Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories

Browse all Security Advisories for

Loading...
Moderate
GSA_kwCzR0hTQS00cDc1LTVwNTMtNjVtOc4AA_mc
Contao affected by directory traversal in the file selector widget
Ecosystems: packagist
Packages: contao/core-bundle
Source: GitHub Advisory Database
Blast Radius: 14.1
Published: 2 months ago
High
GSA_kwCzR0hTQS12bTZyLWo3ODgtaGpoNc4AA_mb
Contao affected by remote command execution through file upload
Ecosystems: packagist
Packages: contao/core-bundle
Source: GitHub Advisory Database
Blast Radius: 27.3
Published: 2 months ago
High
GSA_kwCzR0hTQS1mMmptLXJ3M2gtNnBoZ84AA_ma
LangChain pickle deserialization of untrusted data
Ecosystems: pypi
Packages: langchain-community
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS1xcXY4LXBoN2YtaDNmN84AA_mB
OpenShift Builder has a path traversal, allows command injection in privileged BuildContainer
Ecosystems: go
Packages: github.com/openshift/builder
Source: GitHub Advisory Database
Blast Radius: 11.2
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS1qOGdoLTg3cngtYzd3Oc4AA_mA
OpenShift Controller Manager Improper Privilege Management
Ecosystems: go
Packages: github.com/openshift/openshift-controller-manager
Source: GitHub Advisory Database
Blast Radius: 9.9
Published: 2 months ago
High
GSA_kwCzR0hTQS1tbWh4LWhtanItcjY3NM4AA_kd
DOMPurify allows tampering by prototype pollution
Ecosystems: npm
Packages: dompurify
Source: GitHub Advisory Database
Blast Radius: 33.3
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS14bXhqLXYycTgtOHF4Ns4AA_kc
Concrete CMS Stored XSS in the "Next&Previous Nav" block
Ecosystems: packagist
Packages: concrete5/concrete5
Source: GitHub Advisory Database
Blast Radius: 2.0
Published: 2 months ago
Low
GSA_kwCzR0hTQS0yMzI2LXBmcGotdngzaM4AA_kC
lexical-core has multiple soundness issues
Ecosystems: cargo
Packages: lexical-core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS12dnF3LWZxd3gtbXFtbc4AA_kB
Decidim::Admin vulnerable to cross-site scripting (XSS) in the admin panel with QuillJS WYSWYG editor
Ecosystems: rubygems
Packages: decidim
Source: GitHub Advisory Database
Blast Radius: 13.5
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS1yeDlmLTVnZ3YtNXJoNs4AA_kA
Decidim::Admin vulnerable to cross-site scripting (XSS) in the admin activity log
Ecosystems: rubygems
Packages: decidim-admin
Source: GitHub Advisory Database
Blast Radius: 17.0
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS01Nzc3LXJjamotOXAyMs4AA_j9
Mattermost Desktop App fails to safeguard screen capture functionality
Ecosystems: npm
Packages: mattermost-desktop
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 months ago
Low
GSA_kwCzR0hTQS14Z3E5LTdndzYtanI1cs4AA_j6
Mattermost Desktop App fails to sufficiently configure Electron Fuses
Ecosystems: npm
Packages: mattermost-desktop
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 months ago
Critical
GSA_kwCzR0hTQS0zeHEyLXc2ajQtYzk5cs4AA_jU
Apache Seata Deserialization of Untrusted Data vulnerability
Ecosystems: maven
Packages: org.apache.seata:seata-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 2 months ago
High
GSA_kwCzR0hTQS1odjM4LWg1cGotYzk2as4AA_jk
OpenDaylight Model-Driven Service Abstraction Layer (MD-SAL) allows follower controller to set up flow entries
Ecosystems: maven
Packages: org.opendaylight.mdsal:mdsal-artifacts
Source: GitHub Advisory Database
Blast Radius: 10.7
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS13ajRqLXFjMm0tZmdoN84AA_jS
Mattermost Desktop App Uncontrolled Search Path Vulnerability
Ecosystems: npm
Packages: mattermost-desktop
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS00NmhyLTNjcTMtbWNncM4AA_jo
OpenDaylight Authentication, Authorization and Accounting (AAA) peer impersonation vulnerability
Ecosystems: maven
Packages: org.opendaylight.aaa:aaa-artifacts
Source: GitHub Advisory Database
Blast Radius: 4.9
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS1wbWhnLWY3d2MtYzk3bc4AA_i5
Aim Stored XSS through TEXT EXPLORER
Ecosystems: pypi
Packages: aim
Source: GitHub Advisory Database
Blast Radius: 7.5
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS1mZzVtLW03MjMtN212Ns4AA_jY
D-Tale Command Execution Vulnerability
Ecosystems: pypi
Packages: dtale
Source: GitHub Advisory Database
Blast Radius: 14.2
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS1tcm1oLTNocWgtcGZ3N84AA_jX
Composio Code Injection Vulnerability
Ecosystems: pypi
Packages: composio-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS02NnIyLXhtMjgtNzR3Oc4AA_ju
Composio Path Traversal vulnerability
Ecosystems: pypi
Packages: composio-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 2 months ago
High
GSA_kwCzR0hTQS1qcHhjLXZtamYtOWZjas4AA_i3
Ansible vulnerable to Insertion of Sensitive Information into Log File
Ecosystems: pypi
Packages: ansible-core
Source: GitHub Advisory Database
Blast Radius: 18.3
Published: 2 months ago
High
GSA_kwCzR0hTQS02cDJxLThxZnEtd3E3eM4AA_iU
Lunary improper access control vulnerability
Ecosystems: npm
Packages: lunary
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS05am1wLWo2M2ctOHg2bc4AA_iQ
Lunary information disclosure vulnerability
Ecosystems: npm
Packages: lunary
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS12Nng2LTR2NHgtMmZ4Oc4AA_iV
Lunary Cross-Site Request Forgery (CSRF) vulnerability
Ecosystems: npm
Packages: lunary
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 2 months ago
High
GSA_kwCzR0hTQS13NzNyLThtbTQtY2Z2Zs4AA_iR
Lunary Improper Authentication vulnerability
Ecosystems: npm
Packages: lunary
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 2 months ago
High
GSA_kwCzR0hTQS1nMjZqLTUzODUtaGh3M84AA_if
LiteLLM Server-Side Request Forgery (SSRF) vulnerability
Ecosystems: pypi
Packages: litellm
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 months ago
High
GSA_kwCzR0hTQS1jeDdmLWc2bXAtN2hxbc4AA_gn
Path traversal vulnerability in functional web frameworks
Ecosystems: maven
Packages: org.springframework:spring-webflux, org.springframework:spring-webmvc
Source: GitHub Advisory Database
Blast Radius: 40.2
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS1td2hmLXZocjUtN2oyM84AA_gO
whatsapp-api-js fails to validate message's signature
Ecosystems: npm
Packages: whatsapp-api-js
Source: GitHub Advisory Database
Blast Radius: 5.8
Published: 2 months ago
High
GSA_kwCzR0hTQS13ZjlnLWM2N2ctaDRjaM4AA_fs
MindsDB Eval Injection vulnerability
Ecosystems: pypi
Packages: mindsdb
Source: GitHub Advisory Database
Blast Radius: 16.5
Published: 2 months ago
High
GSA_kwCzR0hTQS03dmhoLWdmamMteDhybc4AA_f3
MindsDB Deserialization of Untrusted Data vulnerability
Ecosystems: pypi
Packages: mindsdb
Source: GitHub Advisory Database
Blast Radius: 13.3
Published: 2 months ago
High
GSA_kwCzR0hTQS1xOXI4LTg5eHItNHh2NM4AA_fw
MindsDB Deserialization of Untrusted Data vulnerability
Ecosystems: pypi
Packages: mindsdb
Source: GitHub Advisory Database
Blast Radius: 13.3
Published: 2 months ago
High
GSA_kwCzR0hTQS03dmhqLXBmd3YtaHgzd84AA_fr
MindsDB Deserialization of Untrusted Data vulnerability
Ecosystems: pypi
Packages: mindsdb
Source: GitHub Advisory Database
Blast Radius: 16.5
Published: 2 months ago
High
GSA_kwCzR0hTQS04Y205LXJyZ2MtNHBjas4AA_fv
Cleanlab Deserialization of Untrusted Data vulnerability
Ecosystems: pypi
Packages: cleanlab
Source: GitHub Advisory Database
Blast Radius: 10.0
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS0zMmZqLXI4cXctcjh3OM4AA_fx
MindsDB Cross-site Scripting vulnerability
Ecosystems: pypi
Packages: mindsdb
Source: GitHub Advisory Database
Blast Radius: 17.1
Published: 2 months ago
High
GSA_kwCzR0hTQS1mcjlxLXJnd3EtZzVyNc4AA_fu
MindsDB Deserialization of Untrusted Data vulnerability
Ecosystems: pypi
Packages: mindsdb
Source: GitHub Advisory Database
Blast Radius: 13.3
Published: 2 months ago
High
GSA_kwCzR0hTQS1jcm1nLXJwNjQtNWNtM84AA_fq
MindsDB Eval Injection vulnerability
Ecosystems: pypi
Packages: mindsdb
Source: GitHub Advisory Database
Blast Radius: 16.5
Published: 2 months ago
High
GSA_kwCzR0hTQS13Y2p3LTN2NnAtNHYzcs4AA_fe
MindsDB Eval Injection vulnerability
Ecosystems: pypi
Packages: mindsdb
Source: GitHub Advisory Database
Blast Radius: 16.5
Published: 2 months ago
High
GSA_kwCzR0hTQS1jODVmLXBjeDYtMmdobc4AA_fa
MindsDB Eval Injection vulnerability
Ecosystems: pypi
Packages: mindsdb
Source: GitHub Advisory Database
Blast Radius: 16.5
Published: 2 months ago
High
GSA_kwCzR0hTQS00ZmdwLTd2dm0tbTRqZs4AA_fd
Refuel Autolab Eval Injection vulnerability
Ecosystems: pypi
Packages: refuel-autolabel
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 months ago
High
GSA_kwCzR0hTQS12Nmc2LTNjbTMtdmY2Y84AA_fg
MindsDB Eval Injection vulnerability
Ecosystems: pypi
Packages: mindsdb
Source: GitHub Advisory Database
Blast Radius: 16.5
Published: 2 months ago
High
GSA_kwCzR0hTQS05Z3E2LTY5MzYtODg1d84AA_fb
MindsDB Eval Injection vulnerability
Ecosystems: pypi
Packages: mindsdb
Source: GitHub Advisory Database
Blast Radius: 16.5
Published: 2 months ago
High
GSA_kwCzR0hTQS1nMm04LWYzeDItcXByd84AA_ff
Refuel Autolab Eval Injection vulnerability
Ecosystems: pypi
Packages: refuel-autolabel
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 months ago
Critical
GSA_kwCzR0hTQS1jdnA4LTVyOGctZmh2cc4AA_eZ
omniauth-saml vulnerable to Improper Verification of Cryptographic Signature
Ecosystems: rubygems
Packages: omniauth-saml
Source: GitHub Advisory Database
Blast Radius: 32.8
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS1yamM2LXZtNGgtODVjZ84AA_eY
Sensitive Information Exposure Through Insecure Logging For Secrets Like Metadata.DockerBuildArgs
Ecosystems: pypi
Packages: aws-sam-cli
Source: GitHub Advisory Database
Blast Radius: 12.2
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS02MzV2LXBjNDItZnI3NM4AA_eX
AWS SageMaker Training Toolkit logs CodeArtifact Authorization token
Ecosystems: pypi
Packages: sagemaker-training
Source: GitHub Advisory Database
Blast Radius: 9.3
Published: 2 months ago
High
GSA_kwCzR0hTQS02NGY4LXBqZ3ItOXdtcs4AA_eW
Untrusted Query Object Evaluation in RPC API
Ecosystems: cargo
Packages: surrealdb, surrealdb-core
Source: GitHub Advisory Database
Blast Radius: 19.3
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS04MjU5LTJ4NzItMmd2Y84AA_dh
Eclipse Dataspace Components's ConsumerPullTransferTokenValidationApiController doesn't check for token validit
Ecosystems: maven
Packages: org.eclipse.edc:transfer-data-plane
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 2 months ago
Critical
GSA_kwCzR0hTQS1nODRxLTU0aGYtMzZyZ84AA_da
AutoGPT bypass of the shell commands denylist settings
Ecosystems: pypi
Packages: agpt
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS03Z3EyLXZ3cTktdzh2d84AA_dg
Eclipse Glassfish URL redirection vulnerability
Ecosystems: maven
Packages: org.glassfish.main.web:web-core
Source: GitHub Advisory Database
Blast Radius: 5.8
Published: 2 months ago
High
GSA_kwCzR0hTQS1mNnY0LWNmNWotdmYzd84AA_c_
dset Prototype Pollution vulnerability
Ecosystems: npm
Packages: dset
Source: GitHub Advisory Database
Blast Radius: 35.6
Published: 2 months ago
High
GSA_kwCzR0hTQS1jZmY4LXg3anYtNGZtOM4AA_cb
Session is cached for OpenID and OAuth2 if `redirect` is not used
Ecosystems: npm
Packages: @directus/api, directus
Source: GitHub Advisory Database
Blast Radius: 15.2
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS1wdzQ0LTRoOTktd3FmZs4AA_ca
D-Tale vulnerable to Remote Code Execution through the Query input on Chart Builder
Ecosystems: pypi
Packages: dtale
Source: GitHub Advisory Database
Blast Radius: 11.8
Published: 2 months ago
Low
GSA_kwCzR0hTQS1tNmZ2LWptY2ctNGpmZ84AA_cZ
send vulnerable to template injection that can lead to XSS
Ecosystems: npm
Packages: send
Source: GitHub Advisory Database
Blast Radius: 33.5
Published: 2 months ago
Low
GSA_kwCzR0hTQS1jbTIyLTRnN3ctMzQ4cM4AA_cY
serve-static vulnerable to template injection that can lead to XSS
Ecosystems: npm
Packages: serve-static
Source: GitHub Advisory Database
Blast Radius: 33.5
Published: 2 months ago
Critical
GSA_kwCzR0hTQS1qdzljLW1mZzctOXJ4Ms4AA_cX
SAML authentication bypass via Incorrect XPath selector
Ecosystems: rubygems
Packages: ruby-saml
Source: GitHub Advisory Database
Blast Radius: 33.6
Published: 2 months ago
Low
GSA_kwCzR0hTQS1xdzZoLXZnaDktajZ3eM4AA_cW
express vulnerable to XSS via response.redirect()
Ecosystems: npm
Packages: express
Source: GitHub Advisory Database
Blast Radius: 31.3
Published: 2 months ago
High
GSA_kwCzR0hTQS13OTdmLXczaHEtMzZnMs4AA_b2
Keycloak Denial of Service vulnerability
Ecosystems: maven
Packages: org.keycloak:keycloak-core
Source: GitHub Advisory Database
Blast Radius: 19.9
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS1wdm1tLTU1cjUtZzNtbc4AA_a3
XWiki Platform document history including authors of any page exposed to unauthorized actors
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-rest-server
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS03OHZnLTd2MjctaGo2N84AA_a2
auditor-bundle vulnerable to Cross-site Scripting because name of entity does not get escaped
Ecosystems: packagist
Packages: damienharper/auditor-bundle
Source: GitHub Advisory Database
Blast Radius: 7.4
Published: 2 months ago
High
GSA_kwCzR0hTQS1xd2NyLXIyZm0tcXJjN84AA_a1
body-parser vulnerable to denial of service when url encoding is enabled
Ecosystems: npm
Packages: body-parser
Source: GitHub Advisory Database
Blast Radius: 46.7
Published: 2 months ago
High
GSA_kwCzR0hTQS1nOTc0LWh4dm0teDY4Oc4AA_ZX
node-gettext vulnerable to Prototype Pollution
Ecosystems: npm
Packages: node-gettext
Source: GitHub Advisory Database
Blast Radius: 19.8
Published: 2 months ago
Critical
GSA_kwCzR0hTQS1mNHdoLTM1OWctNHBxN84AA_Yu
ThinkPHP deserialization vulnerability
Ecosystems: packagist
Packages: topthink/framework
Source: GitHub Advisory Database
Blast Radius: 34.4
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS1nNGdjLXJoMjYtbTNwNc4AA_Yi
Keycloak Open Redirect vulnerability
Ecosystems: maven
Packages: org.keycloak:keycloak-core
Source: GitHub Advisory Database
Blast Radius: 13.5
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS01N3JoLWdyNHYtajVmNs4AA_Yg
Keycloak Uses a Key Past its Expiration Date
Ecosystems: maven
Packages: org.keycloak:keycloak-core
Source: GitHub Advisory Database
Blast Radius: 14.7
Published: 2 months ago
High
GSA_kwCzR0hTQS1qNzZqLXJxd2otam12ds4AA_Yo
Keycloak Session Fixation vulnerability
Ecosystems: maven
Packages: org.keycloak:keycloak-services
Source: GitHub Advisory Database
Blast Radius: 19.5
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS02ajc1LTV3ZmotZ2g2Ns4AA_Ye
Twig has a possible sandbox bypass
Ecosystems: packagist
Packages: twig/twig
Source: GitHub Advisory Database
Blast Radius: 44.0
Published: 2 months ago
High
GSA_kwCzR0hTQS05d3Y2LTg2djItNTk4as4AA_Yf
path-to-regexp outputs backtracking regular expressions
Ecosystems: npm
Packages: path-to-regexp
Source: GitHub Advisory Database
Blast Radius: 49.7
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS0yOGg0LTc4OGctcmg0Ms4AA_YV
Craft CMS vulnerable to stored XSS in breadcrumb list and title fields
Ecosystems: packagist
Packages: craftcms/cms
Source: GitHub Advisory Database
Blast Radius: 18.9
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS1nY2ZnLWhtd3gtd3E1aM4AA_YU
Httpful is Missing Certificate Validation
Ecosystems: packagist
Packages: nategood/httpful
Source: GitHub Advisory Database
Blast Radius: 22.1
Published: 2 months ago
Critical
GSA_kwCzR0hTQS1yOXBwLXI0eGYtNTk3cs4AA_YT
pyload-ng vulnerable to RCE with js2py sandbox escape
Ecosystems: pypi
Packages: pyload-ng
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 months ago
High
GSA_kwCzR0hTQS1xd2djLXJyMzUtaDR4Oc4AA_YS
External Secrets Operator vulnerable to privilege escalation
Ecosystems: go
Packages: github.com/external-secrets/external-secrets
Source: GitHub Advisory Database
Blast Radius: 5.8
Published: 2 months ago
Low
GSA_kwCzR0hTQS1tcW05LWM5NWgteDJwNs4AA_YR
AngularJS allows attackers to bypass common image source restrictions
Ecosystems: npm
Packages: angular
Source: GitHub Advisory Database
Blast Radius: 22.8
Published: 2 months ago
Low
GSA_kwCzR0hTQS1tOWdmLTM5N3ItaHdwZ84AA_YN
AngularJS allows attackers to bypass common image source restrictions
Ecosystems: npm
Packages: angular
Source: GitHub Advisory Database
Blast Radius: 22.8
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS1wdjdoLWhnNm0tODJqOM4AA_Xw
Gouniverse GoLang CMS vulnerable to Cross-site Scripting
Ecosystems: go
Packages: github.com/gouniverse/cms
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 months ago
High
GSA_kwCzR0hTQS1jMzkyLXdocGMtdmZwcs4AA_Wx
Apache Airflow vulnerable to Improper Encoding or Escaping of Output
Ecosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Blast Radius: 28.1
Published: 3 months ago
High
GSA_kwCzR0hTQS05MnhnLWdtcnEtNWMzd84AA_W0
Apache Airflow vulnerable to Execution with Unnecessary Privileges
Ecosystems: pypi
Packages: apache-airflow
Source: GitHub Advisory Database
Blast Radius: 28.1
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS05ajRmLWYyNDktcTV3OM4AA_Ws
Default installation of `synthetic-monitoring-agent` exposes sensitive information
Ecosystems: go
Packages: github.com/grafana/synthetic-monitoring-agent, github.com/grafana/synthetic-monitoring-agent/cmd/synthetic-monitoring-agent
Source: GitHub Advisory Database
Blast Radius: 8.0
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS1xOThmLTJ4NHAtcHJqcs4AA_Wl
Exposure of debug and metrics endpoints in Pomerium
Ecosystems: go
Packages: github.com/pomerium/pomerium
Source: GitHub Advisory Database
Blast Radius: 4.5
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS1tOHJwLXZ2OTItNDZjN84AA_Wk
gix-path improperly resolves configuration path reported by Git
Ecosystems: cargo
Packages: gix-path
Source: GitHub Advisory Database
Blast Radius: 17.4
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS1xM2h3LTNnbTQtdzVjcs4AA_Wj
gnark's Groth16 commitment extension unsound for more than one commitment
Ecosystems: go
Packages: github.com/consensys/gnark
Source: GitHub Advisory Database
Blast Radius: 11.7
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS1najU1LTJ4ZjktNjdycc4AA_Wi
HTML injection in JupyterLite leading to DOM Clobbering
Ecosystems: pypi
Packages: jupyterlite-core
Source: GitHub Advisory Database
Blast Radius: 13.1
Published: 3 months ago
High
GSA_kwCzR0hTQS02Y3I2LXBoM3AtZjVyZs4AA_Wh
XXE vulnerability in XSLT transforms in `org.hl7.fhir.core`
Ecosystems: maven
Packages: ca.uhn.hapi.fhir:org.hl7.fhir.utilities, ca.uhn.hapi.fhir:org.hl7.fhir.r5, ca.uhn.hapi.fhir:org.hl7.fhir.r4b, ca.uhn.hapi.fhir:org.hl7.fhir.r4, ca.uhn.hapi.fhir:org.hl7.fhir.dstu3, ca.uhn.hapi.fhir:org.hl7.fhir.dstu2016may
Source: GitHub Advisory Database
Blast Radius: 16.8
Published: 3 months ago
High
GSA_kwCzR0hTQS05eGNnLTNxOHYtN2ZxNs4AA_Wg
gnark commitments to private witnesses in Groth16 as implemented break zero-knowledge property
Ecosystems: go
Packages: github.com/consensys/gnark
Source: GitHub Advisory Database
Blast Radius: 11.2
Published: 3 months ago
High
GSA_kwCzR0hTQS03cTc0LWc3NzQtN3gzZ84AA_Vd
Interchain Security: The signers of ICS messages do not need to match the provider address
Ecosystems: go
Packages: github.com/cosmos/interchain-security/v4, github.com/cosmos/interchain-security/v3, github.com/cosmos/interchain-security/v2, github.com/cosmos/interchain-security, github.com/cosmos/interchain-security/v5
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
High
GSA_kwCzR0hTQS1yd3E2LWNyamctOWNwd84AA_VQ
ic-cdk has a memory leak when calling a canister method via `ic_cdk::call`
Ecosystems: cargo
Packages: ic_cdk
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 months ago
Low
GSA_kwCzR0hTQS1mdjRnLWd3cGotNzRncs4AA_VP
Path traversal vulnerability in stripe-cli
Ecosystems: go
Packages: github.com/stripe/stripe-cli
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 months ago
High
GSA_kwCzR0hTQS00amN2LXZwOTYtOTR4cs4AA_VO
MindsDB Vulnerable to Bypass of SSRF Protection with DNS Rebinding
Ecosystems: pypi
Packages: mindsdb
Source: GitHub Advisory Database
Blast Radius: 17.4
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS1nNnE0LXczajMtamZjNM4AA_VG
Windmill HTTP Request users.rs excessive authentication in github.com/windmill-labs/windmill
Ecosystems: go
Packages: github.com/windmill-labs/windmill
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 months ago
Low
GSA_kwCzR0hTQS1jcTM4LWpoNWYtMzdtcc4AA_TY
sigstore-go has an unbounded loop over untrusted input can lead to endless data attack
Ecosystems: go
Packages: github.com/sigstore/sigstore-go
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS1nNzZmLWdqZngtNHJwcs4AA_TK
Vertx gRPC server does not limit the maximum message size
Ecosystems: maven
Packages: io.vertx:vertx-grpc-client, io.vertx:vertx-grpc-server
Source: GitHub Advisory Database
Blast Radius: 9.6
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS1mdzVyLTZtM3gtcmg3cM4AA_TB
Flask-AppBuilder's login form allows browser to cache sensitive fields
Ecosystems: pypi
Packages: flask-appbuilder
Source: GitHub Advisory Database
Blast Radius: 10.0
Published: 3 months ago
High
GSA_kwCzR0hTQS1jMzRyLTIzOHgtZjdxeM4AA_TA
Remote Code Execution Vulnerability via SSTI in Fides Webserver Jinja Email Templating Engine
Ecosystems: pypi
Packages: ethyca-fides
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 months ago
Low
GSA_kwCzR0hTQS0yaDQ2LThnZjUtZm14ds4AA_S_
Timing-Based Username Enumeration Vulnerability in Fides Webserver Authentication
Ecosystems: pypi
Packages: ethyca-fides
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS03aDVwLW1tcHAtaGdtbc4AA_S-
Nuclei Template Signature Verification Bypass
Ecosystems: go
Packages: github.com/projectdiscovery/nuclei/v3
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS1ycnFmLXc3NGotMjRmZs4AA_S9
Indico has a Cross-Site-Scripting during account creation
Ecosystems: pypi
Packages: indico
Source: GitHub Advisory Database
Blast Radius: 6.1
Published: 3 months ago
High
GSA_kwCzR0hTQS1nNWpoLTU3d20tcDc5bc4AA_S7
Missing connection timeout in Aardvark-dns
Ecosystems: cargo
Packages: aardvark-dns
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS1oNGdoLXFxNDUtdmgyN84AA_QU
pyca/cryptography has a vulnerable OpenSSL included in cryptography wheels
Ecosystems: pypi
Packages: cryptography
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
High
GSA_kwCzR0hTQS1wMnE5LTM2dnctYzQ2OM4AA_QL
olm-sys: wrapped library unmaintained, potentially vulnerable
Ecosystems: cargo
Packages: olm-sys
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
High
GSA_kwCzR0hTQS02eHg0LXg0NmYtZjg5N84AA_QK
Hoverfly allows an arbitrary file read in the `/api/v2/simulation` endpoint (`GHSL-2023-274`)
Ecosystems: go
Packages: github.com/spectolabs/hoverfly
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 months ago
High
GSA_kwCzR0hTQS1jeHd3LTdnNTYtMnZoNs4AA_QJ
@actions/download-artifact has an Arbitrary File Write via artifact extraction
Ecosystems: actions
Packages: actions/download-artifact
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 months ago
Statistics
Advisories: 20,713
Packages: 9,066
Repositories: 5,542
Ecosystems: 12
Filter by Severity
Moderate 8,860 High 7,285 Critical 3,071 Low 1,148
Filter by Ecosystem
maven 5,870 packagist 4,634 pypi 4,392 npm 3,814 go 2,299 nuget 1,552 cargo 888 rubygems 880 swift 33 hex 32 actions 20 pub 9
Filter by Package
tensorflow 433 tensorflow-gpu 427 tensorflow-cpu 423 moodle/moodle 367 Microsoft.ChakraCore 247 magento/community-edition 235 org.jenkins-ci.main:jenkins-core 193 typo3/cms 174 org.apache.tomcat:tomcat 132 pimcore/pimcore 118 dolibarr/dolibarr 113 typo3/cms-core 106 Django 100 microweber/microweber 94 drupal/core 92 phpmyadmin/phpmyadmin 92 silverstripe/framework 85 apache-airflow 85 drupal/drupal 78 librenms/librenms 74 Plone 72 thorsten/phpmyfaq 70 com.fasterxml.jackson.core:jackson-databind 69 symfony/symfony 69 github.com/usememos/memos 64 ansible 63 github.com/mattermost/mattermost/server/v8 61 actionpack 60 concrete5/concrete5 60 salt 56 org.apache.struts:struts2-core 55 shopware/platform 52 org.keycloak:keycloak-core 51 apache-superset 51 github.com/grafana/grafana 49 baserproject/basercms 47 nova 47 com.liferay.portal:release.portal.bom 46 craftcms/cms 46 mlflow 46 django 44 nokogiri 43 rdiffweb 42 plone 41 shopware/core 40 showdoc/showdoc 40 intelliants/subrion 39 froxlor/froxlor 38 vyper 38 org.apache.tomcat.embed:tomcat-embed-core 38 github.com/rancher/rancher 38 nilsteampassnet/teampass 37 org.xwiki.platform:xwiki-platform-oldcore 37 mautic/core 37 github.com/mattermost/mattermost-server/v6 37 github.com/hashicorp/vault 37 com.thoughtworks.xstream:xstream 37 com.jfinal:jfinal 36 k8s.io/kubernetes 36 org.elasticsearch:elasticsearch 36 org.keycloak:keycloak-services 36 snipe/snipe-it 35 matrix-synapse 35 net.mingsoft:ms-mcms 35 moin 35 zendframework/zendframework1 34 io.undertow:undertow-core 34 gradio 34 github.com/answerdev/answer 34 org.jenkins-ci.plugins:script-security 33 keystone 32 opencv-python 31 Pillow 31 github.com/argoproj/argo-cd 31 parse-server 31 opencv-contrib-python 31 shopware/shopware 30 github.com/docker/docker 29 getgrav/grav 29 github.com/hashicorp/consul 29 mediawiki/core 28 github.com/hashicorp/nomad 28 centreon/centreon 27 github.com/argoproj/argo-cd/v2 27 directus 26 prestashop/prestashop 26 electron 26 pillow 26 openssl-src 26 org.apache.solr:solr-core 25 github.com/cilium/cilium 25 rubygems-update 25 gogs.io/gogs 25 org.keycloak:keycloak-parent 25 org.springframework.security:spring-security-core 24 magento/core 24 org.eclipse.jetty:jetty-server 24 contao/core-bundle 24 pocketmine/pocketmine-mp 23 remdex/livehelperchat 23 puppet 23 rack 23 grumpydictator/firefly-iii 23 zendframework/zendframework 23 simplesamlphp/simplesamlphp 23 tribalsystems/zenario 22 getkirby/cms 22 org.bouncycastle:bcprov-jdk14 22 ckb 22 activerecord 21 Microsoft.AspNetCore.App.Runtime.win-x86 21 Microsoft.AspNetCore.App.Runtime.win-x64 21 glance 21 org.apache.nifi:nifi 21 org.apache.openmeetings:openmeetings-parent 21 @openzeppelin/contracts-upgradeable 21 github.com/ethereum/go-ethereum 20 laravel/framework 20 @openzeppelin/contracts 20 Microsoft.AspNetCore.App.Runtime.win-arm 20 org.cloudfoundry.identity:cloudfoundry-identity-server 20 langchain 20 funadmin/funadmin 20 code.gitea.io/gitea 20 org.xwiki.platform:xwiki-platform-web-templates 19 github.com/goharbor/harbor 19 wasmtime 19 DotNetNuke.Core 19 org.springframework:spring-core 19 contao/contao 19 com.vaadin:vaadin-bom 18 topthink/framework 18 com.liferay.portal:release.dxp.bom 18 github.com/traefik/traefik/v2 18 mindsdb 18 cobbler 18 Microsoft.AspNetCore.App.Runtime.linux-arm 18 forkcms/forkcms 18 Microsoft.AspNetCore.App.Runtime.win-arm64 18 Microsoft.AspNetCore.App.Runtime.osx-x64 18 Microsoft.AspNetCore.App.Runtime.linux-arm64 18 mercurial 18 cockpit-hq/cockpit 18 Microsoft.AspNetCore.App.Runtime.linux-x64 18 Microsoft.AspNetCore.App.Runtime.linux-musl-x64 18 next 18 golang.org/x/net 18 notebook 17 opencart/opencart 17 cakephp/cakephp 17 francoisjacquet/rosariosis 17 genix/cms 17 ezsystems/ezpublish-kernel 17 org.apache.geode:geode-core 17 symfony/security 17 Microsoft.AspNetCore.App.Runtime.linux-musl-arm64 17 helm.sh/helm/v3 17 typo3/cms-backend 16 phpbb/phpbb 16 cryptography 16 org.apache.jspwiki:jspwiki-main 16 tinymce 16 openmage/magento-lts 16 yetiforce/yetiforce-crm 16 neutron 16 github.com/zitadel/zitadel 16 sequelize 16 org.apache.activemq:activemq-client 16 paddlepaddle 16 PaddlePaddle 16 org.apache.dubbo:dubbo 16 pyload-ng 16 org.bouncycastle:bcprov-jdk15 16 rusqlite 16 symfony/security-http 15 ec-cube/ec-cube 15 OctoPrint 15 calibreweb 15 ckeditor4 15 org.apache.struts.xwork:xwork-core 15 october/system 15 ghost 15 ethyca-fides 15 smarty/smarty 15 surrealdb 15 org.apache.tomcat:tomcat-coyote 14 joplin 14 swagger-ui 14 bolt/bolt 14 org.apache.inlong:manager-pojo 14 modoboa 14 camaleon_cms 14 phpmailer/phpmailer 14 silverstripe/cms 14 publify_core 14 github.com/nats-io/nats-server/v2 14 lollms 14 org.xwiki.platform:xwiki-platform-web 14 activesupport 14 github.com/containerd/containerd 14
Filter by Repository
https://github.com/tensorflow/tensorflow 433 https://github.com/moodle/moodle 218 https://github.com/chakra-core/ChakraCore 214 https://github.com/xwiki/xwiki-platform 183 https://github.com/jenkinsci/jenkins 150 https://github.com/django/django 113 https://github.com/pimcore/pimcore 113 https://github.com/apache/tomcat 101 https://github.com/apache/airflow 100 https://github.com/microweber/microweber 88 https://github.com/TYPO3/typo3 74 https://github.com/keycloak/keycloak 74 https://github.com/FasterXML/jackson-databind 70 https://github.com/thorsten/phpmyfaq 69 https://github.com/librenms/librenms 66 https://github.com/silverstripe/silverstripe-framework 64 https://github.com/usememos/memos 64 https://github.com/symfony/symfony 64 https://github.com/rails/rails 59 https://github.com/ansible/ansible 58 https://github.com/Dolibarr/dolibarr 56 https://github.com/kubernetes/kubernetes 53 https://github.com/python-pillow/Pillow 52 https://github.com/apache/struts 46 https://github.com/spring-projects/spring-framework 45 https://github.com/shopware/platform 43 https://github.com/ikus060/rdiffweb 42 https://github.com/argoproj/argo-cd 42 https://github.com/concretecms/concretecms 41 https://github.com/grafana/grafana 41 https://github.com/magento/magento2 38 https://github.com/vyperlang/vyper 38 https://github.com/star7th/showdoc 38 https://github.com/phpmyadmin/phpmyadmin 38 https://github.com/x-stream/xstream 37 https://github.com/plone/Products.CMFPlone 37 https://github.com/openstack/nova 37 https://github.com/mautic/mautic 35 https://github.com/octobercms/october 35 https://github.com/answerdev/answer 34 https://github.com/saltstack/salt 34 https://github.com/rancher/rancher 34 https://github.com/craftcms/cms 34 https://github.com/apache/activemq 33 https://github.com/dotnet/runtime 33 https://github.com/matrix-org/synapse 32 https://github.com/go-gitea/gitea 32 https://github.com/sparklemotion/nokogiri 32 https://github.com/opencv/opencv 32 https://github.com/gradio-app/gradio 31 https://github.com/PaddlePaddle/Paddle 31 https://github.com/parse-community/parse-server 31 https://github.com/snipe/snipe-it 30 https://github.com/mlflow/mlflow 30 https://github.com/shopware/shopware 28 https://github.com/CVEProject/cvelist 28 https://github.com/openstack/keystone 28 https://github.com/apache/inlong 27 https://github.com/baserproject/basercms 26 https://github.com/froxlor/froxlor 26 https://github.com/cilium/cilium 25 https://github.com/directus/directus 25 https://github.com/contao/contao 25 https://github.com/umbraco/Umbraco-CMS 25 https://github.com/electron/electron 25 https://github.com/github/advisory-database 25 https://github.com/strapi/strapi 24 https://github.com/gogs/gogs 24 https://github.com/getgrav/grav 24 https://github.com/TYPO3/TYPO3.CMS 24 https://github.com/firefly-iii/firefly-iii 23 https://github.com/apache/nifi 23 https://github.com/livehelperchat/livehelperchat 23 https://github.com/eclipse/jetty.project 23 https://github.com/pmmp/PocketMine-MP 23 https://github.com/hashicorp/consul 22 https://github.com/PrestaShop/PrestaShop 22 https://github.com/langchain-ai/langchain 22 https://github.com/nervosnetwork/ckb 22 https://github.com/jenkinsci/script-security-plugin 21 https://github.com/apache/cxf 21 https://github.com/netty/netty 21 https://github.com/OpenZeppelin/openzeppelin-contracts 20 https://github.com/bytecodealliance/wasmtime 20 https://github.com/simplesamlphp/simplesamlphp 20 https://github.com/OpenNMS/opennms 20 https://github.com/undertow-io/undertow 20 https://github.com/jeecgboot/jeecg-boot 20 https://github.com/funadmin/funadmin 20 https://github.com/goharbor/harbor 19 https://github.com/getkirby/kirby 19 https://github.com/zitadel/zitadel 19 https://github.com/cloudfoundry/uaa 19 https://github.com/nilsteampassnet/teampass 19 https://github.com/bcgit/bc-java 19 https://github.com/intelliants/subrion 18 https://github.com/nilsteampassnet/TeamPass 18 https://github.com/traefik/traefik 18 https://github.com/rubygems/rubygems 18 https://github.com/geoserver/geoserver 18 https://github.com/helm/helm 18 https://github.com/rack/rack 18 https://github.com/hashicorp/vault 17 https://github.com/opencast/opencast 17 https://github.com/mindsdb/mindsdb 17 https://github.com/moby/moby 17 https://github.com/vaadin/platform 17 https://github.com/liufee/cms 17 https://github.com/yetiforcecompany/yetiforcecrm 16 https://github.com/forkcms/forkcms 16 https://github.com/pyload/pyload 16 https://github.com/rusqlite/rusqlite 16 https://github.com/OpenMage/magento-lts 16 https://github.com/ethereum/go-ethereum 16 https://github.com/mattermost/mattermost 16 https://github.com/tinymce/tinymce 16 https://github.com/TYPO3-CMS/core 16 https://github.com/laravel/framework 16 https://github.com/sequelize/sequelize 16 https://github.com/etcd-io/etcd 16 https://github.com/backstage/backstage 16 https://github.com/ethyca/fides 15 https://github.com/pyca/cryptography 15 https://github.com/decidim/decidim 15 https://github.com/vantage6/vantage6 15 https://github.com/dompdf/dompdf 15 https://github.com/PHPMailer/PHPMailer 15 https://github.com/puppetlabs/puppet 15 https://github.com/zendframework/zendframework 15 https://github.com/apache/camel 15 https://github.com/centreon/centreon 15 https://github.com/cobbler/cobbler 15 https://github.com/denoland/deno 15 https://github.com/surrealdb/surrealdb 15 https://github.com/vercel/next.js 14 https://github.com/hashicorp/nomad 14 https://github.com/aio-libs/aiohttp 14 https://github.com/cockpit-hq/cockpit 14 https://github.com/twisted/twisted 14 https://github.com/containerd/containerd 14 https://github.com/xuxueli/xxl-job 14 https://github.com/ckeditor/ckeditor4 14 https://github.com/dotnet/aspnetcore 14 https://github.com/janeczku/calibre-web 14 https://github.com/OPCFoundation/UA-.NETStandard 13 https://github.com/apache/dolphinscheduler 13 https://github.com/TryGhost/Ghost 13 https://github.com/swagger-api/swagger-ui 13 https://github.com/dromara/hutool 13 https://github.com/publify/publify 13 https://github.com/golang/go 13 https://github.com/laurent22/joplin 13 https://github.com/OpenRefine/OpenRefine 13 https://github.com/ming-soft/MCMS 13 https://github.com/quarkusio/quarkus 13 https://github.com/modoboa/modoboa 13 https://github.com/nodejs/undici 13 https://github.com/smarty-php/smarty 12 https://github.com/centreon/centreon-archived 12 https://github.com/puma/puma 12 https://github.com/wagtail/wagtail 12 https://github.com/openfga/openfga 12 https://github.com/PHPOffice/PhpSpreadsheet 12 https://github.com/pimcore/admin-ui-classic-bundle 12 https://github.com/containers/podman 12 https://github.com/apache/kylin 12 https://github.com/openstack/glance 12 https://github.com/1Panel-dev/1Panel 12 https://github.com/patriksimek/vm2 12 https://github.com/urllib3/urllib3 12 https://github.com/opencontainers/runc 12 https://github.com/pomerium/pomerium 11 https://github.com/vaadin/flow 11 https://github.com/top-think/framework 11 https://github.com/ezsystems/ezpublish-kernel 11 https://github.com/scrapy/scrapy 11 https://github.com/Studio-42/elFinder 11 https://github.com/cloudflare/cfrpki 11 https://github.com/igniterealtime/Openfire 11 https://github.com/owen2345/camaleon-cms 11 https://github.com/zenml-io/zenml 11 https://github.com/spring-projects/spring-security 11 https://github.com/yiisoft/yii2 11 https://github.com/onionshare/onionshare 11 https://github.com/getsentry/sentry 11 https://github.com/Pylons/waitress 11 https://github.com/nats-io/nats-server 11 https://github.com/dolibarr/dolibarr 11 https://github.com/matrix-org/matrix-js-sdk 11 https://github.com/cakephp/cakephp 11 https://github.com/dpgaspar/Flask-AppBuilder 11 https://github.com/thorsten/phpMyFAQ 11 https://github.com/drupal/core 11 https://github.com/WWBN/AVideo 11 https://github.com/Sylius/Sylius 11 https://github.com/NodeBB/NodeBB 11 https://github.com/opencart/opencart 10 https://github.com/DSpace/DSpace 10 https://github.com/jupyter/notebook 10