Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Critical Security Advisories

Browse all Security Advisories for Critical

Loading...
Critical
GSA_kwCzR0hTQS1tMjZjLWZjZ2gtY3A2aM4ABBeO
cobbler allows anyone to connect to cobbler XML-RPC server with known password and make changes
Ecosystems: pypi
Packages: cobbler
Source: GitHub Advisory Database
Blast Radius: 10.2
Published: 2 days ago
Critical
GSA_kwCzR0hTQS14Y3ByLTdtcjQtaDR4cc4ABBdD
Apache Tomcat - Authentication Bypass
Ecosystems: maven
Packages: org.apache.tomcat:tomcat-catalina
Source: GitHub Advisory Database
Blast Radius: 36.7
Published: 3 days ago
Critical
GSA_kwCzR0hTQS14NjQ1LTZwZjkteHd4d84ABBZK
LibreNMS has an Authenticated OS Command Injection
Ecosystems: packagist
Packages: librenms/librenms
Source: GitHub Advisory Database
Blast Radius: 2.7
Published: 6 days ago
Critical
GSA_kwCzR0hTQS01NzdwLTdqN2gtMmpnZs4ABBYY
Deserialization of Untrusted Data in dompdf/dompdf
Ecosystems: packagist
Packages: dompdf/dompdf
Source: GitHub Advisory Database
Blast Radius: 42.6
Published: 6 days ago
Critical
GSA_kwCzR0hTQS0zdmpoLXhyaGYtdjl4aM4ABBYa
Improper Restriction of XML External Entity Reference in dompdf/dompdf
Ecosystems: packagist
Packages: dompdf/dompdf
Source: GitHub Advisory Database
Blast Radius: 42.6
Published: 6 days ago
Critical
GSA_kwCzR0hTQS12N3ZmLWY1cTYtbTg5Oc4ABBRV
.NET Remote Code Execution Vulnerability
Ecosystems: nuget
Packages: System.Formats.Nrbf
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 8 days ago
Critical
GSA_kwCzR0hTQS04OGg1LTZ3N20tNXc1Ns4ABBDz
jj vulnerable to path traversal via crafted Git repositories
Ecosystems: cargo
Packages: jj-lib
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 14 days ago
Critical
GSA_kwCzR0hTQS1mcG01LTJ3Y2otdmZyN84ABBBr
codechecker authentication method confusion vulnerability allows logging in as the built-in root user from an external service
Ecosystems: pypi
Packages: codechecker
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 15 days ago
Critical
GSA_kwCzR0hTQS1mM2Y4LXZ4M3ctaHA1cc4ABBBq
codechecker vulnerable to authentication bypass when using specifically crafted URLs
Ecosystems: pypi
Packages: codechecker
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 15 days ago
Critical
GSA_kwCzR0hTQS05Nmc3LWc3Zzktanh3OM4ABBBh
happy-dom allows for server side code to be executed by a <script> tag
Ecosystems: npm
Packages: happy-dom
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 15 days ago
Critical
GSA_kwCzR0hTQS13dnY3LXdtNXYtdzJnds4ABA-U
Osmedeus Web Server Vulnerable to Stored XSS, Leading to RCE
Ecosystems: go
Packages: github.com/j3ssie/osmedeus
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 16 days ago
Critical
GSA_kwCzR0hTQS0zaHhnLWZ4d20tOGdmN84ABA9E
CRLF injection in Refit's [Header], [HeaderCollection] and [Authorize] attributes
Ecosystems: nuget
Packages: Refit
Source: GitHub Advisory Database
Blast Radius: 23.7
Published: 16 days ago
Critical
GSA_kwCzR0hTQS1wM3ZmLXY4cWMtY3djcs4ABA13
DOMPurify vulnerable to tampering by prototype polution
Ecosystems: npm
Packages: dompurify
Source: GitHub Advisory Database
Blast Radius: 43.3
Published: 21 days ago
Critical
GSA_kwCzR0hTQS1tamp3LTU1M3gtODdwcc4ABAzA
NVIDIA Container Toolkit contains a Time-of-check Time-of-Use (TOCTOU) vulnerability
Ecosystems: go
Packages: github.com/NVIDIA/nvidia-container-toolkit
Source: GitHub Advisory Database
Blast Radius: 10.7
Published: 22 days ago
Critical
GSA_kwCzR0hTQS05Mjk4LTRjZjgtZzR3as4ABAxr
Waitress has request processing race condition in HTTP pipelining with invalid first request
Ecosystems: pypi
Packages: waitress
Source: GitHub Advisory Database
Blast Radius: 40.0
Published: 23 days ago
Critical
GSA_kwCzR0hTQS1jNHE1LTZjODItM3Fwd84ABAtL
Spring Security vulnerable to Authorization Bypass of Static Resources in WebFlux Applications
Ecosystems: maven
Packages: org.springframework.security:spring-security-web
Source: GitHub Advisory Database
Blast Radius: 43.7
Published: 24 days ago
Critical
GSA_kwCzR0hTQS03aDY1LTRwMjItMzlqNs4ABArB
github.com/crossplane/crossplane: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses
Ecosystems: go
Packages: github.com/crossplane/crossplane
Source: GitHub Advisory Database
Blast Radius: 13.5
Published: 26 days ago
Critical
GSA_kwCzR0hTQS14N3hqLWp2d3AtOTdyds4ABArA
RKE2 allows privilege escalation in Windows nodes due to Insecure Access Control Lists
Ecosystems: go
Packages: github.com/rancher/rke2
Source: GitHub Advisory Database
Blast Radius: 9.8
Published: 26 days ago
Critical
GSA_kwCzR0hTQS1oOTltLTY3NTUtcmd3Y84ABAq_
Rancher Remote Code Execution via Cluster/Node Drivers
Ecosystems: go
Packages: github.com/rancher/rancher
Source: GitHub Advisory Database
Blast Radius: 14.6
Published: 26 days ago
Critical
GSA_kwCzR0hTQS03aDhtLXB2dzMtNWdoNM4ABAq9
Rancher allows privilege escalation in Windows nodes due to Insecure Access Control Lists
Ecosystems: go
Packages: github.com/rancher/rancher
Source: GitHub Advisory Database
Blast Radius: 14.6
Published: 26 days ago
Critical
GSA_kwCzR0hTQS0zcDh2LXc4bXItbTN4OM4ABAoI
Butterfly has path/URL confusion in resource handling leading to multiple weaknesses
Ecosystems: maven
Packages: org.openrefine.dependencies:butterfly
Source: GitHub Advisory Database
Blast Radius: 15.5
Published: 28 days ago
Critical
GSA_kwCzR0hTQS1xOTltLXFjdjQtZnBtN84ABAao
Grafana Command Injection And Local File Inclusion Via Sql Expressions
Ecosystems: go
Packages: github.com/grafana/grafana
Source: GitHub Advisory Database
Blast Radius: 17.0
Published: about 1 month ago
Critical
GSA_kwCzR0hTQS1tanZmLTRoODgtNnhtM84ABAUj
Improper Authentication vulnerability in Apache Solr
Ecosystems: maven
Packages: org.apache.solr:solr
Source: GitHub Advisory Database
Blast Radius: 23.7
Published: about 1 month ago
Critical
GSA_kwCzR0hTQS05MjI0LWdndnctd2g3ds4ABATP
VM images built with Image Builder and Proxmox provider use default credentials in github.com/kubernetes-sigs/image-builder
Ecosystems: go
Packages: github.com/kubernetes-sigs/image-builder
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 month ago
Critical
GSA_kwCzR0hTQS00cjd2LXdocGctOHJ4M84ABARe
changedetection.io has a Server Side Template Injection using Jinja2 which allows Remote Command Execution
Ecosystems: pypi
Packages: changedetection.io
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 month ago
Critical
GSA_kwCzR0hTQS1yOW1xLTNjOXItZm1qcc4ABARd
Vendure asset server plugin has local file read vulnerability with AssetServerPlugin & LocalAssetStorageStrategy
Ecosystems: npm
Packages: @vendure/asset-server-plugin
Source: GitHub Advisory Database
Blast Radius: 16.4
Published: about 1 month ago
Critical
GSA_kwCzR0hTQS03Nm13LTZwOTUteDl4Nc4ABAOn
pac4j-core affected by a Java deserialization vulnerability
Ecosystems: maven
Packages: org.pac4j:pac4j-core
Source: GitHub Advisory Database
Blast Radius: 25.1
Published: about 1 month ago
Critical
GSA_kwCzR0hTQS12Z3hxLTZyY2YtcXdyd84ABANd
angular-base64-upload vulnerable to unauthenticated remote code execution
Ecosystems: npm
Packages: angular-base64-upload
Source: GitHub Advisory Database
Blast Radius: 19.7
Published: about 1 month ago
Critical
GSA_kwCzR0hTQS1qMmhyLXE5M3gtZ3h2aM4ABANS
SSOReady has an XML Signature Bypass via differential XML parsing
Ecosystems: go
Packages: github.com/ssoready/ssoready
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 month ago
Critical
GSA_kwCzR0hTQS1wcHBnLWNwZnEtaDd3cs4ABAM3
JSONPath Plus Remote Code Execution (RCE) Vulnerability
Ecosystems: maven, npm
Packages: org.webjars.npm:jsonpath-plus, jsonpath-plus
Source: GitHub Advisory Database
Blast Radius: 42.8
Published: about 1 month ago
Critical
GSA_kwCzR0hTQS1yN3BnLXYyYzgtbWZnM84AA_7r
Apache Avro Java SDK: Arbitrary Code Execution when reading Avro Data (Java SDK)
Ecosystems: maven
Packages: org.apache.avro:avro
Source: GitHub Advisory Database
Blast Radius: 41.2
Published: about 2 months ago
Critical
GSA_kwCzR0hTQS00OWh4LTltbTItNzY3Nc4AA_6x
Jenkins OpenId Connect Authentication Plugin lacks audience claim validation
Ecosystems: maven
Packages: org.jenkins-ci.plugins:oic-auth
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 months ago
Critical
GSA_kwCzR0hTQS04cGp3LWZmZjYtM21qds4AA_62
Jenkins OpenId Connect Authentication Plugin lacks issuer claim validation
Ecosystems: maven
Packages: org.jenkins-ci.plugins:oic-auth
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 months ago
Critical
GSA_kwCzR0hTQS05aDlxLXFoeGctODl4cs4AA_2Z
Filament has unvalidated ColorColumn and ColorEntry values that can be used for Cross-site Scripting
Ecosystems: packagist
Packages: filament/infolists, filament/tables
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
Critical
GSA_kwCzR0hTQS1tcGNoLTg5Z20taG04M84AA_zD
Agnai vulnerable to Remote Code Execution via JS Upload using Directory Traversal
Ecosystems: npm
Packages: agnai
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 months ago
Critical
GSA_kwCzR0hTQS1tODQyLTRxbTgtN2dwcc4AA_yD
Gradio allows users to access arbitrary files
Ecosystems: pypi
Packages: gradio
Source: GitHub Advisory Database
Blast Radius: 33.0
Published: about 2 months ago
Critical
GSA_kwCzR0hTQS05OGhmLW04N3ctY3E2aM4AA_wD
Mellium allows Authentication Bypass by Spoofing
Ecosystems: go
Packages: mellium.im/xmpp
Source: GitHub Advisory Database
Blast Radius: 10.9
Published: about 2 months ago
Critical
GSA_kwCzR0hTQS1oN21qLW03MmgtcW04d84AA_uk
DataEase's H2 datasource has a remote command execution risk
Ecosystems: maven
Packages: io.dataease:common
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 months ago
Critical
GSA_kwCzR0hTQS01OHZqLWN2NXctdjR2Ns4AA_tD
Navidrome has Multiple SQL Injections and ORM Leak
Ecosystems: go
Packages: github.com/navidrome/navidrome
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 months ago
Critical
GSA_kwCzR0hTQS02MmM4LW1oNTMtNGNxds4AA_sN
HTTP client can manipulate custom HTTP headers that are added by Traefik
Ecosystems: go
Packages: github.com/traefik/traefik, github.com/traefik/traefik/v2, github.com/traefik/traefik/v3
Source: GitHub Advisory Database
Blast Radius: 12.9
Published: 2 months ago
Critical
GSA_kwCzR0hTQS1ocGM4LTd3cG0tODg5d84AA_sM
Dragonfly2 has hard coded cyptographic key
Ecosystems: go
Packages: d7y.io/dragonfly/v2
Source: GitHub Advisory Database
Blast Radius: 3.0
Published: 2 months ago
Critical
GSA_kwCzR0hTQS14eHh3LTNqNmgtcTdoNs4AA_sL
Grafana plugin SDK Information Leakage
Ecosystems: go
Packages: github.com/grafana/grafana-plugin-sdk-go
Source: GitHub Advisory Database
Blast Radius: 15.9
Published: 2 months ago
Critical
GSA_kwCzR0hTQS1wMnFqLXI1M2otaDN4as4AA_sB
LangChain Experimental Eval Injection vulnerability
Ecosystems: pypi
Packages: langchain-experimental
Source: GitHub Advisory Database
Blast Radius: 22.7
Published: 2 months ago
Critical
GSA_kwCzR0hTQS03MjNoLXgzN2ctZjhxbc4AA_rL
Chaosblade vulnerable to OS command execution
Ecosystems: go
Packages: github.com/chaosblade-io/chaosblade
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 months ago
Critical
GSA_kwCzR0hTQS0yZ2g2LXdjM20tZzM3Zs4AA_m6
hermes-management is vulnerable to RCE due to Apache commons-jxpath
Ecosystems: maven
Packages: pl.allegro.tech.hermes:hermes-management
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 2 months ago
Critical
GSA_kwCzR0hTQS0zeHEyLXc2ajQtYzk5cs4AA_jU
Apache Seata Deserialization of Untrusted Data vulnerability
Ecosystems: maven
Packages: org.apache.seata:seata-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 2 months ago
Critical
GSA_kwCzR0hTQS1jdnA4LTVyOGctZmh2cc4AA_eZ
omniauth-saml vulnerable to Improper Verification of Cryptographic Signature
Ecosystems: rubygems
Packages: omniauth-saml
Source: GitHub Advisory Database
Blast Radius: 32.8
Published: 2 months ago
Critical
GSA_kwCzR0hTQS1nODRxLTU0aGYtMzZyZ84AA_da
AutoGPT bypass of the shell commands denylist settings
Ecosystems: pypi
Packages: agpt
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 2 months ago
Critical
GSA_kwCzR0hTQS1qdzljLW1mZzctOXJ4Ms4AA_cX
SAML authentication bypass via Incorrect XPath selector
Ecosystems: rubygems
Packages: ruby-saml
Source: GitHub Advisory Database
Blast Radius: 33.6
Published: 2 months ago
Critical
GSA_kwCzR0hTQS1mNHdoLTM1OWctNHBxN84AA_Yu
ThinkPHP deserialization vulnerability
Ecosystems: packagist
Packages: topthink/framework
Source: GitHub Advisory Database
Blast Radius: 34.4
Published: 2 months ago
Critical
GSA_kwCzR0hTQS1yOXBwLXI0eGYtNTk3cs4AA_YT
pyload-ng vulnerable to RCE with js2py sandbox escape
Ecosystems: pypi
Packages: pyload-ng
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 months ago
Critical
GSA_kwCzR0hTQS1meGMyLThtNjItbTg1eM4AA-45
LlamaIndex includes an exec call for `import {cls_name}`
Ecosystems: pypi
Packages: llama-index-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 months ago
Critical
GSA_kwCzR0hTQS1xeHFjLTI3cHItd2djOM4AA-4Y
GoAuthentik vulnerable to Insufficient Authorization for several API endpoints
Ecosystems: go
Packages: goauthentik.io
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 months ago
Critical
GSA_kwCzR0hTQS0yZm02LW12NTctcDJxaM4AA-yo
Apache Dolphinscheduler Code Injection vulnerability
Ecosystems: maven
Packages: org.apache.dolphinscheduler:dolphinscheduler-task-api
Source: GitHub Advisory Database
Blast Radius: 17.8
Published: 3 months ago
Critical
GSA_kwCzR0hTQS1mOTYzLTRjcTgtMmd3N84AA-yB
In XWiki Platform, payloads stored in content is executed when a user with script/programming right edit them
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-web-templates
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 months ago
Critical
GSA_kwCzR0hTQS13Y2c5LXBncXYteG01ds4AA-yA
XWiki Platform allows XSS through XClass name in string properties
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-oldcore
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 months ago
Critical
GSA_kwCzR0hTQS03NWpmLTUyamctcXFoNM4AA-se
SQL injection in github.com/stashapp/stash
Ecosystems: go
Packages: github.com/stashapp/stash
Source: GitHub Advisory Database
Blast Radius: 4.3
Published: 3 months ago
Critical
GSA_kwCzR0hTQS1xdjMyLTV3bTItcDMyaM4AA-nr
Command Injection in sequenceserver
Ecosystems: rubygems
Packages: sequenceserver
Source: GitHub Advisory Database
Blast Radius: 9.8
Published: 3 months ago
Critical
GSA_kwCzR0hTQS02cjRqLTRyamMtOHZ3Nc4AA-jJ
RBAC Roles for `etcd` created by Kamaji are not disjunct
Ecosystems: go
Packages: github.com/clastix/kamaji
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
Critical
GSA_kwCzR0hTQS1wNzM0LXhnMjctOGNmcc4AA-hH
Prototype pollution in izatop bunt
Ecosystems: npm
Packages: @bunt/app
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
Critical
GSA_kwCzR0hTQS1mNzI5LTU4eDQtZ3FnZs4AA-gh
CometVisu Backend for openHAB affected by RCE through path traversal
Ecosystems: maven
Packages: org.openhab.ui.bundles:org.openhab.ui.cometvisu
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 months ago
Critical
GSA_kwCzR0hTQS1wdjRwLWN3d2ctNHJwaM4AA-c1
Django SQL injection vulnerability
Ecosystems: pypi
Packages: Django
Source: GitHub Advisory Database
Blast Radius: 46.0
Published: 4 months ago
Critical
GSA_kwCzR0hTQS00aDRwLTU1M20tNDZxaM4AA-Zk
Gitea Cross-site Scripting Vulnerability
Ecosystems: go
Packages: code.gitea.io/gitea
Source: GitHub Advisory Database
Blast Radius: 15.5
Published: 4 months ago
Critical
GSA_kwCzR0hTQS05MnZjLTRmY3ctZzY4cc4AA-ZD
CasaOS Command Injection vulnerability
Ecosystems: go
Packages: github.com/IceWhaleTech/CasaOS
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 months ago
Critical
GSA_kwCzR0hTQS0zam1tLWY2amotcmNjM84AA-ZC
rudder-server is vulnerable to SQL injection
Ecosystems: go
Packages: github.com/rudderlabs/rudder-server
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 months ago
Critical
GSA_kwCzR0hTQS1xZjNxLTlmM2gtY2pwOc4AA-Ys
NextChat has full-read SSRF and XSS vulnerability in /api/cors endpoint
Ecosystems: npm
Packages: nextchat
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 4 months ago
Critical
GSA_kwCzR0hTQS1mOTg0LTN3eDgtZ3JwOc4AA-Yn
XXL-RPC Deserialization of Untrusted Data vulnerability
Ecosystems: maven
Packages: com.xuxueli:xxl-rpc-core
Source: GitHub Advisory Database
Blast Radius: 20.3
Published: 4 months ago
Critical
GSA_kwCzR0hTQS00aHZjLXF3cjItZjhyds4AA-Yl
Redisson vulnerable to Deserialization of Untrusted Data
Ecosystems: maven
Packages: org.redisson:redisson
Source: GitHub Advisory Database
Blast Radius: 35.9
Published: 4 months ago
Critical
GSA_kwCzR0hTQS12Nzg0LWZqamgtZjhyNM4AA-Ye
Nuxt vulnerable to remote code execution via the browser when running the test locally
Ecosystems: npm
Packages: nuxt
Source: GitHub Advisory Database
Blast Radius: 42.7
Published: 4 months ago
Critical
GSA_kwCzR0hTQS1xMjJxLTJycmYtbTI3cM4AA-UU
Mattermost allows unsolicited invites to expose access to local channels
Ecosystems: go
Packages: github.com/mattermost/mattermost/server/v8
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 months ago
Critical
GSA_kwCzR0hTQS1jbWM4LTIyMmMtdnFwOc4AA-US
Mattermost failed to properly validate that the channel that comes from the sync message is a shared channel
Ecosystems: go
Packages: github.com/mattermost/mattermost/server/v8
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 months ago
Critical
GSA_kwCzR0hTQS02OTJ2LTc4M2YtbWc4eM4AA-S3
XWiki Platform vulnerable to Cross-Site Scripting (XSS) through conflict resolution
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-web-templates
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 4 months ago
Critical
GSA_kwCzR0hTQS1oNjNoLTVjNzctNzdwNc4AA-So
XWiki Platform vulnerable to remote code execution from account via SearchSuggestConfigSheet
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-search-ui
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 4 months ago
Critical
GSA_kwCzR0hTQS13bTI1LWo0Z3ctNnZyM84AA-Q9
pREST vulnerable to jwt bypass + sql injection
Ecosystems: go
Packages: github.com/prest/prest
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 months ago
Critical
GSA_kwCzR0hTQS12MjN2LTZqdzItOThmcc4AA-Q4
Authz zero length regression
Ecosystems: go
Packages: github.com/docker/docker
Source: GitHub Advisory Database
Blast Radius: 46.0
Published: 4 months ago
Critical
GSA_kwCzR0hTQS1nODcyLWp3d3Itdmdnbc4AA-MW
Admidio Vulnerable to RCE via Arbitrary File Upload in Message Attachment
Ecosystems: packagist
Packages: admidio/admidio
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 months ago
Critical
GSA_kwCzR0hTQS02OXd4LXhjNmotMjh2M84AA-MV
Admidio has Blind SQL Injection in ecard_send.php
Ecosystems: packagist
Packages: admidio/admidio
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 months ago
Critical
GSA_kwCzR0hTQS1xNjIzLTJqMmotMjNqas4AA-Kn
RaspAP allows an attacker to escalate privileges
Ecosystems: packagist
Packages: billz/raspap-webgui
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 4 months ago
Critical
GSA_kwCzR0hTQS1wNTI4LTNtdmYtZ3I4N84AA-Hu
Remote code execution in Spring Cloud Data Flow
Ecosystems: maven
Packages: org.springframework.cloud:spring-cloud-skipper
Source: GitHub Advisory Database
Blast Radius: 11.5
Published: 4 months ago
Critical
GSA_kwCzR0hTQS1jOWNtLTVqODItbTZwas4AA-HP
fabedge has insecure permissions
Ecosystems: go
Packages: github.com/fabedge/fabedge
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 months ago
Critical
GSA_kwCzR0hTQS01ZzN4LThnMnYtcjh4OM4AA-HK
Volcano has insecure permissions
Ecosystems: go
Packages: volcano.sh/volcano, github.com/volcano-sh/volcano
Source: GitHub Advisory Database
Blast Radius: 18.3
Published: 4 months ago
Critical
GSA_kwCzR0hTQS05eGhoLTNtNzgtZ3Znas4AA-FS
CLSA Directory Traversal vulnerability
Ecosystems: nuget
Packages: Csla
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 4 months ago
Critical
GSA_kwCzR0hTQS13eGN4LWdnOWMtZndwMs4AA-AB
TorchServe vulnerable to bypass of allowed_urls configuration
Ecosystems: pypi
Packages: torchserve
Source: GitHub Advisory Database
Blast Radius: 20.3
Published: 4 months ago
Critical
GSA_kwCzR0hTQS01Z3J4LXY3MjctcW1xNs4AA9_l
1Panel has an SQL injection issue related to the orderBy clause
Ecosystems: go
Packages: github.com/1Panel-dev/1Panel
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 4 months ago
Critical
GSA_kwCzR0hTQS0ycndtLXh2NWotNzc3cM4AA9-i
Eclipse Parsson stack overflow when parsing deeply nested input
Ecosystems: maven
Packages: org.eclipse.parsson:parsson
Source: GitHub Advisory Database
Blast Radius: 19.0
Published: 4 months ago
Critical
GSA_kwCzR0hTQS1xNWZtLTU1YzItdjZqOc4AA98E
Fiona affected by CVE-2023-45853 related to MiniZip madler-zlib
Ecosystems: pypi
Packages: fiona
Source: GitHub Advisory Database
Blast Radius: 32.1
Published: 4 months ago
Critical
GSA_kwCzR0hTQS1mZzg2LTRjMnItN3d4d84AA95b
TorrentPier Deserialization of Untrusted Data vulnerability
Ecosystems: packagist
Packages: torrentpier/torrentpier
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 4 months ago
Critical
GSA_kwCzR0hTQS1jZ2NnLXA2OHEtM3c3ds4AA94z
langchain-experimental vulnerable to Arbitrary Code Execution
Ecosystems: pypi
Packages: langchain-experimental
Source: GitHub Advisory Database
Blast Radius: 19.9
Published: 4 months ago
Critical
GSA_kwCzR0hTQS1jaGZjLTl3Nm0tNzVyZs4AA9un
Microsoft Security Advisory CVE-2024-35264 | .NET Remote Code Execution Vulnerability
Ecosystems: nuget
Packages: Microsoft.AspNetCore.App.Runtime.win-x86, Microsoft.AspNetCore.App.Runtime.win-x64, Microsoft.AspNetCore.App.Runtime.win-arm64, Microsoft.AspNetCore.App.Runtime.win-arm, Microsoft.AspNetCore.App.Runtime.osx-x64, Microsoft.AspNetCore.App.Runtime.osx-arm64, Microsoft.AspNetCore.App.Runtime.linux-x64, Microsoft.AspNetCore.App.Runtime.linux-musl-x64, Microsoft.AspNetCore.App.Runtime.linux-musl-arm64, Microsoft.AspNetCore.App.Runtime.linux-musl-arm, Microsoft.AspNetCore.App.Runtime.linux-arm64, Microsoft.AspNetCore.App.Runtime.linux-arm
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 4 months ago
Critical
GSA_kwCzR0hTQS1tanc0LWpqODgtdjY4N84AA9rR
panic on parsing crafted phonenumber inputs
Ecosystems: cargo
Packages: phonenumber
Source: GitHub Advisory Database
Blast Radius: 14.4
Published: 4 months ago
Critical
GSA_kwCzR0hTQS1oZjI5LTloZmgtdzYzas4AA9lz
Gogs allows argument injection during the previewing of changes
Ecosystems: go
Packages: github.com/gogs/gogs
Source: GitHub Advisory Database
Blast Radius: 17.4
Published: 5 months ago
Critical
GSA_kwCzR0hTQS1wNjlyLXYzaDQtcmo0Zs4AA9l1
github.com/gogs/gogs affected by CVE-2024-39930
Ecosystems: go
Packages: github.com/gogs/gogs
Source: GitHub Advisory Database
Blast Radius: 17.4
Published: 5 months ago
Critical
GSA_kwCzR0hTQS0ydmdqLTNwdmcteGg0d84AA9lx
Gogs allows deletion of internal files
Ecosystems: go
Packages: github.com/gogs/gogs
Source: GitHub Advisory Database
Blast Radius: 17.4
Published: 5 months ago
Critical
GSA_kwCzR0hTQS04d3h4LTM1cWMtdnA2cs4AA9f9
Missing key verification in gost
Ecosystems: go
Packages: github.com/ginuerzh/gost
Source: GitHub Advisory Database
Blast Radius: 7.6
Published: 5 months ago
Critical
GSA_kwCzR0hTQS05djJmLTZ2Y2ctM2hnds4AA9cz
Gradio was discovered to contain a code injection vulnerability via the component /gradio/component_meta.py
Ecosystems: pypi
Packages: Gradio
Source: GitHub Advisory Database
Blast Radius: 39.9
Published: 5 months ago
Critical
GSA_kwCzR0hTQS05OGoyLTNqM3AtZncyds4AA9cs
Session Middleware Token Injection Vulnerability
Ecosystems: go
Packages: github.com/gofiber/fiber/v2/middleware/session, github.com/gofiber/fiber/v2, github.com/gofiber/fiber
Source: GitHub Advisory Database
Blast Radius: 37.2
Published: 5 months ago
Critical
GSA_kwCzR0hTQS02amo2LWdtN3AtZmN2ds4AA9cr
Remote Code Execution (RCE) vulnerability in geoserver
Ecosystems: maven
Packages: org.geoserver:gs-wms, org.geoserver:gs-wfs, org.geoserver.web:gs-web-app
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 5 months ago
Critical
GSA_kwCzR0hTQS1jMmhyLWNxZzYtOGo2cs4AA9co
ZDI-CAN-23894: Parse Server literalizeRegexPart SQL Injection Authentication Bypass Vulnerability
Ecosystems: npm
Packages: parse-server
Source: GitHub Advisory Database
Blast Radius: 30.2
Published: 5 months ago
Critical
GSA_kwCzR0hTQS04NjljLWo3d2MtOGpxds4AA9as
Gin mishandles a wildcard at the end of an origin string
Ecosystems: go
Packages: github.com/gin-contrib/cors, github.com/gin-gonic/gin
Source: GitHub Advisory Database
Blast Radius: 43.1
Published: 5 months ago
Critical
GSA_kwCzR0hTQS1tcjdoLXcycWMtZmZjMs4AA9ZU
pytorch-lightning vulnerable to Arbitrary File Write via /v1/runs API endpoint
Ecosystems: pypi
Packages: lightning
Source: GitHub Advisory Database
Blast Radius: 26.9
Published: 5 months ago
Statistics
Advisories: 20,668
Packages: 9,040
Repositories: 1,402
Ecosystems: 12
Filter by Severity
Moderate 8,836 High 7,269 Critical 3,070 Low 1,144
Filter by Ecosystem
npm 970 maven 870 packagist 538 pypi 447 go 261 cargo 159 rubygems 114 nuget 64 hex 5 actions 4 swift 2
Filter by Package
magento/community-edition 36 dolibarr/dolibarr 25 com.fasterxml.jackson.core:jackson-databind 24 org.jenkins-ci.main:jenkins-core 18 net.mingsoft:ms-mcms 18 salt 16 moodle/moodle 15 topthink/framework 14 drupal/core 14 Django 14 com.liferay.portal:release.portal.bom 13 org.apache.dubbo:dubbo 12 com.liferay.portal:release.dxp.bom 12 mlflow 12 langchain 12 magento/core 11 org.apache.struts:struts2-core 11 org.xwiki.platform:xwiki-platform-oldcore 11 org.xwiki.platform:xwiki-platform-web-templates 10 apache-airflow 10 drupal/drupal 10 vm2 10 phpmyadmin/phpmyadmin 9 funadmin/funadmin 9 paddlepaddle 9 ansible 9 org.jeecgframework.boot:jeecg-boot-common 8 shopware/platform 8 symfony/symfony 8 zendframework/zendframework1 8 rdiffweb 8 froxlor/froxlor 8 parse-server 7 gogs.io/gogs 7 github.com/argoproj/argo-cd 7 org.xwiki.platform:xwiki-platform-administration-ui 7 studio-42/elfinder 7 sequelize 7 rusqlite 7 github.com/answerdev/answer 6 org.apache.shiro:shiro-core 6 thorsten/phpmyfaq 6 github.com/rancher/rancher 6 ezsystems/ezpublish-kernel 6 pillow 6 aaptjs 6 tensorflow 6 tensorflow-gpu 6 zendframework/zendframework 6 mercurial 6 tensorflow-cpu 5 Microsoft.ChakraCore 5 dompdf/dompdf 5 centreon/centreon 5 code.gitea.io/gitea 5 org.xwiki.platform:xwiki-platform-web 5 typo3/cms 5 ckb 5 org.apache.inlong:manager-pojo 5 org.xwiki.commons:xwiki-commons-xml 5 safe-eval 5 shopware/core 5 org.jeecgframework.boot:jeecg-boot-parent 5 github.com/hashicorp/vault 5 org.jenkins-ci.plugins:script-security 5 org.apache.activemq:activemq-client 5 pyload-ng 5 prestashop/prestashop 5 steal 5 github.com/grafana/grafana 5 librenms/librenms 5 github.com/argoproj/argo-cd/v2 5 nodebb 5 mautic/core 5 org.jeecgframework.boot:jeecg-boot-base-core 4 ait-core 4 tribalsystems/zenario 4 nilsteampassnet/teampass 4 org.cloudfoundry.identity:cloudfoundry-identity-server 4 org.eclipse.jetty:jetty-server 4 org.xwiki.platform:xwiki-platform-flamingo-skin-resources 4 langchain-experimental 4 messagepack-rs 4 smallvec 4 baserproject/basercms 4 org.xwiki.platform:xwiki-platform-appwithinminutes-ui 4 nukeviet/nukeviet 4 realms-shim 4 net.opentsdb:opentsdb 4 spree_auth_devise 4 org.apache.inlong:manager-service 4 org.apache.openmeetings:openmeetings-parent 4 feehi/cms 4 hermes-engine 4 org.apache.tomcat.embed:tomcat-embed-core 4 swagger-ui 4 safer-eval 4 openssl-src 4 simplesamlphp/simplesamlphp 4 contao/contao 4 org.xwiki.platform:xwiki-platform-search-ui 4 contao/core-bundle 4 org.apache.tapestry:tapestry-core 4 craftcms/cms 4 calibreweb 4 org.apache.kylin:kylin-server-base 4 Pillow 4 apache-airflow-providers-apache-hive 4 github.com/usememos/memos 4 cobbler 4 shopware/shopware 4 github.com/pterodactyl/wings 3 rubygems-update 3 codiad/codiad 3 showdoc/showdoc 3 silverstripe/framework 3 pimcore/pimcore 3 org.apache.any23:apache-any23 3 github.com/hashicorp/nomad 3 jsrsasign 3 feathers-sequelize 3 org.apache.ignite:ignite-core 3 phpmailer/phpmailer 3 smarty/smarty 3 org.apache.linkis:linkis 3 SQLAlchemy 3 modoboa 3 org.apache.logging.log4j:log4j-core 3 francoisjacquet/rosariosis 3 codeigniter4/framework 3 mitmproxy 3 org.jenkins-ci.plugins:active-directory 3 gradio 3 org.springframework.security:spring-security-core 3 Plone 3 github.com/IceWhaleTech/CasaOS 3 org.xwiki.platform:xwiki-platform-flamingo-theme-ui 3 org.xwiki.platform:xwiki-platform-panels-ui 3 symfony/security 3 symfony/security-core 3 elefant/cms 3 org.apache.hadoop:hadoop-common 3 org.jenkins-ci.plugins.workflow:workflow-cps 3 ibexa/core 3 id-map 3 torchserve 3 wwbn/avideo 3 org.apache.storm:storm 3 PaddlePaddle 3 org.apache.dolphinscheduler:dolphinscheduler 3 ezsystems/ezplatform-kernel 3 adodb/adodb-php 3 com.jflyfox:jflyfox_jfinal 3 vyper 3 django 3 dulwich 3 @openzeppelin/contracts-upgradeable 3 org.richfaces:richfaces-core 3 nokogiri 3 lmdb 3 org.apache.inlong:manager-web 3 org.xwiki.platform:xwiki-platform-icon-ui 3 xcb 3 org.apache.ozone:ozone-main 3 handlebars 3 slp-validate 3 ray 3 github.com/gogs/gogs 3 mongoose 3 org.jeecgframework.boot:jeecg-boot-base 3 github.com/go-gitea/gitea 3 twisted 3 org.apache.solr:solr-core 3 actix-web 3 org.apache.tomcat:tomcat-catalina 3 com.alibaba:dubbo 3 llama-index-core 3 log4j:log4j 3 github.com/dexidp/dex 3 org.zenframework.z8.dependencies.commons:log4j-1.2.17 3 nvflare 3 org.keycloak:keycloak-core 3 edu.stanford.nlp:stanford-corenlp 3 org.apache.jmeter:ApacheJMeter 3 org.apache.solr:solr-parent 3 slpjs 3 ro.pippo:pippo-core 3 github.com/gofiber/fiber/v2 3 publify_core 3 com.hazelcast:hazelcast 3 browserify-shim 3 codeigniter/framework 3 pyyaml 3 impresscms/impresscms 3 strapi 3 io.dataease:dataease-plugin-common 3 facade/ignition 3 apache-submarine 3 io.undertow:undertow-core 3 org.apache.dubbo:dubbo-parent 2
Filter by Repository
https://github.com/xwiki/xwiki-platform 87 https://github.com/FasterXML/jackson-databind 24 https://github.com/jenkinsci/jenkins 17 https://github.com/django/django 15 https://github.com/Dolibarr/dolibarr 15 https://github.com/apache/airflow 15 https://github.com/langchain-ai/langchain 12 https://github.com/mlflow/mlflow 12 https://github.com/saltstack/salt 12 https://github.com/PaddlePaddle/Paddle 11 https://github.com/ming-soft/MCMS 10 https://github.com/magento/magento2 10 https://github.com/patriksimek/vm2 10 https://github.com/gogs/gogs 10 https://github.com/top-think/framework 9 https://github.com/python-pillow/Pillow 9 https://github.com/apache/inlong 9 https://github.com/funadmin/funadmin 9 https://github.com/jeecgboot/jeecg-boot 9 https://github.com/ikus060/rdiffweb 8 https://github.com/ansible/ansible 8 https://github.com/go-gitea/gitea 8 https://github.com/argoproj/argo-cd 8 https://github.com/sequelize/sequelize 7 https://github.com/symfony/symfony 7 https://github.com/Studio-42/elFinder 7 https://github.com/apache/struts 7 https://github.com/rusqlite/rusqlite 7 https://github.com/parse-community/parse-server 7 https://github.com/tensorflow/tensorflow 6 https://github.com/shenzhim/aaptjs 6 https://github.com/xwiki/xwiki-commons 6 https://github.com/rancher/rancher 6 https://github.com/apache/tomcat 6 https://github.com/shopware/platform 6 https://github.com/thorsten/phpmyfaq 6 https://github.com/dompdf/dompdf 6 https://github.com/answerdev/answer 6 https://github.com/froxlor/froxlor 5 https://github.com/twisted/twisted 5 https://github.com/stealjs/steal 5 https://github.com/keycloak/keycloak 5 https://github.com/PrestaShop/PrestaShop 5 https://github.com/moodle/moodle 5 https://github.com/NodeBB/NodeBB 5 https://github.com/hacksparrow/safe-eval 5 https://github.com/dromara/hutool 5 https://github.com/nervosnetwork/ckb 5 https://github.com/apache/activemq 5 https://github.com/solidusio/solidus_auth_devise 5 https://github.com/pyload/pyload 5 https://github.com/grafana/grafana 5 https://github.com/usememos/memos 4 https://github.com/cobbler/cobbler 4 https://github.com/ezsystems/ezpublish-kernel 4 https://github.com/run-llama/llama_index 4 https://github.com/dataease/dataease 4 https://github.com/janeczku/calibre-web 4 https://github.com/spring-projects/spring-framework 4 https://github.com/swagger-api/swagger-ui 4 https://github.com/otake84/messagepack-rs 4 https://github.com/hwchase17/langchain 4 https://github.com/liufee/cms 4 https://github.com/CVEProject/cvelist 4 https://github.com/contao/contao 4 https://github.com/cloudfoundry/uaa 4 https://github.com/pippo-java/pippo 4 https://github.com/OpenTSDB/opentsdb 4 https://github.com/servo/rust-smallvec 4 https://github.com/hazelcast/hazelcast 3 https://github.com/opencast/opencast 3 https://github.com/thlorenz/browserify-shim 3 https://github.com/smarty-php/smarty 3 https://github.com/neorazorx/facturascripts 3 https://github.com/ibexa/core 3 https://github.com/mitmproxy/mitmproxy 3 https://github.com/yaml/pyyaml 3 https://github.com/publify/publify 3 https://github.com/librenms/librenms 3 https://github.com/sqlalchemy/sqlalchemy 3 https://github.com/chakra-core/ChakraCore 3 https://github.com/github/securitylab 3 https://github.com/baserproject/basercms 3 https://github.com/apache/shiro 3 https://github.com/apache/camel 3 https://github.com/pimcore/pimcore 3 https://github.com/ADOdb/ADOdb 3 https://github.com/jflyfox/jfinal_cms 3 https://github.com/dexidp/dex 3 https://github.com/shopware5/shopware 3 https://github.com/NVIDIA/NVFlare 3 https://github.com/phpmyadmin/phpmyadmin 3 https://github.com/pytorch/serve 3 https://github.com/rubygems/rubygems.org 3 https://github.com/simpleledger/slpjs 3 https://github.com/simplesamlphp/simplesamlphp 3 https://github.com/pterodactyl/wings 3 https://github.com/crewjam/saml 3 https://github.com/feathersjs-ecosystem/feathers-sequelize 3 https://github.com/octobercms/october 3 https://github.com/mbechler/marshalsec 3 https://github.com/denoland/deno 3 https://github.com/LetianYuan/My-CVE-Public-References 3 https://github.com/dwisiswant0/advisory 3 https://github.com/centreon/centreon-archived 3 https://github.com/facebook/hermes 3 https://github.com/kubernetes/kubernetes 3 https://github.com/kjur/jsrsasign 3 https://github.com/facade/ignition 3 https://github.com/TeamSeri0us/pocs 3 https://github.com/ImpressCMS/impresscms 3 https://github.com/vyperlang/vyper 3 https://github.com/ezsystems/ezplatform-kernel 3 https://github.com/gradio-app/gradio 3 https://github.com/apache/dolphinscheduler 3 https://github.com/jbroadway/elefant 3 https://github.com/nukeviet/nukeviet 3 https://github.com/strapi/strapi 3 https://github.com/craftcms/cms 3 https://github.com/rubygems/rubygems 3 https://github.com/gofiber/fiber 3 https://github.com/NASA-AMMOS/AIT-Core 3 https://github.com/actix/actix-web 3 https://github.com/SAML-Toolkits/ruby-saml 3 https://github.com/andrewhickman/id-map 3 https://github.com/PHPMailer/PHPMailer 3 https://github.com/star7th/showdoc 3 https://github.com/modoboa/modoboa 3 https://github.com/TribalSystems/Zenario 3 https://github.com/shopware/shopware 3 https://github.com/mautic/mautic 3 https://github.com/http4s/http4s 2 https://github.com/BerriAI/litellm 2 https://github.com/unshiftio/url-parse 2 https://github.com/Ericsson/codechecker 2 https://github.com/scalyr/scalyr-agent-2 2 https://github.com/js-data/js-data 2 https://github.com/nuxt/nuxt 2 https://github.com/Microsoft/ChakraCore 2 https://github.com/puma/puma 2 https://github.com/web2py/web2py 2 https://github.com/fluxcd/flux2 2 https://github.com/Gerapy/Gerapy 2 https://github.com/mpdavis/python-jose 2 https://github.com/dominictarr/libnested 2 https://github.com/PowerJob/PowerJob 2 https://github.com/apache/jmeter 2 https://github.com/beego/beego 2 https://github.com/ibexa/admin-ui 2 https://github.com/IceWhaleTech/CasaOS 2 https://github.com/apache/zeppelin 2 https://github.com/jenkinsci/semantic-versioning-plugin 2 https://github.com/intelliants/subrion 2 https://github.com/moby/buildkit 2 https://github.com/viz-rs/nano-id 2 https://github.com/Froxlor/Froxlor 2 https://github.com/evmos/evmos 2 https://github.com/MrSwitch/hello.js 2 https://github.com/netvl/acc_reader 2 https://github.com/Automattic/mongoose 2 https://github.com/stanfordnlp/corenlp 2 https://github.com/jmrozanec/cron-utils 2 https://github.com/hashicorp/go-getter 2 https://github.com/rubyzip/rubyzip 2 https://github.com/firebase/php-jwt 2 https://github.com/cockpit-hq/cockpit 2 https://github.com/handlebars-lang/handlebars.js 2 https://github.com/h2database/h2database 2 https://github.com/hashicorp/vault 2 https://github.com/Pylons/waitress 2 https://github.com/ionicabizau/parse-url 2 https://github.com/totaljs/framework 2 https://github.com/apache/kylin 2 https://github.com/nats-io/jwt 2 https://github.com/rest-client/rest-client 2 https://github.com/vufind-org/vufind 2 https://github.com/getgrav/grav 2 https://github.com/uasoft-indonesia/badaso 2 https://github.com/frohoff/ysoserial 2 https://github.com/jfinal/jfinal 2 https://github.com/javamelody/javamelody 2 https://github.com/ahdinosaur/set-in 2 https://github.com/neo4j-contrib/neo4j-apoc-procedures 2 https://github.com/Admidio/admidio 2 https://github.com/RaspAP/raspap-webgui 2 https://github.com/noear/solon 2 https://github.com/simpleledger/slp-validate.js 2 https://github.com/jenkinsci/script-security-plugin 2 https://github.com/qcubed/qcubed 2 https://github.com/top-think/thinkphp 2 https://github.com/russellhaering/gosaml2 2 https://github.com/spring-projects/spring-security 2 https://github.com/HtmlUnit/htmlunit 2 https://github.com/Kozea/Radicale 2 https://github.com/sidorares/node-mysql2 2 https://github.com/OpenZeppelin/openzeppelin-contracts 2 https://github.com/KnpLabs/snappy 2 https://github.com/dfinity/agent-js 2 https://github.com/omrilotan/async-git 2