Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories

Browse all Security Advisories for

Loading...
High
GSA_kwCzR0hTQS14MjJ4LTVwcDktOHY3Zs4AA4q2
Content-Security-Policy disabled by Red Hat Dependency Analytics Jenkins Plugin
Ecosystems: maven
Packages: io.jenkins.plugins:redhat-dependency-analytics
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 10 months ago
High
GSA_kwCzR0hTQS1xanBmLTJqaHgtMzc1OM4AA4qz
Arbitrary file read vulnerability in Jenkins Log Command Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:log-command
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 10 months ago
Moderate
GSA_kwCzR0hTQS1jamdtLTl2YzktNTZteM4AA4qw
Path traversal vulnerability in Jenkins Matrix Project Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:matrix-project
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 10 months ago
Moderate
GSA_kwCzR0hTQS04cjkzLTU5Y2YtMzU4Zs4AA4q1
CSRF vulnerability in Jenkins GitLab Branch Source Plugin
Ecosystems: maven
Packages: io.jenkins.plugins:gitlab-branch-source
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 10 months ago
High
GSA_kwCzR0hTQS12cGg1LTJxMzMtN3I5aM4AA4qx
Arbitrary file read vulnerability in Git server Plugin can lead to RCE
Ecosystems: maven
Packages: org.jenkins-ci.plugins:git-server
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 10 months ago
Low
GSA_kwCzR0hTQS1mNjdmLTJqNnItbTRjOc4AA4q0
Non-constant time webhook token comparison in Jenkins GitLab Branch Source Plugin
Ecosystems: maven
Packages: io.jenkins.plugins:gitlab-branch-source
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 10 months ago
Moderate
GSA_kwCzR0hTQS1mdzloLWN4eDktZ2ZxM84AA4qy
Shared projects are unconditionally discovered by Jenkins GitLab Branch Source Plugin
Ecosystems: maven
Packages: io.jenkins.plugins:gitlab-branch-source
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 10 months ago
High
GSA_kwCzR0hTQS1jM2M2LWYyd3cteGZyMs4AA4qZ
Apache Airflow: pickle deserialization vulnerability in XComs
Ecosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Blast Radius: 23.9
Published: 10 months ago
Moderate
GSA_kwCzR0hTQS1tZzJ4LW1nZ2otNjk1Nc4AA4qb
Apache Airflow CNCF Kubernetes provider, Apache Airflow: Kubernetes configuration file saved without encryption in the Metadata and logged as plain text in the Triggerer service
Ecosystems: pypi
Packages: apache-airflow-providers-cncf-kubernetes, apache-airflow
Source: GitHub Advisory Database
Blast Radius: 20.7
Published: 10 months ago
High
GSA_kwCzR0hTQS12bTVtLXFtcngtZnc4d84AA4qc
Apache Airflow: Bypass permission verification to read code of other dags
Ecosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Blast Radius: 20.7
Published: 10 months ago
High
GSA_kwCzR0hTQS1nNW02LWh4cHAtZmM0Oc4AA4qX
Sending a GET or HEAD request with a body crashes SvelteKit
Ecosystems: npm
Packages: @sveltejs/adapter-node, @sveltejs/kit
Source: GitHub Advisory Database
Blast Radius: 31.9
Published: 10 months ago
Moderate
GSA_kwCzR0hTQS1mcTIzLWc1OG0tNzk5cs4AA4qW
Cross-site Scripting Vulnerability on Data Import
Ecosystems: pypi
Packages: label-studio
Source: GitHub Advisory Database
Blast Radius: 7.5
Published: 10 months ago
High
GSA_kwCzR0hTQS1xNjhoLXh3cTUtbW03eM4AA4qV
Cross-site Scripting Vulnerability on Avatar Upload
Ecosystems: pypi
Packages: label-studio
Source: GitHub Advisory Database
Blast Radius: 11.3
Published: 10 months ago
Moderate
GSA_kwCzR0hTQS1xaDJ3LTltN3ctaGpnMs4AA4pF
Cross-site Scripting in JFinal
Ecosystems: maven
Packages: com.jfinal:jfinal
Source: GitHub Advisory Database
Blast Radius: 17.9
Published: 10 months ago
Moderate
GSA_kwCzR0hTQS1jOHYzLWpodjktNHBwY84AA4ow
Use-after-free when setting the locale
Ecosystems: cargo
Packages: rust-i18n-support
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 10 months ago
Critical
GSA_kwCzR0hTQS03cThwLTk5NTMtcHh2cs4AA4ov
Remote Command Execution in SOFARPC
Ecosystems: maven
Packages: com.alipay.sofa:rpc-sofa-boot-starter
Source: GitHub Advisory Database
Blast Radius: 21.8
Published: 10 months ago
Moderate
GSA_kwCzR0hTQS1qM202LWd2bTgtbWh2d84AA4ou
No permission checks for editing/deleting records with CSV import form
Ecosystems: packagist
Packages: silverstripe/admin
Source: GitHub Advisory Database
Blast Radius: 11.8
Published: 10 months ago
Moderate
GSA_kwCzR0hTQS12NDM1LXBmajYtNjhyM84AA4oo
Cross-site Scripting in JFinal
Ecosystems: maven
Packages: com.jfinal:jfinal
Source: GitHub Advisory Database
Blast Radius: 17.9
Published: 10 months ago
Moderate
GSA_kwCzR0hTQS12OXdyLTJ4cmctdjd3OM4AA4os
Cross-site Scripting in beetl-bbs
Ecosystems: maven
Packages: com.ibeetl:beetl
Source: GitHub Advisory Database
Blast Radius: 18.7
Published: 10 months ago
Critical
GSA_kwCzR0hTQS1yd2hoLTZ4ODMtODR2Ns4AA4od
Cross-site Scripting in Apache superset
Ecosystems: pypi
Packages: apache-superset
Source: GitHub Advisory Database
Blast Radius: 12.9
Published: 10 months ago
High
GSA_kwCzR0hTQS12NHh2LTc5NWgtcnY0aM4AA4oT
XSS potential in rendered Markdown fields (comments, description, notes, etc.)
Ecosystems: pypi
Packages: nautobot
Source: GitHub Advisory Database
Blast Radius: 11.9
Published: 10 months ago
Moderate
GSA_kwCzR0hTQS05dm03LXY4d2otM2Zxd84AA4oS
keycloak-core: open redirect via "form_post.jwt" JARM response mode
Ecosystems: maven
Packages: org.keycloak:keycloak-core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 10 months ago
Moderate
GSA_kwCzR0hTQS13NTloLTM3OGYtMmZybc4AA4oR
Unsound sending of non-Send types across threads in threadalone
Ecosystems: cargo
Packages: threadalone
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 10 months ago
Moderate
GSA_kwCzR0hTQS00YzJnLWh4NDktN2gyNc4AA4oQ
Prototype pollution not blocked by object-path related utilities in hoolock
Ecosystems: npm
Packages: hoolock
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 10 months ago
Moderate
GSA_kwCzR0hTQS1yanE1LXc0N3gteDM1Oc4AA4oP
@hono/node-server cannot handle "double dots" in URL
Ecosystems: npm
Packages: @hono/node-server
Source: GitHub Advisory Database
Blast Radius: 8.1
Published: 10 months ago
Low
GSA_kwCzR0hTQS1oY3ZwLTJjYzctanJ3cs4AA4oO
changedetection.io API endpoint is not secured with API token
Ecosystems: pypi
Packages: changedetection.io
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 10 months ago
Moderate
GSA_kwCzR0hTQS1xbTJqLXF2cTMtajI5ds4AA4oN
Record titles for restricted records can be viewed if exposed by GridFieldAddExistingAutocompleter
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 15.6
Published: 10 months ago
Moderate
GSA_kwCzR0hTQS1qZ3BoLXc4cmgteGY1cM4AA4oM
View permissions are bypassed for paginated lists of ORM data
Ecosystems: packagist
Packages: silverstripe/graphql
Source: GitHub Advisory Database
Blast Radius: 12.6
Published: 10 months ago
High
GSA_kwCzR0hTQS13ajZoLTY0ZmMtMzdtcM4AA4nW
Minerva timing attack on P-256 in python-ecdsa
Ecosystems: pypi
Packages: ecdsa
Source: GitHub Advisory Database
Blast Radius: 31.0
Published: 10 months ago
Moderate
GSA_kwCzR0hTQS1tNG01LWozNm0tOHg3Ms4AA4nV
html injection vulnerability in the `tuitse_html` function.
Ecosystems: pypi
Packages: TuiTse-TsuSin
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 10 months ago
High
GSA_kwCzR0hTQS1yN3F2LThyMmgtcGcyN84AA4m6
Multiple issues involving quote API in shlex
Ecosystems: cargo
Packages: shlex
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 10 months ago
High
GSA_kwCzR0hTQS1yNHEzLTdnNHEteDg5bc4AA4ms
Spring Framework server Web DoS Vulnerability
Ecosystems: maven
Packages: org.springframework:spring-core
Source: GitHub Advisory Database
Blast Radius: 39.0
Published: 10 months ago
Critical
GSA_kwCzR0hTQS1qZ3hjLThtd3EtOXhxd84AA4mo
Clojure classes can be used to craft a serialized object that runs arbitrary code on deserialization
Ecosystems: maven
Packages: org.clojure:clojure
Source: GitHub Advisory Database
Blast Radius: 36.5
Published: 11 months ago
High
GSA_kwCzR0hTQS1nNHgzLW1mcGotZjMzNc4AA4mp
chasquid HTTP Request/Response Smuggling vulnerability
Ecosystems: go
Packages: github.com/albertito/chasquid
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 11 months ago
Critical
GSA_kwCzR0hTQS01ZzczLTY5cDQtN2d2eM4AA4mi
Code execution in pandasai
Ecosystems: pypi
Packages: pandasai
Source: GitHub Advisory Database
Blast Radius: 16.1
Published: 11 months ago
High
GSA_kwCzR0hTQS1nN3BoLTg0MjMtcGY0as4AA4mg
Code execution in metagpt
Ecosystems: pypi
Packages: metagpt
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 11 months ago
Critical
GSA_kwCzR0hTQS0yanh3LTRobTQtNnc4N84AA4mj
SQL injection in llama-index
Ecosystems: pypi
Packages: llama-index
Source: GitHub Advisory Database
Blast Radius: 31.0
Published: 11 months ago
Critical
GSA_kwCzR0hTQS0yOTd4LTJxZjMtanJqM84AA4mL
Unsafe yaml deserialization in llama-hub
Ecosystems: pypi
Packages: llama-hub
Source: GitHub Advisory Database
Blast Radius: 5.9
Published: 11 months ago
Critical
GSA_kwCzR0hTQS1yaGhqLTU0MzYtOTV2Zs4AA4mM
Code execution in Embedchain
Ecosystems: pypi
Packages: embedchain
Source: GitHub Advisory Database
Blast Radius: 8.3
Published: 11 months ago
Moderate
GSA_kwCzR0hTQS1yNjd3LWY5OXctbWd4as4AA4mN
ReDoS in Embedchain
Ecosystems: pypi
Packages: embedchain
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 11 months ago
Moderate
GSA_kwCzR0hTQS1maDM4LTlmZ3ItNDU0d84AA4mG
Cross-site Scripting in Ghost
Ecosystems: npm
Packages: ghost
Source: GitHub Advisory Database
Blast Radius: 16.3
Published: 11 months ago
Critical
GSA_kwCzR0hTQS1jaGo3LXczZjYtY3Zmas4AA4mF
Code Injection in paddlepaddle
Ecosystems: pypi
Packages: paddlepaddle
Source: GitHub Advisory Database
Blast Radius: 31.1
Published: 11 months ago
Moderate
GSA_kwCzR0hTQS1mcnhtLXY3cTMtdjJ3ds4AA4l1
Insertion of Sensitive Information into Log File in OWASP DependencyCheck
Ecosystems: maven
Packages: org.owasp:dependency-check-maven, org.owasp:dependency-check-cli, org.owasp:dependency-check-ant
Source: GitHub Advisory Database
Blast Radius: 11.0
Published: 11 months ago
Critical
GSA_kwCzR0hTQS05cmhxLTg2Zm0tcXhxY84AA4l0
Hard-coded credentials in org.folio:mod-data-export-spring
Ecosystems: maven
Packages: org.folio:mod-data-export-spring
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 11 months ago
Moderate
GSA_kwCzR0hTQS01N3d4LW02MzYtZzNnOM4AA4lw
Go package github.com/notaryproject/notation configured with permissive trust policies potentially susceptible to rollback attack from compromised registry
Ecosystems: go
Packages: github.com/notaryproject/notation
Source: GitHub Advisory Database
Blast Radius: 2.8
Published: 11 months ago
High
GSA_kwCzR0hTQS13ZzJ4LXJ2ODYtbW1weM4AA4lv
SPV Merkle proof malleability allows the maintainer to prove invalid transactions
Ecosystems: npm
Packages: @keep-network/tbtc-v2
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 11 months ago
High
GSA_kwCzR0hTQS1jMjR2LThyZmMtdzh2d84AA4lu
Vite dev server option `server.fs.deny` can be bypassed when hosted on case-insensitive filesystem
Ecosystems: npm
Packages: vite
Source: GitHub Advisory Database
Blast Radius: 41.7
Published: 11 months ago
Moderate
GSA_kwCzR0hTQS1odjVnLXE0aDMtNjRxNM4AA4lr
Hard-coded credentials in org.folio:mod-remote-storage
Ecosystems: maven
Packages: org.folio:mod-remote-storage
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 11 months ago
High
GSA_kwCzR0hTQS0yM3J4LTc5cjctNmNweM4AA4lq
Sandbox escape in Artemis Java Test Sandbox
Ecosystems: maven
Packages: de.tum.in.ase:artemis-java-test-sandbox
Source: GitHub Advisory Database
Blast Radius: 6.5
Published: 11 months ago
High
GSA_kwCzR0hTQS0zcDc3LXdnNGMtcW0yNM4AA4lo
Exposure of sensitive information in ClickHouse
Ecosystems: maven
Packages: com.clickhouse:clickhouse-client, com.clickhouse:clickhouse-jdbc, com.clickhouse:clickhouse-r2dbc
Source: GitHub Advisory Database
Blast Radius: 21.6
Published: 11 months ago
Moderate
GSA_kwCzR0hTQS13YzZmLXFqeGMtNjIyds4AA4la
JavaScript execution via malicious molfiles (XSS)
Ecosystems: maven
Packages: de.ipb-halle:molecularfaces
Source: GitHub Advisory Database
Blast Radius: 1.8
Published: 11 months ago
Critical
GSA_kwCzR0hTQS00aHJwLW0zZjItNjQzas4AA4lt
Session fixation in Enonic XP
Ecosystems: maven
Packages: com.enonic.xp:lib-auth
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 11 months ago
Moderate
GSA_kwCzR0hTQS1ndmM3LWdqcnctaGo2Nc4AA4lm
Improper Verification of Cryptographic Signature in aws-encryption-sdk-java
Ecosystems: maven
Packages: com.amazonaws:aws-encryption-sdk-java
Source: GitHub Advisory Database
Blast Radius: 10.1
Published: 11 months ago
High
GSA_kwCzR0hTQS1oZmo4LTYzYzgtcm1md84AA4lp
Inefficient Algorithmic Complexity in com.upokecenter:cbor
Ecosystems: maven
Packages: com.upokecenter:cbor
Source: GitHub Advisory Database
Blast Radius: 13.9
Published: 11 months ago
High
GSA_kwCzR0hTQS1jNHBnLTVnZ2gtdmNwcM4AA4ls
Sandbox escape in Artemis Java Test Sandbox
Ecosystems: maven
Packages: de.tum.in.ase:artemis-java-test-sandbox
Source: GitHub Advisory Database
Blast Radius: 6.5
Published: 11 months ago
High
GSA_kwCzR0hTQS1oajU1LTlqbXYtOWpyas4AA4lj
Sandbox escape in Artemis Java Test Sandbox
Ecosystems: maven
Packages: de.tum.in.ase:artemis-java-test-sandbox
Source: GitHub Advisory Database
Blast Radius: 6.5
Published: 11 months ago
Critical
GSA_kwCzR0hTQS0zZjYzLWhmcDgtNTJqcc4AA4lV
Arbitrary Code Execution in Pillow
Ecosystems: pypi
Packages: Pillow
Source: GitHub Advisory Database
Blast Radius: 40.1
Published: 11 months ago
High
GSA_kwCzR0hTQS05Mm13LXEyNTYtNXZ3Z84AA4lC
github.com/argoproj/argo-cd Cross-Site Request Forgery vulnerability
Ecosystems: go
Packages: github.com/argoproj/argo-cd/v2, github.com/argoproj/argo-cd
Source: GitHub Advisory Database
Blast Radius: 18.2
Published: 11 months ago
High
GSA_kwCzR0hTQS01OGo5LWoyZmotdjhmNM4AA4lB
SurrealDB vulnerable to Uncontrolled CPU Consumption via WebSocket Interface
Ecosystems: cargo
Packages: surrealdb
Source: GitHub Advisory Database
Blast Radius: 16.5
Published: 11 months ago
High
GSA_kwCzR0hTQS00NGNjLTQzcnAtNTk0N84AA4lA
JupyterLab vulnerable to potential authentication and CSRF tokens leak
Ecosystems: pypi
Packages: notebook, jupyterlab
Source: GitHub Advisory Database
Blast Radius: 36.3
Published: 11 months ago
Moderate
GSA_kwCzR0hTQS00bTc3LWNtcHgtdmpjNM4AA4k_
JupyterLab vulnerable to SXSS in Markdown Preview
Ecosystems: pypi
Packages: notebook, jupyterlab
Source: GitHub Advisory Database
Blast Radius: 31.1
Published: 11 months ago
High
GSA_kwCzR0hTQS0ycTh2LTNncXEtNGY4cM4AA4kr
concat built-in can corrupt memory in vyper
Ecosystems: pypi
Packages: vyper
Source: GitHub Advisory Database
Blast Radius: 17.3
Published: 11 months ago
High
GSA_kwCzR0hTQS1xcjhyLW00OTUtN2hjNM4AA4kV
Validation of `VoteExtensionsEnableHeight` can cause chain halt in Go package github.com/cometbft/cometbft
Ecosystems: go
Packages: github.com/cometbft/cometbft
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 11 months ago
Critical
GSA_kwCzR0hTQS1wZ3BqLXY4NXEtaDVmbc4AA4kU
Cross-Site Request Forgery on any API call in pyLoad may lead to admin privilege escalation
Ecosystems: pypi
Packages: pyload-ng
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 11 months ago
Moderate
GSA_kwCzR0hTQS04cjV2LXZtNG0tNGcyNc4AA4kT
Resource exhaustion vulnerability in h2 may lead to Denial of Service (DoS)
Ecosystems: cargo
Packages: h2
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 11 months ago
High
GSA_kwCzR0hTQS1yaDYzLTlxY2YtODNnZs4AA4kS
Marvin Attack of RSA and RSAOAEP decryption in jsrsasign
Ecosystems: npm
Packages: jsrsasign
Source: GitHub Advisory Database
Blast Radius: 29.3
Published: 11 months ago
Moderate
GSA_kwCzR0hTQS1mNHFmLW01Z2YtOGptOM4AA4kQ
Apache Tomcat vulnerable to Generation of Error Message Containing Sensitive Information
Ecosystems: maven
Packages: org.apache.tomcat.embed:tomcat-embed-core, org.apache.tomcat:tomcat-coyote
Source: GitHub Advisory Database
Blast Radius: 22.0
Published: 11 months ago
High
GSA_kwCzR0hTQS00cWhwLTY1MnctYzIyeM4AA4jl
Unsecured endpoints in the jupyter-lsp server extension
Ecosystems: pypi
Packages: jupyter-lsp
Source: GitHub Advisory Database
Blast Radius: 24.3
Published: 11 months ago
Moderate
GSA_kwCzR0hTQS02cjhwLWhwZzctODI1Z84AA4jk
Uncontrolled Recursion in SurrealQL Parsing
Ecosystems: cargo
Packages: surrealdb
Source: GitHub Advisory Database
Blast Radius: 14.3
Published: 11 months ago
High
GSA_kwCzR0hTQS1tMjR4LXI2cTMtMnZwOc4AA4jj
Uncaught Exception processing HTTP Headers in SurrealDB
Ecosystems: cargo
Packages: surrealdb
Source: GitHub Advisory Database
Blast Radius: 16.5
Published: 11 months ago
Moderate
GSA_kwCzR0hTQS1qbTR2LTU4cjUtNjZoas4AA4ji
Uncaught Exception in surrealdb
Ecosystems: cargo
Packages: surrealdb
Source: GitHub Advisory Database
Blast Radius: 14.3
Published: 11 months ago
High
GSA_kwCzR0hTQS01eGZ4LTU1eDQtajIyM84AA4jV
Cross-Frame Scripting vulnerability has been found on Plone CMS
Ecosystems: pypi
Packages: Plone
Source: GitHub Advisory Database
Blast Radius: 6.0
Published: 11 months ago
Moderate
GSA_kwCzR0hTQS1nOHZwLTJ2NXAtOXFmaM4AA4ir
Cross-site scripting (XSS) in Action messages on Avo
Ecosystems: rubygems
Packages: avo
Source: GitHub Advisory Database
Blast Radius: 9.5
Published: 11 months ago
High
GSA_kwCzR0hTQS1mNmpoLWh2ZzItOTUyNc4AA4iq
crystals-go vulnerable to KyberSlash (timing side-channel attack for Kyber)
Ecosystems: go
Packages: github.com/kudelskisecurity/crystals-go
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 11 months ago
Moderate
GSA_kwCzR0hTQS04ZjI0LTZtMjktd20ycs4AA4ih
use-after-free in tracing
Ecosystems: cargo
Packages: tracing
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 11 months ago
Low
GSA_kwCzR0hTQS12MzYzLXJyZjItNWZtas4AA4ig
ferris-says has undefined behavior when not using UTF-8
Ecosystems: cargo
Packages: ferris-says
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 11 months ago
Moderate
GSA_kwCzR0hTQS0zODY3LWpjNWMtNjZxZs4AA4if
Broken Access Control order API in Shopware
Ecosystems: packagist
Packages: shopware/platform, shopware/core
Source: GitHub Advisory Database
Blast Radius: 12.1
Published: 11 months ago
Critical
GSA_kwCzR0hTQS1xbXA5LTJ4d2otbTZtOc4AA4ie
Blind SQL injection in shopware
Ecosystems: packagist
Packages: shopware/platform, shopware/core
Source: GitHub Advisory Database
Blast Radius: 23.0
Published: 11 months ago
Moderate
GSA_kwCzR0hTQS1jOTYyLWc1MzMtODIzZs4AA4gW
Cross-site Scripting in Bagisto
Ecosystems: packagist
Packages: bagisto/bagisto
Source: GitHub Advisory Database
Blast Radius: 3.7
Published: 11 months ago
Moderate
GSA_kwCzR0hTQS0zMnE0LTg2ZzgtNjYzN84AA4gR
Stored Cross Site Scripting in beetl-bbs
Ecosystems: maven
Packages: com.ibeetl:beetl
Source: GitHub Advisory Database
Blast Radius: 16.6
Published: 11 months ago
Moderate
GSA_kwCzR0hTQS1yNzhmLTRxMnEtaHZ2NM4AA4gG
CL-Signatures Revocation Scheme in Ursa has flaws that allow a holder to demonstrate non-revocation of a revoked credential
Ecosystems: cargo
Packages: anoncreds-clsignatures, ursa
Source: GitHub Advisory Database
Blast Radius: 10.7
Published: 11 months ago
Moderate
GSA_kwCzR0hTQS02Njk4LW1oeHgtcjg0Z84AA4gF
Ursa CL-Signatures Revocation allows verifiers to generate unique identifiers for holders
Ecosystems: cargo
Packages: anoncreds-clsignatures, ursa
Source: GitHub Advisory Database
Blast Radius: 10.7
Published: 11 months ago
Low
GSA_kwCzR0hTQS0ycTZqLWdxYzQtNGd3M84AA4gE
Breaking unlinkability in Identity Mixer using malicious keys
Ecosystems: cargo
Packages: ursa, anoncreds-clsignatures
Source: GitHub Advisory Database
Blast Radius: 5.4
Published: 11 months ago
Moderate
GSA_kwCzR0hTQS14Z2ZtLWZqeDYtNjJtas4AA4gD
readthedocs-sphinx-search vulnerable to cross-site scripting when including search results from malicious projects
Ecosystems: pypi
Packages: readthedocs-sphinx-search
Source: GitHub Advisory Database
Blast Radius: 18.5
Published: 11 months ago
Moderate
GSA_kwCzR0hTQS03ajk4LTc0amgtY2p4aM4AA4ef
Privilege escalation for users that can access mock configuration
Ecosystems: pypi
Packages: templated_dictionary
Source: GitHub Advisory Database
Blast Radius: 7.5
Published: 11 months ago
Moderate
GSA_kwCzR0hTQS02MmpyLTg0Z2Ytd21nNM4AA4eS
Default swagger-ui configuration exposes all files in the module
Ecosystems: npm
Packages: @fastify/swagger-ui
Source: GitHub Advisory Database
Blast Radius: 15.2
Published: 11 months ago
High
GSA_kwCzR0hTQS1naGp2LW1oNngtN3E2aM4AA4eR
avo vulnerable to stored cross-site scripting (XSS) in key_value field
Ecosystems: rubygems
Packages: avo
Source: GitHub Advisory Database
Blast Radius: 10.7
Published: 11 months ago
Moderate
GSA_kwCzR0hTQS02MmNmLWp2cHAtNDhxNs4AA4du
Drupal Denial of Service vulnerability
Ecosystems: packagist
Packages: drupal/core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 11 months ago
High
GSA_kwCzR0hTQS1oNTd3LXZoMzQtZjhjd84AA4dr
Code injection in mingSoft MCMS
Ecosystems: maven
Packages: net.mingsoft:ms-mcms
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: 11 months ago
Moderate
GSA_kwCzR0hTQS1qYzdoLWM0MjMtbXBqY84AA4c6
Apache Shiro vulnerable to path traversal
Ecosystems: maven
Packages: org.apache.shiro:shiro-core
Source: GitHub Advisory Database
Blast Radius: 27.8
Published: 11 months ago
High
GSA_kwCzR0hTQS1yeGdnLTI3M3ctcmZ3N84AA4c9
Remote Code Execution vulnerability in Apache IoTDB via UDF
Ecosystems: pypi, maven
Packages: apache-iotdb, org.apache.iotdb:iotdb-core
Source: GitHub Advisory Database
Blast Radius: 5.7
Published: 11 months ago
Moderate
GSA_kwCzR0hTQS1nZzd3LXB3MnIteDJjcc4AA4c8
Apache Solr allows read access to host environmet variables
Ecosystems: maven
Packages: org.apache.solr:solr-core
Source: GitHub Advisory Database
Blast Radius: 24.0
Published: 11 months ago
High
GSA_kwCzR0hTQS02aDRxLTYzYzUtcWZxZs4AA4bt
Path traversal in flaskcode
Ecosystems: pypi
Packages: flaskcode
Source: GitHub Advisory Database
Blast Radius: 5.2
Published: 11 months ago
High
GSA_kwCzR0hTQS12M3JnLXFtNDYteHJnOc4AA4bu
Path traversal in flaskcode
Ecosystems: pypi
Packages: flaskcode
Source: GitHub Advisory Database
Blast Radius: 5.2
Published: 11 months ago
High
GSA_kwCzR0hTQS1nZ3BtLTlxZngtbWh3Z84AA4bk
EverShop vulnerable to improper authorization in GraphQL endpoints
Ecosystems: npm
Packages: @evershop/evershop
Source: GitHub Advisory Database
Blast Radius: 7.5
Published: 11 months ago
Critical
GSA_kwCzR0hTQS0zMnIzLTU3aHAtY2dmd84AA4bm
EverShop at risk to unauthorized access via weak HMAC secret
Ecosystems: npm
Packages: @evershop/evershop
Source: GitHub Advisory Database
Blast Radius: 7.4
Published: 11 months ago
Critical
GSA_kwCzR0hTQS1xNnc1LWpnNXEtNDd2Z84AA4bF
@clerk/nextjs auth() and getAuth() methods vulnerable to insecure direct object reference (IDOR)
Ecosystems: npm
Packages: @clerk/nextjs
Source: GitHub Advisory Database
Blast Radius: 32.8
Published: 11 months ago
Moderate
GSA_kwCzR0hTQS0zajR4LTlxOXEtMzI3N84AA4bA
Cross-site Scripting in JFinal
Ecosystems: maven
Packages: com.jfinal:jfinal
Source: GitHub Advisory Database
Blast Radius: 15.8
Published: 11 months ago
Moderate
GSA_kwCzR0hTQS04NTloLTR3NTgtNzh4d84AA4a2
Cross-site Scripting in JFinal
Ecosystems: maven
Packages: com.jfinal:jfinal
Source: GitHub Advisory Database
Blast Radius: 15.8
Published: 11 months ago
Low
GSA_kwCzR0hTQS04cXc5LWdmN3ctNDJ4Nc4AA4a1
Minor fix to previous patch for CVE-2022-35918
Ecosystems: pypi
Packages: streamlit
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 11 months ago
Statistics
Advisories: 20,749
Packages: 9,077
Repositories: 5,549
Ecosystems: 12
Filter by Severity
Moderate 8,858 High 7,309 Critical 3,076 Low 1,150
Filter by Ecosystem
maven 5,878 packagist 4,636 pypi 4,397 npm 3,818 go 2,305 nuget 1,553 cargo 890 rubygems 880 swift 33 hex 32 actions 21 pub 9
Filter by Package
tensorflow 433 tensorflow-gpu 427 tensorflow-cpu 423 moodle/moodle 367 Microsoft.ChakraCore 247 magento/community-edition 235 org.jenkins-ci.main:jenkins-core 193 typo3/cms 174 org.apache.tomcat:tomcat 132 pimcore/pimcore 118 dolibarr/dolibarr 113 typo3/cms-core 106 Django 100 microweber/microweber 94 drupal/core 92 phpmyadmin/phpmyadmin 92 apache-airflow 85 silverstripe/framework 85 drupal/drupal 78 librenms/librenms 74 Plone 72 thorsten/phpmyfaq 70 com.fasterxml.jackson.core:jackson-databind 69 symfony/symfony 69 github.com/usememos/memos 64 ansible 63 github.com/mattermost/mattermost/server/v8 61 concrete5/concrete5 60 actionpack 60 salt 56 org.apache.struts:struts2-core 55 shopware/platform 52 org.keycloak:keycloak-core 52 apache-superset 51 github.com/grafana/grafana 49 nova 47 baserproject/basercms 47 mlflow 47 com.liferay.portal:release.portal.bom 46 craftcms/cms 46 django 44 nokogiri 43 rdiffweb 42 plone 41 showdoc/showdoc 40 shopware/core 40 intelliants/subrion 39 froxlor/froxlor 38 github.com/rancher/rancher 38 org.apache.tomcat.embed:tomcat-embed-core 38 vyper 38 org.keycloak:keycloak-services 37 mautic/core 37 github.com/hashicorp/vault 37 org.xwiki.platform:xwiki-platform-oldcore 37 github.com/mattermost/mattermost-server/v6 37 com.thoughtworks.xstream:xstream 37 nilsteampassnet/teampass 37 k8s.io/kubernetes 36 org.elasticsearch:elasticsearch 36 com.jfinal:jfinal 36 snipe/snipe-it 35 moin 35 net.mingsoft:ms-mcms 35 matrix-synapse 35 gradio 34 zendframework/zendframework1 34 github.com/answerdev/answer 34 io.undertow:undertow-core 34 org.jenkins-ci.plugins:script-security 33 keystone 32 Pillow 31 opencv-contrib-python 31 parse-server 31 opencv-python 31 github.com/argoproj/argo-cd 31 shopware/shopware 30 github.com/hashicorp/consul 29 getgrav/grav 29 github.com/docker/docker 29 github.com/hashicorp/nomad 28 mediawiki/core 28 centreon/centreon 27 github.com/argoproj/argo-cd/v2 27 directus 26 electron 26 prestashop/prestashop 26 openssl-src 26 pillow 26 github.com/cilium/cilium 26 org.keycloak:keycloak-parent 25 org.apache.solr:solr-core 25 gogs.io/gogs 25 rubygems-update 25 org.springframework.security:spring-security-core 24 contao/core-bundle 24 magento/core 24 org.eclipse.jetty:jetty-server 24 grumpydictator/firefly-iii 23 zendframework/zendframework 23 rack 23 remdex/livehelperchat 23 simplesamlphp/simplesamlphp 23 puppet 23 pocketmine/pocketmine-mp 23 org.bouncycastle:bcprov-jdk14 22 tribalsystems/zenario 22 ckb 22 getkirby/cms 22 glance 21 activerecord 21 org.apache.openmeetings:openmeetings-parent 21 Microsoft.AspNetCore.App.Runtime.win-x86 21 org.apache.nifi:nifi 21 @openzeppelin/contracts-upgradeable 21 Microsoft.AspNetCore.App.Runtime.win-x64 21 code.gitea.io/gitea 20 github.com/ethereum/go-ethereum 20 Microsoft.AspNetCore.App.Runtime.win-arm 20 @openzeppelin/contracts 20 org.cloudfoundry.identity:cloudfoundry-identity-server 20 funadmin/funadmin 20 laravel/framework 20 langchain 20 org.xwiki.platform:xwiki-platform-web-templates 19 github.com/goharbor/harbor 19 wasmtime 19 DotNetNuke.Core 19 org.springframework:spring-core 19 contao/contao 19 Microsoft.AspNetCore.App.Runtime.linux-musl-x64 18 Microsoft.AspNetCore.App.Runtime.linux-x64 18 github.com/traefik/traefik/v2 18 mercurial 18 Microsoft.AspNetCore.App.Runtime.linux-arm64 18 forkcms/forkcms 18 golang.org/x/net 18 Microsoft.AspNetCore.App.Runtime.osx-x64 18 Microsoft.AspNetCore.App.Runtime.linux-arm 18 mindsdb 18 Microsoft.AspNetCore.App.Runtime.win-arm64 18 cockpit-hq/cockpit 18 topthink/framework 18 next 18 cobbler 18 com.liferay.portal:release.dxp.bom 18 com.vaadin:vaadin-bom 18 ezsystems/ezpublish-kernel 17 cakephp/cakephp 17 org.apache.geode:geode-core 17 helm.sh/helm/v3 17 symfony/security 17 notebook 17 neutron 17 francoisjacquet/rosariosis 17 opencart/opencart 17 genix/cms 17 Microsoft.AspNetCore.App.Runtime.linux-musl-arm64 17 paddlepaddle 16 org.apache.dubbo:dubbo 16 phpbb/phpbb 16 org.bouncycastle:bcprov-jdk15 16 github.com/zitadel/zitadel 16 org.apache.activemq:activemq-client 16 PaddlePaddle 16 ethyca-fides 16 pyload-ng 16 typo3/cms-backend 16 rusqlite 16 tinymce 16 sequelize 16 org.apache.jspwiki:jspwiki-main 16 openmage/magento-lts 16 yetiforce/yetiforce-crm 16 cryptography 16 calibreweb 15 ckeditor4 15 surrealdb 15 OctoPrint 15 org.apache.struts.xwork:xwork-core 15 symfony/security-http 15 smarty/smarty 15 october/system 15 ec-cube/ec-cube 15 ghost 15 lollms 14 feehi/cms 14 github.com/containerd/containerd 14 dompdf/dompdf 14 org.xwiki.platform:xwiki-platform-web 14 aiohttp 14 publify_core 14 bolt/bolt 14 github.com/nats-io/nats-server/v2 14 phpmailer/phpmailer 14 joplin 14 modoboa 14 camaleon_cms 14 org.apache.tomcat:tomcat-coyote 14 pyftpdlib 14
Filter by Repository
https://github.com/tensorflow/tensorflow 433 https://github.com/moodle/moodle 218 https://github.com/chakra-core/ChakraCore 214 https://github.com/xwiki/xwiki-platform 183 https://github.com/jenkinsci/jenkins 150 https://github.com/django/django 113 https://github.com/pimcore/pimcore 113 https://github.com/apache/tomcat 101 https://github.com/apache/airflow 100 https://github.com/microweber/microweber 88 https://github.com/keycloak/keycloak 79 https://github.com/TYPO3/typo3 74 https://github.com/FasterXML/jackson-databind 70 https://github.com/thorsten/phpmyfaq 69 https://github.com/librenms/librenms 66 https://github.com/silverstripe/silverstripe-framework 64 https://github.com/usememos/memos 64 https://github.com/symfony/symfony 64 https://github.com/rails/rails 59 https://github.com/ansible/ansible 58 https://github.com/Dolibarr/dolibarr 56 https://github.com/kubernetes/kubernetes 53 https://github.com/python-pillow/Pillow 52 https://github.com/apache/struts 46 https://github.com/spring-projects/spring-framework 45 https://github.com/shopware/platform 43 https://github.com/ikus060/rdiffweb 42 https://github.com/argoproj/argo-cd 42 https://github.com/concretecms/concretecms 41 https://github.com/grafana/grafana 41 https://github.com/phpmyadmin/phpmyadmin 38 https://github.com/star7th/showdoc 38 https://github.com/vyperlang/vyper 38 https://github.com/magento/magento2 38 https://github.com/openstack/nova 37 https://github.com/plone/Products.CMFPlone 37 https://github.com/x-stream/xstream 37 https://github.com/octobercms/october 35 https://github.com/mautic/mautic 35 https://github.com/answerdev/answer 34 https://github.com/craftcms/cms 34 https://github.com/saltstack/salt 34 https://github.com/rancher/rancher 34 https://github.com/dotnet/runtime 33 https://github.com/apache/activemq 33 https://github.com/opencv/opencv 32 https://github.com/go-gitea/gitea 32 https://github.com/sparklemotion/nokogiri 32 https://github.com/matrix-org/synapse 32 https://github.com/parse-community/parse-server 31 https://github.com/mlflow/mlflow 31 https://github.com/gradio-app/gradio 31 https://github.com/PaddlePaddle/Paddle 31 https://github.com/snipe/snipe-it 30 https://github.com/shopware/shopware 28 https://github.com/openstack/keystone 28 https://github.com/CVEProject/cvelist 28 https://github.com/apache/inlong 27 https://github.com/cilium/cilium 26 https://github.com/froxlor/froxlor 26 https://github.com/baserproject/basercms 26 https://github.com/directus/directus 25 https://github.com/contao/contao 25 https://github.com/umbraco/Umbraco-CMS 25 https://github.com/github/advisory-database 25 https://github.com/electron/electron 25 https://github.com/TYPO3/TYPO3.CMS 24 https://github.com/strapi/strapi 24 https://github.com/getgrav/grav 24 https://github.com/gogs/gogs 24 https://github.com/apache/nifi 23 https://github.com/livehelperchat/livehelperchat 23 https://github.com/pmmp/PocketMine-MP 23 https://github.com/eclipse/jetty.project 23 https://github.com/firefly-iii/firefly-iii 23 https://github.com/hashicorp/consul 22 https://github.com/langchain-ai/langchain 22 https://github.com/PrestaShop/PrestaShop 22 https://github.com/nervosnetwork/ckb 22 https://github.com/jenkinsci/script-security-plugin 21 https://github.com/apache/cxf 21 https://github.com/netty/netty 21 https://github.com/funadmin/funadmin 20 https://github.com/jeecgboot/jeecg-boot 20 https://github.com/OpenNMS/opennms 20 https://github.com/undertow-io/undertow 20 https://github.com/OpenZeppelin/openzeppelin-contracts 20 https://github.com/simplesamlphp/simplesamlphp 20 https://github.com/bytecodealliance/wasmtime 20 https://github.com/cloudfoundry/uaa 19 https://github.com/bcgit/bc-java 19 https://github.com/zitadel/zitadel 19 https://github.com/getkirby/kirby 19 https://github.com/goharbor/harbor 19 https://github.com/nilsteampassnet/teampass 19 https://github.com/rubygems/rubygems 18 https://github.com/geoserver/geoserver 18 https://github.com/nilsteampassnet/TeamPass 18 https://github.com/intelliants/subrion 18 https://github.com/rack/rack 18 https://github.com/traefik/traefik 18 https://github.com/helm/helm 18 https://github.com/moby/moby 17 https://github.com/liufee/cms 17 https://github.com/vaadin/platform 17 https://github.com/mindsdb/mindsdb 17 https://github.com/opencast/opencast 17 https://github.com/hashicorp/vault 17 https://github.com/backstage/backstage 16 https://github.com/tinymce/tinymce 16 https://github.com/etcd-io/etcd 16 https://github.com/ethyca/fides 16 https://github.com/yetiforcecompany/yetiforcecrm 16 https://github.com/sequelize/sequelize 16 https://github.com/ethereum/go-ethereum 16 https://github.com/TYPO3-CMS/core 16 https://github.com/laravel/framework 16 https://github.com/denoland/deno 16 https://github.com/forkcms/forkcms 16 https://github.com/rusqlite/rusqlite 16 https://github.com/pyload/pyload 16 https://github.com/mattermost/mattermost 16 https://github.com/OpenMage/magento-lts 16 https://github.com/centreon/centreon 15 https://github.com/dompdf/dompdf 15 https://github.com/zendframework/zendframework 15 https://github.com/decidim/decidim 15 https://github.com/vantage6/vantage6 15 https://github.com/puppetlabs/puppet 15 https://github.com/surrealdb/surrealdb 15 https://github.com/apache/camel 15 https://github.com/pyca/cryptography 15 https://github.com/PHPMailer/PHPMailer 15 https://github.com/cobbler/cobbler 15 https://github.com/xuxueli/xxl-job 14 https://github.com/aio-libs/aiohttp 14 https://github.com/vercel/next.js 14 https://github.com/cockpit-hq/cockpit 14 https://github.com/janeczku/calibre-web 14 https://github.com/hashicorp/nomad 14 https://github.com/dotnet/aspnetcore 14 https://github.com/ckeditor/ckeditor4 14 https://github.com/twisted/twisted 14 https://github.com/containerd/containerd 14 https://github.com/publify/publify 13 https://github.com/OPCFoundation/UA-.NETStandard 13 https://github.com/golang/go 13 https://github.com/swagger-api/swagger-ui 13 https://github.com/laurent22/joplin 13 https://github.com/OpenRefine/OpenRefine 13 https://github.com/dromara/hutool 13 https://github.com/ming-soft/MCMS 13 https://github.com/apache/dolphinscheduler 13 https://github.com/nodejs/undici 13 https://github.com/TryGhost/Ghost 13 https://github.com/quarkusio/quarkus 13 https://github.com/modoboa/modoboa 13 https://github.com/openstack/glance 12 https://github.com/apache/kylin 12 https://github.com/centreon/centreon-archived 12 https://github.com/opencontainers/runc 12 https://github.com/openfga/openfga 12 https://github.com/puma/puma 12 https://github.com/patriksimek/vm2 12 https://github.com/urllib3/urllib3 12 https://github.com/pimcore/admin-ui-classic-bundle 12 https://github.com/containers/podman 12 https://github.com/smarty-php/smarty 12 https://github.com/PHPOffice/PhpSpreadsheet 12 https://github.com/1Panel-dev/1Panel 12 https://github.com/wagtail/wagtail 12 https://github.com/nats-io/nats-server 11 https://github.com/getsentry/sentry 11 https://github.com/zenml-io/zenml 11 https://github.com/vaadin/flow 11 https://github.com/cri-o/cri-o 11 https://github.com/NodeBB/NodeBB 11 https://github.com/dolibarr/dolibarr 11 https://github.com/spring-projects/spring-security 11 https://github.com/onionshare/onionshare 11 https://github.com/cakephp/cakephp 11 https://github.com/WWBN/AVideo 11 https://github.com/igniterealtime/Openfire 11 https://github.com/thorsten/phpMyFAQ 11 https://github.com/matrix-org/matrix-js-sdk 11 https://github.com/pomerium/pomerium 11 https://github.com/Studio-42/elFinder 11 https://github.com/Pylons/waitress 11 https://github.com/scrapy/scrapy 11 https://github.com/dpgaspar/Flask-AppBuilder 11 https://github.com/Sylius/Sylius 11 https://github.com/drupal/core 11 https://github.com/ezsystems/ezpublish-kernel 11 https://github.com/yiisoft/yii2 11 https://github.com/owen2345/camaleon-cms 11 https://github.com/top-think/framework 11 https://github.com/cloudflare/cfrpki 11 https://github.com/opencart/opencart 10 https://github.com/nocodb/nocodb 10