Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories

Browse all Security Advisories for

Loading...
High
GSA_kwCzR0hTQS1oanFxLTI5cHctOTZ3as4AA5Ck
Nervos CKB node panics when processing a block which parent timestamp is too new
Ecosystems: cargo
Packages: ckb
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 10 months ago
Moderate
GSA_kwCzR0hTQS1yOXJ2LTltaDgtcHhmNM4AA5Cj
Nervos CKB BlockTimeTooNew should not be considered as invalid block
Ecosystems: cargo
Packages: ckb
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 10 months ago
Low
GSA_kwCzR0hTQS1wcjM5LTgyNTctZnhjMs4AA5Ci
Nervos CKB DoS: Process exists when p2p discovery protocol receives unsupported peer IP
Ecosystems: cargo
Packages: ckb
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 10 months ago
Critical
GSA_kwCzR0hTQS04NHgyLTJxdjYtcWc1Ns4AA5Ch
Nervos CKB P2P DoS Attacks
Ecosystems: cargo
Packages: ckb
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 10 months ago
High
GSA_kwCzR0hTQS1qY21xLTVycnYtajJnNM4AA5Ca
PowerShell is subject to remote code execution vulnerability
Ecosystems: nuget
Packages: PowerShell
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 10 months ago
Moderate
GSA_kwCzR0hTQS1xNjY5LTJ2ZmctY3hjZ84AA5CZ
Nervos CKB Unaligned Pointer Dereference
Ecosystems: cargo
Packages: ckb
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 10 months ago
Moderate
GSA_kwCzR0hTQS04amMzLTVwMjktcWdqeM4AA5CY
PHPMailer Local file inclusion
Ecosystems: packagist
Packages: phpmailer/phpmailer
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 10 months ago
High
GSA_kwCzR0hTQS02aDc4LTg1djItbW1jaM4AA5CX
PHPMailer Shell command injection
Ecosystems: packagist
Packages: phpmailer/phpmailer
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 10 months ago
High
GSA_kwCzR0hTQS12MjY5LXJycjYtY3g2cs4AA5CF
Ylianst MeshCentral 1.1.16 suffers from Use of a Broken or Risky Cryptographic Algorithm.
Ecosystems: npm
Packages: meshcentral
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 10 months ago
High
GSA_kwCzR0hTQS1nNXA2LTMyN20tM2Z4eM4AA5Bp
Talos Linux ships runc vulnerable to the escape to the host attack
Ecosystems: go
Packages: github.com/siderolabs/talos
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 10 months ago
Low
GSA_kwCzR0hTQS1ncDN3LTJ2Mm0tcDY4Ns4AA5Bo
Vyper's external calls can overflow return data to return input buffer
Ecosystems: pypi
Packages: vyper
Source: GitHub Advisory Database
Blast Radius: 8.8
Published: 10 months ago
Moderate
GSA_kwCzR0hTQS0ybXJxLXc4cHYtNXB2cc4AA5Bn
Malicious input can provoke XSS when preserving comments
Ecosystems: maven
Packages: org.owasp.antisamy:antisamy
Source: GitHub Advisory Database
Blast Radius: 16.2
Published: 10 months ago
Critical
GSA_kwCzR0hTQS0zNHEzLXAzNTItYzdxOM4AA5Bm
Central Dogma Authentication Bypass Vulnerability via Session Leakage
Ecosystems: maven
Packages: com.linecorp.centraldogma:centraldogma-server
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 10 months ago
Moderate
GSA_kwCzR0hTQS01NDd4LTc0OHYtdnA2cM4AA5A9
Dash apps vulnerable to Cross-site Scripting
Ecosystems: pypi, npm
Packages: dash-core-components, dash-html-components, dash
Source: GitHub Advisory Database
Blast Radius: 32.3
Published: 10 months ago
Critical
GSA_kwCzR0hTQS05Z2g4LTg3N3ItZzQ3N84AA5Ap
Beetl Server-Side Template Injection vulnerability
Ecosystems: maven
Packages: com.ibeetl:beetl-core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 10 months ago
Low
GSA_kwCzR0hTQS04MnZ4LW1tNnItZ2c4d84AA4_5
Bref vulnerable to Body Parsing Inconsistency in Event-Driven Functions
Ecosystems: packagist
Packages: bref/bref
Source: GitHub Advisory Database
Blast Radius: 9.0
Published: 10 months ago
Moderate
GSA_kwCzR0hTQS05OWY5LWd2NzItZnc5cs4AA4_1
Bref Doesn't Support Multiple Value Headers in ApiGatewayFormatV2
Ecosystems: packagist
Packages: bref/bref
Source: GitHub Advisory Database
Blast Radius: 11.6
Published: 10 months ago
Moderate
GSA_kwCzR0hTQS14NGhoLWZyeDgtOThyNc4AA4_0
Bref's Uploaded Files Not Deleted in Event-Driven Functions
Ecosystems: packagist
Packages: bref/bref
Source: GitHub Advisory Database
Blast Radius: 15.8
Published: 10 months ago
High
GSA_kwCzR0hTQS12cXhxLWh2eHctOW12Oc4AA4_z
Statmic CMS vulnerable to account takeover via XSS and password reset link
Ecosystems: packagist
Packages: statamic/cms
Source: GitHub Advisory Database
Blast Radius: 21.2
Published: 10 months ago
Critical
GSA_kwCzR0hTQS05eDdmLWd3eHEtNmYyY84AA4_y
Vyper's bounds check on built-in `slice()` function can be overflowed
Ecosystems: pypi
Packages: vyper
Source: GitHub Advisory Database
Blast Radius: 23.3
Published: 10 months ago
Moderate
GSA_kwCzR0hTQS14dzczLXJ3MzgtNnZqY84AA4_x
Classic builder cache poisoning
Ecosystems: go
Packages: github.com/moby/moby, github.com/docker/docker
Source: GitHub Advisory Database
Blast Radius: 31.8
Published: 10 months ago
High
GSA_kwCzR0hTQS14eDh3LW1xMjMtMjlnNM4AA4_w
Minio unsafe default: Access keys inherit `admin` of root user, allowing privilege escalation
Ecosystems: go
Packages: github.com/minio/minio
Source: GitHub Advisory Database
Blast Radius: 19.4
Published: 10 months ago
Moderate
GSA_kwCzR0hTQS13Z3BxLXAyaG0tNTZ2Oc4AA4_r
glance-store logs s3 access keys
Ecosystems: pypi
Packages: glance-store
Source: GitHub Advisory Database
Blast Radius: 8.1
Published: 10 months ago
Moderate
GSA_kwCzR0hTQS12Z2gzLW13eHEtcmNwOM4AA4--
Hashicorp Vault may expose sensitive log information
Ecosystems: go
Packages: github.com/hashicorp/vault
Source: GitHub Advisory Database
Blast Radius: 15.1
Published: 10 months ago
High
GSA_kwCzR0hTQS04cGp4LWpqODYtajQ3cM4AA4-8
Grafana path traversal
Ecosystems: go
Packages: github.com/grafana/grafana
Source: GitHub Advisory Database
Blast Radius: 12.7
Published: 10 months ago
Moderate
GSA_kwCzR0hTQS1jbWY0LWgzeGMtanc4d84AA4-7
Grafana Cross Site Request Forgery (CSRF)
Ecosystems: go
Packages: github.com/grafana/grafana/pkg/web
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 10 months ago
Low
GSA_kwCzR0hTQS1oODRxLW04cnItM3Y5cc4AA4-6
wasmtime_trap_code C API function has out of bounds write vulnerability
Ecosystems: cargo
Packages: wasmtime
Source: GitHub Advisory Database
Blast Radius: 12.9
Published: 10 months ago
Moderate
GSA_kwCzR0hTQS0zZnd4LXBqZ3ctMzU1OM4AA4-5
Moby (Docker Engine) Insufficiently restricted permissions on data directory
Ecosystems: go
Packages: github.com/docker/docker, github.com/moby/moby
Source: GitHub Advisory Database
Blast Radius: 27.2
Published: 10 months ago
Moderate
GSA_kwCzR0hTQS12NWdxLXF2anEtOHA1M84AA4-4
Grafana Cross-site Scripting (XSS)
Ecosystems: go
Packages: github.com/grafana/grafana
Source: GitHub Advisory Database
Blast Radius: 10.4
Published: 10 months ago
High
GSA_kwCzR0hTQS1xcnFyLTN4NWotMnh3Oc4AA4-3
Docker Authentication Bypass
Ecosystems: go
Packages: github.com/docker/docker
Source: GitHub Advisory Database
Blast Radius: 34.5
Published: 10 months ago
Moderate
GSA_kwCzR0hTQS02ZzJxLXc1ajMtZndoNM4AA4-2
containerd environment variable leak
Ecosystems: go
Packages: github.com/containerd/containerd
Source: GitHub Advisory Database
Blast Radius: 27.9
Published: 10 months ago
High
GSA_kwCzR0hTQS1ycTk1LXhmNjYtajY4Oc4AA4-1
Improper Authentication in HashiCorp Vault
Ecosystems: go
Packages: github.com/hashicorp/vault
Source: GitHub Advisory Database
Blast Radius: 25.2
Published: 10 months ago
Moderate
GSA_kwCzR0hTQS02Zmo1LW04MjItcnF4OM4AA4-0
moby docker daemon crash during image pull of malicious image
Ecosystems: go
Packages: github.com/moby/moby
Source: GitHub Advisory Database
Blast Radius: 20.9
Published: 10 months ago
Moderate
GSA_kwCzR0hTQS03NDUyLXhxcGotNnJwY84AA4-z
moby Access to remapped root allows privilege escalation to real root
Ecosystems: go
Packages: github.com/moby/moby
Source: GitHub Advisory Database
Blast Radius: 21.9
Published: 10 months ago
Moderate
GSA_kwCzR0hTQS02aHdnLXc1amctOWM2eM4AA4-y
Path Traversal in Moby builder
Ecosystems: go
Packages: github.com/docker/docker, github.com/moby/moby
Source: GitHub Advisory Database
Blast Radius: 24.4
Published: 10 months ago
Moderate
GSA_kwCzR0hTQS1ycGdwLTlobWctajI1eM4AA4-x
Enumeration of users in HashiCorp Vault
Ecosystems: go
Packages: github.com/hashicorp/vault
Source: GitHub Advisory Database
Blast Radius: 18.2
Published: 10 months ago
Moderate
GSA_kwCzR0hTQS02bTcyLTQ2N3ctOTRyaM4AA4-w
Privilege Escalation in HashiCorp Consul
Ecosystems: go
Packages: github.com/hashicorp/consul
Source: GitHub Advisory Database
Blast Radius: 22.6
Published: 10 months ago
High
GSA_kwCzR0hTQS00OTZnLWZyMzMtd2hyZs4AA4-v
Denial of service in HashiCorp Consul
Ecosystems: go
Packages: github.com/hashicorp/consul
Source: GitHub Advisory Database
Blast Radius: 26.1
Published: 10 months ago
Moderate
GSA_kwCzR0hTQS00cHdwLWN4NjctNWNweM4AA6O3
Grafana Arbitrary File Read
Ecosystems: go
Packages: github.com/grafana/grafana
Source: GitHub Advisory Database
Blast Radius: 10.5
Published: 10 months ago
High
GSA_kwCzR0hTQS14cjdyLWY4eHEtdmZ2ds4AA4-u
runc vulnerable to container breakout through process.cwd trickery and leaked fds
Ecosystems: go
Packages: github.com/opencontainers/runc
Source: GitHub Advisory Database
Blast Radius: 38.1
Published: 10 months ago
Moderate
GSA_kwCzR0hTQS05cDI2LTY5OHItdzRoeM4AA4-t
BuildKit vulnerable to possible panic when incorrect parameters sent from frontend
Ecosystems: go
Packages: github.com/moby/buildkit
Source: GitHub Advisory Database
Blast Radius: 16.2
Published: 10 months ago
High
GSA_kwCzR0hTQS1tM3I2LWg3d3YtN3h4ds4AA4-s
BuildKit vulnerable to possible race condition with accessing subpaths from cache mounts
Ecosystems: go
Packages: github.com/moby/buildkit
Source: GitHub Advisory Database
Blast Radius: 26.7
Published: 10 months ago
Critical
GSA_kwCzR0hTQS00djk4LTdxbXctcnFyOM4AA4-r
BuildKit vulnerable to possible host system access from mount stub cleaner
Ecosystems: go
Packages: github.com/moby/buildkit
Source: GitHub Advisory Database
Blast Radius: 30.7
Published: 10 months ago
Critical
GSA_kwCzR0hTQS13cjZ2LTlmNzUtdmgyZ84AA4-q
Buildkit's interactive containers API does not validate entitlements check
Ecosystems: go
Packages: github.com/moby/buildkit
Source: GitHub Advisory Database
Blast Radius: 30.0
Published: 10 months ago
Moderate
GSA_kwCzR0hTQS05aDZnLXByMjgtN2NxcM4AA4-p
nodemailer ReDoS when trying to send a specially crafted email
Ecosystems: npm
Packages: nodemailer
Source: GitHub Advisory Database
Blast Radius: 28.3
Published: 10 months ago
Moderate
GSA_kwCzR0hTQS1ocHhyLXc5dzctZzRnds4AA4-o
stereoscope vulnerable to tar path traversal when processing OCI tar archives
Ecosystems: go
Packages: github.com/anchore/stereoscope
Source: GitHub Advisory Database
Blast Radius: 12.2
Published: 10 months ago
Moderate
GSA_kwCzR0hTQS0yOXc2LWM1MmctbThqY84AA49-
C5 Firefly III CSV Injection.
Ecosystems: packagist
Packages: grumpydictator/firefly-iii
Source: GitHub Advisory Database
Blast Radius: 2.8
Published: 10 months ago
Moderate
GSA_kwCzR0hTQS1wZjU1LWZqOTYteGYzN84AA499
@lobehub/chat vulnerable to unauthorized access to plugins
Ecosystems: npm
Packages: @lobehub/chat
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 10 months ago
Moderate
GSA_kwCzR0hTQS01NjI2LXB3OWMtaG1qcs4AA498
OctoPrint Unverified Password Change via Access Control Settings
Ecosystems: pypi
Packages: OctoPrint
Source: GitHub Advisory Database
Blast Radius: 3.3
Published: 10 months ago
Moderate
GSA_kwCzR0hTQS1wNTl3LTlncXctd2o4cs4AA497
Label Studio SSRF on Import Bypassing `SSRF_PROTECTION_ENABLED` Protections
Ecosystems: pypi
Packages: label-studio
Source: GitHub Advisory Database
Blast Radius: 8.4
Published: 10 months ago
Moderate
GSA_kwCzR0hTQS1yOHhwLTUybXEtcm1tOM4AA49h
Apache ServiceComb Service-Center Exposure of Sensitive Information to an Unauthorized Actor vulnerability
Ecosystems: go
Packages: github.com/apache/servicecomb-service-center
Source: GitHub Advisory Database
Blast Radius: 2.8
Published: 10 months ago
High
GSA_kwCzR0hTQS05eGM5LXhxN3ctdnBjcs4AA49b
Apache ServiceComb Service-Center Server-Side Request Forgery vulnerability
Ecosystems: go
Packages: github.com/apache/servicecomb-service-center
Source: GitHub Advisory Database
Blast Radius: 3.6
Published: 10 months ago
Low
GSA_kwCzR0hTQS1wNnJwLW14ODUtbTQ1Oc4AA49f
Spring Cloud Contract vulnerable to local information disclosure
Ecosystems: maven
Packages: org.springframework.cloud:spring-cloud-contract-shade
Source: GitHub Advisory Database
Blast Radius: 3.8
Published: 10 months ago
High
GSA_kwCzR0hTQS00bXA3LTJtMjktZ3F4Zs4AA49E
HashiCorp Vault Authentication bypass
Ecosystems: go
Packages: github.com/hashicorp/vault
Source: GitHub Advisory Database
Blast Radius: 27.6
Published: 10 months ago
Moderate
GSA_kwCzR0hTQS13cjJ2LTlycHEtYzM1cc4AA49D
Etcd Gateway TLS authentication only applies to endpoints detected in DNS SRV records
Ecosystems: go
Packages: go.etcd.io/etcd
Source: GitHub Advisory Database
Blast Radius: 29.9
Published: 10 months ago
High
GSA_kwCzR0hTQS0yeGhxLWd2NmMtcDIyNM4AA49C
Etcd Gateway can include itself as an endpoint resulting in resource exhaustion
Ecosystems: go
Packages: go.etcd.io/etcd
Source: GitHub Advisory Database
Blast Radius: 35.4
Published: 10 months ago
Moderate
GSA_kwCzR0hTQS00andxLTU3MnctNDM4OM4AA49B
Memory over-allocation in evm crate
Ecosystems: cargo
Packages: evm-core, evm
Source: GitHub Advisory Database
Blast Radius: 15.6
Published: 10 months ago
Moderate
GSA_kwCzR0hTQS1jaGg2LXBwd3Etamg5Ms4AA49A
Improper Preservation of Permissions in etcd
Ecosystems: go
Packages: github.com/etcd-io/etcd
Source: GitHub Advisory Database
Blast Radius: 10.9
Published: 10 months ago
Moderate
GSA_kwCzR0hTQS02d2gyLThodzctanc5NM4AA48_
Grafana XSS via adding a link in General feature
Ecosystems: go
Packages: github.com/grafana/grafana
Source: GitHub Advisory Database
Blast Radius: 10.4
Published: 10 months ago
Moderate
GSA_kwCzR0hTQS1jbXEyLWo4djgtMnE0NM4AA48-
Grafana XSS in Dashboard Text Panel
Ecosystems: go
Packages: github.com/grafana/grafana
Source: GitHub Advisory Database
Blast Radius: 10.4
Published: 10 months ago
Moderate
GSA_kwCzR0hTQS1tOTc5LXc5d2otcWZqOc4AA489
HashiCorp Vault Improper Privilege Management
Ecosystems: go
Packages: github.com/hashicorp/vault
Source: GitHub Advisory Database
Blast Radius: 17.8
Published: 10 months ago
Critical
GSA_kwCzR0hTQS1qNnZ2LXZ2MjYtcmg3Y84AA488
HashiCorp Vault Improper Privilege Management
Ecosystems: go
Packages: github.com/hashicorp/vault
Source: GitHub Advisory Database
Blast Radius: 30.6
Published: 10 months ago
High
GSA_kwCzR0hTQS02N200LXF4cDMtajZoaM4AA486
TrueLayer.Client SSRF when fetching payment or payment provider
Ecosystems: nuget
Packages: TrueLayer.Client
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 10 months ago
Moderate
GSA_kwCzR0hTQS1oM3EyLTh3aHgtYzI5aM4AA485
`goreleaser release --debug` shows secrets
Ecosystems: go
Packages: github.com/goreleaser/goreleaser
Source: GitHub Advisory Database
Blast Radius: 19.4
Published: 10 months ago
High
GSA_kwCzR0hTQS1ydjhwLXJyMmgtZmdwZ84AA484
@apollo/experimental-nextjs-app-support Cross-site Scripting vulnerability
Ecosystems: npm
Packages: @apollo/experimental-nextjs-app-support
Source: GitHub Advisory Database
Blast Radius: 13.6
Published: 10 months ago
High
GSA_kwCzR0hTQS1xaGpmLWhtNWotMzM1d84AA483
@urql/next Cross-site Scripting vulnerability
Ecosystems: npm
Packages: @urql/next
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 10 months ago
High
GSA_kwCzR0hTQS05OTdnLTI3eDgtNDNyZs4AA482
react-query-streamed-hydration Cross-site Scripting vulnerability
Ecosystems: npm
Packages: @tanstack/react-query-next-experimental
Source: GitHub Advisory Database
Blast Radius: 8.8
Published: 10 months ago
Moderate
GSA_kwCzR0hTQS00NzVnLXZqNmMteGY5Ns4AA481
CrateDB database has an arbitrary file read vulnerability
Ecosystems: maven
Packages: io.crate:crate
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 10 months ago
Low
GSA_kwCzR0hTQS1yam12LTUybXAtZ2pycs4AA480
vantage6 may create unencrypted tasks in encrypted collaboration
Ecosystems: pypi
Packages: vantage6
Source: GitHub Advisory Database
Blast Radius: 3.3
Published: 10 months ago
Low
GSA_kwCzR0hTQS00NWdxLXE0eGgtY3A1M84AA48y
vantage6 vulnerable to username timing attack
Ecosystems: pypi
Packages: vantage6-server
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 10 months ago
Moderate
GSA_kwCzR0hTQS0yd2djLTQ4ZzItY2o1d84AA48z
vantage6 has insecure SSH configuration for node and server containers
Ecosystems: pypi
Packages: vantage6
Source: GitHub Advisory Database
Blast Radius: 6.2
Published: 10 months ago
High
GSA_kwCzR0hTQS13OWgyLXB4ODctNzR2eM4AA48x
vantage6 remote code execution vulnerability
Ecosystems: pypi
Packages: vantage6
Source: GitHub Advisory Database
Blast Radius: 8.4
Published: 10 months ago
Moderate
GSA_kwCzR0hTQS14MmMyLXEzMnctNHc2bc4AA48w
Vyper's raw_call `value=` kwargs not disabled for static and delegate calls
Ecosystems: pypi
Packages: vyper
Source: GitHub Advisory Database
Blast Radius: 11.4
Published: 10 months ago
High
GSA_kwCzR0hTQS02cDc4LWY3aDktNjgzOM4AA48K
Craft CMS Feed-Me
Ecosystems: packagist
Packages: craftcms/cms
Source: GitHub Advisory Database
Blast Radius: 25.8
Published: 10 months ago
Moderate
GSA_kwCzR0hTQS12ODlxLWMyNzMtM3A0Ms4AA48N
Craft CMS Audit Plugin Cross Site Scripting vulnerability
Ecosystems: packagist
Packages: superbig/craft-audit
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 10 months ago
High
GSA_kwCzR0hTQS12dmgyLTgyYzctcHBmZ84AA48B
network Arbitrary Command Injection vulnerability
Ecosystems: npm
Packages: network
Source: GitHub Advisory Database
Blast Radius: 17.5
Published: 10 months ago
Critical
GSA_kwCzR0hTQS04eHc2LTloNzgtYzg5as4AA470
Ylianst MeshCentral Missing SSL Certificate Validation
Ecosystems: npm
Packages: meshcentral
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 10 months ago
High
GSA_kwCzR0hTQS03bWd4LWd2anctbTN3M84AA474
CrateDB authentication bypass vulnerability
Ecosystems: maven
Packages: io.crate:crate
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 10 months ago
High
GSA_kwCzR0hTQS01aDg2LThtdjItanE5Zs4AA47u
aiohttp is vulnerable to directory traversal
Ecosystems: pypi
Packages: aiohttp
Source: GitHub Advisory Database
Blast Radius: 28.5
Published: 10 months ago
High
GSA_kwCzR0hTQS1tcngzLWd4angtaGpxas4AA47t
Authentik vulnerable to PKCE downgrade attack
Ecosystems: go
Packages: goauthentik.io
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 10 months ago
High
GSA_kwCzR0hTQS1xY2pxLTdmN3YtcHZjOM4AA47s
Nginx-UI vulnerable to authenticated RCE through injecting into the application config via CRLF
Ecosystems: go
Packages: github.com/0xJacky/Nginx-UI
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 10 months ago
Critical
GSA_kwCzR0hTQS14dnE5LTR2cHYtMjI3bc4AA47r
Nginx-UI vulnerable to arbitrary file write through the Import Certificate feature
Ecosystems: go
Packages: github.com/0xJacky/Nginx-UI
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 10 months ago
Moderate
GSA_kwCzR0hTQS04cXB3LXhxeGotaDRyMs4AA47q
aiohttp's HTTP parser (the python one, not llhttp) still overly lenient about separators
Ecosystems: pypi
Packages: aiohttp
Source: GitHub Advisory Database
Blast Radius: 31.3
Published: 10 months ago
High
GSA_kwCzR0hTQS13cHh3LTV4Zm0teDIyds4AA47V
MeshCentral algorithm-downgrade issue
Ecosystems: npm
Packages: meshcentral
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 10 months ago
Critical
GSA_kwCzR0hTQS03eG04LXdqcTctODhyNc4AA47X
DeviceFarmer stf uses DES-ECB
Ecosystems: npm
Packages: @devicefarmer/stf
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 10 months ago
High
GSA_kwCzR0hTQS0zdnZjLXY4YzItNDNyN84AA46l
Apache Kylin has Insufficiently Protected Credentials
Ecosystems: maven
Packages: org.apache.kylin:kylin-core-common
Source: GitHub Advisory Database
Blast Radius: 11.2
Published: 10 months ago
Moderate
GSA_kwCzR0hTQS03bWdnLTNycTItaGZmNM4AA45w
ai-flow Deserialization of Untrusted Data vulnerability
Ecosystems: pypi
Packages: ai-flow
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 10 months ago
Moderate
GSA_kwCzR0hTQS1yeHB3LTg1dnctZng4N84AA45T
OpenFGA denial of service
Ecosystems: go
Packages: github.com/openfga/openfga
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 10 months ago
Critical
GSA_kwCzR0hTQS00OTU3LTd2aHAtN3Y1Oc4AA45N
Deserialization of untrusted data in synthcity
Ecosystems: pypi
Packages: synthcity
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 10 months ago
Moderate
GSA_kwCzR0hTQS05djloLWNnajgtaDY0cM4AA44M
Null pointer dereference in PKCS12 parsing
Ecosystems: pypi
Packages: cryptography
Source: GitHub Advisory Database
Blast Radius: 28.2
Published: 10 months ago
High
GSA_kwCzR0hTQS1ncjc5LTl2NnYtZ2M5cs4AA430
Dex discarding TLSconfig and always serves deprecated TLS 1.0/1.1 and insecure ciphers
Ecosystems: go
Packages: github.com/dexidp/dex
Source: GitHub Advisory Database
Blast Radius: 13.7
Published: 10 months ago
High
GSA_kwCzR0hTQS04ajN4LXczNXItcnc0cs4AA43J
Quarkus Improper Handling of Insufficient Permissions or Privileges and Improper Handling of Exceptional Conditions vulnerability
Ecosystems: maven
Packages: io.quarkus.resteasy.reactive:resteasy-reactive
Source: GitHub Advisory Database
Blast Radius: 17.9
Published: 10 months ago
High
GSA_kwCzR0hTQS0yY3ZnLXcyOW0tajh4Y84AA42s
Arbitrary Code Execution in Processwire
Ecosystems: packagist
Packages: processwire/processwire
Source: GitHub Advisory Database
Blast Radius: 10.4
Published: 10 months ago
High
GSA_kwCzR0hTQS1yNjRyLTVoNDMtMjZxds4AA42n
Any authenticated user may obtain private message details from other users on the same instance
Ecosystems: cargo
Packages: lemmy_server
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 10 months ago
High
GSA_kwCzR0hTQS1tcnFnLW13aDctcTk0as4AA42m
Host header injection in the password reset
Ecosystems: packagist
Packages: pimcore/admin-ui-classic-bundle
Source: GitHub Advisory Database
Blast Radius: 7.4
Published: 10 months ago
High
GSA_kwCzR0hTQS1jd3g2LTR3bWYtYzZ4ds4AA42l
SQL Injection in Admin download files as zip
Ecosystems: packagist
Packages: pimcore/admin-ui-classic-bundle
Source: GitHub Advisory Database
Blast Radius: 7.4
Published: 10 months ago
Moderate
GSA_kwCzR0hTQS03ZzlqLWc1amctM3Z2M84AA42k
Unauthenticated Nonce Increment in snow
Ecosystems: cargo
Packages: snow
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 10 months ago
Moderate
GSA_kwCzR0hTQS05ZjlwLWNwM2MtNzJqZs4AA4q3
Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting') in trillium-http and trillium-client
Ecosystems: cargo
Packages: trillium-client, trillium-http
Source: GitHub Advisory Database
Blast Radius: 11.6
Published: 10 months ago
Critical
GSA_kwCzR0hTQS02ZjlnLWN4d3ItcTVqcs4AA4qu
Arbitrary file read vulnerability through the Jenkins CLI can lead to RCE
Ecosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 10 months ago
Moderate
GSA_kwCzR0hTQS04cjkzLTU5Y2YtMzU4Zs4AA4q1
CSRF vulnerability in Jenkins GitLab Branch Source Plugin
Ecosystems: maven
Packages: io.jenkins.plugins:gitlab-branch-source
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 10 months ago
Statistics
Advisories: 20,749
Packages: 9,077
Repositories: 5,549
Ecosystems: 12
Filter by Severity
Moderate 8,858 High 7,309 Critical 3,076 Low 1,150
Filter by Ecosystem
maven 5,878 packagist 4,636 pypi 4,397 npm 3,818 go 2,305 nuget 1,553 cargo 890 rubygems 880 swift 33 hex 32 actions 21 pub 9
Filter by Package
tensorflow 433 tensorflow-gpu 427 tensorflow-cpu 423 moodle/moodle 367 Microsoft.ChakraCore 247 magento/community-edition 235 org.jenkins-ci.main:jenkins-core 193 typo3/cms 174 org.apache.tomcat:tomcat 132 pimcore/pimcore 118 dolibarr/dolibarr 113 typo3/cms-core 106 Django 100 microweber/microweber 94 phpmyadmin/phpmyadmin 92 drupal/core 92 apache-airflow 85 silverstripe/framework 85 drupal/drupal 78 librenms/librenms 74 Plone 72 thorsten/phpmyfaq 70 symfony/symfony 69 com.fasterxml.jackson.core:jackson-databind 69 github.com/usememos/memos 64 ansible 63 github.com/mattermost/mattermost/server/v8 61 actionpack 60 concrete5/concrete5 60 salt 56 org.apache.struts:struts2-core 55 shopware/platform 52 org.keycloak:keycloak-core 52 apache-superset 51 github.com/grafana/grafana 49 baserproject/basercms 47 mlflow 47 nova 47 com.liferay.portal:release.portal.bom 46 craftcms/cms 46 django 44 nokogiri 43 rdiffweb 42 plone 41 showdoc/showdoc 40 shopware/core 40 intelliants/subrion 39 org.apache.tomcat.embed:tomcat-embed-core 38 vyper 38 github.com/rancher/rancher 38 froxlor/froxlor 38 nilsteampassnet/teampass 37 github.com/hashicorp/vault 37 github.com/mattermost/mattermost-server/v6 37 org.xwiki.platform:xwiki-platform-oldcore 37 mautic/core 37 com.thoughtworks.xstream:xstream 37 org.keycloak:keycloak-services 37 com.jfinal:jfinal 36 org.elasticsearch:elasticsearch 36 k8s.io/kubernetes 36 moin 35 snipe/snipe-it 35 net.mingsoft:ms-mcms 35 matrix-synapse 35 zendframework/zendframework1 34 gradio 34 io.undertow:undertow-core 34 github.com/answerdev/answer 34 org.jenkins-ci.plugins:script-security 33 keystone 32 github.com/argoproj/argo-cd 31 Pillow 31 opencv-python 31 opencv-contrib-python 31 parse-server 31 shopware/shopware 30 github.com/hashicorp/consul 29 github.com/docker/docker 29 getgrav/grav 29 mediawiki/core 28 github.com/hashicorp/nomad 28 centreon/centreon 27 github.com/argoproj/argo-cd/v2 27 prestashop/prestashop 26 openssl-src 26 electron 26 github.com/cilium/cilium 26 pillow 26 directus 26 gogs.io/gogs 25 rubygems-update 25 org.apache.solr:solr-core 25 org.keycloak:keycloak-parent 25 org.eclipse.jetty:jetty-server 24 org.springframework.security:spring-security-core 24 contao/core-bundle 24 magento/core 24 rack 23 puppet 23 pocketmine/pocketmine-mp 23 simplesamlphp/simplesamlphp 23 remdex/livehelperchat 23 zendframework/zendframework 23 grumpydictator/firefly-iii 23 tribalsystems/zenario 22 org.bouncycastle:bcprov-jdk14 22 ckb 22 getkirby/cms 22 org.apache.nifi:nifi 21 activerecord 21 @openzeppelin/contracts-upgradeable 21 Microsoft.AspNetCore.App.Runtime.win-x64 21 glance 21 org.apache.openmeetings:openmeetings-parent 21 Microsoft.AspNetCore.App.Runtime.win-x86 21 github.com/ethereum/go-ethereum 20 @openzeppelin/contracts 20 langchain 20 code.gitea.io/gitea 20 laravel/framework 20 Microsoft.AspNetCore.App.Runtime.win-arm 20 org.cloudfoundry.identity:cloudfoundry-identity-server 20 funadmin/funadmin 20 github.com/goharbor/harbor 19 contao/contao 19 DotNetNuke.Core 19 org.xwiki.platform:xwiki-platform-web-templates 19 org.springframework:spring-core 19 wasmtime 19 Microsoft.AspNetCore.App.Runtime.linux-arm64 18 Microsoft.AspNetCore.App.Runtime.linux-arm 18 topthink/framework 18 mercurial 18 github.com/traefik/traefik/v2 18 Microsoft.AspNetCore.App.Runtime.win-arm64 18 cobbler 18 com.liferay.portal:release.dxp.bom 18 golang.org/x/net 18 Microsoft.AspNetCore.App.Runtime.osx-x64 18 com.vaadin:vaadin-bom 18 Microsoft.AspNetCore.App.Runtime.linux-x64 18 Microsoft.AspNetCore.App.Runtime.linux-musl-x64 18 cockpit-hq/cockpit 18 mindsdb 18 next 18 forkcms/forkcms 18 Microsoft.AspNetCore.App.Runtime.linux-musl-arm64 17 neutron 17 org.apache.geode:geode-core 17 symfony/security 17 helm.sh/helm/v3 17 notebook 17 cakephp/cakephp 17 genix/cms 17 francoisjacquet/rosariosis 17 opencart/opencart 17 ezsystems/ezpublish-kernel 17 phpbb/phpbb 16 paddlepaddle 16 sequelize 16 org.bouncycastle:bcprov-jdk15 16 cryptography 16 PaddlePaddle 16 yetiforce/yetiforce-crm 16 github.com/zitadel/zitadel 16 ethyca-fides 16 tinymce 16 openmage/magento-lts 16 rusqlite 16 org.apache.dubbo:dubbo 16 pyload-ng 16 org.apache.jspwiki:jspwiki-main 16 org.apache.activemq:activemq-client 16 typo3/cms-backend 16 surrealdb 15 ckeditor4 15 ghost 15 october/system 15 ec-cube/ec-cube 15 org.apache.struts.xwork:xwork-core 15 calibreweb 15 smarty/smarty 15 OctoPrint 15 symfony/security-http 15 joplin 14 feehi/cms 14 bolt/bolt 14 org.xwiki.platform:xwiki-platform-web 14 org.apache.inlong:manager-pojo 14 phpmailer/phpmailer 14 dompdf/dompdf 14 lollms 14 github.com/containerd/containerd 14 silverstripe/cms 14 org.apache.tomcat:tomcat-coyote 14 camaleon_cms 14 swagger-ui 14 pyftpdlib 14 modoboa 14
Filter by Repository
https://github.com/tensorflow/tensorflow 433 https://github.com/moodle/moodle 218 https://github.com/chakra-core/ChakraCore 214 https://github.com/xwiki/xwiki-platform 183 https://github.com/jenkinsci/jenkins 150 https://github.com/django/django 113 https://github.com/pimcore/pimcore 113 https://github.com/apache/tomcat 101 https://github.com/apache/airflow 100 https://github.com/microweber/microweber 88 https://github.com/keycloak/keycloak 79 https://github.com/TYPO3/typo3 74 https://github.com/FasterXML/jackson-databind 70 https://github.com/thorsten/phpmyfaq 69 https://github.com/librenms/librenms 66 https://github.com/usememos/memos 64 https://github.com/symfony/symfony 64 https://github.com/silverstripe/silverstripe-framework 64 https://github.com/rails/rails 59 https://github.com/ansible/ansible 58 https://github.com/Dolibarr/dolibarr 56 https://github.com/kubernetes/kubernetes 53 https://github.com/python-pillow/Pillow 52 https://github.com/apache/struts 46 https://github.com/spring-projects/spring-framework 45 https://github.com/shopware/platform 43 https://github.com/ikus060/rdiffweb 42 https://github.com/argoproj/argo-cd 42 https://github.com/grafana/grafana 41 https://github.com/concretecms/concretecms 41 https://github.com/vyperlang/vyper 38 https://github.com/star7th/showdoc 38 https://github.com/phpmyadmin/phpmyadmin 38 https://github.com/magento/magento2 38 https://github.com/x-stream/xstream 37 https://github.com/openstack/nova 37 https://github.com/plone/Products.CMFPlone 37 https://github.com/octobercms/october 35 https://github.com/mautic/mautic 35 https://github.com/answerdev/answer 34 https://github.com/craftcms/cms 34 https://github.com/saltstack/salt 34 https://github.com/rancher/rancher 34 https://github.com/dotnet/runtime 33 https://github.com/apache/activemq 33 https://github.com/opencv/opencv 32 https://github.com/go-gitea/gitea 32 https://github.com/matrix-org/synapse 32 https://github.com/sparklemotion/nokogiri 32 https://github.com/parse-community/parse-server 31 https://github.com/PaddlePaddle/Paddle 31 https://github.com/mlflow/mlflow 31 https://github.com/gradio-app/gradio 31 https://github.com/snipe/snipe-it 30 https://github.com/openstack/keystone 28 https://github.com/shopware/shopware 28 https://github.com/CVEProject/cvelist 28 https://github.com/apache/inlong 27 https://github.com/baserproject/basercms 26 https://github.com/cilium/cilium 26 https://github.com/froxlor/froxlor 26 https://github.com/electron/electron 25 https://github.com/umbraco/Umbraco-CMS 25 https://github.com/github/advisory-database 25 https://github.com/contao/contao 25 https://github.com/directus/directus 25 https://github.com/getgrav/grav 24 https://github.com/TYPO3/TYPO3.CMS 24 https://github.com/strapi/strapi 24 https://github.com/gogs/gogs 24 https://github.com/livehelperchat/livehelperchat 23 https://github.com/apache/nifi 23 https://github.com/pmmp/PocketMine-MP 23 https://github.com/firefly-iii/firefly-iii 23 https://github.com/eclipse/jetty.project 23 https://github.com/hashicorp/consul 22 https://github.com/langchain-ai/langchain 22 https://github.com/PrestaShop/PrestaShop 22 https://github.com/nervosnetwork/ckb 22 https://github.com/jenkinsci/script-security-plugin 21 https://github.com/apache/cxf 21 https://github.com/netty/netty 21 https://github.com/OpenZeppelin/openzeppelin-contracts 20 https://github.com/simplesamlphp/simplesamlphp 20 https://github.com/bytecodealliance/wasmtime 20 https://github.com/undertow-io/undertow 20 https://github.com/funadmin/funadmin 20 https://github.com/OpenNMS/opennms 20 https://github.com/jeecgboot/jeecg-boot 20 https://github.com/cloudfoundry/uaa 19 https://github.com/bcgit/bc-java 19 https://github.com/zitadel/zitadel 19 https://github.com/getkirby/kirby 19 https://github.com/goharbor/harbor 19 https://github.com/nilsteampassnet/teampass 19 https://github.com/rubygems/rubygems 18 https://github.com/geoserver/geoserver 18 https://github.com/nilsteampassnet/TeamPass 18 https://github.com/intelliants/subrion 18 https://github.com/rack/rack 18 https://github.com/traefik/traefik 18 https://github.com/helm/helm 18 https://github.com/moby/moby 17 https://github.com/liufee/cms 17 https://github.com/vaadin/platform 17 https://github.com/mindsdb/mindsdb 17 https://github.com/opencast/opencast 17 https://github.com/hashicorp/vault 17 https://github.com/backstage/backstage 16 https://github.com/tinymce/tinymce 16 https://github.com/etcd-io/etcd 16 https://github.com/ethyca/fides 16 https://github.com/yetiforcecompany/yetiforcecrm 16 https://github.com/sequelize/sequelize 16 https://github.com/ethereum/go-ethereum 16 https://github.com/TYPO3-CMS/core 16 https://github.com/laravel/framework 16 https://github.com/denoland/deno 16 https://github.com/forkcms/forkcms 16 https://github.com/rusqlite/rusqlite 16 https://github.com/pyload/pyload 16 https://github.com/mattermost/mattermost 16 https://github.com/OpenMage/magento-lts 16 https://github.com/centreon/centreon 15 https://github.com/dompdf/dompdf 15 https://github.com/zendframework/zendframework 15 https://github.com/decidim/decidim 15 https://github.com/vantage6/vantage6 15 https://github.com/puppetlabs/puppet 15 https://github.com/apache/camel 15 https://github.com/surrealdb/surrealdb 15 https://github.com/pyca/cryptography 15 https://github.com/PHPMailer/PHPMailer 15 https://github.com/cobbler/cobbler 15 https://github.com/xuxueli/xxl-job 14 https://github.com/aio-libs/aiohttp 14 https://github.com/vercel/next.js 14 https://github.com/cockpit-hq/cockpit 14 https://github.com/janeczku/calibre-web 14 https://github.com/hashicorp/nomad 14 https://github.com/dotnet/aspnetcore 14 https://github.com/ckeditor/ckeditor4 14 https://github.com/twisted/twisted 14 https://github.com/containerd/containerd 14 https://github.com/publify/publify 13 https://github.com/OPCFoundation/UA-.NETStandard 13 https://github.com/golang/go 13 https://github.com/swagger-api/swagger-ui 13 https://github.com/laurent22/joplin 13 https://github.com/OpenRefine/OpenRefine 13 https://github.com/dromara/hutool 13 https://github.com/ming-soft/MCMS 13 https://github.com/apache/dolphinscheduler 13 https://github.com/nodejs/undici 13 https://github.com/TryGhost/Ghost 13 https://github.com/quarkusio/quarkus 13 https://github.com/modoboa/modoboa 13 https://github.com/openstack/glance 12 https://github.com/apache/kylin 12 https://github.com/centreon/centreon-archived 12 https://github.com/opencontainers/runc 12 https://github.com/openfga/openfga 12 https://github.com/puma/puma 12 https://github.com/patriksimek/vm2 12 https://github.com/urllib3/urllib3 12 https://github.com/pimcore/admin-ui-classic-bundle 12 https://github.com/containers/podman 12 https://github.com/smarty-php/smarty 12 https://github.com/PHPOffice/PhpSpreadsheet 12 https://github.com/1Panel-dev/1Panel 12 https://github.com/wagtail/wagtail 12 https://github.com/nats-io/nats-server 11 https://github.com/getsentry/sentry 11 https://github.com/zenml-io/zenml 11 https://github.com/vaadin/flow 11 https://github.com/cri-o/cri-o 11 https://github.com/NodeBB/NodeBB 11 https://github.com/dolibarr/dolibarr 11 https://github.com/spring-projects/spring-security 11 https://github.com/onionshare/onionshare 11 https://github.com/cakephp/cakephp 11 https://github.com/WWBN/AVideo 11 https://github.com/igniterealtime/Openfire 11 https://github.com/thorsten/phpMyFAQ 11 https://github.com/matrix-org/matrix-js-sdk 11 https://github.com/pomerium/pomerium 11 https://github.com/Studio-42/elFinder 11 https://github.com/Pylons/waitress 11 https://github.com/scrapy/scrapy 11 https://github.com/dpgaspar/Flask-AppBuilder 11 https://github.com/Sylius/Sylius 11 https://github.com/drupal/core 11 https://github.com/ezsystems/ezpublish-kernel 11 https://github.com/yiisoft/yii2 11 https://github.com/owen2345/camaleon-cms 11 https://github.com/top-think/framework 11 https://github.com/cloudflare/cfrpki 11 https://github.com/opencart/opencart 10 https://github.com/nocodb/nocodb 10