Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories

Loading...
High
GSA_kwCzR0hTQS1tNDljLTVjNTItNjY5Ns4AA7B8
mlflow vulnerable to Path Traversal
Ecosystems: pypi
Packages: mlflow
Source: GitHub Advisory Database
Blast Radius: 27.8
Published: 24 days ago
High
GSA_kwCzR0hTQS13M2gzLTRyajctNHBoNM4AA7B3
Request smuggling leading to endpoint restriction bypass in Gunicorn
Ecosystems: pypi
Packages: gunicorn
Source: GitHub Advisory Database
Blast Radius: 44.6
Published: 24 days ago
Moderate
GSA_kwCzR0hTQS1xaDZ4LWo4MmgtdnBmOc4AA7CK
gradio Server-Side Request Forgery vulnerability
Ecosystems: pypi
Packages: gradio
Source: GitHub Advisory Database
Blast Radius: 26.5
Published: 24 days ago
High
GSA_kwCzR0hTQS1mODJyLWpqNXItNmc5N84AA7CM
mlflow Path Traversal vulnerability
Ecosystems: pypi
Packages: mlflow
Source: GitHub Advisory Database
Blast Radius: 27.8
Published: 24 days ago
Moderate
GSA_kwCzR0hTQS01eDdtLTY3MzctMjZjcs4AA7Bg
SixLabors.ImageSharp vulnerable to data leakage
Ecosystems: nuget
Packages: SixLabors.ImageSharp
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 24 days ago
Moderate
GSA_kwCzR0hTQS1nODVyLTZ4MnEtNDV3N84AA7Bf
SixLabors.ImageSharp vulnerable to Memory Allocation with Excessive Size Value
Ecosystems: nuget
Packages: SixLabors.ImageSharp
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 24 days ago
High
GSA_kwCzR0hTQS0ybTU3LWhmMjUtcGhnZ84AA7Be
sqlparse parsing heavily nested list leads to Denial of Service
Ecosystems: pypi
Packages: sqlparse
Source: GitHub Advisory Database
Blast Radius: 39.8
Published: 24 days ago
Moderate
GSA_kwCzR0hTQS0yZ3Z3LXc2ZmotN20zY84AA7Bd
Argo CD's API server does not enforce project sourceNamespaces
Ecosystems: go
Packages: github.com/argoproj/argo-cd/v2
Source: GitHub Advisory Database
Blast Radius: 10.4
Published: 24 days ago
Moderate
GSA_kwCzR0hTQS05OHA0LXhqbW0tOG1maM4AA7Bc
gix-transport indirect code execution via malicious username
Ecosystems: cargo
Packages: gitoxide, gix, gix-transport
Source: GitHub Advisory Database
Blast Radius: 14.0
Published: 24 days ago
High
GSA_kwCzR0hTQS04NDZnLXA3aG0tZjU0cs4AA7Ba
AWS Amplify CLI has incorrect trust policy management
Ecosystems: npm
Packages: @aws-amplify/cli
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 24 days ago
Moderate
GSA_kwCzR0hTQS03ZjRqLTY0cDYtNWg1ds4AA7BQ
Traefik affected by HTTP/2 CONTINUATION flood in net/http
Ecosystems: go
Packages: github.com/traefik/traefik/v3, github.com/traefik/traefik/v2
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 24 days ago
High
GSA_kwCzR0hTQS1nOGZjLXZyY2ctOHZqZ84AA7BP
Constallation has pods exposed to peers in VPC
Ecosystems: go
Packages: github.com/edgelesssys/constellation/v2
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 24 days ago
Moderate
GSA_kwCzR0hTQS1nOXdnLTk4YzItcXYzds4AA6-z
TCPDF Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: tecnickcom/tcpdf
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 24 days ago
Moderate
GSA_kwCzR0hTQS1tcjgyLThqODMtdnhtds4AA6-j
Pydantic regular expression denial of service
Ecosystems: pypi
Packages: pydantic
Source: GitHub Advisory Database
Blast Radius: 27.7
Published: 24 days ago
Moderate
GSA_kwCzR0hTQS12aDJtLTIyeHgtcTk0Zs4AA6-B
Sensitive query parameters logged by default in OpenTelemetry.Instrumentation http and AspNetCore
Ecosystems: nuget
Packages: OpenTelemetry.Instrumentation.AspNetCore, OpenTelemetry.Instrumentation.Http
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 27 days ago
High
GSA_kwCzR0hTQS1jaGNwLWc5ajUtM3h4eM4AA6-A
Dusk plugin may allow unfettered user authentication in misconfigured installs
Ecosystems: packagist
Packages: winter/wn-dusk-plugin
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 27 days ago
Moderate
GSA_kwCzR0hTQS1tZ3Y4LXc0OWYtODIyd84AA69_
Mautic: MST-48 Server-Side Request Forgery in Asset section
Ecosystems: packagist
Packages: mautic/core
Source: GitHub Advisory Database
Blast Radius: 3.1
Published: 27 days ago
High
GSA_kwCzR0hTQS1td2M3LTY0d2ctcGd2as4AA69-
NiceGUI allows potential access to local file system
Ecosystems: pypi
Packages: nicegui
Source: GitHub Advisory Database
Blast Radius: 11.3
Published: 27 days ago
High
GSA_kwCzR0hTQS1xangzLTJnMzUtNmh2OM4AA69Z
Mautic Sensitive Data Exposure due to inadequate user permission settings
Ecosystems: packagist
Packages: mautic/core
Source: GitHub Advisory Database
Blast Radius: 4.0
Published: 27 days ago
Moderate
GSA_kwCzR0hTQS1qajZ3LTJjcWctN3A5NM4AA69Y
Mautic SQL Injection in dynamic Reports
Ecosystems: packagist
Packages: mautic/core
Source: GitHub Advisory Database
Blast Radius: 3.1
Published: 27 days ago
High
GSA_kwCzR0hTQS05ZmN4LWN2NTYtdzU4cM4AA69X
Mautic vulnerable to Relative Path Traversal / Arbitrary File Deletion due to GrapesJS builder
Ecosystems: packagist
Packages: mautic/core
Source: GitHub Advisory Database
Blast Radius: 3.9
Published: 27 days ago
High
GSA_kwCzR0hTQS00dnd4LTU0bXctdnFmd84AA69W
Traefik vulnerable to denial of service with Content-length header
Ecosystems: go
Packages: github.com/traefik/traefik, github.com/traefik/traefik/v2, github.com/traefik/traefik/v3
Source: GitHub Advisory Database
Blast Radius: 12.9
Published: 27 days ago
Moderate
GSA_kwCzR0hTQS1nOXF4LTI1dmotcmY1M84AA69T
Apache Solr Operator liveness and readiness probes may leak basic auth credentials
Ecosystems: go
Packages: github.com/apache/solr-operator
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 27 days ago
Moderate
GSA_kwCzR0hTQS1jNXJ2LWhqamMtanY3bc4AA68X
tiagorlampert CHAOS vulnerable to Cross Site Scripting
Ecosystems: go
Packages: github.com/tiagorlampert/CHAOS
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 27 days ago
Moderate
GSA_kwCzR0hTQS1qeDd4LTlyOTgtaDV4cs4AA68u
OpenStack magnum vulnerable to time-of-check to time-of-use (TOCTOU) attack
Ecosystems: pypi
Packages: magnum
Source: GitHub Advisory Database
Blast Radius: 8.2
Published: 27 days ago
High
GSA_kwCzR0hTQS02MzYzLXY1bTQtZnZxM84AA68U
timber/timber vulnerable to Deserialization of Untrusted Data
Ecosystems: packagist
Packages: timber/timber
Source: GitHub Advisory Database
Blast Radius: 21.6
Published: 27 days ago
Moderate
GSA_kwCzR0hTQS1maGN4LWY3amctangzZs4AA68T
Mautic vulnerable to cross-site scripting in notifications via saving Dashboards
Ecosystems: packagist
Packages: mautic/core
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: 27 days ago
Moderate
GSA_kwCzR0hTQS03OXZ2LXZwMzItZ3BwN84AA68L
Apache Kafka: Potential incorrect access control during migration from ZK mode to KRaft mode
Ecosystems: maven
Packages: org.apache.kafka:kafka-metadata
Source: GitHub Advisory Database
Blast Radius: 11.2
Published: 27 days ago
High
GSA_kwCzR0hTQS1wM2o2LWY0NWgtaHc1Zs4AA68J
tiagorlampert CHAOS vulnerable to command injections
Ecosystems: go
Packages: github.com/tiagorlampert/CHAOS
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 27 days ago
Moderate
GSA_kwCzR0hTQS1wd3czLXgyZzcteDhxMs4AA672
Reportico affected by Incorrect Access Control
Ecosystems: packagist
Packages: reportico-web/reportico
Source: GitHub Advisory Database
Blast Radius: 3.9
Published: 28 days ago
High
GSA_kwCzR0hTQS0ycmM1LTI3NTUtdjQyMs4AA671
Mautic vulnerable to stored cross-site scripting in description field
Ecosystems: packagist
Packages: mautic/core
Source: GitHub Advisory Database
Blast Radius: 3.6
Published: 28 days ago
Moderate
GSA_kwCzR0hTQS1qamc3LTJ2NHYteDM4aM4AA670
Internationalized Domain Names in Applications (IDNA) vulnerable to denial of service from specially crafted inputs to idna.encode
Ecosystems: pypi
Packages: idna
Source: GitHub Advisory Database
Blast Radius: 34.8
Published: 28 days ago
Moderate
GSA_kwCzR0hTQS14NTY1LTMycXAtbTN2Zs4AA67m
phin may include sensitive headers in subsequent requests after redirect
Ecosystems: npm
Packages: phin
Source: GitHub Advisory Database
Blast Radius: 22.1
Published: 28 days ago
Moderate
GSA_kwCzR0hTQS13bTR3LTdoMnEtM3BmN84AA67l
Matrix IRC Bridge truncated content of messages can be leaked
Ecosystems: npm
Packages: matrix-appservice-irc
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 28 days ago
Moderate
GSA_kwCzR0hTQS05NXByLWZ4ZjUtODZnds4AA67e
Cosign malicious artifacts can cause machine-wide DoS
Ecosystems: go
Packages: github.com/sigstore/cosign/v2, github.com/sigstore/cosign
Source: GitHub Advisory Database
Blast Radius: 11.8
Published: 28 days ago
Moderate
GSA_kwCzR0hTQS04OGp4LTM4M3EtdzRxY84AA67d
Cosign malicious attachments can cause system-wide denial of service
Ecosystems: go
Packages: github.com/sigstore/cosign/v2, github.com/sigstore/cosign
Source: GitHub Advisory Database
Blast Radius: 11.8
Published: 28 days ago
Moderate
GSA_kwCzR0hTQS0zcnE1LTJnOGgtNTloY84AA67c
Potential DoS via the Tudoor mechanism in eventlet and dnspython
Ecosystems: pypi
Packages: dnspython, eventlet
Source: GitHub Advisory Database
Blast Radius: 27.5
Published: 28 days ago
Critical
GSA_kwCzR0hTQS1mcHc3LWoyaGctNjl2Nc4AA66u
mysql2 Remote Code Execution (RCE) via the readCodeFor function
Ecosystems: npm
Packages: mysql2
Source: GitHub Advisory Database
Blast Radius: 50.0
Published: 28 days ago
Moderate
GSA_kwCzR0hTQS00d2gzLTN3ZjItMzltOc4AA66A
Summernote vulnerable to cross-site scripting
Ecosystems: npm
Packages: summernote
Source: GitHub Advisory Database
Blast Radius: 25.2
Published: 29 days ago
Low
GSA_kwCzR0hTQS1qODVxLTQ2aGctMzZwMs4AA658
SpiceDB: LookupSubjects may return partial results if a specific kind of relation is used
Ecosystems: go
Packages: github.com/authzed/spicedb
Source: GitHub Advisory Database
Blast Radius: 2.7
Published: 29 days ago
Critical
GSA_kwCzR0hTQS0zZnA1LTJ4d2gtZnhtNs4AA657
Evmos transaction execution not accounting for all state transition after interaction with precompiles
Ecosystems: go
Packages: github.com/tharsis/evmos/v5, github.com/tharsis/evmos/v4, github.com/tharsis/evmos/v3, github.com/tharsis/evmos/v2, github.com/tharsis/evmos, github.com/evmos/evmos/v5, github.com/evmos/evmos/v6, github.com/evmos/evmos/v7, github.com/evmos/evmos/v16
Source: GitHub Advisory Database
Blast Radius: 5.5
Published: 29 days ago
High
GSA_kwCzR0hTQS0zZjk1LW14cTItMmY2M84AA64H
Gradio Local File Inclusion vulnerability
Ecosystems: pypi
Packages: gradio
Source: GitHub Advisory Database
Blast Radius: 30.5
Published: 29 days ago
Low
GSA_kwCzR0hTQS0zN3E1LXY1cW0tYzl2OM4AA649
Transformers Deserialization of Untrusted Data vulnerability
Ecosystems: pypi
Packages: transformers
Source: GitHub Advisory Database
Blast Radius: 15.3
Published: 29 days ago
High
GSA_kwCzR0hTQS05OXcyLTY3aDgtNTk0OM4AA64t
Aim Cross-Site Request Forgery vulnerability allows user to delete runs and perform other operations
Ecosystems: pypi
Packages: aim
Source: GitHub Advisory Database
Blast Radius: 18.8
Published: 29 days ago
Critical
GSA_kwCzR0hTQS1teHZ3LWNqMzctOGcyaM4AA64v
Aim Web API vulnerable to Remote Code Execution
Ecosystems: pypi
Packages: aim
Source: GitHub Advisory Database
Blast Radius: 20.9
Published: 29 days ago
Critical
GSA_kwCzR0hTQS00NmNtLXBmd3YtY2dmOM4AA64p
LiteLLM has Server-Side Template Injection vulnerability in /completions endpoint
Ecosystems: pypi
Packages: litellm
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 29 days ago
Critical
GSA_kwCzR0hTQS13dnB4LWc0MjctcTl3Y84AA64y
llama-index-core Prompt Injection vulnerability leading to Arbitrary Code Execution
Ecosystems: pypi
Packages: llama-index-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 29 days ago
Critical
GSA_kwCzR0hTQS13eDQzLWc1NWctMmpmNM4AA64K
LocalAI Command Injection in audioToWav
Ecosystems: go
Packages: github.com/go-skynet/LocalAI
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 29 days ago
Critical
GSA_kwCzR0hTQS1jMmdnLTRncTQtanY1as4AA630
XWiki Platform remote code execution from account through UIExtension parameters
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-uiextension-api
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 29 days ago
Critical
GSA_kwCzR0hTQS1oZjQzLTQ3cTQtZmhxNc4AA63z
XWiki Commons missing escaping of `{` in Velocity escapetool allows remote code execution
Ecosystems: maven
Packages: org.xwiki.commons:xwiki-commons-velocity
Source: GitHub Advisory Database
Blast Radius: 18.1
Published: 29 days ago
Moderate
GSA_kwCzR0hTQS1ocDhoLTd4NjktNHdtds4AA63y
zcap has incomplete expiration checks in capability chains.
Ecosystems: npm
Packages: @digitalbazaar/zcap
Source: GitHub Advisory Database
Blast Radius: 4.3
Published: 29 days ago
High
GSA_kwCzR0hTQS05d3dwLXE3d3EtangzNc4AA63x
@fastify/secure-session: Reuse of destroyed secure session cookie
Ecosystems: npm
Packages: @fastify/secure-session
Source: GitHub Advisory Database
Blast Radius: 13.7
Published: 29 days ago
Low
GSA_kwCzR0hTQS1qNXZtLTdxY2MtMnd3Z84AA63w
Kopia: Storage connection credentials written to console on "repository status" CLI command with JSON output
Ecosystems: go
Packages: github.com/kopia/kopia
Source: GitHub Advisory Database
Blast Radius: 3.2
Published: 29 days ago
Critical
GSA_kwCzR0hTQS1yNXZoLWdjM3ItcjI0d84AA63v
XWiki Platform CSRF remote code execution through the realtime HTML Converter API
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-realtime-ui
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 29 days ago
Critical
GSA_kwCzR0hTQS1jdjU1LXY2cnctN3I1ds4AA63u
XWiki Platform remote code execution from account via custom skins support
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-oldcore
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 29 days ago
Critical
GSA_kwCzR0hTQS0zN200LWhxeHYtdzI2Z84AA63t
XWiki Platform CSRF remote code execution through scheduler job's document reference
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-scheduler-ui
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 29 days ago
Moderate
GSA_kwCzR0hTQS1qMnI2LXI5MjktdjZnZs4AA63s
XWiki Platform CSRF in the job scheduler
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-scheduler-ui
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 29 days ago
Critical
GSA_kwCzR0hTQS14bTRoLTNqeHItbTNjNs4AA63r
XWiki Platform: Remote code execution through space title and Solr space facet
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-search-solr-ui
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 29 days ago
Critical
GSA_kwCzR0hTQS14eHAyLTljOWctN3dtas4AA63q
XWiki Platform: Remote code execution from edit in multilingual wikis via translations
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-localization-source-wiki
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 29 days ago
Critical
GSA_kwCzR0hTQS0yODU4LThjZngtNjltOc4AA63p
XWiki Platform: Remote code execution as guest via DatabaseSearch
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-search-ui
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 29 days ago
Critical
GSA_kwCzR0hTQS12eHdyLXdwanYtcWpxN84AA63o
XWiki Platform: Privilege escalation (PR) from user registration through PDFClass
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-oldcore
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 29 days ago
Critical
GSA_kwCzR0hTQS0zNGZqLXI1Z3EtNzM5Nc4AA63n
XWiki Platform: Remote code execution from account via SearchSuggestSourceSheet
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-search-ui
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 29 days ago
Moderate
GSA_kwCzR0hTQS12NzgyLXhyNHctM3ZxeM4AA63m
XWiki Platform: Password hash might be leaked by diff once the xobject holding them is deleted
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-oldcore
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 29 days ago
High
GSA_kwCzR0hTQS1oanE2LTUyZ3ctMmc3cM4AA63l
yt-dlp: `--exec` command injection when using `%q` in yt-dlp on Windows (Bypass of CVE-2023-40581)
Ecosystems: pypi
Packages: yt-dlp
Source: GitHub Advisory Database
Blast Radius: 29.8
Published: 29 days ago
Moderate
GSA_kwCzR0hTQS1tcXIyLXc3d2otampncs4AA62q
mysql2 cache poisoning vulnerability
Ecosystems: npm
Packages: mysql2
Source: GitHub Advisory Database
Blast Radius: 33.2
Published: 29 days ago
Moderate
GSA_kwCzR0hTQS00OWo0LTg2bTgtcTJqd84AA62p
mysql2 vulnerable to Prototype Poisoning
Ecosystems: npm
Packages: mysql2
Source: GitHub Advisory Database
Blast Radius: 33.2
Published: 29 days ago
High
GSA_kwCzR0hTQS1qcG14LTk5NnYtNDhmbc4AA62D
WildFly Elytron: OIDC app attempting to access the second tenant, the user should be prompted to log
Ecosystems: maven
Packages: org.wildfly.security:wildfly-elytron-http-oidc
Source: GitHub Advisory Database
Blast Radius: 12.4
Published: 29 days ago
Moderate
GSA_kwCzR0hTQS1qNTV3LWhqcGotODI1Z84AA6y6
Contao: Insufficient BBCode sanitizer
Ecosystems: packagist
Packages: contao/comments-bundle
Source: GitHub Advisory Database
Blast Radius: 5.9
Published: 30 days ago
Low
GSA_kwCzR0hTQS03NDd2LTUyYzQtOHZqOM4AA6y7
Contao: Unencoded insert tags in the frontend
Ecosystems: packagist
Packages: contao/core-bundle
Source: GitHub Advisory Database
Blast Radius: 10.2
Published: 30 days ago
Moderate
GSA_kwCzR0hTQS12MjRwLTdwNGotcXZ2Zs4AA6y5
Contao: Cross site scripting in the file manager
Ecosystems: packagist
Packages: contao/core-bundle
Source: GitHub Advisory Database
Blast Radius: 17.7
Published: 30 days ago
Moderate
GSA_kwCzR0hTQS13dnhjLTg1NWYtanZyds4AA6y0
Azure Identity Library for .NET Information Disclosure Vulnerability
Ecosystems: nuget
Packages: Azure.Identity
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 30 days ago
Moderate
GSA_kwCzR0hTQS1xbXIzLTUyeGYtd21oeM4AA6yr
Apache Zeppelin: LDAP search filter query Injection Vulnerability
Ecosystems: maven
Packages: org.apache.zeppelin:zeppelin-server
Source: GitHub Advisory Database
Blast Radius: 10.2
Published: 30 days ago
Moderate
GSA_kwCzR0hTQS1nNDRtLXg1aDctZnI1cc4AA6wa
Apache Zeppelin: Cron arbitrary user impersonation with improper privileges
Ecosystems: maven
Packages: org.apache.zeppelin:zeppelin-server
Source: GitHub Advisory Database
Blast Radius: 9.4
Published: 30 days ago
Critical
GSA_kwCzR0hTQS02Nmo4LWM4M20tZ2o1Zs4AA6wb
Apache Zeppelin remote code execution by adding malicious JDBC connection string
Ecosystems: maven
Packages: org.apache.zeppelin:zeppelin-jdbc
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 30 days ago
Moderate
GSA_kwCzR0hTQS1ycnZmLTV3NHItM3g3ds4AA6wc
Apache Zeppelin vulnerable to cross-site scripting in the helium module
Ecosystems: maven
Packages: org.apache.zeppelin:zeppelin-interpreter
Source: GitHub Advisory Database
Blast Radius: 13.7
Published: 30 days ago
High
GSA_kwCzR0hTQS1ndjN3LW01N3AtM3djNM4AA6wY
gin-vue-admin background arbitrary code coverage vulnerability
Ecosystems: go
Packages: github.com/flipped-aurora/gin-vue-admin/server
Source: GitHub Advisory Database
Blast Radius: 10.3
Published: 30 days ago
Moderate
GSA_kwCzR0hTQS1nZ3A1LTI4eDQteGNqOc4AA6wX
Minder GetRepositoryByName data leak
Ecosystems: go
Packages: github.com/stacklok/minder
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 30 days ago
Moderate
GSA_kwCzR0hTQS1yNHI2LWoyajMtN3BwNc4AA6wW
Contao: Remember-me tokens will not be cleared after a password change
Ecosystems: packagist
Packages: contao/core-bundle
Source: GitHub Advisory Database
Blast Radius: 19.4
Published: 30 days ago
High
GSA_kwCzR0hTQS12NmYzLWdoNWgtbXF3eM4AA6wV
DIRAC: Unauthorized users can read proxy contents during generation
Ecosystems: pypi
Packages: DIRAC
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 30 days ago
High
GSA_kwCzR0hTQS05amg1LXFmODQteDZwcs4AA6wU
Contao: Possible cookie sharing with external domains while checking protected pages for broken links
Ecosystems: packagist
Packages: contao/core-bundle
Source: GitHub Advisory Database
Blast Radius: 27.6
Published: 30 days ago
High
GSA_kwCzR0hTQS1odzQyLTM1Njgtd2o4N84AA6v1
google-oauth-java-client improperly verifies cryptographic signature
Ecosystems: maven
Packages: com.google.oauth-client:google-oauth-client
Source: GitHub Advisory Database
Blast Radius: 25.5
Published: 30 days ago
Moderate
GSA_kwCzR0hTQS1tNjVjLXdtdzktdm1wcM4AA6v0
Apache Zeppelin: Replacing other users notebook, bypassing any permissions
Ecosystems: maven
Packages: org.apache.zeppelin:zeppelin-server
Source: GitHub Advisory Database
Blast Radius: 11.3
Published: about 1 month ago
High
GSA_kwCzR0hTQS1mcmMyLXcyY2MteDc5NM4AA6vy
Eclipse Kura LogServlet vulnerability
Ecosystems: maven
Packages: org.eclipse.kura:org.eclipse.kura.web2
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS1ycjU5LWg2cmgtdjg0ds4AA6vw
Apache Zeppelin SAP: connecting to a malicious SAP server allowed it to perform XXE
Ecosystems: maven
Packages: org.apache.zeppelin:sap
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS02NjIzLWM2bXItNjczN84AA6vz
Apache Zeppelin: Denial of service with invalid notebook name
Ecosystems: maven
Packages: org.apache.zeppelin:zeppelin-server
Source: GitHub Advisory Database
Blast Radius: 9.2
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS1wcnZnLXJoNWgtNzRqcs4AA6vx
Apache Zeppelin CSRF vulnerability in the Credentials page
Ecosystems: maven
Packages: org.apache.zeppelin:zeppelin-web
Source: GitHub Advisory Database
Blast Radius: 9.2
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS1nNjRyLXhmMzktcTRwNc4AA6vv
Apache Zeppelin Path Traversal vulnerability
Ecosystems: maven
Packages: org.apache.zeppelin:zeppelin-server
Source: GitHub Advisory Database
Blast Radius: 9.2
Published: about 1 month ago
High
GSA_kwCzR0hTQS12NG1tLXE4ZnYtcjJ3Nc4AA6vZ
WildFly Elytron: SSRF security issue
Ecosystems: maven
Packages: org.wildfly.security:wildfly-elytron-realm-token
Source: GitHub Advisory Database
Blast Radius: 16.5
Published: about 1 month ago
High
GSA_kwCzR0hTQS01ang1LWhxeDUtMnZyas4AA6uv
Ollama DNS rebinding vulnerability
Ecosystems: go
Packages: github.com/ollama/ollama
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS01Mjk3LXdycnAtcmNqN84AA6ui
Shopware Improper Session Handling in store-api account logout
Ecosystems: packagist
Packages: shopware/platform, shopware/core
Source: GitHub Advisory Database
Blast Radius: 13.1
Published: about 1 month ago
High
GSA_kwCzR0hTQS1wMjh4LWhqNjgtN3ZmcM4AA6ug
Ryu Infinite Loop vulnerability
Ecosystems: pypi
Packages: ryu
Source: GitHub Advisory Database
Blast Radius: 16.4
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS1yOTU2LTI1NTMtdnZocs4AA6sD
React Native Sms User Consent Intent Redirection Vulnerability
Ecosystems: npm
Packages: @kyivstarteam/react-native-sms-user-consent
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS1yaGg0LXJoN2MtN3I1ds4AA6r1
Archiver Path Traversal vulnerability
Ecosystems: go
Packages: github.com/mholt/archiver, github.com/mholt/archiver/v3
Source: GitHub Advisory Database
Blast Radius: 21.1
Published: about 1 month ago
Low
GSA_kwCzR0hTQS0ydjQyLXhwM2otNDdtNM4AA6rp
Xuxueli xxl-job template injection vulnerability
Ecosystems: maven
Packages: com.xuxueli:xxl-job-core
Source: GitHub Advisory Database
Blast Radius: 11.0
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS1jcjZmLWdmNXctdmhyY84AA6rV
PyMongo Out-of-bounds Read in the bson module
Ecosystems: pypi
Packages: pymongo
Source: GitHub Advisory Database
Blast Radius: 25.1
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS02N3J2LXFwdzItNnFycs4AA6qo
Grafana: Users outside an organization can delete a snapshot with its key
Ecosystems: go
Packages: github.com/grafana/grafana
Source: GitHub Advisory Database
Blast Radius: 11.0
Published: about 1 month ago
Critical
GSA_kwCzR0hTQS1qNDk2LWNyZ2gtMzRteM4AA6qW
ibc-go: Potential Reentrancy using Timeout Callbacks in ibc-hooks
Ecosystems: go
Packages: github.com/cosmos/ibc-go, github.com/cosmos/ibc-go/v2, github.com/cosmos/ibc-go/v3, github.com/cosmos/ibc-go/v8, github.com/cosmos/ibc-go/v7, github.com/cosmos/ibc-go/v6, github.com/cosmos/ibc-go/v5, github.com/cosmos/ibc-go/v4
Source: GitHub Advisory Database
Blast Radius: 24.8
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS0ycDJ4LXA3d2otajVoMs4AA6qU
PsiTransfer: File integrity violation
Ecosystems: npm
Packages: psitransfer
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS14Zzh2LW0ybWgtNDVtNs4AA6qV
PsiTransfer: Violation of the integrity of file distribution
Ecosystems: npm
Packages: psitransfer
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS1tYzM5LWg1NGctcHZ3Ns4AA6qT
libdav1d-sys affected by dav1d AV1 decoder integer overflow
Ecosystems: cargo
Packages: libdav1d-sys
Source: GitHub Advisory Database
Blast Radius: 7.4
Published: about 1 month ago
Statistics
Advisories: 18,414
Packages: 8,307
Repositories: 5,029
Ecosystems: 12
Filter by Severity
Moderate 7,954 High 6,372 Critical 2,811 Low 986
Filter by Ecosystem
maven 5,536 packagist 3,815 pypi 3,736 npm 3,547 go 1,900 nuget 1,390 rubygems 814 cargo 779 swift 31 hex 30 actions 16 pub 8
Filter by Package
tensorflow 432 tensorflow-cpu 387 tensorflow-gpu 384 moodle/moodle 323 Microsoft.ChakraCore 247 org.jenkins-ci.main:jenkins-core 189 magento/community-edition 182 org.apache.tomcat:tomcat 134 pimcore/pimcore 116 dolibarr/dolibarr 107 typo3/cms 102 phpmyadmin/phpmyadmin 92 microweber/microweber 91 django 80 apache-airflow 78 drupal/core 76 typo3/cms-core 73 thorsten/phpmyfaq 70 com.fasterxml.jackson.core:jackson-databind 69 ansible 63 drupal/drupal 61 github.com/usememos/memos 59 actionpack 57 org.apache.struts:struts2-core 55 librenms/librenms 54 symfony/symfony 53 concrete5/concrete5 52 salt 51 apache-superset 49 shopware/platform 48 org.keycloak:keycloak-core 47 Plone 46 com.liferay.portal:release.portal.bom 45 baserproject/basercms 43 plone 43 nokogiri 42 rdiffweb 42 Pillow 41 intelliants/subrion 40 craftcms/cms 40 showdoc/showdoc 40 github.com/mattermost/mattermost/server/v8 38 vyper 38 github.com/mattermost/mattermost-server/v6 37 org.apache.tomcat.embed:tomcat-embed-core 37 nilsteampassnet/teampass 37 com.thoughtworks.xstream:xstream 36 shopware/core 36 froxlor/froxlor 36 com.jfinal:jfinal 36 net.mingsoft:ms-mcms 35 matrix-synapse 35 org.xwiki.platform:xwiki-platform-oldcore 34 github.com/answerdev/answer 34 k8s.io/kubernetes 32 org.elasticsearch:elasticsearch 32 silverstripe/framework 32 snipe/snipe-it 32 org.jenkins-ci.plugins:script-security 32 mlflow 31 opencv-contrib-python 30 opencv-python 30 mautic/core 29 github.com/argoproj/argo-cd 29 parse-server 29 github.com/hashicorp/vault 28 Django 28 github.com/grafana/grafana 28 getgrav/grav 28 github.com/rancher/rancher 28 centreon/centreon 27 shopware/shopware 27 org.keycloak:keycloak-services 27 io.undertow:undertow-core 27 electron 26 openssl-src 26 github.com/hashicorp/consul 26 github.com/hashicorp/nomad 26 rubygems-update 25 org.keycloak:keycloak-parent 25 org.apache.solr:solr-core 25 magento/core 24 prestashop/prestashop 24 gogs.io/gogs 24 org.springframework.security:spring-security-core 23 org.eclipse.jetty:jetty-server 23 puppet 23 remdex/livehelperchat 23 moin 23 pocketmine/pocketmine-mp 23 github.com/argoproj/argo-cd/v2 23 grumpydictator/firefly-iii 22 ckb 22 getkirby/cms 22 org.apache.nifi:nifi 22 rack 22 @openzeppelin/contracts-upgradeable 21 org.apache.openmeetings:openmeetings-parent 21 contao/core-bundle 21 activerecord 21 @openzeppelin/contracts 20 tribalsystems/zenario 20 github.com/cilium/cilium 20 org.cloudfoundry.identity:cloudfoundry-identity-server 20 github.com/ethereum/go-ethereum 20 org.bouncycastle:bcprov-jdk14 19 github.com/docker/docker 19 org.springframework:spring-core 19 DotNetNuke.Core 19 code.gitea.io/gitea 19 simplesamlphp/simplesamlphp 18 com.vaadin:vaadin-bom 18 contao/contao 18 com.liferay.portal:release.dxp.bom 18 helm.sh/helm/v3 18 langchain 18 forkcms/forkcms 18 Microsoft.AspNetCore.App.Runtime.win-x64 17 golang.org/x/net 17 org.apache.geode:geode-core 17 org.xwiki.platform:xwiki-platform-web-templates 17 mercurial 17 Microsoft.AspNetCore.App.Runtime.win-x86 17 cakephp/cakephp 17 cockpit-hq/cockpit 17 genix/cms 17 symfony/security 17 cobbler 17 francoisjacquet/rosariosis 17 PaddlePaddle 17 sequelize 16 pillow 16 org.apache.activemq:activemq-client 16 org.bouncycastle:bcprov-jdk15 16 Microsoft.AspNetCore.App.Runtime.win-arm 16 directus 16 yetiforce/yetiforce-crm 16 rusqlite 16 keystone 16 org.apache.dubbo:dubbo 16 nova 16 wasmtime 16 topthink/framework 16 Microsoft.AspNetCore.App.Runtime.linux-musl-x64 15 Microsoft.AspNetCore.App.Runtime.linux-arm64 15 Microsoft.AspNetCore.App.Runtime.linux-arm 15 paddlepaddle 15 Microsoft.AspNetCore.App.Runtime.linux-x64 15 Microsoft.AspNetCore.App.Runtime.osx-x64 15 org.apache.jspwiki:jspwiki-main 15 gradio 15 notebook 15 github.com/goharbor/harbor 15 openmage/magento-lts 15 org.apache.struts.xwork:xwork-core 15 cryptography 15 publify_core 14 symfony/security-http 14 ezsystems/ezpublish-kernel 14 org.xwiki.platform:xwiki-platform-web 14 typo3/cms-backend 14 ec-cube/ec-cube 14 zendframework/zendframework1 14 ghost 14 Microsoft.AspNetCore.App.Runtime.linux-musl-arm64 14 phpmailer/phpmailer 14 smarty/smarty 14 Microsoft.AspNetCore.App.Runtime.win-arm64 14 tinymce 14 swagger-ui 14 pyload-ng 14 activesupport 14 modoboa 14 org.apache.inlong:manager-pojo 14 pyftpdlib 14 joplin 13 lavalite/cms 13 github.com/mattermost/mattermost-server 13 passenger 13 next 13 ckeditor4 13 october/system 13 impresscms/impresscms 13 strapi 13 github.com/nats-io/nats-server/v2 13 bolt/bolt 13 org.apache.cxf:cxf 13 codeigniter4/framework 13 github.com/containerd/containerd 13 elefant/cms 13 github.com/traefik/traefik/v2 13 org.apache.hadoop:hadoop-main 13 neutron 13 dompdf/dompdf 12 org.apache.dolphinscheduler:dolphinscheduler 12 vantage6 12 actionview 12 github.com/go-gitea/gitea 12 com.vaadin:flow-server 12 org.jenkins-ci.plugins:git 12
Filter by Repository
https://github.com/tensorflow/tensorflow 432 https://github.com/chakra-core/ChakraCore 214 https://github.com/moodle/moodle 210 https://github.com/xwiki/xwiki-platform 172 https://github.com/jenkinsci/jenkins 148 https://github.com/pimcore/pimcore 111 https://github.com/apache/tomcat 96 https://github.com/apache/airflow 90 https://github.com/microweber/microweber 85 https://github.com/django/django 85 https://github.com/FasterXML/jackson-databind 70 https://github.com/thorsten/phpmyfaq 69 https://github.com/keycloak/keycloak 59 https://github.com/usememos/memos 59 https://github.com/Dolibarr/dolibarr 55 https://github.com/ansible/ansible 53 https://github.com/rails/rails 53 https://github.com/python-pillow/Pillow 52 https://github.com/kubernetes/kubernetes 48 https://github.com/symfony/symfony 47 https://github.com/librenms/librenms 46 https://github.com/apache/struts 46 https://github.com/shopware/platform 43 https://github.com/ikus060/rdiffweb 42 https://github.com/TYPO3/typo3 42 https://github.com/spring-projects/spring-framework 41 https://github.com/phpmyadmin/phpmyadmin 38 https://github.com/vyperlang/vyper 38 https://github.com/star7th/showdoc 38 https://github.com/argoproj/argo-cd 37 https://github.com/plone/Products.CMFPlone 37 https://github.com/x-stream/xstream 36 https://github.com/concretecms/concretecms 34 https://github.com/answerdev/answer 34 https://github.com/octobercms/october 33 https://github.com/apache/activemq 33 https://github.com/matrix-org/synapse 32 https://github.com/saltstack/salt 32 https://github.com/sparklemotion/nokogiri 31 https://github.com/magento/magento2 31 https://github.com/go-gitea/gitea 31 https://github.com/PaddlePaddle/Paddle 31 https://github.com/parse-community/parse-server 29 https://github.com/craftcms/cms 29 https://github.com/opencv/opencv 28 https://github.com/snipe/snipe-it 28 https://github.com/CVEProject/cvelist 28 https://github.com/mautic/mautic 27 https://github.com/apache/inlong 26 https://github.com/froxlor/froxlor 26 https://github.com/electron/electron 25 https://github.com/mlflow/mlflow 25 https://github.com/rancher/rancher 25 https://github.com/shopware/shopware 24 https://github.com/TYPO3/TYPO3.CMS 24 https://github.com/eclipse/jetty.project 23 https://github.com/pmmp/PocketMine-MP 23 https://github.com/github/advisory-database 23 https://github.com/livehelperchat/livehelperchat 23 https://github.com/dotnet/runtime 23 https://github.com/getgrav/grav 23 https://github.com/firefly-iii/firefly-iii 22 https://github.com/contao/contao 22 https://github.com/baserproject/basercms 22 https://github.com/nervosnetwork/ckb 22 https://github.com/grafana/grafana 22 https://github.com/apache/nifi 21 https://github.com/strapi/strapi 21 https://github.com/jenkinsci/script-security-plugin 21 https://github.com/OpenZeppelin/openzeppelin-contracts 20 https://github.com/OpenNMS/opennms 20 https://github.com/gogs/gogs 20 https://github.com/cilium/cilium 20 https://github.com/netty/netty 20 https://github.com/jeecgboot/jeecg-boot 20 https://github.com/PrestaShop/PrestaShop 20 https://github.com/helm/helm 19 https://github.com/nilsteampassnet/teampass 19 https://github.com/apache/cxf 19 https://github.com/hashicorp/consul 19 https://github.com/cloudfoundry/uaa 19 https://github.com/intelliants/subrion 19 https://github.com/getkirby/kirby 18 https://github.com/nilsteampassnet/TeamPass 18 https://github.com/bcgit/bc-java 18 https://github.com/rubygems/rubygems 18 https://github.com/vaadin/platform 17 https://github.com/bytecodealliance/wasmtime 17 https://github.com/rack/rack 17 https://github.com/liufee/cms 17 https://github.com/hashicorp/vault 16 https://github.com/etcd-io/etcd 16 https://github.com/umbraco/Umbraco-CMS 16 https://github.com/rusqlite/rusqlite 16 https://github.com/forkcms/forkcms 16 https://github.com/yetiforcecompany/yetiforcecrm 16 https://github.com/opencast/opencast 16 https://github.com/sequelize/sequelize 16 https://github.com/ethereum/go-ethereum 16 https://github.com/denoland/deno 15 https://github.com/centreon/centreon 15 https://github.com/puppetlabs/puppet 15 https://github.com/apache/camel 15 https://github.com/geoserver/geoserver 15 https://github.com/goharbor/harbor 15 https://github.com/simplesamlphp/simplesamlphp 15 https://github.com/directus/directus 15 https://github.com/OpenMage/magento-lts 15 https://github.com/gradio-app/gradio 14 https://github.com/tinymce/tinymce 14 https://github.com/pyca/cryptography 14 https://github.com/PHPMailer/PHPMailer 14 https://github.com/moby/moby 14 https://github.com/vantage6/vantage6 14 https://github.com/mattermost/mattermost 14 https://github.com/cobbler/cobbler 14 https://github.com/langchain-ai/langchain 14 https://github.com/pyload/pyload 14 https://github.com/cockpit-hq/cockpit 14 https://github.com/openstack/keystone 13 https://github.com/swagger-api/swagger-ui 13 https://github.com/modoboa/modoboa 13 https://github.com/quarkusio/quarkus 13 https://github.com/traefik/traefik 13 https://github.com/ming-soft/MCMS 13 https://github.com/xuxueli/xxl-job 13 https://github.com/publify/publify 13 https://github.com/golang/go 13 https://github.com/dompdf/dompdf 13 https://github.com/containerd/containerd 13 https://github.com/silverstripe/silverstripe-framework 13 https://github.com/hashicorp/nomad 13 https://github.com/undertow-io/undertow 13 https://github.com/centreon/centreon-archived 12 https://github.com/apache/dolphinscheduler 12 https://github.com/TryGhost/Ghost 12 https://github.com/nodejs/undici 12 https://github.com/dromara/hutool 12 https://github.com/apache/kylin 12 https://github.com/patriksimek/vm2 12 https://github.com/twisted/twisted 12 https://github.com/laurent22/joplin 12 https://github.com/backstage/backstage 12 https://github.com/ckeditor/ckeditor4 12 https://github.com/thorsten/phpMyFAQ 11 https://github.com/NodeBB/NodeBB 11 https://github.com/cakephp/cakephp 11 https://github.com/containers/podman 11 https://github.com/vaadin/flow 11 https://github.com/urllib3/urllib3 11 https://github.com/onionshare/onionshare 11 https://github.com/igniterealtime/Openfire 11 https://github.com/puma/puma 11 https://github.com/drupal/core 11 https://github.com/Studio-42/elFinder 11 https://github.com/jquery/jquery 11 https://github.com/openfga/openfga 11 https://github.com/aio-libs/aiohttp 11 https://github.com/smarty-php/smarty 11 https://github.com/janeczku/calibre-web 11 https://github.com/zitadel/zitadel 11 https://github.com/cloudflare/cfrpki 11 https://github.com/opencontainers/runc 11 https://github.com/wagtail/wagtail 10 https://github.com/top-think/framework 10 https://github.com/OPCFoundation/UA-.NETStandard 10 https://github.com/jenkinsci/git-plugin 10 https://github.com/1Panel-dev/1Panel 10 https://github.com/zopefoundation/Zope 10 https://github.com/nats-io/nats-server 10 https://github.com/phusion/passenger 10 https://github.com/dolibarr/dolibarr 10 https://github.com/dpgaspar/Flask-AppBuilder 10 https://github.com/WWBN/AVideo 10 https://github.com/codeigniter4/CodeIgniter4 10 https://github.com/dotnet/aspnetcore 10 https://github.com/ezsystems/ezpublish-kernel 10 https://github.com/greenpau/caddy-security 10 https://github.com/jupyter/notebook 10 https://github.com/nextauthjs/next-auth 10 https://github.com/pimcore/admin-ui-classic-bundle 10 https://github.com/keystonejs/keystone 10 https://github.com/funadmin/funadmin 9 https://github.com/cui2shark/cms 9 https://github.com/fatfreecrm/fat_free_crm 9 https://github.com/apache/superset 9 https://github.com/faucetsdn/ryu 9 https://github.com/neorazorx/facturascripts 9 https://github.com/rails/rails-html-sanitizer 9 https://github.com/bolt/bolt 9 https://github.com/semplon/GeniXCMS 9 https://github.com/Pylons/waitress 9 https://github.com/giampaolo/pyftpdlib 9 https://github.com/spring-projects/spring-security 9 https://github.com/cosmos/cosmos-sdk 9 https://github.com/pgadmin-org/pgadmin4 9 https://github.com/evershopcommerce/evershop 9 https://github.com/laravel/framework 9 https://github.com/yiisoft/yii2 9