Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories

Browse all Security Advisories for

Loading...
Moderate
GSA_kwCzR0hTQS03OHgyLWN3cDktNWo0Ms4AA-0D
Ghost's improper authentication allows access to member information and actions
Ecosystems: npm
Packages: @tryghost/portal, ghost
Source: GitHub Advisory Database
Blast Radius: 17.4
Published: 3 months ago
High
GSA_kwCzR0hTQS1yNXBoLTRqeG0tNmo5cM4AA-0C
LF Edge eKuiper has a SQL Injection in sqlKvStore
Ecosystems: pypi, go
Packages: ekuiper, github.com/lf-edge/ekuiper
Source: GitHub Advisory Database
Blast Radius: 5.3
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS1jZjcyLXZnNTktNGo0aM4AA-0B
Khoj Vulnerable to Stored Cross-site Scripting In Automate (Preview feature)
Ecosystems: pypi
Packages: khoj
Source: GitHub Advisory Database
Blast Radius: 1.6
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS1jNmMzLWg0ZjctMzk2Ms4AA-0A
apollo-portal has potential unauthorized access issue
Ecosystems: maven
Packages: com.ctrip.framework.apollo:apollo
Source: GitHub Advisory Database
Blast Radius: 1.3
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS12aHI1LWczcG0tNDlmbc4AA-z_
matrix-js-sdk will freeze when a user sets a room with itself as a its predecessor
Ecosystems: npm
Packages: matrix-js-sdk
Source: GitHub Advisory Database
Blast Radius: 12.4
Published: 3 months ago
High
GSA_kwCzR0hTQS1tcTY5LTRqNXctM3F3cM4AA-z-
Capsule tenant owner with "patch namespace" permission can hijack system namespaces
Ecosystems: go
Packages: github.com/projectcapsule/capsule
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS1ocnd3LXgzZnEteGN2aM4AA-z9
Umbraco CMS Improper Access Control vulnerability
Ecosystems: nuget
Packages: Umbraco.Cms
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS1oaDhwLTM3NGYtcWdyNc4AA-z7
Grafana plugin data sources vulnerable to access control bypass
Ecosystems: go
Packages: github.com/grafana/grafana
Source: GitHub Advisory Database
Blast Radius: 7.5
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS03N2dqLWNyaHAtM2d2eM4AA-zy
Umbraco CMS vulnerable to Generation of Error Message Containing Sensitive Information
Ecosystems: nuget
Packages: Umbraco.Cms.Api.Management
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 months ago
Critical
GSA_kwCzR0hTQS0yZm02LW12NTctcDJxaM4AA-yo
Apache Dolphinscheduler Code Injection vulnerability
Ecosystems: maven
Packages: org.apache.dolphinscheduler:dolphinscheduler-task-api
Source: GitHub Advisory Database
Blast Radius: 17.8
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS05Y21xLW05ajUtbXZ3d84AA-yn
Spring Framework vulnerable to Denial of Service
Ecosystems: maven
Packages: org.springframework:spring-expression
Source: GitHub Advisory Database
Blast Radius: 19.4
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS1obXFmLXdwcTktanE4M84AA-ya
Spring Security Missing Authorization vulnerability
Ecosystems: maven
Packages: org.springframework.security:spring-security-core
Source: GitHub Advisory Database
Blast Radius: 30.2
Published: 3 months ago
Critical
GSA_kwCzR0hTQS1mOTYzLTRjcTgtMmd3N84AA-yB
In XWiki Platform, payloads stored in content is executed when a user with script/programming right edit them
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-web-templates
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 months ago
Critical
GSA_kwCzR0hTQS13Y2c5LXBncXYteG01ds4AA-yA
XWiki Platform allows XSS through XClass name in string properties
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-oldcore
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 months ago
High
GSA_kwCzR0hTQS00aGgzLXZqMzItZ3I2as4AA-xV
Mobile Security Framework (MobSF) has a Zip Slip Vulnerability in .a Static Library Files
Ecosystems: pypi
Packages: mobsf
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS0ybTk2LTUycjMtMmYzZ84AA-xU
fugit parse and parse_nat stall on lengthy input
Ecosystems: rubygems
Packages: fugit
Source: GitHub Advisory Database
Blast Radius: 19.4
Published: 3 months ago
Low
GSA_kwCzR0hTQS0zcjc0LXY4M3AtZjRmNM4AA-xT
Trufflehog vulnerable to Blind SSRF in some Detectors
Ecosystems: go
Packages: github.com/trufflesecurity/trufflehog/v3
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS14bXJwLTQyNGYtdmZweM4AA-xS
SQLx Binary Protocol Misinterpretation caused by Truncating or Overflowing Casts
Ecosystems: cargo
Packages: sqlx
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
High
GSA_kwCzR0hTQS1yNnBoLTVmcDItM3cyds4AA-xK
Microcks's POST /api/import and POST /api/export endpoints allow non-administrator access
Ecosystems: maven
Packages: io.github.microcks:microcks-app
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS1ydjl2LXI0dm0tZ2o4eM4AA-xJ
Miniscript allows stack consumption
Ecosystems: cargo
Packages: miniscript
Source: GitHub Advisory Database
Blast Radius: 15.7
Published: 3 months ago
High
GSA_kwCzR0hTQS1oeHdoLWpwcDItODRwbc4AA-wj
Flask-CORS allows the `Access-Control-Allow-Private-Network` CORS header to be set to true by default
Ecosystems: pypi
Packages: Flask-Cors
Source: GitHub Advisory Database
Blast Radius: 32.1
Published: 3 months ago
Low
GSA_kwCzR0hTQS1oNmpxLXc0MzItajI2d84AA-ty
Silverpeas vulnerable to password complexity rule bypass
Ecosystems: maven
Packages: org.silverpeas.core:silverpeas-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS12d2Y4LXE2ZnctNHdjbc4AA-ts
Cilium leaks information via incorrect ReferenceGrant update logic in Gateway API
Ecosystems: go
Packages: github.com/cilium/cilium
Source: GitHub Advisory Database
Blast Radius: 10.9
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS04MzI3LTg0Y2otOHhqbc4AA-sv
Stack overflow when parsing specially crafted JSON ABI strings
Ecosystems: cargo
Packages: alloy-json-abi
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS1xY20zLTc4NzkteGN3d84AA-su
Gateway API route matching order contradicts specification
Ecosystems: go
Packages: github.com/cilium/cilium
Source: GitHub Advisory Database
Blast Radius: 8.1
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS1xN3c4LTcybXItdnBnd84AA-st
Policy bypass for Host Firewall policy due to race condition in Cilium agent
Ecosystems: go
Packages: github.com/cilium/cilium
Source: GitHub Advisory Database
Blast Radius: 13.7
Published: 3 months ago
Critical
GSA_kwCzR0hTQS03NWpmLTUyamctcXFoNM4AA-se
SQL injection in github.com/stashapp/stash
Ecosystems: go
Packages: github.com/stashapp/stash
Source: GitHub Advisory Database
Blast Radius: 4.3
Published: 3 months ago
High
GSA_kwCzR0hTQS1jcGZwLW01cXctYzRyM84AA-r4
Improper Preservation of Permissions in xxl-job
Ecosystems: maven
Packages: com.xuxueli:xxl-job-core
Source: GitHub Advisory Database
Blast Radius: 27.7
Published: 3 months ago
High
GSA_kwCzR0hTQS12d2hnLWp3cjQtdnhnZ84AA-rw
gettext.js has a Cross-site Scripting injection
Ecosystems: npm
Packages: gettext.js
Source: GitHub Advisory Database
Blast Radius: 14.1
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS1xODN2LWhxM2otNHBxM84AA-rb
Improper access control in Directus
Ecosystems: npm
Packages: directus
Source: GitHub Advisory Database
Blast Radius: 8.4
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS1xZjZoLXAzbXItdm1oNc4AA-rS
Code injection in Directus
Ecosystems: npm
Packages: directus
Source: GitHub Advisory Database
Blast Radius: 8.4
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS0yNXF4LXZmdzItZnc4cs4AA-rO
Nomad Vulnerable to Allocation Directory Escape On Non-Existing File Paths Through Archive Unpacking
Ecosystems: go
Packages: github.com/hashicorp/nomad
Source: GitHub Advisory Database
Blast Radius: 13.4
Published: 3 months ago
High
GSA_kwCzR0hTQS12Z3Z2LXg3eGctNmNxZ84AA-q_
Russh has an OOM Denial of Service due to allocation of untrusted amount
Ecosystems: cargo
Packages: russh
Source: GitHub Advisory Database
Blast Radius: 6.3
Published: 3 months ago
High
GSA_kwCzR0hTQS03eDI5LXFxbXEtdjZxY84AA-q-
GitHub Actions Script Injection in `ultralytics/actions`
Ecosystems: actions
Packages: ultralytics/actions
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 months ago
High
GSA_kwCzR0hTQS1mNjdxLXdyNnctMjNqcc4AA-q9
Boa has an uncaught exception when transitioning the state of `AsyncGenerator` objects
Ecosystems: cargo
Packages: boa_engine
Source: GitHub Advisory Database
Blast Radius: 12.3
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS1xbTJxLTlmM3EtMnZjds4AA-qk
Trix has a cross-site Scripting vulnerability on copy & paste
Ecosystems: npm
Packages: trix
Source: GitHub Advisory Database
Blast Radius: 20.1
Published: 3 months ago
High
GSA_kwCzR0hTQS1yaG03LTc0NjktcmNwd84AA-qj
Persistent Cross-site Scripting in eZ Platform Rich Text Field Type
Ecosystems: packagist
Packages: ezsystems/ezplatform-richtext
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
High
GSA_kwCzR0hTQS1odmNmLTYzMjQtY2poN84AA-qi
Persistent Cross-site Scripting in Ibexa RichText Field Type
Ecosystems: packagist
Packages: ibexa/fieldtype-richtext
Source: GitHub Advisory Database
Blast Radius: 8.0
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS1jY3FoLTI3OHAteHE2d84AA-qh
webcrack has an Arbitrary File Write Vulnerability on Windows when Parsing and Saving a Malicious Bundle
Ecosystems: npm
Packages: webcrack
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS04M3FyLTl2MmgtcXhwNM4AA-qg
Cosmos Hub (Gaia): The check for the height of cryptographic equivocation evidence is missing
Ecosystems: go
Packages: github.com/cosmos/gaia
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS1tZzN2LTZtNDktamhwM84AA-qf
WebOb's location header normalization during redirect leads to open redirect
Ecosystems: pypi
Packages: webob
Source: GitHub Advisory Database
Blast Radius: 21.0
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS02cHhoLTI1NTctNWNqNc4AA-oW
Magento Open Source Path Traversal vulnerability
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 7.3
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS00Y2o2LWYzMnYtNmhneM4AA-on
Magento Open Source Cross-Site Request Forgery vulnerability
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 4.6
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS1yZjRxLW0yM2MtN3E4cs4AA-og
Magento Open Source Cross-Site Request Forgery (CSRF) vulnerability
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 4.6
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS03NDcyLXZ3MzktZzJqM84AA-oj
Magento Open Source Improper Authorization vulnerability
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 4.6
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS00MzIzLWY4MnYtZjZqcs4AA-oo
Magento Open Source Cross-Site Request Forgery (CSRF) vulnerability
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 4.6
Published: 3 months ago
Critical
GSA_kwCzR0hTQS1xdjMyLTV3bTItcDMyaM4AA-nr
Command Injection in sequenceserver
Ecosystems: rubygems
Packages: sequenceserver
Source: GitHub Advisory Database
Blast Radius: 9.8
Published: 3 months ago
High
GSA_kwCzR0hTQS03cXJ2LThmOXgtM2gzMs4AA-nq
Microsoft Security Advisory CVE-2024-38168 | .NET Denial of Service Vulnerability
Ecosystems: nuget
Packages: Microsoft.AspNetCore.App.Runtime.win-x86, Microsoft.AspNetCore.App.Runtime.win-x64, Microsoft.AspNetCore.App.Runtime.win-arm64, Microsoft.AspNetCore.App.Runtime.win-arm
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS0zcjM0LXI2dzMtZnFwNs4AA-np
Microsoft Security Advisory CVE-2024-38167 | .NET Information Disclosure Vulnerability
Ecosystems: nuget
Packages: Microsoft.NetCore.App.Runtime.win-x86, Microsoft.NetCore.App.Runtime.win-x64, Microsoft.NetCore.App.Runtime.win-arm64, Microsoft.NetCore.App.Runtime.win-arm, Microsoft.NetCore.App.Runtime.osx-x64, Microsoft.NetCore.App.Runtime.osx-arm64, Microsoft.NetCore.App.Runtime.linux-x64, Microsoft.NetCore.App.Runtime.linux-musl-x64, Microsoft.NetCore.App.Runtime.linux-musl-arm64, Microsoft.NetCore.App.Runtime.linux-musl-arm, Microsoft.NetCore.App.Runtime.linux-arm64, Microsoft.NetCore.App.Runtime.linux-arm
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS1yZnhmLW1mNjMtY3Bxds4AA-no
open-telemetry has an Observable Timing Discrepancy
Ecosystems: go
Packages: github.com/open-telemetry/opentelemetry-collector-contrib/extension/bearertokenauthextension
Source: GitHub Advisory Database
Blast Radius: 13.8
Published: 3 months ago
High
GSA_kwCzR0hTQS1tM3B4LXZqeHItZng0bc4AA-jg
Filament Excel Vulnerable to Path Traversal Attack on Export Download Endpoint
Ecosystems: packagist
Packages: pxlrbt/filament-excel
Source: GitHub Advisory Database
Blast Radius: 10.5
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS1yeGZmLXZyNXItOGNqNc4AA-jf
Path traveral in Streamlit on windows
Ecosystems: pypi
Packages: streamlit
Source: GitHub Advisory Database
Blast Radius: 27.6
Published: 3 months ago
High
GSA_kwCzR0hTQS0yMzI2LWh4N2ctM205cs4AA-jM
Apache MINA SSHD: integrity check bypass
Ecosystems: maven
Packages: org.apache.sshd:sshd-common
Source: GitHub Advisory Database
Blast Radius: 13.1
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS14ajg3LW1xdmgtODh3Ms4AA-jK
fish-shop/syntax-check Improper Neutralization of Delimiters
Ecosystems: actions
Packages: fish-shop/syntax-check
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 months ago
Critical
GSA_kwCzR0hTQS02cjRqLTRyamMtOHZ3Nc4AA-jJ
RBAC Roles for `etcd` created by Kamaji are not disjunct
Ecosystems: go
Packages: github.com/clastix/kamaji
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
Low
GSA_kwCzR0hTQS1jNDd3LTltY2Ytdzk3Ms4AA-hx
Concrete CMS vulnerable to Stored Cross-site Scripting
Ecosystems: packagist
Packages: concrete5/concrete5
Source: GitHub Advisory Database
Blast Radius: 1.7
Published: 3 months ago
Low
GSA_kwCzR0hTQS1xNXd4LW05NXItNGNnY84AA-iF
Concrete CMS Stored Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: concrete5/concrete5
Source: GitHub Advisory Database
Blast Radius: 2.5
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS12M3g5LXdycTUtODY4as4AA-hc
Apache Answer: The link for resetting user password is not Single-Use
Ecosystems: go
Packages: github.com/apache/incubator-answer
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS1ndnB2LXIzMnYtOTczN84AA-hg
Apache Answer: The link to reset the user's password will remain valid after sending a new link
Ecosystems: go
Packages: github.com/apache/incubator-answer
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 months ago
High
GSA_kwCzR0hTQS1tOXE0LXA1Nm0tbWM2cc4AA-g9
Apache DolphinScheduler: RCE by arbitrary js execution
Ecosystems: maven
Packages: org.apache.dolphinscheduler:dolphinscheduler
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 months ago
High
GSA_kwCzR0hTQS04aGM0LXZoNjQtY3htas4AA-hD
Server-Side Request Forgery in axios
Ecosystems: npm
Packages: axios
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
High
GSA_kwCzR0hTQS00dnY0LWNydzQtOHBjd84AA-g5
Apache DolphinScheduler: Resource File Read And Write Vulnerability
Ecosystems: maven
Packages: org.apache.dolphinscheduler:dolphinscheduler
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 months ago
Critical
GSA_kwCzR0hTQS1wNzM0LXhnMjctOGNmcc4AA-hH
Prototype pollution in izatop bunt
Ecosystems: npm
Packages: @bunt/app
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
High
GSA_kwCzR0hTQS0zZjZnLW00aHItNTloOM4AA-gm
OpenFGA Authorization Bypass
Ecosystems: go
Packages: github.com/openfga/openfga
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS04NTdxLXhtcGgtcDJ2Nc4AA-gl
s2n-tls's mTLS API ordering may skip client authentication
Ecosystems: cargo
Packages: s2n-tls
Source: GitHub Advisory Database
Blast Radius: 6.3
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS1wY3dwLTI2cHctajk4d84AA-gi
CometVisu Backend for openHAB has a path traversal vulnerability
Ecosystems: maven
Packages: org.openhab.ui.bundles:org.openhab.ui.cometvisu
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 4 months ago
Critical
GSA_kwCzR0hTQS1mNzI5LTU4eDQtZ3FnZs4AA-gh
CometVisu Backend for openHAB affected by RCE through path traversal
Ecosystems: maven
Packages: org.openhab.ui.bundles:org.openhab.ui.cometvisu
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS0zZzRjLWhqaHItNzNyas4AA-gg
CometVisu Backend for openHAB has a sensitive information disclosure vulnerability
Ecosystems: maven
Packages: org.openhab.ui.bundles:org.openhab.ui.cometvisu
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 4 months ago
High
GSA_kwCzR0hTQS12N2dyLW1xcGotd3doM84AA-gf
CometVisu Backend for openHAB affected by SSRF/XSS
Ecosystems: maven
Packages: org.openhab.ui.bundles:org.openhab.ui.cometvisu
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS1qd2h4LXhjZzYtOHhoas4AA-ge
In aiohttp, compressed files as symlinks are not protected from path traversal
Ecosystems: pypi
Packages: aiohttp
Source: GitHub Advisory Database
Blast Radius: 23.1
Published: 4 months ago
Low
GSA_kwCzR0hTQS13Nmo2LXc2angtdmYycs4AA-gS
Concrete CMS Stored XSS in getAttributeSetName
Ecosystems: packagist
Packages: concrete5/concrete5
Source: GitHub Advisory Database
Blast Radius: 1.7
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS1tM3JoLWN2cjUteDZxNM4AA-gF
CosmWasm wasmd has large address count in ValidateBasic
Ecosystems: go
Packages: github.com/CosmWasm/wasmd
Source: GitHub Advisory Database
Blast Radius: 8.9
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS1yZzJxLTJqaDktNDQ3cc4AA-gE
Gas mispricing in cosmwasm-vm
Ecosystems: go, cargo
Packages: github.com/CosmWasm/wasmvm, github.com/CosmWasm/wasmvm/v2, cosmwasm-vm
Source: GitHub Advisory Database
Blast Radius: 19.9
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS1wNnc5LXI0NDMtcjc1Ms4AA-gA
Shopware vulnerable to blind SQL-injection in DAL aggregations
Ecosystems: packagist
Packages: shopware/core, shopware/platform
Source: GitHub Advisory Database
Blast Radius: 18.1
Published: 4 months ago
High
GSA_kwCzR0hTQS0zNWpwLThjZ2ctcDR3as4AA-f_
Shopware vulnerable to Server Side Template Injection in Twig using Context functions
Ecosystems: packagist
Packages: shopware/core, shopware/platform
Source: GitHub Advisory Database
Blast Radius: 20.5
Published: 4 months ago
High
GSA_kwCzR0hTQS0yN3dwLWp2aHctdjR4cM4AA-f-
Shopware vulnerable to Server Side Template Injection in Twig using deprecation silence tag
Ecosystems: packagist
Packages: shopware/core, shopware/platform
Source: GitHub Advisory Database
Blast Radius: 20.5
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS1oaGNxLXBoNnctNDk0Z84AA-f9
Shopware vulnerable to Improper Access Control with ManyToMany associations in store-api
Ecosystems: packagist
Packages: shopware/platform, shopware/core
Source: GitHub Advisory Database
Blast Radius: 13.1
Published: 4 months ago
High
GSA_kwCzR0hTQS05eDRxLTNneHctODQ5Zs4AA-f8
JupyterHub has a privilege escalation vulnerability with the `admin:users` scope
Ecosystems: pypi
Packages: jupyterhub
Source: GitHub Advisory Database
Blast Radius: 20.9
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS01anAzLXdwNXYtNTM2M84AA-fH
Open WebUI Stored Cross-Site Scripting Vulnerability
Ecosystems: pypi
Packages: open-webui
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 4 months ago
High
GSA_kwCzR0hTQS05bTVqLTR4eDktNDRqOc4AA-dn
Pulp incorrectly assigns RBAC permissions in tasks that create objects
Ecosystems: pypi
Packages: pulpcore
Source: GitHub Advisory Database
Blast Radius: 12.1
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS04cHY5LXFoOTYtOWhjNs4AA-cv
Jenkins does not perform a permission check in an HTTP endpoint
Ecosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS1yODM2LWhoNnYtcmc1Z84AA-cw
Django vulnerable to denial-of-service attack
Ecosystems: pypi
Packages: Django
Source: GitHub Advisory Database
Blast Radius: 26.8
Published: 4 months ago
Critical
GSA_kwCzR0hTQS1wdjRwLWN3d2ctNHJwaM4AA-c1
Django SQL injection vulnerability
Ecosystems: pypi
Packages: Django
Source: GitHub Advisory Database
Blast Radius: 46.0
Published: 4 months ago
High
GSA_kwCzR0hTQS1oODU2LWZmdnYteHZyNM4AA-cu
Jenkins Remoting library arbitrary file read vulnerability
Ecosystems: maven
Packages: org.jenkins-ci.main:jenkins-core, org.jenkins-ci.main:remoting
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS03OTVjLTl4cGMteHc2Z84AA-cz
Django vulnerable to a denial-of-service attack
Ecosystems: pypi
Packages: Django
Source: GitHub Advisory Database
Blast Radius: 26.8
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS1qaDc1LTk5aGgtcXZ4Oc4AA-c0
Django memory consumption vulnerability
Ecosystems: pypi
Packages: Django
Source: GitHub Advisory Database
Blast Radius: 26.8
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS1wM3BmLW1mZjgtM2g0N84AA-bg
Gorush uses deprecated TLS versions
Ecosystems: go
Packages: github.com/appleboy/gorush
Source: GitHub Advisory Database
Blast Radius: 4.5
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS0ycndqLTd4cTgtNGd4NM4AA-a5
Qwik has a potential mXSS vulnerability due to improper HTML escaping
Ecosystems: npm
Packages: @builder.io/qwik
Source: GitHub Advisory Database
Blast Radius: 18.2
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS1tOTl2LW1tZzItNjZ2Zs4AA-aj
Microweber Reflected Cross-site scripting (XSS) vulnerability
Ecosystems: packagist
Packages: microweber/microweber
Source: GitHub Advisory Database
Blast Radius: 4.3
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS1mODN3LXdxaGMtY2ZwNM4AA-aO
Matrix SDK for React's URL preview setting for a room is controllable by the homeserver
Ecosystems: npm
Packages: matrix-react-sdk
Source: GitHub Advisory Database
Blast Radius: 7.8
Published: 4 months ago
Critical
GSA_kwCzR0hTQS00aDRwLTU1M20tNDZxaM4AA-Zk
Gitea Cross-site Scripting Vulnerability
Ecosystems: go
Packages: code.gitea.io/gitea
Source: GitHub Advisory Database
Blast Radius: 15.5
Published: 4 months ago
Critical
GSA_kwCzR0hTQS0zam1tLWY2amotcmNjM84AA-ZC
rudder-server is vulnerable to SQL injection
Ecosystems: go
Packages: github.com/rudderlabs/rudder-server
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 months ago
Critical
GSA_kwCzR0hTQS05MnZjLTRmY3ctZzY4cc4AA-ZD
CasaOS Command Injection vulnerability
Ecosystems: go
Packages: github.com/IceWhaleTech/CasaOS
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS13eG00LTlmOHAtZ2dnds4AA-Y7
Flowise Cross-site Scripting in/api/v1/credentials/id
Ecosystems: npm
Packages: flowise
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS1mY2N4LTJwd2otaHJxN84AA-Y5
Flowise Cross-site Scripting in /api/v1/public-chatflows/id
Ecosystems: npm
Packages: flowise
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS0yamNoLXFjOTYtOWY1Z84AA-Y6
Flowise Cross-site Scripting in api/v1/chatflows/id
Ecosystems: npm
Packages: flowise
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS04NThjLXF4dngtcmc5ds4AA-Y8
Flowise Cross-site Scripting in /api/v1/chatflows-streaming/id
Ecosystems: npm
Packages: flowise
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 months ago
High
GSA_kwCzR0hTQS1oOTk3LTNmeGotcDVqOM4AA-Y2
Flowise Path Injection at /api/v1/openai-assistants-file
Ecosystems: npm
Packages: flowise
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 months ago
High
GSA_kwCzR0hTQS02NmYyLXh4Z20tZjZ4cM4AA-Y4
Flowise Cors Misconfiguration in packages/server/src/index.ts
Ecosystems: npm
Packages: flowise
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS05MzU1LTI3bTgtaDc0ds4AA-Yv
Owncast Path Traversal vulnerability
Ecosystems: go
Packages: github.com/owncast/owncast
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 months ago
Statistics
Advisories: 20,713
Packages: 9,066
Repositories: 5,542
Ecosystems: 12
Filter by Severity
Moderate 8,860 High 7,285 Critical 3,071 Low 1,148
Filter by Ecosystem
maven 5,870 packagist 4,634 pypi 4,392 npm 3,814 go 2,299 nuget 1,552 cargo 888 rubygems 880 swift 33 hex 32 actions 20 pub 9
Filter by Package
tensorflow 433 tensorflow-gpu 427 tensorflow-cpu 423 moodle/moodle 367 Microsoft.ChakraCore 247 magento/community-edition 235 org.jenkins-ci.main:jenkins-core 193 typo3/cms 174 org.apache.tomcat:tomcat 132 pimcore/pimcore 118 dolibarr/dolibarr 113 typo3/cms-core 106 Django 100 microweber/microweber 94 drupal/core 92 phpmyadmin/phpmyadmin 92 silverstripe/framework 85 apache-airflow 85 drupal/drupal 78 librenms/librenms 74 Plone 72 thorsten/phpmyfaq 70 com.fasterxml.jackson.core:jackson-databind 69 symfony/symfony 69 github.com/usememos/memos 64 ansible 63 github.com/mattermost/mattermost/server/v8 61 concrete5/concrete5 60 actionpack 60 salt 56 org.apache.struts:struts2-core 55 shopware/platform 52 apache-superset 51 org.keycloak:keycloak-core 51 github.com/grafana/grafana 49 baserproject/basercms 47 nova 47 craftcms/cms 46 mlflow 46 com.liferay.portal:release.portal.bom 46 django 44 nokogiri 43 rdiffweb 42 plone 41 shopware/core 40 showdoc/showdoc 40 intelliants/subrion 39 froxlor/froxlor 38 github.com/rancher/rancher 38 org.apache.tomcat.embed:tomcat-embed-core 38 vyper 38 org.xwiki.platform:xwiki-platform-oldcore 37 github.com/mattermost/mattermost-server/v6 37 github.com/hashicorp/vault 37 mautic/core 37 nilsteampassnet/teampass 37 com.thoughtworks.xstream:xstream 37 org.elasticsearch:elasticsearch 36 org.keycloak:keycloak-services 36 k8s.io/kubernetes 36 com.jfinal:jfinal 36 snipe/snipe-it 35 moin 35 net.mingsoft:ms-mcms 35 matrix-synapse 35 gradio 34 io.undertow:undertow-core 34 github.com/answerdev/answer 34 zendframework/zendframework1 34 org.jenkins-ci.plugins:script-security 33 keystone 32 parse-server 31 opencv-python 31 Pillow 31 opencv-contrib-python 31 github.com/argoproj/argo-cd 31 shopware/shopware 30 github.com/docker/docker 29 github.com/hashicorp/consul 29 getgrav/grav 29 github.com/hashicorp/nomad 28 mediawiki/core 28 github.com/argoproj/argo-cd/v2 27 centreon/centreon 27 prestashop/prestashop 26 directus 26 electron 26 pillow 26 openssl-src 26 org.apache.solr:solr-core 25 github.com/cilium/cilium 25 rubygems-update 25 gogs.io/gogs 25 org.keycloak:keycloak-parent 25 org.eclipse.jetty:jetty-server 24 org.springframework.security:spring-security-core 24 contao/core-bundle 24 magento/core 24 puppet 23 zendframework/zendframework 23 simplesamlphp/simplesamlphp 23 rack 23 remdex/livehelperchat 23 pocketmine/pocketmine-mp 23 grumpydictator/firefly-iii 23 org.bouncycastle:bcprov-jdk14 22 tribalsystems/zenario 22 ckb 22 getkirby/cms 22 org.apache.nifi:nifi 21 activerecord 21 org.apache.openmeetings:openmeetings-parent 21 Microsoft.AspNetCore.App.Runtime.win-x64 21 @openzeppelin/contracts-upgradeable 21 Microsoft.AspNetCore.App.Runtime.win-x86 21 glance 21 funadmin/funadmin 20 org.cloudfoundry.identity:cloudfoundry-identity-server 20 @openzeppelin/contracts 20 code.gitea.io/gitea 20 langchain 20 Microsoft.AspNetCore.App.Runtime.win-arm 20 laravel/framework 20 github.com/ethereum/go-ethereum 20 wasmtime 19 contao/contao 19 DotNetNuke.Core 19 org.xwiki.platform:xwiki-platform-web-templates 19 org.springframework:spring-core 19 github.com/goharbor/harbor 19 Microsoft.AspNetCore.App.Runtime.linux-musl-x64 18 Microsoft.AspNetCore.App.Runtime.linux-arm64 18 Microsoft.AspNetCore.App.Runtime.linux-arm 18 Microsoft.AspNetCore.App.Runtime.linux-x64 18 Microsoft.AspNetCore.App.Runtime.osx-x64 18 Microsoft.AspNetCore.App.Runtime.win-arm64 18 cobbler 18 next 18 mindsdb 18 golang.org/x/net 18 com.vaadin:vaadin-bom 18 cockpit-hq/cockpit 18 github.com/traefik/traefik/v2 18 topthink/framework 18 mercurial 18 com.liferay.portal:release.dxp.bom 18 forkcms/forkcms 18 genix/cms 17 Microsoft.AspNetCore.App.Runtime.linux-musl-arm64 17 symfony/security 17 cakephp/cakephp 17 francoisjacquet/rosariosis 17 ezsystems/ezpublish-kernel 17 org.apache.geode:geode-core 17 opencart/opencart 17 helm.sh/helm/v3 17 notebook 17 tinymce 16 org.apache.dubbo:dubbo 16 org.apache.jspwiki:jspwiki-main 16 typo3/cms-backend 16 pyload-ng 16 PaddlePaddle 16 neutron 16 yetiforce/yetiforce-crm 16 phpbb/phpbb 16 sequelize 16 rusqlite 16 cryptography 16 org.apache.activemq:activemq-client 16 openmage/magento-lts 16 paddlepaddle 16 github.com/zitadel/zitadel 16 org.bouncycastle:bcprov-jdk15 16 org.apache.struts.xwork:xwork-core 15 calibreweb 15 ethyca-fides 15 surrealdb 15 october/system 15 OctoPrint 15 smarty/smarty 15 symfony/security-http 15 ec-cube/ec-cube 15 ghost 15 ckeditor4 15 aiohttp 14 feehi/cms 14 pyftpdlib 14 joplin 14 org.xwiki.platform:xwiki-platform-web 14 publify_core 14 bolt/bolt 14 org.apache.inlong:manager-pojo 14 phpmailer/phpmailer 14 activesupport 14 modoboa 14 github.com/containerd/containerd 14 dompdf/dompdf 14 lollms 14 github.com/nats-io/nats-server/v2 14
Filter by Repository
https://github.com/tensorflow/tensorflow 433 https://github.com/moodle/moodle 218 https://github.com/chakra-core/ChakraCore 214 https://github.com/xwiki/xwiki-platform 183 https://github.com/jenkinsci/jenkins 150 https://github.com/django/django 113 https://github.com/pimcore/pimcore 113 https://github.com/apache/tomcat 101 https://github.com/apache/airflow 100 https://github.com/microweber/microweber 88 https://github.com/TYPO3/typo3 74 https://github.com/keycloak/keycloak 74 https://github.com/FasterXML/jackson-databind 70 https://github.com/thorsten/phpmyfaq 69 https://github.com/librenms/librenms 66 https://github.com/silverstripe/silverstripe-framework 64 https://github.com/usememos/memos 64 https://github.com/symfony/symfony 64 https://github.com/rails/rails 59 https://github.com/ansible/ansible 58 https://github.com/Dolibarr/dolibarr 56 https://github.com/kubernetes/kubernetes 53 https://github.com/python-pillow/Pillow 52 https://github.com/apache/struts 46 https://github.com/spring-projects/spring-framework 45 https://github.com/shopware/platform 43 https://github.com/ikus060/rdiffweb 42 https://github.com/argoproj/argo-cd 42 https://github.com/concretecms/concretecms 41 https://github.com/grafana/grafana 41 https://github.com/magento/magento2 38 https://github.com/star7th/showdoc 38 https://github.com/vyperlang/vyper 38 https://github.com/phpmyadmin/phpmyadmin 38 https://github.com/x-stream/xstream 37 https://github.com/openstack/nova 37 https://github.com/plone/Products.CMFPlone 37 https://github.com/mautic/mautic 35 https://github.com/octobercms/october 35 https://github.com/rancher/rancher 34 https://github.com/craftcms/cms 34 https://github.com/saltstack/salt 34 https://github.com/answerdev/answer 34 https://github.com/dotnet/runtime 33 https://github.com/apache/activemq 33 https://github.com/opencv/opencv 32 https://github.com/matrix-org/synapse 32 https://github.com/sparklemotion/nokogiri 32 https://github.com/go-gitea/gitea 32 https://github.com/parse-community/parse-server 31 https://github.com/gradio-app/gradio 31 https://github.com/PaddlePaddle/Paddle 31 https://github.com/snipe/snipe-it 30 https://github.com/mlflow/mlflow 30 https://github.com/shopware/shopware 28 https://github.com/CVEProject/cvelist 28 https://github.com/openstack/keystone 28 https://github.com/apache/inlong 27 https://github.com/baserproject/basercms 26 https://github.com/froxlor/froxlor 26 https://github.com/github/advisory-database 25 https://github.com/directus/directus 25 https://github.com/cilium/cilium 25 https://github.com/umbraco/Umbraco-CMS 25 https://github.com/electron/electron 25 https://github.com/contao/contao 25 https://github.com/getgrav/grav 24 https://github.com/strapi/strapi 24 https://github.com/gogs/gogs 24 https://github.com/TYPO3/TYPO3.CMS 24 https://github.com/apache/nifi 23 https://github.com/eclipse/jetty.project 23 https://github.com/livehelperchat/livehelperchat 23 https://github.com/firefly-iii/firefly-iii 23 https://github.com/pmmp/PocketMine-MP 23 https://github.com/langchain-ai/langchain 22 https://github.com/hashicorp/consul 22 https://github.com/PrestaShop/PrestaShop 22 https://github.com/nervosnetwork/ckb 22 https://github.com/jenkinsci/script-security-plugin 21 https://github.com/netty/netty 21 https://github.com/apache/cxf 21 https://github.com/OpenNMS/opennms 20 https://github.com/undertow-io/undertow 20 https://github.com/OpenZeppelin/openzeppelin-contracts 20 https://github.com/bytecodealliance/wasmtime 20 https://github.com/funadmin/funadmin 20 https://github.com/jeecgboot/jeecg-boot 20 https://github.com/simplesamlphp/simplesamlphp 20 https://github.com/cloudfoundry/uaa 19 https://github.com/goharbor/harbor 19 https://github.com/getkirby/kirby 19 https://github.com/nilsteampassnet/teampass 19 https://github.com/zitadel/zitadel 19 https://github.com/bcgit/bc-java 19 https://github.com/geoserver/geoserver 18 https://github.com/rack/rack 18 https://github.com/helm/helm 18 https://github.com/rubygems/rubygems 18 https://github.com/intelliants/subrion 18 https://github.com/nilsteampassnet/TeamPass 18 https://github.com/traefik/traefik 18 https://github.com/liufee/cms 17 https://github.com/hashicorp/vault 17 https://github.com/mindsdb/mindsdb 17 https://github.com/moby/moby 17 https://github.com/opencast/opencast 17 https://github.com/vaadin/platform 17 https://github.com/pyload/pyload 16 https://github.com/tinymce/tinymce 16 https://github.com/OpenMage/magento-lts 16 https://github.com/yetiforcecompany/yetiforcecrm 16 https://github.com/etcd-io/etcd 16 https://github.com/ethereum/go-ethereum 16 https://github.com/TYPO3-CMS/core 16 https://github.com/rusqlite/rusqlite 16 https://github.com/mattermost/mattermost 16 https://github.com/forkcms/forkcms 16 https://github.com/sequelize/sequelize 16 https://github.com/laravel/framework 16 https://github.com/backstage/backstage 16 https://github.com/centreon/centreon 15 https://github.com/cobbler/cobbler 15 https://github.com/vantage6/vantage6 15 https://github.com/apache/camel 15 https://github.com/decidim/decidim 15 https://github.com/puppetlabs/puppet 15 https://github.com/surrealdb/surrealdb 15 https://github.com/dompdf/dompdf 15 https://github.com/denoland/deno 15 https://github.com/ethyca/fides 15 https://github.com/pyca/cryptography 15 https://github.com/PHPMailer/PHPMailer 15 https://github.com/zendframework/zendframework 15 https://github.com/vercel/next.js 14 https://github.com/ckeditor/ckeditor4 14 https://github.com/cockpit-hq/cockpit 14 https://github.com/twisted/twisted 14 https://github.com/hashicorp/nomad 14 https://github.com/xuxueli/xxl-job 14 https://github.com/dotnet/aspnetcore 14 https://github.com/janeczku/calibre-web 14 https://github.com/aio-libs/aiohttp 14 https://github.com/containerd/containerd 14 https://github.com/quarkusio/quarkus 13 https://github.com/nodejs/undici 13 https://github.com/OpenRefine/OpenRefine 13 https://github.com/TryGhost/Ghost 13 https://github.com/dromara/hutool 13 https://github.com/ming-soft/MCMS 13 https://github.com/laurent22/joplin 13 https://github.com/modoboa/modoboa 13 https://github.com/swagger-api/swagger-ui 13 https://github.com/golang/go 13 https://github.com/OPCFoundation/UA-.NETStandard 13 https://github.com/apache/dolphinscheduler 13 https://github.com/publify/publify 13 https://github.com/containers/podman 12 https://github.com/apache/kylin 12 https://github.com/patriksimek/vm2 12 https://github.com/PHPOffice/PhpSpreadsheet 12 https://github.com/centreon/centreon-archived 12 https://github.com/pimcore/admin-ui-classic-bundle 12 https://github.com/urllib3/urllib3 12 https://github.com/opencontainers/runc 12 https://github.com/openfga/openfga 12 https://github.com/puma/puma 12 https://github.com/openstack/glance 12 https://github.com/wagtail/wagtail 12 https://github.com/1Panel-dev/1Panel 12 https://github.com/smarty-php/smarty 12 https://github.com/cloudflare/cfrpki 11 https://github.com/matrix-org/matrix-js-sdk 11 https://github.com/zenml-io/zenml 11 https://github.com/yiisoft/yii2 11 https://github.com/nats-io/nats-server 11 https://github.com/thorsten/phpMyFAQ 11 https://github.com/igniterealtime/Openfire 11 https://github.com/drupal/core 11 https://github.com/cakephp/cakephp 11 https://github.com/scrapy/scrapy 11 https://github.com/pomerium/pomerium 11 https://github.com/ezsystems/ezpublish-kernel 11 https://github.com/Studio-42/elFinder 11 https://github.com/Pylons/waitress 11 https://github.com/NodeBB/NodeBB 11 https://github.com/dolibarr/dolibarr 11 https://github.com/owen2345/camaleon-cms 11 https://github.com/vaadin/flow 11 https://github.com/spring-projects/spring-security 11 https://github.com/getsentry/sentry 11 https://github.com/top-think/framework 11 https://github.com/onionshare/onionshare 11 https://github.com/dpgaspar/Flask-AppBuilder 11 https://github.com/Sylius/Sylius 11 https://github.com/WWBN/AVideo 11 https://github.com/nextauthjs/next-auth 10 https://github.com/pgadmin-org/pgadmin4 10 https://github.com/codeigniter4/CodeIgniter4 10