Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories

Browse all Security Advisories for

Loading...
High
GSA_kwCzR0hTQS1qZzc0LW13Z3ctdjZ4M84AA_zy
Vault SSH Secrets Engine Configuration Did Not Restrict Valid Principals By Default
Ecosystems: go
Packages: github.com/hashicorp/vault
Source: GitHub Advisory Database
Blast Radius: 25.2
Published: about 2 months ago
High
GSA_kwCzR0hTQS1oNGg1LTk4MzMtdjJwNM4AA_zt
Rancher agents can be hijacked by taking over the Rancher Server URL
Ecosystems: go
Packages: github.com/rancher/rancher
Source: GitHub Advisory Database
Blast Radius: 13.0
Published: about 2 months ago
Low
GSA_kwCzR0hTQS1nNTRmLTY2bXctaHY2Ns4AA_zF
Agnai vulnerable to Relative Path Traversal in Image Upload
Ecosystems: npm
Packages: agnai
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 months ago
Low
GSA_kwCzR0hTQS1oMzU1LWhtNWgtY204aM4AA_zE
Agnai File Disclosure Vulnerability: JSON via Path Traversal
Ecosystems: npm
Packages: agnai
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 months ago
Critical
GSA_kwCzR0hTQS1tcGNoLTg5Z20taG04M84AA_zD
Agnai vulnerable to Remote Code Execution via JS Upload using Directory Traversal
Ecosystems: npm
Packages: agnai
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS1qODI3LTZyZ2YtOTYyOc4AA_zC
Layui has DOM Clobbering gadgets that leads to Cross-site Scripting
Ecosystems: npm
Packages: layui
Source: GitHub Advisory Database
Blast Radius: 9.8
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS13YzQzLTczdzcteDJmNc4AA_zB
Ory Kratos's setting required_aal `highest_available` does not properly respect code + mfa credentials
Ecosystems: go
Packages: github.com/ory/kratos
Source: GitHub Advisory Database
Blast Radius: 4.2
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS1ydzNqLTU3NGgtbXJjcc4AA_zA
IDOR vulnerability in account profile page
Ecosystems: packagist
Packages: aimeos/ai-controller-frontend
Source: GitHub Advisory Database
Blast Radius: 9.6
Published: about 2 months ago
Low
GSA_kwCzR0hTQS0ycXE3LWZjaDItcGhxZs4AA_yk
Maven Archetype Plugin: Maven Archetype integration-test may package local settings into the published artifact, possibly containing credentials
Ecosystems: maven
Packages: org.apache.maven.plugins:maven-archetype-plugin
Source: GitHub Advisory Database
Blast Radius: 5.4
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS01OWhmLW1wZjgtcHFqaM4AA_yl
Mattermost fails to strip `embeds` from `metadata` when broadcasting `posted` events
Ecosystems: go
Packages: github.com/mattermost/mattermost/server/v8
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS03NWoyLTlnbWMtbTg1Nc4AA_yE
Camaleon CMS vulnerable to stored XSS through user file upload (GHSL-2024-184)
Ecosystems: rubygems
Packages: camaleon_cms
Source: GitHub Advisory Database
Blast Radius: 6.9
Published: about 2 months ago
Critical
GSA_kwCzR0hTQS1tODQyLTRxbTgtN2dwcc4AA_yD
Gradio allows users to access arbitrary files
Ecosystems: pypi
Packages: gradio
Source: GitHub Advisory Database
Blast Radius: 33.0
Published: about 2 months ago
High
GSA_kwCzR0hTQS1od3hwLTZxZjctcTNyY84AA_x9
Remote command execution in promptr
Ecosystems: npm
Packages: @ifnotnowwhen/promptr
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 months ago
High
GSA_kwCzR0hTQS12cmN4LWd4M2ctajNoOM4AA_xx
Heap-based Buffer Overflow in sqlite-vec
Ecosystems: cargo, rubygems, npm, pypi
Packages: sqlite-vec
Source: GitHub Advisory Database
Blast Radius: 4.0
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS1tNWd2LW01Zjktd2d2NM4AA_yA
Grafana Agent (Flow mode) on Windows has Unquoted Search Path or Element vulnerability
Ecosystems: go
Packages: github.com/grafana/agent
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS1jaHF4LTM2cm0tcmY4aM4AA_x0
Grafana Alloy on Windows has Unquoted Search Path or Element vulnerability
Ecosystems: go
Packages: github.com/grafana/alloy
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS03OWdwLXE0d3YtMzNmcs4AA_xi
Cross-Site Request Forgery (CSRF) in strawberry-graphql
Ecosystems: pypi
Packages: strawberry-graphql
Source: GitHub Advisory Database
Blast Radius: 11.6
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS1yZ2c4LWc1eDgtd3I5ds4AA_xh
Cross-site scripting (XSS) in the clipboard package
Ecosystems: npm
Packages: @ckeditor/ckeditor5-clipboard, ckeditor5
Source: GitHub Advisory Database
Blast Radius: 25.7
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS00OGNyLWoyY3gtbWNyOM4AA_xB
Apache Answer: Avatar URL leaked user email addresses
Ecosystems: go
Packages: github.com/apache/incubator-answer
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 months ago
Low
GSA_kwCzR0hTQS1mNWZ3LTI1Z3ctNW05Ms4AA_xF
Apache Hadoop: Temporary File Local Information Disclosure
Ecosystems: maven
Packages: org.apache.hadoop:hadoop-common
Source: GitHub Advisory Database
Blast Radius: 14.3
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS02Mzc1LXBnNWotOHdwaM4AA_wF
Denial of service in rocket chat message parser
Ecosystems: npm
Packages: @rocket.chat/message-parser
Source: GitHub Advisory Database
Blast Radius: 18.4
Published: about 2 months ago
Critical
GSA_kwCzR0hTQS05OGhmLW04N3ctY3E2aM4AA_wD
Mellium allows Authentication Bypass by Spoofing
Ecosystems: go
Packages: mellium.im/xmpp
Source: GitHub Advisory Database
Blast Radius: 10.9
Published: about 2 months ago
Low
GSA_kwCzR0hTQS1xN3FyLTIycXctcHFneM4AA_wK
Cross site scripting in Concrete CMS
Ecosystems: packagist
Packages: concrete5/concrete5
Source: GitHub Advisory Database
Blast Radius: 4.1
Published: about 2 months ago
Low
GSA_kwCzR0hTQS14OGgyLTI1NXEtamc0eM4AA_v1
Cross site scripting in Concrete CMS
Ecosystems: packagist
Packages: concrete5/concrete5
Source: GitHub Advisory Database
Blast Radius: 4.6
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS1tNXA5LXh2eGotNjRjOM4AA_wR
Flowise and Flowise Chat Embed vulnerable to Stored Cross-site Scripting
Ecosystems: npm
Packages: flowise, flowise-embed
Source: GitHub Advisory Database
Blast Radius: 17.6
Published: about 2 months ago
High
GSA_kwCzR0hTQS02Z2NoLTYzd3AtNHY1Zs4AA_wz
Apache Linkis Spark EngineConn: Commons Lang's RandomStringUtils Random string security vulnerability
Ecosystems: maven
Packages: org.apache.linkis:linkis-engineplugin-spark
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS0ycm1qLW1xNjctaDk3Z84AA_vW
Spring Framework DoS via conditional HTTP request
Ecosystems: maven
Packages: org.springframework:spring-web
Source: GitHub Advisory Database
Blast Radius: 27.5
Published: about 2 months ago
High
GSA_kwCzR0hTQS1nY3g0LW13NjItZzh3bc4AA_u0
DOM Clobbering Gadget found in rollup bundled scripts that leads to XSS
Ecosystems: npm
Packages: rollup
Source: GitHub Advisory Database
Blast Radius: 38.7
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS04Zng4LTNyZzItNzl4d84AA_uz
Camaleon CMS vulnerable to stored XSS through user file upload (GHSL-2024-184)
Ecosystems: rubygems
Packages: camaleon_cms
Source: GitHub Advisory Database
Blast Radius: 6.9
Published: 2 months ago
High
GSA_kwCzR0hTQS0zaHA4LTZqMjQtbTVnbc4AA_uy
Camaleon CMS vulnerable to remote code execution through code injection (GHSL-2024-185)
Ecosystems: rubygems
Packages: camaleon_cms
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS0yd3E1LWc5NmYtbXYzds4AA_un
Ouch! allows a segmentation fault due to use of uninitialized memory
Ecosystems: cargo
Packages: ouch
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS0zZmM4LTJyM2YtOHdyZ84AA_um
lobe-chat implemented an insufficient fix for GHSA-mxhq-xw3g-rphc (CVE-2024-32964)
Ecosystems: npm
Packages: @lobehub/chat
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 2 months ago
High
GSA_kwCzR0hTQS00bTlwLTd4ZzYtZjRtbc4AA_ul
DataEase has an XML External Entity Reference vulnerability
Ecosystems: maven
Packages: io.dataease:common
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 2 months ago
Critical
GSA_kwCzR0hTQS1oN21qLW03MmgtcW04d84AA_uk
DataEase's H2 datasource has a remote command execution risk
Ecosystems: maven
Packages: io.dataease:common
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 2 months ago
High
GSA_kwCzR0hTQS1qbTl4LXJ4OXgtd3Bxas4AA_ue
OAuth2 client ID and secret exposed through the web browser
Ecosystems: pypi
Packages: pgadmin4
Source: GitHub Advisory Database
Blast Radius: 14.7
Published: 2 months ago
High
GSA_kwCzR0hTQS02ZjYyLTM1OTYtZzZ3N84AA_to
HTTP Request Smuggling in ruby webrick
Ecosystems: rubygems
Packages: webrick
Source: GitHub Advisory Database
Blast Radius: 35.0
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS1yeHE4LXE4NWYtbTg2Ns4AA_tI
Prevent XSS from Confidant API call
Ecosystems: pypi
Packages: confidant
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 months ago
Critical
GSA_kwCzR0hTQS01OHZqLWN2NXctdjR2Ns4AA_tD
Navidrome has Multiple SQL Injections and ORM Leak
Ecosystems: go
Packages: github.com/navidrome/navidrome
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 months ago
High
GSA_kwCzR0hTQS03M3JnLWY5NGoteHZoeM4AA_tC
Plate allows arbitrary DOM attributes in element.attributes and leaf.attributes
Ecosystems: npm
Packages: @udecode/plate-core
Source: GitHub Advisory Database
Blast Radius: 23.2
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS05aGY0LTY3ZmMtNHZmNM4AA_tB
Puma's header normalization allows for client to clobber proxy set headers
Ecosystems: rubygems
Packages: puma
Source: GitHub Advisory Database
Blast Radius: 30.3
Published: 2 months ago
High
GSA_kwCzR0hTQS12dmY4LTJoNjgtOTQ3Nc4AA_sf
Keycloak Open Redirect vulnerability
Ecosystems: maven
Packages: org.keycloak:keycloak-services
Source: GitHub Advisory Database
Blast Radius: 18.7
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS13NjlxLXc0aDQtMmZ4OM4AA_sd
Reverb use after free vulnerability
Ecosystems: pypi
Packages: dm-reverb-nightly, dm-reverb
Source: GitHub Advisory Database
Blast Radius: 13.7
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS00eHg3LTJjeDMteDQ3M84AA_sj
Keycloak SAML signature validation flaw
Ecosystems: maven
Packages: org.keycloak:keycloak-saml-core
Source: GitHub Advisory Database
Blast Radius: 18.1
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS04NGp3LWc0M3YtOGdqbc4AA_sX
DOM Clobbering Gadget found in Rspack's AutoPublicPathRuntimeModule that leads to XSS
Ecosystems: npm
Packages: @rspack/core
Source: GitHub Advisory Database
Blast Radius: 8.0
Published: 2 months ago
High
GSA_kwCzR0hTQS1qajk0LTZmNWMtNjVyOM4AA_sW
ZITADEL Allows Unauthorized Access After Organization or Project Deactivation
Ecosystems: go
Packages: github.com/zitadel/zitadel/v2
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 2 months ago
High
GSA_kwCzR0hTQS1xcjJoLTdwd20taDM5M84AA_sV
ZITADEL's Service Users Deactivation not Working
Ecosystems: go
Packages: github.com/zitadel/zitadel/v2
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 2 months ago
High
GSA_kwCzR0hTQS0ydzVqLXFmdnctMmhmNc4AA_sU
ZITADEL's User Grant Deactivation not Working
Ecosystems: go
Packages: github.com/zitadel/zitadel/v2
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 2 months ago
High
GSA_kwCzR0hTQS03MzVmLXBjOGotdjl3OM4AA_sT
protobuf-java has potential Denial of Service issue
Ecosystems: maven, rubygems
Packages: com.google.protobuf:protobuf-java, com.google.protobuf:protobuf-javalite, com.google.protobuf:protobuf-kotlin, com.google.protobuf:protobuf-kotlin-lite, google-protobuf
Source: GitHub Advisory Database
Blast Radius: 61.8
Published: 2 months ago
High
GSA_kwCzR0hTQS02OGo4LWZwMzgtcDQ4cc4AA_sP
Gematik Referenzvalidator has an XXE vulnerability that can lead to a Server Side Request Forgery attack
Ecosystems: maven
Packages: de.gematik.refv.commons:commons
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 2 months ago
High
GSA_kwCzR0hTQS1jNDU5LTJtNzMtNjdoas4AA_sO
SOFA Hessian Remote Command Execution (RCE) Vulnerability
Ecosystems: maven
Packages: com.alipay.sofa:hessian
Source: GitHub Advisory Database
Blast Radius: 19.5
Published: 2 months ago
Critical
GSA_kwCzR0hTQS02MmM4LW1oNTMtNGNxds4AA_sN
HTTP client can manipulate custom HTTP headers that are added by Traefik
Ecosystems: go
Packages: github.com/traefik/traefik, github.com/traefik/traefik/v2, github.com/traefik/traefik/v3
Source: GitHub Advisory Database
Blast Radius: 12.9
Published: 2 months ago
Critical
GSA_kwCzR0hTQS1ocGM4LTd3cG0tODg5d84AA_sM
Dragonfly2 has hard coded cyptographic key
Ecosystems: go
Packages: d7y.io/dragonfly/v2
Source: GitHub Advisory Database
Blast Radius: 3.0
Published: 2 months ago
Critical
GSA_kwCzR0hTQS14eHh3LTNqNmgtcTdoNs4AA_sL
Grafana plugin SDK Information Leakage
Ecosystems: go
Packages: github.com/grafana/grafana-plugin-sdk-go
Source: GitHub Advisory Database
Blast Radius: 15.9
Published: 2 months ago
Critical
GSA_kwCzR0hTQS1wMnFqLXI1M2otaDN4as4AA_sB
LangChain Experimental Eval Injection vulnerability
Ecosystems: pypi
Packages: langchain-experimental
Source: GitHub Advisory Database
Blast Radius: 22.7
Published: 2 months ago
High
GSA_kwCzR0hTQS01aGM1LWZ4cjktNWZyY84AA_rw
Mautic has insufficient authentication in upgrade flow
Ecosystems: packagist
Packages: mautic/core
Source: GitHub Advisory Database
Blast Radius: 3.7
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS04dmZmLTM1cW0tcWp2ds4AA_rk
Mautic allows users enumeration due to weak password login
Ecosystems: packagist
Packages: mautic/core
Source: GitHub Advisory Database
Blast Radius: 2.1
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS1xZjZtLTZtNGctcm1yY84AA_rj
Mautic has insufficient authentication in upgrade flow
Ecosystems: packagist
Packages: mautic/core-lib, mautic/core
Source: GitHub Advisory Database
Blast Radius: 15.0
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS14cGM1LXJyMzktdjh2Ms4AA_ri
Mautic has an XSS in contact tracking and page hits report
Ecosystems: packagist
Packages: mautic/core, mautic/core-lib
Source: GitHub Advisory Database
Blast Radius: 14.1
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS03M2dyLTMyd2ctcWhoN84AA_rh
Mautic vulnerable to XSS in contact/company tracking (no authentication)
Ecosystems: packagist
Packages: mautic/core-lib, mautic/core
Source: GitHub Advisory Database
Blast Radius: 10.4
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS14djY4LXJybXctOXh3Zs4AA_rg
Mautic vulnerable to Cross-site Scripting (XSS) - stored (edit form HTML field)
Ecosystems: packagist
Packages: mautic/core-lib, mautic/core
Source: GitHub Advisory Database
Blast Radius: 9.3
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS1oOTJxLWZncHAtcWhycc4AA_rV
CoreDNS Cache Poisoning via a birthday attack
Ecosystems: go
Packages: github.com/coredns/coredns
Source: GitHub Advisory Database
Blast Radius: 11.6
Published: 2 months ago
Critical
GSA_kwCzR0hTQS03MjNoLXgzN2ctZjhxbc4AA_rL
Chaosblade vulnerable to OS command execution
Ecosystems: go
Packages: github.com/chaosblade-io/chaosblade
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 months ago
High
GSA_kwCzR0hTQS1wbXY5LTN4cXAtOHc0Ms4AA_rJ
Mesop has a local file Inclusion via static file serving functionality
Ecosystems: pypi
Packages: mesop
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 2 months ago
High
GSA_kwCzR0hTQS14M2p4LTV3Nm0tcTJmY84AA_rI
Mautic vulnerable to Improper Access Control in UI upgrade process
Ecosystems: packagist
Packages: mautic/core, mautic/core-lib
Source: GitHub Advisory Database
Blast Radius: 13.5
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS1qaGc2LTZxcngtMzhtcs4AA_rH
SpiceDB having multiple caveats on resources of the same type may improperly result in no permission
Ecosystems: go
Packages: github.com/authzed/spicedb
Source: GitHub Advisory Database
Blast Radius: 4.6
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS02OGc4LWMyNzUteGYybc4AA_rG
Directus vulnerable to SSRF Loopback IP filter bypass
Ecosystems: npm
Packages: @directus/api, directus
Source: GitHub Advisory Database
Blast Radius: 10.3
Published: 2 months ago
High
GSA_kwCzR0hTQS1ycnI4LWY4OHItaDhxNs4AA_rF
find-my-way has a ReDoS vulnerability in multiparametric routes
Ecosystems: npm
Packages: find-my-way
Source: GitHub Advisory Database
Blast Radius: 32.0
Published: 2 months ago
High
GSA_kwCzR0hTQS03eDR3LWNqOXItaDR2Oc4AA_rE
Camaleon CMS vulnerable to remote code execution through code injection (GHSL-2024-185)
Ecosystems: rubygems
Packages: camaleon_cms
Source: GitHub Advisory Database
Blast Radius: 9.2
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS1yOWNyLXFtZnctcG1yY84AA_rD
Camaleon CMS vulnerable to stored XSS through user file upload (GHSL-2024-184)
Ecosystems: rubygems
Packages: camaleon_cms
Source: GitHub Advisory Database
Blast Radius: 6.9
Published: 2 months ago
High
GSA_kwCzR0hTQS1jcDY1LTVtOXItdmMyY84AA_rC
Camaleon CMS vulnerable to arbitrary path traversal (GHSL-2024-183)
Ecosystems: rubygems
Packages: camaleon_cms
Source: GitHub Advisory Database
Blast Radius: 8.3
Published: 2 months ago
High
GSA_kwCzR0hTQS13MzkyLTc1cTgtdnI2N84AA_qa
Guardrails has an arbitrary code execution vulnerability
Ecosystems: pypi
Packages: guardrails-ai
Source: GitHub Advisory Database
Blast Radius: 5.3
Published: 2 months ago
High
GSA_kwCzR0hTQS1oZm13LTdnM20tZ2o2cc4AA_qG
CoreDNS vulnerable to TuDoor Attacks
Ecosystems: go
Packages: github.com/coredns/coredns
Source: GitHub Advisory Database
Blast Radius: 18.4
Published: 2 months ago
High
GSA_kwCzR0hTQS1nNHI3LTg2Z20tcGdxY84AA_qi
sqlitedict insecure deserialization vulnerability
Ecosystems: pypi
Packages: sqlitedict
Source: GitHub Advisory Database
Blast Radius: 27.6
Published: 2 months ago
High
GSA_kwCzR0hTQS13bWpnLXZxaHYtcTVwNc4AA_ph
Camaleon CMS affected by arbitrary file write to RCE (GHSL-2024-182)
Ecosystems: rubygems
Packages: camaleon_cms
Source: GitHub Advisory Database
Blast Radius: 11.3
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS1wZzRtLTNncDYtaHc0d84AA_pg
org.xwiki.platform:xwiki-platform-notifications-ui leaks data of notification filters of users
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-notifications-ui
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 2 months ago
High
GSA_kwCzR0hTQS1yOTV3LTg4OXEteDJneM4AA_pf
org.xwiki.platform:xwiki-platform-notifications-ui is missing checks for notification filter preferences editions
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-notifications-ui
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS1nYzdxLWpnanYtdmpyMs4AA_nT
Keycloak Services has a potential bypass of brute force protection
Ecosystems: maven
Packages: org.keycloak:keycloak-services
Source: GitHub Advisory Database
Blast Radius: 17.9
Published: 2 months ago
High
GSA_kwCzR0hTQS1ncDhmLThtM2ctcXZqOc4AA_nS
Next.js Cache Poisoning
Ecosystems: npm
Packages: next
Source: GitHub Advisory Database
Blast Radius: 41.5
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS1xanhmLW1jNzItd2pyMs4AA_nR
Devise-Two-Factor Authentication Uses Insufficient Default OTP Shared Secret Length
Ecosystems: rubygems
Packages: devise-two-factor
Source: GitHub Advisory Database
Blast Radius: 17.3
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS01ajk0LWYzbWYtODY4Nc4AA_nQ
@backstage/plugin-techdocs-backend vulnerable to circumvention of cross site scripting protection
Ecosystems: npm
Packages: @backstage/plugin-techdocs-backend
Source: GitHub Advisory Database
Blast Radius: 17.0
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS03NHFtLTR2N3ItancyZs4AA_nH
Heap-based Buffer Overflow in MicroPython
Ecosystems: pypi
Packages: micropython-string, micropython-os-path, micropython-io, micropython-copy
Source: GitHub Advisory Database
Blast Radius: 6.2
Published: 2 months ago
Low
GSA_kwCzR0hTQS1wNzJ3LXI2ZnYtNmc1aM4AA_m_
druid-pac4j, Apache Druid extension, has Padding Oracle vulnerability
Ecosystems: maven
Packages: org.apache.druid.extensions:druid-pac4j
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS12aDN4LTUyNW0tanA0cs4AA_nK
heap-buffer-overflow in MicroPython
Ecosystems: pypi
Packages: micropython-os, micropython-io, micropython-copy
Source: GitHub Advisory Database
Blast Radius: 7.3
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS05OThjLXE4aGgtaDhnds4AA_nA
Concrete CMS stored XSS vulnerability in the "Top Navigator Bar" block
Ecosystems: packagist
Packages: concrete5/concrete5
Source: GitHub Advisory Database
Blast Radius: 4.1
Published: 2 months ago
Low
GSA_kwCzR0hTQS1qaDY2LTM1NDUtdnBtN84AA_nI
Apache Druid: Users can provide MySQL JDBC properties not on allow list
Ecosystems: maven
Packages: org.apache.druid:druid
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS1wd3dwLTNxN2otOW14OM4AA_nB
Use After Free in MicroPython
Ecosystems: pypi
Packages: micropython-io, micropython-copy
Source: GitHub Advisory Database
Blast Radius: 1.7
Published: 2 months ago
High
GSA_kwCzR0hTQS0zOXYzLWYyNzgtdmozZ84AA_m8
@backstage/plugin-techdocs-backend storage bucket Directory Traversal vulnerability
Ecosystems: npm
Packages: @backstage/plugin-techdocs-backend
Source: GitHub Advisory Database
Blast Radius: 17.0
Published: 2 months ago
High
GSA_kwCzR0hTQS0zeDNmLWpjcDMtZzIyas4AA_m7
@backstage/plugin-catalog-backend Prototype Pollution vulnerability
Ecosystems: npm
Packages: @backstage/plugin-catalog-backend
Source: GitHub Advisory Database
Blast Radius: 17.2
Published: 2 months ago
Critical
GSA_kwCzR0hTQS0yZ2g2LXdjM20tZzM3Zs4AA_m6
hermes-management is vulnerable to RCE due to Apache commons-jxpath
Ecosystems: maven
Packages: pl.allegro.tech.hermes:hermes-management
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS02NHZyLWc0NTItcXZwM84AA_m5
Vite DOM Clobbering gadget found in vite bundled scripts that leads to XSS
Ecosystems: npm
Packages: vite
Source: GitHub Advisory Database
Blast Radius: 35.6
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS05Y3d4LTI4ODMtNHdmeM4AA_m4
Vite's `server.fs.deny` is bypassed when using `?import&raw`
Ecosystems: npm
Packages: vite
Source: GitHub Advisory Database
Blast Radius: 29.5
Published: 2 months ago
High
GSA_kwCzR0hTQS01MzRjLWhjcjctNjdqZ84AA_m3
Kimai has an XXE Leading to Local File Read
Ecosystems: packagist
Packages: kimai/kimai
Source: GitHub Advisory Database
Blast Radius: 7.8
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS13YzM2LTk2OTQtZjlyZs4AA_mw
vLLM Denial of Service via the best_of parameter
Ecosystems: pypi
Packages: vllm
Source: GitHub Advisory Database
Blast Radius: 4.3
Published: 2 months ago
High
GSA_kwCzR0hTQS13MnI3LTk1NzktMjdoZs4AA_m0
vLLM denial of service vulnerability
Ecosystems: pypi
Packages: vllm
Source: GitHub Advisory Database
Blast Radius: 5.2
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS1ydzVoLWc4eHEtNjg3N84AA_mq
Wire UI has a JS XSS Vulnerability on route /wireui/button?label=Content
Ecosystems: packagist
Packages: wireui/wireui
Source: GitHub Advisory Database
Blast Radius: 11.2
Published: 2 months ago
High
GSA_kwCzR0hTQS12MzQ1LXc5ZjItbXBtNc4AA_mp
Sentry improperly authorizes muting of alert rules
Ecosystems: pypi
Packages: sentry
Source: GitHub Advisory Database
Blast Radius: 16.5
Published: 2 months ago
High
GSA_kwCzR0hTQS01NG0zLTk1ajktdjg5as4AA_mo
Sentry improperly authorizes deletion of user issue alert notifications
Ecosystems: pypi
Packages: sentry
Source: GitHub Advisory Database
Blast Radius: 15.1
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS1xMjVjLXI0ODItNzdwOc4AA_mj
powermail TYPO3 extension has Insecure Direct Object Reference
Ecosystems: packagist
Packages: in2code/powermail
Source: GitHub Advisory Database
Blast Radius: 7.4
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS02cmdoLXI2ajMtMzIyM84AA_mg
czim/file-handling vulnerable to SSRF and directory traversal
Ecosystems: packagist
Packages: czim/file-handling
Source: GitHub Advisory Database
Blast Radius: 10.3
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS0yeHBxLXhwNmMtNW1nas4AA_md
Contao affected by insert tag injection via canonical URL
Ecosystems: packagist
Packages: contao/core-bundle
Source: GitHub Advisory Database
Blast Radius: 17.4
Published: 2 months ago
Statistics
Advisories: 20,713
Packages: 9,066
Repositories: 5,542
Ecosystems: 12
Filter by Severity
Moderate 8,860 High 7,285 Critical 3,071 Low 1,148
Filter by Ecosystem
maven 5,870 packagist 4,634 pypi 4,392 npm 3,814 go 2,299 nuget 1,552 cargo 888 rubygems 880 swift 33 hex 32 actions 20 pub 9
Filter by Package
tensorflow 433 tensorflow-gpu 427 tensorflow-cpu 423 moodle/moodle 367 Microsoft.ChakraCore 247 magento/community-edition 235 org.jenkins-ci.main:jenkins-core 193 typo3/cms 174 org.apache.tomcat:tomcat 132 pimcore/pimcore 118 dolibarr/dolibarr 113 typo3/cms-core 106 Django 100 microweber/microweber 94 phpmyadmin/phpmyadmin 92 drupal/core 92 apache-airflow 85 silverstripe/framework 85 drupal/drupal 78 librenms/librenms 74 Plone 72 thorsten/phpmyfaq 70 symfony/symfony 69 com.fasterxml.jackson.core:jackson-databind 69 github.com/usememos/memos 64 ansible 63 github.com/mattermost/mattermost/server/v8 61 concrete5/concrete5 60 actionpack 60 salt 56 org.apache.struts:struts2-core 55 shopware/platform 52 apache-superset 51 org.keycloak:keycloak-core 51 github.com/grafana/grafana 49 nova 47 baserproject/basercms 47 craftcms/cms 46 mlflow 46 com.liferay.portal:release.portal.bom 46 django 44 nokogiri 43 rdiffweb 42 plone 41 showdoc/showdoc 40 shopware/core 40 intelliants/subrion 39 org.apache.tomcat.embed:tomcat-embed-core 38 github.com/rancher/rancher 38 vyper 38 froxlor/froxlor 38 github.com/mattermost/mattermost-server/v6 37 mautic/core 37 org.xwiki.platform:xwiki-platform-oldcore 37 github.com/hashicorp/vault 37 com.thoughtworks.xstream:xstream 37 nilsteampassnet/teampass 37 org.keycloak:keycloak-services 36 k8s.io/kubernetes 36 com.jfinal:jfinal 36 org.elasticsearch:elasticsearch 36 moin 35 snipe/snipe-it 35 net.mingsoft:ms-mcms 35 matrix-synapse 35 zendframework/zendframework1 34 gradio 34 github.com/answerdev/answer 34 io.undertow:undertow-core 34 org.jenkins-ci.plugins:script-security 33 keystone 32 Pillow 31 opencv-contrib-python 31 github.com/argoproj/argo-cd 31 opencv-python 31 parse-server 31 shopware/shopware 30 github.com/docker/docker 29 github.com/hashicorp/consul 29 getgrav/grav 29 github.com/hashicorp/nomad 28 mediawiki/core 28 centreon/centreon 27 github.com/argoproj/argo-cd/v2 27 directus 26 prestashop/prestashop 26 openssl-src 26 pillow 26 electron 26 github.com/cilium/cilium 25 org.apache.solr:solr-core 25 gogs.io/gogs 25 org.keycloak:keycloak-parent 25 rubygems-update 25 magento/core 24 org.springframework.security:spring-security-core 24 org.eclipse.jetty:jetty-server 24 contao/core-bundle 24 pocketmine/pocketmine-mp 23 grumpydictator/firefly-iii 23 zendframework/zendframework 23 remdex/livehelperchat 23 rack 23 simplesamlphp/simplesamlphp 23 puppet 23 tribalsystems/zenario 22 getkirby/cms 22 ckb 22 org.bouncycastle:bcprov-jdk14 22 Microsoft.AspNetCore.App.Runtime.win-x64 21 Microsoft.AspNetCore.App.Runtime.win-x86 21 @openzeppelin/contracts-upgradeable 21 org.apache.nifi:nifi 21 activerecord 21 glance 21 org.apache.openmeetings:openmeetings-parent 21 org.cloudfoundry.identity:cloudfoundry-identity-server 20 @openzeppelin/contracts 20 laravel/framework 20 code.gitea.io/gitea 20 github.com/ethereum/go-ethereum 20 Microsoft.AspNetCore.App.Runtime.win-arm 20 funadmin/funadmin 20 langchain 20 contao/contao 19 DotNetNuke.Core 19 github.com/goharbor/harbor 19 org.springframework:spring-core 19 wasmtime 19 org.xwiki.platform:xwiki-platform-web-templates 19 forkcms/forkcms 18 golang.org/x/net 18 Microsoft.AspNetCore.App.Runtime.linux-arm64 18 mindsdb 18 topthink/framework 18 cobbler 18 next 18 github.com/traefik/traefik/v2 18 com.liferay.portal:release.dxp.bom 18 Microsoft.AspNetCore.App.Runtime.linux-musl-x64 18 cockpit-hq/cockpit 18 mercurial 18 Microsoft.AspNetCore.App.Runtime.osx-x64 18 Microsoft.AspNetCore.App.Runtime.win-arm64 18 com.vaadin:vaadin-bom 18 Microsoft.AspNetCore.App.Runtime.linux-arm 18 Microsoft.AspNetCore.App.Runtime.linux-x64 18 Microsoft.AspNetCore.App.Runtime.linux-musl-arm64 17 ezsystems/ezpublish-kernel 17 genix/cms 17 helm.sh/helm/v3 17 notebook 17 cakephp/cakephp 17 symfony/security 17 org.apache.geode:geode-core 17 opencart/opencart 17 francoisjacquet/rosariosis 17 paddlepaddle 16 pyload-ng 16 yetiforce/yetiforce-crm 16 phpbb/phpbb 16 neutron 16 tinymce 16 org.apache.dubbo:dubbo 16 cryptography 16 org.apache.activemq:activemq-client 16 github.com/zitadel/zitadel 16 typo3/cms-backend 16 rusqlite 16 PaddlePaddle 16 sequelize 16 org.apache.jspwiki:jspwiki-main 16 openmage/magento-lts 16 org.bouncycastle:bcprov-jdk15 16 ckeditor4 15 ec-cube/ec-cube 15 OctoPrint 15 calibreweb 15 ethyca-fides 15 symfony/security-http 15 org.apache.struts.xwork:xwork-core 15 ghost 15 smarty/smarty 15 october/system 15 surrealdb 15 dompdf/dompdf 14 swagger-ui 14 joplin 14 bolt/bolt 14 feehi/cms 14 org.xwiki.platform:xwiki-platform-web 14 modoboa 14 silverstripe/cms 14 phpmailer/phpmailer 14 activesupport 14 github.com/nats-io/nats-server/v2 14 publify_core 14 org.apache.inlong:manager-pojo 14 github.com/containerd/containerd 14 pyftpdlib 14
Filter by Repository
https://github.com/tensorflow/tensorflow 433 https://github.com/moodle/moodle 218 https://github.com/chakra-core/ChakraCore 214 https://github.com/xwiki/xwiki-platform 183 https://github.com/jenkinsci/jenkins 150 https://github.com/pimcore/pimcore 113 https://github.com/django/django 113 https://github.com/apache/tomcat 101 https://github.com/apache/airflow 100 https://github.com/microweber/microweber 88 https://github.com/TYPO3/typo3 74 https://github.com/keycloak/keycloak 74 https://github.com/FasterXML/jackson-databind 70 https://github.com/thorsten/phpmyfaq 69 https://github.com/librenms/librenms 66 https://github.com/silverstripe/silverstripe-framework 64 https://github.com/usememos/memos 64 https://github.com/symfony/symfony 64 https://github.com/rails/rails 59 https://github.com/ansible/ansible 58 https://github.com/Dolibarr/dolibarr 56 https://github.com/kubernetes/kubernetes 53 https://github.com/python-pillow/Pillow 52 https://github.com/apache/struts 46 https://github.com/spring-projects/spring-framework 45 https://github.com/shopware/platform 43 https://github.com/ikus060/rdiffweb 42 https://github.com/argoproj/argo-cd 42 https://github.com/concretecms/concretecms 41 https://github.com/grafana/grafana 41 https://github.com/vyperlang/vyper 38 https://github.com/magento/magento2 38 https://github.com/star7th/showdoc 38 https://github.com/phpmyadmin/phpmyadmin 38 https://github.com/plone/Products.CMFPlone 37 https://github.com/x-stream/xstream 37 https://github.com/openstack/nova 37 https://github.com/mautic/mautic 35 https://github.com/octobercms/october 35 https://github.com/saltstack/salt 34 https://github.com/craftcms/cms 34 https://github.com/answerdev/answer 34 https://github.com/rancher/rancher 34 https://github.com/dotnet/runtime 33 https://github.com/apache/activemq 33 https://github.com/go-gitea/gitea 32 https://github.com/sparklemotion/nokogiri 32 https://github.com/opencv/opencv 32 https://github.com/matrix-org/synapse 32 https://github.com/gradio-app/gradio 31 https://github.com/PaddlePaddle/Paddle 31 https://github.com/parse-community/parse-server 31 https://github.com/mlflow/mlflow 30 https://github.com/snipe/snipe-it 30 https://github.com/CVEProject/cvelist 28 https://github.com/shopware/shopware 28 https://github.com/openstack/keystone 28 https://github.com/apache/inlong 27 https://github.com/froxlor/froxlor 26 https://github.com/baserproject/basercms 26 https://github.com/github/advisory-database 25 https://github.com/cilium/cilium 25 https://github.com/umbraco/Umbraco-CMS 25 https://github.com/electron/electron 25 https://github.com/contao/contao 25 https://github.com/directus/directus 25 https://github.com/getgrav/grav 24 https://github.com/strapi/strapi 24 https://github.com/TYPO3/TYPO3.CMS 24 https://github.com/gogs/gogs 24 https://github.com/pmmp/PocketMine-MP 23 https://github.com/apache/nifi 23 https://github.com/firefly-iii/firefly-iii 23 https://github.com/eclipse/jetty.project 23 https://github.com/livehelperchat/livehelperchat 23 https://github.com/PrestaShop/PrestaShop 22 https://github.com/hashicorp/consul 22 https://github.com/nervosnetwork/ckb 22 https://github.com/langchain-ai/langchain 22 https://github.com/netty/netty 21 https://github.com/jenkinsci/script-security-plugin 21 https://github.com/apache/cxf 21 https://github.com/OpenNMS/opennms 20 https://github.com/jeecgboot/jeecg-boot 20 https://github.com/funadmin/funadmin 20 https://github.com/bytecodealliance/wasmtime 20 https://github.com/undertow-io/undertow 20 https://github.com/OpenZeppelin/openzeppelin-contracts 20 https://github.com/simplesamlphp/simplesamlphp 20 https://github.com/goharbor/harbor 19 https://github.com/getkirby/kirby 19 https://github.com/cloudfoundry/uaa 19 https://github.com/zitadel/zitadel 19 https://github.com/nilsteampassnet/teampass 19 https://github.com/bcgit/bc-java 19 https://github.com/geoserver/geoserver 18 https://github.com/rubygems/rubygems 18 https://github.com/rack/rack 18 https://github.com/helm/helm 18 https://github.com/traefik/traefik 18 https://github.com/intelliants/subrion 18 https://github.com/nilsteampassnet/TeamPass 18 https://github.com/vaadin/platform 17 https://github.com/opencast/opencast 17 https://github.com/liufee/cms 17 https://github.com/mindsdb/mindsdb 17 https://github.com/moby/moby 17 https://github.com/hashicorp/vault 17 https://github.com/OpenMage/magento-lts 16 https://github.com/mattermost/mattermost 16 https://github.com/rusqlite/rusqlite 16 https://github.com/tinymce/tinymce 16 https://github.com/ethereum/go-ethereum 16 https://github.com/pyload/pyload 16 https://github.com/yetiforcecompany/yetiforcecrm 16 https://github.com/TYPO3-CMS/core 16 https://github.com/forkcms/forkcms 16 https://github.com/backstage/backstage 16 https://github.com/etcd-io/etcd 16 https://github.com/laravel/framework 16 https://github.com/sequelize/sequelize 16 https://github.com/pyca/cryptography 15 https://github.com/cobbler/cobbler 15 https://github.com/zendframework/zendframework 15 https://github.com/centreon/centreon 15 https://github.com/puppetlabs/puppet 15 https://github.com/ethyca/fides 15 https://github.com/denoland/deno 15 https://github.com/surrealdb/surrealdb 15 https://github.com/dompdf/dompdf 15 https://github.com/decidim/decidim 15 https://github.com/PHPMailer/PHPMailer 15 https://github.com/vantage6/vantage6 15 https://github.com/apache/camel 15 https://github.com/janeczku/calibre-web 14 https://github.com/containerd/containerd 14 https://github.com/dotnet/aspnetcore 14 https://github.com/aio-libs/aiohttp 14 https://github.com/twisted/twisted 14 https://github.com/hashicorp/nomad 14 https://github.com/cockpit-hq/cockpit 14 https://github.com/vercel/next.js 14 https://github.com/xuxueli/xxl-job 14 https://github.com/ckeditor/ckeditor4 14 https://github.com/modoboa/modoboa 13 https://github.com/nodejs/undici 13 https://github.com/swagger-api/swagger-ui 13 https://github.com/OPCFoundation/UA-.NETStandard 13 https://github.com/TryGhost/Ghost 13 https://github.com/publify/publify 13 https://github.com/OpenRefine/OpenRefine 13 https://github.com/dromara/hutool 13 https://github.com/laurent22/joplin 13 https://github.com/apache/dolphinscheduler 13 https://github.com/quarkusio/quarkus 13 https://github.com/ming-soft/MCMS 13 https://github.com/golang/go 13 https://github.com/patriksimek/vm2 12 https://github.com/smarty-php/smarty 12 https://github.com/openfga/openfga 12 https://github.com/containers/podman 12 https://github.com/PHPOffice/PhpSpreadsheet 12 https://github.com/centreon/centreon-archived 12 https://github.com/pimcore/admin-ui-classic-bundle 12 https://github.com/urllib3/urllib3 12 https://github.com/puma/puma 12 https://github.com/wagtail/wagtail 12 https://github.com/openstack/glance 12 https://github.com/1Panel-dev/1Panel 12 https://github.com/opencontainers/runc 12 https://github.com/apache/kylin 12 https://github.com/Studio-42/elFinder 11 https://github.com/getsentry/sentry 11 https://github.com/drupal/core 11 https://github.com/igniterealtime/Openfire 11 https://github.com/cloudflare/cfrpki 11 https://github.com/Pylons/waitress 11 https://github.com/scrapy/scrapy 11 https://github.com/NodeBB/NodeBB 11 https://github.com/vaadin/flow 11 https://github.com/nats-io/nats-server 11 https://github.com/ezsystems/ezpublish-kernel 11 https://github.com/onionshare/onionshare 11 https://github.com/thorsten/phpMyFAQ 11 https://github.com/yiisoft/yii2 11 https://github.com/spring-projects/spring-security 11 https://github.com/dpgaspar/Flask-AppBuilder 11 https://github.com/cakephp/cakephp 11 https://github.com/WWBN/AVideo 11 https://github.com/Sylius/Sylius 11 https://github.com/zenml-io/zenml 11 https://github.com/matrix-org/matrix-js-sdk 11 https://github.com/dolibarr/dolibarr 11 https://github.com/pomerium/pomerium 11 https://github.com/top-think/framework 11 https://github.com/owen2345/camaleon-cms 11 https://github.com/opencart/opencart 10 https://github.com/jupyter/notebook 10 https://github.com/jquery/jquery 10