Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories

Browse all Security Advisories for

Loading...
High
GSA_kwCzR0hTQS1wdzV4LXg1anctY2NtaM4AA4Z-
Gentoo Portage missing PGP validation of executed code
Ecosystems: pypi
Packages: portage
Source: GitHub Advisory Database
Blast Radius: 13.3
Published: 11 months ago
Critical
GSA_kwCzR0hTQS00bXEyLWdjNGotY213Ns4AA4Y6
Django Template Engine Vulnerable to XSS
Ecosystems: go
Packages: github.com/gofiber/template/django/v3
Source: GitHub Advisory Database
Blast Radius: 6.5
Published: 11 months ago
High
GSA_kwCzR0hTQS04cjI1LTY4d20tanczNc4AA4Y5
Authenticated (user role) arbitrary command execution by modifying `start_cmd` setting (GHSL-2023-268)
Ecosystems: go
Packages: github.com/0xJacky/Nginx-UI
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 11 months ago
High
GSA_kwCzR0hTQS1weG1yLXEyeDMtOXg5bc4AA4Y4
Authenticated (user role) remote command execution by modifying `nginx` settings (GHSL-2023-269)
Ecosystems: go
Packages: github.com/0xJacky/Nginx-UI
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 11 months ago
High
GSA_kwCzR0hTQS1oMzc0LW1tNTctODc5Y84AA4Y3
Authenticated (user role) SQL injection in `OrderAndPaginate` (GHSL-2023-270)
Ecosystems: go
Packages: github.com/0xJacky/Nginx-UI
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 11 months ago
Critical
GSA_kwCzR0hTQS14cTYyLTYyYzktMjJtZ84AA4Y2
Drupal Improper Access Control
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 36.5
Published: 11 months ago
Moderate
GSA_kwCzR0hTQS1oNWM4LXJxd3AtY3A5Nc4AA4Ys
Jinja vulnerable to HTML attribute injection when passing user input as keys to xmlattr filter
Ecosystems: pypi
Packages: jinja2
Source: GitHub Advisory Database
Blast Radius: 27.7
Published: 11 months ago
Low
GSA_kwCzR0hTQS1yZ3JmLTZtZjUtbTg4Ms4AA4Yr
cdo-local-uuid vulnerable to insertion of artifact derived from developer's Present Working Directory into demonstration code
Ecosystems: pypi
Packages: case-utils, cdo-local-uuid
Source: GitHub Advisory Database
Blast Radius: 0.7
Published: 11 months ago
Moderate
GSA_kwCzR0hTQS04bTVmLTJ4dnAtMmM4d84AA4Vk
WWBN AVideo recovery notification bypass vulnerability
Ecosystems: packagist
Packages: wwbn/avideo
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 11 months ago
High
GSA_kwCzR0hTQS12OTc3LWg0aG0tcnJmZs4AA4Vu
WWBN AVideo Improper Restriction of Excessive Authentication Attempts vulnerability
Ecosystems: packagist
Packages: wwbn/avideo
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 11 months ago
Critical
GSA_kwCzR0hTQS13cWNjLXFmNjMtYzJ4NM4AA4Vv
WWBN AVideo Insufficient Entropy vulnerbaility
Ecosystems: packagist
Packages: wwbn/avideo
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 11 months ago
High
GSA_kwCzR0hTQS0ybXFqLW02NXctamdoeM4AA4Vh
Untrusted search path under some conditions on Windows allows arbitrary code execution
Ecosystems: pypi
Packages: GitPython
Source: GitHub Advisory Database
Blast Radius: 34.7
Published: 11 months ago
Critical
GSA_kwCzR0hTQS00NDlwLTNoODktcHc4OM4AA4Vg
Maliciously crafted Git server replies can lead to path traversal and RCE on go-git clients
Ecosystems: go
Packages: gopkg.in/src-d/go-git.v4, github.com/go-git/go-git/v5, github.com/go-git/go-git/v4
Source: GitHub Advisory Database
Blast Radius: 40.5
Published: 11 months ago
Moderate
GSA_kwCzR0hTQS1wNHJ4LTd3dmctZndyY84AA4U1
CRI-O's pods can break out of resource confinement on cgroupv2
Ecosystems: go
Packages: github.com/cri-o/cri-o
Source: GitHub Advisory Database
Blast Radius: 11.6
Published: 11 months ago
Moderate
GSA_kwCzR0hTQS1nMjczLXdwcHgtODJ3NM4AA4U0
Pimcore Customer Data Framework Improper Access Control allows unprivileged user to access GDPR extracts
Ecosystems: packagist
Packages: pimcore/customer-management-framework-bundle
Source: GitHub Advisory Database
Blast Radius: 7.4
Published: 11 months ago
Moderate
GSA_kwCzR0hTQS1jMzhjLWM4bWgtdnE2OM4AA4Uz
Pimcore Customer Data Framework Improper Access Control allows unprivileged user to access customers duplicates list
Ecosystems: packagist
Packages: pimcore/customer-management-framework-bundle
Source: GitHub Advisory Database
Blast Radius: 7.4
Published: 11 months ago
Moderate
GSA_kwCzR0hTQS1jeDk5LTI1aHItNWp4Zs4AA4Uy
Pimcore Ecommerce Framework Bundle Improper Access Control allows unprivileged user to access back-office orders list
Ecosystems: packagist
Packages: pimcore/ecommerce-framework-bundle
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 11 months ago
Moderate
GSA_kwCzR0hTQS1wcHh4LTVtOWgtNnZ4Zs4AA4Ux
quic-go's path validation mechanism can be exploited to cause denial of service
Ecosystems: go
Packages: github.com/quic-go/quic-go
Source: GitHub Advisory Database
Blast Radius: 19.6
Published: 11 months ago
Low
GSA_kwCzR0hTQS1mODk5LTRtcjQtZnFwds4AA4Uf
Apache Answer Race Condition vulnerability
Ecosystems: go
Packages: github.com/apache/incubator-answer
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 11 months ago
Critical
GSA_kwCzR0hTQS05N3g5LTU5cnYtcTVwbc4AA4Tl
Hyperledger Aries Cloud Agent Python result of presentation verification not checked for LDP-VC
Ecosystems: pypi
Packages: aries-cloudagent
Source: GitHub Advisory Database
Blast Radius: 14.3
Published: 11 months ago
Moderate
GSA_kwCzR0hTQS01OWo3LWdocmctZmo1Ms4AA4Tk
Microsoft ASP.NET Core project templates vulnerable to denial of service
Ecosystems: nuget
Packages: Microsoft.IdentityModel.JsonWebTokens, System.IdentityModel.Tokens.Jwt
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 11 months ago
Moderate
GSA_kwCzR0hTQS00amgzLTZqaHYtMm1ncM4AA4Tj
react-native-mmkv Insertion of Sensitive Information into Log File vulnerability
Ecosystems: npm
Packages: react-native-mmkv
Source: GitHub Advisory Database
Blast Radius: 11.9
Published: 11 months ago
High
GSA_kwCzR0hTQS05OGc2LXhoMzYteDJwN84AA4Sw
Microsoft.Data.SqlClient and System.Data.SqlClient vulnerable to SQL Data Provider Security Feature Bypass
Ecosystems: nuget
Packages: Microsoft.Data.SqlClient, System.Data.SqlClient
Source: GitHub Advisory Database
Blast Radius: 15.0
Published: 11 months ago
High
GSA_kwCzR0hTQS1ydjlqLWM4NjYtZ3A1aM4AA4Sp
Microsoft.IdentityModel.Protocols.SignedHttpRequest remote code execution vulnerability
Ecosystems: nuget
Packages: Microsoft.IdentityModel.Protocols.SignedHttpRequest
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 11 months ago
Moderate
GSA_kwCzR0hTQS1wdmNyLXY4ajgtajVxM84AA4So
Parsing JSON serialized payload without protected field can lead to segfault
Ecosystems: go
Packages: github.com/lestrrat-go/jwx, github.com/lestrrat-go/jwx/v2
Source: GitHub Advisory Database
Blast Radius: 14.9
Published: 11 months ago
High
GSA_kwCzR0hTQS02NjczLTQ5ODMtMnZ4Nc4AA4Sn
fonttools XML External Entity Injection (XXE) Vulnerability
Ecosystems: pypi
Packages: fonttools
Source: GitHub Advisory Database
Blast Radius: 34.0
Published: 11 months ago
Moderate
GSA_kwCzR0hTQS1nNzc3LWNycDktbTI3Z84AA4SE
Apprite CLI makes Use of Hard-coded Credentials
Ecosystems: pypi, npm
Packages: appwrite, appwrite-cli
Source: GitHub Advisory Database
Blast Radius: 9.8
Published: 11 months ago
Moderate
GSA_kwCzR0hTQS1yd2Y5LThmcXItcDQ0bc4AA4SG
Qualys Jenkins Plugin for Policy Compliance Cross-site Scripting vulnerability
Ecosystems: maven
Packages: com.qualys.plugins:qualys-pc
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 11 months ago
Moderate
GSA_kwCzR0hTQS01Z3doLXI3NnctOTM0aM4AA4SI
Qualys Jenkins Plugin for WAS XML External Entity vulnerability
Ecosystems: maven
Packages: com.qualys.plugins:qualys-was
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 11 months ago
Moderate
GSA_kwCzR0hTQS04NTI1LTUydmctanY2ds4AA4SF
Qualys Jenkins Plugin for Policy Compliance XML External Entity vulnerability
Ecosystems: maven
Packages: com.qualys.plugins:qualys-pc
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 11 months ago
Moderate
GSA_kwCzR0hTQS05M3A2LTljeHYtNXJwcc4AA4Rr
juzawebCMS Incorrect Access Control vulnerability
Ecosystems: packagist
Packages: juzaweb/cms
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 11 months ago
Critical
GSA_kwCzR0hTQS1janFmLTg3N3AtN20zZs4AA4Qp
snapd Race Condition vulnerability
Ecosystems: go
Packages: github.com/snapcore/snapd
Source: GitHub Advisory Database
Blast Radius: 13.2
Published: 11 months ago
High
GSA_kwCzR0hTQS05NzYzLTRmOTQtZ2ZjaM4AA4Ql
CIRCL's Kyber: timing side-channel (kyberslash2)
Ecosystems: go
Packages: github.com/cloudflare/circl
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 11 months ago
High
GSA_kwCzR0hTQS04OTU5LXJmeGgtcjRqNM4AA4Qk
XWiki vulnerable to Denial of Service attack through attachments
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-distribution-war
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 11 months ago
Critical
GSA_kwCzR0hTQS1yajdwLXhqdjctNzIyOc4AA4Qj
XWiki Remote Code Execution Vulnerability via User Registration
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-administration-ui
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 11 months ago
High
GSA_kwCzR0hTQS14aDM1LXc3d2ctOTV2M84AA4Qi
XWiki has no right protection on rollback action
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform, org.xwiki.platform:xwiki-platform-oldcore
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 11 months ago
Moderate
GSA_kwCzR0hTQS1jMmY0LWN2cW0tNjV3Ms4AA4Qh
Puma HTTP Request/Response Smuggling vulnerability
Ecosystems: rubygems
Packages: puma
Source: GitHub Advisory Database
Blast Radius: 33.1
Published: 11 months ago
High
GSA_kwCzR0hTQS1tcXBxLTJwNjgtNDZmds4AA4Qg
pyload Unauthenticated Flask Configuration Leakage vulnerability
Ecosystems: pypi
Packages: pyload-ng
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 11 months ago
Moderate
GSA_kwCzR0hTQS1naG13LXJ3aDgtNnFtcs4AA4PI
pyload Log Injection vulnerability
Ecosystems: pypi
Packages: pyload-ng
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 11 months ago
Moderate
GSA_kwCzR0hTQS12MnYyLWhwaDgtcTV4cM4AA4PH
@fastify/reply-from JSON Content-Type parsing confusion
Ecosystems: npm
Packages: @fastify/reply-from
Source: GitHub Advisory Database
Blast Radius: 13.6
Published: 11 months ago
High
GSA_kwCzR0hTQS1ocjJjLXA4cmgtMjM4aM4AA4OB
Apache Axis Improper Input Validation vulnerability
Ecosystems: maven
Packages: axis:axis, org.apache.axis:axis
Source: GitHub Advisory Database
Blast Radius: 24.4
Published: 11 months ago
High
GSA_kwCzR0hTQS03aGZ4LWgzajMtcndxNM4AA4N6
D-Tale server-side request forgery through Web uploads
Ecosystems: pypi
Packages: dtale
Source: GitHub Advisory Database
Blast Radius: 14.5
Published: 11 months ago
Low
GSA_kwCzR0hTQS03MzNyLTh4Y3Atdzltcs4AA4N5
Flarum's logout Route allows open redirects
Ecosystems: packagist
Packages: flarum/framework, flarum/core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 11 months ago
Moderate
GSA_kwCzR0hTQS00MzdtLTdoajUtOW1wd84AA4Ng
Kruise allows leveraging the kruise-daemon pod to list all secrets in the entire cluster
Ecosystems: go
Packages: github.com/openkruise/kruise
Source: GitHub Advisory Database
Blast Radius: 6.5
Published: 11 months ago
High
GSA_kwCzR0hTQS1qMjI1LWN2dzctcXJ4N84AA4M5
PyCryptodome and pycryptodomex side-channel leakage for OAEP decryption
Ecosystems: pypi
Packages: pycryptodome, pycryptodomex
Source: GitHub Advisory Database
Blast Radius: 22.6
Published: 11 months ago
Moderate
GSA_kwCzR0hTQS12d3YyLTl3Y2otNjR2eM4AA4M1
Firefly III allows webhooks HTML Injection.
Ecosystems: packagist
Packages: grumpydictator/firefly-iii
Source: GitHub Advisory Database
Blast Radius: 4.5
Published: 11 months ago
Moderate
GSA_kwCzR0hTQS13ZjJ4LTh3NmotcXczN84AA4My
view_component Cross-site Scripting vulnerability
Ecosystems: rubygems
Packages: view_component
Source: GitHub Advisory Database
Blast Radius: 19.5
Published: 11 months ago
Moderate
GSA_kwCzR0hTQS12NmY0LWp3djktNjgyd84AA4Mo
class.upload.php allows cross-site scripting attacks via uploaded files
Ecosystems: packagist
Packages: verot/class.upload.php
Source: GitHub Advisory Database
Blast Radius: 13.7
Published: 11 months ago
High
GSA_kwCzR0hTQS02MjVnLWZtNXctdzd3NM4AA4Mn
Froxlor username/surname AND company field Bypass
Ecosystems: packagist
Packages: froxlor/froxlor
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 11 months ago
High
GSA_kwCzR0hTQS04NnJnLXBmNGMtNWdyZ84AA4MQ
@backstage/backend-app-api leaks GitLab access tokens
Ecosystems: npm
Packages: @backstage/backend-app-api
Source: GitHub Advisory Database
Blast Radius: 18.1
Published: 11 months ago
High
GSA_kwCzR0hTQS0yNjRwLTk5d3EtZjRqNs4AA4L1
Ion Java StackOverflow vulnerability
Ecosystems: maven
Packages: software.amazon.ion:ion-java, com.amazon.ion:ion-java
Source: GitHub Advisory Database
Blast Radius: 14.9
Published: 11 months ago
Moderate
GSA_kwCzR0hTQS1qNWc5LWo3cjQtNnF2eM4AA4L0
Craft CMS Privilege Escalation
Ecosystems: packagist
Packages: craftcms/cms
Source: GitHub Advisory Database
Blast Radius: 18.6
Published: 11 months ago
Moderate
GSA_kwCzR0hTQS12cjdtLXI5dm0tbTR3Zs4AA4Lz
PrestaShop XSS can be stored in DB from "add a message form" in order detail page (FO)
Ecosystems: packagist
Packages: prestashop/prestashop
Source: GitHub Advisory Database
Blast Radius: 1.6
Published: 11 months ago
Moderate
GSA_kwCzR0hTQS0yN3dnLTk5ZzgtMnY0ds4AA4Ly
Rust EVM erroneousle handles `record_external_operation` error return
Ecosystems: cargo
Packages: evm
Source: GitHub Advisory Database
Blast Radius: 14.1
Published: 11 months ago
High
GSA_kwCzR0hTQS01ZzY2LTYyOGYtN2N2as4AA4Lx
Omniauth::MicrosoftGraph Account takeover (nOAuth)
Ecosystems: rubygems
Packages: omniauth-microsoft_graph
Source: GitHub Advisory Database
Blast Radius: 9.0
Published: 11 months ago
Moderate
GSA_kwCzR0hTQS1yNnI0LTVwcjgtZ2pjcM4AA4Lw
Vapor contains an integer overflow in URI leading to potential host spoofing
Ecosystems: swift
Packages: github.com/vapor/vapor
Source: GitHub Advisory Database
Blast Radius: 18.9
Published: 11 months ago
High
GSA_kwCzR0hTQS14Z3BtLXEzbXEtNDZycc4AA4Lv
PrestaShop some attribute not escaped in Validate::isCleanHTML method
Ecosystems: packagist
Packages: prestashop/prestashop
Source: GitHub Advisory Database
Blast Radius: 2.4
Published: 11 months ago
High
GSA_kwCzR0hTQS1wNHY4LWpnY3YtOWc3Nc4AA4Lu
safe_pqc_kyber leaks parts of secret keys
Ecosystems: cargo
Packages: safe_pqc_kyber
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 11 months ago
Critical
GSA_kwCzR0hTQS1mOG1wLXg0MzMtNXdwZs4AA4Lh
Arbitrary remote code execution within `wrangler dev` Workers sandbox
Ecosystems: npm
Packages: wrangler
Source: GitHub Advisory Database
Blast Radius: 33.0
Published: 11 months ago
Moderate
GSA_kwCzR0hTQS1jZnBoLTRxcWgtdzgyOM4AA4Lg
Arbitrary remote file read in Wrangler dev server
Ecosystems: npm
Packages: wrangler
Source: GitHub Advisory Database
Blast Radius: 24.5
Published: 11 months ago
Low
GSA_kwCzR0hTQS03eGcyLTgzZjgtMzltcs4AA4Lf
The DES/3DES cipher was used as part of the TLS protocol by installation tools
Ecosystems: go
Packages: github.com/karmada-io/karmada
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 11 months ago
Moderate
GSA_kwCzR0hTQS12d2NoLWc5N3ctaGZnMs4AA4LX
CubeFS leaks users key in logs
Ecosystems: go
Packages: github.com/cubefs/cubefs
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 11 months ago
Moderate
GSA_kwCzR0hTQS04aDJ4LWdyMmMtYzI3Nc4AA4LW
CubeFS leaks magic secret key when starting Blobstore access service
Ecosystems: go
Packages: github.com/cubefs/cubefs
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 11 months ago
High
GSA_kwCzR0hTQS00MjQ4LXA2NXAtaGNybc4AA4LV
Insecure random string generator used for sensitive data
Ecosystems: go
Packages: github.com/cubefs/cubefs
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 11 months ago
High
GSA_kwCzR0hTQS04NTc5LTdwMzItZjM5OM4AA4LU
CubeFS timing attack can leak user passwords
Ecosystems: go
Packages: github.com/cubefs/cubefs
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 11 months ago
High
GSA_kwCzR0hTQS1xYzZ2LWczeHctZ3JteM4AA4LT
Authenticated users can crash the CubeFS servers with maliciously crafted requests
Ecosystems: go
Packages: github.com/cubefs/cubefs
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 11 months ago
High
GSA_kwCzR0hTQS1mcWg2LTZoNmMtMzY2bc4AA4LR
CouchAuth host header injection vulnerability leaks the password reset token
Ecosystems: npm
Packages: @perfood/couch-auth
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 11 months ago
Critical
GSA_kwCzR0hTQS05eGc5LWhoNDUteGNtNs4AA4LL
Apache InLong Manager Remote Code Execution vulnerability
Ecosystems: maven
Packages: org.apache.inlong:manager-pojo
Source: GitHub Advisory Database
Blast Radius: 14.5
Published: 11 months ago
High
GSA_kwCzR0hTQS1jcndqLTJyM2MtZ3gyZ84AA4LK
Apache InLong Manager Arbitrary File Read Vulnerability
Ecosystems: maven
Packages: org.apache.inlong:manager-pojo
Source: GitHub Advisory Database
Blast Radius: 11.1
Published: 11 months ago
High
GSA_kwCzR0hTQS00cnJ2LThnY3AtMjR2OM4AA4K4
PaddlePaddle stack overflow in paddle.searchsorted
Ecosystems: pypi
Packages: PaddlePaddle
Source: GitHub Advisory Database
Blast Radius: 27.4
Published: 11 months ago
High
GSA_kwCzR0hTQS1nNTd2LTI2ODctangzM84AA4K8
PaddlePaddle stack overflow in paddle.linalg.lu_unpack
Ecosystems: pypi
Packages: PaddlePaddle
Source: GitHub Advisory Database
Blast Radius: 27.4
Published: 11 months ago
Moderate
GSA_kwCzR0hTQS1yeDJyLXE5NmMtdzVjY84AA4LB
PaddlePaddle floating point exception in paddle.topk
Ecosystems: pypi
Packages: PaddlePaddle
Source: GitHub Advisory Database
Blast Radius: 15.7
Published: 11 months ago
Critical
GSA_kwCzR0hTQS1qNWg5LTlyMzktNDNxNc4AA4K-
PaddlePaddle command injection in get_online_pass_interval
Ecosystems: pypi
Packages: PaddlePaddle
Source: GitHub Advisory Database
Blast Radius: 32.4
Published: 11 months ago
Moderate
GSA_kwCzR0hTQS1xcHB3LWMzN2cteHdjY84AA4LH
PaddlePaddle nullptr dereference in paddle.crop
Ecosystems: pypi
Packages: PaddlePaddle
Source: GitHub Advisory Database
Blast Radius: 15.7
Published: 11 months ago
Moderate
GSA_kwCzR0hTQS1yZzlxLW04aHYteHhyNs4AA4K9
PaddlePaddle floating point exception in paddle.lerp
Ecosystems: pypi
Packages: PaddlePaddle
Source: GitHub Advisory Database
Blast Radius: 15.7
Published: 11 months ago
Critical
GSA_kwCzR0hTQS1yZjdwLTc5eHEtOHh3bc4AA4LC
PaddlePaddle command injection in _wget_download
Ecosystems: pypi
Packages: PaddlePaddle
Source: GitHub Advisory Database
Blast Radius: 32.4
Published: 11 months ago
Moderate
GSA_kwCzR0hTQS0yNzVjLXc1bXEtdjVtMs4AA4LE
PaddlePaddle floating point exception in paddle.argmin and paddle.argmax
Ecosystems: pypi
Packages: PaddlePaddle
Source: GitHub Advisory Database
Blast Radius: 15.7
Published: 11 months ago
High
GSA_kwCzR0hTQS04ZnA3LWp3djItNDl4Oc4AA4LA
PaddlePaddle heap buffer overflow in paddle.repeat_interleave
Ecosystems: pypi
Packages: PaddlePaddle
Source: GitHub Advisory Database
Blast Radius: 27.4
Published: 11 months ago
Critical
GSA_kwCzR0hTQS0zY3I1LTI0NDYtOHBnM84AA4Kt
PaddlePaddle command injection in convert_shape_compare
Ecosystems: pypi
Packages: PaddlePaddle
Source: GitHub Advisory Database
Blast Radius: 32.4
Published: 11 months ago
Moderate
GSA_kwCzR0hTQS12OXBnLXF3NngtdzVyMs4AA4LF
PaddlePaddle floating point exception in paddle.amin
Ecosystems: pypi
Packages: PaddlePaddle
Source: GitHub Advisory Database
Blast Radius: 15.7
Published: 11 months ago
Moderate
GSA_kwCzR0hTQS1qbTY4LWZwbXItOGoyZ84AA4K1
PaddlePaddle floating point exception in paddle.linalg.matrix_rank
Ecosystems: pypi
Packages: PaddlePaddle
Source: GitHub Advisory Database
Blast Radius: 15.7
Published: 11 months ago
Moderate
GSA_kwCzR0hTQS01NDdtLTIzeDctY3hnNc4AA4K3
PaddlePaddle null pointer dereference in paddle.nextafter
Ecosystems: pypi
Packages: PaddlePaddle
Source: GitHub Advisory Database
Blast Radius: 15.7
Published: 11 months ago
Moderate
GSA_kwCzR0hTQS14M3E5LWM3ODgtajdjOM4AA4K0
PaddlePaddle segfault in paddle.dot
Ecosystems: pypi
Packages: PaddlePaddle
Source: GitHub Advisory Database
Blast Radius: 15.7
Published: 11 months ago
Moderate
GSA_kwCzR0hTQS1tcjc4LXY1NXAtNzc3N84AA4K5
PaddlePaddle segfault in paddle.mode
Ecosystems: pypi
Packages: PaddlePaddle
Source: GitHub Advisory Database
Blast Radius: 15.7
Published: 11 months ago
Moderate
GSA_kwCzR0hTQS0yd2NqLXFyNzYtOTc2OM4AA4K6
PaddlePaddle segfault in paddle.put_along_axis
Ecosystems: pypi
Packages: paddlepaddle
Source: GitHub Advisory Database
Blast Radius: 15.7
Published: 11 months ago
Moderate
GSA_kwCzR0hTQS1jNnBoLW04Y3ctcmZxaM4AA4K2
PaddlePaddle floating point exception in paddle.linalg.eig
Ecosystems: pypi
Packages: paddlepaddle
Source: GitHub Advisory Database
Blast Radius: 15.7
Published: 11 months ago
Moderate
GSA_kwCzR0hTQS14anB3LWh4NDctcmNjds4AA4Ks
PaddlePaddle floating point exception in paddle.nanmedian
Ecosystems: pypi
Packages: PaddlePaddle
Source: GitHub Advisory Database
Blast Radius: 15.7
Published: 11 months ago
Critical
GSA_kwCzR0hTQS13amM0LTczcTYtZ3Yzbc4AA4Ki
plotly.js prototype pollution vulnerability
Ecosystems: npm, packagist
Packages: plotly.js, plotly/plotly.js
Source: GitHub Advisory Database
Blast Radius: 47.8
Published: 11 months ago
Low
GSA_kwCzR0hTQS0zcGZqLWc0d3ItcWozas4AA4J-
Gila CMS SQL Injection vulnerability
Ecosystems: packagist
Packages: gilacms/gila
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 11 months ago
Low
GSA_kwCzR0hTQS00dmY2LTJybXgtZmdxeM4AA4KC
Gila CMS SQL Injection vulnerability
Ecosystems: packagist
Packages: gilacms/gila
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 11 months ago
Moderate
GSA_kwCzR0hTQS1ycGp3LTk3cDgtcDJ4cM4AA4KA
Gila CMS SQL Injection
Ecosystems: packagist
Packages: gilacms/gila
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 11 months ago
High
GSA_kwCzR0hTQS1naG0yLXJxOHEtd3JoY84AA4Jn
Potential Actions command injection in output filenames (GHSL-2023-275)
Ecosystems: actions
Packages: tj-actions/verify-changed-files
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 11 months ago
High
GSA_kwCzR0hTQS1tY3BoLW0yNWotOGo2M84AA4Jm
tj-actions/changed-files has Potential Actions command injection in output filenames (GHSL-2023-271)
Ecosystems: actions
Packages: tj-actions/changed-files
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 11 months ago
Moderate
GSA_kwCzR0hTQS00ODdwLXF4NjgtNXZqd84AA4Jl
Hail relies on OIDC email claims to verify the validity of a user's domain.
Ecosystems: pypi
Packages: hail
Source: GitHub Advisory Database
Blast Radius: 8.7
Published: 11 months ago
Moderate
GSA_kwCzR0hTQS04eDZmLTk1NmYtcTQzd84AA4Jk
OWASP.AntiSamy mXSS when preserving comments
Ecosystems: nuget
Packages: OWASP.AntiSamy
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 11 months ago
Moderate
GSA_kwCzR0hTQS04NzVnLW1mcDYtZzdmOc4AA4Jj
`serde` deserialization for `FamStructWrapper` lacks bound checks that could potentially lead to out-of-bounds memory access
Ecosystems: cargo
Packages: vmm-sys-util
Source: GitHub Advisory Database
Blast Radius: 13.3
Published: 11 months ago
Low
GSA_kwCzR0hTQS0yeDdyLTkzd3ctY3hycc4AA4Je
Winter CMS Local File Inclusion through Server Side Template Injection
Ecosystems: packagist
Packages: winter/wn-backend-module
Source: GitHub Advisory Database
Blast Radius: 4.5
Published: 11 months ago
Moderate
GSA_kwCzR0hTQS1xN3J4LXc2NTYtZndtds4AA4Jc
Mattermost notified all users in the channel when using WebSockets to respond individually
Ecosystems: go
Packages: github.com/mattermost/mattermost-server/v6, github.com/mattermost/mattermost/server/v8
Source: GitHub Advisory Database
Blast Radius: 9.6
Published: 11 months ago
Moderate
GSA_kwCzR0hTQS13ODh2LXBqcjgtY212Ms4AA4Ja
Mattermost viewing archived public channels permissions vulnerability
Ecosystems: go
Packages: github.com/mattermost/mattermost/server/v8, github.com/mattermost/mattermost-server/v6
Source: GitHub Advisory Database
Blast Radius: 9.6
Published: 11 months ago
Low
GSA_kwCzR0hTQS05dzk3LTlycXgtOHY0as4AA4Jd
Mattermost allows demoted guests to change group names
Ecosystems: go
Packages: github.com/mattermost/mattermost/server/v8
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 11 months ago
Statistics
Advisories: 20,749
Packages: 9,077
Repositories: 5,549
Ecosystems: 12
Filter by Severity
Moderate 8,858 High 7,309 Critical 3,076 Low 1,150
Filter by Ecosystem
maven 5,878 packagist 4,636 pypi 4,397 npm 3,818 go 2,305 nuget 1,553 cargo 890 rubygems 880 swift 33 hex 32 actions 21 pub 9
Filter by Package
tensorflow 433 tensorflow-gpu 427 tensorflow-cpu 423 moodle/moodle 367 Microsoft.ChakraCore 247 magento/community-edition 235 org.jenkins-ci.main:jenkins-core 193 typo3/cms 174 org.apache.tomcat:tomcat 132 pimcore/pimcore 118 dolibarr/dolibarr 113 typo3/cms-core 106 Django 100 microweber/microweber 94 phpmyadmin/phpmyadmin 92 drupal/core 92 silverstripe/framework 85 apache-airflow 85 drupal/drupal 78 librenms/librenms 74 Plone 72 thorsten/phpmyfaq 70 symfony/symfony 69 com.fasterxml.jackson.core:jackson-databind 69 github.com/usememos/memos 64 ansible 63 github.com/mattermost/mattermost/server/v8 61 concrete5/concrete5 60 actionpack 60 salt 56 org.apache.struts:struts2-core 55 org.keycloak:keycloak-core 52 shopware/platform 52 apache-superset 51 github.com/grafana/grafana 49 nova 47 mlflow 47 baserproject/basercms 47 com.liferay.portal:release.portal.bom 46 craftcms/cms 46 django 44 nokogiri 43 rdiffweb 42 plone 41 shopware/core 40 showdoc/showdoc 40 intelliants/subrion 39 vyper 38 froxlor/froxlor 38 github.com/rancher/rancher 38 org.apache.tomcat.embed:tomcat-embed-core 38 mautic/core 37 nilsteampassnet/teampass 37 github.com/mattermost/mattermost-server/v6 37 com.thoughtworks.xstream:xstream 37 org.keycloak:keycloak-services 37 org.xwiki.platform:xwiki-platform-oldcore 37 github.com/hashicorp/vault 37 k8s.io/kubernetes 36 com.jfinal:jfinal 36 org.elasticsearch:elasticsearch 36 matrix-synapse 35 net.mingsoft:ms-mcms 35 snipe/snipe-it 35 moin 35 zendframework/zendframework1 34 github.com/answerdev/answer 34 gradio 34 io.undertow:undertow-core 34 org.jenkins-ci.plugins:script-security 33 keystone 32 parse-server 31 opencv-python 31 opencv-contrib-python 31 Pillow 31 github.com/argoproj/argo-cd 31 shopware/shopware 30 github.com/docker/docker 29 github.com/hashicorp/consul 29 getgrav/grav 29 github.com/hashicorp/nomad 28 mediawiki/core 28 github.com/argoproj/argo-cd/v2 27 centreon/centreon 27 github.com/cilium/cilium 26 openssl-src 26 pillow 26 electron 26 directus 26 prestashop/prestashop 26 org.apache.solr:solr-core 25 org.keycloak:keycloak-parent 25 rubygems-update 25 gogs.io/gogs 25 org.eclipse.jetty:jetty-server 24 org.springframework.security:spring-security-core 24 magento/core 24 contao/core-bundle 24 puppet 23 simplesamlphp/simplesamlphp 23 zendframework/zendframework 23 pocketmine/pocketmine-mp 23 grumpydictator/firefly-iii 23 remdex/livehelperchat 23 rack 23 org.bouncycastle:bcprov-jdk14 22 getkirby/cms 22 tribalsystems/zenario 22 ckb 22 org.apache.nifi:nifi 21 Microsoft.AspNetCore.App.Runtime.win-x64 21 @openzeppelin/contracts-upgradeable 21 glance 21 Microsoft.AspNetCore.App.Runtime.win-x86 21 org.apache.openmeetings:openmeetings-parent 21 activerecord 21 github.com/ethereum/go-ethereum 20 org.cloudfoundry.identity:cloudfoundry-identity-server 20 code.gitea.io/gitea 20 Microsoft.AspNetCore.App.Runtime.win-arm 20 @openzeppelin/contracts 20 langchain 20 funadmin/funadmin 20 laravel/framework 20 contao/contao 19 wasmtime 19 org.xwiki.platform:xwiki-platform-web-templates 19 DotNetNuke.Core 19 github.com/goharbor/harbor 19 org.springframework:spring-core 19 golang.org/x/net 18 Microsoft.AspNetCore.App.Runtime.linux-musl-x64 18 Microsoft.AspNetCore.App.Runtime.win-arm64 18 forkcms/forkcms 18 Microsoft.AspNetCore.App.Runtime.linux-x64 18 com.liferay.portal:release.dxp.bom 18 Microsoft.AspNetCore.App.Runtime.osx-x64 18 next 18 Microsoft.AspNetCore.App.Runtime.linux-arm64 18 Microsoft.AspNetCore.App.Runtime.linux-arm 18 cobbler 18 cockpit-hq/cockpit 18 topthink/framework 18 mindsdb 18 github.com/traefik/traefik/v2 18 com.vaadin:vaadin-bom 18 mercurial 18 genix/cms 17 org.apache.geode:geode-core 17 symfony/security 17 francoisjacquet/rosariosis 17 cakephp/cakephp 17 helm.sh/helm/v3 17 neutron 17 ezsystems/ezpublish-kernel 17 Microsoft.AspNetCore.App.Runtime.linux-musl-arm64 17 notebook 17 opencart/opencart 17 yetiforce/yetiforce-crm 16 typo3/cms-backend 16 sequelize 16 org.apache.activemq:activemq-client 16 openmage/magento-lts 16 github.com/zitadel/zitadel 16 tinymce 16 ethyca-fides 16 pyload-ng 16 org.apache.jspwiki:jspwiki-main 16 phpbb/phpbb 16 PaddlePaddle 16 org.bouncycastle:bcprov-jdk15 16 paddlepaddle 16 org.apache.dubbo:dubbo 16 cryptography 16 rusqlite 16 ghost 15 OctoPrint 15 smarty/smarty 15 october/system 15 org.apache.struts.xwork:xwork-core 15 symfony/security-http 15 ec-cube/ec-cube 15 surrealdb 15 ckeditor4 15 calibreweb 15 org.apache.tomcat:tomcat-coyote 14 bolt/bolt 14 org.apache.inlong:manager-pojo 14 joplin 14 pyftpdlib 14 github.com/containerd/containerd 14 silverstripe/cms 14 feehi/cms 14 dompdf/dompdf 14 aiohttp 14 org.xwiki.platform:xwiki-platform-web 14 camaleon_cms 14 lollms 14 activesupport 14 publify_core 14
Filter by Repository
https://github.com/tensorflow/tensorflow 433 https://github.com/moodle/moodle 218 https://github.com/chakra-core/ChakraCore 214 https://github.com/xwiki/xwiki-platform 183 https://github.com/jenkinsci/jenkins 150 https://github.com/django/django 113 https://github.com/pimcore/pimcore 113 https://github.com/apache/tomcat 101 https://github.com/apache/airflow 100 https://github.com/microweber/microweber 88 https://github.com/keycloak/keycloak 79 https://github.com/TYPO3/typo3 74 https://github.com/FasterXML/jackson-databind 70 https://github.com/thorsten/phpmyfaq 69 https://github.com/librenms/librenms 66 https://github.com/usememos/memos 64 https://github.com/symfony/symfony 64 https://github.com/silverstripe/silverstripe-framework 64 https://github.com/rails/rails 59 https://github.com/ansible/ansible 58 https://github.com/Dolibarr/dolibarr 56 https://github.com/kubernetes/kubernetes 53 https://github.com/python-pillow/Pillow 52 https://github.com/apache/struts 46 https://github.com/spring-projects/spring-framework 45 https://github.com/shopware/platform 43 https://github.com/ikus060/rdiffweb 42 https://github.com/argoproj/argo-cd 42 https://github.com/grafana/grafana 41 https://github.com/concretecms/concretecms 41 https://github.com/vyperlang/vyper 38 https://github.com/star7th/showdoc 38 https://github.com/phpmyadmin/phpmyadmin 38 https://github.com/magento/magento2 38 https://github.com/x-stream/xstream 37 https://github.com/openstack/nova 37 https://github.com/plone/Products.CMFPlone 37 https://github.com/octobercms/october 35 https://github.com/mautic/mautic 35 https://github.com/answerdev/answer 34 https://github.com/craftcms/cms 34 https://github.com/saltstack/salt 34 https://github.com/rancher/rancher 34 https://github.com/dotnet/runtime 33 https://github.com/apache/activemq 33 https://github.com/opencv/opencv 32 https://github.com/go-gitea/gitea 32 https://github.com/sparklemotion/nokogiri 32 https://github.com/matrix-org/synapse 32 https://github.com/parse-community/parse-server 31 https://github.com/mlflow/mlflow 31 https://github.com/gradio-app/gradio 31 https://github.com/PaddlePaddle/Paddle 31 https://github.com/snipe/snipe-it 30 https://github.com/shopware/shopware 28 https://github.com/CVEProject/cvelist 28 https://github.com/openstack/keystone 28 https://github.com/apache/inlong 27 https://github.com/froxlor/froxlor 26 https://github.com/cilium/cilium 26 https://github.com/baserproject/basercms 26 https://github.com/directus/directus 25 https://github.com/contao/contao 25 https://github.com/electron/electron 25 https://github.com/github/advisory-database 25 https://github.com/umbraco/Umbraco-CMS 25 https://github.com/gogs/gogs 24 https://github.com/getgrav/grav 24 https://github.com/TYPO3/TYPO3.CMS 24 https://github.com/strapi/strapi 24 https://github.com/pmmp/PocketMine-MP 23 https://github.com/eclipse/jetty.project 23 https://github.com/firefly-iii/firefly-iii 23 https://github.com/livehelperchat/livehelperchat 23 https://github.com/apache/nifi 23 https://github.com/langchain-ai/langchain 22 https://github.com/hashicorp/consul 22 https://github.com/PrestaShop/PrestaShop 22 https://github.com/nervosnetwork/ckb 22 https://github.com/jenkinsci/script-security-plugin 21 https://github.com/apache/cxf 21 https://github.com/netty/netty 21 https://github.com/funadmin/funadmin 20 https://github.com/jeecgboot/jeecg-boot 20 https://github.com/OpenNMS/opennms 20 https://github.com/undertow-io/undertow 20 https://github.com/OpenZeppelin/openzeppelin-contracts 20 https://github.com/simplesamlphp/simplesamlphp 20 https://github.com/bytecodealliance/wasmtime 20 https://github.com/cloudfoundry/uaa 19 https://github.com/bcgit/bc-java 19 https://github.com/zitadel/zitadel 19 https://github.com/getkirby/kirby 19 https://github.com/goharbor/harbor 19 https://github.com/nilsteampassnet/teampass 19 https://github.com/rubygems/rubygems 18 https://github.com/geoserver/geoserver 18 https://github.com/nilsteampassnet/TeamPass 18 https://github.com/intelliants/subrion 18 https://github.com/rack/rack 18 https://github.com/traefik/traefik 18 https://github.com/helm/helm 18 https://github.com/moby/moby 17 https://github.com/liufee/cms 17 https://github.com/vaadin/platform 17 https://github.com/mindsdb/mindsdb 17 https://github.com/opencast/opencast 17 https://github.com/hashicorp/vault 17 https://github.com/backstage/backstage 16 https://github.com/tinymce/tinymce 16 https://github.com/etcd-io/etcd 16 https://github.com/ethyca/fides 16 https://github.com/yetiforcecompany/yetiforcecrm 16 https://github.com/sequelize/sequelize 16 https://github.com/ethereum/go-ethereum 16 https://github.com/TYPO3-CMS/core 16 https://github.com/laravel/framework 16 https://github.com/denoland/deno 16 https://github.com/forkcms/forkcms 16 https://github.com/rusqlite/rusqlite 16 https://github.com/pyload/pyload 16 https://github.com/mattermost/mattermost 16 https://github.com/OpenMage/magento-lts 16 https://github.com/centreon/centreon 15 https://github.com/dompdf/dompdf 15 https://github.com/zendframework/zendframework 15 https://github.com/decidim/decidim 15 https://github.com/vantage6/vantage6 15 https://github.com/puppetlabs/puppet 15 https://github.com/surrealdb/surrealdb 15 https://github.com/apache/camel 15 https://github.com/pyca/cryptography 15 https://github.com/PHPMailer/PHPMailer 15 https://github.com/cobbler/cobbler 15 https://github.com/xuxueli/xxl-job 14 https://github.com/aio-libs/aiohttp 14 https://github.com/vercel/next.js 14 https://github.com/cockpit-hq/cockpit 14 https://github.com/janeczku/calibre-web 14 https://github.com/hashicorp/nomad 14 https://github.com/dotnet/aspnetcore 14 https://github.com/ckeditor/ckeditor4 14 https://github.com/twisted/twisted 14 https://github.com/containerd/containerd 14 https://github.com/publify/publify 13 https://github.com/OPCFoundation/UA-.NETStandard 13 https://github.com/golang/go 13 https://github.com/swagger-api/swagger-ui 13 https://github.com/laurent22/joplin 13 https://github.com/OpenRefine/OpenRefine 13 https://github.com/dromara/hutool 13 https://github.com/ming-soft/MCMS 13 https://github.com/apache/dolphinscheduler 13 https://github.com/nodejs/undici 13 https://github.com/TryGhost/Ghost 13 https://github.com/quarkusio/quarkus 13 https://github.com/modoboa/modoboa 13 https://github.com/openstack/glance 12 https://github.com/apache/kylin 12 https://github.com/centreon/centreon-archived 12 https://github.com/opencontainers/runc 12 https://github.com/openfga/openfga 12 https://github.com/puma/puma 12 https://github.com/patriksimek/vm2 12 https://github.com/urllib3/urllib3 12 https://github.com/pimcore/admin-ui-classic-bundle 12 https://github.com/containers/podman 12 https://github.com/smarty-php/smarty 12 https://github.com/PHPOffice/PhpSpreadsheet 12 https://github.com/1Panel-dev/1Panel 12 https://github.com/wagtail/wagtail 12 https://github.com/nats-io/nats-server 11 https://github.com/getsentry/sentry 11 https://github.com/zenml-io/zenml 11 https://github.com/vaadin/flow 11 https://github.com/cri-o/cri-o 11 https://github.com/NodeBB/NodeBB 11 https://github.com/dolibarr/dolibarr 11 https://github.com/spring-projects/spring-security 11 https://github.com/onionshare/onionshare 11 https://github.com/cakephp/cakephp 11 https://github.com/WWBN/AVideo 11 https://github.com/igniterealtime/Openfire 11 https://github.com/thorsten/phpMyFAQ 11 https://github.com/matrix-org/matrix-js-sdk 11 https://github.com/pomerium/pomerium 11 https://github.com/Studio-42/elFinder 11 https://github.com/Pylons/waitress 11 https://github.com/scrapy/scrapy 11 https://github.com/dpgaspar/Flask-AppBuilder 11 https://github.com/ezsystems/ezpublish-kernel 11 https://github.com/drupal/core 11 https://github.com/Sylius/Sylius 11 https://github.com/owen2345/camaleon-cms 11 https://github.com/top-think/framework 11 https://github.com/yiisoft/yii2 11 https://github.com/cloudflare/cfrpki 11 https://github.com/nocodb/nocodb 10 https://github.com/opencart/opencart 10