An open API service providing security vulnerability metadata for many open source software ecosystems.

Browse Security Advisories

Critical
4 days ago

Node-SAML SAML Authentication Bypass GSA_kwCzR0hTQS1tODM3LWcyNjgtbW12N84ABKey

npm @node-saml/node-saml, node-saml
Critical
8 days ago

nova-tiptap has Unauthenticated Arbitrary File Upload Vulnerability GSA_kwCzR0hTQS05NmMyLWg2NjctOWZ4cM4ABKWD

packagist manogi/nova-tiptap, marshmallow/nova-tiptap
Critical
14 days ago

XWiki Rendering is vulnerable to RCE attacks when processing nested macros GSA_kwCzR0hTQS0zMm1mLTU3aDItNjR4Oc4ABKHo

maven org.xwiki.rendering:xwiki-rendering-transformation-macro
Critical
about 1 month ago

Mattermost allows authenticated users to write files to arbitrary locations GSA_kwCzR0hTQS1xaDU4LTl2M2otd2NqY84ABJSQ

go github.com/mattermost/mattermost/server/v8, github.com/mattermost/mattermost-server
Critical
about 1 month ago

Langflow Unauth RCE GSA_kwCzR0hTQS1ydnF4LXdwZmgtbWZ4N84ABJHs

pypi langflow-base, langflow
Critical
about 1 month ago

Teleport allows remote authentication bypass GSA_kwCzR0hTQS04Y3F2LXBqN2YtcHdwY84ABJEa

go github.com/gravitational/teleport
Critical
about 2 months ago

XWiki allows SQL injection in query endpoint of REST API with Oracle GSA_kwCzR0hTQS1wcndoLTc4MzgteGY4Ms4ABJA4

maven org.xwiki.platform:xwiki-platform-oldcore
Critical
about 2 months ago

Magneto contains stored XSS vulnerability GSA_kwCzR0hTQS1qOTM0LXZqaDUtdmY5cs4ABI39

packagist magento/community-edition
Critical
about 2 months ago

GeoServer has improper ENTITY_RESOLUTION_ALLOWLIST URI validation in XML Processing (SSRF) GSA_kwCzR0hTQS1tYzQzLTRmcXItYzk2Nc4ABI3h

maven org.geoserver.main:gs-main, org.geoserver.web:gs-web-app
Critical
2 months ago

Argo CD allows cross-site scripting on repositories page GSA_kwCzR0hTQS0yaGo1LWc2NGctZnA2cM4ABIbo

go github.com/argoproj/argo-cd/v3, github.com/argoproj/argo-cd/v2, github.com/argoproj/argo-cd
Critical
2 months ago

Gardener External DNS Management allows malicious google credential in DNS secret to lead to privilege escalation GSA_kwCzR0hTQS14d2dnLW03ZngtODN3eM4ABIG2

go github.com/gardener/gardener-extension-shoot-dns-service, github.com/gardener/external-dns-management
Critical
3 months ago

Apache IoTDB Vulnerable to Remote Code Execution GSA_kwCzR0hTQS1mNHJxLWY0ajktZjZybc4ABH1f

pypi, maven apache-iotdb, org.apache.iotdb:iotdb-core
Critical
3 months ago

Traefik affected by Go HTTP Request Smuggling Vulnerability GSA_kwCzR0hTQS01NDIzLWpjam0tMmdwds4ABHCP

go github.com/traefik/traefik/v3, github.com/traefik/traefik/v2

Filter by Severity

Filter by Ecosystem

Filter by Package

magento/community-edition 38 dolibarr/dolibarr 25 com.fasterxml.jackson.core:jackson-databind 24 net.mingsoft:ms-mcms 19 org.jenkins-ci.main:jenkins-core 19 com.liferay.portal:release.dxp.bom 17 salt 17 moodle/moodle 16 com.liferay.portal:release.portal.bom 15 magento/project-community-edition 15 Django 14 drupal/core 14 topthink/framework 14 mlflow 14 org.apache.dubbo:dubbo 13 org.apache.struts:struts2-core 12 langchain 12 org.xwiki.platform:xwiki-platform-oldcore 12 magento/core 11 gogs.io/gogs 11 org.xwiki.platform:xwiki-platform-web-templates 10 drupal/drupal 10 vm2 10 phpmyadmin/phpmyadmin 10 apache-airflow 10 ansible 9 funadmin/funadmin 9 froxlor/froxlor 8 rdiffweb 8 github.com/argoproj/argo-cd 8 symfony/symfony 8 org.xwiki.platform:xwiki-platform-administration-ui 8 zendframework/zendframework1 8 shopware/platform 8 github.com/rancher/rancher 7 vllm 7 paddlepaddle 7 studio-42/elfinder 7 github.com/argoproj/argo-cd/v2 7 sequelize 7 parse-server 7 rusqlite 7 mautic/core 6 org.apache.shiro:shiro-core 6 craftcms/cms 6 org.jeecgframework.boot:jeecg-boot-common 6 github.com/answerdev/answer 6 org.apache.inlong:manager-pojo 6 mercurial 6 pillow 6 ezsystems/ezpublish-kernel 6 thorsten/phpmyfaq 6 pyload-ng 6 tensorflow 6 aaptjs 6 nilsteampassnet/teampass 6 typo3/cms 6 tensorflow-gpu 6 zendframework/zendframework 6 org.jeecgframework.boot:jeecg-boot-parent 5 steal 5 org.xwiki.platform:xwiki-platform-web 5 Microsoft.ChakraCore 5 github.com/hashicorp/vault 5 org.apache.tomcat.embed:tomcat-embed-core 5 librenms/librenms 5 github.com/mattermost/mattermost/server/v8 5 safe-eval 5 tensorflow-cpu 5 prestashop/prestashop 5 shopware/core 5 org.apache.openmeetings:openmeetings-parent 5 github.com/grafana/grafana 5 dompdf/dompdf 5 org.xwiki.commons:xwiki-commons-xml 5 nodebb 5 org.jenkins-ci.plugins:script-security 5 code.gitea.io/gitea 5 centreon/centreon 5 ckb 5 dbgpt 5 github.com/usememos/memos 4 messagepack-rs 4 ruby-saml 4 mongoose 4 smallvec 4 org.apache.inlong:manager-service 4 simplesamlphp/simplesamlphp 4 hermes-engine 4 showdoc/showdoc 4 org.jeecgframework.boot:jeecg-boot-base-core 4 langchain-experimental 4 org.xwiki.platform:xwiki-platform-appwithinminutes-ui 4 baserproject/basercms 4 org.xwiki.platform:xwiki-platform-search-ui 4 bentoml 4 realms-shim 4 org.xwiki.platform:xwiki-platform-flamingo-skin-resources 4 gradio 4 org.cloudfoundry.identity:cloudfoundry-identity-server 4 tribalsystems/zenario 4 calibreweb 4 contao/core-bundle 4 contao/contao 4 org.eclipse.jetty:jetty-server 4 org.apache.tapestry:tapestry-core 4 nukeviet/nukeviet 4 cobbler 4 openssl-src 4 org.apache.solr:solr-core 4 org.apache.ignite:ignite-core 4 shopware/shopware 4 nokogiri 4 feehi/cms 4 org.apache.kylin:kylin-server-base 4 net.opentsdb:opentsdb 4 aim 4 ait-core 4 org.apache.activemq:activemq-client 4 safer-eval 4 swagger-ui 4 apache-airflow-providers-apache-hive 4 org.apache.tomcat:tomcat-catalina 4 adodb/adodb-php 4 Pillow 4 silverstripe/framework 3 smarty/smarty 3 slpjs 3 slp-validate 3 namada-apps 3 github.com/cosmos/ibc-go 3 github.com/gofiber/fiber/v2 3 symfony/security 3 symfony/security-core 3 github.com/cosmos/ibc-go/v2 3 github.com/cosmos/ibc-go/v3 3 feathers-sequelize 3 org.springframework.security:spring-security-core 3 strapi 3 github.com/go-gitea/gitea 3 wwbn/avideo 3 browserify-shim 3 agentscope 3 org.apache.dolphinscheduler:dolphinscheduler 3 github.com/cosmos/ibc-go/v4 3 github.com/cosmos/ibc-go/v5 3 apache-submarine 3 github.com/cosmos/ibc-go/v6 3 github.com/cosmos/ibc-go/v7 3 github.com/cosmos/ibc-go/v8 3 github.com/pterodactyl/wings 3 org.apache.hadoop:hadoop-common 3 django 3 org.xwiki.platform:xwiki-platform-distribution-war 3 org.xwiki.platform:xwiki-platform-flamingo-theme-ui 3 dulwich 3 org.xwiki.platform:xwiki-platform-icon-ui 3 com.alibaba:dubbo 3 github.com/dexidp/dex 3 github.com/hashicorp/nomad 3 handlebars 3 xml-crypto 3 org.xwiki.platform:xwiki-platform-panels-ui 3 org.apache.inlong:manager-web 3 @openzeppelin/contracts-upgradeable 3 id-map 3 github.com/IceWhaleTech/CasaOS 3 llama-index 3 llama-index-core 3 lmdb 3 edu.stanford.nlp:stanford-corenlp 3 mitmproxy 3 org.apache.jmeter:ApacheJMeter 3 modoboa 3 io.dataease:dataease-plugin-common 3 nvflare 3 org.zenframework.z8.dependencies.commons:log4j-1.2.17 3 org.jeecgframework.boot:jeecg-boot-base 3 alextselegidis/easyappointments 3 ro.pippo:pippo-core 3 PaddlePaddle 3 pandasai 3 Plone 3 org.jeecgframework.boot:jeecg-module-system 3 org.jenkins-ci.plugins:active-directory 3 org.apache.linkis:linkis 3 github.com/beego/beego 3 org.apache.logging.log4j:log4j-core 3 github.com/beego/beego/v2 3 codeigniter4/framework 3 codeigniter/framework 3 codiad/codiad 3 pyyaml 3 ray 3 jsrsasign 3 org.jenkins-ci.plugins.workflow:workflow-cps 3 elefant/cms 3 ezsystems/ezplatform-kernel 3 org.apache.ozone:ozone-main 3 SQLAlchemy 3

Filter by Repository

https://github.com/xwiki/xwiki-platform 98 https://github.com/FasterXML/jackson-databind 24 https://github.com/jenkinsci/jenkins 18 https://github.com/apache/airflow 16 https://github.com/Dolibarr/dolibarr 15 https://github.com/django/django 15 https://github.com/mlflow/mlflow 14 https://github.com/saltstack/salt 13 https://github.com/langchain-ai/langchain 12 https://github.com/gogs/gogs 11 https://github.com/apache/inlong 10 https://github.com/patriksimek/vm2 10 https://github.com/argoproj/argo-cd 10 https://github.com/ming-soft/MCMS 10 https://github.com/magento/magento2 10 https://github.com/top-think/framework 9 https://github.com/funadmin/funadmin 9 https://github.com/python-pillow/Pillow 9 https://github.com/jeecgboot/jeecg-boot 9 https://github.com/PaddlePaddle/Paddle 9 https://github.com/ansible/ansible 8 https://github.com/apache/struts 8 https://github.com/go-gitea/gitea 8 https://github.com/ikus060/rdiffweb 8 https://github.com/rancher/rancher 7 https://github.com/sequelize/sequelize 7 https://github.com/apache/tomcat 7 https://github.com/Studio-42/elFinder 7 https://github.com/rusqlite/rusqlite 7 https://github.com/symfony/symfony 7 https://github.com/run-llama/llama_index 7 https://github.com/parse-community/parse-server 7 https://github.com/pyload/pyload 6 https://github.com/answerdev/answer 6 https://github.com/tensorflow/tensorflow 6 https://github.com/thorsten/phpmyfaq 6 https://github.com/xwiki/xwiki-commons 6 https://github.com/dompdf/dompdf 6 https://github.com/shenzhim/aaptjs 6 https://github.com/shopware/platform 6 https://github.com/keycloak/keycloak 5 https://github.com/craftcms/cms 5 https://github.com/NodeBB/NodeBB 5 https://github.com/auth0/auth0-PHP 5 https://github.com/hacksparrow/safe-eval 5 https://github.com/froxlor/froxlor 5 https://github.com/dromara/hutool 5 https://github.com/PrestaShop/PrestaShop 5 https://github.com/SAML-Toolkits/ruby-saml 5 https://github.com/spring-projects/spring-framework 5 https://github.com/twisted/twisted 5 https://github.com/stealjs/steal 5 https://github.com/apache/activemq 5 https://github.com/moodle/moodle 5 https://github.com/vllm-project/vllm 5 https://github.com/nervosnetwork/ckb 5 https://github.com/grafana/grafana 5 https://github.com/swagger-api/swagger-ui 4 https://github.com/liferay/liferay-portal 4 https://github.com/otake84/messagepack-rs 4 https://github.com/servo/rust-smallvec 4 https://github.com/dataease/dataease 4 https://github.com/cobbler/cobbler 4 https://github.com/hwchase17/langchain 4 https://github.com/nilsteampassnet/TeamPass 4 https://github.com/xwiki/xwiki-rendering 4 https://github.com/ezsystems/ezpublish-kernel 4 https://github.com/janeczku/calibre-web 4 https://github.com/gradio-app/gradio 4 https://github.com/liufee/cms 4 https://github.com/phpmyadmin/phpmyadmin 4 https://github.com/OpenTSDB/opentsdb 4 https://github.com/usememos/memos 4 https://github.com/cloudfoundry/uaa 4 https://github.com/kubernetes/kubernetes 4 https://github.com/mautic/mautic 4 https://github.com/ADOdb/ADOdb 4 https://github.com/contao/contao 4 https://github.com/CVEProject/cvelist 4 https://github.com/pippo-java/pippo 4 https://github.com/star7th/showdoc 4 https://github.com/dexidp/dex 3 https://github.com/jbroadway/elefant 3 https://github.com/strapi/strapi 3 https://github.com/bentoml/BentoML 3 https://github.com/centreon/centreon-archived 3 https://github.com/pytorch/pytorch 3 https://github.com/dwisiswant0/advisory 3 https://github.com/apache/shiro 3 https://github.com/shopware/shopware 3 https://github.com/PHPMailer/PHPMailer 3 https://github.com/beego/beego 3 https://github.com/feathersjs-ecosystem/feathers-sequelize 3 https://github.com/anoma/namada 3 https://github.com/LetianYuan/My-CVE-Public-References 3 https://github.com/pgadmin-org/pgadmin4 3 https://github.com/pterodactyl/wings 3 https://github.com/baserproject/basercms 3 https://github.com/ImpressCMS/impresscms 3 https://github.com/thlorenz/browserify-shim 3 https://github.com/librenms/librenms 3 https://github.com/mitmproxy/mitmproxy 3 https://github.com/simpleledger/slpjs 3 https://github.com/simplesamlphp/simplesamlphp 3 https://github.com/opencast/opencast 3 https://github.com/node-saml/xml-crypto 3 https://github.com/jflyfox/jfinal_cms 3 https://github.com/pytorch/serve 3 https://github.com/codeigniter4/CodeIgniter4 3 https://github.com/neorazorx/facturascripts 3 https://github.com/rubygems/rubygems.org 3 https://github.com/cosmos/ibc-go 3 https://github.com/eosphoros-ai/DB-GPT 3 https://github.com/github/securitylab 3 https://github.com/pimcore/pimcore 3 https://github.com/crewjam/saml 3 https://github.com/nukeviet/nukeviet 3 https://github.com/ezsystems/ezplatform-kernel 3 https://github.com/TeamSeri0us/pocs 3 https://github.com/apache/camel 3 https://github.com/NVIDIA/NVFlare 3 https://github.com/denoland/deno 3 https://github.com/octobercms/october 3 https://github.com/actix/actix-web 3 https://github.com/geoserver/geoserver 3 https://github.com/facade/ignition 3 https://github.com/vyperlang/vyper 3 https://github.com/facebook/hermes 3 https://github.com/rubygems/rubygems 3 https://github.com/ibexa/core 3 https://github.com/gofiber/fiber 3 https://github.com/TribalSystems/Zenario 3 https://github.com/apache/dolphinscheduler 3 https://github.com/yaml/pyyaml 3 https://github.com/Automattic/mongoose 3 https://github.com/sparklemotion/nokogiri 3 https://github.com/andrewhickman/id-map 3 https://github.com/kjur/jsrsasign 3 https://github.com/ray-project/ray 3 https://github.com/NASA-AMMOS/AIT-Core 3 https://github.com/publify/publify 3 https://github.com/shopware5/shopware 3 https://github.com/chakra-core/ChakraCore 3 https://github.com/sqlalchemy/sqlalchemy 3 https://github.com/hazelcast/hazelcast 3 https://github.com/mbechler/marshalsec 3 https://github.com/modoboa/modoboa 3 https://github.com/smarty-php/smarty 3 https://github.com/rest-client/rest-client 2 https://github.com/vufind-org/vufind 2 https://github.com/uasoft-indonesia/badaso 2 https://github.com/totaljs/framework 2 https://github.com/RaspAP/raspap-webgui 2 https://github.com/simpleledger/slp-validate.js 2 https://github.com/russellhaering/gosaml2 2 https://github.com/Microsoft/ChakraCore 2 https://github.com/nats-io/jwt 2 https://github.com/Admidio/admidio 2 https://github.com/getgrav/grav 2 https://github.com/top-think/thinkphp 2 https://github.com/modelscope/agentscope 2 https://github.com/nats-io/nats-server 2 https://github.com/torrentpier/torrentpier 2 https://github.com/ahdinosaur/set-in 2 https://github.com/spring-projects/spring-security 2 https://github.com/HtmlUnit/htmlunit 2 https://github.com/apache/kylin 2 https://github.com/stanfordnlp/corenlp 2 https://github.com/qcubed/qcubed 2 https://github.com/hashicorp/go-getter 2 https://github.com/libxmljs/libxmljs 2 https://github.com/dfinity/agent-js 2 https://github.com/zoujingli/ThinkAdmin 2 https://github.com/aimhubio/aim 2 https://github.com/solidusio/solidus_auth_devise 2 https://github.com/cheqd/cheqd-node 2 https://github.com/qdrant/qdrant 2 https://github.com/keystonejs/keystone 2 https://github.com/sjep/array 2 https://github.com/lightning-ai/pytorch-lightning 2 https://github.com/OpenAPITools/openapi-generator 2 https://github.com/handlebars-lang/handlebars.js 2 https://github.com/nuxt/nuxt 2 https://github.com/hashicorp/vault 2 https://github.com/Pylons/waitress 2 https://github.com/ionicabizau/parse-url 2 https://github.com/node-saml/node-saml 2 https://github.com/joomla/joomla-cms 2 https://github.com/OpenZeppelin/openzeppelin-contracts-upgradeable 2 https://github.com/jelmer/dulwich 2 https://github.com/line/armeria 2 https://github.com/benbusby/whoogle-search 2 https://github.com/markevans/dragonfly 2 https://github.com/soketi/soketi 2 https://github.com/FlowiseAI/Flowise 2 https://github.com/mattermost/mattermost-plugin-boards 2 https://github.com/google/flatbuffers 2 https://github.com/anymail/django-anymail 2 https://github.com/gventuri/pandas-ai 2