Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories

Browse all Security Advisories for

Loading...
High
GSA_kwCzR0hTQS05ODk1LTI2d3ItNGZnds4AA8IP
EZsystems Remote code execution in file uploads
Ecosystems: packagist
Packages: ezsystems/ezpublish-legacy
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 7 months ago
High
GSA_kwCzR0hTQS14OHhtLXdyanEtNWc1NM4AA8H3
Stakater Forecastle has a directory traversal vulnerability
Ecosystems: go
Packages: github.com/stakater/Forecastle
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS1wcWptLXhjcDgtd2dtbc4AA8Hw
Ez Platform and Legacy are prone to an insecure interpretation of PHP/PHAR uploads
Ecosystems: packagist
Packages: ezsystems/ezpublish-legacy
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 7 months ago
High
GSA_kwCzR0hTQS1wOW1wLXZxNHYtdjVtNc4AA8Hv
eZ Publish Legacy Passwordless login for LDAP users
Ecosystems: packagist
Packages: ezsystems/ezpublish-legacy
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS0ydmgzLWNqOWotbWNqNc4AA8Hu
eZ Publish Legacy Cross-site Scripting (XSS) in 'disabled module' error template
Ecosystems: packagist
Packages: ezsystems/ezpublish-legacy
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 7 months ago
High
GSA_kwCzR0hTQS02NHZqLTkzM2YtNnBtM84AA8Ht
eZ Platform Object Injection in SiteAccessMatchListener
Ecosystems: packagist
Packages: ezsystems/ezpublish-kernel
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 7 months ago
High
GSA_kwCzR0hTQS04MnJ2LTQ1cGMtdjI4d84AA8Hs
eZ Publish Legacy Patch EZSA-2018-001 for Several vulnerabilities
Ecosystems: packagist
Packages: ezsystems/ezpublish-legacy
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 7 months ago
High
GSA_kwCzR0hTQS1jYzJqLTkyanEtd2dqZ84AA8Hr
eZ Publish Information disclosure in backend content tree menu
Ecosystems: packagist
Packages: ezsystems/ezpublish-legacy
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 7 months ago
High
GSA_kwCzR0hTQS0zdndyLWpqNGYtaDk4eM4AA8Hq
eZ Publish Remote code execution in file uploads
Ecosystems: packagist
Packages: ezsystems/ezpublish-kernel
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS1xaGpjLWhnOTQtMjQ1ds4AA8Hp
eZ Platform Prevent accepting app.php in URL in Platform.sh
Ecosystems: packagist
Packages: ezsystems/ezplatform
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS05d3d4LWM3MjMtdm04eM4AA8Ho
eZ Platform REST API returns list of all SiteAccesses
Ecosystems: packagist
Packages: ezsystems/ezpublish-kernel
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS02eGNoLTJ2eHgtNXB2cs4AA8Hn
eZ Platform Rules to disable executable access are ignored on Platform.sh (eZ Cloud)
Ecosystems: packagist
Packages: ezsystems/ezplatform
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 7 months ago
High
GSA_kwCzR0hTQS00NXFtLWo0bTktd2h2Oc4AA8Hm
eZ Platform CSRF token in login form is disabled by default
Ecosystems: packagist
Packages: ezsystems/ezplatform
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 7 months ago
High
GSA_kwCzR0hTQS1oZnBwLTJ2aHctcXE0M84AA8Hl
eZ Platform Admin UI Password reset vulnerability
Ecosystems: packagist
Packages: ezsystems/ezplatform-user
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 7 months ago
High
GSA_kwCzR0hTQS0ydzlwLXh4cXItaDI1M84AA8Hk
eZ Platform Object Injection in SiteAccessMatchListener
Ecosystems: packagist
Packages: ezsystems/ezplatform-kernel
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 7 months ago
High
GSA_kwCzR0hTQS1xNzN2LTc5eDMtanYyd84AA8Hj
eZ Platform Admin UI Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: ezsystems/ezplatform-admin-ui
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 7 months ago
High
GSA_kwCzR0hTQS1jZzg0LTU1angtNDIzN84AA8Hi
eZ Platform Password reset vulnerability
Ecosystems: packagist
Packages: ezsystems/ezplatform-admin-ui
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS00YzJ3LXY1cnEtNW14N84AA8Hh
eZ Platform Editor Cross-site Scripting (XSS)
Ecosystems: packagist
Packages: ezsystems/ezplatform-admin-ui-assets
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS1qcnB3LTg4ODQtMjc0N84AA8Hg
eZ Platform Bundled jQuery affected by CVE-2019-11358
Ecosystems: packagist
Packages: ezsystems/ezplatform-admin-ui-assets
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 7 months ago
High
GSA_kwCzR0hTQS05Y3EyLXBjZ3ItOGg2Ms4AA8Hf
Cross-site Scripting in eZFind spellcheck
Ecosystems: packagist
Packages: ezsystems/ezfind-ls
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS14bXAzLTc3NDUtZzR2as4AA8He
ezsystems/ez-support-tools Failing access control in system info view
Ecosystems: packagist
Packages: ezsystems/ez-support-tools
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 7 months ago
High
GSA_kwCzR0hTQS1qcTlxLTZwNDItcXByN84AA8Hc
Cross-site Scripting (XSS) in DemoBundle/ezdemo bundled VideoJS
Ecosystems: packagist
Packages: ezsystems/ezdemo-ls-extension
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 7 months ago
High
GSA_kwCzR0hTQS04Yzg1LTRycjUtY2hyNM4AA8Hd
Cross-site Scripting (XSS) in DemoBundle/ezdemo bundled VideoJS
Ecosystems: packagist
Packages: ezsystems/demobundle
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS1tdmY2LTNmMmcteGZ4Zs4AA8Hb
endroid/qr-code-bundle File Disclosure via logo_path query parameter
Ecosystems: packagist
Packages: endroid/qr-code-bundle
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS1xZjY1LWhwaDktNDUzcs4AA8Ha
Drupal Cross-Site Scripting (XSS) affecting CKEditor Third-party library
Ecosystems: packagist
Packages: drupal/drupal
Source: GitHub Advisory Database
Blast Radius: 10.1
Published: 7 months ago
High
GSA_kwCzR0hTQS1qNjZwLWZ2cDItZnhoas4AA8HZ
Drupal core Arbitrary PHP code execution
Ecosystems: packagist
Packages: drupal/drupal
Source: GitHub Advisory Database
Blast Radius: 17.1
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS0zMzd3LWZ4cHEtNW0zNM4AA8HY
Drupal core uses a vulnerable Third-party library CKEditor
Ecosystems: packagist
Packages: drupal/drupal
Source: GitHub Advisory Database
Blast Radius: 9.2
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS13eGZnLTI1M2ctbTdyNM4AA8HX
Drupal core Open Redirect vulnerability
Ecosystems: packagist
Packages: drupal/drupal
Source: GitHub Advisory Database
Blast Radius: 9.5
Published: 7 months ago
High
GSA_kwCzR0hTQS1tOWZ2LXdocTItNndtY84AA8HW
Drupal core Multiple vulnerabilities due to the use of the third-party library Archive_Tar
Ecosystems: packagist
Packages: drupal/drupal
Source: GitHub Advisory Database
Blast Radius: 17.8
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS01eDI4LTNmMzIteDUyM84AA8HV
Drupal core Access control bypass
Ecosystems: packagist
Packages: drupal/drupal
Source: GitHub Advisory Database
Blast Radius: 9.5
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS13MzMzLTVmOTYtbWpycs4AA8HU
Drupal core Denial of Service
Ecosystems: packagist
Packages: drupal/drupal
Source: GitHub Advisory Database
Blast Radius: 11.7
Published: 7 months ago
Critical
GSA_kwCzR0hTQS1qZjhjLTM2dnctOTh4NM4AA8HT
Drupal core Remote Code Execution
Ecosystems: packagist
Packages: drupal/drupal
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 7 months ago
Critical
GSA_kwCzR0hTQS1qang3LTg0NjItdzRtNM4AA8HS
Drupal Core Insufficient Contextual Links validation leads to Remote Code Execution
Ecosystems: packagist
Packages: drupal/drupal
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS01OHh2LTdoOXItbXgzY84AA8HR
Drupal Malicious file upload with filenames stating with dot
Ecosystems: packagist
Packages: drupal/drupal
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS14NnYyLXhtcnEtNTc0as4AA8HQ
Drupal Anonymous Open Redirect
Ecosystems: packagist
Packages: drupal/drupal
Source: GitHub Advisory Database
Blast Radius: 12.8
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS04Nnh3LXZtY3gtOW1qNM4AA8HP
Drupal Content moderation Access bypass
Ecosystems: packagist
Packages: drupal/drupal
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS1yNjdyLTQyd3gtYzhyN84AA8HO
Drupal External URL injection through URL aliases leading to Open Redirect
Ecosystems: packagist
Packages: drupal/drupal
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS12ZmdjLWM3NmgtbXdoNM4AA8HN
Drupal core Cross-Site Scripting (XSS) vulnerabilities
Ecosystems: packagist
Packages: drupal/core
Source: GitHub Advisory Database
Blast Radius: 19.7
Published: 7 months ago
High
GSA_kwCzR0hTQS1neHhqLWc5djgtdzI4cM4AA8HM
Drupal core Arbitrary PHP code execution
Ecosystems: packagist
Packages: drupal/core
Source: GitHub Advisory Database
Blast Radius: 29.0
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS02Z2Y2LTI0aDItNjZqNM4AA8HL
Drupal core Open Redirect vulnerability
Ecosystems: packagist
Packages: drupal/core
Source: GitHub Advisory Database
Blast Radius: 16.0
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS12MjczLWo1aHEtMjZ4cM4AA8HK
Drupal core uses a vulnerable Third-party library CKEditor
Ecosystems: packagist
Packages: drupal/core
Source: GitHub Advisory Database
Blast Radius: 15.6
Published: 7 months ago
High
GSA_kwCzR0hTQS05OGg5LTcyN20tNDRxds4AA8HJ
Drupal core Multiple vulnerabilities due to the use of the third-party library Archive_Tar
Ecosystems: packagist
Packages: drupal/core
Source: GitHub Advisory Database
Blast Radius: 30.2
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS1taDRoLTI3Z3EtY3h3as4AA8HI
Drupal core Access bypass
Ecosystems: packagist
Packages: drupal/core
Source: GitHub Advisory Database
Blast Radius: 16.0
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS03Z3dqLTdmaG0tdnc0d84AA8HH
Drupal core unrestricted file upload
Ecosystems: packagist
Packages: drupal/core
Source: GitHub Advisory Database
Blast Radius: 24.6
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS1wcjk5LWMzM3AtZndmNs4AA8HG
Drupal core Denial of Service
Ecosystems: packagist
Packages: drupal/core
Source: GitHub Advisory Database
Blast Radius: 19.7
Published: 7 months ago
Critical
GSA_kwCzR0hTQS03djY4LTNwcjUtaDNjcs4AA8HF
Drupal Core Insufficient Contextual Links validation leads to Remote Code Execution
Ecosystems: packagist
Packages: drupal/core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 7 months ago
Critical
GSA_kwCzR0hTQS02bWdwLXY1Y20tZ2hnNc4AA8HE
Drupal core Remote Code Execution
Ecosystems: packagist
Packages: drupal/core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS1nZnZmLTJmMjUtZjM0cs4AA8HD
Drupal Anonymous Open Redirect
Ecosystems: packagist
Packages: drupal/core
Source: GitHub Advisory Database
Blast Radius: 21.6
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS03ZjRmLXA3bXEtcDRmds4AA8HC
Drupal External URL injection through URL aliases leading to Open Redirect
Ecosystems: packagist
Packages: drupal/core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS1mODRxLW1najktOGpmY84AA8HB
Drupal Content moderation Access bypass
Ecosystems: packagist
Packages: drupal/core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 7 months ago
High
GSA_kwCzR0hTQS12anJnLXdwbTgtcmhyd84AA8HA
doctrine/orm Regression in Query Parenthesis can have Security Implications
Ecosystems: packagist
Packages: doctrine/orm
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 7 months ago
Critical
GSA_kwCzR0hTQS02cTl2LTRocTYtNW02N84AA8G_
Doctrine SQL injection vulnerability
Ecosystems: packagist
Packages: doctrine/orm
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS04Zmc3LWhwOTMtcWh2cs4AA8G-
wolfictl leaks GitHub tokens to remote non-GitHub git servers
Ecosystems: go
Packages: github.com/wolfi-dev/wolfictl
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS05d3Y4LTNoOGgteDJ3Y84AA8G9
doctrine/doctrine-module zero-valued authentication credentials vulnerability
Ecosystems: packagist
Packages: doctrine/doctrine-module
Source: GitHub Advisory Database
Blast Radius: 19.9
Published: 7 months ago
High
GSA_kwCzR0hTQS03Nnc4LW1xeDQtd2pyZs4AA8G8
Doctrine DBAL SQL injection possibility
Ecosystems: packagist
Packages: doctrine/dbal
Source: GitHub Advisory Database
Blast Radius: 41.7
Published: 7 months ago
Low
GSA_kwCzR0hTQS1xdmdnLXI2cnEtdndmeM4AA8G7
datadog/dd-trace Circumvents open_basedir INI directive
Ecosystems: packagist
Packages: datadog/dd-trace
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 7 months ago
High
GSA_kwCzR0hTQS13cTQzLThyNXAtdzNtY84AA8G6
contao/core PHP object injection vulnerability allows for arbitrary code execution
Ecosystems: packagist
Packages: contao/core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 7 months ago
Critical
GSA_kwCzR0hTQS13eHh3LTVncTYtajJnNc4AA8G5
contao/core Insufficient input validation allows for code injection and remote execution
Ecosystems: packagist
Packages: contao/core
Source: GitHub Advisory Database
Blast Radius: 25.1
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS03NnYyLTQ4dzYtY3J4cs4AA8GY
Bonitasoft Runtime Community edition's contains an insecure direct object references vulnerability
Ecosystems: maven
Packages: org.bonitasoft.engine:bonita-server
Source: GitHub Advisory Database
Blast Radius: 7.6
Published: 7 months ago
Critical
GSA_kwCzR0hTQS0yN3FyLTYzNm0td3hnMs4AA8GR
codeigniter/framework SQL injection in ODBC database driver
Ecosystems: packagist
Packages: codeigniter/framework
Source: GitHub Advisory Database
Blast Radius: 27.1
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS1xOWozLTRnaGotNmg1N84AA8GQ
Inadequate XSS Prevention in CodeIgniter/Framework Security Library
Ecosystems: packagist
Packages: codeigniter/framework
Source: GitHub Advisory Database
Blast Radius: 12.7
Published: 7 months ago
High
GSA_kwCzR0hTQS0ybTVnLTh4cHctNDJ2cM4AA8GP
OpenCFP Framework (Sentry) Account takeover via null password reset codes
Ecosystems: packagist
Packages: cartalyst/sentry
Source: GitHub Advisory Database
Blast Radius: 27.2
Published: 7 months ago
High
GSA_kwCzR0hTQS1wZ2o0LWc1ajQtY21meM4AA8GO
cart2quote/module-quotation-encoded Remote Code Execution via downloadCustomOptionAction
Ecosystems: packagist
Packages: cart2quote/module-quotation-encoded
Source: GitHub Advisory Database
Blast Radius: 2.1
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS00Y3YyLXhjNWYtcHg4aM4AA8GN
Denial of Service in extension "Code Highlight" (codehighlight)
Ecosystems: packagist
Packages: brotkrueml/codehighlight
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS02NXhoLWhoNzgtNjQ1NM4AA8GM
Denial of Service in extension "Code Highlight" (codehighlight)
Ecosystems: packagist
Packages: brotkrueml/codehighlight
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS04djV4LTZ2djUtanY0Z84AA8GL
amphp/http Host Header Injection vulnerability
Ecosystems: packagist
Packages: amphp/http
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS1nbTk4LWcyd2YtN2M2OM4AA8GK
amphp/artax Cookie leakage to wrong origins and non-restricted cookie acceptance
Ecosystems: packagist
Packages: amphp/artax
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS04anA5LW1wdjktOThyas4AA8GJ
amphp/http-client Header leakage on cross-domain redirects
Ecosystems: packagist
Packages: amphp/http-client
Source: GitHub Advisory Database
Blast Radius: 10.7
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS04N21wLXhjNHgteDhyaM4AA8GI
asymmetricrypt/asymmetricrypt Padding Oracle Vulnerability in RSA Encryption
Ecosystems: packagist
Packages: asymmetricrypt/asymmetricrypt
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 7 months ago
High
GSA_kwCzR0hTQS0zMnJ4LXh2dnItNHh2Oc4AA8GH
easyadmin-extension-bundle action case insensitivity
Ecosystems: packagist
Packages: alterphp/easyadmin-extension-bundle
Source: GitHub Advisory Database
Blast Radius: 10.8
Published: 7 months ago
Critical
GSA_kwCzR0hTQS1oNjNjLXh2cGYtMjY0as4AA8GG
ADOdb SQL injection vulnerability
Ecosystems: packagist
Packages: adodb/adodb-php
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 7 months ago
High
GSA_kwCzR0hTQS03N212LW1wMmotZ3h4aM4AA8GF
pygmentize Remote Code Execution
Ecosystems: packagist
Packages: 3f/pygmentize
Source: GitHub Advisory Database
Blast Radius: 6.3
Published: 7 months ago
Critical
GSA_kwCzR0hTQS00MnE3LTk1ajctdzYybc4AA8GE
Mautic is vulnerable to XSS vulnerability
Ecosystems: packagist
Packages: mautic/core
Source: GitHub Advisory Database
Blast Radius: 4.6
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS1mNm1tLTVmYzctM2czY84AA8GD
goreleaser shows environment by default
Ecosystems: go
Packages: github.com/goreleaser/goreleaser
Source: GitHub Advisory Database
Blast Radius: 21.9
Published: 7 months ago
High
GSA_kwCzR0hTQS1mOHY1LWptZmgtcHI2Oc4AA8GC
Grav Vulnerable to Arbitrary File Read to Account Takeover
Ecosystems: packagist
Packages: getgrav/grav
Source: GitHub Advisory Database
Blast Radius: 8.1
Published: 7 months ago
Critical
GSA_kwCzR0hTQS14M3dtLWhmZnItY2h3bc4AA8GB
Amazon JDBC Driver for Redshift SQL Injection via line comment generation
Ecosystems: maven
Packages: com.amazon.redshift:redshift-jdbc42
Source: GitHub Advisory Database
Blast Radius: 28.5
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS12NTU0LXh3Z3ctaGMzd84AA8GA
source-controller leaks Azure Storage SAS token into logs
Ecosystems: go
Packages: github.com/fluxcd/source-controller
Source: GitHub Advisory Database
Blast Radius: 8.2
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS1xanFnLTR3ZzctOTU3aM4AA8FL
azure-file-csi-driver leaks service account tokens in the logs
Ecosystems: go
Packages: sigs.k8s.io/azurefile-csi-driver
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS00dzUzLTZqdnAtZ2c1Ms4AA8Ez
sshpiper's enabling of proxy protocol without proper feature flagging allows faking source address
Ecosystems: go
Packages: github.com/tg123/sshpiper
Source: GitHub Advisory Database
Blast Radius: 1.6
Published: 7 months ago
High
GSA_kwCzR0hTQS1wOTc4LTU2aHEtcjQ5Ms4AA8Ex
Grafana folders admin only permission privilege escalation
Ecosystems: go
Packages: github.com/grafana/grafana
Source: GitHub Advisory Database
Blast Radius: 12.9
Published: 7 months ago
High
GSA_kwCzR0hTQS14NzQ0LW1tOHYtdnBncs4AA8Ew
Grafana Data source and plugin proxy endpoints could leak the authentication cookie to some destination plugins
Ecosystems: go
Packages: github.com/grafana/grafana
Source: GitHub Advisory Database
Blast Radius: 11.6
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS1najdtLTg1M3ItMjg5cs4AA8Ev
Grafana when using email as a username can block other users from signing in
Ecosystems: go
Packages: github.com/grafana/grafana
Source: GitHub Advisory Database
Blast Radius: 7.3
Published: 7 months ago
High
GSA_kwCzR0hTQS0yeDZnLWgyaGctcnE4NM4AA8Eu
Grafana Email addresses and usernames can not be trusted
Ecosystems: go
Packages: github.com/grafana/grafana
Source: GitHub Advisory Database
Blast Radius: 10.9
Published: 7 months ago
High
GSA_kwCzR0hTQS0zcDYyLTQyeDctZ3hnNc4AA8Et
Grafana User enumeration via forget password
Ecosystems: go
Packages: github.com/grafana/grafana
Source: GitHub Advisory Database
Blast Radius: 11.4
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS00NzI0LTdqd2MtM2Zwd84AA8Es
Grafana Spoofing originalUrl of snapshots
Ecosystems: go
Packages: github.com/grafana/grafana
Source: GitHub Advisory Database
Blast Radius: 11.4
Published: 7 months ago
Critical
GSA_kwCzR0hTQS12cWM0LW1wajgtanhjaM4AA8Er
Grafana Race condition allowing privilege escalation
Ecosystems: go
Packages: github.com/grafana/grafana
Source: GitHub Advisory Database
Blast Radius: 16.6
Published: 7 months ago
High
GSA_kwCzR0hTQS1mZjVjLTkzOHctOGM5cc4AA8Eq
Grafana Escalation from admin to server admin when auth proxy is used
Ecosystems: go
Packages: github.com/grafana/grafana
Source: GitHub Advisory Database
Blast Radius: 11.2
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS1qdjMyLTU1NzgtcHhqY84AA8Ep
Grafana Data source and plugin proxy endpoints leaking authentication tokens to some destination plugins
Ecosystems: go
Packages: github.com/grafana/grafana
Source: GitHub Advisory Database
Blast Radius: 8.3
Published: 7 months ago
High
GSA_kwCzR0hTQS1yaHhqLWdoNDYtanZ3OM4AA8Eo
Grafana Plugin signature bypass
Ecosystems: go
Packages: github.com/grafana/grafana
Source: GitHub Advisory Database
Blast Radius: 10.4
Published: 7 months ago
High
GSA_kwCzR0hTQS1teDQ3LTY0OTctM2Z2Ms4AA8En
Grafana account takeover via OAuth vulnerability
Ecosystems: go
Packages: github.com/grafana/grafana
Source: GitHub Advisory Database
Blast Radius: 12.1
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS02M2czLTlqcTMtbWNjds4AA8Em
Grafana API IDOR
Ecosystems: go
Packages: github.com/grafana/grafana
Source: GitHub Advisory Database
Blast Radius: 7.3
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS12dzdxLXAycWctNG01Zs4AA8El
Grafana Stored Cross-site Scripting in Unified Alerting
Ecosystems: go
Packages: github.com/grafana/grafana
Source: GitHub Advisory Database
Blast Radius: 12.4
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS14YzNwLTI4aHctcTI0Z84AA8Ek
Grafana proxy Cross-site Scripting
Ecosystems: go
Packages: github.com/grafana/grafana
Source: GitHub Advisory Database
Blast Radius: 11.6
Published: 7 months ago
Low
GSA_kwCzR0hTQS04d2poLTU5Y3ctOXhoNM4AA8Ej
Grafana Forward OAuth Identity Token can allow users to access some data sources
Ecosystems: go
Packages: github.com/grafana/grafana
Source: GitHub Advisory Database
Blast Radius: 3.7
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS03NTMzLWM4cXYtam05bc4AA8Ei
Grafana directory traversal for .cvs files
Ecosystems: go
Packages: github.com/grafana/grafana
Source: GitHub Advisory Database
Blast Radius: 7.3
Published: 7 months ago
Critical
GSA_kwCzR0hTQS1tcHdwLTQyeDYtNHdteM4AA8Eh
Grafana Fine-grained access control vulnerability
Ecosystems: go
Packages: github.com/grafana/grafana
Source: GitHub Advisory Database
Blast Radius: 15.5
Published: 7 months ago
Low
GSA_kwCzR0hTQS1jOWNwLTljNzUtOXY4Y84AA8Eg
containerd started with non-empty inheritable Linux process capabilities
Ecosystems: go
Packages: github.com/containerd/containerd
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 7 months ago
Low
GSA_kwCzR0hTQS1qajU0LTVxMm0tcTdwas4AA8Ef
NATS server TLS missing ciphersuite settings when CLI flags used
Ecosystems: go
Packages: github.com/nats-io/nats-server/v2
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS0ycTJmLWg4M3gtY3gzeM4AA8Ea
Reportico Web fails to invalidate cookies upon logout
Ecosystems: packagist
Packages: reportico-web/reportico
Source: GitHub Advisory Database
Blast Radius: 3.9
Published: 7 months ago
High
GSA_kwCzR0hTQS1oZjU0LWZxMm0tcDl2Ns4AA8Eb
dotmesh arbitrary file read and/or write
Ecosystems: go
Packages: github.com/dotmesh-io/dotmesh
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 months ago
Statistics
Advisories: 20,749
Packages: 9,077
Repositories: 5,549
Ecosystems: 12
Filter by Severity
Moderate 8,858 High 7,309 Critical 3,076 Low 1,150
Filter by Ecosystem
maven 5,878 packagist 4,636 pypi 4,397 npm 3,818 go 2,305 nuget 1,553 cargo 890 rubygems 880 swift 33 hex 32 actions 21 pub 9
Filter by Package
tensorflow 433 tensorflow-gpu 427 tensorflow-cpu 423 moodle/moodle 367 Microsoft.ChakraCore 247 magento/community-edition 235 org.jenkins-ci.main:jenkins-core 193 typo3/cms 174 org.apache.tomcat:tomcat 132 pimcore/pimcore 118 dolibarr/dolibarr 113 typo3/cms-core 106 Django 100 microweber/microweber 94 phpmyadmin/phpmyadmin 92 drupal/core 92 silverstripe/framework 85 apache-airflow 85 drupal/drupal 78 librenms/librenms 74 Plone 72 thorsten/phpmyfaq 70 com.fasterxml.jackson.core:jackson-databind 69 symfony/symfony 69 github.com/usememos/memos 64 ansible 63 github.com/mattermost/mattermost/server/v8 61 concrete5/concrete5 60 actionpack 60 salt 56 org.apache.struts:struts2-core 55 shopware/platform 52 org.keycloak:keycloak-core 52 apache-superset 51 github.com/grafana/grafana 49 nova 47 baserproject/basercms 47 mlflow 47 craftcms/cms 46 com.liferay.portal:release.portal.bom 46 django 44 nokogiri 43 rdiffweb 42 plone 41 showdoc/showdoc 40 shopware/core 40 intelliants/subrion 39 org.apache.tomcat.embed:tomcat-embed-core 38 vyper 38 froxlor/froxlor 38 github.com/rancher/rancher 38 mautic/core 37 org.xwiki.platform:xwiki-platform-oldcore 37 org.keycloak:keycloak-services 37 github.com/mattermost/mattermost-server/v6 37 github.com/hashicorp/vault 37 nilsteampassnet/teampass 37 com.thoughtworks.xstream:xstream 37 com.jfinal:jfinal 36 org.elasticsearch:elasticsearch 36 k8s.io/kubernetes 36 snipe/snipe-it 35 net.mingsoft:ms-mcms 35 matrix-synapse 35 moin 35 zendframework/zendframework1 34 github.com/answerdev/answer 34 gradio 34 io.undertow:undertow-core 34 org.jenkins-ci.plugins:script-security 33 keystone 32 github.com/argoproj/argo-cd 31 Pillow 31 opencv-contrib-python 31 parse-server 31 opencv-python 31 shopware/shopware 30 github.com/docker/docker 29 github.com/hashicorp/consul 29 getgrav/grav 29 mediawiki/core 28 github.com/hashicorp/nomad 28 github.com/argoproj/argo-cd/v2 27 centreon/centreon 27 pillow 26 github.com/cilium/cilium 26 prestashop/prestashop 26 directus 26 openssl-src 26 electron 26 gogs.io/gogs 25 rubygems-update 25 org.keycloak:keycloak-parent 25 org.apache.solr:solr-core 25 magento/core 24 org.springframework.security:spring-security-core 24 org.eclipse.jetty:jetty-server 24 contao/core-bundle 24 pocketmine/pocketmine-mp 23 simplesamlphp/simplesamlphp 23 rack 23 puppet 23 grumpydictator/firefly-iii 23 zendframework/zendframework 23 remdex/livehelperchat 23 ckb 22 getkirby/cms 22 tribalsystems/zenario 22 org.bouncycastle:bcprov-jdk14 22 @openzeppelin/contracts-upgradeable 21 org.apache.openmeetings:openmeetings-parent 21 Microsoft.AspNetCore.App.Runtime.win-x86 21 Microsoft.AspNetCore.App.Runtime.win-x64 21 activerecord 21 glance 21 org.apache.nifi:nifi 21 funadmin/funadmin 20 github.com/ethereum/go-ethereum 20 Microsoft.AspNetCore.App.Runtime.win-arm 20 code.gitea.io/gitea 20 @openzeppelin/contracts 20 org.cloudfoundry.identity:cloudfoundry-identity-server 20 laravel/framework 20 langchain 20 wasmtime 19 org.xwiki.platform:xwiki-platform-web-templates 19 org.springframework:spring-core 19 github.com/goharbor/harbor 19 DotNetNuke.Core 19 contao/contao 19 cobbler 18 topthink/framework 18 mercurial 18 Microsoft.AspNetCore.App.Runtime.win-arm64 18 Microsoft.AspNetCore.App.Runtime.osx-x64 18 Microsoft.AspNetCore.App.Runtime.linux-x64 18 Microsoft.AspNetCore.App.Runtime.linux-musl-x64 18 golang.org/x/net 18 Microsoft.AspNetCore.App.Runtime.linux-arm64 18 cockpit-hq/cockpit 18 Microsoft.AspNetCore.App.Runtime.linux-arm 18 next 18 com.liferay.portal:release.dxp.bom 18 github.com/traefik/traefik/v2 18 forkcms/forkcms 18 com.vaadin:vaadin-bom 18 mindsdb 18 genix/cms 17 francoisjacquet/rosariosis 17 notebook 17 symfony/security 17 opencart/opencart 17 org.apache.geode:geode-core 17 cakephp/cakephp 17 ezsystems/ezpublish-kernel 17 Microsoft.AspNetCore.App.Runtime.linux-musl-arm64 17 neutron 17 helm.sh/helm/v3 17 org.apache.dubbo:dubbo 16 ethyca-fides 16 typo3/cms-backend 16 rusqlite 16 org.apache.activemq:activemq-client 16 PaddlePaddle 16 sequelize 16 org.bouncycastle:bcprov-jdk15 16 openmage/magento-lts 16 paddlepaddle 16 pyload-ng 16 yetiforce/yetiforce-crm 16 phpbb/phpbb 16 org.apache.jspwiki:jspwiki-main 16 cryptography 16 github.com/zitadel/zitadel 16 tinymce 16 smarty/smarty 15 org.apache.struts.xwork:xwork-core 15 OctoPrint 15 calibreweb 15 ckeditor4 15 ghost 15 symfony/security-http 15 october/system 15 ec-cube/ec-cube 15 surrealdb 15 publify_core 14 pyftpdlib 14 github.com/containerd/containerd 14 swagger-ui 14 org.apache.inlong:manager-pojo 14 camaleon_cms 14 activesupport 14 org.apache.tomcat:tomcat-coyote 14 lollms 14 silverstripe/cms 14 dompdf/dompdf 14 aiohttp 14 github.com/nats-io/nats-server/v2 14 joplin 14 modoboa 14
Filter by Repository
https://github.com/tensorflow/tensorflow 433 https://github.com/moodle/moodle 218 https://github.com/chakra-core/ChakraCore 214 https://github.com/xwiki/xwiki-platform 183 https://github.com/jenkinsci/jenkins 150 https://github.com/pimcore/pimcore 113 https://github.com/django/django 113 https://github.com/apache/tomcat 101 https://github.com/apache/airflow 100 https://github.com/microweber/microweber 88 https://github.com/keycloak/keycloak 79 https://github.com/TYPO3/typo3 74 https://github.com/FasterXML/jackson-databind 70 https://github.com/thorsten/phpmyfaq 69 https://github.com/librenms/librenms 66 https://github.com/silverstripe/silverstripe-framework 64 https://github.com/symfony/symfony 64 https://github.com/usememos/memos 64 https://github.com/rails/rails 59 https://github.com/ansible/ansible 58 https://github.com/Dolibarr/dolibarr 56 https://github.com/kubernetes/kubernetes 53 https://github.com/python-pillow/Pillow 52 https://github.com/apache/struts 46 https://github.com/spring-projects/spring-framework 45 https://github.com/shopware/platform 43 https://github.com/ikus060/rdiffweb 42 https://github.com/argoproj/argo-cd 42 https://github.com/grafana/grafana 41 https://github.com/concretecms/concretecms 41 https://github.com/vyperlang/vyper 38 https://github.com/star7th/showdoc 38 https://github.com/phpmyadmin/phpmyadmin 38 https://github.com/magento/magento2 38 https://github.com/x-stream/xstream 37 https://github.com/openstack/nova 37 https://github.com/plone/Products.CMFPlone 37 https://github.com/octobercms/october 35 https://github.com/mautic/mautic 35 https://github.com/answerdev/answer 34 https://github.com/craftcms/cms 34 https://github.com/saltstack/salt 34 https://github.com/rancher/rancher 34 https://github.com/dotnet/runtime 33 https://github.com/apache/activemq 33 https://github.com/opencv/opencv 32 https://github.com/go-gitea/gitea 32 https://github.com/sparklemotion/nokogiri 32 https://github.com/matrix-org/synapse 32 https://github.com/parse-community/parse-server 31 https://github.com/mlflow/mlflow 31 https://github.com/gradio-app/gradio 31 https://github.com/PaddlePaddle/Paddle 31 https://github.com/snipe/snipe-it 30 https://github.com/shopware/shopware 28 https://github.com/openstack/keystone 28 https://github.com/CVEProject/cvelist 28 https://github.com/apache/inlong 27 https://github.com/froxlor/froxlor 26 https://github.com/cilium/cilium 26 https://github.com/baserproject/basercms 26 https://github.com/directus/directus 25 https://github.com/contao/contao 25 https://github.com/electron/electron 25 https://github.com/github/advisory-database 25 https://github.com/umbraco/Umbraco-CMS 25 https://github.com/TYPO3/TYPO3.CMS 24 https://github.com/strapi/strapi 24 https://github.com/getgrav/grav 24 https://github.com/gogs/gogs 24 https://github.com/apache/nifi 23 https://github.com/pmmp/PocketMine-MP 23 https://github.com/livehelperchat/livehelperchat 23 https://github.com/eclipse/jetty.project 23 https://github.com/firefly-iii/firefly-iii 23 https://github.com/hashicorp/consul 22 https://github.com/langchain-ai/langchain 22 https://github.com/PrestaShop/PrestaShop 22 https://github.com/nervosnetwork/ckb 22 https://github.com/jenkinsci/script-security-plugin 21 https://github.com/apache/cxf 21 https://github.com/netty/netty 21 https://github.com/OpenZeppelin/openzeppelin-contracts 20 https://github.com/funadmin/funadmin 20 https://github.com/jeecgboot/jeecg-boot 20 https://github.com/OpenNMS/opennms 20 https://github.com/undertow-io/undertow 20 https://github.com/simplesamlphp/simplesamlphp 20 https://github.com/bytecodealliance/wasmtime 20 https://github.com/cloudfoundry/uaa 19 https://github.com/bcgit/bc-java 19 https://github.com/zitadel/zitadel 19 https://github.com/getkirby/kirby 19 https://github.com/goharbor/harbor 19 https://github.com/nilsteampassnet/teampass 19 https://github.com/rubygems/rubygems 18 https://github.com/geoserver/geoserver 18 https://github.com/nilsteampassnet/TeamPass 18 https://github.com/intelliants/subrion 18 https://github.com/rack/rack 18 https://github.com/traefik/traefik 18 https://github.com/helm/helm 18 https://github.com/moby/moby 17 https://github.com/liufee/cms 17 https://github.com/vaadin/platform 17 https://github.com/mindsdb/mindsdb 17 https://github.com/opencast/opencast 17 https://github.com/hashicorp/vault 17 https://github.com/backstage/backstage 16 https://github.com/tinymce/tinymce 16 https://github.com/etcd-io/etcd 16 https://github.com/ethyca/fides 16 https://github.com/yetiforcecompany/yetiforcecrm 16 https://github.com/sequelize/sequelize 16 https://github.com/ethereum/go-ethereum 16 https://github.com/TYPO3-CMS/core 16 https://github.com/laravel/framework 16 https://github.com/denoland/deno 16 https://github.com/forkcms/forkcms 16 https://github.com/rusqlite/rusqlite 16 https://github.com/pyload/pyload 16 https://github.com/mattermost/mattermost 16 https://github.com/OpenMage/magento-lts 16 https://github.com/centreon/centreon 15 https://github.com/dompdf/dompdf 15 https://github.com/zendframework/zendframework 15 https://github.com/decidim/decidim 15 https://github.com/vantage6/vantage6 15 https://github.com/puppetlabs/puppet 15 https://github.com/surrealdb/surrealdb 15 https://github.com/apache/camel 15 https://github.com/pyca/cryptography 15 https://github.com/PHPMailer/PHPMailer 15 https://github.com/cobbler/cobbler 15 https://github.com/xuxueli/xxl-job 14 https://github.com/aio-libs/aiohttp 14 https://github.com/vercel/next.js 14 https://github.com/cockpit-hq/cockpit 14 https://github.com/janeczku/calibre-web 14 https://github.com/hashicorp/nomad 14 https://github.com/dotnet/aspnetcore 14 https://github.com/ckeditor/ckeditor4 14 https://github.com/twisted/twisted 14 https://github.com/containerd/containerd 14 https://github.com/publify/publify 13 https://github.com/OPCFoundation/UA-.NETStandard 13 https://github.com/golang/go 13 https://github.com/swagger-api/swagger-ui 13 https://github.com/laurent22/joplin 13 https://github.com/OpenRefine/OpenRefine 13 https://github.com/dromara/hutool 13 https://github.com/ming-soft/MCMS 13 https://github.com/apache/dolphinscheduler 13 https://github.com/nodejs/undici 13 https://github.com/TryGhost/Ghost 13 https://github.com/quarkusio/quarkus 13 https://github.com/modoboa/modoboa 13 https://github.com/openstack/glance 12 https://github.com/apache/kylin 12 https://github.com/centreon/centreon-archived 12 https://github.com/opencontainers/runc 12 https://github.com/openfga/openfga 12 https://github.com/puma/puma 12 https://github.com/patriksimek/vm2 12 https://github.com/urllib3/urllib3 12 https://github.com/pimcore/admin-ui-classic-bundle 12 https://github.com/containers/podman 12 https://github.com/smarty-php/smarty 12 https://github.com/PHPOffice/PhpSpreadsheet 12 https://github.com/1Panel-dev/1Panel 12 https://github.com/wagtail/wagtail 12 https://github.com/nats-io/nats-server 11 https://github.com/getsentry/sentry 11 https://github.com/zenml-io/zenml 11 https://github.com/vaadin/flow 11 https://github.com/cri-o/cri-o 11 https://github.com/NodeBB/NodeBB 11 https://github.com/dolibarr/dolibarr 11 https://github.com/spring-projects/spring-security 11 https://github.com/onionshare/onionshare 11 https://github.com/cakephp/cakephp 11 https://github.com/WWBN/AVideo 11 https://github.com/igniterealtime/Openfire 11 https://github.com/thorsten/phpMyFAQ 11 https://github.com/matrix-org/matrix-js-sdk 11 https://github.com/pomerium/pomerium 11 https://github.com/Studio-42/elFinder 11 https://github.com/Pylons/waitress 11 https://github.com/scrapy/scrapy 11 https://github.com/dpgaspar/Flask-AppBuilder 11 https://github.com/Sylius/Sylius 11 https://github.com/drupal/core 11 https://github.com/ezsystems/ezpublish-kernel 11 https://github.com/yiisoft/yii2 11 https://github.com/owen2345/camaleon-cms 11 https://github.com/top-think/framework 11 https://github.com/cloudflare/cfrpki 11 https://github.com/opencart/opencart 10 https://github.com/nocodb/nocodb 10