Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories

Browse all Security Advisories for

Loading...
Low
GSA_kwCzR0hTQS1mYzc1LTU4cjgtcm0zaM4AA2kA
Wagtail vulnerable to disclosure of user names via admin bulk action views
Ecosystems: pypi
Packages: wagtail
Source: GitHub Advisory Database
Blast Radius: 8.9
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1yeHJjLXJndjQtanB2eM4AA2j_
React Developer Tools extension Improper Authorization vulnerability
Ecosystems: npm
Packages: react-devtools-core
Source: GitHub Advisory Database
Blast Radius: 35.8
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS03MnF3LXA3aGgtbTNmZs4AA2ju
TorBot vulnerable to Inefficient Regular Expression Complexity in validate_link
Ecosystems: pypi
Packages: torbot
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
High
GSA_kwCzR0hTQS1qajMyLTNwZjUtNW12Nc4AA2jn
Apache InLong Deserialization of Untrusted Data Vulnerability
Ecosystems: maven
Packages: org.apache.inlong:manager-pojo, org.apache.inlong:manager-common
Source: GitHub Advisory Database
Blast Radius: 11.6
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS03dzh2LTVmY3EtcHZxd84AA2jg
Apache Shenyu Server Side Request Forgery vulnerability
Ecosystems: maven
Packages: org.apache.shenyu:shenyu-common, org.apache.shenyu:shenyu-admin
Source: GitHub Advisory Database
Blast Radius: 10.7
Published: about 1 year ago
High
GSA_kwCzR0hTQS02NTV3LWZtOG0tbTQ3OM4AA2ja
LangChain Server Side Request Forgery vulnerability
Ecosystems: pypi
Packages: langchain
Source: GitHub Advisory Database
Blast Radius: 37.6
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1jODI3LWhmdzYtcXd2bc4AA2jB
rustix's `rustix::fs::Dir` iterator with the `linux_raw` backend can cause memory explosion
Ecosystems: cargo
Packages: rustix
Source: GitHub Advisory Database
Blast Radius: 29.6
Published: about 1 year ago
High
GSA_kwCzR0hTQS1qZzgyLXhoM3ctcmh4eM4AA2jA
Synchrony deobfuscator prototype pollution vulnerability leading to arbitrary code execution
Ecosystems: npm
Packages: deobfuscator
Source: GitHub Advisory Database
Blast Radius: 8.4
Published: about 1 year ago
High
GSA_kwCzR0hTQS1ocjRmLTZqaDgtZjJ2cc4AA2i_
OpenFGA DoS vulnerability
Ecosystems: go
Packages: github.com/openfga/openfga
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1tNWpjLXI0Z2YtYzZwOM4AA2i-
Arduino Create Agent path traversal - arbitrary file deletion vulnerability
Ecosystems: go
Packages: github.com/arduino/arduino-create-agent
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
High
GSA_kwCzR0hTQS03NWo3LXc3OTgtY3d3eM4AA2i9
Arduino Create Agent path traversal - local privilege escalation vulnerability
Ecosystems: go
Packages: github.com/arduino/arduino-create-agent
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1tanE2LXB2OWMtcXBwcc4AA2i8
Arduino Create Agent path traversal - arbitrary file deletion vulnerability
Ecosystems: go
Packages: github.com/arduino/arduino-create-agent
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
High
GSA_kwCzR0hTQS00eDVxLXE3d2MtcTIycM4AA2i7
Arduino Create Agent Insufficient Verification of Data Authenticity vulnerability
Ecosystems: go
Packages: github.com/arduino/arduino-create-agent
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
High
GSA_kwCzR0hTQS12OWpoLWo4cHgtOTh2cc4AA2iM
go-ethereum vulnerable to denial of service via crafted GraphQL query
Ecosystems: go
Packages: github.com/ethereum/go-ethereum
Source: GitHub Advisory Database
Blast Radius: 28.8
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS1tNnZtLTM3ZzgtZ3F2aM4AA2h9
MySQL Connectors takeover vulnerability
Ecosystems: maven
Packages: com.mysql:mysql-connector-java, com.mysql:mysql-connector-j
Source: GitHub Advisory Database
Blast Radius: 40.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1nNG14LXE5dmctMjdwNM4AA2gt
urllib3's request body not stripped after redirect from 303 status changes request method to GET
Ecosystems: pypi
Packages: urllib3
Source: GitHub Advisory Database
Blast Radius: 23.6
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS03MnEyLWd3d2YtNmhyds4AA2gb
OpenSearch Issue with tenant read-only permissions
Ecosystems: maven
Packages: org.opensearch.plugin:opensearch-security
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
High
GSA_kwCzR0hTQS04d3gzLTMyNGctdzRxcc4AA2ga
OpenSearch uncontrolled resource consumption
Ecosystems: maven
Packages: org.opensearch.plugin:opensearch-security
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS03cDkyLXg0MjMtdndqNs4AA2gZ
Plonk verifier KZG multi point verification
Ecosystems: go
Packages: github.com/consensys/gnark
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS1yYzR2LTk5Y3ItcGpjbc4AA2gY
Prototype Pollution in ali-security/mongoose
Ecosystems: npm
Packages: @seal-security/mongoose-fixed
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
High
GSA_kwCzR0hTQS0yNjd2LTN2MzItZzZxNc4AA2gX
Cross-site Scripting via missing Binding syntax validation
Ecosystems: go
Packages: github.com/crewjam/saml
Source: GitHub Advisory Database
Blast Radius: 20.3
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS12NjQyLW1oMjctOGo2bc4AA2gW
MantisBT may disclose project names to unauthorized users
Ecosystems: packagist
Packages: mantisbt/mantisbt
Source: GitHub Advisory Database
Blast Radius: 2.6
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS0zbTVxLXEzOXYteGY4Zs4AA2gV
nocodb SQL Injection vulnerability
Ecosystems: npm
Packages: nocodb
Source: GitHub Advisory Database
Blast Radius: 11.0
Published: about 1 year ago
High
GSA_kwCzR0hTQS12MjN3LXBwcG0tamg2Ns4AA2gU
Silverstripe GraphQL has DDOS Vulnerability due to lack of protection against recursive queries
Ecosystems: packagist
Packages: silverstripe/graphql
Source: GitHub Advisory Database
Blast Radius: 17.9
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS12OWh4LXY2dmYtZzM2as4AA2gT
WebAuthn4J Spring Security Improper signature counter value handling
Ecosystems: maven
Packages: com.webauthn4j:webauthn4j-spring-security-core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS1oMnJtLTI5Y2gtd2ZtaM4AA2gS
XWiki Identity Oauth Privilege escalation (PR)/remote code execution from login screen through unescaped URL parameter
Ecosystems: maven
Packages: com.xwiki.identity-oauth:identity-oauth-ui
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
High
GSA_kwCzR0hTQS05d21jLXJnNGgtMjh3ds4AA2gR
github.com/kumahq/kuma affected by CVE-2023-44487
Ecosystems: go
Packages: github.com/kumahq/kuma
Source: GitHub Advisory Database
Blast Radius: 5.8
Published: about 1 year ago
High
GSA_kwCzR0hTQS1tdjczLWY2OXgtNDQ0cM4AA2gQ
Go Fiber CSRF Token Validation Vulnerability
Ecosystems: go
Packages: github.com/gofiber/fiber/v2
Source: GitHub Advisory Database
Blast Radius: 32.7
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS05NHc5LTk3cDMtcDM2OM4AA2gP
CSRF Token Reuse Vulnerability
Ecosystems: go
Packages: github.com/gofiber/fiber/v2
Source: GitHub Advisory Database
Blast Radius: 35.7
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS03djRwLTMyOHYtOHY1Z84AA2fi
Traefik vulnerable to HTTP/2 request causing denial of service
Ecosystems: go
Packages: github.com/traefik/traefik
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS1mNzc2LXc5djItN3Zmas4AA2fh
XWiki Change Request Application UI XSS and remote code execution through change request title
Ecosystems: maven
Packages: org.xwiki.contrib.changerequest:application-changerequest-ui
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Low
GSA_kwCzR0hTQS1yZjU0LTdxcnItOTZqNs4AA2ea
vantage6 does not properly delete linked resources when deleting a collaboration
Ecosystems: pypi
Packages: vantage6
Source: GitHub Advisory Database
Blast Radius: 3.5
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS1odjc5LXA2MnItd2czcM4AA2eZ
Cachet vulnerable to Authenticated Remote Code Execution
Ecosystems: packagist
Packages: cachethq/cachet
Source: GitHub Advisory Database
Blast Radius: 7.7
Published: about 1 year ago
Low
GSA_kwCzR0hTQS13cXE0LTV3cHYtbXgyZ84AA2eY
Undici's cookie header not cleared on cross-origin redirect in fetch
Ecosystems: npm
Packages: undici
Source: GitHub Advisory Database
Blast Radius: 19.5
Published: about 1 year ago
High
GSA_kwCzR0hTQS1yY2p2LW1ncDgtcXZtcs4AA2eX
OpenTelemetry-Go Contrib vulnerable to denial of service in otelhttp due to unbound cardinality metrics
Ecosystems: go
Packages: go.opentelemetry.io/contrib/instrumentation/net/http/httptrace/otelhttptrace, go.opentelemetry.io/contrib/instrumentation/gopkg.in/macaron.v1/otelmacaron, go.opentelemetry.io/contrib/instrumentation/github.com/labstack/echo/otelecho, go.opentelemetry.io/contrib/instrumentation/github.com/gorilla/mux/otelmux, go.opentelemetry.io/contrib/instrumentation/github.com/gin-gonic/gin/otelgin, go.opentelemetry.io/contrib/instrumentation/github.com/emicklei/go-restful/otelrestful, go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp
Source: GitHub Advisory Database
Blast Radius: 31.4
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS02N2h4LTZ4NTMtanc5Ms4AA2eW
Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code
Ecosystems: npm
Packages: babel-traverse, @babel/traverse
Source: GitHub Advisory Database
Blast Radius: 62.6
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS0zN3g1LXFwbTgtNTNycc4AA2eH
Google Sheets data source plugin for Grafana information disclosure vulnerability
Ecosystems: go
Packages: github.com/grafana/google-sheets-datasource
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
High
GSA_kwCzR0hTQS1mcGNmLXFyNzktaGpxcM4AA2dw
SQL Injection in Apache InLong
Ecosystems: maven
Packages: org.apache.inlong:inlong
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS13ajZxLWNocHYtbWNyeM4AA2dn
Insufficient Verification of Data Authenticity in Apache InLong
Ecosystems: maven
Packages: org.apache.inlong:inlong
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1mdzljLTc1aGgtODlwNs4AA2ds
Grafana privilege escalation vulnerability
Ecosystems: go
Packages: github.com/grafana/grafana
Source: GitHub Advisory Database
Blast Radius: 11.4
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS1ycDZ4LWdndzYtOGc1Ns4AA2do
Authorization Bypass in Apache InLong
Ecosystems: maven
Packages: org.apache.inlong:manager-pojo
Source: GitHub Advisory Database
Blast Radius: 14.5
Published: about 1 year ago
High
GSA_kwCzR0hTQS1tcjZoLTd4Mm0tcmdtcc4AA2dG
SQL injection in librenms/librenms
Ecosystems: packagist
Packages: librenms/librenms
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: about 1 year ago
Low
GSA_kwCzR0hTQS0yYzI4LW0ybTctbWY1Nc4AA2c9
Pleroma Path Traversal vulnerability
Ecosystems: hex
Packages: pleroma
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1nd3ZtLTQ1Z3gtM2NmOM4AA2c6
Authorization Header forwarded on redirect
Ecosystems: pypi
Packages: urllib3
Source: GitHub Advisory Database
Blast Radius: 34.3
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS0zMndyLXFxdzYtNW1mcM4AA2cg
Apache Airflow vulnerable to sensitive information exposure
Ecosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Blast Radius: 20.7
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1mcHh4LXh2NGMtZ3hxcM4AA2cj
Apache Airflow vulnerable to sensitive information exposure when expose-config is set to non-sensitive-only
Ecosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Blast Radius: 13.7
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1jZ3gyLXJybXItang0M84AA2ch
Apache Airflow vulnerable to sensitive information exposure when users list warnings for all DAGs
Ecosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Blast Radius: 20.7
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1qM3c4LTJwMmgtbXJyOc4AA2ci
Apache Airflow vulnerable to privilege escalation
Ecosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Blast Radius: 20.7
Published: about 1 year ago
High
GSA_kwCzR0hTQS1mcHI4LTR3dngtajlxM84AA2cb
node-qpdf vulnerable to command injection
Ecosystems: npm
Packages: node-qpdf
Source: GitHub Advisory Database
Blast Radius: 7.6
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS1tcTI5LWo1eGYtY2p3cs4AA2cZ
pyminizip affected by zlib's integer overflow/heap based buffer overflow vulnerability due to vulnerable dependency
Ecosystems: pypi
Packages: pyminizip
Source: GitHub Advisory Database
Blast Radius: 21.2
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS03eDk0LTZnMm0tM2hwMs4AA2cP
Defining resource name as integer may give unintended access in vantage6
Ecosystems: pypi
Packages: vantage6
Source: GitHub Advisory Database
Blast Radius: 5.2
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1nYzU3LXhoaDUtbTk0cs4AA2cO
Improper Access Control in vantage6
Ecosystems: pypi
Packages: vantage6
Source: GitHub Advisory Database
Blast Radius: 5.2
Published: about 1 year ago
High
GSA_kwCzR0hTQS01bTIyLWNmcTktODZ4Ns4AA2cN
Pickle serialization vulnerable to Deserialization of Untrusted Data
Ecosystems: pypi
Packages: vantage6
Source: GitHub Advisory Database
Blast Radius: 6.9
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1jdnd2LWg4NW0tdzM3aM4AA2b7
Cross-site Scripting (XSS) in froxlor/froxlor
Ecosystems: packagist
Packages: froxlor/froxlor
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS13MzVwLXd4d2otcmNtOc4AA2bq
Server-Side Request Forgery (SSRF) in vriteio/vrite
Ecosystems: npm
Packages: @vrite/sdk
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS01Z2htLWgyd3EtZzNtaM4AA2bp
Allocation of Resources Without Limits or Throttling in vriteio/vrite
Ecosystems: npm
Packages: @vrite/sdk
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS00NGZmLTl3NGYtOTl3Ns4AA2bn
Improper Input Validation in vriteio/vrite
Ecosystems: npm
Packages: @vrite/sdk
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1qNWhxLTZmcmMtNjR2M84AA2bd
Cross-site Scripting (XSS) in froxlor/froxlor
Ecosystems: packagist
Packages: froxlor/froxlor
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
High
GSA_kwCzR0hTQS04Z3dqLW02dmgtMmc2as4AA2Zu
kOps privilege escalation vulnerability
Ecosystems: go
Packages: k8s.io/kops
Source: GitHub Advisory Database
Blast Radius: 16.7
Published: about 1 year ago
High
GSA_kwCzR0hTQS00Mzc0LXA2NjctcDZjOM4AA2ZJ
HTTP/2 rapid reset can cause excessive work in net/http
Ecosystems: go
Packages: golang.org/x/net
Source: GitHub Advisory Database
Blast Radius: 40.8
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS03Mjg2LXBnZnYtdnh2aM4AA2YZ
Authorization Bypass Through User-Controlled Key vulnerability in Apache ZooKeeper
Ecosystems: maven
Packages: org.apache.zookeeper:zookeeper
Source: GitHub Advisory Database
Blast Radius: 41.3
Published: about 1 year ago
High
GSA_kwCzR0hTQS0zM3ZqLXI2cDYteDRwOM4AA2YJ
Cross-Site Request Forgery (CSRF) in snipe/snipe-it
Ecosystems: packagist
Packages: snipe/snipe-it
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
High
GSA_kwCzR0hTQS1mcjQ0LTU0NnAtN3hjcM4AA2X_
MsQuic Remote Denial of Service Vulnerability
Ecosystems: nuget
Packages: Microsoft.Native.Quic.MsQuic.Schannel, Microsoft.Native.Quic.MsQuic.OpenSSL
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
High
GSA_kwCzR0hTQS14cHc4LXJjd3YtOGY4cM4AA2X-
io.netty:netty-codec-http2 vulnerable to HTTP/2 Rapid Reset Attack
Ecosystems: maven
Packages: io.netty:netty-codec-http2
Source: GitHub Advisory Database
Blast Radius: 23.7
Published: about 1 year ago
High
GSA_kwCzR0hTQS03MzhxLW1jNzItMnEyMs4AA2X9
MTProto proxy remote code execution vulnerability
Ecosystems: hex
Packages: mtproto_proxy
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1yNmozLXB4NWctY3EzeM4AA2X8
Apache Tomcat Improper Input Validation vulnerability
Ecosystems: maven
Packages: org.apache.tomcat.embed:tomcat-embed-core, org.apache.tomcat:tomcat
Source: GitHub Advisory Database
Blast Radius: 22.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS12NjgzLXJjeHgtdnBmZs4AA2X6
ZITADEL's password reset does not respect the "Ignoring unknown usernames" setting
Ecosystems: go
Packages: github.com/zitadel/zitadel
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
High
GSA_kwCzR0hTQS1ycjR4LWNyaGYtODg4Ns4AA2X5
Cache variables with the operations when transforms exist on the root level even if variables change in the further requests with the same operation
Ecosystems: npm
Packages: @graphql-mesh/runtime
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
High
GSA_kwCzR0hTQS1nOXYyLXdxY2otajk5Z84AA2X4
Uptime Kuma has Persistentent User Sessions
Ecosystems: npm
Packages: uptime-kuma
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1tcTZmLTV4aDUtaGdjZs4AA2X3
Harbor timing attack risk
Ecosystems: go
Packages: github.com/goharbor/harbor
Source: GitHub Advisory Database
Blast Radius: 3.6
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1xcHBqLWZtNXItaHhyM84AA2X2
HTTP/2 Stream Cancellation Attack
Ecosystems: maven, swift, go
Packages: org.apache.tomcat:tomcat-coyote, com.typesafe.akka:akka-http-core_2.11, com.typesafe.akka:akka-http-core_2.12, com.typesafe.akka:akka-http-core_2.13, com.typesafe.akka:akka-http-core, org.eclipse.jetty.http2:jetty-http2-server, org.eclipse.jetty.http2:jetty-http2-common, org.eclipse.jetty.http2:http2-server, org.eclipse.jetty.http2:http2-common, github.com/apple/swift-nio-http2, org.apache.tomcat.embed:tomcat-embed-core, google.golang.org/grpc, golang.org/x/net
Source: GitHub Advisory Database
Blast Radius: 65.5
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS01Y2hyLXdqdzUtM2dxNM4AA2X1
matrix-synapse vulnerable to denial of service due to malicious server ACL events
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 6.9
Published: about 1 year ago
High
GSA_kwCzR0hTQS14aDVtLThxcXAtYzV4N84AA2X0
Remote Denial of Service Vulnerability in Microsoft.Native.Quic.MsQuic.Schannel
Ecosystems: nuget
Packages: Microsoft.Native.Quic.MsQuic.OpenSSL, Microsoft.Native.Quic.MsQuic.Schannel
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
High
GSA_kwCzR0hTQS1md2ZnLXZwcmgtOTdwaM4AA2Xz
OctoPrint vulnerable to Improper Neutralization of Special Elements Used in a Template Engine
Ecosystems: pypi
Packages: OctoPrint
Source: GitHub Advisory Database
Blast Radius: 5.1
Published: about 1 year ago
High
GSA_kwCzR0hTQS13Z2g3LTU0ZjIteDk4cs4AA2Xy
HTTP/2 HPACK integer overflow and buffer allocation
Ecosystems: maven
Packages: org.eclipse.jetty.http2:http2-hpack, org.eclipse.jetty.http3:http3-qpack
Source: GitHub Advisory Database
Blast Radius: 17.7
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS0yamM2LTNmaGotOHE4NM4AA2Xx
OroCommerce Cross-site Scripting vulnerability in add note dialog of Shopping List line item
Ecosystems: packagist
Packages: oro/commerce
Source: GitHub Advisory Database
Blast Radius: 8.7
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1qbTdtLThqaDYtMjlocM4AA2Wo
Apache Tomcat Incomplete Cleanup vulnerability
Ecosystems: maven
Packages: org.apache.tomcat:tomcat
Source: GitHub Advisory Database
Blast Radius: 15.6
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1nOHBqLXI1NXEtNWMyds4AA2Wt
Apache Tomcat Incomplete Cleanup vulnerability
Ecosystems: maven
Packages: org.apache.tomcat.embed:tomcat-embed-core, org.apache.tomcat:tomcat
Source: GitHub Advisory Database
Blast Radius: 22.0
Published: about 1 year ago
High
GSA_kwCzR0hTQS01bWZ4LTR3Y3gtcnYyN84AA2Vz
Azure Identity SDK Remote Code Execution Vulnerability
Ecosystems: nuget
Packages: Azure.Identity
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS12bTJtLTdocHctZnBtcc4AA2XX
Microsoft Common Data Model SDK Denial of Service Vulnerability
Ecosystems: pypi, maven, nuget
Packages: commondatamodel-objectmodel, com.microsoft.commondatamodel:objectmodel, Microsoft.CommonDataModel.ObjectModel
Source: GitHub Advisory Database
Blast Radius: 7.2
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1tajI0LWdwdzctMjNtOc4AA2Vb
Denial of service vulnerability on creating a Launch with too many recursively nested elements in reportportal
Ecosystems: maven
Packages: com.epam.reportportal:service-api
Source: GitHub Advisory Database
Blast Radius: 2.0
Published: about 1 year ago
High
GSA_kwCzR0hTQS12eDc0LWY1MjgtZnhxZ84AA2Va
github.com/nghttp2/nghttp2 has HTTP/2 Rapid Reset
Ecosystems: go
Packages: github.com/nghttp2/nghttp2
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS13cnAyLTZ2NmotaGZtZ84AA2Uj
ConcreteCMS vulnerable to Stored Cross-site Scripting
Ecosystems: packagist
Packages: concrete5/concrete5
Source: GitHub Advisory Database
Blast Radius: 4.6
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS1nampyLTYzeDQtdjhjcc4AA2Tu
langchain_experimental vulnerable to arbitrary code execution via PALChain in the python exec method
Ecosystems: pypi
Packages: langchain-experimental
Source: GitHub Advisory Database
Blast Radius: 22.7
Published: about 1 year ago
High
GSA_kwCzR0hTQS13NWZ4LWN4N2YtNnZyOc4AA2S9
MediaWiki Denial of Service vulnerability
Ecosystems: packagist
Packages: mediawiki/core
Source: GitHub Advisory Database
Blast Radius: 7.5
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1wY2YyLWdoNmctaDVyMs4AA2Sj
mXSS in AntiSamy
Ecosystems: maven
Packages: org.owasp.antisamy:antisamy
Source: GitHub Advisory Database
Blast Radius: 16.2
Published: about 1 year ago
High
GSA_kwCzR0hTQS02cGdyLWo5djQteGZ2ds4AA2R_
ThingsBoard Server-Side Template Injection
Ecosystems: maven
Packages: org.thingsboard:thingsboard
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
High
GSA_kwCzR0hTQS00eGN4LWN3cnEtdzc5Ms4AA2SA
Prototype Pollution in NASA Open MCT
Ecosystems: npm
Packages: openmct
Source: GitHub Advisory Database
Blast Radius: 11.7
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS04cjZqLXY4cG0tZnF3M84AA2SB
Code injection in fsevents
Ecosystems: npm
Packages: fsevents
Source: GitHub Advisory Database
Blast Radius: 65.9
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1ycjVjLTY5YzktZ2o5Zs4AA2R6
Cross-site Scripting in snipe/snipe-it
Ecosystems: packagist
Packages: snipe/snipe-it
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
High
GSA_kwCzR0hTQS13cWNyLXhtNDMtaHBxcs4AA2R3
Vulnerable version of libwebp and can be exploited with a malicious source image
Ecosystems: nuget
Packages: ImageResizer.Plugins.FreeImage
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS02MjJoLWgycDgtNzQzeM4AA2R2
JWT token compromise can allow malicious actions including Remote Code Execution (RCE)
Ecosystems: go
Packages: github.com/neuvector/neuvector
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS0yODltLTI5NjQtZjhxNc4AA2Rv
Puppet Bolt privilege escalation vulnerability
Ecosystems: rubygems
Packages: bolt
Source: GitHub Advisory Database
Blast Radius: 27.3
Published: about 1 year ago
High
GSA_kwCzR0hTQS1mOXBtLTRnOXAtNnZtM84AA2Rp
Bundled libwebp in pywebp vulnerable
Ecosystems: pypi
Packages: webp
Source: GitHub Advisory Database
Blast Radius: 12.9
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1tcjR3LTd2bTktY2dxeM4AA2RT
Zenario CMS Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: tribalsystems/zenario
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS00MzdwLWpmbTQtMjM4N84AA2RU
ConcreteCMS Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: concrete5/concrete5
Source: GitHub Advisory Database
Blast Radius: 4.6
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS02Y3h2LTI3cjItZnAzbc4AA2RX
Zenario CMS Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: tribalsystems/zenario
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS02eHg3LXI4eDQtZnBqcM4AA2RS
ConcreteCMS Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: concrete5/concrete5
Source: GitHub Advisory Database
Blast Radius: 4.6
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1qNmg1LWdndjItM3Jmds4AA2RP
ConcreteCMS Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: concrete5/concrete5
Source: GitHub Advisory Database
Blast Radius: 4.6
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1wNGpqLWd3cGctOWp3aM4AA2RR
ConcreteCMS Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: concrete5/concrete5
Source: GitHub Advisory Database
Blast Radius: 4.6
Published: about 1 year ago
Statistics
Advisories: 20,796
Packages: 9,104
Repositories: 5,560
Ecosystems: 12
Filter by Severity
Moderate 8,881 High 7,322 Critical 3,078 Low 1,157
Filter by Ecosystem
maven 5,892 packagist 4,649 pypi 4,409 npm 3,830 go 2,316 nuget 1,553 cargo 891 rubygems 885 swift 33 hex 32 actions 21 pub 9
Filter by Package
tensorflow 433 tensorflow-gpu 427 tensorflow-cpu 423 moodle/moodle 367 Microsoft.ChakraCore 247 magento/community-edition 235 org.jenkins-ci.main:jenkins-core 193 typo3/cms 174 org.apache.tomcat:tomcat 132 pimcore/pimcore 118 dolibarr/dolibarr 113 typo3/cms-core 106 Django 100 microweber/microweber 94 drupal/core 92 phpmyadmin/phpmyadmin 92 silverstripe/framework 85 apache-airflow 85 drupal/drupal 78 librenms/librenms 74 Plone 72 thorsten/phpmyfaq 70 com.fasterxml.jackson.core:jackson-databind 69 symfony/symfony 69 github.com/usememos/memos 64 ansible 63 github.com/mattermost/mattermost/server/v8 61 concrete5/concrete5 60 actionpack 60 salt 56 org.apache.struts:struts2-core 55 org.keycloak:keycloak-core 52 shopware/platform 52 apache-superset 51 github.com/grafana/grafana 49 mlflow 47 baserproject/basercms 47 nova 47 com.liferay.portal:release.portal.bom 46 craftcms/cms 46 django 44 nokogiri 43 rdiffweb 42 plone 41 matrix-synapse 41 showdoc/showdoc 40 shopware/core 40 intelliants/subrion 39 vyper 38 org.apache.tomcat.embed:tomcat-embed-core 38 github.com/rancher/rancher 38 froxlor/froxlor 38 com.thoughtworks.xstream:xstream 37 org.xwiki.platform:xwiki-platform-oldcore 37 org.keycloak:keycloak-services 37 nilsteampassnet/teampass 37 github.com/mattermost/mattermost-server/v6 37 github.com/hashicorp/vault 37 mautic/core 37 com.jfinal:jfinal 36 org.elasticsearch:elasticsearch 36 k8s.io/kubernetes 36 snipe/snipe-it 35 net.mingsoft:ms-mcms 35 moin 35 zendframework/zendframework1 34 io.undertow:undertow-core 34 gradio 34 github.com/answerdev/answer 34 org.jenkins-ci.plugins:script-security 33 keystone 32 parse-server 31 github.com/argoproj/argo-cd 31 opencv-python 31 Pillow 31 opencv-contrib-python 31 shopware/shopware 30 github.com/docker/docker 29 getgrav/grav 29 github.com/hashicorp/consul 29 github.com/hashicorp/nomad 28 mediawiki/core 28 github.com/argoproj/argo-cd/v2 27 centreon/centreon 27 directus 26 prestashop/prestashop 26 openssl-src 26 github.com/cilium/cilium 26 pillow 26 electron 26 rubygems-update 25 org.apache.solr:solr-core 25 org.keycloak:keycloak-parent 25 gogs.io/gogs 25 contao/core-bundle 24 simplesamlphp/simplesamlphp 24 magento/core 24 org.springframework.security:spring-security-core 24 org.eclipse.jetty:jetty-server 24 remdex/livehelperchat 23 puppet 23 grumpydictator/firefly-iii 23 zendframework/zendframework 23 rack 23 pocketmine/pocketmine-mp 23 org.bouncycastle:bcprov-jdk14 22 tribalsystems/zenario 22 ckb 22 getkirby/cms 22 org.apache.nifi:nifi 21 @openzeppelin/contracts-upgradeable 21 org.apache.openmeetings:openmeetings-parent 21 Microsoft.AspNetCore.App.Runtime.win-x64 21 glance 21 Microsoft.AspNetCore.App.Runtime.win-x86 21 activerecord 21 org.springframework:spring-core 20 @openzeppelin/contracts 20 laravel/framework 20 funadmin/funadmin 20 org.cloudfoundry.identity:cloudfoundry-identity-server 20 github.com/ethereum/go-ethereum 20 Microsoft.AspNetCore.App.Runtime.win-arm 20 code.gitea.io/gitea 20 langchain 20 DotNetNuke.Core 19 github.com/traefik/traefik/v2 19 contao/contao 19 wasmtime 19 org.xwiki.platform:xwiki-platform-web-templates 19 github.com/goharbor/harbor 19 Microsoft.AspNetCore.App.Runtime.linux-musl-x64 18 mindsdb 18 com.vaadin:vaadin-bom 18 Microsoft.AspNetCore.App.Runtime.linux-x64 18 com.liferay.portal:release.dxp.bom 18 cobbler 18 next 18 mercurial 18 golang.org/x/net 18 topthink/framework 18 Microsoft.AspNetCore.App.Runtime.osx-x64 18 forkcms/forkcms 18 Microsoft.AspNetCore.App.Runtime.linux-arm64 18 cockpit-hq/cockpit 18 Microsoft.AspNetCore.App.Runtime.linux-arm 18 Microsoft.AspNetCore.App.Runtime.win-arm64 18 notebook 17 neutron 17 francoisjacquet/rosariosis 17 genix/cms 17 helm.sh/helm/v3 17 Microsoft.AspNetCore.App.Runtime.linux-musl-arm64 17 ezsystems/ezpublish-kernel 17 org.apache.geode:geode-core 17 cakephp/cakephp 17 symfony/security 17 opencart/opencart 17 typo3/cms-backend 16 sequelize 16 cryptography 16 PaddlePaddle 16 tinymce 16 org.bouncycastle:bcprov-jdk15 16 paddlepaddle 16 pyload-ng 16 org.apache.dubbo:dubbo 16 org.apache.jspwiki:jspwiki-main 16 org.apache.activemq:activemq-client 16 yetiforce/yetiforce-crm 16 github.com/zitadel/zitadel 16 ethyca-fides 16 openmage/magento-lts 16 rusqlite 16 phpbb/phpbb 16 OctoPrint 15 smarty/smarty 15 org.apache.struts.xwork:xwork-core 15 surrealdb 15 ec-cube/ec-cube 15 symfony/security-http 15 calibreweb 15 ckeditor4 15 october/system 15 ghost 15 silverstripe/cms 14 github.com/nats-io/nats-server/v2 14 org.apache.tomcat:tomcat-coyote 14 lollms 14 dompdf/dompdf 14 feehi/cms 14 aiohttp 14 github.com/containerd/containerd 14 modoboa 14 phpmailer/phpmailer 14 pyftpdlib 14 swagger-ui 14 joplin 14 camaleon_cms 14 org.apache.inlong:manager-pojo 14
Filter by Repository
https://github.com/tensorflow/tensorflow 433 https://github.com/moodle/moodle 218 https://github.com/chakra-core/ChakraCore 214 https://github.com/xwiki/xwiki-platform 183 https://github.com/jenkinsci/jenkins 150 https://github.com/pimcore/pimcore 113 https://github.com/django/django 113 https://github.com/apache/tomcat 101 https://github.com/apache/airflow 100 https://github.com/microweber/microweber 88 https://github.com/keycloak/keycloak 79 https://github.com/TYPO3/typo3 75 https://github.com/FasterXML/jackson-databind 70 https://github.com/thorsten/phpmyfaq 69 https://github.com/librenms/librenms 66 https://github.com/usememos/memos 64 https://github.com/symfony/symfony 64 https://github.com/silverstripe/silverstripe-framework 64 https://github.com/rails/rails 59 https://github.com/ansible/ansible 58 https://github.com/Dolibarr/dolibarr 56 https://github.com/kubernetes/kubernetes 53 https://github.com/python-pillow/Pillow 52 https://github.com/apache/struts 46 https://github.com/spring-projects/spring-framework 46 https://github.com/shopware/platform 43 https://github.com/argoproj/argo-cd 42 https://github.com/ikus060/rdiffweb 42 https://github.com/grafana/grafana 41 https://github.com/concretecms/concretecms 41 https://github.com/vyperlang/vyper 38 https://github.com/magento/magento2 38 https://github.com/star7th/showdoc 38 https://github.com/phpmyadmin/phpmyadmin 38 https://github.com/x-stream/xstream 37 https://github.com/openstack/nova 37 https://github.com/plone/Products.CMFPlone 37 https://github.com/octobercms/october 35 https://github.com/mautic/mautic 35 https://github.com/craftcms/cms 34 https://github.com/answerdev/answer 34 https://github.com/saltstack/salt 34 https://github.com/rancher/rancher 34 https://github.com/dotnet/runtime 33 https://github.com/apache/activemq 33 https://github.com/sparklemotion/nokogiri 32 https://github.com/opencv/opencv 32 https://github.com/matrix-org/synapse 32 https://github.com/go-gitea/gitea 32 https://github.com/parse-community/parse-server 31 https://github.com/gradio-app/gradio 31 https://github.com/PaddlePaddle/Paddle 31 https://github.com/mlflow/mlflow 31 https://github.com/snipe/snipe-it 30 https://github.com/CVEProject/cvelist 28 https://github.com/shopware/shopware 28 https://github.com/openstack/keystone 28 https://github.com/apache/inlong 27 https://github.com/froxlor/froxlor 26 https://github.com/baserproject/basercms 26 https://github.com/cilium/cilium 26 https://github.com/umbraco/Umbraco-CMS 25 https://github.com/github/advisory-database 25 https://github.com/electron/electron 25 https://github.com/directus/directus 25 https://github.com/contao/contao 25 https://github.com/gogs/gogs 24 https://github.com/strapi/strapi 24 https://github.com/getgrav/grav 24 https://github.com/pmmp/PocketMine-MP 23 https://github.com/livehelperchat/livehelperchat 23 https://github.com/apache/nifi 23 https://github.com/firefly-iii/firefly-iii 23 https://github.com/eclipse/jetty.project 23 https://github.com/TYPO3/TYPO3.CMS 23 https://github.com/nervosnetwork/ckb 22 https://github.com/PrestaShop/PrestaShop 22 https://github.com/langchain-ai/langchain 22 https://github.com/hashicorp/consul 22 https://github.com/netty/netty 22 https://github.com/simplesamlphp/simplesamlphp 21 https://github.com/apache/cxf 21 https://github.com/jenkinsci/script-security-plugin 21 https://github.com/OpenNMS/opennms 20 https://github.com/OpenZeppelin/openzeppelin-contracts 20 https://github.com/funadmin/funadmin 20 https://github.com/undertow-io/undertow 20 https://github.com/jeecgboot/jeecg-boot 20 https://github.com/bytecodealliance/wasmtime 20 https://github.com/cloudfoundry/uaa 19 https://github.com/nilsteampassnet/teampass 19 https://github.com/getkirby/kirby 19 https://github.com/bcgit/bc-java 19 https://github.com/goharbor/harbor 19 https://github.com/zitadel/zitadel 19 https://github.com/traefik/traefik 19 https://github.com/moby/moby 19 https://github.com/geoserver/geoserver 18 https://github.com/nilsteampassnet/TeamPass 18 https://github.com/rack/rack 18 https://github.com/helm/helm 18 https://github.com/intelliants/subrion 18 https://github.com/rubygems/rubygems 18 https://github.com/hashicorp/vault 17 https://github.com/backstage/backstage 17 https://github.com/vaadin/platform 17 https://github.com/mindsdb/mindsdb 17 https://github.com/opencast/opencast 17 https://github.com/liufee/cms 17 https://github.com/pyload/pyload 16 https://github.com/ethereum/go-ethereum 16 https://github.com/sequelize/sequelize 16 https://github.com/etcd-io/etcd 16 https://github.com/denoland/deno 16 https://github.com/OpenMage/magento-lts 16 https://github.com/rusqlite/rusqlite 16 https://github.com/yetiforcecompany/yetiforcecrm 16 https://github.com/forkcms/forkcms 16 https://github.com/mattermost/mattermost 16 https://github.com/tinymce/tinymce 16 https://github.com/ethyca/fides 16 https://github.com/laravel/framework 16 https://github.com/TYPO3-CMS/core 16 https://github.com/zendframework/zendframework 15 https://github.com/puppetlabs/puppet 15 https://github.com/apache/camel 15 https://github.com/centreon/centreon 15 https://github.com/decidim/decidim 15 https://github.com/cobbler/cobbler 15 https://github.com/dompdf/dompdf 15 https://github.com/PHPMailer/PHPMailer 15 https://github.com/surrealdb/surrealdb 15 https://github.com/pyca/cryptography 15 https://github.com/vantage6/vantage6 15 https://github.com/xuxueli/xxl-job 14 https://github.com/containerd/containerd 14 https://github.com/aio-libs/aiohttp 14 https://github.com/janeczku/calibre-web 14 https://github.com/twisted/twisted 14 https://github.com/vercel/next.js 14 https://github.com/rails/rails-html-sanitizer 14 https://github.com/hashicorp/nomad 14 https://github.com/cockpit-hq/cockpit 14 https://github.com/dotnet/aspnetcore 14 https://github.com/ckeditor/ckeditor4 14 https://github.com/publify/publify 13 https://github.com/OPCFoundation/UA-.NETStandard 13 https://github.com/modoboa/modoboa 13 https://github.com/dromara/hutool 13 https://github.com/quarkusio/quarkus 13 https://github.com/OpenRefine/OpenRefine 13 https://github.com/laurent22/joplin 13 https://github.com/golang/go 13 https://github.com/nodejs/undici 13 https://github.com/swagger-api/swagger-ui 13 https://github.com/ming-soft/MCMS 13 https://github.com/apache/dolphinscheduler 13 https://github.com/TryGhost/Ghost 13 https://github.com/containers/podman 12 https://github.com/openfga/openfga 12 https://github.com/smarty-php/smarty 12 https://github.com/pimcore/admin-ui-classic-bundle 12 https://github.com/urllib3/urllib3 12 https://github.com/openstack/glance 12 https://github.com/patriksimek/vm2 12 https://github.com/centreon/centreon-archived 12 https://github.com/apache/kylin 12 https://github.com/puma/puma 12 https://github.com/wagtail/wagtail 12 https://github.com/PHPOffice/PhpSpreadsheet 12 https://github.com/opencontainers/runc 12 https://github.com/1Panel-dev/1Panel 12 https://github.com/onionshare/onionshare 11 https://github.com/cloudflare/cfrpki 11 https://github.com/spring-projects/spring-security 11 https://github.com/drupal/core 11 https://github.com/WWBN/AVideo 11 https://github.com/cri-o/cri-o 11 https://github.com/ezsystems/ezpublish-kernel 11 https://github.com/pomerium/pomerium 11 https://github.com/igniterealtime/Openfire 11 https://github.com/getsentry/sentry 11 https://github.com/cakephp/cakephp 11 https://github.com/NodeBB/NodeBB 11 https://github.com/Pylons/waitress 11 https://github.com/nats-io/nats-server 11 https://github.com/Sylius/Sylius 11 https://github.com/yiisoft/yii2 11 https://github.com/dpgaspar/Flask-AppBuilder 11 https://github.com/matrix-org/matrix-js-sdk 11 https://github.com/owen2345/camaleon-cms 11 https://github.com/dolibarr/dolibarr 11 https://github.com/zenml-io/zenml 11 https://github.com/thorsten/phpMyFAQ 11 https://github.com/Studio-42/elFinder 11 https://github.com/scrapy/scrapy 11 https://github.com/vaadin/flow 11 https://github.com/top-think/framework 11 https://github.com/jupyter/notebook 10