Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Critical Security Advisories
Loading...
Critical
Ecosystems: packagist
Packages: mdanter/ecc
Source: GitHub Advisory Database
Blast Radius: 24.9
Published: about 20 hours ago
GSA_kwCzR0hTQS0zNDZoLTc0OWotcjI4d84AA7UE
PHPECC vulnerable to multiple cryptographic side-channel attacksEcosystems: packagist
Packages: mdanter/ecc
Source: GitHub Advisory Database
Blast Radius: 24.9
Published: about 20 hours ago
Critical
Ecosystems: pypi
Packages: pyload-ng
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 1 day ago
GSA_kwCzR0hTQS0zZjd3LXA4dnItNHY1Zs4AA7Ss
pyLoad allows upload to arbitrary folder lead to RCEEcosystems: pypi
Packages: pyload-ng
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 1 day ago
Critical
Ecosystems: go
Packages: github.com/go-gitea/gitea
Source: GitHub Advisory Database
Blast Radius: 15.8
Published: 2 days ago
GSA_kwCzR0hTQS1yN2g3LWNoaDQtNXJ2bc4AA7Sn
Improper Access Control in GiteaEcosystems: go
Packages: github.com/go-gitea/gitea
Source: GitHub Advisory Database
Blast Radius: 15.8
Published: 2 days ago
Critical
Ecosystems: go
Packages: kubevirt.io/kubevirt
Source: GitHub Advisory Database
Blast Radius: 16.3
Published: 2 days ago
GSA_kwCzR0hTQS04MjhyLXIyYzgtcmZ3M84AA7Sl
Privilege Escalation in kubevirtEcosystems: go
Packages: kubevirt.io/kubevirt
Source: GitHub Advisory Database
Blast Radius: 16.3
Published: 2 days ago
Critical
Ecosystems: packagist
Packages: zendframework/zendframework, zendframework/zend-db, zendframework/zendframework1
Source: GitHub Advisory Database
Blast Radius: 38.2
Published: 3 days ago
GSA_kwCzR0hTQS1xaDl3LXI3ZzUtcTkzOc4AA7QZ
Zend Framework SQL injection vulnerabilityEcosystems: packagist
Packages: zendframework/zendframework, zendframework/zend-db, zendframework/zendframework1
Source: GitHub Advisory Database
Blast Radius: 38.2
Published: 3 days ago
Critical
Ecosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 36.5
Published: 3 days ago
GSA_kwCzR0hTQS0yOTd4LWo5cG0teGpnZ84AA7QY
Drupal Core Remote Code Execution VulnerabilityEcosystems: packagist
Packages: drupal/drupal, drupal/core
Source: GitHub Advisory Database
Blast Radius: 36.5
Published: 3 days ago
Critical
Ecosystems: maven
Packages: org.open-metadata:openmetadata-service
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 days ago
GSA_kwCzR0hTQS03dmY0LXg1bTItcjZncs4AA7QP
OpenMetadata vulnerable to SpEL Injection in `PUT /api/v1/policies` (`GHSL-2023-252`)Ecosystems: maven
Packages: org.open-metadata:openmetadata-service
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 days ago
Critical
Ecosystems: npm
Packages: mysql2
Source: GitHub Advisory Database
Blast Radius: 50.0
Published: 3 days ago
GSA_kwCzR0hTQS00cmNoLTJmaDgtOTR2d84AA7Pp
MySQL2 for Node Arbitrary Code InjectionEcosystems: npm
Packages: mysql2
Source: GitHub Advisory Database
Blast Radius: 50.0
Published: 3 days ago
Critical
Ecosystems: maven
Packages: org.apache.hugegraph:hugegraph-core, org.apache.hugegraph:hugegraph-api
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 4 days ago
GSA_kwCzR0hTQS0yOXJjLXZxN2YteDMzNc4AA7O2
Apache HugeGraph-Server: Command execution in gremlinEcosystems: maven
Packages: org.apache.hugegraph:hugegraph-core, org.apache.hugegraph:hugegraph-api
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 4 days ago
Critical
Ecosystems: go
Packages: github.com/evmos/evmos/v11
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 9 days ago
GSA_kwCzR0hTQS12NnJ3LWhoZ2ctd2M0eM4AA7I5
Evmos vulnerable to DOS and transaction fee expropiation through Authz exploitEcosystems: go
Packages: github.com/evmos/evmos/v11
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 9 days ago
Critical
Ecosystems: pypi
Packages: llama-index-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 11 days ago
GSA_kwCzR0hTQS1yNmdwLXJmZjItcDNoZs4AA7Ca
llama-index-core Command Injection vulnerabilityEcosystems: pypi
Packages: llama-index-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 11 days ago
Critical
Ecosystems: pypi
Packages: mlflow
Source: GitHub Advisory Database
Blast Radius: 34.5
Published: 11 days ago
GSA_kwCzR0hTQS1ocTg4LXdnN3EtZ3A0Z84AA7CC
mlflow vulnerable to Path TraversalEcosystems: pypi
Packages: mlflow
Source: GitHub Advisory Database
Blast Radius: 34.5
Published: 11 days ago
Critical
Ecosystems: pypi
Packages: bentoml
Source: GitHub Advisory Database
Blast Radius: 26.4
Published: 11 days ago
GSA_kwCzR0hTQS1odmo1LW12dzktOTNqM84AA7CZ
Insecure deserialization in BentoMLEcosystems: pypi
Packages: bentoml
Source: GitHub Advisory Database
Blast Radius: 26.4
Published: 11 days ago
Critical
Ecosystems: pypi
Packages: zenml
Source: GitHub Advisory Database
Blast Radius: 16.3
Published: 11 days ago
GSA_kwCzR0hTQS02aDNmLTQzdnEtNTNoas4AA7CV
Directory traversal in zenmlEcosystems: pypi
Packages: zenml
Source: GitHub Advisory Database
Blast Radius: 16.3
Published: 11 days ago
Critical
Ecosystems: npm
Packages: mysql2
Source: GitHub Advisory Database
Blast Radius: 50.0
Published: 15 days ago
GSA_kwCzR0hTQS1mcHc3LWoyaGctNjl2Nc4AA66u
mysql2 Remote Code Execution (RCE) via the readCodeFor functionEcosystems: npm
Packages: mysql2
Source: GitHub Advisory Database
Blast Radius: 50.0
Published: 15 days ago
Critical
Ecosystems: go
Packages: github.com/tharsis/evmos/v5, github.com/tharsis/evmos/v4, github.com/tharsis/evmos/v3, github.com/tharsis/evmos/v2, github.com/tharsis/evmos, github.com/evmos/evmos/v5, github.com/evmos/evmos/v6, github.com/evmos/evmos/v7, github.com/evmos/evmos/v16
Source: GitHub Advisory Database
Blast Radius: 5.5
Published: 16 days ago
GSA_kwCzR0hTQS0zZnA1LTJ4d2gtZnhtNs4AA657
Evmos transaction execution not accounting for all state transition after interaction with precompilesEcosystems: go
Packages: github.com/tharsis/evmos/v5, github.com/tharsis/evmos/v4, github.com/tharsis/evmos/v3, github.com/tharsis/evmos/v2, github.com/tharsis/evmos, github.com/evmos/evmos/v5, github.com/evmos/evmos/v6, github.com/evmos/evmos/v7, github.com/evmos/evmos/v16
Source: GitHub Advisory Database
Blast Radius: 5.5
Published: 16 days ago
Critical
Ecosystems: pypi
Packages: llama-index-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 16 days ago
GSA_kwCzR0hTQS13dnB4LWc0MjctcTl3Y84AA64y
llama-index-core Prompt Injection vulnerability leading to Arbitrary Code ExecutionEcosystems: pypi
Packages: llama-index-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 16 days ago
Critical
Ecosystems: pypi
Packages: litellm
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 16 days ago
GSA_kwCzR0hTQS00NmNtLXBmd3YtY2dmOM4AA64p
LiteLLM has Server-Side Template Injection vulnerability in /completions endpointEcosystems: pypi
Packages: litellm
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 16 days ago
Critical
Ecosystems: go
Packages: github.com/go-skynet/LocalAI
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 16 days ago
GSA_kwCzR0hTQS13eDQzLWc1NWctMmpmNM4AA64K
LocalAI Command Injection in audioToWavEcosystems: go
Packages: github.com/go-skynet/LocalAI
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 16 days ago
Critical
Ecosystems: pypi
Packages: aim
Source: GitHub Advisory Database
Blast Radius: 20.9
Published: 16 days ago
GSA_kwCzR0hTQS1teHZ3LWNqMzctOGcyaM4AA64v
Aim Web API vulnerable to Remote Code ExecutionEcosystems: pypi
Packages: aim
Source: GitHub Advisory Database
Blast Radius: 20.9
Published: 16 days ago
Critical
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-uiextension-api
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 16 days ago
GSA_kwCzR0hTQS1jMmdnLTRncTQtanY1as4AA630
XWiki Platform remote code execution from account through UIExtension parametersEcosystems: maven
Packages: org.xwiki.platform:xwiki-platform-uiextension-api
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 16 days ago
Critical
Ecosystems: maven
Packages: org.xwiki.commons:xwiki-commons-velocity
Source: GitHub Advisory Database
Blast Radius: 18.1
Published: 16 days ago
GSA_kwCzR0hTQS1oZjQzLTQ3cTQtZmhxNc4AA63z
XWiki Commons missing escaping of `{` in Velocity escapetool allows remote code executionEcosystems: maven
Packages: org.xwiki.commons:xwiki-commons-velocity
Source: GitHub Advisory Database
Blast Radius: 18.1
Published: 16 days ago
Critical
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-realtime-ui
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 16 days ago
GSA_kwCzR0hTQS1yNXZoLWdjM3ItcjI0d84AA63v
XWiki Platform CSRF remote code execution through the realtime HTML Converter APIEcosystems: maven
Packages: org.xwiki.platform:xwiki-platform-realtime-ui
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 16 days ago
Critical
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-oldcore
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 16 days ago
GSA_kwCzR0hTQS1jdjU1LXY2cnctN3I1ds4AA63u
XWiki Platform remote code execution from account via custom skins supportEcosystems: maven
Packages: org.xwiki.platform:xwiki-platform-oldcore
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 16 days ago
Critical
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-scheduler-ui
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 16 days ago
GSA_kwCzR0hTQS0zN200LWhxeHYtdzI2Z84AA63t
XWiki Platform CSRF remote code execution through scheduler job's document referenceEcosystems: maven
Packages: org.xwiki.platform:xwiki-platform-scheduler-ui
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 16 days ago
Critical
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-search-solr-ui
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 16 days ago
GSA_kwCzR0hTQS14bTRoLTNqeHItbTNjNs4AA63r
XWiki Platform: Remote code execution through space title and Solr space facetEcosystems: maven
Packages: org.xwiki.platform:xwiki-platform-search-solr-ui
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 16 days ago
Critical
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-localization-source-wiki
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 16 days ago
GSA_kwCzR0hTQS14eHAyLTljOWctN3dtas4AA63q
XWiki Platform: Remote code execution from edit in multilingual wikis via translationsEcosystems: maven
Packages: org.xwiki.platform:xwiki-platform-localization-source-wiki
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 16 days ago
Critical
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-search-ui
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 16 days ago
GSA_kwCzR0hTQS0yODU4LThjZngtNjltOc4AA63p
XWiki Platform: Remote code execution as guest via DatabaseSearchEcosystems: maven
Packages: org.xwiki.platform:xwiki-platform-search-ui
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 16 days ago
Critical
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-oldcore
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 16 days ago
GSA_kwCzR0hTQS12eHdyLXdwanYtcWpxN84AA63o
XWiki Platform: Privilege escalation (PR) from user registration through PDFClassEcosystems: maven
Packages: org.xwiki.platform:xwiki-platform-oldcore
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 16 days ago
Critical
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-search-ui
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 16 days ago
GSA_kwCzR0hTQS0zNGZqLXI1Z3EtNzM5Nc4AA63n
XWiki Platform: Remote code execution from account via SearchSuggestSourceSheetEcosystems: maven
Packages: org.xwiki.platform:xwiki-platform-search-ui
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 16 days ago
Critical
Ecosystems: maven
Packages: org.apache.zeppelin:zeppelin-jdbc
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 17 days ago
GSA_kwCzR0hTQS02Nmo4LWM4M20tZ2o1Zs4AA6wb
Apache Zeppelin remote code execution by adding malicious JDBC connection stringEcosystems: maven
Packages: org.apache.zeppelin:zeppelin-jdbc
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 17 days ago
Critical
Ecosystems: go
Packages: github.com/cosmos/ibc-go, github.com/cosmos/ibc-go/v2, github.com/cosmos/ibc-go/v3, github.com/cosmos/ibc-go/v8, github.com/cosmos/ibc-go/v7, github.com/cosmos/ibc-go/v6, github.com/cosmos/ibc-go/v5, github.com/cosmos/ibc-go/v4
Source: GitHub Advisory Database
Blast Radius: 24.8
Published: 21 days ago
GSA_kwCzR0hTQS1qNDk2LWNyZ2gtMzRteM4AA6qW
ibc-go: Potential Reentrancy using Timeout Callbacks in ibc-hooksEcosystems: go
Packages: github.com/cosmos/ibc-go, github.com/cosmos/ibc-go/v2, github.com/cosmos/ibc-go/v3, github.com/cosmos/ibc-go/v8, github.com/cosmos/ibc-go/v7, github.com/cosmos/ibc-go/v6, github.com/cosmos/ibc-go/v5, github.com/cosmos/ibc-go/v4
Source: GitHub Advisory Database
Blast Radius: 24.8
Published: 21 days ago
Critical
Ecosystems: cargo
Packages: transpose
Source: GitHub Advisory Database
Blast Radius: 28.5
Published: 21 days ago
GSA_kwCzR0hTQS01Z21tLTZtMzYtcjdqaM4AA6qS
transpose: Buffer overflow due to integer overflowEcosystems: cargo
Packages: transpose
Source: GitHub Advisory Database
Blast Radius: 28.5
Published: 21 days ago
Critical
Ecosystems: npm
Packages: maildev
Source: GitHub Advisory Database
Blast Radius: 24.5
Published: 21 days ago
GSA_kwCzR0hTQS12YzZxLWNjajktOXI4Oc4AA6py
MailDev Remote Code ExecutionEcosystems: npm
Packages: maildev
Source: GitHub Advisory Database
Blast Radius: 24.5
Published: 21 days ago
Critical
Ecosystems: packagist
Packages: gleez/cms
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 23 days ago
GSA_kwCzR0hTQS03bXhnLXI3NnAtMzYzZ84AA6kT
Gleez Cms Server Side Request Forgery (SSRF) vulnerabilityEcosystems: packagist
Packages: gleez/cms
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 23 days ago
Critical
Ecosystems: pypi
Packages: jupyter-server-proxy
Source: GitHub Advisory Database
Blast Radius: 24.2
Published: about 1 month ago
GSA_kwCzR0hTQS13M3ZjLWZ4OXAtd3A0ds4AA6JP
Jupyter Server Proxy's Websocket Proxying does not require authenticationEcosystems: pypi
Packages: jupyter-server-proxy
Source: GitHub Advisory Database
Blast Radius: 24.2
Published: about 1 month ago
Critical
Ecosystems: npm
Packages: parse-server
Source: GitHub Advisory Database
Blast Radius: 28.1
Published: about 1 month ago
GSA_kwCzR0hTQS02aGg3LTQ2cjItdmYyOc4AA6JD
Server crashes on invalid Cloud Function or Cloud Job nameEcosystems: npm
Packages: parse-server
Source: GitHub Advisory Database
Blast Radius: 28.1
Published: about 1 month ago
Critical
Ecosystems: go
Packages: github.com/argoproj/argo-cd/v2, github.com/argoproj/argo-cd
Source: GitHub Advisory Database
Blast Radius: 19.7
Published: about 1 month ago
GSA_kwCzR0hTQS1qd3Y1LThtcXYtZzM4N84AA6CM
Cross-site scripting on application summary componentEcosystems: go
Packages: github.com/argoproj/argo-cd/v2, github.com/argoproj/argo-cd
Source: GitHub Advisory Database
Blast Radius: 19.7
Published: about 1 month ago
Critical
Ecosystems: go
Packages: github.com/pterodactyl/wings
Source: GitHub Advisory Database
Blast Radius: 3.0
Published: about 1 month ago
GSA_kwCzR0hTQS00OTRoLTk5MjQteHd3Oc4AA6B3
Pterodactyl Wings vulnerable to improper isolation of server file accessEcosystems: go
Packages: github.com/pterodactyl/wings
Source: GitHub Advisory Database
Blast Radius: 3.0
Published: about 1 month ago
Critical
Ecosystems: rubygems
Packages: discordrb
Source: GitHub Advisory Database
Blast Radius: 24.7
Published: about 1 month ago
GSA_kwCzR0hTQS04ODMyLTRtbTUteDJyNs4AA6Aa
discordrb OS Command Injection vulnerabilityEcosystems: rubygems
Packages: discordrb
Source: GitHub Advisory Database
Blast Radius: 24.7
Published: about 1 month ago
Critical
Ecosystems: pypi
Packages: whoogle-search
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 month ago
GSA_kwCzR0hTQS0zcTZnLXFtcHgtcnF3NM4AA6AY
Whoogle Search Server-Side Request Forgery vulnerabilityEcosystems: pypi
Packages: whoogle-search
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 month ago
Critical
Ecosystems: pypi
Packages: whoogle-search
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 month ago
GSA_kwCzR0hTQS1xOTdnLWMyOWgteDJwN84AA6Ab
Whoogle Search Path Traversal vulnerabilityEcosystems: pypi
Packages: whoogle-search
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 month ago
Critical
Ecosystems: pypi
Packages: pgAdmin4
Source: GitHub Advisory Database
Blast Radius: 17.1
Published: about 2 months ago
GSA_kwCzR0hTQS1yajk4LWNyZjQtZzY5d84AA51E
pgAdmin 4 vulnerable to Unsafe Deserialization and Remote Code Execution by an Authenticated userEcosystems: pypi
Packages: pgAdmin4
Source: GitHub Advisory Database
Blast Radius: 17.1
Published: about 2 months ago
Critical
Ecosystems: cargo
Packages: wasmi
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
GSA_kwCzR0hTQS03NWpwLXZxOHgtaDRjcc4AA501
Wasmi Out-of-bounds Write for host to Wasm calls with more than 128 ParametersEcosystems: cargo
Packages: wasmi
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
Critical
Ecosystems: pypi
Packages: paddlepaddle
Source: GitHub Advisory Database
Blast Radius: 30.4
Published: about 2 months ago
GSA_kwCzR0hTQS0ycnA4LWhmZjktYzV3cs4AA50x
PaddlePaddle Path Traversal vulnerabilityEcosystems: pypi
Packages: paddlepaddle
Source: GitHub Advisory Database
Blast Radius: 30.4
Published: about 2 months ago
Critical
Ecosystems: pypi
Packages: paddlepaddle
Source: GitHub Advisory Database
Blast Radius: 31.4
Published: about 2 months ago
GSA_kwCzR0hTQS1tcm1tLXFtcmoteGdwNs4AA50i
PaddlePaddle vulnerable to remote code executionEcosystems: pypi
Packages: paddlepaddle
Source: GitHub Advisory Database
Blast Radius: 31.4
Published: about 2 months ago
Critical
Ecosystems: pypi
Packages: paddlepaddle
Source: GitHub Advisory Database
Blast Radius: 31.1
Published: about 2 months ago
GSA_kwCzR0hTQS1xcXYyLTM1cTgtcDJnMs4AA50P
PaddlePaddle command injection in paddle.utils.download._wget_downloadEcosystems: pypi
Packages: paddlepaddle
Source: GitHub Advisory Database
Blast Radius: 31.1
Published: about 2 months ago
Critical
Ecosystems: pypi
Packages: paddlepaddle
Source: GitHub Advisory Database
Blast Radius: 31.1
Published: about 2 months ago
GSA_kwCzR0hTQS1maDU0LTN2aGctbXBjMs4AA5z7
PaddlePaddle command injection vulnerabilityEcosystems: pypi
Packages: paddlepaddle
Source: GitHub Advisory Database
Blast Radius: 31.1
Published: about 2 months ago
Critical
Ecosystems: packagist
Packages: getgrav/grav
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
GSA_kwCzR0hTQS1mNmcyLWg3cXYtM201ds4AA5zK
Remote Code Execution by uploading a phar file using frontmatterEcosystems: packagist
Packages: getgrav/grav
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
Critical
Ecosystems: packagist
Packages: shopware/platform, shopware/storefront
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
GSA_kwCzR0hTQS1jMmY5LTRqbW0tdjQ1bc4AA5zD
Shopware's session is persistent in Cache for 404 pagesEcosystems: packagist
Packages: shopware/platform, shopware/storefront
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
Critical
Ecosystems: npm
Packages: @tomphttp/bare-server-node
Source: GitHub Advisory Database
Blast Radius: 26.2
Published: about 2 months ago
GSA_kwCzR0hTQS04NmZjLWY5Z3ItdjUzM84AA5xc
HTTP Handling Vulnerability in the Bare serverEcosystems: npm
Packages: @tomphttp/bare-server-node
Source: GitHub Advisory Database
Blast Radius: 26.2
Published: about 2 months ago
Critical
Ecosystems: npm
Packages: jsonata
Source: GitHub Advisory Database
Blast Radius: 35.8
Published: about 2 months ago
GSA_kwCzR0hTQS1mcWc4LXZmdjctOGZqOM4AA5wD
JSONata expression can pollute the "Object" prototypeEcosystems: npm
Packages: jsonata
Source: GitHub Advisory Database
Blast Radius: 35.8
Published: about 2 months ago
Critical
Ecosystems: go
Packages: github.com/zeromicro/go-zero
Source: GitHub Advisory Database
Blast Radius: 25.2
Published: about 2 months ago
GSA_kwCzR0hTQS1mZ3h2LWd3NTUtcjVmcc4AA5wB
Authorization Bypass Through User-Controlled Key in go-zeroEcosystems: go
Packages: github.com/zeromicro/go-zero
Source: GitHub Advisory Database
Blast Radius: 25.2
Published: about 2 months ago
Critical
Ecosystems: npm
Packages: @budibase/server
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
GSA_kwCzR0hTQS00ZzJ4LXZxNXAtNXZqNs4AA5sL
Budibase affected by VM2 Constructor Escape VulnerabilityEcosystems: npm
Packages: @budibase/server
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
Critical
Ecosystems: npm
Packages: parse-server
Source: GitHub Advisory Database
Blast Radius: 30.8
Published: about 2 months ago
GSA_kwCzR0hTQS02OTI3LTN2cjktZnhmMs4AA5sK
ZDI-CAN-19105: Parse Server literalizeRegexPart SQL InjectionEcosystems: npm
Packages: parse-server
Source: GitHub Advisory Database
Blast Radius: 30.8
Published: about 2 months ago
Critical
Ecosystems: pypi
Packages: Flask-AppBuilder
Source: GitHub Advisory Database
Blast Radius: 25.2
Published: about 2 months ago
GSA_kwCzR0hTQS1qMnB3LXZwNTUtZnFxas4AA5l1
Flask-AppBuilder vulnerable to incorrect authentication when using auth type OpenIDEcosystems: pypi
Packages: Flask-AppBuilder
Source: GitHub Advisory Database
Blast Radius: 25.2
Published: about 2 months ago
Critical
Ecosystems: go
Packages: github.com/edgelesssys/marblerun
Source: GitHub Advisory Database
Blast Radius: 5.5
Published: about 2 months ago
GSA_kwCzR0hTQS14NXI1LTJxcngtcnFqOM4AA5ik
Transparent TLS may not be applied to Marbles with certain manifest configurationsEcosystems: go
Packages: github.com/edgelesssys/marblerun
Source: GitHub Advisory Database
Blast Radius: 5.5
Published: about 2 months ago
Critical
Ecosystems: npm
Packages: @nfid/embed
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
GSA_kwCzR0hTQS04NGMzLWo4cjItbWNtOM4AA5gp
@nfid/embed has compromised private key due to @dfinity/auth-client producing insecure session keysEcosystems: npm
Packages: @nfid/embed
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
Critical
Ecosystems: maven
Packages: com.linecorp.centraldogma:centraldogma-server-auth-saml
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 months ago
GSA_kwCzR0hTQS1oeDVxLXY2cGotNTMzcs4AA5go
SAML authentication bypass due to missing validation on unsigned SAML messagesEcosystems: maven
Packages: com.linecorp.centraldogma:centraldogma-server-auth-saml
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 months ago
Critical
Ecosystems: maven
Packages: com.linecorp.armeria:armeria-saml
Source: GitHub Advisory Database
Blast Radius: 4.3
Published: about 2 months ago
GSA_kwCzR0hTQS00bTZqLTIzcDItOGM1NM4AA5gn
Armeria SAML authentication bypass due to missing validation on unsigned SAML messagesEcosystems: maven
Packages: com.linecorp.armeria:armeria-saml
Source: GitHub Advisory Database
Blast Radius: 4.3
Published: about 2 months ago
Critical
Ecosystems: maven
Packages: org.apache.dolphinscheduler:dolphinscheduler
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 2 months ago
GSA_kwCzR0hTQS1yYzZoLXF3ajktMmM1M84AA5em
Apache DolphinScheduler vulnerable to arbitrary JavaScript execution as root for authenticated usersEcosystems: maven
Packages: org.apache.dolphinscheduler:dolphinscheduler
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 2 months ago
Critical
Ecosystems: go
Packages: github.com/gofiber/fiber/v2
Source: GitHub Advisory Database
Blast Radius: 34.9
Published: 2 months ago
GSA_kwCzR0hTQS1mbWc0LXg4cHctaGpoZ84AA5dK
Fiber has Insecure CORS Configuration, Allowing Wildcard Origin with CredentialsEcosystems: go
Packages: github.com/gofiber/fiber/v2
Source: GitHub Advisory Database
Blast Radius: 34.9
Published: 2 months ago
Critical
Ecosystems: packagist
Packages: phenx/php-svg-lib
Source: GitHub Advisory Database
Blast Radius: 43.2
Published: 2 months ago
GSA_kwCzR0hTQS05N20zLTUyd3IteHZ2Ms4AA5dJ
Dompdf's usage of vulnerable version of phenx/php-svg-lib leads to restriction bypass and potential RCEEcosystems: packagist
Packages: phenx/php-svg-lib
Source: GitHub Advisory Database
Blast Radius: 43.2
Published: 2 months ago
Critical
Ecosystems: maven
Packages: org.postgresql:postgresql
Source: GitHub Advisory Database
Blast Radius: 52.5
Published: 2 months ago
GSA_kwCzR0hTQS0yNHJwLXEzdzYtdmM1Ns4AA5cA
org.postgresql:postgresql vulnerable to SQL Injection via line comment generationEcosystems: maven
Packages: org.postgresql:postgresql
Source: GitHub Advisory Database
Blast Radius: 52.5
Published: 2 months ago
Critical
Ecosystems: pypi
Packages: pymatgen
Source: GitHub Advisory Database
Blast Radius: 25.0
Published: 2 months ago
GSA_kwCzR0hTQS12Z3Y4LTVjcGotcWoyZs4AA5bL
pymatgen vulnerable to arbitrary code execution when parsing a maliciously crafted JonesFaithfulTransformation transformation_stringEcosystems: pypi
Packages: pymatgen
Source: GitHub Advisory Database
Blast Radius: 25.0
Published: 2 months ago
Critical
Ecosystems: maven
Packages: com.liferay.portal:release.dxp.bom, com.liferay.portal:release.portal.bom
Source: GitHub Advisory Database
Blast Radius: 13.8
Published: 2 months ago
GSA_kwCzR0hTQS1xMmN2LTdqNTgtcmZtas4AA5bF
Liferay Portal Document and Media widget and Liferay DXP vulnerable to stored Cross-site ScriptingEcosystems: maven
Packages: com.liferay.portal:release.dxp.bom, com.liferay.portal:release.portal.bom
Source: GitHub Advisory Database
Blast Radius: 13.8
Published: 2 months ago
Critical
Ecosystems: maven
Packages: com.liferay.portal:release.dxp.bom, com.liferay.portal:release.portal.bom
Source: GitHub Advisory Database
Blast Radius: 13.8
Published: 2 months ago
GSA_kwCzR0hTQS00NGpnLWpnangtM3hnNc4AA5aM
Liferay Portal's Dynamic Data Mapping module's DDMForm and Liferay DXP vulnerable to stored Cross-site ScriptingEcosystems: maven
Packages: com.liferay.portal:release.dxp.bom, com.liferay.portal:release.portal.bom
Source: GitHub Advisory Database
Blast Radius: 13.8
Published: 2 months ago
Critical
Ecosystems: maven
Packages: com.liferay.portal:release.dxp.bom, com.liferay.portal:release.portal.bom
Source: GitHub Advisory Database
Blast Radius: 14.7
Published: 2 months ago
GSA_kwCzR0hTQS1yd2h2LWh2ajItcXJxbc4AA5aN
Liferay Portal Frontend JS module's portlet.js and Liferay DXP vulnerable to Cross-site ScriptingEcosystems: maven
Packages: com.liferay.portal:release.dxp.bom, com.liferay.portal:release.portal.bom
Source: GitHub Advisory Database
Blast Radius: 14.7
Published: 2 months ago
Critical
Ecosystems: maven
Packages: com.liferay.portal:release.dxp.bom, com.liferay.portal:release.portal.bom
Source: GitHub Advisory Database
Blast Radius: 13.8
Published: 2 months ago
GSA_kwCzR0hTQS1yd3hjLTRjbXctN3g3Nc4AA5aL
Liferay Portal and Liferay DXP vulnerable to stored Cross-site ScriptingEcosystems: maven
Packages: com.liferay.portal:release.dxp.bom, com.liferay.portal:release.portal.bom
Source: GitHub Advisory Database
Blast Radius: 13.8
Published: 2 months ago
Critical
Ecosystems: maven
Packages: com.liferay.portal:release.dxp.bom, com.liferay.portal:release.portal.bom
Source: GitHub Advisory Database
Blast Radius: 14.7
Published: 2 months ago
GSA_kwCzR0hTQS03M3gzLThtcmctNXI5M84AA5aE
Liferay Portal Language Override edit screen and Liferay DXP vulnerable to reflected Cross-site ScriptingEcosystems: maven
Packages: com.liferay.portal:release.dxp.bom, com.liferay.portal:release.portal.bom
Source: GitHub Advisory Database
Blast Radius: 14.7
Published: 2 months ago
Critical
Ecosystems: maven
Packages: com.liferay.portal:release.dxp.bom, com.liferay.portal:release.portal.bom
Source: GitHub Advisory Database
Blast Radius: 13.8
Published: 2 months ago
GSA_kwCzR0hTQS1wMjh4LTRyNWgtcGg2as4AA5aJ
Liferay Portal Message Board widget and Liferay DXP vulnerable to stored Cross-site ScriptingEcosystems: maven
Packages: com.liferay.portal:release.dxp.bom, com.liferay.portal:release.portal.bom
Source: GitHub Advisory Database
Blast Radius: 13.8
Published: 2 months ago
Critical
Ecosystems: maven
Packages: com.liferay.portal:release.dxp.bom, com.liferay.portal:release.portal.bom
Source: GitHub Advisory Database
Blast Radius: 13.8
Published: 2 months ago
GSA_kwCzR0hTQS12MnhxLW0yMnctam1wcs4AA5aH
Liferay Portal and Liferay DXP's Users Admin module vulnerable to stored Cross-site ScriptingEcosystems: maven
Packages: com.liferay.portal:release.dxp.bom, com.liferay.portal:release.portal.bom
Source: GitHub Advisory Database
Blast Radius: 13.8
Published: 2 months ago
Critical
Ecosystems: maven
Packages: com.liferay.portal:release.dxp.bom, com.liferay.portal:release.portal.bom
Source: GitHub Advisory Database
Blast Radius: 13.8
Published: 2 months ago
GSA_kwCzR0hTQS00Njh4LWZyY20tZ2h4Ns4AA5aB
Liferay Portal and Liferay DXP vulnerable to reflected Cross-site ScriptingEcosystems: maven
Packages: com.liferay.portal:release.dxp.bom, com.liferay.portal:release.portal.bom
Source: GitHub Advisory Database
Blast Radius: 13.8
Published: 2 months ago
Critical
Ecosystems: maven
Packages: com.liferay.portal:release.dxp.bom, com.liferay.portal:release.portal.bom
Source: GitHub Advisory Database
Blast Radius: 14.7
Published: 2 months ago
GSA_kwCzR0hTQS14cGpnLTdoeDctd2djeM4AA5aI
Liferay Portal and Liferay DXP vulnerable to Cross-site ScriptingEcosystems: maven
Packages: com.liferay.portal:release.dxp.bom, com.liferay.portal:release.portal.bom
Source: GitHub Advisory Database
Blast Radius: 14.7
Published: 2 months ago
Critical
Ecosystems: maven
Packages: com.liferay.portal:release.dxp.bom, com.liferay.portal:release.portal.bom
Source: GitHub Advisory Database
Blast Radius: 14.7
Published: 2 months ago
GSA_kwCzR0hTQS01NHB2LXI2MmotOXFxY84AA5aC
Liferay Portal and Liferay DXP vulnerable to reflected Cross-site ScriptingEcosystems: maven
Packages: com.liferay.portal:release.dxp.bom, com.liferay.portal:release.portal.bom
Source: GitHub Advisory Database
Blast Radius: 14.7
Published: 2 months ago
Critical
Ecosystems: maven
Packages: com.liferay.portal:release.dxp.bom, com.liferay.portal:release.portal.bom
Source: GitHub Advisory Database
Blast Radius: 13.8
Published: 2 months ago
GSA_kwCzR0hTQS1jcjM2LTN2cWYteDV3Nc4AA5aK
Liferay Portal Expando module and Liferay DXP vulnerable to stored Cross-site ScriptingEcosystems: maven
Packages: com.liferay.portal:release.dxp.bom, com.liferay.portal:release.portal.bom
Source: GitHub Advisory Database
Blast Radius: 13.8
Published: 2 months ago
Critical
Ecosystems: npm
Packages: @dfinity/auth-client, @dfinity/identity
Source: GitHub Advisory Database
Blast Radius: 22.9
Published: 2 months ago
GSA_kwCzR0hTQS1jOXZ2LWZoZ3YtY2pjM84AA5aA
agent-js: Insecure Key Generation in `Ed25519KeyIdentity.generate`Ecosystems: npm
Packages: @dfinity/auth-client, @dfinity/identity
Source: GitHub Advisory Database
Blast Radius: 22.9
Published: 2 months ago
Critical
Ecosystems: packagist
Packages: torrentpier/torrentpier
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 2 months ago
GSA_kwCzR0hTQS01cndtLTJ4dzgtaGg5cM4AA5X7
Deserialization of Untrusted Data in TorrentpierEcosystems: packagist
Packages: torrentpier/torrentpier
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 2 months ago
Critical
Ecosystems: nuget
Packages: NuGet.Packaging, NuGet.CommandLine
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 2 months ago
GSA_kwCzR0hTQS02OHc3LTcyamctNnFwcM4AA5RM
NuGet Client Security Feature Bypass VulnerabilityEcosystems: nuget
Packages: NuGet.Packaging, NuGet.CommandLine
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 2 months ago
Critical
Ecosystems: nuget
Packages: Microsoft.AspNetCore.App.Runtime.win-x86, Microsoft.AspNetCore.App.Runtime.win-x64, Microsoft.AspNetCore.App.Runtime.win-arm64, Microsoft.AspNetCore.App.Runtime.win-arm, Microsoft.AspNetCore.App.Runtime.osx-x64, Microsoft.AspNetCore.App.Runtime.osx-arm64, Microsoft.AspNetCore.App.Runtime.linux-x64, Microsoft.AspNetCore.App.Runtime.linux-musl-x64, Microsoft.AspNetCore.App.Runtime.linux-musl-arm64, Microsoft.AspNetCore.App.Runtime.linux-musl-arm, Microsoft.AspNetCore.App.Runtime.linux-arm64, Microsoft.AspNetCore.App.Runtime.linux-arm
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 2 months ago
GSA_kwCzR0hTQS1nNzRxLTV4dzMtajdxOc4AA5RK
Microsoft Security Advisory CVE-2024-21386: .NET Denial of Service VulnerabilityEcosystems: nuget
Packages: Microsoft.AspNetCore.App.Runtime.win-x86, Microsoft.AspNetCore.App.Runtime.win-x64, Microsoft.AspNetCore.App.Runtime.win-arm64, Microsoft.AspNetCore.App.Runtime.win-arm, Microsoft.AspNetCore.App.Runtime.osx-x64, Microsoft.AspNetCore.App.Runtime.osx-arm64, Microsoft.AspNetCore.App.Runtime.linux-x64, Microsoft.AspNetCore.App.Runtime.linux-musl-x64, Microsoft.AspNetCore.App.Runtime.linux-musl-arm64, Microsoft.AspNetCore.App.Runtime.linux-musl-arm, Microsoft.AspNetCore.App.Runtime.linux-arm64, Microsoft.AspNetCore.App.Runtime.linux-arm
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 2 months ago
Critical
Ecosystems: packagist
Packages: pixelfed/pixelfed
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 2 months ago
GSA_kwCzR0hTQS1nY2NxLWgzeGotamd2Zs4AA5N1
Pixelfed doesn't check OAuth Scopes in API routes, giving elevated permissionsEcosystems: packagist
Packages: pixelfed/pixelfed
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 2 months ago
Critical
Ecosystems: pypi
Packages: DIRAC
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
GSA_kwCzR0hTQS01OXFqLWpjanYtNjYyas4AA5Kb
DIRAC's TokenManager does not check permissions on cached tokensEcosystems: pypi
Packages: DIRAC
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
Critical
Ecosystems: pypi
Packages: Products.SQLAlchemyDA
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
GSA_kwCzR0hTQS1yM2pjLTNxbW0tdzNwd84AA5JJ
SQLAlchemyDA unauthenticated arbitrary SQL query executionEcosystems: pypi
Packages: Products.SQLAlchemyDA
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
Critical
Ecosystems: pypi
Packages: vyper
Source: GitHub Advisory Database
Blast Radius: 23.3
Published: 3 months ago
GSA_kwCzR0hTQS01MnhxLWo3djktdjR2Ms4AA5JI
Vyper array negative index vulnerabilityEcosystems: pypi
Packages: vyper
Source: GitHub Advisory Database
Blast Radius: 23.3
Published: 3 months ago
Critical
Ecosystems: maven
Packages: com.liferay.portal:release.dxp.bom, com.liferay.portal:release.portal.bom
Source: GitHub Advisory Database
Blast Radius: 14.7
Published: 3 months ago
GSA_kwCzR0hTQS05dmdxLXc1cHYtdjc3cc4AA5JF
Liferay Portal stored cross-site scripting (XSS) vulnerabilityEcosystems: maven
Packages: com.liferay.portal:release.dxp.bom, com.liferay.portal:release.portal.bom
Source: GitHub Advisory Database
Blast Radius: 14.7
Published: 3 months ago
Critical
Ecosystems: npm
Packages: stimulsoft-dashboards-js
Source: GitHub Advisory Database
Blast Radius: 2.7
Published: 3 months ago
GSA_kwCzR0hTQS1nZnFmLTl3OTgtN2pteM4AA5GB
Stimulsoft Dashboard.JS directory traversal vulnerabilityEcosystems: npm
Packages: stimulsoft-dashboards-js
Source: GitHub Advisory Database
Blast Radius: 2.7
Published: 3 months ago
Critical
Ecosystems: cargo
Packages: ckb
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 months ago
GSA_kwCzR0hTQS1xNzNmLXczaDctN3djY84AA5Cr
Nervos CKB Transaction which calls syscall load_cell_data_hash has nondeterministic resultEcosystems: cargo
Packages: ckb
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 months ago
Critical
Ecosystems: cargo
Packages: ckb
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 months ago
GSA_kwCzR0hTQS04NHgyLTJxdjYtcWc1Ns4AA5Ch
Nervos CKB P2P DoS AttacksEcosystems: cargo
Packages: ckb
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 months ago
Critical
Ecosystems: maven
Packages: com.linecorp.centraldogma:centraldogma-server
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
GSA_kwCzR0hTQS0zNHEzLXAzNTItYzdxOM4AA5Bm
Central Dogma Authentication Bypass Vulnerability via Session LeakageEcosystems: maven
Packages: com.linecorp.centraldogma:centraldogma-server
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
Critical
Ecosystems: maven
Packages: com.ibeetl:beetl-core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
GSA_kwCzR0hTQS05Z2g4LTg3N3ItZzQ3N84AA5Ap
Beetl Server-Side Template Injection vulnerabilityEcosystems: maven
Packages: com.ibeetl:beetl-core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
Critical
Ecosystems: pypi
Packages: vyper
Source: GitHub Advisory Database
Blast Radius: 23.3
Published: 3 months ago
GSA_kwCzR0hTQS05eDdmLWd3eHEtNmYyY84AA4_y
Vyper's bounds check on built-in `slice()` function can be overflowedEcosystems: pypi
Packages: vyper
Source: GitHub Advisory Database
Blast Radius: 23.3
Published: 3 months ago
Critical
Ecosystems: go
Packages: github.com/moby/buildkit
Source: GitHub Advisory Database
Blast Radius: 30.7
Published: 3 months ago
GSA_kwCzR0hTQS00djk4LTdxbXctcnFyOM4AA4-r
BuildKit vulnerable to possible host system access from mount stub cleanerEcosystems: go
Packages: github.com/moby/buildkit
Source: GitHub Advisory Database
Blast Radius: 30.7
Published: 3 months ago
Critical
Ecosystems: go
Packages: github.com/moby/buildkit
Source: GitHub Advisory Database
Blast Radius: 30.0
Published: 3 months ago
GSA_kwCzR0hTQS13cjZ2LTlmNzUtdmgyZ84AA4-q
Buildkit's interactive containers API does not validate entitlements checkEcosystems: go
Packages: github.com/moby/buildkit
Source: GitHub Advisory Database
Blast Radius: 30.0
Published: 3 months ago
Critical
Ecosystems: go
Packages: github.com/hashicorp/vault/vault
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 months ago
GSA_kwCzR0hTQS1qNnZ2LXZ2MjYtcmg3Y84AA488
HashiCorp Vault Improper Privilege ManagementEcosystems: go
Packages: github.com/hashicorp/vault/vault
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 months ago
Critical
Ecosystems: npm
Packages: meshcentral
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
GSA_kwCzR0hTQS04eHc2LTloNzgtYzg5as4AA470
Ylianst MeshCentral Missing SSL Certificate ValidationEcosystems: npm
Packages: meshcentral
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
Critical
Ecosystems: go
Packages: github.com/0xJacky/Nginx-UI
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 months ago
GSA_kwCzR0hTQS14dnE5LTR2cHYtMjI3bc4AA47r
Nginx-UI vulnerable to arbitrary file write through the Import Certificate featureEcosystems: go
Packages: github.com/0xJacky/Nginx-UI
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 months ago
Critical
Ecosystems: npm
Packages: @devicefarmer/stf
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 months ago
GSA_kwCzR0hTQS03eG04LXdqcTctODhyNc4AA47X
DeviceFarmer stf uses DES-ECBEcosystems: npm
Packages: @devicefarmer/stf
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 months ago
Critical
Ecosystems: pypi
Packages: synthcity
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
GSA_kwCzR0hTQS00OTU3LTd2aHAtN3Y1Oc4AA45N
Deserialization of untrusted data in synthcityEcosystems: pypi
Packages: synthcity
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
Critical
Ecosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 months ago
GSA_kwCzR0hTQS02ZjlnLWN4d3ItcTVqcs4AA4qu
Arbitrary file read vulnerability through the Jenkins CLI can lead to RCEEcosystems: maven
Packages: org.jenkins-ci.main:jenkins-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 months ago
Critical
Ecosystems: maven
Packages: com.alipay.sofa:rpc-sofa-boot-starter
Source: GitHub Advisory Database
Blast Radius: 21.8
Published: 3 months ago
GSA_kwCzR0hTQS03cThwLTk5NTMtcHh2cs4AA4ov
Remote Command Execution in SOFARPCEcosystems: maven
Packages: com.alipay.sofa:rpc-sofa-boot-starter
Source: GitHub Advisory Database
Blast Radius: 21.8
Published: 3 months ago
Statistics
Advisories: 18,139
Packages: 8,241
Repositories: 1,281
Ecosystems: 12
Packages: 8,241
Repositories: 1,281
Ecosystems: 12
Filter by Severity
Filter by Ecosystem
Filter by Package
magento/community-edition
27
com.fasterxml.jackson.core:jackson-databind
24
dolibarr/dolibarr
23
net.mingsoft:ms-mcms
18
org.jenkins-ci.main:jenkins-core
18
moodle/moodle
15
salt
14
com.liferay.portal:release.portal.bom
13
langchain
12
com.liferay.portal:release.dxp.bom
12
topthink/framework
12
mlflow
12
org.apache.dubbo:dubbo
12
magento/core
11
org.apache.struts:struts2-core
11
drupal/core
11
apache-airflow
10
vm2
10
tensorflow
9
phpmyadmin/phpmyadmin
9
funadmin/funadmin
9
org.xwiki.platform:xwiki-platform-oldcore
9
org.jeecgframework.boot:jeecg-boot-common
8
tensorflow-gpu
8
shopware/platform
8
tensorflow-cpu
8
drupal/drupal
8
org.xwiki.platform:xwiki-platform-web-templates
8
rdiffweb
8
paddlepaddle
8
gogs.io/gogs
7
studio-42/elfinder
7
symfony/symfony
7
sequelize
7
froxlor/froxlor
7
ansible
7
org.xwiki.platform:xwiki-platform-administration-ui
7
rusqlite
7
aaptjs
6
ezsystems/ezpublish-kernel
6
github.com/argoproj/argo-cd
6
parse-server
6
github.com/answerdev/answer
6
thorsten/phpmyfaq
6
org.jeecgframework.boot:jeecg-boot-parent
5
zendframework/zendframework
5
ckb
5
org.xwiki.commons:xwiki-commons-xml
5
org.apache.shiro:shiro-core
5
centreon/centreon
5
shopware/core
5
django
5
Pillow
5
org.apache.tomcat.embed:tomcat-embed-core
5
Microsoft.ChakraCore
5
nodebb
5
org.xwiki.platform:xwiki-platform-web
5
org.jenkins-ci.plugins:script-security
5
org.apache.inlong:manager-pojo
5
safe-eval
5
steal
5
org.apache.activemq:activemq-client
5
spree_auth_devise
4
baserproject/basercms
4
org.jeecgframework.boot:jeecg-boot-base-core
4
contao/contao
4
messagepack-rs
4
org.apache.inlong:manager-service
4
contao/core-bundle
4
librenms/librenms
4
openssl-src
4
nilsteampassnet/teampass
4
org.apache.tapestry:tapestry-core
4
PaddlePaddle
4
code.gitea.io/gitea
4
org.apache.openmeetings:openmeetings-parent
4
Django
4
org.eclipse.jetty:jetty-server
4
realms-shim
4
org.cloudfoundry.identity:cloudfoundry-identity-server
4
smallvec
4
nukeviet/nukeviet
4
pyload-ng
4
github.com/argoproj/argo-cd/v2
4
prestashop/prestashop
4
github.com/hashicorp/vault
4
safer-eval
4
github.com/usememos/memos
4
net.opentsdb:opentsdb
4
org.xwiki.platform:xwiki-platform-flamingo-skin-resources
4
org.apache.kylin:kylin-server-base
4
feehi/cms
4
swagger-ui
4
calibreweb
4
org.xwiki.platform:xwiki-platform-appwithinminutes-ui
4
hermes-engine
4
apache-airflow-providers-apache-hive
4
org.zenframework.z8.dependencies.commons:log4j-1.2.17
3
xcb
3
org.apache.hadoop:hadoop-common
3
org.apache.solr:solr-core
3
slpjs
3
org.richfaces:richfaces-core
3
org.apache.solr:solr-parent
3
dompdf/dompdf
3
edu.stanford.nlp:stanford-corenlp
3
browserify-shim
3
com.hazelcast:hazelcast
3
rubygems-update
3
org.keycloak:keycloak-core
3
showdoc/showdoc
3
mongoose
3
ro.pippo:pippo-core
3
org.xwiki.platform:xwiki-platform-icon-ui
3
nvflare
3
github.com/rancher/rancher
3
ezsystems/ezplatform-kernel
3
org.apache.linkis:linkis
3
craftcms/cms
3
github.com/dexidp/dex
3
github.com/hashicorp/nomad
3
modoboa
3
actix-web
3
facade/ignition
3
org.apache.ozone:ozone-main
3
org.xwiki.platform:xwiki-platform-panels-ui
3
org.apache.dolphinscheduler:dolphinscheduler
3
org.apache.any23:apache-any23
3
com.jflyfox:jflyfox_jfinal
3
org.jenkins-ci.plugins.workflow:workflow-cps
3
zendframework/zendframework1
3
org.apache.ignite:ignite-core
3
org.xwiki.platform:xwiki-platform-flamingo-theme-ui
3
github.com/pterodactyl/wings
3
id-map
3
jsrsasign
3
smarty/smarty
3
org.apache.storm:storm
3
io.dataease:dataease-plugin-common
3
lmdb
3
io.undertow:undertow-core
3
org.apache.jmeter:ApacheJMeter
3
nokogiri
3
publify_core
3
codeigniter4/framework
3
github.com/go-gitea/gitea
3
strapi
3
feathers-sequelize
3
ibexa/core
3
tribalsystems/zenario
3
ray
3
log4j:log4j
3
org.xwiki.platform:xwiki-platform-search-ui
3
@openzeppelin/contracts-upgradeable
3
org.jeecgframework.boot:jeecg-boot-base
3
elefant/cms
3
pimcore/pimcore
3
slp-validate
3
org.apache.logging.log4j:log4j-core
3
cobbler
3
mautic/core
3
org.jenkins-ci.plugins:active-directory
3
org.springframework.security:spring-security-core
3
org.apache.inlong:manager-web
3
typo3/cms
3
francoisjacquet/rosariosis
3
phpmailer/phpmailer
3
codiad/codiad
3
symfony/security
3
impresscms/impresscms
3
symfony/security-core
3
handlebars
3
com.alibaba:dubbo
3
org.jenkins-ci.plugins:semantic-versioning-plugin
2
mathjs
2
deno
2
async-git
2
rubyzip
2
github.com/gofiber/fiber/v2
2
org.apache.dubbo:dubbo-parent
2
shell-quote
2
github.com/moby/buildkit
2
python-keystoneclient
2
hellojs
2
Plone
2
org.xwiki.platform:xwiki-platform-scheduler-ui
2
pandasai
2
com.jfinal:jfinal
2
org.apache.pulsar:pulsar
2
zendframework/zend-db
2
net.bull.javamelody:javamelody-core
2
pyyaml
2
flatmap-stream
2
puma
2
wwbn/avideo
2
total4
2
activerecord
2
url-parse
2
xmlhttprequest-ssl
2
cn.hutool:hutool-all
2
Filter by Repository
https://github.com/xwiki/xwiki-platform
81
https://github.com/FasterXML/jackson-databind
24
https://github.com/jenkinsci/jenkins
17
https://github.com/Dolibarr/dolibarr
15
https://github.com/apache/airflow
14
https://github.com/saltstack/salt
13
https://github.com/mlflow/mlflow
11
https://github.com/PaddlePaddle/Paddle
11
https://github.com/ming-soft/MCMS
10
https://github.com/patriksimek/vm2
10
https://github.com/tensorflow/tensorflow
9
https://github.com/funadmin/funadmin
9
https://github.com/jeecgboot/jeecg-boot
9
https://github.com/django/django
8
https://github.com/top-think/framework
8
https://github.com/langchain-ai/langchain
8
https://github.com/magento/magento2
8
https://github.com/ikus060/rdiffweb
8
https://github.com/apache/inlong
8
https://github.com/ansible/ansible
7
https://github.com/go-gitea/gitea
7
https://github.com/sequelize/sequelize
7
https://github.com/python-pillow/Pillow
7
https://github.com/Studio-42/elFinder
7
https://github.com/gogs/gogs
7
https://github.com/apache/struts
7
https://github.com/rusqlite/rusqlite
7
https://github.com/argoproj/argo-cd
7
https://github.com/xwiki/xwiki-commons
6
https://github.com/shopware/platform
6
https://github.com/thorsten/phpmyfaq
6
https://github.com/answerdev/answer
6
https://github.com/symfony/symfony
6
https://github.com/shenzhim/aaptjs
6
https://github.com/parse-community/parse-server
6
https://github.com/moodle/moodle
5
https://github.com/keycloak/keycloak
5
https://github.com/stealjs/steal
5
https://github.com/froxlor/froxlor
5
https://github.com/NodeBB/NodeBB
5
https://github.com/hacksparrow/safe-eval
5
https://github.com/apache/tomcat
5
https://github.com/solidusio/solidus_auth_devise
5
https://github.com/nervosnetwork/ckb
5
https://github.com/apache/activemq
5
https://github.com/ezsystems/ezpublish-kernel
4
https://github.com/contao/contao
4
https://github.com/dompdf/dompdf
4
https://github.com/dromara/hutool
4
https://github.com/janeczku/calibre-web
4
https://github.com/swagger-api/swagger-ui
4
https://github.com/pippo-java/pippo
4
https://github.com/liufee/cms
4
https://github.com/spring-projects/spring-framework
4
https://github.com/servo/rust-smallvec
4
https://github.com/cloudfoundry/uaa
4
https://github.com/hwchase17/langchain
4
https://github.com/pyload/pyload
4
https://github.com/usememos/memos
4
https://github.com/CVEProject/cvelist
4
https://github.com/PrestaShop/PrestaShop
4
https://github.com/OpenTSDB/opentsdb
4
https://github.com/otake84/messagepack-rs
4
https://github.com/neorazorx/facturascripts
3
https://github.com/github/securitylab
3
https://github.com/dexidp/dex
3
https://github.com/apache/shiro
3
https://github.com/feathersjs-ecosystem/feathers-sequelize
3
https://github.com/baserproject/basercms
3
https://github.com/pterodactyl/wings
3
https://github.com/simpleledger/slpjs
3
https://github.com/phpmyadmin/phpmyadmin
3
https://github.com/smarty-php/smarty
3
https://github.com/cobbler/cobbler
3
https://github.com/opencast/opencast
3
https://github.com/thlorenz/browserify-shim
3
https://github.com/facade/ignition
3
https://github.com/TeamSeri0us/pocs
3
https://github.com/rubygems/rubygems.org
3
https://github.com/facebook/hermes
3
https://github.com/mbechler/marshalsec
3
https://github.com/hazelcast/hazelcast
3
https://github.com/jflyfox/jfinal_cms
3
https://github.com/pimcore/pimcore
3
https://github.com/star7th/showdoc
3
https://github.com/rancher/rancher
3
https://github.com/ImpressCMS/impresscms
3
https://github.com/publify/publify
3
https://github.com/dwisiswant0/advisory
3
https://github.com/centreon/centreon-archived
3
https://github.com/shopware/shopware
3
https://github.com/LetianYuan/My-CVE-Public-References
3
https://github.com/kjur/jsrsasign
3
https://github.com/chakra-core/ChakraCore
3
https://github.com/dataease/dataease
3
https://github.com/run-llama/llama_index
3
https://github.com/jbroadway/elefant
3
https://github.com/strapi/strapi
3
https://github.com/apache/camel
3
https://github.com/octobercms/october
3
https://github.com/ibexa/core
3
https://github.com/denoland/deno
3
https://github.com/NVIDIA/NVFlare
3
https://github.com/crewjam/saml
3
https://github.com/modoboa/modoboa
3
https://github.com/actix/actix-web
3
https://github.com/craftcms/cms
3
https://github.com/rubygems/rubygems
3
https://github.com/twisted/twisted
3
https://github.com/andrewhickman/id-map
3
https://github.com/PHPMailer/PHPMailer
3
https://github.com/nukeviet/nukeviet
3
https://github.com/ezsystems/ezplatform-kernel
3
https://github.com/drupal/core
2
https://github.com/SAP/cloud-pysec
2
https://github.com/getgrav/grav
2
https://github.com/zoujingli/ThinkAdmin
2
https://github.com/nats-io/jwt
2
https://github.com/qcubed/qcubed
2
https://github.com/nystudio107/craft-seomatic
2
https://github.com/jmrozanec/cron-utils
2
https://github.com/rubyzip/rubyzip
2
https://github.com/apache/kylin
2
https://github.com/jfinal/jfinal
2
https://github.com/TribalSystems/Zenario
2
https://github.com/waycrate/swhkd
2
https://github.com/Automattic/mongoose
2
https://github.com/codeigniter4/CodeIgniter4
2
https://github.com/rest-client/rest-client
2
https://github.com/SAP/cloud-security-services-integration-library
2
https://github.com/graphite-project/graphite-web
2
https://github.com/dominictarr/event-stream
2
https://github.com/quarkusio/quarkus
2
https://github.com/gventuri/pandas-ai
2
https://github.com/rochacbruno/quokka
2
https://github.com/KnpLabs/snappy
2
https://github.com/benbusby/whoogle-search
2
https://github.com/gnzlbg/slice_deque
2
https://github.com/ADOdb/ADOdb
2
https://github.com/pytorch/serve
2
https://github.com/javamelody/javamelody
2
https://github.com/simpleledger/slp-validate.js
2
https://github.com/Netflix/security-bulletins
2
https://github.com/nodejs/llhttp
2
https://github.com/sjep/array
2
https://github.com/apache/submarine
2
https://github.com/OpenAPITools/openapi-generator
2
https://github.com/folio-org/mod-data-export-spring
2
https://github.com/web2py/web2py
2
https://github.com/kubernetes/kubernetes
2
https://github.com/sidorares/node-mysql2
2
https://github.com/http4s/http4s
2
https://github.com/Microsoft/ChakraCore
2
https://github.com/js-data/js-data
2
https://github.com/ibexa/admin-ui
2
https://github.com/grafana/grafana
2
https://github.com/centreon/centreon
2
https://github.com/beego/beego
2
https://github.com/ezsystems/ezplatform-admin-ui
2
https://github.com/MrSwitch/hello.js
2
https://github.com/puma/puma
2
https://github.com/apache/incubator-streampark
2
https://github.com/evmos/evmos
2
https://github.com/fluxcd/flux2
2
https://github.com/unshiftio/url-parse
2
https://github.com/dominictarr/libnested
2
https://github.com/OpenZeppelin/openzeppelin-contracts
2
https://github.com/top-think/thinkphp
2
https://github.com/netvl/acc_reader
2
https://github.com/michaelschwarz/Ajax.NET-Professional
2
https://github.com/handlebars-lang/handlebars.js
2
https://github.com/hashicorp/vault
2
https://github.com/noear/solon
2
https://github.com/totaljs/framework
2
https://github.com/ionicabizau/parse-url
2
https://github.com/HtmlUnit/htmlunit
2
https://github.com/h2database/h2database
2
https://github.com/jenkinsci/semantic-versioning-plugin
2
https://github.com/cockpit-hq/cockpit
2
https://github.com/stanfordnlp/corenlp
2
https://github.com/keystonejs/keystone
2
https://github.com/ahdinosaur/set-in
2
https://github.com/russellhaering/gosaml2
2
https://github.com/mautic/mautic
2
https://github.com/jenkinsci/script-security-plugin
2
https://github.com/neo4j-contrib/neo4j-apoc-procedures
2
https://github.com/skoranga/node-dns-sync
2
https://github.com/rust-random/rand
2
https://github.com/OpenMage/magento-lts
2
https://github.com/xwiki/xwiki-rendering
2
https://github.com/Gerapy/Gerapy
2
https://github.com/PowerJob/PowerJob
2
https://github.com/sparklemotion/nokogiri
2
https://github.com/WWBN/AVideo
2
https://github.com/TogaTech/tEnvoy
2
https://github.com/Froxlor/Froxlor
2
https://github.com/apache/dolphinscheduler
2
https://github.com/alextselegidis/easyappointments
2
https://github.com/apache/flume
2