Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Advisories

Loading...
Critical
GSA_kwCzR0hTQS04bTlmLWM1cDktd3FjaM4AAxM-
Remote Code Execution in com.bstek.uflo:uflo-core
Ecosystems: maven
Packages: com.bstek.uflo:uflo-core
Source: GitHub Advisory Database
Published: 2 days ago
Critical
GSA_kwCzR0hTQS1xOWhyLWo0cmYtOGZqY84AAxJD
JWT audience claim is not verified
Ecosystems: go
Packages: github.com/argoproj/argo-cd
Source: GitHub Advisory Database
Published: 3 days ago
Critical
GSA_kwCzR0hTQS1jcTRwLXZwNXEtNDUyMs4AAxI-
Plaintext storage of sensitive data in Rancher API and cluster.management.cattle.io objects
Ecosystems: go
Packages: github.com/rancher/rancher
Source: GitHub Advisory Database
Published: 4 days ago
Critical
GSA_kwCzR0hTQS1qcWg2LTk1NzQtNXgyMs4AAxIl
MITM based Zip Slip in `ca.uhn.hapi.fhir:org.hl7.fhir.core`
Ecosystems: maven
Packages: ca.uhn.hapi.fhir:org.hl7.fhir.core
Source: GitHub Advisory Database
Published: 5 days ago
Critical
GSA_kwCzR0hTQS14cjh4LXB4bTYtcHJqZ84AAxIj
MITM based Zip Slip in `org.hl7.fhir.publisher:org.hl7.fhir.publisher`
Ecosystems: maven
Packages: org.hl7.fhir.publisher:org.hl7.fhir.publisher
Source: GitHub Advisory Database
Published: 5 days ago
Critical
GSA_kwCzR0hTQS14NzN3LWc4aHgtdjdycM4AAxGk
Code injection in electerm
Ecosystems: npm
Packages: electerm
Source: GitHub Advisory Database
Published: 8 days ago
Critical
GSA_kwCzR0hTQS02ZzhxLXFmcHYtNTd3cM4AAxFy
CakePHP Database\\Query::offset() and limit() methods are vulnerable to SQL injection
Ecosystems: packagist
Packages: cakephp/database, cakephp/cakephp
Source: GitHub Advisory Database
Published: 9 days ago
Critical
GSA_kwCzR0hTQS02dzg5LWM2NXctangyY84AAxE2
Jeecg-boot is vulnerable to SQL injection
Ecosystems: maven
Packages: org.jeecgframework.boot:jeecg-module-system, org.jeecgframework.boot:jeecg-boot-base-core
Source: GitHub Advisory Database
Published: 10 days ago
Critical
GSA_kwCzR0hTQS05M2N3LWY1amoteDg1d84AAxBk
Shopware vulnerable to Improper Control of Generation of Code in Twig rendered views
Ecosystems: packagist
Packages: shopware/core, shopware/platform
Source: GitHub Advisory Database
Published: 11 days ago
Critical
GSA_kwCzR0hTQS04aGNmLTJtNHYtZjJycc4AAw_o
SQL Injection in liftkit/database
Ecosystems: packagist
Packages: liftkit/database
Source: GitHub Advisory Database
Published: 13 days ago
Critical
GSA_kwCzR0hTQS04NWdmLXdyNjctZjgzd84AAw_f
curupira is vulnerable to SQL injection
Ecosystems: rubygems
Packages: curupira
Source: GitHub Advisory Database
Published: 13 days ago
Critical
GSA_kwCzR0hTQS1nOTJyLTlyeHctY21neM4AAw_S
phpMyFAQ Improper Authentication vulnerability
Ecosystems: packagist
Packages: thorsten/phpmyfaq
Source: GitHub Advisory Database
Published: 13 days ago
Critical
GSA_kwCzR0hTQS1yYzQyLWpnaGYtdnI4Zs4AAw-0
Integer overflow in publify_core
Ecosystems: rubygems
Packages: publify_core
Source: GitHub Advisory Database
Published: 15 days ago
Critical
GSA_kwCzR0hTQS1xM3JtLWY1MjctZ2h4as4AAw-1
Publify Improper Input Validation vulnerability
Ecosystems: rubygems
Packages: publify_core
Source: GitHub Advisory Database
Published: 15 days ago
Critical
GSA_kwCzR0hTQS1wZjM4LTVwMjIteDZoNs4AAw-v
Code Injection in pyload-ng
Ecosystems: pypi
Packages: pyload-ng
Source: GitHub Advisory Database
Published: 15 days ago
Critical
GSA_kwCzR0hTQS1tNTg5LW12NHEtcDdyas4AAw-I
webbrowser-rs allows attackers to access arbitrary files via supplying a crafted URL
Ecosystems: cargo
Packages: webbrowser
Source: GitHub Advisory Database
Published: 15 days ago
Critical
GSA_kwCzR0hTQS12dmozLTg1dmYtZmdtd84AAw93
global-modules-path Command Injection vulnerability
Ecosystems: npm
Packages: global-modules-path
Source: GitHub Advisory Database
Published: 16 days ago
Critical
GSA_kwCzR0hTQS00cjJmLTZmbTktMnFnaM4AAw1-
Ecto lacks a protection mechanism
Ecosystems: hex
Packages: ecto
Source: GitHub Advisory Database
Published: 19 days ago
Critical
GSA_kwCzR0hTQS14ajl2LTZxMmYtdnFoeM4AAw0A
wifey vulnerable to Command Injection due to improper input sanitization
Ecosystems: npm
Packages: wifey
Source: GitHub Advisory Database
Published: 20 days ago
Critical
GSA_kwCzR0hTQS1tamd3LWYyYzQtZjhxas4AAwzj
WebPA SQL Injection vulnerability
Ecosystems: packagist
Packages: webpa/webpa
Source: GitHub Advisory Database
Published: 21 days ago
Critical
GSA_kwCzR0hTQS13dzQzLW1jdmgtMzVwNM4AAwzd
PaginationServiceProvider SQL Injection vulnerability
Ecosystems: packagist
Packages: ttskch/pagination-service-provider
Source: GitHub Advisory Database
Published: 21 days ago
Critical
GSA_kwCzR0hTQS0zaGM3LTJ4Y2MtN3A4Zs4AAwzZ
Squalor SQL Injection vulnerability
Ecosystems: go
Packages: github.com/square/squalor
Source: GitHub Advisory Database
Published: 21 days ago
Critical
GSA_kwCzR0hTQS1nN213LTlwZjktcDJwbc4AAwzR
gosqljson SQL Injection vulnerability
Ecosystems: go
Packages: github.com/elgs/gosqljson
Source: GitHub Advisory Database
Published: 21 days ago
Critical
GSA_kwCzR0hTQS1yaDNtLXByMzYteGgyZs4AAwzQ
kelvinmo simplexrd vulnerable to Improper Restriction of XML External Entity Reference
Ecosystems: packagist
Packages: kelvinmo/simplexrd
Source: GitHub Advisory Database
Published: 21 days ago
Critical
GSA_kwCzR0hTQS13dnIyLXE4Nm0tNndocM4AAwzO
Baobab vulnerable to Prototype Pollution
Ecosystems: npm
Packages: baobab
Source: GitHub Advisory Database
Published: 21 days ago
Critical
GSA_kwCzR0hTQS1qanZwLXdmcDgtcnY2Oc4AAwyg
globalpom-utils has Insecure Temporary File
Ecosystems: maven
Packages: com.anrisoftware.globalpom:globalpomutils
Source: GitHub Advisory Database
Published: 22 days ago
Critical
GSA_kwCzR0hTQS03bWc1LXJ3MzktcTY3Zs4AAwyN
himiklab yii2-jqgrid-widget vulnerable to SQL Injection
Ecosystems: packagist
Packages: himiklab/yii2-jqgrid-widget
Source: GitHub Advisory Database
Published: 23 days ago
Critical
GSA_kwCzR0hTQS12amhmLTh2cXgtdnFwcc4AAwyJ
KubePi allows malicious actor to login with a forged JWT token via Hardcoded Jwtsigkeys
Ecosystems: go
Packages: github.com/KubeOperator/kubepi
Source: GitHub Advisory Database
Published: 23 days ago
Critical
GSA_kwCzR0hTQS02bWpwLTJybTYtOWc4Nc4AAwyI
XWiki CKEditor.HTMLConverter vulnerable to Remote Code Execution via Cross-Site Request Forgery
Ecosystems: maven
Packages: org.xwiki.contrib:application-ckeditor-ui
Source: GitHub Advisory Database
Published: 23 days ago
Critical
GSA_kwCzR0hTQS02OGh2LTg5MjYtajM0Y84AAwyF
DBRisinajumi d2files SQL Injection vulnerability
Ecosystems: packagist
Packages: dbrisinajumi/d2files
Source: GitHub Advisory Database
Published: 23 days ago
Critical
GSA_kwCzR0hTQS03N2NjLXczd20tNndocM4AAwyB
dssp vulnerable to Improper Restriction of XML External Entity Reference
Ecosystems: maven
Packages: be.e_contract.dssp:dssp-client
Source: GitHub Advisory Database
Published: 23 days ago
Critical
GSA_kwCzR0hTQS04cGg4LTlxMmotYzNycc4AAwx-
nodebatis SQL Injection vulnerability
Ecosystems: npm
Packages: nodebatis
Source: GitHub Advisory Database
Published: 23 days ago
Critical
GSA_kwCzR0hTQS1mMjU5LWg2bTgtaG04bc4AAwx2
exec-local-bin vulnerable to Command Injection
Ecosystems: npm
Packages: exec-local-bin
Source: GitHub Advisory Database
Published: 23 days ago
Critical
GSA_kwCzR0hTQS13Zzk5LTV2cngtajJnZ84AAwwt
bonita-connector-webservice XML External Entity vulnerability
Ecosystems: maven
Packages: org.bonitasoft.connectors:bonita-connector-webservice
Source: GitHub Advisory Database
Published: 24 days ago
Critical
GSA_kwCzR0hTQS1nNHI4LTI4ZnAtZjI1Nc4AAwwx
aXMLRPC XML External Entity vulnerability
Ecosystems: maven
Packages: fr.turri:aXMLRPC
Source: GitHub Advisory Database
Published: 24 days ago
Critical
GSA_kwCzR0hTQS0zeGg1LThodnEtcmM4eM4AAwvm
Apache DolphinScheduler vulnerable to Improper Input Validation
Ecosystems: maven
Packages: org.apache.dolphinscheduler:dolphinscheduler
Source: GitHub Advisory Database
Published: 25 days ago
Critical
GSA_kwCzR0hTQS1mcHJyLXJybTgtNDUzNM4AAwuU
Apache Dubbo vulnerable to remote code execution via Telnet Handler
Ecosystems: maven
Packages: org.apache.dubbo:dubbo-parent
Source: GitHub Advisory Database
Published: 26 days ago
Critical
GSA_kwCzR0hTQS1mcjU0LTcyd3ItY3F2cc4AAwri
express-param vulnerable to Improper Handling of Extra Parameters
Ecosystems: npm
Packages: express-param
Source: GitHub Advisory Database
Published: 28 days ago
Critical
GSA_kwCzR0hTQS1xcjk3LXY4N3AteDk2Nc4AAwrf
Ariadne Component Library vulnerable to Server-Side Request Forgery
Ecosystems: packagist
Packages: arc/web
Source: GitHub Advisory Database
Published: 29 days ago
Critical
GSA_kwCzR0hTQS14OXA5LXYzeDYtNjhtcc4AAwra
usememos/memos vulnerable to Cross-site Scripting
Ecosystems: go
Packages: github.com/usememos/memos
Source: GitHub Advisory Database
Published: 29 days ago
Critical
GSA_kwCzR0hTQS04dzVxLTVmcHEtdjRwbc4AAwrb
usememos/memos Cross-site Scripting vulnerability
Ecosystems: go
Packages: github.com/usememos/memos
Source: GitHub Advisory Database
Published: 29 days ago
Critical
GSA_kwCzR0hTQS1ndmZqLWZ4eDMtajMyM84AAwrY
Mellium vulnerable to authentication failure or insufficient randomness used during authentication
Ecosystems: go
Packages: mellium.im/sasl
Source: GitHub Advisory Database
Published: 29 days ago
Critical
GSA_kwCzR0hTQS13OXJ2LXhtZjcteDNnaM4AAwqa
Apache Kylin vulnerable to Command injection by Diagnosis Controller
Ecosystems: maven
Packages: org.apache.kylin:kylin
Source: GitHub Advisory Database
Published: 30 days ago
Critical
GSA_kwCzR0hTQS1qNjlmLWZnaDUtZjdtY84AAwqU
iText RUPS XML External Entity vulnerability
Ecosystems: maven
Packages: com.itextpdf:itext-rups
Source: GitHub Advisory Database
Published: 30 days ago
Critical
GSA_kwCzR0hTQS1qcGY4LWg3aDctM3Bwbc4AAwoR
tar-utils Path Traversal vulnerability
Ecosystems: go
Packages: github.com/whyrusleeping/tar-utils
Source: GitHub Advisory Database
Published: about 1 month ago
Critical
GSA_kwCzR0hTQS1qcGdnLWNwMngtcXJ3M84AAwoP
Web vulnerable to Uncontrolled Resource Consumption
Ecosystems: go
Packages: github.com/ecnepsnai/web
Source: GitHub Advisory Database
Published: about 1 month ago
Critical
GSA_kwCzR0hTQS0zODM5LTZyNjktbTQ5N84AAwoN
GoUtils's randomly-generated alphanumeric strings contain significantly less entropy than expected
Ecosystems: go
Packages: github.com/Masterminds/goutils
Source: GitHub Advisory Database
Published: about 1 month ago
Critical
GSA_kwCzR0hTQS00d3AyLThybTItamdtaM4AAwoa
LZ4 vulnerable to Out-of-bounds Write
Ecosystems: go
Packages: github.com/cloudflare/golz4
Source: GitHub Advisory Database
Published: about 1 month ago
Critical
GSA_kwCzR0hTQS0zMnFoLTh2ZzYtOWc0M84AAwop
Cloud Foundry Archiver vulnerable to path traversal
Ecosystems: go
Packages: code.cloudfoundry.org/archiver, github.com/cloudfoundry/archiver
Source: GitHub Advisory Database
Published: about 1 month ago
Critical
GSA_kwCzR0hTQS1qY3I2LW1tamotcGNod84AAwoZ
gorilla/handlers may allow requester to bypass expected behavior of the Same Origin Policy
Ecosystems: go
Packages: github.com/gorilla/handlers
Source: GitHub Advisory Database
Published: about 1 month ago
Critical
GSA_kwCzR0hTQS1ocm0zLTN4bTYteDMzaM4AAwoO
golang-nanoauth authentication bypass vulnerability
Ecosystems: go
Packages: github.com/nanobox-io/golang-nanoauth
Source: GitHub Advisory Database
Published: about 1 month ago
Critical
GSA_kwCzR0hTQS1mNWM1LWhtdzktdjhoeM4AAwoX
Unzip vulnerable to path traversal
Ecosystems: go
Packages: github.com/yi-ge/unzip
Source: GitHub Advisory Database
Published: about 1 month ago
Critical
GSA_kwCzR0hTQS1ybWo5LXE1OGctOXFnZ84AAwoW
go-unzip vulnerable to Path Traversal
Ecosystems: go
Packages: github.com/artdarek/go-unzip
Source: GitHub Advisory Database
Published: about 1 month ago
Critical
GSA_kwCzR0hTQS1tOHI5LXF4eDgtbXJ4cM4AAwnn
rdiffweb Improper Access Control vulnerability
Ecosystems: pypi
Packages: rdiffweb
Source: GitHub Advisory Database
Published: about 1 month ago
Critical
GSA_kwCzR0hTQS1mNWg5LXF4MzgtMmhncM4AAwnj
AWS SDK is vulnerable to server-side request forgery (SSRF)
Ecosystems: maven
Packages: com.amazonaws:aws-android-sdk-mobile-client
Source: GitHub Advisory Database
Published: about 1 month ago
Critical
GSA_kwCzR0hTQS02eHJmLXE5NzctNXZnY84AAwmb
json-pointer vulnerable to Prototype Pollution
Ecosystems: npm
Packages: json-pointer
Source: GitHub Advisory Database
Published: about 1 month ago
Critical
GSA_kwCzR0hTQS0yajJ4LTJncHctZzhmbc4AAwl4
flat vulnerable to Prototype Pollution
Ecosystems: npm
Packages: flat
Source: GitHub Advisory Database
Published: about 1 month ago
Critical
GSA_kwCzR0hTQS1wNHFyLXZxMmctMjJ3cM4AAwkn
ThinkPHP Framework vulnerable to remote code execution
Ecosystems: packagist
Packages: topthink/framework
Source: GitHub Advisory Database
Published: about 1 month ago
Critical
GSA_kwCzR0hTQS02OGd3LXIyeDUtN3I1cs4AAwkY
usememos/memos Improper Authentication vulnerability
Ecosystems: go
Packages: github.com/usememos/memos
Source: GitHub Advisory Database
Published: about 1 month ago
Critical
GSA_kwCzR0hTQS13bXhtLTZ3eGMtM3hxZs4AAwgk
Apache ShardingSphere-Proxy Incomplete Cleanup vulnerability
Ecosystems: maven
Packages: org.apache.shardingsphere:shardingsphere-proxy
Source: GitHub Advisory Database
Published: about 1 month ago
Critical
GSA_kwCzR0hTQS02bTRoLWhmcHAteDhjeM4AAwgV
docconv OS Command Injection vulnerability
Ecosystems: go
Packages: github.com/sajari/docconv
Source: GitHub Advisory Database
Published: about 1 month ago
Critical
GSA_kwCzR0hTQS1jMnA0LThtdnYtcndtds4AAwel
Apache Karaf vulnerable to potential code injection
Ecosystems: maven
Packages: org.apache.karaf:apache-karaf
Source: GitHub Advisory Database
Published: about 1 month ago
Critical
GSA_kwCzR0hTQS00dzJqLTJyZzQtNW1qd84AAweA
vm2 vulnerable to Arbitrary Code Execution
Ecosystems: npm
Packages: vm2
Source: GitHub Advisory Database
Published: about 1 month ago
Critical
GSA_kwCzR0hTQS1yYzU4LXFyOWotY3Bnd84AAwbo
Apache Airflow Hive Provider vulnerable to Command Injection
Ecosystems: pypi
Packages: apache-airflow-providers-apache-hive
Source: GitHub Advisory Database
Published: about 1 month ago
Critical
GSA_kwCzR0hTQS0zM3ZoLTd4OHEtbWczNc4AAwbl
safe-eval vulnerable to Prototype Pollution
Ecosystems: npm
Packages: safe-eval
Source: GitHub Advisory Database
Published: about 1 month ago
Critical
GSA_kwCzR0hTQS0zZmhqLXdwdmoteDV3OM4AAwaM
laravel-jqgrid vulnerable to SQL Injection
Ecosystems: packagist
Packages: mgallegos/laravel-jqgrid
Source: GitHub Advisory Database
Published: about 1 month ago
Critical
GSA_kwCzR0hTQS05N2p2LWMzNDItNXhoY84AAwaR
FurqanSoftware/node-whois vulnerable to Prototype Pollution
Ecosystems: npm
Packages: whois
Source: GitHub Advisory Database
Published: about 1 month ago
Critical
GSA_kwCzR0hTQS1nM3djLXh2OTMtNDQ1cc4AAwZM
DNS NuGet package uses insufficiently random values
Ecosystems: nuget
Packages: DNS
Source: GitHub Advisory Database
Published: about 1 month ago
Critical
GSA_kwCzR0hTQS1wbWcyLXJwaDgtcDhyNs4AAwYe
Alist vulnerable to Path Traversal
Ecosystems: go
Packages: github.com/alist-org/alist/v3
Source: GitHub Advisory Database
Published: about 1 month ago
Critical
GSA_kwCzR0hTQS1odzQ2LXZnNnctODhmas4AAwXM
replicator vulnerable to Deserialization of Untrusted Data
Ecosystems: npm
Packages: replicator
Source: GitHub Advisory Database
Published: about 1 month ago
Critical
GSA_kwCzR0hTQS1wNDk1LWp4aDItd3JmZ84AAwYT
npm package rfc6902 vulnerable to Prototype Pollution
Ecosystems: npm
Packages: rfc6902
Source: GitHub Advisory Database
Published: about 1 month ago
Critical
GSA_kwCzR0hTQS0yYzd2LXFjanAtNG1nMs4AAwWz
.NET Remote Code Execution Vulnerability
Ecosystems: nuget
Packages: Microsoft.WindowsDesktop.App.Runtime.win-x64, Microsoft.WindowsDesktop.App.Runtime.win-x86, Microsoft.WindowsDesktop.App.Runtime.win-arm64
Source: GitHub Advisory Database
Published: about 2 months ago
Critical
GSA_kwCzR0hTQS01M21tLWh4MzItNjQ3Nc4AAwWZ
TYPO3 vulnerable to Insufficient Session Expiration
Ecosystems: packagist
Packages: typo3/cms
Source: GitHub Advisory Database
Published: about 2 months ago
Critical
GSA_kwCzR0hTQS1jbXdtLTQ1bWotbXBnM84AAwV0
SCIFIO vulnerable to Path Traversal
Ecosystems: maven
Packages: io.scif:scifio
Source: GitHub Advisory Database
Published: about 2 months ago
Critical
GSA_kwCzR0hTQS1nOHE4LWZnZ3gtOXIzcc4AAwUa
Keycloak vulnerable to path traversal via double URL encoding
Ecosystems: maven
Packages: org.keycloak:keycloak-parent
Source: GitHub Advisory Database
Published: about 2 months ago
Critical
GSA_kwCzR0hTQS14M3gzLXF3anEtOGdqNM4AAwSr
Apache CXF Server-Side Request Forgery vulnerability
Ecosystems: maven
Packages: org.apache.cxf:cxf-core
Source: GitHub Advisory Database
Published: about 2 months ago
Critical
GSA_kwCzR0hTQS1nNTk0LTU1bXAtZjZxOM4AAwRe
Improper Privilege Management in rdiffweb
Ecosystems: pypi
Packages: rdiffweb
Source: GitHub Advisory Database
Published: about 2 months ago
Critical
GSA_kwCzR0hTQS1oYzVnLXhmNjQtajQ5as4AAwOq
Mingsoft MCMS vulnerable to SQL Injection
Ecosystems: maven
Packages: net.mingsoft:ms-mcms
Source: GitHub Advisory Database
Published: about 2 months ago
Critical
GSA_kwCzR0hTQS0yaHZjLWh3ZzMtaHB2d84AAwMf
PaddlePaddle Out-of-bounds Read vulnerability
Ecosystems: pypi
Packages: paddlepaddle
Source: GitHub Advisory Database
Published: about 2 months ago
Critical
GSA_kwCzR0hTQS1nY2pmLTI5bTktODg4cc4AAwMe
PaddlePaddle vulnerable to Code Injection
Ecosystems: pypi
Packages: PaddlePaddle
Source: GitHub Advisory Database
Published: about 2 months ago
Critical
GSA_kwCzR0hTQS1tOHh3LTl4NXgtNnZoM84AAwLr
py7zr directory traversal vulnerability
Ecosystems: pypi
Packages: py7zr
Source: GitHub Advisory Database
Published: about 2 months ago
Critical
GSA_kwCzR0hTQS1yZjNnLXY4cDUtcDY3Nc4AAwJ4
NodeBB vulnerable to account takeover via prototype vulnerability
Ecosystems: npm
Packages: nodebb
Source: GitHub Advisory Database
Published: about 2 months ago
Critical
GSA_kwCzR0hTQS13NjZqLXhjN3ItbTJqds4AAwJR
camel-ldap component allows LDAP Injection when using the filter option
Ecosystems: maven
Packages: org.apache.camel:camel-ldap
Source: GitHub Advisory Database
Published: about 2 months ago
Critical
GSA_kwCzR0hTQS1tOHI1LTd3ZjQtNjNtd84AAwI7
Nadesiko3 OS Command Injection vulnerability
Ecosystems: npm
Packages: nadesiko3
Source: GitHub Advisory Database
Published: about 2 months ago
Critical
GSA_kwCzR0hTQS03MjQ5LTh4MjItNHJnNM4AAwI3
nadesiko3 vulnerable to OS Command Injection
Ecosystems: npm
Packages: nadesiko3
Source: GitHub Advisory Database
Published: about 2 months ago
Critical
GSA_kwCzR0hTQS12YzM5LXg3dzYtNnZqN84AAwG6
Apache Tapestry allows deserialization of untrusted data
Ecosystems: maven
Packages: org.apache.tapestry:tapestry-core
Source: GitHub Advisory Database
Published: about 2 months ago
Critical
GSA_kwCzR0hTQS02NWhqLTlwcHctNzd4Y84AAwGQ
ff4j is vulnerable to Remote Code Execution (RCE)
Ecosystems: maven
Packages: org.ff4j:ff4j-core
Source: GitHub Advisory Database
Published: about 2 months ago
Critical
GSA_kwCzR0hTQS00cDM4LXJjOTgtY3IzOc4AAwF7
Zenario CMS is vulnerable to Remote Code Execution (RCE).
Ecosystems: packagist
Packages: tribalsystems/zenario
Source: GitHub Advisory Database
Published: about 2 months ago
Critical
GSA_kwCzR0hTQS1qMmpwLXd2cWctd2MyZ84AAwFN
crewjam/saml vulnerable to signature bypass via multiple Assertion elements due to improper authentication
Ecosystems: go
Packages: github.com/crewjam/saml
Source: GitHub Advisory Database
Published: 2 months ago
Critical
GSA_kwCzR0hTQS1jdmg0LWNqYzktODRxbc4AAwFH
owncast is vulnerable to SQL Injection
Ecosystems: go
Packages: github.com/owncast/owncast
Source: GitHub Advisory Database
Published: 2 months ago
Critical
GSA_kwCzR0hTQS0yMnZjLTVwZ3ctNjQ0cc4AAwDN
KubeView vulnerable to full cluster takeover due to improper authentication
Ecosystems: go
Packages: github.com/benc-uk/kubeview
Source: GitHub Advisory Database
Published: 2 months ago
Critical
GSA_kwCzR0hTQS00N2ZjLXZtd3EtMzY2ds4AAwDK
PyTorch vulnerable to arbitrary code execution
Ecosystems: pypi
Packages: torch
Source: GitHub Advisory Database
Published: 2 months ago
Critical
GSA_kwCzR0hTQS04M2c3LThmY2gtcDM3bc4AAwDL
PaddlePaddle vulnerable to code injection via winstr
Ecosystems: pypi
Packages: paddlepaddle
Source: GitHub Advisory Database
Published: 2 months ago
Critical
GSA_kwCzR0hTQS00ajJ4LXYzbXItNDY3bc4AAwCt
Jeecg-boot vulnerable to SQL injection via updateNullByEmptyString
Ecosystems: maven
Packages: org.jeecgframework.boot:jeecg-boot-common
Source: GitHub Advisory Database
Published: 2 months ago
Critical
GSA_kwCzR0hTQS1nMzg5LXJmNXAtZmc1Ns4AAwCr
Badaso vulnerable to Remote Code Execution (RCE)
Ecosystems: packagist
Packages: badaso/core
Source: GitHub Advisory Database
Published: 2 months ago
Critical
GSA_kwCzR0hTQS1jbTdmLWhmMmctZ2hycM4AAwCw
PyroCMS vulnerable to stored Cross Site Scripting
Ecosystems: packagist
Packages: pyrocms/pyrocms
Source: GitHub Advisory Database
Published: 2 months ago
Critical
GSA_kwCzR0hTQS1nNWNqLTVoNTgtajkzd84AAwC4
Jeecg-boot vulnerable to SQL Injection
Ecosystems: maven
Packages: org.jeecgframework.boot:jeecg-boot-common
Source: GitHub Advisory Database
Published: 2 months ago
Critical
GSA_kwCzR0hTQS05OTVmLTl4NXItMnJjas4AAwCZ
Heap buffer overflow in GPU
Ecosystems: npm
Packages: electron
Source: GitHub Advisory Database
Published: 2 months ago
Critical
GSA_kwCzR0hTQS1ncjU4LTc2cnAtbW1nNM4AAwCL
wger vulnerable to brute force attempts
Ecosystems: pypi
Packages: wger
Source: GitHub Advisory Database
Published: 2 months ago
Critical
GSA_kwCzR0hTQS13cWc3LW14NnAtMnJ3M84AAwBL
Command injection in Apache DolphinScheduler Alert Plugins
Ecosystems: maven
Packages: org.apache.dolphinscheduler:dolphinscheduler-alert-plugins
Source: GitHub Advisory Database
Published: 2 months ago
Filter by Package
com.fasterxml.jackson.core:jackson-databind 23 org.jenkins-ci.main:jenkins-core 16 net.mingsoft:ms-mcms 14 org.apache.dubbo:dubbo 10 org.apache.struts:struts2-core 9 rdiffweb 8 apache-airflow 7 tensorflow 7 rusqlite 7 shopware/platform 6 topthink/framework 6 gogs.io/gogs 6 Pillow 6 tensorflow-cpu 6 tensorflow-gpu 6 aaptjs 6 sequelize 5 steal 5 org.apache.shiro:shiro-core 5 symfony/symfony 4 dolibarr/dolibarr 4 org.apache.tapestry:tapestry-core 4 safer-eval 4 github.com/hashicorp/vault 4 org.eclipse.jetty:jetty-server 4 nodebb 4 swagger-ui 4 calibreweb 4 org.apache.activemq:activemq-client 4 hermes-engine 4 org.jeecgframework.boot:jeecg-boot-base-core 4 shopware/core 4 github.com/argoproj/argo-cd 4 org.jenkins-ci.plugins:script-security 4 ezsystems/ezpublish-kernel 4 django 4 vm2 4 realms-shim 4 messagepack-rs 4 spree_auth_devise 4 smallvec 4 log4j:log4j 3 slp-validate 3 org.apache.solr:solr-core 3 dns-sync 3 tribalsystems/zenario 3 org.richfaces:richfaces-core 3 ezsystems/ezplatform-kernel 3 parse-server 3 org.apache.jmeter:ApacheJMeter 3 ckb 3 org.springframework.security:spring-security-core 3 org.apache.nifi:nifi 3 feathers-sequelize 3 org.jenkins-ci.plugins.workflow:workflow-cps 3 io.dataease:dataease-plugin-common 3 github.com/dexidp/dex 3 org.jenkins-ci.plugins:active-directory 3 code.gitea.io/gitea 3 @openzeppelin/contracts-upgradeable 3 nvflare 3 publify_core 3 francoisjacquet/rosariosis 3 slpjs 3 jsrsasign 3 moodle/moodle 3 openssl-src 3 xcb 3 impresscms/impresscms 3 ibexa/core 3 strapi 3 org.apache.ignite:ignite-core 3 handlebars 3 com.alibaba:dubbo 3 org.jeecgframework.boot:jeecg-boot-base 3 prestashop/prestashop 3 edu.stanford.nlp:stanford-corenlp 3 actix-web 3 safe-eval 3 org.apache.ozone:ozone-main 3 org.apache.logging.log4j:log4j-core 3 github.com/usememos/memos 3 org.apache.any23:apache-any23 3 id-map 3 org.apache.hadoop:hadoop-common 3 org.apache.solr:solr-parent 3 phpmailer/phpmailer 3 Django 3 pagekit/pagekit 2 com.thoughtworks.xstream:xstream 2 org.apache.dubbo:dubbo-parent 2 nadesiko3 2 org.apache.commons:commons-configuration2 2 org.apache.kylin:kylin-server-base 2 org.keycloak:keycloak-core 2 verot/class.upload.php 2 io.undertow:undertow-core 2 io.vertx:vertx-web 2 org.apache.ranger:ranger 2 org.apache.tomcat.embed:tomcat-embed-core 2 rubyzip 2 org.apache.openmeetings:openmeetings-parent 2 badaso/core 2 paddlepaddle 2 set-in 2 org.jeecgframework.boot:jeecg-boot-common 2 Simple-Wayland-HotKey-Daemon 2 net.opentsdb:opentsdb 2 waitress 2 org.odata4j:odata4j-parent 2 mautic/core 2 librenms/librenms 2 com.cronutils:cron-utils 2 org.odata4j:odata4j-dist 2 org.odata4j:odata4j-core 2 ezsystems/ezplatform-admin-ui 2 ibexa/admin-ui 2 github.com/rancher/rancher 2 centreon/centreon 2 @keystone-6/core 2 openmage/magento-lts 2 github.com/go-gitea/gitea 2 json-serializer 2 yeoman-genrator 2 flatbuffers 2 ansible 2 flatmap-stream 2 eslint-config-eslint 2 org.apache.dolphinscheduler:dolphinscheduler 2 parse-url 2 com.jflyfox:jflyfox_jfinal 2 feehi/cms 2 traitobject 2 @openzeppelin/contracts 2 ro.pippo:pippo-core 2 gerapy 2 net.bull.javamelody:javamelody-core 2 mathjs 2 github.com/beego/beego 2 thorsten/phpmyfaq 2 rest-client 2 nokogiri 2 org.springframework.amqp:spring-amqp 2 pillow 2 org.apache.tomcat:tomcat 2 pdfkit 2 github.com/argoproj/argo-cd/v2 2 giting 2 org.springframework.security.oauth:spring-security-oauth2 2 ctx 2 org.springframework:spring-core 2 facturascripts/facturascripts 2 ejs 2 com.hazelcast:hazelcast 2 deno 2 pyyaml 2 Twisted 2 quokka 2 python-keystoneclient 2 libnested 2 showdoc/showdoc 2 github.com/git-lfs/git-lfs 2 github.com/nats-io/nats-server/v2 2 com.h2database:h2 2 org.apache.shenyu:shenyu-common 2 org.neo4j.procedure:apoc 2 org.apache.cxf:cxf 2 acc_reader 2 AjaxNetProfessional 2 xmldom 2 @xmldom/xmldom 2 org.apache.storm:storm 2 shell-quote 2 activerecord 2 github.com/fluxcd/flux2 2 github.com/fluxcd/kustomize-controller 2 slice-deque 2 ozone 2 arr 2 locutus 2 org.codehaus.groovy:groovy 2 tenvoy 2 flarum/core 2 github.com/russellhaering/gosaml2 2 stack_dst 2 bestzip 2 org.apache.shiro:shiro-spring 2 laravel/laravel 2 async-git 2 nukeviet/nukeviet 2 facade/ignition 2 total.js 2 org.apache.cassandra:cassandra-all 2 failure 2 dragonfly 2 parsel 2 rand_core 2 dompurify 2 doorkeeper 1 espeak-ruby 1 internment 1 festivaltts4r 1 js-yaml 1 kelredd-pruview 1 cremefraiche 1 js-extend 1 @ronomon/opened 1 net.sf.robocode:robocode.api 1 set-getter 1 adplug 1 underscore 1 org.apache.maven:maven 1 growl 1 git-fastclone 1 https-proxy-agent 1 flintcms 1 macaddress 1 msrcrypto 1 cryptiles 1 dojox 1 linked-hash-map 1 DotNetNuke.Core 1 com.ctrip.framework.apollo:apollo 1 org.thymeleaf:thymeleaf-spring5 1 smart_proxy_dynflow 1 onionshare-cli 1 uglify-js 1 org.apache.sshd:sshd-common 1 nuance-gulp-build-common 1 msgpack 1 apostrophe 1 redis-store 1 org.neo4j:neo4j-enterprise 1 algoliasearch-helper 1 org.powernukkit:powernukkit 1 com.orientechnologies:orientdb-core 1 com.fasterxml.jackson.dataformat:jackson-dataformat-xml 1 org.apache.qpid:qpid-broker 1 org.apache.directory.api:apache-ldap-api 1 crypto2 1 org.eclipse.rdf4j:rdf4j-runtime 1 drupal/drupal 1 bassmaster 1 merge-options 1 mysql-binuuid-rails 1 apex-publish-static-files 1 jwt-simple 1 com.alibaba:fastjson 1 serialize-to-js 1 org.apache.hive:hive-jdbc 1 crud-file-server 1 jsonwebtoken 1 blueimp-file-upload 1 org.esigate:esigate-core 1 org.apache.hadoop:hadoop-main 1 org.hyperledger.besu:evm 1 com.mchange:c3p0 1 Haraka 1 @soketi/soketi 1 console-io 1 com.alipay.sofa:hessian 1 github.com/benc-uk/kubeview 1 org.apache.bcel:bcel 1 Auth0-WCF-Service-JWT 1 command-exists 1 express-cart 1 ruby-openid 1 bson 1 org.apache.sling:org.apache.sling.xss 1 deep-extend 1 io.hawt:hawtio-core 1 slanger 1 paranoid2 1 typo3/cms 1 marginalia 1 aubio 1 org.ethereum:ethereumj-core 1 datagrid 1 simple_captcha2 1 org.apache.storm:storm-kafka 1 org.apache.storm:storm-kafka-client 1 mitogen 1 eslint-utils 1 set-value 1 open 1 deeply 1 gitlabhook 1 silverstripe/framework 1 silverstripe/cms 1 generator-jhipster 1 org.apache.karaf:apache-karaf 1 ses 1 magento/community-edition 1 knex 1 usmanhalalit/pixie 1 symfony/cache 1 lodash-es 1 lodash-amd 1 lodash.template 1 lodash.merge 1