Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

High Security Advisories

Browse all Security Advisories for High

Loading...
High
GSA_kwCzR0hTQS1namNjLWp2Z3ctd3Z3as4ABBmv
Litestar allows unbounded resource consumption (DoS vulnerability)
Ecosystems: pypi
Packages: litestar
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 9 hours ago
High
GSA_kwCzR0hTQS03MjI1LW05NTQtMjN2N84ABBlx
ASA-2024-010: cosmossdk.io/math: Mismatched bit-length validation in sdk.Int and sdk.Dec can lead to panic
Ecosystems: go
Packages: cosmossdk.io/math
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 12 hours ago
High
GSA_kwCzR0hTQS1qNWhxLTVqY3IteHd4N84ABBlw
github.com/rancher/steve's users can issue watch commands for arbitrary resources
Ecosystems: go
Packages: github.com/rancher/steve
Source: GitHub Advisory Database
Blast Radius: 15.5
Published: about 12 hours ago
High
GSA_kwCzR0hTQS01amZ3LWdxNjQtcTQ1Zs4ABBj9
HTML Cleaner allows crafted scripts in special contexts like svg or math to pass through
Ecosystems: pypi
Packages: lxml-html-clean
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 1 day ago
High
GSA_kwCzR0hTQS12Z2dtLTM0Nzgtdm01bc4ABBeR
Graylog concurrent PDF report rendering can leak other users' reports
Ecosystems: maven
Packages: org.graylog:graylog-parent
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 2 days ago
High
GSA_kwCzR0hTQS03Y2M5LWo0bXYtdmNqcM4ABBeQ
XXE in PHPSpreadsheet's XLSX reader
Ecosystems: packagist
Packages: phpoffice/phpspreadsheet
Source: GitHub Advisory Database
Blast Radius: 32.3
Published: 2 days ago
High
GSA_kwCzR0hTQS1qdzR4LXY2OWYtaGg1d84ABBeP
XmlScanner bypass leads to XXE
Ecosystems: packagist
Packages: phpoffice/phpspreadsheet
Source: GitHub Advisory Database
Blast Radius: 32.3
Published: 2 days ago
High
GSA_kwCzR0hTQS0zanJ2LWpncDgtNDV2M84ABBcA
Undertow incorrectly parses cookies
Ecosystems: maven
Packages: io.undertow:undertow-core
Source: GitHub Advisory Database
Blast Radius: 27.5
Published: 4 days ago
High
GSA_kwCzR0hTQS1oN3dxLWpqOHItcW03cM4ABBb-
Kubernetes Nil pointer dereference in KCM after v1 HPA patch request
Ecosystems: go
Packages: k8s.io/kubernetes
Source: GitHub Advisory Database
Blast Radius: 33.2
Published: 4 days ago
High
GSA_kwCzR0hTQS04Zmg0LTk0MnItamYyZ84ABBab
LibreNMS has a Stored XSS ('Cross-site Scripting') in librenms/includes/html/pages/device/services.inc.php
Ecosystems: packagist
Packages: librenms/librenms
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: 5 days ago
High
GSA_kwCzR0hTQS1waG00LXdmM2gtcGMzcs4ABBaC
Unpatched Remote Code Execution in Gogs
Ecosystems: go
Packages: gogs.io/gogs
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 days ago
High
GSA_kwCzR0hTQS1ndjRtLWY2ZngtODU5eM4ABBZJ
LibreNMS has a Stored XSS ('Cross-site Scripting') in librenms/includes/html/print-customoid.php
Ecosystems: packagist
Packages: librenms/librenms
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: 6 days ago
High
GSA_kwCzR0hTQS0yOHA3LWY2aDYtM2poM84ABBZI
LibreNMS has a Reflected XSS ('Cross-site Scripting') in librenms/includes/html/pages/wireless.inc.php
Ecosystems: packagist
Packages: librenms/librenms
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: 6 days ago
High
GSA_kwCzR0hTQS1wNjZxLXBwd3ItcTVqOM4ABBZH
LibreNMS has a Stored XSS ('Cross-site Scripting') in librenms/includes/html/dev-overview-data.inc.php
Ecosystems: packagist
Packages: librenms/librenms
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: 6 days ago
High
GSA_kwCzR0hTQS03NjYzLTM3cmctYzM3N84ABBZG
LibreNMS has a Stored XSS ('Cross-site Scripting') in librenms/app/Http/Controllers/Table/EditPortsController.php
Ecosystems: packagist
Packages: librenms/librenms
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: 6 days ago
High
GSA_kwCzR0hTQS00bTVyLXcycnEtcTU0cc4ABBZF
LibreNMS has a Persistent XSS from Insecure Input Sanitization Affects Multiple Endpoints
Ecosystems: packagist
Packages: librenms/librenms
Source: GitHub Advisory Database
Blast Radius: 2.2
Published: 6 days ago
High
GSA_kwCzR0hTQS1xcjhmLTVxcWctajN3Z84ABBZE
LibreNMS has a Stored XSS ('Cross-site Scripting') in librenms/includes/html/pages/device/overview/services.inc.php
Ecosystems: packagist
Packages: librenms/librenms
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: 6 days ago
High
GSA_kwCzR0hTQS12N3c5LTYzeGgtNnIzd84ABBZD
LibreNMS has a Reflected XSS ('Cross-site Scripting') in librenms/includes/functions.php
Ecosystems: packagist
Packages: librenms/librenms
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: 6 days ago
High
GSA_kwCzR0hTQS14aDRnLWM5cDYtNWp4Z84ABBY1
LibreNMS has a Stored XSS ('Cross-site Scripting') in librenms/app/Http/Controllers/Table/EditPortsController.php
Ecosystems: packagist
Packages: librenms/librenms
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: 6 days ago
High
GSA_kwCzR0hTQS1ybXI0LXg2YzktamM2OM4ABBY0
LibreNMS has a Stored XSS ('Cross-site Scripting') in librenms/includes/html/pages/device/capture.inc.php
Ecosystems: packagist
Packages: librenms/librenms
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: 6 days ago
High
GSA_kwCzR0hTQS04ODhqLXBqcWgtZng1OM4ABBYz
Stored XSS ('Cross-site Scripting') in librenms/includes/html/pages/edituser.inc.php
Ecosystems: packagist
Packages: librenms/librenms
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: 6 days ago
High
GSA_kwCzR0hTQS1nZndyLXhxbWotajI3ds4ABBYx
LibreNMS has a stored XSS ('Cross-site Scripting') in librenms/includes/html/pages/api-access.inc.php
Ecosystems: packagist
Packages: librenms/librenms
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: 6 days ago
High
GSA_kwCzR0hTQS00NmMzLTV4YzUtd3dods4ABBYW
Apache Airflow: Sensitive configuration values are not masked in the logs by default
Ecosystems: pypi
Packages: airflow
Source: GitHub Advisory Database
Blast Radius: 14.1
Published: 6 days ago
High
GSA_kwCzR0hTQS1wMmgyLTN2ZzktNHA4N84ABBW1
Connecting to a malicious Codespaces via GH CLI could allow command execution on the user's computer
Ecosystems: go
Packages: github.com/cli/cli, github.com/cli/cli/v2
Source: GitHub Advisory Database
Blast Radius: 12.6
Published: 7 days ago
High
GSA_kwCzR0hTQS1oZmY4LWhqd3YtajlxN84ABBW0
Remote Code Execution on click of <a> Link in markdown preview
Ecosystems: npm
Packages: joplin
Source: GitHub Advisory Database
Blast Radius: 11.0
Published: 7 days ago
High
GSA_kwCzR0hTQS1yODY0LTI4cHctODY4Ms4ABBWV
Harbor fails to validate the user permissions when updating p2p preheat policies
Ecosystems: go
Packages: github.com/goharbor/harbor/src, github.com/goharbor/harbor
Source: GitHub Advisory Database
Blast Radius: 11.0
Published: 7 days ago
High
GSA_kwCzR0hTQS03ODQ1LWNyZmotcGhjNM4ABBVL
Script security bypass vulnerability in Jenkins Shared Library Version Override Plugin
Ecosystems: maven
Packages: io.jenkins.plugins:shared-library-version-override
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 days ago
High
GSA_kwCzR0hTQS1oMjNqLTczd3ctNzU5NM4ABBU_
Session fixation vulnerability in Jenkins OpenId Connect Authentication Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:oic-auth
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 days ago
High
GSA_kwCzR0hTQS04ODg2LTh2MjctODVqOM4ABBVK
Stored XSS vulnerability in Jenkins Authorize Project Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:authorize-project
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 days ago
High
GSA_kwCzR0hTQS1wMnFxLWM2OTMtcTUzd84ABBVH
Restarting a run with revoked script approval allowed by Jenkins Pipeline: Declarative Plugin
Ecosystems: maven
Packages: org.jenkinsci.plugins:pipeline-model-parent
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 days ago
High
GSA_kwCzR0hTQS1tcnByLXZyODIteDg4cs4ABBVF
Rebuilding a run with revoked script approval allowed by Jenkins Pipeline: Groovy Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins.workflow:workflow-cps
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 days ago
High
GSA_kwCzR0hTQS04MjM3LTk1N2gtaDJjMs4ABBTt
FileManager Deserialization of Untrusted Data vulnerability
Ecosystems: packagist
Packages: backpack/filemanager
Source: GitHub Advisory Database
Blast Radius: 15.2
Published: 7 days ago
High
GSA_kwCzR0hTQS1jZzIzLXFmOGYtNjJycs4ABBTJ
Symfony has an Authentication Bypass via RememberMe
Ecosystems: packagist
Packages: symfony/security-http
Source: GitHub Advisory Database
Blast Radius: 32.9
Published: 8 days ago
High
GSA_kwCzR0hTQS14aGc2LTlqNWotdzR2Zs4ABBTC
DotNetZip Directory Traversal vulnerability
Ecosystems: nuget
Packages: ProDotNetZip, DotNetZip
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 8 days ago
High
GSA_kwCzR0hTQS1mM2N3LWhnNnItY2hmds4ABBS7
Craft CMS vulnerable to Potential Remote Code Execution via missing path normalization & Twig SSTI
Ecosystems: packagist
Packages: craftcms/cms
Source: GitHub Advisory Database
Blast Radius: 24.8
Published: 8 days ago
High
GSA_kwCzR0hTQS1jdzZnLXFtanEtNncyd84ABBS6
Craft CMS Arbitrary System File Read
Ecosystems: packagist
Packages: craftcms/cms
Source: GitHub Advisory Database
Blast Radius: 26.5
Published: 8 days ago
High
GSA_kwCzR0hTQS1qcmg1LXZocjktcWg3cc4ABBS5
Local File System Validation Bypass Leading to File Overwrite, Sensitive File Access, and Potential Code Execution
Ecosystems: packagist
Packages: craftcms/cms
Source: GitHub Advisory Database
Blast Radius: 29.2
Published: 8 days ago
High
GSA_kwCzR0hTQS1ndjd2LXJnZzYtNTQ4aM4ABBRT
Laravel environment manipulation via query string
Ecosystems: packagist
Packages: laravel/framework
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 8 days ago
High
GSA_kwCzR0hTQS1odzl4LThtNzUtNHZqcc4ABBRL
Cross Site Scripting vulnerability in Snipe-IT
Ecosystems: packagist
Packages: snipe/snipe-it
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 8 days ago
High
GSA_kwCzR0hTQS03aHBmLWc0OHYtaHczas4ABBP-
Zoraxy has an authenticated command injection in the Web SSH feature
Ecosystems: go
Packages: github.com/tobychui/zoraxy
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 8 days ago
High
GSA_kwCzR0hTQS14cTN3LXY1MjgtNDZyds4ABBP1
Denial of Service attack on windows app using netty
Ecosystems: maven
Packages: io.netty:netty-common
Source: GitHub Advisory Database
Blast Radius: 20.4
Published: 8 days ago
High
GSA_kwCzR0hTQS1jeHdmLXFjMzItMzc1Zs4ABBP0
Decidim-Awesome has SQL injection in AdminAccountability
Ecosystems: rubygems
Packages: decidim-decidim_awesome
Source: GitHub Advisory Database
Blast Radius: 17.8
Published: 8 days ago
High
GSA_kwCzR0hTQS1wZ3JjLTh3cDUtNW12cc4ABBLa
powertac-server XML External Entity vulnerability
Ecosystems: maven
Packages: org.powertac:server-interface
Source: GitHub Advisory Database
Blast Radius: 8.9
Published: 9 days ago
High
GSA_kwCzR0hTQS1ncHBtLWhxM3AtaDRycM4ABBGS
Git credentials are exposed in Atlantis logs
Ecosystems: go
Packages: github.com/runatlantis/atlantis
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 12 days ago
High
GSA_kwCzR0hTQS1ncjNjLXE3eGYtNDd2aM4ABBGR
XXE vulnerability in XSLT parsing in `org.hl7.fhir.core`
Ecosystems: maven
Packages: ca.uhn.hapi.fhir:org.hl7.fhir.dstu2016may, ca.uhn.hapi.fhir:org.hl7.fhir.utilities, ca.uhn.hapi.fhir:org.hl7.fhir.r5, ca.uhn.hapi.fhir:org.hl7.fhir.r4b, ca.uhn.hapi.fhir:org.hl7.fhir.r4, ca.uhn.hapi.fhir:org.hl7.fhir.dstu3
Source: GitHub Advisory Database
Blast Radius: 16.8
Published: 12 days ago
High
GSA_kwCzR0hTQS0zeGdxLTQ1amotdjI3Nc4ABBFi
Regular Expression Denial of Service (ReDoS) in cross-spawn
Ecosystems: npm
Packages: cross-spawn
Source: GitHub Advisory Database
Blast Radius: 47.1
Published: 13 days ago
High
GSA_kwCzR0hTQS02anJmLXJjamYtMjQ1cs4ABBEb
changedetection.io path traversal using file URI scheme without supplying hostname
Ecosystems: pypi
Packages: changedetection.io
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 13 days ago
High
GSA_kwCzR0hTQS1oZnE5LWhnZ20tYzU2cc4ABBEZ
XStream is vulnerable to a Denial of Service attack due to stack overflow from a manipulated binary input stream
Ecosystems: maven
Packages: com.thoughtworks.xstream:xstream
Source: GitHub Advisory Database
Blast Radius: 33.0
Published: 13 days ago
High
GSA_kwCzR0hTQS0zbTl4LTJxZmoteHZxNM4ABBD1
PHPExcel XXE Vulnerability
Ecosystems: packagist
Packages: phpoffice/phpexcel
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 14 days ago
High
GSA_kwCzR0hTQS1xNzh2LWN2MzYtOGZ4as4ABBD0
Devtron has SQL Injection in CreateUser API
Ecosystems: go
Packages: github.com/devtron-labs/devtron
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 14 days ago
High
GSA_kwCzR0hTQS14ODdyLTM3cTUtbW1yOM4ABBDt
Moodle has CSRF risk in Feedback non-respondents report
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 11.5
Published: 14 days ago
High
GSA_kwCzR0hTQS12NmY0LXY4aDgtM2M4N84ABBDq
Moodle Remote Code Execution vulnerability
Ecosystems: packagist
Packages: moodle/moodle
Source: GitHub Advisory Database
Blast Radius: 11.5
Published: 14 days ago
High
GSA_kwCzR0hTQS03anFmLXYzNTgtcDhnN84ABBC1
Apache Tomcat Allocation of Resources Without Limits or Throttling vulnerability
Ecosystems: maven
Packages: org.apache.tomcat:tomcat-util
Source: GitHub Advisory Database
Blast Radius: 25.6
Published: 14 days ago
High
GSA_kwCzR0hTQS1wajMzLTc1eDUtMzJqNM4ABBCO
RabbitMQ HTTP API's queue deletion endpoint does not verify that the user has a required permission
Ecosystems: hex
Packages: rabbit_common
Source: GitHub Advisory Database
Blast Radius: 15.9
Published: 14 days ago
High
GSA_kwCzR0hTQS1wN212LTUzZjItNGN3as4ABBBp
CometBFT Vote Extensions: Panic when receiving a Pre-commit with an invalid data
Ecosystems: go
Packages: github.com/cometbft/cometbft
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 15 days ago
High
GSA_kwCzR0hTQS1xcTVjLTY3N3AtNzM3cc4ABBBg
Symfony vulnerable to command execution hijack on Windows with Process class
Ecosystems: packagist
Packages: symfony/symfony, symfony/process
Source: GitHub Advisory Database
Blast Radius: 48.2
Published: 15 days ago
High
GSA_kwCzR0hTQS00Y2YyLWN4cDMtcmpyN84ABA_w
HAPI FHIR XML External Entity (XXE) vulnerability
Ecosystems: maven
Packages: ca.uhn.hapi.fhir:org.hl7.fhir.validation, ca.uhn.hapi.fhir:org.hl7.fhir.utilities, ca.uhn.hapi.fhir:org.hl7.fhir.r5, ca.uhn.hapi.fhir:org.hl7.fhir.r4b, ca.uhn.hapi.fhir:org.hl7.fhir.r4, ca.uhn.hapi.fhir:org.hl7.fhir.dstu3, ca.uhn.hapi.fhir:org.hl7.fhir.dstu2016may, ca.uhn.hapi.fhir:org.hl7.fhir.dstu2, ca.uhn.hapi.fhir:org.hl7.fhir.convertors
Source: GitHub Advisory Database
Blast Radius: 19.1
Published: 16 days ago
High
GSA_kwCzR0hTQS02cDU1LXFyM2otbXBncc4ABA9H
AgentScope uses `eval`
Ecosystems: pypi
Packages: agentscope
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 16 days ago
High
GSA_kwCzR0hTQS04MmozLWhmNzItN3g5M84ABA9D
Reposilite vulnerable to path traversal while serving javadoc expanded files (arbitrary file read) (`GHSL-2024-074`)
Ecosystems: maven
Packages: com.reposilite:reposilite-backend
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 16 days ago
High
GSA_kwCzR0hTQS1yN212LW12N20tcGp3M84ABA8y
hornetq vulnerable to file overwrite, sensitive information disclosure
Ecosystems: maven
Packages: org.hornetq:hornetq-core-client
Source: GitHub Advisory Database
Blast Radius: 22.5
Published: 17 days ago
High
GSA_kwCzR0hTQS03NTJxLTcycWMtcmM2Ns4ABA7n
Apache Kylin Session Fixation vulnerability
Ecosystems: maven
Packages: org.apache.kylin:kylin
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 17 days ago
High
GSA_kwCzR0hTQS1xbTkyLTkzZnYtdmg3bc4ABA6P
Path traversal in oak allows transfer of hidden files within the served root directory
Ecosystems: npm
Packages: @oakserver/oak
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 19 days ago
High
GSA_kwCzR0hTQS02aDh3LWhyZnAtcGZmeM4ABA2e
Plenti arbitrary file deletion vulnerability
Ecosystems: go
Packages: github.com/plentico/plenti
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 20 days ago
High
GSA_kwCzR0hTQS0ycDk2LXA3cWgtNHJncs4ABA2d
Plenti arbitrary file write vulnerability
Ecosystems: go
Packages: github.com/plentico/plenti
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 20 days ago
High
GSA_kwCzR0hTQS05NWoyLXc4eDctaG04OM4ABA2Z
Ollama Out-of-bounds Read
Ecosystems: go
Packages: github.com/ollama/ollama
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 20 days ago
High
GSA_kwCzR0hTQS1nMjMzLTJwNHItM3E3ds4ABA2E
Hashicorp Vault vulnerable to denial of service through memory exhaustion
Ecosystems: go
Packages: github.com/hashicorp/vault
Source: GitHub Advisory Database
Blast Radius: 25.2
Published: 21 days ago
High
GSA_kwCzR0hTQS1wZnJyLXh2cmYtcHhqeM4ABA1_
Laravel Reverb Missing API Signature Verification
Ecosystems: packagist
Packages: laravel/reverb
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 21 days ago
High
GSA_kwCzR0hTQS00ZnZ4LWg4MjMtMzh2M84ABA1-
YesWiki Uses a Broken or Risky Cryptographic Algorithm
Ecosystems: packagist
Packages: yeswiki/yeswiki
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 21 days ago
High
GSA_kwCzR0hTQS01Nm02LTRtaHctaDNnNc4ABA19
langflow has vulnerability in PythonCodeTool component
Ecosystems: pypi
Packages: langflow
Source: GitHub Advisory Database
Blast Radius: 10.2
Published: 21 days ago
High
GSA_kwCzR0hTQS0ycXc4LXBwcjUtbTk2Y84ABA1x
Apache Lucene.Net.Replicator Deserialization of Untrusted Data vulnerability
Ecosystems: nuget
Packages: Lucene.Net.Replicator
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 21 days ago
High
GSA_kwCzR0hTQS1mcTltLXYyNnYtMm00Zs4ABA1p
lilconfig Code Injection vulnerability
Ecosystems: npm
Packages: lilconfig
Source: GitHub Advisory Database
Blast Radius: 53.6
Published: 21 days ago
High
GSA_kwCzR0hTQS1tY3czLWg1eGctcjk1bc4ABA1i
JeecgBoot SQL Injection vulnerability
Ecosystems: maven
Packages: org.jeecgframework.boot:jeecg-boot-parent
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 21 days ago
High
GSA_kwCzR0hTQS1jaGdtLTdyNTItd2hqas4ABA1Y
Hashicorp Consul Path Traversal vulnerability
Ecosystems: go
Packages: github.com/hashicorp/consul
Source: GitHub Advisory Database
Blast Radius: 28.2
Published: 21 days ago
High
GSA_kwCzR0hTQS1wamh4LWo1M3AtYzVmNc4ABA1L
ThinkPHP deserialization vulnerability
Ecosystems: packagist
Packages: topthink/thinkphp
Source: GitHub Advisory Database
Blast Radius: 10.2
Published: 21 days ago
High
GSA_kwCzR0hTQS1xanZjLXA4OGotajlybc4ABAxq
Kyverno's PolicyException objects can be created in any namespace by default
Ecosystems: go
Packages: github.com/kyverno/kyverno
Source: GitHub Advisory Database
Blast Radius: 9.0
Published: 23 days ago
High
GSA_kwCzR0hTQS0zZjg0LXJwd2gtNDdnNs4ABAxp
Waitress vulnerable to DoS leading to high CPU usage/resource exhaustion
Ecosystems: pypi
Packages: waitress
Source: GitHub Advisory Database
Blast Radius: 33.0
Published: 23 days ago
High
GSA_kwCzR0hTQS13N2hxLWYycGotYzUzZ84ABAtM
pyLoad vulnerable to remote code execution by download to /.pyload/scripts using /flashgot API
Ecosystems: pypi
Packages: pyload-ng
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 24 days ago
High
GSA_kwCzR0hTQS1oMzQ1LXI0OHgtZzY4Zs4ABArV
SQL injection in funadmin
Ecosystems: packagist
Packages: funadmin/funadmin
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 26 days ago
High
GSA_kwCzR0hTQS0ybXY4LWpqbTUtZjNocs4ABArY
SQL injection in funadmin
Ecosystems: packagist
Packages: funadmin/funadmin
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 26 days ago
High
GSA_kwCzR0hTQS14MmZyLXZqNzQtNWgzNc4ABArO
SQL injection in funadmin
Ecosystems: packagist
Packages: funadmin/funadmin
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 26 days ago
High
GSA_kwCzR0hTQS01ZzY2LTkzcXYtNTY1as4ABArQ
SQL injection in funadmin
Ecosystems: packagist
Packages: funadmin/funadmin
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 26 days ago
High
GSA_kwCzR0hTQS1oNHB4LTl2bXAtcDdwds4ABArH
SQL injection in funadmin
Ecosystems: packagist
Packages: funadmin/funadmin
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 26 days ago
High
GSA_kwCzR0hTQS1yOXY1LXE5N20tcmo1Z84ABArX
Logic flaw in Funadmin
Ecosystems: packagist
Packages: funadmin/funadmin
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 26 days ago
High
GSA_kwCzR0hTQS02ajhmLTg4bWgtcjl2cc4ABArP
SQL injection in funadmin
Ecosystems: packagist
Packages: funadmin/funadmin
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 26 days ago
High
GSA_kwCzR0hTQS05Z3czLXFyMmYtM3ZnNc4ABArE
SQL injection in funadmin
Ecosystems: packagist
Packages: funadmin/funadmin
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 26 days ago
High
GSA_kwCzR0hTQS12dzZ4LWM1cmctam1qcM4ABArS
SQL injection in funadmin
Ecosystems: packagist
Packages: funadmin/funadmin
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 26 days ago
High
GSA_kwCzR0hTQS14ajd3LXI3NTMtdmo4ds4ABAq-
Exposure of vSphere's CPI and CSI credentials in Rancher
Ecosystems: go
Packages: github.com/rancher/rancher
Source: GitHub Advisory Database
Blast Radius: 14.6
Published: 26 days ago
High
GSA_kwCzR0hTQS0zcm13LTc2bTYtNGdqY84ABAq8
User Registration Bypass in Zitadel
Ecosystems: go
Packages: github.com/zitadel/zitadel
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 26 days ago
High
GSA_kwCzR0hTQS12NDZqLWg0M2gtcndybc4ABAq6
Autolab Misconfigured Reset Password Permissions
Ecosystems: rubygems
Packages: Autolab
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 26 days ago
High
GSA_kwCzR0hTQS1xZndxLTZqaDYtOHh4NM4ABAon
OpenRefine has a path traversal in LoadLanguageCommand
Ecosystems: maven
Packages: org.openrefine:openrefine
Source: GitHub Advisory Database
Blast Radius: 2.1
Published: 28 days ago
High
GSA_kwCzR0hTQS1nOHY5LWM4bTMtOTQyds4ABAoi
Remote code execution in php-heic-to-jpg
Ecosystems: packagist
Packages: maestroerror/php-heic-to-jpg
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 28 days ago
High
GSA_kwCzR0hTQS0zcGc0LXF3YzgtNDI2cs4ABAoK
OpenRefine leaks Google API credentials in releases
Ecosystems: maven
Packages: org.openrefine:openrefine
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 28 days ago
High
GSA_kwCzR0hTQS04N2NmLWo3NjMtdnZoOM4ABAoG
OpenRefine's SQLite integration allows filesystem access, remote code execution (RCE)
Ecosystems: maven
Packages: org.openrefine:database
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 28 days ago
High
GSA_kwCzR0hTQS03OWp2LTUyMjYtNzgzZs4ABAoF
OpenRefine has a reflected cross-site scripting vulnerability (XSS) from POST request in ExportRowsCommand
Ecosystems: maven
Packages: org.openrefine:openrefine
Source: GitHub Advisory Database
Blast Radius: 2.4
Published: 28 days ago
High
GSA_kwCzR0hTQS0zam00LWM2cWYtanJoM84ABAoE
OpenRefine's PreviewExpressionCommand, which is eval, lacks protection against cross-site request forgery (CSRF)
Ecosystems: maven
Packages: org.openrefine:main
Source: GitHub Advisory Database
Blast Radius: 13.7
Published: 28 days ago
High
GSA_kwCzR0hTQS1wdzN4LWM1dnAtbWZjM84ABAoD
OpenRefine has a reflected cross-site scripting vulnerability (XSS) in GData extension (authorized.vt)
Ecosystems: maven
Packages: org.openrefine:extensions
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 28 days ago
High
GSA_kwCzR0hTQS1xcXF3LWdtOTMtcWY2bc4ABAnQ
OS Command Injection in Snyk gradle plugin
Ecosystems: npm
Packages: snyk-gradle-plugin
Source: GitHub Advisory Database
Blast Radius: 28.7
Published: 28 days ago
High
GSA_kwCzR0hTQS02OWY5LWg4ZjktN3ZqZs4ABAnP
OS Command Injection in Snyk php plugin
Ecosystems: npm
Packages: snyk-php-plugin
Source: GitHub Advisory Database
Blast Radius: 28.6
Published: 28 days ago
High
GSA_kwCzR0hTQS1tNGdxLXgyNGotanBtZs4ABAkl
Prototype pollution vulnerability found in Mermaid's bundled version of DOMPurify
Ecosystems: npm
Packages: mermaid
Source: GitHub Advisory Database
Blast Radius: 28.9
Published: 30 days ago
High
GSA_kwCzR0hTQS0zdnBjLTRwOXAtNDdoY84ABAkk
curl_cffi bundles a version of libcurl affected by High Severity vulnerability
Ecosystems: pypi
Packages: curl-cffi
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 30 days ago
Statistics
Advisories: 20,668
Packages: 9,040
Repositories: 2,709
Ecosystems: 12
Filter by Severity
Moderate 8,836 High 7,269 Critical 3,070 Low 1,144
Filter by Ecosystem
maven 2,016 pypi 1,571 npm 1,503 packagist 1,259 nuget 835 go 832 cargo 356 rubygems 297 swift 17 hex 10 actions 10 pub 5
Filter by Package
Microsoft.ChakraCore 234 tensorflow 122 tensorflow-gpu 119 tensorflow-cpu 115 magento/community-edition 62 moodle/moodle 52 org.jenkins-ci.main:jenkins-core 49 Django 48 com.fasterxml.jackson.core:jackson-databind 43 typo3/cms 37 dolibarr/dolibarr 33 org.apache.tomcat:tomcat 32 Plone 31 librenms/librenms 31 drupal/core 30 mlflow 30 pimcore/pimcore 29 apache-airflow 29 typo3/cms-core 28 salt 27 microweber/microweber 27 drupal/drupal 27 nokogiri 25 github.com/rancher/rancher 24 ansible 24 opencv-contrib-python 23 opencv-python 23 com.thoughtworks.xstream:xstream 23 org.apache.struts:struts2-core 23 phpmyadmin/phpmyadmin 23 symfony/symfony 22 Pillow 21 com.jfinal:jfinal 21 django 19 org.jenkins-ci.plugins:script-security 19 thorsten/phpmyfaq 19 rdiffweb 17 org.apache.tomcat.embed:tomcat-embed-core 17 openssl-src 17 pocketmine/pocketmine-mp 17 github.com/hashicorp/vault 16 Microsoft.AspNetCore.App.Runtime.win-x86 16 pillow 16 getgrav/grav 16 io.undertow:undertow-core 16 Microsoft.AspNetCore.App.Runtime.win-x64 16 parse-server 16 matrix-synapse 15 github.com/hashicorp/consul 15 Microsoft.AspNetCore.App.Runtime.win-arm 15 nilsteampassnet/teampass 15 Microsoft.AspNetCore.App.Runtime.win-arm64 14 github.com/usememos/memos 14 net.mingsoft:ms-mcms 14 github.com/grafana/grafana 14 vyper 14 centreon/centreon 14 Microsoft.AspNetCore.App.Runtime.linux-musl-x64 13 Microsoft.AspNetCore.App.Runtime.linux-arm64 13 silverstripe/framework 13 Microsoft.AspNetCore.App.Runtime.linux-arm 13 mautic/core 13 rubygems-update 13 org.keycloak:keycloak-core 13 mindsdb 13 org.keycloak:keycloak-services 13 Microsoft.AspNetCore.App.Runtime.osx-x64 13 golang.org/x/net 13 Microsoft.AspNetCore.App.Runtime.linux-musl-arm64 13 Microsoft.AspNetCore.App.Runtime.linux-x64 13 electron 12 shopware/platform 12 github.com/argoproj/argo-cd 12 org.apache.openmeetings:openmeetings-parent 12 gradio 12 craftcms/cms 12 baserproject/basercms 12 activerecord 12 org.keycloak:keycloak-parent 11 actionpack 11 intelliants/subrion 11 keystone 11 froxlor/froxlor 11 github.com/nats-io/nats-server/v2 11 shopware/core 10 apache-superset 10 snipe/snipe-it 10 openmage/magento-lts 10 org.xwiki.platform:xwiki-platform-oldcore 10 org.apache.solr:solr-core 10 github.com/hashicorp/nomad 10 org.springframework.security:spring-security-core 10 funadmin/funadmin 10 Microsoft.NetCore.App.Runtime.win-x64 10 Microsoft.NetCore.App.Runtime.win-x86 10 Microsoft.NetCore.App.Runtime.win-arm64 10 Microsoft.NetCore.App.Runtime.win-arm 10 laravel/framework 10 cockpit-hq/cockpit 10 org.apache.geode:geode-core 9 rusqlite 9 github.com/ethereum/go-ethereum 9 org.apache.struts.xwork:xwork-core 9 directus 9 zendframework/zendframework1 9 org.bouncycastle:bcprov-jdk14 9 cobbler 9 github.com/zitadel/zitadel 9 org.cloudfoundry.identity:cloudfoundry-identity-server 9 mercurial 9 plone 9 ckb 9 next 9 org.apache.hadoop:hadoop-main 9 org.apache.nifi:nifi 9 Microsoft.AspNetCore.App.Runtime.linux-musl-arm 9 nova 8 Microsoft.NETCore.App.Runtime.win-x86 8 org.bouncycastle:bcprov-jdk15 8 Microsoft.NETCore.App.Runtime.win-x64 8 composer/composer 8 org.jenkins-ci.plugins.workflow:workflow-cps 8 github.com/docker/docker 8 github.com/sylabs/singularity 8 gogs.io/gogs 8 com.liferay.portal:release.portal.bom 8 phpbb/phpbb 8 Microsoft.NETCore.App.Runtime.win-arm64 8 smarty/smarty 8 k8s.io/kubernetes 8 cryptography 8 neutron 8 deno 8 october/system 8 opencv-contrib-python-headless 7 symfony/security 7 Microsoft.AspNetCore.App.Runtime.osx-arm64 7 opencv-python-headless 7 surrealdb 7 codeigniter4/framework 7 strapi 7 org.apache.tomcat:tomcat-coyote 7 org.eclipse.jetty:jetty-server 7 @strapi/strapi 7 tar 7 cakephp/cakephp 7 symfony/security-http 7 magento/core 7 zendframework/zendframework 7 org.springframework:spring-core 7 org.jenkins-ci.plugins.workflow:workflow-cps-global-lib 7 org.craftercms:crafter-studio 7 phpmailer/phpmailer 7 phpoffice/phpspreadsheet 7 org.apache.inlong:manager-pojo 7 com.xuxueli:xxl-job 7 lollms 7 org.elasticsearch:elasticsearch 7 github.com/traefik/traefik/v2 7 ryu 7 contao/core-bundle 7 DotNetNuke.Core 7 cn.hutool:hutool-core 7 OPCFoundation.NetStandard.Opc.Ua.Core 7 github.com/goharbor/harbor 6 trytond 6 github.com/mattermost/mattermost/server/v8 6 nautobot 6 github.com/gravitl/netmaker 6 sized-chunks 6 Microsoft.AspNetCore.All 6 matrix-js-sdk 6 npm 6 guzzlehttp/guzzle 6 Microsoft.NETCore.App 6 rack 6 kiwitcms 6 sequelize 6 org.apache.camel:camel-core 6 opencart/opencart 6 @openzeppelin/contracts 6 de.tum.in.ase:artemis-java-test-sandbox 6 org.apache.tika:tika-core 6 org.apache.dolphinscheduler:dolphinscheduler 6 org.apache.cxf:cxf 6 sentry 6 prestashop/prestashop 6 contao/contao 6 org.apache.commons:commons-compress 6 aubio 6 ezsystems/ezpublish-kernel 6 github.com/cilium/cilium 6 wwbn/avideo 6 getkirby/cms 6 mediawiki/core 6 github.com/argoproj/argo-cd/v2 6 golang.org/x/crypto 6 express-cart 6 handlebars 6 github.com/hyperledger/fabric 6
Filter by Repository
https://github.com/chakra-core/ChakraCore 204 https://github.com/tensorflow/tensorflow 122 https://github.com/xwiki/xwiki-platform 50 https://github.com/django/django 49 https://github.com/FasterXML/jackson-databind 44 https://github.com/apache/airflow 38 https://github.com/jenkinsci/jenkins 37 https://github.com/apache/tomcat 36 https://github.com/python-pillow/Pillow 35 https://github.com/keycloak/keycloak 29 https://github.com/librenms/librenms 27 https://github.com/pimcore/pimcore 27 https://github.com/opencv/opencv 25 https://github.com/microweber/microweber 25 https://github.com/moodle/moodle 24 https://github.com/symfony/symfony 23 https://github.com/dotnet/runtime 23 https://github.com/x-stream/xstream 23 https://github.com/apache/struts 22 https://github.com/rancher/rancher 20 https://github.com/sparklemotion/nokogiri 20 https://github.com/Dolibarr/dolibarr 19 https://github.com/ansible/ansible 18 https://github.com/thorsten/phpmyfaq 18 https://github.com/pmmp/PocketMine-MP 17 https://github.com/ikus060/rdiffweb 17 https://github.com/spring-projects/spring-framework 17 https://github.com/parse-community/parse-server 16 https://github.com/plone/Products.CMFPlone 16 https://github.com/mlflow/mlflow 15 https://github.com/github/advisory-database 15 https://github.com/apache/inlong 14 https://github.com/TYPO3/typo3 14 https://github.com/getgrav/grav 14 https://github.com/vyperlang/vyper 14 https://github.com/usememos/memos 14 https://github.com/mautic/mautic 13 https://github.com/matrix-org/synapse 13 https://github.com/jenkinsci/script-security-plugin 13 https://github.com/mindsdb/mindsdb 13 https://github.com/gradio-app/gradio 12 https://github.com/rails/rails 12 https://github.com/undertow-io/undertow 12 https://github.com/hashicorp/consul 12 https://github.com/saltstack/salt 12 https://github.com/zitadel/zitadel 12 https://github.com/electron/electron 11 https://github.com/argoproj/argo-cd 11 https://github.com/silverstripe/silverstripe-framework 11 https://github.com/grafana/grafana 11 https://github.com/apache/nifi 11 https://github.com/go-gitea/gitea 10 https://github.com/funadmin/funadmin 10 https://github.com/OpenMage/magento-lts 10 https://github.com/openstack/keystone 10 https://github.com/centreon/centreon 10 https://github.com/directus/directus 10 https://github.com/octobercms/october 10 https://github.com/kubernetes/kubernetes 10 https://github.com/strapi/strapi 10 https://github.com/dotnet/aspnetcore 9 https://github.com/golang/go 9 https://github.com/cloudfoundry/uaa 9 https://github.com/rusqlite/rusqlite 9 https://github.com/snipe/snipe-it 9 https://github.com/nervosnetwork/ckb 9 https://github.com/apache/camel 9 https://github.com/nilsteampassnet/teampass 9 https://github.com/cui2shark/cms 9 https://github.com/nats-io/nats-server 8 https://github.com/OpenRefine/OpenRefine 8 https://github.com/OPCFoundation/UA-.NETStandard 8 https://github.com/backstage/backstage 8 https://github.com/shopware/platform 8 https://github.com/netty/netty 8 https://github.com/TYPO3/TYPO3.CMS 8 https://github.com/pyca/cryptography 8 https://github.com/bcgit/bc-java 8 https://github.com/laravel/framework 8 https://github.com/denoland/deno 8 https://github.com/cockpit-hq/cockpit 8 https://github.com/hashicorp/vault 8 https://github.com/smarty-php/smarty 7 https://github.com/PHPOffice/PhpSpreadsheet 7 https://github.com/faucetsdn/ryu 7 https://github.com/apache/cxf 7 https://github.com/apache/activemq 7 https://github.com/vercel/next.js 7 https://github.com/surrealdb/surrealdb 7 https://github.com/eclipse/jetty.project 7 https://github.com/contao/contao 7 https://github.com/xuxueli/xxl-job 7 https://github.com/DSpace/DSpace 7 https://github.com/composer/composer 7 https://github.com/cobbler/cobbler 7 https://github.com/spring-projects/spring-security 7 https://github.com/PHPMailer/PHPMailer 7 https://github.com/magento/magento2 7 https://github.com/rubygems/rubygems 7 https://github.com/bodil/sized-chunks 6 https://github.com/TYPO3-CMS/core 6 https://github.com/istio/istio 6 https://github.com/gravitl/netmaker 6 https://github.com/dnnsoftware/Dnn.Platform 6 https://github.com/aubio/aubio 6 https://github.com/kiwitcms/Kiwi 6 https://github.com/protocolbuffers/protobuf 6 https://github.com/npm/node-tar 6 https://github.com/nautobot/nautobot 6 https://github.com/intelliants/subrion 6 https://github.com/WWBN/AVideo 6 https://github.com/cilium/cilium 6 https://github.com/PaddlePaddle/Paddle 6 https://github.com/CVEProject/cvelist 6 https://github.com/phpmyadmin/phpmyadmin 6 https://github.com/gogs/gogs 6 https://github.com/dromara/hutool 6 https://github.com/geoserver/geoserver 6 https://github.com/nilsteampassnet/TeamPass 6 https://github.com/ls1intum/Ares 6 https://github.com/getsentry/sentry 6 https://github.com/traefik/traefik 6 https://github.com/froxlor/froxlor 6 https://github.com/matrix-org/matrix-js-sdk 6 https://github.com/OpenZeppelin/openzeppelin-contracts 6 https://github.com/goharbor/harbor 6 https://github.com/sequelize/sequelize 6 https://github.com/DrunkenShells/Disclosures 6 https://github.com/craftcms/cms 6 https://github.com/opencast/opencast 6 https://github.com/hyperledger/fabric 6 https://github.com/getkirby/kirby 6 https://github.com/OpenNMS/opennms 6 https://github.com/guzzle/guzzle 6 https://github.com/openstack/nova 6 https://github.com/PrestaShop/PrestaShop 5 https://github.com/apache/xmlgraphics-batik 5 https://github.com/apache/kylin 5 https://github.com/docker/docker 5 https://github.com/IBAX-io/go-ibax 5 https://github.com/cri-o/cri-o 5 https://github.com/apache/hadoop 5 https://github.com/faisalman/ua-parser-js 5 https://github.com/pear/Archive_Tar 5 https://github.com/Pylons/waitress 5 https://github.com/vantage6/vantage6 5 https://github.com/drupal/core 5 https://github.com/zendframework/zendframework 5 https://github.com/ethyca/fides 5 https://github.com/owen2345/camaleon-cms 5 https://github.com/forkcms/forkcms 5 https://github.com/beego/beego 5 https://github.com/hpcng/singularity 5 https://github.com/opencart/opencart 5 https://github.com/BlackFan/client-side-prototype-pollution 5 https://github.com/cefsharp/CefSharp 5 https://github.com/ethereum/go-ethereum 5 https://github.com/parisneo/lollms 5 https://github.com/openstack/neutron 5 https://github.com/RaspAP/raspap-webgui 5 https://github.com/cakephp/cakephp 5 https://github.com/apache/dolphinscheduler 5 https://github.com/phpseclib/phpseclib 5 https://github.com/answerdev/answer 5 https://github.com/codeigniter4/CodeIgniter4 5 https://github.com/yiisoft/yii2 5 https://github.com/restlet/restlet-framework-java 4 https://github.com/statamic/cms 4 https://github.com/jhipster/generator-jhipster 4 https://github.com/nocodb/nocodb 4 https://github.com/pomerium/pomerium 4 https://github.com/ckeditor/ckeditor4 4 https://github.com/wagtail/wagtail 4 https://github.com/cloudflare/cfrpki 4 https://github.com/ericcornelissen/shescape 4 https://github.com/quarkusio/quarkus 4 https://github.com/matrix-org/matrix-react-sdk 4 https://github.com/nightcloudos/new_cms 4 https://github.com/wixtoolset/issues 4 https://github.com/urllib3/urllib3 4 https://github.com/jeecgboot/jeecg-boot 4 https://github.com/pyload/pyload 4 https://github.com/scrapy/scrapy 4 https://github.com/0xJacky/nginx-ui 4 https://github.com/hashicorp/nomad 4 https://github.com/pgadmin-org/pgadmin4 4 https://github.com/jupyterhub/oauthenticator 4 https://github.com/numpy/numpy 4 https://github.com/apache/geode 4 https://github.com/apple/swift-nio-http2 4 https://github.com/free5gc/free5gc 4 https://github.com/decidim/decidim 4 https://github.com/livehelperchat/livehelperchat 4 https://github.com/npm/cli 4 https://github.com/baserproject/basercms 4 https://github.com/jettison-json/jettison 4 https://github.com/zopefoundation/Zope 4 https://github.com/nltk/nltk 4 https://github.com/igniterealtime/Openfire 4