Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Critical Security Advisories

Loading...
Critical
GSA_kwCzR0hTQS00cXBqLWd4eGctanFnNM4AA8jN
Swiftmailer Sendmail transport arbitrary shell execution
Ecosystems: packagist
Packages: swiftmailer/swiftmailer
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 8 hours ago
Critical
GSA_kwCzR0hTQS1qNmN2LTk4angtbXJ3cs4AA8jD
Mocodo vulnerable to SQL injection in `/web/generate.php`
Ecosystems: pypi
Packages: mocodo
Source: GitHub Advisory Database
Blast Radius: 7.6
Published: 1 day ago
Critical
GSA_kwCzR0hTQS1manIyLXIybXAtNDg0cM4AA8jC
SimpleSAMLphp signature validation bypass
Ecosystems: packagist
Packages: simplesamlphp/simplesamlphp
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 1 day ago
Critical
GSA_kwCzR0hTQS1xOHg3LWpjM2gtcDh4Y84AA8iU
Dolibarr vulnerable to SQL Injection
Ecosystems: packagist
Packages: dolibarr/dolibarr
Source: GitHub Advisory Database
Blast Radius: 7.1
Published: 5 days ago
Critical
GSA_kwCzR0hTQS1jM2g5LXEzangtdzdmY84AA8iT
Dolibarr vulnerable to SQL Injection
Ecosystems: packagist
Packages: dolibarr/dolibarr
Source: GitHub Advisory Database
Blast Radius: 7.1
Published: 5 days ago
Critical
GSA_kwCzR0hTQS04djZtLTdmNXYtaGh4Ns4AA8iN
Silverstripe Brute force bypass on default admin
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 33.1
Published: 6 days ago
Critical
GSA_kwCzR0hTQS13eDI0LXZxcmctbTZtNc4AA8gT
VuFind Server-Side Request Forgery (SSRF) vulnerability
Ecosystems: packagist
Packages: vufind/vufind
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 7 days ago
Critical
GSA_kwCzR0hTQS1md2hjLW1tOXEtbXFxOM4AA8gN
VuFind Server-Side Request Forgery (SSRF) vulnerability
Ecosystems: packagist
Packages: vufind/vufind
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 7 days ago
Critical
GSA_kwCzR0hTQS1qcWZmLThnMnYtNjQyaM4AA8db
NASA AIT-Core vulnerable to remote code execution
Ecosystems: pypi
Packages: ait-core
Source: GitHub Advisory Database
Blast Radius: 6.8
Published: 8 days ago
Critical
GSA_kwCzR0hTQS04M2p2LTRwcm0tMzRnN84AA8da
Shopware Remote Code Execution Vulnerability
Ecosystems: packagist
Packages: shopware/shopware
Source: GitHub Advisory Database
Blast Radius: 16.2
Published: 8 days ago
Critical
GSA_kwCzR0hTQS03MzM2LWdoaHAtZjJxas4AA8dZ
Shopware Remote Code Execution Vulnerability
Ecosystems: packagist
Packages: shopware/shopware
Source: GitHub Advisory Database
Blast Radius: 16.2
Published: 8 days ago
Critical
GSA_kwCzR0hTQS1xM2c0LTJ2dzkteHYyN84AA8dX
Shopware Remote Code Execution Vulnerability
Ecosystems: packagist
Packages: shopware/shopware
Source: GitHub Advisory Database
Blast Radius: 16.2
Published: 8 days ago
Critical
GSA_kwCzR0hTQS12OWhmLTVqODMtNnhwcM4AA8dB
PyMySQL SQL Injection vulnerability
Ecosystems: pypi
Packages: pymysql
Source: GitHub Advisory Database
Blast Radius: 40.6
Published: 8 days ago
Critical
GSA_kwCzR0hTQS05NzY2LTUyNzctajVocs4AA8aY
ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache
Ecosystems: go
Packages: github.com/argoproj/argo-cd, github.com/argoproj/argo-cd/v2
Source: GitHub Advisory Database
Blast Radius: 19.7
Published: 8 days ago
Critical
GSA_kwCzR0hTQS03ZzdjLXFoZjMteDU5cM4AA8V0
propel/propel1 SQL injection possible with limit() on MySQL
Ecosystems: packagist
Packages: propel/propel1
Source: GitHub Advisory Database
Blast Radius: 28.1
Published: 9 days ago
Critical
GSA_kwCzR0hTQS03dnc3LXF4MzgtMzd2cs4AA8Vz
Propel2 SQL injection possible with limit() on MySQL
Ecosystems: packagist
Packages: propel/propel
Source: GitHub Advisory Database
Blast Radius: 27.1
Published: 9 days ago
Critical
GSA_kwCzR0hTQS1ycTZxLWhqdmgtNW13aM4AA8Rv
Flow Swift Mailer package Remote code execution
Ecosystems: packagist
Packages: neos/swiftmailer
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 12 days ago
Critical
GSA_kwCzR0hTQS00cnI2LWdmNTktZ2d3Nc4AA8Rn
namshi/jose - Verification bypass
Ecosystems: packagist
Packages: namshi/jose
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 12 days ago
Critical
GSA_kwCzR0hTQS0zNzgzLTYydmMtanI3eM4AA8K_
ConsoleMe has an Arbitrary File Read Vulnerability via Limited Git command
Ecosystems: pypi
Packages: consoleme
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 13 days ago
Critical
GSA_kwCzR0hTQS04ajdjLTY4MngtcjlmMs4AA8I2
Magento RCE,XSS and other vulnerabilities
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 14 days ago
Critical
GSA_kwCzR0hTQS01Z21oLTg1eDgtNWN4N84AA8I0
Magento remote code execution (RCE), Cross-Site Scripting (XSS) and other vulnerabilities
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 14 days ago
Critical
GSA_kwCzR0hTQS1jdjI1LTNweHItNHE3eM4AA8Iz
Magento Open Source Security Advisory: Patch SUPEE-10975
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 14 days ago
Critical
GSA_kwCzR0hTQS0yNmhxLTcyODYtbWc4Zs4AA8Iy
Magento Patch SUPEE-9652 - Remote Code Execution using mail vulnerability
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 14 days ago
Critical
GSA_kwCzR0hTQS02d200LTNyamotYzh4eM4AA8Ix
Magento Security enhancements that help close RCE,XSS,CSRF and other vulnerabilities
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 14 days ago
Critical
GSA_kwCzR0hTQS1wcnBmLWNqODctaHd2cs4AA8Iw
Magento Patch SUPEE-10752 - Multiple security enhancements vulnerabilities
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 14 days ago
Critical
GSA_kwCzR0hTQS1xbTVjLW03NnItMmhmcs4AA8Ip
Laravel RCE vulnerability in "cookie" session driver
Ecosystems: packagist
Packages: laravel/framework
Source: GitHub Advisory Database
Blast Radius: 56.8
Published: 14 days ago
Critical
GSA_kwCzR0hTQS0yZmZ2LXI0cjktcjh4cs4AA8Ie
Laravel RCE vulnerability in "cookie" session driver
Ecosystems: packagist
Packages: illuminate/cookie
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 14 days ago
Critical
GSA_kwCzR0hTQS05Z3h2LXg3cnAtcjJoY84AA8Ib
gree/jose - "None" Algorithm treated as valid in tokens
Ecosystems: packagist
Packages: gree/jose
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 14 days ago
Critical
GSA_kwCzR0hTQS1oNTMzLTV2MjItOHZjcM4AA8IT
firebase/php-jwt: "None" Algorithm treated as valid on tokens
Ecosystems: packagist
Packages: firebase/php-jwt
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 14 days ago
Critical
GSA_kwCzR0hTQS1qZjhjLTM2dnctOTh4NM4AA8HT
Drupal core Remote Code Execution
Ecosystems: packagist
Packages: drupal/drupal
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 14 days ago
Critical
GSA_kwCzR0hTQS1qang3LTg0NjItdzRtNM4AA8HS
Drupal Core Insufficient Contextual Links validation leads to Remote Code Execution
Ecosystems: packagist
Packages: drupal/drupal
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 14 days ago
Critical
GSA_kwCzR0hTQS03djY4LTNwcjUtaDNjcs4AA8HF
Drupal Core Insufficient Contextual Links validation leads to Remote Code Execution
Ecosystems: packagist
Packages: drupal/core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 14 days ago
Critical
GSA_kwCzR0hTQS02bWdwLXY1Y20tZ2hnNc4AA8HE
Drupal core Remote Code Execution
Ecosystems: packagist
Packages: drupal/core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 14 days ago
Critical
GSA_kwCzR0hTQS02cTl2LTRocTYtNW02N84AA8G_
Doctrine SQL injection vulnerability
Ecosystems: packagist
Packages: doctrine/orm
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 14 days ago
Critical
GSA_kwCzR0hTQS13eHh3LTVncTYtajJnNc4AA8G5
contao/core Insufficient input validation allows for code injection and remote execution
Ecosystems: packagist
Packages: contao/core
Source: GitHub Advisory Database
Blast Radius: 25.1
Published: 14 days ago
Critical
GSA_kwCzR0hTQS0yN3FyLTYzNm0td3hnMs4AA8GR
codeigniter/framework SQL injection in ODBC database driver
Ecosystems: packagist
Packages: codeigniter/framework
Source: GitHub Advisory Database
Blast Radius: 27.1
Published: 14 days ago
Critical
GSA_kwCzR0hTQS1oNjNjLXh2cGYtMjY0as4AA8GG
ADOdb SQL injection vulnerability
Ecosystems: packagist
Packages: adodb/adodb-php
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 14 days ago
Critical
GSA_kwCzR0hTQS00MnE3LTk1ajctdzYybc4AA8GE
Mautic is vulnerable to XSS vulnerability
Ecosystems: packagist
Packages: mautic/core
Source: GitHub Advisory Database
Blast Radius: 4.6
Published: 14 days ago
Critical
GSA_kwCzR0hTQS14M3dtLWhmZnItY2h3bc4AA8GB
Amazon JDBC Driver for Redshift SQL Injection via line comment generation
Ecosystems: maven
Packages: com.amazon.redshift:redshift-jdbc42
Source: GitHub Advisory Database
Blast Radius: 28.5
Published: 14 days ago
Critical
GSA_kwCzR0hTQS12cWM0LW1wajgtanhjaM4AA8Er
Grafana Race condition allowing privilege escalation
Ecosystems: go
Packages: github.com/grafana/grafana
Source: GitHub Advisory Database
Blast Radius: 16.6
Published: 15 days ago
Critical
GSA_kwCzR0hTQS1tcHdwLTQyeDYtNHdteM4AA8Eh
Grafana Fine-grained access control vulnerability
Ecosystems: go
Packages: github.com/grafana/grafana
Source: GitHub Advisory Database
Blast Radius: 15.5
Published: 15 days ago
Critical
GSA_kwCzR0hTQS00NXZtLTNqMzgtN3A3OM4AA8ER
PrestaShop cross-site scripting via customer contact form in FO, through file upload
Ecosystems: packagist
Packages: prestashop/prestashop
Source: GitHub Advisory Database
Blast Radius: 2.9
Published: 15 days ago
Critical
GSA_kwCzR0hTQS12cGo4LXhmcWMtamN2Oc4AA79_
Cockpit CMS contains an arbitrary file upload vulenrability
Ecosystems: packagist
Packages: cockpit-hq/cockpit
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 15 days ago
Critical
GSA_kwCzR0hTQS0zMzh4LWhmeDgtdng5eM4AA78P
Apache Karaf Cave: Cave SSRF and arbitrary file access
Ecosystems: maven
Packages: org.apache.karaf:cave
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 15 days ago
Critical
GSA_kwCzR0hTQS14Y3A0LTYydmotY3Ezcs4AA74o
@valtimo/components exposes access token to form.io
Ecosystems: npm
Packages: @valtimo/components
Source: GitHub Advisory Database
Blast Radius: 4.7
Published: 16 days ago
Critical
GSA_kwCzR0hTQS01NnhnLXdmY2MtZzgyOc4AA74j
llama-cpp-python vulnerable to Remote Code Execution by Server-Side Template Injection in Model Metadata
Ecosystems: pypi
Packages: llama-cpp-python
Source: GitHub Advisory Database
Blast Radius: 31.3
Published: 16 days ago
Critical
GSA_kwCzR0hTQS14NTI1LTU0aGYteHI1M84AA74W
Blind XSS Leading to Froxlor Application Compromise
Ecosystems: packagist
Packages: froxlor/froxlor
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 19 days ago
Critical
GSA_kwCzR0hTQS1teGhxLXh3M2ctcnBoY84AA74V
lobe-chat `/api/proxy` endpoint Server-Side Request Forgery vulnerability
Ecosystems: npm
Packages: @lobehub/chat
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 19 days ago
Critical
GSA_kwCzR0hTQS13cGN2LTVqZ3AtNjlmM84AA74R
Genie Path Traversal vulnerability via File Uploads
Ecosystems: maven
Packages: com.netflix.genie:genie-web
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 20 days ago
Critical
GSA_kwCzR0hTQS13NGg2LTl3cnAtdjVqcc4AA74M
Malicious Long Unicode filenames may cause a Multiple Application-level Denial of Service
Ecosystems: pypi
Packages: frigate
Source: GitHub Advisory Database
Blast Radius: 4.4
Published: 20 days ago
Critical
GSA_kwCzR0hTQS1mM2g3LWdwamotd2N2aM4AA732
Spin applications with specific configuration vulnerable to potential network sandbox escape
Ecosystems: cargo
Packages: spin-sdk
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 21 days ago
Critical
GSA_kwCzR0hTQS12ODRoLTY1M3YtNHBxOc4AA7vR
Some CORS middleware allow untrusted origins
Ecosystems: go
Packages: github.com/jub0bs/fcors
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 26 days ago
Critical
GSA_kwCzR0hTQS12aHh2LWZnNG0tcDJ3OM4AA7vQ
Some CORS middleware allow untrusted origins
Ecosystems: go
Packages: github.com/jub0bs/cors
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 26 days ago
Critical
GSA_kwCzR0hTQS1xOXA0LWh3OW0tZmoyds4AA7fR
Apollo Router vulnerable to Critical Regression In Query Plan Cache
Ecosystems: cargo
Packages: apollo-router
Source: GitHub Advisory Database
Blast Radius: 5.5
Published: 28 days ago
Critical
GSA_kwCzR0hTQS0yeHAzLTU3cDctcWY0ds4AA7eK
xml-crypto vulnerable to XML signature verification bypass due improper verification of signature/signature spoofing
Ecosystems: npm
Packages: xml-crypto
Source: GitHub Advisory Database
Blast Radius: 38.7
Published: 28 days ago
Critical
GSA_kwCzR0hTQS0zNDZoLTc0OWotcjI4d84AA7UE
PHPECC vulnerable to multiple cryptographic side-channel attacks
Ecosystems: packagist
Packages: mdanter/ecc
Source: GitHub Advisory Database
Blast Radius: 24.9
Published: about 1 month ago
Critical
GSA_kwCzR0hTQS0zZjd3LXA4dnItNHY1Zs4AA7Ss
pyLoad allows upload to arbitrary folder lead to RCE
Ecosystems: pypi
Packages: pyload-ng
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 month ago
Critical
GSA_kwCzR0hTQS1yN2g3LWNoaDQtNXJ2bc4AA7Sn
Improper Access Control in Gitea
Ecosystems: go
Packages: github.com/go-gitea/gitea
Source: GitHub Advisory Database
Blast Radius: 15.8
Published: about 1 month ago
Critical
GSA_kwCzR0hTQS04MjhyLXIyYzgtcmZ3M84AA7Sl
Privilege Escalation in kubevirt
Ecosystems: go
Packages: kubevirt.io/kubevirt
Source: GitHub Advisory Database
Blast Radius: 16.3
Published: about 1 month ago
Critical
GSA_kwCzR0hTQS1xaDl3LXI3ZzUtcTkzOc4AA7QZ
Zend Framework SQL injection vulnerability
Ecosystems: packagist
Packages: zendframework/zendframework, zendframework/zend-db, zendframework/zendframework1
Source: GitHub Advisory Database
Blast Radius: 38.2
Published: about 1 month ago
Critical
GSA_kwCzR0hTQS0yOTd4LWo5cG0teGpnZ84AA7QY
Drupal Core Remote Code Execution Vulnerability
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 36.5
Published: about 1 month ago
Critical
GSA_kwCzR0hTQS03dmY0LXg1bTItcjZncs4AA7QP
OpenMetadata vulnerable to SpEL Injection in `PUT /api/v1/policies` (`GHSL-2023-252`)
Ecosystems: maven
Packages: org.open-metadata:openmetadata-service
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 month ago
Critical
GSA_kwCzR0hTQS00cmNoLTJmaDgtOTR2d84AA7Pp
MySQL2 for Node Arbitrary Code Injection
Ecosystems: npm
Packages: mysql2
Source: GitHub Advisory Database
Blast Radius: 50.0
Published: about 1 month ago
Critical
GSA_kwCzR0hTQS0yOXJjLXZxN2YteDMzNc4AA7O2
Apache HugeGraph-Server: Command execution in gremlin
Ecosystems: maven
Packages: org.apache.hugegraph:hugegraph-core, org.apache.hugegraph:hugegraph-api
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 month ago
Critical
GSA_kwCzR0hTQS1xNjRoLTM5aHYtNGNmN84AA7KO
HashiCorp go-getter Vulnerable to Argument Injection When Fetching Remote Default Git Branches
Ecosystems: go
Packages: github.com/hashicorp/go-getter
Source: GitHub Advisory Database
Blast Radius: 37.6
Published: about 1 month ago
Critical
GSA_kwCzR0hTQS12NnJ3LWhoZ2ctd2M0eM4AA7I5
Evmos vulnerable to DOS and transaction fee expropiation through Authz exploit
Ecosystems: go
Packages: github.com/evmos/evmos/v11
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 month ago
Critical
GSA_kwCzR0hTQS1yNmdwLXJmZjItcDNoZs4AA7Ca
llama-index-core Command Injection vulnerability
Ecosystems: pypi
Packages: llama-index-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 month ago
Critical
GSA_kwCzR0hTQS1ocTg4LXdnN3EtZ3A0Z84AA7CC
mlflow vulnerable to Path Traversal
Ecosystems: pypi
Packages: mlflow
Source: GitHub Advisory Database
Blast Radius: 34.5
Published: about 1 month ago
Critical
GSA_kwCzR0hTQS02aDNmLTQzdnEtNTNoas4AA7CV
Directory traversal in zenml
Ecosystems: pypi
Packages: zenml
Source: GitHub Advisory Database
Blast Radius: 16.3
Published: about 1 month ago
Critical
GSA_kwCzR0hTQS1odmo1LW12dzktOTNqM84AA7CZ
Insecure deserialization in BentoML
Ecosystems: pypi
Packages: bentoml
Source: GitHub Advisory Database
Blast Radius: 26.4
Published: about 1 month ago
Critical
GSA_kwCzR0hTQS1mcHc3LWoyaGctNjl2Nc4AA66u
mysql2 Remote Code Execution (RCE) via the readCodeFor function
Ecosystems: npm
Packages: mysql2
Source: GitHub Advisory Database
Blast Radius: 50.0
Published: about 2 months ago
Critical
GSA_kwCzR0hTQS0zZnA1LTJ4d2gtZnhtNs4AA657
Evmos transaction execution not accounting for all state transition after interaction with precompiles
Ecosystems: go
Packages: github.com/tharsis/evmos/v5, github.com/tharsis/evmos/v4, github.com/tharsis/evmos/v3, github.com/tharsis/evmos/v2, github.com/tharsis/evmos, github.com/evmos/evmos/v5, github.com/evmos/evmos/v6, github.com/evmos/evmos/v7, github.com/evmos/evmos/v16
Source: GitHub Advisory Database
Blast Radius: 5.5
Published: about 2 months ago
Critical
GSA_kwCzR0hTQS13dnB4LWc0MjctcTl3Y84AA64y
llama-index-core Prompt Injection vulnerability leading to Arbitrary Code Execution
Ecosystems: pypi
Packages: llama-index-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 months ago
Critical
GSA_kwCzR0hTQS13eDQzLWc1NWctMmpmNM4AA64K
LocalAI Command Injection in audioToWav
Ecosystems: go
Packages: github.com/go-skynet/LocalAI
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
Critical
GSA_kwCzR0hTQS1teHZ3LWNqMzctOGcyaM4AA64v
Aim Web API vulnerable to Remote Code Execution
Ecosystems: pypi
Packages: aim
Source: GitHub Advisory Database
Blast Radius: 20.9
Published: about 2 months ago
Critical
GSA_kwCzR0hTQS00NmNtLXBmd3YtY2dmOM4AA64p
LiteLLM has Server-Side Template Injection vulnerability in /completions endpoint
Ecosystems: pypi
Packages: litellm
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
Critical
GSA_kwCzR0hTQS1jMmdnLTRncTQtanY1as4AA630
XWiki Platform remote code execution from account through UIExtension parameters
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-uiextension-api
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 months ago
Critical
GSA_kwCzR0hTQS1oZjQzLTQ3cTQtZmhxNc4AA63z
XWiki Commons missing escaping of `{` in Velocity escapetool allows remote code execution
Ecosystems: maven
Packages: org.xwiki.commons:xwiki-commons-velocity
Source: GitHub Advisory Database
Blast Radius: 18.1
Published: about 2 months ago
Critical
GSA_kwCzR0hTQS1yNXZoLWdjM3ItcjI0d84AA63v
XWiki Platform CSRF remote code execution through the realtime HTML Converter API
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-realtime-ui
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 months ago
Critical
GSA_kwCzR0hTQS1jdjU1LXY2cnctN3I1ds4AA63u
XWiki Platform remote code execution from account via custom skins support
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-oldcore
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 months ago
Critical
GSA_kwCzR0hTQS0zN200LWhxeHYtdzI2Z84AA63t
XWiki Platform CSRF remote code execution through scheduler job's document reference
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-scheduler-ui
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 months ago
Critical
GSA_kwCzR0hTQS14bTRoLTNqeHItbTNjNs4AA63r
XWiki Platform: Remote code execution through space title and Solr space facet
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-search-solr-ui
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 months ago
Critical
GSA_kwCzR0hTQS14eHAyLTljOWctN3dtas4AA63q
XWiki Platform: Remote code execution from edit in multilingual wikis via translations
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-localization-source-wiki
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 months ago
Critical
GSA_kwCzR0hTQS0yODU4LThjZngtNjltOc4AA63p
XWiki Platform: Remote code execution as guest via DatabaseSearch
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-search-ui
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 months ago
Critical
GSA_kwCzR0hTQS12eHdyLXdwanYtcWpxN84AA63o
XWiki Platform: Privilege escalation (PR) from user registration through PDFClass
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-oldcore
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 months ago
Critical
GSA_kwCzR0hTQS0zNGZqLXI1Z3EtNzM5Nc4AA63n
XWiki Platform: Remote code execution from account via SearchSuggestSourceSheet
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-search-ui
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 months ago
Critical
GSA_kwCzR0hTQS02Nmo4LWM4M20tZ2o1Zs4AA6wb
Apache Zeppelin remote code execution by adding malicious JDBC connection string
Ecosystems: maven
Packages: org.apache.zeppelin:zeppelin-jdbc
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
Critical
GSA_kwCzR0hTQS1qNDk2LWNyZ2gtMzRteM4AA6qW
ibc-go: Potential Reentrancy using Timeout Callbacks in ibc-hooks
Ecosystems: go
Packages: github.com/cosmos/ibc-go, github.com/cosmos/ibc-go/v2, github.com/cosmos/ibc-go/v3, github.com/cosmos/ibc-go/v8, github.com/cosmos/ibc-go/v7, github.com/cosmos/ibc-go/v6, github.com/cosmos/ibc-go/v5, github.com/cosmos/ibc-go/v4
Source: GitHub Advisory Database
Blast Radius: 24.8
Published: about 2 months ago
Critical
GSA_kwCzR0hTQS01Z21tLTZtMzYtcjdqaM4AA6qS
transpose: Buffer overflow due to integer overflow
Ecosystems: cargo
Packages: transpose
Source: GitHub Advisory Database
Blast Radius: 28.5
Published: about 2 months ago
Critical
GSA_kwCzR0hTQS12YzZxLWNjajktOXI4Oc4AA6py
MailDev Remote Code Execution
Ecosystems: npm
Packages: maildev
Source: GitHub Advisory Database
Blast Radius: 24.5
Published: about 2 months ago
Critical
GSA_kwCzR0hTQS03bXhnLXI3NnAtMzYzZ84AA6kT
Gleez Cms Server Side Request Forgery (SSRF) vulnerability
Ecosystems: packagist
Packages: gleez/cms
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 months ago
Critical
GSA_kwCzR0hTQS13M3ZjLWZ4OXAtd3A0ds4AA6JP
Jupyter Server Proxy's Websocket Proxying does not require authentication
Ecosystems: pypi
Packages: jupyter-server-proxy
Source: GitHub Advisory Database
Blast Radius: 24.2
Published: 2 months ago
Critical
GSA_kwCzR0hTQS02aGg3LTQ2cjItdmYyOc4AA6JD
Server crashes on invalid Cloud Function or Cloud Job name
Ecosystems: npm
Packages: parse-server
Source: GitHub Advisory Database
Blast Radius: 28.1
Published: 2 months ago
Critical
GSA_kwCzR0hTQS1qd3Y1LThtcXYtZzM4N84AA6CM
Cross-site scripting on application summary component
Ecosystems: go
Packages: github.com/argoproj/argo-cd, github.com/argoproj/argo-cd/v2
Source: GitHub Advisory Database
Blast Radius: 19.7
Published: 3 months ago
Critical
GSA_kwCzR0hTQS00OTRoLTk5MjQteHd3Oc4AA6B3
Pterodactyl Wings vulnerable to improper isolation of server file access
Ecosystems: go
Packages: github.com/pterodactyl/wings
Source: GitHub Advisory Database
Blast Radius: 3.0
Published: 3 months ago
Critical
GSA_kwCzR0hTQS04ODMyLTRtbTUteDJyNs4AA6Aa
discordrb OS Command Injection vulnerability
Ecosystems: rubygems
Packages: discordrb
Source: GitHub Advisory Database
Blast Radius: 24.7
Published: 3 months ago
Critical
GSA_kwCzR0hTQS0zcTZnLXFtcHgtcnF3NM4AA6AY
Whoogle Search Server-Side Request Forgery vulnerability
Ecosystems: pypi
Packages: whoogle-search
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
Critical
GSA_kwCzR0hTQS1xOTdnLWMyOWgteDJwN84AA6Ab
Whoogle Search Path Traversal vulnerability
Ecosystems: pypi
Packages: whoogle-search
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
Critical
GSA_kwCzR0hTQS1yajk4LWNyZjQtZzY5d84AA51E
pgAdmin 4 vulnerable to Unsafe Deserialization and Remote Code Execution by an Authenticated user
Ecosystems: pypi
Packages: pgAdmin4
Source: GitHub Advisory Database
Blast Radius: 17.1
Published: 3 months ago
Critical
GSA_kwCzR0hTQS03NWpwLXZxOHgtaDRjcc4AA501
Wasmi Out-of-bounds Write for host to Wasm calls with more than 128 Parameters
Ecosystems: cargo
Packages: wasmi
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
Statistics
Advisories: 18,946
Packages: 8,441
Repositories: 1,307
Ecosystems: 12
Filter by Package
magento/community-edition 34 dolibarr/dolibarr 25 com.fasterxml.jackson.core:jackson-databind 24 net.mingsoft:ms-mcms 18 org.jenkins-ci.main:jenkins-core 18 salt 17 moodle/moodle 15 drupal/core 14 topthink/framework 13 com.liferay.portal:release.portal.bom 13 org.apache.dubbo:dubbo 12 com.liferay.portal:release.dxp.bom 12 mlflow 12 langchain 12 magento/core 11 org.apache.struts:struts2-core 11 apache-airflow 10 drupal/drupal 10 vm2 10 org.xwiki.platform:xwiki-platform-oldcore 9 tensorflow 9 funadmin/funadmin 9 phpmyadmin/phpmyadmin 9 paddlepaddle 8 org.jeecgframework.boot:jeecg-boot-common 8 tensorflow-gpu 8 tensorflow-cpu 8 org.xwiki.platform:xwiki-platform-web-templates 8 froxlor/froxlor 8 shopware/platform 8 rdiffweb 8 gogs.io/gogs 7 symfony/symfony 7 org.xwiki.platform:xwiki-platform-administration-ui 7 sequelize 7 github.com/argoproj/argo-cd 7 rusqlite 7 ansible 7 studio-42/elfinder 7 parse-server 6 ezsystems/ezpublish-kernel 6 aaptjs 6 thorsten/phpmyfaq 6 github.com/answerdev/answer 6 steal 5 org.xwiki.platform:xwiki-platform-web 5 nodebb 5 org.jenkins-ci.plugins:script-security 5 centreon/centreon 5 shopware/core 5 org.jeecgframework.boot:jeecg-boot-parent 5 django 5 ckb 5 safe-eval 5 zendframework/zendframework 5 org.apache.inlong:manager-pojo 5 github.com/argoproj/argo-cd/v2 5 mercurial 5 prestashop/prestashop 5 org.xwiki.commons:xwiki-commons-xml 5 mautic/core 5 org.apache.activemq:activemq-client 5 Pillow 5 org.apache.shiro:shiro-core 5 Microsoft.ChakraCore 5 org.cloudfoundry.identity:cloudfoundry-identity-server 4 PaddlePaddle 4 org.apache.kylin:kylin-server-base 4 shopware/shopware 4 librenms/librenms 4 contao/contao 4 org.xwiki.platform:xwiki-platform-flamingo-skin-resources 4 contao/core-bundle 4 simplesamlphp/simplesamlphp 4 spree_auth_devise 4 nilsteampassnet/teampass 4 github.com/hashicorp/vault 4 org.apache.tomcat.embed:tomcat-embed-core 4 org.eclipse.jetty:jetty-server 4 code.gitea.io/gitea 4 hermes-engine 4 github.com/usememos/memos 4 realms-shim 4 pyload-ng 4 github.com/grafana/grafana 4 swagger-ui 4 org.jeecgframework.boot:jeecg-boot-base-core 4 nukeviet/nukeviet 4 safer-eval 4 baserproject/basercms 4 org.apache.openmeetings:openmeetings-parent 4 Django 4 net.opentsdb:opentsdb 4 org.apache.inlong:manager-service 4 messagepack-rs 4 org.xwiki.platform:xwiki-platform-appwithinminutes-ui 4 apache-airflow-providers-apache-hive 4 feehi/cms 4 openssl-src 4 smallvec 4 org.apache.tapestry:tapestry-core 4 calibreweb 4 phpmailer/phpmailer 3 nvflare 3 codeigniter/framework 3 symfony/security 3 org.keycloak:keycloak-core 3 org.xwiki.platform:xwiki-platform-search-ui 3 edu.stanford.nlp:stanford-corenlp 3 showdoc/showdoc 3 jsrsasign 3 tribalsystems/zenario 3 dompdf/dompdf 3 github.com/rancher/rancher 3 org.xwiki.platform:xwiki-platform-panels-ui 3 codeigniter4/framework 3 org.xwiki.platform:xwiki-platform-flamingo-theme-ui 3 modoboa 3 github.com/dexidp/dex 3 mongoose 3 silverstripe/framework 3 ibexa/core 3 zendframework/zendframework1 3 pimcore/pimcore 3 org.jeecgframework.boot:jeecg-boot-base 3 slp-validate 3 org.apache.ignite:ignite-core 3 org.apache.storm:storm 3 com.alibaba:dubbo 3 com.jflyfox:jflyfox_jfinal 3 org.springframework.security:spring-security-core 3 lmdb 3 id-map 3 org.apache.hadoop:hadoop-common 3 publify_core 3 com.hazelcast:hazelcast 3 facade/ignition 3 org.apache.inlong:manager-web 3 typo3/cms 3 @openzeppelin/contracts-upgradeable 3 org.apache.logging.log4j:log4j-core 3 slpjs 3 strapi 3 ro.pippo:pippo-core 3 log4j:log4j 3 org.zenframework.z8.dependencies.commons:log4j-1.2.17 3 ezsystems/ezplatform-kernel 3 symfony/security-core 3 browserify-shim 3 org.xwiki.platform:xwiki-platform-icon-ui 3 nokogiri 3 org.apache.solr:solr-core 3 xcb 3 impresscms/impresscms 3 cobbler 3 handlebars 3 github.com/go-gitea/gitea 3 feathers-sequelize 3 codiad/codiad 3 org.apache.ozone:ozone-main 3 io.dataease:dataease-plugin-common 3 github.com/pterodactyl/wings 3 smarty/smarty 3 org.apache.jmeter:ApacheJMeter 3 rubygems-update 3 elefant/cms 3 io.undertow:undertow-core 3 org.apache.linkis:linkis 3 actix-web 3 craftcms/cms 3 adodb/adodb-php 3 ray 3 org.jenkins-ci.plugins.workflow:workflow-cps 3 francoisjacquet/rosariosis 3 org.apache.solr:solr-parent 3 org.richfaces:richfaces-core 3 org.jenkins-ci.plugins:active-directory 3 org.apache.any23:apache-any23 3 github.com/hashicorp/nomad 3 nadesiko3 2 ctx 2 org.apache.derby:derby 2 pyyaml 2 org.apache.commons:commons-configuration2 2 org.xwiki.platform:xwiki-platform-wiki-ui-mainwiki 2 @soketi/soketi 2 pdfkit 2 activerecord 2 electron 2 github.com/hashicorp/go-getter 2 firebase/php-jwt 2 mathjs 2 zoujingli/thinkadmin 2 Plone 2 org.apache.ranger:ranger 2 eslint-config-eslint 2 badaso/core 2 reportlab 2 org.apache.inlong:manager-dao 2 python-keystoneclient 2
Filter by Repository
https://github.com/xwiki/xwiki-platform 81 https://github.com/FasterXML/jackson-databind 24 https://github.com/jenkinsci/jenkins 17 https://github.com/Dolibarr/dolibarr 15 https://github.com/apache/airflow 14 https://github.com/saltstack/salt 14 https://github.com/PaddlePaddle/Paddle 11 https://github.com/mlflow/mlflow 11 https://github.com/ming-soft/MCMS 10 https://github.com/patriksimek/vm2 10 https://github.com/django/django 9 https://github.com/top-think/framework 9 https://github.com/funadmin/funadmin 9 https://github.com/jeecgboot/jeecg-boot 9 https://github.com/tensorflow/tensorflow 9 https://github.com/argoproj/argo-cd 8 https://github.com/langchain-ai/langchain 8 https://github.com/apache/inlong 8 https://github.com/ikus060/rdiffweb 8 https://github.com/magento/magento2 8 https://github.com/python-pillow/Pillow 7 https://github.com/Studio-42/elFinder 7 https://github.com/sequelize/sequelize 7 https://github.com/apache/struts 7 https://github.com/gogs/gogs 7 https://github.com/go-gitea/gitea 7 https://github.com/ansible/ansible 7 https://github.com/rusqlite/rusqlite 7 https://github.com/answerdev/answer 6 https://github.com/xwiki/xwiki-commons 6 https://github.com/symfony/symfony 6 https://github.com/thorsten/phpmyfaq 6 https://github.com/shenzhim/aaptjs 6 https://github.com/shopware/platform 6 https://github.com/parse-community/parse-server 6 https://github.com/apache/activemq 5 https://github.com/NodeBB/NodeBB 5 https://github.com/stealjs/steal 5 https://github.com/apache/tomcat 5 https://github.com/nervosnetwork/ckb 5 https://github.com/PrestaShop/PrestaShop 5 https://github.com/moodle/moodle 5 https://github.com/froxlor/froxlor 5 https://github.com/keycloak/keycloak 5 https://github.com/dromara/hutool 5 https://github.com/solidusio/solidus_auth_devise 5 https://github.com/hacksparrow/safe-eval 5 https://github.com/swagger-api/swagger-ui 4 https://github.com/janeczku/calibre-web 4 https://github.com/hwchase17/langchain 4 https://github.com/cloudfoundry/uaa 4 https://github.com/otake84/messagepack-rs 4 https://github.com/spring-projects/spring-framework 4 https://github.com/OpenTSDB/opentsdb 4 https://github.com/usememos/memos 4 https://github.com/pippo-java/pippo 4 https://github.com/servo/rust-smallvec 4 https://github.com/grafana/grafana 4 https://github.com/ezsystems/ezpublish-kernel 4 https://github.com/pyload/pyload 4 https://github.com/CVEProject/cvelist 4 https://github.com/liufee/cms 4 https://github.com/dompdf/dompdf 4 https://github.com/contao/contao 4 https://github.com/centreon/centreon-archived 3 https://github.com/shopware/shopware 3 https://github.com/modoboa/modoboa 3 https://github.com/rancher/rancher 3 https://github.com/PHPMailer/PHPMailer 3 https://github.com/publify/publify 3 https://github.com/facade/ignition 3 https://github.com/feathersjs-ecosystem/feathers-sequelize 3 https://github.com/cobbler/cobbler 3 https://github.com/thlorenz/browserify-shim 3 https://github.com/ImpressCMS/impresscms 3 https://github.com/opencast/opencast 3 https://github.com/pimcore/pimcore 3 https://github.com/star7th/showdoc 3 https://github.com/smarty-php/smarty 3 https://github.com/pterodactyl/wings 3 https://github.com/facebook/hermes 3 https://github.com/nukeviet/nukeviet 3 https://github.com/ezsystems/ezplatform-kernel 3 https://github.com/ibexa/core 3 https://github.com/simpleledger/slpjs 3 https://github.com/phpmyadmin/phpmyadmin 3 https://github.com/crewjam/saml 3 https://github.com/hazelcast/hazelcast 3 https://github.com/simplesamlphp/simplesamlphp 3 https://github.com/NVIDIA/NVFlare 3 https://github.com/chakra-core/ChakraCore 3 https://github.com/ADOdb/ADOdb 3 https://github.com/dataease/dataease 3 https://github.com/andrewhickman/id-map 3 https://github.com/rubygems/rubygems.org 3 https://github.com/twisted/twisted 3 https://github.com/rubygems/rubygems 3 https://github.com/mbechler/marshalsec 3 https://github.com/apache/camel 3 https://github.com/actix/actix-web 3 https://github.com/jflyfox/jfinal_cms 3 https://github.com/dwisiswant0/advisory 3 https://github.com/run-llama/llama_index 3 https://github.com/jbroadway/elefant 3 https://github.com/strapi/strapi 3 https://github.com/github/securitylab 3 https://github.com/shopware5/shopware 3 https://github.com/octobercms/october 3 https://github.com/denoland/deno 3 https://github.com/mautic/mautic 3 https://github.com/TeamSeri0us/pocs 3 https://github.com/dexidp/dex 3 https://github.com/LetianYuan/My-CVE-Public-References 3 https://github.com/neorazorx/facturascripts 3 https://github.com/apache/shiro 3 https://github.com/kjur/jsrsasign 3 https://github.com/baserproject/basercms 3 https://github.com/craftcms/cms 3 https://github.com/jfinal/jfinal 2 https://github.com/OpenAPITools/openapi-generator 2 https://github.com/jmrozanec/cron-utils 2 https://github.com/rubyzip/rubyzip 2 https://github.com/sjep/array 2 https://github.com/simpleledger/slp-validate.js 2 https://github.com/top-think/thinkphp 2 https://github.com/SAP/cloud-pysec 2 https://github.com/apache/kylin 2 https://github.com/TribalSystems/Zenario 2 https://github.com/vufind-org/vufind 2 https://github.com/totaljs/framework 2 https://github.com/stanfordnlp/corenlp 2 https://github.com/HtmlUnit/htmlunit 2 https://github.com/ahdinosaur/set-in 2 https://github.com/kubernetes/kubernetes 2 https://github.com/Microsoft/ChakraCore 2 https://github.com/MrSwitch/hello.js 2 https://github.com/evmos/evmos 2 https://github.com/ibexa/admin-ui 2 https://github.com/beego/beego 2 https://github.com/dominictarr/libnested 2 https://github.com/fluxcd/flux2 2 https://github.com/moby/buildkit 2 https://github.com/unshiftio/url-parse 2 https://github.com/sidorares/node-mysql2 2 https://github.com/noear/solon 2 https://github.com/h2database/h2database 2 https://github.com/firebase/php-jwt 2 https://github.com/netvl/acc_reader 2 https://github.com/russellhaering/gosaml2 2 https://github.com/jenkinsci/semantic-versioning-plugin 2 https://github.com/rest-client/rest-client 2 https://github.com/hashicorp/go-getter 2 https://github.com/qcubed/qcubed 2 https://github.com/nats-io/jwt 2 https://github.com/getgrav/grav 2 https://github.com/rochacbruno/quokka 2 https://github.com/graphite-project/graphite-web 2 https://github.com/rails/rails 2 https://github.com/uasoft-indonesia/badaso 2 https://github.com/apache/flume 2 https://github.com/Froxlor/Froxlor 2 https://github.com/PowerJob/PowerJob 2 https://github.com/TogaTech/tEnvoy 2 https://github.com/Gerapy/Gerapy 2 https://github.com/rust-random/rand 2 https://github.com/hashicorp/nomad 2 https://github.com/vert-x3/vertx-web 2 https://github.com/apache/karaf 2 https://github.com/nilsteampassnet/teampass 2 https://github.com/laurent22/joplin 2 https://github.com/sparklemotion/nokogiri 2 https://gitlab.com/francoisjacquet/rosariosis 2 https://github.com/dominictarr/event-stream 2 https://github.com/KnpLabs/snappy 2 https://github.com/silverstripe/silverstripe-framework 2 https://github.com/apache/incubator-streampark 2 https://github.com/swiftmailer/swiftmailer 2 https://github.com/SAP/cloud-security-services-integration-library 2 https://github.com/skoranga/node-dns-sync 2 https://github.com/commenthol/safer-eval 2 https://github.com/pytorch/serve 2 https://github.com/SAP/cloud-security-client-go 2 https://github.com/dfinity/agent-js 2 https://github.com/jaw187/node-traceroute 2 https://github.com/WWBN/AVideo 2 https://github.com/markevans/dragonfly 2 https://github.com/soketi/soketi 2 https://github.com/nilsteampassnet/TeamPass 2 https://github.com/line/armeria 2 https://github.com/gofiber/fiber 2 https://github.com/joomla/joomla-cms 2 https://github.com/OpenZeppelin/openzeppelin-contracts-upgradeable 2 https://github.com/benbusby/whoogle-search 2 https://github.com/google/flatbuffers 2 https://github.com/gventuri/pandas-ai 2 https://github.com/nodejs/llhttp 2 https://github.com/zoujingli/ThinkAdmin 2 https://github.com/Automattic/mongoose 2 https://github.com/handlebars-lang/handlebars.js 2