Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories

Browse all Security Advisories for

Loading...
Critical
GSA_kwCzR0hTQS12ODRoLTY1M3YtNHBxOc4AA7vR
Some CORS middleware allow untrusted origins
Ecosystems: go
Packages: github.com/jub0bs/fcors
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 7 months ago
Critical
GSA_kwCzR0hTQS12aHh2LWZnNG0tcDJ3OM4AA7vQ
Some CORS middleware allow untrusted origins
Ecosystems: go
Packages: github.com/jub0bs/cors
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 months ago
High
GSA_kwCzR0hTQS01bTk4LXFnZzktd2g4NM4AA7vP
aiohttp vulnerable to Denial of Service when trying to parse malformed POST requests
Ecosystems: pypi
Packages: aiohttp
Source: GitHub Advisory Database
Blast Radius: 36.2
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS12cHczLTNwcmYtMzk3NM4AA7uX
Apache Hive Code Injection vulnerability
Ecosystems: maven
Packages: org.apache.hive:hive-jdbc
Source: GitHub Advisory Database
Blast Radius: 22.3
Published: 7 months ago
High
GSA_kwCzR0hTQS13Y2NnLXY2MzgtajlxMs4AA7iq
karmada vulnerable to arbitrary code execution via a crafted command
Ecosystems: go
Packages: github.com/karmada-io/karmada
Source: GitHub Advisory Database
Blast Radius: 6.5
Published: 7 months ago
Critical
GSA_kwCzR0hTQS03OGgzLXBnNHgtajhjds4AA7ij
libxmljs2 vulnerable to type confusion when parsing specially crafted XML
Ecosystems: npm
Packages: libxmljs2
Source: GitHub Advisory Database
Blast Radius: 24.9
Published: 7 months ago
Critical
GSA_kwCzR0hTQS1tanI0LTd4ZzUtcGZ2aM4AA7ir
libxmljs2 type confusion vulnerability when parsing specially crafted XML
Ecosystems: npm
Packages: libxmljs2
Source: GitHub Advisory Database
Blast Radius: 24.9
Published: 7 months ago
Critical
GSA_kwCzR0hTQS1tZzQ5LWpxZ3ctZ2NqNs4AA7ii
libxmljs vulnerable to type confusion when parsing specially crafted XML
Ecosystems: npm
Packages: libxmljs
Source: GitHub Advisory Database
Blast Radius: 26.7
Published: 7 months ago
Critical
GSA_kwCzR0hTQS02NDMzLXg1cDQtOGpjN84AA7ih
libxmljs vulnerable to type confusion when parsing specially crafted XML
Ecosystems: npm
Packages: libxmljs
Source: GitHub Advisory Database
Blast Radius: 26.7
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS0ybXZjLTU1N2ctNTYzOM4AA7ig
pgAdmin is affected by a multi-factor authentication bypass vulnerability
Ecosystems: pypi
Packages: pgadmin4
Source: GitHub Advisory Database
Blast Radius: 12.6
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS00cTYzLW1yMm0tNTdoZs4AA7if
kubevirt allows a local attacker to execute arbitrary code via a crafted command
Ecosystems: go
Packages: kubevirt.io/kubevirt
Source: GitHub Advisory Database
Blast Radius: 9.6
Published: 7 months ago
High
GSA_kwCzR0hTQS14djY0LThwNHItOTRncc4AA7h_
pgAdmin Cross-site Scripting vulnerability in /settings/store API response json payload
Ecosystems: pypi
Packages: pgAdmin4
Source: GitHub Advisory Database
Blast Radius: 12.6
Published: 7 months ago
High
GSA_kwCzR0hTQS12NjNnLXYzMzktMjY3M84AA7fm
Jenkins Script Security Plugin has sandbox bypass vulnerability involving crafted constructor bodies
Ecosystems: maven
Packages: org.jenkins-ci.plugins:script-security
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 months ago
High
GSA_kwCzR0hTQS0yZzRxLTl2bTktOWZ3NM4AA7fn
Jenkins Script Security Plugin sandbox bypass vulnerability
Ecosystems: maven
Packages: org.jenkins-ci.plugins:script-security
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS1waGgzLTJwOW0tdzZqNc4AA7fq
Jenkins Subversion Partial Release Manager Plugin programmatically disables the fix for CVE-2016-3721
Ecosystems: maven
Packages: org.jenkins-ci.plugins:partial-release-manager
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS14N2c2LXJ3aGMtZzdtas4AA7fv
Wildfly vulnerable to denial of service
Ecosystems: maven
Packages: org.wildfly:wildfly-domain-http
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 months ago
Low
GSA_kwCzR0hTQS05NHByLXc5NjgtaDkyM84AA7fp
Jenkins Telegram Bot Plugin stores the Telegram Bot token in plaintext
Ecosystems: maven
Packages: org.jenkins-ci.plugins:telegrambot
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 months ago
Low
GSA_kwCzR0hTQS1yY20yLTIyZjMtcHF2M84AA7fu
Firebase vulnerable to CRSF attack
Ecosystems: npm
Packages: firebase-tools
Source: GitHub Advisory Database
Blast Radius: 11.4
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS14aDljLXZjZjktaDk0bc4AA7fo
Jenkins Git server Plugin does not perform a permission check
Ecosystems: maven
Packages: org.jenkins-ci.plugins:git-server
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 months ago
Critical
GSA_kwCzR0hTQS00ZjkyLXc0MzgtZjQ4NM4AA7fc
CraftBeerPi 4 allows arbitrary code execution
Ecosystems: pypi
Packages: cbpi4
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 7 months ago
High
GSA_kwCzR0hTQS1najVtLW04OGotdjdjM84AA7fS
Apache ActiveMQ's default configuration doesn't secure the API web context
Ecosystems: maven
Packages: org.apache.activemq:apache-activemq
Source: GitHub Advisory Database
Blast Radius: 12.0
Published: 7 months ago
Critical
GSA_kwCzR0hTQS1xOXA0LWh3OW0tZmoyds4AA7fR
Apollo Router vulnerable to Critical Regression In Query Plan Cache
Ecosystems: cargo
Packages: apollo-router
Source: GitHub Advisory Database
Blast Radius: 5.5
Published: 7 months ago
High
GSA_kwCzR0hTQS1yNHE5LXh4NWctajI0cM4AA7es
s3-url-parser vulnerable to Denial of Service via regexes component
Ecosystems: npm
Packages: s3-url-parser
Source: GitHub Advisory Database
Blast Radius: 4.5
Published: 7 months ago
Critical
GSA_kwCzR0hTQS0yeHAzLTU3cDctcWY0ds4AA7eK
xml-crypto vulnerable to XML signature verification bypass due improper verification of signature/signature spoofing
Ecosystems: npm
Packages: xml-crypto
Source: GitHub Advisory Database
Blast Radius: 38.7
Published: 7 months ago
High
GSA_kwCzR0hTQS0zOTk5LTVmZnYtd3Aycs4AA7eJ
Yamux Memory Exhaustion Vulnerability via Active::pending_frames property
Ecosystems: cargo
Packages: yamux
Source: GitHub Advisory Database
Blast Radius: 24.4
Published: 7 months ago
Low
GSA_kwCzR0hTQS1jaGZtLTY4dnYtcHZ3Nc4AA7eI
XMLUnit for Java has Insecure Defaults when Processing XSLT Stylesheets
Ecosystems: maven
Packages: org.xmlunit:xmlunit-core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS1yd2ZxLXY0aHEtaDdmZ84AA7eH
static-web-server vulnerable to stored Cross-site Scripting in directory listings via file names
Ecosystems: cargo
Packages: static-web-server
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 months ago
High
GSA_kwCzR0hTQS05cDU3LWg5ODctNHZneM4AA7eG
Phlex vulnerable to Cross-site Scripting (XSS) via maliciously formed HTML attribute names and values
Ecosystems: rubygems
Packages: phlex
Source: GitHub Advisory Database
Blast Radius: 8.7
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS1xNXFqLXgyaDUtMzk0Nc4AA7eF
Zitadel exposing internal database user name and host information
Ecosystems: go
Packages: github.com/zitadel/zitadel
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 months ago
Low
GSA_kwCzR0hTQS13MnY4LXBocDQtcDhoY84AA7eE
Wagtail has permission check bypass when editing a model with per-field restrictions through `wagtail.contrib.settings` or `ModelViewSet`
Ecosystems: pypi
Packages: wagtail
Source: GitHub Advisory Database
Blast Radius: 8.9
Published: 7 months ago
High
GSA_kwCzR0hTQS03Z3J4LWY5NDUtbWo5Ns4AA7cr
Uptime Kuma vulnerable to authenticated remote code execution via malicious plugin installation
Ecosystems: npm
Packages: uptime-kuma
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS12cjh4LTc0cG0tNnZqN84AA7cq
Uptime Kuma's authenticated path traversal via plugin repository name may lead to unavailability or data loss
Ecosystems: npm
Packages: uptime-kuma
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 months ago
High
GSA_kwCzR0hTQS1qeGdyLWdjajUtY3FxZ84AA7cp
nautobot has reflected Cross-site Scripting potential in all object list views
Ecosystems: pypi
Packages: nautobot
Source: GitHub Advisory Database
Blast Radius: 12.5
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS00anJ4LTV3NGgtM2dwbc4AA7co
Navidrome Parameter Tampering vulnerability
Ecosystems: go
Packages: github.com/navidrome/navidrome
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 7 months ago
High
GSA_kwCzR0hTQS0yY2dxLWg4eHctMnY1as4AA7Z-
CRI-O vulnerable to an arbitrary systemd property injection
Ecosystems: go
Packages: github.com/cri-o/cri-o
Source: GitHub Advisory Database
Blast Radius: 12.9
Published: 7 months ago
High
GSA_kwCzR0hTQS02MzYyLWd2NG0tNTN3d84AA7Zm
Calico privilege escalation vulnerability
Ecosystems: go
Packages: github.com/projectcalico/calico
Source: GitHub Advisory Database
Blast Radius: 5.7
Published: 7 months ago
High
GSA_kwCzR0hTQS04Mnd4LXJ4ZjgtZnhjaM4AA7Zf
PyPXE Buffer Overflow vulnerability
Ecosystems: pypi
Packages: PyPXE
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 7 months ago
High
GSA_kwCzR0hTQS02cnF2LTVjZzctbTR4M84AA7ZT
Buffer Overflow vulnerability in osrg gobgp
Ecosystems: go
Packages: github.com/osrg/gobgp/v3
Source: GitHub Advisory Database
Blast Radius: 15.8
Published: 7 months ago
High
GSA_kwCzR0hTQS02d3A2LTIyeDUtcnIzd84AA7Y-
Flowise vulnerable to code injection via api/v1
Ecosystems: npm
Packages: flowise
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS1naHI1LWNoM3AtdmNyNs4AA7Xa
ejs lacks certain pollution protection
Ecosystems: npm
Packages: ejs
Source: GitHub Advisory Database
Blast Radius: 24.7
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS0zNDk0LWNmd2YtNTZod84AA7Wr
mdanter/ecc affected by timing vulnerability in cryptographic side-channels
Ecosystems: packagist
Packages: mdanter/ecc, paragonie/ecc
Source: GitHub Advisory Database
Blast Radius: 11.7
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS04cDQyLTc1OTctcDJmNs4AA7Wb
dcnnt-py is vulnerable to command injection via Notification Handler
Ecosystems: pypi
Packages: dcnnt
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS01aGNyLWczMnAtaDc0Y84AA7WP
Lavalite CMS Cross Site Scripting vulnerability
Ecosystems: packagist
Packages: lavalite/cms
Source: GitHub Advisory Database
Blast Radius: 3.7
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS1xNjU1LTNwajgtOWZ4cc4AA7WM
Sidekiq vulnerable to a Reflected XSS in Queues Web Page
Ecosystems: rubygems
Packages: sidekiq
Source: GitHub Advisory Database
Blast Radius: 24.2
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS05bTZwLXg0aDItNmZycc4AA7V4
Argo CD vulnerable to a Denial of Service via malicious jqPathExpressions in ignoreDifferences
Ecosystems: go
Packages: github.com/argoproj/argo-cd/v2
Source: GitHub Advisory Database
Blast Radius: 14.1
Published: 7 months ago
Low
GSA_kwCzR0hTQS01Zmg3LTdtdzctbW14Nc4AA7VJ
Mattermost allows team admins to promote guests to team admins
Ecosystems: go
Packages: github.com/mattermost/mattermost-server
Source: GitHub Advisory Database
Blast Radius: 5.6
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS04Zjk5LWcycGoteDh3M84AA7VG
Mattermost crashes web clients via a malformed custom status
Ecosystems: go
Packages: github.com/mattermost/mattermost-server
Source: GitHub Advisory Database
Blast Radius: 9.0
Published: 7 months ago
Low
GSA_kwCzR0hTQS1wMndxLTRnZ3AtNDVmM84AA7U_
Mattermost fails to limit the size of a request path
Ecosystems: go
Packages: github.com/mattermost/mattermost-server
Source: GitHub Advisory Database
Blast Radius: 6.5
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS12eDk3LThxOHEtcWdxNc4AA7VB
Mattermost's detailed error messages reveal the full file path
Ecosystems: go
Packages: github.com/mattermost/mattermost-server
Source: GitHub Advisory Database
Blast Radius: 9.0
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS13ajM3LW1wcTkteHJjbc4AA7VH
Mattermost fails to limit the number of active sessions
Ecosystems: go
Packages: github.com/mattermost/mattermost-server
Source: GitHub Advisory Database
Blast Radius: 9.0
Published: 7 months ago
Low
GSA_kwCzR0hTQS01cXg5LTlmZmotNXI4Zs4AA7VE
Mattermost fails to fully validate role changes
Ecosystems: go
Packages: github.com/mattermost/mattermost-server
Source: GitHub Advisory Database
Blast Radius: 5.6
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS0ycGc2LXZ3OWMtcWhqds4AA7Ug
Passbolt API allows HTML injection
Ecosystems: packagist
Packages: passbolt/passbolt_api
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 months ago
Critical
GSA_kwCzR0hTQS02YzVwLWo4dnEtcHFoas4AA7UT
python-jose algorithm confusion with OpenSSH ECDSA keys
Ecosystems: pypi
Packages: python-jose
Source: GitHub Advisory Database
Blast Radius: 29.1
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS1jandnLXFmcG0tNzM3N84AA7UU
python-jose denial of service via compressed JWE content
Ecosystems: pypi
Packages: python-jose
Source: GitHub Advisory Database
Blast Radius: 20.8
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS1wcHg1LXEzNTktcHZ3as4AA7UK
vyper's range(start, start + N) reverts for negative numbers
Ecosystems: pypi
Packages: vyper
Source: GitHub Advisory Database
Blast Radius: 12.6
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS14Y2hxLXc1cjMtNHdnM84AA7UJ
vyper performs incorrect topic logging in raw_log
Ecosystems: pypi
Packages: vyper
Source: GitHub Advisory Database
Blast Radius: 12.6
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS1yNTZ4LWo0Mzgtdnc1bc4AA7UI
vyper performs double eval of the slice start/length args in certain cases
Ecosystems: pypi
Packages: vyper
Source: GitHub Advisory Database
Blast Radius: 12.6
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS0zd2hxLTY0cTItcWZqNs4AA7UH
vyper performs double eval of raw_args in create_from_blueprint
Ecosystems: pypi
Packages: vyper
Source: GitHub Advisory Database
Blast Radius: 12.6
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS1tMnY5LXczNzQtNWhqOc4AA7UG
vyper default functions don't respect nonreentrancy keys
Ecosystems: pypi
Packages: vyper
Source: GitHub Advisory Database
Blast Radius: 12.6
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS01anJqLTUyeDgtbTY0aM4AA7UF
vyper performs multiple eval of `sqrt()` argument built in
Ecosystems: pypi
Packages: vyper
Source: GitHub Advisory Database
Blast Radius: 12.6
Published: 7 months ago
Critical
GSA_kwCzR0hTQS0zNDZoLTc0OWotcjI4d84AA7UE
PHPECC vulnerable to multiple cryptographic side-channel attacks
Ecosystems: packagist
Packages: mdanter/ecc
Source: GitHub Advisory Database
Blast Radius: 24.9
Published: 7 months ago
High
GSA_kwCzR0hTQS03ajdqLTY2Y3YtbTIzOc4AA7UD
ZITADEL's Improper Lockout Mechanism Leads to MFA Bypass
Ecosystems: go
Packages: github.com/zitadel/zitadel
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS05d21mLXhmM2gtcjhwcs4AA7T1
Jberet: jberet-core logging database credentials
Ecosystems: maven
Packages: org.jberet:jberet-core
Source: GitHub Advisory Database
Blast Radius: 16.0
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS1tdjY0LTg2ZzgtY3FxN84AA7Tz
Quarkus: security checks in resteasy reactive may trigger a denial of service
Ecosystems: maven
Packages: io.quarkus.resteasy.reactive:resteasy-reactive
Source: GitHub Advisory Database
Blast Radius: 11.0
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS0yNXc0LWhmcWctNHI1Ms4AA7T0
Quarkus: authorization flaw in quarkus resteasy reactive and classic
Ecosystems: maven
Packages: io.quarkus:quarkus-resteasy-reactive-common, io.quarkus:quarkus-resteasy-reactive-common-deployment
Source: GitHub Advisory Database
Blast Radius: 13.3
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS1tOXc2LXdwM2gtdnE4Z84AA7T7
CoreDNS may return invalid cache entries
Ecosystems: go
Packages: github.com/coredns/coredns
Source: GitHub Advisory Database
Blast Radius: 16.5
Published: 7 months ago
High
GSA_kwCzR0hTQS14NW03LTYzYzYtZng3Oc4AA7T3
Cluster Monitoring Operator contains a credentials leak
Ecosystems: go
Packages: github.com/openshift/cluster-monitoring-operator
Source: GitHub Advisory Database
Blast Radius: 10.5
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS1jM3d2LXFtamotNDVyNs4AA7S8
Information disclosure in podman
Ecosystems: go
Packages: github.com/containers/podman/v2
Source: GitHub Advisory Database
Blast Radius: 5.7
Published: 7 months ago
High
GSA_kwCzR0hTQS02ZzU2LXY5cWctanA5Ms4AA7S7
Heketi Arbitrary Code Execution
Ecosystems: go
Packages: github.com/heketi/heketi
Source: GitHub Advisory Database
Blast Radius: 30.8
Published: 7 months ago
Critical
GSA_kwCzR0hTQS0zZjd3LXA4dnItNHY1Zs4AA7Ss
pyLoad allows upload to arbitrary folder lead to RCE
Ecosystems: pypi
Packages: pyload-ng
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 7 months ago
High
GSA_kwCzR0hTQS1mOXhmLWpxNGotdnF3NM4AA7Sr
Rancher does not properly specify ApiGroup when creating Kubernetes RBAC resources
Ecosystems: go
Packages: github.com/rancher/rancher
Source: GitHub Advisory Database
Blast Radius: 14.1
Published: 7 months ago
High
GSA_kwCzR0hTQS1wdnhqLTI1bTYtN3Zxcs4AA7Sq
Rancher Privilege escalation vulnerability via malicious "Connection" header
Ecosystems: go
Packages: github.com/rancher/rancher
Source: GitHub Advisory Database
Blast Radius: 14.1
Published: 7 months ago
High
GSA_kwCzR0hTQS1ndmg5LXhncnEtcjhod84AA7Sp
Rancher's Steve API Component Improper authorization check allows privilege escalation
Ecosystems: go
Packages: github.com/rancher/rancher
Source: GitHub Advisory Database
Blast Radius: 14.1
Published: 7 months ago
High
GSA_kwCzR0hTQS0yOGc3LTg5NmgtNjk1ds4AA7So
Rancher's Failure to delete orphaned role bindings does not revoke project level access from group based authentication
Ecosystems: go
Packages: github.com/rancher/rancher
Source: GitHub Advisory Database
Blast Radius: 12.8
Published: 7 months ago
Critical
GSA_kwCzR0hTQS1yN2g3LWNoaDQtNXJ2bc4AA7Sn
Improper Access Control in Gitea
Ecosystems: go
Packages: github.com/go-gitea/gitea
Source: GitHub Advisory Database
Blast Radius: 15.8
Published: 7 months ago
High
GSA_kwCzR0hTQS05ZjhjLXBmdnYtcDRnbc4AA7Sm
Buffer Overflow in gitea
Ecosystems: go
Packages: github.com/go-gitea/gitea
Source: GitHub Advisory Database
Blast Radius: 11.3
Published: 7 months ago
Critical
GSA_kwCzR0hTQS04MjhyLXIyYzgtcmZ3M84AA7Sl
Privilege Escalation in kubevirt
Ecosystems: go
Packages: kubevirt.io/kubevirt
Source: GitHub Advisory Database
Blast Radius: 16.3
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS1yNzZnLWc4N2Ytdnc4Zs4AA7Sk
Kubelet Incorrect Privilege Assignment
Ecosystems: go
Packages: k8s.io/kubernetes/cmd/kubelet
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS01eGZnLXd2OTgtMjY0bc4AA7Sj
Sensitive Information leak via Log File in Kubernetes
Ecosystems: go
Packages: github.com/kubernetes/kubernetes
Source: GitHub Advisory Database
Blast Radius: 7.4
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS01eDk2LWo3OTctNXFxd84AA7Si
Sensitive Information leak via Log File in Kubernetes
Ecosystems: go
Packages: github.com/kubernetes/kubernetes
Source: GitHub Advisory Database
Blast Radius: 6.2
Published: 7 months ago
High
GSA_kwCzR0hTQS1yMjNoLTNqbXctcTdocs4AA7Sh
Access Restriction Bypass in go-ipfs
Ecosystems: go
Packages: github.com/ipfs/go-ipfs
Source: GitHub Advisory Database
Blast Radius: 20.1
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS01NXFqLWdqM3gtanE5cs4AA7Sg
Denial of service in Kubernetes
Ecosystems: go
Packages: k8s.io/kubernetes/pkg/kubelet
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS0zM2M1LTlmeDUtZnZqbc4AA7Sf
Privilege Escalation in Kubernetes
Ecosystems: go
Packages: k8s.io/kubernetes, k8s.io/apimachinery
Source: GitHub Advisory Database
Blast Radius: 31.7
Published: 7 months ago
High
GSA_kwCzR0hTQS1tcTM1LXg5OXItNTRmY84AA7Se
github.com/u-root/u-root/pkg/cpio Arbitrary File Write via Archive Extraction (Zip Slip)
Ecosystems: go
Packages: github.com/u-root/u-root/pkg/cpio
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS0yZ3I4LTN3YzcteGhqM84AA7Sd
social-auth-app-django affected by Improper Handling of Case Sensitivity
Ecosystems: pypi
Packages: social-auth-app-django
Source: GitHub Advisory Database
Blast Radius: 19.5
Published: 7 months ago
Low
GSA_kwCzR0hTQS04NzI0LTV4bW0tdzV4cc4AA7R_
CosmWasm affected by arithmetic overflows
Ecosystems: cargo
Packages: cosmwasm-std
Source: GitHub Advisory Database
Blast Radius: 11.2
Published: 7 months ago
High
GSA_kwCzR0hTQS01eHYzLWZtN2ctODY1cs4AA7R-
OpenMetadata vulnerable to a SpEL Injection in `GET /api/v1/policies/validation/condition/<expr>` (`GHSL-2023-236`)
Ecosystems: maven
Packages: org.open-metadata:openmetadata-service
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 months ago
High
GSA_kwCzR0hTQS04cDVyLTZtdnYtMjQzNc4AA7R9
OpenMetadata vulnerable to a SpEL Injection in `PUT /api/v1/events/subscriptions` (`GHSL-2023-251`)
Ecosystems: maven
Packages: org.open-metadata:openmetadata-service
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS0yODdmLTQ2ajctajR3aM4AA7R8
Umbraco Workflow's Backoffice users can execute arbitrary SQL
Ecosystems: nuget
Packages: Plumber.Workflow, Umbraco.Workflow
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS12andnLTI4Z3YtcG04aM4AA7R7
Pimcore TinyMCE Bundle - tinymce CVE-2024-29203, CVE-2024-29881
Ecosystems: packagist
Packages: pimcore/pimcore
Source: GitHub Advisory Database
Blast Radius: 15.2
Published: 7 months ago
Critical
GSA_kwCzR0hTQS1xaDl3LXI3ZzUtcTkzOc4AA7QZ
Zend Framework SQL injection vulnerability
Ecosystems: packagist
Packages: zendframework/zendframework, zendframework/zend-db, zendframework/zendframework1
Source: GitHub Advisory Database
Blast Radius: 38.2
Published: 7 months ago
Critical
GSA_kwCzR0hTQS0yOTd4LWo5cG0teGpnZ84AA7QY
Drupal Core Remote Code Execution Vulnerability
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 36.5
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS1wcGY4LWhocHAtZjVoas4AA7QS
Hugo Markdown titles do not escaped in internal render hooks
Ecosystems: go
Packages: github.com/gohugoio/hugo
Source: GitHub Advisory Database
Blast Radius: 14.2
Published: 7 months ago
High
GSA_kwCzR0hTQS02MjRnLThxamctOHF4Zs4AA7QR
Conform contains a Prototype Pollution Vulnerability in `parseWith...` function
Ecosystems: npm
Packages: @conform-to/dom, @conform-to/yup, @conform-to/zod
Source: GitHub Advisory Database
Blast Radius: 13.4
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS0zaDdxLXJmaDkteG00ds4AA7QQ
Synapse V2 state resolution weakness allows Denial of Service (DoS)
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 9.2
Published: 7 months ago
Critical
GSA_kwCzR0hTQS03dmY0LXg1bTItcjZncs4AA7QP
OpenMetadata vulnerable to SpEL Injection in `PUT /api/v1/policies` (`GHSL-2023-252`)
Ecosystems: maven
Packages: org.open-metadata:openmetadata-service
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS13MjI4LXJmcHgtZmhtNM4AA7QL
cg vulnerable to an Open Redirect Vulnerability on Referer Header
Ecosystems: pypi
Packages: cg
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS1ycWd2LTI5MnYtNXFncs4AA7QK
Renovate vulnerable to arbitrary command injection via helmv3 manager and registryAliases
Ecosystems: npm
Packages: renovate
Source: GitHub Advisory Database
Blast Radius: 13.4
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS0zbXBmLXJjYzctNTM0N84AA7QJ
Hono vulnerable to Restricted Directory Traversal in serveStatic with deno
Ecosystems: npm
Packages: hono
Source: GitHub Advisory Database
Blast Radius: 15.0
Published: 7 months ago
Critical
GSA_kwCzR0hTQS00cmNoLTJmaDgtOTR2d84AA7Pp
MySQL2 for Node Arbitrary Code Injection
Ecosystems: npm
Packages: mysql2
Source: GitHub Advisory Database
Blast Radius: 50.0
Published: 7 months ago
Statistics
Advisories: 20,749
Packages: 9,077
Repositories: 5,549
Ecosystems: 12
Filter by Severity
Moderate 8,858 High 7,309 Critical 3,076 Low 1,150
Filter by Ecosystem
maven 5,878 packagist 4,636 pypi 4,397 npm 3,818 go 2,305 nuget 1,553 cargo 890 rubygems 880 swift 33 hex 32 actions 21 pub 9
Filter by Package
tensorflow 433 tensorflow-gpu 427 tensorflow-cpu 423 moodle/moodle 367 Microsoft.ChakraCore 247 magento/community-edition 235 org.jenkins-ci.main:jenkins-core 193 typo3/cms 174 org.apache.tomcat:tomcat 132 pimcore/pimcore 118 dolibarr/dolibarr 113 typo3/cms-core 106 Django 100 microweber/microweber 94 phpmyadmin/phpmyadmin 92 drupal/core 92 apache-airflow 85 silverstripe/framework 85 drupal/drupal 78 librenms/librenms 74 Plone 72 thorsten/phpmyfaq 70 symfony/symfony 69 com.fasterxml.jackson.core:jackson-databind 69 github.com/usememos/memos 64 ansible 63 github.com/mattermost/mattermost/server/v8 61 actionpack 60 concrete5/concrete5 60 salt 56 org.apache.struts:struts2-core 55 shopware/platform 52 org.keycloak:keycloak-core 52 apache-superset 51 github.com/grafana/grafana 49 nova 47 mlflow 47 baserproject/basercms 47 craftcms/cms 46 com.liferay.portal:release.portal.bom 46 django 44 nokogiri 43 rdiffweb 42 plone 41 showdoc/showdoc 40 shopware/core 40 intelliants/subrion 39 vyper 38 froxlor/froxlor 38 github.com/rancher/rancher 38 org.apache.tomcat.embed:tomcat-embed-core 38 github.com/hashicorp/vault 37 org.keycloak:keycloak-services 37 nilsteampassnet/teampass 37 mautic/core 37 com.thoughtworks.xstream:xstream 37 org.xwiki.platform:xwiki-platform-oldcore 37 github.com/mattermost/mattermost-server/v6 37 com.jfinal:jfinal 36 k8s.io/kubernetes 36 org.elasticsearch:elasticsearch 36 matrix-synapse 35 moin 35 net.mingsoft:ms-mcms 35 snipe/snipe-it 35 gradio 34 github.com/answerdev/answer 34 zendframework/zendframework1 34 io.undertow:undertow-core 34 org.jenkins-ci.plugins:script-security 33 keystone 32 github.com/argoproj/argo-cd 31 Pillow 31 opencv-python 31 opencv-contrib-python 31 parse-server 31 shopware/shopware 30 github.com/docker/docker 29 github.com/hashicorp/consul 29 getgrav/grav 29 mediawiki/core 28 github.com/hashicorp/nomad 28 github.com/argoproj/argo-cd/v2 27 centreon/centreon 27 prestashop/prestashop 26 pillow 26 openssl-src 26 github.com/cilium/cilium 26 directus 26 electron 26 org.apache.solr:solr-core 25 rubygems-update 25 gogs.io/gogs 25 org.keycloak:keycloak-parent 25 org.springframework.security:spring-security-core 24 org.eclipse.jetty:jetty-server 24 contao/core-bundle 24 magento/core 24 remdex/livehelperchat 23 puppet 23 zendframework/zendframework 23 simplesamlphp/simplesamlphp 23 pocketmine/pocketmine-mp 23 rack 23 grumpydictator/firefly-iii 23 org.bouncycastle:bcprov-jdk14 22 getkirby/cms 22 tribalsystems/zenario 22 ckb 22 org.apache.nifi:nifi 21 org.apache.openmeetings:openmeetings-parent 21 glance 21 activerecord 21 Microsoft.AspNetCore.App.Runtime.win-x64 21 Microsoft.AspNetCore.App.Runtime.win-x86 21 @openzeppelin/contracts-upgradeable 21 langchain 20 funadmin/funadmin 20 code.gitea.io/gitea 20 org.cloudfoundry.identity:cloudfoundry-identity-server 20 laravel/framework 20 github.com/ethereum/go-ethereum 20 @openzeppelin/contracts 20 Microsoft.AspNetCore.App.Runtime.win-arm 20 wasmtime 19 org.springframework:spring-core 19 contao/contao 19 github.com/goharbor/harbor 19 DotNetNuke.Core 19 org.xwiki.platform:xwiki-platform-web-templates 19 topthink/framework 18 next 18 mindsdb 18 github.com/traefik/traefik/v2 18 mercurial 18 com.vaadin:vaadin-bom 18 Microsoft.AspNetCore.App.Runtime.linux-arm 18 cockpit-hq/cockpit 18 com.liferay.portal:release.dxp.bom 18 Microsoft.AspNetCore.App.Runtime.linux-arm64 18 Microsoft.AspNetCore.App.Runtime.linux-musl-x64 18 Microsoft.AspNetCore.App.Runtime.linux-x64 18 Microsoft.AspNetCore.App.Runtime.osx-x64 18 Microsoft.AspNetCore.App.Runtime.win-arm64 18 cobbler 18 forkcms/forkcms 18 golang.org/x/net 18 helm.sh/helm/v3 17 ezsystems/ezpublish-kernel 17 symfony/security 17 genix/cms 17 notebook 17 org.apache.geode:geode-core 17 opencart/opencart 17 cakephp/cakephp 17 Microsoft.AspNetCore.App.Runtime.linux-musl-arm64 17 francoisjacquet/rosariosis 17 neutron 17 pyload-ng 16 cryptography 16 yetiforce/yetiforce-crm 16 phpbb/phpbb 16 typo3/cms-backend 16 sequelize 16 org.apache.jspwiki:jspwiki-main 16 paddlepaddle 16 rusqlite 16 org.apache.dubbo:dubbo 16 org.bouncycastle:bcprov-jdk15 16 github.com/zitadel/zitadel 16 ethyca-fides 16 org.apache.activemq:activemq-client 16 openmage/magento-lts 16 tinymce 16 PaddlePaddle 16 ec-cube/ec-cube 15 org.apache.struts.xwork:xwork-core 15 ckeditor4 15 october/system 15 calibreweb 15 symfony/security-http 15 smarty/smarty 15 ghost 15 surrealdb 15 OctoPrint 15 pyftpdlib 14 activesupport 14 github.com/containerd/containerd 14 silverstripe/cms 14 bolt/bolt 14 modoboa 14 camaleon_cms 14 feehi/cms 14 phpmailer/phpmailer 14 swagger-ui 14 lollms 14 org.apache.inlong:manager-pojo 14 org.apache.tomcat:tomcat-coyote 14 github.com/nats-io/nats-server/v2 14 joplin 14
Filter by Repository
https://github.com/tensorflow/tensorflow 433 https://github.com/moodle/moodle 218 https://github.com/chakra-core/ChakraCore 214 https://github.com/xwiki/xwiki-platform 183 https://github.com/jenkinsci/jenkins 150 https://github.com/django/django 113 https://github.com/pimcore/pimcore 113 https://github.com/apache/tomcat 101 https://github.com/apache/airflow 100 https://github.com/microweber/microweber 88 https://github.com/keycloak/keycloak 79 https://github.com/TYPO3/typo3 74 https://github.com/FasterXML/jackson-databind 70 https://github.com/thorsten/phpmyfaq 69 https://github.com/librenms/librenms 66 https://github.com/silverstripe/silverstripe-framework 64 https://github.com/usememos/memos 64 https://github.com/symfony/symfony 64 https://github.com/rails/rails 59 https://github.com/ansible/ansible 58 https://github.com/Dolibarr/dolibarr 56 https://github.com/kubernetes/kubernetes 53 https://github.com/python-pillow/Pillow 52 https://github.com/apache/struts 46 https://github.com/spring-projects/spring-framework 45 https://github.com/shopware/platform 43 https://github.com/ikus060/rdiffweb 42 https://github.com/argoproj/argo-cd 42 https://github.com/concretecms/concretecms 41 https://github.com/grafana/grafana 41 https://github.com/phpmyadmin/phpmyadmin 38 https://github.com/star7th/showdoc 38 https://github.com/vyperlang/vyper 38 https://github.com/magento/magento2 38 https://github.com/openstack/nova 37 https://github.com/plone/Products.CMFPlone 37 https://github.com/x-stream/xstream 37 https://github.com/octobercms/october 35 https://github.com/mautic/mautic 35 https://github.com/answerdev/answer 34 https://github.com/craftcms/cms 34 https://github.com/saltstack/salt 34 https://github.com/rancher/rancher 34 https://github.com/dotnet/runtime 33 https://github.com/apache/activemq 33 https://github.com/opencv/opencv 32 https://github.com/go-gitea/gitea 32 https://github.com/sparklemotion/nokogiri 32 https://github.com/matrix-org/synapse 32 https://github.com/parse-community/parse-server 31 https://github.com/mlflow/mlflow 31 https://github.com/gradio-app/gradio 31 https://github.com/PaddlePaddle/Paddle 31 https://github.com/snipe/snipe-it 30 https://github.com/shopware/shopware 28 https://github.com/openstack/keystone 28 https://github.com/CVEProject/cvelist 28 https://github.com/apache/inlong 27 https://github.com/cilium/cilium 26 https://github.com/froxlor/froxlor 26 https://github.com/baserproject/basercms 26 https://github.com/directus/directus 25 https://github.com/contao/contao 25 https://github.com/umbraco/Umbraco-CMS 25 https://github.com/github/advisory-database 25 https://github.com/electron/electron 25 https://github.com/TYPO3/TYPO3.CMS 24 https://github.com/strapi/strapi 24 https://github.com/getgrav/grav 24 https://github.com/gogs/gogs 24 https://github.com/apache/nifi 23 https://github.com/livehelperchat/livehelperchat 23 https://github.com/pmmp/PocketMine-MP 23 https://github.com/eclipse/jetty.project 23 https://github.com/firefly-iii/firefly-iii 23 https://github.com/hashicorp/consul 22 https://github.com/langchain-ai/langchain 22 https://github.com/PrestaShop/PrestaShop 22 https://github.com/nervosnetwork/ckb 22 https://github.com/jenkinsci/script-security-plugin 21 https://github.com/apache/cxf 21 https://github.com/netty/netty 21 https://github.com/funadmin/funadmin 20 https://github.com/jeecgboot/jeecg-boot 20 https://github.com/OpenNMS/opennms 20 https://github.com/undertow-io/undertow 20 https://github.com/OpenZeppelin/openzeppelin-contracts 20 https://github.com/simplesamlphp/simplesamlphp 20 https://github.com/bytecodealliance/wasmtime 20 https://github.com/cloudfoundry/uaa 19 https://github.com/bcgit/bc-java 19 https://github.com/zitadel/zitadel 19 https://github.com/getkirby/kirby 19 https://github.com/goharbor/harbor 19 https://github.com/nilsteampassnet/teampass 19 https://github.com/rubygems/rubygems 18 https://github.com/geoserver/geoserver 18 https://github.com/nilsteampassnet/TeamPass 18 https://github.com/intelliants/subrion 18 https://github.com/rack/rack 18 https://github.com/traefik/traefik 18 https://github.com/helm/helm 18 https://github.com/moby/moby 17 https://github.com/liufee/cms 17 https://github.com/vaadin/platform 17 https://github.com/mindsdb/mindsdb 17 https://github.com/opencast/opencast 17 https://github.com/hashicorp/vault 17 https://github.com/backstage/backstage 16 https://github.com/tinymce/tinymce 16 https://github.com/etcd-io/etcd 16 https://github.com/ethyca/fides 16 https://github.com/yetiforcecompany/yetiforcecrm 16 https://github.com/sequelize/sequelize 16 https://github.com/ethereum/go-ethereum 16 https://github.com/TYPO3-CMS/core 16 https://github.com/laravel/framework 16 https://github.com/denoland/deno 16 https://github.com/forkcms/forkcms 16 https://github.com/rusqlite/rusqlite 16 https://github.com/pyload/pyload 16 https://github.com/mattermost/mattermost 16 https://github.com/OpenMage/magento-lts 16 https://github.com/centreon/centreon 15 https://github.com/dompdf/dompdf 15 https://github.com/zendframework/zendframework 15 https://github.com/decidim/decidim 15 https://github.com/vantage6/vantage6 15 https://github.com/puppetlabs/puppet 15 https://github.com/surrealdb/surrealdb 15 https://github.com/apache/camel 15 https://github.com/pyca/cryptography 15 https://github.com/PHPMailer/PHPMailer 15 https://github.com/cobbler/cobbler 15 https://github.com/xuxueli/xxl-job 14 https://github.com/aio-libs/aiohttp 14 https://github.com/vercel/next.js 14 https://github.com/cockpit-hq/cockpit 14 https://github.com/janeczku/calibre-web 14 https://github.com/hashicorp/nomad 14 https://github.com/dotnet/aspnetcore 14 https://github.com/ckeditor/ckeditor4 14 https://github.com/twisted/twisted 14 https://github.com/containerd/containerd 14 https://github.com/publify/publify 13 https://github.com/OPCFoundation/UA-.NETStandard 13 https://github.com/golang/go 13 https://github.com/swagger-api/swagger-ui 13 https://github.com/laurent22/joplin 13 https://github.com/OpenRefine/OpenRefine 13 https://github.com/dromara/hutool 13 https://github.com/ming-soft/MCMS 13 https://github.com/apache/dolphinscheduler 13 https://github.com/nodejs/undici 13 https://github.com/TryGhost/Ghost 13 https://github.com/quarkusio/quarkus 13 https://github.com/modoboa/modoboa 13 https://github.com/openstack/glance 12 https://github.com/apache/kylin 12 https://github.com/centreon/centreon-archived 12 https://github.com/opencontainers/runc 12 https://github.com/openfga/openfga 12 https://github.com/puma/puma 12 https://github.com/patriksimek/vm2 12 https://github.com/urllib3/urllib3 12 https://github.com/pimcore/admin-ui-classic-bundle 12 https://github.com/containers/podman 12 https://github.com/smarty-php/smarty 12 https://github.com/PHPOffice/PhpSpreadsheet 12 https://github.com/1Panel-dev/1Panel 12 https://github.com/wagtail/wagtail 12 https://github.com/nats-io/nats-server 11 https://github.com/getsentry/sentry 11 https://github.com/zenml-io/zenml 11 https://github.com/vaadin/flow 11 https://github.com/cri-o/cri-o 11 https://github.com/NodeBB/NodeBB 11 https://github.com/dolibarr/dolibarr 11 https://github.com/spring-projects/spring-security 11 https://github.com/onionshare/onionshare 11 https://github.com/cakephp/cakephp 11 https://github.com/WWBN/AVideo 11 https://github.com/igniterealtime/Openfire 11 https://github.com/thorsten/phpMyFAQ 11 https://github.com/matrix-org/matrix-js-sdk 11 https://github.com/pomerium/pomerium 11 https://github.com/Studio-42/elFinder 11 https://github.com/Pylons/waitress 11 https://github.com/scrapy/scrapy 11 https://github.com/dpgaspar/Flask-AppBuilder 11 https://github.com/Sylius/Sylius 11 https://github.com/drupal/core 11 https://github.com/ezsystems/ezpublish-kernel 11 https://github.com/yiisoft/yii2 11 https://github.com/owen2345/camaleon-cms 11 https://github.com/top-think/framework 11 https://github.com/cloudflare/cfrpki 11 https://github.com/opencart/opencart 10 https://github.com/nocodb/nocodb 10