Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Low Security Advisories

Browse all Security Advisories for Low

Loading...
Low
GSA_kwCzR0hTQS0zN3E1LXY1cW0tYzl2OM4AA649
Transformers Deserialization of Untrusted Data vulnerability
Ecosystems: pypi
Packages: transformers
Source: GitHub Advisory Database
Blast Radius: 15.3
Published: 7 months ago
Low
GSA_kwCzR0hTQS1qNXZtLTdxY2MtMnd3Z84AA63w
Kopia: Storage connection credentials written to console on "repository status" CLI command with JSON output
Ecosystems: go
Packages: github.com/kopia/kopia
Source: GitHub Advisory Database
Blast Radius: 3.2
Published: 7 months ago
Low
GSA_kwCzR0hTQS03NDd2LTUyYzQtOHZqOM4AA6y7
Contao: Unencoded insert tags in the frontend
Ecosystems: packagist
Packages: contao/core-bundle
Source: GitHub Advisory Database
Blast Radius: 10.2
Published: 8 months ago
Low
GSA_kwCzR0hTQS0ydjQyLXhwM2otNDdtNM4AA6rp
Xuxueli xxl-job template injection vulnerability
Ecosystems: maven
Packages: com.xuxueli:xxl-job-core
Source: GitHub Advisory Database
Blast Radius: 11.0
Published: 8 months ago
Low
GSA_kwCzR0hTQS14cDlqLThwNjgtOXE5M84AA6p2
Mattermost Server Improper Access Control
Ecosystems: go
Packages: github.com/mattermost/mattermost/server/v8
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 8 months ago
Low
GSA_kwCzR0hTQS05cXhyLXFqNTQtaDY3Ms4AA6o2
Undici's fetch with integrity option is too lax when algorithm is specified but hash value is in incorrect
Ecosystems: npm
Packages: undici
Source: GitHub Advisory Database
Blast Radius: 13.0
Published: 8 months ago
Low
GSA_kwCzR0hTQS1tNHY4LXdxdnItcDlmN84AA6o1
Undici's Proxy-Authorization header not cleared on cross-origin redirect for dispatch, request, stream, pipeline
Ecosystems: npm
Packages: undici
Source: GitHub Advisory Database
Blast Radius: 19.5
Published: 8 months ago
Low
GSA_kwCzR0hTQS1wajQyLXI2NGYtNHhmcc4AA6ng
Concrete CMS Stored XSS on the calendar color settings screen
Ecosystems: packagist
Packages: concrete5/concrete5
Source: GitHub Advisory Database
Blast Radius: 1.7
Published: 8 months ago
Low
GSA_kwCzR0hTQS14d3JoLXF4bWMteDhjOM4AA6ni
Concrete CMS Cross-site Scripting (XSS) in the Advanced File Search Filter
Ecosystems: packagist
Packages: concrete5/concrete5
Source: GitHub Advisory Database
Blast Radius: 2.6
Published: 8 months ago
Low
GSA_kwCzR0hTQS1xZ205LXJ4bXEtanhtcc4AA6nk
Concrete CMS Stored XSS in the Search Field
Ecosystems: packagist
Packages: concrete5/concrete5
Source: GitHub Advisory Database
Blast Radius: 2.6
Published: 8 months ago
Low
GSA_kwCzR0hTQS1yN3E0LWN3OXItdmhwNM4AA6nj
Concrete CMS Stored XSS in the Custom Class page editing
Ecosystems: packagist
Packages: concrete5/concrete5
Source: GitHub Advisory Database
Blast Radius: 2.6
Published: 8 months ago
Low
GSA_kwCzR0hTQS05cWhjLXBnNmotd2YyM84AA6nm
Concrete CMS Stored XSS in blocks of type file
Ecosystems: packagist
Packages: concrete5/concrete5
Source: GitHub Advisory Database
Blast Radius: 2.6
Published: 8 months ago
Low
GSA_kwCzR0hTQS03NWhxLWg2ZzktaDRxNc4AA6jC
Wasmtime vulnerable to panic when using a dropped extenref-typed element segment
Ecosystems: cargo
Packages: wasmtime
Source: GitHub Advisory Database
Blast Radius: 11.2
Published: 8 months ago
Low
GSA_kwCzR0hTQS1yMzJnLXc5Y3YtOWZnY84AA6g_
RosarioSIS cross site scripting vulnerability
Ecosystems: packagist
Packages: francoisjacquet/rosariosis
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 8 months ago
Low
GSA_kwCzR0hTQS1tNzMyLXd2aDItN2NxNM4AA6R7
Unauthenticated views may expose information to anonymous users
Ecosystems: pypi
Packages: nautobot
Source: GitHub Advisory Database
Blast Radius: 6.2
Published: 8 months ago
Low
GSA_kwCzR0hTQS01OTJqLTk5NWgtcDIzas4AA6RV
RDoc RCE vulnerability with .rdoc_options
Ecosystems: rubygems
Packages: rdoc
Source: GitHub Advisory Database
Blast Radius: 25.5
Published: 8 months ago
Low
GSA_kwCzR0hTQS1tbWg2LTVjcGYtMmM3Ms4AA6RR
phpMyFAQ Path Traversal in Attachments
Ecosystems: packagist
Packages: phpmyfaq/phpmyfaq
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: 8 months ago
Low
GSA_kwCzR0hTQS01NTJmLTk3d2YtcG1wcc4AA6LG
Umbraco possible user enumeration
Ecosystems: nuget
Packages: UmbracoCMS
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 8 months ago
Low
GSA_kwCzR0hTQS1jcTk2LTk5NzQtdjhobc4AA6LE
Dynamic Variable Evaluation in qiskit-ibm-runtime
Ecosystems: pypi
Packages: qiskit-ibm-runtime
Source: GitHub Advisory Database
Blast Radius: 3.1
Published: 8 months ago
Low
GSA_kwCzR0hTQS1yajI5LWoyZzQtNzdxOM4AA6Gr
[TagAwareCipher] - Decryption Failure (Regex Match)
Ecosystems: packagist
Packages: ilicmiljan/secure-props
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 8 months ago
Low
GSA_kwCzR0hTQS01dmNjLTg2d20tNTQ3cc4AA6DQ
Improper Privilege Management in djangorestframework-simplejwt
Ecosystems: pypi
Packages: djangorestframework-simplejwt
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 8 months ago
Low
GSA_kwCzR0hTQS04NzlwLThndzQtbWNwd84AA6CK
fgr Vulnerable to Insecure Default Variable Initialization
Ecosystems: pypi
Packages: fgr
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 8 months ago
Low
GSA_kwCzR0hTQS14aGc5LXh3Y2gtdnI3eM4AA585
quiche vulnerable to unbounded storage of information related to connection ID retirement
Ecosystems: cargo
Packages: quiche
Source: GitHub Advisory Database
Blast Radius: 2.9
Published: 8 months ago
Low
GSA_kwCzR0hTQS03Zzk3LTdyM2MtNWNjNs4AA58e
In Quarkus, git credentials could be inadvertently published
Ecosystems: maven
Packages: io.quarkus:quarkus-kubernetes-deployment
Source: GitHub Advisory Database
Blast Radius: 7.3
Published: 8 months ago
Low
GSA_kwCzR0hTQS0yY2NyLWcycnYtaDY3N84AA571
Session Token in URL in directus
Ecosystems: npm
Packages: directus
Source: GitHub Advisory Database
Blast Radius: 4.7
Published: 8 months ago
Low
GSA_kwCzR0hTQS00bTdoLTM0eG0tNHdqds4AA5xy
Concrete CMS Stored Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: concrete5/concrete5
Source: GitHub Advisory Database
Blast Radius: 1.9
Published: 9 months ago
Low
GSA_kwCzR0hTQS1oNTl4LXA3MzktOTgyY84AA5ue
LangChain directory traversal vulnerability
Ecosystems: pypi
Packages: langchain-core, langchain
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 9 months ago
Low
GSA_kwCzR0hTQS02OGMyLTRtcHgtcWg5Nc4AA5rz
Potential leakage of Sentry auth tokens by React Native SDK with Expo plugin
Ecosystems: npm
Packages: @sentry/react-native
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 9 months ago
Low
GSA_kwCzR0hTQS05dng2LTd4eGYteDk2N84AA5qR
OpenZeppelin Contracts base64 encoding may read from potentially dirty memory
Ecosystems: npm
Packages: @openzeppelin/contracts-upgradeable, @openzeppelin/contracts
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 9 months ago
Low
GSA_kwCzR0hTQS0zZzM1LXY1M3ItZ3B4Y84AA5qJ
Mattermost race condition
Ecosystems: go
Packages: github.com/mattermost/mattermost/server/v8
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 9 months ago
Low
GSA_kwCzR0hTQS1yNGZtLWc2NWgtY3I1NM4AA5qG
Mattermost incorrectly allows access individual posts
Ecosystems: go
Packages: github.com/mattermost/mattermost/server/v8
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 9 months ago
Low
GSA_kwCzR0hTQS14Z3hqLWo5OGMtNTlyds4AA5p6
Mattermost fails to properly restrict the access of files attached to posts
Ecosystems: go
Packages: github.com/mattermost/mattermost/server/v8
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 9 months ago
Low
GSA_kwCzR0hTQS0zaHJyLXh3dmctaHh2cs4AA5pB
Keycloak DoS via account lockout
Ecosystems: maven
Packages: org.keycloak:keycloak-core
Source: GitHub Advisory Database
Blast Radius: 11.3
Published: 9 months ago
Low
GSA_kwCzR0hTQS05eHh2LXE2cHAtOTZ3cc4AA5mo
Concrete CMS Stored XSS
Ecosystems: packagist
Packages: concrete5/concrete5
Source: GitHub Advisory Database
Blast Radius: 2.0
Published: 9 months ago
Low
GSA_kwCzR0hTQS14ajV2LTZ2NGctamZ3Ns4AA5mD
Rack has possible DoS Vulnerability with Range Header
Ecosystems: rubygems
Packages: rack
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 9 months ago
Low
GSA_kwCzR0hTQS01NHJyLTdmdnctNng4Zs4AA5mC
Rack Header Parsing leads to Possible Denial of Service Vulnerability
Ecosystems: rubygems
Packages: rack
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 9 months ago
Low
GSA_kwCzR0hTQS01NTVwLW00djYtY3F4ds4AA5lr
ASA-2024-004: Default configuration param for Evidence may limit window of validity
Ecosystems: go
Packages: github.com/cometbft/cometbft
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 9 months ago
Low
GSA_kwCzR0hTQS04Nmg1LXhjcHgtY2ZxY84AA5jS
ASA-2024-005: Potential slashing evasion during re-delegation
Ecosystems: go
Packages: github.com/cosmos/cosmos-sdk
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 9 months ago
Low
GSA_kwCzR0hTQS1qamh4LWpodnAtNzR3cc4AA5jN
Rails has possible ReDoS vulnerability in Accept header parsing in Action Dispatch
Ecosystems: rubygems
Packages: actionpack
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 9 months ago
Low
GSA_kwCzR0hTQS00aHdxLTRjcG0tOHZteM4AA5gr
Vyper's `extract32` can ready dirty memory
Ecosystems: pypi
Packages: vyper
Source: GitHub Advisory Database
Blast Radius: 8.8
Published: 9 months ago
Low
GSA_kwCzR0hTQS05cDhyLTR4cDQtZ3c1d84AA5gq
Vyper's `_abi_decode` vulnerable to Memory Overflow
Ecosystems: pypi
Packages: vyper
Source: GitHub Advisory Database
Blast Radius: 8.8
Published: 9 months ago
Low
GSA_kwCzR0hTQS1wNG01LTMycHItMmhxcs4AA5gm
PyPop C extensions possible vulnerability: missing arguments and redundant null pointers
Ecosystems: pypi
Packages: pypop-genomics
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 9 months ago
Low
GSA_kwCzR0hTQS00Z21qLTNwM2gtZ204aM4AA5gl
es5-ext vulnerable to Regular Expression Denial of Service in `function#copy` and `function#toStringTokens`
Ecosystems: npm
Packages: es5-ext
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 9 months ago
Low
GSA_kwCzR0hTQS1xcHhtLTY4OXItMzg0Oc4AA5gL
Apache Camel data exposure vulnerability
Ecosystems: maven
Packages: org.apache.camel:camel-core
Source: GitHub Advisory Database
Blast Radius: 11.4
Published: 9 months ago
Low
GSA_kwCzR0hTQS1oOWo3LTV4dmMtcWhnNc4AA5fj
langchain Server-Side Request Forgery vulnerability
Ecosystems: pypi
Packages: langchain
Source: GitHub Advisory Database
Blast Radius: 15.8
Published: 9 months ago
Low
GSA_kwCzR0hTQS1yMjc1LWo1N2MtN21mMs4AA5ZI
Race condition in Endorsements
Ecosystems: rubygems
Packages: decidim
Source: GitHub Advisory Database
Blast Radius: 7.7
Published: 9 months ago
Low
GSA_kwCzR0hTQS05cjI2LTV3ODgtcWhwOc4AA5X0
Authorization Bypass in moodle
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 5.0
Published: 9 months ago
Low
GSA_kwCzR0hTQS00N2czLW1mMjQtNjU1Oc4AA5WN
Vulnerability affecting the org.openjfx:javafx-media maven component of the OpenJFX project
Ecosystems: maven
Packages: org.openjfx:javafx-media
Source: GitHub Advisory Database
Blast Radius: 9.7
Published: 9 months ago
Low
GSA_kwCzR0hTQS03N2hoLTQzY20tdjhqNs4AA5V2
tuf's Metadata API: Targets.get_delegated_role() is missing input validation
Ecosystems: pypi
Packages: tuf
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 9 months ago
Low
GSA_kwCzR0hTQS0zNzg3LTZwcnYtaDl3M84AA5Vg
Undici proxy-authorization header not cleared on cross-origin redirect in fetch
Ecosystems: npm
Packages: undici
Source: GitHub Advisory Database
Blast Radius: 19.5
Published: 9 months ago
Low
GSA_kwCzR0hTQS1tM2Y0LTk1N3gtbTc4Nc4AA5OZ
lambda-middleware Inefficient Regular Expression Complexity vulnerability
Ecosystems: npm
Packages: @lambda-middleware/json-deserializer
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 9 months ago
Low
GSA_kwCzR0hTQS05djN3LWNqN20tcWg1Z84AA5MU
Concrete CMS vulnerable to reflected XSS via the Image URL Import Feature
Ecosystems: packagist
Packages: concrete5/concrete5
Source: GitHub Advisory Database
Blast Radius: 1.7
Published: 10 months ago
Low
GSA_kwCzR0hTQS1xMjVoLWpjaDgtZ2ZycM4AA5MS
Concrete CMS vulnerable to stored XSS via the Role Name field
Ecosystems: packagist
Packages: concrete5/concrete5
Source: GitHub Advisory Database
Blast Radius: 1.7
Published: 10 months ago
Low
GSA_kwCzR0hTQS1tZ3A2LWo2NTgtdmN3Oc4AA5MT
Concrete CMS vulnerable to stored XSS in file tags and description attributes
Ecosystems: packagist
Packages: concrete5/concrete5
Source: GitHub Advisory Database
Blast Radius: 2.0
Published: 10 months ago
Low
GSA_kwCzR0hTQS00d3h3LTQyd3gtMndmeM4AA5MP
Apache Solr Schema Designer blindly "trusts" all configsets
Ecosystems: maven
Packages: org.apache.solr:solr-core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 10 months ago
Low
GSA_kwCzR0hTQS1jNGNtLXI5ZmgtamdqOc4AA5ML
commonground-api-common unexploitable privilege escalation in JWT authentication middleware
Ecosystems: pypi
Packages: vng-api-common-utrecht, vng-api-common, commonground-api-common
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 10 months ago
Low
GSA_kwCzR0hTQS1yODMzLXc3NTYtaDVwMs4AA5L7
Mattermost fails to check the required permissions
Ecosystems: go
Packages: github.com/mattermost/mattermost/server/v8
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 10 months ago
Low
GSA_kwCzR0hTQS00ZnA2LTU3NHAtZmMzNc4AA5L6
Mattermost Jira Plugin vulnerable to Cross-Site Request Forgery
Ecosystems: go
Packages: github.com/mattermost/mattermost-plugin-jira
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 10 months ago
Low
GSA_kwCzR0hTQS03OHhqLWNnaDUtMmgyMs4AA5Ki
NPM IP package incorrectly identifies some private IP addresses as public
Ecosystems: npm
Packages: ip
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 10 months ago
Low
GSA_kwCzR0hTQS1nZnJoLWd3cWMtNjNjds4AA5El
Sulu HTML Injection via Autocomplete Suggestion
Ecosystems: packagist
Packages: sulu/sulu
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 10 months ago
Low
GSA_kwCzR0hTQS02ODQ1LXh3MjItZmZ4ds4AA5Ef
Vyper sha3 codegen bug
Ecosystems: pypi
Packages: vyper
Source: GitHub Advisory Database
Blast Radius: 8.8
Published: 10 months ago
Low
GSA_kwCzR0hTQS1tcTZ2LXczNWctM2M5N84AA5C1
Local File Inclusion vulnerability in zmarkdown
Ecosystems: npm
Packages: zmarkdown
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 10 months ago
Low
GSA_kwCzR0hTQS12amc2LTkzZnYtcXY2NM4AA5Co
Etcd auth Inaccurate logging of authentication attempts for users with CN-based auth only
Ecosystems: go
Packages: go.etcd.io/etcd/v3
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 10 months ago
Low
GSA_kwCzR0hTQS1wbTNtLTMycjMtN21maM4AA5Cn
Etcd embed auto compaction retention negative value causing a compaction loop or a crash
Ecosystems: go
Packages: go.etcd.io/etcd/v3
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 10 months ago
Low
GSA_kwCzR0hTQS01eDRnLXE1cmMtMzZqcM4AA5Cl
Etcd pkg Insecure ciphers are allowed by default
Ecosystems: go
Packages: go.etcd.io/etcd/client/pkg/v3
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 10 months ago
Low
GSA_kwCzR0hTQS1wcjM5LTgyNTctZnhjMs4AA5Ci
Nervos CKB DoS: Process exists when p2p discovery protocol receives unsupported peer IP
Ecosystems: cargo
Packages: ckb
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 10 months ago
Low
GSA_kwCzR0hTQS1ncDN3LTJ2Mm0tcDY4Ns4AA5Bo
Vyper's external calls can overflow return data to return input buffer
Ecosystems: pypi
Packages: vyper
Source: GitHub Advisory Database
Blast Radius: 8.8
Published: 10 months ago
Low
GSA_kwCzR0hTQS04MnZ4LW1tNnItZ2c4d84AA4_5
Bref vulnerable to Body Parsing Inconsistency in Event-Driven Functions
Ecosystems: packagist
Packages: bref/bref
Source: GitHub Advisory Database
Blast Radius: 9.0
Published: 10 months ago
Low
GSA_kwCzR0hTQS1oODRxLW04cnItM3Y5cc4AA4-6
wasmtime_trap_code C API function has out of bounds write vulnerability
Ecosystems: cargo
Packages: wasmtime
Source: GitHub Advisory Database
Blast Radius: 12.9
Published: 10 months ago
Low
GSA_kwCzR0hTQS1wNnJwLW14ODUtbTQ1Oc4AA49f
Spring Cloud Contract vulnerable to local information disclosure
Ecosystems: maven
Packages: org.springframework.cloud:spring-cloud-contract-shade
Source: GitHub Advisory Database
Blast Radius: 3.8
Published: 10 months ago
Low
GSA_kwCzR0hTQS1yam12LTUybXAtZ2pycs4AA480
vantage6 may create unencrypted tasks in encrypted collaboration
Ecosystems: pypi
Packages: vantage6
Source: GitHub Advisory Database
Blast Radius: 3.3
Published: 10 months ago
Low
GSA_kwCzR0hTQS00NWdxLXE0eGgtY3A1M84AA48y
vantage6 vulnerable to username timing attack
Ecosystems: pypi
Packages: vantage6-server
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 10 months ago
Low
GSA_kwCzR0hTQS1mNjdmLTJqNnItbTRjOc4AA4q0
Non-constant time webhook token comparison in Jenkins GitLab Branch Source Plugin
Ecosystems: maven
Packages: io.jenkins.plugins:gitlab-branch-source
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 10 months ago
Low
GSA_kwCzR0hTQS1oY3ZwLTJjYzctanJ3cs4AA4oO
changedetection.io API endpoint is not secured with API token
Ecosystems: pypi
Packages: changedetection.io
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 10 months ago
Low
GSA_kwCzR0hTQS12MzYzLXJyZjItNWZtas4AA4ig
ferris-says has undefined behavior when not using UTF-8
Ecosystems: cargo
Packages: ferris-says
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 10 months ago
Low
GSA_kwCzR0hTQS0ycTZqLWdxYzQtNGd3M84AA4gE
Breaking unlinkability in Identity Mixer using malicious keys
Ecosystems: cargo
Packages: ursa, anoncreds-clsignatures
Source: GitHub Advisory Database
Blast Radius: 5.4
Published: 10 months ago
Low
GSA_kwCzR0hTQS04cXc5LWdmN3ctNDJ4Nc4AA4a1
Minor fix to previous patch for CVE-2022-35918
Ecosystems: pypi
Packages: streamlit
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 10 months ago
Low
GSA_kwCzR0hTQS1yZ3JmLTZtZjUtbTg4Ms4AA4Yr
cdo-local-uuid vulnerable to insertion of artifact derived from developer's Present Working Directory into demonstration code
Ecosystems: pypi
Packages: case-utils, cdo-local-uuid
Source: GitHub Advisory Database
Blast Radius: 0.7
Published: 10 months ago
Low
GSA_kwCzR0hTQS1mODk5LTRtcjQtZnFwds4AA4Uf
Apache Answer Race Condition vulnerability
Ecosystems: go
Packages: github.com/apache/incubator-answer
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 11 months ago
Low
GSA_kwCzR0hTQS03MzNyLTh4Y3Atdzltcs4AA4N5
Flarum's logout Route allows open redirects
Ecosystems: packagist
Packages: flarum/framework, flarum/core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 11 months ago
Low
GSA_kwCzR0hTQS03eGcyLTgzZjgtMzltcs4AA4Lf
The DES/3DES cipher was used as part of the TLS protocol by installation tools
Ecosystems: go
Packages: github.com/karmada-io/karmada
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 11 months ago
Low
GSA_kwCzR0hTQS0zcGZqLWc0d3ItcWozas4AA4J-
Gila CMS SQL Injection vulnerability
Ecosystems: packagist
Packages: gilacms/gila
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 11 months ago
Low
GSA_kwCzR0hTQS00dmY2LTJybXgtZmdxeM4AA4KC
Gila CMS SQL Injection vulnerability
Ecosystems: packagist
Packages: gilacms/gila
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 11 months ago
Low
GSA_kwCzR0hTQS0yeDdyLTkzd3ctY3hycc4AA4Je
Winter CMS Local File Inclusion through Server Side Template Injection
Ecosystems: packagist
Packages: winter/wn-backend-module
Source: GitHub Advisory Database
Blast Radius: 4.5
Published: 11 months ago
Low
GSA_kwCzR0hTQS05dzk3LTlycXgtOHY0as4AA4Jd
Mattermost allows demoted guests to change group names
Ecosystems: go
Packages: github.com/mattermost/mattermost/server/v8
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 11 months ago
Low
GSA_kwCzR0hTQS1oM2dxLWo3cDkteDNwNM4AA4Gf
Mattermost Cross-site Scripting vulnerability
Ecosystems: go
Packages: github.com/mattermost/mattermost/server/v8
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 11 months ago
Low
GSA_kwCzR0hTQS00M3c0LTRqM2MtangyOc4AA4EN
Winter CMS Stored XSS through Backend ColorPicker FormWidget
Ecosystems: packagist
Packages: winter/wn-backend-module
Source: GitHub Advisory Database
Blast Radius: 2.7
Published: 11 months ago
Low
GSA_kwCzR0hTQS00d3Z3LTc1cWgtZnFqcM4AA4EM
Winter CMS Stored XSS through privileged upload of Media Manager file followed by renaming
Ecosystems: packagist
Packages: winter/wn-system-module
Source: GitHub Advisory Database
Blast Radius: 2.7
Published: 11 months ago
Low
GSA_kwCzR0hTQS12ZjVtLXhyaG0tdjk5Oc4AA4AF
Nautobot missing object-level permissions enforcement when running Job Buttons
Ecosystems: pypi
Packages: nautobot
Source: GitHub Advisory Database
Blast Radius: 5.9
Published: 11 months ago
Low
GSA_kwCzR0hTQS1xNXEzLXFtMjYtOWp3bc4AA3-T
Authenticated Blind SSRF in automad/automad
Ecosystems: packagist
Packages: automad/automad
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 11 months ago
Low
GSA_kwCzR0hTQS13OHZoLXA3NGoteDl4cM4AA34Q
yii2-authclient vulnerable to possible timing attack on string comparison in OAuth1, OAuth2 and OpenID Connect implementation
Ecosystems: packagist
Packages: yiisoft/yii2-authclient
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 11 months ago
Low
GSA_kwCzR0hTQS1xcWhxLThyMmMtYzNmNc4AA322
nvdApiKey is logged in debug mode
Ecosystems: maven
Packages: org.owasp:dependency-check-maven, org.owasp:dependency-check-cli, org.owasp:dependency-check-ant
Source: GitHub Advisory Database
Blast Radius: 6.9
Published: 11 months ago
Low
GSA_kwCzR0hTQS0zbXY1LTM0M2MtdzJxZ84AA3yl
Ref methods into_ref, into_mut, into_slice, and into_slice_mut are unsound when used with cell::Ref or cell::RefMut
Ecosystems: cargo
Packages: zerocopy
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 11 months ago
Low
GSA_kwCzR0hTQS13aGd2LTZqNzgtNXJoMs4AA3vI
Broken access control in Silverpeas
Ecosystems: maven
Packages: org.silverpeas.core:silverpeas-core-web, org.silverpeas.core:silverpeas-core-war
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 11 months ago
Low
GSA_kwCzR0hTQS03NW1jLTNwamMtNzI3cc4AA3uo
Unauthenticated db-file-storage views
Ecosystems: pypi
Packages: nautobot
Source: GitHub Advisory Database
Blast Radius: 6.2
Published: 11 months ago
Low
GSA_kwCzR0hTQS02eG14LTg1eDMtNGN2Ms4AA3ug
Stored XSS via SVG File Upload
Ecosystems: nuget
Packages: Umbraco.CMS
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 11 months ago
Low
GSA_kwCzR0hTQS03eDc0LWg4Y3ctcWh4cc4AA3uf
Brute force exploit can be used to collect valid usernames
Ecosystems: nuget
Packages: Umbraco.CMS
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 11 months ago
Low
GSA_kwCzR0hTQS04cXA4LTlycHctajQ2Y84AA3ue
SMTP misconfiguration leading to "Forgot Password" exploit that leaks registered user email.
Ecosystems: nuget
Packages: Umbraco.CMS
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 11 months ago
Low
GSA_kwCzR0hTQS02MzI0LTUycHItaDRwNc4AA3uc
Using the directory back payload (“/../”) in a package name allows placement of package in other folders.
Ecosystems: nuget
Packages: Umbraco.CMS
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 11 months ago
Low
GSA_kwCzR0hTQS0zMzV4LTV3Y20tOGp2Ms4AA3ua
Backoffice User can bypass "Publish" restriction
Ecosystems: nuget
Packages: Umbraco.CMS
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 11 months ago
Statistics
Advisories: 20,668
Packages: 9,040
Repositories: 508
Ecosystems: 12
Filter by Severity
Moderate 8,836 High 7,269 Critical 3,070 Low 1,144
Filter by Ecosystem
pypi 476 maven 294 packagist 228 go 161 npm 156 cargo 63 rubygems 48 nuget 27 hex 3 actions 2 pub 1 swift 1
Filter by Package
tensorflow-gpu 105 tensorflow-cpu 105 tensorflow 105 moodle/moodle 24 concrete5/concrete5 19 typo3/cms 13 shopware/platform 12 github.com/mattermost/mattermost/server/v8 11 phpmyadmin/phpmyadmin 10 shopware/core 10 nova 9 org.apache.tomcat:tomcat 9 org.jenkins-ci.main:jenkins-core 9 wasmtime 7 Umbraco.CMS 7 ethyca-fides 6 puppet 6 vyper 6 symfony/symfony 6 org.keycloak:keycloak-services 6 undici 6 helm.sh/helm/v3 5 ansible 5 magento/community-edition 5 typo3/cms-core 5 silverstripe/framework 5 k8s.io/kubernetes 5 elliptic 5 rack 5 october/backend 5 sweetalert2 5 baserproject/basercms 5 electron 4 com.vaadin:flow-server 4 actionpack 4 github.com/mattermost/mattermost-server/v6 4 shopware/shopware 4 zenml 4 github.com/cilium/cilium 4 helm.sh/helm 4 simplesamlphp/simplesamlphp 4 github.com/cosmos/cosmos-sdk 3 ckb 3 github.com/mattermost/mattermost-server 3 typo3/cms-backend 3 cryptography 3 go.etcd.io/etcd/v3 3 matrix-synapse 3 vantage6 3 github.com/authzed/spicedb 3 com.vaadin:vaadin-bom 3 org.apache.hive:hive-service 3 org.apache.hive:hive 3 org.apache.hive:hive-exec 3 bin-links 3 org.graylog2:graylog2-server 3 apache-airflow 3 passenger 3 glance 3 @openzeppelin/contracts-upgradeable 3 github.com/cometbft/cometbft 3 langchain 3 node-forge 3 nautobot 3 twig/twig 3 org.jenkins-ci.plugins:wso2id-oauth 2 github.com/containerd/containerd 2 github.com/sigstore/cosign 2 activesupport 2 winter/wn-backend-module 2 go.etcd.io/etcd/client/v3 2 send 2 grumpydictator/firefly-iii 2 ezsystems/ezplatform-kernel 2 OctoPrint 2 @apollo/server 2 org.keycloak:keycloak-ldap-federation 2 symfony/security-http 2 org.eclipse.jetty:jetty-servlets 2 ezsystems/ezpublish-kernel 2 tuf 2 craftcms/cms 2 freewvs 2 github.com/nats-io/nats-server/v2 2 org.jenkins-ci.plugins:mercurial 2 s2n-tls 2 flarum/core 2 org.apache.hadoop:hadoop-common 2 dbt-core 2 microweber/microweber 2 cargo 2 github.com/opencontainers/runc 2 salt 2 plone 2 symfony/http-foundation 2 admidio/admidio 2 statamic/cms 2 org.jenkins-ci.plugins:artifactory 2 gradio 2 github.com/mutagen-io/mutagen 2 s2n-quic 2 github.com/grafana/grafana 2 com.ruoyi:ruoyi 2 express 2 org.apache.activemq:activemq-parent 2 librenms/librenms 2 agnai 2 com.inedo.proget:inedo-proget 2 Flask-Security-Too 2 org.jenkins-ci.plugins:repository-connector 2 guarddog 2 braces 2 github.com/ntbosscher/gobase 2 node-ipc 2 tribalsystems/zenario 2 angular 2 python-keystoneclient 2 october/system 2 parse-server 2 aiohttp 2 org.jenkins-ci.plugins:ec2 2 github.com/answerdev/answer 2 keystone 2 sequoia-openpgp 2 org.jenkins-ci.plugins:bigpanda-jenkins 2 tools.devnull:build-notifications 2 ceph-deploy 2 github.com/hashicorp/nomad 2 mattermost-desktop 2 org.xwiki.platform:xwiki-platform-oldcore 2 sylius/sylius 2 github.com/docker/docker 2 org.jenkins-ci.plugins:azure-ad 2 @openzeppelin/contracts 2 next-auth 2 october/cms 2 github.com/goharbor/harbor 2 org.eclipse.jetty:jetty-server 2 horizon 2 Nova 2 wagtail 2 org.bouncycastle:bcprov-jdk14 2 serve-static 2 django 2 gilacms/gila 2 github.com/hashicorp/vault 2 Zope 2 typo3/cms-install 2 typo3/cms-frontend 2 org.jenkins-ci.plugins:twitter 1 org.apache.camel:camel-core 1 io.jenkins.plugins:teams-webhook-trigger 1 UmbracoCMS 1 org.jenkins-ci.plugins:zanata 1 org.jenkins-ci.plugins:skype-notifier 1 Simple-Wayland-HotKey-Daemon 1 com.google.guava:guava 1 org.bouncycastle:bcprov-jdk12 1 born05/craft-twofactorauthentication 1 org.jenkins-ci.plugins:azure-publishersettings-credentials 1 igalg.jenkins.plugins:multibranch-scan-webhook-trigger 1 org.bouncycastle:bcprov-jdk13 1 jquery.terminal 1 org.bouncycastle:bcprov-jdk15to18 1 org.jenkins-ci.plugins:testlink 1 org.bouncycastle:bcprov-jdk18on 1 sudo-rs 1 github.com/artifacthub/hub 1 wasmer 1 mdx-mermaid 1 org.jenkins-ci.plugins:aqua-security-scanner 1 github.com/argoproj/argo-workflows/v3 1 org.jenkins-ci.plugins:aws-beanstalk-publisher-plugin 1 org.jenkins-ci.plugins:zap 1 org.wildfly.core:wildfly-server 1 org.jenkins-ci.plugins:aws-cloudwatch-logs-publisher 1 org.jenkins-ci.plugins:bitbucket-approve 1 org.jenkins-ci.plugins:relution-publisher 1 org.postgresql:postgresql 1 sh.hyper.plugins:hyper-commons 1 parsec-service 1 org.jenkins-ci.plugins:audit2db 1 cggmp21-keygen 1 cggmp21 1 org.jenkins-ci.plugins:veracode-scanner 1 org.jenkins-ci.plugins:aws-device-farm 1 org.jenkins-ci.plugins:sametime 1 org.jenkins-ci.plugins:koji 1 com.cloudcoreo.plugins:cloudcoreo-deploytime 1 de.e-nexus:jabber-server-plugin 1 org.jenkins-ci.plugins:youtrack-plugin 1 org.jenkins-ci.plugins:netsparker-cloud-scan 1 github.com/opencontainers/distribution-spec 1 jquery-validation 1 com.convertigo.jenkins.plugins:convertigo-mobile-platform 1 github.com/apache/incubator-answer 1 anoncreds-clsignatures 1 rusty-paseto 1 ursa 1 PyDrive2 1
Filter by Repository
https://github.com/tensorflow/tensorflow 105 https://github.com/concretecms/concretecms 18 https://github.com/moodle/moodle 17 https://github.com/shopware/platform 12 https://github.com/openstack/nova 11 https://github.com/octobercms/october 9 https://github.com/keycloak/keycloak 9 https://github.com/etcd-io/etcd 8 https://github.com/umbraco/Umbraco-CMS 8 https://github.com/TYPO3/typo3 7 https://github.com/bytecodealliance/wasmtime 7 https://github.com/phpmyadmin/phpmyadmin 7 https://github.com/eclipse/jetty.project 7 https://github.com/symfony/symfony 7 https://github.com/vyperlang/vyper 6 https://github.com/ansible/ansible 6 https://github.com/nodejs/undici 6 https://github.com/rails/rails 6 https://github.com/ethyca/fides 6 https://github.com/xwiki/xwiki-platform 5 https://github.com/rack/rack 5 https://github.com/puppetlabs/puppet 5 https://github.com/baserproject/basercms 5 https://github.com/kubernetes/kubernetes 5 https://github.com/indutny/elliptic 5 https://github.com/helm/helm 5 https://github.com/apache/airflow 5 https://github.com/jenkinsci/jenkins 5 https://github.com/mattermost/mattermost 5 https://github.com/sweetalert2/sweetalert2 5 https://github.com/shopware/shopware 4 https://github.com/electron/electron 4 https://github.com/vaadin/platform 4 https://github.com/vantage6/vantage6 4 https://github.com/apache/tomcat 4 https://github.com/wintercms/winter 4 https://github.com/silverstripe/silverstripe-framework 4 https://github.com/cilium/cilium 4 https://github.com/simplesamlphp/simplesamlphp 4 https://github.com/nervosnetwork/ckb 3 https://github.com/matrix-org/synapse 3 https://github.com/CVEProject/cvelist 3 https://github.com/Graylog2/graylog2-server 3 https://github.com/cometbft/cometbft 3 https://github.com/openstack/keystone 3 https://github.com/pyca/cryptography 3 https://github.com/nautobot/nautobot 3 https://github.com/digitalbazaar/forge 3 https://gitlab.com/sequoia-pgp/sequoia 3 https://github.com/twigphp/Twig 3 https://github.com/zenml-io/zenml 3 https://github.com/phusion/passenger 3 https://github.com/authzed/spicedb 3 https://github.com/cosmos/cosmos-sdk 3 https://github.com/Byron/gitoxide 3 https://github.com/vaadin/flow 3 https://github.com/nats-io/nats-server 2 https://github.com/langchain-ai/langchain 2 https://github.com/nextauthjs/next-auth 2 https://github.com/apache/activemq 2 https://github.com/aws/s2n-tls 2 https://github.com/mutagen-io/mutagen 2 https://github.com/dbt-labs/dbt-core 2 https://github.com/quarkusio/quarkus 2 https://github.com/Alexhuszagh/rust-lexical 2 https://github.com/aio-libs/aiohttp 2 https://github.com/micromatch/braces 2 https://github.com/zopefoundation/Zope 2 https://github.com/hashicorp/nomad 2 https://github.com/opencontainers/runc 2 https://github.com/rust-lang/cargo 2 https://github.com/RIAEvangelist/node-ipc 2 https://github.com/opencontainers/distribution-spec 2 https://github.com/apache/druid 2 https://github.com/jenkinsci/ec2-plugin 2 https://github.com/wagtail/wagtail 2 https://github.com/theupdateframework/python-tuf 2 https://github.com/expressjs/express 2 https://github.com/parse-community/parse-server 2 https://github.com/OpenZeppelin/openzeppelin-contracts 2 https://github.com/TYPO3/TYPO3.CMS 2 https://github.com/Sylius/Sylius 2 https://github.com/sigstore/cosign 2 https://github.com/openstack/horizon 2 https://github.com/containerd/containerd 2 https://github.com/Flask-Middleware/flask-security 2 https://github.com/octoprint/octoprint 2 https://github.com/bcgit/bc-java 2 https://github.com/django/django 2 https://github.com/librenms/librenms 2 https://github.com/moby/moby 2 https://github.com/openstack/glance 2 https://github.com/gradio-app/gradio 2 https://github.com/firefly-iii/firefly-iii 2 https://github.com/ceph/ceph-deploy 2 https://github.com/aws/s2n-quic 2 https://github.com/apollographql/apollo-server 2 https://github.com/DataDog/guarddog 2 https://github.com/schokokeksorg/freewvs 2 https://github.com/craftcms/cms 2 https://github.com/dfns/cggmp21 2 https://github.com/goharbor/harbor 2 https://github.com/ezsystems/ezplatform-kernel 2 https://github.com/expressjs/serve-static 2 https://github.com/saltstack/salt 2 https://github.com/agnaistic/agnai 2 https://github.com/statamic/cms 2 https://github.com/microweber/microweber 2 https://github.com/ntbosscher/gobase 2 https://github.com/flarum/framework 2 https://github.com/answerdev/answer 2 https://github.com/GilaCMS/gila 2 https://github.com/dfns/paillier-zk 1 https://github.com/actions/toolkit 1 https://github.com/artifacthub/hub 1 https://github.com/kimai/kimai 1 https://github.com/jenkinsci/support-core-plugin 1 https://github.com/wiremock/wiremock 1 https://github.com/paragonie/random_compat 1 https://github.com/Icinga/ipl-web 1 https://github.com/jenkinsci/coverity-plugin 1 https://github.com/sjwall/mdx-mermaid 1 https://github.com/cloudflare/tableflip 1 https://github.com/crossplane/crossplane 1 https://github.com/open-webui/open-webui 1 https://github.com/x-extends/vxe-table 1 https://github.com/fog/fog 1 https://github.com/mganss/HtmlSanitizer 1 https://github.com/knative-extensions/eventing-gitlab 1 https://github.com/onelogin/php-saml 1 https://github.com/joniles/mpxj 1 https://github.com/aws/aws-encryption-sdk-cli 1 https://github.com/RhinoSecurityLabs/CVEs 1 https://github.com/plone/plone.namedfile 1 https://github.com/biscuit-auth/biscuit-rust 1 https://github.com/jshttp/cookie 1 https://github.com/C2FO/fast-csv 1 https://github.com/SteeltoeOSS/security-advisories 1 https://github.com/aws/aws-dynamodb-encryption-python 1 https://gitlab.com/gitlab-org/cves 1 https://github.com/auth0/lock 1 https://github.com/ipython/ipython 1 https://github.com/pterodactyl/panel 1 https://github.com/apache/maven-archetype 1 https://github.com/mportuga/eslint-detailed-reporter 1 https://github.com/screetsec/VDD 1 https://github.com/evmos/evmos 1 https://github.com/Qiskit/qiskit-ibm-runtime 1 https://github.com/ethereum/web3.js 1 https://github.com/huandu/facebook 1 https://github.com/sigstore/gitsign 1 https://github.com/gayanhewa/sailsjs-cacheman 1 https://github.com/jenkinsci/meliora-testlab-plugin 1 https://github.com/ruby/rdoc 1 https://github.com/visionmedia/send 1 https://github.com/DSpace/DSpace 1 https://github.com/IncludeSecurity/safeurl-python 1 https://github.com/Katello/katello 1 https://github.com/risc0/risc0 1 https://github.com/silverstripe/silverstripe-omnipay 1 https://github.com/apache/lucene-solr 1 https://github.com/isaacs/chownr 1 https://github.com/npm/npm-user-validate 1 https://github.com/mautic/mautic 1 https://github.com/louislam/uptime-kuma 1 https://github.com/slsa-framework/slsa-verifier 1 https://github.com/aldanor/fast-float-rust 1 https://github.com/DataDog/dd-trace-php 1 https://github.com/ory/oathkeeper 1 https://github.com/topgrade-rs/topgrade 1 https://github.com/moment/moment-timezone 1 https://github.com/personnummer/python 1 https://github.com/jenkinsci/parameterized-trigger-plugin 1 https://github.com/jenkinsci/gitlab-branch-source-plugin 1 https://github.com/grpc/grpc-go 1 https://github.com/fluture-js/fluture-node 1 https://github.com/step-security/harden-runner 1 https://github.com/petergoldstein/dalli 1 https://github.com/DataDog/datadog-api-client-java 1 https://github.com/syncthing/syncthing 1 https://github.com/tektoncd/pipeline 1 https://github.com/mapfish/mapfish-print 1 https://github.com/snapcore/snapd 1 https://github.com/matrix-org/matrix-appservice-irc 1 https://github.com/snipe/snipe-it 1 https://github.com/zestedesavoir/zmarkdown 1 https://github.com/plannigan/hyper-bump-it 1 https://github.com/jenkinsci/aws-device-farm-plugin 1 https://github.com/bytecodealliance/cap-std 1 https://github.com/personnummer/java 1 https://github.com/gsemac/Gsemac.Common 1 https://github.com/parallaxsecond/parsec 1 https://github.com/python-pillow/Pillow 1 https://github.com/tokio-rs/tokio 1 https://github.com/personnummer/js 1 https://github.com/sbt/sbt 1 https://github.com/erelsgl/limdu 1 https://github.com/personnummer/rust 1 https://github.com/jenkinsci/snsnotify-plugin 1