Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Critical Security Advisories

Loading...
Critical
GSA_kwCzR0hTQS1wNTI4LTNtdmYtZ3I4N84AA-Hu
Remote code execution in Spring Cloud Data Flow
Ecosystems: maven
Packages: org.springframework.cloud:spring-cloud-skipper
Source: GitHub Advisory Database
Blast Radius: 11.5
Published: 1 day ago
Critical
GSA_kwCzR0hTQS05Z3E3LXA1dzktdzg5Oc4AA-FD
Ankitects Anki arbitrary script execution vulnerability
Ecosystems: pypi
Packages: anki
Source: GitHub Advisory Database
Blast Radius: 17.4
Published: 4 days ago
Critical
GSA_kwCzR0hTQS01Z3J4LXY3MjctcW1xNs4AA9_l
1Panel has an SQL injection issue related to the orderBy clause
Ecosystems: go
Packages: github.com/1Panel-dev/1Panel
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 9 days ago
Critical
GSA_kwCzR0hTQS1xNWZtLTU1YzItdjZqOc4AA98E
Fiona affected by CVE-2023-45853 related to MiniZip madler-zlib
Ecosystems: pypi
Packages: fiona
Source: GitHub Advisory Database
Blast Radius: 32.1
Published: 10 days ago
Critical
GSA_kwCzR0hTQS1mZzg2LTRjMnItN3d4d84AA95b
TorrentPier Deserialization of Untrusted Data vulnerability
Ecosystems: packagist
Packages: torrentpier/torrentpier
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 11 days ago
Critical
GSA_kwCzR0hTQS01ZjR4LWh3djItdzl3Ms4AA9l_
rejetto HFS vulnerable to OS Command Execution by remote authenticated users
Ecosystems: npm
Packages: hfs
Source: GitHub Advisory Database
Blast Radius: 3.0
Published: 22 days ago
Critical
GSA_kwCzR0hTQS1oZjI5LTloZmgtdzYzas4AA9lz
Gogs allows argument injection during the previewing of changes
Ecosystems: go
Packages: github.com/gogs/gogs
Source: GitHub Advisory Database
Blast Radius: 17.4
Published: 22 days ago
Critical
GSA_kwCzR0hTQS1wNjlyLXYzaDQtcmo0Zs4AA9l1
github.com/gogs/gogs affected by CVE-2024-39930
Ecosystems: go
Packages: github.com/gogs/gogs
Source: GitHub Advisory Database
Blast Radius: 17.4
Published: 22 days ago
Critical
GSA_kwCzR0hTQS0ydmdqLTNwdmcteGg0d84AA9lx
Gogs allows deletion of internal files
Ecosystems: go
Packages: github.com/gogs/gogs
Source: GitHub Advisory Database
Blast Radius: 17.4
Published: 22 days ago
Critical
GSA_kwCzR0hTQS05djJmLTZ2Y2ctM2hnds4AA9cz
Gradio was discovered to contain a code injection vulnerability via the component /gradio/component_meta.py
Ecosystems: pypi
Packages: Gradio
Source: GitHub Advisory Database
Blast Radius: 39.9
Published: 25 days ago
Critical
GSA_kwCzR0hTQS05OGoyLTNqM3AtZncyds4AA9cs
Session Middleware Token Injection Vulnerability
Ecosystems: go
Packages: github.com/gofiber/fiber/v2/middleware/session, github.com/gofiber/fiber/v2, github.com/gofiber/fiber
Source: GitHub Advisory Database
Blast Radius: 37.2
Published: 25 days ago
Critical
GSA_kwCzR0hTQS02amo2LWdtN3AtZmN2ds4AA9cr
Remote Code Execution (RCE) vulnerability in geoserver
Ecosystems: maven
Packages: org.geoserver:gs-wms, org.geoserver:gs-wfs, org.geoserver.web:gs-web-app
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 25 days ago
Critical
GSA_kwCzR0hTQS1jMmhyLWNxZzYtOGo2cs4AA9co
ZDI-CAN-23894: Parse Server literalizeRegexPart SQL Injection Authentication Bypass Vulnerability
Ecosystems: npm
Packages: parse-server
Source: GitHub Advisory Database
Blast Radius: 30.2
Published: 25 days ago
Critical
GSA_kwCzR0hTQS04NzZwLWM3N20teDJoY84AA9bu
Prototype pollution in ag-grid-community via the _.mergeDeep function
Ecosystems: npm
Packages: ag-grid-community, ag-grid-enterprise
Source: GitHub Advisory Database
Blast Radius: 36.4
Published: 25 days ago
Critical
GSA_kwCzR0hTQS1ycnFxLWZ2Nm0tNjkybc4AA9Zq
vanna vulnerable to remote code execution caused by prompt injection
Ecosystems: pypi
Packages: vanna
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 29 days ago
Critical
GSA_kwCzR0hTQS1ncHBnLWdxdzgtd2g5Z84AA9Z3
litellm vulnerable to remote code execution based on using eval unsafely
Ecosystems: pypi
Packages: litellm
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 29 days ago
Critical
GSA_kwCzR0hTQS1tcjdoLXcycWMtZmZjMs4AA9ZU
pytorch-lightning vulnerable to Arbitrary File Write via /v1/runs API endpoint
Ecosystems: pypi
Packages: lightning
Source: GitHub Advisory Database
Blast Radius: 26.9
Published: 29 days ago
Critical
GSA_kwCzR0hTQS1ocTRmLW12M3EtOHdjds4AA9We
Craft CMS SQL injection vulnerability via the GraphQL API endpoint
Ecosystems: packagist
Packages: craftcms/cms
Source: GitHub Advisory Database
Blast Radius: 33.7
Published: about 1 month ago
Critical
GSA_kwCzR0hTQS1xY2ozLXdwZ20tcXB4aM4AA9UF
XWiki programming rights may be inherited by inclusion
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-rendering-macro-include
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 month ago
Critical
GSA_kwCzR0hTQS1jZjNxLXZnOHctbXc4NM4AA9Tl
Apache StreamPipes: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in Recovery Token Generation
Ecosystems: maven
Packages: org.apache.streampipes:streampipes-resource-management
Source: GitHub Advisory Database
Blast Radius: 7.1
Published: about 1 month ago
Critical
GSA_kwCzR0hTQS1tdnJtLWZoOHEtNndyMs4AA9S_
Remote Code Execution via path traversal bypass in lollms
Ecosystems: pypi
Packages: lollms
Source: GitHub Advisory Database
Blast Radius: 5.9
Published: about 1 month ago
Critical
GSA_kwCzR0hTQS1qNTg0LWoydmotM2Y5M84AA9Pv
XWiki Platform allows remote code execution from user account
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-oldcore
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 month ago
Critical
GSA_kwCzR0hTQS02Z3I0LTUydzYtdm1xeM4AA9I5
rke's credentials are stored in the RKE1 Cluster state ConfigMap
Ecosystems: go
Packages: github.com/rancher/rke
Source: GitHub Advisory Database
Blast Radius: 21.2
Published: about 1 month ago
Critical
GSA_kwCzR0hTQS13ODc3LWpmdzctNDZyas4AA9Ik
DeepJavaLibrary API absolute path traversal
Ecosystems: maven
Packages: ai.djl:api
Source: GitHub Advisory Database
Blast Radius: 20.7
Published: about 1 month ago
Critical
GSA_kwCzR0hTQS1tOGNqLTN2NjgtM2N4as4AA9CN
Magento Open Source affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 10.6
Published: about 1 month ago
Critical
GSA_kwCzR0hTQS02cTk3LTh2M2ctcnB4d84AA8-X
Apache Submarine Server Core Incorrect Authorization vulnerability
Ecosystems: maven
Packages: org.apache.submarine:submarine-server-core
Source: GitHub Advisory Database
Blast Radius: 8.7
Published: about 1 month ago
Critical
GSA_kwCzR0hTQS12cXdyLXE2Y2MtYzI0Ms4AA89T
parisneo/lollms Local File Inclusion (LFI) attack
Ecosystems: pypi
Packages: lollms
Source: GitHub Advisory Database
Blast Radius: 5.5
Published: about 1 month ago
Critical
GSA_kwCzR0hTQS1mdmNxLTR4NjQtaHF4cs4AA880
Jupyter Server Proxy has a reflected XSS issue in host parameter
Ecosystems: pypi
Packages: jupyter-server-proxy
Source: GitHub Advisory Database
Blast Radius: 25.8
Published: about 2 months ago
Critical
GSA_kwCzR0hTQS12NWdmLXI3OGgtNTVxNs4AA88z
document-merge-service vulnerable to Remote Code Execution via Server-Side Template Injection
Ecosystems: pypi
Packages: document-merge-service
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 months ago
Critical
GSA_kwCzR0hTQS0zbXdjLTJjajctZ3g4Y84AA83Q
lunary-ai/lunary Access Control Vulnerability in Prompt Variation Management
Ecosystems: pypi
Packages: lunary
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 months ago
Critical
GSA_kwCzR0hTQS13NXhtLW14NDctdjdjOM4AA81m
lunary-ai/lunary allows users unauthorized access to projects
Ecosystems: npm
Packages: lunary
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 months ago
Critical
GSA_kwCzR0hTQS02ZnF3LWozdm0tN2Y2Ns4AA80W
Zendframework1 Potential SQL injection in ORDER and GROUP functions
Ecosystems: packagist
Packages: zendframework/zendframework1
Source: GitHub Advisory Database
Blast Radius: 28.7
Published: about 2 months ago
Critical
GSA_kwCzR0hTQS12NDJnLTdxMngtY3czMs4AA80T
Zendframework1 potential SQL injection vector using null byte for PDO (MsSql, SQLite)
Ecosystems: packagist
Packages: zendframework/zendframework1
Source: GitHub Advisory Database
Blast Radius: 28.7
Published: about 2 months ago
Critical
GSA_kwCzR0hTQS0yeDM2LXFoeDMtN201Zs4AA80R
ZendFramework1 Potential SQL injection in the ORDER implementation of Zend_Db_Select
Ecosystems: packagist
Packages: zendframework/zendframework1
Source: GitHub Advisory Database
Blast Radius: 28.7
Published: about 2 months ago
Critical
GSA_kwCzR0hTQS14ODZ4LXFoZjgtZjM3d84AA80P
willdurand/js-translation-bundle potential path traversal attack and remote code injection
Ecosystems: packagist
Packages: willdurand/js-translation-bundle
Source: GitHub Advisory Database
Blast Radius: 24.1
Published: about 2 months ago
Critical
GSA_kwCzR0hTQS04eDJ2LXBjZzctOTRmNM4AA80C
Zend-JSON vulnerable to XXE/XEE attacks
Ecosystems: packagist
Packages: zendframework/zend-json
Source: GitHub Advisory Database
Blast Radius: 40.0
Published: about 2 months ago
Critical
GSA_kwCzR0hTQS1oeDU0LXBmMjgtN3hjaM4AA8z8
ebookmeta XML External Entity vulnerability
Ecosystems: pypi
Packages: ebookmeta
Source: GitHub Advisory Database
Blast Radius: 2.7
Published: about 2 months ago
Critical
GSA_kwCzR0hTQS1taHB4LTNydjgtd3Jqbc4AA8zv
ZendFramework potential XML eXternal Entity injection vectors
Ecosystems: packagist
Packages: zendframework/zendframework1
Source: GitHub Advisory Database
Blast Radius: 28.7
Published: about 2 months ago
Critical
GSA_kwCzR0hTQS1xZjM2LWZ4OWYtMjMyeM4AA8zs
ZendFramework potential SQL Injection Vector When Using PDO_MySql
Ecosystems: packagist
Packages: zendframework/zendframework1
Source: GitHub Advisory Database
Blast Radius: 28.7
Published: about 2 months ago
Critical
GSA_kwCzR0hTQS1mNGZqLXE2bTQtY2M1Ms4AA8zq
ZendFramework vulnerable to XXE/XEE attacks
Ecosystems: packagist
Packages: zendframework/zend-xmlrpc
Source: GitHub Advisory Database
Blast Radius: 29.9
Published: about 2 months ago
Critical
GSA_kwCzR0hTQS1xYzd3LTQ1NjctODR3ds4AA8zh
Zendframework vulnerable to XXE/XEE attacks
Ecosystems: packagist
Packages: zendframework/zendframework
Source: GitHub Advisory Database
Blast Radius: 38.2
Published: about 2 months ago
Critical
GSA_kwCzR0hTQS12OXE2LWZtNDgtcng3NM4AA8xv
Authentication bypass in dtale
Ecosystems: pypi
Packages: dtale
Source: GitHub Advisory Database
Blast Radius: 19.0
Published: about 2 months ago
Critical
GSA_kwCzR0hTQS01cTZjLWZmdmcteGNtOc4AA8xf
Remote code execution in mlflow
Ecosystems: pypi
Packages: mlflow
Source: GitHub Advisory Database
Blast Radius: 37.1
Published: about 2 months ago
Critical
GSA_kwCzR0hTQS1jZ3djLXF2cngtcmY3Zs4AA8wc
Remote code execution in pytorch lightning
Ecosystems: pypi
Packages: lightning
Source: GitHub Advisory Database
Blast Radius: 29.0
Published: about 2 months ago
Critical
GSA_kwCzR0hTQS02N3dnLTZqN3ItbXFoOM4AA8uB
Arbitrary Code Execution in TYPO3 CMS
Ecosystems: packagist
Packages: typo3/cms
Source: GitHub Advisory Database
Blast Radius: 26.1
Published: about 2 months ago
Critical
GSA_kwCzR0hTQS1nd2Z4LXA3bXItZjkyds4AA8t6
Missing Access Check in TYPO3 CMS
Ecosystems: packagist
Packages: typo3/cms
Source: GitHub Advisory Database
Blast Radius: 23.7
Published: about 2 months ago
Critical
GSA_kwCzR0hTQS1xNW1nLXBjN3Itcjhjcs4AA8tY
Files or Directories Accessible to External Parties in ProjectDiscovery
Ecosystems: go
Packages: github.com/projectdiscovery/interactsh
Source: GitHub Advisory Database
Blast Radius: 20.0
Published: about 2 months ago
Critical
GSA_kwCzR0hTQS04NzhoLXJxY3EtbXYzeM4AA8s7
Jan path traversal vulnerability
Ecosystems: npm
Packages: @janhq/core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 months ago
Critical
GSA_kwCzR0hTQS1xZmpoLW12cTYtYzVwOM4AA8s6
Jan path traversal vulnerability
Ecosystems: npm
Packages: @janhq/core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 months ago
Critical
GSA_kwCzR0hTQS05aGM3LTZ3OXItd2o5NM4AA8sy
Unable to generate the correct character set
Ecosystems: cargo
Packages: nano-id
Source: GitHub Advisory Database
Blast Radius: 2.8
Published: about 2 months ago
Critical
GSA_kwCzR0hTQS0yaGZ3LXc3MzktcDd4Nc4AA8su
nano-id reduced entropy due to inadequate character set usage
Ecosystems: cargo
Packages: nano-id
Source: GitHub Advisory Database
Blast Radius: 2.8
Published: about 2 months ago
Critical
GSA_kwCzR0hTQS03bTc1LXgyN3ctcjUycs4AA8nb
qdrant input validation failure
Ecosystems: pypi
Packages: qdrant-client
Source: GitHub Advisory Database
Blast Radius: 32.0
Published: about 2 months ago
Critical
GSA_kwCzR0hTQS00dzU0LXd3YzkteDYyY84AA8m1
Silverpeas authentication bypass
Ecosystems: maven
Packages: org.silverpeas.core:silverpeas-core
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 months ago
Critical
GSA_kwCzR0hTQS14Y3IyLWg4aHYtNjIyN84AA8mS
qdrant is vulnerable to path traversal due to improper input validation in the `/collections/{name}/snapshots/upload` endpoint
Ecosystems: cargo
Packages: qdrant
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 months ago
Critical
GSA_kwCzR0hTQS1jYzk3LWc5Mnctam02Nc4AA8jt
TYPO3 CMS Insecure Deserialization & Arbitrary Code Execution
Ecosystems: packagist
Packages: typo3/cms-core
Source: GitHub Advisory Database
Blast Radius: 35.1
Published: about 2 months ago
Critical
GSA_kwCzR0hTQS1xM2ptLXYyN3EtamZ3d84AA8jq
titon/framework vulnerable to Remote Code Execution via Chosen-Ciphertext Attack
Ecosystems: packagist
Packages: titon/framework
Source: GitHub Advisory Database
Blast Radius: 5.9
Published: about 2 months ago
Critical
GSA_kwCzR0hTQS03ZnBqLXdjOHYtOWNnY84AA8jm
terminal42/contao-tablelookupwizard possible SQL injection in widget field value
Ecosystems: packagist
Packages: terminal42/contao-tablelookupwizard
Source: GitHub Advisory Database
Blast Radius: 9.4
Published: about 2 months ago
Critical
GSA_kwCzR0hTQS1tbWN2LWZ2cTgtcjl4M84AA8jg
Symfony XML decoding attack vector through external entities
Ecosystems: packagist
Packages: symfony/symfony
Source: GitHub Advisory Database
Blast Radius: 42.7
Published: about 2 months ago
Critical
GSA_kwCzR0hTQS1qNjh3LXBnNDktZjZ2eM4AA8je
Symfony XML decoding attack vector through external entities
Ecosystems: packagist
Packages: symfony/serializer
Source: GitHub Advisory Database
Blast Radius: 46.0
Published: about 2 months ago
Critical
GSA_kwCzR0hTQS00cXBqLWd4eGctanFnNM4AA8jN
Swiftmailer Sendmail transport arbitrary shell execution
Ecosystems: packagist
Packages: swiftmailer/swiftmailer
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
Critical
GSA_kwCzR0hTQS1qNmN2LTk4angtbXJ3cs4AA8jD
Mocodo vulnerable to SQL injection in `/web/generate.php`
Ecosystems: pypi
Packages: mocodo
Source: GitHub Advisory Database
Blast Radius: 7.6
Published: about 2 months ago
Critical
GSA_kwCzR0hTQS1manIyLXIybXAtNDg0cM4AA8jC
SimpleSAMLphp signature validation bypass
Ecosystems: packagist
Packages: simplesamlphp/simplesamlphp
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
Critical
GSA_kwCzR0hTQS1xOHg3LWpjM2gtcDh4Y84AA8iU
Dolibarr vulnerable to SQL Injection
Ecosystems: packagist
Packages: dolibarr/dolibarr
Source: GitHub Advisory Database
Blast Radius: 7.1
Published: 2 months ago
Critical
GSA_kwCzR0hTQS1jM2g5LXEzangtdzdmY84AA8iT
Dolibarr vulnerable to SQL Injection
Ecosystems: packagist
Packages: dolibarr/dolibarr
Source: GitHub Advisory Database
Blast Radius: 7.1
Published: 2 months ago
Critical
GSA_kwCzR0hTQS04djZtLTdmNXYtaGh4Ns4AA8iN
Silverstripe Brute force bypass on default admin
Ecosystems: packagist
Packages: silverstripe/framework
Source: GitHub Advisory Database
Blast Radius: 33.1
Published: 2 months ago
Critical
GSA_kwCzR0hTQS13eDI0LXZxcmctbTZtNc4AA8gT
VuFind Server-Side Request Forgery (SSRF) vulnerability
Ecosystems: packagist
Packages: vufind/vufind
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 months ago
Critical
GSA_kwCzR0hTQS1md2hjLW1tOXEtbXFxOM4AA8gN
VuFind Server-Side Request Forgery (SSRF) vulnerability
Ecosystems: packagist
Packages: vufind/vufind
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 months ago
Critical
GSA_kwCzR0hTQS1qcWZmLThnMnYtNjQyaM4AA8db
NASA AIT-Core vulnerable to remote code execution
Ecosystems: pypi
Packages: ait-core
Source: GitHub Advisory Database
Blast Radius: 6.8
Published: 2 months ago
Critical
GSA_kwCzR0hTQS04M2p2LTRwcm0tMzRnN84AA8da
Shopware Remote Code Execution Vulnerability
Ecosystems: packagist
Packages: shopware/shopware
Source: GitHub Advisory Database
Blast Radius: 16.2
Published: 2 months ago
Critical
GSA_kwCzR0hTQS03MzM2LWdoaHAtZjJxas4AA8dZ
Shopware Remote Code Execution Vulnerability
Ecosystems: packagist
Packages: shopware/shopware
Source: GitHub Advisory Database
Blast Radius: 16.2
Published: 2 months ago
Critical
GSA_kwCzR0hTQS1xM2c0LTJ2dzkteHYyN84AA8dX
Shopware Remote Code Execution Vulnerability
Ecosystems: packagist
Packages: shopware/shopware
Source: GitHub Advisory Database
Blast Radius: 16.2
Published: 2 months ago
Critical
GSA_kwCzR0hTQS12OWhmLTVqODMtNnhwcM4AA8dB
PyMySQL SQL Injection vulnerability
Ecosystems: pypi
Packages: pymysql
Source: GitHub Advisory Database
Blast Radius: 40.6
Published: 2 months ago
Critical
GSA_kwCzR0hTQS05NzY2LTUyNzctajVocs4AA8aY
ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache
Ecosystems: go
Packages: github.com/argoproj/argo-cd, github.com/argoproj/argo-cd/v2
Source: GitHub Advisory Database
Blast Radius: 19.7
Published: 2 months ago
Critical
GSA_kwCzR0hTQS1nM3EyLXZjanEtcmdyY84AA8V-
Blackprint @blackprint/engine Prototype Pollution issue
Ecosystems: npm
Packages: @blackprint/engine
Source: GitHub Advisory Database
Blast Radius: 10.2
Published: 2 months ago
Critical
GSA_kwCzR0hTQS03ZzdjLXFoZjMteDU5cM4AA8V0
propel/propel1 SQL injection possible with limit() on MySQL
Ecosystems: packagist
Packages: propel/propel1
Source: GitHub Advisory Database
Blast Radius: 28.1
Published: 2 months ago
Critical
GSA_kwCzR0hTQS03dnc3LXF4MzgtMzd2cs4AA8Vz
Propel2 SQL injection possible with limit() on MySQL
Ecosystems: packagist
Packages: propel/propel
Source: GitHub Advisory Database
Blast Radius: 27.1
Published: 2 months ago
Critical
GSA_kwCzR0hTQS1ycTZxLWhqdmgtNW13aM4AA8Rv
Flow Swift Mailer package Remote code execution
Ecosystems: packagist
Packages: neos/swiftmailer
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 months ago
Critical
GSA_kwCzR0hTQS00cnI2LWdmNTktZ2d3Nc4AA8Rn
namshi/jose - Verification bypass
Ecosystems: packagist
Packages: namshi/jose
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 months ago
Critical
GSA_kwCzR0hTQS0zNzgzLTYydmMtanI3eM4AA8K_
ConsoleMe has an Arbitrary File Read Vulnerability via Limited Git command
Ecosystems: pypi
Packages: consoleme
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 2 months ago
Critical
GSA_kwCzR0hTQS04ajdjLTY4MngtcjlmMs4AA8I2
Magento RCE,XSS and other vulnerabilities
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 months ago
Critical
GSA_kwCzR0hTQS01Z21oLTg1eDgtNWN4N84AA8I0
Magento remote code execution (RCE), Cross-Site Scripting (XSS) and other vulnerabilities
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 months ago
Critical
GSA_kwCzR0hTQS1jdjI1LTNweHItNHE3eM4AA8Iz
Magento Open Source Security Advisory: Patch SUPEE-10975
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 months ago
Critical
GSA_kwCzR0hTQS0yNmhxLTcyODYtbWc4Zs4AA8Iy
Magento Patch SUPEE-9652 - Remote Code Execution using mail vulnerability
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 months ago
Critical
GSA_kwCzR0hTQS02d200LTNyamotYzh4eM4AA8Ix
Magento Security enhancements that help close RCE,XSS,CSRF and other vulnerabilities
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 months ago
Critical
GSA_kwCzR0hTQS1wcnBmLWNqODctaHd2cs4AA8Iw
Magento Patch SUPEE-10752 - Multiple security enhancements vulnerabilities
Ecosystems: packagist
Packages: magento/community-edition
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 months ago
Critical
GSA_kwCzR0hTQS1xbTVjLW03NnItMmhmcs4AA8Ip
Laravel RCE vulnerability in "cookie" session driver
Ecosystems: packagist
Packages: laravel/framework
Source: GitHub Advisory Database
Blast Radius: 56.8
Published: 2 months ago
Critical
GSA_kwCzR0hTQS0yZmZ2LXI0cjktcjh4cs4AA8Ie
Laravel RCE vulnerability in "cookie" session driver
Ecosystems: packagist
Packages: illuminate/cookie
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 months ago
Critical
GSA_kwCzR0hTQS05Z3h2LXg3cnAtcjJoY84AA8Ib
gree/jose - "None" Algorithm treated as valid in tokens
Ecosystems: packagist
Packages: gree/jose
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 months ago
Critical
GSA_kwCzR0hTQS1oNTMzLTV2MjItOHZjcM4AA8IT
firebase/php-jwt: "None" Algorithm treated as valid on tokens
Ecosystems: packagist
Packages: firebase/php-jwt
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 months ago
Critical
GSA_kwCzR0hTQS1qZjhjLTM2dnctOTh4NM4AA8HT
Drupal core Remote Code Execution
Ecosystems: packagist
Packages: drupal/drupal
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 months ago
Critical
GSA_kwCzR0hTQS1qang3LTg0NjItdzRtNM4AA8HS
Drupal Core Insufficient Contextual Links validation leads to Remote Code Execution
Ecosystems: packagist
Packages: drupal/drupal
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 months ago
Critical
GSA_kwCzR0hTQS03djY4LTNwcjUtaDNjcs4AA8HF
Drupal Core Insufficient Contextual Links validation leads to Remote Code Execution
Ecosystems: packagist
Packages: drupal/core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 months ago
Critical
GSA_kwCzR0hTQS02bWdwLXY1Y20tZ2hnNc4AA8HE
Drupal core Remote Code Execution
Ecosystems: packagist
Packages: drupal/core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 months ago
Critical
GSA_kwCzR0hTQS02cTl2LTRocTYtNW02N84AA8G_
Doctrine SQL injection vulnerability
Ecosystems: packagist
Packages: doctrine/orm
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 months ago
Critical
GSA_kwCzR0hTQS13eHh3LTVncTYtajJnNc4AA8G5
contao/core Insufficient input validation allows for code injection and remote execution
Ecosystems: packagist
Packages: contao/core
Source: GitHub Advisory Database
Blast Radius: 25.1
Published: 2 months ago
Critical
GSA_kwCzR0hTQS0yN3FyLTYzNm0td3hnMs4AA8GR
codeigniter/framework SQL injection in ODBC database driver
Ecosystems: packagist
Packages: codeigniter/framework
Source: GitHub Advisory Database
Blast Radius: 27.1
Published: 2 months ago
Critical
GSA_kwCzR0hTQS1oNjNjLXh2cGYtMjY0as4AA8GG
ADOdb SQL injection vulnerability
Ecosystems: packagist
Packages: adodb/adodb-php
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 months ago
Critical
GSA_kwCzR0hTQS00MnE3LTk1ajctdzYybc4AA8GE
Mautic is vulnerable to XSS vulnerability
Ecosystems: packagist
Packages: mautic/core
Source: GitHub Advisory Database
Blast Radius: 4.6
Published: 2 months ago
Critical
GSA_kwCzR0hTQS14M3dtLWhmZnItY2h3bc4AA8GB
Amazon JDBC Driver for Redshift SQL Injection via line comment generation
Ecosystems: maven
Packages: com.amazon.redshift:redshift-jdbc42
Source: GitHub Advisory Database
Blast Radius: 28.5
Published: 2 months ago
Critical
GSA_kwCzR0hTQS12cWM0LW1wajgtanhjaM4AA8Er
Grafana Race condition allowing privilege escalation
Ecosystems: go
Packages: github.com/grafana/grafana
Source: GitHub Advisory Database
Blast Radius: 16.6
Published: 2 months ago
Statistics
Advisories: 19,584
Packages: 8,642
Repositories: 1,336
Ecosystems: 12
Filter by Severity
Moderate 8,559 High 6,707 Critical 2,930 Low 1,073
Filter by Ecosystem
npm 960 maven 837 packagist 525 pypi 390 go 228 cargo 157 rubygems 111 nuget 49 actions 4 hex 4 swift 2
Filter by Package
magento/community-edition 35 dolibarr/dolibarr 25 com.fasterxml.jackson.core:jackson-databind 24 net.mingsoft:ms-mcms 18 org.jenkins-ci.main:jenkins-core 18 salt 17 moodle/moodle 15 drupal/core 14 com.liferay.portal:release.portal.bom 13 mlflow 13 topthink/framework 13 langchain 12 com.liferay.portal:release.dxp.bom 12 org.apache.dubbo:dubbo 12 org.apache.struts:struts2-core 11 magento/core 11 vm2 10 apache-airflow 10 drupal/drupal 10 org.xwiki.platform:xwiki-platform-oldcore 10 funadmin/funadmin 9 phpmyadmin/phpmyadmin 9 tensorflow 9 tensorflow-cpu 8 paddlepaddle 8 zendframework/zendframework1 8 froxlor/froxlor 8 tensorflow-gpu 8 org.xwiki.platform:xwiki-platform-web-templates 8 symfony/symfony 8 shopware/platform 8 org.jeecgframework.boot:jeecg-boot-common 8 rdiffweb 8 github.com/argoproj/argo-cd 7 studio-42/elfinder 7 rusqlite 7 ansible 7 parse-server 7 sequelize 7 org.xwiki.platform:xwiki-platform-administration-ui 7 gogs.io/gogs 7 zendframework/zendframework 6 github.com/answerdev/answer 6 thorsten/phpmyfaq 6 org.apache.shiro:shiro-core 6 ezsystems/ezpublish-kernel 6 aaptjs 6 org.apache.inlong:manager-pojo 5 typo3/cms 5 org.jeecgframework.boot:jeecg-boot-parent 5 safe-eval 5 nodebb 5 centreon/centreon 5 org.apache.activemq:activemq-client 5 org.xwiki.commons:xwiki-commons-xml 5 org.xwiki.platform:xwiki-platform-web 5 shopware/core 5 django 5 Microsoft.ChakraCore 5 steal 5 ckb 5 org.jenkins-ci.plugins:script-security 5 github.com/argoproj/argo-cd/v2 5 Pillow 5 mautic/core 5 prestashop/prestashop 5 mercurial 5 spree_auth_devise 4 contao/core-bundle 4 simplesamlphp/simplesamlphp 4 shopware/shopware 4 org.apache.tapestry:tapestry-core 4 org.jeecgframework.boot:jeecg-boot-base-core 4 safer-eval 4 openssl-src 4 feehi/cms 4 librenms/librenms 4 calibreweb 4 swagger-ui 4 contao/contao 4 craftcms/cms 4 github.com/hashicorp/vault 4 code.gitea.io/gitea 4 github.com/grafana/grafana 4 org.xwiki.platform:xwiki-platform-flamingo-skin-resources 4 org.apache.kylin:kylin-server-base 4 baserproject/basercms 4 org.cloudfoundry.identity:cloudfoundry-identity-server 4 realms-shim 4 org.eclipse.jetty:jetty-server 4 nukeviet/nukeviet 4 nilsteampassnet/teampass 4 org.apache.openmeetings:openmeetings-parent 4 net.opentsdb:opentsdb 4 org.xwiki.platform:xwiki-platform-appwithinminutes-ui 4 PaddlePaddle 4 Django 4 github.com/usememos/memos 4 apache-airflow-providers-apache-hive 4 pyload-ng 4 hermes-engine 4 org.apache.tomcat.embed:tomcat-embed-core 4 smallvec 4 messagepack-rs 4 tribalsystems/zenario 4 org.apache.inlong:manager-service 4 org.keycloak:keycloak-core 3 mongoose 3 silverstripe/framework 3 ezsystems/ezplatform-kernel 3 edu.stanford.nlp:stanford-corenlp 3 slpjs 3 dompdf/dompdf 3 browserify-shim 3 phpmailer/phpmailer 3 nvflare 3 handlebars 3 rubygems-update 3 ray 3 org.zenframework.z8.dependencies.commons:log4j-1.2.17 3 log4j:log4j 3 showdoc/showdoc 3 strapi 3 slp-validate 3 org.jeecgframework.boot:jeecg-boot-base 3 github.com/rancher/rancher 3 github.com/dexidp/dex 3 org.apache.logging.log4j:log4j-core 3 org.apache.hadoop:hadoop-common 3 org.apache.ignite:ignite-core 3 facade/ignition 3 codeigniter/framework 3 modoboa 3 codeigniter4/framework 3 org.springframework.security:spring-security-core 3 symfony/security 3 symfony/security-core 3 github.com/gofiber/fiber/v2 3 com.alibaba:dubbo 3 com.jflyfox:jflyfox_jfinal 3 com.hazelcast:hazelcast 3 org.xwiki.platform:xwiki-platform-search-ui 3 org.apache.inlong:manager-web 3 jsrsasign 3 id-map 3 ro.pippo:pippo-core 3 org.apache.storm:storm 3 lmdb 3 @openzeppelin/contracts-upgradeable 3 publify_core 3 org.jenkins-ci.plugins.workflow:workflow-cps 3 pimcore/pimcore 3 smarty/smarty 3 org.richfaces:richfaces-core 3 org.apache.solr:solr-parent 3 org.apache.any23:apache-any23 3 io.undertow:undertow-core 3 org.apache.linkis:linkis 3 adodb/adodb-php 3 elefant/cms 3 codiad/codiad 3 github.com/go-gitea/gitea 3 francoisjacquet/rosariosis 3 org.xwiki.platform:xwiki-platform-panels-ui 3 github.com/hashicorp/nomad 3 impresscms/impresscms 3 nokogiri 3 org.jenkins-ci.plugins:active-directory 3 io.dataease:dataease-plugin-common 3 org.apache.jmeter:ApacheJMeter 3 xcb 3 org.xwiki.platform:xwiki-platform-icon-ui 3 actix-web 3 github.com/pterodactyl/wings 3 org.apache.solr:solr-core 3 cobbler 3 org.xwiki.platform:xwiki-platform-flamingo-theme-ui 3 feathers-sequelize 3 ibexa/core 3 github.com/gogs/gogs 3 org.apache.ozone:ozone-main 3 pandasai 2 pagekit/pagekit 2 @soketi/soketi 2 org.xwiki.platform:xwiki-platform-scheduler-ui 2 com.sap.cloud.security.xsuaa:spring-xsuaa 2 org.xwiki.platform:xwiki-platform-notifications-ui 2 facturascripts/facturascripts 2 cockpit-hq/cockpit 2 org.xwiki.contrib:application-ckeditor-ui 2 scalyr-agent-2 2 badaso/core 2 org.apache.inlong:manager-dao 2 pyrocms/pyrocms 2 python-keystoneclient 2 puma 2 org.xwiki.platform:xwiki-platform-administration 2 failure 2 llama-index-core 2 Simple-Wayland-HotKey-Daemon 2
Filter by Repository
https://github.com/xwiki/xwiki-platform 83 https://github.com/FasterXML/jackson-databind 24 https://github.com/jenkinsci/jenkins 17 https://github.com/Dolibarr/dolibarr 15 https://github.com/saltstack/salt 14 https://github.com/apache/airflow 14 https://github.com/mlflow/mlflow 12 https://github.com/PaddlePaddle/Paddle 11 https://github.com/gogs/gogs 10 https://github.com/patriksimek/vm2 10 https://github.com/ming-soft/MCMS 10 https://github.com/magento/magento2 9 https://github.com/top-think/framework 9 https://github.com/jeecgboot/jeecg-boot 9 https://github.com/django/django 9 https://github.com/tensorflow/tensorflow 9 https://github.com/funadmin/funadmin 9 https://github.com/ikus060/rdiffweb 8 https://github.com/argoproj/argo-cd 8 https://github.com/langchain-ai/langchain 8 https://github.com/apache/inlong 8 https://github.com/Studio-42/elFinder 7 https://github.com/sequelize/sequelize 7 https://github.com/rusqlite/rusqlite 7 https://github.com/symfony/symfony 7 https://github.com/parse-community/parse-server 7 https://github.com/apache/struts 7 https://github.com/ansible/ansible 7 https://github.com/go-gitea/gitea 7 https://github.com/python-pillow/Pillow 7 https://github.com/xwiki/xwiki-commons 6 https://github.com/thorsten/phpmyfaq 6 https://github.com/answerdev/answer 6 https://github.com/shopware/platform 6 https://github.com/shenzhim/aaptjs 6 https://github.com/nervosnetwork/ckb 5 https://github.com/keycloak/keycloak 5 https://github.com/dromara/hutool 5 https://github.com/froxlor/froxlor 5 https://github.com/hacksparrow/safe-eval 5 https://github.com/PrestaShop/PrestaShop 5 https://github.com/apache/tomcat 5 https://github.com/NodeBB/NodeBB 5 https://github.com/moodle/moodle 5 https://github.com/stealjs/steal 5 https://github.com/solidusio/solidus_auth_devise 5 https://github.com/apache/activemq 5 https://github.com/usememos/memos 4 https://github.com/swagger-api/swagger-ui 4 https://github.com/ezsystems/ezpublish-kernel 4 https://github.com/OpenTSDB/opentsdb 4 https://github.com/spring-projects/spring-framework 4 https://github.com/pippo-java/pippo 4 https://github.com/liufee/cms 4 https://github.com/dompdf/dompdf 4 https://github.com/CVEProject/cvelist 4 https://github.com/pyload/pyload 4 https://github.com/janeczku/calibre-web 4 https://github.com/cloudfoundry/uaa 4 https://github.com/servo/rust-smallvec 4 https://github.com/otake84/messagepack-rs 4 https://github.com/grafana/grafana 4 https://github.com/hwchase17/langchain 4 https://github.com/contao/contao 4 https://github.com/jflyfox/jfinal_cms 3 https://github.com/ADOdb/ADOdb 3 https://github.com/octobercms/october 3 https://github.com/opencast/opencast 3 https://github.com/apache/camel 3 https://github.com/publify/publify 3 https://github.com/phpmyadmin/phpmyadmin 3 https://github.com/rancher/rancher 3 https://github.com/baserproject/basercms 3 https://github.com/modoboa/modoboa 3 https://github.com/chakra-core/ChakraCore 3 https://github.com/star7th/showdoc 3 https://github.com/dataease/dataease 3 https://github.com/PHPMailer/PHPMailer 3 https://github.com/simpleledger/slpjs 3 https://github.com/pterodactyl/wings 3 https://github.com/thlorenz/browserify-shim 3 https://github.com/cobbler/cobbler 3 https://github.com/smarty-php/smarty 3 https://github.com/run-llama/llama_index 3 https://github.com/rubygems/rubygems.org 3 https://github.com/jbroadway/elefant 3 https://github.com/strapi/strapi 3 https://github.com/simplesamlphp/simplesamlphp 3 https://github.com/dexidp/dex 3 https://github.com/denoland/deno 3 https://github.com/mautic/mautic 3 https://github.com/feathersjs-ecosystem/feathers-sequelize 3 https://github.com/neorazorx/facturascripts 3 https://github.com/shopware5/shopware 3 https://github.com/craftcms/cms 3 https://github.com/nukeviet/nukeviet 3 https://github.com/ezsystems/ezplatform-kernel 3 https://github.com/gofiber/fiber 3 https://github.com/github/securitylab 3 https://github.com/dwisiswant0/advisory 3 https://github.com/twisted/twisted 3 https://github.com/actix/actix-web 3 https://github.com/facade/ignition 3 https://github.com/centreon/centreon-archived 3 https://github.com/rubygems/rubygems 3 https://github.com/mbechler/marshalsec 3 https://github.com/TribalSystems/Zenario 3 https://github.com/apache/shiro 3 https://github.com/TeamSeri0us/pocs 3 https://github.com/ibexa/core 3 https://github.com/hazelcast/hazelcast 3 https://github.com/pimcore/pimcore 3 https://github.com/facebook/hermes 3 https://github.com/ImpressCMS/impresscms 3 https://github.com/shopware/shopware 3 https://github.com/kjur/jsrsasign 3 https://github.com/crewjam/saml 3 https://github.com/LetianYuan/My-CVE-Public-References 3 https://github.com/NVIDIA/NVFlare 3 https://github.com/andrewhickman/id-map 3 https://github.com/rust-lang-nursery/failure 2 https://github.com/jmrozanec/cron-utils 2 https://github.com/josdejong/mathjs 2 https://github.com/BerriAI/litellm 2 https://github.com/uasoft-indonesia/badaso 2 https://github.com/simpleledger/slp-validate.js 2 https://github.com/graphite-project/graphite-web 2 https://github.com/jfinal/jfinal 2 https://github.com/Automattic/mongoose 2 https://github.com/javamelody/javamelody 2 https://github.com/apache/jmeter 2 https://github.com/IceWhaleTech/CasaOS 2 https://github.com/rochacbruno/quokka 2 https://github.com/intelliants/subrion 2 https://github.com/OpenZeppelin/openzeppelin-contracts 2 https://github.com/HtmlUnit/htmlunit 2 https://github.com/http4s/http4s 2 https://github.com/russellhaering/gosaml2 2 https://github.com/jenkinsci/script-security-plugin 2 https://github.com/ahdinosaur/set-in 2 https://github.com/jenkinsci/semantic-versioning-plugin 2 https://github.com/kubernetes/kubernetes 2 https://github.com/Microsoft/ChakraCore 2 https://github.com/unshiftio/url-parse 2 https://github.com/scalyr/scalyr-agent-2 2 https://github.com/puma/puma 2 https://github.com/web2py/web2py 2 https://github.com/moby/buildkit 2 https://github.com/Kozea/Radicale 2 https://github.com/MrSwitch/hello.js 2 https://github.com/ibexa/admin-ui 2 https://github.com/evmos/evmos 2 https://github.com/viz-rs/nano-id 2 https://github.com/beego/beego 2 https://github.com/fluxcd/flux2 2 https://github.com/dominictarr/libnested 2 https://github.com/js-data/js-data 2 https://github.com/rubyzip/rubyzip 2 https://github.com/top-think/thinkphp 2 https://github.com/netvl/acc_reader 2 https://github.com/handlebars-lang/handlebars.js 2 https://github.com/qcubed/qcubed 2 https://github.com/SAP/cloud-pysec 2 https://github.com/keystonejs/keystone 2 https://github.com/hashicorp/vault 2 https://github.com/firebase/php-jwt 2 https://github.com/getgrav/grav 2 https://github.com/nats-io/jwt 2 https://github.com/ionicabizau/parse-url 2 https://github.com/apache/kylin 2 https://github.com/h2database/h2database 2 https://github.com/hashicorp/go-getter 2 https://github.com/cockpit-hq/cockpit 2 https://github.com/rest-client/rest-client 2 https://github.com/vufind-org/vufind 2 https://github.com/noear/solon 2 https://github.com/totaljs/framework 2 https://github.com/neo4j-contrib/neo4j-apoc-procedures 2 https://github.com/sidorares/node-mysql2 2 https://github.com/stanfordnlp/corenlp 2 https://github.com/nystudio107/craft-seomatic 2 https://github.com/parisneo/lollms 2 https://github.com/dominictarr/event-stream 2 https://github.com/folio-org/mod-data-export-spring 2 https://github.com/gnzlbg/slice_deque 2 https://github.com/drupal/core 2 https://github.com/Netflix/security-bulletins 2 https://gitlab.com/francoisjacquet/rosariosis 2 https://github.com/WWBN/AVideo 2 https://github.com/sparklemotion/nokogiri 2 https://github.com/nilsteampassnet/teampass 2 https://github.com/apache/dolphinscheduler 2 https://github.com/jaw187/node-traceroute 2 https://github.com/omrilotan/async-git 2 https://github.com/apache/karaf 2 https://github.com/dfinity/agent-js 2 https://github.com/benbusby/whoogle-search 2 https://github.com/laurent22/joplin 2 https://github.com/Codiad/Codiad 2