Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Critical Security Advisories

Loading...
Critical
GSA_kwCzR0hTQS01NGY2LTlteDktODZmN84AA2pn
SaToken privilege escalation vulnerability
Ecosystems: maven
Packages: cn.dev33:sa-token-core
Source: GitHub Advisory Database
Blast Radius: 19.9
Published: 6 months ago
Critical
GSA_kwCzR0hTQS0zajJmLTU4cnEtZzZwN84AA2o5
Sureness uses hardcoded key
Ecosystems: maven
Packages: com.usthe.sureness:sureness-core
Source: GitHub Advisory Database
Blast Radius: 10.9
Published: 6 months ago
Critical
GSA_kwCzR0hTQS04aDV3LWY2cTktd2czNc4AA2mm
Langchain SQL Injection vulnerability
Ecosystems: pypi
Packages: langchain
Source: GitHub Advisory Database
Blast Radius: 41.9
Published: 6 months ago
Critical
GSA_kwCzR0hTQS1wcWdtLTlnODItd2NtN84AA2mf
modoboa Cross-site Scripting vulnerability
Ecosystems: pypi
Packages: modoboa
Source: GitHub Advisory Database
Blast Radius: 11.8
Published: 6 months ago
Critical
GSA_kwCzR0hTQS00M2Z3LTUzNmotdzM3as4AA2kO
Yamcs API Directory Traversal vulnerability
Ecosystems: maven
Packages: org.yamcs:yamcs
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 6 months ago
Critical
GSA_kwCzR0hTQS03cDkyLXg0MjMtdndqNs4AA2gZ
Plonk verifier KZG multi point verification
Ecosystems: go
Packages: github.com/consensys/gnark
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
Critical
GSA_kwCzR0hTQS1yYzR2LTk5Y3ItcGpjbc4AA2gY
Prototype Pollution in ali-security/mongoose
Ecosystems: npm
Packages: @seal-security/mongoose-fixed
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 6 months ago
Critical
GSA_kwCzR0hTQS1oMnJtLTI5Y2gtd2ZtaM4AA2gS
XWiki Identity Oauth Privilege escalation (PR)/remote code execution from login screen through unescaped URL parameter
Ecosystems: maven
Packages: com.xwiki.identity-oauth:identity-oauth-ui
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 6 months ago
Critical
GSA_kwCzR0hTQS05NHc5LTk3cDMtcDM2OM4AA2gP
CSRF Token Reuse Vulnerability
Ecosystems: go
Packages: github.com/gofiber/fiber/v2
Source: GitHub Advisory Database
Blast Radius: 35.7
Published: 6 months ago
Critical
GSA_kwCzR0hTQS1mNzc2LXc5djItN3Zmas4AA2fh
XWiki Change Request Application UI XSS and remote code execution through change request title
Ecosystems: maven
Packages: org.xwiki.contrib.changerequest:application-changerequest-ui
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 6 months ago
Critical
GSA_kwCzR0hTQS1odjc5LXA2MnItd2czcM4AA2eZ
Cachet vulnerable to Authenticated Remote Code Execution
Ecosystems: packagist
Packages: cachethq/cachet
Source: GitHub Advisory Database
Blast Radius: 7.7
Published: 6 months ago
Critical
GSA_kwCzR0hTQS02N2h4LTZ4NTMtanc5Ms4AA2eW
Babel vulnerable to arbitrary code execution when compiling specifically crafted malicious code
Ecosystems: npm
Packages: babel-traverse, @babel/traverse
Source: GitHub Advisory Database
Blast Radius: 62.6
Published: 6 months ago
Critical
GSA_kwCzR0hTQS1ycDZ4LWdndzYtOGc1Ns4AA2do
Authorization Bypass in Apache InLong
Ecosystems: maven
Packages: org.apache.inlong:manager-pojo
Source: GitHub Advisory Database
Blast Radius: 14.5
Published: 6 months ago
Critical
GSA_kwCzR0hTQS1tcTI5LWo1eGYtY2p3cs4AA2cZ
pyminizip affected by zlib's integer overflow/heap based buffer overflow vulnerability due to vulnerable dependency
Ecosystems: pypi
Packages: pyminizip
Source: GitHub Advisory Database
Blast Radius: 21.2
Published: 6 months ago
Critical
GSA_kwCzR0hTQS13MzVwLXd4d2otcmNtOc4AA2bq
Server-Side Request Forgery (SSRF) in vriteio/vrite
Ecosystems: npm
Packages: @vrite/sdk
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
Critical
GSA_kwCzR0hTQS03Mjg2LXBnZnYtdnh2aM4AA2YZ
Authorization Bypass Through User-Controlled Key vulnerability in Apache ZooKeeper
Ecosystems: maven
Packages: org.apache.zookeeper:zookeeper
Source: GitHub Advisory Database
Blast Radius: 41.3
Published: 7 months ago
Critical
GSA_kwCzR0hTQS1nampyLTYzeDQtdjhjcc4AA2Tu
langchain_experimental vulnerable to arbitrary code execution via PALChain in the python exec method
Ecosystems: pypi
Packages: langchain-experimental
Source: GitHub Advisory Database
Blast Radius: 22.7
Published: 7 months ago
Critical
GSA_kwCzR0hTQS04cjZqLXY4cG0tZnF3M84AA2SB
Code injection in fsevents
Ecosystems: npm
Packages: fsevents
Source: GitHub Advisory Database
Blast Radius: 65.9
Published: 7 months ago
Critical
GSA_kwCzR0hTQS02MjJoLWgycDgtNzQzeM4AA2R2
JWT token compromise can allow malicious actions including Remote Code Execution (RCE)
Ecosystems: go
Packages: github.com/neuvector/neuvector
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 7 months ago
Critical
GSA_kwCzR0hTQS0yODltLTI5NjQtZjhxNc4AA2Rv
Puppet Bolt privilege escalation vulnerability
Ecosystems: rubygems
Packages: bolt
Source: GitHub Advisory Database
Blast Radius: 27.3
Published: 7 months ago
Critical
GSA_kwCzR0hTQS03eHZjLXY0NGotNDZmaM4AA2RG
geokit-rails Command Injection vulnerability
Ecosystems: rubygems
Packages: geokit-rails
Source: GitHub Advisory Database
Blast Radius: 29.8
Published: 7 months ago
Critical
GSA_kwCzR0hTQS04ZnhyLXFmcjktcDM0d84AA2Lz
TorchServe Server-Side Request Forgery vulnerability
Ecosystems: pypi
Packages: torchserve
Source: GitHub Advisory Database
Blast Radius: 20.3
Published: 7 months ago
Critical
GSA_kwCzR0hTQS00bXFnLWg1amYtajltN84AA2Ly
TorchServe Pre-Auth Remote Code Execution
Ecosystems: pypi
Packages: torchserve
Source: GitHub Advisory Database
Blast Radius: 20.8
Published: 7 months ago
Critical
GSA_kwCzR0hTQS01OHY3LTU4YzItcXdtOc4AA2Jv
phpMyFAQ Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: thorsten/phpmyfaq
Source: GitHub Advisory Database
Blast Radius: 5.5
Published: 7 months ago
Critical
GSA_kwCzR0hTQS1wcDR3LWc1cDQtODVwMs4AA2Jz
phpMyFAQ Cross-site Scripting vulnerability
Ecosystems: packagist
Packages: thorsten/phpmyfaq
Source: GitHub Advisory Database
Blast Radius: 5.4
Published: 7 months ago
Critical
GSA_kwCzR0hTQS1yanFnLTNoOW0tZng1eM4AA2IQ
Cache poisoning in drupal/core
Ecosystems: packagist
Packages: drupal/core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 7 months ago
Critical
GSA_kwCzR0hTQS05eGZxLThqM3IteHA1Z84AA2Hb
Consensys gnark-crypto allows Signature Malleability
Ecosystems: go
Packages: github.com/Consensys/gnark-crypto
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 months ago
Critical
GSA_kwCzR0hTQS1yNWhtLW1wM2otMjg1Z84AA2C4
sing-box vulnerable to improper authentication in the SOCKS inbound
Ecosystems: go
Packages: github.com/sagernet/sing, github.com/sagernet/sing-box
Source: GitHub Advisory Database
Blast Radius: 23.7
Published: 7 months ago
Critical
GSA_kwCzR0hTQS02Nm0yLTQ5M20tY3JoMs4AA2CV
Searchor CLI's Search vulnerable to Arbitrary Code using Eval
Ecosystems: pypi
Packages: searchor
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 7 months ago
Critical
GSA_kwCzR0hTQS14N20zLWpwcmctd2M1Z84AA2Bl
Gevent allows remote attacker to escalate privileges
Ecosystems: pypi
Packages: gevent
Source: GitHub Advisory Database
Blast Radius: 44.7
Published: 7 months ago
Critical
GSA_kwCzR0hTQS1yd2h4LTZoeDctcHFjOM4AA2As
SQL injection in jeecgboot
Ecosystems: maven
Packages: org.jeecgframework.boot:jeecg-boot-common
Source: GitHub Advisory Database
Blast Radius: 20.1
Published: 7 months ago
Critical
GSA_kwCzR0hTQS1wNDZnLThjM3EtODlwMs4AA2AM
FUXA SQL Injection vulnerability
Ecosystems: npm
Packages: fuxa-server
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 months ago
Critical
GSA_kwCzR0hTQS1neDZyLXFjMnYtM3Azds4AA1_3
systeminformation SSID Command Injection Vulnerability
Ecosystems: npm
Packages: systeminformation
Source: GitHub Advisory Database
Blast Radius: 41.2
Published: 7 months ago
Critical
GSA_kwCzR0hTQS1qNjQ2LWdqNXAtcDQ1Z84AA1_1
CefSharp affected by heap buffer overflow in WebP
Ecosystems: nuget
Packages: CefSharp.Common.NETCore, CefSharp.Common
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 months ago
Critical
GSA_kwCzR0hTQS12NXdmLWpnMzctcjltNc4AA1_y
SQLpage vulnerable to public exposure of database credentials
Ecosystems: cargo
Packages: sqlpage
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 months ago
Critical
GSA_kwCzR0hTQS03Y2ZxLTcydzItMjRxNM4AA1_W
Yii2 allows attackers to execute any local .php file via a relative path in the view parameter
Ecosystems: packagist
Packages: yiisoft/yii2
Source: GitHub Advisory Database
Blast Radius: 44.4
Published: 7 months ago
Critical
GSA_kwCzR0hTQS1wajk4LTJ4ZjYtY2ZmNc4AA19n
ReportLab vulnerable to remote code execution via paraparser
Ecosystems: pypi
Packages: reportlab
Source: GitHub Advisory Database
Blast Radius: 40.5
Published: 7 months ago
Critical
GSA_kwCzR0hTQS02MndmLWgyNnYtNW01N84AA19I
Cross Site Scripting vulnerability in Dolibarr ERP CRM
Ecosystems: packagist
Packages: dolibarr/dolibarr
Source: GitHub Advisory Database
Blast Radius: 7.5
Published: 7 months ago
Critical
GSA_kwCzR0hTQS12OTJmLWp4NnAtNzNyeM4AA18p
Improper Control of Generation of Code ('Code Injection') in jai-ext
Ecosystems: maven
Packages: it.geosolutions.jaiext.jiffle:jt-jiffle-language, it.geosolutions.jaiext.jiffle:jt-jiffle
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 months ago
Critical
GSA_kwCzR0hTQS12cGpjLTRqY3YtamMyOc4AA17t
NATS nats-server allows directory traversal via unintended path to a management action
Ecosystems: go
Packages: github.com/nats-io/nats-server
Source: GitHub Advisory Database
Blast Radius: 22.6
Published: 7 months ago
Critical
GSA_kwCzR0hTQS1yODdxLWZxMzctcHZyNs4AA17X
A remote command execution (RCE) vulnerability in the /api/runscript endpoint of FUXA
Ecosystems: npm
Packages: @frangoteam/fuxa
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 months ago
Critical
GSA_kwCzR0hTQS00dzhyLTN4cnctdjI1Z84AA12q
Craft CMS Remote Code Execution vulnerability
Ecosystems: packagist
Packages: craftcms/cms
Source: GitHub Advisory Database
Blast Radius: 34.4
Published: 7 months ago
Critical
GSA_kwCzR0hTQS1wM3I1LXgzaHItZ3BnNc4AA10e
OpenRefine Remote Code execution in project import with mysql jdbc url attack
Ecosystems: maven
Packages: org.openrefine:database
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 8 months ago
Critical
GSA_kwCzR0hTQS1md3IyLTY0dnIteHY5bc4AA1yv
Argo CD cluster secret might leak in cluster details page
Ecosystems: go
Packages: github.com/argoproj/argo-cd/v2
Source: GitHub Advisory Database
Blast Radius: 21.5
Published: 8 months ago
Critical
GSA_kwCzR0hTQS1yeGdmLXI4NDMtZzUzaM4AA1xh
hutool Buffer Overflow vulnerability
Ecosystems: maven
Packages: cn.hutool:hutool-json, cn.hutool:hutool-core
Source: GitHub Advisory Database
Blast Radius: 30.8
Published: 8 months ago
Critical
GSA_kwCzR0hTQS03cDhjLWNyZnItcTkzcM4AA1xg
hutool Buffer Overflow vulnerability
Ecosystems: maven
Packages: cn.hutool:hutool-json, cn.hutool:hutool-core
Source: GitHub Advisory Database
Blast Radius: 30.8
Published: 8 months ago
Critical
GSA_kwCzR0hTQS1tN3ZoLXBnZnEtdjRycc4AA1xW
Jeecg boot SQL Injection vulnerability
Ecosystems: maven
Packages: org.jeecgframework.boot:jeecg-boot-parent
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 8 months ago
Critical
GSA_kwCzR0hTQS05MnJ2LTRqMmgtOG1qas4AA1xE
Snappy PHAR deserialization vulnerability
Ecosystems: packagist
Packages: knplabs/knp-snappy
Source: GitHub Advisory Database
Blast Radius: 32.6
Published: 8 months ago
Critical
GSA_kwCzR0hTQS1ybXFwLTl3NGMtZ2M3d84AA1sf
Apache Axis 1.x (EOL) may allow RCE when untrusted input is passed to getService
Ecosystems: maven
Packages: axis:axis, org.apache.axis:axis
Source: GitHub Advisory Database
Blast Radius: 33.3
Published: 8 months ago
Critical
GSA_kwCzR0hTQS1oMjRjLTZwNnAtbTN2eM4AA1oF
tss-lib leaks secret keys in response to incorrectly constructed Paillier moduli
Ecosystems: go
Packages: github.com/bnb-chain/tss-lib
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 8 months ago
Critical
GSA_kwCzR0hTQS1mNzN3LTRtN2ctY2g5eM4AA1n1
Langchain vulnerable to arbitrary code execution via the evaluate function in the numexpr library
Ecosystems: pypi
Packages: langchain
Source: GitHub Advisory Database
Blast Radius: 41.9
Published: 8 months ago
Critical
GSA_kwCzR0hTQS1qMmdqLWczcDktN21ycs4AA1nC
Account TakeOver Due to Improper Handling of JWT Tokens in usememos/memos
Ecosystems: go
Packages: github.com/usememos/memos
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 8 months ago
Critical
GSA_kwCzR0hTQS05NXJwLTZncXAtNjYyMs4AA1lI
Command Injection Vulnerability in find-exec
Ecosystems: npm
Packages: find-exec
Source: GitHub Advisory Database
Blast Radius: 27.4
Published: 8 months ago
Critical
GSA_kwCzR0hTQS1taHA2LWp2cHgtMnA0bc4AA1jD
Heap-based buffer overflow in ZBar
Ecosystems: pypi
Packages: zbar
Source: GitHub Advisory Database
Blast Radius: 16.4
Published: 8 months ago
Critical
GSA_kwCzR0hTQS04eGhyLXgzdjgtcmdoas4AA1eR
XWiki Platform's Groovy jobs check the wrong author, allowing remote code execution
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-scheduler-api, com.xpn.xwiki.platform.plugins:xwiki-plugin-scheduler
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 8 months ago
Critical
GSA_kwCzR0hTQS03Z2ZxLWY5NmYtZzg1as4AA1dI
langchain vulnerable to arbitrary code execution
Ecosystems: pypi
Packages: langchain
Source: GitHub Advisory Database
Blast Radius: 41.9
Published: 8 months ago
Critical
GSA_kwCzR0hTQS01bWY4LXY0M3ctbWZ4cM4AA1aV
XWiki Platform privilege escalation (PR) from account through AWM content fields
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-appwithinminutes-ui
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 8 months ago
Critical
GSA_kwCzR0hTQS03OTU0LTZtOXEtZ3B2Zs4AA1Yx
XWiki Platform privilege escalation (PR)/RCE from account through Invitation subject/message
Ecosystems: maven
Packages: org.xwiki.platform:xwiki-platform-invitation-ui
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 8 months ago
Critical
GSA_kwCzR0hTQS02OHhnLWdxcW0tdmdqOM4AA1Yw
Puma HTTP Request/Response Smuggling vulnerability
Ecosystems: rubygems
Packages: puma
Source: GitHub Advisory Database
Blast Radius: 54.9
Published: 8 months ago
Critical
GSA_kwCzR0hTQS01cDQyLW02ZjMtaHBtas4AA1Wh
tree-kit Prototype Pollution vulnerability
Ecosystems: npm
Packages: tree-kit
Source: GitHub Advisory Database
Blast Radius: 29.9
Published: 8 months ago
Critical
GSA_kwCzR0hTQS1majMyLXE2MjYtcGpqY84AA1UA
LangChain vulnerable to arbitrary code execution
Ecosystems: pypi
Packages: langchain
Source: GitHub Advisory Database
Blast Radius: 41.9
Published: 8 months ago
Critical
GSA_kwCzR0hTQS14cnJoLWg4NnctcHdmas4AA1T6
Alluxio vulnerable to arbitrary code execution
Ecosystems: maven
Packages: org.alluxio:alluxio-parent
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 8 months ago
Critical
GSA_kwCzR0hTQS1wcmdwLXc3dmYtY2g2Ms4AA1T_
LangChain vulnerable to arbitrary code execution
Ecosystems: pypi
Packages: langchain
Source: GitHub Advisory Database
Blast Radius: 41.9
Published: 8 months ago
Critical
GSA_kwCzR0hTQS05Mmo1LTM0NTktcWdwNM4AA1T7
LangChain vulnerable to arbitrary code execution
Ecosystems: pypi
Packages: langchain
Source: GitHub Advisory Database
Blast Radius: 41.9
Published: 8 months ago
Critical
GSA_kwCzR0hTQS04ZnA5LTQzcHctNTZ2d84AA1UK
PandasAI vulnerable to arbitrary code execution
Ecosystems: pypi
Packages: pandasai
Source: GitHub Advisory Database
Blast Radius: 16.1
Published: 8 months ago
Critical
GSA_kwCzR0hTQS0yeHhjLTczZnYtMzZmN84AA1UC
llama-index vulnerable to arbitrary code execution
Ecosystems: pypi
Packages: llama-index
Source: GitHub Advisory Database
Blast Radius: 31.0
Published: 8 months ago
Critical
GSA_kwCzR0hTQS14YzJyLWpmMngtZ2pyOM4AA1Sy
external-svg-loader Cross-site Scripting vulnerability
Ecosystems: npm
Packages: external-svg-loader
Source: GitHub Advisory Database
Blast Radius: 15.1
Published: 8 months ago
Critical
GSA_kwCzR0hTQS1nM3ZmLTQ3ZnYtOGYzY84AA1QP
MrSwitch hello.js vulnerable to prototype pollution
Ecosystems: npm
Packages: hellojs
Source: GitHub Advisory Database
Blast Radius: 24.5
Published: 9 months ago
Critical
GSA_kwCzR0hTQS1wcjc2LTVjbTUtdzljas4AA1Py
GitPython vulnerable to remote code execution due to insufficient sanitization of input arguments
Ecosystems: pypi
Packages: GitPython
Source: GitHub Advisory Database
Blast Radius: 43.5
Published: 9 months ago
Critical
GSA_kwCzR0hTQS05YzRoLTNmN2gtMzIycs4AA1Lc
SES's dynamic import and spread operator provides possible path to arbitrary exfiltration and execution
Ecosystems: npm
Packages: ses
Source: GitHub Advisory Database
Blast Radius: 37.5
Published: 9 months ago
Critical
GSA_kwCzR0hTQS1nZjQ2LXBybTQtNTZwY84AA1LW
PrestaShop SQL manager vulnerability
Ecosystems: packagist
Packages: prestashop/prestashop
Source: GitHub Advisory Database
Blast Radius: 2.7
Published: 9 months ago
Critical
GSA_kwCzR0hTQS14Y3EzLTdwZjMtNWp2Y84AA1Ei
Cockpit PHP Remote File Inclusion vulnerability
Ecosystems: packagist
Packages: cockpit-hq/cockpit
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 9 months ago
Critical
GSA_kwCzR0hTQS1nd3FxLTZ2cTctNWo4Ns4AA1D8
langchain Code Injection vulnerability
Ecosystems: pypi
Packages: langchain
Source: GitHub Advisory Database
Blast Radius: 41.9
Published: 9 months ago
Critical
GSA_kwCzR0hTQS13N3ZtLTR2M2otdmdwd84AA1Db
PyroCMS remote code execution vulnerability
Ecosystems: packagist
Packages: pyrocms/pyrocms
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 9 months ago
Critical
GSA_kwCzR0hTQS1qajk1LTU1Y3ItOTU5N84AA1Co
Aerospike Java Client vulnerable to unsafe deserialization of server responses
Ecosystems: maven
Packages: com.aerospike:aerospike-client
Source: GitHub Advisory Database
Blast Radius: 23.2
Published: 9 months ago
Critical
GSA_kwCzR0hTQS1nNnc2LWg5MzMtNHJjNc4AA1Cn
Soketi was exposed to Sandbox Escape vulnerability via vm2
Ecosystems: npm
Packages: @soketi/soketi
Source: GitHub Advisory Database
Blast Radius: 7.6
Published: 9 months ago
Critical
GSA_kwCzR0hTQS04aHg2LXF2NmYteGdjd84AA0_P
MindsDB can be made to not verify SSL certificates
Ecosystems: pypi
Packages: MindsDB
Source: GitHub Advisory Database
Blast Radius: 17.1
Published: 9 months ago
Critical
GSA_kwCzR0hTQS03YzI4LXdnN3ItcGc2Zs4AA0-u
RaspAP Command Injection vulnerability
Ecosystems: packagist
Packages: billz/raspap-webgui
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 9 months ago
Critical
GSA_kwCzR0hTQS1wNmh3LXdtNTktM2c1Z84AA0-Q
Sydent does not verify email server certificates
Ecosystems: pypi
Packages: matrix-sydent
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 9 months ago
Critical
GSA_kwCzR0hTQS04d3d3LWNmZmgtNHE5OM4AA08I
Anyone with a share link can RESET all website data in Umami
Ecosystems: npm
Packages: umami
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 9 months ago
Critical
GSA_kwCzR0hTQS05OXA1LXFwcXgtbWh3Y84AA08H
Code injection in BoofCV
Ecosystems: maven
Packages: org.boofcv:boofcv-core
Source: GitHub Advisory Database
Blast Radius: 15.9
Published: 9 months ago
Critical
GSA_kwCzR0hTQS13cDZjLTI5cjMtanF3Oc4AA08A
SQL injection in jeecg-boot
Ecosystems: maven
Packages: org.jeecgframework.boot:jeecg-boot-common
Source: GitHub Advisory Database
Blast Radius: 20.1
Published: 9 months ago
Critical
GSA_kwCzR0hTQS04NTltLTJwZngtZndoZs4AA08D
Code injection in oscore
Ecosystems: maven
Packages: opensymphony:oscore
Source: GitHub Advisory Database
Blast Radius: 18.3
Published: 9 months ago
Critical
GSA_kwCzR0hTQS1wODNxLTk5cmMtdmZtds4AA073
Code injection in Duke
Ecosystems: maven
Packages: no.priv.garshol.duke:duke
Source: GitHub Advisory Database
Blast Radius: 16.4
Published: 9 months ago
Critical
GSA_kwCzR0hTQS0zNTNtLWpoMm0tNzJ2NM4AA08F
Code injection in stanford-parser
Ecosystems: maven
Packages: edu.stanford.nlp:stanford-parser
Source: GitHub Advisory Database
Blast Radius: 23.3
Published: 9 months ago
Critical
GSA_kwCzR0hTQS1ncnZxLXZqcXIteDh2bc4AA076
Code injection in webmagic-core
Ecosystems: maven
Packages: us.codecraft:webmagic-core
Source: GitHub Advisory Database
Blast Radius: 31.6
Published: 9 months ago
Critical
GSA_kwCzR0hTQS0yaDI2LXFmeG0tcjNwcc4AA08E
Code injection in PowerJob
Ecosystems: maven
Packages: tech.powerjob:powerjob-common
Source: GitHub Advisory Database
Blast Radius: 5.9
Published: 9 months ago
Critical
GSA_kwCzR0hTQS1meDN2LTR3M3ctd3B3cs4AA08G
Code injection in wix-embedded-mysql
Ecosystems: maven
Packages: com.wix:wix-embedded-mysql
Source: GitHub Advisory Database
Blast Radius: 20.4
Published: 9 months ago
Critical
GSA_kwCzR0hTQS05cTl2LXFnd3gtODRtcs4AA05R
Command injection in PaddlePaddle
Ecosystems: pypi
Packages: paddlepaddle
Source: GitHub Advisory Database
Blast Radius: 32.4
Published: 9 months ago
Critical
GSA_kwCzR0hTQS1xOGNtLTN2NjItamo3Oc4AA04Z
Remote code execution in Apache Jackrabbit
Ecosystems: maven
Packages: org.apache.jackrabbit:jackrabbit-standalone-components, org.apache.jackrabbit:jackrabbit-standalone, org.apache.jackrabbit:jackrabbit-webapp
Source: GitHub Advisory Database
Blast Radius: 13.0
Published: 9 months ago
Critical
GSA_kwCzR0hTQS12aDJnLTZjNHgtNWhtcM4AA04I
Path traversal and code execution via prototype vulnerability
Ecosystems: npm
Packages: nodebb
Source: GitHub Advisory Database
Blast Radius: 4.8
Published: 9 months ago
Critical
GSA_kwCzR0hTQS12Zjc4LTNxOWYtOTJnM84AA04H
Hard-coded System User Credentials in Folio Data Export Spring module
Ecosystems: maven
Packages: org.folio:mod-data-export-spring
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 9 months ago
Critical
GSA_kwCzR0hTQS1yNXB2LTdnODktY3htY84AA04B
SQL injection in audit endpoint
Ecosystems: maven
Packages: org.apache.inlong:manager-service
Source: GitHub Advisory Database
Blast Radius: 15.1
Published: 9 months ago
Critical
GSA_kwCzR0hTQS1wbWhjLTJnNGYtODVjZ84AA03a
Path Traversal in Apache Shiro
Ecosystems: maven
Packages: org.apache.shiro:shiro-web
Source: GitHub Advisory Database
Blast Radius: 39.6
Published: 9 months ago
Critical
GSA_kwCzR0hTQS03NTdwLXZ4NDMtZnA5cs4AA01i
KubePi Privilege Escalation vulnerability
Ecosystems: go
Packages: github.com/KubeOperator/kubepi
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 9 months ago
Critical
GSA_kwCzR0hTQS00bWg4LTl3cTYtcmp4Z84AA00j
OpenAM vulnerable to user impersonation using SAMLv1.x SSO process
Ecosystems: maven
Packages: org.openidentityplatform.openam:openam-federation-library
Source: GitHub Advisory Database
Blast Radius: 7.1
Published: 9 months ago
Critical
GSA_kwCzR0hTQS0zaDZmLWc1ZjMtZ2M0d84AA0zc
Access Control Bypass in Spring Security
Ecosystems: maven
Packages: org.springframework.security:spring-security-config
Source: GitHub Advisory Database
Blast Radius: 43.8
Published: 9 months ago
Critical
GSA_kwCzR0hTQS1mbXhqLTZoOWctNnZ3M84AA0y8
MLflow Path Traversal vulnerability
Ecosystems: pypi
Packages: mlflow
Source: GitHub Advisory Database
Blast Radius: 37.1
Published: 9 months ago
Critical
GSA_kwCzR0hTQS12Z2htLThjanAtaGp3Ns4AA0xF
postgraas-server vulnerable to SQL injection
Ecosystems: pypi
Packages: postgraas-server
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 9 months ago
Critical
GSA_kwCzR0hTQS1tNXE1LThtZnctcDJocs4AA0vD
CasaOS contains weak JWT secrets
Ecosystems: go
Packages: github.com/IceWhaleTech/CasaOS
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 9 months ago
Statistics
Advisories: 17,985
Packages: 8,213
Repositories: 1,274
Ecosystems: 12
Filter by Severity
Moderate 7,726 High 6,244 Critical 2,768 Low 965
Filter by Ecosystem
npm 952 maven 823 packagist 432 pypi 351 go 210 cargo 152 rubygems 110 nuget 49 actions 4 hex 4 swift 2
Filter by Package
magento/community-edition 27 com.fasterxml.jackson.core:jackson-databind 24 dolibarr/dolibarr 23 net.mingsoft:ms-mcms 18 org.jenkins-ci.main:jenkins-core 18 moodle/moodle 15 salt 14 com.liferay.portal:release.portal.bom 13 com.liferay.portal:release.dxp.bom 12 org.apache.dubbo:dubbo 12 mlflow 12 langchain 12 topthink/framework 12 org.apache.struts:struts2-core 11 drupal/core 11 magento/core 11 apache-airflow 10 vm2 10 phpmyadmin/phpmyadmin 9 funadmin/funadmin 9 org.xwiki.platform:xwiki-platform-oldcore 9 tensorflow 9 tensorflow-gpu 8 rdiffweb 8 shopware/platform 8 org.jeecgframework.boot:jeecg-boot-common 8 paddlepaddle 8 org.xwiki.platform:xwiki-platform-web-templates 8 tensorflow-cpu 8 drupal/drupal 8 studio-42/elfinder 7 org.xwiki.platform:xwiki-platform-administration-ui 7 sequelize 7 rusqlite 7 ansible 7 gogs.io/gogs 7 aaptjs 6 parse-server 6 symfony/symfony 6 github.com/argoproj/argo-cd 6 thorsten/phpmyfaq 6 github.com/answerdev/answer 6 Microsoft.ChakraCore 5 org.xwiki.platform:xwiki-platform-web 5 org.apache.activemq:activemq-client 5 org.apache.tomcat.embed:tomcat-embed-core 5 org.jenkins-ci.plugins:script-security 5 django 5 ezsystems/ezpublish-kernel 5 nodebb 5 Pillow 5 org.apache.shiro:shiro-core 5 steal 5 shopware/core 5 org.xwiki.commons:xwiki-commons-xml 5 org.apache.inlong:manager-pojo 5 safe-eval 5 froxlor/froxlor 5 ckb 5 org.jeecgframework.boot:jeecg-boot-parent 5 centreon/centreon 5 zendframework/zendframework 5 org.apache.kylin:kylin-server-base 4 org.xwiki.platform:xwiki-platform-appwithinminutes-ui 4 github.com/hashicorp/vault 4 pyload-ng 4 org.apache.openmeetings:openmeetings-parent 4 org.apache.inlong:manager-service 4 org.jeecgframework.boot:jeecg-boot-base-core 4 librenms/librenms 4 org.xwiki.platform:xwiki-platform-flamingo-skin-resources 4 Django 4 org.eclipse.jetty:jetty-server 4 safer-eval 4 smallvec 4 calibreweb 4 org.apache.tapestry:tapestry-core 4 hermes-engine 4 org.cloudfoundry.identity:cloudfoundry-identity-server 4 openssl-src 4 apache-airflow-providers-apache-hive 4 spree_auth_devise 4 nilsteampassnet/teampass 4 net.opentsdb:opentsdb 4 github.com/usememos/memos 4 feehi/cms 4 prestashop/prestashop 4 github.com/argoproj/argo-cd/v2 4 PaddlePaddle 4 baserproject/basercms 4 swagger-ui 4 messagepack-rs 4 code.gitea.io/gitea 4 nukeviet/nukeviet 4 realms-shim 4 rubygems-update 3 com.jflyfox:jflyfox_jfinal 3 org.apache.linkis:linkis 3 org.apache.storm:storm 3 feathers-sequelize 3 elefant/cms 3 edu.stanford.nlp:stanford-corenlp 3 showdoc/showdoc 3 lmdb 3 nokogiri 3 github.com/pterodactyl/wings 3 github.com/go-gitea/gitea 3 ibexa/core 3 zendframework/zendframework1 3 org.apache.inlong:manager-web 3 github.com/hashicorp/nomad 3 com.alibaba:dubbo 3 strapi 3 slpjs 3 dompdf/dompdf 3 browserify-shim 3 cobbler 3 mongoose 3 org.springframework.security:spring-security-core 3 org.apache.any23:apache-any23 3 francoisjacquet/rosariosis 3 org.apache.dolphinscheduler:dolphinscheduler 3 @openzeppelin/contracts-upgradeable 3 typo3/cms 3 craftcms/cms 3 impresscms/impresscms 3 org.jenkins-ci.plugins.workflow:workflow-cps 3 id-map 3 log4j:log4j 3 org.zenframework.z8.dependencies.commons:log4j-1.2.17 3 phpmailer/phpmailer 3 handlebars 3 org.apache.ignite:ignite-core 3 org.apache.ozone:ozone-main 3 nvflare 3 publify_core 3 org.keycloak:keycloak-core 3 codeigniter4/framework 3 xcb 3 org.jeecgframework.boot:jeecg-boot-base 3 mautic/core 3 pimcore/pimcore 3 modoboa 3 org.apache.logging.log4j:log4j-core 3 org.apache.hadoop:hadoop-common 3 github.com/dexidp/dex 3 jsrsasign 3 com.hazelcast:hazelcast 3 actix-web 3 ezsystems/ezplatform-kernel 3 smarty/smarty 3 org.xwiki.platform:xwiki-platform-search-ui 3 org.xwiki.platform:xwiki-platform-panels-ui 3 org.xwiki.platform:xwiki-platform-flamingo-theme-ui 3 github.com/rancher/rancher 3 io.undertow:undertow-core 3 io.dataease:dataease-plugin-common 3 ray 3 org.apache.solr:solr-parent 3 org.xwiki.platform:xwiki-platform-icon-ui 3 org.richfaces:richfaces-core 3 org.apache.jmeter:ApacheJMeter 3 facade/ignition 3 ro.pippo:pippo-core 3 tribalsystems/zenario 3 org.apache.solr:solr-core 3 slp-validate 3 org.jenkins-ci.plugins:active-directory 3 openmage/magento-lts 2 silverstripe/framework 2 org.apache.commons:commons-configuration2 2 org.apache.shiro:shiro-spring 2 typo3/phar-stream-wrapper 2 Simple-Wayland-HotKey-Daemon 2 github.com/KubeOperator/kubepi 2 github.com/crewjam/saml 2 vyper 2 org.apache.ranger:ranger 2 AjaxNetProfessional 2 rest-client 2 io.vertx:vertx-web 2 org.apache.derby:derby 2 ses 2 symfony/security-core 2 symfony/security 2 zoujingli/thinkadmin 2 nystudio107/craft-seomatic 2 Plone 2 zendframework/zend-db 2 github.com/apache/trafficcontrol 2 net.bull.javamelody:javamelody-core 2 dns-sync 2 puma 2 com.jfinal:jfinal 2 python-keystoneclient 2 org.apache.pulsar:pulsar 2 electron 2 org.springframework.amqp:spring-amqp 2 github.com/fluxcd/kustomize-controller 2 pandasai 2
Filter by Repository
https://github.com/xwiki/xwiki-platform 81 https://github.com/FasterXML/jackson-databind 24 https://github.com/jenkinsci/jenkins 17 https://github.com/Dolibarr/dolibarr 15 https://github.com/apache/airflow 14 https://github.com/saltstack/salt 13 https://github.com/mlflow/mlflow 11 https://github.com/PaddlePaddle/Paddle 11 https://github.com/ming-soft/MCMS 10 https://github.com/patriksimek/vm2 10 https://github.com/jeecgboot/jeecg-boot 9 https://github.com/funadmin/funadmin 9 https://github.com/tensorflow/tensorflow 9 https://github.com/langchain-ai/langchain 8 https://github.com/top-think/framework 8 https://github.com/django/django 8 https://github.com/apache/inlong 8 https://github.com/ikus060/rdiffweb 8 https://github.com/magento/magento2 8 https://github.com/Studio-42/elFinder 7 https://github.com/ansible/ansible 7 https://github.com/gogs/gogs 7 https://github.com/python-pillow/Pillow 7 https://github.com/sequelize/sequelize 7 https://github.com/argoproj/argo-cd 7 https://github.com/apache/struts 7 https://github.com/rusqlite/rusqlite 7 https://github.com/go-gitea/gitea 7 https://github.com/shenzhim/aaptjs 6 https://github.com/answerdev/answer 6 https://github.com/shopware/platform 6 https://github.com/thorsten/phpmyfaq 6 https://github.com/parse-community/parse-server 6 https://github.com/xwiki/xwiki-commons 6 https://github.com/keycloak/keycloak 5 https://github.com/moodle/moodle 5 https://github.com/nervosnetwork/ckb 5 https://github.com/apache/activemq 5 https://github.com/solidusio/solidus_auth_devise 5 https://github.com/stealjs/steal 5 https://github.com/froxlor/froxlor 5 https://github.com/symfony/symfony 5 https://github.com/NodeBB/NodeBB 5 https://github.com/apache/tomcat 5 https://github.com/hacksparrow/safe-eval 5 https://github.com/swagger-api/swagger-ui 4 https://github.com/janeczku/calibre-web 4 https://github.com/dompdf/dompdf 4 https://github.com/ezsystems/ezpublish-kernel 4 https://github.com/pippo-java/pippo 4 https://github.com/dromara/hutool 4 https://github.com/liufee/cms 4 https://github.com/spring-projects/spring-framework 4 https://github.com/servo/rust-smallvec 4 https://github.com/cloudfoundry/uaa 4 https://github.com/hwchase17/langchain 4 https://github.com/pyload/pyload 4 https://github.com/usememos/memos 4 https://github.com/CVEProject/cvelist 4 https://github.com/PrestaShop/PrestaShop 4 https://github.com/OpenTSDB/opentsdb 4 https://github.com/otake84/messagepack-rs 4 https://github.com/neorazorx/facturascripts 3 https://github.com/github/securitylab 3 https://github.com/dexidp/dex 3 https://github.com/feathersjs-ecosystem/feathers-sequelize 3 https://github.com/apache/shiro 3 https://github.com/baserproject/basercms 3 https://github.com/pterodactyl/wings 3 https://github.com/simpleledger/slpjs 3 https://github.com/phpmyadmin/phpmyadmin 3 https://github.com/smarty-php/smarty 3 https://github.com/cobbler/cobbler 3 https://github.com/opencast/opencast 3 https://github.com/facade/ignition 3 https://github.com/TeamSeri0us/pocs 3 https://github.com/rubygems/rubygems.org 3 https://github.com/facebook/hermes 3 https://github.com/mbechler/marshalsec 3 https://github.com/hazelcast/hazelcast 3 https://github.com/jflyfox/jfinal_cms 3 https://github.com/pimcore/pimcore 3 https://github.com/star7th/showdoc 3 https://github.com/rancher/rancher 3 https://github.com/ImpressCMS/impresscms 3 https://github.com/publify/publify 3 https://github.com/dwisiswant0/advisory 3 https://github.com/centreon/centreon-archived 3 https://github.com/shopware/shopware 3 https://github.com/LetianYuan/My-CVE-Public-References 3 https://github.com/kjur/jsrsasign 3 https://github.com/chakra-core/ChakraCore 3 https://github.com/dataease/dataease 3 https://github.com/run-llama/llama_index 3 https://github.com/jbroadway/elefant 3 https://github.com/apache/camel 3 https://github.com/strapi/strapi 3 https://github.com/ibexa/core 3 https://github.com/octobercms/october 3 https://github.com/NVIDIA/NVFlare 3 https://github.com/denoland/deno 3 https://github.com/crewjam/saml 3 https://github.com/thlorenz/browserify-shim 3 https://github.com/twisted/twisted 3 https://github.com/craftcms/cms 3 https://github.com/nukeviet/nukeviet 3 https://github.com/PHPMailer/PHPMailer 3 https://github.com/ezsystems/ezplatform-kernel 3 https://github.com/rubygems/rubygems 3 https://github.com/actix/actix-web 3 https://github.com/modoboa/modoboa 3 https://github.com/andrewhickman/id-map 3 https://github.com/handlebars-lang/handlebars.js 2 https://github.com/nats-io/jwt 2 https://github.com/SAP/cloud-pysec 2 https://github.com/zoujingli/ThinkAdmin 2 https://github.com/qcubed/qcubed 2 https://github.com/rest-client/rest-client 2 https://github.com/nystudio107/craft-seomatic 2 https://github.com/Automattic/mongoose 2 https://github.com/netvl/acc_reader 2 https://github.com/jmrozanec/cron-utils 2 https://github.com/rubyzip/rubyzip 2 https://github.com/jfinal/jfinal 2 https://github.com/apache/kylin 2 https://github.com/waycrate/swhkd 2 https://github.com/TribalSystems/Zenario 2 https://github.com/codeigniter4/CodeIgniter4 2 https://github.com/laurent22/joplin 2 https://github.com/rochacbruno/quokka 2 https://github.com/gventuri/pandas-ai 2 https://github.com/dominictarr/event-stream 2 https://github.com/pytorch/serve 2 https://github.com/KnpLabs/snappy 2 https://github.com/gnzlbg/slice_deque 2 https://github.com/benbusby/whoogle-search 2 https://github.com/ADOdb/ADOdb 2 https://github.com/javamelody/javamelody 2 https://github.com/folio-org/mod-data-export-spring 2 https://github.com/Netflix/security-bulletins 2 https://github.com/sjep/array 2 https://github.com/simpleledger/slp-validate.js 2 https://github.com/OpenAPITools/openapi-generator 2 https://github.com/nodejs/llhttp 2 https://github.com/apache/submarine 2 https://github.com/drupal/core 2 https://github.com/getgrav/grav 2 https://github.com/neo4j-contrib/neo4j-apoc-procedures 2 https://github.com/kubernetes/kubernetes 2 https://github.com/http4s/http4s 2 https://github.com/js-data/js-data 2 https://github.com/Microsoft/ChakraCore 2 https://github.com/grafana/grafana 2 https://github.com/fluxcd/flux2 2 https://github.com/ibexa/admin-ui 2 https://github.com/unshiftio/url-parse 2 https://github.com/dominictarr/libnested 2 https://github.com/beego/beego 2 https://github.com/centreon/centreon 2 https://github.com/ezsystems/ezplatform-admin-ui 2 https://github.com/MrSwitch/hello.js 2 https://github.com/puma/puma 2 https://github.com/apache/incubator-streampark 2 https://github.com/evmos/evmos 2 https://github.com/moby/buildkit 2 https://github.com/top-think/thinkphp 2 https://github.com/noear/solon 2 https://github.com/michaelschwarz/Ajax.NET-Professional 2 https://github.com/hashicorp/vault 2 https://github.com/h2database/h2database 2 https://github.com/ionicabizau/parse-url 2 https://github.com/totaljs/framework 2 https://github.com/jenkinsci/semantic-versioning-plugin 2 https://github.com/HtmlUnit/htmlunit 2 https://github.com/cockpit-hq/cockpit 2 https://github.com/stanfordnlp/corenlp 2 https://github.com/keystonejs/keystone 2 https://github.com/russellhaering/gosaml2 2 https://github.com/jenkinsci/script-security-plugin 2 https://github.com/ahdinosaur/set-in 2 https://github.com/sidorares/node-mysql2 2 https://github.com/web2py/web2py 2 https://github.com/mautic/mautic 2 https://github.com/markevans/dragonfly 2 https://github.com/line/armeria 2 https://github.com/omrilotan/async-git 2 https://github.com/kujirahand/nadesiko3 2 https://github.com/OpenZeppelin/openzeppelin-contracts-upgradeable 2 https://github.com/uasoft-indonesia/badaso 2 https://github.com/openstack/python-keystoneclient 2 https://github.com/apache/karaf 2 https://github.com/reem/rust-traitobject 2 https://github.com/apache/dubbo 2 https://github.com/gofiber/fiber 2 https://github.com/Agoric/realms-shim 2 https://github.com/alextselegidis/easyappointments 2 https://github.com/actix/actix-net 2 https://github.com/dfinity/agent-js 2 https://github.com/apache/flume 2