItdm1wY84AA8hz
Silverstripe HtmlEditor embed url sanitisation
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 15.6
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS1qOTgyLTVqdjctdjQzcs4AA8hy
Silverstripe Form field validation message XSS vulnerability
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 22.2
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS1tcWY1LTI3NWgtZ2Y2cs4AA8hx
Silverstripe framework is vulnerable to XSS in install.php
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 22.2
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS1nNGhwLXBmdmYtdm01d84AA8hw
SilverStripe Vulnerability on 'isDev', 'isTest' and 'flush' $_GET validation
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 23.6
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS1ocTRwLTVtcHItamo5bc4AA8hv
Silverstripe XSS in dev/build returnURL Parameter
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 17.1
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS12cDhwLWM2eGoteHBqN84AA8hu
Silverstripe External redirection risk in Security?ReturnURL
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 21.1
Published: 6 months ago
High
GSA_kwCzR0hTQS0yNWdxLWp2eDItdmc5eM4AA8ht
Silverstripe X-Forwarded-Host request hostname injection
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 26.2
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS1qcXA4LXY3NHAtZzhweM4AA8hs
Silverstripe XSS in Director::force_redirect()
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 22.2
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS00aDU0LXZ3eDktM3ZyM84AA8hm
Silverstripe XSS In FormAction
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 22.2
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS0zNHE2LXhxeGgtZ3EzOc4AA8hl
Silverstripe XSS In rewritten hash links
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 22.2
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS1mN2NxLTV2NDMtOHB3cM4AA8hk
Traefik vulnerable to GO issue allowing malformed DNS message to cause infinite loop
Ecosystems: go
Packages: github.com/traefik/traefik, github.com/traefik/traefik/v3, github.com/traefik/traefik/v2
Source: GitHub Advisory Database
Blast Radius: 9.1
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS04OGpwLTlqcnYtNjM2OM4AA8hj
Silverstripe XSS In GridField print
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 22.2
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS1yMzJqLW1yOHAtaGZwOM4AA8hi
Silverstripe XSS in TreeDropdownField and TreeMultiSelectField
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 22.2
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS1nNDN3LTk4d3AtbTY5NM4AA8hh
SilverStripe framework XML Quadratic Blowup Attack
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 19.3
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS01ZjV2LTVjM3YtZ3c1ds4AA8hg
Silverstripe IE requests not properly behaving with rewritehashlinks
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 22.2
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS13OGZxLXhndmgtY3hjMs4AA8hf
Silverstripe Forum Module CSRF Vulnerability
Ecosystems: packagist
Packages: silverstripe/forum
Source: GitHub Advisory Database
Blast Radius: 4.8
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS01N2ZtLTU5Mm0tMzRyN84AA8he
iFrames Bypass Origin Checks for Tauri API Access Control
Ecosystems: cargo
Packages: tauri
Source: GitHub Advisory Database
Blast Radius: 21.5
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS12OWcyLWc3ajQtNGp4Y84AA8hd
jupyter-scheduler's endpoint is missing authentication
Ecosystems: pypi
Packages: jupyter-scheduler
Source: GitHub Advisory Database
Blast Radius: 4.5
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS1oamZjLTZqeHItajJyeM4AA8hY
Eclipse Ditto vulnerable to Cross-site Scripting
Ecosystems: maven
Packages: org.eclipse.ditto:ditto
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 6 months ago
Critical
GSA_kwCzR0hTQS13eDI0LXZxcmctbTZtNc4AA8gT
VuFind Server-Side Request Forgery (SSRF) vulnerability
Ecosystems: packagist
Packages: vufind/vufind
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
Critical
GSA_kwCzR0hTQS1md2hjLW1tOXEtbXFxOM4AA8gN
VuFind Server-Side Request Forgery (SSRF) vulnerability
Ecosystems: packagist
Packages: vufind/vufind
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
High
GSA_kwCzR0hTQS0zbW05LTJwNDQtcnczOc4AA8gM
Silverstripe SiteTree Creation Permission Vulnerability
Ecosystems: packagist
Packages: silverstripe/cms
Source: GitHub Advisory Database
Blast Radius: 25.5
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS1yOTdyLTY0dnAtZmdobc4AA8gL
Silverstripe XSS vulnerability via VirtualPage
Ecosystems: packagist
Packages: silverstripe/cms
Source: GitHub Advisory Database
Blast Radius: 20.7
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS0yODRjLXg4bTctOXc1aM4AA8gK
Dapr API Token Exposure
Ecosystems: go
Packages: github.com/dapr/dapr
Source: GitHub Advisory Database
Blast Radius: 12.2
Published: 6 months ago
High
GSA_kwCzR0hTQS14Z3doLWNndjktNzgzds4AA8f0
Ghost allows CSV Injection during member CSV export
Ecosystems: npm
Packages: @tryghost/members-csv
Source: GitHub Advisory Database
Blast Radius: 21.4
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS05cnJ3LTgycjItNjIzcM4AA8f1
Silverpeas Core vulnerable to Cross Site Scripting
Ecosystems: maven
Packages: org.silverpeas:silverpeas-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS02aGg2LTU5ajItcXJ4d84AA8fu
Silverstripe History XSS Vulnerability
Ecosystems: packagist
Packages: silverstripe/cms
Source: GitHub Advisory Database
Blast Radius: 20.7
Published: 6 months ago
Low
GSA_kwCzR0hTQS03NzljLTd3NHAtMmM0Z84AA8ft
Silverstripe admin XSS Vulnerability via WYSIWYG editor
Ecosystems: packagist
Packages: silverstripe/admin
Source: GitHub Advisory Database
Blast Radius: 10.4
Published: 6 months ago
Low
GSA_kwCzR0hTQS05OXI0LWNqcDQtM2hteM4AA8fs
vantage6 collaboration admins can extend their influence by expanding the collaboration
Ecosystems: pypi
Packages: vantage6
Source: GitHub Advisory Database
Blast Radius: 2.6
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS00OWpjLXI3ODgtM2ZjOc4AA8fX
gix refs and paths with reserved Windows device names access the devices
Ecosystems: cargo
Packages: gix-index, gix-ref, gix, gitoxide-core, gix-worktree, gitoxide, gix-worktree-state
Source: GitHub Advisory Database
Blast Radius: 15.4
Published: 6 months ago
High
GSA_kwCzR0hTQS03dzQ3LTN3ZzgtNTQ3Y84AA8fW
gix traversal outside working tree enables arbitrary code execution
Ecosystems: cargo
Packages: gix-index, gitoxide-core, gix, gix-worktree, gix-fs, gitoxide, gix-worktree-state
Source: GitHub Advisory Database
Blast Radius: 24.8
Published: 6 months ago
Critical
GSA_kwCzR0hTQS1qcWZmLThnMnYtNjQyaM4AA8db
NASA AIT-Core vulnerable to remote code execution
Ecosystems: pypi
Packages: ait-core
Source: GitHub Advisory Database
Blast Radius: 6.8
Published: 6 months ago
High
GSA_kwCzR0hTQS1xdjZ4LTUzamotdnc1Oc4AA8df
NASA AIT-Core uses unencrypted channels to exchange data over the network
Ecosystems: pypi
Packages: ait-core
Source: GitHub Advisory Database
Blast Radius: 5.1
Published: 6 months ago
Critical
GSA_kwCzR0hTQS04M2p2LTRwcm0tMzRnN84AA8da
Shopware Remote Code Execution Vulnerability
Ecosystems: packagist
Packages: shopware/shopware
Source: GitHub Advisory Database
Blast Radius: 16.2
Published: 6 months ago
Critical
GSA_kwCzR0hTQS03MzM2LWdoaHAtZjJxas4AA8dZ
Shopware Remote Code Execution Vulnerability
Ecosystems: packagist
Packages: shopware/shopware
Source: GitHub Advisory Database
Blast Radius: 16.2
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS1qcXI3LTVoN3ItY2g4cM4AA8dY
Shopware Non-Persistent XSS in the Frontend
Ecosystems: packagist
Packages: shopware/shopware
Source: GitHub Advisory Database
Blast Radius: 10.1
Published: 6 months ago
Critical
GSA_kwCzR0hTQS1xM2c0LTJ2dzkteHYyN84AA8dX
Shopware Remote Code Execution Vulnerability
Ecosystems: packagist
Packages: shopware/shopware
Source: GitHub Advisory Database
Blast Radius: 16.2
Published: 6 months ago
Critical
GSA_kwCzR0hTQS00Z3hqLTVtbXItN3B4cc4AA8dK
NASA AIT-Core vulnerable to remote code execution
Ecosystems: pypi
Packages: ait-core
Source: GitHub Advisory Database
Blast Radius: 5.2
Published: 6 months ago
Critical
GSA_kwCzR0hTQS1ncGdqLXhyZ3ctOG14Ms4AA8dG
NASA AIT-Core vulnerable to SQL Injection
Ecosystems: pypi
Packages: ait-core
Source: GitHub Advisory Database
Blast Radius: 6.8
Published: 6 months ago
Critical
GSA_kwCzR0hTQS1qZjI4LXY1ZjYtY3Zwcs4AA8dJ
NASA AIT-Core vulnerable to remote code execution
Ecosystems: pypi
Packages: ait-core
Source: GitHub Advisory Database
Blast Radius: 5.2
Published: 6 months ago
Critical
GSA_kwCzR0hTQS12OWhmLTVqODMtNnhwcM4AA8dB
PyMySQL SQL Injection vulnerability
Ecosystems: pypi
Packages: pymysql
Source: GitHub Advisory Database
Blast Radius: 40.6
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS02d3FwLTdnOTQtZjY5as4AA8ac
sensiolabs/connect has a Cross-Site Request Forgery Vulnerability
Ecosystems: packagist
Packages: sensiolabs/connect
Source: GitHub Advisory Database
Blast Radius: 7.7
Published: 6 months ago
High
GSA_kwCzR0hTQS05cGh3LTdoOTYtcTNyds4AA8ab
scheb/two-factor-bundle bypass two-factor authentication with remember-me option
Ecosystems: packagist
Packages: scheb/two-factor-bundle
Source: GitHub Advisory Database
Blast Radius: 15.4
Published: 6 months ago
High
GSA_kwCzR0hTQS1oNm1wLW1jN2ctbWc0Oc4AA8aa
scheb/two-factor-bundle bypass two-factor authentication with unverified JWT trusted device token
Ecosystems: packagist
Packages: scheb/two-factor-bundle
Source: GitHub Advisory Database
Blast Radius: 15.4
Published: 6 months ago
High
GSA_kwCzR0hTQS1wajI3LTJ4dnAtNHF4Z84AA8aZ
@fastify/session reuses destroyed session cookie
Ecosystems: npm
Packages: @fastify/session
Source: GitHub Advisory Database
Blast Radius: 16.5
Published: 6 months ago
Critical
GSA_kwCzR0hTQS05NzY2LTUyNzctajVocs4AA8aY
ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache
Ecosystems: go
Packages: github.com/argoproj/argo-cd, github.com/argoproj/argo-cd/v2
Source: GitHub Advisory Database
Blast Radius: 19.7
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS0zcmNxLTM5eHAtN3hqcM4AA8W3
ic-stable-structures vulnerable to BTreeMap memory leak when deallocating nodes with overflows
Ecosystems: cargo
Packages: ic-stable-structures
Source: GitHub Advisory Database
Blast Radius: 5.9
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS1ndnBjLTNwajYtNG05d84AA8W2
Umbraco CMS Vulnerable to Stored XSS on Content Page Through Markdown Editor Preview Pane
Ecosystems: nuget
Packages: UmbracoCms.Core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS00OGNxLTc5cXEtNmY3eM4AA8W1
Gradio applications running locally vulnerable to 3rd party websites accessing routes and uploading files
Ecosystems: pypi
Packages: gradio
Source: GitHub Advisory Database
Blast Radius: 17.5
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS12cjg1LTVwd3gtYzZncc4AA8W0
OMERO.web must check that the JSONP callback is a valid function
Ecosystems: pypi
Packages: omero-web
Source: GitHub Advisory Database
Blast Radius: 8.4
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS1qNzRxLW12MmMtcnhtcM4AA8Wz
Umbraco CMS Open Redirect Bypass Protection
Ecosystems: nuget
Packages: Umbraco.Cms.Web.BackOffice, UmbracoCms.Core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 6 months ago
Low
GSA_kwCzR0hTQS0yajZyLTl2djQtNmdmNc4AA8WS
github.com/bincyber/go-sqlcrypter vulnerable to IV collision
Ecosystems: go
Packages: github.com/bincyber/go-sqlcrypter
Source: GitHub Advisory Database
Blast Radius: 1.1
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS1xamN2LXJ4M3YtN212as4AA8WR
github.com/cosmos/ibc-go affected by IBC protocol "Huckleberry" vulnerability
Ecosystems: go
Packages: github.com/cosmos/ibc-go, github.com/cosmos/ibc-go/v2, github.com/cosmos/ibc-go/v3, github.com/cosmos/ibc-go/v4, github.com/cosmos/ibc-go/v5, github.com/cosmos/ibc-go/v6, github.com/cosmos/ibc-go/v7
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS1jcmdjLTI1ODMtcncyN84AA8WN
Stacklok Minder vulnerable to denial of service from maliciously crafted templates
Ecosystems: go
Packages: github.com/stacklok/minder
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS14Y3E0LW0ycjMtY21yas4AA8WM
Trivy possibly leaks registry credential when scanning images from malicious registries
Ecosystems: go
Packages: github.com/aquasecurity/trivy
Source: GitHub Advisory Database
Blast Radius: 11.7
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS12NDVtLWh4cXAtZndmNc4AA8WL
verbb/formie Server-Side Template Injection for variable-enabled settings
Ecosystems: packagist
Packages: verbb/formie
Source: GitHub Advisory Database
Blast Radius: 4.9
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS05d3g0LWg3OHYtdm01Ns4AA8WK
Requests `Session` object does not verify requests after making first request with verify=False
Ecosystems: pypi
Packages: requests
Source: GitHub Advisory Database
Blast Radius: 32.7
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS1mOThwLTJoYzUtZm03ds4AA8WJ
AVideo cross-site scripting vulnerability in the view/about.php page
Ecosystems: packagist
Packages: wwbn/avideo
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 6 months ago
High
GSA_kwCzR0hTQS04dnI0LWg0cnItOHBoNs4AA8WB
MiguelCastillo @bit/loader Prototype Pollution issue
Ecosystems: npm
Packages: @bit/loader
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
High
GSA_kwCzR0hTQS01Zjk3LWgyYzItODI2cc4AA8WE
json-schema-ref-parser Prototype Pollution issue
Ecosystems: npm
Packages: @apidevtools/json-schema-ref-parser
Source: GitHub Advisory Database
Blast Radius: 36.1
Published: 6 months ago
Critical
GSA_kwCzR0hTQS1nM3EyLXZjanEtcmdyY84AA8V-
Blackprint @blackprint/engine Prototype Pollution issue
Ecosystems: npm
Packages: @blackprint/engine
Source: GitHub Advisory Database
Blast Radius: 10.2
Published: 6 months ago
High
GSA_kwCzR0hTQS0yZzk4LWY5anYtdzhjNc4AA8V2
robrichards/xmlseclibs XPath injection
Ecosystems: packagist
Packages: robrichards/xmlseclibs
Source: GitHub Advisory Database
Blast Radius: 22.5
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS03djdtLXBjdzUtaDNjZ84AA8V1
Pusher Service Channel Authentication Bypass
Ecosystems: packagist
Packages: pusher/pusher-php-server
Source: GitHub Advisory Database
Blast Radius: 25.5
Published: 6 months ago
Critical
GSA_kwCzR0hTQS03ZzdjLXFoZjMteDU5cM4AA8V0
propel/propel1 SQL injection possible with limit() on MySQL
Ecosystems: packagist
Packages: propel/propel1
Source: GitHub Advisory Database
Blast Radius: 28.1
Published: 6 months ago
Critical
GSA_kwCzR0hTQS03dnc3LXF4MzgtMzd2cs4AA8Vz
Propel2 SQL injection possible with limit() on MySQL
Ecosystems: packagist
Packages: propel/propel
Source: GitHub Advisory Database
Blast Radius: 27.1
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS13dzZwLXEyNnctZnI2bc4AA8Vy
phpxmlrpc/extra XSS in class documenting_xmlrpc_server
Ecosystems: packagist
Packages: phpxmlrpc/extras
Source: GitHub Advisory Database
Blast Radius: 3.7
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS1xbTV2LXBqNjQtODUyas4AA8Vx
Passbolt Api Tabnabbing when opening URI with menu "Open URI in a new tab"
Ecosystems: packagist
Packages: passbolt/passbolt_api
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 6 months ago
High
GSA_kwCzR0hTQS0yZjQ2LTR4am0tNzN4Nc4AA8Vw
Passbolt API Stored XSS on first/last name during setup
Ecosystems: packagist
Packages: passbolt/passbolt_api
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 6 months ago
High
GSA_kwCzR0hTQS1jdjVjLTJxdjUtdzJtMs4AA8Vv
Passbolt Api Remote code execution
Ecosystems: packagist
Packages: passbolt/passbolt_api
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 6 months ago
Low
GSA_kwCzR0hTQS1mNXBwLXBtcTgtZ3A0Ns4AA8Vu
Passbolt Api Retrieval of HTTP-only cookies
Ecosystems: packagist
Packages: passbolt/passbolt_api
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 6 months ago
Statistics
Advisories: 20,713
Packages: 9,066
Repositories: 5,542
Ecosystems: 12
Filter by Severity
Moderate 8,860 High 7,285 Critical 3,071 Low 1,148
Filter by Ecosystem
maven 5,870 packagist 4,634 pypi 4,392 npm 3,814 go 2,299 nuget 1,552 cargo 888 rubygems 880 swift 33 hex 32 actions 20 pub 9
Filter by Package
tensorflow 433 tensorflow-gpu 427 tensorflow-cpu 423 moodle/moodle 367 Microsoft.ChakraCore 247 magento/community-edition 235 org.jenkins-ci.main:jenkins-core 193 typo3/cms 174 org.apache.tomcat:tomcat 132 pimcore/pimcore 118 dolibarr/dolibarr 113 typo3/cms-core 106 Django 100 microweber/microweber 94 phpmyadmin/phpmyadmin 92 drupal/core 92 apache-airflow 85 silverstripe/framework 85 drupal/drupal 78 librenms/librenms 74 Plone 72 thorsten/phpmyfaq 70 com.fasterxml.jackson.core:jackson-databind 69 symfony/symfony 69 github.com/usememos/memos 64 ansible 63 github.com/mattermost/mattermost/server/v8 61 actionpack 60 concrete5/concrete5 60 salt 56 org.apache.struts:struts2-core 55 shopware/platform 52 apache-superset 51 org.keycloak:keycloak-core 51 github.com/grafana/grafana 49 nova 47 baserproject/basercms 47 craftcms/cms 46 mlflow 46 com.liferay.portal:release.portal.bom 46 django 44 nokogiri 43 rdiffweb 42 plone 41 showdoc/showdoc 40 shopware/core 40 intelliants/subrion 39 vyper 38 org.apache.tomcat.embed:tomcat-embed-core 38 github.com/rancher/rancher 38 froxlor/froxlor 38 mautic/core 37 nilsteampassnet/teampass 37 github.com/hashicorp/vault 37 com.thoughtworks.xstream:xstream 37 github.com/mattermost/mattermost-server/v6 37 org.xwiki.platform:xwiki-platform-oldcore 37 com.jfinal:jfinal 36 k8s.io/kubernetes 36 org.elasticsearch:elasticsearch 36 org.keycloak:keycloak-services 36 snipe/snipe-it 35 matrix-synapse 35 net.mingsoft:ms-mcms 35 moin 35 io.undertow:undertow-core 34 gradio 34 github.com/answerdev/answer 34 zendframework/zendframework1 34 org.jenkins-ci.plugins:script-security 33 keystone 32 github.com/argoproj/argo-cd 31 parse-server 31 Pillow 31 opencv-python 31 opencv-contrib-python 31 shopware/shopware 30 github.com/hashicorp/consul 29 github.com/docker/docker 29 getgrav/grav 29 github.com/hashicorp/nomad 28 mediawiki/core 28 centreon/centreon 27 github.com/argoproj/argo-cd/v2 27 prestashop/prestashop 26 pillow 26 directus 26 openssl-src 26 electron 26 rubygems-update 25 gogs.io/gogs 25 github.com/cilium/cilium 25 org.keycloak:keycloak-parent 25 org.apache.solr:solr-core 25 org.eclipse.jetty:jetty-server 24 org.springframework.security:spring-security-core 24 magento/core 24 contao/core-bundle 24 rack 23 pocketmine/pocketmine-mp 23 simplesamlphp/simplesamlphp 23 grumpydictator/firefly-iii 23 zendframework/zendframework 23 remdex/livehelperchat 23 puppet 23 org.bouncycastle:bcprov-jdk14 22 tribalsystems/zenario 22 getkirby/cms 22 ckb 22 @openzeppelin/contracts-upgradeable 21 glance 21 Microsoft.AspNetCore.App.Runtime.win-x64 21 Microsoft.AspNetCore.App.Runtime.win-x86 21 org.apache.openmeetings:openmeetings-parent 21 activerecord 21 org.apache.nifi:nifi 21 laravel/framework 20 langchain 20 org.cloudfoundry.identity:cloudfoundry-identity-server 20 @openzeppelin/contracts 20 code.gitea.io/gitea 20 funadmin/funadmin 20 github.com/ethereum/go-ethereum 20 Microsoft.AspNetCore.App.Runtime.win-arm 20 DotNetNuke.Core 19 org.xwiki.platform:xwiki-platform-web-templates 19 github.com/goharbor/harbor 19 contao/contao 19 org.springframework:spring-core 19 wasmtime 19 next 18 Microsoft.AspNetCore.App.Runtime.linux-arm64 18 Microsoft.AspNetCore.App.Runtime.linux-musl-x64 18 cockpit-hq/cockpit 18 Microsoft.AspNetCore.App.Runtime.linux-x64 18 Microsoft.AspNetCore.App.Runtime.linux-arm 18 forkcms/forkcms 18 golang.org/x/net 18 topthink/framework 18 com.vaadin:vaadin-bom 18 Microsoft.AspNetCore.App.Runtime.osx-x64 18 mindsdb 18 Microsoft.AspNetCore.App.Runtime.win-arm64 18 com.liferay.portal:release.dxp.bom 18 cobbler 18 mercurial 18 github.com/traefik/traefik/v2 18 org.apache.geode:geode-core 17 helm.sh/helm/v3 17 ezsystems/ezpublish-kernel 17 Microsoft.AspNetCore.App.Runtime.linux-musl-arm64 17 symfony/security 17 notebook 17 cakephp/cakephp 17 genix/cms 17 opencart/opencart 17 francoisjacquet/rosariosis 17 PaddlePaddle 16 yetiforce/yetiforce-crm 16 openmage/magento-lts 16 sequelize 16 phpbb/phpbb 16 org.apache.activemq:activemq-client 16 github.com/zitadel/zitadel 16 rusqlite 16 cryptography 16 typo3/cms-backend 16 paddlepaddle 16 org.bouncycastle:bcprov-jdk15 16 neutron 16 pyload-ng 16 org.apache.dubbo:dubbo 16 org.apache.jspwiki:jspwiki-main 16 tinymce 16 surrealdb 15 ckeditor4 15 org.apache.struts.xwork:xwork-core 15 smarty/smarty 15 october/system 15 calibreweb 15 ec-cube/ec-cube 15 symfony/security-http 15 ethyca-fides 15 OctoPrint 15 ghost 15 silverstripe/cms 14 github.com/nats-io/nats-server/v2 14 org.xwiki.platform:xwiki-platform-web 14 dompdf/dompdf 14 phpmailer/phpmailer 14 publify_core 14 activesupport 14 bolt/bolt 14 feehi/cms 14 camaleon_cms 14 swagger-ui 14 pyftpdlib 14 lollms 14 joplin 14 org.apache.inlong:manager-pojo 14
Filter by Repository
https://github.com/tensorflow/tensorflow 433 https://github.com/moodle/moodle 218 https://github.com/chakra-core/ChakraCore 214 https://github.com/xwiki/xwiki-platform 183 https://github.com/jenkinsci/jenkins 150 https://github.com/django/django 113 https://github.com/pimcore/pimcore 113 https://github.com/apache/tomcat 101 https://github.com/apache/airflow 100 https://github.com/microweber/microweber 88 https://github.com/TYPO3/typo3 74 https://github.com/keycloak/keycloak 74 https://github.com/FasterXML/jackson-databind 70 https://github.com/thorsten/phpmyfaq 69 https://github.com/librenms/librenms 66 https://github.com/silverstripe/silverstripe-framework 64 https://github.com/symfony/symfony 64 https://github.com/usememos/memos 64 https://github.com/rails/rails 59 https://github.com/ansible/ansible 58 https://github.com/Dolibarr/dolibarr 56 https://github.com/kubernetes/kubernetes 53 https://github.com/python-pillow/Pillow 52 https://github.com/apache/struts 46 https://github.com/spring-projects/spring-framework 45 https://github.com/shopware/platform 43 https://github.com/ikus060/rdiffweb 42 https://github.com/argoproj/argo-cd 42 https://github.com/concretecms/concretecms 41 https://github.com/grafana/grafana 41 https://github.com/magento/magento2 38 https://github.com/vyperlang/vyper 38 https://github.com/star7th/showdoc 38 https://github.com/phpmyadmin/phpmyadmin 38 https://github.com/plone/Products.CMFPlone 37 https://github.com/x-stream/xstream 37 https://github.com/openstack/nova 37 https://github.com/mautic/mautic 35 https://github.com/octobercms/october 35 https://github.com/saltstack/salt 34 https://github.com/craftcms/cms 34 https://github.com/rancher/rancher 34 https://github.com/answerdev/answer 34 https://github.com/dotnet/runtime 33 https://github.com/apache/activemq 33 https://github.com/sparklemotion/nokogiri 32 https://github.com/opencv/opencv 32 https://github.com/matrix-org/synapse 32 https://github.com/go-gitea/gitea 32 https://github.com/PaddlePaddle/Paddle 31 https://github.com/parse-community/parse-server 31 https://github.com/gradio-app/gradio 31 https://github.com/mlflow/mlflow 30 https://github.com/snipe/snipe-it 30 https://github.com/shopware/shopware 28 https://github.com/CVEProject/cvelist 28 https://github.com/openstack/keystone 28 https://github.com/apache/inlong 27 https://github.com/baserproject/basercms 26 https://github.com/froxlor/froxlor 26 https://github.com/directus/directus 25 https://github.com/contao/contao 25 https://github.com/electron/electron 25 https://github.com/umbraco/Umbraco-CMS 25 https://github.com/cilium/cilium 25 https://github.com/github/advisory-database 25 https://github.com/strapi/strapi 24 https://github.com/gogs/gogs 24 https://github.com/getgrav/grav 24 https://github.com/TYPO3/TYPO3.CMS 24 https://github.com/apache/nifi 23 https://github.com/livehelperchat/livehelperchat 23 https://github.com/eclipse/jetty.project 23 https://github.com/firefly-iii/firefly-iii 23 https://github.com/pmmp/PocketMine-MP 23 https://github.com/PrestaShop/PrestaShop 22 https://github.com/hashicorp/consul 22 https://github.com/nervosnetwork/ckb 22 https://github.com/langchain-ai/langchain 22 https://github.com/jenkinsci/script-security-plugin 21 https://github.com/apache/cxf 21 https://github.com/netty/netty 21 https://github.com/bytecodealliance/wasmtime 20 https://github.com/OpenNMS/opennms 20 https://github.com/undertow-io/undertow 20 https://github.com/simplesamlphp/simplesamlphp 20 https://github.com/jeecgboot/jeecg-boot 20 https://github.com/OpenZeppelin/openzeppelin-contracts 20 https://github.com/funadmin/funadmin 20 https://github.com/goharbor/harbor 19 https://github.com/getkirby/kirby 19 https://github.com/zitadel/zitadel 19 https://github.com/nilsteampassnet/teampass 19 https://github.com/bcgit/bc-java 19 https://github.com/cloudfoundry/uaa 19 https://github.com/traefik/traefik 18 https://github.com/intelliants/subrion 18 https://github.com/nilsteampassnet/TeamPass 18 https://github.com/rubygems/rubygems 18 https://github.com/helm/helm 18 https://github.com/rack/rack 18 https://github.com/geoserver/geoserver 18 https://github.com/liufee/cms 17 https://github.com/vaadin/platform 17 https://github.com/hashicorp/vault 17 https://github.com/opencast/opencast 17 https://github.com/moby/moby 17 https://github.com/mindsdb/mindsdb 17 https://github.com/rusqlite/rusqlite 16 https://github.com/pyload/pyload 16 https://github.com/etcd-io/etcd 16 https://github.com/yetiforcecompany/yetiforcecrm 16 https://github.com/OpenMage/magento-lts 16 https://github.com/forkcms/forkcms 16 https://github.com/mattermost/mattermost 16 https://github.com/tinymce/tinymce 16 https://github.com/TYPO3-CMS/core 16 https://github.com/laravel/framework 16 https://github.com/backstage/backstage 16 https://github.com/sequelize/sequelize 16 https://github.com/ethereum/go-ethereum 16 https://github.com/dompdf/dompdf 15 https://github.com/decidim/decidim 15 https://github.com/vantage6/vantage6 15 https://github.com/zendframework/zendframework 15 https://github.com/puppetlabs/puppet 15 https://github.com/apache/camel 15 https://github.com/PHPMailer/PHPMailer 15 https://github.com/pyca/cryptography 15 https://github.com/ethyca/fides 15 https://github.com/surrealdb/surrealdb 15 https://github.com/centreon/centreon 15 https://github.com/denoland/deno 15 https://github.com/cobbler/cobbler 15 https://github.com/cockpit-hq/cockpit 14 https://github.com/ckeditor/ckeditor4 14 https://github.com/janeczku/calibre-web 14 https://github.com/vercel/next.js 14 https://github.com/containerd/containerd 14 https://github.com/dotnet/aspnetcore 14 https://github.com/twisted/twisted 14 https://github.com/aio-libs/aiohttp 14 https://github.com/hashicorp/nomad 14 https://github.com/xuxueli/xxl-job 14 https://github.com/ming-soft/MCMS 13 https://github.com/publify/publify 13 https://github.com/swagger-api/swagger-ui 13 https://github.com/laurent22/joplin 13 https://github.com/dromara/hutool 13 https://github.com/OPCFoundation/UA-.NETStandard 13 https://github.com/modoboa/modoboa 13 https://github.com/golang/go 13 https://github.com/TryGhost/Ghost 13 https://github.com/nodejs/undici 13 https://github.com/apache/dolphinscheduler 13 https://github.com/quarkusio/quarkus 13 https://github.com/OpenRefine/OpenRefine 13 https://github.com/smarty-php/smarty 12 https://github.com/wagtail/wagtail 12 https://github.com/centreon/centreon-archived 12 https://github.com/patriksimek/vm2 12 https://github.com/PHPOffice/PhpSpreadsheet 12 https://github.com/urllib3/urllib3 12 https://github.com/opencontainers/runc 12 https://github.com/pimcore/admin-ui-classic-bundle 12 https://github.com/openstack/glance 12 https://github.com/apache/kylin 12 https://github.com/puma/puma 12 https://github.com/containers/podman 12 https://github.com/1Panel-dev/1Panel 12 https://github.com/openfga/openfga 12 https://github.com/spring-projects/spring-security 11 https://github.com/zenml-io/zenml 11 https://github.com/ezsystems/ezpublish-kernel 11 https://github.com/NodeBB/NodeBB 11 https://github.com/drupal/core 11 https://github.com/cloudflare/cfrpki 11 https://github.com/yiisoft/yii2 11 https://github.com/scrapy/scrapy 11 https://github.com/nats-io/nats-server 11 https://github.com/igniterealtime/Openfire 11 https://github.com/Pylons/waitress 11 https://github.com/Studio-42/elFinder 11 https://github.com/pomerium/pomerium 11 https://github.com/matrix-org/matrix-js-sdk 11 https://github.com/cakephp/cakephp 11 https://github.com/thorsten/phpMyFAQ 11 https://github.com/top-think/framework 11 https://github.com/vaadin/flow 11 https://github.com/dpgaspar/Flask-AppBuilder 11 https://github.com/getsentry/sentry 11 https://github.com/dolibarr/dolibarr 11 https://github.com/owen2345/camaleon-cms 11 https://github.com/WWBN/AVideo 11 https://github.com/Sylius/Sylius 11 https://github.com/onionshare/onionshare 11 https://github.com/cosmos/cosmos-sdk 10 https://github.com/phusion/passenger 10 https://github.com/DSpace/DSpace 10