Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Advisories

Loading...
High
GSA_kwCzR0hTQS12eHBtLThoY3AtcWgyN84AAxad
Payment information sent to PayPal not necessarily identical to created order
Ecosystems: packagist
Packages: swag/paypal
Source: GitHub Advisory Database
Published: 1 day ago
High
GSA_kwCzR0hTQS04eHY0LWpqNGgtcXd3Ns4AAxYX
Pimcore contains Unrestricted Upload of File with Dangerous Type
Ecosystems: packagist
Packages: pimcore/pimcore
Source: GitHub Advisory Database
Published: 3 days ago
High
GSA_kwCzR0hTQS13cXh3LThoNWctaHE1Ns4AAxVm
Switcher Client contains Regular Expression Denial of Service (ReDoS)
Ecosystems: npm
Packages: switcher-client
Source: GitHub Advisory Database
Published: 3 days ago
High
GSA_kwCzR0hTQS0yMjc1LXJwZjUteHY4aM4AAxUK
is-http2 vulnerable to Command Injection
Ecosystems: npm
Packages: is-http2
Source: GitHub Advisory Database
Published: 4 days ago
High
GSA_kwCzR0hTQS04djRqLTdqZ2YtNXJnOc4AAxTg
Warp vulnerable to Path Traversal via Improper validation of Windows paths
Ecosystems: cargo
Packages: warp
Source: GitHub Advisory Database
Published: 4 days ago
High
GSA_kwCzR0hTQS14cmg3LW01cHAtMzlyNs4AAxTf
XSS Attack with Express API
Ecosystems: npm
Packages: eta
Source: GitHub Advisory Database
Published: 4 days ago
High
GSA_kwCzR0hTQS12bTVyLWM4N3ItcGY2eM4AAxTe
Parse Server option `masterKeyIps` vulnerability to IP spoofing
Ecosystems: npm
Packages: parse-server
Source: GitHub Advisory Database
Published: 4 days ago
High
GSA_kwCzR0hTQS1oNnc4LTUybXEtNHF4Y84AAxTG
Apache Linkis contains Deserialization of Untrusted Data
Ecosystems: maven
Packages: org.apache.linkis:linkis
Source: GitHub Advisory Database
Published: 5 days ago
High
GSA_kwCzR0hTQS1jNnJ4LWd4cXYtdnI1as4AAxTA
nemo-appium vulnerable to OS Command Injection
Ecosystems: npm
Packages: nemo-appium
Source: GitHub Advisory Database
Published: 5 days ago
High
GSA_kwCzR0hTQS04OHY4LXY0NmctNmM5d84AAxPx
Servst vulnerable to Path Traversal
Ecosystems: npm
Packages: servst
Source: GitHub Advisory Database
Published: 6 days ago
High
GSA_kwCzR0hTQS1tZjZ4LWhyZ3ItNjU4Zs4AAxPw
Eta vulnerable to Code Injection via templates rendered with user-defined data
Ecosystems: npm
Packages: eta
Source: GitHub Advisory Database
Published: 6 days ago
High
GSA_kwCzR0hTQS1nN2dmLTJycXctNXJ3eM4AAxPk
Publify contains Weak Password Requirements
Ecosystems: rubygems
Packages: publify_core
Source: GitHub Advisory Database
Published: 7 days ago
High
GSA_kwCzR0hTQS1oNjMyLXA3NjQtcGpxbc4AAxOZ
DataFlow upload remote code execution vulnerability
Ecosystems: packagist
Packages: openmage/magento-lts
Source: GitHub Advisory Database
Published: 9 days ago
High
GSA_kwCzR0hTQS01ajJnLTNwaDQtcmd2bc4AAxOY
Fix for authenticated remote code execution through layout update
Ecosystems: packagist
Packages: openmage/magento-lts
Source: GitHub Advisory Database
Published: 9 days ago
High
GSA_kwCzR0hTQS01dnB2LXhtY2otOXE4Nc4AAxOV
Fix for arbitrary file deletion in customer media allows for remote code execution
Ecosystems: packagist
Packages: openmage/magento-lts
Source: GitHub Advisory Database
Published: 9 days ago
High
GSA_kwCzR0hTQS1jOXEzLXI0cnYtbWptN84AAxOU
Fix for arbitrary command execution in custom layout update through blocks
Ecosystems: packagist
Packages: openmage/magento-lts
Source: GitHub Advisory Database
Published: 9 days ago
High
GSA_kwCzR0hTQS1qbTNtLXdyM3AtaGpycc4AAxNK
Cross-site Scripting in modoboa
Ecosystems: pypi
Packages: modoboa
Source: GitHub Advisory Database
Published: 9 days ago
High
GSA_kwCzR0hTQS1jNDY3LTVjMmctanA4Ns4AAxNO
Cross-site Scripting in modoboa
Ecosystems: pypi
Packages: modoboa
Source: GitHub Advisory Database
Published: 9 days ago
High
GSA_kwCzR0hTQS0zM2d2LXJ2Z3EtZ3B4cM4AAxNL
HTML injections in BTCPayServer
Ecosystems: nuget
Packages: BTCPayServer.Client
Source: GitHub Advisory Database
Published: 9 days ago
High
GSA_kwCzR0hTQS04djUzLTIzbXgtaGNmOc4AAxNf
Improper Certificate Validation in pyload-ng
Ecosystems: pypi
Packages: pyload-ng
Source: GitHub Advisory Database
Published: 9 days ago
High
GSA_kwCzR0hTQS02MzI1LTZnMzItN3AzNc4AAxNI
flash_tool Gem for Ruby File Download Handling Arbitrary Command Execution
Ecosystems: rubygems
Packages: flash_tool
Source: GitHub Advisory Database
Published: 9 days ago
High
GSA_kwCzR0hTQS01cXE0LW02YzMteHhtZs4AAxMF
Directory Traversal vulnerability in serve-lite
Ecosystems: npm
Packages: serve-lite
Source: GitHub Advisory Database
Published: 9 days ago
High
GSA_kwCzR0hTQS02OWYyLTQzNzUtcXY5aM4AAxMO
Command injection in smartctl
Ecosystems: npm
Packages: smartctl
Source: GitHub Advisory Database
Published: 9 days ago
High
GSA_kwCzR0hTQS1nNXFyLXhnZzctOHEyd84AAxND
Command Injection in puppet-facter
Ecosystems: npm
Packages: puppet-facter
Source: GitHub Advisory Database
Published: 9 days ago
High
GSA_kwCzR0hTQS1mZnhqLTU0N3gtNWo3Y84AAxM0
Directory Traversal in onnx
Ecosystems: pypi
Packages: onnx
Source: GitHub Advisory Database
Published: 9 days ago
High
GSA_kwCzR0hTQS02NXY2LTNjOW0taG1ycM4AAxK2
Arbitrary file write in net.mingsoft:ms-mcms
Ecosystems: maven
Packages: net.mingsoft:ms-mcms
Source: GitHub Advisory Database
Published: 9 days ago
High
GSA_kwCzR0hTQS0zY204LXY0bWMtZ3BwZ84AAxJf
Path traversal in binwalk
Ecosystems: pypi
Packages: binwalk
Source: GitHub Advisory Database
Published: 9 days ago
High
GSA_kwCzR0hTQS03NnFqLTlnd2gtcHZ2M84AAxJ8
Sandbox bypass in Jenkins Script Security Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:script-security
Source: GitHub Advisory Database
Published: 9 days ago
High
GSA_kwCzR0hTQS12eG1oLXA1MmotaDMzbc4AAxJ5
Session fixation vulnerability in Jenkins OpenId Connect Authentication Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:oic-auth
Source: GitHub Advisory Database
Published: 9 days ago
High
GSA_kwCzR0hTQS0zZzJnLXJjbTYtcnJxMs4AAxJv
Cleartext Transmission of Sensitive Information in Jenkins JIRA Pipeline Steps Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:jira-steps
Source: GitHub Advisory Database
Published: 9 days ago
High
GSA_kwCzR0hTQS13ajc5LTlmeGotajg2cM4AAxJu
Cross-site request forgery vulnerability in Jenkins RabbitMQ Consumer Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:rabbitmq-consumer
Source: GitHub Advisory Database
Published: 9 days ago
High
GSA_kwCzR0hTQS1oOHA4LTYzNzgtNjQ5cM4AAxJ1
XML external entity reference vulnerability on agents in Jenkins Semantic Versioning Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:semantic-versioning-plugin
Source: GitHub Advisory Database
Published: 9 days ago
High
GSA_kwCzR0hTQS05Nmp2LWM3bTYtcTQzZ84AAxJs
Cross-site request forgery vulnerability in Jenkins OpenID Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:openid
Source: GitHub Advisory Database
Published: 9 days ago
High
GSA_kwCzR0hTQS1mOTc2LTI0aGMtbWp2cs4AAxJw
Session fixation vulnerability in Jenkins OpenID Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:openid
Source: GitHub Advisory Database
Published: 9 days ago
High
GSA_kwCzR0hTQS05OTYzLWdtaDgtdnZtNs4AAxJN
Session fixation vulnerability in Jenkins Keycloak Authentication Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:keycloak
Source: GitHub Advisory Database
Published: 9 days ago
High
GSA_kwCzR0hTQS14OXE0LXF3ZmgtOWdqcc4AAxJ-
Session fixation vulnerability in Jenkins Bitbucket OAuth Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:bitbucket-oauth
Source: GitHub Advisory Database
Published: 9 days ago
High
GSA_kwCzR0hTQS1weDJmLWNxcmYtZjJxZ84AAxJO
CSRF vulnerability in Jenkins TestQuality Updater Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:testquality-updater
Source: GitHub Advisory Database
Published: 9 days ago
High
GSA_kwCzR0hTQS05Mzl4LTZtd2otOTZyMs4AAxKB
Insufficient Session Expiration in Jenkins Azure AD Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:azure-ad
Source: GitHub Advisory Database
Published: 9 days ago
High
GSA_kwCzR0hTQS01eGhoLTZ4ZnYtN3E0Ms4AAxJi
Cross-site request forgery vulnerability in Jenkins BearyChat Plugin
Ecosystems: maven
Packages: org.jenkins-ci.plugins:bearychat
Source: GitHub Advisory Database
Published: 9 days ago
High
GSA_kwCzR0hTQS1nM2o1LW1wcDItMmZxbc4AAxJJ
symfont/process typosquatting malware spoofs symfony/process
Ecosystems: packagist
Packages: symfont/process
Source: GitHub Advisory Database
Published: 9 days ago
High
GSA_kwCzR0hTQS1xcmc3LWhmeDctOTVjNc4AAxJC
Command injection in Git package in Wrangler
Ecosystems: go
Packages: github.com/rancher/wrangler, rancher/github.com/rancher/wrangler
Source: GitHub Advisory Database
Published: 10 days ago
High
GSA_kwCzR0hTQS02cDRtLWh3MmgtNmdtd84AAxJA
Controller reconciles apps outside configured namespaces when sharding is enabled
Ecosystems: go
Packages: github.com/argoproj/argo-cd
Source: GitHub Advisory Database
Published: 10 days ago
High
GSA_kwCzR0hTQS1jNDVjLTM5ZjYtNmd3Oc4AAxI_
Rancher generated tokens not revoked after modifications made to authentication provider
Ecosystems: go
Packages: github.com/rancher/rancher
Source: GitHub Advisory Database
Published: 10 days ago
High
GSA_kwCzR0hTQS0zNHA1LWpwNzctZmNyY84AAxI9
Command injection in Rancher Git package
Ecosystems: go
Packages: github.com/rancher/rancher
Source: GitHub Advisory Database
Published: 10 days ago
High
GSA_kwCzR0hTQS1nMjVyLWd2cTMtd3JxN84AAxI8
Authenticated user can gain unauthorized shell pod and kubectl access in the local cluster
Ecosystems: go
Packages: github.com/rancher/rancher
Source: GitHub Advisory Database
Published: 10 days ago
High
GSA_kwCzR0hTQS03bTcyLW1oNXItNmozcs4AAxI7
Privilege escalation in project role template binding (PRTB) and -promoted roles
Ecosystems: go
Packages: github.com/rancher/rancher
Source: GitHub Advisory Database
Published: 10 days ago
High
GSA_kwCzR0hTQS04YzY5LXIzOGotcnBmas4AAxI6
Rancher cattle-token is predictable
Ecosystems: go
Packages: github.com/rancher/rancher
Source: GitHub Advisory Database
Published: 10 days ago
High
GSA_kwCzR0hTQS1maGc3LW04OXEtMjVyM84AAxIw
ReDoS Vulnerability in ua-parser-js version
Ecosystems: npm
Packages: ua-parser-js
Source: GitHub Advisory Database
Published: 12 days ago
High
GSA_kwCzR0hTQS0zbXBnLXEyNmotODNqNc4AAxHH
Command injection in yiisoft/yii2-gii
Ecosystems: packagist
Packages: yiisoft/yii2-gii
Source: GitHub Advisory Database
Published: 15 days ago
High
GSA_kwCzR0hTQS1xNzltLWM1NDYtMmc2M84AAxG-
CakePHP vulnerable to Denial of Service attack through XML payloads
Ecosystems: packagist
Packages: cakephp/cakephp
Source: GitHub Advisory Database
Published: 15 days ago
High
GSA_kwCzR0hTQS1xOTVoLWNxcnYtOGp2Nc4AAxGB
ExifTool vulnerable to arbitrary code execution
Ecosystems: rubygems
Packages: exiftool_vendored
Source: GitHub Advisory Database
Published: 15 days ago
High
GSA_kwCzR0hTQS1oajRnLTR3MzYteDhocM4AAxF7
Kraken has arbitrary file read vulnerability via component testfs
Ecosystems: go
Packages: github.com/uber/kraken
Source: GitHub Advisory Database
Published: 16 days ago
High
GSA_kwCzR0hTQS1tYzUyLWpwbTItY3FoNs4AAxFx
Deno is vulnerable to race condition via interactive permission prompt spoofing
Ecosystems: cargo
Packages: deno
Source: GitHub Advisory Database
Published: 16 days ago
High
GSA_kwCzR0hTQS1wYzk5LXFtZzQtcmNmZs4AAxFv
act vulnerable to arbitrary file upload in artifact server
Ecosystems: go
Packages: github.com/nektos/act
Source: GitHub Advisory Database
Published: 16 days ago
High
GSA_kwCzR0hTQS1nNXZtLTUyNXEtcjY2Y84AAxET
Velociraptor vulnerable to Missing Authorization
Ecosystems: go
Packages: www.velocidex.com/golang/velociraptor
Source: GitHub Advisory Database
Published: 17 days ago
High
GSA_kwCzR0hTQS1ocTdwLWozNzctNnY2M84AAxDu
SQL Injection Vulnerability via ActiveRecord comments
Ecosystems: rubygems
Packages: activerecord
Source: GitHub Advisory Database
Published: 18 days ago
High
GSA_kwCzR0hTQS0zZndxLXF2NXYtMnd4Zs4AAxDR
Path Traversal in web-node-server
Ecosystems: npm
Packages: web-node-server
Source: GitHub Advisory Database
Published: 18 days ago
High
GSA_kwCzR0hTQS1nM3B2LXBqNWYtM2hmcc4AAxCV
mechanize Regular Expression Denial of Service vulnerability
Ecosystems: pypi
Packages: mechanize
Source: GitHub Advisory Database
Published: 18 days ago
High
GSA_kwCzR0hTQS1tNGY4LXA1OGctajhtas4AAxCR
Observable timing discrepancy in JOpenId
Ecosystems: maven
Packages: org.expressme:JOpenId
Source: GitHub Advisory Database
Published: 18 days ago
High
GSA_kwCzR0hTQS1wcGhmLWdmcm0tdjMycs4AAxAx
Code injection in ruby git
Ecosystems: rubygems
Packages: git
Source: GitHub Advisory Database
Published: 19 days ago
High
GSA_kwCzR0hTQS03MjIyLXIzN3gtOHEzbc4AAw_j
Apache Superset vulnerable to Cross-Site Request Forgery via legacy REST API endpoints
Ecosystems: pypi
Packages: apache-superset
Source: GitHub Advisory Database
Published: 20 days ago
High
GSA_kwCzR0hTQS1jcDY4LTQycGYtNjYyN84AAw_a
Froxlor vulnerable to Command Injection
Ecosystems: packagist
Packages: froxlor/froxlor
Source: GitHub Advisory Database
Published: 20 days ago
High
GSA_kwCzR0hTQS03Y3hyLWg4d20tZmc0Y84AAw-y
Apache Shiro Interpretation Conflict vulnerability
Ecosystems: maven
Packages: org.apache.shiro:shiro-root
Source: GitHub Advisory Database
Published: 22 days ago
High
GSA_kwCzR0hTQS1meGc1LXdxNngtdnI0d84AAw-p
golang.org/x/net/http2/h2c vulnerable to request smuggling attack
Ecosystems: go
Packages: golang.org/x/net/http2/h2c
Source: GitHub Advisory Database
Published: 22 days ago
High
GSA_kwCzR0hTQS01djh2LWd3bXctcXc5N84AAw-H
org.neo4j.procedure:apoc Path Traversal Vulnerability
Ecosystems: maven
Packages: org.neo4j.procedure:apoc
Source: GitHub Advisory Database
Published: 22 days ago
High
GSA_kwCzR0hTQS1qbWo2LXAyajktNjhjcM4AAw90
Wildfly-elytron possibly vulnerable to timing attacks via use of unsafe comparator
Ecosystems: maven
Packages: org.wildfly.security:wildfly-elytron
Source: GitHub Advisory Database
Published: 23 days ago
High
GSA_kwCzR0hTQS1mZ3dwLXB3cXEtZzN3NM4AAw8S
Bloom Uncontrolled Search Path Element vulnerability
Ecosystems: go
Packages: github.com/bits-and-blooms/bloom
Source: GitHub Advisory Database
Published: 24 days ago
High
GSA_kwCzR0hTQS02NHdwLWpoOXAtNWNnMs4AAw6f
RSSHub SSRF vulnerability
Ecosystems: npm
Packages: rsshub
Source: GitHub Advisory Database
Published: 24 days ago
High
GSA_kwCzR0hTQS13NW13LWYyaHEtNWZ3OM4AAw6U
gry vulnerable to Command Injection
Ecosystems: npm
Packages: gry
Source: GitHub Advisory Database
Published: 25 days ago
High
GSA_kwCzR0hTQS03Y2g0LXJyOTktY3Fjd84AAw6Q
gatsby-transformer-remark has possible unsanitized JavaScript code injection
Ecosystems: npm
Packages: gatsby-transformer-remark
Source: GitHub Advisory Database
Published: 25 days ago
High
GSA_kwCzR0hTQS03OThoLWc0ajUtNTUzN84AAw6E
PapaParse Inefficient Regular Expression Complexity vulnerability
Ecosystems: npm
Packages: papaparse
Source: GitHub Advisory Database
Published: 25 days ago
High
GSA_kwCzR0hTQS1xdjY2LWY4NzYtdmp2cs4AAw6F
skeemas Inefficient Regular Expression Complexity vulnerability
Ecosystems: npm
Packages: skeemas
Source: GitHub Advisory Database
Published: 25 days ago
High
GSA_kwCzR0hTQS04ZjdmLXZxZzUtanJ2Oc4AAw3c
.NET Denial of Service Vulnerability
Ecosystems: nuget
Packages: Microsoft.NetCore.App.Runtime.win-x86, Microsoft.NetCore.App.Runtime.win-x64, Microsoft.NetCore.App.Runtime.win-arm64, Microsoft.NetCore.App.Runtime.win-arm, Microsoft.NetCore.App.Runtime.osx-x64, Microsoft.NetCore.App.Runtime.osx-arm64, Microsoft.NetCore.App.Runtime.linux-x64, Microsoft.NetCore.App.Runtime.linux-musl-x64, Microsoft.NetCore.App.Runtime.linux-musl-arm64, Microsoft.NetCore.App.Runtime.linux-musl-arm, Microsoft.NetCore.App.Runtime.linux-arm64, Microsoft.NetCore.App.Runtime.linux-arm
Source: GitHub Advisory Database
Published: 25 days ago
High
GSA_kwCzR0hTQS0yMm05LW0zd3ctNTNoM84AAw3Z
Flarum post mentions can be used to read any post on the forum without access control
Ecosystems: packagist
Packages: flarum/mentions
Source: GitHub Advisory Database
Published: 25 days ago
High
GSA_kwCzR0hTQS00anJtLWMzMngtdzRqZs4AAw3Y
convict vulnerable to Prototype Pollution
Ecosystems: npm
Packages: convict
Source: GitHub Advisory Database
Published: 25 days ago
High
GSA_kwCzR0hTQS05Nmp2LXI0ODgtYzJyas4AAw1m
bzip2 allows attackers to cause a denial of service via a large file that triggers an integer overflow
Ecosystems: cargo
Packages: bzip2
Source: GitHub Advisory Database
Published: 26 days ago
High
GSA_kwCzR0hTQS1qeGdwLWpnaDMtOGpjOM4AAw1G
KubeOperator allows unauthorized access to system API
Ecosystems: go
Packages: github.com/KubeOperator/KubeOperator
Source: GitHub Advisory Database
Published: 26 days ago
High
GSA_kwCzR0hTQS12NHc1LXIyeGMtN2Y4aM4AAw1F
KubePi session fixation attack allows an attacker to hijack a legitimate user session.
Ecosystems: go
Packages: github.com/KubeOperator/kubepi
Source: GitHub Advisory Database
Published: 26 days ago
High
GSA_kwCzR0hTQS1ncXg4LWh4bXYtYzR2NM4AAw1E
KubePi may allow unauthorized access to system API
Ecosystems: go
Packages: github.com/KubeOperator/kubepi
Source: GitHub Advisory Database
Published: 26 days ago
High
GSA_kwCzR0hTQS1wZnByLTM0NjMtYzZqaM4AAw1C
ruby-git has potential remote code execution vulnerability
Ecosystems: rubygems
Packages: git
Source: GitHub Advisory Database
Published: 26 days ago
High
GSA_kwCzR0hTQS13cXF2LWpjZnItOWY1Z84AAw0x
PocketMine-MP has improperly handled dye colour IDs in banner NBT, leading to server crash
Ecosystems: packagist
Packages: pocketmine/pocketmine-mp
Source: GitHub Advisory Database
Published: 26 days ago
High
GSA_kwCzR0hTQS04OXFtLXdjbXctM21nZ84AAw0u
Gitops Run insecure communication
Ecosystems: go
Packages: github.com/weaveworks/weave-gitops
Source: GitHub Advisory Database
Published: 26 days ago
High
GSA_kwCzR0hTQS13cjNjLWczMjYtNDg2Y84AAw0t
GitOps Run allows for Kubernetes workload injection
Ecosystems: go
Packages: github.com/weaveworks/weave-gitops
Source: GitHub Advisory Database
Published: 26 days ago
High
GSA_kwCzR0hTQS0zeHE1LXdqZmgtcHBqY84AAw0p
Luxon Inefficient Regular Expression Complexity vulnerability
Ecosystems: npm
Packages: luxon
Source: GitHub Advisory Database
Published: 27 days ago
High
GSA_kwCzR0hTQS05dnZ3LWNjOXctZjI3aM4AAw0l
debug Inefficient Regular Expression Complexity vulnerability
Ecosystems: npm
Packages: debug
Source: GitHub Advisory Database
Published: 27 days ago
High
GSA_kwCzR0hTQS13eGdoLThnbXItM3FoM84AAwzL
terminal-kit Inefficient Regular Expression Complexity vulnerability
Ecosystems: npm
Packages: terminal-kit
Source: GitHub Advisory Database
Published: 29 days ago
High
GSA_kwCzR0hTQS01NHc2LXZ4ZmgtZnc3Zs4AAwyX
Http4s improperly parses User-Agent and Server headers
Ecosystems: maven
Packages: org.http4s:http4s-core
Source: GitHub Advisory Database
Published: 29 days ago
High
GSA_kwCzR0hTQS02ZzMzLTh3MnEtNGh4ds4AAwwq
robots-txt-guard Inefficient Regular Expression Complexity vulnerability
Ecosystems: npm
Packages: robots-txt-guard
Source: GitHub Advisory Database
Published: about 1 month ago
High
GSA_kwCzR0hTQS1oODU3LTJnNTYtNDY4Z84AAwwo
@mattkrick/sanitize-svg vulnerable to Cross-Site Scripting (XSS)
Ecosystems: npm
Packages: @mattkrick/sanitize-svg
Source: GitHub Advisory Database
Published: about 1 month ago
High
GSA_kwCzR0hTQS12Zjk5LXh3MjYtODZnNc4AAwwE
PgHero Allows Information Disclosure Through EXPLAIN Feature
Ecosystems: rubygems
Packages: pghero
Source: GitHub Advisory Database
Published: about 1 month ago
High
GSA_kwCzR0hTQS03bTM3LWN4MzUtcWdtcs4AAwvt
Uniswap Universal Router Incorrect Authorization vulnerability
Ecosystems: npm
Packages: @uniswap/universal-router
Source: GitHub Advisory Database
Published: about 1 month ago
High
GSA_kwCzR0hTQS05bWp4LXdmcXAtajVwaM4AAwvv
window-control vulnerable to Command Injection due to improper input sanitization
Ecosystems: npm
Packages: window-control
Source: GitHub Advisory Database
Published: about 1 month ago
High
GSA_kwCzR0hTQS12cDYyLW05NTgtcWo4Y84AAwu3
Gravitee API Management contains Path Traversal
Ecosystems: maven
Packages: io.gravitee.apim:gravitee-api-management
Source: GitHub Advisory Database
Published: about 1 month ago
High
GSA_kwCzR0hTQS1qOTRwLWh2MjUtcm01Z84AAwuM
Apiman has potential permissions bypass
Ecosystems: maven
Packages: io.apiman:apiman-manager-api-rest-impl
Source: GitHub Advisory Database
Published: about 1 month ago
High
GSA_kwCzR0hTQS02bTdjLTQ1ZmYtMzMyOM4AAwuL
FrameworkUserBundle Generates Error Message Containing Sensitive Information
Ecosystems: packagist
Packages: sumocoders/framework-user-bundle
Source: GitHub Advisory Database
Published: about 1 month ago
High
GSA_kwCzR0hTQS1wZnJtLTRyanctZzlxNc4AAwsv
string-kit Inefficient Regular Expression Complexity vulnerability
Ecosystems: npm
Packages: string-kit
Source: GitHub Advisory Database
Published: about 1 month ago
High
GSA_kwCzR0hTQS03NTk5LWZxZ20tdjg0cM4AAwrj
rgb2hex vulnerable to inefficient regular expression complexity
Ecosystems: npm
Packages: rgb2hex
Source: GitHub Advisory Database
Published: about 1 month ago
High
GSA_kwCzR0hTQS1xMmZqLTZoNjItNTltMs4AAwrK
Apiman Vert.x Gateway has Transitive Hazelcast connection caching issue
Ecosystems: maven
Packages: io.apiman:apiman-distro-vertx, io.apiman:apiman-gateway-platforms-vertx
Source: GitHub Advisory Database
Published: about 1 month ago
High
GSA_kwCzR0hTQS05cDYyLXgzYzUtaHI1cM4AAwql
Path Traversal In MeterSpere leads to upload file to any path
Ecosystems: maven
Packages: io.metersphere:metersphere
Source: GitHub Advisory Database
Published: about 1 month ago
High
GSA_kwCzR0hTQS1mOGNjLWc3ajgteHhwbc4AAwqj
XStream can cause a Denial of Service by injecting deeply nested objects raising a stack overflow
Ecosystems: maven
Packages: com.thoughtworks.xstream:xstream
Source: GitHub Advisory Database
Published: about 1 month ago
Filter by Package
tensorflow 87 tensorflow-gpu 78 tensorflow-cpu 78 Microsoft.ChakraCore 66 org.jenkins-ci.main:jenkins-core 42 com.fasterxml.jackson.core:jackson-databind 42 com.thoughtworks.xstream:xstream 22 opencv-python 22 opencv-contrib-python 22 org.apache.tomcat:tomcat 22 microweber/microweber 21 Pillow 20 org.apache.struts:struts2-core 18 org.jenkins-ci.plugins:script-security 14 parse-server 14 rdiffweb 14 nokogiri 14 apache-airflow 13 org.apache.nifi:nifi 13 django 13 pimcore/pimcore 13 actionpack 12 ansible 12 librenms/librenms 11 io.undertow:undertow-core 11 Microsoft.AspNetCore.App.Runtime.linux-musl-x64 11 Microsoft.AspNetCore.App.Runtime.win-x86 11 Microsoft.AspNetCore.App.Runtime.win-x64 11 Microsoft.AspNetCore.App.Runtime.linux-x64 11 Microsoft.AspNetCore.App.Runtime.win-arm 11 Microsoft.AspNetCore.App.Runtime.osx-x64 11 Microsoft.AspNetCore.App.Runtime.linux-arm 11 Microsoft.AspNetCore.App.Runtime.linux-musl-arm64 11 Microsoft.AspNetCore.App.Runtime.linux-arm64 11 activerecord 11 org.apache.openmeetings:openmeetings-parent 10 org.apache.tomcat.embed:tomcat-embed-core 10 github.com/usememos/memos 10 org.springframework:spring-core 10 pocketmine/pocketmine-mp 10 org.keycloak:keycloak-core 10 openssl-src 10 org.apache.solr:solr-core 9 Microsoft.AspNetCore.App.Runtime.win-arm64 9 electron 9 org.bouncycastle:bcprov-jdk14 9 rusqlite 9 org.apache.hadoop:hadoop-main 8 org.apache.geode:geode-core 8 openmage/magento-lts 8 org.springframework.security:spring-security-core 8 org.bouncycastle:bcprov-jdk15 8 october/system 8 tar 7 Microsoft.AspNetCore.App.Runtime.linux-musl-arm 7 github.com/rancher/rancher 7 org.jenkins-ci.plugins.workflow:workflow-cps-global-lib 7 net.mingsoft:ms-mcms 7 shopware/platform 7 strapi 7 typo3/cms-core 7 rubygems-update 6 github.com/hashicorp/consul 6 ckb 6 Microsoft.NETCore.App 6 handlebars 6 cakephp/cakephp 6 org.apache.cxf:cxf 6 Microsoft.AspNetCore.All 6 org.eclipse.jetty:jetty-server 6 npm 6 org.elasticsearch:elasticsearch 6 guzzlehttp/guzzle 6 github.com/argoproj/argo-cd 6 gogs.io/gogs 6 shopware/core 6 waitress 6 vyper 6 dolibarr/dolibarr 6 org.apache.tika:tika-core 6 opencv-python-headless 6 github.com/hashicorp/nomad 6 sized-chunks 6 DotNetNuke.Core 6 snipe/snipe-it 5 github.com/sylabs/singularity 5 org.jenkins-ci.plugins.workflow:workflow-cps 5 Plone 5 concrete5/concrete5 5 org.craftercms:crafter-studio 5 org.apache.mesos:mesos 5 org.apache.xmlgraphics:batik 5 Microsoft.AspNetCore.App.Runtime.osx-arm64 5 phpmailer/phpmailer 5 org.keycloak:keycloak-parent 5 matrix-synapse 5 mautic/core 5 laravel/framework 5 org.xwiki.platform:xwiki-platform-oldcore 5 OPCFoundation.NetStandard.Opc.Ua.Core 5 org.apache.commons:commons-compress 5 Microsoft.AspNetCore.App 5 symfony/symfony 5 qs 5 marked 5 Django 5 next 5 org.apache.camel:camel-core 5 forkcms/forkcms 5 github.com/docker/docker 5 cobbler 5 opencv-contrib-python-headless 5 @openzeppelin/contracts 5 com.vaadin:vaadin-bom 5 github.com/pomerium/pomerium 5 sequelize 5 twisted 5 serve 5 Zope 4 org.jenkins-ci.plugins:pipeline-maven 4 pear/archive_tar 4 org.biouno:uno-choice 4 craftcms/cms 4 Microsoft.AspNetCore.Mvc.Core 4 total.js 4 org.apache.hadoop:hadoop-common 4 pillow 4 baserproject/basercms 4 auth0-js 4 com.liferay.portal:release.portal.bom 4 muhammara 4 hummus 4 Microsoft.NETCore.App.Runtime.linux-arm64 4 Microsoft.NETCore.App.Runtime.linux-arm 4 moodle/moodle 4 Microsoft.NETCore.App.Runtime.linux-x64 4 Microsoft.NETCore.App.Runtime.linux-musl-arm64 4 Microsoft.NETCore.App.Runtime.linux-musl-x64 4 Microsoft.NETCore.App.Runtime.win-x86 4 Microsoft.NETCore.App.Runtime.win-arm64 4 Microsoft.NETCore.App.Runtime.osx-x64 4 Microsoft.NETCore.App.Runtime.win-arm 4 Microsoft.NETCore.App.Runtime.win-x64 4 ua-parser-js 4 github.com/hyperledger/fabric 4 org.xwiki.platform:xwiki-platform-web 4 CefSharp.Common 4 CefSharp.Wpf 4 CefSharp.WinForms 4 CefSharp.Wpf.HwndHost 4 org.dspace:dspace-jspui 4 org.apache.hive:hive 4 getgrav/grav 4 org.apache.activemq:activemq-client 4 org.apache.tomcat:tomcat-catalina 4 info.magnolia:magnolia-core 4 drupal/core 4 libpulse-binding 4 io.atomix:atomix 4 remdex/livehelperchat 4 smarty/smarty 4 org.apache.hive:hive-exec 4 org.apache.cxf:apache-cxf 4 nltk 4 showdoc/showdoc 4 cachethq/cachet 4 rails 4 inventree 4 @openzeppelin/contracts-upgradeable 4 @strapi/strapi 4 ckeditor4 4 github.com/beego/beego/v2 4 org.apache.zeppelin:zeppelin 4 centreon/centreon 4 prismjs 4 express-cart 4 lodash 3 highcharts 3 actionview 3 symfony/security-http 3 protobuf 3 org.apache.struts:struts2-rest-plugin 3 ids-enterprise 3 localhost-now 3 org.apache.hive:hive-service 3 rendertron 3 ecstatic 3 org.jenkins-ci.plugins:autocomplete-parameter 3 org.apache.syncope:syncope-core 3 com.google.protobuf:protobuf-java 3 org.jenkins-ci.plugins:junit 3 github.com/opencontainers/runc 3 com.xebialabs.deployit.ci:deployit-plugin 3 org.jenkins-ci.plugins:pipeline-input-step 3 ezsystems/ezpublish-kernel 3 shescape 3 simple-git 3 org.jenkins-ci.plugins:sinatra-chef-builder 3 Microsoft.AspNetCore.Mvc.Cors 3 System.Net.Http 3 plone.app.event 3 plone.app.theming 3 yarn 3 plone.app.dexterity 3 plone.supermodel 3 Microsoft.AspNetCore.Server.Kestrel.Core 3 org.apache.shenyu:shenyu-common 3 subtext 3 @hapi/subtext 3 github.com/cloudflare/cfrpki/cmd/octorpki 3 Microsoft.NETCore.App.Runtime.rhel.6-x64 3 com.compuware.jenkins:compuware-topaz-for-total-test 3 generator-jhipster 3 matrix-js-sdk 3 github.com/cri-o/cri-o 3 OctoPrint 3 org.postgresql:postgresql 3 org.craftercms:craftercms 3 org.xwiki.platform:xwiki-platform-web-templates 3 github.com/fluxcd/flux2 3 illuminate/database 3 node-opcua 3 getkirby/cms 3 apache-avro 3 systeminformation 3 matrix-sydent 3 org.apache.spark:spark-core 3 org.apache.tapestry:tapestry-core 3 pysaml2 3 org.jenkins-ci.plugins:recipe 3 io.netty:netty-handler 3 apache-superset 3 org.apache.thrift:libthrift 3 salt 3 org.apache.cxf.fediz:fediz-spring2 3 org.infinispan:infinispan-core 3 pyftpdlib 3 org.wildfly.security:wildfly-elytron 3 elefant/cms 3 hermes-engine 3 onionshare-cli 3 moment 3 rack 3 convert-svg-core 3 github.com/argoproj/argo-cd/v2 3 arrow 3 github.com/tidwall/gjson 3 github.com/hashicorp/go-getter 3 istio.io/istio 3 org.apache.karaf:apache-karaf 3 python-gnupg 3 org.apache.storm:storm-core 3 kevinpapst/kimai2 3 org.yaml:snakeyaml 3 notebook 3 github.com/traefik/traefik/v2 3 node-forge 3 github.com/nats-io/nats-server/v2 3 composer/composer 3 commons-fileupload:commons-fileupload 3 github.com/open-policy-agent/opa 3 github.com/gravitl/netmaker 3 puma 3 org.jenkins-ci.plugins:scriptler 3 github.com/crypto-org-chain/cronos 3 github.com/ethereum/go-ethereum 3 org.jboss.resteasy:resteasy-bom 3 django-helpdesk 3 github.com/cloudflare/cfrpki 3 tough 3 org.codehaus.jettison:jettison 3 org.apache.struts:struts-core 3 codeigniter4/framework 3 github.com/hashicorp/vault 3 remarkable 3 com.epam.reportportal:service-api 3 keystone 3 github.com/kiali/kiali 3 github.com/nats-io/nats-server/v2/server 3 socket.io-file 3 com.typesafe.play:play 3 urllib3 3 github.com/beego/beego 3 org.apache.kafka:kafka 3 openpgp 3 vrana/adminer 3 @commercial/subtext 3 hapi 3 contao/core-bundle 3 mitmproxy 2 cache 2 puppet 2 io.jenkins.plugins:pipeline-groovy-lib 2 org.jenkins-ci.plugins:sounds 2 k8s.io/kubernetes 2 org.jenkins-ci.plugins:nested-view 2 indy-node 2 log4j:log4j 2 rpyc 2 faye 2