Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories

Browse all Security Advisories for

Loading...
Moderate
GSA_kwCzR0hTQS12ODZtLWo1ZjctY2N3aM4AA8Vt
Passbolt Api E-mail HTML injection
Ecosystems: packagist
Packages: passbolt/passbolt_api
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS13Z2p2LTlqM3EtamhnOM4AA8Vk
aiosmtpd STARTTLS unencrypted commands injection
Ecosystems: pypi
Packages: aiosmtpd
Source: GitHub Advisory Database
Blast Radius: 13.5
Published: 6 months ago
High
GSA_kwCzR0hTQS1xeHFmLTJtZngteDhqd84AA8Vj
veraPDF has potential XSLT injection vulnerability when using policy files
Ecosystems: maven
Packages: org.verapdf:library-jakarta, org.verapdf:library, org.verapdf:library-arlington, org.verapdf:core-arlington, org.verapdf:core-jakarta, org.verapdf:core
Source: GitHub Advisory Database
Blast Radius: 7.7
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS0zdmhtLXE0dzMtcnc4cc4AA8Vi
OroPlatform Forced Redirect to External Website
Ecosystems: packagist
Packages: oro/platform
Source: GitHub Advisory Database
Blast Radius: 13.3
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS12OGhwLTIzOXYtOTM2N84AA8Vh
OroCRM Forced Redirect to External Website
Ecosystems: packagist
Packages: oro/crm
Source: GitHub Advisory Database
Blast Radius: 10.8
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS1jOTZoLWN4eDYtcm1nOc4AA8R4
Tor path lengths too short when "full Vanguards" configured
Ecosystems: cargo
Packages: arti, tor-circmgr
Source: GitHub Advisory Database
Blast Radius: 6.1
Published: 6 months ago
High
GSA_kwCzR0hTQS03Z2dtLTRyamctNTk0d84AA8R2
litellm passes untrusted data to `eval` function without sanitization
Ecosystems: pypi
Packages: litellm
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
High
GSA_kwCzR0hTQS05MzI4LWdjZnEtcDI2Oc4AA8R0
Tor Arti's STUB circuits incorrectly have a length of 2
Ecosystems: cargo
Packages: tor-circmgr, arti
Source: GitHub Advisory Database
Blast Radius: 7.8
Published: 6 months ago
Low
GSA_kwCzR0hTQS0zZm1xLXg5cTYtd20zOc4AA8Rz
random_compat Uses insecure CSPRNG
Ecosystems: packagist
Packages: paragonie/random_compat
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS1nNDhmLXBnd2gtd3d4eM4AA8Ry
onelogin/php-saml signature wrapping attacks
Ecosystems: packagist
Packages: onelogin/php-saml
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
Low
GSA_kwCzR0hTQS05d3J3LXA5cm0tcjc4Ms4AA8Rx
onelogin/php-saml Improper signature validation on LogoutRequest/LogoutResponse.
Ecosystems: packagist
Packages: onelogin/php-saml
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
High
GSA_kwCzR0hTQS1yMnI4LTM2cHEtMjdjbc4AA8Rw
nzo/url-encryptor-bundle Insecure default secret key and IV allowing anyone to decrypt values
Ecosystems: packagist
Packages: nzo/url-encryptor-bundle
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
Critical
GSA_kwCzR0hTQS1ycTZxLWhqdmgtNW13aM4AA8Rv
Flow Swift Mailer package Remote code execution
Ecosystems: packagist
Packages: neos/swiftmailer
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
High
GSA_kwCzR0hTQS02Y2ozLXJjNHAtZjM4Zs4AA8Ru
Cross-site Scripting vulnerabilities in Neos
Ecosystems: packagist
Packages: neos/neos
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS00M2NmLTdmM2gtMzhyZ84AA8Rt
Privilege Escalation in TYPO3 Neos
Ecosystems: packagist
Packages: neos/neos
Source: GitHub Advisory Database
Blast Radius: 11.7
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS02cHE4LTY3cHctajZod84AA8Rs
Time-Based Information Disclosure Vulnerability in Flow
Ecosystems: packagist
Packages: neos/flow
Source: GitHub Advisory Database
Blast Radius: 14.4
Published: 6 months ago
High
GSA_kwCzR0hTQS0zYzVnLTczZjctZ3J2bc4AA8Rr
Neos Information Disclosure Security Note
Ecosystems: packagist
Packages: neos/neos
Source: GitHub Advisory Database
Blast Radius: 21.0
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS05Y3czLWo3d2ctandqOM4AA8Rq
Neos Flow Information disclosure in entity security
Ecosystems: packagist
Packages: neos/flow
Source: GitHub Advisory Database
Blast Radius: 11.7
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS01dnY3LWo1OTMtbWdqY84AA8Rp
Neos Flow Arbitrary file upload and XML External Entity processing
Ecosystems: packagist
Packages: neos/flow
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
Low
GSA_kwCzR0hTQS03aDc0LTd2Y3ctNG13cM4AA8Ro
Insecure deserialize Vulnerability in FLOW3
Ecosystems: packagist
Packages: neos/flow
Source: GitHub Advisory Database
Blast Radius: 10.1
Published: 6 months ago
Critical
GSA_kwCzR0hTQS00cnI2LWdmNTktZ2d3Nc4AA8Rn
namshi/jose - Verification bypass
Ecosystems: packagist
Packages: namshi/jose
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
High
GSA_kwCzR0hTQS1oeGhjLXdtZzgteHJxZs4AA8Rm
namshi/jose insecure JSON Web Signatures (JWS)
Ecosystems: packagist
Packages: namshi/jose
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS0ycmh4LXFoeHAtNWpwd84AA8Qi
Submariner Operator sets unnecessary RBAC permissions in helm charts
Ecosystems: go
Packages: github.com/submariner-io/submariner-operator
Source: GitHub Advisory Database
Blast Radius: 8.6
Published: 6 months ago
Critical
GSA_kwCzR0hTQS0zNzgzLTYydmMtanI3eM4AA8K_
ConsoleMe has an Arbitrary File Read Vulnerability via Limited Git command
Ecosystems: pypi
Packages: consoleme
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 6 months ago
High
GSA_kwCzR0hTQS0zaHZqLTI3ODMtMzR4Ms4AA8Kx
njwt Prototype Pollution vulnerability
Ecosystems: npm
Packages: njwt
Source: GitHub Advisory Database
Blast Radius: 18.2
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS1manc4LTNncDgtNGN2eM4AA8Kw
Denial of service of Minder Server with attacker-controlled REST endpoint
Ecosystems: go
Packages: github.com/stacklok/minder
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS12ZzNyLXJtN3ctMnhnaM4AA8Kv
REXML contains a denial of service vulnerability
Ecosystems: rubygems
Packages: rexml
Source: GitHub Advisory Database
Blast Radius: 28.8
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS1wNGp4LXE2MnAteDVqcs4AA8J5
MLflow allows low privilege users to delete any artifact
Ecosystems: pypi
Packages: mlflow
Source: GitHub Advisory Database
Blast Radius: 20.0
Published: 6 months ago
High
GSA_kwCzR0hTQS1wd2M5LXE0aGotcGc4Z84AA8Ju
LoLLMS Command Injection vulnerability
Ecosystems: pypi
Packages: lollms
Source: GitHub Advisory Database
Blast Radius: 5.9
Published: 6 months ago
High
GSA_kwCzR0hTQS1wdzM4LXh2OXgtaDhjaM4AA8Jv
RunGptLLM class in LlamaIndex has a command injection
Ecosystems: pypi
Packages: llama-index-llms-rungpt, llama-index
Source: GitHub Advisory Database
Blast Radius: 27.9
Published: 6 months ago
High
GSA_kwCzR0hTQS1yZnFxLXdxNnctNzJqbc4AA8J7
MLflow has a Local File Read/Path Traversal bypass
Ecosystems: pypi
Packages: mlflow
Source: GitHub Advisory Database
Blast Radius: 27.8
Published: 6 months ago
Low
GSA_kwCzR0hTQS1mNTd2LXE5NjYtN2ZoNs4AA8I3
Monolog Header injection in NativeMailerHandler
Ecosystems: packagist
Packages: monolog/monolog
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
Critical
GSA_kwCzR0hTQS04ajdjLTY4MngtcjlmMs4AA8I2
Magento RCE,XSS and other vulnerabilities
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS1tY2ZjLTY3dm0tajU2OM4AA8I1
Magento Cross-Site Scripting (XSS) vulnerability
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
Critical
GSA_kwCzR0hTQS01Z21oLTg1eDgtNWN4N84AA8I0
Magento remote code execution (RCE), Cross-Site Scripting (XSS) and other vulnerabilities
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
Critical
GSA_kwCzR0hTQS1jdjI1LTNweHItNHE3eM4AA8Iz
Magento Open Source Security Advisory: Patch SUPEE-10975
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
Critical
GSA_kwCzR0hTQS0yNmhxLTcyODYtbWc4Zs4AA8Iy
Magento Patch SUPEE-9652 - Remote Code Execution using mail vulnerability
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
Critical
GSA_kwCzR0hTQS02d200LTNyamotYzh4eM4AA8Ix
Magento Security enhancements that help close RCE,XSS,CSRF and other vulnerabilities
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
Critical
GSA_kwCzR0hTQS1wcnBmLWNqODctaHd2cs4AA8Iw
Magento Patch SUPEE-10752 - Multiple security enhancements vulnerabilities
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS1xd3ZwLTI2OGctamptOM4AA8Iv
Data Leakage Vulnerability in livewire/livewire
Ecosystems: packagist
Packages: livewire/livewire
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS1oOTdjLXFwMjQtNDM5ds4AA8Iu
Insecure State Generation in laravel/socialite
Ecosystems: packagist
Packages: laravel/socialite
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS03Zmp2LTI1cTktMnc4OM4AA8It
State Guessing Vulnerability in laravel/socialite
Ecosystems: packagist
Packages: laravel/socialite
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
High
GSA_kwCzR0hTQS13cThwLW1xdmctMnA1aM4AA8Is
laravel framework SQL Injection via limit and offset functions
Ecosystems: packagist
Packages: laravel/framework
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
High
GSA_kwCzR0hTQS1qd3ZqLXB3d3ctM21qNc4AA8Ir
laravel framework Unexpected database bindings via requests
Ecosystems: packagist
Packages: laravel/framework
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS00NHBnLWMyOXYtaHA2cs4AA8Iq
Laravel Guard bypass in Eloquent models
Ecosystems: packagist
Packages: laravel/framework
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
Critical
GSA_kwCzR0hTQS1xbTVjLW03NnItMmhmcs4AA8Ip
Laravel RCE vulnerability in "cookie" session driver
Ecosystems: packagist
Packages: laravel/framework
Source: GitHub Advisory Database
Blast Radius: 56.8
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS12cjk1LXA3cTYtOG05cc4AA8Io
Laravel Cross-site Scripting (XSS) vulnerability in blade templating
Ecosystems: packagist
Packages: laravel/framework
Source: GitHub Advisory Database
Blast Radius: 24.4
Published: 6 months ago
High
GSA_kwCzR0hTQS02anZ4LThjaDktajJqcs4AA8In
Laravel Cookie serialization vulnerability
Ecosystems: packagist
Packages: laravel/framework
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS03ODUyLXczNngtNm1mNs4AA8Im
Laravel Encrypter Component Potential Decryption Failure Leading to Unintended Behavior
Ecosystems: packagist
Packages: laravel/framework
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS1wNjJyLTc2MzctM3d3Y84AA8Il
Laravel Hijacked authentication cookies vulnerability
Ecosystems: packagist
Packages: laravel/framework
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS1yajN3LTk5Z2MtOGo1OM4AA8Ik
Laravel Risk of mass-assignment vulnerabilities
Ecosystems: packagist
Packages: laravel/framework
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS1odmd3LWdnM3AtMjk1as4AA8Ij
Read private customer data reclaiming carts in Klaviyo Magento
Ecosystems: packagist
Packages: klaviyo/magento2-extension
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
Low
GSA_kwCzR0hTQS02d2p3LXFmODctZnY1ds4AA8Ii
Laravel Encrypter Failure to decryption vulnerability
Ecosystems: packagist
Packages: illuminate/encryption
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
High
GSA_kwCzR0hTQS0yODY3LTZycm0tMzhncs4AA8Ih
Laravel Cookie serialization vulnerability
Ecosystems: packagist
Packages: illuminate/cookie
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS0yOTdnLXhnNGgtN3c0Y84AA8Ig
Laravel Cross-site Scripting vulnerability in blade templating
Ecosystems: packagist
Packages: illuminate/view
Source: GitHub Advisory Database
Blast Radius: 19.9
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS1jYzJ3LWdoYzUtbTVxcs4AA8If
Laravel Risk of mass-assignment vulnerabilities
Ecosystems: packagist
Packages: illuminate/database
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
Critical
GSA_kwCzR0hTQS0yZmZ2LXI0cjktcjh4cs4AA8Ie
Laravel RCE vulnerability in "cookie" session driver
Ecosystems: packagist
Packages: illuminate/cookie
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS1xNHhmLTdmdzUtNHg4ds4AA8Id
Laravel Hijacked authentication cookies vulnerability
Ecosystems: packagist
Packages: illuminate/auth
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
High
GSA_kwCzR0hTQS0yZ3EyLW02MjgtMzN4cM4AA8Ic
gregwar/rst Local File Inclusion Vulnerability
Ecosystems: packagist
Packages: gregwar/rst
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
Critical
GSA_kwCzR0hTQS05Z3h2LXg3cnAtcjJoY84AA8Ib
gree/jose - "None" Algorithm treated as valid in tokens
Ecosystems: packagist
Packages: gree/jose
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS1mZ3J4LTQ2MzctZmNmNc4AA8Ia
fuel/core Crypt encryption compromised.
Ecosystems: packagist
Packages: fuel/core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
High
GSA_kwCzR0hTQS0yNmhwLWNnamotbTJqM84AA8IZ
fuel/core ImageMagick driver does not escape all shell arguments.
Ecosystems: packagist
Packages: fuel/core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS04d3gzLThtNHgtZzVoNM4AA8IY
FOSUserBundle User Identity Validation Vulnerability
Ecosystems: packagist
Packages: friendsofsymfony/user-bundle
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
High
GSA_kwCzR0hTQS02bWpxLTl4NHctbTN3Oc4AA8IX
FOSUserBundle Session Hijacking Vulnerability
Ecosystems: packagist
Packages: friendsofsymfony/user-bundle
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS1wang4LTk4NHAtN3AzeM4AA8IW
FOSUserBundle Entropy is lost in the TokenGenerator
Ecosystems: packagist
Packages: friendsofsymfony/user-bundle
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS1wOWZnLWo2d3ctOTUzbc4AA8IV
FOSRestBundle issue with broken validation of JSONP callbacks
Ecosystems: packagist
Packages: friendsofsymfony/rest-bundle
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS14bTN4LTRwaDMtM3g5Y84AA8IU
friendsofsymfony/oauth2-php open redirection in oauth
Ecosystems: packagist
Packages: friendsofsymfony/oauth2-php
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
Critical
GSA_kwCzR0hTQS1oNTMzLTV2MjItOHZjcM4AA8IT
firebase/php-jwt: "None" Algorithm treated as valid on tokens
Ecosystems: packagist
Packages: firebase/php-jwt
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
High
GSA_kwCzR0hTQS0zZzQzLXhmcnctcHY1bc4AA8IS
eZ Platform User data disclosure
Ecosystems: packagist
Packages: ezsystems/repository-forms
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS13OXAzLTI2ZngtNW1wM84AA8IR
eZ Platform Admin UI is vulnerable to Cross-site Scripting (XSS)
Ecosystems: packagist
Packages: ezsystems/platform-ui-assets-bundle
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS0zOWoyLTRwOWotNXc0as4AA8IQ
Ez Platform Object Injection in legacy shop module
Ecosystems: packagist
Packages: ezsystems/ezpublish-legacy
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
High
GSA_kwCzR0hTQS05ODk1LTI2d3ItNGZnds4AA8IP
EZsystems Remote code execution in file uploads
Ecosystems: packagist
Packages: ezsystems/ezpublish-legacy
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
High
GSA_kwCzR0hTQS14OHhtLXdyanEtNWc1NM4AA8H3
Stakater Forecastle has a directory traversal vulnerability
Ecosystems: go
Packages: github.com/stakater/Forecastle
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS1wcWptLXhjcDgtd2dtbc4AA8Hw
Ez Platform and Legacy are prone to an insecure interpretation of PHP/PHAR uploads
Ecosystems: packagist
Packages: ezsystems/ezpublish-legacy
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
High
GSA_kwCzR0hTQS1wOW1wLXZxNHYtdjVtNc4AA8Hv
eZ Publish Legacy Passwordless login for LDAP users
Ecosystems: packagist
Packages: ezsystems/ezpublish-legacy
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS0ydmgzLWNqOWotbWNqNc4AA8Hu
eZ Publish Legacy Cross-site Scripting (XSS) in 'disabled module' error template
Ecosystems: packagist
Packages: ezsystems/ezpublish-legacy
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
High
GSA_kwCzR0hTQS02NHZqLTkzM2YtNnBtM84AA8Ht
eZ Platform Object Injection in SiteAccessMatchListener
Ecosystems: packagist
Packages: ezsystems/ezpublish-kernel
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
High
GSA_kwCzR0hTQS04MnJ2LTQ1cGMtdjI4d84AA8Hs
eZ Publish Legacy Patch EZSA-2018-001 for Several vulnerabilities
Ecosystems: packagist
Packages: ezsystems/ezpublish-legacy
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
High
GSA_kwCzR0hTQS1jYzJqLTkyanEtd2dqZ84AA8Hr
eZ Publish Information disclosure in backend content tree menu
Ecosystems: packagist
Packages: ezsystems/ezpublish-legacy
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
High
GSA_kwCzR0hTQS0zdndyLWpqNGYtaDk4eM4AA8Hq
eZ Publish Remote code execution in file uploads
Ecosystems: packagist
Packages: ezsystems/ezpublish-kernel
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS1xaGpjLWhnOTQtMjQ1ds4AA8Hp
eZ Platform Prevent accepting app.php in URL in Platform.sh
Ecosystems: packagist
Packages: ezsystems/ezplatform
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS05d3d4LWM3MjMtdm04eM4AA8Ho
eZ Platform REST API returns list of all SiteAccesses
Ecosystems: packagist
Packages: ezsystems/ezpublish-kernel
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS02eGNoLTJ2eHgtNXB2cs4AA8Hn
eZ Platform Rules to disable executable access are ignored on Platform.sh (eZ Cloud)
Ecosystems: packagist
Packages: ezsystems/ezplatform
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
High
GSA_kwCzR0hTQS00NXFtLWo0bTktd2h2Oc4AA8Hm
eZ Platform CSRF token in login form is disabled by default
Ecosystems: packagist
Packages: ezsystems/ezplatform
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
High
GSA_kwCzR0hTQS1oZnBwLTJ2aHctcXE0M84AA8Hl
eZ Platform Admin UI Password reset vulnerability
Ecosystems: packagist
Packages: ezsystems/ezplatform-user
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
High
GSA_kwCzR0hTQS0ydzlwLXh4cXItaDI1M84AA8Hk
eZ Platform Object Injection in SiteAccessMatchListener
Ecosystems: packagist
Packages: ezsystems/ezplatform-kernel
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
High
GSA_kwCzR0hTQS1xNzN2LTc5eDMtanYyd84AA8Hj
eZ Platform Admin UI Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: ezsystems/ezplatform-admin-ui
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
High
GSA_kwCzR0hTQS1jZzg0LTU1angtNDIzN84AA8Hi
eZ Platform Password reset vulnerability
Ecosystems: packagist
Packages: ezsystems/ezplatform-admin-ui
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS00YzJ3LXY1cnEtNW14N84AA8Hh
eZ Platform Editor Cross-site Scripting (XSS)
Ecosystems: packagist
Packages: ezsystems/ezplatform-admin-ui-assets
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS1qcnB3LTg4ODQtMjc0N84AA8Hg
eZ Platform Bundled jQuery affected by CVE-2019-11358
Ecosystems: packagist
Packages: ezsystems/ezplatform-admin-ui-assets
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
High
GSA_kwCzR0hTQS05Y3EyLXBjZ3ItOGg2Ms4AA8Hf
Cross-site Scripting in eZFind spellcheck
Ecosystems: packagist
Packages: ezsystems/ezfind-ls
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS14bXAzLTc3NDUtZzR2as4AA8He
ezsystems/ez-support-tools Failing access control in system info view
Ecosystems: packagist
Packages: ezsystems/ez-support-tools
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
High
GSA_kwCzR0hTQS1qcTlxLTZwNDItcXByN84AA8Hc
Cross-site Scripting (XSS) in DemoBundle/ezdemo bundled VideoJS
Ecosystems: packagist
Packages: ezsystems/ezdemo-ls-extension
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
High
GSA_kwCzR0hTQS04Yzg1LTRycjUtY2hyNM4AA8Hd
Cross-site Scripting (XSS) in DemoBundle/ezdemo bundled VideoJS
Ecosystems: packagist
Packages: ezsystems/demobundle
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS1tdmY2LTNmMmcteGZ4Zs4AA8Hb
endroid/qr-code-bundle File Disclosure via logo_path query parameter
Ecosystems: packagist
Packages: endroid/qr-code-bundle
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS1xZjY1LWhwaDktNDUzcs4AA8Ha
Drupal Cross-Site Scripting (XSS) affecting CKEditor Third-party library
Ecosystems: packagist
Packages: drupal/drupal
Source: GitHub Advisory Database
Blast Radius: 10.1
Published: 6 months ago
High
GSA_kwCzR0hTQS1qNjZwLWZ2cDItZnhoas4AA8HZ
Drupal core Arbitrary PHP code execution
Ecosystems: packagist
Packages: drupal/drupal
Source: GitHub Advisory Database
Blast Radius: 17.1
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS0zMzd3LWZ4cHEtNW0zNM4AA8HY
Drupal core uses a vulnerable Third-party library CKEditor
Ecosystems: packagist
Packages: drupal/drupal
Source: GitHub Advisory Database
Blast Radius: 9.2
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS13eGZnLTI1M2ctbTdyNM4AA8HX
Drupal core Open Redirect vulnerability
Ecosystems: packagist
Packages: drupal/drupal
Source: GitHub Advisory Database
Blast Radius: 9.5
Published: 6 months ago
High
GSA_kwCzR0hTQS1tOWZ2LXdocTItNndtY84AA8HW
Drupal core Multiple vulnerabilities due to the use of the third-party library Archive_Tar
Ecosystems: packagist
Packages: drupal/drupal
Source: GitHub Advisory Database
Blast Radius: 17.8
Published: 6 months ago
Statistics
Advisories: 20,713
Packages: 9,066
Repositories: 5,542
Ecosystems: 12
Filter by Severity
Moderate 8,860 High 7,285 Critical 3,071 Low 1,148
Filter by Ecosystem
maven 5,870 packagist 4,634 pypi 4,392 npm 3,814 go 2,299 nuget 1,552 cargo 888 rubygems 880 swift 33 hex 32 actions 20 pub 9
Filter by Package
tensorflow 433 tensorflow-gpu 427 tensorflow-cpu 423 moodle/moodle 367 Microsoft.ChakraCore 247 magento/community-edition 235 org.jenkins-ci.main:jenkins-core 193 typo3/cms 174 org.apache.tomcat:tomcat 132 pimcore/pimcore 118 dolibarr/dolibarr 113 typo3/cms-core 106 Django 100 microweber/microweber 94 drupal/core 92 phpmyadmin/phpmyadmin 92 apache-airflow 85 silverstripe/framework 85 drupal/drupal 78 librenms/librenms 74 Plone 72 thorsten/phpmyfaq 70 symfony/symfony 69 com.fasterxml.jackson.core:jackson-databind 69 github.com/usememos/memos 64 ansible 63 github.com/mattermost/mattermost/server/v8 61 concrete5/concrete5 60 actionpack 60 salt 56 org.apache.struts:struts2-core 55 shopware/platform 52 apache-superset 51 org.keycloak:keycloak-core 51 github.com/grafana/grafana 49 nova 47 baserproject/basercms 47 craftcms/cms 46 mlflow 46 com.liferay.portal:release.portal.bom 46 django 44 nokogiri 43 rdiffweb 42 plone 41 shopware/core 40 showdoc/showdoc 40 intelliants/subrion 39 org.apache.tomcat.embed:tomcat-embed-core 38 github.com/rancher/rancher 38 vyper 38 froxlor/froxlor 38 mautic/core 37 github.com/mattermost/mattermost-server/v6 37 nilsteampassnet/teampass 37 com.thoughtworks.xstream:xstream 37 github.com/hashicorp/vault 37 org.xwiki.platform:xwiki-platform-oldcore 37 com.jfinal:jfinal 36 org.elasticsearch:elasticsearch 36 org.keycloak:keycloak-services 36 k8s.io/kubernetes 36 moin 35 matrix-synapse 35 net.mingsoft:ms-mcms 35 snipe/snipe-it 35 github.com/answerdev/answer 34 gradio 34 zendframework/zendframework1 34 io.undertow:undertow-core 34 org.jenkins-ci.plugins:script-security 33 keystone 32 parse-server 31 github.com/argoproj/argo-cd 31 Pillow 31 opencv-contrib-python 31 opencv-python 31 shopware/shopware 30 github.com/docker/docker 29 github.com/hashicorp/consul 29 getgrav/grav 29 github.com/hashicorp/nomad 28 mediawiki/core 28 github.com/argoproj/argo-cd/v2 27 centreon/centreon 27 electron 26 openssl-src 26 directus 26 pillow 26 prestashop/prestashop 26 gogs.io/gogs 25 github.com/cilium/cilium 25 rubygems-update 25 org.keycloak:keycloak-parent 25 org.apache.solr:solr-core 25 org.eclipse.jetty:jetty-server 24 magento/core 24 contao/core-bundle 24 org.springframework.security:spring-security-core 24 simplesamlphp/simplesamlphp 23 zendframework/zendframework 23 rack 23 remdex/livehelperchat 23 grumpydictator/firefly-iii 23 puppet 23 pocketmine/pocketmine-mp 23 ckb 22 tribalsystems/zenario 22 org.bouncycastle:bcprov-jdk14 22 getkirby/cms 22 Microsoft.AspNetCore.App.Runtime.win-x86 21 Microsoft.AspNetCore.App.Runtime.win-x64 21 org.apache.nifi:nifi 21 activerecord 21 glance 21 org.apache.openmeetings:openmeetings-parent 21 @openzeppelin/contracts-upgradeable 21 org.cloudfoundry.identity:cloudfoundry-identity-server 20 code.gitea.io/gitea 20 laravel/framework 20 funadmin/funadmin 20 langchain 20 @openzeppelin/contracts 20 Microsoft.AspNetCore.App.Runtime.win-arm 20 github.com/ethereum/go-ethereum 20 wasmtime 19 DotNetNuke.Core 19 github.com/goharbor/harbor 19 org.springframework:spring-core 19 org.xwiki.platform:xwiki-platform-web-templates 19 contao/contao 19 mindsdb 18 github.com/traefik/traefik/v2 18 golang.org/x/net 18 Microsoft.AspNetCore.App.Runtime.linux-arm 18 forkcms/forkcms 18 Microsoft.AspNetCore.App.Runtime.linux-arm64 18 com.liferay.portal:release.dxp.bom 18 cockpit-hq/cockpit 18 Microsoft.AspNetCore.App.Runtime.linux-musl-x64 18 topthink/framework 18 com.vaadin:vaadin-bom 18 cobbler 18 Microsoft.AspNetCore.App.Runtime.win-arm64 18 mercurial 18 next 18 Microsoft.AspNetCore.App.Runtime.linux-x64 18 Microsoft.AspNetCore.App.Runtime.osx-x64 18 genix/cms 17 cakephp/cakephp 17 helm.sh/helm/v3 17 symfony/security 17 org.apache.geode:geode-core 17 notebook 17 francoisjacquet/rosariosis 17 Microsoft.AspNetCore.App.Runtime.linux-musl-arm64 17 opencart/opencart 17 ezsystems/ezpublish-kernel 17 sequelize 16 tinymce 16 cryptography 16 paddlepaddle 16 yetiforce/yetiforce-crm 16 neutron 16 rusqlite 16 org.apache.jspwiki:jspwiki-main 16 PaddlePaddle 16 org.apache.dubbo:dubbo 16 github.com/zitadel/zitadel 16 phpbb/phpbb 16 openmage/magento-lts 16 typo3/cms-backend 16 pyload-ng 16 org.apache.activemq:activemq-client 16 org.bouncycastle:bcprov-jdk15 16 calibreweb 15 ckeditor4 15 ec-cube/ec-cube 15 surrealdb 15 ghost 15 smarty/smarty 15 october/system 15 ethyca-fides 15 org.apache.struts.xwork:xwork-core 15 OctoPrint 15 symfony/security-http 15 github.com/containerd/containerd 14 modoboa 14 swagger-ui 14 camaleon_cms 14 joplin 14 activesupport 14 silverstripe/cms 14 github.com/nats-io/nats-server/v2 14 dompdf/dompdf 14 org.apache.tomcat:tomcat-coyote 14 bolt/bolt 14 lollms 14 phpmailer/phpmailer 14 publify_core 14 org.xwiki.platform:xwiki-platform-web 14
Filter by Repository
https://github.com/tensorflow/tensorflow 433 https://github.com/moodle/moodle 218 https://github.com/chakra-core/ChakraCore 214 https://github.com/xwiki/xwiki-platform 183 https://github.com/jenkinsci/jenkins 150 https://github.com/django/django 113 https://github.com/pimcore/pimcore 113 https://github.com/apache/tomcat 101 https://github.com/apache/airflow 100 https://github.com/microweber/microweber 88 https://github.com/keycloak/keycloak 74 https://github.com/TYPO3/typo3 74 https://github.com/FasterXML/jackson-databind 70 https://github.com/thorsten/phpmyfaq 69 https://github.com/librenms/librenms 66 https://github.com/silverstripe/silverstripe-framework 64 https://github.com/usememos/memos 64 https://github.com/symfony/symfony 64 https://github.com/rails/rails 59 https://github.com/ansible/ansible 58 https://github.com/Dolibarr/dolibarr 56 https://github.com/kubernetes/kubernetes 53 https://github.com/python-pillow/Pillow 52 https://github.com/apache/struts 46 https://github.com/spring-projects/spring-framework 45 https://github.com/shopware/platform 43 https://github.com/ikus060/rdiffweb 42 https://github.com/argoproj/argo-cd 42 https://github.com/grafana/grafana 41 https://github.com/concretecms/concretecms 41 https://github.com/magento/magento2 38 https://github.com/vyperlang/vyper 38 https://github.com/star7th/showdoc 38 https://github.com/phpmyadmin/phpmyadmin 38 https://github.com/plone/Products.CMFPlone 37 https://github.com/x-stream/xstream 37 https://github.com/openstack/nova 37 https://github.com/mautic/mautic 35 https://github.com/octobercms/october 35 https://github.com/rancher/rancher 34 https://github.com/saltstack/salt 34 https://github.com/answerdev/answer 34 https://github.com/craftcms/cms 34 https://github.com/dotnet/runtime 33 https://github.com/apache/activemq 33 https://github.com/matrix-org/synapse 32 https://github.com/opencv/opencv 32 https://github.com/go-gitea/gitea 32 https://github.com/sparklemotion/nokogiri 32 https://github.com/gradio-app/gradio 31 https://github.com/parse-community/parse-server 31 https://github.com/PaddlePaddle/Paddle 31 https://github.com/mlflow/mlflow 30 https://github.com/snipe/snipe-it 30 https://github.com/openstack/keystone 28 https://github.com/CVEProject/cvelist 28 https://github.com/shopware/shopware 28 https://github.com/apache/inlong 27 https://github.com/froxlor/froxlor 26 https://github.com/baserproject/basercms 26 https://github.com/cilium/cilium 25 https://github.com/umbraco/Umbraco-CMS 25 https://github.com/electron/electron 25 https://github.com/contao/contao 25 https://github.com/github/advisory-database 25 https://github.com/directus/directus 25 https://github.com/TYPO3/TYPO3.CMS 24 https://github.com/getgrav/grav 24 https://github.com/gogs/gogs 24 https://github.com/strapi/strapi 24 https://github.com/firefly-iii/firefly-iii 23 https://github.com/livehelperchat/livehelperchat 23 https://github.com/eclipse/jetty.project 23 https://github.com/apache/nifi 23 https://github.com/pmmp/PocketMine-MP 23 https://github.com/nervosnetwork/ckb 22 https://github.com/hashicorp/consul 22 https://github.com/PrestaShop/PrestaShop 22 https://github.com/langchain-ai/langchain 22 https://github.com/apache/cxf 21 https://github.com/netty/netty 21 https://github.com/jenkinsci/script-security-plugin 21 https://github.com/simplesamlphp/simplesamlphp 20 https://github.com/funadmin/funadmin 20 https://github.com/jeecgboot/jeecg-boot 20 https://github.com/OpenNMS/opennms 20 https://github.com/OpenZeppelin/openzeppelin-contracts 20 https://github.com/bytecodealliance/wasmtime 20 https://github.com/undertow-io/undertow 20 https://github.com/getkirby/kirby 19 https://github.com/zitadel/zitadel 19 https://github.com/goharbor/harbor 19 https://github.com/cloudfoundry/uaa 19 https://github.com/bcgit/bc-java 19 https://github.com/nilsteampassnet/teampass 19 https://github.com/nilsteampassnet/TeamPass 18 https://github.com/intelliants/subrion 18 https://github.com/traefik/traefik 18 https://github.com/rubygems/rubygems 18 https://github.com/geoserver/geoserver 18 https://github.com/helm/helm 18 https://github.com/rack/rack 18 https://github.com/opencast/opencast 17 https://github.com/liufee/cms 17 https://github.com/vaadin/platform 17 https://github.com/mindsdb/mindsdb 17 https://github.com/moby/moby 17 https://github.com/hashicorp/vault 17 https://github.com/forkcms/forkcms 16 https://github.com/ethereum/go-ethereum 16 https://github.com/etcd-io/etcd 16 https://github.com/mattermost/mattermost 16 https://github.com/tinymce/tinymce 16 https://github.com/rusqlite/rusqlite 16 https://github.com/TYPO3-CMS/core 16 https://github.com/backstage/backstage 16 https://github.com/yetiforcecompany/yetiforcecrm 16 https://github.com/pyload/pyload 16 https://github.com/OpenMage/magento-lts 16 https://github.com/sequelize/sequelize 16 https://github.com/laravel/framework 16 https://github.com/centreon/centreon 15 https://github.com/ethyca/fides 15 https://github.com/vantage6/vantage6 15 https://github.com/zendframework/zendframework 15 https://github.com/puppetlabs/puppet 15 https://github.com/apache/camel 15 https://github.com/dompdf/dompdf 15 https://github.com/decidim/decidim 15 https://github.com/denoland/deno 15 https://github.com/cobbler/cobbler 15 https://github.com/surrealdb/surrealdb 15 https://github.com/PHPMailer/PHPMailer 15 https://github.com/pyca/cryptography 15 https://github.com/janeczku/calibre-web 14 https://github.com/vercel/next.js 14 https://github.com/twisted/twisted 14 https://github.com/aio-libs/aiohttp 14 https://github.com/cockpit-hq/cockpit 14 https://github.com/xuxueli/xxl-job 14 https://github.com/dotnet/aspnetcore 14 https://github.com/ckeditor/ckeditor4 14 https://github.com/hashicorp/nomad 14 https://github.com/containerd/containerd 14 https://github.com/OpenRefine/OpenRefine 13 https://github.com/publify/publify 13 https://github.com/nodejs/undici 13 https://github.com/apache/dolphinscheduler 13 https://github.com/laurent22/joplin 13 https://github.com/dromara/hutool 13 https://github.com/golang/go 13 https://github.com/TryGhost/Ghost 13 https://github.com/ming-soft/MCMS 13 https://github.com/swagger-api/swagger-ui 13 https://github.com/modoboa/modoboa 13 https://github.com/quarkusio/quarkus 13 https://github.com/OPCFoundation/UA-.NETStandard 13 https://github.com/PHPOffice/PhpSpreadsheet 12 https://github.com/patriksimek/vm2 12 https://github.com/smarty-php/smarty 12 https://github.com/containers/podman 12 https://github.com/openfga/openfga 12 https://github.com/1Panel-dev/1Panel 12 https://github.com/opencontainers/runc 12 https://github.com/urllib3/urllib3 12 https://github.com/centreon/centreon-archived 12 https://github.com/wagtail/wagtail 12 https://github.com/pimcore/admin-ui-classic-bundle 12 https://github.com/apache/kylin 12 https://github.com/openstack/glance 12 https://github.com/puma/puma 12 https://github.com/cakephp/cakephp 11 https://github.com/ezsystems/ezpublish-kernel 11 https://github.com/matrix-org/matrix-js-sdk 11 https://github.com/Pylons/waitress 11 https://github.com/NodeBB/NodeBB 11 https://github.com/nats-io/nats-server 11 https://github.com/thorsten/phpMyFAQ 11 https://github.com/dolibarr/dolibarr 11 https://github.com/yiisoft/yii2 11 https://github.com/onionshare/onionshare 11 https://github.com/getsentry/sentry 11 https://github.com/owen2345/camaleon-cms 11 https://github.com/pomerium/pomerium 11 https://github.com/vaadin/flow 11 https://github.com/zenml-io/zenml 11 https://github.com/spring-projects/spring-security 11 https://github.com/Studio-42/elFinder 11 https://github.com/scrapy/scrapy 11 https://github.com/Sylius/Sylius 11 https://github.com/igniterealtime/Openfire 11 https://github.com/drupal/core 11 https://github.com/WWBN/AVideo 11 https://github.com/dpgaspar/Flask-AppBuilder 11 https://github.com/cloudflare/cfrpki 11 https://github.com/top-think/framework 11 https://github.com/nautobot/nautobot 10 https://github.com/DSpace/DSpace 10 https://github.com/Graylog2/graylog2-server 10