Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories

Browse all Security Advisories for

Loading...
Low
GSA_kwCzR0hTQS1tM2Y0LTk1N3gtbTc4Nc4AA5OZ
lambda-middleware Inefficient Regular Expression Complexity vulnerability
Ecosystems: npm
Packages: @lambda-middleware/json-deserializer
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 10 months ago
Moderate
GSA_kwCzR0hTQS12NzZ3LTNwaDgtdm02Ns4AA5Oc
Undertow Path Traversal vulnerability
Ecosystems: maven
Packages: io.undertow:undertow-core
Source: GitHub Advisory Database
Blast Radius: 19.7
Published: 10 months ago
High
GSA_kwCzR0hTQS0yanY1LTlyODgtM3czcM4AA5N5
python-multipart vulnerable to Content-Type Header ReDoS
Ecosystems: pypi
Packages: python-multipart
Source: GitHub Advisory Database
Blast Radius: 30.7
Published: 10 months ago
High
GSA_kwCzR0hTQS0yMnE4LWdobXEtNjN2Zs4AA5N4
libgit2-sys affected by memory corruption, denial of service, and arbitrary code execution in libgit2
Ecosystems: cargo
Packages: libgit2-sys
Source: GitHub Advisory Database
Blast Radius: 31.3
Published: 10 months ago
Critical
GSA_kwCzR0hTQS1nY2NxLWgzeGotamd2Zs4AA5N1
Pixelfed doesn't check OAuth Scopes in API routes, giving elevated permissions
Ecosystems: packagist
Packages: pixelfed/pixelfed
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 10 months ago
High
GSA_kwCzR0hTQS02cDkyLXFmcWYtcXd4NM4AA5N0
OpenRefine JDBC Attack Vulnerability
Ecosystems: maven
Packages: org.openrefine:database
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 10 months ago
Moderate
GSA_kwCzR0hTQS01cDJ4LTg0MjctOWZncM4AA5Nz
Moodle Improper Access Control vulnerability
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 9.2
Published: 10 months ago
High
GSA_kwCzR0hTQS1ndnBnLXZnbXgteGc2d84AA5M9
Denial of Service in Connect2id Nimbus JOSE+JWT
Ecosystems: maven
Packages: com.nimbusds:nimbus-jose-jwt
Source: GitHub Advisory Database
Blast Radius: 28.5
Published: 10 months ago
Critical
GSA_kwCzR0hTQS1oM3J3LTc3dzctOTJnZs4AA5NA
Samly access control vulnerability
Ecosystems: hex
Packages: Samly
Source: GitHub Advisory Database
Blast Radius: 7.7
Published: 10 months ago
Moderate
GSA_kwCzR0hTQS05OXZjLXh3OGotcGhqbc4AA5M7
Ghost has possible Cross-site Scripting issue
Ecosystems: npm
Packages: ghost
Source: GitHub Advisory Database
Blast Radius: 17.4
Published: 10 months ago
High
GSA_kwCzR0hTQS00dzR2LTVoYzkteHJyMs4AA5Mb
angular vulnerable to super-linear runtime due to backtracking
Ecosystems: maven, npm
Packages: org.webjars.bower:angular, org.webjars.npm:angular, angular
Source: GitHub Advisory Database
Blast Radius: 51.8
Published: 10 months ago
Low
GSA_kwCzR0hTQS1tZ3A2LWo2NTgtdmN3Oc4AA5MT
Concrete CMS vulnerable to stored XSS in file tags and description attributes
Ecosystems: packagist
Packages: concrete5/concrete5
Source: GitHub Advisory Database
Blast Radius: 2.0
Published: 10 months ago
Low
GSA_kwCzR0hTQS05djN3LWNqN20tcWg1Z84AA5MU
Concrete CMS vulnerable to reflected XSS via the Image URL Import Feature
Ecosystems: packagist
Packages: concrete5/concrete5
Source: GitHub Advisory Database
Blast Radius: 1.7
Published: 10 months ago
Low
GSA_kwCzR0hTQS1xMjVoLWpjaDgtZ2ZycM4AA5MS
Concrete CMS vulnerable to stored XSS via the Role Name field
Ecosystems: packagist
Packages: concrete5/concrete5
Source: GitHub Advisory Database
Blast Radius: 1.7
Published: 10 months ago
Low
GSA_kwCzR0hTQS00d3h3LTQyd3gtMndmeM4AA5MP
Apache Solr Schema Designer blindly "trusts" all configsets
Ecosystems: maven
Packages: org.apache.solr:solr-core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 10 months ago
Moderate
GSA_kwCzR0hTQS0zaHdjLXJxd3AtdjM2cc4AA5MO
Apache Solr can leak certain passwords due to System Property redaction logic inconsistencies
Ecosystems: maven
Packages: org.apache.solr:solr-core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 10 months ago
Moderate
GSA_kwCzR0hTQS0zN3ZyLXZtZzQtandwd84AA5MQ
Apache Solr: Backup/Restore APIs allow for deployment of executables in malicious ConfigSets
Ecosystems: maven
Packages: org.apache.solr:solr-core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 10 months ago
Moderate
GSA_kwCzR0hTQS14cmo3LXg3Z3Atd3dxcs4AA5MN
Apache Solr's Streaming Expressions allow users to extract data from other Solr Clouds
Ecosystems: maven
Packages: org.apache.solr:solr-solrj, org.apache.solr:solr-solrj-streaming
Source: GitHub Advisory Database
Blast Radius: 30.2
Published: 10 months ago
High
GSA_kwCzR0hTQS0zMmg3LTdqOTQtOGZjMs4AA5MM
Mattermost vulnerable to denial of service via large number of emoji reactions
Ecosystems: go
Packages: github.com/mattermost/mattermost/server/v8
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 10 months ago
Low
GSA_kwCzR0hTQS1jNGNtLXI5ZmgtamdqOc4AA5ML
commonground-api-common unexploitable privilege escalation in JWT authentication middleware
Ecosystems: pypi
Packages: vng-api-common-utrecht, vng-api-common, commonground-api-common
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 10 months ago
High
GSA_kwCzR0hTQS14NWoyLWc2M20tZjhnNM4AA5MK
pqc_kyber KyberSlash: division timings depending on secrets
Ecosystems: cargo
Packages: pqc_kyber
Source: GitHub Advisory Database
Blast Radius: 16.6
Published: 10 months ago
High
GSA_kwCzR0hTQS1ycjY5LXJ4cjYtOHF3Zs4AA5MJ
serde-json-wasm stack overflow during recursive JSON parsing
Ecosystems: cargo
Packages: serde-json-wasm
Source: GitHub Advisory Database
Blast Radius: 22.5
Published: 10 months ago
Moderate
GSA_kwCzR0hTQS1xcjhmLWNqdzctODM4bc4AA5L-
Mattermost Jira Plugin does not properly check security levels
Ecosystems: go
Packages: github.com/mattermost/mattermost-plugin-jira
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 10 months ago
Low
GSA_kwCzR0hTQS1yODMzLXc3NTYtaDVwMs4AA5L7
Mattermost fails to check the required permissions
Ecosystems: go
Packages: github.com/mattermost/mattermost/server/v8
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 10 months ago
Low
GSA_kwCzR0hTQS00ZnA2LTU3NHAtZmMzNc4AA5L6
Mattermost Jira Plugin vulnerable to Cross-Site Request Forgery
Ecosystems: go
Packages: github.com/mattermost/mattermost-plugin-jira
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 10 months ago
Moderate
GSA_kwCzR0hTQS0yMnIzLTl3NTUtY2o1NM4AA5Lq
Pkg Local Privilege Escalation
Ecosystems: npm
Packages: pkg
Source: GitHub Advisory Database
Blast Radius: 26.2
Published: 10 months ago
Moderate
GSA_kwCzR0hTQS01ODNnLWc2ODItY3J4Zs4AA5Lp
Micronaut management endpoints vulnerable to drive-by localhost attack
Ecosystems: maven
Packages: io.micronaut:micronaut-http-server-tck, io.micronaut:micronaut-http-server-netty, io.micronaut:micronaut-http-server
Source: GitHub Advisory Database
Blast Radius: 16.0
Published: 10 months ago
Moderate
GSA_kwCzR0hTQS01OWo4LTc3NnYteHh4Z84AA5Lo
NoneBot Potential Information Leak in User-Constructed Message Templates
Ecosystems: pypi
Packages: nonebot2
Source: GitHub Advisory Database
Blast Radius: 15.1
Published: 10 months ago
Moderate
GSA_kwCzR0hTQS14cmY4LWNtcmctNzQzNs4AA5LY
Cross-site scripting (XSS) vulnerability in Grav
Ecosystems: packagist
Packages: getgrav/grav
Source: GitHub Advisory Database
Blast Radius: 5.2
Published: 10 months ago
High
GSA_kwCzR0hTQS1nY2dqLXFoOHAtNTdobc4AA5LF
October CMS Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: october/october
Source: GitHub Advisory Database
Blast Radius: 6.6
Published: 10 months ago
High
GSA_kwCzR0hTQS1jODY2LThncHctcDNtds4AA5K1
HashiCorp Nomad vulnerable to symlink attacks
Ecosystems: go
Packages: github.com/hashicorp/nomad
Source: GitHub Advisory Database
Blast Radius: 17.8
Published: 10 months ago
High
GSA_kwCzR0hTQS0zcXgzLTZoeHItajJjaM4AA5Ks
eza Potential Heap Overflow Vulnerability for AArch64
Ecosystems: cargo
Packages: eza
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 10 months ago
High
GSA_kwCzR0hTQS04MzNtLTM3ZjctanE1Nc4AA5Kr
Rancher API Server Cross-site Scripting Vulnerability
Ecosystems: go
Packages: github.com/rancher/apiserver
Source: GitHub Advisory Database
Blast Radius: 16.8
Published: 10 months ago
High
GSA_kwCzR0hTQS1yOGY0LWh2MjMtNnFwNs4AA5Kq
Norman API Cross-site Scripting Vulnerability
Ecosystems: go
Packages: github.com/rancher/norman
Source: GitHub Advisory Database
Blast Radius: 19.1
Published: 10 months ago
High
GSA_kwCzR0hTQS14Zmo3LXFmOHctMmdjcs4AA5Kp
Rancher 'Audit Log' leaks sensitive information
Ecosystems: go
Packages: github.com/rancher/rancher
Source: GitHub Advisory Database
Blast Radius: 12.5
Published: 10 months ago
High
GSA_kwCzR0hTQS1jODVyLWZ3YzctNDV2Y84AA5Ko
Rancher permissions on 'namespaces' in any API group grants 'edit' permissions on namespaces in 'core'
Ecosystems: go
Packages: github.com/rancher/rancher
Source: GitHub Advisory Database
Blast Radius: 11.5
Published: 10 months ago
High
GSA_kwCzR0hTQS1odnA0LXZydjItOHdycc4AA5Kn
Kinto Attachment's attachments can be replaced on read-only records
Ecosystems: pypi
Packages: kinto-attachment
Source: GitHub Advisory Database
Blast Radius: 7.3
Published: 10 months ago
Low
GSA_kwCzR0hTQS03OHhqLWNnaDUtMmgyMs4AA5Ki
NPM IP package incorrectly identifies some private IP addresses as public
Ecosystems: npm
Packages: ip
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 10 months ago
High
GSA_kwCzR0hTQS04djI4LTNnODYtY2hqNc4AA5Ke
PanelSwWix4.Sdk .be TEMP folder is vulnerable to DLL redirection attacks that allow the attacker to escalate privileges
Ecosystems: nuget
Packages: PanelSwWix4.Sdk
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 10 months ago
High
GSA_kwCzR0hTQS0yNTlwLXJ2angtZmZ3Z84AA5Kd
Panel::Software Customized WiX .be TEMP folder is vulnerable to DLL redirection attacks that allow the attacker to escalate privileges
Ecosystems: nuget
Packages: PanelSW.Custom.WiX
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 10 months ago
High
GSA_kwCzR0hTQS03d2gyLXd4YzctOXBoNc4AA5Kc
WiX Toolset's .be TEMP folder is vulnerable to DLL redirection attacks that allow the attacker to escalate privileges
Ecosystems: nuget
Packages: wix
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 10 months ago
Critical
GSA_kwCzR0hTQS01OXFqLWpjanYtNjYyas4AA5Kb
DIRAC's TokenManager does not check permissions on cached tokens
Ecosystems: pypi
Packages: dirac, DIRAC
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 10 months ago
High
GSA_kwCzR0hTQS1jMzUyLXg4NDMtZ2dwcc4AA5KR
XXL-JOB vulnerable to Server-Side Request Forgery
Ecosystems: maven
Packages: com.xuxueli:xxl-job
Source: GitHub Advisory Database
Blast Radius: 6.2
Published: 10 months ago
High
GSA_kwCzR0hTQS03YzZwLTg0OGotd2g1aM4AA5KP
Composer code execution and possible privilege escalation via compromised InstalledVersions.php or installed.php
Ecosystems: packagist
Packages: composer/composer
Source: GitHub Advisory Database
Blast Radius: 40.0
Published: 10 months ago
Moderate
GSA_kwCzR0hTQS1tcWY4LTRjcW0tcDgzeM4AA5J6
Liferay Portal allows attackers to discover the existence of sites
Ecosystems: maven
Packages: com.liferay.portal:release.dxp.bom, com.liferay.portal:release.portal.bom
Source: GitHub Advisory Database
Blast Radius: 8.0
Published: 10 months ago
Moderate
GSA_kwCzR0hTQS13Mjc1LW04Y3ItaGYyds4AA5J4
Liferay Portal denial-of-service vulnerability
Ecosystems: maven
Packages: com.liferay.portal:release.dxp.bom, com.liferay.portal:release.portal.bom
Source: GitHub Advisory Database
Blast Radius: 6.2
Published: 10 months ago
High
GSA_kwCzR0hTQS1xd2o4LXFncHItOGNybc4AA5J7
Liferay Portal vulnerable to user impersonation
Ecosystems: maven
Packages: com.liferay.portal:release.dxp.bom, com.liferay.portal:release.portal.bom
Source: GitHub Advisory Database
Blast Radius: 12.3
Published: 10 months ago
Moderate
GSA_kwCzR0hTQS0ybXg3LXh2ZmctZmc1M84AA5J2
Liferay Portal's account lockout does not invalidate existing user sessions
Ecosystems: maven
Packages: com.liferay.portal:release.dxp.bom, com.liferay.portal:release.portal.bom
Source: GitHub Advisory Database
Blast Radius: 8.2
Published: 10 months ago
High
GSA_kwCzR0hTQS04cjMzLXE1ajUtcmg3Z84AA5Jo
APM Server vulnerable to Insertion of Sensitive Information into Log File
Ecosystems: go
Packages: github.com/elastic/apm-server
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 10 months ago
Moderate
GSA_kwCzR0hTQS0zcmZyLW1wZmotMmp3cc4AA5JP
Pimcore Admin Classic Bundle permissions are not getting checked when working with tags
Ecosystems: packagist
Packages: pimcore/admin-ui-classic-bundle
Source: GitHub Advisory Database
Blast Radius: 5.5
Published: 10 months ago
Moderate
GSA_kwCzR0hTQS0zeGY4LWc4Z3ItZzdyaM4AA5JO
Graylog session fixation vulnerability through cookie injection
Ecosystems: maven
Packages: org.graylog2:graylog2-server
Source: GitHub Advisory Database
Blast Radius: 11.2
Published: 10 months ago
High
GSA_kwCzR0hTQS1wNmdnLTVoZjQtNHJnas4AA5JN
Graylog vulnerable to instantiation of arbitrary classes triggered by API request
Ecosystems: maven
Packages: org.graylog2:graylog2-server
Source: GitHub Advisory Database
Blast Radius: 17.4
Published: 10 months ago
Moderate
GSA_kwCzR0hTQS13aDV3LTgyZjMtd3J4aM4AA5JM
CKEditor cross-site scripting vulnerability in AJAX sample
Ecosystems: npm
Packages: ckeditor4
Source: GitHub Advisory Database
Blast Radius: 16.7
Published: 10 months ago
Moderate
GSA_kwCzR0hTQS1tdzJjLXZ4NmotbWc3Ns4AA5JL
CKEditor4 Cross-site Scripting vulnerability in samples with enabled the preview feature
Ecosystems: npm
Packages: ckeditor4
Source: GitHub Advisory Database
Blast Radius: 16.7
Published: 10 months ago
Moderate
GSA_kwCzR0hTQS1mcTZoLTRnOHYtcXF2bc4AA5JK
CKEditor4 Cross-site Scripting vulnerability caused by incorrect CDATA detection
Ecosystems: packagist, npm
Packages: ckeditor/ckeditor, ckeditor4
Source: GitHub Advisory Database
Blast Radius: 36.5
Published: 10 months ago
Critical
GSA_kwCzR0hTQS1yM2pjLTNxbW0tdzNwd84AA5JJ
SQLAlchemyDA unauthenticated arbitrary SQL query execution
Ecosystems: pypi
Packages: Products.SQLAlchemyDA
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 10 months ago
Critical
GSA_kwCzR0hTQS01MnhxLWo3djktdjR2Ms4AA5JI
Vyper negative array index bounds checks
Ecosystems: pypi
Packages: vyper
Source: GitHub Advisory Database
Blast Radius: 23.3
Published: 10 months ago
Critical
GSA_kwCzR0hTQS05dmdxLXc1cHYtdjc3cc4AA5JF
Liferay Portal stored cross-site scripting (XSS) vulnerability
Ecosystems: maven
Packages: com.liferay.portal:release.dxp.bom, com.liferay.portal:release.portal.bom
Source: GitHub Advisory Database
Blast Radius: 14.7
Published: 10 months ago
High
GSA_kwCzR0hTQS04N20zLTZxajMtcDN4aM4AA5JH
Liferay Portal denial of service (memory consumption)
Ecosystems: maven
Packages: com.liferay.portal:release.portal.bom
Source: GitHub Advisory Database
Blast Radius: 9.9
Published: 10 months ago
Moderate
GSA_kwCzR0hTQS02NzI2LTJyeDMtY2d3aM4AA5JB
Apache Ozone Improper Authentication vulnerability
Ecosystems: maven
Packages: org.apache.ozone:ozone-main
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 10 months ago
High
GSA_kwCzR0hTQS1jNTd2LTR2ZzUtY20yeM4AA5I5
Apache Pulsar SASL Authentication Provider observable timing discrepancy vulnerability
Ecosystems: maven
Packages: org.apache.pulsar:pulsar-broker-auth-sasl
Source: GitHub Advisory Database
Blast Radius: 7.1
Published: 10 months ago
High
GSA_kwCzR0hTQS14eGo5LWY2cnYtbTN4NM4AA5IP
Django denial-of-service attack in the intcomma template filter
Ecosystems: pypi
Packages: Django, django
Source: GitHub Advisory Database
Blast Radius: 29.9
Published: 10 months ago
Moderate
GSA_kwCzR0hTQS13Mjc3LXdwcWYtcmNmds4AA5H1
Svix vulnerable to improper comparison of different-length signatures
Ecosystems: cargo
Packages: svix
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 10 months ago
High
GSA_kwCzR0hTQS1tOTVoLXA0Z2ctd2Z3M84AA5Hc
Allegro AI ClearML path traversal vulnerability
Ecosystems: pypi
Packages: clearml
Source: GitHub Advisory Database
Blast Radius: 19.7
Published: 10 months ago
High
GSA_kwCzR0hTQS1jcGN3LTloOW0td3F3Oc4AA5Hb
Allegro AI ClearML vulnerable to deserialization of untrusted data
Ecosystems: pypi
Packages: clearml
Source: GitHub Advisory Database
Blast Radius: 19.7
Published: 10 months ago
Moderate
GSA_kwCzR0hTQS1oMjRyLW05cWMtcHZwZ84AA5HT
Ansible-core information disclosure flaw
Ecosystems: pypi
Packages: ansible-core
Source: GitHub Advisory Database
Blast Radius: 16.7
Published: 10 months ago
High
GSA_kwCzR0hTQS1oMnJxLXFocjctNTNnbc4AA5HR
Apache Sling Servlets Resolver executes malicious code via path traversal
Ecosystems: maven
Packages: org.apache.sling:org.apache.sling.servlets.resolver
Source: GitHub Advisory Database
Blast Radius: 9.0
Published: 10 months ago
High
GSA_kwCzR0hTQS1mM2g5LThwaGMtNmd2aM4AA5F4
Gradio Path Traversal vulnerability
Ecosystems: pypi
Packages: gradio
Source: GitHub Advisory Database
Blast Radius: 30.5
Published: 10 months ago
Moderate
GSA_kwCzR0hTQS1ndnF2LWg3aGgtNmZjY84AA5F-
Allegro AI ClearML Stores Credentials in Plaintext in MongoDB Instance
Ecosystems: pypi
Packages: clearml
Source: GitHub Advisory Database
Blast Radius: 13.4
Published: 10 months ago
Critical
GSA_kwCzR0hTQS1nZnFmLTl3OTgtN2pteM4AA5GB
Stimulsoft Dashboard.JS directory traversal vulnerability
Ecosystems: npm
Packages: stimulsoft-dashboards-js
Source: GitHub Advisory Database
Blast Radius: 2.7
Published: 10 months ago
Moderate
GSA_kwCzR0hTQS05Z3A4LTZjZzgtN2gzNM4AA5Ey
Spring Security's spring-security.xsd file is world writable
Ecosystems: maven
Packages: org.springframework.security:spring-security-config
Source: GitHub Advisory Database
Blast Radius: 26.5
Published: 10 months ago
Moderate
GSA_kwCzR0hTQS1nM2NtLXFnMnYtMmhqNc4AA5Ev
pyLoad open redirect vulnerability due to improper validation of the is_safe_url function
Ecosystems: pypi
Packages: pyload-ng
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 10 months ago
High
GSA_kwCzR0hTQS12aDczLXEzcnctcXg3d84AA5En
Boundary vulnerable to session hijacking through TLS certificate tampering
Ecosystems: go
Packages: github.com/hashicorp/boundary
Source: GitHub Advisory Database
Blast Radius: 3.9
Published: 10 months ago
High
GSA_kwCzR0hTQS03cXc0LTlyNjgtMnJteM4AA5Em
mingSoft MCMS File Upload vulnerability
Ecosystems: maven
Packages: net.mingsoft:ms-mcms
Source: GitHub Advisory Database
Blast Radius: 2.6
Published: 10 months ago
Moderate
GSA_kwCzR0hTQS05NDRqLThjaDYtcmY2eM4AA5Ep
m2crypto Bleichenbacher timing attack - incomplete fix for CVE-2020-25657
Ecosystems: pypi
Packages: m2crypto
Source: GitHub Advisory Database
Blast Radius: 16.2
Published: 10 months ago
High
GSA_kwCzR0hTQS0zd3c0LWdnNGYtanI3Zs4AA5Eq
Python Cryptography package vulnerable to Bleichenbacher timing oracle attack
Ecosystems: pypi
Packages: cryptography
Source: GitHub Advisory Database
Blast Radius: 38.4
Published: 10 months ago
Moderate
GSA_kwCzR0hTQS05bTZtLWM2NHItdzRmNM4AA5Es
Stimulsoft Dashboard.JS Cross Site Scripting vulnerability
Ecosystems: npm
Packages: stimulsoft-dashboards-js
Source: GitHub Advisory Database
Blast Radius: 1.8
Published: 10 months ago
Low
GSA_kwCzR0hTQS1nZnJoLWd3cWMtNjNjds4AA5El
Sulu HTML Injection via Autocomplete Suggestion
Ecosystems: packagist
Packages: sulu/sulu
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 10 months ago
Moderate
GSA_kwCzR0hTQS14Yzl4LWpqNzctOXA5as4AA5Ek
Nokogiri update packaged libxml2 to v2.12.5 to resolve CVE-2024-25062
Ecosystems: rubygems
Packages: nokogiri
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 10 months ago
Moderate
GSA_kwCzR0hTQS03bThnLWZwcnItNDdmeM4AA5Ej
phpMyFAQ vulnerable to stored XSS on attachments filename
Ecosystems: packagist
Packages: phpmyfaq/phpmyfaq
Source: GitHub Advisory Database
Blast Radius: 3.9
Published: 10 months ago
Moderate
GSA_kwCzR0hTQS05aGhmLXhtY3ctcjN4Z84AA5Ei
phpMyFAQ sharing FAQ functionality can easily be abused for phishing purposes
Ecosystems: packagist
Packages: phpmyfaq/phpmyfaq
Source: GitHub Advisory Database
Blast Radius: 3.9
Published: 10 months ago
Moderate
GSA_kwCzR0hTQS02NjQ4LTZnOTYtbWczNc4AA5Eh
phpMyFAQ User Removal Page Allows Spoofing Of User Details
Ecosystems: packagist
Packages: phpmyfaq/phpmyfaq
Source: GitHub Advisory Database
Blast Radius: 3.4
Published: 10 months ago
Moderate
GSA_kwCzR0hTQS05eGZ3LWpqcTItN3Y4aM4AA5Eg
1Panel set-cookie is missing the Secure keyword
Ecosystems: go
Packages: github.com/1Panel-dev/1Panel
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 10 months ago
Low
GSA_kwCzR0hTQS02ODQ1LXh3MjItZmZ4ds4AA5Ef
Vyper sha3 codegen bug
Ecosystems: pypi
Packages: vyper
Source: GitHub Advisory Database
Blast Radius: 8.8
Published: 10 months ago
Moderate
GSA_kwCzR0hTQS05Y2dmLXB4d3EtMmNwd84AA5ET
Stimulsoft Dashboard.JS Cross Site Scripting vulnerability
Ecosystems: npm
Packages: stimulsoft-dashboards-js
Source: GitHub Advisory Database
Blast Radius: 1.6
Published: 10 months ago
High
GSA_kwCzR0hTQS1tcHdqLWZjcjYteDM0Y84AA5DS
Yarn untrusted search path vulnerability
Ecosystems: npm
Packages: yarn
Source: GitHub Advisory Database
Blast Radius: 37.9
Published: 10 months ago
Moderate
GSA_kwCzR0hTQS12aDU1LTc4Nmctd2p3as4AA5C3
.NET Information Disclosure Vulnerability
Ecosystems: nuget
Packages: Microsoft.AspNetCore.App.Runtime.linux-musl-arm, Microsoft.AspNetCore.App.Runtime.linux-musl-arm64, Microsoft.AspNetCore.App.Runtime.osx-arm64, Microsoft.AspNetCore.App.Runtime.win-arm, Microsoft.AspNetCore.App.Runtime.win-arm64, Microsoft.AspNetCore.App.Runtime.linux-arm, Microsoft.AspNetCore.App.Runtime.linux-arm64, Microsoft.AspNetCore.App.Runtime.linux-musl-x64, Microsoft.AspNetCore.App.Runtime.osx-x64, Microsoft.AspNetCore.App.Runtime.win-x86, Microsoft.AspNetCore.App.Runtime.linux-x64, Microsoft.AspNetCore.App.Runtime.win-x64, System.Security.Cryptography.Xml
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 10 months ago
Moderate
GSA_kwCzR0hTQS1tZjc0LXFxN3ctNmo3ds4AA5C2
Zmarkdown Server-Side Request Forgery (SSRF) in remark-download-images
Ecosystems: npm
Packages: remark-images-download
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 10 months ago
Low
GSA_kwCzR0hTQS1tcTZ2LXczNWctM2M5N84AA5C1
Local File Inclusion vulnerability in zmarkdown
Ecosystems: npm
Packages: zmarkdown
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 10 months ago
Moderate
GSA_kwCzR0hTQS0yOWMyLTY1cmotaDM0M84AA5Cv
Nervos CKB Permit load cell data from memory
Ecosystems: cargo
Packages: ckb
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 10 months ago
Moderate
GSA_kwCzR0hTQS1oNGMzLTUyNzUtdnJtZ84AA5Cu
Nervos CKB Pool does not remove the conflicting transactions from the statistics
Ecosystems: cargo
Packages: ckb
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 10 months ago
Moderate
GSA_kwCzR0hTQS1mNTZnLWNocXAtMjJtOc4AA5Ct
Use after free in libpulse-binding
Ecosystems: cargo
Packages: libpulse-binding
Source: GitHub Advisory Database
Blast Radius: 18.2
Published: 10 months ago
Moderate
GSA_kwCzR0hTQS03ZjMyLWhtNGgtdzc3cc4AA5Cs
github-slug-action use of `set-env` Runner commands which are processed via stdout
Ecosystems: actions
Packages: rlespinasse/github-slug-action
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 10 months ago
Critical
GSA_kwCzR0hTQS1xNzNmLXczaDctN3djY84AA5Cr
Nervos CKB Transaction which calls syscall load_cell_data_hash has nondeterministic result
Ecosystems: cargo
Packages: ckb
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 10 months ago
High
GSA_kwCzR0hTQS0zZ2poLTI5ZnYtOGhyNs4AA5Cq
Nervos CKB Snappy decompress length can be very large and causes out of memory error
Ecosystems: cargo
Packages: ckb
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 10 months ago
High
GSA_kwCzR0hTQS13anhjLXBqeDktNHd2bc4AA5Cp
Nervos CKB Panic on malformed input
Ecosystems: cargo
Packages: ckb
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 10 months ago
Low
GSA_kwCzR0hTQS12amc2LTkzZnYtcXY2NM4AA5Co
Etcd auth Inaccurate logging of authentication attempts for users with CN-based auth only
Ecosystems: go
Packages: go.etcd.io/etcd/v3
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 10 months ago
Low
GSA_kwCzR0hTQS1wbTNtLTMycjMtN21maM4AA5Cn
Etcd embed auto compaction retention negative value causing a compaction loop or a crash
Ecosystems: go
Packages: go.etcd.io/etcd/v3
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 10 months ago
Moderate
GSA_kwCzR0hTQS1qODZ2LTJ2anItZmc4Zs4AA5Cm
Etcd Gateway TLS endpoint validation only confirms TCP reachability
Ecosystems: go
Packages: go.etcd.io/etcd/v3
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 10 months ago
Low
GSA_kwCzR0hTQS01eDRnLXE1cmMtMzZqcM4AA5Cl
Etcd pkg Insecure ciphers are allowed by default
Ecosystems: go
Packages: go.etcd.io/etcd/client/pkg/v3
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 10 months ago
Statistics
Advisories: 20,749
Packages: 9,077
Repositories: 5,549
Ecosystems: 12
Filter by Severity
Moderate 8,858 High 7,309 Critical 3,076 Low 1,150
Filter by Ecosystem
maven 5,878 packagist 4,636 pypi 4,397 npm 3,818 go 2,305 nuget 1,553 cargo 890 rubygems 880 swift 33 hex 32 actions 21 pub 9
Filter by Package
tensorflow 433 tensorflow-gpu 427 tensorflow-cpu 423 moodle/moodle 367 Microsoft.ChakraCore 247 magento/community-edition 235 org.jenkins-ci.main:jenkins-core 193 typo3/cms 174 org.apache.tomcat:tomcat 132 pimcore/pimcore 118 dolibarr/dolibarr 113 typo3/cms-core 106 Django 100 microweber/microweber 94 drupal/core 92 phpmyadmin/phpmyadmin 92 apache-airflow 85 silverstripe/framework 85 drupal/drupal 78 librenms/librenms 74 Plone 72 thorsten/phpmyfaq 70 symfony/symfony 69 com.fasterxml.jackson.core:jackson-databind 69 github.com/usememos/memos 64 ansible 63 github.com/mattermost/mattermost/server/v8 61 concrete5/concrete5 60 actionpack 60 salt 56 org.apache.struts:struts2-core 55 shopware/platform 52 org.keycloak:keycloak-core 52 apache-superset 51 github.com/grafana/grafana 49 baserproject/basercms 47 nova 47 mlflow 47 craftcms/cms 46 com.liferay.portal:release.portal.bom 46 django 44 nokogiri 43 rdiffweb 42 plone 41 shopware/core 40 showdoc/showdoc 40 intelliants/subrion 39 github.com/rancher/rancher 38 vyper 38 froxlor/froxlor 38 org.apache.tomcat.embed:tomcat-embed-core 38 com.thoughtworks.xstream:xstream 37 github.com/mattermost/mattermost-server/v6 37 org.keycloak:keycloak-services 37 mautic/core 37 nilsteampassnet/teampass 37 github.com/hashicorp/vault 37 org.xwiki.platform:xwiki-platform-oldcore 37 k8s.io/kubernetes 36 org.elasticsearch:elasticsearch 36 com.jfinal:jfinal 36 net.mingsoft:ms-mcms 35 snipe/snipe-it 35 matrix-synapse 35 moin 35 github.com/answerdev/answer 34 io.undertow:undertow-core 34 gradio 34 zendframework/zendframework1 34 org.jenkins-ci.plugins:script-security 33 keystone 32 Pillow 31 opencv-python 31 parse-server 31 opencv-contrib-python 31 github.com/argoproj/argo-cd 31 shopware/shopware 30 github.com/docker/docker 29 github.com/hashicorp/consul 29 getgrav/grav 29 mediawiki/core 28 github.com/hashicorp/nomad 28 github.com/argoproj/argo-cd/v2 27 centreon/centreon 27 github.com/cilium/cilium 26 electron 26 prestashop/prestashop 26 pillow 26 openssl-src 26 directus 26 gogs.io/gogs 25 rubygems-update 25 org.keycloak:keycloak-parent 25 org.apache.solr:solr-core 25 magento/core 24 org.eclipse.jetty:jetty-server 24 org.springframework.security:spring-security-core 24 contao/core-bundle 24 grumpydictator/firefly-iii 23 puppet 23 remdex/livehelperchat 23 pocketmine/pocketmine-mp 23 rack 23 simplesamlphp/simplesamlphp 23 zendframework/zendframework 23 org.bouncycastle:bcprov-jdk14 22 getkirby/cms 22 tribalsystems/zenario 22 ckb 22 @openzeppelin/contracts-upgradeable 21 activerecord 21 org.apache.nifi:nifi 21 Microsoft.AspNetCore.App.Runtime.win-x86 21 Microsoft.AspNetCore.App.Runtime.win-x64 21 org.apache.openmeetings:openmeetings-parent 21 glance 21 @openzeppelin/contracts 20 Microsoft.AspNetCore.App.Runtime.win-arm 20 laravel/framework 20 funadmin/funadmin 20 langchain 20 org.cloudfoundry.identity:cloudfoundry-identity-server 20 github.com/ethereum/go-ethereum 20 code.gitea.io/gitea 20 DotNetNuke.Core 19 wasmtime 19 github.com/goharbor/harbor 19 org.springframework:spring-core 19 org.xwiki.platform:xwiki-platform-web-templates 19 contao/contao 19 com.vaadin:vaadin-bom 18 cockpit-hq/cockpit 18 Microsoft.AspNetCore.App.Runtime.osx-x64 18 github.com/traefik/traefik/v2 18 forkcms/forkcms 18 Microsoft.AspNetCore.App.Runtime.linux-x64 18 mercurial 18 Microsoft.AspNetCore.App.Runtime.linux-arm 18 next 18 golang.org/x/net 18 Microsoft.AspNetCore.App.Runtime.linux-musl-x64 18 com.liferay.portal:release.dxp.bom 18 cobbler 18 Microsoft.AspNetCore.App.Runtime.win-arm64 18 topthink/framework 18 mindsdb 18 Microsoft.AspNetCore.App.Runtime.linux-arm64 18 neutron 17 helm.sh/helm/v3 17 symfony/security 17 genix/cms 17 Microsoft.AspNetCore.App.Runtime.linux-musl-arm64 17 cakephp/cakephp 17 opencart/opencart 17 org.apache.geode:geode-core 17 ezsystems/ezpublish-kernel 17 notebook 17 francoisjacquet/rosariosis 17 rusqlite 16 ethyca-fides 16 paddlepaddle 16 phpbb/phpbb 16 openmage/magento-lts 16 pyload-ng 16 github.com/zitadel/zitadel 16 org.apache.dubbo:dubbo 16 cryptography 16 typo3/cms-backend 16 org.bouncycastle:bcprov-jdk15 16 org.apache.jspwiki:jspwiki-main 16 tinymce 16 yetiforce/yetiforce-crm 16 PaddlePaddle 16 org.apache.activemq:activemq-client 16 sequelize 16 calibreweb 15 org.apache.struts.xwork:xwork-core 15 smarty/smarty 15 ckeditor4 15 symfony/security-http 15 surrealdb 15 october/system 15 ghost 15 OctoPrint 15 ec-cube/ec-cube 15 publify_core 14 phpmailer/phpmailer 14 activesupport 14 dompdf/dompdf 14 org.xwiki.platform:xwiki-platform-web 14 github.com/nats-io/nats-server/v2 14 silverstripe/cms 14 org.apache.tomcat:tomcat-coyote 14 bolt/bolt 14 aiohttp 14 github.com/containerd/containerd 14 swagger-ui 14 lollms 14 feehi/cms 14 pyftpdlib 14
Filter by Repository
https://github.com/tensorflow/tensorflow 433 https://github.com/moodle/moodle 218 https://github.com/chakra-core/ChakraCore 214 https://github.com/xwiki/xwiki-platform 183 https://github.com/jenkinsci/jenkins 150 https://github.com/pimcore/pimcore 113 https://github.com/django/django 113 https://github.com/apache/tomcat 101 https://github.com/apache/airflow 100 https://github.com/microweber/microweber 88 https://github.com/keycloak/keycloak 79 https://github.com/TYPO3/typo3 74 https://github.com/FasterXML/jackson-databind 70 https://github.com/thorsten/phpmyfaq 69 https://github.com/librenms/librenms 66 https://github.com/usememos/memos 64 https://github.com/symfony/symfony 64 https://github.com/silverstripe/silverstripe-framework 64 https://github.com/rails/rails 59 https://github.com/ansible/ansible 58 https://github.com/Dolibarr/dolibarr 56 https://github.com/kubernetes/kubernetes 53 https://github.com/python-pillow/Pillow 52 https://github.com/apache/struts 46 https://github.com/spring-projects/spring-framework 45 https://github.com/shopware/platform 43 https://github.com/ikus060/rdiffweb 42 https://github.com/argoproj/argo-cd 42 https://github.com/grafana/grafana 41 https://github.com/concretecms/concretecms 41 https://github.com/vyperlang/vyper 38 https://github.com/star7th/showdoc 38 https://github.com/phpmyadmin/phpmyadmin 38 https://github.com/magento/magento2 38 https://github.com/x-stream/xstream 37 https://github.com/openstack/nova 37 https://github.com/plone/Products.CMFPlone 37 https://github.com/octobercms/october 35 https://github.com/mautic/mautic 35 https://github.com/answerdev/answer 34 https://github.com/craftcms/cms 34 https://github.com/saltstack/salt 34 https://github.com/rancher/rancher 34 https://github.com/dotnet/runtime 33 https://github.com/apache/activemq 33 https://github.com/opencv/opencv 32 https://github.com/go-gitea/gitea 32 https://github.com/matrix-org/synapse 32 https://github.com/sparklemotion/nokogiri 32 https://github.com/parse-community/parse-server 31 https://github.com/PaddlePaddle/Paddle 31 https://github.com/mlflow/mlflow 31 https://github.com/gradio-app/gradio 31 https://github.com/snipe/snipe-it 30 https://github.com/openstack/keystone 28 https://github.com/shopware/shopware 28 https://github.com/CVEProject/cvelist 28 https://github.com/apache/inlong 27 https://github.com/baserproject/basercms 26 https://github.com/cilium/cilium 26 https://github.com/froxlor/froxlor 26 https://github.com/electron/electron 25 https://github.com/umbraco/Umbraco-CMS 25 https://github.com/github/advisory-database 25 https://github.com/contao/contao 25 https://github.com/directus/directus 25 https://github.com/gogs/gogs 24 https://github.com/strapi/strapi 24 https://github.com/TYPO3/TYPO3.CMS 24 https://github.com/getgrav/grav 24 https://github.com/apache/nifi 23 https://github.com/pmmp/PocketMine-MP 23 https://github.com/firefly-iii/firefly-iii 23 https://github.com/livehelperchat/livehelperchat 23 https://github.com/eclipse/jetty.project 23 https://github.com/hashicorp/consul 22 https://github.com/langchain-ai/langchain 22 https://github.com/PrestaShop/PrestaShop 22 https://github.com/nervosnetwork/ckb 22 https://github.com/jenkinsci/script-security-plugin 21 https://github.com/apache/cxf 21 https://github.com/netty/netty 21 https://github.com/OpenZeppelin/openzeppelin-contracts 20 https://github.com/simplesamlphp/simplesamlphp 20 https://github.com/bytecodealliance/wasmtime 20 https://github.com/OpenNMS/opennms 20 https://github.com/jeecgboot/jeecg-boot 20 https://github.com/undertow-io/undertow 20 https://github.com/funadmin/funadmin 20 https://github.com/cloudfoundry/uaa 19 https://github.com/bcgit/bc-java 19 https://github.com/zitadel/zitadel 19 https://github.com/getkirby/kirby 19 https://github.com/goharbor/harbor 19 https://github.com/nilsteampassnet/teampass 19 https://github.com/rubygems/rubygems 18 https://github.com/geoserver/geoserver 18 https://github.com/nilsteampassnet/TeamPass 18 https://github.com/intelliants/subrion 18 https://github.com/rack/rack 18 https://github.com/traefik/traefik 18 https://github.com/helm/helm 18 https://github.com/moby/moby 17 https://github.com/liufee/cms 17 https://github.com/vaadin/platform 17 https://github.com/mindsdb/mindsdb 17 https://github.com/opencast/opencast 17 https://github.com/hashicorp/vault 17 https://github.com/backstage/backstage 16 https://github.com/tinymce/tinymce 16 https://github.com/etcd-io/etcd 16 https://github.com/ethyca/fides 16 https://github.com/yetiforcecompany/yetiforcecrm 16 https://github.com/sequelize/sequelize 16 https://github.com/ethereum/go-ethereum 16 https://github.com/TYPO3-CMS/core 16 https://github.com/laravel/framework 16 https://github.com/denoland/deno 16 https://github.com/rusqlite/rusqlite 16 https://github.com/forkcms/forkcms 16 https://github.com/mattermost/mattermost 16 https://github.com/OpenMage/magento-lts 16 https://github.com/pyload/pyload 16 https://github.com/puppetlabs/puppet 15 https://github.com/centreon/centreon 15 https://github.com/zendframework/zendframework 15 https://github.com/dompdf/dompdf 15 https://github.com/decidim/decidim 15 https://github.com/vantage6/vantage6 15 https://github.com/apache/camel 15 https://github.com/surrealdb/surrealdb 15 https://github.com/pyca/cryptography 15 https://github.com/PHPMailer/PHPMailer 15 https://github.com/cobbler/cobbler 15 https://github.com/xuxueli/xxl-job 14 https://github.com/aio-libs/aiohttp 14 https://github.com/vercel/next.js 14 https://github.com/cockpit-hq/cockpit 14 https://github.com/janeczku/calibre-web 14 https://github.com/hashicorp/nomad 14 https://github.com/dotnet/aspnetcore 14 https://github.com/ckeditor/ckeditor4 14 https://github.com/twisted/twisted 14 https://github.com/containerd/containerd 14 https://github.com/publify/publify 13 https://github.com/OPCFoundation/UA-.NETStandard 13 https://github.com/golang/go 13 https://github.com/swagger-api/swagger-ui 13 https://github.com/laurent22/joplin 13 https://github.com/OpenRefine/OpenRefine 13 https://github.com/dromara/hutool 13 https://github.com/ming-soft/MCMS 13 https://github.com/apache/dolphinscheduler 13 https://github.com/nodejs/undici 13 https://github.com/TryGhost/Ghost 13 https://github.com/quarkusio/quarkus 13 https://github.com/modoboa/modoboa 13 https://github.com/openstack/glance 12 https://github.com/apache/kylin 12 https://github.com/centreon/centreon-archived 12 https://github.com/opencontainers/runc 12 https://github.com/openfga/openfga 12 https://github.com/puma/puma 12 https://github.com/patriksimek/vm2 12 https://github.com/urllib3/urllib3 12 https://github.com/pimcore/admin-ui-classic-bundle 12 https://github.com/containers/podman 12 https://github.com/smarty-php/smarty 12 https://github.com/PHPOffice/PhpSpreadsheet 12 https://github.com/1Panel-dev/1Panel 12 https://github.com/wagtail/wagtail 12 https://github.com/nats-io/nats-server 11 https://github.com/getsentry/sentry 11 https://github.com/zenml-io/zenml 11 https://github.com/vaadin/flow 11 https://github.com/cri-o/cri-o 11 https://github.com/NodeBB/NodeBB 11 https://github.com/dolibarr/dolibarr 11 https://github.com/spring-projects/spring-security 11 https://github.com/onionshare/onionshare 11 https://github.com/cakephp/cakephp 11 https://github.com/WWBN/AVideo 11 https://github.com/igniterealtime/Openfire 11 https://github.com/thorsten/phpMyFAQ 11 https://github.com/matrix-org/matrix-js-sdk 11 https://github.com/pomerium/pomerium 11 https://github.com/Studio-42/elFinder 11 https://github.com/Pylons/waitress 11 https://github.com/scrapy/scrapy 11 https://github.com/dpgaspar/Flask-AppBuilder 11 https://github.com/Sylius/Sylius 11 https://github.com/drupal/core 11 https://github.com/ezsystems/ezpublish-kernel 11 https://github.com/yiisoft/yii2 11 https://github.com/owen2345/camaleon-cms 11 https://github.com/top-think/framework 11 https://github.com/cloudflare/cfrpki 11 https://github.com/opencart/opencart 10 https://github.com/nocodb/nocodb 10