Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories

Browse all Security Advisories for

Loading...
Moderate
GSA_kwCzR0hTQS1mbTVoLTU4ZzItNG0zZs4AA3Bj
Moodle Improper Access Control vulnerability
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 7.5
Published: about 1 year ago
Low
GSA_kwCzR0hTQS1qcjgzLTh4NjUteGNyNc4AA3Bu
Moodle Exposure of Sensitive Information to an Unauthorized Actor vulnerability
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 4.7
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS05Z3FwLTNnMjgtdzl4Y84AA3B4
Moodle Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 8.6
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1jd2gyLXE0NHgtNXczY84AA3Bl
Moodle Acceptance of Extraneous Untrusted Data With Trusted Data vulnerability
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 7.5
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS01Y3Z4LWN3cHgtOXJqaM4AA3Br
Moodle Code Injection vulnerability
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 9.2
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS04bW0yLW0yZ3AtYzZ4Ms4AA3Bn
Moodle Improper Access Control vulnerability
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 6.1
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS0yOGdjLTRxcTUtOHEyNs4AA3Bi
Moodle Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 8.6
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS05NzI0LWg4cDctcjNqds4AA3Bk
Moodle Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 7.6
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS0zeHhtLTNnM2MtdzU3Oc4AA3B3
Moodle Code Injection vulnerability
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 6.7
Published: about 1 year ago
High
GSA_kwCzR0hTQS13OHgyLXc0cXItdjN4NM4AA3Bg
Moodle Code Injection vulnerability
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 12.5
Published: about 1 year ago
High
GSA_kwCzR0hTQS1jMzVxLWZmcGYtNXFwbc4AA3BV
AsyncSSH Rogue Session Attack
Ecosystems: pypi
Packages: asyncssh
Source: GitHub Advisory Database
Blast Radius: 23.3
Published: about 1 year ago
High
GSA_kwCzR0hTQS0zZjM4LTk2cW0tcjNmd84AA3BJ
esptool allows attackers to view sensitive information via weak cryptographic algorithm
Ecosystems: pypi
Packages: esptool
Source: GitHub Advisory Database
Blast Radius: 21.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS00Zzg4LTRoZ20tbTk5eM4AA3BK
NASA Open MCT Cross Site Request Forgery (CSRF) vulnerability
Ecosystems: npm
Packages: openmct
Source: GitHub Advisory Database
Blast Radius: 10.1
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS12OGZjLXF4dmotZjNtZ84AA3BP
NASA Open MCT Cross Site Scripting vulnerability
Ecosystems: npm
Packages: openmct
Source: GitHub Advisory Database
Blast Radius: 8.4
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1jZmMyLXdyMnYtZ3htNc4AA3BH
AsyncSSH Rogue Extension Negotiation
Ecosystems: pypi
Packages: asyncssh
Source: GitHub Advisory Database
Blast Radius: 15.2
Published: about 1 year ago
Low
GSA_kwCzR0hTQS03MmZwLXc0NGctNjI1cc4AA3BG
Signing DynamoDB Sets when using the AWS Database Encryption SDK.
Ecosystems: maven
Packages: software.amazon.cryptography:aws-database-encryption-sdk-dynamodb
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS14Zm0zLWhqY2MtZ3Y3OM4AA3BF
Any value can be changed in the configuration table by an employee having access to block reassurance module
Ecosystems: packagist
Packages: prestashop/blockreassurance
Source: GitHub Advisory Database
Blast Radius: 12.8
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS1mNDc1LXg4M20tcng1bc4AA3Ax
Label Studio has Hardcoded Django `SECRET_KEY` that can be Abused to Forge Session Tokens
Ecosystems: pypi
Packages: label-studio
Source: GitHub Advisory Database
Blast Radius: 15.6
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS01d3ZwLTdmM2gtNndtbc4AA3Am
PyArrow: Arbitrary code execution when loading a malicious data file
Ecosystems: pypi
Packages: pyarrow
Source: GitHub Advisory Database
Blast Radius: 42.9
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1obTkyLXZnbXctcWZteM4AA3Ah
chromedriver Command Injection vulnerability
Ecosystems: npm
Packages: chromedriver
Source: GitHub Advisory Database
Blast Radius: 26.4
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS13ZjVwLWc2dnctcmh4eM4AA2_y
Axios Cross-Site Request Forgery Vulnerability
Ecosystems: npm
Packages: axios
Source: GitHub Advisory Database
Blast Radius: 36.8
Published: about 1 year ago
Low
GSA_kwCzR0hTQS1yMnh2LXZwcjItNDJtOc4AA2_p
slsa-verifier vulnerable to mproper validation of npm's publish attestations
Ecosystems: go
Packages: github.com/slsa-framework/slsa-verifier, github.com/slsa-framework/slsa-verifier/v2
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1qbXdtLXcycm0tcHJ2Oc4AA2_o
Microweber Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: microweber/microweber
Source: GitHub Advisory Database
Blast Radius: 3.8
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS04M2oyLXFoeDItcDdqY84AA2_W
PrestaShop blockreassurance BO User can remove any file from server when adding a and deleting a block
Ecosystems: packagist
Packages: prestashop/blockreassurance
Source: GitHub Advisory Database
Blast Radius: 13.3
Published: about 1 year ago
High
GSA_kwCzR0hTQS03aDhtLXZyeHgtdnI0bc4AA2_V
ZITADEL race condition in lockout policy execution
Ecosystems: go
Packages: github.com/zitadel/zitadel
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS0zdnBmLW1jajctNWgzOM4AA2_U
Ethyca Fides HTML Injection Vulnerability in HTML-Formatted DSR Packages
Ecosystems: pypi
Packages: ethyca-fides
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Low
GSA_kwCzR0hTQS00NzV2LXBxMmctZnA5Z84AA2_T
s2n-quic potential denial of service via crafted stream frames
Ecosystems: cargo
Packages: s2n-quic
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
Low
GSA_kwCzR0hTQS12ZnA2LWpydzItOTlnOc4AA2_S
Cosign vulnerable to possible endless data attack from attacker-controlled registry
Ecosystems: go
Packages: github.com/sigstore/cosign, github.com/sigstore/cosign/v2
Source: GitHub Advisory Database
Blast Radius: 8.7
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS1qOXJjLXczd3YtZnY2Ms4AA2_R
XWiki Platform vulnerable to reflected cross-site scripting through revision parameter in content menu
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-flamingo-skin-resources
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS02MnByLXFxZjctaGg4Oc4AA2_Q
XWiki Platform vulnerable to remote code execution through the section parameter in Administration as guest
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-administration, org.xwiki.platform:xwiki-platform-administration-ui
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
High
GSA_kwCzR0hTQS01cjhqLXFtY20tN2c3cc4AA2-w
Apache UIMA Java SDK Deserialization of Untrusted Data, Improper Input Validation vulnerability
Ecosystems: maven
Packages: org.apache.uima:uimaj
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS0yNnF4LTRtNDktNmNmcs4AA2-p
wildfly-core Exposure of Sensitive Information to an Unauthorized Actor vulnerability
Ecosystems: maven
Packages: org.wildfly.core:wildfly-controller
Source: GitHub Advisory Database
Blast Radius: 14.9
Published: about 1 year ago
Low
GSA_kwCzR0hTQS1qNTdyLTRxdzYtNThyM84AA2-Z
rusty_paseto vulnerable to private key extraction due to ed25519-dalek dependency
Ecosystems: cargo
Packages: rusty-paseto
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS1ybXh3LWM0OGgtMnZmNc4AA2-Y
XWiki Platform privilege escalation from script right to programming right through title displayer
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-display-api
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
High
GSA_kwCzR0hTQS1nMnFxLWM1ajktNXc1d84AA2-X
XWiki Platform vulnerable to privilege escalation and remote code execution via the edit action
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-oldcore
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS1oZ3B3LTZwNGgtajZoNc4AA2-W
XWiki Platform vulnerable to remote code execution via the edit action because it lacks CSRF token
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-oldcore
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS02NzU4LTk3OWgtMjQ5eM4AA2-V
capsule-proxy service discloses Namespaces of colliding tenants to owners of different tenants with the same ServiceAccount name
Ecosystems: go
Packages: github.com/projectcapsule/capsule-proxy, github.com/projectcapsule/capsule
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS14dnE2LWg4OTgtd2NqOM4AA29G
Mattermost denial of service vulnerability
Ecosystems: go
Packages: github.com/mattermost/mattermost/server/v8, github.com/mattermost/mattermost-server/v6
Source: GitHub Advisory Database
Blast Radius: 9.6
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1yNjdtLW1mN3YtcXA3as4AA29D
Mattermost password hash disclosure vulnerability
Ecosystems: go
Packages: github.com/mattermost/mattermost/server/v8, github.com/mattermost/mattermost-server/v6
Source: GitHub Advisory Database
Blast Radius: 10.9
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS13NDk2LWY1cXEtbTU4as4AA29F
Mattermost vulnerable to excessive memory consumption
Ecosystems: go
Packages: github.com/mattermost/mattermost/server/v8, github.com/mattermost/mattermost-server/v6
Source: GitHub Advisory Database
Blast Radius: 11.8
Published: about 1 year ago
High
GSA_kwCzR0hTQS01cjVoLXE5MzQtY2NjcM4AA29C
Calico Typha denial of service vulnerability
Ecosystems: go
Packages: github.com/projectcalico/calico
Source: GitHub Advisory Database
Blast Radius: 6.3
Published: about 1 year ago
Low
GSA_kwCzR0hTQS04cHA2LTVxcHctODVnM84AA27H
Magnesium-PHP Injection vulnerability
Ecosystems: packagist
Packages: floriangaerber/magnesium
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Low
GSA_kwCzR0hTQS1ndjJjLTVnNzktaDczY84AA26t
Ibexa ezplatform-kernel download route allows filename change
Ecosystems: packagist
Packages: ezsystems/ezplatform-kernel
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
Low
GSA_kwCzR0hTQS1nOTVjLXhjODMtODM1M84AA26s
Ibexa DXP Download route allows filename change
Ecosystems: packagist
Packages: ibexa/core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS03Y3JjLXIzd2ctY2ZnZs4AA26r
Json response for search reveals Solr credentials
Ecosystems: packagist
Packages: ezsystems/ezplatform-solr-search-engine
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS12NnhwLWNjdngtdzUybc4AA26q
Json response for search reveals Solr credentials
Ecosystems: packagist
Packages: ibexa/solr
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
High
GSA_kwCzR0hTQS05dzVmLW13M3AtcGo0N84AA26p
Prototype Pollution(PP) vulnerability in setByPath
Ecosystems: npm
Packages: @clickbar/dot-diver
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
High
GSA_kwCzR0hTQS1nYzdwLWo1eG0teHhoMs4AA26o
Unauthorized Access to Private Fields in User Registration API
Ecosystems: npm
Packages: @strapi/strapi, @strapi/plugin-users-permissions
Source: GitHub Advisory Database
Blast Radius: 26.4
Published: about 1 year ago
Low
GSA_kwCzR0hTQS05NDZjLWY5dzYtMmMyNc4AA26n
Download route allows filename change in eZpublish kernel
Ecosystems: packagist
Packages: ezsystems/ezpublish-kernel
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
High
GSA_kwCzR0hTQS1yNmNjLTd3ajctZ2Z4Ms4AA26g
Kubernetes csi-proxy vulnerable to privilege escalation due to improper input validation
Ecosystems: go
Packages: github.com/kubernetes-csi/csi-proxy
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
High
GSA_kwCzR0hTQS0yeDI4LWM3ajctMjNnds4AA26P
Subrion remote command execution vulnerability
Ecosystems: packagist
Packages: intelliants/subrion
Source: GitHub Advisory Database
Blast Radius: 4.3
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS0ybXc0LXdqOGMtN2Y5M84AA25-
Eclipse Glassfish remote code execution issue
Ecosystems: maven
Packages: org.glassfish.main.orb:orb-connector
Source: GitHub Advisory Database
Blast Radius: 4.1
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1nOHA2LXAyN2MtNTJmeM4AA25_
Eclipse Parsson Denial of Service vulnerability
Ecosystems: maven
Packages: org.eclipse.parsson:project
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
High
GSA_kwCzR0hTQS04Z2hqLXA0dmotbXIzNc4AA250
Pillow Denial of Service vulnerability
Ecosystems: pypi
Packages: pillow
Source: GitHub Advisory Database
Blast Radius: 37.1
Published: about 1 year ago
High
GSA_kwCzR0hTQS1oOGdjLXBnajItdmptM84AA25m
Django Denial-of-service in django.utils.text.Truncator
Ecosystems: pypi
Packages: Django
Source: GitHub Advisory Database
Blast Radius: 29.9
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS03aDRwLTI3bWgtaG1yd84AA25h
Django Denial of service vulnerability in django.utils.encoding.uri_to_iri
Ecosystems: pypi
Packages: django
Source: GitHub Advisory Database
Blast Radius: 26.8
Published: about 1 year ago
High
GSA_kwCzR0hTQS14cjhjLW1xNXgtNWY1Ns4AA25D
Dromara Lamp-Cloud Use of Hard-coded Cryptographic Key
Ecosystems: maven
Packages: top.tangyh.basic:lamp-util, top.tangyh.basic:lamp-core
Source: GitHub Advisory Database
Blast Radius: 9.2
Published: about 1 year ago
High
GSA_kwCzR0hTQS1qaHd3LWZ4MmotM3JmN84AA24t
FoodCoopShop Server-Side Request Forgery vulnerability
Ecosystems: packagist
Packages: foodcoopshop/foodcoopshop
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS03dmZ4LWhmdm0tcmhyOM4AA24s
cordova-plugin-fingerprint-aio DoS vulnerability
Ecosystems: npm
Packages: cordova-plugin-fingerprint-aio
Source: GitHub Advisory Database
Blast Radius: 15.1
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS05Y3c5LW03aGctdzhtZs4AA24o
Reportico Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: reportico-web/reportico
Source: GitHub Advisory Database
Blast Radius: 2.9
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1nbXg4LThyZmYtcXY2cc4AA231
phpBB's Smiley Pack acp_icons.php main pack vulnerable to cross site scripting
Ecosystems: packagist
Packages: phpbb/phpbb
Source: GitHub Advisory Database
Blast Radius: 5.3
Published: about 1 year ago
High
GSA_kwCzR0hTQS1xbWY5LTZqcWYtajhmcc4AA23t
Django potential denial of service vulnerability in UsernameField on Windows
Ecosystems: pypi
Packages: Django
Source: GitHub Advisory Database
Blast Radius: 38.0
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS13OWNwLTN4NzktMnA4cM4AA23u
transmute-core unsafe YAML deserialization vulnerability
Ecosystems: pypi
Packages: transmute-core
Source: GitHub Advisory Database
Blast Radius: 8.9
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1qZnh3LTZjNXYtYzQyZs4AA22R
Pimcore Admin Classic Bundle Cross-site Scripting (XSS) in PDF previews
Ecosystems: packagist
Packages: pimcore/admin-ui-classic-bundle
Source: GitHub Advisory Database
Blast Radius: 5.2
Published: about 1 year ago
High
GSA_kwCzR0hTQS1yOWNtLXB3OWotM2ZweM4AA21l
Dolibarr Improper Input Validation vulnerability
Ecosystems: packagist
Packages: dolibarr/dolibarr
Source: GitHub Advisory Database
Blast Radius: 5.8
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS00OHYyLTU5NngtNGpyOc4AA21m
Dolibarr Improper Input Validation vulnerability
Ecosystems: packagist
Packages: dolibarr/dolibarr
Source: GitHub Advisory Database
Blast Radius: 5.1
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1qZzd3LWN4anYtOThjMs4AA21G
SpiceDB leaks information in log files when URI cannot be parsed
Ecosystems: go
Packages: github.com/authzed/spicedb
Source: GitHub Advisory Database
Blast Radius: 5.2
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS02ZjU4LWozMjMtNjQ3Ms4AA21F
pimcore/admin-ui-classic-bundle Unverified Password Change
Ecosystems: packagist
Packages: pimcore/admin-ui-classic-bundle
Source: GitHub Advisory Database
Blast Radius: 3.6
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS13amNjLWNxNzktcDYzZs4AA21E
Possible Infinite Loop when PdfWriter(clone_from) is used with a PDF
Ecosystems: pypi
Packages: pypdf
Source: GitHub Advisory Database
Blast Radius: 18.3
Published: about 1 year ago
High
GSA_kwCzR0hTQS1xNzhjLWd3cXctamNtY84AA20_
Kubernetes privilege escalation vulnerability
Ecosystems: go
Packages: k8s.io/kubernetes
Source: GitHub Advisory Database
Blast Radius: 37.9
Published: about 1 year ago
High
GSA_kwCzR0hTQS03ZnhtLWY0NzQtaGY4d84AA209
Kubernetes privilege escalation vulnerability
Ecosystems: go
Packages: k8s.io/kubernetes
Source: GitHub Advisory Database
Blast Radius: 37.9
Published: about 1 year ago
High
GSA_kwCzR0hTQS1tcjQ1LXJ4OHEtd2NtOc4AA207
xkeys seal encryption used fixed key for all encryption
Ecosystems: go
Packages: github.com/nats-io/nats-server/v2, github.com/nats-io/nkeys
Source: GitHub Advisory Database
Blast Radius: 33.4
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1tcDkyLTNqZm0tMzU3Nc4AA206
Synapse vulnerable to leak of remote user device information
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 7.5
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1qNTl2LWhoNHAtcTkybc4AA20D
Pimcore Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: pimcore/pimcore
Source: GitHub Advisory Database
Blast Radius: 13.4
Published: about 1 year ago
High
GSA_kwCzR0hTQS1mNzI4LXByaHctMmc2OM4AA2zm
Insufficient Session Expiration in thorsten/phpmyfaq
Ecosystems: packagist
Packages: thorsten/phpmyfaq
Source: GitHub Advisory Database
Blast Radius: 4.6
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1wcnJ2LXI4NDMtNHA3Nc4AA2zo
Cross-site Scripting (XSS) in thorsten/phpmyfaq
Ecosystems: packagist
Packages: thorsten/phpmyfaq
Source: GitHub Advisory Database
Blast Radius: 3.3
Published: about 1 year ago
High
GSA_kwCzR0hTQS1nNWhwLTMyOGgtamo5OM4AA2zj
phpMyFAQ Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: thorsten/phpmyfaq
Source: GitHub Advisory Database
Blast Radius: 4.5
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS0zNHc0LXdycXAtajQ3Z84AA2zk
Sensitive cookie in HTTPS session without 'Secure' attribute in thorsten/phpmyfaq
Ecosystems: packagist
Packages: thorsten/phpmyfaq
Source: GitHub Advisory Database
Blast Radius: 3.8
Published: about 1 year ago
High
GSA_kwCzR0hTQS00Z3BtLXIyM2gtZ3Byd84AA2zp
generator-jhipster allows a timing attack against validateToken due to a string comparison that stops at the first character
Ecosystems: npm
Packages: generator-jhipster
Source: GitHub Advisory Database
Blast Radius: 30.8
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1qNHZqLXc1cmotOGdyd84AA2zi
phpMyFAQ Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: thorsten/phpmyfaq
Source: GitHub Advisory Database
Blast Radius: 3.7
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS03cTVmLTI5Z3gtNTdmZs4AA2zg
Cross-site Scripting (XSS) in microweber/microweber
Ecosystems: packagist
Packages: microweber/microweber
Source: GitHub Advisory Database
Blast Radius: 3.4
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS1xNzRmLXJmMjctOGh4Y84AA2zZ
OpenCRX allows a remote attacker to execute arbitrary code via a crafted request
Ecosystems: maven
Packages: org.opencrx:opencrx-client
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1mcmdmLThqcjUtajJqds4AA2zW
memory leak flaw was found in ruby-magick
Ecosystems: rubygems
Packages: rmagick
Source: GitHub Advisory Database
Blast Radius: 22.5
Published: about 1 year ago
High
GSA_kwCzR0hTQS1mamhnLTk2Y3AtNmZjd84AA2xl
Kimai (Authenticated) SSTI to RCE by Uploading a Malicious Twig File
Ecosystems: packagist
Packages: kimai/kimai
Source: GitHub Advisory Database
Blast Radius: 8.7
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1qcTM1LTg1Y2otZmo0cM4AA2xO
/sys/devices/virtual/powercap accessible by default to containers
Ecosystems: go
Packages: github.com/docker/docker
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
High
GSA_kwCzR0hTQS1od3hmLXF4ajctN3Jmas4AA2xN
CodeIgniter4 vulnerable to information disclosure when detailed error report is displayed in production environment
Ecosystems: packagist
Packages: codeigniter4/framework
Source: GitHub Advisory Database
Blast Radius: 25.0
Published: about 1 year ago
High
GSA_kwCzR0hTQS0zcTZtLXY4NGYtNnA5aM4AA2xM
quic-go vulnerable to pointer dereference that can lead to panic
Ecosystems: go
Packages: github.com/quic-go/quic-go
Source: GitHub Advisory Database
Blast Radius: 22.9
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS0zNWM3LXczNWYteHdnaM4AA2xD
Kube-proxy may unintentionally forward traffic
Ecosystems: go
Packages: k8s.io/kubernetes
Source: GitHub Advisory Database
Blast Radius: 25.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS05cGpmLWp3OXEtZng0Oc4AA2xF
Cross-site Scripting (XSS) in dolibarr/dolibarr
Ecosystems: packagist
Packages: dolibarr/dolibarr
Source: GitHub Advisory Database
Blast Radius: 3.7
Published: about 1 year ago
High
GSA_kwCzR0hTQS02NjZnLXJmYzUtYzlqds4AA2wn
Apache Airflow Celery provider Insertion of Sensitive Information into Log File vulnerability
Ecosystems: pypi
Packages: apache-airflow, apache-airflow-providers-celery
Source: GitHub Advisory Database
Blast Radius: 23.9
Published: about 1 year ago
High
GSA_kwCzR0hTQS1oOTJtLTRnOW0tNzJ2cs4AA2wi
juzawebCMS Injection vulnerability
Ecosystems: packagist
Packages: juzaweb/cms
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
Low
GSA_kwCzR0hTQS00N3h3LXZ3Nm0tdzlmcc4AA2wh
HashiCorp Vagrant Insecure Operation on Windows Junction / Mount Point vulnerability
Ecosystems: go
Packages: github.com/hashicorp/vagrant
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
High
GSA_kwCzR0hTQS03YzJxLTVxbXItdjc2cc4AA2we
DoS vulnerabilities persist in ESAPI file uploads despite remediation of CVE-2023-24998
Ecosystems: maven
Packages: org.owasp.esapi:esapi
Source: GitHub Advisory Database
Blast Radius: 23.8
Published: about 1 year ago
Low
GSA_kwCzR0hTQS1yODQ3LTZ3NmgtcjhnNM4AA2vp
Flyte Admin SQL Injection in List Filters
Ecosystems: go
Packages: github.com/flyteorg/flyteadmin
Source: GitHub Advisory Database
Blast Radius: 2.4
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS1jcmc5LTQ0aDIteHczNc4AA2vl
Apache ActiveMQ is vulnerable to Remote Code Execution
Ecosystems: maven
Packages: org.apache.activemq:activemq-openwire-legacy, org.apache.activemq:activemq-client
Source: GitHub Advisory Database
Blast Radius: 38.1
Published: about 1 year ago
High
GSA_kwCzR0hTQS13NnJwLXZ4ajItZmpocs4AA2us
Cosmos packet-forward-middleware vulnerable to chain-halt
Ecosystems: go
Packages: github.com/cosmos/ibc-apps/middleware/packet-forward-middleware/v6, github.com/cosmos/ibc-apps/middleware/packet-forward-middleware/v5, github.com/cosmos/ibc-apps/middleware/packet-forward-middleware/v4
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1xaGhqLTdocmMtZ3FqNc4AA2ur
Home Assistant vulnerable to account takeover via auth_callback login
Ecosystems: pypi
Packages: homeassistant
Source: GitHub Advisory Database
Blast Radius: 11.8
Published: about 1 year ago
High
GSA_kwCzR0hTQS14OXc1LXYzcTItM3Jod84AA2uZ
browserify-sign upper bound check issue in `dsaVerify` leads to a signature forgery attack
Ecosystems: npm
Packages: browserify-sign
Source: GitHub Advisory Database
Blast Radius: 43.6
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS12cm02LWM4NzgtZnBxNs4AA2uY
baserCMS Code Injection Vulnerability in Mail Form Feature
Ecosystems: packagist
Packages: baserproject/basercms
Source: GitHub Advisory Database
Blast Radius: 3.2
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1mdzl4LWNxanEtN2p4Nc4AA2uX
baserCMS CSRF vulnerability in Content preview Feature
Ecosystems: packagist
Packages: baserproject/basercms
Source: GitHub Advisory Database
Blast Radius: 2.8
Published: about 1 year ago
Statistics
Advisories: 20,786
Packages: 9,102
Repositories: 5,559
Ecosystems: 12
Filter by Severity
Moderate 8,878 High 7,317 Critical 3,078 Low 1,157
Filter by Ecosystem
maven 5,891 packagist 4,651 pypi 4,402 npm 3,830 go 2,314 nuget 1,553 cargo 891 rubygems 885 swift 33 hex 32 actions 21 pub 9
Filter by Package
tensorflow 433 tensorflow-gpu 427 tensorflow-cpu 423 moodle/moodle 367 Microsoft.ChakraCore 247 magento/community-edition 235 org.jenkins-ci.main:jenkins-core 193 typo3/cms 174 org.apache.tomcat:tomcat 132 pimcore/pimcore 118 dolibarr/dolibarr 113 typo3/cms-core 106 Django 100 microweber/microweber 94 drupal/core 92 phpmyadmin/phpmyadmin 92 silverstripe/framework 85 apache-airflow 85 drupal/drupal 78 librenms/librenms 74 Plone 72 thorsten/phpmyfaq 70 symfony/symfony 69 com.fasterxml.jackson.core:jackson-databind 69 github.com/usememos/memos 64 ansible 63 github.com/mattermost/mattermost/server/v8 61 actionpack 60 concrete5/concrete5 60 salt 56 org.apache.struts:struts2-core 55 shopware/platform 52 org.keycloak:keycloak-core 52 apache-superset 51 github.com/grafana/grafana 49 baserproject/basercms 47 nova 47 mlflow 47 craftcms/cms 46 com.liferay.portal:release.portal.bom 46 django 44 nokogiri 43 rdiffweb 42 plone 41 shopware/core 40 showdoc/showdoc 40 intelliants/subrion 39 org.apache.tomcat.embed:tomcat-embed-core 38 github.com/rancher/rancher 38 froxlor/froxlor 38 vyper 38 nilsteampassnet/teampass 37 mautic/core 37 org.keycloak:keycloak-services 37 com.thoughtworks.xstream:xstream 37 org.xwiki.platform:xwiki-platform-oldcore 37 github.com/mattermost/mattermost-server/v6 37 github.com/hashicorp/vault 37 com.jfinal:jfinal 36 k8s.io/kubernetes 36 org.elasticsearch:elasticsearch 36 snipe/snipe-it 35 moin 35 matrix-synapse 35 net.mingsoft:ms-mcms 35 io.undertow:undertow-core 34 github.com/answerdev/answer 34 gradio 34 zendframework/zendframework1 34 org.jenkins-ci.plugins:script-security 33 keystone 32 parse-server 31 github.com/argoproj/argo-cd 31 opencv-contrib-python 31 opencv-python 31 Pillow 31 shopware/shopware 30 getgrav/grav 29 github.com/hashicorp/consul 29 github.com/docker/docker 29 mediawiki/core 28 github.com/hashicorp/nomad 28 github.com/argoproj/argo-cd/v2 27 centreon/centreon 27 prestashop/prestashop 26 openssl-src 26 github.com/cilium/cilium 26 electron 26 directus 26 pillow 26 org.keycloak:keycloak-parent 25 org.apache.solr:solr-core 25 rubygems-update 25 gogs.io/gogs 25 magento/core 24 contao/core-bundle 24 org.springframework.security:spring-security-core 24 simplesamlphp/simplesamlphp 24 org.eclipse.jetty:jetty-server 24 remdex/livehelperchat 23 pocketmine/pocketmine-mp 23 puppet 23 grumpydictator/firefly-iii 23 zendframework/zendframework 23 rack 23 getkirby/cms 22 org.bouncycastle:bcprov-jdk14 22 tribalsystems/zenario 22 ckb 22 org.apache.nifi:nifi 21 @openzeppelin/contracts-upgradeable 21 Microsoft.AspNetCore.App.Runtime.win-x64 21 Microsoft.AspNetCore.App.Runtime.win-x86 21 org.apache.openmeetings:openmeetings-parent 21 activerecord 21 glance 21 code.gitea.io/gitea 20 Microsoft.AspNetCore.App.Runtime.win-arm 20 org.springframework:spring-core 20 github.com/ethereum/go-ethereum 20 funadmin/funadmin 20 laravel/framework 20 org.cloudfoundry.identity:cloudfoundry-identity-server 20 langchain 20 @openzeppelin/contracts 20 wasmtime 19 github.com/goharbor/harbor 19 contao/contao 19 org.xwiki.platform:xwiki-platform-web-templates 19 github.com/traefik/traefik/v2 19 DotNetNuke.Core 19 com.liferay.portal:release.dxp.bom 18 mindsdb 18 Microsoft.AspNetCore.App.Runtime.linux-arm 18 golang.org/x/net 18 com.vaadin:vaadin-bom 18 Microsoft.AspNetCore.App.Runtime.linux-arm64 18 Microsoft.AspNetCore.App.Runtime.linux-musl-x64 18 Microsoft.AspNetCore.App.Runtime.linux-x64 18 cockpit-hq/cockpit 18 Microsoft.AspNetCore.App.Runtime.osx-x64 18 cobbler 18 next 18 forkcms/forkcms 18 mercurial 18 Microsoft.AspNetCore.App.Runtime.win-arm64 18 topthink/framework 18 symfony/security 17 Microsoft.AspNetCore.App.Runtime.linux-musl-arm64 17 opencart/opencart 17 ezsystems/ezpublish-kernel 17 neutron 17 francoisjacquet/rosariosis 17 helm.sh/helm/v3 17 org.apache.geode:geode-core 17 cakephp/cakephp 17 genix/cms 17 notebook 17 symfony/security-http 16 rusqlite 16 yetiforce/yetiforce-crm 16 openmage/magento-lts 16 paddlepaddle 16 org.bouncycastle:bcprov-jdk15 16 phpbb/phpbb 16 org.apache.dubbo:dubbo 16 cryptography 16 tinymce 16 ethyca-fides 16 pyload-ng 16 org.apache.activemq:activemq-client 16 github.com/zitadel/zitadel 16 PaddlePaddle 16 typo3/cms-backend 16 sequelize 16 org.apache.jspwiki:jspwiki-main 16 calibreweb 15 surrealdb 15 ckeditor4 15 smarty/smarty 15 OctoPrint 15 ec-cube/ec-cube 15 org.apache.struts.xwork:xwork-core 15 october/system 15 ghost 15 dompdf/dompdf 14 rails-html-sanitizer 14 bolt/bolt 14 github.com/containerd/containerd 14 aiohttp 14 modoboa 14 lollms 14 swagger-ui 14 publify_core 14 phpmailer/phpmailer 14 pyftpdlib 14 feehi/cms 14 org.apache.tomcat:tomcat-coyote 14 org.xwiki.platform:xwiki-platform-web 14 silverstripe/cms 14
Filter by Repository
https://github.com/tensorflow/tensorflow 433 https://github.com/moodle/moodle 218 https://github.com/chakra-core/ChakraCore 214 https://github.com/xwiki/xwiki-platform 183 https://github.com/jenkinsci/jenkins 150 https://github.com/pimcore/pimcore 113 https://github.com/django/django 113 https://github.com/apache/tomcat 101 https://github.com/apache/airflow 100 https://github.com/microweber/microweber 88 https://github.com/keycloak/keycloak 79 https://github.com/TYPO3/typo3 74 https://github.com/FasterXML/jackson-databind 70 https://github.com/thorsten/phpmyfaq 69 https://github.com/symfony/symfony 66 https://github.com/librenms/librenms 66 https://github.com/silverstripe/silverstripe-framework 64 https://github.com/usememos/memos 64 https://github.com/rails/rails 59 https://github.com/ansible/ansible 58 https://github.com/Dolibarr/dolibarr 56 https://github.com/kubernetes/kubernetes 53 https://github.com/python-pillow/Pillow 52 https://github.com/spring-projects/spring-framework 46 https://github.com/apache/struts 46 https://github.com/shopware/platform 43 https://github.com/argoproj/argo-cd 42 https://github.com/ikus060/rdiffweb 42 https://github.com/concretecms/concretecms 41 https://github.com/grafana/grafana 41 https://github.com/phpmyadmin/phpmyadmin 38 https://github.com/magento/magento2 38 https://github.com/star7th/showdoc 38 https://github.com/vyperlang/vyper 38 https://github.com/x-stream/xstream 37 https://github.com/plone/Products.CMFPlone 37 https://github.com/openstack/nova 37 https://github.com/octobercms/october 35 https://github.com/mautic/mautic 35 https://github.com/rancher/rancher 34 https://github.com/answerdev/answer 34 https://github.com/saltstack/salt 34 https://github.com/craftcms/cms 34 https://github.com/dotnet/runtime 33 https://github.com/apache/activemq 33 https://github.com/opencv/opencv 32 https://github.com/go-gitea/gitea 32 https://github.com/sparklemotion/nokogiri 32 https://github.com/matrix-org/synapse 32 https://github.com/PaddlePaddle/Paddle 31 https://github.com/mlflow/mlflow 31 https://github.com/parse-community/parse-server 31 https://github.com/gradio-app/gradio 31 https://github.com/snipe/snipe-it 30 https://github.com/openstack/keystone 28 https://github.com/CVEProject/cvelist 28 https://github.com/shopware/shopware 28 https://github.com/apache/inlong 27 https://github.com/froxlor/froxlor 26 https://github.com/baserproject/basercms 26 https://github.com/cilium/cilium 26 https://github.com/github/advisory-database 25 https://github.com/contao/contao 25 https://github.com/directus/directus 25 https://github.com/electron/electron 25 https://github.com/umbraco/Umbraco-CMS 25 https://github.com/strapi/strapi 24 https://github.com/getgrav/grav 24 https://github.com/gogs/gogs 24 https://github.com/TYPO3/TYPO3.CMS 24 https://github.com/pmmp/PocketMine-MP 23 https://github.com/livehelperchat/livehelperchat 23 https://github.com/firefly-iii/firefly-iii 23 https://github.com/eclipse/jetty.project 23 https://github.com/apache/nifi 23 https://github.com/hashicorp/consul 22 https://github.com/PrestaShop/PrestaShop 22 https://github.com/langchain-ai/langchain 22 https://github.com/netty/netty 22 https://github.com/nervosnetwork/ckb 22 https://github.com/jenkinsci/script-security-plugin 21 https://github.com/simplesamlphp/simplesamlphp 21 https://github.com/apache/cxf 21 https://github.com/bytecodealliance/wasmtime 20 https://github.com/funadmin/funadmin 20 https://github.com/jeecgboot/jeecg-boot 20 https://github.com/undertow-io/undertow 20 https://github.com/OpenNMS/opennms 20 https://github.com/OpenZeppelin/openzeppelin-contracts 20 https://github.com/bcgit/bc-java 19 https://github.com/cloudfoundry/uaa 19 https://github.com/nilsteampassnet/teampass 19 https://github.com/moby/moby 19 https://github.com/traefik/traefik 19 https://github.com/goharbor/harbor 19 https://github.com/getkirby/kirby 19 https://github.com/zitadel/zitadel 19 https://github.com/nilsteampassnet/TeamPass 18 https://github.com/geoserver/geoserver 18 https://github.com/intelliants/subrion 18 https://github.com/rack/rack 18 https://github.com/helm/helm 18 https://github.com/rubygems/rubygems 18 https://github.com/opencast/opencast 17 https://github.com/vaadin/platform 17 https://github.com/backstage/backstage 17 https://github.com/liufee/cms 17 https://github.com/hashicorp/vault 17 https://github.com/mindsdb/mindsdb 17 https://github.com/denoland/deno 16 https://github.com/tinymce/tinymce 16 https://github.com/etcd-io/etcd 16 https://github.com/ethereum/go-ethereum 16 https://github.com/sequelize/sequelize 16 https://github.com/forkcms/forkcms 16 https://github.com/OpenMage/magento-lts 16 https://github.com/pyload/pyload 16 https://github.com/TYPO3-CMS/core 16 https://github.com/mattermost/mattermost 16 https://github.com/laravel/framework 16 https://github.com/ethyca/fides 16 https://github.com/rusqlite/rusqlite 16 https://github.com/yetiforcecompany/yetiforcecrm 16 https://github.com/cobbler/cobbler 15 https://github.com/centreon/centreon 15 https://github.com/PHPMailer/PHPMailer 15 https://github.com/zendframework/zendframework 15 https://github.com/dompdf/dompdf 15 https://github.com/vantage6/vantage6 15 https://github.com/pyca/cryptography 15 https://github.com/decidim/decidim 15 https://github.com/puppetlabs/puppet 15 https://github.com/surrealdb/surrealdb 15 https://github.com/apache/camel 15 https://github.com/janeczku/calibre-web 14 https://github.com/hashicorp/nomad 14 https://github.com/dotnet/aspnetcore 14 https://github.com/vercel/next.js 14 https://github.com/twisted/twisted 14 https://github.com/aio-libs/aiohttp 14 https://github.com/containerd/containerd 14 https://github.com/cockpit-hq/cockpit 14 https://github.com/rails/rails-html-sanitizer 14 https://github.com/ckeditor/ckeditor4 14 https://github.com/xuxueli/xxl-job 14 https://github.com/nodejs/undici 13 https://github.com/TryGhost/Ghost 13 https://github.com/ming-soft/MCMS 13 https://github.com/apache/dolphinscheduler 13 https://github.com/publify/publify 13 https://github.com/modoboa/modoboa 13 https://github.com/swagger-api/swagger-ui 13 https://github.com/OPCFoundation/UA-.NETStandard 13 https://github.com/OpenRefine/OpenRefine 13 https://github.com/dromara/hutool 13 https://github.com/quarkusio/quarkus 13 https://github.com/laurent22/joplin 13 https://github.com/golang/go 13 https://github.com/containers/podman 12 https://github.com/smarty-php/smarty 12 https://github.com/urllib3/urllib3 12 https://github.com/PHPOffice/PhpSpreadsheet 12 https://github.com/puma/puma 12 https://github.com/centreon/centreon-archived 12 https://github.com/apache/kylin 12 https://github.com/pimcore/admin-ui-classic-bundle 12 https://github.com/openfga/openfga 12 https://github.com/openstack/glance 12 https://github.com/wagtail/wagtail 12 https://github.com/patriksimek/vm2 12 https://github.com/opencontainers/runc 12 https://github.com/1Panel-dev/1Panel 12 https://github.com/nats-io/nats-server 11 https://github.com/Pylons/waitress 11 https://github.com/scrapy/scrapy 11 https://github.com/matrix-org/matrix-js-sdk 11 https://github.com/top-think/framework 11 https://github.com/thorsten/phpMyFAQ 11 https://github.com/cri-o/cri-o 11 https://github.com/dolibarr/dolibarr 11 https://github.com/Studio-42/elFinder 11 https://github.com/cakephp/cakephp 11 https://github.com/getsentry/sentry 11 https://github.com/WWBN/AVideo 11 https://github.com/igniterealtime/Openfire 11 https://github.com/yiisoft/yii2 11 https://github.com/owen2345/camaleon-cms 11 https://github.com/onionshare/onionshare 11 https://github.com/zenml-io/zenml 11 https://github.com/Sylius/Sylius 11 https://github.com/drupal/core 11 https://github.com/cloudflare/cfrpki 11 https://github.com/dpgaspar/Flask-AppBuilder 11 https://github.com/pomerium/pomerium 11 https://github.com/vaadin/flow 11 https://github.com/ezsystems/ezpublish-kernel 11 https://github.com/spring-projects/spring-security 11 https://github.com/NodeBB/NodeBB 11 https://github.com/apache/zeppelin 10