Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories

Browse all Security Advisories for

Loading...
Moderate
GSA_kwCzR0hTQS1oaGM3LXg5dzQtY3c0N84AA8EU
Microsoft Security Advisory CVE-2024-30046 | .NET Denial of Service Vulnerability
Ecosystems: nuget
Packages: Microsoft.AspNetCore.App.Runtime.win-x86, Microsoft.AspNetCore.App.Runtime.win-x64, Microsoft.AspNetCore.App.Runtime.win-arm64, Microsoft.AspNetCore.App.Runtime.win-arm, Microsoft.AspNetCore.App.Runtime.osx-x64, Microsoft.AspNetCore.App.Runtime.osx-arm64, Microsoft.AspNetCore.App.Runtime.linux-x64, Microsoft.AspNetCore.App.Runtime.linux-musl-x64, Microsoft.AspNetCore.App.Runtime.linux-musl-arm64, Microsoft.AspNetCore.App.Runtime.linux-musl-arm, Microsoft.AspNetCore.App.Runtime.linux-arm64, Microsoft.AspNetCore.App.Runtime.linux-arm
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS03ZmNyLThxdzYtOTJmcs4AA8ET
Microsoft Security Advisory CVE-2024-30045 | .NET Remote code Execution Vulnerability
Ecosystems: nuget
Packages: Microsoft.NetCore.App.Runtime.linux-musl-arm64, Microsoft.NetCore.App.Runtime.win-x86, Microsoft.NetCore.App.Runtime.win-x64, Microsoft.NetCore.App.Runtime.win-arm64, Microsoft.NetCore.App.Runtime.win-arm, Microsoft.NetCore.App.Runtime.osx-x64, Microsoft.NetCore.App.Runtime.osx-arm64, Microsoft.NetCore.App.Runtime.linux-x64, Microsoft.NetCore.App.Runtime.linux-musl-x64, Microsoft.NetCore.App.Runtime.linux-musl-arm, Microsoft.NetCore.App.Runtime.linux-arm64, Microsoft.NetCore.App.Runtime.linux-arm
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS03cGpyLTJyZ2gtZmM1Z84AA8ES
Anonymous PrestaShop customer can download other customers' invoices
Ecosystems: packagist
Packages: prestashop/prestashop
Source: GitHub Advisory Database
Blast Radius: 1.6
Published: 7 months ago
Critical
GSA_kwCzR0hTQS00NXZtLTNqMzgtN3A3OM4AA8ER
PrestaShop cross-site scripting via customer contact form in FO, through file upload
Ecosystems: packagist
Packages: prestashop/prestashop
Source: GitHub Advisory Database
Blast Radius: 2.9
Published: 7 months ago
Low
GSA_kwCzR0hTQS1qbXFwLTM3bTUtNDl3aM4AA8EQ
sshproxy vulnerable to SSH option injection
Ecosystems: go
Packages: github.com/cea-hpc/sshproxy
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS0yM2o0LW13NzYtNXY3aM4AA8EP
Scrapy allows redirect following in protocols other than HTTP
Ecosystems: pypi
Packages: Scrapy
Source: GitHub Advisory Database
Blast Radius: 22.4
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS1qbTN2LXF4bWgtaHh3ds4AA8EO
Scrapy's redirects ignoring scheme-specific proxy settings
Ecosystems: pypi
Packages: Scrapy
Source: GitHub Advisory Database
Blast Radius: 14.8
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS00cXFxLTl2cWYtM2gzZs4AA8EN
Scrapy leaks the authorization header on same-domain but cross-origin redirects
Ecosystems: pypi
Packages: Scrapy
Source: GitHub Advisory Database
Blast Radius: 20.3
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS01aDV2LWh3NDQtZjZnZ84AA8EM
Oceanic allows unsanitized user input to lead to path traversal in URLs
Ecosystems: npm
Packages: oceanic.js
Source: GitHub Advisory Database
Blast Radius: 7.6
Published: 7 months ago
High
GSA_kwCzR0hTQS0ydmpxLWhnNXctNWdtN84AA8EL
OctoPrint has an Authentication Bypass via X-Forwarded-For Header when autologinLocal is enabled
Ecosystems: pypi
Packages: OctoPrint
Source: GitHub Advisory Database
Blast Radius: 5.5
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS0zNmc4LTYycXYtNTk1N84AA8EK
TYPO3 vulnerable to an Uncontrolled Resource Consumption in the ShowImageController
Ecosystems: packagist
Packages: typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 19.0
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS1odzZjLTZnd3EtM20zbc4AA8EJ
TYPO3 vulnerable to Cross-Site Scripting in the ShowImageController
Ecosystems: packagist
Packages: typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 19.4
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS12Nm13LWg3dzYtNTl3M84AA8EI
TYPO3 vulnerable to Cross-Site Scripting in the Form Manager Module
Ecosystems: packagist
Packages: typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 19.4
Published: 7 months ago
Low
GSA_kwCzR0hTQS14and4LTc4eDctcTZqY84AA8EH
TYPO3 vulnerable to an HTML Injection in the History Module
Ecosystems: packagist
Packages: typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 12.6
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS13Y2h4LXJtNmgtN2pmNs4AA8Cf
Microsoft Power BI Client JavaScript SDK Information Disclosure Vulnerability
Ecosystems: nuget
Packages: Microsoft.PowerBI.JavaScript
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS1mcXc3LTgzOWotaHZ4as4AA8DF
PHP Censor uses a weak hashing algorithm for the remember me key
Ecosystems: packagist
Packages: php-censor/php-censor
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS05M3BmLW1yYzgtNGczaM4AA8C-
Konga is vulnerable to Cross Site Scripting (XSS) attacks
Ecosystems: npm
Packages: kongadmin
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS01MmdtLXFtZzMtcjRxcM4AA8CD
Apache Airflow: XSS vulnerability in Task Instance Log/Log Details
Ecosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Blast Radius: 17.2
Published: 7 months ago
Critical
GSA_kwCzR0hTQS12cGo4LXhmcWMtamN2Oc4AA79_
Cockpit CMS contains an arbitrary file upload vulenrability
Ecosystems: packagist
Packages: cockpit-hq/cockpit
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 months ago
High
GSA_kwCzR0hTQS1ncnY3LWZnNWMteG1qZ84AA7_S
Uncontrolled resource consumption in braces
Ecosystems: npm
Packages: braces
Source: GitHub Advisory Database
Blast Radius: 45.7
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS05NTJwLTZycnEtcmNqds4AA7_p
Regular Expression Denial of Service (ReDoS) in micromatch
Ecosystems: npm
Packages: micromatch
Source: GitHub Advisory Database
Blast Radius: 33.2
Published: 7 months ago
High
GSA_kwCzR0hTQS02d3ZmLWYydnctMzQyNc4AA78t
github.com/containers/image allows unexpected authenticated registry accesses
Ecosystems: go
Packages: github.com/containers/image/v5, github.com/containers/image
Source: GitHub Advisory Database
Blast Radius: 25.8
Published: 7 months ago
Low
GSA_kwCzR0hTQS1nOTV2LTNwajYtajQzM84AA7-q
Ant Media Server does not properly authorize non-administrative API calls
Ecosystems: maven
Packages: io.antmedia:ant-media-server
Source: GitHub Advisory Database
Blast Radius: 6.8
Published: 7 months ago
Critical
GSA_kwCzR0hTQS0zMzh4LWhmeDgtdng5eM4AA78P
Apache Karaf Cave: Cave SSRF and arbitrary file access
Ecosystems: maven
Packages: org.apache.karaf:cave
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS1tNDRqLWNmcm0tZzhxY84AA76G
Bouncy Castle crafted signature and public key can be used to trigger an infinite loop
Ecosystems: nuget, maven
Packages: BouncyCastle.Cryptography, BouncyCastle, org.bouncycastle:bctls-jdk15to18, org.bouncycastle:bctls-jdk14, org.bouncycastle:bctls-jdk18on, org.bouncycastle:bcprov-jdk14, org.bouncycastle:bcprov-jdk15to18, org.bouncycastle:bcprov-jdk15on, org.bouncycastle:bcprov-jdk18on
Source: GitHub Advisory Database
Blast Radius: 23.7
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS12NDM1LXhjOHgtd3ZyOc4AA76H
Bouncy Castle affected by timing side-channel for RSA key exchange ("The Marvin Attack")
Ecosystems: nuget, maven
Packages: BouncyCastle.Cryptography, BouncyCastle, org.bouncycastle:bctls-jdk15to18, org.bouncycastle:bctls-jdk14, org.bouncycastle:bctls-jdk18on, org.bouncycastle:bcprov-jdk14, org.bouncycastle:bcprov-jdk15to18, org.bouncycastle:bcprov-jdk15on, org.bouncycastle:bcprov-jdk18on, org.bouncycastle:bctls-fips
Source: GitHub Advisory Database
Blast Radius: 26.2
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS04eGZjLWdtNmctdmdwds4AA75b
Bouncy Castle certificate parsing issues cause high CPU usage during parameter evaluation.
Ecosystems: nuget, maven
Packages: BouncyCastle.Cryptography, BouncyCastle, org.bouncycastle:bc-fips, org.bouncycastle:bctls-jdk15to18, org.bouncycastle:bctls-jdk14, org.bouncycastle:bctls-jdk18on, org.bouncycastle:bcprov-jdk14, org.bouncycastle:bcprov-jdk15to18, org.bouncycastle:bcprov-jdk15on, org.bouncycastle:bcprov-jdk18on
Source: GitHub Advisory Database
Blast Radius: 23.7
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS1nNjVoLTM1ZjMteDJ3M84AA74v
Directus Lacks Session Tokens Invalidation
Ecosystems: npm
Packages: directus
Source: GitHub Advisory Database
Blast Radius: 11.1
Published: 7 months ago
High
GSA_kwCzR0hTQS1yMmhyLTR2NDgtZmp2M84AA74u
Nautobot's BANNER_* configuration can be used to inject arbitrary HTML content into Nautobot pages
Ecosystems: pypi
Packages: nautobot
Source: GitHub Advisory Database
Blast Radius: 12.5
Published: 7 months ago
High
GSA_kwCzR0hTQS1oNnI0LXh2dzYtamM1aM4AA74t
NocoDB Vulnerable to Stored Cross-Site Scripting in Formula.vue
Ecosystems: npm
Packages: nocodb
Source: GitHub Advisory Database
Blast Radius: 12.3
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS1wOHYzLW02NDMtNHhxeM4AA74s
Directus allows redacted data extraction on the API through "alias"
Ecosystems: npm
Packages: directus
Source: GitHub Advisory Database
Blast Radius: 10.1
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS04ZnhnLW1yMzQtanFyOM4AA74r
NocoDB SQL Injection vulnerability
Ecosystems: npm
Packages: nocodb
Source: GitHub Advisory Database
Blast Radius: 11.0
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS1xZzczLWczY2YtdmhoaM4AA74q
NocoDB Allows Preview of Files with Dangerous Content
Ecosystems: npm
Packages: nocodb
Source: GitHub Advisory Database
Blast Radius: 9.6
Published: 7 months ago
Low
GSA_kwCzR0hTQS1yOTVoLTl4OGYtcjNmN84AA74p
Nokogiri updates packaged libxml2 to v2.12.7 to resolve CVE-2024-34459
Ecosystems: rubygems
Packages: nokogiri
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 7 months ago
Critical
GSA_kwCzR0hTQS14Y3A0LTYydmotY3Ezcs4AA74o
@valtimo/components exposes access token to form.io
Ecosystems: npm
Packages: @valtimo/components
Source: GitHub Advisory Database
Blast Radius: 4.7
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS05Z2djLTg0NXYtZ2Nnds4AA74n
matrix-sdk-crypto contains a log exposure of private key of the server-side key backup
Ecosystems: cargo
Packages: matrix-sdk-crypto
Source: GitHub Advisory Database
Blast Radius: 8.7
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS13Z3g3LWpwNTYtNjVtcc4AA74m
Mantis Bug Tracker (MantisBT) vulnerable to cross-site scripting
Ecosystems: packagist
Packages: mantisbt/mantisbt
Source: GitHub Advisory Database
Blast Radius: 4.0
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS05OWpjLXdxbXItZmYycc4AA74l
MantisBT Vulnerable to Exposure of Sensitive Information to an Unauthorized Actor
Ecosystems: packagist
Packages: mantisbt/mantisbt
Source: GitHub Advisory Database
Blast Radius: 3.2
Published: 7 months ago
High
GSA_kwCzR0hTQS05M3gzLW03cHctcHBxbc4AA74k
Mantis Bug Tracker (MantisBT) allows user account takeover in the signup/reset password process
Ecosystems: packagist
Packages: mantisbt/mantisbt
Source: GitHub Advisory Database
Blast Radius: 4.4
Published: 7 months ago
Critical
GSA_kwCzR0hTQS01NnhnLXdmY2MtZzgyOc4AA74j
llama-cpp-python vulnerable to Remote Code Execution by Server-Side Template Injection in Model Metadata
Ecosystems: pypi
Packages: llama-cpp-python
Source: GitHub Advisory Database
Blast Radius: 31.3
Published: 7 months ago
Low
GSA_kwCzR0hTQS03NXI2LTZqZzgtcGZjcc4AA74i
octo-sts vulnerable to unauthenticated attacker causing unbounded CPU and memory usage
Ecosystems: go
Packages: github.com/octo-sts/app
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 months ago
High
GSA_kwCzR0hTQS1qY3FxLWc2NHYtZ2NtN84AA74Z
Previous ATX is not checked to be the newest valid ATX by Smesher when validating incoming ATX
Ecosystems: go
Packages: github.com/spacemeshos/api, github.com/spacemeshos/go-spacemesh
Source: GitHub Advisory Database
Blast Radius: 5.7
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS03cHJqLTljY3ItaHIzcc4AA74Y
Sylius has potential Cross Site Scripting vulnerability via the "Province" field in the Checkout and Address Book
Ecosystems: packagist
Packages: sylius/sylius
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS12MmY5LXJ2Nnctdnc4cs4AA74X
Sylius potentially vulnerable to Cross Site Scripting via "Name" field (Taxons, Products, Options, Variants) in Admin Panel
Ecosystems: packagist
Packages: sylius/sylius
Source: GitHub Advisory Database
Blast Radius: 13.8
Published: 7 months ago
Critical
GSA_kwCzR0hTQS14NTI1LTU0aGYteHI1M84AA74W
Blind XSS Leading to Froxlor Application Compromise
Ecosystems: packagist
Packages: froxlor/froxlor
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 months ago
Critical
GSA_kwCzR0hTQS1teGhxLXh3M2ctcnBoY84AA74V
lobe-chat `/api/proxy` endpoint Server-Side Request Forgery vulnerability
Ecosystems: npm
Packages: @lobehub/chat
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 months ago
Critical
GSA_kwCzR0hTQS13cGN2LTVqZ3AtNjlmM84AA74R
Genie Path Traversal vulnerability via File Uploads
Ecosystems: maven
Packages: com.netflix.genie:genie-web
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 months ago
Low
GSA_kwCzR0hTQS1nNDlxLWp3NDItNng4Nc4AA74Q
thelounge may publicly disclose of all usernames/idents via port 113
Ecosystems: npm
Packages: thelounge
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 7 months ago
High
GSA_kwCzR0hTQS1mcjVoLXJxcDgtbWo2Z84AA74P
Next.js Server-Side Request Forgery in Server Actions
Ecosystems: npm
Packages: next
Source: GitHub Advisory Database
Blast Radius: 41.5
Published: 7 months ago
High
GSA_kwCzR0hTQS03N3I1LWd3M2otMm1wZs4AA74O
Next.js Vulnerable to HTTP Request Smuggling
Ecosystems: npm
Packages: next
Source: GitHub Advisory Database
Blast Radius: 41.5
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS1mOGNoLXc3NXYtYzg0N84AA74N
1Panel arbitrary file write vulnerability
Ecosystems: go
Packages: github.com/1Panel-dev/1Panel
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 months ago
Critical
GSA_kwCzR0hTQS13NGg2LTl3cnAtdjVqcc4AA74M
Malicious Long Unicode filenames may cause a Multiple Application-level Denial of Service
Ecosystems: pypi
Packages: frigate
Source: GitHub Advisory Database
Blast Radius: 4.4
Published: 7 months ago
High
GSA_kwCzR0hTQS14OXZjLTZoZnYtaGc4Y84AA74L
Npgsql vulnerable to SQL Injection via Protocol Message Size Overflow
Ecosystems: nuget
Packages: Npgsql
Source: GitHub Advisory Database
Blast Radius: 18.3
Published: 7 months ago
High
GSA_kwCzR0hTQS0zOGdmLXJoMnctZ21qN84AA74H
@cyclonedx/cyclonedx-library Improper Restriction of XML External Entity Reference vulnerability
Ecosystems: npm
Packages: @cyclonedx/cyclonedx-library
Source: GitHub Advisory Database
Blast Radius: 7.7
Published: 7 months ago
Critical
GSA_kwCzR0hTQS1mM2g3LWdwamotd2N2aM4AA732
Spin applications with specific configuration vulnerable to potential network sandbox escape
Ecosystems: cargo
Packages: spin-sdk
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 7 months ago
High
GSA_kwCzR0hTQS1mZ2gzLXB3bXAtM3F3M84AA73r
Apache Inlong Deserialization of Untrusted Data vulnerability
Ecosystems: maven
Packages: org.apache.inlong:manager-pojo
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 7 months ago
High
GSA_kwCzR0hTQS0yM3J4LWMzZzUtaHY5d84AA73I
Deno permission escalation vulnerability via open of privileged files with missing `--deny` flag
Ecosystems: cargo
Packages: deno
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS02NDl4LWh4ZngtNTdqMs4AA73H
Vitess vulnerable to infinite memory consumption and vtgate crash
Ecosystems: go
Packages: vitess.io/vitess, github.com/vitessio/vitess
Source: GitHub Advisory Database
Blast Radius: 11.6
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS1wMzQzLTlxd3AtcHF4ds4AA71B
Neo4j Cypher component mishandles IMMUTABLE privileges
Ecosystems: maven
Packages: org.neo4j:neo4j-cypher
Source: GitHub Advisory Database
Blast Radius: 16.5
Published: 7 months ago
Low
GSA_kwCzR0hTQS02ZjN2LTJyMmotMnJwcs4AA70x
Kimai information disclosure vulnerability
Ecosystems: packagist
Packages: kimai/kimai
Source: GitHub Advisory Database
Blast Radius: 4.5
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS02NGNtLTNjajMtNjdoZs4AA70r
MS Basic Cross-site Scripting vulnerability
Ecosystems: maven
Packages: net.mingsoft:ms-basic
Source: GitHub Advisory Database
Blast Radius: 4.1
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS1xanFwLXhyOTYtY2o5Oc4AA70j
Trix Editor Arbitrary Code Execution Vulnerability
Ecosystems: rubygems, npm
Packages: actiontext, trix
Source: GitHub Advisory Database
Blast Radius: 44.9
Published: 7 months ago
High
GSA_kwCzR0hTQS04N2hxLXE0Z3AtOXdyNM4AA70i
react-pdf vulnerable to arbitrary JavaScript execution upon opening a malicious PDF with PDF.js
Ecosystems: npm
Packages: react-pdf
Source: GitHub Advisory Database
Blast Radius: 27.6
Published: 7 months ago
Critical
GSA_kwCzR0hTQS14ZmpqLWY2OTktcmM3Oc4AA70K
tiagorlampert CHAOS vulnerable to arbitrary code execution
Ecosystems: go
Packages: github.com/tiagorlampert/CHAOS
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS0yOTlxLTNwOTYtNTg5OM4AA70V
Apache Superset Incorrect Authorization vulnerability
Ecosystems: pypi
Packages: apache-superset
Source: GitHub Advisory Database
Blast Radius: 5.8
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS0yeDUyLThmMjktN2Nqcs4AA70W
Eclipse Dataspace Components vulnerable to OAuth2 client secret disclosure
Ecosystems: maven
Packages: org.eclipse.edc:connector-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 months ago
High
GSA_kwCzR0hTQS05YzV3LTlxM2YtM2h2N84AA70G
Minder's GitHub Webhook Handler vulnerable to DoS from un-validated requests
Ecosystems: go
Packages: github.com/stacklok/minder
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 months ago
High
GSA_kwCzR0hTQS13Z3JtLTY3eGYtaGhwcc4AA7z7
PDF.js vulnerable to arbitrary JavaScript execution upon opening a malicious PDF
Ecosystems: npm
Packages: pdfjs-dist
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 7 months ago
High
GSA_kwCzR0hTQS13dmh4LXE0MjctZmdoM84AA7xy
Arbitrary HTML present after sanitization because of unicode normalization
Ecosystems: pypi
Packages: html-sanitizer
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 7 months ago
High
GSA_kwCzR0hTQS0yZzY4LWMzcWMtODk4Nc4AA7xx
Werkzeug debugger vulnerable to remote execution when interacting with attacker controlled domain
Ecosystems: pypi
Packages: Werkzeug
Source: GitHub Advisory Database
Blast Radius: 36.0
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS1oNzV2LTN2dmotNW1mas4AA7xw
Jinja vulnerable to HTML attribute injection when passing user input as keys to xmlattr filter
Ecosystems: pypi
Packages: Jinja2
Source: GitHub Advisory Database
Blast Radius: 27.7
Published: 7 months ago
High
GSA_kwCzR0hTQS04M3B2LXFyMzMtMnZjZs4AA7xv
Litestar and Starlite vulnerable to Path Traversal
Ecosystems: pypi
Packages: starlite, litestar
Source: GitHub Advisory Database
Blast Radius: 16.3
Published: 7 months ago
High
GSA_kwCzR0hTQS00eGM5LThobXEtajY1Ms4AA7xu
go-ethereum vulnerable to DoS via malicious p2p message
Ecosystems: go
Packages: github.com/ethereum/go-ethereum
Source: GitHub Advisory Database
Blast Radius: 28.8
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS12amM0LTN2Z3gtcHE5aM4AA7wx
Nebari prints temporary Keycloak root password
Ecosystems: pypi
Packages: nebari
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS0yM3FxLXA0Z3EtZ2MyZ84AA7w2
WordOps has TOCTOU race condition
Ecosystems: pypi
Packages: wordops
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 7 months ago
High
GSA_kwCzR0hTQS02cGptLWhtdmYtaDRycs4AA7wo
image-optimizer allows PHAR deserialization
Ecosystems: packagist
Packages: spatie/image-optimizer
Source: GitHub Advisory Database
Blast Radius: 33.0
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS0zNHJmLXAzcjMtNTh4Ms4AA7wl
Gradio's Component Server does not properly consider` _is_server_fn` for functions
Ecosystems: pypi
Packages: gradio
Source: GitHub Advisory Database
Blast Radius: 26.5
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS0zamdmLXI2OGgteGZxbc4AA7wZ
btcd susceptible to consensus failures
Ecosystems: go
Packages: github.com/btcsuite/btcd
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 7 months ago
High
GSA_kwCzR0hTQS1mZnA5LXBmcTktZzJ3d84AA7wV
Ryu Infinite Loop vulnerability
Ecosystems: pypi
Packages: ryu
Source: GitHub Advisory Database
Blast Radius: 16.4
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS1jN3c2LTMzajMtajNteM4AA7wU
Ryu Infinite Loop vulnerability
Ecosystems: pypi
Packages: ryu
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS1tOXZtLThtdjktdjV2M84AA7wT
Ryu Infinite Loop vulnerability
Ecosystems: pypi
Packages: ryu
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 7 months ago
High
GSA_kwCzR0hTQS01OXAyLXY2MngtZ3hqOM4AA7wY
Ryu Infinite Loop vulnerability
Ecosystems: pypi
Packages: ryu
Source: GitHub Advisory Database
Blast Radius: 16.4
Published: 7 months ago
High
GSA_kwCzR0hTQS1mZ3B3LWN4M3Ytd2o5Nc4AA7wX
Ryu Infinite Loop vulnerability
Ecosystems: pypi
Packages: ryu
Source: GitHub Advisory Database
Blast Radius: 16.4
Published: 7 months ago
High
GSA_kwCzR0hTQS03aG1tLXdnMjMtMnc3bc4AA7wS
Ryu Infinite Loop vulnerability
Ecosystems: pypi
Packages: ryu
Source: GitHub Advisory Database
Blast Radius: 16.4
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS05NjlmLXY3anYtcGdqM84AA7wL
ThinkPHP Cross-Site Scripting Vulnerability
Ecosystems: packagist
Packages: topthink/framework
Source: GitHub Advisory Database
Blast Radius: 21.4
Published: 7 months ago
Critical
GSA_kwCzR0hTQS1ocjJyLXc2d2MtMjVwds4AA7wE
Zenario uses Twig filters insecurely in the Twig Snippet plugin
Ecosystems: packagist
Packages: tribalsystems/zenario
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS03cXdqLWdjamYtODI4Zs4AA7wF
Zenario's Tree Explorer tool from Organizer affected by Cross-site Scripting
Ecosystems: packagist
Packages: tribalsystems/zenario
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS1oZnJ2LWgzcTgtOWpwcs4AA7v7
kurwov vulnerable to Denial of Service due to improper data sanitization
Ecosystems: npm
Packages: kurwov
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS1xcTIyLWpqOHgtNHd3ds4AA7v6
Pterodactyl Wings vulnerable to Server-Side Request Forgery during remote file pull
Ecosystems: go
Packages: github.com/pterodactyl/wings
Source: GitHub Advisory Database
Blast Radius: 1.9
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS0zODR3LXdmZnIteDYzcc4AA7v5
Pterodactyl panel's admin area vulnerable to Cross-site Scripting
Ecosystems: packagist
Packages: pterodactyl/panel
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 months ago
High
GSA_kwCzR0hTQS1ncW1mLWpxZ3Ytdjhmd84AA7v4
Pterodactyl Wings vulnerable to Arbitrary File Write/Read
Ecosystems: go
Packages: github.com/pterodactyl/wings
Source: GitHub Advisory Database
Blast Radius: 2.6
Published: 7 months ago
High
GSA_kwCzR0hTQS03cGMzLXByM3EtNTh2Z84AA7v3
sagemaker-python-sdk Command Injection vulnerability
Ecosystems: pypi
Packages: sagemaker
Source: GitHub Advisory Database
Blast Radius: 22.1
Published: 7 months ago
High
GSA_kwCzR0hTQS13anZ4LWpocGotcjU0cs4AA7v2
sagemaker-python-sdk vulnerable to Deserialization of Untrusted Data
Ecosystems: pypi
Packages: sagemaker
Source: GitHub Advisory Database
Blast Radius: 22.1
Published: 7 months ago
Low
GSA_kwCzR0hTQS1jM2htLWh4d2YtZzVjNs4AA7v1
vodozemac has degraded secret zeroization capabilities
Ecosystems: cargo
Packages: vodozemac
Source: GitHub Advisory Database
Blast Radius: 3.5
Published: 7 months ago
Low
GSA_kwCzR0hTQS1nN3Z2LTJ2N3gtZ2o5cM4AA7v0
tqdm CLI arguments injection attack
Ecosystems: pypi
Packages: tqdm
Source: GitHub Advisory Database
Blast Radius: 20.0
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS1tNWpmLThjcm0tcjY1bc4AA7ve
Vditor allows Cross-site Scripting via an attribute of an `A` element
Ecosystems: npm
Packages: vditor
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 7 months ago
Low
GSA_kwCzR0hTQS0zNzdwLWc4Z3ItNXdwZ84AA7vn
LIEF obtain sensitive information via the name parameter
Ecosystems: pypi
Packages: lief
Source: GitHub Advisory Database
Blast Radius: 12.4
Published: 7 months ago
Low
GSA_kwCzR0hTQS00aDhmLTJ3dngtZ2c1d84AA7vg
Bouncy Castle Java Cryptography API vulnerable to DNS poisoning
Ecosystems: maven
Packages: org.bouncycastle:bcprov-jdk12, org.bouncycastle:bcprov-jdk13, org.bouncycastle:bcprov-jdk14, org.bouncycastle:bcprov-jdk15to18, org.bouncycastle:bcprov-jdk18on
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 7 months ago
High
GSA_kwCzR0hTQS02ZmcyLWh2ajktODMyZs4AA7vf
piraeus-operator allows attacker to impersonate service account
Ecosystems: go
Packages: github.com/piraeusdatastore/piraeus-operator/v2
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS1wd2djLXc0eDktZ3c2N84AA7vS
changedetection.io Cross-site Scripting vulnerability
Ecosystems: pypi
Packages: changedetection.io
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 months ago
Statistics
Advisories: 20,749
Packages: 9,077
Repositories: 5,549
Ecosystems: 12
Filter by Severity
Moderate 8,858 High 7,309 Critical 3,076 Low 1,150
Filter by Ecosystem
maven 5,878 packagist 4,636 pypi 4,397 npm 3,818 go 2,305 nuget 1,553 cargo 890 rubygems 880 swift 33 hex 32 actions 21 pub 9
Filter by Package
tensorflow 433 tensorflow-gpu 427 tensorflow-cpu 423 moodle/moodle 367 Microsoft.ChakraCore 247 magento/community-edition 235 org.jenkins-ci.main:jenkins-core 193 typo3/cms 174 org.apache.tomcat:tomcat 132 pimcore/pimcore 118 dolibarr/dolibarr 113 typo3/cms-core 106 Django 100 microweber/microweber 94 phpmyadmin/phpmyadmin 92 drupal/core 92 silverstripe/framework 85 apache-airflow 85 drupal/drupal 78 librenms/librenms 74 Plone 72 thorsten/phpmyfaq 70 symfony/symfony 69 com.fasterxml.jackson.core:jackson-databind 69 github.com/usememos/memos 64 ansible 63 github.com/mattermost/mattermost/server/v8 61 actionpack 60 concrete5/concrete5 60 salt 56 org.apache.struts:struts2-core 55 org.keycloak:keycloak-core 52 shopware/platform 52 apache-superset 51 github.com/grafana/grafana 49 baserproject/basercms 47 mlflow 47 nova 47 craftcms/cms 46 com.liferay.portal:release.portal.bom 46 django 44 nokogiri 43 rdiffweb 42 plone 41 shopware/core 40 showdoc/showdoc 40 intelliants/subrion 39 froxlor/froxlor 38 vyper 38 github.com/rancher/rancher 38 org.apache.tomcat.embed:tomcat-embed-core 38 org.xwiki.platform:xwiki-platform-oldcore 37 mautic/core 37 github.com/hashicorp/vault 37 com.thoughtworks.xstream:xstream 37 org.keycloak:keycloak-services 37 github.com/mattermost/mattermost-server/v6 37 nilsteampassnet/teampass 37 org.elasticsearch:elasticsearch 36 com.jfinal:jfinal 36 k8s.io/kubernetes 36 snipe/snipe-it 35 matrix-synapse 35 net.mingsoft:ms-mcms 35 moin 35 gradio 34 zendframework/zendframework1 34 github.com/answerdev/answer 34 io.undertow:undertow-core 34 org.jenkins-ci.plugins:script-security 33 keystone 32 Pillow 31 parse-server 31 github.com/argoproj/argo-cd 31 opencv-contrib-python 31 opencv-python 31 shopware/shopware 30 github.com/hashicorp/consul 29 github.com/docker/docker 29 getgrav/grav 29 mediawiki/core 28 github.com/hashicorp/nomad 28 github.com/argoproj/argo-cd/v2 27 centreon/centreon 27 github.com/cilium/cilium 26 pillow 26 electron 26 openssl-src 26 directus 26 prestashop/prestashop 26 gogs.io/gogs 25 org.apache.solr:solr-core 25 rubygems-update 25 org.keycloak:keycloak-parent 25 contao/core-bundle 24 org.springframework.security:spring-security-core 24 org.eclipse.jetty:jetty-server 24 magento/core 24 grumpydictator/firefly-iii 23 rack 23 zendframework/zendframework 23 puppet 23 remdex/livehelperchat 23 pocketmine/pocketmine-mp 23 simplesamlphp/simplesamlphp 23 org.bouncycastle:bcprov-jdk14 22 getkirby/cms 22 tribalsystems/zenario 22 ckb 22 Microsoft.AspNetCore.App.Runtime.win-x86 21 Microsoft.AspNetCore.App.Runtime.win-x64 21 org.apache.nifi:nifi 21 activerecord 21 org.apache.openmeetings:openmeetings-parent 21 glance 21 @openzeppelin/contracts-upgradeable 21 code.gitea.io/gitea 20 laravel/framework 20 Microsoft.AspNetCore.App.Runtime.win-arm 20 github.com/ethereum/go-ethereum 20 funadmin/funadmin 20 @openzeppelin/contracts 20 org.cloudfoundry.identity:cloudfoundry-identity-server 20 langchain 20 contao/contao 19 wasmtime 19 org.xwiki.platform:xwiki-platform-web-templates 19 github.com/goharbor/harbor 19 org.springframework:spring-core 19 DotNetNuke.Core 19 github.com/traefik/traefik/v2 18 cockpit-hq/cockpit 18 mercurial 18 forkcms/forkcms 18 Microsoft.AspNetCore.App.Runtime.linux-arm64 18 Microsoft.AspNetCore.App.Runtime.win-arm64 18 mindsdb 18 next 18 com.vaadin:vaadin-bom 18 Microsoft.AspNetCore.App.Runtime.linux-arm 18 Microsoft.AspNetCore.App.Runtime.linux-x64 18 cobbler 18 com.liferay.portal:release.dxp.bom 18 Microsoft.AspNetCore.App.Runtime.linux-musl-x64 18 Microsoft.AspNetCore.App.Runtime.osx-x64 18 topthink/framework 18 golang.org/x/net 18 genix/cms 17 notebook 17 opencart/opencart 17 cakephp/cakephp 17 symfony/security 17 helm.sh/helm/v3 17 ezsystems/ezpublish-kernel 17 org.apache.geode:geode-core 17 francoisjacquet/rosariosis 17 Microsoft.AspNetCore.App.Runtime.linux-musl-arm64 17 neutron 17 openmage/magento-lts 16 paddlepaddle 16 org.bouncycastle:bcprov-jdk15 16 org.apache.activemq:activemq-client 16 tinymce 16 github.com/zitadel/zitadel 16 yetiforce/yetiforce-crm 16 sequelize 16 rusqlite 16 org.apache.jspwiki:jspwiki-main 16 typo3/cms-backend 16 phpbb/phpbb 16 pyload-ng 16 PaddlePaddle 16 cryptography 16 ethyca-fides 16 org.apache.dubbo:dubbo 16 ghost 15 OctoPrint 15 calibreweb 15 smarty/smarty 15 org.apache.struts.xwork:xwork-core 15 ec-cube/ec-cube 15 october/system 15 surrealdb 15 ckeditor4 15 symfony/security-http 15 feehi/cms 14 org.apache.tomcat:tomcat-coyote 14 lollms 14 bolt/bolt 14 publify_core 14 pyftpdlib 14 swagger-ui 14 phpmailer/phpmailer 14 github.com/nats-io/nats-server/v2 14 org.apache.inlong:manager-pojo 14 camaleon_cms 14 modoboa 14 org.xwiki.platform:xwiki-platform-web 14 joplin 14 aiohttp 14
Filter by Repository
https://github.com/tensorflow/tensorflow 433 https://github.com/moodle/moodle 218 https://github.com/chakra-core/ChakraCore 214 https://github.com/xwiki/xwiki-platform 183 https://github.com/jenkinsci/jenkins 150 https://github.com/pimcore/pimcore 113 https://github.com/django/django 113 https://github.com/apache/tomcat 101 https://github.com/apache/airflow 100 https://github.com/microweber/microweber 88 https://github.com/keycloak/keycloak 79 https://github.com/TYPO3/typo3 74 https://github.com/FasterXML/jackson-databind 70 https://github.com/thorsten/phpmyfaq 69 https://github.com/librenms/librenms 66 https://github.com/usememos/memos 64 https://github.com/symfony/symfony 64 https://github.com/silverstripe/silverstripe-framework 64 https://github.com/rails/rails 59 https://github.com/ansible/ansible 58 https://github.com/Dolibarr/dolibarr 56 https://github.com/kubernetes/kubernetes 53 https://github.com/python-pillow/Pillow 52 https://github.com/apache/struts 46 https://github.com/spring-projects/spring-framework 45 https://github.com/shopware/platform 43 https://github.com/ikus060/rdiffweb 42 https://github.com/argoproj/argo-cd 42 https://github.com/grafana/grafana 41 https://github.com/concretecms/concretecms 41 https://github.com/vyperlang/vyper 38 https://github.com/star7th/showdoc 38 https://github.com/phpmyadmin/phpmyadmin 38 https://github.com/magento/magento2 38 https://github.com/x-stream/xstream 37 https://github.com/openstack/nova 37 https://github.com/plone/Products.CMFPlone 37 https://github.com/octobercms/october 35 https://github.com/mautic/mautic 35 https://github.com/answerdev/answer 34 https://github.com/craftcms/cms 34 https://github.com/saltstack/salt 34 https://github.com/rancher/rancher 34 https://github.com/dotnet/runtime 33 https://github.com/apache/activemq 33 https://github.com/opencv/opencv 32 https://github.com/go-gitea/gitea 32 https://github.com/matrix-org/synapse 32 https://github.com/sparklemotion/nokogiri 32 https://github.com/parse-community/parse-server 31 https://github.com/PaddlePaddle/Paddle 31 https://github.com/mlflow/mlflow 31 https://github.com/gradio-app/gradio 31 https://github.com/snipe/snipe-it 30 https://github.com/openstack/keystone 28 https://github.com/shopware/shopware 28 https://github.com/CVEProject/cvelist 28 https://github.com/apache/inlong 27 https://github.com/baserproject/basercms 26 https://github.com/cilium/cilium 26 https://github.com/froxlor/froxlor 26 https://github.com/electron/electron 25 https://github.com/umbraco/Umbraco-CMS 25 https://github.com/github/advisory-database 25 https://github.com/contao/contao 25 https://github.com/directus/directus 25 https://github.com/gogs/gogs 24 https://github.com/strapi/strapi 24 https://github.com/TYPO3/TYPO3.CMS 24 https://github.com/getgrav/grav 24 https://github.com/apache/nifi 23 https://github.com/pmmp/PocketMine-MP 23 https://github.com/firefly-iii/firefly-iii 23 https://github.com/livehelperchat/livehelperchat 23 https://github.com/eclipse/jetty.project 23 https://github.com/hashicorp/consul 22 https://github.com/langchain-ai/langchain 22 https://github.com/PrestaShop/PrestaShop 22 https://github.com/nervosnetwork/ckb 22 https://github.com/jenkinsci/script-security-plugin 21 https://github.com/apache/cxf 21 https://github.com/netty/netty 21 https://github.com/OpenZeppelin/openzeppelin-contracts 20 https://github.com/simplesamlphp/simplesamlphp 20 https://github.com/bytecodealliance/wasmtime 20 https://github.com/OpenNMS/opennms 20 https://github.com/jeecgboot/jeecg-boot 20 https://github.com/undertow-io/undertow 20 https://github.com/funadmin/funadmin 20 https://github.com/cloudfoundry/uaa 19 https://github.com/bcgit/bc-java 19 https://github.com/zitadel/zitadel 19 https://github.com/getkirby/kirby 19 https://github.com/goharbor/harbor 19 https://github.com/nilsteampassnet/teampass 19 https://github.com/rubygems/rubygems 18 https://github.com/geoserver/geoserver 18 https://github.com/nilsteampassnet/TeamPass 18 https://github.com/intelliants/subrion 18 https://github.com/rack/rack 18 https://github.com/traefik/traefik 18 https://github.com/helm/helm 18 https://github.com/moby/moby 17 https://github.com/liufee/cms 17 https://github.com/vaadin/platform 17 https://github.com/mindsdb/mindsdb 17 https://github.com/opencast/opencast 17 https://github.com/hashicorp/vault 17 https://github.com/backstage/backstage 16 https://github.com/tinymce/tinymce 16 https://github.com/etcd-io/etcd 16 https://github.com/ethyca/fides 16 https://github.com/yetiforcecompany/yetiforcecrm 16 https://github.com/sequelize/sequelize 16 https://github.com/ethereum/go-ethereum 16 https://github.com/TYPO3-CMS/core 16 https://github.com/laravel/framework 16 https://github.com/denoland/deno 16 https://github.com/rusqlite/rusqlite 16 https://github.com/forkcms/forkcms 16 https://github.com/mattermost/mattermost 16 https://github.com/OpenMage/magento-lts 16 https://github.com/pyload/pyload 16 https://github.com/puppetlabs/puppet 15 https://github.com/centreon/centreon 15 https://github.com/zendframework/zendframework 15 https://github.com/dompdf/dompdf 15 https://github.com/decidim/decidim 15 https://github.com/vantage6/vantage6 15 https://github.com/apache/camel 15 https://github.com/surrealdb/surrealdb 15 https://github.com/pyca/cryptography 15 https://github.com/PHPMailer/PHPMailer 15 https://github.com/cobbler/cobbler 15 https://github.com/xuxueli/xxl-job 14 https://github.com/aio-libs/aiohttp 14 https://github.com/vercel/next.js 14 https://github.com/cockpit-hq/cockpit 14 https://github.com/janeczku/calibre-web 14 https://github.com/hashicorp/nomad 14 https://github.com/dotnet/aspnetcore 14 https://github.com/ckeditor/ckeditor4 14 https://github.com/twisted/twisted 14 https://github.com/containerd/containerd 14 https://github.com/publify/publify 13 https://github.com/OPCFoundation/UA-.NETStandard 13 https://github.com/golang/go 13 https://github.com/swagger-api/swagger-ui 13 https://github.com/laurent22/joplin 13 https://github.com/OpenRefine/OpenRefine 13 https://github.com/dromara/hutool 13 https://github.com/ming-soft/MCMS 13 https://github.com/apache/dolphinscheduler 13 https://github.com/nodejs/undici 13 https://github.com/TryGhost/Ghost 13 https://github.com/quarkusio/quarkus 13 https://github.com/modoboa/modoboa 13 https://github.com/openstack/glance 12 https://github.com/apache/kylin 12 https://github.com/centreon/centreon-archived 12 https://github.com/opencontainers/runc 12 https://github.com/openfga/openfga 12 https://github.com/puma/puma 12 https://github.com/patriksimek/vm2 12 https://github.com/urllib3/urllib3 12 https://github.com/pimcore/admin-ui-classic-bundle 12 https://github.com/containers/podman 12 https://github.com/smarty-php/smarty 12 https://github.com/PHPOffice/PhpSpreadsheet 12 https://github.com/1Panel-dev/1Panel 12 https://github.com/wagtail/wagtail 12 https://github.com/nats-io/nats-server 11 https://github.com/getsentry/sentry 11 https://github.com/zenml-io/zenml 11 https://github.com/vaadin/flow 11 https://github.com/cri-o/cri-o 11 https://github.com/NodeBB/NodeBB 11 https://github.com/dolibarr/dolibarr 11 https://github.com/spring-projects/spring-security 11 https://github.com/onionshare/onionshare 11 https://github.com/cakephp/cakephp 11 https://github.com/WWBN/AVideo 11 https://github.com/igniterealtime/Openfire 11 https://github.com/thorsten/phpMyFAQ 11 https://github.com/matrix-org/matrix-js-sdk 11 https://github.com/pomerium/pomerium 11 https://github.com/Studio-42/elFinder 11 https://github.com/Pylons/waitress 11 https://github.com/scrapy/scrapy 11 https://github.com/dpgaspar/Flask-AppBuilder 11 https://github.com/Sylius/Sylius 11 https://github.com/drupal/core 11 https://github.com/ezsystems/ezpublish-kernel 11 https://github.com/yiisoft/yii2 11 https://github.com/owen2345/camaleon-cms 11 https://github.com/top-think/framework 11 https://github.com/cloudflare/cfrpki 11 https://github.com/opencart/opencart 10 https://github.com/nocodb/nocodb 10