Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories

Browse all Security Advisories for

Loading...
Moderate
GSA_kwCzR0hTQS12amhmLTZ4ZnItNXA5Z84AA6lt
KubeVirt NULL pointer dereference flaw
Ecosystems: go
Packages: kubevirt.io/kubevirt
Source: GitHub Advisory Database
Blast Radius: 10.6
Published: 8 months ago
High
GSA_kwCzR0hTQS0ycTU5LWgyNGMtdzZmZ84AA6ks
Voilà Local file inclusion
Ecosystems: pypi
Packages: voila
Source: GitHub Advisory Database
Blast Radius: 22.1
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS1wNzN4LXJwZ20tM3Y1Ns4AA6kj
Dolibarr ERP CRM Code Injection vulnerability during installation
Ecosystems: packagist
Packages: dolibarr/dolibarr
Source: GitHub Advisory Database
Blast Radius: 5.3
Published: 8 months ago
Critical
GSA_kwCzR0hTQS03bXhnLXI3NnAtMzYzZ84AA6kT
Gleez Cms Server Side Request Forgery (SSRF) vulnerability
Ecosystems: packagist
Packages: gleez/cms
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 8 months ago
High
GSA_kwCzR0hTQS00NHdtLWYyNDQteGhwM84AA6j6
Pillow buffer overflow vulnerability
Ecosystems: pypi
Packages: pillow
Source: GitHub Advisory Database
Blast Radius: 33.2
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS03bWcyLTZjNnYtMzQycs4AA6ji
Apache Pulsar: Improper Authorization For Namespace and Topic Management Endpoints
Ecosystems: maven
Packages: org.apache.pulsar:pulsar-broker
Source: GitHub Advisory Database
Blast Radius: 15.3
Published: 8 months ago
Low
GSA_kwCzR0hTQS03NWhxLWg2ZzktaDRxNc4AA6jC
Wasmtime vulnerable to panic when using a dropped extenref-typed element segment
Ecosystems: cargo
Packages: wasmtime
Source: GitHub Advisory Database
Blast Radius: 11.2
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS04ZjI1LXc3cWotcjdoY84AA6i3
Temporal UI Server cross-site scripting vulnerability
Ecosystems: go
Packages: github.com/temporalio/ui-server/v2
Source: GitHub Advisory Database
Blast Radius: 1.3
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS1oaGY4LWY1dzktZzZ2aM4AA6i0
OpenID Connect Authentication (oidc) Typo3 extension Authentication Bypass
Ecosystems: packagist
Packages: causal/oidc
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS1od3Z3LWdoMjMtcXB2cc4AA6ix
CA17 TeamsACS Cross Site Scripting vulnerability
Ecosystems: go
Packages: github.com/ca17/teamsacs
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 8 months ago
High
GSA_kwCzR0hTQS1jMzN4LXhxcmYtYzQ3OM4AA6ir
QUIC's Connection ID Mechanism vulnerable to Memory Exhaustion Attack
Ecosystems: go
Packages: github.com/quic-go/quic-go
Source: GitHub Advisory Database
Blast Radius: 22.9
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS05cGgzLXYydmgtM3F4N84AA6iX
Eclipse Vert.x vulnerable to a memory leak in TCP servers
Ecosystems: maven
Packages: io.vertx:vertx-core
Source: GitHub Advisory Database
Blast Radius: 21.3
Published: 8 months ago
High
GSA_kwCzR0hTQS01N3E1LWg2MjItM2NweM4AA6hD
UVDesk Community Helpdesk Improper Privilege Management
Ecosystems: packagist
Packages: uvdesk/core-framework
Source: GitHub Advisory Database
Blast Radius: 7.1
Published: 8 months ago
High
GSA_kwCzR0hTQS1qOGhnLXY1cXYtOW0yOM4AA6gv
Centreon updateContactServiceCommands SQL Injection Remote Code Execution Vulnerability
Ecosystems: packagist
Packages: centreon/centreon
Source: GitHub Advisory Database
Blast Radius: 3.4
Published: 8 months ago
High
GSA_kwCzR0hTQS1qNHBjLXZxdmMtNHA5eM4AA6gs
Centreon updateLCARelation SQL Injection Remote Code Execution Vulnerability
Ecosystems: packagist
Packages: centreon/centreon
Source: GitHub Advisory Database
Blast Radius: 3.4
Published: 8 months ago
High
GSA_kwCzR0hTQS02MjZyLWNqNDctcDQ5Z84AA6gu
Centreon insertGraphTemplate SQL Injection Remote Code Execution Vulnerability
Ecosystems: packagist
Packages: centreon/centreon
Source: GitHub Advisory Database
Blast Radius: 4.2
Published: 8 months ago
High
GSA_kwCzR0hTQS0yajRnLXY0ZnYtcmh3Z84AA6g0
Centreon updateContactHostCommands SQL Injection Remote Code Execution Vulnerability
Ecosystems: packagist
Packages: centreon/centreon
Source: GitHub Advisory Database
Blast Radius: 3.4
Published: 8 months ago
High
GSA_kwCzR0hTQS1xanZtLXA1dmctNDM3Y84AA6gr
Centreon updateGroups SQL Injection Remote Code Execution Vulnerability
Ecosystems: packagist
Packages: centreon/centreon
Source: GitHub Advisory Database
Blast Radius: 3.4
Published: 8 months ago
High
GSA_kwCzR0hTQS0yMnY3LXYzbWotcG04cs4AA6gq
Centreon updateDirectory SQL Injection Remote Code Execution Vulnerability
Ecosystems: packagist
Packages: centreon/centreon
Source: GitHub Advisory Database
Blast Radius: 4.2
Published: 8 months ago
Low
GSA_kwCzR0hTQS1yMzJnLXc5Y3YtOWZnY84AA6g_
RosarioSIS cross site scripting vulnerability
Ecosystems: packagist
Packages: francoisjacquet/rosariosis
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS1qaHZmLTdjODUtM2M5Z84AA6gZ
LocalAI cross-site request forgery vulnerability
Ecosystems: go
Packages: github.com/go-skynet/LocalAI
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 8 months ago
High
GSA_kwCzR0hTQS1jNGdyLXE5N2ctcHB3Y84AA6gY
In Astro-Shield, setting a correct `integrity` attribute to injected code allows to bypass the allow-lists
Ecosystems: npm
Packages: @kindspells/astro-shield
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 8 months ago
High
GSA_kwCzR0hTQS1wbXd3LXY2YzktN3A4M84AA6gN
Piccolo Admin's raw SVG loading may lead to complete data compromise from admin page
Ecosystems: pypi
Packages: piccolo-admin
Source: GitHub Advisory Database
Blast Radius: 8.0
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS1oY3cyLTJyOWMtZ2M2cM4AA6gM
CasaOS Username Enumeration - Bypass of CVE-2024-24766
Ecosystems: go
Packages: github.com/IceWhaleTech/CasaOS-UserService
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS04dmo5LTV2NXEtZmhjaM4AA6fR
Bonita cross-site scripting vulnerability
Ecosystems: maven
Packages: org.bonitasoft.platform:platform-resources, org.bonitasoft.console:bonita-web-server
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 8 months ago
High
GSA_kwCzR0hTQS0zNGgzLThtdzQtcXc1N84AA6d1
@electron/packager's build process memory potentially leaked into final executable
Ecosystems: npm
Packages: @electron/packager
Source: GitHub Advisory Database
Blast Radius: 14.5
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS0zNXczLTZxaGMtNDc0ds4AA6d0
@workos-inc/authkit-nextjs session replay vulnerability
Ecosystems: npm
Packages: @workos-inc/authkit-nextjs
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS1jajNjLTV4cG0tY3g5NM4AA6dz
Kimai API returns timesheet entries a user should not be authorized to view
Ecosystems: packagist
Packages: kimai/kimai
Source: GitHub Advisory Database
Blast Radius: 8.2
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS14NzY4LWN2cjItMzQ1cs4AA6dy
Un-sanitized metric name or labels can be used to take over exported metrics
Ecosystems: swift
Packages: github.com/swift-server/swift-prometheus
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS1qaHd4LW1od3ctcmdjM84AA6dx
ArgoCD's repo server has Uncontrolled Resource Consumption vulnerability
Ecosystems: go
Packages: github.com/argoproj/argo-cd/v2
Source: GitHub Advisory Database
Blast Radius: 14.1
Published: 8 months ago
High
GSA_kwCzR0hTQS13Mzg3LTVxcXctN2c4bc4AA6dw
Content-Security-Policy header generation in middleware could be compromised by malicious injections
Ecosystems: npm
Packages: @kindspells/astro-shield
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 8 months ago
High
GSA_kwCzR0hTQS04cjVqLWdtM2otY3g5Y84AA6dB
Winter CMS Server-Side Template Injection (SSTI) vulnerability
Ecosystems: packagist
Packages: wintercms/winter
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 8 months ago
High
GSA_kwCzR0hTQS03M3YyLXJ4cXAtN3E0Zs4AA6dc
aliyundrive-webdav vulnerable to Command Injection
Ecosystems: pypi, cargo
Packages: aliyundrive-webdav
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 8 months ago
High
GSA_kwCzR0hTQS0zOWZwLW1xbW0tZ3hqNs4AA6c_
CodeIgniter4 DoS Vulnerability
Ecosystems: packagist
Packages: codeigniter4/framework
Source: GitHub Advisory Database
Blast Radius: 25.0
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS1wdzM5LWYzbTUtY3hmY84AA6b_
Elasticsearch Uncaught Exception leading to crash
Ecosystems: maven
Packages: org.elasticsearch:elasticsearch
Source: GitHub Advisory Database
Blast Radius: 18.4
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS1xYzk5LXI0d2gtYzhoNs4AA6be
Incorrect Access Control in NodeBB
Ecosystems: npm
Packages: nodebb
Source: GitHub Advisory Database
Blast Radius: 3.0
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS04NzR2LXBqNzItOTJmM84AA6ay
Podman affected by CVE-2024-1753 container escape at build time
Ecosystems: go
Packages: github.com/containers/podman/v5, github.com/containers/podman/v4
Source: GitHub Advisory Database
Blast Radius: 16.4
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS1yNzVtLTI2Y3EtbWp4Y84AA6ax
Serverpod improved security for stored password hashes
Ecosystems: pub
Packages: serverpod_auth_server
Source: GitHub Advisory Database
Blast Radius: 3.2
Published: 8 months ago
High
GSA_kwCzR0hTQS1oNng3LXI1cmcteDVmd84AA6aw
Serverpod client accepts any certificate
Ecosystems: pub
Packages: serverpod_client
Source: GitHub Advisory Database
Blast Radius: 9.3
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS1tcmozLWYyaDQtN3c0Nc4AA6av
Saleor: Customers' addresses leak when using Warehouse as a `Pickup: Local stock only` delivery method
Ecosystems: pypi
Packages: saleor
Source: GitHub Advisory Database
Blast Radius: 1.3
Published: 8 months ago
High
GSA_kwCzR0hTQS1wd3FtLXg1eDYtNTU4Ns4AA6au
Cilium has insecure IPsec transport encryption
Ecosystems: go
Packages: github.com/cilium/cilium
Source: GitHub Advisory Database
Blast Radius: 16.1
Published: 8 months ago
High
GSA_kwCzR0hTQS03cjNoLTRwaDgtdzM4Z84AA6at
Cross site scripting (XSS) in JupyterHub via Self-XSS leveraged by Cookie Tossing
Ecosystems: pypi
Packages: jupyterhub
Source: GitHub Advisory Database
Blast Radius: 23.5
Published: 8 months ago
High
GSA_kwCzR0hTQS1ocjV3LWN3d3EtMnY0bc4AA6as
ZITADEL's Improper Content-Type Validation Leads to Account Takeover via Stored XSS + CSP Bypass
Ecosystems: go
Packages: github.com/zitadel/zitadel
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 8 months ago
High
GSA_kwCzR0hTQS1ncDhnLWY0MmYtOTVxMs4AA6ar
ZITADEL's actions can overload reserved claims
Ecosystems: go
Packages: github.com/zitadel/zitadel
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 8 months ago
High
GSA_kwCzR0hTQS1jcWZoLWM0YzUtYzJoZ84AA6YX
domain-suffix RegEx Denial of Service
Ecosystems: npm
Packages: domain-suffix
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 8 months ago
High
GSA_kwCzR0hTQS1qamY0LTk1OXctZjU0Nc4AA6Yn
SQL Injection vulnerability in Reportico Till
Ecosystems: packagist
Packages: reportico-web/reportico
Source: GitHub Advisory Database
Blast Radius: 3.9
Published: 8 months ago
High
GSA_kwCzR0hTQS0yZzRjLThmcG0tYzQ2ds4AA6YV
web3-utils Prototype Pollution vulnerability
Ecosystems: npm
Packages: web3-utils
Source: GitHub Advisory Database
Blast Radius: 36.9
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS1yM2h4LXFmaDUtcjltN84AA6YJ
Elasticsearch Incorrect Authorization vulnerability
Ecosystems: maven
Packages: org.elasticsearch:elasticsearch
Source: GitHub Advisory Database
Blast Radius: 18.8
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS13NWdnLTJxNTYtNmg0Zs4AA6Xy
Elasticsearch Uncontrolled Resource Consumption vulnerability
Ecosystems: maven
Packages: org.elasticsearch:elasticsearch
Source: GitHub Advisory Database
Blast Radius: 20.9
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS01NjY3LTN3Y2gtN3E3d84AA6V6
Eclipse Vert.x memory leak
Ecosystems: maven
Packages: io.vertx:vertx-core
Source: GitHub Advisory Database
Blast Radius: 25.7
Published: 8 months ago
Critical
GSA_kwCzR0hTQS13djI4LTdmcHctZmo0Oc4AA6Vg
Lektor does not sanitize database path traversal
Ecosystems: pypi
Packages: Lektor
Source: GitHub Advisory Database
Blast Radius: 18.0
Published: 8 months ago
High
GSA_kwCzR0hTQS1yMzY0LW0yajktbWY0aM4AA6Un
gradio Server-Side Request Forgery vulnerability
Ecosystems: pypi
Packages: gradio
Source: GitHub Advisory Database
Blast Radius: 29.7
Published: 8 months ago
High
GSA_kwCzR0hTQS01eHZjLXJ3djgtODZwN84AA6T5
Ignite Realtime Openfire privilege escalation vulnerability
Ecosystems: maven
Packages: org.igniterealtime.openfire:xmppserver
Source: GitHub Advisory Database
Blast Radius: 10.9
Published: 8 months ago
High
GSA_kwCzR0hTQS02cHdnLWdnNmotNWNybc4AA6UB
Ignite Realtime Openfire privilege escalation vulnerability
Ecosystems: maven
Packages: org.igniterealtime.openfire:xmppserver
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS00MzhjLTM5NzUtNXgzZs4AA6Te
TinyMCE Cross-Site Scripting (XSS) vulnerability in handling iframes
Ecosystems: packagist, nuget, npm
Packages: tinymce/tinymce, TinyMCE, tinymce
Source: GitHub Advisory Database
Blast Radius: 30.8
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS01MzU5LXB2ZjItcHc3OM4AA6Td
TinyMCE Cross-Site Scripting (XSS) vulnerability in handling external SVG files through Object or Embed elements
Ecosystems: nuget, npm, packagist
Packages: TinyMCE, tinymce, tinymce/tinymce
Source: GitHub Advisory Database
Blast Radius: 30.8
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS01NzM3LXJxdjQtdjQ0Nc4AA6Tc
Pimcore Preview Documents are not restricted to logged in users anymore
Ecosystems: packagist
Packages: pimcore/pimcore
Source: GitHub Advisory Database
Blast Radius: 16.2
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS1jZmYzLTVxcnAtaHF4N84AA6TU
Apache Airflow Improper Preservation of Permissions vulnerability
Ecosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Blast Radius: 16.9
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS1xODRtLXJtdzMtNDM4Ms4AA6Si
LangChain's XMLOutputParser vulnerable to XML Entity Expansion
Ecosystems: pypi
Packages: langchain-core
Source: GitHub Advisory Database
Blast Radius: 13.1
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS1tcjI0LWNmNjktNWNocc4AA6SW
dcat-admin Cross Site Scripting vulnerability
Ecosystems: packagist
Packages: dcat/laravel-admin
Source: GitHub Advisory Database
Blast Radius: 14.7
Published: 8 months ago
Low
GSA_kwCzR0hTQS1tNzMyLXd2aDItN2NxNM4AA6R7
Unauthenticated views may expose information to anonymous users
Ecosystems: pypi
Packages: nautobot
Source: GitHub Advisory Database
Blast Radius: 6.2
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS1xN2c2LXhmaDItdmhweM4AA6Rq
phpMyFAQ stored Cross-site Scripting at user email
Ecosystems: packagist
Packages: phpmyfaq/phpmyfaq
Source: GitHub Advisory Database
Blast Radius: 3.3
Published: 8 months ago
High
GSA_kwCzR0hTQS1wd2gyLWZwZnIteDVnZs4AA6Rp
phpMyFAQ's File Upload Bypass at Category Image Leads to RCE
Ecosystems: packagist
Packages: phpmyfaq/phpmyfaq
Source: GitHub Advisory Database
Blast Radius: 4.3
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS02cDY4LTM2bTYtMzkycs4AA6Ro
phpMyFAQ Stored Cross-site Scripting at FAQ News Content
Ecosystems: packagist
Packages: phpmyfaq/phpmyfaq
Source: GitHub Advisory Database
Blast Radius: 2.6
Published: 8 months ago
High
GSA_kwCzR0hTQS0yZ3J3LW1jOXItODIycs4AA6Rn
phpMyFAQ SQL injections at insertentry & saveentry
Ecosystems: packagist
Packages: phpmyfaq/phpmyfaq
Source: GitHub Advisory Database
Blast Radius: 5.3
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS00OHZ3LWpwZjgtaHdxaM4AA6Rm
phpMyFAQ Stored HTML Injection at contentLink
Ecosystems: packagist
Packages: phpmyfaq/phpmyfaq
Source: GitHub Advisory Database
Blast Radius: 3.1
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS1obThyLTk1ZzMtNWhqOc4AA6Rl
phpMyFAQ Stored Cross-site Scripting at File Attachments
Ecosystems: packagist
Packages: phpmyfaq/phpmyfaq
Source: GitHub Advisory Database
Blast Radius: 2.6
Published: 8 months ago
High
GSA_kwCzR0hTQS1xZ3h4LTR4djUtNmhjd84AA6Rk
phpMyFAQ SQL Injection at "Save News"
Ecosystems: packagist
Packages: phpmyfaq/phpmyfaq
Source: GitHub Advisory Database
Blast Radius: 5.3
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS12N3B4LTQ2djktNXF3cM4AA6Rj
Storefront user can access history and most viewed data from matching back-office user with the same ID
Ecosystems: packagist
Packages: oro/customer-portal
Source: GitHub Advisory Database
Blast Radius: 4.5
Published: 8 months ago
High
GSA_kwCzR0hTQS1yZjM5LTNmOTgteHI3cs4AA6Ri
WiX based installers are vulnerable to binary hijack when run as SYSTEM
Ecosystems: nuget
Packages: WixToolset.Sdk, wix
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 8 months ago
High
GSA_kwCzR0hTQS1qeDRwLW00d20tdnZqZ84AA6Rh
Malicious directory junction can cause WiX RemoveFoldersEx to possibly delete elevated files
Ecosystems: nuget
Packages: WixToolset.Util.wixext, wix
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 8 months ago
High
GSA_kwCzR0hTQS05eHZmLWNqdmYtZmY1cc4AA6Rg
WP Crontrol vulnerable to possible RCE when combined with a pre-condition
Ecosystems: packagist
Packages: johnbillion/wp-crontrol
Source: GitHub Advisory Database
Blast Radius: 2.5
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS01anBtLXg1OHYtNjI0ds4AA6Rf
Netty's HttpPostRequestDecoder can OOM
Ecosystems: maven
Packages: io.netty:netty-codec-http
Source: GitHub Advisory Database
Blast Radius: 20.2
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS12Zm12LWpmYzUtcGpqd84AA6Re
CarrierWave content-Type allowlist bypass vulnerability which possibly leads to XSS remained
Ecosystems: rubygems
Packages: carrierwave
Source: GitHub Advisory Database
Blast Radius: 32.8
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS1ydjk1LTg5NmgtYzJ2Y84AA6Rd
Express.js Open Redirect in malformed URLs
Ecosystems: npm
Packages: express
Source: GitHub Advisory Database
Blast Radius: 38.2
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS12eHEyLXA5MzctM3B4M84AA6Rc
Pinned entity creation form shows wrong data
Ecosystems: packagist
Packages: oro/platform
Source: GitHub Advisory Database
Blast Radius: 9.4
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS0zd2M1LWZjdzItMjMyOc4AA6Rb
KaTeX missing normalization of the protocol in URLs allows bypassing forbidden protocols
Ecosystems: npm
Packages: katex
Source: GitHub Advisory Database
Blast Radius: 24.0
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS1mOTh3LTdjeHItZmYyaM4AA6Ra
KaTeX's `\includegraphics` does not escape filename
Ecosystems: npm
Packages: katex
Source: GitHub Advisory Database
Blast Radius: 27.5
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS1jdnI2LTM3Z3gtdjh3Y84AA6RZ
KaTeX's maxExpand bypassed by Unicode sub/superscripts
Ecosystems: npm
Packages: katex
Source: GitHub Advisory Database
Blast Radius: 28.4
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS02NGZtLThodzItdjcyd84AA6RY
KaTeX's maxExpand bypassed by `\edef`
Ecosystems: npm
Packages: katex
Source: GitHub Advisory Database
Blast Radius: 28.4
Published: 8 months ago
High
GSA_kwCzR0hTQS0zOGpyLTI5Zmgtdzl2bc4AA6RX
ansys-geometry-core OS Command Injection vulnerability
Ecosystems: pypi
Packages: ansys-geometry-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 8 months ago
High
GSA_kwCzR0hTQS0yNDZwLXhtZzgtd21jcc4AA6RW
OneUptime Vulnerable to a Privilege Escalation via Local Storage Key Manipulation
Ecosystems: npm
Packages: @oneuptime/common-server, @oneuptime/model
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 8 months ago
Low
GSA_kwCzR0hTQS01OTJqLTk5NWgtcDIzas4AA6RV
RDoc RCE vulnerability with .rdoc_options
Ecosystems: rubygems
Packages: rdoc
Source: GitHub Advisory Database
Blast Radius: 25.5
Published: 8 months ago
Critical
GSA_kwCzR0hTQS12NWg2LWMyaHYtaHYzcs4AA6RU
StringIO buffer overread vulnerability
Ecosystems: rubygems
Packages: stringio
Source: GitHub Advisory Database
Blast Radius: 38.8
Published: 8 months ago
High
GSA_kwCzR0hTQS1nNHY2LTY5cDYtcTNwNM4AA6RT
WiX Burn-based bundles are vulnerable to binary hijack when run as SYSTEM
Ecosystems: nuget
Packages: PanelSwWix4.Sdk
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 8 months ago
High
GSA_kwCzR0hTQS13cTg4LWZxNHgtaDJwbc4AA6RS
WiX Burn-based bundles are vulnerable to binary hijack when run as SYSTEM
Ecosystems: nuget
Packages: PanelSW.Custom.WiX
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 8 months ago
Low
GSA_kwCzR0hTQS1tbWg2LTVjcGYtMmM3Ms4AA6RR
phpMyFAQ Path Traversal in Attachments
Ecosystems: packagist
Packages: phpmyfaq/phpmyfaq
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: 8 months ago
Critical
GSA_kwCzR0hTQS04cHByLXd3dzgtaGZqeM4AA6RK
@thi.ng/paths Prototype Pollution vulnerability
Ecosystems: npm
Packages: @thi.ng/paths
Source: GitHub Advisory Database
Blast Radius: 15.9
Published: 8 months ago
High
GSA_kwCzR0hTQS1qd3JjLTN2M2YtNWNxNc4AA6Ph
PaddlePaddle allows arbitrary file read via paddle.vision.ops.read_file
Ecosystems: pypi
Packages: paddlepaddle
Source: GitHub Advisory Database
Blast Radius: 27.4
Published: 8 months ago
High
GSA_kwCzR0hTQS13ZmdqLXdyZ2gtaDNyM84AA6PP
SSRF Vulnerability on assetlinks_check(act_name, well_knowns)
Ecosystems: pypi
Packages: mobsfscan
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 8 months ago
High
GSA_kwCzR0hTQS03Zjg4LTVoaHgtNjdtMs4AA6PK
XNIO denial of service vulnerability
Ecosystems: maven
Packages: org.jboss.xnio:xnio-api
Source: GitHub Advisory Database
Blast Radius: 22.9
Published: 8 months ago
High
GSA_kwCzR0hTQS00eHc4LTlmajctajU4as4AA6O_
Cross-Site Request Forgery in Anchor CMS
Ecosystems: packagist
Packages: anchorcms/anchor-cms
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS0yd2h4LWNjcjctZnhxbc4AA6O9
Cross-Site Request Forgery in Anchor CMS
Ecosystems: packagist
Packages: anchorcms/anchor-cms
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS1qNGhxLWY2M3gtZjM5cs4AA6O2
Slow String Operations via MultiPart Requests in Event-Driven Functions
Ecosystems: packagist
Packages: bref/bref
Source: GitHub Advisory Database
Blast Radius: 12.9
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS04ODJqLTR2ajUtN3Ztas4AA6O1
Cache Poisoning Vulnerability
Ecosystems: npm
Packages: translate
Source: GitHub Advisory Database
Blast Radius: 13.9
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS1mNXgzLTMyZzYteHEzNs4AA6O0
Denial of service while parsing a tar file due to lack of folders count validation
Ecosystems: npm
Packages: tar, node-tar
Source: GitHub Advisory Database
Blast Radius: 42.3
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS1wdjlqLWM1M3EtaDQzM84AA6Oz
Gadget chain in Symfony 1 due to uncontrolled unserialized input in sfNamespacedParameterHolder
Ecosystems: packagist
Packages: friendsofsymfony1/symfony1
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 8 months ago
High
GSA_kwCzR0hTQS0ybTd4LWM3cHgtaHA1OM4AA6Oy
Server Side Template Injection (SSTI) via Twig escape handler
Ecosystems: packagist
Packages: getgrav/grav
Source: GitHub Advisory Database
Blast Radius: 6.9
Published: 8 months ago
High
GSA_kwCzR0hTQS1yNnZ3LTh2OHItcG1wNM4AA6Ox
Server Side Template Injection (SSTI)
Ecosystems: packagist
Packages: getgrav/grav
Source: GitHub Advisory Database
Blast Radius: 6.9
Published: 8 months ago
High
GSA_kwCzR0hTQS1xZnY0LXE0NHItZzdyds4AA6Ow
Server Side Template Injection (SSTI)
Ecosystems: packagist
Packages: getgrav/grav
Source: GitHub Advisory Database
Blast Radius: 6.9
Published: 8 months ago
Statistics
Advisories: 20,749
Packages: 9,077
Repositories: 5,549
Ecosystems: 12
Filter by Severity
Moderate 8,858 High 7,309 Critical 3,076 Low 1,150
Filter by Ecosystem
maven 5,878 packagist 4,636 pypi 4,397 npm 3,818 go 2,305 nuget 1,553 cargo 890 rubygems 880 swift 33 hex 32 actions 21 pub 9
Filter by Package
tensorflow 433 tensorflow-gpu 427 tensorflow-cpu 423 moodle/moodle 367 Microsoft.ChakraCore 247 magento/community-edition 235 org.jenkins-ci.main:jenkins-core 193 typo3/cms 174 org.apache.tomcat:tomcat 132 pimcore/pimcore 118 dolibarr/dolibarr 113 typo3/cms-core 106 Django 100 microweber/microweber 94 phpmyadmin/phpmyadmin 92 drupal/core 92 silverstripe/framework 85 apache-airflow 85 drupal/drupal 78 librenms/librenms 74 Plone 72 thorsten/phpmyfaq 70 com.fasterxml.jackson.core:jackson-databind 69 symfony/symfony 69 github.com/usememos/memos 64 ansible 63 github.com/mattermost/mattermost/server/v8 61 actionpack 60 concrete5/concrete5 60 salt 56 org.apache.struts:struts2-core 55 shopware/platform 52 org.keycloak:keycloak-core 52 apache-superset 51 github.com/grafana/grafana 49 nova 47 mlflow 47 baserproject/basercms 47 com.liferay.portal:release.portal.bom 46 craftcms/cms 46 django 44 nokogiri 43 rdiffweb 42 plone 41 showdoc/showdoc 40 shopware/core 40 intelliants/subrion 39 vyper 38 org.apache.tomcat.embed:tomcat-embed-core 38 github.com/rancher/rancher 38 froxlor/froxlor 38 github.com/hashicorp/vault 37 mautic/core 37 nilsteampassnet/teampass 37 github.com/mattermost/mattermost-server/v6 37 org.xwiki.platform:xwiki-platform-oldcore 37 com.thoughtworks.xstream:xstream 37 org.keycloak:keycloak-services 37 k8s.io/kubernetes 36 com.jfinal:jfinal 36 org.elasticsearch:elasticsearch 36 net.mingsoft:ms-mcms 35 snipe/snipe-it 35 matrix-synapse 35 moin 35 gradio 34 github.com/answerdev/answer 34 io.undertow:undertow-core 34 zendframework/zendframework1 34 org.jenkins-ci.plugins:script-security 33 keystone 32 github.com/argoproj/argo-cd 31 opencv-contrib-python 31 opencv-python 31 parse-server 31 Pillow 31 shopware/shopware 30 github.com/docker/docker 29 github.com/hashicorp/consul 29 getgrav/grav 29 github.com/hashicorp/nomad 28 mediawiki/core 28 github.com/argoproj/argo-cd/v2 27 centreon/centreon 27 github.com/cilium/cilium 26 pillow 26 prestashop/prestashop 26 electron 26 directus 26 openssl-src 26 org.keycloak:keycloak-parent 25 rubygems-update 25 org.apache.solr:solr-core 25 gogs.io/gogs 25 magento/core 24 org.springframework.security:spring-security-core 24 org.eclipse.jetty:jetty-server 24 contao/core-bundle 24 remdex/livehelperchat 23 simplesamlphp/simplesamlphp 23 rack 23 pocketmine/pocketmine-mp 23 grumpydictator/firefly-iii 23 puppet 23 zendframework/zendframework 23 getkirby/cms 22 ckb 22 org.bouncycastle:bcprov-jdk14 22 tribalsystems/zenario 22 org.apache.openmeetings:openmeetings-parent 21 @openzeppelin/contracts-upgradeable 21 activerecord 21 Microsoft.AspNetCore.App.Runtime.win-x64 21 Microsoft.AspNetCore.App.Runtime.win-x86 21 org.apache.nifi:nifi 21 glance 21 Microsoft.AspNetCore.App.Runtime.win-arm 20 @openzeppelin/contracts 20 funadmin/funadmin 20 langchain 20 code.gitea.io/gitea 20 laravel/framework 20 github.com/ethereum/go-ethereum 20 org.cloudfoundry.identity:cloudfoundry-identity-server 20 wasmtime 19 contao/contao 19 github.com/goharbor/harbor 19 org.xwiki.platform:xwiki-platform-web-templates 19 org.springframework:spring-core 19 DotNetNuke.Core 19 cobbler 18 com.vaadin:vaadin-bom 18 github.com/traefik/traefik/v2 18 golang.org/x/net 18 Microsoft.AspNetCore.App.Runtime.win-arm64 18 Microsoft.AspNetCore.App.Runtime.osx-x64 18 next 18 Microsoft.AspNetCore.App.Runtime.linux-x64 18 Microsoft.AspNetCore.App.Runtime.linux-musl-x64 18 Microsoft.AspNetCore.App.Runtime.linux-arm64 18 Microsoft.AspNetCore.App.Runtime.linux-arm 18 topthink/framework 18 cockpit-hq/cockpit 18 mercurial 18 com.liferay.portal:release.dxp.bom 18 mindsdb 18 forkcms/forkcms 18 Microsoft.AspNetCore.App.Runtime.linux-musl-arm64 17 francoisjacquet/rosariosis 17 notebook 17 ezsystems/ezpublish-kernel 17 org.apache.geode:geode-core 17 symfony/security 17 helm.sh/helm/v3 17 neutron 17 genix/cms 17 opencart/opencart 17 cakephp/cakephp 17 pyload-ng 16 org.apache.dubbo:dubbo 16 openmage/magento-lts 16 tinymce 16 org.apache.activemq:activemq-client 16 paddlepaddle 16 sequelize 16 org.bouncycastle:bcprov-jdk15 16 typo3/cms-backend 16 ethyca-fides 16 github.com/zitadel/zitadel 16 yetiforce/yetiforce-crm 16 phpbb/phpbb 16 cryptography 16 PaddlePaddle 16 org.apache.jspwiki:jspwiki-main 16 rusqlite 16 smarty/smarty 15 surrealdb 15 ckeditor4 15 october/system 15 calibreweb 15 OctoPrint 15 ec-cube/ec-cube 15 org.apache.struts.xwork:xwork-core 15 symfony/security-http 15 ghost 15 org.apache.inlong:manager-pojo 14 bolt/bolt 14 aiohttp 14 camaleon_cms 14 activesupport 14 silverstripe/cms 14 org.apache.tomcat:tomcat-coyote 14 github.com/containerd/containerd 14 pyftpdlib 14 lollms 14 modoboa 14 org.xwiki.platform:xwiki-platform-web 14 github.com/nats-io/nats-server/v2 14 publify_core 14 feehi/cms 14
Filter by Repository
https://github.com/tensorflow/tensorflow 433 https://github.com/moodle/moodle 218 https://github.com/chakra-core/ChakraCore 214 https://github.com/xwiki/xwiki-platform 183 https://github.com/jenkinsci/jenkins 150 https://github.com/pimcore/pimcore 113 https://github.com/django/django 113 https://github.com/apache/tomcat 101 https://github.com/apache/airflow 100 https://github.com/microweber/microweber 88 https://github.com/keycloak/keycloak 79 https://github.com/TYPO3/typo3 74 https://github.com/FasterXML/jackson-databind 70 https://github.com/thorsten/phpmyfaq 69 https://github.com/librenms/librenms 66 https://github.com/silverstripe/silverstripe-framework 64 https://github.com/symfony/symfony 64 https://github.com/usememos/memos 64 https://github.com/rails/rails 59 https://github.com/ansible/ansible 58 https://github.com/Dolibarr/dolibarr 56 https://github.com/kubernetes/kubernetes 53 https://github.com/python-pillow/Pillow 52 https://github.com/apache/struts 46 https://github.com/spring-projects/spring-framework 45 https://github.com/shopware/platform 43 https://github.com/ikus060/rdiffweb 42 https://github.com/argoproj/argo-cd 42 https://github.com/grafana/grafana 41 https://github.com/concretecms/concretecms 41 https://github.com/vyperlang/vyper 38 https://github.com/star7th/showdoc 38 https://github.com/phpmyadmin/phpmyadmin 38 https://github.com/magento/magento2 38 https://github.com/x-stream/xstream 37 https://github.com/openstack/nova 37 https://github.com/plone/Products.CMFPlone 37 https://github.com/octobercms/october 35 https://github.com/mautic/mautic 35 https://github.com/answerdev/answer 34 https://github.com/craftcms/cms 34 https://github.com/saltstack/salt 34 https://github.com/rancher/rancher 34 https://github.com/dotnet/runtime 33 https://github.com/apache/activemq 33 https://github.com/opencv/opencv 32 https://github.com/go-gitea/gitea 32 https://github.com/sparklemotion/nokogiri 32 https://github.com/matrix-org/synapse 32 https://github.com/parse-community/parse-server 31 https://github.com/mlflow/mlflow 31 https://github.com/gradio-app/gradio 31 https://github.com/PaddlePaddle/Paddle 31 https://github.com/snipe/snipe-it 30 https://github.com/shopware/shopware 28 https://github.com/openstack/keystone 28 https://github.com/CVEProject/cvelist 28 https://github.com/apache/inlong 27 https://github.com/froxlor/froxlor 26 https://github.com/cilium/cilium 26 https://github.com/baserproject/basercms 26 https://github.com/directus/directus 25 https://github.com/contao/contao 25 https://github.com/electron/electron 25 https://github.com/github/advisory-database 25 https://github.com/umbraco/Umbraco-CMS 25 https://github.com/TYPO3/TYPO3.CMS 24 https://github.com/strapi/strapi 24 https://github.com/getgrav/grav 24 https://github.com/gogs/gogs 24 https://github.com/apache/nifi 23 https://github.com/pmmp/PocketMine-MP 23 https://github.com/livehelperchat/livehelperchat 23 https://github.com/eclipse/jetty.project 23 https://github.com/firefly-iii/firefly-iii 23 https://github.com/hashicorp/consul 22 https://github.com/langchain-ai/langchain 22 https://github.com/PrestaShop/PrestaShop 22 https://github.com/nervosnetwork/ckb 22 https://github.com/jenkinsci/script-security-plugin 21 https://github.com/apache/cxf 21 https://github.com/netty/netty 21 https://github.com/OpenZeppelin/openzeppelin-contracts 20 https://github.com/funadmin/funadmin 20 https://github.com/jeecgboot/jeecg-boot 20 https://github.com/OpenNMS/opennms 20 https://github.com/undertow-io/undertow 20 https://github.com/simplesamlphp/simplesamlphp 20 https://github.com/bytecodealliance/wasmtime 20 https://github.com/cloudfoundry/uaa 19 https://github.com/bcgit/bc-java 19 https://github.com/zitadel/zitadel 19 https://github.com/getkirby/kirby 19 https://github.com/goharbor/harbor 19 https://github.com/nilsteampassnet/teampass 19 https://github.com/rubygems/rubygems 18 https://github.com/geoserver/geoserver 18 https://github.com/nilsteampassnet/TeamPass 18 https://github.com/intelliants/subrion 18 https://github.com/rack/rack 18 https://github.com/traefik/traefik 18 https://github.com/helm/helm 18 https://github.com/moby/moby 17 https://github.com/liufee/cms 17 https://github.com/vaadin/platform 17 https://github.com/mindsdb/mindsdb 17 https://github.com/opencast/opencast 17 https://github.com/hashicorp/vault 17 https://github.com/backstage/backstage 16 https://github.com/tinymce/tinymce 16 https://github.com/etcd-io/etcd 16 https://github.com/ethyca/fides 16 https://github.com/yetiforcecompany/yetiforcecrm 16 https://github.com/sequelize/sequelize 16 https://github.com/ethereum/go-ethereum 16 https://github.com/TYPO3-CMS/core 16 https://github.com/laravel/framework 16 https://github.com/denoland/deno 16 https://github.com/forkcms/forkcms 16 https://github.com/rusqlite/rusqlite 16 https://github.com/pyload/pyload 16 https://github.com/mattermost/mattermost 16 https://github.com/OpenMage/magento-lts 16 https://github.com/centreon/centreon 15 https://github.com/dompdf/dompdf 15 https://github.com/zendframework/zendframework 15 https://github.com/decidim/decidim 15 https://github.com/vantage6/vantage6 15 https://github.com/puppetlabs/puppet 15 https://github.com/surrealdb/surrealdb 15 https://github.com/apache/camel 15 https://github.com/pyca/cryptography 15 https://github.com/PHPMailer/PHPMailer 15 https://github.com/cobbler/cobbler 15 https://github.com/xuxueli/xxl-job 14 https://github.com/aio-libs/aiohttp 14 https://github.com/vercel/next.js 14 https://github.com/cockpit-hq/cockpit 14 https://github.com/janeczku/calibre-web 14 https://github.com/hashicorp/nomad 14 https://github.com/dotnet/aspnetcore 14 https://github.com/ckeditor/ckeditor4 14 https://github.com/twisted/twisted 14 https://github.com/containerd/containerd 14 https://github.com/publify/publify 13 https://github.com/OPCFoundation/UA-.NETStandard 13 https://github.com/golang/go 13 https://github.com/swagger-api/swagger-ui 13 https://github.com/laurent22/joplin 13 https://github.com/OpenRefine/OpenRefine 13 https://github.com/dromara/hutool 13 https://github.com/ming-soft/MCMS 13 https://github.com/apache/dolphinscheduler 13 https://github.com/nodejs/undici 13 https://github.com/TryGhost/Ghost 13 https://github.com/quarkusio/quarkus 13 https://github.com/modoboa/modoboa 13 https://github.com/openstack/glance 12 https://github.com/apache/kylin 12 https://github.com/centreon/centreon-archived 12 https://github.com/opencontainers/runc 12 https://github.com/openfga/openfga 12 https://github.com/puma/puma 12 https://github.com/patriksimek/vm2 12 https://github.com/urllib3/urllib3 12 https://github.com/pimcore/admin-ui-classic-bundle 12 https://github.com/containers/podman 12 https://github.com/smarty-php/smarty 12 https://github.com/PHPOffice/PhpSpreadsheet 12 https://github.com/1Panel-dev/1Panel 12 https://github.com/wagtail/wagtail 12 https://github.com/nats-io/nats-server 11 https://github.com/getsentry/sentry 11 https://github.com/zenml-io/zenml 11 https://github.com/vaadin/flow 11 https://github.com/cri-o/cri-o 11 https://github.com/NodeBB/NodeBB 11 https://github.com/dolibarr/dolibarr 11 https://github.com/spring-projects/spring-security 11 https://github.com/onionshare/onionshare 11 https://github.com/cakephp/cakephp 11 https://github.com/WWBN/AVideo 11 https://github.com/igniterealtime/Openfire 11 https://github.com/thorsten/phpMyFAQ 11 https://github.com/matrix-org/matrix-js-sdk 11 https://github.com/pomerium/pomerium 11 https://github.com/Studio-42/elFinder 11 https://github.com/Pylons/waitress 11 https://github.com/scrapy/scrapy 11 https://github.com/dpgaspar/Flask-AppBuilder 11 https://github.com/yiisoft/yii2 11 https://github.com/drupal/core 11 https://github.com/ezsystems/ezpublish-kernel 11 https://github.com/Sylius/Sylius 11 https://github.com/owen2345/camaleon-cms 11 https://github.com/top-think/framework 11 https://github.com/cloudflare/cfrpki 11 https://github.com/opencart/opencart 10 https://github.com/nocodb/nocodb 10