Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories

Browse all Security Advisories for

Loading...
Moderate
GSA_kwCzR0hTQS02Zm0zLXI2bWYtajg3Nc4AA2RQ
ConcreteCMS Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: concrete5/concrete5
Source: GitHub Advisory Database
Blast Radius: 4.6
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS03eHZjLXY0NGotNDZmaM4AA2RG
geokit-rails Command Injection vulnerability
Ecosystems: rubygems
Packages: geokit-rails
Source: GitHub Advisory Database
Blast Radius: 29.8
Published: about 1 year ago
Low
GSA_kwCzR0hTQS1wZmZnLTkyY2cteGY1Y84AA2Qs
gnark-crypto's exponentiation in the pairing target group GT using GLV can give incorrect results
Ecosystems: go
Packages: github.com/consensys/gnark-crypto
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
High
GSA_kwCzR0hTQS0zZjQ4LTlqN3EtcTJnds4AA2Qr
NI MeasurementLink Python Services Improper Access Restriction vulnerability
Ecosystems: pypi
Packages: ni-measurementlink-service
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS0zbXdxLWgzZzYtZmZobc4AA2Qq
Vapor's incorrect request error handling triggers server crash
Ecosystems: swift
Packages: github.com/vapor/vapor
Source: GitHub Advisory Database
Blast Radius: 15.4
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1xdzIyLTh3OXItODY0aM4AA2Qp
io.micronaut.security:micronaut-security-oauth2 has invalid IdTokenClaimsValidator logic on aud
Ecosystems: maven
Packages: io.micronaut.security:micronaut-security-oauth2
Source: GitHub Advisory Database
Blast Radius: 14.9
Published: about 1 year ago
High
GSA_kwCzR0hTQS02MzloLTg2aHctcWNqcc4AA2Qo
Decidim has broken access control in templates
Ecosystems: rubygems
Packages: decidim, decidim-templates
Source: GitHub Advisory Database
Blast Radius: 17.7
Published: about 1 year ago
High
GSA_kwCzR0hTQS00YzI5LWdmcnAtZzZ4Oc4AA2QO
CefSharp affected by libvpx's heap buffer overflow in vp8 encoding
Ecosystems: nuget
Packages: CefSharp.Common.NETCore, CefSharp.Common
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
High
GSA_kwCzR0hTQS05NHZjLXA4dzctNXA0Oc4AA2QD
Bundled libwebp in imagecodecs vulnerable
Ecosystems: pypi
Packages: imagecodecs
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
High
GSA_kwCzR0hTQS01NnB3LW1wajQtZnh3d84AA2QC
Bundled libwebp in Pillow vulnerable
Ecosystems: pypi
Packages: pillow
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS00M2NwLTZwM3EtMnBjNM4AA2Px
HtmlSanitizer vulnerable to Cross-site Scripting in Foreign Content
Ecosystems: nuget
Packages: HtmlSanitizer
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Low
GSA_kwCzR0hTQS1tNzU1LWd4eGctcjVxaM4AA2Pw
Zope management interface vulnerable to stored cross site scripting via the title property
Ecosystems: pypi
Packages: Zope
Source: GitHub Advisory Database
Blast Radius: 6.4
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS05M2o0LXY4MzgtODc2N84AA2Pm
TYPO3 extension femanager Broken Access Control vulnerability
Ecosystems: packagist
Packages: in2code/femanager
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS13dzNtLWZmcm0tcXZxds4AA2Ph
Ansible may expose private key
Ecosystems: pypi
Packages: ansible-core
Source: GitHub Advisory Database
Blast Radius: 21.6
Published: about 1 year ago
High
GSA_kwCzR0hTQS1tdnJwLTNjdngtYzMyNc4AA2PO
Zod denial of service vulnerability during email validation
Ecosystems: npm
Packages: express-zod-api
Source: GitHub Advisory Database
Blast Radius: 5.2
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS00OTh3LTVqNDktdnFqZ84AA2PN
gnark unsoundness in variable comparison / non-unique binary decomposition
Ecosystems: go
Packages: github.com/consensys/gnark
Source: GitHub Advisory Database
Blast Radius: 10.4
Published: about 1 year ago
High
GSA_kwCzR0hTQS02aGM5LWNmOHgtaGY4M84AA2O5
Quarkus OIDC can leak both ID and access tokens
Ecosystems: maven
Packages: io.quarkus:quarkus-oidc
Source: GitHub Advisory Database
Blast Radius: 20.2
Published: about 1 year ago
High
GSA_kwCzR0hTQS04NnE1LXFjamMtN3B2NM4AA2Oc
Presto JDBC Server-Side Request Forgery by nextUri
Ecosystems: maven
Packages: com.facebook.presto:presto-jdbc
Source: GitHub Advisory Database
Blast Radius: 20.1
Published: about 1 year ago
High
GSA_kwCzR0hTQS14bTd4LWYzdzItNGhqbc4AA2Ob
Presto JDBC Server-Side Request Forgery by redirect
Ecosystems: maven
Packages: com.facebook.presto:presto-jdbc
Source: GitHub Advisory Database
Blast Radius: 20.1
Published: about 1 year ago
High
GSA_kwCzR0hTQS0yODk0LXFjcWYtZzIzZ84AA2Ml
asyncua Improper Authentication vulnerability
Ecosystems: pypi
Packages: asyncua
Source: GitHub Advisory Database
Blast Radius: 12.5
Published: about 1 year ago
High
GSA_kwCzR0hTQS12ODM0LXJodjQtNjVtM84AA2Mj
static-server Path Traversal vulnerability
Ecosystems: npm
Packages: static-server
Source: GitHub Advisory Database
Blast Radius: 29.8
Published: about 1 year ago
High
GSA_kwCzR0hTQS1nZnZxLW14dzMtbWZxM84AA2Mo
asyncua vulnerable to denial of service via infinite loop
Ecosystems: pypi
Packages: asyncua
Source: GitHub Advisory Database
Blast Radius: 12.5
Published: about 1 year ago
High
GSA_kwCzR0hTQS1tYzk3LTk5ajQtdm0yds4AA2MF
Soft Serve Public Key Authentication Bypass Vulnerability when Keyboard-Interactive SSH Authentication is Enabled
Ecosystems: go
Packages: github.com/charmbracelet/soft-serve
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
High
GSA_kwCzR0hTQS01cnY1LTZoNHItaDIyds4AA2ME
opentelemetry-instrumentation Denial of Service vulnerability due to unbound cardinality metrics
Ecosystems: pypi
Packages: opentelemetry-instrumentation
Source: GitHub Advisory Database
Blast Radius: 24.7
Published: about 1 year ago
High
GSA_kwCzR0hTQS12ODQ1LWp4eDUtdmM5Zs4AA2MD
`Cookie` HTTP header isn't stripped on cross-origin redirects
Ecosystems: pypi
Packages: urllib3
Source: GitHub Advisory Database
Blast Radius: 33.2
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS01NmZtLWhmcDMteDN3M84AA2MC
Wallabag user can disable 2FA unintentionally
Ecosystems: packagist
Packages: wallabag/wallabag
Source: GitHub Advisory Database
Blast Radius: 3.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1qOWdxLXc3M3ctOWg2Y84AA2L3
pretix potential IP address spoofing vulnerability
Ecosystems: pypi
Packages: pretix
Source: GitHub Advisory Database
Blast Radius: 4.8
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS04ZnhyLXFmcjktcDM0d84AA2Lz
TorchServe Server-Side Request Forgery vulnerability
Ecosystems: pypi
Packages: torchserve
Source: GitHub Advisory Database
Blast Radius: 20.3
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS00bXFnLWg1amYtajltN84AA2Ly
TorchServe Pre-Auth Remote Code Execution
Ecosystems: pypi
Packages: torchserve
Source: GitHub Advisory Database
Blast Radius: 20.8
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS0zOW0zLWNqOGMtODg2cs4AA2Kn
Dolibarr Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: dolibarr/dolibarr
Source: GitHub Advisory Database
Blast Radius: 4.2
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1xY2pnLWh2ZzYtaHhjcM4AA2Ju
phpMyFAQ allows unrestricted file types in image field
Ecosystems: packagist
Packages: thorsten/phpmyfaq
Source: GitHub Advisory Database
Blast Radius: 3.9
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS1wcDR3LWc1cDQtODVwMs4AA2Jz
phpMyFAQ Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: thorsten/phpmyfaq
Source: GitHub Advisory Database
Blast Radius: 5.4
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS01and2LW04aDMtNjljZ84AA2Jw
phpMyFaq Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: thorsten/phpmyfaq
Source: GitHub Advisory Database
Blast Radius: 3.8
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS01OHY3LTU4YzItcXdtOc4AA2Jv
phpMyFAQ Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: thorsten/phpmyfaq
Source: GitHub Advisory Database
Blast Radius: 5.5
Published: about 1 year ago
High
GSA_kwCzR0hTQS1qNXd3LTV4ZjQtaHFtMs4AA2J0
phpMyFAQ Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: thorsten/phpmyfaq
Source: GitHub Advisory Database
Blast Radius: 5.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1yNjU3LTN3cWgtZzJ4Oc4AA2Jx
Microweber uses hard coded credentials
Ecosystems: packagist
Packages: microweber/microweber
Source: GitHub Advisory Database
Blast Radius: 4.1
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS03Zmg1LTY0cDItM3Yyas4AA2Js
PostCSS line return parsing error
Ecosystems: npm
Packages: postcss
Source: GitHub Advisory Database
Blast Radius: 34.8
Published: about 1 year ago
High
GSA_kwCzR0hTQS1qbTZtLTQ2MzItMzZoZs4AA2Jg
Composer Remote Code Execution vulnerability via web-accessible composer.phar
Ecosystems: packagist
Packages: composer/composer
Source: GitHub Advisory Database
Blast Radius: 40.0
Published: about 1 year ago
Low
GSA_kwCzR0hTQS1ocTU4LXA5bXYtMzM4Y84AA2Jf
CometBFT's default for `BlockParams.MaxBytes` consensus parameter may increase block times and affect consensus participation
Ecosystems: go
Packages: github.com/cometbft/cometbft
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
High
GSA_kwCzR0hTQS1yaHJ2LTY0NWgtZmpmaM4AA2Jb
Apache Avro Java SDK vulnerable to Improper Input Validation
Ecosystems: pypi, maven
Packages: avro, org.apache.avro:avro
Source: GitHub Advisory Database
Blast Radius: 54.2
Published: about 1 year ago
High
GSA_kwCzR0hTQS1jNHJ2LTJqNngtcHE3eM4AA2JC
Rdiffweb Allocation of Resources Without Limits or Throttling vulnerability
Ecosystems: pypi
Packages: rdiffweb
Source: GitHub Advisory Database
Blast Radius: 4.2
Published: about 1 year ago
Low
GSA_kwCzR0hTQS1oOHdoLWY3Z3ctZndwcs4AA2I9
Mattermost Incorrect Authorization vulnerability
Ecosystems: go
Packages: github.com/mattermost/mattermost-server/v6, github.com/mattermost/mattermost/server/v8
Source: GitHub Advisory Database
Blast Radius: 6.0
Published: about 1 year ago
Low
GSA_kwCzR0hTQS1ycDY1LWpwYzctOGg4cM4AA2I7
Mattermost Incorrect Authorization vulnerability
Ecosystems: go
Packages: github.com/mattermost/mattermost-server/v6, github.com/mattermost/mattermost/server/v8
Source: GitHub Advisory Database
Blast Radius: 6.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS05aHdwLWNqN20td2p3NM4AA2I2
Mattermost Incorrect Authorization vulnerability
Ecosystems: go
Packages: github.com/mattermost/mattermost-server/v6, github.com/mattermost/mattermost/server/v8
Source: GitHub Advisory Database
Blast Radius: 14.5
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS0zM3I3LXdqZmMtN3c5OM4AA2Iz
Mattermost Uncontrolled Resource Consumption vulnerability
Ecosystems: go
Packages: github.com/mattermost/mattermost-server/v6, github.com/mattermost/mattermost/server/v8
Source: GitHub Advisory Database
Blast Radius: 14.5
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1oNjl2LW12aDktaGZycc4AA2I8
Mattermost Incorrect Authorization vulnerability
Ecosystems: go
Packages: github.com/mattermost/mattermost-server/v6, github.com/mattermost/mattermost/server/v8
Source: GitHub Advisory Database
Blast Radius: 9.6
Published: about 1 year ago
High
GSA_kwCzR0hTQS05anZ4LXA2bXEtZnc0ds4AA2Ij
pretix allows Pillow to parse EPS files
Ecosystems: pypi
Packages: pretix
Source: GitHub Advisory Database
Blast Radius: 7.0
Published: about 1 year ago
High
GSA_kwCzR0hTQS04NmM2LTNnNjMtNXc2NM4AA2Id
Hashicorp Vault Incorrect Permission Assignment for Critical Resource vulnerability
Ecosystems: go
Packages: github.com/hashicorp/vault
Source: GitHub Advisory Database
Blast Radius: 25.9
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1tOTVxLTdxcDMteHY0Ms4AA2IO
Zod denial of service vulnerability
Ecosystems: npm
Packages: zod
Source: GitHub Advisory Database
Blast Radius: 27.0
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS1yanFnLTNoOW0tZng1eM4AA2IQ
Cache poisoning in drupal/core
Ecosystems: packagist
Packages: drupal/core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS0yaG05LWg4NzMtcGdxaM4AA2IH
OpenFGA Vulnerable to DoS from circular relationship definitions
Ecosystems: go
Packages: github.com/openfga/openfga
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
High
GSA_kwCzR0hTQS1xcXZxLTZ4Z2otanc4Z84AA2IC
Electron affected by libvpx's heap buffer overflow in vp8 encoding
Ecosystems: npm
Packages: electron
Source: GitHub Advisory Database
Blast Radius: 43.7
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS02am1mLTJwZmMtcTltN84AA2IA
PrestaShop allows users to uninstall modules from backoffice, even with low rights
Ecosystems: packagist
Packages: prestashop/prestashop
Source: GitHub Advisory Database
Blast Radius: 1.3
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1ndnJnLTYyanAtcmY3as4AA2H_
PrestaShop allows employee without any access rights to list all installed modules
Ecosystems: packagist
Packages: prestashop/prestashop
Source: GitHub Advisory Database
Blast Radius: 1.3
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS03dmZmLXJ2MmYtY2o3Oc4AA2H8
Subrion CMS Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: intelliants/subrion
Source: GitHub Advisory Database
Blast Radius: 3.3
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS04bWpyLTZjOTYtMzl3OM4AA2Hh
pydash Command Injection vulnerability
Ecosystems: pypi
Packages: pydash
Source: GitHub Advisory Database
Blast Radius: 21.9
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1nYzk1LTVtbXAtbXA2as4AA2Hg
Economizzer vulnerable to Clickjacking
Ecosystems: packagist
Packages: gugoan/economizzer
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Low
GSA_kwCzR0hTQS04OTZ2LXBoNXctMzc5aM4AA2Hj
Economizzer Insecure Direct Object Reference vulnerability
Ecosystems: packagist
Packages: gugoan/economizzer
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1oM3FmLXY2OHItMzVqZ84AA2Hl
Economizzer user enumeration vulnerability
Ecosystems: packagist
Packages: gugoan/economizzer
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS05eGZxLThqM3IteHA1Z84AA2Hb
Consensys gnark-crypto allows Signature Malleability
Ecosystems: go
Packages: github.com/Consensys/gnark-crypto
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
High
GSA_kwCzR0hTQS1wcTk4LTZoZjYtM3JqM84AA2Hc
Economizzer remote code execution vulnerability
Ecosystems: packagist
Packages: gugoan/economizzer
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1qZ3c1LXJwNHAtcWhwNs4AA2Hm
quill-mention Cross-site Scripting vulnerability
Ecosystems: npm
Packages: quill-mention
Source: GitHub Advisory Database
Blast Radius: 16.8
Published: about 1 year ago
High
GSA_kwCzR0hTQS1ocXA5LW1yanctN3FxMs4AA2He
Economizzer host header injection vulnerability
Ecosystems: packagist
Packages: gugoan/economizzer
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1yZ2Y5LWo3Z3YtcnEyMs4AA2HZ
Microweber Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: microweber/microweber
Source: GitHub Advisory Database
Blast Radius: 4.3
Published: about 1 year ago
High
GSA_kwCzR0hTQS03dnByLTNwcHctcXJwas4AA2HE
Imageflow affected by libwebp zero-day and should not be used with malicious source images.
Ecosystems: nuget
Packages: Imageflow.NativeTool.osx_10_11-x86_64, Imageflow.NativeTool.ubuntu_18_04-x86_64, Imageflow.NativeTool.ubuntu_16_04-x86_64, Imageflow.NativeTool.ubuntu_18_04-x86_64-haswell, Imageflow.NativeRuntime.ubuntu_16_04-x86_64, Imageflow.NativeRuntime.osx_10_11-x86_64, Imageflow.NativeRuntime.ubuntu_18_04-x86_64, Imageflow.NativeRuntime.ubuntu_18_04-x86_64-haswell, Imageflow.NativeTool.ubuntu-x86_64-haswell, Imageflow.NativeTool.ubuntu-x86_64, Imageflow.NativeTool.win-x86, Imageflow.NativeTool.osx-x86_64, Imageflow.NativeTool.win-x86_64, Imageflow.NativeRuntime.ubuntu-x86_64-haswell, Imageflow.NativeRuntime.ubuntu-x86_64, Imageflow.NativeRuntime.win-x86, Imageflow.NativeRuntime.osx-x86_64, Imageflow.NativeRuntime.win-x86_64, ImageResizer.Plugins.Imageflow, Imageflow.Server, Imageflow.AllPlatforms
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
High
GSA_kwCzR0hTQS00dmpyLWNydmgtMzgzaM4AA2HD
@napi-rs/image affected by libwebp CVE
Ecosystems: npm
Packages: @napi-rs/image
Source: GitHub Advisory Database
Blast Radius: 9.5
Published: about 1 year ago
High
GSA_kwCzR0hTQS00cTZwLXI2djItanZjNc4AA2HC
Chaijs/get-func-name vulnerable to ReDoS
Ecosystems: npm
Packages: get-func-name
Source: GitHub Advisory Database
Blast Radius: 41.3
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS02anF3LWp3ZjUtcnA4aM4AA2HB
Path traversal allows leaking out-of-bound Helm charts from Argo CD repo-server
Ecosystems: go
Packages: github.com/argoproj/argo-cd/v2, github.com/argoproj/argo-cd
Source: GitHub Advisory Database
Blast Radius: 10.9
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1wNzZqLWg0bTgtaHg1Y84AA2Gl
Pimcore Demo Allows GraphQL Introspection
Ecosystems: packagist
Packages: pimcore/demo
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1xODMyLTIyNzUtcmZxaM4AA2Dj
Subrion CMS XSS in /panel/configuration/financial/
Ecosystems: packagist
Packages: intelliants/subrion
Source: GitHub Advisory Database
Blast Radius: 3.3
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS00dzJqLXdqOXEtNndweM4AA2GE
Subrion CMS Cross-site Scripting vulnerability in /panel/languages
Ecosystems: packagist
Packages: intelliants/subrion
Source: GitHub Advisory Database
Blast Radius: 3.3
Published: about 1 year ago
High
GSA_kwCzR0hTQS02NWgyLXdmN20tcTJ2OM4AA2EK
Undertow vulnerable to denial of service
Ecosystems: maven
Packages: io.undertow:undertow-parent
Source: GitHub Advisory Database
Blast Radius: 3.6
Published: about 1 year ago
High
GSA_kwCzR0hTQS12NGoyLWN3bW0teGc4Oc4AA2EH
OpenCart Path Traversal vulnerability
Ecosystems: packagist
Packages: opencart/opencart
Source: GitHub Advisory Database
Blast Radius: 9.5
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS00eHAyLXc2NDItN21jeM4AA2C6
Cilium vulnerable to bypass of namespace restrictions in CiliumNetworkPolicy
Ecosystems: go
Packages: github.com/cilium/cilium
Source: GitHub Advisory Database
Blast Radius: 13.9
Published: about 1 year ago
Low
GSA_kwCzR0hTQS0yNG01LXI2aHYtY2NncM4AA2C5
Specific Cilium configurations vulnerable to DoS via Kubernetes annotations
Ecosystems: go
Packages: github.com/cilium/cilium
Source: GitHub Advisory Database
Blast Radius: 7.0
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS1yNWhtLW1wM2otMjg1Z84AA2C4
sing-box vulnerable to improper authentication in the SOCKS inbound
Ecosystems: go
Packages: github.com/sagernet/sing, github.com/sagernet/sing-box
Source: GitHub Advisory Database
Blast Radius: 23.7
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1jeDJxLWhmeHItcmo5N84AA2C3
Vyper's `_abi_decode` input not validated in complex expressions
Ecosystems: pypi
Packages: vyper
Source: GitHub Advisory Database
Blast Radius: 12.6
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS03NTY1LWNxMzItdngyeM4AA2C2
matrix-synapse vulnerable to improper validation of receipts allows forged read receipts
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 4.4
Published: about 1 year ago
Low
GSA_kwCzR0hTQS00Zjc0LTg0djMtajlxNc4AA2C1
matrix-synapse vulnerable to temporary storage of plaintext passwords during password changes
Ecosystems: pypi
Packages: matrix-synapse
Source: GitHub Advisory Database
Blast Radius: 5.2
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1najJyLXBod2ctNnJ3d84AA2C0
Kubernetes users may update Pod labels to bypass network policy
Ecosystems: go
Packages: github.com/cilium/cilium
Source: GitHub Advisory Database
Blast Radius: 10.9
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1qY3dyLXgyNWgteDVmaM4AA2Ch
codehaus-plexus vulnerable to XML injection
Ecosystems: maven
Packages: org.codehaus.plexus:plexus-utils
Source: GitHub Advisory Database
Blast Radius: 17.8
Published: about 1 year ago
High
GSA_kwCzR0hTQS1nNnBoLXg1d2YtZzMzN84AA2Cg
plexus-codehaus vulnerable to directory traversal
Ecosystems: maven
Packages: org.codehaus.plexus:plexus-utils
Source: GitHub Advisory Database
Blast Radius: 31.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1ycmp3LWo0bTItbWYzNM4AA2CW
gix-transport code execution vulnerability
Ecosystems: cargo
Packages: gix-transport
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS02Nm0yLTQ5M20tY3JoMs4AA2CV
Searchor CLI's Search vulnerable to Arbitrary Code using Eval
Ecosystems: pypi
Packages: searchor
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
High
GSA_kwCzR0hTQS01NWc3LTljd3YtNXFmds4AA2By
snappy-java's missing upper bound check on chunk length can lead to Denial of Service (DoS) impact
Ecosystems: maven
Packages: org.xerial.snappy:snappy-java
Source: GitHub Advisory Database
Blast Radius: 30.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1tOTg4LTczNzUtN2cyY84AA2Bx
pimcore/admin-ui-classic-bundle Cross-site Scripting vulnerability in Translations
Ecosystems: packagist
Packages: pimcore/admin-ui-classic-bundle
Source: GitHub Advisory Database
Blast Radius: 4.6
Published: about 1 year ago
High
GSA_kwCzR0hTQS00Mmg0LXYyOXItNDJxZ84AA2Bw
yt-dlp on Windows vulnerable to `--exec` command injection when using `%q`
Ecosystems: pypi
Packages: yt-dlp
Source: GitHub Advisory Database
Blast Radius: 29.8
Published: about 1 year ago
High
GSA_kwCzR0hTQS12Znc1LWhyZ3EtaDV3Zs4AA2Bv
x/net/html Vulnerable to DoS During HTML Parsing
Ecosystems: go
Packages: golang.org/x/net
Source: GitHub Advisory Database
Blast Radius: 40.8
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS14N20zLWpwcmctd2M1Z84AA2Bl
Gevent allows remote attacker to escalate privileges
Ecosystems: pypi
Packages: gevent
Source: GitHub Advisory Database
Blast Radius: 44.7
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS02cng5LWMycmgtM3F2NM4AA2A7
OpenStack Barbican information disclosure vulnerability
Ecosystems: pypi
Packages: barbican
Source: GitHub Advisory Database
Blast Radius: 2.9
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS02cXFwLTR2bTMtMzU5ds4AA2A5
OpenStack Barbican credential leak flaw
Ecosystems: pypi
Packages: barbican
Source: GitHub Advisory Database
Blast Radius: 3.1
Published: about 1 year ago
High
GSA_kwCzR0hTQS01ODM2LWdyY2MtOGo4Oc4AA2A4
OpenStack Heat information leak vulnerability
Ecosystems: pypi
Packages: openstack-heat
Source: GitHub Advisory Database
Blast Radius: 7.7
Published: about 1 year ago
High
GSA_kwCzR0hTQS05Mmh4LTNtaDYtaGM0Oc4AA2A6
kube-apiserver authentication bypass vulnerability
Ecosystems: go
Packages: github.com/openshift/apiserver-library-go
Source: GitHub Advisory Database
Blast Radius: 15.6
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS02ZjRtLWo1NnctNTVjM84AA2A3
Kiali content spoofing vulnerability
Ecosystems: go
Packages: github.com/kiali/kiali
Source: GitHub Advisory Database
Blast Radius: 4.1
Published: about 1 year ago
Critical
GSA_kwCzR0hTQS1yd2h4LTZoeDctcHFjOM4AA2As
SQL injection in jeecgboot
Ecosystems: maven
Packages: org.jeecgframework.boot:jeecg-boot-common
Source: GitHub Advisory Database
Blast Radius: 20.1
Published: about 1 year ago
High
GSA_kwCzR0hTQS1tOXhxLTZoMmotNjVyMs4AA2Ar
Markdown vulnerable to Out-of-bounds Read while parsing citations
Ecosystems: go
Packages: github.com/gomarkdown/markdown
Source: GitHub Advisory Database
Blast Radius: 22.5
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS00MjN3LXAydzktcjd2cc4AA2An
AEADs/aes-gcm: Plaintext exposed in decrypt_in_place_detached even on tag verification failure
Ecosystems: cargo
Packages: aes-gcm
Source: GitHub Advisory Database
Blast Radius: 18.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1naHA4LTUydngtNzdqNM4AA2Al
pgAdmin failed to properly control the server code
Ecosystems: pypi
Packages: pgadmin4
Source: GitHub Advisory Database
Blast Radius: 10.2
Published: about 1 year ago
High
GSA_kwCzR0hTQS00NWMzLWM0YzMtOHJxZ84AA2AN
FUXA vulnerable to Local File Inclusion
Ecosystems: npm
Packages: @frangoteam/fuxa
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
High
GSA_kwCzR0hTQS13d2ZqLWg4NDMtM2hycc4AA2AL
FUXA local file inclusion vulnerability
Ecosystems: npm
Packages: fuxa-server
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Statistics
Advisories: 20,797
Packages: 9,104
Repositories: 5,560
Ecosystems: 12
Filter by Severity
Moderate 8,882 High 7,321 Critical 3,078 Low 1,157
Filter by Ecosystem
maven 5,892 packagist 4,648 pypi 4,409 npm 3,830 go 2,317 nuget 1,553 cargo 891 rubygems 885 swift 33 hex 32 actions 21 pub 9
Filter by Package
tensorflow 433 tensorflow-gpu 427 tensorflow-cpu 423 moodle/moodle 367 Microsoft.ChakraCore 247 magento/community-edition 235 org.jenkins-ci.main:jenkins-core 193 typo3/cms 174 org.apache.tomcat:tomcat 132 pimcore/pimcore 118 dolibarr/dolibarr 113 typo3/cms-core 106 Django 100 microweber/microweber 94 phpmyadmin/phpmyadmin 92 drupal/core 92 silverstripe/framework 85 apache-airflow 85 drupal/drupal 78 librenms/librenms 74 Plone 72 thorsten/phpmyfaq 70 symfony/symfony 69 com.fasterxml.jackson.core:jackson-databind 69 github.com/usememos/memos 64 ansible 63 github.com/mattermost/mattermost/server/v8 61 actionpack 60 concrete5/concrete5 60 salt 56 org.apache.struts:struts2-core 55 shopware/platform 52 org.keycloak:keycloak-core 52 apache-superset 51 github.com/grafana/grafana 49 mlflow 47 baserproject/basercms 47 nova 47 craftcms/cms 46 com.liferay.portal:release.portal.bom 46 django 44 nokogiri 43 rdiffweb 42 plone 41 matrix-synapse 41 showdoc/showdoc 40 shopware/core 40 intelliants/subrion 39 github.com/rancher/rancher 38 froxlor/froxlor 38 org.apache.tomcat.embed:tomcat-embed-core 38 vyper 38 org.xwiki.platform:xwiki-platform-oldcore 37 com.thoughtworks.xstream:xstream 37 nilsteampassnet/teampass 37 mautic/core 37 org.keycloak:keycloak-services 37 github.com/mattermost/mattermost-server/v6 37 github.com/hashicorp/vault 37 com.jfinal:jfinal 36 org.elasticsearch:elasticsearch 36 k8s.io/kubernetes 36 moin 35 net.mingsoft:ms-mcms 35 snipe/snipe-it 35 gradio 34 github.com/answerdev/answer 34 zendframework/zendframework1 34 io.undertow:undertow-core 34 org.jenkins-ci.plugins:script-security 33 keystone 32 opencv-python 31 parse-server 31 Pillow 31 opencv-contrib-python 31 github.com/argoproj/argo-cd 31 shopware/shopware 30 github.com/docker/docker 29 github.com/hashicorp/consul 29 getgrav/grav 29 github.com/hashicorp/nomad 28 mediawiki/core 28 github.com/argoproj/argo-cd/v2 27 centreon/centreon 27 directus 26 pillow 26 openssl-src 26 github.com/cilium/cilium 26 prestashop/prestashop 26 electron 26 org.keycloak:keycloak-parent 25 rubygems-update 25 gogs.io/gogs 25 org.apache.solr:solr-core 25 contao/core-bundle 24 magento/core 24 org.eclipse.jetty:jetty-server 24 org.springframework.security:spring-security-core 24 simplesamlphp/simplesamlphp 23 zendframework/zendframework 23 grumpydictator/firefly-iii 23 pocketmine/pocketmine-mp 23 puppet 23 remdex/livehelperchat 23 rack 23 org.bouncycastle:bcprov-jdk14 22 ckb 22 tribalsystems/zenario 22 getkirby/cms 22 glance 21 @openzeppelin/contracts-upgradeable 21 Microsoft.AspNetCore.App.Runtime.win-x64 21 org.apache.openmeetings:openmeetings-parent 21 Microsoft.AspNetCore.App.Runtime.win-x86 21 activerecord 21 org.apache.nifi:nifi 21 funadmin/funadmin 20 github.com/ethereum/go-ethereum 20 laravel/framework 20 org.springframework:spring-core 20 langchain 20 org.cloudfoundry.identity:cloudfoundry-identity-server 20 Microsoft.AspNetCore.App.Runtime.win-arm 20 @openzeppelin/contracts 20 code.gitea.io/gitea 20 github.com/traefik/traefik/v2 19 DotNetNuke.Core 19 org.xwiki.platform:xwiki-platform-web-templates 19 github.com/goharbor/harbor 19 contao/contao 19 wasmtime 19 Microsoft.AspNetCore.App.Runtime.linux-x64 18 Microsoft.AspNetCore.App.Runtime.linux-musl-x64 18 next 18 Microsoft.AspNetCore.App.Runtime.osx-x64 18 cobbler 18 Microsoft.AspNetCore.App.Runtime.linux-arm64 18 Microsoft.AspNetCore.App.Runtime.linux-arm 18 com.vaadin:vaadin-bom 18 mindsdb 18 topthink/framework 18 com.liferay.portal:release.dxp.bom 18 golang.org/x/net 18 Microsoft.AspNetCore.App.Runtime.win-arm64 18 forkcms/forkcms 18 mercurial 18 cockpit-hq/cockpit 18 cakephp/cakephp 17 org.apache.geode:geode-core 17 notebook 17 genix/cms 17 helm.sh/helm/v3 17 symfony/security 17 opencart/opencart 17 neutron 17 Microsoft.AspNetCore.App.Runtime.linux-musl-arm64 17 francoisjacquet/rosariosis 17 ezsystems/ezpublish-kernel 17 org.apache.dubbo:dubbo 16 github.com/zitadel/zitadel 16 yetiforce/yetiforce-crm 16 paddlepaddle 16 typo3/cms-backend 16 PaddlePaddle 16 org.apache.jspwiki:jspwiki-main 16 tinymce 16 phpbb/phpbb 16 ethyca-fides 16 org.bouncycastle:bcprov-jdk15 16 org.apache.activemq:activemq-client 16 cryptography 16 rusqlite 16 sequelize 16 openmage/magento-lts 16 pyload-ng 16 org.apache.struts.xwork:xwork-core 15 smarty/smarty 15 ec-cube/ec-cube 15 october/system 15 OctoPrint 15 ckeditor4 15 symfony/security-http 15 surrealdb 15 calibreweb 15 ghost 15 org.apache.tomcat:tomcat-coyote 14 lollms 14 camaleon_cms 14 phpmailer/phpmailer 14 joplin 14 github.com/nats-io/nats-server/v2 14 activesupport 14 swagger-ui 14 modoboa 14 bolt/bolt 14 org.apache.inlong:manager-pojo 14 silverstripe/cms 14 publify_core 14 pyftpdlib 14 aiohttp 14
Filter by Repository
https://github.com/tensorflow/tensorflow 433 https://github.com/moodle/moodle 218 https://github.com/chakra-core/ChakraCore 214 https://github.com/xwiki/xwiki-platform 183 https://github.com/jenkinsci/jenkins 150 https://github.com/django/django 113 https://github.com/pimcore/pimcore 113 https://github.com/apache/tomcat 101 https://github.com/apache/airflow 100 https://github.com/microweber/microweber 88 https://github.com/keycloak/keycloak 79 https://github.com/TYPO3/typo3 75 https://github.com/FasterXML/jackson-databind 70 https://github.com/thorsten/phpmyfaq 69 https://github.com/librenms/librenms 66 https://github.com/symfony/symfony 64 https://github.com/usememos/memos 64 https://github.com/silverstripe/silverstripe-framework 64 https://github.com/rails/rails 59 https://github.com/ansible/ansible 58 https://github.com/Dolibarr/dolibarr 56 https://github.com/kubernetes/kubernetes 53 https://github.com/python-pillow/Pillow 52 https://github.com/spring-projects/spring-framework 46 https://github.com/apache/struts 46 https://github.com/shopware/platform 43 https://github.com/argoproj/argo-cd 42 https://github.com/ikus060/rdiffweb 42 https://github.com/concretecms/concretecms 41 https://github.com/grafana/grafana 41 https://github.com/magento/magento2 38 https://github.com/star7th/showdoc 38 https://github.com/phpmyadmin/phpmyadmin 38 https://github.com/vyperlang/vyper 38 https://github.com/x-stream/xstream 37 https://github.com/openstack/nova 37 https://github.com/plone/Products.CMFPlone 37 https://github.com/octobercms/october 35 https://github.com/mautic/mautic 35 https://github.com/rancher/rancher 34 https://github.com/saltstack/salt 34 https://github.com/answerdev/answer 34 https://github.com/craftcms/cms 34 https://github.com/apache/activemq 33 https://github.com/dotnet/runtime 33 https://github.com/opencv/opencv 32 https://github.com/sparklemotion/nokogiri 32 https://github.com/matrix-org/synapse 32 https://github.com/go-gitea/gitea 32 https://github.com/PaddlePaddle/Paddle 31 https://github.com/mlflow/mlflow 31 https://github.com/gradio-app/gradio 31 https://github.com/parse-community/parse-server 31 https://github.com/snipe/snipe-it 30 https://github.com/shopware/shopware 28 https://github.com/openstack/keystone 28 https://github.com/CVEProject/cvelist 28 https://github.com/apache/inlong 27 https://github.com/froxlor/froxlor 26 https://github.com/cilium/cilium 26 https://github.com/baserproject/basercms 26 https://github.com/directus/directus 25 https://github.com/github/advisory-database 25 https://github.com/umbraco/Umbraco-CMS 25 https://github.com/electron/electron 25 https://github.com/contao/contao 25 https://github.com/strapi/strapi 24 https://github.com/getgrav/grav 24 https://github.com/gogs/gogs 24 https://github.com/TYPO3/TYPO3.CMS 23 https://github.com/firefly-iii/firefly-iii 23 https://github.com/eclipse/jetty.project 23 https://github.com/livehelperchat/livehelperchat 23 https://github.com/apache/nifi 23 https://github.com/pmmp/PocketMine-MP 23 https://github.com/langchain-ai/langchain 22 https://github.com/netty/netty 22 https://github.com/nervosnetwork/ckb 22 https://github.com/hashicorp/consul 22 https://github.com/PrestaShop/PrestaShop 22 https://github.com/apache/cxf 21 https://github.com/jenkinsci/script-security-plugin 21 https://github.com/jeecgboot/jeecg-boot 20 https://github.com/OpenNMS/opennms 20 https://github.com/funadmin/funadmin 20 https://github.com/undertow-io/undertow 20 https://github.com/bytecodealliance/wasmtime 20 https://github.com/simplesamlphp/simplesamlphp 20 https://github.com/OpenZeppelin/openzeppelin-contracts 20 https://github.com/zitadel/zitadel 19 https://github.com/getkirby/kirby 19 https://github.com/traefik/traefik 19 https://github.com/cloudfoundry/uaa 19 https://github.com/nilsteampassnet/teampass 19 https://github.com/moby/moby 19 https://github.com/bcgit/bc-java 19 https://github.com/goharbor/harbor 19 https://github.com/rack/rack 18 https://github.com/helm/helm 18 https://github.com/nilsteampassnet/TeamPass 18 https://github.com/rubygems/rubygems 18 https://github.com/intelliants/subrion 18 https://github.com/geoserver/geoserver 18 https://github.com/liufee/cms 17 https://github.com/backstage/backstage 17 https://github.com/mindsdb/mindsdb 17 https://github.com/hashicorp/vault 17 https://github.com/opencast/opencast 17 https://github.com/vaadin/platform 17 https://github.com/mattermost/mattermost 16 https://github.com/ethereum/go-ethereum 16 https://github.com/sequelize/sequelize 16 https://github.com/OpenMage/magento-lts 16 https://github.com/forkcms/forkcms 16 https://github.com/pyload/pyload 16 https://github.com/ethyca/fides 16 https://github.com/denoland/deno 16 https://github.com/rusqlite/rusqlite 16 https://github.com/etcd-io/etcd 16 https://github.com/laravel/framework 16 https://github.com/tinymce/tinymce 16 https://github.com/TYPO3-CMS/core 16 https://github.com/yetiforcecompany/yetiforcecrm 16 https://github.com/pyca/cryptography 15 https://github.com/dompdf/dompdf 15 https://github.com/vantage6/vantage6 15 https://github.com/zendframework/zendframework 15 https://github.com/puppetlabs/puppet 15 https://github.com/PHPMailer/PHPMailer 15 https://github.com/surrealdb/surrealdb 15 https://github.com/decidim/decidim 15 https://github.com/centreon/centreon 15 https://github.com/cobbler/cobbler 15 https://github.com/apache/camel 15 https://github.com/janeczku/calibre-web 14 https://github.com/xuxueli/xxl-job 14 https://github.com/cockpit-hq/cockpit 14 https://github.com/aio-libs/aiohttp 14 https://github.com/vercel/next.js 14 https://github.com/twisted/twisted 14 https://github.com/ckeditor/ckeditor4 14 https://github.com/containerd/containerd 14 https://github.com/hashicorp/nomad 14 https://github.com/dotnet/aspnetcore 14 https://github.com/rails/rails-html-sanitizer 14 https://github.com/swagger-api/swagger-ui 13 https://github.com/dromara/hutool 13 https://github.com/publify/publify 13 https://github.com/laurent22/joplin 13 https://github.com/apache/dolphinscheduler 13 https://github.com/modoboa/modoboa 13 https://github.com/golang/go 13 https://github.com/ming-soft/MCMS 13 https://github.com/OpenRefine/OpenRefine 13 https://github.com/nodejs/undici 13 https://github.com/TryGhost/Ghost 13 https://github.com/OPCFoundation/UA-.NETStandard 13 https://github.com/quarkusio/quarkus 13 https://github.com/puma/puma 12 https://github.com/smarty-php/smarty 12 https://github.com/urllib3/urllib3 12 https://github.com/openfga/openfga 12 https://github.com/apache/kylin 12 https://github.com/openstack/glance 12 https://github.com/patriksimek/vm2 12 https://github.com/pimcore/admin-ui-classic-bundle 12 https://github.com/opencontainers/runc 12 https://github.com/containers/podman 12 https://github.com/PHPOffice/PhpSpreadsheet 12 https://github.com/wagtail/wagtail 12 https://github.com/centreon/centreon-archived 12 https://github.com/1Panel-dev/1Panel 12 https://github.com/getsentry/sentry 11 https://github.com/dolibarr/dolibarr 11 https://github.com/dpgaspar/Flask-AppBuilder 11 https://github.com/NodeBB/NodeBB 11 https://github.com/cakephp/cakephp 11 https://github.com/WWBN/AVideo 11 https://github.com/pomerium/pomerium 11 https://github.com/top-think/framework 11 https://github.com/thorsten/phpMyFAQ 11 https://github.com/ezsystems/ezpublish-kernel 11 https://github.com/Studio-42/elFinder 11 https://github.com/spring-projects/spring-security 11 https://github.com/scrapy/scrapy 11 https://github.com/drupal/core 11 https://github.com/matrix-org/matrix-js-sdk 11 https://github.com/yiisoft/yii2 11 https://github.com/nats-io/nats-server 11 https://github.com/cloudflare/cfrpki 11 https://github.com/onionshare/onionshare 11 https://github.com/igniterealtime/Openfire 11 https://github.com/zenml-io/zenml 11 https://github.com/Pylons/waitress 11 https://github.com/vaadin/flow 11 https://github.com/owen2345/camaleon-cms 11 https://github.com/cri-o/cri-o 11 https://github.com/Sylius/Sylius 11 https://github.com/phusion/passenger 10